I have two "ASICMINER Block Erupter 333MH/s ASIC USB BTC Bitcoin Miner SHA256" can somebody help me on what software do i need that will use these usb asics and mine bitcoin or any other crypto coin. (i don't care if is it profitable orn not)
Another Bitcoin mining software that we just tested is called the Cudo Miner. While still in beta, it’s really easy to setup and configure, and all you need is a PC and an email address. What’s most beautiful about this app is that it comes for Windows, Linux and Mac, and we all know how hard ⬇️⬇️
What is Neutrino and what advantages and capabilities will it add to Bitcoin Core? Also any ideas as to when we might see this in use and how might it be added to the core software, will it need miner voting?
What is Neutrino and what advantages and capabilities will it add to Bitcoin Core? Also any ideas as to when we might see this in use and how might it be added to the core software, will it need miner voting? /r/Bitcoin
What is Neutrino and what advantages and capabilities will it add to Bitcoin Core? Also any ideas as to when we might see this in use and how might it be added to the core software, will it need miner voting? /r/Bitcoin
What is Bitfxt Vault? Bitfxt vault is an innovative software that reward bxtcoin miners with new bxtcoin depending on the vault algorithm purchased by miners. Watch out this video https://t.co/npr3VuPJKJ #bxtcoin #bitcoin #bitfxt #trading #mining #academy #wallet #vault
The underrated stock survey! Submit your picks for the community to track
Following on the previous tracking post (http://redd.it/i2mmzg) and the highly upvoted request from DJ-Ascii , I've set up this post for another round of underrated or undervalued stock picks. As before, let us know what stock you believe is underrated and a consistent winner that has done well for you, or you believe will do well going forward. In order to make this easier to track please use the following guidelines for submitting.
Only one submission per comment. You can make multiple comments, but please only submit one stock per comment.
Please include at least the ticker and the company name. Feel free to explain why you think this is a good stock.
I'll add these new picks alongside the old survey so as to update you on each portfolio over time. Don't worry about any overlaps. Edit 1: I've compiled everyone who has posted so far, but I'll look out for any final additions tomorrow. The list will then be locked EOD on Friday the 7th of August, and all prices will start from there. Edit 2: All picks have now been locked down and consolidated into the list below. Stocks are sorted in alphabetical order of their company name and the ID corresponds to the approximate order in which they were submitted. The next update will be in 30 days.
A common sentiment is brewing online; a shared desire for the internet that might have been. After decades of corporate encroachment, you don't need to be a power user to realize that something has gone very wrong. In the early days of the internet, the future was bright. In that future, when you sent an instant message, it traveled directly to the recipient. When you needed to pay a friend, you announced a transfer of value to their public key. When an app was missing a feature you wanted, you opened up the source code and implemented it. When you took a picture on your phone, it was immediately encrypted and backed up to storage that you controlled. In that future, people would laugh at the idea of having to authenticate themselves to some corporation before doing these things. What did we get instead? Rather than a network of human-sized communities, we have a handful of enormous commons, each controlled by a faceless corporate entity. Hey user, want to send a message? You can, but we'll store a copy of it indefinitely, unencrypted, for our preference-learning algorithms to pore over; how else could we slap targeted ads on every piece of content you see? Want to pay a friend? You can—in our Monopoly money. Want a new feature? Submit a request to our Support Center and we'll totally maybe think about it. Want to backup a photo? You can—inside our walled garden, which only we (and the NSA, of course) can access. Just be careful what you share, because merely locking you out of your account and deleting all your data is far from the worst thing we could do. You rationalize this: "MEGACORP would never do such a thing; it would be bad for business." But we all know, at some level, that this state of affairs, this inversion of power, is not merely "unfortunate" or "suboptimal" – No. It is degrading. Even if MEGACORP were purely benevolent, it is degrading that we must ask its permission to talk to our friends; that we must rely on it to safeguard our treasured memories; that our digital lives are completely beholden to those who seek only to extract value from us. At the root of this issue is the centralization of data. MEGACORP can surveil you—because your emails and video chats flow through their servers. And MEGACORP can control you—because they hold your data hostage. But centralization is a solution to a technical problem: How can we make the user's data accessible from anywhere in the world, on any device? For a long time, no alternative solution to this problem was forthcoming. Today, thanks to a confluence of established techniques and recent innovations, we have solved the accessibility problem without resorting to centralization. Hashing, encryption, and erasure encoding got us most of the way, but one barrier remained: incentives. How do you incentivize an anonymous stranger to store your data? Earlier protocols like BitTorrent worked around this limitation by relying on altruism, tit-for-tat requirements, or "points" – in other words, nothing you could pay your electric bill with. Finally, in 2009, a solution appeared: Bitcoin. Not long after, Sia was born. Cryptography has unleashed the latent power of the internet by enabling interactions between mutually-distrustful parties. Sia harnesses this power to turn the cloud storage market into a proper marketplace, where buyers and sellers can transact directly, with no intermediaries, anywhere in the world. No more silos or walled gardens: your data is encrypted, so it can't be spied on, and it's stored on many servers, so no single entity can hold it hostage. Thanks to projects like Sia, the internet is being re-decentralized. Sia began its life as a startup, which means it has always been subjected to two competing forces: the ideals of its founders, and the profit motive inherent to all businesses. Its founders have taken great pains to never compromise on the former, but this often threatened the company's financial viability. With the establishment of the Sia Foundation, this tension is resolved. The Foundation, freed of the obligation to generate profit, is a pure embodiment of the ideals from which Sia originally sprung. The goals and responsibilities of the Foundation are numerous: to maintain core Sia protocols and consensus code; to support developers building on top of Sia and its protocols; to promote Sia and facilitate partnerships in other spheres and communities; to ensure that users can easily acquire and safely store siacoins; to develop network scalability solutions; to implement hardforks and lead the community through them; and much more. In a broader sense, its mission is to commoditize data storage, making it cheap, ubiquitous, and accessible to all, without compromising privacy or performance. Sia is a perfect example of how we can achieve better living through cryptography. We now begin a new chapter in Sia's history. May our stewardship lead it into a bright future.
Today, we are proposing the creation of the Sia Foundation: a new non-profit entity that builds and supports distributed cloud storage infrastructure, with a specific focus on the Sia storage platform. What follows is an informal overview of the Sia Foundation, covering two major topics: how the Foundation will be funded, and what its funds will be used for.
The Sia Foundation will be structured as a non-profit entity incorporated in the United States, likely a 501(c)(3) organization or similar. The actions of the Foundation will be constrained by its charter, which formalizes the specific obligations and overall mission outlined in this document. The charter will be updated on an annual basis to reflect the current goals of the Sia community. The organization will be operated by a board of directors, initially comprising Luke Champine as President and Eddie Wang as Chairman. Luke Champine will be leaving his position at Nebulous to work at the Foundation full-time, and will seek to divest his shares of Nebulous stock along with other potential conflicts of interest. Neither Luke nor Eddie personally own any siafunds or significant quantities of siacoin.
The primary source of funding for the Foundation will come from a new block subsidy. Following a hardfork, 30 KS per block will be allocated to the "Foundation Fund," continuing in perpetuity. The existing 30 KS per block miner reward is not affected. Additionally, one year's worth of block subsidies (approximately 1.57 GS) will be allocated to the Fund immediately upon activation of the hardfork. As detailed below, the Foundation will provably burn any coins that it cannot meaningfully spend. As such, the 30 KS subsidy should be viewed as a maximum. This allows the Foundation to grow alongside Sia without requiring additional hardforks. The Foundation will not be funded to any degree by the possession or sale of siafunds. Siafunds were originally introduced as a means of incentivizing growth, and we still believe in their effectiveness: a siafund holder wants to increase the amount of storage on Sia as much as possible. While the Foundation obviously wants Sia to succeed, its driving force should be its charter. Deriving significant revenue from siafunds would jeopardize the Foundation's impartiality and focus. Ultimately, we want the Foundation to act in the best interests of Sia, not in growing its own budget.
The Foundation inherits a great number of responsibilities from Nebulous. Each quarter, the Foundation will publish the progress it has made over the past quarter, and list the responsibilities it intends to prioritize over the coming quarter. This will be accompanied by a financial report, detailing each area of expenditure over the past quarter, and forecasting expenditures for the coming quarter. Below, we summarize some of the myriad responsibilities towards which the Foundation is expected to allocate its resources.
Maintain and enhance core Sia software
Arguably, this is the most important responsibility of the Foundation. At the heart of Sia is its consensus algorithm: regardless of other differences, all Sia software must agree upon the content and rules of the blockchain. It is therefore crucial that the algorithm be stewarded by an entity that is accountable to the community, transparent in its decision-making, and has no profit motive or other conflicts of interest. Accordingly, Sia’s consensus functionality will no longer be directly maintained by Nebulous. Instead, the Foundation will release and maintain an implementation of a "minimal Sia full node," comprising the Sia consensus algorithm and P2P networking code. The source code will be available in a public repository, and signed binaries will be published for each release. Other parties may use this code to provide alternative full node software. For example, Nebulous may extend the minimal full node with wallet, renter, and host functionality. The source code of any such implementation may be submitted to the Foundation for review. If the code passes review, the Foundation will provide "endorsement signatures" for the commit hash used and for binaries compiled internally by the Foundation. Specifically, these signatures assert that the Foundation believes the software contains no consensus-breaking changes or other modifications to imported Foundation code. Endorsement signatures and Foundation-compiled binaries may be displayed and distributed by the receiving party, along with an appropriate disclaimer. A minimal full node is not terribly useful on its own; the wallet, renter, host, and other extensions are what make Sia a proper developer platform. Currently, the only implementations of these extensions are maintained by Nebulous. The Foundation will contract Nebulous to ensure that these extensions continue to receive updates and enhancements. Later on, the Foundation intends to develop its own implementations of these extensions and others. As with the minimal node software, these extensions will be open source and available in public repositories for use by any Sia node software. With the consensus code now managed by the Foundation, the task of implementing and orchestrating hardforks becomes its responsibility as well. When the Foundation determines that a hardfork is necessary (whether through internal discussion or via community petition), a formal proposal will be drafted and submitted for public review, during which arguments for and against the proposal may be submitted to a public repository. During this time, the hardfork code will be implemented, either by Foundation employees or by external contributors working closely with the Foundation. Once the implementation is finished, final arguments will be heard. The Foundation board will then vote whether to accept or reject the proposal, and announce their decision along with appropriate justification. Assuming the proposal was accepted, the Foundation will announce the block height at which the hardfork will activate, and will subsequently release source code and signed binaries that incorporate the hardfork code. Regardless of the Foundation's decision, it is the community that ultimately determines whether a fork is accepted or rejected – nothing can change that. Foundation node software will never automatically update, so all forks must be explicitly adopted by users. Furthermore, the Foundation will provide replay and wipeout protection for its hard forks, protecting other chains from unintended or malicious reorgs. Similarly, the Foundation will ensure that any file contracts formed prior to a fork activation will continue to be honored on both chains until they expire. Finally, the Foundation also intends to pursue scalability solutions for the Sia blockchain. In particular, work has already begun on an implementation of Utreexo, which will greatly reduce the space requirements of fully-validating nodes (allowing a full node to be run on a smartphone) while increasing throughput and decreasing initial sync time. A hardfork implementing Utreexo will be submitted to the community as per the process detailed above. As this is the most important responsibility of the Foundation, it will receive a significant portion of the Foundation’s budget, primarily in the form of developer salaries and contracting agreements.
Support community services
We intend to allocate 25% of the Foundation Fund towards the community. This allocation will be held and disbursed in the form of siacoins, and will pay for grants, bounties, hackathons, and other community-driven endeavours. Any community-run service, such as a Skynet portal, explorer or web wallet, may apply to have its costs covered by the Foundation. Upon approval, the Foundation will reimburse expenses incurred by the service, subject to the exact terms agreed to. The intent of these grants is not to provide a source of income, but rather to make such services "break even" for their operators, so that members of the community can enrich the Sia ecosystem without worrying about the impact on their own finances.
Ensure easy acquisition and storage of siacoins
Most users will acquire their siacoins via an exchange. The Foundation will provide support to Sia-compatible exchanges, and pursue relevant integrations at its discretion, such as Coinbase's new Rosetta standard. The Foundation may also release DEX software that enables trading cryptocurrencies without the need for a third party. (The Foundation itself will never operate as a money transmitter.) Increasingly, users are storing their cryptocurrency on hardware wallets. The Foundation will maintain the existing Ledger Nano S integration, and pursue further integrations at its discretion. Of course, all hardware wallets must be paired with software running on a computer or smartphone, so the Foundation will also develop and/or maintain client-side wallet software, including both full-node wallets and "lite" wallets. Community-operated wallet services, i.e. web wallets, may be funded via grants. Like core software maintenance, this responsibility will be funded in the form of developer salaries and contracting agreements.
Protect the ecosystem
When it comes to cryptocurrency security, patching software vulnerabilities is table stakes; there are significant legal and social threats that we must be mindful of as well. As such, the Foundation will earmark a portion of its fund to defend the community from legal action. The Foundation will also safeguard the network from 51% attacks and other threats to network security by implementing softforks and/or hardforks where necessary. The Foundation also intends to assist in the development of a new FOSS software license, and to solicit legal memos on various Sia-related matters, such as hosting in the United States and the EU. In a broader sense, the establishment of the Foundation makes the ecosystem more robust by transferring core development to a more neutral entity. Thanks to its funding structure, the Foundation will be immune to various forms of pressure that for-profit companies are susceptible to.
Drive adoption of Sia
Although the overriding goal of the Foundation is to make Sia the best platform it can be, all that work will be in vain if no one uses the platform. There are a number of ways the Foundation can promote Sia and get it into the hands of potential users and developers. In-person conferences are understandably far less popular now, but the Foundation can sponsor and/or participate in virtual conferences. (In-person conferences may be held in the future, permitting circumstances.) Similarly, the Foundation will provide prizes for hackathons, which may be organized by community members, Nebulous, or the Foundation itself. Lastly, partnerships with other companies in the cryptocurrency space—or the cloud storage space—are a great way to increase awareness of Sia. To handle these responsibilities, one of the early priorities of the Foundation will be to hire a marketing director.
The Foundation Fund will be controlled by a multisig address. Each member of the Foundation's board will control one of the signing keys, with the signature threshold to be determined once the final composition of the board is known. (This threshold may also be increased or decreased if the number of board members changes.) Additionally, one timelocked signing key will be controlled by David Vorick. This key will act as a “dead man’s switch,” to be used in the event of an emergency that prevents Foundation board members from reaching the signature threshold. The timelock ensures that this key cannot be used unless the Foundation fails to sign a transaction for several months. On the 1st of each month, the Foundation will use its keys to transfer all siacoins in the Fund to two new addresses. The first address will be controlled by a high-security hot wallet, and will receive approximately one month's worth of Foundation expenditures. The second address, receiving the remaining siacoins, will be a modified version of the source address: specifically, it will increase the timelock on David Vorick's signing key by one month. Any other changes to the set of signing keys, such as the arrival or departure of board members, will be incorporated into this address as well. The Foundation Fund is allocated in SC, but many of the Foundation's expenditures must be paid in USD or other fiat currency. Accordingly, the Foundation will convert, at its discretion, a portion of its monthly withdrawals to fiat currency. We expect this conversion to be primarily facilitated by private "OTC" sales to accredited investors. The Foundation currently has no plans to speculate in cryptocurrency or other assets. Finally, it is important that the Foundation adds value to the Sia platform well in excess of the inflation introduced by the block subsidy. For this reason, the Foundation intends to provably burn, on a quarterly basis, any coins that it cannot allocate towards any justifiable expense. In other words, coins will be burned whenever doing so provides greater value to the platform than any other use. Furthermore, the Foundation will cap its SC treasury at 5% of the total supply, and will cap its USD treasury at 4 years’ worth of predicted expenses. Addendum: Hardfork Timeline We would like to see this proposal finalized and accepted by the community no later than September 30th. A new version of siad, implementing the hardfork, will be released no later than October 15th. The hardfork will activate at block 293220, which is expected to occur around 12pm EST on January 1st, 2021.
Addendum: Inflation specifics The total supply of siacoins as of January 1st, 2021 will be approximately 45.243 GS. The initial subsidy of 1.57 GS thus increases the supply by 3.47%, and the total annual inflation in 2021 will be at most 10.4% (if zero coins are burned). In 2022, total annual inflation will be at most 6.28%, and will steadily decrease in subsequent years.
We see the establishment of the Foundation as an important step in the maturation of the Sia project. It provides the ecosystem with a sustainable source of funding that can be exclusively directed towards achieving Sia's ambitious goals. Compared to other projects with far deeper pockets, Sia has always punched above its weight; once we're on equal footing, there's no telling what we'll be able to achieve. Nevertheless, we do not propose this change lightly, and have taken pains to ensure that the Foundation will act in accordance with the ideals that this community shares. It will operate transparently, keep inflation to a minimum, and respect the user's fundamental role in decentralized systems. We hope that everyone in the community will consider this proposal carefully, and look forward to a productive discussion.
Popcorn Time takes its inspiration from Netflix, boasting a clean outlook with thumbnails and categories - And streams pirated copies of movies and shows to your computer or smartphone
Editors note: There are many fake versions of Popcorn Time. This article primarily use Reddit as its source to recommend and link to the official, well regarded, version of the app. When you think of movie streaming, services like Hulu, Disney+, and Netflix usually come to mind. However, there is another streaming platform that is particularly popular for streaming pirated movies: Popcorn Time. This streaming platform allows you to watch torrented and pirated movies without paying anything. All you need to do is install it on your PC/smartphone/tablet, search for a film, and click play. However, there are piracy and safety concerns when it comes to using Popcorn Time. This is how it works.
What Exactly is Popcorn Time?
How it Works
How to Install Popcorn Time
Which version is legit?
Where does popcorn time store movies?
Popcorn Time APK for Android
Is Popcorn Time available on iOS?
Is it Illegal to Use Popcorn Time?
How does the developers make money?
Popcorn Time alternatives
What Exactly is Popcorn Time?
Popcorn Time is an open-source, multi-platform BitTorrent software application with a stylish and attractive media player. It was initially released in March 2014 by a team of developers in Argentina. They wanted to create a software that allows users to stream video content from torrent. Popcorn Time takes its inspiration from Netflix, boasting a clean outlook with thumbnails and categories. It uses sequential downloading and uploading to play movies, hence allowing you to stream pirated movies instantly. Popcorn Time on the Mac
How it Works
Popcorn Time is a torrent based streaming tool and the way it works is simple enough. Let’s say you want to watch Tenet (it's not out as of this writing). You use the interface provided by the platform to find and click that title, and the tool then navigates through existing BitTorrent titles automatically from come from two well known torrent sites. YTS for movies and eztv for tv-shows. Then, Tenet is streamed directly to your computer from that pre-existing BitTorrent source. So, while you watch the film, Popcorn Times acts as a torrent client and continues to leech and seed it from other people. That means you'll be forced to share the content you watch.
How to Install Popcorn Time?
In order to use Popcorn Time to stream pirated movies, you will need to download and install the software on your computer or smartphone. The app is available for variety of operating systems, including Android, Linux, Windows, Mac, etc.
Download Popcorn Time from popcorntime.app which hosts Mac, Windows and Android.
There are no specific installation requirements as it is installed just like any other app.
However, keep in mind that its usage has been banned in many regions. So, you cannot download it from Apple’s Apple Store or Google Play Store. In some countries popcorntime.app has been blocked and you need a VPN to hide your real IP. You might want to use VPN software to keep your own information private and anonymous when running the app as well.
Which version is legit, and real?
There are many clones out there, some of which will install other apps, using your computer as a bitcoin miner. The legit, and most supported version according to Reddit, is popcorntime.app (formerly known as popcorntime.sh)
Where does popcorn time store movies?
On your computer or device. Using torrents the app stream the files, while they are being downloaded. So it's just like when you download a torrent, except it starts the video during the download.
Yes. But it's not as easy as downloading an app from the App store.The iPhone version of Popcorn Time is unstable and requires a jailbroken iPhone. Since jailbreaking your iPhone in 2020 is difficult and time consuming, it isn't an option for most. If you still want to try, there is Antique's version. You can follow his updates and links on Twitter. There is also a version which allegedly works with the alternative, non-jailbreak required, but much debated, altstore. For more information, see its Github home.
Is it Illegal to Use Popcorn Time?
In most cases, yes. Most, if not all, TV shows and movies which appear on Popcorn Time are pirated, and you may be wondering about the legality of it all. First of all, downloading any copyrighted file is illegal in most countries. However, torrents themselves are a valid means to share and download files. So without sounding too confusing, it is typically not illegal to download Popcorn Time. It's when you stream or download the movies and tv-shows themselves it gets risky. But depending on where you live this might not be the case. Copyright infringement is illegal in Germany while in India, there are no restrictions of using Popcorn Time to steam movies as long as you don’t redistribute them. Of course, laws change. That’s why it is recommended that you do your research to understand the risks.
How does the developers make money?
The Popcorn time version we recommend has affiliate links to VPN services. How much money this actually is, or if its funding hardware costs, is unknown. But it proves that money is being generated from the app.
Are there any alternatives?
There are a lot of alternatives, most of which are unstable or shady. However, here are a few alternatives recommended on Reddit. Note that they all come with their own positive and negatives aspects when compared to Popcorn Time.
Stremio - Open source project which lets you add your own sources, such as 1337 or Pirate Bay. It also uses official streams from YouTube, HBO and more. Has been reported as unstable but still the best Popcorn alternative.
Media Box HD - A MacOS app with 4K streams. Is known to be unstable for some.
Leonfix - A Popcorn Time Windows app which doesn't use torrents. Currently in beta.
ShowBox - Android alternative which doesn't use torrents. Unstable and currently in beta.
Radarr - Which automatically downloads shows and films.
Despite the concerns about whether or not using Popcorn Time is illegal, there is no denying that the tool is very impressive. The ability to download and stream torrent content in a seamless and hassle-free way is quite brilliant. Not to mention the platform has a much larger library of content with no restrictions whatsoever. So, it’s not surprising why many consider it a better alternative to regular torrents or a Disney+ subscription. Feedback and corrections are more than welcome! Originally written for Where You Watch.
If you found out that ABC was trying to intentionally derail Bitcoin Cash would you continue using their client? Their actions have pushed for centralization along with actively destroying utility. Please stop using ABC.
I need to spell this out for new users here. Bitcoin Cash has been and continues to be the original immutable Bitcoin ledger since it was launched in 2008. In 2017 Bitcoin got an upgrade with larger blocks and the Bitcoin described in the Whitepaper is now called Bitcoin Cash. Bitcoin Cash continues to be peer-to-peer electronic cash. It doesn't require a business, government middleman, 2nd-layer hub-spoke junk model or centralized development team to continue and flourish. That's what makes Bitcoin Cash so powerful. It gives you back control of the money you rightfully earn and save. Bitcoin Cash scales and it can do so cheaply for even small transaction amounts. The world can start using Bitcoin Cash today and it will scale elegantly where other centralized and intentionally crippled coins like BitcoinBTC will fail. The above facts make Bcore fanboys shivver in their timbers. That's why they're here attacking this project. Bitcoin Core is garbage software and Bitcoin Core fan boys were dumb enough to buy into a pump-and-dump scheme rather than actual coin utility. More facts:
Central banks feel threatened. They technically own your money, keep 5% of it in reserve and engage in high-risk gambling with the rest.
Government dictatorships feel threatened. Bitcoin Cash is cross-border and can't be frozen. They can't stop foreign capital outflows and with proper obfuscation they can't use your transaction history against you for political persecution.
Consolidated-power entities like the federal reserve feel threatened. They push a button and create trillions of bogus fiat dollars out of thin air. Bitcoin Cash teaches people that money is an idea that we all agree upon; not a face on a piece of fancy paper or some fake number in a centralized database.
Many other groups attack BCH for many other reasons. If it's not something they can control or a scam they can benefit from, they will attack it.
To make it crystal clear, Bitcoin Cash is and will continue to be under social attack in this subreddit. Don't be surprised to see trolls troll'in. They are here and they mean to destroy this project despite it being a benefit to them in their actual lives, since they too use Money. In regards to ABC: The recent IFP miner tax theft attempt was an attack on decentralization of the Bitcoin Cash protocol. We got lucky... very lucky. ABC's more recent DAA Grasberg change would slow blocks, making Bitcoin Cash less useful, while also invalidating time contracts built on top of it. It's another clear attack on the utility of Bitcoin Cash. It's obvious that ABC is making changes that will undermine Bitcoin Cash. Maybe it's a government actor that is forcing these harmful changes. Not sure, and there's no way to know, but it's clear that these are incredibly harmful changes that would only be pushed by someone trying to do serious harm. Please use BCHN, Bitcoin Unlimited or one of the other great wallets. These projects have BETTER developers than ABC and they don't appear to be actively trying to undermine it. Power to the people.
Operation Mockingbird - remember that time when Bitcoin was peer-to-peer electronic cash?
Do you remember what it was like in 2013 and earlier when Satoshi / Gavin were running the project and the goal was more users, merchants and scaling? Do you remember that time when the exciting projects were getting merchants to accept Bitcoin for payments, wallet apps, and maps of businesses and people that used and accepted Bitcoin as money? Do you remember that time when the MIT digital currency initiative (sponsored by Jeffrey Epstein and his mysterious intelligence agency "investment money"), MasterCard, and Western Union all invested in Blockstream who suddenly consolidated control of the Bitcoin development group, smearing and attacking anyone who wouldn't get on board? Remember that time that Theymos, who had been pro-Bitcoin scaling suddenly had a personality change and started censoring and banning anyone who talked about scaling bitcoin from the two largest discussion platforms, bitcoin talk dot org and r\bitcoin? Remember that time when fake Bitcoin celebrities with marketing teams behind them started appearing out of nowhere with the view that we shouldn't increase the capacity of Bitcoin so more people can use it? Remember that time that countless NPC's changed the community's narrative from peer-to-peer electronic cash with the goal of merchant and user adoption to "digital gold" or some kind of digital tulip ponzi scheme that's too expensive to use for day-to-day currency? Remember that time when the miners, now consolidated in CCP controlled China, suddenly voted against their own best-interests, and decided to run software that rate-limits Bitcoin to 5 transactions per second, despite overwhelming community opposition? Pepperidge Farm remembers. This is Operation Mockingbird folks, just a 21st Century version of it. So was SegWit, BSV/CSW, and now this IFP bullshit from Amaury.
This is a follow-up on https://old.reddit.com/Bitcoin/comments/hqzp14/technical_the_path_to_taproot_activation/ Taproot! Everybody wants it!! But... you might ask yourself: sure, everybody else wants it, but why would I, sovereign Bitcoin HODLer, want it? Surely I can be better than everybody else because I swapped XXX fiat for Bitcoin unlike all those nocoiners? And it is important for you to know the reasons why you, o sovereign Bitcoiner, would want Taproot activated. After all, your nodes (or the nodes your wallets use, which if you are SPV, you hopefully can pester to your wallet vendoimplementor about) need to be upgraded in order for Taproot activation to actually succeed instead of becoming a hot sticky mess. First, let's consider some principles of Bitcoin.
You the HODLer should be the one who controls where your money goes. Your keys, your coins.
You the HODLer should be able to coordinate and make contracts with other people regarding your funds.
You the HODLer should be able to do the above without anyone watching over your shoulder and judging you.
I'm sure most of us here would agree that the above are very important principles of Bitcoin and that these are principles we would not be willing to remove. If anything, we would want those principles strengthened (especially the last one, financial privacy, which current Bitcoin is only sporadically strong with: you can get privacy, it just requires effort to do so). So, how does Taproot affect those principles?
Taproot and Your /Coins
Most HODLers probably HODL their coins in singlesig addresses. Sadly, switching to Taproot would do very little for you (it gives a mild discount at spend time, at the cost of a mild increase in fee at receive time (paid by whoever sends to you, so if it's a self-send from a P2PKH or bech32 address, you pay for this); mostly a wash). (technical details: a Taproot output is 1 version byte + 32 byte public key, while a P2WPKH (bech32 singlesig) output is 1 version byte + 20 byte public key hash, so the Taproot output spends 12 bytes more; spending from a P2WPKH requires revealing a 32-byte public key later, which is not needed with Taproot, and Taproot signatures are about 9 bytes smaller than P2WPKH signatures, but the 32 bytes plus 9 bytes is divided by 4 because of the witness discount, so it saves about 11 bytes; mostly a wash, it increases blockweight by about 1 virtual byte, 4 weight for each Taproot-output-input, compared to P2WPKH-output-input). However, as your HODLings grow in value, you might start wondering if multisignature k-of-n setups might be better for the security of your savings. And it is in multisignature that Taproot starts to give benefits! Taproot switches to using Schnorr signing scheme. Schnorr makes key aggregation -- constructing a single public key from multiple public keys -- almost as trivial as adding numbers together. "Almost" because it involves some fairly advanced math instead of simple boring number adding, but hey when was the last time you added up your grocery list prices by hand huh? With current P2SH and P2WSH multisignature schemes, if you have a 2-of-3 setup, then to spend, you need to provide two different signatures from two different public keys. With Taproot, you can create, using special moon math, a single public key that represents your 2-of-3 setup. Then you just put two of your devices together, have them communicate to each other (this can be done airgapped, in theory, by sending QR codes: the software to do this is not even being built yet, but that's because Taproot hasn't activated yet!), and they will make a single signature to authorize any spend from your 2-of-3 address. That's 73 witness bytes -- 18.25 virtual bytes -- of signatures you save! And if you decide that your current setup with 1-of-1 P2PKH / P2WPKH addresses is just fine as-is: well, that's the whole point of a softfork: backwards-compatibility; you can receive from Taproot users just fine, and once your wallet is updated for Taproot-sending support, you can send to Taproot users just fine as well! (P2WPKH and P2WSH -- SegWit v0 -- addresses start with bc1q; Taproot -- SegWit v1 --- addresses start with bc1p, in case you wanted to know the difference; in bech32 q is 0, p is 1) Now how about HODLers who keep all, or some, of their coins on custodial services? Well, any custodial service worth its salt would be doing at least 2-of-3, or probably something even bigger, like 11-of-15. So your custodial service, if it switched to using Taproot internally, could save a lot more (imagine an 11-of-15 getting reduced from 11 signatures to just 1!), which --- we can only hope! --- should translate to lower fees and better customer service from your custodial service! So I think we can say, very accurately, that the Bitcoin principle --- that YOU are in control of your money --- can only be helped by Taproot (if you are doing multisignature), and, because P2PKH and P2WPKH remain validly-usable addresses in a Taproot future, will not be harmed by Taproot. Its benefit to this principle might be small (it mostly only benefits multisignature users) but since it has no drawbacks with this (i.e. singlesig users can continue to use P2WPKH and P2PKH still) this is still a nice, tidy win! (even singlesig users get a minor benefit, in that multisig users will now reduce their blockchain space footprint, so that fees can be kept low for everybody; so for example even if you have your single set of private keys engraved on titanium plates sealed in an airtight box stored in a safe buried in a desert protected by angry nomads riding giant sandworms because you're the frickin' Kwisatz Haderach, you still gain some benefit from Taproot) And here's the important part: if P2PKH/P2WPKH is working perfectly fine with you and you decide to never use Taproot yourself, Taproot will not affect you detrimentally. First do no harm!
Taproot and Your Contracts
No one is an island, no one lives alone. Give and you shall receive. You know: by trading with other people, you can gain expertise in some obscure little necessity of the world (and greatly increase your productivity in that little field), and then trade the products of your expertise for necessities other people have created, all of you thereby gaining gains from trade. So, contracts, which are basically enforceable agreements that facilitate trading with people who you do not personally know and therefore might not trust. Let's start with a simple example. You want to buy some gewgaws from somebody. But you don't know them personally. The seller wants the money, you want their gewgaws, but because of the lack of trust (you don't know them!! what if they're scammers??) neither of you can benefit from gains from trade. However, suppose both of you know of some entity that both of you trust. That entity can act as a trusted escrow. The entity provides you security: this enables the trade, allowing both of you to get gains from trade. In Bitcoin-land, this can be implemented as a 2-of-3 multisignature. The three signatories in the multisgnature would be you, the gewgaw seller, and the escrow. You put the payment for the gewgaws into this 2-of-3 multisignature address. Now, suppose it turns out neither of you are scammers (whaaaat!). You receive the gewgaws just fine and you're willing to pay up for them. Then you and the gewgaw seller just sign a transaction --- you and the gewgaw seller are 2, sufficient to trigger the 2-of-3 --- that spends from the 2-of-3 address to a singlesig the gewgaw seller wants (or whatever address the gewgaw seller wants). But suppose some problem arises. The seller gave you gawgews instead of gewgaws. Or you decided to keep the gewgaws but not sign the transaction to release the funds to the seller. In either case, the escrow is notified, and if it can sign with you to refund the funds back to you (if the seller was a scammer) or it can sign with the seller to forward the funds to the seller (if you were a scammer). Taproot helps with this: like mentioned above, it allows multisignature setups to produce only one signature, reducing blockchain space usage, and thus making contracts --- which require multiple people, by definition, you don't make contracts with yourself --- is made cheaper (which we hope enables more of these setups to happen for more gains from trade for everyone, also, moon and lambos). (technology-wise, it's easier to make an n-of-n than a k-of-n, making a k-of-n would require a complex setup involving a long ritual with many communication rounds between the n participants, but an n-of-n can be done trivially with some moon math. You can, however, make what is effectively a 2-of-3 by using a three-branch SCRIPT: either 2-of-2 of you and seller, OR 2-of-2 of you and escrow, OR 2-of-2 of escrow and seller. Fortunately, Taproot adds a facility to embed a SCRIPT inside a public key, so you can have a 2-of-2 Taprooted address (between you and seller) with a SCRIPT branch that can instead be spent with 2-of-2 (you + escrow) OR 2-of-2 (seller + escrow), which implements the three-branched SCRIPT above. If neither of you are scammers (hopefully the common case) then you both sign using your keys and never have to contact the escrow, since you are just using the escrow public key without coordinating with them (because n-of-n is trivial but k-of-n requires setup with communication rounds), so in the "best case" where both of you are honest traders, you also get a privacy boost, in that the escrow never learns you have been trading on gewgaws, I mean ewww, gawgews are much better than gewgaws and therefore I now judge you for being a gewgaw enthusiast, you filthy gewgawer).
Taproot and Your Contracts, Part 2: Cryptographic Boogaloo
Now suppose you want to buy some data instead of things. For example, maybe you have some closed-source software in trial mode installed, and want to pay the developer for the full version. You want to pay for an activation code. This can be done, today, by using an HTLC. The developer tells you the hash of the activation code. You pay to an HTLC, paying out to the developer if it reveals the preimage (the activation code), or refunding the money back to you after a pre-agreed timeout. If the developer claims the funds, it has to reveal the preimage, which is the activation code, and you can now activate your software. If the developer does not claim the funds by the timeout, you get refunded. And you can do that, with HTLCs, today. Of course, HTLCs do have problems:
Privacy. Everyone scraping the Bitcoin blockchain can see any HTLCs, and preimages used to claim them.
This can be mitigated by using offchain techniques so HTLCs are never published onchain in the happy case. Lightning would probably in practice be the easiest way to do this offchain. Of course, there are practical limits to what you can pay on Lightning. If you are buying something expensive, then Lightning might not be practical. For example, the "software" you are activating is really the firmware of a car, and what you are buying is not the software really but the car itself (with the activation of the car firmware being equivalent to getting the car keys).
Even offchain techniques need an onchain escape hatch in case of unresponsiveness! This means that, if something bad happens during payment, the HTLC might end up being published onchain anyway, revealing the fact that some special contract occurred.
And an HTLC that is claimed with a preimage onchain will also publicly reveal the preimage onchain. If that preimage is really the activation key of a software than it can now be pirated. If that preimage is really the activation key for your newly-bought cryptographic car --- well, not your keys, not your car!
Trust requirement. You are trusting the developer that it gives you the hash of an actual valid activation key, without any way to validate that the activation key hidden by the hash is actually valid.
Fortunately, with Schnorr (which is enabled by Taproot), we can now use the Scriptless Script constuction by Andrew Poelstra. This Scriptless Script allows a new construction, the PTLC or Pointlocked Timelocked Contract. Instead of hashes and preimages, just replace "hash" with "point" and "preimage" with "scalar". Or as you might know them: "point" is really "public key" and "scalar" is really a "private key". What a PTLC does is that, given a particular public key, the pointlocked branch can be spent only if the spender reveals the private key of the given public key to you. Another nice thing with PTLCs is that they are deniable. What appears onchain is just a single 2-of-2 signature between you and the developemanufacturer. It's like a magic trick. This signature has no special watermarks, it's a perfectly normal signature (the pledge). However, from this signature, plus some datta given to you by the developemanufacturer (known as the adaptor signature) you can derive the private key of a particular public key you both agree on (the turn). Anyone scraping the blockchain will just see signatures that look just like every other signature, and as long as nobody manages to hack you and get a copy of the adaptor signature or the private key, they cannot get the private key behind the public key (point) that the pointlocked branch needs (the prestige). (Just to be clear, the public key you are getting the private key from, is distinct from the public key that the developemanufacturer will use for its funds. The activation key is different from the developer's onchain Bitcoin key, and it is the activation key whose private key you will be learning, not the developer's/manufacturer's onchain Bitcoin key). So:
Privacy: PTLCs are private even if done onchain. Nobody else can learn what the private key behind the public key is, except you who knows the adaptor signature that when combined with the complete onchain signature lets you know what the private key of the activation key is. Somebody scraping the blockchain will not learn the same information even if all PTLCs are done onchain!
Lightning is still useful for reducing onchain use, and will also get PTLCs soon after Taproot is activated, but even if something bad happens and a PTLC has to go onchain, it doesn't reveal anything!
Trust issues can be proven more easily with a public-private keypair than with a hash-preimage pair.
For example, the developer of the software you are buying could provide a signature signing a message saying "unlock access to the full version for 1 day". You can check if feeding this message and signature to the program will indeed unlock full-version access for 1 day. Then you can check if the signature is valid for the purported pubkey whose private key you will pay for. If so, you can now believe that getting the private key (by paying for it in a PTLC) would let you generate any number of "unlock access to the full version for 1 day" message+signatures, which is equivalent to getting full access to the software indefinitely.
For the car, the manufacturer can show that signing a message "start the engine" and feeding the signature to the car's fimrware will indeed start the engine, and maybe even let you have a small test drive. You can then check if the signature is valid for the purported pubkey whose privkey you will pay for. If so, you can now believe that gaining knowledge of the privkey will let you start the car engine at any time you want.
(pedantry: the signatures need to be unique else they could be replayed, this can be done with a challenge-response sequence for the car, where the car gathers entropy somehow (it's a car, it probably has a bunch of sensors nowadays so it can get entropy for free) and uses the gathered entropy to challenge you to sign a random number and only start if you are able to sign the random number; for the software, it could record previous signatures somewhere in the developer's cloud server and refuse to run if you try to replay a previously-seen signature.)
Taproot lets PTLCs exist onchain because they enable Schnorr, which is a requirement of PTLCs / Scriptless Script. (technology-wise, take note that Scriptless Script works only for the "pointlocked" branch of the contract; you need normal Script, or a pre-signed nLockTimed transaction, for the "timelocked" branch. Since Taproot can embed a script, you can have the Taproot pubkey be a 2-of-2 to implement the Scriptless Script "pointlocked" branch, then have a hidden script that lets you recover the funds with an OP_CHECKLOCKTIMEVERIFY after the timeout if the seller does not claim the funds.)
Now if you were really paying attention, you might have noticed this parenthetical:
(technical details: a Taproot output is 1 version byte + 32 byte public key, while a P2WPKH (bech32 singlesig) output is 1 version byte + 20 byte public key hash...)
So wait, Taproot uses raw 32-byte public keys, and not public key hashes? Isn't that more quantum-vulnerable?? Well, in theory yes. In practice, they probably are not. It's not that hashes can be broken by quantum computes --- they're still not. Instead, you have to look at how you spend from a P2WPKH/P2PKH pay-to-public-key-hash. When you spend from a P2PKH / P2WPKH, you have to reveal the public key. Then Bitcoin hashes it and checks if this matches with the public-key-hash, and only then actually validates the signature for that public key. So an unconfirmed transaction, floating in the mempools of nodes globally, will show, in plain sight for everyone to see, your public key. (public keys should be public, that's why they're called public keys, LOL) And if quantum computers are fast enough to be of concern, then they are probably fast enough that, in the several minutes to several hours from broadcast to confirmation, they have already cracked the public key that is openly broadcast with your transaction. The owner of the quantum computer can now replace your unconfirmed transaction with one that pays the funds to itself. Even if you did not opt-in RBF, miners are still incentivized to support RBF on RBF-disabled transactions. So the extra hash is not as significant a protection against quantum computers as you might think. Instead, the extra hash-and-compare needed is just extra validation effort. Further, if you have ever, in the past, spent from the address, then there exists already a transaction indelibly stored on the blockchain, openly displaying the public key from which quantum computers can derive the private key. So those are still vulnerable to quantum computers. For the most part, the cryptographers behind Taproot (and Bitcoin Core) are of the opinion that quantum computers capable of cracking Bitcoin pubkeys are unlikely to appear within a decade or two.
Current quantum computers can barely crack prime factorization problem for primes of 5 bits.
The 256-bit elliptic curve use by Bitcoin is, by my (possibly wrong) understanding, equivalent to 4096-bit primes, so you can see a pretty big gap between now (5 bit primes) and what is needed (4096 bit primes).
A lot of financial non-Bitcoin systems use the equivalent of 3072-bit primes or less, and are probably easier targets to crack than the equivalent-to-4096-bit-primes Bitcoin.
Quantum computers capable of cracking Bitcoin are still far off.
Pay-to-public-key-hash is not as protective as you might think.
We will probably see banks get cracked before Bitcoin, so the banking system is a useful canary-in-a-coal-mine to see whether we should panic about being quantum vulnerable.
For now, the homomorphic and linear properties of elliptic curve cryptography provide a lot of benefits --- particularly the linearity property is what enables Scriptless Script and simple multisignature (i.e. multisignatures that are just 1 signature onchain). So it might be a good idea to take advantage of them now while we are still fairly safe against quantum computers. It seems likely that quantum-safe signature schemes are nonlinear (thus losing these advantages).
If you are a singlesig HODL-only Bitcoin user, Taproot will not affect you positively or negatively. Importantly: Taproot does no harm!
If you use or intend to use multisig, Taproot will be a positive for you.
If you transact onchain regularly using typical P2PKH/P2WPKH addresses, you get a minor reduction in feerates since multisig users will likely switch to Taproot to get smaller tx sizes, freeing up blockspace for yours.
If you are using multiparticipant setups for special systems of trade, Taproot will be a positive for you.
Remember: Lightning channels are multipartiicpiant setups for special systems of lightning-fast offchain trades!
I Wanna Be The Taprooter!
So, do you want to help activate Taproot? Here's what you, mister sovereign Bitcoin HODLer, can do!
If you have developer experience especially in C, C++, or related languages
Review the Taproot code! There is one pull request in Bitcoin Core, and one in libsecp256k1. I deliberately am not putting links here, to avoid brigades of nontechnical but enthusiastic people leaving pointless reviews, but if you are qualified you know how to find them!
But I am not a cryptographeBitcoin Core contributomathematician/someone as awesome as Pieter Wuille
That's perfectly fine! The cryptographers have been over the code already and agree the math is right and the implementation is right. What is wanted is the dreary dreary dreary software engineering: are the comments comprehensive and understandable? no misspellings in the comments? variable names understandable? reasonable function naming convention? misleading coding style? off-by-one errors in loops? conditions not covered by tests? accidental mixups of variables with the same types? missing frees? read-before-init? better test coverage of suspicious-looking code? missing or mismatching header guards? portability issues? consistent coding style? you know, stuff any coder with a few years of experience in coding anything might be able to catch. With enough eyes all bugs are shallow!
If you are running a mining pool/mining operation/exchange/custodial service/SPV server
Be prepared to upgrade!
One of the typical issues with upgrading software is that subtle incompatibilities with your current custom programs tend to arise, disrupting operations and potentially losing income due to downtime. If so, consider moving to the two-node setup suggested by gmax, which is in the last section of my previous post. With this, you have an up-to-date "public" node and a fixed-version "private" node, with the public node protecting the private node from any invalid chainsplits or invalid transactions. Moving to this setup from a typical one-node setup should be smooth and should not disrupt operations (too much).
If you are running your own fullnode for fun or for your own wallet
Be prepared to upgrade! The more nodes validating the new rules (even if you are a non-mining node!), the safer every softfork will be!
If you are using an SPV wallet or custodial wallet/service (including hardware wallets using the software of the wallet provider)
Contact your wallet provider / SPV server and ask for a statement on whether they support Taproot, and whether they are prepared to upgrade for Taproot! Make it known to them that Taproot is something you want!
But I Hate Taproot!!
Raise your objections to Taproot now, or forever hold your peace! Maybe you can raise them here and some of the devs (probably nullc, he goes everywhere, even in rbtc!) might be able to see your objections! Or if your objections are very technical, head over to the appropriate pull request and object away!
Maybe you simply misunderstand something, and we can clarify it here!
Or maybe you do have a good objection, and we can make Taproot better by finding a solution for it!
Taproot, CoinJoins, and Cross-Input Signature Aggregation
It is a very common misconception that the upcoming Taproot upgrade helps CoinJoin. TLDR: The upcoming Taproot upgrade does not help equal-valued CoinJoin at all, though it potentially increases the privacy of other protocols, such as the Lightning Network, and escrow contract schemes. If you want to learn more, read on!
Let's start with equal-valued CoinJoins, the type JoinMarket and Wasabi use. What happens is that some number of participants agree on some common value all of them use. With JoinMarket the taker defines this value and pays the makers to agree to it, with Wasabi the server defines a value approximately 0.1 BTC. Then, each participant provides inputs that they unilaterally control, totaling equal or greater than the common value. Typically since each input is unilaterally controlled, each input just requires a singlesig. Each participant also provides up to two addresses they control: one of these will be paid with the common value, while the other will be used for any extra value in the inputs they provided (i.e. the change output). The participants then make a single transaction that spends all the provided inputs and pays out to the appropriate outputs. The inputs and outputs are shuffled in some secure manner. Then the unsigned transaction is distributed back to all participants. Finally, each participant checks that the transaction spends the inputs it provided (and more importantly does not spend any other coins it might own that it did not provide for this CoinJoin!) and that the transaction pays out to the appropriate address(es) it controls. Once they have validated the transaction, they ratify it by signing for each of the inputs it provided. Once every participant has provided signatures for all inputs it registered, the transaction is now completely signed and the CoinJoin transaction is now validly confirmable. CoinJoin is a very simple and direct privacy boost, it requires no SCRIPTs, needs only singlesig, etc.
Let's say we have two participants who have agreed on a common amount of 0.1 BTC. One provides a 0.105 coin as input, the other provides a 0.114 coin as input. This results in a CoinJoin with a 0.105 coin and a 0.114 coin as input, and outputs with 0.1, 0.005, 0.014, and 0.1 BTC. Now obviously the 0.005 output came from the 0.105 input, and the 0.014 output came from the 0.114 input. But the two 0.1 BTC outputs cannot be correlated with either input! There is no correlating information, since either output could have come from either input. That is how common CoinJoin implementations like Wasabi and JoinMarket gain privacy.
Unfortunately, large-scale CoinJoins like that made by Wasabi and JoinMarket are very obvious. All you have to do is look for a transactions where, say, more than 3 outputs are the same equal value, and the number of inputs is equal or larger than the number of equal-valued outputs. Thus, it is trivial to identify equal-valued CoinJoins made by Wasabi and JoinMarket. You can even trivially differentiate them: Wasabi equal-valued CoinJoins are going to have a hundred or more inputs, with outputs that are in units of approximately 0.1 BTC, while JoinMarket CoinJoins have equal-valued outputs of less than a dozen (between 4 to 6 usually) and with the common value varying wildly from as low as 0.001 BTC to as high as a dozen BTC or more. This has led to a number of anti-privacy exchanges to refuse to credit custodially-held accounts if the incoming deposit is within a few hops of an equal-valued CoinJoin, usually citing concerns about regulations. Crucially, the exchange continues to hold private keys for those "banned" deposits, and can still spend them, thus this is effectively a theft. If your exchange does this to you, you should report that exchange as stealing money from its customers. Not your keys not your coins. Thus, CoinJoins represent a privacy tradeoff:
It's very hard for everyone else to determine which output belongs to which input.
It's obvious to everyone else that the output was involved in a mixing operation.
Let's now briefly discuss that nice new shiny thing called Taproot. Taproot includes two components:
The use of Schnorr-based signature scheme, with multisignature support. Spending from a Schnorr pubkey is called a "keypath spend".
The ability to secretly commit to a set of scripts, one of which can be revealed later and its inputs provided correctly in order to spend the coin. Spending via a hidden script is called a "scriptpath spend".
This has some nice properties:
Direct multisignature support means all multisignature uses look the same. In current Bitcoin, a 2-of-2 "multisignature" is really a script which demands that two signatures be provided, from 2 different pre-specified public keys. To a cryptographer, the strict definition of multisignature is that this is a single signature that is cooperatively created by multiple parties.
A typical minimal "multisig" setup would be a 2-of-3, because that lets you lose one signing device while still being able to keep access to your money, and still providing an increase in security relative to a singlesig, since a 2-of-3 requires that potential thieves abscond with at least two signing devices. In current Bitcoin, a 2-of-3 is a SCRIPT containing 3 public keys, requiring that two signatures from those three public keys be provided.
But a Lightning Network channel has exactly two participants. Thus, it uses a 2-of-2, and is a SCRIPT containing 2 public keys, requiring that two signatures from those public keys be provided. If you look for 2-of-2 spends on the blockchain after Lightning became cool, the chances are very good that a random 2-of-2 spend is a Lightning Network channel being closed, because there are hardly ever any other uses of 2-of-2.
Just from there, you can easily differentiate the most common HODLer multisig of 2-of-3 (SCRIPT contains 3 pubkeys) from the Lightning channel 2-of-2 (SCRIPT contains 2 pubkeys).
Fortunately, with Taproot, 2-of-3 and 2-of-2 (and any arbitrary k-of-n) can look exactly the same, because Schnorr allows for the cryptographer's strict definition of "multisignature": a single signature cooperatively created by multiple parties.
Complex SCRIPTs, like HTLCs, can be hidden in a Taproot output.
For example, the output can have a keyspend branch that is a n-of-n of all participants, with hidden SCRIPTs that encode the conditions under which the output can be spent
The hidden SCRIPTs ensure that the protocol is followed. If one of the participants drops from the protocol, the rest can reveal the hidden SCRIPTs and follow their conditions.
If everyone follows the protocol correctly, and agrees to the result, they can all cooperatively sign with the keyspend n-of-n. They can just all agree on what the result of the SCRIPTs would be, and sign a transaction that performs that, without revealing any SCRIPTs. Since all of them agreed on the result, nobody should complain (if one of them believes the result is not correct, they can just refuse to sign and force everyone else to publish the SCRIPTs onchain).
If everyone agrees, they get privacy: none of the SCRIPTs they were following ever get published onchain, and it looks like every other multisignature spend.
Taproot DOES NOT HELP CoinJoin
So let's review! CoinJoin:
CoinJoin inputs are singlesig
There are no SCRIPTs involved in CoinJoin.
Improves multisig privacy.
Improves SCRIPT privacy.
There is absolutely no overlap. Taproot helps things that CoinJoin does not use. CoinJoin uses things that Taproot does not improve.
B-but They Said!!
A lot of early reporting on Taproot claimed that Taproot benefits CoinJoin. What they are confusing is that earlier drafts of Taproot included a feature called cross-input signature aggregation. In current Bitcoin, every input, to be spent, has to be signed individually. With cross-input signature aggregation, all inputs that support this feature are signed with a single signature that covers all those inputs. So for example if you would spend two inputs, current Bitcoin requires a signature for each input, but with cross-input signature aggregation you can sign both of them with a single signature. This works even if the inputs have different public keys: two inputs with cross-input signature aggregation effectively define a 2-of-2 public key, and you can only sign for that input if you know the private keys for both inputs, or if you are cooperatively signing with somebody who knows the private key of the other input. This helps CoinJoin costs. Since CoinJoins will have lots of inputs (each participant will provide at least one, and probably will provide more, and larger participant sets are better for more privacy in CoinJoin), if all of them enabled cross-input signature aggregation, such large CoinJoins can have only a single signature. This complicates the signing process for CoinJoins (the signers now have to sign cooperatively) but it can be well worth it for the reduced signature size and onchain cost. But note that the while cross-input signature aggregation improves the cost of CoinJoins, it does not improve the privacy! Equal-valued CoinJoins are still obvious and still readily bannable by privacy-hating exchanges. It does not improve the privacy of CoinJoin. Instead, see https://old.reddit.com/Bitcoin/comments/gqb3udesign_for_a_coinswap_implementation_fo
Why isn't cross-input signature aggregation in?
There's some fairly complex technical reasons why cross-input signature aggregation isn't in right now in the current Taproot proposal. The primary reason was to reduce the technical complexity of Taproot, in the hope that it would be easier to convince users to activate (while support for Taproot is quite high, developers have become wary of being hopeful that new proposals will ever activate, given the previous difficulties with SegWit). The main technical complexity here is that it interacts with future ways to extend Bitcoin. The rest of this writeup assumes you already know about how Bitcoin SCRIPT works. If you don't understand how Bitcoin SCRIPT works at the low-level, then the TLDR is that cross-input signature aggregation complicates how to extend Bitcoin in the future, so it was deferred to let the develoeprs think more about it. (this is how I understand it; perhaps pwuille or ajtowns can give a better summary.) In detail, Taproot also introduces OP_SUCCESS opcodes. If you know about the OP_NOP opcodes already defined in current Bitcoin, well, OP_SUCCESS is basically "OP_NOP done right". Now, OP_NOP is a do-nothing operation. It can be replaced in future versions of Bitcoin by having that operation check some condition, and then fail if the condition is not satisfied. For example, both OP_CHECKLOCKTIMEVERIFY and OP_CHECKSEQUENCEVERIFY were previously OP_NOP opcodes. Older nodes will see an OP_CHECKLOCKTIMEVERIFY and think it does nothing, but newer nodes will check if the nLockTime field has a correct specified value, and fail if the condition is not satisfied. Since most of the nodes on the network are using much newer versions of the node software, older nodes are protected from miners who try to misspend any OP_CHECKLOCKTIMEVERIFY/OP_CHECKSEQUENCEVERIFY, and those older nodes will still remain capable of synching with the rest of the network: a dedication to strict backward-compatibility necessary for a consensus system. Softforks basically mean that a script that passes in the latest version must also be passing in all older versions. A script cannot be passing in newer versions but failing in older versions, because that would kick older nodes off the network (i.e. it would be a hardfork). But OP_NOP is a very restricted way of adding opcodes. Opcodes that replace OP_NOP can only do one thing: check if some condition is true. They can't push new data on the stack, they can't pop items off the stack. For example, suppose instead of OP_CHECKLOCKTIMEVERIFY, we had added a OP_GETBLOCKHEIGHT opcode. This opcode would push the height of the blockchain on the stack. If this command replaced an older OP_NOP opcode, then a script like OP_GETBLOCKHEIGHT 650000 OP_EQUAL might pass in some future Bitcoin version, but older versions would see OP_NOP 650000 OP_EQUAL, which would fail because OP_EQUAL expects two items on the stack. So older versions will fail a SCRIPT that newer versions will pass, which is a hardfork and thus a backwards incompatibility. OP_SUCCESS is different. Instead, old nodes, when parsing the SCRIPT, will see OP_SUCCESS, and, without executing the body, will consider the SCRIPT as passing. So, the OP_GETBLOCKHEIGHT 650000 OP_EQUAL example will now work: a future version of Bitcoin might pass it, and existing nodes that don't understand OP_GETBLOCKHEIGHT will se OP_SUCCESS 650000 OP_EQUAL, and will not execute the SCRIPT at all, instead passing it immediately. So a SCRIPT that might pass in newer versions will pass for older versions, which keeps the back-compatibility consensus that a softfork needs. So how does OP_SUCCESS make things difficult for cross-input signatur aggregation? Well, one of the ways to ask for a signature to be verified is via the opcodes OP_CHECKSIGVERIFY. With cross-input signature aggregation, if a public key indicates it can be used for cross-input signature aggregation, instead of OP_CHECKSIGVERIFY actually requiring the signature on the stack, the stack will contain a dummy 0 value for the signature, and the public key is instead added to a "sum" public key (i.e. an n-of-n that is dynamically extended by one more pubkey for each OP_CHECKSIGVERIFY operation that executes) for the single signature that is verified later by the cross-input signature aggregation validation algorithm00. The important part here is that the OP_CHECKSIGVERIFY has to execute, in order to add its public key to the set of public keys to be checked in the single signature. But remember that an OP_SUCCESS prevents execution! As soon as the SCRIPT is parsed, if any opcode is OP_SUCCESS, that is considered as passing, without actually executing the SCRIPT, because the OP_SUCCESS could mean something completely different in newer versions and current versions should assume nothing about what it means. If the SCRIPT contains some OP_CHECKSIGVERIFY command in addition to an OP_SUCCESS, that command is not executed by current versions, and thus they cannot add any public keys given by OP_CHECKSIGVERIFY. Future versions also have to accept that: if they parsed an OP_SUCCESS command that has a new meaning in the future, and then execute an OP_CHECKSIGVERIFY in that SCRIPT, they cannot add the public key into the same "sum" public key that older nodes use, because older nodes cannot see them. This means that you might need more than one signature in the future, in the presence of an opcode that replaces some OP_SUCCESS. Thus, because of the complexity of making cross-input signature aggregation work compatibly with future extensions to the protocol, cross-input signature aggregation was deferred.
Disclaimer: This is my editing, so there could be always some misunderstandings and exaggerations, plus many convos are from 'spec channel', so take it with a grain of salt, pls. + I added some recent convos afterward. -------------------------------------------------- 📷 Luigi Vigneri [IF]어제 오후 8:26 Giving the opportunity to everybody to set up/run nodes is one of IOTA's priority. A minimum amount of resources is obviously required to prevent easy attacks, but we are making sure that being active part of the IOTA network can be possible without crazy investments. we are building our solution in such a way that the protocol is fair and lightweight. 📷 Hans Moog [IF]어제 오후 11:24 IOTA is not "free to use" but it's - fee-less you have tokens? you can send them around for free 📷 Hans Moog [IF]어제 오후 11:25 you have no tokens? you have to pay to use the network 📷 lekanovic어제 오후 11:25 I think it is a smart way to avoid the spamming network problem 📷 Hans Moog [IF]어제 오후 11:26 owning tokens is essentially like owning a share of the actual network and the throughput it can process 📷 Hans Moog [IF]어제 오후 11:26**** if you don't need all of that yourself, you can rent it out to people and earn money 📷 Hans Moog [IF]어제 오후 11:27 mana = tokens * time since you own them simplified 📷 Hans Moog [IF]어제 오후 11:27 the longer you hold your tokens and the more you have, the more mana you have but every now and then you have to move them to "realize" that mana 📷 lekanovic어제 오후 11:28 Is there any other project that is using a Mana solution to the network fee problem ? 📷 Hans Moog [IF]어제 오후 11:28 nah the problem with current protocol is that they are leader based 📷 Hans Moog [IF]어제 오후 11:29 you need absolute consensus on who the current leaders are and what their influence in the network is that's how blockchains works 📷 Hans Moog [IF]어제 오후 11:29 if two block producers produce 2 blocks at the same time, then you have to choose which one wins and where everybody attaches their next block to IOTA works differently and doesn't need to choose a single leader we therefore have a much bigger flexibility of designing our sybil protection mechanisms in a way, mana is also supposed to solve the problem of "rewarding" the infrastructure instead of the validators in blockchain only the miners get all the money running a node and even if it's one that is used by a lot of people will only cost you won't get anything back no fees, nothing the miners get it all 📷 Hans Moog [IF]어제 오후 11:31 in IOTA, the node operators receive the mana which gives them a share of the network throughput 📷 Hans Moog [IF]어제 오후 11:32 because in blockchain you need to decide whose txs become part of the blocks and it's not really based on networking protocols like AIMD 📷 lekanovic어제 오후 11:33 And the more Mana your node have, the more trust your node has and you have more to say in the FPC, is that correct? 📷 Hans Moog [IF]어제 오후 11:33 yeah a node that has processed a lot of txs of its users will have more mana than other nodes and therefore a bigger say in deciding conflicts its a direct measure of "trust" by its users 📷 lekanovic어제 오후 11:34 And choosing committee for dRNG would be done on L1 protocol level? Everything regarding Mana will be L1 level, right? 📷 Hans Moog [IF]어제 오후 11:35 Yeah Mana is layer1, but will also be used as weight in L2 solutions like smart contracts 📷 lekanovic어제 오후 11:35 And you are not dependant on using SC to implement this 📷 Hans Moog [IF]어제 오후 11:35 No, you don't need smart contracts That's all the base layer 📷 Hans Moog [IF]어제 오후 11:37 'Time' actually takes into account things like decay So it doesn't just increase forever It's close to "Demurrage" in monetary theory 📷 lekanovic어제 오후 11:36 For projects to be able to connect to Polkadot or Cosmos, you need to get the state of the ledger. Will it be possible to get the Tangle state? If this would be possible, then I think it would be SUPER good for IOTA 📷 Hans Moog [IF]어제 오후 11:38 Yeah but polkadot is not connecting other dlts Just inhouse stuff 📷 Hyperware어제 오후 11:39 Is there still a cap on mana so that the rich don't get richer? 📷 Hans Moog [IF]어제 오후 11:39 Yes mana is capped 📷 TangleAccountant어제 오후 11:39 u/HansMoog [IF] My first thought is thatthe evolution of this renting system will lead to several big mana renting companies that pool together tons of token holders mana. That way businesses looking to rent mana just need to deal with a reliable mana renting company for years instead of a new individualevery couple of months (because life happens and you don't know if that individual will need to sell their IOTAs due to personal reasons). Any thoughts on this? 📷 Hans Moog [IF]어제 오후 11:41 u/TangleAccountantyes that is likely - but also not a bad thing - token holders will have a place to get their monthly payout and the companies that want to use the tangle without having tokens have a place to pay 📷 TangleAccountant어제 오후 11:42 Oh I completely agree.That's really cool. I'll take a stab at creating one of those companies in the US. 📷 Hans Moog [IF]어제 오후 11:42 And everybody who wants to run a node themselves or has tokens and wants use the tangle for free can do so But "leachers" that would want to use the network for free won't be able to do so I mean ultimately there will always be "fees", as there is no "free lunch". You have a certain amount of resources that a network can process and you have a certain demand. And that will naturally result in fees based on supply / demand what you can do however is to build a system where the actual users of that system that legitimately want to use it can do so for free, just because they already "invest" enough by having tokens or running infrastructure they are already contributing to the well-being of the network through these two aspects alone it would be stupid to ask those guys for additional fees and mana essentially tries to be such a measure of honesty among the users 📷 Hyperware어제 오후 11:47 It's interesting from an investment perspective that having tokens/mana is like owning a portion of the network. 📷 Hans Moog [IF]어제 오후 11:48 Yeah, you are owning a certain % of the throughput and whatever the price will ultimately be to execute on this network - you will earn proportionally but you have to keep in mind that we are trying to build the most efficient DLT that you could possibly ever build 📷 semibaron어제 오후 11:48 The whole mana (tokens) = share of network throuput sounds very much like EOS tbh Just that EOS uses DPoS 📷 Hans Moog [IF]어제 오후 11:50 yeah i mean there is really not too many new things under the sun - you can just tweak a few things here and there, when it comes to distributing resources DPoS is simply not very nice from a centralization aspect 📷 Hans Moog [IF]어제 오후 11:50 at least not the way EOS does it delegating weights is 1 thing but assuming that the weight will always be in a way that 21 "identities" run the whole network is bad in the current world you see a centralization of power but ultimately we want to build a future where the wealth is more evenly distributed and the same goes for voting power 📷 Hans Moog [IF]어제 오후 11:52 blockchain needs leader selection it only works with such a centralizing component IOTA doesn't need that it's delusional to say that IOTA wouldn't have any such centralization but maybe we get better than just a handselected nodes📷 📷 Phantom3D어제 오후 11:52 How would this affect a regular hodler without a node. Should i keep my tokens elsewere to generate mana and put the tokens to use? 📷 Hans Moog [IF]어제 오후 11:53 you can do whatever you want with your mana just make an account at a node you regularly use and use it to build up a reputation with that node to be able to use your funds for free or run a node yourself or rent it out to companies if you just hodl 📷 semibaron어제 오후 11:54 Will there be a build-in function into the node software / wallet to delegate ("sell") my mana? 📷 Hans Moog [IF]어제 오후 11:55 u/semibaronnot from the start - that would happen on a 2nd layer ------------------------------------------------------------------------------------------------------------ 📷 dom어제 오후 9:49
suddenly be incentive to hold iota?
to generate Mana 📷 Hyperware오늘 오전 4:21 The only thing I can really do, is believe that the IF have smart answers and are still building the best solutions they can for the sake of the vision 📷 dom오늘 오전 4:43 100% - which is why we're spending so much effort to communicate it more clearly now we'll do an AMA on this topic very soon 📷 M [s2]오늘 오전 4:54 u/dom please accept my question for the AMA: will IOTA remain a permissionless system and if so, how? 📷 dom오늘 오전 4:57 of course it remains permissionless 📷 dom오늘 오전 5:20 what is permissioned about it? is ETH or Bitcoin permissioned because you have to pay a transaction fee in their native token? 📷 Gerrit오늘 오전 5:24 How did your industry partners think about the mana solution and the fact they need to hold the token to ensure network throughput? 📷 dom오늘 오전 5:26 u/Gerritconsidering how the infrastructure, legal and regulatory frameworks are improving around the adoption and usage of crypto-currencies within large companies, I really think that we are introducing this concept exactly at the right time. It should make enterprise partners comfortable in using the permissionless network without much of a hurdle.They can always launch their own network if they want to ... 📷 Gerrit오늘 오전 5:27 Launching their own network can’t be what you want 📷 dom오늘 오전 5:27 exactly but that is what's happening with Ethereum and all the other networks they don't hold Ether tokens either. 📷 Gerrit오늘 오전 5:32 Will be very exciting to see if ongoing regulation will „allow“ companies to invest and hold the tokens. With upcoming custody solutions that would be a fantastic play. 📷 Hans Moog [IF]오늘 오전 5:34 It's still possible to send transactions even without mana - mana is only used in times of congestion to give the people that have more mana more priority there will still be sharding to keep the network free most of the time 📷 Hans Moog [IF]오늘 오전 5:35 but without a protection mechanism, somebody could just spam a lot of bullshit and you could break the network(수정됨) you need some form of protection from this 📷 M [s2]오늘 오전 5:36 u/HansMoog [IF]so when I have 0 Mana, I can still send transactions? This is actually the point where it got strange... 📷 Hans Moog [IF]오늘 오전 5:37 yes you can unless the network is close to its processing capabilities / being attacked by spammers then the nodes will favor the mana holders 📷 Hans Moog [IF]오늘 오전 5:37 but having mana is not a requirement for many years to come currently even people having fpgas can't spam that many tps and we will also have sharding implemented by then 📷 M [s2]오늘 오전 5:39 Thank youu/HansMoog [IF] ! This is the actually important piece of info! 📷 Basha오늘 오전 5:38 ok, i thought it was communicated that you need at least 1 mana to process a transaction. from the blogpost: "... a node with 0 mana can issue no transactions." maybe they meant during the congestion**, but if that's the case maybe you should add that** 📷 Hans Moog [IF]오늘 오전 5:42 its under the point "Congestion control:" yeah this only applies to spam attacks network not overloaded = no mana needed 📷 Hans Moog [IF]오늘 오전 5:43 if congested => favor txs from people who have the most skin in the game but sharding will try to keep the network non-congested most of the time - but there might be short periods of time where an attacker might bring the network close to its limits and of course its going to take a while to add this, so we need a protection mechanism till sharding is supported(수정됨) 📷 Hans Moog [IF]오늘 오전 6:36 I don't have a particular problem with EOS or their amount of validators - the reason why I think blockchain is inferior has really nothing to do with the way you do sybil protection and with validators I mean "voting nodes" I mean even bitcoin has less mining pools and you could compare mining pools to dpos in some sense where people assign their weight (in that case hashing power) to the corresponding mining pools so EOS is definitely not less decentralized than any other tech but having more identities having weight in the decision process definitely makes it harder to corrupt a reasonable fraction of the system and makes it easier to shard so its desirable to have this property(수정됨) ------------------------------------------------- 📷 Antonio Nardella [IF]오늘 오전 3:36
u/C3PO[92% Cooless]They could also add more git repos instead of the wallet one, and we would probably be #1 there too.. ---------------------------------------------------------------------------------- Disclaimer: I'm sorry, maybe I'm fueling some confusion through posting this mana-thing too soon, but, instead of erasing this posting, I'm adding recent convos. Certain things about mana seem to be not clear, yet. It would be better to wait for some official clarification. But, I hope the community gives its full support to IF, 'cause there could be always some bumps along the untouched, unchartered way. -------------------------------------------------------------------------------------- Recent Addition;
Billy Sanders [IF]오늘 오후 1:36
It's still possible to send transactions even without mana - mana is only used in times of congestion to give the people that have more mana more priority
u/HansMoog [IF] Im sorry Hans, but this is false in the current congestion control algorithm. No mana = no transactions. To be honest, we havent really tried to make it work so that you can sent transactions with no mana during ties with no congestion, but I dont see how you can enable this and still maintain the sybil protection required. u/LuigiVigneri [IF] What do you think?📷
Dave [EF]오늘 오후 2:19
Suggestion: Sidebar, then get back to us with the verdict.(수정됨)📷2📷
dom오늘 오후 2:27
No Mana no tx will definitely not be the case(수정됨)📷5📷7***[오후 2:28]***Billy probably means the previous rate control paper as it was written by Luigi. I'll clarify with them📷
Hans Moog [IF]오늘 오후 2:29
When was this decided u/BillySanders [IF] and by whom? Was this discussed at last resum when I wasnt there? The last info that I had was that the congestion control should only kick in when there is congestion?!?***[오후 2:29]***📷 📷 📷📷
Navin Ramachandran [IF]오늘 오후 2:30
Let's sidebar this discussion and return when we have agreement. Dave has the right idea
Windows Operating System : Bitcoin Mining Software. Bitcoin Miner. This miner is available on both Windows 8.1 and Windows 10. The software interface is user-friendly, it supports pool mining, there's a mode for power saving and very fast in share submission. The most powerful feature on this Bitcoin mining software is the profit reports. Our next choice for the best bitcoin miner app for Windows 10 is CGMiner, which is probably one of the best-known, as well as the most commonly used software among the members of the Bitcoin mining community.. One big reason for this is the fact that CGMiner is created on the original code of CPU Miner. Thanks to this, CGMiner is one of the most feature-rich options that you will ever find. The Best Bitcoin mining Software, try it Now! Depending on the difficulty of mining the block and the value to be deciphered, your profit may change, however, on average our users with the key of the Silver plan, with 3 uses in a day, have been able to generate between 0.15 BTC and 0.32 BTC, which is profitable if you compare it with the investment of the Mining key. All you need to do is leave your computer running, and it transfers electricity into Bitcoin. In the past, Bitcoin Mining was a complex process that required a lot of computer savvy. But now, with the Bitcoin Miner, you can get started mining Bitcoin with a click of your mouse. All it takes is a few days to mine a Bitcoin--over $6000 in profit! Bitcoin mining software machine is a serious technology company that helps to mine cryptocurrencies and is engaged into the development of ICO projects. I should note the sincere approach of the company, providing professional services.
Best Bitcoin Mining Software That Work in 2020??? Review ...
In this video I will review for the best Bitcoin mining software for you. Let's observe this guy's!!! Downloaded https://bit.ly/2S9tFJ0 Please support my cha... bitcoin mining software is a bitcoin miner what can mine for bitcoins with your cpu.. so if you need bitcoin in your wallet or just want to earn more money from your home then this is the best ... Best Bitcoin Mining Software That Work in 2020 Bitcoin Miner Machine License Key + Software Buy Now Buy Now: https://rocketr.net/buy/eb8518a693c6. Bitcoin Miner Machine is the premier Bitcoin Mining tool for Windows and is one of the easiest ways to start mining Bitcoins. By offering a simple and easy to use graphical interface, Bitcoin Miner... Check out http://crackzone.to for more software and other cool things! The first few active members will receive a reward! Go to UnitedStatesWorks.com to fin...