Simple Schnorr Multi-Signatures with Applications to Bitcoin

Protect your Bitcoins with Multiple signatures using Guarda Wallet!

Protect your Bitcoins with Multiple signatures using Guarda Wallet! submitted by Mr_SauravKT to CryptoCurrencies [link] [comments]

How to create multi-sig transactions? Make your bitcoin more secure by using multiple signatures -

How to create multi-sig transactions? Make your bitcoin more secure by using multiple signatures - submitted by Mr_SauravKT to darknet [link] [comments]

Could Schnorr signatures be used by multiple users? /r/Bitcoin

Could Schnorr signatures be used by multiple users? /Bitcoin submitted by BitcoinAllBot to BitcoinAll [link] [comments]

'PayPal in Talks to Buy Crypto Firms Including BitGo', Paypal Seem to be going deeper on Crypto than first thought.
PayPal Holdings Inc. is exploring acquisitions of cryptocurrency companies including Bitcoin custodian BitGo Inc., according to people familiar with the matter, a move that would expand its embrace of digital coins.
PayPal has been holding talks with BitGo, a company that helps investors store Bitcoin securely, and could reach a deal within weeks, the people said, asking not to be identified because the matter is private. Talks could still fall apart and PayPal could opt to buy other targets, the people added.
It couldn’t be learned how much PayPal would pay for BitGo if it goes ahead with the deal. BitGo raised $58.5 million in 2018 at a $170 million valuation, according to PitchBook.
Representatives for BitGo and PayPal declined to comment.
Palo Alto, California-based BitGo was founded in 2013 by Chief Executive Officer Mike Belshe. It offers digital wallets that require multiple signatures for transactions, as well as offline vaults for storing Bitcoin and rival currencies. It was one of the first companies in the space to focus on institutional investors, according to its website.
The company applied in August to New York regulators to become an independent, regulated qualified custodian under New York State Banking Law, a press release showed. Custodians like BitCoin are responsible for safekeeping digital assets using secure storage.
PayPal announced on Wednesday that its customers can buy, sell and hold cryptocurrencies including Bitcoin, Ether, Bitcoin Cash and Litecoin from digital wallets, as well as use the virtual money to shop at the 26 million merchants on its network. The announcement led Bitcoin to surge past $13,000 for the first time since July 2019.
PayPal said it would partner with BitGo competitor Paxos Trust Company, a regulated provider of cryptocurrency products and services for its new service.
BitGo is backed by investors including Goldman Sachs Group Inc., Craft Ventures, Digital Currency Group, DRW, Galaxy Digital Ventures, Redpoint Ventures, Valor Equity Partners and Founders Fund.
submitted by MJURICAN to investing [link] [comments]

How do I verify it with multiple signatures? /r/Bitcoin

How do I verify it with multiple signatures? /Bitcoin submitted by BitcoinAllBot to BitcoinAll [link] [comments]

[OC] Which front offices and agents are the 3 major newsbreakers connected to? I went through 6000+ tweets to find out!

If this sounds somewhat familiar, that's because I did a 2019-2020 version and posted it back in March.
In terms of changes from that post:
Tracked tweets of Woj, Shams and Haynes from 2018-2020 to see whether any of them report on a certain team or a certain agent's players more than their counterparts. Here is the main graph concerning a reporter's percentage of tweets per team separated into three periods (2019 season, 2020 offseason, 2020 season). Here is a separate graph with the Lakers and Warriors, because Haynes's percentages would skew the first graph.

During times like the NBA trade deadline or the lifting of the NBA free-agency moratorium, it’s not uncommon to see Twitter replies to (or Reddit comments about) star reporters reference their performance relative to others.
Woj is the preeminent scoop hound, but he is also notorious for writing hit pieces on LeBron (sources say it’s been widely rumoured that the reason for these is that Woj has always been unable to place a reliable source in LeBron’s camp). On the other end of the spectrum, it has been revealed that in exchange for exclusive intel on league memos and Pistons dealings, Woj wrote puff pieces on then-GM Joe Dumars (see above Kevin Draper link). Last summer, Woj was accused of being a Clippers shill on this very discussion board for noticeably driving the Kawhi Leonard free agency conversation towards the team.
This is the reason I undertook this project: to see whether some reporters have more sources in certain teams (and certain agencies) than other reporters.
First I’ll explain the methodology, then present the data with some initial comments.


To make this manageable on myself, I limited myself to tracking the 3 major national reporters: Shams Charania of the Athletic, Chris Haynes of Yahoo Sports and the aforementioned Adrian Wojnarowski of ESPN.
The time period I initially tracked for was from January 1, 2020 to the end of the regular season March, but after finding a Twitter scraping tool on GitHub called Twint, I was able to easily retrieve all tweets since September 27, 2018. However, a month ago, Twitter closed their old API endpoints, and Twint ceased to work. I used but the data loading became more time-consuming. Therefore, the tweets are up to the date of October 15 2020.
How I determined information was by manually parsing text tweets by the reporter (no retweets):
Now, I didn’t take every single text tweet:
Next, I had to assign possible teams to each tweet:
With all the methodology out of the way, here’s the data! (Here’s a link to a full Google Sheet)


Here's a graph of number of tweets per team per period, with the colours denoting reporter.
On a quick glance, here's which teams saw a significant period-over-period increase in number of tweets:
And here's which teams saw decreases over a period-by-period basis:
The problem with just using number of tweets is that it's not close on totals between Haynes vs. Woj or Shams. Here's a graph showing total number of tweets in each period for all three reporters. Haynes's most reported period doesn't even stack up to the least reported period of Woj or Shams.
Instead, let's look at percentage of tweets per team per period.
Now, you'll notice that there's two teams missing from the above graph: the Golden State Warriors and the Los Angeles Lakers. Here's the graphs for those two teams. As you can see, they would skew the previous graph far too much. During the 2019 NBA season, 27% of Chris Haynes's qualifying tweets could be possibly linked to the Warriors, and 14% of his qualifying tweets could be possibly linked to the Lakers.


Here's the top 10 agents in terms of number of potential tweets concerning their clients.
Agent Haynes Shams Woj Total
Rich Paul 15 28 24 67
Mark Bartelstein 4 16 30 50
Jeff Schwartz 3 10 25 38
Bill Duffy 2 13 14 29
Leon Rose 1 12 15 28
Aaron Mintz 2 9 15 26
Juan Perez 5 10 8 23
Aaron Goodwin 11 8 1 20
Steven Heumann 1 6 12 19
Sam Permut 1 13 5 19
Woj has the most tweets directly connected to agents by far. It wasn't uncommon to see "Player X signs deal with Team Y, Agent Z of Agency F tells ESPN." The agents that go to Woj (and some of their top clients):
One thing I found very intriguing: 15/16 of tweets concerning an Aaron Turner client were reported on by Shams. Turner is the head of Verus Basketball, whose clients include Terry Rozier, Victor Oladipo and Kevin Knox. Shams also reported more than 50% of news relating to clients of Sam Permut of Roc Nation. Permut is the current agent of Kyrie Irving, after Irving fired Jeff Wechsler near the beginning of the 2019 offseason. Permut also reps the Morris brothers and Trey Burke.
As for Chris Haynes, he doesn't really do much agent news (at least not at the level of Woj and Shams). However, he reported more than 50% of news relating to clients of Aaron Goodwin of Goodwin Sports Management, who reps Damian Lillard and DeMar DeRozan.
Here are the top 10 free agents from Forbes, along with their agent and who I predict will be the first/only one to break the news.
Player Agent Most Likely Reporter
Anthony Davis Rich Paul Too close to call, leaning Shams
Brandon Ingram Jeff Schwartz Woj
DeMar DeRozan Aaron Goodwin Haynes
Fred VanVleet Brian Jungreis Limited data
Andre Drummond Jeff Schwartz Woj
Montrezl Harrell Rich Paul Too close to call, leaning Shams
Gordon Hayward Mark Bartelstein Woj
Danilo Gallinari Michael Tellem Woj
Bogdan Bogdanovic Alexander Raskovic, Jason Ranne Limited data, but part of Wasserman, whose players are predominantly reported on by Woj
Davis Bertans Arturs Kalnitis Limited data
Thanks for reading! As always with this type of work, human error is not completely eliminated. If you think a tweet was mistakenly removed, feel free to drop me a line and I’ll try to explain my thought process on that specific tweet! Hope y’all enjoyed the research!
submitted by cilantro_samosa to nba [link] [comments]

BetFury Birthday Bounty campaign for 15 mln BFG ($235 000)

BetFury Birthday Bounty campaign for 15 mln BFG ($235 000)
All Betfurians are looking forward to the grand holiday. Very soon we will be celebrating the first year of our platform. To make this holiday memorable, we have created a Huge Bounty campaign for 15 mln BFG on BitcoinTalk! Prizes are waiting for you in all social networks: Twitter, Facebook, Instagram, TikTok, Telegram, YouTube, Reddit. More rewards for BitcoinTalk Signature & Articles in: Steemit, Reddit, Medium, Golos, Quora.
Everyone is invited! Hurry up to apply for participation faster than others! The number of participants for some campaigns is limited.
Start receiving Birthday gifts now:
  1. Join the official Telegram channel and Bounty chat
  2. Create an account at
  3. Fill out the spreadsheet. There is a separate Google form for each campaign. After you have filled out Google forms go to the General spreadsheet and find your data. If you find your name in the spreadsheet, publish a post in this thread confirming your participation.
  4. Follow the requirements of the selected campaign carefully, taking into account all the important points.
  5. Publish your Weekly Report in this thread every week until MONDAY UTC 23:59 The reports are checked on TUESDAY.
  6. Get BFG tokens and use it for your own pleasure: stake and get daily dividends, bid in auction to get crypto, play In-house games and hold to exchange in the future.
General Rules:
  1. Participants can’t change their BetFury account nickname after registration.
  2. Check twice your nickname before registering for the campaign.
  3. KYC is not required for the Bounty campaign.
  4. Multiple accounts, fraud and spam are not allowed. You will be immediately disqualified from the Bounty program. Please note that any offensive or inappropriate behavior will result in immediate disqualification from the campaign.
  5. @Manager_BetFury and the project team reserve the right to change the terms of the campaign at any time.
  6. The submission form for articles and videos will be closed 3 days before the end of the Bounty.
  7. Accounts with negative (red) trust are not allowed to participate in the Bounty.
  8. The budget can be reallocated between campaigns in case of a shortage of coins for payments in one of them.
  9. Please check all links in your Weekly Report a few times to make sure they actually lead to your articles, Tweets, Retweets, Posts, Reposts, comments, video. Payments to all members are made every 2 weeks to the internal BetFury wallet.
If you have any questions - write our Bounty manager in the Bounty chat.

  • Subscribe to the official BetFury page on Twitter
  • Retweet posts using special hashtags
  • Create at least 2 Tweets about the BetFury project per week, mentioning @betfury_io
  • Retweet the bounty post every two weeks. Full Campaign rules and terms of participation here:
**Awards:** 300+ subscribers: $1 per week in tokens = 35 BFG(TRX) + 35 BFG(BTC) 500+ subscribers: $2 per week in tokens = 70 BFG(TRX) + 70 BFG(BTC) 2 500+ subscribers: $5 per week in tokens = 160 BFG(TRX) + 160 BFG(BTC) 10 000+ subscribers: $15 per week in tokens = 490 BFG(TRX) + 490 BFG(BTC) *Monthly Bonus + Quarterly Bonus

**Awards:** 300+ subscribers: $1 per week in tokens = 35 BFG(TRX) + 35 BFG(BTC) 500+ subscribers: $2 per week in tokens = 70 BFG(TRX) + 70 BFG(BTC) 2 500+ subscribers: $5 per week in tokens = 160 BFG(TRX) + 160 BFG(BTC) 3 000+ subscribers: $8 per week in tokens = 260 BFG(TRX) + 260 BFG(BTC) *Monthly Bonus + Quarterly Bonus

  • Subscribe to the BetFury official page on Reddit.
  • Make posts and write comments on a subreddit that is focused on cryptocurrency, blockchain, gambling, crypto faucets
  • Subreddits must have more than 500 subscribers.
  • Post/message length - at least 30 characters.
  • Your post/comment should link to
  • Repost the Bounty post every two weeks.
  • Don’t delete your posts/comments during this campaign.
  • Copy/paste and reposts of our posts in Reddit is prohibited. Full Campaign rules and terms of participation here:
**Awards:Posts:** 5+ posts: $3 per week in tokens = 95 BFG(TRX) + 95 BFG(BTC) 10+ posts: $6 per week in tokens = 195 BFG(TRX) + 195 BFG(BTC) **Comments:** 5+ comments: per week $2 in tokens = 65 BFG(TRX) +65 BFG(BTC) 10+ comments: per week $4 in tokens = 130 BFG(TRX) + 130 BFG(BTC) *Monthly Bonus + Quarterly Bonus

**Awards:** 300+ subscribers: $1 per week in tokens = 35 BFG(TRX) + 35 BFG(BTC) 500+ subscribers: $2 per week in tokens = 65 BFG(TRX) + 65 BFG(BTC) 1 000+ subscribers: $5 per week in tokens = 160 BFG(TRX) + 160 BFG(BTC) 10 000+ subscribers: $15 per week in tokens = 490 BFG(TRX) + 490 BFG(BTC) *Monthly Bonus + Quarterly Bonus

  • Change your Telegram name to “Your Name | BetFury Ambassador".
  • Replace your profile picture with your BetFury avatar.
  • Insert your referral link in the paragraph about “yourself”.
  • Write posts in other Telegram groups related to cryptocurrency, blockchain, gambling, crypto faucets. (max 2 messages per day).
  • You must remain in the Bounty group and keep the avatar, nickname and description till the end of the campaign to receive your reward. Full Campaign rules and terms of participation here:
**Award:** $3 in tokens for the week = 95 BFG(TRX) + 95 BFG(BTC) *Monthly Bonus + Quarterly Bonus
**Do you own a Telegram group? Tell about BetFury in your Telegram group/Channel and earn! **Publish only 3 posts per week in your Group/Channel, that is focused on cryptocurrency, blockchain, gambling, crypto faucets. Posts must remain in the feed until the end of the Bounty campaign. A prerequisite is to make a post about the Bounty every two weeks. You can insert your referral link into the post.
**Awards:** 300+ subscribers: $1 per week in tokens = 35 BFG(TRX) + 35 BFG(BTC) 500+ subscribers: $2 per week in tokens = 65 BFG(TRX) + 65 BFG(BTC) 1 000+ subscribers: $5 per week in tokens = 160 BFG(TRX) + 160 BFG(BTC) 10 000+ subscribers: $15 per week in tokens = 490 BFG(TRX) + 490 BFG(BTC) *Monthly Bonus + Quarterly Bonus

Campaign rules
**Awards are determined according to the quality of the video:** High quality: $100 in tokens = 3 250 BFG(TRX) + 3 250 BFG(BTC) Excellent quality: $50 in tokens = 1,625 BFG(TRX) + 1,625 BFG(BTC) Normal quality: $20 in tokens = 650 BFG(TRX) + 650 BFG(BTC) *Quarterly Bonus

Tik Tok
  • Shoot and upload a creative video on the topic of “Playing on BetFury is fun”. Use the raccoon Fury as a hero, game elements, gameplay.
  • Video length: min - 15 seconds, max 60 seconds.
  • Posts will only be accepted with special hashtags and mentioning u/
  • Presentations and videos in the form of musical performances are accepted. Full Campaign rules and terms of participation here:
**Awards:** 100+ views: $1 in tokens = 35 BFG(TRX) + 35 BFG(BTC) 500+ views: $3 in tokens = 95 BFG(TRX) + 95 BFG(BTC) 1 000+ views: $5 in tokens = 160 BFG(TRX) + 160 BFG(BTC) 5 000+ views: $10 in tokens = 325 BFG(TRX) + 325 BFG(BTC) *Quarterly Bonus

Blog & Article
  • Subscribe to the official BetFury page at Steemit.
  • Write an article / review / comparison / post about your BetFury experience on one of the selected topics below.
  • The work must be creative, original and unique.
  • You cannot delete your articles during the entire Bounty campaign.
  • Submit your article on Steemit, Reddit, Medium, Bitcointalk, Golos, Quora, or other publicly accessible sites. Full Campaign rules and terms of participation here:
**Awards are determined according to the quality of the video:** Professional quality: $30 in tokens = 975 BFG(TRX) + 975 BFG(BTC) Excellent quality: $15 in tokens = 485 BFG(TRX) + 485 BFG(BTC) Normal quality: $5 in tokens = 160 BFG(TRX) + 160 BFG(BTC) *Quarterly Bonus

  • Newbies cannot participate in the campaign (rank Newbie)
  • Keep our signature and avatar until the end of the campaign.
  • Create at least 15 high quality posts per week. Post length - at least 150 characters.
  • A minimum of 10 posts per week should be written in these sections: Gambling, Mining, Project development, Announcements (Altcoins), Micro Earnings.
  • Spam, trolling, cheating are prohibited.
  • Negative trust accounts are not allowed to participate in the campaign.
  • Copper member rank = Jr. Member rank. Full Campaign rules and terms of participation here:
You can insert your referral link into this part of your signature code and get additional bonuses from participating in the campaign. Instruction
**Awards:** Jr Member: $2 per week in tokens = 75 BFG(TRX) + 75 BFG(BTC) Member: $5 per week in tokens = 165 BFG(TRX) + 165 BFG(BTC) Full Member: $10 per week in tokens = 325 BFG(TRX) + 325 BFG(BTC) Sr Member: $30 per week in tokens = 975 BFG(TRX) + 975 BFG(BTC) Hero and Legendary: $40 per week in tokens = 1300 BFG(TRX) + 1300 BFG(BTC)
The avatar is here. Signatures are here. *Monthly Bonus + Quarterly Bonus
*Topics for YouTube videos, articles / reviews / comparisons / posts:
  • What makes BetFury unique? The main advantages of the platform.
  • Features of mining at BetFury. Opportunities and prospects for BFG token holders.
  • Comparison with other projects in the field of gambling.
  • Acquaintance with the BetFury platform: how to enter, deposit/withdraw, placing bets in In-house games and slots, mining and staking BFG token.
  • Promotional campaigns and contests on BetFury: current events / personal experience of participation / accrual of winnings / withdrawal of funds.
  • BetFury: advantages over traditional games.
  • How does the dividend system and cashback work at BetFury?
  • Games at BetFury:In-house, Slots, Table Games, Live Games.
  • Ability to place bets on BetFury: TRX, USDT, BTT, BFG, SUN, BTC + dividends pools.
  • BetFury benefits: Min bet, Daily tasks, Jackpots, Cashback, Dividends, Rank system.
Check *Monthly Bonus & Quarterly Bonus in the rules of each campaign on BitcoinTalk.
There will be enough gifts for everyone! Call your friends and participate together to share the fun of this holiday.
Link to the Website: Link to the Telegram: Link to the Twitter: Link to the Telegram Channel: Link to the Steemit: Link to Facebook: Link to Instagram: Link to Reddit:
submitted by BetFury_io to u/BetFury_io [link] [comments]

Ultimate glossary of crypto currency terms, acronyms and abbreviations

I thought it would be really cool to have an ultimate guide for those new to crypto currencies and the terms used. I made this mostly for beginner’s and veterans alike. I’m not sure how much use you will get out of this. Stuff gets lost on Reddit quite easily so I hope this finds its way to you. Included in this list, I have included most of the terms used in crypto-communities. I have compiled this list from a multitude of sources. The list is in alphabetical order and may include some words/terms not exclusive to the crypto world but may be helpful regardless.
Two factor authentication. I highly advise that you use it.
51% Attack:
A situation where a single malicious individual or group gains control of more than half of a cryptocurrency network’s computing power. Theoretically, it could allow perpetrators to manipulate the system and spend the same coin multiple times, stop other users from completing blocks and make conflicting transactions to a chain that could harm the network.
Address (or Addy):
A unique string of numbers and letters (both upper and lower case) used to send, receive or store cryptocurrency on the network. It is also the public key in a pair of keys needed to sign a digital transaction. Addresses can be shared publicly as a text or in the form of a scannable QR code. They differ between cryptocurrencies. You can’t send Bitcoin to an Ethereum address, for example.
Altcoin (alternative coin): Any digital currency other than Bitcoin. These other currencies are alternatives to Bitcoin regarding features and functionalities (e.g. faster confirmation time, lower price, improved mining algorithm, higher total coin supply). There are hundreds of altcoins, including Ether, Ripple, Litecoin and many many others.
An event where the investors/participants are able to receive free tokens or coins into their digital wallet.
AML: Defines Anti-Money Laundering laws**.**
Getting risk-free profits by trading (simultaneous buying and selling of the cryptocurrency) on two different exchanges which have different prices for the same asset.
Being Ashdraked is essentially a more detailed version of being Zhoutonged. It is when you lose all of your invested capital, but you do so specifically by shorting Bitcoin. The expression “Ashdraked” comes from a story of a Romanian cryptocurrency investor who insisted upon shorting BTC, as he had done so successfully in the past. When the price of BTC rose from USD 300 to USD 500, the Romanian investor lost all of his money.
ATH (All Time High):
The highest price ever achieved by a cryptocurrency in its entire history. Alternatively, ATL is all time low
A tendency of prices to fall; a pessimistic expectation that the value of a coin is going to drop.
Bear trap:
A manipulation of a stock or commodity by investors.
The very first, and the highest ever valued, mass-market open source and decentralized cryptocurrency and digital payment system that runs on a worldwide peer to peer network. It operates independently of any centralized authorities
One of the biggest scams in the crypto world. it was made popular in the meme world by screaming idiot Carlos Matos, who infamously proclaimed," hey hey heeeey” and “what's a what's a what's up wasssssssssuuuuuuuuuuuuup, BitConneeeeeeeeeeeeeeeeeeeeeeeect!”. He is now in the mentally ill meme hall of fame.
A package of permanently recorded data about transactions occurring every time period (typically about 10 minutes) on the blockchain network. Once a record has been completed and verified, it goes into a blockchain and gives way to the next block. Each block also contains a complex mathematical puzzle with a unique answer, without which new blocks can’t be added to the chain.
An unchangeable digital record of all transactions ever made in a particular cryptocurrency and shared across thousands of computers worldwide. It has no central authority governing it. Records, or blocks, are chained to each other using a cryptographic signature. They are stored publicly and chronologically, from the genesis block to the latest block, hence the term blockchain. Anyone can have access to the database and yet it remains incredibly difficult to hack.
A tendency of prices to rise; an optimistic expectation that a specific cryptocurrency will do well and its value is going to increase.
Buy the fucking dip. This advise was bestowed upon us by the gods themselves. It is the iron code to crypto enthusiasts.
Bull market:
A market that Cryptos are going up.
An agreement among blockchain participants on the validity of data. Consensus is reached when the majority of nodes on the network verify that the transaction is 100% valid.
Crypto bubble:
The instability of cryptocurrencies in terms of price value
A type of digital currency, secured by strong computer code (cryptography), that operates independently of any middlemen or central authoritie
The art of converting sensitive data into a format unreadable for unauthorized users, which when decoded would result in a meaningful statement.
The use of someone else’s device and profiting from its computational power to mine cryptocurrency without their knowledge and consent.
When HODLers(holders) eventually cash out they go to a place called crypto-Valhalla. The strong will be separated from the weak and the strong will then be given lambos.
Decentralized Autonomous Organizations. It defines A blockchain technology inspired organization or corporation that exists and operates without human intervention.
Dapp (decentralized application):
An open-source application that runs and stores its data on a blockchain network (instead of a central server) to prevent a single failure point. This software is not controlled by the single body – information comes from people providing other people with data or computing power.
A system with no fundamental control authority that governs the network. Instead, it is jointly managed by all users to the system.
Desktop wallet:
A wallet that stores the private keys on your computer, which allow the spending and management of your bitcoins.
Long red or green candles. This is a crypto signal that tells you that it is not favorable to trade at the moment. Found on candlestick charts.
Digital Signature:
An encrypted digital code attached to an electronic document to prove that the sender is who they say they are and confirm that a transaction is valid and should be accepted by the network.
Double Spending:
An attack on the blockchain where a malicious user manipulates the network by sending digital money to two different recipients at exactly the same time.
Means do your own research.
Converting data into code to protect it from unauthorized access, so that only the intended recipient(s) can decode it.
the practice of having a third party act as an intermediary in a transaction. This third party holds the funds on and sends them off when the transaction is completed.
Ethereum is an open source, public, blockchain-based platform that runs smart contracts and allows you to build dapps on it. Ethereum is fueled by the cryptocurrency Ether.
A platform (centralized or decentralized) for exchanging (trading) different forms of cryptocurrencies. These exchanges allow you to exchange cryptos for local currency. Some popular exchanges are Coinbase, Bittrex, Kraken and more.
A website which gives away free cryptocurrencies.
Fiat money:
Fiat currency is legal tender whose value is backed by the government that issued it, such as the US dollar or UK pound.
A split in the blockchain, resulting in two separate branches, an original and a new alternate version of the cryptocurrency. As a single blockchain forks into two, they will both run simultaneously on different parts of the network. For example, Bitcoin Cash is a Bitcoin fork.
Fear of missing out.
A system is frictionless when there are zero transaction costs or trading retraints.
Fear, Uncertainty and Doubt regarding the crypto market.
A fee paid to run transactions, dapps and smart contracts on Ethereum.
A 50% decrease in block reward after the mining of a pre-specified number of blocks. Every 4 years, the “reward” for successfully mining a block of bitcoin is reduced by half. This is referred to as “Halving”.
Hardware wallet:
Physical wallet devices that can securely store cryptocurrency maximally. Some examples are Ledger Nano S**,** Digital Bitbox and more**.**
The process that takes input data of varying sizes, performs an operation on it and converts it into a fixed size output. It cannot be reversed.
The process by which you mine bitcoin or similar cryptocurrency, by trying to solve the mathematical problem within it, using cryptographic hash functions.
A Bitcoin enthusiast once accidentally misspelled the word HOLD and it is now part of the bitcoin legend. It can also mean hold on for dear life.
ICO (Initial Coin Offering):
A blockchain-based fundraising mechanism, or a public crowd sale of a new digital coin, used to raise capital from supporters for an early stage crypto venture. Beware of these as there have been quite a few scams in the past.
John mcAfee:
A man who will one day eat his balls on live television for falsely predicting bitcoin going to 100k. He has also become a small meme within the crypto community for his outlandish claims.
Joy of missing out. For those who are so depressed about missing out their sadness becomes joy.
Know your customer(alternatively consumer).
This stands for Lamborghini. A small meme within the investing community where the moment someone gets rich they spend their earnings on a lambo. One day we will all have lambos in crypto-valhalla.
Away from Blockchain, it is a book of financial transactions and balances. In the world of crypto, the blockchain functions as a ledger. A digital currency’s ledger records all transactions which took place on a certain block chain network.
Trading with borrowed capital (margin) in order to increase the potential return of an investment.
The availability of an asset to be bought and sold easily, without affecting its market price.
of the coins.
Margin trading:
The trading of assets or securities bought with borrowed money.
Market cap/MCAP:
A short-term for Market Capitalization. Market Capitalization refers to the market value of a particular cryptocurrency. It is computed by multiplying the Price of an individual unit of coins by the total circulating supply.
A computer participating in any cryptocurrency network performing proof of work. This is usually done to receive block rewards.
The act of solving a complex math equation to validate a blockchain transaction using computer processing power and specialized hardware.
Mining contract:
A method of investing in bitcoin mining hardware, allowing anyone to rent out a pre-specified amount of hashing power, for an agreed amount of time. The mining service takes care of hardware maintenance, hosting and electricity costs, making it simpler for investors.
Mining rig:
A computer specially designed for mining cryptocurrencies.
A situation the price of a coin rapidly increases in value. Can also be used as: “I hope bitcoin goes to the moon”
Any computing device that connects to the blockchain network.
Open source:
The practice of sharing the source code for a piece of computer software, allowing it to be distributed and altered by anyone.
Over the counter. Trading is done directly between parties.
P2P (Peer to Peer):
A type of network connection where participants interact directly with each other rather than through a centralized third party. The system allows the exchange of resources from A to B, without having to go through a separate server.
Paper wallet:
A form of “cold storage” where the private keys are printed onto a piece of paper and stored offline. Considered as one of the safest crypto wallets, the truth is that it majors in sweeping coins from your wallets.
Pre mining:
The mining of a cryptocurrency by its developers before it is released to the public.
Proof of stake (POS):
A consensus distribution algorithm which essentially rewards you based upon the amount of the coin that you own. In other words, more investment in the coin will leads to more gain when you mine with this protocol In Proof of Stake, the resource held by the “miner” is their stake in the currency.
The competition of computers competing to solve a tough crypto math problem. The first computer that does this is allowed to create new blocks and record information.” The miner is then usually rewarded via transaction fees.
A standardized set of rules for formatting and processing data.
Public key / private key:
A cryptographic code that allows a user to receive cryptocurrencies into an account. The public key is made available to everyone via a publicly accessible directory, and the private key remains confidential to its respective owner. Because the key pair is mathematically related, whatever is encrypted with a public key may only be decrypted by its corresponding private key.
Pump and dump:
Massive buying and selling activity of cryptocurrencies (sometimes organized and to one’s benefit) which essentially result in a phenomenon where the significant surge in the value of coin followed by a huge crash take place in a short time frame.
Recovery phrase:
A set of phrases you are given whereby you can regain or access your wallet should you lose the private key to your wallets — paper, mobile, desktop, and hardware wallet. These phrases are some random 12–24 words. A recovery Phrase can also be called as Recovery seed, Seed Key, Recovery Key, or Seed Phrase.
Referring to the word “wrecked”. It defines a situation whereby an investor or trader who has been ruined utterly following the massive losses suffered in crypto industry.
An alternative payment network to Bitcoin based on similar cryptography. The ripple network uses XRP as currency and is capable of sending any asset type.
Return on investment.
A crypto term for safe popularized by the Bizonnaci YouTube channel after the CEO of Binance tweeted
“Funds are safe."
“the exchage I use got hacked!”“Oh no, are your funds safu?”
“My coins better be safu!”

The smallest fraction of a bitcoin is called a “satoshi” or “sat”. It represents one hundred-millionth of a bitcoin and is named after Satoshi Nakamoto.
Satoshi Nakamoto:
This was the pseudonym for the mysterious creator of Bitcoin.
The ability of a cryptocurrency to contain the massive use of its Blockchain.
A scaling solution for the Blockchain. It is generally a method that allows nodes to have partial copies of the complete blockchain in order to increase overall network performance and consensus speeds.
Coin with little potential or future prospects.
Spreading buzz by heavily promoting a particular coin in the community to create awareness.
Short position:
Selling of a specific cryptocurrency with an expectation that it will drop in value.
Silk road:
The online marketplace where drugs and other illicit items were traded for Bitcoin. This marketplace is using accessed through “TOR”, and VPNs. In October 2013, a Silk Road was shut down in by the FBI.
Smart Contract:
Certain computational benchmarks or barriers that have to be met in turn for money or data to be deposited or even be used to verify things such as land rights.
Software Wallet:
A crypto wallet that exists purely as software files on a computer. Usually, software wallets can be generated for free from a variety of sources.
A contract-oriented coding language for implementing smart contracts on Ethereum. Its syntax is similar to that of JavaScript.
Stable coin:
A cryptocoin with an extremely low volatility that can be used to trade against the overall market.
Staking is the process of actively participating in transaction validation (similar to mining) on a proof-of-stake (PoS) blockchain. On these blockchains, anyone with a minimum-required balance of a specific cryptocurrency can validate transactions and earn Staking rewards.
When a crypto currency appreciates or goes up in price.
The opposite of mooning. When a coin tanks it can also be described as crashing.
For traders , the chief prize is “tendies” (chicken tenders, the treat an overgrown man-child receives for being a “Good Boy”) .
A unit of value that represents a digital asset built on a blockchain system. A token is usually considered as a “coin” of a cryptocurrency, but it really has a wider functionality.
TOR: “The Onion Router” is a free web browser designed to protect users’ anonymity and resist censorship. Tor is usually used surfing the web anonymously and access sites on the “Darkweb”.
Transaction fee:
An amount of money users are charged from their transaction when sending cryptocurrencies.
A measure of fluctuations in the price of a financial instrument over time. High volatility in bitcoin is seen as risky since its shifting value discourages people from spending or accepting it.
A file that stores all your private keys and communicates with the blockchain to perform transactions. It allows you to send and receive bitcoins securely as well as view your balance and transaction history.
An investor that holds a tremendous amount of cryptocurrency. Their extraordinary large holdings allow them to control prices and manipulate the market.

A comprehensive report or guide made to understand an issue or help decision making. It is also seen as a technical write up that most cryptocurrencies provide to take a deep look into the structure and plan of the cryptocurrency/Blockchain project. Satoshi Nakamoto was the first to release a whitepaper on Bitcoin, titled “Bitcoin: A Peer-to-Peer Electronic Cash System” in late 2008.
And with that I finally complete my odyssey. I sincerely hope that this helped you and if you are new, I welcome you to crypto. If you read all of that I hope it increased, you in knowledge.
my final definition:
A collection of all the HODLers and crypto fanatics. A place where all people alike unite over a love for crypto.
We are all in this together as we pioneer the new world that is crypto currency. I wish you a great day and Happy HODLing.
feel free to comment words or terms that you feel should be included or about any errors I made.
Edit1:some fixes were made and added words.
submitted by flacciduck to CryptoCurrency [link] [comments]

Everyday info sec, hardcore info sec, and DNMs

Edit: Currently writing a new version of this, dont know when it will be done.
Edit: Since first post I have updated a few sections with additional information.
I recommend reading it all even if it is very long, I might have placed some relevant info in different sections while thinking about what else needed to be added, plenty of steps remains mostly the same except when I comment directly on it. It is not necessary to do 100% security all the time, unless you absolutely need it, combining some high and some lower security ideas for a balance of security and convenience is useful.
I will base this mostly on Windows, Linux users probably know this, and I have no idea how apple machines work (tho many things in here are still relevant for other operating systems, as they are just general tips)
Disclaimer: There are certainly other steps that can make you more anonymous or safer, however I think for most people this will surfice. Any software I recommend should be independently verified for security, and examples of software are not to be taken as endorsements. I simply use examples and give recommendations when I believe it necessary, or helpful.
I will not really differentiate between anonymity and security, they are often the same thing. As such the word security can mean either more anonymous, less vulnerable, or both.
Everyday Simple Info Sec:
-There could be a hidden administrator user on your PC, make sure to change its password
(Snapchat msgs, reddit dms, discord msgs, are just a few examples of msgs that are never encrypted)
-Any info even send in encrypted msgs (and obviously non encrypted) should still be kept with possible deniability, don't say "I'm gonna do MDMA", say "I'm going out with molly."
-DO NOT STORE ANY PASSWORDS ON GOOGLE, IF GOOGLE LOGIN IS AUTHENTICATED IT WILL AUTFILL ALL PASSWORDS IT HAS SAVED (same with other similar services) (This means if you are logged in to chrome and someone has access to your machine, they can auto fill passwords without entering a single password)
-use a rememberable passphrase, especially for your master key ring aka password manager A long sentence that is memorable makes an okay password (decent example,: "I met my wife at Little Ceasers for the first time on 07/09/20" better even if it's just something you know, if its impersonal, and if you can add special characters or numbers that you won't forget) (A better example for a passphrase is: "There is 0nly 0ne letter that d0esn’t appear in any U.S. state nameQ")
-Purge your internet activity frequently, there's a reason why I only have one post, and a few comments appearing in my account, but thousands of kama. Exposing information needlessly is not good.
-Never post private information publicly, and if you do, do it vaguely as possible. (Example: Not "I'm 15", say "I'm a teenager") Do not post any vital information ever, no birthdays, mother's maiden name, age, or anything you have ever seen in a security question. Never post your current activities while they are ongoing. You going on a vacation? Don't announce it to the world, taking picture there? Post them when you are home.
-Rethink how you do security questions. Many answers to security questions can be found in your internet history. One could use the first word of the security question as an answer, or a different sceme that will mean you always remember it. (Security question need to go, the amount of personal info an average person puts on the internet makes it easy to attack anything using security question)
High level crimimal information security:
The motto here is, "All the Security, All the Time" As one fuck up can end with you leaving a lick of traceability, and you could be fucked.
Pre Note: All of your software should always be up to date. Also even perfect info sec does not guarantee you are completely safe, a new zero day (exploit) can still fuck you, but good info security makes you significantly safer, by eliminating as many attacks as possible.
-Get a new device (or make a already owned device seem like you never owned it, do this only if you know how to, there's a lot of stuff that goes into that, like changing your mac adress etc) buy with cash, and your face covered, preferably far away from where you live. (Do I need to specify to not bring your phone or anything else that tracks your location to anywhere you want to go anonymously?) (Be aware that even hardware can have vulnerabilities, many cpus have known vulnerabilities, I can't list them all, do some research before buying)
-If you know how to use Tails (A linux distro designed for Info sec) use that, preferably on a USB. (Or learn how to use tails, its better, but complicated) Otherwise a clean copy of windows (make sure its not in any way associated with you) can do the job too, tho not as well. (Using a VM might give extra security, since VMs usually erase all data and RAM they were using on shutdown)
-Get a non tracking VPN, Enable the kill switch (a setting that disables all traffic that doesn't go through the VPN) (change your firewall settings to only allow the traffic from the VPN, windows guide (Change settings so only traffic from the tor application is send) Edit: (Due to complaints: do not use vpn over tor, use tor over vpn. tor over vpn has no notable downside, if the VPN logs it makes no difference, your ISP will always log anyways, and vpns remove other attack vectors and also provide backup security should tor fail. Again even if the VPN tracks you only change the people doing the tracking, but now you are further removed making it more anonymous and also with less vulnerabilities)
-rember privacy settings, cookie cleaner, and antivirus, password (There could be a hidden administrator user on your PC, make sure to change its password)
-Always use the device on a non admin account
-Ideally use this device only on networks that are not connected with you. Such as public networks (try to never use the same public networks twice, move around) (a home network should be fine now, as it should never be exposed, but more security is always better) (Its just a conveniences vs security trade)
-Never use accounts that have been exposed to lower security on higher security machines
-your browser is now TOR (or your preferred security focused browser, if you dont plan on using onion ) Make sure you get the standalone version of tor not the addon build (the standalone is safer, because there are less settings and options to tweak)
-Change your tor settings, to safest mode, enable a bridge (to my knowledge there's no difference in security between the build in bridges in tor), enable automatic updates, set duckduckgo onion as your primary browser. Set onion page as your home page. (Or your preferred privacy search engine and onion directory)
How to use dark net markets (DNMs)
If you finished your High Security setup, we can dive right in. Otherwise go do that. This is where all that is essential.
Quick info on Tor, and onion sites. There is no search engine. It's all based of directories and addresses you are given by others. Tor will likely not be very quick, it has to pass through multiple networks to get to the destination. DNMs sometimes exit scam, an exit scam is when a market shuts down completely and takes all the money, this is a risk when using DNMs, it's not too common but happens maybe 0-4 times a year. The admins of thoese servers need to get out at some point, before they get jailed, so they exit the game, and scam everyone out of their money.
-A very useful onion directory is it has a lot of links, for all kinds of stuff. News, email, DNMs, Psychonautwiki (harm reduction website), forums etc. (Other directories also exist)
-Pick a market, preferably one that handles secure connection server side instead of requiring you to establish the secure connection. Then create an account. Your account once created should include an entry box in your profile for a pgp key, post your PUBLIC key in there. (Verify the link is not a scam, most markets should provide a pgp signature)
-Next is currency setup. All major cryptocurrency exchangers can be used, I can recommend coin base but there could be better ones out there. Unless you find a small non U.S., exchange, they will always ask for your identity. So unless you can find a trustworthy exchange that doesn't ID, you will need to give it to them. (Side note, all major crypto exchangers report to the IRS, if the IRS asks you if you bought cryptocurrency and you bought while having IDed yourself SAY YES, DO NOT COMMIT TAX FRAUD WHEN THEY KNOW YOU DID)
-Transfer (monero you can send directly, btc you should scramble) to your wallet. There are two options a cold wallet (physical) or a software wallet. Software wallets usually dont cost anything so I recommend them, even if often less safe. Electrum is easy to use, and pretty safe. You can also do your own research and find a wallet that fits your needs.
-now you are ready to buy, only buy using escrow (it means the money is held by the market as a middle man until the product is delivered, they will also handle any issues like wrong quantity, cuts, etc), judge the reviews for a product, and if available look at the history of the vendor, until you find a product from a vendor you trust. (I recommend to buy within your country as much as possible, so it doesn't go through customs, it's very rare that something is found, but it can happen)
-now you get to buy, depending on market, you either have cryptocurrency stored in their wallets (not recommend, you will lose it in an exit scam) or you can send it every order. When you send your delivery adress (or the one you want it to go to) encrypt the adress using the sellers public key. Make sure the adress is correct.
-wait for the product, make sure to extend the escrow until the product arrives, if you can't extend it anymore dispute the order, and a moderator will step in
-test the product, use it, and leave a review. PLEASE LEAVE A REVIEW, DNMs only work because of reviews.
Edit: Didn't imagine I would write over 15000 words. Oh well, it was fun. Hope it helps, if you have any questions feel free to ask.
No idea how long this will stay up, I might purge it in 7 days, or never.
submitted by seven_N_A7 to u/seven_N_A7 [link] [comments]

Can PSBTs with unique signed inputs be combined together? How?

I know Bitcoin Core and Electrum will allow my to joinpsbts to create a PSBT with the inputs and outputs of both. They also allow me to combinepsbt to take two PSBTs with the same inputs and outputs and combine signature data.
But is there a way for me to take two PSBTs with SINGLE|ANYONECANPAY signed inputs and combine the inputs and outputs into one PSBT? The SINGLE|ANYONECANPAY sighash would seem to make this possible, I just didn't see this workflow covered anywhere in BIP-174
If Core or Electrum don't support it, is there a python library that might?

Update #2

Was able to cobble something together off of electrum with some ugly python. Here's essentially what I have:
``` from electrum.transaction import PartialTransaction
def dont_remove_signatures(): pass
signed_psbt = "cHNid...AAAIAA" unsigned_psbt = "cHNid...AAAAAA"
pj = PartialTransaction.from_raw_psbt(signed_psbt) pj.remove_signatures = dont_remove_signatures pj.join_with_other_psbt(PartialTransaction.from_raw_psbt(unsigned_psbt)) print(pj.serialize()) ```

Update #1

Did some digging and both Core and Electrum drop sig-data on join / combine operations by design, though this is not strictly required from the spec.


In general, the result of a Combiner combining two PSBTs from independent participants A and B should be functionally equivalent to a result obtained from processing the original PSBT by A and then B in a sequence. Or, for participants performing fA(psbt) and fB(psbt): Combine(fA(psbt), fB(psbt)) == fA(fB(psbt)) == fB(fA(psbt))
Or as I interpret that...
Sign(Combine(pbstA, pbstB)) == Combine(Sign(pbstA), Sign(pbstB))
But this is not the case.


joinpsbts merges multiple distinct PSBTs into a single PSBT. The multiple PSBTs must have different inputs. The resulting PSBT will contain every input and output from all of the PSBTs. Any signatures provided in any of the PSBTs will be dropped*.


def join_with_other_psbt(self, other_tx: 'PartialTransaction') -> None: """Adds inputs and outputs from other_tx into this one.""" ... self.remove_signatures()
submitted by brianddk to Bitcoin [link] [comments]

Gridcoin "Fern" Release
Finally! After over ten months of development and testing, "Fern" has arrived! This is a whopper. 240 pull requests merged. Essentially a complete rewrite that was started with the scraper (the "neural net" rewrite) in "Denise" has now been completed. Practically the ENTIRE Gridcoin specific codebase resting on top of the vanilla Bitcoin/Peercoin/Blackcoin vanilla PoS code has been rewritten. This removes the team requirement at last (see below), although there are many other important improvements besides that.
Fern was a monumental undertaking. We had to encode all of the old rules active for the v10 block protocol in new code and ensure that the new code was 100% compatible. This had to be done in such a way as to clear out all of the old spaghetti and ring-fence it with tightly controlled class implementations. We then wrote an entirely new, simplified ruleset for research rewards and reengineered contracts (which includes beacon management, polls, and voting) using properly classed code. The fundamentals of Gridcoin with this release are now on a very sound and maintainable footing, and the developers believe the codebase as updated here will serve as the fundamental basis for Gridcoin's future roadmap.
We have been testing this for MONTHS on testnet in various stages. The v10 (legacy) compatibility code has been running on testnet continuously as it was developed to ensure compatibility with existing nodes. During the last few months, we have done two private testnet forks and then the full public testnet testing for v11 code (the new protocol which is what Fern implements). The developers have also been running non-staking "sentinel" nodes on mainnet with this code to verify that the consensus rules are problem-free for the legacy compatibility code on the broader mainnet. We believe this amount of testing is going to result in a smooth rollout.
Given the amount of changes in Fern, I am presenting TWO changelogs below. One is high level, which summarizes the most significant changes in the protocol. The second changelog is the detailed one in the usual format, and gives you an inkling of the size of this release.



Note that the protocol changes will not become active until we cross the hard-fork transition height to v11, which has been set at 2053000. Given current average block spacing, this should happen around October 4, about one month from now.
Note that to get all of the beacons in the network on the new protocol, we are requiring ALL beacons to be validated. A two week (14 day) grace period is provided by the code, starting at the time of the transition height, for people currently holding a beacon to validate the beacon and prevent it from expiring. That means that EVERY CRUNCHER must advertise and validate their beacon AFTER the v11 transition (around Oct 4th) and BEFORE October 18th (or more precisely, 14 days from the actual date of the v11 transition). If you do not advertise and validate your beacon by this time, your beacon will expire and you will stop earning research rewards until you advertise and validate a new beacon. This process has been made much easier by a brand new beacon "wizard" that helps manage beacon advertisements and renewals. Once a beacon has been validated and is a v11 protocol beacon, the normal 180 day expiration rules apply. Note, however, that the 180 day expiration on research rewards has been removed with the Fern update. This means that while your beacon might expire after 180 days, your earned research rewards will be retained and can be claimed by advertising a beacon with the same CPID and going through the validation process again. In other words, you do not lose any earned research rewards if you do not stake a block within 180 days and keep your beacon up-to-date.
The transition height is also when the team requirement will be relaxed for the network.


Besides the beacon wizard, there are a number of improvements to the GUI, including new UI transaction types (and icons) for staking the superblock, sidestake sends, beacon advertisement, voting, poll creation, and transactions with a message. The main screen has been revamped with a better summary section, and better status icons. Several changes under the hood have improved GUI performance. And finally, the diagnostics have been revamped.


The wallet sync speed has been DRASTICALLY improved. A decent machine with a good network connection should be able to sync the entire mainnet blockchain in less than 4 hours. A fast machine with a really fast network connection and a good SSD can do it in about 2.5 hours. One of our goals was to reduce or eliminate the reliance on snapshots for mainnet, and I think we have accomplished that goal with the new sync speed. We have also streamlined the in-memory structures for the blockchain which shaves some memory use.
There are so many goodies here it is hard to summarize them all.
I would like to thank all of the contributors to this release, but especially thank @cyrossignol, whose incredible contributions formed the backbone of this release. I would also like to pay special thanks to @barton2526, @caraka, and @Quezacoatl1, who tirelessly helped during the testing and polishing phase on testnet with testing and repeated builds for all architectures.
The developers are proud to present this release to the community and we believe this represents the starting point for a true renaissance for Gridcoin!

Summary Changelog



Most significantly, nodes calculate research rewards directly from the magnitudes in EACH superblock between stakes instead of using a two- or three- point average based on a CPID's current magnitude and the magnitude for the CPID when it last staked. For those long-timers in the community, this has been referred to as "Superblock Windows," and was first done in proof-of-concept form by @denravonska.







As a reminder:









Detailed Changelog

[] 2020-09-03, mandatory, "Fern"





submitted by jamescowens to gridcoin [link] [comments]

Technical: Taproot: Why Activate?

This is a follow-up on
Taproot! Everybody wants it!! But... you might ask yourself: sure, everybody else wants it, but why would I, sovereign Bitcoin HODLer, want it? Surely I can be better than everybody else because I swapped XXX fiat for Bitcoin unlike all those nocoiners?
And it is important for you to know the reasons why you, o sovereign Bitcoiner, would want Taproot activated. After all, your nodes (or the nodes your wallets use, which if you are SPV, you hopefully can pester to your wallet vendoimplementor about) need to be upgraded in order for Taproot activation to actually succeed instead of becoming a hot sticky mess.
First, let's consider some principles of Bitcoin.
I'm sure most of us here would agree that the above are very important principles of Bitcoin and that these are principles we would not be willing to remove. If anything, we would want those principles strengthened (especially the last one, financial privacy, which current Bitcoin is only sporadically strong with: you can get privacy, it just requires effort to do so).
So, how does Taproot affect those principles?

Taproot and Your /Coins

Most HODLers probably HODL their coins in singlesig addresses. Sadly, switching to Taproot would do very little for you (it gives a mild discount at spend time, at the cost of a mild increase in fee at receive time (paid by whoever sends to you, so if it's a self-send from a P2PKH or bech32 address, you pay for this); mostly a wash).
(technical details: a Taproot output is 1 version byte + 32 byte public key, while a P2WPKH (bech32 singlesig) output is 1 version byte + 20 byte public key hash, so the Taproot output spends 12 bytes more; spending from a P2WPKH requires revealing a 32-byte public key later, which is not needed with Taproot, and Taproot signatures are about 9 bytes smaller than P2WPKH signatures, but the 32 bytes plus 9 bytes is divided by 4 because of the witness discount, so it saves about 11 bytes; mostly a wash, it increases blockweight by about 1 virtual byte, 4 weight for each Taproot-output-input, compared to P2WPKH-output-input).
However, as your HODLings grow in value, you might start wondering if multisignature k-of-n setups might be better for the security of your savings. And it is in multisignature that Taproot starts to give benefits!
Taproot switches to using Schnorr signing scheme. Schnorr makes key aggregation -- constructing a single public key from multiple public keys -- almost as trivial as adding numbers together. "Almost" because it involves some fairly advanced math instead of simple boring number adding, but hey when was the last time you added up your grocery list prices by hand huh?
With current P2SH and P2WSH multisignature schemes, if you have a 2-of-3 setup, then to spend, you need to provide two different signatures from two different public keys. With Taproot, you can create, using special moon math, a single public key that represents your 2-of-3 setup. Then you just put two of your devices together, have them communicate to each other (this can be done airgapped, in theory, by sending QR codes: the software to do this is not even being built yet, but that's because Taproot hasn't activated yet!), and they will make a single signature to authorize any spend from your 2-of-3 address. That's 73 witness bytes -- 18.25 virtual bytes -- of signatures you save!
And if you decide that your current setup with 1-of-1 P2PKH / P2WPKH addresses is just fine as-is: well, that's the whole point of a softfork: backwards-compatibility; you can receive from Taproot users just fine, and once your wallet is updated for Taproot-sending support, you can send to Taproot users just fine as well!
(P2WPKH and P2WSH -- SegWit v0 -- addresses start with bc1q; Taproot -- SegWit v1 --- addresses start with bc1p, in case you wanted to know the difference; in bech32 q is 0, p is 1)
Now how about HODLers who keep all, or some, of their coins on custodial services? Well, any custodial service worth its salt would be doing at least 2-of-3, or probably something even bigger, like 11-of-15. So your custodial service, if it switched to using Taproot internally, could save a lot more (imagine an 11-of-15 getting reduced from 11 signatures to just 1!), which --- we can only hope! --- should translate to lower fees and better customer service from your custodial service!
So I think we can say, very accurately, that the Bitcoin principle --- that YOU are in control of your money --- can only be helped by Taproot (if you are doing multisignature), and, because P2PKH and P2WPKH remain validly-usable addresses in a Taproot future, will not be harmed by Taproot. Its benefit to this principle might be small (it mostly only benefits multisignature users) but since it has no drawbacks with this (i.e. singlesig users can continue to use P2WPKH and P2PKH still) this is still a nice, tidy win!
(even singlesig users get a minor benefit, in that multisig users will now reduce their blockchain space footprint, so that fees can be kept low for everybody; so for example even if you have your single set of private keys engraved on titanium plates sealed in an airtight box stored in a safe buried in a desert protected by angry nomads riding giant sandworms because you're the frickin' Kwisatz Haderach, you still gain some benefit from Taproot)
And here's the important part: if P2PKH/P2WPKH is working perfectly fine with you and you decide to never use Taproot yourself, Taproot will not affect you detrimentally. First do no harm!

Taproot and Your Contracts

No one is an island, no one lives alone. Give and you shall receive. You know: by trading with other people, you can gain expertise in some obscure little necessity of the world (and greatly increase your productivity in that little field), and then trade the products of your expertise for necessities other people have created, all of you thereby gaining gains from trade.
So, contracts, which are basically enforceable agreements that facilitate trading with people who you do not personally know and therefore might not trust.
Let's start with a simple example. You want to buy some gewgaws from somebody. But you don't know them personally. The seller wants the money, you want their gewgaws, but because of the lack of trust (you don't know them!! what if they're scammers??) neither of you can benefit from gains from trade.
However, suppose both of you know of some entity that both of you trust. That entity can act as a trusted escrow. The entity provides you security: this enables the trade, allowing both of you to get gains from trade.
In Bitcoin-land, this can be implemented as a 2-of-3 multisignature. The three signatories in the multisgnature would be you, the gewgaw seller, and the escrow. You put the payment for the gewgaws into this 2-of-3 multisignature address.
Now, suppose it turns out neither of you are scammers (whaaaat!). You receive the gewgaws just fine and you're willing to pay up for them. Then you and the gewgaw seller just sign a transaction --- you and the gewgaw seller are 2, sufficient to trigger the 2-of-3 --- that spends from the 2-of-3 address to a singlesig the gewgaw seller wants (or whatever address the gewgaw seller wants).
But suppose some problem arises. The seller gave you gawgews instead of gewgaws. Or you decided to keep the gewgaws but not sign the transaction to release the funds to the seller. In either case, the escrow is notified, and if it can sign with you to refund the funds back to you (if the seller was a scammer) or it can sign with the seller to forward the funds to the seller (if you were a scammer).
Taproot helps with this: like mentioned above, it allows multisignature setups to produce only one signature, reducing blockchain space usage, and thus making contracts --- which require multiple people, by definition, you don't make contracts with yourself --- is made cheaper (which we hope enables more of these setups to happen for more gains from trade for everyone, also, moon and lambos).
(technology-wise, it's easier to make an n-of-n than a k-of-n, making a k-of-n would require a complex setup involving a long ritual with many communication rounds between the n participants, but an n-of-n can be done trivially with some moon math. You can, however, make what is effectively a 2-of-3 by using a three-branch SCRIPT: either 2-of-2 of you and seller, OR 2-of-2 of you and escrow, OR 2-of-2 of escrow and seller. Fortunately, Taproot adds a facility to embed a SCRIPT inside a public key, so you can have a 2-of-2 Taprooted address (between you and seller) with a SCRIPT branch that can instead be spent with 2-of-2 (you + escrow) OR 2-of-2 (seller + escrow), which implements the three-branched SCRIPT above. If neither of you are scammers (hopefully the common case) then you both sign using your keys and never have to contact the escrow, since you are just using the escrow public key without coordinating with them (because n-of-n is trivial but k-of-n requires setup with communication rounds), so in the "best case" where both of you are honest traders, you also get a privacy boost, in that the escrow never learns you have been trading on gewgaws, I mean ewww, gawgews are much better than gewgaws and therefore I now judge you for being a gewgaw enthusiast, you filthy gewgawer).

Taproot and Your Contracts, Part 2: Cryptographic Boogaloo

Now suppose you want to buy some data instead of things. For example, maybe you have some closed-source software in trial mode installed, and want to pay the developer for the full version. You want to pay for an activation code.
This can be done, today, by using an HTLC. The developer tells you the hash of the activation code. You pay to an HTLC, paying out to the developer if it reveals the preimage (the activation code), or refunding the money back to you after a pre-agreed timeout. If the developer claims the funds, it has to reveal the preimage, which is the activation code, and you can now activate your software. If the developer does not claim the funds by the timeout, you get refunded.
And you can do that, with HTLCs, today.
Of course, HTLCs do have problems:
Fortunately, with Schnorr (which is enabled by Taproot), we can now use the Scriptless Script constuction by Andrew Poelstra. This Scriptless Script allows a new construction, the PTLC or Pointlocked Timelocked Contract. Instead of hashes and preimages, just replace "hash" with "point" and "preimage" with "scalar".
Or as you might know them: "point" is really "public key" and "scalar" is really a "private key". What a PTLC does is that, given a particular public key, the pointlocked branch can be spent only if the spender reveals the private key of the given public key to you.
Another nice thing with PTLCs is that they are deniable. What appears onchain is just a single 2-of-2 signature between you and the developemanufacturer. It's like a magic trick. This signature has no special watermarks, it's a perfectly normal signature (the pledge). However, from this signature, plus some datta given to you by the developemanufacturer (known as the adaptor signature) you can derive the private key of a particular public key you both agree on (the turn). Anyone scraping the blockchain will just see signatures that look just like every other signature, and as long as nobody manages to hack you and get a copy of the adaptor signature or the private key, they cannot get the private key behind the public key (point) that the pointlocked branch needs (the prestige).
(Just to be clear, the public key you are getting the private key from, is distinct from the public key that the developemanufacturer will use for its funds. The activation key is different from the developer's onchain Bitcoin key, and it is the activation key whose private key you will be learning, not the developer's/manufacturer's onchain Bitcoin key).
Taproot lets PTLCs exist onchain because they enable Schnorr, which is a requirement of PTLCs / Scriptless Script.
(technology-wise, take note that Scriptless Script works only for the "pointlocked" branch of the contract; you need normal Script, or a pre-signed nLockTimed transaction, for the "timelocked" branch. Since Taproot can embed a script, you can have the Taproot pubkey be a 2-of-2 to implement the Scriptless Script "pointlocked" branch, then have a hidden script that lets you recover the funds with an OP_CHECKLOCKTIMEVERIFY after the timeout if the seller does not claim the funds.)

Quantum Quibbles!

Now if you were really paying attention, you might have noticed this parenthetical:
(technical details: a Taproot output is 1 version byte + 32 byte public key, while a P2WPKH (bech32 singlesig) output is 1 version byte + 20 byte public key hash...)
So wait, Taproot uses raw 32-byte public keys, and not public key hashes? Isn't that more quantum-vulnerable??
Well, in theory yes. In practice, they probably are not.
It's not that hashes can be broken by quantum computes --- they're still not. Instead, you have to look at how you spend from a P2WPKH/P2PKH pay-to-public-key-hash.
When you spend from a P2PKH / P2WPKH, you have to reveal the public key. Then Bitcoin hashes it and checks if this matches with the public-key-hash, and only then actually validates the signature for that public key.
So an unconfirmed transaction, floating in the mempools of nodes globally, will show, in plain sight for everyone to see, your public key.
(public keys should be public, that's why they're called public keys, LOL)
And if quantum computers are fast enough to be of concern, then they are probably fast enough that, in the several minutes to several hours from broadcast to confirmation, they have already cracked the public key that is openly broadcast with your transaction. The owner of the quantum computer can now replace your unconfirmed transaction with one that pays the funds to itself. Even if you did not opt-in RBF, miners are still incentivized to support RBF on RBF-disabled transactions.
So the extra hash is not as significant a protection against quantum computers as you might think. Instead, the extra hash-and-compare needed is just extra validation effort.
Further, if you have ever, in the past, spent from the address, then there exists already a transaction indelibly stored on the blockchain, openly displaying the public key from which quantum computers can derive the private key. So those are still vulnerable to quantum computers.
For the most part, the cryptographers behind Taproot (and Bitcoin Core) are of the opinion that quantum computers capable of cracking Bitcoin pubkeys are unlikely to appear within a decade or two.
For now, the homomorphic and linear properties of elliptic curve cryptography provide a lot of benefits --- particularly the linearity property is what enables Scriptless Script and simple multisignature (i.e. multisignatures that are just 1 signature onchain). So it might be a good idea to take advantage of them now while we are still fairly safe against quantum computers. It seems likely that quantum-safe signature schemes are nonlinear (thus losing these advantages).


I Wanna Be The Taprooter!

So, do you want to help activate Taproot? Here's what you, mister sovereign Bitcoin HODLer, can do!

But I Hate Taproot!!

That's fine!

Discussions About Taproot Activation

submitted by almkglor to Bitcoin [link] [comments]

Taproot, CoinJoins, and Cross-Input Signature Aggregation

It is a very common misconception that the upcoming Taproot upgrade helps CoinJoin.
TLDR: The upcoming Taproot upgrade does not help equal-valued CoinJoin at all, though it potentially increases the privacy of other protocols, such as the Lightning Network, and escrow contract schemes.
If you want to learn more, read on!

Equal-valued CoinJoins

Let's start with equal-valued CoinJoins, the type JoinMarket and Wasabi use. What happens is that some number of participants agree on some common value all of them use. With JoinMarket the taker defines this value and pays the makers to agree to it, with Wasabi the server defines a value approximately 0.1 BTC.
Then, each participant provides inputs that they unilaterally control, totaling equal or greater than the common value. Typically since each input is unilaterally controlled, each input just requires a singlesig. Each participant also provides up to two addresses they control: one of these will be paid with the common value, while the other will be used for any extra value in the inputs they provided (i.e. the change output).
The participants then make a single transaction that spends all the provided inputs and pays out to the appropriate outputs. The inputs and outputs are shuffled in some secure manner. Then the unsigned transaction is distributed back to all participants.
Finally, each participant checks that the transaction spends the inputs it provided (and more importantly does not spend any other coins it might own that it did not provide for this CoinJoin!) and that the transaction pays out to the appropriate address(es) it controls. Once they have validated the transaction, they ratify it by signing for each of the inputs it provided.
Once every participant has provided signatures for all inputs it registered, the transaction is now completely signed and the CoinJoin transaction is now validly confirmable.
CoinJoin is a very simple and direct privacy boost, it requires no SCRIPTs, needs only singlesig, etc.


Let's say we have two participants who have agreed on a common amount of 0.1 BTC. One provides a 0.105 coin as input, the other provides a 0.114 coin as input. This results in a CoinJoin with a 0.105 coin and a 0.114 coin as input, and outputs with 0.1, 0.005, 0.014, and 0.1 BTC.
Now obviously the 0.005 output came from the 0.105 input, and the 0.014 output came from the 0.114 input.
But the two 0.1 BTC outputs cannot be correlated with either input! There is no correlating information, since either output could have come from either input. That is how common CoinJoin implementations like Wasabi and JoinMarket gain privacy.

Banning CoinJoins

Unfortunately, large-scale CoinJoins like that made by Wasabi and JoinMarket are very obvious.
All you have to do is look for a transactions where, say, more than 3 outputs are the same equal value, and the number of inputs is equal or larger than the number of equal-valued outputs. Thus, it is trivial to identify equal-valued CoinJoins made by Wasabi and JoinMarket. You can even trivially differentiate them: Wasabi equal-valued CoinJoins are going to have a hundred or more inputs, with outputs that are in units of approximately 0.1 BTC, while JoinMarket CoinJoins have equal-valued outputs of less than a dozen (between 4 to 6 usually) and with the common value varying wildly from as low as 0.001 BTC to as high as a dozen BTC or more.
This has led to a number of anti-privacy exchanges to refuse to credit custodially-held accounts if the incoming deposit is within a few hops of an equal-valued CoinJoin, usually citing concerns about regulations. Crucially, the exchange continues to hold private keys for those "banned" deposits, and can still spend them, thus this is effectively a theft. If your exchange does this to you, you should report that exchange as stealing money from its customers. Not your keys not your coins.
Thus, CoinJoins represent a privacy tradeoff:


Let's now briefly discuss that nice new shiny thing called Taproot.
Taproot includes two components:
This has some nice properties:

Taproot DOES NOT HELP CoinJoin

So let's review!
There is absolutely no overlap. Taproot helps things that CoinJoin does not use. CoinJoin uses things that Taproot does not improve.

B-but They Said!!

A lot of early reporting on Taproot claimed that Taproot benefits CoinJoin.
What they are confusing is that earlier drafts of Taproot included a feature called cross-input signature aggregation.
In current Bitcoin, every input, to be spent, has to be signed individually. With cross-input signature aggregation, all inputs that support this feature are signed with a single signature that covers all those inputs. So for example if you would spend two inputs, current Bitcoin requires a signature for each input, but with cross-input signature aggregation you can sign both of them with a single signature. This works even if the inputs have different public keys: two inputs with cross-input signature aggregation effectively define a 2-of-2 public key, and you can only sign for that input if you know the private keys for both inputs, or if you are cooperatively signing with somebody who knows the private key of the other input.
This helps CoinJoin costs. Since CoinJoins will have lots of inputs (each participant will provide at least one, and probably will provide more, and larger participant sets are better for more privacy in CoinJoin), if all of them enabled cross-input signature aggregation, such large CoinJoins can have only a single signature.
This complicates the signing process for CoinJoins (the signers now have to sign cooperatively) but it can be well worth it for the reduced signature size and onchain cost.
But note that the while cross-input signature aggregation improves the cost of CoinJoins, it does not improve the privacy! Equal-valued CoinJoins are still obvious and still readily bannable by privacy-hating exchanges. It does not improve the privacy of CoinJoin. Instead, see

Why isn't cross-input signature aggregation in?

There's some fairly complex technical reasons why cross-input signature aggregation isn't in right now in the current Taproot proposal.
The primary reason was to reduce the technical complexity of Taproot, in the hope that it would be easier to convince users to activate (while support for Taproot is quite high, developers have become wary of being hopeful that new proposals will ever activate, given the previous difficulties with SegWit).
The main technical complexity here is that it interacts with future ways to extend Bitcoin.
The rest of this writeup assumes you already know about how Bitcoin SCRIPT works. If you don't understand how Bitcoin SCRIPT works at the low-level, then the TLDR is that cross-input signature aggregation complicates how to extend Bitcoin in the future, so it was deferred to let the develoeprs think more about it.
(this is how I understand it; perhaps pwuille or ajtowns can give a better summary.)
In detail, Taproot also introduces OP_SUCCESS opcodes. If you know about the OP_NOP opcodes already defined in current Bitcoin, well, OP_SUCCESS is basically "OP_NOP done right".
Now, OP_NOP is a do-nothing operation. It can be replaced in future versions of Bitcoin by having that operation check some condition, and then fail if the condition is not satisfied. For example, both OP_CHECKLOCKTIMEVERIFY and OP_CHECKSEQUENCEVERIFY were previously OP_NOP opcodes. Older nodes will see an OP_CHECKLOCKTIMEVERIFY and think it does nothing, but newer nodes will check if the nLockTime field has a correct specified value, and fail if the condition is not satisfied. Since most of the nodes on the network are using much newer versions of the node software, older nodes are protected from miners who try to misspend any OP_CHECKLOCKTIMEVERIFY/OP_CHECKSEQUENCEVERIFY, and those older nodes will still remain capable of synching with the rest of the network: a dedication to strict backward-compatibility necessary for a consensus system.
Softforks basically mean that a script that passes in the latest version must also be passing in all older versions. A script cannot be passing in newer versions but failing in older versions, because that would kick older nodes off the network (i.e. it would be a hardfork).
But OP_NOP is a very restricted way of adding opcodes. Opcodes that replace OP_NOP can only do one thing: check if some condition is true. They can't push new data on the stack, they can't pop items off the stack. For example, suppose instead of OP_CHECKLOCKTIMEVERIFY, we had added a OP_GETBLOCKHEIGHT opcode. This opcode would push the height of the blockchain on the stack. If this command replaced an older OP_NOP opcode, then a script like OP_GETBLOCKHEIGHT 650000 OP_EQUAL might pass in some future Bitcoin version, but older versions would see OP_NOP 650000 OP_EQUAL, which would fail because OP_EQUAL expects two items on the stack. So older versions will fail a SCRIPT that newer versions will pass, which is a hardfork and thus a backwards incompatibility.
OP_SUCCESS is different. Instead, old nodes, when parsing the SCRIPT, will see OP_SUCCESS, and, without executing the body, will consider the SCRIPT as passing. So, the OP_GETBLOCKHEIGHT 650000 OP_EQUAL example will now work: a future version of Bitcoin might pass it, and existing nodes that don't understand OP_GETBLOCKHEIGHT will se OP_SUCCESS 650000 OP_EQUAL, and will not execute the SCRIPT at all, instead passing it immediately. So a SCRIPT that might pass in newer versions will pass for older versions, which keeps the back-compatibility consensus that a softfork needs.
So how does OP_SUCCESS make things difficult for cross-input signatur aggregation? Well, one of the ways to ask for a signature to be verified is via the opcodes OP_CHECKSIGVERIFY. With cross-input signature aggregation, if a public key indicates it can be used for cross-input signature aggregation, instead of OP_CHECKSIGVERIFY actually requiring the signature on the stack, the stack will contain a dummy 0 value for the signature, and the public key is instead added to a "sum" public key (i.e. an n-of-n that is dynamically extended by one more pubkey for each OP_CHECKSIGVERIFY operation that executes) for the single signature that is verified later by the cross-input signature aggregation validation algorithm00.
The important part here is that the OP_CHECKSIGVERIFY has to execute, in order to add its public key to the set of public keys to be checked in the single signature.
But remember that an OP_SUCCESS prevents execution! As soon as the SCRIPT is parsed, if any opcode is OP_SUCCESS, that is considered as passing, without actually executing the SCRIPT, because the OP_SUCCESS could mean something completely different in newer versions and current versions should assume nothing about what it means. If the SCRIPT contains some OP_CHECKSIGVERIFY command in addition to an OP_SUCCESS, that command is not executed by current versions, and thus they cannot add any public keys given by OP_CHECKSIGVERIFY. Future versions also have to accept that: if they parsed an OP_SUCCESS command that has a new meaning in the future, and then execute an OP_CHECKSIGVERIFY in that SCRIPT, they cannot add the public key into the same "sum" public key that older nodes use, because older nodes cannot see them. This means that you might need more than one signature in the future, in the presence of an opcode that replaces some OP_SUCCESS.
Thus, because of the complexity of making cross-input signature aggregation work compatibly with future extensions to the protocol, cross-input signature aggregation was deferred.
submitted by almkglor to Bitcoin [link] [comments]

Technical: The Path to Taproot Activation

Taproot! Everybody wants to have it, somebody wants to make it, nobody knows how to get it!
(If you are asking why everybody wants it, see: Technical: Taproot: Why Activate?)
(Pedants: I mostly elide over lockin times)
Briefly, Taproot is that neat new thing that gets us:
So yes, let's activate taproot!

The SegWit Wars

The biggest problem with activating Taproot is PTSD from the previous softfork, SegWit. Pieter Wuille, one of the authors of the current Taproot proposal, has consistently held the position that he will not discuss activation, and will accept whatever activation process is imposed on Taproot. Other developers have expressed similar opinions.
So what happened with SegWit activation that was so traumatic? SegWit used the BIP9 activation method. Let's dive into BIP9!

BIP9 Miner-Activated Soft Fork

Basically, BIP9 has a bunch of parameters:
Now there are other parameters (name, starttime) but they are not anywhere near as important as the above two.
A number that is not a parameter, is 95%. Basically, activation of a BIP9 softfork is considered as actually succeeding if at least 95% of blocks in the last 2 weeks had the specified bit in the nVersion set. If less than 95% had this bit set before the timeout, then the upgrade fails and never goes into the network. This is not a parameter: it is a constant defined by BIP9, and developers using BIP9 activation cannot change this.
So, first some simple questions and their answers:

The Great Battles of the SegWit Wars

SegWit not only fixed transaction malleability, it also created a practical softforkable blocksize increase that also rebalanced weights so that the cost of spending a UTXO is about the same as the cost of creating UTXOs (and spending UTXOs is "better" since it limits the size of the UTXO set that every fullnode has to maintain).
So SegWit was written, the activation was decided to be BIP9, and then.... miner signalling stalled at below 75%.
Thus were the Great SegWit Wars started.

BIP9 Feature Hostage

If you are a miner with at least 5% global hashpower, you can hold a BIP9-activated softfork hostage.
You might even secretly want the softfork to actually push through. But you might want to extract concession from the users and the developers. Like removing the halvening. Or raising or even removing the block size caps (which helps larger miners more than smaller miners, making it easier to become a bigger fish that eats all the smaller fishes). Or whatever.
With BIP9, you can hold the softfork hostage. You just hold out and refuse to signal. You tell everyone you will signal, if and only if certain concessions are given to you.
This ability by miners to hold a feature hostage was enabled because of the miner-exit allowed by the timeout on BIP9. Prior to that, miners were considered little more than expendable security guards, paid for the risk they take to secure the network, but not special in the grand scheme of Bitcoin.

Covert ASICBoost

ASICBoost was a novel way of optimizing SHA256 mining, by taking advantage of the structure of the 80-byte header that is hashed in order to perform proof-of-work. The details of ASICBoost are out-of-scope here but you can read about it elsewhere
Here is a short summary of the two types of ASICBoost, relevant to the activation discussion.
Now, "overt" means "obvious", while "covert" means hidden. Overt ASICBoost is obvious because nVersion bits that are not currently in use for BIP9 activations are usually 0 by default, so setting those bits to 1 makes it obvious that you are doing something weird (namely, Overt ASICBoost). Covert ASICBoost is non-obvious because the order of transactions in a block are up to the miner anyway, so the miner rearranging the transactions in order to get lower power consumption is not going to be detected.
Unfortunately, while Overt ASICBoost was compatible with SegWit, Covert ASICBoost was not. This is because, pre-SegWit, only the block header Merkle tree committed to the transaction ordering. However, with SegWit, another Merkle tree exists, which commits to transaction ordering as well. Covert ASICBoost would require more computation to manipulate two Merkle trees, obviating the power benefits of Covert ASICBoost anyway.
Now, miners want to use ASICBoost (indeed, about 60->70% of current miners probably use the Overt ASICBoost nowadays; if you have a Bitcoin fullnode running you will see the logs with lots of "60 of last 100 blocks had unexpected versions" which is exactly what you would see with the nVersion manipulation that Overt ASICBoost does). But remember: ASICBoost was, at around the time, a novel improvement. Not all miners had ASICBoost hardware. Those who did, did not want it known that they had ASICBoost hardware, and wanted to do Covert ASICBoost!
But Covert ASICBoost is incompatible with SegWit, because SegWit actually has two Merkle trees of transaction data, and Covert ASICBoost works by fudging around with transaction ordering in a block, and recomputing two Merkle Trees is more expensive than recomputing just one (and loses the ASICBoost advantage).
Of course, those miners that wanted Covert ASICBoost did not want to openly admit that they had ASICBoost hardware, they wanted to keep their advantage secret because miners are strongly competitive in a very tight market. And doing ASICBoost Covertly was just the ticket, but they could not work post-SegWit.
Fortunately, due to the BIP9 activation process, they could hold SegWit hostage while covertly taking advantage of Covert ASICBoost!

UASF: BIP148 and BIP8

When the incompatibility between Covert ASICBoost and SegWit was realized, still, activation of SegWit stalled, and miners were still not openly claiming that ASICBoost was related to non-activation of SegWit.
Eventually, a new proposal was created: BIP148. With this rule, 3 months before the end of the SegWit timeout, nodes would reject blocks that did not signal SegWit. Thus, 3 months before SegWit timeout, BIP148 would force activation of SegWit.
This proposal was not accepted by Bitcoin Core, due to the shortening of the timeout (it effectively times out 3 months before the initial SegWit timeout). Instead, a fork of Bitcoin Core was created which added the patch to comply with BIP148. This was claimed as a User Activated Soft Fork, UASF, since users could freely download the alternate fork rather than sticking with the developers of Bitcoin Core.
Now, BIP148 effectively is just a BIP9 activation, except at its (earlier) timeout, the new rules would be activated anyway (instead of the BIP9-mandated behavior that the upgrade is cancelled at the end of the timeout).
BIP148 was actually inspired by the BIP8 proposal (the link here is a historical version; BIP8 has been updated recently, precisely in preparation for Taproot activation). BIP8 is basically BIP9, but at the end of timeout, the softfork is activated anyway rather than cancelled.
This removed the ability of miners to hold the softfork hostage. At best, they can delay the activation, but not stop it entirely by holding out as in BIP9.
Of course, this implies risk that not all miners have upgraded before activation, leading to possible losses for SPV users, as well as again re-pressuring miners to signal activation, possibly without the miners actually upgrading their software to properly impose the new softfork rules.

BIP91, SegWit2X, and The Aftermath

BIP148 inspired countermeasures, possibly from the Covert ASiCBoost miners, possibly from concerned users who wanted to offer concessions to miners. To this day, the common name for BIP148 - UASF - remains an emotionally-charged rallying cry for parts of the Bitcoin community.
One of these was SegWit2X. This was brokered in a deal between some Bitcoin personalities at a conference in New York, and thus part of the so-called "New York Agreement" or NYA, another emotionally-charged acronym.
The text of the NYA was basically:
  1. Set up a new activation threshold at 80% signalled at bit 4 (vs bit 1 for SegWit).
    • When this 80% signalling was reached, miners would require that bit 1 for SegWit be signalled to achive the 95% activation needed for SegWit.
  2. If the bit 4 signalling reached 80%, increase the block weight limit from the SegWit 4000000 to the SegWit2X 8000000, 6 months after bit 1 activation.
The first item above was coded in BIP91.
Unfortunately, if you read the BIP91, independently of NYA, you might come to the conclusion that BIP91 was only about lowering the threshold to 80%. In particular, BIP91 never mentions anything about the second point above, it never mentions that bit 4 80% threshold would also signal for a later hardfork increase in weight limit.
Because of this, even though there are claims that NYA (SegWit2X) reached 80% dominance, a close reading of BIP91 shows that the 80% dominance was only for SegWit activation, without necessarily a later 2x capacity hardfork (SegWit2X).
This ambiguity of bit 4 (NYA says it includes a 2x capacity hardfork, BIP91 says it does not) has continued to be a thorn in blocksize debates later. Economically speaking, Bitcoin futures between SegWit and SegWit2X showed strong economic dominance in favor of SegWit (SegWit2X futures were traded at a fraction in value of SegWit futures: I personally made a tidy but small amount of money betting against SegWit2X in the futures market), so suggesting that NYA achieved 80% dominance even in mining is laughable, but the NYA text that ties bit 4 to SegWit2X still exists.
Historically, BIP91 triggered which caused SegWit to activate before the BIP148 shorter timeout. BIP148 proponents continue to hold this day that it was the BIP148 shorter timeout and no-compromises-activate-on-August-1 that made miners flock to BIP91 as a face-saving tactic that actually removed the second clause of NYA. NYA supporters keep pointing to the bit 4 text in the NYA and the historical activation of BIP91 as a failed promise by Bitcoin developers.

Taproot Activation Proposals

There are two primary proposals I can see for Taproot activation:
  1. BIP8.
  2. Modern Softfork Activation.
We have discussed BIP8: roughly, it has bit and timeout, if 95% of miners signal bit it activates, at the end of timeout it activates. (EDIT: BIP8 has had recent updates: at the end of timeout it can now activate or fail. For the most part, in the below text "BIP8", means BIP8-and-activate-at-timeout, and "BIP9" means BIP8-and-fail-at-timeout)
So let's take a look at Modern Softfork Activation!

Modern Softfork Activation

This is a more complex activation method, composed of BIP9 and BIP8 as supcomponents.
  1. First have a 12-month BIP9 (fail at timeout).
  2. If the above fails to activate, have a 6-month discussion period during which users and developers and miners discuss whether to continue to step 3.
  3. Have a 24-month BIP8 (activate at timeout).
The total above is 42 months, if you are counting: 3.5 years worst-case activation.
The logic here is that if there are no problems, BIP9 will work just fine anyway. And if there are problems, the 6-month period should weed it out. Finally, miners cannot hold the feature hostage since the 24-month BIP8 period will exist anyway.

PSA: Being Resilient to Upgrades

Software is very birttle.
Anyone who has been using software for a long time has experienced something like this:
  1. You hear a new version of your favorite software has a nice new feature.
  2. Excited, you install the new version.
  3. You find that the new version has subtle incompatibilities with your current workflow.
  4. You are sad and downgrade to the older version.
  5. You find out that the new version has changed your files in incompatible ways that the old version cannot work with anymore.
  6. You tearfully reinstall the newer version and figure out how to get your lost productivity now that you have to adapt to a new workflow
If you are a technically-competent user, you might codify your workflow into a bunch of programs. And then you upgrade one of the external pieces of software you are using, and find that it has a subtle incompatibility with your current workflow which is based on a bunch of simple programs you wrote yourself. And if those simple programs are used as the basis of some important production system, you hve just screwed up because you upgraded software on an important production system.
And well, one of the issues with new softfork activation is that if not enough people (users and miners) upgrade to the newest Bitcoin software, the security of the new softfork rules are at risk.
Upgrading software of any kind is always a risk, and the more software you build on top of the software-being-upgraded, the greater you risk your tower of software collapsing while you change its foundations.
So if you have some complex Bitcoin-manipulating system with Bitcoin somewhere at the foundations, consider running two Bitcoin nodes:
  1. One is a "stable-version" Bitcoin node. Once it has synced, set it up to connect=x.x.x.x to the second node below (so that your ISP bandwidth is only spent on the second node). Use this node to run all your software: it's a stable version that you don't change for long periods of time. Enable txiindex, disable pruning, whatever your software needs.
  2. The other is an "always-up-to-date" Bitcoin Node. Keep its stoarge down with pruning (initially sync it off the "stable-version" node). You can't use blocksonly if your "stable-version" node needs to send transactions, but otherwise this "always-up-to-date" Bitcoin node can be kept as a low-resource node, so you can run both nodes in the same machine.
When a new Bitcoin version comes up, you just upgrade the "always-up-to-date" Bitcoin node. This protects you if a future softfork activates, you will only receive valid Bitcoin blocks and transactions. Since this node has nothing running on top of it, it is just a special peer of the "stable-version" node, any software incompatibilities with your system software do not exist.
Your "stable-version" Bitcoin node remains the same version until you are ready to actually upgrade this node and are prepared to rewrite most of the software you have running on top of it due to version compatibility problems.
When upgrading the "always-up-to-date", you can bring it down safely and then start it later. Your "stable-version" wil keep running, disconnected from the network, but otherwise still available for whatever queries. You do need some system to stop the "always-up-to-date" node if for any reason the "stable-version" goes down (otherwisee if the "always-up-to-date" advances its pruning window past what your "stable-version" has, the "stable-version" cannot sync afterwards), but if you are technically competent enough that you need to do this, you are technically competent enough to write such a trivial monitor program (EDIT: gmax notes you can adjust the pruning window by RPC commands to help with this as well).
This recommendation is from gmaxwell on IRC, by the way.
submitted by almkglor to Bitcoin [link] [comments]

Bitcoin Q&A: Multi-signature and distributed storage How to Generate a Multi Signature Bitcoin Address- P2SH Misthos: the easy to use multi-signature bitcoin wallet for distributed organizations How-To Create a Secure Multi-Signature Bitcoin Wallet with ... Bitcoin 101 - Multi-Signature Addresses pt1 - Coding This ...

Simple Schnorr Multi-Signatures with Applications to Bitcoin GregoryMaxwell,AndrewPoelstra 1,YannickSeurin2,andPieterWuille 1 Blockstream 2 ANSSI,Paris,France [email protected], {apoelstra, pwuille}, [email protected] Schnorr signatures (named after Claus Schnorr, whose mathematical work laid the foundations for this signature) solve all these problems as they allow to aggregate multiple signatures and their ... However, the Bitcoin network supports much more complicated transactions that require the signatures of multiple people before the funds can be transferred. These are often referred to as M-of-N transactions. The idea is that Bitcoins become “encumbered” by providing addresses of multiple parties, thus requiring cooperation of those parties in order to do anything with them. These parties ... A Bitcoin digital signature and its verification is one of the main key secrets behind the Bitcoin protocol. It allows non-repudiation as it means the person who sent the message had to be in possession of the private key and so therefore owns the Bitcoins – anyone on the network can verify the transaction as a result. But how does it work? However, the Bitcoin network supports much more complicated transactions that require the signatures of multiple people before the funds can be transferred. These are often referred to as M-of-N transactions.-BitcoinWiki. This multisig technology is what makes all cryptocurrencies ultra safe and secure.

[index] [42409] [35314] [13110] [44878] [28780] [30188] [18125] [23812] [42775] [46351]

Bitcoin Q&A: Multi-signature and distributed storage

How-To: - create a Multi-Signature (2/3) Bitcoin wallet in a Live-Linux environment - receive funds - send funds (with 2 cosigners) - distribute the seeds/pr... Part One - Generating a Multisignature Address Part Two - Spending From the Multisignature Address This part two of a two part series on muti-signature addre... Bitcoin Transaction Details - Part 1 - Duration: 15:47. ... Introduction to Schnorr Signatures with Elichai Turkel - Duration: 22:39. Chaincode Labs 974 views. 22:39. IBM Blockchain Car Lease Demo ... Today I check out how to use a multi signature wallet via the CoPay platform. Tip Address: 1CwYp77iDHy2XFoV1LLEeJA3t8ynF5ZzAd Bitpay Wallet Tutorial: https:/... How-To Create a Secure Multi-Signature Bitcoin Wallet with Electrum - Cold Storage - Duration: 30:26. the manifold 305 views. 30:26.