Secure Implementation of ECDSA Signatures in Bitcoin
Technical: Upcoming Improvements to Lightning Network
Price? Who gives a shit about price when Lightning Network development is a lot more interesting????? One thing about LN is that because there's no need for consensus before implementing things, figuring out the status of things is quite a bit more difficult than on Bitcoin. In one hand it lets larger groups of people work on improving LN faster without having to coordinate so much. On the other hand it leads to some fragmentation of the LN space, with compatibility problems occasionally coming up. The below is just a smattering sample of LN stuff I personally find interesting. There's a bunch of other stuff, like splice and dual-funding, that I won't cover --- post is long enough as-is, and besides, some of the below aren't as well-known. Anyway.....
Yeah the exciting new Lightning Network channel update protocol!
Solves "toxic waste" problem. In the current Poon-Dryja update protocol, old state ("waste") is dangerous ("toxic") because if your old state is acquired by your most hated enemy, they can use that old state to publish a stale unilateral close transaction, which your counterparty must treat as a theft attempt and punish you, causing you to lose funds. With Decker-Russell-Osuntokun old state is not revoked, but is instead gainsaid by later state: instead of actively punishing old state, it simply replaces the old state with a later state.
Allows multiple participants in the update protocol. This can be used as the update protocol for a channel factory with 3 or more participants, for example (channels are not practical for multiple participants since the loss of any one participants makes the channel completely unuseable; it's more sensible to have a multiple-participant factory that splits up into 2-participant channels). Poon-Dryja only supports two participants. Another update protocol, Decker-Wattenhofer, also supports multiple participants, but requires much larger locktimes in case of a unilateral close (measurable in weeks, whereas Poon-Dryja and Decker-Russell-Osuntokun can be measured in hours or days).
It uses nLockTime in a very clever way.
No, it does not solve the "watchtower needed" problem. Decker-Russell-Osuntokun still requires watchtowers if you're planning to be offline for a long time.
What might be confused is that it was initially thought that watchtowers under Decker-Russell-Osuntokun could be made more efficient by having the channel participant update a single "slot" in the watchtower, rather than having to consume one "slot" per update in Poon-Dryja. However, the existence of the "poisoned blob" attack by ZmnSCPxj means that having a replaceable "slot" is risky if the other participant of the channel can spoof you. And the safest way to prevent spoofing somebody is to identify that somebody --- but now that means the watchtower can surveill the activities of somebody it has identified, losing privacy.
Requires base layer change --- SIGHASH_NOINPUT / SIGHASH_ANYPREVOUT. This is still being worked out and may potentially not reach Bitcoin anytime soon.
Determining costs of routes is somewhat harder, and may complicate routefinding algorithms. In particular: every channel today has a "CLTV Delta", a number of blocks by which the total maximum delay of the payment is increased. This maximum delay is the maximum amount of time by which an outgoing payment can be locked, and needs to be reduced for UX purposes. Decker-Russell-Osuntokun will also add a "CSV minimum", a number of blocks, which must be smaller than the delay of an HTLC going through the channel. Current routefinding algos are good at minimizing a summed-up cost (like the "CLTV Delta") so the "CSV minimum" may require discovering / developing new routefinding algos.
Due to the "CSV minimum" above, existing nodes that don't understand Decker-Russell-Osuntokun cannot reliably route over Decker-Russell-Osuntokun channels, as they might not impose this minimum properly.
Multipart payments / AMP
Splitting up large payments into smaller parts!
There are at least three variants of multipart payments: Original, Base, and High.
Original is the original AMP proposed by Lightning Labs. It sacrifices proof-of-payment in order to allow each path to have a different payment hash. This is done by having the payer use a derivation scheme to generate each part's payment preimage from a seed, then having the split the seed (using secret sharing) to each part. The receiver can only reconstruct the seed if all parts reach it.
Base simply uses the same payment hash for all routes. This retains proof-of-payment (i.e. an invoice is undeniably signed by the receiver, including a payment hash in the invoice; public knowledge of the payment preimage is proof that the receiver has in fact received money, and any third party can be convinced of this by being shown the signed invoice and the preimage). The receiver could just take one part of the payment and then claim to be underpaid by the payer and then deny service, but claiming any one part is enough to publish the payment preimage, creating a proof-of-payment: so the receiver can provably be made liable, even if it took just one part, thus the incentive of the receiver is to only take in the payment once all parts have arrived to it.
High requires elliptic curve points / scalars. It combines both Original and Base, retaining proof-of-payment (sacrificed by Original) and ensuring cryptographically-secure waiting for all parts (rather than the mere economically-incentivized of Base). This is done by using elliptic curve homomorphism to addition of scalars to add together the payer-provided preimage (really scalar) of Original with the payee-provided preimage (really scalar) of Base.
Better expected reliability. Channels are limited by capacity. By splitting up into many smaller payments, you can fit into more channels and be more likely to successfully reach the payee.
Capacity on mutiple of your channels can be used to pay. Currently if you have 0.05BTC on one channel and 0.05BTC on another channel, you can't pay 0.06BTC without first rebalancing your channels (and paying fees for the rebalance first, whether the payment succeeds or not). With multipart you can now combine the capacities of multiple of your channels, and only pay fees for combining them if the payment pushes through.
Wumbo payments (oversized payments) come "for free" without having to be explicitly supported by the nodes of the network: you just split up wumbo payments into parts smaller than the wumbo limit.
Multipart will have higher fees. Part of the feerate of each channel is a flat-rate fee. Going through multiple paths means paying more of this flat-rate fee.
It's not clear how to split up payments. Heuristics for payment splitting have to be derived and developed and tested.
Payment points / scalars
Using the magic of elliptic curve homomorphism for fun and Lightning Network profits! Basically, currently on Lightning an invoice has a payment hash, and the receiver reveals a payment preimage which, when inputted to SHA256, returns the given payment hash. Instead of using payment hashes and preimages, just replace them with payment points and scalars. An invoice will now contain a payment point, and the receiver reveals a payment scalar (private key) which, when multiplied with the standard generator point G on secp256k1, returns the given payment point. This is basically Scriptless Script usage on Lightning, instead of HTLCs we have Scriptless Script Pointlocked Timelocked Contracts (PTLCs).
Enables a shit-ton of improvements: payment decorrelation, stuckless payments, noncustodial escrow over Lightning (the Hodl Hodl Lightning escrow is custodial, read the fine print), High multipart.
It's the same coolness that makes Schnorr Signatures cool. ECDSA, despite being based on elliptic curves, is not cool because the hash-the-nonce operation needed to prevent it from infringing Schnorr's fatherfucking patent also prevents ECDSA from using the cool elliptic curve homomorphism of addition over scalars.
Requires Schnorr on Bitcoin layer.
Actually, we can work with 2p-ECDSA without waiting for Schnorr. We get back the nice elliptic curve homomorphism by passing the ECDSA nonce through another cryptosystem, Paillier. This gets us the ability to do Scriptless Script. I think it has only 80-bits security because of going through Paillier though.
Basically the conundrum is: we could implement 2p-ECDSA now, hope we never have to test the 80-bit security anytime soon, then switch to Schnorr with 128-bit security later (which means reimplementing a bunch of things, because the calculations are different and the data that needs to be exchanged between channel participants is very different between the 2p-ECDSA and Schnorr). Reimplementing is painful and is more dev work. If we don't implement with 2p-ECDSA now, though, we will be delaying all the nice elliptic curve goodness (stuckless, noncustodial escrow, payment decorrelation) until Bitcoin gets Schnorr.
Elliptic curve discrete log problem is theoretically quantum-vulnerable. If we can't find a qunatum-resistant homomorphic construction, we'll have to give up the advantages (payment decorrelation, stuckless payments, noncustodial escrow over Lightning) we got from using elliptic curve points and go back to boring old hashes.
Ensuring that payers cannot access data or other digital goods without proof of having paid the provider. In a nutshell: the payment preimage used as a proof-of-payment is the decryption key of the data. The provider gives the encrypted data, and issues an invoice. The buyer of the data then has to pay over Lightning in order to learn the decryption key, with the decryption key being the payment preimage.
Enables data providers to sell data. This could be sensors, livestreams, blogs, articles, whatever.
There's no scheme to determine if the data provider is providing actually-useful data. The data-provider could just stream https://random.org for example. This is a potentially-impossible problem. Even if the data-provider provides a "sample" of the data, and is able to derive some proof that the sample is indeed a true snippet of the encrypted data, the rest of the data outside of the sample might just be random junk.
No more payments getting stuck somewhere in the Lightning network without knowing whether the payee will ever get paid! (that's actually a bit overmuch claim, payments still can get stuck, but what "stuckless" really enables is that we can now safely run another parallel payment attempt until any one of the payment attempts get through). Basically, by using the ability to add points together, the payer can enforce that the payee can only claim the funds if it knows two pieces of information:
The payment scalar corresponding to the payment point in the invoice signed by the payee.
An "acknowledgment" scalar provided by the payer to the payee via another communication path.
This allows the payer to make multiple payment attempts in parallel, unlike the current situation where we must wait for an attempt to fail before trying another route. The payer only needs to ensure it generates different acknowledgment scalars for each payment attempt. Then, if at least one of the payment attempts reaches the payee, the payee can then acquire the acknowledgment scalar from the payer. Then the payee can acquire the payment. If the payee attempts to acquire multiple acknowledgment scalars for the same payment, the payer just gives out one and then tells the payee "LOL don't try to scam me", so the payee can only acquire a single acknowledgment scalar, meaning it can only claim a payment once; it can't claim multiple parallel payments.
Can safely run multiple parallel payment attempts as long as you have the funds to do so.
Needs payment point + scalar
Non-custodial escrow over Lightning
The "acknowledgment" scalar used in stuckless can be reused here. The acknowledgment scalar is derived as an ECDH shared secret between the payer and the escrow service. On arrival of payment to the payee, the payee queries the escrow to determine if the acknowledgment point is from a scalar that the escrow can derive using ECDH with the payer, plus a hash of the contract terms of the trade (for example, to transfer some goods in exchange for Lightning payment). Once the payee gets confirmation from the escrow that the acknowledgment scalar is known by the escrow, the payee performs the trade, then asks the payer to provide the acknowledgment scalar once the trade completes. If the payer refuses to give the acknowledgment scalar even though the payee has given over the goods to be traded, then the payee contacts the escrow again, reveals the contract terms text, and requests to be paid. If the escrow finds in favor of the payee (i.e. it determines the goods have arrived at the payer as per the contract text) then it gives the acknowledgment scalar to the payee.
True non-custodial escrow: the escrow service never holds any funds.
Needs payment point + scalar.
Because elliptic curve points can be added (unlike hashes), for every forwarding node, we an add a "blinding" point / scalar. This prevents multiple forwarding nodes from discovering that they have been on the same payment route. This is unlike the current payment hash + preimage, where the same hash is used along the route. In fact, the acknowledgment scalar we use in stuckless and escrow can simply be the sum of each blinding scalar used at each forwarding node.
Privacy! Multiple forwarding nodes cannot coordinate to try to uncover the payer and payee of each payment.
Price and Libra posts are shit boring, so let's focus on a technical topic for a change. Let me start by presenting a few of the upcoming Bitcoin consensus changes. (as these are consensus changes and not P2P changes it does not include erlay or dandelion) Let's hope the community strongly supports these upcoming updates!
The sexy new signing algo.
We have a simpler proof of the security of Schnorr than the current ECDSA: a general heuristic is that a simpler proof is better since simpler proofs have less complexity for vulnerabilities to hide in. In practice most cryptographers would consider these roughly equivalent in security.
Linear signatures. This lets you do some operations on signatures which include making it possible for a n-of-n signing group to construct a single pubkey and signature, as well as providing secret communications channels (i.e. you provide the difference between two scalars privately, then create a signature using one scalar and publish it, which reveals the other scalar, letting you communicate this scalar while providing a signature that validates a transaction).
As a completely new signing scheme we can optimize signatures and public keys a little more than the existing ECDSA Bitcoin signatures, to help reduce resource usage. For instance an SECP256K1 point requires 257 bits to store, which is typically stored as one byte for the "extra" 1 bit and 32 bytes as the remaining 256 bits, but this extra bit is really the "sign" of the point (positive or negative) and we can enforce certain restrictions like "always use positive points", and a scalar which produces a negative point can be "negated" to produce a positive point, letting us cut out one entire byte from precious onchain space.
The Schnorr patent strongly discouraged development of Schnorr signatures. For this reason there are still details that hadn't been hammered out. The bip-schnorr proposal by Pieter hammers down some details, but there are still some concerns about multisignature and more complex usages below that are still being investigated.
A provably-secure way for a group of n participants to form an aggregate pubkey and signature. Creating their group pubkey does not require their coordination other than getting individual pubkeys from each participant, but creating their signature does require all participants to be online near-simultaneously.
Provably-secure. We already knew from Schnorr's work that Schnorr signatures allow multiparticipant signing, but his original proposal was actually insecure (this is part of the disadvantage caused by Schnorr patenting the signature scheme, nobody bothered to correct his multiparticipant signing procedure because why give free work for him?).
We can create a group pubkey without telling the group we made such; we only need to get their individual pubkeys. This can be useful in some protocols, e.g. escrow protocols where we elect a group of n-of-n participants as a possible escrow signer; we create this group pubkey from the published pubkeys of the escrow services, but only reveal to them that this group pubkey involves them later in case of dispute (signing requires everyone's cooperation); if the trade has no dispute at all then the escrow group never needs to learn that the group pubkey included them or that the trade was potentially an escrow trade.
Creates just a single signature and pubkey, greatly reducing the space needed onchain for n-of-n groups.
No actual change in consensus needed, other than supporting Schnorr signatures as a consensus signing scheme.
Only n-of-n; m-of-n requires verifiable secret sharing in addition to MuSig. In particular, for m-of-n we require that the participants also cooperate while generating the group pubkey (unlike the n-of-n case where we can just get published pubkeys, the m-of-n case requires that we perform some cooperative calculation to generate the private key shares for each participant).
Unlike separate-signatures-and-pubkeys multisig (i.e. what current OP_CHECKMULTISIG does), participants cannot simply send a signature it generates by itself and then go offline in no specific order. Instead, participants have to cooperatively generate a temporary signing nonce and then generate the signature. This is what forces all participants to be online at the time of generating the signature. This can be mitigated somewhat since you can pass around partial signatures, so once you have gotten the agreed-upon nonce and then created your partial signature, you can then go offline. This might not be a particularly big disadvantage but existing protocols might require an extra message turnaround in order to handle the multiple-rounds nature of MuSig.
Hiding a Bitcoin SCRIPT inside a pubkey, letting you sign with the pubkey without revealing the SCRIPT, or reveal the SCRIPT without signing with the pubkey.
You can show a SCRIPT and ignore the pubkey, or sign with the pubkey and ignore (and never reveal) the SCRIPT. This can be simulated somewhat with current Bitcoin by using a separate transaction that pays from a pubkey (or m-of-n or n-of-n multisig) to a SCRIPT, which you only publish if you want to take the SCRIPT path, but Taproot optimizes this by letting you dispense with that separate transaction. Some protocols that want to have some privacy (CoinSwap in particular) will need to have some way to hide the SCRIPT path and just use a pubkey (or m-of-n or n-of-n) in the "best case", and Taproot allows the "worst case" SCRIPT path to be somewhat more optimized if we need to take that branch.
The exact proposed mechanism in bip-taproot by Pieter allows another version number to be embedded. So not only do we have current 16 available SegWit versions (v0 already in use, v1 is intended to be taken for Taproot, v2->15 are for future expansion) we also extend SegWit v1 to have 256 "script versions" too, only one of which will be used for MAST (see below). A new "script version" can completely drop the current stack-based SCRIPT language and replace it with a completely new language, for example.
As a new SegWit version we can change the rules of the SCRIPT language to clean up some infelicities of the existing SCRIPT. For example, instead of OP_NOP operations we have OP_SUCCESS operations in the Taproot SCRIPT. When a softfork changes an OP_NOP to a different opcode, it can only either fail the SCRIPT or do nothing to the stack. When a softfork changes an OP_SUCCESS to a different opcode, it can do anything, including put new items on the stack, rearrange the stack, and so on.
It uses the pay-to-contract construction, which is used to allow a UTXO to commit to a message (in Taproot's case, the SCRIPT) without spending more space other than the pubkey it pays to. However, other schemes might want to use pay-to-contract (because of the space savings of the ability to embed a message commitment without adding more space beyond the pubkey), so care must be taken to ensure that such schemes using pay-to-contract do not conflict with Taproot itself.
Having a "SCRIPT only" UTXO (i.e. one which cannot be spent using a simple signature, but requires some more complex SCRIPT) requires that we compute a "nothing up my sleeves" (NUMS) point, i.e. a pubkey which we generate in such a way that we, or anyone, cannot possibly learn the corresponding privkey. This is already doable but requires that we actually use NUMS if we want a UTXO that can only be spent via a particular SCRIPT.
Encode each possible branch of a Bitcoin contract separately, and only require revelation of the exact branch taken, without revealing any of the other branches. One of the Taproot script versions will be used to denote a MAST construction. If the contract has only one branch then MAST does not add more overhead.
Privacy; branches not taken are not revealed, potentially hiding the possible participation of some entity with known pubkey if that entity ends up not signing for that branch.
Can be used to emulate m-of-n while using only n-of-n MuSigs (remember, n-of-n MuSig can be set up by knowing only the pubkeys of all participants, but m-of-n requires that the participants split up an n-of-n MuSig key into m shares, and each participant has to remember its own share (which can be difficult for hardware wallets to safely do)). To emulate m-of-n, you just get every subgroup of m participants, create an m-of-m MuSig pubkey for each subgroup, then make multiple OP_CHECKSIG scripts, each of which you treat as a "separate branch" in the MAST (you probably want to use a NUMS point as the Taproot pubkey that hides the MAST scripts, or select which sub-group of m is the most likely to be online later and put that as the Taproot pubkey). You need to have m participants online at signing time. This has the side effect of not revealing participants who didn't sign.
Requires O(log n) data to be revealed for n branches. This mildly leaks some information: if you see q data to prove the MAST, then the number of branches is between 2q-1 and 2q . This can be twisted around to make unbalanced MAST trees, but unbalanced MAST trees imply that some branches are more likely than others (you'd put the more likely branches in the leaves that are nearer to the root, so fewer data revealed == more likely), which again can be a mild information leak. Might not be particularly bad information leak in practice, but for example Graftroot (which is not yet proposed) achieves O(1) data revelation for n branches, leaking no data at all on the number of other branches and/or the probability of the revealed branch.
A reminder of who Craig Wright is and the benefits to BCH now he has gone.
This needs to be repeated every so often on this subreddit so new people can understand the history of the fork of BCH into BCH and BSV From Jonald Fyookball's article https://medium.com/@jonaldfyookball/bitcoin-cash-is-finally-free-of-faketoshi-great-days-lie-ahead-bb0c833e4c5d Craig S. Wright (CSW) leaving the Bitcoin Cash community is a wonderful thing. This self-described “tyrant” has been expunged, and now we can get back to our mission of bringing peer-to-peer electronic cash to the world. The markets will rebound when they see the chaos is over, but regardless of the price, we will keep building. Nothing will stop the sound money movement. Calling Out Bad Behavior As Rick Falkvinge recently explained, there is a difference between small-minded gossiping about personalities and legitimately calling out bad behavior. CSW’s bad behavior must be called out, because he has done tremendous damage to Bitcoin Cash (and possibly even the entire cryptocurrency sector). The brief history is that he gained his reputation by claiming to be Bitcoin’s creator (Satoshi Nakamoto). He said he would provide “extraordinary proof” but he has never done so. Supposedly, he did some “private signings” to a few people, and this allowed him to gain influence in the BCH community. The destruction he has been causing was not widely recognized until after a huge mess had been made. Thanks to u/Contrarian__ for the following compliation of CSW’s misgivings: Some background on Craig’s claim of being Satoshi, for the uninitiated:
He faked blog posts He faked PGP keys He faked contracts and emails He faked threats He faked a public key signing He has a well-documented history of fabricating things bitcoin and non-bitcoin related He faked a bitcoin trust to get free money from the Australian government but was caught and fined over a million dollars.
And specifically concerning his claim to be Satoshi:
He has provided no independently verifiable evidence He is not technically competent in the subject matter His writing style is nothing like Satoshi’s He called bitcoin “Bit Coin” in 2011 when Satoshi never used a space He actively bought and traded coins from Mt. Gox in 2013 and 2014 He was paid millions for ‘coming out’ as Satoshi as part of the deal to sell his patents to nTrust — for those who claim he was ‘outed’ or had no motive
Caught Red Handed Plagiarizing No respectable academic, scientist, or professional needs to stoop so low as to steal and take credit for the work of others — least of all Satoshi. Yet, CSW has already been caught at least 3 times plagiarizing.
His paper on selfish mining has full sections copied almost verbatim from a paper written by Liu & Wang. His “Beyond Godel” paper which purports to claim that Bitcoin script is turing complete, is heavily plagiarized. A paper on block propagation was blatantly and intentionally plagiarized.
Can’t Even Steal Code Correctly CSW was also caught attempting to plagiarize a “hello world” program (the simplest of all computer programs). He apparently does not understand base58 or how Bitcoin address checksums work (both of these are common knowledge to experienced Bitcoiners), and has made other embarrasing errors. So How Did Such an Obvious Fraud Gain So Much Power and Influence? There are no easy answers here. It seems that as humans, we are very susceptible to manipulation and misinformation. The greatest weapon against sinister forces is a well-educated populace. This is something that can only improve over the long run. The “Satoshi factor” is a powerful one and appeals to the glamorization of a mythical figure. Even people such as myself, who are technically astute, gave CSW all benefit of the doubt until the evidence staring us in the face could no longer be denied. The seduction of the BCH community was also facilitated by CSW becoming a strong advocate for the on-chain/big-block scaling movement at a time when the community was dying to hear it. This message, delivered with a brazen, in-your-face style, was a sharp contrast to anything seen before. In addition, CSW was able to find obscure topics (“2pda”), network topology, etc, that seemed to establish him as an expert with esoteric knowledge above and beyond anyone else. Basically, he was using technobabble, but it wasn’t immediately obvious except to very technical people… who were then attacked and discredited. Eventually, as more and more of the community began to realize his technical claims were bogus, CSW banned those people from his twitter feed and slack channel, leaving only a group of untechnical “believers”, which the larger BCH community referred to as “the church” AKA the Cult-of-Craig. Finally, if some believed that CSW possesed Satoshis’s stash of 1M BTC, then they may have been gnawing to get a piece of it. But it may turn out that these are the coins that never were. Broken Promises If this article so far seems like an “attack piece” on CSW, remember it is important to get all the facts out in the open. We’ll get to the silver lining and bright future in a moment… but let’s continue here to “get it all out”. One of the biggest ways that CSW has damaged the community is to make an endless series of broken promises. This caused others to wait, to waste time on his unproven ideas and solutions, and to postpone or drop their own ideas and initiatives.
He said he was building a mining pool to “stop SegWit” He said he was bringing big companies to use the BCH chain He said that he was providing a fungibility solution based on blind threshold signatures He said he was providing novel technology based on oblivious transfers He said he was providing a method where people could do atomic swaps without using timelocks He said he was going to show everyone how we can do bilinear pairings using secp256k1 He said he was going to release source code for nakasendo He said he was releasing some information that would “kill the lightning network” He said he was going to show everyone how the selfish mining theory is wrong He said he was going to show everyone how we can tokenize everything in the universe squared He said a few times “big things are coming in 2 months”
How CSW Has Damaged the BCH Community In addition to the broken promises, the BCH community was wounded due to:
The division of the community (with classic divide and conquer tactics) Loss of focus. Huge amounts of drama and distraction from building and adoption Investor confidence has been shaken due to uncertainty and chaos. BCH is a laughing stock to outsiders due to CSW’s antics Gemini deployment of BCH and other rollouts paused Loss of developer talent due to toxic and abrasive personality Various patent and legal threats
The Hash War Event and Split into BitcoinSV Every 6 months, BCH has a scheduled network upgrade. This is technically a “hard fork” but a non-contentious fork does not result in a split of the chain — it is simply new network rules being activated. Bitcoin Cash has multiple independent developer groups including Bitcoin ABC, Bitcoin Unlimited, Bitcoin XT, Bitprim, BCHD, bcash, parity, Flowee, and others. The nChain group, led by CSW, introduced an alternate set of changes a week before the agreed cut-off date, intentionally causing a huge controversey. These changes were incompatible with the changes being discussed between the other groups. nChain objected to the changes being proposed (cannonical transaction ordering) despite specifically agreeing to it almost a year earlier. The last minute objections were in my opinion, an attempt at sabotage. An emergency meeting was held in Bangkok to attempt to resolve the differences between the nChain group and the rest of the community. Not only did CSW refuse to listen to the other presentations, he walked out of the meeting after his own speech had been given. The other nChain people refused to discuss the technical issues. After this, nChain built their own software (“BitcoinSV”) to attempt to compete for the Bitcoin Cash network. But rather than split off to follow their own set of rules, they threatened to attack Bitcoin Cash. Their attitude was “you follow our rules or we burn it all down”. The CSW sycophants adopted a strange interpretation of the Bitcoin whitepaper and proselytized the idea that if nChain could “out hash” everyone else, the market should be obliged to follow them. This faulty thinking was eloquently debunked by u/CatatonicAdenosine. As it turns out, nChain was unable in any case to win at their own game. But Here’s the Obviously Good News… CSW is gone. It’s over. He can do whatever he wants on the BitcoinSV chain. He will never be allowed to influence Bitcoin Cash again. And all the negative things and negative people that were a consequence of his involvement in Bitcoin Cash are gone with him. As a community, we will redouble our efforts and get back to our mission of peer-to-peer electronic cash. We will learn to work together better than ever, and we will learn to detect and punish bad behavior sooner. The attempted attacks with hashpower also sparked innovation and a focus on the problem of how to stop such attacks in the future. This is only making Bitcoin Cash (BCH) and the entire class of Proof-of-Work coins stronger. Nothing will stop us. The reason why millions of dollars were spent to attack and also to defend Bitcoin Cash is because it’s something truly worth fighting over. It’s sound money. It’s permissionless. It’s what Satoshi Nakamoto wrote about in 2008. It’s Bitcoin, a Peer-to-Peer Electronic Cash System.
Go to the profile of Jonald Fyookball Jonald Fyookball More from Jonald Fyookball Jimmy Song Tries to Claim Bitcoin Cash is “Fiat Money”… Seriously? Go to the profile of Jonald Fyookball Jonald Fyookball Related reads 600 Microseconds Go to the profile of Awemany Awemany Related reads The scams in Crypto Go to the profile of Craig Wright (Bitcoin SV is the original Bitcoin.) Craig Wright (Bitcoin SV is the original Bitcoin.) Responses
**Defamation and the diffculties of law on the Internet. "**This post goes to those cowards who sit behind anonymity on the web and cast doubt and aspersions about people whilst hiding." https://seclists.org/basics/2008/Ma42
I'm lurking litecoin, bitcoin and similar subreddits for months now, and noticed they are now FILLED with unimportant, secondary stuff like memes, price speculations etc. The technology behind the actual thing is put aside. I'm really excited about the crypto space and as a person with technical, but not cryptography background I'm in search of information. This subreddit is often cited as a good source of it, and you can actually find it at some point, but it is buried beneath a fuckton of unimportant, yet still massively upvoted stuff. Why I think price speculation posts are unnecessary on this sub? Because 1. Three is litecoinmarkets for that 2. It's always the same posts all over again: when price is going up -> hype posts, brag posts, memes; when price is going down -> "just hodl" posts, "it's ok, we're still up X% this month" posts, "buy the dip" posts 3. Don't you think this platform can do better? But really, if you believe this technology is revolutionary, that it will disrupt current models in financial and many other sectors, that IT IS THE FUTURE, that it is better than fiat money, why focus so much on the amount of that same fiat money which gets you 1 LTC/BTC? Why the memes, why don't we try to provide a platform that will help it's adoption by providing a constructive, informative environment? The current situation is mostly hype, jumping-on-the-bandwagon, get-rich-quick investors. Though the growing investor number helps mainstream adoption and getting attention from the big players, not-enough-educated community isn't sustainable long term. My suggestions on the types of posts which I would love to see upvoted and created more: a) Technical background discussions. I would love to see more crypto experts discussing the technical issues litecoin currently faces, possible solutions and their respective arguments, already implemented solutions and why they were chosen. Things like why the secp256k1 elliptic curve, and not some other curve, how the private key -> public key conversion really works, how exactly nodes emit the transaction to the whole network, pros and cons of on-chain and off-chain scaling, lightning network, who are our core developers, stuff like that. As we want our cryptocurrency to be a trustless solution, we need to share the information about the intricates of the system so that less people would just follow the system blindly. Sure, bitcoin's official wiki is a nice resource as litecoin is largely based off of bitcoin, but it isn't a place for discussion and up-to-date litecoin/bitcoin differences are poorly documented (litecoin.info is down, forum.litecoin.net is down, litecointalk.io is down). b) Newbie tips and tricks. A lot of newbies tap in the dark. They need services that are trusted and have a stable user base. They need to know what to expect from this whole journey, especially what are the possible downsides. They need tricks like Coinbase to GDAX migration for lower fees. And they shouldn't have to dig through the meme posts to find them. c) Litecoin competitors. Who are we competing with? What do we do better? What can we do betterer :) ? What are our limitations, and what litecoin IS NOT? TL;DR This platform has a great unused potential to help litecoin adoption and progress, yet somehow the unimportant stuff gets to the top. We can do better. Let's start now!
Implementation of blockchain technologies provided a solution that allows to refuse of use of central servers for storing the database and to entrust them to a distributed registry. For the first time it was implemented through the example of digital currency – Bitcoin. Then enthusiastic programmers, who focused their attention on the opened opportunities, went further. They began to implement their ideas and supply new tools, laying the foundation for the digital system of the future. In such a way, smart contracts and decentralized applications appeared, presented to the user as software products for wide variety of spheres: business, entertainment, communication… Virtual blockchain began to obtain visual outlines. https://preview.redd.it/utjl7ervb9u21.jpg?width=1080&format=pjpg&auto=webp&s=46f4ce45dbf1a3f3d84be8b027ebf10fb3374c30
Leaders in creation DApps
Ethereum became the first blockchain project that allows the creation of smart contracts and DApps. But programmers faced difficulty - low transaction speed, which was limited to 20 tps. In 2017, EOS and TRON acted as projects that found a solution. They collected millions with the help of ICO and drove by roadmap. On the one hand, indeed, the shown speed was significantly different and gave the opportunity to develop DApps (TRON - 1200 tps, EOS - 4000 tps). Although Ethereum took the lead in the number of created in its blockchain applications, taking a head start in two years, the competitors who appeared on the market began to drain-away developers to their platforms. For April 2019 EOS ranks the first in the number of unique users (171k) and transaction volume ($ 3 bln), TRON - the second (71k, 600 mln). This is despite the fact that more DApps allocated in Ethereum. The only thing is that transaction rate both TRON and EOS was obtained detriment of decentralization. Both projects work on the PoS consensus algorithm, and this is already a reason not to consider them decentralized. As for Ethereum, its blockchain with each fork also gradually moves towards the final transition to the PoS consensus. While the main developers justify their actions by that the PoW algorithm has already outlived itself and the distributed registry running on such a consensus cannot provide the characteristics, necessary for full-fledged DApps functionality. That is not so!
Attractive advantage of TERA
What DApps are on the TERA platform
What else would be nice to see on TERA
Virtual soil of TERA is just beginning to put out shoots of the first planted digital seeds, and in the blockchain space there is enough space for the flight of imagination when creating DApps. I will give as an example just the first that comes to mind, as well as taken from the statements of members of the TERA community on Discordapp.com. Thus, would be great to see: - platform for trading binary options, for a start at least on the same pair of TERA / BTC; - browser for work with DApps and recommendations for building applications; - a service for voting on the blockchain would provide transparency into the system of election in any sphere (such a proposal was received at Eurovision-2019, why not create it on TERA); - author's rights patenting services for works of art, inventions and other intellectual property; - a full-fledged forum where comments would be saved and could not be deleted (the foundation of such an application has already been laid); - chess, backgammon, bingo, durak and other classic games; - more games! Strategies, shooter games, exploration games... Suggest to take a deeper look to the hits of the 80s and 90s. Could be found what to remember and transfer to the decentralized platform TERA; - fully functional casino with a wide range of entertainment: 3-line and 5-line Slot games, roulette, blackjack, poker, bets and other services of gambling industry; - and so on and so forth. If such ideas do not come to developers’ mind, feel free to contact the author of this article and he will share his own in the field of gaming and gambling, and help with their realization with the creative approach! In the long run, what we need for everyday life? Tools to make money and ways to spend it. The unique features of TERA blockchain make it possible to place both in it. Plus they will be independent of any central administration and free of censorship. To inspire developers for actions, the Chinese TERA community announced a contest with a prize fund of 165,000 coins. https://preview.redd.it/ksrxovbbd9u21.jpg?width=720&format=pjpg&auto=webp&s=c2f16e877b7dac0cf2b4ef0bb249f98c0c6d0396 Those who are interested in placing their DApps on TERA will be helped by DApp Paper - https://docs.google.com/document/d/10yXAKxaU7YgrQnbdXu_L7WWovUoRtdJwo3tXXaGZGSQ/edit And a couple of words to the developers: You can choose TRON platform, you can choose EOS or Ethereum. But what are your priorities? All these systems are in the hands of corporate owners, which leads away from decentralization. And those who want to get away from totalitarian control and give the fruits of their creativity complete freedom should consider the TERA platform. The TERA Foundation website has a page with a special world map. It shows in real time how many full nodes support the blockchain operation- https://terafoundation.org/map.html. To be among the first means to participate in laying the foundation, that is able to withstand a powerful boost to the rapid development of future technologies. If there is no your city on the map, only a few minutes separates you from correcting it. Instructions for node installation will help to join the TERA community and make your contribution right now. It can be found here: https://sourceforge.net/p/tera/code/ci/mastetree/README.md https://preview.redd.it/zcq5ijbgd9u21.jpg?width=1246&format=pjpg&auto=webp&s=a3cdd4219a5904a89f5de59413d45d6769b07a54 Participation in the expansion of TERA encourages growth and development of the idea of freedom from central administration, which was stated when Bitcoin was launched. These are not just fantasies or dreams, there are authoritative representatives of science who consider blockchains to be the basis for the economy of future, which will have no boundaries. And with the help of active participants full decentralization will come much faster. This development has no limits, since it is fueled by the independent striving, own free will and potential that is inherent in each of us.
Monero is my favorite thing as of now. I mean like ever in the whole world. Its potential to basically free the world (of government tyranny, censorship, famine, central bankers, etc) is by far the most promising of any crypto out there, and probably more promising than literally any other thing or movement in the entire history of the world (besides OneCoin or Darth Vader). I am by no means a Dash pump and dumper where I just wanna see the price moon immediately (not that I'm opposed to that, obviously), or a Zcash fool where I have no idea what cryptocurrency is about (Zcash is a cult, imo), I'm a Moner, or whatever Monero people are called. I just want it to be used! Which means, first and foremost, people have to be aware of its existence. What I've been doing, and I don't recommend this, unless you have a mountain of monero and an opinion of it as high as I do, is tell people to download the monero wallet, in exchange for me sending them a monero. I think this is much more effective than telling them "CryptoNight is much more ASIC resistant than SHA256!" or "ed25519 is more secure than secp256k1!" or whatever. It allows them to feel good when monero gets more expensive, maybe sad when it gets cheaper, but that emotional interaction with monero isn't something that's just forgotten, like those weird words they've never heard before are. First, they are given something they understand (an asset that might gain or lose value), and later they are waaay more likely to "fall down the rabbit hole" than some guy who doesn't own monero. (thus increasing user base and therefore security, privacy, and fungibility, and hopefully they'll not be able to contain their excitement, like me and have to tell yet more people) It's getting to be prohibitively expensive to do this, and I find that a lot of people simply will not accept less than an entire monero for that deal, idk why. Maybe cuz the current paradigm of nothing before the decimal signifies "change", i.e. worthless, or not worth downloading an "annoying blocktrain thing" (real quote). This is vexing. I know I'm not gonna go to my grandma and explain everything and have her be like "dam thats sweet im buying monero". For people my age, (I'm 20) I want to be able to convey what it's all about, concisely and in a way that excites people more than something that's out of the scope of the concepts they understand. I'm sure some of you more enthusiastic Moners (or monerites?) have "converted" some crypto-foreigners. What's the best way to actively do this? Is there like a video I can sic on em or something? Every fluffyponyza presentation I've ever seen would go like 32.4 miles above the average person's head. They won't read getmonero, or do work to figure out what this obscure and seemingly boring thing is. Some people, especially now, won't be convinced that monero is worth their time, but a lot are open to it. How to effectively reach as many as possible is what I'm after. Would it be legal to have a FFS for a video or a small PR type deal about monero? Not that its gonna instantly make it the world reserve currency, but it could help attract devs or something, idk. Do you guys think something like that would be worth it? I personally feel that it is important for monero to gain positive exposure, probably more than most people on here. If monero is this thing that people only hear about when they read a news report on a drug bust or ransomware attack, we'll have to go through the same phase bitcoin went through where the establishment along with Joe the Plumber wants it made illegal, or subject to more stringent KYC or AML regulations, cuz "only criminals use it". It is possible that some other crypto takes monero market share because of this. When bitcoin was at that stage, there was bitcoin. That was the crypto space. Now there are tempting scamcoins around every corner and I'd hate to see monero fall by the wayside, even temporarily, in lieu of some ridiculous thing like Zcash, which imo misses the whole point of cryptocurrency, or some sockpuppetty corporatecoin like eth. Privacy IS for everyone and I think it might be possible to skip this phase entirely, given the right information is widely distributed. tl;dr How can I make the fundamental concepts behind Monero accessible and attractive to the average computer-using person, or potential devs who might otherwise be swayed to working on another alt or Bitcoin instead? ps Sorry for the long post I'm a piss poor writer and can't be concise Edit: for formatting so its not a brick of words
EthereumCash★ETHC★Masternode - Pos★Payout 50% Profit To Holders★
Our Project is EthereumCash Coin not Token. We have our system, with our plan, we not clone or scam. Masternode and Payout profit every month to holders. And Our coin Symbol is ETHC not ECASH. Thanks! NOTE: 1. We dont make any Masternode. Masternode just for big holder with 50k coin. We dont want to have more masternode because more coin mined, price of ETHC will drop. This is coin of my company, more coin of us with more potetial will posted soon. Now more work to do. Thanks
BIG EVENT will coming at 1 NOV when more potential coins of us end ICO and list on exchange. We will update information about our coins after 1 NOV. Very potential coins. We will payout Bounty at 18 OCT. Next payout will inform later.
BOUNTY REWARD will decrease soon. Let's GO. We must change some rule about rewards. New rule will better and make ETHC reach high value. Thanks
Just only 4 mil ETHC on exchange, no more coin. We hold 73% premine to get profit from our project.
NEWS: * Today, our team will discuss about how to use money when ETHC sale on exchange, 50% want to share 50% profit to holders to make great project. But we must have more agree, hope we have good news soon. Finally, Our team decide share 50% profit from sale ETHC on exchange for holders, hope all investors will hold ETHC to get BTC. Thanks.
Our topics is just deleted by Mod, so please dont post your address on our topic.
Our key #EthereumCash just in top 10 on Google.
A big forum ( our partner) just support our project, a banner will release tomorrow
https://www.emoneyspace.com/banner_stats.php?h=%2FkfqBZeXOos%3Dhttps://www.emoneyspace.com/forum/index.php?action=profile;u=10955 We just payout 400 address quickly fill out form bounty on twitter, other must wait later . Thanks! EthereumCash Project What is EthereumCash ? EthereumCash is an experimental new digital currency that enables anonymous, instant payments to anyone, anywhere in the world. EthereumCash uses peer-to-peer technology to operate with no central authority: managing transactions and issuing money are carried out collectively by the network. EthereumCash is a PoS-based cryptocurrency, and depend upon libsecp256k1 by sipa, the sources for which can be found here: https://github.com/bitcoin/secp256k1 EthereumCash is a project which was created in January 2017, launched by a group of Masters graduated in Technology Institutes of Hardware, Web Programming and CryptoCurrency. Currently, the project has 60 Antminer L3 + devices. EthereumCash was released to fund the development of the project, and using funds was a way to purchase new Antminer devices. The special issue is that we will pay EthereumCash holders 50% of the profits from the mining of us every 45 days since EthereumCash is listed on the exchange. On the other hand, our project is also interested in partners and is ready to collaborate by buying 30% EthereumCash and allowing us to use their existing Antminer devices with low fee. Our mining plan at the beginning of the project was to mine the coins to be issued or newly listed, with low difficult and then we waited and sold out at high prices beyond expectations. Besides, when we find the coin that we see has the potential for growth or high price expectations we will also bring all our equipment to mine those coin. We are young with a dynamic creativity, willing to devote as much to the success and development of the company. EthereumCash Details Coin Name : EthereumCash Coin abbreviation : ETHC Coin Type : Full POS Algorith : SHA256 Total Coin Supply : 100 Million Premine : 15% (15 Million) Masternode Rewards : 60% Stake : 10 ETHC Minimum Stake Age : 8 hours Number of confirmation : 10 For more information, as well as an immediately useable, binary version of the EthereumCash Core software, see https://ethereumcash.io Premine Distribution Our Company : 50% Dev Team : 23% ( 73% not allow to sale, just hold and get profit) Sale on Exchange : 20% Bounty & Airdrop : 7% (1.050.000 Coins) How to mine ? You can buy some coins and stake them to get rewards. More coins more rewards. Masternode require 50k coins. It just for big holders, we dont want to make more masternode because more reward, easy to get reward, price of coin will drop more. But with payout 50% profit from our mining, we hope ETHC will rise up for along term. Download wallet ? Download your EthereumCash wallet for free. This wallet protects your EthereumCash and stores it securely. You can use this wallet for all kind of EthereumCash transactions. Windows wallet: (we check our wallet on virustotal,it 's negative alert. Dont worried. thanks) https://github.com/ethereumcashdev/ethereumcash/files/1385162/ethereumcash-qt-windows.zip Linux wallet: (please install libdb5.1++ before run linux wallet by command apt-get install libdb5.1++) https://github.com/ethereumcashdev/ethereumcash/files/1384405/ethereumcash-qt-linux.zip MacOSX wallet: https://github.com/ethereumcashdev/ethereumcash/files/1390116/ethereumcash-qt-macosx.zip Our Website https://ethereumcash.io Block Explorer https://explorer.ethereumcash.io Exchange Coming soon next week Our coins We will post some Our potential coins soon... How to config masternode Maternode is running, please check https://explorer.ethereumcash.io Code: Step 1: getnewaddress 0
Step 2: Send 50.000 ETHC coin to your masternode address (EWb9GpJptZ5ywdybAdSSGm1mALkKBD46Ev) Step 3: masternode genkey
facebook. Innovating With Bolos : Building An Ethereum Hardware Wallet Figure 1.1: Market Price of Bitcoin in USD from 2012-2014 9. 1.1 Motivation and Goal Because of the popularity of Bitcoin, one of its main building blocks, Elliptic Curve Digital Signature Algorithm (ECDSA) is hotly discussed as well. Since Bitcoin is decentralized, trans- actions will not go through to a third party so that two willing parties communication depend on cryptographic proof ... NBitcoin is the most complete Bitcoin library for the .NET platform. It implements all most relevant Bitcoin Improvement Proposals (BIPs). It also provides low level access to Bitcoin primitives so you can easily build your application on top of it. Join us in our gitter chat room. It works on Windows, Mac and Linux with Xamarin, Unity, .NET ... We offer bitcoin at a price as low as 25% depending on the amount you purchase. The delivery is instant and guarenteed. No KYC. Anonymity is our first priority. You can buy up to 13 Bitcoin without giving away your personal information. Flexible Payments. We offer bitcoins on Crypto-to-Crypto rule. Hence the payments are quick and anonymous. How It Works? Choose Package. Choose the required ... I want to change the margin of the elliptic curve to the new N value, while doing so I want to keep the parameters Standard G-point Generator Secp256k1 that is, I ...
本集讨论的内容有： 简单描述比特币地址、公钥、私钥 椭圆曲线加密 有可能暴力破解比特币私钥吗 This video is unavailable. Watch Queue Queue According to crypto advocate Roger Ver, Bitcoin Cash ( BCH ) is the only “recent” coin to be widely used on the dark web. “The only other coins being used on the darknet markets are the ... According to an early Bitcoin ( BTC ) developer, Satoshi Nakamoto sought help from outside cryptographers prior to launching Bitcoin. Laszlo Hanyecz, who worked closely with Satsohi in 2010 , told ...