A cryptocurrency is a digital asset designed to work as a medium of exchange that uses cryptography to secure its transactions, to control the creation of additional units, and to verify the transfer of assets. Cryptocurrencies are classified as a subset of digital currencies and are also classified as a subset of alternative currencies and virtual currencies. Bitcoin, created in 2009, was the first decentralized cryptocurrency. Since then, numerous other cryptocurrencies have been created.
[ btc ] Cryptography in Bitcoin: How to Create an Address with C
[ 🔴 DELETED 🔴 ] Topic originally posted in btc by nickfarrow [link] nickfarrow your post has been copied because one or more comments have been removed by a moderator. This copy will preserve unmoderated topic. If you would like to opt-out, please PM me.
TAU uses Bitcoin cryptographic technologies that have been proved reliable. These include public-key cryptography, digital signature and address-based transactions.
TAU uses Bitcoin cryptographic technologies that have been proved reliable. These include public-key cryptography, digital signature and address-based transactions. https://www.taucoin.io/ #TAUcoin #TAU #blockchain #POT #crypto
TAU uses Bitcoin cryptographic technologies that have been proved reliable. These include public-key cryptography, digital signature and address-based transactions.
TAU uses Bitcoin cryptographic technologies that have been proved reliable. These include public-key cryptography, digital signature and address-based transactions. https://www.taucoin.io/ #TAUcoin #TAU #blockchain #POT #crypto
Hi i woke up in the morning and opened my blockchain walled and found my balance is 0 , someone got access into the account and transferred all the BTC i have , i know that BTC cant be reversed and no one can help me , but the problem is when this thief logged in to the account i received no email nor sms , in fact two-step verification was enabled but i didn't receive anything this is lack of security blockchain wallet should take responsibility for this , and when i contact them the reply with those automatic responds what should i do in this case https://www.blockchain.com/btc/tx/4f8726bc2f6f3084227e20c0b7e38c5ba7e0cd617d5dbbcdc6fe99f4172994b0
Ultimate glossary of crypto currency terms, acronyms and abbreviations
A common sentiment is brewing online; a shared desire for the internet that might have been. After decades of corporate encroachment, you don't need to be a power user to realize that something has gone very wrong. In the early days of the internet, the future was bright. In that future, when you sent an instant message, it traveled directly to the recipient. When you needed to pay a friend, you announced a transfer of value to their public key. When an app was missing a feature you wanted, you opened up the source code and implemented it. When you took a picture on your phone, it was immediately encrypted and backed up to storage that you controlled. In that future, people would laugh at the idea of having to authenticate themselves to some corporation before doing these things. What did we get instead? Rather than a network of human-sized communities, we have a handful of enormous commons, each controlled by a faceless corporate entity. Hey user, want to send a message? You can, but we'll store a copy of it indefinitely, unencrypted, for our preference-learning algorithms to pore over; how else could we slap targeted ads on every piece of content you see? Want to pay a friend? You can—in our Monopoly money. Want a new feature? Submit a request to our Support Center and we'll totally maybe think about it. Want to backup a photo? You can—inside our walled garden, which only we (and the NSA, of course) can access. Just be careful what you share, because merely locking you out of your account and deleting all your data is far from the worst thing we could do. You rationalize this: "MEGACORP would never do such a thing; it would be bad for business." But we all know, at some level, that this state of affairs, this inversion of power, is not merely "unfortunate" or "suboptimal" – No. It is degrading. Even if MEGACORP were purely benevolent, it is degrading that we must ask its permission to talk to our friends; that we must rely on it to safeguard our treasured memories; that our digital lives are completely beholden to those who seek only to extract value from us. At the root of this issue is the centralization of data. MEGACORP can surveil you—because your emails and video chats flow through their servers. And MEGACORP can control you—because they hold your data hostage. But centralization is a solution to a technical problem: How can we make the user's data accessible from anywhere in the world, on any device? For a long time, no alternative solution to this problem was forthcoming. Today, thanks to a confluence of established techniques and recent innovations, we have solved the accessibility problem without resorting to centralization. Hashing, encryption, and erasure encoding got us most of the way, but one barrier remained: incentives. How do you incentivize an anonymous stranger to store your data? Earlier protocols like BitTorrent worked around this limitation by relying on altruism, tit-for-tat requirements, or "points" – in other words, nothing you could pay your electric bill with. Finally, in 2009, a solution appeared: Bitcoin. Not long after, Sia was born. Cryptography has unleashed the latent power of the internet by enabling interactions between mutually-distrustful parties. Sia harnesses this power to turn the cloud storage market into a proper marketplace, where buyers and sellers can transact directly, with no intermediaries, anywhere in the world. No more silos or walled gardens: your data is encrypted, so it can't be spied on, and it's stored on many servers, so no single entity can hold it hostage. Thanks to projects like Sia, the internet is being re-decentralized. Sia began its life as a startup, which means it has always been subjected to two competing forces: the ideals of its founders, and the profit motive inherent to all businesses. Its founders have taken great pains to never compromise on the former, but this often threatened the company's financial viability. With the establishment of the Sia Foundation, this tension is resolved. The Foundation, freed of the obligation to generate profit, is a pure embodiment of the ideals from which Sia originally sprung. The goals and responsibilities of the Foundation are numerous: to maintain core Sia protocols and consensus code; to support developers building on top of Sia and its protocols; to promote Sia and facilitate partnerships in other spheres and communities; to ensure that users can easily acquire and safely store siacoins; to develop network scalability solutions; to implement hardforks and lead the community through them; and much more. In a broader sense, its mission is to commoditize data storage, making it cheap, ubiquitous, and accessible to all, without compromising privacy or performance. Sia is a perfect example of how we can achieve better living through cryptography. We now begin a new chapter in Sia's history. May our stewardship lead it into a bright future.
Today, we are proposing the creation of the Sia Foundation: a new non-profit entity that builds and supports distributed cloud storage infrastructure, with a specific focus on the Sia storage platform. What follows is an informal overview of the Sia Foundation, covering two major topics: how the Foundation will be funded, and what its funds will be used for.
The Sia Foundation will be structured as a non-profit entity incorporated in the United States, likely a 501(c)(3) organization or similar. The actions of the Foundation will be constrained by its charter, which formalizes the specific obligations and overall mission outlined in this document. The charter will be updated on an annual basis to reflect the current goals of the Sia community. The organization will be operated by a board of directors, initially comprising Luke Champine as President and Eddie Wang as Chairman. Luke Champine will be leaving his position at Nebulous to work at the Foundation full-time, and will seek to divest his shares of Nebulous stock along with other potential conflicts of interest. Neither Luke nor Eddie personally own any siafunds or significant quantities of siacoin.
The primary source of funding for the Foundation will come from a new block subsidy. Following a hardfork, 30 KS per block will be allocated to the "Foundation Fund," continuing in perpetuity. The existing 30 KS per block miner reward is not affected. Additionally, one year's worth of block subsidies (approximately 1.57 GS) will be allocated to the Fund immediately upon activation of the hardfork. As detailed below, the Foundation will provably burn any coins that it cannot meaningfully spend. As such, the 30 KS subsidy should be viewed as a maximum. This allows the Foundation to grow alongside Sia without requiring additional hardforks. The Foundation will not be funded to any degree by the possession or sale of siafunds. Siafunds were originally introduced as a means of incentivizing growth, and we still believe in their effectiveness: a siafund holder wants to increase the amount of storage on Sia as much as possible. While the Foundation obviously wants Sia to succeed, its driving force should be its charter. Deriving significant revenue from siafunds would jeopardize the Foundation's impartiality and focus. Ultimately, we want the Foundation to act in the best interests of Sia, not in growing its own budget.
The Foundation inherits a great number of responsibilities from Nebulous. Each quarter, the Foundation will publish the progress it has made over the past quarter, and list the responsibilities it intends to prioritize over the coming quarter. This will be accompanied by a financial report, detailing each area of expenditure over the past quarter, and forecasting expenditures for the coming quarter. Below, we summarize some of the myriad responsibilities towards which the Foundation is expected to allocate its resources.
Maintain and enhance core Sia software
Arguably, this is the most important responsibility of the Foundation. At the heart of Sia is its consensus algorithm: regardless of other differences, all Sia software must agree upon the content and rules of the blockchain. It is therefore crucial that the algorithm be stewarded by an entity that is accountable to the community, transparent in its decision-making, and has no profit motive or other conflicts of interest. Accordingly, Sia’s consensus functionality will no longer be directly maintained by Nebulous. Instead, the Foundation will release and maintain an implementation of a "minimal Sia full node," comprising the Sia consensus algorithm and P2P networking code. The source code will be available in a public repository, and signed binaries will be published for each release. Other parties may use this code to provide alternative full node software. For example, Nebulous may extend the minimal full node with wallet, renter, and host functionality. The source code of any such implementation may be submitted to the Foundation for review. If the code passes review, the Foundation will provide "endorsement signatures" for the commit hash used and for binaries compiled internally by the Foundation. Specifically, these signatures assert that the Foundation believes the software contains no consensus-breaking changes or other modifications to imported Foundation code. Endorsement signatures and Foundation-compiled binaries may be displayed and distributed by the receiving party, along with an appropriate disclaimer. A minimal full node is not terribly useful on its own; the wallet, renter, host, and other extensions are what make Sia a proper developer platform. Currently, the only implementations of these extensions are maintained by Nebulous. The Foundation will contract Nebulous to ensure that these extensions continue to receive updates and enhancements. Later on, the Foundation intends to develop its own implementations of these extensions and others. As with the minimal node software, these extensions will be open source and available in public repositories for use by any Sia node software. With the consensus code now managed by the Foundation, the task of implementing and orchestrating hardforks becomes its responsibility as well. When the Foundation determines that a hardfork is necessary (whether through internal discussion or via community petition), a formal proposal will be drafted and submitted for public review, during which arguments for and against the proposal may be submitted to a public repository. During this time, the hardfork code will be implemented, either by Foundation employees or by external contributors working closely with the Foundation. Once the implementation is finished, final arguments will be heard. The Foundation board will then vote whether to accept or reject the proposal, and announce their decision along with appropriate justification. Assuming the proposal was accepted, the Foundation will announce the block height at which the hardfork will activate, and will subsequently release source code and signed binaries that incorporate the hardfork code. Regardless of the Foundation's decision, it is the community that ultimately determines whether a fork is accepted or rejected – nothing can change that. Foundation node software will never automatically update, so all forks must be explicitly adopted by users. Furthermore, the Foundation will provide replay and wipeout protection for its hard forks, protecting other chains from unintended or malicious reorgs. Similarly, the Foundation will ensure that any file contracts formed prior to a fork activation will continue to be honored on both chains until they expire. Finally, the Foundation also intends to pursue scalability solutions for the Sia blockchain. In particular, work has already begun on an implementation of Utreexo, which will greatly reduce the space requirements of fully-validating nodes (allowing a full node to be run on a smartphone) while increasing throughput and decreasing initial sync time. A hardfork implementing Utreexo will be submitted to the community as per the process detailed above. As this is the most important responsibility of the Foundation, it will receive a significant portion of the Foundation’s budget, primarily in the form of developer salaries and contracting agreements.
Support community services
We intend to allocate 25% of the Foundation Fund towards the community. This allocation will be held and disbursed in the form of siacoins, and will pay for grants, bounties, hackathons, and other community-driven endeavours. Any community-run service, such as a Skynet portal, explorer or web wallet, may apply to have its costs covered by the Foundation. Upon approval, the Foundation will reimburse expenses incurred by the service, subject to the exact terms agreed to. The intent of these grants is not to provide a source of income, but rather to make such services "break even" for their operators, so that members of the community can enrich the Sia ecosystem without worrying about the impact on their own finances.
Ensure easy acquisition and storage of siacoins
Most users will acquire their siacoins via an exchange. The Foundation will provide support to Sia-compatible exchanges, and pursue relevant integrations at its discretion, such as Coinbase's new Rosetta standard. The Foundation may also release DEX software that enables trading cryptocurrencies without the need for a third party. (The Foundation itself will never operate as a money transmitter.) Increasingly, users are storing their cryptocurrency on hardware wallets. The Foundation will maintain the existing Ledger Nano S integration, and pursue further integrations at its discretion. Of course, all hardware wallets must be paired with software running on a computer or smartphone, so the Foundation will also develop and/or maintain client-side wallet software, including both full-node wallets and "lite" wallets. Community-operated wallet services, i.e. web wallets, may be funded via grants. Like core software maintenance, this responsibility will be funded in the form of developer salaries and contracting agreements.
Protect the ecosystem
When it comes to cryptocurrency security, patching software vulnerabilities is table stakes; there are significant legal and social threats that we must be mindful of as well. As such, the Foundation will earmark a portion of its fund to defend the community from legal action. The Foundation will also safeguard the network from 51% attacks and other threats to network security by implementing softforks and/or hardforks where necessary. The Foundation also intends to assist in the development of a new FOSS software license, and to solicit legal memos on various Sia-related matters, such as hosting in the United States and the EU. In a broader sense, the establishment of the Foundation makes the ecosystem more robust by transferring core development to a more neutral entity. Thanks to its funding structure, the Foundation will be immune to various forms of pressure that for-profit companies are susceptible to.
Drive adoption of Sia
Although the overriding goal of the Foundation is to make Sia the best platform it can be, all that work will be in vain if no one uses the platform. There are a number of ways the Foundation can promote Sia and get it into the hands of potential users and developers. In-person conferences are understandably far less popular now, but the Foundation can sponsor and/or participate in virtual conferences. (In-person conferences may be held in the future, permitting circumstances.) Similarly, the Foundation will provide prizes for hackathons, which may be organized by community members, Nebulous, or the Foundation itself. Lastly, partnerships with other companies in the cryptocurrency space—or the cloud storage space—are a great way to increase awareness of Sia. To handle these responsibilities, one of the early priorities of the Foundation will be to hire a marketing director.
The Foundation Fund will be controlled by a multisig address. Each member of the Foundation's board will control one of the signing keys, with the signature threshold to be determined once the final composition of the board is known. (This threshold may also be increased or decreased if the number of board members changes.) Additionally, one timelocked signing key will be controlled by David Vorick. This key will act as a “dead man’s switch,” to be used in the event of an emergency that prevents Foundation board members from reaching the signature threshold. The timelock ensures that this key cannot be used unless the Foundation fails to sign a transaction for several months. On the 1st of each month, the Foundation will use its keys to transfer all siacoins in the Fund to two new addresses. The first address will be controlled by a high-security hot wallet, and will receive approximately one month's worth of Foundation expenditures. The second address, receiving the remaining siacoins, will be a modified version of the source address: specifically, it will increase the timelock on David Vorick's signing key by one month. Any other changes to the set of signing keys, such as the arrival or departure of board members, will be incorporated into this address as well. The Foundation Fund is allocated in SC, but many of the Foundation's expenditures must be paid in USD or other fiat currency. Accordingly, the Foundation will convert, at its discretion, a portion of its monthly withdrawals to fiat currency. We expect this conversion to be primarily facilitated by private "OTC" sales to accredited investors. The Foundation currently has no plans to speculate in cryptocurrency or other assets. Finally, it is important that the Foundation adds value to the Sia platform well in excess of the inflation introduced by the block subsidy. For this reason, the Foundation intends to provably burn, on a quarterly basis, any coins that it cannot allocate towards any justifiable expense. In other words, coins will be burned whenever doing so provides greater value to the platform than any other use. Furthermore, the Foundation will cap its SC treasury at 5% of the total supply, and will cap its USD treasury at 4 years’ worth of predicted expenses. Addendum: Hardfork Timeline We would like to see this proposal finalized and accepted by the community no later than September 30th. A new version of siad, implementing the hardfork, will be released no later than October 15th. The hardfork will activate at block 293220, which is expected to occur around 12pm EST on January 1st, 2021.
Addendum: Inflation specifics The total supply of siacoins as of January 1st, 2021 will be approximately 45.243 GS. The initial subsidy of 1.57 GS thus increases the supply by 3.47%, and the total annual inflation in 2021 will be at most 10.4% (if zero coins are burned). In 2022, total annual inflation will be at most 6.28%, and will steadily decrease in subsequent years.
We see the establishment of the Foundation as an important step in the maturation of the Sia project. It provides the ecosystem with a sustainable source of funding that can be exclusively directed towards achieving Sia's ambitious goals. Compared to other projects with far deeper pockets, Sia has always punched above its weight; once we're on equal footing, there's no telling what we'll be able to achieve. Nevertheless, we do not propose this change lightly, and have taken pains to ensure that the Foundation will act in accordance with the ideals that this community shares. It will operate transparently, keep inflation to a minimum, and respect the user's fundamental role in decentralized systems. We hope that everyone in the community will consider this proposal carefully, and look forward to a productive discussion.
Transcript of how Philip the tyrant admin of the Bitcoin Cash Telegram group called Spoice stupid, an idiot, a parrot among other insults then banned her instead of discussing Bitcoin Cash. That Telegram group is hostile, ABC/IFP shills run and follows the rBitcoin toxic censorship modus operandi.
David B., [18.10.20 01:46] https://www.reddit.com/btc/comments/jdagi3/whats_up_with_the_bchn_hypocrisy/ David B., [18.10.20 01:47] Wut x2 J Stodd, [18.10.20 01:49] [In reply to David B.] Their words are meaningless. They have no principles. Wish i could comment but bitcoinxio banned me from rbtc and never told me why David B., [18.10.20 01:59] These comments are so toxic Spoice, [18.10.20 01:59] In reality, the real continuation of Bitcoin as we all know it is what is carried on by BCHN, BU, BCHD and others Spoice, [18.10.20 02:00] ABC is changing the rules to something that is not Bitcoin Spoice, [18.10.20 02:00] anyone denying those facts is selling you snake oil Spoice, [18.10.20 02:00] If Blockstream tried to take some % to their own benefit, we would have never needed BCH in the first place Spoice, [18.10.20 02:00] everyone would have rejected them in a second J Stodd, [18.10.20 02:01] [In reply to Spoice] Bitcoin Cash is not Bitcoin to start with, so who cares? David B., [18.10.20 02:01] [ Album ] Spoice, [18.10.20 02:01] yet we have ABC trying to pull this theft and all those puppets think it's ok Spoice, [18.10.20 02:01] JSTodd that's bullshit David B., [18.10.20 02:01] Like trying to talk to a core maxi about altcoins Spoice, [18.10.20 02:01] Bitcoin Cash is the most Bitcoin out of all Bitcoins Spoice, [18.10.20 02:01] it is the continuation of what Satoshi started David B., [18.10.20 02:02] Tbh they aren't even toxic Michael Nunzio, [18.10.20 02:02] [In reply to Spoice] If the hash follows then it is Bitcoin Cash. Only if it doesn't is your claim true J Stodd, [18.10.20 02:03] [In reply to Spoice] Bitcoin is Bitcoin. Bitcoin failed to be Peer to Peer Cash, so Bitcoin Cash attempted to fix this by forking Bitcoin and attacking the root of the problem. This does not mean Bitcoin Cash is literally Bitcoin. Adopt a different argument. Sorry if you bought into that bc of Rogers rantings J Stodd, [18.10.20 02:05] Bitcoin Cash can replace Bitcoin, and if Bitcoin dies and BCH wins then sure maybe it can take its name from its grave, but they are different products, trying to say Bitcoin stopped being "Bitcoin" and became BCH is a self contradiction. Jingles, [18.10.20 02:08] Jstodd's got some good points. Jingles, [18.10.20 02:08] He's learnt so much in the last year ☺️ Spoice, [18.10.20 02:08] "Bitcoin is Bitcoin" is a false statement. BTC is just an instance of Bitcoin. Bitcoin is the set of rules defined in the whitepaper first and foremost, it is peer to peer electronic cash. BTC no longer fits that criteria. Bitcoin Cash meets them. The fork proposed by ABC also fails to meet that criteria. Therefore the continuation of Bitcoin is in whatever BU, BCHN, Flowee and others will continue. Jingles, [18.10.20 02:09] What rules were defined in the WP? Spoice, [18.10.20 02:10] Let's see which rules aren't: 1) No coinbase tax going to any centralized entity such as ABC 2) No throttling of TX throughput such as BTC Spoice, [18.10.20 02:10] therefore they both fail the simple "Is this Bitcoin?" test Spoice, [18.10.20 02:11] Finally, Michael, if you think Hash rate defines what Bitcoin is, you should stick to BTC Jingles, [18.10.20 02:11] 21 million coins isn't in the WP Jingles, [18.10.20 02:11] I asked what rules did the WP define. Spoice, [18.10.20 02:12] Because BCH failed that criteria since it forked, therefore your point is wrong Spoice, [18.10.20 02:12] https://www.metzdowd.com/pipermail/cryptography/2009-January/014994.html Spoice, [18.10.20 02:12] The announcement of the white paper included the 21 million limit, close enough Jingles, [18.10.20 02:12] HIs announcement isn't the WP Spoice, [18.10.20 02:12] show me where Satoshi said that Amaury shoudl tax the chain? Spoice, [18.10.20 02:12] Doesn't matter- close enough Jingles, [18.10.20 02:12] Bitcoin is the set of rules defined in the whitepaper first and foremost - You Jingles, [18.10.20 02:13] My ears pricked up on that comment, so I'm asking you what you meant. Spoice, [18.10.20 02:13] Correct. Changing the 21 million hard limit is still more Bitcoin than taxing the Coinbase, yet both will never ever happen. Not to Bitcoin anyway Jingles, [18.10.20 02:13] If you meant Satoj's writings pre and post WP then you should be clear about it Spoice, [18.10.20 02:13] some bastardized chain might, just not Bitcoin Jingles, [18.10.20 02:14] The closest we have to anything to indicate what is "Bitcoiness" is general things like "the longest chain" Spoice, [18.10.20 02:14] No, it is never a single thing David B., [18.10.20 02:15] REEEE Jingles, [18.10.20 02:15] trustless, no single trusted third parties, and rules can change due to incentives via consensus Spoice, [18.10.20 02:15] it is a set of common sense and experiment driven and historical relevance and initial parameters and "peer to peer electronic cash" definition indicators Spoice, [18.10.20 02:15] never a single thing Jingles, [18.10.20 02:16] [In reply to Spoice] This is like the exact opposite of what you said earlier Jingles, [18.10.20 02:16] Bitcoin is defined by the rules in the WP, I mean common sense. Jingles, [18.10.20 02:16] 🤷♂️ Spoice, [18.10.20 02:16] Nope, the rule set is defined in the white paper should never change, but I never said all rules are defined in the white paper Jingles, [18.10.20 02:16] What rules? Spoice, [18.10.20 02:16] It is a union Jingles, [18.10.20 02:17] What rules are there? Spoice, [18.10.20 02:17] Rules in the white paper + what continued to define Bitcoin thereafter J Stodd, [18.10.20 02:17] [In reply to Spoice] > "Bitcoin is Bitcoin is a false statement." Alas, if we cannot agree on the law of identity, aka A=A, then i dont understand how to hold a conversation with you using logic. > BTC is an instance of Bitcoin No, BTC is a ticker used optionally by exchanges. Other common tickers for bitcoin include XBC, XBT, BC (correct me if im wrong on any of these) > "Bitcoin is a set of rules in the whitepaper" Super hard to defend this. Theres no mention of a 21M supply cap, no blocksize limit *at all*, and it also says additional rules and incentives can be enforced (implying maybe they should). Jingles, [18.10.20 02:17] I go through this with BSVers all the time. We have no spec sheet of rules defining what Bitcoin is from Satoshi. Spoice, [18.10.20 02:18] Rules such as what defines a correct block, miners receiving the full incentive of mining it, etc Jingles, [18.10.20 02:18] The WP is a highlevel document Spoice, [18.10.20 02:18] The WP is a description of a scientific experiment Spoice, [18.10.20 02:18] if you want to start your own experiment, be my guest Jingles, [18.10.20 02:18] [In reply to Spoice] Valid tx rules aren't defined in the WP Spoice, [18.10.20 02:18] just don't try to call it Bitcoin Jingles, [18.10.20 02:19] The word majority is in the WP an awful lot wouldn't you say? Spoice, [18.10.20 02:19] Not valid TX rules, but what a proof of work block is and how it diverts the reward to the miner, etc Jingles, [18.10.20 02:20] [In reply to Spoice] and? what about BTC doesn't apply? Jingles, [18.10.20 02:20] I'm not arguing for any fork of BCH here. Spoice, [18.10.20 02:20] It no longer meets the very title of the white paper experiment, "Peer to peer electronic cash" Spoice, [18.10.20 02:20] The BTC instance of the experiment is destined to move away from the very title of the white paper Jingles, [18.10.20 02:20] It's electronic, and I use it like cash. Spoice, [18.10.20 02:20] that the maintainers even wanted to edit the white paper (Cobra and co) because of this fact J Stodd, [18.10.20 02:20] u/Spoice When did BTC stop being Bitcoin in your view? The day Amaury decided to launch the fork, before Segwit happened? If someone else launched a fork first, they would have been "the real bitcoin"? This is a game of whoever forks first becomes the real Bitcoin? What if two people launched a fork at the exact same time, maybe even with identical specs? Jingles, [18.10.20 02:21] Where did I go wrong? Jingles, [18.10.20 02:21] [In reply to Spoice] Did they? Spoice, [18.10.20 02:21] Doesn't matter if you use it today, its very technical fabric will have to move your transactions to 2nd layers and it will no longer be peer to peer electronic cash on chain Jingles, [18.10.20 02:21] peer to peer electronic cash on chain - Not in the wp Jingles, [18.10.20 02:22] We have satoj talking about HFT with sidechannels. Jingles, [18.10.20 02:22] So what? Jingles, [18.10.20 02:23] I think this is a good discussion Phil, nothing disrespectful is being said. I hope this is ok? Spoice, [18.10.20 02:23] Doesn't matter, the rule of common sense, which is closer to that title? Increasing a simple variable (Blocksize) to stay on track of the title and experiment, or introduce IOUs and Watchtowers and channels and locked BTC and that whole LN Bastardization? Which is close to the title? Jingles, [18.10.20 02:23] No one said that can't happen Michael Nunzio, [18.10.20 02:24] [In reply to Spoice] Congratulations you've made an argument which isn't an argument. Jingles, [18.10.20 02:25] The whole thing that was said was the system is based on majority rules, and incentives can be changed. Majority breaks any deadlock. David B., [18.10.20 02:25] How to kill a coin 101 Spoice, [18.10.20 02:25] Logic fails anyone who tries to claim BTC, ABC, BSV or any similar standalone experiments as Bitcoin, because of simple sanity checks and logic checks, often stemming out of common sense - If what you have moves you a single step away from what is otherwise the same old experiment which Satoshi wrote about and unleashed, you're not Bitcoin. If what you have moves you a step closer, it is Bitcoin. and so on and so forth. Phlip - Not giving away coins, [18.10.20 02:25] Wow, really fanatical almost religious statements. I guess its Sunday morning. Jingles, [18.10.20 02:27] [In reply to Spoice] There's nothing common about common sense. You point to the WP to make a point, and your point isn't in there. Spoice, [18.10.20 02:27] Throttled and you need off-chain IOUs and always-on services to function (BTC) ? Not Bitcoin. Requires permission to be used and could be centrally confiscated on the whim of the organization behind it (BSV)? Not Bitcoin. Premined (Bitcoin Gold, Diamond)? Not Bitcoin. Taxing the miners through Coinbase and changing the incentives which were at play since day 0 (ABC)? Not Bitcoin Spoice, [18.10.20 02:27] simple checks really, yet those who are set to benefit will of course be oblivious to these Phlip - Not giving away coins, [18.10.20 02:28] This whole “Bitcoin Cash is the true Bitcoin - see whitepaper” is really stupid. It also ignores the history of how Bitcoin Cash came into existence Jingles, [18.10.20 02:28] Phillip, remove anyone here that has said Bitcoin Gold was the original Bitcoin immediately Jingles, [18.10.20 02:28] ^^^^ Jingles, [18.10.20 02:29] [In reply to Phlip - Not giving away coins] It falls to pieces the moment it's questioned. Spoice, [18.10.20 02:29] It is not about "True" Bitcoin Spoice, [18.10.20 02:30] It is about the Bitcoin closest to the experiment which always was Spoice, [18.10.20 02:30] I don't care about "True" or not, they all are true Phlip - Not giving away coins, [18.10.20 02:30] [In reply to Jingles] Sorry, I hve stopped reading all the sillyness above. Will reread later Jingles, [18.10.20 02:30] [In reply to Phlip - Not giving away coins] I'm joking around 😂 Spoice, [18.10.20 02:30] but the rule of entropy says I shouldn't place my money nor effort in experiments which are set to fade eventually, because they have skewed incentives Phlip - Not giving away coins, [18.10.20 02:31] [In reply to Spoice] You get to chose that for yourself but you do not get to dictate it for others David B., [18.10.20 02:31] [In reply to Phlip - Not giving away coins] Don't read it. You will have no braincells left Spoice, [18.10.20 02:31] Bitcoin as we know it has a long track record of incentives which work Spoice, [18.10.20 02:31] I won't ever dictate it for others Spoice, [18.10.20 02:31] I only would dictate it for myself, just like how I never use BTC or BSV today, I won't use ABC tomorrow Spoice, [18.10.20 02:32] only because they're new experiments Spoice, [18.10.20 02:32] interesting, and I wish them luck Jingles, [18.10.20 02:32] "Bitcoin is Bitcoin" is a false statement - Spoice 2020 Spoice, [18.10.20 02:32] but I would rather stick to the Bitcoin I know Spoice, [18.10.20 02:32] that's all Jingles, [18.10.20 02:32] I won't ever dictate it for others - Also Spoice Phlip - Not giving away coins, [18.10.20 02:32] Bitcoin Cash came with a plan snd goals. They were clearly presented in two presentations that happened before viabtc announced they would mine with ABC software and create a coin and chain named Bitcoin Cash Spoice, [18.10.20 02:32] Yes, because he means BTC is Bitcoin, and that's a false statement Jingles, [18.10.20 02:32] How is it false? Spoice, [18.10.20 02:32] It is an instance of Bitcoin Jc Crown [ I DON'T DM PEOPLE - DON'T GIVE ME MONEY! ], [18.10.20 02:33] [In reply to Michael Nunzio] you're looking intimidatingly handsome in your new profile picture Phlip - Not giving away coins, [18.10.20 02:33] [In reply to Jc Crown [ I DON'T DM PEOPLE - DON'T GIVE ME MONEY! ]] Lol Jc Crown [ I DON'T DM PEOPLE - DON'T GIVE ME MONEY! ], [18.10.20 02:33] [In reply to J Stodd] actually a good question Spoice, [18.10.20 02:34] Anyway, those are my two cents Spoice, [18.10.20 02:34] Everyone is free to choose which experiments to pour their effort on and their money in Phlip - Not giving away coins, [18.10.20 02:34] [In reply to Spoice] You are entitled to your opinion. Spoice, [18.10.20 02:34] Andreas is publishing Lightning Network books, I mean Spoice, [18.10.20 02:34] So to each his own Phlip - Not giving away coins, [18.10.20 02:35] [In reply to Spoice] Lets leave it at that Spoice, [18.10.20 02:35] but Bitcoin as I know it continues with no Tax, and that in my opinion is BCH with no tax Phlip - Not giving away coins, [18.10.20 02:35] Ah you had to continue Phlip - Not giving away coins, [18.10.20 02:36] Good thing no tax is proposed by anyone Spoice, [18.10.20 02:35] Isn't this the Bitcoin Cash telegram? Jc Crown [ I DON'T DM PEOPLE - DON'T GIVE ME MONEY! ], [18.10.20 02:35] 😅 Spoice, [18.10.20 02:36] If I don't discuss Bitcoin Cash here, where should I? Spoice, [18.10.20 02:36] Tax, IFP, call it what you will Spoice, [18.10.20 02:36] from my perspective as a user, it's one the same J Stodd, [18.10.20 02:36] [In reply to Jc Crown [ I DON'T DM PEOPLE - DON'T GIVE ME MONEY! ]] I bet nobody will answer it, either Phlip - Not giving away coins, [18.10.20 02:37] [In reply to Spoice] Apparently btc /s David B., [18.10.20 02:37] [In reply to Spoice] As a user what do you care? Jingles, [18.10.20 02:37] Ooh, can I shill the Bitcoin room in here? Spoice, [18.10.20 02:37] Nah, I prefer quick responses and chats Spoice, [18.10.20 02:37] Reddit is broken Phlip - Not giving away coins, [18.10.20 02:37] [In reply to Jingles] Lol J Stodd, [18.10.20 02:37] [In reply to Spoice] Nobody even pays it, it just comes out of the block reward. The block reward is not sentient, it cannot be stolen from or wronged Phlip - Not giving away coins, [18.10.20 02:37] Dont push your luck 😉 Jingles, [18.10.20 02:37] [ 😀 Sticker ] Michael Nunzio, [18.10.20 02:38] [In reply to Jc Crown [ I DON'T DM PEOPLE - DON'T GIVE ME MONEY! ]] You too brother. 🙏 Jc Crown [ I DON'T DM PEOPLE - DON'T GIVE ME MONEY! ], [18.10.20 02:38] [In reply to Michael Nunzio] but mine is the same....i need new ones everyone always calls me fat because of this one Jc Crown [ I DON'T DM PEOPLE - DON'T GIVE ME MONEY! ], [18.10.20 02:38] literally if i say 1 thing to any troll anywhere first thing they say is "ok fatass" Jc Crown [ I DON'T DM PEOPLE - DON'T GIVE ME MONEY! ], [18.10.20 02:38] i blame this dumb photographer Michael Nunzio, [18.10.20 02:38] [In reply to Jc Crown [ I DON'T DM PEOPLE - DON'T GIVE ME MONEY! ]] Don't listen. Phlip - Not giving away coins, [18.10.20 02:39] u/spoice maybe write a read.cash article if you really feel you need to educate people Spoice, [18.10.20 02:39] David, as a user I believe that each new experiment carries risk with it, why should I take part in a new fork of Bitcoin which has a new set of game-theory rules which doesn't even benefit me, rather it benefits some other entity which will take 5% of any effort or economic activity I produce on this chain? They're also off-loading the risk to me as a usebuildebusiness who choose to join their experiment. Spoice, [18.10.20 02:40] Why should I take that risk while the Bitcoin I know and have known for over 10 years worked perfectly for me thus far? (BCH, that is) Jingles, [18.10.20 02:40] small fees and empty blocks? Jc Crown [ I DON'T DM PEOPLE - DON'T GIVE ME MONEY! ], [18.10.20 02:41] It will insure that a centralized group has control over development and they are by decree in the code, it's a literal take over. Phlip - Not giving away coins, [18.10.20 02:41] [In reply to Spoice] “BSV-freeze the protocol - true Bitcoin” sounds like more your thing David B., [18.10.20 02:41] [In reply to Spoice] Better run bitcoin core 0.1 Jc Crown [ I DON'T DM PEOPLE - DON'T GIVE ME MONEY! ], [18.10.20 02:41] Imagine if satoshi keyd his address in the code to be paid out of every block, but instead of paying himself started a company "Bitcoin Dev Co" Spoice, [18.10.20 02:42] Not really, BSV kills the incentives I am discussing too Phlip - Not giving away coins, [18.10.20 02:42] [In reply to Jingles] Please stay nice now Jc Crown [ I DON'T DM PEOPLE - DON'T GIVE ME MONEY! ], [18.10.20 02:42] No one would ever be able to say Bitcoin was Decentralized, Bitcoin Dev Co would get paid directly from the reward. Jingles, [18.10.20 02:42] [In reply to Phlip - Not giving away coins] "BSV: We have all the Bad Idea. On chain" Spoice, [18.10.20 02:42] The Nash equilibrium we have tested for the past 10 years will be changed with ABC, it changed with BTC and BSV too Jc Crown [ I DON'T DM PEOPLE - DON'T GIVE ME MONEY! ], [18.10.20 02:42] "Bad Solutions Verified" Spoice, [18.10.20 02:42] that game-theory set of incentives Spoice, [18.10.20 02:43] why would I want to take a risk with any of those experiments when I gain 0? David B., [18.10.20 02:43] Better run bitcoin core 0.1 Spoice, [18.10.20 02:43] Nope, you're talking technical freezing of development, that's not what I am addressing Jingles, [18.10.20 02:43] [In reply to David B.] Thats the BTC chain though Phlip - Not giving away coins, [18.10.20 02:43] [In reply to Spoice] O please share with us your background in the subject. Or are you now just parroting others Spoice, [18.10.20 02:44] BSV wants to freeze the technical development and they want a stable protocol from an API/development perspective Spoice, [18.10.20 02:44] but from an incentive ruleset perspective, they already butchered the equilibrium Bitcoin had Jc Crown [ I DON'T DM PEOPLE - DON'T GIVE ME MONEY! ], [18.10.20 02:44] [In reply to Phlip - Not giving away coins] That's one of those phrases, when you hear it you know they are just a parrot of someones propaganda. "MUH NASH EQUILIBRIUM!" David B., [18.10.20 02:44] Stable = bad? Jingles, [18.10.20 02:45] [In reply to Jc Crown [ I DON'T DM PEOPLE - DON'T GIVE ME MONEY! ]] I love you Spoice, [18.10.20 02:45] Philip, for an admin you are ought to be nicer, if you think I am parroting others you're free to think that, but to state it so bluntly in your position is just... wrong Spoice, [18.10.20 02:46] If you think the point I made is wrong, discuss it Phlip - Not giving away coins, [18.10.20 02:46] [In reply to Jingles] Maybe talk to him in DM about that?😉 Spoice, [18.10.20 02:46] not me Jingles, [18.10.20 02:46] [In reply to Phlip - Not giving away coins] working on it. Phlip - Not giving away coins, [18.10.20 02:46] [In reply to Spoice] I ought to be nicer...😂😂😂 Spoice, [18.10.20 02:47] Also, anyone who studied Bitcoin at length and its set of incentives and game-theory ruleset should know what a Nash Equilibrium is and who the players are in the Bitcoin game Phlip - Not giving away coins, [18.10.20 02:47] [In reply to Spoice] You state as fact. You get to dhow why your statements or opinions are even relevant. Spoice, [18.10.20 02:48] If it's not a fact, highlight how Spoice, [18.10.20 02:48] don't attack me Spoice, [18.10.20 02:48] prove me wrong Spoice, [18.10.20 02:48] if you fail that simple debate test David B., [18.10.20 02:48] How's that breakfast helping? Spoice, [18.10.20 02:48] you should rename from Janitor to Tyrant Jingles, [18.10.20 02:48] I'm still waiting to see the defined rules as per the wp Michael Nunzio, [18.10.20 02:49] [In reply to Spoice] Didn't know this was stand up comedy night in here. Michael Nunzio, [18.10.20 02:49] I missed the memo Phlip - Not giving away coins, [18.10.20 02:49] If I have to prove all idiots on the internet wrong I would have a hard time. You are starting to really waste everybody’s time. You state, you prove. Or you are just generating noise Phlip - Not giving away coins, [18.10.20 02:50] [In reply to Spoice] Be careful now. Michael Nunzio, [18.10.20 02:50] Noisy bugger. Phlip - Not giving away coins, [18.10.20 02:52] Getting close to just do some cleaning up. Spoice, [18.10.20 02:52] If you can't debate technical points I am making about Bitcoin Cash on a Bitcoin Cash Telegram, and within the span of 10 minutes you called me stupid, idiot, noisy and a parrot, you absolutely are a tyrant and I stand by my point: You should not be an admin here, nor anywhere actually. If you think I should be careful for the fear of you banning me, go ahead. You still fail to debate the simplest technical point and yet claim you can "but can't be bothered to". You remind me of that Thermos guy. Spoice, [18.10.20 02:53] How do people with 0 technical know how end up in these admin positions is beyond me Jingles, [18.10.20 02:53] I challenged your comments and you just changed the goal posts. Phlip - Not giving away coins, [18.10.20 02:53] [In reply to Spoice] Ok. You are not paying me and you are free to create noise elsewhere
I was wondering on how a value is assigned to a privet key..?? I mean lets say you have 1 btc in your wallet and how is that 1btc assigned to your privet key, I think im still not precise with my question let me put it metaphorically, if you see a bank account your your money is assigned a value lets say $100 and that $100 is deposited in the bank and the bank persons set $100 to your account but what I don't understand is that since btc doesn't have a bank and its all done by proof of work what does that block contain the block that is solved in order for it assign that value to the privet key it baffles me coz the wallet doesn't have any file containing btc value, what is btc like what determines its value when we do a btc transaction what exactly is being transferred..? can you create a btc value of your own..?? if the btc is not hackable why cant you create your own algorithm that can be assigned to your privet key
Is a Bitcoin transaction really a transaction or lock transition?
Bitcoin transactions that we see in wallets are really transactions or they are depicting the transition of lock and re-lock in a simplistic manner. What I understand is Bitcoin uses public-key cryptography which is about locking or unlocking Bitcoin. So when you are setting a transaction in your wallet, you are basically informing Bitcoin network participants (miners) to put a lock on a specific amount of Bitcoin with a recipient's public-key or address. Am I right???
Dragonchain Great Reddit Scaling Bake-Off Public Proposal
Dragonchain Public Proposal TL;DR:
Dragonchain has demonstrated twice Reddit’s entire total daily volume (votes, comments, and postsper Reddit 2019 Year in Review) in a 24-hour demo on an operational network. Every single transaction on Dragonchain is decentralized immediately through 5 levels of Dragon Net, and then secured with combined proof on Bitcoin, Ethereum, Ethereum Classic, and Binance Chain, via Interchain. At the time, in January 2020, the entire cost of the demo was approximately $25K on a single system (transaction fees locked at $0.0001/txn). With current fees (lowest fee $0.0000025/txn), this would cost as little as $625. Watch Joe walk through the entire proposal and answer questions onYouTube. This proposal is also available on the Dragonchain blog.
Hello Reddit and Ethereum community!
I’m Joe Roets, Founder & CEO of Dragonchain. When the team and I first heard about The Great Reddit Scaling Bake-Off we were intrigued. We believe we have the solutions Reddit seeks for its community points system and we have them at scale. For your consideration, we have submitted our proposal below. The team at Dragonchain and I welcome and look forward to your technical questions, philosophical feedback, and fair criticism, to build a scaling solution for Reddit that will empower its users. Because our architecture is unlike other blockchain platforms out there today, we expect to receive many questions while people try to grasp our project. I will answer all questions here in this thread on Reddit, and I've answered some questions in the stream on YouTube. We have seen good discussions so far in the competition. We hope that Reddit’s scaling solution will emerge from The Great Reddit Scaling Bake-Off and that Reddit will have great success with the implementation.
Dragonchain is a robust open source hybrid blockchain platform that has proven to withstand the passing of time since our inception in 2014. We have continued to evolve to harness the scalability of private nodes, yet take full advantage of the security of public decentralized networks, like Ethereum. We have a live, operational, and fully functional Interchain network integrating Bitcoin, Ethereum, Ethereum Classic, and ~700 independent Dragonchain nodes. Every transaction is secured to Ethereum, Bitcoin, and Ethereum Classic. Transactions are immediately usable on chain, and the first decentralization is seen within 20 seconds on Dragon Net. Security increases further to public networks ETH, BTC, and ETC within 10 minutes to 2 hours. Smart contracts can be written in any executable language, offering full freedom to existing developers. We invite any developer to watch the demo, play with our SDK’s, review open source code, and to help us move forward. Dragonchain specializes in scalable loyalty & rewards solutions and has built a decentralized social network on chain, with very affordable transaction costs. This experience can be combined with the insights Reddit and the Ethereum community have gained in the past couple of months to roll out the solution at a rapid pace.
Response and PoC
In The Great Reddit Scaling Bake-Off post, Reddit has asked for a series of demonstrations, requirements, and other considerations. In this section, we will attempt to answer all of these requests.
A live proof of concept showing hundreds of thousands of transactions
On Jan 7, 2020, Dragonchain hosted a 24-hour live demonstration during which a quarter of a billion (250 million+) transactions executed fully on an operational network. Every single transaction on Dragonchain is decentralized immediately through 5 levels of Dragon Net, and then secured with combined proof on Bitcoin, Ethereum, Ethereum Classic, and Binance Chain, via Interchain. This means that every single transaction is secured by, and traceable to these networks. An attack on this system would require a simultaneous attack on all of the Interchained networks. 24 hours in 4 minutes (YouTube): 24 hours in 4 minutes The demonstration was of a single business system, and any user is able to scale this further, by running multiple systems simultaneously. Our goals for the event were to demonstrate a consistent capacity greater than that of Visa over an extended time period. Tooling to reproduce our demo is available here: https://github.com/dragonchain/spirit-bomb
Source code (for on & off-chain components as well tooling used for the PoC). The source code does not have to be shared publicly, but if Reddit decides to use a particular solution it will need to be shared with Reddit at some point.
Dragonchain’s architecture attacks the scalability issue from multiple angles. Dragonchain is a hybrid blockchain platform, wherein every transaction is protected on a business node to the requirements of that business or purpose. A business node may be held completely private or may be exposed or replicated to any level of exposure desired. Every node has its own blockchain and is independently scalable. Dragonchain established Context Based Verification as its consensus model. Every transaction is immediately usable on a trust basis, and in time is provable to an increasing level of decentralized consensus. A transaction will have a level of decentralization to independently owned and deployed Dragonchain nodes (~700 nodes) within seconds, and full decentralization to BTC and ETH within minutes or hours. Level 5 nodes (Interchain nodes) function to secure all transactions to public or otherwise external chains such as Bitcoin and Ethereum. These nodes scale the system by aggregating multiple blocks into a single Interchain transaction on a cadence. This timing is configurable based upon average fees for each respective chain. For detailed information about Dragonchain’s architecture, and Context Based Verification, please refer to the Dragonchain Architecture Document.
An interesting feature of Dragonchain’s network consensus is its economics and scarcity model. Since Dragon Net nodes (L2-L4) are independent staking nodes, deployment to cloud platforms would allow any of these nodes to scale to take on a large percentage of the verification work. This is great for scalability, but not good for the economy, because there is no scarcity, and pricing would develop a downward spiral and result in fewer verification nodes. For this reason, Dragonchain uses TIME as scarcity. TIME is calculated as the number of Dragons held, multiplied by the number of days held. TIME influences the user’s access to features within the Dragonchain ecosystem. It takes into account both the Dragon balance and length of time each Dragon is held. TIME is staked by users against every verification node and dictates how much of the transaction fees are awarded to each participating node for every block. TIME also dictates the transaction fee itself for the business node. TIME is staked against a business node to set a deterministic transaction fee level (see transaction fee table below in Cost section). This is very interesting in a discussion about scaling because it guarantees independence for business implementation. No matter how much traffic appears on the entire network, a business is guaranteed to not see an increased transaction fee rate.
Dragonchain uses Docker and Kubernetes to allow the use of best practices traditional system scaling. Dragonchain offers managed nodes with an easy to use web based console interface. The user may also deploy a Dragonchain node within their own datacenter or favorite cloud platform. Users have deployed Dragonchain nodes on-prem on Amazon AWS, Google Cloud, MS Azure, and other hosting platforms around the world. Any executable code, anything you can write, can be written into a smart contract. This flexibility is what allows us to say that developers with no blockchain experience can use any code language to access the benefits of blockchain. Customers have used NodeJS, Python, Java, and even BASH shell script to write smart contracts on Dragonchain. With Docker containers, we achieve better separation of concerns, faster deployment, higher reliability, and lower response times. We chose Kubernetes for its self-healing features, ability to run multiple services on one server, and its large and thriving development community. It is resilient, scalable, and automated. OpenFaaS allows us to package smart contracts as Docker images for easy deployment. Contract deployment time is now bounded only by the size of the Docker image being deployed but remains fast even for reasonably large images. We also take advantage of Docker’s flexibility and its ability to support any language that can run on x86 architecture. Any image, public or private, can be run as a smart contract using Dragonchain.
Flexibility in Scaling
Dragonchain’s architecture considers interoperability and integration as key features. From inception, we had a goal to increase adoption via integration with real business use cases and traditional systems. We envision the ability for Reddit, in the future, to be able to integrate alternate content storage platforms or other financial services along with the token.
LBRY - To allow users to deploy content natively to LBRY
MakerDAO to allow users to lend small amounts backed by their Reddit community points.
STORJ/SIA to allow decentralized on chain storage of portions of content. These integrations or any other are relatively easy to integrate on Dragonchain with an Interchain implementation.
Cost estimates (on-chain and off-chain) For the purpose of this proposal, we assume that all transactions are on chain (posts, replies, and votes).
On the Dragonchain network, transaction costs are deterministic/predictable. By staking TIME on the business node (as described above) Reddit can reduce transaction costs to as low as $0.0000025 per transaction. Dragonchain Fees Table
How to run it
Building on Dragonchain is simple and requires no blockchain experience. Spin up a business node (L1) in our managed environment (AWS), run it in your own cloud environment, or on-prem in your own datacenter. Clear documentation will walk you through the steps of spinning up your first Dragonchain Level 1 Business node. Getting started is easy...
Download Dragonchain’s dctl
Input three commands into a terminal
Build an image
More information can be found in our Get started documents.
Dragonchain is an open source hybrid platform. Through Dragon Net, each chain combines the power of a public blockchain (like Ethereum) with the privacy of a private blockchain. Dragonchain organizes its network into five separate levels. A Level 1, or business node, is a totally private blockchain only accessible through the use of public/private keypairs. All business logic, including smart contracts, can be executed on this node directly and added to the chain. After creating a block, the Level 1 business node broadcasts a version stripped of sensitive private data to Dragon Net. Three Level 2 Validating nodes validate the transaction based on guidelines determined from the business. A Level 3 Diversity node checks that the level 2 nodes are from a diverse array of locations. A Level 4 Notary node, hosted by a KYC partner, then signs the validation record received from the Level 3 node. The transaction hash is ledgered to the Level 5 public chain to take advantage of the hash power of massive public networks. Dragon Net can be thought of as a “blockchain of blockchains”, where every level is a complete private blockchain. Because an L1 can send to multiple nodes on a single level, proof of existence is distributed among many places in the network. Eventually, proof of existence reaches level 5 and is published on a public network.
Dragonchain is open source and even though the platform is easy enough for developers to code in any language they are comfortable with, we do not have so large a developer community as Ethereum. We would like to see the Ethereum developer community (and any other communities) become familiar with our SDK’s, our solutions, and our platform, to unlock the full potential of our Ethereum Interchain. Long ago we decided to prioritize both Bitcoin and Ethereum Interchains. We envision an ecosystem that encompasses different projects to give developers the ability to take full advantage of all the opportunities blockchain offers to create decentralized solutions not only for Reddit but for all of our current platforms and systems. We believe that together we will take the adoption of blockchain further. We currently have additional Interchain with Ethereum Classic. We look forward to Interchain with other blockchains in the future. We invite all blockchains projects who believe in decentralization and security to Interchain with Dragonchain.
While we only have 700 nodes compared to 8,000 Ethereum and 10,000 Bitcoin nodes. We harness those 18,000 nodes to scale to extremely high levels of security. See Dragonchain metrics.
Some may consider the centralization of Dragonchain’s business nodes as an issue at first glance, however, the model is by design to protect business data. We do not consider this a drawback as these nodes can make any, none, or all data public. Depending upon the implementation, every subreddit could have control of its own business node, for potential business and enterprise offerings, bringing new alternative revenue streams to Reddit.
Costs and resources
Summary of cost & resource information for both on-chain & off-chain components used in the PoC, as well as cost & resource estimates for further scaling. If your PoC is not on mainnet, make note of any mainnet caveats (such as congestion issues).
Every transaction on the PoC system had a transaction fee of $0.0001 (one-hundredth of a cent USD). At 256MM transactions, the demo cost $25,600. With current operational fees, the same demonstration would cost $640 USD. For the demonstration, to achieve throughput to mimic a worldwide payments network, we modeled several clients in AWS and 4-5 business nodes to handle the traffic. The business nodes were tuned to handle higher throughput by adjusting memory and machine footprint on AWS. This flexibility is valuable to implementing a system such as envisioned by Reddit. Given that Reddit’s daily traffic (posts, replies, and votes) is less than half that of our demo, we would expect that the entire Reddit system could be handled on 2-5 business nodes using right-sized containers on AWS or similar environments. Verification was accomplished on the operational Dragon Net network with over 700 independently owned verification nodes running around the world at no cost to the business other than paid transaction fees.
This PoC should scale to the numbers below with minimal costs (both on & off-chain). There should also be a clear path to supporting hundreds of millions of users. Over a 5 day period, your scaling PoC should be able to handle: *100,000 point claims (minting & distributing points) *25,000 subscriptions *75,000 one-off points burning *100,000 transfers
During Dragonchain’s 24 hour demo, the above required numbers were reached within the first few minutes. Reddit’s total activity is 9000% more than Ethereum’s total transaction level. Even if you do not include votes, it is still 700% more than Ethereum’s current volume. Dragonchain has demonstrated that it can handle 250 million transactions a day, and it’s architecture allows for multiple systems to work at that level simultaneously. In our PoC, we demonstrate double the full capacity of Reddit, and every transaction was proven all the way to Bitcoin and Ethereum. Reddit Scaling on Ethereum
Solutions should not depend on any single third-party provider. We prefer solutions that do not depend on specific entities such as Reddit or another provider, and solutions with no single point of control or failure in off-chain components but recognize there are numerous trade-offs to consider
Dragonchain’s architecture calls for a hybrid approach. Private business nodes hold the sensitive data while the validation and verification of transactions for the business are decentralized within seconds and secured to public blockchains within 10 minutes to 2 hours. Nodes could potentially be controlled by owners of individual subreddits for more organic decentralization.
Billing is currently centralized - there is a path to federation and decentralization of a scaled billing solution.
Operational on-premises capabilities
Operational deployment to any datacenter
Over 700 independent Community Verification Nodes with proof of ownership
Operational Interchain (Interoperable to Bitcoin, Ethereum, and Ethereum Classic, open to more)
Usability Scaling solutions should have a simple end user experience.
Users shouldn't have to maintain any extra state/proofs, regularly monitor activity, keep track of extra keys, or sign anything other than their normal transactions
Dragonchain and its customers have demonstrated extraordinary usability as a feature in many applications, where users do not need to know that the system is backed by a live blockchain. Lyceum is one of these examples, where the progress of academy courses is being tracked, and successful completion of courses is rewarded with certificates on chain. Our @Save_The_Tweet bot is popular on Twitter. When used with one of the following hashtags - #please, #blockchain, #ThankYou, or #eternalize the tweet is saved through Eternal to multiple blockchains. A proof report is available for future reference. Other examples in use are DEN, our decentralized social media platform, and our console, where users can track their node rewards, view their TIME, and operate a business node. Examples:
Transactions complete in a reasonable amount of time (seconds or minutes, not hours or days)
All transactions are immediately usable on chain by the system. A transaction begins the path to decentralization at the conclusion of a 5-second block when it gets distributed across 5 separate community run nodes. Full decentralization occurs within 10 minutes to 2 hours depending on which interchain (Bitcoin, Ethereum, or Ethereum Classic) the transaction hits first. Within approximately 2 hours, the combined hash power of all interchained blockchains secures the transaction.
Free to use for end users (no gas fees, or fixed/minimal fees that Reddit can pay on their behalf)
With transaction pricing as low as $0.0000025 per transaction, it may be considered reasonable for Reddit to cover transaction fees for users. All of Reddit's Transactions on Blockchain (month) Community points can be earned by users and distributed directly to their Reddit account in batch (as per Reddit minting plan), and allow users to withdraw rewards to their Ethereum wallet whenever they wish. Withdrawal fees can be paid by either user or Reddit. This model has been operating inside the Dragonchain system since 2018, and many security and financial compliance features can be optionally added. We feel that this capability greatly enhances user experience because it is seamless to a regular user without cryptocurrency experience, yet flexible to a tech savvy user. With regard to currency or token transactions, these would occur on the Reddit network, verified to BTC and ETH. These transactions would incur the $0.0000025 transaction fee. To estimate this fee we use the monthly active Reddit users statista with a 60% adoption rate and an estimated 10 transactions per month average resulting in an approximate $720 cost across the system. Reddit could feasibly incur all associated internal network charges (mining/minting, transfer, burn) as these are very low and controllable fees. Reddit Internal Token Transaction Fees Reddit Ethereum Token Transaction Fees When we consider further the Ethereum fees that might be incurred, we have a few choices for a solution.
Offload all Ethereum transaction fees (user withdrawals) to interested users as they wish to withdraw tokens for external use or sale.
Cover Ethereum transaction fees by aggregating them on a timed schedule. Users would request withdrawal (from Reddit or individual subreddits), and they would be transacted on the Ethereum network every hour (or some other schedule).
In a combination of the above, customers could cover aggregated fees.
Integrate with alternate Ethereum roll up solutions or other proposals to aggregate minting and distribution transactions onto Ethereum.
Users should be able to view their balances & transactions via a blockchain explorer-style interface
From interfaces for users who have no knowledge of blockchain technology to users who are well versed in blockchain terms such as those present in a typical block explorer, a system powered by Dragonchain has flexibility on how to provide balances and transaction data to users. Transactions can be made viewable in an Eternal Proof Report, which displays raw data along with TIME staking information and traceability all the way to Bitcoin, Ethereum, and every other Interchained network. The report shows fields such as transaction ID, timestamp, block ID, multiple verifications, and Interchain proof. See example here. Node payouts within the Dragonchain console are listed in chronological order and can be further seen in either Dragons or USD. See example here. In our social media platform, Dragon Den, users can see, in real-time, their NRG and MTR balances. See example here. A new influencer app powered by Dragonchain, Raiinmaker, breaks down data into a user friendly interface that shows coin portfolio, redeemed rewards, and social scores per campaign. See example here.
Exiting is fast & simple
Withdrawing funds on Dragonchain’s console requires three clicks, however, withdrawal scenarios with more enhanced security features per Reddit’s discretion are obtainable.
Interoperability Compatibility with third party apps (wallets/contracts/etc) is necessary.
Proven interoperability at scale that surpasses the required specifications. Our entire platform consists of interoperable blockchains connected to each other and traditional systems. APIs are well documented. Third party permissions are possible with a simple smart contract without the end user being aware. No need to learn any specialized proprietary language. Any code base (not subsets) is usable within a Docker container. Interoperable with any blockchain or traditional APIs. We’ve witnessed relatively complex systems built by engineers with no blockchain or cryptocurrency experience. We’ve also demonstrated the creation of smart contracts within minutes built with BASH shell and Node.js. Please see our source code and API documentation.
Scaling solutions should be extensible and allow third parties to build on top of it Open source and extensible APIs should be well documented and stable
Third-party permissionless integrations should be possible & straightforward Smart contracts are Docker based, can be written in any language, use full language (not subsets), and can therefore be integrated with any system including traditional system APIs. Simple is better. Learning an uncommon or proprietary language should not be necessary.
Advanced knowledge of mathematics, cryptography, or L2 scaling should not be required. Compatibility with common utilities & toolchains is expected. Dragonchain business nodes and smart contracts leverage Docker to allow the use of literally any language or executable code. No proprietary language is necessary. We’ve witnessed relatively complex systems built by engineers with no blockchain or cryptocurrency experience. We’ve also demonstrated the creation of smart contracts within minutes built with BASH shell and Node.js.
Bonus Points: Show us how it works. Do you have an idea for a cool new use case for Community Points? Build it!
Community points could be awarded to Reddit users based upon TIME too, whereas the longer someone is part of a subreddit, the more community points someone naturally gained, even if not actively commenting or sharing new posts. A daily login could be required for these community points to be credited. This grants awards to readers too and incentivizes readers to create an account on Reddit if they browse the website often. This concept could also be leveraged to provide some level of reputation based upon duration and consistency of contribution to a community subreddit.
Dragonchain has already built a social media platform that harnesses community involvement. Dragon Den is a decentralized community built on the Dragonchain blockchain platform. Dragon Den is Dragonchain’s answer to fake news, trolling, and censorship. It incentivizes the creation and evaluation of quality content within communities. It could be described as being a shareholder of a subreddit or Reddit in its entirety. The more your subreddit is thriving, the more rewarding it will be. Den is currently in a public beta and in active development, though the real token economy is not live yet. There are different tokens for various purposes. Two tokens are Lair Ownership Rights (LOR) and Lair Ownership Tokens (LOT). LOT is a non-fungible token for ownership of a specific Lair. LOT will only be created and converted from LOR. Energy (NRG) and Matter (MTR) work jointly. Your MTR determines how much NRG you receive in a 24-hour period. Providing quality content, or evaluating content will earn MTR.
Security. Users have full ownership & control of their points.
All community points awarded based upon any type of activity or gift, are secured and provable to all Interchain networks (currently BTC, ETH, ETC). Users are free to spend and withdraw their points as they please, depending on the features Reddit wants to bring into production.
Balances and transactions cannot be forged, manipulated, or blocked by Reddit or anyone else
Users can withdraw their balance to their ERC20 wallet, directly through Reddit. Reddit can cover the fees on their behalf, or the user covers this with a portion of their balance.
Users should own their points and be able to get on-chain ERC20 tokens without permission from anyone else
Through our console users can withdraw their ERC20 rewards. This can be achieved on Reddit too. Here is a walkthrough of our console, though this does not show the quick withdrawal functionality, a user can withdraw at any time. https://www.youtube.com/watch?v=aNlTMxnfVHw
Points should be recoverable to on-chain ERC20 tokens even if all third-parties involved go offline
If necessary, signed transactions from the Reddit system (e.g. Reddit + Subreddit) can be sent to the Ethereum smart contract for minting.
A public, third-party review attesting to the soundness of the design should be available
To our knowledge, at least two large corporations, including a top 3 accounting firm, have conducted positive reviews. These reviews have never been made public, as Dragonchain did not pay or contract for these studies to be released.
Bonus points Public, third-party implementation review available or in progress
Compatibility with HSMs & hardware wallets
For the purpose of this proposal, all tokenization would be on the Ethereum network using standard token contracts and as such, would be able to leverage all hardware wallet and Ethereum ecosystem services.
Minting/distributing tokens is not performed by Reddit directly
This operation can be automated by smart contract on Ethereum. Subreddits can if desired have a role to play.
One off point burning, as well as recurring, non-interactive point burning (for subreddit memberships) should be possible and scalable
This is possible and scalable with interaction between Dragonchain Reddit system and Ethereum token contract(s).
Fully open-source solutions are strongly preferred
Dragonchain is fully open source (see section on Disney release after conclusion).
Whether it is today, or in the future, we would like to work together to bring secure flexibility to the highest standards. It is our hope to be considered by Ethereum, Reddit, and other integrative solutions so we may further discuss the possibilities of implementation. In our public demonstration, 256 million transactions were handled in our operational network on chain in 24 hours, for the low cost of $25K, which if run today would cost $625. Dragonchain’s interoperable foundation provides the atmosphere necessary to implement a frictionless community points system. Thank you for your consideration of our proposal. We look forward to working with the community to make something great!
Disney Releases Blockchain Platform as Open Source
The team at Disney created the Disney Private Blockchain Platform. The system was a hybrid interoperable blockchain platform for ledgering and smart contract development geared toward solving problems with blockchain adoption and usability. All objective evaluation would consider the team’s output a success. We released a list of use cases that we explored in some capacity at Disney, and our input on blockchain standardization as part of our participation in the W3C Blockchain Community Group. https://lists.w3.org/Archives/Public/public-blockchain/2016May/0052.html
In 2016, Roets proposed to release the platform as open source to spread the technology outside of Disney, as others within the W3C group were interested in the solutions that had been created inside of Disney. Following a long process, step by step, the team met requirements for release. Among the requirements, the team had to:
Obtain VP support and approval for the release
Verify ownership of the software to be released
Verify that no proprietary content would be released
Convince the organization that there was a value to the open source community
Convince the organization that there was a value to Disney
Offer the plan for ongoing maintenance of the project outside of Disney
Itemize competing projects
Verify no conflict of interest
Change the project name to not use the name Disney, any Disney character, or any other associated IP - proposed Dragonchain - approved
Obtain legal approval
Approval from corporate, parks, and other business units
Approval from multiple Disney patent groups Copyright holder defined by Disney (Disney Connected and Advanced Technologies)
Trademark searches conducted for the selected name Dragonchain
Obtain IT security approval
Manual review of OSS components conducted
OWASP Dependency and Vulnerability Check Conducted
Obtain technical (software) approval
Offer management, process, and financial plans for the maintenance of the project.
Meet list of items to be addressed before release
Remove all Disney project references and scripts
Create a public distribution list for email communications
Remove Roets’ direct and internal contact information
Create public Slack channel and move from Disney slack channels
Create proper labels for issue tracking
Rename internal private Github repository
Add informative description to Github page
Expand README.md with more specific information
Add information beyond current “Blockchains are Magic”
Add getting started sections and info on cloning/forking the project
Add installation details
Add uninstall process
Add unit, functional, and integration test information
Detail how to contribute and get involved
Describe the git workflow that the project will use
Move to public, non-Disney git repository (Github or Bitbucket)
Obtain Disney Open Source Committee approval for release
On top of meeting the above criteria, as part of the process, the maintainer of the project had to receive the codebase on their own personal email and create accounts for maintenance (e.g. Github) with non-Disney accounts. Given the fact that the project spanned multiple business units, Roets was individually responsible for its ongoing maintenance. Because of this, he proposed in the open source application to create a non-profit organization to hold the IP and maintain the project. This was approved by Disney. The Disney Open Source Committee approved the application known as OSSRELEASE-10, and the code was released on October 2, 2016. Disney decided to not issue a press release. Original OSSRELASE-10 document
Hi Monero community! Two months ago I posted a CCS for continuing my research on Monero Atomic Swaps. That research is now complete and I'm happy to present my results. This post will be a summary of my research, but you can also find the whitepaper that describes the full protocol and all the details here.
Shiny BTC/XMR Atomic Swap Protocol!
We found it! With the help of the MRL, my colleagues, and the community, we created the first (to our knowledge) protocol to atomically swap bitcoin and monero. And this resulting protocol is implementable today - no more obscure crypto!
Why now? What changed?
When I started studying Monero for a Bitcoin/Monero atomic swap three and a half years ago, most of the swap protocols where based on 'Hash Time Locked Contract' (HTLC), something that we all know as non-existent on Monero. So the goal at the beginning of the project was to create an atomic swap where all the logic (timeouts, possible sequences of operation, secret disclosures, etc) is managed on the other chain: the Bitcoin chain. The second difficulty with Monero and Bitcoin is their respective underlying cryptographic parameters: they don't share the same elliptic curve, they don't share the same signing algorithm; they have nothing in common! This makes the pair a bad candidate for other types of atomic swap that don't (solely) rely on HTLC. In November 2018 we came up with a draft protocol that respects the above constraints. Thus, the protocol requires a specific type of zero-knowledge proof to be trustless: a hash pre-image zero-knowledge proof. This type of zkp is not wildly used in practice, if at all. Thus the protocol works in theory, but with some obscure crypto, making the protocol a bad candidate for an implementation. In early 2020, after presenting the draft protocol at 36C3 in December 2019, I discovered, by reference from Sarang Noether (MRL), Andrew Poelstra's idea of doing a discrete logarithm equality across group zero-knowledge proof of knowledge (MRL-0010), meaning that we can prove some relations between elements in two different groups (two curves to simplify) and the paper by LLoyd Fournier on One-Time Verifiably Encrypted Signatures allowing secret disclosure with ECDSA. With these two new (to me) cryptographic primitives, we were able to replace the previous zero-knowledge proof with a combination of the latter, making the protocol complete and practically feasible.
How it works
As a broad overview (and simplified) the protocol work as follow:
The monero are locked in an address generated by both participants
At the beginning, neither of the participants have the full control over the address; they both have half of the private key only
With the cross group discrete logarithm equality zkp, both participants prove to each other that the address on the Bitcoin chain is related to the address on the Monero chain
By means of Bitcoin scripts and ECDSA one-time verifiably encrypted signatures, one participant reveals to the other her partial private key by taking the bitcoin, allowing the other to take control over the monero
If the swap succeeds, A reveals to B, and if the swap is cancelled, B reveals to A. (We have a third scenario explained in the paper to force reaction and avoid deadlock.)
The obvious next step would be to have a working implementation on mainnet, but a ready-to-use implementation that is also robust and safe-to-use requires a lot of engineering work. Furthermore, even though the cryptography is not too obscure, most of it still also lacks an implementation. I'll post soon, if the community wants it, a CCS proposal to get my team and I to work on implementing this protocol, step by step, with the end goal of creating a working client/daemon for swapping Bitcoin and Monero. It would be very exciting to build that!
Thanks to the MRL and its researchers for their help, the CCS team, and the community for its support! I hope I fulfilled the community's expectations for my my first CCS - all feedback is appreciated.
The dichotomy is between computationally infeasible vs informationally-theoretic infeasible. Basically:
Something is computationally infeasible if it could in theory be done, but you would not be able to build a practical computer to do it within the age of the universe and using only the power available in just one galaxy or thereabouts.
Something is informationally-theoretic infeasible if even if you had any arbitrarily large amount of time, space, and energy, you cannot do it.
Quantum breaks represent a possible reduction in computational infeasibility of certain things, but not information-theoretic infeasibility. For example, suppose you want to know what 256-bit preimages map to 256-bit hashes. In theory, you just need to build a table with 2256 entries and start from 0x0000000000000000000000000000000000000000000000000000000000000000 and so on. This is computationally infeasible, but not information-theoretic infeasible. However, suppose you want to know what preimages, of any size, map to 256-bit hashes. Since the preimages can be of any size, after finishing with 256-bit preimages, you have to proceed to 257-bit preimages. And so on. And there is no size limit, so you will literally never finish. Even if you lived forever, you would not complete it. This is information-theoretic infeasible.
How does this relate to confidential transactions? Basically, every confidential transaction simply hides the value behind a homomorphic commitment. What is a homomorphic commitment? Okay, let's start with commitments. A commitment is something which lets you hide something, and later reveal what you hid. Until you reveal it, even if somebody has access to the commitment, they cannot reverse it to find out what you hid. This is called the "hiding property" of commitments. However, when you do reveal it (or "open the commitment"), then you cannot replace what you hid with some other thing. This is called the "binding property" of commitments. For example, a hash of a preimage is a commitment. Suppose I want to commit to something. For example, I want to show that I can predict the future using the energy of a spare galaxy I have in my pocket. I can hide that something by hashing a description of the future. Then I can give the hash to you. You still cannot learn the future, because it's just a hash, and you can't reverse the hash ("hiding"). But suppose the future event occurs. I can reveal that I did, in fact, know the future. So I give you the description, and you hash it and compare it to the hash I gave earlier. Because of preimage resistance, I cannot retroactively change what I hid in the hash, so what I gave must have been known to me at the time that I gave you the commitment i..e. hash ("binding").
A homomorphic commitment simply means that if I can do certain operations on preimages of the commitment scheme, there are certain operations on the commitments that would create similar ("homo") changes ("morphic") to the commitments. For example, suppose I have a magical function h() which is a homomorphic commitment scheme. It can hide very large (near 256-bit) numbers. Then if h() is homomorphic, there may be certain operations on numbers behind the h() that have homomorphisms after the h(). For example, I might have an operation <+> that is homomorphic in h() on +, or in other words, if I have two large numbers a and b, then h(a + b) = h(a) <+> h(b). + and <+> are different operations, but they are homomorphic to each other. For example, elliptic curve scalars and points have homomorphic operations. Scalars (private keys) are "just" very large near-256-bit numbers, while points are a scalar times a standard generator point G. Elliptic curve operations exist where there is a <+> between points that is homomorphic on standard + on scalars, and a <*> between a scalar and a point that is homomorphic on standard * multiplication on scalars. For example, suppose I have two large scalars a and b. I can use elliptic curve points as a commitment scheme: I can take a <*> G to generate a point A. It is hiding since nobody can learn what a is unless I reveal it (a and A can be used in standard ECDSA private-public key cryptography, with the scalar a as the private key and the point A as the public key, and the a cannot be derived even if somebody else knows A). Thus, it is hiding. At the same time, for a particular point A and standard generator point G, there is only one possible scalar a which when "multiplied" with G yields A. So scalars and elliptic curve points are a commitment scheme, with both hiding and binding properties. Now, as mentioned there is a <+> operation on points that is homomorphic to the + operation on corresponding scalars. For example, suppose there are two scalars a and b. I can compute (a + b) <*> G to generate a particular point. But even if I don't know scalars a and b, but I do know points A = a <*> G and B = b <*> G, then I can use A <+> B to derive (a + b) <*> G (or equivalently, (a <*> G) <+> (b <*> G) == (a + b) <*> G). This makes points a homomorphic commitment scheme on scalars.
Confidential Transactions: A Sketch
This is useful since we can easily use the near-256-bit scalars in SECP256K1 elliptic curves to easily represent values in a monetary system, and hide those values by using a homomorphic commitment scheme. We can use the hiding property to prevent people from learning the values of the money we are sending and receiving. Now, in a proper cryptocurrency, a normal, non-coinbase transaction does not create or destroy coins: the values of the input coins are equal to the value of the output coins. We can use a homomorphic commitment scheme. Suppose I have a transaction that consumes an input value a and creates two output values b and c. That is, a = b + c, i.e. the sum of all inputs a equals the sum of all outputs b and c. But remember, with a homomorphic commitment scheme like elliptic curve points, there exists a <+> operation on points that is homomorphic to the ordinary school-arithmetic + addition on large numbers. So, confidential transactions can use points a <*> G as input, and points b <*> G and c <*> G as output, and we can easily prove that a <*> G = (b <*> G) <+> (c <*> G) if a = b + c, without revealing a, b, or c to anyone.
Actually, we cannot just use a <*> G as a commitment scheme in practice. Remember, Bitcoin has a cap on the number of satoshis ever to be created, and it's less than 253 satoshis, which is fairly trivial. I can easily compute all values of a <*> G for all values of a from 0 to 253 and know which a <*> G corresponds to which actual amount a. So in confidential transactions, we cannot naively use a <*> G commitments, we need Pedersen commitments. If you know what a "salt" is, then Pedersen commitments are fairly obvious. A "salt" is something you add to e.g. a password so that the hash of the password is much harder to attack. Humans are idiots and when asked to generate passwords, will output a password that takes less than 230 possibilities, which is fairly easy to grind. So what you do is that you "salt" a password by prepending a random string to it. You then hash the random string + password, and store the random string --- the salt --- together with the hash in your database. Then when somebody logs in, you take the password, prepend the salt, hash, and check if the hash matches with the in-database hash, and you let them log in. Now, with a hash, even if somebody copies your password database, the can't get the password. They're hashed. But with a salt, even techniques like rainbow tables make a hacker's life even harder. They can't hash a possible password and check every hash in your db for something that matches. Instead, if they get a possible password, they have to prepend each salt, hash, then compare. That greatly increases the computational needs of a hacker, which is why salts are good. What a Pedersen commitment is, is a point a <*> H, where a is the actual value you commit to, plus <+> another point r <*> G. H here is a second standard generator point, different from G. The r is the salt in the Pedersen commitment. It makes it so that even if you show (a <*> H) <+> (r <*> G) to somebody, they can't grind all possible values of a and try to match it with your point --- they also have to grind r (just as with the password-salt example above). And r is much larger, it can be a true near-256-bit number that is the range of scalars in SECP256K1, whereas a is constrained to "reasonable" numbers of satoshi, which cannot exceed 21 million Bitcoins. Now, in order to validate a transaction with input a and outputs b and c, you only have to prove a = b + c. Suppose we are hiding those amounts using Pedersen commitments. You have an input of amount a, and you know a and r. The blockchain has an amount (a <*> H) <+> (r <*> G). In order to create the two outputs b and c, you just have to create two new r scalars such that r = r + r. This is trivial, you just select a new random r and then compute r = r - r, it's just basic algebra. Then you create a transaction consuming the input (a <*> H) <+> (r <*> G) and outputs (b <*> H) <+> (r <*> G) and (c <*> H) <+> (r <*> G). You know that a = b + c, and r = r + r, while fullnodes around the world, who don't know any of the amounts or scalars involved, can just take the points (a <*> H) <+> (r <*> G) and see if it equals (b <*> H) <+> (r <*> G) <+> (c <*> H) <+> (r <*> G). That is all that fullnodes have to validate, they just need to perform <+> operations on points and comparison on points, and from there they validate transactions, all without knowing the actual values involved.
What does this mean? It's just a measure of how "impossible" binding vs hiding is. Pedersen commitments are computationally binding, meaning that in theory, a user of this commitment with arbitrary time and space and energy can, in theory, replace the amount with something else. However, it is information-theoretic hiding, meaning an attacker with arbitrary time and space and energy cannot figure out exactly what got hidden behind the commitment. But why? Now, we have been using a and a <*> G as private keys and public keys in ECDSA and Schnorr. There is an operation <*> on a scalar and a point that generates another point, but we cannot "revrese" this operation. For example, even if I know A, and know that A = a <*> G, but do not know a, I cannot derive a --- there is no operation between A G that lets me know a. Actually there is: I "just" need to have so much time, space, and energy that I just start counting a from 0 to 2256 and find which a results in A = a <*> G. This is a computational limit: I don't have a spare universe in my back pocket I can use to do all those computations. Now, replace a with h and A with H. Remember that Pedersen commitments use a "second" standard generator point. The generator points G and H are "not really special" --- they are just random points on the curve that we selected and standardized. There is no operation H G such that I can learn h where H = h <*> G, though if I happen to have a spare universe in my back pocket I can "just" brute force it. Suppose I do have a spare universe in my back pocket, and learn h = H G such that H = h <*> G. What can I do in Pedersen commitments? Well, I have an amount a that is committed to by (a <*> H) <+> (r <*> G). But I happen to know h! Suppose I want to double my money a without involving Elon Musk. Then:
(a <*> H) <+> (r <*> G)
== (a <*> (h <*> G)) <+> (r <*> G)
== ((a * h) <*> G) <+> (r <*> G); remember, <*> is also homomorphic on multiplication *.
== ((a * h + a * h - a * h) <*> G) <+> (r <*> G); just add 0.
== ((a * h + a * h) <*> G) <+> ((-a * h) <*> G) <+> (r <*> G)
== ((2 * a * h) <*> G) <+> ((r - a * h) <*> G)
== ((2 * a) <*> (h <*> G)) <+> ((r - a * h) <*> G)
== ((2 * a) <*> H) <+> ((r - a * h) <*> G); TADA!! I doubled my money!
That is what we mean by computationally binding: if I can compute h such that H = h <*> G, then I can find another number which opens the same commitment. And of course I'd make sure that number is much larger than what I originally had in that address! Now, the reason why it is "only" computationally binding is that it is information-theoretically hiding. Suppose somebody knows h, but has no money in the cryptocurrency. All they see are points. They can try to find what the original amounts are, but because any amount can be mapped to "the same" point with knowledge of h (e.g. in the above, a and 2 * a got mapped to the same point by "just" replacing the salt r with r - a * h; this can be done for 3 * a, 4 * a etc.), they cannot learn historical amounts --- the a in historical amounts could be anything. The drawback, though, is that --- as seen above --- arbitrary inflation is now introduced once somebody knows h. They can multiply their money by any arbitrary factor with knowledge of h. It is impossible to have both perfect hiding (i.e. historical amounts remain hidden even after a computational break) and perfect binding (i.e. you can't later open the commitment to a different, much larger, amount). Pedersen commitments just happen to have perfect hiding, but only computationally-infeasible binding. This means they allow hiding historical values, but in case of anything that allows better computational power --- including but not limited to quantum breaks --- they allow arbitrary inflation.
Changing The Tradeoffs with ElGamal Commitments
An ElGamal commitment is just a Pedersen commitment, but with the point r <*> G also stored in a separate section of the transaction. This commits the r, and fixes it to a specific value. This prevents me from opening my (a <*> H) <+> (r <*> G) as ((2 * a) <*> H) <+> ((r - a * h) <*> G), because the (r - a * h) would not match the r <*> G sitting in a separate section of the transaction. This forces me to be bound to that specific value, and no amount of computation power will let me escape --- it is information-theoretically binding i.e. perfectly binding. But that is now computationally hiding. An evil surveillor with arbitrary time and space can focus on the r <*> G sitting in a separate section of the transaction, and grind r from 0 to 2256 to determine what r matches that point. Then from there, they can negate r to get (-r) <*> G and add it to the (a <*> H) <+> (r <*> G) to get a <*> H, and then grind that to determine the value a. With massive increases in computational ability --- including but not limited to quantum breaks --- an evil surveillor can see all the historical amounts of confidential transactions.
This is the source of the tradeoff: either you design confidential transactions so in case of a quantum break, historical transactions continue to hide their amounts, but inflation of the money is now unavoidable, OR you make the money supply sacrosanct, but you potentially sacrifice amount hiding in case of some break, including but not limited to quantum breaks.
This is a follow-up on https://old.reddit.com/Bitcoin/comments/hqzp14/technical_the_path_to_taproot_activation/ Taproot! Everybody wants it!! But... you might ask yourself: sure, everybody else wants it, but why would I, sovereign Bitcoin HODLer, want it? Surely I can be better than everybody else because I swapped XXX fiat for Bitcoin unlike all those nocoiners? And it is important for you to know the reasons why you, o sovereign Bitcoiner, would want Taproot activated. After all, your nodes (or the nodes your wallets use, which if you are SPV, you hopefully can pester to your wallet vendoimplementor about) need to be upgraded in order for Taproot activation to actually succeed instead of becoming a hot sticky mess. First, let's consider some principles of Bitcoin.
You the HODLer should be the one who controls where your money goes. Your keys, your coins.
You the HODLer should be able to coordinate and make contracts with other people regarding your funds.
You the HODLer should be able to do the above without anyone watching over your shoulder and judging you.
I'm sure most of us here would agree that the above are very important principles of Bitcoin and that these are principles we would not be willing to remove. If anything, we would want those principles strengthened (especially the last one, financial privacy, which current Bitcoin is only sporadically strong with: you can get privacy, it just requires effort to do so). So, how does Taproot affect those principles?
Taproot and Your /Coins
Most HODLers probably HODL their coins in singlesig addresses. Sadly, switching to Taproot would do very little for you (it gives a mild discount at spend time, at the cost of a mild increase in fee at receive time (paid by whoever sends to you, so if it's a self-send from a P2PKH or bech32 address, you pay for this); mostly a wash). (technical details: a Taproot output is 1 version byte + 32 byte public key, while a P2WPKH (bech32 singlesig) output is 1 version byte + 20 byte public key hash, so the Taproot output spends 12 bytes more; spending from a P2WPKH requires revealing a 32-byte public key later, which is not needed with Taproot, and Taproot signatures are about 9 bytes smaller than P2WPKH signatures, but the 32 bytes plus 9 bytes is divided by 4 because of the witness discount, so it saves about 11 bytes; mostly a wash, it increases blockweight by about 1 virtual byte, 4 weight for each Taproot-output-input, compared to P2WPKH-output-input). However, as your HODLings grow in value, you might start wondering if multisignature k-of-n setups might be better for the security of your savings. And it is in multisignature that Taproot starts to give benefits! Taproot switches to using Schnorr signing scheme. Schnorr makes key aggregation -- constructing a single public key from multiple public keys -- almost as trivial as adding numbers together. "Almost" because it involves some fairly advanced math instead of simple boring number adding, but hey when was the last time you added up your grocery list prices by hand huh? With current P2SH and P2WSH multisignature schemes, if you have a 2-of-3 setup, then to spend, you need to provide two different signatures from two different public keys. With Taproot, you can create, using special moon math, a single public key that represents your 2-of-3 setup. Then you just put two of your devices together, have them communicate to each other (this can be done airgapped, in theory, by sending QR codes: the software to do this is not even being built yet, but that's because Taproot hasn't activated yet!), and they will make a single signature to authorize any spend from your 2-of-3 address. That's 73 witness bytes -- 18.25 virtual bytes -- of signatures you save! And if you decide that your current setup with 1-of-1 P2PKH / P2WPKH addresses is just fine as-is: well, that's the whole point of a softfork: backwards-compatibility; you can receive from Taproot users just fine, and once your wallet is updated for Taproot-sending support, you can send to Taproot users just fine as well! (P2WPKH and P2WSH -- SegWit v0 -- addresses start with bc1q; Taproot -- SegWit v1 --- addresses start with bc1p, in case you wanted to know the difference; in bech32 q is 0, p is 1) Now how about HODLers who keep all, or some, of their coins on custodial services? Well, any custodial service worth its salt would be doing at least 2-of-3, or probably something even bigger, like 11-of-15. So your custodial service, if it switched to using Taproot internally, could save a lot more (imagine an 11-of-15 getting reduced from 11 signatures to just 1!), which --- we can only hope! --- should translate to lower fees and better customer service from your custodial service! So I think we can say, very accurately, that the Bitcoin principle --- that YOU are in control of your money --- can only be helped by Taproot (if you are doing multisignature), and, because P2PKH and P2WPKH remain validly-usable addresses in a Taproot future, will not be harmed by Taproot. Its benefit to this principle might be small (it mostly only benefits multisignature users) but since it has no drawbacks with this (i.e. singlesig users can continue to use P2WPKH and P2PKH still) this is still a nice, tidy win! (even singlesig users get a minor benefit, in that multisig users will now reduce their blockchain space footprint, so that fees can be kept low for everybody; so for example even if you have your single set of private keys engraved on titanium plates sealed in an airtight box stored in a safe buried in a desert protected by angry nomads riding giant sandworms because you're the frickin' Kwisatz Haderach, you still gain some benefit from Taproot) And here's the important part: if P2PKH/P2WPKH is working perfectly fine with you and you decide to never use Taproot yourself, Taproot will not affect you detrimentally. First do no harm!
Taproot and Your Contracts
No one is an island, no one lives alone. Give and you shall receive. You know: by trading with other people, you can gain expertise in some obscure little necessity of the world (and greatly increase your productivity in that little field), and then trade the products of your expertise for necessities other people have created, all of you thereby gaining gains from trade. So, contracts, which are basically enforceable agreements that facilitate trading with people who you do not personally know and therefore might not trust. Let's start with a simple example. You want to buy some gewgaws from somebody. But you don't know them personally. The seller wants the money, you want their gewgaws, but because of the lack of trust (you don't know them!! what if they're scammers??) neither of you can benefit from gains from trade. However, suppose both of you know of some entity that both of you trust. That entity can act as a trusted escrow. The entity provides you security: this enables the trade, allowing both of you to get gains from trade. In Bitcoin-land, this can be implemented as a 2-of-3 multisignature. The three signatories in the multisgnature would be you, the gewgaw seller, and the escrow. You put the payment for the gewgaws into this 2-of-3 multisignature address. Now, suppose it turns out neither of you are scammers (whaaaat!). You receive the gewgaws just fine and you're willing to pay up for them. Then you and the gewgaw seller just sign a transaction --- you and the gewgaw seller are 2, sufficient to trigger the 2-of-3 --- that spends from the 2-of-3 address to a singlesig the gewgaw seller wants (or whatever address the gewgaw seller wants). But suppose some problem arises. The seller gave you gawgews instead of gewgaws. Or you decided to keep the gewgaws but not sign the transaction to release the funds to the seller. In either case, the escrow is notified, and if it can sign with you to refund the funds back to you (if the seller was a scammer) or it can sign with the seller to forward the funds to the seller (if you were a scammer). Taproot helps with this: like mentioned above, it allows multisignature setups to produce only one signature, reducing blockchain space usage, and thus making contracts --- which require multiple people, by definition, you don't make contracts with yourself --- is made cheaper (which we hope enables more of these setups to happen for more gains from trade for everyone, also, moon and lambos). (technology-wise, it's easier to make an n-of-n than a k-of-n, making a k-of-n would require a complex setup involving a long ritual with many communication rounds between the n participants, but an n-of-n can be done trivially with some moon math. You can, however, make what is effectively a 2-of-3 by using a three-branch SCRIPT: either 2-of-2 of you and seller, OR 2-of-2 of you and escrow, OR 2-of-2 of escrow and seller. Fortunately, Taproot adds a facility to embed a SCRIPT inside a public key, so you can have a 2-of-2 Taprooted address (between you and seller) with a SCRIPT branch that can instead be spent with 2-of-2 (you + escrow) OR 2-of-2 (seller + escrow), which implements the three-branched SCRIPT above. If neither of you are scammers (hopefully the common case) then you both sign using your keys and never have to contact the escrow, since you are just using the escrow public key without coordinating with them (because n-of-n is trivial but k-of-n requires setup with communication rounds), so in the "best case" where both of you are honest traders, you also get a privacy boost, in that the escrow never learns you have been trading on gewgaws, I mean ewww, gawgews are much better than gewgaws and therefore I now judge you for being a gewgaw enthusiast, you filthy gewgawer).
Taproot and Your Contracts, Part 2: Cryptographic Boogaloo
Now suppose you want to buy some data instead of things. For example, maybe you have some closed-source software in trial mode installed, and want to pay the developer for the full version. You want to pay for an activation code. This can be done, today, by using an HTLC. The developer tells you the hash of the activation code. You pay to an HTLC, paying out to the developer if it reveals the preimage (the activation code), or refunding the money back to you after a pre-agreed timeout. If the developer claims the funds, it has to reveal the preimage, which is the activation code, and you can now activate your software. If the developer does not claim the funds by the timeout, you get refunded. And you can do that, with HTLCs, today. Of course, HTLCs do have problems:
Privacy. Everyone scraping the Bitcoin blockchain can see any HTLCs, and preimages used to claim them.
This can be mitigated by using offchain techniques so HTLCs are never published onchain in the happy case. Lightning would probably in practice be the easiest way to do this offchain. Of course, there are practical limits to what you can pay on Lightning. If you are buying something expensive, then Lightning might not be practical. For example, the "software" you are activating is really the firmware of a car, and what you are buying is not the software really but the car itself (with the activation of the car firmware being equivalent to getting the car keys).
Even offchain techniques need an onchain escape hatch in case of unresponsiveness! This means that, if something bad happens during payment, the HTLC might end up being published onchain anyway, revealing the fact that some special contract occurred.
And an HTLC that is claimed with a preimage onchain will also publicly reveal the preimage onchain. If that preimage is really the activation key of a software than it can now be pirated. If that preimage is really the activation key for your newly-bought cryptographic car --- well, not your keys, not your car!
Trust requirement. You are trusting the developer that it gives you the hash of an actual valid activation key, without any way to validate that the activation key hidden by the hash is actually valid.
Fortunately, with Schnorr (which is enabled by Taproot), we can now use the Scriptless Script constuction by Andrew Poelstra. This Scriptless Script allows a new construction, the PTLC or Pointlocked Timelocked Contract. Instead of hashes and preimages, just replace "hash" with "point" and "preimage" with "scalar". Or as you might know them: "point" is really "public key" and "scalar" is really a "private key". What a PTLC does is that, given a particular public key, the pointlocked branch can be spent only if the spender reveals the private key of the given public key to you. Another nice thing with PTLCs is that they are deniable. What appears onchain is just a single 2-of-2 signature between you and the developemanufacturer. It's like a magic trick. This signature has no special watermarks, it's a perfectly normal signature (the pledge). However, from this signature, plus some datta given to you by the developemanufacturer (known as the adaptor signature) you can derive the private key of a particular public key you both agree on (the turn). Anyone scraping the blockchain will just see signatures that look just like every other signature, and as long as nobody manages to hack you and get a copy of the adaptor signature or the private key, they cannot get the private key behind the public key (point) that the pointlocked branch needs (the prestige). (Just to be clear, the public key you are getting the private key from, is distinct from the public key that the developemanufacturer will use for its funds. The activation key is different from the developer's onchain Bitcoin key, and it is the activation key whose private key you will be learning, not the developer's/manufacturer's onchain Bitcoin key). So:
Privacy: PTLCs are private even if done onchain. Nobody else can learn what the private key behind the public key is, except you who knows the adaptor signature that when combined with the complete onchain signature lets you know what the private key of the activation key is. Somebody scraping the blockchain will not learn the same information even if all PTLCs are done onchain!
Lightning is still useful for reducing onchain use, and will also get PTLCs soon after Taproot is activated, but even if something bad happens and a PTLC has to go onchain, it doesn't reveal anything!
Trust issues can be proven more easily with a public-private keypair than with a hash-preimage pair.
For example, the developer of the software you are buying could provide a signature signing a message saying "unlock access to the full version for 1 day". You can check if feeding this message and signature to the program will indeed unlock full-version access for 1 day. Then you can check if the signature is valid for the purported pubkey whose private key you will pay for. If so, you can now believe that getting the private key (by paying for it in a PTLC) would let you generate any number of "unlock access to the full version for 1 day" message+signatures, which is equivalent to getting full access to the software indefinitely.
For the car, the manufacturer can show that signing a message "start the engine" and feeding the signature to the car's fimrware will indeed start the engine, and maybe even let you have a small test drive. You can then check if the signature is valid for the purported pubkey whose privkey you will pay for. If so, you can now believe that gaining knowledge of the privkey will let you start the car engine at any time you want.
(pedantry: the signatures need to be unique else they could be replayed, this can be done with a challenge-response sequence for the car, where the car gathers entropy somehow (it's a car, it probably has a bunch of sensors nowadays so it can get entropy for free) and uses the gathered entropy to challenge you to sign a random number and only start if you are able to sign the random number; for the software, it could record previous signatures somewhere in the developer's cloud server and refuse to run if you try to replay a previously-seen signature.)
Taproot lets PTLCs exist onchain because they enable Schnorr, which is a requirement of PTLCs / Scriptless Script. (technology-wise, take note that Scriptless Script works only for the "pointlocked" branch of the contract; you need normal Script, or a pre-signed nLockTimed transaction, for the "timelocked" branch. Since Taproot can embed a script, you can have the Taproot pubkey be a 2-of-2 to implement the Scriptless Script "pointlocked" branch, then have a hidden script that lets you recover the funds with an OP_CHECKLOCKTIMEVERIFY after the timeout if the seller does not claim the funds.)
Now if you were really paying attention, you might have noticed this parenthetical:
(technical details: a Taproot output is 1 version byte + 32 byte public key, while a P2WPKH (bech32 singlesig) output is 1 version byte + 20 byte public key hash...)
So wait, Taproot uses raw 32-byte public keys, and not public key hashes? Isn't that more quantum-vulnerable?? Well, in theory yes. In practice, they probably are not. It's not that hashes can be broken by quantum computes --- they're still not. Instead, you have to look at how you spend from a P2WPKH/P2PKH pay-to-public-key-hash. When you spend from a P2PKH / P2WPKH, you have to reveal the public key. Then Bitcoin hashes it and checks if this matches with the public-key-hash, and only then actually validates the signature for that public key. So an unconfirmed transaction, floating in the mempools of nodes globally, will show, in plain sight for everyone to see, your public key. (public keys should be public, that's why they're called public keys, LOL) And if quantum computers are fast enough to be of concern, then they are probably fast enough that, in the several minutes to several hours from broadcast to confirmation, they have already cracked the public key that is openly broadcast with your transaction. The owner of the quantum computer can now replace your unconfirmed transaction with one that pays the funds to itself. Even if you did not opt-in RBF, miners are still incentivized to support RBF on RBF-disabled transactions. So the extra hash is not as significant a protection against quantum computers as you might think. Instead, the extra hash-and-compare needed is just extra validation effort. Further, if you have ever, in the past, spent from the address, then there exists already a transaction indelibly stored on the blockchain, openly displaying the public key from which quantum computers can derive the private key. So those are still vulnerable to quantum computers. For the most part, the cryptographers behind Taproot (and Bitcoin Core) are of the opinion that quantum computers capable of cracking Bitcoin pubkeys are unlikely to appear within a decade or two.
Current quantum computers can barely crack prime factorization problem for primes of 5 bits.
The 256-bit elliptic curve use by Bitcoin is, by my (possibly wrong) understanding, equivalent to 4096-bit primes, so you can see a pretty big gap between now (5 bit primes) and what is needed (4096 bit primes).
A lot of financial non-Bitcoin systems use the equivalent of 3072-bit primes or less, and are probably easier targets to crack than the equivalent-to-4096-bit-primes Bitcoin.
Quantum computers capable of cracking Bitcoin are still far off.
Pay-to-public-key-hash is not as protective as you might think.
We will probably see banks get cracked before Bitcoin, so the banking system is a useful canary-in-a-coal-mine to see whether we should panic about being quantum vulnerable.
For now, the homomorphic and linear properties of elliptic curve cryptography provide a lot of benefits --- particularly the linearity property is what enables Scriptless Script and simple multisignature (i.e. multisignatures that are just 1 signature onchain). So it might be a good idea to take advantage of them now while we are still fairly safe against quantum computers. It seems likely that quantum-safe signature schemes are nonlinear (thus losing these advantages).
If you are a singlesig HODL-only Bitcoin user, Taproot will not affect you positively or negatively. Importantly: Taproot does no harm!
If you use or intend to use multisig, Taproot will be a positive for you.
If you transact onchain regularly using typical P2PKH/P2WPKH addresses, you get a minor reduction in feerates since multisig users will likely switch to Taproot to get smaller tx sizes, freeing up blockspace for yours.
If you are using multiparticipant setups for special systems of trade, Taproot will be a positive for you.
Remember: Lightning channels are multipartiicpiant setups for special systems of lightning-fast offchain trades!
I Wanna Be The Taprooter!
So, do you want to help activate Taproot? Here's what you, mister sovereign Bitcoin HODLer, can do!
If you have developer experience especially in C, C++, or related languages
Review the Taproot code! There is one pull request in Bitcoin Core, and one in libsecp256k1. I deliberately am not putting links here, to avoid brigades of nontechnical but enthusiastic people leaving pointless reviews, but if you are qualified you know how to find them!
But I am not a cryptographeBitcoin Core contributomathematician/someone as awesome as Pieter Wuille
That's perfectly fine! The cryptographers have been over the code already and agree the math is right and the implementation is right. What is wanted is the dreary dreary dreary software engineering: are the comments comprehensive and understandable? no misspellings in the comments? variable names understandable? reasonable function naming convention? misleading coding style? off-by-one errors in loops? conditions not covered by tests? accidental mixups of variables with the same types? missing frees? read-before-init? better test coverage of suspicious-looking code? missing or mismatching header guards? portability issues? consistent coding style? you know, stuff any coder with a few years of experience in coding anything might be able to catch. With enough eyes all bugs are shallow!
If you are running a mining pool/mining operation/exchange/custodial service/SPV server
Be prepared to upgrade!
One of the typical issues with upgrading software is that subtle incompatibilities with your current custom programs tend to arise, disrupting operations and potentially losing income due to downtime. If so, consider moving to the two-node setup suggested by gmax, which is in the last section of my previous post. With this, you have an up-to-date "public" node and a fixed-version "private" node, with the public node protecting the private node from any invalid chainsplits or invalid transactions. Moving to this setup from a typical one-node setup should be smooth and should not disrupt operations (too much).
If you are running your own fullnode for fun or for your own wallet
Be prepared to upgrade! The more nodes validating the new rules (even if you are a non-mining node!), the safer every softfork will be!
If you are using an SPV wallet or custodial wallet/service (including hardware wallets using the software of the wallet provider)
Contact your wallet provider / SPV server and ask for a statement on whether they support Taproot, and whether they are prepared to upgrade for Taproot! Make it known to them that Taproot is something you want!
But I Hate Taproot!!
Raise your objections to Taproot now, or forever hold your peace! Maybe you can raise them here and some of the devs (probably nullc, he goes everywhere, even in rbtc!) might be able to see your objections! Or if your objections are very technical, head over to the appropriate pull request and object away!
Maybe you simply misunderstand something, and we can clarify it here!
Or maybe you do have a good objection, and we can make Taproot better by finding a solution for it!
Public and private key pair cryptography is what powers the address system in Bitcoin - the cryptocurrency equivalent to a checking account. A new address can simply be generated programatically. Whenever a new one is required, I can use my interface of choice (perhaps a Bitcoin wallet) and make one. Cryptography is the process of communicating securely in an insecure environment – i.e. where other people can listen in and control the communication channel. The message you wish to send is converted to a cipher text that appears to be gibberish unless you know the secret to unlocking it. There are two main types of cryptography – symmetric and asymmetric. This article may be too technical for some users. The more basic article on Bitcoin Addresses may be more appropriate.. A Bitcoin address is a 160-bit hash of the public portion of a public/private ECDSA keypair. Using public-key cryptography, you can "sign" data with your private key and anyone who knows your public key can verify that the signature is valid. Bitcoin address is an identifier (account number), starting with 1 or 3 and containing 27-34 alphanumeric Latin characters (except 0, O, I). Bitcoin addresses can be also represented as a QR-code. The addresses are anonymous and do not contain information about the owner. Creating a Bitcoin Address in C. Currently, we have a private key and its corresponding public key in bytes. We wish to follow the scheme outlined earlier to create a bitcoin address. Here we will need to use the C openssl library (-lcrypto) to provide the required SHA256 and RIPEMD160 hashing functions. At the top of our .c file we require:
This is part 4 of the Blockchain tutorial explaining what cryptograhy is and also what encrypt and decrypt means. In this video series different topics will ... This video describes the inner-workings of Bitcoin. It provides three different versions, to highlight the drawbacks of each version and then presents the solutions given by Bitcoin. The last ... This video is part of an online course, Applied Cryptography. Check out the course here: https://www.udacity.com/course/cs387. Learn the properties of hashing algorithms, which algorithms are used in Bitcoin, and how hashes help secure cryptocurrency networks. public key vs bitcoin address - 053 public key vs bitcoin address. Difference between public and private key cryptography Cryptography is a science of writin...