I'm guessing that in those days people spent a large amount of time walking (not car based living), work had a lot less sitting down and there was more manual labour (including simple things like cleaning without machines). For a fully active life like that 3.5K is I guess about right for an adult male? Perhaps ... it sounds like a high estimate to me.
It's time to come clean, everyone. I am Satoshi.
This signature: 'MEUCIQDOfh42gE4SqQHtp6SUZOaVaDRDrMpGXr7Yr6UOZu2USwIgMYHhyX+x7Vb+Elhba5sZaVJ6mTnlAkF85yK5fmlIrPY='
validates against this message hash:
'f888cabdf88abee1ee9369a91578c3efbde119959df18f4e46a3631929338251'
for Satoshi's key from block 1.
I will reveal the secret revelations behind that hidden hashed message in the coming months (or years).
---
This trick is not novel; it was used, IIRC, about 5 years ago by one of Craig Wright's hired PhDs, and used largely tongue in cheek according to my vague memroy, in a Twitter message. (better memories than me please correct the details if you can).
I've produced a gist for anyone who wants to repeat the trick, with some extended comments. Because no one reads code, I reproduce here the introductory comments:
# Steps of the algorithm:
# 1. Generate a random tweak alpha
# 2. Set the nonce point to R = P + alpha * G
# 3. Calculate the corresponding x coordinate R(x), call that t.
# 4. Set the signature value s = t.
# 5. Set the signature hash value h ("H(message)" supposedly) to h = s * alpha
# 6. Publish (t, s) as the signature, which validates against Satoshi's public key.
# 7. Promise that you will reveal the mysterious message later, and voila, you're Satoshi.
The gist is at: https://gist.github.com/AdamISZ/8dacbbab7525af07c0ca3f12e2262c72
Last point, as mentioned at the end of the code, you cannot "verify" this kind of signature with most available tools (Electrum say .. not sure about openssl), with very good reason! The signature is *not* verified unless the preimage of the hash is provided. One could even argue that exposing the other version in a API is wrong (looking at you libsecp256k1!), ie allowing a 'verify' function to take in a hash instead of a message.
Last point is that this way of doing it looks stupidly dubious because the 'r' and 's' in the signature are the same value, but you can pretty easily tweak it IIRC so they are randomly different. It's just one extra step of algebra.
Remember - we can all be Satoshi!
But isn't (one of?) the author(s) of utxo dealership nostr:npub1yxp7j36cfqws7yj0hkfu2mx25308u4zua6ud22zglxp98ayhh96s8c399s ? (SuperTestnet?)
It certainly fits precisely into the lines of research he was enthusiastic about when I met him earlier in the year.
We'll see if these kind of ideas gain any traction ... they've been vaguely suggested on and off for years but never saw someone do a concrete project for it yet.
My "follows" feed is too homogeneous. (90% bitcoin and/or nostr topics, or inside jokes from bitcoiners/nostriches).
My "global" feed is too heterogeneous (absolutely every kind of crazy shit I've seen ever since I started using the internet; porn, anime, religious cults, violence, all kinds of politics including the stuff that's instabanned in most places (heck I just saw a post about jihad in Arabic, I think), "my every day life" etc. etc.). Almost nothing that I could engage with or, really, find useful.
To be clear I do find the insanity and variety refreshing, I'm really enjoying that this place is developing in that way, because it's alive and free in the way those corporate hellholes will never be, but I only "engage" (skim read) it for a few minutes, because 99% of it doesn't speak to my interests.
There is no "the mempool"; mine currently has 104802 according to `getmempoolinfo`.
We should expect the number of "bids" to get into the chain to increase a lot (not infinitely, but a lot!), over time - if you ignore the fee people are prepared to pay.
Reminded by someone of the Stirlingov case, here's some high level thoughts to bear in mind:
1. Bitcoin is intrinsically fungible.
2. Bitcoin's fungibility in practice is really bad.
3. Because of 1, "chain forensics" don't give you a perfect view of a user's activity. The idea of prosecuting someone based mostly on chain surveillance, and not other evidence is, at best, *astoundingly* unrealistic and dubious.
4. Because of 2, chain surveillance can provide very useful clues to an attacker (including law enforcement, but thieves etc. etc. too), so for the ordinary user, there is some benefit in using privacy enhancing technology, but don't kid yourself, it will never be perfect.
For a better privacy model, focus more on off-chain, use the chain as your security anchor, not your everyday wallet. And there are still no perfect answers.
I often receive a paid for service that I really appreciate, then I get asked to express my opinion in a review (trustpilot e.g.) and I just go silent.
I feel bad but the truth is that it's the world-at-large's failure to adopt well understood cryptography that's at fault here.
Why in god's name, in 2023, do we not have a way to post reviews with anonymity but ensuring that we are "genuine in context" (here it would be, proof that you are a customer of a certain type). All kinds of simple blinding and zkp tech makes this entirely feasible, and it has been for ..15-20 yrs?
I see absolutely no reason to plaster all my purchasing events, tied to my name, all over the internet, but yet I *do* want to give help to companies that do me a great service.
Another similar one is, ~ 3 decades after it became possible, most institutions (govt departments, banks) are not using digital signatures at all for official docs, despite how massively it would improve processes.
Yes, it is a bit unobvious.
So like, you are using iOS or MacOS and you're browsing with Safari.
You access a website which is protected by Cloudflare; perhaps that site is experience some DDoS attack in the most extreme case.
What they can do is show you a captcha and force you to prove you are human to access the site.
Or the privacypass model: some centralized service asks you to solve a few captchas well in advance, then provides you with blinded tokens. Later, when you want to access a site, you can bypass captchas by showing these tokens: they don't reveal you're the same person as the centralized service saw earlier, but they prove you *did* earlier do that captcha.
Apple now changes it a bit: now they are the central server, and, under the hood, the Safari browser sends a request back home to Apple for some blinded tokens. They are given to you because Apple can check that your device is "legit".
Imagine, as the article says, that they stop issuing tokens if your OS is out of date, or, they don't like you etc.
It certainly is an interesting idea/model, because the UX for most users will be perfect: no captchas, ever. But it is also potentially disturbing.
https://httptoolkit.com/blog/apple-private-access-tokens-attestation/
Found via stacker news, credit to : https://stacker.news/items/243154
This is a fascinating and obvious-in-hindsight development.
Think: while Tor has taken the radical step of going down the PoW route, a whole "vertical stack" like Apple's, unsurprisingly, can take a much "cleaner" but at the same time much more disturbing approach: lock out unpermissioned usage (including spam of course!), while still being able to claim that they are preserving privacy by not identifying users. Chaumian tokens (as seen previously in privacypass) are the obvious way to do this.
The real bomb will drop when Google does this for any of their services (as discussed in the article, chromium/chrome).
Be interested to hear people's thoughts about it. Privacy from (cryptography + centralization) is super powerful, we're just starting to see how it can manifest.
I'll just say there's deflation in China, that is perfectly gulag-worthy nowadays.
Oh that's weird. I also can't seem to zap you; i got 'failed to load invoice'. it seemed to work both ways for the other two guys.
Since I started using the site more, I took the time to get both inbound and outbound zap payments working - I think! If any one would like to try, I will reciprocate :)
Interesting to observe that Schnorr's protocol for proving knowledge of discrete log (which for the TLDR people is kind of the "primitive" behind the Schnorr signature) is really actually a tweak on a pre-existing idea from a paper by Chaum, Evertse and van de Graaf in '87.
https://link.springer.com/content/pdf/10.1007/3-540-39118-5_13.pdf
Specifically the construction `s = k + ex` is already present in that work. The main tweak is that Schnorr proposes the variable `e` being a "full" random group element, whereas that paper proposes iterations with `e` being only a bit. It's the same basic thing.
Schnorr actually references it in his original paper on "Efficient Identification and Signatures for Smart Cards", and he also develops the idea more than that, so I'm not accusing of plagiarism or something; just pointing out yet another reason why having a patent on this is so stupid.
(I mean patent aside, it's also of historical interest. Yet another example of Chaum being "the GOAT" as the kids say).
Being able to write code, even if badly, is tremendously helpful if you want to study cryptographic (or many other) mathematical algorithms.
I know it's kinda stating the obvious but people with a preference for pure vs applied mathematics, they often feel a bit "sniffy" about bothering to actually write code. Whereas in fact, actually writing code that executes what you *think* is true or possible, very often illustrates flaws in your reasoning.
Not disagreeing, but I suspect in practice this is what will matter. Would this prosecution really have any legal leg to stand on if they had only created the contract and walked away? It seemed like almost all of what the prosecutors published focused on the side activities, although you're 100% right that somewhere they framed it as "they could have changed it but they didn't". That last part is clearly the most dangerous of all to software developers, but it's hard to believe that that will stand up on its own?
Exactly my opinion. This is where we cross the rubicon.
The actual mixing protocol was in an immutable smart contract. They are going to be prosecuted, if they are, for promoting it and profiting off side activities.
It supports my old curmudgeonly opinions back in the day when I always advocated to my developer friends that, as impractical as it seems, we can't make money off this tech, it's too dangerous.
Also this isn't just Bitcoin. Think about Moxie Marlinspike and "Mobilecoin" or whatever.
Future privacy tech development will probably have to be 100% anon.
https://www.fbi.gov/news/press-releases/fbi-identifies-cryptocurrency-funds-stolen-by-dprk
The beatings will continue until the taint improves.
At least reasonably non-stupid discussion of Tor's new POW/ hashcash solution to DOS going on over at hackernews: