How Lightning Network Messaging Enables Privacy – Bitcoin ...

Defi Coins List In Detail

A Detail List Of Defi Coin












submitted by jakkkmotivator to Latest_Defi_News [link] [comments]

Transcript of discussion between an ASIC designer and several proof-of-work designers from #monero-pow channel on Freenode this morning

[08:07:01] lukminer contains precompiled cn/r math sequences for some blocks:
[08:07:11] try that with RandomX :P
[08:09:00] tevador: are you ready for some RandomX feedback? it looks like the CNv4 is slowly stabilizing, hashrate comes down...
[08:09:07] how does it even make sense to precompile it?
[08:09:14] mine 1% faster for 2 minutes?
[08:09:35] naturally we think the entire asic-resistance strategy is doomed to fail :) but that's a high-level thing, who knows. people may think it's great.
[08:09:49] about RandomX: looks like the cache size was chosen to make it GPU-hard
[08:09:56] looking forward to more docs
[08:11:38] after initial skimming, I would think it's possible to make a 10x asic for RandomX. But at least for us, we will only make an ASIC if there is not a total ASIC hostility there in the first place. That's better for the secret miners then.
[08:13:12] What I propose is this: we are working on an Ethash ASIC right now, and once we have that working, we would invite tevador or whoever wants to come to HK/Shenzhen and we walk you guys through how we would make a RandomX ASIC. You can then process this input in any way you like. Something like that.
[08:13:49] unless asics (or other accelerators) re-emerge on XMR faster than expected, it looks like there is a little bit of time before RandomX rollout
[08:14:22] 10x in what measure? $/hash or watt/hash?
[08:14:46] watt/hash
[08:15:19] so you can make 10 times more efficient double precisio FPU?
[08:16:02] like I said let's try to be productive. You are having me here, let's work together!
[08:16:15] continue with RandomX, publish more docs. that's always helpful.
[08:16:37] I'm trying to understand how it's possible at all. Why AMD/Intel are so inefficient at running FP calculations?
[08:18:05] midipoet ([email protected]/web/ has joined #monero-pow
[08:18:17] hardware development works the other way round. We start with 1) math then 2) optimization priority 3) hw/sw boundary 4) IP selection 5) physical implementation
[08:22:32] This still doesn't explain at which point you get 10x
[08:23:07] Weren't you the ones claiming "We can accelerate ProgPoW by a factor of 3x to 8x." ? I find it hard to believe too.
[08:30:20] sure
[08:30:26] so my idea: first we finish our current chip
[08:30:35] from simulation to silicon :)
[08:30:40] we love this stuff... we do it anyway
[08:30:59] now we have a communication channel, and we don't call each other names immediately anymore: big progress!
[08:31:06] you know, we russians have a saying "it was smooth on paper, but they forgot about ravines"
[08:31:12] So I need a bit more details
[08:31:16] ha ha. good!
[08:31:31] that's why I want to avoid to just make claims
[08:31:34] let's work
[08:31:40] RandomX comes in Sep/Oct, right?
[08:31:45] Maybe
[08:32:20] We need to audit it first
[08:32:31] ok
[08:32:59] we don't make chips to prove sw devs that their assumptions about hardware are wrong. especially not if these guys then promptly hardfork and move to the next wrong assumption :)
[08:33:10] from the outside, this only means that hw & sw are devaluing each other
[08:33:24] neither of us should do this
[08:33:47] we are making chips that can hopefully accelerate more crypto ops in the future
[08:33:52] signing, verifying, proving, etc.
[08:34:02] PoW is just a feature like others
[08:34:18] sech1: is it easy for you to come to Hong Kong? (visa-wise)
[08:34:20] or difficult?
[08:34:33] or are you there sometimes?
[08:34:41] It's kind of far away
[08:35:13] we are looking forward to more RandomX docs. that's the first step.
[08:35:31] I want to avoid that we have some meme "Linzhi says they can accelerate XYZ by factor x" .... "ha ha ha"
[08:35:37] right? we don't want that :)
[08:35:39] doc is almost finished
[08:35:40] What docs do you need? It's described pretty good
[08:35:41] so I better say nothing now
[08:35:50] we focus on our Ethash chip
[08:36:05] then based on that, we are happy to walk interested people through the design and what else it can do
[08:36:22] that's a better approach from my view than making claims that are laughed away (rightfully so, because no silicon...)
[08:36:37] ethash ASIC is basically a glorified memory controller
[08:36:39] sech1: tevador said something more is coming (he just did it again)
[08:37:03] yes, some parts of RandomX are not described well
[08:37:10] like dataset access logic
[08:37:37] RandomX looks like progpow for CPU
[08:37:54] yes
[08:38:03] it is designed to reflect CPU
[08:38:34] so any ASIC for it = CPU in essence
[08:39:04] of course there are still some things in regular CPU that can be thrown away for RandomX
[08:40:20] uncore parts are not used, but those will use very little power
[08:40:37] except for memory controller
[08:41:09] I'm just surprised sometimes, ok? let me ask: have you designed or taped out an asic before? isn't it risky to make assumptions about things that are largely unknown?
[08:41:23] I would worry
[08:41:31] that I get something wrong...
[08:41:44] but I also worry like crazy that CNv4 will blow up, where you guys seem to be relaxed
[08:42:06] I didn't want to bring up anything RandomX because CNv4 is such a nailbiter... :)
[08:42:15] how do you guys know you don't have asics in a week or two?
[08:42:38] we don't have experience with ASIC design, but RandomX is simply designed to exactly fit CPU capabilities, which is the best you can do anyways
[08:43:09] similar as ProgPoW did with GPUs
[08:43:14] some people say they want to do asic-resistance only until the vast majority of coins has been issued
[08:43:21] that's at least reasonable
[08:43:43] yeah but progpow totally will not work as advertised :)
[08:44:08] yeah, I've seen that comment about progpow a few times already
[08:44:11] which is no surprise if you know it's just a random sales story to sell a few more GPUs
[08:44:13] RandomX is not permanent, we are expecting to switch to ASIC friendly in a few years if possible
[08:44:18] yes
[08:44:21] that makes sense
[08:44:40] linzhi-sonia: how so? will it break or will it be asic-able with decent performance gains?
[08:44:41] are you happy with CNv4 so far?
[08:45:10] ah, long story. progpow is a masterpiece of deception, let's not get into it here.
[08:45:21] if you know chip marketing it makes more sense
[08:45:24] linzhi-sonia: So far? lol! a bit early to tell, don't you think?
[08:45:35] the diff is coming down
[08:45:41] first few hours looked scary
[08:45:43] I remain skeptical: I only see ASICs being reasonable if they are already as ubiquitous as smartphones
[08:45:46] yes, so far so good
[08:46:01] we kbew the diff would not come down ubtil affter block 75
[08:46:10] yes
[08:46:22] but first few hours it looks like only 5% hashrate left
[08:46:27] looked
[08:46:29] now it's better
[08:46:51] the next worry is: when will "unexplainable" hashrate come back?
[08:47:00] you hope 2-3 months? more?
[08:47:05] so give it another couple of days. will probably overshoot to the downside, and then rise a bit as miners get updated and return
[08:47:22] 3 months minimum turnaround, yes
[08:47:28] nah
[08:47:36] don't underestimate asicmakers :)
[08:47:54] you guys don't get #1 priority on chip fabs
[08:47:56] 3 months = 90 days. do you know what is happening in those 90 days exactly? I'm pretty sure you don't. same thing as before.
[08:48:13] we don't do any secret chips btw
[08:48:21] 3 months assumes they had a complete design ready to go, and added the last minute change in 1 day
[08:48:24] do you know who is behind the hashrate that is now bricked?
[08:48:27] innosilicon?
[08:48:34] hyc: no no, and no. :)
[08:48:44] hyc: have you designed or taped out a chip before?
[08:48:51] yes, many years ago
[08:49:10] then you should know that 90 days is not a fixed number
[08:49:35] sure, but like I said, other makers have greater demand
[08:49:35] especially not if you can prepare, if you just have to modify something, or you have more programmability in the chip than some people assume
[08:50:07] we are chipmakers, we would never dare to do what you guys are doing with CNv4 :) but maybe that just means you are cooler!
[08:50:07] and yes, programmability makes some aspect of turnaround easier
[08:50:10] all fine
[08:50:10] I hope it works!
[08:50:28] do you know who is behind the hashrate that is now bricked?
[08:50:29] inno?
[08:50:41] we suspect so, but have no evidence
[08:50:44] maybe we can try to find them, but we cannot spend too much time on this
[08:50:53] it's probably not so much of a secret
[08:51:01] why should it be, right?
[08:51:10] devs want this cat-and-mouse game? devs get it...
[08:51:35] there was one leak saying it's innosilicon
[08:51:36] so you think 3 months, ok
[08:51:43] inno is cool
[08:51:46] good team
[08:51:49] IP design house
[08:51:54] in Wuhan
[08:52:06] they send their people to conferences with fake biz cards :)
[08:52:19] pretending to be other companies?
[08:52:26] sure
[08:52:28] ha ha
[08:52:39] so when we see them, we look at whatever card they carry and laugh :)
[08:52:52] they are perfectly suited for secret mining games
[08:52:59] they made at most $6 million in 2 months of mining, so I wonder if it was worth it
[08:53:10] yeah. no way to know
[08:53:15] but it's good that you calculate!
[08:53:24] this is all about cost/benefit
[08:53:25] then you also understand - imagine the value of XMR goes up 5x, 10x
[08:53:34] that whole "asic resistance" thing will come down like a house of cards
[08:53:41] I would imagine they sell immediately
[08:53:53] the investor may fully understand the risk
[08:53:57] the buyer
[08:54:13] it's not healthy, but that's another discussion
[08:54:23] so mid-June
[08:54:27] let's see
[08:54:49] I would be susprised if CNv4 ASICs show up at all
[08:54:56] surprised*
[08:54:56] why?
[08:55:05] is only an economic question
[08:55:12] yeah should be interesting. FPGAs will be near their limits as well
[08:55:16] unless XMR goes up a lot
[08:55:19] no, not *only*. it's also a technology question
[08:55:44] you believe CNv4 is "asic resistant"? which feature?
[08:55:53] it's not
[08:55:59] cnv4 = Rabdomx ?
[08:56:03] no
[08:56:07] cnv4=cryptinight/r
[08:56:11] ah
[08:56:18] CNv4 is the one we have now, I think
[08:56:21] since yesterday
[08:56:30] it's plenty enough resistant for current XMR price
[08:56:45] that may be, yes!
[08:56:55] I look at daily payouts. XMR = ca. 100k USD / day
[08:57:03] it can hold until October, but it's not asic resistant
[08:57:23] well, last 24h only 22,442 USD :)
[08:57:32] I think 80 h/s per watt ASICs are possible for CNv4
[08:57:38] linzhi-sonia where do you produce your chips? TSMC?
[08:57:44] I'm cruious how you would expect to build a randomX ASIC that outperforms ARM cores for efficiency, or Intel cores for raw speed
[08:57:48] curious
[08:58:01] yes, tsmc
[08:58:21] Our team did the world's first bitcoin asic, Avalon
[08:58:25] and upcoming 2nd gen Ryzens (64-core EPYC) will be a blast at RandomX
[08:58:28] designed and manufactured
[08:58:53] still being marketed?
[08:59:03] linzhi-sonia: do you understand what xmr wants to achieve, community-wise?
[08:59:14] Avalon? as part of Canaan Creative, yes I think so.
[08:59:25] there's not much interesting oing on in SHA256
[08:59:29] Inge-: I would think so, but please speak
[08:59:32] hyc: yes
[09:00:28] linzhi-sonia: i am curious to hear your thoughts. I am fairly new to this space myself...
[09:00:51] oh
[09:00:56] we are grandpas, and grandmas
[09:01:36] yet I have no problem understanding why ASICS are currently reviled.
[09:01:48] xmr's main differentiators to, let's say btc, are anonymity and fungibility
[09:01:58] I find the client terribly slow btw
[09:02:21] and I think the asic-forking since last may is wrong, doesn't create value and doesn't help with the project objectives
[09:02:25] which "the client" ?
[09:02:52] Monero GUI client maybe
[09:03:12] MacOS, yes
[09:03:28] What exactly is slow?
[09:03:30] linzhi-sonia: I run my own node, and use the CLI and Monerujo. Have not had issues.
[09:03:49] staying in sync
[09:03:49] linzhi-sonia: decentralization is also a key principle
[09:03:56] one that Bitcoin has failed to maintain
[09:04:39] hmm
[09:05:00] looks fairly decentralized to me. decentralization is the result of 3 goals imo: resilient, trustless, permissionless
[09:05:28] don't ask a hardware maker about physical decentralization. that's too ideological. we focus on logical decentralization.
[09:06:11] physical decentralization is important. with bulk of bitnoin mining centered on Chinese hydroelectric dams
[09:06:19] have you thought about including block data in the PoW?
[09:06:41] yes, of course.
[09:07:39] is that already in an algo?
[09:08:10] hyc: about "centered on chinese hydro" - what is your source? the best paper I know is this:
[09:09:01] linzhi-sonia: do you mine on your ASICs before you sell them?
[09:09:13] besides testing of course
[09:09:45] that paper puts Chinese btc miners at 60% max
[09:10:05] tevador: I think everybody learned that that is not healthy long-term!
[09:10:16] because it gives the chipmaker a cost advantage over its own customers
[09:10:33] and cost advantage leads to centralization (physical and logical)
[09:10:51] you guys should know who finances progpow and why :)
[09:11:05] but let's not get into this, ha ha. want to keep the channel civilized. right OhGodAGirl ? :)
[09:11:34] tevador: so the answer is no! 100% and definitely no
[09:11:54] that "self-mining" disease was one of the problems we have now with asics, and their bad reputation (rightfully so)
[09:13:08] I plan to write a nice short 2-page paper or so on our chip design process. maybe it's interesting to some people here.
[09:13:15] basically the 5 steps I mentioned before, from math to physical
[09:13:32] linzhi-sonia: the paper you linked puts 48% of bitcoin mining in Sichuan. the total in China is much more than 60%
[09:13:38] need to run it by a few people to fix bugs, will post it here when published
[09:14:06] hyc: ok! I am just sharing the "best" document I know today. it definitely may be wrong and there may be a better one now.
[09:14:18] hyc: if you see some reports, please share
[09:14:51] hey I am really curious about this: where is a PoW algo that puts block data into the PoW?
[09:15:02] the previous paper I read is from here
[09:15:38] hyc: you said that already exists? (block data in PoW)
[09:15:45] it would make verification harder
[09:15:49] linzhi-sonia:
[09:15:51] but for chips it would be interesting
[09:15:52] we discussed the possibility about a year ago
[09:16:05] oh good links! thanks! need to read...
[09:16:06] I think that paper by dryja was original
[09:17:53] since we have a nice flow - second question I'm very curious about: has anyone thought about in-protocol rewards for other functions?
[09:18:55] we've discussed micropayments for wallets to use remote nodes
[09:18:55] you know there is a lot of work in other coins about STARK provers, zero-knowledge, etc. many of those things very compute intense, or need to be outsourced to a service (zether). For chipmakers, in-protocol rewards create an economic incentive to accelerate those things.
[09:19:50] whenever there is an in-protocol reward, you may get the power of ASICs doing something you actually want to happen
[09:19:52] it would be nice if there was some economic reward for running a fullnode, but no one has come up with much more than that afaik
[09:19:54] instead of fighting them off
[09:20:29] you need to use asics, not fight them. that's an obvious thing to say for an asicmaker...
[09:20:41] in-protocol rewards can be very powerful
[09:20:50] like I said before - unless the ASICs are so useful they're embedded in every smartphone, I dont see them being a positive for decentralization
[09:21:17] if they're a separate product, the average consumer is not going to buy them
[09:21:20] now I was talking about speedup of verifying, signing, proving, etc.
[09:21:23] they won't even know what they are
[09:22:07] if anybody wants to talk about or design in-protocol rewards, please come talk to us
[09:22:08] the average consumer also doesn't use general purpose hardware to secure blockchains either
[09:22:14] not just for PoW, in fact *NOT* for PoW
[09:22:32] it requires sw/hw co-design
[09:23:10] we are in long-term discussions/collaboration over this with Ethereum, Bitcoin Cash. just talk right now.
[09:23:16] this was recently published though suggesting more uptake though I guess
[09:23:29] I find it pretty hard to believe their numbers
[09:24:03] well
[09:24:09] sorry, original article:
[09:24:11] just talk, no? rumors
[09:24:18] college students are already more educated than the average consumer
[09:24:29] we are not seeing many such customers anymore
[09:24:30] it's data from cisco monitoring network traffic
[09:24:33] and they're always looking for free money
[09:24:48] of course anyone with "free" electricity is inclined to do it
[09:24:57] but look at the rates, cannot make much money
[09:26:06] Ethereum is a bloated collection of bugs wrapped in a UI. I suppose they need all the help they can get
[09:26:29] Bitcoin Cash ... just another get rich quick scheme
[09:26:38] hmm :)
[09:26:51] I'll give it back to you, ok? ha ha. arrogance comes before the fall...
[09:27:17] maye we should have a little fun with CNv4 mining :)
[09:27:25] ;)
[09:27:38] come on. anyone who has watched their track record... $75M lost in ETH at DAO hack
[09:27:50] every smart contract that comes along is just waiting for another hack
[09:27:58] I just wanted to throw out the "in-protocol reward" thing, maybe someone sees the idea and wants to cowork. maybe not. maybe it's a stupid idea.
[09:29:18] linzhi-sonia: any thoughts on CN-GPU?
[09:29:55] CN-GPU has one positive aspect - it wastes chip area to implement all 18 hash algorithms
[09:30:19] you will always hear roughly the same feedback from me:
[09:30:52] "This algorithm very different, it heavy use floating point operations to hurt FPGAs and general purpose CPUs"
[09:30:56] the problem is, if it's profitable for people to buy ASIC miners and mine, it's always more profitable for the manufacturer to not sell and mine themselves
[09:31:02] "hurt"
[09:31:07] what is the point of this?
[09:31:15] it totally doesn't work
[09:31:24] you are hurting noone, just demonstrating lack of ability to think
[09:31:41] what is better: algo designed for chip, or chip designed for algo?
[09:31:43] fireice does it on daily basis, CN-GPU is a joke
[09:31:53] tevador: that's not really true, especially in a market with such large price fluctuations as cryptocurrency
[09:32:12] it's far less risky to sell miners than mine with them and pray that price doesn't crash for next six months
[09:32:14] I think it's great that crypto has a nice group of asicmakers now, hw & sw will cowork well
[09:32:36] jwinterm yes, that's why they premine them and sell after
[09:32:41] PoW is about being thermodynamically and cryptographically provable
[09:32:45] premining with them is taking on that risk
[09:32:49] not "fork when we think there are asics"
[09:32:51] business is about risk minimization
[09:32:54] that's just fear-driven
[09:33:05] Inge-: that's roughly the feedback
[09:33:24] I'm not saying it hasn't happened, but I think it's not so simple as saying "it always happens"
[09:34:00] jwinterm: it has certainly happened on BTC. and also on XMR.
[09:34:19] ironically, please think about it: these kinds of algos indeed prove the limits of the chips they were designed for. but they don't prove that you cannot implement the same algo differently! cannot!
[09:34:26] Risk minimization is not starting a business at all.
[09:34:34] proof-of-gpu-limit. proof-of-cpu-limit.
[09:34:37] imagine you have a money printing machine, would you sell it?
[09:34:39] proves nothing for an ASIC :)
[09:35:05] linzhi-sonia: thanks. I dont think anyone believes you can't make a more efficient cn-gpu asic than a gpu - but that it would not be orders of magnitude faster...
[09:35:24] ok
[09:35:44] like I say. these algos are, that's really ironic, designed to prove the limitatios of a particular chip in mind of the designer
[09:35:50] exactly the wrong way round :)
[09:36:16] like the cache size in RandomX :)
[09:36:18] beautiful
[09:36:29] someone looked at GPU designs
[09:37:31] linzhi-sonia can you elaborate? Cache size in RandomX was selected to fit CPU cache
[09:37:52] yes
[09:38:03] too large for GPU
[09:38:11] as I said, we are designing the algorithm to exactly fit CPU capabilities, I do not claim an ASIC cannot be more efficient
[09:38:16] ok!
[09:38:29] when will you do the audit?
[09:38:35] will the results be published in a document or so?
[09:38:37] I claim that single-chip ASIC is not viable, though
[09:39:06] you guys are brave, noone disputes that. 3 anti-asic hardforks now!
[09:39:18] 4th one coming
[09:39:31] 3 forks were done not only for this
[09:39:38] they had scheduled updates in the first place
[09:48:10] Monero is the #1 anti-asic fighter
[09:48:25] Monero is #1 for a lot of reasons ;)
[09:48:40] It's the coin with the most hycs.
[09:48:55] mooooo
[09:59:06] sneaky integer overflow, bug squished
[10:38:00] p0nziph0ne ([email protected]/vpn/privateinternetaccess/p0nziph0ne) has joined #monero-pow
[11:10:53] The convo here is wild
[11:12:29] it's like geo-politics at the intersection of software and hardware manufacturing for thermoeconomic value.
[11:13:05] ..and on a Sunday.
[11:15:43] midipoet: hw and sw should work together and stop silly games to devalue each other. to outsiders this is totally not attractive.
[11:16:07] I appreciate the positive energy here to try to listen, learn, understand.
[11:16:10] that's a start
[11:16:48] <-- p0nziph0ne ([email protected]/vpn/privateinternetaccess/p0nziph0ne) has quit (Quit: Leaving)
[11:16:54] we won't do silly mining against xmr "community" wishes, but not because we couldn'd do it, but because it's the wrong direction in the long run, for both sides
[11:18:57] linzhi-sonia: I agree to some extent. Though, in reality, there will always be divergence between social worlds. Not every body has the same vision of the future. Reaching societal consensus on reality tomorrow is not always easy
[11:20:25] absolutely. especially at a time when there is so much profit to be made from divisiveness.
[11:20:37] someone will want to make that profit, for sure
[11:24:32] Yes. Money distorts.
[11:24:47] Or of the two
[11:26:35] Too much physical money will distort rays of light passing close to it indeed.
submitted by jwinterm to Monero [link] [comments]

/r/Bitcoin FAQ - Newcomers please read

Welcome to the /Bitcoin Sticky FAQ

You've probably been hearing a lot about Bitcoin recently and are wondering what's the big deal? Most of your questions should be answered by the resources below but if you have additional questions feel free to ask them in the comments.
Some great introductions for new users are My first bitcoin, Bitcoin explained and ELI5 Bitcoin. Also, the following videos are a good starting point for understanding how bitcoin works and a little about its long term potential:
Also have to give mention to, the Princeton crypto series and James D'Angelo's Bitcoin 101 Blackboard series. Some excellent writing on Bitcoin's value proposition and future can be found at the Satoshi Nakamoto Institute. Bitcoin statistics can be found here, here and here. Developer resources can be found here, here and here. Peer-reviewed research papers can be found here. Potential upcoming protocol improvements here. Scaling resources here. The number of times Bitcoin was declared dead by the media can be found here (LOL!), and of course Satoshi Nakamoto's whitepaper that started it all! :)
Key properties of bitcoin

Where can I buy bitcoins?, and are helpful sites for beginners. You can buy or sell any amount of bitcoin and there are several easy methods to purchase bitcoin with cash, credit card or bank transfer. Some of the more popular resources are below, also, check out the bitcoinity exchange resources for a larger list of options for purchases.
Bank Transfer Credit / Debit card Cash
Gemini Bitstamp LocalBitcoins
Bitstamp Bitit Mycelium LocalTrader
BitFinex LibertyX CoinMama WallofCoins
Xapo Spectrocoin BitcoinOTC
Kraken Luno BitQuick
Bisq (decentralized)
Here is a listing of local ATMs. If you would like your paycheck automatically converted to bitcoin use Bitwage.
Note: Bitcoins are valued at whatever market price people are willing to pay for them in balancing act of supply vs demand. Unlike traditional markets, bitcoin markets operate 24 hours per day, 365 days per year. Preev is a useful site that that shows how much various denominations of bitcoin are worth in different currencies. Alternatively you can just Google "1 bitcoin in (your local currency)".

Securing your bitcoins

With bitcoin you can "Be your own bank" and personally secure your bitcoins OR you can use third party companies aka "Bitcoin banks" which will hold the bitcoins for you.
Android iOs Desktop
Samouari BreadWallet Electrum
Another interesting use case for physical storage/transfer is the Opendime. Opendime is a small USB stick that allows you to spend Bitcoin by physically passing it along so it's anonymous and tangible like cash.
Note: For increased security, use Two Factor Authentication (2FA) everywhere it is offered, including email!
2FA requires a second confirmation code to access your account, usually from a text message or app, making it much harder for thieves to gain access. Google Authenticator and Authy are the two most popular 2FA services, download links are below. Make sure you create backups of your 2FA codes.
Google Auth Authy
Android Android

Where can I spend bitcoins?

Check out spendabit or bitcoin directory for some good options, some of the more commons ones are listed below.
Store Product
Gyft Gift cards for hundreds of retailers including Amazon, Target, Walmart, Starbucks, Whole Foods, CVS, Lowes, Home Depot, iTunes, Best Buy, Sears, Kohls, eBay, GameStop, etc.
Steam, HumbleBundle, Games Planet,, g2g and kinguin For when you need to get your game on
Microsoft Xbox games, phone apps and software
Spendabit, Overstock, The Bitcoin Directory and BazaarBay Retail shopping with millions of results
ShakePay Generate one time use Visa cards in seconds
NewEgg and Dell For all your electronics needs, Coinbills, Piixpay,, Bylls,, Bitrefill, LivingRoomofSatoshi,, Coinsfer, More #1, #2 Bill payment
Menufy, Takeaway, Thuisbezorgd NL, Pizza For Coins Takeout delivered to your door!
Expedia, Cheapair, Lot, Destinia, BTCTrip, Abitsky, SkyTours, Fluege the Travel category on Gyft and 9flats For when you need to get away
BitHost VPS service
Cryptostorm, Mullvad, and PIA VPN services
Namecheap, Porkbun For new domain name registration
Stampnik Discounted USPS Priority, Express, First-Class mail postage
Reddit Gold Premium membership which can be gifted to others
Coinmap and AirBitz are helpful to find local businesses accepting bitcoins. A good resource for UK residents is at
There are also lots of charities which accept bitcoin donations, such as Wikipedia, United Way, ACLU and the EFF. You can find a longer list here.

Merchant Resources

There are several benefits to accepting bitcoin as a payment option if you are a merchant;
If you are interested in accepting bitcoin as a payment method, there are several options available;

Can I mine bitcoin?

Mining bitcoins can be a fun learning experience, but be aware that you will most likely operate at a loss. Newcomers are often advised to stay away from mining unless they are only interested in it as a hobby similar to folding at home. If you want to learn more about mining you can read more here. Still have mining questions? The crew at /BitcoinMining would be happy to help you out.
If you want to contribute to the bitcoin network by hosting the blockchain and propagating transactions you can run a full node using this setup guide. Bitseed is an easy option for getting set up. You can view the global node distribution here.

Earning bitcoins

Just like any other form of money, you can also earn bitcoins by being paid to do a job.
Site Description
WorkingForBitcoins, Bitwage, XBTfreelancer, Cryptogrind, Bitlancerr, Coinality, Bitgigs, /Jobs4Bitcoins, Rein Project Freelancing
OpenBazaar,, Bitify, /Bitmarket, 21 Market Marketplaces, NSFW, /GirlsGoneBitcoin NSFW Video Streaming
Bitasker, BitforTip Tasks, SatoshiBox, JoyStream, File Army File/Image Sharing
CoinAd, A-ads, Advertising
You can also earn bitcoins by participating as a market maker on JoinMarket by allowing users to perform CoinJoin transactions with your bitcoins for a small fee (requires you to already have some bitcoins)

Bitcoin Projects

The following is a short list of ongoing projects that might be worth taking a look at if you are interested in current development in the bitcoin space.
Project Description
Lightning Network, Amiko Pay, and Strawpay Payment channels for network scaling
Blockstream, Rootstock and Drivechain Sidechains
21, Inc. Open source library for the machine payable web Trade between bitcoins and altcoins easily
Open Transactions, Counterparty, Omni, Open Assets, Symbiont and Chain Financial asset platforms
Hivemind and Augur Prediction markets
Mediachain Decentralized media library
Tierion and Factom Records & Titles on the blockchain
BitMarkets, DropZone, Beaver and Open Bazaar Decentralized markets
Samourai and Dark Wallet - abandoned Privacy-enhancing wallets
JoinMarket CoinJoin implementation (Increase privacy and/or Earn interest on bitcoin holdings)
Coinffeine and Bisq Decentralized bitcoin exchanges
Keybase and Bitrated Identity & Reputation management
Telehash Mesh networking
JoyStream BitTorrent client with paid seeding
MORPHiS Decentralized, encrypted internet
Storj and Sia Decentralized file storage
Streamium Pay in real time for on-demand services
Abra Global P2P money transmitter network
bitSIM PIN secure hardware token between SIM & Phone
Identifi Decentralized address book w/ ratings system
BitGo Multisig bitcoin API
Bitcore Open source Bitcoin javascript library
Insight Open source blockchain API
Leet Kill your friends and take their money ;)

Bitcoin Units

One Bitcoin is quite large (hundreds of £/$/€) so people often deal in smaller units. The most common subunits are listed below:
Unit Symbol Value Info
millibitcoin mBTC 1,000 per bitcoin SI unit for milli i.e. millilitre (mL) or millimetre (mm)
microbitcoin μBTC 1,000,000 per bitcoin SI unit for micro i.e microlitre (μL) or micrometre (μm)
bit bit 1,000,000 per bitcoin Colloquial "slang" term for microbitcoin
satoshi sat 100,000,000 per bitcoin Smallest unit in bitcoin, named after the inventor
For example, assuming an arbitrary exchange rate of $10000 for one Bitcoin, a $10 meal would equal:
For more information check out the Bitcoin units wiki.
Still have questions? Feel free to ask in the comments below or stick around for our weekly Mentor Monday thread. If you decide to post a question in /Bitcoin, please use the search bar to see if it has been answered before, and remember to follow the community rules outlined on the sidebar to receive a better response. The mods are busy helping manage our community so please do not message them unless you notice problems with the functionality of the subreddit. A complete list of bitcoin related subreddits can be found here
Note: This is a community created FAQ. If you notice anything missing from the FAQ or that requires clarification you can edit it here and it will be included in the next revision pending approval.
Welcome to the Bitcoin community and the new decentralized economy!
submitted by BinaryResult to Bitcoin [link] [comments]

⚡ Lightning Network Megathread ⚡

Last updated 2018-01-29
This post is a collaboration with the Bitcoin community to create a one-stop source for Lightning Network information.
There are still questions in the FAQ that are unanswered, if you know the answer and can provide a source please do so!

⚡What is the Lightning Network? ⚡


Image Explanations:

Specifications / White Papers


Lightning Network Experts on Reddit

  • starkbot - (Elizabeth Stark - Lightning Labs)
  • roasbeef - (Olaoluwa Osuntokun - Lightning Labs)
  • stile65 - (Alex Akselrod - Lightning Labs)
  • cfromknecht - (Conner Fromknecht - Lightning Labs)
  • RustyReddit - (Rusty Russell - Blockstream)
  • cdecker - (Christian Decker - Blockstream)
  • Dryja - (Tadge Dryja - Digital Currency Initiative)
  • josephpoon - (Joseph Poon)
  • fdrn - (Fabrice Drouin - ACINQ )
  • pmpadiou - (Pierre-Marie Padiou - ACINQ)

Lightning Network Experts on Twitter

  • @starkness - (Elizabeth Stark - Lightning Labs)
  • @roasbeef - (Olaoluwa Osuntokun - Lightning Labs)
  • @stile65 - (Alex Akselrod - Lightning Labs)
  • @bitconner - (Conner Fromknecht - Lightning Labs)
  • @johanth - (Johan Halseth - Lightning Labs)
  • @bvu - (Bryan Vu - Lightning Labs)
  • @rusty_twit - (Rusty Russell - Blockstream)
  • @snyke - (Christian Decker - Blockstream)
  • @JackMallers - (Jack Mallers - Zap)
  • @tdryja - (Tadge Dryja - Digital Currency Initiative)
  • @jcp - (Joseph Poon)
  • @alexbosworth - (Alex Bosworth -

Medium Posts

Learning Resources


Desktop Interfaces

Web Interfaces

Tutorials and resources

Lightning on Testnet

Lightning Wallets

Place a testnet transaction

Altcoin Trading using Lightning

  • ZigZag - Disclaimer You must trust ZigZag to send to Target Address

Lightning on Mainnet

Warning - Testing should be done on Testnet

Atomic Swaps

Developer Documentation and Resources

Lightning implementations

  • LND - Lightning Network Daemon (Golang)
  • eclair - A Scala implementation of the Lightning Network (Scala)
  • c-lightning - A Lightning Network implementation in C
  • lit - Lightning Network node software (Golang)
  • lightning-onion - Onion Routed Micropayments for the Lightning Network (Golang)
  • lightning-integration - Lightning Integration Testing Framework
  • ptarmigan - C++ BOLT-Compliant Lightning Network Implementation [Incomplete]


Lightning Network Visualizers/Explorers



Payment Processors

  • BTCPay - Next stable version will include Lightning Network




Slack Channel

Discord Channel


⚡ Lightning FAQs ⚡

If you can answer please PM me and include source if possible. Feel free to help keep these answers up to date and as brief but correct as possible
Is Lightning Bitcoin?
Yes. You pick a peer and after some setup, create a bitcoin transaction to fund the lightning channel; it’ll then take another transaction to close it and release your funds. You and your peer always hold a bitcoin transaction to get your funds whenever you want: just broadcast to the blockchain like normal. In other words, you and your peer create a shared account, and then use Lightning to securely negotiate who gets how much from that shared account, without waiting for the bitcoin blockchain.
Is the Lightning Network open source?
Yes, Lightning is open source. Anyone can review the code (in the same way as the bitcoin code)
Who owns and controls the Lightning Network?
Similar to the bitcoin network, no one will ever own or control the Lightning Network. The code is open source and free for anyone to download and review. Anyone can run a node and be part of the network.
I’ve heard that Lightning transactions are happening “off-chain”…Does that mean that my bitcoin will be removed from the blockchain?
No, your bitcoin will never leave the blockchain. Instead your bitcoin will be held in a multi-signature address as long as your channel stays open. When the channel is closed; the final transaction will be added to the blockchain. “Off-chain” is not a perfect term, but it is used due to the fact that the transfer of ownership is no longer reflected on the blockchain until the channel is closed.
Do I need a constant connection to run a lightning node?
Not necessarily,
Example: A and B have a channel. 1 BTC each. A sends B 0.5 BTC. B sends back 0.25 BTC. Balance should be A = 0.75, B = 1.25. If A gets disconnected, B can publish the first Tx where the balance was A = 0.5 and B = 1.5. If the node B does in fact attempt to cheat by publishing an old state (such as the A=0.5 and B=1.5 state), this cheat can then be detected on-chain and used to steal the cheaters funds, i.e., A can see the closing transaction, notice it's an old one and grab all funds in the channel (A=2, B=0). The time that A has in order to react to the cheating counterparty is given by the CheckLockTimeVerify (CLTV) in the cheating transaction, which is adjustable. So if A foresees that it'll be able to check in about once every 24 hours it'll require that the CLTV is at least that large, if it's once a week then that's fine too. You definitely do not need to be online and watching the chain 24/7, just make sure to check in once in a while before the CLTV expires. Alternatively you can outsource the watch duties, in order to keep the CLTV timeouts low. This can be achieved both with trusted third parties or untrusted ones (watchtowers). In the case of a unilateral close, e.g., you just go offline and never come back, the other endpoint will have to wait for that timeout to expire to get its funds back. So peers might not accept channels with extremely high CLTV timeouts. -- Source
What Are Lightning’s Advantages?
Tiny payments are possible: since fees are proportional to the payment amount, you can pay a fraction of a cent; accounting is even done in thousandths of a satoshi. Payments are settled instantly: the money is sent in the time it takes to cross the network to your destination and back, typically a fraction of a second.
Does Lightning require Segregated Witness?
Yes, but not in theory. You could make a poorer lightning network without it, which has higher risks when establishing channels (you might have to wait a month if things go wrong!), has limited channel lifetime, longer minimum payment expiry times on each hop, is less efficient and has less robust outsourcing. The entire spec as written today assumes segregated witness, as it solves all these problems.
Can I Send Funds From Lightning to a Normal Bitcoin Address?
No, for now. For the first version of the protocol, if you wanted to send a normal bitcoin transaction using your channel, you have to close it, send the funds, then reopen the channel (3 transactions). In future versions, you and your peer would agree to spend out of your lightning channel funds just like a normal bitcoin payment, allowing you to use your lightning wallet like a normal bitcoin wallet.
Can I Make Money Running a Lightning Node?
Not really. Anyone can set up a node, and so it’s a race to the bottom on fees. In practice, we may see the network use a nominal fee and not change very much, which only provides an incremental incentive to route on a node you’re going to use yourself, and not enough to run one merely for fees. Having clients use criteria other than fees (e.g. randomness, diversity) in route selection will also help this.
What is the release date for Lightning on Mainnet?
Lightning is already being tested on the Mainnet Twitter Link but as for a specific date, Jameson Lopp says it best
Would there be any KYC/AML issues with certain nodes?
Nope, because there is no custody ever involved. It's just like forwarding packets. -- Source
What is the delay time for the recipient of a transaction receiving confirmation?
Furthermore, the Lightning Network scales not with the transaction throughput of the underlying blockchain, but with modern data processing and latency limits - payments can be made nearly as quickly as packets can be sent. -- Source
How does the lightning network prevent centralization?
Bitcoin Stack Exchange Answer
What are Channel Factories and how do they work?
Bitcoin Stack Exchange Answer
How does the Lightning network work in simple terms?
Bitcoin Stack Exchange Answer
How are paths found in Lightning Network?
Bitcoin Stack Exchange Answer
How would the lightning network work between exchanges?
Each exchange will get to decide and need to implement the software into their system, but some ideas have been outlined here: Google Doc - Lightning Exchanges
Note that by virtue of the usual benefits of cost-less, instantaneous transactions, lightning will make arbitrage between exchanges much more efficient and thus lead to consistent pricing across exchange that adopt it. -- Source
How do lightning nodes find other lightning nodes?
Stack Exchange Answer
Does every user need to store the state of the complete Lightning Network?
According to Rusty's calculations we should be able to store 1 million nodes in about 100 MB, so that should work even for mobile phones. Beyond that we have some proposals ready to lighten the load on endpoints, but we'll cross that bridge when we get there. -- Source
Would I need to download the complete state every time I open the App and make a payment?
No you'd remember the information from the last time you started the app and only sync the differences. This is not yet implemented, but it shouldn't be too hard to get a preliminary protocol working if that turns out to be a problem. -- Source
What needs to happen for the Lightning Network to be deployed and what can I do as a user to help?
Lightning is based on participants in the network running lightning node software that enables them to interact with other nodes. This does not require being a full bitcoin node, but you will have to run "lnd", "eclair", or one of the other node softwares listed above.
All lightning wallets have node software integrated into them, because that is necessary to create payment channels and conduct payments on the network, but you can also intentionally run lnd or similar for public benefit - e.g. you can hold open payment channels or channels with higher volume, than you need for your own transactions. You would be compensated in modest fees by those who transact across your node with multi-hop payments. -- Source
Is there anyway for someone who isn't a developer to meaningfully contribute?
Sure, you can help write up educational material. You can learn and read more about the tech at You can test the various desktop and mobile apps out there (Lightning Desktop, Zap, Eclair apps). -- Source
Do I need to be a miner to be a Lightning Network node?
No -- Source
Do I need to run a full Bitcoin node to run a lightning node?
lit doesn't depend on having your own full node -- it automatically connects to full nodes on the network. -- Source
LND uses a light client mode, so it doesn't require a full node. The name of the light client it uses is called neutrino
How does the lightning network stop "Cheating" (Someone broadcasting an old transaction)?
Upon opening a channel, the two endpoints first agree on a reserve value, below which the channel balance may not drop. This is to make sure that both endpoints always have some skin in the game as rustyreddit puts it :-)
For a cheat to become worth it, the opponent has to be absolutely sure that you cannot retaliate against him during the timeout. So he has to make sure you never ever get network connectivity during that time. Having someone else also watching for channel closures and notifying you, or releasing a canned retaliation, makes this even harder for the attacker. This is because if he misjudged you being truly offline you can retaliate by grabbing all of its funds. Spotty connections, DDoS, and similar will not provide the attacker the necessary guarantees to make cheating worthwhile. Any form of uncertainty about your online status acts as a deterrent to the other endpoint. -- Source
How many times would someone need to open and close their lightning channels?
You typically want to have more than one channel open at any given time for redundancy's sake. And we imagine open and close will probably be automated for the most part. In fact we already have a feature in LND called autopilot that can automatically open channels for a user.
Frequency will depend whether the funds are needed on-chain or more useful on LN. -- Source
Will the lightning network reduce BTC Liquidity due to "locking-up" funds in channels?
Stack Exchange Answer
Can the Lightning Network work on any other cryptocurrency? How?
Stack Exchange Answer
When setting up a Lightning Network Node are fees set for the entire node, or each channel when opened?
You don't really set up a "node" in the sense that anyone with more than one channel can automatically be a node and route payments. Fees on LN can be set by the node, and can change dynamically on the network. -- Source
Can Lightning routing fees be changed dynamically, without closing channels?
Yes but it has to be implemented in the Lightning software being used. -- Source
How can you make sure that there will be routes with large enough balances to handle transactions?
You won't have to do anything. With autopilot enabled, it'll automatically open and close channels based on the availability of the network. -- Source
How does the Lightning Network stop flooding nodes (DDoS) with micro transactions? Is this even an issue?
Stack Exchange Answer

Unanswered Questions

How do on-chain fees work when opening and closing channels? Who pays the fee?
How does the Lightning Network work for mobile users?
What are the best practices for securing a lightning node?
What is a lightning "hub"?
How does lightning handle cross chain (Atomic) swaps?

Special Thanks and Notes

  • Many links found from awesome-lightning-network github
  • Everyone who submitted a question or concern!
  • I'm continuing to format for an easier Mobile experience!
submitted by codedaway to Bitcoin [link] [comments]

News everyone

This is a big announcement for Electroneum. See bottom of this article for the full details of the blockchain tech update.
Some of our community have been worried about our blockchain tech, especially regarding ASIC miners and blockchain flooding. We will cover these below along with the announcement of some exciting major changes to the way our blockchain runs.
ETN Blockchain Update May 30th Monero (who we based our blockchain code on) perform an update approximately every 6 months, and this is a great practice, as it allows them to keep their technology moving forward and introduce new features. We will be following this model and our first major update (also known as a fork) is scheduled to take place at block 307500 which is approximately 10.30am BST on May 30th.
Don’t panic! – Forking explained It’s important for everyone to understand that whilst this is known as a fork, it is very different to Bitcoin forking to bitcoin cash or bitcoin gold. The fork will not result in two currencies, as all the exchanges and pools will update their software in advance of the update block and Electroneum will continue with an updated blockchain.
Time to test and implement The end of May gives our community plenty of time to test and comment on the code changes that we will post on GitHub by Friday 5th of May. It also gives plenty of time for every node owner to update their Electroneum nodes, ready for the update block.
Electroneum divergence from Monero We’ve always planned to move the Electroneum blockchain further towards reaching our goals, which in turn will move us away from Monero’s goals. We chose Monero because they’d written an awesome dynamic blocksize algorithm, but they also have some features that are not critical to Electroneum’s future. In this Electroneum update we’ve started to diverge away from some core Monero functionality. As we move towards a lean, fast blockchain to handle vast numbers of micropayments we need to lose some of the overhead that comes with the privacy of Monero. We are still going to be far more private than Bitcoin or Ethereum (for instance you won’t be able to look at someone else’s wallet balance), but by decreasing some of the privacy features we can fit significantly more transactions into a block, which is critical for our next stage of growth as our corporate partners start to bring on user numbers, and our vendor program starts delivering instant cryptocurrency acceptance into online and physical shops and stores. In short Monero is the best privacy coin in the world, where we need to be the best micropayment system in the world.
ETN Blockchain Tech Update (Details) Anti- ASIC. An ASIC is a computer chip that has been made for a specific task. In this instance the task is to mine the CryptoNight algorithm that Electroneum uses. We are implementing Anti-ASIC code to ensure we have maximum resistance to any network attack that could occur in the future. Limiting mining to GPU’s reduces the chances of a single entity possessing enough hashing power to attempt a 51% network attack. It’s important to note that there is no proof of a 51% network attack having taken place on the Electroneum blockchain. Transfer Fee Increase. There have been a lot of comments about our transfer fee being too low. It is important to our project that the fee remains low, because we are going to be focusing on instant payments and instant micropayments in the real world, and we need fees that are lower than typical debit / credit card fees. However, we have suffered from blockchain flooding so are taking steps to ensure we are resistant to this in the future. We have therefore decided to increase our base fee to 0.1 ETN. This is still a fraction of the cost of transfer of other cryptocurrencies, but still increases the difficulty of flooding by an order of magnitude. Combined with our other updates (below) this will give us more effective resistance to blockchain flooding. Increase block size before penalty. We have been enormously successful and seen some periods with huge amounts of legitimate blockchain transaction traffic. This, combined with blockchain flooding, has meant periods of blockchain delays. By increasing the block size before penalty, miners will be able to scale the blocks faster and get more transactions into a block. This will handle regular transactions and flood transactions, making delays less likely. Combined with the Fee increase this is a significant resistance enhancement to flooding. Disabling of RingCT & Mixin. RingCT was introduced by Monero whose main focus is privacy. Our main focus is bulk transactions for a mass audience, and thus we are disabling some of the privacy features of the blockchain. Disabling some privacy features means we can fit significantly more transactions into each block than with them enabled. This means less wait to get a transaction into a block and a leaner blockchain size. Wallets are still private as we will continue to use a new stealth wallet address for every blockchain transaction so there is still significantly more privacy than with Bitcoin or Ethereum, but considerably less privacy than with a privacy focused coin like Monero. Mempool life to 3 days. During high transactional volumes it is feasible that a transaction can remain in the mempool for 24 hours and reach the current limit. This would mean the transaction is returned to the sender, but that could take up to 7 days. By increasing the mempool life to 3 days (and in conjunction with some of the additional changes) we are ensuring a significant reduction in the possibility of these returned transactions. 2 minute blocks. Blocks are currently mined every minute. We are moving to two minute blocks which will significantly decrease the chance of an orphan block being created. Orphan blocks might contain transactions which will eventually (7 days) be returned or added to another block. Increasing the block time to 2 minutes has ramifications on the block reward which will be modified (see below). Block Reward. We are doubling the block reward to ensure daily ETN block reward remains the same, despite the fact that we are releasing blocks at half the current speed. This means there will be no discernable effect to miners or pools. Reduce difficulty window. Block difficulty window is being reduced. The block difficulty is calculated by looking at the last X blocks. It has come to our attention that by hitting the ETN blockchain with large powered rented hashing power gives the miner an advantage over a short period of time (until the difficulty algorithm catches up with the new hashing rate). We are reducing the difficulty window to reduce the benefit these periodic miners have and to discourage this practice, making the mining process fairer. This should have little or no effect on the difficulty number itself except during the exceptional circumstances described. Thanks for taking the time to read this update! If you are running an Electroneum node remember to update before May 30th. If you are using a pool, ensure you let their telegram or other social channel know that this update is critical and must be applied before May 30th, in advance of block 307500.
Have a great day everyone,
submitted by chindyagung to Electroneum [link] [comments]

What is Arf wallet? How do we it FREE and INSTANT? How are we different from LN?

It involves a platform (third party) that eliminates friction for users in terms of ease of onboarding, ease of operation, transaction speed and transaction cost. Similar to Lightning Network and Liquid, it interacts with Bitcoin but introduces a chain of operations to ensure instant and minimal-fee Bitcoin transfers without compromising users security.
To be specific, it is:
(1) the counterparty in a 2-of-2 multisignature address when a user creates an account, (2) the enabler of instant transactions by being the guarantor for the receiving party once the sender signed the initial transaction, (3) the aggregator of partially-signed unspent transaction outputs (UTXOs) and merge them into cheaper transactions in terms of fees (satoshis per byte), (4) the address book generator, mapping email addresses to Bitcoin addresses and notifying users
Obviously, the most important design choice is the addition of a third party to the system, namely the platform itself, which naturally raises questions on "trust". It is important to understand that:
• the platform is non-custodial, which means the platform by itself is unable to create any transaction that is not signed by the user first, • users will not experience any loss of funds in case either the platform or the user's system got hacked, • as a necessary trade-off in favor of fund security, if users lose their private keys, they will be unable to recover their funds, • there are no operational risks for users like in Lightning Network, namely, possible loss of funds in case of getting offline or a crashed hard drive, • everybody can participate in contrast to Blockstream Liquid, which only accepts cryptocurrency or digital asset exchanges
In order to enable instant transactions with Bitcoin, an off-chain mechanism should be introduced to finalize the transaction without committing final state to Bitcoin chain. In the proposed design, users will create an account on the platform which is presented as a wallet application. During that process, a 2-of-2 multisignature Native Pay-to-Witness-Script-Hash (P2WSH) address is created using the public keys of the user and the platform. After that point, users may deposit to or withdraw from that specific multisignature address. This mechanism is similar to Lightning Network’s Funding Transaction to open payment channels, or Green Address wallet creation. Once the multisignature address is successfully funded by the user, they may spend their Bitcoin (e.g. create transactions) via signing their UTXOs and sending it to the platform for the final signature. The whole account creation and spending process will work as follows:
(1) user will create a random seed in the wallet application and the first private and public key is created using the "BIP-32: Hierarchical Deterministic Wallets" method. Both seed and keys will never leave the (mobile) application, (2) user will send its public key to the platform, (3) platform will create a 2-of-2 multisignature Native Pay-to-Witness-Script-Hash (P2WSH) address using the users and its own public key and share that address with the user, (4) user will fund that address with Bitcoin, (5) user will query their Bitcoin balance and UTXOs, (6) user will create a raw Bitcoin transaction using the required amount of UTXOs as inputs and receiver addresses and amounts as outputs, (7) user will sign the raw transaction with signature hash type SIGHASH_NONE|SIGHASH_ANYONECANPAY (where single input is signed and all the other inputs and outputs are modifiable) or SIGHASH_SINGLE|SIGHASH_ANYONECANPAY (where single input and single output is signed and all the other inputs and outputs are modifiable), (8 ) user will send the partially-signed raw transaction to the platform to be signed and sent to the Bitcoin network, (9) platform will receive the partially-signed raw transaction, verify it and queue it for aggregation, (10) platform will signal the receiving party (merchant or user of the platform) instantly about payment completion and credit that user in the system in an off-chain way, (11) platform will finalize the aggregated transaction, add the required transaction fee based on network conditions, sign it with SIGHASH_ALL and broadcast it to the network
As seen in the flow above, the platform has the capability to signal the completion of payment to the receiver, once the sender has signed the initial transaction. However, besides all the improvements, the proposed system introduces two disadvantages. The first one is, due to the use of multisignature addresses the transaction sizes are bigger than the regular Bitcoin transactions. Roughly, a single signature is 70 bytes and a compressed public key in hexadecimal format is 33 bytes, so every additional signature (which is one in our case) adds up 100 bytes to the transaction. The second disadvantage is about internal risk. The platform notifies the receiver about payment completion however that state is not reflected on-chain. Basically, the platform is carrying this internal risk until the settlement is complete. Luckily, both of these disadvantages can either be eliminated or significantly reduced. Bitcoin is on the verge of adopting Schnorr signatures, that will reduce the multisignature size overhead drastically. Instead of storing all the signatures for every required party separately, Schnorr signature scheme makes it possible to use the space for just one signature, independent of the number of required signatures. About the second disadvantage, it would be possible for the platform to manage its internal risk by sending transactions more frequently. The platform may utilize two metrics: "total accumulated Bitcoin size in pending transactions" and "passed time since the last sent transaction" to dynamically reduce its risk.
Well, it's not exactly free for the platform in general but our process reduces fees so much that we are able to offer it free for end users.
Bitcoin transaction fee is a game-theoretic construct that is measured in satoshis per byte and fluctuates depending on the congestion of the Bitcoin network in terms of pending transactions (i.e. size of mempool). Highest historic daily average Bitcoin transaction fee is estimated as 985 satoshis per byte on the 12th of December 2017, right in the middle of the Bitcoin price spike. Even today, with all the custodial exchange wallets and Lightning Network, spikes in the exchange rate still trigger jumps in transaction fee unit prices. For example, on the 20th May 2019 average transaction fee price jumped to 212 satoshis per byte. In a nutshell, there are only two parameters that can be used to decrease the transaction fee: space and time. Currently, the most cost effective scheme to create transactions is using native SegWit (bech32) addresses. Based on savings for various transaction types, our 2-of-2 multisignature address case goes as high as 49%. On the other hand, it is possible to reduce transaction fees by just being "patient". If transaction confirmation is not urgent, it is possible to wait confirmation for a couple days and pay up to 92% less.
The platform not only utilizes both of these techniques (using bech32 addresses and patient spending) but also implements additional optimizations that are only possible by design. The unique opportunities for optimization are:
(1) aggregate and spend only completely consumed UTXOs, therefore saving up one output per payment attempt, per user (i.e. do not ever create and send to change addresses) (2) aggregate payments to same addresses together (i.e. SIGHASH_NONE|SIGHASH_ANYONECANPAY and SIGHASH_SINGLE|SIGHASH_ANYONECANPAY makes it possible to modify outputs) (3) aggregated transactions will be relatively big (over tens of inputs and outputs) and even though the satoshi per byte unit price is slightly lower compared to the other pending transactions, the higher mining fee alone will be attractive for adding that single aggregated transaction to the blockchain
These design choices come with a disadvantage: there are no change addresses created for the user and until the whole single UTXO is spent (or withdrawn by the user) the final state will not be visible on-chain. Once again, this is a calculated risk for the platform.
Lighting Network is a payment solution built on top of Bitcoin, that promises an instant, trustless and cheap way of making transactions. Lightning Network, is a peer-to-peer network, where peers are able to "lock" their Bitcoin on chain and able to transfer it to other parties via "channels". It is designed to create a network of micropayment channels that will address the scalability problem of the Bitcoin network. LN offers instant transactions on its off-chain payment channels, where on-chain transaction finality is reached after a number of transactions are routed off-chain, through a single channel or several channels based on channel liquidity and available nodes.
The routing capability of each lightning channel is determined by the funds locked on-chain by each peer with a significant trade-off which requires that both the sending and receiving end of a given channel must be funded at least by the amount of the transfer for a seamless routing. This brings about a serious liquidation shortage if a Bitcoin amount x must be routed through n number of channels. In such a case, not only must the entire route be funded with the amount of 2xn but also each of the locked funds yn on both the receiving and sending ends of the nodes must be greater than or equal to the amount of transfer x (yn ≥ x).
For example, if Peer A wants to transfer $10 to Peer C and this payment will be routed through Peer B then; The route A -> B -> C must be funded with at least 2 x 2 x $10 = $40 with the following channel fund distribution:
A -> $10 on sending end (sending to B), B -> $10 on receiving end (Receiving from A) + $10 on sending end (Sending to C) = $20, C -> $10 on receiving end (Receiving from B)
It is also critical to mention that this type of routing also requires that each of the peers A, B and C must maintain full Bitcoin nodes at all times that are never allowed to go offline. This requirement is to prevent the so-called fraudulent channel close where one peer (online) broadcasts the entire channel fund to the Bitcoin blockchain without the knowledge of the other (offline). It is also a major issue for user onboarding since opening, maintaining and funding an LN node require a relatively significant amount of technical know-how. To mitigate this issue, LN is working on so-called “Watchtowers” which are basically third party operators that are responsible for node maintenance. This is a trade-off in LN’s trustless structure in favor of better user experience where receiving parties must trust the watchtower operators with their funds. Another common trade-off is observed in third party products built on top of the LN where custodial wallets are generated on hosted LN nodes where wallet owners trust the third party products with channel liquidity, channel uptime and their funds.
Another shortcoming of the Lightning Network emerges in case of merchant payments where a merchant must keep all of their channels liquid enough to be able to continuously receive payments. If Peer C was a merchant in the above example they would not be able to transfer the $10 they received from A to a non-LN wallet if they wanted to keep receiving payments from the same channel. This problem is exacerbated by the recent beta release of “Lightning Loop” which allows a peer to transfer part of their locked channel funds to another wallet without closing the channel. If Peer C had used Lightning Loop to pull $5 from the channel before the transfer occurred they wouldn’t have been able to receive $10 from Peer A because of insufficient liquidation on their receiving end.
submitted by RufusJules to Arfone [link] [comments]

Bitcoin-NG: A Scalable Blockchain Protocol

Date: 2015-11-11
Author(s): Ittay Eyal, Adem Efe Gencer, Emin Gun Sirer, Robbert van Renesse

Link to Paper

Cryptocurrencies, based on and led by Bitcoin, have shown promise as infrastructure for pseudonymous online payments, cheap remittance, trustless digital asset exchange, and smart contracts. However, Bitcoin-derived blockchain protocols have inherent scalability limits that trade-off between throughput and latency and withhold the realization of this potential.This paper presents Bitcoin-NG, a new blockchain protocol designed to scale. Based on Bitcoin's blockchain protocol, Bitcoin-NG is Byzantine fault tolerant, is robust to extreme churn, and shares the same trust model obviating qualitative changes to the ecosystem.In addition to Bitcoin-NG, we introduce several novel metrics of interest in quantifying the security and efficiency of Bitcoin-like blockchain protocols. We implement Bitcoin-NG and perform large-scale experiments at 15% the size of the operational Bitcoin system, using unchanged clients of both protocols. These experiments demonstrate that Bitcoin-NG scales optimally, with bandwidth limited only by the capacity of the individual nodes and latency limited only by the propagation time of the network.

[1] Andresen, G. O(1) block propagation., retrieved July. 2015.
[2] Aspnes, J. Randomized protocols for asynchronous consensus. Distributed Computing 16, 2-3 (2003), 165–175.
[3] Back, A., Corallo, M., Dashjr, L., Friedenbach, M., Maxwell, G., Miller, A., Poelstra, A., Timn, J., and Wuille, P. Enabling blockchain innovations with pegged sidechains., 2014.
[4] Bamert, T., Decker, C., Elsen, L., Wattenhofer, R., and Welten, S. Have a snack, pay with Bitcoins. In Peer-to-Peer Computing (P2P), 2013 IEEE Thirteenth International Conference on (2013), IEEE, pp. 1–5.
[5] Bellare, M., and Rogaway, P. Random oracles are practical: A paradigm for designing efficient protocols. In Proceedings of the 1st ACM conference on Computer and communications security (1993), ACM, pp. 62–73.
[6] Bitcoin community. Bitcoin source., retrieved Mar. 2015.
[7] Bitcoin community. Protocol rules., retrieved Sep. 2013.
[8] Bitcoin community. Protocol specification., retrieved Sep. 2013.
[9] BlockTrail. BlockTrail API., retrieved Sep. 2015.
[10] Bonneau, J., Miller, A., Clark, J., Narayanan, A., Kroll, J. A., and Felten, E. W. Research perspectives on Bitcoin and second-generation cryptocurrencies. In Symposium on Security and Privacy (San Jose, CA, USA, 2015), IEEE.
[11] Buterin, V. Slasher: A punitive proof-of-stake algorithm., January 2015.
[12] CNNMoney Staff. The Ashley Madison 2 minutes., retrieved Sep. 2015.
[13] CoinDesk. Bitcoin venture capital., retrieved Sep. 2015.
[14] Colored Coins Project. Colored Coins., retrieved Sep. 2015.
[15] Corallo, M. High-speed Bitcoin relay network., November 2013.
[16] Decker, C., and Wattenhofer, R. Information propagation in the Bitcoin network. In IEEE P2P (Trento, Italy, 2013).
[17] Decker, C., and Wattenhofer, R. A fast and scalable payment network with Bitcoin Duplex Micropayment Channels. In Stabilization, Safety, and Security of Distributed Systems - 17th International Symposium, SSS 2015, Edmonton, AB, Canada, August 18-21, 2015, Proceedings (2015), Springer, pp. 3–18.
[18] Dwork, C., Lynch, N. A., and Stockmeyer, L. J. Consensus in the presence of partial synchrony. J. ACM 35, 2 (1988), 288–323.
[19] Eyal, I., Birman, K., and van Renesse, R. Cache serializability: Reducing inconsistency in edge transactions. In 35th IEEE International Conference on Distributed Computing Systems, ICDCS 2015, Columbus, OH, USA, June 29 - July 2, 2015 (2015), pp. 686–695.
[20] Eyal, I., and Sirer, E. G. Bitcoin is broken., 2013.
[21] Eyal, I., and Sirer, E. G. Majority is not enough: Bitcoin mining is vulnerable. In Financial Cryptography and Data Security (Barbados, 2014).
[22] Garay, J. A., Kiayias, A., and Leonardos, N. The Bitcoin backbone protocol: Analysis and applications. In Advances in Cryptology - EUROCRYPT 2015 - 34th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Sofia, Bulgaria, April 26-30, 2015, Proceedings, Part II (2015), pp. 281–310.
[23] Garcia-Molina, H. Elections in a distributed computing system. Computers, IEEE Transactions on 100, 1 (1982), 48–59.
[24] Hearn, M., and Spilman, J. Rapidly-adjusted (micro)payments to a pre-determined party., retrieved Sep. 2015.
[25] Heilman, E., Kendler, A., Zohar, A., and Goldberg, S. Eclipse attacks on Bitcoin’s peerto-peer network. In 24th USENIX Security Symposium, USENIX Security 15, Washington, D.C., USA, August 12-14, 2015. (2015), pp. 129–144.
[26] Kosba, A., Miller, A., Shi, E., Wen, Z., and Papamanthou, C. Hawk: The blockchain model of cryptography and privacy-preserving smart contracts. Cryptology ePrint Archive, Report 2015/675, 2015.
[27] Kroll, J. A., Davey, I. C., and Felten, E. W. The economics of Bitcoin mining or, Bitcoin in the presence of adversaries. In Workshop on the Economics of Information Security (2013).
[28] Lamport, L. Using time instead of timeout for fault-tolerant distributed systems. ACM Transactions on Programming Languages and Systems 6, 2 (Apr. 1984), 254–280.
[29] Le Lann, G. Distributed systems-towards a formal approach. In IFIP Congress (1977), vol. 7, Toronto, pp. 155–160.
[30] Lewenberg, Y., Sompolinsky, Y., and Zohar, A. Inclusive block chain protocols. In Financial Cryptography (Puerto Rico, 2015).
[31] Litecoin Project. Litecoin, open source P2P digital currency., retrieved Nov. 2014.
[32] Meiklejohn, S., Pomarole, M., Jordan, G., Levchenko, K., McCoy, D., Voelker, G. M., and Savage, S. A fistful of bitcoins: characterizing payments among men with no names. In Proceedings of the 2013 Internet Measurement Conference, IMC 2013, Barcelona, Spain, October 23-25, 2013 (2013), pp. 127–140.
[33] Miller, A., and Jansen, R. Shadow-Bitcoin: Scalable simulation via direct execution of multithreaded applications. IACR Cryptology ePrint Archive 2015 (2015), 469.
[34] Miller, A., and Jr., L. J. J. Anonymous Byzantine consensus from moderately-hard puzzles: A model for Bitcoin., 2009.
[35] Miller, A., Litton, J., Pachulski, A., Gupta, N., Levin, D., Spring, N., and Bhattacharjee, B. Preprint: Discovering Bitcoins public topology and influential nodes., 2015.
[36] Moraru, I., Andersen, D. G., and Kaminsky, M. Egalitarian Paxos. In ACM Symposium on Operating Systems Principles (2012).
[37] Nakamoto, S. Bitcoin: A peer-to-peer electronic cash system. bitcoin.pdf, 2008.
[38] Nayak, K., Kumar, S., Miller, A., and Shi, E. Stubborn mining: Generalizing selfish mining and combining with an eclipse attack. IACR Cryptology ePrint Archive 2015 (2015), 796.
[39] Pazmino, J. E., and da Silva Rodrigues, C. K. ˜ Simply dividing a Bitcoin network node may reduce transaction verification time. The SIJ Transactions on Computer Networks and Communication Engineering (CNCE) 3, 2 (February 2015), 17–21.
[40] Pease, M. C., Shostak, R. E., and Lamport, L. Reaching agreement in the presence of faults. J. ACM 27, 2 (1980), 228–234.
[41] Peck, M. E. Adam Back says the Bitcoin fork is a coup., Aug 2015.
[42] Poon, J., and Dryja, T. The Bitcoin Lightning Network., February 2015. Draft 0.5.
[43] Sapirshtein, A., Sompolinsky, Y., and Zohar, A. Optimal selfish mining strategies in Bitcoin. CoRR abs/1507.06183 (2015).
[44] Schneider, F. B. Implementing fault-tolerant services using the state machine approach: A tutorial. ACM Computing Surveys 22, 4 (Dec. 1990), 299–319.
[45] Sompolinsky, Y., and Zohar, A. Accelerating Bitcoin’s transaction processing. fast money grows on trees, not chains. In Financial Cryptography (Puerto Rico, 2015).
[46] Sompolinsky, Y., and Zohar, A. Secure high-rate transaction processing in Bitcoin. In Financial Cryptography and Data Security - 19th International Conference, FC 2015, San Juan, Puerto Rico, January 26-30, 2015, Revised Selected Papers (2015), pp. 507–527.
[47] Stathakopoulou, C. A faster Bitcoin network. Tech. rep., ETH, Z¨urich, January 2015. Semester Thesis, supervised by C. Decker and R. Wattenhofer.
[48] Swanson, E. Bitcoin mining calculator., retrieved Sep. 2013.
[49] The Ethereum community. Ethereum white paper., retrieved July. 2015.
[50] Wikipedia. List of cryptocurrencies., retrieved Oct. 2013.
submitted by dj-gutz to myrXiv [link] [comments]

Stegos: More trustless than ZCash, more scalable than Monero, more user-friendly than MimbleWimble

We live in an era of unprecedented state surveillance and crackdowns on freedom of transactions, expression, and even thought. But privacy is a universal human right that we must fight to preserve. There are various tools available which promise to ensure your privacy, such as encrypted email and messaging applications, but these leave highly visible clues about who you are and who you are talking to.
Stegos Privacy Blockchain is the best way to secure your data, transactions and communications. Unlike traditional email and online messaging services, it’s completely decentralized, cryptographically secure, and leaves no telltale clues in the open. It’s impossible to see who you send or receive information from, or even to see how you’re connecting to the Stegos blockchain. No one but the recipient can see what you’ve sent, and there’s nothing to link the information or communications to your real-life identity.
Issues with existing privacy blockchain implementations There are already several privacy blockchains, including Verge, Dash, ZCash, Monero, Grin and Beam, all offering different degrees of privacy and confidentiality. Unfortunately, all these blockchains also come with drawbacks. For example, Verge offers little privacy and nothing unique, Dash is not really private, ZCash requires you to trust it and Monero is hard to scale.
Grin and Beam, both based on MimbleWimble technology, require both sender and receiver to be online to complete a transaction, which is impractical for modern global communication and business needs. In addition, any node on the Grin/Beam network can listen in and trace coins being exchanged, so their coins are not fungible and can be easily tainted.
Last but not least, none of the above blockchains provide a platform for building privacy applications, drastically reducing their utility and accessibility.
Privacy technology implemented by Stegos
Using privacy technologies like pairing-based cryptography (PBC), BLS signatures, Schnorr signatures, Confidential Transactions (CT), stealth addresses, Bulletproofs, ValueShuffle, plus scalability via OmniLedger sharding, Stegos fixes the shortcomings of existing privacy coins and offers complete and total privacy with no usability drawbacks.
We improve on the blockchain status quo with BlockCrunch, Snowball and SafeData, technologies developed in-house, as well as the Trusted Application Container for easy and convenient deployment of new privacy apps built on the Stegos platform.
Anonymity, fungibility and untraceability
Anonymity, fungibility and untraceability are essential requirements of a privacy coin. Bitcoin is not anonymous, for example, as wallet addresses are public. Bitcoin is also not untraceable, as transaction history can be easily followed by using a block explorer, as well as specialized blockchain analysis tools.
Fungibility is the ability for one unit of a good or currency to be freely exchanged for another unit. For example, the US dollar is fungible, because any dollar bill can be exchanged for another one without loss of value. Bitcoin is not fungible for the same reason it’s not anonymous — all Bitcoin payments can be freely traced and coins can be labeled as tainted if they were ever used for illicit activity. Crypto exchanges and businesses may refuse to accept these tainted coins, making them less valuable compared to other coins. Exchange without loss of value is no longer possible and these coins are said to be non-fungible.
Fungibility is important, as the most recent recipient of any tainted coins may be left holding the bag, despite no knowledge of their prior illicit use. They might even lose access to their money if the tainted coins are sanctioned by the authorities. Confidential transactions improve fungibility by encrypting the input and output of each transaction, making it more difficult to differentiate tainted coins from untainted ones. But they do not completely solve the problem.
Like Monero and ZCash, Stegos uses one-time payment addresses. These make it impossible to identify recipients of a transaction, because every transaction is directed to a new and unique (stealth) address.
We implement confidential transactions by cloaking input and output amounts in each transaction and substituting them with their Pedersen committments. Only the sender and the recipient of the coins know the actual values used. We secure the transaction by proving that the sum of all inputs is greater or equal to the sum of all outputs. (It’s impossible to tell if a cloaked amount is positive or negative so also take the Bulletproof of the value of each cloaked amount, which proves that it falls within in a certain numerical range.)
We don’t store transactions in our blocks but instead simplify them down to inputs and outputs, MimbleWimble-style. This makes it almost impossible to trace transactions on our blockchain. While a malicious node implanted in our blockchain could theoretically collect and store transaction history in order to analyze it later and potentially taint coins or identify senders and receivers, this is both highly unlikely and impractical. This is also a problem common to other privacy technologies such as MimbleWimble.
Snowball, our protocol for mixing confidential transactions, builds on ValueShuffle to completely sever the relationship between inputs and outputs of each transaction, as well as senders and receivers, providing complete untraceability and fungibility.
Snowball forms pools of senders who wish to mix their transactions and then creates a super-transaction, mixing it using DiceMix. Then a collective signature is attached and the transaction is published. All anyone can see in a Snowball super-transaction is that all inputs are being spent and that each output is associated with one or more inputs. It is impossible to tell which output corresponds to which input.
Keeping the blockchain small
Lots of blockchains talk about reaching a million transactions per second (tps) but no one talks about how they are going to maintain a blockchain that’s growing that fast. Bitcoin only does 7 tps and the blockchain is expected to grow past 170gb by the end of this year. Non-cash transactions are estimated at 1.4 billion per day and are expected to grow quadratically, with the current volume translating to just 16k tps.
Using an average Bitcoin transaction of 250 bytes, this would generate 350 gigabytes every day, or 127 terabytes every year. This amount of data is completely unsustainable and could only be handled on a few very centralized supercomputers.
Stegos uses BLS instead of Schnorr signatures in its consensus protocol and for block signing. This allows us to simultaneously minimize network communications, improve processing speed, and keep the block size small by combining every signature in the block into a single signature.
We also directly address the problem of the ever-growing blockchain with BlockCrunch technology, a product of our in-house research and development. Instead of storing transactions in each block, we decompose them into Merkle trees of inputs and outputs. As they receive each block and before adding it to the end of their chain, Stegos validators apply cryptographically secure pruning to the inputs spent by each output. Then instead of being a ledger of every transaction ever made, like Bitcoin, the Stegos blockchain then is more like a database of unspent coins. This keeps the chain much smaller, and with no transaction history to trace there’s no way to compromise the privacy and fungibility of Stegos coins.
Say no to useless smart contracts
At Stegos, we firmly believe that smart contracts are useless and will continue to be useless for the foreseeable future, ERC20 tokens and CryptoKitties notwithstanding. Blockchain is a powerful mechanism for a decentralized and trustless exchange of data, though, and we harness this power with SafeData technology, as well as the Trusted Application Container (TAC), both products of in-house research.
With SafeData and our software development kit (SDK), developers can easily build mobile applications that exchange data with complete privacy and confidentiality. The Trusted Application Container (TAC) makes it easy to deploy privacy apps and provides these apps with a convenient programming interface (API) to access data stored on the blockchain, as well as collecting subscription payments for app use.
Inspired by WeChat and its use of mini-apps, we designed the TAC as a single mobile application with an integrated wallet that can run multiple privacy apps. Stegos privacy mini-apps can be developed using XML, CSS and JavaScript, technologies that all developers are already familiar with.
Keeping data on the blockchain
There are many applications that would benefit from storing data on the blockchain but cannot do so since the data needs to be frequently modified. A trading application or a decentralized exchange (DEX) would need to duplicate the entire order book every time it received a new quote or trade. Micropayments, e.g. paying for streaming short bursts of video, are another example of an appealing use case which is completely impractical in current blockchain approaches.
Frequently modified data consumes large amounts of blockchain space, even though only the most recent copy of the data is needed. Bitcoin and other blockchains have begun to develop Layer 2 technologies like Lightning Network and state channels to avoid storing frequently modified data on the blockchain. But there’s no need for such solutions with Stegos.
We secure data transactions by using the same Pedersen commitments and Bulletproofs as regular payment transactions. This lets us also prune spent data just as we prune spent coins, thus keeping the Stegos blockchain small and nimble.
Proof-of-stake consensus
Proof of stake (PoS) is a consensus algorithm where the creator of the next block is chosen via various combinations of random selection, as well as the wealth and age of staked funds. PoS blockchains are more energy efficient than currencies based on proof-of-work (PoW) algorithms.
Scalable bias-resistant distributed randomness is a critical component of Stegos. We use it to select validator groups and elect the leader of each consensus round, among other things. Stegos randomness is based on Verified Random Functions (VRF) and an improvement on RandHerd, a distributed protocol that enables a potentially large collection of servers to form a distributed public randomness beacon, which proactively generates a regular series of public random outputs.
Our randomness protocol generates a distributed public randomness beacon from BLS signatures on block headers. VRFs are used to exclude the possibility of stake grinding by the leader of each consensus round.
The Stegos consensus protocol is based on Practical Byzantine Fault Tolerance (pBFT) but adds strong consistency, which enables all validators to agree on the validity of blocks without wasting computing cycles to resolve forks and inconsistencies. As soon as a transaction appears in the blockchain, it can be considered confirmed.
We also adopt Collective Signing (CoSi), a scalable witness cosigning protocol ensuring that every authoritative statement is validated and publicly logged by a diverse group of witnesses before any client will accept it. CoSi builds on existing cryptographic multi-signature methods, scaling them to support thousands of witnesses via signature aggregation over efficient communications.
The default implementation of CoSi uses Schnorr signatures, which we replace with BLS signatures for performance reasons. The original design of CoSi uses Schnorr signatures and tree-based communications. We replace this with BLS signatures and gossip-based communications for security and performance reasons.
With no heavy-duty PoW calculations to perform, anyone can earn coins by running a Stegos node on the smartphone in their pocket and helping to validate Stegos transactions.
You can find more information about the project on our Github Wiki, including our whitepaper, technical paper, source code and demo video. Join us on Telegram to discuss this post.
submitted by stegos4privacy to u/stegos4privacy [link] [comments]

5 Popular Wallets to Experience Bitcoin Lighting Network

5 Popular Wallets to Experience Bitcoin Lighting Network
On March 15th, 2018, Elizabeth Stark, CEO of Lightning Labs, announced the birth of the first official beta version of the lightning network. The solution was supported by Twitter CEO Jack Dorsey, SpaceX investor Bill Lee and computer giant Microsoft, other prominent members of the encryption community also expressed their support.
A year later, the Lightning Network (LN) has made great strides. According to data from the LN monitoring website, the network has a capacity of 1057 BTC(about $4.3 million), which has increased by 50%+ in the past 30 days alone.[1]
With the continuous development of the lightning network, many wallets have publicly expressed support for the lightning network. However, most of the wallets have not yet completed the support on the product, only few of them are actual functional.
This guide will give a comprehensive overview of the most mature wallets that support bitcoin lighting network and will also introduce some fun APP with lighting network payment (LAPP) so that you can experience the Lighting network and have some fun.

1. Lighting Network Wallet(

Lighting Network Wallet is an Android based wallet can be downloaded at google play. It features a standalone SPV Bitcoin node with a fully functional built-in Lightning node and allows for sending and receiving of regular Bitcoin transactions as well as off-chain Lightning payments.
Although the name looks like an official wallet, it is actually a product from an individual developer - Anton Kumaigorodski. However, Lighting Network Wallet is indeed one of the first wallets on the market to support lightning networks. Despite being a personal product, Lighting Network Wallet has very good reputation in the market, and Anton Kumaigorodski is also an experienced blockchain wallet developer with other 3 wallet product.
The first-time open Lighting Network Wallet, choose a new wallet, the app will create a wallet and prompt the user to save the mnemonic phrase.
Then you can see on-chain funds and off-chain funds which refer to Bitcoin Wallet and Lightning Network Wallet. To use the lightning network, you must first transfer a certain amount of BTC into the Bitcoin wallet, and then use these BTCs to create a new channel by yourself.

2. Blue Wallet (

Blue Wallet is an on-chain bitcoin wallet which supports both traditional bitcoin model and custodial lightning network model. On Blue wallet, you can create custodial Lightning wallets (or choose to run your own node), that allows you to use the Lightning Network for payments, without the need to open channels, be online, provide liquidity or operate and maintain a node. This Lightning model is powered by the LNDhub.
This is how custodial model works: "when user sends his bitcoins to a dedicated top-up address, and this balance is added to his account on LndHub. Then, the user can use this balance to pay Lightning invoices. But under the hood, it’s actually LndHub who pays the invoice, deducting the user’s account balance. It works the same way when the user wants to receive a Lightning payment - it’s LndHub who creates Lightning invoice and actually receives bitcoins on one of its channels.[2]
Compared to non-custodial lighting network wallets, Blue is much easier to onboard since it’s a more centralized model. When you are using the Lightning Network functions you rarely have obstacles on picking up. It’s just like using a common centralized wallet. The Blue Wallet team just set up an underlying channel on behalf of you at the rear end. So strictly speaking, it’s not a fully decentralized Lightning Network solution. It’s more of a transitional product than a professional solution. The drawbacks of this solution are user transfers his funds in custody to a 3rd party (and we all know that trusted 3rd parties are security holes, thanks to Nick Szabo).
However, it can bring more users to the Lightning Network with better user experiences. Therefore, if you are a newbie, you can start from Blue Wallet. But blue wallet app is not stable enough, I always encountered the blank page of the interface, where allow me to do nothing but reinstall it.

3. Eclair Mobile (

Eclair Mobile is a wallet running by ACINQ, a well-known Lighting channel. And the name of "Eclair" actually is the word "Lightning" in French.
Like Lighting network wallet, after created a new wallet in Eclair, I put a small amount of bitcoin into the wallet first. Then I can start to open new LN channel with two options - open with a random LN node or open with ACINQ node. I choose the ACINQ code and pay the funding tx fee as it asks. After around 20 mins, a new LN channel was setup. Then I tried twice with the new channel. The first time, I use another LN wallet to transfer 10 Santoshi but failed. The reason why it failed maybe relate to the unstable of the bridge node. Then the second time, it works.
Interestingly, when closing the channel, it reminds me that I have to wait for 720+ blocks to get my BTC back. It is a really long time to wait.

4. Bitpie Wallet (

Unlike other lightning network wallets, Bitpie is **an on-chain wallet supports a lot of major blockchain such Bitcoin, Ethereum, EOS, USDT, LTC, DASH and even Tron.**Bitpie wallet came from the same team who develop Bither wallet( which is listed in for many years and it looks like they have huge user base in Asia.
Similar to Blue wallet, Bitpie lighting network wallet is also a custodial model which reduce users learning curve. To use LN, user have to switch to bitcoin wallet first then switch from on-chain bitcoin model to LN model. The rest things are same to all the lighting wallets. You can enter a specific amount to collect or scan or bar code to send some Santoshis. But as a custodial model wallet, you don’t have to choose node or setup channel.
As a custodial model LN wallet, the overall experience is user-friendly and smooth. Bitpie also has a LAPP marketplacewhere users are able to use LAPP in wallet.

5. Zap Wallet (

Zap Wallet is a Lightning network Wallet provides two clients - iOS and windows desktop version. Although ZAP wallet is one of most powerful lighting network wallet candidates, it is not a user-friendly wallet at this moment.
Compare to other wallets, it is a little bit hard to get start with ZAP wallet. Since it is still in early development stage, by default, ZAP will connect you to bitcoin testnet rather than mainnet and it will take hours for blockchain data synchronization before you can use it.
When the synchronization is complete, user will able connect to one of those existing nodes and send some tBTCs(testnet Bitcoins) to setup a lighting network channel in testnet. Zap is also functional on mainnet, but you have to setup your own LND node, do a lot of configuration in command line before you can actually use it. This is way complicated for users but for hardcore player**, ZAP is definitely the most powerful lighting network wallet.**

6. Have some fun with LAPPs

There are already some fun LAPPs that you can pay with Lighting Network. Only very few of them are serious commercial project, but we can definitely have some fun with those LAPPs.
1. Satoshi’s Place (
Satoshi's Place is a Lightning Network powered online collaborative artboard. There are 1 million pixels on the canvas. Each pixel costs 1 Santoshi to paint and pixels can be painted over indefinitely.
This is a great way to experience the power of micro-transactions through the Bitcoin Lightning Network and have some fun.
The editing tools built into the website make it easy to draw, and finally calculate the total pixels, and check out through the lightning network.
Can you find my paint?
2. Bitrefill(
Bitrefill is an e-commerce site that lets you refill prepaid mobile phone or buy gift card using bitcoin lighting network. It supports prepaid SIM cards from over 600 carriers in over 150 countries. Full privacy and the top up happen as soon as the transaction clears.
Compares to most experimental LAPP, Bitrefill is a serious commercial project which is rare in Lighting Network community. You can really use the lightning network to pay for what you need in your life such as phone bill, dominos gift card or reddit award.
In a nutshell, The lightning network has grown tremendously, but the entire lightning network is still at a very early stage compared to other mature blockchain networks. As an experimental solution to the micropayment, it still has a long way to go.
However, with the continuous support of more wallets and the continuous emergence of LAPP, Lightning Network already entered a channel of accelerated development. With this speed, maybe you will use the Lightning Network every day to pay for a subway ticket, a cup of coffee or a slice of pizza in near future. 📷
[1] [2]
submitted by Crypto_Huntsman to u/Crypto_Huntsman [link] [comments]

Why the Lightning Network will not work (and how to abuse it)

The following is a list of problems we must overcome before the The Lightning Network has a chance to succeed:

1. The penalty risk you take for broadcasting old contracts decreases as your channel balance approaches zero.

When you have no balance left in the channel you take no risk for trying to broadcast old contacts. You can’t lose more then what you have in the channel.

2. Too many invalid contracts for anyone to handle

Each new transaction will reveal the two keys to invalidate the previous contract/state. The amount of invalid contracts (contracts able to fraud someone) will increase with the number of transactions. Sending money from A to B with 10 hops will create 10 * 2 new invalid contracts. Remember this technology was designed to handle microtransactions and to solve the blockchain scaling issue. So what happens when this network scales to 56000 transactions per second (same as VISA max capacity). If we set the average number of hops to 10 - The network will generate 56000 * 10 * 2 (a million!) invalid contracts per second.
I know for Lightning Network to be successful users should not have to rely on themselves always being online to check the blockchain for fraud attempts.
Instead users will send all invalid contracts to a public registry attached with a bounty reward to the one catching the thief.
This public registry of invalid contracts will grow with a million entries per second! And at this rate we are not even better than VISA.
And how do we decentralize the list of old contracts? Remember this is about trust, having to trust a centralized server to do this job will be to vulnerable. Hacking this server will give you a perfect time to broadcast old beneficial states to the blockchain.
How about sending old bounty rewarded contracts to the P2P network? A million invalid contracts per second??? We’re now back at where we started. If nodes could handle this amount of data we should just remove the block size limit entirely.

3. The risk of getting caught VS how much is a succeeded fraud attempt worth?

Simply put, people will not be honest in this network. Fraud attempts will occur all the time when they statistically favours someone.
Let’s say we have a solution for the bounty reward registry (read problem #2).
There is nothing stopping you from using the public registry to see if your counterpart have published your contracts. If you can’t find them, they are either published in a private registry or not published at all (trusting themself to always be online).
From this information you first calculate the risk of getting caught based on if you can find the contract in the public registry or not.
Let’s say you cannot find your contract in any public registry - knowing this will give you a 1% chance to get away with the fraud (real numbers will be used once they are official).
Let’s say your current channel balance is: You: 0.001 BTC Him: 1.999 BTC
Going back to the initial state where both started at 1 BTC will give you 0.999 BTC if the froud would succeed. And this is while only risking 0.001 BTC if you get caught (which we calculated to be 99% of the time). What would you do? I’m definitely going for the fraud.
It’s not about cheating, every contract signed is real. Getting away with broadcasting old contracts is not like stealing. You have signed a contract giving him the right to do so! And he will succeed if someone is not paying attention! If this happens you have only yourself to blame.
What people don’t seem to understand is that you have to monitor your entire transaction history in the Lightning Network, even tiny microtransactions only routing thro you. If your plan is to use the channel for 1 year you will have a lot of transactions to monitor! Missing to monitor just one microtransaction can rollback your entire channel balance to the time when that microtransaction was handled.

4. High transaction fees.

Being involved in the routing is taking a risk, each transaction your involved in invalidates yet another contract someone constantly have to monitor. This is not a risk someone will take for free. The fee will NOT be a percentage of the transferred money. Hubs are taking the same risk regardless of money transferred. Even the smallest micropayment will generate an invalid contract capable of rollbacking the entire channel if not stored and monitored correctly!

5. Transactions on LN will not be private.

For the bounty reward registry to work (read problem #2) every transaction has to be public. Even if you don't publish your contracts - your channel counterpart might.

6. All open channels will at some point get stuck, when this happens your money is essentially gone.

This is also known as the fixed fee problem. When you open a channel you have to decide beforehand on what the blockchain fee should be when you at some point in the future wants to close the channel (by broadcasting the signed contract to the blockchain). We all know that the fees needed to get a transaction into the blockchain constantly rising.
This is a big problem. What it basically means is that there are always some point in the future where your fee is to low and your channel will get stuck. You can no longer close the channel.
You can try to, but it will never be included in the blockchain. The funny thing is that you can’t even rise the fee to help it through. Your only hope will be to ask your channel counterpart to sign a new contract with higher closing fee. Let’s say you have 1 BTC in the channel and your counterpart has 0 BTC. Do you expect him to help you for free? If I ended up in a situation like that I would help him close the channel for about 0.5 BTC. No less.

7. False security

The Lightning Network will at launch seem to work perfectly, this is an illusion building on false security. Why it works is because it will take some time until people learn how to fraud. It should be dead simple to broadcast old contracts. Every user must know how to do it. You should click on a channel, scroll to any previous transaction and click on the “Start Fraud Attempt” button. Until the fraud is this easy the security lies on people not knowing how to do it yet.
This is important, so if I have any developer reading this, planning to build a Lightening Wallet. Please include the “Start Fraud Attempt” button. If the Lightening Network is secure it should be secure even with that button right in front of every user!

8. The Lightning Network is already running on the bitcoin main net. Do you want their money? This is how you do.

You start two nodes. Send all your cash from one node to the other. Making yourself broke on one channel. This way you take 0 risk broadcasting the empty channels initial state to the blockchain :)
But watch your back! Your receiving node can as easy lose the money again if your not paying attension to the blockchain!
You might get the feeling after reading all this that I don’t want Lightning Network to succeed. That's not true. I want it to succeed. I want crypto to be the future. That's why I’m trying my best to break it.
submitted by drvnoo to Bitcoin [link] [comments]

EB106 – Christian Decker: Scaling Bitcoin With Duplex Micropayment Channels Bitcoin Micropayment Revolution? -- Bitcoin Free Speech -- 500,000 trades per second Bitcoin Duplex Micropayment Channels, Christian Decker How to Mine Bitcoins Using Your Own Computer - YouTube Story Of BitCoin - YouTube

When you enter all these factors into the Bitcoin mining calculator, the profitability of the mining operation is determined.The next day, when Alice starts work, they create a new micropayment channel. 3 Apr 2018 In the next 19 days, bitcoin plunged from ,009 to 0. 21504 Total views Crypto newbie Bitcoin is gaining popularity and the numbers of BTC users are constantly increasing too.The ... Educational Channel; Follow Feed; Crypto. Top Cryptocurrencies; PLUS1 Info & Faucet; Top Tokens; New Cryptocurrencies; Mining Profit Calculator; Crypto Converter; Streamer; Level 2; Bitcoin Micropayment App Money Button Goes Invisible April 20 2020 - 10:30AM PR Newswire (US) Print. SAN FRANCISCO, April 20, 2020 /PRNewswire/ -- One of the leaders in very low fee, ultra-fast microtransactions ... The micropayments channel allows bitcoin users to overcome this hassle by recording all the transactions happening over the channel just twice over the blockchain. Similar to opening a tab on a credit card in your favorite bar, the micropayment channel will record a transaction once the channel is created, by locking a certain amount of bitcoin for future transaction over the channel using OP ... Best known as one of the more ambitious technologies for increasing bitcoin’s throughput, implementations of the Lightning Network have yet to launch, partly because they depend on a yet-to-be-implemented protocol upgrade, known as Segregated Witness (SegWit). That’s where the version […] The Bitcoin payment act as a platform for virtual currency over the internet. The lightning network is a decentralized system for high-volume micropayments for removing the risk of delegating custody of funds to the third party. However, there are various problems with this technology including ...

[index] [22251] [51339] [45179] [12633] [39775] [26143] [11632] [18654] [18838] [36181]

EB106 – Christian Decker: Scaling Bitcoin With Duplex Micropayment Channels

エラーが発生しました。 での動画の視聴をお試しください。また、お使いのブラウザで JavaScript が無効になっている場合 August 6, 2013 -- Ontario, Canada -- I've got a dead cat bounce in my currency basket and this has drastically improved my well-being. Here are Today's MadBits: Bitcoin Prices continued to range ... This is a discussion and code walkthrough for bitcoinj micropayment channels. Dr. Christian Decker talks about Duplex Micropayment Channels at a Bitcoin Meetup in Zurich, April 2016 Before I start, I wish you guys Merry Christmas and happy new year! Since this is my first video after Christmas break, that has to be an awesome one and a m...