I have formatted the leaked emails from 2013 to make it clear to read. Below you will find video's in 2017 from Johnny Dilley and Roger Ver Then Peter Todd.

The Leaked emails of John Dillon and Peter Todd: ==================================== Here's my new section. What do you think? Section 2.2 Transact on Their Own Terms: The Corporation recognizes the decentralized, consensus-based nature of the Bitcoin technology. The Corporation will seek to protect and promote decentralization through legal and technical means, including, but not limited to, the fungibility of individual Bitcoins, the ability of individuals to participate fully in Bitcoin by running full validating nodes, the ability of individuals to operate a full validating node anonymously, and the ability to chose what level of privacy their transactions will have, including anonymously. Peter Todd -------------------- That's a fair point. I'll increase the reward to $1000USD Glad to hear about your progress! Keep me updated. John Dillon ------------------ Just a request, could you sign my PGP key? As you have probably guessed my intent is to stay anonymous. This is my real name, but not my usual email, so the usual PGP web of trust procedures don't really apply. Basically, when you get down to it the question is if this PGP key corresponds to my identity, and that identity is Bitcoin John Dillon right now. Thanks, John Dillon (whomever that may be)

—————-

Hmm... Yeah, I think you have a good point; I'll sign it. I mentioned the exact same issue with Satoshi's PGP key actually in a pull-req with regard to the foundation bylaws. (they referenced his key by the insecure 32-bit keyid) Nice job with the PGP keys... maybe it's all the better that we have people like you making that kind of "dirty work" happen and demonstrating attacks in a relatively controlled way. Personally I'm of the opinion that *if* the 1MB blocksize is kept the way it is, allowing data in the chain isn't a disaster. ~57GB a year is a lot sure, but it's a managable problem.

Petertodd ------------------

I hope that helped you guys, but sadly I think you are up against people who simply have an axe to grind. Still let me know if I can help in the future. Looks like I am going to have some substantial commitments around the time of the conference. Not sure exactly when but I'll likely be out of email contact for two or three weeks. You might want to do the same sometimes too you know, at least when it comes to forums and github. Focus is good sometimes.

Just a suggestion...

Fri 03 May 2013 02:59:57 AM John Dillon

—————————

This is going to be the text of my pull-req. What do you think? Satoshi didn't create Bitcoin because he wanted another way to pay people over the internet. If that was all he wanted to do, he could have done it via conventional, legal means. Setup some company, hire some lawyers, navigate regulation.

What is special about Bitcoin is that it is a technology, not an organization. As Satoshi said:

> Then strong encryption became available to the masses, and trust was no longer required. Data could be secured in a way that was physically impossible for others to access, no matter for what reason, no matter how good the excuse, no matter what.

Bitcoin is an idea, expressed in code, and a group of people who chose to accept and value that idea. The Bitcoin idea places as little trust in others as possible, and for what remains, the valid transactions placed into the blockchain, the decision is made by a democratic vote among everyone who possesses hashing power. It is decentralization that makes the Bitcoin idea valuable, and what makes it so fundamentally revolutionary compared to what came before it.

Without decentralization Bitcoin is just another way to pay people over the internet. A Bitcoin where only a select few can participate in that democratic vote is simply not the Bitcoin Satoshi created, and is no different from the centralized systems that came before it.

Anonymity is a key part of true decentralized decision making. Without anonymity you can-not make decisions freely, decisions like what transactions you accept as valid Bitcoins, and what transactions you place into the blocks you mine. It is notable that Satoshi himself wisely decided to use a pseudonym rather than his real identity, allowing him to make choices about Bitcoin free of interference from authorities.

While the blockchain technology will always be public to some degree, we must not promote further encroachment on the ability of individuals to transact and mine with the privacy that they desire, be it fully anonymous, or no privacy at all. User-defined privacy must continue to remain a part of Bitcoin and the Foundation should promote and develop technologies that expand upon the options available, and make the whole spectrum of privacy options easier to access by all users.

Finally, pragmatically speaking, the Foundation has been repeatedly attacked by those who see it as contrary to that decentralized nature of Bitcoin. To some extent those people are right: like it or not the Foundation has a significant amount of control over the direction of Bitcoin by employing Gavin and funding development. There are very real social reasons why that control exists. By making a clear statement of purpose that includes decentralization, the foundation can help meet those concerns.

Of course the Foundation is not Bitcoin. If the Foundation does not support these goals and values, the only honest thing to do is make it clear what goals and values the Foundation does have, so people can make an informed decision about whether they want to support it, or some other group.

Fri 03 May 2013 04:00:32 AM GMT

John Dillon

———————————

Posted to the forums.

I don't have a reddit account, but I'll make one and do the post early tomorrow

morning.

John Dillon

—————————- I appear to have deleted it.

Anyway I was replying to your replacement message and said that yes I think you have a good idea with releasing, so go ahead and do that. Setup say 5 servers on EC2 for testnet for the testing.

We will say you have the money at this point to discourage others who may be less ethical about their release schedule. Let me know when the servers are ready and I will make a bigger post. petertodd --------------------------

On Wed, May 08, 2013 at 09:26:15PM -0400, Peter Todd wrote We're good to go. The branch is:

People can -addnode=testnet-replace-by-fee.bitcoin.petertodd.org to use it. Point out the usual stuff about why doesn't do recursion, or have any additional features. I setup about 25 micro servers, that's like $60-$100 a month or something? I'll see how it goes - fun to play around re: relaying. Petertodd

———————-

Gavin really pissed me off here: https://bitcointalk.org/index.php ?topic=196138.msg2113288#msg2113288

I'm thinking of posting to the -development email list asking the developers point blank about why they don't challenge him on that stuff. I'll mention the distributed hash tables thing he was saying earlier for solving mining scalability too. He knows you aren't that stupid. Anyway, I'll try to be at the conference. If I can get in a situation where we can chat securely I'll use the code-word "powpos dht proof" in conjunction with "john dillon" to let you know you are actually talking to me. No guarantees I'll make it out though.

11 May 2013 07:27:30 PM GMT John Dillon

————————

Ok, I replied on the forums instead. The SPV attack is a good idea! Lets do it, and lets do it anonymously. Tell me what your priorities are for after-conf work. I'll think further about the identity thing. I will say I have been very careful to date. Possibly satoshi-level careful? The bitcoincard people posted BTW. You would like my comment: https://bitcointalk.org/index.php ?topic=202558.msg2118675#msg2118675

Sun 12 May 2013 06:28:26 John Dillon

————————-

> The SPV attack is a good idea! Lets do it, and lets do it anonymously. Tell me > what your priorities are for after-conf work.

1) replace-by-fee: we need to make this usable. So incorporate wallet fixes so using it doesn't mess your wallet up, then add the "try to undo" and "change fees" features.

2) P2P network messaging with hashcash anti-DDoS. Make this a general thing, with specific message types. The hashcash will be used for priority ordering. 3) Trust-free mix system on top of the P2P thing. Figuring out how to handle change will be hard... I should do a write-up and post it to bitcoin-development email list and get the ball rolling there. SPV attack - lets be more clever about it... why actually do it when we can start a fake company offering the service? > I'll think further about the identity thing. I will say I have been very > careful to date. Possibly satoshi-level careful? Good. Remember that your choices are limited when you have to think about the legality of your actions. > The bitcoincard people posted BTW. You would like my comment: https://bitcointalk.org/index.php ?topic=202558.msg2118675#msg2118675 Nice! Tracking them down at the conf is on my todo list.

peter

—————————

Interesting message I got from Gavin. Regarding my schedule I'll be back in contact for sure two weeks after the conference. As I say below you do what you feel is right with replace-by-fee. I'm looking forward to seeing the video! You will see some more support from me in the future with it too. My bitcoins aren't accessible right now due to some travel, but you can say in the forums you have gotten another 1BTC from me today. I will make good on that promise.[size] Quote from: Gavin Andresen on May 13, 2013, 02:41:11 PM Hey John: Are you running a bitcoin-based business? What's your background?





John: Nope. I and my partners are all involved with Bitcoin as investors. Nothing fancy, just an small group who care deeply about financial freedom and privacy and are investing what we can afford to lose. I think I'm still the only one who has become active with the community.

I haven't been a programmer for awhile, the usual management career track got me, but math and computer science theory hasn't exactly changed.

Quote from: Gavin Andresen on May 13, 2013, 02:41:11 PM And will I get a chance to meet/talk with you at the conference this weekend?

John: Unfortunately not. I have a few weeks of other commitments starting very soon. I probably won't even be looking at my email. Peter will be handling replace-by-fee. I fully trust his judgement about how to proceed.

Tue 14 May 2013 02:35:14 AM

John Dillon

—————--

Huh, yeah he sent me a similar one, but aimed at "what should I tell people asking to hire developers?" Obviously he's taking you seriously - a good thing I think. That post by Mike Hern about putting you on his ignore list is similar really...

> Regarding my schedule I'll be back in contact for sure two weeks after the > conference. As I say below you do what you feel is right with replace-by-fee. > I'm looking forward to seeing the video! You will see some more support from me > in the future with it too. My bitcoins aren't accessible right now due to some > travel, but you can say in the forums you have gotten another 1BTC from me > today. I will make good on that promise.

Thanks! Yeah, no rush about actual funds, I've got cheap rates on my line-of-credit. re: replace-by-fee I think I'll do a version that "solves" the DoS problem by simply not replacing transactions that have been re-spent, a good half measure in any case that again further reduces harm. I'll implement that right after the conference. The code for it is also easier too, so it's more likely to get accepted by miners.

Peter

———————

Also, on decentralizing mining, I had the idea of adding a UDP method for very fast distribution of block headers and tiny full blocks. The idea here is the moment a new block is created, every miner should immediately start working on a block that would orphan that block with only the coinbase TX in it.

This punishes blocks that take a long time to propegate, particularly for miners behind low-bandwidth links. It'll be a nice natural incentive towards smaller blocks, although I do worry a bit about how the idea could be latched onto as "well obviously we *can* increase the blocksize now!"

Petertodd

——————

> I was talking with Gregory Maxwell about decentralizing mining at the > conference. He came up with the idea of tightly integrating mining > functionality into the client using Luke Dashjr's getblocktemplate > protocol; the existing getwork is not compatible with ASICs. The idea > would be to make solo-mining as easy as possible, and further more to > move pools to a structure where the pool's function is to co-ordinate > share payments, not block construction. Essentially hashers would become > true miners, doing transaction selection on their own, and then pools > would credit them for their shares and do the accounting. In this model > all a pool can do is defraud miners rather than harm to the whole > network.

Smart idea.

> It's also nice because by doing so we make the dangers of a large block > size very clear by making large numbers of miners see immediately how it > makes it difficult for them to operate. We also make changing the size > more difficult in general because the decision then becomes one that > hundreds or even thousands of miners need to make individually, greatly > slowing down any possible change. Of course, I didn't say any of that...

Why not go ahead and say it? You know that Mike and similar will counter-argue that mining needs to be done by "responsible" central authority figures running pools, so let them make that bogus argument. I've seen Gavin criticising you for not working on making mining decentralized too, so go ahead and force him into a position of arguing against that. People criticise you for your motivations all the time. Don't give them more ammo. Being totally upfront about why you are pushing decentralized mining is a good thing. In my opinion what you are doing is obvious anyway. Regarding your idea for fast block header propagation, and delibrate orphaning by miners, I like it and I too worry that it could be seen as an excuse to increase the blocksize. Maybe keep that one secret for now, but look into the infrastructure to make it possible? It would make sense to have a UDP-based block header distribution channel for a lot of things, like you keep saying with blockheaders over twitter and other fun. The system doesn't need to be able to propagate whole blocks in UDP packets however technically possible it is. Regarding rational, also point out that mining ontop of a block that you have not verified fully is always unacceptable due to attacks. Reducing your block size to zero transactions just makes sense in terms of rational miner behavior. Why work on something that you know has a high chance of not propegating fast enough to win the race?

> I think the devs should direct the 10BTC donation you made a few months > ago to this effort - would you and your partners be willing to commit > some more funds? I can throw in some BTC myself. Greg, Luke and I have > talked about possibly doing this an a public assurance contract. Keep in > mind that you lot have created a fair bit of controversy - donating > towards something less controversial than replace-by-fee and my video > could help out.

I do not donate funds with strings attached, but if the dev team needs any guidance of what to do with that 10BTC, I think this is an excellent project to use it with.

We can donate further funds, but show me the concrete proposal first with scope etc. Your keepbitcoinfree-announce post seemed to say you were going to post to troll-talk, do so. Speaking of donations, I saw someone with ~180BTC made a 10BTC donation to your address. Good work! I also finally got a chance to see the video after dealing with Monday obligations. It is excellent work and very professional. I heard too through the grapevine about the response you got a the developer round table at the conference. I would say Peter Vanesse seems way out of touch with regard to privacy, and good that you got a small crowd after the discussion

talking about decentralization. I'd be interested in slides of your talk if you have them. Do you know when video is going to be made available by the foundation?

> In addition a video advocating to miners to run the software would be > good too. The idea is non-political enough - at first glance - that the > Bitcoin Foundation may be willing to help fund it through one of their\ > grants. (the next cycle's deadline is june, probably too early, but the > one after that isn't far away)

If you take my suggestion of being up-front about the decentralization reasons for doing this, it will be interesting to see the response of the Foundation, or for that matter, integrating those changes in the reference client anyway.

Tue 28 May 2013 05:43:38 AM

John Dillon

———————-

>What are your thoughts on scamcoins? Everything but namecoin and maybe litecoin is a scamcoin and they deserve to die. > I might have a project for you...

?

Peter

———————--

Hi John,

I saw Peter Todd's post recently that he received funding from you for work on replace-by-fee, and of course I've also seen your various rewards and bounties placed elsewhere. As I am also interested in helping to fund some of this work, I thought perhaps we could get to know each other and join forces as appropriate? On my side we are working on Hive, which is a user-friendly Bitcoin wallet for OS X (and eventually Android). Most of my interests lie in speed and reliability rather than cutting-edge features. I saw your campaign Keep Bitcoin Free!... If you don't mind my asking, what else are you working on?

Cheers John,

-wendell

——————- Good idea.

To clarify Keep Bitcoin Free! is Peter's project, not mine. I only contributed funds and offered to let him use my name publicly as a supporter. To be frank I have a lot of commitments in life between work and family, I apologise for how I can only really reply on weekends at best, but I have been following Bitcoin for years and consider it one of the most important cryptography projects out there. I also am very concerned with the long-term viability of Bitcoin with regard to preserving its decentralization and privacy. (you may have seen my pull-request to add decentraliztion to the foundation bylaws: https://github.com/pmlaw/The-Bitcoin-Foundation-Legal-Repo/pull/4 ) Keeping Bitcoin fast, reliable and accesible for your average user is definitely an important part of my goals.

What are your thoughts on SPV/partial mode? Myself I would much prefer to see the latter implemented than the former, you may have seen myself and Peter talking about the DoS attack risks for SPV nodes. Where are you at with regards to hiring a developer? I'll point out that Pieter Wuille is doing some of the initial work required, and should be involved in some way. (doesn't have to be financial) I noticed that Pieter was involving Peter in the discussion on IRC about his initial steps.

Beyond partial mode I am also interested in seeing node-to-node encryption and authentication, IE SSL for peer communications, an important feature for preserving privacy against attackers who can wiretap. For instance right now even if you have a node that you trust, maybe your server at your house, there isn't a good way to have your wallet on your phone or laptop connect to that server because the connection is completely unauthenticated and unencrypted.

FWIW adding SSL to the protocol is a fairly relatively non-invasive change. It might be worthwhile to implement that first as a means to test the developers You wish to hire to later implement partial mode. Thoughts?

Mon 05 Aug 2013 04:32:45 AM John Dillon

————————-

Private IRC chat:

11:11 <petertodd> Everyone knows John and I "know" each other, if anything I'd like my PGP signature on his key to make the nature of that relationship understood. 11:11 <petertodd> good point 11:12 <gmaxwell> (I think half the people think you and John are the same person. :P ) 11:12 <petertodd> ha, I know, I'll admit he kinda creeps me out a bit sometimes... he's admitted he reads all my posts religiously 11:12 <gmaxwell> I keep thinking that maybe there is some crypto magic thing we can do to reduce the problem, but I never seem to find one. 11:12 <petertodd> yours too BTW 11:13 <petertodd> it's like... "For fucks sake, can't you promote someone *elses* ideas for once?" 11:13 <petertodd> ugh 11:13 <gmaxwell> some kind of thing like ring signatures of all the signing parties for tokens of trust. 11:13 <petertodd> But then again, he's got money so... 11:14 <petertodd> I think part of the problem is just Bitcoin is solidly a hobby for him, and he sounds like he has very little time, so he's picked a "cause" to champion, and has focused on it.

Though seriously, branch out a bit! I know time is an issue for you, but still; I really do mean this in the nicest way.

Peter

————————

Also gavin too: 05:32 <warren> talked with gavin 05:32 <warren> he seems entirely uninterested in the connection exhaustion issue 05:32 <warren> doesn't think it's real 05:33 <warren> He also claims to not know of any more serious DoS issue enabled by bloom 05:33 <warren> and he wants to know where I heard of it 05:33 <warren> I told him I don't have permission to reveal that. 10:19 <petertodd> lol, awesome 10:19 <petertodd> bit of a joke there 14:37 <warren> what part is a joke? 14:45 <warren> oh 14:45 <warren> he also thinks jdillon and you are the same person!? 14:47 <warren> or rather a "sock puppet" 15:43 <petertodd> lol, I'm not surprised - I was talking about that with gmaxwell earlier too Sheesh.

I'm going to write a tool to exploit the connections/bloom io thing BTW, so don't go and offer any rewards for it please... Lets see what the reaction of those involved is without any further drama. FWIW gmaxwell was pointing out recently that by seeming to attack Mike you'll give him more political sway, not less, by letting him hide behind that rather than address tech issues; gmaxwell's opinion is that Mike doesn't have any political sway anyway.

peter

-——————-

Sorry about that, if you think I've been following you too closely and pushing your ideas too much I can back off. Thanks for letting me know this stuff quickly though. In all honesty I don't give a damn about what the general Bitcoin community thinks of me other than to the extent that is helps my goals when it comes to decentralization and privacy, but that doesn't absolve me from playing a bit of politics all the same.

> I'm going to write a tool to exploit the connections/bloom io thing BTW, so > don't go and offer any rewards for it please... Lets see what the reaction of > those involved is without any further drama. FWIW gmaxwell was pointing out > recently that by seeming to attack Mike you'll give him more political sway, > not less, by letting him hide behind that rather than address tech issues; > gmaxwell's opinion is that Mike doesn't have any political sway anyway.

Ok, I'll keep bloom io on the down low then. Gregory makes a good point there, I'll take his advice then.

What's with Gavin's pull-req on your CVE? Sounded nasty the way he didn't even mention why it was changing things. I read Sergio's blog post, sounded like it\ wasn't a big deal, and what you said about the limits of what the dev team can do at the present time sounded reasonable to me.

Just so you know this stuff about Tor has me worried... Please don't make this public, but my day job involves intelligence, and I'm in a relatively high position. You know, I went into the job years ago with very different thoughts about it than I do now. The last, well, decade really has changed a lot of minds in this field, in totally different ways. Myself I am on the side of Snowden and Assange, but... lets just say when you have a family your willingness to be a martyr diminishes. The same is true of many of my colleagues. Hopefully my support for Bitcoin can help undo some of the damage we've done, but I do have to be careful and it's tough to take all the precautions I need to to be able to communicate. If it was found out that I was involved with Bitcoin that way I have been, let's just say there would be consequences...

Mon 05 Aug 2013 04:51:27 AM GMT John Dillon ----------------------

In addition to what I said earlier, I mentioned your status to a friend of mine who is a former spook and well aware of the dangers of the business to anyone with a sense of ethics.

He told me to tell you this, word for word: "An old crow strongly advises you to consider the risks to yourself and your family, and stop what you are doing." I trust his judgement, and just as importantly, his ethics.

Be careful. Myself, I suggest you think hard about whether or not what you are doing has had enough of an impact on your goals to be worth it - I can't answer that question for you.

Peter ---------------

Hi JD.

Do you know me? If so, we have some catching up to do. If not, my mistake.

Dan Libby --------------

> If so, we have some catching up to do. If not, my mistake. Sorry, remind me again where I would have known you from? John Dillon -------------





Peter,

Could I please borrow just over 5.1BTC from you?

I'm away from my coins and I could really use some for the CoinJoin bounty. Amir's ridiculous attempt to grab the bounty has gotten me rather pissed off, and I have a statement to make.

The BTC is so I can quite clearly write that I am the largest single donator to the fund. Perhaps silly, but statements are worth making.

You know I will pay you back.

This email isn't signed, because I don't have my PGP key with me. Thus pay the funds to the address in my encrypted message to Gregory Maxwell in the coinjoin thread. You'll note that I also encrypted it to you. I hope that is sufficient to convince you that this is really me.

Thank you, John Dillon

On Thu, Aug 29, 2013 at 02:08:39AM +0000, John Dillon wrote:

Dear Nigerian Prince,

It was great to hear from you! My bank account details are... Tell you what, given you do all your transactions in the shadows anyway, for the record you can say you've donated the money and I'll settle the difference with Gregory Maxwell as required. I'm not terribly impressed with Amir either - I suspect he's introduced a security hole by how he passes data to the command line without escaping. You should mention that in whatever you are going to write...

———————-

Warren keeps asking about some email he sent you... and you still owe me.

peter ———————-

Sorry, with the silk road and that NSA document on Tor and other things I decided to take a break. The atmosphere has been rather tense and paranoid in my industry lately.

I'll send Gregory Maxwell the funds ASAP and reply to Warren. Best wishes

Sat 26 Oct 2013 04:44:55 AM John Dillon

———————-

Hi Gregory,

I apologise for my tardiness, but here is the 5.11BTC I promised for the CoinJoin effort.

It is great news to see blockchain.info implement it! I used it myself. Smiley Are you giving them a token reward? They are a for profit venture, but all the same a thank you recognition of some kind seems worthwhile to me. I note that Peter Wuille still hasn't PGP signed his address...

Yours,

1BDSZMaUvrbTjWsSgLA4XqYUK4dDzxREEV KxG9HMgaaMQKWGnht7U1gZW1iWxxNQunTa78gMkvMYSEDHbvKFuS

Sat 26 Oct 2013 05:20:28 AM

John Dillon

———————

Hi Warren,

I see that Peter Todd recently completed his audit report, even writing a small patch for Litecoin.

Could you comment a bit on how that process went? I and someone else may want to hire him directly, as opposed to the bounties I've offered before, to implement some Bitcoin features and we want to get a sense of how it all went. I know the tasks aren't exactly similar, but workmanship, timeliness and professionalism apply to both all the same.

Thank you, John Dillon

——————-

Hi John,

Sorry about the extremely late reply. To be entirely honest, Peter Todd does excellent work, but perhaps not in a timely manner. He seems to be easily distracted from tasks and fell behind stated deadlines a few times. It all worked out fine in the end. I saw and appreciate your bounties on the list. We have been similarly trying to encourage Gavin to take security more seriously with little success. He commented this in #bitcoin-dev today:

<gavinandresen> [17:09:29] (I've started to suspect jdillon is a very sophisticated troll with the ulterior motive of destroying bitcoin)

Our team is considering funding future work to add more DoS protection to the default Bitcoin implementation, as Litecoin has exactly the same security issues.

https://github.com/litecoin-project/litecoin/commits/master-0.8 Note that Litecoin HEAD goes further than Bitcoin in guarding against problem of bloom and related risks. We are unable to explain the true nature of these patches in public because they guard against absolutely terrible DoS exploits that can take down ANY Bitcoin node. So instead we called it, "Minor efficiency improvement in block peer request handling." which is somewhat true of the patch.

Please watch our blog in the next week. We are starting a 501(c)(6) which is an industry trade/professional org with the mission to advance decentralized consensus technologies. The chief project is Litecoin, and we submit suggested changes to Bitcoin. Some were already accepted others were rejected due to our philosophical or design differences. For example, NODE_BLOOM and the poorly explained petertodd patches in 0.8.4.1 were proposed and rejected by Gavin.

Other projects that we have already supported include p2pool as it is the ONLY pooling method that does not create systemic risk through centralization. We also want to support timestamping and other clever non-financial uses of the blockchain as long as they do NOT cause blockchain bloat. Furthermore, we already have an amazingly experienced corporate attorney to serve as General Counsel, and he wants to publish policy whitepapers on various topics including:

* What is business friendly, appropriate regulation? * Establish the difference between responsible and irresponsible coins.

I am curious, are you interested in supporting any of these goals with either development or financial support?

Warren Togami

——————-

> Hi John, > > Sorry about the extremely late reply. Same here. Had to take a break for a bit for a variety of reasons.

> To be entirely honest, Peter Todd does excellent work, but perhaps not in a > timely manner. He seems to be easily distracted from tasks and fell behind > stated deadlines a few times. It all worked out fine in the end.

That's my experience as well with my replace-by-fee bounty. Unfortunate flaw of him, but not one I haven't seen before in smart people. The worst though it how he doesn't at least publish. I saw some chatter about "TXO commitments" in the bitcointalk and other places, but only see Gregory writing up a description! Without publishing others aren't even going to do the work that you're too flakey to actually do! Waste of a good mind in my opinion.

> I saw and appreciate your bounties on the list. We have been similarly > trying to encourage Gavin to take security more seriously with little > success. He commented this in #bitcoin-dev today: > > <gavinandresen> [17:09:29] (I've started to suspect jdillon is a very > sophisticated troll with the ulterior motive of destroying bitcoin)

I suspect the same of Gavin sometimes. Oh well.

The Peter/Gavin exchange with this fee estimation business is even more bizzare. Peter had a perfectly good point in the pull-req that the estimation was imperfect, so the first version should be done with caution in a do no harm fashion. Gavin's response to me seems to be one of putting down Peter's ideas at all costs, even with what are lies. Or perhaps Gavin is just getting overly emotional about this.

Fundementally though if Peter doesn't do the work, Gavin will succeed... > Our team is considering funding future work to add more DoS protection > to the default Bitcoin implementation, as Litecoin has exactly the same > security issues.

Good to hear! > Other projects that we have already supported include p2pool as it is > the ONLY pooling method that does not create systemic risk through > centralization. We also want to support timestamping and other clever > non-financial uses of the blockchain as long as they do NOT cause > blockchain bloat. Furthermore, we already have an amazingly experienced > corporate attorney to serve as General Counsel, and he wants to publish > policy whitepapers on various topics including: > > * What is business friendly, appropriate regulation? > * Establish the difference between responsible and irresponsible coins. > > I am curious, are you interested in supporting any of these goals with > either development or financial support?

Before I respond, got an update on this effort? I googled around and haven't seen anything. John Dillon --------------------

> bitcoin foundation website worries me a lot: I feel the same way. > Anyway, blacklists is going to fuck up CoinJoin and other stuff we > *need* for privacy. I'm sick of going up against Mike; maybe you aren't? > I figure, post this to reddit, make it clear that we have foundation > discussion pushing coin taint behind everyone's backs, and how it'll > fuck up privacy in the future. The response should be loud and clear > that coin taint is unacceptable, and fungibility must be preserved. > > If you need it, I can get you a copy of the whole page. Those are all excellent points. Please send the whole thing. The timing of this story is odd: https://www.forbes.com/sites/kashmirhill/2013/11/13/sanitizing-bitcoin-coin-validation/#380012324e0f I'll write up a post for reddit for tomorrow morning, EST. Are you around later today to proof it for me? John Dillon ----------------- Posted to the foundation forum, https://bitcoinfoundation.org/forum/index.php ?/topic/483-bitcoin-dark-wallet/page__st__20#entry5410 Dunno if you have a membership or not. [quote name='Saivann Carignan' timestamp='1383429407' post='5408'] Patrick Murck said it in simple terms: The use of Bitcoin will (and is) regulated, not the Bitcoin protocol itself. -------------------------------------------------------------------------------------- He's right, but the way he's right is not at all the way you probably think he's right: Bitcoin mining can and almost certainly will be regulated, and by regulating mining you regulate all use of the Bitcoin protocol.

The first problem is ASICs, specifically the huge gulf in performance per unit cost between commodity hardware, or even hardware possible to create on a small scale with FPGAs, and ASICs. The nature of IC manufacturing is such that a very small number of companies, about two to three, can afford the immense capital costs required to operate top-of-the-line chip fabrication facilities. Put another way, the entire world's economy is unable to support a diverse IC manufacturing industry at the current level of technological sophistication.

Control those chip fabs and you control mining. It would be extremely easy for the US government to tell Intel and TSMC that from now on any wafers they process capable of doing Bitcoin mining must include additional circuits that let the US government control how, and by whom, they are used. This is a problem in general with computing, but controlling the manufacture of a special-purpose ASIC is far easier and simpler, both technologically and politically, than controlling the availability of general purpose computing hardware. Fortunately it is possible to create proof-of-work algorithms where custom ASICs have less of an advantage over general purpose hardware, but Bitcoin itself isn't going to change the algorithm.

The second problem is bandwidth: the Bitcoin protocol has atrocious scalability in that to mine blocks you must keep up with the bandwidth used by all transactions. The current 1MB blocksize is small enough to make this not a major problem yet, but if you increase that (with a hardfork!) at some point you will have increased it to the level where you can no longer mine anonymously and then regulating miners directly becomes possible. Unfortunately while technological improvements have made non-anonymous bandwidth more plentiful, for anonymous bandwidth - or even just censorship resistant bandwidth - the options are much more limited. Jurisdiction hopping is an option, but even for the likes of The Pirate Bay it's proved to be a huge pain in the ass, and they only had the relatively small media industry as their enemy rather than the much larger banking industry. (and government in general) It does appear that you could make a crypto-currency with better core scalability - as opposed to the well understood and already-used ways to fairly securely transfer funds off-chain - but no-one's quite yet figured out yet how to upgrade Bitcoin itself with those improvements.

What's interesting is with good cryptography we've figured out ways to at least detect if miners are violating every other aspect of the Bitcoin protocol: some relatively small and backwards compatible changes to the protocol allow auditing everything miners do with peicewise audits done on low-bandwidth connections. If your wallet randomly audits 0.1% of every block, and there are a few thousand like you, the chance of fraud not being detected quickly approaches zero.

But auditing can only detect if miners fail to follow the rules of the Bitcoin protocol; it can't force miners to decide to include your blacklisted transactions in a block. If a majority of hashing power is under government control, there's no way we can prevent them from blacklisting whatever they want. Secondly, if the government does decide to change the rules of the Bitcoin protocol by fiat, then what? Suppose the Federal Reserve or equivalent decides that the deflation of Bitcoin is bad for the economy, and the coin distribution schedule needs to be changed. Or perhaps the courts decide that some stolen Bitcoins, that were subsequently lost, are to be returned to their former owners in an invalid transaction. They can order the majority of hashing power to follow new rules, and while you're wallet software may detect that fraud and shutdown, what alternative do you have but to "upgrade" it to accept the new rules? If you're transactions aren't protected by the majority of hashing power, you're transaction aren't secure.

Where Dark Wallet goes wrong

This is what bothers me about their efforts: I see no reason to think they understand any of the above. They're approach of making a ground-up re-implementation of Bitcoin is fundementally flawed, both from an engineering point of view, as well as a political point of view. What they should be doing is latching on to the notion that the core Bitcoin protocol is a fixed suicide pact that must only be changed with the true consent of all users. As step #1 they should have taken the Satoshi source code, stripped out everything that isn't directly related to that core consensus protocol, and turned it into an easy to use library. Only then should they have built a wallet/node implementation around that core, unchanging, protocol.

Where Amir Taaki and the rest of the Dark Wallet team go so very wrong is they don't understand that the Bitcoin specification is the consensus-critical part of the Satoshi source code. Instead they are pursuing a ground-up re-implementation, and like it or not, they're just not smart enough to get all the details right - nobody is. Because they haven't gotten the details right, no significant amount of hashing power is going to ever use their node implementation to mine with - what pool wants to lose thousands of dollars of profit just because yet another libbitcoin consensus bug was found? Of course, with no-one using their code to mine, they have no political power - Gavin and the Bitcoin Foundation's ability to control the core Bitcoin protocol is entirely based on the fact that almost all the hashing power uses the source code at On the other hand, if even just a quarter of the hashing power used the Dark Wallet node implementation, and could trust it because the !@#$ thing actually implemented the Satoshi protocol properly by using that protocol's source code, changing that protocol in fundemental ways would be far harder - Dark Wallet would have a lot more genuine political weight. With hashing power using that implementation, they would be able to implement their own rules for relaying transactions. For instance while much of the community complained violently about the 0.8.2 dust rule, which made it far harder to get "dust" outputs mined, if the Dark Wallet team decided they didn't like that rule and had hashing power that trusted their node implementation, they could make the rule irrelevant. They could even come up with a anything-goes mechanism with no rules at all governing what transactions got relayed, and let individual miners make those decisions.

If I were the US Government and had co-opted the "core" Bitcoin dev team, you know what I'd do? I'd encourage ground-up alternate implementations knowing damn well that the kind of people dumb enough to work on them expecting to create a viable competitor anytime soon aren't going to succeed. Every time anyone tried mining with one, I'd use my knowledge of all the ways they are incompatible to fork them, making it clear they can't be trusted for mining. Then I'd go a step further and "for the good of Bitcoin" create a process by which regular soft-forks and hard-forks happened so that Bitcoin can be "improved" in various ways, maybe every six months. Of course, I'd involve those alternate implementations in some IETF-like standards process for show, but all I would have to do to keep them marginalized and the majority of hashing power using the approved official implementation is slip the odd consensus bug into their code; remember how it was recently leaked that the NSA spends $250 million a year on efforts to insert flaws into encryption standards and commercial products. With changes every six months the alts will never keep up. Having accomplished political control, the next step is pushing the development of the Bitcoin core protocol in ways that further my goals, such as scalability solutions that at best allow for auditing, rather waiting until protocols are developed, tested, and accepted by the community that support fully decentralized mining.

Dark Wallet has the opportunity to make the very idea of the "core" Bitcoin dev team irrelevant. But sadly Amir's lot seem to understand the art of PR a lot better than the political science of decentralized consensus systems.

PeterTodd

——————-

Excellent observations with dark wallet. I like the concept of the "political science of crypto-currencies"

But don't burn any bridges please. The dark wallet people are writing real code, you are not. If you can nudge them in the right technical directions you could do a lot of good. Petertodd ------------------- On Mon, Aug 19, 2013 at 02:53:32AM +0000, John Dillon wrote: You sound more pissed off than usual... You realize this DoS attack stuff has ignited some pretty serious debate and desperate work to get things fixed right?

Letting things cool down a bit would help - best not to draw more attack attention for a bit you know. 2012-05-31 "John Dillon ------------------------ Peter said: In any case given that SPV peers don't contribute back to the network > > they should obviously be heavily deprioritized and served only with > > whatever resources a node has spare." > > > > This seems very much like a "cut off your nose to spite your face" solution. > > > > SPV peers are INCREDIBLY IMPORTANT to the growth of Bitcoin; much more > > important than nodes that have the bandwidth and disk I/O capability of > > being a full node. Bitcoin will be just fine if there are never more than > > 10,000 big, beefy, full nodes forming the backbone of the network, but will > > be NOTHING if we don't support tens of millions of lightweight SPV devices. > > > > Ok, that's an exaggeration, Bitcoin would be just fine in an Electrum model > > where tens of millions of lightweight devices rely 100% on a full node to > > operate. But I would prefer the more decentralized, less-trust-required SPV > > model. > --------------------------- On Aug 19, 2013, at 4:53 AM, John Dillon wrote: > So tell us how is your "vision" of 10,000 big beefy full nodes with SPV peers > any different from the Electrum model? These days Electrum clients have block > headers and verify that transactions have merkle paths to the block headers. > The only difference I see is that SPV uses bloom filtering and Electrum can > query by transaction. But Mike wants to add querying by transaction to full > nodes anyway, and one of the purported advantages of this UTXO proof stuff is > that you can query servers for UTXO's by address, so I see no difference at > all. A patch to do bloom filtering on Electrum would be amusing to me. > > Here you have Peter talking about clever ways to actually get decentralization > by having SPV peers donate back to the network with spare bandwidth, like > relaying blocks, not to mention his partial UTXO set ideas, and you completely > ignore that. But I guess that would raise ugly questions when people realize > they can't now contribute back to Bitcoin, because the blocksize is a gigabyte > of microtransactions... It may also raise ugly questions with regulators that > may find the idea of "full node == data chokepoint == regulatory chokepoint" an > attractive notion. Why are there not any competent people other than Peter who > really have the guts to bring up these proposals? I've little luck getting > proof-of-concepts built for money anyway. Maybe we just have a darth of smart > competent people in this space. > > You do a good job of signaling your priorities Gavin. The payment protocol > includes no notion that you may want to pay anyone but a SSL certified > merchant. Yes I know the crypto can be upgraded, but it says volumes that you > pushed for that first, without even the slightest token effort to allow > individuals to participate in any way. Sad given you have made things *less* > secure because there is no safe way to get money *into* my wallet with the > payment protocol, but could have been. > > Tell me, when my decentralization pull-req is voted on, which way are you > planning on voting? --------------------------- Get in touch with me before you decide to offer a reward or anything for actually making an attack happen... You have the support of a core dev FWIW, I'm sure you can guess who. Warren of Litecoin says he believes you as well, and asks you try the attack on a smaller alt-coin :P Strategy would be good here, especially because the same attack(s) can be used to take down the whole network too, but we more want to show how SPV specifically is bad. Implementing a darknet to resist network-wide attack is easily done, and it looks like doing peer prioritization will help for those for whome darknets aren't a good option. Some testing of the latter prior to an attack would be good. peter -------------------------- On Sun, Jul 14, 2013 at 07:05:26PM +0000, John Dillon wrote:

Speaking of, check out this tx: 8e8b01b99048ee68bfe378dd7eb7fc8c1d5b1864aa74a76f4dc97ed38fbfe15e Yup, we don't check that the dummy value is OP_0 at all.. END --------------------------------------------------------------------------------

Original https://bitcointalk.org/index.php ?topic=335658.msg3603100#msg3603100 -------------------------------------------------------------------------------- Peter Todd: Looks like his computer was compromised, including his PGP key; those are all private emails. In two instances people have tried to use webbugs on this forum, as well as the foundation forum in discussions about blacklists - I took that as a sign that people are resorting to some pretty ugly tactics. This just confirmed my suspicions.

John had expressed concerns to me about the safety of himself and his family, which I guess I might as well quote given it is one of the leaked emails:

Quote

Just so you know this stuff about Tor has me worried... Please don't make this public, but my day job involves intelligence, and I'm in a relatively high position. You know, I went into the job years ago with very different thoughts about it than I do now. The last, well, decade really has changed a lot of minds in this field, in totally different ways. Myself I am on the side of Snowden and Assange, but... lets just say when you have a family your willingness to be a martyr diminishes. The same is true of many of my colleagues. Hopefully my support for Bitcoin can help undo some of the damage we've done, but I do have to be careful and it's tough to take all the precautions I need to to be able to communicate. If it was found out that I was involved with Bitcoin that way I have been, let's just say there would be consequences... So who knows, maybe this is more to do with him than anything else. Regardless I'm taking it as a sign that we need to be more careful about our computer security - though I dunno, I always had the impression that John was a very smart man who understood crypto and computer security well, yet he still got hacked. Peter Todd: That text about libbitcoin was posted by myself on the foundation forums; I just thought jdillon would find it interesting. ------------------------------------------------------------------------------------------

Johnny Dilley

System Architecture/Incentives Engineering/Blockchain

Austin, TexasFinancial Services https://www.linkedin.com/in/johnnydilley

Johnny Dilley (of Blockstream) vs Roger Ver - Bitcoin Scaling Debate

https://youtu.be/JarEszFY1WY?t=305 Peter Todd : "Miners Wanted to be Active Service Providers. They are not". https://youtu.be/xsEeyKxDUmM?t=50

Gregory Maxwell







