Principles of Bitcoin - Bitcoin Wiki

The list of best coins (in my humble opinion)

*This is not financial advice or suggestion. Just my opinion*
Legend:
"S" - super
"A" - really good
"B" - good
"C" - has potential
"D" - keeping an eye on it
"E" - coins to gamble on

Digibyte [DGB]: "S"
I mentioned this coin a few times already. It's because DGB is a true successor of Satoshi's philosophy. It's the purest coin in the market. DGB is the "people's money".

Dash [DASH]: "S"
DAO and masternodes are the future. Satoshi had a vision of altruism. But we cannot expect people to be altruists and lend their infrastructure for the wellbeing of others. The community is just not strong enough to do so. Masternodes are a meritatory focused system to reward those who are willing to lend their infrastructure to be a node in the network. It's a win-win situation for the network and the node owner. Besides acting as a node, it allowed the development of some other features like optional privacy and instant payments.

Monero [XMR]: "S"
When we think about cash, one of its best features that come to mind is privacy. Monero is probably the most famous privacy coin. Transactions are private by default. Another great thing that Monero is taking care of is the prevention of mining centralization. Being able to mine a coin with a CPU is probably one of the main concepts we forgot when it comes to allowing every person to participate in the network.

Vechain [VET]: "A"
If you think about the use-cases of blockchain, you cannot forget how impactful it will be for supply chains. So far, Vechain is one of the best solutions. It's also the most adopted for now.

Nexus [NXS]: "A"
NXS is a coin that deserves to be in the "S" category. But there's still a long way to go for it to achieve that rank. It's a forward-thinking project. They understood how far decentralization has to go to achieve the real meaning of the word. They even though of the quantum computer problem. Fast database, satellites, quantum-resistant, decentralized internet, and user-friendliness are just a few keywords they focus on while developing the coin.

Bitcoin [BTC]: "A"
I'm somehow ashamed to put Bitcoin this low. But let me explain why I did so, while still keeping it in my top list. First of all, I have to say: "Thank you Satoshi!". Bitcoin got this low on my list because I have a feeling too many powerful people got their hands on it. Some got in for the right reasons, while others are not so benevolent. Bitcoin is not "people money" anymore. IMO (very very humble opinion), Bitcoin was a demo project. A very successful demo project. Satoshi gave us an open-source code as a gift to do with it whatever we want. Blockchain is the gift he gave us, not Bitcoin. And we (the community) did it. Bitcoin became a brand. More people heard of the word "Bitcoin" then "cryptocurrency". On the bright side, Bitcoin is the biggest network in the world. While this is true, hodling some is a good idea.

Litecoin [LTC]: "B"
At its time, not many understood what Bitcoin is, and what potential blockchains as technology have. Imagine how forward-thinking was Mr. Charlie Lee. He created the first altcoin. Technology-wise, LTC is a different coin. Mr. Lee didn't just copy-paste the code and name it differently. In my eyes, LTC will always be the "crypto silver" making it a good store of value and medium of exchange.

Chainlink [LINK]: "B"
I believe the solution they are going to provide is too important for the crypto space to ignore it. Oracles are the future, but until we don't see real use-case, it will remain listed as "B". Another reason that doesn't give him the right to be higher in the list is that it's an Eth token.

Dogecoin [DOGE]: "C"
When you think about content creation, you'll see it's highly centralized. Creators depend on the platform's policies and bread crumbs those platforms leave them even after people click on ads. One of the solutions to reward good creators is to make a fast and easy to use tipping system. The first thing that crosses your mind are probably tokens. But imagine a blockchain of its own that enables fast and cheap transactions. Yes, DGB is the way to go. But there is a coin with higher inflation which you don't want to hold for a long time, but spent around to reward other's work that helped you in some way or you enjoy reading or watching. Dogecoin has the potential of becoming the chosen one for this exact purpose.

Verge [XVG]: "C"
When Wikileaks added BTC as a donation medium, Satoshi politely asked to remove it because we were poking the hornet's nest. I don't remember he's exact words, but this was the context. A similar thing happened to Verge. It was like the flight of Icarus. Pornhub listed it as an optional payment method drawing a lot of attention to it. Verge was not mature enough for that kind of exposure. After that, it suffered an attack, and people gave up on it. But if you look closely at the technology behind it, you'll see it's a really good coin. It offers privacy differently then Monero does. If you already haven't, I strongly encourage you to read about Verge's tech. You'll be amazed.

"D" coins:
Polkadot [DOT]
Ethereum [ETH]
Electroneum [ETN]
Cardano [ADA]
Siacoin [SC]

"E" coins:
Theta [THETA]
Zilliqa [ZIL]
Decred [DCR]
Golem [GNT]
Enjin [ENJ]
Zcoin [XZC]
Energi [NRG]

Thank you Satoshi!
submitted by BlueBloodStrawberry to SatoshisPhilosophy [link] [comments]

Transcript of how Philip the tyrant admin of the Bitcoin Cash Telegram group called Spoice stupid, an idiot, a parrot among other insults then banned her instead of discussing Bitcoin Cash. That Telegram group is hostile, ABC/IFP shills run and follows the rBitcoin toxic censorship modus operandi.

David B., [18.10.20 01:46]
https://www.reddit.com/btc/comments/jdagi3/whats_up_with_the_bchn_hypocrisy/

David B., [18.10.20 01:47]
Wut x2

J Stodd, [18.10.20 01:49]
[In reply to David B.]
Their words are meaningless. They have no principles. Wish i could comment but bitcoinxio banned me from rbtc and never told me why

David B., [18.10.20 01:59]
These comments are so toxic

Spoice, [18.10.20 01:59]
In reality, the real continuation of Bitcoin as we all know it is what is carried on by BCHN, BU, BCHD and others

Spoice, [18.10.20 02:00]
ABC is changing the rules to something that is not Bitcoin

Spoice, [18.10.20 02:00]
anyone denying those facts is selling you snake oil

Spoice, [18.10.20 02:00]
If Blockstream tried to take some % to their own benefit, we would have never needed BCH in the first place

Spoice, [18.10.20 02:00]
everyone would have rejected them in a second

J Stodd, [18.10.20 02:01]
[In reply to Spoice]
Bitcoin Cash is not Bitcoin to start with, so who cares?

David B., [18.10.20 02:01]
[ Album ]

Spoice, [18.10.20 02:01]
yet we have ABC trying to pull this theft and all those puppets think it's ok

Spoice, [18.10.20 02:01]
JSTodd that's bullshit

David B., [18.10.20 02:01]
Like trying to talk to a core maxi about altcoins

Spoice, [18.10.20 02:01]
Bitcoin Cash is the most Bitcoin out of all Bitcoins

Spoice, [18.10.20 02:01]
it is the continuation of what Satoshi started

David B., [18.10.20 02:02]
Tbh they aren't even toxic

Michael Nunzio, [18.10.20 02:02]
[In reply to Spoice]
If the hash follows then it is Bitcoin Cash. Only if it doesn't is your claim true

J Stodd, [18.10.20 02:03]
[In reply to Spoice]
Bitcoin is Bitcoin. Bitcoin failed to be Peer to Peer Cash, so Bitcoin Cash attempted to fix this by forking Bitcoin and attacking the root of the problem. This does not mean Bitcoin Cash is literally Bitcoin. Adopt a different argument. Sorry if you bought into that bc of Rogers rantings

J Stodd, [18.10.20 02:05]
Bitcoin Cash can replace Bitcoin, and if Bitcoin dies and BCH wins then sure maybe it can take its name from its grave, but they are different products, trying to say Bitcoin stopped being "Bitcoin" and became BCH is a self contradiction.

Jingles, [18.10.20 02:08]
Jstodd's got some good points.

Jingles, [18.10.20 02:08]
He's learnt so much in the last year ☺️

Spoice, [18.10.20 02:08]
"Bitcoin is Bitcoin" is a false statement. BTC is just an instance of Bitcoin. Bitcoin is the set of rules defined in the whitepaper first and foremost, it is peer to peer electronic cash. BTC no longer fits that criteria. Bitcoin Cash meets them. The fork proposed by ABC also fails to meet that criteria. Therefore the continuation of Bitcoin is in whatever BU, BCHN, Flowee and others will continue.

Jingles, [18.10.20 02:09]
What rules were defined in the WP?

Spoice, [18.10.20 02:10]
Let's see which rules aren't: 1) No coinbase tax going to any centralized entity such as ABC 2) No throttling of TX throughput such as BTC

Spoice, [18.10.20 02:10]
therefore they both fail the simple "Is this Bitcoin?" test

Spoice, [18.10.20 02:11]
Finally, Michael, if you think Hash rate defines what Bitcoin is, you should stick to BTC

Jingles, [18.10.20 02:11]
21 million coins isn't in the WP

Jingles, [18.10.20 02:11]
I asked what rules did the WP define.

Spoice, [18.10.20 02:12]
Because BCH failed that criteria since it forked, therefore your point is wrong

Spoice, [18.10.20 02:12]
https://www.metzdowd.com/pipermail/cryptography/2009-January/014994.html

Spoice, [18.10.20 02:12]
The announcement of the white paper included the 21 million limit, close enough

Jingles, [18.10.20 02:12]
HIs announcement isn't the WP

Spoice, [18.10.20 02:12]
show me where Satoshi said that Amaury shoudl tax the chain?

Spoice, [18.10.20 02:12]
Doesn't matter- close enough

Jingles, [18.10.20 02:12]
Bitcoin is the set of rules defined in the whitepaper first and foremost - You

Jingles, [18.10.20 02:13]
My ears pricked up on that comment, so I'm asking you what you meant.

Spoice, [18.10.20 02:13]
Correct. Changing the 21 million hard limit is still more Bitcoin than taxing the Coinbase, yet both will never ever happen. Not to Bitcoin anyway

Jingles, [18.10.20 02:13]
If you meant Satoj's writings pre and post WP then you should be clear about it

Spoice, [18.10.20 02:13]
some bastardized chain might, just not Bitcoin

Jingles, [18.10.20 02:14]
The closest we have to anything to indicate what is "Bitcoiness" is general things like "the longest chain"

Spoice, [18.10.20 02:14]
No, it is never a single thing

David B., [18.10.20 02:15]
REEEE

Jingles, [18.10.20 02:15]
trustless, no single trusted third parties, and rules can change due to incentives via consensus

Spoice, [18.10.20 02:15]
it is a set of common sense and experiment driven and historical relevance and initial parameters and "peer to peer electronic cash" definition indicators

Spoice, [18.10.20 02:15]
never a single thing

Jingles, [18.10.20 02:16]
[In reply to Spoice]
This is like the exact opposite of what you said earlier

Jingles, [18.10.20 02:16]
Bitcoin is defined by the rules in the WP, I mean common sense.

Jingles, [18.10.20 02:16]
🤷‍♂️

Spoice, [18.10.20 02:16]
Nope, the rule set is defined in the white paper should never change, but I never said all rules are defined in the white paper

Jingles, [18.10.20 02:16]
What rules?

Spoice, [18.10.20 02:16]
It is a union

Jingles, [18.10.20 02:17]
What rules are there?

Spoice, [18.10.20 02:17]
Rules in the white paper + what continued to define Bitcoin thereafter

J Stodd, [18.10.20 02:17]
[In reply to Spoice]
> "Bitcoin is Bitcoin is a false statement."
Alas, if we cannot agree on the law of identity, aka A=A, then i dont understand how to hold a conversation with you using logic.
> BTC is an instance of Bitcoin
No, BTC is a ticker used optionally by exchanges. Other common tickers for bitcoin include XBC, XBT, BC (correct me if im wrong on any of these)
> "Bitcoin is a set of rules in the whitepaper"
Super hard to defend this. Theres no mention of a 21M supply cap, no blocksize limit *at all*, and it also says additional rules and incentives can be enforced (implying maybe they should).

Jingles, [18.10.20 02:17]
I go through this with BSVers all the time. We have no spec sheet of rules defining what Bitcoin is from Satoshi.

Spoice, [18.10.20 02:18]
Rules such as what defines a correct block, miners receiving the full incentive of mining it, etc

Jingles, [18.10.20 02:18]
The WP is a highlevel document

Spoice, [18.10.20 02:18]
The WP is a description of a scientific experiment

Spoice, [18.10.20 02:18]
if you want to start your own experiment, be my guest

Jingles, [18.10.20 02:18]
[In reply to Spoice]
Valid tx rules aren't defined in the WP

Spoice, [18.10.20 02:18]
just don't try to call it Bitcoin

Jingles, [18.10.20 02:19]
The word majority is in the WP an awful lot wouldn't you say?

Spoice, [18.10.20 02:19]
Not valid TX rules, but what a proof of work block is and how it diverts the reward to the miner, etc

Jingles, [18.10.20 02:20]
[In reply to Spoice]
and? what about BTC doesn't apply?

Jingles, [18.10.20 02:20]
I'm not arguing for any fork of BCH here.

Spoice, [18.10.20 02:20]
It no longer meets the very title of the white paper experiment, "Peer to peer electronic cash"

Spoice, [18.10.20 02:20]
The BTC instance of the experiment is destined to move away from the very title of the white paper

Jingles, [18.10.20 02:20]
It's electronic, and I use it like cash.

Spoice, [18.10.20 02:20]
that the maintainers even wanted to edit the white paper (Cobra and co) because of this fact

J Stodd, [18.10.20 02:20]
u/Spoice When did BTC stop being Bitcoin in your view? The day Amaury decided to launch the fork, before Segwit happened?
If someone else launched a fork first, they would have been "the real bitcoin"?
This is a game of whoever forks first becomes the real Bitcoin?
What if two people launched a fork at the exact same time, maybe even with identical specs?

Jingles, [18.10.20 02:21]
Where did I go wrong?

Jingles, [18.10.20 02:21]
[In reply to Spoice]
Did they?

Spoice, [18.10.20 02:21]
Doesn't matter if you use it today, its very technical fabric will have to move your transactions to 2nd layers and it will no longer be peer to peer electronic cash on chain

Jingles, [18.10.20 02:21]
peer to peer electronic cash on chain - Not in the wp

Jingles, [18.10.20 02:22]
We have satoj talking about HFT with sidechannels.

Jingles, [18.10.20 02:22]
So what?

Jingles, [18.10.20 02:23]
I think this is a good discussion Phil, nothing disrespectful is being said. I hope this is ok?

Spoice, [18.10.20 02:23]
Doesn't matter, the rule of common sense, which is closer to that title? Increasing a simple variable (Blocksize) to stay on track of the title and experiment, or introduce IOUs and Watchtowers and channels and locked BTC and that whole LN Bastardization? Which is close to the title?

Jingles, [18.10.20 02:23]
No one said that can't happen

Michael Nunzio, [18.10.20 02:24]
[In reply to Spoice]
Congratulations you've made an argument which isn't an argument.

Jingles, [18.10.20 02:25]
The whole thing that was said was the system is based on majority rules, and incentives can be changed. Majority breaks any deadlock.

David B., [18.10.20 02:25]
How to kill a coin 101

Spoice, [18.10.20 02:25]
Logic fails anyone who tries to claim BTC, ABC, BSV or any similar standalone experiments as Bitcoin, because of simple sanity checks and logic checks, often stemming out of common sense - If what you have moves you a single step away from what is otherwise the same old experiment which Satoshi wrote about and unleashed, you're not Bitcoin. If what you have moves you a step closer, it is Bitcoin. and so on and so forth.

Phlip - Not giving away coins, [18.10.20 02:25]
Wow, really fanatical almost religious statements. I guess its Sunday morning.

Jingles, [18.10.20 02:27]
[In reply to Spoice]
There's nothing common about common sense. You point to the WP to make a point, and your point isn't in there.

Spoice, [18.10.20 02:27]
Throttled and you need off-chain IOUs and always-on services to function (BTC) ? Not Bitcoin. Requires permission to be used and could be centrally confiscated on the whim of the organization behind it (BSV)? Not Bitcoin. Premined (Bitcoin Gold, Diamond)? Not Bitcoin. Taxing the miners through Coinbase and changing the incentives which were at play since day 0 (ABC)? Not Bitcoin

Spoice, [18.10.20 02:27]
simple checks really, yet those who are set to benefit will of course be oblivious to these

Phlip - Not giving away coins, [18.10.20 02:28]
This whole “Bitcoin Cash is the true Bitcoin - see whitepaper” is really stupid. It also ignores the history of how Bitcoin Cash came into existence

Jingles, [18.10.20 02:28]
Phillip, remove anyone here that has said Bitcoin Gold was the original Bitcoin immediately

Jingles, [18.10.20 02:28]
^^^^

Jingles, [18.10.20 02:29]
[In reply to Phlip - Not giving away coins]
It falls to pieces the moment it's questioned.

Spoice, [18.10.20 02:29]
It is not about "True" Bitcoin

Spoice, [18.10.20 02:30]
It is about the Bitcoin closest to the experiment which always was

Spoice, [18.10.20 02:30]
I don't care about "True" or not, they all are true

Phlip - Not giving away coins, [18.10.20 02:30]
[In reply to Jingles]
Sorry, I hve stopped reading all the sillyness above. Will reread later

Jingles, [18.10.20 02:30]
[In reply to Phlip - Not giving away coins]
I'm joking around 😂

Spoice, [18.10.20 02:30]
but the rule of entropy says I shouldn't place my money nor effort in experiments which are set to fade eventually, because they have skewed incentives

Phlip - Not giving away coins, [18.10.20 02:31]
[In reply to Spoice]
You get to chose that for yourself but you do not get to dictate it for others

David B., [18.10.20 02:31]
[In reply to Phlip - Not giving away coins]
Don't read it. You will have no braincells left

Spoice, [18.10.20 02:31]
Bitcoin as we know it has a long track record of incentives which work

Spoice, [18.10.20 02:31]
I won't ever dictate it for others

Spoice, [18.10.20 02:31]
I only would dictate it for myself, just like how I never use BTC or BSV today, I won't use ABC tomorrow

Spoice, [18.10.20 02:32]
only because they're new experiments

Spoice, [18.10.20 02:32]
interesting, and I wish them luck

Jingles, [18.10.20 02:32]
"Bitcoin is Bitcoin" is a false statement - Spoice 2020

Spoice, [18.10.20 02:32]
but I would rather stick to the Bitcoin I know

Spoice, [18.10.20 02:32]
that's all

Jingles, [18.10.20 02:32]
I won't ever dictate it for others - Also Spoice
Phlip - Not giving away coins, [18.10.20 02:32]
Bitcoin Cash came with a plan snd goals. They were clearly presented in two presentations that happened before viabtc announced they would mine with ABC software and create a coin and chain named Bitcoin Cash

Spoice, [18.10.20 02:32]
Yes, because he means BTC is Bitcoin, and that's a false statement

Jingles, [18.10.20 02:32]
How is it false?

Spoice, [18.10.20 02:32]
It is an instance of Bitcoin

Jc Crown [ I DON'T DM PEOPLE - DON'T GIVE ME MONEY! ], [18.10.20 02:33]
[In reply to Michael Nunzio]
you're looking intimidatingly handsome in your new profile picture

Phlip - Not giving away coins, [18.10.20 02:33]
[In reply to Jc Crown [ I DON'T DM PEOPLE - DON'T GIVE ME MONEY! ]]
Lol

Jc Crown [ I DON'T DM PEOPLE - DON'T GIVE ME MONEY! ], [18.10.20 02:33]
[In reply to J Stodd]
actually a good question

Spoice, [18.10.20 02:34]
Anyway, those are my two cents

Spoice, [18.10.20 02:34]
Everyone is free to choose which experiments to pour their effort on and their money in

Phlip - Not giving away coins, [18.10.20 02:34]
[In reply to Spoice]
You are entitled to your opinion.

Spoice, [18.10.20 02:34]
Andreas is publishing Lightning Network books, I mean

Spoice, [18.10.20 02:34]
So to each his own

Phlip - Not giving away coins, [18.10.20 02:35]
[In reply to Spoice]
Lets leave it at that

Spoice, [18.10.20 02:35]
but Bitcoin as I know it continues with no Tax, and that in my opinion is BCH with no tax

Phlip - Not giving away coins, [18.10.20 02:35]
Ah you had to continue

Phlip - Not giving away coins, [18.10.20 02:36]
Good thing no tax is proposed by anyone
Spoice, [18.10.20 02:35]
Isn't this the Bitcoin Cash telegram?

Jc Crown [ I DON'T DM PEOPLE - DON'T GIVE ME MONEY! ], [18.10.20 02:35]
😅

Spoice, [18.10.20 02:36]
If I don't discuss Bitcoin Cash here, where should I?

Spoice, [18.10.20 02:36]
Tax, IFP, call it what you will

Spoice, [18.10.20 02:36]
from my perspective as a user, it's one the same

J Stodd, [18.10.20 02:36]
[In reply to Jc Crown [ I DON'T DM PEOPLE - DON'T GIVE ME MONEY! ]]
I bet nobody will answer it, either

Phlip - Not giving away coins, [18.10.20 02:37]
[In reply to Spoice]
Apparently btc /s

David B., [18.10.20 02:37]
[In reply to Spoice]
As a user what do you care?

Jingles, [18.10.20 02:37]
Ooh, can I shill the Bitcoin room in here?

Spoice, [18.10.20 02:37]
Nah, I prefer quick responses and chats

Spoice, [18.10.20 02:37]
Reddit is broken

Phlip - Not giving away coins, [18.10.20 02:37]
[In reply to Jingles]
Lol

J Stodd, [18.10.20 02:37]
[In reply to Spoice]
Nobody even pays it, it just comes out of the block reward. The block reward is not sentient, it cannot be stolen from or wronged

Phlip - Not giving away coins, [18.10.20 02:37]
Dont push your luck 😉

Jingles, [18.10.20 02:37]
[ 😀 Sticker ]

Michael Nunzio, [18.10.20 02:38]
[In reply to Jc Crown [ I DON'T DM PEOPLE - DON'T GIVE ME MONEY! ]]
You too brother. 🙏

Jc Crown [ I DON'T DM PEOPLE - DON'T GIVE ME MONEY! ], [18.10.20 02:38]
[In reply to Michael Nunzio]
but mine is the same....i need new ones everyone always calls me fat because of this one

Jc Crown [ I DON'T DM PEOPLE - DON'T GIVE ME MONEY! ], [18.10.20 02:38]
literally if i say 1 thing to any troll anywhere first thing they say is "ok fatass"

Jc Crown [ I DON'T DM PEOPLE - DON'T GIVE ME MONEY! ], [18.10.20 02:38]
i blame this dumb photographer

Michael Nunzio, [18.10.20 02:38]
[In reply to Jc Crown [ I DON'T DM PEOPLE - DON'T GIVE ME MONEY! ]]
Don't listen.

Phlip - Not giving away coins, [18.10.20 02:39]
u/spoice maybe write a read.cash article if you really feel you need to educate people

Spoice, [18.10.20 02:39]
David, as a user I believe that each new experiment carries risk with it, why should I take part in a new fork of Bitcoin which has a new set of game-theory rules which doesn't even benefit me, rather it benefits some other entity which will take 5% of any effort or economic activity I produce on this chain? They're also off-loading the risk to me as a usebuildebusiness who choose to join their experiment.

Spoice, [18.10.20 02:40]
Why should I take that risk while the Bitcoin I know and have known for over 10 years worked perfectly for me thus far? (BCH, that is)

Jingles, [18.10.20 02:40]
small fees and empty blocks?

Jc Crown [ I DON'T DM PEOPLE - DON'T GIVE ME MONEY! ], [18.10.20 02:41]
It will insure that a centralized group has control over development and they are by decree in the code, it's a literal take over.

Phlip - Not giving away coins, [18.10.20 02:41]
[In reply to Spoice]
“BSV-freeze the protocol - true Bitcoin” sounds like more your thing

David B., [18.10.20 02:41]
[In reply to Spoice]
Better run bitcoin core 0.1

Jc Crown [ I DON'T DM PEOPLE - DON'T GIVE ME MONEY! ], [18.10.20 02:41]
Imagine if satoshi keyd his address in the code to be paid out of every block, but instead of paying himself started a company "Bitcoin Dev Co"

Spoice, [18.10.20 02:42]
Not really, BSV kills the incentives I am discussing too

Phlip - Not giving away coins, [18.10.20 02:42]
[In reply to Jingles]
Please stay nice now

Jc Crown [ I DON'T DM PEOPLE - DON'T GIVE ME MONEY! ], [18.10.20 02:42]
No one would ever be able to say Bitcoin was Decentralized, Bitcoin Dev Co would get paid directly from the reward.

Jingles, [18.10.20 02:42]
[In reply to Phlip - Not giving away coins]
"BSV: We have all the Bad Idea. On chain"

Spoice, [18.10.20 02:42]
The Nash equilibrium we have tested for the past 10 years will be changed with ABC, it changed with BTC and BSV too

Jc Crown [ I DON'T DM PEOPLE - DON'T GIVE ME MONEY! ], [18.10.20 02:42]
"Bad Solutions Verified"

Spoice, [18.10.20 02:42]
that game-theory set of incentives

Spoice, [18.10.20 02:43]
why would I want to take a risk with any of those experiments when I gain 0?

David B., [18.10.20 02:43]
Better run bitcoin core 0.1

Spoice, [18.10.20 02:43]
Nope, you're talking technical freezing of development, that's not what I am addressing

Jingles, [18.10.20 02:43]
[In reply to David B.]
Thats the BTC chain though

Phlip - Not giving away coins, [18.10.20 02:43]
[In reply to Spoice]
O please share with us your background in the subject. Or are you now just parroting others

Spoice, [18.10.20 02:44]
BSV wants to freeze the technical development and they want a stable protocol from an API/development perspective

Spoice, [18.10.20 02:44]
but from an incentive ruleset perspective, they already butchered the equilibrium Bitcoin had

Jc Crown [ I DON'T DM PEOPLE - DON'T GIVE ME MONEY! ], [18.10.20 02:44]
[In reply to Phlip - Not giving away coins]
That's one of those phrases, when you hear it you know they are just a parrot of someones propaganda. "MUH NASH EQUILIBRIUM!"

David B., [18.10.20 02:44]
Stable = bad?

Jingles, [18.10.20 02:45]
[In reply to Jc Crown [ I DON'T DM PEOPLE - DON'T GIVE ME MONEY! ]]
I love you

Spoice, [18.10.20 02:45]
Philip, for an admin you are ought to be nicer, if you think I am parroting others you're free to think that, but to state it so bluntly in your position is just... wrong

Spoice, [18.10.20 02:46]
If you think the point I made is wrong, discuss it

Phlip - Not giving away coins, [18.10.20 02:46]
[In reply to Jingles]
Maybe talk to him in DM about that?😉

Spoice, [18.10.20 02:46]
not me

Jingles, [18.10.20 02:46]
[In reply to Phlip - Not giving away coins]
working on it.

Phlip - Not giving away coins, [18.10.20 02:46]
[In reply to Spoice]
I ought to be nicer...😂😂😂

Spoice, [18.10.20 02:47]
Also, anyone who studied Bitcoin at length and its set of incentives and game-theory ruleset should know what a Nash Equilibrium is and who the players are in the Bitcoin game

Phlip - Not giving away coins, [18.10.20 02:47]
[In reply to Spoice]
You state as fact. You get to dhow why your statements or opinions are even relevant.

Spoice, [18.10.20 02:48]
If it's not a fact, highlight how

Spoice, [18.10.20 02:48]
don't attack me

Spoice, [18.10.20 02:48]
prove me wrong

Spoice, [18.10.20 02:48]
if you fail that simple debate test

David B., [18.10.20 02:48]
How's that breakfast helping?

Spoice, [18.10.20 02:48]
you should rename from Janitor to Tyrant

Jingles, [18.10.20 02:48]
I'm still waiting to see the defined rules as per the wp

Michael Nunzio, [18.10.20 02:49]
[In reply to Spoice]
Didn't know this was stand up comedy night in here.

Michael Nunzio, [18.10.20 02:49]
I missed the memo

Phlip - Not giving away coins, [18.10.20 02:49]
If I have to prove all idiots on the internet wrong I would have a hard time. You are starting to really waste everybody’s time. You state, you prove. Or you are just generating noise

Phlip - Not giving away coins, [18.10.20 02:50]
[In reply to Spoice]
Be careful now.

Michael Nunzio, [18.10.20 02:50]
Noisy bugger.

Phlip - Not giving away coins, [18.10.20 02:52]
Getting close to just do some cleaning up.

Spoice, [18.10.20 02:52]
If you can't debate technical points I am making about Bitcoin Cash on a Bitcoin Cash Telegram, and within the span of 10 minutes you called me stupid, idiot, noisy and a parrot, you absolutely are a tyrant and I stand by my point: You should not be an admin here, nor anywhere actually. If you think I should be careful for the fear of you banning me, go ahead. You still fail to debate the simplest technical point and yet claim you can "but can't be bothered to". You remind me of that Thermos guy.

Spoice, [18.10.20 02:53]
How do people with 0 technical know how end up in these admin positions is beyond me

Jingles, [18.10.20 02:53]
I challenged your comments and you just changed the goal posts.

Phlip - Not giving away coins, [18.10.20 02:53]
[In reply to Spoice]
Ok. You are not paying me and you are free to create noise elsewhere
submitted by wisequote to btc [link] [comments]

Technical: Taproot: Why Activate?

This is a follow-up on https://old.reddit.com/Bitcoin/comments/hqzp14/technical_the_path_to_taproot_activation/
Taproot! Everybody wants it!! But... you might ask yourself: sure, everybody else wants it, but why would I, sovereign Bitcoin HODLer, want it? Surely I can be better than everybody else because I swapped XXX fiat for Bitcoin unlike all those nocoiners?
And it is important for you to know the reasons why you, o sovereign Bitcoiner, would want Taproot activated. After all, your nodes (or the nodes your wallets use, which if you are SPV, you hopefully can pester to your wallet vendoimplementor about) need to be upgraded in order for Taproot activation to actually succeed instead of becoming a hot sticky mess.
First, let's consider some principles of Bitcoin.
I'm sure most of us here would agree that the above are very important principles of Bitcoin and that these are principles we would not be willing to remove. If anything, we would want those principles strengthened (especially the last one, financial privacy, which current Bitcoin is only sporadically strong with: you can get privacy, it just requires effort to do so).
So, how does Taproot affect those principles?

Taproot and Your /Coins

Most HODLers probably HODL their coins in singlesig addresses. Sadly, switching to Taproot would do very little for you (it gives a mild discount at spend time, at the cost of a mild increase in fee at receive time (paid by whoever sends to you, so if it's a self-send from a P2PKH or bech32 address, you pay for this); mostly a wash).
(technical details: a Taproot output is 1 version byte + 32 byte public key, while a P2WPKH (bech32 singlesig) output is 1 version byte + 20 byte public key hash, so the Taproot output spends 12 bytes more; spending from a P2WPKH requires revealing a 32-byte public key later, which is not needed with Taproot, and Taproot signatures are about 9 bytes smaller than P2WPKH signatures, but the 32 bytes plus 9 bytes is divided by 4 because of the witness discount, so it saves about 11 bytes; mostly a wash, it increases blockweight by about 1 virtual byte, 4 weight for each Taproot-output-input, compared to P2WPKH-output-input).
However, as your HODLings grow in value, you might start wondering if multisignature k-of-n setups might be better for the security of your savings. And it is in multisignature that Taproot starts to give benefits!
Taproot switches to using Schnorr signing scheme. Schnorr makes key aggregation -- constructing a single public key from multiple public keys -- almost as trivial as adding numbers together. "Almost" because it involves some fairly advanced math instead of simple boring number adding, but hey when was the last time you added up your grocery list prices by hand huh?
With current P2SH and P2WSH multisignature schemes, if you have a 2-of-3 setup, then to spend, you need to provide two different signatures from two different public keys. With Taproot, you can create, using special moon math, a single public key that represents your 2-of-3 setup. Then you just put two of your devices together, have them communicate to each other (this can be done airgapped, in theory, by sending QR codes: the software to do this is not even being built yet, but that's because Taproot hasn't activated yet!), and they will make a single signature to authorize any spend from your 2-of-3 address. That's 73 witness bytes -- 18.25 virtual bytes -- of signatures you save!
And if you decide that your current setup with 1-of-1 P2PKH / P2WPKH addresses is just fine as-is: well, that's the whole point of a softfork: backwards-compatibility; you can receive from Taproot users just fine, and once your wallet is updated for Taproot-sending support, you can send to Taproot users just fine as well!
(P2WPKH and P2WSH -- SegWit v0 -- addresses start with bc1q; Taproot -- SegWit v1 --- addresses start with bc1p, in case you wanted to know the difference; in bech32 q is 0, p is 1)
Now how about HODLers who keep all, or some, of their coins on custodial services? Well, any custodial service worth its salt would be doing at least 2-of-3, or probably something even bigger, like 11-of-15. So your custodial service, if it switched to using Taproot internally, could save a lot more (imagine an 11-of-15 getting reduced from 11 signatures to just 1!), which --- we can only hope! --- should translate to lower fees and better customer service from your custodial service!
So I think we can say, very accurately, that the Bitcoin principle --- that YOU are in control of your money --- can only be helped by Taproot (if you are doing multisignature), and, because P2PKH and P2WPKH remain validly-usable addresses in a Taproot future, will not be harmed by Taproot. Its benefit to this principle might be small (it mostly only benefits multisignature users) but since it has no drawbacks with this (i.e. singlesig users can continue to use P2WPKH and P2PKH still) this is still a nice, tidy win!
(even singlesig users get a minor benefit, in that multisig users will now reduce their blockchain space footprint, so that fees can be kept low for everybody; so for example even if you have your single set of private keys engraved on titanium plates sealed in an airtight box stored in a safe buried in a desert protected by angry nomads riding giant sandworms because you're the frickin' Kwisatz Haderach, you still gain some benefit from Taproot)
And here's the important part: if P2PKH/P2WPKH is working perfectly fine with you and you decide to never use Taproot yourself, Taproot will not affect you detrimentally. First do no harm!

Taproot and Your Contracts

No one is an island, no one lives alone. Give and you shall receive. You know: by trading with other people, you can gain expertise in some obscure little necessity of the world (and greatly increase your productivity in that little field), and then trade the products of your expertise for necessities other people have created, all of you thereby gaining gains from trade.
So, contracts, which are basically enforceable agreements that facilitate trading with people who you do not personally know and therefore might not trust.
Let's start with a simple example. You want to buy some gewgaws from somebody. But you don't know them personally. The seller wants the money, you want their gewgaws, but because of the lack of trust (you don't know them!! what if they're scammers??) neither of you can benefit from gains from trade.
However, suppose both of you know of some entity that both of you trust. That entity can act as a trusted escrow. The entity provides you security: this enables the trade, allowing both of you to get gains from trade.
In Bitcoin-land, this can be implemented as a 2-of-3 multisignature. The three signatories in the multisgnature would be you, the gewgaw seller, and the escrow. You put the payment for the gewgaws into this 2-of-3 multisignature address.
Now, suppose it turns out neither of you are scammers (whaaaat!). You receive the gewgaws just fine and you're willing to pay up for them. Then you and the gewgaw seller just sign a transaction --- you and the gewgaw seller are 2, sufficient to trigger the 2-of-3 --- that spends from the 2-of-3 address to a singlesig the gewgaw seller wants (or whatever address the gewgaw seller wants).
But suppose some problem arises. The seller gave you gawgews instead of gewgaws. Or you decided to keep the gewgaws but not sign the transaction to release the funds to the seller. In either case, the escrow is notified, and if it can sign with you to refund the funds back to you (if the seller was a scammer) or it can sign with the seller to forward the funds to the seller (if you were a scammer).
Taproot helps with this: like mentioned above, it allows multisignature setups to produce only one signature, reducing blockchain space usage, and thus making contracts --- which require multiple people, by definition, you don't make contracts with yourself --- is made cheaper (which we hope enables more of these setups to happen for more gains from trade for everyone, also, moon and lambos).
(technology-wise, it's easier to make an n-of-n than a k-of-n, making a k-of-n would require a complex setup involving a long ritual with many communication rounds between the n participants, but an n-of-n can be done trivially with some moon math. You can, however, make what is effectively a 2-of-3 by using a three-branch SCRIPT: either 2-of-2 of you and seller, OR 2-of-2 of you and escrow, OR 2-of-2 of escrow and seller. Fortunately, Taproot adds a facility to embed a SCRIPT inside a public key, so you can have a 2-of-2 Taprooted address (between you and seller) with a SCRIPT branch that can instead be spent with 2-of-2 (you + escrow) OR 2-of-2 (seller + escrow), which implements the three-branched SCRIPT above. If neither of you are scammers (hopefully the common case) then you both sign using your keys and never have to contact the escrow, since you are just using the escrow public key without coordinating with them (because n-of-n is trivial but k-of-n requires setup with communication rounds), so in the "best case" where both of you are honest traders, you also get a privacy boost, in that the escrow never learns you have been trading on gewgaws, I mean ewww, gawgews are much better than gewgaws and therefore I now judge you for being a gewgaw enthusiast, you filthy gewgawer).

Taproot and Your Contracts, Part 2: Cryptographic Boogaloo

Now suppose you want to buy some data instead of things. For example, maybe you have some closed-source software in trial mode installed, and want to pay the developer for the full version. You want to pay for an activation code.
This can be done, today, by using an HTLC. The developer tells you the hash of the activation code. You pay to an HTLC, paying out to the developer if it reveals the preimage (the activation code), or refunding the money back to you after a pre-agreed timeout. If the developer claims the funds, it has to reveal the preimage, which is the activation code, and you can now activate your software. If the developer does not claim the funds by the timeout, you get refunded.
And you can do that, with HTLCs, today.
Of course, HTLCs do have problems:
Fortunately, with Schnorr (which is enabled by Taproot), we can now use the Scriptless Script constuction by Andrew Poelstra. This Scriptless Script allows a new construction, the PTLC or Pointlocked Timelocked Contract. Instead of hashes and preimages, just replace "hash" with "point" and "preimage" with "scalar".
Or as you might know them: "point" is really "public key" and "scalar" is really a "private key". What a PTLC does is that, given a particular public key, the pointlocked branch can be spent only if the spender reveals the private key of the given public key to you.
Another nice thing with PTLCs is that they are deniable. What appears onchain is just a single 2-of-2 signature between you and the developemanufacturer. It's like a magic trick. This signature has no special watermarks, it's a perfectly normal signature (the pledge). However, from this signature, plus some datta given to you by the developemanufacturer (known as the adaptor signature) you can derive the private key of a particular public key you both agree on (the turn). Anyone scraping the blockchain will just see signatures that look just like every other signature, and as long as nobody manages to hack you and get a copy of the adaptor signature or the private key, they cannot get the private key behind the public key (point) that the pointlocked branch needs (the prestige).
(Just to be clear, the public key you are getting the private key from, is distinct from the public key that the developemanufacturer will use for its funds. The activation key is different from the developer's onchain Bitcoin key, and it is the activation key whose private key you will be learning, not the developer's/manufacturer's onchain Bitcoin key).
So:
Taproot lets PTLCs exist onchain because they enable Schnorr, which is a requirement of PTLCs / Scriptless Script.
(technology-wise, take note that Scriptless Script works only for the "pointlocked" branch of the contract; you need normal Script, or a pre-signed nLockTimed transaction, for the "timelocked" branch. Since Taproot can embed a script, you can have the Taproot pubkey be a 2-of-2 to implement the Scriptless Script "pointlocked" branch, then have a hidden script that lets you recover the funds with an OP_CHECKLOCKTIMEVERIFY after the timeout if the seller does not claim the funds.)

Quantum Quibbles!

Now if you were really paying attention, you might have noticed this parenthetical:
(technical details: a Taproot output is 1 version byte + 32 byte public key, while a P2WPKH (bech32 singlesig) output is 1 version byte + 20 byte public key hash...)
So wait, Taproot uses raw 32-byte public keys, and not public key hashes? Isn't that more quantum-vulnerable??
Well, in theory yes. In practice, they probably are not.
It's not that hashes can be broken by quantum computes --- they're still not. Instead, you have to look at how you spend from a P2WPKH/P2PKH pay-to-public-key-hash.
When you spend from a P2PKH / P2WPKH, you have to reveal the public key. Then Bitcoin hashes it and checks if this matches with the public-key-hash, and only then actually validates the signature for that public key.
So an unconfirmed transaction, floating in the mempools of nodes globally, will show, in plain sight for everyone to see, your public key.
(public keys should be public, that's why they're called public keys, LOL)
And if quantum computers are fast enough to be of concern, then they are probably fast enough that, in the several minutes to several hours from broadcast to confirmation, they have already cracked the public key that is openly broadcast with your transaction. The owner of the quantum computer can now replace your unconfirmed transaction with one that pays the funds to itself. Even if you did not opt-in RBF, miners are still incentivized to support RBF on RBF-disabled transactions.
So the extra hash is not as significant a protection against quantum computers as you might think. Instead, the extra hash-and-compare needed is just extra validation effort.
Further, if you have ever, in the past, spent from the address, then there exists already a transaction indelibly stored on the blockchain, openly displaying the public key from which quantum computers can derive the private key. So those are still vulnerable to quantum computers.
For the most part, the cryptographers behind Taproot (and Bitcoin Core) are of the opinion that quantum computers capable of cracking Bitcoin pubkeys are unlikely to appear within a decade or two.
So:
For now, the homomorphic and linear properties of elliptic curve cryptography provide a lot of benefits --- particularly the linearity property is what enables Scriptless Script and simple multisignature (i.e. multisignatures that are just 1 signature onchain). So it might be a good idea to take advantage of them now while we are still fairly safe against quantum computers. It seems likely that quantum-safe signature schemes are nonlinear (thus losing these advantages).

Summary

I Wanna Be The Taprooter!

So, do you want to help activate Taproot? Here's what you, mister sovereign Bitcoin HODLer, can do!

But I Hate Taproot!!

That's fine!

Discussions About Taproot Activation

submitted by almkglor to Bitcoin [link] [comments]

Since they're calling for r/btc to be banned...

Maybe it's time to discuss bitcoin's history again. Credit to u/singularity87 for the original post over 3 years ago.

People should get the full story of bitcoin because it is probably one of the strangest of all reddit subs.
bitcoin, the main sub for the bitcoin community is held and run by a person who goes by the pseudonym u/theymos. Theymos not only controls bitcoin, but also bitcoin.org and bitcointalk.com. These are top three communication channels for the bitcoin community, all controlled by just one person.
For most of bitcoin's history this did not create a problem (at least not an obvious one anyway) until around mid 2015. This happened to be around the time a new player appeared on the scene, a for-profit company called Blockstream. Blockstream was made up of/hired many (but not all) of the main bitcoin developers. (To be clear, Blockstream was founded before mid 2015 but did not become publicly active until then). A lot of people, including myself, tried to point out there we're some very serious potential conflicts of interest that could arise when one single company controls most of the main developers for the biggest decentralised and distributed cryptocurrency. There were a lot of unknowns but people seemed to give them the benefit of the doubt because they were apparently about to release some new software called "sidechains" that could offer some benefits to the network.
Not long after Blockstream came on the scene the issue of bitcoin's scalability once again came to forefront of the community. This issue came within the community a number of times since bitcoins inception. Bitcoin, as dictated in the code, cannot handle any more than around 3 transactions per second at the moment. To put that in perspective Paypal handles around 15 transactions per second on average and VISA handles something like 2000 transactions per second. The discussion in the community has been around how best to allow bitcoin to scale to allow a higher number of transactions in a given amount of time. I suggest that if anyone is interested in learning more about this problem from a technical angle, they go to btc and do a search. It's a complex issue but for many who have followed bitcoin for many years, the possible solutions seem relatively obvious. Essentially, currently the limit is put in place in just a few lines of code. This was not originally present when bitcoin was first released. It was in fact put in place afterwards as a measure to stop a bloating attack on the network. Because all bitcoin transactions have to be stored forever on the bitcoin network, someone could theoretically simply transmit a large number of transactions which would have to be stored by the entire network forever. When bitcoin was released, transactions were actually for free as the only people running the network were enthusiasts. In fact a single bitcoin did not even have any specific value so it would be impossible set a fee value. This meant that a malicious person could make the size of the bitcoin ledger grow very rapidly without much/any cost which would stop people from wanting to join the network due to the resource requirements needed to store it, which at the time would have been for very little gain.
Towards the end of the summer last year, this bitcoin scaling debate surfaced again as it was becoming clear that the transaction limit for bitcoin was semi regularly being reached and that it would not be long until it would be regularly hit and the network would become congested. This was a very serious issue for a currency. Bitcoin had made progress over the years to the point of retailers starting to offer it as a payment option. Bitcoin companies like, Microsoft, Paypal, Steam and many more had began to adopt it. If the transaction limit would be constantly maxed out, the network would become unreliable and slow for users. Users and businesses would not be able to make a reliable estimate when their transaction would be confirmed by the network.
Users, developers and businesses (which at the time was pretty much the only real bitcoin subreddit) started to discuss how we should solve the problem bitcoin. There was significant support from the users and businesses behind a simple solution put forward by the developer Gavin Andreesen. Gavin was the lead developer after Satoshi Nakamoto left bitcoin and he left it in his hands. Gavin initially proposed a very simple solution of increasing the limit which was to change the few lines of code to increase the maximum number of transactions that are allowed. For most of bitcoin's history the transaction limit had been set far far higher than the number of transactions that could potentially happen on the network. The concept of increasing the limit one time was based on the fact that history had proven that no issue had been cause by this in the past.
A certain group of bitcoin developers decided that increasing the limit by this amount was too much and that it was dangerous. They said that the increased use of resources that the network would use would create centralisation pressures which could destroy the network. The theory was that a miner of the network with more resources could publish many more transactions than a competing small miner could handle and therefore the network would tend towards few large miners rather than many small miners. The group of developers who supported this theory were all developers who worked for the company Blockstream. The argument from people in support of increasing the transaction capacity by this amount was that there are always inherent centralisation pressure with bitcoin mining. For example miners who can access the cheapest electricity will tend to succeed and that bigger miners will be able to find this cheaper electricity easier. Miners who have access to the most efficient computer chips will tend to succeed and that larger miners are more likely to be able to afford the development of them. The argument from Gavin and other who supported increasing the transaction capacity by this method are essentially there are economies of scale in mining and that these economies have far bigger centralisation pressures than increased resource cost for a larger number of transactions (up to the new limit proposed). For example, at the time the total size of the blockchain was around 50GB. Even for the cost of a 500GB SSD is only $150 and would last a number of years. This is in-comparison to the $100,000's in revenue per day a miner would be making.
Various developers put forth various other proposals, including Gavin Andresen who put forth a more conservative increase that would then continue to increase over time inline with technological improvements. Some of the employees of blockstream also put forth some proposals, but all were so conservative, it would take bitcoin many decades before it could reach a scale of VISA. Even though there was significant support from the community behind Gavin's simple proposal of increasing the limit it was becoming clear certain members of the bitcoin community who were part of Blockstream were starting to become increasingly vitriolic and divisive. Gavin then teamed up with one of the other main bitcoin developers Mike Hearn and released a coded (i.e. working) version of the bitcoin software that would only activate if it was supported by a significant majority of the network. What happened next was where things really started to get weird.
After this free and open source software was released, Theymos, the person who controls all the main communication channels for the bitcoin community implemented a new moderation policy that disallowed any discussion of this new software. Specifically, if people were to discuss this software, their comments would be deleted and ultimately they would be banned temporarily or permanently. This caused chaos within the community as there was very clear support for this software at the time and it seemed our best hope for finally solving the problem and moving on. Instead a censorship campaign was started. At first it 'all' they were doing was banning and removing discussions but after a while it turned into actively manipulating the discussion. For example, if a thread was created where there was positive sentiment for increasing the transaction capacity or being negative about the moderation policies or negative about the actions of certain bitcoin developers, the mods of bitcoin would selectively change the sorting order of threads to 'controversial' so that the most support opinions would be sorted to the bottom of the thread and the most vitriolic would be sorted to the top of the thread. This was initially very transparent as it was possible to see that the most downvoted comments were at the top and some of the most upvoted were at the bottom. So they then implemented hiding the voting scores next to the users name. This made impossible to work out the sentiment of the community and when combined with selectively setting the sorting order to controversial it was possible control what information users were seeing. Also, due to the very very large number of removed comments and users it was becoming obvious the scale of censorship going on. To hide this they implemented code in their CSS for the sub that completely hid comments that they had removed so that the censorship itself was hidden. Anyone in support of scaling bitcoin were removed from the main communication channels. Theymos even proudly announced that he didn't care if he had to remove 90% of the users. He also later acknowledged that he knew he had the ability to block support of this software using the control he had over the communication channels.
While this was all going on, Blockstream and it's employees started lobbying the community by paying for conferences about scaling bitcoin, but with the very very strange rule that no decisions could be made and no complete solutions could be proposed. These conferences were likely strategically (and successfully) created to stunt support for the scaling software Gavin and Mike had released by forcing the community to take a "lets wait and see what comes from the conferences" kind of approach. Since no final solutions were allowed at these conferences, they only served to hinder and splinter the communities efforts to find a solution. As the software Gavin and Mike released called BitcoinXT gained support it started to be attacked. Users of the software were attack by DDOS. Employees of Blockstream were recommending attacks against the software, such as faking support for it, to only then drop support at the last moment to put the network in disarray. Blockstream employees were also publicly talking about suing Gavin and Mike from various different angles simply for releasing this open source software that no one was forced to run. In the end Mike Hearn decided to leave due to the way many members of the bitcoin community had treated him. This was due to the massive disinformation campaign against him on bitcoin. One of the many tactics that are used against anyone who does not support Blockstream and the bitcoin developers who work for them is that you will be targeted in a smear campaign. This has happened to a number of individuals and companies who showed support for scaling bitcoin. Theymos has threatened companies that he will ban any discussion of them on the communication channels he controls (i.e. all the main ones) for simply running software that he disagrees with (i.e. any software that scales bitcoin).
As time passed, more and more proposals were offered, all against the backdrop of ever increasing censorship in the main bitcoin communication channels. It finally come down the smallest and most conservative solution. This solution was much smaller than even the employees of Blockstream had proposed months earlier. As usual there was enormous attacks from all sides and the most vocal opponents were the employees of Blockstream. These attacks still are ongoing today. As this software started to gain support, Blockstream organised more meetings, especially with the biggest bitcoin miners and made a pact with them. They promised that they would release code that would offer an on-chain scaling solution hardfork within about 4 months, but if the miners wanted this they would have to commit to running their software and only their software. The miners agreed and the ended up not running the most conservative proposal possible. This was in February last year. There is no hardfork proposal in sight from the people who agreed to this pact and bitcoin is still stuck with the exact same transaction limit it has had since the limit was put in place about 6 years ago. Gavin has also been publicly smeared by the developers at Blockstream and a plot was made against him to have him removed from the development team. Gavin has now been, for all intents an purposes, expelled from bitcoin development. This has meant that all control of bitcoin development is in the hands of the developers working at Blockstream.
There is a new proposal that offers a market based approach to scaling bitcoin. This essentially lets the market decide. Of course, as usual there has been attacks against it, and verbal attacks from the employees of Blockstream. This has the biggest chance of gaining wide support and solving the problem for good.
To give you an idea of Blockstream; It has hired most of the main and active bitcoin developers and is now synonymous with the "Core" bitcoin development team. They AFAIK no products at all. They have received around $75m in funding. Every single thing they do is supported by theymos. They have started implementing an entirely new economic system for bitcoin against the will of it's users and have blocked any and all attempts to scaling the network in line with the original vision.
Although this comment is ridiculously long, it really only covers the tip of the iceberg. You could write a book on the last two years of bitcoin. The things that have been going on have been mind blowing. One last thing that I think is worth talking about is the u/bashco's claim of vote manipulation.
The users that the video talks about have very very large numbers of downvotes mostly due to them having a very very high chance of being astroturfers. Around about the same time last year when Blockstream came active on the scene every single bitcoin troll disappeared, and I mean literally every single one. In the years before that there were a large number of active anti-bitcoin trolls. They even have an active sub buttcoin. Up until last year you could go down to the bottom of pretty much any thread in bitcoin and see many of the usual trolls who were heavily downvoted for saying something along the lines of "bitcoin is shit", "You guys and your tulips" etc. But suddenly last year they all disappeared. Instead a new type of bitcoin user appeared. Someone who said they were fully in support of bitcoin but they just so happened to support every single thing Blockstream and its employees said and did. They had the exact same tone as the trolls who had disappeared. Their way to talking to people was aggressive, they'd call people names, they had a relatively poor understanding of how bitcoin fundamentally worked. They were extremely argumentative. These users are the majority of the list of that video. When the 10's of thousands of users were censored and expelled from bitcoin they ended up congregating in btc. The strange thing was that the users listed in that video also moved over to btc and spend all day everyday posting troll-like comments and misinformation. Naturally they get heavily downvoted by the real users in btc. They spend their time constantly causing as much drama as possible. At every opportunity they scream about "censorship" in btc while they are happy about the censorship in bitcoin. These people are astroturfers. What someone somewhere worked out, is that all you have to do to take down a community is say that you are on their side. It is an astoundingly effective form of psychological attack.
submitted by CuriousTitmouse to btc [link] [comments]

New York Lawyers Propose Toolkit for Keeping ‘Decentralized’ Blockchains Honest

New York Lawyers Propose Toolkit for Keeping ‘Decentralized’ Blockchains Honest

Image: Tom Adams - Unsplash
A New York law firm is trying to test blockchain projects’ decentralization claims against their perhaps not-quite-so-distributed realities.
Called the “Ketsal Open Standards” rubric, the toolkit, developed by the Ketsal law firm and revealed exclusively to CoinDesk, proposes using hard, measurable data points to either bolster or burst a blockchain’s decentralized credentials.
It’s the latest contribution to a long-raging debate in crypto: when, and how, is something truly decentralized?
Finding that key, said toolkit co-creator and Ketsal partner Josh Garcia, can help investors, security researchers and even securities regulators root out blockchain projects’ sometimes bogus claims.
“It’s a tool to push along an informed discussion on what you’re talking about when you’re saying, ‘my network is decentralized.’”
“Now you can push back” with evidence the assertion is demonstrably false, he said.
Garcia and co-author Jenny Leung’s Open Standards is hardly the first decentralization measurement toolkit. But a review by CoinDesk shows it to be one of the most robust.
Thirty-three data points probe the hard facts behind blockchain decentralization. Many are obvious. For example, the focus network’s node count – a decentralized network should have plenty – and its underlying code’s licensure status – open source or bust – are clear benchmarks.
But others appear to be more novel. Ketsal’s framework proposes weighing the network’s GitHub statistics, measuring inter-node communication times, determining how large a stake of the cryptocurrency rests in wallets (and with the big-investing whales) – and even the theoretical cost of mounting a 51% attack, among others.
Compiling these statistics can help researchers better understand a blockchain’s in-the-moment distribution even if reaching an up-down verdict on its decentralization is impossible, said Garcia.
“It’s not an answer to the question, ‘What is decentralization,’ but it’s a way to find that answer,” he said. “If people can decide whether or not some of these metrics are valid,” they can use their chosen set to test for the type of decentralization they’re looking at.
Providing a broad selection of diverse metrics is critical, he said, because of the political, computational and economic analysts searching for a “decentralization” particular to them. A securities regulator concerned with the Howey Test would likely choose different data points than a security researcher probing the network for holes.
But different analysts also might hone in on similar points. For one, mining power concentration, or the concentration of miners whose computational efforts cryptographically secure proof-of-work blockchains, is a critical benchmark for any decentralization hawk.
If all the key miners are geographically concentrated or grouped into a single pool, a blockchain may face mounting centralization and security risks, according to Ketsal. Just four pools mined 58% of Bitcoin blocks in the past year, the rubric shows.
Garcia said his team spent months compiling all the relevant data points from the world’s best-known blockchain network. Bitcoin’s resilience as well as the consensus agreement that it is decentralized make it an ideal case study, and Garcia said it’s the obvious benchmark to hold other projects against.
“If you do the same exact chart for another blockchain network, and you compare it side by side to Bitcoin … you know how far off you are from [decentralization]” he said.
Originally published by Danny Nelson | October 21, 2020 Coindesk
submitted by kjonesatjaagnet to JAAGNet [link] [comments]

Don't blindly follow a narrative, its bad for you and its bad for crypto in general

I mostly lurk around here but I see a pattern repeating over and over again here and in multiple communities so I have to post. I'm just posting this here because I appreciate the fact that this sub is a place of free speech and maybe something productive can come out from this post, while bitcoin is just fucking censorship, memes and moon/lambo posts. If you don't agree, write in the comments why, instead of downvoting. You don't have to upvote either, but when you downvote you are killing the opportunity to have discussion. If you downvote or comment that I'm wrong without providing any counterpoints you are no better than the BTC maxis you despise.
In various communities I see a narrative being used to bring people in and making them follow something without thinking for themselves. In crypto I see this mostly in BTC vs BCH tribalistic arguments:
- BTC community: "Everything that is not BTC is shitcoin." or more recently as stated by adam on twitter, "Everything that is not BTC is a ponzi scheme, even ETH.", "what is ETH supply?", and even that they are doing this for "altruistic" reasons, to "protect" the newcomers. Very convenient for them that they are protecting the newcomers by having them buy their bags
- BCH community: "BTC maxis are dumb", "just increase block size and you will have truly p2p electronic cash", "It is just that simple, there are no trade offs", "if you don't agree with me you are a BTC maxi", "BCH is satoshi's vision for p2p electronic cash"
It is not exclusive to crypto but also politics, and you see this over and over again on twitter and on reddit.
My point is, that narratives are created so people don't have to think, they just choose a narrative that is easy to follow and makes sense for them, and stick with it. And people keep repeating these narratives to bring other people in, maybe by ignorance, because they truly believe it without questioning, or maybe by self interest, because they want to shill you their bags.
Because this is BCH community, and because bitcoin is censored, so I can't post there about the problems in the BTC narrative (some of which are IMO correctly identified by BCH community), I will stick with the narrative I see in the BCH community.
The culprit of this post was firstly this post by user u/scotty321 "The BTC Paradox: “A 1 MB blocksize enables poor people to run their own node!” “Okay, then what?” “Poor people won’t be able to use the network!”". You will see many posts of this kind being made by u/Egon_1 also. Then you have also this comment in that thread by u/fuck_____________1 saying that people that want to run their own nodes are retarded and that there is no reason to want to do that. "Just trust block explorer websites". And the post and comment were highly upvoted. Really? You really think that there is no problem in having just a few nodes on the network? And that the only thing that secures the network are miners?
As stated by user u/co1nsurf3r in that thread:
While I don't think that everybody needs to run a node, a full node does publish blocks it considers valid to other nodes. This does not amount to much if you only consider a single node in the network, but many "honest" full nodes in the network will reduce the probability of a valid block being withheld from the network by a collusion of "hostile" node operators.
But surely this will not get attention here, and will be downvoted by those people that promote the narrative that there is no trade off in increasing the blocksize and the people that don't see it are retarded or are btc maxis.
The only narrative I stick to and have been for many years now is that cryptocurrency takes power from the government and gives power to the individual, so you are not restricted to your economy as you can participate in the global economy. There is also the narrative of banking the bankless, which I hope will come true, but it is not a use case we are seeing right now.
Some people would argue that removing power from gov's is a bad thing, but you can't deny the fact that gov's can't control crypto (at least we would want them not to).
But, if you really want the individuals to remain in control of their money and transact with anyone in the world, the network needs to be very resistant to any kind of attacks. How can you have p2p electronic cash if your network just has a handful couple of nodes and the chinese gov can locate them and just block communication to them? I'm not saying that this is BCH case, I'm just refuting the fact that there is no value in running your own node. If you are relying on block explorers, the gov can just block the communication to the block explorer websites. Then what? Who will you trust to get chain information? The nodes needs to be decentralized so if you take one node down, many more can appear so it is hard to censor and you don't have few points of failure.
Right now BTC is focusing on that use case of being difficult to censor. But with that comes the problem that is very expensive to transact on the network, which breaks the purpose of anyone being able to participate. Obviously I do think that is also a major problem, and lightning network is awful right now and probably still years away of being usable, if it ever will. The best solution is up for debate, but thinking that you just have to increase the blocksize and there is no trade off is just naive or misleading. BCH is doing a good thing in trying to come with a solution that is inclusive and promotes cheap and fast transactions, but also don't forget centralization is a major concern and nothing to just shrug off.
Saying that "a 1 MB blocksize enables poor people to run their own" and that because of that "Poor people won’t be able to use the network" is a misrepresentation designed to promote a narrative. Because 1MB is not to allow "poor" people to run their node, it is to facilitate as many people to run a node to promote decentralization and avoid censorship.
Also an elephant in the room that you will not see being discussed in either BTC or BCH communities is that mining pools are heavily centralized. And I'm not talking about miners being mostly in china, but also that big pools control a lot of hashing power both in BTC and BCH, and that is terrible for the purpose of crypto.
Other projects are trying to solve that. Will they be successful? I don't know, I hope so, because I don't buy into any narrative. There are many challenges and I want to see crypto succeed as a whole. As always guys, DYOR and always question if you are not blindly following a narrative. I'm sure I will be called BTC maxi but maybe some people will find value in this. Don't trust guys that are always posting silly "gocha's" against the other "tribe".
EDIT: User u/ShadowOfHarbringer has pointed me to some threads that this has been discussed in the past and I will just put my take on them here for visibility, as I will be using this thread as a reference in future discussions I engage:
When there was only 2 nodes in the network, adding a third node increased redundancy and resiliency of the network as a whole in a significant way. When there is thousands of nodes in the network, adding yet another node only marginally increase the redundancy and resiliency of the network. So the question then becomes a matter of personal judgement of how much that added redundancy and resiliency is worth. For the absolutist, it is absolutely worth it and everyone on this planet should do their part.
What is the magical number of nodes that makes it counterproductive to add new nodes? Did he do any math? Does BCH achieve this holy grail safe number of nodes? Guess what, nobody knows at what number of nodes is starts to be marginally irrelevant to add new nodes. Even BTC today could still not have enough nodes to be safe. If you can't know for sure that you are safe, it is better to try to be safer than sorry. Thousands of nodes is still not enough, as I said, it is much cheaper to run a full node as it is to mine. If it costs millions in hash power to do a 51% attack on the block generation it means nothing if it costs less than $10k to run more nodes than there are in total in the network and cause havoc and slowing people from using the network. Or using bot farms to DDoS the 1000s of nodes in the network. Not all attacks are monetarily motivated. When you have governments with billions of dollars at their disposal and something that could threat their power they could do anything they could to stop people from using it, and the cheapest it is to do so the better
You should run a full node if you're a big business with e.g. >$100k/month in volume, or if you run a service that requires high fraud resistance and validation certainty for payments sent your way (e.g. an exchange). For most other users of Bitcoin, there's no good reason to run a full node unless you reel like it.
Shouldn't individuals benefit from fraud resistance too? Why just businesses?
Personally, I think it's a good idea to make sure that people can easily run a full node because they feel like it, and that it's desirable to keep full node resource requirements reasonable for an enthusiast/hobbyist whenever possible. This might seem to be at odds with the concept of making a worldwide digital cash system in which all transactions are validated by everybody, but after having done the math and some of the code myself, I believe that we should be able to have our cake and eat it too.
This is recurrent argument, but also no math provided, "just trust me I did the math"
The biggest reason individuals may want to run their own node is to increase their privacy. SPV wallets rely on others (nodes or ElectronX servers) who may learn their addresses.
It is a reason and valid one but not the biggest reason
If you do it for fun and experimental it good. If you do it for extra privacy it's ok. If you do it to help the network don't. You are just slowing down miners and exchanges.
Yes it will slow down the network, but that shows how people just don't get the the trade off they are doing
I will just copy/paste what Satoshi Nakamoto said in his own words. "The current system where every user is a network node is not the intended configuration for large scale. That would be like every Usenet user runs their own NNTP server."
Another "it is all or nothing argument" and quoting satoshi to try and prove their point. Just because every user doesn't need to be also a full node doesn't mean that there aren't serious risks for having few nodes
For this to have any importance in practice, all of the miners, all of the exchanges, all of the explorers and all of the economic nodes should go rogue all at once. Collude to change consensus. If you have a node you can detect this. It doesn't do much, because such a scenario is impossible in practice.
Not true because as I said, you can DDoS the current nodes or run more malicious nodes than that there currently are, because is cheap to do so
Non-mining nodes don't contribute to adding data to the blockchain ledger, but they do play a part in propagating transactions that aren't yet in blocks (the mempool). Bitcoin client implementations can have different validations for transactions they see outside of blocks and transactions they see inside of blocks; this allows for "soft forks" to add new types of transactions without completely breaking older clients (while a transaction is in the mempool, a node receiving a transaction that's a new/unknown type could drop it as not a valid transaction (not propagate it to its peers), but if that same transaction ends up in a block and that node receives the block, they accept the block (and the transaction in it) as valid (and therefore don't get left behind on the blockchain and become a fork). The participation in the mempool is a sort of "herd immunity" protection for the network, and it was a key talking point for the "User Activated Soft Fork" (UASF) around the time the Segregated Witness feature was trying to be added in. If a certain percentage of nodes updated their software to not propagate certain types of transactions (or not communicate with certain types of nodes), then they can control what gets into a block (someone wanting to get that sort of transaction into a block would need to communicate directly to a mining node, or communicate only through nodes that weren't blocking that sort of transaction) if a certain threshold of nodes adheres to those same validation rules. It's less specific than the influence on the blockchain data that mining nodes have, but it's definitely not nothing.
The first reasonable comment in that thread but is deep down there with only 1 upvote
The addition of non-mining nodes does not add to the efficiency of the network, but actually takes away from it because of the latency issue.
That is true and is actually a trade off you are making, sacrificing security to have scalability
The addition of non-mining nodes has little to no effect on security, since you only need to destroy mining ones to take down the network
It is true that if you destroy mining nodes you take down the network from producing new blocks (temporarily), even if you have a lot of non mining nodes. But, it still better than if you take down the mining nodes who are also the only full nodes. If the miners are not the only full nodes, at least you still have full nodes with the blockchain data so new miners can download it and join. If all the miners are also the full nodes and you take them down, where will you get all the past blockchain data to start mining again? Just pray that the miners that were taken down come back online at some point in the future?
The real limiting factor is ISP's: Imagine a situation where one service provider defrauds 4000 different nodes. Did the excessive amount of nodes help at all, when they have all been defrauded by the same service provider? If there are only 30 ISP's in the world, how many nodes do we REALLY need?
You cant defraud if the connection is encrypted. Use TOR for example, it is hard for ISP's to know what you are doing.
Satoshi specifically said in the white paper that after a certain point, number of nodes needed plateaus, meaning after a certain point, adding more nodes is actually counterintuitive, which we also demonstrated. (the latency issue). So, we have adequately demonstrated why running non-mining nodes does not add additional value or security to the network.
Again, what is the number of nodes that makes it counterproductive? Did he do any math?
There's also the matter of economically significant nodes and the role they play in consensus. Sure, nobody cares about your average joe's "full node" where he is "keeping his own ledger to keep the miners honest", as it has no significance to the economy and the miners couldn't give a damn about it. However, if say some major exchanges got together to protest a miner activated fork, they would have some protest power against that fork because many people use their service. Of course, there still needs to be miners running on said "protest fork" to keep the chain running, but miners do follow the money and if they got caught mining a fork that none of the major exchanges were trading, they could be coaxed over to said "protest fork".
In consensus, what matters about nodes is only the number, economical power of the node doesn't mean nothing, the protocol doesn't see the net worth of the individual or organization running that node.
Running a full node that is not mining and not involved is spending or receiving payments is of very little use. It helps to make sure network traffic is broadcast, and is another copy of the blockchain, but that is all (and is probably not needed in a healthy coin with many other nodes)
He gets it right (broadcasting transaction and keeping a copy of the blockchain) but he dismisses the importance of it
submitted by r0bo7 to btc [link] [comments]

Why i’m bullish on Zilliqa (long read)

Edit: TL;DR added in the comments
 
Hey all, I've been researching coins since 2017 and have gone through 100s of them in the last 3 years. I got introduced to blockchain via Bitcoin of course, analyzed Ethereum thereafter and from that moment I have a keen interest in smart contact platforms. I’m passionate about Ethereum but I find Zilliqa to have a better risk-reward ratio. Especially because Zilliqa has found an elegant balance between being secure, decentralized and scalable in my opinion.
 
Below I post my analysis of why from all the coins I went through I’m most bullish on Zilliqa (yes I went through Tezos, EOS, NEO, VeChain, Harmony, Algorand, Cardano etc.). Note that this is not investment advice and although it's a thorough analysis there is obviously some bias involved. Looking forward to what you all think!
 
Fun fact: the name Zilliqa is a play on ‘silica’ silicon dioxide which means “Silicon for the high-throughput consensus computer.”
 
This post is divided into (i) Technology, (ii) Business & Partnerships, and (iii) Marketing & Community. I’ve tried to make the technology part readable for a broad audience. If you’ve ever tried understanding the inner workings of Bitcoin and Ethereum you should be able to grasp most parts. Otherwise, just skim through and once you are zoning out head to the next part.
 
Technology and some more:
 
Introduction
 
The technology is one of the main reasons why I’m so bullish on Zilliqa. First thing you see on their website is: “Zilliqa is a high-performance, high-security blockchain platform for enterprises and next-generation applications.” These are some bold statements.
 
Before we deep dive into the technology let’s take a step back in time first as they have quite the history. The initial research paper from which Zilliqa originated dates back to August 2016: Elastico: A Secure Sharding Protocol For Open Blockchains where Loi Luu (Kyber Network) is one of the co-authors. Other ideas that led to the development of what Zilliqa has become today are: Bitcoin-NG, collective signing CoSi, ByzCoin and Omniledger.
 
The technical white paper was made public in August 2017 and since then they have achieved everything stated in the white paper and also created their own open source intermediate level smart contract language called Scilla (functional programming language similar to OCaml) too.
 
Mainnet is live since the end of January 2019 with daily transaction rates growing continuously. About a week ago mainnet reached 5 million transactions, 500.000+ addresses in total along with 2400 nodes keeping the network decentralized and secure. Circulating supply is nearing 11 billion and currently only mining rewards are left. The maximum supply is 21 billion with annual inflation being 7.13% currently and will only decrease with time.
 
Zilliqa realized early on that the usage of public cryptocurrencies and smart contracts were increasing but decentralized, secure, and scalable alternatives were lacking in the crypto space. They proposed to apply sharding onto a public smart contract blockchain where the transaction rate increases almost linear with the increase in the amount of nodes. More nodes = higher transaction throughput and increased decentralization. Sharding comes in many forms and Zilliqa uses network-, transaction- and computational sharding. Network sharding opens up the possibility of using transaction- and computational sharding on top. Zilliqa does not use state sharding for now. We’ll come back to this later.
 
Before we continue dissecting how Zilliqa achieves such from a technological standpoint it’s good to keep in mind that a blockchain being decentralised and secure and scalable is still one of the main hurdles in allowing widespread usage of decentralised networks. In my opinion this needs to be solved first before blockchains can get to the point where they can create and add large scale value. So I invite you to read the next section to grasp the underlying fundamentals. Because after all these premises need to be true otherwise there isn’t a fundamental case to be bullish on Zilliqa, right?
 
Down the rabbit hole
 
How have they achieved this? Let’s define the basics first: key players on Zilliqa are the users and the miners. A user is anybody who uses the blockchain to transfer funds or run smart contracts. Miners are the (shard) nodes in the network who run the consensus protocol and get rewarded for their service in Zillings (ZIL). The mining network is divided into several smaller networks called shards, which is also referred to as ‘network sharding’. Miners subsequently are randomly assigned to a shard by another set of miners called DS (Directory Service) nodes. The regular shards process transactions and the outputs of these shards are eventually combined by the DS shard as they reach consensus on the final state. More on how these DS shards reach consensus (via pBFT) will be explained later on.
 
The Zilliqa network produces two types of blocks: DS blocks and Tx blocks. One DS Block consists of 100 Tx Blocks. And as previously mentioned there are two types of nodes concerned with reaching consensus: shard nodes and DS nodes. Becoming a shard node or DS node is being defined by the result of a PoW cycle (Ethash) at the beginning of the DS Block. All candidate mining nodes compete with each other and run the PoW (Proof-of-Work) cycle for 60 seconds and the submissions achieving the highest difficulty will be allowed on the network. And to put it in perspective: the average difficulty for one DS node is ~ 2 Th/s equaling 2.000.000 Mh/s or 55 thousand+ GeForce GTX 1070 / 8 GB GPUs at 35.4 Mh/s. Each DS Block 10 new DS nodes are allowed. And a shard node needs to provide around 8.53 GH/s currently (around 240 GTX 1070s). Dual mining ETH/ETC and ZIL is possible and can be done via mining software such as Phoenix and Claymore. There are pools and if you have large amounts of hashing power (Ethash) available you could mine solo.
 
The PoW cycle of 60 seconds is a peak performance and acts as an entry ticket to the network. The entry ticket is called a sybil resistance mechanism and makes it incredibly hard for adversaries to spawn lots of identities and manipulate the network with these identities. And after every 100 Tx Blocks which corresponds to roughly 1,5 hour this PoW process repeats. In between these 1,5 hour, no PoW needs to be done meaning Zilliqa’s energy consumption to keep the network secure is low. For more detailed information on how mining works click here.
Okay, hats off to you. You have made it this far. Before we go any deeper down the rabbit hole we first must understand why Zilliqa goes through all of the above technicalities and understand a bit more what a blockchain on a more fundamental level is. Because the core of Zilliqa’s consensus protocol relies on the usage of pBFT (practical Byzantine Fault Tolerance) we need to know more about state machines and their function. Navigate to Viewblock, a Zilliqa block explorer, and just come back to this article. We will use this site to navigate through a few concepts.
 
We have established that Zilliqa is a public and distributed blockchain. Meaning that everyone with an internet connection can send ZILs, trigger smart contracts, etc. and there is no central authority who fully controls the network. Zilliqa and other public and distributed blockchains (like Bitcoin and Ethereum) can also be defined as state machines.
 
Taking the liberty of paraphrasing examples and definitions given by Samuel Brooks’ medium article, he describes the definition of a blockchain (like Zilliqa) as: “A peer-to-peer, append-only datastore that uses consensus to synchronize cryptographically-secure data”.
 
Next, he states that: "blockchains are fundamentally systems for managing valid state transitions”. For some more context, I recommend reading the whole medium article to get a better grasp of the definitions and understanding of state machines. Nevertheless, let’s try to simplify and compile it into a single paragraph. Take traffic lights as an example: all its states (red, amber, and green) are predefined, all possible outcomes are known and it doesn’t matter if you encounter the traffic light today or tomorrow. It will still behave the same. Managing the states of a traffic light can be done by triggering a sensor on the road or pushing a button resulting in one traffic lights’ state going from green to red (via amber) and another light from red to green.
 
With public blockchains like Zilliqa, this isn’t so straightforward and simple. It started with block #1 almost 1,5 years ago and every 45 seconds or so a new block linked to the previous block is being added. Resulting in a chain of blocks with transactions in it that everyone can verify from block #1 to the current #647.000+ block. The state is ever changing and the states it can find itself in are infinite. And while the traffic light might work together in tandem with various other traffic lights, it’s rather insignificant comparing it to a public blockchain. Because Zilliqa consists of 2400 nodes who need to work together to achieve consensus on what the latest valid state is while some of these nodes may have latency or broadcast issues, drop offline or are deliberately trying to attack the network, etc.
 
Now go back to the Viewblock page take a look at the amount of transaction, addresses, block and DS height and then hit refresh. Obviously as expected you see new incremented values on one or all parameters. And how did the Zilliqa blockchain manage to transition from a previous valid state to the latest valid state? By using pBFT to reach consensus on the latest valid state.
 
After having obtained the entry ticket, miners execute pBFT to reach consensus on the ever-changing state of the blockchain. pBFT requires a series of network communication between nodes, and as such there is no GPU involved (but CPU). Resulting in the total energy consumed to keep the blockchain secure, decentralized and scalable being low.
 
pBFT stands for practical Byzantine Fault Tolerance and is an optimization on the Byzantine Fault Tolerant algorithm. To quote Blockonomi: “In the context of distributed systems, Byzantine Fault Tolerance is the ability of a distributed computer network to function as desired and correctly reach a sufficient consensus despite malicious components (nodes) of the system failing or propagating incorrect information to other peers.” Zilliqa is such a distributed computer network and depends on the honesty of the nodes (shard and DS) to reach consensus and to continuously update the state with the latest block. If pBFT is a new term for you I can highly recommend the Blockonomi article.
 
The idea of pBFT was introduced in 1999 - one of the authors even won a Turing award for it - and it is well researched and applied in various blockchains and distributed systems nowadays. If you want more advanced information than the Blockonomi link provides click here. And if you’re in between Blockonomi and the University of Singapore read the Zilliqa Design Story Part 2 dating from October 2017.
Quoting from the Zilliqa tech whitepaper: “pBFT relies upon a correct leader (which is randomly selected) to begin each phase and proceed when the sufficient majority exists. In case the leader is byzantine it can stall the entire consensus protocol. To address this challenge, pBFT offers a view change protocol to replace the byzantine leader with another one.”
 
pBFT can tolerate ⅓ of the nodes being dishonest (offline counts as Byzantine = dishonest) and the consensus protocol will function without stalling or hiccups. Once there are more than ⅓ of dishonest nodes but no more than ⅔ the network will be stalled and a view change will be triggered to elect a new DS leader. Only when more than ⅔ of the nodes are dishonest (66%) double-spend attacks become possible.
 
If the network stalls no transactions can be processed and one has to wait until a new honest leader has been elected. When the mainnet was just launched and in its early phases, view changes happened regularly. As of today the last stalling of the network - and view change being triggered - was at the end of October 2019.
 
Another benefit of using pBFT for consensus besides low energy is the immediate finality it provides. Once your transaction is included in a block and the block is added to the chain it’s done. Lastly, take a look at this article where three types of finality are being defined: probabilistic, absolute and economic finality. Zilliqa falls under the absolute finality (just like Tendermint for example). Although lengthy already we skipped through some of the inner workings from Zilliqa’s consensus: read the Zilliqa Design Story Part 3 and you will be close to having a complete picture on it. Enough about PoW, sybil resistance mechanism, pBFT, etc. Another thing we haven’t looked at yet is the amount of decentralization.
 
Decentralisation
 
Currently, there are four shards, each one of them consisting of 600 nodes. 1 shard with 600 so-called DS nodes (Directory Service - they need to achieve a higher difficulty than shard nodes) and 1800 shard nodes of which 250 are shard guards (centralized nodes controlled by the team). The amount of shard guards has been steadily declining from 1200 in January 2019 to 250 as of May 2020. On the Viewblock statistics, you can see that many of the nodes are being located in the US but those are only the (CPU parts of the) shard nodes who perform pBFT. There is no data from where the PoW sources are coming. And when the Zilliqa blockchain starts reaching its transaction capacity limit, a network upgrade needs to be executed to lift the current cap of maximum 2400 nodes to allow more nodes and formation of more shards which will allow to network to keep on scaling according to demand.
Besides shard nodes there are also seed nodes. The main role of seed nodes is to serve as direct access points (for end-users and clients) to the core Zilliqa network that validates transactions. Seed nodes consolidate transaction requests and forward these to the lookup nodes (another type of nodes) for distribution to the shards in the network. Seed nodes also maintain the entire transaction history and the global state of the blockchain which is needed to provide services such as block explorers. Seed nodes in the Zilliqa network are comparable to Infura on Ethereum.
 
The seed nodes were first only operated by Zilliqa themselves, exchanges and Viewblock. Operators of seed nodes like exchanges had no incentive to open them for the greater public. They were centralised at first. Decentralisation at the seed nodes level has been steadily rolled out since March 2020 ( Zilliqa Improvement Proposal 3 ). Currently the amount of seed nodes is being increased, they are public-facing and at the same time PoS is applied to incentivize seed node operators and make it possible for ZIL holders to stake and earn passive yields. Important distinction: seed nodes are not involved with consensus! That is still PoW as entry ticket and pBFT for the actual consensus.
 
5% of the block rewards are being assigned to seed nodes (from the beginning in 2019) and those are being used to pay out ZIL stakers. The 5% block rewards with an annual yield of 10.03% translate to roughly 610 MM ZILs in total that can be staked. Exchanges use the custodial variant of staking and wallets like Moonlet will use the non-custodial version (starting in Q3 2020). Staking is being done by sending ZILs to a smart contract created by Zilliqa and audited by Quantstamp.
 
With a high amount of DS; shard nodes and seed nodes becoming more decentralized too, Zilliqa qualifies for the label of decentralized in my opinion.
 
Smart contracts
 
Let me start by saying I’m not a developer and my programming skills are quite limited. So I‘m taking the ELI5 route (maybe 12) but if you are familiar with Javascript, Solidity or specifically OCaml please head straight to Scilla - read the docs to get a good initial grasp of how Zilliqa’s smart contract language Scilla works and if you ask yourself “why another programming language?” check this article. And if you want to play around with some sample contracts in an IDE click here. The faucet can be found here. And more information on architecture, dapp development and API can be found on the Developer Portal.
If you are more into listening and watching: check this recent webinar explaining Zilliqa and Scilla. Link is time-stamped so you’ll start right away with a platform introduction, roadmap 2020 and afterwards a proper Scilla introduction.
 
Generalized: programming languages can be divided into being ‘object-oriented’ or ‘functional’. Here is an ELI5 given by software development academy: * “all programs have two basic components, data – what the program knows – and behavior – what the program can do with that data. So object-oriented programming states that combining data and related behaviors in one place, is called “object”, which makes it easier to understand how a particular program works. On the other hand, functional programming argues that data and behavior are different things and should be separated to ensure their clarity.” *
 
Scilla is on the functional side and shares similarities with OCaml: OCaml is a general-purpose programming language with an emphasis on expressiveness and safety. It has an advanced type system that helps catch your mistakes without getting in your way. It's used in environments where a single mistake can cost millions and speed matters, is supported by an active community, and has a rich set of libraries and development tools. For all its power, OCaml is also pretty simple, which is one reason it's often used as a teaching language.
 
Scilla is blockchain agnostic, can be implemented onto other blockchains as well, is recognized by academics and won a so-called Distinguished Artifact Award award at the end of last year.
 
One of the reasons why the Zilliqa team decided to create their own programming language focused on preventing smart contract vulnerabilities is that adding logic on a blockchain, programming, means that you cannot afford to make mistakes. Otherwise, it could cost you. It’s all great and fun blockchains being immutable but updating your code because you found a bug isn’t the same as with a regular web application for example. And with smart contracts, it inherently involves cryptocurrencies in some form thus value.
 
Another difference with programming languages on a blockchain is gas. Every transaction you do on a smart contract platform like Zilliqa or Ethereum costs gas. With gas you basically pay for computational costs. Sending a ZIL from address A to address B costs 0.001 ZIL currently. Smart contracts are more complex, often involve various functions and require more gas (if gas is a new concept click here ).
 
So with Scilla, similar to Solidity, you need to make sure that “every function in your smart contract will run as expected without hitting gas limits. An improper resource analysis may lead to situations where funds may get stuck simply because a part of the smart contract code cannot be executed due to gas limits. Such constraints are not present in traditional software systems”. Scilla design story part 1
 
Some examples of smart contract issues you’d want to avoid are: leaking funds, ‘unexpected changes to critical state variables’ (example: someone other than you setting his or her address as the owner of the smart contract after creation) or simply killing a contract.
 
Scilla also allows for formal verification. Wikipedia to the rescue: In the context of hardware and software systems, formal verification is the act of proving or disproving the correctness of intended algorithms underlying a system with respect to a certain formal specification or property, using formal methods of mathematics.
 
Formal verification can be helpful in proving the correctness of systems such as: cryptographic protocols, combinational circuits, digital circuits with internal memory, and software expressed as source code.
 
Scilla is being developed hand-in-hand with formalization of its semantics and its embedding into the Coq proof assistant — a state-of-the art tool for mechanized proofs about properties of programs.”
 
Simply put, with Scilla and accompanying tooling developers can be mathematically sure and proof that the smart contract they’ve written does what he or she intends it to do.
 
Smart contract on a sharded environment and state sharding
 
There is one more topic I’d like to touch on: smart contract execution in a sharded environment (and what is the effect of state sharding). This is a complex topic. I’m not able to explain it any easier than what is posted here. But I will try to compress the post into something easy to digest.
 
Earlier on we have established that Zilliqa can process transactions in parallel due to network sharding. This is where the linear scalability comes from. We can define simple transactions: a transaction from address A to B (Category 1), a transaction where a user interacts with one smart contract (Category 2) and the most complex ones where triggering a transaction results in multiple smart contracts being involved (Category 3). The shards are able to process transactions on their own without interference of the other shards. With Category 1 transactions that is doable, with Category 2 transactions sometimes if that address is in the same shard as the smart contract but with Category 3 you definitely need communication between the shards. Solving that requires to make a set of communication rules the protocol needs to follow in order to process all transactions in a generalised fashion.
 
And this is where the downsides of state sharding comes in currently. All shards in Zilliqa have access to the complete state. Yes the state size (0.1 GB at the moment) grows and all of the nodes need to store it but it also means that they don’t need to shop around for information available on other shards. Requiring more communication and adding more complexity. Computer science knowledge and/or developer knowledge required links if you want to dig further: Scilla - language grammar Scilla - Foundations for Verifiable Decentralised Computations on a Blockchain Gas Accounting NUS x Zilliqa: Smart contract language workshop
 
Easier to follow links on programming Scilla https://learnscilla.com/home Ivan on Tech
 
Roadmap / Zilliqa 2.0
 
There is no strict defined roadmap but here are topics being worked on. And via the Zilliqa website there is also more information on the projects they are working on.
 
Business & Partnerships
 
It’s not only technology in which Zilliqa seems to be excelling as their ecosystem has been expanding and starting to grow rapidly. The project is on a mission to provide OpenFinance (OpFi) to the world and Singapore is the right place to be due to its progressive regulations and futuristic thinking. Singapore has taken a proactive approach towards cryptocurrencies by introducing the Payment Services Act 2019 (PS Act). Among other things, the PS Act will regulate intermediaries dealing with certain cryptocurrencies, with a particular focus on consumer protection and anti-money laundering. It will also provide a stable regulatory licensing and operating framework for cryptocurrency entities, effectively covering all crypto businesses and exchanges based in Singapore. According to PWC 82% of the surveyed executives in Singapore reported blockchain initiatives underway and 13% of them have already brought the initiatives live to the market. There is also an increasing list of organizations that are starting to provide digital payment services. Moreover, Singaporean blockchain developers Building Cities Beyond has recently created an innovation $15 million grant to encourage development on its ecosystem. This all suggests that Singapore tries to position itself as (one of) the leading blockchain hubs in the world.
 
Zilliqa seems to already take advantage of this and recently helped launch Hg Exchange on their platform, together with financial institutions PhillipCapital, PrimePartners and Fundnel. Hg Exchange, which is now approved by the Monetary Authority of Singapore (MAS), uses smart contracts to represent digital assets. Through Hg Exchange financial institutions worldwide can use Zilliqa's safe-by-design smart contracts to enable the trading of private equities. For example, think of companies such as Grab, Airbnb, SpaceX that are not available for public trading right now. Hg Exchange will allow investors to buy shares of private companies & unicorns and capture their value before an IPO. Anquan, the main company behind Zilliqa, has also recently announced that they became a partner and shareholder in TEN31 Bank, which is a fully regulated bank allowing for tokenization of assets and is aiming to bridge the gap between conventional banking and the blockchain world. If STOs, the tokenization of assets, and equity trading will continue to increase, then Zilliqa’s public blockchain would be the ideal candidate due to its strategic positioning, partnerships, regulatory compliance and the technology that is being built on top of it.
 
What is also very encouraging is their focus on banking the un(der)banked. They are launching a stablecoin basket starting with XSGD. As many of you know, stablecoins are currently mostly used for trading. However, Zilliqa is actively trying to broaden the use case of stablecoins. I recommend everybody to read this text that Amrit Kumar wrote (one of the co-founders). These stablecoins will be integrated in the traditional markets and bridge the gap between the crypto world and the traditional world. This could potentially revolutionize and legitimise the crypto space if retailers and companies will for example start to use stablecoins for payments or remittances, instead of it solely being used for trading.
 
Zilliqa also released their DeFi strategic roadmap (dating November 2019) which seems to be aligning well with their OpFi strategy. A non-custodial DEX is coming to Zilliqa made by Switcheo which allows cross-chain trading (atomic swaps) between ETH, EOS and ZIL based tokens. They also signed a Memorandum of Understanding for a (soon to be announced) USD stablecoin. And as Zilliqa is all about regulations and being compliant, I’m speculating on it to be a regulated USD stablecoin. Furthermore, XSGD is already created and visible on block explorer and XIDR (Indonesian Stablecoin) is also coming soon via StraitsX. Here also an overview of the Tech Stack for Financial Applications from September 2019. Further quoting Amrit Kumar on this:
 
There are two basic building blocks in DeFi/OpFi though: 1) stablecoins as you need a non-volatile currency to get access to this market and 2) a dex to be able to trade all these financial assets. The rest are built on top of these blocks.
 
So far, together with our partners and community, we have worked on developing these building blocks with XSGD as a stablecoin. We are working on bringing a USD-backed stablecoin as well. We will soon have a decentralised exchange developed by Switcheo. And with HGX going live, we are also venturing into the tokenization space. More to come in the future.”
 
Additionally, they also have this ZILHive initiative that injects capital into projects. There have been already 6 waves of various teams working on infrastructure, innovation and research, and they are not from ASEAN or Singapore only but global: see Grantees breakdown by country. Over 60 project teams from over 20 countries have contributed to Zilliqa's ecosystem. This includes individuals and teams developing wallets, explorers, developer toolkits, smart contract testing frameworks, dapps, etc. As some of you may know, Unstoppable Domains (UD) blew up when they launched on Zilliqa. UD aims to replace cryptocurrency addresses with a human-readable name and allows for uncensorable websites. Zilliqa will probably be the only one able to handle all these transactions onchain due to ability to scale and its resulting low fees which is why the UD team launched this on Zilliqa in the first place. Furthermore, Zilliqa also has a strong emphasis on security, compliance, and privacy, which is why they partnered with companies like Elliptic, ChainSecurity (part of PwC Switzerland), and Incognito. Their sister company Aqilliz (Zilliqa spelled backwards) focuses on revolutionizing the digital advertising space and is doing interesting things like using Zilliqa to track outdoor digital ads with companies like Foodpanda.
 
Zilliqa is listed on nearly all major exchanges, having several different fiat-gateways and recently have been added to Binance’s margin trading and futures trading with really good volume. They also have a very impressive team with good credentials and experience. They don't just have “tech people”. They have a mix of tech people, business people, marketeers, scientists, and more. Naturally, it's good to have a mix of people with different skill sets if you work in the crypto space.
 
Marketing & Community
 
Zilliqa has a very strong community. If you just follow their Twitter their engagement is much higher for a coin that has approximately 80k followers. They also have been ‘coin of the day’ by LunarCrush many times. LunarCrush tracks real-time cryptocurrency value and social data. According to their data, it seems Zilliqa has a more fundamental and deeper understanding of marketing and community engagement than almost all other coins. While almost all coins have been a bit frozen in the last months, Zilliqa seems to be on its own bull run. It was somewhere in the 100s a few months ago and is currently ranked #46 on CoinGecko. Their official Telegram also has over 20k people and is very active, and their community channel which is over 7k now is more active and larger than many other official channels. Their local communities also seem to be growing.
 
Moreover, their community started ‘Zillacracy’ together with the Zilliqa core team ( see www.zillacracy.com ). It’s a community-run initiative where people from all over the world are now helping with marketing and development on Zilliqa. Since its launch in February 2020 they have been doing a lot and will also run their own non-custodial seed node for staking. This seed node will also allow them to start generating revenue for them to become a self sustaining entity that could potentially scale up to become a decentralized company working in parallel with the Zilliqa core team. Comparing it to all the other smart contract platforms (e.g. Cardano, EOS, Tezos etc.) they don't seem to have started a similar initiative (correct me if I’m wrong though). This suggests in my opinion that these other smart contract platforms do not fully understand how to utilize the ‘power of the community’. This is something you cannot ‘buy with money’ and gives many projects in the space a disadvantage.
 
Zilliqa also released two social products called SocialPay and Zeeves. SocialPay allows users to earn ZILs while tweeting with a specific hashtag. They have recently used it in partnership with the Singapore Red Cross for a marketing campaign after their initial pilot program. It seems like a very valuable social product with a good use case. I can see a lot of traditional companies entering the space through this product, which they seem to suggest will happen. Tokenizing hashtags with smart contracts to get network effect is a very smart and innovative idea.
 
Regarding Zeeves, this is a tipping bot for Telegram. They already have 1000s of signups and they plan to keep upgrading it for more and more people to use it (e.g. they recently have added a quiz features). They also use it during AMAs to reward people in real-time. It’s a very smart approach to grow their communities and get familiar with ZIL. I can see this becoming very big on Telegram. This tool suggests, again, that the Zilliqa team has a deeper understanding of what the crypto space and community needs and is good at finding the right innovative tools to grow and scale.
 
To be honest, I haven’t covered everything (i’m also reaching the character limited haha). So many updates happening lately that it's hard to keep up, such as the International Monetary Fund mentioning Zilliqa in their report, custodial and non-custodial Staking, Binance Margin, Futures, Widget, entering the Indian market, and more. The Head of Marketing Colin Miles has also released this as an overview of what is coming next. And last but not least, Vitalik Buterin has been mentioning Zilliqa lately acknowledging Zilliqa and mentioning that both projects have a lot of room to grow. There is much more info of course and a good part of it has been served to you on a silver platter. I invite you to continue researching by yourself :-) And if you have any comments or questions please post here!
submitted by haveyouheardaboutit to CryptoCurrency [link] [comments]

[ Bitcoin ] Technical: Taproot: Why Activate?

Topic originally posted in Bitcoin by almkglor [link]
This is a follow-up on https://old.reddit.com/Bitcoin/comments/hqzp14/technical_the_path_to_taproot_activation/
Taproot! Everybody wants it!! But... you might ask yourself: sure, everybody else wants it, but why would I, sovereign Bitcoin HODLer, want it? Surely I can be better than everybody else because I swapped XXX fiat for Bitcoin unlike all those nocoiners?
And it is important for you to know the reasons why you, o sovereign Bitcoiner, would want Taproot activated. After all, your nodes (or the nodes your wallets use, which if you are SPV, you hopefully can pester to your wallet vendoimplementor about) need to be upgraded in order for Taproot activation to actually succeed instead of becoming a hot sticky mess.
First, let's consider some principles of Bitcoin.
I'm sure most of us here would agree that the above are very important principles of Bitcoin and that these are principles we would not be willing to remove. If anything, we would want those principles strengthened (especially the last one, financial privacy, which current Bitcoin is only sporadically strong with: you can get privacy, it just requires effort to do so).
So, how does Taproot affect those principles?

Taproot and Your /Coins

Most HODLers probably HODL their coins in singlesig addresses. Sadly, switching to Taproot would do very little for you (it gives a mild discount at spend time, at the cost of a mild increase in fee at receive time (paid by whoever sends to you, so if it's a self-send from a P2PKH or bech32 address, you pay for this); mostly a wash).
(technical details: a Taproot output is 1 version byte + 32 byte public key, while a P2WPKH (bech32 singlesig) output is 1 version byte + 20 byte public key hash, so the Taproot output spends 12 bytes more; spending from a P2WPKH requires revealing a 32-byte public key later, which is not needed with Taproot, and Taproot signatures are about 9 bytes smaller than P2WPKH signatures, but the 32 bytes plus 9 bytes is divided by 4 because of the witness discount, so it saves about 11 bytes; mostly a wash, it increases blockweight by about 1 virtual byte, 4 weight for each Taproot-output-input, compared to P2WPKH-output-input).
However, as your HODLings grow in value, you might start wondering if multisignature k-of-n setups might be better for the security of your savings. And it is in multisignature that Taproot starts to give benefits!
Taproot switches to using Schnorr signing scheme. Schnorr makes key aggregation -- constructing a single public key from multiple public keys -- almost as trivial as adding numbers together. "Almost" because it involves some fairly advanced math instead of simple boring number adding, but hey when was the last time you added up your grocery list prices by hand huh?
With current P2SH and P2WSH multisignature schemes, if you have a 2-of-3 setup, then to spend, you need to provide two different signatures from two different public keys. With Taproot, you can create, using special moon math, a single public key that represents your 2-of-3 setup. Then you just put two of your devices together, have them communicate to each other (this can be done airgapped, in theory, by sending QR codes: the software to do this is not even being built yet, but that's because Taproot hasn't activated yet!), and they will make a single signature to authorize any spend from your 2-of-3 address. That's 73 witness bytes -- 18.25 virtual bytes -- of signatures you save!
And if you decide that your current setup with 1-of-1 P2PKH / P2WPKH addresses is just fine as-is: well, that's the whole point of a softfork: backwards-compatibility; you can receive from Taproot users just fine, and once your wallet is updated for Taproot-sending support, you can send to Taproot users just fine as well!
(P2WPKH and P2WSH -- SegWit v0 -- addresses start with bc1q; Taproot -- SegWit v1 --- addresses start with bc1p, in case you wanted to know the difference; in bech32 q is 0, p is 1)
Now how about HODLers who keep all, or some, of their coins on custodial services? Well, any custodial service worth its salt would be doing at least 2-of-3, or probably something even bigger, like 11-of-15. So your custodial service, if it switched to using Taproot internally, could save a lot more (imagine an 11-of-15 getting reduced from 11 signatures to just 1!), which --- we can only hope! --- should translate to lower fees and better customer service from your custodial service!
So I think we can say, very accurately, that the Bitcoin principle --- that YOU are in control of your money --- can only be helped by Taproot (if you are doing multisignature), and, because P2PKH and P2WPKH remain validly-usable addresses in a Taproot future, will not be harmed by Taproot. Its benefit to this principle might be small (it mostly only benefits multisignature users) but since it has no drawbacks with this (i.e. singlesig users can continue to use P2WPKH and P2PKH still) this is still a nice, tidy win!
(even singlesig users get a minor benefit, in that multisig users will now reduce their blockchain space footprint, so that fees can be kept low for everybody; so for example even if you have your single set of private keys engraved on titanium plates sealed in an airtight box stored in a safe buried in a desert protected by angry nomads riding giant sandworms because you're the frickin' Kwisatz Haderach, you still gain some benefit from Taproot)
And here's the important part: if P2PKH/P2WPKH is working perfectly fine with you and you decide to never use Taproot yourself, Taproot will not affect you detrimentally. First do no harm!

Taproot and Your Contracts

No one is an island, no one lives alone. Give and you shall receive. You know: by trading with other people, you can gain expertise in some obscure little necessity of the world (and greatly increase your productivity in that little field), and then trade the products of your expertise for necessities other people have created, all of you thereby gaining gains from trade.
So, contracts, which are basically enforceable agreements that facilitate trading with people who you do not personally know and therefore might not trust.
Let's start with a simple example. You want to buy some gewgaws from somebody. But you don't know them personally. The seller wants the money, you want their gewgaws, but because of the lack of trust (you don't know them!! what if they're scammers??) neither of you can benefit from gains from trade.
However, suppose both of you know of some entity that both of you trust. That entity can act as a trusted escrow. The entity provides you security: this enables the trade, allowing both of you to get gains from trade.
In Bitcoin-land, this can be implemented as a 2-of-3 multisignature. The three signatories in the multisgnature would be you, the gewgaw seller, and the escrow. You put the payment for the gewgaws into this 2-of-3 multisignature address.
Now, suppose it turns out neither of you are scammers (whaaaat!). You receive the gewgaws just fine and you're willing to pay up for them. Then you and the gewgaw seller just sign a transaction --- you and the gewgaw seller are 2, sufficient to trigger the 2-of-3 --- that spends from the 2-of-3 address to a singlesig the gewgaw seller wants (or whatever address the gewgaw seller wants).
But suppose some problem arises. The seller gave you gawgews instead of gewgaws. Or you decided to keep the gewgaws but not sign the transaction to release the funds to the seller. In either case, the escrow is notified, and if it can sign with you to refund the funds back to you (if the seller was a scammer) or it can sign with the seller to forward the funds to the seller (if you were a scammer).
Taproot helps with this: like mentioned above, it allows multisignature setups to produce only one signature, reducing blockchain space usage, and thus making contracts --- which require multiple people, by definition, you don't make contracts with yourself --- is made cheaper (which we hope enables more of these setups to happen for more gains from trade for everyone, also, moon and lambos).
(technology-wise, it's easier to make an n-of-n than a k-of-n, making a k-of-n would require a complex setup involving a long ritual with many communication rounds between the n participants, but an n-of-n can be done trivially with some moon math. You can, however, make what is effectively a 2-of-3 by using a three-branch SCRIPT: either 2-of-2 of you and seller, OR 2-of-2 of you and escrow, OR 2-of-2 of escrow and seller. Fortunately, Taproot adds a facility to embed a SCRIPT inside a public key, so you can have a 2-of-2 Taprooted address (between you and seller) with a SCRIPT branch that can instead be spent with 2-of-2 (you + escrow) OR 2-of-2 (seller + escrow), which implements the three-branched SCRIPT above. If neither of you are scammers (hopefully the common case) then you both sign using your keys and never have to contact the escrow, since you are just using the escrow public key without coordinating with them (because n-of-n is trivial but k-of-n requires setup with communication rounds), so in the "best case" where both of you are honest traders, you also get a privacy boost, in that the escrow never learns you have been trading on gewgaws, I mean ewww, gawgews are much better than gewgaws and therefore I now judge you for being a gewgaw enthusiast, you filthy gewgawer).

Taproot and Your Contracts, Part 2: Cryptographic Boogaloo

Now suppose you want to buy some data instead of things. For example, maybe you have some closed-source software in trial mode installed, and want to pay the developer for the full version. You want to pay for an activation code.
This can be done, today, by using an HTLC. The developer tells you the hash of the activation code. You pay to an HTLC, paying out to the developer if it reveals the preimage (the activation code), or refunding the money back to you after a pre-agreed timeout. If the developer claims the funds, it has to reveal the preimage, which is the activation code, and you can now activate your software. If the developer does not claim the funds by the timeout, you get refunded.
And you can do that, with HTLCs, today.
Of course, HTLCs do have problems:
Fortunately, with Schnorr (which is enabled by Taproot), we can now use the Scriptless Script constuction by Andrew Poelstra. This Scriptless Script allows a new construction, the PTLC or Pointlocked Timelocked Contract. Instead of hashes and preimages, just replace "hash" with "point" and "preimage" with "scalar".
Or as you might know them: "point" is really "public key" and "scalar" is really a "private key". What a PTLC does is that, given a particular public key, the pointlocked branch can be spent only if the spender reveals the private key of the given private key to you.
Another nice thing with PTLCs is that they are deniable. What appears onchain is just a single 2-of-2 signature between you and the developemanufacturer. It's like a magic trick. This signature has no special watermarks, it's a perfectly normal signature (the pledge). However, from this signature, plus some datta given to you by the developemanufacturer (known as the adaptor signature) you can derive the private key of a particular public key you both agree on (the turn). Anyone scraping the blockchain will just see signatures that look just like every other signature, and as long as nobody manages to hack you and get a copy of the adaptor signature or the private key, they cannot get the private key behind the public key (point) that the pointlocked branch needs (the prestige).
(Just to be clear, the public key you are getting the private key from, is distinct from the public key that the developemanufacturer will use for its funds. The activation key is different from the developer's onchain Bitcoin key, and it is the activation key whose private key you will be learning, not the developer's/manufacturer's onchain Bitcoin key).
So:
Taproot lets PTLCs exist onchain because they enable Schnorr, which is a requirement of PTLCs / Scriptless Script.
(technology-wise, take note that Scriptless Script works only for the "pointlocked" branch of the contract; you need normal Script, or a pre-signed nLockTimed transaction, for the "timelocked" branch. Since Taproot can embed a script, you can have the Taproot pubkey be a 2-of-2 to implement the Scriptless Script "pointlocked" branch, then have a hidden script that lets you recover the funds with an OP_CHECKLOCKTIMEVERIFY after the timeout if the seller does not claim the funds.)

Quantum Quibbles!

Now if you were really paying attention, you might have noticed this parenthetical:
(technical details: a Taproot output is 1 version byte + 32 byte public key, while a P2WPKH (bech32 singlesig) output is 1 version byte + 20 byte public key hash...)
So wait, Taproot uses raw 32-byte public keys, and not public key hashes? Isn't that more quantum-vulnerable??
Well, in theory yes. In practice, they probably are not.
It's not that hashes can be broken by quantum computes --- they're still not. Instead, you have to look at how you spend from a P2WPKH/P2PKH pay-to-public-key-hash.
When you spend from a P2PKH / P2WPKH, you have to reveal the public key. Then Bitcoin hashes it and checks if this matches with the public-key-hash, and only then actually validates the signature for that public key.
So an unconfirmed transaction, floating in the mempools of nodes globally, will show, in plain sight for everyone to see, your public key.
(public keys should be public, that's why they're called public keys, LOL)
And if quantum computers are fast enough to be of concern, then they are probably fast enough that, in the several minutes to several hours from broadcast to confirmation, they have already cracked the public key that is openly broadcast with your transaction. The owner of the quantum computer can now replace your unconfirmed transaction with one that pays the funds to itself. Even if you did not opt-in RBF, miners are still incentivized to support RBF on RBF-disabled transactions.
So the extra hash is not as significant a protection against quantum computers as you might think. Instead, the extra hash-and-compare needed is just extra validation effort.
Further, if you have ever, in the past, spent from the address, then there exists already a transaction indelibly stored on the blockchain, openly displaying the public key from which quantum computers can derive the private key. So those are still vulnerable to quantum computers.
For the most part, the cryptographers behind Taproot (and Bitcoin Core) are of the opinion that quantum computers capable of cracking Bitcoin pubkeys are unlikely to appear within a decade or two.
So:
For now, the homomorphic and linear properties of elliptic curve cryptography provide a lot of benefits --- particularly the linearity property is what enables Scriptless Script and simple multisignature (i.e. multisignatures that are just 1 signature onchain). So it might be a good idea to take advantage of them now while we are still fairly safe against quantum computers. It seems likely that quantum-safe signature schemes are nonlinear (thus losing these advantages).

Summary

I Wanna Be The Taprooter!

So, do you want to help activate Taproot? Here's what you, mister sovereign Bitcoin HODLer, can do!

But I Hate Taproot!!

That's fine!

Discussions About Taproot Activation

almkglor your post has been copied because one or more comments in this topic have been removed. This copy will preserve unmoderated topic. If you would like to opt-out, please send a message using [this link].
[deleted comment]
[deleted comment]
[deleted comment]
submitted by anticensor_bot to u/anticensor_bot [link] [comments]

WARNING: The Truth About Bitcoin - YouTube The Math Behind Bitcoin Bitcoin Mining Software 2019 With All Proof NiceHash Mining With Your Computer Easily Bitcoin: Beyond The Bubble - Full Documentary - YouTube

To understand Bitcoin mining and why it exists, let’s start by looking at the technology behind Bitcoin. When we take a purely digital currency, how do we keep track of how many Bitcoins each person has? Bitcoin is based on the Blockchain—a giant ledger of every Bitcoin transaction. But unlike a bank account or a private ledger, the Blockchain is not only out in the open for everyone to ... If you are trying to understand how Bitcoin mining software works but can’t find a reference implementation that is minimal and easy to understand (like me, 2 days ago) here’s my contribution: Miniminer is a simple CPU based Bitcoin Miner in C#. Only about 300 lines of code but fully functional, open source and uploaded on Github. All changes and upgrades to the protocol should strive to maintain and reinforce these Principles of Bitcoin. 21 million coins. No censorship: Nobody should be able to prevent valid txs from being confirmed. Open-Source: Bitcoin source code should always be open for anyone to read, modify, copy, share. Permissionless: No arbitrary gatekeepers should ever prevent anybody from being part of the ... Bitcoin Mining is the process of using specialized computer hardware to earn Bitcoin. The annual production of Bitcoin via mining is $3.5 Billion dollars, with most of that Bitcoin going to Bitcoin miners. As miners earn rewards in Bitcoin, their profits can change greatly on market conditions – making Bitcoin mining a high risk / high reward industry. Anyone can join the Bitcoin network and ... Hello, I'm a programmer, and I have an interest to look at the code behind bitcoin. Where should I start? I assume I'm looking at Bitcoinqt right? The wallet that you download - that's essentially the golden ticket? Or is it the mining software? 4 comments. share. save hide report. 80% Upvoted. This thread is archived. New comments cannot be posted and votes cannot be cast. Sort by. best ...

[index] [4310] [8565] [30545] [27866] [19890] [36056] [12940] [30717] [5673] [39556]

WARNING: The Truth About Bitcoin - YouTube

Bitcoin Miner V3.0 (MicroCryptoSoft) - Duration: 6 ... The Controversy Behind Nike’s Vaporfly Running Shoe, Explained WSJ - Duration: 8:27. Wall Street Journal Recommended for you. 8:27. Why I ... Elliptic curves, SHA256, and RIPEMD160, oh my. Dr. Darren Tapp presents the fundamental mathematics needed for Bitcoin to work as intended, prepared so that ... Thanks for watching! For donations: Bitcoin - 1CpGMM8Ag8gNYL3FffusVqEBUvHyYenTP8 This video will show you how to start bitcoin mining from home. It's very easy and "free" to do if you have a gaming PC. *****... https://www.nicehash.com/?refby=72998 (Mining With Your Computer Easily ) For More Join https://www.blockchain.com/ Create A Wallet for Bitcoins ,(If You Hav...

#