Also when I wrote extortion I suppose I am writing about “mundane” extortion. Less three letter agency stuff or wrenches, more divorce lawyers and slip and fall schemes. Or Person A’s landscaping biz goes bankrupt but the judge thought the LLC paperwork was misfiled and opened creditors a door to Person A’s personal funds.
Also for the record I am not being dismissive towards the financial trauma of boating accidents, I am very empathetic, having had several myself.
Thanks
I am assuming there are a lot of already KYC bitcoiners on Coinbase.
Google cannot verify but says Coinbase holds 1 million. Add owners from whatever other kyc places (PayPal?) and it must be a lot.
I would imagine (I do not know I am just speculating) that once person A is known to have _had_ bitcoin then chain analysis is just one technical way to find coins.
Extortion would be more direct.
I think the boating accident phrase is funny but fragile and unlikely to endure under pressure.
It would seem there is a role for openly - even on chain - formalizing some process like the above whereby the owners demonstrably lose all access now with intend of slow recovery across time and space.
Extortion seems to be an impatient process.
Understood- I am just veering off from the privacy and into what can be done in a KYC world.
Assuming all KYC transactions can and will be linked to person A’s initial buy as you stated.
Is it still possible for person A to easily divide the coins then ….
1) render themselves presently unable to access the coins (such that they honestly cannot access and no state actor pressure or other pressure can change that)
2) yet ensure they will recover that access over time incrementally
3) and similarly grant that future access across space to heirs or friends?
Thanks. As a thought experiment is there a super low tech solution to make KYC irrelevant? I am thinking of something like a person buys a cold card; buys a bitcoin on coinbase; creates a 24 seed phrase “base” wallet. Then 100 wallets from that with passphrase and sends 1/100th of the bitcoin to each sub wallet. Each subwallet has had its public address used once to receive the 1/100 bitcoin. How would you make the 100 different passphrases such that 1) the person does not remember them 2) they are not physically written down anywhere near the person 3) the process that created the phrases the first time can be re created anytime and anyplace with not more than a public computer and a pay phone. Such that the person can say honestly they do not know / have access to the coins themselves at anytime, and yet they or their future heirs could. It need not be that all the phrases can be re created at the same time- in fact it would be better if the process actually required time.
A dumb example would be say the person creates 100 different nostr accounts; makes only one post with each account posting a single passphrase to a single subwallet. Then deletes the nostr public and private keys. Then creates 100 free throw away email accounts. With each email account they send a single email to their work account, home account, friend account etc. the email is set to be delivered in the future - in 1 month for account 1, 2 months for account 2, etc….
Email 1 has the npub of nostr1
Email 2 has the npub of nostr1&2
Email 3 has npubs 1,2,3… etc …
Then deletes all the emails.
So that all takes a day. Maybe destroy the computer used for all that after.
Practically then you have 24 seed words you need to keep but does no good on its own. Month after month you get a rando email leading you to nostr and to a a passphrase but only if you know what the email refers to. It’s vulnerable if the email fails but subsequent emails include previous links.
I’m sure there a much better way but on the surface this seems to make kyc less useful even to wrench attacks and creditors.
Should be clear I wrote cypherpunk above referring to the generic self described term many use - not referring to the particular poster.
Thanks. I am not critical or defensive of any approach I am trying to figure out what would really work for real people. It seems to me the most private cypherpunk (a word I parrot without pretending to really know) solutions are labyrinthian tech solutions using tech that probably was not available 5-10 years ago and may not be available 5-10 years from now. Seems unrealistic for almost everyone across space and time (successors need to be also expert). Again not trying to be cynical but there is hand waving towards free and open source software as if that’s a guarantee it will be usable and maintained into the future but I have no idea if that’s really more trustworthy than the alternative of profit motivated companies.
Understood but basically need two computers, one which you had somehow made sure has no networking hardware, some OS that you also have and trust, a USB you also acquired and trust and even then it’s minimally paper and sounds very hard to do with any privacy. I am not trying to just complain and maybe this is all simple to more tech savvy people but my guess is like 99 out of 100 people would read that explanation and have no idea how to even start. And buried in the lines is a bunch of other stuff (just downloading without being on the network confuses me and sparrow isn’t so straightforward iirc comes with other steps like verification of keys and then will say you have to run your own node to really be able to trust sparrow anyway again iirc…. So I bet I’m being generous thinking 1% can handle all that). But even with all that, you have a wallet which is sort of 2 computers and a USB and some passphrase on paper, and you have some dollars, but still no bitcoin right? How do you cross that bridge? Literally once read to wear a disguise and find some sort of shady ATM somewhere (but somehow find these without using any internet search or maps that can track you) and expect to put in cash and get something out while getting photographed but just pull the brim low…
How do you just “use”
A #paperwallet ? Asking as a newbie and a genuine. Setting aside all the angst about “you will lose it etc”. Assume a competent adult that can keep a handwritten pen and paper document (and a copy remotely) and has dollars and wants bitcoin and only wants to use paper wallet or wallets. How would this happen?
# What does a Bitcoin address reveal before and after a transaction?
Reusing a Bitcoin address is often presented as a privacy issue. However, it also poses a **real cryptographic risk** related to the security of the private key itself. This issue concerns both older P2PKH addresses and newer SegWit (bc1q...) or Taproot (bc1p...) formats: when an address is reused after having already been used to spend a UTXO, all funds associated with that same key now depend on cryptographic material that has been exposed multiple times on the blockchain. This article explains the structural reasons for this risk, the cryptographic mechanisms involved, and the practical way to observe the public key revealed during a transaction.
### Exposure of the public key: a critical moment
Before any transaction, a Bitcoin address **does not reveal the public key**, but only a hash:
```
HASH160(pubkey) = RIPEMD160(SHA-256(pubkey))
```
This hash offers no possibility of retrieving the public key. As long as a UTXO remains unspent, the associated key remains mathematically inaccessible.
As soon as a UTXO is spent:
- the **signature** is published,
- the **complete public key** is revealed,
- the validity of the signature is verified against this key.
From this point on, the address no longer offers the same cryptographic protection: the public key is exposed to offensive analysis, and any reuse of this same key multiplies the data that can be exploited by an attacker.
### Where is the public key located at the time of spending?
The exact location depends on the type of address:
### P2PKH (addresses beginning with 1 or 3)
In **P2PKH** transactions, the public key appears:
- **in the scriptSig**,
- immediately after the signature,
- in hexadecimal form, usually as a compressed key (33 bytes, prefix 02 or 03) or uncompressed (65 bytes, prefix 04).
### P2WPKH (SegWit v0, bc1q addresses, etc.)
In **P2WPKH** transactions, the public key appears in the **witness**:
- witness[0] → signature (DER format),
- witness[1] → **compressed public key** (33 bytes, starting with 02 or 03).
### Taproot (P2TR, bc1p addresses, etc.)
**Taproot** transactions use Schnorr signatures and **x-only** public keys. The public key appears:
- in the **witness script**,
- usually under the “key path spending” line,
- in **x-only** format: 32 bytes (64 hex) without the 02/03 prefix.
### On mempool.space
[mempool.space](http://mempool.space/) does **not display “Public Key” in plain text**. You have to read the raw hexadecimal fields and recognize the format:
- **33 bytes** → compressed pubkey: starts with 02 or 03.
- **65 bytes** → uncompressed pubkey: starts with 04.
- **32 bytes** → Taproot x-only pubkey.
The public key is therefore still visible, but in the form of a hexadecimal field in the Inputs.
### Why does reuse weaken security?
### Revealing the public key once is not critical
Security relies on the difficulty of the discrete logarithm problem (ECDLP). As long as an attacker only has a single signature produced by the key:
- they cannot reconstruct anything,
- they have no statistical material,
- ECDLP remains intact.
### Revealing the same key multiple times multiplies the attack surface
Each UTXO expenditure associated with the same address publishes:
- an identical public key,
- a new, distinct signature.
In ECDSA (P2PKH, P2WPKH), each signature requires a random number: the **nonce k**. k must be:
- unique,
- unpredictable,
- perfectly generated.
> A flaw in the generation of k — well-documented events — allows the private key to be recovered if two signatures use the same k or correlated k's.
Real-world examples:
- Android bug in 2013,
- Faulty hardware RNG,
- Old OpenSSL libraries,
- Entropy weakness when booting a device,
- Smartcards producing biased nonces.
Reusing addresses **multiplies the signatures produced** by the same key → increases the probability of a cryptographic incident.
### Taproot improves the situation but does not eliminate it
Taproot uses Schnorr:
- deterministically derived nonce → eliminates the “same k” risk,
- more resistant linear signature structure.
However:
- the x-only key remains unique and exposed,
- multiple signatures remain exploitable for statistical analysis,
- hardware risks remain,
- post-quantum cryptography will compromise any exposed public key.
### Risk concentration
An HD wallet (BIP32) allows each UTXO to be isolated behind a different derived key. Reusing addresses negates this advantage:
- a bug in a single signature → compromises all UTXOs dependent on that key.
This is the worst possible configuration in terms of compartmentalization.
### What about cryptographic advances (quantum or otherwise)?
If an attacker gained the ability to solve ECDLP:
- any public key **already exposed** would become vulnerable,
- all reused addresses would be particularly fragile,
- an address that has never been spent would remain protected by HASH160.
Address reuse thus concentrates a future risk that the ecosystem explicitly seeks to avoid.
### Concrete example: key revealed in a real transaction
For the transaction:
```
7ee6745718bec9db76390f3a4390b9e7daeeb401e8c666a7b261117a6af654a1
```
This is a P2WPKH input. In the witness:
- the signature is in witness[0],
- the compressed public key is in witness[1].
The revealed public key is:
```
02174ee672429ff94304321cdae1fc1e487edf658b34bd1d36da03761658a2bb09
```
> Before spending: only HASH160(pubkey) was visible.
> After spending: the actual public key is visible, permanently.
### Conclusion
Reusing Bitcoin addresses represents a tangible cryptographic risk. It is not just a matter of poor privacy hygiene, but a structural problem: **a public key should only be exposed once**, and a signature should never be multiplied on the same key if maximum robustness is desired.
Current cryptographic mechanisms are robust, but experience shows that:
- implementations are never perfect,
- nonces can be biased,
- devices can lack entropy,
- hardware attacks exist,
- cryptanalysis is advancing.
Minimizing the exposure of public keys remains a fundamental best practice, today and tomorrow, and this starts with a simple rule: **never reuse an address that has already spent a UTXO**.
#Bitcoin #Privacy #Cryptography #ECDSA #Schnorr #Taproot #SegWit #UTXO #Decentralized #BitcoinPrivacy #CryptoEducation #BIP32 #HDWallet #QuantumThreat
Setting aside physical risk of losing the analog paper what if you use cold card, generate a “paper wallet”, #paperwallet, write down the paper wallet details, and send bitcoin to that. I believe the cold card generate paper wallet creates a single public and private key. If you did this would the funds sent there be completely safe from even quantum attack? What if you sent a test (small) transaction to the paper wallet - to make sure you had no typos - then confirmed the transaction went through using the public key before sending the balance in a larger transaction- does that sequence reduce protections ? Or is it still safe until you sweep it ? I understand that the keeping of analog paper wallets introduces a myriad of new risks and generally thought a bad idea but I am asking more if this is a conceptually solid protection against quantum attack. Merry Christmas and thanks for anyone’s input in advance. (Not sure if there is a good way to tag this I think paper wallets are obsolete but cold card still offers the option to make them which somehow fascinates me). ? #wallets
Is there any good strategy for ending mental looping? In the past I think I remember reading about the Zeigarnik effect where we supposedly remember tasks we haven't finished better than those we have completed. I wonder if I physically wrote out these recurrent loops of conversations where I am micromanaging responses I got wrong it would close these loops out. After all - almost always - I know intellectually no one is thinking about me or what I said / did / wore for more than 5 minutes after I am out of sight.
Sorry to read that. Stones cause a lot of suffering.
Cleveland clinic was looking into this.
They may have trials or pre clinical data. I think it’s a fermented food microbe.
But not sure this is ready for prime time as a treatment (kidney stone formation is fascinating. It’s not entirely clear things to me that prevent stones before osteoclast like transformations will work after. https://pmc.ncbi.nlm.nih.gov/articles/PMC5683182/) .
(Plus it’s in healthy women’s reproductive tract. So comes from mom- like mitochondria, gut microbes, and early immune components).
I do not know.
It is a good question to me.
I do not even think I have a good idea why.
It seems to be uniquely human. Maybe some other great apes? I’m not really sure about that ape part though.
Why say groin hair? Maybe this is one possible idea. Let’s borrow earlier discussion.
There is confusion surrounding the persistence of the appendix in so much as appendicitis causes death in young reproductive people and should be actively selected against at a superficial level.
Something else that causes a similar number of deaths worldwide at least recently, not off from appendicitis, by more than a factor of 0.5, would be kidney stones
I suspect we don’t know nearly as much about the urinary Microbiome as we do the gut micro biome. At least some people think certain bacteria- Lactobacillus crispatus- may have a role in the urinary micro biome in preventing kidney stones, and in the vaginal micro biome in reproductive health.
Is it possible that groin hair helps create an environment that fosters Lactobacillus crispatus ? Helps create some sort of niche? Facilitates spread? Selects against competitor bacteria? This is almost certainly not right but at least it made me think…
With respect: crotch hair probably doesn’t seem to serve a purpose only because of clothing; interestingly clothing is both highly tied to Genesis and, if you believe Wyn Hoff, possibly not healthy?
Appendicitis is such a common childhood (pre reproduction) emergency that evolutionists struggle with how the organ could persist (modern surgery being a blip). Some think the organ persists as a deposit and repository for bacteria to reconstitute the microbiome (>90% of which is unculturable and cannot exist outside the human gut) in the event of a challenge. That’s a cool theory. I believe it.
The truth is probably something even more strange, even deeper, and something I could never guess
# What does a Bitcoin address reveal before and after a transaction?
Reusing a Bitcoin address is often presented as a privacy issue. However, it also poses a **real cryptographic risk** related to the security of the private key itself. This issue concerns both older P2PKH addresses and newer SegWit (bc1q...) or Taproot (bc1p...) formats: when an address is reused after having already been used to spend a UTXO, all funds associated with that same key now depend on cryptographic material that has been exposed multiple times on the blockchain. This article explains the structural reasons for this risk, the cryptographic mechanisms involved, and the practical way to observe the public key revealed during a transaction.
### Exposure of the public key: a critical moment
Before any transaction, a Bitcoin address **does not reveal the public key**, but only a hash:
```
HASH160(pubkey) = RIPEMD160(SHA-256(pubkey))
```
This hash offers no possibility of retrieving the public key. As long as a UTXO remains unspent, the associated key remains mathematically inaccessible.
As soon as a UTXO is spent:
- the **signature** is published,
- the **complete public key** is revealed,
- the validity of the signature is verified against this key.
From this point on, the address no longer offers the same cryptographic protection: the public key is exposed to offensive analysis, and any reuse of this same key multiplies the data that can be exploited by an attacker.
### Where is the public key located at the time of spending?
The exact location depends on the type of address:
### P2PKH (addresses beginning with 1 or 3)
In **P2PKH** transactions, the public key appears:
- **in the scriptSig**,
- immediately after the signature,
- in hexadecimal form, usually as a compressed key (33 bytes, prefix 02 or 03) or uncompressed (65 bytes, prefix 04).
### P2WPKH (SegWit v0, bc1q addresses, etc.)
In **P2WPKH** transactions, the public key appears in the **witness**:
- witness[0] → signature (DER format),
- witness[1] → **compressed public key** (33 bytes, starting with 02 or 03).
### Taproot (P2TR, bc1p addresses, etc.)
**Taproot** transactions use Schnorr signatures and **x-only** public keys. The public key appears:
- in the **witness script**,
- usually under the “key path spending” line,
- in **x-only** format: 32 bytes (64 hex) without the 02/03 prefix.
### On mempool.space
[mempool.space](http://mempool.space/) does **not display “Public Key” in plain text**. You have to read the raw hexadecimal fields and recognize the format:
- **33 bytes** → compressed pubkey: starts with 02 or 03.
- **65 bytes** → uncompressed pubkey: starts with 04.
- **32 bytes** → Taproot x-only pubkey.
The public key is therefore still visible, but in the form of a hexadecimal field in the Inputs.
### Why does reuse weaken security?
### Revealing the public key once is not critical
Security relies on the difficulty of the discrete logarithm problem (ECDLP). As long as an attacker only has a single signature produced by the key:
- they cannot reconstruct anything,
- they have no statistical material,
- ECDLP remains intact.
### Revealing the same key multiple times multiplies the attack surface
Each UTXO expenditure associated with the same address publishes:
- an identical public key,
- a new, distinct signature.
In ECDSA (P2PKH, P2WPKH), each signature requires a random number: the **nonce k**. k must be:
- unique,
- unpredictable,
- perfectly generated.
> A flaw in the generation of k — well-documented events — allows the private key to be recovered if two signatures use the same k or correlated k's.
Real-world examples:
- Android bug in 2013,
- Faulty hardware RNG,
- Old OpenSSL libraries,
- Entropy weakness when booting a device,
- Smartcards producing biased nonces.
Reusing addresses **multiplies the signatures produced** by the same key → increases the probability of a cryptographic incident.
### Taproot improves the situation but does not eliminate it
Taproot uses Schnorr:
- deterministically derived nonce → eliminates the “same k” risk,
- more resistant linear signature structure.
However:
- the x-only key remains unique and exposed,
- multiple signatures remain exploitable for statistical analysis,
- hardware risks remain,
- post-quantum cryptography will compromise any exposed public key.
### Risk concentration
An HD wallet (BIP32) allows each UTXO to be isolated behind a different derived key. Reusing addresses negates this advantage:
- a bug in a single signature → compromises all UTXOs dependent on that key.
This is the worst possible configuration in terms of compartmentalization.
### What about cryptographic advances (quantum or otherwise)?
If an attacker gained the ability to solve ECDLP:
- any public key **already exposed** would become vulnerable,
- all reused addresses would be particularly fragile,
- an address that has never been spent would remain protected by HASH160.
Address reuse thus concentrates a future risk that the ecosystem explicitly seeks to avoid.
### Concrete example: key revealed in a real transaction
For the transaction:
```
7ee6745718bec9db76390f3a4390b9e7daeeb401e8c666a7b261117a6af654a1
```
This is a P2WPKH input. In the witness:
- the signature is in witness[0],
- the compressed public key is in witness[1].
The revealed public key is:
```
02174ee672429ff94304321cdae1fc1e487edf658b34bd1d36da03761658a2bb09
```
> Before spending: only HASH160(pubkey) was visible.
> After spending: the actual public key is visible, permanently.
### Conclusion
Reusing Bitcoin addresses represents a tangible cryptographic risk. It is not just a matter of poor privacy hygiene, but a structural problem: **a public key should only be exposed once**, and a signature should never be multiplied on the same key if maximum robustness is desired.
Current cryptographic mechanisms are robust, but experience shows that:
- implementations are never perfect,
- nonces can be biased,
- devices can lack entropy,
- hardware attacks exist,
- cryptanalysis is advancing.
Minimizing the exposure of public keys remains a fundamental best practice, today and tomorrow, and this starts with a simple rule: **never reuse an address that has already spent a UTXO**.
#Bitcoin #Privacy #Cryptography #ECDSA #Schnorr #Taproot #SegWit #UTXO #Decentralized #BitcoinPrivacy #CryptoEducation #BIP32 #HDWallet #QuantumThreat
Thank you
Often it is said before sending a sizable transaction to send a small test transaction.
Doesn’t such advice require using the addrsss at least twice?
Catholic readings today at
https://bible.usccb.org/daily-bible-reading
My take:
1. Do your job.
2. Keep working.
3. You eat what you earn.
4. War will happen. Do not let wars you cannot influence distract you from those things in front of you that you can change or improve.
5. Even if you do all God asks, do not expect it to be easy, you may be betrayed by family and friends.
#catholic
From a fiat returns stance is this like getting MSTR at 2022 values ?
Was Saylor right about Bitcoin years before his stock was rewarded for being right ?
It could be he had his moment, peaked, and it’s going to be downhill from here.
It could also be that he is correct about digital finance and this is the discount before the floodgates open.
There was a time gbtc traded at a discount to the value of its bitcoin holdings and it just seemed so obvious that 1) it would eventually ETF and 2) when it did that discount would instantly evaporate and buyers at that discount got hugely rewarded. While they waited they paid a relatively large expense ratio to own discounted btc and had to wonder if they were nuts for seeing the obvious inevitability on the horizon, or if gbtc had lost the coins, etc etc
Maybe this is similar as Saylor waits for trapped capital to flow into preferred.
Maybe MSTR here will be remembered as the last and most obvious discount
Or maybe it will all fizzle out under his preferred mountains of debt.
What, pre bitcoin, served that role? What does Bitcoin replace, simplify or clarify that was previously more complicated? Forgive me as I do not understand. I do not understand why there could not have been, pre bitcoin, a proof of work calculation that creates a ledger (but doesn’t solve the Byzantine general problem). Why must they be tied together ? Sorry I am sure this is me just being really naive but curious
No worries - I wrote that very poorly and created the confusion
Agreed. But I have to be careful not to lead others astray, and I’m Sometimes caught between eagerness to keep conversations going because I think it’s healthy, but also the admonition that it’s better to be silent and thought of as a fool than to open my mouth and remove all doubt
I tend to think of the kingdom of God as being a little bit more overt. I think we are creatures, subject to creator, and I think at some point that will be realized more clearly.
I think service, in as much as others are Gods children, is justice.
But to borrow from psychology, there is a hierarchy of needs. We have to spend some of our time in some of our places attending to the basic needs of others, food, shelter, etc., but we also have to be working towards giving them truth. It’s complicated but I think that’s why we have community. People have different skills and different abilities. We have an obligation to Steward that community in the best way possible. To meet all of these needs. Which we could never do in one lifetime. Which is why we are also compelled to steward in the next generation. And the generation after that. And there are plenty of passages talking about your grandchildren‘s grandchildren. So we don’t all have the ability to give every resource away during our own lifetime Because that may be shortsighted.
Ideas are that by which we know things. We are made to conformed the truth. It is probably a discussion an order or more past my capability but ideas as non physical , to me, are untethered to the physical world, and therefore there would not seem to be any need for ownership or concept of ownership of the idea? There is nothing precluding everyone apprehending the same idea at the same time in the same way because it does not physical, and so I don’t think ownership the way that I understand it as a necessary component of a physical world applies.?
I apologize for the misunderstanding.
I was referring to my own note as an amateur take - not anyone else’s. I do not have any credentials to interpret scripture is all I meant by that.
I think it’s hard to take things out of context. Just before that passage, is the unusual passage of the dishonest steward where the master commends the dishonest steward and says “I tell you, use worldly wealth to gain friends for yourselves, so that when it is gone, you will be welcomed into eternal dwellings.”
The more wealth you have – and this isn’t necessarily money, although that is a part of it – the more you are required to steward it on earth towards friendship. In both passages, it’s a given that this wealth is only temporary. In both passages, those who had none were not held to much account.
I think we need the poor because even if their existence is a result of our own fallen nature, it is allowed to persist so that a great a good can come from it. But that greater good involves proper stewardship. It’s not so easy to say give it all away – that can actually lead to worse outcomes. We have other obligations, but besides feeding the poor – we have obligations to know the truth, and our tools for getting to The Truth in this world involve getting closer and closer through uncovering worldly truths. And the more that you have, wealth, however, defined, but most especially monetary because that is the most flexible, the more you have to hone your prudence to deploy that in virtuous ways.
But I think one temptation of material wealth is to delude yourself into thinking that you could do even greater good, if you had even more material wealth, and so you delay action with the excuse that you are accumulating more so that someday you will have more and more leverage. I think that’s possible, but I do think to go down that pathway without succumbing to making it all about the accumulation of the wealth does become more and more like threading and needle.
If you know the poor, if you really know them, if you shake hands are up shoulders with them, it grounds you. It rains you in. If you keep them outside, away from you, away from contact, you can live inside your head, wrapped up in your thoughts, imagination of self glory, and never actually do any good. We need Acts of the apostles more than just grand plans
It would seem like a great idea to fill a demand for asset protection, future pension provision, pre nuptials, inheritance - if I understand it conceptually. It would seem a service to the field.