You've probably been hearing a lot about Bitcoin recently and are wondering what's the big deal? Most of your questions should be answered by the resources below but if you have additional questions feel free to ask them in the comments. It all started with the release of the release of Satoshi Nakamoto's whitepaper however that will probably go over the head of most readers so we recommend the following videos for a good starting point for understanding how bitcoin works and a little about its long term potential:
Some other great resources include Lopp.net, the Princeton crypto series and James D'Angelo's Bitcoin 101 Blackboard series. Some excellent writing on Bitcoin's value proposition and future can be found at the Satoshi Nakamoto Institute. Some Bitcoin statistics can be found here and here. Developer resources can be found here. Peer-reviewed research papers can be found here. Potential upcoming protocol improvements and scaling resources here and here. The number of times Bitcoin was declared dead by the media can be found here (LOL!)
Key properties of Bitcoin
Limited Supply - There will only ever be 21,000,000 bitcoins created and they are issued in a predictable fashion, you can view the inflation schedule here. Once they are all issued Bitcoin will be truly deflationary. The halving countdown can be found here.
Open source - Bitcoin code is fully auditable. You can read the source code yourself here.
Accountable - The public ledger is transparent, all transactions are seen by everyone.
Decentralized - Bitcoin is globally distributed across thousands of nodes with no single point of failure and as such can't be shut down similar to how Bittorrent works. You can even run a node on a Raspberry Pi.
Censorship resistant - No one can prevent you from interacting with the bitcoin network and no one can censor, alter or block transactions that they disagree with, see Operation Chokepoint.
Push system - There are no chargebacks in bitcoin because only the person who owns the address where the bitcoins reside has the authority to move them.
Low fee scaling - On chain transaction fees depend on network demand and how much priority you wish to assign to the transaction. Most wallets calculate on chain fees automatically but you can view current fees here and mempool activity here. On chain fees may rise occasionally due to network demand, however instant micropayments that do not require confirmations are happening via the Lightning Network, a second layer scaling solution currently rolling out on the Bitcoin mainnet.
Borderless - No country can stop it from going in/out, even in areas currently unserved by traditional banking as the ledger is globally distributed.
Trustless - Bitcoin solved the Byzantine's Generals Problem which means nobody needs to trust anybody for it to work.
Secure - Encrypted cryptographically and can’t be brute forced or confiscated with proper key management such as hardware wallets.
Programmable - Individual units of bitcoin can be programmed to transfer based on certain criteria being met
Nearly instant - From a few seconds to a few minutes depending on need for confirmations. Transactions are irreversible after one or more confirmations.
Portable - Bitcoins are digital so they are easier to move than cash or gold. They can even be transported by simply memorizing a string of words for wallet recovery (while cool this method is generally not recommended due to potential for insecure key generation by inexperienced users. Hardware wallets are the preferred method for new users due to ease of use and additional security).
Scalable - While the protocol is still being optimized for increased transaction capacity, blockchains do not scale very well, so most transaction volume is expected to occur on Layer 2 networks built on top of Bitcoin.
Divisible - Each bitcoin can be divided down to 8 decimals, which means you don't have to worry about buying an entire bitcoin.
Bitcoin.org and BuyBitcoinWorldwide.com are helpful sites for beginners. You can buy or sell any amount of bitcoin (even just a few dollars worth) and there are several easy methods to purchase bitcoin with cash, credit card or bank transfer. Some of the more popular resources are below, also check out the bitcoinity exchange resources for a larger list of options for purchases.
Here is a listing of local ATMs. If you would like your paycheck automatically converted to bitcoin use Bitwage. Note: Bitcoins are valued at whatever market price people are willing to pay for them in balancing act of supply vs demand. Unlike traditional markets, bitcoin markets operate 24 hours per day, 365 days per year. Preev is a useful site that that shows how much various denominations of bitcoin are worth in different currencies. Alternatively you can just Google "1 bitcoin in (your local currency)".
Securing your bitcoins
With bitcoin you can "Be your own bank" and personally secure your bitcoins OR you can use third party companies aka "Bitcoin banks" which will hold the bitcoins for you.
If you prefer to "Be your own bank" and have direct control over your coins without having to use a trusted third party, then you will need to create your own wallet and keep it secure. If you want easy and secure storage without having to learn computer security best practices, then a hardware wallet such as the Trezor, Ledger or ColdCard is recommended. Alternatively there are many software wallet options to choose from here depending on your use case.
If you prefer to let third party "Bitcoin banks" manage your coins, try Gemini but be aware you may not be in control of your private keys in which case you would have to ask permission to access your funds and be exposed to third party risk.
Note: For increased security, use Two Factor Authentication (2FA) everywhere it is offered, including email! 2FA requires a second confirmation code to access your account making it much harder for thieves to gain access. Google Authenticator and Authy are the two most popular 2FA services, download links are below. Make sure you create backups of your 2FA codes.
As mentioned above, Bitcoin is decentralized, which by definition means there is no official website or Twitter handle or spokesperson or CEO. However, all money attracts thieves. This combination unfortunately results in scammers running official sounding names or pretending to be an authority on YouTube or social media. Many scammers throughout the years have claimed to be the inventor of Bitcoin. Websites like bitcoin(dot)com and the btc subreddit are active scams. Almost all altcoins (shitcoins) are marketed heavily with big promises but are really just designed to separate you from your bitcoin. So be careful: any resource, including all linked in this document, may in the future turn evil. Don't trust, verify. Also as they say in our community "Not your keys, not your coins".
Where can I spend bitcoins?
Check out spendabit or bitcoin directory for millions of merchant options. Also you can spend bitcoin anywhere visa is accepted with bitcoin debit cards such as the CashApp card. Some other useful site are listed below.
Gift cards for hundreds of retailers including Amazon, Target, Walmart, Starbucks, Whole Foods, CVS, Lowes, Home Depot, iTunes, Best Buy, Sears, Kohls, eBay, GameStop, etc.
There are several benefits to accepting bitcoin as a payment option if you are a merchant;
1-3% savings over credit cards or PayPal.
No chargebacks (final settlement in 10 minutes as opposed to 3+ months).
Accept business from a global customer base.
Increased privacy.
Convert 100% of the sale to the currency of your choice for deposit to your account, or choose to keep a percentage of the sale in bitcoin if you wish to begin accumulating it.
If you are interested in accepting bitcoin as a payment method, there are several options available;
Mining bitcoins can be a fun learning experience, but be aware that you will most likely operate at a loss. Newcomers are often advised to stay away from mining unless they are only interested in it as a hobby similar to folding at home. If you want to learn more about mining you can read more here. Still have mining questions? The crew at /BitcoinMining would be happy to help you out. If you want to contribute to the bitcoin network by hosting the blockchain and propagating transactions you can run a full node using this setup guide. If you would prefer to keep it simple there are several good options. You can view the global node distribution here.
Earning bitcoins
Just like any other form of money, you can also earn bitcoins by being paid to do a job.
You can also earn bitcoins by participating as a market maker on JoinMarket by allowing users to perform CoinJoin transactions with your bitcoins for a small fee (requires you to already have some bitcoins.
Bitcoin-Related Projects
The following is a short list of ongoing projects that might be worth taking a look at if you are interested in current development in the bitcoin space.
One Bitcoin is quite large (hundreds of £/$/€) so people often deal in smaller units. The most common subunits are listed below:
Unit
Symbol
Value
Info
bitcoin
BTC
1 bitcoin
one bitcoin is equal to 100 million satoshis
millibitcoin
mBTC
1,000 per bitcoin
used as default unit in recent Electrum wallet releases
bit
bit
1,000,000 per bitcoin
colloquial "slang" term for microbitcoin (μBTC)
satoshi
sat
100,000,000 per bitcoin
smallest unit in bitcoin, named after the inventor
For example, assuming an arbitrary exchange rate of $10000 for one Bitcoin, a $10 meal would equal:
0.001 BTC
1 mBTC
1,000 bits
100k sats
For more information check out the Bitcoin units wiki. Still have questions? Feel free to ask in the comments below or stick around for our weekly Mentor Monday thread. If you decide to post a question in /Bitcoin, please use the search bar to see if it has been answered before, and remember to follow the community rules outlined on the sidebar to receive a better response. The mods are busy helping manage our community so please do not message them unless you notice problems with the functionality of the subreddit. Note: This is a community created FAQ. If you notice anything missing from the FAQ or that requires clarification you can edit it here and it will be included in the next revision pending approval. Welcome to the Bitcoin community and the new decentralized economy!
This is a follow-up on https://old.reddit.com/Bitcoin/comments/hqzp14/technical_the_path_to_taproot_activation/ Taproot! Everybody wants it!! But... you might ask yourself: sure, everybody else wants it, but why would I, sovereign Bitcoin HODLer, want it? Surely I can be better than everybody else because I swapped XXX fiat for Bitcoin unlike all those nocoiners? And it is important for you to know the reasons why you, o sovereign Bitcoiner, would want Taproot activated. After all, your nodes (or the nodes your wallets use, which if you are SPV, you hopefully can pester to your wallet vendoimplementor about) need to be upgraded in order for Taproot activation to actually succeed instead of becoming a hot sticky mess. First, let's consider some principles of Bitcoin.
You the HODLer should be the one who controls where your money goes. Your keys, your coins.
You the HODLer should be able to coordinate and make contracts with other people regarding your funds.
You the HODLer should be able to do the above without anyone watching over your shoulder and judging you.
I'm sure most of us here would agree that the above are very important principles of Bitcoin and that these are principles we would not be willing to remove. If anything, we would want those principles strengthened (especially the last one, financial privacy, which current Bitcoin is only sporadically strong with: you can get privacy, it just requires effort to do so). So, how does Taproot affect those principles?
Taproot and Your /Coins
Most HODLers probably HODL their coins in singlesig addresses. Sadly, switching to Taproot would do very little for you (it gives a mild discount at spend time, at the cost of a mild increase in fee at receive time (paid by whoever sends to you, so if it's a self-send from a P2PKH or bech32 address, you pay for this); mostly a wash). (technical details: a Taproot output is 1 version byte + 32 byte public key, while a P2WPKH (bech32 singlesig) output is 1 version byte + 20 byte public key hash, so the Taproot output spends 12 bytes more; spending from a P2WPKH requires revealing a 32-byte public key later, which is not needed with Taproot, and Taproot signatures are about 9 bytes smaller than P2WPKH signatures, but the 32 bytes plus 9 bytes is divided by 4 because of the witness discount, so it saves about 11 bytes; mostly a wash, it increases blockweight by about 1 virtual byte, 4 weight for each Taproot-output-input, compared to P2WPKH-output-input). However, as your HODLings grow in value, you might start wondering if multisignature k-of-n setups might be better for the security of your savings. And it is in multisignature that Taproot starts to give benefits! Taproot switches to using Schnorr signing scheme. Schnorr makes key aggregation -- constructing a single public key from multiple public keys -- almost as trivial as adding numbers together. "Almost" because it involves some fairly advanced math instead of simple boring number adding, but hey when was the last time you added up your grocery list prices by hand huh? With current P2SH and P2WSH multisignature schemes, if you have a 2-of-3 setup, then to spend, you need to provide two different signatures from two different public keys. With Taproot, you can create, using special moon math, a single public key that represents your 2-of-3 setup. Then you just put two of your devices together, have them communicate to each other (this can be done airgapped, in theory, by sending QR codes: the software to do this is not even being built yet, but that's because Taproot hasn't activated yet!), and they will make a single signature to authorize any spend from your 2-of-3 address. That's 73 witness bytes -- 18.25 virtual bytes -- of signatures you save! And if you decide that your current setup with 1-of-1 P2PKH / P2WPKH addresses is just fine as-is: well, that's the whole point of a softfork: backwards-compatibility; you can receive from Taproot users just fine, and once your wallet is updated for Taproot-sending support, you can send to Taproot users just fine as well! (P2WPKH and P2WSH -- SegWit v0 -- addresses start with bc1q; Taproot -- SegWit v1 --- addresses start with bc1p, in case you wanted to know the difference; in bech32 q is 0, p is 1) Now how about HODLers who keep all, or some, of their coins on custodial services? Well, any custodial service worth its salt would be doing at least 2-of-3, or probably something even bigger, like 11-of-15. So your custodial service, if it switched to using Taproot internally, could save a lot more (imagine an 11-of-15 getting reduced from 11 signatures to just 1!), which --- we can only hope! --- should translate to lower fees and better customer service from your custodial service! So I think we can say, very accurately, that the Bitcoin principle --- that YOU are in control of your money --- can only be helped by Taproot (if you are doing multisignature), and, because P2PKH and P2WPKH remain validly-usable addresses in a Taproot future, will not be harmed by Taproot. Its benefit to this principle might be small (it mostly only benefits multisignature users) but since it has no drawbacks with this (i.e. singlesig users can continue to use P2WPKH and P2PKH still) this is still a nice, tidy win! (even singlesig users get a minor benefit, in that multisig users will now reduce their blockchain space footprint, so that fees can be kept low for everybody; so for example even if you have your single set of private keys engraved on titanium plates sealed in an airtight box stored in a safe buried in a desert protected by angry nomads riding giant sandworms because you're the frickin' Kwisatz Haderach, you still gain some benefit from Taproot) And here's the important part: if P2PKH/P2WPKH is working perfectly fine with you and you decide to never use Taproot yourself, Taproot will not affect you detrimentally. First do no harm!
Taproot and Your Contracts
No one is an island, no one lives alone. Give and you shall receive. You know: by trading with other people, you can gain expertise in some obscure little necessity of the world (and greatly increase your productivity in that little field), and then trade the products of your expertise for necessities other people have created, all of you thereby gaining gains from trade. So, contracts, which are basically enforceable agreements that facilitate trading with people who you do not personally know and therefore might not trust. Let's start with a simple example. You want to buy some gewgaws from somebody. But you don't know them personally. The seller wants the money, you want their gewgaws, but because of the lack of trust (you don't know them!! what if they're scammers??) neither of you can benefit from gains from trade. However, suppose both of you know of some entity that both of you trust. That entity can act as a trusted escrow. The entity provides you security: this enables the trade, allowing both of you to get gains from trade. In Bitcoin-land, this can be implemented as a 2-of-3 multisignature. The three signatories in the multisgnature would be you, the gewgaw seller, and the escrow. You put the payment for the gewgaws into this 2-of-3 multisignature address. Now, suppose it turns out neither of you are scammers (whaaaat!). You receive the gewgaws just fine and you're willing to pay up for them. Then you and the gewgaw seller just sign a transaction --- you and the gewgaw seller are 2, sufficient to trigger the 2-of-3 --- that spends from the 2-of-3 address to a singlesig the gewgaw seller wants (or whatever address the gewgaw seller wants). But suppose some problem arises. The seller gave you gawgews instead of gewgaws. Or you decided to keep the gewgaws but not sign the transaction to release the funds to the seller. In either case, the escrow is notified, and if it can sign with you to refund the funds back to you (if the seller was a scammer) or it can sign with the seller to forward the funds to the seller (if you were a scammer). Taproot helps with this: like mentioned above, it allows multisignature setups to produce only one signature, reducing blockchain space usage, and thus making contracts --- which require multiple people, by definition, you don't make contracts with yourself --- is made cheaper (which we hope enables more of these setups to happen for more gains from trade for everyone, also, moon and lambos). (technology-wise, it's easier to make an n-of-n than a k-of-n, making a k-of-n would require a complex setup involving a long ritual with many communication rounds between the n participants, but an n-of-n can be done trivially with some moon math. You can, however, make what is effectively a 2-of-3 by using a three-branch SCRIPT: either 2-of-2 of you and seller, OR 2-of-2 of you and escrow, OR 2-of-2 of escrow and seller. Fortunately, Taproot adds a facility to embed a SCRIPT inside a public key, so you can have a 2-of-2 Taprooted address (between you and seller) with a SCRIPT branch that can instead be spent with 2-of-2 (you + escrow) OR 2-of-2 (seller + escrow), which implements the three-branched SCRIPT above. If neither of you are scammers (hopefully the common case) then you both sign using your keys and never have to contact the escrow, since you are just using the escrow public key without coordinating with them (because n-of-n is trivial but k-of-n requires setup with communication rounds), so in the "best case" where both of you are honest traders, you also get a privacy boost, in that the escrow never learns you have been trading on gewgaws, I mean ewww, gawgews are much better than gewgaws and therefore I now judge you for being a gewgaw enthusiast, you filthy gewgawer).
Taproot and Your Contracts, Part 2: Cryptographic Boogaloo
Now suppose you want to buy some data instead of things. For example, maybe you have some closed-source software in trial mode installed, and want to pay the developer for the full version. You want to pay for an activation code. This can be done, today, by using an HTLC. The developer tells you the hash of the activation code. You pay to an HTLC, paying out to the developer if it reveals the preimage (the activation code), or refunding the money back to you after a pre-agreed timeout. If the developer claims the funds, it has to reveal the preimage, which is the activation code, and you can now activate your software. If the developer does not claim the funds by the timeout, you get refunded. And you can do that, with HTLCs, today. Of course, HTLCs do have problems:
Privacy. Everyone scraping the Bitcoin blockchain can see any HTLCs, and preimages used to claim them.
This can be mitigated by using offchain techniques so HTLCs are never published onchain in the happy case. Lightning would probably in practice be the easiest way to do this offchain. Of course, there are practical limits to what you can pay on Lightning. If you are buying something expensive, then Lightning might not be practical. For example, the "software" you are activating is really the firmware of a car, and what you are buying is not the software really but the car itself (with the activation of the car firmware being equivalent to getting the car keys).
Even offchain techniques need an onchain escape hatch in case of unresponsiveness! This means that, if something bad happens during payment, the HTLC might end up being published onchain anyway, revealing the fact that some special contract occurred.
And an HTLC that is claimed with a preimage onchain will also publicly reveal the preimage onchain. If that preimage is really the activation key of a software than it can now be pirated. If that preimage is really the activation key for your newly-bought cryptographic car --- well, not your keys, not your car!
Trust requirement. You are trusting the developer that it gives you the hash of an actual valid activation key, without any way to validate that the activation key hidden by the hash is actually valid.
Fortunately, with Schnorr (which is enabled by Taproot), we can now use the Scriptless Script constuction by Andrew Poelstra. This Scriptless Script allows a new construction, the PTLC or Pointlocked Timelocked Contract. Instead of hashes and preimages, just replace "hash" with "point" and "preimage" with "scalar". Or as you might know them: "point" is really "public key" and "scalar" is really a "private key". What a PTLC does is that, given a particular public key, the pointlocked branch can be spent only if the spender reveals the private key of the given public key to you. Another nice thing with PTLCs is that they are deniable. What appears onchain is just a single 2-of-2 signature between you and the developemanufacturer. It's like a magic trick. This signature has no special watermarks, it's a perfectly normal signature (the pledge). However, from this signature, plus some datta given to you by the developemanufacturer (known as the adaptor signature) you can derive the private key of a particular public key you both agree on (the turn). Anyone scraping the blockchain will just see signatures that look just like every other signature, and as long as nobody manages to hack you and get a copy of the adaptor signature or the private key, they cannot get the private key behind the public key (point) that the pointlocked branch needs (the prestige). (Just to be clear, the public key you are getting the private key from, is distinct from the public key that the developemanufacturer will use for its funds. The activation key is different from the developer's onchain Bitcoin key, and it is the activation key whose private key you will be learning, not the developer's/manufacturer's onchain Bitcoin key). So:
Privacy: PTLCs are private even if done onchain. Nobody else can learn what the private key behind the public key is, except you who knows the adaptor signature that when combined with the complete onchain signature lets you know what the private key of the activation key is. Somebody scraping the blockchain will not learn the same information even if all PTLCs are done onchain!
Lightning is still useful for reducing onchain use, and will also get PTLCs soon after Taproot is activated, but even if something bad happens and a PTLC has to go onchain, it doesn't reveal anything!
Trust issues can be proven more easily with a public-private keypair than with a hash-preimage pair.
For example, the developer of the software you are buying could provide a signature signing a message saying "unlock access to the full version for 1 day". You can check if feeding this message and signature to the program will indeed unlock full-version access for 1 day. Then you can check if the signature is valid for the purported pubkey whose private key you will pay for. If so, you can now believe that getting the private key (by paying for it in a PTLC) would let you generate any number of "unlock access to the full version for 1 day" message+signatures, which is equivalent to getting full access to the software indefinitely.
For the car, the manufacturer can show that signing a message "start the engine" and feeding the signature to the car's fimrware will indeed start the engine, and maybe even let you have a small test drive. You can then check if the signature is valid for the purported pubkey whose privkey you will pay for. If so, you can now believe that gaining knowledge of the privkey will let you start the car engine at any time you want.
(pedantry: the signatures need to be unique else they could be replayed, this can be done with a challenge-response sequence for the car, where the car gathers entropy somehow (it's a car, it probably has a bunch of sensors nowadays so it can get entropy for free) and uses the gathered entropy to challenge you to sign a random number and only start if you are able to sign the random number; for the software, it could record previous signatures somewhere in the developer's cloud server and refuse to run if you try to replay a previously-seen signature.)
Taproot lets PTLCs exist onchain because they enable Schnorr, which is a requirement of PTLCs / Scriptless Script. (technology-wise, take note that Scriptless Script works only for the "pointlocked" branch of the contract; you need normal Script, or a pre-signed nLockTimed transaction, for the "timelocked" branch. Since Taproot can embed a script, you can have the Taproot pubkey be a 2-of-2 to implement the Scriptless Script "pointlocked" branch, then have a hidden script that lets you recover the funds with an OP_CHECKLOCKTIMEVERIFY after the timeout if the seller does not claim the funds.)
Quantum Quibbles!
Now if you were really paying attention, you might have noticed this parenthetical:
(technical details: a Taproot output is 1 version byte + 32 byte public key, while a P2WPKH (bech32 singlesig) output is 1 version byte + 20 byte public key hash...)
So wait, Taproot uses raw 32-byte public keys, and not public key hashes? Isn't that more quantum-vulnerable?? Well, in theory yes. In practice, they probably are not. It's not that hashes can be broken by quantum computes --- they're still not. Instead, you have to look at how you spend from a P2WPKH/P2PKH pay-to-public-key-hash. When you spend from a P2PKH / P2WPKH, you have to reveal the public key. Then Bitcoin hashes it and checks if this matches with the public-key-hash, and only then actually validates the signature for that public key. So an unconfirmed transaction, floating in the mempools of nodes globally, will show, in plain sight for everyone to see, your public key. (public keys should be public, that's why they're called public keys, LOL) And if quantum computers are fast enough to be of concern, then they are probably fast enough that, in the several minutes to several hours from broadcast to confirmation, they have already cracked the public key that is openly broadcast with your transaction. The owner of the quantum computer can now replace your unconfirmed transaction with one that pays the funds to itself. Even if you did not opt-in RBF, miners are still incentivized to support RBF on RBF-disabled transactions. So the extra hash is not as significant a protection against quantum computers as you might think. Instead, the extra hash-and-compare needed is just extra validation effort. Further, if you have ever, in the past, spent from the address, then there exists already a transaction indelibly stored on the blockchain, openly displaying the public key from which quantum computers can derive the private key. So those are still vulnerable to quantum computers. For the most part, the cryptographers behind Taproot (and Bitcoin Core) are of the opinion that quantum computers capable of cracking Bitcoin pubkeys are unlikely to appear within a decade or two.
Current quantum computers can barely crack prime factorization problem for primes of 5 bits.
The 256-bit elliptic curve use by Bitcoin is, by my (possibly wrong) understanding, equivalent to 4096-bit primes, so you can see a pretty big gap between now (5 bit primes) and what is needed (4096 bit primes).
A lot of financial non-Bitcoin systems use the equivalent of 3072-bit primes or less, and are probably easier targets to crack than the equivalent-to-4096-bit-primes Bitcoin.
So:
Quantum computers capable of cracking Bitcoin are still far off.
Pay-to-public-key-hash is not as protective as you might think.
We will probably see banks get cracked before Bitcoin, so the banking system is a useful canary-in-a-coal-mine to see whether we should panic about being quantum vulnerable.
For now, the homomorphic and linear properties of elliptic curve cryptography provide a lot of benefits --- particularly the linearity property is what enables Scriptless Script and simple multisignature (i.e. multisignatures that are just 1 signature onchain). So it might be a good idea to take advantage of them now while we are still fairly safe against quantum computers. It seems likely that quantum-safe signature schemes are nonlinear (thus losing these advantages).
Summary
If you are a singlesig HODL-only Bitcoin user, Taproot will not affect you positively or negatively. Importantly: Taproot does no harm!
If you use or intend to use multisig, Taproot will be a positive for you.
If you transact onchain regularly using typical P2PKH/P2WPKH addresses, you get a minor reduction in feerates since multisig users will likely switch to Taproot to get smaller tx sizes, freeing up blockspace for yours.
If you are using multiparticipant setups for special systems of trade, Taproot will be a positive for you.
Remember: Lightning channels are multipartiicpiant setups for special systems of lightning-fast offchain trades!
I Wanna Be The Taprooter!
So, do you want to help activate Taproot? Here's what you, mister sovereign Bitcoin HODLer, can do!
If you have developer experience especially in C, C++, or related languages
Review the Taproot code! There is one pull request in Bitcoin Core, and one in libsecp256k1. I deliberately am not putting links here, to avoid brigades of nontechnical but enthusiastic people leaving pointless reviews, but if you are qualified you know how to find them!
But I am not a cryptographeBitcoin Core contributomathematician/someone as awesome as Pieter Wuille
That's perfectly fine! The cryptographers have been over the code already and agree the math is right and the implementation is right. What is wanted is the dreary dreary dreary software engineering: are the comments comprehensive and understandable? no misspellings in the comments? variable names understandable? reasonable function naming convention? misleading coding style? off-by-one errors in loops? conditions not covered by tests? accidental mixups of variables with the same types? missing frees? read-before-init? better test coverage of suspicious-looking code? missing or mismatching header guards? portability issues? consistent coding style? you know, stuff any coder with a few years of experience in coding anything might be able to catch. With enough eyes all bugs are shallow!
If you are running a mining pool/mining operation/exchange/custodial service/SPV server
Be prepared to upgrade!
One of the typical issues with upgrading software is that subtle incompatibilities with your current custom programs tend to arise, disrupting operations and potentially losing income due to downtime. If so, consider moving to the two-node setup suggested by gmax, which is in the last section of my previous post. With this, you have an up-to-date "public" node and a fixed-version "private" node, with the public node protecting the private node from any invalid chainsplits or invalid transactions. Moving to this setup from a typical one-node setup should be smooth and should not disrupt operations (too much).
If you are running your own fullnode for fun or for your own wallet
Be prepared to upgrade! The more nodes validating the new rules (even if you are a non-mining node!), the safer every softfork will be!
If you are using an SPV wallet or custodial wallet/service (including hardware wallets using the software of the wallet provider)
Contact your wallet provider / SPV server and ask for a statement on whether they support Taproot, and whether they are prepared to upgrade for Taproot! Make it known to them that Taproot is something you want!
But I Hate Taproot!!
That's fine!
Raise your objections to Taproot now, or forever hold your peace! Maybe you can raise them here and some of the devs (probably nullc, he goes everywhere, even in rbtc!) might be able to see your objections! Or if your objections are very technical, head over to the appropriate pull request and object away!
Maybe you simply misunderstand something, and we can clarify it here!
Or maybe you do have a good objection, and we can make Taproot better by finding a solution for it!
Ok, A little backround. I know hardware and networking. I can build just about any config of a computer. I understand overclocking and undervolting. I can invest around 2,700 for initial investment. So do I buy hardware to build a GPU miner with at least 6 cards or more? Probably RX580 as they are cheap and I have one in my rig. More on that later. Or do I a Asic miner like this I understand a GPU miner is multiple coins and not Bitcoin, and Asic is nothing but Bitcoin. I've done the math on the Asic miner and the ROI in about 3 months with a net gain of about ~10,000 USD a year @ .13 cents per Watt. I've had a hard time finding a solid or semi way of calculating the earnings for a GPU miner. Not only because it is many coins or dedicated to one coin, but there our other variables involved. However I have more control of the hardware if it fails. I dipped my toe into mining with my own rig that has a RX580 fatboy and a AMD Phenom ii x4 955 black edition. I overclocked the GPU and undervolted the CPU to reduce heat since it was hitting 62 cel. The GPU gets 12.5 sol/s and the CPU was getting ~322 h/s. All this added up to ~170 watts and a net of .00218322 BTC/Month. This was all done using Cudo as it was easy to find and setup just to test. This was just a test to see how it would work. I wouldn't use Cudo to full scale as it is a pool and the transfer to a Wallet is pretty steep in relationship to earns. I understand that in a pool you get your share based upon how much of the "work" you did to get find block. So do I build or buy? With that much computation power do I need to join a pool? What software is best for pool or alone? I am comfortable with CLI as long as it's well documented, but would like a remote GUI. Also what is the best wallet with the best fees for transactions. Currently using uphold since I use Brave. I think I covered as much as I could, if you have any questions let me know. Any advice would be great. If I should post this else where let me know please or I could just cross post it. TIA. Be safe, stay safe! Edit: Words and BTC earning was WAY off then I first typed this.
Syscoin Platform’s Great Reddit Scaling Bake-off Proposal
https://preview.redd.it/rqt2dldyg8e51.jpg?width=1044&format=pjpg&auto=webp&s=777ae9d4fbbb54c3540682b72700fc4ba3de0a44 We are excited to participate and present Syscoin Platform's ideal characteristics and capabilities towards a well-rounded Reddit Community Points solution! Our scaling solution for Reddit Community Points involves 2-way peg interoperability with Ethereum. This will provide a scalable token layer built specifically for speed and high volumes of simple value transfers at a very low cost, while providing sovereign ownership and onchain finality. Token transfers scale by taking advantage of a globally sorting mempool that provides for probabilistically secure assumptions of “as good as settled”. The opportunity here for token receivers is to have an app-layer interactivity on the speed/security tradeoff (99.9999% assurance within 10 seconds). We call this Z-DAG, and it achieves high-throughput across a mesh network topology presently composed of about 2,000 geographically dispersed full-nodes. Similar to Bitcoin, however, these nodes are incentivized to run full-nodes for the benefit of network security, through a bonded validator scheme. These nodes do not participate in the consensus of transactions or block validation any differently than other nodes and therefore do not degrade the security model of Bitcoin’s validate first then trust, across every node. Each token transfer settles on-chain. The protocol follows Bitcoin core policies so it has adequate code coverage and protocol hardening to be qualified as production quality software. It shares a significant portion of Bitcoin’s own hashpower through merged-mining. This platform as a whole can serve token microtransactions, larger settlements, and store-of-value in an ideal fashion, providing probabilistic scalability whilst remaining decentralized according to Bitcoin design. It is accessible to ERC-20 via a permissionless and trust-minimized bridge that works in both directions. The bridge and token platform are currently available on the Syscoin mainnet. This has been gaining recent attention for use by loyalty point programs and stablecoins such as Binance USD.
Solutions
Syscoin Foundation identified a few paths for Reddit to leverage this infrastructure, each with trade-offs. The first provides the most cost-savings and scaling benefits at some sacrifice of token autonomy. The second offers more preservation of autonomy with a more narrow scope of cost savings than the first option, but savings even so. The third introduces more complexity than the previous two yet provides the most overall benefits. We consider the third as most viable as it enables Reddit to benefit even while retaining existing smart contract functionality. We will focus on the third option, and include the first two for good measure.
Distribution, burns and user-to-user transfers of Reddit Points are entirely carried out on the Syscoin network. This full-on approach to utilizing the Syscoin network provides the most scalability and transaction cost benefits of these scenarios. The tradeoff here is distribution and subscription handling likely migrating away from smart contracts into the application layer.
The Reddit Community Points ecosystem can continue to use existing smart contracts as they are used today on the Ethereum mainchain. Users migrate a portion of their tokens to Syscoin, the scaling network, to gain much lower fees, scalability, and a proven base layer, without sacrificing sovereign ownership. They would use Syscoin for user-to-user transfers. Tips redeemable in ten seconds or less, a high-throughput relay network, and onchain settlement at a block target of 60 seconds.
Integration between Matic Network and Syscoin Platform - similar to Syscoin’s current integration with Ethereum - will provide Reddit Community Points with EVM scalability (including the Memberships ERC777 operator) on the Matic side, and performant simple value transfers, robust decentralized security, and sovereign store-of-value on the Syscoin side. It’s “the best of both worlds”. The trade-off is more complex interoperability.
Syscoin + Matic Integration
Matic and Blockchain Foundry Inc, the public company formed by the founders of Syscoin, recently entered a partnership for joint research and business development initiatives. This is ideal for all parties as Matic Network and Syscoin Platform provide complementary utility. Syscoin offers characteristics for sovereign ownership and security based on Bitcoin’s time-tested model, and shares a significant portion of Bitcoin’s own hashpower. Syscoin’s focus is on secure and scalable simple value transfers, trust-minimized interoperability, and opt-in regulatory compliance for tokenized assets rather than scalability for smart contract execution. On the other hand, Matic Network can provide scalable EVM for smart contract execution. Reddit Community Points can benefit from both. Syscoin + Matic integration is actively being explored by both teams, as it is helpful to Reddit, Ethereum, and the industry as a whole.
Total cost for these 100k transactions: $0.63 USD See the live fee comparison for savings estimation between transactions on Ethereum and Syscoin. Below is a snapshot at time of writing: ETH price: $318.55 ETH gas price: 55.00 Gwei ($0.37) Syscoin price: $0.11 Snapshot of live fee comparison chart Z-DAG provides a more efficient fee-market. A typical Z-DAG transaction costs 0.0000582 SYS. Tokens can be safely redeemed/re-spent within seconds or allowed to settle on-chain beforehand. The costs should remain about this low for microtransactions. Syscoin will achieve further reduction of fees and even greater scalability with offchain payment channels for assets, with Z-DAG as a resilience fallback. New payment channel technology is one of the topics under research by the Syscoin development team with our academic partners at TU Delft. In line with the calculation in the Lightning Networks white paper, payment channels using assets with Syscoin Core will bring theoretical capacity for each person on Earth (7.8 billion) to have five on-chain transactions per year, per person, without requiring anyone to enter a fee market (aka “wait for a block”). This exceeds the minimum LN expectation of two transactions per person, per year; one to exist on-chain and one to settle aggregated value.
Sysethereum Dapp: UI Dapp for reference implementation. The Sysethereum-Dapp automates the process flows depicted in “Syscoin Bridge & How it Works” within a native ReactJS application for convenience. An active implementation using the Syscoin Platform Mainnet can be used atbridge.syscoin.org.
API
Tools to simplify using Syscoin Bridge as a service with dapps and wallets will be released some time after implementation of Syscoin Core 4.2. These will be based upon the same processes which are automated in the current live Sysethereum Dapp that is functioning with the Syscoin mainnet.
The Syscoin Ethereum Bridge is secured by Agent nodes participating in a decentralized and incentivized model that involves roles of Superblock challengers and submitters. This model is open to participation. The benefits here are trust-minimization, permissionless-ness, and potentially less legal/regulatory red-tape than interop mechanisms that involve liquidity providers and/or trading mechanisms. The trade-off is that due to the decentralized nature there are cross-chain settlement times of one hour to cross from Ethereum to Syscoin, and three hours to cross from Syscoin to Ethereum. We are exploring ways to reduce this time while maintaining decentralization via zkp. Even so, an “instant bridge” experience could be provided by means of a third-party liquidity mechanism. That option exists but is not required for bridge functionality today. Typically bridges are used with batch value, not with high frequencies of smaller values, and generally it is advantageous to keep some value on both chains for maximum availability of utility. Even so, the cross-chain settlement time is good to mention here.
Cost
Ethereum -> Syscoin: Matic or Ethereum transaction fee for bridge contract interaction, negligible Syscoin transaction fee for minting tokens Syscoin -> Ethereum: Negligible Syscoin transaction fee for burning tokens, 0.01% transaction fee paid to Bridge Agent in the form of the ERC-20, Matic or Ethereum transaction fee for contract interaction.
Z-DAG
Zero-Confirmation Directed Acyclic Graph is an instant settlement protocol that is used as a complementary system to proof-of-work (PoW) in the confirmation of Syscoin service transactions. In essence, a Z-DAG is simply a directed acyclic graph (DAG) where validating nodes verify the sequential ordering of transactions that are received in their memory pools. Z-DAG is used by the validating nodes across the network to ensure that there is absolute consensus on the ordering of transactions and no balances are overflowed (no double-spends).
Benefits
Unique fee-market that is more efficient for microtransaction redemption and settlement
Uses decentralized means to enable tokens with value transfer scalability that is comparable or exceeds that of credit card networks
Provides high throughput and secure fulfillment even if blocks are full
Probabilistic and interactive
99.9999% security assurance within 10 seconds
Can serve payment channels as a resilience fallback that is faster and lower-cost than falling-back directly to a blockchain
Each Z-DAG transaction also settles onchain through Syscoin Core at 60-second block target using SHA-256 Proof of Work consensus
Z-DAG enables the ideal speed/security tradeoff to be determined per use-case in the application layer. It minimizes the sacrifice required to accept and redeem fast transfers/payments while providing more-than-ample security for microtransactions. This is supported on the premise that a Reddit user receiving points does need security yet generally doesn’t want nor need to wait for the same level of security as a nation-state settling an international trade debt. In any case, each Z-DAG transaction settles onchain at a block target of 60 seconds.
Syscoin Specs
Syscoin 3.0 White Paper (4.0 white paper is pending. For improved scalability and less blockchain bloat, some features of v3 no longer exist in current v4: Specifically Marketplace Offers, Aliases, Escrow, Certificates, Pruning, Encrypted Messaging)
16MB block bandwidth per minute assuming segwit witness carrying transactions, and transactions ~200 bytes on average
SHA256 merge mined with Bitcoin
UTXO asset layer, with base Syscoin layer sharing identical security policies as Bitcoin Core
Z-DAG on asset layer, bridge to Ethereum on asset layer
On-chain scaling with prospect of enabling enterprise grade reliable trustless payment processing with on/offchain hybrid solution
Focus only on Simple Value Transfers. MVP of blockchain consensus footprint is balances and ownership of them. Everything else can reduce data availability in exchange for scale (Ethereum 2.0 model). We leave that to other designs, we focus on transfers.
Future integrations of MAST/Taproot to get more complex value transfers without trading off trustlessness or decentralization.
Zero-knowledge Proofs are a cryptographic new frontier. We are dabbling here to generalize the concept of bridging and also verify the state of a chain efficiently. We also apply it in our Digital Identity projects at Blockchain Foundry (a publicly traded company which develops Syscoin softwares for clients). We are also looking to integrate privacy preserving payment channels for off-chain payments through zkSNARK hub & spoke design which does not suffer from the HTLC attack vectors evident on LN. Much of the issues plaguing Lightning Network can be resolved using a zkSNARK design whilst also providing the ability to do a multi-asset payment channel system. Currently we found a showstopper attack (American Call Option) on LN if we were to use multiple-assets. This would not exist in a system such as this.
Wallets
Web3 and mobile wallets are under active development by Blockchain Foundry Inc as WebAssembly applications and expected for release not long after mainnet deployment of Syscoin Core 4.2. Both of these will be multi-coin wallets that support Syscoin, SPTs, Ethereum, and ERC-20 tokens. The Web3 wallet will provide functionality similar to Metamask. Syscoin Platform and tokens are already integrated with Blockbook. Custom hardware wallet support currently exists via ElectrumSys. First-class HW wallet integration through apps such as Ledger Live will exist after 4.2. Current supported wallets Syscoin Spark Desktop Syscoin-Qt
Thank you for close consideration of our proposal. We look forward to feedback, and to working with the Reddit community to implement an ideal solution using Syscoin Platform!
Topic originally posted in Bitcoin by almkglor [link]
This is a follow-up on https://old.reddit.com/Bitcoin/comments/hqzp14/technical_the_path_to_taproot_activation/ Taproot! Everybody wants it!! But... you might ask yourself: sure, everybody else wants it, but why would I, sovereign Bitcoin HODLer, want it? Surely I can be better than everybody else because I swapped XXX fiat for Bitcoin unlike all those nocoiners? And it is important for you to know the reasons why you, o sovereign Bitcoiner, would want Taproot activated. After all, your nodes (or the nodes your wallets use, which if you are SPV, you hopefully can pester to your wallet vendoimplementor about) need to be upgraded in order for Taproot activation to actually succeed instead of becoming a hot sticky mess. First, let's consider some principles of Bitcoin.
You the HODLer should be the one who controls where your money goes. Your keys, your coins.
You the HODLer should be able to coordinate and make contracts with other people regarding your funds.
You the HODLer should be able to do the above without anyone watching over your shoulder and judging you.
I'm sure most of us here would agree that the above are very important principles of Bitcoin and that these are principles we would not be willing to remove. If anything, we would want those principles strengthened (especially the last one, financial privacy, which current Bitcoin is only sporadically strong with: you can get privacy, it just requires effort to do so). So, how does Taproot affect those principles?
Taproot and Your /Coins
Most HODLers probably HODL their coins in singlesig addresses. Sadly, switching to Taproot would do very little for you (it gives a mild discount at spend time, at the cost of a mild increase in fee at receive time (paid by whoever sends to you, so if it's a self-send from a P2PKH or bech32 address, you pay for this); mostly a wash). (technical details: a Taproot output is 1 version byte + 32 byte public key, while a P2WPKH (bech32 singlesig) output is 1 version byte + 20 byte public key hash, so the Taproot output spends 12 bytes more; spending from a P2WPKH requires revealing a 32-byte public key later, which is not needed with Taproot, and Taproot signatures are about 9 bytes smaller than P2WPKH signatures, but the 32 bytes plus 9 bytes is divided by 4 because of the witness discount, so it saves about 11 bytes; mostly a wash, it increases blockweight by about 1 virtual byte, 4 weight for each Taproot-output-input, compared to P2WPKH-output-input). However, as your HODLings grow in value, you might start wondering if multisignature k-of-n setups might be better for the security of your savings. And it is in multisignature that Taproot starts to give benefits! Taproot switches to using Schnorr signing scheme. Schnorr makes key aggregation -- constructing a single public key from multiple public keys -- almost as trivial as adding numbers together. "Almost" because it involves some fairly advanced math instead of simple boring number adding, but hey when was the last time you added up your grocery list prices by hand huh? With current P2SH and P2WSH multisignature schemes, if you have a 2-of-3 setup, then to spend, you need to provide two different signatures from two different public keys. With Taproot, you can create, using special moon math, a single public key that represents your 2-of-3 setup. Then you just put two of your devices together, have them communicate to each other (this can be done airgapped, in theory, by sending QR codes: the software to do this is not even being built yet, but that's because Taproot hasn't activated yet!), and they will make a single signature to authorize any spend from your 2-of-3 address. That's 73 witness bytes -- 18.25 virtual bytes -- of signatures you save! And if you decide that your current setup with 1-of-1 P2PKH / P2WPKH addresses is just fine as-is: well, that's the whole point of a softfork: backwards-compatibility; you can receive from Taproot users just fine, and once your wallet is updated for Taproot-sending support, you can send to Taproot users just fine as well! (P2WPKH and P2WSH -- SegWit v0 -- addresses start with bc1q; Taproot -- SegWit v1 --- addresses start with bc1p, in case you wanted to know the difference; in bech32 q is 0, p is 1) Now how about HODLers who keep all, or some, of their coins on custodial services? Well, any custodial service worth its salt would be doing at least 2-of-3, or probably something even bigger, like 11-of-15. So your custodial service, if it switched to using Taproot internally, could save a lot more (imagine an 11-of-15 getting reduced from 11 signatures to just 1!), which --- we can only hope! --- should translate to lower fees and better customer service from your custodial service! So I think we can say, very accurately, that the Bitcoin principle --- that YOU are in control of your money --- can only be helped by Taproot (if you are doing multisignature), and, because P2PKH and P2WPKH remain validly-usable addresses in a Taproot future, will not be harmed by Taproot. Its benefit to this principle might be small (it mostly only benefits multisignature users) but since it has no drawbacks with this (i.e. singlesig users can continue to use P2WPKH and P2PKH still) this is still a nice, tidy win! (even singlesig users get a minor benefit, in that multisig users will now reduce their blockchain space footprint, so that fees can be kept low for everybody; so for example even if you have your single set of private keys engraved on titanium plates sealed in an airtight box stored in a safe buried in a desert protected by angry nomads riding giant sandworms because you're the frickin' Kwisatz Haderach, you still gain some benefit from Taproot) And here's the important part: if P2PKH/P2WPKH is working perfectly fine with you and you decide to never use Taproot yourself, Taproot will not affect you detrimentally. First do no harm!
Taproot and Your Contracts
No one is an island, no one lives alone. Give and you shall receive. You know: by trading with other people, you can gain expertise in some obscure little necessity of the world (and greatly increase your productivity in that little field), and then trade the products of your expertise for necessities other people have created, all of you thereby gaining gains from trade. So, contracts, which are basically enforceable agreements that facilitate trading with people who you do not personally know and therefore might not trust. Let's start with a simple example. You want to buy some gewgaws from somebody. But you don't know them personally. The seller wants the money, you want their gewgaws, but because of the lack of trust (you don't know them!! what if they're scammers??) neither of you can benefit from gains from trade. However, suppose both of you know of some entity that both of you trust. That entity can act as a trusted escrow. The entity provides you security: this enables the trade, allowing both of you to get gains from trade. In Bitcoin-land, this can be implemented as a 2-of-3 multisignature. The three signatories in the multisgnature would be you, the gewgaw seller, and the escrow. You put the payment for the gewgaws into this 2-of-3 multisignature address. Now, suppose it turns out neither of you are scammers (whaaaat!). You receive the gewgaws just fine and you're willing to pay up for them. Then you and the gewgaw seller just sign a transaction --- you and the gewgaw seller are 2, sufficient to trigger the 2-of-3 --- that spends from the 2-of-3 address to a singlesig the gewgaw seller wants (or whatever address the gewgaw seller wants). But suppose some problem arises. The seller gave you gawgews instead of gewgaws. Or you decided to keep the gewgaws but not sign the transaction to release the funds to the seller. In either case, the escrow is notified, and if it can sign with you to refund the funds back to you (if the seller was a scammer) or it can sign with the seller to forward the funds to the seller (if you were a scammer). Taproot helps with this: like mentioned above, it allows multisignature setups to produce only one signature, reducing blockchain space usage, and thus making contracts --- which require multiple people, by definition, you don't make contracts with yourself --- is made cheaper (which we hope enables more of these setups to happen for more gains from trade for everyone, also, moon and lambos). (technology-wise, it's easier to make an n-of-n than a k-of-n, making a k-of-n would require a complex setup involving a long ritual with many communication rounds between the n participants, but an n-of-n can be done trivially with some moon math. You can, however, make what is effectively a 2-of-3 by using a three-branch SCRIPT: either 2-of-2 of you and seller, OR 2-of-2 of you and escrow, OR 2-of-2 of escrow and seller. Fortunately, Taproot adds a facility to embed a SCRIPT inside a public key, so you can have a 2-of-2 Taprooted address (between you and seller) with a SCRIPT branch that can instead be spent with 2-of-2 (you + escrow) OR 2-of-2 (seller + escrow), which implements the three-branched SCRIPT above. If neither of you are scammers (hopefully the common case) then you both sign using your keys and never have to contact the escrow, since you are just using the escrow public key without coordinating with them (because n-of-n is trivial but k-of-n requires setup with communication rounds), so in the "best case" where both of you are honest traders, you also get a privacy boost, in that the escrow never learns you have been trading on gewgaws, I mean ewww, gawgews are much better than gewgaws and therefore I now judge you for being a gewgaw enthusiast, you filthy gewgawer).
Taproot and Your Contracts, Part 2: Cryptographic Boogaloo
Now suppose you want to buy some data instead of things. For example, maybe you have some closed-source software in trial mode installed, and want to pay the developer for the full version. You want to pay for an activation code. This can be done, today, by using an HTLC. The developer tells you the hash of the activation code. You pay to an HTLC, paying out to the developer if it reveals the preimage (the activation code), or refunding the money back to you after a pre-agreed timeout. If the developer claims the funds, it has to reveal the preimage, which is the activation code, and you can now activate your software. If the developer does not claim the funds by the timeout, you get refunded. And you can do that, with HTLCs, today. Of course, HTLCs do have problems:
Privacy. Everyone scraping the Bitcoin blockchain can see any HTLCs, and preimages used to claim them.
This can be mitigated by using offchain techniques so HTLCs are never published onchain in the happy case. Lightning would probably in practice be the easiest way to do this offchain. Of course, there are practical limits to what you can pay on Lightning. If you are buying something expensive, then Lightning might not be practical. For example, the "software" you are activating is really the firmware of a car, and what you are buying is not the software really but the car itself (with the activation of the car firmware being equivalent to getting the car keys).
Even offchain techniques need an onchain escape hatch in case of unresponsiveness! This means that, if something bad happens during payment, the HTLC might end up being published onchain anyway, revealing the fact that some special contract occurred.
And an HTLC that is claimed with a preimage onchain will also publicly reveal the preimage onchain. If that preimage is really the activation key of a software than it can now be pirated. If that preimage is really the activation key for your newly-bought cryptographic car --- well, not your keys, not your car!
Trust requirement. You are trusting the developer that it gives you the hash of an actual valid activation key, without any way to validate that the activation key hidden by the hash is actually valid.
Fortunately, with Schnorr (which is enabled by Taproot), we can now use the Scriptless Script constuction by Andrew Poelstra. This Scriptless Script allows a new construction, the PTLC or Pointlocked Timelocked Contract. Instead of hashes and preimages, just replace "hash" with "point" and "preimage" with "scalar". Or as you might know them: "point" is really "public key" and "scalar" is really a "private key". What a PTLC does is that, given a particular public key, the pointlocked branch can be spent only if the spender reveals the private key of the given private key to you. Another nice thing with PTLCs is that they are deniable. What appears onchain is just a single 2-of-2 signature between you and the developemanufacturer. It's like a magic trick. This signature has no special watermarks, it's a perfectly normal signature (the pledge). However, from this signature, plus some datta given to you by the developemanufacturer (known as the adaptor signature) you can derive the private key of a particular public key you both agree on (the turn). Anyone scraping the blockchain will just see signatures that look just like every other signature, and as long as nobody manages to hack you and get a copy of the adaptor signature or the private key, they cannot get the private key behind the public key (point) that the pointlocked branch needs (the prestige). (Just to be clear, the public key you are getting the private key from, is distinct from the public key that the developemanufacturer will use for its funds. The activation key is different from the developer's onchain Bitcoin key, and it is the activation key whose private key you will be learning, not the developer's/manufacturer's onchain Bitcoin key). So:
Privacy: PTLCs are private even if done onchain. Nobody else can learn what the private key behind the public key is, except you who knows the adaptor signature that when combined with the complete onchain signature lets you know what the private key of the activation key is. Somebody scraping the blockchain will not learn the same information even if all PTLCs are done onchain!
Lightning is still useful for reducing onchain use, and will also get PTLCs soon after Taproot is activated, but even if something bad happens and a PTLC has to go onchain, it doesn't reveal anything!
Trust issues can be proven more easily with a public-private keypair than with a hash-preimage pair.
For example, the developer of the software you are buying could provide a signature signing a message saying "unlock access to the full version for 1 day". You can check if feeding this message and signature to the program will indeed unlock full-version access for 1 day. Then you can check if the signature is valid for the purported pubkey whose private key you will pay for. If so, you can now believe that getting the private key (by paying for it in a PTLC) would let you generate any number of "unlock access to the full version for 1 day" message+signatures, which is equivalent to getting full access to the software indefinitely.
For the car, the manufacturer can show that signing a message "start the engine" and feeding the signature to the car's fimrware will indeed start the engine, and maybe even let you have a small test drive. You can then check if the signature is valid for the purported pubkey whose privkey you will pay for. If so, you can now believe that gaining knowledge of the privkey will let you start the car engine at any time you want.
(pedantry: the signatures need to be unique else they could be replayed, this can be done with a challenge-response sequence for the car, where the car gathers entropy somehow (it's a car, it probably has a bunch of sensors nowadays so it can get entropy for free) and uses the gathered entropy to challenge you to sign a random number and only start if you are able to sign the random number; for the software, it could record previous signatures somewhere in the developer's cloud server and refuse to run if you try to replay a previously-seen signature.)
Taproot lets PTLCs exist onchain because they enable Schnorr, which is a requirement of PTLCs / Scriptless Script. (technology-wise, take note that Scriptless Script works only for the "pointlocked" branch of the contract; you need normal Script, or a pre-signed nLockTimed transaction, for the "timelocked" branch. Since Taproot can embed a script, you can have the Taproot pubkey be a 2-of-2 to implement the Scriptless Script "pointlocked" branch, then have a hidden script that lets you recover the funds with an OP_CHECKLOCKTIMEVERIFY after the timeout if the seller does not claim the funds.)
Quantum Quibbles!
Now if you were really paying attention, you might have noticed this parenthetical:
(technical details: a Taproot output is 1 version byte + 32 byte public key, while a P2WPKH (bech32 singlesig) output is 1 version byte + 20 byte public key hash...)
So wait, Taproot uses raw 32-byte public keys, and not public key hashes? Isn't that more quantum-vulnerable?? Well, in theory yes. In practice, they probably are not. It's not that hashes can be broken by quantum computes --- they're still not. Instead, you have to look at how you spend from a P2WPKH/P2PKH pay-to-public-key-hash. When you spend from a P2PKH / P2WPKH, you have to reveal the public key. Then Bitcoin hashes it and checks if this matches with the public-key-hash, and only then actually validates the signature for that public key. So an unconfirmed transaction, floating in the mempools of nodes globally, will show, in plain sight for everyone to see, your public key. (public keys should be public, that's why they're called public keys, LOL) And if quantum computers are fast enough to be of concern, then they are probably fast enough that, in the several minutes to several hours from broadcast to confirmation, they have already cracked the public key that is openly broadcast with your transaction. The owner of the quantum computer can now replace your unconfirmed transaction with one that pays the funds to itself. Even if you did not opt-in RBF, miners are still incentivized to support RBF on RBF-disabled transactions. So the extra hash is not as significant a protection against quantum computers as you might think. Instead, the extra hash-and-compare needed is just extra validation effort. Further, if you have ever, in the past, spent from the address, then there exists already a transaction indelibly stored on the blockchain, openly displaying the public key from which quantum computers can derive the private key. So those are still vulnerable to quantum computers. For the most part, the cryptographers behind Taproot (and Bitcoin Core) are of the opinion that quantum computers capable of cracking Bitcoin pubkeys are unlikely to appear within a decade or two.
Current quantum computers can barely crack prime factorization problem for primes of 5 bits.
The 256-bit elliptic curve use by Bitcoin is, by my (possibly wrong) understanding, equivalent to 4096-bit primes, so you can see a pretty big gap between now (5 bit primes) and what is needed (4096 bit primes).
A lot of financial non-Bitcoin systems use the equivalent of 3072-bit primes or less, and are probably easier targets to crack than the equivalent-to-4096-bit-primes Bitcoin.
So:
Quantum computers capable of cracking Bitcoin are still far off.
Pay-to-public-key-hash is not as protective as you might think.
We will probably see banks get cracked before Bitcoin, so the banking system is a useful canary-in-a-coal-mine to see whether we should panic about being quantum vulnerable.
For now, the homomorphic and linear properties of elliptic curve cryptography provide a lot of benefits --- particularly the linearity property is what enables Scriptless Script and simple multisignature (i.e. multisignatures that are just 1 signature onchain). So it might be a good idea to take advantage of them now while we are still fairly safe against quantum computers. It seems likely that quantum-safe signature schemes are nonlinear (thus losing these advantages).
Summary
If you are a singlesig HODL-only Bitcoin user, Taproot will not affect you positively or negatively. Importantly: Taproot does no harm!
If you use or intend to use multisig, Taproot will be a positive for you.
If you transact onchain regularly using typical P2PKH/P2WPKH addresses, you get a minor reduction in feerates since multisig users will likely switch to Taproot to get smaller tx sizes, freeing up blockspace for yours.
If you are using multiparticipant setups for special systems of trade, Taproot will be a positive for you.
Remember: Lightning channels are multipartiicpiant setups for special systems of lightning-fast offchain trades!
I Wanna Be The Taprooter!
So, do you want to help activate Taproot? Here's what you, mister sovereign Bitcoin HODLer, can do!
If you have developer experience especially in C, C++, or related languages
Review the Taproot code! There is one pull request in Bitcoin Core, and one in libsecp256k1. I deliberately am not putting links here, to avoid brigades of nontechnical but enthusiastic people leaving pointless reviews, but if you are qualified you know how to find them!
But I am not a cryptographeBitcoin Core contributomathematician/someone as awesome as Pieter Wuille
That's perfectly fine! The cryptographers have been over the code already and agree the math is right and the implementation is right. What is wanted is the dreary dreary dreary software engineering: are the comments comprehensive and understandable? no misspellings in the comments? variable names understandable? reasonable function naming convention? misleading coding style? off-by-one errors in loops? conditions not covered by tests? accidental mixups of variables with the same types? missing frees? read-before-init? better test coverage of suspicious-looking code? missing or mismatching header guards? portability issues? consistent coding style? you know, stuff any coder with a few years of experience in coding anything might be able to catch. With enough eyes all bugs are shallow!
If you are running a mining pool/mining operation/exchange/custodial service/SPV server
Be prepared to upgrade!
One of the typical issues with upgrading software is that subtle incompatibilities with your current custom programs tend to arise, disrupting operations and potentially losing income due to downtime. If so, consider moving to the two-node setup suggested by gmax, which is in the last section of my previous post. With this, you have an up-to-date "public" node and a fixed-version "private" node, with the public node protecting the private node from any invalid chainsplits or invalid transactions. Moving to this setup from a typical one-node setup should be smooth and should not disrupt operations (too much).
If you are running your own fullnode for fun or for your own wallet
Be prepared to upgrade! The more nodes validating the new rules (even if you are a non-mining node!), the safer every softfork will be!
If you are using an SPV wallet or custodial wallet/service (including hardware wallets using the software of the wallet provider)
Contact your wallet provider / SPV server and ask for a statement on whether they support Taproot, and whether they are prepared to upgrade for Taproot! Make it known to them that Taproot is something you want!
But I Hate Taproot!!
That's fine!
Raise your objections to Taproot now, or forever hold your peace! Maybe you can raise them here and some of the devs (probably nullc, he goes everywhere, even in rbtc!) might be able to see your objections! Or if your objections are very technical, head over to the appropriate pull request and object away!
Maybe you simply misunderstand something, and we can clarify it here!
Or maybe you do have a good objection, and we can make Taproot better by finding a solution for it!
almkglor your post has been copied because one or more comments in this topic have been removed. This copy will preserve unmoderated topic. If you would like to opt-out, please send a message using [this link].
New England New England 6 States Songs: https://www.reddit.com/newengland/comments/er8wxd/new_england_6_states_songs/ NewEnglandcoin Symbol: NENG NewEnglandcoin is a clone of Bitcoin using scrypt as a proof-of-work algorithm with enhanced features to protect against 51% attack and decentralize on mining to allow diversified mining rigs across CPUs, GPUs, ASICs and Android phones. Mining Algorithm: Scrypt with RandomSpike. RandomSpike is 3rd generation of Dynamic Difficulty (DynDiff) algorithm on top of scrypt. 1 minute block targets base difficulty reset: every 1440 blocks subsidy halves in 2.1m blocks (~ 2 to 4 years) 84,000,000,000 total maximum NENG 20000 NENG per block Pre-mine: 1% - reserved for dev fund ICO: None RPCPort: 6376 Port: 6377 NewEnglandcoin has dogecoin like supply at 84 billion maximum NENG. This huge supply insures that NENG is suitable for retail transactions and daily use. The inflation schedule of NengEnglandcoin is actually identical to that of Litecoin. Bitcoin and Litecoin are already proven to be great long term store of value. The Litecoin-like NENG inflation schedule will make NewEnglandcoin ideal for long term investment appreciation as the supply is limited and capped at a fixed number Bitcoin Fork - Suitable for Home Hobbyists NewEnglandcoin core wallet continues to maintain version tag of "Satoshi v0.8.7.5" because NewEnglandcoin is very much an exact clone of bitcoin plus some mining feature changes with DynDiff algorithm. NewEnglandcoin is very suitable as lite version of bitcoin for educational purpose on desktop mining, full node running and bitcoin programming using bitcoin-json APIs. The NewEnglandcoin (NENG) mining algorithm original upgrade ideas were mainly designed for decentralization of mining rigs on scrypt, which is same algo as litecoin/dogecoin. The way it is going now is that NENG is very suitable for bitcoin/litecoin/dogecoin hobbyists who can not , will not spend huge money to run noisy ASIC/GPU mining equipments, but still want to mine NENG at home with quiet simple CPU/GPU or with a cheap ASIC like FutureBit Moonlander 2 USB or Apollo pod on solo mining setup to obtain very decent profitable results. NENG allows bitcoin litecoin hobbyists to experience full node running, solo mining, CPU/GPU/ASIC for a fun experience at home at cheap cost without breaking bank on equipment or electricity. MIT Free Course - 23 lectures about Bitcoin, Blockchain and Finance (Fall,2018) https://www.youtube.com/playlist?list=PLUl4u3cNGP63UUkfL0onkxF6MYgVa04Fn CPU Minable Coin Because of dynamic difficulty algorithm on top of scrypt, NewEnglandcoin is CPU Minable. Users can easily set up full node for mining at Home PC or Mac using our dedicated cheetah software. Research on the first forked 50 blocks on v1.2.0 core confirmed that ASIC/GPU miners mined 66% of 50 blocks, CPU miners mined the remaining 34%. NENG v1.4.0 release enabled CPU mining inside android phones. Youtube Video Tutorial How to CPU Mine NewEnglandcoin (NENG) in Windows 10 Part 1 https://www.youtube.com/watch?v=sdOoPvAjzlE How to CPU Mine NewEnglandcoin (NENG) in Windows 10 Part 2 https://www.youtube.com/watch?v=nHnRJvJRzZg How to CPU Mine NewEnglandcoin (NENG) in macOS https://www.youtube.com/watch?v=Zj7NLMeNSOQ Decentralization and Community Driven NewEnglandcoin is a decentralized coin just like bitcoin. There is no boss on NewEnglandcoin. Nobody nor the dev owns NENG. We know a coin is worth nothing if there is no backing from community. Therefore, we as dev do not intend to make decision on this coin solely by ourselves. It is our expectation that NewEnglandcoin community will make majority of decisions on direction of this coin from now on. We as dev merely view our-self as coin creater and technical support of this coin while providing NENG a permanent home at ShorelineCrypto Exchange. Twitter Airdrop Follow NENG twitter and receive 100,000 NENG on Twitter Airdrop to up to 1000 winners Graphic Redesign Bounty Top one award: 90.9 million NENG Top 10 Winners: 500,000 NENG / person Event Timing: March 25, 2019 - Present Event Address: NewEnglandcoin DISCORD at: https://discord.gg/UPeBwgs Please complete above Twitter Bounty requirement first. Then follow Below Steps to qualify for the Bounty: (1) Required: submit your own designed NENG logo picture in gif, png jpg or any other common graphic file format into DISCORD "bounty-submission" board (2) Optional: submit a second graphic for logo or any other marketing purposes into "bounty-submission" board. (3) Complete below form. Please limit your submission to no more than two total. Delete any wrongly submitted or undesired graphics in the board. Contact DISCORD u/honglu69#5911 or u/krypton#6139 if you have any issues. Twitter Airdrop/Graphic Redesign bounty sign up: https://goo.gl/forms/L0vcwmVi8c76cR7m1 Milestones
Sep 3, 2018 - Genesis block was mined, NewEnglandcoin created
Sep 8, 2018 - github source uploaded, Window wallet development work started
Sep 11,2018 - Window Qt Graphic wallet completed
Sep 12,2018 - NewEnglandcoin Launched in both Bitcointalk forum and Marinecoin forum
Sep 14,2018 - NewEnglandcoin is listed at ShorelineCrypto Exchange
Sep 17,2018 - Block Explorer is up
Nov 23,2018 - New Source/Wallet Release v1.1.1 - Enabled Dynamic Addjustment on Mining Hashing Difficulty
Nov 28,2018 - NewEnglandcoin became CPU minable coin
Nov 30,2018 - First Retail Real Life usage for NewEnglandcoin Announced
Dec 28,2018 - Cheetah_Cpuminer under Linux is released
Dec 31,2018 - NENG Technical Whitepaper is released
Jan 2,2019 - Cheetah_Cpuminer under Windows is released
Jan 12,2019 - NENG v1.1.2 is released to support MacOS GUI CLI Wallet
Jan 13,2019 - Cheetah_CpuMiner under Mac is released
Feb 11,2019 - NewEnglandcoin v1.2.0 Released, Anti-51% Attack, Anti-instant Mining after Hard Fork
Mar 16,2019 - NewEnglandcoin v1.2.1.1 Released - Ubuntu 18.04 Wallet Binary Files
Apr 7, 2019 - NENG Report on Security, Decentralization, Valuation
Apr 21, 2019 - NENG Fiat Project is Launched by ShorelineCrypto
Sep 1, 2019 - Shoreline Tradingbot project is Launched by ShorelineCrypto
Dec 19, 2019 - Shoreline Tradingbot v1.0 is Released by ShorelineCrypto
Jan 30, 2020 - Scrypt RandomSpike - NENG v1.3.0 Hardfork Proposed
Feb 24, 2020 - Scrypt RandomSpike - NENG core v1.3.0 Released
Jun 19, 2020 - Linux scripts for Futurebit Moonlander2 USB ASIC on solo mining Released
Jul 15, 2020 - NENG v1.4.0 Released for Android Mining and Ubuntu 20.04 support
Jul 21, 2020 - NENG v1.4.0.2 Released for MacOS Wallet Upgrade with Catalina
Jul 30, 2020 - NENG v1.4.0.3 Released for Linux Wallet Upgrade with 8 Distros
Aug 11, 2020 - NENG v1.4.0.4 Released for Android arm64 Upgrade, Chromebook Support
Aug 30, 2020 - NENG v1.4.0.5 Released for Android/Chromebook with armhf, better hardware support
Roadmap
2018 Q3 - Birth of NewEnglandcoin, window/linux wallet - Done
2018 Q4 - Decentralization Phase I
Blockchain Upgrade - Dynamic hashing algorithm I - Done
Cheetah Version I- CPU Mining Automation Tool on Linux - Done
2019 Q1 - Decentralization Phase II
Cheetah Version II- CPU Mining Automation Tool on Window/Linux - Done
Blockchain Upgrade Dynamic hashing algorithm II - Done
2019 Q2 - Fiat Phase I
Assessment of Risk of 51% Attack on NENG - done
Launch of Fiat USD/NENG offering for U.S. residents - done
Initiation of Mobile Miner Project - Done
2019 Q3 - Shoreline Tradingbot, Mobile Project
Evaluation and planning of Mobile Miner Project - on Hold
Initiation of Trading Bot Project - Done
2019 Q4 - Shoreline Tradingbot
Shoreline tradingbot Release v1.0 - Done
2020 Q1 - Evaluate NENG core, Mobile Wallet Phase I
NENG core Decentralization Security Evaluation for v1.3.x - Done
Light Mobile Wallet Project Initiation, Evaluation
2020 Q2 - NENG Core, Mobile Wallet Phase II
NENG core Decentralization Security Hardfork on v1.3.x - Scrypt RandomSpike
Light Mobile Wallet Project Design, Coding
2020 Q3 - NENG core, NENG Mobile Wallet Phase II
Review on results of v1.3.x, NENG core Dev Decision on v1.4.x, Hardfork If needed
Light Mobile Wallet Project testing, alpha Release
2020 Q4 - Mobile Wallet Phase III
Light Mobile Wallet Project Beta Release
Light Mobile Wallet Server Deployment Evaluation and Decision
What will you be doing with this PC? Be as specific as possible, and include specific games or programs you will be using.
I want to play Warzone and (soon) Cyberpunk 2077 on the best possible settings, with the ability to stream on Twitch.
What is your maximum budget before rebates/shipping/taxes?
Ideally, I want to be between $2000-$2500, but am financially willing to go up to $3000.
When do you plan on building/buying the PC? Note: beyond a week or two from today means any build you receive will be out of date when you want to buy.
I am in no rush to buy the PC this week or this month. If I should wait for new processors and video cards that will be released in the fall, then I'll do that.
What, exactly, do you need included in the budget?
The best parts to support the highest video settings on a 4K monitor. CPU, CPU cooler, Mobo, GPU, PSU, Hard Drive, Case, Windows OS, additional USB ports, all that stuff
Pretty much everything but a mouse and keyboard.
Which country (and state/province) will you be purchasing the parts in? If you're in US, do you have access to a Microcenter location?
US - no MicroCenter location near me
If reusing any parts (including monitor(s)/keyboard/mouse/etc), what parts will you be reusing? Brands and models are appreciated.
Just the mouse and keyboard
Will you be overclocking? If yes, are you interested in overclocking right away, or down the line? CPU and/or GPU?
I have no desire to overclock
Are there any specific features or items you want/need in the build? (ex: SSD, large amount of storage or a RAID setup, CUDA or OpenCL support, etc)
I definitely want at least a 1 TB SSD drive (ideally 2 TB's), but the other words are things I don't know about so I have no clue. Whatever will help me have the best gaming/streaming performance for my budget.
For $3000, I just want the best possible gaming & streaming setup I can get. I don't do video editing, or Bitcoin mining, or any of that. I want to play and stream games, stream videos, and browse the Internet with it.
What type of network connectivity do you need? (Wired and/or WiFi) If WiFi is needed and you would like to find the fastest match for your wireless router, please list any specifics.
I have a powerline adapter connection, so I'll need an Ethernet port
Do you have any specific case preferences (Size like ITX/microATX/mid-towefull-tower, styles, colors, window or not, LED lighting, etc), or a particular color theme preference for the components?
I want LED lighting, ideally blue and red
Do you need a copy of Windows included in the budget? If you do need one included, do you have a preference?
Yes, just a basic Win10
Extra info or particulars:
I want this PC to be built for me. I've built my own PC a few years ago and it took way longer than expected and received faulty hardware, so I will gladly pay extra to have someone else do it for me. Just the cable management alone is something I'm willing to pay an extra few Benjamin's for. For the aesthetic, I would like the case to be see-through with LED lights inside, with a white case.
What is Masternode? Why Is XinFin Masternode a Good Alternative to Proof of Work
Taking into account current market conditions more and more crypto enthusiasts are gaining interest in being rewarded for holding tokens. Ain’s it’s beneficial than patiently waiting for the moon? Traditional Proof-of-Work (PoW) mining is not in the best shape. Therefore miners are not an exception as it’s getting harder to stay profitable. Plus, PoW mining isn’t friendly for mass adoption and requires huge network consumption. Another important fact is that you do not have to be a trading guru to start gaining additional income. These are just a few reasons why more buzz have been around the Proof-of-Stake (PoS) and Masternodes (MN). We have to admit that they are eye-catching nowadays, and considered as the future of cryptocurrency. Now you might be asking yourself “What is the Masternode?” Let’s get down to business! Well, in a nutshell, masternode is a server on a decentralized network. Some blockchain protocols provide for the creation of particular nodes that perform additional work on the verification of transactions and bring their owners regular profits. Such nodes are called masternodes. They regularly get rewards for completing such actions. Builds a curiosity? Move on! Why Do You Need to Launch a XinFin Masternode Now, Until it’s Not Too Late? XinFin Masternode is a good option for passive income, and there are several reasons why it might be the right time to start running a XinFin masternode or a few at once. First of all, XinFin masternodes are not so famous for now. However, this is likely to change soon. The same applies to rewards, which will decrease every year. Secondly, the XinFin XDC coin is cheaper, which means that the entry threshold at the moment is much lower than before. It won’t cost you a fortune. Finally, it’s better to hold and get rewards than merely hope for prices to go up. Although according to the CoinGecko 2018 report the numbers of both masternodes and masternode coins increased significantly during the past year, there is still a substantial drop in overall value. The total market cap for masternodes coins dropped from over $12 billion in January 2018 to just over $500 million by 2018’s end — a double-digit drop quarter-on-quarter. Nevertheless, it’s just the beginning of the XinFin. Remember, the early bird gets the worm! What is the Average XinFin Masternode ROI? Take in mind, that ROI is a relative term in the context of cryptocurrency space. We got used to the practice that ROI in crypto space is a bit another term, unlike the traditional markets where XinFin ROI measures per year around 10%+ as per the past few months’ data. How to Setup Masternode: It’s very easy to setup XinFin Masternode compare to setting us crypto mining facility for Bitcoin and ethereum. XinFin vs bitcoin mining: XinFin Masternode needs the lowest hardware configuration to run masternode while bitcoin needs the high configuration of hardware to run bitcoin mining and this also results in high depreciation every month with high risk. While XinFin Masternode runs with a tiny VPS hosting plan with the lowest cost of operation. Before the launch of XinFin main-net i used to do bitcoin and ethereum mining And now shifted to XinFin network after the launch of main-net Disclaimer: Digital asset investment, Mining comes with high risk. This article is not for the purpose of investment, tax or legal advice. The author is not responsible for any review of the assets. Please consult with your financial advisor before Crypto Investment or starting mining facilities Useful link for XinFin Masternode Here is a link on How to setup masternode. IndSoft System partnership with XinFin for hosting masternode: Click here to know more about partnership. Guide to setup node with one click installer For any instant support join XinFin Telegram Group.
As a sequel to the first paper of Blockchain & Law article series titled 'A New Digital Order - Unveiling the Interplay of Law & Blockchain Technology', this paper explores the inter-operability of India's data privacy regime and blockchain technology. In this regard, recording of a webinar conducted on 'Blockchain & Data Privacy: An India Perspective' by the AKS Partners can be viewed on YouTube here.
B. Data privacy in India
Constitution of India
Article 21 of the Indian Constitution is a comprehensive, all-encompassing provision that inheres within itself basic, fundamental rights that are absolutely essential to the existence of a human being with dignity and personal liberty. In the judgment of K.S. Puttaswamy v. Union of India,1 a nine-judge bench of the Honourable Supreme Court of India held that the right to privacy falls within the contours of Article 21 and is incidental to life and personal liberty. This right to privacy includes the right to data protection and privacy.
Information Technology Act, 2000
In India, data privacy is governed by the Information Technology Act, 2000 ("IT Act") and the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 ("SPDI Rules"). Sections 43A (Compensation for failure to protect data) of the IT Act provides a statutory right to a data provider to claim compensation for unapproved disclosure of information (including in breach of a contract). Under Section 72A (Punishment for disclosure of information in breach of lawful contract) of the IT Act, wherever any person including an intermediary discloses information obtained under a lawful contract without consent shall be punished with imprisonment or with fine or both.
SPDI Rules
The SPDI Rules constitute a set of basic obligations to be adhered to in circumstances where sensitive data is being collected. It may be noted that the SPDI Rules apply only to 'Sensitive Personal Data or Information'.2 The SPDI Rules lay down guidelines for collection (Rule 5) and transfer of information (Rule 7) and also mandatorily require body corporates to adopt and implement a policy for privacy and disclosure of information (Rule 4). On 24 August 2011, the Ministry of Electronics and Information Technology issued a clarification to the SPDI Rules ("Regulatory Clarification"). The Regulatory Clarification states that the SPDI Rules are applicable only to body corporates or persons located within India. Also, where a body corporate deals in data of any legal entity located within or outside India under a contractual arrangement, the SPDI Rules pertaining to collection (Rule 5) and disclosure of information (Rule 6) would not apply. It was also clarified that requirement to obtain written consent under Rule 5(1) of the SPDI Rules includes electronic consent as well.
The Personal Data Protection Bill, 2019 ("Bill")
The Bill is inspired from and is in many ways a replica of the European Union's General Data Protection Regulations ("GDPR"). The Bill lays down several provisions including in relation to crossborder transfer of data, sandboxing, privacy by design and introduces a more robust set of obligations for entities handling sensitive personal data. The Bill is currently pending before a Joint Parliamentary Committee. The Bill applies to and categorises data into 'Personal Data', 'Sensitive Personal Data' and 'Critical Personal Data'.
Sectoral regulations
Regulated sectors such as telecom and financial services have separate obligations of confidentiality which restricts disclosure and transfer of customer personal information and mandates use of such information only in the manner agreed with the customer. Certain sectoral regulators (like Reserve Bank of India) also mandate data localisation.
C. Blockchain technology and data privacy
For details on the working of a blockchain network, please refer to our previous paper here. Coverage The Bill defines 'Personal Data') as 'data about or relating to a natural person who is directly or indirectly identifiable'. This means where the origins of the data cannot be traced down to a natural person, the data would cease to be 'Personal Data'. Resultantly, storing the data in a manner where it cannot be traced to a natural person (including by introducing and implementing robust methods to address re-identification risks) may prove beneficial in reducing a blockchain network's interaction with data privacy regulations (such as by encryption or anonymisation of Personal Data). Public v. Private Blockchain Private blockchain which restricts and regulates network participation appears to be a more preferable fit when it comes to ensuring compliance with data privacy laws. Public blockchains with permissionless borders pose greater difficulty in procuring every participant to agree on and comply with relevant rules on protection of personal data. Stakeholders The Bill identifies three categories of stakeholders (similar to GDPR) viz. Data Principals, Data Fiduciary and Data Processor. The SPDI Rules only provides for data provider and body corporate or person collecting data. The term 'Processing' has been defined to include collection, storage, retrieval, adaptation, disclosure etc. (Section 3(31)). Accordingly, any data stored or transmitted on blockchain will amount to processing. Blockchain network is a decentralised system with each node / miner (i.e. network participant) spread all over the world. There is no clear demarcation between a Data Principal and a Data Fiduciary or a Data Processor over a blockchain network. The way the network functions, no single person can be said to be in-charge of the network thereby making it all the more problematic for regulators to fix the compliance burden on a party. Accordingly, the question of determining the identity status and fixing liability of various participants attains significance and complexity over a distributed ledger network like blockchain. Each node over the network functions as a Data Processor on account of participation in the verification of the data. At the same time one or more of such nodes may also be acting as a Data Principal. With respect to mining over the network while it is a single miner who is able to formulate a valid hash, all the other miners also participate in the mining activity when they attempt to arrive at the winning lottery number. Thus making such miner also a Data Processor. While fixing liability on a private blockchain network that restricts the number of network participants is comparatively less complex, the same would be quite challenging on a public blockchain network, such as Bitcoin. With regard to identifying the status and roles, the guidance issued by French data protection authority ("CNIL Guidance")3 in the context of GDPR is useful. The CNIL Guidance categorises blockchain actors into the following groups: (a) participants with full read and write access to the data; (b) participants with read only access; and (c) miners that validate the transactions. Participants falling in category (a) above are Data Controllers (equivalent to a Data Fiduciary under the Bill) while categories (b) and (c) are not. Collection and processing of data over a blockchain network The Bill sets out a number of obligations that have to be performed by the Data Fiduciaries, some key compliances being, obtaining consent of the data principals, retaining the data only till absolutely necessary (Storage Limitation), providing notice to the Data Principals, ensuring data is used only for the purpose (which has to be specific, clear and lawful) for which it has been taken (Purpose Limitation). Rule 5 of the SPDI Rules also lays down similar obligations for collection of data. Key concerns that the inherent and intrinsic nature of the blockchain technology raises are as under: Firstly, with respect to the Storage Limitation principle, the immutable nature of the technology prevents the data from being deleted once the purpose has been fulfilled. Secondly, given the decentralised nature of blockchain, it becomes challenging to determine the exact purpose for which data is collected over such a widespread network and who is to keep a check that the data so collected is used only for such predefined purposes. Thirdly, it is commonly argued that the network participants over a blockchain impliedly consent while sharing their data. This may not however fulfil the requirements under the Bill which requires consent to be clear, through an affirmative action. This gives birth to concomitant regulatory issues over a decentralised system as to who shall oblige with these compliances under the law and who should be made responsible / liable for any lapses in compliance. Lastly, the Bill also proposes certain additional requirements such as transparent and fair processing and the Purpose Limitation. The blurred distinction in the status of identities in blockchain makes determining purpose and manner of processing challenging. A detailed governance framework setting out roles and responsibilities, off-chain and on-chain personal data, may provide useful guidance towards addressing the aforementioned concerns. Key rights of Data Principals
Right to Confirmation and Access
The Bill entitles the Data Principals to seek information regarding the types and nature of personal data stored with the Data Fiduciaries, or to ascertain the nature of processing activities that has been undertaken on his/her data, or seek a brief summary of processing activities undertaken. While enforcement of this right may not be technically difficult, however, blockchain networks may establish a proper governance framework that delineates a specific authority to pass over the requisite data to the data principal as and when asked for. The network may also consider laying out methods of searching and accessing the necessary information which may be de-encrypted with the use of the private key.
Right to Correction
Section 18 of the Bill and Rule 5 of the SPDI Rules provides the right to rectify or correct the data. Given the immutable nature of the decentralised ledger maintained on a blockchain, exercising this right may not be compatible. To accomplish alteration/correction of data would be a burdensome task since it will require a majority of nodes to come together to identify the data, alter and re-hash not just the concerned block but also all previous blocks as well. Alternatively, a new block with corrected information may be added once verified through the consensus mechanism.
Right to be Forgotten
The Bill introduces 'Right to be Forgotten' ("RTF"). RTF entitles data principals to request the removal of his/her personal data, without undue delay, from any business's storage. RTF has been in loggerheads with the inherent immutability of blockchain technology. Across jurisdictions the term 'forgotten' has been pegged with erasure and is construed in various senses in different jurisdictions, ranging from data anonymisation,4 destruction of hardware,5 putting data beyond use.6 Given the distinction within the types of blockchain, the modes for exercising RTF are uniform by and large. A widely discussed solution is the destruction of the private key, thereby rendering the data encrypted by a public key inaccessible.7 Owing to the setup of blockchain, a Data Principal may reach out to any entity in the chain that qualifies as a Data Fiduciary to enforce their rights. Similar to the Google-Spain case,8 wherein data subject's action against Google remained unaffected by the fact that the data could have been removed by the newspaper's website itself.9 However, the nature of a public blockchain network that does not identify a central authority might prove somewhat problematic where the data principal seeks to enforce his/her right. As countries are yet to formulate policies with respect to regulation of blockchains, some other alternatives for exercising RTF can be programming chameleon hashes, zero knowledge proofs or a censorable blockchain, as the same would be 'forgetful'.10 Cross-Border Transfer of Data Chapter VII of the Bill, which deals with restrictions on cross-border transfer of data, requires a copy of the Sensitive Personal Data to be stored domestically while Critical Personal Data must exclusively be processed and stored in India. However, these clear demarcations blur when applied to a blockchain ecosystem where storage and processing of data can be universal. Transfer of Sensitive Personal Data, requires explicit consent and the transfer must be under a contract or an intra-group scheme approved by the data protection authority (envisaged to be established under the Bill). While both of these requirements may get fulfilled over a private blockchain easily, a public blockchain due to undefined groups and lack of a central entity / authority may find it more challenging to implement adequate safeguards on restricting such transfer. Over a private blockchain the central body may enter into e-contracts with any number of participants and also obtain their explicit consent. Under the present regime, Rule 7 of the SPDI Rules provides that a transfer outside India may only be allowed where the country offers the same level of protection to the data. Again, enforcing this may be challenging over a public blockchain network comprising of thousands of nodes across borders. An in-built cross-border transfer consent clause in the governance framework or otherwise may also provide the needed legitimacy from the perspective of data privacy.
D. Jurisdictional Issues
The present uncertainty in law (including lack of adequate legal provisions) has resulted in jurisdictional issues concerning the domestic and transnational presence of the blockchain network. While Section 1(2) read with Section 75 of the IT Act accords limited extra-territorial applicability to the Act, the SPDI Rules, as mentioned in the Regulatory Clarification are applicable only to body corporates or persons located in India. Consequently, blockchain technology may need to comply with the IT Act to a certain extent, while, the mandate under the SPDI Rules will bind only the nodes/miners operating from India. As a result, the network participants operating outside India on the same blockchain will not be required to comply with the SPDI Rules or IT Act. Section 2 of the Bill affords extra-territorial application but only in certain limited circumstances viz. where the processing which takes place outside India is in connection with any business in India, or which involves the profiling of individuals within India. This will result in a subjective assessment of blockchains and its purposes in order to ascertain the applicability of the provisions of the Bill. The Civil-Commercial Courts in India, have applied the test as to whether a website is an 'interactive website'11 for determination of jurisdiction, in relation to websites that do not have a physical place of business in a jurisdiction.12 In other words, wherever a website facilitates or even intends to facilitate active trade / commercial transactions in jurisdictions where it does not have a physical place of business, in such cases cause of action, if any, arises in all such jurisdictions where the website operates interactively. However, applying such a test on a blockchain network may not be so straightforward. The intrinsic nature of the blockchain technology allows for processing and storage of data at multiple domestic and international jurisdictions simultaneously. Resultantly, in both domestic as well as international, identification of the place of cause of action becomes complex. The complexity increases as identification of the individuals processing and storing data (nodes) would require de-anonymisation. The determination of applicable laws will also depend on the nature of a blockchain network. It is practically more difficult to regulate a public blockchain network than a private blockchain network. In a private blockchain the architect/controlling entity may determine the governing laws or the governance framework may provide for a governing law. In light of the foregoing, it may come as a mammoth task for governments to enforce their respective data protection and cyber-security legislations against such transnational networks without consensus on a multi-national treaty suggesting a model law to regulate the use of blockchain networks. In the alternative, laws may promote self-regulation by merely identifying basic tenets of regulations like governing law, data privacy, certification etc. Non-compliance may include compulsory suspension/termination of participation rights of nodes or blocking access to blockchains which do not provide for adequate self-regulation. The developers of blockchain networks may consider incorporating dispute resolution and regulatory mechanisms as integral parts of the networks. The developers may also consider coding networks with peer-to-peer decentralized courts such as 'kleros' or 'codelegit' as part of a network's dispute resolution process.
E. Way forward
Blockchain technology carries the potential of disrupting business operations right from supply, manufacturing, logistics and final consumption especially in a post Covid-19 era. Please refer to our previous article on use cases of blockchain here. Accordingly, it is crucial that data privacy laws (with adequate concessions, where necessary) be treated as an enabler and not inhibitor to continued adoption of blockchain technology. Certain additional rights like data portability and right to withdraw consent adds to the complexity of having a compliant blockchain network. Certain obligations like mandatory registration may also be problematic if the government notifies certain blockchain network as a significant data fiduciaries. Set out below are few indicative measures towards harmonious application of data privacy laws and blockchain technology: 1) Every blockchain network must provide a detailed governance framework that is in alignment with the basic requirements under data privacy regulations. Such a framework would have to be binding on all participants over a blockchain network, stating all rights, obligations and duties of parties, including a detailed mechanism for communication, security measures, cross-border data transfer, and grievance redressal and may even set out applicable laws etc. 2) Such a self-governance framework could also include a privacy by design policy and provisions for Data Protection Impact Assessment (as set out in Chapter VI of the Bill). 3) 'Pruning' is used for situations where historical blocks of data beyond a certain timeline are deleted. Similarly, where data has to be altered or rectified, the same may be done by 'forking' where data is altered or deleted, the hash changed and a new fork is created. However, over a public blockchain Pruning and Forking can be challenging and may require a huge amount of computing consensus. 4) To ensure the safeguarding of right to privacy a Memory Optimized and Flexible Blockchain (MOF-BC) can be considered as an effective measure. It enables the IoT (Internet of Things) users and service providers to edit their transactions, thereby altering the details of data entry.13
Hello and welcome to the second Bitcoin mining tutorial, where I am going to cover how to setup a Bitcoin mining computer. Luckily for you, our method is to mine the crypto altcoins and then get paid in Bitcoin, so you don’t have to deal with specialized mining hardware (like ASIC), and can mine with your PC. What is Bitcoin Mining Hardware. The right bitcoin mining hardware is a necessity if you want to earn during bitcoin mining. Before, miners used a central processing unit (CPU) to mine, but it wasn’t fast enough.. So, miners moved on to using graphical processing unit (GPU) in computer graphics cards as they have data 50 to 100 times faster and consume less power per unit of work. Bitcoin mining is a way where you compete with your mining hardware with everyone on the network to earn bitcoins. It is a very crucial process that keeps the network secure. Bitcoin mining is the process of adding transaction records to the network’s public ledger . Hobby Bitcoin mining can still be fun and even profitable if you have cheap electricity and get the best and most efficient Bitcoin mining hardware. Bitcoin mining is competitive. It’s not ideal for the average person to mine since China’s cheap electricity has allowed it to dominate the mining market . So the first generation of mining when Bitcoin was originally proposed was all done on general purpose computers, general purpose CPUs. In fact, it was as simple as this code here, and it simply searched over nonces in an linear fashion, computed SHA-256 in software and checked if the result was a valid block.
How Much Can You Make Mining Bitcoin With 6X 1080 Ti ...
Newbie guide for those who want to try solo bitcoin and litecoin mining, using bfgminer and cgminer. The config files shown in the video are available in the... BitCoin Mining Hardware Buyer's Guide ft. Riggit Mining Frame - Duration: 5:09. ... How to Set Up a Bitcoin Mining Rig w/ BITMAIN ANTMINER U2 & CGMiner - Duration: 16:19. I set up a Bitcoin cryptocurrency mining farm in my garage with GPU mining rigs and ASIC miners as well as FPGA miners in my house. I explain how to setup yo... I recently got into crypto currency after FinalHash contacted me and offered to teach me anything I wanted to know and provide me with some ASIC miners to ge... SUBSCRIBE FOR MORE HOW MUCH - http://shorturl.at/arBHL Nviddia GTX 1080 Ti - https://amzn.to/2Hiw5xp 6X GPU Mining Rig Case - https://bitcoinmerch.com/produc...
