I hadn't realised before that this means that you can provably "destroy" bitcoins. That is, you can "prove" that a certain bitcoin amount will never be spent again by anyone including yourself...
Thus no one can ever spend those BTC ever again, they exist in BTC limbo, attached to a notional wallet that (probably) exists but can never be found.
Maybe just setting up 100 addresses and constantly transferring small payments between them, filling the transaction history with garbage. Is that possible, and is there any protection against that?
1. priority = sum(input_value_in_base_units * input_age)/size_in_bytes
In general, let's say a govt agency get assigned an $18.5m budget to break the Bitcoin currency as much possible, what could their plan of attack be, i.e. spend that money in the most efficient way possible? Create a large ring of wallets and send tiny payment around the ring? Create less wallets but send large payments between them?
You deposit e.g. 10BTC then gamble it as you wish, and then each individual bet isn't on the block chain.
Then when you're done you can withdraw BTC back out as you wish?
This is how normal online casinos work because they don't want to handle lots of tiny transactions either.
Patient0 mentioned before I got to post this, the other attack I know would work. Destroying tokens. But it is a bit more complex than he mentions, but you can actually generate ECDSA key's that will work for one transaction, and then never again. A one time spend token that then self destructs for the person you paid.
I haven't been able to build anything that would work for two transactions. Which would be the most useful since you'd have a delayed "poison coin" but I don't see any reason it isn't computationally possible.
The "coin" is not a single token that lives on and is broken apart to be spent, so there's no way a coin could self destruct after being transferred.
I understand fractional coins. I was over simplifying for brevity. I'll give you a hint. You have to move the coins between two wallets you own before you create a coin that will "break" when it goes in to the third's wallet. The Third wallet accepts a coin that no one will take afterwards. The coin becomes undependable.
Given that this seems very similar to el33th4xor's Virtual Notary, how would one distinguish between the strengths or use cases of the two?
http://hackingdistributed.com/2013/06/20/virtual-notary-intr...
I don't believe there is any meaningful technical difference among these.
[1] Clark, Jeremy, and Aleksander Essex. "CommitCoin: Carbon dating commitments with bitcoin." Financial Cryptography and Data Security. Springer Berlin Heidelberg, 2012. 390-398.
[2] www.proofofexistence.com - Upload a document and have it certified by the Bitcoin blockchain bitcointalk user: maraoz https://bitcointalk.org/index.php?topic=212701.0
But the important differences are actually technical. Virtual Notary is a much more general service, offering to attest to any kind of online factoid. Let's elevate the discussion here -- it doesn't matter who was there first (because the AT&T folks were there two decades before both services), what matters is who offers the most useful service [3].
As for the previous work on selfish mining, see here [2].
[1] http://www.ietf.org/rfc/rfc3161.txt
It's best to think of Virtual Notary as a impartial online witness to factoids that can be checked online. Besides documents, it can attest to the content of web pages, tweets, weather conditions, stock prices, exchange rates, employment status (for those institutions where we know how to check employment status), house features and prices, etc.
It can also issue official, certified random numbers.
Virtual Notary also allows the users to download an independently-verifiable X509 certificate of attestation.
* that is, at some future date (or secretly, today) an algorithm could be discovered breaking the one-way function used to generate these hashes. Then a collision could be found, perhaps with chosen-prefix. Meaning an arbitrary file could be suffixed so that it looks as though that is what was hashed today. In the past, many hash algorithms thought to be strong were weakened in this way.
