Johoe's Bitcoin Mempool Size Statistics

Technical: Taproot: Why Activate?

This is a follow-up on https://old.reddit.com/Bitcoin/comments/hqzp14/technical_the_path_to_taproot_activation/
Taproot! Everybody wants it!! But... you might ask yourself: sure, everybody else wants it, but why would I, sovereign Bitcoin HODLer, want it? Surely I can be better than everybody else because I swapped XXX fiat for Bitcoin unlike all those nocoiners?
And it is important for you to know the reasons why you, o sovereign Bitcoiner, would want Taproot activated. After all, your nodes (or the nodes your wallets use, which if you are SPV, you hopefully can pester to your wallet vendoimplementor about) need to be upgraded in order for Taproot activation to actually succeed instead of becoming a hot sticky mess.
First, let's consider some principles of Bitcoin.
I'm sure most of us here would agree that the above are very important principles of Bitcoin and that these are principles we would not be willing to remove. If anything, we would want those principles strengthened (especially the last one, financial privacy, which current Bitcoin is only sporadically strong with: you can get privacy, it just requires effort to do so).
So, how does Taproot affect those principles?

Taproot and Your /Coins

Most HODLers probably HODL their coins in singlesig addresses. Sadly, switching to Taproot would do very little for you (it gives a mild discount at spend time, at the cost of a mild increase in fee at receive time (paid by whoever sends to you, so if it's a self-send from a P2PKH or bech32 address, you pay for this); mostly a wash).
(technical details: a Taproot output is 1 version byte + 32 byte public key, while a P2WPKH (bech32 singlesig) output is 1 version byte + 20 byte public key hash, so the Taproot output spends 12 bytes more; spending from a P2WPKH requires revealing a 32-byte public key later, which is not needed with Taproot, and Taproot signatures are about 9 bytes smaller than P2WPKH signatures, but the 32 bytes plus 9 bytes is divided by 4 because of the witness discount, so it saves about 11 bytes; mostly a wash, it increases blockweight by about 1 virtual byte, 4 weight for each Taproot-output-input, compared to P2WPKH-output-input).
However, as your HODLings grow in value, you might start wondering if multisignature k-of-n setups might be better for the security of your savings. And it is in multisignature that Taproot starts to give benefits!
Taproot switches to using Schnorr signing scheme. Schnorr makes key aggregation -- constructing a single public key from multiple public keys -- almost as trivial as adding numbers together. "Almost" because it involves some fairly advanced math instead of simple boring number adding, but hey when was the last time you added up your grocery list prices by hand huh?
With current P2SH and P2WSH multisignature schemes, if you have a 2-of-3 setup, then to spend, you need to provide two different signatures from two different public keys. With Taproot, you can create, using special moon math, a single public key that represents your 2-of-3 setup. Then you just put two of your devices together, have them communicate to each other (this can be done airgapped, in theory, by sending QR codes: the software to do this is not even being built yet, but that's because Taproot hasn't activated yet!), and they will make a single signature to authorize any spend from your 2-of-3 address. That's 73 witness bytes -- 18.25 virtual bytes -- of signatures you save!
And if you decide that your current setup with 1-of-1 P2PKH / P2WPKH addresses is just fine as-is: well, that's the whole point of a softfork: backwards-compatibility; you can receive from Taproot users just fine, and once your wallet is updated for Taproot-sending support, you can send to Taproot users just fine as well!
(P2WPKH and P2WSH -- SegWit v0 -- addresses start with bc1q; Taproot -- SegWit v1 --- addresses start with bc1p, in case you wanted to know the difference; in bech32 q is 0, p is 1)
Now how about HODLers who keep all, or some, of their coins on custodial services? Well, any custodial service worth its salt would be doing at least 2-of-3, or probably something even bigger, like 11-of-15. So your custodial service, if it switched to using Taproot internally, could save a lot more (imagine an 11-of-15 getting reduced from 11 signatures to just 1!), which --- we can only hope! --- should translate to lower fees and better customer service from your custodial service!
So I think we can say, very accurately, that the Bitcoin principle --- that YOU are in control of your money --- can only be helped by Taproot (if you are doing multisignature), and, because P2PKH and P2WPKH remain validly-usable addresses in a Taproot future, will not be harmed by Taproot. Its benefit to this principle might be small (it mostly only benefits multisignature users) but since it has no drawbacks with this (i.e. singlesig users can continue to use P2WPKH and P2PKH still) this is still a nice, tidy win!
(even singlesig users get a minor benefit, in that multisig users will now reduce their blockchain space footprint, so that fees can be kept low for everybody; so for example even if you have your single set of private keys engraved on titanium plates sealed in an airtight box stored in a safe buried in a desert protected by angry nomads riding giant sandworms because you're the frickin' Kwisatz Haderach, you still gain some benefit from Taproot)
And here's the important part: if P2PKH/P2WPKH is working perfectly fine with you and you decide to never use Taproot yourself, Taproot will not affect you detrimentally. First do no harm!

Taproot and Your Contracts

No one is an island, no one lives alone. Give and you shall receive. You know: by trading with other people, you can gain expertise in some obscure little necessity of the world (and greatly increase your productivity in that little field), and then trade the products of your expertise for necessities other people have created, all of you thereby gaining gains from trade.
So, contracts, which are basically enforceable agreements that facilitate trading with people who you do not personally know and therefore might not trust.
Let's start with a simple example. You want to buy some gewgaws from somebody. But you don't know them personally. The seller wants the money, you want their gewgaws, but because of the lack of trust (you don't know them!! what if they're scammers??) neither of you can benefit from gains from trade.
However, suppose both of you know of some entity that both of you trust. That entity can act as a trusted escrow. The entity provides you security: this enables the trade, allowing both of you to get gains from trade.
In Bitcoin-land, this can be implemented as a 2-of-3 multisignature. The three signatories in the multisgnature would be you, the gewgaw seller, and the escrow. You put the payment for the gewgaws into this 2-of-3 multisignature address.
Now, suppose it turns out neither of you are scammers (whaaaat!). You receive the gewgaws just fine and you're willing to pay up for them. Then you and the gewgaw seller just sign a transaction --- you and the gewgaw seller are 2, sufficient to trigger the 2-of-3 --- that spends from the 2-of-3 address to a singlesig the gewgaw seller wants (or whatever address the gewgaw seller wants).
But suppose some problem arises. The seller gave you gawgews instead of gewgaws. Or you decided to keep the gewgaws but not sign the transaction to release the funds to the seller. In either case, the escrow is notified, and if it can sign with you to refund the funds back to you (if the seller was a scammer) or it can sign with the seller to forward the funds to the seller (if you were a scammer).
Taproot helps with this: like mentioned above, it allows multisignature setups to produce only one signature, reducing blockchain space usage, and thus making contracts --- which require multiple people, by definition, you don't make contracts with yourself --- is made cheaper (which we hope enables more of these setups to happen for more gains from trade for everyone, also, moon and lambos).
(technology-wise, it's easier to make an n-of-n than a k-of-n, making a k-of-n would require a complex setup involving a long ritual with many communication rounds between the n participants, but an n-of-n can be done trivially with some moon math. You can, however, make what is effectively a 2-of-3 by using a three-branch SCRIPT: either 2-of-2 of you and seller, OR 2-of-2 of you and escrow, OR 2-of-2 of escrow and seller. Fortunately, Taproot adds a facility to embed a SCRIPT inside a public key, so you can have a 2-of-2 Taprooted address (between you and seller) with a SCRIPT branch that can instead be spent with 2-of-2 (you + escrow) OR 2-of-2 (seller + escrow), which implements the three-branched SCRIPT above. If neither of you are scammers (hopefully the common case) then you both sign using your keys and never have to contact the escrow, since you are just using the escrow public key without coordinating with them (because n-of-n is trivial but k-of-n requires setup with communication rounds), so in the "best case" where both of you are honest traders, you also get a privacy boost, in that the escrow never learns you have been trading on gewgaws, I mean ewww, gawgews are much better than gewgaws and therefore I now judge you for being a gewgaw enthusiast, you filthy gewgawer).

Taproot and Your Contracts, Part 2: Cryptographic Boogaloo

Now suppose you want to buy some data instead of things. For example, maybe you have some closed-source software in trial mode installed, and want to pay the developer for the full version. You want to pay for an activation code.
This can be done, today, by using an HTLC. The developer tells you the hash of the activation code. You pay to an HTLC, paying out to the developer if it reveals the preimage (the activation code), or refunding the money back to you after a pre-agreed timeout. If the developer claims the funds, it has to reveal the preimage, which is the activation code, and you can now activate your software. If the developer does not claim the funds by the timeout, you get refunded.
And you can do that, with HTLCs, today.
Of course, HTLCs do have problems:
Fortunately, with Schnorr (which is enabled by Taproot), we can now use the Scriptless Script constuction by Andrew Poelstra. This Scriptless Script allows a new construction, the PTLC or Pointlocked Timelocked Contract. Instead of hashes and preimages, just replace "hash" with "point" and "preimage" with "scalar".
Or as you might know them: "point" is really "public key" and "scalar" is really a "private key". What a PTLC does is that, given a particular public key, the pointlocked branch can be spent only if the spender reveals the private key of the given public key to you.
Another nice thing with PTLCs is that they are deniable. What appears onchain is just a single 2-of-2 signature between you and the developemanufacturer. It's like a magic trick. This signature has no special watermarks, it's a perfectly normal signature (the pledge). However, from this signature, plus some datta given to you by the developemanufacturer (known as the adaptor signature) you can derive the private key of a particular public key you both agree on (the turn). Anyone scraping the blockchain will just see signatures that look just like every other signature, and as long as nobody manages to hack you and get a copy of the adaptor signature or the private key, they cannot get the private key behind the public key (point) that the pointlocked branch needs (the prestige).
(Just to be clear, the public key you are getting the private key from, is distinct from the public key that the developemanufacturer will use for its funds. The activation key is different from the developer's onchain Bitcoin key, and it is the activation key whose private key you will be learning, not the developer's/manufacturer's onchain Bitcoin key).
So:
Taproot lets PTLCs exist onchain because they enable Schnorr, which is a requirement of PTLCs / Scriptless Script.
(technology-wise, take note that Scriptless Script works only for the "pointlocked" branch of the contract; you need normal Script, or a pre-signed nLockTimed transaction, for the "timelocked" branch. Since Taproot can embed a script, you can have the Taproot pubkey be a 2-of-2 to implement the Scriptless Script "pointlocked" branch, then have a hidden script that lets you recover the funds with an OP_CHECKLOCKTIMEVERIFY after the timeout if the seller does not claim the funds.)

Quantum Quibbles!

Now if you were really paying attention, you might have noticed this parenthetical:
(technical details: a Taproot output is 1 version byte + 32 byte public key, while a P2WPKH (bech32 singlesig) output is 1 version byte + 20 byte public key hash...)
So wait, Taproot uses raw 32-byte public keys, and not public key hashes? Isn't that more quantum-vulnerable??
Well, in theory yes. In practice, they probably are not.
It's not that hashes can be broken by quantum computes --- they're still not. Instead, you have to look at how you spend from a P2WPKH/P2PKH pay-to-public-key-hash.
When you spend from a P2PKH / P2WPKH, you have to reveal the public key. Then Bitcoin hashes it and checks if this matches with the public-key-hash, and only then actually validates the signature for that public key.
So an unconfirmed transaction, floating in the mempools of nodes globally, will show, in plain sight for everyone to see, your public key.
(public keys should be public, that's why they're called public keys, LOL)
And if quantum computers are fast enough to be of concern, then they are probably fast enough that, in the several minutes to several hours from broadcast to confirmation, they have already cracked the public key that is openly broadcast with your transaction. The owner of the quantum computer can now replace your unconfirmed transaction with one that pays the funds to itself. Even if you did not opt-in RBF, miners are still incentivized to support RBF on RBF-disabled transactions.
So the extra hash is not as significant a protection against quantum computers as you might think. Instead, the extra hash-and-compare needed is just extra validation effort.
Further, if you have ever, in the past, spent from the address, then there exists already a transaction indelibly stored on the blockchain, openly displaying the public key from which quantum computers can derive the private key. So those are still vulnerable to quantum computers.
For the most part, the cryptographers behind Taproot (and Bitcoin Core) are of the opinion that quantum computers capable of cracking Bitcoin pubkeys are unlikely to appear within a decade or two.
So:
For now, the homomorphic and linear properties of elliptic curve cryptography provide a lot of benefits --- particularly the linearity property is what enables Scriptless Script and simple multisignature (i.e. multisignatures that are just 1 signature onchain). So it might be a good idea to take advantage of them now while we are still fairly safe against quantum computers. It seems likely that quantum-safe signature schemes are nonlinear (thus losing these advantages).

Summary

I Wanna Be The Taprooter!

So, do you want to help activate Taproot? Here's what you, mister sovereign Bitcoin HODLer, can do!

But I Hate Taproot!!

That's fine!

Discussions About Taproot Activation

submitted by almkglor to Bitcoin [link] [comments]

[ Bitcoin ] Technical: Taproot: Why Activate?

Topic originally posted in Bitcoin by almkglor [link]
This is a follow-up on https://old.reddit.com/Bitcoin/comments/hqzp14/technical_the_path_to_taproot_activation/
Taproot! Everybody wants it!! But... you might ask yourself: sure, everybody else wants it, but why would I, sovereign Bitcoin HODLer, want it? Surely I can be better than everybody else because I swapped XXX fiat for Bitcoin unlike all those nocoiners?
And it is important for you to know the reasons why you, o sovereign Bitcoiner, would want Taproot activated. After all, your nodes (or the nodes your wallets use, which if you are SPV, you hopefully can pester to your wallet vendoimplementor about) need to be upgraded in order for Taproot activation to actually succeed instead of becoming a hot sticky mess.
First, let's consider some principles of Bitcoin.
I'm sure most of us here would agree that the above are very important principles of Bitcoin and that these are principles we would not be willing to remove. If anything, we would want those principles strengthened (especially the last one, financial privacy, which current Bitcoin is only sporadically strong with: you can get privacy, it just requires effort to do so).
So, how does Taproot affect those principles?

Taproot and Your /Coins

Most HODLers probably HODL their coins in singlesig addresses. Sadly, switching to Taproot would do very little for you (it gives a mild discount at spend time, at the cost of a mild increase in fee at receive time (paid by whoever sends to you, so if it's a self-send from a P2PKH or bech32 address, you pay for this); mostly a wash).
(technical details: a Taproot output is 1 version byte + 32 byte public key, while a P2WPKH (bech32 singlesig) output is 1 version byte + 20 byte public key hash, so the Taproot output spends 12 bytes more; spending from a P2WPKH requires revealing a 32-byte public key later, which is not needed with Taproot, and Taproot signatures are about 9 bytes smaller than P2WPKH signatures, but the 32 bytes plus 9 bytes is divided by 4 because of the witness discount, so it saves about 11 bytes; mostly a wash, it increases blockweight by about 1 virtual byte, 4 weight for each Taproot-output-input, compared to P2WPKH-output-input).
However, as your HODLings grow in value, you might start wondering if multisignature k-of-n setups might be better for the security of your savings. And it is in multisignature that Taproot starts to give benefits!
Taproot switches to using Schnorr signing scheme. Schnorr makes key aggregation -- constructing a single public key from multiple public keys -- almost as trivial as adding numbers together. "Almost" because it involves some fairly advanced math instead of simple boring number adding, but hey when was the last time you added up your grocery list prices by hand huh?
With current P2SH and P2WSH multisignature schemes, if you have a 2-of-3 setup, then to spend, you need to provide two different signatures from two different public keys. With Taproot, you can create, using special moon math, a single public key that represents your 2-of-3 setup. Then you just put two of your devices together, have them communicate to each other (this can be done airgapped, in theory, by sending QR codes: the software to do this is not even being built yet, but that's because Taproot hasn't activated yet!), and they will make a single signature to authorize any spend from your 2-of-3 address. That's 73 witness bytes -- 18.25 virtual bytes -- of signatures you save!
And if you decide that your current setup with 1-of-1 P2PKH / P2WPKH addresses is just fine as-is: well, that's the whole point of a softfork: backwards-compatibility; you can receive from Taproot users just fine, and once your wallet is updated for Taproot-sending support, you can send to Taproot users just fine as well!
(P2WPKH and P2WSH -- SegWit v0 -- addresses start with bc1q; Taproot -- SegWit v1 --- addresses start with bc1p, in case you wanted to know the difference; in bech32 q is 0, p is 1)
Now how about HODLers who keep all, or some, of their coins on custodial services? Well, any custodial service worth its salt would be doing at least 2-of-3, or probably something even bigger, like 11-of-15. So your custodial service, if it switched to using Taproot internally, could save a lot more (imagine an 11-of-15 getting reduced from 11 signatures to just 1!), which --- we can only hope! --- should translate to lower fees and better customer service from your custodial service!
So I think we can say, very accurately, that the Bitcoin principle --- that YOU are in control of your money --- can only be helped by Taproot (if you are doing multisignature), and, because P2PKH and P2WPKH remain validly-usable addresses in a Taproot future, will not be harmed by Taproot. Its benefit to this principle might be small (it mostly only benefits multisignature users) but since it has no drawbacks with this (i.e. singlesig users can continue to use P2WPKH and P2PKH still) this is still a nice, tidy win!
(even singlesig users get a minor benefit, in that multisig users will now reduce their blockchain space footprint, so that fees can be kept low for everybody; so for example even if you have your single set of private keys engraved on titanium plates sealed in an airtight box stored in a safe buried in a desert protected by angry nomads riding giant sandworms because you're the frickin' Kwisatz Haderach, you still gain some benefit from Taproot)
And here's the important part: if P2PKH/P2WPKH is working perfectly fine with you and you decide to never use Taproot yourself, Taproot will not affect you detrimentally. First do no harm!

Taproot and Your Contracts

No one is an island, no one lives alone. Give and you shall receive. You know: by trading with other people, you can gain expertise in some obscure little necessity of the world (and greatly increase your productivity in that little field), and then trade the products of your expertise for necessities other people have created, all of you thereby gaining gains from trade.
So, contracts, which are basically enforceable agreements that facilitate trading with people who you do not personally know and therefore might not trust.
Let's start with a simple example. You want to buy some gewgaws from somebody. But you don't know them personally. The seller wants the money, you want their gewgaws, but because of the lack of trust (you don't know them!! what if they're scammers??) neither of you can benefit from gains from trade.
However, suppose both of you know of some entity that both of you trust. That entity can act as a trusted escrow. The entity provides you security: this enables the trade, allowing both of you to get gains from trade.
In Bitcoin-land, this can be implemented as a 2-of-3 multisignature. The three signatories in the multisgnature would be you, the gewgaw seller, and the escrow. You put the payment for the gewgaws into this 2-of-3 multisignature address.
Now, suppose it turns out neither of you are scammers (whaaaat!). You receive the gewgaws just fine and you're willing to pay up for them. Then you and the gewgaw seller just sign a transaction --- you and the gewgaw seller are 2, sufficient to trigger the 2-of-3 --- that spends from the 2-of-3 address to a singlesig the gewgaw seller wants (or whatever address the gewgaw seller wants).
But suppose some problem arises. The seller gave you gawgews instead of gewgaws. Or you decided to keep the gewgaws but not sign the transaction to release the funds to the seller. In either case, the escrow is notified, and if it can sign with you to refund the funds back to you (if the seller was a scammer) or it can sign with the seller to forward the funds to the seller (if you were a scammer).
Taproot helps with this: like mentioned above, it allows multisignature setups to produce only one signature, reducing blockchain space usage, and thus making contracts --- which require multiple people, by definition, you don't make contracts with yourself --- is made cheaper (which we hope enables more of these setups to happen for more gains from trade for everyone, also, moon and lambos).
(technology-wise, it's easier to make an n-of-n than a k-of-n, making a k-of-n would require a complex setup involving a long ritual with many communication rounds between the n participants, but an n-of-n can be done trivially with some moon math. You can, however, make what is effectively a 2-of-3 by using a three-branch SCRIPT: either 2-of-2 of you and seller, OR 2-of-2 of you and escrow, OR 2-of-2 of escrow and seller. Fortunately, Taproot adds a facility to embed a SCRIPT inside a public key, so you can have a 2-of-2 Taprooted address (between you and seller) with a SCRIPT branch that can instead be spent with 2-of-2 (you + escrow) OR 2-of-2 (seller + escrow), which implements the three-branched SCRIPT above. If neither of you are scammers (hopefully the common case) then you both sign using your keys and never have to contact the escrow, since you are just using the escrow public key without coordinating with them (because n-of-n is trivial but k-of-n requires setup with communication rounds), so in the "best case" where both of you are honest traders, you also get a privacy boost, in that the escrow never learns you have been trading on gewgaws, I mean ewww, gawgews are much better than gewgaws and therefore I now judge you for being a gewgaw enthusiast, you filthy gewgawer).

Taproot and Your Contracts, Part 2: Cryptographic Boogaloo

Now suppose you want to buy some data instead of things. For example, maybe you have some closed-source software in trial mode installed, and want to pay the developer for the full version. You want to pay for an activation code.
This can be done, today, by using an HTLC. The developer tells you the hash of the activation code. You pay to an HTLC, paying out to the developer if it reveals the preimage (the activation code), or refunding the money back to you after a pre-agreed timeout. If the developer claims the funds, it has to reveal the preimage, which is the activation code, and you can now activate your software. If the developer does not claim the funds by the timeout, you get refunded.
And you can do that, with HTLCs, today.
Of course, HTLCs do have problems:
Fortunately, with Schnorr (which is enabled by Taproot), we can now use the Scriptless Script constuction by Andrew Poelstra. This Scriptless Script allows a new construction, the PTLC or Pointlocked Timelocked Contract. Instead of hashes and preimages, just replace "hash" with "point" and "preimage" with "scalar".
Or as you might know them: "point" is really "public key" and "scalar" is really a "private key". What a PTLC does is that, given a particular public key, the pointlocked branch can be spent only if the spender reveals the private key of the given private key to you.
Another nice thing with PTLCs is that they are deniable. What appears onchain is just a single 2-of-2 signature between you and the developemanufacturer. It's like a magic trick. This signature has no special watermarks, it's a perfectly normal signature (the pledge). However, from this signature, plus some datta given to you by the developemanufacturer (known as the adaptor signature) you can derive the private key of a particular public key you both agree on (the turn). Anyone scraping the blockchain will just see signatures that look just like every other signature, and as long as nobody manages to hack you and get a copy of the adaptor signature or the private key, they cannot get the private key behind the public key (point) that the pointlocked branch needs (the prestige).
(Just to be clear, the public key you are getting the private key from, is distinct from the public key that the developemanufacturer will use for its funds. The activation key is different from the developer's onchain Bitcoin key, and it is the activation key whose private key you will be learning, not the developer's/manufacturer's onchain Bitcoin key).
So:
Taproot lets PTLCs exist onchain because they enable Schnorr, which is a requirement of PTLCs / Scriptless Script.
(technology-wise, take note that Scriptless Script works only for the "pointlocked" branch of the contract; you need normal Script, or a pre-signed nLockTimed transaction, for the "timelocked" branch. Since Taproot can embed a script, you can have the Taproot pubkey be a 2-of-2 to implement the Scriptless Script "pointlocked" branch, then have a hidden script that lets you recover the funds with an OP_CHECKLOCKTIMEVERIFY after the timeout if the seller does not claim the funds.)

Quantum Quibbles!

Now if you were really paying attention, you might have noticed this parenthetical:
(technical details: a Taproot output is 1 version byte + 32 byte public key, while a P2WPKH (bech32 singlesig) output is 1 version byte + 20 byte public key hash...)
So wait, Taproot uses raw 32-byte public keys, and not public key hashes? Isn't that more quantum-vulnerable??
Well, in theory yes. In practice, they probably are not.
It's not that hashes can be broken by quantum computes --- they're still not. Instead, you have to look at how you spend from a P2WPKH/P2PKH pay-to-public-key-hash.
When you spend from a P2PKH / P2WPKH, you have to reveal the public key. Then Bitcoin hashes it and checks if this matches with the public-key-hash, and only then actually validates the signature for that public key.
So an unconfirmed transaction, floating in the mempools of nodes globally, will show, in plain sight for everyone to see, your public key.
(public keys should be public, that's why they're called public keys, LOL)
And if quantum computers are fast enough to be of concern, then they are probably fast enough that, in the several minutes to several hours from broadcast to confirmation, they have already cracked the public key that is openly broadcast with your transaction. The owner of the quantum computer can now replace your unconfirmed transaction with one that pays the funds to itself. Even if you did not opt-in RBF, miners are still incentivized to support RBF on RBF-disabled transactions.
So the extra hash is not as significant a protection against quantum computers as you might think. Instead, the extra hash-and-compare needed is just extra validation effort.
Further, if you have ever, in the past, spent from the address, then there exists already a transaction indelibly stored on the blockchain, openly displaying the public key from which quantum computers can derive the private key. So those are still vulnerable to quantum computers.
For the most part, the cryptographers behind Taproot (and Bitcoin Core) are of the opinion that quantum computers capable of cracking Bitcoin pubkeys are unlikely to appear within a decade or two.
So:
For now, the homomorphic and linear properties of elliptic curve cryptography provide a lot of benefits --- particularly the linearity property is what enables Scriptless Script and simple multisignature (i.e. multisignatures that are just 1 signature onchain). So it might be a good idea to take advantage of them now while we are still fairly safe against quantum computers. It seems likely that quantum-safe signature schemes are nonlinear (thus losing these advantages).

Summary

I Wanna Be The Taprooter!

So, do you want to help activate Taproot? Here's what you, mister sovereign Bitcoin HODLer, can do!

But I Hate Taproot!!

That's fine!

Discussions About Taproot Activation

almkglor your post has been copied because one or more comments in this topic have been removed. This copy will preserve unmoderated topic. If you would like to opt-out, please send a message using [this link].
[deleted comment]
[deleted comment]
[deleted comment]
submitted by anticensor_bot to u/anticensor_bot [link] [comments]

the year 2020 in Bitcoin Cash so far: a detailed history

the year 2020 in Bitcoin Cash so far: a detailed history
What follows at the bottom is a four page long chronological overview of what happened in BCH in 2020 so far. To make it more digestable and fun to read I start with my narrating of the story.
My attempt was to remain as objective as possible and "let the facts speak for themselve" with everything sourced. I also link to many read.cash articles, the decision of which are the important ones to include is certainly not easy, I count on the rest of the community if I overlooked anything important.

summary & my narrating of the story:
The year started out relatively calm, with cashfusion in "the news" and an older ongoing controversy between Amaury and Roger Ver being worked out. Starting Jan 22nd all debate broke loose with the announcement of “Infrastructure Funding Plan for Bitcoin Cash” by Jiang Zhuoer of BTC.TOP. To illustrate this point 2 days later coinspice ran the title " Roger Ver Praises Vigorous Debate, [...]" and 6 days, less than a week, later Chris Pacia made a read.cash post titled "The 253rd "Thoughts on developer funding" Article" which might have been only a slight exaggeration or he might have been counting. Part of the reason of the tsunami was the lack of worked out details. By the time of Pacia's post a lot had changed: Both BU, Bitcoin Verde and a group of miners had made announcements not to go along with "the plan".
On feb 1st, the second version of the IFP was announced by Jiang Zhuoer in a post “BCH miner donation plan update”. Two weeks later on Feb 15th, the third iteration was announced by Bitcoin ABC which was to be activated by hashrate voting and on the same day Flipstarter was introduced, a sign of the search for alternative solutions. After a few more days and a few more people coming out more against the IFP (including Jonald Fyookball, Mark Lundeberg & Josh Ellithorpe), BCHN was announced on feb 20th with a formal release a week later. Also feb 27th, the DAA was brought back into the conversation by Jonathan Toomim with his " The BCH difficulty adjustment algorithm is broken. Here's how to fix it." video. By early march the IFP was effectively dead with its author Jiang Zhuoer vowing to vote against it. This became clear to everyone when ABC, a day later sudddenly shifted gears towards non-protocol, donation based funding: the IFP was dead. End march ABCs 2020 Business Plan was announced as a way to raise $3.3 million. Mid april to mid may was the high time for voluntary funding with four node implementations and General Protocols, a BCH DeFi Startup successfully raising funds.
By May 15th, the 6th HF network upgrade things had pretty much cooled down. The upgraded included nothing controversial and even saw an unexpected doubling in the unconfirmed transaction chain. June 15th a month later things started to heat up again with the BCHN announcement to remove the "poison pill" or "automatic replay protection". 8th Jul Jonathan Toomim posted "BCH protocol upgrade proposal: Use ASERT as the new DAA" which promised the solution to the long dragging DAA problem. Jul 23th however an unexpected twist occurred when Amaury Séchet posted "Announcing the Grasberg DAA" an incompatible, alternative solution. This, again, sparked a ton of debate and discussion. Grasberg lasted just two weeks from Jul 23th to Aug 6th when ABC announced its plans for the november 2020 upgrade but it had successfully united the opposition in the meanwhile. ABCs plan for november included dropping grasberg in favour of aserti3–2d and introducing IFPv4. Now we're here August 8th, the IFP which was declared dead after just over a month (Jan 22-Mar 5) is now back in full force. The rest of the history is still being written but if p2p electronic cash is to succeed in any big regard it's very thinkable that these events will get into history books.

Important resources: coinspice IFP timeline & Compiled list of BCH Miner Dev Fund posts, articles, discussions

History
Jan 13th : “Do CoinJoins Really Require Equal Transaction Amounts for Privacy? Part One: CashFusion” article by BitcoinMagazine [source]
Jan 13th : “Clearing the Way for Cooperation” Read.cash article by Amaury Séchet [source] on the controversy with Roger Ver about the amount of donations over the years
Jan 22nd : “Infrastructure Funding Plan for Bitcoin Cash” IFPv1 announced by Jiang Zhuoer of BTC.TOP [source] IFPv1: 12.5% of BCH coinbase rewards which will last for 6 months through a Hong Kong-based corporation & to be activated on May 15th
Jan 22nd : ”Bitcoin Cash Developers React to Infrastructure Fund Announcement: Cautiously Optimistic” coinspice article including Amaury Séchet, Antony Zegers, Jonald Fyookball & Josh Ellithorpe [source]
Jan 23rd : Jiang Zhuoer reddit AMA [source] [coinspice article]
Jan 23rd : Vitalik weighs in with his take on twitter [source]
Jan 23rd :” On the infrastructure funding plan for Bitcoin Cash” article by Amaury Séchet [source] [coinspice article] in which he proposed to place control of the IFP key in his hands together with Jonald Fyookball and Antony Zegers. . A group of 7 to 12 miners, developers, and businessmen in total would get an advisory function.
Jan 24th : “Bitcoin.com's Clarifications on the Miner Development Fund“ which emphasizes, among other things, the temporary and reversible nature of the proposal [source] [coinspice article]
Jan 24th : “Little Known (But Important!) Facts About the Mining Plan” Read.cash article by Jonald Fyookball in which he defended the IFP and stressed its necessity and temporary nature.
Jan 25th : massive amounts of public debate as documented by coinspice [coinspice article] with Justin Bons, Tobias Ruck and Antony Zegers explaining their take on it.
Jan 26th : public debate continues: “Assessment and proposal re: the Bitcoin Cash infrastructure funding situation” Read.cash article by imaginary_username [source] which was noteworthy in part because the post earned over Earns $1,000+ in BCH [coinspice article] and “The Best Of Intentions: The Dev Tax Is Intended to Benefit Investors But Will Corrupt Us Instead” by Peter Rizun [source]
Jan 27th : “We are a group of miners opposing the BTC.TOP proposal, here's why” article on Read.cash [source] [reddit announcement]
Jan 27th : Bitcoin Unlimited's BUIP 143: Refuse the Coinbase Tax [source][reddit announcement]
Jan 28th : “Bitcoin Verde's Response to the Miner Sponsored Development Fund” read.cash article by Josh Green in which he explains “Bitcoin Verde will not be implementing any node validation that enforces new coinbase rules.” [source]
Jan 28th : “Update on Developer Funding” read.cash article from Bitcoin.com [source] in which they state “As it stands now, Bitcoin.com will not go through with supporting any plan unless there is more agreement in the ecosystem such that the risk of a chain split is negligible.” And that “any funding proposal must be temporary and reversible.” This announcement from bitcoin.com and their mining pool lead the anonymous opposition miners to stand down. [source]
Jan 28th : The 253rd "Thoughts on developer funding" Article – by Chris Pacia, to tackle the “serious misconceptions in the community about how software development works”. He ends on a note of support for the IFP because of lack of realistic alternatives. [source]
Feb 1st: “BCH miner donation plan update” IFPv2 announced by Jiang Zhuoer of BTC.TOP [source] Which changes the donation mechanism so miners directly send part of their coinbase to the projects they wants to donate to. It would be activated with hashrate voting over a 3-month period with a 2/3 in favour requirement. The proposal also introduces a pilot period and a no donation option, Jiang Zhuoer also says he regards 12.% as too much.
Feb 7th: Group of BCH miners led by AsicSeer voice scepticism about the IFP during a reddit AMA [source]
Feb 15th: “On the Miner Infrastructure Funding Plan” article by Bitcoin ABC [source] In which they announce they will implement IFPv3 in their upcoming 0.21.0 release. This version has amount reduced to 5% of block reward and will go in effect with BIP 9 hashratevoting and a whitelist with different projects.
Feb 15th : “Introducing Flipstarter” [source]
Feb 16th :” Bitcoin.com’s stance on the recent block reward diversion proposals” video by Roger Ver on the Bitcoin.com Official Channel. [source] > Ver called Zhuoer’s IFP “clever” but ultimately “problematic.” [coinspice article]
Feb 16th :” BCH miner donation plan update again” read.cash article by Jiang Zhuoer of BTC.TOP [source] In which he briefly outlines the details of IFPv3
Feb 17th : “Latest Thoughts On Infrastructure Mining Plan” post by Jonald Fyookball [source]
Feb 17th : “Regarding the Bitcoin Cash Infrastructure Funding Plan, I am certain now that it should be scrapped immediately.” tweet by Mark Lundeberg [source]
Feb 19th : “Thoughts on the IFP - A Dev Perspective“ read.cash article by Josh Ellithorpe [source]
Feb 20th : “Bitcoin Cash Node” post announcing the new node implementation [source]
Feb 20th : First “Bitcoin Cash Developer Meeting” After IFP Proposal [source]
Feb 24th : “Flipstarter 500k, 6 independent campaigns” post announcing the goal to “fund the BCH ecosystem with 6 independent campaigns and an overall 500,000 USD target” [source]
Feb 27th : BCHN Formally Released [source]
Feb 27th : “The BCH difficulty adjustment algorithm is broken. Here's how to fix it.” Video by Jonathan Toomim [source]
Mar 3th :” Bitcoin Cash Node 2020: plans for May upgrade and beyond” post by BCHN [source]
Mar 4th :”Author of the Bitcoin Cash IFP [Jiang Zhuoer] Vows to Vote Against It, Using Personal Hash in Opposition” [source]
Mar 5th :Bitcoin ABC announces their 2020 Business Plan Fundraising for later in march [source]
Mar 15th : “EatBCH campaign funded! Next: node campaigns.” campaign funded after 11 hours [source]
Mar 30th : Bitcoin ABC 2020 Business Plan [source] $3.3 Million Fundraiser [source]
Apr 17th : Five flipstarter node campaign launched. [source]
Apr 26th : BCHN flipstarter campaign successfully funded. [source]
Apr 27th : VERDE flipstarter campaign successfully funded. [source]
May 4th : KNUTH flipstarter campaign successfully funded. [source]
May 7th : “BCH DeFi Startup General Protocols Raises Over $1 mil“ [source]
May 8th : BCHD flipstarter campaign successfully funded. [source]
May 9th : Deadline for node campaigns, ABC flipstarter campaign not funded. [source]
May 14th : “With IFP Defeated, Bitcoin ABC, ViaBTC & CoinEX CEO Publicly Consider a Bitcoin Cash Foundation” [source]
May 15th : deadline for ABC fundraiser campaign, ends at 55% completed. [source]
May 15th : 6th HF network upgrade -> new opcode op_Reversebytes, increased of the chained transaction limit from 25 to 50, and the improved counting of signature operations using the new “Sigchecks” implementation [source] with the “Controversial Funding Plan Rejected by Miners” [source]
May 25th : “Announcing the SLP Foundation” [source]
Jun 15st : “BCHN lead maintainer report 2020-06-15” announcement to remove the Automatic Replay Protection (a.k.a. the Poison Pill) from BCHN in november [source]
Jun 16st : “So [BCHN] is going to fork off from BCH at the next upgrade. Same old story. […]” tweeted Vin Armani [source]
Jun 21st : “Why Automatic Replay Protection Exists” post by Shammah Chancellor [source]
Jul 7th : “The Popular Stablecoin Tether Is Now Circulating on the Bitcoin Cash Network” [source]
Jul 8th : “BCH protocol upgrade proposal: Use ASERT as the new DAA” post by Jonathan Toomim [source]
Jul 18th : “$6M Worth of Tether on the Bitcoin Cash Chain Highlights the Benefits of SLP Tokens” [source]
Jul 23th : “Announcing the Grasberg DAA” post by Amaury Séchet[source]
Jul 24th : “Thoughts on Grasberg DAA” post by Mark Lundeberg [source]
Jul 29th : CashFusion security audit has been completed [source]
Jul 31st : Electron Cash 4.1.0 release with CashFusion support [source]
4th year, august 2020 – 2021
Aug 1st : “Bitcoin Cash: Scaling the Globe“ Online conference for ForkDay Celebration [source]
Aug 2nd : >“Is there going to be a fork between ABC and BCHN?” > “IMO it is very likely. If not in November, then next May.” – Amaury Séchet
Aug 3rd : “Dark secrets of the Grasberg DAA” post by Jonathan Toomim [source]
Aug 3rd : “Joint Statement On aserti3-2d Algorithm“ post by General Protocols, including Cryptophyl, Read.cash, Software Verde & SpinBCH [source]
Aug 3rd : Knuth announces they will be implementing aserti3-2d as DAA for november. [source]
Aug 3rd : Amaury rage quit from the developer call [source]
Aug 4th : “But why do people care about compensating for historical drift? Seems like a tiny problem and if it's causing this much social discord it seems not even worth bothering to try to fix.” Tweet by Vitalik [source]
Aug 5th : “Bitcoin Cash (BCH) November 2020 Upgrade statement” signed by BCHD, electron cash, VERDE, BU members, BCHN developers, Jonathan Toomim, Mark B. Lundeberg and many others [source]
Aug 5th : “BCHN FAQ on November 2020 Bitcoin Cash network upgrade” [source]
Aug 6th : “Bitcoin ABC’s plan for the November 2020 upgrade” [source] the announcement that they will drop Grasberg in favour of aserti3–2d (ASERT) and will also include FPv4 in which 8% of the blockreward goes to ABC as development funding.
Aug 7th : “Joint Statement from BCH Miners regarding Bitcoin ABC and the November 2020 BCH Upgrade.” Read.cash article by asicseer [source] stating “Over recent months, most miners and pools have switched to BCHN, and presently operate a majority of BCH hashrate.”
Aug 7th : “Simple Ledger Protocol's Joint Statement Regarding Bitcoin ABC on BCH's November 2020 Upgrade” read.cash post by the SLP-Foundation [source]
submitted by Mr-Zwets to btc [link] [comments]

Groestlcoin 6th Anniversary Release

Introduction

Dear Groestlers, it goes without saying that 2020 has been a difficult time for millions of people worldwide. The groestlcoin team would like to take this opportunity to wish everyone our best to everyone coping with the direct and indirect effects of COVID-19. Let it bring out the best in us all and show that collectively, we can conquer anything.
The centralised banks and our national governments are facing unprecedented times with interest rates worldwide dropping to record lows in places. Rest assured that this can only strengthen the fundamentals of all decentralised cryptocurrencies and the vision that was seeded with Satoshi's Bitcoin whitepaper over 10 years ago. Despite everything that has been thrown at us this year, the show must go on and the team will still progress and advance to continue the momentum that we have developed over the past 6 years.
In addition to this, we'd like to remind you all that this is Groestlcoin's 6th Birthday release! In terms of price there have been some crazy highs and lows over the years (with highs of around $2.60 and lows of $0.000077!), but in terms of value– Groestlcoin just keeps getting more valuable! In these uncertain times, one thing remains clear – Groestlcoin will keep going and keep innovating regardless. On with what has been worked on and completed over the past few months.

UPDATED - Groestlcoin Core 2.18.2

This is a major release of Groestlcoin Core with many protocol level improvements and code optimizations, featuring the technical equivalent of Bitcoin v0.18.2 but with Groestlcoin-specific patches. On a general level, most of what is new is a new 'Groestlcoin-wallet' tool which is now distributed alongside Groestlcoin Core's other executables.
NOTE: The 'Account' API has been removed from this version which was typically used in some tip bots. Please ensure you check the release notes from 2.17.2 for details on replacing this functionality.

How to Upgrade?

Windows
If you are running an older version, shut it down. Wait until it has completely shut down (which might take a few minutes for older versions), then run the installer.
OSX
If you are running an older version, shut it down. Wait until it has completely shut down (which might take a few minutes for older versions), run the dmg and drag Groestlcoin Core to Applications.
Ubuntu
http://groestlcoin.org/forum/index.php?topic=441.0

Other Linux

http://groestlcoin.org/forum/index.php?topic=97.0

Download

Download the Windows Installer (64 bit) here
Download the Windows Installer (32 bit) here
Download the Windows binaries (64 bit) here
Download the Windows binaries (32 bit) here
Download the OSX Installer here
Download the OSX binaries here
Download the Linux binaries (64 bit) here
Download the Linux binaries (32 bit) here
Download the ARM Linux binaries (64 bit) here
Download the ARM Linux binaries (32 bit) here

Source

ALL NEW - Groestlcoin Moonshine iOS/Android Wallet

Built with React Native, Moonshine utilizes Electrum-GRS's JSON-RPC methods to interact with the Groestlcoin network.
GRS Moonshine's intended use is as a hot wallet. Meaning, your keys are only as safe as the device you install this wallet on. As with any hot wallet, please ensure that you keep only a small, responsible amount of Groestlcoin on it at any given time.

Features

Download

iOS
Android

Source

ALL NEW! – HODL GRS Android Wallet

HODL GRS connects directly to the Groestlcoin network using SPV mode and doesn't rely on servers that can be hacked or disabled.
HODL GRS utilizes AES hardware encryption, app sandboxing, and the latest security features to protect users from malware, browser security holes, and even physical theft. Private keys are stored only in the secure enclave of the user's phone, inaccessible to anyone other than the user.
Simplicity and ease-of-use is the core design principle of HODL GRS. A simple recovery phrase (which we call a Backup Recovery Key) is all that is needed to restore the user's wallet if they ever lose or replace their device. HODL GRS is deterministic, which means the user's balance and transaction history can be recovered just from the backup recovery key.

Features

Download

Main Release (Main Net)
Testnet Release

Source

ALL NEW! – GroestlcoinSeed Savior

Groestlcoin Seed Savior is a tool for recovering BIP39 seed phrases.
This tool is meant to help users with recovering a slightly incorrect Groestlcoin mnemonic phrase (AKA backup or seed). You can enter an existing BIP39 mnemonic and get derived addresses in various formats.
To find out if one of the suggested addresses is the right one, you can click on the suggested address to check the address' transaction history on a block explorer.

Features

Live Version (Not Recommended)

https://www.groestlcoin.org/recovery/

Download

https://github.com/Groestlcoin/mnemonic-recovery/archive/master.zip

Source

ALL NEW! – Vanity Search Vanity Address Generator

NOTE: NVidia GPU or any CPU only. AMD graphics cards will not work with this address generator.
VanitySearch is a command-line Segwit-capable vanity Groestlcoin address generator. Add unique flair when you tell people to send Groestlcoin. Alternatively, VanitySearch can be used to generate random addresses offline.
If you're tired of the random, cryptic addresses generated by regular groestlcoin clients, then VanitySearch is the right choice for you to create a more personalized address.
VanitySearch is a groestlcoin address prefix finder. If you want to generate safe private keys, use the -s option to enter your passphrase which will be used for generating a base key as for BIP38 standard (VanitySearch.exe -s "My PassPhrase" FXPref). You can also use VanitySearch.exe -ps "My PassPhrase" which will add a crypto secure seed to your passphrase.
VanitySearch may not compute a good grid size for your GPU, so try different values using -g option in order to get the best performances. If you want to use GPUs and CPUs together, you may have best performances by keeping one CPU core for handling GPU(s)/CPU exchanges (use -t option to set the number of CPU threads).

Features

Usage

https://github.com/Groestlcoin/VanitySearch#usage

Download

Source

ALL NEW! – Groestlcoin EasyVanity 2020

Groestlcoin EasyVanity 2020 is a windows app built from the ground-up and makes it easier than ever before to create your very own bespoke bech32 address(es) when whilst not connected to the internet.
If you're tired of the random, cryptic bech32 addresses generated by regular Groestlcoin clients, then Groestlcoin EasyVanity2020 is the right choice for you to create a more personalised bech32 address. This 2020 version uses the new VanitySearch to generate not only legacy addresses (F prefix) but also Bech32 addresses (grs1 prefix).

Features

Download

Source

Remastered! – Groestlcoin WPF Desktop Wallet (v2.19.0.18)

Groestlcoin WPF is an alternative full node client with optional lightweight 'thin-client' mode based on WPF. Windows Presentation Foundation (WPF) is one of Microsoft's latest approaches to a GUI framework, used with the .NET framework. Its main advantages over the original Groestlcoin client include support for exporting blockchain.dat and including a lite wallet mode.
This wallet was previously deprecated but has been brought back to life with modern standards.

Features

Remastered Improvements

Download

Source

ALL NEW! – BIP39 Key Tool

Groestlcoin BIP39 Key Tool is a GUI interface for generating Groestlcoin public and private keys. It is a standalone tool which can be used offline.

Features

Download

Windows
Linux :
 pip3 install -r requirements.txt python3 bip39\_gui.py 

Source

ALL NEW! – Electrum Personal Server

Groestlcoin Electrum Personal Server aims to make using Electrum Groestlcoin wallet more secure and more private. It makes it easy to connect your Electrum-GRS wallet to your own full node.
It is an implementation of the Electrum-grs server protocol which fulfils the specific need of using the Electrum-grs wallet backed by a full node, but without the heavyweight server backend, for a single user. It allows the user to benefit from all Groestlcoin Core's resource-saving features like pruning, blocks only and disabled txindex. All Electrum-GRS's feature-richness like hardware wallet integration, multi-signature wallets, offline signing, seed recovery phrases, coin control and so on can still be used, but connected only to the user's own full node.
Full node wallets are important in Groestlcoin because they are a big part of what makes the system be trust-less. No longer do people have to trust a financial institution like a bank or PayPal, they can run software on their own computers. If Groestlcoin is digital gold, then a full node wallet is your own personal goldsmith who checks for you that received payments are genuine.
Full node wallets are also important for privacy. Using Electrum-GRS under default configuration requires it to send (hashes of) all your Groestlcoin addresses to some server. That server can then easily spy on your transactions. Full node wallets like Groestlcoin Electrum Personal Server would download the entire blockchain and scan it for the user's own addresses, and therefore don't reveal to anyone else which Groestlcoin addresses they are interested in.
Groestlcoin Electrum Personal Server can also broadcast transactions through Tor which improves privacy by resisting traffic analysis for broadcasted transactions which can link the IP address of the user to the transaction. If enabled this would happen transparently whenever the user simply clicks "Send" on a transaction in Electrum-grs wallet.
Note: Currently Groestlcoin Electrum Personal Server can only accept one connection at a time.

Features

Download

Windows
Linux / OSX (Instructions)

Source

UPDATED – Android Wallet 7.38.1 - Main Net + Test Net

The app allows you to send and receive Groestlcoin on your device using QR codes and URI links.
When using this app, please back up your wallet and email them to yourself! This will save your wallet in a password protected file. Then your coins can be retrieved even if you lose your phone.

Changes

Download

Main Net
Main Net (FDroid)
Test Net

Source

UPDATED – Groestlcoin Sentinel 3.5.06 (Android)

Groestlcoin Sentinel is a great solution for anyone who wants the convenience and utility of a hot wallet for receiving payments directly into their cold storage (or hardware wallets).
Sentinel accepts XPUB's, YPUB'S, ZPUB's and individual Groestlcoin address. Once added you will be able to view balances, view transactions, and (in the case of XPUB's, YPUB's and ZPUB's) deterministically generate addresses for that wallet.
Groestlcoin Sentinel is a fork of Groestlcoin Samourai Wallet with all spending and transaction building code removed.

Changes

Download

Source

UPDATED – P2Pool Test Net

Changes

Download

Pre-Hosted Testnet P2Pool is available via http://testp2pool.groestlcoin.org:21330/static/

Source

submitted by Yokomoko_Saleen to groestlcoin [link] [comments]

How SegWit Decapitated Bitcoin, and how Bitcoin Cash resurrected Bitcoin before it was too late.

Segregated Witness (SegWit) effectively breaks the existing transaction structure of Bitcoin in order to create 2 transaction IDs instead of 1, and in order to run "future signature scripts" - scripts that aren't defined in the original Bitcoin protocol or whitepaper.
Despite the issue with signature hashes being slightly different potentially being a feature of Bitcoin to reduce second-layer dependency or crutches, this inability to be malleable was targeted as the prime problem with Bitcoin, and that's what lead to Segregated Witness AKA the Decapitation of Bitcoin as well as hardcore Bitcoin enthusiasts and developers who were paying attention to duplicate (fork) the open-source software before it was modified irreversibly by activating SegWit.
There is no need for 2 IDs but this was done in the name of expanding Bitcoin via "second-layer solutions" because, "Bitcoin doesn't work", "It can't scale", and "It has malleability issues" among other supposed issues - All of which are demonstrably false (every day) with Bitcoin Cash. Meanwhile the old chain IDs live on in a ghostly form but they have been rendered utterly meaningless according to the new SegWit scripts.
According to the specification of SegWit (and SegWit users here often outright deny) "signature data [now] becomes optional". Signature data, the data that is required and described by Bitcoin as a fundamental building block as part of the process of verifying transaction data as it is propagated to the network.
Bitcoin uses something called a Elliptical Curve Digital Signature Algorithm: https://en.wikipedia.org/wiki/Elliptic_Curve_Digital_Signature_Algorithm - with SegWit the signature data is separated out from the transactions: "This BIP defines a new structure called a "witness" that is committed to blocks separately from the transaction merkle tree." See for yourself: with SegWit, "signature data is no longer part of the transaction hash" source.
Segwit is "removing this data from the transaction structure committed to the transaction merkle tree" source.
Making transaction structure more modifiable/malleable was presented as making it easier to expand with future software (such as lightning and schnorr, etc) by Blockstream et al. To make it modifiable transaction IDs are tied together, it does this by instead creating TWO transaction IDs and tying them together with a Segregated Witness script..."A new data structure, witness, is defined. Each transaction will have 2 IDs. " source and the witness ID references the original like a mirror copy.
In its own words: "how the transaction was signed are no longer relevant to transaction identification". This effectively makes a ghost chain that continues on as if it is still alive and SegWit takes over. It appears as though that Bitcoin chain is alive but it is, in fact, long dead.
"It allows creation of unconfirmed transaction dependency chains" [... in other words, chains that aren't really Bitcoin ...] "an important feature for offchain protocols such as the Lightning Network". It forces Bitcoin to rely on second-layer solutions, and even calls them dependency chains.
"Since a version byte is pushed before a witness program, and programs with unknown versions are always considered as anyone-can-spend script, it is possible to introduce any new script system with a soft fork." - so essentially the old chain would be able to become effectively deprecated ... was this really a good thing? was there really a problem to be fixed? did we want any new script system like SegWit to define the new blockchain from now on?
Micro-transactions and near instant transactions with extremely low fees are happening daily already with Bitcoin Cash with zero issues and Bitcoin Cash now has 32MB blocks (Instead of 1MB/2MB) without an unnecessary change to transaction data or signature scripts making it fully scale-able. Bitcoin Cash is Bitcoin. Bitcoin Cash continues the legacy of Bitcoin on a daily basis, while SegWit has effectively decapitated the Bitcoin chain moving everyone over to SegWit. Segregated Witness was a takeover of the old chain signature scripts (or rules) with the new ones that don't actually disable the old methods and system but also don't allow any Devs to go back and work with the old scripts anymore, they're considered completely irrelevant now. The document referenced in this post describes the Bitcoin protocol as "current protocol" and then explains the new SegWit "consensus layer", it is the "official Bitcoin Improvement Proposal" (BIP) document that describes an already complete change to the transaction structure that changes Bitcoin forever.
This effectively kills Bitcoin as you know it. Bitcoin has been decapitated. From now on it is SegWit and second-layer or nothing. It forces Bitcoin Devs to work with the new Segregated Witness IDs from now on, or be forgotten, and of course Bitcoin Cash Devs were having none of that. Thankfully they duplicated the entire project before SegWit was activated and continued the Bitcoin legacy through Bitcoin Cash without the needless extra transaction ID ties.
Bitcoin SegWit Devs are now forced to use the new Segregated Witness protocol and any future scripts must run according to the Segregated Witness procotol that has the wtxid and 2 transaction ID format. Not long from now the original txid will likely be deprecated and the ashes scattered into the wind and everything will move over to just using wtxid... and Lightning, Bitcoin SegWit Devs will probably still be called Bitcoin Devs but in reality they are Lightning Devs along with contributing to all the dangers of using second-layer solutions moving forward. This is fairly obvious because, those "old" signature scripts are still being used today with no issues by Bitcoin Cash just fine. Bitcoin Cash has resurrected Bitcoin and the same Bitcoin developer community that was there in the start is now being revived from the ashes in all the hundreds of ecosystem developments over the last few months, by Bitcoin Cash.
submitted by crockscream to btc [link] [comments]

r/Bitcoin recap - February 2018

Hi Bitcoiners!
I’m back with the fourteenth monthly Bitcoin news recap.
For those unfamiliar, each day I pick out the most popularelevant/interesting stories in Bitcoin and save them. At the end of the month I release them in one batch, to give you a quick (but not necessarily the best) overview of what happened in bitcoin over the past month.
You can see recaps of the previous months on Bitcoinsnippets.com
A recap of Bitcoin in February 2018
submitted by SamWouters to Bitcoin [link] [comments]

16 Reasons to Buy DGB

This was posted by someone on Trading View.
https://www.tradingview.com/chart/DGBUSD/b7CtJtUS-16-Reasons-to-Buy-DGB-Today-and-Hold-as-a-Long-Term-Investment/
We live in a unique time like none other. Digital assets are disrupting the financial sector. The invention of blockchain is just as important as the invention of the internet. There are hundreds of digital assets to choose from in today's market. Some are great investments but most will fail. Let's make the case for Digibyte as a solid investment. This list is not in order of importance and isn't exhaustive. Please forgive the redundancy since I've mentioned some of these arguments in previous posts. Consider the following arguments.
  1. We are at a relative bottom on USD and BTC -0.17% charts. Under no circumstances should we purchase an alt coin at its peak. Always buy at the bottom!
  2. Clear signs of a reversal are evident on the USD chart. Our current USD value has more than doubled in the last 30 days.
  3. We will be at $10 by May of 2019 if and only if we respect the right leg of the triangle. The graph featured is a weekly log chart of Digibyte in USD. The first wave took us to the all time high. The second wave completed its retracement when it touched the right leg of the triangle. The third wave should take us to the left leg of the triangle where it will touch for the 4th time. The 4th touch will take us to at least $0.16.
  4. Great divergence exists between the USD and BTC -0.17% charts on https://coinmarketcap.com/currencies/digibyte/. This can be clearly seen when you select log scale. Expect massive gains in value when such divergence exists! Consider what happened to the price from Jan - Feb and Sep - Oct of 2015.
  5. We have recently been listed on Yahoo -0.26% Finance (https://finance.yahoo.com/quote/DGB-USD?p=DGB-USD). Notice that Digibyte is paired with 10 different currencies. I personally think that this is huge since it will attract the attention of mainstream investors.
  6. We have recently been added to Ledger Nano S and Blue. This allows users to store their Digibytes on a hardware wallet. This is a significant and meaningful accomplishment which sets us apart from other digital assets (https://ledger.zendesk.com/hc/en-us/articles/115003917093-How-to-install-and-use-Digibyte-with-Ledger).
  7. We didn't spring up overnight. We have been around for over 4 years. Our technology has been tried, tested, and proven.
  8. We forked from the BTC -0.17% protocol. So the base code isn't original to us. However, we have not sat idly by over the last 4 years. Rather, our developers have proactively enhanced the original code by solving some of the most important problems that plague Bitcoin -0.17% and other digital assets.
  9. We anticipated the astronomical cost for a Bitcoin -0.17% micro transaction. Our fee for a single transaction is slightly more than one cent!
  10. We are the fastest digital asset on the market! If you don't believe that then put us to the test and try for yourself. We'll be able to process 280,000 transactions per second by 2035 since our block size doubles every two years. Therefore, you won't be plagued by unconfirmed transactions like with Bitcoin -0.17% . You will have your Digibytes in a few minutes and they will be spendable.
  11. We are the longest blockchain in existence at over 5 million blocks with 15 second block times.
  12. We are the most decentralized mineable blockchain in the market since we are on over a 100,000 nodes. Therefore, we are more distributed than Bitcoin -0.17% or other digital assets.
  13. We pioneered Digishield which is used to protect more than 25 alt coins from a malicious attack.
  14. We were the second digital asset to activate Segwit which will allow for atomic swaps. And, we did so without a contentious hard fork with full support of our 65,000 community members.
  15. Our community is growing rapidly. We have over 65k followers on Twitter.
  16. We use 5 mining algorithms to prevent centralization and protect against a 51% attack. Currently, the community is discussing a hard fork which will swap out an algorithm for another to prevent ASIC -90.00% mining centralization.
submitted by ycagel to Digibyte [link] [comments]

The Mike Hearn Show: Season Finale (and Bitcoin Classic: Series Premiere)

This post debunks Mike Hearn's conspiracy theories RE Blockstream in his farewell post and points out issues with the behavior of the Bitcoin Classic hard fork and sketchy tactics of its advocates
I used to be torn on how to judge Mike Hearn. On the one hand he has done some good work with BitcoinJ, Lighthouse etc. Certainly his choice of bloom filter has had a net negative effect on the privacy of SPV users, but all in all it works as advertised.* On the other hand, he has single handedly advocated for some of the most alarming behavior changes in the Bitcoin network (e.g. redlists, coinbase reallocation, BIP101 etc...) to date. Not to mention his advocacy in the past year has degraded from any semblance of professionalism into an adversarial us-vs-them propaganda train. I do not believe his long history with the Bitcoin community justifies this adversarial attitude.
As a side note, this post should not be taken as unabated support for Bitcoin Core. Certainly the dev team is made of humans and like all humans mistakes can be made (e.g. March 2013 fork). Some have even engaged in arguably unprofessional behavior but I have not yet witnessed any explicitly malicious activity from their camp (q). If evidence to the contrary can be provided, please share it. Thankfully the development of Bitcoin Core happens more or less completely out in the open; anyone can audit and monitor the goings on. I personally check the repo at least once a day to see what work is being done. I believe that the regular committers are genuinely interested in the overall well being of the Bitcoin network and work towards the common goal of maintaining and improving Core and do their best to juggle the competing interests of the community that depends on them. That is not to say that they are The Only Ones; for the time being they have stepped up to the plate to do the heavy lifting. Until that changes in some way they have my support.
The hard line that some of the developers have drawn in regards to the block size has caused a serious rift and this write up is a direct response to oft-repeated accusations made by Mike Hearn and his supporters about members of the core development team. I have no affiliations or connection with Blockstream, however I have met a handful of the core developers, both affiliated and unaffiliated with Blockstream.
Mike opens his farewell address with his pedigree to prove his opinion's worth. He masterfully washes over the mountain of work put into improving Bitcoin Core over the years by the "small blockians" to paint the picture that Blockstream is stonewalling the development of Bitcoin. The folks who signed Greg's scalability road map have done some of the most important, unsung work in Bitcoin. Performance improvements, privacy enhancements, increased reliability, better sync times, mempool management, bandwidth reductions etc... all those things are thanks to the core devs and the research community (e.g. Christian Decker), many of which will lead to a smoother transition to larger blocks (e.g. libsecp256k1).(1) While ignoring previous work and harping on the block size exclusively, Mike accuses those same people who have spent countless hours working on the protocol of trying to turn Bitcoin into something useless because they remain conservative on a highly contentious issue that has tangible effects on network topology.
The nature of this accusation is characteristic of Mike's attitude over the past year which marked a shift in the block size debate from a technical argument to a personal one (in tandem with DDoS and censorship in /Bitcoin and general toxicity from both sides). For example, Mike claimed that sidechains constitutes a conflict of interest, as Blockstream employees are "strongly incentivized to ensure [bitcoin] works poorly and never improves" despite thousands of commits to the contrary. Many of these commits are top down rewrites of low level Bitcoin functionality, not chump change by any means. I am not just "counting commits" here. Anyways, Blockstream's current client base consists of Bitcoin exchanges whose future hinges on the widespread adoption of Bitcoin. The more people that use Bitcoin the more demand there will be for sidechains to service the Bitcoin economy. Additionally, one could argue that if there was some sidechain that gained significant popularity (hundreds of thousands of users), larger blocks would be necessary to handle users depositing and withdrawing funds into/from the sidechain. Perhaps if they were miners and core devs at the same time then a conflict of interest on small blocks would be a more substantive accusation (create artificial scarcity to increase tx fees). The rational behind pricing out the Bitcoin "base" via capacity constraint to increase their business prospects as a sidechain consultancy is contrived and illogical. If you believe otherwise I implore you to share a detailed scenario in your reply so I can see if I am missing something.
Okay, so back to it. Mike made the right move when Core would not change its position, he forked Core and gave the community XT. The choice was there, most miners took a pass. Clearly there was not consensus on Mike's proposed scaling road map or how big blocks should be rolled out. And even though XT was a failure (mainly because of massive untested capacity increases which were opposed by some of the larger pools whose support was required to activate the 75% fork), it has inspired a wave of implementation competition. It should be noted that the censorship and attacks by members of /Bitcoin is completely unacceptable, there is no excuse for such behavior. While theymos is entitled to run his subreddit as he sees fit, if he continues to alienate users there may be a point of mass exodus following some significant event in the community that he tries to censor. As for the DDoS attackers, they should be ashamed of themselves; it is recommended that alt. nodes mask their user agents.
Although Mike has left the building, his alarmist mindset on the block size debate lives on through Bitcoin Classic, an implementation which is using a more subtle approach to inspire adoption, as jtoomim cozies up with miners to get their support while appealing to the masses with a call for an adherence to Satoshi's "original vision for Bitcoin." That said, it is not clear that he is competent enough to lead the charge on the maintenance/improvement of the Bitcoin protocol. That leaves most of the heavy lifting up to Gavin, as Jeff has historically done very little actual work for Core. We are thus in a potentially more precarious situation then when we were with XT, as some Chinese miners are apparently "on board" for a hard fork block size increase. Jtoomim has expressed a willingness to accept an exceptionally low (60 or 66%) consensus threshold to activate the hard fork if necessary. Why? Because of the lost "opportunity cost" of the threshold not being reached.(c) With variance my guess is that a lucky 55% could activate that 60% threshold. That's basically two Chinese miners. I don't mean to attack him personally, he is just willing to go down a path that requires the support of only two major Chinese mining pools to activate his hard fork. As a side effect of the latency issues of GFW, a block size increase might increase orphan rate outside of GFW, profiting the Chinese pools. With a 60% threshold there is no way for miners outside of China to block that hard fork.
To compound the popularity of this implementation, the efforts of Mike, Gavin and Jeff have further blinded many within the community to the mountain of effort that core devs have put in. And it seems to be working, as they are beginning to successfully ostracize the core devs beyond the network of "true big block-believers." It appears that Chinese miners are getting tired of the debate (and with it Core) and may shift to another implementation over the issue.(d) Some are going around to mining pools and trying to undermine Core's position in the soft vs. hard fork debate. These private appeals to the miner community are a concern because there is no way to know if bad information is being passed on with the intent to disrupt Core's consensus based approach to development in favor of an alternative implementation controlled (i.e. benevolent dictator) by those appealing directly to miners. If the core team is reading this, you need to get out there and start pushing your agenda so the community has a better understanding of what you all do every day and how important the work is. Get some fancy videos up to show the effects of block size increase and work on reading materials that are easy for non technically minded folk to identify with and get behind.
The soft fork debate really highlights the disingenuity of some of these actors. Generally speaking, soft forks are easier on network participants who do not regularly keep up with the network's software updates or have forked the code for personal use and are unable to upgrade in time, while hard forks require timely software upgrades if the user hopes to maintain consensus after a hardfork. The merits of that argument come with heavy debate. However, more concerning is the fact that hard forks require central planning and arguably increase the power developers have over changes to the protocol.(2) In contrast, the 'signal of readiness' behavior of soft forks allows the network to update without any hardcoded flags and developer oversight. Issues with hard forks are further compounded by activation thresholds, as soft forks generally require 95% consensus while Bitcoin Classic only calls for 60-75% consensus, exposing network users to a greater risk of competing chains after the fork. Mike didn't want to give the Chinese any more power, but now the post XT fallout has pushed the Chinese miners right into the Bitcoin Classic drivers seat.
While a net split did happen briefly during the BIP66 soft fork, imagine that scenario amplified by miners who do not agree to hard fork changes while controlling 25-40% of the networks hashing power. Two actively mined chains with competing interests, the Doomsday Scenario. With a 5% miner hold out on a soft fork, the fork will constantly reorg and malicious transactions will rarely have more than one or two confirmations.(b) During a soft fork, nodes can protect themselves from double spends by waiting for extra confirmations when the node alerts the user that a ANYONECANSPEND transaction has been seen. Thus, soft forks give Bitcoin users more control over their software (they can choose to treat a softfork as a soft fork or a soft fork as a hardfork) which allows for greater flexibility on upgrade plans for those actively maintaining nodes and other network critical software. (2) Advocating for a low threshold hard forks is a step in the wrong direction if we are trying to limit the "central planning" of any particular implementation. However I do not believe that is the main concern of the Bitcoin Classic devs.
To switch gears a bit, Mike is ironically concerned China "controls" Bitcoin, but wanted to implement a block size increase that would only increase their relative control (via increased orphans). Until the p2p wire protocol is significantly improved (IBLT, etc...), there is very little room (if any at all) to raise the block size without significantly increasing orphan risk. This can be easily determined by looking at jtoomim's testnet network data that passed through normal p2p network, not the relay network.(3) In the mean time this will only get worse if no one picks up the slack on the relay network that Matt Corallo is no longer maintaining. (4)
Centralization is bad regardless of the block size, but Mike tries to conflate the centralization issues with the Blockstream block size side show for dramatic effect. In retrospect, it would appear that the initial lack of cooperation on a block size increase actually staved off increases in orphan risk. Unfortunately, this centralization metric will likely increase with the cooperation of Chinese miners and Bitcoin Classic if major strides to reduce orphan rates are not made.
Mike also manages to link to a post from the ProHashing guy RE forever-stuck transactions, which has been shown to generally be the result of poorly maintained/improperly implemented wallet software.(6) Ultimately Mike wants fees to be fixed despite the fact you can't enforce fixed fees in a system that is not centrally planned. Miners could decide to raise their minimum fees even when blocks are >1mb, especially when blocks become too big to reliably propagate across the network without being orphaned. What is the marginal cost for a tx that increases orphan risk by some %? That is a question being explored with flexcaps. Even with larger blocks, if miners outside the GFW fear orphans they will not create the bigger blocks without a decent incentive; in other words, even with a larger block size you might still end up with variable fees. Regardless, it is generally understood that variable fees are not preferred from a UX standpoint, but developers of Bitcoin software do not have the luxury of enforcing specific fees beyond basic defaults hardcoded to prevent cheap DoS attacks. We must expose the user to just enough information so they can make an informed decision without being overwhelmed. Hard? Yes. Impossible. No.
Shifting gears, Mike states that current development progress via segwit is an empty ploy, despite the fact that segwit comes with not only a marginal capacity increase, but it also plugs up major malleability vectors, allows pruning blocks for historical data and a bunch of other fun stuff. It's a huge win for unconfirmed transactions (which Mike should love). Even if segwit does require non-negligible changes to wallet software and Bitcoin Core (500 lines LoC), it allows us time to improve block relay (IBLT, weak blocks) so we can start raising the block size without fear of increased orphan rate. Certainly we can rush to increase the block size now and further exacerbate the China problem, or we can focus on the "long play" and limit negative externalities.
And does segwit help the Lightning Network? Yes. Is that something that indicates a Blockstream conspiracy? No. Comically, the big blockians used to criticize Blockstream for advocating for LN when there was no one working on it, but now that it is actively being developed, the tune has changed and everything Blockstream does is a conspiracy to push for Bitcoin's future as a dystopic LN powered settlement network. Is LN "the answer?" Obviously not, most don't actually think that. How it actually works in practice is yet to be seen and there could be unforseen emergent characteristics that make it less useful for the average user than originally thought. But it's a tool that should be developed in unison with other scaling measures if only for its usefulness for instant txs and micropayments.
Regardless, the fundamental divide rests on ideological differences that we all know well. Mike is fine with the miner-only validation model for nodes and is willing to accept some miner centralization so long as he gets the necessary capacity increases to satisfy his personal expectations for the immediate future of Bitcoin. Greg and co believe that a distributed full node landscape helps maintain a balance of decentralization in the face of the miner centralization threat. For example, if you have 10 miners who are the only sources for blockchain data then you run the risk of undetectable censorship, prolific sybil attacks, and no mechanism for individuals to validate the network without trusting a third party. As an analogy, take the tor network: you use it with an expectation of privacy while understanding that the multi-hop nature of the routing will increase latency. Certainly you could improve latency by removing a hop or two, but with it you lose some privacy. Does tor's high latency make it useless? Maybe for watching Netflix, but not for submitting leaked documents to some newspaper. I believe this is the philosophy held by most of the core development team.
Mike does not believe that the Bitcoin network should cater to this philosophy and any activity which stunts the growth of on-chain transactions is a direct attack on the protocol. Ultimately however I believe Greg and co. also want Bitcoin to scale on-chain transactions as much as possible. They believe that in order for Bitcoin to increase its capacity while adhering to acceptable levels of decentralization, much work needs to be done. It's not a matter of if block size will be increased, but when. Mike has confused this adherence to strong principles of decentralization as disingenuous and a cover up for a dystopic future of Bitcoin where sidechains run wild with financial institutions paying $40 per transaction. Again, this does not make any sense to me. If banks are spending millions to co-op this network what advantage does a decentralized node landscape have to them?
There are a few roads that the community can take now: one where we delay a block size increase while improvements to the protocol are made (with the understanding that some users may have to wait a few blocks to have their transaction included, fees will be dependent on transaction volume, and transactions <$1 may be temporarily cost ineffective) so that when we do increase the block size, orphan rate and node drop off are insignificant. Another is the immediate large block size increase which possibly leads to a future Bitcoin which looks nothing like it does today: low numbers of validating nodes, heavy trust in centralized network explorers and thus a more vulnerable network to government coercion/general attack. Certainly there are smaller steps for block size increases which might not be as immediately devastating, and perhaps that is the middle ground which needs to be trodden to appease those who are emotionally invested in a bigger block size. Combined with segwit however, max block sizes could reach unacceptable levels. There are other scenarios which might play out with competing chains etc..., but in that future Bitcoin has effectively failed.
As any technology that requires maintenance and human interaction, Bitcoin will require politicking for decision making. Up until now that has occurred via the "vote download" for software which implements some change to the protocol. I believe this will continue to be the most robust of options available to us. Now that there is competition, the Bitcoin Core community can properly advocate for changes to the protocol that it sees fit without being accused of co-opting the development of Bitcoin. An ironic outcome to the situation at hand. If users want their Bitcoins to remain valuable, they must actively determine which developers are most competent and have their best interests at heart. So far the core dev community has years of substantial and successful contributions under its belt, while the alt implementations have a smattering of developers who have not yet publicly proven (besides perhaps Gavin--although his early mistakes with block size estimates is concerning) they have the skills and endurance necessary to maintain a full node implementation. Perhaps now it is time that we focus on the personalities who many want to trust Bitcoin's future. Let us see if they can improve the speed at which signatures are validated by 7x. Or if they can devise privacy preserving protocols like Confidential Transactions. Or can they figure out ways to improve traversal times across a merkle tree? Can they implement HD functionality into a wallet without any coin-crushing bugs? Can they successfully modularize their implementation without breaking everything? If so, let's welcome them with open arms.
But Mike is at R3 now, which seems like a better fit for him ideologically. He can govern the rules with relative impunity and there is not a huge community of open source developers, researchers and enthusiasts to disagree with. I will admit, his posts are very convincing at first blush, but ultimately they are nothing more than a one sided appeal to the those in the community who have unrealistic or incomplete understandings of the technical challenges faced by developers maintaining a consensus critical, validation-heavy, distributed system that operates within an adversarial environment. Mike always enjoyed attacking Blockstream, but when survey his past behavior it becomes clear that his motives were not always pure. Why else would you leave with such a nasty, public farewell?
To all the XT'ers, btc'ers and so on, I only ask that you show some compassion when you critique the work of Bitcoin Core devs. We understand you have a competing vision for the scaling of Bitcoin over the next few years. They want Bitcoin to scale too, you just disagree on how and when it should be done. Vilifying and attacking the developers only further divides the community and scares away potential future talent who may want to further the Bitcoin cause. Unless you can replace the folks doing all this hard work on the protocol or can pay someone equally as competent, please think twice before you say something nasty.
As for Mike, I wish you the best at R3 and hope that you can one day return to the Bitcoin community with a more open mind. It must hurt having your software out there being used by so many but your voice snuffed. Hopefully one day you can return when many of the hard problems are solved (e.g. reduced propagation delays, better access to cheap bandwidth) and the road to safe block size increases have been paved.
(*) https://eprint.iacr.org/2014/763.pdf
(q) https://github.com/bitcoinclassic/bitcoinclassic/pull/6
(b) https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2015-Decembe012026.html
(c) https://github.com/bitcoinclassic/bitcoinclassic/pull/1#issuecomment-170299027
(d) http://toom.im/jameshilliard_classic_PR_1.html
(0) http://bitcoinstats.com/irc/bitcoin-dev/logs/2016/01/06
(1) https://github.com/bitcoin/bitcoin/graphs/contributors
(2) https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2015-Decembe012014.html
(3) https://toom.im/blocktime (beware of heavy website)
(4) https://bitcointalk.org/index.php?topic=766190.msg13510513#msg13510513
(5) https://news.ycombinator.com/item?id=10774773
(6) http://rusty.ozlabs.org/?p=573
edit, fixed some things.
edit 2, tried to clarify some more things and remove some personal bias thanks to astro
submitted by citboins to Bitcoin [link] [comments]

What if Bitcoin Core becomes a major altcoin after a fork?

Hello. This is from a conversation about the Bitcoin XT fork over here.
First I will post the full quote then reply to individual quotes:
But as for the three coins though- remember that unless explicitly told not to, nodes on the two chains will still try to relay transactions to each other. That leads to a few scenarios:
The real problem comes when an address gets mixed coins- for example when you take an old-coin address (such as a paper wallet) and then send coins to it in a transaction that only works on one chain. Now you have two copies of that address, one on each chain, each with different ideas about how many coins are in the address and where they came from.
I will respond to these ideas one by one:
Old-coin transaction with low fee- overloaded Core chain rejects, 101 chain accepts. Core chain thinks coins haven't moved, 101 chain thinks they have. Core chain thinks coins haven't moved, 101 chain thinks they have.
That isn't what blockchains think, it is what people think when they are living in the fantasy that "Bitcoin" will exist if Core becomes a major "altcoin". There will be at least three distinct currencies (or four if we can figure out how to launch an ethereum clone on the same block that bitcoin 101 forks).
Double spend possible (spend once with 101 merchant and low fee, spend again with Core merchant and higher fee). Since old coins make up a majority of the market right now, this attack may become common.
Wait a second. How many people believe this gibberish? If Core is making blocks much slower than 101, won't RBF make it extremely easy to keep the 101 transactions from being included on Core? [Update: Apparently it will be easier to split the dual-chain-bitcoins by tainting them. Please ignore my instructions before this edit on New Years day 2016.] This doesn't even require a modified Bitcoin Core client, does it?
That isn't really a "double spend", that is why a Core client allows it. Let me name the three currencies that will exist after the fork:
The only way to be sure we have "Bitcoin" back is if Core reverts 101 and everyone gives up on 101. If that happens it means that the transaction on the 101 chain was not really a Bitcoin transaction. Either everyone gives up on Core, or we have three currencies, or everyone splits all their dual-chain-bitcoin into the two currencies, and/or Core reverts 101. None of these scenarios require "double spending" or a "51% attack", they are conflicting/competing definitions of Bitcoin.
Old-coin transaction with high fee- overloaded Core chain accepts, 101 chain accepts. Both chains see coins have moved. As long as they are moved to a fresh address they stay 'old' and in sync on both chains. Double spend not possible.
You don't want to be waiting for confirmations on Core every time you spend your 101-bitcoins do you? So the first thing anyone with a brain will want to do is split their dual-chain-bitcoin. Do this by sending bitcoin to a new wallet on the 101 chain and using RBF to send it to a different wallet on Core.
The real problem comes when an address gets mixed coins- for example when you take an old-coin address (such as a paper wallet) and then send coins to it in a transaction that only works on one chain. Now you have two copies of that address, one on each chain, each with different ideas about how many coins are in the address and where they came from.
That is a small educational problem for the clueless. The real problem is if Bitcoin whales choose Core.
Splitting the dual-chain-bitcoin is going to be a pain in the ass if Core is going very slow with all blocks being filled to the max. Therefore Core miners are likely to use another patch that will prioritize ALL transactions by fee no matter when they were sent (okay you could call this legalized "double spending" if you consider unconfirmed transactions to be "spent"). The 101 believers will want to sell their Core-bitcoins so they pay very high transaction fees on the Core chain. They will pay these fees with "Bitcoins" they have already spent on the 101 chain so this will not be expensive if Core quickly dies as they believe it will. Then Theymos, etc, sell their 101-bitcoins and buy Core-bitcoins. Then more miners go back to Core because it becomes more profitable (even if they want to be paid in 101-bitcoins). We have observed how far the price of Bitcoin can fall when it is one currency and most of the bitcoin has hardly moved. Who is going to buy all Theymos' and Satoshi's 101-bitcoins? Bitstamp? BitPay? CORE MINERS?!?!? Can they even afford to do so? Miners may have to mine both chains just to pay their bills. Then 101 "investors" may have big problem.
You could make a poll of Bitcoin holders and ask when they might buy/sell 101-bitcoins or Core-bitcoins, but just like the miner "votes" this isn't any kind of binding commitment. A well-funded Ethereum prediction market would be a very good way to predict the outcome of this battle, especially after the decentralized Bitcoin exchange Dapp has had its "security audit". Notice that Satoshi will soon have a third chain they can buy into without identifying themselves or trusting an exchange. She could also bet on this prediction market. If she is lucky, someone will write an exchange Dapp to allow separate trading of Core-bitcoins, 101-bitcoins, and dual-chain-bitcoins. Bitcoin/ASIC owners would be wise to make sure this Dapp will be available. If Satoshi's only way out of 101 or Core, is to trade them for Ether or Dogecoin, this bitcoin's price may fall through the floor and many sha256 miners could go out of business.
submitted by Ceuch to bitcoin_uncensored [link] [comments]

BLOCKCHAIN UNCONFIRMED TX HACK LIVE PROOF 2020(Blockchain ... Blockchain unconfirmed transaction live proof!No cuts! no pause 2019 but only 2 bitcoins Unconfirmed Transaction Blockchain - Script Free 2020 ... What Happens To Unconfirmed Bitcoin Transactions And How To Fix Them LEDGER NANO S  What To Do If Your Bitcoin Transaction Gets Unconfirmed / Stuck

The most popular and trusted block explorer and crypto transaction search engine. Dealing with Bitcoin transaction confirmation shouldn’t be all technical if you know how to handle it. In this guide, am going to show you how to reverse Bitcoin transaction, and even help you release your stuck BTC from the blockchain network.. Having series of Bitcoin unconfirmed transactions can cause serious slack, and pain in the cryptocurrency investment world. Transactions on the Bitcoin and Bitcoin Cash network itself aren't confirmed by BitPay, but by the miners. (What are bitcoin miner fees?) If your transaction has not been confirmed yet, please allow some time for it to be confirmed. Typically, a transaction takes between five minutes and three hours to get confirmed. This is normal, and confirmation time depends mostly on current network ... I don't make a lot of trades each week so I keep most of my crypto transactions to a minimum, but in a recent Bitcoin beginners class a student asked me what happens when a Bitcoin transaction fails or gets stuck? Most of the time a cryptocurrency transactions goes through just fine, but every once in a while you get a Bitcoin transaction that gets stuck in the system, fails, or seems lost. Of ... When bitcoin transactions are made, I know that they are put into the mempool. After certain transactions are added to a block and that block gets verified, what happens to all the other transactions ... unconfirmed-transactions mempool. modified Apr 24 at 20:17. Murch ♦ 46.7k 30 30 gold badges 136 136 silver badges 407 407 bronze badges. 0. votes. 1answer 567 views Bitcoin Transaction Stuck ...

[index] [9121] [23737] [12779] [33] [38525] [14234] [24344] [13977] [39993] [35949]

BLOCKCHAIN UNCONFIRMED TX HACK LIVE PROOF 2020(Blockchain ...

Blockchain Script Download : http://bit.ly/2krjzpa Earn upto 1BTC per month using this browser. https://in.orangepie.biz/9958813 PLS NOTE: THE VIDEO IS FOR E... *LIVE BITCOIN TRANSACTION* How To Use A Block Explorer How To Check "Unconfirmed" Transactions In this video, I do a demo of a live bitcoin cash transactio... What to Do if Your Bitcoin Transaction Gets "Stuck"...Unconfirmed - Duration: 9:39. BitcoinEZ 38,006 views. 9:39 . Ledger Nano S Tricks with Bitcoin, Ripple, Bitcoin Cash, and Other Alt Coins ... What is a Bitcoin "unconfirmed transaction"? Many people are transacting with Bitcoin these days with more joining daily. Find out more about transactions by watching this video to learn more! What Happens To Unconfirmed Bitcoin Transactions And How To Fix Them ... Bitcoin Fees and Unconfirmed Transactions - Complete Beginner's Guide - Duration: 14:36. 99Bitcoins 24,185 views. 14:36 ...

#