Gold collapsing. Bitcoin UP.

[molecular]

Someone please explain this to me...

Example (continued) of a how a double hash solves the collision problem

> sha256^2(bzZWVV..)=sha256(1b3f7e..)=XgApmo..

> sha256^2(9sdFi3..)=sha256(1b3f7e..)=EsmpYg..

What? How is sha256(1b3f7e..) = XgApmo in the first case.., but EsmpYg.. in the second case? That would mean sha256(1b3f7e..) <> sha256(1b3f7e..), which is false (unless the '..' are different in each case, which makes no sense) . Reductio ad absurdum.

It seems to me the chances of a collision of sha² are higher than they are for sha: if you have a collision after the first round, since it's then the same input for the second round you also have a collision on the output of the second round (unless some other data is added in between). If you don't have a collision after the first round, you even have a second chance to get one in the second round.

Another way to view it is that sha() reduces entropy. You call it twice, you reduce entropy even more, hence you have higher chance of collision. I bet if you call sha256 often enough on 2 different inputs, at some point you'll end up with the same output.

I can see how double hashing makes constructing a collision harder because you cannot directly manipulate the input... your "collision attack logic" needs to span the function twice, which will probably make an attack harder in the sense that if it requires bruteforcing n bits in the single-hash case it will probably require 2n bits, which could probably be accomplished similarly by increasing internal sha rounds from 64 to 128? Or just using a stronger hash function. But maybe I don't see something... can anyone explain better than CSW why satoshi used double hashing?

 

[hoaxChain]

@molecular

Good point. Our scientists explain that in our blog:

It is difficult to provide a full technical explanation for how this works here. However, it can be thought of like rolling a dice. When rolling a six sided dice twice, the probability of getting the same number is quite high. However, if one rolls a dice twice twice, one is much less likely to get the same numbers each time. More randomness is added to the thermodynamic system, which reduces the chance of collisions.

As Dr Wright himself succinctly put it:

"More, the double hash means that the input to the hash needs to be of a set size. The collision problem allows for scaled solutions. A double hash reduces the input to a hash and makes collisions infeasible"

http://hoaxchain.com/blog1.html

 

[sickpig]

Bitcoin Cash edition 1.2.0.1 has just been released

https://np.reddit.com/r/btc/comments/7t52ug/bitcoin_unlimited_bitcoin_cash_edition_1201_has/

 

[freetrader]

Notice to any newbie lurkers of this thread:

Don't click links such as http://hoaxchain.com/blog1.html as the dirty tricks division is probably are trying to fish details for hacking you later. If you decide to visit, use a secure VPN or Tor etc.

Or, subcontract an archival site to procure the contents for your browsing pleasure and also save them for other researchers' benefit.

https://web.archive.org/web/20180126163204/https://hoaxchain.com/blog1.html

 

[79b79aa8]

whatever it is that hoaxchain is trying to do, and despite the first "explanation" for the double hash being ridiculous as @molecular points out, the second claim is more interesting (whether CSW provided either answer is irrelevant): the second time you run the function you are running it on an input with predictable syntactic properties. i take it this does not reduce the risk of collision, but of length-extension attacks.

@awemany is something along these lines not a sufficient explanation for the iterated use of the function? (again, i am not asking anything about CSW, that is a red herring as he himself insists.)

 

[awemany]

@hoaxChain : Thanks for pulling the conversation out and

thanks @molecular for showing how it is clearly utter BS.

@79b79aa8 : The hash is done on the fixed 80 bytes of the header. What exactly does a length extension attack harm here? I don't see how that would make any sense, either.

Sorry to be extremely blunt here, but:

This is bullshitting. Bullshitting by someone very experienced to get ahead with bullshitting. He IMO creates an aura of authority around him, making others more easily believe BS. E.g. witness myself in that conversation! And moving from one BS that is called out to the next ...

But if you go and calmly sort the evidence, it IMO all clearly points towards Faketoshi, whereas for too many others, it leads to some suspension of disbelief and seeking for 'the true answer by the genius, all hail him as the real Satoshi'.

The non-providing of the signature. The bullshitting like above. The likely GPG-key backdating. The blog post with the faked date from the past.

And you guys still give him the benefit of the doubt? Why, exactly?

By the way: Wasn't there supposed to be some woman from the Tulip trust that was supposed to speak in September last year about more details or something?

I don't remember seeing or hearing anything on that front, either.
[doublepost=1516990586][/doublepost]

@molecular

Good point. Our scientists explain that in our blog:

It is difficult to provide a full technical explanation for how this works here. However, it can be thought of like rolling a dice. When rolling a six sided dice twice, the probability of getting the same number is quite high. However, if one rolls a dice twice twice, one is much less likely to get the same numbers each time. More randomness is added to the thermodynamic system, which reduces the chance of collisions.

Sorry, but what a pile of bullshit. If you hash with a known, deterministic hash function, you do not add any entropy to the system.

Where the fuck should the entropy come from, huh?

Hashing a hash twice means you concatenate hashing with at most a very complex, but wholly deterministic permutation from the set of uint256s to the set of uint256s to the output. And that is only true if SHA256-hashing 256bits is bijective, which is not known for SHA256 AFAIK.

 

[Tom Zander]

I was a bit worried that this would make my suggestions obsolete but I think I will still work on them. Your ideas are good but in the words of a great man, "We need to go deeper".

Most of the ideas you stated are very much in line with my thinking. It is mostly time and me needing sleep that prevent me from getting more done. We do need to go deeper, agreed. Feel free to hit me up on the mailinglist, keybase, here (I think there is a PM feature), or email if you are interested in brainstorming more. (see footer of flowee.org for links)


[doublepost=1517006995,1517006284][/doublepost]

I'm a polytheist with uncountable gods:

KoKansei, Albert Einstein, Cypherdoc, Nietzsche, The Zerg, Solex, YDTM, Sickpig, Schopenhauer, Norway, awemany, majamalu, Diodoros Kronos, Zangelbert Bingledack, Roger Waters, Peter Rizun, Craig Wright, freetrader, Paul C. Martin, AdrianX, Mengerian, Leonard Cohen, 79b79aa8, Ennio Morricone, Albin, Inna Shevchenko, Tom Zander, NewLiberty, Shane McGovan, Justus Ranvier, Capt_Roger_Murdock, Jiang Zhuo'er, Lunar, Carl Orff, torusJKL, Haipo Yang, Richy_T, Dostojewski, rocks, Jihan Wu,, molecular, Christoph Bergmann, Roger Ver, Dusty, throwaway, Satoshi Nakamoto, satoshi's_sockpuppet and every single Unlimited fighter who fights the good fight:

Since I'm in that list, let me say that the biggest honour you could do me is by valuing your own conclusions and your own self-education greater than that of any $deity. The biggest gift we have been given is our own ability of critical thinking.

 

[albin]

N.B. My account is banned by the mods and /u/MemoryDealers/ on /r/btc. Please join the fight against this disgraceful censorship and attempt to control the agenda.

Your crocodile tears give me sustenance.
[doublepost=1517008146][/doublepost]

whatever it is that hoaxchain is trying to do, and despite the first "explanation" for the double hash being ridiculous as @molecular points out, the second claim is more interesting (whether CSW provided either answer is irrelevant): the second time you run the function you are running it on an input with predictable syntactic properties. i take it this does not reduce the risk of collision, but of length-extension attacks.

What he's trying to do is hide behind irony and satire as a defense mechanism, because it's too scary to tell people the blunt truth about what you believe, without the option of bailing out with "lulz why u so srs??" when things get uncomfortable. For sure there is a place for humor and parody, but millennials fucking broke irony for everybody!

 

[Tom Zander]

@awemany asked csw on slack;

to restate to figure out whether I got this: basically, you do the double hashing pretty much to make further analysis of the hash function - if taken as a black box - easier?

The double sha256 as a security mechanism is useless in Bitcoin as long as sha256 is uncompromised.
As molecular points out, the block header is tiny anyway. The block header contains the merkle-root which is a tree of cumulative sha256 hashes, all of them small too.

No, the universally accepted explanation of Satoshi doing double hashing is based on the idea that if a hash function is compromised, it won't affect the Bitcoin security system too much. Giving us more time to move to a new crypto.

Compromising a hash function can happen in different ways; CSW pointed to the collision attack (of which the length extension attack is a subset), but that is really not very relevant in the context of Bitcoin. Sha256 is chosen for its hard to hash-ness. Which is what mining is build on.

No, more important attacks to mitigate here are things like the preimage attack.

Additionally, making miners hash twice instead of just once doubles the resources spent by miners and that makes the lifetime of the sha256 also almost twice as long as you effectively have twice as many years before you run out of security with the difficulty being too high causing too little space in the hash to be available for the actual hash-pointer.


CSW is someone that is capable of coming across as very certain of themselves. Many see that as them being smart or knowledgable. I've seen him being put on the spot about him bluffing and losing, but he never admits and instead just makes it seem he is indeed correct. Somehow this convinces a lot of people.
Excellent example;

 

[hoaxChain]

The likely GPG-key backdating

You mean this?

https://medium.com/@hoaxchain/the-hard-evidence-about-craig-wrights-backdated-pgp-key-step-by-step-guide-for-windows-users-bd99c47c495f

That is not true. As that article explains, this was just a coincidence

The blog post with the faked date from the past.

I am not aware this baseless accusation has any merit. What are you talking about. Please provide a source.

Wasn't there supposed to be some woman from the Tulip trust that was supposed to speak in September last year about more details or something?

Yes.

https://bitcoinmagazine.com/articles/satoshi-saga-continues-tulip-trust-trustee-expected-to-appear-by-september-says-joseph-vaughnperling-1462467803/

That was delayed a bit, its happening any day now.

If you hash with a known, deterministic hash function, you do not add any entropy to the system.

CWS is an expert in the field. He created Bitcoin for gods sake. If he says it adds entropy, it does.

Your crocodile tears give me sustenance.

Are you laughing about very serious censorship? Anyone who participates in that censored forum is an evil pro Roger Ver collaborator. My account is banned there and you don't think that is a serious issue? Its a disgrace.

Please stop using the censored North Korean forum.

 

[Dusty]

Sorry, but what a pile of bullshit. If you hash with a known, deterministic hash function, you do not add any entropy to the system.
Where the fuck should the entropy come from, huh?

He is just trolling you: if you check his website you see it's just trolling about CSW asserting nonsense.

He is here just to derail interesting discussion towards useless BS so that nothing productive can be accomplished: please completetly ignore him and avoid to feed the troll by replying to nonsense.

 

[bitsko]

Alphonse?!?

I can only hope I.P. address phishing is not on the agenda, but I wouldn't be surprised.

 

[molecular]

Finally, a music video project I have been working on for a long time is finished.

This is awesome, love it! Thanks for doing this... hope it's not the last we hear. Donation sent, of course.

Do you have a higher quality encoding of the audio or is that available to buy anywhere? What I'm getting from this youtube sounds like crap on my good hifi gear. (That's what I get for finally getting good speakers and amps: I can't listen to stuff encoded with low bitrate lossy codecs any more)

 

[hodl]

Even the infamous @brg444 removed any reference to blockstream from his twitter bio.

This is a snapshot of his twitter account from June 2017 taken by the internet archive

https://web.archive.org/web/20170603205820/https:/twitter.com/bergealex4
http://archive.is/OFAVJ

(the latter link is an archive.is of a internet wayback machine snapshot )

the bane of my existence is....gone?

 

[hodl]

do we still have the ability to insert a std footer at the bottom of our posts?

 

[79b79aa8]

the bane of my existence is....gone?

adam back attempted to control the narrative through hired hacks. in one sense it worked, as every single BS priority managed to get baked into Bitcoin Core. in a more important sense it did not work, as the resulting product ignores market forces hence is not viable.

the following are all probably true: 1. the hack burn out rate is high; 2. the money for hiring hacks has dried out, as the overall strategy failed; 3. the hacks are always one fortnight away from their last paycheck.

will we face similar tactics down the line? the likelihood has been reduced, and not just for reason 2, but also because the reference implementation point of failure has been eliminated.
in addition, one more bubble cycle is playing itself out, bringing in a new generation of newbs, perhaps one order of magnitude larger than before, and i don't think anyone has the strength to attempt to control that enlarged narrative.

 

[awemany]

@hoaxChain:

On the backdated blog post: https://pastebin.com/RqTURU3F

You are welcome.

@Dusty: Likely, yes

 

[Jonathan Vaage]

Wow. CSW got owned in this debate w/ Kinsella. My leeriness of this guy has risen substantially.

I'm starting to worry about what Craig might think he can do with Bitcoin Cash and why.

I recommend the whole debate, but this question is the most relevant:

https://www.periscope.tv/vinarmani/1DXxyEqPwPVxM?t=53m16s

As a maximalist, he complained about the splintering of efforts seen in the explosion of altcoins. Seems like he has his own 'embrace and extend' intentions for Bitcoin Cash that uses patents to prohibit competing currencies from adopting his technology. Then the question presents itself. What happens if Bitcoin Cash needs to fork once again to settle an internal dispute? How is a future conflict resolved within BCH when it's saddled with IP? In the same way compatibility with the 'reference implementation', was regarded as paramount for alleged solidarity purposes, I fear CSW wants to introduce IP into BCH to make forking the network, as a governance model, more difficult. What could go wrong!?

 

[bitcoool]

@Jonathan Vaage

I watched the debate too. Kinsella comes across as an expert who's studied and debated this problem for decades. He builds his intellectual framework from clear definitions and his arguments logically follow. I learned a lot from listening to Kinsella.

Craig Wright on the other hand comes across as a poser who read a few books on the topic and thinks he has some special insight. His arguments are completely devoid of rigor and he makes no attempt to even define what the words mean that he's using. He just sort of spews out general statements hoping that they might resonate emotionally with the listeners. I don't believe I learned anything from listening to CSW.

CSW said that "my opponent's arguments are based on circular reasoning: Kinsella says intellectual property isn't private property because it isn't private property." Which just makes him look completely stupid. Kinsella specifically addressed the ways in which "intellectual property" was different than what we historically considered as "private property," and then CSW just tries to confuse the listener with semantic games (although I think CSW is actually just dumb and doesn't even know what he's doing).

Also noticed that CSW keeps making references to "studies" that prove that IP laws "increase innovations," yet he doesn't provide any specific details or citations. The feeling I get is that he's just making stuff up based on anecdotes he read or heard. He also completely dodges Kinsella's point that, even if it were true that IP laws increase innovation (and Kinsella argues that it's not), it still isn't the proper job of the state.

I could go on with further examples of just how bad CSW did in that debate but I won't. What I wonder though is why he would even participate in this debate. Does he really think he is anywhere near the level of Kinsella on this topic? This just makes him look more and more like an arrogant fool.

 

[Zarathustra]

Since I'm in that list, let me say that the biggest honour you could do me is by valuing your own conclusions and your own self-education greater than that of any $deity. The biggest gift we have been given is our own ability of critical thinking.

I regularly chasten my gods.

"I love him who chastens his God, because he loves his God"

Thus spake Zarathustra