Pip value calculator FXTM EU - FXTM Global

Easy probability calculation of bip 91 activation this period. /r/Bitcoin

Easy probability calculation of bip 91 activation this period. /Bitcoin submitted by BitcoinAllBot to BitcoinAll [link] [comments]

The Privacy Coin Guide Part 1

As interest picks up in crypto again, I want to share this post I made on privacy coins again to just give the basics of their evolution. This is only part 1, and parts 2 and 3 are not available in this format, but this part is informative and basic.
If you’re looking for a quick and easy way to assess what the best privacy coin in the current space is, which has the best features, or which is most likely to give high returns, then this is not that guide. My goal is to give you the power to make your own decisions, to clearly state my biases, and educate. I really wanted to understand this niche of the crypto-space due to my background and current loyalties[1], and grasp the nuances of the features, origins and timelines of technologies used in privacy coins, while not being anything close to a developer myself. This is going to be a 3-part series, starting with an overview and basic review of the technology, then looking at its implications, and ending with why I like a specific project. It might be mildly interesting or delightfully educational. Cryptocurrencies are young and existing privacy coins are deploying technology that is a work in progress. This series assumes a basic understanding of how blockchains work, specifically as used in cryptocurrencies. If you don’t have that understanding, might I suggest that you get it? [2],[3],[4] Because cryptocurrencies have a long way to go before reaching their end-game: when the world relies on the technology without understanding it. So, shall we do a deep dive into the privacy coin space?

FIRST THERE WAS BITCOIN

Cryptocurrencies allow you to tokenize value and track its exchange between hands over time, with transaction information verified by a distributed network of users. The most famous version of a cryptocurrency in use is Bitcoin, defined as peer-to-peer electronic cash. [5] Posted anonymously in 2008, the whitepaper seemed to be in direct response to the global financial meltdown and public distrust of the conventional banking and financing systems. Although cryptographic techniques are used in Bitcoin to ensure that (i) only the owner of a specific wallet has the authority to spend funds from that wallet, (ii) the public address is linked but cannot be traced by a third party to the private address (iii) the information is stored via cryptographic hashing in a merkle tree structure to ensure data integrity, the actual transaction information is publicly visible on the blockchain and can be traced back to the individual through chain analysis.[6] This has raised fears of possible financial censorship or the metaphorical tainting of money due to its origination point, as demonstrated in the Silk Road marketplace disaster.[7] This can happen because fiat money is usually exchanged for cryptocurrency at some point, as crypto-enthusiasts are born in the real world and inevitably cash out. There are already chain analysis firms and software that are increasingly efficient at tracking transactions on the Bitcoin blockchain.[8] This lack of privacy is one of the limitations of Bitcoin that has resulted in the creation of altcoins that experiment with the different features a cryptocurrency can have. Privacy coins are figuring out how to introduce privacy in addition to the payment network. The goal is to make the cryptocurrency fungible, each unit able to be exchanged for equal value without knowledge of its transaction history – like cash, while being publicly verifiable on a decentralized network. In other words, anyone can add the math up without being able to see the full details. Some privacy solutions and protocols have popped up as a result:

CRYPTONOTE – RING SIGNATURES AND STEALTH ADDRESSES

Used in: Monero and Particl as its successor RING-CT, Bytecoin
In December 2012, CryptoNote introduced the use of ring signatures and stealth addresses (along with other notable features such as its own codebase) to improve cryptocurrency privacy.[9] An updated CryptoNote version 2 came in October 2013 [10](though there is some dispute over this timeline [11]), also authored under the name Nicolas van Saberhagen. Ring signatures hide sender information by having the sender sign a transaction using a signature that could belong to multiple users. This makes a transaction untraceable. Stealth addresses allow a receiver to give a single address which generates a different public address for funds to be received at each time funds are sent to it. That makes a transaction unlinkable. In terms of privacy, CryptoNote gave us a protocol for untraceable and unlinkable transactions. The first implementation of CryptoNote technology was Bytecoin in March 2014 (timeline disputed [12]), which spawned many children (forks) in subsequent years, a notable example being Monero, based on CryptoNote v2 in April 2014.
RING SIGNATURES and STEALTH ADDRESSES

PROS

– Provides sender and receiver privacy
– Privacy can be default
– Mature technology
– Greater scalability with bulletproofs
– Does not require any third-party

CONS

– Privacy not very effective without high volume
-Does not hide transaction information if not combined with another protocol.

COINJOIN

Used in: Dash
Bitcoin developer Gregory Maxwell proposed a set of solutions to bring privacy to Bitcoin and cryptocurrencies, the first being CoinJoin (January 28 – Aug 22, 2013).[13],[14] CoinJoin (sometimes called CoinSwap) allows multiple users to combine their transactions into a single transaction, by receiving inputs from multiple users, and then sending their outputs to the multiple users, irrespective of who in the group the inputs came from. So, the receiver will get whatever output amount they were supposed to, but it cannot be directly traced to its origination input. Similar proposals include Coinshuffle in 2014 and Tumblebit in 2016, building on CoinJoin but not terribly popular [15],[16]. They fixed the need for a trusted third party to ‘mix’ the transactions. There are CoinJoin implementations that are being actively worked on but are not the most popular privacy solutions of today. A notable coin that uses CoinJoin technology is Dash, launched in January 2014, with masternodes in place of a trusted party.
COINJOIN

PROS

– Provides sender and receiver privacy
– Easy to implement on any cryptocurrency
– Lightweight
– Greater scalability with bulletproofs
– Mature technology

CONS

– Least anonymous privacy solution. Transaction amounts can be calculated
– Even without third-party mixer, depends on wealth centralization of masternodes

ZEROCOIN

Used in: Zcoin, PIVX
In May 2013, the Zerocoin protocol was introduced by John Hopkins University professor Matthew D. Green and his graduate students Ian Miers and Christina Garman.[17] In response to the need for use of a third party to do CoinJoin, the Zerocoin proposal allowed for a coin to be destroyed and remade in order to erase its history whenever it is spent. Zero-knowledge cryptography and zero-knowledge proofs are used to prove that the new coins for spending are being appropriately made. A zero-knowledge proof allows one party to prove to another that they know specific information, without revealing any information about it, other than the fact that they know it. Zerocoin was not accepted by the Bitcoin community as an implementation to be added to Bitcoin, so a new cryptocurrency had to be formed. Zcoin was the first cryptocurrency to implement the Zerocoin protocol in 2016. [18]
ZEROCOIN

PROS

– Provides sender and receiver privacy
– Supply can be audited
– Relatively mature technology
– Does not require a third-party

CONS

– Requires trusted setup (May not be required with Sigma protocol)
– Large proof sizes (not lightweight)
– Does not provide full privacy for transaction amounts

ZEROCASH

Used in: Zcash, Horizen, Komodo, Zclassic, Bitcoin Private
In May 2014, the current successor to the Zerocoin protocol, Zerocash, was created, also by Matthew Green and others (Eli Ben-Sasson, Alessandro Chiesa, Christina Garman, Matthew Green, Ian Miers, Eran Tromer, Madars Virza).[19] It improved upon the Zerocoin concept by taking advantage of zero-knowledge proofs called zk-snarks (zero knowledge succinct non-interactive arguments of knowledge). Unlike Zerocoin, which hid coin origins and payment history, Zerocash was faster, with smaller transaction sizes, and hides transaction information on the sender, receiver and amount. Zcash is the first cryptocurrency to implement the Zerocash protocol in 2016. [20]
ZEROCASH

PROS

– Provides full anonymity. Sender, receiver and amount hidden.
– Privacy can be default?
– Fast due to small proof sizes.
– Payment amount can be optionally disclosed for auditing
– Does not require any third-party

CONS

– Requires trusted setup. (May be improved with zt-starks technology)
– Supply cannot be audited. And coins can potentially be forged without proper implementation.
– Private transactions computationally intensive (improved with Sapling upgrade)

CONFIDENTIAL TRANSACTIONS

Used in: Monero and Particl with Ring Signatures as RING-CT
The next proposal from Maxwell was that of confidential transactions, proposed in June 2015 as part of the Sidechain Elements project from Blockstream, where Maxwell was Chief Technical Officer.[21],[22] It proposed to hide the transaction amount and asset type (e.g. deposits, currencies, shares), so that only the sender and receiver are aware of the amount, unless they choose to make the amount public. It uses homomorphic encryption[23] to encrypt the inputs and outputs by using blinding factors and a kind of ring signature in a commitment scheme, so the amount can be ‘committed’ to, without the amount actually being known. I’m terribly sorry if you now have the urge to go and research exactly what that means. The takeaway is that the transaction amount can be hidden from outsiders while being verifiable.
CONFIDENTIAL TRANSACTIONS

PROS

– Hides transaction amounts
– Privacy can be default
– Mature technology
– Does not require any third-party

CONS

– Only provides transaction amount privacy when used alone

RING-CT

Used in: Monero, Particl
Then came Ring Confidential transactions, proposed by Shen-Noether of Monero Research Labs in October 2015.[24] RingCT combines the use of ring signatures for hiding sender information, with the use of confidential transactions (which also uses ring signatures) for hiding amounts. The proposal described a new type of ring signature, A Multi-layered Linkable Spontaneous Anonymous Group signature which “allows for hidden amounts, origins and destinations of transactions with reasonable efficiency and verifiable, trustless coin generation”.[25] RingCT was implemented in Monero in January 2017 and made mandatory after September 2017.
RING -CONFIDENTIAL TRANSACTIONS

PROS

– Provides full anonymity. Hides transaction amounts and receiver privacy
– Privacy can be default
– Mature technology
– Greater scalability with bulletproofs
– Does not require any third-party

CONS

– Privacy not very effective without high volume

MIMBLEWIMBLE

Used in: Grin
Mimblewimble was proposed in July 2016 by pseudonymous contributor Tom Elvis Jedusorand further developed in October 2016 by Andrew Poelstra.[26],[27] Mimblewimble is a “privacy and fungibility focused cryptocoin transaction structure proposal”.[28] The key words are transaction structure proposal, so the way the blockchain is built is different, in order to accommodate privacy and fungibility features. Mimblewimble uses the concept of Confidential transactions to keep amounts hidden, looks at private keys and transaction information to prove ownership of funds rather than using addresses, and bundles transactions together instead of listing them separately on the blockchain. It also introduces a novel method of pruning the blockchain. Grin is a cryptocurrency in development that is applying Mimblewimble. Mimblewimble is early in development and you can understand it more here [29].
MIMBLEWIMBLE

PROS

– Hides transaction amounts and receiver privacy
– Privacy is on by default
– Lightweight
– No public addresses?

CONS

– Privacy not very effective without high volume
– Sender and receiver must both be online
– Relatively new technology

ZEXE

Fresh off the minds of brilliant cryptographers (Sean Bowe, Alessandro Chiesa, Matthew Green, Ian Miers, Pratyush Mishra, Howard Wu), in October 2018 Zexe proposed a new cryptographic primitive called ‘decentralized private computation.[30] It allows users of a decentralized ledger to “execute offline computations that result in transactions”[31], but also keeps transaction amounts hidden and allows transaction validation to happen at any time regardless of computations being done online. This can have far reaching implications for privacy coins in the future. Consider cases where transactions need to be automatic and private, without both parties being present.

NETWORK PRIVACY

Privacy technologies that look at network privacy as nodes communicate with each other on the network are important considerations, rather than just looking at privacy on the blockchain itself. Anonymous layers encrypt and/or reroute data as it moves among peers, so it is not obvious who they originate from on the network. They are used to protect against surveillance or censorship from ISPs and governments. The Invisible Internet Project (I2P) is an anonymous network layer that uses end to end encryption for peers on a network to communicate with each other.[32] Its history dates back to 2003. Kovri is a Monero created implementation of I2P.[33] The Onion Router (Tor) is another anonymity layer [34]) that Verge is a privacy cryptocurrency that uses. But its historical link to the US government may be is concerning to some[35]. Dandelion transaction relay is also an upcoming Bitcoin improvement proposal (BIP) that scrambles IP data that will provide network privacy for Bitcoin as transaction and other information is transmitted.[36],[37],[38]

UPCOMING

Monero completed bulletproofs protocol updates that reduce RINGCT transaction sizes and thus transaction fee costs. (Bulletproofs are a replacement for range proofs used in confidential transactions that aid in encrypting inputs and outputs by making sure they add to zero).
Sigma Protocol – being actively researched by Zcoin team as of 2018 to replace Zerocoin protocol so that a trusted setup is not required.[39] There is a possible replacement for zk-snarks, called zk-starks, another form of zero-knowledge proof technology, that may make a trusted set-up unnecessary for zero-knowledege proof coins.[40]

PART 1 CONCLUSION OF THE PRIVACY COIN GUIDE ON THE TECHNOLOGY BEHIND PRIVACY COINS

Although Bitcoin is still a groundbreaking technology that gives us a trust-less transaction system, it has failed to live up to its expectations of privacy. Over time, new privacy technologies have arrived and are arriving with innovative and exciting solutions for Bitcoin’s lack of fungibility. It is important to note that these technologies are built on prior research and application, but we are considering their use in cryptocurrencies. Protocols are proposed based on cryptographic concepts that show how they would work, and then developers actually implement them. Please note that I did not include the possibility of improper implementation as a disadvantage, and the advantages assume that the technical development is well done. A very important point is that coins can also adapt new privacy technologies as their merits become obvious, even as they start with a specific privacy protocol. Furthermore, I am, unfortunately, positive that this is not an exhaustive overview and I am only covering publicized solutions. Next, we’ll talk more about the pros and cons and give an idea of how the coins can be compared.

There's a video version that can be watched, and you can find out how to get the second two parts if you want on my website (video link on the page): https://cryptoramble.com/guide-on-privacy-coins/
submitted by CryptoRamble to ethereum [link] [comments]

The Privacy Coin Guide Part 1

As interest picks up in crypto again, I want to share this post I made on privacy coins again to just give the basics of their evolution. This is only part 1, and parts 2 and 3 are not available in this format, but this part is informative and basic.
If you’re looking for a quick and easy way to assess what the best privacy coin in the current space is, which has the best features, or which is most likely to give high returns, then this is not that guide. My goal is to give you the power to make your own decisions, to clearly state my biases, and educate. I really wanted to understand this niche of the crypto-space due to my background and current loyalties[1], and grasp the nuances of the features, origins and timelines of technologies used in privacy coins, while not being anything close to a developer myself. This is going to be a 3-part series, starting with an overview and basic review of the technology, then looking at its implications, and ending with why I like a specific project. It might be mildly interesting or delightfully educational. Cryptocurrencies are young and existing privacy coins are deploying technology that is a work in progress. This series assumes a basic understanding of how blockchains work, specifically as used in cryptocurrencies. If you don’t have that understanding, might I suggest that you get it? [2],[3],[4] Because cryptocurrencies have a long way to go before reaching their end-game: when the world relies on the technology without understanding it. So, shall we do a deep dive into the privacy coin space?

FIRST THERE WAS BITCOIN

Cryptocurrencies allow you to tokenize value and track its exchange between hands over time, with transaction information verified by a distributed network of users. The most famous version of a cryptocurrency in use is Bitcoin, defined as peer-to-peer electronic cash. [5] Posted anonymously in 2008, the whitepaper seemed to be in direct response to the global financial meltdown and public distrust of the conventional banking and financing systems. Although cryptographic techniques are used in Bitcoin to ensure that (i) only the owner of a specific wallet has the authority to spend funds from that wallet, (ii) the public address is linked but cannot be traced by a third party to the private address (iii) the information is stored via cryptographic hashing in a merkle tree structure to ensure data integrity, the actual transaction information is publicly visible on the blockchain and can be traced back to the individual through chain analysis.[6] This has raised fears of possible financial censorship or the metaphorical tainting of money due to its origination point, as demonstrated in the Silk Road marketplace disaster.[7] This can happen because fiat money is usually exchanged for cryptocurrency at some point, as crypto-enthusiasts are born in the real world and inevitably cash out. There are already chain analysis firms and software that are increasingly efficient at tracking transactions on the Bitcoin blockchain.[8] This lack of privacy is one of the limitations of Bitcoin that has resulted in the creation of altcoins that experiment with the different features a cryptocurrency can have. Privacy coins are figuring out how to introduce privacy in addition to the payment network. The goal is to make the cryptocurrency fungible, each unit able to be exchanged for equal value without knowledge of its transaction history – like cash, while being publicly verifiable on a decentralized network. In other words, anyone can add the math up without being able to see the full details. Some privacy solutions and protocols have popped up as a result:

CRYPTONOTE – RING SIGNATURES AND STEALTH ADDRESSES

Used in: Monero and Particl as its successor RING-CT, Bytecoin
In December 2012, CryptoNote introduced the use of ring signatures and stealth addresses (along with other notable features such as its own codebase) to improve cryptocurrency privacy.[9] An updated CryptoNote version 2 came in October 2013 [10](though there is some dispute over this timeline [11]), also authored under the name Nicolas van Saberhagen. Ring signatures hide sender information by having the sender sign a transaction using a signature that could belong to multiple users. This makes a transaction untraceable. Stealth addresses allow a receiver to give a single address which generates a different public address for funds to be received at each time funds are sent to it. That makes a transaction unlinkable. In terms of privacy, CryptoNote gave us a protocol for untraceable and unlinkable transactions. The first implementation of CryptoNote technology was Bytecoin in March 2014 (timeline disputed [12]), which spawned many children (forks) in subsequent years, a notable example being Monero, based on CryptoNote v2 in April 2014.
RING SIGNATURES and STEALTH ADDRESSES

PROS

– Provides sender and receiver privacy
– Privacy can be default
– Mature technology
– Greater scalability with bulletproofs
– Does not require any third-party

CONS

– Privacy not very effective without high volume
-Does not hide transaction information if not combined with another protocol.

COINJOIN

Used in: Dash
Bitcoin developer Gregory Maxwell proposed a set of solutions to bring privacy to Bitcoin and cryptocurrencies, the first being CoinJoin (January 28 – Aug 22, 2013).[13],[14] CoinJoin (sometimes called CoinSwap) allows multiple users to combine their transactions into a single transaction, by receiving inputs from multiple users, and then sending their outputs to the multiple users, irrespective of who in the group the inputs came from. So, the receiver will get whatever output amount they were supposed to, but it cannot be directly traced to its origination input. Similar proposals include Coinshuffle in 2014 and Tumblebit in 2016, building on CoinJoin but not terribly popular [15],[16]. They fixed the need for a trusted third party to ‘mix’ the transactions. There are CoinJoin implementations that are being actively worked on but are not the most popular privacy solutions of today. A notable coin that uses CoinJoin technology is Dash, launched in January 2014, with masternodes in place of a trusted party.
COINJOIN

PROS

– Provides sender and receiver privacy
– Easy to implement on any cryptocurrency
– Lightweight
– Greater scalability with bulletproofs
– Mature technology

CONS

– Least anonymous privacy solution. Transaction amounts can be calculated
– Even without third-party mixer, depends on wealth centralization of masternodes

ZEROCOIN

Used in: Zcoin, PIVX
In May 2013, the Zerocoin protocol was introduced by John Hopkins University professor Matthew D. Green and his graduate students Ian Miers and Christina Garman.[17] In response to the need for use of a third party to do CoinJoin, the Zerocoin proposal allowed for a coin to be destroyed and remade in order to erase its history whenever it is spent. Zero-knowledge cryptography and zero-knowledge proofs are used to prove that the new coins for spending are being appropriately made. A zero-knowledge proof allows one party to prove to another that they know specific information, without revealing any information about it, other than the fact that they know it. Zerocoin was not accepted by the Bitcoin community as an implementation to be added to Bitcoin, so a new cryptocurrency had to be formed. Zcoin was the first cryptocurrency to implement the Zerocoin protocol in 2016. [18]
ZEROCOIN

PROS

– Provides sender and receiver privacy
– Supply can be audited
– Relatively mature technology
– Does not require a third-party

CONS

– Requires trusted setup (May not be required with Sigma protocol)
– Large proof sizes (not lightweight)
– Does not provide full privacy for transaction amounts

ZEROCASH

Used in: Zcash, Horizen, Komodo, Zclassic, Bitcoin Private
In May 2014, the current successor to the Zerocoin protocol, Zerocash, was created, also by Matthew Green and others (Eli Ben-Sasson, Alessandro Chiesa, Christina Garman, Matthew Green, Ian Miers, Eran Tromer, Madars Virza).[19] It improved upon the Zerocoin concept by taking advantage of zero-knowledge proofs called zk-snarks (zero knowledge succinct non-interactive arguments of knowledge). Unlike Zerocoin, which hid coin origins and payment history, Zerocash was faster, with smaller transaction sizes, and hides transaction information on the sender, receiver and amount. Zcash is the first cryptocurrency to implement the Zerocash protocol in 2016. [20]
ZEROCASH

PROS

– Provides full anonymity. Sender, receiver and amount hidden.
– Privacy can be default?
– Fast due to small proof sizes.
– Payment amount can be optionally disclosed for auditing
– Does not require any third-party

CONS

– Requires trusted setup. (May be improved with zt-starks technology)
– Supply cannot be audited. And coins can potentially be forged without proper implementation.
– Private transactions computationally intensive (improved with Sapling upgrade)

CONFIDENTIAL TRANSACTIONS

Used in: Monero and Particl with Ring Signatures as RING-CT
The next proposal from Maxwell was that of confidential transactions, proposed in June 2015 as part of the Sidechain Elements project from Blockstream, where Maxwell was Chief Technical Officer.[21],[22] It proposed to hide the transaction amount and asset type (e.g. deposits, currencies, shares), so that only the sender and receiver are aware of the amount, unless they choose to make the amount public. It uses homomorphic encryption[23] to encrypt the inputs and outputs by using blinding factors and a kind of ring signature in a commitment scheme, so the amount can be ‘committed’ to, without the amount actually being known. I’m terribly sorry if you now have the urge to go and research exactly what that means. The takeaway is that the transaction amount can be hidden from outsiders while being verifiable.
CONFIDENTIAL TRANSACTIONS

PROS

– Hides transaction amounts
– Privacy can be default
– Mature technology
– Does not require any third-party

CONS

– Only provides transaction amount privacy when used alone

RING-CT

Used in: Monero, Particl
Then came Ring Confidential transactions, proposed by Shen-Noether of Monero Research Labs in October 2015.[24] RingCT combines the use of ring signatures for hiding sender information, with the use of confidential transactions (which also uses ring signatures) for hiding amounts. The proposal described a new type of ring signature, A Multi-layered Linkable Spontaneous Anonymous Group signature which “allows for hidden amounts, origins and destinations of transactions with reasonable efficiency and verifiable, trustless coin generation”.[25] RingCT was implemented in Monero in January 2017 and made mandatory after September 2017.
RING -CONFIDENTIAL TRANSACTIONS

PROS

– Provides full anonymity. Hides transaction amounts and receiver privacy
– Privacy can be default
– Mature technology
– Greater scalability with bulletproofs
– Does not require any third-party

CONS

– Privacy not very effective without high volume

MIMBLEWIMBLE

Used in: Grin
Mimblewimble was proposed in July 2016 by pseudonymous contributor Tom Elvis Jedusorand further developed in October 2016 by Andrew Poelstra.[26],[27] Mimblewimble is a “privacy and fungibility focused cryptocoin transaction structure proposal”.[28] The key words are transaction structure proposal, so the way the blockchain is built is different, in order to accommodate privacy and fungibility features. Mimblewimble uses the concept of Confidential transactions to keep amounts hidden, looks at private keys and transaction information to prove ownership of funds rather than using addresses, and bundles transactions together instead of listing them separately on the blockchain. It also introduces a novel method of pruning the blockchain. Grin is a cryptocurrency in development that is applying Mimblewimble. Mimblewimble is early in development and you can understand it more here [29].
MIMBLEWIMBLE

PROS

– Hides transaction amounts and receiver privacy
– Privacy is on by default
– Lightweight
– No public addresses?

CONS

– Privacy not very effective without high volume
– Sender and receiver must both be online
– Relatively new technology

ZEXE

Fresh off the minds of brilliant cryptographers (Sean Bowe, Alessandro Chiesa, Matthew Green, Ian Miers, Pratyush Mishra, Howard Wu), in October 2018 Zexe proposed a new cryptographic primitive called ‘decentralized private computation.[30] It allows users of a decentralized ledger to “execute offline computations that result in transactions”[31], but also keeps transaction amounts hidden and allows transaction validation to happen at any time regardless of computations being done online. This can have far reaching implications for privacy coins in the future. Consider cases where transactions need to be automatic and private, without both parties being present.

NETWORK PRIVACY

Privacy technologies that look at network privacy as nodes communicate with each other on the network are important considerations, rather than just looking at privacy on the blockchain itself. Anonymous layers encrypt and/or reroute data as it moves among peers, so it is not obvious who they originate from on the network. They are used to protect against surveillance or censorship from ISPs and governments. The Invisible Internet Project (I2P) is an anonymous network layer that uses end to end encryption for peers on a network to communicate with each other.[32] Its history dates back to 2003. Kovri is a Monero created implementation of I2P.[33] The Onion Router (Tor) is another anonymity layer [34]) that Verge is a privacy cryptocurrency that uses. But its historical link to the US government may be is concerning to some[35]. Dandelion transaction relay is also an upcoming Bitcoin improvement proposal (BIP) that scrambles IP data that will provide network privacy for Bitcoin as transaction and other information is transmitted.[36],[37],[38]

UPCOMING

Monero completed bulletproofs protocol updates that reduce RINGCT transaction sizes and thus transaction fee costs. (Bulletproofs are a replacement for range proofs used in confidential transactions that aid in encrypting inputs and outputs by making sure they add to zero).
Sigma Protocol – being actively researched by Zcoin team as of 2018 to replace Zerocoin protocol so that a trusted setup is not required.[39] There is a possible replacement for zk-snarks, called zk-starks, another form of zero-knowledge proof technology, that may make a trusted set-up unnecessary for zero-knowledege proof coins.[40]

PART 1 CONCLUSION OF THE PRIVACY COIN GUIDE ON THE TECHNOLOGY BEHIND PRIVACY COINS

Although Bitcoin is still a groundbreaking technology that gives us a trust-less transaction system, it has failed to live up to its expectations of privacy. Over time, new privacy technologies have arrived and are arriving with innovative and exciting solutions for Bitcoin’s lack of fungibility. It is important to note that these technologies are built on prior research and application, but we are considering their use in cryptocurrencies. Protocols are proposed based on cryptographic concepts that show how they would work, and then developers actually implement them. Please note that I did not include the possibility of improper implementation as a disadvantage, and the advantages assume that the technical development is well done. A very important point is that coins can also adapt new privacy technologies as their merits become obvious, even as they start with a specific privacy protocol. Furthermore, I am, unfortunately, positive that this is not an exhaustive overview and I am only covering publicized solutions. Next, we’ll talk more about the pros and cons and give an idea of how the coins can be compared.

There's a video version that can be watched, and you can find out how to get the second two parts if you want on my website (video link on the page): https://cryptoramble.com/guide-on-privacy-coins/
submitted by CryptoRamble to privacycoins [link] [comments]

The Privacy Coin Guide Part 1

As interest picks up in crypto again, I want to share this post I made on privacy coins again to just give the basics of their evolution. This is only part 1, and parts 2 and 3 are not available in this format, but this part is informative and basic.
If you’re looking for a quick and easy way to assess what the best privacy coin in the current space is, which has the best features, or which is most likely to give high returns, then this is not that guide. My goal is to give you the power to make your own decisions, to clearly state my biases, and educate. I really wanted to understand this niche of the crypto-space due to my background and current loyalties[1], and grasp the nuances of the features, origins and timelines of technologies used in privacy coins, while not being anything close to a developer myself. This is going to be a 3-part series, starting with an overview and basic review of the technology, then looking at its implications, and ending with why I like a specific project. It might be mildly interesting or delightfully educational. Cryptocurrencies are young and existing privacy coins are deploying technology that is a work in progress. This series assumes a basic understanding of how blockchains work, specifically as used in cryptocurrencies. If you don’t have that understanding, might I suggest that you get it? [2],[3],[4] Because cryptocurrencies have a long way to go before reaching their end-game: when the world relies on the technology without understanding it. So, shall we do a deep dive into the privacy coin space?

FIRST THERE WAS BITCOIN

Cryptocurrencies allow you to tokenize value and track its exchange between hands over time, with transaction information verified by a distributed network of users. The most famous version of a cryptocurrency in use is Bitcoin, defined as peer-to-peer electronic cash. [5] Posted anonymously in 2008, the whitepaper seemed to be in direct response to the global financial meltdown and public distrust of the conventional banking and financing systems. Although cryptographic techniques are used in Bitcoin to ensure that (i) only the owner of a specific wallet has the authority to spend funds from that wallet, (ii) the public address is linked but cannot be traced by a third party to the private address (iii) the information is stored via cryptographic hashing in a merkle tree structure to ensure data integrity, the actual transaction information is publicly visible on the blockchain and can be traced back to the individual through chain analysis.[6] This has raised fears of possible financial censorship or the metaphorical tainting of money due to its origination point, as demonstrated in the Silk Road marketplace disaster.[7] This can happen because fiat money is usually exchanged for cryptocurrency at some point, as crypto-enthusiasts are born in the real world and inevitably cash out. There are already chain analysis firms and software that are increasingly efficient at tracking transactions on the Bitcoin blockchain.[8] This lack of privacy is one of the limitations of Bitcoin that has resulted in the creation of altcoins that experiment with the different features a cryptocurrency can have. Privacy coins are figuring out how to introduce privacy in addition to the payment network. The goal is to make the cryptocurrency fungible, each unit able to be exchanged for equal value without knowledge of its transaction history – like cash, while being publicly verifiable on a decentralized network. In other words, anyone can add the math up without being able to see the full details. Some privacy solutions and protocols have popped up as a result:

CRYPTONOTE – RING SIGNATURES AND STEALTH ADDRESSES

Used in: Monero and Particl as its successor RING-CT, Bytecoin
In December 2012, CryptoNote introduced the use of ring signatures and stealth addresses (along with other notable features such as its own codebase) to improve cryptocurrency privacy.[9] An updated CryptoNote version 2 came in October 2013 [10](though there is some dispute over this timeline [11]), also authored under the name Nicolas van Saberhagen. Ring signatures hide sender information by having the sender sign a transaction using a signature that could belong to multiple users. This makes a transaction untraceable. Stealth addresses allow a receiver to give a single address which generates a different public address for funds to be received at each time funds are sent to it. That makes a transaction unlinkable. In terms of privacy, CryptoNote gave us a protocol for untraceable and unlinkable transactions. The first implementation of CryptoNote technology was Bytecoin in March 2014 (timeline disputed [12]), which spawned many children (forks) in subsequent years, a notable example being Monero, based on CryptoNote v2 in April 2014.
RING SIGNATURES and STEALTH ADDRESSES

PROS

– Provides sender and receiver privacy
– Privacy can be default
– Mature technology
– Greater scalability with bulletproofs
– Does not require any third-party

CONS

– Privacy not very effective without high volume
-Does not hide transaction information if not combined with another protocol.

COINJOIN

Used in: Dash
Bitcoin developer Gregory Maxwell proposed a set of solutions to bring privacy to Bitcoin and cryptocurrencies, the first being CoinJoin (January 28 – Aug 22, 2013).[13],[14] CoinJoin (sometimes called CoinSwap) allows multiple users to combine their transactions into a single transaction, by receiving inputs from multiple users, and then sending their outputs to the multiple users, irrespective of who in the group the inputs came from. So, the receiver will get whatever output amount they were supposed to, but it cannot be directly traced to its origination input. Similar proposals include Coinshuffle in 2014 and Tumblebit in 2016, building on CoinJoin but not terribly popular [15],[16]. They fixed the need for a trusted third party to ‘mix’ the transactions. There are CoinJoin implementations that are being actively worked on but are not the most popular privacy solutions of today. A notable coin that uses CoinJoin technology is Dash, launched in January 2014, with masternodes in place of a trusted party.
COINJOIN

PROS

– Provides sender and receiver privacy
– Easy to implement on any cryptocurrency
– Lightweight
– Greater scalability with bulletproofs
– Mature technology

CONS

– Least anonymous privacy solution. Transaction amounts can be calculated
– Even without third-party mixer, depends on wealth centralization of masternodes

ZEROCOIN

Used in: Zcoin, PIVX
In May 2013, the Zerocoin protocol was introduced by John Hopkins University professor Matthew D. Green and his graduate students Ian Miers and Christina Garman.[17] In response to the need for use of a third party to do CoinJoin, the Zerocoin proposal allowed for a coin to be destroyed and remade in order to erase its history whenever it is spent. Zero-knowledge cryptography and zero-knowledge proofs are used to prove that the new coins for spending are being appropriately made. A zero-knowledge proof allows one party to prove to another that they know specific information, without revealing any information about it, other than the fact that they know it. Zerocoin was not accepted by the Bitcoin community as an implementation to be added to Bitcoin, so a new cryptocurrency had to be formed. Zcoin was the first cryptocurrency to implement the Zerocoin protocol in 2016. [18]
ZEROCOIN

PROS

– Provides sender and receiver privacy
– Supply can be audited
– Relatively mature technology
– Does not require a third-party

CONS

– Requires trusted setup (May not be required with Sigma protocol)
– Large proof sizes (not lightweight)
– Does not provide full privacy for transaction amounts

ZEROCASH

Used in: Zcash, Horizen, Komodo, Zclassic, Bitcoin Private
In May 2014, the current successor to the Zerocoin protocol, Zerocash, was created, also by Matthew Green and others (Eli Ben-Sasson, Alessandro Chiesa, Christina Garman, Matthew Green, Ian Miers, Eran Tromer, Madars Virza).[19] It improved upon the Zerocoin concept by taking advantage of zero-knowledge proofs called zk-snarks (zero knowledge succinct non-interactive arguments of knowledge). Unlike Zerocoin, which hid coin origins and payment history, Zerocash was faster, with smaller transaction sizes, and hides transaction information on the sender, receiver and amount. Zcash is the first cryptocurrency to implement the Zerocash protocol in 2016. [20]
ZEROCASH

PROS

– Provides full anonymity. Sender, receiver and amount hidden.
– Privacy can be default?
– Fast due to small proof sizes.
– Payment amount can be optionally disclosed for auditing
– Does not require any third-party

CONS

– Requires trusted setup. (May be improved with zt-starks technology)
– Supply cannot be audited. And coins can potentially be forged without proper implementation.
– Private transactions computationally intensive (improved with Sapling upgrade)

CONFIDENTIAL TRANSACTIONS

Used in: Monero and Particl with Ring Signatures as RING-CT
The next proposal from Maxwell was that of confidential transactions, proposed in June 2015 as part of the Sidechain Elements project from Blockstream, where Maxwell was Chief Technical Officer.[21],[22] It proposed to hide the transaction amount and asset type (e.g. deposits, currencies, shares), so that only the sender and receiver are aware of the amount, unless they choose to make the amount public. It uses homomorphic encryption[23] to encrypt the inputs and outputs by using blinding factors and a kind of ring signature in a commitment scheme, so the amount can be ‘committed’ to, without the amount actually being known. I’m terribly sorry if you now have the urge to go and research exactly what that means. The takeaway is that the transaction amount can be hidden from outsiders while being verifiable.
CONFIDENTIAL TRANSACTIONS

PROS

– Hides transaction amounts
– Privacy can be default
– Mature technology
– Does not require any third-party

CONS

– Only provides transaction amount privacy when used alone

RING-CT

Used in: Monero, Particl
Then came Ring Confidential transactions, proposed by Shen-Noether of Monero Research Labs in October 2015.[24] RingCT combines the use of ring signatures for hiding sender information, with the use of confidential transactions (which also uses ring signatures) for hiding amounts. The proposal described a new type of ring signature, A Multi-layered Linkable Spontaneous Anonymous Group signature which “allows for hidden amounts, origins and destinations of transactions with reasonable efficiency and verifiable, trustless coin generation”.[25] RingCT was implemented in Monero in January 2017 and made mandatory after September 2017.
RING -CONFIDENTIAL TRANSACTIONS

PROS

– Provides full anonymity. Hides transaction amounts and receiver privacy
– Privacy can be default
– Mature technology
– Greater scalability with bulletproofs
– Does not require any third-party

CONS

– Privacy not very effective without high volume

MIMBLEWIMBLE

Used in: Grin
Mimblewimble was proposed in July 2016 by pseudonymous contributor Tom Elvis Jedusorand further developed in October 2016 by Andrew Poelstra.[26],[27] Mimblewimble is a “privacy and fungibility focused cryptocoin transaction structure proposal”.[28] The key words are transaction structure proposal, so the way the blockchain is built is different, in order to accommodate privacy and fungibility features. Mimblewimble uses the concept of Confidential transactions to keep amounts hidden, looks at private keys and transaction information to prove ownership of funds rather than using addresses, and bundles transactions together instead of listing them separately on the blockchain. It also introduces a novel method of pruning the blockchain. Grin is a cryptocurrency in development that is applying Mimblewimble. Mimblewimble is early in development and you can understand it more here [29].
MIMBLEWIMBLE

PROS

– Hides transaction amounts and receiver privacy
– Privacy is on by default
– Lightweight
– No public addresses?

CONS

– Privacy not very effective without high volume
– Sender and receiver must both be online
– Relatively new technology

ZEXE

Fresh off the minds of brilliant cryptographers (Sean Bowe, Alessandro Chiesa, Matthew Green, Ian Miers, Pratyush Mishra, Howard Wu), in October 2018 Zexe proposed a new cryptographic primitive called ‘decentralized private computation.[30] It allows users of a decentralized ledger to “execute offline computations that result in transactions”[31], but also keeps transaction amounts hidden and allows transaction validation to happen at any time regardless of computations being done online. This can have far reaching implications for privacy coins in the future. Consider cases where transactions need to be automatic and private, without both parties being present.

NETWORK PRIVACY

Privacy technologies that look at network privacy as nodes communicate with each other on the network are important considerations, rather than just looking at privacy on the blockchain itself. Anonymous layers encrypt and/or reroute data as it moves among peers, so it is not obvious who they originate from on the network. They are used to protect against surveillance or censorship from ISPs and governments. The Invisible Internet Project (I2P) is an anonymous network layer that uses end to end encryption for peers on a network to communicate with each other.[32] Its history dates back to 2003. Kovri is a Monero created implementation of I2P.[33] The Onion Router (Tor) is another anonymity layer [34]) that Verge is a privacy cryptocurrency that uses. But its historical link to the US government may be is concerning to some[35]. Dandelion transaction relay is also an upcoming Bitcoin improvement proposal (BIP) that scrambles IP data that will provide network privacy for Bitcoin as transaction and other information is transmitted.[36],[37],[38]

UPCOMING

Monero completed bulletproofs protocol updates that reduce RINGCT transaction sizes and thus transaction fee costs. (Bulletproofs are a replacement for range proofs used in confidential transactions that aid in encrypting inputs and outputs by making sure they add to zero).
Sigma Protocol – being actively researched by Zcoin team as of 2018 to replace Zerocoin protocol so that a trusted setup is not required.[39] There is a possible replacement for zk-snarks, called zk-starks, another form of zero-knowledge proof technology, that may make a trusted set-up unnecessary for zero-knowledege proof coins.[40]

PART 1 CONCLUSION OF THE PRIVACY COIN GUIDE ON THE TECHNOLOGY BEHIND PRIVACY COINS

Although Bitcoin is still a groundbreaking technology that gives us a trust-less transaction system, it has failed to live up to its expectations of privacy. Over time, new privacy technologies have arrived and are arriving with innovative and exciting solutions for Bitcoin’s lack of fungibility. It is important to note that these technologies are built on prior research and application, but we are considering their use in cryptocurrencies. Protocols are proposed based on cryptographic concepts that show how they would work, and then developers actually implement them. Please note that I did not include the possibility of improper implementation as a disadvantage, and the advantages assume that the technical development is well done. A very important point is that coins can also adapt new privacy technologies as their merits become obvious, even as they start with a specific privacy protocol. Furthermore, I am, unfortunately, positive that this is not an exhaustive overview and I am only covering publicized solutions. Next, we’ll talk more about the pros and cons and give an idea of how the coins can be compared.

There's a video version that can be watched, and you can find out how to get the second two parts if you want on my website (video link on the page): https://cryptoramble.com/guide-on-privacy-coins/
submitted by CryptoRamble to CryptoCurrencies [link] [comments]

The Privacy Coin Guide Part 1

As interest picks up in crypto again, I want to share this post I made on privacy coins again to just give the basics of their evolution. This is only part 1, and parts 2 and 3 are not available in this format, but this part is informative and basic.
If you’re looking for a quick and easy way to assess what the best privacy coin in the current space is, which has the best features, or which is most likely to give high returns, then this is not that guide. My goal is to give you the power to make your own decisions, to clearly state my biases, and educate. I really wanted to understand this niche of the crypto-space due to my background and current loyalties[1], and grasp the nuances of the features, origins and timelines of technologies used in privacy coins, while not being anything close to a developer myself. This is going to be a 3-part series, starting with an overview and basic review of the technology, then looking at its implications, and ending with why I like a specific project. It might be mildly interesting or delightfully educational. Cryptocurrencies are young and existing privacy coins are deploying technology that is a work in progress. This series assumes a basic understanding of how blockchains work, specifically as used in cryptocurrencies. If you don’t have that understanding, might I suggest that you get it? [2],[3],[4] Because cryptocurrencies have a long way to go before reaching their end-game: when the world relies on the technology without understanding it. So, shall we do a deep dive into the privacy coin space?

FIRST THERE WAS BITCOIN

Cryptocurrencies allow you to tokenize value and track its exchange between hands over time, with transaction information verified by a distributed network of users. The most famous version of a cryptocurrency in use is Bitcoin, defined as peer-to-peer electronic cash. [5] Posted anonymously in 2008, the whitepaper seemed to be in direct response to the global financial meltdown and public distrust of the conventional banking and financing systems. Although cryptographic techniques are used in Bitcoin to ensure that (i) only the owner of a specific wallet has the authority to spend funds from that wallet, (ii) the public address is linked but cannot be traced by a third party to the private address (iii) the information is stored via cryptographic hashing in a merkle tree structure to ensure data integrity, the actual transaction information is publicly visible on the blockchain and can be traced back to the individual through chain analysis.[6] This has raised fears of possible financial censorship or the metaphorical tainting of money due to its origination point, as demonstrated in the Silk Road marketplace disaster.[7] This can happen because fiat money is usually exchanged for cryptocurrency at some point, as crypto-enthusiasts are born in the real world and inevitably cash out. There are already chain analysis firms and software that are increasingly efficient at tracking transactions on the Bitcoin blockchain.[8] This lack of privacy is one of the limitations of Bitcoin that has resulted in the creation of altcoins that experiment with the different features a cryptocurrency can have. Privacy coins are figuring out how to introduce privacy in addition to the payment network. The goal is to make the cryptocurrency fungible, each unit able to be exchanged for equal value without knowledge of its transaction history – like cash, while being publicly verifiable on a decentralized network. In other words, anyone can add the math up without being able to see the full details. Some privacy solutions and protocols have popped up as a result:

CRYPTONOTE – RING SIGNATURES AND STEALTH ADDRESSES

Used in: Monero and Particl as its successor RING-CT, Bytecoin
In December 2012, CryptoNote introduced the use of ring signatures and stealth addresses (along with other notable features such as its own codebase) to improve cryptocurrency privacy.[9] An updated CryptoNote version 2 came in October 2013 [10](though there is some dispute over this timeline [11]), also authored under the name Nicolas van Saberhagen. Ring signatures hide sender information by having the sender sign a transaction using a signature that could belong to multiple users. This makes a transaction untraceable. Stealth addresses allow a receiver to give a single address which generates a different public address for funds to be received at each time funds are sent to it. That makes a transaction unlinkable. In terms of privacy, CryptoNote gave us a protocol for untraceable and unlinkable transactions. The first implementation of CryptoNote technology was Bytecoin in March 2014 (timeline disputed [12]), which spawned many children (forks) in subsequent years, a notable example being Monero, based on CryptoNote v2 in April 2014.
RING SIGNATURES and STEALTH ADDRESSES

PROS

– Provides sender and receiver privacy
– Privacy can be default
– Mature technology
– Greater scalability with bulletproofs
– Does not require any third-party

CONS

– Privacy not very effective without high volume
-Does not hide transaction information if not combined with another protocol.

COINJOIN

Used in: Dash
Bitcoin developer Gregory Maxwell proposed a set of solutions to bring privacy to Bitcoin and cryptocurrencies, the first being CoinJoin (January 28 – Aug 22, 2013).[13],[14] CoinJoin (sometimes called CoinSwap) allows multiple users to combine their transactions into a single transaction, by receiving inputs from multiple users, and then sending their outputs to the multiple users, irrespective of who in the group the inputs came from. So, the receiver will get whatever output amount they were supposed to, but it cannot be directly traced to its origination input. Similar proposals include Coinshuffle in 2014 and Tumblebit in 2016, building on CoinJoin but not terribly popular [15],[16]. They fixed the need for a trusted third party to ‘mix’ the transactions. There are CoinJoin implementations that are being actively worked on but are not the most popular privacy solutions of today. A notable coin that uses CoinJoin technology is Dash, launched in January 2014, with masternodes in place of a trusted party.
COINJOIN

PROS

– Provides sender and receiver privacy
– Easy to implement on any cryptocurrency
– Lightweight
– Greater scalability with bulletproofs
– Mature technology

CONS

– Least anonymous privacy solution. Transaction amounts can be calculated
– Even without third-party mixer, depends on wealth centralization of masternodes

ZEROCOIN

Used in: Zcoin, PIVX
In May 2013, the Zerocoin protocol was introduced by John Hopkins University professor Matthew D. Green and his graduate students Ian Miers and Christina Garman.[17] In response to the need for use of a third party to do CoinJoin, the Zerocoin proposal allowed for a coin to be destroyed and remade in order to erase its history whenever it is spent. Zero-knowledge cryptography and zero-knowledge proofs are used to prove that the new coins for spending are being appropriately made. A zero-knowledge proof allows one party to prove to another that they know specific information, without revealing any information about it, other than the fact that they know it. Zerocoin was not accepted by the Bitcoin community as an implementation to be added to Bitcoin, so a new cryptocurrency had to be formed. Zcoin was the first cryptocurrency to implement the Zerocoin protocol in 2016. [18]
ZEROCOIN

PROS

– Provides sender and receiver privacy
– Supply can be audited
– Relatively mature technology
– Does not require a third-party

CONS

– Requires trusted setup (May not be required with Sigma protocol)
– Large proof sizes (not lightweight)
– Does not provide full privacy for transaction amounts

ZEROCASH

Used in: Zcash, Horizen, Komodo, Zclassic, Bitcoin Private
In May 2014, the current successor to the Zerocoin protocol, Zerocash, was created, also by Matthew Green and others (Eli Ben-Sasson, Alessandro Chiesa, Christina Garman, Matthew Green, Ian Miers, Eran Tromer, Madars Virza).[19] It improved upon the Zerocoin concept by taking advantage of zero-knowledge proofs called zk-snarks (zero knowledge succinct non-interactive arguments of knowledge). Unlike Zerocoin, which hid coin origins and payment history, Zerocash was faster, with smaller transaction sizes, and hides transaction information on the sender, receiver and amount. Zcash is the first cryptocurrency to implement the Zerocash protocol in 2016. [20]
ZEROCASH

PROS

– Provides full anonymity. Sender, receiver and amount hidden.
– Privacy can be default?
– Fast due to small proof sizes.
– Payment amount can be optionally disclosed for auditing
– Does not require any third-party

CONS

– Requires trusted setup. (May be improved with zt-starks technology)
– Supply cannot be audited. And coins can potentially be forged without proper implementation.
– Private transactions computationally intensive (improved with Sapling upgrade)

CONFIDENTIAL TRANSACTIONS

Used in: Monero and Particl with Ring Signatures as RING-CT
The next proposal from Maxwell was that of confidential transactions, proposed in June 2015 as part of the Sidechain Elements project from Blockstream, where Maxwell was Chief Technical Officer.[21],[22] It proposed to hide the transaction amount and asset type (e.g. deposits, currencies, shares), so that only the sender and receiver are aware of the amount, unless they choose to make the amount public. It uses homomorphic encryption[23] to encrypt the inputs and outputs by using blinding factors and a kind of ring signature in a commitment scheme, so the amount can be ‘committed’ to, without the amount actually being known. I’m terribly sorry if you now have the urge to go and research exactly what that means. The takeaway is that the transaction amount can be hidden from outsiders while being verifiable.
CONFIDENTIAL TRANSACTIONS

PROS

– Hides transaction amounts
– Privacy can be default
– Mature technology
– Does not require any third-party

CONS

– Only provides transaction amount privacy when used alone

RING-CT

Used in: Monero, Particl
Then came Ring Confidential transactions, proposed by Shen-Noether of Monero Research Labs in October 2015.[24] RingCT combines the use of ring signatures for hiding sender information, with the use of confidential transactions (which also uses ring signatures) for hiding amounts. The proposal described a new type of ring signature, A Multi-layered Linkable Spontaneous Anonymous Group signature which “allows for hidden amounts, origins and destinations of transactions with reasonable efficiency and verifiable, trustless coin generation”.[25] RingCT was implemented in Monero in January 2017 and made mandatory after September 2017.
RING -CONFIDENTIAL TRANSACTIONS

PROS

– Provides full anonymity. Hides transaction amounts and receiver privacy
– Privacy can be default
– Mature technology
– Greater scalability with bulletproofs
– Does not require any third-party

CONS

– Privacy not very effective without high volume

MIMBLEWIMBLE

Used in: Grin
Mimblewimble was proposed in July 2016 by pseudonymous contributor Tom Elvis Jedusorand further developed in October 2016 by Andrew Poelstra.[26],[27] Mimblewimble is a “privacy and fungibility focused cryptocoin transaction structure proposal”.[28] The key words are transaction structure proposal, so the way the blockchain is built is different, in order to accommodate privacy and fungibility features. Mimblewimble uses the concept of Confidential transactions to keep amounts hidden, looks at private keys and transaction information to prove ownership of funds rather than using addresses, and bundles transactions together instead of listing them separately on the blockchain. It also introduces a novel method of pruning the blockchain. Grin is a cryptocurrency in development that is applying Mimblewimble. Mimblewimble is early in development and you can understand it more here [29].
MIMBLEWIMBLE

PROS

– Hides transaction amounts and receiver privacy
– Privacy is on by default
– Lightweight
– No public addresses?

CONS

– Privacy not very effective without high volume
– Sender and receiver must both be online
– Relatively new technology

ZEXE

Fresh off the minds of brilliant cryptographers (Sean Bowe, Alessandro Chiesa, Matthew Green, Ian Miers, Pratyush Mishra, Howard Wu), in October 2018 Zexe proposed a new cryptographic primitive called ‘decentralized private computation.[30] It allows users of a decentralized ledger to “execute offline computations that result in transactions”[31], but also keeps transaction amounts hidden and allows transaction validation to happen at any time regardless of computations being done online. This can have far reaching implications for privacy coins in the future. Consider cases where transactions need to be automatic and private, without both parties being present.

NETWORK PRIVACY

Privacy technologies that look at network privacy as nodes communicate with each other on the network are important considerations, rather than just looking at privacy on the blockchain itself. Anonymous layers encrypt and/or reroute data as it moves among peers, so it is not obvious who they originate from on the network. They are used to protect against surveillance or censorship from ISPs and governments. The Invisible Internet Project (I2P) is an anonymous network layer that uses end to end encryption for peers on a network to communicate with each other.[32] Its history dates back to 2003. Kovri is a Monero created implementation of I2P.[33] The Onion Router (Tor) is another anonymity layer [34]) that Verge is a privacy cryptocurrency that uses. But its historical link to the US government may be is concerning to some[35]. Dandelion transaction relay is also an upcoming Bitcoin improvement proposal (BIP) that scrambles IP data that will provide network privacy for Bitcoin as transaction and other information is transmitted.[36],[37],[38]

UPCOMING

Monero completed bulletproofs protocol updates that reduce RINGCT transaction sizes and thus transaction fee costs. (Bulletproofs are a replacement for range proofs used in confidential transactions that aid in encrypting inputs and outputs by making sure they add to zero).
Sigma Protocol – being actively researched by Zcoin team as of 2018 to replace Zerocoin protocol so that a trusted setup is not required.[39] There is a possible replacement for zk-snarks, called zk-starks, another form of zero-knowledge proof technology, that may make a trusted set-up unnecessary for zero-knowledege proof coins.[40]

PART 1 CONCLUSION OF THE PRIVACY COIN GUIDE ON THE TECHNOLOGY BEHIND PRIVACY COINS

Although Bitcoin is still a groundbreaking technology that gives us a trust-less transaction system, it has failed to live up to its expectations of privacy. Over time, new privacy technologies have arrived and are arriving with innovative and exciting solutions for Bitcoin’s lack of fungibility. It is important to note that these technologies are built on prior research and application, but we are considering their use in cryptocurrencies. Protocols are proposed based on cryptographic concepts that show how they would work, and then developers actually implement them. Please note that I did not include the possibility of improper implementation as a disadvantage, and the advantages assume that the technical development is well done. A very important point is that coins can also adapt new privacy technologies as their merits become obvious, even as they start with a specific privacy protocol. Furthermore, I am, unfortunately, positive that this is not an exhaustive overview and I am only covering publicized solutions. Next, we’ll talk more about the pros and cons and give an idea of how the coins can be compared.

There's a video version that can be watched, and you can find out how to get the second two parts if you want on my website (video link on the page): https://cryptoramble.com/guide-on-privacy-coins/
submitted by CryptoRamble to ethtrader [link] [comments]

Understanding SegWit

Understanding SegWit
https://preview.redd.it/tb8bvi3nec351.png?width=1920&format=png&auto=webp&s=2c02d9d52f7b00d460ad0ccf87d069e1fc2d31b2
The First layer scaling solution is comprised of 3 different scaling mechanisms:
· Sharding
· Hard fork
· SegWit
In my last two articles, I have already covered Hard Fork and Sharding. So here in this article, I will focus on the last scaling solution i.e SegWit.
What is SegWit?
SegWit stands for Segregating Witness
i.e separating the signatures from the transactions.
In this process, certain parts of a transaction are removed, which will free up space so that more transactions can be added to the chain. The idea behind using this method is to overcome the block size limit of blockchain transactions. In simple terms, SegWit changed the way data are stored, therefore helping the Bitcoin network to run faster and more smoothly.
It was suggested as a soft fork change in the transaction format of Bitcoin in the Bitcoin Improvement Proposal number BIP141.
Problem Statement
In the Bitcoin platform, Blocks are getting generated every 10 minutes and are constrained to a maximum size of 1 megabyte (MB). As the number of transactions is increasing, more blocks need to be added to the chain. But due to the block size constraint, only a certain number of transactions can be added to a block. The weight of the transactions can cause delays in processing and verifying transactions. Sometimes, it takes hours to confirm a transaction as valid. This can slow down further when the network is busy.
The Solution
To overcome the block size limit issue and to enhance the transaction speed, the transaction is divided into two segments. Removing the unlocking signature (witness) from the original portion and appending it as a separate structure at the end. The original portion will still have the sender and receiver data, and the new "witness" structure would contain scripts and signatures. The original data segment would be counted normally, but the new "witness" segment becomes one-fourth of its original size.
Digital signature accounts for 65% of the space in a given transaction.
SegWit is backward compatible, which means nodes that are updated with the SegWit Bitcoin protocol can still work with nodes that haven’t been updated.
SegWit measures blocks by block weight.
The formula used to calculate block weight:
(tx size with witness data stripped) * 3 + (tx size)
Since segregated witness creates a sidechain where witness data is stored, it prevents transaction IDs from being altered by dishonest users. It also addresses signature malleability, by serializing signatures separately from the rest of the transaction data, so that the transaction ID is no longer malleable.
History
Pieter Wuille, a bitcoin developer, first proposed the concept of SegWit.
On 24 July 2017 as a part of the software upgrade process i.e Bitcoin Improvement Proposal (BIP) 91, the concept of Segregated Witness is activated at block 477,120.
Within one week of implementation, the bitcoin price seen a spike of 50%. The transaction usage rate using SegWit further increased from 7% to 10% in the first week of October. As of February 2018, SegWit transactions exceed 30%.
However, a group of China-based bitcoin miners were unhappy with the implementation and later forked to created Bitcoin Cash.
Lightning Network - Layer 2 solution
Lightning Network operates on top of bitcoin and is referred to as a “Layer 2” component. It is an off-chain micropayment system that is designed to enhance the transaction speed in the blockchain network.
SegWit acts as a base component for the Lightning Network. By implementing SegWit, the transaction malleability issue can be prevented which will allow this secure payment system to process millions of transactions per second in the Bitcoin network.
Advantages of SegWit:
· Prevents transaction malleability problem.
· Prevents signature malleability problem.
· Helps in scaling the bitcoin network.
· Increases block size.
· Reduced transaction fees.
· Acts as a base for the lightning protocol.
Conclusion
There is no doubt that Bitcoin technology is very revolutionary but like any other technology, it has certain drawbacks as well as challenges. Scaling is one of them which has restricted in large scale applications adopted. It is capable of processing only 7-10 transactions per second on the base layer. Many developers, researchers from the Bitcoin community are working hard to overcome the problem. SegWit along with the Lightning Network together aiming to allow Bitcoin to process millions (or more) transactions per second. But the real scenario will depend on the success of future projects.

Read More: A Guide to Smart Contracts
submitted by RumaDas to BlockChain_info [link] [comments]

Upcoming Updates to Bitcoin Consensus

Price and Libra posts are shit boring, so let's focus on a technical topic for a change.
Let me start by presenting a few of the upcoming Bitcoin consensus changes.
(as these are consensus changes and not P2P changes it does not include erlay or dandelion)
Let's hope the community strongly supports these upcoming updates!

Schnorr

The sexy new signing algo.

Advantages

Disadvantages

MuSig

A provably-secure way for a group of n participants to form an aggregate pubkey and signature. Creating their group pubkey does not require their coordination other than getting individual pubkeys from each participant, but creating their signature does require all participants to be online near-simultaneously.

Advantages

Disadvantages

Taproot

Hiding a Bitcoin SCRIPT inside a pubkey, letting you sign with the pubkey without revealing the SCRIPT, or reveal the SCRIPT without signing with the pubkey.

Advantages

Disadvantages

MAST

Encode each possible branch of a Bitcoin contract separately, and only require revelation of the exact branch taken, without revealing any of the other branches. One of the Taproot script versions will be used to denote a MAST construction. If the contract has only one branch then MAST does not add more overhead.

Advantages

Disadvantages

submitted by almkglor to Bitcoin [link] [comments]

AsicVault - Frequently Asked Questions

When was AsicVault established and how is it funded?
AsicVault was established 2016. It is funded by founders and corporate investors. Please see Crunchbase.

How can it be 1,000 times harder to crack compared to other BIP-39 hardware wallets?
BIP-39 hardware wallets are working on very low performance microcontrollers or secure elements. They are doing only 2,048 iterations of PBKDF2 SHA-512 that is even less than old NIST recommendation of 10,000 rounds from year 2016.
Performing higher number of PBKDF2 SHA-512 is standard practice for good security. iTunes does it, LastPass does it and Veracrypt as well. Even Ledger agrees that this very low number is the main problem of BIP-39.
AsicVault specially designed SHA-512 accelerator inside high performance secure chip is at least 340 times faster than common microcontrollers. The number of PBKDF2 SHA-512 rounds is set to be exactly 1,000 times higher than BIP-39, hence the cost to crack AsicVault is also 1,000 times bigger.
Please read in-depth teardown review and validation of AsicVault SHA-512 performance here.
You can perform independent analysis according to this PDF and our device performance is shown on this video.

Does it support BIP-39 passphrase?
Yes, AsicVault supports all standard BIP-39 seed words and additional passphrase (so-called 25th word). You can restore your HD wallet account created by other hardware wallets (Ledger, Trezor, Keepkey) without any additional steps. AsicVault always opens standard security BIP-39 account and high security BIP-39 accounts at the same time.

Why two processors?
Common design practice, also followed by Ledger, is to separate secure and non-secure code. Our advantage is that these two RISC-V processors are inside a single secure chip. This way the Security CPU has full access to the Application CPU RAM. This makes it possible to do proper secure boot.

Why RISC-V?
Open instruction set. Possibility to have open source CPU and extensions. We have already implemented several custom instructions.

Do I need a computer to initialize the device?
No. You can supply power from wall adapter or battery bank. AsicVault supports true air-gapped environment.
You can perform full device initialization, seed word generation and seed word backup without connection to the computer. You can also charge the device and check the status the same way.

Can I use USB extender cables?
Certified USB2.0 extender cables can be used. We don’t recommend extender cables while using USB3.1 features of the device. The device can detect (some) bad cables and show warning messages about them. It is not recommended to use cables/extenders longer than 2.5m. In any case, cables with lower AWG value are better, such as AWG20.

How hot does the device get?
During normal operation AsicVault device temperature reaches 35-37C. High speed USB3.0 operation adds additional 7C. AsicVault utilizes full Aluminum enclosure as an effective heatsink. Internal chips can tolerate up to +85C, so you never need to worry about them overheating. There are no Lithium batteries inside the device that are known for leaking and not tolerating high temperatures.

How long does the active anti-tamper system work?
Active anti-tamper protects your device at least 2 weeks, possibly up to 45 days, after you have fully charged the device. It takes just 15 minutes to charge the supercapacitors again. It is advisable to connect the device to a power source at least once per week. Different anti-tamper settings affect the anti-tamper aggressiveness, sensitivity and power consumption.
It is also good practice to enter your passphrase weekly so that you will not forget it.

How often can I charge it? Do the batteries age?
You can charge it as often as you like, several times per day. Supercapacitors can be charged 50,000 – 1,000,000 times during their lifetime compared to common Lithium batteries that only allow 500-1,000 times. Therefore even 10 times per day for 10 years should be fine. At least weekly charging is recommended for best anti-tamper protection.

How long are private keys safely stored inside device before the memory gets weak and they are lost?
Data retention time of Flash memory inside the main chip is 20 years. Additional encryption keys stored inside FRAM can last for 40 years at temperatures below 70C. These values are higher than the expected lifetime of the device. In any case you must make paper backup(s) of your seed words.

Can it store the whole Bitcoin blockchain inside the device?
No. The device is not designed to store large amounts of data. Internal 128-megabyte Flash is used to store applications. There are thousands of copies of the blockchain, storing yet another copy is not meaningful or necessary.

What is FIPS 140-2 highest Level 4?
FIPS 140-2 is Federal Information Processing Standard.
Level 4 requires that:
  1. physical security mechanisms provide a complete envelope of protection around the cryptographic module
  2. with the intent of detecting and responding to all unauthorized attempts at physical access
  3. Penetration of the cryptographic module enclosure from any direction has a very high probability of being detected, resulting in the immediate deletion of all plaintext CSPs
  4. Security Level 4 also protects a cryptographic module against a security compromise due to environmental conditions or fluctuations outside of the module's normal operating ranges for voltage and temperature
  5. A cryptographic module is required to include special environmental protection features designed to detect fluctuations and delete CSPs
We have used these guidelines while designing AsicVault. We meet and exceed the requirements in the following way:
  1. AsicVault has full Aluminium/Titanium enclosure that is not designed to be opened. Passive antitamper mesh protects the electronic circuits inside the device. Main secure chip also has chip level metal layer anti-tamper mesh.
  2. Active anti-tamper circuit monitors all intrusion attempts and performs immediate device zeroization upon detecting any such attempts.
  3. AsicVault has temperature, voltage and many other sensors that are continuously monitored by the anti-tamper circuit. Additionally, AsicVault has internal supercapacitor-based power reserve to run Elliptic Curve calculations and other cryptographic functions. Therefore, external voltage fluctuations can’t affect our device while performing these critical operations.
  4. Zeroization not only deletes the private keys, it also destroys internal hardware design making it impossible to perform any further analysis of the hardware.
AsicVault has not participated in formal Cryptographic Module Validation Program since we are not targeting US government users at this point.

Can AsicVault device run Linux?
It is not our priority to run Linux since it has too big overhead for hardware wallet. However, our RISC-V processors and Mark II hardware can run Linux for your custom projects.

Where can I purchase the device?
Please contact your local supplier about availability.
submitted by photonreality to AsicVaultOfficial [link] [comments]

Bitcoin-SV: are terabyte blocks feasible?

Block propagation time and block processing time (to prepare & validate) are very crucial factors. Every node(miner) has an economic incentive in propagating its block as quickly as possible so that nodes would be more likely to build on this fork. But simultaneously having a very large number of transactions contained in the block increases the block propagation time, so a node has to optimally balance the number of transactions to include (block size) with transaction fees plus block reward so for the best outcome.
But BSVs scaling approach expects to have logical blocks at gigabytes/terabytes sizes in future, the problem outlined above can be a huge obstacle in getting there. This problem will be exacerbated when block sizes get too big and ultimately the rational economically motivated nodes begin to ration the number of transactions in a block.
I believe currently the time complexity of block propagation is at O(~n), where n is the number of transactions, as there is currently no block compression (like Graphene). Also, block processing time complexity is at O(~n) too as most of the processing is serial.
Compact blocks (BIP 152) as implemented currently in BitcoinSV already does a basic level of block compression by,
typically a Compact block is about 10 - 15 % of the full uncompressed legacy block & this reduces the effective propagation time; while this is probably good enough for Bitcoin-Core as they are not seeking to increase block size, its certainly not enough for Bitcoin-SV.
Graphene which uses Bloom filters and Invertible Bloom Lookup Tables (IBLTs) seems to provide an efficient solution to the transaction set reconciliation problem, and it offers additional (from Compact blocks) compression where a Graphene block is ~10% of the size of a typical Compact block (from the author's empirical tests)
With the above information and certain assumptions we can quickly calculate the demands of a terabyte node and its feasibility with current hardware & bandwidth limitations.
Assumptions:
1 TB block ==> 100-150 GB Compact block ==> 10 - 15 GB Graphene block
Lets conservatively go with the low of 10 GB Graphene compressed block, 10GB/ 10 Gb/s = 8 secs
we still need 8 full seconds to propagate this block one hop to the next immediate peer. Also, note that we conveniently ignored the massive parallelization that would be needed for transaction and block processing which would likely involve techniques like mempool and UTXO set sharding in the node architecture.
But the point to take home is 8 seconds is exorbitant and we need a better workable compression algorithm irrespective of other architectural improvements under the outlined assumptions.
The above led me to begin work on an "ultra compression" algorithm which is a stateful protocol and highly parallelizable (places high memory & CPU demands) and fits with the goal of a horizontally scalable architecture built on affordable consumer grade h/w. The outline of the algorithm looks promising and seems to compress the block by factor of thousands if not more especially for the block publisher and although the block size grows as we head farther from the publishing node, its still reasonable IMO.
Now, before I go further down this rabbit hole I wanted you guys to poke holes into my assumptions, requirements & calculation outlines. Subsequently I will publish (semi-formal) a paper detailing the ultra compression algorithm and how it fits with the overall node architecture per ideas expressed above.
Would appreciate if someone could point/educate me to alternative practical solutions that have already been vetted and are in the dev pipeline.
Note:
submitted by stoichammer to bitcoincashSV [link] [comments]

How to: Manual BIP39 Last Word Calculation when rolling dice

BIP39 seeds can be generated by rolling dice but the last word must be correct for a valid seed because it partially acts as a checksum.
Finding the last word for 12 word seeds is pretty easy since there are only 16 possible words to try. But for 24 word seeds it increases to 256 possible words. It's easier to calculate it.
I demonstrate here how to do that using a python console without requiring any other program. Obviously this should only be done offline - preferably on a "live boot" system.
  1. Generate 24 words from dice rolls using diceware as usual.
  2. Write down the word index values. Make sure 0-based. Often the word list starts with 1 not 0 - so always subtract 1. You will have a list like this on paper:
    1628,1924,582,1492... etc
  3. On a safe system, open a python console. In Linux terminal just type python. We need to import two modules. Type, import binascii, hashlib.
  4. Start the calculation. We'll use 's' as our seed variable. Start with the first index. s=1628. For each additional word index type, s=s*2048+1924 (use your numbers). You can use the up arrow key and edit the index value so it's actually pretty fast entering them.
  5. When all 24 words have been entered you now can copy/paste this code, which will calculate the checksum, and output the adjusted correct index for the last word.
    s=s/256 h=hashlib.sha256(binascii.unhexlify('%064x' % s)).digest().encode('hex') int(('%064x' % s)[-1] + h[:2], 16) % 2048 
  6. Look this index up in your word list (remember to add one if it is not 0 based). Replace the last word you rolled with this calculated one. It should now validate in any BIP39 wallet. (type quit() to get out of python)
This only takes a few minutes and you can easily see no funny business happens with your seed.
edit - I fixed and formatted better so not off page so much, easier to read.
submitted by jcoinner to Bitcoin [link] [comments]

jgarzik: BIP 100 adds widely-agreed/suggested 1MB floor

jgarzik: BIP 100 adds widely-agreed/suggested 1MB floor submitted by haakon to Bitcoin [link] [comments]

Compromise: Let's merge BIP 102 (2MB HF) and BIP 141 (Segwit SF)

Copied from this comment and x-posted to /btc and /bitcoin.
Let's merge BIP 102 (2MB HF) and BIP 141 (Segwit SF) into a single HF (with overwhelming majority consensus).
Since Segwit changes how the blocksize is calculated to use weights, our goal with the merger would be 2MB of transactional data.
Segwit weighting system measures the transaction weight to be 3x(non-witness base data) + (base data with witness data). This weight is then limited to 4M, favoring witness data.
Transactions aren't all of base or witness. So, in practice, the blocksize limit is somewhere between 1MB (only base data) and 4MB (only witness data) with Segwit.
With this proposed merger, we will increase Segwit weight limit from 4M to 8M. This would allow 2MB of base data, which is the goal of the 2MB HF.
It's a win-win solution. We get 2MB increase and we get Segwit.
I know this compromise won't meet the ideals of everyone, but that's why it's a compromise. No one wins wholly, but we're better off than where we started.
submitted by ecafyelims to Bitcoin [link] [comments]

PSA: Tell your friends: Upcoming address format (Jan 14): Explained!

The new Bitcoin Cash address format

On ~January 14, the Bitcoin Cash clients will (this won't be another "BitPay address fail confusion") switch to the new Bech32 address format.

What is Bech32?

Bech32 is the name of the new address format. It was proposed for Segwit outputs by Core devs (BIP 173). It consists of 32 different characters, and "Bech" sounds like "Base" while keeping the error-correction algorithm "BCH" (or Bitcoin Cash ticker!) in mind.

So what?

Here's how the typical addresses will look like:
(similarity between addresses are caused by me. Sorry if you're confused)
Note: this address system allows the address hashes to be longer. (max 55 characters longer, if I've calculated correctly) In that case, the first characters will be different; although this will be used rarely.
EDIT: Also you may see a bitcoincash: prefix some times.
IMPORTANT EDIT: There was a bug in library I've used. Typical P2SH addresses start with p

Why not use BitPay's format?

Here is why Bech32 is better than BitPay's or the old one:

Why use the format invented by Core devs?

It doesn't matter who they are. What they've invented matters.

A softfork?

No, no forks are needed. Nothing consensus related.

How can I help?

Specs: https://github.com/Bitcoin-UAHF/spec/blob/mastecashaddr.md
Jan 14 ref: https://lists.linuxfoundation.org/pipermail/bitcoin-ml/2017-Novembe000472.html
If you have questions, ask them below! I'll try to answer them all! (But give me 24-28 hours)
submitted by uMCCCS to btc [link] [comments]

BIP’s Market Price

The only appropriate approach towards calculating the market price of BIP is when you can use it to buy other money, goods, or services instantly. By “instantly,” we mean a couple of seconds per automatic exchange operation—think of Bitcoins, gallons of gas, or Big Macs.
Right now, you can go to Monster or 1001 and buy Bitcoin and Ether with BIP without having to “stay in line” or get anyone’s permission. That is the definition of the market price: someone is willing to sell, and you are willing to buy.
All other prices—including the official rate that has been voted for and the one observed at MBank—are just benchmarks with their own additional conditions. MBank is set to enable projects to sell their custom coins accepting various payment methods, and the official price is needed for autonomous atomic swaps.
The team is engaged in the most complex objectives, i.e., it works on the ecosystem where any project could put their money to work in the most convenient way, including automated interaction with other blockchains. We do not and never will aim to create exchanges or exchange services of our own, impact the price, have market makers under control, or be involved in any manipulation.
Someone with relevant experience in the fields outlined above can pitch their project and apply for a grant. We are absolutely certain that proper trade-focused software can improve the processes for both developers and users.
submitted by elgold to Minter [link] [comments]

I keep reading people say bitcoin development is stalled

But in practice there's more going on right now than there's ever been in the last few years. You just have to look in the right places. Here's a few days of documented github activity from the bitcoin slack and I've a feeling there are hundreds more people working on Bitcoin projects outside of the work being done by core:
github BOT [6:28 PM] [bitcoin:master] 2 new commits by Daniel Kraft and 1 other: f93c2a1 net: Avoid duplicate getheaders requests. - Daniel Kraft 8e8bebc Merge #8054: net: Avoid duplicate getheaders requests. - Wladimir J. van der Laan
[6:28] [bitcoin/bitcoin] Pull request closed: #8054 net: Avoid duplicate getheaders requests. by laanwj
[6:31] [bitcoin:master] 6 new commits by Pieter Wuille and 1 other: d253ec4 Make ProcessNewBlock dbp const and update comment - Pieter Wuille 316623f Switch reindexing to AcceptBlock in-loop and ActivateBestChain afterwards - Pieter Wuille fb8fad1 Optimize ActivateBestChain for long chains - Pieter Wuille d3d7547 Add -reindex-chainstate that does not rebuild block index - Pieter Wuille b4d24e1 Report reindexing progress in GUI - Pieter Wuille Show more...
[6:31] [bitcoin/bitcoin] Pull request closed: #7917 Optimize reindex by laanwj
Joshua Unseth [9:55 PM] joined #commit-activity. Also, @sjors joined and left.
----- May 19th -----
github BOT [12:08 AM] [bitcoin/bitcoin] Pull request submitted by EthanHeilman

8070 Remove non-determinism which is breaking net_tests #8069

If addrmanUncorrupted does not have the same nKey every time it will map addrs to different bucket positions and occasionally cause a collision between two addrs, breaking the test.
github BOT [1:00 AM] [bitcoin/bitcoin] Pull request closed: #7716 [0.11] Backport BIP9 and softfork for BIP's 68,112,113 by morcos
Eragmus You Should Probably Stop Modding [1:12 AM] joined #commit-activity. Also, @buttmunch joined, @icandothisallday joined, @misnomer joined, @coreneedstostop joined, @xchins joined, @jbeener joined, @jbleeks joined, @whalepanda joined, @grinny joined, @alex_may joined, @mr_e joined.
github BOT [2:46 PM] [bitcoin:master] 5 new commits by Warren Togami and 1 other: 00678bd Make failures to connect via Socks5() more informative and less unnecessarily scary. - Warren Togami 0d9af79 SOCKS5 connecting and connected messages with -debug=net. - Warren Togami 94fd1d8 Make Socks5() InterruptibleRecv() timeout/failures informative. - Warren Togami bf9266e Use Socks5ErrorString() to decode error responses from socks proxy. - Warren Togami 18436d8 Merge #8033: Fix Socks5() connect failures to be less noisy and less unnecessarily scary - Wladimir J. Show more...
[2:46] [bitcoin/bitcoin] Pull request closed: #8033 Fix Socks5() connect failures to be less noisy and less unnecessarily scary by laanwj
github BOT [3:56 PM] [bitcoin:master] 3 new commits by EthanHeilman and 2 others: f4119c6 Remove non-determinism which is breaking net_tests #8069 - EthanHeilman 2a8b358 Fix typo adddrman to addrman as requested in #8070 - Ethan Heilman 7771aa5 Merge #8070: Remove non-determinism which is breaking net_tests #8069 - Wladimir J. van der Laan
[3:56] [bitcoin/bitcoin] Pull request closed: #8070 Remove non-determinism which is breaking net_tests #8069 by laanwj
github BOT [5:18 PM] [bitcoin/bitcoin] Pull request submitted by MarcoFalke

8072 travis: 'make check' in parallel and verbose

• 'make check' in parallel, since the log will take care of clean output • 'make check' verbose, so that test failure causes aren't hidden
Fixes: #8071
github BOT [7:56 PM] [bitcoin/bitcoin] Pull request submitted by rat4

8073 qt: askpassphrasedialog: Clear pass fields on accept

This is usability improvement in a case if user gets re-asked passphrase. (e.g. made a typo)
Victor Broman [8:01 PM] joined #commit-activity. Also, @bb joined, @ziiip joined.
----- May 20th -----
github BOT [12:34 PM] [bitcoin/bitcoin] Pull request submitted by jsantos4you

8075 0.12

debug.data.txt
[12:37] [bitcoin/bitcoin] Pull request closed: #8075 0.12 by sipa
github BOT [3:37 PM] [bitcoin/bitcoin] Pull request closed: #7082 Do not absolutely protect local peers and make eviction more aggressive. by gmaxwell
github BOT [3:44 PM] [bitcoin:master] 2 new commits by Cory Fields and 1 other: 401ae65 travis: 'make check' in parallel and verbose - Cory Fields 1b87e5b Merge #8072: travis: 'make check' in parallel and verbose - MarcoFalke
[3:44] [bitcoin/bitcoin] Pull request closed: #8072 travis: 'make check' in parallel and verbose by MarcoFalke
github BOT [3:58 PM] [bitcoin/bitcoin] Pull request closed: #7093 Address mempool information leak and resource wasting attacks. by gmaxwell
github BOT [6:11 PM] [bitcoin/bitcoin] Pull request submitted by sdaftuar

8076 VerifyDB: don't check blocks that have been pruned

If a pruning node ends up in a state where it has very few blocks on disk, then a node could fail to start up in VerifyDB. This pull changes the behavior for pruning nodes, so that we will just not bother trying to check blocks that have been pruned.
I don't expect this edge case to be triggered much in practice currently; this is a preparatory commit for segwit (to deal with the case of pruning nodes that upgrade after segwit activation).
@sipa
Erik Hedman [6:20 PM] joined #commit-activity
github BOT [8:46 PM] [bitcoin/bitcoin] Pull request submitted by jtimon

8077 Consensus: Decouple from chainparams.o and timedata.o

Do it for the consensus-critical functions:
• CheckBlockHeader • CheckBlock • ContextualCheckBlockHeader Show more...
github BOT [9:26 PM] [bitcoin:master] 3 new commits by MarcoFalke: fac9349 [qa] Remove hardcoded "4 nodes" from test_framework - MarcoFalke fad68f7 [qa] Reduce node count for some tests - MarcoFalke 8844ef1 Merge #8056: [qa] Remove hardcoded "4 nodes" from test_framework - MarcoFalke
[9:27] [bitcoin/bitcoin] Pull request closed: #8056 [qa] Remove hardcoded "4 nodes" from test_framework by MarcoFalke
github BOT [9:48 PM] [bitcoin/bitcoin] Pull request submitted by petertodd

8078 Disable the mempool P2P command when bloom filters disabled

Only useful to SPV peers, and attackers... like bloom is a DoS vector as far more data is sent than received.
null radix [10:15 PM] joined #commit-activity
github BOT [11:34 PM] [bitcoin:master] 2 new commits by MarcoFalke: fab5233 [qa] test_framework: Set wait-timeout for bitcoind procs - MarcoFalke 37f9a1f Merge #8047: [qa] test_framework: Set wait-timeout for bitcoind procs - MarcoFalke
[11:34] [bitcoin/bitcoin] Pull request closed: #8047 [qa] test_framework: Set wait-timeout for bitcoind procs by MarcoFalke
github BOT [11:48 PM] [bitcoin/bitcoin] Pull request closed: #7826 [Qt] show conflicts of unconfirmed transactions in the UI by jonasschnelli
[11:50] [bitcoin/bitcoin] Pull request re-opened: #7826 [Qt] show conflicts of unconfirmed transactions in the UI by jonasschnelli
----- May 21st ----- Rentaro Matsukata [1:56 AM] joined #commit-activity. Also, @evilone joined, @cryptop joined, @thomas5 joined.
github BOT [1:54 PM] [bitcoin/bitcoin] Pull request submitted by gmaxwell

8080 Do not use mempool for GETDATA for tx accepted after the last mempool req.

The ability to GETDATA a transaction which has not (yet) been relayed is a privacy loss vector.
The use of the mempool for this was added as part of the mempool p2p message and is only needed to fetch transactions returned by it.
github BOT [5:48 PM] [bitcoin/bitcoin] Pull request submitted by gmaxwell

8082 Defer inserting into maprelay until just before relaying.

Also extend the relaypool lifetime by 1 minute (6%) to 16 minutes.
This reduces the rate of not founds by better matching the far end expectations, it also improves privacy by removing the ability to use getdata to probe for a node having a txn before Show more...
Sergey Ukustov [9:17 PM] joined #commit-activity. Also, @stoicism joined.
----- Yesterday May 22nd, 2016 -----
github BOT [5:59 AM] [bitcoin/bitcoin] Pull request submitted by jonasschnelli

8083 Add support for dnsseeds with option to filter by servicebits

Opposite part of https://github.com/sipa/bitcoin-seedepull/36. Including new testnet seed that supports filtering.
Required for SW #7910.
Junseth Sock Puppet Account [6:13 AM] joined #commit-activity
github BOT [1:59 PM] [bitcoin/bitcoin] Pull request submitted by gmaxwell

8084 Add recently accepted blocks and txn to AttemptToEvictConnection.

This protect any not-already-protected peers who were the most recent to relay transactions and blocks to us.
This also takes increases the eviction agressiveness by making it willing to disconnect a netgroup with only one member.
github BOT [5:04 PM] [bitcoin/bitcoin] Pull request submitted by theuni

8085 p2p: Begin encapsulation

This work creates CConnman. The idea is to begin moving data structures and functionality out of globals in net.h and into an instanced class, in order to avoid side-effects in networking code. Eventually, an (internal) api begins to emerge, and as long as the conditions of that api are met, the inner-workings may be a black box.
For now (for ease), a single global CConnman is created. Down the road, the instance could be passed around instead. Also, CConnman should be moved out of net.h/net.cpp, Show more...
github BOT [5:14 PM] [bitcoin/bitcoin] Pull request submitted by sipa

8086 Use SipHash for node eviction

github BOT [5:50 PM] [bitcoin/bitcoin] Pull request closed: #6844 [REST] Add send raw transaction by lclc
----- Today May 23rd, 2016 ----- yannie888 [5:21 AM] joined #commit-activity. Also, @myco joined, @er_sham joined, @ethdealer joined.
github BOT [3:23 PM] [bitcoin/bitcoin] Pull request submitted by pstratem

8087 Introduce CBlockchain and move CheckBlockHeader

[3:23] [bitcoin/bitcoin] Pull request submitted by pstratem

8088 Avoid recalculating vchKeyedNetGroup in eviction logic.

Lazy calculate vchKeyedNetGroup in CNode::GetKeyedNetGroup.
submitted by BillyHodson to Bitcoin [link] [comments]

I think I just figured out how to beat the 51% attack, with no drawbacks

So the 51% attack has been a hot topic lately for obvious reasons. Not only that, I think it's THE topic on everyone's mind even if nobody is officially saying it. There is evidence here, here, here and I think even here...
The elephant nobody is acknowledging remains in the room. Accordingly I've been thinking of good defensive strategies a lot over these last days. The day before the fork I submitted an article outlining a new defense model:
https://www.reddit.com/btc/comments/9x5gmn/bitcoins_model_is_antiquated_moving_beyond/
For some reason it got zero upvotes (actually a downvote to zero) and no worthwhile discussion. Hopefully this submission fares better. I do think the defense I outlined is quite viable, but I acknowledge the costly move toward centralization. So I continued thinking of ways to further improve defense and I think I've got something that works without any added centralization pressure. It's surprisingly simple, with only two general changes being made.
First, there is a consensus rule change saying no node accepts a re-organization over 5 blocks long, at least, not without explicit manual override (useful in cases of unintentional chain splits). There shouldn't ever be a case where nodes suddenly learn of 6 or more blocks having valid rules and proper difficulty they were previously unaware of. The only situations where that would be expected is a bug creating a chain split, or an intentional hashpower attack to create disruption. As stated, an override can handle bugs, so the remaining issue should be edited out completely. This gives the ecosystem assurance that as often stated 6 confirmations means settlement certainty.
Astute observers will recognize an obvious problem: nodes attempting to sync won't ever be aware of rejected re-organizations since they would satisfy all chain requirements otherwise. This is easily resolved by having all nodes sync backwards. A node synchronizing from the highest block perceived from the network's perspective will include all rules of that network, including one rejecting lengthy real-time re-organizations.
So those are the only two changes to the way we currently do things, but 51% attacks are rendered impotent! As for where nodes get the highest block that's easy to accommodate. Nodes compatible with BIP 0064 (authored by Mike Hearn) already have access to 'chain height' and 'chain tip hash' when querying for UTXO lookups. Those return values coincide with the moment the result was calculated, though, so a better, explicitly most recent height and hash service might be preferable. Nodes then use the broadest consensus.
This does open the door slightly to Sybil attacks. However, an attacker would need to be working alongside the entity performing the broader re-org attack, and any harmful effects are limited to the effectively isolated and Sybil'd node(s). Since synchronization events are rare there might be a bootstrap 'sanity' list similar to the current DNS seed which is used to compare the information the node receives with IPs developers deem trustworthy (e.g. Bitcoin.com, BitPay etc), which would also defeat a Sybil attack.
The DoS portion of a 51% attack is also solvable with simple changes such as adding tx prority weighting (mentioned in my article) to determine the best chain.
submitted by cryptos4pz to btc [link] [comments]

Let us not forget the original reason we needed the NYA agreement in the first place. Centralization in mining manufacturing has allowed for pools to grow too powerful, granting them the power to veto protocol changes, giving them bargaining powers where there should be none.

SegWit2x through the NYA agreement was a compromise with a group of Chinese mining pools who all march to the beat of the same drum. Antpool, ViaBTC, BTC.TOP, btc.com, CANOE, bitcoin.com are all financially linked or linked through correlated behavior. Antpool, ConnectBTC and btc.com being directly controlled by bitmain, and ViaBTC and Bitmain have a "shared investor relationship". If bitmain is against position A, then all those other pools have historically followed its footsteps. As Jimmy Song explains here the NYA compromise was because only a small minority of individuals with a disproportionate amount of hashrate were against Segwit (Bitmain and subsidiaries listed above), where the rest of the majority of signatories of NYA were pro-segwit. The purpose of the compromise was to prevent a chain split, which would cause damage to the ecosystem and a loss of confidence in bitcoin generally.
At current time of calculation, according to blockchain.info hashrate charts, these pools account for 47.6% of the hashrate. What does it matter if these pools are running a shell game of different subsidiaries or CEO's if they all follow a single individual's orders? 47.6% is enough hashrate right now to preform a 51% attack on the network with mining luck factored in. This statistic alone should demonstrate the enormous threat that Bitmain has placed on the entire bitcoin ecosystem. It has compromised the decentralized model of mining through monopolizing ASIC manufacturing which has lead to a scenario in which bitcoins security model is threatened.
But let us explore the reasoning behind these individuals actions by taking a look at history. First, Bitmain has consistently supported consensus breaking alternative clients by supporting bitcoin classic, supporting Bitcoin Unlimited and its horrifically broken "emergent consensus" algorithm, responding to BIP148 with a UAHF declaration, and then once realizing that BIP148/BIP91 would be successful at activating Segwit without splitting the network Bitmain abandoned its attempt at a "UAHF", and admitted that bitcoin cash is based on the UAHF on their blog post. The very notion of attempting to compromise with an entity to prevent a split that is supporting a split is illogical by nature and a pointless exercise.
Let us not forget that Bitmain was so diametrically opposed to Segwit that it sabatoged Litecoins Segwit Activation period to prevent Segwit from activating on Litecoin. Do these actions sound like a rational actor who has the best interests of bitcoin at heart? Or does this sound like an authoritarian regime that wants to stifle information at any cost to prevent the public from seeing the benefits that SegWit provides?
But the real question must still be asked. Why? Why would Bitmain who is so focused on increasing the blocksize to reduce fee pressure delay a protocol upgrade that both increases blocksize and reduces fee pressure? If miners are financially incentivized to behave in a way in which is economically favorable to bitcoin, then why would they purposefully sabatoge protocol improvements that will increase the long term success survival of bitcoin?
There is plenty of evidence that suggests covert ASICBOOST, a mechanism in which a ASIC miner short cuts bitcoins proof of work process (grinding nonce, transaction ordering) and an innovation that Bitmain holds a patent for in China is the real reason Bitmain originally blocked SegWits activation. It was speculated by Bitcoin Core developer Gregory Maxwell that this covert asicboost technology could earn Bitmain 100 Million dollars a year.
It is notable that Hardfork proposals that Bitmain has supported, such as Bitcoin Classic, Bitcoin Unlimited, Bitcoin ABC/Bcash and now SegWit2x all preserve Bitmains covert asicboost technology while Segwit the soft fork breaks asicboosts effectiveness.
But if that is not enough of a demonstration of rational economic incentives to behave in such a way, then what about irrational reasons such a idelogical positions or pride?
Its no secret that Chinese miners dislike for bitcoin core matured when the Hong Kong agreement was broken. Many miners have consistently rationlized "firing bitcoin core developers" and we even have a direct account from a bitpay employee that said Jihan directly told him that is his purpose is to "get rid of blockstream and core developers". And while the Hong Kong agreement being broken is quite the muddied waters, there is proof in the blockchain that chinese miners were the first to break the terms of the agreement by mining a block with a alternative client. Some bitcoin core developers continued to work on HardFork proposals despite this, offering up public proposals, BIPs and released code to attempt to satisfy the terms of the agreement. Yet only in hindsight did everyone realize that no individual or individuals can force the entire bitcoin network to upgrade. It is only through the slow methodical process of social consensus building that we can get such a large decentralized global network to agree to upgrade the protocol in a safe manner. Yet to this day we still have bitter idelogical wars over this HK agreement "being broken" despite how long ago, and how clear the situation is in hindsight.
When you take into account the historical record of these individuals and businesses actions it clearly demonstrates a pattern of behavior that undermines the long term health of bitcoin. When you analyze their behavior from a rational economic viewpoint, you can clearly see that they are sabatoging the long term health of bitcoin to preserve short term profits.
Considering this information, why would other bitcoin ecosystem businesses "compromise" with such a malicious actor? Let us not forget that these actors were the entire reason we needed to compromise in the first place went ahead and forked the bitcoin network already creating the first bitcoin-shared-history altcoin, Bitcoin ABC. So we compromised with people to prevent the spliting of bitcoin, so that they could go ahead and split bitcoin? What illogical insanity is this? Why would you "stick to your guns" on an agreement that was nullified the moment Bitmain and ViaBTC supported a hardfork outside of the S2X agreement? Doubly questionably is your support when the hardfork is highly contentious and guaranteed to cause a split, damage bitcoin, create chaos and damage global confidence.
A lot of the signatories of the NYA agreement are payment processors and gateway businesses. Their financial health depends upon short term growth of bitcoin to increase business activity and shore up investors capital with revenue from that transactional growth. Their priorities are to ensure short term growth and to appease their investors. But their actions demonstrate a type of cause and effect that often occurs in markets across the world. By redistributing network resource costs to node operators they are simply shuffling costs to the public so that they can benefit in the short term without needing to allocate extra capital.
But these actions do not benefit the health of bitcoin long term. Splitting the network, once again, does not increase confidence in the bitcoin network. It does not foster growth. Increasing the blocksize after segwit already increases the blocksize will not get us any closer to VISA transaction levels from a statistical viewpoint. Increasing the TPS from 3 to 7 when we need to get to 30,000 TPS is quite an illogical decision at face value. Increasing the blocksize on-chain to get to that level would destroy any pretense at decentralization long before we even came close, and without decentralization we have no cenosorship resistence, fungibility. These are fundamental to the value of bitcoin as a network and currency. Polymath and industry wide respected crypto expert Nick Szabo has written extensively on scaling bitcoin and why layer 2 networks are essential.
To all the Signatories of the SegWit2X I ask you - What are you trying to accomplish by splitting bitcoin once again? What consensus building have you done to ensure that bitcoin wont suffer a catastrophic contentious hard fork? As it stands right now I only see a portion of the economic actors in the bitcoin ecosystem supporting S2X. No where near enough to prevent miners from supporting the legacy chain when there will be a large portion of the economy still operating on the legacy chain preserving its value. Where there is money Its going to be extremely difficult to topple the status quo/legacy network and the cards are stacked against you. Without full consensus from the majority of developers, economic actors/nodes, exchanges, payment processors, gateways, wallets....you will only fork yourself from the legacy network and reap destruction and chaos as the legacy chain and S2X battle it out.
If you truly support bitcoin and are dedicated to the long term success of bitcoin and your business, then why would you engage/compromise with demonstratably malicious actors within the bitcoin ecosystem to accomplish a goal that was designed by them to further monopolize/centralize their control, at the destruction of bitcoins security model?
Bitcoin core developers are actually positive on hardforks and want to eventually increase the legacy blocksize, they just wish to do it in a responsible manner that does not put the network at risk like SegWit2x does.
Also, it seems a rational engineering choice to optimize and compress transactions/protocols before increasing the blocksize. Things like SegWit, Schnorr, MAST are all great examples of things Bitcoin Core has done and is doing to increase on-chain scaling technology to the long term benefit of bitcoin.
The fate of bitcoin will be determined by users who choose when how and where they transact. If businesses attempt to force them on the S2X chain they will abandon those businesses to use a servicor that does not attempt through coercion to force them upon a specific forked network.
Finally, without replay protection there can be no clean split and no free market mechanism to determine the winner. I understand that this is purposefully designed this way, to force a war between the legacy chain and S2X, but if you stand for everything bitcoin stands for, then you as central actors will not try to force people onto your chain. Instead, you should allow the market to decide which chain is more valuable.
If you will not abandon this poisonous hardfork pill then please advocate/lobby to add default replay protection to the btc1 codebase. You cannot claim Free Market principals and then on the other side of your mouth collude with central actors to force protocol changes upon users. Either you believe in bitcoin, or you are here to join the miners in their poorly disguised behaviors to monopolize, subvert and sabatoge bitcoin.
submitted by Cryptolution to Bitcoin [link] [comments]

What is Arf wallet? How do we it FREE and INSTANT? How are we different from LN?

It involves a platform (third party) that eliminates friction for users in terms of ease of onboarding, ease of operation, transaction speed and transaction cost. Similar to Lightning Network and Liquid, it interacts with Bitcoin but introduces a chain of operations to ensure instant and minimal-fee Bitcoin transfers without compromising users security.
To be specific, it is:
(1) the counterparty in a 2-of-2 multisignature address when a user creates an account, (2) the enabler of instant transactions by being the guarantor for the receiving party once the sender signed the initial transaction, (3) the aggregator of partially-signed unspent transaction outputs (UTXOs) and merge them into cheaper transactions in terms of fees (satoshis per byte), (4) the address book generator, mapping email addresses to Bitcoin addresses and notifying users
Obviously, the most important design choice is the addition of a third party to the system, namely the platform itself, which naturally raises questions on "trust". It is important to understand that:
• the platform is non-custodial, which means the platform by itself is unable to create any transaction that is not signed by the user first, • users will not experience any loss of funds in case either the platform or the user's system got hacked, • as a necessary trade-off in favor of fund security, if users lose their private keys, they will be unable to recover their funds, • there are no operational risks for users like in Lightning Network, namely, possible loss of funds in case of getting offline or a crashed hard drive, • everybody can participate in contrast to Blockstream Liquid, which only accepts cryptocurrency or digital asset exchanges
HOW EXACTLY DO WE DO AN INSTANT BITCOIN TRANSACTION?
In order to enable instant transactions with Bitcoin, an off-chain mechanism should be introduced to finalize the transaction without committing final state to Bitcoin chain. In the proposed design, users will create an account on the platform which is presented as a wallet application. During that process, a 2-of-2 multisignature Native Pay-to-Witness-Script-Hash (P2WSH) address is created using the public keys of the user and the platform. After that point, users may deposit to or withdraw from that specific multisignature address. This mechanism is similar to Lightning Network’s Funding Transaction to open payment channels, or Green Address wallet creation. Once the multisignature address is successfully funded by the user, they may spend their Bitcoin (e.g. create transactions) via signing their UTXOs and sending it to the platform for the final signature. The whole account creation and spending process will work as follows:
(1) user will create a random seed in the wallet application and the first private and public key is created using the "BIP-32: Hierarchical Deterministic Wallets" method. Both seed and keys will never leave the (mobile) application, (2) user will send its public key to the platform, (3) platform will create a 2-of-2 multisignature Native Pay-to-Witness-Script-Hash (P2WSH) address using the users and its own public key and share that address with the user, (4) user will fund that address with Bitcoin, (5) user will query their Bitcoin balance and UTXOs, (6) user will create a raw Bitcoin transaction using the required amount of UTXOs as inputs and receiver addresses and amounts as outputs, (7) user will sign the raw transaction with signature hash type SIGHASH_NONE|SIGHASH_ANYONECANPAY (where single input is signed and all the other inputs and outputs are modifiable) or SIGHASH_SINGLE|SIGHASH_ANYONECANPAY (where single input and single output is signed and all the other inputs and outputs are modifiable), (8 ) user will send the partially-signed raw transaction to the platform to be signed and sent to the Bitcoin network, (9) platform will receive the partially-signed raw transaction, verify it and queue it for aggregation, (10) platform will signal the receiving party (merchant or user of the platform) instantly about payment completion and credit that user in the system in an off-chain way, (11) platform will finalize the aggregated transaction, add the required transaction fee based on network conditions, sign it with SIGHASH_ALL and broadcast it to the network
As seen in the flow above, the platform has the capability to signal the completion of payment to the receiver, once the sender has signed the initial transaction. However, besides all the improvements, the proposed system introduces two disadvantages. The first one is, due to the use of multisignature addresses the transaction sizes are bigger than the regular Bitcoin transactions. Roughly, a single signature is 70 bytes and a compressed public key in hexadecimal format is 33 bytes, so every additional signature (which is one in our case) adds up 100 bytes to the transaction. The second disadvantage is about internal risk. The platform notifies the receiver about payment completion however that state is not reflected on-chain. Basically, the platform is carrying this internal risk until the settlement is complete. Luckily, both of these disadvantages can either be eliminated or significantly reduced. Bitcoin is on the verge of adopting Schnorr signatures, that will reduce the multisignature size overhead drastically. Instead of storing all the signatures for every required party separately, Schnorr signature scheme makes it possible to use the space for just one signature, independent of the number of required signatures. About the second disadvantage, it would be possible for the platform to manage its internal risk by sending transactions more frequently. The platform may utilize two metrics: "total accumulated Bitcoin size in pending transactions" and "passed time since the last sent transaction" to dynamically reduce its risk.
HOW DO WE DO IT FREE?
Well, it's not exactly free for the platform in general but our process reduces fees so much that we are able to offer it free for end users.
Bitcoin transaction fee is a game-theoretic construct that is measured in satoshis per byte and fluctuates depending on the congestion of the Bitcoin network in terms of pending transactions (i.e. size of mempool). Highest historic daily average Bitcoin transaction fee is estimated as 985 satoshis per byte on the 12th of December 2017, right in the middle of the Bitcoin price spike. Even today, with all the custodial exchange wallets and Lightning Network, spikes in the exchange rate still trigger jumps in transaction fee unit prices. For example, on the 20th May 2019 average transaction fee price jumped to 212 satoshis per byte. In a nutshell, there are only two parameters that can be used to decrease the transaction fee: space and time. Currently, the most cost effective scheme to create transactions is using native SegWit (bech32) addresses. Based on savings for various transaction types, our 2-of-2 multisignature address case goes as high as 49%. On the other hand, it is possible to reduce transaction fees by just being "patient". If transaction confirmation is not urgent, it is possible to wait confirmation for a couple days and pay up to 92% less.
The platform not only utilizes both of these techniques (using bech32 addresses and patient spending) but also implements additional optimizations that are only possible by design. The unique opportunities for optimization are:
(1) aggregate and spend only completely consumed UTXOs, therefore saving up one output per payment attempt, per user (i.e. do not ever create and send to change addresses) (2) aggregate payments to same addresses together (i.e. SIGHASH_NONE|SIGHASH_ANYONECANPAY and SIGHASH_SINGLE|SIGHASH_ANYONECANPAY makes it possible to modify outputs) (3) aggregated transactions will be relatively big (over tens of inputs and outputs) and even though the satoshi per byte unit price is slightly lower compared to the other pending transactions, the higher mining fee alone will be attractive for adding that single aggregated transaction to the blockchain
These design choices come with a disadvantage: there are no change addresses created for the user and until the whole single UTXO is spent (or withdrawn by the user) the final state will not be visible on-chain. Once again, this is a calculated risk for the platform.
HOW ARE YOU DIFFERENT THAN THE LIGHTNING NETWORK
Lighting Network is a payment solution built on top of Bitcoin, that promises an instant, trustless and cheap way of making transactions. Lightning Network, is a peer-to-peer network, where peers are able to "lock" their Bitcoin on chain and able to transfer it to other parties via "channels". It is designed to create a network of micropayment channels that will address the scalability problem of the Bitcoin network. LN offers instant transactions on its off-chain payment channels, where on-chain transaction finality is reached after a number of transactions are routed off-chain, through a single channel or several channels based on channel liquidity and available nodes.
The routing capability of each lightning channel is determined by the funds locked on-chain by each peer with a significant trade-off which requires that both the sending and receiving end of a given channel must be funded at least by the amount of the transfer for a seamless routing. This brings about a serious liquidation shortage if a Bitcoin amount x must be routed through n number of channels. In such a case, not only must the entire route be funded with the amount of 2xn but also each of the locked funds yn on both the receiving and sending ends of the nodes must be greater than or equal to the amount of transfer x (yn ≥ x).
For example, if Peer A wants to transfer $10 to Peer C and this payment will be routed through Peer B then; The route A -> B -> C must be funded with at least 2 x 2 x $10 = $40 with the following channel fund distribution:
A -> $10 on sending end (sending to B), B -> $10 on receiving end (Receiving from A) + $10 on sending end (Sending to C) = $20, C -> $10 on receiving end (Receiving from B)
It is also critical to mention that this type of routing also requires that each of the peers A, B and C must maintain full Bitcoin nodes at all times that are never allowed to go offline. This requirement is to prevent the so-called fraudulent channel close where one peer (online) broadcasts the entire channel fund to the Bitcoin blockchain without the knowledge of the other (offline). It is also a major issue for user onboarding since opening, maintaining and funding an LN node require a relatively significant amount of technical know-how. To mitigate this issue, LN is working on so-called “Watchtowers” which are basically third party operators that are responsible for node maintenance. This is a trade-off in LN’s trustless structure in favor of better user experience where receiving parties must trust the watchtower operators with their funds. Another common trade-off is observed in third party products built on top of the LN where custodial wallets are generated on hosted LN nodes where wallet owners trust the third party products with channel liquidity, channel uptime and their funds.
Another shortcoming of the Lightning Network emerges in case of merchant payments where a merchant must keep all of their channels liquid enough to be able to continuously receive payments. If Peer C was a merchant in the above example they would not be able to transfer the $10 they received from A to a non-LN wallet if they wanted to keep receiving payments from the same channel. This problem is exacerbated by the recent beta release of “Lightning Loop” which allows a peer to transfer part of their locked channel funds to another wallet without closing the channel. If Peer C had used Lightning Loop to pull $5 from the channel before the transfer occurred they wouldn’t have been able to receive $10 from Peer A because of insufficient liquidation on their receiving end.
submitted by RufusJules to Arfone [link] [comments]

Signs Bitcoin is not going to reach mass adoption...

Bitcoin isn't going to go mainstream. No amount of Lightning Network (coming soon), SegWit (coming soon), bigger blocks (coming soon), or hard forks (never coming soon) is going to spur mass adoption.
Here are some tell-tale signs that Bitcoin is still on the fringe and will remain so.
I used Bitcoin for blank, give me karma.
Whether it's buying or selling something for Bitcoin, there are always those posts that seek confirmation from the echo-chamber that what they did is good for Bitcoin. You know what you don't see? Posts anywhere on reddit along the lines of "I bought this X for fiat from Amazon." You know why? No one cares if you use cash because it is mundane, widely available, and trivial to use. It is a tell-tale sign of mass adoption.
Bitcoin technology is going to revolutionize the BLANK INDUSTRY.
Capitalists are the kind who will find and exploit every advantage they can to gain a competitive edge. Be it technology, process, idea, or whatever if it can be turned into a money making machine. There have been estimates that Bitcoin has a $10 billion market cap, which is certainly impressive for something that came from nothing. But in the grand scheme of commercial trade it's a drop in the bucket. If Bitcoin were truly revolutionary, capitalists would have exploited it and actively contributed to its development already. Sure, there have been some minor localized successes, but not one truly revolutionary and successful billion dollar company has arisen. Not one Bitcoin company is a ubiquitous household name or brand. The ones everyone knows about in the Bitcoin space are irrevocably linked with fraud. Mt. Gox and Bitfinex for example.
...well. The most innovation in the Bitcoin space appears to be dark net markets and malware. Whether that's truly a welcome revolution is up for debate.
Bitcoin innovation is stagnant.
Other than slapping a miner on an already existing product, ahem 21 inc., what big innovation has there been in the Bitcoin space? The apps for buying and selling Bitcoin are all pretty much the same functionally. OpenBazaar has not heralded the end of online commerce as anticipated. It also continues to promise more features perpetually "coming soon" while the competition out-innovates them at the same time. Micro-tipping ChangeTip didn't really take off, and Steem or Yours isn't really a threat to any social network not focused around the idea. KimDotCom talks big, but he has yet to deliver.
u/changetip dose of reality
Bitcoin's fluctuating value makes it impossible for the average person calculate.
Notice that everything is still pegged to fiat in terms of valuation? Without using an internet device tell me how much $5 is worth in Bitcoin. Now decrease that by 7.23% because the BTC market dropped, again without the internet or a calculator. How much Bitcoin is that $0.99 coffee? What about this afternoon when Bitcoin is up 4.77%? What is your profit margin right now for being the seller? How about when you sold coffee for 12.19% earlier today.
Also, did you pay the right amount of penny shavings for your coffee transaction to go through? Yes? It may take up to 10 minutes to process. Maybe. Or not. We could have paid $0.99 in filthy fiat and been on our way already.
Widespread adoption isn't happening organically, or at all in most areas.
Outside of San Francisco and a few technically savvy urban enclaves where digital natives are on the cutting edge, there is no use case for Bitcoin in Kansas. Bitcoin has to rely on those who believe that it is better than fiat to spread the gospel of Satoshi (#NotACult). Until you don't have to have someone proselytize at length about Bitcoin's advantages over fiat, it isn't mainstream. How many posts have you come across where "I convinced Business Owner X to accept Bitcoin" only to check in later to find out they are no longer accepting it?
Speaking of cults...
Self-congratulatory posts patting the faithful on the back for their piety in printing out Bitcoin flyers or pasting stickers in public are frequent. Any time a Bitcoin logo is spotted in Mr. Robot, alongside the THOUSANDS of other symbols in it, the faithful are further convinced that widespread adoption is an inevitable reality. They're convinced viewers are keyed in to an insignificantly minor detail which will unravel the wisdom of the fiat destroyer Satoshi Nakamoto who will bring prosperity to all who read the hallowed white paper.
Also, deviation from the truth laid down in the whitepaper is heresy. #NotACult Which leads to all sorts of problems when the core developers, miners, or users want to change something for the improvement of Bitcoin. How many BIPs are actually implemented successfully without raising the ire of a vociferous userbase rabidly against change? (If you do know, please comment.)
Mass adoption would inevitably require regulation.
One of the functions of Bitcoin is to be a stateless, borderless, and censorship resistant currency. Does it accomplish that? Yes.
But if Bitcoin were to become widely adopted it would inevitably attract regulation. Uber is a great example of what happens when industry outpaces regulation. Uber drivers disrupted the taxi industry mainly because most places did not have regulations in place. Although providing an innovative service, it also led to insurance problems when drivers got into accidents, or health and safety concerns when drivers or riders get involved in an incident. Regulation is bringing the cavalier industry back into the realm of public safety and security.
Bitcoin may outpace regulation for a while, but mainstream adoption will inevitably require regulation at some point. How much of a percentage profit is legal when selling Bitcoin at an ATM? How do you classify gains or losses on taxes? What if I want to set up a retirement plan? What if the entity I store my Bitcoin savings with goes under? Those sorts of every day questions have legal ramifications that need to be parsed out for people to feel secure enough to adopt Bitcoin.
If you're screaming "STATIST SHILL" while reading this on a computer of some kind, remember that there are legal regulations insuring the device you're reading this on conforms to certain requirements.
Be your own bank is not a good thing for most people.
We hire people to be experts and professionals to do things we are not good at ourselves. You'd hire a lawyer to litigate on your behalf. You'd hire a plumber to fix your leaking pipes.
Most people are not good at being their own bank. Storing large amounts of cash in areas that are susceptible to theft is not a good idea. That's why people have banks. Do banks get robbed? Yes, but regulation insures that your deposits will be reimbursed. Can you be your own bank with Bitcoin? Yes. But you also assume all the risk, even the ones you are not cognizant of. bitcoin is no stranger to posts from users who lose their bitcoin with no means of recovery because they didn't fully anticipate the risks. SFYL.
But why would you want to go through all the hoops to be your own bank? You still need to convert that Bitcoin to fiat (or vice versa), get a loan for a car or home, or pay utility bills.
Irreversible transactions mean your money is gone.
Unless the person on the receiving end is feeling altruistic, those Bitcoin you sent to the wrong address or were "hacked" from the exchange you use are gone. How many people have been successful at recovering their lost Bitcoin through legal means? How many lawsuits have been successful at this?
::crickets::
The place where I store my money took 30% because they screwed up.
The ongoing BitFinex debacle is a prime example of why you should trust no one with your Bitcoin. Sure, they appeared legitimate. They were operating a successful exchange. Everything appeared to be in order and were highly recommended by most in the Bitcoin space. Until they got "hacked" and decided to distribute the "losses" among the users.
Most of those who lost Bitcoin in the hack are powerless to do anything. Some have turned to the authorities to recover their losses. Some are trying to mount a lawsuit. Some are going through the various stages of grief.
The inevitable "hack" that large Bitcoin entities experience is becoming a routine way for trusted innovators in the space to cash out safely with other people's savings. Mt. Gox, Cryptsy, and BitFinex are merely the largest skulls on a pile of bones of cryptocurrency heists. They were all trusted, until it became apparent that it was all a scam.
An industry where "trusted" actors can get away with theft is a barrier to widespread adoption.
Reddit is the primary communications platform where announcements occur.
If you've been burned by bitcoin or some company's support agents that didn't respond to your post, we welcome you with open arms.
Bitcoin is going to put an end to wars and government tyranny.
At what point in history has the use of currency determined whether or not a group, religious faction, or nation is going to wage hostilities against another? Or that adoption of a currency led to an outbreak of peace? It isn't going to happen.
Every now and then Greece, Venezuela, or (INSERT AFRICAN COUNTRY HERE) experience economic turmoil and it is viewed as an opportunity for Bitcoin adoption. No, it isn't even an opportunity. Because the people who use Bitcoin also have easy access to stable fiat currency through banks. They have the first world luxury of being able to convert fiat to Bitcoin relatively easily. (If jumping through several additional steps can be considered easy.) Has Bitcoin taken off anywhere with economic turmoil? Let's check the history books. No. Not one. Even marginal increases in adoption didn't occur.
I'm sure there are Captains of Industry who disagree with me for expressing these ideas. I'm sure there are also those who like me have been banned from bitcoin for pragmatic, practical, and reasonable insights. If you've wandered over here from bitcoin or btc or are u/americanpegasus looking to waste $50,000 of your precious time... welcome.
Gentlemen...
submitted by kenfagerdotcom to Buttcoin [link] [comments]

Bitcoin Q&A: BitPay and BIP-70 controversy Bitcoin Calculator in Freebitco.in [English Verison] How to Use Bitcoin Calculator What is a Bitcoin Investment Calculator? - Finextra ... BIPS - YouTube

A Timelock is a type of smart contract primitive that restricts the spending of some bitcoins until a specified future time or block height. Timelocks feature prominently in many Bitcoin smart contracts, including payment channels and hashed timelock contracts.It can also be used to lock-up bitcoins held as an investment for a period of months or years. The Pip Calculator will help you calculate the pip value in different account types (standard, mini, micro) based on your trade size. Dear User, We noticed that you're using an ad blocker. Myfxbook is a free website and is supported by ads. Start accepting bitcoin today. Or spend & store bitcoin with the BitPay Card and Wallet. Tech entrepreneur, avid rock climber, all natural environmentalist, and bitcoin evangelist. CEO & Founder of Edge (formerly Airbitz) Why a 12 Word Mnemonic is an Insecure Bitcoin WalletBackup Rewind back to 2010 and the way Bitcoin wallets worked. Users had a wallet.dat file on their computer with their private keys o Bitcoin and other crypto currencies are in a continual state of flux and evolution seeing as the industry is so nascent. A BIPS, or Bitcoin Improvement Proposal, is a technical document that addresses issues for change in the Bitcoin core client.

[index] [23965] [13184] [6128] [25383] [2384] [12968] [9233] [7223] [1179] [21035]

Bitcoin Q&A: BitPay and BIP-70 controversy

https://rebrand.ly/rawealthpartners2 Join Now What is a Bitcoin Investment Calculator? - Finextra - Questions, invest bitcoin What Is Regal Assets? Regal Ass... If you use responsible risk management, you won't be stressed out if a trade doesn't go your way, and you won't feel the need to stay glued to your computer ... Pls contact [email protected] for excel. Just Remove decimal point and put actual number . ***** 100 Crptocurrency Gambling online https://goo.gl/QepNkV BTC BCH ETH LTC BCN XRP DOGE BCN NEO ... Here are two BIP drafts that specify a proposal for a Taproot softfork. A number of ideas are included: * Taproot to make all outputs and cooperative spends indistinguishable from eachother ... The main function of a Bitcoin calculator is to compute how much processing power it will take to generate Bitcoins with a given hardware setup. Because of the deterministic nature of all the ...

#