I see #softwar
nostr:npub12rv5lskctqxxs2c8rf2zlzc7xx3qpvzs3w4etgemauy9thegr43sf485vg is there something here about cashu as a way to get a webpage to load and make attacks more expensive
Discussion
Eh. Practical implementation all predicates on key control. Softwar falls apart on implementation details.
Using bitcoin to protect yourself against software exploitations is softwar. A government or global implementation is an expression of softwar at scale.
Bitcoin is nothing new. The class of attacks you’re preventing can be enabled with basic key checks or blinded signatures of eCash. You don’t need bitcoin for it. It’s cheaper and better without bitcoin. Accomplishing the same defense posture.
Unless the alternative is backed by physical watts then you are back to using logic not power to protect your data or access. Bitcoin is new in that it is inefficient and costly. That is the benefit.
Word salad. Be specific. What data are we protecting?
What you are missing is the class of attacks prevented are still predicated on access to keys first and foremost
No matter how much Bitcoin and proof of work is attached to a private key, if that key is compromised the attacker still wins.
This is hardly an upgrade from just using and securing a private key. We are still in the same place we started except authorized users have the added onerous task of getting bitcoin first
Many services can be protected by bitcoin. Most haven't realized the power of doing so. Projects like nostr:nprofile1qqspp9hkhc9y6lcwesklfmfvs6plzsl0eq0whglvumd2m5hu5ax8anqprpmhxue69uhkummnw3ezucmgv95k6cfwd9hxvme0qyt8wumn8ghj7mmjv9hxwetn09hxxtn5v43kstcpr3mhxue69uhkymmnw3ezummjv9hxwetn09hxxtn5v43kstcsa3stq require bitcoin payments to access wifi, nostr:nprofile1qqsgha3fk023ng8c4quszdayghqwkt6l9d9ga4c3280gnqz3aqqx7ycpzdmhxue69uhhwmm59e6hg7r09ehkuef0elfuqq requires cashu tokens as authorization to access api calls. Whirlpool Tx0 is an anti sybil attack fee. That is protecting these services from exploitation by enforcing real world physical costs on abusers in the form of a hardcoded bitcoin payment.
The focus of computing has always been to try and be more efficient not less. To use abstract power not physical power.
Bitcoin is inefficient physical power. It takes lots of real power to change the state. That means any would be attacker must use real power to exploit it.
Using logic as the constraint, ie more code to restrict other code never works because there is always a way to exploit the code. Even now people are discussing whether quantum computing can overcome encryption. More logic defeating logic.
You can't fake a bitcoin payment. It requires real world costs.
Tollgates, payment walls, fees, or anyway you wish to describe a bitcoin payment, a state change requiring real world physical power, as a requirement to take any further action secures the user from exploitation.
If it cost you a bitcoin to read my emails no one is going to incur that cost. If you can just hack google then they are nearly free. The payment is a real world physical cost not abstract hacks.
We have plenty of ways to physically protect private keys. Using stolen bitcoin from compromised keys doesn't change the requirement for a bitcoin payment as a gatekeeper. Signing a message using a compromised key doesn't undermine the power the key bestows. You don't really own bitcoin, you protect the key that grants you access to signing for bitcoin.
We currently think that those keys grant you access to dollars. But they are also access to a digital securtiy protocol that can constrain unlimited abstract hacks.
It being onerous to obtain bitcoin is a part of the point of putting your systems behind a bitcoin wall of energy.
I would love it if that I had to send myself a payment to transfer the title of my home or open a line of credit or any number of actions today that result in fraud and abuse. Want to change my address, send my medical records, let me vote.. secure it by bitcoin and put me in control.
If you secure any of that data with encryption, then you don't need bitcoin. Emails? Encrypt them and a Google hack is still fruitless. Change address, require a key sigature, moving the Bitcoin requires the same but costs mining fees, a signature costs nothing but a few CPU cycles. You're adding unneeded costs. Cryptography already defends against the phsical realm. No amount of kinetic energy can break a signature, or encryption. Why spend sats if this is true? Requiring bitcoin as payment to decrypt or receive a digital signature is fine, but that's just one size of the trade. The other is just cryptography. No value transfer needed.
Have you guys checked Anubis out? PoW web app firewall
No bitcoin needed. Beautiful.
Just found this from Cloudflare too btw. Ecash angle?
I tend to see the added costs as added security. For example if encrypted data keys were compromised and on the other hand bitcoin keys were compromised... the attacker would have to want what the bitcoin gave them access to more than the bitcoin. Whereas if the attacker had the encrypted keys, as you say, it "costs nothing" for the attacker to gain access.
Ah, you mean that something is unlocked only if you send a certain amount to a certain address? Sounds like you'd need CTV for that. Still not understanding how the execution of a transaction is linked in any way to unlocking data. What part of the that transaction decrypts the data lying at rest? Or is there some other unlocking machanism?
Yes, that is more what I mean. "Unlocking" can be system access or the ability to carry out a program function/action. Perhaps a paywall in front of where an encrypted key is entered.
The original post was about granting/protecting against unwanted access to a service. Putting unreasonable costs on an attacker is how to prevent attack.
Give me explicit technical detail on how the paywall functions.
How does the paywall determine a tx occurred? Then what?
I think the disconnect is that they think you can encumber a system using power as a control instead of logic
But the problem is that bitcoin necessarily has to use the logic of private key management to lay claim to *previously earned* proof of work
It would have to be pure proof of work only without bitcoin to decouple the functions. It is still a foolish proposal to me. Do you really wanna encumber an action solely by hoping you have the most PoW muscle? I can’t think of a scenario where it makes sense stand-alone.
POW = good Sybil resistance
Good Key management = good security
They’re loosely related but separate.
Right. Determining the ordering of transactions is PoW and secured by watts. Unlocking a given transaction is just logic via signature or other script.
Totally agree. The cryptography is baked into Bitcoin txns and it is just a special case. It still rests upon the same foundations and assumption that your key is not compromised. The extra layer of value packets adds nothing in terms of security.
It would be cool if we created dueling AI agents that proved this out in somehow empirically
You’re still missing the point
The ecash is predicated on sound cryptography and signatures
That is the prerequisite. Adding value packets to it doesn’t further protect from the class of attacks it’s just another feature that may or may not have value independent of security
How many watts to break encryption?