BITCOIN PRIVATE KEY HACK SOFTWARE Bitcoin Private Key Hack

If Bitcoin's hashrate keeps increasing at the same rate, by the year 2048 private key cracking will be more rewarding than mining.

Edit: the previous post/title was WRONG. The actual year is 2025. I wrongly coded as if a Bitcoin private key offered 256 bits of security, but it has only 128.

Bitcoin's hash rate has been doubling once every 75 days in average. It varies a lot, though, but, assuming it keeps a similar pace, and assuming that guessing one private key has the same cost of a single hash, then, by the end of 2048 2025, it will be more rewarding for miners to brute force private keys rather than mining.
 Year 2009 Block 0 Reward 50.0000 ~ btc/block Supply 0 ~ btc HashRate 2 ^ 16.14 ~ hash/s BlockReward 50 ~ btc/block CrackReward 0 ~ btc/block Year 2010 Block 52560 Reward 50.0000 ~ btc/block Supply 2628000 ~ btc HashRate 2 ^ 21.39 ~ hash/s BlockReward 50 ~ btc/block CrackReward 1.2747014123053446e-23 ~ btc/block Year 2011 Block 105120 Reward 50.0000 ~ btc/block Supply 5256000 ~ btc HashRate 2 ^ 26.65 ~ hash/s BlockReward 50 ~ btc/block CrackReward 9.742089606956995e-22 ~ btc/block Year 2012 Block 157680 Reward 50.0000 ~ btc/block Supply 7884000 ~ btc HashRate 2 ^ 31.90 ~ hash/s BlockReward 50 ~ btc/block CrackReward 5.584149491428814e-20 ~ btc/block Year 2013 Block 210240 Reward 25.0000 ~ btc/block Supply 10506000 ~ btc HashRate 2 ^ 37.16 ~ hash/s BlockReward 25 ~ btc/block CrackReward 2.84355396161426e-18 ~ btc/block Year 2014 Block 262800 Reward 25.0000 ~ btc/block Supply 11820000 ~ btc HashRate 2 ^ 42.42 ~ hash/s BlockReward 25 ~ btc/block CrackReward 1.2225178570411648e-16 ~ btc/block Year 2015 Block 315360 Reward 25.0000 ~ btc/block Supply 13134000 ~ btc HashRate 2 ^ 47.67 ~ hash/s BlockReward 25 ~ btc/block CrackReward 5.190968626841182e-15 ~ btc/block Year 2016 Block 367920 Reward 25.0000 ~ btc/block Supply 14448000 ~ btc HashRate 2 ^ 52.93 ~ hash/s BlockReward 25 ~ btc/block CrackReward 2.1820906194615775e-13 ~ btc/block Year 2017 Block 420480 Reward 12.5000 ~ btc/block Supply 15756000 ~ btc HashRate 2 ^ 58.18 ~ hash/s BlockReward 12.5 ~ btc/block CrackReward 9.09336615271874e-12 ~ btc/block Year 2018 Block 473040 Reward 12.5000 ~ btc/block Supply 16413000 ~ btc HashRate 2 ^ 63.44 ~ hash/s BlockReward 12.5 ~ btc/block CrackReward 3.619764639990166e-10 ~ btc/block Year 2019 Block 525600 Reward 12.5000 ~ btc/block Supply 17070000 ~ btc HashRate 2 ^ 68.70 ~ hash/s BlockReward 12.5 ~ btc/block CrackReward 1.4385982978309602e-8 ~ btc/block Year 2020 Block 578160 Reward 12.5000 ~ btc/block Supply 17727000 ~ btc HashRate 2 ^ 73.95 ~ hash/s BlockReward 12.5 ~ btc/block CrackReward 5.708932694200867e-7 ~ btc/block Year 2021 Block 630720 Reward 6.2500 ~ btc/block Supply 18379500 ~ btc HashRate 2 ^ 79.21 ~ hash/s BlockReward 6.25 ~ btc/block CrackReward 0.000022618668102981297 ~ btc/block Year 2022 Block 683280 Reward 6.2500 ~ btc/block Supply 18708000 ~ btc HashRate 2 ^ 84.46 ~ hash/s BlockReward 6.25 ~ btc/block CrackReward 0.0008797805447244139 ~ btc/block Year 2023 Block 735840 Reward 6.2500 ~ btc/block Supply 19036500 ~ btc HashRate 2 ^ 89.72 ~ hash/s BlockReward 6.25 ~ btc/block CrackReward 0.03420958084456445 ~ btc/block Year 2024 Block 788400 Reward 6.2500 ~ btc/block Supply 19365000 ~ btc HashRate 2 ^ 94.98 ~ hash/s BlockReward 6.25 ~ btc/block CrackReward 1.3298167789576036 ~ btc/block Year 2025 Block 840960 Reward 3.1250 ~ btc/block Supply 19690500 ~ btc HashRate 2 ^ 100.23 ~ hash/s BlockReward 3.125 ~ btc/block CrackReward 51.670743239455255 ~ btc/block 
Script.
submitted by SrPeixinho to Bitcoin [link] [comments]

If Bitcoin's hashrate keeps increasing at the same rate, by the year 2048 private key cracking will be more rewarding than mining. /r/Bitcoin

If Bitcoin's hashrate keeps increasing at the same rate, by the year 2048 private key cracking will be more rewarding than mining. /Bitcoin submitted by BitcoinAllBot to BitcoinAll [link] [comments]

Technical: Taproot: Why Activate?

This is a follow-up on https://old.reddit.com/Bitcoin/comments/hqzp14/technical_the_path_to_taproot_activation/
Taproot! Everybody wants it!! But... you might ask yourself: sure, everybody else wants it, but why would I, sovereign Bitcoin HODLer, want it? Surely I can be better than everybody else because I swapped XXX fiat for Bitcoin unlike all those nocoiners?
And it is important for you to know the reasons why you, o sovereign Bitcoiner, would want Taproot activated. After all, your nodes (or the nodes your wallets use, which if you are SPV, you hopefully can pester to your wallet vendoimplementor about) need to be upgraded in order for Taproot activation to actually succeed instead of becoming a hot sticky mess.
First, let's consider some principles of Bitcoin.
I'm sure most of us here would agree that the above are very important principles of Bitcoin and that these are principles we would not be willing to remove. If anything, we would want those principles strengthened (especially the last one, financial privacy, which current Bitcoin is only sporadically strong with: you can get privacy, it just requires effort to do so).
So, how does Taproot affect those principles?

Taproot and Your /Coins

Most HODLers probably HODL their coins in singlesig addresses. Sadly, switching to Taproot would do very little for you (it gives a mild discount at spend time, at the cost of a mild increase in fee at receive time (paid by whoever sends to you, so if it's a self-send from a P2PKH or bech32 address, you pay for this); mostly a wash).
(technical details: a Taproot output is 1 version byte + 32 byte public key, while a P2WPKH (bech32 singlesig) output is 1 version byte + 20 byte public key hash, so the Taproot output spends 12 bytes more; spending from a P2WPKH requires revealing a 32-byte public key later, which is not needed with Taproot, and Taproot signatures are about 9 bytes smaller than P2WPKH signatures, but the 32 bytes plus 9 bytes is divided by 4 because of the witness discount, so it saves about 11 bytes; mostly a wash, it increases blockweight by about 1 virtual byte, 4 weight for each Taproot-output-input, compared to P2WPKH-output-input).
However, as your HODLings grow in value, you might start wondering if multisignature k-of-n setups might be better for the security of your savings. And it is in multisignature that Taproot starts to give benefits!
Taproot switches to using Schnorr signing scheme. Schnorr makes key aggregation -- constructing a single public key from multiple public keys -- almost as trivial as adding numbers together. "Almost" because it involves some fairly advanced math instead of simple boring number adding, but hey when was the last time you added up your grocery list prices by hand huh?
With current P2SH and P2WSH multisignature schemes, if you have a 2-of-3 setup, then to spend, you need to provide two different signatures from two different public keys. With Taproot, you can create, using special moon math, a single public key that represents your 2-of-3 setup. Then you just put two of your devices together, have them communicate to each other (this can be done airgapped, in theory, by sending QR codes: the software to do this is not even being built yet, but that's because Taproot hasn't activated yet!), and they will make a single signature to authorize any spend from your 2-of-3 address. That's 73 witness bytes -- 18.25 virtual bytes -- of signatures you save!
And if you decide that your current setup with 1-of-1 P2PKH / P2WPKH addresses is just fine as-is: well, that's the whole point of a softfork: backwards-compatibility; you can receive from Taproot users just fine, and once your wallet is updated for Taproot-sending support, you can send to Taproot users just fine as well!
(P2WPKH and P2WSH -- SegWit v0 -- addresses start with bc1q; Taproot -- SegWit v1 --- addresses start with bc1p, in case you wanted to know the difference; in bech32 q is 0, p is 1)
Now how about HODLers who keep all, or some, of their coins on custodial services? Well, any custodial service worth its salt would be doing at least 2-of-3, or probably something even bigger, like 11-of-15. So your custodial service, if it switched to using Taproot internally, could save a lot more (imagine an 11-of-15 getting reduced from 11 signatures to just 1!), which --- we can only hope! --- should translate to lower fees and better customer service from your custodial service!
So I think we can say, very accurately, that the Bitcoin principle --- that YOU are in control of your money --- can only be helped by Taproot (if you are doing multisignature), and, because P2PKH and P2WPKH remain validly-usable addresses in a Taproot future, will not be harmed by Taproot. Its benefit to this principle might be small (it mostly only benefits multisignature users) but since it has no drawbacks with this (i.e. singlesig users can continue to use P2WPKH and P2PKH still) this is still a nice, tidy win!
(even singlesig users get a minor benefit, in that multisig users will now reduce their blockchain space footprint, so that fees can be kept low for everybody; so for example even if you have your single set of private keys engraved on titanium plates sealed in an airtight box stored in a safe buried in a desert protected by angry nomads riding giant sandworms because you're the frickin' Kwisatz Haderach, you still gain some benefit from Taproot)
And here's the important part: if P2PKH/P2WPKH is working perfectly fine with you and you decide to never use Taproot yourself, Taproot will not affect you detrimentally. First do no harm!

Taproot and Your Contracts

No one is an island, no one lives alone. Give and you shall receive. You know: by trading with other people, you can gain expertise in some obscure little necessity of the world (and greatly increase your productivity in that little field), and then trade the products of your expertise for necessities other people have created, all of you thereby gaining gains from trade.
So, contracts, which are basically enforceable agreements that facilitate trading with people who you do not personally know and therefore might not trust.
Let's start with a simple example. You want to buy some gewgaws from somebody. But you don't know them personally. The seller wants the money, you want their gewgaws, but because of the lack of trust (you don't know them!! what if they're scammers??) neither of you can benefit from gains from trade.
However, suppose both of you know of some entity that both of you trust. That entity can act as a trusted escrow. The entity provides you security: this enables the trade, allowing both of you to get gains from trade.
In Bitcoin-land, this can be implemented as a 2-of-3 multisignature. The three signatories in the multisgnature would be you, the gewgaw seller, and the escrow. You put the payment for the gewgaws into this 2-of-3 multisignature address.
Now, suppose it turns out neither of you are scammers (whaaaat!). You receive the gewgaws just fine and you're willing to pay up for them. Then you and the gewgaw seller just sign a transaction --- you and the gewgaw seller are 2, sufficient to trigger the 2-of-3 --- that spends from the 2-of-3 address to a singlesig the gewgaw seller wants (or whatever address the gewgaw seller wants).
But suppose some problem arises. The seller gave you gawgews instead of gewgaws. Or you decided to keep the gewgaws but not sign the transaction to release the funds to the seller. In either case, the escrow is notified, and if it can sign with you to refund the funds back to you (if the seller was a scammer) or it can sign with the seller to forward the funds to the seller (if you were a scammer).
Taproot helps with this: like mentioned above, it allows multisignature setups to produce only one signature, reducing blockchain space usage, and thus making contracts --- which require multiple people, by definition, you don't make contracts with yourself --- is made cheaper (which we hope enables more of these setups to happen for more gains from trade for everyone, also, moon and lambos).
(technology-wise, it's easier to make an n-of-n than a k-of-n, making a k-of-n would require a complex setup involving a long ritual with many communication rounds between the n participants, but an n-of-n can be done trivially with some moon math. You can, however, make what is effectively a 2-of-3 by using a three-branch SCRIPT: either 2-of-2 of you and seller, OR 2-of-2 of you and escrow, OR 2-of-2 of escrow and seller. Fortunately, Taproot adds a facility to embed a SCRIPT inside a public key, so you can have a 2-of-2 Taprooted address (between you and seller) with a SCRIPT branch that can instead be spent with 2-of-2 (you + escrow) OR 2-of-2 (seller + escrow), which implements the three-branched SCRIPT above. If neither of you are scammers (hopefully the common case) then you both sign using your keys and never have to contact the escrow, since you are just using the escrow public key without coordinating with them (because n-of-n is trivial but k-of-n requires setup with communication rounds), so in the "best case" where both of you are honest traders, you also get a privacy boost, in that the escrow never learns you have been trading on gewgaws, I mean ewww, gawgews are much better than gewgaws and therefore I now judge you for being a gewgaw enthusiast, you filthy gewgawer).

Taproot and Your Contracts, Part 2: Cryptographic Boogaloo

Now suppose you want to buy some data instead of things. For example, maybe you have some closed-source software in trial mode installed, and want to pay the developer for the full version. You want to pay for an activation code.
This can be done, today, by using an HTLC. The developer tells you the hash of the activation code. You pay to an HTLC, paying out to the developer if it reveals the preimage (the activation code), or refunding the money back to you after a pre-agreed timeout. If the developer claims the funds, it has to reveal the preimage, which is the activation code, and you can now activate your software. If the developer does not claim the funds by the timeout, you get refunded.
And you can do that, with HTLCs, today.
Of course, HTLCs do have problems:
Fortunately, with Schnorr (which is enabled by Taproot), we can now use the Scriptless Script constuction by Andrew Poelstra. This Scriptless Script allows a new construction, the PTLC or Pointlocked Timelocked Contract. Instead of hashes and preimages, just replace "hash" with "point" and "preimage" with "scalar".
Or as you might know them: "point" is really "public key" and "scalar" is really a "private key". What a PTLC does is that, given a particular public key, the pointlocked branch can be spent only if the spender reveals the private key of the given public key to you.
Another nice thing with PTLCs is that they are deniable. What appears onchain is just a single 2-of-2 signature between you and the developemanufacturer. It's like a magic trick. This signature has no special watermarks, it's a perfectly normal signature (the pledge). However, from this signature, plus some datta given to you by the developemanufacturer (known as the adaptor signature) you can derive the private key of a particular public key you both agree on (the turn). Anyone scraping the blockchain will just see signatures that look just like every other signature, and as long as nobody manages to hack you and get a copy of the adaptor signature or the private key, they cannot get the private key behind the public key (point) that the pointlocked branch needs (the prestige).
(Just to be clear, the public key you are getting the private key from, is distinct from the public key that the developemanufacturer will use for its funds. The activation key is different from the developer's onchain Bitcoin key, and it is the activation key whose private key you will be learning, not the developer's/manufacturer's onchain Bitcoin key).
So:
Taproot lets PTLCs exist onchain because they enable Schnorr, which is a requirement of PTLCs / Scriptless Script.
(technology-wise, take note that Scriptless Script works only for the "pointlocked" branch of the contract; you need normal Script, or a pre-signed nLockTimed transaction, for the "timelocked" branch. Since Taproot can embed a script, you can have the Taproot pubkey be a 2-of-2 to implement the Scriptless Script "pointlocked" branch, then have a hidden script that lets you recover the funds with an OP_CHECKLOCKTIMEVERIFY after the timeout if the seller does not claim the funds.)

Quantum Quibbles!

Now if you were really paying attention, you might have noticed this parenthetical:
(technical details: a Taproot output is 1 version byte + 32 byte public key, while a P2WPKH (bech32 singlesig) output is 1 version byte + 20 byte public key hash...)
So wait, Taproot uses raw 32-byte public keys, and not public key hashes? Isn't that more quantum-vulnerable??
Well, in theory yes. In practice, they probably are not.
It's not that hashes can be broken by quantum computes --- they're still not. Instead, you have to look at how you spend from a P2WPKH/P2PKH pay-to-public-key-hash.
When you spend from a P2PKH / P2WPKH, you have to reveal the public key. Then Bitcoin hashes it and checks if this matches with the public-key-hash, and only then actually validates the signature for that public key.
So an unconfirmed transaction, floating in the mempools of nodes globally, will show, in plain sight for everyone to see, your public key.
(public keys should be public, that's why they're called public keys, LOL)
And if quantum computers are fast enough to be of concern, then they are probably fast enough that, in the several minutes to several hours from broadcast to confirmation, they have already cracked the public key that is openly broadcast with your transaction. The owner of the quantum computer can now replace your unconfirmed transaction with one that pays the funds to itself. Even if you did not opt-in RBF, miners are still incentivized to support RBF on RBF-disabled transactions.
So the extra hash is not as significant a protection against quantum computers as you might think. Instead, the extra hash-and-compare needed is just extra validation effort.
Further, if you have ever, in the past, spent from the address, then there exists already a transaction indelibly stored on the blockchain, openly displaying the public key from which quantum computers can derive the private key. So those are still vulnerable to quantum computers.
For the most part, the cryptographers behind Taproot (and Bitcoin Core) are of the opinion that quantum computers capable of cracking Bitcoin pubkeys are unlikely to appear within a decade or two.
So:
For now, the homomorphic and linear properties of elliptic curve cryptography provide a lot of benefits --- particularly the linearity property is what enables Scriptless Script and simple multisignature (i.e. multisignatures that are just 1 signature onchain). So it might be a good idea to take advantage of them now while we are still fairly safe against quantum computers. It seems likely that quantum-safe signature schemes are nonlinear (thus losing these advantages).

Summary

I Wanna Be The Taprooter!

So, do you want to help activate Taproot? Here's what you, mister sovereign Bitcoin HODLer, can do!

But I Hate Taproot!!

That's fine!

Discussions About Taproot Activation

submitted by almkglor to Bitcoin [link] [comments]

The next XVG? Microcap 100x potential actually supported by fundamentals!

What’s up team? I have a hot one for you. XVG returned 12 million percent in 2017 and this one reminds me a lot of it. Here’s why:
Mimblewimble is like Blu-Ray compared to CD-ROM in terms of its ability to compress data on a blockchain. The current BTC chain is 277gb and its capacity is limited because every time you spend a coin, each node needs to validate its history back to when it was mined (this is how double spending is prevented). Mimblewimble is different - all transactions in a block are aggregated and netted out in one giant CoinJoin, and only the current spending needs to be verified. This means that dramatically more transactions can fit into a smaller space, increasing throughput and lowering fees while still retaining the full proof of work game theory of Bitcoin. These blockchains are small enough to run a full node on a cheap smartphone, which enhances the decentralization and censorship resistance of the network.
The biggest benefit, though, is that all transactions are private - the blockchain doesn’t reveal amounts or addresses except to the actual wallet owner. Unlike earlier decoy-based approaches that bloat the chain and can still be data mined (XMR), Mimblewimble leaves no trace in the blockchain, instead storing only the present state of coin ownership.
The first two Mimblewimble coins, Grin and Beam, launched to great fanfare in 2019, quickly reaching over $100m in market cap (since settled down to $22m and $26m respectively). They are good projects but grin has infinite supply and huge never-decreasing emission, and Beam is a corporate moneygrab whose founding investors are counting on you buying for their ROI.
ZEC is valued at $568m today, despite the facts that only 1% of transactions are actually shielded, it has a trusted setup, and generating a confidential transaction takes ~60 seconds on a powerful PC. XMR is a great project but it’s valued at $1.2b (so no 100x) and it uses CryptoNote, which is 2014 tech that relies on a decoy-based approach that could be vulnerable to more powerful computers in the future. Mimblewimble is just a better way to approach privacy because there is simply no data recorded in the blockchain for companies to surveil.
Privacy is not just for darknet markets, porn, money launderers and terrorists. In many countries it’s dangerous to be wealthy, and there are all kinds of problems with having your spending data be out there publicly and permanently for all to see. Namely, companies like Amazon are patenting approaches to identify people with their crypto addresses, “for law enforcement” but also so that, just like credit cards, your spending data can be used to target ads. (A) Coinbase is selling user data to the DEA, IRS, FBI, Secret Service, and who knows who else? (B) What about insurance companies raising your premiums or canceling your policy because they see you buying (legal) cannabis? If your business operates using transparent cryptocurrency, competitors can data mine your customer and supply chain data, and employees can see how much everyone else gets paid. I could go on, but the idea of “I have nothing to hide, so what do I care about privacy?” will increasingly ring hollow as people realize that this money printing will have to be paid by massive tax increases AND that those taxes will be directly debited from their “Central Bank Digital Currency” wallets.
100% privacy for all transactions also eliminates one HUGE problem that people aren’t aware of yet, but they will be: fungibility. Fungibility means that each coin is indistinguishable from any other, just like paper cash. Why is this important? Because of the ever-expanding reach of AML/KYC/KYT (Anti-Money Laundering / Know Your Customer / Know Your Transaction) as regulators cramp down on crypto and banks take over, increasingly coins become “tainted” in various ways. For example, if you withdraw coins to a mixing service like Wasabi or Samourai, you may find your account blocked. (C) The next obvious step is that if you receive coins that these chainalysis services don’t like for whatever reason, you will be completely innocent yet forced to prove that you didn’t know that the coins you bought were up to no good in a past life. 3 days ago, $100k of USDC was frozen. (D) Even smaller coins like LTC now have this problem, because “Chinese Drug Kingpins” used them. (E) I believe that censorable money that can be blocked/frozen isn’t really “your money”.
Epic Cash is a 100% volunteer community project (like XVG and XMR) that had a fair launch in September last year with no ICO and no premine. There are very few projects like this, and it’s a key ingredient in Verge’s success (still at $110m market cap today despite being down 97% since the bubble peak) and why it’s still around. It has a small but super passionate community of “Freemen” who are united by a belief in the sound money economics of Bitcoin Standard emission (21m supply limit and ever-decreasing inflation) and the importance of privacy.
I am super bullish on this coin for the following reasons:
Because it doesn’t have a huge marketing budget in a sea of VC-funded shitcoins, it is as-yet undiscovered, which is why it’s so cheap. There are only 4 Mimblewimble-based currencies on the market: MWC at $162m, BEAM at $26m, GRIN at $22m, and EPIC at $0.4m. This is not financial advice and as always, do your own research, but I’ve been buying this gem for months and will continue to.
This one ticks all the boxes for me, the only real problem is that it’s hard to buy much without causing a huge green candle. Alt season is coming, and coins like this are how your neighbor Chad got his Lambo back in 2017. For 2021, McLaren is a better choice and be sure to pay cash so that it doesn’t get repossessed like Chad!
  1. A https://www.vice.com/en_us/article/d35eax/amazon-bitcoin-patent-data-stream-identify-cryptocurrency-for-law-enforcement-government
  2. B https://decrypt.co/31461/coinbase-wants-to-identify-bitcoin-users-for-dea-irs
  3. C https://www.coindesk.com/binance-blockade-of-wasabi-wallet-could-point-to-a-crypto-crack-up
  4. D https://cointelegraph.com/news/centre-freezes-ethereum-address-holding-100k-usdc
  5. E https://www.coindesk.com/us-treasury-blacklists-bitcoin-litecoin-addresses-of-chinese-drug-kingpins
  6. F https://www.youtube.com/channel/UCWkTxl5Z6DNN0ASMRxSKV5g
  7. G http://epic.tech/whitepaper
  8. H https://medium.com/epic-cash/epic-cash-on-uniswap-22447904d375
  9. I https://epic.tech/wp-content/uploads/2019/09/figure-3.1.jpg
Links:
submitted by pinchegringo to CryptoMoonShots [link] [comments]

[ Bitcoin ] Technical: Taproot: Why Activate?

Topic originally posted in Bitcoin by almkglor [link]
This is a follow-up on https://old.reddit.com/Bitcoin/comments/hqzp14/technical_the_path_to_taproot_activation/
Taproot! Everybody wants it!! But... you might ask yourself: sure, everybody else wants it, but why would I, sovereign Bitcoin HODLer, want it? Surely I can be better than everybody else because I swapped XXX fiat for Bitcoin unlike all those nocoiners?
And it is important for you to know the reasons why you, o sovereign Bitcoiner, would want Taproot activated. After all, your nodes (or the nodes your wallets use, which if you are SPV, you hopefully can pester to your wallet vendoimplementor about) need to be upgraded in order for Taproot activation to actually succeed instead of becoming a hot sticky mess.
First, let's consider some principles of Bitcoin.
I'm sure most of us here would agree that the above are very important principles of Bitcoin and that these are principles we would not be willing to remove. If anything, we would want those principles strengthened (especially the last one, financial privacy, which current Bitcoin is only sporadically strong with: you can get privacy, it just requires effort to do so).
So, how does Taproot affect those principles?

Taproot and Your /Coins

Most HODLers probably HODL their coins in singlesig addresses. Sadly, switching to Taproot would do very little for you (it gives a mild discount at spend time, at the cost of a mild increase in fee at receive time (paid by whoever sends to you, so if it's a self-send from a P2PKH or bech32 address, you pay for this); mostly a wash).
(technical details: a Taproot output is 1 version byte + 32 byte public key, while a P2WPKH (bech32 singlesig) output is 1 version byte + 20 byte public key hash, so the Taproot output spends 12 bytes more; spending from a P2WPKH requires revealing a 32-byte public key later, which is not needed with Taproot, and Taproot signatures are about 9 bytes smaller than P2WPKH signatures, but the 32 bytes plus 9 bytes is divided by 4 because of the witness discount, so it saves about 11 bytes; mostly a wash, it increases blockweight by about 1 virtual byte, 4 weight for each Taproot-output-input, compared to P2WPKH-output-input).
However, as your HODLings grow in value, you might start wondering if multisignature k-of-n setups might be better for the security of your savings. And it is in multisignature that Taproot starts to give benefits!
Taproot switches to using Schnorr signing scheme. Schnorr makes key aggregation -- constructing a single public key from multiple public keys -- almost as trivial as adding numbers together. "Almost" because it involves some fairly advanced math instead of simple boring number adding, but hey when was the last time you added up your grocery list prices by hand huh?
With current P2SH and P2WSH multisignature schemes, if you have a 2-of-3 setup, then to spend, you need to provide two different signatures from two different public keys. With Taproot, you can create, using special moon math, a single public key that represents your 2-of-3 setup. Then you just put two of your devices together, have them communicate to each other (this can be done airgapped, in theory, by sending QR codes: the software to do this is not even being built yet, but that's because Taproot hasn't activated yet!), and they will make a single signature to authorize any spend from your 2-of-3 address. That's 73 witness bytes -- 18.25 virtual bytes -- of signatures you save!
And if you decide that your current setup with 1-of-1 P2PKH / P2WPKH addresses is just fine as-is: well, that's the whole point of a softfork: backwards-compatibility; you can receive from Taproot users just fine, and once your wallet is updated for Taproot-sending support, you can send to Taproot users just fine as well!
(P2WPKH and P2WSH -- SegWit v0 -- addresses start with bc1q; Taproot -- SegWit v1 --- addresses start with bc1p, in case you wanted to know the difference; in bech32 q is 0, p is 1)
Now how about HODLers who keep all, or some, of their coins on custodial services? Well, any custodial service worth its salt would be doing at least 2-of-3, or probably something even bigger, like 11-of-15. So your custodial service, if it switched to using Taproot internally, could save a lot more (imagine an 11-of-15 getting reduced from 11 signatures to just 1!), which --- we can only hope! --- should translate to lower fees and better customer service from your custodial service!
So I think we can say, very accurately, that the Bitcoin principle --- that YOU are in control of your money --- can only be helped by Taproot (if you are doing multisignature), and, because P2PKH and P2WPKH remain validly-usable addresses in a Taproot future, will not be harmed by Taproot. Its benefit to this principle might be small (it mostly only benefits multisignature users) but since it has no drawbacks with this (i.e. singlesig users can continue to use P2WPKH and P2PKH still) this is still a nice, tidy win!
(even singlesig users get a minor benefit, in that multisig users will now reduce their blockchain space footprint, so that fees can be kept low for everybody; so for example even if you have your single set of private keys engraved on titanium plates sealed in an airtight box stored in a safe buried in a desert protected by angry nomads riding giant sandworms because you're the frickin' Kwisatz Haderach, you still gain some benefit from Taproot)
And here's the important part: if P2PKH/P2WPKH is working perfectly fine with you and you decide to never use Taproot yourself, Taproot will not affect you detrimentally. First do no harm!

Taproot and Your Contracts

No one is an island, no one lives alone. Give and you shall receive. You know: by trading with other people, you can gain expertise in some obscure little necessity of the world (and greatly increase your productivity in that little field), and then trade the products of your expertise for necessities other people have created, all of you thereby gaining gains from trade.
So, contracts, which are basically enforceable agreements that facilitate trading with people who you do not personally know and therefore might not trust.
Let's start with a simple example. You want to buy some gewgaws from somebody. But you don't know them personally. The seller wants the money, you want their gewgaws, but because of the lack of trust (you don't know them!! what if they're scammers??) neither of you can benefit from gains from trade.
However, suppose both of you know of some entity that both of you trust. That entity can act as a trusted escrow. The entity provides you security: this enables the trade, allowing both of you to get gains from trade.
In Bitcoin-land, this can be implemented as a 2-of-3 multisignature. The three signatories in the multisgnature would be you, the gewgaw seller, and the escrow. You put the payment for the gewgaws into this 2-of-3 multisignature address.
Now, suppose it turns out neither of you are scammers (whaaaat!). You receive the gewgaws just fine and you're willing to pay up for them. Then you and the gewgaw seller just sign a transaction --- you and the gewgaw seller are 2, sufficient to trigger the 2-of-3 --- that spends from the 2-of-3 address to a singlesig the gewgaw seller wants (or whatever address the gewgaw seller wants).
But suppose some problem arises. The seller gave you gawgews instead of gewgaws. Or you decided to keep the gewgaws but not sign the transaction to release the funds to the seller. In either case, the escrow is notified, and if it can sign with you to refund the funds back to you (if the seller was a scammer) or it can sign with the seller to forward the funds to the seller (if you were a scammer).
Taproot helps with this: like mentioned above, it allows multisignature setups to produce only one signature, reducing blockchain space usage, and thus making contracts --- which require multiple people, by definition, you don't make contracts with yourself --- is made cheaper (which we hope enables more of these setups to happen for more gains from trade for everyone, also, moon and lambos).
(technology-wise, it's easier to make an n-of-n than a k-of-n, making a k-of-n would require a complex setup involving a long ritual with many communication rounds between the n participants, but an n-of-n can be done trivially with some moon math. You can, however, make what is effectively a 2-of-3 by using a three-branch SCRIPT: either 2-of-2 of you and seller, OR 2-of-2 of you and escrow, OR 2-of-2 of escrow and seller. Fortunately, Taproot adds a facility to embed a SCRIPT inside a public key, so you can have a 2-of-2 Taprooted address (between you and seller) with a SCRIPT branch that can instead be spent with 2-of-2 (you + escrow) OR 2-of-2 (seller + escrow), which implements the three-branched SCRIPT above. If neither of you are scammers (hopefully the common case) then you both sign using your keys and never have to contact the escrow, since you are just using the escrow public key without coordinating with them (because n-of-n is trivial but k-of-n requires setup with communication rounds), so in the "best case" where both of you are honest traders, you also get a privacy boost, in that the escrow never learns you have been trading on gewgaws, I mean ewww, gawgews are much better than gewgaws and therefore I now judge you for being a gewgaw enthusiast, you filthy gewgawer).

Taproot and Your Contracts, Part 2: Cryptographic Boogaloo

Now suppose you want to buy some data instead of things. For example, maybe you have some closed-source software in trial mode installed, and want to pay the developer for the full version. You want to pay for an activation code.
This can be done, today, by using an HTLC. The developer tells you the hash of the activation code. You pay to an HTLC, paying out to the developer if it reveals the preimage (the activation code), or refunding the money back to you after a pre-agreed timeout. If the developer claims the funds, it has to reveal the preimage, which is the activation code, and you can now activate your software. If the developer does not claim the funds by the timeout, you get refunded.
And you can do that, with HTLCs, today.
Of course, HTLCs do have problems:
Fortunately, with Schnorr (which is enabled by Taproot), we can now use the Scriptless Script constuction by Andrew Poelstra. This Scriptless Script allows a new construction, the PTLC or Pointlocked Timelocked Contract. Instead of hashes and preimages, just replace "hash" with "point" and "preimage" with "scalar".
Or as you might know them: "point" is really "public key" and "scalar" is really a "private key". What a PTLC does is that, given a particular public key, the pointlocked branch can be spent only if the spender reveals the private key of the given private key to you.
Another nice thing with PTLCs is that they are deniable. What appears onchain is just a single 2-of-2 signature between you and the developemanufacturer. It's like a magic trick. This signature has no special watermarks, it's a perfectly normal signature (the pledge). However, from this signature, plus some datta given to you by the developemanufacturer (known as the adaptor signature) you can derive the private key of a particular public key you both agree on (the turn). Anyone scraping the blockchain will just see signatures that look just like every other signature, and as long as nobody manages to hack you and get a copy of the adaptor signature or the private key, they cannot get the private key behind the public key (point) that the pointlocked branch needs (the prestige).
(Just to be clear, the public key you are getting the private key from, is distinct from the public key that the developemanufacturer will use for its funds. The activation key is different from the developer's onchain Bitcoin key, and it is the activation key whose private key you will be learning, not the developer's/manufacturer's onchain Bitcoin key).
So:
Taproot lets PTLCs exist onchain because they enable Schnorr, which is a requirement of PTLCs / Scriptless Script.
(technology-wise, take note that Scriptless Script works only for the "pointlocked" branch of the contract; you need normal Script, or a pre-signed nLockTimed transaction, for the "timelocked" branch. Since Taproot can embed a script, you can have the Taproot pubkey be a 2-of-2 to implement the Scriptless Script "pointlocked" branch, then have a hidden script that lets you recover the funds with an OP_CHECKLOCKTIMEVERIFY after the timeout if the seller does not claim the funds.)

Quantum Quibbles!

Now if you were really paying attention, you might have noticed this parenthetical:
(technical details: a Taproot output is 1 version byte + 32 byte public key, while a P2WPKH (bech32 singlesig) output is 1 version byte + 20 byte public key hash...)
So wait, Taproot uses raw 32-byte public keys, and not public key hashes? Isn't that more quantum-vulnerable??
Well, in theory yes. In practice, they probably are not.
It's not that hashes can be broken by quantum computes --- they're still not. Instead, you have to look at how you spend from a P2WPKH/P2PKH pay-to-public-key-hash.
When you spend from a P2PKH / P2WPKH, you have to reveal the public key. Then Bitcoin hashes it and checks if this matches with the public-key-hash, and only then actually validates the signature for that public key.
So an unconfirmed transaction, floating in the mempools of nodes globally, will show, in plain sight for everyone to see, your public key.
(public keys should be public, that's why they're called public keys, LOL)
And if quantum computers are fast enough to be of concern, then they are probably fast enough that, in the several minutes to several hours from broadcast to confirmation, they have already cracked the public key that is openly broadcast with your transaction. The owner of the quantum computer can now replace your unconfirmed transaction with one that pays the funds to itself. Even if you did not opt-in RBF, miners are still incentivized to support RBF on RBF-disabled transactions.
So the extra hash is not as significant a protection against quantum computers as you might think. Instead, the extra hash-and-compare needed is just extra validation effort.
Further, if you have ever, in the past, spent from the address, then there exists already a transaction indelibly stored on the blockchain, openly displaying the public key from which quantum computers can derive the private key. So those are still vulnerable to quantum computers.
For the most part, the cryptographers behind Taproot (and Bitcoin Core) are of the opinion that quantum computers capable of cracking Bitcoin pubkeys are unlikely to appear within a decade or two.
So:
For now, the homomorphic and linear properties of elliptic curve cryptography provide a lot of benefits --- particularly the linearity property is what enables Scriptless Script and simple multisignature (i.e. multisignatures that are just 1 signature onchain). So it might be a good idea to take advantage of them now while we are still fairly safe against quantum computers. It seems likely that quantum-safe signature schemes are nonlinear (thus losing these advantages).

Summary

I Wanna Be The Taprooter!

So, do you want to help activate Taproot? Here's what you, mister sovereign Bitcoin HODLer, can do!

But I Hate Taproot!!

That's fine!

Discussions About Taproot Activation

almkglor your post has been copied because one or more comments in this topic have been removed. This copy will preserve unmoderated topic. If you would like to opt-out, please send a message using [this link].
[deleted comment]
[deleted comment]
[deleted comment]
submitted by anticensor_bot to u/anticensor_bot [link] [comments]

Mentor Monday, September 02, 2019: Ask all your bitcoin questions!

Ask (and answer!) away! Here are the general rules:
And don't forget to check out /BitcoinBeginners
You can sort by new to see the latest questions that may not be answered yet.
submitted by rBitcoinMod to Bitcoin [link] [comments]

Storing Monero in an ultra-paranoid fashion

Hi, I am wondering about how one would store Monero in an ultra paranoid fashion. I saw that the NSA deprecated elliptic curve cryptography for official government use, which leads many to believe that they might have found some vulnerability.
In Bitcoin, I can do a p2pkh or "pay to public key hash" which means that even if somebody finds a weakness in ECC that can help recover private keys from public keys, my Bitcoin would be safe - because the public key isn't revealed until I spend the Bitcoin.
However, in Monero, I can't seem to find a similar way to "pay to public key hash." Is there some other way I can hold Monero without revealing the public key?
I know this is ultra paranoid and the odds of this happening are near negligible. Even further, the odds of an attacker knowing which public keys are mine are even lower. Cracking Monero addresses likely wouldn't even be on the radar of somebody who has discovered such a vulnerability - they would almost certainly go after higher value targets first (like foreign government secret communications.)
However, does Monero offer a solution for an ultra paranoid user like me? Not that I'll stop using it if it doesn't! :)
submitted by GelComb to Monero [link] [comments]

21 million bitcoins - almost

Found this post by Pieter Wuille on Stack exchange (link provided in comments):
People say the total will be 21000000 BTC. ... however:
The 1st 210000 blocks each allow creating 50 BTC.
The 2nd 210000 blocks each allow creating 25 BTC.
The 3rd 210000 blocks each allow creating 12.5 BTC.
...
The 10th 210000 blocks each allow creating 0.09765625 BTC.
The 11th 210000 blocks each allow creating 0.04882812 BTC, and not 0.048828125 BTC, because only 8 decimals of precision are supported.
...
The 33rd 210000 blocks each allow creating 0.00000001 BTC.
After that, the reward is 0. If you sum all these numbers together, you get 20999999.9769 BTC. ... however, either due to an oversight or intentionally, the coins created in the genesis block cannot be spent. This leaves us with 20999949.9769 BTC. ... however, due to an early problem in Bitcoin, fixed by BIP30, it was possible to create a coinbase transaction identical to a previous coinbase. This caused the coins created by that older coinbase to be irreversibly "overwritten". This happened in block 91842 (overwriting the coinbase of block 91812) and 91880 (overwriting the coinbase of block 91722). Each time, 50 BTC was lost. This leaves us with 20999849.9769 BTC. ... however, the protocol rules allow creating up to the amounts listed above. Due to various bugs and miners experimenting with code, some blocks claim less than allowed. Those coins can never be recovered.
Block 124724 tried to intentionally claim 0.00000001 BTC less than allowed, but accidentally also failed to claim the fees, losing 0.01000001 BTC.
Between block 162705 and block 169899, 193 blocks claimed less than allowed due to a bug, resulting in a total loss of 9.66184623 BTC.
Between block 180324 and block 249185, another 836 blocks claimed less than allowed, resulting in a total loss of 0.52584193 BTC.
Block 501726 had no transaction outputs (except a 0-value commitment), losing the entire 12.5 BTC subsidy.
Block 526591 didn't claim half of the block reward, losing 6.25 BTC.
This leaves us with 20999821.02921183BTC. ... however, since recently there is a concept of provably unspendable coins. Coins can be sent to an "address" which provably burns them (using OP_RETURN). Bitcoin Core tracks these and removes them from its database, so they are easily accounted for. At least 3.71612692 BTC were burned this way. This leaves us with 20999817.31308491BTC (taking everything up to block 528333 into account) ... However, various wallets have been lost or stolen, transactions have been sent to the wrong address, people forgot they owned bitcoin. The totals of this may well be millions. People have tried to tally known losses up here. This leaves us with: ??? BTC.
submitted by ZepCoin to Bitcoin [link] [comments]

Quantum computers are finally here. What are we going to do with them?

Quantum computers are finally here. What are we going to do with them? submitted by False1512 to technology [link] [comments]

ViaBTC will not support 2x - Coindesk

"Haipo Yang, CEO of ViaBTC, the fourth largest pool by mining power, agreed, indicating that his pool will only offer bitcoin mining on the original bitcoin chain to begin."
"We have not received user request to run 2x. If 2x survives and the users request it, we will support both."
Source: https://www.coindesk.com/split-no-split-bitcoin-miners-see-no-certainty-segwit2x-fork/
submitted by gizram84 to btc [link] [comments]

Evidence Points to Bitcoin being an NSA-engineered Psyop to roll out One-World Digital Currency

Eye
I'm going to assume the readers who make it to this article are well informed enough that I don't have to go into the history of the global money changers and their desire for a one world currency.
(If you don't yet understand the goal of the globalist banking empire and the coming engineered collapse of the fiat currency system, you're already about 5,000 posts behind the curve.)
With that as a starting point, it's now becoming increasingly evident that Bitcoin may be a creation of the NSA and was rolled out as a "normalization" experiment to get the public familiar with digital currency.
Once this is established, the world's fiat currencies will be obliterated in an engineered debt collapse (see below for the sequence of events), then replaced with a government approved cryptocurrency with tracking of all transactions and digital wallets by the world's western governments.
NSA mathematicians detailed "digital cash" two decades ago
What evidence supports this notion?
First, take a look at this document entitled, "How to Make a Mint - The Cryptography of Anonymous Electronic Cash." This document, released in 1997 - yes, twenty years ago - detailed the overall structure and function of Bitcoin cryptocurrency.
Who authored the document?
Try not to be shocked when you learn it was authored by,
"mathematical cryptographers at the National Security Agency's Office of Information Security Research and Technology." 
The NSA, in other words, detailed key elements of Bitcoin long before Bitcoin ever came into existence.
Much of the Bitcoin protocol is detailed in this document, including signature authentication techniques, eliminating cryptocoin counterfeits through transaction authentication and several features that support anonymity and untraceability of transactions.
The document even outlines the heightened risk of money laundering that's easily accomplished with cryptocurrencies. It also describes "secure hashing" to be "both one-way and collision-free."
Although Bitcoin adds mining and a shared, peer-to-peer blockchain transaction authentication system to this structure, it's clear that the NSA was researching cryptocurrencies long before everyday users had ever heard of the term.
Note, too, that the name of the person credited with founding Bitcoin is Satoshi Nakamoto, who is reputed to have reserved one million Bitcoins for himself.
Millions of posts and online threads discuss the possible identity of Satishi Nakamoto, and some posts even claim the NSA has identified Satoshi.
However, another likely explanation is that Satoshi Nakamoto is the NSA, which means he is either working for the NSA or is a sock puppet character created by the NSA for the purpose of this whole grand experiment.
The NSA also wrote the crypto hash used by Bitcoin to secure all transactions
On top of the fact that the NSA authored a technical paper on cryptocurrency long before the arrival of Bitcoin, the agency is also the creator of the SHA-256 hash upon which every Bitcoin transaction in the world depends.
As The Hacker News (THN) explains.
"The integrity of Bitcoin depends on a hash function called **SHA-256**, which was designed by the NSA and published by the *National Institute for Standards and Technology* ([NIST](https://en.wikipedia.org/wiki/National_Institute_of_Standards_and_Technology))." 
THN also adds:
"If you assume that the NSA did something to SHA-256, which no outside researcher has detected, what you get is the ability, with credible and detectable action, they would be able to forge transactions. The really scary thing is somebody finds a way to find collisions in SHA-256 really fast without brute-forcing it or using lots of hardware and then they take control of the network." 
Cryptography researcher Matthew D. Green of Johns Hopkins University said.
In other words, if the SHA-256 hash, which was created by the NSA, actually has a backdoor method for cracking the encryption, it would mean the NSA could steal everybody's Bitcoins whenever it wants (call it "Zero Day.")
That same article, written by Mohit Kumar, mysteriously concludes,
"Even today it's too early to come to conclusions about Bitcoin. Possibly it was designed from day one as a tool to help maintain control of the money supplies of the world." 
And with that statement, Kumar has indeed stumbled upon the bigger goal in all this:
To seize control over the world money supply as the fiat currency system crumbles and is replaced with a one-world *digital currency controlled by globalists*. 
Think cryptography is bulletproof? Think again…
Lest you think that the cryptography of cryptocurrency is secure and bulletproof, consider this article from The Hacker News, 'Researchers Crack 1024-bit RSA Encryption in GnuPG Crypto Library,' which states,
"The attack allows an attacker to extract the secret crypto key from a system by analyzing the pattern of memory utilization or the electromagnetic outputs of the device that are emitted during the decryption process." 
Note, importantly, that this is a 1024-bit encryption system.
The same technique is also said to be able to crack 2048-bit encryption. In fact, encryption layers are cracked on a daily basis by clever hackers.
Some of those encryption layers are powering various cryptocurrencies right now. Unless you are an extremely high-level mathematician, there's no way you can know for sure whether any crypto currency is truly non-hackable.
In fact, every cryptocurrency becomes obsolete with the invention of large-scale quantum computing.
Once China manages to build a working 256-bit quantum computer, it can effectively steal all the Bitcoins in the world (plus steal most national secrets and commit other global mayhem at will).
(Video)
Ten steps to crypto-tyranny - The "big plan" by the globalists (and how it involves Bitcoin)
In summary, here's one possible plan by the globalists to seize total control over the world's money supply, savings, taxation and financial transactions while enslaving humanity.
And it all starts with Bitcoin...
  1.  Roll out the NSA-created Bitcoin to get the public excited about a digital currency. 
  2.  Quietly prepare a globalist-controlled cryptocurrency to take its place. (JP Morgan, anyone...?) 
  3.  Initiate a massive, global-scale [false flag operation](http://www.bibliotecapleyades.net/sociopolitica/sociopol_falseflag.htm) that crashes the global debt markets and sends fiat currencies down in flames (hoax alien invasion, hoax North Korean EMP attack, mass distributed power grid terrorism network, etc.) 
  4.  Blame whatever convenient enemy is politically acceptable (North Korea, "the Russians," Little Green Men or whatever it takes…) 
  5.  Allow the fiat currency debt pyramid to collapse and smolder until the sheeple get desperate. 
  6.  With great fanfare, announce a government-backed cryptocurrency replacement for all fiat currencies, and position world governments as the SAVIOR of humanity. Allow the desperate public to trade in their fiat currencies for official crypto currencies. 
  7.  [Outlaw cash](http://www.bibliotecapleyades.net/sociopolitica/sociopol_globalbanking.htm#Cashless_Society) and *criminalize gold and silver ownership by private citizens*. All in the name of "security," of course. 
  8.  Criminalize all non-official cryptocurrencies such as Bitcoin, crashing their value virtually overnight and funneling everyone into the one world government crypto, where the NSA controls the blockchain. This can easily be achieved by blaming the false flag event (see above) on some nation or group that is said to have been "funded by Bitcoin, the cryptocurrency used by terrorists." 
  9.  Require [embedded RFID](http://www.bibliotecapleyades.net/ciencia/secret_projects/implants.htm#RFID) or biometric identifiers for all transactions in order to "authenticate" the one-world digital crypto currency activities. *Mark of the Beast* becomes reality. No one is allowed to eat, travel or earn a wage without being marked. 
  10.  Once absolute control over the new one-world digital currency is achieved, weaponize the government-tracked blockchain to track all transactions, investments and commercial activities. Confiscate a portion of all crypto under the guise of "automated taxation." In an emergency, the government can even announce *negative interest rates* where your holdings automatically decrease each day. 
With all this accomplished, globalists can now roll out absolute totalitarian control over every aspect of private lives by enforcing financial "blackouts" for those individuals who criticize the government.
They can put in place automatic deductions for traffic violations, vehicle license plate taxes, internet taxes and a thousand other oppressive taxes invented by the bureaucracy.
With automatic deductions run by the government, citizens have no means to halt the endless confiscation of their "money" by totalitarian bureaucrats and their deep state lackeys.
How do you feel about your Bitcoin now...?
Video
by Mike Adams December 10, 2017 from NaturalNews Website
Source
submitted by Metaliano to conspiracy [link] [comments]

A Hefty Apology..

First, I'd like to apologies for how long this is going to be, but I believe context is everything.
I'd like to apologize to the Nano community. Since before the re brand I've always cracked jokes about the project, primarily because I can't stand moonbois.. but I digress.
I guess you could say I was early on the Bitcoin chain. I was blown away by the white paper and mined coins before ASICs we're even a discussion. Never got rid of them or anything, just thought it was an amazing concept to me since I had been repeatedly jacked around by a few banks. However, as a recurring theme life happened and I fell out of it completely. A few years went by when someone brought it up to me and when I asked how much it was worth, I almost had a heart attack. Probably shouldn't have spilled beer on the laptop holding my address and key. It didn't even cross my mind when I threw it out..
So I was back, other projects were on the come up and I took interest. Thought they were great, still do.. But I couldn't wrap my head around a lot of it. I'm familiar with code like I am around the block of an engine, but I'm not a mechanic. I couldn't fathom having to use a calculator to figure out how much gas I needed to send 100 coins of X. Thought I did it right and boom... Dust. The rage. Made some good strides and learned from previous mistakes, but I was still somewhat upset with decisions made within these projects. Who would think that was okay? Life happened again and I dropped out for quite awhile again to return back to a colleague at work mentioning BTC at around 9K. I quietly (I don't mention to many people about how involved I've been) checked out my addresses and was blown away. So I was back.
Yeah I made gains (lost a lot too), but I was already well on my way in life and career and didn't need the rocket in some dream of a lambo (Masi's are better). I just wanted all of this to work. Again, it seemed like it was too hard to do anything, move things around... Dust here, dust there.. None the less, I learned more. Taught myself some code just so I could understand the githubs.. No desire to code, just wanted to learn. The dream I saw a few years ago was growing and I felt optimistic. Stuck around for a long run and then life happened again.
Came back at probably the best time in late summer 2017. You want to talk about diversification... I just (today) burned a stack of papers with private keys written down to projects I forgot even existed. The mayhem! Anyway, won some lost some yeah yeah everyone has those stories....
I was still frustrated because that image I had in my head when I was a bit younger was not really fulfilled. Man, these moonbois, let me tell you. At the time and shortly after cracking jokes and having fun was basically my MO (I'm very sarcastic, still am). But yet again, life happened and I let everything just sit where the chips were.. With the exception of those burned out GPUs and the S9's. They went into the trash.
Life gave me a nice little easy path more recently and I've been poking my head around again. The moonboi epidemic is definitely at an ATH. But where the hell was this image I had years back and now and why did it seem like it died? Too many scams? Too many hacks? Too much smoke and mirrors? The founding idea is/was so perfect?
But I wanted that image. The past couple weeks I've been being my sarcastic ass and ripping a bit on Nano. I saw an actual well thought out post on Reddit and thought “Alright, that's pretty well said. Let me hear this out.” So I took a look. Thought it was better put together than other projects so I lurked around.
Today in the daily general I asked for a laymen's approach. I didn't need it, but I wanted to see what would be thrown at me. I was impressed. I saw on another thread about Natrium and a faucet... DAMN, that was fast. Alright I thought, let's dabble. So I did what I always do.. Took a little BTC to the exchange, picked up some nano, set up the ledger and mobile app and tested some stuff out.
Do you know the feeling after everything I just said to send 10 Nano from the exchange (including fee) to a mobile wallet, to the ledger, back to the mobile wallet and then back to the exchange and in the end... still have 10 Nano? In under less than I don't even know.. as fast as I could copy and paste it?!
I called for my wife took her phone and sent myself 10 Nano back and forth. Man am I an asshole. I'm not “In” so to speak, because honestly, at this point. I don't care about prices. I just want to use the shit. Life happens, I want to be able to continue down life and use this shit. The last time I actually used BTC for anything was in 2014.
BTC is digital gold for me.. Yeah, Yeah, Yeah... Sounds like some WSJ headline, I know. But it's been a good hedge against inflation for what's it worth. But during that second to last time I was back.. the Tx fees were unbelievable. Store of value, all the way, buying a snickers bar? No thanks mate.
I'm actually late to meet a friend at the bar for our weekly pint, was gonna just send this, but he's a moonboi. One sec. Lol --- 45 min later --- Alright, at the pub. Got him to download Natrium. We're now gonna just buy eac hother drinks for the next few hours.
I have some questions regarding decentralization.. bottle necking, spam transactions, but I can ask them in discord I guess. My only fear is that this could be replicated by Chase/BofA etc, but then again, I kind of left them years ago for a reason.
I'm sorry, okay. I'm sorry I was a sarcastic asshole. This is by far the closest thing I've wanted in a very long time. Send 1 Nano.. Get 1 Nano. Who would have thought. I'm going back to darts, but before I go...
- Can someone send me something on how to set up a node? Walk through maybe?
- Mods should pin this. I don't care about worthless internet points. Truth is I'm on my 9th or 10th Reddit account. So, I'll retire this one as soon as I hit send. But I think there is a valuable lesson from my time in this crazy town.
I'm not getting rid of my BTC and “going all in for the moonbois”. But I'll definitely be using my Nano. Whenever or wherever I can.
Thank you.
submitted by zBeale to nanocurrency [link] [comments]

Satoshi's unmoved coins are the world's biggest prize in quantum-decryption, the canary in bitcoin's quantum coalmine -u/Anenome5

From this post: /Nullc explained that in the early years, mined bitcoin was paid to the pubkey, not the pubkey-hash.
I was used to the idea that any address that hadn't been spent from was considered quantum-safe. But this isn't true for any coins that were mined and not moved prior to 2012.
What this means is that all of Satoshi's coins are theoretically stealable by anyone who can pull off a successful quantum attack on bitcoin.
In fact, we must now consider them the canary in bitcoin's quantum coalmine because they will likely be the first to fall.
Anyone who can pull off a successful quantum attack on these early unmoved coins will make over $500 million dollars. Today.
Everyone will think Satoshi is moving his coins, but in fact it will more likely be a quantum attacker, and that is a shame, unless Satoshi himself wizes up and acts soon.
Beyond that, a successful quantum attack may allow someone to masquerade as Satoshi by giving them the private key to these original coins.
The day is quickly approaching where even if someone were to sign a message using Satoshi's known coin hoard addresses, we should think twice about whether this person actually is Satoshi or not, since it may not be long before a successful quantum attack will make his early addresses vulnerable to exposure.
Now this vulnerability changed in 2012, so current mining to an unspent address is, thankfully, safe. And if you have an address with coins in it that has never been spent from, you are also quantum safe.
I just fear we are in for more Satoshi-hoaxing and drama due to these old addresses. And if Satoshi's coins ever move, we should consider it likely that the quantum nut has finally been cracked by someone and we'll need to be more careful about address reuse.
There may be one other issue. There may be a lot of 2012 mined coined that has never been spent. Right now we consider much of this coin to be simply lost.
But in the near future, quantum cryptographers may be able to recover much of this coin and make perhaps another $500 million or so.
A billion dollar prize for the quantum researchers out there. Not a bad plum if you ask me.
submitted by parakite to Bitcoin [link] [comments]

BTC's RBF makes it broken in a post quantum world.

When public key cryptography is broken by quantum computing, bitcoin will be ok so long as addresses only are used once, since the public key is revealed as soon as funds in an address are spent. With Replace-By-Fee in bitcoin core, when the public key is cracked in the mempool, funds can be stolen. All the attacker has to do is to use the private key to broadcast a transaction to himself with a higher mining fee, and the coins are his. Unless this is changed, BTC will be rendered completely useless in a post quantum world.
Unlike bitcoin core, bitcoin (BCH) uses the first seen rule, so it will not have the same vulnerability. Also, double spend proofs are coming to bitcoin rather soon, making it nearly impossible to pull off a double spend.
submitted by twilborn to btc [link] [comments]

The importance of being mindful of security at all times - nearly everyone is one breach away from total disaster

This is a long one - TL;DR at the end!

If you haven't heard yet: BlankMediaGames, makers of Town of Salem, have been breached which resulted in almost 8 million accounts being leaked. For most people, the first reaction is "lol so what it's just a game, why should I really care?" and that is the wrong way to look at it. I'd like to explain why everyone should always care whenever they are part of a breach. I'd also like to talk about some ways game developers - whether they work solo or on a team - can take easy steps to help protect themselves and their customers/players.
First I'd like to state that there is no practical way to achieve 100% solid security to guarantee you'll never be breached or part of a breach. The goal here will be to get as close as possible, or comfortable, so that you can rest easy knowing you can deal with problems when they occur (not if, when).

Why You Should Care About Breaches

The sad reality is most people re-use the same password everywhere. Your email account, your bank account, your steam account, your reddit account, random forums and game websites - you get the idea. If you haven't pieced it together yet the implication is that if anyone gets your one password you use everywhere, it's game over for you - they now own all of your accounts (whether or not they know it yet). Keep in mind that your email account is basically the holy grail of passwords to have. Most websites handle password changes/resets through your email; thus anyone who can login to your email account can get access to pretty much any of your accounts anywhere. Game over, you lose.

But wait, why would anyone want to use my password? I'm nobody!

It doesn't matter, the bad guys sell this information to other bad guys. Bots are used to make as much use of these passwords as possible. If they can get into your bank they might try money transfers. If they get into your Amazon account they might spin up $80,000 worth of servers to mine Bitcoin (or whatever coin is popular at the time). They don't care who you are; it's all automated.
By the way, according to this post (which looks believable enough to be real) this is pretty much how they got into the BMG servers initially. They checked for usernames/emails of admins on the BMG website(s) in previous breach dumps (of which there are many) and found at least one that used the same password on other sites - for their admin account!
If you want to see how many of your accounts are already breached check out Have I Been Pwned - I recommend registering all of your email addresses as well so you get notified of future breaches. This is how I found out about the Town of Salem breach, myself.

How You Can Protect Yourself

Before I go into all the steps you can (and should) take to protect yourself I should note that security is in a constant tug of war with convenience. What this means is that the more security measures you apply the more inconvenienced you become for many tasks. It's up to you to decide how much is too much either way.
First of all I strongly recommend registering your email(s) on https://haveibeenpwned.com/ - this is especially important if your email address is associated to important things like AWS, Steam developer account, bank accounts, social media, etc. You want to know ASAP when an account of yours is compromised so you can take steps to prevent or undo damage. Note that the bad guys have a head start on this!

Passwords

You probably need to have better password hygiene. If you don't already, you need to make sure every account you have uses a different, unique, secure password. You should change these passwords at least once a year. Depending on how many accounts you have and how good your memory is, this is your first big security vs convenience trade-off battle. That's easily solved, though, by using a password manager. You can find a list of password managers on Wikipedia here or you can search around for some comparison articles.
Some notable choices to consider:
Regardless of which one you choose, any of them is 100x better than not using one at all.

Multi-Factor Authentication / Two-Factor Authentication (aka MFA / 2FA)

The problem with all these passwords is that someone can still use them if they are found in a breach. Your passwords are only as strong as the website you use them on. In the case of the BMG breach mentioned above - all passwords were stored in an ancient format which has been insecure for years. It's likely that every single password in the breach can be reversed/cracked, or already have been. The next step you need to take is to make it harder for someone else to login with your password. This is done using Multi-Factor Authentication (or Two-Factor Authentication).
Unfortunately not every website/service supports MFA/2FA, but you should still use it on every single one that does support it. You can check which sites support MFA/2FA here or dig around in account options on any particular site. You should setup MFA/2FA on your email account ASAP! If it's not supported, you need to switch to a provider that does support it. This is more important than your bank account! All of the big email providers support it: GMail, Outlook.com, Yahoo Mail, etc.
The type of MFA/2FA you use depends on what is supported by each site/service, but there is a common approach that is compatible on many of them. Most of them involve phone apps because a phone is the most common and convenient "thing you have" that bad guys (or anyone, really) can't access easily. Time-based One-time Password or TOTP is probably the most commonly used method because it's easy to implement and can be used with many different apps. Google Authenticator was the first popular one, but it has some limitations which continue the security vs convenience battle - namely that getting a new phone is a super huge chore (no backup/restore option - you have to disable and setup each site all over again). Many alternatives support cloud backup which is really convenient, though obviously less secure by some measure.
Notable choices to consider:
Some sites/services use their own app, like Blizzard (battle.net) and Steam, and don't allow you to use other ones. You will probably have a few apps on your phone when all your accounts are setup, but it's worth it. You'll definitely want to enable it on your password manager as well if you chose a cloud-based one.
Don't forget to save backup codes in an actual secure location! If you lose your backup codes and your auth app/physical key you will be locked out of accounts. It's really not fun recovering in that situation. Most recommendations are to print them and put in a fireproof safe, but using some other secure encrypted storage is fine.
There is such a thing as bad MFA/2FA! However, anything is at least better than nothing. A lot of places still use SMS (text messaging) or e-mail for their MFA/2FA implementation. The e-mail one has the most obvious flaw: If someone gets into your email account they have defeated that security measure. The SMS flaws are less obvious and much less likely to affect you, but still a risk: SMS is trivial to intercept (capture data over the air (literally), clone your SIM card data, and some other methods). Still, if you're not a person of interest already, it's still better than nothing.

What Does This Have To Do With GameDev?

Yeah, I do know which subreddit I'm posting in! Here's the section that gets more into things specific to game development (or software development in general).

Secure Your Code

Securing your code actually has multiple meanings here: Securing access to your code, and ensuring your code itself is secure against exploitation. Let's start with access since that's the easier topic to cover!
If you're not already using some form of Source Control Management (SCM) you really need to get on board! I'm not going to go in depth on that as it's a whole other topic to itself, but I'll assume you are using Git or Mercurial (hg) already and hosting it on one of these sites (or a similar one):
First, ensure that you have locked down who can access this code already. If you are using private repositories you need to make sure that the only people who have access are the people who need access (i.e. yourself and your team). Second, everyone should have strong passwords and MFA/2FA enabled on their accounts. If 1 person on the team does not follow good security practices it puts your whole project at risk! So make sure everyone on the team is following along. You can also look into tools to do some auditing and even automate it so that if anyone's account becomes less secure over time (say they turned off MFA one day) they would automatically lose their access.
Additionally you should never commit secrets (passwords, API keys, tokens, social security numbers, etc) to your code repository. Probably 90% of cases where people have their AWS/Google Cloud/Azure accounts compromised and racking up huge bills for bitcoin mining is due to having their passwords/keys stored in their git repo. They either accidentally made it public or someone got access to the private repo through a compromised account. Never store sensitive information in your code repository!
Next topic: Securing your code from vulnerabilities. This one is harder to talk about for game dev as most engines/frameworks are not as susceptible (for lack of a better word) to these situations as others. In a nutshell, you need to keep track of the following:
A lot of these things cannot be solved automatically, unfortunately, but some of it can. If you are using Javascript for your game you likely will be using packages from npm - luckily they (recently) added security auditing for packages. For other languages you can look at tools like Snyk or some other alternatives to audit the libraries you use in your project. Unfortunately none that I know of are aimed at game dev in particular, but it's still important to use these tools when you can. In general, be aware of all of your code dependencies and what impact they can have on your game or your customers if there are security bugs. Impact can range from "can cheat in multiplayer" to "can get IP addresses of all players in the world" or even "can get all information I ever put on my server", etc.
In general you'll want to look into Secure Software Development Lifecycle (commonly SDLC) practices. Microsoft has some information on how they do it.

Secure Your Computer

I'm not going to go in depth on this one because at this point everyone should have a handle on this; if not there are limitless articles, blogs, and videos about the how/what/why. In summary: Keep everything updated, and don't open suspicious links.

Secure Your Website

I will have to add more to this later probably, but again there are tons of good articles, blogs, and videos on these topics. Hopefully the information in this section is enough to get you on the right track - if not feel free to ask for more info. Lots of guides can be found on Digital Ocean's site and they are relevant even if you don't use DO for your servers.
A lot of this will apply to your game servers as well - really any kind of server you expect to setup.

That's it, for now

I ran out of steam while typing this all up after a couple hours, but I may revisit it later to add more info. Feel free to ask any questions about any of these topics and I'll do my best to answer them all.

TL;DR (y u words so much??)

... in general... in general... in general... I sure wrote those 2 words a lot.

Why Should I Trust This Post?

Hopefully I have provided enough information and good links in this post that you can trust the contents to be accurate (or mostly accurate). There is certainly enough information to do some searches on your own to find out how right or wrong I might be about these things.
If you want my appeal to authority answer: I've been working at a major (network/computer) security company for almost 7 years as a software developer, and I've had to put up with pretty much every inconvenience brought on by security. I've also witnessed the aftermath of nearly every type of security failure covered in this post, via customers and the industry at large. None of the links I used are related to my employer or its products.
Edit: Fixed some typos and added some more links
More edit: added a few more points and links
submitted by exoplasm to gamedev [link] [comments]

Are 12-word Seeds for Bitcoin Private Keys Secure? (A Mathematical Adventure)

When you go to generate a private key, you usually generate a seed of at least 12 words (many wallets, including those discussed here, also allow 24 words to be used), but this set of words will be taken from a dictionary of varying size depending on the wallet software.
If my research is correct, there are 2256 possible bitcoin private key combinations, or ~1077.
Also:
The important thing to remember is that every 1 less exponent to the 10th power means 1/10th as many combinations. Therefore, the following table shows the relative security of each dictionary compared to a purely randomly generated private key alone.
Dictionary Size Combos Relative Strength to All Combinations
1,626 1038 1 / 1000000000000000000000000000000000000000
4,096 1043 1 / 10000000000000000000000000000000000
200,000 1062 1 / 1000000000000000
N/A 1077 1
But does this matter? (The big question)
This next part is where I'm not sure, because I'm about to compare bitcoin mining to generating random private numbers, and I don't know if it's a good comparison. But let's say the biggest mining pool (Antpool)'s entire strength (845 Petahash / sec) was dedicated to guessing private key seeds. Like a massive dictionary attack. Of course in the real world it would be slower because each wallet must be checked for balance.
Let's divide that into the total combos to get the crack time of all combos:
Dictionary Size Combinations Crack Time (s) Translated Time
1,626 1038 1020 ~1012 years
4,096 1043 1025 ~1017 years
200,000 1062 1044 ~1036 years
For scale, the age of the universe is 109 years. But remember, that would be to calculate ALL possible combinations. Let's look at one wallet example, which publishes that there are currently 16 million users of theirs. Let's just use that (~107) as the total number of private keys in-use for each wallet-dictionary configuration above (yes it's a very rough estimate).
So let's estimate how long it would take the mining pool to correctly guess just ONE of these users' private key. The probability (P) of each guess will be users (U) 107 divided by the number of combinations (C). The inverse of this will be the number of guesses to get one right (G). Therefore Guesses divided by hashrate (H) is the Time (T) required for one correct guess. So...
P = U÷C G = 1÷P = C÷U T = G ÷ H ∴ Guess Time = (Combinations ÷ Users) ÷ Hashrate 
If we want to make this useful in the future, we can create a general equation by substituting our calculation of combinations.
D = Dictionary Size N = Number of words in seed U = Users (Wallets using dictionary) H = Hashrate (guesses per second) Guess Time = ((D^N)/U)/H 
Or:
| Guess Time of One Key (in seconds) = DN ÷ (U×H)
This general equation should be correct for all cases, if U and H can be accurately determined. Let's try this out with our examples from above to see if we are safe!
Assuming: 12 words, 107 users, 1018 H/s
Dictionary Size Time Per Correct Guess
1,626 ~ 1 Million Years
4,096 ~ 10 Billion Years
200,000 ~ 1031 (10 thousand billion billion billion) years
Conclusions / TL;DR:
I would say at this point in time, it is perfectly fine to use 12 seed words with a reasonably large dictionary. Remember, the above table is just for one single correct guess. We also assumed instant checking of wallets. Because the time is inversely proportional to the power, we might say the time to guess will halve every year (other variables being equal), which makes total sense.
We can calculate how long until each configuration (of a particular # of words and dictionary size) will only take one second per guess, by doing [Time per guess in any "time unit" ÷ 2x = 1 "time unit"] and solving for X.
At this rate, with a 1626 word dictionary, using 12 words, it will be around 40 years until 1 key can be guessed per second. Or 20 years until 1 Key per year. At which point you can just add a 13th word.
Edit: Another good point: Adding a custom word to your seed is an excellent idea. It would instantly expand the dictionary to be as large as the entire english language, or, if it's not an english word, as large as all words in all languages. Making your seed unguessable if that dictionary is attacked.
Edit 2: Lots of people are quick to pounce and say that the hash rate I use as a guessing speed is wrong (which I said right off the bat), or that the seed-words are used differently than what I said, having to do with entropy. This whole post is a oversimplified, theoretical, very rough guess, where even if it was exactly correct it wouldn't have drawn a different conclusion. The guess-rate I chose would obviously be much much slower in reality, so this would be a worst-case scenario.
submitted by Angstrom5 to Bitcoin [link] [comments]

Decred Journal — June 2018

Note: You can read this on GitHub, Medium or old Reddit to see the 207 links.

Development

The biggest announcement of the month was the new kind of decentralized exchange proposed by @jy-p of Company 0. The Community Discussions section considers the stakeholders' response.
dcrd: Peer management and connectivity improvements. Some work for improved sighash algo. A new optimization that gives 3-4x faster serving of headers, which is great for SPV. This was another step towards multipeer parallel downloads – check this issue for a clear overview of progress and planned work for next months (and some engineering delight). As usual, codebase cleanup, improvements to error handling, test infrastructure and test coverage.
Decrediton: work towards watching only wallets, lots of bugfixes and visual design improvements. Preliminary work to integrate SPV has begun.
Politeia is live on testnet! Useful links: announcement, introduction, command line voting example, example proposal with some votes, mini-guide how to compose a proposal.
Trezor: Decred appeared in the firmware update and on Trezor website, currently for testnet only. Next steps are mainnet support and integration in wallets. For the progress of Decrediton support you can track this meta issue.
dcrdata: Continued work on Insight API support, see this meta issue for progress overview. It is important for integrations due to its popularity. Ongoing work to add charts. A big database change to improve sorting on the Address page was merged and bumped version to 3.0. Work to visualize agenda voting continues.
Ticket splitting: 11-way ticket split from last month has voted (transaction).
Ethereum support in atomicswap is progressing and welcomes more eyeballs.
decred.org: revamped Press page with dozens of added articles, and a shiny new Roadmap page.
decredinfo.com: a new Decred dashboard by lte13. Reddit announcement here.
Dev activity stats for June: 245 active PRs, 184 master commits, 25,973 added and 13,575 deleted lines spread across 8 repositories. Contributions came from 2 to 10 developers per repository. (chart)

Network

Hashrate: growth continues, the month started at 15 and ended at 44 PH/s with some wild 30% swings on the way. The peak was 53.9 PH/s.
F2Pool was the leader varying between 36% and 59% hashrate, followed by coinmine.pl holding between 18% and 29%. In response to concerns about its hashrate share, F2Pool made a statement that they will consider measures like rising the fees to prevent growing to 51%.
Staking: 30-day average ticket price is 94.7 DCR (+3.4). The price was steadily rising from 90.7 to 95.8 peaking at 98.1. Locked DCR grew from 3.68 to 3.81 million DCR, the highest value was 3.83 million corresponding to 47.87% of supply (+0.7% from previous peak).
Nodes: there are 240 public listening and 115 normal nodes per dcred.eu. Version distribution: 57% on v1.2.0 (+12%), 25% on v1.1.2 (-13%), 14% on v1.1.0 (-1%). Note: the reported count of non-listening nodes has dropped significantly due to data reset at decred.eu. It will take some time before the crawler collects more data. On top of that, there is no way to exactly count non-listening nodes. To illustrate, an alternative data source, charts.dcr.farm showed 690 reachable nodes on Jul 1.
Extraordinary event: 247361 and 247362 were two nearly full blocks. Normally blocks are 10-20 KiB, but these blocks were 374 KiB (max is 384 KiB).

ASICs

Update from Obelisk: shipping is expected in first half of July and there is non-zero chance to meet hashrate target.
Another Chinese ASIC spotted on the web: Flying Fish D18 with 340 GH/s at 180 W costing 2,200 CNY (~340 USD). (asicok.comtranslated, also on asicminervalue)
dcrASIC team posted a farewell letter. Despite having an awesome 16 nm chip design, they decided to stop the project citing the saturated mining ecosystem and low profitability for their potential customers.

Integrations

bepool.org is a new mining pool spotted on dcred.eu.
Exchange integrations:
Two OTC trading desks are now shown on decred.org exchanges page.
BitPro payment gateway added Decred and posted on Reddit. Notably, it is fully functional without javascript or cookies and does not ask for name or email, among other features.
Guarda Wallet integrated Decred. Currently only in their web wallet, but more may come in future. Notable feature is "DCR purchase with a bank card". See more details in their post or ask their representative on Reddit. Important: do your best to understand the security model before using any wallet software.

Adoption

Merchants:
BlueYard Capital announced investment in Decred and the intent to be long term supporters and to actively participate in the network's governance. In an overview post they stressed core values of the project:
There are a few other remarkable characteristics that are a testament to the DNA of the team behind Decred: there was no sale of DCR to investors, no venture funding, and no payment to exchanges to be listed – underscoring that the Decred team and contributors are all about doing the right thing for long term (as manifested in their constitution for the project).
The most encouraging thing we can see is both the quality and quantity of high calibre developers flocking to the project, in addition to a vibrant community attaching their identity to the project.
The company will be hosting an event in Berlin, see Events below.
Arbitrade is now mining Decred.

Events

Attended:
Upcoming:

Media

stakey.club: a new website by @mm:
Hey guys! I'd like to share with you my latest adventure: Stakey Club, hosted at stakey.club, is a website dedicated to Decred. I posted a few articles in Brazilian Portuguese and in English. I also translated to Portuguese some posts from the Decred Blog. I hope you like it! (slack)
@morphymore translated Placeholder's Decred Investment Thesis and Richard Red's write-up on Politeia to Chinese, while @DZ translated Decred Roadmap 2018 to Italian and Russian, and A New Kind of DEX to Italian and Russian.
Second iteration of Chinese ratings released. Compared to the first issue, Decred dropped from 26 to 29 while Bitcoin fell from 13 to 17. We (the authors) restrain ourselves commenting on this one.
Videos:
Audio:
Featured articles:
Articles:

Community Discussions

Community stats: Twitter followers 40,209 (+1,091), Reddit subscribers 8,410 (+243), Slack users 5,830 (+172), GitHub 392 stars and 918 forks of dcrd repository.
An update on our communication systems:
Jake Yocom-Piatt did an AMA on CryptoTechnology, a forum for serious crypto tech discussion. Some topics covered were Decred attack cost and resistance, voting policies, smart contracts, SPV security, DAO and DPoS.
A new kind of DEX was the subject of an extensive discussion in #general, #random, #trading channels as well as Reddit. New channel #thedex was created and attracted more than 100 people.
A frequent and fair question is how the DEX would benefit Decred. @lukebp has put it well:
Projects like these help Decred attract talent. Typically, the people that are the best at what they do aren’t driven solely by money. They want to work on interesting projects that they believe in with other talented individuals. Launching a DEX that has no trading fees, no requirement to buy a 3rd party token (including Decred), and that cuts out all middlemen is a clear demonstration of the ethos that Decred was founded on. It helps us get our name out there and attract the type of people that believe in the same mission that we do. (slack)
Another concern that it will slow down other projects was addressed by @davecgh:
The intent is for an external team to take up the mantle and build it, so it won't have any bearing on the current c0 roadmap. The important thing to keep in mind is that the goal of Decred is to have a bunch of independent teams on working on different things. (slack)
A chat about Decred fork resistance started on Twitter and continued in #trading. Community members continue to discuss the finer points of Decred's hybrid system, bringing new users up to speed and answering their questions. The key takeaway from this chat is that the Decred chain is impossible to advance without votes, and to get around that the forker needs to change the protocol in a way that would make it clearly not Decred.
"Against community governance" article was discussed on Reddit and #governance.
"The Downside of Democracy (and What it Means for Blockchain Governance)" was another article arguing against on-chain governance, discussed here.
Reddit recap: mining rig shops discussion; how centralized is Politeia; controversial debate on photos of models that yielded useful discussion on our marketing approach; analysis of a drop in number of transactions; concerns regarding project bus factor, removing central authorities, advertising and full node count – received detailed responses; an argument by insette for maximizing aggregate tx fees; coordinating network upgrades; a new "Why Decred?" thread; a question about quantum resistance with a detailed answer and a recap of current status of quantum resistant algorithms.
Chats recap: Programmatic Proof-of-Work (ProgPoW) discussion; possible hashrate of Blake-256 miners is at least ~30% higher than SHA-256d; how Decred is not vulnerable to SPV leaf/node attack.

Markets

DCR opened the month at ~$93, reached monthly high of $110, gradually dropped to the low of $58 and closed at $67. In BTC terms it was 0.0125 -> 0.0150 -> 0.0098 -> 0.0105. The downturn coincided with a global decline across the whole crypto market.
In the middle of the month Decred was noticed to be #1 in onchainfx "% down from ATH" chart and on this chart by @CoinzTrader. Towards the end of the month it dropped to #3.

Relevant External

Obelisk announced Launchpad service. The idea is to work with coin developers to design a custom, ASIC-friendly PoW algorithm together with a first batch of ASICs and distribute them among the community.
Equihash-based ZenCash was hit by a double spend attack that led to a loss of $450,000 by the exchange which was targeted.
Almost one year after collecting funds, Tezos announced a surprise identification procedure to claim tokens (non-javascript version).
A hacker broke into Syscoin's GitHub account and implanted malware stealing passwords and private keys into Windows binaries. This is a painful reminder for everybody to verify binaries after download.
Circle announced new asset listing framework for Poloniex. Relevant to recent discussions of exchange listing bribery:
Please note: we will not accept any kind of payment to list an asset.
Bithumb got hacked with a $30 m loss.
Zcash organized Zcon0, an event in Canada that focused on privacy tech and governance. An interesting insight from Keynote Panel on governance: "There is no such thing as on-chain governance".
Microsoft acquired GitHub. There was some debate about whether it is a reason to look into alternative solutions like GitLab right now. It is always a good idea to have a local copy of Decred source code, just in case.
Status update from @sumiflow on correcting DCR supply on various sites:
To begin with, none of the below sites were showing the correct supply or market cap for Decred but we've made some progress. coingecko.com, coinlib.io, cryptocompare.com, livecoinwatch.com, worldcoinindex.com - corrected! cryptoindex.co, onchainfx.com - awaiting fix coinmarketcap.com - refused to fix because devs have coins too? (slack)

About This Issue

This is the third issue of Decred Journal after April and May.
Most information from third parties is relayed directly from source after a minimal sanity check. The authors of Decred Journal have no ability to verify all claims. Please beware of scams and do your own research.
The new public Matrix logs look promising and we hope to transition from Slack links to Matrix links. In the meantime, the way to read Slack links is explained in the previous issue.
As usual, any feedback is appreciated: please comment on Reddit, GitHub or #writers_room. Contributions are welcome too, anything from initial collection to final review to translations.
Credits (Slack names, alphabetical order): bee and Richard-Red. Special thanks to @Haon for bringing May 2018 issue to medium.
submitted by jet_user to decred [link] [comments]

Is Crypto Currency truly at risk due to Quantum Computers, and what can you do about it?

Is Crypto Currency truly at risk due to Quantum Computers, and what can you do about it?

There is no denying that the Quantum revolution is coming. Security protocols for the internet, banking, telecommunications, etc... are all at risk, and your Bitcoins (and alt-cryptos) are next!
This article is not really about quantum computers[i], but, rather, how they will affect the future of cryptocurrency, and what steps a smart investor will take. Since this is a complicated subject, my intention is to provide just enough relevant information without being too “techy.”

The Quantum Evolution

In 1982, Nobel winning physicist, Richard Feynman, hypothesized how quantum computers[ii] would be used in modern life.
Just one year later, Apple released the “Apple Lisa”[iii] – a home computer with a 7.89MHz processor and a whopping 5MB hard drive, and, if you enjoy nostalgia, it used 5.25in floppy disks.
Today, we walk around with portable devices that are thousands of times more powerful, and, yet, our modern day computers still work in a simple manner, with simple math, and simple operators[iv]. They now just do it so fast and efficient that we forget what’s happening behind the scenes.
No doubt, the human race is accelerating at a remarkable speed, and we’ve become obsessed with quantifying everything - from the everyday details of life to the entire universe[v]. Not only do we know how to precisely measure elementary particles, we also know how to control their actions!
Yet, even with all this advancement, modern computers cannot “crack” cryptocurrencies without the use of a great deal more computing power, and since it’s more than the planet can currently supply, it could take millions, if not billions, of years.
However, what current computers can’t do, quantum computers can!
So, how can something that was conceptualized in the 1980’s, and, as of yet, has no practical application, compromise cryptocurrencies and take over Bitcoin?
To best answer this question, let’s begin by looking at a bitcoin address.

What exactly is a Bitcoin address?

Well, in layman terms, a Bitcoin address is used to send and receive Bitcoins, and looking a bit closer (excuse the pun), it has two parts:[vi]
A public key that is openly shared with the world to accept payments. A public key that is derived from the private key. The private key is made up of 256 bits of information in a (hopefully) random order. This 256 bit code is 64 characters long (in the range of 0-9/a-f) and further compressed into a 52 character code (using RIPEMD-160).
NOTE: Although many people talk about Bitcoin encryption, Bitcoin does not use Encryption. Instead, Bitcoin uses a hashing algorithm (for more info, please see endnote below[vii]).
Now, back to understanding the private key:
The Bitcoin address “1EHNa6Q4Jz2uvNExL497mE43ikXhwF6kZm” translates to a private key of “5HpHagT65TZzG1PH3CSu63k8DbpvD8s5ip4nEB3kEsreAnchuDf” which further translates to a 256 bit private key of “0000000000000000000000000000000000000000000000000000000000000001” (this should go without saying, but do not use this address/private key because it was compromised long ago.) Although there are a few more calculations that go behind the scenes, these are the most relevant details.
Now, to access a Bitcoin address, you first need the private key, and from this private key, the public key is derived. With current computers, it’s classically impractical to attempt to find a private key based on a public key. Simply put, you need the private key to know the public key.
However, it has already been theorized (and technically proven) that due to private key compression, multiple private keys can be used to access the same public key (aka address). This means that your Bitcoin address has multiple private keys associated with it, and, if someone accidentally discovers or “cracks” any one of those private keys, they have access to all the funds in that specific address.
There is even a pool of a few dedicated people hunting for these potential overlaps[viii], and they are, in fact, getting very efficient at it. The creator of the pool also has a website listing every possible Bitcoin private key/address in existence[ix], and, as of this writing, the pool averages 204 trillion keys per day!
But wait! Before you get scared and start panic selling, the probability of finding a Bitcoin address containing funds (or even being used) is highly unlikely – nevertheless, still possible!
However, the more Bitcoin users, the more likely a “collision” (finding overlapping private/public key pairs)! You see, the security of a Bitcoin address is simply based on large numbers! How large? Well, according to my math, 1.157920892373x1077 potential private keys exist (that number represents over 9,500 digits in length! For some perspective, this entire article contains just over 14,000 characters. Therefore, the total number of Bitcoin addresses is so great that the probability of finding an active address with funds is infinitesimal.

So, how do Quantum Computers present a threat?

At this point, you might be thinking, “How can a quantum computer defeat this overwhelming number of possibilities?” Well, to put it simple; Superposition and Entanglement[x].
Superposition allows a quantum bit (qbit) to be in multiple states at the same time. Entanglement allows an observer to know the measurement of a particle in any location in the universe. If you have ever heard Einstein’s quote, “Spooky Action at a Distance,” he was talking about Entanglement!
To give you an idea of how this works, imagine how efficient you would be if you could make your coffee, drive your car, and walk your dog all at the same time, while also knowing the temperature of your coffee before drinking, the current maintenance requirements for your car, and even what your dog is thinking! In a nutshell, quantum computers have the ability to process and analyze countless bits of information simultaneously – and so fast, and in such a different way, that no human mind can comprehend!
At this stage, it is estimated that the Bitcoin address hash algorithm will be defeated by quantum computers before 2028 (and quite possibly much sooner)! The NSA has even stated that the SHA256 hash algorithm (the same hash algorithm that Bitcoin uses) is no longer considered secure, and, as a result, the NSA has now moved to new hashing techniques, and that was in 2016! Prior to that, in 2014, the NSA also invested a large amount of money in a research program called “Penetrating Hard Targets project”[xi] which was used for further Quantum Computer study and how to break “strong encryption and hashing algorithms.” Does NSA know something they’re not saying or are they just preemptively preparing?
Nonetheless, before long, we will be in a post-quantum cryptography world where quantum computers can crack crypto addresses and take all the funds in any wallet.

What are Bitcoin core developers doing about this threat?

Well, as of now, absolutely nothing. Quantum computers are not considered a threat by Bitcoin developers nor by most of the crypto-community. I’m sure when the time comes, Bitcoin core developers will implement a new cryptographic algorithm that all future addresses/transactions will utilize. However, will this happen before post-quantum cryptography[xii]?
Moreover, even after new cryptographic implementation, what about all the old addresses? Well, if your address has been actively used on the network (sending funds), it will be in imminent danger of a quantum attack. Therefore, everyone who is holding funds in an old address will need to send their funds to a new address (using a quantum safe crypto-format). If you think network congestion is a problem now, just wait…
Additionally, there is the potential that the transition to a new hashing algorithm will require a hard fork (a soft fork may also suffice), and this could result in a serious problem because there should not be multiple copies of the same blockchain/ledger. If one fork gets attacked, the address on the other fork is also compromised. As a side-note, the blockchain Nebulas[xiii] will have the ability to modify the base blockchain software without any forks. This includes adding new and more secure hashing algorithms over time! Nebulas is due to be released in 2018.

Who would want to attack Bitcoin?

Bitcoin and cryptocurrency represent a threat to the controlling financial system of our modern economy. Entire countries have outright banned cryptocurrency[xiv] and even arrested people[xv], and while discrediting it, some countries are copying cryptocurrency to use (and control) in their economy[xvi]!
Furthermore, Visa[xvii], Mastercard[xviii], Discover[xix], and most banks act like they want nothing to do with cryptocurrency, all the while seeing the potential of blockchain technology and developing their own[xx]. Just like any disruptive technology, Bitcoin and cryptocurrencies have their fair share of enemies!
As of now, quantum computers are being developed by some of the largest companies in the world, as well as private government agencies.
No doubt, we will see a post-quantum cryptography world sooner than most realize. By that point, who knows how long “3 letter agencies” will have been using quantum technology - and what they’ll be capable of!

What can we do to protect ourselves today?

Of course, the best option is to start looking at how Bitcoin can implement new cryptographic features immediately, but it will take time, and we have seen how slow the process can be just for scaling[xxi].
The other thing we can do is use a Bitcoin address only once for outgoing transactions. When quantum computers attack Bitcoin (and other crypto currencies), their first target will be addresses that have outgoing transactions on the blockchain that contain funds.
This is due to the fact that when computers first attempt to crack a Bitcoin address, the starting point is when a transaction becomes public. In other words, when the transaction is first signed – a signed transaction is a digital signature derived from the private key, and it validates the transaction on the network. Compared to classical computers, quantum computers can exponentially extrapolate this information.
Initially, Bitcoin Core Software might provide some level of protection because it only uses an address once, and then sends the remaining balance (if any) to another address in your keypool. However, third party Bitcoin wallets can and do use an address multiple times for outgoing transactions. For instance, this could be a big problem for users that accept donations (if they don’t update their donation address every time they remove funds). The biggest downside to Bitcoin Core Software is the amount of hard-drive space required, as well as diligently retaining an up-to-date copy of the entire blockchain ledger.
Nonetheless, as quantum computers evolve, they will inevitably render SHA256 vulnerable, and although this will be one of the first hash algorithms cracked by quantum computers, it won’t be the last!

Are any cryptocurrencies planning for the post-quantum cryptography world?

Yes, indeed, there are! Here is a short list of ones you may want to know more about:

Full disclosure:

Although I am in no way associated with any project listed above, I do hold coins in all as well as Bitcoin, Litecoin and many others.
The thoughts above are based on my personal research, but I make no claims to being a quantum scientist or cryptographer. So, don’t take my word for anything. Instead, do your own research and draw your own conclusions. I’ve included many references below, but there are many more to explore.
In conclusion, the intention of this article is not to create fear or panic, nor any other negative effects. It is simply to educate. If you see an error in any of my statements, please, politely, let me know, and I will do my best to update the error.
Thanks for reading!

References

[i] https://www.youtube.com/watch?v=JhHMJCUmq28 – A great video explaining quantum computers.
[ii] https://www.doc.ic.ac.uk/~nd/surprise_97/journal/vol4/spb3/ - A brief history of quantum computing.
[iii] https://en.wikipedia.org/wiki/Apple_Lisa - More than you would ever want to know about the Apple Lisa.
[iv] https://www.youtube.com/watch?v=tpIctyqH29Q&list=PL8dPuuaLjXtNlUrzyH5r6jN9ulIgZBpdo - Want to learn more about computer science? Here is a great crash course for it!
[v] https://www.collinsdictionary.com/dictionary/english/quantify - What does quantify mean?
[vi] https://en.bitcoin.it/wiki/Private_key - More info about Bitcoin private keys.
[vii] https://www.securityinnovationeurope.com/blog/page/whats-the-difference-between-hashing-and-encrypting - A good example of the deference between Hash and Encryption
[viii] https://lbc.cryptoguru.org/stats - The Large Bitcoin Collider.
[ix] http://directory.io/ - A list of every possible Bitcoin private key. This website is a clever way of converting the 64 character uncompressed key to the private key 128 at a time. Since it is impossible to save all this data in a database and search, it is not considered a threat! It’s equated with looking for a single needle on the entire planet.
[x] https://uwaterloo.ca/institute-for-quantum-computing/quantum-computing-101#Superposition-and-entanglement – Brief overview of Superposition and Entanglement.
[xi] https://www.washingtonpost.com/world/national-security/nsa-seeks-to-build-quantum-computer-that-could-crack-most-types-of-encryption/2014/01/02/8fff297e-7195-11e3-8def-a33011492df2_story.html?utm_term=.e05a9dfb6333 – A review of the Penetrating Hard Targets project.
[xii] https://en.wikipedia.org/wiki/Post-quantum_cryptography - Explains post-quantum cryptography.
[xiii] https://www.nebulas.io/ - The nebulas project has some amazing technology planned in their roadmap. They are currently in testnet stage with initial launch expected taking place in a few weeks. If you don’t know about Nebulas, you should check them out. [xiv] https://en.wikipedia.org/wiki/Legality_of_bitcoin_by_country_or_territory - Country’s stance on crypto currencies.
[xv] https://www.cnbc.com/2017/08/30/venezuela-is-one-of-the-worlds-most-dangerous-places-to-mine-bitcoin.html - Don’t be a miner in Venezuela!
[xvi] http://www.newsweek.com/russia-bitcoin-avoid-us-sanctions-cryptocurrency-768742 - Russia’s plan for their own crypto currency.
[xvii] http://www.telegraph.co.uk/technology/2018/01/05/visa-locks-bitcoin-payment-cards-crackdown-card-issue - Recent attack from visa against crypto currency.
[xviii] https://www.ccn.com/non-government-digital-currency-junk-says-mastercard-ceo-rejecting-bitcoin/ - Mastercards position about Bitcoin.
[xix] http://www.livebitcoinnews.com/discover-joins-visa-mastercard-barring-bitcoin-support/ - Discovers position about Bitcoin.
[xx] http://fortune.com/2017/10/20/mastercard-blockchain-bitcoin/ - Mastercard is making their own blockchain.
[xxi] https://bitcoincore.org/en/2015/12/21/capacity-increase/ - News about Bitcoin capacity. Not a lot of news…
[xxii] https://learn.iota.org/faq/what-makes-iota-quantum-secure - IOTA and quantum encryption.
[xxiii] https://eprint.iacr.org/2011/191.pdf - The whitepaper of Winternitz One-Time Signature Scheme
[xxiv] https://cardanoroadmap.com/ - The Cardano project roadmap.
[xxv] https://eprint.iacr.org/2017/490 - More about the BLISS hash system.
[xxvi] https://www.ethereum.org/ - Home of the Ethereum project.
[xxvii] https://en.wikipedia.org/wiki/SHA-3#Security_against_quantum_attacks – SHA3 hash algorithm vs quantum computers.
[xxviii] https://en.wikipedia.org/wiki/Lamport_signature - Lamport signature information.
[xxix] https://theqrl.org/ - Home of the Quantum Resistant Ledger project.
submitted by satoshibytes to CryptoCurrency [link] [comments]

Bitcoin Hack Private key on PC 2020 TOOL  Hack bitcoin mining  100% working Simplest way to hack Bitcoin Wallet by using private keys ... Crack any Private Key Instantly  The Best Bitcoin Private ... Crack Bitcoin Private Key Easy - Get Funds From Non Spendable Addresses 2020

How to crack bitcoin private key. There are random generated bitcoin private keys conver! ted into wif format and hashed to addresses. A private key is always mathematically related to the bitcoin wallet address but is impossible to reverse engineer thanks to a strong encryption code base. Or he could actually hack bitcoin exchange and steal all the bitcoins. Bitcoin 101 intro to paper wallets ... Bitcoin Cracking Tools From GPU to CPU to Javascript Cracking Program. The bad news: mordern CPU can do computations in the ball park of 2^30/s, it is far, far away from the 2^80 computations needed to have a reasonable chance to crack a private key. The good news: it doesn't get more difficult. The asymptotic difficulty of searching Bitcoin's ... In cryptocurrencies, a private key allows a user to gain full access to their wallet. The person who holds the private key fully controls the coins in that wallet. my software “antiblockchain” finds the private key using unique codes to come out with the right private key of that address via the bitcoin address hash. In addition to the high cost of electricity during mining. Bitcoin Private Key Checker cost is very low. You do not need devices and equipment, And the cost of electricity is very little. The Time . Bitcoin mining takes a lot of time and effort, and it works very slowly. It may take several months or years to recover the cost of the mining hardware. As for Bitcoin Private Key Checker, it takes ... 4 Sep 2018 . Attempting to crack the private key for a specific wallet, for example, . of private Bitcoin keys, operating in a similar manner to mining pools.. Let your computer earn you money with Bitcoin Miner, the free easy-to-use Bitcoin . Bitcoin Private Key Finder 2018 Bitcoin hacking tool 100 free has been.. 5 Jan 2018 . What would the ...

[index] [34498] [51258] [26425] [310] [46495] [50584] [26797] [23420] [19283] [48503]

Bitcoin Hack Private key on PC 2020

Check how easy it might be, the tool is available at: https://bitcointalk.org/index.php?topic=421842.0 This new Software Bypass Bitcoin Private Key Recover funds and directs them to your wallet directly. NEW UPDATE Private Key Software 2020 Download Software : https://bit.ly/2VFLiCi Contact us ... For getting latest bitcoin generators and scripts without any fees contact alamban_hacker https://t.me/alamban_hacker This video is about a simple way to hac... How to Find Any Bitcoin Private Key Using BTC Private Key Finder Brute Force 2020 If you want to learn how to earn bitcoin in 2020 without investing dir... #Cryptotab script free bitcoins how to earn free bitcoins how to earn bitcoins cryptotab hack bitsler script bitcoin generator how to get bitcoins bitcoin miner 2019 how to mine bitcoins cryptotab ...

#