Gold collapsing. Bitcoin UP.

王英清

New Member
May 7, 2016
6
5
@cypherdoc

Hello cypherdoc, epic thread you have here!

I thought that SW was optional for non-miners? Non SW transactions they will continue to work just the same as before? Or am I under some misunderstanding.

A wallet developer said that he would use SW transaction if he could, as they would make some of the code more simple. I don't know if that means much.


@satoshis_sockpuppet

Much to think about! I will ask my friends these questions also! But first my response now:

1. SW should be ready by April, where is it and which wallets have implemented it so far?

It isn't, however I cannot know why it is important. I hear it has been working well on the test-networks.

BItcoin is working great from all account. Miners say their blocks are full - but the fees are also small. Nobody in China / HK is complain about the small fees.


2. Why is it rolled out as a soft fork with an unnecessary amount of additional code instead of a hard fork everybody would be ok with?

I think same as my reply to @cypherdoc comment. So only miners need to upgrade. Everyone else can upgrade at any time they wish. Also I hear that it they test SW many times on test networks.


3. Why is it sold as a scaling solution although it doesn't reduce the size of transmitted and stored data at all? (If you get fussy, it adds a few bytes instead..)

I don't understand this question. I will ask my friends.


4. Who the hell thought it would be a good idea to let a central authority decide to give a discount for (complex) SW transactions?

I don't know who this central authority is? Didn't a developer propose it and then the other developers liked it? I don't know how they picked the ratio - but isn't the average case even lower than 2MB; so it should be safer?

--

I don't really understand the other half of your post so I don't really know how to comment. There are so many things said about CSW I don't try to make up my mind. I do agree he appears to be crazy tho.
 

cypherdoc

Well-Known Member
Aug 26, 2015
5,257
12,995
@王英清

here's a good thread about SW capabilities: https://bitco.in/forum/threads/clearing-the-fud-around-segwit.1068/page-5#post-17977

old nodes can send to SW nodes if they are capable of constructing a p2sh tx, which most are capable of doing today. but your old node is effectively blind to SW tx's in the 10 min period before it receives block confirmation from a miner thus degrading it's security. it effectively just sees "data" which it considers non std and won't relay it.
 

Norway

Well-Known Member
Sep 29, 2015
2,424
6,410
I never thought that the procedure I described was what happened: it is only a fictional example on how to exploit a signature replay attack.
Fictional indeed. Because Craig never gave Gavin a hash of the agreed upon sentence. Just a signature on a stick. You presented your procedure as a possible attack vector, and put some work into it.

Why don't you say "Thanks mate, I didn't understand how this simple signing was done with Electrum"?

I know that Gavin could in theory be hacked if the hotel WIFI was hacked and the hackers simulated a download of a rigged Electrum. Or that the fresh computer being unboxed was compromised.

My point is that Craig and Gavin had a very good procedure, as far as we know.

To me, it sounds like you want to stain this proof of keys, without backing it up with plausible scenarios.
 

satoshis_sockpuppet

Active Member
Feb 22, 2016
776
3,312
It isn't, however I cannot know why it is important. I hear it has been working well on the test-networks.

BItcoin is working great from all account. Miners say their blocks are full - but the fees are also small. Nobody in China / HK is complain about the small fees.
It was said to be ready and it isn't. And nobody could use it even if miners allowed it.

Fees aren't small imho. I don't know how it is in China but in Europe Bitcoin can't compete with traditional banking anymore in terms of fees, at all.

And the most important fact: There are no serious investments into the bitcoin eco system any more as the system is already booked out.

I think same as my reply to @cypherdoc comment. So only miners need to upgrade. Everyone else can upgrade at any time they wish. Also I hear that it they test SW many times on test networks.
And what do you win by that? You now have thousands of zombie nodes who don't add any value at all to the network. You are feeding them data they don't understand and they're tricked into saying "yes and amen" to everything the newer nodes present them.
A non SW node in a SW network is as valuable as an electrum node to the bitcoin network.

I don't understand this question. I will ask my friends.
There is not much to understand. SW doesn't reduce the size of transmitted data. That's all, it doesn't have any connection to scaling.

I don't know who this central authority is? Didn't a developer propose it and then the other developers liked it? I don't know how they picked the ratio - but isn't the average case even lower than 2MB; so it should be safer?
The central authority is a development team that chose to give a discount for certain transactions (coincidentally exactly the kind of transactions Blockstreams lightning network needs).
I don't understand what you mean by the 2nd part (2 MB?).
[doublepost=1462642658,1462642002][/doublepost]@Norway
My point is that Craig and Gavin had a very good procedure, as far as we know.
As far as we know they didn't have a good procedure.

- The laptop was brought by an confidant of CSW
- Gavin apparently didn't check the electrum build
- "They" checked the signature, not Gavin

There are very plausible scenarios.
CSW used his phone as a wifi hotspot named "Hotel X Wifi", they logged in, they are routed to a rigged Electrum page, they download the rigged Electrum, everybody is happy.

I would have no doubt if Gavin said: He signed it, I took the stick, used the laptop I brought with me, checked the signature, and tada: he is Satoshi.
And I don't see a valid reason for CSW to prohibit Gavin from doing that.

Gavin said he was already "convinced" before they did the signing. That makes a scenario like the one above much more plausible as Gavin wasn't paying as much attention as he might had otherwise.

It would be nice if Ian, JVP and Jon stopped talking like retards and if Gavin described the procedure et cetera more detailed. That everybody keeps his mystery mode on doesn't help a lot.
 

cypherdoc

Well-Known Member
Aug 26, 2015
5,257
12,995
@cypherdoc

Hello cypherdoc, epic thread you have here!

I thought that SW was optional for non-miners? Non SW transactions they will continue to work just the same as before? Or am I under some misunderstanding.

A wallet developer said that he would use SW transaction if he could, as they would make some of the code more simple. I don't know if that means much.


@satoshis_sockpuppet

Much to think about! I will ask my friends these questions also! But first my response now:

1. SW should be ready by April, where is it and which wallets have implemented it so far?

It isn't, however I cannot know why it is important. I hear it has been working well on the test-networks.

BItcoin is working great from all account. Miners say their blocks are full - but the fees are also small. Nobody in China / HK is complain about the small fees.


2. Why is it rolled out as a soft fork with an unnecessary amount of additional code instead of a hard fork everybody would be ok with?

I think same as my reply to @cypherdoc comment. So only miners need to upgrade. Everyone else can upgrade at any time they wish. Also I hear that it they test SW many times on test networks.


3. Why is it sold as a scaling solution although it doesn't reduce the size of transmitted and stored data at all? (If you get fussy, it adds a few bytes instead..)

I don't understand this question. I will ask my friends.


4. Who the hell thought it would be a good idea to let a central authority decide to give a discount for (complex) SW transactions?

I don't know who this central authority is? Didn't a developer propose it and then the other developers liked it? I don't know how they picked the ratio - but isn't the average case even lower than 2MB; so it should be safer?

--

I don't really understand the other half of your post so I don't really know how to comment. There are so many things said about CSW I don't try to make up my mind. I do agree he appears to be crazy tho.
you can see how sneaky the 75% discount has been calculated by going over the math here:

complicated: https://bitco.in/forum/threads/gold-collapsing-bitcoin-up.16/page-308#post-11292

simple: https://bitco.in/forum/threads/gold-collapsing-bitcoin-up.16/page-410#post-14176
 

satoshis_sockpuppet

Active Member
Feb 22, 2016
776
3,312
And another thing in regards to CSW: It would be great if some of these so called journalists did some real work instead of hanging around chat rooms. It can't be so complicated to fact check the claims around CSW. For starters, I think it might be hard to hide a rank 15 supercomputer in Iceland. All you can find in the internet is mysteries here and there and no verifiable facts with proof.

@cypherdoc Is there a SW fact collection somewhere?
 
  • Like
Reactions: Norway

satoshis_sockpuppet

Active Member
Feb 22, 2016
776
3,312
For the people with too much time on their hands, JVP sent this:

And btw, IIRC the file names of the pictures on CW's page were Hashes of unused bitcoin addresses.

Have fun! :D
 
  • Like
Reactions: sickpig

Dusty

Active Member
Mar 14, 2016
362
1,172
Why don't you say "Thanks mate, I didn't understand how this simple signing was done with Electrum"?
Because I do: I even implemented it myself.
To me, it sounds like you want to stain this proof of keys, without backing it up with plausible scenarios.
The problem is with myself: I can't wrap my head around the fact that a signature was shown privately to Gavin but this very same signature has not been shown to the rest of the world.

I'm a rational being and I try to make sense of this, and I can't.

So I try to explore improbable (?) scenarios and sharing them with all of you. Like I said I like to think aloud and I value all opinions I get as a result.
I value mostly the critical when well explained because that makes me rethink things.
There is no need to attack me as if I'm breaking your toy :)
 
Last edited:

Norway

Well-Known Member
Sep 29, 2015
2,424
6,410
@Norway
As far as we know they didn't have a good procedure.

- The laptop was brought by an confidant of CSW
- Gavin apparently didn't check the electrum build
- "They" checked the signature, not Gavin

There are very plausible scenarios.
CSW used his phone as a wifi hotspot named "Hotel X Wifi", they logged in, they are routed to a rigged Electrum page, they download the rigged Electrum, everybody is happy.

I would have no doubt if Gavin said: He signed it, I took the stick, used the laptop I brought with me, checked the signature, and tada: he is Satoshi.
And I don't see a valid reason for CSW to prohibit Gavin from doing that.

Gavin said he was already "convinced" before they did the signing. That makes a scenario like the one above much more plausible as Gavin wasn't paying as much attention as he might had otherwise.

It would be nice if Ian, JVP and Jon stopped talking like retards and if Gavin described the procedure et cetera more detailed. That everybody keeps his mystery mode on doesn't help a lot.
I think you make good points. I just have to debunk @Dusty 's multi step "fake hash" theory, because it is wrong in so many ways. And now he brings up the tutorial signature as an argument.

@satoshis_sockpuppet, I don't get where you have the idea that "they" checked the signature. I don't think Gavin would let anyone else do that. After all, he travelled a long way to do exactly that. Please elaborate or provide a link.

So, to sum it up, these two possible scenarios for a Gavin trap are what we all agree on (I know, we all will never agree, lol):

1. Craig's man walks out of the hotel room, picks up a rigged computer, rigged in a very advanced way) and come back.
2. A wifi hack.

Did I miss anything?
 

freetrader

Moderator
Staff member
Dec 16, 2015
2,806
6,088
The game was lost when Gavin did not use his own hardware - outside of the influence of untrusted networks - to do the verification.

Whether anything was faked we will not be able to know at this point.

If I recall he said he was not allowed to use his own machine.

The only plausible reason is that CSW wanted to ensure that the signed message never left the premises. For a private proof session, that is somewhat reasonable, but there would have been ways to solve the dilemma.

e.g. tell Gavin he can bring and use his own machine, but it needs to be destroyed afterwards in the presence (just call GCHQ, they know how to do this :) )

I am surprised that in advance of the meeting, the protocol that was negotiated did not include Gavin using his own hardware. Or perhaps it did, but CSW changed the plan at the last second, and Gavin did not want to refuse to participate. We can speculate all day.
 
  • Like
Reactions: majamalu

Norway

Well-Known Member
Sep 29, 2015
2,424
6,410
Because I do: I even implemented it myself.
Then I have to go back to my original question. Why do you believe Craig was giving a hash of Gavin's message to Gavin?
[doublepost=1462646569,1462645855][/doublepost]@Dusty
I can only explain your writings in 4 ways:

1. You are a stubborn asshole, and won't admit that you have been wrong. (I hope this is the truth, I'm a stubborn asshole myself. And I find it difficult to admit when I'm wrong. But I try.)
2. You are a shill.
3. You are stupid.
4. Your option. Please elaborate.
 

satoshis_sockpuppet

Active Member
Feb 22, 2016
776
3,312
@satoshis_sockpuppet, I don't get where you have the idea that "they" checked the signature. I don't think Gavin would let anyone else do that. After all, he travelled a long way to do exactly that. Please elaborate or provide a link.
You are right, I remembered that wrong. And I just read Gavins post for the 2nd time and he even used the formulation "careful cryptographic verification" so there is reason to believe that it wasn't a hectic magic presentation. Somehow that's how I imagined it, thanks to all the stuff on reddit.

Leaves the option of a rigged wifi.

btw, what exactly are you and @Dusty fighting over like little girls? ;)

Hm.

And nobody interested in dissecting the images from CSW? "Steganography" posted by JVP, the images are btc address hashes and he changed the homepage from a jpg to a text? :)
 

Richy_T

Well-Known Member
Dec 27, 2015
1,085
2,741
And nobody interested in dissecting the images from CSW? "Steganography" posted by JVP, the images are btc address hashes and he changed the homepage from a jpg to a text? :)
If you can't blind them with brilliance...?
 
  • Like
Reactions: satoshis_sockpuppet

Norway

Well-Known Member
Sep 29, 2015
2,424
6,410
@satoshis_sockpuppet
Lol, we are fighting like girls, you are right. The resaon is this:
Maybe this way:
  • CSW pulls out the signature from the blockchain
  • That signature signs a known hash, let's call it H
  • CSW builds a program that claims to hash a string, but instead of really hashing it, it checks its content: if the string ends with "CSW" then output H, else output the real hash
  • He then let gavin chose a message ("Gavin's favorite number is eleven."), and hashes it, let's call H1 the output of the program
  • CSW gives H1 to Gavin and tells him: "Verify this hash with your pc"
  • Gavin takes the fresh PC, installs the software, checks the signature and it does not match
  • CSW tells Gavin "oh, shit! I signed a different message! Mine had my initials in the end"
  • So CSW runs the hashing again, this time the message is "Gavin's favorite number is eleven. CSW", and the program outputs H because the string this time ends with "CSW"
  • Gavin sees a different hash (H is different from H1) so everything seems quite normal to him
  • Gavin checks the signature of H and it gets validated (remember, H was already signed on the blockchain) and starts to wonder "oh shit! This is really him!"
Lesson: cryptography is a tricky business, and a single weak link can fool us.

Details about the procedure followed by Gavin:
@Dusty will not come clean and admit that this process is wrong. There was never an exchange of a hash of the custom sentence. He still claims to know how signing on Electrum is done. I even provided screenshots of Electrum UI, but he will not admit that he was wrong.

I am very sensitive to sneaky paid shills. Those who agree sometimes, and then they states facts that are wrong. And it's hard to tell, because all people are different. I just try to lift it up in the open, and confront people with logic.

EDIT: Changed "secret sentence" to "custom sentence".
 
Last edited:

Dusty

Active Member
Mar 14, 2016
362
1,172
Then I have to go back to my original question. Why do you believe Craig was giving a hash of Gavin's message to Gavin?
I already explained why: because CSW posted an article on his blog with a signature pertaining to one of satoshi's block.
Everybody began to analyze it and trying to understand what the signature was signing. The speculations went as far as to suppose that CSW had found a collision attack for SHA256.
Then someone finally discovered that the signature was pulled from the blockchain.
So, I asked myself if CSW could have tried to pull a replay signature attack to Gavin.
In the hypothesys that he would have done that, that would explain why he would have shown the signature to him, but not to the rest of the world: because Gavin, already half convinced that he was Satoshi, would be more vulnerable to this kind of "social attack", while the whole Internet would have noticed (as it happened).
I was (and I am) willing to speculate on this subject because that would render CSW actions rationals.

1. You are a stubborn asshole, and won't admit that you have been wrong. (I hope this is the truth, I'm a stubborn asshole myself. And I find it difficult to admit when I'm wrong. But I try.)
While I know how bitcoin message signature works, since I don't know very well all the features of electrum, I gave for granted that it had a way to check a generic ECC signature in addition to the usual bitcoin message. As you can see from gavin words, the wording is ambigue, it can be used for both schemes (ECC signatures and Bitcoin message signing):
Craig signed a message that I chose ("Gavin's favorite number is eleven. CSW" if I recall correctly) using the private key from block number 1
You can sign a message in both ways: using usual ECC signature of the hash of the message or by using the popular message signing available in many wallets.
I now have to make a little excursus to explain why I interpreted this part as the possibility of plain ECC signature instead of the classic (modern) way of signing a message.

To sign a message with plain ECC you have to hash it, and then sign the hash. To verify it you need the hash, the public key and the signature.

But from a long time from now public keys are no more exposed in transactions, because we use its hash160 on bitcoin addresses (the ones starting with 1), so if you sign a message you would have to pass the pubkey together with the signature. Instead, a ECC trick is used so that a special signature is created that allows the receiver to recreate the pubkey from the signature itself. So, after verifying the signature you have to convert the pubkey to address and verify that it's the same of the original.

Now, the thing is that in block 1 standard addresses were not yet used (nor invented), and plain pubkeys used instead. For example this should be the transaction that we are talking about:
0e3e2357e806b6cdb1f70b54c3a3a17b6714ee1f0e68bebb44a74b1efd512098 and as you can verify the pubScript directly contains the pubkey:
Code:
0496b538e853519c726a2c91e61ec11600ae1390813a627c66fb8be7947be63c52da7589379515d4e0a604f8141781e62294721166bf621e73a82cbf2342c858ee OP_CHECKSIG
So, in my mind (the strange and twisted mind of a coder) I supposed that instead of the modern, usual way to sign messages, CSW could have signed directly the hash because the pubkey was already know, and Gavin could verify directly the signature by already knowing the pubkey. Also, in my mind, Gavin as a coder himself, would have found the procedure natural for the same reason.

Now, if you tell me that is unlikely, I wholeheartedly agree with you. Still, in my mind the scenario is at least remotely possible.
Am I wrong on that last assumption? Probably.
Also, I checked electrum commandline usage and I didn't find a way to check a generic ECC signature so I was definitely wrong on that subject.

If this makes me an asshole though, I don't know.
But I'll leave it to you to decide, I'll accept your judgement without hard feelings :)
[doublepost=1462650329][/doublepost]
@Dusty will not come clean and admit that this process is wrong. There was never an exchange of a hash of the custom sentence. He still claims to know how signing on Electrum is done. I even provided screenshots of Electrum UI, but he will not admit that he was wrong.
I can accept you call me a asshole (I certainly am in many ways), but may I know if my elaborate response is enough for you to accept that I "came clean"? Thanks :)
 
Last edited:

Justus Ranvier

Active Member
Aug 28, 2015
875
3,746
The Reddit post has been up for an hour, and it's well on its way to proving what it was designed to prove:

  • Many people like to talk about how much they opposite toxicity in the community, but they do this because they want to be seen as someone who opposes toxicity - not because they're willing to take effective action to combat it.
  • What's killing Bitcoin is cowardice, not malice. Malice always exists in the world but it can be held in check when people are willing to stand up to it.
  • Give people a request that consists of a, b, and c. Know ahead of time that a and b are basically unassailable, however b is something the cowards are deathly afraid of but would never want to admit to fearing. Watch them argue all day long about c when they could very easily say, "I accept a and b, but not c."