Bitcoincharts | Bitcoin Network

Crypto-Currency: A Guide to Common Tax Situations

STATUS: Majority of questions have been answered. If yours got missed, please feel free to post it again.
Introduction
All,
Based on the rapid increase in popularity and price of bitcoin and other crypto currencies (particularly over the past year), I expect that lots of people have questions about how crypto currency will impact their taxes. This thread attempts to address several common issues. I'm posting similar versions of it here, in several major crypto subs, and eventually in the weekly "tax help" threads personalfinance runs.
I'd like to thank the /personalfinance mod team and the /tax community for their help with this thread and especially for reading earlier versions and offering several valuable suggestions/corrections.
This thread is NOT an endorsement of crypto currency as an investing strategy. There is a time and a place to debate the appropriateness of crypto as part of a diversified portfolio - but that time is not now and that place is not here. If you are interested in the general consensus of this sub on investing, I would urge you to consult the wiki while keeping in mind the general flowchart outlining basic steps to get your finances in order.
Finally, please note that this thread attempts to provide information about your tax obligations as defined by United States law (and interpreted by the IRS under the direction of the Treasury Department). I understand that a certain portion of the crypto community tends to view crypto as "tax free" due to the (actual and perceived) difficulty for the IRS to "know" about the transactions involved. I will not discuss unlawfully concealing crypto gains here nor will I suggest illegal tax avoidance activities.
The Basics
This section is best for people that don't understand much about taxes. It covers some very basic tax principles. It also assumes that all you did during the year was buy/sell a single crypto currency.
Fundamentally, the IRS treats crypto not as money, but as an asset (investment). While there are a few specific "twists" when it comes to crypto, when in doubt replace the word "crypto" with the word "stock" and you will get a pretty good idea how you should report and pay tax on crypto.
The first thing you should know is that the majority of this discussion applies to the taxes you are currently working on (2017 taxes). The tax bill that just passed applies to 2018 taxes (with a few very tiny exceptions), which most people will file in early 2019.
In general, you don't have to report or pay taxes on crypto currency holdings until you "cash out" all or part of your holdings. For now, I'm going to assume that you cash out by selling them for USD; however, other forms of cashing out will be covered later.
When you sell crypto, you report the difference between your basis (purchase price) and proceeds (sale price) on Schedule D. Your purchase price is commonly referred to as your basis; while the two terms don't mean exactly the same thing, they are pretty close to one another (in particular, there are three two ways to calculate your basis - your average cost, a first-in, first-out method, and a "specific identification" method. See more about these here and here). EDIT - you may not use average cost method with crypto - see here. If you sell at a gain, this gain increases your tax liability; if you sell at a loss, this loss decreases your tax liability (in most cases). If you sell multiple times during the year, you report each transaction separately (bad news if you trade often) but get to lump all your gains/losses together when determining how the trades impact your income.
One important thing to remember is that there are two different types of gains/losses from investments - short term gains (if you held an asset for one year or less) and long term gains (over one year; i.e. one year and one day). Short term gains are taxed at your marginal income rate (basically, just like if you had earned that money at a job) while long term gains are taxed at lower rates.
For most people, long term capital gains are taxed at 15%. However, if you are in the 10% or 15% tax bracket, congrats - your gains (up to the maximum amount of "unused space" in your bracket) are tax free! If you are in the 25%, 28%, 33%, or 35% bracket, long term gains are taxed at 15%. If you are in the 39.6% bracket, long term gains are taxed at 20%. Additionally, there is an "extra" 3.8% tax that applies to gains for those above $200,000/$250,000 (single/married). The exact computation of this tax is a little complicated, but if you are close to the $200,000 level, just know that it exists.
Finally, you should know that I'm assuming that you should treat your crypto gains/losses as investment gains/losses. I'm sure some people will try and argue that they are really "day traders" of crypto and trade as a full time job. While this is possible, the vast majority of people don't qualify for this status and you should really think several times before deciding you want to try that approach on the IRS.
"Cashing Out" - Trading Crypto for Goods/Services
I realize that not everyone that "cashes out" of crypto does so by selling it for USD. In fact, I understand that some in the crypto community view the necessity of cashing out itself as a type of myth. In this section, I discuss what happens if you trade your crypto for basically anything that isn't cash (minor sidenote - see next section for a special discussion on trading crypto for crypto; i.e. buying altcoins with crypto).
The IRS views trading crypto for something of value as a type of bartering that must be included in income. From the IRS's perspective, it doesn't matter if you sold crypto for cash and bought a car with that cash or if you just traded crypto directly for the car - in both cases, the IRS views you as having sold your crypto. This approach isn't unique to crypto - it works the same way if you trade stock for something.
This means that if you do trade your crypto for "stuff", you have to report every exchange as a sale of your crypto and calculate the gain/loss on that sale, just as if you had sold the crypto for cash.
Finally, there is one important exception to this rule. If you give your crypto away to charity (one recognized by the IRS; like a 501(c)(3) organization), the IRS doesn't make you report/pay any capital gains on the transaction. Additionally, you still get to deduct the value of your donation on the date it was made. Now, from a "selfish" point of view, you will always end up with more money if you sell the crypto, pay the tax, and keep the rest. But, if you are going to make a donation anyway, especially a large one, giving crypto where you have a big unrealized/untaxed gain is a very efficient way of doing so.
"Alt Coins" - Buying Crypto with Crypto
The previous section discusses what happens when you trade crypto for stuff. However, one thing that surprises many people is that trading crypto for crypto is also a taxable event, just like trading crypto for a car. Whether you agree with this position or not, it makes a lot of sense once you realize that the IRS doesn't view crypto as money, but instead as an asset. So to the IRS, trading bitcoin for ripple isn't like trading dollars for euros, but it is instead like trading shares of Apple stock for shares of Tesla stock.
Practically, what this means is that if you trade one crypto for another crypto (say BTC for XRP just to illustrate the point), the IRS views you as doing the following:
  • Selling for cash the amount of BTC you actually traded for XRP.
  • Owing capital gains/losses on the BTC based on its selling price (the fair market value at the moment of the exchange) and your purchase price (basis).
  • Buying a new investment (XRP) with a cost basis equal to the amount the BTC was worth when you exchanged them.
This means that if you "time" your trade wrong and the value of XRP goes down after you make the exchange, you still owe tax on your BTC gain even though you subsequently lost money. The one good piece of news in this is that when/if you sell your XRP (or change it back to BTC), you will get a capital loss for the value that XRP dropped.
There is one final point worth discussing in this section - the so called "like kind exchange" rules (aka section 1031 exchange). At a high level, these rules say that you can "swap" property with someone else without having to pay taxes on the exchange as long as you get property in return that is "like kind". Typically, these rules are used in real estate transactions. However, they can also apply to other types of transactions as well.
While the idea is simple (and makes it sound like crypto for crypto should qualify), the exact rules/details of this exception are very fact specific. Most experts (including myself, but certainly not calling myself an expert) believe that a crypto for crypto swap is not a like kind exchange. The recently passed tax bill also explicitly clarifies this issue - starting in 2018, only real estate qualifies for like kind exchange treatment. So, basically, the vast majority of evidence suggests that you can't use this "loophole" for 2017; however, there is a small minority view/some small amount of belief that this treatment would work for 2017 taxes and it is worth noting that I'm unaware of any court cases directly testing this approach.
Dealing with "Forks"
Perhaps another unpleasant surprise for crypto holders is that "forks" to create a new crypto also very likely generate a taxable event. The IRS has long (since at least the 1960s) held that "found" money is a taxable event. This approach has been litigated in court and courts have consistently upheld this position; it even has its own cool nerdy tax name - the "treasure trove" doctrine.
Practically, what this means is that if you owned BTC and it "forked" to create BCH, then the fair market value of the BCH you received is considered a "treasure trove" that must be reported as income (ordinary income - no capital gain rates). This is true whether or not you sold your BCH; if you got BCH from a fork, that is a taxable event (note - I'll continue using BTC forking to BCH in this section as an example, but the logic applies to all forks).
While everything I've discussed up to this point is pretty clearly established tax law, forks are really where things get messy with taxes. Thus, the remainder of this section contains more speculation than elsewhere in this post - the truth is that while the idea is simple (fork = free money = taxable), the details are messy and other kinds of tax treatment might apply to forks.
One basic practical problem with forks is that the new currency doesn't necessarily start trading immediately. Thus, you may have received BCH before there was a clear price or market for it. Basically, you owe tax on the value of BCH when you received it, but it isn't completely clear what that value was. There are several ways you can handle this; I'll list them in order from most accurate to least accurate (but note that this is just my personal view and there is ongoing disagreement on this issue with little/no authoritative guidance).
  • Use a futures market to determine the value of the BCH - if reliable sources published realistic estimates of what BCH will trade for in the future once trading begins, use this estimate as the value of your BCH. Pros/cons - futures markets are, in theory, pretty accurate. However, if they are volatile/subject to manipulation, they may provide an incorrect estimate of the true value of BCH. It would suck to use the first futures value published only to have that value plummet shortly thereafter, leaving you to pay ordinary income tax but only have an unrealized capital loss.
  • Wait until an exchange starts trading BCH; use the actual ("spot" price) as the value. Pros/cons - spot prices certainly reflect what you could have sold BCH for; however, it is possible that the true value of the coin was highelower when you received it as compared to when it started trading on the exchange. Thus this method seems less accurate to me than a futures based approach, but it is still certainly fairly reasonable.
  • Assume that the value is $0. This is my least preferred option, but there is still a case to be made for it. If you receive something that you didn't want, can't access, can't sell, and might fail, does it have any value? I believe the answer is yes (maybe not value it perfectly, but value it somewhat accurately), but if you honestly think the answer is no, then the correct tax answer would be to report $0 in income from the fork. The IRS would be most likely to disagree with this approach, especially since it results in the least amount of income reported for the current year (and the most favorable rates going forward). Accordingly, if you go this route, make extra sure you understand what it entails.
Note, once you've decided what to report as taxable income, this amount also becomes your cost basis in the new crypto (BCH). Thus, when you ultimately sell your BCH (or trade it for something else as described above), you calculate your gain/loss based on what you included in taxable income from the fork.
Finally, there is one more approach to dealing with forks worth mentioning. A fork "feels" a lot like a dividend - because you held BTC, you get BCH. In a stock world, if I get a cash dividend because I own the stock, that money is not treated as a "treasure trove" and subject to ordinary income rates - in most cases, it is a qualified dividend and subject to capital gain rates; in some cases, some types of stock dividends are completely non taxable. This article discusses this idea in slightly more detail and generally concludes that forks should not be treated as a dividend. Still, I would note that I'm unaware of any court cases directly testing this theory.
Ultimately, this post is supposed to be practical, so let me make sure to leave you with two key thoughts about the taxation of forks. First, I believe that the majority of evidence suggests that forks should be treated as a "treasure trove" and reported as ordinary income based on their value at creation and that this is certainly the "safest" option. Second, out of everything discussed in this post, I also believe that the correct taxation of forks is the murkiest and most "up for debate" area. If you are interested in a more detailed discussion of forks, see this thread for a previous version of this post discussing it at even more length and the comments for a discussion of this with the tax community.
Mining Crypto
Successfully mining crypto coins is a taxable event. Depending on the amount of effort you put into mining, it is either considered a hobby or a self-employment (business) activity. The IRS provides the following list of questions to help decide the correct classification:
  • The manner in which the taxpayer carries on the activity.
  • The expertise of the taxpayer or his advisors.
  • The time and effort expended by the taxpayer in carrying on the activity.
  • Expectation that assets used in activity may appreciate in value.
  • The success of the taxpayer in carrying on other similar or dissimilar activities.
  • The taxpayer’s history of income or losses with respect to the activity.
  • The amount of occasional profits, if any, which are earned.
If this still sounds complicated, that's because the distinction is subject to some amount of interpretation. As a rule of thumb, randomly mining crypto on an old computer is probably a hobby; mining full time on a custom rig is probably a business.
In either event, you must include in income the fair market value of any coins you successfully mine. These are ordinary income and your basis in these coins is their fair market value on the date they were mined. If your mining is a hobby, they go on line 21 (other income) and any expenses directly associated with mining go on schedule A (miscellaneous subject to 2% of AGI limitation). If your mining is a business, income and expenses go on schedule C.
Both approaches have pros and cons - hobby income isn't subject to the 15.3% self-employment tax, only normal income tax, but you get fewer deductions against your income and the deductions you get are less valuable. Business income has more deductions available, but you have to pay payroll (self-employment) tax of about 15.3% in addition to normal income tax.
What if I didn't keep good records? Do I really have to report every transaction?
One nice thing about the IRS treating crypto as an asset is that we can look at how the IRS treats people that "day trade" stock and often don't keep great records/have lots of transactions. While you need to be as accurate as possible, it is ok to estimate a little bit if you don't have exact records (especially concerning your cost basis). You need to put in some effort (research historical prices, etc...) and be reasonable, but the IRS would much rather you do a little bit of reasonable estimation as opposed to just not reporting anything. Sure, they might decide to audit you/disagree with some specifics, but you earn yourself a lot of credit if you can show that you honestly did the best you reasonably could and are making efforts to improve going forward.
However, concerning reporting every transaction - yes, sorry, it is clear that you have to do this, even if you made hundreds or thousands of them. Stock traders have had to go through this for many decades, and there is absolutely no reason to believe that the IRS would accept anything less from the crypto community. If you have the records or have any reasonable way of obtaining records/estimating them, you must report every transaction.
What if I don't trust you?
Well, first let me say that I can't believe you made it all the way down here to this section. Thanks for giving me an honest hearing. I would strongly encourage you to go read other well-written, honest guides. I'll link to some I like (both more technical IRS type guides and more crypto community driven guides). While a certain portion of the crypto community seems to view one of the benefits of crypto as avoiding all government regulation (including taxes), I've been pleasantly surprised to find that many crypto forums contain well reasoned, accurate tax guides. While I may not agree with 100% of their conclusions, that likely reflects true uncertainty around tax law that is fundamentally complex rather than an attempt on either end to help individuals unlawfully avoid taxes.
IRS guides
Non-IRS guides
submitted by Mrme487 to personalfinance [link] [comments]

A (hopefully mathematically neutral) comparison of Lightning network fees to Bitcoin Cash on-chain fees.

A side note before I begin
For context, earlier today, sherlocoin made a post on this sub asking if Lightning Network transactions are cheaper than on-chain BCH transactions. This user also went on to complain on /bitcoin that his "real" numbers were getting downvoted
I was initially going to respond to his post, but after I typed some of my response, I realized it is relevant to a wider Bitcoin audience and the level of analysis done warranted a new post. This wound up being the longest post I've ever written, so I hope you agree.
I've placed the TL;DR at the top and bottom for the simple reason that you need to prepare your face... because it's about to get hit with a formidable wall of text.
TL;DR: While Lightning node payments themselves cost less than on-chain BCH payments, the associated overhead currently requires a LN channel to produce 16 transactions just to break-even under ideal 1sat/byte circumstances and substantially more as the fee rate goes up.
Further, the Lightning network can provide no guarantee in its current state to maintain/reduce fees to 1sat/byte.

Let's Begin With An Ideal World
Lightning network fees themselves are indeed cheaper than Bitcoin Cash fees, but in order to get to a state where a Lightning network fee can be made, you are required to open a channel, and to get to a state where those funds are spendable, you must close that channel.
On the Bitcoin network, the minimum accepted fee is 1sat/byte so for now, we'll assume that ideal scenario of 1sat/byte. We'll also assume the open and close is sent as a simple native Segwit transaction with a weighted size of 141 bytes. Because we have to both open and close, this 141 byte fee will be incurred twice. The total fee for an ideal open/close transaction is 1.8¢
For comparison, a simple transaction on the BCH network requires 226 bytes one time. The minimum fee accepted next-block is 1sat/byte. At the time of writing an ideal BCH transaction fee costs ~ 0.11¢
This means that under idealized circumstances, you must currently make at least 16 transactions on a LN channel to break-even with fees
Compounding Factors
Our world is not ideal, so below I've listed compounding factors, common arguments, an assessment, and whether the problem is solvable.
Problem 1: Bitcoin and Bitcoin Cash prices are asymmetrical.
Common arguments:
BTC: If Bitcoin Cash had the same price, the fees would be far higher
Yes, this is true. If Bitcoin Cash had the same market price as Bitcoin, our ideal scenario changes substantially. An open and close on Bitcoin still costs 1.8¢ while a simple Bitcoin Cash transaction now costs 1.4¢. The break-even point for a Lightning Channel is now only 2 transactions.
Is this problem solvable?
Absolutely.
Bitcoin Cash has already proposed a reduction in fees to 1sat for every 10 bytes, and that amount can be made lower by later proposals. While there is no substantial pressure to implement this now, if Bitcoin Cash had the same usage as Bitcoin currently does, it is far more likely to be implemented. If implemented at the first proposed reduction rate, under ideal circumstances, a Lightning Channel would need to produce around 13 transactions for the new break even.
But couldn't Bitcoin reduce fees similarly
The answer there is really tricky. If you reduce on-chain fees, you reduce the incentive to use the Lightning Network as the network becomes more hospitable to micropaments. This would likely increase the typical mempool state and decrease the Lightning Channel count some. The upside is that when the mempool saturates with low transaction fees, users are then re-incentivized to use the lightning network after the lowes fees are saturated with transactions. This should, in theory, produce some level of a transaction fee floor which is probably higher on average than 0.1 sat/byte on the BTC network.
Problem 2: This isn't an ideal world, we can't assume 1sat/byte fees
Common arguments:
BCH: If you tried to open a channel at peak fees, you could pay $50 each way
BTC: LN wasn't implemented which is why the fees are low now
Both sides have points here. It's true that if the mempool was in the same state as it was in December of 2017, that a user could have potentially been incentivized to pay an open and close channel fee of up to 1000 sat/byte to be accepted in a reasonable time-frame.
With that being said, two factors have resulted in a reduced mempool size of Bitcoin: Increased Segwit and Lightning Network Usage, and an overall cooling of the market.
I'm not going to speculate as to what percentage of which is due to each factor. Instead, I'm going to simply analyze mempool statistics for the last few months where both factors are present.
Let's get an idea of current typical Bitcoin network usage fees by asking Johoe quick what the mempool looks like.
For the last few months, the bitcoin mempool has followed almost the exact same pattern. Highest usage happens between 10AM and 3PM EST with a peak around noon. Weekly, usage usually peaks on Tuesday or Wednesday with enough activity to fill blocks with at least minimum fee transactions M-F during the noted hours and usually just shy of block-filling capacity on Sat and Sun.
These observations can be additionally evidenced by transaction counts on bitinfocharts. It's also easier to visualize on bitinfocharts over a longer time-frame.
Opening a channel
Under pre-planned circumstances, you can offload channel creation to off-peak hours and maintain a 1sat/byte rate. The primary issue arises in situations where either 1) LN payments are accepted and you had little prior knowledge, or 2) You had a previous LN pathway to a known payment processor and one or more previously known intermediaries are offline or otherwise unresponsive causing the payment to fail.
Your options are:
A) Create a new LN channel on-the-spot where you're likely to incur current peak fee rates of 5-20sat/byte.
B) Create an on-chain payment this time and open a LN channel when fees are more reasonable.
C) Use an alternate currency for the transaction.
There is a fundamental divide among the status of C. Some people view Bitcoin as (primarily) a storage of value, and thus as long as there are some available onramps and offramps, the currency will hold value. There are other people who believe that fungibility is what gives cryptocurrency it's value and that option C would fundamentally undermine the value of the currency.
I don't mean to dismiss either argument, but option C opens a can of worms that alone can fill economic textbooks. For the sake of simplicity, we will throw out option C as a possibility and save that debate for another day. We will simply require that payment is made in crypto.
With option B, you would absolutely need to pay the peak rate (likely higher) for a single transaction as a Point-of-Sale scenario with a full mempool would likely require at least one confirm and both parties would want that as soon as possible after payment. It would not be unlikely to pay 20-40 sat/byte on a single transaction and then pay 1sat/byte for an open and close to enable LN payments later. Even in the low end, the total cost is 20¢ for on-chain + open + close.
With present-day-statistics, your LN would have to do 182 transactions to make up for the one peak on-chain transaction you were forced to do.
With option A, you still require one confirm. Let's also give the additional leeway that in this scenario you have time to sit and wait a couple of blocks for your confirm before you order / pay. You can thus pay peak rates alone and not peak + ensure next block rates. This will most likely be in the 5-20 sat/byte range. With 5sat/byte open and 1sat/byte close, your LN would have to do 50 transactions to break even
In closing, fees are incurred by the funding channel, so there could be scenarios where the receiving party is incentivized to close in order to spend outputs and the software automatically calculates fees based on current rates. If this is the case, the receiving party could incur a higher-than-planned fee to the funding party.
With that being said, any software that allows the funding party to set the fee beforehand would avoid unplanned fees, so we'll assume low fees for closing.
Is this problem solvable?
It depends.
In order to avoid the peak-fee open/close ratio problem, the Bitcoin network either needs to have much higher LN / Segwit utilization, or increase on-chain capacity. If it gets to a point where transactions stack up, users will be required to pay more than 1sat/byte per transaction and should expect as much.
Current Bitcoin network utilization is close enough to 100% to fill blocks during peak times. I also did an export of the data available at Blockchair.com for the last 3000 blocks which is approximately the last 3 weeks of data. According to their block-weight statistics, The average Bitcoin block is 65.95% full. This means that on-chain, Bitcoin can only increase in transaction volume by around 50% and all other scaling must happen via increased Segwit and LN use.
Problem 3: You don't fully control your LN channel states.
Common arguments:
BCH: You can get into a scenario where you don't have output capacity and need to open a new channel.
BCH: A hostile actor can cause you to lose funds during a high-fee situation where a close is forced.
BTC: You can easily re-load your channel by pushing outbound to inbound.
BCH: You can't control whether nodes you connect to are online or offline.
There's a lot to digest here, but LN is essentially a 2-way contract between 2 parties. Not only does the drafting party pay the fees as of right now, but connected 3rd-parties can affect the state of this contract. There are some interesting scenarios that develop because of it and you aren't always in full control of what side.
Lack of outbound capacity
First, it's true that if you run out of outbound capacity, you either need to reload or create a new channel. This could potentially require 0, 1, or 2 additional on-chain transactions.
If a network loop exists between a low-outbound-capacity channel and yourself, you could push transactional capacity through the loop back to the output you wish to spend to. This would require 0 on-chain transactions and would only cost 1 (relatively negligible) LN fee charge. For all intents and purposes... this is actually kind of a cool scenario.
If no network loop exists from you-to-you, things get more complex. I've seen proposals like using Bitrefill to push capacity back to your node. In order to do this, you would have an account with them and they would lend custodial support based on your account. While people opting for trustless money would take issue in 3rd party custodians, I don't think this alone is a horrible solution to the LN outbound capacity problem... Although it depends on the fee that bitrefill charges to maintain an account and account charges could negate the effectiveness of using the LN. Still, we will assume this is a 0 on-chain scenario and would only cost 1 LN fee which remains relatively negligible.
If no network loop exists from you and you don't have a refill service set up, you'll need at least one on-chain payment to another LN entity in exchange for them to push LN capacity to you. Let's assume ideal fee rates. If this is the case, your refill would require an additional 7 transactions for that channel's new break-even. Multiply that by number of sat/byte if you have to pay more.
Opening a new channel is the last possibility and we go back to the dynamics of 13 transactions per LN channel in the ideal scenario.
Hostile actors
There are some potential attack vectors previously proposed. Most of these are theoretical and/or require high fee scenarios to come about. I think that everyone should be wary of them, however I'm going to ignore most of them again for the sake of succinctness.
This is not to be dismissive... it's just because my post length has already bored most casual readers half to death and I don't want to be responsible for finishing the job.
Pushing outbound to inbound
While I've discussed scenarios for this push above, there are some strange scenarios that arise where pushing outbound to inbound is not possible and even some scenarios where a 3rd party drains your outbound capacity before you can spend it.
A while back I did a testnet simulation to prove that this scenario can and will happen it was a post response that happened 2 weeks after the initial post so it flew heavily under the radar, but the proof is there.
The moral of this story is in some scenarios, you can't count on loaded network capacity to be there by the time you want to spend it.
Online vs Offline Nodes
We can't even be sure that a given computer is online to sign a channel open or push capacity until we try. Offline nodes provide a brick-wall in the pathfinding algorithm so an alternate route must be found. If we have enough channel connectivity to be statistically sure we can route around this issue, we're in good shape. If not, we're going to have issues.
Is this problem solvable?
Only if the Lightning network can provide an (effectively) infinite amount of capacity... but...
Problem 4: Lightning Network is not infinite.
Common arguments:
BTC: Lightning network can scale infinitely so there's no problem.
Unfortunately, LN is not infinitely scalable. In fact, finding a pathway from one node to another is roughly the same problem as the traveling salesman problem. Dijkstra's algorithm which is a problem that diverges polynomially. The most efficient proposals have a difficulty bound by O(n^2).
Note - in the above I confused the complexity of the traveling salesman problem with Dijkstra when they do not have the same bound. With that being said, the complexity of the LN will still diverge with size
In lay terms, what that means is every time you double the size of the Lightning Network, finding an indirect LN pathway becomes 4 times as difficult and data intensive. This means that for every doubling, the amount of traffic resulting from a single request also quadruples.
You can potentially temporarily mitigate traffic by bounding the number of hops taken, but that would encourage a greater channel-per-user ratio.
For a famous example... the game "6 degrees of Kevin Bacon" postulates that Kevin Bacon can be connected by co-stars to any movie by 6 degrees of separation. If the game is reduced to "4 degrees of Kevin Bacon," users of this network would still want as many connections to be made, so they'd be incentivized to hire Kevin Bacon to star in everything. You'd start to see ridiculous mash-ups and reboots just to get more connectivity... Just imagine hearing Coming soon - Kevin Bacon and Adam Sandlar star in "Billy Madison 2: Replace the face."
Is this problem solvable?
Signs point to no.
So technically, if the average computational power and network connectivity can handle the problem (the number of Lightning network channels needed to connect the world)2 in a trivial amount of time, Lightning Network is effectively infinite as the upper bound of a non-infinite earth would limit time-frames to those that are computationally feasible.
With that being said, BTC has discussed Lightning dev comments before that estimated a cap of 10,000 - 1,000,000 channels before problems are encountered which is far less than the required "number of channels needed to connect the world" level.
In fact SHA256 is a newer NP-hard problem than the traveling saleseman problem. That means that statistically, and based on the amount of review that has been given to each problem, it is more likely that SHA256 - the algorithm that lends security to all of bitcoin - is cracked before the traveling salesman problem is. Notions that "a dedicated dev team can suddenly solve this problem, while not technically impossible, border on statistically absurd.
Edit - While the case isn't quite as bad as the traveling salesman problem, the problem will still diverge with size and finding a more efficient algorithm is nearly as unlikely.
This upper bound shows that we cannot count on infinite scalability or connectivity for the lightning network. Thus, there will always be on-chain fee pressure and it will rise as the LN reaches it's computational upper-bound.
Because you can't count on channel states, the on-chain fee pressure will cause typical sat/byte fees to raise. The higher this rate, the more transactions you have to make for a Lightning payment open/close operation to pay for itself.
This is, of course unless it is substantially reworked or substituted for a O(log(n))-or-better solution.
Finally, I'd like to add, creating an on-chain transaction is a set non-recursive, non looping function - effectively O(1), sending this transaction over a peer-to-peer network is bounded by O(log(n)) and accepting payment is, again, O(1). This means that (as far as I can tell) on-chain transactions (very likely) scale more effectively than Lightning Network in its current state.
Additional notes:
My computational difficulty assumptions were based on a generalized, but similar problem set for both LN and on-chain instances. I may have overlooked additional steps needed for the specific implementation, and I may have overlooked reasons a problem is a simplified version requiring reduced computational difficulty.
I would appreciate review and comment on my assumptions for computational difficulty and will happily correct said assumptions if reasonable evidence is given that a problem doesn't adhere to listed computational difficulty.
TL;DR: While Lightning node payments themselves cost less than on-chain BCH payments, the associated overhead currently requires a LN channel to produce 16 transactions just to break-even under ideal 1sat/byte circumstances and substantially more as the fee rate goes up.
Further, the Lightning network can provide no guarantee in its current state to maintain/reduce fees to 1sat/byte.
submitted by CaptainPatent to btc [link] [comments]

A tour of the Gridcoin wallet

Hey guys, I thought I would put together an in-depth tour of the Gridcoin wallet software for all of our recent newcomers. Here I'll be outlining all the features and functions the windows GUI wallet has to offer, along with some basic RPC command usage. I'll be using the windows wallet as an example, but both linux and macOS should be rather similar. I'll be including as many pictures as I can as embedded hyperlinks.
Edit: Note that since I originally made this there has been a UI update, so your client will be different colors but all the button locations are in the same place.
This is my first post like this, so please forgive me if this appears a little scatter-brained.
This will not cover the mining setup process for pool or solo miners.
When you launch the wallet software for the first time you should be greeted with this screen.

OVERVIEW TAB

After that prompt, you should be left sitting on the main overview tab with several fields on it.
From top to bottom:

SEND TAB

Now onto the other tabs on the left side. Currently we're on the Overview tab, lets move down to the Send tab. This tab it pretty self-explanatory, you use it if you want to send coins, but I'll go over the fields here:
  • Pay To: Enter a valid gridcoin address to send coins too. Gridcoin addresses always start with an S or and R.
  • Label: Enter a label here and it will put that address in your "address book" under that label for later use. You can leave it blank if you don't want it in your address book.
  • Message: Enter a message here if you want it attached to your transaction.
  • Amount: How many coins you want to send.
  • Add Attachment: Leave this alone, it is broken.
  • Track Coins: This doesn't do anything.

RECEIVE TAB

Now down to the Receive tab. Here you should have a single address listed. If you double click on the label field, you can edit it's label.
  • New: Generate a new address.
If you click on an address, the rest of the options should be clickable.
  • Copy: Copy the selected address to your clipboard.
  • Show QR Code: Show a scan-able QR code for the selected address.
  • Sign Message: Cryptographically sign a message using the selected address.

TRANSACTIONS TAB

The Transactions tab is pretty boring considering we have no transactions yet. But as you can see there are some sorting tools at the top for when you do have transactions listed.

ADDRESS BOOK TAB

The Address Book is where all the addresses you've labeled (that aren't yours) will show up.
  • Verify Message: Verifies a message was signed by the selected address.
The rest of the functions are similar to the functions on the Receive tab.

VOTING TAB

Onto the Voting tab. There wont be any polls because we aren't in sync yet.
  • Reload Polls: Pretty self-explanatory, I've never had to use this.
  • Load History: By default, the wallet will only display active polls. If you want to view past polls you can use this.
  • Create Poll: You can create a network-wide poll. You must have 100,000 coins as a requirement to make a poll. (Creating a poll does not consume the coins)
Here's what the Voting tab will look like once you're in sync

CONTEXT BAR

Now onto the context bar menus on the top.
Under File you have:
  • Backup Wallet/Config: This lets you backup your wallet configuration file just in case.
  • Export: You can export your Transactions tab or Address Book in CSV format.
  • Sign message: Does the same thing as on the Receive tab.
  • Verify message: Does the same thing as on the Address Book tab.
  • Exit: Close the wallet.
Under Settings you have:
  • Encrypt Wallet: Encrypts your wallet with a password. (we'll come back to this)
  • Change Passphrase: Allows you to change your encryption password.
  • Options: Opens the options menu. (We'll come back to this)
Under Community you have:
Under Advanced you have:
  • Advanced Configuration: Opens the Advanced Configuration menu. (Not so advanced if you ask me)
  • Neural Network: Allows you to view solo miners project statistics. It will be largely blank if you're not in sync yet.
  • FAQ: Don't touch this, It is broken.
  • Foundation: Don't touch this, It is broken.
  • Rebuild Block Chain: Starts the client syncing from 0. Don't worry, using this will not make you lose coins.
  • Download Blocks: Downloads the latest official snapshot, can help speed up syncing. The download progress tends to sit at 99.99% for a long time, don't worry, it's working.
Under Help you have:
  • Debug window: Opens the debug window. (We'll come back to this)
  • Diagnostics: Don't touch this, it is broken. This has since been fixed. You can use this to see if there is anything wrong with your setup.
  • About Gridcoin: Opens the About Dialog. This gives you your client version and other information.

OPTIONS

Now back to the options menu under Settings > Options.
Here we have the options menu main tab:
  • Pay transaction fee: The transaction fee that will be automatically paid when you make a transaction.
  • Reserve: You can reserve an amount so that it will always be available for spending.
  • Start Gridcoin on system login: Pretty self-explanatory
  • Detach databases at shutdown: Speeds up shutdown, but causes your blockchain file to no longer be portable.
On the Network tab:
  • Map port using UPnP: Attempts to connect to nodes through UPnP.
  • Connect through SOCKS proxy: Allows you to connect through a proxy.
The window tab is pretty self-explanatory.
The Display tab is also pretty self-explanatory, with the exception of:
  • Display coin control features (experts only!): This allows you to have a great deal of control over the coins in your wallet, check this for now and I'll explain how to use it further down. Don't forget to click "Apply".

ENCRYPTING YOUR WALLET

Now that all of that is out of the way. The first thing you'll want to do is encrypt your wallet. This prevents anybody with access to your computer from sending coins. This is something I would recommend everyone do.
Go to Settings > Encrypt Wallet and create a password. YOU CANNOT RECOVER YOUR COINS IF YOU FORGET YOUR PASSWORD.
Your wallet will close and you will have to start it up again. This time when it opens up, you should have a new button in the bottom left. Now if you want to stake you will have to unlock your wallet. Notice the "For staking only" box that is checked by default. If you want to send a beacon for solo mining or vote, you will need to uncheck this box.

GETTING IN SYNC AND ICONS

Before we continue, Let's wait until we're in sync. Depending on your internet speeds, this could take from several hours to over a day or 2. This can be sped up by using Advanced > Download Blocks, but this can still take several hours.
This is what an in-sync client should look like. Notice the green check to the right of the Receive tab. All of these icons give you information when you hover your mouse over them.
The lock
The arrow tells you if you're staking. If you aren't staking, it will tell you why you're not staking. If you are staking it will give you an estimated staking time. Staking is a very random process and this is only an estimate, not a countdown.
The connection bars tell you how many connections to the network you have.
The check tells you if you're in sync.

WHAT IS STAKING?

Now I've said "stake" about a million times so far and haven't explained it. Gridcoin is a Proof of Stake (PoS) coin.
Unlike bitcoins Proof of Work (PoW), PoS uses little system resources, so you can use those resources for scientific work. PoS works by users "Staking" with their balance. The higher the balance, the higher the chance to create, or "stake" a block. This means you need to have a positive balance in order to stake. Theoretically, you can stake with any amount over 0.0125 coins, but in practice it's recommended to have at least 2000 coins to reliably stake.
Staking is important for solo miners, because they get paid when they stake. Pool miners don't need to stake in order to get paid however. So if you want to solo mine, you'll need to buy some coins from an exchange or start in the pool first and move to solo when you have enough coins.
In addition to Research Rewards for miners, anyone who holds coins (solo miners, pool miners, and investors) gets 1.5% interest annually on top of your coins. So it can be beneficial for pool miners to stake as well.
Here is a snippet of what a research rewards transaction looks like from my personal wallet. I have a label on that address of "Payout address" as you can see here.

UTXOS AND COIN CONTROL

At this point you'll need some coins. You can use one of our faucets like this one or this one to test coin control out.
First let me explain what a UTXO is. UTXO stands for Unspent Transaction Output. Say you have an address with 0 coins in it, and someone sends you 10 coins like I've done here. Those 10 coins are added to that address in the form of a UTXO, so we have an address with one 10 coin UTXO in it.
Now we receive another 5 coins at the same address, like so. Now we have an address with one 10 coin UTXO and one 5 coin UTXO. But how do we view how our addresses are split up into different UTXOs?
Earlier we checked the "Display coin control features" box in Settings > Options > Display. Once that's checked you'll notice there's another section in the Send tab labeled "Coin Control Features". If you click the "Inputs" button, you'll get a new window. And look, there's our 2 UTXOs.
All UTXOs try to stake separately from each other, and remember that the chance a UTXO has to stake is proportional to it's size. So in this situation, my 10 coin UTXO has twice the chance to stake as my 5 coin UTXO. Now wallets, especially ones that make a lot of transactions, can get very fragmented over time. I've fragmented my wallet a little so I can show you what I'm talking about.
How do we clean this up? We can consolidate all this into one UTXO by checking all the boxes on the left and selecting OK.
Now pay attention to the fields on the top:
  • Quantity: The total amount of UTXOs we have selected.
  • Amount: The total amount of coins we have selected.
  • Fee: How much it would cost in fees to send all those UTXOs (more UTXOs = more transaction data = more fees)
  • After Fee: Amount - Fees.
  • Bytes: How large the transaction is in bytes.
  • Priority: How your client would prioritize making a transaction with this specific set of UTXOs selected had you not used coin control.
  • Low Output: If your transaction is less than 0.01 coins (I think).
  • Change: What you will get back in change.
  • custom change address: You can set the address you get your change back at, by default it will generate a new address.
So let's fill out our transaction so we end up with 1 UTXO at the end.
In "Pay To:" Just put any address in your wallet, and for the amount put what it has listed in the "After Fee" Field. Just like this.
Notice how we get no change back.
Now click "Send", we'll be prompted to enter our passphrase and we're asked if we want to pay the fee, go ahead and click "Yes".
Now if we go back to the Overview tab we get this funky icon. If you hover your mouse over it, it says "Payment to yourself", and the -0.0002 GRC is the network transaction fee.
(Ignore the first one, that was me fragmenting my wallet)
Now if we look at the Coin Control menu, we can see that we've slimmed our wallet down from 7 UTXOs to 1.
Now why would you want to use coin control?
2 Situations:
  1. UTXOs less than 0.0125 coins cannot stake. So you can combine a lot of tiny, useless UTXOs into 1 bigger one that can stake.
  2. After a UTXO stakes, it cannot stake for another 16 hours. So if you have 1 large UTXO that is big enough to stake more than once every 16 hours, you can split it into smaller UTXOs which can allow you to stake slightly more often.
  3. By default, the wallet will always generate a new address for change, which can make your wallet get very messy if you're sending lots of transactions. Keep in mind that more UTXOs = larger transactions = more fees.
Sidenote - When you stake, you will earn all research rewards owed reguardless of which UTXO staked. However, you'll earn the 1.5% interest for that UTXO. Not your whole wallet.

FORKING

A fork is when the network splits into multiple chains, with part of the network on each chain. A fork can happen when 2 blocks are staked by different clients at the same time or very close to the same time, or when your client rejects a block that should have been accepted due to a bug in the code or through some other unique circumstance.
How do I know if I'm on a fork?
Generally you can spot a fork by looking at the difficulty on your Overview tab. With current network conditions, if your difficulty is below 0.1, then you're probably on a fork.
You can confirm this by comparing your blockhash with someone elses, like a block explorer.
Go to [Help > Debug Window > Console]. This is the RPC console, we can use to do a lot of things. You can type help to get a list of commands, and you can type help [command you need help with] (without the brackets) to get information on a command. We'll be using the getblockhash [block number] command.
Type getblockhash [block number] in the console, but replace [block number] with the number listed next to the "Blocks:" field on the Overview tab.
This will spit out a crazy string of characters, this is the "blockhash" of that block.
Now head over to your favorite block explorer, I'll be using gridcoinstats. Find the block that you have the hash for, use the search bar or just find it in the list of blocks.
Now compare your hash with the one gridcoinstats gives you. Does it match?
If it matches, then you're probably good to go. If it matches but you still think you're on a fork, then you can try other block explorers, such as gridcoin.network or neuralminer.io.
If it doesn't match, then you need to try to get off that fork.
How do I get off a fork?
  1. Just wait for an hour or two. 95% of the time your client is able to recover itself from a fork given a little time.
  2. Restart the client, wait a few minutes to see if it fixes itself. If it doesn't restart again and wait. Repeat about 4 or 5 times.
  3. Find where the fork started. Using the getblockhash command, go back some blocks and compare hashes with that on a block explorer so you can narrow down what the last block you and the block explorer had in common. Then use reorganize [the last block hash you had in common]. Note that reorganize takes a blockhash, not a block number.
  4. Use Advanced > Download Blocks.
  5. If none of this works, you can take a look at social media (reddit/steemit) and see what other people are saying.

CONFIGURATION FILE

Your configuration file depends on your operation system:
  • On Windows: %appdata%\GridcoinResearch\
  • On Linux: ~/.GridcoinResearch/
  • On MacOS: /Users/USERNAME/Library/Application/Support/GridcoinResearch/
And it should look like this.
If you open up your gridcoinresearch.conf, you'll see the default one it generated. Note that if you entered your email earlier, the first line will have your email on it instead of "investor". If you decided you want to solo mine but didn't enter your email when you first started the wallet, go ahead and put your email on the first line in place of "investor". If you're a pool miner, just leave it as "investor".
Next, it's recommended that you use the addnodes on the gridcoin wiki. So our gridcoinresearch.conf will look like this.
A useful line for solo miners is PrimaryCPID=[YOUR CPID]. Sometimes your wallet can pick up on the wrong CPID so it's good to have that in there if you're solo mining.

RUNNING A LISTENING NODE

A listening node is a node that listens for blocks and transactions broadcasted from nodes and forwards them on to other nodes. For example, during the syncing process when you're getting your node running for the first time, you're downloading all the blocks from listening nodes. So running a listening node helps support the network.
Running a gridcoin listening node is simple. All you need to do is add listen=1 to your gridcoinresearch.conf and you need to forward port 32749 on your router.
If you don't know how to port forward, I'd suggest googling "How to port forward [your router manufacturer]".

QUICK LINKS

Gridcoin.us Official Website
Gridcoin.science Unofficial Website
Gridcoinstats.eu Block Explorer
NeuralMiner.io Block Explorer
Gridcoinstats.eu Faucet
Gridcoin.ch Faucet
Gridcoin Wiki
Gridcoin Github
GRCPool
Arikado Pool
And that's all I have for now!
I plan to keep this post up-to-date with changes in the client. So if anyone has any suggestions, have clarifications they want made, or maybe I got something wrong, then please feel free to leave a comment below or PM me!
submitted by Personthingman2 to gridcoin [link] [comments]

I'm writing a series about blockchain tech and possible future security risks. This is the third part of the series introducing Quantum resistant blockchains.

Part 1 and part 2 will give you usefull basic blockchain knowledge that is not explained in this part.
Part 1 here
Part 2 here
Quantum resistant blockchains explained.
- How would quantum computers pose a threat to blockchain?
- Expectations in the field of quantum computer development.
- Quantum resistant blockchains
- Why is it easier to change cryptography for centralized systems such as banks and websites than for blockchain?
- Conclusion
The fact that whatever is registered on a blockchain can’t be tampered with is one of the great reasons for the success of blockchain. Looking ahead, awareness is growing in the blockchain ecosystem that quantum computers might cause the need for some changes in the cryptography that is used by blockchains to prevent hackers from forging transactions.
How would quantum computers pose a threat to blockchain?
First, let’s get a misconception out of the way. When talking about the risk quantum computers could pose for blockchain, some people think about the risk of quantum computers out-hashing classical computers. This, however, is not expected to pose a real threat when the time comes.
This paper explains why: https://arxiv.org/pdf/1710.10377.pdf "In this section, we investigate the advantage a quantum computer would have in performing the hashcash PoW used by Bitcoin. Our findings can be summarized as follows: Using Grover search, a quantum computer can perform the hashcash PoW by performing quadratically fewer hashes than is needed by a classical computer. However, the extreme speed of current specialized ASIC hardware for performing the hashcash PoW, coupled with much slower projected gate speeds for current quantum architectures, essentially negates this quadratic speedup, at the current difficulty level, giving quantum computers no advantage. Future improvements to quantum technology allowing gate speeds up to 100GHz could allow quantum computers to solve the PoW about 100 times faster than current technology.
However, such a development is unlikely in the next decade, at which point classical hardware may be much faster, and quantum technology might be so widespread that no single quantum enabled agent could dominate the PoW problem."
The real point of vulnerability is this: attacks on signatures wherein the private key is derived from the public key. That means that if someone has your public key, they can also calculate your private key, which is unthinkable using even today’s most powerful classical computers. So in the days of quantum computers, the public-private keypair will be the weak link. Quantum computers have the potential to perform specific kinds of calculations significantly faster than any normal computer. Besides that, quantum computers can run algorithms that take fewer steps to get to an outcome, taking advantage of quantum phenomena like quantum entanglement and quantum superposition. So quantum computers can run these certain algorithms that could be used to make calculations that can crack cryptography used today. https://en.wikipedia.org/wiki/Elliptic-curve_cryptography#Quantum_computing_attacks and https://eprint.iacr.org/2017/598.pdf
Most blockchains use Elliptic Curve Digital Signature Algorithm (ECDSA) cryptography. Using a quantum computer, Shor's algorithm can be used to break ECDSA. (See for reference: https://arxiv.org/abs/quant-ph/0301141 and pdf: https://arxiv.org/pdf/quant-ph/0301141.pdf ) Meaning: they can derive the private key from the public key. So if they got your public key (and a quantum computer), then they got your private key and they can create a transaction and empty your wallet.
RSA has the same vulnerability while RSA will need a stronger quantum computer to be broken than ECDSA.
At this point in time, it is already possible to run Shor’s algorithm on a quantum computer. However, the amount of qubits available right now makes its application limited. But it has been proven to work, we have exited the era of pure theory and entered the era of practical applications:
So far Shor's algorithm has the most potential, but new algorithms might appear which are more efficient. Algorithms are another area of development that makes progress and pushes quantum computer progress forward. A new algorithm called Variational Quantum Factoring is being developed and it looks quite promising. " The advantage of this new approach is that it is much less sensitive to error, does not require massive error correction, and consumes far fewer resources than would be needed with Shor’s algorithm. As such, it may be more amenable for use with the current NISQ (Noisy Intermediate Scale Quantum) computers that will be available in the near and medium term." https://quantumcomputingreport.com/news/zapata-develops-potential-alternative-to-shors-factoring-algorithm-for-nisq-quantum-computers/
It is however still in development, and only works for 18 binary bits at the time of this writing, but it shows new developments that could mean that, rather than a speedup in quantum computing development posing the most imminent threat to RSA and ECDSA, a speedup in the mathematical developments could be even more consequential. More info on VQF here: https://arxiv.org/abs/1808.08927
It all comes down to this: when your public key is visible, which is always necessary to make transactions, you are at some point in the future vulnerable for quantum attacks. (This also goes for BTC, which uses the hash of the public key as an address, but more on that in the following articles.) If you would have keypairs based on post quantum cryptography, you would not have to worry about that since in that case not even a quantum computer could derive your private key from your public key.
The conclusion is that future blockchains should be quantum resistant, using post-quantum cryptography. It’s very important to realize that post quantum cryptography is not just adding some extra characters to standard signature schemes. It’s the mathematical concept that makes it quantum resistant. to become quantm resistant, the algorithm needs to be changed. “The problem with currently popular algorithms is that their security relies on one of three hard mathematical problems: the integer factorization problem, the discrete logarithm problem or the elliptic-curve discrete logarithm problem. All of these problems can be easily solved on a sufficiently powerful quantum computer running Shor's algorithm. Even though current, publicly known, experimental quantum computers lack processing power to break any real cryptographic algorithm, many cryptographers are designing new algorithms to prepare for a time when quantum computing becomes a threat.” https://en.wikipedia.org/wiki/Post-quantum_cryptography
Expectations in the field of quantum computer development.
To give you an idea what the expectations of quantum computer development are in the field (Take note of the fact that the type and error rate of the qubits is not specified in the article. It is not said these will be enough to break ECDSA or RSA, neither is it said these will not be enough. What these articles do show, is that a huge speed up in development is expected.):
When will ECDSA be at risk? Estimates are only estimates, there are several to be found so it's hard to really tell.
The National Academy of Sciences (NAS) has made a very thourough report on the development of quantum computing. The report came out in the end of 2018. They brought together a group of scientists of over 70 people from different interconnecting fields in quantum computing who, as a group, have come up with a close to 200 pages report on the development, funding, implications and upcoming challenges for quantum computing development. But, even though this report is one of the most thourough up to date, it doesn't make an estimate on when the risk for ECDSA or RSA would occur. They acknowledge this is quite impossible due to the fact there are a lot of unknowns and due to the fact that they have to base any findings only on publicly available information, obviously excluding any non available advancements from commercial companies and national efforts. So if this group of specialized scientists can’t make an estimate, who can make that assessment? Is there any credible source to make an accurate prediction?
The conclusion at this point of time can only be that we do not know the answer to the big question "when".
Now if we don't have an answer to the question "when", then why act? The answer is simple. If we’re talking about security, most take certainty over uncertainty. To answer the question when the threat materializes, we need to guess. Whether you guess soon, or you guess not for the next three decades, both are guesses. Going for certain means you'd have to plan for the worst, hope for the best. No matter how sceptical you are, having some sort of a plan ready is a responsible thing to do. Obviously not if you're just running a blog about knitting. But for systems that carry a lot of important, private and valuable information, planning starts today. The NAS describes it quite well. What they lack in guessing, they make up in advice. They have a very clear advice:
"Even if a quantum computer that can decrypt current cryptographic ciphers is more than a decade off, the hazard of such a machine is high enough—and the time frame for transitioning to a new security protocol is sufficiently long and uncertain—that prioritization of the development, standardization, and deployment of post-quantum cryptography is critical for minimizing the chance of a potential security and privacy disaster."
Another organization that looks ahead is the National Security Agency (NSA) They have made a threat assessment in 2015. In August 2015, NSA announced that it is planning to transition "in the not too distant future" (statement of 2015) to a new cipher suite that is resistant to quantum attacks. "Unfortunately, the growth of elliptic curve use has bumped up against the fact of continued progress in the research on quantum computing, necessitating a re-evaluation of our cryptographic strategy." NSA advised: "For those partners and vendors that have not yet made the transition to Suite B algorithms, we recommend not making a significant expenditure to do so at this point but instead to prepare for the upcoming quantum resistant algorithm transition.” https://en.wikipedia.org/wiki/NSA_Suite_B_Cryptography#cite_note-nsa-suite-b-1
What these organizations both advice is to start taking action. They don't say "implement this type of quantum resistant cryptography now". They don't say when at all. As said before, the "when" question is one that is a hard one to specify. It depends on the system you have, the value of the data, the consequences of postponing a security upgrade. Like I said before: you just run a blog, or a bank or a cryptocurrency? It's an individual risk assesment that's different for every organization and system. Assesments do need to be made now though. What time frame should organisationds think about when changing cryptography? How long would it take to go from the current level of security to fully quantum resistant security? What changes does it require to handle bigger signatures and is it possible to use certain types of cryptography that require to keep state? Do your users need to act, or can al work be done behind the user interface? These are important questions that one should start asking. I will elaborate on these challenges in the next articles.
Besides the unsnswered question on "when", the question on what type of quantum resistant cryptography to use is unanswered too. This also depends on the type of system you use. The NSA and NAS both point to NIST as the authority on developments and standardization of quantum resistant cryptography. NIST is running a competition right now that should end up in one or more standards for quantum resistant cryptography. The NIST competition handles criteria that should filter out a type of quantum resistant cryptography that is feasable for a wide range of systems. This takes time though. There are some new algorithms submitted and assessing the new and the more well known ones must be done thouroughly. They intend to wrap things up around 2022 - 2024. From a blockchain perspective it is important to notice that a specific type of quantum resistant cryptography is excluded from the NIST competition: Stateful Hash-Based Signatures. (LMS and XMSS) This is not because these are no good. In fact they are excelent and XMSS is accepted to be provable quantum resistant. It's due to the fact that implementations will need to be able to securely deal with the requirement to keep state. And this is not a given for most systems.
At this moment NIST intends to approve both LMS and XMSS for a specific group of applications that can deal with the statefull properties. The only loose end at this point is an advice for which applications LMS and XMSS will be adviced and for what applications it is discouraged. These questions will be answered in the beginning of april this year: https://csrc.nist.gov/news/2019/stateful-hbs-request-for-public-comments This means that quite likely LMS and XMSS will be the first type of standardized quantum resistant cryptography ever. To give a small hint: keeping state, is pretty much a naturally added property of blockchain.
Quantum resistant blockchains
“Quantum resistant” is only used to describe networks and cryptography that are secure against any attack by a quantum computer of any size in the sense that there is no algorithm known that makes it possible for a quantum computer to break the applied cryptography and thus that system.
Also, to determine if a project is fully quantum resistant, you would need to take in account not only how a separate element that is implemented in that blockchain is quantum resistant, but also the way it is implemented. As with any type of security check, there should be no backdoors, in which case your blockchain would be just a cardboard box with bulletproof glass windows. Sounds obvious, but since this is kind of new territory, there are still some misconceptions. What is considered safe now, might not be safe in the age of quantum computers. I will address some of these in the following chapters, but first I will elaborate a bit about the special vulnerability of blockchain compared to centralized systems.
Why is it easier to change cryptography for centralized systems such as banks and websites than for blockchain?
Developers of a centralized system can decide from one day to the other that they make changes and update the system without the need for consensus from the nodes. They are in charge, and they can dictate the future of the system. But a decentralized blockchain will need to reach consensus amongst the nodes to update. Meaning that the majority of the nodes will need to upgrade and thus force the blockchain to only have the new signatures to be valid. We can’t have the old signature scheme to be valid besides the new quantum resistant signature scheme. Because that would mean that the blockchain would still allow the use of vulnerable, old public- and private keys and thus the old vulnerable signatures for transactions. So at least the majority of the nodes need to upgrade to make sure that blocks which are constructed using the old rules and thus the old vulnerable signature scheme, are rejected by the network. This will eventually result in a fully upgraded network which only accepts the new post quantum signature scheme in transactions. So, consensus is needed. The most well-known example of how that can be a slow process is Bitcoin’s need to scale. Even though everybody agrees on the need for a certain result, reaching consensus amongst the community on how to get to that result is a slow and political process. Going quantum resistant will be no different, and since it will cause lesser performance due to bigger signatures and it will need hardware upgrades quite likely it will be postponed rather than be done fast and smooth due to lack of consensus. And because there are several quantum resistant signature schemes to choose from, agreement an automatic given. The discussion will be which one to use, and how and when to implement it. The need for consensus is exclusively a problem decentralized systems like blockchain will face.
Another issue for decentralized systems that change their signature scheme, is that users of decentralized blockchains will have to manually transfe migrate their coins/ tokens to a quantum safe address and that way decouple their old private key and activate a new quantum resistant private key that is part of an upgraded quantum resistant network. Users of centralized networks, on the other hand, do not need to do much, since it would be taken care of by their centralized managed system. As you know, for example, if you forget your password of your online bank account, or some website, they can always send you a link, or secret question, or in the worst case they can send you mail by post to your house address and you would be back in business. With the decentralized systems, there is no centralized entity who has your data. It is you who has this data, and only you. So in the centralized system there is a central entity who has access to all the data including all the private accessing data, and therefore this entity can pull all the strings. It can all be done behind your user interface, and you probably wouldn’t notice a thing.
And a third issue will be the lost addresses. Since no one but you has access to your funds, your funds will become inaccessible once you lose your private key. From that point, an address is lost, and the funds on that address can never be moved. So after an upgrade, those funds will never be moved to a quantum resistant address, and thus will always be vulnerable to a quantum hack.
To summarize: banks and websites are centralized systems, they will face challenges, but decentralized systems like blockchain will face some extra challenges that won't apply for centralized systems.
All issues specific for blockchain and not for banks or websites or any other centralized system.
Conclusion
Bitcoin and all currently running traditional cryptocurrencies are not excluded from this problem. In fact, it will be central to ensuring their continued existence over the coming decades. All cryptocurrencies will need to change their signature schemes in the future. When is the big guess here. I want to leave that for another discussion. There are enough certain specifics we can discuss right now on the subject of quantum resistant blockchains and the challenges that existing blockchains will face when they need to transfer. This won’t be an easy transfer. There are some huge challenges to overcome and this will not be done overnight. I will get to this in the next few articles.
Part 1, what makes blockchain reliable?
Part 2, The two most important mathematical concepts in blockchain.
Part 4A, The advantages of quantum resistance from genesis block, A
Part 4B, The advantages of quantum resistance from genesis block, B
Part 5, Why BTC will be vulnerable sooner than expected.
submitted by QRCollector to CryptoTechnology [link] [comments]

Surae's (me) end-of-November (2017!) update.

You can check it out on the forums here. Here's a copypasta:
Surae's End of November (2017!) Update
Hello, everyone! Sarang posted his update a few days ago to give the community time to review his work before the end of the month. I was hoping to finish multisig off before the end of this month... so I held off on writing this update until then... but it looks like I'm somewhere between 2 days and a week behind on that estimate.
MRL Announcements
Meetings. We are holding weekly meetings on Mondays at 17:00 UTC. Logs are to be posted on my github soon(tm). Usually we alternate between "office hours" and "research meetings." At office hours, we want members of the community to come in and be able to ask questions, so we are considering opening up a relay to the freenode channel during office hours times, unless things get out of hand.
POW-Difficulty Replacement Contest. Some time in December, I am going to formalize an FFS "idea" to open up a multiple-round contest for possible replacements for our proof of work game. The first round would have a 3- or 6-month deadline. Personally, I would love it if this FFS could have an unbounded reward amount. If the community is extremely generous, we could easily whip up a large enough reward to spur lots and lots of interest across the world.
The Bitcoin POW game uses SHA256 to find nonces that produce hashes with sufficiently small digests according to the Bitcoin difficulty metric. Our current POW game uses CryptoNight to find nonces that produce hashes with sufficiently small digests according to the CryptoNote difficulty metric. The winner need not be proof of work. My current thoughts are roughly this:
All submissions will be public. Submissions that minimize incentives for centralized mining (or maximize disincentives) will be preferred over submissions that do not. Submissions that are elegant will be preferred over submissions that are not. Submissions that have provable claims about desirable properties will be preferred over submissions that do not (e.g. for either the Bitcoin or the Monero POW games, the necessary and sufficient network conditions for these games to produce blocks in a Poisson process have not been identified, to my understanding). Submissions that have a smaller environmental impact will be preferred over submissions that have a larger impact. And so on. I would like as many ideas as possible about a judging rubric for the first round. Especially if a large amount of money will be put up as a prize.
The details of the next round would be announced along with the winners of the first round. The reward funds should be released when a set of judges agree on a winner. MRL and Monero Core should each have representation on the panel of judges, and there ought to be at least one independent judge not directly associated with the Monero Project, like Peter Todd, Tim Ruffing, or someone along those lines. But, again, this is just an idea. If the community doesn't like it, we can drop it.
Here is a rundown for November
Multisig. Almost done. I know, I know, it's been forever. We, as a community, have recently come to see how important it is to carefully and formally ensure the correctness of our schemes before proceeding. Multisig is a delicate thing because a naively implemented multisig can reveal information about the participants.
I'm finishing vetting key creation today, finishing signatures tomorrow and the next day. Then I'm passing the result off to moneromooo and luigi to ensure that my description of their code is accurate up to their understanding. Then onto Sarang for final reviews before submission, hopefully by the end of the month. I have my life until Sunday evening blocked off to finish this. A copy of the document will be made available to the community ASAP (an older version is on my github), after more checking and writing is completed.
This whitepaper on multisig will be broken into two papers: one will be intended for peer review describing multi-ring signatures, and one will be a Monero Standard. More about that later...
RTRS RingCT column-linkability and amortization. You may say "what? I thought we were putting RTRS RingCT on the back burner?" Well, I'm still think ing about amortization of signatures. I'm thinking it will be possible (although perhaps not feasible) for miners to include amortized signatures upon finding new blocks. This would allow users to cite an amortized signature for fast verification, but has some possible drawbacks. But more exciting, I'm also chatting with Tim Ruffing, one of the authors on the RTRS RingCT papers: he thinks he has a solution to our "linkability by columns" problem with MLSAG and RingCT. Currently we try to avoid using more than one ring signature per recipient. This avoids linking distinct outputs based on bundling of these ring signatures. Ruffing believes RTRS RingCT can be tweaked to prove several commitments in a vector of commitments; this would allow a single RTRS RingCT to be computed and checked for each output being spent.
Once all the details are checked, I'll write up a document and make a copy of it available to the community. If it works, of course.
Consequences of bulletproofs. In my last end-of-month update I hinted at issues with an exponential space-time trade-off in RTRS RingCT. Due to the speed and space savings with bulletproofs, it may now be feasible to implement RTRS RingCT. With improved verification time savings with bulletproofs we can relax our requirements for verification times for signatures. This will allow the slightly longer verification times of RTRS RingCT to be counter-acted. Solving the problem "what ring sizes can we really get away with?" involves some modeling and solving some linear programming problems (linear programming, or linear optimization, is an anachronistically named area of applied mathematics involved with optimizing logistic problems... see here for more information).
Hence, we will be inserting bulletproofs into Monero with low friction, and then we will look into the logistics of moving to RTRS RingCT.
Monero Standards. Right now, we don't have a comprehensive list of how Monero works, all the various primitives and how they all fit together. Sarang and I have begun working on some Monero Standards that are similar to the original Cryptonote Standards (see here for more information). For each standard, from our hash function on upward, we will describe the standard, provide a justification for Monero's choices in those standards (complete with references), as well as a list of possible replacement standards. For example, our Monero RingCT Standard should describe the RingCT scheme described by shen, which is essentially a ring signature with linear combinations of signing keys + amount commitments. Under the "possible replacements" section, we would describe both the RTRS RingCT scheme and the doubly efficient zk-snark technology as two separate options.
These standards may take awhile to complete, and will be living documents as we change the protocol over the years. In the meantime, it will make it dramatically easier for future researchers to step into MRL and pick up where previous researchers have left off.
Hierarchical view keys. Exploiting the algebra we currently use for computing one-time keys, the sub-address scheme plays with view keys in a certain way, allowing a user to have one single view key for many wallets. Similarly, we may split a view key into several shares, where each subset of shares can be used to grant partial view access to the wallet. A receiver can request that a sender use a particular basepoint in their transaction key where different subsets of shares of the view key grant access to transactions with different basepoints in their transaction keys. None of these are protocol-level observations, they are wallet-level observations. Moreover, these require only that a receiver optionally specify a basepoint.
In other words: hierarchical view keys are a latent feature of our one-time address scheme that has not seen specific development yet. It's a rather low priority compared to the other projects under development; it grants users fine-grained control over their legal compliance, but Monero Standards will have great long-term impact on development and research at Monero.
Criticisms. Monero has suffered some recent criticisms about our hash function. I want to briefly address them.
First, I believe part of the criticism came from a confusion between Keccak3, SHA-3, and Keccak: we have never claimed to use SHA-3 as our hash function, we have only used the Keccak3 hash function, which is a legacy choice inherited from the original CryptoNote reference code. Many developers confuse the two, but Keccak3 was the hash function on which SHA-3 is based. In particular, the Keccak sponge construction can be used to fashion lots and lots of primitives, all of which could fairly be called "Keccak:" both Keccak3 and SHA-3 are Keccak constructions. This may be a subtle nomenclature issue, but it's important because a good portion of our criticisms say "Hey, they aren't using SHA-3!"
Second, I believe part of the criticism also comes from our choice of library, which in my opinion isn't a big deal as long as the library does what it says on the tin. In this case, our hash function is a valid implementation of Keccak3 according to the Keccak3 documentation. The most important criticism, from my point of view, is our choice of pre-SHA-3 Keccak3 as our hash function. Keccak3 underwent lots of analysis during the SHA contest, and Keccak3 is a well-vetted hash funtion. However, it has not been chosen as an international standard. There is a sentiment in the cryptocurrency community to distrust standards, which is probably a healthy sentiment. In this case, however, it means that our choice of hash function is not likely to be supported in common, well-vetted libraries in the future. Moreover, since SHA-3 is an international standard, it shall be undergoing heavy stress testing over the coming decades, a benefit Keccak3 shall not enjoy.
Last month, after some discussions, we made changes to our choice of PRNG in Monero to match the PRNG for Bitcoin. There has since been some discussions instantiated by anonimal about this choice of PRNG. We at MRL are doing our best to assist the core team in weighing the relative costs and benefits of switching to a library like crypto++, and so we believe these criticisms fall into the same category. We intend to address these issues and make formal recommendations in the aforementioned Monero Standards. Sorry for using the word aforementioned.
Things that didn't move much include a) educational outreach, b) SPECTRE, c) anti-ASIC roadmap, d) refund transactions. Most of which was on hold to complete multisig.
As far as educational outreach, I contacted a few members of a few math/cs depts at universities around me, but I haven't gotten anything hopeful yet. I wanted to go local (with respect to me) to make it easier to organize, but that's looking less likely. No matter how enthusiastic of a department we find, garnering participation from faculty members, beginning an application process for new students, squirelling up funding, working out logistics of getting teachers or lecturers/speakers from point A to point B, where to stash students, etc would be a challenge to finish before, say, July. And some schools start their fall semesters in mid-August. So I'm thinking that Summer 2019 is reasonable as the first Monero Summer School... and would be a real fun way to finish off a two-year post-doc!
December plan. I am going to finish multisig, and then finish the zk-lit review with Jeffrey Quesnelle, since these are both slam dunks. Any other time in December I have will be devoted to a) looking into the logistics of using the bulletproofs + RTRS RingCT set-up, b) reading the new zk-stark paper and assessing its importance for Monero, c) beginning work on Monero Standards, which includes addressing our hash function criticisms, our PRNG, etc.
Thank you again! This is an incredible opportunity, and this community is filled with some smart cookies. Every day is a challenge, and I couldn't ask for a more fun thing to be doing with my life right now. I'm hoping that my work ends up making Monero better for you.
submitted by snoether to Monero [link] [comments]

Things I Considered Before Investing into Sia (very bullish) :)

I wrote this up as a comment to a post regarding a hedgefund manager explaining innovation gaps in the crypto space (though I've done some slight editing). I have been thinking A LOT about Sia from an investment perspective but also on how cool the technology is and how it will benefit the cloud storage industry in the long-term.
I have been in crypto for some time but I have been geeking out on Sia for the past 1.5 months and here are some things I considered while researching Sia before investing into SC and the Obelisk miner (if you see anything that needs correcting, please let me know!):
1) Huge & Growing Market: the cloud storage market is roughly $60 - 75B at the moment and most of the data in the world was created in the past 2-3 years. We are creating more and more data each year and there are plenty of new sources of massive data creation: Internet of Things (IoT), higher-resolution video/images, analytics data, etc. Even if Sia doesn't become the standard method of storing in the future, even taking 10 - 20% of an estimated $100 - 150B market (in 3-5 years) means massive growth for Sia as a whole.
2) Easy to Explain but with a Paradigm Shift: I was fortunate to get into the Ethereum presale with only a very basic understanding of how blockchain tech worked (from Bitcoin) and happened to listen to a friend who told me to put a small chunk in for shits & giggles. As Ethereum grew, I would try to explain to my friends what Ethereum is and truth be told, there is no quick and easy ELI5 for Ethereum, especially to non-technical people. Sia does not have this problem.
Sia and cloud storage is easy to explain because almost anyone who doesn't live in Amish Pennsylvania is storing some amount of data (on the cloud or locally, but they understand the concept of cloud storage). Of course, Sia offers next generation value which takes a true paradigm shift for mass adoption. A decentralized network is something most people have a hard time wrapping their heads around. If you told someone to blindly put all of their data on the Sia network and then after the fact, told them their files were broken down into smaller chunks and stored across many different computers (other people's especially) across the world, they would panic in fear of their data being compromised. As people become more and more comfortable with decentralized and/or blockchain technology, things will start to tilt towards Sia's favor.
3) ~90% Reduction in Cost of Storage: the targeted price according to the Sia team is $2/TB/month but it will be an open market so ultimately supply&demand will control pricing. Let's assume that the price per TB/month stays consistent around $2. That would mean ~90% reduction in costs as compared to current options (S3 from Amazon, Google Drive, Dropbox, etc). For the average consumer, cost of storage may not play as big of a role in adoption as compared to enterprise companies who must always focus on their bottom line. Either way, cost does play a role for both consumer or enterprise based on the value you're getting. If the value is the same or better (IMO Sia will be a better option), then it's a no-brainer.
4) Path to Mass Adoption: since Sia is an open-sourced network, no one technically owns it. Of course, the Sia team is leading the way in terms of development but there are several developers who work on Sia for fun or to build their dev chops but no single party owns Sia as a whole. The Sia CEO, David Vorick, has mentioned that he anticipates mass adoption through APIs and more of a backend connection as opposed to having a front-end product like Dropbox/Box/S3. Since those products are already built out, it would be an uphill battle for the Sia team to compete and have a front-end product. Rather, what can be seen as valuable to the cloud storage giants is to move all of their customers' data storage to the Sia network for purely the cost-reduction. Of course, this is a big if but I see it as a clear potential path to mass adoption.
Since Sia is focused on enterprise cloud storage, security and speed will be two critical pieces and the Sia team has made this a big part of their roadmap (the Obelisk ASIC is a step up from GPU mining but nowhere near perfect). It's also extremely refreshing having worked in software startups for some time to see an actual product roadmap (rarity in the crypto world).
5) Solid Devs: in these days of ICOs and people getting burned left and right, it's incredibly refreshing to see a team that has both the skill set to build out this vision & the transparency needed to build trust with early adopters. I have been following many subreddits for several cryptos and nothing compares to the level of engagement from the Sia CEO, David, and their VP of Ops, Zach.
Do not take this for granted as it's a rarity in this space. I urge every newcomer to take a deep look into all available resources (the SiaWiki, whitepaper, FAQs, etc), download the Sia Wallet and play around with it. After doing so, ask questions to the community as many will be more than happy to answer questions (but doing your own research first is greatly appreciated). You'll most likely get a response from the Sia CEO, David, if you tag him in a post (his username is u/Taek42), too (thanks David - your engagement with the community is greatly appreciated!!!).
6) Needed Security & Privacy: more and more, we see headlines of ransomware, DDOS and other malicious cyber attacks. Especially now that the NSA's tools are out in the open, it's becoming a scary world to protect yourself and your data. Sia (at fully built-out product) provides a much higher level of security than your current options. Your files are split into many chunks and split across many hosting nodes, making an attack on any one node pointless since you would need to piece together all of the other chunks from other nodes. This makes the incentive decrease & the difficulty increase for a malicious attacker to attempt to steal or compromise your data. I recently saw a quick documentary (let's be real, advertisement) by Norton regarding bulletproof hosting and thought of Sia almost the whole time. They talked about a decentralized approach is way better than a bunker (https://www.youtube.com/watch?v=CashAq5RToM).
It's also interesting to note that if you store your data on Dropbox let's say, you are trusting that Dropbox is purely storing your data and nothing more. There's very little stopping current cloud storage companies from accessing your data if they saw a reason for it. Of course, if it came out in public that had happened, consumer trust in Dropbox would diminish and it would not be good for their business. But still, it's important to understand that you are really at the will of these cloud storage companies when you trust them with your data. With Sia, you are the only one with the private key, meaning you are the only one who can piece all of the aforementioned chunks back together to access and view your data. This is a huge improvement for the consumer.
Hope this was helpful to you!
submitted by slugmg12 to siacoin [link] [comments]

RaiBlocks AMA Summary!

I posted this under /cryptocurrency and /cryptomarkets as well! Might be less useful under this subreddit... but I'm using it for purposes of helping people become aware of this coin.
Summation of RaiBlocks lead developer AMA. I'm very excited about this coin, and if you're asking why I did this...I'm trying out my AMA consolidating script that I wrote for fun :) I'm interested in seeing what people think about this coin! You can read the responses directly from this link: https://www.reddit.com/RaiBlocks/comments/7ko5l7/colin_lemahieu_founder_and_lead_developer_of/
 
What are your top priorities atm? Both in developing areas itself and in terms of integration?
 
The top priorities right now are:
These basically need to happen in a sequence because each item isn't useful unless the previous one is complete.
 
 
Do you have any plans to have your source code peer reviewed? By peer review I mean sending your source code down to MIT for testing and review.
Where do you see Raiblocks 5-10 years from now? (For instance do you envision people using a Raiblocks mobile phone app to transfer value between each other, or buy stuff at the store?
 
We definitely need peer and code reviews and we're open to anyone doing this. We have ideas for people in universities that want to analyze the whitepaper or code so we'll see what comes of that. In my opinion code security guarantees can only be given with (eyes * time) and we need both.
I'd like to see RaiBlocks adopted as an internet RFC and basically become an ubiquitous background technology like http. I think you're probably right and a mobile app would be the most user-friendly way to do this so people don't need to carry around extra cards in their wallet etc.
 
 
Is there a list of the team readily available? Are there firm plans to expand, and if so, in which directions?
The roadmap indicated a website redesign scheduled for November 2017. Is there an update?
 
We have about 12 people in the core team; about half are code and half are business developers. On the redesigned website we're going to include bios for sure, no one in our team is anonymous. I think we have pretty good coverage of what we need right now, we could always use more people capable of contributing to the core code.
The website design is well underway, we wanted to streamline and add some more things to it so it took longer than originally estimated. It'll looking like after the new year we'll have it ready.
 
 
Would you ever consider renaming the coin to simply "Rai" or any other simplified form other than RaiBlocks?
2. What marketing strategy do you think will push XRB forward from now on as a fully working product. Instant and free, the green coin, "it just works" coin, etc?
3. Regarding security, is "quantum-proofing" a big concern at the moment and how do you guys plan to approach this when the time comes. And how possible would it be for bad actors to successfully implement a 51% attack.
 
  1. Yea there are a few difficulties people have pointed out with our name. People don't know if it's "ray" or "rye". "Blocks" doesn't have a meaning to a lot of people and the name reference might be too esoteric to be meaningful. I'm not prideful so I'm not stuck on a particular name, we'll take a look at what our marketing and business developers say peoples' impressions are and if they have any naming recommendations.
  2. Our marketing strategy is to focus on complete simplicity. Instant and free resonates with enthusiasts and mass adoption will only come when using xrb is absolutely the same experience as using a banking or other payment app. People aren't going to tolerate jargon or confusing workflows when sending or receiving payments.
  3. Quantum computing is going to be an amazing leap for humanity but it's also going to cause a lot of flux in cryptography. The plan I see is the similar to what I did in selecting the cryptographic algorithms we're using right now: look for leaders in academia and industry that have proven implementations and use those as they recommend migration based on computing capability. Quantum vulnerabilities can be an issue in the future but a vulnerable implementation would be an issue right now.
 
 
Hi Colin, lately XRB has been getting frequently compared to and contrasted with Iota. I was hoping that you could give us your thoughts on the differences between the two and what your general vision for the future of Raiblocks is.
 
It's flattering to be compared to IOTA, they have a very talented team building ambitious technology. When looking at design goals I think one thing we're not attempting to approach is transferring a data payload, we're only looking to be a transfer of value.
There are lots of ideas and technology to be developed in the cryptocurrency space and I want RaiBlocks to solve one section of that industry: the transfer of value. I think the best success would be if RaiBlocks was adopted as the global standard for this and crypto efforts could move to non-value-transfer use-cases.
 
 
Do you see XRB becoming the new payment method for commerce. As in, buying coffee, groceries, etc? Do you have plans for combating the HODL mentality so this currency can actually be used in the future of buying and selling?
 
Being a direct transactional payment method is our goal and we're trying to build software that's accessible to everyone to make that happen. I see holding as a speculative tactic anticipating future increases and you're right, it's not in line with day-to-day transactions. I think as market cap levels off to a more consistent value the reason for holding and speculating goes away and people can instead focus on using it as a value exchange.
 
 
Are you planning to expand the RaiBlocks team over the next 12 months? If so, what types of positions are you hoping to fill?
 
Right now we have about 12 people, half core and half business developers. I think this count is good for working on what we're doing right now which is getting wallets and exchanges worked on. Ideally people outside our team will start developing technology around xrb taking advantage of the network effect to build more technology faster than we could internally. That being said we're going to look in a few months to see if there's anything out there people aren't developing that should be and we'll see what people we need to make it happen.
 
 
At what point did you make the decision to make RaiBlocks your full time job? What was the decision making process like?
 
It was after the week where the core team met here in Austin to brainstorm our next steps. I saw how much enthusiasm there was from crypto-veterans with having a working system capable of being scaled up to what's needed for massive adoption and it seemed the risk needed to be taken.
It was hard decision to make, working in the crypto and finance is rough and I like using my leisure time to work on inventions. Of all the projects ideas I have this one seemed to have a high chance of success and the benefits of having a working, decentralized currency would be huge.
 
 
Hi Colin, what prevents great cryptos like XRB from being listed on bigger exchanges?
 
It's good to understand where the biggest headaches for exchanges lie: support tickets, operations, and development. If a technology is different from what they already have, that takes development time. If the software is new and not widely run, that's potential operations time to fix it which results in support tickets and community backlash. Adding BitCoin clones or Ethereum ICO coins is easy because they don't have these associated risks or costs.
 
 
What can the average RaiBlocks-Fan do to help XRB getting adopted / growing / expanding?
 
I think the best thing an average fan could do is word of mouth and telling people about RaiBlocks. More people being aware of it means there's the possibility someone who's never heard of it before would be interested in contributing as a vendor, developer, exchange etc.
Good advertising or marketing will never be able to reach everyone as well as someone reaching out within their own network.
 
 
Ray or Rye?
 
Ray hehe. It comes from https://en.wikipedia.org/wiki/Rai_stones Lots of people don't know the answer though >_<
 
 
Are you looking at incorperating a datamarket like iota in the future? Given the speed of the network a data exchange for highly accurate sensors could be a game changer.
Further more, are there any plans to increase the Dev team in the future? I read on the FAQ you'd like RaiBlocks to be somewhat of a protocol which is a huge ambition. A Dev from say the Mozilla foundation or other could further cement this ambitious project.
 
Transmitting data payloads is something we probably won't pursue. The concern is adding more features like this could cause us to make decisions that compromise the primary focus points of low-cost and speed for transferring value.
We can add people to the dev team though I think we'll get the most traction by teaching teams in these other organization how to use RaiBlocks so they can be the experts on the subject in their companies.
 
 
Does the actual RaiBlocks version require "Each node in the network must be aware of all transactions as they occur" part? This was in the old white paper and is asked here:
https://www.reddit.com/RaiBlocks/comments/7ksl81/some_questions_regarding_raiblocks_consensus/?st=jbdmgagc&sh=d1c93cca
 
If a node wants to independently know the balances of all accounts in the system, it must at a minimum have storage to hold accounts and all their balances. In order to know all balances it must either listen to transactions as they're happening or bootstrap from someone else to catch up as what happens on startup.
 
 
There is no incentive to run nodes. Some people will do it because it is cheap as fuck (as I read an raspberry pie can run it). But I think not many people will do it.
1. How important are the nodes in terms of further scaling?
2. On which network conditions where the 7000 transactions met?
3. What happens if the transactions per day tenfolds but the nodes don't?
4. How much better will Rai scale if someone sets up, lets say, 100 nodes with awesome hardware and network?
5. How many nodes could be enough for visa level scaling?
6. Which further improvements can be made for Rai IF there needs to be other improvements than setting up new nodes? Are there other concepts like 2nd layer solutions planned?
7. How will Rai defend network attacks?
I know there is an PoW part. But since there a also large attacks on high cap coins on which people invest millions of $ to congest a network..Is it possible that the Rai network will be unusable for several days because of this?
 
I think the out-of-protocol incentives to running a node are under-referenced yet I see them as the primary driving factor for participating as a whole. Node rewards come at the expense of other network participants and in this closed loop the incentives aren't enough to keep a cryptocurrency alive. Long-term there needs to be a system-level comparative advantage to what people are already using for a transfer of value. If someone is using xrb and it saves them hundreds or thousands of dollars per month in fees and customer irritation in delayed payments, they have a direct monetary incentive to using xrb and a monetary incentive in the health of the system.
1) More nodes provides transaction and bootstrapping redundancy. More representatives provides decentralization.
2) The 7k TPS was a profile how fast commodity hardware could eat transactions. All of the real-world limits are going to be something hardware related, either bandwidth, IO, or CPU.
3) The scaling is more related to the hardware the nodes are using rather than the node count. If there was 10x increase in transactions it would use 10x the bandwidth and IO as nodes observe transactions happening.
4) If someone made 100 representative nodes the network would be far more decentralized though the tx throughput would be unchanged since that's a per-node requirement.
5) Scaling to Visa will have high bandwidth and IO requirements on representatives associated with doing 10k IOPS. Datacenter and business class hardware will have to be enough to handle the load.
6) Second layer solutions are always an option and I think a lot of people will use them for fraud protection and insurance. Our primary focus is to make the 1st layer as efficient and high speed as possible so a 2nd layer isn't needed for daily transactions.
7) Defending against network attacks will be an ongoing thing, people like breaking the network for lulz or monetary gain i.e. competing cryptos. If there are attacks we haven't defended against or considered it'll be a matter of getting capable people to fix issues.
 
 
Are you open to changes to the name? (Rai)
What are your plans with regards to marketing?
 
I'm open to it, people get confused on ray/rye pronunciation, not the greatest first impression.
As far as timing I think marketing works best after a more user friendly wallet and integration in to more exchanges otherwise we're sending traffic to something people can't use. We're going to start by focusing on the initial adopters which will likely be enthusiasts and going forward work on the next set of users that aren't enthusiasts but want to drive savings for their business through lower payment processing costs.
 
 
A recent tweet(https://twitter.com/VitalikButerin/status/942961006614945792) from Vitalik Buterin. Could this be a case with testing the scalability of RaiBlocks as well and in reality we wouldn't come close to 7000tx/s?
 
I think he's definitely right, a lot of the TPS numbers are synthetic benchmarks usually on one system. The biggest thing hindering TPS are protocol-specific limits like hard caps or high contention design. The next biggest thing will be bandwidth and then disk IO. Some of these limits can be improved by profiling and fixing code instead of actual limits in the hardware.
We want to get better, real world numbers but our general opinion is that the RaiBlocks protocol is going to be limited by hardware, rather than design.
 
 
Are you planning to add a fiat gateway to the main website and mobile wallet?
 
If we can make it happen for sure, that seems like a very user-focused feature people would want.
The difficulty at least in the US is the money-transmitter licenses which are hard to obtain. More than likely if this functionality was added it'd be a partnership with an established financial company that has procedures in place to operate within countries' regulations.
 
 
I saw a post on /iota that claims that their quantum resistance is a main benefit over raiblocks. Can you go into detail about this? explain any plans you have to let XRB persevere through upcoming quatum revolution?
 
I think everyone with cryptography in their programs is keeping an eye on quantum cryptography because we're all in the same boat. I don't have cryptanalysis credentials so I didn't feel comfortable building an implementation and instead chose to use one off-the-shelf from someone with assuring credentials.
There are some big companies that have made small mistakes that blow up the usefulness of the entire algorithm, it's incredibly easy to do. https://arstechnica.com/gaming/2010/12/ps3-hacked-through-poor-implementation-of-cryptography/
 
 
Hello Colin, is any security audit to the source code planned?
 
We don't have one contracted though both internally and externally this is an important thing people want completed.
 
 
Do you have plans to radically change the interface of the desktop wallet, and to develop a universal, cross-platform, clean and simple UX design for the wallet? This will be huge for mass adoption in my humble opinion
 
I completely agree, we do plan on completely redoing the desktop wallet, both from a UX standpoint and maintainability so UI code doesn't need to be in C++. This could also remove out dependency on QT which is the least permissive license in the code right now.
I write code better than I design GUIs ;)
 
 
It seems like Raiblocks is aiming to be a true currency with it's lacking of transaction fees and fast confirmation times, which is great! If Raiblocks can add some kind of support for privacy then I think it got the whole picture figured out in terms of being "digital cash". Do you currently have any plans to implement privacy features into RaiBlocks?
If Raiblocks is unable to do this, it will still be a straight improvement over things like LTC which are currently being used as currency, but I don't think it will be able to become THE cryptocurrency without privacy features.
 
I love the concept of privacy in the network and it's a hard thing to do right. Any solution used would need to be compatible with our balance-weighted-voting method which means at least we'd have to know how much weight a representative has even if we're hiding actual account balances.
To be fully anonymous it would have to be hide accounts, amounts, endpoints, and also timing information; with advanced network analysis the timing is the hardest thing to hide. Hopefully some day we can figure out an efficient privacy solution though the immediate problem we can solve is making a transactional cryptocurrency so we're focusing on that.
 
 
Could you provide an analysis on the flaws of RaiBlocks? Is it in any way, shape, or form at a disadvantage compared to a blockchain based ledger like bitcoin? There has to be drawbacks, but I haven’t found any.
Do you plan on expanding the dev team and establishing a foundation? Also, how much money is in the development pool?
 
One drawback is to handle is our chain-per-account model and asynchronous updates it takes more code and design. This means instead of one top-block hash for everything there's one for each account. This gives us the power of wait-free asynchronous transactions at the cost of simplicity.
After we finish up things like the wallet, website, and exchange integration we'll be looking at seeing what dev resources we need to build tech if no one else is already working on a particular thing. We have about 6 million XRB right now so we've made the existing dev funds go a long way. If something expensive to build came along and dev funds wouldn't cut it we could look at some sort of external funding.
 
 
How big of a problem is PoW for exchanges and what are potential solutions?
 
Considering how much exchanges stand to make through commission I don't see the cost as a barrier, it's just an abnormal technology request compared to other cryptocurrencies.
We're working on providing a service exchanges can use in the interim until they set up their own infrastructure to generate the work. Other options are containers people can use on cloud services to get the infrastructure they need until they want to invest in their own.
 
 
It's my understanding that since everything works asynchronously, in the case of double spending there is a chance a merchant would receive the block that would be later invalidated and have it shown in it's wallet, even if a little later (1 minute?) the amount would correct when the delegates vote that block invalid. Is there any mechanism to avoid this? Maybe tag the transactions in the wallet as "confirming" and then "confirmed" after that minute? Is there actually any certain way for a wallet to know, in a deterministic/programable way, at what moment a transaction is 100% legit? (for example if the delegates are DoS'ed I guess that minute could be much longer). I know this is an improbable case, but still...
 
Yea you're hitting a good point, the consensus algorithm in the node is designed to wait for the incoming transaction to settle before accepting it in to the local chain for the exact reason you listed, if their transaction were to be rolled back the local account would be rolled back as well.
We can trend the current weight of all representatives that are online and voting and make sure we have >50% of the vote weight accounted for before considering it settled.
 
 
Hey Colin, will you eventually have support for a Trezor or other hard wallet?
 
Yea we'll definitely work with companies like Trezor that are interested in being a hardware wallet for xrb. It's just a matter of making sure they support the signing algorithms and integrating with their API.
 
EDIT: I'm getting a lot of messages asking me how to buy XRB. I used this guide which was very helpful: https://www.reddit.com/RaiBlocks/comments/7i0co0/the_definitive_guide_to_buying_and_storing/
In short -- buy BTC on coinbase, open up an account on bitgrail, transfer that BTC from coinbase to bitgrail, then trade your BTC for XRB. It's a pain right now because it's such a new coin, but soon it will be listed on more exchanges, and hopefully on things like shapeshift/changelly. After that it will be much easier... but until then, the inconvenience is what we have to pay in order to get into XRB while its still early.
EDIT: BAD SCRIPT, BAD!
submitted by atriaxx to RaiBlocks [link] [comments]

Mining has tripled from a year ago, the chips added cost $300M+. Now the network uses at least 300MW of electricity continuously at a cost of $50M/year. This is about what a city of 200k Americans use.

tl;dr: Bitcoin network is running on at least 230k Antminer S9s, using 320MW (~$50M/year), with $345M worth of chips coming online in the past year.
Someone check my napkin math, I was looking at hashrate charts and just started writing stuff.
Antminer S9 is the most efficient and popular miner right now so I'm using their stats. I expect efficiency to improve marginally in the future but at a much reduced rate.
$2,200 capital cost 13.5 TH/s 1400 W 104 J/TH
Network hash rate is 3,155,225 TH/s. If we go with a conservative estimate of power consumption, lets assume the entire network is Antminer S9. This gives 232,000 Antminers, which would use 327MW, for a total consumption of 2,866,000,000 kWh/year. The scale is sort of crazy to think about, the network uses about 10% of the electricity generated by some of the worlds biggest hydroelectric plants. It's not insignificant, but it's going to have to grow a lot to be noticeable at the world scale.
The average American uses 1,380 watts. So instead of running the bitcoin network, you could run a city that provides for 237k Americans.
This means 1 bitcoin represents roughly the consumption of 1/89th of an American. Consumption is roughly the same order of magnitude as production, so lets just say that a bitcoin is 1/100th the output of the average American, including all children and unemployed people. So if you own 100 bitcoins you basically own the equivalent production of a human being, in that the bitcoin commands a certain fraction of continuous energy expenditure in the form of hashpower. After all what is human labor except for skilled energy expenditure? (Not totally serious about this, it's fun to abuse units.)
Maybe the more interesting story is the real money expenses. Here things are a little bit more fuzzy because we don't know what it actually costs bitmain to make an S9. Regardless, we can assume that facility costs add a little, and use $2,200 as an estimate for capex necessary to get one operational.
Hash rate has tripled since a year ago. This means at minimum, 157k S9s have come online in the past year. Using $2,200, this is capex of $345M. (Important to note, part of bitcoin's security is that these chips are specific purpose SHA256(SHA256()), so this capex can't just flee to mining ethereum or something, it's in bitcoin for the long haul.)
The electricity costs are also pretty fuzzy, in America it's ~$0.12/kWh on average, in China it can be $0. If you use American retail average, this is another $340M a year (this is ridiculous, don't quote me on this, no miners are using PG&E). If you take a conservative estimate of $0.02kWh, you still get $57M.
I don't know how to estimate the cooling costs, maybe someone can just let me know if it's significant relative to the chip usage. If it's 1% of what the chips use then meh, but if it's 2x what the chips use then I'll put more effort into estimating it.
Hopefully this gives you some ammunition for the next time someone asserts that bitcoin is ethereal or can vanish like tulips. Tulips don't run on hundreds of thousands of computers in datacenters around the world using the electricity of a small country.
submitted by Polycephal_Lee to BitcoinMarkets [link] [comments]

Bitcoin, huh? WTF is going on? Should we scale you on-chain or off-chain? Will you stay decentralized, distributed, immutable?

0. Shit, this is long, TLWR please! Too long, won't read.
EDIT: TLDR TLWR for clarity.
1. Bitcoin, huh? Brief introduction.
There are 3 sections to this overview. The first section is a brief introduction to bitcoin. The second section looks at recent developments in the bitcoin world, through the analogy of email attachments, and the third section discusses what could be next, through the perspective of resilience and network security.
This is just a continuation of a long, long, possibly never-ending debate that started with the release of the bitcoin whitepaper in 2008 (see https://bitcoin.org/bitcoin.pdf). The recent mess during the past few years boils down to the controversy with the block size limit and how to appropriately scale bitcoin, the keyword appropriately. Scaling bitcoin is a controversial debate with valid arguments from all sides (see https://en.bitcoin.it/wiki/Block_size_limit_controversy).
I have researched, studied, and written this overview as objectively and as impartially as possible. By all means, this is still an opinion and everyone is advised to draw their own conclusions. My efforts are to make at least a few readers aware that ultimately there is only one team, and that team is the team bitcoin. Yes, currently though, there are factions within the team bitcoin. I hope that we can get beyond partisan fights and work together for the best bitcoin. I support all scaling proposals as long as they are the best for the given moment in time. Personally, I hate propaganda and love free speech as long as it is not derogatory and as long as it allows for constructive discussions.
The goal of this overview is to explain to a novice how bitcoin network works, what has been keeping many bitcoin enthusiasts concerned, and if we can keep the bitcoin network with three main properties described as decentralized, distributed, immutable. Immutable means censorship resistant. For the distinction between decentralized and distributed, refer to Figure 1: Centralized, decentralized and distributed network models by Paul Baran (1964), which is a RAND Institute study to create a robust and nonlinear military communication network (see https://www.rand.org/content/dam/rand/pubs/research_memoranda/2006/RM3420.pdf). Note that for the overall network resilience and security, distributed is more desirable than decentralized, and the goal is to get as far away from central models as possible. Of course, nothing is strictly decentralized or strictly distributed and all network elements are at different levels of this spectrum.
For those unaware how bitcoin works, I recommend the Bitcoin Wikipedia (see https://en.bitcoin.it/wiki/Main_Page). In short, the bitcoin network includes users which make bitcoin transactions and send them to the network memory pool called mempool, nodes which store the public and pseudonymous ledger called blockchain and which help with receiving pending transactions and updating processed transactions, thus securing the overall network, and miners which also secure the bitcoin network by mining. Mining is the process of confirming pending bitcoin transactions, clearing them from the mempool, and adding them to blocks which build up the consecutive chain of blocks on the blockchain. The blockchain is therefore a decentralized and distributed ledger built on top of bitcoin transactions, therefore impossible to exist without bitcoin. If someone claims to be working on their own blockchain without bitcoin, by the definition of the bitcoin network however, they are not talking about the actual blockchain. Instead, they intend to own a different kind of a private database made to look like the public and pseudonymous blockchain ledger.
There are roughly a couple of dozen mining pools, each possibly with hundreds or thousands of miners participating in them, to several thousand nodes (see https://blockchain.info/pools and https://coin.dance/nodes). Therefore, the bitcoin network has at worst decentralized miners and at best distributed nodes. The miner and node design makes the blockchain resilient and immune to reversible changes, making it censorship resistant, thus immutable. The bitcoin blockchain avoids the previous need for a third party to trust. This is a very elegant solution to peer-to-peer financial exchange via a network that is all: decentralized, distributed, immutable. Extra features (escrow, reversibility via time-locks, and other features desirable in specific instances) can be integrated within the network or added on top of this network, however, they have not been implemented yet.
Miners who participate receive mining reward consisting of newly mined bitcoins at a predetermined deflationary rate and also transaction fees from actual bitcoin transactions being processed. It is estimated that in 2022, miners will have mined more than 90% of all 21 million bitcoins ever to be mined (see https://en.bitcoin.it/wiki/Controlled_supply). As the mining reward from newly mined blocks diminishes to absolute zero in 2140, the network eventually needs the transaction fees to become the main component of the reward. This can happen either via high-volume-low-cost transaction fees or low-volume-high-cost transaction fees. Obviously, there is the need to address the question of fees when dealing with the dilemma how to scale bitcoin. Which type of fees would you prefer and under which circumstances?
2. WTF is going on? Recent developments.
There are multiple sides to the scaling debate but to simplify it, first consider the 2 main poles. In particular, to scale bitcoin on blockchain or to scale it off it, that is the question!
The first side likes the idea of bitcoin as it has been until now. It prefers on-chain scaling envisioned by the bitcoin creator or a group of creators who chose the pseudonym Satoshi Nakamoto. It is now called Bitcoin Cash and somewhat religiously follows Satoshi’s vision from the 2008 whitepaper and their later public forum discussions (see https://bitcointalk.org/index.php?topic=1347.msg15366#msg15366). Creators’ vision is good to follow but it should not be followed blindly and dogmatically when better advancements are possible, the keyword when. To alleviate concerning backlog of transactions and rising fees, Bitcoin Cash proponents implemented a simple one-line code update which increased the block size limit for blockhain blocks from 1MB block size limit to a new, larger 8MB limit. This was done through a fork on August 1, 2017, which created Bitcoin Cash, and which kept the bitcoin transaction history until then. Bitcoin Cash has observed significant increase in support, from 3% of all bitcoin miners at first to over 44% of all bitcoin miners after 3 weeks on August 22, 2017 (see http://fork.lol/pow/hashrate and http://fork.lol/pow/hashrateabs).
An appropriate scaling analogy is to recall email attachments early on. They too were limited to a few MB at first, then 10MB, 20MB, up until 25MB on Gmail. But even then, Gmail eventually started using Google Drive internally. Note that Google Drive is a third party to Gmail, although yes, it is managed by the same entity.
The second side argues that bitcoin cannot work with such a scaling approach of pre-meditated MB increases. Arguments against block size increases include miner and node centralization, and bandwidth limitations. These are discussed in more detail in the third section of this overview. As an example of an alternative scaling approach, proponents of off-chain scaling want to jump to the internally integrated third party right away, without any MB increase and, sadly, without any discussion. Some of these proponents called one particular implementation method SegWit, which stands for Segregated Witness, and they argue that SegWit is the only way that we can ever scale up add the extra features to the bitcoin network. This is not necessarily true because other scaling solutions are feasible, such as already functioning Bitcoin Cash, and SegWit’s proposed solution will not use internally integrated third party as shown next. Note that although not as elegant as SegWit is today, there are other possibilities to integrate some extra features without SegWit (see /Bitcoin/comments/5dt8tz/confused_is_segwit_needed_for_lightning_network).
Due to the scaling controversy and the current backlog of transactions and already high fees, a third side hastily proposed a compromise to a 2MB increase in addition to the proposed SegWit implementation. They called it SegWit2x, which stands for Segregated Witness with 2MB block size limit increase. But the on-chain scaling and Bitcoin Cash proponents did not accept it due to SegWit’s design redundancy and hub centralization which are discussed next and revisited in the third section of this overview. After a few years of deadlock, that is why the first side broke free and created the Bitcoin Cash fork.
The second side stuck with bitcoin as it was. In a way, they inherited the bitcoin network without any major change to public eye. This is crucial because major changes are about to happen and the original bitcoin vision, as we have known it, is truly reflected only in what some media refer to as a forked clone, Bitcoin Cash. Note that to avoid confusion, this second side is referred to as Bitcoin Core by some or Legacy Bitcoin by others, although mainstream media still refers to it simply as Bitcoin. The core of Bitcoin Core is quite hardcore though. They too rejected the proposed compromise for SegWit2x and there are clear indications that they will push to keep SegWit only, forcing the third side with SegWit2x proponents to create another fork in November 2017 or to join Bitcoin Cash. Note that to certain degree, already implemented and working Bitcoin Cash is technically superior to SegWit2x which is yet to be deployed (see /Bitcoin/comments/6v0gll/why_segwit2x_b2x_is_technically_inferior_to).
Interestingly enough, those who agreed to SegWit2x have been in overwhelming majority, nearly 87% of all bitcoin miners on July 31, 2017 prior to the fork, and a little over 90% of remaining Bitcoin Core miners to date after the fork (see https://coin.dance/blocks). Despite such staggering support, another Bitcoin Core fork is anticipated later in November (see https://cointelegraph.com/news/bitcoin-is-splitting-once-again-are-you-ready) and the "Outcome #2: Segwit2x reneges on 2x or does not prioritize on-chain scaling" seems to be on track from the perspective of Bitcoin Core SegWit, publicly seen as the original Bitcoin (see https://blog.bridge21.io/before-and-after-the-great-bitcoin-fork-17d2aad5d512). The sad part is that although in their overwhelming majority, the miners who support SegWit2x would be the ones creating another Bitcoin Core SegWit2x fork or parting ways from the original Bitcoin.
In a way, this is an ironic example how bitcoin’s built-in resiliency to veto changes causes majority to part away when a small minority has status quo and holds off fully-consented progress. Ultimately, this will give the minority Bitcoin Core SegWit proponents the original Bitcoin branding, perhaps to lure in large institutional investors and monetize on bitcoin’s success as we have it seen it during the past 9 years since its inception. Recall that bitcoin of today is already a decentralized, distributed, immutable network by its definition. The bitcoin network was designed to be an alternative to centralized and mutable institutions, so prevalent in modern capitalist societies.
Bitcoin Core SegWit group wants to change the existing bitcoin network to a network with dominant third parties which, unlike Google Drive to Gmail, are not internal. In particular, they intend to do so via the lightning network, which is a second layer solution (2L). This particular 2L as currently designed relies on an artificial block size limit cap which creates a bottleneck in order to provide high incentives for miners to participate. It monetizes on backlog of transaction and high fees, which are allocated to miners, not any group in particular. Cheaper and more instantaneous transactions are shifted to the lightning network which is operated by hubs also earning revenue. Note that some of these hubs may choose to monitor transactions and can possibly censor who is allowed to participate in this no longer strictly peer-to-peer network.
We lose the immutability and instead we have a peer-to-hub-to-peer network that is mutable and at best decentralized, and certainly not distributed (see https://medium.com/@jonaldfyookball/mathematical-proof-that-the-lightning-network-cannot-be-a-decentralized-bitcoin-scaling-solution-1b8147650800). For regular day-to-day and recurring transactions, it is not a considerable risk or inconvenience. And one could choose to use the main chain any time to bypass the lightning network and truly transact peer-to-peer. But since the main chain has an entry barrier in the form of artificially instilled high transaction fees, common people are not able to use bitcoin as we have known it until now. Peer-to-peer bitcoin becomes institution-to-institution bitcoin with peer-to-hub-to-peer 2L.
To reiterate and stress, note the following lightning network design flaw again. Yes, activating SegWit and allowing 2L such as lightning allows for lower transaction fees to coexist side by side with more costly on-chain transactions. For those using this particularly prescribed 2L, the fees remain low. But since these 2L are managed by hubs, we introduce another element to trust, which is contrary to what the bitcoin network was designed to do at the first place. Over time, by the nature of the lightning network in its current design, these third party hubs grow to be centralized, just like Visa, Mastercard, Amex, Discover, etc. There is nothing wrong with that in general because it works just fine. But recall that bitcoin set out to create a different kind of a network. Instead of decentralized, distributed, immutable network with miners and nodes, with the lightning network we end up with at best decentralized but mutable network with hubs.
Note that Bitcoin Core SegWit has a US-based organization backing it with millions of dollars (see https://en.wikipedia.org/wiki/Blockstream and https://steemit.com/bitcoin/@adambalm/the-truth-about-who-is-behind-blockstream-and-segwit-as-the-saying-goes-follow-the-money). Their proponents are quite political and some even imply $1000 fees on the main bitcoin blockchain (see https://cointelegraph.com/news/ari-paul-tuur-demeester-look-forward-to-up-to-1k-bitcoin-fees). Contrary to them, Bitcoin Cash proponents intend to keep small fees on a scale of a few cents, which in large volume in larger blockchain blocks provide sufficient incentive for miners to participate.
On the one hand, sticking to the original vision of peer-to-peer network scaled on-chain has merit and holds potential for future value. On the other hand, 2L have potential to carry leaps forward from current financial infrastructure. As mentioned earlier, 2L will allow for extra features to be integrated off-chain (e.g. escrow, reversibility via time-locks), including entirely new features such as smart contracts, decentralized applications, some of which have been pioneered and tested on another cryptocurrency network called Ethereum. But such features could be one day implemented directly on the main bitcoin blockchain without the lightning network as currently designed, or perhaps with a truly integrated 2L proposed in the third section of this overview.
What makes the whole discussion even more confusing is that there are some proposals for specific 2L that would in fact increase privacy and make bitcoin transactions less pseudonymous than those on the current bitcoin blockchain now. Keep in mind that 2L are not necessarily undesirable. If they add features and keep the main network characteristics (decentralized, distributed, immutable), they should be embraced with open arms. But the lightning network as currently designed gives up immutability and hub centralization moves the network characteristic towards a decentralized rather than a distributed network.
In a sense, back to the initial email attachment analogy, even Gmail stopped with attachment limit increases and started hosting large files on Google Drive internally, with an embedded link in a Gmail email to download anything larger than 25MB from Google Drive. Anticipating the same scaling decisions, the question then becomes not if but when and how such 2L should be implemented, keeping the overall network security and network characteristics in mind. If you have not gotten it yet, repeat, repeat, repeat: decentralized, distributed, immutable. Is it the right time now and is SegWit (one way, my way or highway) truly the best solution?
Those siding away from Bitcoin Core SegWit also dislike that corporate entities behind Blockstream, the one publicly known corporate entity directly supporting SegWit, have allegedly applied for SegWit patents which may further restrict who may and who may not participate in the creation of future hubs, or how these hubs are controlled (see the alleged patent revelations, https://falkvinge.net/2017/05/01/blockstream-patents-segwit-makes-pieces-fall-place, the subsequent Twitter rebuttal Blockstream CEO, http://bitcoinist.com/adam-back-no-patents-segwit, and the subsequent legal threats to SegWit2x proponents /btc/comments/6vadfi/blockstream_threatening_legal_action_against). Regardless if the patent claims are precise or not, the fact remains that there is a corporate entity dictating and vetoing bitcoin developments. Objectively speaking, Bitcoin Core SegWit developers paid by Blockstream is a corporate takeover of the bitcoin network as we have known it.
And on the topic of patents and permissionless technological innovations, what makes all of this even more complicated is that a mining improvement technology called ASICboost is allowed on Bitcoin Cash. The main entities who forked from Bitcoin Core to form Bitcoin Cash had taken advantage of patents to the ASICboost technology on the original bitcoin network prior to the fork (see https://bitcoinmagazine.com/articles/breaking-down-bitcoins-asicboost-scandal). This boost saved estimated 20% electricity for miners on 1MB blocks and created unfair economic advantage for this one particular party. SegWit is one way that this boost is being eliminated, through the code. Larger blocks are another way to reduce the boost advantage, via decreased rate of collisions which made this boost happen at the first place (see https://bitcoinmagazine.com/articles/breaking-down-bitcoins-asicboost-scandal-solutions and https://bitslog.wordpress.com/2017/04/10/the-relation-between-segwit-and-asicboost-covert-and-overt). Therefore, the initial Bitcoin Cash proponents argue that eliminating ASICboost through the code is no longer needed or necessary.
Of course, saving any amount electricity between 0% and 20% is good for all on our planet but in reality any energy saved in a mining operation is used by the same mining operation to increase their mining capacity. In reality, there are no savings, there is just capacity redistribution. The question then becomes if it is okay that only one party currently and already holds onto this advantage, which they covertly hid for relatively long time, and which they could be using covertly on Bitcoin Cash if they desired to do so, even though it would an advantage to a smaller degree. To be fair to them, they are mining manufacturers and operators, they researched and developed the advantage from own resources, so perhaps they do indeed have the right to reap ASICboost benefits while they can. But perhaps it should happen in publicly know way, not behind closed doors, and should be temporary, with agreed patent release date.
In conclusion, there is no good and no bad actor, each side is its own shade of grey. All parties have their own truth (and villainy) to certain degree.
Bitcoin Cash's vision is for bitcoin to be an electronic cash platform and daily payment processor whereas Bitcoin Core SegWit seems to be drawn more to the ideas of bitcoin as an investment vehicle and a larger settlement layer with the payment processor function managed via at best decentralized third party hubs. Both can coexist, or either one can eventually prove more useful and digest the other one by taking over all use-cases.
Additionally, the most popular communication channel on /bitcoin with roughly 300k subscribers censors any alternative non-Bitcoin-Core-SegWit opinions and bans people from posting their ideas to discussions (see https://medium.com/@johnblocke/a-brief-and-incomplete-history-of-censorship-in-r-bitcoin-c85a290fe43). This is because their moderators are also supported by Blockstream. Note that the author of this overview has not gotten banned from this particular subreddit (yet), but has experienced shadow-banning first hand. Shadow-banning is a form of censorship. In this particular case, their moderator robot managed by people moderators, collaboratively with the people moderators, do the following:
  • (1) look for "Bitcoin Cash" and other undesirable keywords,
  • (2) warn authors that “Bitcoin Cash” is not true bitcoin (which objectively speaking it is, and which is by no means “BCash” that Bitcoin Core SegWit proponents refer to, in a coordinated effort to further confuse public, especially since some of them have published plans to officially release another cryptocurrency called “BCash” in 2018, see https://medium.com/@freetrade68/announcing-bcash-8b938329eaeb),
  • (3) further warn authors that if they try to post such opinions again, they could banned permanently,
  • (4) tell authors to delete their already posted posts or comments,
  • (5) hide their post from publicly seen boards with all other posts, thus preventing it from being seeing by the other participants in this roughly 300k public forum,
  • (6) and in extreme cases actually “remove” their valid opinions if they slip by uncensored, gain traction, and are often times raise to popularity as comments to other uncensored posts (see /btc/comments/6v3ee8/on_a_reply_i_made_in_rbitcoin_that_had_over_350 and /btc/comments/6vbyv0/in_case_we_needed_more_evidence_500_upvotes).
This effectively silences objective opinions and creates a dangerous echo-chamber. Suppressing free speech and artificially blowing up transaction fees on Bitcoin Core SegWit is against bitcoin’s fundamental values. Therefore, instead of the original Reddit communication channel, many bitcoin enthusiasts migrated to /btc which has roughly 60k subscribers as of now, up from 20k subscribers a year ago in August 2016 (see http://redditmetrics.com/btc). Moderators there do not censor opinions and allow all polite and civil discussions about scaling, including all opinions on Bitcoin Cash, Bitcoin Core, etc.
Looking beyond their respective leaderships and communication channels, let us review a few network fundamentals and recent developments in Bitcoin Core and Bitcoin Cash networks. Consequently, for now, these present Bitcoin Cash with more favorable long-term prospects.
  • (1) The stress-test and/or attack on the Bitcoin Cash mempool earlier on August 16, 2017 showed that 8MB blocks do work as intended, without catastrophic complications that Bitcoin Core proponents anticipated and from which they attempted to discourage others (see https://jochen-hoenicke.de/queue/uahf/#2w for the Bitcoin Cash mempool and https://core.jochen-hoenicke.de/queue/#2w for the Bitcoin Core mempool). Note that when compared to the Bitcoin Core mempool on their respective 2 week views, one can observe how each network handles backlogs. On the most recent 2 week graphs, the Y-scale for Bitcoin Core is 110k vs. 90k on Bitcoin Cash. In other words, at the moment, Bitcoin Cash works better than Bitcoin Core even though there is clearly not as big demand for Bitcoin Cash as there is for Bitcoin Core. The lack of demand for Bitcoin Cash is partly because Bitcoin Cash is only 3 weeks old and not many merchants have started accepting it, and only a limited number of software applications to use Bitcoin Cash has been released so far. By all means, the Bitcoin Cash stress-test and/or attack from August 16, 2017 reveals that the supply will handle the increased demand, more affordably, and at a much quicker rate.
  • (2) Bitcoin Cash “BCH” mining has become temporarily more profitable than mining Bitcoin Core “BTC” (see http://fork.lol). Besides temporary loss of miners, this puts Bitcoin Core in danger of permanently fleeing miners. Subsequently, mempool backlog and transaction fees are anticipated to increase further.
  • (3) When compared to Bitcoin Cash transaction fees at roughly $0.02, transaction fees per kB are over 800 times as expensive on Bitcoin Core, currently at over $16 (see https://cashvscore.com).
  • (4) Tipping service that used to work on Bitcoin Core's /Bitcoin a few years back has been revived by a new tipping service piloted on the more neutral /btc with the integration of Bitcoin Cash (see /cashtipperbot).
3. Should we scale you on-chain or off-chain? Scaling bitcoin.
Let us start with the notion that we are impartial to both Bitcoin Core (small blocks, off-chain scaling only) and Bitcoin Cash (big blocks, on-chain scaling only) schools of thought. We will support any or all ideas, as long as they allow for bitcoin to grow organically and eventually succeed as a peer-to-peer network that remains decentralized, distributed, immutable. Should we have a preference in either of the proposed scaling solutions?
First, let us briefly address Bitcoin Core and small blocks again. From the second section of this overview, we understand that there are proposed off-chain scaling methods via second layer solutions (2L), most notably soon-to-be implemented lightning via SegWit on Bitcoin Core. Unfortunately, the lightning network diminishes distributed and immutable network properties by replacing bitcoin’s peer-to-peer network with a two-layer institution-to-institution network and peer-to-hub-to-peer 2L. Do we need this particular 2L right now? Is its complexity truly needed? Is it not at best somewhat cumbersome (if not very redundant)? In addition to ridiculously high on-chain transaction fees illustrated in the earlier section, the lightning network code is perhaps more robust than it needs to be now, with thousands of lines of code, thus possibly opening up to new vectors for bugs or attacks (see https://en.bitcoin.it/wiki/Lightning_Network and https://github.com/lightningnetwork/lnd). Additionally, this particular 2L as currently designed unnecessarily introduces third parties, hubs, that are expected to centralize. We already have a working code that has been tested and proven to handle 8MB blocks, as seen with Bitcoin Cash on August 16, 2017 (see https://www.cryptocoinsnews.com/first-8mb-bitcoin-cash-block-just-mined). At best, these third party hubs would be decentralized but they would not be distributed. And these hubs would be by no means integral to the original bitcoin network with users, nodes, and miners.
To paraphrase Ocam’s razor problem solving principle, the simplest solution with the most desirable features will prevail (see https://en.wikipedia.org/wiki/Occam%27s_razor). The simplest scalability solution today is Bitcoin Cash because it updates only one line of code, which instantly increases the block size limit. This also allows other companies building on Bitcoin Cash to reduce their codes when compared to Bitcoin Core SegWit’s longer code, some even claiming ten-fold reductions (see /btc/comments/6vdm7y/ryan_x_charles_reveals_bcc_plan). The bitcoin ecosystem not only includes the network but it also includes companies building services on top of it. When these companies can reduce their vectors for bugs or attacks, the entire ecosystem is healthier and more resilient to hacking disasters. Obviously, changes to the bitcoin network code are desirable to be as few and as elegant as possible.
But what are the long-term implications of doing the one-line update repeatedly? Eventually, blocks would have to reach over 500MB size if they were to process Visa-level capacity (see https://en.bitcoin.it/wiki/Scalability). With decreasing costs of IT infrastructure, bandwidth and storage could accommodate it, but the overhead costs would increase significantly, implying miner and/or full node centralization further discussed next. To decrease this particular centralization risk, which some consider undesirable and others consider irrelevant, built-in and integrated 2L could keep the block size at a reasonably small-yet-still-large limit.
At the first sight, these 2L would remedy the risk of centralization by creating their own centralization incentive. At the closer look and Ocam’s razor principle again, these 2L do not have to become revenue-seeking third party hubs as designed with the current lightning network. They can be integrated into the current bitcoin network with at worst decentralized miners and at best distributed nodes. Recall that miners will eventually need to supplement their diminishing mining reward from new blocks. Additionally, as of today, the nodes have no built-in economic incentive to run other than securing the network and keeping the network’s overall value at its current level. Therefore, if new 2L were to be developed, they should be designed in a similar way like the lightning network, with the difference that the transaction processing revenue would not go to third party hubs but to the already integrated miners and nodes.
In other words, why do we need extra hubs if we have miners and nodes already? Let us consider the good elements from the lightning network, forget the unnecessary hubs, and focus on integrating the hubs’ responsibilities to already existing miner and node protocols. Why would we add extra elements to the system that already functions with the minimum number of elements possible? Hence, 2L are not necessarily undesirable as long as they do not unnecessarily introduce third party hubs.
Lastly, let us discuss partial on-chain scaling with the overall goal of network security. The network security we seek is the immutability and resilience via distributed elements within otherwise decentralized and distributed network. It is not inconceivable to scale bitcoin with bigger blocks as needed, when needed, to a certain degree. The thought process is the following:
  • (1) Block size limit:
We need some upper limit to avoid bloating the network with spam transactions. Okay, that makes sense. Now, what should this limit be? If we agree to disagree with small block size limit stuck at 1MB, and if we are fine with flexible block size limit increases (inspired by mining difficulty readjustments but on a longer time scale) or big block propositions (to be increased incrementally), what is holding us off next?
  • (2) Miner centralization:
Bigger blocks mean that more data will be transferred on the bitcoin network. Consequently, more bandwidth and data storage will be required. This will create decentralized miners instead of distributed ones. Yes, that is true. And it has already happened, due to the economy of scale, in particular the efficiency of grouping multiple miners in centralized facilities, and the creation of mining pools collectively and virtually connecting groups of miners not physically present in the same facility. These facilities tend to have huge overhead costs and the data storage and bandwidth increase costs are negligible in this context. The individual miners participating in mining pools will quite likely notice somewhat higher operational costs but allowing for additional revenue from integrated 2L described earlier will give them economic incentive to remain actively participating. Note that mining was never supposed to be strictly distributed and it was always at worst decentralized, as defined in the first section of this overview. To assure at best a distributed network, we have nodes.
  • (3) Node centralization:
Bigger blocks mean that more data will be transferred on the bitcoin network. Consequently, more bandwidth and data storage will be required. This will create decentralized nodes instead of distributed ones. Again, recall that we have a spectrum of decentralized and distributed networks in mind, not their absolutes. The concern about the node centralization (and the subsequent shift from distributed to decentralized network property) is valid if we only follow on-chain scaling to inconsiderate MB values. If addressed with the proposed integrated 2L that provides previously unseen economic incentives to participate in the network, this concern is less serious.
Furthermore, other methods to reduce bandwidth and storage needs can be used. A popular proposal is block pruning, which keeps only the most recent 550 blocks, and eventually deletes any older blocks (see https://news.bitcoin.com/pros-and-cons-on-bitcoin-block-pruning). Block pruning addresses storage needs and makes sure that not all nodes participating in the bitcoin network have to store all transactions that have ever been recorded on the blockchain. Some nodes storing all transactions are still necessary and they are called full nodes. Block pruning does not eliminate full nodes but it does indeed provide an economic incentive for the reduction and centralization (i.e. saving on storage costs). If addressed with the proposed integrated 2L that provides previously unseen economic incentives to participate in the network, this concern is less serious.
In other words, properly designed 2L should provide economic incentives for all nodes (full and pruned) to remain active and distributed. As of now, only miners earn revenue for participating. The lightning network proposes extra revenue for hubs. Instead, miner revenue could increase by processing 2L transactions as well, and full nodes could have an economic incentive as well. To mine, relatively high startup costs is necessary in order to get the most up to date mining hardware and proper cooling equipment. These have to be maintained and periodically upgraded. To run a full node, one needs only stable bandwidth and a sufficiently large storage, which can be expanded as needed, when needed. To run a full node, one needs only stable bandwidth and relatively small storage, which does not need to be expanded.
Keeping the distributed characteristic in mind, it would be much more secure for the bitcoin network if one could earn bitcoin by simply running a node, full or pruned. This could be integrated with a simple code change requiring each node to own a bitcoin address to which miners would send a fraction of processed transaction fees. Of course, pruned nodes would collectively receive the least transaction fee revenue (e.g. 10%), full nodes would collectively receive relatively larger transaction fee revenue (e.g. 20%), whereas mining facilities or mining pools would individually receive the largest transaction fee revenue (e.g. 70%) in addition to the full mining reward from newly mined blocks (i.e. 100%). This would assure that all nodes would remain relatively distributed. Hence, block pruning is a feasible solution.
However, in order to start pruning, one would have to have the full blockchain to begin with. As currently designed, downloading blockchain for the first time also audits previous blocks for accuracy, this can take days depending on one’s bandwidth. This online method is the only way to distribute the bitcoin blockchain and the bitcoin network so far. When the size of blockchain becomes a concern, a simpler distribution idea should be implemented offline. Consider distributions of Linux-based operating systems on USBs. Similarly, the full bitcoin blockchain up to a certain point can be distributed via easy-to-mail USBs. Note that even if we were to get the blockchain in bulk on such a USB, some form of a block audit would have to happen nevertheless.
A new form of checkpoint hashes could be added to the bitcoin code. For instance, each 2016 blocks (whenever the difficulty readjusts), all IDs from previous 2015 blocks would be hashed and recorded. That way, with our particular offline blockchain distribution, the first time user would have to audit only the key 2016th blocks, designed to occur on average once in roughly 2 weeks. This would significantly reduce bandwidth concerns for the auditing process because only each 2016th block would have to be uploaded online to be audited.
Overall, we are able to scale the bitcoin network via initial on-chain scaling approaches supplemented with off-chain scaling approaches. This upgrades the current network to a pruned peer-to-peer network with integrated 2L managed by miners and nodes who assure that the bitcoin network stays decentralized, distributed, immutable.
  • Discussion at /btc/comments/6vj47c/bitcoin_huh_wtf_is_going_on_should_we_scale_you is greatly encouraged.
  • Note that the author u/bit-architect appreciates any Bitcoin Cash donations on Reddit directly or on bitcoin addresses 178ZTiot2QVVKjru2f9MpzyeYawP81vaXi bitcoincash:qp7uqpv2tsftrdmu6e8qglwr2r38u4twlq3f7a48uq (Bitcoin Cash) and 1GqcFi4Cs1LVAxLxD3XMbJZbmjxD8SYY8S (Bitcoin Core).
  • EDIT: Donation addresses above updated.
submitted by bit-architect to btc [link] [comments]

NEW BITCOIN HACK 2020 ✔ REMOTECHAIN WALLET HACK WALLET CAPTURE Bitcoin Hack Private key on PC 2020 The problem with the recentralization of Bitcoin explained Bitcoin: What you need to know BitcoinWiki Channel - YouTube

bcstats - show some statistics about the block chain - number of blocks, difficulty, estimated next difficulty target, time to next difficulty; blocks - show the current number of blocks in the bitcoin block chain; blockdiff - show difficulty for a specified past block. bounty - show current block reward bounty, in BTC. Mt. Gox is the very first cryptocurrency exchange, which was established in 2007. In the beginning it was trading Magic the Gathering game cards from which time comes the name: Magic The Gathering Online eXchange.During August 2013th about 47% of all transactions in the Bitcoin network were made through this site. Throughout January 2014th the exchange was third largest stock exchange in terms Next Difficulty Estimated 16 835 159 878 195 -2.94 % In the image below, you can see Bitcoin's inflation rate during each period. Each halving lowers Bitcoin's inflation rate. The orange line is Bitcoin's inflation rate during a given period, while the blue line is the total number of bitcoins issued. Bitcoin Halving Schedule. The Bitcoin halving is scheduled in block height, not date. 14 Aug 2017 Bitcoin price climbs over $4,000. Since the beginning of the year the bitcoin price quadrupled. For the first time it reached a value over $4,000. read more. 12 Jun 2017 Bitcoin reaches new all-time high: $3,000. After reaching the all-time high of $ 2,000 at end of May 2017, Bitcoin now passed the next milestone. read more

[index] [13058] [30310] [10532] [11047] [13097] [10392] [12611] [11922] [16001] [3009]

NEW BITCOIN HACK 2020 ✔ REMOTECHAIN WALLET HACK WALLET CAPTURE

#bitcoin wiki #bitcoin value #bitcoin market #bitcoin faucet #bitcoin wallet #bitcoin blocks #bitcoin exchange rate #bitcoin rpc #bitcoin difficulty #bitcoin to usd #problems communicating with ... #bitcoin wiki #bitcoin value #bitcoin market #bitcoin faucet #bitcoin wallet #bitcoin blocks #bitcoin exchange rate #bitcoin rpc #bitcoin difficulty #bitcoin to usd #problems communicating with ... Bitcoin is facing re-centralization. The cryptocurrency mining is becoming centralized and it’s due to a major design flaw in Bitcoin’s core protocol that still remains unfixed. And if nothing ... #bitcoin wiki #bitcoin value #bitcoin market #bitcoin faucet #bitcoin wallet #bitcoin blocks #bitcoin exchange rate #bitcoin rpc #bitcoin difficulty #bitcoin to usd #problems communicating with ... The next video is starting ... #bitcoin wiki #bitcoin value #bitcoin market ... #bitcoin blocks #bitcoin exchange rate #bitcoin rpc #bitcoin difficulty #bitcoin to usd #problems communicating with ...

Flag Counter