Dorion Mode

November 1, 2021

The Bitcoin address as a sign of intelligence

Filed under: Bitcoin — Robinson Dorion @ 00:15

As Bitcoin continues its unyielding march toward global domination, disrupting all forms of socialism down to the Wormatiense roots, more and more of the burdensome exigences of the two cent class just wants to join the party. Being what they are, they either don't want to actually change and adapt themselves in response to the evolutionary pressure Bitcoin is imposing or they're simply too poor to do so. They really only want the fiat gainz of the booty Bitcoin reaps in the war of attrition it's waging. Furthermore, they want to pretend that not only will the gainz make them rich, but that transactions shall be free or at least cheap enough to support their misrepresentations of reality. They prefer to hallucinate Bitcoin is some better form of democracy, that no matter how small their majority is, what matters is head count rather than money.

Today, I'm finding these ill-conceived notions manifest most obviously when it comes to the question of what is a valid Bitcoin address. For the uninitiated, Bitcoin addresses are called Pay to Public Key Hash (P2PKH) and start with a 1. One type of fake Bitcoin address to date is called Pay to Script Hash (P2SH). P2SH started as just multi-signature and then had Segregated Witness (Segwit, aka Jim Crow) functionality bolted on, these addresses start with a 3. The other type of fake Bitcoin address is called Bech32, which are only used for segtwit and start with a bc1. Before we delve into the details, let's detour a bit into my own learning process so you can see how and why I've come to this position.

People failing to grok Bitcoin is by no means something that's new. After all, it's a convergence of many complex fields, from money to politics to computers to cryptography and more. Change is costly and mediocre people, being resource optimizing organisms just as normal people, surely would prefer to get paid for changing as little as possible about themselves, if only it were feasible. Indeed, Bitcoin being a better PayPal/Our Democracy were prevalent well before I started learning about it in 2012 and going in full time in 2014. Admittedly, I held these notions too for a while, though I didn't realize it at first. I met the Coinapult bros in 2013, listened to several of the "Let's Talk Bitcoin" podcasts from that era, followed links from /r/Bitcoin believing I was researching, etc. While Coinapult was trying to do market making and arbitrage on play exchanges and payment processing for merchants and that's where the money was in their model1, the prime focus of 2014 was not improving the trading nor getting more merchants really, but instead, spurred by a combination of Wall Street investors wanting to see users over profits and the socialist, being an engineer tendencies of the "CEO" Ira Miller, the management formed some cheap slogan about lowering barriers to entry to improve access and yada yada yada about crushing payment obstacles, i.e. the opposite of strategic superiority. This manifested in the majority of the company's payroll being malinvested into the development of a webwallet and falsely claiming Bitcoins could be sent by email and SMS. The other branch of the malinvestment was in office space2. Nevertheless, being an energetic, but n00b 24 year old, I poured myself into the job and drank the Kool-Aid for a while, until about December 2014.

I don't remember exactly when, but the fundamental cause of me starting to puke up that Kool-Aid and realize my notions were ill-conceived was the blocksize war. Bitcoin, while nevertheless the biggest thing going on in computing at the time3, was a lot smaller then and the socialist media coverage Sybil attack was a lot weaker or at least a lot less verbose. Thus, signals from the font slipped through and I had the smarts to investigate, reading first lots4 from Trilema, Contravex, Loper-OS, the Forum logs5, Qntra and later Ossasepia, The Whet, etc. Mircea Popescu was the first and most informed to oppose Gavin Andresen's bid to hardfork the Bitcoin protocol6. While the technical issues were interesting, they were very much over my head at first until I started spending more time talking with Jacob Welsh and feeding off his explanations to support my own reading. What I understood better, or at least had better sense for, were the political tensions.

Before I dive into the political, I'll note that the technical tensions come down to the security of the blockchain, one measurement of which is Bitcoin node count. Nailing down a number is a harder task than the casual observer might expect. A primary factor in the difficulty is the fact that pretty much all modern hardware has been backdoored. While you may have heard a lot of noise in recent years about the dangers of running Huawai network hardware, the fact is, Intel has been backdooring its chips since about 2008 with the Management Engine. This means for the network to maintain security and actual decentralization, it's imperative that older hardware can keep up with the data processing requirements and the verification of cryptographic signatures is not cheap compared to other tasks one might make a computer do. This is a major issue scalability sheep overlook and a likely reason influence agents push the myth that blockchains can safely scale on extant hardware. If everyone's on newer hardware, you increase the odds 3 letter agencies have a backdoor to the network. Read that again. By January 2015, I recall having dinner with Ashe and telling him I was coming around to the idea of the importance of adapting the world as it is to Bitcoin rather than adapting Bitcoin to the extant world. That, if I had to choose between the two, I would rather live in a world were I was too broke to send Bitcoin transactions, but where Bitcoin was strong and secure than experience the short-term gratification of being able to send Bitcoin whenever I pleased on a chain that is weakened and in the long-term easier for its enemies to subvert. The other option is to want to be able to spend Bitcoin such that you make yourself rich enough to have a miner include your transactions in a block. That was a fundamental realization for me and certainly instructed by Bitcoin's Declaration of Sovereignty.

On the political side, the aspect that stood out to me the most was how hard Gavin Andresen was pushing the change for the sake of "mass adoption", i.e. the perceived interests of extant no coiners, with little to no regard for the security of the blockchain, i.e. the needs and interests of the extant owners and miners and their ability to maintain full nodes. He was pushing a risky change to a perceived future problem and meanwhile ignoring legitimate questions from informed and powerful stakeholders7. The two conversations best demonstrating Gavin's pigheadedness are one with davout and another in the forum, the latter of which Gavin seemingly and conveniently for him avoided MP's presence and which included pointed comments such as :

ben_vulpes in any event, gavinandresen, there'll be no more forks from you. you blew it back in the day, and you lost the initiative on this one months ago.

What did this mean, how did he blow it back in the day ?8 Well, thankfully, Mr. Popescu9 took the time to write it out, start with these, Bitcoind : not quite ready for prime time ; In re Bitcoin Devs are idiots ; And Gavin moves on to the dark side. The Bitcoin project is officially hijacked ; Bitcoin was written by the retarded, part II ; The sins of the group of posers behind the so called "Bitcoin Foundation". Once you've groked those, move on to the meta considerations, e.g. USGavin, the lolcow. Fast forward to April 2015, the scam bitcoin foundation runs out of coin to pay half to Gavin and half to USG and what does he do ? Gavin goes to MIT to be handled by an adviser to Hussein Bahamas, need one say more to understand which side he was on ? Fast forward to 2017 after a whole lot of dicking around, BitCHcoin Cash hardforked from Bitcoin and was promptly sunk in the market, just like MP said it would be. As far as I see, the Power Rangers absolutely would've hardforked Bitcoin if they thought they could have gotten away with it, case in point :

asciilifeform: $up luke-jr
deedbot: luke-jr voiced for 30 minutes.
asciilifeform: what brings you here luke-jr ?
luke-jr: so we're discussing whether we can get consensus for a hardfork with the community here
luke-jr: is there any possibility of that, or is it just impossible?
asciilifeform: luke-jr: what's in your hardfork ?
luke-jr: asciilifeform: not sure yet; ideally, only things that everyone thinks are acceptable (including people here)
asciilifeform: well nobody can answer this mega-question until the concretes are given, neh ?
luke-jr: (unreasonable people demand we support 2 MB old transactions)
asciilifeform: normally folks going hard-forking have some specific idea of why...
luke-jr: asciilifeform: to show the industry that a hardfork and consensus is a possible thing
mircea_popescu: luke-jr do your reading.10
mircea_popescu: also, please don't refer to tmsr as "a community". it is not "a community", it is your liege.
shinohai makes popcorn
luke-jr: asciilifeform: things I'd like to see in it would be merged mining, additional inputs to the generation transaction, and maybe fix block withholding
mircea_popescu: $down luke-jr

The blocksize war exposed me both the the hierarchy within Bitcoin and attacks against it I had not considered. It caused me to humble myself and do a lot less talking and a lot more reading. Through that reading, one comes to realize that the blocksize was not the first attack on Bitcoin, which brings us to Bitcoin addresses. While the fake Bitcoin ala BitCHcoin Cash was brought to it's knees immediately11, why haven't fake addresses been exposed in the market for what they are ? Unlike BitCHcoin Cash, which was implemented as a hardfork, P2SH and Segtwit were implemented as softforks. For the unaware, a hardfork loosens the protocol rules and requires all nodes to modify their code while a softfork tightens the rules and only requires a high enough percentage of the hashing power to accept the tighter rule set. Due to how these addresses and transaction types were implemented, nodes that only enforce the protocol rules as Satoshi left them12 see and treat these transactions as "anyone can spend". The explanation from the JWRD log :

dorion: http://fixpoint.welshcomputing.com/2021/jwrd-logs-for-Apr-2021/#1834 -- jfw, no rush, but when you get a chance, would you mind teasing out the details a bit, i.e. how p2sh has always and necessarily been anyone can spend ? I see reading BIP 16 there is an attack explained, which seems to be narrowly classified as a 1 confirmation attack. narrow in the sense
sourcerer: 2021-04-27 21:50:09 (#jwrd) jfw: addresses beginning with "3" have always worked on the basis of "anyone can spend", this being required for transactions spending them to make it into the actual Bitcoin network at all. I'd conjecture that a notion that "multisig" is somehow safer comes about because the "ANYONECANSPEND" term itself apparently
dorion: that it doesn't consider the majority of the hashing power unwinding the softfork and collecting the booty.
jfw: well I did at the time but perhaps it got lost amid the parallel thread? http://fixpoint.welshcomputing.com/2021/jwrd-logs-for-Apr-2021/#1848 , http://fixpoint.welshcomputing.com/2021/jwrd-logs-for-Apr-2021/#1855
sourcerer: 2021-04-28 19:00:01 (#jwrd) jfw: 3-addresses, also known as "pay to script hash" or p2sh, were introduced by Gavin in 2012, in the linked BIP16 and related; in his own words : "Old implementations will validate that the {serialize script}'s hash value matches when they validate blocks created by software that fully support this BIP, but will do no other validation."
sourcerer: 2021-04-28 19:10:25 (#jwrd) jfw: so to expand a bit re 3-addresses, all a non-gavinist node requires to accept a transaction spending away the coins in them, is any string that hashes to that address (after some other minor encoding transformations) - which is kindly provided by the "owner" of the coins when they broadcast their own unconfirmed transaction.
jfw: this can be seen in the transaction template: OP_HASH160 [20-byte-hash-value] OP_EQUAL
jfw: this is the so-called "script" of bitcoin, basically like pushing buttons on a calculator and seeing if it comes up true or false to decide whether the transaction is valid.
jfw: the "buttons" however include stack operations and signature verification rather than just arithmetic.
jfw: but it evaluates left-to-right, after concatenating the "signature" script in the spending input with the "pubkey" script in the output being spent. So the complete script will look like:
jfw: ...signatures... [serialized script] OP_HASH160 [20-byte-hash-value] OP_EQUAL
jfw: the [] there mean an implicit PUSH of a byte string.
jfw: so when you get to the OP_HASH160, first the sigs and serialized (quoted) script have been pushed onto the stack. OP_HASH160 pops the first thing off the top, i.e. the quoted script, and hashes it.
jfw: pushing the result back onto the stack.
jfw: then the 20-byte (160-bit) target hash is pushed, and OP_EQUAL compares the top two things on the stack.
jfw: if they're equal, the script has returned true. no checking of signatures has been done.
jfw: the bip16 fork was that the core workings of the script machinery were twisted such that it will then additionally look inside that serialized script for further conditions (I haven't studied exactly how).
jfw: dorion: so from the technical perspective, it's an ugly and totally pointless hack. the stated purpose at the time was to push multisig harder by lubing it up to make it fit easier into existing software and/or human protocols. then there's the political angle - might want to check the early threads leading to the TRB project though that could be a long dig.
dorion: jfw, thanks for laying it out. yeah, I had primarily focused on the political angle so far, but wanted to round it out with a better understanding of the technical.
jfw: I'm recalling something about 0.5.3 being the red line in the sand, unless I'm mixing my deserts.
dorion: right, that was the furthest back they found they could go without breaking compatibility at the time (2014).

While multi-sig softfork wasn't directly described as anyone can spend by the Power Rangers, segtwit was from the beginning, as quoted in the forum log :

asciilifeform: http://log.bitcoin-assets.com/?date=16-12-2015#1345071 << how the fuck is the 'segregated' nonsense ~not~ a hardfork ?
assbot: Logged on 16-12-2015 23:08:47; BingoBoingo: Ghost talk https://www.mail-archive.com/bitcoin-dev@lists.linuxfoundation.org/msg03049.html
punkman: someone figured out it can be a "softfork", just don't send witness part to old nodez!
BingoBoingo: asciilifeform: "softfork" uses "anyone can spend" non-sense
BingoBoingo: asciilifeform: "soft" literally in the sense old nodes verify blocks and absolutely not a thing else.
punkman: and that someone was Luke-Jr
punkman: just ftr
punkman: "This seemed like a hard problem. I personally dismissed this as a solution for a long time as something non-viable, until Luke-Jr discovered that it's possible to do this as a soft-fork. What we're going to do is inputs, we just deprecate the signature field inside of inputs. It's going to be an empty string from now on. Obviously, an empty signature is not going to be able to spend an
punkman: actual output that requires a signature. Instead, the outputs do not push these scripts that we required to be satisfied, they would be encapsulated, it would be pushed as a piece of data. This allows us to, this effectively to every node, and every node not using this system, it's an ANYONECANSPEND. It's just an output that pushes data on the stack, the output doesn't do anything else.
punkman: It's ANYONECANSPEND. In a soft-fork, we can add a new rule that restricts what's valid. We can add a rule like, whenever we see, we could say it's a new type of script that is able to instead of updating its inputs from the signature field, it takes it from the witness instead. The witness becomes a third part of the transaction in addition to the inputs and outputs of a transaction. For
punkman: now it would only contain a signature."
asciilifeform: if 'ANYONECANSPEND', what exactly prevents an uncastrated node from... spending it ?
punkman: asciilifeform: it will only look like one
trinque: lets drown this motherfucker in complexity then carve our names into the corpse. I'm told this is what glory is.

The quote punkman references above is from Peter Wuille during a presentation in Hong Kong (full text), the one that got him a reward put on his head for attempting to import state into Bitcoin.

They don't describe what the transaction is doing.

The attempt to import meaning and state into Bitcoin is the true attack vector here, and particularly pernicious.

Have a read or re-read of the MPEx tech stuff and Integration is bad for Bitcoin entry points on for why importing state into Bitcoin is an attack.

So, we've established incontrovertibly that the lever exists to drain both multisig and segtwit addresses ; all that it'll take is for miners to unwind the USG inspired rules and revert to the protocol as Satoshi left it and as those who have done their reading continue to maintain and enforce. This is sure to be a bloody unwinding, especially considering many fiat companies posing as Bitcoin companies, e.g. exchanges, use faux addresses, despite a history of tears. You may wish to hold the belief that it wouldn't be in the miner's interest to take coins from 3 and bc1 addresses because it'd result in Bitcoin being branded a scam by outsiders and that even the majority of people claiming to own Bitcoin wouldn't like it. It'd crush all that news you've falsely identified as "positive"/"bullish" of El Salvador Mali using Bitcoin if the fraud were exposed that they're actually not using Bitcoin, but the Segtwit powered Lightning Netwerk on "their" Apple/Alphabet13 tvphones as they queue in the fast food line. People are free to hold whatever beliefs they manage to swallow and/or conceive, but just because they're free to hold them, doesn't mean they're immune from having their beliefs smashed and dashed against the reality of the immutable machine and its actual owners.

As far as miner incentives, it's important to recognize that miners are looters and they will defect from Bitcoin at some point in the future and turn their gear toward starting a new Bitcoin as part of the natural phase transition. If there is loot to be had on the current chain because poor, lazy, idiots were too "busy" spinning in their Dunning-Kruger ways to sort out who is who and what is what, it seems to me like a rational step would be to loot that pile first and butcher the idiots who shouldn't have touched Bitcoin with their unwashed hands to begin with prior to starting a new Bitcoin. Furthermore, just because some group of miners were socially engineered into tightening the rules at some point in the past doesn't mean that those same people will be around in the future or even that they won't change their ways. In any case, miners will follow whichever chain is most profitable. When the multisig and segtwit forks are unwound, those holding with addresses starting with 1 will have coins on both chains while those using addresses starting with 3 or bc1 will only have coins on the chain with weaker key security. The profitability and future of any chain is determined ultimately by who has the money. As the block reward continues to diminish and as value grows in addresses with weaker security, incentives increase for miners to retreat to the more secure rules and in doing so collect a tax on idiocy. Whether you believe miners shouldn't or wouldn't doesn't factor into the equation, the world runs on can and must after all.

As far as fiat exchanges go, indeed a large swath have built their castles made of sand on top of technology pushed by USG agents and will be proper fucked, which will likely be very confusing for the "average person". The pantsuit press is sure to claim Bitcoin was hacked or broken14 or a scam and you might even think such an unwinding would be "bad for Bitcoin", but guess what, MP was writing back in 2012 the fiat exchanges are part of the Obsequious party and of only temporary relevance and in March 2014 the price signal is unreliable and Bitcoin may be headed for the mystical phase completely detached from relation to fiat currency15.

So wut do ? Well, there's really no amount of research you can do to give you a definitive answer, at some point, you're going to have to trust. While Bitcoin is a system designed to operate peer to peer, without the need for trusted third parties, there is nevertheless trust in the system16 ; this trust most notably manifests when in comes to the code that you're running to handle your money. This tension is a reason why V was created :

V-genesis allows an agent to reconstruct a complete Bitcoin tree, verify its correctness, and manage his investment of trust at all junctures so that he is never required to implicitly trust either an unknown code author, or a code snippet of unknown provenance.

There remains after today no alternative manner to deploy Bitcoin software, or indeed any software that is not a toy intended to be used by children playing, outside of this paradigm. May the switchover be bloody and painful in all the right places.

So then, when it comes to "your" Bitcoin, whose words are you going to trust ?

Are you gong to trust the fungible tools of the failing USG Empire ala Gavin, Luke-Jr, Greg Maxwell, et cetera ? Those who believed in Bitcoin so much they were giving it away at 5 BTC a pop ; they who tried shaping free speech in the nascent forum17 ; propped up scams like Butterfly Labs and Mt. Gox ; tried blacklisting Satoshi Dice addresses in the Gentoo distribution of bitcoind (archived) ; introduced a coin inflation bug into their code18 and impredictability into the currency ?

Or the man making money on Lehman calls in 2008 ; the one who killed several early scams ; who had his PR educate tardstalk for years ; who nipped an early rally in the bud, before Bitcoin was ready ; who warned of and sank Mt. Gox ; who tore the face off the "code is law" pretense ; who pointed out the sad state of Bitcoin code... really we're only up to twenty sixteen and skipped several other wins he scored for BTC beyond and in between, e.g. enforcing Bitcoin as a sovereign. Really, go read Trilema's Bitcoin category or start with Diana Coman's review of it at least and then realize evergreen and useful gems such as the Airgapping guide aren't even under the Bitcoin category.

A caveat you might wish raise is, 2021 marks the year Mircea Popescu died, and thus, Bitcoin is severed from his embodied power and influence. It's true his death is the greatest loss for Bitcoin and the free world generally ; his words and coin, being as vast and profound as they are, were still the effect and indeed smaller than the man who was the cause, the prime mover. It's a loss than can't be quantified, for how do you quantify the irreplaceable ? You might wish to believe he was a central point of failure, though I'd counter with references to him being a central point of sense, an authority. That being said, for all the intense verbosity Mircea Popescu manifested, it very well could be that he was the more talkative of the Organization's harvesters and those with weight in Bitcoin who've not made their names known will just show. So, the price signal became unreliable, then S.MPOE went private, then the WoT went not-public and the oracle turned his attention to the private sphere with TMSR's closure and now Trilema, while it remains up, will no longer be updated. Just as he "somehow" foretold, Bitcoin, the change the consumers are revolting against, has become much more vague and intangible.

To tie this off, what can you practically do to strengthen your grip strength and thus grasp on the Bitcoin you claim to hold ? 1) only use addresses that start with 1 ; 2) use a strong source of entropy for key generation and transaction signing ; 3) implement an airgapped set up ; 4) learn to manage your investment of trust in the code you're running ; 5) run node(s) that do not enforce the Power Ranger's attacks and instead maintain the protocol as Satoshi left it ; 6) drop whatever "Bitcoin sources" you've been consuming and read Trilema as the points sink in again and again, 7) ask yourself if you're smart, stupid or a barn animal and 8) if you want a guide to help you speed up the process of strengthening your grip, come talk to us at JWRD.

  1. Though, poor risk management and failure to heed the signals flowing from the font, despite sitting at the table where it was decided, did lead to quite the painful Goxxxing. []
  2. I estimate the amount of budget burned on air conditioning alone in 2014 was easily greater than 21 BTC, because yes, despite growing up in and being acclimated to frigid fucking cold winters, I was wearing a sweater a good chunk of the time seated in Panama's hot humidity. []
  3. A lead that has only grown in the interim. []
  4. Even 6 years later, I don't reckon I've read any of them in there entirety, though I've read several of the articles several times. []
  5. Which, at the time, were published at bitcoin-assets.com, which has since been taken down and Trilema serves as the canonical log. []
  6. If you read far enough about the risks of the blocksize increase, you're bound to find discussions about perhaps an even greater risk to chain security, coinbase fragmentation. Here's a 2015 convo and here's a 2019 article. []
  7. Back before the plan/panic/scamdemic induced shortages, fragility of the computer supply chain was well understood, an example of which was the 2011 flooding in Southeast Asia inducing shortages of Hard Drive Disks. I know read this in the logs, but didn't manage to track down the link. Here's a link from the news. []
  8. As I aim to show in this article, if you've not studied in detail the history of Bitcoin and you don't know the who's who, you really haven't done anything to understand it at all. []
  9. And his PR, Hannah Wiggins. []
  10. The tippy tip of the iceberg on the reading that comes to my mind is The necessary prerequisite for any change to the Bitcoin protocol. []
  11. I sold most of mine at 20 bitcents. []
  12. E.g. JWRD's vtree of bitcoind, which uses many patches originally published by the now defunct Bitcoin Foundation. []
  13. Seriously, mobile phones might be the worst place to expose a private key, apart from posting directly to your myspace/facegram/instabook/whataverse platform account. These devices are meant to share information with the outside world and are designed from hardware, software and user experience perspective such that the manufacturer can modify the code on the machine at will, i.e. exercise ownership over it. What, you think the lies Sillycon Valley companies spew to support their political preferences are limited to presidential elections ? You think socialist driven and printing press supported tech companies are not opposed to the politics of Bitcoin ? Get real. Anyone that doesn't have or isn't willing to acquire an actual computer they can dedicate to Bitcoin is not a good fit for Bitcoin. There are of course other considerations, but if all the someone you're talking to has is a tvphone, move on. []
  14. You recall when Mt. Gox falsely claimed they were a victim of transaction maleability ? []
  15. Don't overlook that footnote v in the S.MPOE results, "This specifically includes any name you've heard so far. Excepting me, nobody with any weight that is actually involved in Bitcoin has to date made their name known.". Do you think that's actually changed in the interim, or did the strong hands only get stronger ? []
  16. As there is trust at the very root of finance. []
  17. And then of course retcon history years later. []
  18. And of course when it was discovered they recommended "upgrading". There wasn't a, "we fucked up bad yet again, perhaps we should shit down and shut up or maybe even take a long walk off a short bridge. No, instead it was, "you should now 'upgrade' and take all our other shit code, i.e. the TV raft 'solution'". []

Powered by WordPress