Bitcoin - Open source P2P money

RESEARCH REPORT ABOUT ARYACOIN

RESEARCH REPORT ABOUT ARYACOIN
Author: Gamals Ahmed, CoinEx Business Ambassador

https://preview.redd.it/a7jv4azk86u51.jpg?width=1600&format=pjpg&auto=webp&s=e4a4dbb5afacd5747076beaa59e6343b805c3392

ABSTRACT

Aryacoin is a new cryptocurrency, which allows for decentralized, peer to peer transactions of electronic cash. It is like Bitcoin and Litecoin, but the trading of the coin occurs on sales platforms that have no restriction to use. Further, it was created with the goal of addressing the double spend issues of Bitcoin and does so using a timestamp server to verify transactions. It works by taking the hash of a block of items to be timestamped and widely publishing the hash. The timestamp proves that the data must have existed at the time in order to get the hash. Each timestamp then includes the previous timestamp in its hash, forming a chain.
The Aryacoin team is continuously developing new use cases for the coin, including exchanges where users can exchange the coins without any fees or restrictions, and offline options where the coins can be bought and sold for cash. The coins can also be used on the company’s other platform, mrdigicoin.io. Along with the coin, there is a digital wallet that can be created and controlled by the user entirely, with no control being retained by the Aryacoin team.

1.INTRODUCTION

The concept of Blockchain first came to fame in October 2008, as part of a proposal for Bitcoin, with the aim to create P2P money without banks. Bitcoin introduced a novel solution to the age-old human problem of trust. The underlying blockchain technology allows us to trust the outputs of the system without trusting any actor within it. People and institutions who do not know or trust each other, reside in different countries, are subject to different jurisdictions, and who have no legally binding agreements with each other, can now interact over the Internet without the need for trusted third parties like banks, Internet platforms, or other types of clearing institutions.
When bitcoin was launched it was revolutionary allowing people to transfer money to anytime and anywhere with very low transaction fees . It was decentralized and their is no third party involved in the transaction , only the sender and receiver were involved.
This paper provide a solution to the double-spending problem using a peer-to-peer distributed timestamp server to generate computational proof of the chronological order of transactions.The system is secure as long as honest nodes collectively control more CPU power than any cooperating group of attacker nodes. Bitcoin was made so that it would not be controlled or regulated but now exchanges and governments are regulating bitcoin and other cryptocurrencies at every step. Aryacoin was developed to overcome these restrictions on a free currency.
Aryacoin is a new age cryptocurrency, which withholds the original principle on which the concept of cryptocurrency was established. Combining the best in blockchain technology since the time of its creation, Aryacoin strives to deliver the highest trading and mining standards for its community.

1.1 OVERVIEW ABOUT ARYACOIN

Aryacoin is a new age cryptocurrency, which withholds the original principle on which the concept of cryptocurrency was established. Combining the best in blockchain technology since the time of its creation, Aryacoin strives to deliver the highest trading and mining standards for its community.
Aryacoin is a blockchain based project that allows users to access their wallet on the web and mobile browsers, using their login details.
Aryacoin can be mined; it also can be exchanged by other digital currencies in several world-famous exchanges such as Hitbtc, CoinEx, P2pb2b, WhiteBit, Changelly and is also listed in reputable wallets such as Coinomi and Guarda.
Aryacoin is a coin, which can be used by anyone looking to use cryptocurrency which allows them to keep their privacy even when buying/selling the coin along with while using the coin during transactions. Proof of work and cryptographic hashes allows transactions to verified.
Stable Fee Per AYA is a unique feature of Aryacoin, so by increasing the amount or volume of the transaction, there is no change in the fee within the network, which means that the fee for sending an amount less than 1 AYA is equal to several hundred million AYA. Another unique feature of Aryacoin is the undetectability of transactions in Explorer, such as the DASH and Monero, of course, this operation is unique to Aryacoin.
Using Aryacoin digital currency, like other currencies, international transactions can be done very quickly and there are no limitations in this area as the creators claim.
Aryacoin aims to allow users to access the Aryacoin wallet via the web and mobile browsers using their login details.
Aryacoin is a peer-to-peer electronic cash system that enables users to send and receive payments directly from one party to another, and allow them to transfer funds across borders with no restriction or third party involvement. The blockchain-based system embraces the digital signature, which prevents double spending and low transfer fees, which enables users to transfer huge amounts with very low fees. The proof-of-work consensus mechanism allows each transaction to be verified and confirmed, while anonymity enables users to use the coin anywhere at any time.
According to the website of the operation, each wallet is divided into 2 or more AYA wallet addresses for each transaction, and depending on the volume of the transaction block, the origin, and destination of transactions in the network can not be traced and displayed to the public.
In fact, each wallet in Aryacoin consists of a total of several wallets. The number of these wallets increases per transaction to increase both security and privacy. Aryacoin also uses the dPoW protocol. In the dPoW protocol, a second layer is added to the network to verify transactions, which makes “51% attack” impossible even with more than half of the network hash, and blocks whose Blockchain uses this second layer of security never run the risk of 51% attacks.
AYA has been listed on a number of crypto exchanges, unlike other main cryptocurrencies, it cannot be directly purchased with fiats money. However, You can still easily buy this coin by
first buying Bitcoin from any large exchanges and then transfer to the exchange that offers to trade this coin.

1.1.1 ARYACOIN HISTORY

Aryacoin (AYA) is a new cryptocurrency, which has been created by a group of Iranian developers, is an altcoin which allows for decentralised, peer to peer transactions of electronic cash without any fees whatsoever. Along with the coin, there is a digital wallet that can be created and managed by the user entirely, with no control being retained by the Aryacoin team.
Aryacoin’s founder, Kiumars Parsa, has been a fan of alternative currencies and particularly Bitcoin.
We see people from all around the world using Blockchain technology and the great benefits that came with it and it then that I decided to solve this puzzle for find a way of bringing the last missing piece to the jigsaw. The idea for Aryacoin was born.” Parsa said.
Parsa and his team of Iranian ex-pats not only persevered but expedited the project and just a year later, in the summer of 2019, the first version of Aryacoin was released. In 2020, Aryacoin is the first and only Iranian coin listed on CMC.
Parsa goes on to state that it is now the strength of the community that has invested in the coin that will ultimately drive its success, alongside its robust technology and appealing 0% network fees.
We have thousands of voices behind Aryacoin. People for the people make this coin. It is a massive shout out for democracy. This had made us base the whole team strategy on the benefits for both our users and our traders.
One key example is that the network fee on AYA Blockchain is 0%. Yes, absolutely nothing, which which differentiates us from other networks. What also differentiates us from other coins is that we have AYAPAY which is the first cryptocurrency Gateway in the world which does not save funds on third party storage with all funds being forwarded directly to any wallet address that the Gateway owner requests”.
So for the first time ever, and unlike other gateways, incoming funds will be saved on the users account with submitted withdrawal requests then made on the Gateway host website. In AYAPAY which has also been developed by the Aryacoin team, all funds without extra fees or extra costs will directly forwarded to users wallets. We have named this technology as CloudWithdrawal.
We are continuously challenging ourselves as it is a crowded marketplace. We are striving to have a safer Blockchain against 51% attacks, faster confirmations speeds of transactions, cheaper network fee, growing the market by cooperation with Top tier Exchangers.

1.1.2 ARYACOIN’S MAIN GOAL

Aryacoin’s main goal is to educate people and give them the freedom to use cryptocurrency in any way they want. Aryacoin empowers the users to transfer, pay, trade cryptocurrency from any country around the globe.
Platforms that have been created by Aryacoin Team, as well as those that will go live in future, operate on the same principle and exclude absolutely no one.

1.1.3 PROBLEM ARYACOIN SEEKS TO SOLVE

Aryacoin aims to provide a long-term solution to the problem of double spending, which is still common in the crypto market. The developers of the system have created a peer-to-peer distributed timestamp server that generates computational proof of the transactions as they occur.
Besides, the system remains secure provided honest nodes control more CPU power than any cooperating group of attacker nodes. While Bitcoin was designed not to be regulated or controlled, many exchanges and governments have put regulatory measures on the pioneer cryptocurrency at every step. Aryacoin aims to overcome these restrictions as a free digital currency.

1.1.4 BENEFITS OF USING ARYACOIN

Aryacoin solution offers the following benefits:
  • Real-time update: whether you’re going on a holiday or a business trip, no problem. You can access your coins all over the world.
  • Instant operations: Aryacoin makes it quite easy for you to use your digital wallet and perform various operations with it.
  • Safe and secure: all your data is stored encrypted and can only be decrypted with your private key, seed, or password.
  • Strong security: The system has no control over your wallet. You are 100% in charge of your wallet and funds.

1.1.5 ARYACOIN FEATURES

1. Anonymity
The coin provides decent level of anonymity for all its users. The users can send their transactions to any of the public nodes to be broadcasted , the transaction sent to the nodes should be signed by the private key of the sender address . This allows the users to use the coin anywhere any time , sending transactions directly to the node allows users from any place and country .
2. Real Life Usage
aryacoin’s team is continuously developing new and innovative ways to use the coins , they are currently developing exchanges where the users can exchange the coins without any fees and any restrictions . They also are currently developing other innovative technologies, which would allow users to spend our coins everywhere and anywhere.
3. Offline Exchanges
They are also working with different offline vendors which would enable them to buy and sell the coins directly to our users on a fixed/variable price this would allow easy buy/sell directly using cash . This would allow the coins to be accessible to users without any restrictions which most of the online exchanges have, also increase the value and number of users along with new ways to spend the coin. This would increase anonymity level of the
coin. In addition, introduce new users into the cryptomarket and technology. Creating a revolution, which educates people about crypto and introduce them to the crypto world, which introduces a completely new group of people into crypto and a move towards a Decentralized future!
4. Transactions
When it comes to transactions, Aryacoin embraces a chain of digital signatures, where each owner simply transfers the coin to the next person by digitally signing a hash of the previous transaction and the public key of the next owner. The recipient can then verify the signatures to confirm the chain of ownership. Importantly, Aryacoin comes with a trusted central authority that checks every transaction for double spending.
5. Business Partner with Simplex
Aryacoin is the first and only Iranian digital currency that managed to obtain a trading license in other countries.
In collaboration with the foundation and financial giant Simplex, a major cryptocurrency company that has large companies such as Binance, P2P, Changelly, etc. Aryacoin has been licensed to enter the world’s major exchanges, as well as the possibility of purchasing AYA through Credit Cards, which will begin in the second half of 2020.
Also, the possibility of purchasing Aryacoin through Visa and MasterCard credit cards will be activated simultaneously inside the Aryacoin site. plus, in less than a year, AYA will be placed next to big names such as CoinCapMarket, Coinomi, P2P, Coinpayments and many other world-class brands today.

1.1.6 WHY CHOOSE ARYACOIN?

If you want to use a cryptocurrency that allows you to keep your privacy online even when buying and selling the coins, the Aryacoin team claims that AYA is the way to go. Aryacoin is putting in the work: with more ways to buy and sell, and fixing the issues that were present in the original Bitcoin, plus pushing the boundaries with innovative solutions in cryptocurrencies. You can get started using Aryacoin (AYA) payments simply by having a CoinPayments account!

1.1.7 ARYANA CENTRALIZED EXCHANGE

Aryana, the first Iranian exchange is a unique platform with the following features:
  • The first real international Persian exchange that obtains international licenses and is listed in CoinMarketCap.
  • The first Iranian exchange that has been cooperating with a legal and European exchange for 3 years.
  • The possibility of trading in Tomans (available currency in Iran) at the user’s desired price and getting rid of the transaction prices imposed by domestic sites inside Iran.
  • There is an internal fee payment plan by Iranian domestic banks for depositing and withdrawing Tomans for Aryacoin holders in Aryana Exchange.
  • The number that you see on the monitor and in your account will be equal to the number that is transferred to your bank account without a difference of one Rial.
  • The last but not least, noting the fact that there is a trading in Tomans possibility in Aryana exchange.
Aryana Exchange is using the most powerful, fastest, and most expensive server in the world, Google Cloud Platform (GCP), which is currently the highest quality server for an Iranian site, so that professional traders do not lag behind the market even for a second.
The feature of Smart Trading Robots is one of the most powerful features for digital currency traders. Digital cryptocurrency traders are well aware of how much they will benefit from smart trading robots. In the Aryana exchange, it is possible to connect exchange user accounts to intelligent trading bots and trade even when they are offline.
The injection of $ 1 million a day in liquidity by the WhiteBite exchange to maintain and support the price of Tether and eliminate the Tether fluctuations with Bitcoin instabilities used by profiteers to become a matter of course.

1.1.8 HOW DOES ARYACOIN WORK?

Aryacoin (AYA) tries to ensure a high level of security and privacy. The team has made sure to eliminate any trading restrictions for the network users: no verification is required to carry out transactions on AYA, making the project truly anonymous, decentralized, and giving it a real use in day-to-day life. The Delayed-Proof-of-Work (dPoW) algorithm makes the Aryacoin blockchain immune to any attempts of a 51% attack. AYA defines a coin as a chain of digital signatures — each owner transfers the coin to the next owner by digitally signing the hash of the previous transaction and the public key of the next owner, and the receiver verifies the signatures and the chain of ownership.

2. ARYACOIN TECHNOLOGY

2.1 PROOF-OF-WORK

They use a proof-of-work system similar to Adam Back’s Hashcash to implement a distributed timestamp server on a peer-to-peer basis, rather than newspaper or Usenet publications. The proof-of-work involves scanning for a value that when hashed, such as with SHA-256, the hash begins with a number of zero bits. The average work required is exponential in the number of zero bits required and can be verified by executing a single hash.
For their timestamp network, they implement the proof-of-work by incrementing a nonce in the block until a value is found that gives the block’s hash the required zero bits. Once the CPU effort has been expended to make it satisfy the proof-of-work, the block cannot be changed without redoing the work. As later blocks are chained after it, the work to change the block would include redoing all the blocks after it.
The proof-of-work also solves the problem of determining representation in majority decision making. If the majority were based on one-IP-address-one-vote, it could be subverted by anyone able to allocate many IPs. Proof-of-work is essentially one-CPU-one-vote. The majority decision is represented by the longest chain, which has the greatest proof-of-work effort invested in it. If honest nodes control a majority of CPU power, the honest chain will grow the fastest and outpace any competing chains. To modify a past
block, an attacker would have to redo the proof-of-work of the block and all blocks after it, then catch up with, and surpass the work of the honest nodes.

2.2 NETWORK

The steps to run the network are as follows:
  • New transactions are broadcast to all nodes.
  • Each node collects new transactions into a block.
  • Each node works on finding a difficult proof-of-work for its block.
  • When a node finds a proof-of-work, it broadcasts the block to all nodes.
  • Nodes accept the block only if all transactions in it are valid and not already spent.
This is a very simple system that makes the network fast and scalable, while also providing a decent level of anonymity for all users. Users can send their transactions to any of the public nodes to be broadcast, and the private key of the sender’s address should sign any transaction sent to the nodes. This way, all transaction info remains strictly confidential. It also allows users to send transactions directly to the node from any place at any time and allows the transferring of huge amounts with very low fees.

2.3 AYAPAY PAYMENT SERVICES GATEWAY:

According to creators Aryacoin, the development team has succeeded in inventing a new blockchain technology for the first time in the world, which is undoubtedly a big step and great news for all digital currency enthusiasts around the world.
This new technology has been implemented on the Aryacoin AYAPAY platform and was unveiled on October 2. AYAPAY payment platform is the only payment gateway in the world that does not save money in users’ accounts and transfers incoming coins directly to any wallet address requested by the gateway owner without any additional transaction or fee.
In other similar systems or even systems such as PayPal, money is stored in the user account.

2.4 CONSENSUS ALGORITHM IN ARYACOIN

The devs introduced the Delayed-Proof-of-Work (dPoW) algorithm, which represents a hybrid consensus method that allows one blockchain to take advantage of the security provided by the hashing power of another blockchain. The AYA blockchain works on dPoW and can use such consensus methods as Proof-of-Work (PoW) or Proof-of-Stake (PoS) and join to any desired PoW blockchain. The main purpose of this is to allow the blockchain to continue operating without notary nodes on the basis of its original consensus method. In this situation, additional security will no longer be provided through the attached blockchain, but this is not a particularly significant problem. dPoW can improve the security level and reduce energy consumption for any blockchain.

2.5 DOUBLE-SPEND PROBLEM AND SOLUTION

One of the main problems in the blockchain world is that a receiver is unable to verify whether or not one of the senders did not double-spend. Aryacoin provides the solution, and has established a trusted central authority, or mint, that checks every transaction for double-spending. Only the mint can issue a new coin and all the coins issued directly from the mint are trusted and cannot be double-spent. However, such a system cannot therefore
be fully decentralized because it depends on the company running the mint, similar to a bank. Aryacoin implements a scheme where the receiver knows that the previous owners did not sign any earlier transactions. The mint is aware of all transactions including which of them arrived first. The developers used an interesting solution called the Timestamp Server, which works by taking a hash of a block of items to be ‘timestamped’ and publishing the hash. Each timestamp includes the previous timestamp in its hash, forming a chain. To modify a block, an attacker would have to redo the proof-of-work of all previous blocks, then catch up with, and surpass the work of the honest nodes. This is almost impossible, and makes the network processes more secure. The proof-of-work difficulty varies according to circumstances. Such an approach ensures reliability and high throughput.

3. ARYACOIN ROADMAP

April 2019: The launch of Aryacoin; AYA ICO, resulting in over 30BTC collected
December 2019: The launch of AYA Pay
April 2020: The successful Hamedan Hardfork, supported by all AYA exchanges, aimed at integrating the dPoW algorithm, improving the security of the AYA blockchain.
June 2020: Aryana Exchange goes live, opening more trading opportunities globally
July 2020: The enabling of our Coin Exchanger
November 2020: The implementation of Smart Contracts into the Aryacoin Ecosystem
Q1 2021: Alef B goes live (more details coming soon)

4. THE NUCYBER NETWORK COMMUNITY & SOCIAL

Website: https://aryacoin.io/
Explorer: https://explorer.aryacoin.io/
Github: https://github.com/Aryacoin/Aryacoin
Twitter: 1.1k followers https://twitter.com/AryacoinAYA
Reddit: 442 members https://github.com/nucypher
Instagram: 3.8k followers https://www.instagram.com/mrdigicoin/ Telegram: 5.9k subscribers https://t.me/AYA_Global

5. SUMMARY

Aryacoin (AYA) is a new age cryptocurrency that combines the best of the blockchain technology and strives to deliver high trading and mining standards, enabling users to make peer-to-peer decentralized transactions of electronic cash. Aryacoin is part of an ecosystem that includes payment gateway Ayapay and the Ayabank. AYA has a partnership with the Microsoft Azure cloud platform, which provides the ability to develop applications and store data on servers located in distributed data centers. The network fee for the AYA Blockchain is 0%. In Ayapay service, which has been developed by the Aryacoin team, all funds without extra fees or costs are directly forwarded to users’ wallets with technology called CloudWithdrawal. The devs team is introducing new use cases including exchanges where users will exchange AYA without any restrictions. You can buy AYA on an exchange of your choice, create an Aryacoin wallet, and store it in Guarda.

6. REFERENCES

1) https://coincodex.com/crypto/aryacoin/
2) https://www.icosandstos.com/coin/Aryacoin%20AYA/YuXO60UPF3
3) https://www.publish0x.com/iran-and-cryptocurrency/a-brief-introduction-of-aryacoin-first-ever-iranian-cryptocu-xoldlom
4) https://techround.co.uk/cryptocurrency/aryacoin-the-digital-currency-created-by-iranians/
5) https://bitcoinexchangeguide.com/aryacoin/
6) https://blog.coinpayments.net/coin-spotlight/aryacoin
7) https://guarda.com/aryacoin-wallet
submitted by CoinEx_Institution to Coinex [link] [comments]

FinderOuter: the bitcoin recovery tool

Link: https://github.com/Coding-Enthusiast/FinderOuter
The FinderOuter is a bitcoin recovery tool that focuses on making the recovery process easy for everyone. There is no need to read long guide pages to learn how to use the application. Instead it will always be as easy as filling some boxes, maybe selecting some options and clicking a button all in a user-friendly GUI. Each recovery option is written from scratch and all parts down to the basic cryptography used (such as SHA, ECC,...) are specialized for maximum efficiency.

Available options

1. Message signature verification

User can enter a message signature here to verify it. In case there is a problem with the message (except being an actually invalid signature), the code can search to find the common issues that some signing tools have and fix them.

2. Missing Base-58 characters

This option helps recover any base-58 encoded string with a checksum that is missing some characters. For example a damaged paper wallet where some characters are erased/unreadable. The position of missing characters must be known. It works for (1) WIFs (Base-58 encoded private key) (2) Addresses (Base-58 encoded P2PKH address) (3) BIP-38 (Base-58 encoded encrypted private key).
There is also a "special case" where a compressed private key is missing 3 characters at unknown positions.

3. Missing Base-16 characters

This option is similar to previous feature but works for base-16 (hexadecimal) private keys. It currently requires an address and only checks compressed public keys. Unlike the other options, this one is very slow since it depends on ECC and that is not yet optimized.

4. Missing mini-privatekey characters

This option is similar to 2 and 3 but works for mini-privatekeys (eg. SzavMBLoXU6kDrqtUVmffv). It requires an address to check each possible key against, as a result it is also slower since it depends on ECC and has 2 additional hashes.

5. Missing mnomonic (seed) words

This option works for BIP-39 mnemonics (others like Electrum will be added in the future) that have some words missing. It requires knowing one child key or address created from that seed and the exact path of it.

Future plans

submitted by Coding_Enthusiast to Autarkysoft [link] [comments]

Bitcoin (BTC)A Peer-to-Peer Electronic Cash System.

Bitcoin (BTC)A Peer-to-Peer Electronic Cash System.
  • Bitcoin (BTC) is a peer-to-peer cryptocurrency that aims to function as a means of exchange that is independent of any central authority. BTC can be transferred electronically in a secure, verifiable, and immutable way.
  • Launched in 2009, BTC is the first virtual currency to solve the double-spending issue by timestamping transactions before broadcasting them to all of the nodes in the Bitcoin network. The Bitcoin Protocol offered a solution to the Byzantine Generals’ Problem with a blockchain network structure, a notion first created by Stuart Haber and W. Scott Stornetta in 1991.
  • Bitcoin’s whitepaper was published pseudonymously in 2008 by an individual, or a group, with the pseudonym “Satoshi Nakamoto”, whose underlying identity has still not been verified.
  • The Bitcoin protocol uses an SHA-256d-based Proof-of-Work (PoW) algorithm to reach network consensus. Its network has a target block time of 10 minutes and a maximum supply of 21 million tokens, with a decaying token emission rate. To prevent fluctuation of the block time, the network’s block difficulty is re-adjusted through an algorithm based on the past 2016 block times.
  • With a block size limit capped at 1 megabyte, the Bitcoin Protocol has supported both the Lightning Network, a second-layer infrastructure for payment channels, and Segregated Witness, a soft-fork to increase the number of transactions on a block, as solutions to network scalability.

https://preview.redd.it/s2gmpmeze3151.png?width=256&format=png&auto=webp&s=9759910dd3c4a15b83f55b827d1899fb2fdd3de1

1. What is Bitcoin (BTC)?

  • Bitcoin is a peer-to-peer cryptocurrency that aims to function as a means of exchange and is independent of any central authority. Bitcoins are transferred electronically in a secure, verifiable, and immutable way.
  • Network validators, whom are often referred to as miners, participate in the SHA-256d-based Proof-of-Work consensus mechanism to determine the next global state of the blockchain.
  • The Bitcoin protocol has a target block time of 10 minutes, and a maximum supply of 21 million tokens. The only way new bitcoins can be produced is when a block producer generates a new valid block.
  • The protocol has a token emission rate that halves every 210,000 blocks, or approximately every 4 years.
  • Unlike public blockchain infrastructures supporting the development of decentralized applications (Ethereum), the Bitcoin protocol is primarily used only for payments, and has only very limited support for smart contract-like functionalities (Bitcoin “Script” is mostly used to create certain conditions before bitcoins are used to be spent).

2. Bitcoin’s core features

For a more beginner’s introduction to Bitcoin, please visit Binance Academy’s guide to Bitcoin.

Unspent Transaction Output (UTXO) model

A UTXO transaction works like cash payment between two parties: Alice gives money to Bob and receives change (i.e., unspent amount). In comparison, blockchains like Ethereum rely on the account model.
https://preview.redd.it/t1j6anf8f3151.png?width=1601&format=png&auto=webp&s=33bd141d8f2136a6f32739c8cdc7aae2e04cbc47

Nakamoto consensus

In the Bitcoin network, anyone can join the network and become a bookkeeping service provider i.e., a validator. All validators are allowed in the race to become the block producer for the next block, yet only the first to complete a computationally heavy task will win. This feature is called Proof of Work (PoW).
The probability of any single validator to finish the task first is equal to the percentage of the total network computation power, or hash power, the validator has. For instance, a validator with 5% of the total network computation power will have a 5% chance of completing the task first, and therefore becoming the next block producer.
Since anyone can join the race, competition is prone to increase. In the early days, Bitcoin mining was mostly done by personal computer CPUs.
As of today, Bitcoin validators, or miners, have opted for dedicated and more powerful devices such as machines based on Application-Specific Integrated Circuit (“ASIC”).
Proof of Work secures the network as block producers must have spent resources external to the network (i.e., money to pay electricity), and can provide proof to other participants that they did so.
With various miners competing for block rewards, it becomes difficult for one single malicious party to gain network majority (defined as more than 51% of the network’s hash power in the Nakamoto consensus mechanism). The ability to rearrange transactions via 51% attacks indicates another feature of the Nakamoto consensus: the finality of transactions is only probabilistic.
Once a block is produced, it is then propagated by the block producer to all other validators to check on the validity of all transactions in that block. The block producer will receive rewards in the network’s native currency (i.e., bitcoin) as all validators approve the block and update their ledgers.

The blockchain

Block production

The Bitcoin protocol utilizes the Merkle tree data structure in order to organize hashes of numerous individual transactions into each block. This concept is named after Ralph Merkle, who patented it in 1979.
With the use of a Merkle tree, though each block might contain thousands of transactions, it will have the ability to combine all of their hashes and condense them into one, allowing efficient and secure verification of this group of transactions. This single hash called is a Merkle root, which is stored in the Block Header of a block. The Block Header also stores other meta information of a block, such as a hash of the previous Block Header, which enables blocks to be associated in a chain-like structure (hence the name “blockchain”).
An illustration of block production in the Bitcoin Protocol is demonstrated below.

https://preview.redd.it/m6texxicf3151.png?width=1591&format=png&auto=webp&s=f4253304912ed8370948b9c524e08fef28f1c78d

Block time and mining difficulty

Block time is the period required to create the next block in a network. As mentioned above, the node who solves the computationally intensive task will be allowed to produce the next block. Therefore, block time is directly correlated to the amount of time it takes for a node to find a solution to the task. The Bitcoin protocol sets a target block time of 10 minutes, and attempts to achieve this by introducing a variable named mining difficulty.
Mining difficulty refers to how difficult it is for the node to solve the computationally intensive task. If the network sets a high difficulty for the task, while miners have low computational power, which is often referred to as “hashrate”, it would statistically take longer for the nodes to get an answer for the task. If the difficulty is low, but miners have rather strong computational power, statistically, some nodes will be able to solve the task quickly.
Therefore, the 10 minute target block time is achieved by constantly and automatically adjusting the mining difficulty according to how much computational power there is amongst the nodes. The average block time of the network is evaluated after a certain number of blocks, and if it is greater than the expected block time, the difficulty level will decrease; if it is less than the expected block time, the difficulty level will increase.

What are orphan blocks?

In a PoW blockchain network, if the block time is too low, it would increase the likelihood of nodes producingorphan blocks, for which they would receive no reward. Orphan blocks are produced by nodes who solved the task but did not broadcast their results to the whole network the quickest due to network latency.
It takes time for a message to travel through a network, and it is entirely possible for 2 nodes to complete the task and start to broadcast their results to the network at roughly the same time, while one’s messages are received by all other nodes earlier as the node has low latency.
Imagine there is a network latency of 1 minute and a target block time of 2 minutes. A node could solve the task in around 1 minute but his message would take 1 minute to reach the rest of the nodes that are still working on the solution. While his message travels through the network, all the work done by all other nodes during that 1 minute, even if these nodes also complete the task, would go to waste. In this case, 50% of the computational power contributed to the network is wasted.
The percentage of wasted computational power would proportionally decrease if the mining difficulty were higher, as it would statistically take longer for miners to complete the task. In other words, if the mining difficulty, and therefore targeted block time is low, miners with powerful and often centralized mining facilities would get a higher chance of becoming the block producer, while the participation of weaker miners would become in vain. This introduces possible centralization and weakens the overall security of the network.
However, given a limited amount of transactions that can be stored in a block, making the block time too longwould decrease the number of transactions the network can process per second, negatively affecting network scalability.

3. Bitcoin’s additional features

Segregated Witness (SegWit)

Segregated Witness, often abbreviated as SegWit, is a protocol upgrade proposal that went live in August 2017.
SegWit separates witness signatures from transaction-related data. Witness signatures in legacy Bitcoin blocks often take more than 50% of the block size. By removing witness signatures from the transaction block, this protocol upgrade effectively increases the number of transactions that can be stored in a single block, enabling the network to handle more transactions per second. As a result, SegWit increases the scalability of Nakamoto consensus-based blockchain networks like Bitcoin and Litecoin.
SegWit also makes transactions cheaper. Since transaction fees are derived from how much data is being processed by the block producer, the more transactions that can be stored in a 1MB block, the cheaper individual transactions become.
https://preview.redd.it/depya70mf3151.png?width=1601&format=png&auto=webp&s=a6499aa2131fbf347f8ffd812930b2f7d66be48e
The legacy Bitcoin block has a block size limit of 1 megabyte, and any change on the block size would require a network hard-fork. On August 1st 2017, the first hard-fork occurred, leading to the creation of Bitcoin Cash (“BCH”), which introduced an 8 megabyte block size limit.
Conversely, Segregated Witness was a soft-fork: it never changed the transaction block size limit of the network. Instead, it added an extended block with an upper limit of 3 megabytes, which contains solely witness signatures, to the 1 megabyte block that contains only transaction data. This new block type can be processed even by nodes that have not completed the SegWit protocol upgrade.
Furthermore, the separation of witness signatures from transaction data solves the malleability issue with the original Bitcoin protocol. Without Segregated Witness, these signatures could be altered before the block is validated by miners. Indeed, alterations can be done in such a way that if the system does a mathematical check, the signature would still be valid. However, since the values in the signature are changed, the two signatures would create vastly different hash values.
For instance, if a witness signature states “6,” it has a mathematical value of 6, and would create a hash value of 12345. However, if the witness signature were changed to “06”, it would maintain a mathematical value of 6 while creating a (faulty) hash value of 67890.
Since the mathematical values are the same, the altered signature remains a valid signature. This would create a bookkeeping issue, as transactions in Nakamoto consensus-based blockchain networks are documented with these hash values, or transaction IDs. Effectively, one can alter a transaction ID to a new one, and the new ID can still be valid.
This can create many issues, as illustrated in the below example:
  1. Alice sends Bob 1 BTC, and Bob sends Merchant Carol this 1 BTC for some goods.
  2. Bob sends Carols this 1 BTC, while the transaction from Alice to Bob is not yet validated. Carol sees this incoming transaction of 1 BTC to him, and immediately ships goods to B.
  3. At the moment, the transaction from Alice to Bob is still not confirmed by the network, and Bob can change the witness signature, therefore changing this transaction ID from 12345 to 67890.
  4. Now Carol will not receive his 1 BTC, as the network looks for transaction 12345 to ensure that Bob’s wallet balance is valid.
  5. As this particular transaction ID changed from 12345 to 67890, the transaction from Bob to Carol will fail, and Bob will get his goods while still holding his BTC.
With the Segregated Witness upgrade, such instances can not happen again. This is because the witness signatures are moved outside of the transaction block into an extended block, and altering the witness signature won’t affect the transaction ID.
Since the transaction malleability issue is fixed, Segregated Witness also enables the proper functioning of second-layer scalability solutions on the Bitcoin protocol, such as the Lightning Network.

Lightning Network

Lightning Network is a second-layer micropayment solution for scalability.
Specifically, Lightning Network aims to enable near-instant and low-cost payments between merchants and customers that wish to use bitcoins.
Lightning Network was conceptualized in a whitepaper by Joseph Poon and Thaddeus Dryja in 2015. Since then, it has been implemented by multiple companies. The most prominent of them include Blockstream, Lightning Labs, and ACINQ.
A list of curated resources relevant to Lightning Network can be found here.
In the Lightning Network, if a customer wishes to transact with a merchant, both of them need to open a payment channel, which operates off the Bitcoin blockchain (i.e., off-chain vs. on-chain). None of the transaction details from this payment channel are recorded on the blockchain, and only when the channel is closed will the end result of both party’s wallet balances be updated to the blockchain. The blockchain only serves as a settlement layer for Lightning transactions.
Since all transactions done via the payment channel are conducted independently of the Nakamoto consensus, both parties involved in transactions do not need to wait for network confirmation on transactions. Instead, transacting parties would pay transaction fees to Bitcoin miners only when they decide to close the channel.
https://preview.redd.it/cy56icarf3151.png?width=1601&format=png&auto=webp&s=b239a63c6a87ec6cc1b18ce2cbd0355f8831c3a8
One limitation to the Lightning Network is that it requires a person to be online to receive transactions attributing towards him. Another limitation in user experience could be that one needs to lock up some funds every time he wishes to open a payment channel, and is only able to use that fund within the channel.
However, this does not mean he needs to create new channels every time he wishes to transact with a different person on the Lightning Network. If Alice wants to send money to Carol, but they do not have a payment channel open, they can ask Bob, who has payment channels open to both Alice and Carol, to help make that transaction. Alice will be able to send funds to Bob, and Bob to Carol. Hence, the number of “payment hubs” (i.e., Bob in the previous example) correlates with both the convenience and the usability of the Lightning Network for real-world applications.

Schnorr Signature upgrade proposal

Elliptic Curve Digital Signature Algorithm (“ECDSA”) signatures are used to sign transactions on the Bitcoin blockchain.
https://preview.redd.it/hjeqe4l7g3151.png?width=1601&format=png&auto=webp&s=8014fb08fe62ac4d91645499bc0c7e1c04c5d7c4
However, many developers now advocate for replacing ECDSA with Schnorr Signature. Once Schnorr Signatures are implemented, multiple parties can collaborate in producing a signature that is valid for the sum of their public keys.
This would primarily be beneficial for network scalability. When multiple addresses were to conduct transactions to a single address, each transaction would require their own signature. With Schnorr Signature, all these signatures would be combined into one. As a result, the network would be able to store more transactions in a single block.
https://preview.redd.it/axg3wayag3151.png?width=1601&format=png&auto=webp&s=93d958fa6b0e623caa82ca71fe457b4daa88c71e
The reduced size in signatures implies a reduced cost on transaction fees. The group of senders can split the transaction fees for that one group signature, instead of paying for one personal signature individually.
Schnorr Signature also improves network privacy and token fungibility. A third-party observer will not be able to detect if a user is sending a multi-signature transaction, since the signature will be in the same format as a single-signature transaction.

4. Economics and supply distribution

The Bitcoin protocol utilizes the Nakamoto consensus, and nodes validate blocks via Proof-of-Work mining. The bitcoin token was not pre-mined, and has a maximum supply of 21 million. The initial reward for a block was 50 BTC per block. Block mining rewards halve every 210,000 blocks. Since the average time for block production on the blockchain is 10 minutes, it implies that the block reward halving events will approximately take place every 4 years.
As of May 12th 2020, the block mining rewards are 6.25 BTC per block. Transaction fees also represent a minor revenue stream for miners.
submitted by D-platform to u/D-platform [link] [comments]

The BSC Hard Fork of Bitcoin: An Overview

The BSC Hard Fork of Bitcoin: An Overview
Author: Hiro Midas

Background


Bitcoin is by far the most successful cryptocurrency. After ten years of development, the concept of Bitcoin as a community currency has gained widespread acceptance. With the participation of more and more miners, exchanges, developers, and ordinary users, the network effect of Bitcoin is strong and growing. According to the latest data from CoinMarketCap, Bitcoin Dominance accounts for 65.4% of the total market value of cryptocurrency, which is unmatched by any other blockchain project.
However, this huge network effect has not spawned more valuable applications on the Bitcoin network. This is mainly due to the non-Turing complete script of Bitcoin, which cannot support the implementation of complex logic. Although Bitcoin uses non-Turing-complete scripts for security reasons, this undoubtedly sacrifices more possibilities for the Bitcoin ecosystem and hinders the further expansion of its network effect.
Smart contracts are Turing complete and can be used to develop complex DApps. But even though Ethereum and other blockchain projects support smart contracts, the user base and network effects pale in comparison to Bitcoin.

https://preview.redd.it/r2mqkqsv0oq41.jpg?width=1400&format=pjpg&auto=webp&s=52f63dcf895b04b719fcde0b08054479706fd050

BSC = Bitcoin Users + Smart Contracts

https://preview.redd.it/xmgdkzwx0oq41.jpg?width=1400&format=pjpg&auto=webp&s=63ab187873f9364779fe5a13506ad2a015c55d73
We propose BSC (Bitcoin Smart Contract) in the whitepaper https://docs.bsc.net/en/bsc_en.pdf BSC will be a hard fork of Bitcoin, inheriting all the transaction history of Bitcoin, and will support smart contracts with unlimited flexibility. With the original user base and network effects of Bitcoin, BSC will enable DApps with real value.
Bitcoin users + smart contracts are likely to bring the entire industry into a new phase. Applications in the original smart contract ecosystem will likely bring qualitative changes with the help of Bitcoin’s network effect:
BTC + Digital Assets. Bitcoin users and developers will be able to issue digital assets similar to ERC-20 on the BSC network. The Bitcoin network effect makes these assets potentially more useful and valuable.
BTC + DeFi. Similar to MakerDAO, decentralized lending and fund custody, stablecoins, etc. will be built on the user base of Bitcoin to gain greater scale and visibility with the leading crypto asset.
BTC + Privacy Protocol. Since Bitcoin assets account for a very high proportion in the entire industry, Bitcoin users’ need for privacy is even more urgent. A smart contract-based privacy protocol can be built in the BSC ecosystem, and Bitcoin users can use this to achieve asset privacy.
BTC + DApp. Bitcoin users can directly create various DApps in the BSC network, such as decentralized exchanges, decentralized games, and decentralized domain name services. These applications are not mainstream now, but given the huge network effect of Bitcoin, there will be more DApps that can prove their value.

Compatibility with Bitcoin Ecosystem

To provide the huge network effect of Bitcoin, BSC is technically compatible with Bitcoin in terms of the underlying architecture and network parameters:
The infrastructure layer of the BSC adopts the UTXO (Unspent Transaction Output) model that is completely consistent with Bitcoin, supports all script types of Bitcoin, and naturally supports SegWit, multi-sig, etc. Compared with the account model, the UTXO model has certain advantages in terms of security, anonymity, and parallelism, and supports SPV (Simple Payment Verification), which makes it easier to support light wallets.
Due to the consistency of the underlying architecture, BSC is naturally compatible with the Bitcoin ecosystem. For example, all types of Bitcoin wallets, browsers, and Layer-2 protocols (such as the Lightning Network) can directly support BSC, and users have no limits.
Also, the upper limit of the total supply of BSC, the inflation rate, and the halving period are all consistent with Bitcoin. BSC will also inherit all the transaction history data of Bitcoin. Bitcoin users will obtain the equivalent BSC 1: 1. All subsequent BSC coins will be generated by PoW mining, and the development team will not have any pre-mining or pre-allocation of any coins.

Compatibility with Smart Contracts

Virtual machines are the execution environment of smart contracts. Based on maintaining the above compatibility with Bitcoin’s underlying infrastructure, BSC has achieved compatibility with EVM (Ethereum Virtual Machine) by adding additional scripts and intermediate layers, so that it can theoretically support all smart contracts in the Ethereum ecosystem. Popular applications in the Ethereum ecosystem, such as MakerDAO, AZTEC privacy protocol, decentralized stablecoins, etc., can be directly ported to the BSC network. Although these applications have received some attention on Ethereum, restrictions on the Ethereum network has significantly limited their further development. For example, decentralized lending, if you rely on the stability of Bitcoin assets and the participation of Bitcoin users, you will get more room for development.

Mining Algorithm and Reward

BSC uses the PoW consensus mechanism. Unlike Bitcoin, BSC uses the newer SHA-3 + Blake2b mining algorithm. Bitcoin’s computing power is mainly controlled by several large Bitcoin mining pools. If BSC used a PoW mining algorithm the same as Bitcoin or any mining algorithm that already has ASIC miners, there would be a good possibility for the network to suffer 51% attacks during the initial startup. To reduce the risk of attack and keep the network sufficiently decentralized, BSC uses the SHA-3 + Blake2b hash algorithm. This algorithm has been verified in projects such as Handshake, and currently, there is no ASIC miner available, which helps ensure the stable development of the BSC network.
As a BSC miner, in addition to the block rewards and transaction fees like Bitcoin, the block rewards will include the gas cost of smart contracts. Every halving of bitcoin brings significant challenges to miners. When the future bitcoin block reward is reduced to zero, whether transaction fees can support miners’ income is still unknown. The introduction of smart contracts will give BSC miners a source of additional revenue, further encourage miners to participate in mining, and protect the security of the network.

Community Governance

The BSC project is initiated by the developers from its community, and they no economic benefits. Therefore, the development of the BSC project must rely on a sufficient number of people to recognize its value. To verify interest, BSC will collect digital signatures from the Bitcoin community, and the project will not officially start until it receives signature support for more than 50,000 BTC, as shown on the official website (https://bsc.net/).
After the project was released on Bitcointalk https://bitcointalk.org/index.php?topic=5231921.0 , the BSC project gained more and more attention in the Bitcoin community, and the number of signatures collected is steadily increasing, proving that more and more Bitcoin holders have recognized the idea of Bitcoin Smart Contract. From https://bsc.net/


https://preview.redd.it/2qkpg3611oq41.jpg?width=1400&format=pjpg&auto=webp&s=8cf83f1f4b9866fc1a538b8daf8e2fc340336589
submitted by bitcoinSCofficial to BitcoinSCofficial [link] [comments]

Bitcoin’s Security and Hash Rate Explained

Bitcoin’s Security and Hash Rate Explained
As the Bitcoin hash rate reaches new all-time highs, there’s never been a better time to discuss blockchain security and its relation to the hashing power and the Proof of Work (PoW) that feed the network. The Bitcoin system is based on a form of decentralized trust, heavily relying on cryptography. This makes its blockchain highly secure and able to be used for financial transactions and other operations requiring a trustless ledger.
Far from popular belief, cryptography dates back to thousands of years ago. The same root of the word encryption — crypt — comes from the Greek word ‘kryptos’, meaning hidden or secret. Indeed, humans have always wanted to keep some information private. The Assyrians, the Chinese, the Romans, and the Greeks, they all tried over the centuries to conceal some information like trade deals or manufacturing secrets by using symbols or ciphers carved in stone or leather. In 1900 BC, Egyptians used hieroglyphics and experts often refer to them as the first example of cryptography.
Back to our days, Bitcoin uses cryptographic technologies such as:
  1. Cryptographic hash functions (i.e. SHA-256 and RIPEMD-160)
  2. Public Key Cryptography (i.e. ECDSA — the Elliptic Curve Digital Signature Algorithm)
While Public Key Cryptography, bitcoin addresses, and digital signatures are used to provide ownership of bitcoins, the SHA-256 hash function is used to verify data and block integrity and to establish the chronological order of the blockchain. A cryptographic hash function is a mathematical function that verifies the integrity of data by transforming it into a unique unidentifiable code.
Here is a graphic example to make things more clear:

– Extract from the MOOC (Massive Open Online Course) in Digital Currencies at the University of Nicosia.
Furthermore, hash functions are used as part of the PoW algorithm, which is a prominent part of the Bitcoin mining algorithm and this is what is of more interest to understand the security of the network. Mining creates new bitcoins in each block, almost like a central bank printing new money and creates trust by ensuring that transactions are confirmed only when enough computational power is devoted to the block that contains them. More blocks mean more computation, which means more trust.
With PoW, miners compete against each other to complete transactions on the network and get rewarded. Basically they need to solve a complicated mathematical puzzle and a possibility to easily prove the solution. The more hashing power, the higher the chance to resolve the puzzle and therefore perform the proof of work. In more simple words, bitcoins exist thanks to a peer to peer network that helps validate transactions in the ledger and provides enough trust to avoid that a third party is involved in the process. It also exists because miners give it life by resolving that computational puzzle, through the mining reward incentive they are receiving.
For more info, contact Block.co directly or email at [email protected].
Tel +357 70007828
Get the latest from Block.co, like and follow us on social media:
✔️Facebook
✔️LinkedIn
✔️Twitter
✔️YouTube
✔️Medium
✔️Instagram
✔️Telegram
✔️Reddit
✔️GitHub
submitted by BlockDotCo to u/BlockDotCo [link] [comments]

Establishing a smart contract commercial scenario: Chainlink, Zk-Snarks and sharding technology work together to make the ultimate killer

This text was translated from Chinese, open following link in Chrome and translate to see all images:
https://bihu.com/article/1242138347
EDIT: found an English text with pictures:
https://medium.com/@rogerfeng/making-smart-contracts-work-for-business-how-chainlink-zk-snarks-sharding-finally-delivered-8f268af75ca2
Author: Feng Jie translation: Liu Sha
“The highest state of technology is to integrate into the various scenes of everyday life, to fade away from high-tech outerwear and become a part of everyday life.” – Mark Weiser
People in the future will not even think that smart contracts are "innovative." By that time, smart contracts would permeate every aspect of life, and people couldn't even imagine what the era of non-digital currency would look like.
Later historians may divide human business history into two eras, the pre-smart contract era and the post-smart contract era. After all, digital money has brought unprecedented changes to the nature and patterns of business practices in the real world. An anonymous member of the Chainlink community once said: "Smart contracts can change the DNA of the business."
Of course, like all the technological revolutions of the past, smart contracts also need to reach a "tipping point" to truly achieve large-scale applications. So we need to ask ourselves two questions:
  1. What exactly is this so-called tipping point?
  2. As of August 2019, have we reached this tipping point?
To reach the tipping point means unlocking the ultimate nirvana of business.
Tipping point We can think about this issue from the perspective of mainstream companies. Imagine what a perfect smart contract platform should look like. What characteristics should this platform have? Or what features must be possessed?
To reach the tipping point, you must establish a public chain with the following four characteristics:
  1. Privacy protection
  2. In addition to the cryptocurrency, the transaction can also be settled in mainstream legal currency and comply with the regulatory requirements of financial markets such as ISO 20022.
  3. Achieve scalability without sacrificing decentralization or security, that is, solving the "impossible triangle problem."
  4. Connect the external data under the chain, that is, solve the "prophecy problem."
Now that we have Chainlink, zk-snarks and sharding technology, we have reached this tipping point.
Next, let's explore how this ultimate nirvana is actually made. Our discussion will be mainly from the perspective of Ethereum, which is still the top smart contract platform for community size and mainstream applications.
So what about the private chain?
Before delving into it, I want to take the time to solve an unavoidable problem. The mainstream view has always believed that the private chain is a more suitable solution for the enterprise. Therefore, we first dialectically analyze the two advantages and two major drawbacks of the private chain.
Disadvantages
  1. Centralization leads to relatively lower security
It's not surprising that IBM and Maersk's blockchain freight alliances have a hard time finding customers who are willing to join. How can other freight companies be willing to let their biggest competitors (Maersk) verify their trading data? Only madmen dare to do this.
  1. The staking of the horses occupy the hills:
This problem is even more serious than centralization. John Wolpert, co-founder of the IBM blockchain, wrote an excellent article called Breaking the Barriers to Realize Security: Why Companies Should Embrace the Ethereum Public Chain, which he covered in detail in the article.
If every company builds its own private chain, it will lead to chaos in the mountains. Today's B2B ecosystem is very complex. Imagine the innumerable private chains of the world intertwined to form a huge "spider web." This is not only cost-effective, but also not scalable.
The starting point of the blockchain is to break down barriers instead of building more barriers.
"One day, one of your big buyers called you to ask if you want to join their private chain. You promised. The next day you received a call from the wholesaler to ask you the same question. Then came the supplier, freight. Business, insurance company or even bank, and each company may have several private chains! Finally you have to invest a lot of time and cost to operate dozens of blockchains every day . If there are partners to let you join them at this time The private chain, you might say "Forget it, or fax me the order!" ”—Paul Brody (Ernst & Young)
“Every time you connect two private chains through a system integrator, you have to pay a lot of money .”
Advantage
  1. Scalability: With the Ethereum public chain implementing fragmentation technology, this advantage is rapidly shrinking.
  2. Privacy protection: At this stage, the classification of public chain / private chain is actually not very accurate. The Aztec , Zether, and Nightfall protocols (both based on the zk-snarks protocol) effectively provide a "private chain model" for the Ethereum public chain, allowing it to switch between the public and private chains. Therefore, a more accurate classification should be the alliance chain and the public chain.
By 2020, the label of the public chain/private chain will gradually disappear. The public and private chains will no longer be two opposing concepts. Instead, the concept of publicly traded/private transactions and confidential contracts/open contracts is changed, and the scope of these transactions and contracts varies according to specific needs, either bilaterally or multilaterally or even publicly.
All in all, the private chain has two major drawbacks compared to the public chain. Not only that, but the two major advantages of the private chain are also rapidly disappearing.
“Technology will evolve over time, so there will be a variety of solutions to solve existing problems. Ultimately, the public-chain platform will have the same performance, scalability and data privacy as the private chain, while at the same time ensuring security and Decentralized."
Feature 1: Privacy protection (predictive machine and public chain privacy)
Enigma founder Guy Zyskind once joked in his MIT graduation thesis that smart contracts can only become commercially valuable if they become "confidential contracts." He later proposed that zk-snarks and Trusted Execution Environment (TEE) are the most promising solutions. He said nothing wrong.
What is zk-snarks ? Zk-snarks is a zero-knowledge proof mechanism (ZPK). So what is the zero-knowledge proof mechanism? In short: a zero-knowledge proof mechanism allows you to prove that you own certain information without revealing the content of the information.
Vitalik Buterin explained this concept in detail from a technical point of view in an article published in 2017. Hackernoon also wrote an excellent article explaining the concept in an easy-to-understand way with the example of a five-year-old child and Halloween candy.
What is the trusted execution environment? The trusted execution environment lets the code run on closed hardware, and
1 ) The guarantee result cannot be tampered with
2 ) Protecting absolute privacy, even hardware running code can't get confidential information.
The most well-known trusted execution environment is Intel SGX. Chainlink has established a partnership with Intel SGX after acquiring Tom Crier.
Ernst & Young released the Nightfall agreement on Github on May 31, 2019. A well-known accounting firm with a history of 100 years will choose to add privacy features to the public chain instead of developing a private chain. This is a problem.
Since then, the community has been actively developing on this basis, not only to improve the code, but also to develop a plug-and-play Truffle Box for those who are not good at writing code. Blockchain communities and businesses generally rarely collaborate, so these collaborations fully demonstrate the popularity of Nightfall.
Prior to this, two zk-snark-based Ethereum public chain privacy protocols were introduced, namely AZTEC (Consensys) and Zether (Stanford, JPMorgan Chase). An obvious trend is slowly taking shape.
In the field of oracles, Chainlink uses both zero-knowledge proof and a trusted execution environment to complement each other. Trusted execution environments guarantee data privacy, even for nodes that cannot access data (this feature is critical for bank accounts and API keys).
Chainlink is still trying to implement a trusted execution environment, and nodes can access data temporarily, so authentication services are also needed. Although the credible execution environment is almost 100% foolproof, in theory, a strong shield has a spear that can penetrate it. Therefore, the team is currently trying to run zk-snarks in a trusted execution environment (Thomas Hodges mentioned this in the 2019 Trufflecon Q&A session). The combination of the two can form a very robust and complete system. The attacker must find a way to strip all the layers of an onion at the same time to make any effective attack (and it is already difficult to peel off a layer of skin).
“Chainlink combines a trusted execution environment with zero-knowledge proof to build what we call a defense-in-depth system, which means they provide all the tools needed for smart contract developers, including trusted execution environments, multiple nodes, and Data sources, fine margins, reputation systems, asymmetric encryption, zero-knowledge proofs, WASM, and OTP+RNG, these features allow smart contract developers to adjust the confidentiality and cost of contracts based on specific budget and security needs. Machine, Chainlink and its four major application scenarios》
In the future, zk-snarks may be upgraded to zk-starks (a fully transparent zero-knowledge proof mechanism) that protects the system from quantum computer attacks. And the best thing about zk-starks is that it's more scalable than zk-snarks. In other words, it can better protect privacy, and the cost of gas will not increase.
If you want to learn more about zk-starks, you can read a popular science article written by Adam Luciano.
Feature 2: Scalability (scalability of predictive machines and public chains) To understand this problem, we can make an analogy like this:
A public chain is like a large enterprise, and every employee (ie, a node) must attend each meeting (ie, confirm each transaction). Imagine how inefficient this company is! Only customers who have a lot of money (ie gas fees) can get their requests to the forefront. And this is not the most serious problem. The most serious problem is that the more employees (ie nodes) who join the company, the harder it is for the company to function properly! In the end, the company not only failed to expand linearly, but also became smaller and smaller. Although this guarantees decentralization and security to the greatest extent, the price is completely abandoning scalability.
There are various temporary fire fighting solutions, but no one solution can completely solve this "impossible triangle problem." For example, EOS uses the DPOS mechanism (share authorization certification mechanism), where only 21 super nodes (many of which are well-known nodes) are responsible for verifying all transactions.
Sidechains (such as Bitcoin's Lightning Network and Ethereum's lightning network) guarantee scalability and decentralization at the expense of security.
So how to use the fragmentation technology to solve this problem? Let's make another analogy:
In reality, there is only one company that is not too much to ask everyone to attend all meetings, that is, small start-ups (that is, private chains that limit the number of nodes).
In most cases, large companies divide employees into thousands of teams (ie, shards), and each team's principal (ie, the certifier) ​​is responsible for reporting to the senior management (ie, the main chain). If people from different teams need to collaborate (and sometimes also), then they can collaborate by cross-shard receipts. If a new employee joins the company, the team can be re-segmented (ie re-sharding). This allows for linear expansion.
In fact, the process of developing a start-up to a large enterprise is surprisingly similar to the process of Ethereum 1.0 developing into Ethereum 2.0.
“The Ethereum 1.0 period is that several people who are alone are trying to build a world computer; and Ethereum 2.0 will really develop into a world computer.” Vitalik Buterin said in the first piece of the workshop.
Since Ethereum was not originally built on the principle of fragmentation, it takes seven steps to achieve the goal (this is a bit like the word morphing solitaire game). The first step is planned for January 3, 2020.
At the same time, developers can use many other blockchain platforms designed based on the fragmentation principle. Some platforms, including Zilliqa and Quarkchain, are already compatible with Chainlink.
If you want to see more in-depth technical analysis of shards, check out an article by Ramy Zhang.
In the field of oracles, Chainlink has the following two characteristics:
1 ) Use Schnorr threshold signatures to quickly reach consensus in a cost-effective manner. The next version of the chain only needs 16,000 gas.
2 ) We have previously discussed the need to use trusted execution environment hardware to ensure that nodes cannot access sensitive data. Since you have hardware in your hand, you can use it to do some actual computing work, so that you can properly reduce the amount of computation on the smart contract platform.
"With the SGX system (Town Crier) and zero-knowledge proof technology, the oracle can be truly reliable and confidential, so the boundaries between the oracle and the smart contract are beginning to flow... Our long-term strategy... is to let The predictor becomes the key chain of computing resources used by most smart contracts. We believe that the way to achieve this goal is to perform chain operations in the oracle to meet various computing needs, and then send the results to the smart contract."Chainlink White Paper, Section 6.3 (26 pages)
Of course, this “long-term strategy” has certain risks, unless Chainlink can implement a trusted execution environment and its service provider ecosystem can achieve a qualitative leap. However, the Chainlink team's vision is absolutely forward-looking: under-chain computing is a key factor in ensuring that blockchains are not dragged down by large amounts of IoT data.
The Internet of Things has dramatically increased the current state of big data. At present, most of the data is still generated on the software side, and it is not real-time data, and most of the data in the future will be real-time data generated on the sensor side. One of the big drawbacks of real-time data is that it increases storage pressure. For example, Coughlin Associates expects an unmanned car to generate 1G of data per second. This means that the same car will produce 3.6T data per hour!
The only viable solution is to do real-time analysis of the data, rather than storing the data first. In the Global Cloud Index: 2016-2021 Forecast and Methodology White Paper, Cisco predicts that more than 90% of data in 2021 will be analyzed in real time without storage.
That is to say, the essence of data is that it can only exist in just one instant. The nature of the blockchain is not to be modified, so the two are as incompatible as water and oil.
The solution is to analyze the raw data under the chain, extract the meaningful results and send them to the blockchain. The combination of fragmentation technology and trusted execution environment forms a new computing architecture, similar to the cloud computing-fog computing-edge computing architecture.
It should be noted here that it is good to improve computing power, but this is not the main purpose of the blockchain.
The fundamental purpose of the blockchain is not to reduce the original cost of computing and data storage. After all, technology giants such as Amazon, Microsoft, Google, Salesforce, Tencent, Alibaba, and Dropbox have built world-class cloud services. The centralized server wins high computational efficiency (but the blockchain will greatly improve the computational efficiency through fragmentation technology, and will catch up with it one day). The value of the blockchain is to reduce the cost of building trust. Nick Szabo calls it "social scalability" (this is a relative concept to the "operational" scalability we have been talking about). Vitalik Buterin also made it clear that the meaning of smart contracts is to accept small arithmetic delay penalties in exchange for a substantial reduction in "social costs."
Alex Coventry of the Chainlink team once raised the question: "We have missed many opportunities for cooperation and reciprocity because we can't confirm whether the other party will fulfill the promise?"
Is there any potential for data storage projects like Siacoin and IPFS? What about decentralized computing projects like SONM and Golem?
Siacoin 's core value proposition is not that its computing efficiency is higher than traditional cloud services. The cost of computing is required to split, repeat, and reassemble data. And companies are more capable of buying the latest and greatest hardware than individuals. Siacoin's core value proposition is to process data in an Airbnb-like mode, so management fees will be lower than traditional models. It also generates additional social value, such as flood control, privacy and security, and anti-censorship.
The same is true of Golem and SONM. Even with the most efficient protocol, it is inevitable that a small amount of delay will be imposed and fined to coordinate the hardware of different geographical locations. Therefore, under the condition that all other conditions are equal, the centralized hardware still has the advantage of faster computing speed. However, the core value proposition of the above project is to use the Airbnb-like model to reduce management costs.
We must strictly distinguish between "social scalability" and "operational scalability", and the two cannot be confused. I will explain these two concepts in detail when I discuss "Magic Bus and Lightweight Library" later.
Feature 3: Compatible with legal currency
Most mainstream companies do not regard cryptocurrencies as "real currencies." In addition, even if someone wants to use cryptocurrency for trading, it is very difficult to actually operate because of its high price volatility. I discussed the “price volatility problem” in detail in Chapters 8 and 9 of the previous article. These problems do not completely erase the existence value of cryptocurrencies, because cryptocurrencies also have many advantages that legal currency does not have. I am just emphasizing what we need to know more about the comfort zone of mainstream companies.
Chainlink acts as a universal API connector that triggers open banking payments. Chainlink is fully compliant with ISO 20022 and has established a long-term partnership with SWIFT (it is worth mentioning that SWIFT has not been updated for a long time and hopes to be updated after the SIBOS 2019 conference).
PSD2 will take effect on September 14, 2019. All banks in the EU will all comply with this new regulation by then. In other words, the bank must put all account data in the "front end" and can be called through the API. The approved third party (ie, the Chainlink node) can trigger the payment directly without the payment service provider.
Although the United States and Japan have not adopted similar laws, many banks still spontaneously promote the development of open banks. Banks open APIs to third-party developers to create new revenue streams and customer experiences that ultimately increase profitability. In addition, this will allow banks to better respond to competitors in the mobile payment and financial technology sectors in an APP-centric economic model.
As this open banking revolution continues, Chainlink will connect smart contracts with the world's major currencies (US dollar, euro, yen, etc.).
Only one external adapter is required to connect to the authenticated API. From a programming perspective, it is relatively simple to allow everyone in the community to contribute code to the code base (and thus achieve scalability). Chainlink has released adapters for PayPal and Mister Tango (European version of PayPal).
Feature 4: Data connection with the chain
Chainlink has been working on solving the "prophecy problem" and successfully succeeded on the main online line on May 30, 2019.
Chainlink has made many achievements in just a few months. Provable (formerly Oraclize) was successfully used on the Chainlink node and finally settled the debate about whether the predictor should be centralized or decentralized.
Synthetic Ether lost 37 million Ethercoins in a hack because it did not connect to Chainlink. Fortunately, the money was finally recovered and did not cause any loss. This lesson illustrates the importance of decentralized oracles.
In addition, both Oracle and Google have partnered with Chainlink to monetize their API data and create a virtuous circle to capture the market opportunities that Facebook missed.
There are new nodes coming online every week, and the network activity has been very high. The Chainlink team maintains a list of certified nodes in the documentation and Twitter releases. Twitter user CryptoSponge also set up a new development for the Tableau push update Chainlink team:
Regarding the importance of the current stage in the history of blockchain development, Brad Huston summed it up very brilliantly:
"The biggest problem with cryptocurrencies is to build bridges between cryptocurrencies, fiat currencies and big data. Chainlink is very beautifully narrowing the distance between the three. Now it can even be said: 'The bridge has been built.'"
Magic bus and lightweight library
Let's summarize what we discussed earlier. The real purpose of the blockchain is to reduce the cost of building trust and achieve "social scalability."
Therefore, according to this logic, the main application scenarios of platforms such as Ethereum 2.0 and Zilliqa should be in the B2B field. I quote a sentence I wrote in a previous article:
“My conclusion is: If the smart contract is successful, it will also succeed in the B2B field first.”
The private chain itself is self-contradictory and destined to fail. It has led to the phenomenon of occupying the hills, thus increasing the social cost, which is in opposition to B2B itself, and ultimately it is self-restraint. ”
Before the emergence of fragmentation technology, even simple games (ie, etheric cats) could not be smoothly run on the public chain, let alone dealing with complex B2B contracts and even changing commercial DNA. With the sharding technology, everything is ready.
Despite this, we can't use Ethereum 2.0 as an all-powerful platform. Just now we said that although it is a good thing to speed up the calculation, this is not the real purpose of Ethereum 2.0. And before we also said that due to the irreversible modification of the blockchain, it is not good to deal with a large number of fleeting real-time data of the Internet of Things. In other words, we must be soberly aware that Ethereum 2.0 will not replace traditional web 2.0. Instead, we should make better use of the real advantages of Ethereum 2.0:
“There is a new concept now, that is to think of the Ethereum main network as a global bus... We use the Ethereum 2.0 main network to treat various business resources as a working group on Slack: it can be easily built and integrated. And restructuring. The SAP inventory management system in your company, the dealer's JD Edwards ERP system, and the financial technology partner's tall blockchain system can seamlessly interface, eliminating the need to develop an infrastructure specifically for each partner." - John Wolper describes his ideal "magic bus"
Ethereum 2.0 should be an integration center, not a data center or computing center. It should be a library built specifically to store B2B contract terms (to be honest, even with fragmentation technology, the amount of data is large enough).
We should not expect Ethereum 2.0 to be an all-powerful platform, but rather develop it into a "lightweight library."
If we reorder the pyramid model just now, the architecture of the magic bus is obvious:
Of course, the positional relationship in the above model is not static. With the development of 5G technology, edge computing and IoT sensors, they may bypass the cloud to directly interact (or even bypass the fog end). If the collaboration between Iotex and Chainlink is successful, then the edge can interact directly with the trusted execution environment.
Time will tell if Airbnb's shared data storage and computing model can make management costs lower than the current mainstream Web 2.0 model. Time will also prove whether the market really needs anti-censorship, anti-tampering, security protection and privacy protection. Do users really care about these social values ​​and are willing to pay for them? Do they think these are just the icing on the cake or the most fundamental value?
in conclusion
Whether it is the battle between web2.0 and web3.0 or the battle between cryptocurrency and legal currency, one thing is beyond doubt:
We have reached the tipping point, and the era of smart contracts with commercial value has arrived.
In fact, the only problem at the moment is the time issue, and the main roadblocks have been basically cleared.
  1. When will Ethereum 2.0 finish these 7 stages and be officially released?
  2. When will Chainlink use a trusted execution environment on a large scale? If the cooperation between Intel SGX and Town Crier fails, what alternative plans are there? Will Chainlink communicate with other blockchain teams that plan to use a trusted execution environment (such as Dawn Song's Oasis Labs)?
At present, the main technical problems in the ecosystem have been solved, and now it is only necessary to recruit a group of enthusiastic developers to do the work of “connecting the line”.
Digital currency has changed commercial DNA, and the future is full of possibilities.
The only thing that hinders us now is our own imagination. The future is infinitely imaginative, and the future will be the world of developers. Dapps is already overwhelming. There is no doubt that we have found the ultimate nirvana.
This text was translated from Chinese, open following in Chrome and translate to see all images:
https://bihu.com/article/1242138347
submitted by QuantLink to LINKTrader [link] [comments]

Illegal gambling, futures markets on murder, and other undesirables are already possible without OP_CDSV

Recently, Craig Wright has claimed that the motivation for Bitcoin ABC's OP_CHECKDATASIGVERIFY is to allow for illegal activity on Bitcoin Cash by enabling futures markets and on-chain gambling. But there's a problem with this claim: You don't need OP_CDSV for any of those things.
You can do on-chain gambling without CDSV. You can do futures contracts (e.g. for assassination of a target) without CDSV. All you need for that is for an oracle to SHA256 two secret messages, and then only reveal one of the two messages later on. The spend transaction needs to produce the secret message in order to spend the transaction.
An oracle can publish two SHA256 hashes:
  1. SHA_A means that JFK has been assassinated as of Jan 1st, 1970.
  2. SHA_B means that JFK has not been assassinated as of Jan 1st, 1970.
The oracle keeps the messages which are used to generate those hashes secret until 1970, at which time the oracle releases either MSG_A or MSG_B, such that SHA256(MSG_A) = SHA_A, and so forth.
A market can then be established for transactions that pay out to a different pubkey depending on which of the two messages has been revealed.
Thanks to Thomas Bakketun for pointing this out.
This SHA256 mechanism is several times cheaper in terms of transaction fees to use than OP_CDSV, as it can work with 32 byte messages and SHA256 hashes instead of ~80 byte signatures, 33 byte pubkeys, and ~32 byte messages. Even if we had OP_CDSV, this SHA256 method would be preferred in many oracle contexts.
This SHA256 mechanism can be used for all of the illegal activities that CSW has claimed were CDSV's purpose, but cannot be used for awemany's 0-conf forfeits idea, or Mark Lundeberg's pay-to-identity and PGP-on-BCH ideas, all of which specifically require ECDSA verification.
submitted by jtoomim to btc [link] [comments]

Is Crypto Currency truly at risk due to Quantum Computers, and what can you do about it?

Is Crypto Currency truly at risk due to Quantum Computers, and what can you do about it?

There is no denying that the Quantum revolution is coming. Security protocols for the internet, banking, telecommunications, etc... are all at risk, and your Bitcoins (and alt-cryptos) are next!
This article is not really about quantum computers[i], but, rather, how they will affect the future of cryptocurrency, and what steps a smart investor will take. Since this is a complicated subject, my intention is to provide just enough relevant information without being too “techy.”

The Quantum Evolution

In 1982, Nobel winning physicist, Richard Feynman, hypothesized how quantum computers[ii] would be used in modern life.
Just one year later, Apple released the “Apple Lisa”[iii] – a home computer with a 7.89MHz processor and a whopping 5MB hard drive, and, if you enjoy nostalgia, it used 5.25in floppy disks.
Today, we walk around with portable devices that are thousands of times more powerful, and, yet, our modern day computers still work in a simple manner, with simple math, and simple operators[iv]. They now just do it so fast and efficient that we forget what’s happening behind the scenes.
No doubt, the human race is accelerating at a remarkable speed, and we’ve become obsessed with quantifying everything - from the everyday details of life to the entire universe[v]. Not only do we know how to precisely measure elementary particles, we also know how to control their actions!
Yet, even with all this advancement, modern computers cannot “crack” cryptocurrencies without the use of a great deal more computing power, and since it’s more than the planet can currently supply, it could take millions, if not billions, of years.
However, what current computers can’t do, quantum computers can!
So, how can something that was conceptualized in the 1980’s, and, as of yet, has no practical application, compromise cryptocurrencies and take over Bitcoin?
To best answer this question, let’s begin by looking at a bitcoin address.

What exactly is a Bitcoin address?

Well, in layman terms, a Bitcoin address is used to send and receive Bitcoins, and looking a bit closer (excuse the pun), it has two parts:[vi]
A public key that is openly shared with the world to accept payments. A public key that is derived from the private key. The private key is made up of 256 bits of information in a (hopefully) random order. This 256 bit code is 64 characters long (in the range of 0-9/a-f) and further compressed into a 52 character code (using RIPEMD-160).
NOTE: Although many people talk about Bitcoin encryption, Bitcoin does not use Encryption. Instead, Bitcoin uses a hashing algorithm (for more info, please see endnote below[vii]).
Now, back to understanding the private key:
The Bitcoin address “1EHNa6Q4Jz2uvNExL497mE43ikXhwF6kZm” translates to a private key of “5HpHagT65TZzG1PH3CSu63k8DbpvD8s5ip4nEB3kEsreAnchuDf” which further translates to a 256 bit private key of “0000000000000000000000000000000000000000000000000000000000000001” (this should go without saying, but do not use this address/private key because it was compromised long ago.) Although there are a few more calculations that go behind the scenes, these are the most relevant details.
Now, to access a Bitcoin address, you first need the private key, and from this private key, the public key is derived. With current computers, it’s classically impractical to attempt to find a private key based on a public key. Simply put, you need the private key to know the public key.
However, it has already been theorized (and technically proven) that due to private key compression, multiple private keys can be used to access the same public key (aka address). This means that your Bitcoin address has multiple private keys associated with it, and, if someone accidentally discovers or “cracks” any one of those private keys, they have access to all the funds in that specific address.
There is even a pool of a few dedicated people hunting for these potential overlaps[viii], and they are, in fact, getting very efficient at it. The creator of the pool also has a website listing every possible Bitcoin private key/address in existence[ix], and, as of this writing, the pool averages 204 trillion keys per day!
But wait! Before you get scared and start panic selling, the probability of finding a Bitcoin address containing funds (or even being used) is highly unlikely – nevertheless, still possible!
However, the more Bitcoin users, the more likely a “collision” (finding overlapping private/public key pairs)! You see, the security of a Bitcoin address is simply based on large numbers! How large? Well, according to my math, 1.157920892373x1077 potential private keys exist (that number represents over 9,500 digits in length! For some perspective, this entire article contains just over 14,000 characters. Therefore, the total number of Bitcoin addresses is so great that the probability of finding an active address with funds is infinitesimal.

So, how do Quantum Computers present a threat?

At this point, you might be thinking, “How can a quantum computer defeat this overwhelming number of possibilities?” Well, to put it simple; Superposition and Entanglement[x].
Superposition allows a quantum bit (qbit) to be in multiple states at the same time. Entanglement allows an observer to know the measurement of a particle in any location in the universe. If you have ever heard Einstein’s quote, “Spooky Action at a Distance,” he was talking about Entanglement!
To give you an idea of how this works, imagine how efficient you would be if you could make your coffee, drive your car, and walk your dog all at the same time, while also knowing the temperature of your coffee before drinking, the current maintenance requirements for your car, and even what your dog is thinking! In a nutshell, quantum computers have the ability to process and analyze countless bits of information simultaneously – and so fast, and in such a different way, that no human mind can comprehend!
At this stage, it is estimated that the Bitcoin address hash algorithm will be defeated by quantum computers before 2028 (and quite possibly much sooner)! The NSA has even stated that the SHA256 hash algorithm (the same hash algorithm that Bitcoin uses) is no longer considered secure, and, as a result, the NSA has now moved to new hashing techniques, and that was in 2016! Prior to that, in 2014, the NSA also invested a large amount of money in a research program called “Penetrating Hard Targets project”[xi] which was used for further Quantum Computer study and how to break “strong encryption and hashing algorithms.” Does NSA know something they’re not saying or are they just preemptively preparing?
Nonetheless, before long, we will be in a post-quantum cryptography world where quantum computers can crack crypto addresses and take all the funds in any wallet.

What are Bitcoin core developers doing about this threat?

Well, as of now, absolutely nothing. Quantum computers are not considered a threat by Bitcoin developers nor by most of the crypto-community. I’m sure when the time comes, Bitcoin core developers will implement a new cryptographic algorithm that all future addresses/transactions will utilize. However, will this happen before post-quantum cryptography[xii]?
Moreover, even after new cryptographic implementation, what about all the old addresses? Well, if your address has been actively used on the network (sending funds), it will be in imminent danger of a quantum attack. Therefore, everyone who is holding funds in an old address will need to send their funds to a new address (using a quantum safe crypto-format). If you think network congestion is a problem now, just wait…
Additionally, there is the potential that the transition to a new hashing algorithm will require a hard fork (a soft fork may also suffice), and this could result in a serious problem because there should not be multiple copies of the same blockchain/ledger. If one fork gets attacked, the address on the other fork is also compromised. As a side-note, the blockchain Nebulas[xiii] will have the ability to modify the base blockchain software without any forks. This includes adding new and more secure hashing algorithms over time! Nebulas is due to be released in 2018.

Who would want to attack Bitcoin?

Bitcoin and cryptocurrency represent a threat to the controlling financial system of our modern economy. Entire countries have outright banned cryptocurrency[xiv] and even arrested people[xv], and while discrediting it, some countries are copying cryptocurrency to use (and control) in their economy[xvi]!
Furthermore, Visa[xvii], Mastercard[xviii], Discover[xix], and most banks act like they want nothing to do with cryptocurrency, all the while seeing the potential of blockchain technology and developing their own[xx]. Just like any disruptive technology, Bitcoin and cryptocurrencies have their fair share of enemies!
As of now, quantum computers are being developed by some of the largest companies in the world, as well as private government agencies.
No doubt, we will see a post-quantum cryptography world sooner than most realize. By that point, who knows how long “3 letter agencies” will have been using quantum technology - and what they’ll be capable of!

What can we do to protect ourselves today?

Of course, the best option is to start looking at how Bitcoin can implement new cryptographic features immediately, but it will take time, and we have seen how slow the process can be just for scaling[xxi].
The other thing we can do is use a Bitcoin address only once for outgoing transactions. When quantum computers attack Bitcoin (and other crypto currencies), their first target will be addresses that have outgoing transactions on the blockchain that contain funds.
This is due to the fact that when computers first attempt to crack a Bitcoin address, the starting point is when a transaction becomes public. In other words, when the transaction is first signed – a signed transaction is a digital signature derived from the private key, and it validates the transaction on the network. Compared to classical computers, quantum computers can exponentially extrapolate this information.
Initially, Bitcoin Core Software might provide some level of protection because it only uses an address once, and then sends the remaining balance (if any) to another address in your keypool. However, third party Bitcoin wallets can and do use an address multiple times for outgoing transactions. For instance, this could be a big problem for users that accept donations (if they don’t update their donation address every time they remove funds). The biggest downside to Bitcoin Core Software is the amount of hard-drive space required, as well as diligently retaining an up-to-date copy of the entire blockchain ledger.
Nonetheless, as quantum computers evolve, they will inevitably render SHA256 vulnerable, and although this will be one of the first hash algorithms cracked by quantum computers, it won’t be the last!

Are any cryptocurrencies planning for the post-quantum cryptography world?

Yes, indeed, there are! Here is a short list of ones you may want to know more about:

Full disclosure:

Although I am in no way associated with any project listed above, I do hold coins in all as well as Bitcoin, Litecoin and many others.
The thoughts above are based on my personal research, but I make no claims to being a quantum scientist or cryptographer. So, don’t take my word for anything. Instead, do your own research and draw your own conclusions. I’ve included many references below, but there are many more to explore.
In conclusion, the intention of this article is not to create fear or panic, nor any other negative effects. It is simply to educate. If you see an error in any of my statements, please, politely, let me know, and I will do my best to update the error.
Thanks for reading!

References

[i] https://www.youtube.com/watch?v=JhHMJCUmq28 – A great video explaining quantum computers.
[ii] https://www.doc.ic.ac.uk/~nd/surprise_97/journal/vol4/spb3/ - A brief history of quantum computing.
[iii] https://en.wikipedia.org/wiki/Apple_Lisa - More than you would ever want to know about the Apple Lisa.
[iv] https://www.youtube.com/watch?v=tpIctyqH29Q&list=PL8dPuuaLjXtNlUrzyH5r6jN9ulIgZBpdo - Want to learn more about computer science? Here is a great crash course for it!
[v] https://www.collinsdictionary.com/dictionary/english/quantify - What does quantify mean?
[vi] https://en.bitcoin.it/wiki/Private_key - More info about Bitcoin private keys.
[vii] https://www.securityinnovationeurope.com/blog/page/whats-the-difference-between-hashing-and-encrypting - A good example of the deference between Hash and Encryption
[viii] https://lbc.cryptoguru.org/stats - The Large Bitcoin Collider.
[ix] http://directory.io/ - A list of every possible Bitcoin private key. This website is a clever way of converting the 64 character uncompressed key to the private key 128 at a time. Since it is impossible to save all this data in a database and search, it is not considered a threat! It’s equated with looking for a single needle on the entire planet.
[x] https://uwaterloo.ca/institute-for-quantum-computing/quantum-computing-101#Superposition-and-entanglement – Brief overview of Superposition and Entanglement.
[xi] https://www.washingtonpost.com/world/national-security/nsa-seeks-to-build-quantum-computer-that-could-crack-most-types-of-encryption/2014/01/02/8fff297e-7195-11e3-8def-a33011492df2_story.html?utm_term=.e05a9dfb6333 – A review of the Penetrating Hard Targets project.
[xii] https://en.wikipedia.org/wiki/Post-quantum_cryptography - Explains post-quantum cryptography.
[xiii] https://www.nebulas.io/ - The nebulas project has some amazing technology planned in their roadmap. They are currently in testnet stage with initial launch expected taking place in a few weeks. If you don’t know about Nebulas, you should check them out. [xiv] https://en.wikipedia.org/wiki/Legality_of_bitcoin_by_country_or_territory - Country’s stance on crypto currencies.
[xv] https://www.cnbc.com/2017/08/30/venezuela-is-one-of-the-worlds-most-dangerous-places-to-mine-bitcoin.html - Don’t be a miner in Venezuela!
[xvi] http://www.newsweek.com/russia-bitcoin-avoid-us-sanctions-cryptocurrency-768742 - Russia’s plan for their own crypto currency.
[xvii] http://www.telegraph.co.uk/technology/2018/01/05/visa-locks-bitcoin-payment-cards-crackdown-card-issue - Recent attack from visa against crypto currency.
[xviii] https://www.ccn.com/non-government-digital-currency-junk-says-mastercard-ceo-rejecting-bitcoin/ - Mastercards position about Bitcoin.
[xix] http://www.livebitcoinnews.com/discover-joins-visa-mastercard-barring-bitcoin-support/ - Discovers position about Bitcoin.
[xx] http://fortune.com/2017/10/20/mastercard-blockchain-bitcoin/ - Mastercard is making their own blockchain.
[xxi] https://bitcoincore.org/en/2015/12/21/capacity-increase/ - News about Bitcoin capacity. Not a lot of news…
[xxii] https://learn.iota.org/faq/what-makes-iota-quantum-secure - IOTA and quantum encryption.
[xxiii] https://eprint.iacr.org/2011/191.pdf - The whitepaper of Winternitz One-Time Signature Scheme
[xxiv] https://cardanoroadmap.com/ - The Cardano project roadmap.
[xxv] https://eprint.iacr.org/2017/490 - More about the BLISS hash system.
[xxvi] https://www.ethereum.org/ - Home of the Ethereum project.
[xxvii] https://en.wikipedia.org/wiki/SHA-3#Security_against_quantum_attacks – SHA3 hash algorithm vs quantum computers.
[xxviii] https://en.wikipedia.org/wiki/Lamport_signature - Lamport signature information.
[xxix] https://theqrl.org/ - Home of the Quantum Resistant Ledger project.
submitted by satoshibytes to CryptoCurrency [link] [comments]

IOTA and Tangle discussion/info, scam or not?

In the past weeks I heard a lot pros and cons about IOTA, many of them I believe were not true (I'll explain better). I would like to start a serious discussion about IOTA and help people to get into it. Before that I'll contribute with what I know, most things that I will say will have a source link providing some base content.
 
The pros and cons that I heard a lot is listed below, I'll discuss the items marked with *.
Pros
Cons
 

Scalability

Many users claim that the network infinitely scales, that with more transactions on the network the faster it gets. This is not entirely true, that's why we are seeing the network getting congested (pending transactions) at the moment (12/2017).
The network is composed by full-nodes (stores all transactions), each full-node is capable of sending transactions direct to the tangle. An arbitrary user can set a light-node (do not store all transactions, therefore a reduced size), but as it does not stores all transactions and can't decide if there are conflicting transactions (and other stuff) it needs to connect to a full-node (bitifinex node for example) and then request for the full-node to send a transaction to the tangle. The full-node acts like a bridge for a light-node user, the quantity of transactions at the same time that a full-node can push to the tangle is limited by its brandwidth.
What happens at the moment is that there are few full-nodes, but more important than that is: the majority of users are connected to the same full-node basically. The full-node which is being used can't handle all the requested transactions by the light-nodes because of its brandwidth. If you are a light-node user and is experiencing slow transactions you need to manually select other node to get a better performance. Also, you need to verify that the minimum weight magnitude (difficulty of the Hashcash Proof of Work) is set to 14 at least.
The network seems to be fine and it scales, but the steps an user has to make/know are not friendly-user at all. It's necessary to understand that the technology envolved is relative new and still in early development. Do not buy iota if you haven't read about the technology, there is a high chance of you losing your tokens because of various reasons and it will be your own fault. You can learn more about how IOTA works here.
There are some upcoming solutions that will bring the user-experience to a new level, The UCL Wallet (expected to be released at this month, will talk about that soon and how it will help the network) and the Nelson CarrIOTA (this week) besides the official implementations to come in december.
 

Centralization

We all know that currently (2017) IOTA depends on the coordinator because the network is still in its infancy and because of that it is considered centralized by the majority of users.
The coordinator are several full-nodes scattered across the world run by the IOTA foundation. It creates periodic Milestones (zero value transactions which reference valid transactions) which are validated by the entire network. The coordinator sets the general direction for the tangle growth. Every node verifies that the coordinator is not breaking consensus rules by creating iotas out of thin air or approving double-spendings, nodes only tells other nodes about transactions that are valid, if the Coordinator starts issuing bad Milestones, nodes will reject them.
The coordinator is optional since summer 2017, you can choose not implement it in your full-node, any talented programmer could replace Coo logic in IRI with Random Walk Monte Carlo logic and go without its milestones right now. A new kind of distributed coordinator is about to come and then, for the last, its completely removal. You can read more about the coordinator here and here.

Mining-Blockchain-based Cryptocurrencies

These are blockchain-based cryptocurrencies (Bitcoin) that has miners to guarantee its security. Satoshi Nakamoto states several times in the Bitcoin whitepaper that "The system is secure as long as honest nodes collectively control more CPU power than any cooperating group of attacker nodes". We can see in Blockchain.info that nowadays half of the total hashpower in Bitcoin is controlled by 3 companies (maybe only 1 in the future?). Users must trust that these companies will behave honestly and will not use its 50%> hashpower to attack the network eventually. With all that said it's reasonable to consider the IOTA network more decentralized (even with the coordinator) than any mining-blockchain-based cryptocurrency
You can see a comparison between DAG cryptocurrencies here
 

IOTA partnerships

Some partnerships of IOTA foundation with big companies were well known even when they were not officialy published. Some few examples of confirmed partnerships are listed below, others cofirmed partnerships can be seem in the link Partnerships with big companies at the pros section.
So what's up with all alarming in social media about IOTA Foundation faking partnerships with big companies like Microsoft and Cisco?
At Nov. 28th IOTA Foundation announced the Data Marketplace with 30+ companies participating. Basically it's a place for any entity sell data (huge applications, therefore many companies interested), at time of writing (11/12/2017) there is no API for common users, only companies in touch with IOTA Foundation can test it.
A quote from Omkar Naik (Microsoft worker) depicted on the Data Marketplace blog post gave an idea that Microsoft was in a direct partnership with IOTA. Several news websites started writing headlines "Microsoft and IOTA launches" (The same news site claimed latter that IOTA lied about partnership with Microsoft) when instead Microsoft was just one of the many participants of the Data Marketplace. Even though it's not a direct partnership, IOTA and Microsoft are in close touch as seen in IOTA Microsoft and Bosch meetup december 12th, Microsoft IOTA meetup in Paris 14th and Microsoft Azure adds 5 new Blockchain partners (may 2016). If you join the IOTA Slack channel you'll find out that there are many others big companies in close touch with IOTA like BMW, Tesla and other companies. This means that right now there are devs of IOTA working directly with scientists of these companies to help them integrate IOTA on their developments even though there is no direct partnership published, I'll talk more about the use cases soon.
We are excited to partner with IOTA foundation and proud to be associated with its new data marketplace initiative... - Omkar Naik
 

IOTA's use cases

Every cryptocurrency is capable of being a way to exchange goods, you pay for something using the coin token and receive the product. Some of them are more popular or have faster transactions or anonymity while others offers better scalablity or user-friendness. But none of them (except IOTA) are capable of transactioning information with no costs (fee-less transactions), in an securely form (MAM) and being sure that the network will not be harmed when it gets more adopted (scales). These characteristics open the gates for several real world applications, you probably might have heard of Big Data and how data is so important nowadays.
Data sets grow rapidly - in part because they are increasingly gathered by cheap and numerous information-sensing Internet of things devices such as mobile devices, aerial (remote sensing), software logs, cameras, microphones, radio-frequency identification (RFID) readers and wireless sensor networks.
 
It’s just the beginning of the data period. Data is going to be so important for human life in the future. So we are now just starting. We are a big data company, but compared to tomorrow, we are nothing. - Jack Ma (Alibaba)
There are enormous quantities of wasted data, often over 99% is lost to the void, that could potentially contain extremely valuable information if allowed to flow freely in data streams that create an open and decentralized data lake that is accessible to any compensating party. Some of the biggest corporations of the world are purely digital like Google, Facebook and Amazon. Data/information market will be huge in the future and that's why there so many companies interested in what IOTA can offer.
There are several real world use cases being developed at the moment, many of them if successful will revolutionize the world. You can check below a list of some of them.
Extra
These are just few examples, there are a lot more ongoing and to explore.
 

IOTA Wallet (v2.5.4 below)

For those who have read a lot about IOTA and know how it works the wallet is fine, but that's not the case for most users. Issues an user might face if decide to use the current wallet:
Problems that could be easily avoided with a better understand of the network/wallet or with a better wallet that could handle these issues. As I explained before, some problems during the "congestion" of the network could be simply resolved if stuff were more user-friendly, this causes many users storing their iotas on exchanges which is not safe either.
The upcoming (dec 2017) UCL Wallet will solve most of these problems. It will switch between nodes automatically and auto-reattach transactions for example (besides other things). You can have full a overview of it here and here. Also, the upcoming Nelson CarrIOTA will help on automatic peer discovery for users setup their nodes more easily.
 

IOTA Vulnerability issue

On sept 7th 2017 a team from MIT reported a cryptographic issue on the hash function Curl. You can see the full response of IOTA members below.
Funds were never in danger as such scenarios depicted on the Neha's blogpost were not pratically possible and the arguments used on the blogpost had'nt fundamentals, all the history you can check by yourself on the responses. Later it was discovered that the whole Neha Narula's team were envolved in other concurrent cryptocurrency projects
Currently IOTA uses the relatively hardware intensive NIST standard SHA-3/Keccak for crucial operations for maximal security. Curl is continuously being audited by more cryptographers and security experts. Recenlty IOTA Foundation hired Cybercrypt, the world leading lightweight cryptography and security company from Denmark to take the Curl cryptography to its next maturation phase.
 
It took me a couple of days to gather the informations presented, I wanted it to make easier for people who want to get into it. It might probably have some mistakes so please correct me if I said something wrong. Here are some useful links for the community.
This is my IOTA donation address, in case someone wants to donate I will be very thankful. I truly believe in this project's potential.
I9YGQVMWDYZBLHGKMTLBTAFBIQHGLYGSAGLJEZIV9OKWZSHIYRDSDPQQLTIEQEUSYZWUGGFHGQJLVYKOBWAYPTTGCX
 
This is a donation address, if you want to do the same you might pay attention to some important details:
  • Create a seed for only donation purposes.
  • Generate a address and publish it for everyone.
  • If you spend any iota you must attach a new address to the tangle and refresh your donation address published before to everyone.
  • If someone sends iota to your previous donation address after you have spent from it you will probably lose the funds that were sent to that specific address.
  • You can visualize how addresses work in IOTA here and here.
This happens because IOTA uses Winternitz one-time signature to become quantum resistent. Every time you spend iota from a address, part of the private key of that specific address is revealed. This makes easier for attackers to steal that address balance. Attackers can search if an address has been reused on the tangle explorer and try to brute force the private key since they already know part of it.
submitted by mvictordbz to CryptoCurrency [link] [comments]

Technical: Pay-to-contract and Sign-to-contract

What's this? I don't make a Technical post for a month and now BitPay is censoring the Hong Kong Free Press? Shit I'm sorry, it's all my fault for not posting a Technical post regularly!! Now posting one so that we have a censorship-free Bitcoin universe!
Pay-to-contract and sign-to-contract are actually cryptographic techniques to allow you to embed a commitment in a public key (pay-to-contract) or signature (sign-to-contract). This commitment can be revealed independently of the public key / signature without leaking your private key, and the existence of the commitment does not prevent you from using the public key / signature as a normal pubkey/signature for a normal digital signing algorithm.
Both techniques utilize elliptic curve homomorphism. Let's digress into that a little first.

Elliptic Curve Homomorphism

Let's get an oversimplified view of the maths involved first.
First, we have two "kinds" of things we can compute on.
  1. One kind is "scalars". These are just very large single numbers. Traditionally represented by small letters.
  2. The other kind is "points". These are just pairs of large numbers. Traditionally represented by large letters.
Now, an "Elliptic Curve" is just a special kind of curve with particular mathematical properties. I won't go into those properties, for the very reasonable reason that I don't actually understand them (I'm not a cryptographer, I only play one on reddit!).
If you have an Elliptic Curve, and require that all points you work with are on some Elliptic Curve, then you can do these operations.
  1. Add, subtract, multiply, and divide scalars. Remember, scalars are just very big numbers. So those basic mathematical operations still work on big numbers, they're just big numbers.
  2. "Multiply" a scalar by a point, resulting in a point. This is written as a * B, where a is the scalar and B is a point. This is not just multiplying the scalar to the point coordinates, this is some special Elliptic Curve thing that I don't understand either.
  3. "Add" two points together. This is written as A + B. Again, this is some special Elliptic Curve thing.
The important part is that if you have:
A = a * G B = b * G Q = A + B 
Then:
q = a + b Q = q * G 
That is, if you add together two points that were each derived from multiplying an arbitarry scalar with the same point (G in the above), you get the same result as adding the scalars together first, then multiplying their sum with the same point will yield the same number. Or:
a * G + b * G = (a + b) * G 
And because multiplication is just repeated addition, the same concept applies when multiplying:
a * (b * G) = (a * b) * G = (b * a) * G = b * (a * G) 
Something to note in particular is that there are few operations on points. One operation that's missing is "dividing" a point by a point to yield a scalar. That is, if you have:
A = a * G 
Then, if you know A but don't know the scalar a, you can't do the below:
a = A / G 
You can't get a even if you know both the points A and G.
In Elliptic Curve Cryptography, scalars are used as private keys, while points are used as public keys. This is particularly useful since if you have a private key (scalar), you can derive a public key (point) from it (by multiplying the scalar with a certain standard point, which we call the "generator point", traditionally G). But there is no reverse operation to get the private key from the public key.

Commitments

Let's have another mild digression.
Sometimes, you want to "commit' to something that you want to keep hidden for now. This is actually important in some games and so on. For example, if you are paying a game of Twenty Questions, one player must first write the object they are thinking of, then fold or hide it in such a way that what they wrote is not visible. Then, after the guessing player has asked twenty questions to narrow down what the object is and has revealed what he or she thinks the object being guessed was, the guessee reveals the object by unfodling and showing the paper.
The act of writing down commits you to the specific thing you wrote down. Folding the paper and/or hiding it, err, hides what you wrote down. Later, when you unfold the paper, you reveal your commitment.
The above is the analogy to the development of cryptographic commitments.
  1. First you select some thing --- it could be anything, a song, a random number, a promise to deliver products and services, the real identity of Satoshi Nakamoto.
  2. You commit to it by giving it as input to a one-way function. A one-way function is a function which allows you to get an output from an input, but after you perform that there is no way to reverse it and determine the original input knowing only the final output. Hash functions like SHA are traditionally used as one-way functions. As a one-way function, this hides your original input.
  3. You give the commitment (the output of the one-way function given your original input) to whoever wants you to commit.
  4. Later, when somebody demands to show what you committed to (for example after playing Twenty Questions), you reveal the commitment by giving the original input to the one-way function (i.e. the thing you selected in the first step, which was the thing you wanted to commit to).
  5. Whoever challenged you can verify your commitment by feeding your supposed original input to the same one-way function. If you honestly gave the correct input, then the challenger will get the output that you published above in step 3.

Salting

Now, sometimes there are only a few possible things you can select from. For example, instead of Twenty Questions you might be playing a Coin Toss Guess game.
What we'd do would be that, for example, I am the guesser and you the guessee. You select either "heads" or "tails" and put it in a commitment which you hand over to me. Then, I say "heads" or "tails" and have you reveal your commitment. If I guessed correctly I win, if not you win.
Unfortunately, if we were to just use a one-way function like an SHA hash function, it would be very trivial for me to win. All I would need to do would be to try passing "heads" and "tails" to the one-way function and see which one matches the commitment you gave me. Then I can very easily find out what your committed value was, winning the game consistently. In hacking, this can be made easier by making Rainbow Tables, and is precisely the technique used to derive passwords from password databases containing hashes of the passwords.
The way to solve this is to add a salt. This is basically just a large random number that we prepend (or append, order doesn't matter) to the actual value you want to commit to. This means that not only do I have to feed "heads" or "tails", I also have to guess the large random number (the salt). If the possible space of large random numbers is large enough, this prevents me from being able to peek at your committed data. The salt is sometimes called a blinding factor.

Pay-to-contract

Hiding commitments in pubkeys!
Pay-to-contract allows you to publish a public key, whose private key you can derive, while also being a cryptographic commitment. In particular, your private key is also used to derive a salt.
The key insight here is to realize that "one-way function" is not restricted to hash functions like SHA. The operation below is an example of a one-way function too:
h(a) = a * G 
This results in a point, but once the point (the output) is known, it is not possible to derive the input (the scalar a above). This is of course restricted to having the input be a scalar only, instead of an arbitrary-length message, but you can add a hash function (which can accept an arbitrary-length input) and then make its output (a fixed-length scalar) as the scalar to use.
First, pay-to-contract requires you to have a public and private keypair.
; p is private key P = p * G ; P is now public key 
Then, you have to select a contract. This is just any arbitrary message containing any arbitrary thing (it could be an object for Twenty Questions, or "heads" or "tails" for Coin Toss Guessing). Traditionally, this is symbolized as the small letter s.
In order to have a pay-to-contract public key, you need to compute the below from your public key P (called the internal public key; by analogy the private key p is the internal private key):
Q = P + h(P | s) * G 
"h()" is any convenient hash function, which takes anything of arbitrary length, and outputs a scalar, which you can multiply by G. The syntax "P | s" simply means that you are prepending the point P to the contract s.
The cute thing is that P serves as your salt. Any private key is just an arbitrary random scalar. Multiplying the private key by the generator results in an arbitrary-seeming point. That random point is now your salt, which makes this into a genuine bonafide hiding cryptographic commitment!
Now Q is a point, i.e. a public key. You might be interested in knowing its private key, a scalar. Suppose you postulate the existence of a scalar q such that:
 Q = q * G 
Then you can do the below:
 Q = P + h(P | s) * G Q = p * G + h(P | s) * G Q = (p + h(P | s)) * G 
Then we can conclude that:
 q = p + h(P | s) 
Of note is that somebody else cannot learn the private key q unless they already know the private key p. Knowing the internal public key P is not enough to learn the private key q. Thus, as long as you are the only one who knows the internal private key p, and you keep it secret, then only you can learn the private key q that can be used to sign with the public key Q (that is also a pay-to-contract commitment).
Now Q is supposed to be a commitment, and once somebody else knows Q, they can challenge you to reveal your committed value, the contract s. Revealing the pay-to-contract commitment is done by simply giving the internal public key P (which doubles as the salt) and the committed value contract s.
The challenger then simply computes:
P + h(P | s) * G 
And verifies that it matches the Q you gave before.
Some very important properties are:
  1. If you reveal first, then you still remain in sole control of the private key. This is because revelation only shows the internal public key and the contract, neither of which can be used to learn the internal private key. So you can reveal and sign in any order you want, without precluding the possibility of performing the other operation in the future.
  2. If you sign with the public key Q first, then you do not need to reveal the internal public key P or the contract s. You can compute q simply from the internal private key p and the contract s. You don't even need to pass those in to your signing algorithm, it could just be given the computed q and the message you want to sign!
  3. Anyone verifying your signature using the public key Q is unaware that it is also used as a cryptographic commitment.
Another property is going to blow your mind:
  1. You don't have to know the internal private key p in order to create a commitment pay-to-contract public key Q that commits to a contract s you select.
Remember:
Q = P + h(P | s) * G 
The above equation for Q does not require that you know the internal private key p. All you need to know is the internal public key P. Since public keys are often revealed publicly, you can use somebody else's public key as the internal public key in a pay-to-contract construction.
Of course, you can't sign for Q (you need to know p to compute the private key q) but this is sometimes an interesting use.
The original proposal for pay-to-contract was that a merchant would publish their public key, then a customer would "order" by writing the contract s with what they wanted to buy. Then, the customer would generate the public key Q (committing to s) using the merchant's public key as the internal public key P, then use that in a P2PKH or P2WPKH. Then the customer would reveal the contract s to the merchant, placing their order, and the merchant would now be able to claim the money.
Another general use for pay-to-contract include publishing a commitment on the blockchain without using an OP_RETURN output. Instead, you just move some of your funds to yourself, using your own public key as the internal public key, then selecting a contract s that commits or indicates what you want to anchor onchain. This should be the preferred technique rather than OP_RETURN. For example, colored coin implementations over Bitcoin usually used OP_RETURN, but the new RGB colored coin technique uses pay-to-contract instead, reducing onchain bloat.

Taproot

Pay-to-contract is also used in the nice new Taproot concept.
Briefly, taproot anchors a Merkle tree of scripts. The root of this tree is the contract s committed to. Then, you pay to a SegWit v1 public key, where the public key is the Q pay-to-contract commitment.
When spending a coin paying to a SegWit v1 output with a Taprooted commitment to a set of scripts s, you can do one of two things:
  1. Sign directly with the key. If you used Taproot, use the commitment private key q.
  2. Reveal the commitment, then select the script you want to execute in the Merkle tree of scripts (prove the Markle tree path to the script). Then satisfy the conditions of the script.
Taproot utilizes the characteristics of pay-to-contract:
  1. If you reveal first, then you still remain in sole control of the private key.
    • This is important if you take the Taproot path and reveal the commitment to the set of scripts s. If your transaction gets stalled on the mempool, others can know your commitment details. However, revealing the commitment will not reveal the internal private key p (which is needed to derive the commitment private key q), so nobody can RBF out your transaction by using the sign-directly path.
  2. If you sign with the public key Q first, then you do not need to reveal the internal public key P or the contract s.
    • This is important for privacy. If you are able to sign with the commitment public key, then that automatically hides the fact that you could have used an alternate script s instead of the key Q.
  3. Anyone verifying your signature using the public key Q is unaware that it is also used as a cryptographic commitment.
    • Again, privacy. Fullnodes will not know that you had the ability to use an alternate script path.
Taproot is intended to be deployed with the switch to Schnorr-based signatures in SegWit v1. In particular, Schnorr-based signatures have the following ability that ECDSA cannot do except with much more difficulty:
As public keys can, with Schnorr-based signatures, easily represent an n-of-n signing set, the internal public key P can also actually be a MuSig n-of-n signing set. This allows for a number of interesting protocols, which have a "good path" that will be private if that is taken, but still have fallbacks to ensure proper execution of the protocol and prevent attempts at subverting the protocol.

Escrow Under Taproot

Traditionally, escrow is done with a 2-of-3 multisignature script.
However, by use of Taproot and pay-to-contract, it's possible to get more privacy than traditional escrow services.
Suppose we have a buyer, a seller, and an escrow service. They have keypairs B = b * G, S = s * G, and E = e * G.
The buyer and seller then generate a Taproot output (which the buyer will pay to before the seller sends the product).
The Taproot itself uses an internal public key that is the 2-of-2 MuSig of B and S, i.e. MuSig(B, S). Then it commits to a pair of possible scripts:
  1. Release to a 2-of-2 MuSig of seller and escrow. This path is the "escrow sides with seller" path.
  2. Release to a 2-of-2 MuSig of buyer and escrow. This path is the "escrow sides with buyer" path.
Now of course, the escrow also needs to learn what the transaction was supposed to be about. So what we do is that the escrow key is actually used as the internal public key of another pay-to-contract, this time with the script s containing the details of the transaction. For example, if the buyer wants to buy some USD, the contract could be "Purchase of 50 pieces of United States Federal Reserve Green Historical Commemoration papers for 0.357 satoshis".
This takes advantage of the fact that the committer need not know the private key behind the public key being used in a pay-to-contract commitment. The actual transaction it is being used for is committed to onchain, because the public key published on the blockchain ultimately commits (via a taproot to a merkle tree to a script containing a MuSig of a public key modified with the committed contract) to the contract between the buyer and seller.
Thus, the cases are:
  1. Buyer and seller are satisfied, and cooperatively create a signature that spends the output to the seller.
    • The escrow service never learns it could have been an escrow. The details of their transaction remain hidden and private, so the buyer is never embarrassed over being so tacky as to waste their hard money buying USD.
  2. The buyer and seller disagree (the buyer denies having received the goods in proper quality).
    • They contact the escrow, and reveal the existence of the onchain contract, and provide the data needed to validate just what, exactly, the transaction was supposed to be about. This includes revealing the "Purchase of 50 pieces of United States Federal Reserve Green Historical Commemoration papers for 0.357 satoshis", as well as all the data needed to validate up to that level. The escrow then investigates the situation and then decides in favor of one or the other. It signs whatever transaction it decides (either giving it to the seller or buyer), and possibly also extracts an escrow fee.

Smart Contracts Unchained

Developed by ZmnSCPxj here: https://zmnscpxj.github.io/bitcoin/unchained.html
A logical extension of the above escrow case is to realize that the "contract" being given to the escrow service is simply some text that is interpreted by the escrow, and which is then executed by the escrow to determine where the funds should go.
Now, the language given in the previous escrow example is English. But nothing prevents the contract from being written in another language, including a machine-interpretable one.
Smart Contracts Unchained simply makes the escrow service an interpreter for some Smart Contract scripting language.
The cute thing is that there still remains an "everything good" path where the participants in the smart contract all agree on what the result is. In that case, with Taproot, there is no need to publish the smart contract --- only the participants know, and nobody else has to. This is an improvement in not only privacy, but also blockchain size --- the smart contract itself never has to be published onchain, only the commitment to it is (and that is embedded in a public key, which is necessary for basic security on the blockchain anyway!).

Sign-to-contract

Hiding commitments in signatures!
Sign-to-contract is something like the dual or inverse of pay-to-contract. Instead of hiding a commitment in the public key, it is hidden in the signature.
Sign-to-contract utilizes the fact that signatures need to have a random scalar r which is then published as the point R = r * G.
Similarly to pay-to-contract, we can have an internal random scalar p and internal point P that is used to compute R:
R = P + h(P | s) * G 
The corresponding random scalar r is:
r = p + h(P | s) 
The signing algorithm then uses the modified scalar r.
This is in fact just the same method of commitment as in pay-to-contract. The operations of committing and revealing are the same. The only difference is where the commitment is stored.
Importantly, however, is that you cannot take somebody else's signature and then create an alternate signature that commits to some s you select. This is in contrast with pay-to-contract, where you can take somebody else's public key and then create an alternate public key that commits to some s you select.
Sign-to-contract is somewhat newer as a concept than pay-to-contract. It seems there are not as many applications of pay-to-contract yet.

Uses

Sign-to-contract can be used, like pay-to-contract, to publish commitments onchain.
The difference is below:
  1. Signatures are attached to transaction inputs.
  2. Public keys are attached to transaction outputs.
One possible use is in a competitor to Open Timestamps. Open Timestamps currently uses OP_RETURN to commit to a Merkle Tree root of commitments aggregated by an Open Timestamps server.
Instead of using such an OP_RETURN, individual wallets can publish a timestamped commitment by making a self-paying transaction, embedding the commitment inside the signature for that transaction. Such a feature can be added to any individual wallet software. https://blog.eternitywall.com/2018/04/13/sign-to-contract/
This does not require any additional infrastructure (i.e. no aggregating servers like in Open Timestamps).

R Reuse Concerns

ECDSA and Schnorr-based signature schemes are vulnerable to something called "R reuse".
Basically, if the same R is used for different messages (transactions) with the same public key, a third party with both signatures can compute the private key.
This is concerning especially if the signing algorithm is executed in an environment with insufficient entropy. By complete accident, the environment might yield the same random scalar r in two different runs. Combined with address reuse (which implies public key reuse) this can leak the private key inadvertently.
For example, most hardware wallets will not have any kind of entropy at all.
The usual solution to this is, instead of selecting an arbitrary random r (which might be impossible in limited environments with no available entropy), is to hash the message and use the hash as the r.
This ensures that if the same public key is used again for a different message, then the random r is also different, preventing reuse at all.
Of course, if you are using sign-to-contract, then you can't use the above "best practice".
It seems to me plausible that computing the internal random scalar p using the hash of the message (transaction) should work, then add the commitment on top of that. However, I'm not an actual cryptographer, I just play one on Reddit. Maybe apoelstra or pwuille can explain in more detail.
Copyright 2019 Alan Manuel K. Gloria. Released under CC-BY.
submitted by almkglor to Bitcoin [link] [comments]

How Does SHA256 Work? - YouTube Antminer S1 Unboxing (Bitcoin;SHA-256;180GH/s) Butterfly Labs 50 Gh/s ASIC Bitcoin Miner SHA-256 SHA256 Code Animation George Levy - What is a SHA-256 Cryptographic Hash ...

What is SHA-1? SHA-1 (Secure Hash Algorithm 1) is a cryptographic hash function that can convert an arbitrarily long string of data into a digest with a fixed size of 160 bits. This digest is commonly displayed as a 40 character hexadecimal number. The SHA-1 algorithm is now considered insecure.SHA-1 certificates are no longer in compliance with the CA/B Forum Baseline Requirements, or ... -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 3a80431717842672df682bdb619e66523b59541483297772a7969413be3502ff bitcoin-0.19.1-aarch64-linux-gnu.tar.gz ... SHA-256 is a member of the SHA-2 cryptographic hash functions designed by the NSA. SHA stands for Secure Hash Algorithm. Cryptographic hash functions are mathematical operations run on digital data; by comparing the computed "hash" (the output from execution of the algorithm) to a known and expected hash value, a person can determine the data's integrity. As SHA-1 has a similar structure as MD5, it is expected that there will be found weaknesses, too, and SHA-2 (i.e. SHA-256 or SHA-512) are preferred today. There was a competition running to define SHA-3, which should be even more secure than SHA-2. The Keccak hash function family won this competition, and in 2015 the SHA-3 standard was officially released in FIPS 202. SHA-3 has a quite ... In bitcoin, an ECDSA signature is not encoded as a simple concatenation of and Instead, it follows the Distinguished Encoding Rules or DER for short. Those rules are formalized in the Abstract Syntax Notation One standard (ASN.1 for short) commonly used to encode arbitrary data objects into a structured binary file [14]. They allow for data ...

[index] [42660] [2681] [44271] [3125] [30239] [31670] [22890] [37816] [16829] [39351]

How Does SHA256 Work? - YouTube

https://GeorgeLevy.com/Free presents: In this video, I answer a question from one of the viewers of my YouTube channel YouTube.com/GeorgeLevy : What is a SHA... How to quickly verify MD5, SHA1 and SHA2 (SHA256, SHA384, SHA512) Checksums in Windows 8 and Windows 10 using Command Prompt Monetize your Clicks and Downloa... Antminer S1 Unboxing (Bitcoin;SHA-256;180GH/s) Jumperbillijumper. Loading... Unsubscribe from Jumperbillijumper? ... Sign in to make your opinion count. Sign in. 22 3. Don't like this video? Sign ... Since SHA1 has been broken, SHA256 is seen as one of the contenders to replace it. In this video I review why it might be needed and how it functions on a lo... How to verify software downloads with a cryptographic signature file Part 1 - Duration: 31:58. Rex Kneisley 19,326 ... SHA1 and SHA2 (256, 384, 512) Checksum in Windows using Command Prompt ...

#