Copy & Pasting A Wallet Address Could Mean Bye Bye Bitcoin ...
Copy & Pasting A Wallet Address Could Mean Bye Bye Bitcoin ...
How to import and export Bitcoin private keys Get ...
How to move/copy wallet to another computer - Bitcoin ...
Change Bitcoin Core Data Directory - BitcoinWiki
How to Backup and Restore a Bitcoin Wallet
Unlock the power of blockchain!
/BlockChain is has gone private due to an extreme influx of ICO scams, snake-oil shills and plagiarized crypto-news blog spam. There is no application process and new members are not being added. Contacting the mod team will not result in an invitation.
Moving wallet to another computer, can I copy the "blocks" folder (from ~appdata\bitcoin) to avoid syncing the blockchain again?
Title pretty much says it all. Wallet is synced and on one computer... I want to reinstall windoze on it so it's actually not moving to a different computer but I assume it's just the same. So obviously I'm copying the wallet.dat backup... But I was wondering if I could also keep the 15.7Gb blockchain to avoid downloading it again? When I restore it afterwards, can I just drop the wallet.dat and blocks folder in the appdata\bitcoin? Or is there more to it than that?
I am trying to withdraw money from bovada, and would prefer just a check sent to me. However, it's saying I won't be able to deposit this check in the United States. Is this true? And if so, my only option is Bitcoin?
A common sentiment is brewing online; a shared desire for the internet that might have been. After decades of corporate encroachment, you don't need to be a power user to realize that something has gone very wrong. In the early days of the internet, the future was bright. In that future, when you sent an instant message, it traveled directly to the recipient. When you needed to pay a friend, you announced a transfer of value to their public key. When an app was missing a feature you wanted, you opened up the source code and implemented it. When you took a picture on your phone, it was immediately encrypted and backed up to storage that you controlled. In that future, people would laugh at the idea of having to authenticate themselves to some corporation before doing these things. What did we get instead? Rather than a network of human-sized communities, we have a handful of enormous commons, each controlled by a faceless corporate entity. Hey user, want to send a message? You can, but we'll store a copy of it indefinitely, unencrypted, for our preference-learning algorithms to pore over; how else could we slap targeted ads on every piece of content you see? Want to pay a friend? You can—in our Monopoly money. Want a new feature? Submit a request to our Support Center and we'll totally maybe think about it. Want to backup a photo? You can—inside our walled garden, which only we (and the NSA, of course) can access. Just be careful what you share, because merely locking you out of your account and deleting all your data is far from the worst thing we could do. You rationalize this: "MEGACORP would never do such a thing; it would be bad for business." But we all know, at some level, that this state of affairs, this inversion of power, is not merely "unfortunate" or "suboptimal" – No. It is degrading. Even if MEGACORP were purely benevolent, it is degrading that we must ask its permission to talk to our friends; that we must rely on it to safeguard our treasured memories; that our digital lives are completely beholden to those who seek only to extract value from us. At the root of this issue is the centralization of data. MEGACORP can surveil you—because your emails and video chats flow through their servers. And MEGACORP can control you—because they hold your data hostage. But centralization is a solution to a technical problem: How can we make the user's data accessible from anywhere in the world, on any device? For a long time, no alternative solution to this problem was forthcoming. Today, thanks to a confluence of established techniques and recent innovations, we have solved the accessibility problem without resorting to centralization. Hashing, encryption, and erasure encoding got us most of the way, but one barrier remained: incentives. How do you incentivize an anonymous stranger to store your data? Earlier protocols like BitTorrent worked around this limitation by relying on altruism, tit-for-tat requirements, or "points" – in other words, nothing you could pay your electric bill with. Finally, in 2009, a solution appeared: Bitcoin. Not long after, Sia was born. Cryptography has unleashed the latent power of the internet by enabling interactions between mutually-distrustful parties. Sia harnesses this power to turn the cloud storage market into a proper marketplace, where buyers and sellers can transact directly, with no intermediaries, anywhere in the world. No more silos or walled gardens: your data is encrypted, so it can't be spied on, and it's stored on many servers, so no single entity can hold it hostage. Thanks to projects like Sia, the internet is being re-decentralized. Sia began its life as a startup, which means it has always been subjected to two competing forces: the ideals of its founders, and the profit motive inherent to all businesses. Its founders have taken great pains to never compromise on the former, but this often threatened the company's financial viability. With the establishment of the Sia Foundation, this tension is resolved. The Foundation, freed of the obligation to generate profit, is a pure embodiment of the ideals from which Sia originally sprung. The goals and responsibilities of the Foundation are numerous: to maintain core Sia protocols and consensus code; to support developers building on top of Sia and its protocols; to promote Sia and facilitate partnerships in other spheres and communities; to ensure that users can easily acquire and safely store siacoins; to develop network scalability solutions; to implement hardforks and lead the community through them; and much more. In a broader sense, its mission is to commoditize data storage, making it cheap, ubiquitous, and accessible to all, without compromising privacy or performance. Sia is a perfect example of how we can achieve better living through cryptography. We now begin a new chapter in Sia's history. May our stewardship lead it into a bright future.
Today, we are proposing the creation of the Sia Foundation: a new non-profit entity that builds and supports distributed cloud storage infrastructure, with a specific focus on the Sia storage platform. What follows is an informal overview of the Sia Foundation, covering two major topics: how the Foundation will be funded, and what its funds will be used for.
The Sia Foundation will be structured as a non-profit entity incorporated in the United States, likely a 501(c)(3) organization or similar. The actions of the Foundation will be constrained by its charter, which formalizes the specific obligations and overall mission outlined in this document. The charter will be updated on an annual basis to reflect the current goals of the Sia community. The organization will be operated by a board of directors, initially comprising Luke Champine as President and Eddie Wang as Chairman. Luke Champine will be leaving his position at Nebulous to work at the Foundation full-time, and will seek to divest his shares of Nebulous stock along with other potential conflicts of interest. Neither Luke nor Eddie personally own any siafunds or significant quantities of siacoin.
The primary source of funding for the Foundation will come from a new block subsidy. Following a hardfork, 30 KS per block will be allocated to the "Foundation Fund," continuing in perpetuity. The existing 30 KS per block miner reward is not affected. Additionally, one year's worth of block subsidies (approximately 1.57 GS) will be allocated to the Fund immediately upon activation of the hardfork. As detailed below, the Foundation will provably burn any coins that it cannot meaningfully spend. As such, the 30 KS subsidy should be viewed as a maximum. This allows the Foundation to grow alongside Sia without requiring additional hardforks. The Foundation will not be funded to any degree by the possession or sale of siafunds. Siafunds were originally introduced as a means of incentivizing growth, and we still believe in their effectiveness: a siafund holder wants to increase the amount of storage on Sia as much as possible. While the Foundation obviously wants Sia to succeed, its driving force should be its charter. Deriving significant revenue from siafunds would jeopardize the Foundation's impartiality and focus. Ultimately, we want the Foundation to act in the best interests of Sia, not in growing its own budget.
The Foundation inherits a great number of responsibilities from Nebulous. Each quarter, the Foundation will publish the progress it has made over the past quarter, and list the responsibilities it intends to prioritize over the coming quarter. This will be accompanied by a financial report, detailing each area of expenditure over the past quarter, and forecasting expenditures for the coming quarter. Below, we summarize some of the myriad responsibilities towards which the Foundation is expected to allocate its resources.
Maintain and enhance core Sia software
Arguably, this is the most important responsibility of the Foundation. At the heart of Sia is its consensus algorithm: regardless of other differences, all Sia software must agree upon the content and rules of the blockchain. It is therefore crucial that the algorithm be stewarded by an entity that is accountable to the community, transparent in its decision-making, and has no profit motive or other conflicts of interest. Accordingly, Sia’s consensus functionality will no longer be directly maintained by Nebulous. Instead, the Foundation will release and maintain an implementation of a "minimal Sia full node," comprising the Sia consensus algorithm and P2P networking code. The source code will be available in a public repository, and signed binaries will be published for each release. Other parties may use this code to provide alternative full node software. For example, Nebulous may extend the minimal full node with wallet, renter, and host functionality. The source code of any such implementation may be submitted to the Foundation for review. If the code passes review, the Foundation will provide "endorsement signatures" for the commit hash used and for binaries compiled internally by the Foundation. Specifically, these signatures assert that the Foundation believes the software contains no consensus-breaking changes or other modifications to imported Foundation code. Endorsement signatures and Foundation-compiled binaries may be displayed and distributed by the receiving party, along with an appropriate disclaimer. A minimal full node is not terribly useful on its own; the wallet, renter, host, and other extensions are what make Sia a proper developer platform. Currently, the only implementations of these extensions are maintained by Nebulous. The Foundation will contract Nebulous to ensure that these extensions continue to receive updates and enhancements. Later on, the Foundation intends to develop its own implementations of these extensions and others. As with the minimal node software, these extensions will be open source and available in public repositories for use by any Sia node software. With the consensus code now managed by the Foundation, the task of implementing and orchestrating hardforks becomes its responsibility as well. When the Foundation determines that a hardfork is necessary (whether through internal discussion or via community petition), a formal proposal will be drafted and submitted for public review, during which arguments for and against the proposal may be submitted to a public repository. During this time, the hardfork code will be implemented, either by Foundation employees or by external contributors working closely with the Foundation. Once the implementation is finished, final arguments will be heard. The Foundation board will then vote whether to accept or reject the proposal, and announce their decision along with appropriate justification. Assuming the proposal was accepted, the Foundation will announce the block height at which the hardfork will activate, and will subsequently release source code and signed binaries that incorporate the hardfork code. Regardless of the Foundation's decision, it is the community that ultimately determines whether a fork is accepted or rejected – nothing can change that. Foundation node software will never automatically update, so all forks must be explicitly adopted by users. Furthermore, the Foundation will provide replay and wipeout protection for its hard forks, protecting other chains from unintended or malicious reorgs. Similarly, the Foundation will ensure that any file contracts formed prior to a fork activation will continue to be honored on both chains until they expire. Finally, the Foundation also intends to pursue scalability solutions for the Sia blockchain. In particular, work has already begun on an implementation of Utreexo, which will greatly reduce the space requirements of fully-validating nodes (allowing a full node to be run on a smartphone) while increasing throughput and decreasing initial sync time. A hardfork implementing Utreexo will be submitted to the community as per the process detailed above. As this is the most important responsibility of the Foundation, it will receive a significant portion of the Foundation’s budget, primarily in the form of developer salaries and contracting agreements.
Support community services
We intend to allocate 25% of the Foundation Fund towards the community. This allocation will be held and disbursed in the form of siacoins, and will pay for grants, bounties, hackathons, and other community-driven endeavours. Any community-run service, such as a Skynet portal, explorer or web wallet, may apply to have its costs covered by the Foundation. Upon approval, the Foundation will reimburse expenses incurred by the service, subject to the exact terms agreed to. The intent of these grants is not to provide a source of income, but rather to make such services "break even" for their operators, so that members of the community can enrich the Sia ecosystem without worrying about the impact on their own finances.
Ensure easy acquisition and storage of siacoins
Most users will acquire their siacoins via an exchange. The Foundation will provide support to Sia-compatible exchanges, and pursue relevant integrations at its discretion, such as Coinbase's new Rosetta standard. The Foundation may also release DEX software that enables trading cryptocurrencies without the need for a third party. (The Foundation itself will never operate as a money transmitter.) Increasingly, users are storing their cryptocurrency on hardware wallets. The Foundation will maintain the existing Ledger Nano S integration, and pursue further integrations at its discretion. Of course, all hardware wallets must be paired with software running on a computer or smartphone, so the Foundation will also develop and/or maintain client-side wallet software, including both full-node wallets and "lite" wallets. Community-operated wallet services, i.e. web wallets, may be funded via grants. Like core software maintenance, this responsibility will be funded in the form of developer salaries and contracting agreements.
Protect the ecosystem
When it comes to cryptocurrency security, patching software vulnerabilities is table stakes; there are significant legal and social threats that we must be mindful of as well. As such, the Foundation will earmark a portion of its fund to defend the community from legal action. The Foundation will also safeguard the network from 51% attacks and other threats to network security by implementing softforks and/or hardforks where necessary. The Foundation also intends to assist in the development of a new FOSS software license, and to solicit legal memos on various Sia-related matters, such as hosting in the United States and the EU. In a broader sense, the establishment of the Foundation makes the ecosystem more robust by transferring core development to a more neutral entity. Thanks to its funding structure, the Foundation will be immune to various forms of pressure that for-profit companies are susceptible to.
Drive adoption of Sia
Although the overriding goal of the Foundation is to make Sia the best platform it can be, all that work will be in vain if no one uses the platform. There are a number of ways the Foundation can promote Sia and get it into the hands of potential users and developers. In-person conferences are understandably far less popular now, but the Foundation can sponsor and/or participate in virtual conferences. (In-person conferences may be held in the future, permitting circumstances.) Similarly, the Foundation will provide prizes for hackathons, which may be organized by community members, Nebulous, or the Foundation itself. Lastly, partnerships with other companies in the cryptocurrency space—or the cloud storage space—are a great way to increase awareness of Sia. To handle these responsibilities, one of the early priorities of the Foundation will be to hire a marketing director.
The Foundation Fund will be controlled by a multisig address. Each member of the Foundation's board will control one of the signing keys, with the signature threshold to be determined once the final composition of the board is known. (This threshold may also be increased or decreased if the number of board members changes.) Additionally, one timelocked signing key will be controlled by David Vorick. This key will act as a “dead man’s switch,” to be used in the event of an emergency that prevents Foundation board members from reaching the signature threshold. The timelock ensures that this key cannot be used unless the Foundation fails to sign a transaction for several months. On the 1st of each month, the Foundation will use its keys to transfer all siacoins in the Fund to two new addresses. The first address will be controlled by a high-security hot wallet, and will receive approximately one month's worth of Foundation expenditures. The second address, receiving the remaining siacoins, will be a modified version of the source address: specifically, it will increase the timelock on David Vorick's signing key by one month. Any other changes to the set of signing keys, such as the arrival or departure of board members, will be incorporated into this address as well. The Foundation Fund is allocated in SC, but many of the Foundation's expenditures must be paid in USD or other fiat currency. Accordingly, the Foundation will convert, at its discretion, a portion of its monthly withdrawals to fiat currency. We expect this conversion to be primarily facilitated by private "OTC" sales to accredited investors. The Foundation currently has no plans to speculate in cryptocurrency or other assets. Finally, it is important that the Foundation adds value to the Sia platform well in excess of the inflation introduced by the block subsidy. For this reason, the Foundation intends to provably burn, on a quarterly basis, any coins that it cannot allocate towards any justifiable expense. In other words, coins will be burned whenever doing so provides greater value to the platform than any other use. Furthermore, the Foundation will cap its SC treasury at 5% of the total supply, and will cap its USD treasury at 4 years’ worth of predicted expenses. Addendum: Hardfork Timeline We would like to see this proposal finalized and accepted by the community no later than September 30th. A new version of siad, implementing the hardfork, will be released no later than October 15th. The hardfork will activate at block 293220, which is expected to occur around 12pm EST on January 1st, 2021.
Addendum: Inflation specifics The total supply of siacoins as of January 1st, 2021 will be approximately 45.243 GS. The initial subsidy of 1.57 GS thus increases the supply by 3.47%, and the total annual inflation in 2021 will be at most 10.4% (if zero coins are burned). In 2022, total annual inflation will be at most 6.28%, and will steadily decrease in subsequent years.
We see the establishment of the Foundation as an important step in the maturation of the Sia project. It provides the ecosystem with a sustainable source of funding that can be exclusively directed towards achieving Sia's ambitious goals. Compared to other projects with far deeper pockets, Sia has always punched above its weight; once we're on equal footing, there's no telling what we'll be able to achieve. Nevertheless, we do not propose this change lightly, and have taken pains to ensure that the Foundation will act in accordance with the ideals that this community shares. It will operate transparently, keep inflation to a minimum, and respect the user's fundamental role in decentralized systems. We hope that everyone in the community will consider this proposal carefully, and look forward to a productive discussion.
I'm very interested in learning more about the deep and dark web. I hear conflicting things about the DNM Bible. I've read posts that speaks volumes about it and then I've read posts that speak volumes against its usefulness and I am royally confused. Be sides where can you even find one to form your own opinion?
https://github.com/gridcoin-community/Gridcoin-Research/releases/tag/18.104.22.168 Finally! After over ten months of development and testing, "Fern" has arrived! This is a whopper. 240 pull requests merged. Essentially a complete rewrite that was started with the scraper (the "neural net" rewrite) in "Denise" has now been completed. Practically the ENTIRE Gridcoin specific codebase resting on top of the vanilla Bitcoin/Peercoin/Blackcoin vanilla PoS code has been rewritten. This removes the team requirement at last (see below), although there are many other important improvements besides that. Fern was a monumental undertaking. We had to encode all of the old rules active for the v10 block protocol in new code and ensure that the new code was 100% compatible. This had to be done in such a way as to clear out all of the old spaghetti and ring-fence it with tightly controlled class implementations. We then wrote an entirely new, simplified ruleset for research rewards and reengineered contracts (which includes beacon management, polls, and voting) using properly classed code. The fundamentals of Gridcoin with this release are now on a very sound and maintainable footing, and the developers believe the codebase as updated here will serve as the fundamental basis for Gridcoin's future roadmap. We have been testing this for MONTHS on testnet in various stages. The v10 (legacy) compatibility code has been running on testnet continuously as it was developed to ensure compatibility with existing nodes. During the last few months, we have done two private testnet forks and then the full public testnet testing for v11 code (the new protocol which is what Fern implements). The developers have also been running non-staking "sentinel" nodes on mainnet with this code to verify that the consensus rules are problem-free for the legacy compatibility code on the broader mainnet. We believe this amount of testing is going to result in a smooth rollout. Given the amount of changes in Fern, I am presenting TWO changelogs below. One is high level, which summarizes the most significant changes in the protocol. The second changelog is the detailed one in the usual format, and gives you an inkling of the size of this release.
Note that the protocol changes will not become active until we cross the hard-fork transition height to v11, which has been set at 2053000. Given current average block spacing, this should happen around October 4, about one month from now. Note that to get all of the beacons in the network on the new protocol, we are requiring ALL beacons to be validated. A two week (14 day) grace period is provided by the code, starting at the time of the transition height, for people currently holding a beacon to validate the beacon and prevent it from expiring. That means that EVERY CRUNCHER must advertise and validate their beacon AFTER the v11 transition (around Oct 4th) and BEFORE October 18th (or more precisely, 14 days from the actual date of the v11 transition). If you do not advertise and validate your beacon by this time, your beacon will expire and you will stop earning research rewards until you advertise and validate a new beacon. This process has been made much easier by a brand new beacon "wizard" that helps manage beacon advertisements and renewals. Once a beacon has been validated and is a v11 protocol beacon, the normal 180 day expiration rules apply. Note, however, that the 180 day expiration on research rewards has been removed with the Fern update. This means that while your beacon might expire after 180 days, your earned research rewards will be retained and can be claimed by advertising a beacon with the same CPID and going through the validation process again. In other words, you do not lose any earned research rewards if you do not stake a block within 180 days and keep your beacon up-to-date. The transition height is also when the team requirement will be relaxed for the network.
Besides the beacon wizard, there are a number of improvements to the GUI, including new UI transaction types (and icons) for staking the superblock, sidestake sends, beacon advertisement, voting, poll creation, and transactions with a message. The main screen has been revamped with a better summary section, and better status icons. Several changes under the hood have improved GUI performance. And finally, the diagnostics have been revamped.
The wallet sync speed has been DRASTICALLY improved. A decent machine with a good network connection should be able to sync the entire mainnet blockchain in less than 4 hours. A fast machine with a really fast network connection and a good SSD can do it in about 2.5 hours. One of our goals was to reduce or eliminate the reliance on snapshots for mainnet, and I think we have accomplished that goal with the new sync speed. We have also streamlined the in-memory structures for the blockchain which shaves some memory use. There are so many goodies here it is hard to summarize them all. I would like to thank all of the contributors to this release, but especially thank @cyrossignol, whose incredible contributions formed the backbone of this release. I would also like to pay special thanks to @barton2526, @caraka, and @Quezacoatl1, who tirelessly helped during the testing and polishing phase on testnet with testing and repeated builds for all architectures. The developers are proud to present this release to the community and we believe this represents the starting point for a true renaissance for Gridcoin!
Most significantly, nodes calculate research rewards directly from the magnitudes in EACH superblock between stakes instead of using a two- or three- point average based on a CPID's current magnitude and the magnitude for the CPID when it last staked. For those long-timers in the community, this has been referred to as "Superblock Windows," and was first done in proof-of-concept form by @denravonska.
Network magnitude unit pinned to a static value of 0.25
Max research reward allowed per block raised to 16384 GRC (from 12750 GRC)
New CPIDs begin accruing research rewards from the first superblock that contains the CPID instead of from the time of the beacon advertisement
500 GRC research reward limit for a CPID's first stake
6-month expiration for unclaimed rewards
10-block spacing requirement between research reward claims
Rolling 5-day payment-per-day limit
Legacy tolerances for floating-point error and time drift
The need to include a valid copy of a CPID's magnitude in a claim
10-block emission adjustment interval for the magnitude unit
One-time beacon activation requires that participants temporarily change their usernames to a verification code at one whitelisted BOINC project
Verification codes of pending beacons expire after 3 days
Self-service beacon removal
Burn fee for beacon advertisement increased from 0.00001 GRC to 0.5 GRC
Rain addresses derived from beacon keys instead of a default wallet address
Beacon expiration determined as of the current block instead of the previous block
The ability for developers to remove beacons
The ability to sign research reward claims with non-current but unexpired beacons
As a reminder:
Beacons expire after 6 months pass (180 days)
Beacons can be renewed after 5 months pass (150 days)
Renewed beacons must be signed with the same key as the original beacon
Magnitudes less than 1 include two fractional places
Magnitudes greater than or equal to 1 but less than 10 include one fractional place
A valid superblock must match a scraper convergence
Superblock popularity election mechanics
Yes/no/abstain and single-choice response types (no user-facing support yet)
To create a poll, a maximum of 250 UTXOs for a single address must add up to 100000 GRC. These are selected from the largest downwards.
Burn fee for creating polls scaled by the number of UTXOs claimed
50 GRC for a poll contract
0.001 GRC per claimed UTXO
Burn fee for casting votes scaled by the number of UTXOs claimed
0.01 GRC for a vote contract
0.01 GRC to claim magnitude
0.01 GRC per claimed address
0.001 GRC per claimed UTXO
Maximum length of a poll title: 80 characters
Maximum length of a poll question: 100 characters
Maximum length of a poll discussion website URL: 100 characters
Maximum number of poll choices: 20
Maximum length of a poll choice label: 100 characters
Magnitude, CPID count, and participant count poll weight types
The ability for developers to remove polls and votes
[22.214.171.124] 2020-09-03, mandatory, "Fern"
Backport newer uint256 types from Bitcoin #1570 (@cyrossignol)
Implement project level rain for rainbymagnitude #1580 (@jamescowens)
Upgrade utilities (Update checker and snapshot downloadeapplication) #1576 (@iFoggz)
Provide fees collected in the block by the miner #1601 (@iFoggz)
Add support for generating legacy superblocks from scraper stats #1603 (@cyrossignol)
Port of the Bitcoin Logger to Gridcoin #1600 (@jamescowens)
Implement zapwallettxes #1605 (@jamescowens)
Implements a global event filter to suppress help question mark #1609 (@jamescowens)
Add next target difficulty to RPC output #1615 (@cyrossignol)
Add caching for block hashes to CBlock #1624 (@cyrossignol)
Make toolbars and tray icon red for testnet #1637 (@jamescowens)
Add an rpc call convergencereport #1643 (@jamescowens)
Implement newline filter on config file read in #1645 (@jamescowens)
Implement beacon status icon/button #1646 (@jamescowens)
Add gridcointestnet.png #1649 (@caraka)
Add precision to support magnitudes less than 1 #1651 (@cyrossignol)
Replace research accrual calculations with superblock snapshots #1657 (@cyrossignol)
Publish example gridcoinresearch.conf as a md document to the doc directory #1662 (@jamescowens)
Add options checkbox to disable transaction notifications #1666 (@jamescowens)
Add support for self-service beacon deletion #1695 (@cyrossignol)
Add support for type-specific contract fee amounts #1698 (@cyrossignol)
Add verifiedbeaconreport and pendingbeaconreport #1696 (@jamescowens)
Add preliminary testing option for block v11 height on testnet #1706 (@cyrossignol)
Add verified beacons manifest part to superblock validator #1711 (@cyrossignol)
Implement beacon, vote, and superblock display categories/icons in UI transaction model #1717 (@jamescowens)
Blockchain.com (Blockchain.info) may have been hacked or they're in serious trouble.
I have been using this service for quite a long time and there have been no particular complaints (except for a bad API). But very strange things happened today (the amounts of transaction will be rounded): 27 APRIL 2020 7 a.m. - on my wallet about 0.05 bitcoins. I make a transfer using API to 0.035 bitcoins. And instead of getting the change 0.015 bitcoin is sent to some unknown address. This transaction was fully automatic and I didn't notice the 0.015 bitcoin missing. And I didn't see the problem until the 10:00 a.m. actions. 10 am - I charge my blockchain.com wallet with 0.45 Bitcoin to start the working day and make transfers to clients. I need to make a transfer to 0.02 bitcoin. I do it through site directly blockchain.com - specify the recipient's address and enter 0.02 bitcoin. Clicking send and after a second I see that my wallet becomes 0 bitcoins. I open the transaction and see that 0.02 went to the right address, 0.43 went not to the change, but to an unknown address. I look at the transaction before that and see that at 7:00 a.m. the same thing happened. I immediately write to tech support and describe the situation. I haven't heard back from them in six hours already... 12 o'clock in the afternoon - I make an expirement and refill my wallet with 0.013 bitcoin and transfer 0.012 bitcoin to my other wallet. And again - I do not receive change, and the amount of 0.001 Bitcoin is sent again to the same unknown wallet. And again, the interface of the site says that I allegedly indicated two recipients. The transaction was made through the site. 6 p.m. - I make one more extra and record video. I refill my wallet with 0.0006 bitcoin. I open the application on my phone with authorization in the same wallet (the phone is connected to a cellular network, not to wifi as on the computer). Send 0.0005 bitcoin to your wallet - this amount is gone right, and 0.0001 bitcoin is sent again to an unknown wallet. In all 4 cases, the unknown wallet has the same address. The support of blockchain.com is already informed. All addresses and transactions have been sent to them, as well as video proof that the problem is full on their side. From blockchain.com I expect a response to me and the refund sent through their fault is not a purse that I did not have access If necessary, I can post all data on transactions, wallets, screenshots and video evidence of this case.
Eth 2.0 vs Polkadot and other musings by a fundamental investor
Spent about two hours on this post and I decided it would help the community if I made it more visible. Comment was made as a response to this
I’m trying to avoid falling into a maximalist mindset over time. This isn’t a 100% ETH question, but I’m trying to stay educated about emerging tech. Can someone help me see the downsides of diversifying into DOTs? I know Polkadot is more centralized, VC backed, and generally against our ethos here. On chain governance might introduce some unknown risks. What else am I missing? I see a bunch of posts about how Ethereum and Polkadot can thrive together, but are they not both L1 competitors?
What else am I missing?
The upsides. Most of the guys responding to you here are full Eth maxis who drank the Parity is bad koolaid. They are married to their investment and basically emotional / tribal in an area where you should have a cool head. Sure, you might get more upvotes on Reddit if you do and say what the crowd wants, but do you want upvotes and fleeting validation or do you want returns on your investment? Do you want to be these guys or do you want to be the shareholder making bank off of those guys? Disclaimer: I'm both an Eth whale and a Dot whale, and have been in crypto for close to a decade now. I originally bought ether sub $10 after researching it for at least a thousand hours. Rode to $1500 and down to $60. Iron hands - my intent has always been to reconsider my Eth position after proof of stake is out. I invested in the 2017 Dot public sale with the plan of flipping profits back to Eth but keeping Dots looks like the right short and long term play now. I am not a trader, I just take a deep tech dive every couple of years and invest in fundamentals. Now as for your concerns:
I know Polkadot is more centralized
The sad truth is that the market doesn't really care about this. At all. There is no real statistic to show at what point a coin is "decentralized" or "too centralized". For example, bitcoin has been completely taken over by Chinese mining farms for about five years now. Last I checked, they control above 85% of the hashing power, they just spread it among different mining pools to make it look decentralized. They have had the ability to fake or block transactions for all this time but it has never been in their best interest to do so: messing with bitcoin in that way would crash its price, therefore their bitcoin holdings, their mining equipment, and their company stock (some of them worth billions) would evaporate. So they won't do it due to economics, but not because they can't. That is the major point I want to get across; originally Bitcoin couldn't be messed with because it was decentralized, but now Bitcoin is centralized but it's still not messed with due to economics. It is basically ChinaCoin at this point, but the market doesn't care, and it still enjoys over 50% of the total crypto market cap. So how does this relate to Polkadot? Well fortunately most chains - Ethereum included - are working towards proof of stake. This is obviously better for the environment, but it also has a massive benefit for token holders. If a hostile party wanted to take over a proof of stake chain they'd have to buy up a massive share of the network. The moment they force through a malicious transaction a proof of stake blockchain has the option to fork them off. It would be messy for a few days, but by the end of the week the hostile party would have a large amount of now worthless tokens, and the proof of stake community would have moved on to a version of the blockchain where the hostile party's tokens have been slashed to zero. So not only does the market not care about centralization (Bitcoin example), but proof of stake makes token holders even safer. That being said, Polkadot's "centralization" is not that far off to Ethereum. The Web3 foundation kept 30% of the Dots while the Ethereum Foundation kept 17%. There are whales in Polkadot but Ethereum has them too - 40% of all genesis Ether went to 100 wallets, and many suspect that the original Ethereum ICO was sybiled to make it look more popular and decentralized than it really was. But you don't really care about that do you? Neither do I. Whales are a fact of life.
VCs are part of the crypto game now. There is no way to get rid of them, and there is no real reason why you should want to get rid of them. They put their capital at risk (same as you and me) and seek returns on their investment (same as you and me). They are both in Polkadot and Ethereum, and have been for years now. I have no issue with them as long as they don't play around with insider information, but that is another topic. To be honest, I would be worried if VCs did not endorse chains I'm researching, but maybe that's because my investing style isn't chasing hype and buying SUSHI style tokens from anonymous (at the time) developers. That's just playing hot potato. But hey, some people are good at that. As to the amount of wallets that participated in the Polkadot ICO: a little known fact is that more individual wallets participated in Polkadot's ICO than Ethereum's, even though Polkadot never marketed their ICO rounds due to regulatory reasons.
generally against our ethos here
Kool aid. Some guy that works(ed?) at Parity (who employs what, 200+ people?) correctly said that Ethereum is losing its tech lead and that offended the Ethereum hivemind. Oh no. So controversial. I'm so personally hurt by that. Some guy that has been working for free on Ethereum basically forever correctly said that Polkadot is taking the blockchain tech crown. Do we A) Reflect on why he said that? or B) Rally the mob to chase him off?
Also Parity locked their funds (and about 500+ other wallets not owned by them) and proposed a solution to recover them. When the community voted no they backed off and did not fork the chain, even if they had the influence to do so. For some reason this subreddit hates them for that, even if Parity did the 100% moral thing to do. Remember, 500+ other teams or people had their funds locked, so Parity was morally bound to try its best to recover them. Its just lame drama to be honest. Nothing to do with ethos, everything to do with emotional tribalism. Now for the missing upsides (I'll also respond to random fragments scattered in the thread):
This isn’t a 100% ETH question, but I’m trying to stay educated about emerging tech.
A good quick intro to Eth's tech vs Polkadot's tech can be found on this thread, especially this reply. That thread is basically mandatory reading if you care about your investment. Eth 2.0's features will not really kick in for end users until about 2023. That means every dapp (except DeFI, where the fees make sense due to returns and is leading the fee market) who built on Eth's layer 1 are dead for three years. Remember the trading card games... Gods Unchained? How many players do you think are going to buy and sell cards when the transaction fee is worth more than the cards? All that development is now practically worthless until it can migrate to its own shard. This story repeats for hundreds of other dapp teams who's projects are now priced out for three years. So now they either have to migrate to a one of the many unpopulated L2 options (which have their own list of problems and risks, but that's another topic) or they look for another platform, preferably one interoperable with Ethereum. Hence Polkadot's massive growth in developer activity. If you check out https://polkaproject.com/ you'll see 205 projects listed at the time of this post. About a week ago they had 202 listed. That means about one team migrated from another tech stack to build on Polkadot every two days, and trust me, many more will come in when parachains are finally activated, and it will be a complete no brainer when Polkadot 2.0 is released. Another huge upside for Polkadot is the Initial Parachain Offerings. Polkadot's version of ICOs. The biggest difference is that you can vote for parachains using your Dots to bind them to the relay chain, and you get some of the parachain's tokens in exchange. After a certain amount of time you get your Dots back. The tokenomics here are impressive: Dots are locked (reduced supply) instead of sold (sell pressure) and you still earn your staking rewards. There's no risk of scammers running away with your Ether and the governance mechanism allows for the community to defund incompetent devs who did not deliver what was promised.
Wouldn’t an ETH shard on Polkadot gain a bunch of scaling benefits that we won’t see natively for a couple years?
Yes. That is correct. Both Edgeware and Moonbeam are EVM compatible. And if the original dapp teams don't migrate their projects someone else will fork them, exactly like SUSHI did to Uniswap, and how Acala is doing to MakerDao.
Although realistically Ethereum has a 5 yr headstart and devs haven't slowed down at all
Just because it's "EVM Compatible" doesn't mean you can just plug Ethereum into Polkadot or vica versa, it just means they both understand Ethereum bytecode and you can potentially copy/paste contracts from Ethereum to Polkadot, but you'd still need to add a "bridge" between the 2 chains, so it adds additional complexity and extra steps compared to using any of the existing L2 scaling solutions
That only applies of you are thinking from an Eth maximalist perspective. But if you think from Polkadot's side, why would you need to use the bridge back to Ethereum at all? Everything will be seamless, cheaper, and quicker once the ecosystem starts to flourish.
I see a bunch of posts about how Ethereum and Polkadot can thrive together, but are they not both L1 competitors?
They are competitors. Both have their strategies, and both have their strengths (tech vs time on the market) but they are clearly competing in my eyes. Which is a good thing, Apple and Samsung competing in the cell phone market just leads to more innovation for consumers. You can still invest in both if you like. Edit - link to post and the rest of the conversation: https://www.reddit.com/ethfinance/comments/iooew6/daily_general_discussion_september_8_2020/g4h5yyq/ Edit 2 - one day later PolkaProject count is 210. Devs are getting the hint :)
This is a follow-up on https://old.reddit.com/Bitcoin/comments/hqzp14/technical_the_path_to_taproot_activation/ Taproot! Everybody wants it!! But... you might ask yourself: sure, everybody else wants it, but why would I, sovereign Bitcoin HODLer, want it? Surely I can be better than everybody else because I swapped XXX fiat for Bitcoin unlike all those nocoiners? And it is important for you to know the reasons why you, o sovereign Bitcoiner, would want Taproot activated. After all, your nodes (or the nodes your wallets use, which if you are SPV, you hopefully can pester to your wallet vendoimplementor about) need to be upgraded in order for Taproot activation to actually succeed instead of becoming a hot sticky mess. First, let's consider some principles of Bitcoin.
You the HODLer should be the one who controls where your money goes. Your keys, your coins.
You the HODLer should be able to coordinate and make contracts with other people regarding your funds.
You the HODLer should be able to do the above without anyone watching over your shoulder and judging you.
I'm sure most of us here would agree that the above are very important principles of Bitcoin and that these are principles we would not be willing to remove. If anything, we would want those principles strengthened (especially the last one, financial privacy, which current Bitcoin is only sporadically strong with: you can get privacy, it just requires effort to do so). So, how does Taproot affect those principles?
Taproot and Your /Coins
Most HODLers probably HODL their coins in singlesig addresses. Sadly, switching to Taproot would do very little for you (it gives a mild discount at spend time, at the cost of a mild increase in fee at receive time (paid by whoever sends to you, so if it's a self-send from a P2PKH or bech32 address, you pay for this); mostly a wash). (technical details: a Taproot output is 1 version byte + 32 byte public key, while a P2WPKH (bech32 singlesig) output is 1 version byte + 20 byte public key hash, so the Taproot output spends 12 bytes more; spending from a P2WPKH requires revealing a 32-byte public key later, which is not needed with Taproot, and Taproot signatures are about 9 bytes smaller than P2WPKH signatures, but the 32 bytes plus 9 bytes is divided by 4 because of the witness discount, so it saves about 11 bytes; mostly a wash, it increases blockweight by about 1 virtual byte, 4 weight for each Taproot-output-input, compared to P2WPKH-output-input). However, as your HODLings grow in value, you might start wondering if multisignature k-of-n setups might be better for the security of your savings. And it is in multisignature that Taproot starts to give benefits! Taproot switches to using Schnorr signing scheme. Schnorr makes key aggregation -- constructing a single public key from multiple public keys -- almost as trivial as adding numbers together. "Almost" because it involves some fairly advanced math instead of simple boring number adding, but hey when was the last time you added up your grocery list prices by hand huh? With current P2SH and P2WSH multisignature schemes, if you have a 2-of-3 setup, then to spend, you need to provide two different signatures from two different public keys. With Taproot, you can create, using special moon math, a single public key that represents your 2-of-3 setup. Then you just put two of your devices together, have them communicate to each other (this can be done airgapped, in theory, by sending QR codes: the software to do this is not even being built yet, but that's because Taproot hasn't activated yet!), and they will make a single signature to authorize any spend from your 2-of-3 address. That's 73 witness bytes -- 18.25 virtual bytes -- of signatures you save! And if you decide that your current setup with 1-of-1 P2PKH / P2WPKH addresses is just fine as-is: well, that's the whole point of a softfork: backwards-compatibility; you can receive from Taproot users just fine, and once your wallet is updated for Taproot-sending support, you can send to Taproot users just fine as well! (P2WPKH and P2WSH -- SegWit v0 -- addresses start with bc1q; Taproot -- SegWit v1 --- addresses start with bc1p, in case you wanted to know the difference; in bech32 q is 0, p is 1) Now how about HODLers who keep all, or some, of their coins on custodial services? Well, any custodial service worth its salt would be doing at least 2-of-3, or probably something even bigger, like 11-of-15. So your custodial service, if it switched to using Taproot internally, could save a lot more (imagine an 11-of-15 getting reduced from 11 signatures to just 1!), which --- we can only hope! --- should translate to lower fees and better customer service from your custodial service! So I think we can say, very accurately, that the Bitcoin principle --- that YOU are in control of your money --- can only be helped by Taproot (if you are doing multisignature), and, because P2PKH and P2WPKH remain validly-usable addresses in a Taproot future, will not be harmed by Taproot. Its benefit to this principle might be small (it mostly only benefits multisignature users) but since it has no drawbacks with this (i.e. singlesig users can continue to use P2WPKH and P2PKH still) this is still a nice, tidy win! (even singlesig users get a minor benefit, in that multisig users will now reduce their blockchain space footprint, so that fees can be kept low for everybody; so for example even if you have your single set of private keys engraved on titanium plates sealed in an airtight box stored in a safe buried in a desert protected by angry nomads riding giant sandworms because you're the frickin' Kwisatz Haderach, you still gain some benefit from Taproot) And here's the important part: if P2PKH/P2WPKH is working perfectly fine with you and you decide to never use Taproot yourself, Taproot will not affect you detrimentally. First do no harm!
Taproot and Your Contracts
No one is an island, no one lives alone. Give and you shall receive. You know: by trading with other people, you can gain expertise in some obscure little necessity of the world (and greatly increase your productivity in that little field), and then trade the products of your expertise for necessities other people have created, all of you thereby gaining gains from trade. So, contracts, which are basically enforceable agreements that facilitate trading with people who you do not personally know and therefore might not trust. Let's start with a simple example. You want to buy some gewgaws from somebody. But you don't know them personally. The seller wants the money, you want their gewgaws, but because of the lack of trust (you don't know them!! what if they're scammers??) neither of you can benefit from gains from trade. However, suppose both of you know of some entity that both of you trust. That entity can act as a trusted escrow. The entity provides you security: this enables the trade, allowing both of you to get gains from trade. In Bitcoin-land, this can be implemented as a 2-of-3 multisignature. The three signatories in the multisgnature would be you, the gewgaw seller, and the escrow. You put the payment for the gewgaws into this 2-of-3 multisignature address. Now, suppose it turns out neither of you are scammers (whaaaat!). You receive the gewgaws just fine and you're willing to pay up for them. Then you and the gewgaw seller just sign a transaction --- you and the gewgaw seller are 2, sufficient to trigger the 2-of-3 --- that spends from the 2-of-3 address to a singlesig the gewgaw seller wants (or whatever address the gewgaw seller wants). But suppose some problem arises. The seller gave you gawgews instead of gewgaws. Or you decided to keep the gewgaws but not sign the transaction to release the funds to the seller. In either case, the escrow is notified, and if it can sign with you to refund the funds back to you (if the seller was a scammer) or it can sign with the seller to forward the funds to the seller (if you were a scammer). Taproot helps with this: like mentioned above, it allows multisignature setups to produce only one signature, reducing blockchain space usage, and thus making contracts --- which require multiple people, by definition, you don't make contracts with yourself --- is made cheaper (which we hope enables more of these setups to happen for more gains from trade for everyone, also, moon and lambos). (technology-wise, it's easier to make an n-of-n than a k-of-n, making a k-of-n would require a complex setup involving a long ritual with many communication rounds between the n participants, but an n-of-n can be done trivially with some moon math. You can, however, make what is effectively a 2-of-3 by using a three-branch SCRIPT: either 2-of-2 of you and seller, OR 2-of-2 of you and escrow, OR 2-of-2 of escrow and seller. Fortunately, Taproot adds a facility to embed a SCRIPT inside a public key, so you can have a 2-of-2 Taprooted address (between you and seller) with a SCRIPT branch that can instead be spent with 2-of-2 (you + escrow) OR 2-of-2 (seller + escrow), which implements the three-branched SCRIPT above. If neither of you are scammers (hopefully the common case) then you both sign using your keys and never have to contact the escrow, since you are just using the escrow public key without coordinating with them (because n-of-n is trivial but k-of-n requires setup with communication rounds), so in the "best case" where both of you are honest traders, you also get a privacy boost, in that the escrow never learns you have been trading on gewgaws, I mean ewww, gawgews are much better than gewgaws and therefore I now judge you for being a gewgaw enthusiast, you filthy gewgawer).
Taproot and Your Contracts, Part 2: Cryptographic Boogaloo
Now suppose you want to buy some data instead of things. For example, maybe you have some closed-source software in trial mode installed, and want to pay the developer for the full version. You want to pay for an activation code. This can be done, today, by using an HTLC. The developer tells you the hash of the activation code. You pay to an HTLC, paying out to the developer if it reveals the preimage (the activation code), or refunding the money back to you after a pre-agreed timeout. If the developer claims the funds, it has to reveal the preimage, which is the activation code, and you can now activate your software. If the developer does not claim the funds by the timeout, you get refunded. And you can do that, with HTLCs, today. Of course, HTLCs do have problems:
Privacy. Everyone scraping the Bitcoin blockchain can see any HTLCs, and preimages used to claim them.
This can be mitigated by using offchain techniques so HTLCs are never published onchain in the happy case. Lightning would probably in practice be the easiest way to do this offchain. Of course, there are practical limits to what you can pay on Lightning. If you are buying something expensive, then Lightning might not be practical. For example, the "software" you are activating is really the firmware of a car, and what you are buying is not the software really but the car itself (with the activation of the car firmware being equivalent to getting the car keys).
Even offchain techniques need an onchain escape hatch in case of unresponsiveness! This means that, if something bad happens during payment, the HTLC might end up being published onchain anyway, revealing the fact that some special contract occurred.
And an HTLC that is claimed with a preimage onchain will also publicly reveal the preimage onchain. If that preimage is really the activation key of a software than it can now be pirated. If that preimage is really the activation key for your newly-bought cryptographic car --- well, not your keys, not your car!
Trust requirement. You are trusting the developer that it gives you the hash of an actual valid activation key, without any way to validate that the activation key hidden by the hash is actually valid.
Fortunately, with Schnorr (which is enabled by Taproot), we can now use the Scriptless Script constuction by Andrew Poelstra. This Scriptless Script allows a new construction, the PTLC or Pointlocked Timelocked Contract. Instead of hashes and preimages, just replace "hash" with "point" and "preimage" with "scalar". Or as you might know them: "point" is really "public key" and "scalar" is really a "private key". What a PTLC does is that, given a particular public key, the pointlocked branch can be spent only if the spender reveals the private key of the given public key to you. Another nice thing with PTLCs is that they are deniable. What appears onchain is just a single 2-of-2 signature between you and the developemanufacturer. It's like a magic trick. This signature has no special watermarks, it's a perfectly normal signature (the pledge). However, from this signature, plus some datta given to you by the developemanufacturer (known as the adaptor signature) you can derive the private key of a particular public key you both agree on (the turn). Anyone scraping the blockchain will just see signatures that look just like every other signature, and as long as nobody manages to hack you and get a copy of the adaptor signature or the private key, they cannot get the private key behind the public key (point) that the pointlocked branch needs (the prestige). (Just to be clear, the public key you are getting the private key from, is distinct from the public key that the developemanufacturer will use for its funds. The activation key is different from the developer's onchain Bitcoin key, and it is the activation key whose private key you will be learning, not the developer's/manufacturer's onchain Bitcoin key). So:
Privacy: PTLCs are private even if done onchain. Nobody else can learn what the private key behind the public key is, except you who knows the adaptor signature that when combined with the complete onchain signature lets you know what the private key of the activation key is. Somebody scraping the blockchain will not learn the same information even if all PTLCs are done onchain!
Lightning is still useful for reducing onchain use, and will also get PTLCs soon after Taproot is activated, but even if something bad happens and a PTLC has to go onchain, it doesn't reveal anything!
Trust issues can be proven more easily with a public-private keypair than with a hash-preimage pair.
For example, the developer of the software you are buying could provide a signature signing a message saying "unlock access to the full version for 1 day". You can check if feeding this message and signature to the program will indeed unlock full-version access for 1 day. Then you can check if the signature is valid for the purported pubkey whose private key you will pay for. If so, you can now believe that getting the private key (by paying for it in a PTLC) would let you generate any number of "unlock access to the full version for 1 day" message+signatures, which is equivalent to getting full access to the software indefinitely.
For the car, the manufacturer can show that signing a message "start the engine" and feeding the signature to the car's fimrware will indeed start the engine, and maybe even let you have a small test drive. You can then check if the signature is valid for the purported pubkey whose privkey you will pay for. If so, you can now believe that gaining knowledge of the privkey will let you start the car engine at any time you want.
(pedantry: the signatures need to be unique else they could be replayed, this can be done with a challenge-response sequence for the car, where the car gathers entropy somehow (it's a car, it probably has a bunch of sensors nowadays so it can get entropy for free) and uses the gathered entropy to challenge you to sign a random number and only start if you are able to sign the random number; for the software, it could record previous signatures somewhere in the developer's cloud server and refuse to run if you try to replay a previously-seen signature.)
Taproot lets PTLCs exist onchain because they enable Schnorr, which is a requirement of PTLCs / Scriptless Script. (technology-wise, take note that Scriptless Script works only for the "pointlocked" branch of the contract; you need normal Script, or a pre-signed nLockTimed transaction, for the "timelocked" branch. Since Taproot can embed a script, you can have the Taproot pubkey be a 2-of-2 to implement the Scriptless Script "pointlocked" branch, then have a hidden script that lets you recover the funds with an OP_CHECKLOCKTIMEVERIFY after the timeout if the seller does not claim the funds.)
Now if you were really paying attention, you might have noticed this parenthetical:
(technical details: a Taproot output is 1 version byte + 32 byte public key, while a P2WPKH (bech32 singlesig) output is 1 version byte + 20 byte public key hash...)
So wait, Taproot uses raw 32-byte public keys, and not public key hashes? Isn't that more quantum-vulnerable?? Well, in theory yes. In practice, they probably are not. It's not that hashes can be broken by quantum computes --- they're still not. Instead, you have to look at how you spend from a P2WPKH/P2PKH pay-to-public-key-hash. When you spend from a P2PKH / P2WPKH, you have to reveal the public key. Then Bitcoin hashes it and checks if this matches with the public-key-hash, and only then actually validates the signature for that public key. So an unconfirmed transaction, floating in the mempools of nodes globally, will show, in plain sight for everyone to see, your public key. (public keys should be public, that's why they're called public keys, LOL) And if quantum computers are fast enough to be of concern, then they are probably fast enough that, in the several minutes to several hours from broadcast to confirmation, they have already cracked the public key that is openly broadcast with your transaction. The owner of the quantum computer can now replace your unconfirmed transaction with one that pays the funds to itself. Even if you did not opt-in RBF, miners are still incentivized to support RBF on RBF-disabled transactions. So the extra hash is not as significant a protection against quantum computers as you might think. Instead, the extra hash-and-compare needed is just extra validation effort. Further, if you have ever, in the past, spent from the address, then there exists already a transaction indelibly stored on the blockchain, openly displaying the public key from which quantum computers can derive the private key. So those are still vulnerable to quantum computers. For the most part, the cryptographers behind Taproot (and Bitcoin Core) are of the opinion that quantum computers capable of cracking Bitcoin pubkeys are unlikely to appear within a decade or two.
Current quantum computers can barely crack prime factorization problem for primes of 5 bits.
The 256-bit elliptic curve use by Bitcoin is, by my (possibly wrong) understanding, equivalent to 4096-bit primes, so you can see a pretty big gap between now (5 bit primes) and what is needed (4096 bit primes).
A lot of financial non-Bitcoin systems use the equivalent of 3072-bit primes or less, and are probably easier targets to crack than the equivalent-to-4096-bit-primes Bitcoin.
Quantum computers capable of cracking Bitcoin are still far off.
Pay-to-public-key-hash is not as protective as you might think.
We will probably see banks get cracked before Bitcoin, so the banking system is a useful canary-in-a-coal-mine to see whether we should panic about being quantum vulnerable.
For now, the homomorphic and linear properties of elliptic curve cryptography provide a lot of benefits --- particularly the linearity property is what enables Scriptless Script and simple multisignature (i.e. multisignatures that are just 1 signature onchain). So it might be a good idea to take advantage of them now while we are still fairly safe against quantum computers. It seems likely that quantum-safe signature schemes are nonlinear (thus losing these advantages).
If you are a singlesig HODL-only Bitcoin user, Taproot will not affect you positively or negatively. Importantly: Taproot does no harm!
If you use or intend to use multisig, Taproot will be a positive for you.
If you transact onchain regularly using typical P2PKH/P2WPKH addresses, you get a minor reduction in feerates since multisig users will likely switch to Taproot to get smaller tx sizes, freeing up blockspace for yours.
If you are using multiparticipant setups for special systems of trade, Taproot will be a positive for you.
Remember: Lightning channels are multipartiicpiant setups for special systems of lightning-fast offchain trades!
I Wanna Be The Taprooter!
So, do you want to help activate Taproot? Here's what you, mister sovereign Bitcoin HODLer, can do!
If you have developer experience especially in C, C++, or related languages
Review the Taproot code! There is one pull request in Bitcoin Core, and one in libsecp256k1. I deliberately am not putting links here, to avoid brigades of nontechnical but enthusiastic people leaving pointless reviews, but if you are qualified you know how to find them!
But I am not a cryptographeBitcoin Core contributomathematician/someone as awesome as Pieter Wuille
That's perfectly fine! The cryptographers have been over the code already and agree the math is right and the implementation is right. What is wanted is the dreary dreary dreary software engineering: are the comments comprehensive and understandable? no misspellings in the comments? variable names understandable? reasonable function naming convention? misleading coding style? off-by-one errors in loops? conditions not covered by tests? accidental mixups of variables with the same types? missing frees? read-before-init? better test coverage of suspicious-looking code? missing or mismatching header guards? portability issues? consistent coding style? you know, stuff any coder with a few years of experience in coding anything might be able to catch. With enough eyes all bugs are shallow!
If you are running a mining pool/mining operation/exchange/custodial service/SPV server
Be prepared to upgrade!
One of the typical issues with upgrading software is that subtle incompatibilities with your current custom programs tend to arise, disrupting operations and potentially losing income due to downtime. If so, consider moving to the two-node setup suggested by gmax, which is in the last section of my previous post. With this, you have an up-to-date "public" node and a fixed-version "private" node, with the public node protecting the private node from any invalid chainsplits or invalid transactions. Moving to this setup from a typical one-node setup should be smooth and should not disrupt operations (too much).
If you are running your own fullnode for fun or for your own wallet
Be prepared to upgrade! The more nodes validating the new rules (even if you are a non-mining node!), the safer every softfork will be!
If you are using an SPV wallet or custodial wallet/service (including hardware wallets using the software of the wallet provider)
Contact your wallet provider / SPV server and ask for a statement on whether they support Taproot, and whether they are prepared to upgrade for Taproot! Make it known to them that Taproot is something you want!
But I Hate Taproot!!
Raise your objections to Taproot now, or forever hold your peace! Maybe you can raise them here and some of the devs (probably nullc, he goes everywhere, even in rbtc!) might be able to see your objections! Or if your objections are very technical, head over to the appropriate pull request and object away!
Maybe you simply misunderstand something, and we can clarify it here!
Or maybe you do have a good objection, and we can make Taproot better by finding a solution for it!
[ Bitcoin ] Sent BCH to BTC wallet cant retrieve funds.
[ 🔴 DELETED 🔴 ] Topic originally posted in Bitcoin by slicknickn [link]
I accidentally sent BCH to a BTC wallet, the BTC wallet address cannot receive BCH funds nor can they cancel the funds or return them, basically the money is sitting out on a blockchain and hasn't been received nor returned back to me. Any help would be much appreciated. (Money was sent out 8/18)
slicknickn your post has been copied because one or more comments in this topic have been removed. This copy will preserve unmoderated topic. If you would like to opt-out, please send a message using [this link].
So this is not strictly Tezos related but it's a problem with Atomex which is one of the larger DEX's in the Tezos sphere so I think this is the right subreddit. A few days ago I sent a Bitcoin transaction from my Atomex wallet. The bitcoin went to my destination just fine, however the remaining change did not show up in my wallet. I figured it had to do with the tx not being confirmed yet and to just wait. A day and many confirmations later, still nothing in the wallet. I tried pressing the update button in Atomex wallet and restarting it to no avail. If I look on blockchain.com I can see the change funds are sitting in one address, and I looked in the addresses tab on Atomex wallet and there is that address there as one of mine. Yet still the funds are not visible in my Atomex wallet. Atomex wallet does allow me to copy the private key, which I did for this change address which has btc on it according to blockchain.com, but this private key does not appear to be in the normal format for bitcoin private keys as far as I can tell. It starts with a lowercase d, not L or K. How can I import this weird key so I can access the funds?
Don't blindly follow a narrative, its bad for you and its bad for crypto in general
I mostly lurk around here but I see a pattern repeating over and over again here and in multiple communities so I have to post. I'm just posting this here because I appreciate the fact that this sub is a place of free speech and maybe something productive can come out from this post, while bitcoin is just fucking censorship, memes and moon/lambo posts. If you don't agree, write in the comments why, instead of downvoting. You don't have to upvote either, but when you downvote you are killing the opportunity to have discussion. If you downvote or comment that I'm wrong without providing any counterpoints you are no better than the BTC maxis you despise. In various communities I see a narrative being used to bring people in and making them follow something without thinking for themselves. In crypto I see this mostly in BTC vs BCH tribalistic arguments: - BTC community: "Everything that is not BTC is shitcoin." or more recently as stated by adam on twitter, "Everything that is not BTC is a ponzi scheme, even ETH.", "what is ETH supply?", and even that they are doing this for "altruistic" reasons, to "protect" the newcomers. Very convenient for them that they are protecting the newcomers by having them buy their bags - BCH community: "BTC maxis are dumb", "just increase block size and you will have truly p2p electronic cash", "It is just that simple, there are no trade offs", "if you don't agree with me you are a BTC maxi", "BCH is satoshi's vision for p2p electronic cash" It is not exclusive to crypto but also politics, and you see this over and over again on twitter and on reddit. My point is, that narratives are created so people don't have to think, they just choose a narrative that is easy to follow and makes sense for them, and stick with it. And people keep repeating these narratives to bring other people in, maybe by ignorance, because they truly believe it without questioning, or maybe by self interest, because they want to shill you their bags. Because this is BCH community, and because bitcoin is censored, so I can't post there about the problems in the BTC narrative (some of which are IMO correctly identified by BCH community), I will stick with the narrative I see in the BCH community. The culprit of this post was firstly this post by user u/scotty321"The BTC Paradox: “A 1 MB blocksize enables poor people to run their own node!” “Okay, then what?” “Poor people won’t be able to use the network!”". You will see many posts of this kind being made by u/Egon_1 also. Then you have also this comment in that thread by u/fuck_____________1 saying that people that want to run their own nodes are retarded and that there is no reason to want to do that. "Just trust block explorer websites". And the post and comment were highly upvoted. Really? You really think that there is no problem in having just a few nodes on the network? And that the only thing that secures the network are miners? As stated by user u/co1nsurf3r in that thread:
While I don't think that everybody needs to run a node, a full node does publish blocks it considers valid to other nodes. This does not amount to much if you only consider a single node in the network, but many "honest" full nodes in the network will reduce the probability of a valid block being withheld from the network by a collusion of "hostile" node operators.
But surely this will not get attention here, and will be downvoted by those people that promote the narrative that there is no trade off in increasing the blocksize and the people that don't see it are retarded or are btc maxis. The only narrative I stick to and have been for many years now is that cryptocurrency takes power from the government and gives power to the individual, so you are not restricted to your economy as you can participate in the global economy. There is also the narrative of banking the bankless, which I hope will come true, but it is not a use case we are seeing right now. Some people would argue that removing power from gov's is a bad thing, but you can't deny the fact that gov's can't control crypto (at least we would want them not to). But, if you really want the individuals to remain in control of their money and transact with anyone in the world, the network needs to be very resistant to any kind of attacks. How can you have p2p electronic cash if your network just has a handful couple of nodes and the chinese gov can locate them and just block communication to them? I'm not saying that this is BCH case, I'm just refuting the fact that there is no value in running your own node. If you are relying on block explorers, the gov can just block the communication to the block explorer websites. Then what? Who will you trust to get chain information? The nodes needs to be decentralized so if you take one node down, many more can appear so it is hard to censor and you don't have few points of failure. Right now BTC is focusing on that use case of being difficult to censor. But with that comes the problem that is very expensive to transact on the network, which breaks the purpose of anyone being able to participate. Obviously I do think that is also a major problem, and lightning network is awful right now and probably still years away of being usable, if it ever will. The best solution is up for debate, but thinking that you just have to increase the blocksize and there is no trade off is just naive or misleading. BCH is doing a good thing in trying to come with a solution that is inclusive and promotes cheap and fast transactions, but also don't forget centralization is a major concern and nothing to just shrug off. Saying that "a 1 MB blocksize enables poor people to run their own" and that because of that "Poor people won’t be able to use the network" is a misrepresentation designed to promote a narrative. Because 1MB is not to allow "poor" people to run their node, it is to facilitate as many people to run a node to promote decentralization and avoid censorship. Also an elephant in the room that you will not see being discussed in either BTC or BCH communities is that mining pools are heavily centralized. And I'm not talking about miners being mostly in china, but also that big pools control a lot of hashing power both in BTC and BCH, and that is terrible for the purpose of crypto. Other projects are trying to solve that. Will they be successful? I don't know, I hope so, because I don't buy into any narrative. There are many challenges and I want to see crypto succeed as a whole. As always guys, DYOR and always question if you are not blindly following a narrative. I'm sure I will be called BTC maxi but maybe some people will find value in this. Don't trust guys that are always posting silly "gocha's" against the other "tribe". EDIT: User u/ShadowOfHarbringer has pointed me to some threads that this has been discussed in the past and I will just put my take on them here for visibility, as I will be using this thread as a reference in future discussions I engage:
When there was only 2 nodes in the network, adding a third node increased redundancy and resiliency of the network as a whole in a significant way. When there is thousands of nodes in the network, adding yet another node only marginally increase the redundancy and resiliency of the network. So the question then becomes a matter of personal judgement of how much that added redundancy and resiliency is worth. For the absolutist, it is absolutely worth it and everyone on this planet should do their part.
What is the magical number of nodes that makes it counterproductive to add new nodes? Did he do any math? Does BCH achieve this holy grail safe number of nodes? Guess what, nobody knows at what number of nodes is starts to be marginally irrelevant to add new nodes. Even BTC today could still not have enough nodes to be safe. If you can't know for sure that you are safe, it is better to try to be safer than sorry. Thousands of nodes is still not enough, as I said, it is much cheaper to run a full node as it is to mine. If it costs millions in hash power to do a 51% attack on the block generation it means nothing if it costs less than $10k to run more nodes than there are in total in the network and cause havoc and slowing people from using the network. Or using bot farms to DDoS the 1000s of nodes in the network. Not all attacks are monetarily motivated. When you have governments with billions of dollars at their disposal and something that could threat their power they could do anything they could to stop people from using it, and the cheapest it is to do so the better
You should run a full node if you're a big business with e.g. >$100k/month in volume, or if you run a service that requires high fraud resistance and validation certainty for payments sent your way (e.g. an exchange). For most other users of Bitcoin, there's no good reason to run a full node unless you reel like it.
Shouldn't individuals benefit from fraud resistance too? Why just businesses?
Personally, I think it's a good idea to make sure that people can easily run a full node because they feel like it, and that it's desirable to keep full node resource requirements reasonable for an enthusiast/hobbyist whenever possible. This might seem to be at odds with the concept of making a worldwide digital cash system in which all transactions are validated by everybody, but after having done the math and some of the code myself, I believe that we should be able to have our cake and eat it too.
This is recurrent argument, but also no math provided, "just trust me I did the math"
The biggest reason individuals may want to run their own node is to increase their privacy. SPV wallets rely on others (nodes or ElectronX servers) who may learn their addresses.
It is a reason and valid one but not the biggest reason
If you do it for fun and experimental it good. If you do it for extra privacy it's ok. If you do it to help the network don't. You are just slowing down miners and exchanges.
Yes it will slow down the network, but that shows how people just don't get the the trade off they are doing
I will just copy/paste what Satoshi Nakamoto said in his own words. "The current system where every user is a network node is not the intended configuration for large scale. That would be like every Usenet user runs their own NNTP server."
Another "it is all or nothing argument" and quoting satoshi to try and prove their point. Just because every user doesn't need to be also a full node doesn't mean that there aren't serious risks for having few nodes
For this to have any importance in practice, all of the miners, all of the exchanges, all of the explorers and all of the economic nodes should go rogue all at once. Collude to change consensus. If you have a node you can detect this. It doesn't do much, because such a scenario is impossible in practice.
Not true because as I said, you can DDoS the current nodes or run more malicious nodes than that there currently are, because is cheap to do so
Non-mining nodes don't contribute to adding data to the blockchain ledger, but they do play a part in propagating transactions that aren't yet in blocks (the mempool). Bitcoin client implementations can have different validations for transactions they see outside of blocks and transactions they see inside of blocks; this allows for "soft forks" to add new types of transactions without completely breaking older clients (while a transaction is in the mempool, a node receiving a transaction that's a new/unknown type could drop it as not a valid transaction (not propagate it to its peers), but if that same transaction ends up in a block and that node receives the block, they accept the block (and the transaction in it) as valid (and therefore don't get left behind on the blockchain and become a fork). The participation in the mempool is a sort of "herd immunity" protection for the network, and it was a key talking point for the "User Activated Soft Fork" (UASF) around the time the Segregated Witness feature was trying to be added in. If a certain percentage of nodes updated their software to not propagate certain types of transactions (or not communicate with certain types of nodes), then they can control what gets into a block (someone wanting to get that sort of transaction into a block would need to communicate directly to a mining node, or communicate only through nodes that weren't blocking that sort of transaction) if a certain threshold of nodes adheres to those same validation rules. It's less specific than the influence on the blockchain data that mining nodes have, but it's definitely not nothing.
The first reasonable comment in that thread but is deep down there with only 1 upvote
The addition of non-mining nodes does not add to the efficiency of the network, but actually takes away from it because of the latency issue.
That is true and is actually a trade off you are making, sacrificing security to have scalability
The addition of non-mining nodes has little to no effect on security, since you only need to destroy mining ones to take down the network
It is true that if you destroy mining nodes you take down the network from producing new blocks (temporarily), even if you have a lot of non mining nodes. But, it still better than if you take down the mining nodes who are also the only full nodes. If the miners are not the only full nodes, at least you still have full nodes with the blockchain data so new miners can download it and join. If all the miners are also the full nodes and you take them down, where will you get all the past blockchain data to start mining again? Just pray that the miners that were taken down come back online at some point in the future?
The real limiting factor is ISP's: Imagine a situation where one service provider defrauds 4000 different nodes. Did the excessive amount of nodes help at all, when they have all been defrauded by the same service provider? If there are only 30 ISP's in the world, how many nodes do we REALLY need?
You cant defraud if the connection is encrypted. Use TOR for example, it is hard for ISP's to know what you are doing.
Satoshi specifically said in the white paper that after a certain point, number of nodes needed plateaus, meaning after a certain point, adding more nodes is actually counterintuitive, which we also demonstrated. (the latency issue). So, we have adequately demonstrated why running non-mining nodes does not add additional value or security to the network.
Again, what is the number of nodes that makes it counterproductive? Did he do any math?
There's also the matter of economically significant nodes and the role they play in consensus. Sure, nobody cares about your average joe's "full node" where he is "keeping his own ledger to keep the miners honest", as it has no significance to the economy and the miners couldn't give a damn about it. However, if say some major exchanges got together to protest a miner activated fork, they would have some protest power against that fork because many people use their service. Of course, there still needs to be miners running on said "protest fork" to keep the chain running, but miners do follow the money and if they got caught mining a fork that none of the major exchanges were trading, they could be coaxed over to said "protest fork".
In consensus, what matters about nodes is only the number, economical power of the node doesn't mean nothing, the protocol doesn't see the net worth of the individual or organization running that node.
Running a full node that is not mining and not involved is spending or receiving payments is of very little use. It helps to make sure network traffic is broadcast, and is another copy of the blockchain, but that is all (and is probably not needed in a healthy coin with many other nodes)
He gets it right (broadcasting transaction and keeping a copy of the blockchain) but he dismisses the importance of it
Blockchain Wallet Emptied Twice in 1 week - Funds are Still in Thief's Wallet
On 3/2/20 and again on 3/5/20 my blockchain wallet was emptied. I had my iOS phone in my hand the first time and on the night stand while sleeping the 2nd time. I have all of the protections enabled, did not create a "send" transaction, never received an email, SMS text, and no email for the transaction- nothing!! How is this possible???!!!!! My smart phone was never out of my possession, I have not shared my wallet (or even the fact that I had a wallet), logins or access code from my wallet. The funds are still sitting in the wallet that received them- 2 different ones. Any help or advice on how to get these back is appreciated! 1st time 2nd time
Bitcoin, often described as a cryptocurrency, a virtual currency or a digital currency - is a type of money that is completely virtual. It's like an online version of cash. You can use it to buy products and services, but not many shops accept Bitcoin yet and some countries have banned it altogether. The physical Bitcoins you see in photos are a novelty. They would be worthless without the private codes printed inside them. https://preview.redd.it/sul1wp5r3nr51.jpg?width=320&format=pjpg&auto=webp&s=0ecbcf1b70fd807168a831c3cbee98a4347172c7 How does Bitcoin work? Each Bitcoin is basically a computer file which is stored in a 'digital wallet' app on a smartphone or computer. People can send Bitcoins (or part of one) to your digital wallet, and you can send Bitcoins to other people. Every single transaction is recorded in a public list called the blockchain. I just love talking about bitcoins and this is the very reason I will write my essay on bitcoins and related currencies. This makes it possible to trace the history of Bitcoins to stop people from spending coins they do not own, making copies or undo-ing transactions. How do people get Bitcoins? There are three main ways people get Bitcoins.g
You can buy Bitcoins using 'real' money.
You can sell things and let people pay you with Bitcoins.
Or they can be created using a computer.
How are new Bitcoins created? In order for the Bitcoin system to work, people can make their computer process transactions for everybody. The computers are made to work out incredibly difficult sums. Occasionally they are rewarded with a Bitcoin for the owner to keep. People set up powerful computers just to try and get Bitcoins. This is called mining. But the sums are becoming more and more difficult to stop too many Bitcoins being generated. If you started mining now it could be years before you got a single Bitcoin. You could end up spending more money on electricity for your computer than the Bitcoin would be worth. Why are Bitcoins valuable? There are lots of things other than money which we consider valuable like gold and diamonds. The Aztecs used cocoa beans as money! Bitcoins are valuable because people are willing to exchange them for real goods and services, and even cash. Why do people want Bitcoins? Some people like the fact that Bitcoin is not controlled by the government or banks. People can also spend their Bitcoins fairly anonymously. Although all transactions are recorded, nobody would know which 'account number' was yours unless you told them.
Scaling Reddit Community Points with Arbitrum Rollup: a piece of cake
https://preview.redd.it/b80c05tnb9e51.jpg?width=2550&format=pjpg&auto=webp&s=850282c1a3962466ed44f73886dae1c8872d0f31 Submitted for consideration toThe Great Reddit Scaling Bake-Off Baked by the pastry chefs atOffchain Labs Please send questions or comments to [[email protected] ](mailto:[email protected]) 1. Overview We're excited to submit Arbitrum Rollup for consideration to The Great Reddit Scaling Bake-Off. Arbitrum Rollup is the only Ethereum scaling solution that supports arbitrary smart contracts without compromising on Ethereum's security or adding points of centralization. For Reddit, this means that Arbitrum can not only scale the minting and transfer of Community Points, but it can foster a creative ecosystem built around Reddit Community Points enabling points to be used in a wide variety of third party applications. That's right -- you can have your cake and eat it too! Arbitrum Rollup isn't just Ethereum-style. Its Layer 2 transactions are byte-for-byte identical to Ethereum, which means Ethereum users can continue to use their existing addresses and wallets, and Ethereum developers can continue to use their favorite toolchains and development environments out-of-the-box with Arbitrum. Coupling Arbitrum’s tooling-compatibility with its trustless asset interoperability, Reddit not only can scale but can onboard the entire Ethereum community at no cost by giving them the same experience they already know and love (well, certainly know). To benchmark how Arbitrum can scale Reddit Community Points, we launched the Reddit contracts on an Arbitrum Rollup chain. Since Arbitrum provides full Solidity support, we didn't have to rewrite the Reddit contracts or try to mimic their functionality using an unfamiliar paradigm. Nope, none of that. We launched the Reddit contracts unmodified on Arbitrum Rollup complete with support for minting and distributing points. Like every Arbitrum Rollup chain, the chain included a bridge interface in which users can transfer Community Points or any other asset between the L1 and L2 chains. Arbitrum Rollup chains also support dynamic contract loading, which would allow third-party developers to launch custom ecosystem apps that integrate with Community Points on the very same chain that runs the Reddit contracts. 1.1 Why Ethereum Perhaps the most exciting benefit of distributing Community Points using a blockchain is the ability to seamlessly port points to other applications and use them in a wide variety of contexts. Applications may include simple transfers such as a restaurant that allows Redditors to spend points on drinks. Or it may include complex smart contracts -- such as placing Community Points as a wager for a multiparty game or as collateral in a financial contract. The common denominator between all of the fun uses of Reddit points is that it needs a thriving ecosystem of both users and developers, and the Ethereum blockchain is perhaps the only smart contract platform with significant adoption today. While many Layer 1 blockchains boast lower cost or higher throughput than the Ethereum blockchain, more often than not, these attributes mask the reality of little usage, weaker security, or both. Perhaps another platform with significant usage will rise in the future. But today, Ethereum captures the mindshare of the blockchain community, and for Community Points to provide the most utility, the Ethereum blockchain is the natural choice. 1.2 Why Arbitrum While Ethereum's ecosystem is unmatched, the reality is that fees are high and capacity is too low to support the scale of Reddit Community Points. Enter Arbitrum. Arbitrum Rollup provides all of the ecosystem benefits of Ethereum, but with orders of magnitude more capacity and at a fraction of the cost of native Ethereum smart contracts. And most of all, we don't change the experience from users. They continue to use the same wallets, addresses, languages, and tools. Arbitrum Rollup is not the only solution that can scale payments, but it is the only developed solution that can scale both payments and arbitrary smart contracts trustlessly, which means that third party users can build highly scalable add-on apps that can be used without withdrawing money from the Rollup chain. If you believe that Reddit users will want to use their Community Points in smart contracts--and we believe they will--then it makes the most sense to choose a single scaling solution that can support the entire ecosystem, eliminating friction for users. We view being able to run smart contracts in the same scaling solution as fundamentally critical since if there's significant demand in running smart contracts from Reddit's ecosystem, this would be a load on Ethereum and would itself require a scaling solution. Moreover, having different scaling solutions for the minting/distribution/spending of points and for third party apps would be burdensome for users as they'd have to constantly shuffle their Points back and forth. 2. Arbitrum at a glance Arbitrum Rollup has a unique value proposition as it offers a combination of features that no other scaling solution achieves. Here we highlight its core attributes. Decentralized. Arbitrum Rollup is as decentralized as Ethereum. Unlike some other Layer 2 scaling projects, Arbitrum Rollup doesn't have any centralized components or centralized operators who can censor users or delay transactions. Even in non-custodial systems, centralized components provide a risk as the operators are generally incentivized to increase their profit by extracting rent from users often in ways that severely degrade user experience. Even if centralized operators are altruistic, centralized components are subject to hacking, coercion, and potential liability. Massive Scaling. Arbitrum achieves order of magnitude scaling over Ethereum's L1 smart contracts. Our software currently supports 453 transactions-per-second for basic transactions (at 1616 Ethereum gas per tx). We have a lot of room left to optimize (e.g. aggregating signatures), and over the next several months capacity will increase significantly. As described in detail below, Arbitrum can easily support and surpass Reddit's anticipated initial load, and its capacity will continue to improve as Reddit's capacity needs grow. Low cost. The cost of running Arbitrum Rollup is quite low compared to L1 Ethereum and other scaling solutions such as those based on zero-knowledge proofs. Layer 2 fees are low, fixed, and predictable and should not be overly burdensome for Reddit to cover. Nobody needs to use special equipment or high-end machines. Arbitrum requires validators, which is a permissionless role that can be run on any reasonable on-line machine. Although anybody can act as a validator, in order to protect against a “tragedy of the commons” and make sure reputable validators are participating, we support a notion of “invited validators” that are compensated for their costs. In general, users pay (low) fees to cover the invited validators’ costs, but we imagine that Reddit may cover this cost for its users. See more on the costs and validator options below. Ethereum Developer Experience. Not only does Arbitrum support EVM smart contracts, but the developer experience is identical to that of L1 Ethereum contracts and fully compatible with Ethereum tooling. Developers can port existing Solidity apps or write new ones using their favorite and familiar toolchains (e.g. Truffle, Buidler). There are no new languages or coding paradigms to learn. Ethereum wallet compatibility. Just as in Ethereum, Arbitrum users need only hold keys, but do not have to store any coin history or additional data to protect or access their funds. Since Arbitrum transactions are semantically identical to Ethereum L1 transactions, existing Ethereum users can use their existing Ethereum keys with their existing wallet software such as Metamask. Token interoperability. Users can easily transfer their ETH, ERC-20 and ERC-721 tokens between Ethereum and the Arbitrum Rollup chain. As we explain in detail below, it is possible to mint tokens in L2 that can subsequently be withdrawn and recognized by the L1 token contract. Fast finality. Transactions complete with the same finality time as Ethereum L1 (and it's possible to get faster finality guarantees by trading away trust assumptions; see the Arbitrum Rollup whitepaper for details). Non-custodial. Arbitrum Rollup is a non-custodial scaling solution, so users control their funds/points and neither Reddit nor anyone else can ever access or revoke points held by users. Censorship Resistant. Since it's completely decentralized, and the Arbitrum protocol guarantees progress trustlessly, Arbitrum Rollup is just as censorship-proof as Ethereum. Block explorer. The Arbitrum Rollup block explorer allows users to view and analyze transactions on the Rollup chain. Limitations Although this is a bake-off, we're not going to sugar coat anything. Arbitrum Rollup, like any Optimistic Rollup protocol, does have one limitation, and that's the delay on withdrawals. As for the concrete length of the delay, we've done a good deal of internal modeling and have blogged about this as well. Our current modeling suggests a 3-hour delay is sufficient (but as discussed in the linked post there is a tradeoff space between the length of the challenge period and the size of the validators’ deposit). Note that this doesn't mean that the chain is delayed for three hours. Arbitrum Rollup supports pipelining of execution, which means that validators can keep building new states even while previous ones are “in the pipeline” for confirmation. As the challenge delays expire for each update, a new state will be confirmed (read more about this here). So activity and progress on the chain are not delayed by the challenge period. The only thing that's delayed is the consummation of withdrawals. Recall though that any single honest validator knows immediately (at the speed of L1 finality) which state updates are correct and can guarantee that they will eventually be confirmed, so once a valid withdrawal has been requested on-chain, every honest party knows that the withdrawal will definitely happen. There's a natural place here for a liquidity market in which a validator (or someone who trusts a validator) can provide withdrawal loans for a small interest fee. This is a no-risk business for them as they know which withdrawals will be confirmed (and can force their confirmation trustlessly no matter what anyone else does) but are just waiting for on-chain finality. 3. The recipe: How Arbitrum Rollup works For a description of the technical components of Arbitrum Rollup and how they interact to create a highly scalable protocol with a developer experience that is identical to Ethereum, please refer to the following documents: Arbitrum Rollup Whitepaper Arbitrum academic paper (describes a previous version of Arbitrum) 4. Developer docs and APIs For full details about how to set up and interact with an Arbitrum Rollup chain or validator, please refer to our developer docs, which can be found at https://developer.offchainlabs.com/. Note that the Arbitrum version described on that site is older and will soon be replaced by the version we are entering in Reddit Bake-Off, which is still undergoing internal testing before public release. 5. Who are the validators? As with any Layer 2 protocol, advancing the protocol correctly requires at least one validator (sometimes called block producers) that is honest and available. A natural question is: who are the validators? Recall that the validator set for an Arbitrum chain is open and permissionless; anyone can start or stop validating at will. (A useful analogy is to full nodes on an L1 chain.) But we understand that even though anyone can participate, Reddit may want to guarantee that highly reputable nodes are validating their chain. Reddit may choose to validate the chain themselves and/or hire third-party validators.To this end, we have begun building a marketplace for validator-for-hire services so that dapp developers can outsource validation services to reputable nodes with high up-time. We've announced a partnership in which Chainlink nodes will provide Arbitrum validation services, and we expect to announce more partnerships shortly with other blockchain infrastructure providers. Although there is no requirement that validators are paid, Arbitrum’s economic model tracks validators’ costs (e.g. amount of computation and storage) and can charge small fees on user transactions, using a gas-type system, to cover those costs. Alternatively, a single party such as Reddit can agree to cover the costs of invited validators. 6. Reddit Contract Support Since Arbitrum contracts and transactions are byte-for-byte compatible with Ethereum, supporting the Reddit contracts is as simple as launching them on an Arbitrum chain. Minting. Arbitrum Rollup supports hybrid L1/L2 tokens which can be minted in L2 and then withdrawn onto the L1. An L1 contract at address A can make a special call to the EthBridge which deploys a "buddy contract" to the same address A on an Arbitrum chain. Since it's deployed at the same address, users can know that the L2 contract is the authorized "buddy" of the L1 contract on the Arbitrum chain. For minting, the L1 contract is a standard ERC-20 contract which mints and burns tokens when requested by the L2 contract. It is paired with an ERC-20 contract in L2 which mints tokens based on whatever programmer provided minting facility is desired and burns tokens when they are withdrawn from the rollup chain. Given this base infrastructure, Arbitrum can support any smart contract based method for minting tokens in L2, and indeed we directly support Reddit's signature/claim based minting in L2. Batch minting. What's better than a mint cookie? A whole batch! In addition to supporting Reddit’s current minting/claiming scheme, we built a second minting design, which we believe outperforms the signature/claim system in many scenarios. In the current system, Reddit periodically issues signed statements to users, who then take those statements to the blockchain to claim their tokens. An alternative approach would have Reddit directly submit the list of users/amounts to the blockchain and distribute the tokens to the users without the signature/claim process. To optimize the cost efficiency of this approach, we designed an application-specific compression scheme to minimize the size of the batch distribution list. We analyzed the data from Reddit's previous distributions and found that the data is highly compressible since token amounts are small and repeated, and addresses appear multiple times. Our function groups transactions by size, and replaces previously-seen addresses with a shorter index value. We wrote client code to compress the data, wrote a Solidity decompressing function, and integrated that function into Reddit’s contract running on Arbitrum. When we ran the compression function on the previous Reddit distribution data, we found that we could compress batched minting data down to to 11.8 bytes per minting event (averaged over a 6-month trace of Reddit’s historical token grants)compared with roughly 174 bytes of on-chain data needed for the signature claim approach to minting (roughly 43 for an RLP-encoded null transaction + 65 for Reddit's signature + 65 for the user's signature + roughly 8 for the number of Points) . The relative benefit of the two approaches with respect to on-chain call data cost depends on the percentage of users that will actually claim their tokens on chain. With the above figures, batch minting will be cheaper if roughly 5% of users redeem their claims. We stress that our compression scheme is not Arbitrum-specific and would be beneficial in any general-purpose smart contract platform. 8. Benchmarks and costs In this section, we give the full costs of operating the Reddit contracts on an Arbitrum Rollup chain including the L1 gas costs for the Rollup chain, the costs of computation and storage for the L2 validators as well as the capital lockup requirements for staking. Arbitrum Rollup is still on testnet, so we did not run mainnet benchmarks. Instead, we measured the L1 gas cost and L2 workload for Reddit operations on Arbitrum and calculated the total cost assuming current Ethereum gas prices. As noted below in detail, our measurements do not assume that Arbitrum is consuming the entire capacity of Ethereum. We will present the details of our model now, but for full transparency you can also play around with it yourself and adjust the parameters, by copying the spreadsheet found here. Our cost model is based on measurements of Reddit’s contracts, running unmodified (except for the addition of a batch minting function) on Arbitrum Rollup on top of Ethereum. On the distribution of transactions and frequency of assertions. Reddit's instructions specify the following minimum parameters that submissions should support: Over a 5 day period, your scaling PoC should be able to handle:
100,000 point claims (minting & distributing points)
75,000 one-off points burning
We provide the full costs of operating an Arbitrum Rollup chain with this usage under the assumption that tokens are minted or granted to users in batches, but other transactions are uniformly distributed over the 5 day period. Unlike some other submissions, we do not make unrealistic assumptions that all operations can be submitted in enormous batches. We assume that batch minting is done in batches that use only a few percent on an L1 block’s gas, and that other operations come in evenly over time and are submitted in batches, with one batch every five minutes to keep latency reasonable. (Users are probably already waiting for L1 finality, which takes at least that long to achieve.) We note that assuming that there are only 300,000 transactions that arrive uniformly over the 5 day period will make our benchmark numbers lower, but we believe that this will reflect the true cost of running the system. To see why, say that batches are submitted every five minutes (20 L1 blocks) and there's a fixed overhead of c bytes of calldata per batch, the cost of which will get amortized over all transactions executed in that batch. Assume that each individual transaction adds a marginal cost of t. Lastly assume the capacity of the scaling system is high enough that it can support all of Reddit's 300,000 transactions within a single 20-block batch (i.e. that there is more than c + 300,000*t byes of calldata available in 20 blocks). Consider what happens if c, the per-batch overhead, is large (which it is in some systems, but not in Arbitrum). In the scenario that transactions actually arrive at the system's capacity and each batch is full, then c gets amortized over 300,000 transactions. But if we assume that the system is not running at capacity--and only receives 300,000 transactions arriving uniformly over 5 days-- then each 20-block assertion will contain about 200 transactions, and thus each transaction will pay a nontrivial cost due to c. We are aware that other proposals presented scaling numbers assuming that 300,000 transactions arrived at maximum capacity and was executed in a single mega-transaction, but according to our estimates, for at least one such report, this led to a reported gas price that was 2-3 orders of magnitude lower than it would have been assuming uniform arrival. We make more realistic batching assumptions, and we believe Arbitrum compares well when batch sizes are realistic. Our model. Our cost model includes several sources of cost:
L1 gas costs: This is the cost of posting transactions as calldata on the L1 chain, as well as the overhead associated with each batch of transactions, and the L1 cost of settling transactions in the Arbitrum protocol.
Validator’s staking costs: In normal operation, one validator will need to be staked. The stake is assumed to be 0.2% of the total value of the chain (which is assumed to be $1 per user who is eligible to claim points). The cost of staking is the interest that could be earned on the money if it were not staked.
Validator computation and storage: Every validator must do computation to track the chain’s processing of transactions, and must maintain storage to keep track of the contracts’ EVM storage. The cost of computation and storage are estimated based on measurements, with the dollar cost of resources based on Amazon Web Services pricing.
It’s clear from our modeling that the predominant cost is for L1 calldata. This will probably be true for any plausible rollup-based system. Our model also shows that Arbitrum can scale to workloads much larger than Reddit’s nominal workload, without exhausting L1 or L2 resources. The scaling bottleneck will ultimately be calldata on the L1 chain. We believe that cost could be reduced substantially if necessary by clever encoding of data. (In our design any compression / decompression of L2 transaction calldata would be done by client software and L2 programs, never by an L1 contract.) 9. Status of Arbitrum Rollup Arbitrum Rollup is live on Ethereum testnet. All of the code written to date including everything included in the Reddit demo is open source and permissively licensed under the Apache V2 license. The first testnet version of Arbitrum Rollup was released on testnet in February. Our current internal version, which we used to benchmark the Reddit contracts, will be released soon and will be a major upgrade. Both the Arbitrum design as well as the implementation are heavily audited by independent third parties. The Arbitrum academic paper was published at USENIX Security, a top-tier peer-reviewed academic venue. For the Arbitrum software, we have engaged Trail of Bits for a security audit, which is currently ongoing, and we are committed to have a clean report before launching on Ethereum mainnet. 10. Reddit Universe Arbitrum Rollup Chain The benchmarks described in this document were all measured using the latest internal build of our software. When we release the new software upgrade publicly we will launch a Reddit Universe Arbitrum Rollup chain as a public demo, which will contain the Reddit contracts as well as a Uniswap instance and a Connext Hub, demonstrating how Community Points can be integrated into third party apps. We will also allow members of the public to dynamically launch ecosystem contracts. We at Offchain Labs will cover the validating costs for the Reddit Universe public demo. If the folks at Reddit would like to evaluate our software prior to our public demo, please email us at [email protected] and we'd be more than happy to provide early access. 11. Even more scaling: Arbitrum Sidechains Rollups are an excellent approach to scaling, and we are excited about Arbitrum Rollup which far surpasses Reddit's scaling needs. But looking forward to Reddit's eventual goal of supporting hundreds of millions of users, there will likely come a time when Reddit needs more scaling than any Rollup protocol can provide. While Rollups greatly reduce costs, they don't break the linear barrier. That is, all transactions have an on-chain footprint (because all calldata must be posted on-chain), albeit a far smaller one than on native Ethereum, and the L1 limitations end up being the bottleneck for capacity and cost. Since Ethereum has limited capacity, this linear use of on-chain resources means that costs will eventually increase superlinearly with traffic. The good news is that we at Offchain Labs have a solution in our roadmap that can satisfy this extreme-scaling setting as well: Arbitrum AnyTrust Sidechains. Arbitrum Sidechains are similar to Arbitrum Rollup, but deviate in that they name a permissioned set of validators. When a chain’s validators agree off-chain, they can greatly reduce the on-chain footprint of the protocol and require almost no data to be put on-chain. When validators can't reach unanimous agreement off-chain, the protocol reverts to Arbitrum Rollup. Technically, Arbitrum Sidechains can be viewed as a hybrid between state channels and Rollup, switching back and forth as necessary, and combining the performance and cost that state channels can achieve in the optimistic case, with the robustness of Rollup in other cases. The core technical challenge is how to switch seamlessly between modes and how to guarantee that security is maintained throughout. Arbitrum Sidechains break through this linear barrier, while still maintaining a high level of security and decentralization. Arbitrum Sidechains provide the AnyTrust guarantee, which says that as long as any one validator is honest and available (even if you don't know which one will be), the L2 chain is guaranteed to execute correctly according to its code and guaranteed to make progress. Unlike in a state channel, offchain progress does not require unanimous consent, and liveness is preserved as long as there is a single honest validator. Note that the trust model for Arbitrum Sidechains is much stronger than for typical BFT-style chains which introduce a consensus "voting" protocols among a small permissioned group of validators. BFT-based protocols require a supermajority (more than 2/3) of validators to agree. In Arbitrum Sidechains, by contrast, all you need is a single honest validator to achieve guaranteed correctness and progress. Notice that in Arbitrum adding validators strictly increases security since the AnyTrust guarantee provides correctness as long as any one validator is honest and available. By contrast, in BFT-style protocols, adding nodes can be dangerous as a coalition of dishonest nodes can break the protocol. Like Arbitrum Rollup, the developer and user experiences for Arbitrum Sidechains will be identical to that of Ethereum. Reddit would be able to choose a large and diverse set of validators, and all that they would need to guarantee to break through the scaling barrier is that a single one of them will remain honest. We hope to have Arbitrum Sidechains in production in early 2021, and thus when Reddit reaches the scale that surpasses the capacity of Rollups, Arbitrum Sidechains will be waiting and ready to help. While the idea to switch between channels and Rollup to get the best of both worlds is conceptually simple, getting the details right and making sure that the switch does not introduce any attack vectors is highly non-trivial and has been the subject of years of our research (indeed, we were working on this design for years before the term Rollup was even coined). 12. How Arbitrum compares We include a comparison to several other categories as well as specific projects when appropriate. and explain why we believe that Arbitrum is best suited for Reddit's purposes. We focus our attention on other Ethereum projects. Payment only Rollups. Compared to Arbitrum Rollup, ZK-Rollups and other Rollups that only support token transfers have several disadvantages:
As outlined throughout the proposal, we believe that the entire draw of Ethereum is in its rich smart contracts support which is simply not achievable with today's zero-knowledge proof technology. Indeed, scaling with a ZK-Rollup will add friction to the deployment of smart contracts that interact with Community Points as users will have to withdraw their coins from the ZK-Rollup and transfer them to a smart contract system (like Arbitrum). The community will be best served if Reddit builds on a platform that has built-in, frictionless smart-contract support.
All other Rollup protocols of which we are aware employ a centralized operator. While it's true that users retain custody of their coins, the centralized operator can often profit from censoring, reordering, or delaying transactions. A common misconception is that since they're non-custodial protocols, a centralized sequencer does not pose a risk but this is incorrect as the sequencer can wreak havoc or shake down users for side payments without directly stealing funds.
Sidechain type protocols can eliminate some of these issues, but they are not trustless. Instead, they require trust in some quorum of a committee, often requiring two-third of the committee to be honest, compared to rollup protocols like Arbitrum that require only a single honest party. In addition, not all sidechain type protocols have committees that are diverse, or even non-centralized, in practice.
Plasma-style protocols have a centralized operator and do not support general smart contracts.
13. Concluding Remarks While it's ultimately up to the judges’ palate, we believe that Arbitrum Rollup is the bakeoff choice that Reddit kneads. We far surpass Reddit's specified workload requirement at present, have much room to optimize Arbitrum Rollup in the near term, and have a clear path to get Reddit to hundreds of millions of users. Furthermore, we are the only project that gives developers and users the identical interface as the Ethereum blockchain and is fully interoperable and tooling-compatible, and we do this all without any new trust assumptions or centralized components. But no matter how the cookie crumbles, we're glad to have participated in this bake-off and we thank you for your consideration. About Offchain Labs Offchain Labs, Inc. is a venture-funded New York company that spun out of Princeton University research, and is building the Arbitrum platform to usher in the next generation of scalable, interoperable, and compatible smart contracts. Offchain Labs is backed by Pantera Capital, Compound VC, Coinbase Ventures, and others. Leadership Team Ed Felten Ed Felten is Co-founder and Chief Scientist at Offchain Labs. He is on leave from Princeton University, where he is the Robert E. Kahn Professor of Computer Science and Public Affairs. From 2015 to 2017 he served at the White House as Deputy United States Chief Technology Officer and senior advisor to the President. He is an ACM Fellow and member of the National Academy of Engineering. Outside of work, he is an avid runner, cook, and L.A. Dodgers fan. Steven Goldfeder Steven Goldfeder is Co-founder and Chief Executive Officer at Offchain Labs. He holds a PhD from Princeton University, where he worked at the intersection of cryptography and cryptocurrencies including threshold cryptography, zero-knowledge proof systems, and post-quantum signatures. He is a co-author of Bitcoin and Cryptocurrency Technologies, the leading textbook on cryptocurrencies, and he has previously worked at Google and Microsoft Research, where he co-invented the Picnic signature algorithm. When not working, you can find Steven spending time with his family, taking a nature walk, or twisting balloons. Harry Kalodner Harry Kalodner is Co-founder and Chief Technology Officer at Offchain Labs where he leads the engineering team. Before the company he attended Princeton as a Ph.D candidate where his research explored economics, anonymity, and incentive compatibility of cryptocurrencies, and he also has worked at Apple. When not up at 3:00am writing code, Harry occasionally sleeps.
Bitcoin Core runs as a full network node and maintains a local copy of the block chain. This data independence improves wallet privacy and security. Unlike some SPV wallets that leak addresses to peers, Bitcoin Core stores all transactions locally. And how can I copy the blockchain from my existing Windows client installation to, say, a USB stick for use by an Ubuntu live CD, then into the Bitcoin client folder? security blockchain bitcoin-core linux windows. ... Can I configure Bitcoin (Linux) with a custom wallet location? 4. To restore the backup, simply copy your backed up wallet.dat over an existing one in the bitcoin data location. BIP 32 This seed is used to generate a master private key (xprv) which then can be imported to any BIP 32 compliant HD wallet. Follow the steps below to do so with your Blockchain.com Wallet. Web. Note: you must enable bitcoin link handling in order to pay a BitPay invoice with your Blockchain.com Wallet. You can do this by logging into your Wallet and navigating to Settings > Preferences and pressing Enable in the Bitcoin Links Handling section. You copy the address from a document onto your clipboard, ready to paste the address into the box ready for the Bitcoin to be sent. Of course, by copy and pasting, you can be sure you don’t miss a letter or a digit and thus, can be sure that you enter the correct address.
How to Sell Bitcoin & Withdraw on Blockchain.com 2020 ...
Be careful when copy/pasting bitcoin wallet address. some hidden code/programs sit in our computer system when we brows some website or install tools. I made... Video shows you how to transfer Bitcoin or Ethereum from Coinbase into a Blockchain wallet. In this video, I show you how to buy Bitcoin or other cryptocurrencies in your Blockchain wallet and on the Blockchain Exchange. If you're interested in gett... The Crypto Dad shows you how to recover a Blockchain.com Bitcoin wallet using a Seed. Important software used is: Blockchain.com website: https://www.blockch... In this video, I show you how to sell your bitcoin or other cryptocurrencies from your Blockchain account and how to withdraw your funds into your bank. If y...