Bitcoin and Thermodynamics Hacker Noon

Transcript of how Philip the tyrant admin of the Bitcoin Cash Telegram group called Spoice stupid, an idiot, a parrot among other insults then banned her instead of discussing Bitcoin Cash. That Telegram group is hostile, ABC/IFP shills run and follows the rBitcoin toxic censorship modus operandi.

David B., [18.10.20 01:46]
https://www.reddit.com/btc/comments/jdagi3/whats_up_with_the_bchn_hypocrisy/

David B., [18.10.20 01:47]
Wut x2

J Stodd, [18.10.20 01:49]
[In reply to David B.]
Their words are meaningless. They have no principles. Wish i could comment but bitcoinxio banned me from rbtc and never told me why

David B., [18.10.20 01:59]
These comments are so toxic

Spoice, [18.10.20 01:59]
In reality, the real continuation of Bitcoin as we all know it is what is carried on by BCHN, BU, BCHD and others

Spoice, [18.10.20 02:00]
ABC is changing the rules to something that is not Bitcoin

Spoice, [18.10.20 02:00]
anyone denying those facts is selling you snake oil

Spoice, [18.10.20 02:00]
If Blockstream tried to take some % to their own benefit, we would have never needed BCH in the first place

Spoice, [18.10.20 02:00]
everyone would have rejected them in a second

J Stodd, [18.10.20 02:01]
[In reply to Spoice]
Bitcoin Cash is not Bitcoin to start with, so who cares?

David B., [18.10.20 02:01]
[ Album ]

Spoice, [18.10.20 02:01]
yet we have ABC trying to pull this theft and all those puppets think it's ok

Spoice, [18.10.20 02:01]
JSTodd that's bullshit

David B., [18.10.20 02:01]
Like trying to talk to a core maxi about altcoins

Spoice, [18.10.20 02:01]
Bitcoin Cash is the most Bitcoin out of all Bitcoins

Spoice, [18.10.20 02:01]
it is the continuation of what Satoshi started

David B., [18.10.20 02:02]
Tbh they aren't even toxic

Michael Nunzio, [18.10.20 02:02]
[In reply to Spoice]
If the hash follows then it is Bitcoin Cash. Only if it doesn't is your claim true

J Stodd, [18.10.20 02:03]
[In reply to Spoice]
Bitcoin is Bitcoin. Bitcoin failed to be Peer to Peer Cash, so Bitcoin Cash attempted to fix this by forking Bitcoin and attacking the root of the problem. This does not mean Bitcoin Cash is literally Bitcoin. Adopt a different argument. Sorry if you bought into that bc of Rogers rantings

J Stodd, [18.10.20 02:05]
Bitcoin Cash can replace Bitcoin, and if Bitcoin dies and BCH wins then sure maybe it can take its name from its grave, but they are different products, trying to say Bitcoin stopped being "Bitcoin" and became BCH is a self contradiction.

Jingles, [18.10.20 02:08]
Jstodd's got some good points.

Jingles, [18.10.20 02:08]
He's learnt so much in the last year ☺️

Spoice, [18.10.20 02:08]
"Bitcoin is Bitcoin" is a false statement. BTC is just an instance of Bitcoin. Bitcoin is the set of rules defined in the whitepaper first and foremost, it is peer to peer electronic cash. BTC no longer fits that criteria. Bitcoin Cash meets them. The fork proposed by ABC also fails to meet that criteria. Therefore the continuation of Bitcoin is in whatever BU, BCHN, Flowee and others will continue.

Jingles, [18.10.20 02:09]
What rules were defined in the WP?

Spoice, [18.10.20 02:10]
Let's see which rules aren't: 1) No coinbase tax going to any centralized entity such as ABC 2) No throttling of TX throughput such as BTC

Spoice, [18.10.20 02:10]
therefore they both fail the simple "Is this Bitcoin?" test

Spoice, [18.10.20 02:11]
Finally, Michael, if you think Hash rate defines what Bitcoin is, you should stick to BTC

Jingles, [18.10.20 02:11]
21 million coins isn't in the WP

Jingles, [18.10.20 02:11]
I asked what rules did the WP define.

Spoice, [18.10.20 02:12]
Because BCH failed that criteria since it forked, therefore your point is wrong

Spoice, [18.10.20 02:12]
https://www.metzdowd.com/pipermail/cryptography/2009-January/014994.html

Spoice, [18.10.20 02:12]
The announcement of the white paper included the 21 million limit, close enough

Jingles, [18.10.20 02:12]
HIs announcement isn't the WP

Spoice, [18.10.20 02:12]
show me where Satoshi said that Amaury shoudl tax the chain?

Spoice, [18.10.20 02:12]
Doesn't matter- close enough

Jingles, [18.10.20 02:12]
Bitcoin is the set of rules defined in the whitepaper first and foremost - You

Jingles, [18.10.20 02:13]
My ears pricked up on that comment, so I'm asking you what you meant.

Spoice, [18.10.20 02:13]
Correct. Changing the 21 million hard limit is still more Bitcoin than taxing the Coinbase, yet both will never ever happen. Not to Bitcoin anyway

Jingles, [18.10.20 02:13]
If you meant Satoj's writings pre and post WP then you should be clear about it

Spoice, [18.10.20 02:13]
some bastardized chain might, just not Bitcoin

Jingles, [18.10.20 02:14]
The closest we have to anything to indicate what is "Bitcoiness" is general things like "the longest chain"

Spoice, [18.10.20 02:14]
No, it is never a single thing

David B., [18.10.20 02:15]
REEEE

Jingles, [18.10.20 02:15]
trustless, no single trusted third parties, and rules can change due to incentives via consensus

Spoice, [18.10.20 02:15]
it is a set of common sense and experiment driven and historical relevance and initial parameters and "peer to peer electronic cash" definition indicators

Spoice, [18.10.20 02:15]
never a single thing

Jingles, [18.10.20 02:16]
[In reply to Spoice]
This is like the exact opposite of what you said earlier

Jingles, [18.10.20 02:16]
Bitcoin is defined by the rules in the WP, I mean common sense.

Jingles, [18.10.20 02:16]
🤷‍♂️

Spoice, [18.10.20 02:16]
Nope, the rule set is defined in the white paper should never change, but I never said all rules are defined in the white paper

Jingles, [18.10.20 02:16]
What rules?

Spoice, [18.10.20 02:16]
It is a union

Jingles, [18.10.20 02:17]
What rules are there?

Spoice, [18.10.20 02:17]
Rules in the white paper + what continued to define Bitcoin thereafter

J Stodd, [18.10.20 02:17]
[In reply to Spoice]
> "Bitcoin is Bitcoin is a false statement."
Alas, if we cannot agree on the law of identity, aka A=A, then i dont understand how to hold a conversation with you using logic.
> BTC is an instance of Bitcoin
No, BTC is a ticker used optionally by exchanges. Other common tickers for bitcoin include XBC, XBT, BC (correct me if im wrong on any of these)
> "Bitcoin is a set of rules in the whitepaper"
Super hard to defend this. Theres no mention of a 21M supply cap, no blocksize limit *at all*, and it also says additional rules and incentives can be enforced (implying maybe they should).

Jingles, [18.10.20 02:17]
I go through this with BSVers all the time. We have no spec sheet of rules defining what Bitcoin is from Satoshi.

Spoice, [18.10.20 02:18]
Rules such as what defines a correct block, miners receiving the full incentive of mining it, etc

Jingles, [18.10.20 02:18]
The WP is a highlevel document

Spoice, [18.10.20 02:18]
The WP is a description of a scientific experiment

Spoice, [18.10.20 02:18]
if you want to start your own experiment, be my guest

Jingles, [18.10.20 02:18]
[In reply to Spoice]
Valid tx rules aren't defined in the WP

Spoice, [18.10.20 02:18]
just don't try to call it Bitcoin

Jingles, [18.10.20 02:19]
The word majority is in the WP an awful lot wouldn't you say?

Spoice, [18.10.20 02:19]
Not valid TX rules, but what a proof of work block is and how it diverts the reward to the miner, etc

Jingles, [18.10.20 02:20]
[In reply to Spoice]
and? what about BTC doesn't apply?

Jingles, [18.10.20 02:20]
I'm not arguing for any fork of BCH here.

Spoice, [18.10.20 02:20]
It no longer meets the very title of the white paper experiment, "Peer to peer electronic cash"

Spoice, [18.10.20 02:20]
The BTC instance of the experiment is destined to move away from the very title of the white paper

Jingles, [18.10.20 02:20]
It's electronic, and I use it like cash.

Spoice, [18.10.20 02:20]
that the maintainers even wanted to edit the white paper (Cobra and co) because of this fact

J Stodd, [18.10.20 02:20]
u/Spoice When did BTC stop being Bitcoin in your view? The day Amaury decided to launch the fork, before Segwit happened?
If someone else launched a fork first, they would have been "the real bitcoin"?
This is a game of whoever forks first becomes the real Bitcoin?
What if two people launched a fork at the exact same time, maybe even with identical specs?

Jingles, [18.10.20 02:21]
Where did I go wrong?

Jingles, [18.10.20 02:21]
[In reply to Spoice]
Did they?

Spoice, [18.10.20 02:21]
Doesn't matter if you use it today, its very technical fabric will have to move your transactions to 2nd layers and it will no longer be peer to peer electronic cash on chain

Jingles, [18.10.20 02:21]
peer to peer electronic cash on chain - Not in the wp

Jingles, [18.10.20 02:22]
We have satoj talking about HFT with sidechannels.

Jingles, [18.10.20 02:22]
So what?

Jingles, [18.10.20 02:23]
I think this is a good discussion Phil, nothing disrespectful is being said. I hope this is ok?

Spoice, [18.10.20 02:23]
Doesn't matter, the rule of common sense, which is closer to that title? Increasing a simple variable (Blocksize) to stay on track of the title and experiment, or introduce IOUs and Watchtowers and channels and locked BTC and that whole LN Bastardization? Which is close to the title?

Jingles, [18.10.20 02:23]
No one said that can't happen

Michael Nunzio, [18.10.20 02:24]
[In reply to Spoice]
Congratulations you've made an argument which isn't an argument.

Jingles, [18.10.20 02:25]
The whole thing that was said was the system is based on majority rules, and incentives can be changed. Majority breaks any deadlock.

David B., [18.10.20 02:25]
How to kill a coin 101

Spoice, [18.10.20 02:25]
Logic fails anyone who tries to claim BTC, ABC, BSV or any similar standalone experiments as Bitcoin, because of simple sanity checks and logic checks, often stemming out of common sense - If what you have moves you a single step away from what is otherwise the same old experiment which Satoshi wrote about and unleashed, you're not Bitcoin. If what you have moves you a step closer, it is Bitcoin. and so on and so forth.

Phlip - Not giving away coins, [18.10.20 02:25]
Wow, really fanatical almost religious statements. I guess its Sunday morning.

Jingles, [18.10.20 02:27]
[In reply to Spoice]
There's nothing common about common sense. You point to the WP to make a point, and your point isn't in there.

Spoice, [18.10.20 02:27]
Throttled and you need off-chain IOUs and always-on services to function (BTC) ? Not Bitcoin. Requires permission to be used and could be centrally confiscated on the whim of the organization behind it (BSV)? Not Bitcoin. Premined (Bitcoin Gold, Diamond)? Not Bitcoin. Taxing the miners through Coinbase and changing the incentives which were at play since day 0 (ABC)? Not Bitcoin

Spoice, [18.10.20 02:27]
simple checks really, yet those who are set to benefit will of course be oblivious to these

Phlip - Not giving away coins, [18.10.20 02:28]
This whole “Bitcoin Cash is the true Bitcoin - see whitepaper” is really stupid. It also ignores the history of how Bitcoin Cash came into existence

Jingles, [18.10.20 02:28]
Phillip, remove anyone here that has said Bitcoin Gold was the original Bitcoin immediately

Jingles, [18.10.20 02:28]
^^^^

Jingles, [18.10.20 02:29]
[In reply to Phlip - Not giving away coins]
It falls to pieces the moment it's questioned.

Spoice, [18.10.20 02:29]
It is not about "True" Bitcoin

Spoice, [18.10.20 02:30]
It is about the Bitcoin closest to the experiment which always was

Spoice, [18.10.20 02:30]
I don't care about "True" or not, they all are true

Phlip - Not giving away coins, [18.10.20 02:30]
[In reply to Jingles]
Sorry, I hve stopped reading all the sillyness above. Will reread later

Jingles, [18.10.20 02:30]
[In reply to Phlip - Not giving away coins]
I'm joking around 😂

Spoice, [18.10.20 02:30]
but the rule of entropy says I shouldn't place my money nor effort in experiments which are set to fade eventually, because they have skewed incentives

Phlip - Not giving away coins, [18.10.20 02:31]
[In reply to Spoice]
You get to chose that for yourself but you do not get to dictate it for others

David B., [18.10.20 02:31]
[In reply to Phlip - Not giving away coins]
Don't read it. You will have no braincells left

Spoice, [18.10.20 02:31]
Bitcoin as we know it has a long track record of incentives which work

Spoice, [18.10.20 02:31]
I won't ever dictate it for others

Spoice, [18.10.20 02:31]
I only would dictate it for myself, just like how I never use BTC or BSV today, I won't use ABC tomorrow

Spoice, [18.10.20 02:32]
only because they're new experiments

Spoice, [18.10.20 02:32]
interesting, and I wish them luck

Jingles, [18.10.20 02:32]
"Bitcoin is Bitcoin" is a false statement - Spoice 2020

Spoice, [18.10.20 02:32]
but I would rather stick to the Bitcoin I know

Spoice, [18.10.20 02:32]
that's all

Jingles, [18.10.20 02:32]
I won't ever dictate it for others - Also Spoice
Phlip - Not giving away coins, [18.10.20 02:32]
Bitcoin Cash came with a plan snd goals. They were clearly presented in two presentations that happened before viabtc announced they would mine with ABC software and create a coin and chain named Bitcoin Cash

Spoice, [18.10.20 02:32]
Yes, because he means BTC is Bitcoin, and that's a false statement

Jingles, [18.10.20 02:32]
How is it false?

Spoice, [18.10.20 02:32]
It is an instance of Bitcoin

Jc Crown [ I DON'T DM PEOPLE - DON'T GIVE ME MONEY! ], [18.10.20 02:33]
[In reply to Michael Nunzio]
you're looking intimidatingly handsome in your new profile picture

Phlip - Not giving away coins, [18.10.20 02:33]
[In reply to Jc Crown [ I DON'T DM PEOPLE - DON'T GIVE ME MONEY! ]]
Lol

Jc Crown [ I DON'T DM PEOPLE - DON'T GIVE ME MONEY! ], [18.10.20 02:33]
[In reply to J Stodd]
actually a good question

Spoice, [18.10.20 02:34]
Anyway, those are my two cents

Spoice, [18.10.20 02:34]
Everyone is free to choose which experiments to pour their effort on and their money in

Phlip - Not giving away coins, [18.10.20 02:34]
[In reply to Spoice]
You are entitled to your opinion.

Spoice, [18.10.20 02:34]
Andreas is publishing Lightning Network books, I mean

Spoice, [18.10.20 02:34]
So to each his own

Phlip - Not giving away coins, [18.10.20 02:35]
[In reply to Spoice]
Lets leave it at that

Spoice, [18.10.20 02:35]
but Bitcoin as I know it continues with no Tax, and that in my opinion is BCH with no tax

Phlip - Not giving away coins, [18.10.20 02:35]
Ah you had to continue

Phlip - Not giving away coins, [18.10.20 02:36]
Good thing no tax is proposed by anyone
Spoice, [18.10.20 02:35]
Isn't this the Bitcoin Cash telegram?

Jc Crown [ I DON'T DM PEOPLE - DON'T GIVE ME MONEY! ], [18.10.20 02:35]
😅

Spoice, [18.10.20 02:36]
If I don't discuss Bitcoin Cash here, where should I?

Spoice, [18.10.20 02:36]
Tax, IFP, call it what you will

Spoice, [18.10.20 02:36]
from my perspective as a user, it's one the same

J Stodd, [18.10.20 02:36]
[In reply to Jc Crown [ I DON'T DM PEOPLE - DON'T GIVE ME MONEY! ]]
I bet nobody will answer it, either

Phlip - Not giving away coins, [18.10.20 02:37]
[In reply to Spoice]
Apparently btc /s

David B., [18.10.20 02:37]
[In reply to Spoice]
As a user what do you care?

Jingles, [18.10.20 02:37]
Ooh, can I shill the Bitcoin room in here?

Spoice, [18.10.20 02:37]
Nah, I prefer quick responses and chats

Spoice, [18.10.20 02:37]
Reddit is broken

Phlip - Not giving away coins, [18.10.20 02:37]
[In reply to Jingles]
Lol

J Stodd, [18.10.20 02:37]
[In reply to Spoice]
Nobody even pays it, it just comes out of the block reward. The block reward is not sentient, it cannot be stolen from or wronged

Phlip - Not giving away coins, [18.10.20 02:37]
Dont push your luck 😉

Jingles, [18.10.20 02:37]
[ 😀 Sticker ]

Michael Nunzio, [18.10.20 02:38]
[In reply to Jc Crown [ I DON'T DM PEOPLE - DON'T GIVE ME MONEY! ]]
You too brother. 🙏

Jc Crown [ I DON'T DM PEOPLE - DON'T GIVE ME MONEY! ], [18.10.20 02:38]
[In reply to Michael Nunzio]
but mine is the same....i need new ones everyone always calls me fat because of this one

Jc Crown [ I DON'T DM PEOPLE - DON'T GIVE ME MONEY! ], [18.10.20 02:38]
literally if i say 1 thing to any troll anywhere first thing they say is "ok fatass"

Jc Crown [ I DON'T DM PEOPLE - DON'T GIVE ME MONEY! ], [18.10.20 02:38]
i blame this dumb photographer

Michael Nunzio, [18.10.20 02:38]
[In reply to Jc Crown [ I DON'T DM PEOPLE - DON'T GIVE ME MONEY! ]]
Don't listen.

Phlip - Not giving away coins, [18.10.20 02:39]
u/spoice maybe write a read.cash article if you really feel you need to educate people

Spoice, [18.10.20 02:39]
David, as a user I believe that each new experiment carries risk with it, why should I take part in a new fork of Bitcoin which has a new set of game-theory rules which doesn't even benefit me, rather it benefits some other entity which will take 5% of any effort or economic activity I produce on this chain? They're also off-loading the risk to me as a usebuildebusiness who choose to join their experiment.

Spoice, [18.10.20 02:40]
Why should I take that risk while the Bitcoin I know and have known for over 10 years worked perfectly for me thus far? (BCH, that is)

Jingles, [18.10.20 02:40]
small fees and empty blocks?

Jc Crown [ I DON'T DM PEOPLE - DON'T GIVE ME MONEY! ], [18.10.20 02:41]
It will insure that a centralized group has control over development and they are by decree in the code, it's a literal take over.

Phlip - Not giving away coins, [18.10.20 02:41]
[In reply to Spoice]
“BSV-freeze the protocol - true Bitcoin” sounds like more your thing

David B., [18.10.20 02:41]
[In reply to Spoice]
Better run bitcoin core 0.1

Jc Crown [ I DON'T DM PEOPLE - DON'T GIVE ME MONEY! ], [18.10.20 02:41]
Imagine if satoshi keyd his address in the code to be paid out of every block, but instead of paying himself started a company "Bitcoin Dev Co"

Spoice, [18.10.20 02:42]
Not really, BSV kills the incentives I am discussing too

Phlip - Not giving away coins, [18.10.20 02:42]
[In reply to Jingles]
Please stay nice now

Jc Crown [ I DON'T DM PEOPLE - DON'T GIVE ME MONEY! ], [18.10.20 02:42]
No one would ever be able to say Bitcoin was Decentralized, Bitcoin Dev Co would get paid directly from the reward.

Jingles, [18.10.20 02:42]
[In reply to Phlip - Not giving away coins]
"BSV: We have all the Bad Idea. On chain"

Spoice, [18.10.20 02:42]
The Nash equilibrium we have tested for the past 10 years will be changed with ABC, it changed with BTC and BSV too

Jc Crown [ I DON'T DM PEOPLE - DON'T GIVE ME MONEY! ], [18.10.20 02:42]
"Bad Solutions Verified"

Spoice, [18.10.20 02:42]
that game-theory set of incentives

Spoice, [18.10.20 02:43]
why would I want to take a risk with any of those experiments when I gain 0?

David B., [18.10.20 02:43]
Better run bitcoin core 0.1

Spoice, [18.10.20 02:43]
Nope, you're talking technical freezing of development, that's not what I am addressing

Jingles, [18.10.20 02:43]
[In reply to David B.]
Thats the BTC chain though

Phlip - Not giving away coins, [18.10.20 02:43]
[In reply to Spoice]
O please share with us your background in the subject. Or are you now just parroting others

Spoice, [18.10.20 02:44]
BSV wants to freeze the technical development and they want a stable protocol from an API/development perspective

Spoice, [18.10.20 02:44]
but from an incentive ruleset perspective, they already butchered the equilibrium Bitcoin had

Jc Crown [ I DON'T DM PEOPLE - DON'T GIVE ME MONEY! ], [18.10.20 02:44]
[In reply to Phlip - Not giving away coins]
That's one of those phrases, when you hear it you know they are just a parrot of someones propaganda. "MUH NASH EQUILIBRIUM!"

David B., [18.10.20 02:44]
Stable = bad?

Jingles, [18.10.20 02:45]
[In reply to Jc Crown [ I DON'T DM PEOPLE - DON'T GIVE ME MONEY! ]]
I love you

Spoice, [18.10.20 02:45]
Philip, for an admin you are ought to be nicer, if you think I am parroting others you're free to think that, but to state it so bluntly in your position is just... wrong

Spoice, [18.10.20 02:46]
If you think the point I made is wrong, discuss it

Phlip - Not giving away coins, [18.10.20 02:46]
[In reply to Jingles]
Maybe talk to him in DM about that?😉

Spoice, [18.10.20 02:46]
not me

Jingles, [18.10.20 02:46]
[In reply to Phlip - Not giving away coins]
working on it.

Phlip - Not giving away coins, [18.10.20 02:46]
[In reply to Spoice]
I ought to be nicer...😂😂😂

Spoice, [18.10.20 02:47]
Also, anyone who studied Bitcoin at length and its set of incentives and game-theory ruleset should know what a Nash Equilibrium is and who the players are in the Bitcoin game

Phlip - Not giving away coins, [18.10.20 02:47]
[In reply to Spoice]
You state as fact. You get to dhow why your statements or opinions are even relevant.

Spoice, [18.10.20 02:48]
If it's not a fact, highlight how

Spoice, [18.10.20 02:48]
don't attack me

Spoice, [18.10.20 02:48]
prove me wrong

Spoice, [18.10.20 02:48]
if you fail that simple debate test

David B., [18.10.20 02:48]
How's that breakfast helping?

Spoice, [18.10.20 02:48]
you should rename from Janitor to Tyrant

Jingles, [18.10.20 02:48]
I'm still waiting to see the defined rules as per the wp

Michael Nunzio, [18.10.20 02:49]
[In reply to Spoice]
Didn't know this was stand up comedy night in here.

Michael Nunzio, [18.10.20 02:49]
I missed the memo

Phlip - Not giving away coins, [18.10.20 02:49]
If I have to prove all idiots on the internet wrong I would have a hard time. You are starting to really waste everybody’s time. You state, you prove. Or you are just generating noise

Phlip - Not giving away coins, [18.10.20 02:50]
[In reply to Spoice]
Be careful now.

Michael Nunzio, [18.10.20 02:50]
Noisy bugger.

Phlip - Not giving away coins, [18.10.20 02:52]
Getting close to just do some cleaning up.

Spoice, [18.10.20 02:52]
If you can't debate technical points I am making about Bitcoin Cash on a Bitcoin Cash Telegram, and within the span of 10 minutes you called me stupid, idiot, noisy and a parrot, you absolutely are a tyrant and I stand by my point: You should not be an admin here, nor anywhere actually. If you think I should be careful for the fear of you banning me, go ahead. You still fail to debate the simplest technical point and yet claim you can "but can't be bothered to". You remind me of that Thermos guy.

Spoice, [18.10.20 02:53]
How do people with 0 technical know how end up in these admin positions is beyond me

Jingles, [18.10.20 02:53]
I challenged your comments and you just changed the goal posts.

Phlip - Not giving away coins, [18.10.20 02:53]
[In reply to Spoice]
Ok. You are not paying me and you are free to create noise elsewhere
submitted by wisequote to btc [link] [comments]

Technical: Taproot: Why Activate?

This is a follow-up on https://old.reddit.com/Bitcoin/comments/hqzp14/technical_the_path_to_taproot_activation/
Taproot! Everybody wants it!! But... you might ask yourself: sure, everybody else wants it, but why would I, sovereign Bitcoin HODLer, want it? Surely I can be better than everybody else because I swapped XXX fiat for Bitcoin unlike all those nocoiners?
And it is important for you to know the reasons why you, o sovereign Bitcoiner, would want Taproot activated. After all, your nodes (or the nodes your wallets use, which if you are SPV, you hopefully can pester to your wallet vendoimplementor about) need to be upgraded in order for Taproot activation to actually succeed instead of becoming a hot sticky mess.
First, let's consider some principles of Bitcoin.
I'm sure most of us here would agree that the above are very important principles of Bitcoin and that these are principles we would not be willing to remove. If anything, we would want those principles strengthened (especially the last one, financial privacy, which current Bitcoin is only sporadically strong with: you can get privacy, it just requires effort to do so).
So, how does Taproot affect those principles?

Taproot and Your /Coins

Most HODLers probably HODL their coins in singlesig addresses. Sadly, switching to Taproot would do very little for you (it gives a mild discount at spend time, at the cost of a mild increase in fee at receive time (paid by whoever sends to you, so if it's a self-send from a P2PKH or bech32 address, you pay for this); mostly a wash).
(technical details: a Taproot output is 1 version byte + 32 byte public key, while a P2WPKH (bech32 singlesig) output is 1 version byte + 20 byte public key hash, so the Taproot output spends 12 bytes more; spending from a P2WPKH requires revealing a 32-byte public key later, which is not needed with Taproot, and Taproot signatures are about 9 bytes smaller than P2WPKH signatures, but the 32 bytes plus 9 bytes is divided by 4 because of the witness discount, so it saves about 11 bytes; mostly a wash, it increases blockweight by about 1 virtual byte, 4 weight for each Taproot-output-input, compared to P2WPKH-output-input).
However, as your HODLings grow in value, you might start wondering if multisignature k-of-n setups might be better for the security of your savings. And it is in multisignature that Taproot starts to give benefits!
Taproot switches to using Schnorr signing scheme. Schnorr makes key aggregation -- constructing a single public key from multiple public keys -- almost as trivial as adding numbers together. "Almost" because it involves some fairly advanced math instead of simple boring number adding, but hey when was the last time you added up your grocery list prices by hand huh?
With current P2SH and P2WSH multisignature schemes, if you have a 2-of-3 setup, then to spend, you need to provide two different signatures from two different public keys. With Taproot, you can create, using special moon math, a single public key that represents your 2-of-3 setup. Then you just put two of your devices together, have them communicate to each other (this can be done airgapped, in theory, by sending QR codes: the software to do this is not even being built yet, but that's because Taproot hasn't activated yet!), and they will make a single signature to authorize any spend from your 2-of-3 address. That's 73 witness bytes -- 18.25 virtual bytes -- of signatures you save!
And if you decide that your current setup with 1-of-1 P2PKH / P2WPKH addresses is just fine as-is: well, that's the whole point of a softfork: backwards-compatibility; you can receive from Taproot users just fine, and once your wallet is updated for Taproot-sending support, you can send to Taproot users just fine as well!
(P2WPKH and P2WSH -- SegWit v0 -- addresses start with bc1q; Taproot -- SegWit v1 --- addresses start with bc1p, in case you wanted to know the difference; in bech32 q is 0, p is 1)
Now how about HODLers who keep all, or some, of their coins on custodial services? Well, any custodial service worth its salt would be doing at least 2-of-3, or probably something even bigger, like 11-of-15. So your custodial service, if it switched to using Taproot internally, could save a lot more (imagine an 11-of-15 getting reduced from 11 signatures to just 1!), which --- we can only hope! --- should translate to lower fees and better customer service from your custodial service!
So I think we can say, very accurately, that the Bitcoin principle --- that YOU are in control of your money --- can only be helped by Taproot (if you are doing multisignature), and, because P2PKH and P2WPKH remain validly-usable addresses in a Taproot future, will not be harmed by Taproot. Its benefit to this principle might be small (it mostly only benefits multisignature users) but since it has no drawbacks with this (i.e. singlesig users can continue to use P2WPKH and P2PKH still) this is still a nice, tidy win!
(even singlesig users get a minor benefit, in that multisig users will now reduce their blockchain space footprint, so that fees can be kept low for everybody; so for example even if you have your single set of private keys engraved on titanium plates sealed in an airtight box stored in a safe buried in a desert protected by angry nomads riding giant sandworms because you're the frickin' Kwisatz Haderach, you still gain some benefit from Taproot)
And here's the important part: if P2PKH/P2WPKH is working perfectly fine with you and you decide to never use Taproot yourself, Taproot will not affect you detrimentally. First do no harm!

Taproot and Your Contracts

No one is an island, no one lives alone. Give and you shall receive. You know: by trading with other people, you can gain expertise in some obscure little necessity of the world (and greatly increase your productivity in that little field), and then trade the products of your expertise for necessities other people have created, all of you thereby gaining gains from trade.
So, contracts, which are basically enforceable agreements that facilitate trading with people who you do not personally know and therefore might not trust.
Let's start with a simple example. You want to buy some gewgaws from somebody. But you don't know them personally. The seller wants the money, you want their gewgaws, but because of the lack of trust (you don't know them!! what if they're scammers??) neither of you can benefit from gains from trade.
However, suppose both of you know of some entity that both of you trust. That entity can act as a trusted escrow. The entity provides you security: this enables the trade, allowing both of you to get gains from trade.
In Bitcoin-land, this can be implemented as a 2-of-3 multisignature. The three signatories in the multisgnature would be you, the gewgaw seller, and the escrow. You put the payment for the gewgaws into this 2-of-3 multisignature address.
Now, suppose it turns out neither of you are scammers (whaaaat!). You receive the gewgaws just fine and you're willing to pay up for them. Then you and the gewgaw seller just sign a transaction --- you and the gewgaw seller are 2, sufficient to trigger the 2-of-3 --- that spends from the 2-of-3 address to a singlesig the gewgaw seller wants (or whatever address the gewgaw seller wants).
But suppose some problem arises. The seller gave you gawgews instead of gewgaws. Or you decided to keep the gewgaws but not sign the transaction to release the funds to the seller. In either case, the escrow is notified, and if it can sign with you to refund the funds back to you (if the seller was a scammer) or it can sign with the seller to forward the funds to the seller (if you were a scammer).
Taproot helps with this: like mentioned above, it allows multisignature setups to produce only one signature, reducing blockchain space usage, and thus making contracts --- which require multiple people, by definition, you don't make contracts with yourself --- is made cheaper (which we hope enables more of these setups to happen for more gains from trade for everyone, also, moon and lambos).
(technology-wise, it's easier to make an n-of-n than a k-of-n, making a k-of-n would require a complex setup involving a long ritual with many communication rounds between the n participants, but an n-of-n can be done trivially with some moon math. You can, however, make what is effectively a 2-of-3 by using a three-branch SCRIPT: either 2-of-2 of you and seller, OR 2-of-2 of you and escrow, OR 2-of-2 of escrow and seller. Fortunately, Taproot adds a facility to embed a SCRIPT inside a public key, so you can have a 2-of-2 Taprooted address (between you and seller) with a SCRIPT branch that can instead be spent with 2-of-2 (you + escrow) OR 2-of-2 (seller + escrow), which implements the three-branched SCRIPT above. If neither of you are scammers (hopefully the common case) then you both sign using your keys and never have to contact the escrow, since you are just using the escrow public key without coordinating with them (because n-of-n is trivial but k-of-n requires setup with communication rounds), so in the "best case" where both of you are honest traders, you also get a privacy boost, in that the escrow never learns you have been trading on gewgaws, I mean ewww, gawgews are much better than gewgaws and therefore I now judge you for being a gewgaw enthusiast, you filthy gewgawer).

Taproot and Your Contracts, Part 2: Cryptographic Boogaloo

Now suppose you want to buy some data instead of things. For example, maybe you have some closed-source software in trial mode installed, and want to pay the developer for the full version. You want to pay for an activation code.
This can be done, today, by using an HTLC. The developer tells you the hash of the activation code. You pay to an HTLC, paying out to the developer if it reveals the preimage (the activation code), or refunding the money back to you after a pre-agreed timeout. If the developer claims the funds, it has to reveal the preimage, which is the activation code, and you can now activate your software. If the developer does not claim the funds by the timeout, you get refunded.
And you can do that, with HTLCs, today.
Of course, HTLCs do have problems:
Fortunately, with Schnorr (which is enabled by Taproot), we can now use the Scriptless Script constuction by Andrew Poelstra. This Scriptless Script allows a new construction, the PTLC or Pointlocked Timelocked Contract. Instead of hashes and preimages, just replace "hash" with "point" and "preimage" with "scalar".
Or as you might know them: "point" is really "public key" and "scalar" is really a "private key". What a PTLC does is that, given a particular public key, the pointlocked branch can be spent only if the spender reveals the private key of the given public key to you.
Another nice thing with PTLCs is that they are deniable. What appears onchain is just a single 2-of-2 signature between you and the developemanufacturer. It's like a magic trick. This signature has no special watermarks, it's a perfectly normal signature (the pledge). However, from this signature, plus some datta given to you by the developemanufacturer (known as the adaptor signature) you can derive the private key of a particular public key you both agree on (the turn). Anyone scraping the blockchain will just see signatures that look just like every other signature, and as long as nobody manages to hack you and get a copy of the adaptor signature or the private key, they cannot get the private key behind the public key (point) that the pointlocked branch needs (the prestige).
(Just to be clear, the public key you are getting the private key from, is distinct from the public key that the developemanufacturer will use for its funds. The activation key is different from the developer's onchain Bitcoin key, and it is the activation key whose private key you will be learning, not the developer's/manufacturer's onchain Bitcoin key).
So:
Taproot lets PTLCs exist onchain because they enable Schnorr, which is a requirement of PTLCs / Scriptless Script.
(technology-wise, take note that Scriptless Script works only for the "pointlocked" branch of the contract; you need normal Script, or a pre-signed nLockTimed transaction, for the "timelocked" branch. Since Taproot can embed a script, you can have the Taproot pubkey be a 2-of-2 to implement the Scriptless Script "pointlocked" branch, then have a hidden script that lets you recover the funds with an OP_CHECKLOCKTIMEVERIFY after the timeout if the seller does not claim the funds.)

Quantum Quibbles!

Now if you were really paying attention, you might have noticed this parenthetical:
(technical details: a Taproot output is 1 version byte + 32 byte public key, while a P2WPKH (bech32 singlesig) output is 1 version byte + 20 byte public key hash...)
So wait, Taproot uses raw 32-byte public keys, and not public key hashes? Isn't that more quantum-vulnerable??
Well, in theory yes. In practice, they probably are not.
It's not that hashes can be broken by quantum computes --- they're still not. Instead, you have to look at how you spend from a P2WPKH/P2PKH pay-to-public-key-hash.
When you spend from a P2PKH / P2WPKH, you have to reveal the public key. Then Bitcoin hashes it and checks if this matches with the public-key-hash, and only then actually validates the signature for that public key.
So an unconfirmed transaction, floating in the mempools of nodes globally, will show, in plain sight for everyone to see, your public key.
(public keys should be public, that's why they're called public keys, LOL)
And if quantum computers are fast enough to be of concern, then they are probably fast enough that, in the several minutes to several hours from broadcast to confirmation, they have already cracked the public key that is openly broadcast with your transaction. The owner of the quantum computer can now replace your unconfirmed transaction with one that pays the funds to itself. Even if you did not opt-in RBF, miners are still incentivized to support RBF on RBF-disabled transactions.
So the extra hash is not as significant a protection against quantum computers as you might think. Instead, the extra hash-and-compare needed is just extra validation effort.
Further, if you have ever, in the past, spent from the address, then there exists already a transaction indelibly stored on the blockchain, openly displaying the public key from which quantum computers can derive the private key. So those are still vulnerable to quantum computers.
For the most part, the cryptographers behind Taproot (and Bitcoin Core) are of the opinion that quantum computers capable of cracking Bitcoin pubkeys are unlikely to appear within a decade or two.
So:
For now, the homomorphic and linear properties of elliptic curve cryptography provide a lot of benefits --- particularly the linearity property is what enables Scriptless Script and simple multisignature (i.e. multisignatures that are just 1 signature onchain). So it might be a good idea to take advantage of them now while we are still fairly safe against quantum computers. It seems likely that quantum-safe signature schemes are nonlinear (thus losing these advantages).

Summary

I Wanna Be The Taprooter!

So, do you want to help activate Taproot? Here's what you, mister sovereign Bitcoin HODLer, can do!

But I Hate Taproot!!

That's fine!

Discussions About Taproot Activation

submitted by almkglor to Bitcoin [link] [comments]

[ Bitcoin ] Technical: Taproot: Why Activate?

Topic originally posted in Bitcoin by almkglor [link]
This is a follow-up on https://old.reddit.com/Bitcoin/comments/hqzp14/technical_the_path_to_taproot_activation/
Taproot! Everybody wants it!! But... you might ask yourself: sure, everybody else wants it, but why would I, sovereign Bitcoin HODLer, want it? Surely I can be better than everybody else because I swapped XXX fiat for Bitcoin unlike all those nocoiners?
And it is important for you to know the reasons why you, o sovereign Bitcoiner, would want Taproot activated. After all, your nodes (or the nodes your wallets use, which if you are SPV, you hopefully can pester to your wallet vendoimplementor about) need to be upgraded in order for Taproot activation to actually succeed instead of becoming a hot sticky mess.
First, let's consider some principles of Bitcoin.
I'm sure most of us here would agree that the above are very important principles of Bitcoin and that these are principles we would not be willing to remove. If anything, we would want those principles strengthened (especially the last one, financial privacy, which current Bitcoin is only sporadically strong with: you can get privacy, it just requires effort to do so).
So, how does Taproot affect those principles?

Taproot and Your /Coins

Most HODLers probably HODL their coins in singlesig addresses. Sadly, switching to Taproot would do very little for you (it gives a mild discount at spend time, at the cost of a mild increase in fee at receive time (paid by whoever sends to you, so if it's a self-send from a P2PKH or bech32 address, you pay for this); mostly a wash).
(technical details: a Taproot output is 1 version byte + 32 byte public key, while a P2WPKH (bech32 singlesig) output is 1 version byte + 20 byte public key hash, so the Taproot output spends 12 bytes more; spending from a P2WPKH requires revealing a 32-byte public key later, which is not needed with Taproot, and Taproot signatures are about 9 bytes smaller than P2WPKH signatures, but the 32 bytes plus 9 bytes is divided by 4 because of the witness discount, so it saves about 11 bytes; mostly a wash, it increases blockweight by about 1 virtual byte, 4 weight for each Taproot-output-input, compared to P2WPKH-output-input).
However, as your HODLings grow in value, you might start wondering if multisignature k-of-n setups might be better for the security of your savings. And it is in multisignature that Taproot starts to give benefits!
Taproot switches to using Schnorr signing scheme. Schnorr makes key aggregation -- constructing a single public key from multiple public keys -- almost as trivial as adding numbers together. "Almost" because it involves some fairly advanced math instead of simple boring number adding, but hey when was the last time you added up your grocery list prices by hand huh?
With current P2SH and P2WSH multisignature schemes, if you have a 2-of-3 setup, then to spend, you need to provide two different signatures from two different public keys. With Taproot, you can create, using special moon math, a single public key that represents your 2-of-3 setup. Then you just put two of your devices together, have them communicate to each other (this can be done airgapped, in theory, by sending QR codes: the software to do this is not even being built yet, but that's because Taproot hasn't activated yet!), and they will make a single signature to authorize any spend from your 2-of-3 address. That's 73 witness bytes -- 18.25 virtual bytes -- of signatures you save!
And if you decide that your current setup with 1-of-1 P2PKH / P2WPKH addresses is just fine as-is: well, that's the whole point of a softfork: backwards-compatibility; you can receive from Taproot users just fine, and once your wallet is updated for Taproot-sending support, you can send to Taproot users just fine as well!
(P2WPKH and P2WSH -- SegWit v0 -- addresses start with bc1q; Taproot -- SegWit v1 --- addresses start with bc1p, in case you wanted to know the difference; in bech32 q is 0, p is 1)
Now how about HODLers who keep all, or some, of their coins on custodial services? Well, any custodial service worth its salt would be doing at least 2-of-3, or probably something even bigger, like 11-of-15. So your custodial service, if it switched to using Taproot internally, could save a lot more (imagine an 11-of-15 getting reduced from 11 signatures to just 1!), which --- we can only hope! --- should translate to lower fees and better customer service from your custodial service!
So I think we can say, very accurately, that the Bitcoin principle --- that YOU are in control of your money --- can only be helped by Taproot (if you are doing multisignature), and, because P2PKH and P2WPKH remain validly-usable addresses in a Taproot future, will not be harmed by Taproot. Its benefit to this principle might be small (it mostly only benefits multisignature users) but since it has no drawbacks with this (i.e. singlesig users can continue to use P2WPKH and P2PKH still) this is still a nice, tidy win!
(even singlesig users get a minor benefit, in that multisig users will now reduce their blockchain space footprint, so that fees can be kept low for everybody; so for example even if you have your single set of private keys engraved on titanium plates sealed in an airtight box stored in a safe buried in a desert protected by angry nomads riding giant sandworms because you're the frickin' Kwisatz Haderach, you still gain some benefit from Taproot)
And here's the important part: if P2PKH/P2WPKH is working perfectly fine with you and you decide to never use Taproot yourself, Taproot will not affect you detrimentally. First do no harm!

Taproot and Your Contracts

No one is an island, no one lives alone. Give and you shall receive. You know: by trading with other people, you can gain expertise in some obscure little necessity of the world (and greatly increase your productivity in that little field), and then trade the products of your expertise for necessities other people have created, all of you thereby gaining gains from trade.
So, contracts, which are basically enforceable agreements that facilitate trading with people who you do not personally know and therefore might not trust.
Let's start with a simple example. You want to buy some gewgaws from somebody. But you don't know them personally. The seller wants the money, you want their gewgaws, but because of the lack of trust (you don't know them!! what if they're scammers??) neither of you can benefit from gains from trade.
However, suppose both of you know of some entity that both of you trust. That entity can act as a trusted escrow. The entity provides you security: this enables the trade, allowing both of you to get gains from trade.
In Bitcoin-land, this can be implemented as a 2-of-3 multisignature. The three signatories in the multisgnature would be you, the gewgaw seller, and the escrow. You put the payment for the gewgaws into this 2-of-3 multisignature address.
Now, suppose it turns out neither of you are scammers (whaaaat!). You receive the gewgaws just fine and you're willing to pay up for them. Then you and the gewgaw seller just sign a transaction --- you and the gewgaw seller are 2, sufficient to trigger the 2-of-3 --- that spends from the 2-of-3 address to a singlesig the gewgaw seller wants (or whatever address the gewgaw seller wants).
But suppose some problem arises. The seller gave you gawgews instead of gewgaws. Or you decided to keep the gewgaws but not sign the transaction to release the funds to the seller. In either case, the escrow is notified, and if it can sign with you to refund the funds back to you (if the seller was a scammer) or it can sign with the seller to forward the funds to the seller (if you were a scammer).
Taproot helps with this: like mentioned above, it allows multisignature setups to produce only one signature, reducing blockchain space usage, and thus making contracts --- which require multiple people, by definition, you don't make contracts with yourself --- is made cheaper (which we hope enables more of these setups to happen for more gains from trade for everyone, also, moon and lambos).
(technology-wise, it's easier to make an n-of-n than a k-of-n, making a k-of-n would require a complex setup involving a long ritual with many communication rounds between the n participants, but an n-of-n can be done trivially with some moon math. You can, however, make what is effectively a 2-of-3 by using a three-branch SCRIPT: either 2-of-2 of you and seller, OR 2-of-2 of you and escrow, OR 2-of-2 of escrow and seller. Fortunately, Taproot adds a facility to embed a SCRIPT inside a public key, so you can have a 2-of-2 Taprooted address (between you and seller) with a SCRIPT branch that can instead be spent with 2-of-2 (you + escrow) OR 2-of-2 (seller + escrow), which implements the three-branched SCRIPT above. If neither of you are scammers (hopefully the common case) then you both sign using your keys and never have to contact the escrow, since you are just using the escrow public key without coordinating with them (because n-of-n is trivial but k-of-n requires setup with communication rounds), so in the "best case" where both of you are honest traders, you also get a privacy boost, in that the escrow never learns you have been trading on gewgaws, I mean ewww, gawgews are much better than gewgaws and therefore I now judge you for being a gewgaw enthusiast, you filthy gewgawer).

Taproot and Your Contracts, Part 2: Cryptographic Boogaloo

Now suppose you want to buy some data instead of things. For example, maybe you have some closed-source software in trial mode installed, and want to pay the developer for the full version. You want to pay for an activation code.
This can be done, today, by using an HTLC. The developer tells you the hash of the activation code. You pay to an HTLC, paying out to the developer if it reveals the preimage (the activation code), or refunding the money back to you after a pre-agreed timeout. If the developer claims the funds, it has to reveal the preimage, which is the activation code, and you can now activate your software. If the developer does not claim the funds by the timeout, you get refunded.
And you can do that, with HTLCs, today.
Of course, HTLCs do have problems:
Fortunately, with Schnorr (which is enabled by Taproot), we can now use the Scriptless Script constuction by Andrew Poelstra. This Scriptless Script allows a new construction, the PTLC or Pointlocked Timelocked Contract. Instead of hashes and preimages, just replace "hash" with "point" and "preimage" with "scalar".
Or as you might know them: "point" is really "public key" and "scalar" is really a "private key". What a PTLC does is that, given a particular public key, the pointlocked branch can be spent only if the spender reveals the private key of the given private key to you.
Another nice thing with PTLCs is that they are deniable. What appears onchain is just a single 2-of-2 signature between you and the developemanufacturer. It's like a magic trick. This signature has no special watermarks, it's a perfectly normal signature (the pledge). However, from this signature, plus some datta given to you by the developemanufacturer (known as the adaptor signature) you can derive the private key of a particular public key you both agree on (the turn). Anyone scraping the blockchain will just see signatures that look just like every other signature, and as long as nobody manages to hack you and get a copy of the adaptor signature or the private key, they cannot get the private key behind the public key (point) that the pointlocked branch needs (the prestige).
(Just to be clear, the public key you are getting the private key from, is distinct from the public key that the developemanufacturer will use for its funds. The activation key is different from the developer's onchain Bitcoin key, and it is the activation key whose private key you will be learning, not the developer's/manufacturer's onchain Bitcoin key).
So:
Taproot lets PTLCs exist onchain because they enable Schnorr, which is a requirement of PTLCs / Scriptless Script.
(technology-wise, take note that Scriptless Script works only for the "pointlocked" branch of the contract; you need normal Script, or a pre-signed nLockTimed transaction, for the "timelocked" branch. Since Taproot can embed a script, you can have the Taproot pubkey be a 2-of-2 to implement the Scriptless Script "pointlocked" branch, then have a hidden script that lets you recover the funds with an OP_CHECKLOCKTIMEVERIFY after the timeout if the seller does not claim the funds.)

Quantum Quibbles!

Now if you were really paying attention, you might have noticed this parenthetical:
(technical details: a Taproot output is 1 version byte + 32 byte public key, while a P2WPKH (bech32 singlesig) output is 1 version byte + 20 byte public key hash...)
So wait, Taproot uses raw 32-byte public keys, and not public key hashes? Isn't that more quantum-vulnerable??
Well, in theory yes. In practice, they probably are not.
It's not that hashes can be broken by quantum computes --- they're still not. Instead, you have to look at how you spend from a P2WPKH/P2PKH pay-to-public-key-hash.
When you spend from a P2PKH / P2WPKH, you have to reveal the public key. Then Bitcoin hashes it and checks if this matches with the public-key-hash, and only then actually validates the signature for that public key.
So an unconfirmed transaction, floating in the mempools of nodes globally, will show, in plain sight for everyone to see, your public key.
(public keys should be public, that's why they're called public keys, LOL)
And if quantum computers are fast enough to be of concern, then they are probably fast enough that, in the several minutes to several hours from broadcast to confirmation, they have already cracked the public key that is openly broadcast with your transaction. The owner of the quantum computer can now replace your unconfirmed transaction with one that pays the funds to itself. Even if you did not opt-in RBF, miners are still incentivized to support RBF on RBF-disabled transactions.
So the extra hash is not as significant a protection against quantum computers as you might think. Instead, the extra hash-and-compare needed is just extra validation effort.
Further, if you have ever, in the past, spent from the address, then there exists already a transaction indelibly stored on the blockchain, openly displaying the public key from which quantum computers can derive the private key. So those are still vulnerable to quantum computers.
For the most part, the cryptographers behind Taproot (and Bitcoin Core) are of the opinion that quantum computers capable of cracking Bitcoin pubkeys are unlikely to appear within a decade or two.
So:
For now, the homomorphic and linear properties of elliptic curve cryptography provide a lot of benefits --- particularly the linearity property is what enables Scriptless Script and simple multisignature (i.e. multisignatures that are just 1 signature onchain). So it might be a good idea to take advantage of them now while we are still fairly safe against quantum computers. It seems likely that quantum-safe signature schemes are nonlinear (thus losing these advantages).

Summary

I Wanna Be The Taprooter!

So, do you want to help activate Taproot? Here's what you, mister sovereign Bitcoin HODLer, can do!

But I Hate Taproot!!

That's fine!

Discussions About Taproot Activation

almkglor your post has been copied because one or more comments in this topic have been removed. This copy will preserve unmoderated topic. If you would like to opt-out, please send a message using [this link].
[deleted comment]
[deleted comment]
[deleted comment]
submitted by anticensor_bot to u/anticensor_bot [link] [comments]

Introduction to Bitterfly: Butterfly Matrix Entropy Weight Consensus Algorithm

When Bitcoin launched 11 years ago, Satoshi Nakamoto had the vision of giving people power over their money. His vision lives on through BTC. However, the Bitcoin network has a few flaws. One of those flaws is the Proof of Work mechanism. Mining Bitcoin requires a huge amount of resources that are out of reach for most ordinary people. The result is that the BTC network is increasingly being placed in centralized control.The Bitterfly project hopes to change that using a revolutionary consensus mechanism called the Buttery that will be used on the Bitterfly blockchain.
About Bitterfly
Bitterfly wants to continue the vision that Nakamoto had for Bitcoin. The goal is to give power back to the people and place them in control of their finances. To do this, the Bitterfly team is working on three main areas that require improvement:
· The consensus mechanism
· The blockchain performance
· Community Governance
The Consensus Mechanism
To improve the consensus mechanism, the team behind Bitterfly has created the Butterfly algorithm that they will add to the PoW mechanism. Not only can it ensures that the hash rate is obtained fairly, it ensures that the hash rate of the whole network is enhanced via the butterfly effect.
Performance
In terms of performance, the Bitterfly blockchain has been upgraded to have a confirmed commercial speed of 5000TPS. Bitterfly is designed as a Blockchain As a Service open-source platform, which can be used in different applications.
Bitterfly will support different types of computing services that include cloud servers. As a result, it will utilize idle server resources to boost the hash rate support for the network.
Community Governance
When it comes to community Governance, Bitterfly plans to introduce a node competition mechanism that will release 210 nodes over time to enhance the butterfly effect. First, they will introduce the nodes via the Butterfly matrix network. Later, they will do so via a fair elimination process. The goal is to ensure that the nodes contribute to the success of Bitterfly.
The Encryption Algorithm
Encryption and decryption of data are at the core of the operation of any blockchain. It helps to guarantee the security of the whole blockchain. Only a corresponding private key can unlock data encrypted using a public key.
In most blockchains, the Hash Function and the Asymmetric Key Encryption Algorithm are used to encrypt and decrypt data. For the Hush Function, the main algorithms used are SHA and MD5.Bitterfly uses the SHA256 algorithm for encryption and RSA, DSA, and Elliptic curve algorithms for decryption. For the verification phase, Bitterfly developed the DFLYSChnorr, which is based on the SCHNOOR algorithm.
Consensus Algorithm
The consensus mechanism is used in the blockchain to ensure that each transaction is accurate. Bitterfly plans to operate within the enterprise space, which requires comprehensive and heterogeneous systems that are integrated with various communication protocols.
To deal with the challenges that might arise, Bitterfly developed a two-layer consensus algorithm for the PoW mechanism called the PBFT algorithm. Here is how the Bitterfly algorithm works:
· The network Structure
Bitterfly is designed as an internet payment and application protocol that is based on embracing the digital economy. It can facilitate value storage as well as the decentralized exchange of digital assets, payments, as well as clearing functions. Within Bitterfly, everyone can participate in productively. It will place a huge demand on Bitterfly. The network will offer performance guarantees as well as smart contracts.
· Bitterfly Consensus Algorithm
To meet the goal of decentralization and security, Bittefly wants to become a global computer instead of a P2P information system. Besides satisfying the decentralization and security needs of its users via PoW, the system will also need to perform at a high level.
As a result, the team opted to support smart contracts in commercial applications. To deal with the issue of energy consumption, the team came up with the Butterfly algorithm. The algorithm allows the use of PoW as well as other cross-chain methods such as the Layer 2 protocol. Confirmation of transactions is done via verification nodes.
Each node is preconfigured with a list of trusted nodes known as the Consensus Achievement List (CAL). The node list can be used to confirm transactions. Once a transaction is confirmed with the local ledger, it is integrated into the transaction candidate set while all illegal ones are discarded.
To improve the security of the network, the verification confirmation was raised to 60% unlike in other networks where it is 50% +1. A transaction is officially confirmed once it is confirmed by 80% of the CAL nodes. The process is known as the Last Closed Ledger, which represents the latest changes to the ledger.
Within Bitterfly, the identities of those taking part in the confirmation of transactions are known beforehand. AS a result, transactions are faster and the blockchain is more efficient.
Butterfly Matrix Entropy Weight Algorithm
Entropy is used to measure the level of uncertainty in the system. Bitterfly built a way to establish consensus using multiple factors. In the network, each data set has a corresponding weight.
Summary
For the past 11 years, Bitcoin has enjoyed tremendous success. The launch of Bitcoin ushered in a new era for humanity. For the first time in history, decentralized money that is outside the control of governments and other central entities is possible.
The new type of money gives people the power to control their finances and avoid the harsh effects of inflation caused by the wanton printing of government currency. When a new economic downturn hit the global economy, Bitcoin failed the litmus test. While Bitcoin should have helped to save people’s finances as the money printing began, it seemed to have followed the same trend as the sinking global economy.
It revealed that BTC still had numerous weaknesses that need to be corrected. Bitterfly wants to build on what Bitcoin has accomplished and do more with it. The team behind this project is quite optimistic. They believe that they can achieve what Bitcoin has achieved in the past 11 years. Besides that, they believe they can achieve where Bitcoin has failed in those past 11 years.
Social Media Links
TWITTER: https://twitter.com/BitterflyD
MEDIUM: https://medium.com/@BitterflyD
YOUTUBE: https://www.youtube.com/channel/UCxSNCzuQsNj-oCgepxzoXQg
TELEGRAM: https://t.me/Bitterfly_Disciples
submitted by Bitterfly_Disciples to u/Bitterfly_Disciples [link] [comments]

Groestlcoin 6th Anniversary Release

Introduction

Dear Groestlers, it goes without saying that 2020 has been a difficult time for millions of people worldwide. The groestlcoin team would like to take this opportunity to wish everyone our best to everyone coping with the direct and indirect effects of COVID-19. Let it bring out the best in us all and show that collectively, we can conquer anything.
The centralised banks and our national governments are facing unprecedented times with interest rates worldwide dropping to record lows in places. Rest assured that this can only strengthen the fundamentals of all decentralised cryptocurrencies and the vision that was seeded with Satoshi's Bitcoin whitepaper over 10 years ago. Despite everything that has been thrown at us this year, the show must go on and the team will still progress and advance to continue the momentum that we have developed over the past 6 years.
In addition to this, we'd like to remind you all that this is Groestlcoin's 6th Birthday release! In terms of price there have been some crazy highs and lows over the years (with highs of around $2.60 and lows of $0.000077!), but in terms of value– Groestlcoin just keeps getting more valuable! In these uncertain times, one thing remains clear – Groestlcoin will keep going and keep innovating regardless. On with what has been worked on and completed over the past few months.

UPDATED - Groestlcoin Core 2.18.2

This is a major release of Groestlcoin Core with many protocol level improvements and code optimizations, featuring the technical equivalent of Bitcoin v0.18.2 but with Groestlcoin-specific patches. On a general level, most of what is new is a new 'Groestlcoin-wallet' tool which is now distributed alongside Groestlcoin Core's other executables.
NOTE: The 'Account' API has been removed from this version which was typically used in some tip bots. Please ensure you check the release notes from 2.17.2 for details on replacing this functionality.

How to Upgrade?

Windows
If you are running an older version, shut it down. Wait until it has completely shut down (which might take a few minutes for older versions), then run the installer.
OSX
If you are running an older version, shut it down. Wait until it has completely shut down (which might take a few minutes for older versions), run the dmg and drag Groestlcoin Core to Applications.
Ubuntu
http://groestlcoin.org/forum/index.php?topic=441.0

Other Linux

http://groestlcoin.org/forum/index.php?topic=97.0

Download

Download the Windows Installer (64 bit) here
Download the Windows Installer (32 bit) here
Download the Windows binaries (64 bit) here
Download the Windows binaries (32 bit) here
Download the OSX Installer here
Download the OSX binaries here
Download the Linux binaries (64 bit) here
Download the Linux binaries (32 bit) here
Download the ARM Linux binaries (64 bit) here
Download the ARM Linux binaries (32 bit) here

Source

ALL NEW - Groestlcoin Moonshine iOS/Android Wallet

Built with React Native, Moonshine utilizes Electrum-GRS's JSON-RPC methods to interact with the Groestlcoin network.
GRS Moonshine's intended use is as a hot wallet. Meaning, your keys are only as safe as the device you install this wallet on. As with any hot wallet, please ensure that you keep only a small, responsible amount of Groestlcoin on it at any given time.

Features

Download

iOS
Android

Source

ALL NEW! – HODL GRS Android Wallet

HODL GRS connects directly to the Groestlcoin network using SPV mode and doesn't rely on servers that can be hacked or disabled.
HODL GRS utilizes AES hardware encryption, app sandboxing, and the latest security features to protect users from malware, browser security holes, and even physical theft. Private keys are stored only in the secure enclave of the user's phone, inaccessible to anyone other than the user.
Simplicity and ease-of-use is the core design principle of HODL GRS. A simple recovery phrase (which we call a Backup Recovery Key) is all that is needed to restore the user's wallet if they ever lose or replace their device. HODL GRS is deterministic, which means the user's balance and transaction history can be recovered just from the backup recovery key.

Features

Download

Main Release (Main Net)
Testnet Release

Source

ALL NEW! – GroestlcoinSeed Savior

Groestlcoin Seed Savior is a tool for recovering BIP39 seed phrases.
This tool is meant to help users with recovering a slightly incorrect Groestlcoin mnemonic phrase (AKA backup or seed). You can enter an existing BIP39 mnemonic and get derived addresses in various formats.
To find out if one of the suggested addresses is the right one, you can click on the suggested address to check the address' transaction history on a block explorer.

Features

Live Version (Not Recommended)

https://www.groestlcoin.org/recovery/

Download

https://github.com/Groestlcoin/mnemonic-recovery/archive/master.zip

Source

ALL NEW! – Vanity Search Vanity Address Generator

NOTE: NVidia GPU or any CPU only. AMD graphics cards will not work with this address generator.
VanitySearch is a command-line Segwit-capable vanity Groestlcoin address generator. Add unique flair when you tell people to send Groestlcoin. Alternatively, VanitySearch can be used to generate random addresses offline.
If you're tired of the random, cryptic addresses generated by regular groestlcoin clients, then VanitySearch is the right choice for you to create a more personalized address.
VanitySearch is a groestlcoin address prefix finder. If you want to generate safe private keys, use the -s option to enter your passphrase which will be used for generating a base key as for BIP38 standard (VanitySearch.exe -s "My PassPhrase" FXPref). You can also use VanitySearch.exe -ps "My PassPhrase" which will add a crypto secure seed to your passphrase.
VanitySearch may not compute a good grid size for your GPU, so try different values using -g option in order to get the best performances. If you want to use GPUs and CPUs together, you may have best performances by keeping one CPU core for handling GPU(s)/CPU exchanges (use -t option to set the number of CPU threads).

Features

Usage

https://github.com/Groestlcoin/VanitySearch#usage

Download

Source

ALL NEW! – Groestlcoin EasyVanity 2020

Groestlcoin EasyVanity 2020 is a windows app built from the ground-up and makes it easier than ever before to create your very own bespoke bech32 address(es) when whilst not connected to the internet.
If you're tired of the random, cryptic bech32 addresses generated by regular Groestlcoin clients, then Groestlcoin EasyVanity2020 is the right choice for you to create a more personalised bech32 address. This 2020 version uses the new VanitySearch to generate not only legacy addresses (F prefix) but also Bech32 addresses (grs1 prefix).

Features

Download

Source

Remastered! – Groestlcoin WPF Desktop Wallet (v2.19.0.18)

Groestlcoin WPF is an alternative full node client with optional lightweight 'thin-client' mode based on WPF. Windows Presentation Foundation (WPF) is one of Microsoft's latest approaches to a GUI framework, used with the .NET framework. Its main advantages over the original Groestlcoin client include support for exporting blockchain.dat and including a lite wallet mode.
This wallet was previously deprecated but has been brought back to life with modern standards.

Features

Remastered Improvements

Download

Source

ALL NEW! – BIP39 Key Tool

Groestlcoin BIP39 Key Tool is a GUI interface for generating Groestlcoin public and private keys. It is a standalone tool which can be used offline.

Features

Download

Windows
Linux :
 pip3 install -r requirements.txt python3 bip39\_gui.py 

Source

ALL NEW! – Electrum Personal Server

Groestlcoin Electrum Personal Server aims to make using Electrum Groestlcoin wallet more secure and more private. It makes it easy to connect your Electrum-GRS wallet to your own full node.
It is an implementation of the Electrum-grs server protocol which fulfils the specific need of using the Electrum-grs wallet backed by a full node, but without the heavyweight server backend, for a single user. It allows the user to benefit from all Groestlcoin Core's resource-saving features like pruning, blocks only and disabled txindex. All Electrum-GRS's feature-richness like hardware wallet integration, multi-signature wallets, offline signing, seed recovery phrases, coin control and so on can still be used, but connected only to the user's own full node.
Full node wallets are important in Groestlcoin because they are a big part of what makes the system be trust-less. No longer do people have to trust a financial institution like a bank or PayPal, they can run software on their own computers. If Groestlcoin is digital gold, then a full node wallet is your own personal goldsmith who checks for you that received payments are genuine.
Full node wallets are also important for privacy. Using Electrum-GRS under default configuration requires it to send (hashes of) all your Groestlcoin addresses to some server. That server can then easily spy on your transactions. Full node wallets like Groestlcoin Electrum Personal Server would download the entire blockchain and scan it for the user's own addresses, and therefore don't reveal to anyone else which Groestlcoin addresses they are interested in.
Groestlcoin Electrum Personal Server can also broadcast transactions through Tor which improves privacy by resisting traffic analysis for broadcasted transactions which can link the IP address of the user to the transaction. If enabled this would happen transparently whenever the user simply clicks "Send" on a transaction in Electrum-grs wallet.
Note: Currently Groestlcoin Electrum Personal Server can only accept one connection at a time.

Features

Download

Windows
Linux / OSX (Instructions)

Source

UPDATED – Android Wallet 7.38.1 - Main Net + Test Net

The app allows you to send and receive Groestlcoin on your device using QR codes and URI links.
When using this app, please back up your wallet and email them to yourself! This will save your wallet in a password protected file. Then your coins can be retrieved even if you lose your phone.

Changes

Download

Main Net
Main Net (FDroid)
Test Net

Source

UPDATED – Groestlcoin Sentinel 3.5.06 (Android)

Groestlcoin Sentinel is a great solution for anyone who wants the convenience and utility of a hot wallet for receiving payments directly into their cold storage (or hardware wallets).
Sentinel accepts XPUB's, YPUB'S, ZPUB's and individual Groestlcoin address. Once added you will be able to view balances, view transactions, and (in the case of XPUB's, YPUB's and ZPUB's) deterministically generate addresses for that wallet.
Groestlcoin Sentinel is a fork of Groestlcoin Samourai Wallet with all spending and transaction building code removed.

Changes

Download

Source

UPDATED – P2Pool Test Net

Changes

Download

Pre-Hosted Testnet P2Pool is available via http://testp2pool.groestlcoin.org:21330/static/

Source

submitted by Yokomoko_Saleen to groestlcoin [link] [comments]

AES Crypt security audit (1 serious issue found)

I just learned about privacytools.io this afternoon and started poking around at some of the software I hadn't heard of before. One in particular caught my eye: AES Crypt. It's listed as "Worth Mentioning" under "File Encryption". I found some minor issues and one major issue.
I only looked at the Linux version, written in C. However, most of the issues I highlight are relevant to all versions since it's part of the file format.
Update: So apparently the major issue has been known since 2012, but they've decided not to address it. Therefore Privacy Tools should not be recommending this software.
Update 2: AES Crypt was removed

The Bad News

Let's start with the most serious issue. An unauthenticated field in encrypted files is trusted, and this allows a man-in-the-middle to manipulate the plaintext without being detected. I wrote up a little example scenario in my bug report, along with proof of concept you can try for yourself:
GitHub issue #23: Unauthenticated header data is trusted, making the plaintext malleable
Instead of using a proper padding scheme, the size of the final block is stored in a last_block_size field in the file. Despite being placed between the encrypted message and the authentication tag, it's not authenticated. This is a huge no-no and must be fixed before it would be reasonable to recommend this tool to anyone for any use.
It's not a problem with the code, but the file format itself. Therefore all versions are affected, and the fix will require a new file format (version 3?).
It could be fixed by including the last_block_size field when authenticating, but it would be much better to drop this field and use a standard padding scheme like PKCS#5. As a really minor bonus, this would also hide the exact file length from snoops.

Weak key derivation

The encryption key is derived from the user-entered password by iterating SHA-256 8,192 times. It's not a showstopper, but this is very weak, and puts a lot more stress on choosing good passphrases. It is salted with the IV, which helps protect against some kinds of attacks.
This is part of the file format since the passphrase is usable between implementations, so all versions are affected.
Recommendation: Switch to a memory-hard KDF like Argon2 or scrypt. Less good option: allow the number of iterations to be configured, or just use more iterations. It's very easy to parallelize SHA-256, especially thanks to all those hardware implementations designed for mining Bitcoin.

More complicated than necessary

The passphrase is used to encrypt yet another key, which is used to encrypt the message. This offers no additional protection, and it's not used for anything. The only reason you might want something like this is so that you can encrypt the file with more than one passphrase, allowing it to be decrypted with any individual passphrase. But that's not a feature of AES Crypt.
Worse, it actually weakens the format since it makes brute force attacks on the passphrase faster. No need to check guesses against the entire ciphertext, just the fixed-length key!
This is part of the file format so all versions are affected.
Recommendation: Get rid of this. It's not a big deal, it's just pointless.

Some cargo culting

Entropy read from the operating system (/dev/urandom, etc.) isn't entirely trusted for some reason, so it's hashed along with the current time and PID. That's not sufficient to accomplish anything useful. It doesn't hurt, but it's a strange thing to do.
This isn't part of the file format, so it's just a quirk of the Linux and Windows implementations.

Ambiguous licensing

I am unable to find any license governing the C Linux and Windows versions of the software. There's no LICENSE file, and the individual sources are not consistently marked. The AES implementation is embedded and marked as GPL, which suggests the entire source is GPL.
So at the moment a conservative take would be that AES Crypt is source available but not necessarily Open Source.

Perhaps some code quality issues?

There were a couple cases of undefined behavior. I submitted a patch to fix these. (Update: This patch was never accepted, and so AES Crypt still invokes undefined behavior each time it's used to encrypt data, making all its output suspect.)
The very second time I ran the aescrypt command after compiling it, I got a segmentation fault, which was pretty alarming. I submitted a patch to fix this, too (Update: also never accepted), but considering how quickly I found this, I wonder how many more issues are lingering. File name handling is a mess. Though, as a command line program, it's probably reasonable to consider the command line arguments trusted inputs.
I looked mostly at the code that does encryption and decryption, and that part is pretty solid. It does thorough error checking and is even careful to clean up before bailing out.

Variable-time comparison

The memcmp() function is used to verify the authentication tag, which takes a variable amount of time to complete. It's not significant for a command line application like this since it's never going to behave as an oracle for an attacker, but something to notice, especially if the code is reused in, say, a server implementation of AES Crypt.

The Good News

It's not well documented, but the encryption scheme is AES-256 in CBC mode, authenticated with encrypt-then-authenticate HMAC-SHA256. Except for the lack of padding, it's all solid stuff. The IV is generated and used properly, and the (pointless) intermediate key is also generated properly (C version, Linux and Windows).
The program makes consistent and reasonable attempts to sanitize memory holding sensitive information. Well done!
As I noted, the actual file parsing and crypto routines are, for the most part, robust with error checking and input validation. (Though, I did notice the upper four bits of last_block_size is allowed to hold any value with no impact on the result.)
If the padding issue is fixed with a new file format, then it's reasonable to recommend this tool with the caveat that the KDF is weak and so your passphrases must be especially strong.
Disclaimer: I wrote and maintain a similar open source tool called Enchive which is perhaps a "competitor" in this area.
submitted by skeeto to privacytoolsIO [link] [comments]

Are 12-word Seeds for Bitcoin Private Keys Secure? (A Mathematical Adventure)

When you go to generate a private key, you usually generate a seed of at least 12 words (many wallets, including those discussed here, also allow 24 words to be used), but this set of words will be taken from a dictionary of varying size depending on the wallet software.
If my research is correct, there are 2256 possible bitcoin private key combinations, or ~1077.
Also:
The important thing to remember is that every 1 less exponent to the 10th power means 1/10th as many combinations. Therefore, the following table shows the relative security of each dictionary compared to a purely randomly generated private key alone.
Dictionary Size Combos Relative Strength to All Combinations
1,626 1038 1 / 1000000000000000000000000000000000000000
4,096 1043 1 / 10000000000000000000000000000000000
200,000 1062 1 / 1000000000000000
N/A 1077 1
But does this matter? (The big question)
This next part is where I'm not sure, because I'm about to compare bitcoin mining to generating random private numbers, and I don't know if it's a good comparison. But let's say the biggest mining pool (Antpool)'s entire strength (845 Petahash / sec) was dedicated to guessing private key seeds. Like a massive dictionary attack. Of course in the real world it would be slower because each wallet must be checked for balance.
Let's divide that into the total combos to get the crack time of all combos:
Dictionary Size Combinations Crack Time (s) Translated Time
1,626 1038 1020 ~1012 years
4,096 1043 1025 ~1017 years
200,000 1062 1044 ~1036 years
For scale, the age of the universe is 109 years. But remember, that would be to calculate ALL possible combinations. Let's look at one wallet example, which publishes that there are currently 16 million users of theirs. Let's just use that (~107) as the total number of private keys in-use for each wallet-dictionary configuration above (yes it's a very rough estimate).
So let's estimate how long it would take the mining pool to correctly guess just ONE of these users' private key. The probability (P) of each guess will be users (U) 107 divided by the number of combinations (C). The inverse of this will be the number of guesses to get one right (G). Therefore Guesses divided by hashrate (H) is the Time (T) required for one correct guess. So...
P = U÷C G = 1÷P = C÷U T = G ÷ H ∴ Guess Time = (Combinations ÷ Users) ÷ Hashrate 
If we want to make this useful in the future, we can create a general equation by substituting our calculation of combinations.
D = Dictionary Size N = Number of words in seed U = Users (Wallets using dictionary) H = Hashrate (guesses per second) Guess Time = ((D^N)/U)/H 
Or:
| Guess Time of One Key (in seconds) = DN ÷ (U×H)
This general equation should be correct for all cases, if U and H can be accurately determined. Let's try this out with our examples from above to see if we are safe!
Assuming: 12 words, 107 users, 1018 H/s
Dictionary Size Time Per Correct Guess
1,626 ~ 1 Million Years
4,096 ~ 10 Billion Years
200,000 ~ 1031 (10 thousand billion billion billion) years
Conclusions / TL;DR:
I would say at this point in time, it is perfectly fine to use 12 seed words with a reasonably large dictionary. Remember, the above table is just for one single correct guess. We also assumed instant checking of wallets. Because the time is inversely proportional to the power, we might say the time to guess will halve every year (other variables being equal), which makes total sense.
We can calculate how long until each configuration (of a particular # of words and dictionary size) will only take one second per guess, by doing [Time per guess in any "time unit" ÷ 2x = 1 "time unit"] and solving for X.
At this rate, with a 1626 word dictionary, using 12 words, it will be around 40 years until 1 key can be guessed per second. Or 20 years until 1 Key per year. At which point you can just add a 13th word.
Edit: Another good point: Adding a custom word to your seed is an excellent idea. It would instantly expand the dictionary to be as large as the entire english language, or, if it's not an english word, as large as all words in all languages. Making your seed unguessable if that dictionary is attacked.
Edit 2: Lots of people are quick to pounce and say that the hash rate I use as a guessing speed is wrong (which I said right off the bat), or that the seed-words are used differently than what I said, having to do with entropy. This whole post is a oversimplified, theoretical, very rough guess, where even if it was exactly correct it wouldn't have drawn a different conclusion. The guess-rate I chose would obviously be much much slower in reality, so this would be a worst-case scenario.
submitted by Angstrom5 to Bitcoin [link] [comments]

Bitcoin skepticism.

I've always been skeptical of the value of bitcoin. I've been watching bitcoin for a long time since back when you could by 10000 bitcoins for like a dollar. Mainly because as a developer I would see it pop in my news feed constantly. I thought it seems like a novel idea, and as a reader the Cryptonomicon kinda gave me a warm fuzzy to see it take off as a reality.
But that was were my warm fuzzy's ended. My first thought was it'll be a year before this gets shut down by the SEC or embroiled in some sort of lawsuits from the IRS. I was surprised when nothing happened, but overall it seemed to just go on. I heard about people using it on the dark web and that made sense, this was even mentioned in the Cryptonomicon that in any frontier the forerunners are often the criminals. Eventually though it saw some legitimacy, some websites started accepting it as currency the value started to rise meeting parity with the dollar.
I started to read some of the stuff about it. What is a bitcoin? Well, that's when I came across my first problem with how bitcoin works. Bitcoin mining is built on a concept called Proof of Work, from the Bitcoin wiki:
A proof of work is a piece of data which is difficult (costly, time-consuming) to produce but easy for others to verify and which satisfies certain requirements. Producing a proof of work can be a random process with low probability so that a lot of trial and error is required on average before a valid proof of work is generated. Bitcoin uses the Hashcash proof of work system.
But is that data valuable? Well... no. The value of bitcoin is spent cpu cycles. If we really break it down the value of bitcoin is entropy. That's what people are trading. Bitcoin is a commodity currency where the commodity is... literally entropy. I thought surely people will realize that the value of this is nothing but spent energy. But the price kept rising.
Now these days you see people defending the idea of bitcoin. When you point out any sort of flaw in how bitcoin is built you get back unintelligible answers that basically break down to, "The ontology of this ontology is the ontology of this ontology." I'm kind of fed up with listening to these people yammer nonsensically about what a great thing bitcoin is. Is anyone else experiencing the same thing?
submitted by stillbourne to skeptic [link] [comments]

/r/Bitcoin FAQ - Newcomers please read

Welcome to Bitcoin!

Maybe you're here because you've received a tip on social media or from /FreeBits, or maybe you've just been hearing a lot recently about Bitcoin and are wondering what the big deal is? The following videos are a good starting point for understanding how bitcoin works and a little bit about its long term potential:

What are Bitcoins worth and where can I buy them?

Bitcoins are valued at what market price people are willing to pay for them. Here is a useful site that shows how much various denominations of bitcoin are worth in different currencies. Alternatively you can just google "1 bitcoin in (your local currency)".
You can buy or sell any amount of bitcoin (from as little as $1 worth) and there are several easy methods to purchase bitcoin with cash, credit card or bank account. Top recommendations include:
US & Europe
China
Also exchanges such as those listed below can be used with bank transfer in most of Europe and US
For even more bitcoin exchanges by country location, review these exchange country listings.

Where can I spend Bitcoins?

A comprehensive list can be found at TheBitcoinPage.com but some of the key ones are below:
There are also lots of charities which accept bitcoin donations, such as Wikipedia and the RNLI. You can find a longer list here.

Merchant Resources

If you operate a business and want to accept bitcoin as a payment method, there are several options available:

Can I mine bitcoin?

Mining bitcoins can be a fun hobby but be aware that you will most likely operate at a loss. Newcomers are often advised to stay away from mining unless they are only interested in it as a hobby similar to folding at home. If you want to learn more about mining you can read more here. Still have mining questions? The friendly folks at /BitcoinMining would be happy to help you out.

Securing your bitcoins

With bitcoin you can be your own bank and personally secure your bitcoins or you can use trusted companies such as Coinbase and Circle which have secured wallets where they hold the bitcoins for you and provide insurance. Be sure to only deal with reputable companies, if you have any concerns about a company's trustworthiness just ask or check their consumer reviews and ratings.
If you prefer to have direct control over your coins without having to use a trusted third party you can use personal wallets for desktops / laptops, android and iOS where you alone hold your private keys. Electrum, Mycelium and breadwallet are popular, but there are many options.
Find a wallet that works best for you
For increased security use Two Factor Authentication (2FA) everywhere it is offered, including email! (2FA requires a second confirmation code to access your account, usually from a text message or app, making it much harder for thieves to gain access). Google Authenticator and Authy are two great apps for handling 2FA.
Additional security systems such as Mycelium Entropy (for printing multi-signature paper wallets) and the Trezor Hardware Wallet are great ways to easily secure your coins. Or, you can opt to secure your bitcoin using cold storage.
Note: Do not use brainwallets unless you are an expert, they are known to be vulnerable to theft unless set up correctly.

Tipping

Bitcoin Units

One Bitcoin is quite large (hundreds of £/$/€) so people often deal in smaller units. There's lots of discussion about which unit is the most appropriate so you might see people using different ones until people agree:
Unit Value Info
mBitcoin / mBTC 1,000 in a bitcoin SI unit for milli i.e. millilitre (ml) or millimeter (mm)
μBitcoin / μBTC 1,000,000 in a bitcoin SI unit for micro i.e microlitre (μl) or micrometre (μm)
bits 1,000,000 in a bitcoin Colloquial term with the same value as μBTC
Satoshi 100,000,000 in a bitcoin The smallest unit of bitcoin, named after the inventor
For example, assuming an exchange rate of $500 for one Bitcoin, a $10 meal would equal:
Assuming the worth of bitcoin continues to increase, it will become easier to work at these lower divisions in day to day life.
Still have questions? The friendly folks at /BitcoinBeginners would be happy to help you out. If you decide to post a question in /Bitcoin, please use the search bar to see if it has been answered before and remember to follow the community rules outlined on the sidebar to receive a better response. The mods are busy helping manage our community so please do not message them unless you notice problems with the functionality of the subreddit.
Welcome to the Bitcoin community and the new decentralized economy!
submitted by BashCo to Bitcoin [link] [comments]

13. Learn how to Backup your Bitcoin Seed on SEEDPLATE metal backup. Devices For Bitcoin - YouTube Bitcoin Mining Pool Facility in Iceland - GET PAID DAILY! Join today! BIP39 basics: generating mnemonic and seed from entropy (bitcoin python) Probability in Bitcoin Mining: The Hashing Function

Build Your Own Portable Bitcoin Mining Rig / Battlestation: Greetings Everyone ! This is XK ; For a really long time since i bought and build my own Bitcoin Miners , I have always wanted to build something more "dedicated " for mining tasks rather than using classical Server cabinets and so on. Something… In this paper we investigate the ability of several econometrical models to forecast value at risk for a sample of daily time series of cryptocurrency returns. Using high frequency data for Bitcoin, we estimate the entropy of intraday distribution of logreturns through the symbolic time series analysis (STSA), producing low-resolution data from high-resolution data. Bitcoin Mining Hardware Guide The best Bitcoin mining hardware has evolved dramatically since 2009. At first, miners used their central processing unit (CPU) to mine, but soon this wasn't fast enough and it bogged down the system resources of the host computer. Miners quickly moved on to using the graphical processing unit (GPU) in computer graphics cards because they were able to hash data 50 ... How can we add more entropy in the block header? What are the different forms of ASICBoost? What do the warnings about ‘unknown block versions being mined’ mean? CORRECTION: At 3 minutes in, I start talking about ASICBoost. First, […] More. Home; Tech News; PHP; Programming; WordPress. WordPress Themes; WordPress Plugins ; Software; Computers and Technology; Mobile Computing; Search ... needed to mine and verify Bitcoin transactions currently resides in China, according to a recent study . by Kaiser et al. [26]. However, as shown in Figure 1 a,b, the time series of BTC/USD and ...

[index] [27188] [31221] [12536] [6446] [44324] [4991] [35447] [46012] [9762] [18625]

13. Learn how to Backup your Bitcoin Seed on SEEDPLATE metal backup.

BitClub Network DIGITAL CURRENCY Mining in Iceland. Get PAID DAILY in Bitclub Network when you buy into one of their digital currency mining pools, mine BITCOIN, ETHEREUM, ZCASH or CLUBCOIN. http ... Daniel & I continue our discussion of the basics of Bitcoin. Here we talk about Entropy. Free Bitcoin Mining In Your Tesla Car / CME Bitcoin Futures Launch 18th Dec / Safest Paper Wallets? The Cryptoverse. Loading... Unsubscribe from The Cryptoverse? Cancel Unsubscribe. Working ... Entropy Calculation Part 2 - Intro to Machine Learning - Duration: 0:04. Udacity 4,655 views. 0:04 . Introduction to Entropy for Data Science - Duration: 9:01. mfschulte222 73,522 views. 9:01. Mix ... In this video, we will start a new series - coding bitcoin wallet in python. Using python3 I am going through the implementation of BIP39 - deriving a mnemonic 24-word sentence from given entropy ...

#