What we can learn from Litecoin falling out of Top10
So as LTC is dropping out of Top10 coins on cmc for the first time (currently sitting at 12) I think it is time to get some insights out of its demise. Many people in crypto community (especially here in btc) know that LTC is, while not being an outright shitcoin, basically a useless coin. The advantages it had over BTC were really small for most of its lifetime (except for BTC high fee times), and compared to most other alts it was inferior. It had no roadmap other than being a testing ground for BTC and backporting their changes. But what it had, was a clever marketing or "story to tell". Litecoin is silver to BTC's gold. With this simple marketing trick it managed to closely align it to Cryptos biggest Community (BTC) and also paved the way for the greatest dogma in crypto that developed over the years: that Bitcoin is not meant to be spend BTC rather hoarded like gold and if you need to make actual crypto payment you do it with Litecoin. This marketing ensured that LTC could stay in Top10 for almost a decade, whereas other coins out of the 2011-2013 copycat altcoin era, even some that provided actual advantage (think of Peercoin for example) have long been forgotton. So what can we learn from this? In crypto community there is a lot of joking about the market being irrational, shitcoins like IOTA which do not even work having the same price development as legit projects, useless projects pumping like mad because they spend all their ICO money on marketing, sentiments like "the market can stay longer irrational than you can solvent" and so and so on. In the case of LTC it is now possible to quantify how long the market can stay irrational in extreme cases: Almost a decade. Measured in crypto time frames almost an eternity, but not a lifespan. Also important to note is that Litecoin compared to BCH has (even before their current artificial increase) better onchain stats regarding transaction count, active adresses etc. Nevertheless the gap between the coins continues to widen. The market DOES price in tech, future outlook, roadmap and things alike. So in conclusion: 1. Marketing is extremely important and can outweigh actual tech and roadmap in the short and mid-term (up to 8 years in extreme cases), but not in the long term. 2. Community sentiment can have tremendous impact, just because LTC aligned closely with BTC community they managed to survive much longer than similiar projects from the era. 3. Over time the market does take into account future perspective and outlook. BCH should take steps accordingly, continue to invest in solid and novel tech, but also increase its reputation in the wider crypto community (pro tip: not constantly shitting on other projects help). In a few years we can earn the fruit of it. Another thing that came to my mind is that crypto market actually works the direct opposite of current stock market. In crypto, everything changes super fast but the actual market elements to work (valuing fundamental value, expectation trading) takes ages. In stock market (if you look at Tesla for example) things go way slower but basic market functions are comparably quicker (as seen in Tesla having better stock than other car manufacturers, despite being arguably profitable and delivering much less cars, but what matters is actual tech and future expectations). What do you think of the analysis?
I have written this guide to dispel a common misconception I hear from this community - that putting more than one Graphics Card in your Bitcoin Farm is a great idea. TLDR: The FIRST graphics card you put in your bitcoin farm generates a bitcoin every 20 hours. Every additional graphics card you put in your bitcoin farm generates a bitcoin every 333.33 hours. This information is misstated on the wiki and in many videos I've seen. More Complicated Maths TLDR from u/Mekhazzio : TLDR: The bitcoin farm has a base production rate that's much higher than the rate added by each additional graphics cards. So when investing, you shouldn't be looking at how fast the whole farm pays itself off, but how much time it takes your N>1 graphics cards to each pay for themselves, because otherwise you could have just been pocketing the pure profit from the base production rate the whole time. At current therapist/flea-FiR values:
Baseline Rubles/Hr 7732.45
per-GPU Rubles/Hr 473.42
GPU days to payoff 22
That is to say, adding a GPU to an already-running farm takes three weeks before you've stopped losing money on that GPU. A pretty simple formula is utilized to determine Bitcoin Farming output. The payback period for your first graphics card is around 3 days. For each additional graphics card that you put in the payback period is over 20 days. The reason that this has confused so many people is that they credit the production from Graphics Card 1 to the payback period for the rest of the Graphics Cards. Caveat 1: Escape from Tarkov is a video game and, at least for us players, not a business. Many video game players are completionists, and I will not begrudge anyone who wants to max out every single part of their hideout because it will feel like an achievement. This guide discusses the impact of bitcoin farming on your PMC's wallet. If you find utility in maxing out the bitcoin farm for the feeling of completion then you should do it and probably just close this guide and not worry about it. Caveat 2: This guide will not address people who hatchet run or pistol run to put graphics cards in their secure container that will usually end up being non-FIR. There are too many variables (spawn rate, survival rate, replacement value of just doing normal Tarkov raids instead of hatchet runs) to do a decent analysis. If you end up with non-FIR graphics cards you should put them in your Bitcoin Farm. Analysis: The formula for bitcoin generation is as follows:
Let's simplify some unnecessary constants and make this look more like a normal mathematical function. All we have to do is multiply (1/49) * (0.15) to get this, which is equivalent and much easier to understand:
Building the empty bitcoin generator: ~300k roubles
Graphics Card Cost: ~250k roubles
Bitcoin sale price to Therapist: ~150k roubles
Caveat 3: Prices may change, blah blah blah, unless the IRL bitcoin market crashes the conclusions from this guide will still be accurate for the most part. I will also note that I'm not going to include the cost for fuel needed for production. Because you can craft expeditionary fuel into mag boxes, as well as do other crafts on your workbench and med station while you have the power on, this cost is negligible. Furthermore, since my thesis is that putting more graphics cards in is not worth it, the fact is that I can prove this mathematically without even accounting for the entire cost category of fuel only strengthens my argument. Using these assumed prices, let's take a look at some different cases. Case 1: Building a Bitcoin Generator and putting a single graphics card in. To calculate cost, we add the cost of building the empty generator (300k) to the single graphics card (250k) to get 550k rouble investment. Lets calculate revenue using our formula before:BTC Generated per Hour = 0.05 + 0.003 * (Graphics Cards - 1)BTC Generated per Hour = 0.05 + 0.003 * (1 Graphics Cards - 1)BTC Generated per Hour = 0.05 + 0.003 * (0)BTC Generated per Hour = 0.05 So we're generating 5% of a bitcoin every hour which means we'll get a bitcoin from our farm every 20 hours. So, every 20 hours we are generating a product worth ~150k. Since we invested ~550k we need to sell: 550k investment / 150k roubles per bitcoin = 3.66 physical bitcoins in order to recoup our investment Since we can't harvest bitcoins until they are full, we actually need to wait until we get 4 bitcoins at which point we'll be making a slight profit. Generating 4 bitcoins will take 4 bitcoins * 20 hours per bitcoin = 80 hours or a little more than 3 days. Case 2: Adding a second graphics card to our bitcoin farm. Now, as discussed above I'm not worried about non-FIR graphics cards that you hatchet ran to find. If you have an FIR graphics card then you can sell it on the flea market for the 250k price that I'm using as an assumption above. This concept is called opportunity cost and if you don't understand it I will troll you in the comments: Putting an FIR graphics card into your bitcoin farm is the same as purchasing one off of the flea market and putting it in your bitcoin farm because you had the opportunity to just sell your FIR graphics card for the same price that you can buy it. With that out of the way, let's do some math on our 2 graphics card bitcoin farm: BTC Generated per Hour = 0.05 + 0.003 * (Graphics Cards - 1)BTC Generated per Hour = 0.05 + 0.003 * (2 Graphics Cards - 1)BTC Generated per Hour = 0.05 + 0.003 * 1BTC Generated per Hour = 0.053 So, for the cost of 250k roubles we have increased our bitcoin per hour generation by 0.003. The first graphics card that we added to our bitcoin farm generates us one bitcoin every 20 hours, as discussed above. The second graphics card that we added to our bitcoin farm generates 0.003 bitcoins per hour. To calculate how many hours this takes to get 1 bitcoin we do the math of 1 / 0.003 = 333.33 hours. 333.33 hours / 24 hours per day is 13.88 or roughly 14 days. In order to recoup our investment from the 250k roubles we used to get our second graphics card we divide 250k roubles invested by 150k roubles per bitcoin = 1.66 bitcoins. We generate one bitcoin every 14 days, so we can multiply 14 days * 1.66 bitcoins = 23 days. This math will hold true for every additional graphics card because the function is linear. Thus, the payback period for your 250k investment in adding a graphics card past the first one to your bitcoin farm is 23 days. To reiterate: The FIRST graphics card you put in your bitcoin farm generates a bitcoin every 20 hours. Every additional graphics card you put in your bitcoin farm generates a bitcoin every 333.33 hours.
A common sentiment is brewing online; a shared desire for the internet that might have been. After decades of corporate encroachment, you don't need to be a power user to realize that something has gone very wrong. In the early days of the internet, the future was bright. In that future, when you sent an instant message, it traveled directly to the recipient. When you needed to pay a friend, you announced a transfer of value to their public key. When an app was missing a feature you wanted, you opened up the source code and implemented it. When you took a picture on your phone, it was immediately encrypted and backed up to storage that you controlled. In that future, people would laugh at the idea of having to authenticate themselves to some corporation before doing these things. What did we get instead? Rather than a network of human-sized communities, we have a handful of enormous commons, each controlled by a faceless corporate entity. Hey user, want to send a message? You can, but we'll store a copy of it indefinitely, unencrypted, for our preference-learning algorithms to pore over; how else could we slap targeted ads on every piece of content you see? Want to pay a friend? You can—in our Monopoly money. Want a new feature? Submit a request to our Support Center and we'll totally maybe think about it. Want to backup a photo? You can—inside our walled garden, which only we (and the NSA, of course) can access. Just be careful what you share, because merely locking you out of your account and deleting all your data is far from the worst thing we could do. You rationalize this: "MEGACORP would never do such a thing; it would be bad for business." But we all know, at some level, that this state of affairs, this inversion of power, is not merely "unfortunate" or "suboptimal" – No. It is degrading. Even if MEGACORP were purely benevolent, it is degrading that we must ask its permission to talk to our friends; that we must rely on it to safeguard our treasured memories; that our digital lives are completely beholden to those who seek only to extract value from us. At the root of this issue is the centralization of data. MEGACORP can surveil you—because your emails and video chats flow through their servers. And MEGACORP can control you—because they hold your data hostage. But centralization is a solution to a technical problem: How can we make the user's data accessible from anywhere in the world, on any device? For a long time, no alternative solution to this problem was forthcoming. Today, thanks to a confluence of established techniques and recent innovations, we have solved the accessibility problem without resorting to centralization. Hashing, encryption, and erasure encoding got us most of the way, but one barrier remained: incentives. How do you incentivize an anonymous stranger to store your data? Earlier protocols like BitTorrent worked around this limitation by relying on altruism, tit-for-tat requirements, or "points" – in other words, nothing you could pay your electric bill with. Finally, in 2009, a solution appeared: Bitcoin. Not long after, Sia was born. Cryptography has unleashed the latent power of the internet by enabling interactions between mutually-distrustful parties. Sia harnesses this power to turn the cloud storage market into a proper marketplace, where buyers and sellers can transact directly, with no intermediaries, anywhere in the world. No more silos or walled gardens: your data is encrypted, so it can't be spied on, and it's stored on many servers, so no single entity can hold it hostage. Thanks to projects like Sia, the internet is being re-decentralized. Sia began its life as a startup, which means it has always been subjected to two competing forces: the ideals of its founders, and the profit motive inherent to all businesses. Its founders have taken great pains to never compromise on the former, but this often threatened the company's financial viability. With the establishment of the Sia Foundation, this tension is resolved. The Foundation, freed of the obligation to generate profit, is a pure embodiment of the ideals from which Sia originally sprung. The goals and responsibilities of the Foundation are numerous: to maintain core Sia protocols and consensus code; to support developers building on top of Sia and its protocols; to promote Sia and facilitate partnerships in other spheres and communities; to ensure that users can easily acquire and safely store siacoins; to develop network scalability solutions; to implement hardforks and lead the community through them; and much more. In a broader sense, its mission is to commoditize data storage, making it cheap, ubiquitous, and accessible to all, without compromising privacy or performance. Sia is a perfect example of how we can achieve better living through cryptography. We now begin a new chapter in Sia's history. May our stewardship lead it into a bright future.
Today, we are proposing the creation of the Sia Foundation: a new non-profit entity that builds and supports distributed cloud storage infrastructure, with a specific focus on the Sia storage platform. What follows is an informal overview of the Sia Foundation, covering two major topics: how the Foundation will be funded, and what its funds will be used for.
The Sia Foundation will be structured as a non-profit entity incorporated in the United States, likely a 501(c)(3) organization or similar. The actions of the Foundation will be constrained by its charter, which formalizes the specific obligations and overall mission outlined in this document. The charter will be updated on an annual basis to reflect the current goals of the Sia community. The organization will be operated by a board of directors, initially comprising Luke Champine as President and Eddie Wang as Chairman. Luke Champine will be leaving his position at Nebulous to work at the Foundation full-time, and will seek to divest his shares of Nebulous stock along with other potential conflicts of interest. Neither Luke nor Eddie personally own any siafunds or significant quantities of siacoin.
The primary source of funding for the Foundation will come from a new block subsidy. Following a hardfork, 30 KS per block will be allocated to the "Foundation Fund," continuing in perpetuity. The existing 30 KS per block miner reward is not affected. Additionally, one year's worth of block subsidies (approximately 1.57 GS) will be allocated to the Fund immediately upon activation of the hardfork. As detailed below, the Foundation will provably burn any coins that it cannot meaningfully spend. As such, the 30 KS subsidy should be viewed as a maximum. This allows the Foundation to grow alongside Sia without requiring additional hardforks. The Foundation will not be funded to any degree by the possession or sale of siafunds. Siafunds were originally introduced as a means of incentivizing growth, and we still believe in their effectiveness: a siafund holder wants to increase the amount of storage on Sia as much as possible. While the Foundation obviously wants Sia to succeed, its driving force should be its charter. Deriving significant revenue from siafunds would jeopardize the Foundation's impartiality and focus. Ultimately, we want the Foundation to act in the best interests of Sia, not in growing its own budget.
The Foundation inherits a great number of responsibilities from Nebulous. Each quarter, the Foundation will publish the progress it has made over the past quarter, and list the responsibilities it intends to prioritize over the coming quarter. This will be accompanied by a financial report, detailing each area of expenditure over the past quarter, and forecasting expenditures for the coming quarter. Below, we summarize some of the myriad responsibilities towards which the Foundation is expected to allocate its resources.
Maintain and enhance core Sia software
Arguably, this is the most important responsibility of the Foundation. At the heart of Sia is its consensus algorithm: regardless of other differences, all Sia software must agree upon the content and rules of the blockchain. It is therefore crucial that the algorithm be stewarded by an entity that is accountable to the community, transparent in its decision-making, and has no profit motive or other conflicts of interest. Accordingly, Sia’s consensus functionality will no longer be directly maintained by Nebulous. Instead, the Foundation will release and maintain an implementation of a "minimal Sia full node," comprising the Sia consensus algorithm and P2P networking code. The source code will be available in a public repository, and signed binaries will be published for each release. Other parties may use this code to provide alternative full node software. For example, Nebulous may extend the minimal full node with wallet, renter, and host functionality. The source code of any such implementation may be submitted to the Foundation for review. If the code passes review, the Foundation will provide "endorsement signatures" for the commit hash used and for binaries compiled internally by the Foundation. Specifically, these signatures assert that the Foundation believes the software contains no consensus-breaking changes or other modifications to imported Foundation code. Endorsement signatures and Foundation-compiled binaries may be displayed and distributed by the receiving party, along with an appropriate disclaimer. A minimal full node is not terribly useful on its own; the wallet, renter, host, and other extensions are what make Sia a proper developer platform. Currently, the only implementations of these extensions are maintained by Nebulous. The Foundation will contract Nebulous to ensure that these extensions continue to receive updates and enhancements. Later on, the Foundation intends to develop its own implementations of these extensions and others. As with the minimal node software, these extensions will be open source and available in public repositories for use by any Sia node software. With the consensus code now managed by the Foundation, the task of implementing and orchestrating hardforks becomes its responsibility as well. When the Foundation determines that a hardfork is necessary (whether through internal discussion or via community petition), a formal proposal will be drafted and submitted for public review, during which arguments for and against the proposal may be submitted to a public repository. During this time, the hardfork code will be implemented, either by Foundation employees or by external contributors working closely with the Foundation. Once the implementation is finished, final arguments will be heard. The Foundation board will then vote whether to accept or reject the proposal, and announce their decision along with appropriate justification. Assuming the proposal was accepted, the Foundation will announce the block height at which the hardfork will activate, and will subsequently release source code and signed binaries that incorporate the hardfork code. Regardless of the Foundation's decision, it is the community that ultimately determines whether a fork is accepted or rejected – nothing can change that. Foundation node software will never automatically update, so all forks must be explicitly adopted by users. Furthermore, the Foundation will provide replay and wipeout protection for its hard forks, protecting other chains from unintended or malicious reorgs. Similarly, the Foundation will ensure that any file contracts formed prior to a fork activation will continue to be honored on both chains until they expire. Finally, the Foundation also intends to pursue scalability solutions for the Sia blockchain. In particular, work has already begun on an implementation of Utreexo, which will greatly reduce the space requirements of fully-validating nodes (allowing a full node to be run on a smartphone) while increasing throughput and decreasing initial sync time. A hardfork implementing Utreexo will be submitted to the community as per the process detailed above. As this is the most important responsibility of the Foundation, it will receive a significant portion of the Foundation’s budget, primarily in the form of developer salaries and contracting agreements.
Support community services
We intend to allocate 25% of the Foundation Fund towards the community. This allocation will be held and disbursed in the form of siacoins, and will pay for grants, bounties, hackathons, and other community-driven endeavours. Any community-run service, such as a Skynet portal, explorer or web wallet, may apply to have its costs covered by the Foundation. Upon approval, the Foundation will reimburse expenses incurred by the service, subject to the exact terms agreed to. The intent of these grants is not to provide a source of income, but rather to make such services "break even" for their operators, so that members of the community can enrich the Sia ecosystem without worrying about the impact on their own finances.
Ensure easy acquisition and storage of siacoins
Most users will acquire their siacoins via an exchange. The Foundation will provide support to Sia-compatible exchanges, and pursue relevant integrations at its discretion, such as Coinbase's new Rosetta standard. The Foundation may also release DEX software that enables trading cryptocurrencies without the need for a third party. (The Foundation itself will never operate as a money transmitter.) Increasingly, users are storing their cryptocurrency on hardware wallets. The Foundation will maintain the existing Ledger Nano S integration, and pursue further integrations at its discretion. Of course, all hardware wallets must be paired with software running on a computer or smartphone, so the Foundation will also develop and/or maintain client-side wallet software, including both full-node wallets and "lite" wallets. Community-operated wallet services, i.e. web wallets, may be funded via grants. Like core software maintenance, this responsibility will be funded in the form of developer salaries and contracting agreements.
Protect the ecosystem
When it comes to cryptocurrency security, patching software vulnerabilities is table stakes; there are significant legal and social threats that we must be mindful of as well. As such, the Foundation will earmark a portion of its fund to defend the community from legal action. The Foundation will also safeguard the network from 51% attacks and other threats to network security by implementing softforks and/or hardforks where necessary. The Foundation also intends to assist in the development of a new FOSS software license, and to solicit legal memos on various Sia-related matters, such as hosting in the United States and the EU. In a broader sense, the establishment of the Foundation makes the ecosystem more robust by transferring core development to a more neutral entity. Thanks to its funding structure, the Foundation will be immune to various forms of pressure that for-profit companies are susceptible to.
Drive adoption of Sia
Although the overriding goal of the Foundation is to make Sia the best platform it can be, all that work will be in vain if no one uses the platform. There are a number of ways the Foundation can promote Sia and get it into the hands of potential users and developers. In-person conferences are understandably far less popular now, but the Foundation can sponsor and/or participate in virtual conferences. (In-person conferences may be held in the future, permitting circumstances.) Similarly, the Foundation will provide prizes for hackathons, which may be organized by community members, Nebulous, or the Foundation itself. Lastly, partnerships with other companies in the cryptocurrency space—or the cloud storage space—are a great way to increase awareness of Sia. To handle these responsibilities, one of the early priorities of the Foundation will be to hire a marketing director.
The Foundation Fund will be controlled by a multisig address. Each member of the Foundation's board will control one of the signing keys, with the signature threshold to be determined once the final composition of the board is known. (This threshold may also be increased or decreased if the number of board members changes.) Additionally, one timelocked signing key will be controlled by David Vorick. This key will act as a “dead man’s switch,” to be used in the event of an emergency that prevents Foundation board members from reaching the signature threshold. The timelock ensures that this key cannot be used unless the Foundation fails to sign a transaction for several months. On the 1st of each month, the Foundation will use its keys to transfer all siacoins in the Fund to two new addresses. The first address will be controlled by a high-security hot wallet, and will receive approximately one month's worth of Foundation expenditures. The second address, receiving the remaining siacoins, will be a modified version of the source address: specifically, it will increase the timelock on David Vorick's signing key by one month. Any other changes to the set of signing keys, such as the arrival or departure of board members, will be incorporated into this address as well. The Foundation Fund is allocated in SC, but many of the Foundation's expenditures must be paid in USD or other fiat currency. Accordingly, the Foundation will convert, at its discretion, a portion of its monthly withdrawals to fiat currency. We expect this conversion to be primarily facilitated by private "OTC" sales to accredited investors. The Foundation currently has no plans to speculate in cryptocurrency or other assets. Finally, it is important that the Foundation adds value to the Sia platform well in excess of the inflation introduced by the block subsidy. For this reason, the Foundation intends to provably burn, on a quarterly basis, any coins that it cannot allocate towards any justifiable expense. In other words, coins will be burned whenever doing so provides greater value to the platform than any other use. Furthermore, the Foundation will cap its SC treasury at 5% of the total supply, and will cap its USD treasury at 4 years’ worth of predicted expenses. Addendum: Hardfork Timeline We would like to see this proposal finalized and accepted by the community no later than September 30th. A new version of siad, implementing the hardfork, will be released no later than October 15th. The hardfork will activate at block 293220, which is expected to occur around 12pm EST on January 1st, 2021.
Addendum: Inflation specifics The total supply of siacoins as of January 1st, 2021 will be approximately 45.243 GS. The initial subsidy of 1.57 GS thus increases the supply by 3.47%, and the total annual inflation in 2021 will be at most 10.4% (if zero coins are burned). In 2022, total annual inflation will be at most 6.28%, and will steadily decrease in subsequent years.
We see the establishment of the Foundation as an important step in the maturation of the Sia project. It provides the ecosystem with a sustainable source of funding that can be exclusively directed towards achieving Sia's ambitious goals. Compared to other projects with far deeper pockets, Sia has always punched above its weight; once we're on equal footing, there's no telling what we'll be able to achieve. Nevertheless, we do not propose this change lightly, and have taken pains to ensure that the Foundation will act in accordance with the ideals that this community shares. It will operate transparently, keep inflation to a minimum, and respect the user's fundamental role in decentralized systems. We hope that everyone in the community will consider this proposal carefully, and look forward to a productive discussion.
https://github.com/gridcoin-community/Gridcoin-Research/releases/tag/220.127.116.11 Finally! After over ten months of development and testing, "Fern" has arrived! This is a whopper. 240 pull requests merged. Essentially a complete rewrite that was started with the scraper (the "neural net" rewrite) in "Denise" has now been completed. Practically the ENTIRE Gridcoin specific codebase resting on top of the vanilla Bitcoin/Peercoin/Blackcoin vanilla PoS code has been rewritten. This removes the team requirement at last (see below), although there are many other important improvements besides that. Fern was a monumental undertaking. We had to encode all of the old rules active for the v10 block protocol in new code and ensure that the new code was 100% compatible. This had to be done in such a way as to clear out all of the old spaghetti and ring-fence it with tightly controlled class implementations. We then wrote an entirely new, simplified ruleset for research rewards and reengineered contracts (which includes beacon management, polls, and voting) using properly classed code. The fundamentals of Gridcoin with this release are now on a very sound and maintainable footing, and the developers believe the codebase as updated here will serve as the fundamental basis for Gridcoin's future roadmap. We have been testing this for MONTHS on testnet in various stages. The v10 (legacy) compatibility code has been running on testnet continuously as it was developed to ensure compatibility with existing nodes. During the last few months, we have done two private testnet forks and then the full public testnet testing for v11 code (the new protocol which is what Fern implements). The developers have also been running non-staking "sentinel" nodes on mainnet with this code to verify that the consensus rules are problem-free for the legacy compatibility code on the broader mainnet. We believe this amount of testing is going to result in a smooth rollout. Given the amount of changes in Fern, I am presenting TWO changelogs below. One is high level, which summarizes the most significant changes in the protocol. The second changelog is the detailed one in the usual format, and gives you an inkling of the size of this release.
Note that the protocol changes will not become active until we cross the hard-fork transition height to v11, which has been set at 2053000. Given current average block spacing, this should happen around October 4, about one month from now. Note that to get all of the beacons in the network on the new protocol, we are requiring ALL beacons to be validated. A two week (14 day) grace period is provided by the code, starting at the time of the transition height, for people currently holding a beacon to validate the beacon and prevent it from expiring. That means that EVERY CRUNCHER must advertise and validate their beacon AFTER the v11 transition (around Oct 4th) and BEFORE October 18th (or more precisely, 14 days from the actual date of the v11 transition). If you do not advertise and validate your beacon by this time, your beacon will expire and you will stop earning research rewards until you advertise and validate a new beacon. This process has been made much easier by a brand new beacon "wizard" that helps manage beacon advertisements and renewals. Once a beacon has been validated and is a v11 protocol beacon, the normal 180 day expiration rules apply. Note, however, that the 180 day expiration on research rewards has been removed with the Fern update. This means that while your beacon might expire after 180 days, your earned research rewards will be retained and can be claimed by advertising a beacon with the same CPID and going through the validation process again. In other words, you do not lose any earned research rewards if you do not stake a block within 180 days and keep your beacon up-to-date. The transition height is also when the team requirement will be relaxed for the network.
Besides the beacon wizard, there are a number of improvements to the GUI, including new UI transaction types (and icons) for staking the superblock, sidestake sends, beacon advertisement, voting, poll creation, and transactions with a message. The main screen has been revamped with a better summary section, and better status icons. Several changes under the hood have improved GUI performance. And finally, the diagnostics have been revamped.
The wallet sync speed has been DRASTICALLY improved. A decent machine with a good network connection should be able to sync the entire mainnet blockchain in less than 4 hours. A fast machine with a really fast network connection and a good SSD can do it in about 2.5 hours. One of our goals was to reduce or eliminate the reliance on snapshots for mainnet, and I think we have accomplished that goal with the new sync speed. We have also streamlined the in-memory structures for the blockchain which shaves some memory use. There are so many goodies here it is hard to summarize them all. I would like to thank all of the contributors to this release, but especially thank @cyrossignol, whose incredible contributions formed the backbone of this release. I would also like to pay special thanks to @barton2526, @caraka, and @Quezacoatl1, who tirelessly helped during the testing and polishing phase on testnet with testing and repeated builds for all architectures. The developers are proud to present this release to the community and we believe this represents the starting point for a true renaissance for Gridcoin!
Most significantly, nodes calculate research rewards directly from the magnitudes in EACH superblock between stakes instead of using a two- or three- point average based on a CPID's current magnitude and the magnitude for the CPID when it last staked. For those long-timers in the community, this has been referred to as "Superblock Windows," and was first done in proof-of-concept form by @denravonska.
Network magnitude unit pinned to a static value of 0.25
Max research reward allowed per block raised to 16384 GRC (from 12750 GRC)
New CPIDs begin accruing research rewards from the first superblock that contains the CPID instead of from the time of the beacon advertisement
500 GRC research reward limit for a CPID's first stake
6-month expiration for unclaimed rewards
10-block spacing requirement between research reward claims
Rolling 5-day payment-per-day limit
Legacy tolerances for floating-point error and time drift
The need to include a valid copy of a CPID's magnitude in a claim
10-block emission adjustment interval for the magnitude unit
One-time beacon activation requires that participants temporarily change their usernames to a verification code at one whitelisted BOINC project
Verification codes of pending beacons expire after 3 days
Self-service beacon removal
Burn fee for beacon advertisement increased from 0.00001 GRC to 0.5 GRC
Rain addresses derived from beacon keys instead of a default wallet address
Beacon expiration determined as of the current block instead of the previous block
The ability for developers to remove beacons
The ability to sign research reward claims with non-current but unexpired beacons
As a reminder:
Beacons expire after 6 months pass (180 days)
Beacons can be renewed after 5 months pass (150 days)
Renewed beacons must be signed with the same key as the original beacon
Magnitudes less than 1 include two fractional places
Magnitudes greater than or equal to 1 but less than 10 include one fractional place
A valid superblock must match a scraper convergence
Superblock popularity election mechanics
Yes/no/abstain and single-choice response types (no user-facing support yet)
To create a poll, a maximum of 250 UTXOs for a single address must add up to 100000 GRC. These are selected from the largest downwards.
Burn fee for creating polls scaled by the number of UTXOs claimed
50 GRC for a poll contract
0.001 GRC per claimed UTXO
Burn fee for casting votes scaled by the number of UTXOs claimed
0.01 GRC for a vote contract
0.01 GRC to claim magnitude
0.01 GRC per claimed address
0.001 GRC per claimed UTXO
Maximum length of a poll title: 80 characters
Maximum length of a poll question: 100 characters
Maximum length of a poll discussion website URL: 100 characters
Maximum number of poll choices: 20
Maximum length of a poll choice label: 100 characters
Magnitude, CPID count, and participant count poll weight types
The ability for developers to remove polls and votes
[18.104.22.168] 2020-09-03, mandatory, "Fern"
Backport newer uint256 types from Bitcoin #1570 (@cyrossignol)
Implement project level rain for rainbymagnitude #1580 (@jamescowens)
Upgrade utilities (Update checker and snapshot downloadeapplication) #1576 (@iFoggz)
Provide fees collected in the block by the miner #1601 (@iFoggz)
Add support for generating legacy superblocks from scraper stats #1603 (@cyrossignol)
Port of the Bitcoin Logger to Gridcoin #1600 (@jamescowens)
Implement zapwallettxes #1605 (@jamescowens)
Implements a global event filter to suppress help question mark #1609 (@jamescowens)
Add next target difficulty to RPC output #1615 (@cyrossignol)
Add caching for block hashes to CBlock #1624 (@cyrossignol)
Make toolbars and tray icon red for testnet #1637 (@jamescowens)
Add an rpc call convergencereport #1643 (@jamescowens)
Implement newline filter on config file read in #1645 (@jamescowens)
Implement beacon status icon/button #1646 (@jamescowens)
Add gridcointestnet.png #1649 (@caraka)
Add precision to support magnitudes less than 1 #1651 (@cyrossignol)
Replace research accrual calculations with superblock snapshots #1657 (@cyrossignol)
Publish example gridcoinresearch.conf as a md document to the doc directory #1662 (@jamescowens)
Add options checkbox to disable transaction notifications #1666 (@jamescowens)
Add support for self-service beacon deletion #1695 (@cyrossignol)
Add support for type-specific contract fee amounts #1698 (@cyrossignol)
Add verifiedbeaconreport and pendingbeaconreport #1696 (@jamescowens)
Add preliminary testing option for block v11 height on testnet #1706 (@cyrossignol)
Add verified beacons manifest part to superblock validator #1711 (@cyrossignol)
Implement beacon, vote, and superblock display categories/icons in UI transaction model #1717 (@jamescowens)
You've probably been hearing a lot about Bitcoin recently and are wondering what's the big deal? Most of your questions should be answered by the resources below but if you have additional questions feel free to ask them in the comments. It all started with the release of the release of Satoshi Nakamoto's whitepaper however that will probably go over the head of most readers so we recommend the following videos for a good starting point for understanding how bitcoin works and a little about its long term potential:
Limited Supply - There will only ever be 21,000,000 bitcoins created and they are issued in a predictable fashion, you can view the inflation schedule here. Once they are all issued Bitcoin will be truly deflationary. The halving countdown can be found here.
Open source - Bitcoin code is fully auditable. You can read the source code yourself here.
Accountable - The public ledger is transparent, all transactions are seen by everyone.
Decentralized - Bitcoin is globally distributed across thousands of nodes with no single point of failure and as such can't be shut down similar to how Bittorrent works. You can even run a node on a Raspberry Pi.
Censorship resistant - No one can prevent you from interacting with the bitcoin network and no one can censor, alter or block transactions that they disagree with, see Operation Chokepoint.
Push system - There are no chargebacks in bitcoin because only the person who owns the address where the bitcoins reside has the authority to move them.
Low fee scaling - On chain transaction fees depend on network demand and how much priority you wish to assign to the transaction. Most wallets calculate on chain fees automatically but you can view current fees here and mempool activity here. On chain fees may rise occasionally due to network demand, however instant micropayments that do not require confirmations are happening via the Lightning Network, a second layer scaling solution currently rolling out on the Bitcoin mainnet.
Borderless - No country can stop it from going in/out, even in areas currently unserved by traditional banking as the ledger is globally distributed.
Portable - Bitcoins are digital so they are easier to move than cash or gold. They can even be transported by simply memorizing a string of words for wallet recovery (while cool this method is generally not recommended due to potential for insecure key generation by inexperienced users. Hardware wallets are the preferred method for new users due to ease of use and additional security).
Bitcoin.org and BuyBitcoinWorldwide.com are helpful sites for beginners. You can buy or sell any amount of bitcoin (even just a few dollars worth) and there are several easy methods to purchase bitcoin with cash, credit card or bank transfer. Some of the more popular resources are below, also check out the bitcoinity exchange resources for a larger list of options for purchases.
Here is a listing of local ATMs. If you would like your paycheck automatically converted to bitcoin use Bitwage. Note: Bitcoins are valued at whatever market price people are willing to pay for them in balancing act of supply vs demand. Unlike traditional markets, bitcoin markets operate 24 hours per day, 365 days per year. Preev is a useful site that that shows how much various denominations of bitcoin are worth in different currencies. Alternatively you can just Google "1 bitcoin in (your local currency)".
Securing your bitcoins
With bitcoin you can "Be your own bank" and personally secure your bitcoins OR you can use third party companies aka "Bitcoin banks" which will hold the bitcoins for you.
If you prefer to "Be your own bank" and have direct control over your coins without having to use a trusted third party, then you will need to create your own wallet and keep it secure. If you want easy and secure storage without having to learn computer security best practices, then a hardware wallet such as the Trezor, Ledger or ColdCard is recommended. Alternatively there are many software wallet options to choose from here depending on your use case.
If you prefer to let third party "Bitcoin banks" manage your coins, try Gemini but be aware you may not be in control of your private keys in which case you would have to ask permission to access your funds and be exposed to third party risk.
Note: For increased security, use Two Factor Authentication (2FA) everywhere it is offered, including email! 2FA requires a second confirmation code to access your account making it much harder for thieves to gain access. Google Authenticator and Authy are the two most popular 2FA services, download links are below. Make sure you create backups of your 2FA codes.
As mentioned above, Bitcoin is decentralized, which by definition means there is no official website or Twitter handle or spokesperson or CEO. However, all money attracts thieves. This combination unfortunately results in scammers running official sounding names or pretending to be an authority on YouTube or social media. Many scammers throughout the years have claimed to be the inventor of Bitcoin. Websites like bitcoin(dot)com and the btc subreddit are active scams. Almost all altcoins (shitcoins) are marketed heavily with big promises but are really just designed to separate you from your bitcoin. So be careful: any resource, including all linked in this document, may in the future turn evil. Don't trust, verify. Also as they say in our community "Not your keys, not your coins".
Where can I spend bitcoins?
Check out spendabit or bitcoin directory for millions of merchant options. Also you can spend bitcoin anywhere visa is accepted with bitcoin debit cards such as the CashApp card. Some other useful site are listed below.
Mining bitcoins can be a fun learning experience, but be aware that you will most likely operate at a loss. Newcomers are often advised to stay away from mining unless they are only interested in it as a hobby similar to folding at home. If you want to learn more about mining you can read more here. Still have mining questions? The crew at /BitcoinMining would be happy to help you out. If you want to contribute to the bitcoin network by hosting the blockchain and propagating transactions you can run a full node using this setup guide. If you would prefer to keep it simple there are several good options. You can view the global node distribution here.
Just like any other form of money, you can also earn bitcoins by being paid to do a job.
You can also earn bitcoins by participating as a market maker on JoinMarket by allowing users to perform CoinJoin transactions with your bitcoins for a small fee (requires you to already have some bitcoins.
The following is a short list of ongoing projects that might be worth taking a look at if you are interested in current development in the bitcoin space.
One Bitcoin is quite large (hundreds of £/$/€) so people often deal in smaller units. The most common subunits are listed below:
one bitcoin is equal to 100 million satoshis
1,000 per bitcoin
used as default unit in recent Electrum wallet releases
1,000,000 per bitcoin
colloquial "slang" term for microbitcoin (μBTC)
100,000,000 per bitcoin
smallest unit in bitcoin, named after the inventor
For example, assuming an arbitrary exchange rate of $10000 for one Bitcoin, a $10 meal would equal:
For more information check out the Bitcoin units wiki. Still have questions? Feel free to ask in the comments below or stick around for our weekly Mentor Monday thread. If you decide to post a question in /Bitcoin, please use the search bar to see if it has been answered before, and remember to follow the community rules outlined on the sidebar to receive a better response. The mods are busy helping manage our community so please do not message them unless you notice problems with the functionality of the subreddit. Note: This is a community created FAQ. If you notice anything missing from the FAQ or that requires clarification you can edit it here and it will be included in the next revision pending approval. Welcome to the Bitcoin community and the new decentralized economy!
So the blockchain thing keeps coming up, but all the explanations are super vague and hand-wavey. I looked-over those PDFs PowerDubs posted the other day. I still cannot figure out how this is even hypothetically supposed to work. One proposed use is for a future online casino. Crypto casinos already exist, and they are shady. The largest bitcoin casino's CEO goes by the pseudonym "wetsuit". I assume he doesn't use his real name because of, you know, all the crime involved. So what's Atari's plan? If Atari is selling a tool for transmitting money for gambling, this is a wire-fraud risk. If Americans try and use this token, Atari will have to function as a financial institute in compliance with US law. The obscure bank Atari has partnered with may or may not exist, but it won't hold up to scrutiny either way. Maybe some other countries are more lax about this, but a lot are even more strict. So who, exactly, will legally be allowed to use this token? The other major purpose is for in-app purchases. If Atari lets users cash-out in-app currencies, this basically turns EVERY GAME into a gambling game. Game companies don't want to be fined for running money laundering operations, so they don't usually make it easy to cash-out in-app currency. "Blockchain" doesn't change this. If reputable companies don't want this, why would they work with Atari? Why would Atari even offer this? There are other proposed uses as well. None of these ambitious plans amount to anything unless the token has some value in "fiat". Game industry workers still need to pay rent and buy groceries, wherever they live. Workers don't want to be payed in coupons they can only spend on overpriced app stores like RobotCache. The whitepaper even says something about Atari Token helping people without internet access. Sure Jan. If Facebook couldn't figure this out with Libra, what hope does Atari have? Again, who will legally be allowed to use this token for its proposed purpose? How does being on the blockchain actually benefit anyone?
The dichotomy is between computationally infeasible vs informationally-theoretic infeasible. Basically:
Something is computationally infeasible if it could in theory be done, but you would not be able to build a practical computer to do it within the age of the universe and using only the power available in just one galaxy or thereabouts.
Something is informationally-theoretic infeasible if even if you had any arbitrarily large amount of time, space, and energy, you cannot do it.
Quantum breaks represent a possible reduction in computational infeasibility of certain things, but not information-theoretic infeasibility. For example, suppose you want to know what 256-bit preimages map to 256-bit hashes. In theory, you just need to build a table with 2256 entries and start from 0x0000000000000000000000000000000000000000000000000000000000000000 and so on. This is computationally infeasible, but not information-theoretic infeasible. However, suppose you want to know what preimages, of any size, map to 256-bit hashes. Since the preimages can be of any size, after finishing with 256-bit preimages, you have to proceed to 257-bit preimages. And so on. And there is no size limit, so you will literally never finish. Even if you lived forever, you would not complete it. This is information-theoretic infeasible.
How does this relate to confidential transactions? Basically, every confidential transaction simply hides the value behind a homomorphic commitment. What is a homomorphic commitment? Okay, let's start with commitments. A commitment is something which lets you hide something, and later reveal what you hid. Until you reveal it, even if somebody has access to the commitment, they cannot reverse it to find out what you hid. This is called the "hiding property" of commitments. However, when you do reveal it (or "open the commitment"), then you cannot replace what you hid with some other thing. This is called the "binding property" of commitments. For example, a hash of a preimage is a commitment. Suppose I want to commit to something. For example, I want to show that I can predict the future using the energy of a spare galaxy I have in my pocket. I can hide that something by hashing a description of the future. Then I can give the hash to you. You still cannot learn the future, because it's just a hash, and you can't reverse the hash ("hiding"). But suppose the future event occurs. I can reveal that I did, in fact, know the future. So I give you the description, and you hash it and compare it to the hash I gave earlier. Because of preimage resistance, I cannot retroactively change what I hid in the hash, so what I gave must have been known to me at the time that I gave you the commitment i..e. hash ("binding").
A homomorphic commitment simply means that if I can do certain operations on preimages of the commitment scheme, there are certain operations on the commitments that would create similar ("homo") changes ("morphic") to the commitments. For example, suppose I have a magical function h() which is a homomorphic commitment scheme. It can hide very large (near 256-bit) numbers. Then if h() is homomorphic, there may be certain operations on numbers behind the h() that have homomorphisms after the h(). For example, I might have an operation <+> that is homomorphic in h() on +, or in other words, if I have two large numbers a and b, then h(a + b) = h(a) <+> h(b). + and <+> are different operations, but they are homomorphic to each other. For example, elliptic curve scalars and points have homomorphic operations. Scalars (private keys) are "just" very large near-256-bit numbers, while points are a scalar times a standard generator point G. Elliptic curve operations exist where there is a <+> between points that is homomorphic on standard + on scalars, and a <*> between a scalar and a point that is homomorphic on standard * multiplication on scalars. For example, suppose I have two large scalars a and b. I can use elliptic curve points as a commitment scheme: I can take a <*> G to generate a point A. It is hiding since nobody can learn what a is unless I reveal it (a and A can be used in standard ECDSA private-public key cryptography, with the scalar a as the private key and the point A as the public key, and the a cannot be derived even if somebody else knows A). Thus, it is hiding. At the same time, for a particular point A and standard generator point G, there is only one possible scalar a which when "multiplied" with G yields A. So scalars and elliptic curve points are a commitment scheme, with both hiding and binding properties. Now, as mentioned there is a <+> operation on points that is homomorphic to the + operation on corresponding scalars. For example, suppose there are two scalars a and b. I can compute (a + b) <*> G to generate a particular point. But even if I don't know scalars a and b, but I do know points A = a <*> G and B = b <*> G, then I can use A <+> B to derive (a + b) <*> G (or equivalently, (a <*> G) <+> (b <*> G) == (a + b) <*> G). This makes points a homomorphic commitment scheme on scalars.
Confidential Transactions: A Sketch
This is useful since we can easily use the near-256-bit scalars in SECP256K1 elliptic curves to easily represent values in a monetary system, and hide those values by using a homomorphic commitment scheme. We can use the hiding property to prevent people from learning the values of the money we are sending and receiving. Now, in a proper cryptocurrency, a normal, non-coinbase transaction does not create or destroy coins: the values of the input coins are equal to the value of the output coins. We can use a homomorphic commitment scheme. Suppose I have a transaction that consumes an input value a and creates two output values b and c. That is, a = b + c, i.e. the sum of all inputs a equals the sum of all outputs b and c. But remember, with a homomorphic commitment scheme like elliptic curve points, there exists a <+> operation on points that is homomorphic to the ordinary school-arithmetic + addition on large numbers. So, confidential transactions can use points a <*> G as input, and points b <*> G and c <*> G as output, and we can easily prove that a <*> G = (b <*> G) <+> (c <*> G) if a = b + c, without revealing a, b, or c to anyone.
Actually, we cannot just use a <*> G as a commitment scheme in practice. Remember, Bitcoin has a cap on the number of satoshis ever to be created, and it's less than 253 satoshis, which is fairly trivial. I can easily compute all values of a <*> G for all values of a from 0 to 253 and know which a <*> G corresponds to which actual amount a. So in confidential transactions, we cannot naively use a <*> G commitments, we need Pedersen commitments. If you know what a "salt" is, then Pedersen commitments are fairly obvious. A "salt" is something you add to e.g. a password so that the hash of the password is much harder to attack. Humans are idiots and when asked to generate passwords, will output a password that takes less than 230 possibilities, which is fairly easy to grind. So what you do is that you "salt" a password by prepending a random string to it. You then hash the random string + password, and store the random string --- the salt --- together with the hash in your database. Then when somebody logs in, you take the password, prepend the salt, hash, and check if the hash matches with the in-database hash, and you let them log in. Now, with a hash, even if somebody copies your password database, the can't get the password. They're hashed. But with a salt, even techniques like rainbow tables make a hacker's life even harder. They can't hash a possible password and check every hash in your db for something that matches. Instead, if they get a possible password, they have to prepend each salt, hash, then compare. That greatly increases the computational needs of a hacker, which is why salts are good. What a Pedersen commitment is, is a point a <*> H, where a is the actual value you commit to, plus <+> another point r <*> G. H here is a second standard generator point, different from G. The r is the salt in the Pedersen commitment. It makes it so that even if you show (a <*> H) <+> (r <*> G) to somebody, they can't grind all possible values of a and try to match it with your point --- they also have to grind r (just as with the password-salt example above). And r is much larger, it can be a true near-256-bit number that is the range of scalars in SECP256K1, whereas a is constrained to "reasonable" numbers of satoshi, which cannot exceed 21 million Bitcoins. Now, in order to validate a transaction with input a and outputs b and c, you only have to prove a = b + c. Suppose we are hiding those amounts using Pedersen commitments. You have an input of amount a, and you know a and r. The blockchain has an amount (a <*> H) <+> (r <*> G). In order to create the two outputs b and c, you just have to create two new r scalars such that r = r + r. This is trivial, you just select a new random r and then compute r = r - r, it's just basic algebra. Then you create a transaction consuming the input (a <*> H) <+> (r <*> G) and outputs (b <*> H) <+> (r <*> G) and (c <*> H) <+> (r <*> G). You know that a = b + c, and r = r + r, while fullnodes around the world, who don't know any of the amounts or scalars involved, can just take the points (a <*> H) <+> (r <*> G) and see if it equals (b <*> H) <+> (r <*> G) <+> (c <*> H) <+> (r <*> G). That is all that fullnodes have to validate, they just need to perform <+> operations on points and comparison on points, and from there they validate transactions, all without knowing the actual values involved.
What does this mean? It's just a measure of how "impossible" binding vs hiding is. Pedersen commitments are computationally binding, meaning that in theory, a user of this commitment with arbitrary time and space and energy can, in theory, replace the amount with something else. However, it is information-theoretic hiding, meaning an attacker with arbitrary time and space and energy cannot figure out exactly what got hidden behind the commitment. But why? Now, we have been using a and a <*> G as private keys and public keys in ECDSA and Schnorr. There is an operation <*> on a scalar and a point that generates another point, but we cannot "revrese" this operation. For example, even if I know A, and know that A = a <*> G, but do not know a, I cannot derive a --- there is no operation between A G that lets me know a. Actually there is: I "just" need to have so much time, space, and energy that I just start counting a from 0 to 2256 and find which a results in A = a <*> G. This is a computational limit: I don't have a spare universe in my back pocket I can use to do all those computations. Now, replace a with h and A with H. Remember that Pedersen commitments use a "second" standard generator point. The generator points G and H are "not really special" --- they are just random points on the curve that we selected and standardized. There is no operation H G such that I can learn h where H = h <*> G, though if I happen to have a spare universe in my back pocket I can "just" brute force it. Suppose I do have a spare universe in my back pocket, and learn h = H G such that H = h <*> G. What can I do in Pedersen commitments? Well, I have an amount a that is committed to by (a <*> H) <+> (r <*> G). But I happen to know h! Suppose I want to double my money a without involving Elon Musk. Then:
(a <*> H) <+> (r <*> G)
== (a <*> (h <*> G)) <+> (r <*> G)
== ((a * h) <*> G) <+> (r <*> G); remember, <*> is also homomorphic on multiplication *.
== ((a * h + a * h - a * h) <*> G) <+> (r <*> G); just add 0.
== ((a * h + a * h) <*> G) <+> ((-a * h) <*> G) <+> (r <*> G)
== ((2 * a * h) <*> G) <+> ((r - a * h) <*> G)
== ((2 * a) <*> (h <*> G)) <+> ((r - a * h) <*> G)
== ((2 * a) <*> H) <+> ((r - a * h) <*> G); TADA!! I doubled my money!
That is what we mean by computationally binding: if I can compute h such that H = h <*> G, then I can find another number which opens the same commitment. And of course I'd make sure that number is much larger than what I originally had in that address! Now, the reason why it is "only" computationally binding is that it is information-theoretically hiding. Suppose somebody knows h, but has no money in the cryptocurrency. All they see are points. They can try to find what the original amounts are, but because any amount can be mapped to "the same" point with knowledge of h (e.g. in the above, a and 2 * a got mapped to the same point by "just" replacing the salt r with r - a * h; this can be done for 3 * a, 4 * a etc.), they cannot learn historical amounts --- the a in historical amounts could be anything. The drawback, though, is that --- as seen above --- arbitrary inflation is now introduced once somebody knows h. They can multiply their money by any arbitrary factor with knowledge of h. It is impossible to have both perfect hiding (i.e. historical amounts remain hidden even after a computational break) and perfect binding (i.e. you can't later open the commitment to a different, much larger, amount). Pedersen commitments just happen to have perfect hiding, but only computationally-infeasible binding. This means they allow hiding historical values, but in case of anything that allows better computational power --- including but not limited to quantum breaks --- they allow arbitrary inflation.
Changing The Tradeoffs with ElGamal Commitments
An ElGamal commitment is just a Pedersen commitment, but with the point r <*> G also stored in a separate section of the transaction. This commits the r, and fixes it to a specific value. This prevents me from opening my (a <*> H) <+> (r <*> G) as ((2 * a) <*> H) <+> ((r - a * h) <*> G), because the (r - a * h) would not match the r <*> G sitting in a separate section of the transaction. This forces me to be bound to that specific value, and no amount of computation power will let me escape --- it is information-theoretically binding i.e. perfectly binding. But that is now computationally hiding. An evil surveillor with arbitrary time and space can focus on the r <*> G sitting in a separate section of the transaction, and grind r from 0 to 2256 to determine what r matches that point. Then from there, they can negate r to get (-r) <*> G and add it to the (a <*> H) <+> (r <*> G) to get a <*> H, and then grind that to determine the value a. With massive increases in computational ability --- including but not limited to quantum breaks --- an evil surveillor can see all the historical amounts of confidential transactions.
This is the source of the tradeoff: either you design confidential transactions so in case of a quantum break, historical transactions continue to hide their amounts, but inflation of the money is now unavoidable, OR you make the money supply sacrosanct, but you potentially sacrifice amount hiding in case of some break, including but not limited to quantum breaks.
This is a follow-up on https://old.reddit.com/Bitcoin/comments/hqzp14/technical_the_path_to_taproot_activation/ Taproot! Everybody wants it!! But... you might ask yourself: sure, everybody else wants it, but why would I, sovereign Bitcoin HODLer, want it? Surely I can be better than everybody else because I swapped XXX fiat for Bitcoin unlike all those nocoiners? And it is important for you to know the reasons why you, o sovereign Bitcoiner, would want Taproot activated. After all, your nodes (or the nodes your wallets use, which if you are SPV, you hopefully can pester to your wallet vendoimplementor about) need to be upgraded in order for Taproot activation to actually succeed instead of becoming a hot sticky mess. First, let's consider some principles of Bitcoin.
You the HODLer should be the one who controls where your money goes. Your keys, your coins.
You the HODLer should be able to coordinate and make contracts with other people regarding your funds.
You the HODLer should be able to do the above without anyone watching over your shoulder and judging you.
I'm sure most of us here would agree that the above are very important principles of Bitcoin and that these are principles we would not be willing to remove. If anything, we would want those principles strengthened (especially the last one, financial privacy, which current Bitcoin is only sporadically strong with: you can get privacy, it just requires effort to do so). So, how does Taproot affect those principles?
Taproot and Your /Coins
Most HODLers probably HODL their coins in singlesig addresses. Sadly, switching to Taproot would do very little for you (it gives a mild discount at spend time, at the cost of a mild increase in fee at receive time (paid by whoever sends to you, so if it's a self-send from a P2PKH or bech32 address, you pay for this); mostly a wash). (technical details: a Taproot output is 1 version byte + 32 byte public key, while a P2WPKH (bech32 singlesig) output is 1 version byte + 20 byte public key hash, so the Taproot output spends 12 bytes more; spending from a P2WPKH requires revealing a 32-byte public key later, which is not needed with Taproot, and Taproot signatures are about 9 bytes smaller than P2WPKH signatures, but the 32 bytes plus 9 bytes is divided by 4 because of the witness discount, so it saves about 11 bytes; mostly a wash, it increases blockweight by about 1 virtual byte, 4 weight for each Taproot-output-input, compared to P2WPKH-output-input). However, as your HODLings grow in value, you might start wondering if multisignature k-of-n setups might be better for the security of your savings. And it is in multisignature that Taproot starts to give benefits! Taproot switches to using Schnorr signing scheme. Schnorr makes key aggregation -- constructing a single public key from multiple public keys -- almost as trivial as adding numbers together. "Almost" because it involves some fairly advanced math instead of simple boring number adding, but hey when was the last time you added up your grocery list prices by hand huh? With current P2SH and P2WSH multisignature schemes, if you have a 2-of-3 setup, then to spend, you need to provide two different signatures from two different public keys. With Taproot, you can create, using special moon math, a single public key that represents your 2-of-3 setup. Then you just put two of your devices together, have them communicate to each other (this can be done airgapped, in theory, by sending QR codes: the software to do this is not even being built yet, but that's because Taproot hasn't activated yet!), and they will make a single signature to authorize any spend from your 2-of-3 address. That's 73 witness bytes -- 18.25 virtual bytes -- of signatures you save! And if you decide that your current setup with 1-of-1 P2PKH / P2WPKH addresses is just fine as-is: well, that's the whole point of a softfork: backwards-compatibility; you can receive from Taproot users just fine, and once your wallet is updated for Taproot-sending support, you can send to Taproot users just fine as well! (P2WPKH and P2WSH -- SegWit v0 -- addresses start with bc1q; Taproot -- SegWit v1 --- addresses start with bc1p, in case you wanted to know the difference; in bech32 q is 0, p is 1) Now how about HODLers who keep all, or some, of their coins on custodial services? Well, any custodial service worth its salt would be doing at least 2-of-3, or probably something even bigger, like 11-of-15. So your custodial service, if it switched to using Taproot internally, could save a lot more (imagine an 11-of-15 getting reduced from 11 signatures to just 1!), which --- we can only hope! --- should translate to lower fees and better customer service from your custodial service! So I think we can say, very accurately, that the Bitcoin principle --- that YOU are in control of your money --- can only be helped by Taproot (if you are doing multisignature), and, because P2PKH and P2WPKH remain validly-usable addresses in a Taproot future, will not be harmed by Taproot. Its benefit to this principle might be small (it mostly only benefits multisignature users) but since it has no drawbacks with this (i.e. singlesig users can continue to use P2WPKH and P2PKH still) this is still a nice, tidy win! (even singlesig users get a minor benefit, in that multisig users will now reduce their blockchain space footprint, so that fees can be kept low for everybody; so for example even if you have your single set of private keys engraved on titanium plates sealed in an airtight box stored in a safe buried in a desert protected by angry nomads riding giant sandworms because you're the frickin' Kwisatz Haderach, you still gain some benefit from Taproot) And here's the important part: if P2PKH/P2WPKH is working perfectly fine with you and you decide to never use Taproot yourself, Taproot will not affect you detrimentally. First do no harm!
Taproot and Your Contracts
No one is an island, no one lives alone. Give and you shall receive. You know: by trading with other people, you can gain expertise in some obscure little necessity of the world (and greatly increase your productivity in that little field), and then trade the products of your expertise for necessities other people have created, all of you thereby gaining gains from trade. So, contracts, which are basically enforceable agreements that facilitate trading with people who you do not personally know and therefore might not trust. Let's start with a simple example. You want to buy some gewgaws from somebody. But you don't know them personally. The seller wants the money, you want their gewgaws, but because of the lack of trust (you don't know them!! what if they're scammers??) neither of you can benefit from gains from trade. However, suppose both of you know of some entity that both of you trust. That entity can act as a trusted escrow. The entity provides you security: this enables the trade, allowing both of you to get gains from trade. In Bitcoin-land, this can be implemented as a 2-of-3 multisignature. The three signatories in the multisgnature would be you, the gewgaw seller, and the escrow. You put the payment for the gewgaws into this 2-of-3 multisignature address. Now, suppose it turns out neither of you are scammers (whaaaat!). You receive the gewgaws just fine and you're willing to pay up for them. Then you and the gewgaw seller just sign a transaction --- you and the gewgaw seller are 2, sufficient to trigger the 2-of-3 --- that spends from the 2-of-3 address to a singlesig the gewgaw seller wants (or whatever address the gewgaw seller wants). But suppose some problem arises. The seller gave you gawgews instead of gewgaws. Or you decided to keep the gewgaws but not sign the transaction to release the funds to the seller. In either case, the escrow is notified, and if it can sign with you to refund the funds back to you (if the seller was a scammer) or it can sign with the seller to forward the funds to the seller (if you were a scammer). Taproot helps with this: like mentioned above, it allows multisignature setups to produce only one signature, reducing blockchain space usage, and thus making contracts --- which require multiple people, by definition, you don't make contracts with yourself --- is made cheaper (which we hope enables more of these setups to happen for more gains from trade for everyone, also, moon and lambos). (technology-wise, it's easier to make an n-of-n than a k-of-n, making a k-of-n would require a complex setup involving a long ritual with many communication rounds between the n participants, but an n-of-n can be done trivially with some moon math. You can, however, make what is effectively a 2-of-3 by using a three-branch SCRIPT: either 2-of-2 of you and seller, OR 2-of-2 of you and escrow, OR 2-of-2 of escrow and seller. Fortunately, Taproot adds a facility to embed a SCRIPT inside a public key, so you can have a 2-of-2 Taprooted address (between you and seller) with a SCRIPT branch that can instead be spent with 2-of-2 (you + escrow) OR 2-of-2 (seller + escrow), which implements the three-branched SCRIPT above. If neither of you are scammers (hopefully the common case) then you both sign using your keys and never have to contact the escrow, since you are just using the escrow public key without coordinating with them (because n-of-n is trivial but k-of-n requires setup with communication rounds), so in the "best case" where both of you are honest traders, you also get a privacy boost, in that the escrow never learns you have been trading on gewgaws, I mean ewww, gawgews are much better than gewgaws and therefore I now judge you for being a gewgaw enthusiast, you filthy gewgawer).
Taproot and Your Contracts, Part 2: Cryptographic Boogaloo
Now suppose you want to buy some data instead of things. For example, maybe you have some closed-source software in trial mode installed, and want to pay the developer for the full version. You want to pay for an activation code. This can be done, today, by using an HTLC. The developer tells you the hash of the activation code. You pay to an HTLC, paying out to the developer if it reveals the preimage (the activation code), or refunding the money back to you after a pre-agreed timeout. If the developer claims the funds, it has to reveal the preimage, which is the activation code, and you can now activate your software. If the developer does not claim the funds by the timeout, you get refunded. And you can do that, with HTLCs, today. Of course, HTLCs do have problems:
Privacy. Everyone scraping the Bitcoin blockchain can see any HTLCs, and preimages used to claim them.
This can be mitigated by using offchain techniques so HTLCs are never published onchain in the happy case. Lightning would probably in practice be the easiest way to do this offchain. Of course, there are practical limits to what you can pay on Lightning. If you are buying something expensive, then Lightning might not be practical. For example, the "software" you are activating is really the firmware of a car, and what you are buying is not the software really but the car itself (with the activation of the car firmware being equivalent to getting the car keys).
Even offchain techniques need an onchain escape hatch in case of unresponsiveness! This means that, if something bad happens during payment, the HTLC might end up being published onchain anyway, revealing the fact that some special contract occurred.
And an HTLC that is claimed with a preimage onchain will also publicly reveal the preimage onchain. If that preimage is really the activation key of a software than it can now be pirated. If that preimage is really the activation key for your newly-bought cryptographic car --- well, not your keys, not your car!
Trust requirement. You are trusting the developer that it gives you the hash of an actual valid activation key, without any way to validate that the activation key hidden by the hash is actually valid.
Fortunately, with Schnorr (which is enabled by Taproot), we can now use the Scriptless Script constuction by Andrew Poelstra. This Scriptless Script allows a new construction, the PTLC or Pointlocked Timelocked Contract. Instead of hashes and preimages, just replace "hash" with "point" and "preimage" with "scalar". Or as you might know them: "point" is really "public key" and "scalar" is really a "private key". What a PTLC does is that, given a particular public key, the pointlocked branch can be spent only if the spender reveals the private key of the given public key to you. Another nice thing with PTLCs is that they are deniable. What appears onchain is just a single 2-of-2 signature between you and the developemanufacturer. It's like a magic trick. This signature has no special watermarks, it's a perfectly normal signature (the pledge). However, from this signature, plus some datta given to you by the developemanufacturer (known as the adaptor signature) you can derive the private key of a particular public key you both agree on (the turn). Anyone scraping the blockchain will just see signatures that look just like every other signature, and as long as nobody manages to hack you and get a copy of the adaptor signature or the private key, they cannot get the private key behind the public key (point) that the pointlocked branch needs (the prestige). (Just to be clear, the public key you are getting the private key from, is distinct from the public key that the developemanufacturer will use for its funds. The activation key is different from the developer's onchain Bitcoin key, and it is the activation key whose private key you will be learning, not the developer's/manufacturer's onchain Bitcoin key). So:
Privacy: PTLCs are private even if done onchain. Nobody else can learn what the private key behind the public key is, except you who knows the adaptor signature that when combined with the complete onchain signature lets you know what the private key of the activation key is. Somebody scraping the blockchain will not learn the same information even if all PTLCs are done onchain!
Lightning is still useful for reducing onchain use, and will also get PTLCs soon after Taproot is activated, but even if something bad happens and a PTLC has to go onchain, it doesn't reveal anything!
Trust issues can be proven more easily with a public-private keypair than with a hash-preimage pair.
For example, the developer of the software you are buying could provide a signature signing a message saying "unlock access to the full version for 1 day". You can check if feeding this message and signature to the program will indeed unlock full-version access for 1 day. Then you can check if the signature is valid for the purported pubkey whose private key you will pay for. If so, you can now believe that getting the private key (by paying for it in a PTLC) would let you generate any number of "unlock access to the full version for 1 day" message+signatures, which is equivalent to getting full access to the software indefinitely.
For the car, the manufacturer can show that signing a message "start the engine" and feeding the signature to the car's fimrware will indeed start the engine, and maybe even let you have a small test drive. You can then check if the signature is valid for the purported pubkey whose privkey you will pay for. If so, you can now believe that gaining knowledge of the privkey will let you start the car engine at any time you want.
(pedantry: the signatures need to be unique else they could be replayed, this can be done with a challenge-response sequence for the car, where the car gathers entropy somehow (it's a car, it probably has a bunch of sensors nowadays so it can get entropy for free) and uses the gathered entropy to challenge you to sign a random number and only start if you are able to sign the random number; for the software, it could record previous signatures somewhere in the developer's cloud server and refuse to run if you try to replay a previously-seen signature.)
Taproot lets PTLCs exist onchain because they enable Schnorr, which is a requirement of PTLCs / Scriptless Script. (technology-wise, take note that Scriptless Script works only for the "pointlocked" branch of the contract; you need normal Script, or a pre-signed nLockTimed transaction, for the "timelocked" branch. Since Taproot can embed a script, you can have the Taproot pubkey be a 2-of-2 to implement the Scriptless Script "pointlocked" branch, then have a hidden script that lets you recover the funds with an OP_CHECKLOCKTIMEVERIFY after the timeout if the seller does not claim the funds.)
Now if you were really paying attention, you might have noticed this parenthetical:
(technical details: a Taproot output is 1 version byte + 32 byte public key, while a P2WPKH (bech32 singlesig) output is 1 version byte + 20 byte public key hash...)
So wait, Taproot uses raw 32-byte public keys, and not public key hashes? Isn't that more quantum-vulnerable?? Well, in theory yes. In practice, they probably are not. It's not that hashes can be broken by quantum computes --- they're still not. Instead, you have to look at how you spend from a P2WPKH/P2PKH pay-to-public-key-hash. When you spend from a P2PKH / P2WPKH, you have to reveal the public key. Then Bitcoin hashes it and checks if this matches with the public-key-hash, and only then actually validates the signature for that public key. So an unconfirmed transaction, floating in the mempools of nodes globally, will show, in plain sight for everyone to see, your public key. (public keys should be public, that's why they're called public keys, LOL) And if quantum computers are fast enough to be of concern, then they are probably fast enough that, in the several minutes to several hours from broadcast to confirmation, they have already cracked the public key that is openly broadcast with your transaction. The owner of the quantum computer can now replace your unconfirmed transaction with one that pays the funds to itself. Even if you did not opt-in RBF, miners are still incentivized to support RBF on RBF-disabled transactions. So the extra hash is not as significant a protection against quantum computers as you might think. Instead, the extra hash-and-compare needed is just extra validation effort. Further, if you have ever, in the past, spent from the address, then there exists already a transaction indelibly stored on the blockchain, openly displaying the public key from which quantum computers can derive the private key. So those are still vulnerable to quantum computers. For the most part, the cryptographers behind Taproot (and Bitcoin Core) are of the opinion that quantum computers capable of cracking Bitcoin pubkeys are unlikely to appear within a decade or two.
Current quantum computers can barely crack prime factorization problem for primes of 5 bits.
The 256-bit elliptic curve use by Bitcoin is, by my (possibly wrong) understanding, equivalent to 4096-bit primes, so you can see a pretty big gap between now (5 bit primes) and what is needed (4096 bit primes).
A lot of financial non-Bitcoin systems use the equivalent of 3072-bit primes or less, and are probably easier targets to crack than the equivalent-to-4096-bit-primes Bitcoin.
Quantum computers capable of cracking Bitcoin are still far off.
Pay-to-public-key-hash is not as protective as you might think.
We will probably see banks get cracked before Bitcoin, so the banking system is a useful canary-in-a-coal-mine to see whether we should panic about being quantum vulnerable.
For now, the homomorphic and linear properties of elliptic curve cryptography provide a lot of benefits --- particularly the linearity property is what enables Scriptless Script and simple multisignature (i.e. multisignatures that are just 1 signature onchain). So it might be a good idea to take advantage of them now while we are still fairly safe against quantum computers. It seems likely that quantum-safe signature schemes are nonlinear (thus losing these advantages).
If you are a singlesig HODL-only Bitcoin user, Taproot will not affect you positively or negatively. Importantly: Taproot does no harm!
If you use or intend to use multisig, Taproot will be a positive for you.
If you transact onchain regularly using typical P2PKH/P2WPKH addresses, you get a minor reduction in feerates since multisig users will likely switch to Taproot to get smaller tx sizes, freeing up blockspace for yours.
If you are using multiparticipant setups for special systems of trade, Taproot will be a positive for you.
Remember: Lightning channels are multipartiicpiant setups for special systems of lightning-fast offchain trades!
I Wanna Be The Taprooter!
So, do you want to help activate Taproot? Here's what you, mister sovereign Bitcoin HODLer, can do!
If you have developer experience especially in C, C++, or related languages
Review the Taproot code! There is one pull request in Bitcoin Core, and one in libsecp256k1. I deliberately am not putting links here, to avoid brigades of nontechnical but enthusiastic people leaving pointless reviews, but if you are qualified you know how to find them!
But I am not a cryptographeBitcoin Core contributomathematician/someone as awesome as Pieter Wuille
That's perfectly fine! The cryptographers have been over the code already and agree the math is right and the implementation is right. What is wanted is the dreary dreary dreary software engineering: are the comments comprehensive and understandable? no misspellings in the comments? variable names understandable? reasonable function naming convention? misleading coding style? off-by-one errors in loops? conditions not covered by tests? accidental mixups of variables with the same types? missing frees? read-before-init? better test coverage of suspicious-looking code? missing or mismatching header guards? portability issues? consistent coding style? you know, stuff any coder with a few years of experience in coding anything might be able to catch. With enough eyes all bugs are shallow!
If you are running a mining pool/mining operation/exchange/custodial service/SPV server
Be prepared to upgrade!
One of the typical issues with upgrading software is that subtle incompatibilities with your current custom programs tend to arise, disrupting operations and potentially losing income due to downtime. If so, consider moving to the two-node setup suggested by gmax, which is in the last section of my previous post. With this, you have an up-to-date "public" node and a fixed-version "private" node, with the public node protecting the private node from any invalid chainsplits or invalid transactions. Moving to this setup from a typical one-node setup should be smooth and should not disrupt operations (too much).
If you are running your own fullnode for fun or for your own wallet
Be prepared to upgrade! The more nodes validating the new rules (even if you are a non-mining node!), the safer every softfork will be!
If you are using an SPV wallet or custodial wallet/service (including hardware wallets using the software of the wallet provider)
Contact your wallet provider / SPV server and ask for a statement on whether they support Taproot, and whether they are prepared to upgrade for Taproot! Make it known to them that Taproot is something you want!
But I Hate Taproot!!
Raise your objections to Taproot now, or forever hold your peace! Maybe you can raise them here and some of the devs (probably nullc, he goes everywhere, even in rbtc!) might be able to see your objections! Or if your objections are very technical, head over to the appropriate pull request and object away!
Maybe you simply misunderstand something, and we can clarify it here!
Or maybe you do have a good objection, and we can make Taproot better by finding a solution for it!
Warning, long post from my mornings contemplation. See https://twitter.com/markjeffrey/status/1300175793352445952 (Mark Jeffery 30 mins) for a video explaining DeFi. This is my attempt at explaining DeFi. I’m still learning this stuff, so any corrections are welcomed. Links are provided for information, none are recommendations, nor referral links. Do your own research (DYOR) before investing :) I’ll try not to shill YFI too much... Not all platforms use the same mechanics as I describe, but I think I’ve covered the most common ones. Stable coins Crypro currency that is intended to maintain a level value. Normally with respect to USD $. Some rely on a trusted third party who has actual USD sitting in a bank account (USDT aka Tether, USDC…), others are trustless (DAI) Maker Lock collateral into the smart contract. Then DIA can be generated, and used for other things. DAI is designed to match the USD, and is completely trustless. You must have more value staked than the DAI removed (at least 150% over collateral) or you will get liquidated. BTC on ETH Bitcoin can not be directly used on the etherium chain. So, there are a number ways to make the value availble. Most involve trusting a 3rd party and the most common is wrapped BTC wBTC. Notes WETH (Wrapped ETH) is used by some contracts to use ETH (direct use of ETH is not possible in some contracts) Unlinke WBTC, WETH is trustless as evrythign is done on the etherium blockchain (I think). Lending You deposit a valuable token onto a pool on platform, someone else borrows it. They pay interest to the pool. You get a proportion of the pools interest over time. When there is high demand for a particular token, the interest rate increases dynamically. e.g. look at the interest rate model and click on the figure for https://compound.finance/markets/USDC Borrow rates increase lineally as more of the available pool is loaned. 2% at zero and 12.5% when the pool is emptied. Earnings are lower than the borrowing rates because: There is more in the pool than borrowed. The platform takes a cut. e.g. 50% of the pool is borrowed, the borrower pays 7.25%, but the lenders only get 3.38%. 3.38/0.5 = 6.76%, so about 0.5% of the interest is being taken by compound. Different pools have different interest rate functions, DAI has an inflection point to maintain a buffer https://compound.finance/markets/DAI The interest rate increases slowly to 4% until 75% of the available pool is loaned out. Then it’s much more expensive to borrow e.g. 16% APR at 90% utilisation. When lending a single token into a single pool, you should always get the (slightly ?) more of same token back. How lending works You deposit ETH, you are given a token back as proof of participation in the pool (cETH for comound.finance). The exchange rate for cETH to ETH is NOT fixed. Rather is changes over time. As the ETH interest is paid into the pool the cETH becomes more valuable compared to the initial deposit. e.g. you deposit 10 ETH, and get 499.52 cETH. In a months time, you repay the 499.2 cETH cETH and get 10.1 ETH back. You have just gained 1%. Taxes In many jurisdictions, converting ETH to cETH would be classed as a taxable event (DYOR ! ) Lego Bricks The cETH represents your ETH, so it has value. This means it can be used for other things... Lego bricks is taken to mean that all these things fit together and you can sue them in different ways. How borrowing works You need to be over colarteralised to borrow from most platforms. So, if you deposit 10.0 ETH into a smart contract, you (currently) have $4,000 of collateral to work with. The platform may then let you borrow a % of your collateral in other tokens. So, you can borrow $2,000 of USDC, to buy more 5 ETH. Then when ETH price goes up you sell $2100 back to USDC and repay the interest. Now you have 10.x ETH. This is a form of Leverage, when the price goes up, you win. However, if the ETH price goes down, you risk being Liquidated. This means part of your collateral will be sold at the (lower) market price to repay your loan. There will likely be a penalty for you. (e.g. @ ETH = $300, 7.33 of your ETH is sold for $2,400, your USDC loan is repaid, and you keep the remaining 2.67 ETH and the 5 ETH you purchased. Shorting Deposit $8,000 collateral, Borrow 10 ETH and sell for $400 each. If the price drops to $380, buy 10.1 ETH and repay the loan and interest. You have just made $162 profit. However, if the price goes up you will still need to buy 10.1 ETH. Flash Loans A technomage creates a single transaction that borrows lots of money. Then within the same single ~13 second block uses it to do lots of complex things to hopefully make a profit. As it’s all within a single block, collateral is not required. See https://mobile.twitter.com/nanexcool/status/1297068546023993349 for a transaction that made ~46,000 USDC profit (without collateral) If this post is introducing you to the possibilities of flash loans, you are very unlikely to ever do one in the near future. I think Aave is the most common source for flash loans. Simple farming lending: Simply put you token in which ever platform offers the largest interest rate. Moving to the best option costs gas (and attention). Complex lending farming Some platforms offer tokens in return for using a platform, so simple APR comparisons aren’t sufficient. If the additional platform token has high value it can distort the market. E.g. when COMP was initially offered, it was profitable to:
Place collateral on compound.finance
Borrow BAT at 30%
Lend the BAT back to the same platform at 15%
Collect the COMP accrued due to interest paid and interest earned.
Sell the COMP on the open market.
This technique was made less favourable by compound changing the distribution model so smaller pools (like BAT) couldn’t be exploited in this way. DEX Decentralised exchanges range from ones that operate with depositing assets, trading with an order book and then withdrawing, to simple interfaces that allow you to swap tokens. of the latter, the most popular is uniswap. Liquidity provision The swap based DEX’s rely on liquidity providers (LP). Here you deposit equal values of two tokens e.g. USDC and ETH. Then any time someone wants to swap USDC for ETH on the exchange, they add USDC and remove ETH from the pool. Each time someone does a swap, they pay a fee to the liquidity pool and you get a share. Impairment loss However, if the price of one asset goes up, the pool with stabilise to have less of it. So you see an overall increase, but not as much as if you had just hold’ed. See https://twitter.com/ChainLinkGod/status/1270046868932661248 for an example. Hopefully, the fees accrued are greater than the losses. https://twitter.com/Tetranode/status/1300326676451057664/photo/1 Stable coin pairs If you restrict yourself to similar things (e.g. USD stable coins, or different versions of BTC on Ethereum), then the impairment loss is much reduced. Curve.finance focuses on such like for like pools and allows multiple tokens in a single pool. Complex farming liquidity pools Taking advantage of governance token rewards for using certain exchanges / pools. This can be done to boot strap liquidity and / or allow a decentralisation of the governance of the DEX. The tokes received have value because of expected future income, or governance rights (which may be exploited for future income) Yearn Yearn is a group of smart farmer protocols that allow pooling to reduce gas costs and benefit from smart developers / contracts. The simplest EARN take tokens / stable coins and place them in the highest yielding platform for that token. https://yearn.finance/earn The yCRV vault provides USD stable coin liquidity within curve for trading fees, but also lending fees via Yearn pools for each stable coin (oh and it gets CRV governance tokens…). Other vaults use more complex strategies. The collateral is used to generate stable coins that then generate income from interest rates, Liquidity provision fees, and accrual of governance tokens. Some governance tokens are sold, others are used to optimise the rewards from other platforms. For example, see this video on the Link Vault (Mark Jeffrey 13 mins). https://twitter.com/markjeffrey/status/1300175793352445952 I expect the ETH vault may be similar, but may include Maker to generate the stable coins (rather than borrowing on Aave). This video is a good intro on curve / yearn products (DeFIDad 31 mins) https://www.youtube.com/watch?v=yP-4pJpKbRU All of these steps can be done by yourself, however, gas costs would be significant unless you have a large amount invested. Yearn, and vaults pay fees to the YFI protocol. YFI YFI is the token for yearn. There are only 30,000 issued. So, you can not earn them, you can: 1) Stake them for governance rewards 2) place in a yYFI vauly to gain more FYI 3) Use them as long term Ventrue capital funds within a DAO (coming soon (tm) ). YFII, YVFV etc. Forks of the YFI with different tokens / fees. YAM, Sushi, YFII, etc. To be completed… Synthetix To be completed... Finally: This is not financial advice. There are multiple risks which get larger as more moving parts are added. Errors and omissions expected. Do you own research. Comments and corrections welcomed
In this piece, we will focus on the view that Bitcoin is an aspirational store of value. We explore the inherent characteristics that position Bitcoin to fulfill this role in the future, consider whether it is being used in this way today, and discuss factors that may drive greater demand for such utility.
Bitcoin’s digital scarcity
A robust store of value asset retains purchasing power over long periods of time. An emerging store of value grows purchasing power until it stabilizes. The key characteristics that are cited in reference to good stores of value are scarcity, portability, durability and divisibility. The most important of these attributes is arguably scarcity, which is essential for protecting against the depreciation of real value in the long run. Scarcity means there is a limited quantity of the asset in question, more cannot be easily created, and it is impossible to counterfeit. One of bitcoin’s most novel innovations is its unforgeable digital scarcity. Investors believe this property is foundational in understanding and appreciating bitcoin. The bitcoin supply is perfectly inelastic and is not susceptible to supply shocks. Supply does not respond to changes in production capacity (i.e. greater hash power) in response to heightened demand driving prices higher. Even gold, which has been used as a store of value for millennia, is not immune to supply shocks. While the ability for increased production in response to an increase in demand is limited, gold is not perfectly inelastic.
Decentralized checks and balances
Bitcoin’s monetary policy was established when it was created. Its credibility is enforced in part by decentralization and proof-of-work mining. Bitcoin has a leaderless network of decentralized full nodes (computers running bitcoin software), in which every node stores the ledger of transactions and performs transaction verification independently, checking that rules are being followed. Because of this redundancy, there is no central point of failure. Full nodes that verify transactions are distinct from miners who expend energy to process transactions and mint bitcoin. Unlike mining, transaction verification does not require significant resources in the form of hardware or electricity. Thus, any computer can join the distributed network to store and verify bitcoin transactions. Today tens of thousands of nodes perform this function. In addition to preventing transactions that don’t follow consensus rules, the level of decentralization that exists in the bitcoin network protects core properties such as the 21 million fixed supply by making it virtually impossible to change. No central party has sole discretion over bitcoin’s monetary policy. Rather, such a change would require significant social coordination among stakeholders (e.g. users, miners and those running full nodes). Most stakeholders believe bitcoin has value because of its digital scarcity, resulting in negligible support for such a change
Investors believe that the next wave of awareness and adoption could be driven by external factors such as unprecedented levels of intervention by central banks and governments, record low interest rates, increasing fiat money supply, deglobalization and the potential for ensuing inflation, all of which have been accelerated by the pandemic and economic shutdown. Longer-term tailwinds that could fuel adoption include the use of bitcoin to preserve wealth amidst “slow and steady” inflation and the looming generational wealth transfer to millennials, who view bitcoin more favorably than other demographics.
Current interest in bitcoin’s store of value properties
Tudor Investment Corporation’s decision to allocate to bitcoin in the Tudor BVI fund is evidence that unprecedented levels of monetary growth is driving institutional interest in bitcoin’s store of value properties. Paul Tudor Jones, founder and Chief Investment Officer, and Lorenzo Giorgianni, Head of Global Research articulated the rationale for investing in bitcoin in their May 2020 investor letter, “The Great Monetary Inflation.” The Tudor Investments team scored financial assets, fiat cash, gold and bitcoin based on four characteristics that define store of value assets – purchasing power, trustworthiness, liquidity, portability. Bitcoin’s score was 60% of the score of financial assets, but 1/1200th of the market cap of financial assets and it was 66% of the score of gold, but 1/60th of the market cap, concluding, “Something appears to be wrong here and my guess is that it’s the price of Bitcoin.” While many have expressed the same reasoning, this was seen as a watershed moment, given the thesis and investment was from a traditional hedge fund manage legendary macro investor (Paul Tudor Jones) and former Deputy Director of the Strategy, Policy and Review Department at the IMF (Lorenzo Giorgianni)ix.
Bitcoin’s inherent properties have given rise to the perspective that bitcoin has the potential to be a store of value, with complementary and interdependent components – the decentralized settlement network (Bitcoin) and its digitally scarce native asset (bitcoin). Equally important is the consideration of demand for bitcoin’s unique features – there is no long-term value to create or store if there is no sustained demand for these properties. External forces that are accelerating interest and investment in bitcoin include unprecedented levels and exotic forms of monetary and fiscal stimulus globally with unknown consequences. This is exacerbating the concerns that Bitcoin was designed to address and is leading more investors and users towards bitcoin as an “insurance policy” that may provide protection against the unknown consequences. Simultaneously, the massive transfer of wealth from the older generation to a younger demographic is a more gradual but important long-term tailwind, as younger people view bitcoin more favorably. This is an important catalyst for bitcoin adoption as they inherit and grow their wealth. While bitcoin is not guaranteed to succeed as a store of value, should sustainable long-term demand for the use case not materialize, the tailwinds mentioned above should drive incremental demand for a novel asset with unique properties. Additionally, as we will examine in future parts in our bitcoin investment thesis series, Bitcoin’s strength is that it has properties that allow it to serve multiple functions, further hardening the likelihood of its success as measured by growth in value.
Stakenet (XSN) - A DEX with interchain capabilities (BTC-ETH), Huge Potential [Full Writeup]
Preface Full disclosure here; I am heavily invested in this. I have picked up some real gems from here and was only in the position to buy so much of this because of you guys so I thought it was time to give back. I only invest in Utility Coins. These are coins that actually DO something, and provide new/build upon the crypto infrastructure to work towards the end goal that Bitcoin itself set out to achieve(financial independence from the fiat banking system). This way, I avoid 99% of the scams in crypto that are functionless vapourware, and if you only invest in things that have strong fundamentals in the long term you are much more likely to make money. Introduction
Stakenet is a Lightning Network-ready open-source platform for decentralized applications with its native cryptocurrency – XSN. It is powered by a Proof of Stake blockchain with trustless cold staking and Masternodes. Its use case is to provide a highly secure cross-chain infrastructure for these decentralized applications, where individuals can easily operate with any blockchain simply by using Stakenet and its native currency XSN.
Ok... but what does it actually do and solve? The moonshot here is the DEX (Decentralised Exchange) that they are building. This is a lightning-network DEX with interchain capabilities. That means you could trade BTC directly for ETH; securely, instantly, cheaply and privately. Right now, most crypto is traded to and from Centralised Exchanges like Binance. To buy and sell on these exchanges, you have to send your crypto wallets on that exchange. That means the exchanges have your private keys, and they have control over your funds. When you use a centralised exchange, you are no longer in control of your assets, and depend on the trustworthiness of middlemen. We have in the past of course seen infamous exit scams by centralised exchanges like Mt. Gox. The alternative? Decentralised Exchanges. DEX's have no central authority and most importantly, your private keys(your crypto) never leavesYOUR possession and are never in anyone else's possession. So you can trade peer-to-peer without any of the drawbacks of Centralised Exchanges. The problem is that this technology has not been perfected yet, and the DEX's that we have available to us now are not providing cheap, private, quick trading on a decentralised medium because of their technological inadequacies. Take Uniswap for example. This DEX accounts for over 60% of all DEX volume and facilitates trading of ERC-20 tokens, over the Ethereum blockchain. The problem? Because of the huge amount of transaction that are occurring over the Ethereum network, this has lead to congestion(too many transaction for the network to handle at one time) so the fees have increased dramatically. Another big problem? It's only for Ethereum. You cant for example, Buy LINK with BTC. You must use ETH. The solution? Layer 2 protocols. These are layers built ON TOP of existing blockchains, that are designed to solve the transaction and scaling difficulties that crypto as a whole is facing today(and ultimately stopping mass adoption) The developers at Stakenet have seen the big picture, and have decided to implement the lightning network(a layer 2 protocol) into its DEX from the ground up. This will facilitate the functionalities of a DEX without any of the drawbacks of the CEX's and the DEX's we have today. Heres someone much more qualified than me, Andreas Antonopoulos, to explain this https://streamable.com/kzpimj 'Once we have efficient, well designed DEX's on layer 2, there wont even be any DEX's on layer 1' Progress The Stakenet team were the first to envision this grand solution and have been working on it since its conception in June 2019. They have been making steady progress ever since and right now, the DEX is in an open beta stage where rigorous testing is constant by themselves and the public. For a project of this scale, stress testing is paramount. If the product were to launch with any bugs/errors that would result in the loss of a users funds, this would obviously be very damaging to Stakenet's reputation. So I believe that the developers conservative approach is wise. As of now the only pairs tradeable on the DEX are XSN/BTC and LTC/BTC. The DEX has only just launched as a public beta and is not in its full public release stage yet. As development moves forward more lightning network and atomic swap compatible coins will be added to the DEX, and of course, the team are hard at work on Raiden Integration - this will allow ETH and tokens on the Ethereum blockchain to be traded on the DEX between separate blockchains(instantly, cheaply, privately) This is where Stakenet enters top 50 territory on CMC if successful and is the true value here. Raiden Integration is well underway is being tested in a closed public group on Linux. The full public DEX with Raiden Integration is expected to release by the end of the year. Given the state of development so far and the rate of progress, this seems realistic. Tokenomics 2.6 Metrics overview (from whitepaper)
Ticker: XSN. Currency type: Coin.
Consensus: Minting Proof of Stake, Trustless Proof of Stake.
XSN is slightly inflationary, much like ETH as this is necessary for the economy to be adopted and work in the long term. There is however a deflationary mechanism in place - all trading fees on the DEX get converted to XSN and 10% of these fees are burned. This puts constant buying pressure on XSN and acts as a deflationary mechanism. XSN has inherent value because it makes up the infrastructure that the DEX will run off and as such Masternode operators and Stakers will see the fee's from the DEX. Conclusion We can clearly see that a layer 2 DEX is the future of crypto currency trading. It will facilitate secure, cheap, instant and private trading across all coins with lightning capabilities, thus solving the scaling and transaction issues that are holding back crypto today. I dont need to tell you the implications of this, and what it means for crypto as a whole. If Stakenet can launch a layer 2 DEX with Raiden Integration, It will become the primary DEX in terms of volume. Stakenet DEX will most likely be the first layer 2 DEX(first mover advantage) and its blockchain is the infrastructure that will host this DEX and subsequently receive it's trading fee's. It is not difficult to envision a time in the next year when Stakenet DEX is functional and hosting hundreds of millions of dollars worth of trading every single day. At $30 million market cap, I cant see any other potential investment right now with this much potential upside. This post has merely served as in introduction and a heads up for this project, there is MUCH more to cover like vortex liquidity, masternodes, TOR integration... for now, here is some additional reading. Resources
Traditional approaches to understanding the value of bitcoin as money have failed. In this article we explore how function, faith and the availability of alternative assets will keep bitcoin ... Money is a legal tender payment offered in exchange for goods and services. Legal tender means that money is a lawful payment that someone offers to meet a financial obligation. Money's three primary functions in the U.S. economy are a medium of exchange, a unit of account and a store of value. The early coders who discussed and tested it had a grand vision. They saw Bitcoin supplanting government controlled money and financial systems. They believed it would unite the three main functions of money in one. It would be a store of value, since it’s capped at 21,000,000 BTC, and even unbanked people can use it. Bitcoin is a cryptocurrency developed in 2009 by Satoshi Nakamoto, the name given to the unknown creator (or creators) of this virtual currency.Transactions are recorded in a blockchain, which ... The rest of this post will outline the functions and characteristics of bitcoin (BTC) as money while comparing it to the US dollar (USD). At this time, I don’t think it is the best form of money, but it does offer solutions to many flaws in current fiat money. Functions of Money Store of Value — BTC
ANTONOPOULOS - THE FUTURE OF MONEY: How Bitcoin ...
Money is as old as human civilisation and civilisation itself is reliant on possessing ways in which to exchange, account for, and transfer value. A brief hi... In this video tutorial you will learn the functions of money. There are five basic functions of money. These functions include money as medium of exchange, unit of account (measure of value), money... BUSINESS ACCELERATOR - Starting soon: https://londonreal.tv/biz/ 2021 SUMMIT TICKETS: https://londonreal.tv/summit/ NEW MASTERCLASS EACH WEEK: http://londonr... In this Video Dr. Vivek Bindra discusses about Bitcoin. Dr Vivek Bindra shares in detail whether you should invest in Bitcoin or not. Dr Vivek Bindra shares ... Meaning and Function of Money Class XII Economics by S K Agarwala - Duration: 10:47. Goyal Bros. Prakashan - Video Lectures 18,914 views. 10:47.