mircea_popescu: the only important question in computing is what i end up using anyway. to that standard, what difference could it possibly make.

mircea_popescu: asciilifeform you mean gossipd ? how can it possibly displace something that doesn't even exist!

mircea_popescu: "unprincipledly better" is the argument.

mircea_popescu: there's a process we go through here, first the engineers throw a fit, then i pick up the pieces.

mircea_popescu: ckang too soon for you to interpret anything

mircea_popescu: and do me a favour -- not in this lambasting tone! ☟︎

mircea_popescu: asciilifeform i know, but prepare a list of q's for when/if the guy shows up.

mircea_popescu: ckang feel free to idle there, smooth things over if need be.

mircea_popescu: i guess. on a superficial look it's certainly better than whatever tls bs. ☟︎

mircea_popescu: ckang you know the ancient story of how openbsd got saved from death ? it was eerily similar.

mircea_popescu: "<mircea_popescu> (on #wireguard) zx2c4 (the owner, j. donenfeld) : if you're willing to set two hours apart on any day of your choosing to answer wireguard questions on #trilema, i'm willing to donate 1 btc to your project. let me know, i'm usually on freenode (this nick). thanks & gl." << asciilifeform spyked whoever else might care. ☟︎

mircea_popescu: ckang you can read up on all the crypto functions, be they trapdoors or whatever, if you are interested. it's not illegible arcana. ☟︎

mircea_popescu: o look, there's even a #wireguard

mircea_popescu: i'ma have to get back to you on this.

mircea_popescu: the fundamental problem with formal verification is that it's not currently implemented seriously (which is to say -- completely, on small codebases). it's just machines poking at things generally, in an untenable theoretical model.

mircea_popescu: (which goes back to a long held asciilifeform notion, of "mining is a bug" -- certainly, but looky here : mining is also the direct result of "i want a shunt for the bruteforce, so i can say to people, "x is cheaper therefore y won't happen")

mircea_popescu: in any case -- it's currently cheaper to mine it.

mircea_popescu: this is roughly speaking 376440772360506502753317342245835 times the age of our present universe (the big bang having taken place 13.8 or so billion years ago).

mircea_popescu: ckang for an ad-hoc illustration : admitting that you own sunway taihulight (the chinese supercomputer discussed in http://trilema.com/2017/resplenduminous/ ), which does something like 9.3 * 10^16 flops ; and admitting you take 1 flop to generate a key (it's more like 150-200 irl, but w/e) and 0 time to check for its correctness, then you could expect a correct guess about once every 51948826585749897379957793229925273575140

mircea_popescu: but, for the expert minds tuned in : ckang 's question does not, as we currently stand, have a published canonical answer i can link him to. if you write it, i will link it next time someone asks.

mircea_popescu: there's also some ecdsa involved, but that's cryptographically less valuable.

mircea_popescu: admitting the merkle-damgard construction (what ripemd is built out of, see http://homes.esat.kuleuven.be/~bosselae/ripemd160.html ) does not have a backdoor, and that sha256 doesn't have a backdoor, you are looking at something like 256 bits of entropy involved.

mircea_popescu: the proper formula is : address = ripemd160(sha256(secret)). to go from an address to its corresponding private key (which is what "bruteforce" requires in this context) you'd have to reverse a ripemd160 and a sha256 op.

mircea_popescu: ckang here's the basic likbez : a bitcoin address (which is what keeps funds) is built out of a chaining of crypto functions : https://en.bitcoin.it/w/images/en/thumb/4/48/Address_map.jpg/700px-Address_map.jpg

mircea_popescu: ckang it's one of the things people do for their own satisfaction, but your question isn't without marrow. let's see here...

mircea_popescu: http://btcbase.org/log/2018-04-11#1795922 << this is broken in the same way as the subjects of http://btcbase.org/log/2018-04-03#1792556 discussion. ☝︎☝︎☟︎

mircea_popescu: in other words : it will never happen, the world ends first.

mircea_popescu: ckang the timescale involved in bruteforcing a bitcoin address exceeds the computable capacity of an alternate universe in which every single atom extant would be part of an ideal processor working at it.

mircea_popescu: but no, you're not going to bruteforce a key.

mircea_popescu: ckang the idea isn't you bruteforce it, the idea is that in between world A, where 100 people living have 1 btc each, and world A', where 99 people living and 1 person dead have 1 bitcoin each, is that the apparent value of the bitcoin will be 101% in A` vs A.

mircea_popescu: but whether this properly means you have taken it or you haven't taken it is very much an open question of metaphysics, "what is the meaning of taking".

mircea_popescu: technically bitcoin you can't take to grave either, the passive result of dead keys is a slight increase in the value of circulating bitcoin.

mircea_popescu: it's a xtian thing, "gospel by matthew". here : https://www.biblegateway.com/passage/?search=Matthew+6%3A19-34&version=NIV

mircea_popescu: so you never heard of "Do not store up for yourselves treasures on earth, where moths and vermin destroy, and where thieves break in and steal." and all that ?

mircea_popescu: as in, the xtian sect.

mircea_popescu: really ? it's the cornerstone of "protestant" ideology.

mircea_popescu: quite a lulzy implementation of the whole "do not build yourself perishable treasures" meme.

mircea_popescu: the fantasy the empire is living is that "nobody can be poor enough to starve". the only meaning of which is, "nobody can have any incentive to hold anything besides bitcoin".