Oddbean

this is what i've been saying for the last 6 months, based on my experience with proof of work shitcoins and building PoW consensus algorithms (since 2018) vanity addresses are a fairly robust proof because currently anything from about 8 characters of required npub (and it could just as easily be hex, there is a rough 1:1 between them just that hex is 4 bits and npubs are 5 bits per character), takes weeks to generate there currently isn't any significant tech to accelerate derivation of public keys, so the bitcoin secp256k1 BIP-340 X-only key derivation function is the current baseline for each bruteforce attempt to find such a key but i think it's inevitable that soon there will be at least AVX/AVX2/AVX512 parallel derivation libraries, i remember a couple of years ago seeing some early work and a paper about this it's a big calculation using modNscalar functions but this is something that can definitely be parallelized, and i'd expect modern processors could see the ~10 minutes for 5 (25 bits) npub vanity key mine pushed down to 1-2 minutes (my key has 5 vanity characters currently, took me 4 days with btcd/decred schnorr pubkey derivation library, but now with bitcoin core secp256k1 library only 10 minutes) unlike the signatures, which is one of the things that we benefit from in relay and client implementations from the simpler Schnorr algorithm (it eliminates a division operation, which is the slowest) the pubkey derivation is identical between ecdsa and schnorr and the only actual difference is you leave out the first (left hand side MSB) out, be it 2 or 3 normally, it is not needed for either the signatures or for the ECDH shared secret computation so, yeah, what i'm gonna say is that it is going to kick the can down the road another few years maybe, but ultimately there will be parallel key miners using AVX and if it really becomes valuable, someone will make FPGAs to increase the parallelism you will see, once you understand all of that, why i'm saying that it's a dead end and eventually will be forgotten to me you all look like proof of work shitcoiners talking about this stuff, circa 5 years ago, before it became obvious that the game theory causes consolidation of proof of work mining power and why we have the zero to one principle of money (and ultimately languages, in the internet era)

All true, but I think you overestimate how many Nostr-spammers have that skillset. People with that skillset have much more profitable things to do with their time. Threat modelling needs to be step 1.

While I do agree with you about people having much more profitable things to do with their skill set… It only takes one obsessed, very powerful person and one black hat on their payroll (which they have, in abundance)

the replyguy kinda ends the discussion as far as i'm concerned causing trouble is cheap on nostr right now, that is a threat that needs to be considered seriously since there is not so much risk of a profitable scam attack at this point we have to raise the price above thet most determined seeker of lulz

Is reply guy is making money? The cost is so cheap today that even the amount of money lost is peanuts to the average spammer. I’m advocating for raising the cost floor, not keep it free/cheap as it is today. Not advocating for eliminating spam forever. I think all here can spend a couple days or weeks (slowly) mining a profile event with some PoW. Whether spammers can do it faster does not matter, they will have to pay the cost for every pubkey which raises their cost floor. They will need to spend in expensive equipment and spend energy to do it every single time they need a new pubkey. What we have today is zero or near-zero cost. Also if you don’t want to hear other people’s opinions try getting off the internet ffs and cut the 💩