tag:blogger.com,1999:blog-37114678951836708012024-03-05T22:34:32.154-08:00Kay Kurokawa on CryptocurrenciesMy writings on Bitcoin, Cryptocurrencies, and Distributed Applications Unknownnoreply@blogger.comBlogger17125tag:blogger.com,1999:blog-3711467895183670801.post-2729391395702982972020-12-22T22:15:00.001-08:002020-12-24T14:16:13.042-08:00China Does Not Control Bitcoin<p class="hz ia fm ib b ic id ie if ig ih ii ij ik il im in io ip iq ir is it iu iv iw dd ef" data-selectable-paragraph="" id="d201"> <table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEinGTZEvp9YFCPNDFSciorixqE8PKhXlWYXMs9Y2jqJyGkdWRbn8ZNqT6v3X58V7f7ZvkMVvOr0OFJV6zW4Y96aHej8onPiXrolsSOmItMJiacRzu4kUMdePWaHim7m8zGZ0oxF9Ynd22Po/s1023/The_County_Election%252C_Bingham%252C_1846.jpeg" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="620" data-original-width="1023" height="318" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEinGTZEvp9YFCPNDFSciorixqE8PKhXlWYXMs9Y2jqJyGkdWRbn8ZNqT6v3X58V7f7ZvkMVvOr0OFJV6zW4Y96aHej8onPiXrolsSOmItMJiacRzu4kUMdePWaHim7m8zGZ0oxF9Ynd22Po/w525-h318/The_County_Election%252C_Bingham%252C_1846.jpeg" width="525" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">The County Election, George Caleb Bingham 1856</td></tr></tbody></table><br /></p><p class="hz ia fm ib b ic id ie if ig ih ii ij ik il im in io ip iq ir is it iu iv iw dd ef" data-selectable-paragraph="" id="d201">Let’s say there is a person who has never experienced or learned how a democratic process works. He <span id="rmm"><span id="rmm"><span id="rmm"><span id="rmm"><span id="rmm"><span id="rmm"><span id="rmm"><span id="rmm"><span id="rmm"><span id="rmm"><span id="rmm"><span id="rmm"><span id="rmm"><span id="rmm"><span id="rmm"><span id="rmm">c</span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span>ould
be a North Korean subject, or perhaps a time traveling Feudal era
peasant. If we explain to this person what the American government
looked like in 2017 -2019, when the Republican party took control of the
executive and legislative branch (or 2008–2010 when Democrats took
control), he may wrongly conclude that a single party controls the
country, and that the American government is autocratic. This conclusion
is of course wrong. In a functioning democratic process, a single party
can take majority control but the people will vote them out if they
don’t like how that party is governing.</p><p class="hz ia fm ib b ic id ie if ig ih ii ij ik il im in io ip iq ir is it iu iv iw dd ef" data-selectable-paragraph="" id="f5da">This
hypothetical person is making an observation regarding the
configuration of a democratic government in a single slice of time, and
makes the wrong conclusion because he does not understand the political
process that created this configuration. A person who only understands
tyranny will have a hard time comprehending a political process that is
able to remove people in power through fair elections where each citizen
has a singular vote.</p><p class="hz ia fm ib b ic id ie if ig ih ii ij ik il im in io ip iq ir is it iu iv iw dd ef" data-selectable-paragraph="" id="ad2a">Similarly,
in the cryptocurrency community and in casual observers of Bitcoin,
there are people who claim that Bitcoin is controlled by China because
much of the current mining appears to be coming from China. While
estimates are unreliable due to the anonymous nature of mining, industry
insiders and studies places the percentage of mining from China to be
at <a class="bq ix" href="https://www.blogger.com/#" rel="noopener nofollow">around 65%</a>.</p><p class="hz ia fm ib b ic id ie if ig ih ii ij ik il im in io ip iq ir is it iu iv iw dd ef" data-selectable-paragraph="" id="83fc">Referencing these estimates, Ripple CEO Brad Garlinghouse <a class="bq ix" href="https://www.blogger.com/#" rel="noopener nofollow">stated</a>:
“Bitcoin is really controlled by China. There are four miners in China
that control over 50 percent of Bitcoin. How do we know that China won’t
intervene?”. Garlinghouse is much like the confused North Korean
subject who does not understand Democracy. As the CEO of Ripple, he only
understands cryptocurrencies which are ruled through singular entities.
Therefore, he has a hard time understanding that there is a systematic
process in Bitcoin that allows for miners to be removed from power if
they are deemed to be unworthy. Since he does not understand this
process, he can merely describe the state of affairs in a single slice
of time.</p><p class="hz ia fm ib b ic id ie if ig ih ii ij ik il im in io ip iq ir is it iu iv iw dd ef" data-selectable-paragraph="" id="ad09">This
willful ignorance is of course part of Ripple’s strategic effort to
appeal to US based regulators. In response to the recent SEC lawsuit
against them, Ripple responded by saying that this lawsuit will cede
innovations in cryptocurrencies to China since “Bitcoin and Ethereum
blockchains are highly susceptible to Chinese control because both are
subject to simple majority rule, whereas the XRPL prevents comparable
centralization.” The obvious subtext here is that Ripple is winking to
the regulators saying: “Hey don’t sue us because we control XRP and if
you take it easy on us, we’ll let you control it and not China”.</p><p class="hz ia fm ib b ic id ie if ig ih ii ij ik il im in io ip iq ir is it iu iv iw dd ef" data-selectable-paragraph="" id="0cda">Although
many like Garlinghouse are confused by it, Bitcoin’s systematic process
of mining has been made clear from the beginning. Satoshi stated in his
white paper that Bitcoin is a consensus mechanism of
“one-CPU-one-vote”. Although we now have special machines custom built
to perform mining (ASIC’s), the spirit of the statement remains the
same. If you are willing to expend resources to mine, you are given
votes proportional to the resource you’ve expended. One hash equals one
vote.</p><p class="hz ia fm ib b ic id ie if ig ih ii ij ik il im in io ip iq ir is it iu iv iw dd ef" data-selectable-paragraph="" id="da2d">Since
Bitcoin does not know or care who is doing the mining, a singular
entity is free to accumulate the majority of the hashrate of the Bitcoin
network. But this is not a problem for Bitcoin, the same as how it is
not a problem for Democracy if a political party gains majority control.
At the inception of the Bitcoin network, Satoshi owned 100% of the
hashrate for quite some time. There were also times in the past when a
mining pool <a class="bq ix" href="https://www.blogger.com/#" rel="noopener nofollow">was verified</a>
to have more than 51% of the hashrate. The caveat to this is that if
people do not vote out misbehaving or tyrannical entities, then Bitcoin
cannot function. Democracy works in the same way through an informed and
motivated electorate. Critics of Bitcoin are correct to say that China
could in the future forcibly mobilize the miners in their country to 51%
attack Bitcoin. But critics would be dead wrong if they believe that
proponents of Bitcoin will do nothing in response.</p><p class="hz ia fm ib b ic id ie if ig ih ii ij ik il im in io ip iq ir is it iu iv iw dd ef" data-selectable-paragraph="" id="9b90">While
mining farms already operating outside of China will play a huge role
to counter such attacks, individuals can make a difference simply by
running ASIC’s from their homes. Right now, you can buy an Antminer S9
for about 30$ and run it with about a microwave’s worth of power
consumption. With the current network hashrate of about 130 million
TH/s, a single S9 (14 TH/s) buys you roughly 1 vote out of 10 million on
the Bitcoin network (consider that a US citizenship buys you 1 vote out
of 250 million). Such mining can be done by anyone in the world, and
individual can expand their operation to as many ASIC’s as they are
willing to spend money on. Furthermore, the availability of capable ASIC
miners will increase in the future as newer generations of ASIC’s hit
the <a class="bq ix" href="https://www.blogger.com/#" rel="noopener nofollow">physical limits</a> of Moore’s law and their advantage against older ASIC’s become diminished.</p><p class="hz ia fm ib b ic id ie if ig ih ii ij ik il im in io ip iq ir is it iu iv iw dd ef" data-selectable-paragraph="" id="0e1b">If
one does not have access to facilities or the power required to mine,
they can fund friendly miners with Bitcoin. This can be done by either
utilizing Bitcoin transaction fees, or by directly sending a transaction
to the miner. By simply initiating transactions that would get accepted
on the friendly chain (but not the chain of the 51% attacker), Bitcoin
users can fund and incentivize friendly miners to counter the 51%
attack.</p><p class="hz ia fm ib b ic id ie if ig ih ii ij ik il im in io ip iq ir is it iu iv iw dd ef" data-selectable-paragraph="" id="af71">I
would also not underestimate the Bitcoin miners in China. Many of them
will refuse to comply if China orders them to work against Bitcoin, as
the destruction of Bitcoin also means that their livelihood is
destroyed. The competitive nature of mining guarantees that miners are
mostly people who believe in the long term value of Bitcoin. Profit
seeking miners who intend to convert their gains into fiat will
generally get pushed out by the believers who are willing to take short
term fiat losses. Mustafa Yilham, VP at a large Chinese Bitcoin mining
firm, <a class="bq ix" href="https://www.blogger.com/#" rel="noopener nofollow">states</a> that “from our experience in China, most large scale miners are very firm believers in Bitcoin”.</p><p class="hz ia fm ib b ic id ie if ig ih ii ij ik il im in io ip iq ir is it iu iv iw dd ef" data-selectable-paragraph="" id="52b8">In
summary, China does not control Bitcoin. They are merely voting
participants in the global Bitcoin network, the same as everybody else.
The beauty of the Bitcoin network is that it does not discriminate
against anyone from participating in the formation of consensus. If you
take this aspect away, you end up with XRP, or whatever abomination of a
currency that Facebook is creating. Does China have a chance to
maliciously control Bitcoin? Yes they certainly do. I think it would be
irresponsible to say that China didn’t have a chance. Such predictions
can create complacency, much like how incorrect polling numbers can
create complacency in the electorate. But I’m certainly not betting on
that to happen. And like many others, I will be vigilant and ready to
make sure that never happens because that is how Bitcoin truly works.</p>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-3711467895183670801.post-61591873940787349832020-12-21T14:10:00.005-08:002020-12-24T14:16:59.405-08:00The Biggest Short : On the Impending Bitcoin Bull Market<p class="hv hw fm hx b hy hz ia ib ic id ie if ig ih ii ij ik il im in io ip iq ir is dd ef" data-selectable-paragraph="" id="37ab">As
I write this, Bitcoin just ripped through 19,000 $ and hit all time
highs. As a holder of Bitcoin, part of me is euphoric, the other part of
me is a bit melancholy. If this bull market is going to play out, this
would be my third bull/bear cycle in Bitcoin, and this feeling of
melancholy is a bit new for me.</p><p class="hv hw fm hx b hy hz ia ib ic id ie if ig ih ii ij ik il im in io ip iq ir is dd ef" data-selectable-paragraph="" id="518b">Every Bitcoin bull market has a story<span id="rmm"><span id="rmm"><span id="rmm"><span id="rmm"><span id="rmm"><span id="rmm"><span id="rmm"><span id="rmm"><span id="rmm">.</span></span></span></span></span></span></span></span></span>
During my first in 2013, I was just in amazement that this Bitcoin
thing existed at all. I really didn’t know much about it other than that
it was this magic internet money. The 2013 cycle was a story about the
rise and fall of the Mt. Gox Bitcoin exchange, which I nearly lost money
on while trying to arbitrage it. At my second bull market in 2017, the
story was the rise of blockchain and distributed software. I felt
validated that I was right about the potential of Bitcoin. I was also
stupefied by the number of altcoins and Initial coin offerings (ICO’s)
that Bitcoin managed to catapult into the stratosphere, some of them
which I’ve helped develop.</p><p class="hv hw fm hx b hy hz ia ib ic id ie if ig ih ii ij ik il im in io ip iq ir is dd ef" data-selectable-paragraph="" id="dfab">This
incoming bull market feels different, because the story isn’t about
Bitcoin, blockchain, or cryptocurrencies at all. The story is not about
some niche things that only a bunch of nerds care about, where I could
join in and make some money. The story is one that affects everyone in
the world, and we are living it as we speak. As Bitcoin rockets upwards,
COVID is raging around the world, governments have failed to contain it
and destroyed their economies, central banks have unleashed the
printing press, institutions are failing, and people are suffering.</p><p class="hv hw fm hx b hy hz ia ib ic id ie if ig ih ii ij ik il im in io ip iq ir is dd ef" data-selectable-paragraph="" id="94b4">There’s
a scene in the movie Big Short where the two young traders from
Brownfield fund are dancing and celebrating the deal of their lifetime.
They just managed to short the CDO’s which will shortly blow up in the
bank’s faces in the 2008 financial crisis. The veteran trader who helps
them out, played by Brad Pitt, angrily tells them to stop dancing. He
tells them this:</p><p class="hv hw fm hx b hy hz ia ib ic id ie if ig ih ii ij ik il im in io ip iq ir is dd ef" data-selectable-paragraph="" id="ae31">“Do
you have any idea what you just did? You just bet against the American
Economy. Which means, if we’re right, people lose homes, people lose
jobs. people lose retirement savings, people lose pensions.”</p><p class="hv hw fm hx b hy hz ia ib ic id ie if ig ih ii ij ik il im in io ip iq ir is dd ef" data-selectable-paragraph="" id="7c8f">Like
the young traders in the movie, I didn’t really understand or
comprehend the gravitas of what I was buying in my first two bull
cycles. It was just magic internet money. But now I do, and the story of
this bull market makes it clear. If you are buying Bitcoin, you are
going short. Most shorts are of no consequence. If you are right, maybe a
company goes bankrupt or the price of an financial instrument drops by a
few percentage points. But if you are making a “Big Short”, you are
betting against a foundational economic reality. If you are right, the
pain will be so real and prevalent that it will affect you even though
you are theoretically on the other side of the trade.</p><p class="hv hw fm hx b hy hz ia ib ic id ie if ig ih ii ij ik il im in io ip iq ir is dd ef" data-selectable-paragraph="" id="74c2">Buying
Bitcoin is a short against the foundation of the world’s economic
system. It is simply impossible to be 100% on the other side of this
trade because you exist in it. It’d be like trying to short the Titanic
while you are on the Titanic. As Bitcoin rises, so will global
inequality and social unrest. Currencies will fail and financial systems
will crumble. People will lose homes, jobs, savings, pensions, and
their lives. At the same time, governments will tighten their financial
controls, increase censorship, and violently try to prop up their
failing regimes.</p><p class="hv hw fm hx b hy hz ia ib ic id ie if ig ih ii ij ik il im in io ip iq ir is dd ef" data-selectable-paragraph="" id="2bcb">Up
until about 2017, I used to believe that Bitcoin was mostly only useful
in failed countries with hyperinflation like Venezuela, and that people
like myself who live in first world countries didn’t really need it. I
thought of Bitcoin as a short against these regimes, and these regimes
only. However, as I learned more about economics and how central banks
worked, I realized that this wasn’t the case. In 2020 much of what I
learned in theory is being played out in reality.</p><p class="hv hw fm hx b hy hz ia ib ic id ie if ig ih ii ij ik il im in io ip iq ir is dd ef" data-selectable-paragraph="" id="e51c">There
are really two stories to this bull market. The first story is one of
historic unemployment borne by the lower class. You can see this clearly
in the chart below where the unemployment rate for low wage workers
have exploded, while high wage workers are nearly back to previous
levels.</p><figure class="iu iv iw ix iy hf ey ez paragraph-image"><div class="hg hh ah hi w hj" role="button" tabindex="0"><div class="ey ez it"><div class="ho s ah hp"><div class="iz hr s"><div class="ed hk fc er eo hl w dw hm hn"><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><img alt="Image for post" class="ot ou fc er eo hl w c" height="245" src="https://miro.medium.com/max/1160/1*Jmn7aQn2p0sW05O7IccgaQ.png" style="margin-left: auto; margin-right: auto;" width="537" /></td></tr><tr><td class="tr-caption" style="text-align: center;"><a class="bq je" href="https://www.tracktherecovery.org/" rel="noopener nofollow">https://www.tracktherecovery.org/</a></td></tr></tbody></table><div style="text-align: center;"></div><br /></div></div></div></div></div><br /></figure><p class="hv hw fm hx b hy hz ia ib ic id ie if ig ih ii ij ik il im in io ip iq ir is dd ef" data-selectable-paragraph="" id="8c9c">This story is also that of people waiting in <a class="bq je" href="https://www.reddit.com/r/pics/comments/k0stdq/texans_celebrate_dow_hitting_30000_by_lining_up/" rel="noopener nofollow">long lines at the food bank</a>, and of people looting. Of small businesses <a class="bq je" href="https://www.pnas.org/content/117/30/17656" rel="noopener nofollow">getting crushed</a>.
It’s also a story of people looking for answers to their economic woes
in the wrong places. The left seeks out Marxism, and the right seeks out
Fascism like it’s the 1920's.</p><p class="hv hw fm hx b hy hz ia ib ic id ie if ig ih ii ij ik il im in io ip iq ir is dd ef" data-selectable-paragraph="" id="716a">The
second story is that of ballooning asset prices, despite the cratering
of economic activity caused by a global pandemic. The Federal Reserve
has increased its balance sheet by more than <a class="bq je" href="https://www.federalreserve.gov/monetarypolicy/bst_recenttrends.htm" rel="noopener nofollow">3 trillion dollars</a>
by going on a massive buying spree for bonds, corporate debt, and
mortgage backed securities. Stock prices is at all time highs <a class="bq je" href="https://www.longtermtrends.net/market-cap-to-gdp-the-buffett-indicator/" rel="noopener nofollow">relative to GDP</a> and the Dow just <a class="bq je" href="https://www.cnbc.com/2020/11/24/trump-brags-about-dow-30000-at-surprise-press-conference-leaves-after-a-minute.html" rel="noopener nofollow">hit 30k</a> for the first time ever. The real estate market is <a class="bq je" href="https://www.npr.org/sections/coronavirus-live-updates/2020/10/22/926657942/housing-boom-sales-of-million-dollar-homes-double" rel="noopener nofollow">booming</a>. Absurd business <a class="bq je" href="https://www.houstonchronicle.com/news/houston-texas/religion/article/Joel-Osteen-s-Lakewood-Church-got-4-4M-in-15800887.php" rel="noopener nofollow">operations</a>
have received millions in federal loans. The beneficiary of all this is
of course the upper class, who owns most of such assets. The people
that should have the largest safety nets in an economic crisis, are
getting the most “aid”, if you can even call it that.</p><p class="hv hw fm hx b hy hz ia ib ic id ie if ig ih ii ij ik il im in io ip iq ir is dd ef" data-selectable-paragraph="" id="575b">The
mainstream media and politicians have described the current situation
in the US as a K- Shaped recovery. Austrian economists describe this as
the <a class="bq je" href="https://mattstoller.substack.com/p/the-cantillon-effect-why-wall-street" rel="noopener nofollow">Cantillon effect</a>,
a process where those closest to the money spigot gain the most benefit
from all the money being printed. Both of these descriptions are very
polite ways to describe the systematic pillaging and redistribution of
wealth to the upper class. As one Twitter user <a class="bq je" href="https://twitter.com/IramiOF/status/1327599625495318531" rel="noopener nofollow">describes it</a>, “K-shaped recovery” is a phrase assholes use with a straight face instead of “I got mine, suckers.”</p><p class="hv hw fm hx b hy hz ia ib ic id ie if ig ih ii ij ik il im in io ip iq ir is dd ef" data-selectable-paragraph="" id="f02b">The
most insidious part of this story is that the average person getting
screwed has no idea what is happening to them. They can instinctively
feel that they are getting a bad deal, but they don’t know who or what
is screwing them over. The right will blame immigrants, china, and
liberals. The left will blame racists, rich people, and conservatives.
Watching this play out is like playing the popular multiplayer game
“Among Us” where you try to identify the imposter (or “sus”) among your
space ship crew. You know exactly who the imposter is because you
watched him kill your crewmates, but the other surviving crewmates don’t
believe you.</p><figure class="iu iv iw ix iy hf ey ez paragraph-image"><div class="ey ez jf"><div class="ho s ah hp"><div class="jg hr s"><div class="ed hk fc er eo hl w dw hm hn"><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><img alt="Image for post" class="ot ou fc er eo hl w c" height="356" src="https://miro.medium.com/max/640/1*d_15ciGSTkL4UsmAvZxpyg.jpeg" style="margin-left: auto; margin-right: auto;" width="543" /></td></tr><tr><td class="tr-caption" style="text-align: center;">Fed is very sus</td></tr></tbody></table><br /></div></div></div></div></figure><p class="hv hw fm hx b hy hz ia ib ic id ie if ig ih ii ij ik il im in io ip iq ir is dd ef" data-selectable-paragraph="" id="bc56">Being
right is not enough. Bitcoin can go to a billion dollars and you can
still lose. And in this bull market, the stakes have been raised. It’s
no longer about insignificant bullshit like Mt. Gox, blockchain
technology, or ICO’s that has no relevance to the rest of the world.
This bull market is about the ungodly amount of money that has been
stolen and injected into the world economy that is trickling its way
into Bitcoin. People are finding it impossible to go long on a market
that has been rigged by the central banks and the ruling class. Even big
name macro investors in traditional finance like <a class="bq je" href="https://www.coindesk.com/druckenmiller-invests-bitcoin" rel="noopener nofollow">Stanley Druckenmiller</a> and <a class="bq je" href="https://finance.yahoo.com/news/paul-tudor-jones-on-bitcoin-180803661.html" rel="noopener nofollow">Paul Tudor Jones</a>
agree with this sentiment on a logical level. For many who have held
onto their Bitcoin for a long time, they agree on a moral level.</p><p class="hv hw fm hx b hy hz ia ib ic id ie if ig ih ii ij ik il im in io ip iq ir is dd ef" data-selectable-paragraph="" id="3c47">If
you are a Bitcoin holders now, congratulate yourself for being here.
But before getting too giddy, we have to remember the story of this bull
market. Bitcoin is no longer some niche thing in its own little world.
The world of Bitcoin is colliding and merging with the real world as we
speak. In this Bitcoin bull market, and in many more cycles to come, the
story will be about failed economic systems all over the world meeting
its inevitable demise. The pain is coming regardless of whether you hold
Bitcoin or not. I’m going to be humble and ready, but I’m not in the
mood for <a href="https://www.youtube.com/watch?v=7eYcWpgCb7o&feature=emb_logo">much dancing</a>.</p>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-3711467895183670801.post-10094699162928189002019-03-20T14:27:00.000-07:002019-03-23T14:29:03.441-07:00Bitcoin Is a Cult, Fiat Is a Religion<br />
<figure class="graf graf--figure" name="447f"><img class="graf-image" data-height="387" data-image-id="1*WdcLP3ii2bpMyP7BI77Qng.png" data-is-featured="true" data-width="656" height="235" src="https://cdn-images-1.medium.com/max/800/1*WdcLP3ii2bpMyP7BI77Qng.png" width="400" /></figure><br />
<div class="graf graf--p" name="091e">
Frances Coppola, a long time critic of Bitcoin, declared that “<a class="markup--anchor markup--p-anchor" data-href="https://twitter.com/Frances_Coppola/status/1102408593473720321" href="https://twitter.com/Frances_Coppola/status/1102408593473720321" rel="noopener" target="_blank">Bitcoin is a Cult</a>”, which predictably stirred a lot of shit posting and ruffled feathers. Many Bitcoin’ers were offended by this declaration, resulting in name calling and ad hominem attacks, which ironically proved Coppola’s points. Bitcoin is a cult, and no cultists likes to be pointed out as a cultist. She is not the first to point out this fact, <a class="markup--anchor markup--p-anchor" data-href="https://finance.yahoo.com/news/former-paypal-ceo-brands-bitcoin-164329390.html" href="https://finance.yahoo.com/news/former-paypal-ceo-brands-bitcoin-164329390.html" rel="noopener" target="_blank">others</a> <a class="markup--anchor markup--p-anchor" data-href="https://adamcaudill.com/2018/06/21/bitcoin-is-a-cult/" href="https://adamcaudill.com/2018/06/21/bitcoin-is-a-cult/" rel="noopener" target="_blank">have said</a> <a class="markup--anchor markup--p-anchor" data-href="https://thebaffler.com/salvos/zealots-of-the-blockchain-golumbia" href="https://thebaffler.com/salvos/zealots-of-the-blockchain-golumbia" rel="noopener" target="_blank">the same</a> thing.</div>
<div class="graf graf--p" name="091e">
<br /></div>
<div class="graf graf--p" name="acb5">
The cult label can be seen as a pejorative but I will attempt to explain here how it is a perfectly reasonable and necessary description of Bitcoin. A cult is just a religion with limited membership status and social acceptance. Musician Frank Zappa cleverly stated that “the only difference between a religion and a cult is the amount of real estate they own”. So if Bitcoin is a cult, fiat money is a religion.</div>
<br />
<figure class="graf graf--figure" name="e957"><img class="graf-image" data-height="405" data-image-id="1*eAerqkk73-x52tBeAG9sRg.png" data-width="570" src="https://cdn-images-1.medium.com/max/800/1*eAerqkk73-x52tBeAG9sRg.png" /></figure><br />
<div class="graf graf--p" name="cee7">
To demonstrate this point, I created the above meme which people really seemed to like. I believe this meme was popular because people are subconsciously aware of the religious nature of money. The fact that American paper money contains the phrase “In God We Trust” in capital letters is a confirmation of their awareness. It is only through faith that a piece of paper turns into some thing of value. In the modern age, it is a faith so firm and unshakable that it makes Jesus look like a second rate deity.</div>
<div class="graf graf--p" name="cee7">
<br /></div>
<div class="graf graf--p" name="d8e8">
Once ideological faith has taken complete hold of an individual, the individual is no longer aware that he believes. A true believer does not see his ideology as an ideology, and divine facts are just facts. They do not practice religion, they practice the truth. Or as Marx would say of someone who is under the spell of a powerful ideology: “<a class="markup--anchor markup--p-anchor" data-href="http://www.autodidactproject.org/other/cynzizek.html" href="http://www.autodidactproject.org/other/cynzizek.html" rel="noopener" target="_blank">They do not know it. But they are doing it.</a>” (he is talking here about the ideology of capitalism). It is through this ideological lens that people are able to declare Bitcoin as a cult. It is akin to a Catholic declaring Mormonism a cult. Such ignorance can only be achieved when you have been ideologically compromised to accept your own ideology as the plain truth.</div>
<div class="graf graf--p" name="d8e8">
<br /></div>
<div class="graf graf--p" name="d8e8">
Bitcoin cultists also suffer from the same syndrome when they reject the cult status of Bitcoin, while at the same time participating in carnivore dinners, and engaging in emotionally charged social media attacks against heretics.</div>
<div class="graf graf--p" name="65f7">
Readers may be skeptical of the intrinsic connection between money and faith. When we pay our electricity bill or buy some food at the grocery store, we do not feel any special connection to the divine, nor do we feel that we are practicing some religious activity. But yet, the foundations of our economic lives are directed by an object which only exists in the mind. Even though fiat money is just a piece of paper, or digits on a bank’s computer, we devote our daily lives in pursuit of it. We do not know it, but we are doing it. We place an enormous amount of faith in our money, without knowing it.</div>
<div class="graf graf--p" name="65f7">
<br /></div>
<div class="graf graf--p" name="6c84">
Philip Goodchild writes in <i class="markup--em markup--p-em">Theology of Money</i>, that “All religion, in essence, direct and distribute time, attention, and devotion. Religions enrich life by establishing patterns for living.” Does money not have the same effect ? Is money not the method in which our modern capitalist society direct and distribute time, attention, and devotion? If this is indeed the purpose of money, than the question of what money should be is inherently a moral, ethical, and political question. The answer to such a question cannot be monopolized by economists masquerading as scientists, for the answer we seek is not scientific in nature. We are not measuring the effects of physical phenomenons or proving a mathematical theorem. We are not mere automatons in a system designed to optimize GDP, employment numbers, and trade surplus.</div>
<div class="graf graf--p" name="6c84">
<br /></div>
<div class="graf graf--p" name="2a77">
If we define money as the method in which society direct and distribute time, attention, and devotion, than that means any attempts to redefine money is inherently a political activity rooted in an ideology of how society should be structured. Given how radically opposed Bitcoin is from the prevailing modern fiat system, there is no way for Bitcoin to succeed without true believers. True believers will be at the front lines in a fight against the inquisitors of the fiat system, who will do everything they can to to keep their money printable and censorable. These two properties of the fiat system are the cornerstones of the modern capitalist society. By presenting an alternative, Bitcoin is not only challenging a prevailing ideology, it is challenging the established hierarchy and power structure that has been constructed around it.</div>
<div class="graf graf--p" name="2a77">
<br /></div>
<div class="graf graf--p" name="933c">
Those that believe that this fight is not coming, either misunderstands the above stated fact, or is overestimating what Bitcoin as a technology can achieve. They erroneously believe that “blockchain technology” magically secures itself and can autonomously impose its own will on society without human intervention. As Eric Voskuil writes: “Technology is never the root of system security. Technology is a tool to help people secure what they value. Security requires people to act. A server cannot be secured by a firewall if there is no lock on the door to the server room, and a lock cannot secure the server room without a guard to monitor the door, and a guard cannot secure the door without risk of personal harm. Bitcoin is no different, it is secured by people who place themselves at personal risk (<a class="markup--anchor markup--p-anchor" data-href="https://github.com/libbitcoin/libbitcoin-system/wiki/Risk-Sharing-Principle" href="https://github.com/libbitcoin/libbitcoin-system/wiki/Risk-Sharing-Principle" rel="noopener" target="_blank">Risk Sharing Principle</a>).”</div>
<div class="graf graf--p" name="933c">
<br /></div>
<div class="graf graf--p" name="caa0">
Casual users and profit seekers driven purely by economic incentives will not place themselves at personal risk to protect Bitcoin. They are weak hands that will scatter at the first sight of trouble. It is only the true believers who will place themselves at personal risk. When propaganda starts to fill the social media channels, true believers will fight back with education. When the law comes knocking on people’s door, true believers will keep their Bitcoin hidden. When the state starts to perform a 51% attack, true believers will deploy hashing power to fight back. And it is the true believers who are tirelessly developing on Bitcoin; trying to make it more secure and easier to use without enforcing a tax on the system or rent seeking for personal profit.</div>
<div class="graf graf--p" name="caa0">
<br /></div>
<div class="graf graf--p" name="93c8">
Bitcoin can only succeed as a cult for all money is a religion. It is only when Bitcoin has won that it will shed its cult status. When Bitcoin becomes a religion, as fiat is now, we will no longer be aware that we are believing. One Bitcoin will simply be one Bitcoin, and one dollar will be a memory of an irrelevant and dated ideology.</div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-3711467895183670801.post-51948392982161458522018-11-29T20:28:00.000-08:002018-12-09T20:35:00.770-08:00The Nigerian Nakamoto Scam<div class="graf graf--p graf-after--h3" id="6ac9" name="6ac9">
Craig
“Faketoshi” Wright and Bitcoin SV is running a variant of the Nigerian
scam. Nigerian scams work because “by sending an email that repels all
but the most gullible, the scammer gets the most promising marks to
self-select, and tilts the true to false positive ratio in his favor.”
[Cormac Herley, “<a class="markup--anchor markup--p-anchor" data-href="https://www.microsoft.com/en-us/research/wp-content/uploads/2016/02/WhyFromNigeria.pdf" href="https://www.microsoft.com/en-us/research/wp-content/uploads/2016/02/WhyFromNigeria.pdf" rel="noopener nofollow" target="_blank">Why do Nigerian Scammers Say They are From Nigeria</a>”].
In other words, Nigerian scams work because it is a hyper efficient
idiot finder. Only an idiot would engage with such a preposterous claim
regarding a Nigerian prince. Most people will just ignore it, and this
is good for the scammer because the scammer does not have to waste time
engaging people with brains. Imagine if you were a scammer and you sent
out a million emails. You don’t want to waste time corresponding with
hundreds of people with normal intelligence, you want to find the
stupidest of the bunch.</div>
<div class="graf graf--p graf-after--p" id="e31e" name="e31e">
Craig
Wright is basically a Nigerian prince (or as per the title of this
article, a Nigerian Nakamoto). Only an idiot will actually believe that
someone like Craig is Satoshi. He is in fact the exact opposite of
Satoshi. A <a class="markup--anchor markup--p-anchor" data-href="https://www.youtube.com/watch?v=y4IGv-gHqcQ" href="https://www.youtube.com/watch?v=y4IGv-gHqcQ" rel="nofollow noopener" target="_blank">patent trolling</a>, <a class="markup--anchor markup--p-anchor" data-href="https://coinjournal.net/craig-wright-accused-of-plagiarism/" href="https://coinjournal.net/craig-wright-accused-of-plagiarism/" rel="nofollow noopener" target="_blank">plagiarizer</a> who uses <a class="markup--anchor markup--p-anchor" data-href="https://twitter.com/ProfFaustus/status/1062419798804574208" href="https://twitter.com/ProfFaustus/status/1062419798804574208" rel="noopener nofollow" target="_blank">4chan insults</a> and <a class="markup--anchor markup--p-anchor" data-href="https://twitter.com/ProfFaustus/status/1037052677170114562" href="https://twitter.com/ProfFaustus/status/1037052677170114562" rel="nofollow noopener" target="_blank">technobabble</a>.</div>
<br />
<figure class="graf graf--figure graf-after--p" id="6344" name="6344"></figure><figure class="graf graf--figure graf-after--p" id="6344" name="6344"><div class="aspectRatioPlaceholder is-locked" style="max-height: 439px; max-width: 700px;">
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><img class="progressiveMedia-image js-progressiveMedia-image" data-src="https://cdn-images-1.medium.com/max/800/1*rSVdmb_Fvc8ZDkDhTZgoRA.png" height="250" src="https://cdn-images-1.medium.com/max/800/1*rSVdmb_Fvc8ZDkDhTZgoRA.png" style="margin-left: auto; margin-right: auto;" width="400" /></td></tr>
<tr><td class="tr-caption" style="text-align: center;">So called creator of Bitcoin rallying against soy boy committees</td></tr>
</tbody></table>
<div class="progressiveMedia js-progressiveMedia graf-image is-canvasLoaded is-imageLoaded" data-action-value="1*rSVdmb_Fvc8ZDkDhTZgoRA.png" data-action="zoom" data-height="517" data-image-id="1*rSVdmb_Fvc8ZDkDhTZgoRA.png" data-scroll="native" data-width="824">
</div>
</div>
</figure><br />
<div class="graf graf--p graf-after--figure" id="8a9f" name="8a9f">
It
would be a mistake however to believe that Faketoshi himself is an
idiot, he is not. He is merely playing a character that attracts
gullible idiots. Craig was smart to position himself into the Bitcoin
Cash crowd because he correctly deduced that they had the right
combination of gullibility and liquidity. He saw that they were eating
up ridiculous conspiracy theories that revolved around Blockstream. It
would not be that hard to convince them that he was Satoshi, especially
if he was on their side of the fight against Bitcoin. I suspect that
people in leadership position within Bitcoin Cash like Roger Ver were
smart enough to know that Craig was a fraud. However, they were morally
bankrupt enough and too short sighted to reject him because they thought
that he was on their side. I’m surprised that Ver has so far received
almost no backlash from the ABC camp from this ordeal. He 100% enabled
the SV camp from gaining credibility within Bitcoin Cash. If you are a
Bitcoin Cash conspiracy theorist who believe everyone is a Blockstream
plant, you have to wonder whether Roger Ver himself isn’t a Blockstream
plant.</div>
<br />
<figure class="graf graf--figure graf-after--p" id="cd1f" name="cd1f"></figure><figure class="graf graf--figure graf-after--p" id="cd1f" name="cd1f"><div class="aspectRatioPlaceholder is-locked" style="max-height: 500px; max-width: 600px;">
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><img class="progressiveMedia-image js-progressiveMedia-image" data-src="https://cdn-images-1.medium.com/max/800/0*zmwX4VAJea6Wx44a.png" height="333" src="https://cdn-images-1.medium.com/max/800/0*zmwX4VAJea6Wx44a.png" style="margin-left: auto; margin-right: auto;" width="400" /></td></tr>
<tr><td class="tr-caption" style="text-align: center;">Roger Ver sharing a drink with SV</td></tr>
</tbody></table>
<div class="progressiveMedia js-progressiveMedia graf-image is-canvasLoaded is-imageLoaded" data-height="500" data-image-id="0*zmwX4VAJea6Wx44a.png" data-is-featured="true" data-scroll="native" data-width="600">
</div>
</div>
</figure><br />
<div class="graf graf--p graf-after--figure" id="1e19" name="1e19">
Once
Craig gained credibility within Bitcoin Cash, the next step was to
splinter off the chain into Bitcoin SV. This step is equivalent to the
phase where the Nigerian prince gives you a bank account number to wire
the money to. With the financial backing of billionaire and online
casino mogul Calvin Ayre, Bitcoin SV was created. Before and during the
chain split, SV made a lot of noise regarding a hashwar where they
threatened to 51% attack the ABC chain. <a class="markup--anchor markup--p-anchor" data-href="https://www.reddit.com/r/btc/comments/9uf4xf/vin_armani_the_coming_hash_war_a_message_to/" href="https://www.reddit.com/r/btc/comments/9uf4xf/vin_armani_the_coming_hash_war_a_message_to/" rel="nofollow noopener" target="_blank">Many people</a>
took the bait and believed that there would only be one chain that
would remain after the split. However, this was all just a marketing
ploy to give legitimacy to SV.</div>
<div class="graf graf--p graf-after--figure" id="1e19" name="1e19">
<br /></div>
<div class="graf graf--p graf-after--p" id="8334" name="8334">
SV
would gain nothing and probably lose by engaging in a hashwar against
ABC which has the backing of mining giant Bitmain. What SV wanted was
for the stupidest people within Bitcoin Cash to self select themselves
onto a chain where they have 100% control. The next step is obvious.
Once they have total control on the chain containing a bunch of stupid
people that are members of the cult of Faketoshi, they are free to do
whatever they want. Faketoshi has already hinted that they were going to
be <a class="markup--anchor markup--p-anchor" data-href="https://medium.com/@craig_10243/fixing-op-fals-fd157899d2b7" href="https://medium.com/@craig_10243/fixing-op-fals-fd157899d2b7" target="_blank">stealing burned coins</a>,
by changing the code to interpret them as miner rewards. There are also
other creative ways to make money, especially if you control both the
software development and mining on the chain. Bitmain showed that such a
scheme was possible with their implementation of <a class="markup--anchor markup--p-anchor" data-href="https://medium.com/@WhalePanda/asicboost-the-reason-why-bitmain-blocked-segwit-901fd346ee9f" href="https://medium.com/@WhalePanda/asicboost-the-reason-why-bitmain-blocked-segwit-901fd346ee9f" target="_blank">ASICBoost</a>.
I would also not be surprised if they decided to implement some
inflationary scheme that enriches their own wallets at some point in the
future.</div>
<div class="graf graf--p graf-after--p" id="8334" name="8334">
<br /></div>
<div class="graf graf--p graf-after--p graf--trailing" id="9724" name="9724">
I
think the mastermind behind this idea can be traced to Calvin Ayre, who
made his money running online casinos. He sees the blockchain as a
poker table. And there’s two sure fire ways of making money in poker and
that is a) to make sure you are the house and b) that you are always
playing against terrible poker players. POW mining is like a game of
chance after all. Being able to fully control the software development
enables you to be the “house” and set the rules of the game. Kicking out
Bitmain into their own chain also allows them to be the biggest player
on the table. Now the only task remaining is to steadily dump the newly
minted SV coins. I suspect that SV will be very good at doing this
because the crypto market is mostly just a large unregulated online
market for people to gamble their excess money away. Calvin Ayre is an
expert in that market, and Faketoshi gave him the best customers.</div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-3711467895183670801.post-73641204229475564522018-08-25T11:57:00.000-07:002020-02-15T21:06:20.840-08:00Crypto Ideology: The Bitcoin Cash Ideology and the Incoming Schism<span style="font-weight: normal;">Bitcoin cash is facing a schism. Developers on Bitcoin ABC seems to be completely oblivious to this threat, hence they are proposing to hardfork over non critical matters on Nov 15th. It is not clear what the other BCH implementations like Bitcoin Unlimited and the new Craig Wright project Bitcoin SV intends to do on Nov 15th. What is clear is that there is a good deal of hostility (<a class="markup--anchor markup--p-anchor" data-href="https://www.reddit.com/r/btc/comments/959tbe/amaury_creator_of_bitcoin_cash_has_been_banned/" href="https://www.reddit.com/r/btc/comments/959tbe/amaury_creator_of_bitcoin_cash_has_been_banned/" rel="noopener" target="_blank">devs being banned from communication channels</a>, <a class="markup--anchor markup--p-anchor" data-href="https://nchain.com/en/blog/bitcoin-sv-launch/" href="https://nchain.com/en/blog/bitcoin-sv-launch/" rel="noopener" target="_blank">Faketoshi posturing</a>), and a high likelihood of Bitcoin Cash splitting into multiple chains. Various vulture chains have started to come out like <a class="markup--anchor markup--p-anchor" data-href="https://twitter.com/CobraBitcoin/status/1032955956408274944" href="https://twitter.com/CobraBitcoin/status/1032955956408274944" rel="noopener" target="_blank">Bitcoin Cobra</a> and <a class="markup--anchor markup--p-anchor" data-href="https://twitter.com/BitcoinStash" href="https://twitter.com/BitcoinStash" rel="noopener" target="_blank">Bitcoin Stash</a> trying to take advantage of the situation.</span><br />
<div class="graf graf--p" name="2b26">
<br /></div>
<div class="graf graf--p" name="9aff">
Bitcoin cash is founded on the ideological tenet that a hard forked minority chain can be a legitimate successor to the original chain. “Bitcoin Cash is Bitcoin” is a Roger Ver invented meme based on this tenet. It should not surprise anyone that disagreements within the Bitcoin Cash community will be settled by the chain splitting into multiple forks, using the tenet as the justification. Allow me to “unroll” this statement:</div>
<div class="graf graf--p" name="9aff">
<br /></div>
<div class="graf graf--p" name="f2a6">
The core foundation of any large group of people rests on ideology. Nations, religions, and political movements cannot exist without ideology and neither can cryptocurrencies. Stable ideologies allow communities to thrive. A simple example in religion is the Christian tenet that “there is one true god”. This belief strengthens the religion because it weakens membership in competing religions. Communities with unstable ideologies will eventually collapse. Think of the Shakers, a 18th century Christian sect that endorsed celibacy as a core tenet. It should be no surprise that Shakers are now extinct because its members did not have children that could continue the practice of the religion.</div>
<div class="graf graf--p" name="57e1">
<br /></div>
<div class="graf graf--p" name="57e1">
The very ideology that justifies the existence of Bitcoin Cash, also justifies the use of chain splits to settle any disagreements within the community. Its easy to see that this ideology, that a hard forked minority chain can be a legitimate successor to the original chain, is completely unstable. Witness below this profoundly confused statement by professional BCash shill David Jerry. He proposes that to solve a chain split, the minority chain capitulates and switches to the winning chain, while not realizing that Bitcoin Cash itself is a minority chain to Bitcoin.</div>
<br />
<figure class="graf graf--figure" name="aece"><img class="graf-image" data-height="465" data-image-id="1*DjrZmasBpxY95IrtiQGF_A.png" data-width="603" src="https://cdn-images-1.medium.com/max/1000/1*DjrZmasBpxY95IrtiQGF_A.png" /></figure><br />
<div class="graf graf--p" name="c56c">
While David Jerry’s solution is sensible in Bitcoin, it is completely incompatible with the Bitcoin Cash ideology. It is thus reasonable to conclude that Bitcoin Cash will face a never ending threat where its community members threatens to split off permanently from the main chain. I predict that within 1 year, there will be multiple competing hard forks that come out Bitcoin Cash. Eventually, the chain will have been split so many times that it will be a forgotten footnote in the history of cryptocurrencies.</div>
<div class="graf graf--p" name="c56c">
<br /></div>
<div class="graf graf--p" name="c0ab">
Now let us go back to the original debate which created Bitcoin Cash in the first place, the block size debate. Bitcoin Maximalists often say that the block size debate is not about the block size at all. This is true, the block size debate is about retaining a stable ideology. The most important belief that the maximalists wanted to stand by in the block size debate is that backwards compatibility is never broken (or that we never hard fork). This ideology is stable because it guarantees that members who failed to upgrade their software are never dropped from network. This may sound like a rigid requirement for a software project, but Bitcoin is not just a software project. It is a method of coordination for a large group of people who face extremely hostile and powerful adversaries. Understanding this fact, it becomes clear that software upgrades can be a large attack vector and may not be feasible when the adversaries are fully engaged.</div>
<div class="graf graf--p" name="c0ab">
<br /></div>
<div class="graf graf--p" name="e0fa">
Critics are correct in saying that currently, the state level adversaries are not fully engaged and that hard forks are completely possible in practice. What they don’t understand is the nature of ideology. Ideology can only be strengthened through strict adherence to it. A cryptocurrency project will not be able to easily switch to a policy of having no hardforks when the adversaries become suddenly engaged. For a project like Bitcoin Cash, which have already hard forked twice within a year to solve its problems, the users have been conditioned to believe that hardforks are safe. Thus when a malicious state sponsored hard fork comes along, they will be sitting ducks. Bitcoin users, who have been conditioned to believe that all hardforks are unsafe, will be immune when such an attack comes.</div>
<div class="graf graf--p" name="12a5">
<br /></div>
<div class="graf graf--p" name="12a5">
A stable and sustainable ideology must be the foundation of all cryptocurrencies. No amount of cryptography, consensus protocol development, and technical optimizations will help a cryptocurrency with an unstable and bankrupt ideology.</div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-3711467895183670801.post-7673395161428097772018-06-04T12:04:00.000-07:002018-08-28T12:06:27.020-07:00Forking for ASIC Resistance: A Monero Case Study<div class="graf graf--p" name="0cb4">
<em class="markup--em markup--p-em">This research has been sponsored by </em><a class="markup--anchor markup--p-anchor" data-href="http://www.lbry.io" href="http://www.lbry.io/" rel="noopener" target="_blank"><em class="markup--em markup--p-em">LBRY</em></a><em class="markup--em markup--p-em">, a free, open, and community-run digital marketplace.</em></div>
<div class="graf graf--p" name="0cb4">
<em class="markup--em markup--p-em"><br /></em></div>
<div class="graf graf--p" name="831b">
Designing ASIC resistant proof-of-work blockchains, and particularly hard-forking to achieve such ASIC-resistance is a contentious new issue in the cryptocurrency space. ASIC chips are custom manufactured computing devices designed specifically for a particular blockchain or hashing algorithm. As such, they are far more efficient at mining than commodity hardware such as CPUs or GPUs.</div>
<div class="graf graf--p" name="831b">
<br /></div>
<div class="graf graf--p" name="f8cf">
Forking to prevent such resistance, referred to as an AAHF (Anti-ASIC Hard Fork) for the rest of this article, changes the mining algorithm on a blockchain so that ASICs tailored to the old algorithm can no longer mine effectively. AAHF aren’t just theory. Recently Monero<a class="markup--anchor markup--p-anchor" data-href="https://cointelegraph.com/news/monero-hard-fork-appears-successful-as-devs-shun-bitmains-asic-miners" href="https://cointelegraph.com/news/monero-hard-fork-appears-successful-as-devs-shun-bitmains-asic-miners" rel="noopener" target="_blank"> executed one</a> and<a class="markup--anchor markup--p-anchor" data-href="https://forum.z.cash/t/let-s-talk-about-asic-mining/27353/459" href="https://forum.z.cash/t/let-s-talk-about-asic-mining/27353/459" rel="noopener" target="_blank"> Zcash</a> is pondering whether to do the same. At <a class="markup--anchor markup--p-anchor" data-href="https://lbry.io" href="https://lbry.io/" rel="noopener" target="_blank">LBRY</a>, we’ve received requests to hard fork due to the release of a<a class="markup--anchor markup--p-anchor" data-href="https://www.baikalminer.com/product10.php" href="https://www.baikalminer.com/product10.php" rel="noopener" target="_blank"> Baikal miner</a> appearing on the market (the miner is likely a FPGA machine, not an ASIC, however).</div>
<div class="graf graf--p" name="f8cf">
<br /></div>
<div class="graf graf--p" name="1041">
This article is a case study on the recent Monero AAHF. The Monero hard fork that occurred on April 6th was interesting in that it:<br />
<br /></div>
<div class="graf graf--p" name="91ca">
A) Set the Monero dev/community against the much maligned ASIC manufacturer Bitmain</div>
<div class="graf graf--p" name="7a38">
B) Resulted in the chain splintering into various alternative projects that took over the old pre-fork chain (you can read about this<a class="markup--anchor markup--p-anchor" data-href="https://bitcoinmagazine.com/articles/monero-just-hard-forked-and-it-resulted-four-new-projects/" href="https://bitcoinmagazine.com/articles/monero-just-hard-forked-and-it-resulted-four-new-projects/" rel="noopener" target="_blank"> here</a>)</div>
<div class="graf graf--p" name="7a38">
<br /></div>
<div class="graf graf--p" name="c99a">
The goals of this article is to look at verifiable data instead of speculating about the nature of the fork, and to see what kind of lessons we can learn from it.</div>
<div class="graf graf--p" name="c99a">
<br /></div>
<h3 class="graf graf--h3" name="18f8">
Effects on Hashrate</h3>
<div class="graf graf--p" name="a5b2">
<br /></div>
<div class="graf graf--p" name="a5b2">
First let’s look at Monero’s hash rate before and after the hard fork. In the below graph, you can see the hashrate for Monero in green. The black line is the hashrate for the the various alt-coin splinter projects that took over Monero’s old chain after the hard fork (from henceforth called Monero Original)*.</div>
<div class="graf graf--p" name="a5b2">
<br /></div>
<div class="graf graf--p" name="8162">
*Note that according to GPU miners that I’ve talked to, the pre-fork and post-fork Monero POW algorithm is equivalent in computational difficulty thus the hash rate before and after the fork should be comparable.</div>
<br />
<figure class="graf graf--figure" name="ad9c"><img class="graf-image" data-height="689" data-image-id="1*SYB3AbJO6dCbfhrYqeKqTA.png" data-width="1234" height="355" src="https://cdn-images-1.medium.com/max/1000/1*SYB3AbJO6dCbfhrYqeKqTA.png" width="640" /></figure><br />
<div class="graf graf--p" name="2913">
Green: Monero hash rate, Black: Monero Original hash rate</div>
<div class="graf graf--p" name="a967">
Source:<a class="markup--anchor markup--p-anchor" data-href="http://blkdat.com/?filter=XMR/XMO&block&coin=XMO&datatype=hash_rate&interval=hour/?block&coin=XMR&datatype=hash_rate&interval=hour&min=1516875244349680&max=1527099900789280" href="http://blkdat.com/?filter=XMR/XMO&block&coin=XMO&datatype=hash_rate&interval=hour/?block&coin=XMR&datatype=hash_rate&interval=hour&min=1516875244349680&max=1527099900789280" rel="noopener" target="_blank"> Blkdat.com</a></div>
<div class="graf graf--p" name="a967">
<br /></div>
<div class="graf graf--p" name="1491">
One possible interpretation of this graph is that the total Bitmain ASIC hashrate is around 500 Megahash/sec. This matches up with the amount that seemed to drop off from Monero post-fork, and also matches up with the amount that remained on the Monero Original chain post-fork. However, we can’t say this with certainty that the above interpretation is correct since it is impossible to associate hashrate to a specific type of miner.</div>
<div class="graf graf--p" name="1491">
<br /></div>
<div class="graf graf--p" name="43c8">
Regardless of what the total hashrate of Bitmain’s ASIC miners is, losing almost 50% of the hashrate post fork should be a concern for Monero. The recent 51%<a class="markup--anchor markup--p-anchor" data-href="https://www.ccn.com/bitcoin-gold-hit-by-double-spend-attack-exchanges-lose-millions/" href="https://www.ccn.com/bitcoin-gold-hit-by-double-spend-attack-exchanges-lose-millions/" rel="noopener" target="_blank"> attack of Bitcoin Gold</a> illustrates the very real connection that exists between hash rate and security.</div>
<div class="graf graf--p" name="43c8">
<br /></div>
<h3 class="graf graf--h3" name="6611">
ASIC Capabilities</h3>
<div class="graf graf--p" name="f42c">
<br /></div>
<div class="graf graf--p" name="f42c">
The primary argument for an AAHF is that ASIC manufacturing results in more mining centralization by pushing out the commodity hardware miners. To verify this claim, we need to look at the capability of these ASIC miners and compare them to commodity hardware. Below are the respective specs for the Bitmain Monero miner and a top of the line AMD GPU miner:</div>
<ul class="postList">
<li class="graf graf--li" name="db83">Bitmain X3: 220 KH/s, 550 Watts, 0.4KH/s per Watt, Retail value: 1900$</li>
<li class="graf graf--li" name="f843">AMD HD 7990: 1.1 KH/s, 110 Watts, 0.01 KH/s per Watt, Retail value: 900$</li>
</ul>
<div class="graf graf--p" name="83d9">
We see that the Bitmain miner is 220 times more powerful than a single top of the line AMD GPU unit. More importantly, it is 40 times more energy efficient at mining. It is clear that commodity GPUs are outclassed by these custom miners, but it’s also important to note that there are a whole lot of GPUs out there in the world. Consider that AMD shipped 19.6 million discrete GPUs in<a class="markup--anchor markup--p-anchor" data-href="https://www.extremetech.com/gaming/264836-cryptocurrency-miners-bought-776m-gpus-2017-mostly-amd" href="https://www.extremetech.com/gaming/264836-cryptocurrency-miners-bought-776m-gpus-2017-mostly-amd" rel="noopener" target="_blank"> 2017 alone</a>. AMD does not release sale numbers for specific models, but if we assume that all 19.6 million of the GPUs sold were of the cheap 400 series variety, this adds up to 7.84 GH/s (a 400 series runs about 0.4 KH/s on the Monero network). This is 15 times larger than the 0.5 GH/s that we estimated to be the Bitmain ASICs total hashrate and the current Monero hashrate.</div>
<div class="graf graf--p" name="83d9">
<br /></div>
<div class="graf graf--p" name="a610">
The point of this calculation is to show that while AMD/NVIDIA may not produce profitable miners, the total hash rate they produce is immense. ASIC producers like Bitmain may be able to obtain monopolies on profitable mining, but they have not monopolized mining. If Bitmain tries to perform a 51% attack, the Monero community will likely be able to fight it off using commodity GPUs. If we assume that 0.5 GH/s is the correct estimate for the Bitmain ASICs total hash rate, this will require 1.25 million AMD 400 series GPUs. Assuming 150 watts of power consumption per unit and 12 cents per kilowatt-hour we get the energy costs to be 22,500$ per hour. The numbers will obviously be better if we use a higher end GPU.</div>
<div class="graf graf--p" name="a610">
<br /></div>
<h3 class="graf graf--h3" name="965b">
Aftermath for Users</h3>
<div class="graf graf--p" name="162d">
<br /></div>
<div class="graf graf--p" name="162d">
Software upgrades by nature are attack vectors. Some users will end up downloading a compromised version of the upgrade which may for example send all their coins to a hacker’s address. We can actually get download numbers for<a class="markup--anchor markup--p-anchor" data-href="http://www.somsubhra.com/github-release-stats/?username=monero0&repository=monero0" href="http://www.somsubhra.com/github-release-stats/?username=monero0&repository=monero0" rel="noopener" target="_blank"> Monero 0</a> and<a class="markup--anchor markup--p-anchor" data-href="http://www.somsubhra.com/github-release-stats/?username=XmanXU&repository=monero-original" href="http://www.somsubhra.com/github-release-stats/?username=XmanXU&repository=monero-original" rel="noopener" target="_blank"> Monero Original</a>. They are two projects that took over the old chain after the Monero fork and released their binaries on GitHub (GitHub tracks download numbers through their API).</div>
<div class="graf graf--p" name="162d">
<br /></div>
<div class="graf graf--p" name="8470">
About 1000 users total have downloaded either Monero Original or Monero 0 binaries and have presumably used them. I’m not suggesting that these binaries are malware but they are unsigned binaries from anonymous developers. Needless to say, there are significant risks involved in running such software. It is worth considering whether it is worth exposing users to such attack vectors when hard forking.</div>
<div class="graf graf--p" name="8470">
<br /></div>
<div class="graf graf--p" name="9856">
Other users may not even be aware that the Monero network has hard forked and may be transacting on the old network unaware of what is happening. It is impossible to tell whether the transactions happening on the Monero Original chain are intentional or accidental but the below graph shows that there is still small amount of transactions occurring on the Monero Original chain (note that the Monero Original chain is traded on hitbtc.com so the transactions below could all be intentional).</div>
<br />
<figure class="graf graf--figure" name="2fc3"><img class="graf-image" data-height="692" data-image-id="1*dyTIHCAXVRErJiVhSlSjTA.png" data-width="1185" height="373" src="https://cdn-images-1.medium.com/max/1000/1*dyTIHCAXVRErJiVhSlSjTA.png" width="640" /></figure><br />
<div class="graf graf--p" name="50f3">
Green: number of transactions on Monero, Black: number of transactions on Monero Original</div>
<div class="graf graf--p" name="a5ee">
Source:<a class="markup--anchor markup--p-anchor" data-href="http://blkdat.com/?filter=XMR/XMO&block&coin=XMO&datatype=num_tx&interval=hour/?block&coin=XMR&datatype=num_tx&interval=hour&min=1520661447696413.8&max=1526824702996909.8" href="http://blkdat.com/?filter=XMR/XMO&block&coin=XMO&datatype=num_tx&interval=hour/?block&coin=XMR&datatype=num_tx&interval=hour&min=1520661447696413.8&max=1526824702996909.8" rel="noopener" target="_blank"> Blkdat.com</a></div>
<h3 class="graf graf--h3" name="3360">
</h3>
<h3 class="graf graf--h3" name="3360">
Conclusions</h3>
<div class="graf graf--p" name="e5be">
<br /></div>
<div class="graf graf--p" name="e5be">
There are several causes for concern regarding Monero’s AAHF.</div>
<div class="graf graf--p" name="e5be">
<br /></div>
<div class="graf graf--p" name="d21c">
The first concern is that the AAHF may have been unnecessary in the first place because the Monero community underestimated the total amount of hash rate that can be produced through commodity hardware. If the community had concerns about Bitmain abusing their powers, they certainly could have fought back without resorting to a hard fork.</div>
<div class="graf graf--p" name="d21c">
<br /></div>
<div class="graf graf--p" name="f47b">
The second concern is that the AAHF created attack vectors that could be exploited against its users. The lowered hash rate can be used to 51% attack the chain, and the software update necessary for the hard fork may have left users on the wrong chain or exposed them to malware.</div>
<div class="graf graf--p" name="f47b">
<br /></div>
<div class="graf graf--p" name="c00d">
It remains to be seen how these concerns will work out for Monero in the future. So far, things has gone smoothly as the Monero price has been stable and there has been no noticeable network disruption for the user. The market for the most part has deemed this AAHF to be a success. However, this AAHF is likely just the opening battle in a war to determine who gets to control the Monero network. Bitmain, and other ASIC manufacturer, will not be undeterred if there is money to be made. The next time this battle is fought, these concerns are going to be revisited again.</div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-3711467895183670801.post-80030230246397442902018-03-02T12:17:00.000-08:002018-06-16T12:17:39.902-07:00Left/Right Political Ideologies of Hodlers: Part 1<div class="graf graf--p" name="5ce2">
I’ve been thinking a lot about left and right-wing politics, due to the extremely polarized nature of the current American/Western political landscape. Naturally, I started thinking about left and right-wing ideologies in the cryptocurrency space, and how increasingly relevant these ideologies have become in this space. In the early days of Bitcoin, arguments revolved purely around the technology and efficient solutions to tractable engineering problems. If there was any ideological arguments, they were mostly between <a class="markup--anchor markup--p-anchor" data-href="https://en.wikipedia.org/wiki/HODL" href="https://en.wikipedia.org/wiki/HODL" rel="noopener" target="_blank">Hodlers</a> (people that believe in, or can at least see some value in cryptocurrencies) and Nocoiners (people who think that Bitcoin is stupid).</div>
<div class="graf graf--p" name="5ce2">
<br /></div>
<div class="graf graf--p" name="416d">
But these days, major conflicts in the crypto space can be described as intractable ideological conflicts. The block size debate is an example of this. The numerous skirmishes between altcoins vs Bitcoin, or altcoins vs altcoins is another example. In this article, I will describe how we can look at these ideological conflicts the same way we look at mainstream political conflicts. More specifically, I will describe how the concept of left-right political spectrum applies to people in the cryptocurrency space, which I will call “hodlers” for a lack of a better term.</div>
<div class="graf graf--p" name="416d">
<br /></div>
<div class="graf graf--p" name="d067">
Psychologists have done many studies to discover differences in the way conservatives and liberals think. One important finding from these studies is that the amount of fear, or the lack of it, is a critical component of whether a person is left or right-leaning. The presence of fear shifts people to the right side, while the lack of it shifts people to the left side. Studies have shown that conservatives (right-leaning people) are <a class="markup--anchor markup--p-anchor" data-href="https://www.cambridge.org/core/journals/behavioral-and-brain-sciences/article/differences-in-negativity-bias-underlie-variations-in-political-ideology/72A29464D2FD037B03F7485616929560" href="https://www.cambridge.org/core/journals/behavioral-and-brain-sciences/article/differences-in-negativity-bias-underlie-variations-in-political-ideology/72A29464D2FD037B03F7485616929560" rel="noopener" target="_blank">more responsive to physical threats and other negative stimuli</a>, focus more on <a class="markup--anchor markup--p-anchor" data-href="http://rstb.royalsocietypublishing.org/content/367/1589/640.full#aff-1" href="http://rstb.royalsocietypublishing.org/content/367/1589/640.full#aff-1" rel="noopener" target="_blank">threatening imagery rather than pleasant imagery</a> , and <a class="markup--anchor markup--p-anchor" data-href="http://www.cell.com/current-biology/fulltext/S0960-9822(11)00289-2" href="http://www.cell.com/current-biology/fulltext/S0960-9822%2811%2900289-2" rel="noopener" target="_blank">have a larger amygdala</a> (a region of your brain that processes fear stimuli) than liberals. Academics have coined the phrase “negativity bias” as a way to describe the tendency of right-leaning people to be more fearful and more responsive to negative stimuli. Conversely, you could use the phrase “positivity bias” to describe the tendency of left-leaning people to be less fearful. The opposite of fear is hope so you could say that liberals are more hopeful, and conservatives are more fearful. Here are some further summary readings on the issue: <a class="markup--anchor markup--p-anchor" data-href="https://www.washingtonpost.com/news/inspired-life/wp/2017/11/22/at-yale-we-conducted-an-experiment-to-turn-conservatives-into-liberals-the-results-say-a-lot-about-our-political-divisions/?utm_term=.d86d65e1ae6d" href="https://www.washingtonpost.com/news/inspired-life/wp/2017/11/22/at-yale-we-conducted-an-experiment-to-turn-conservatives-into-liberals-the-results-say-a-lot-about-our-political-divisions/?utm_term=.d86d65e1ae6d" rel="noopener" target="_blank">1</a> , <a class="markup--anchor markup--p-anchor" data-href="https://www.psychologytoday.com/blog/mind-in-the-machine/201612/fear-and-anxiety-drive-conservatives-political-attitudes" href="https://www.psychologytoday.com/blog/mind-in-the-machine/201612/fear-and-anxiety-drive-conservatives-political-attitudes" rel="noopener" target="_blank">2</a>.</div>
<div class="graf graf--p" name="d067">
<br /></div>
<div class="graf graf--p" name="b8a1">
The hypothesis that fear and hope are the driving emotions that separates people into the right and left seems to be very fitting if we look at ideological battles in the cryptocurrency space. Below, I present my definition of right-wing hodlers and left-wing hodlers.</div>
<div class="graf graf--p" name="b8a1">
<br /></div>
<div class="graf graf--p" name="80c5">
The right-wing hodlers are driven by a fear of the worst case scenarios. Worst case scenarios in the crypto space will generally involve adversarial attacks against the blockchain by a nation state. It could also be related to personal loss/theft or unforeseen errors in the code that results in catastrophic consensus failure. Because their main instinct is fear of the worst case, the right-wing hodler’s focus is on security above everything else. For a right-winger, means to achieve security is derived from their strict adherence to cryptographic rules and stable Nash equilibrium solutions. In some sense, you could characterize them as Technocrats, an overly logical bureaucrat that is beholden to technology, instead of the government. A good fictional archetype might be the Vulcan race in Star Trek. Someone like Gregory Maxwell and Peter Todd would be a good example of a right-wing hodler.</div>
<div class="graf graf--p" name="80c5">
<br /></div>
<div class="graf graf--p" name="eeaa">
The left-wing hodlers are driven by their hope for the best case scenario. The best case scenarios generally involve the destruction of fiat or a large scale adoption of cryptocurrencies in the global market. The scenario also includes personal increase in wealth, narratives regarding egalitarianism (i.e, “banking the unbanked”), and the take down of tyrannical governments. Because their main instinct is hope of the best case scenarios, their focus is on innovation. Innovation for a left-winger involves creating new ways to utilize the blockchain, or inventing some alternative decentralized consensus methods (such as proof of stake). This is not to say that a left-winger does not care about security at all, it just means that they are more willing to make a security trade-off in order to achieve their goals. The left-winger could be characterized as techno-evangelists and culturally they have a lot in common with Silicon Valley start-up entrepreneurs in the mold of Steve Jobs and Mark Zuckerberg. Vitalik Buterin and Roger Ver are good examples of left-wing hodlers.<img class="graf-image" data-height="473" data-image-id="1*6w7xl1uRQSj33bGEsPAs7Q.png" data-width="898" height="336" src="https://cdn-images-1.medium.com/max/1000/1*6w7xl1uRQSj33bGEsPAs7Q.png" width="640" /></div>
<div class="graf graf--p" name="8e87">
<br /></div>
<div class="graf graf--p" name="8e87">
Here is a rough graph I made that places different cryptocurrencies and ideas in the crypto space on a left-right continuum. For fun, I’ve named the left-wing after the latest Ethereum collectible craze CryptoKitties, and the right-wing after the POW stalwart meme-coin Dogecoin. The center is anchored by everyone’s favorite shining beacon of blockchain information, Andreas Antonopolous. Note that the words in red are ideas that have nebulous associations with their placement, thus their location are inexact (for example “freedom of speech” is historically a left-leaning concept in mainstream politics, but can also be adopted by the right).</div>
<div class="graf graf--p" name="8e87">
<br /></div>
<div class="graf graf--p" name="9f4e">
The right-wing is anchored by Bitcoin, the original blockchain created by Satoshi Nakamoto. The central tenet since the inception of Bitcoin has been proof of work (POW), and to me it seems like it is still a centrist position despite the fact that I’ve drawn up Bitcoin to be on the far right. Rogue ideas like proof of stake may have pushed POW to the right-hand side by a bit, but since most cryptocurrencies are POW based, I think it’s in an appropriate position.</div>
<div class="graf graf--p" name="9f4e">
<br /></div>
<div class="graf graf--p" name="ce73">
It’s important to note that when Bitcoin was first created, the concept of left and right-wing was limited in scope to conversation between sophisticated Bitcoin devs who understood that many problems in the blockchain could not be solved without making concessions on security or decentralization. This concept did not exist in the consciousness of the general public. In those days, the general Bitcoin public behaved very much like a classic left-wing archetype. Optimistic slogans like “global digital currency”, “fast peer-to-peer transactions”, “banking the unbanked”, and “low processing fees” are the creation of the left and can be credited with driving Bitcoin’s meteoric rise in the early days (the left-wing is much better at shilling than the right-wing).</div>
<div class="graf graf--p" name="ce73">
<br /></div>
<div class="graf graf--p" name="06f3">
The rise of altcoins began the split of the Bitcoin community into separate factions. Litecoin was the first significant altcoin to emerge, and when it first came out it was seen as a radical idea. These days many people mostly dismiss it as a Bitcoin clone (which it literally is in the parlance of <a class="markup--anchor markup--p-anchor" data-href="https://git-scm.com/docs/git-clone" href="https://git-scm.com/docs/git-clone" rel="noopener" target="_blank">git</a>). Ripple then came onto the scene and staked out a very far left position in the continuum, completely abandoning proof of work and laying a dubious claim that a cryptographic distributed consensus system was sufficient for a cryptocurrency.</div>
<div class="graf graf--p" name="06f3">
<br /></div>
<div class="graf graf--p" name="ea59">
Currently, the left is anchored by Ethereum whose main difference from Bitcoin is its comparatively functionally rich and Turing-complete scripting language. Although Ethereum has many fundamental similarities with Bitcoin, the biggest one being proof of work, its leftist tendency is made clear by the grandiose plans of its developers and the actions it has taken to resolve difficult situations such as the <a class="markup--anchor markup--p-anchor" data-href="https://www.coindesk.com/ethereum-executes-blockchain-hard-fork-return-dao-investor-funds/" href="https://www.coindesk.com/ethereum-executes-blockchain-hard-fork-return-dao-investor-funds/" rel="noopener" target="_blank">DAO hack</a>. Their proposed move to proof of stake will certainly move Ethereum even further to the left. If this happens, I suspect that some other cryptocurrency will fill the large gap in the left/right spectrum that it will leave behind.</div>
<div class="graf graf--p" name="ea59">
<br /></div>
<div class="graf graf--p" name="5503">
In summary, the political spectrum in the cryptocurrency space is occupied by the left, who is driven by hope, and the right, who is driven by fear. The left-wing wants to focus on innovation and the right-wing wants to focus on security. Important homework questions you might want to think about are: A) Where would you place yourself in the crypto-political spectrum? B) What political spectrum does a certain cryptocurrency belong to? C) What is the future crypto left/right landscape going to look like?</div>
<div class="graf graf--p" name="95f2">
<br /></div>
<div class="graf graf--p" name="95f2">
In a future part 2 of this article, I will expand further on what it exactly means to be a left/right-winger in the cryptocurrency space and go over some examples from the past where this has played out with huge consequences. Further, we can establish some basic theories about how left/right-wing politics will play out in the future that will help us navigate all you hodlers out there to the moon.</div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-3711467895183670801.post-49370717184059157422018-02-09T19:08:00.000-08:002018-03-30T08:48:04.720-07:00IOTA Doesn't Scale<div class="graf graf--p" name="99b2">
IOTA is cryptocurrency that uses a Tangle instead of a “blockchain”. From <a class="markup--anchor markup--p-anchor" data-href="https://learn.iota.org/faqs" href="https://learn.iota.org/faqs" rel="nofollow noopener noopener" target="_blank">https://learn.iota.org/faqs</a>, “The Tangle as implemented in IOTA is the first public distributed ledger to achieve scalability, no fee transactions, as well as quantum-computing protection”. In this article, I will try to investigate how they achieve this claim and see how correct their claim is.</div>
<div class="graf graf--p" name="99b2">
<br /></div>
<div class="graf graf--p" name="3923">
I’m going to skip the “quantum-computing protection” part here because I’m not well versed in the topic, but let’s cover the two important topics. IOTA is proposing that the Tangle is a ledger that has “no fee transactions” and “achieves scalability”. These are two very contradictory statements because if there is no fee, there is nothing that prevents someone from spamming the network, and thus you have a ledger that grows out of control. Some shills have used “infinite scaling” ( <a class="markup--anchor markup--p-anchor" data-href="https://www.iotasupport.org" href="https://www.iotasupport.org/" rel="noopener" target="_blank">https://www.iotasupport.org</a> ) as a tagline, which is also a funny oxymoron.</div>
<div class="graf graf--p" name="3923">
<br /></div>
<div class="graf graf--p" name="0fcc">
So how does the IOTA Tangle work? When creating a transaction in IOTA, you must assemble any two transactions that came before it, and attach a small proof of work to it. Therefore, the creation of a transaction necessitates a creation of a very small block with two other transactions on it. This proof of work is a small constant (presumably so that it works on small devices to enable the Internet-of-things) and does not adjust to the network hash rate.<br />
</div>
<div class="graf graf--p" name="e94d">
This raises an obvious question: so if the proof of work is a small constant, how does IOTA deal with the fact that someone with a lot of hashing power can spam the network with a bunch of transactions? The Tangle will quickly grow out of control preventing anybody from validating the full ledger. Oddly enough, the whitepaper <a class="markup--anchor markup--p-anchor" data-href="https://iota.org/IOTA_Whitepaper.pdf" href="https://iota.org/IOTA_Whitepaper.pdf" rel="nofollow noopener noopener noopener noopener" target="_blank">https://iota.org/IOTA_Whitepaper.pdf</a> makes only a single sentence mention of this attack and how it plans to deal with this. Here is the sentence: “To avoid spamming and other attack styles, it is assumed that no entity can generate an abundance of transactions with “acceptable” weights in a short period of time.”</div>
<div class="graf graf--p" name="e94d">
<br /></div>
<div class="graf graf--p" name="e777">
Ehh… what? What kind of crazy assumption is that? So basically what the whitepaper is saying is that the proof of work has to be difficult enough to prevent spamming, even though the difficulty does not adjust automatically. This means that the Tangle has to hard fork every time there is some drastic change in the network hash rate. Anybody who’s ever mined a cryptocurency knows that the network hash rate can abruptly change at any time, so this assumption is just plain wrong. Another problem with this assumption is that if the proof of work is difficult enough to prevent spamming, it will also be too difficult for your typical Internet of things(the single application that IOTA is supposed to be for) device to solve.</div>
<div class="graf graf--p" name="e777">
<br /></div>
<div class="graf graf--p" name="5e7f">
After some looking and asking around, there seems to be another solution that IOTA is using to prevent spam attacks. The solution is the usual suspect when IOTA is being criticized and that is the central coordinator. IOTA’s central coordinator “decides” what is a spam transaction and removes it from being propagated through the network…. hmm doesn’t sound decentralized to me. I was going to bring this up with an IOTA developer, but it seems like I’m not the only one with this concern. Reddit user polayo expressed the same concerns about IOTA’s scaling when IOTA held its AMA, and an IOTA developer actually answered this question himself.</div>
<div class="graf graf--p" name="9106">
<a class="markup--anchor markup--p-anchor" data-href="https://www.reddit.com/r/Iota/comments/6z0y1e/scalability_questions_not_answered_in_yesterdays/dmwf8wy/" href="https://www.reddit.com/r/Iota/comments/6z0y1e/scalability_questions_not_answered_in_yesterdays/dmwf8wy/" rel="nofollow noopener noopener" target="_blank">https://www.reddit.com/r/Iota/comments/6z0y1e/scalability_questions_not_answered_in_yesterdays/dmwf8wy/</a></div>
<div class="graf graf--p" name="9106">
<br /></div>
<div class="graf graf--p" name="495f">
His answer basically states “We don’t have an answer right now. We are going to research this, but for now snapshots is our answer”. So there you have it. One of the main developers of IOTA is admitting that the Tangle does not achieve scalability in its current state. Their two excuses are that a) they are relying on “snapshots” and b) its part of some ongoing research which nobody knows about and they are not going to disclose (if you believe this, I have some Bitconnects to sell you).</div>
<div class="graf graf--p" name="495f">
<br /></div>
<div class="graf graf--p graf--startsWithDoubleQuote" name="07bc">
“Snapshots” describe the state of a ledger at a certain time without you having to download the entire ledger. They are centralized solutions that relies on trust. Every time you download a snapshot you are putting yourself at diverging from consensus because you have to trust that you are getting the correct snapshot. Scaling is extremely easy when it doesn’t have to be trustless. Every cryptocurrency, including Bitcoin, scales just as well as IOTA’s Tangle if it relied on snapshots and hand-waved away the fact that snapshots are not trust-less (services like blockchain.info are essentially snapshotting services and no one's seriously proposing it as a scaling solution for Bitcoin).</div>
<div class="graf graf--p" name="803a">
Skimming through the IOTA roadmap, <a class="markup--anchor markup--p-anchor" data-href="https://blog.iota.org/iota-development-roadmap-74741f37ed01" href="https://blog.iota.org/iota-development-roadmap-74741f37ed01" rel="nofollow noopener noopener noopener" target="_blank">https://blog.iota.org/iota-development-roadmap-74741f37ed01</a> , they refer to snapshots several times but there is nothing in place to tell us how they will remove their dependencies from snapshots. There is also no plan whatsoever to deprecate their central coordinator which they rely on heavily to keep the network going.</div>
<div class="graf graf--p" name="803a">
<br /></div>
<div class="graf graf--p" name="89b4">
In summary, when you strip away the fancy tech jargon like Directed Acylic Graphs, Internet of Things, and Tangle, what the IOTA whitepaper proposes is simple and fundamentally impossible. They are basically proposing that a blockchain with no difficulty adjustment can scale. When they actually implemented their system, they realized that this was impossible for an actual decentralized system so they implemented a centralized solution to fix it.</div>
<div class="graf graf--p" name="89b4">
<br /></div>
<div class="graf graf--p" name="58c2">
<b class="markup--strong markup--p-strong">TLDR:</b><br />
Does IOTA achieve better scalability compared to other cryptocurrencies? No.</div>
<div class="graf graf--p" name="ebc5">
Does it heavily rely on a centralized coordinator? Yes.</div>
<div class="graf graf--p" name="39e2">
Is there any plan in place to remove dependencies from the coordinator? No.</div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-3711467895183670801.post-86120278175318567922015-12-02T12:47:00.000-08:002015-12-02T17:26:32.303-08:00A Case for Replace by Fee : How Bitcoin Businesses can Benefit from RBF<span style="font-family: inherit;">
</span><br />
<style type="text/css">p { margin-bottom: 0.1in; line-height: 120%; }a:link { }</style><span style="font-family: inherit;"><span style="font-size: small;">"Replace by
Fee" or RBF has recently received a lot of talk with the merge
of “<a href="https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2015-November/011783.html">Opt
in RBF</a>” by the Bitcoin Core devs. Although there has been a
lot of FUD and drama being spread on social media channels regarding
the change, several noted figures in the Bitcoin community , such as
<a href="https://shapeshift.io/site/blog/2015/12/01/note-ceo-erik-voorhees-appeal-zero-conf%C2%A0">Erik
Voorhees from Shapeshift</a>, and <a href="https://chrispacia.wordpress.com/2015/11/29/on-zero-confirmation-transactions/">Chris
Pacia from OpenBazaaar</a>, have made valid and well written
statements against RBF . Their main argument is that RBF makes it
easier to double spend and will reduce the capabilities of Bitcoin
businesses to compete since they can no longer rely on zero confirm
transactions. I think this is a valid and pragmatic point, but here
I would like to make the counter argument that Bitcoin businesses
stand to gain a lot from the adoption of RBF, and give coherent
examples of how Bitcoin businesses can utilize RBF to provide a
better customer experience, and be more cost efficient.</span></span><br />
<br />
<span style="font-family: inherit;">
</span>
<br />
<span style="font-family: inherit;">
</span>
<span style="font-family: inherit;"><span style="font-size: small;"><i>Point
1: Bitcoin businesses will save money on transaction fees: </i></span></span>
<br />
<span style="font-family: inherit;">
</span>
<span style="font-family: inherit;"></span><span style="font-family: inherit;"><br /></span>
<br />
<span style="font-family: inherit;">
</span>
<span style="font-family: inherit;"><span style="font-size: small;">The
businesses that stand to gain a lot from RBF are operations that must
handle large volumes of outbound Bitcoin transactions, and must pay a
large amount of aggregate transaction fees. This means exchanges,
brokers (like Shapeshift), and payment processors stand to gain a lot
from RBF. Operations like these want to pay the lowest transaction
fee possible, but at the same time it must meet customer expectation
of timeliness. They don't want to underpay the transaction fee
because the transaction will take a long time to confirm, and they
don't want to overpay the transaction fee because it impacts their
bottom line negatively. This is a difficult problem to solve, due to
the fact that transaction fees are not static, and will be
increasingly more volatile as the Bitcoin mining subsidy is decreased
and miners must rely more on transaction fees for revenue. We have
already seen instances of high transaction fee volatility, due to the
spam attacks on the network. According to <a href="https://medium.com/blockcypher-blog/a-bitcoin-spam-attack-post-mortem-s-la-ying-alive-654e914edcf4#.j8vecdjg4">BlockCypher</a>,
during the spam attack on 2015, July 8<sup>th </sup>, the average
transaction fee went up 3 times, while the minimum transaction fee
went up 25 times.</span></span><br />
<span style="font-family: inherit;">
</span>
<br />
<span style="font-family: inherit;">
</span>
<span style="font-family: inherit;"><span style="font-size: small;">Transaction
fees are dependent on many factors such as available network
bandwidth, available size of the mempool, the miners that are active
at that particular moment, and the cost of operation for those
miners. So spam attacks are not the only source of volatility for
transaction fees. You could see unpredictable transaction fee
increases when there is a large network outage that knocks out a
bunch of full nodes, or when there is an increase in the spot price
of coal in China that affects operation costs for Chinese Bitcoin
miners. It is important to note that the volatility of transaction
fee can not solved by increasing the block size. It may have an
impact of lowering the transaction fee, but it will not make
transaction fees static, due to the large number of variables that
affects transaction fees as mentioned above.</span></span><br />
<span style="font-family: inherit;">
</span>
<span style="font-family: inherit;"></span><span style="font-family: inherit;"><br /></span>
<br />
<span style="font-family: inherit;">
</span>
<span style="font-family: inherit;"><span style="font-size: small;">With
RBF, Bitcoin businesses now have the capability to adjust their
transaction fee on their outbound transactions in real time. This
makes it far less likely for a business to overpay or underpay the
transaction fee. This is easy to see if you look at RBF as a
bartering process between the transaction creator and the miner. The
transaction creator can start with a low offer, and progressively
increase his offer until the miner accepts. This is much better
alternative to the current “First Seen Safe” process where the
transaction creator is stuck with the first offer he makes with no
ability to make a better offer. The first offer could be flat out
wrong due to the transaction creator's inability to estimate the
required transaction fee, or some unpredictable event could occur
immediately after the time that the transaction was created that
impacts the required transaction fee. </span></span>
<br />
<span style="font-family: inherit;">
</span>
<span style="font-family: inherit;"></span><span style="font-family: inherit;"><br /></span>
<br />
<span style="font-family: inherit;">
</span>
<span style="font-family: inherit;"><span style="font-size: small;"><i>Point
2: Double spends are not necessarily malicious </i></span></span>
<br />
<span style="font-family: inherit;">
</span>
<span style="font-family: inherit;"><span style="font-size: small;"><br />
When
we think of double spends, we think of people defrauding other users,
but this does not always have to be the case. For example, people
mistakenly send Bitcoins to the wrong address all the time with
fortunes being lost in this way. I'm sure that many Bitcoin
businesses past and present have also mistakenly created transactions
that they'd like to take back. RBF gives you a time window where you
can reverse this mistake (with some probability of success).</span></span><br />
<span style="font-family: inherit;">
</span>
<span style="font-family: inherit;"></span><span style="font-family: inherit;"><br /></span>
<br />
<span style="font-family: inherit;">
</span>
<span style="font-family: inherit;"><span style="font-size: small;">Many
honest mistakes are made all the time in mainstream financial
markets, such as the six billion dollar “fat finger” screw up at
<a href="http://www.cnbc.com/2015/10/19/financial-times-deutsche-bank-in-6bn-fat-finger-slip-up.html">Deutsche
Bank</a>, so institutions have rules in place to deal with the fact
that human beings are prone to type in an extra zero or two. Bitcoin
having a feature where transactions are reversible up to a certain
time period is not necessarily a bad thing. It can protect Bitcoin
businesses and their customers from their own mistakes.</span></span><br />
<span style="font-family: inherit;">
</span>
<span style="font-family: inherit;"></span><span style="font-family: inherit;"><br /></span>
<br />
<span style="font-family: inherit;">
</span>
<span style="font-family: inherit;"><span style="font-size: small;"><i>Additional
Readings </i><i>on RBF</i><i>:</i> </span></span>
<br />
<span style="font-family: inherit;">
</span>
<br />
<div style="line-height: 100%; margin-bottom: 0in;">
<span style="font-family: inherit;"><span style="font-size: small;"><a href="https://www.reddit.com/r/Bitcoin/comments/3urm8o/optin_rbf_is_misunderstood_ask_questions_about_it/">Opt
in RBF is misunderstood , Ask questions here, Reddit thread </a></span></span>
</div>
<span style="font-family: inherit;">
</span>
<br />
<div style="line-height: 100%; margin-bottom: 0in;">
<span style="font-family: inherit;"><span style="font-size: small;"><a href="https://medium.com/@octskyward/replace-by-fee-43edd9a1dd6d#.mpfr7htu6">Mike
Hearn on RBF</a></span></span></div>
<span style="font-family: inherit;">
</span>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-3711467895183670801.post-34195488161349889292015-10-18T18:09:00.000-07:002015-10-27T17:40:59.328-07:00Atomic Cross Chain Transfer, an Overview<span style="font-family: inherit;">
</span><style type="text/css">p { margin-bottom: 0in; }a:link { }</style><br />
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><span style="color: black;"><span style="font-size: small;">Atomic
cross chain transfers (or atomic cross chain trading, from here on
referred to as ACCT for short) , makes it possible to trustlessly
trade between two cryptocurrencies existing on different blockchains.
This means that neither of the two parties involved in the trade is
at risk of their funds being stolen. The trade either completes with
both parties getting the coins that they agreed upon, or the trade
fails and both parties get their coins back. </span></span><span style="color: black;"><span style="font-size: small;">
The trustless nature of ACCT will eventually have a huge impact on
the way cryptocurrencies are traded, as it allows complete strangers
with no prior reputation to trade with each other without a third
party intermediary. </span></span></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><br /></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><span style="color: black;"><span style="font-size: small;">The
first working theoretical implementation of ACCT was first described
by </span></span><span style="color: black;"><span style="font-size: small;">Noel
Tiernan</span></span><span style="color: black;"><span style="font-size: small;">
</span></span><span style="color: black;"><span style="font-size: small;">in
this </span></span><a href="https://bitcointalk.org/index.php?topic=193281.msg2224949#msg2224949">bitcointalk.org
thread</a><span style="color: black;"><span style="font-size: small;">,</span></span><span style="color: black;"><span style="font-size: small;">
and the basic details of the algorithm is described </span></span><a href="https://en.bitcoin.it/wiki/Atomic_cross-chain_trading">here</a><span style="color: black;"><span style="font-size: small;">.
In this document, we are specifically interested in discussing ACCT
for Bitcoin and Bitcoin derived cryptocurrencies. Bitcoin derived
cryptocurrencies are forked off of the Bitcoin Core source code, and
examples include Dogecoin, DASH, and Litecoin. </span></span><span style="color: black;"><span style="font-size: small;">Below
are the covered topics in this document:</span></span></span></div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><br /></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><span style="color: black;"><span style="font-size: small;">1.
ACCT using refund transactions</span></span></span></div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><span style="color: black;"><span style="font-size: small;">2.
Alternative implementation of ACCT using refund transactions</span></span></span></div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><span style="color: black;"><span style="font-size: small;">3.
Vulnerabilities of ACCT using refund transactions</span></span></span></div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><span style="color: black;"><span style="font-size: small;">4.
ACCT using Check Lock Time Verify</span></span></span></div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><br /></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><span style="color: black;"><span style="font-size: small;"><b>1.
ACCT using refund transactions</b></span></span></span></div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><br /></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><span style="color: black;"><span style="font-size: small;">ACCT
can be currently implemented by constructing refund transactions. We
discuss in detail here one implementation of this method. This
implementation is based on Ross Nicoll’s <a href="https://github.com/rnicoll/cate">CATE</a>
project.</span></span></span></div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><br /></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><span style="color: black;"><span style="font-size: small;"><i>Variables
and Terms</i></span></span></span></div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><br /></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><span style="color: black;"><span style="font-size: small;">AlphaCoin
- a bitcoin derived cryptocurrency</span></span></span></div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><span style="color: black;"><span style="font-size: small;">BetaCoin
- another bitcoin derived cryptocurrency</span></span></span></div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><span style="color: black;"><span style="font-size: small;">Initiator
– one party of the trade, looking to sell Alpha Coin for Beta Coin.</span></span></span></div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><span style="color: black;"><span style="font-size: small;">Responder
– the second party involved in the trade, looking to sell Beta Coin
for Alpha Coin</span></span></span></div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><span style="color: black;"><span style="font-size: small;">X
– secret number created by initiator</span></span></span></div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><span style="color: black;"><span style="font-size: small;">H(X)
– hash of secret X </span></span></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><span style="color: black;"><span style="font-size: small;">Privkey
i / Pubkey i - private public key pairs belonging to initiator</span></span></span></div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><span style="color: black;"><span style="font-size: small;">Privkey
r / Pubkey r - private public key pairs belonging to responder</span></span></span></div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><span style="color: black;"><span style="font-size: small;">TxAb
- initiator's bail in transaction, for the Alpha Coin network </span></span></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><span style="color: black;"><span style="font-size: small;">TxAr
- initiator's refund transaction, for the Alpha Coin network</span></span></span></div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><span style="color: black;"><span style="font-size: small;">TxAp
– responder's pay out transaction, for the Alpha Coin network </span></span></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><span style="color: black;"><span style="font-size: small;">TxBb
- responder's bail in transaction, for the Beta Coin network</span></span></span></div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><span style="color: black;"><span style="font-size: small;">TxBr
– responder's refund transaction, for the Beta Coin network</span></span></span></div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><span style="color: black;"><span style="font-size: small;">TxBp
– initiators pay out transaction, for the Beta Coin network</span></span></span></div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><span style="color: black;"><span style="font-size: small;">T2
- time till initiator can obtain refund</span></span></span></div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><span style="color: black;"><span style="font-size: small;">T1
- time till responder can obtain refund , where T1 < T2</span></span></span></div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><br /></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><span style="color: black;"><span style="font-size: small;"><i>Steps</i></span></span></span></div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><br /></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><span style="color: black;"><span style="font-size: small;">Step
1. </span></span></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><span style="color: black;"><span style="font-size: small;">Initiator
creates secret X, and hashes it to create H(X). Initiator also
creates two public private key pairs (pubkey i1,i2 / privkey i1,i2).
Responder creates two public private key pairs (pubkey r1,r2 /
privkey r1,r2). </span></span></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><br /></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><span style="color: black;"><span style="font-size: small;">Step
2. </span></span></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><span style="color: black;"><span style="font-size: small;">Initiator
shares H(X) and pubkey i’s with responder. Responder shares pubkey
r’s with initiator. </span></span></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><span style="color: black;"><span style="font-size: small;"><br />
Step
3 </span></span></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><span style="color: black;"><span style="font-size: small;">Initiator
creates and keeps secret TxAb, the bail in transaction. The bail in
transaction moves initiator's funds into an unspent that can be
redeemed with knowledge of secret X and a signature from privkey r1,
or it can be redeemed with signature from both privkey i1 and privkey
r1. </span></span></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><br /></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><span style="color: black;"><span style="font-size: small;">Step
4. </span></span></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><span style="color: black;"><span style="font-size: small;">Responder
creates and keeps secret TxBb, his bail in transaction. The bail in
transaction moves responder's funds into an unspent that can be
redeemed with knowledge of secret X and a signature from privkey i2
or it can be redeemed with signature from privkey i2 and privkey r2.</span></span></span></div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><br /></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><span style="color: black;"><span style="font-size: small;">Step
5. </span></span></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><span style="color: black;"><span style="font-size: small;">Initiator
creates TxAr, his refund transaction that spends TxAb with signature
from privkey i1 and privkey r1 to an address controlled by initiator.
TxAr has nLocktime set to some time in the future T2 so is not valid
until that time passes. TxAr is sent to responder and the responder
sends back TxAr signed with privkey r1. Initiator signs the
transaction with privkey i1.</span></span></span></div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><br /></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><span style="color: black;"><span style="font-size: small;">Step
6. </span></span></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><span style="color: black;"><span style="font-size: small;">Responder
creates refund TxBr, his refund transaction that spends TxBb with
signature from privkey i2 and privkey r2. The refund TxBr has
nlocktime set to some time in the future T1 (where T2 > T1 ) so is
not valid until that time passes. TxBr is sent to initiator and the
initiator sends back TxBr signed with privkey i2. Responder signs the
transaction with privkey r2. </span></span></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><br /></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><span style="color: black;"><span style="font-size: small;">Step
7. </span></span></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><span style="color: black;"><span style="font-size: small;">TxAb
is broadcast by initiator. </span></span></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><br /></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><span style="color: black;"><span style="font-size: small;">Step
8. </span></span></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><span style="color: black;"><span style="font-size: small;">After
confirming TxAb, responder broadcasts TxBb.</span></span></span></div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><br /></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><span style="color: black;"><span style="font-size: small;">Step
9. </span></span></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><span style="color: black;"><span style="font-size: small;">Initiator
creates payout transaction TxBp that spends TxBb by revealing secret
and using privkey i2. Since the secret is now revealed to the
responder, the responder creates payout transaciton TxAp that spends
TxAb by using the revealed secret X and privkey r1. </span></span></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><br /></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><span style="color: black;"><span style="font-size: small;"><i>Notes</i></span></span></span></div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><br /></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><span style="color: black;"><span style="font-size: small;">If
initiator fails to broadcast TxAb in step 7, the exchange has
failed and no further steps need to be taken by the responder.</span></span></span></div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><br /></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><span style="color: black;"><span style="font-size: small;">If
responder fails to broadcast TxBb in step 8, initiator can redeem
TxAb in time T2 using refund transaction TxAr. </span></span></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><br /></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><span style="color: black;"><span style="font-size: small;">At
step 9, if initiator fails to get pay out from TxBb before time T1,
responder can get refund with TxBr. If responder fails to get pay out
from TxAb after time T2 has passed. Initiator can get refund with
TxAr </span></span></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><br /></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><span style="color: black;"><span style="font-size: small;"><i>Scripts</i></span></span></span></div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><br /></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><span style="color: black;"><span style="font-size: small;">TxAb’s
output should be a p2sh transaction to the hash of the serialized
script outlined below. The reason we use a p2sh transaction is that
since Bitcoin Core 10.0, any p2sh transactions are considered
standard and will be relayed by 10.0 nodes. </span></span></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><br /></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-size: small;"><span style="font-family: "Courier New",Courier,monospace;"><span style="color: black;">OP_DUP
OP_HASH160 [Hash160(pubkey r1)] OP_EQUALVERIFY</span></span></span></div>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-size: small;"><span style="font-family: "Courier New",Courier,monospace;"><span style="color: black;">OP_CHECKSIGVERIFY
</span></span></span>
</div>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-size: small;"><span style="font-family: "Courier New",Courier,monospace;"><span style="color: black;">OP_IF
</span></span></span>
</div>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-size: small;"><span style="font-family: "Courier New",Courier,monospace;"><span style="color: black;">
OP_DUP
OP_HASH160 [Hash160(pubkey i1)] OP_EQUALVERIFY</span></span></span></div>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-size: small;"><span style="font-family: "Courier New",Courier,monospace;"><span style="color: black;"> OP_CHECKSIG
</span></span></span>
</div>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-size: small;"><span style="font-family: "Courier New",Courier,monospace;"><span style="color: black;">OP_ELSE
</span></span></span>
</div>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-size: small;"><span style="font-family: "Courier New",Courier,monospace;"><span style="color: black;">
OP_HASH256
[H(x)] OP_EQUAL </span></span></span>
</div>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-size: small;"><span style="font-family: "Courier New",Courier,monospace;"><span style="color: black;">OP_ENDIF</span></span></span></div>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><br /></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><span style="color: black;"><span style="font-size: small;">Refund
transaction TxAr’s script sig will look like below:</span></span></span></div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><br /></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-size: small;"><span style="font-family: "Courier New",Courier,monospace;"><span style="color: black;">[signature
from privkey i1] [pubkey i1] 1 [signature from privkey r1] [pubkey
r1] </span></span></span>
</div>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-size: small;"><span style="font-family: "Courier New",Courier,monospace;"><span style="color: black;">{serialized
script}</span></span></span></div>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><br /></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><span style="color: black;"><span style="font-size: small;">Pay
out transaction TxAp’s script sig will look like below: </span></span></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: "Courier New",Courier,monospace;"><span style="font-size: small;"><br /></span></span>
</div>
<span style="font-family: "Courier New",Courier,monospace;"><span style="font-size: small;">
</span></span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: "Courier New",Courier,monospace;"><span style="font-size: small;"><span style="color: black;">[X]
0 [signature from privkey r1] [pubkey r1] {serialized script} </span></span></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><br /></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><span style="color: black;"><span style="font-size: small;">TxBb,
TxBr, and TxBp is symmetrical and replaces key pair r1 with i2 and
key pair i1 with r2. </span></span></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><br /></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><span style="color: black;"><span style="font-size: small;"><b>2.
Alternative Implementation of ACCT using refund transactions </b></span></span></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><br /></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><a href="https://www.blogger.com/null" name="__DdeLink__436_1974588834"></a>
<span style="color: black;"><span style="font-size: small;">Noel
Tiern</span></span><span style="color: black;"><span style="font-size: small;">a</span></span><span style="color: black;"><span style="font-size: small;">n
describes an </span></span><a href="https://github.com/TierNolan/bips/blob/bip4x/bip-atom.mediawiki">alternative
implementation</a><span style="color: black;"><span style="font-size: small;">,
which is also implemented by Matthew Bell in </span></span><span style="color: black;"><span style="font-size: small;">project</span></span><span style="color: black;"><span style="font-size: small;">
</span></span><a href="https://github.com/mappum/mercury">Mercury</a><span style="color: black;"><span style="font-size: small;">.
The main advantage of this implementation was that before Bitcoin
Core release </span></span><a href="https://bitcoin.org/en/release/v0.10.0">10.0.0</a><span style="color: black;"><span style="font-size: small;">,
not all p2sh scripts were considered standard and were not relayed by
nodes. This implementation required the use of only one non standard
transaction in the entire ACCT protocol, as opposed to two. Thus this
implementation was more likely to be propagated across the entire
network. </span></span></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><br /></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><span style="color: black;"><span style="font-size: small;">However
with the introduction of Bitcoin Core 10.0.0 on February 2015, rules
for standard transactions were relaxed so that all P2SH redemption
scripts are considered “standard” and are relayed by the nodes.
Thus this alternative implementation no longer has this advantage.
Litecoin Core has adapted the 10.0.0 changes since June 2015 with
version 10.2.2, and Dogecoin Core as of September 2015 is in the
process of adapting the 10.0.0 changes with its beta release of 1.10.
</span></span></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><br /></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><span style="color: black;"><span style="font-size: small;"><b>3.
Vulnerabilities of ACCT using refund transactions</b></span></span></span></div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><br /></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><span style="color: black;"><span style="font-size: small;"><i>Extortion
using Transaction Malleability</i></span></span></span></div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><br /></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><span style="color: black;"><span style="font-size: small;">TxAb
and TxBb could be mutated , thus making their respectable refund
transactions TxAr and TxBr invalid. If refund transaction is invalid,
the funds could be forever locked unless you obtain cooperation from
your counterparty to resign the refund transaction. A possible
attack that can be performed either by the initiator or the responder
is to mutate the counterparty's funding transaction, making their
refund transaction invalid. Now the attacker is in position to extort
money from the counterparty. </span></span></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><br /></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><span style="color: black;"><span style="font-size: small;">There
has been progress on several fronts to alleviate the transaction
malleability problem in Bitcoin such as </span></span><a href="https://github.com/bitcoin/bips/blob/master/bip-0066.mediawiki">strict
DER encoding</a><span style="color: black;"><span style="font-size: small;">,
</span></span><a href="https://bitcoin.org/en/release/v0.11.1">lowS
signature enforcement</a><span style="color: black;"><span style="font-size: small;">,
and stricter definitions for standard transactions limits mutated
transaction from being relayed. However, relay rules do not prevent
miners from mining mutated transactions, and do not change the
behavior of old clients or clients that do not adhere to the same
relay rules as the core protocol. </span></span></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><br /></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><span style="color: black;"><span style="font-size: small;">It
is unlikely that the malleability problem will be solved in the near
future. </span></span><a href="https://github.com/bitcoin/bips/blob/master/bip-0062.mediawiki">BIP
62</a><span style="color: black;"><span style="font-size: small;">
outlines all known malleability sources, but it is by no means an
exhaustive list, since it is based on heuristics. New malleability
sources could be discovered, and could also be created by changes in
the protocol. </span></span><a href="https://github.com/cdecker/bips/blob/normtxid/bip-00nn.mediawiki">Normalized
Transaction ID's</a><span style="color: black;"><span style="font-size: small;">
have been proposed as a solution, but this proposal is far from
obtaining consensus from </span></span><span style="color: black;"><span style="font-size: small;">C</span></span><span style="color: black;"><span style="font-size: small;">ore
devs and being implemented into Bitcoin. </span></span><span style="color: black;"><span style="font-size: small;">This
vulnerability makes it dangerous for ACCT using refund transactions
to be deployed in production systems. </span></span></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><br /></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><br /></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><span style="color: black;"><span style="font-size: small;"><i>Fund
Lock Attack </i></span></span></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><br /></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><span style="color: black;"><span style="font-size: small;">A
trivial attack to perform is for the responder to never follow
through the bail in transaction broadcast on step 8. This will lock
up the initiator’s fund for time T2 without any losses by the
responder. The initiator can perform a similar attack although not
without locking up his own funds. He can refuse to perform his pay
out transaction in step 9, but in this case it will keep responder’s
fund locked up for time T1 and keep his own funds locked up for time
T2. </span></span></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><br /></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><br /></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><span style="color: black;"><span style="font-size: small;"><i>Payout
Failure </i></span></span></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><br /></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><span style="color: black;"><span style="font-size: small;">Responder
could fail to obtain payout from TxAb before time T2 as in step 8.
This could happen for many reasons such as the responder losing
private key r, the responder losing access to the internet (DDOS,
network failure), or his transaction does not make it into the
blockchain (blacklisted by miner, congestion in the blockchain,
failure to pay sufficient tx fee). In this case, the initiator would
be able to have access to both his own fund and the responder's fund,
effectively allowing him to steal responder's funds. </span></span></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><br /></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><span style="color: black;"><span style="font-size: small;">Note
that initiator does not face the same risk if he fails to redeem TxBb
before time T1, as long as he does not reveal secret X. If initiator
fails to redeem TxBb before time T1. Responder can use refund
transaction TxBr to redeem TxBb , but responder has no access to
TxAb. However, if initiator reveals secret X (for example, TxBp is
broadcast onto the network but does not make it into any blocks
before time T1), the responder would be able to have access to both
his own fund and the initiator's fund. </span></span></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><br /></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><span style="color: black;"><span style="font-size: small;"><i>Double
Spend Attack </i></span></span></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><br /></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><span style="color: black;"><span style="font-size: small;">As
with any cryptocurrency transactions involving two parties, there is
an opportunity for a double spend attack. This can happen if the
victim does not wait for sufficient confirmations , or an attacker
has access to sufficient mining power.</span></span></span></div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><br /></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><span style="color: black;"><span style="font-size: small;">If
the initiator can convince the responder that TxAb occurred when in
didn’t, and the responder publishes TxBb, the imitator can steal
from the responder by spending TxBb using TxBp and than double
spending the inputs of TxAb. Likewise, if the responder can convince
the initiator that TxBb occurred when it didn’t, and the responder
publishes TxBp, the responder can steal from the initiator by
spending TxAb using TxAp and than double spending the inputs of TxBb.</span></span></span></div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><br /></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><span style="color: black;"><span style="font-size: small;"><b>4.
ACCT using Check Lock Time Verify (CLTV) </b></span></span></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><br /></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><span style="color: black;"><span style="font-size: small;">OP_CHECKLOCKTIMEVERIFY
is a new op code in the works that Bitcoin Core devs will be looking
to deploy with a soft fork in the near future. It is described here
in </span></span><a href="https://github.com/bitcoin/bips/blob/master/bip-0065.mediawiki">BIP
65</a><span style="color: black;"><span style="font-size: small;">.
The op code allows us to create transactions that can be spent in
different ways depending on the nLockTime of the spending
transaction. </span></span></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><br /></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><span style="color: black;"><span style="font-size: small;">ACCT
using CLTV is superior in that it does not have the transaction
malleability issues of ACCT using refund transactions (it does
however have the same other vulnerabilities discussed in the previous
section). Additionally, all transaction signing occurs on the
blockchain, and the trading parties only need to exchange the hashed
secret and their public keys in order for the trade to take place.</span></span></span></div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><br /></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><span style="color: black;"><span style="font-size: small;"><i>Steps</i></span></span></span></div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><br /></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><span style="color: black;"><span style="font-size: small;">Step1.</span></span></span></div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><span style="color: black;"><span style="font-size: small;">Initiator
creates secret X, and hashes it to create H(X). Initiator also
creates public private key pair (pubkey i1,i2 / privkey i2,i2).
Responder creates public private key pair (pubkey r1,r2 / privkey
r1,r2). </span></span></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><br /></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><span style="color: black;"><span style="font-size: small;">Step
2. </span></span></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><span style="color: black;"><span style="font-size: small;">Initiator
shares H(X) and pubkey i2 with responder. Responder shares pubkey r1
with intiator. </span></span></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><br /></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><span style="color: black;"><span style="font-size: small;">Step
3.</span></span></span></div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><span style="color: black;"><span style="font-size: small;">Initiator
creates TxAb. TxAb can be redeemed after time T2 with privkey i1. At
any time TxAb can redeemed with signature from privkey r1 and reveal
of secret X. Initiator broadcasts TxAb onto the network.</span></span></span></div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><br /></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><span style="color: black;"><span style="font-size: small;">Step
4.</span></span></span></div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><span style="color: black;"><span style="font-size: small;">Responder
confirms TxAb. Responder creates TxBb. TxBb can be redeemed after T1
time with privkey r2. At any time TxBb can be redeemed with signature
fom privkey i2 and reveal of secret X. Responder broadcasts TxBb onto
the network.</span></span></span></div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><br /></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><span style="color: black;"><span style="font-size: small;">Step
5. </span></span></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><span style="color: black;"><span style="font-size: small;">Initiator
creates TxBp which spends TxBb using privkey i2 and secret X. With
the revealed secret, responder can create TxAp which spends TxAb with
privkey r1 and secret X. </span></span></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><br /></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><span style="color: black;"><span style="font-size: small;"><i>Notes</i></span></span></span></div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><br /></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><span style="color: black;"><span style="font-size: small;">If
initiator fails to broadcast TxAb in step 3, the exchange has failed
and no steps need to be taken by the responder.</span></span></span></div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><br /></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><span style="color: black;"><span style="font-size: small;">If
responder fails to broadcast TxBb in step 4, initiator can create
refund transaction TxAr which redeems TxAb after time T2 using
privkey i1. </span></span></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><br /></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><span style="color: black;"><span style="font-size: small;">If
initiator fails to spend TxBb on step 5 before time T1, responder can
create refund transaction TxBr after time T1 using privkey r2. If
responder fails to spend TxAb before time T2, initiator can use TxAr
to get refund from TxAb.</span></span></span></div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><br /></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><span style="color: black;"><span style="font-size: small;"><b><br />
</b></span></span><span style="color: black;"><span style="font-size: small;"><i>Script</i></span></span></span></div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><br /></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><br /></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><span style="color: black;"><span style="font-size: small;">TxAb’s
output should be a pay to script hash transaction to the hash of the
serialized script outlined below. </span></span></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit; font-size: small;"><br /></span>
</div>
<span style="font-family: inherit; font-size: small;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-size: small;"><span style="font-family: "Courier New",Courier,monospace;"><span style="color: black;">OP_IF
</span></span></span>
</div>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-size: small;"><span style="font-family: "Courier New",Courier,monospace;"><span style="color: black;"> [T2]
CHECKLOCKTIMEVERIFY OP_DROP OP_DUP OP_HASH160 [Hash160(pubkey i1)] </span></span></span>
</div>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-size: small;"><span style="font-family: "Courier New",Courier,monospace;"><span style="color: black;"> OP_EQUALVERIFY
OP_CHECKSIG</span></span></span></div>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-size: small;"><span style="font-family: "Courier New",Courier,monospace;"><br /></span></span>
</div>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-size: small;"><span style="font-family: "Courier New",Courier,monospace;"><span style="color: black;">OP_ELSE</span></span></span></div>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-size: small;"><span style="font-family: "Courier New",Courier,monospace;"><span style="color: black;"> OP_DUP
OP_HASH160 [Hash160(pubkey r1)] OP_EQUALVERIFY OP_CHECKSIGVERIFY
OP_DUP </span></span></span>
</div>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-size: small;"><span style="font-family: "Courier New",Courier,monospace;"><span style="color: black;"> OP_HASH160
H(X) OP_EQUAL</span></span></span></div>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-size: small;"><span style="font-family: "Courier New",Courier,monospace;"><span style="color: black;">OP_ENDIF</span></span></span></div>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><br /></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><span style="color: black;"><span style="font-size: small;">The
refund transaction TxAr has nLockTime > T2 and the input script is</span></span></span></div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-size: small;"><span style="font-family: "Courier New",Courier,monospace;"><br /></span></span>
</div>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-size: small;"><span style="font-family: "Courier New",Courier,monospace;"><span style="color: black;">[signature
from privkey i1] [pubkey i1] 1 {serialized script}</span></span></span></div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><br /></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><span style="color: black;"><span style="font-size: small;">The
payout transaction TxAp has nLockTime < T2 and the input script is
</span></span></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><br /></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-size: small;"><span style="font-family: "Courier New",Courier,monospace;"><span style="color: black;">[x]
[signature from privkey r1] [pubkey r1] 0 {serialized script} </span></span></span>
</div>
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><br /></span>
</div>
<span style="font-family: inherit;">
</span><span style="font-family: inherit;">TxBb, TxBr, and TxBp is symmetrical and replaces key pairs i1 with
r2 and key pairs r1 with i2</span><br />
<span style="font-family: inherit;">
</span>
<div align="left" style="line-height: 100%; widows: 2;">
<span style="font-family: inherit;"><br /></span>
</div>
<span style="font-family: inherit;">
</span>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-3711467895183670801.post-25090229719883692052015-07-03T19:10:00.000-07:002015-07-10T14:31:57.907-07:00Noffee Coin : A coin that can't be used to buy your coffee in the morning.<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhxsPKDvXgqd4uhbiKTJqs4Ebn7odiPlhsohyII0NoVeX_V9rdhTVue-qbTYZak7xjUqCfQtx-J3m-rqN38DRkd6612LPHrobbK_c4uRsOfeVJyB9_7MW_jBWwZ9yc5rbAs7TVQJKa4vuwz/s1600/Take_Away_Coffee_128.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhxsPKDvXgqd4uhbiKTJqs4Ebn7odiPlhsohyII0NoVeX_V9rdhTVue-qbTYZak7xjUqCfQtx-J3m-rqN38DRkd6612LPHrobbK_c4uRsOfeVJyB9_7MW_jBWwZ9yc5rbAs7TVQJKa4vuwz/s1600/Take_Away_Coffee_128.png" /></a></div>
<br />
<br />
This is a proposal to create Noffee coin. The world's first cryptocurrency created specifically so that you won't be able to buy your coffee with it in the morning (portmanteau of No Coffee). It is also ironically called Noffee because it is predicted that the transaction fee will be very large due to the restrictive amount of space available on each block. <br />
<br />
The goal of this cryptocurrency is to create a blockchain that is small enough that you could easily run a full node on your smart phone even with 10 years of past blockchain data. Now you could be asking, "why would I want to run this on my mobile phone if I can't buy my coffee with it?" Well there are many transactions in the real world that are done with very large briefcases full of US dollars. Noffee coin would be a perfect replacement for such situations. Since the exchanged amount is so huge and the stakes are large, it is imperative that you run a full node and it is no problem waiting three hours to get your six confirms. I have no idea what kind of transactions they could be, but a more imaginative person could figure that out.<br />
<br />
The current proposals are:<br />
<br />
- 30 minute block time<br />
- 1 kilobyte block size limit <br />
- Equivalent block reward and halving schedule as Bitcoin. We will halve the block reward every 70000 blocks, which will be about 4 years (same time duration as Bitcoin)<br />
<br />
There will be roughly a max of 8 transactions per hour. This means that even with completely full blocks for 10 years, the total blockchain size will be about 170 megabytes. I think a lot of cool stuff can be done with this project, but you definitely will not be able to buy your coffee with it. I am now looking for initial comments and questions regarding the project.<br />
<br />
Further things to consider are whether we should further reduce Noffee coin's hardware requirements by putting in things to restrict bandwidth usage in the p2p communication protocol, limit the growth of UTXO's (high dust and minimum tx fee), and reduce computing requirements in the script processing (or remove the entire thing altogether). I like the idea of a "<a href="https://www.igvita.com/2014/05/05/minimum-viable-block-chain/">Minimum Viable Block Chain</a>" that would scrap the entire scripting language of Bitcoin as it introduces a significant amount of complexity into the consensus protocol. <br />
<br />
If there is enough interest, especially from other developers that can help out, I will proceed in refining the proposal further and will create the cryptocurrency that everyone deserves. If there is no interest, well maybe this is at least a funny way to think about the block size debate. <br />
<br />
<br />
<div>
<span style="color: #444444;">Coffee icon made by <a href="http://www.freepik.com/" title="Freepik">Freepik</a> from <a href="http://www.flaticon.com/" title="Flaticon">www.flaticon.com</a> is licensed under <a href="http://creativecommons.org/licenses/by/3.0/" title="Creative Commons BY 3.0">CC BY 3.0</a></span></div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-3711467895183670801.post-51842217571362047832015-06-12T17:56:00.000-07:002015-06-24T12:00:05.806-07:00Front running Decentralized Exchanges: The problem with Augur, Bitshares, Nxt, and Counterparty<div dir="ltr" id="docs-internal-guid-d956a283-e9de-fcea-dc86-d983b9ee4bf7" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
Decentralized exchanges have been raved about for a while now in the Bitcoin space and has been crowned as the future saviour of our financial exchange infrastructure (even Mark Karpeles of Mt. Gox fame is <a href="http://www.magicaltux.net/post/120528127244/didnt-we-learn-anything" style="text-decoration: none;">talking</a> about it ) . But unfortunately, this is a very hard problem and the current batch of decentralized exchanges have one system breaking issue that makes them entirely unusable. I’m specifically talking about decentralized exchanges where the actual process of matching orders happens on the blockchain. This includes the likes of Nxt, BitShares, Counterparty, and Augur which has a built in limit order book, or some approximation of the limit order book, on the protocol consensus level (Augur is not branded as a decentralized exchange, but you can think of them as an exchange for a specific asset class which is prediction of future events). All of these platforms allow you to issue assets and trade them on the blockchain. The basic premise is that you can submit an order to trade like you would submit a transaction to the blockchain, and then the underlying protocol would act as an order book and match up the orders automatically and execute them for you. </div>
<br />
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
This sounds awesome, and if it works it would be a cure for the cancer of incompetent centralized exchanges in the cryptocurrency ecosystem. Unfortunately, the currently available solutions cures the cancer, but also kills the patient. The basic problem is that the miners can ruthlessly front run you without any repercussion. This is made possible simply by the fact that in a bitcoin derived distributed system, a miner can see all the transaction before they are put into a block, and they are free to put in their own transaction into the block before your transaction happens. For example, let’s say I submit a large order to buy some asset on the Counterparty exchange. This order finds its way to a Bitcoin miner (Counterparty is built on top of the Bitcoin blockchain) who says, “hey, that’s a fat and juicy order that will drive up the price, let’s create our own order to buy the asset and put it in the blockchain before he does”. Then, if the miner is able to mine this particular block, he would have gained an easy risk free profit by utilizing the information in my order. </div>
<br />
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
Bitshare’s Daniel Larimer has a very informative article called “<a href="http://bytemaster.bitshares.org/article/2015/01/29/How-BitShares-Prevents-Front-Running/" style="text-decoration: none;">How Bitshares prevents frontrunning</a> ” , which describes the problem better than I can, but unfortunately makes a terrible conclusion. The conclusion of the article is that they can’t prevent frontrunning, so you should just assume that you are being front run. This conclusions seems to be missing the whole entire point of having a limit order book. If you cannot provide a fair and orderly execution, you should just provide an auction system where orders are not automatically executed and users can choose the orders they execute against. Using a limit order book gives a dangerous illusion that the system is fair, when it is inherently rigged in favor of the miners. </div>
<br />
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
Another great feature of the limit order book that is lost upon these decentralized exchanges is that it rewards traders that reveal price information by giving them priority of trade execution. This feature has a lot of social benefits because it encourages people with new price information to disclose it to the rest of the world and improve the price accuracy of the underlying asset. However, in these decentralized exchanges, the miners are always favoured to have the priority of execution, thus traders have no incentive to reveal price information. This is going to be particularly system breaking for Augur whose main premise is to provide a decentralized prediction system. If traders with information are not given priority of execution, they cannot extract value out of their information because the miners will take all or most of the value by front running them. If traders cannot extract value out of their information, they will simply not use Augur. Unless they can provide some solution for this problem, my opinion is that this project will be a complete failure.</div>
<br />
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
One argument I’ve heard against this problem is that the situation is not any worse than a centralized exchange. They are kind of right because a centralized exchange can also front run you. But they are wrong because a centralized exchange faces serious damage in its reputation and business if it is revealed that they are front running. Bitcoin hard liners will scoff at this idea but believe it or not, some systems work fine based on reputation and trust. Miners face no such disincentives for front running. These decentralized exchanges have basically anointed the miners to collectively act as a fair exchange, but the miners never agreed to it. The miners are in the business of following consensus rules and getting block rewards, not running an exchange. If they can skim some tasty frontrunning profits on the side in addition to collecting their block rewards, why not? </div>
<br />
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
No practical technical solutions exists to solve this problem currently. The only thing that mitigates front running is enforcing random ordering of transactions within a block, cutting down the possibility of front running to 50% within the same block. But this only mitigates, and does not remove it entirely. A two phase commit and reveal system is another potential solution. This is when orders enter the block encrypted so that the miner cannot see your orders, and then once they are confirmed in the block, the order is decrypted so everyone can resolve the state of the order book. Unfortunately, this suffers from the problem that people can selectively choose not to decrypt their order, thus destroying the integrity of the order book. You could use a trusted arbiter whose job is to encrypt and decrypt orders, instead of having each participant encrypt their own orders. The problem of course is that the arbiter now has the ability to front run instead of the miner, but this is a better proposition because the arbiter’s sole job depends on him being trustworthy.</div>
<br />
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
It may also be possible to use <a href="http://www.gwern.net/Self-decrypting%20files" style="text-decoration: none;">time locked encryption</a> , to turn the two phase commit and reveal system into a one phase commit and reveal system. This would prevent people from selectively decrypting their order, since decryption does not rely on revealing a secret and relies on computation time. But in practice, time locked encryption is very hard to implement since you need access to large computational power, and have to estimate accurately the computational power of your adversaries. </div>
<br />
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
There may be a simple solution, which is economic in nature as opposed to technical. The solution is to pay miners to be fair. If miners are getting a large share of profit from validating exchange related activities, they may be incentivized to play fair and encourage trading to continue at a healthy volume. This can be done by attaching high transaction fees on exchange related transactions or paying miners out of band. Some miners could also choose to establish themselves as a trustworthy entity that specializes in processing exchange related orders (and charge people for it). Now this solution raises many important and difficult questions. How much should the miners be paid for this service? If miners are essentially acting as an exchange, does it subject them to securities and exchange regulations? Should they be subject to third party audits to make sure their system is fair? Is there really any benefit to a decentralized exchange if the system is ultimately reliant on trust? Developers on Augur, Bitshares, Counterparty, and Nxt needs to seriously consider these questions if they want their exchanges to be taken seriously. </div>
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<br /></div>
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
</div>
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
In summary, the current batch of decentralized exchanges have serious problems with no good solutions in sight. The inherent architecture of the blockchain makes the task of frontrunning a decentralized order book trivial as a miner. Anyone using these exchanges for trading purposes should consider the consequences of miners having perfect information against you. </div>
<br />
<br />Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-3711467895183670801.post-5580720924144204092015-05-07T13:42:00.000-07:002015-05-08T12:32:38.591-07:00Bitcoin devs do not have consensus on blocksize<div class="usertext-body may-blank-within md-container">
<div class="md">
<i>This is a repost from reddit that I made in 5/6/2015 regarding the block size argument. You can see the full thread here: <a href="http://www.reddit.com/r/Bitcoin/comments/354qbm/bitcoin_devs_do_not_have_consensus_on_blocksize/">http://www.reddit.com/r/Bitcoin/comments/354qbm/bitcoin_devs_do_not_have_consensus_on_blocksize/</a></i> <br />
<br />
I
am making this post to show to the public what the most active
developers in Bitcoin, more specifically Bitcoin Core, think about block
size increases. Contrary to what the public may think, there is no
consensus amongst the developers regarding Gavin Andresen’s proposal to
increase the block size to 20mb (Thanks to Peter Todd who brought this
up during his Bitdevs NYC talk which I attended). The only devs that
have come out in strong favor of this proposal is Gavin and Mike Hearn.<br />
<br />
The rest are against any increase, prefer a smaller increase, or
have not expressed an opinion either way but is asking for further
research, development, and answers before we proceed. I believe that the
public opinion has been highly swayed by Gavin, and we should strongly
consider what others who have spent numerous hours on the protocol have
to say on the topic. If any information here is inaccurate , or if there
are others who I’ve missed , please let me know and I will edit them
in. I’ve probably missed a lot of good comments from other developers
because it is scattered all over the internet and my google-fu is not
good (And please excuse my ham fisted way of labeling developer
contribution by the # of commits on github. ).<br />
<br />
I also apologize in advance if any developers feel like they are
being called out. But I believe strongly that it's important to have
public statements that have been made on the internet to be consolidated
in one place for such an important topic. Especially when we have
dangerous misconceptions where users think that increasing blocksize is a
single parameter optimization with no costs like increasing the size of
your race car engine. The topic of block size is not a technical issue,
it is a political issue at heart. There are real trade offs involved,
with people and entities who stands to gain on both sides of the debate.<br />
<br />
<b>For 20mb increase</b><br />
<i>Gavin Andresen</i><br />
Current Affiliations: MIT Digital Currency Initiative, Coinbase<br />
Bitcoin core: top 5 core developer by # of commits. Has commit access.<br />
Comments:
<a href="http://gavinandresen.ninja/">http://gavinandresen.ninja/</a><br />
<br />
<i>Mike Hearn</i><br />
Current Affiliations: Lighthouse <br />
Bitcoin core: top 100 core developer by # of commits. Creator of Bitcoinj .<br />
Comments:
<a href="https://medium.com/@octskyward/the-capacity-cliff-586d1bf7715e">https://medium.com/@octskyward/the-capacity-cliff-586d1bf7715e</a><br />
<br />
<b>Skeptics of 20mb increase</b> (Note that some people here do favor a block size increase, but none has strongly committed to 20 megabytes as the exact size.)<br />
<br />
<i>Pieter Wuille</i><br />
Current Affiliations: Blockstream<br />
Bitcoin core: top 5 core developer by # of commits. Has commit access.<br />
Comments:
<a href="http://www.mail-archive.com/bitcoin-development@lists.sourceforge.net/msg07466.html">http://www.mail-archive.com/bitcoin-development@lists.sourceforge.net/msg07466.html</a><br />
<br />
<i>Wladaimir J. Van der Laan</i><br />
Current Affiliations: MIT Digital Currency Initiative<br />
Bitcoin core: top 5 developer by # of commits. Has commit access.<br />
Comments:
<a href="http://www.mail-archive.com/bitcoin-development@lists.sourceforge.net/msg07472.html">http://www.mail-archive.com/bitcoin-development@lists.sourceforge.net/msg07472.html</a><br />
<br />
<i>Gregory Maxwell</i><br />
Current Affiliations: Blockstream<br />
Bitcoin core: top 20 core developer by # of commits. Has commit access.<br />
Comments:
<a href="http://sourceforge.net/p/bitcoin/mailman/message/34090559/">http://sourceforge.net/p/bitcoin/mailman/message/34090559/</a><br />
<a href="https://www.reddit.com/r/Bitcoin/comments/34uu02/why_increasing_the_max_block_size_is_urgent_gavin/cqycy4h">https://www.reddit.com/r/Bitcoin/comments/34uu02/why_increasing_the_max_block_size_is_urgent_gavin/cqycy4h</a><br />
<br />
<i>Jeff Garzik</i><br />
Current Affiliations: BitPay<br />
Commit access: top 20 core developer by # of commits. Has commit access.<br />
Comments:
<a href="https://twitter.com/anjiecast/status/595610865979629568">https://twitter.com/anjiecast/status/595610865979629568</a><br />
<a href="http://garzikrants.blogspot.com/2013/02/bitcoin-block-size-thoughts.html">http://garzikrants.blogspot.com/2013/02/bitcoin-block-size-thoughts.html</a><br />
<br />
<i>Matt Corallo</i><br />
Current Affiliations: Blockstream<br />
Bitcoin Core : top 10 core developer by # of commits <br />
Comments:
<a href="http://sourceforge.net/p/bitcoin/mailman/message/34090292/">http://sourceforge.net/p/bitcoin/mailman/message/34090292/</a><br />
<br />
<i>Peter Todd</i><br />
Current Affiliations: Viacoin,Dark Wallet, Coinkite, Smartwallet, Bitt<br />
Bitcoin Core: top 20 core developer by # of commits<br />
Comments: <a href="https://www.reddit.com/r/Bitcoin/comments/34y9ws/it_must_be_done_but_is_not_a_panacea/cqza6rq?context=3">https://www.reddit.com/r/Bitcoin/comments/34y9ws/it_must_be_done_but_is_not_a_panacea/cqza6rq?context=3</a><br />
<a href="https://www.youtube.com/watch?v=lNL1a7aKThs">https://www.youtube.com/watch?v=lNL1a7aKThs</a><br />
<br />
<i>Luke Dashjr</i><br />
Current Affiliations: Eligius Mining Pool<br />
Bitcoin Core: top 10 core developer by # of commits<br />
Comments:
<a href="http://www.reddit.com/r/Bitcoin/comments/34y48z/mike_hearn_the_capacity_cliff_and_why_we_cant_use/cqzadpn">http://www.reddit.com/r/Bitcoin/comments/34y48z/mike_hearn_the_capacity_cliff_and_why_we_cant_use/cqzadpn</a><br />
<br />
<i>Bryan Bishop</i><br />
Current Affiliations: LedgerX<br />
Bitcoin Core: various @ <a href="https://github.com/kanzure">https://github.com/kanzure</a><br />
Comments:
<a href="http://sourceforge.net/p/bitcoin/mailman/message/34090516/">http://sourceforge.net/p/bitcoin/mailman/message/34090516/</a></div>
</div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-3711467895183670801.post-46321663230223199052015-02-25T08:38:00.001-08:002015-02-25T09:18:58.656-08:00Multisig Cryptocurrency to Cryptocurrency ExchangeBelow is a draft of a paper that I have been working on that explains how a multisignature cryptocurrency to cryptocurrency exchange should be designed. Multisignature has been around for a while but has yet to be used in an exchange. I believe it is an idea worth exploring in light of the near constant bad news we hear from various exchanges that gets broken into by attackers. The paper covers how such a exchange should be designed, and goes over some of the advantages and disadvantages of the design over a traditional exchange that uses a single exchange controlled private key to handle cryptocurrencies.<br />
<br />
<a href="https://drive.google.com/file/d/0B5Sk5AG61Zaucl8xWVEzY1hra1U/view?usp=sharing">Multisig CryptoCurrency to CryptoCurrency Exchange , Draft 2/24/2015 </a><br />
<br />
<br />Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-3711467895183670801.post-41423966546050802802014-07-30T12:17:00.004-07:002014-08-04T11:34:56.676-07:00Scripting in Bitcoin: Part 2<style type="text/css">P { margin-bottom: 0.08in; }A:link { }</style>
<br />
<div align="LEFT" style="font-style: normal; font-variant: normal; line-height: 114%; margin-bottom: 0in; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial, sans-serif;"><span style="font-size: small;"><b><span style="background: transparent;">Scripting
In Bitcoin: Part 2 </span></b></span></span></span>
</div>
<div style="font-variant: normal; font-weight: normal; text-decoration: none;">
<br />
<br /></div>
<div style="line-height: 114%; margin-bottom: 0in;">
<span style="font-family: Arial, sans-serif;"><span style="font-size: small;"><i>This
is a work in progress, and the contents of these articles may be
edited for corrections and clarifications. </i></span></span></div>
<br />
<a href="http://kaykurokawa.blogspot.com/2014/07/scripting-in-bitcoin-part-1-introduction.html"><span style="font-family: Arial, sans-serif;"><span style="font-size: small;"><i>Part 1</i></span></span></a><br />
<div style="font-variant: normal; font-weight: normal; line-height: 114%; margin-bottom: 0in; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial, sans-serif;"><span style="font-size: small;"><span style="background: transparent;">1.Introduction
</span></span></span></span>
</div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; line-height: 114%; margin-bottom: 0in; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial, sans-serif;"><span style="font-size: small;"><span style="background: transparent;">2.Basics
of the Scripting Language.</span></span></span></span></div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; line-height: 114%; margin-bottom: 0in; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial, sans-serif;"><span style="font-size: small;"><span style="background: transparent;">3.Basics
of Bitcoin Transactions</span></span></span></span></div>
<div style="font-variant: normal; line-height: 114%; margin-bottom: 0in; text-decoration: none;">
<br /></div>
<div style="font-variant: normal; font-weight: normal; line-height: 114%; margin-bottom: 0in; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial, sans-serif;"><span style="font-size: small;"><i><span style="background: transparent;">Part 2</span></i></span></span></span></div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; line-height: 114%; margin-bottom: 0in; text-decoration: none;">
<div style="font-style: normal; font-variant: normal; font-weight: normal; line-height: 114%; margin-bottom: 0in; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial, sans-serif;"><span style="font-size: small;"><span style="background: transparent;">4.Pay
to Pub Key Hash <i><br /></i></span></span></span></span></div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; line-height: 114%; margin-bottom: 0in; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial, sans-serif;"><span style="font-size: small;"><span style="background: transparent;">5.Multi-signature
Transactions<i><br /></i></span></span></span></span></div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; line-height: 114%; margin-bottom: 0in; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial, sans-serif;"><span style="font-size: small;"><span style="background: transparent;">6.Pay
To Script Hash</span></span></span></span>
</div>
</div>
<div style="line-height: 114%; margin-bottom: 0in;">
<br /></div>
<div style="line-height: 114%; margin-bottom: 0in;">
<b><br /></b></div>
<div style="line-height: 114%; margin-bottom: 0in;">
<div style="font-style: normal; font-variant: normal; font-weight: normal; line-height: 114%; margin-bottom: 0in; text-decoration: none;">
<div style="font-style: normal; font-variant: normal; font-weight: normal; line-height: 114%; margin-bottom: 0in; text-decoration: none;">
<b><span style="color: black;"><span style="font-family: Arial, sans-serif;"><span style="font-size: small;"><span style="background: transparent;">4.Pay
to Pub Key Hash </span></span></span></span></b><br />
<br />
<style type="text/css">P { margin-bottom: 0.08in; }A:link { }</style>
<br />
<div style="font-style: normal; font-variant: normal; font-weight: normal; line-height: 114%; margin-bottom: 0in; text-decoration: none;">
<span style="color: black;"><span style="background: transparent;">
<span style="font-family: Arial, sans-serif;"><span style="font-size: small;">Previously, we covered
the basics of transactions. We learned that a transaction input
describes where the Bitcoins come from and proves that those Bitcoins can be
redeemed. We also learned that a transaction output describes where the Bitcoins will
be spent . The mechanism that makes this possible is the scripting
language. In a transaction, both the input and the output contains a
script. Input has one half of the script, and output has the other
half. When a transaction is received by a Bitcoin node, the input
script in the transaction is combined with the output script from the
previous transaction that the input refers to. </span></span></span></span></div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; line-height: 114%; margin-bottom: 0in; text-decoration: none;">
<br /></div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; line-height: 114%; margin-bottom: 0in; text-decoration: none;">
<span style="color: black;"><span style="background: transparent;"><span style="font-family: Arial, sans-serif;"><span style="font-size: small;"> </span></span></span></span>
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEglV0ZoYrnRtXk4lrjeNyS39uqhsKa0lZZIswnym6ZCTuKOAiccIC9h_SRja1X-W3yghRvrg7dGiMa-F_gXtCSn2Y5TV5RMaEzP2MPCbreT3JpPqumiAttp2CSxY4dCCjbTYHUcyptFOmfc/s1600/scripting+figures.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEglV0ZoYrnRtXk4lrjeNyS39uqhsKa0lZZIswnym6ZCTuKOAiccIC9h_SRja1X-W3yghRvrg7dGiMa-F_gXtCSn2Y5TV5RMaEzP2MPCbreT3JpPqumiAttp2CSxY4dCCjbTYHUcyptFOmfc/s1600/scripting+figures.png" height="176" width="320" /></a></div>
<b><span style="color: black;"><span style="font-family: Arial, sans-serif;"><span style="font-size: small;"><span style="background: transparent;"><i><br /></i></span></span></span></span></b>
<b><span style="color: black;"><span style="font-family: Arial, sans-serif;"><span style="font-size: small;"><span style="background: transparent;"><i><br /></i></span></span></span></span></b></div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; line-height: 114%; margin-bottom: 0in; text-decoration: none;">
<br />
<br />
<br />
<br />
<br />
<b><span style="color: black;"><span style="font-family: Arial, sans-serif;"><span style="font-size: small;"><span style="background: transparent;"> </span></span></span></span></b><br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<span style="color: black;"><span style="font-family: Arial, sans-serif;"><span style="font-size: small;"><span style="background: transparent;"><i>Figure B</i></span></span></span></span><br />
<br />
<span style="color: black;"><span style="font-family: Arial, sans-serif;"><span style="font-size: small;"><span style="background: transparent;"> Referring to Figure B above, the input script is actually the part that “contains Bob's signature” in Input 2. The output script is the part that “contains Bob's public key” in Output 1 and also “contains Chris's public key” in Output2. A Bitcoin node combines input script in Input 2 with the output script from Output 1 and executes it to evaluate whether the transaction is valid. A transaction is valid if and only if the top most item on the data stack is “True” when execution is complete.<br /> <br /> The first script we will cover is the one used as Bitcoin's standard transaction. This type of transaction is the default transaction that occurs whenever you send Bitcoins to someone through any of the popular wallets like Bitcoin-Qt or Multibit, thus it is also the most common. It utilizes what developers call “Pay to Pubkey Hash”. Below is the content of the input and output script of a standard transaction. <br /><br /><i>Input Script (ScriptSig): </i>
<br /> <signature><pubKey>
<br /><i><br />Output Script (ScriptPubKey):
</i><br /> OP_DUP OP_HASH160 <pubKeyHash> OP_EQUALVERIFY OP_CHECKSIG
<br /><br /> The input script is known as the ScriptSig as it is the script containing the signature. <pubKey> is the unhashed public key and <signtaure> is a ECSDA signature derived from the private key. The output script is known as ScriptPubKey as it is the script containing the public key where the Bitcoins shall be spent. <pubKeyHash> is the hash (SHA256 and then RIPEMD-160) of the public key, which is a Bitcoin address ( if this is confusing to you, please read the Bitcoin wiki on <a href="https://en.bitcoin.it/wiki/Technical_background_of_Bitcoin_addresses%20">Bitcoin Addresses</a> and <a href="https://en.bitcoin.it/wiki/Elliptic_Curve_Digital_Signature_Algorithm">Elliptic Curve Digital Signature Algorithm</a> before proceeding). <br /><br /> Let's refer again to the scenario in Figure B where Bob sends a Bitcoin to Chris. When a Bitcoin node receives transaction 2 created by Bob, the node validates it by combining the output script from transaction 1 and the input script from transaction 2. The output script from transaction 1 contains Bob's Bitcoin address in <pubKeyHash>. The input script from transaction 2 contains Bob's public key in <pubKey> and Bob's signature in <signature>. Below, we walk through the entire script. <br /> </span></span></span></span><br />
<span style="color: black;"><span style="font-family: Arial, sans-serif;"><span style="font-size: small;"><span style="background: transparent;"> </span></span></span></span><b><span style="color: black;"><span style="font-family: Arial, sans-serif;"><span style="font-size: small;"><span style="background: transparent;"> </span></span></span></span></b><br />
<b><span style="color: black;"><span style="font-family: Arial, sans-serif;"><span style="font-size: small;"><span style="background: transparent;">
<style type="text/css">PRE.cjk { font-family: "WenQuanYi Micro Hei",monospace; }PRE.ctl { font-family: "Lohit Hindi",monospace; }TD P { margin-bottom: 0in; }P { margin-bottom: 0.08in; }A:link { }</style>
</span></span></span></span></b><br />
<table cellpadding="7" cellspacing="0" style="width: 653px;">
<colgroup><col width="44"></col>
<col width="110"></col>
<col width="164"></col>
<col width="277"></col>
</colgroup><tbody>
<tr>
<td style="border: 1px solid #000000; padding: 0.07in;" width="44"><div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">Step</span></span></span></span></div>
</td>
<td style="border: 1px solid #000000; padding: 0.07in;" width="110"><div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">Data
Stack</span></span></span></span></div>
</td>
<td style="border: 1px solid #000000; padding: 0.07in;" width="164"><div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">Instruction
Stack</span></span></span></span></div>
</td>
<td style="border: 1px solid #000000; padding: 0.07in;" width="277"><div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">Explanation
</span></span></span></span>
</div>
</td>
</tr>
<tr>
<td style="border: 1px solid #000000; padding: 0.07in;" width="44"><div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">1.</span></span></span></span></div>
</td>
<td style="border: 1px solid #000000; padding: 0.07in;" width="110"><div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">Empty</span></span></span></span></div>
</td>
<td style="border: 1px solid #000000; padding: 0.07in;" width="164"><div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;"><signature></span></span></span></span></div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;"><pubKey></span></span></span></span></div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">OP_DUP</span></span></span></span></div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">OP_HASH160</span></span></span></span></div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;"><pubkey
Hash></span></span></span></span></div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">OP_EQUALVERIFY</span></span></span></span></div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">OP_CHECKSIG</span></span></span></span></div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="background: transparent;"> </span></span>
</div>
</td>
<td style="border: 1px solid #000000; padding: 0.07in;" width="277"><div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">The
entire script is combined in the instruction stack. The output
script is put on the bottom of the instruction stack and the
input script is put on top. </span></span></span></span>
</div>
</td>
</tr>
<tr>
<td style="border: 1px solid #000000; padding: 0.07in;" width="44"><div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">2.</span></span></span></span></div>
</td>
<td style="border: 1px solid #000000; padding: 0.07in;" width="110"><div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;"><pubKey></span></span></span></span></div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;"><signature></span></span></span></span></div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<br /></div>
</td>
<td style="border: 1px solid #000000; padding: 0.07in;" width="164"><div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">OP_DUP</span></span></span></span></div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">OP_HASH160</span></span></span></span></div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;"><pubKey
Hash></span></span></span></span></div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">OP_EQUALVERIFY</span></span></span></span></div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">OP_CHECKSIG</span></span></span></span></div>
</td>
<td style="border: 1px solid #000000; padding: 0.07in;" width="277"><div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;"><signature>
and <pubKey> are both constants and are sequentially moved
to the top of the data stack</span></span></span></span></div>
</td>
</tr>
<tr>
<td style="border: 1px solid #000000; padding: 0.07in;" width="44"><div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">3.</span></span></span></span></div>
</td>
<td style="border: 1px solid #000000; padding: 0.07in;" width="110"><div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<br /></div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;"><pubKey></span></span></span></span></div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;"><pubKey></span></span></span></span></div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;"><signature></span></span></span></span></div>
</td>
<td style="border: 1px solid #000000; padding: 0.07in;" width="164"><div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">OP_HASH160</span></span></span></span></div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;"><pubKey
Hash></span></span></span></span></div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">OP_EQUALVERIFY</span></span></span></span></div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">OP_CHECKSIG</span></span></span></span></div>
</td>
<td style="border: 1px solid #000000; padding: 0.07in;" width="277"><div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">OP_DUP
creates a duplicate of whatever is on the top of the data stack.
In this case <pubKey> is duplicated.</span></span></span></span></div>
</td>
</tr>
<tr>
<td style="border: 1px solid #000000; padding: 0.07in;" width="44"><div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">4.</span></span></span></span></div>
</td>
<td style="border: 1px solid #000000; padding: 0.07in;" width="110"><div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;"><pubKey
Hash></span></span></span></span></div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;"><pubKey></span></span></span></span></div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;"><signature></span></span></span></span></div>
</td>
<td style="border: 1px solid #000000; padding: 0.07in;" width="164"><div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;"><pubkey
Hash></span></span></span></span></div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">OP_EQUALVERIFY</span></span></span></span></div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">OP_CHECKSIG</span></span></span></span></div>
</td>
<td style="border: 1px solid #000000; padding: 0.07in;" width="277"><div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">OP_HASH160
hashes (SHA256 and RIPEMD-160 ) the public key. </span></span></span></span>
</div>
</td>
</tr>
<tr>
<td style="border-bottom: 1px solid #000000; border-left: 1px solid #000000; border-right: 1px solid #000000; border-top: none; padding-bottom: 0.07in; padding-left: 0.07in; padding-right: 0.07in; padding-top: 0in;" width="44"><div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">5.</span></span></span></span></div>
</td>
<td style="border-bottom: 1px solid #000000; border-left: 1px solid #000000; border-right: 1px solid #000000; border-top: none; padding-bottom: 0.07in; padding-left: 0.07in; padding-right: 0.07in; padding-top: 0in;" width="110"><div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<br /></div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;"><pubKey Hash></span></span></span></span></div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;"><pubKey
Hash></span></span></span></span></div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;"><pubKey></span></span></span></span></div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;"><signature></span></span></span></span></div>
</td>
<td style="border-bottom: 1px solid #000000; border-left: 1px solid #000000; border-right: 1px solid #000000; border-top: none; padding-bottom: 0.07in; padding-left: 0.07in; padding-right: 0.07in; padding-top: 0in;" width="164"><div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">OP_EQUALVERIFY</span></span></span></span></div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">OP_CHECKSIG</span></span></span></span></div>
</td>
<td style="border-bottom: 1px solid #000000; border-left: 1px solid #000000; border-right: 1px solid #000000; border-top: none; padding-bottom: 0.07in; padding-left: 0.07in; padding-right: 0.07in; padding-top: 0in;" width="277"><div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;"><pubKey
Hash> is moved to the data stack.</span></span></span></span></div>
</td>
</tr>
<tr>
<td style="border-bottom: 1px solid #000000; border-left: 1px solid #000000; border-right: 1px solid #000000; border-top: none; padding-bottom: 0.07in; padding-left: 0.07in; padding-right: 0.07in; padding-top: 0in;" width="44"><div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">6.</span></span></span></span></div>
</td>
<td style="border-bottom: 1px solid #000000; border-left: 1px solid #000000; border-right: 1px solid #000000; border-top: none; padding-bottom: 0.07in; padding-left: 0.07in; padding-right: 0.07in; padding-top: 0in;" width="110"><div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;"><signature></span></span></span></span></div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;"><pubKey></span></span></span></span></div>
</td>
<td style="border-bottom: 1px solid #000000; border-left: 1px solid #000000; border-right: 1px solid #000000; border-top: none; padding-bottom: 0.07in; padding-left: 0.07in; padding-right: 0.07in; padding-top: 0in;" width="164"><div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">OP_CHECKSIG</span></span></span></span></div>
</td>
<td style="border-bottom: 1px solid #000000; border-left: 1px solid #000000; border-right: 1px solid #000000; border-top: none; padding-bottom: 0.07in; padding-left: 0.07in; padding-right: 0.07in; padding-top: 0in;" width="277"><div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">OP_EQUALVERIFY
takes the two top most data on the stack and verifies that they
are equal. In this case we verified that <pubKey Hash> in
the output script matches the hash of <pubKey> in the input
script. </span></span></span></span>
</div>
</td>
</tr>
<tr>
<td style="border-bottom: 1px solid #000000; border-left: 1px solid #000000; border-right: 1px solid #000000; border-top: none; padding-bottom: 0.07in; padding-left: 0.07in; padding-right: 0.07in; padding-top: 0in;" width="44"><div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">7.</span></span></span></span></div>
</td>
<td style="border-bottom: 1px solid #000000; border-left: 1px solid #000000; border-right: 1px solid #000000; border-top: none; padding-bottom: 0.07in; padding-left: 0.07in; padding-right: 0.07in; padding-top: 0in;" width="110"><div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">True</span></span></span></span></div>
</td>
<td style="border-bottom: 1px solid #000000; border-left: 1px solid #000000; border-right: 1px solid #000000; border-top: none; padding-bottom: 0.07in; padding-left: 0.07in; padding-right: 0.07in; padding-top: 0in;" width="164"><div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">Empty</span></span></span></span></div>
</td>
<td style="border-bottom: 1px solid #000000; border-left: 1px solid #000000; border-right: 1px solid #000000; border-top: none; padding-bottom: 0.07in; padding-left: 0.07in; padding-right: 0.07in; padding-top: 0in;" width="277"><div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">OP_CHECKSIG
checks that the <signature> belongs to the <pubKey>.
If so, put “True” on the data stack. </span></span></span></span>
</div>
</td>
</tr>
</tbody></table>
<div style="font-variant: normal; font-weight: normal; line-height: 114%; margin-bottom: 0in; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial, sans-serif;"><span style="font-size: small;"><i><span style="background: transparent;">Figure
C</span></i></span></span></span></div>
<b><span style="color: black;"><span style="font-family: Arial, sans-serif;"><span style="font-size: small;"><span style="background: transparent;"><i><br /></i></span></span></span></span></b>
<span style="color: black;"><span style="font-family: Arial, sans-serif;"><span style="font-size: small;"><span style="background: transparent;">We
can see that the script has performed two crucial tasks to validate a transaction. First, in step
4 through 6, it has verified that if <pubKey> in the input is
hashed, it matches <pubKey Hash> in the output. Second, in step 7,
it has verified that the <signature> is derived from the private
key associated with <pubKey>. </span></span></span></span><b><span style="color: black;"><span style="font-family: Arial, sans-serif;"><span style="font-size: small;"><span style="background: transparent;"><i><br /></i></span></span></span></span></b><br />
<br />
<b><span style="color: black;"><span style="font-family: Arial, sans-serif;"><span style="font-size: small;"><span style="background: transparent;">5.Multi-signature
Transactions</span></span></span></span></b><br />
<br />
<span style="color: black;"><span style="font-family: Arial, sans-serif;"><span style="font-size: small;"><span style="background: transparent;"> We now discuss how multi-signature transactions are possible using Bitcoin's scripting language. Multi-signature transactions are unique in that unlike a standard transaction which only requires one public/private key pair, it utilizes multiple public/private key pairs. This allows people to create addresses which are controlled by multiple people , each with their own unique key. An M of N multi-signature transaction is where you need M unique signatures out of a total of N unique signatures in order to redeem a transaction output. There are many uses for multi-signature transactions such as adding more security to Bitcon storage and creating escrow accounts. A good overview for its uses can be found in this article by Vitalik Buterin in <a href="http://bitcoinmagazine.com/11108/multisig-future-bitcoin/">BitcoinMagazine.com</a>. <br /><br /> The basic concept of a Bitcoin transaction still applies to multi-signature transactions. The only thing that changes is the input script and the output script. Below we present what they looks like for a general m of n multi-signature transaction. </span></span></span></span><br />
<br />
<span style="color: black;"><span style="font-family: Arial, sans-serif;"><span style="font-size: small;"><span style="background: transparent;"><i>Input Script (ScriptSig):
</i><br /> <signature_1><signature_2>...<signature_n>
<br /><br /><i>Output Script (ScriptPubKey):
</i><br /> OP_m <pubKey_1><pubKey_2>...<pubKey_n> OP_n OP_CHECK_MULTISIG
<br /><br /> So if we want a 2 of 3 multi-signature transaction, it would contain two signatures in the input script, and 3 public keys in the output script. OP_m would be OP_2 and OP_n would be OP_3. We walk through this example below.</span></span></span></span><br />
<br />
<br />
<style type="text/css">PRE.cjk { font-family: "WenQuanYi Micro Hei",monospace; }PRE.ctl { font-family: "Lohit Hindi",monospace; }TD P { margin-bottom: 0in; }P { margin-bottom: 0.08in; }A:link { }</style>
<br />
<table cellpadding="7" cellspacing="0" style="width: 653px;">
<colgroup><col width="44"></col>
<col width="110"></col>
<col width="164"></col>
<col width="277"></col>
</colgroup><tbody>
<tr>
<td style="border: 1px solid #000000; padding: 0.07in;" width="44"><div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">Step</span></span></span></span></div>
</td>
<td style="border: 1px solid #000000; padding: 0.07in;" width="110"><div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">Data
Stack</span></span></span></span></div>
</td>
<td style="border: 1px solid #000000; padding: 0.07in;" width="164"><div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">Instruction
Stack</span></span></span></span></div>
</td>
<td style="border: 1px solid #000000; padding: 0.07in;" width="277"><div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">Explanation
</span></span></span></span>
</div>
</td>
</tr>
<tr>
<td style="border: 1px solid #000000; padding: 0.07in;" width="44"><div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">1.</span></span></span></span></div>
</td>
<td style="border: 1px solid #000000; padding: 0.07in;" width="110"><div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">Empty</span></span></span></span></div>
</td>
<td style="border: 1px solid #000000; padding: 0.07in;" width="164"><div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;"><signature1></span></span></span></span></div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;"><signature2></span></span></span></span></div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">OP_2</span></span></span></span></div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;"><pubKey1></span></span></span></span></div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;"><pubkey2></span></span></span></span></div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;"><pubkey3></span></span></span></span></div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">OP_3</span></span></span></span></div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">OP_CHECK_MULTISIG</span></span></span></span></div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="background: transparent;"> </span></span>
</div>
</td>
<td style="border: 1px solid #000000; padding: 0.07in;" width="277"><div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">The
entire script is combined in the instruction stack. The output
script is put on the bottom of the instruction stack and the
input script is put on top. </span></span></span></span>
</div>
</td>
</tr>
<tr>
<td style="border: 1px solid #000000; padding: 0.07in;" width="44"><div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">2.</span></span></span></span></div>
</td>
<td style="border: 1px solid #000000; padding: 0.07in;" width="110"><div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">3</span></span></span></span></div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;"><pubkey3></span></span></span></span></div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;"><pubkey2></span></span></span></span></div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;"><pubkey1></span></span></span></span></div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">2</span></span></span></span></div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;"><signature2></span></span></span></span></div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;"><singature1></span></span></span></span></div>
</td>
<td style="border: 1px solid #000000; padding: 0.07in;" width="164"><div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">OP_CHECK_MULTISIG</span></span></span></span></div>
</td>
<td style="border: 1px solid #000000; padding: 0.07in;" width="277"><div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">All
signatures and public keys are pushed onto the data stack. OP_2
puts the number “2” and OP_3 puts the number “3” onto the
data stack.</span></span></span></span></div>
</td>
</tr>
<tr>
<td style="border: 1px solid #000000; padding: 0.07in;" width="44"><div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">3.</span></span></span></span></div>
</td>
<td style="border: 1px solid #000000; padding: 0.07in;" width="110"><div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">True</span></span></span></span></div>
</td>
<td style="border: 1px solid #000000; padding: 0.07in;" width="164"><div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">Empty</span></span></span></span></div>
</td>
<td style="border: 1px solid #000000; padding: 0.07in;" width="277"><div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">OP_CHECK_MULTISIG
takes all the constants on the data stack as input. It checks to see if the 2 signature belongs to 2 of the 3 public
keys. If it does, it returns True. </span></span></span></span>
</div>
</td>
</tr>
</tbody></table>
<div style="font-variant: normal; font-weight: normal; line-height: 114%; margin-bottom: 0in; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial, sans-serif;"><span style="font-size: small;"><i><span style="background: transparent;">Figure
D</span></i></span></span></span></div>
<b><span style="color: black;"><span style="font-family: Arial, sans-serif;"><span style="font-size: small;"><span style="background: transparent;"><i><br /></i></span></span></span></span></b>
<b><span style="color: black;"><span style="font-family: Arial, sans-serif;"><span style="font-size: small;"><span style="background: transparent;"><i><br /></i></span></span></span></span></b></div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; line-height: 114%; margin-bottom: 0in; text-decoration: none;">
<b><span style="color: black;"><span style="font-family: Arial, sans-serif;"><span style="font-size: small;"><span style="background: transparent;">6.Pay
To Script Hash</span></span></span></span></b><br />
<br />
<span style="color: black;"><span style="font-family: Arial, sans-serif;"><span style="font-size: small;"><span style="background: transparent;"> We've now covered standard Bitcoin transactions also knows as “Pay to Pub Key Hash” and multi-signature transactions. As you saw in both cases, the creator (or sender) of the transaction defines how the Bitcoins can be spent by defining the script in the output. The receiver of the transaction merely provides a signature in the input script. Bitcoin developers realized that this could be rather limiting when implementing more advanced financial transaction into the block chain. <br /><br /> Let's look at the multi-signature transaction we covered previously for an example. Let's say company A has set up a multi-signature address consisting of 16 private/public key pairs. If a customer wants to send Bitcoins to that address, the customer needs to specify all 16 public keys in the output script. This is far more cumbersome than a standard transaction where the transaction sender needs to only know 1 Bitcoin address. In addition, the customer needs to pay a very high transaction fee for sending to company A's multi-signature address. This is because the <a href="https://en.bitcoin.it/wiki/Transaction_fees">transaction fee</a> in Bitcoin is determined by the size (as in how many bytes it takes up) of the transaction, and a transaction with an output script containing 16 public keys in rather large (since each one takes up 65 bytes, that's 1040 bytes total) <br /><br /> The Bitcoin developers needed a solution where the transaction creator does not need to know the full details of how the transaction receiver will redeem his coins. The solution is “Pay to Script Hash” as specified in <a href="https://github.com/bitcoin/bips/blob/master/bip-0016.mediawiki">Bitcoin Improvement Protocol 16</a> (BIP 16) and it was implemented on March 2012 in the Bitcoin core source code. The goal of the “Pay to Script Hash”, as you can tell from its name, is to allow the transaction creator to send Bitcoins to the hash of a script. Essentially the hash of a complex Bitcoin script can be used as an address that the transaction creator sends Bitcoins to. <br /><br /> The mechanism that makes this possible is to allow for a script within a script. When using “Pay to Script Hash”, the transaction creator uses the output script below. The output script contains <scriptHash> which is a hash (SHA256 and then RIPEMD-160) of a script.<br /><br /><i>Output Script:</i><br /> OP_HASH160 <scriptHash> OP_EQUAL<br /><br /> The transaction receiver can then redeem the output by using the input script below. The input script contains one or more signatures in <signatures...>. There is also a script within the input script in <serialized script> which is initially treated as a constant. <br /><br /><i>Input Script:</i><br /> <signatures...><serialized script><br /><br /> So for example, a 1 of 2 multi-signature transactions , the input script would look like below. We use this example to walk through the full "Pay To Script Hash" in Figure E.<br /><br /><i>Input Script: </i><br /> <signatures...> = <signature_1> <br /> <serialized script> = OP_1 <pubKey_1><pubKey_2> OP_2 OP_CHECK_MULTISIG<br /> </span></span></span></span><br />
<span style="color: black;"><span style="font-family: Arial, sans-serif;"><span style="font-size: small;"><span style="background: transparent;">
<style type="text/css">TD P { margin-bottom: 0in; }P { margin-bottom: 0.08in; }A:link { }</style>
</span></span></span></span><br />
<div style="font-style: normal; font-variant: normal; font-weight: normal; line-height: 114%; margin-bottom: 0in; text-decoration: none;">
<br /></div>
<table cellpadding="7" cellspacing="0" style="width: 653px;">
<colgroup><col width="44"></col>
<col width="128"></col>
<col width="174"></col>
<col width="249"></col>
</colgroup><tbody>
<tr>
<td style="border: 1px solid #000000; padding: 0.07in;" width="44"><div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">Step</span></span></span></span></div>
</td>
<td style="border: 1px solid #000000; padding: 0.07in;" width="128"><div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">Data
Stack</span></span></span></span></div>
</td>
<td style="border: 1px solid #000000; padding: 0.07in;" width="174"><div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">Instruction
Stack</span></span></span></span></div>
</td>
<td style="border: 1px solid #000000; padding: 0.07in;" width="249"><div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">Explanation
</span></span></span></span>
</div>
</td>
</tr>
<tr>
<td style="border: 1px solid #000000; padding: 0.07in;" width="44"><div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">1.</span></span></span></span></div>
</td>
<td style="border: 1px solid #000000; padding: 0.07in;" width="128"><div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">Empty</span></span></span></span></div>
</td>
<td style="border: 1px solid #000000; padding: 0.07in;" width="174"><div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<br /></div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;"><signature_1></span></span></span></span></div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;"><serialized
script></span></span></span></span></div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">OP_HASH160<br /><script
hash></span></span></span></span></div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">OP_EQUAL</span></span></span></span></div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">OP_CHECK_MULTISIG</span></span></span></span></div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="background: transparent;"> </span></span>
</div>
</td>
<td style="border: 1px solid #000000; padding: 0.07in;" width="249"><div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">The
entire script is combined in the instruction stack. The pay to
script hash method is recognized. <serialized script> contains OP_1<pubKey_1><pubkey_2>OP_2 OP_CHECK_MULTISIG but is initially treated as a constant. </span></span></span></span></div>
</td>
</tr>
<tr>
<td style="border: 1px solid #000000; padding: 0.07in;" width="44"><div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">2.</span></span></span></span></div>
</td>
<td style="border: 1px solid #000000; padding: 0.07in;" width="128"><div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<br /></div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;"><serialized
script></span></span></span></span></div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;"><signature_1></span></span></span></span></div>
</td>
<td style="border: 1px solid #000000; padding: 0.07in;" width="174"><div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;"><OP_HASH160></span></span></span></span></div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;"><script
hash></span></span></span></span></div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;"><OP_EQUAL></span></span></span></span></div>
</td>
<td style="border: 1px solid #000000; padding: 0.07in;" width="249"><span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">Constants are pushed onto the data stack sequentially. </span></span></span></span></td>
</tr>
<tr>
<td style="border: 1px solid #000000; padding: 0.07in;" width="44"><div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">3.</span></span></span></span></div>
</td>
<td style="border: 1px solid #000000; padding: 0.07in;" width="128"><div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;"><script
hash></span></span></span></span></div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;"><serialized
script></span></span></span></span></div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;"><signature_1></span></span></span></span></div>
</td>
<td style="border: 1px solid #000000; padding: 0.07in;" width="174"><div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;"><script
hash><br /><OP_EQUAL></span></span></span></span></div>
</td>
<td style="border: 1px solid #000000; padding: 0.07in;" width="249"><div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">OP_HASH160 hashes (SHA256 and then RIPEMD-160) the serialized script and puts it on the data stack. </span></span></span></span>
</div>
</td>
</tr>
<tr>
<td style="border-bottom: 1px solid #000000; border-left: 1px solid #000000; border-right: 1px solid #000000; border-top: none; padding-bottom: 0.07in; padding-left: 0.07in; padding-right: 0.07in; padding-top: 0in;" width="44"><div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">4.</span></span></span></span></div>
</td>
<td style="border-bottom: 1px solid #000000; border-left: 1px solid #000000; border-right: 1px solid #000000; border-top: none; padding-bottom: 0.07in; padding-left: 0.07in; padding-right: 0.07in; padding-top: 0in;" width="128"><div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;"><script
hash></span></span></span></span></div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;"><script
hash></span></span></span></span></div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;"><serialized
script></span></span></span></span></div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;"><signature_1></span></span></span></span></div>
</td>
<td style="border-bottom: 1px solid #000000; border-left: 1px solid #000000; border-right: 1px solid #000000; border-top: none; padding-bottom: 0.07in; padding-left: 0.07in; padding-right: 0.07in; padding-top: 0in;" width="174"><div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">OP_EQUAL</span></span></span></span></div>
</td>
<td style="border-bottom: 1px solid #000000; border-left: 1px solid #000000; border-right: 1px solid #000000; border-top: none; padding-bottom: 0.07in; padding-left: 0.07in; padding-right: 0.07in; padding-top: 0in;" width="249"><span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;"><script hash> is pushed onto the data stack.</span></span></span></span></td>
</tr>
<tr>
<td style="border-bottom: 1px solid #000000; border-left: 1px solid #000000; border-right: 1px solid #000000; border-top: none; padding-bottom: 0.07in; padding-left: 0.07in; padding-right: 0.07in; padding-top: 0in;" width="44"><div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">5.
</span></span></span></span>
</div>
</td>
<td style="border-bottom: 1px solid #000000; border-left: 1px solid #000000; border-right: 1px solid #000000; border-top: none; padding-bottom: 0.07in; padding-left: 0.07in; padding-right: 0.07in; padding-top: 0in;" width="128"><div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">True</span></span></span></span></div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;"><serialized
script></span></span></span></span></div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;"><signature_1></span></span></span></span></div>
</td>
<td style="border-bottom: 1px solid #000000; border-left: 1px solid #000000; border-right: 1px solid #000000; border-top: none; padding-bottom: 0.07in; padding-left: 0.07in; padding-right: 0.07in; padding-top: 0in;" width="174"><div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<br /></div>
</td>
<td style="border-bottom: 1px solid #000000; border-left: 1px solid #000000; border-right: 1px solid #000000; border-top: none; padding-bottom: 0.07in; padding-left: 0.07in; padding-right: 0.07in; padding-top: 0in;" width="249"><div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">OP_EQUAL
compares the two <script hash> and verifies that they are
equal. We have now passed the first step of validation. </span></span></span></span>
</div>
</td>
</tr>
<tr>
<td style="border-bottom: 1px solid #000000; border-left: 1px solid #000000; border-right: 1px solid #000000; border-top: none; padding-bottom: 0.07in; padding-left: 0.07in; padding-right: 0.07in; padding-top: 0in;" width="44"><div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">6.</span></span></span></span></div>
</td>
<td style="border-bottom: 1px solid #000000; border-left: 1px solid #000000; border-right: 1px solid #000000; border-top: none; padding-bottom: 0.07in; padding-left: 0.07in; padding-right: 0.07in; padding-top: 0in;" width="128"><div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">Empty
</span></span></span></span>
</div>
</td>
<td style="border-bottom: 1px solid #000000; border-left: 1px solid #000000; border-right: 1px solid #000000; border-top: none; padding-bottom: 0.07in; padding-left: 0.07in; padding-right: 0.07in; padding-top: 0in;" width="174"><div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;"><signatures_1></span></span></span></span></div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">OP_1</span></span></span></span></div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;"><pubKey_1></span></span></span></span></div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;"><pubKey_2></span></span></span></span></div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">OP_2</span></span></span></span></div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">CHECK_MULTISIG</span></span></span></span></div>
</td>
<td style="border-bottom: 1px solid #000000; border-left: 1px solid #000000; border-right: 1px solid #000000; border-top: none; padding-bottom: 0.07in; padding-left: 0.07in; padding-right: 0.07in; padding-top: 0in;" width="249"><div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">Since
it has been recognized in step 1 that this is a “Pay to Script
Hash”. </span></span></span></span>
</div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;"><serialized
script> and <signatures...> is moved off the data stack
and back on the instruction stack. The serialized script will be
de-serialized. </span></span></span></span>
</div>
</td>
</tr>
<tr>
<td style="border-bottom: 1px solid #000000; border-left: 1px solid #000000; border-right: 1px solid #000000; border-top: none; padding-bottom: 0.07in; padding-left: 0.07in; padding-right: 0.07in; padding-top: 0in;" width="44"><div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">7.</span></span></span></span></div>
</td>
<td style="border-bottom: 1px solid #000000; border-left: 1px solid #000000; border-right: 1px solid #000000; border-top: none; padding-bottom: 0.07in; padding-left: 0.07in; padding-right: 0.07in; padding-top: 0in;" width="128"><div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">OP_2</span></span></span></span></div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;"><pubKey_2></span></span></span></span></div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;"><pubKey_1></span></span></span></span></div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">OP_1</span></span></span></span></div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;"><signatures_1></span></span></span></span></div>
</td>
<td style="border-bottom: 1px solid #000000; border-left: 1px solid #000000; border-right: 1px solid #000000; border-top: none; padding-bottom: 0.07in; padding-left: 0.07in; padding-right: 0.07in; padding-top: 0in;" width="174"><div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">CHECK_MULTISIG</span></span></span></span></div>
</td>
<td style="border-bottom: 1px solid #000000; border-left: 1px solid #000000; border-right: 1px solid #000000; border-top: none; padding-bottom: 0.07in; padding-left: 0.07in; padding-right: 0.07in; padding-top: 0in;" width="249"><div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">Constants
are moved on to the data stack.</span></span></span></span></div>
</td>
</tr>
<tr>
<td style="border-bottom: 1px solid #000000; border-left: 1px solid #000000; border-right: 1px solid #000000; border-top: none; padding-bottom: 0.07in; padding-left: 0.07in; padding-right: 0.07in; padding-top: 0in;" width="44"><div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">8.</span></span></span></span></div>
</td>
<td style="border-bottom: 1px solid #000000; border-left: 1px solid #000000; border-right: 1px solid #000000; border-top: none; padding-bottom: 0.07in; padding-left: 0.07in; padding-right: 0.07in; padding-top: 0in;" width="128"><div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">True</span></span></span></span></div>
</td>
<td style="border-bottom: 1px solid #000000; border-left: 1px solid #000000; border-right: 1px solid #000000; border-top: none; padding-bottom: 0.07in; padding-left: 0.07in; padding-right: 0.07in; padding-top: 0in;" width="174"><div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">Empty</span></span></span></span></div>
</td>
<td style="border-bottom: 1px solid #000000; border-left: 1px solid #000000; border-right: 1px solid #000000; border-top: none; padding-bottom: 0.07in; padding-left: 0.07in; padding-right: 0.07in; padding-top: 0in;" width="249"><div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">OP_CHECK_MULTISIG
checks to see if the 1 signature belongs to 1 of the 2 public
keys. If it does, returns True. The script has now passed the
second step of validation.</span></span></span></span></div>
</td>
</tr>
</tbody></table>
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="color: black;"><span style="font-size: small;"><i><span style="background: transparent;">Figure
E</span></i></span></span></span><br />
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span>
<span style="color: black;"><span style="font-family: Arial, sans-serif;"><span style="font-size: small;"><span style="background: transparent;"> Now it should be clear how the script within a script works to make “Pay to Script Hash” possible. Notice that there is a two step validation process. One is for validating that the <script hash> in the output matches the hash of <serialized script> in the input. The other is for validating the script contained within <serialized script>. The two step validation process is used by the Bitcoin node only in the case where the output script is recognized as a "Pay to Script Hash". </span></span></span></span><br />
<br />
<span style="font-family: Arial,Helvetica,sans-serif;"> </span>
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span>
<br />
<br />
<br />
<b><span style="color: black;"><span style="font-family: Arial, sans-serif;"><span style="font-size: small;"><span style="background: transparent;"> </span></span></span></span></b>
</div>
</div>
</div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-3711467895183670801.post-8878589025201298452014-07-30T12:12:00.002-07:002014-08-03T15:20:34.540-07:00Scripting in Bitcoin: Part 1<style type="text/css">TD P { margin-bottom: 0in; }P { margin-bottom: 0.08in; }A:link { }</style>
<br />
<div align="LEFT" style="font-style: normal; font-variant: normal; line-height: 114%; margin-bottom: 0in; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial, sans-serif;"><span style="font-size: small;"><b><span style="background: transparent;">Scripting
In Bitcoin: Part 1 </span></b></span></span></span>
</div>
<br />
<br />
<span style="font-family: Arial, sans-serif;"><span style="font-size: small;"><i>This is a work in
progress, and the contents of these articles may be edited for
corrections and clarifications. </i></span></span><br />
<br />
<span style="font-family: Arial, sans-serif;"><span style="font-size: small;"><i>Part 1</i></span></span><br />
<div style="font-variant: normal; font-weight: normal; line-height: 114%; margin-bottom: 0in; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial, sans-serif;"><span style="font-size: small;"><span style="background: transparent;">1.Introduction
</span></span></span></span>
</div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; line-height: 114%; margin-bottom: 0in; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial, sans-serif;"><span style="font-size: small;"><span style="background: transparent;">2.Basics
of the Scripting Language.</span></span></span></span></div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; line-height: 114%; margin-bottom: 0in; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial, sans-serif;"><span style="font-size: small;"><span style="background: transparent;">3.Basics
of Bitcoin Transactions</span></span></span></span><br />
<br />
<a href="http://kaykurokawa.blogspot.com/2014/07/scripting-in-bitcoin-part-2.html"><span style="color: black;"><span style="font-family: Arial, sans-serif;"><span style="font-size: small;"><span style="background: transparent;"><i>Part 2</i></span></span></span></span></a></div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; line-height: 114%; margin-bottom: 0in; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial, sans-serif;"><span style="font-size: small;"><span style="background: transparent;">3.Pay to Pub Key Hash<i><br /></i></span></span></span></span></div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; line-height: 114%; margin-bottom: 0in; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial, sans-serif;"><span style="font-size: small;"><span style="background: transparent;">4.Multi-Signature
Transactions<i><br /></i></span></span></span></span></div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; line-height: 114%; margin-bottom: 0in; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial, sans-serif;"><span style="font-size: small;"><span style="background: transparent;">5.Pay
To Script Hash</span></span></span></span>
</div>
<br />
<br />
<div style="font-style: normal; font-variant: normal; line-height: 114%; margin-bottom: 0in; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial, sans-serif;"><span style="font-size: small;"><b><span style="background: transparent;">1.
Introduction </span></b></span></span></span>
</div>
<br />
<br />
<style type="text/css">P { margin-bottom: 0.08in; }A:link { }</style>
<br />
<div style="font-style: normal; font-variant: normal; font-weight: normal; line-height: 114%; margin-bottom: 0in; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial, sans-serif;"><span style="font-size: small;"><span style="background: transparent;">The
“virtual money” aspect of Bitcoin is simple to explain to the
average person. However, there is a hidden and rather complex
technical specification that makes Bitcoin revolutionary and more
than just coins inside a computer. The technical specification that
is revolutionary is the scripting language in Bitcoin. Satoshi
was a smart guy and understood that there was much more that could be
done with Bitcoin beyond its use as “virtual money”. He figured
out that in theory, Bitcoin's blockchain technology could be used for
any kind of complex financial agreements. It could be used to handle
more than just simple transactions of Bitcoins between Alice's and
Bob's. It could be used to create contracts, escrow, options,
derivatives, or any kind of conditional transactions that depend on
input from the outside world. </span></span></span></span>
</div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; line-height: 114%; margin-bottom: 0in; text-decoration: none;">
<br /></div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; line-height: 114%; margin-bottom: 0in; text-decoration: none;">
<span style="color: black;"><span style="background: transparent;">
<span style="font-family: Arial, sans-serif;"><span style="font-size: small;">Satoshi determined that
in order to describe complex financial agreements within the
blockchain, there would need to be a language built into it. This is
what we call the scripting language of Bitcoin. The definition of a
“scripting language” is generally interchangeable with
“programming language”. To a programmer, something that is a
“scripting language” is a programming language that is simple and
designed to do one specific task very well. For example, Bash is a
scripting language designed to call other programs in the Linux
operating system. The scripting language in Bitcoin is designed to
specify cryptographic financial transactions and agreements. </span></span></span></span>
</div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; line-height: 114%; margin-bottom: 0in; text-decoration: none;">
<br />
<style type="text/css">P { margin-bottom: 0.08in; }A:link { }</style>
<br />
<div style="font-style: normal; font-variant: normal; font-weight: normal; line-height: 114%; margin-bottom: 0in; text-decoration: none;">
<span style="color: black;"><span style="background: transparent;"> <span style="font-family: Arial, sans-serif;"><span style="font-size: small;">In
this series of articles, we will explain the technical details of how
the scripting language works in Bitcoin to facilitate transactions.
We will begin by describing the basics of the language. Than we will
cover the basics of Bitcoin's transactions. Next, we will describe
how the standard “Pay to Pub Key Hash” method and multi-signature
transactions work. Finally, we will cover the “Pay to Script Hash”
method. </span></span></span></span>
</div>
</div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; line-height: 114%; margin-bottom: 0in; text-decoration: none;">
<br /></div>
<div style="line-height: 114%; margin-bottom: 0in;">
<span style="font-variant: normal;"><span style="color: black;"><span style="text-decoration: none;"><span style="background: transparent;">
<span style="font-family: Arial, sans-serif;"><span style="font-size: small;"><span style="font-style: normal;"><span style="font-weight: normal;">A
lot of the information found here can be found elsewhere such as in
the Bitcoin wiki for </span></span></span></span></span></span></span></span><a href="https://en.bitcoin.it/wiki/Script"><span style="font-variant: normal;"><span style="color: #1155cc;"><span style="text-decoration: none;"><span style="font-family: Arial, sans-serif;"><span style="font-size: small;"><span style="font-style: normal;"><u><span style="font-weight: normal;"><span style="background: transparent;">Scripts</span></span></u></span></span></span></span></span></span></a><span style="font-variant: normal;"><span style="color: black;"><span style="text-decoration: none;"><span style="font-family: Arial, sans-serif;"><span style="font-size: small;"><span style="background: transparent;">
</span></span></span></span></span></span><span style="font-variant: normal;"><span style="color: black;"><span style="text-decoration: none;"><span style="font-family: Arial, sans-serif;"><span style="font-size: small;"><span style="font-style: normal;"><span style="font-weight: normal;"><span style="background: transparent;">and
</span></span></span></span></span></span></span></span><a href="https://en.bitcoin.it/wiki/Transactions"><span style="font-variant: normal;"><span style="color: #1155cc;"><span style="text-decoration: none;"><span style="font-family: Arial, sans-serif;"><span style="font-size: small;"><span style="font-style: normal;"><u><span style="font-weight: normal;"><span style="background: transparent;">Transactions</span></span></u></span></span></span></span></span></span></a><span style="font-variant: normal;"><span style="color: black;"><span style="text-decoration: none;"><span style="font-family: Arial, sans-serif;"><span style="font-size: small;"><span style="background: transparent;">
,</span></span></span></span></span></span><span style="font-variant: normal;"><span style="color: black;"><span style="text-decoration: none;"><span style="font-family: Arial, sans-serif;"><span style="font-size: small;"><span style="font-style: normal;"><span style="font-weight: normal;"><span style="background: transparent;">
but I hope to present the material in a more sequential and easy to
understand manner. The currently available reading material on
multi-signature transactions, and “Pay to Script Hash” is
especially lacking, so these articles will try to fill that gap. You
should have a basic knowledge of Bitcoin in order to fully understand
these articles. At minimum, you should know the details behind how
Bitcoin addresses work. The pages below are recommended prior reading
materials. </span></span></span></span></span></span></span></span>
</div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; line-height: 114%; margin-bottom: 0in; text-decoration: none;">
<br /></div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; line-height: 114%; margin-bottom: 0in; text-decoration: none;">
<br /></div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; line-height: 114%; margin-bottom: 0in; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial, sans-serif;"><span style="font-size: small;"><span style="background: transparent;"><a href="https://en.bitcoin.it/wiki/Introduction">https://en.bitcoin.it/wiki/Introduction</a></span></span></span></span></div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; line-height: 114%; margin-bottom: 0in; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;"><a href="https://en.bitcoin.it/wiki/Address"><span style="font-family: Arial, sans-serif;"><span style="font-size: small;">https://en.bitcoin.it/wiki/Address</span></span></a></span></span></span></span></div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; line-height: 114%; margin-bottom: 0in; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;"><a href="https://en.bitcoin.it/wiki/Technical_background_of_Bitcoin_addresses"><span style="font-family: Arial, sans-serif;"><span style="font-size: small;">https://en.bitcoin.it/wiki/Technical_background_of_Bitcoin_addresses</span></span></a></span></span></span></span></div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; line-height: 114%; margin-bottom: 0in; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial, sans-serif;"><span style="font-size: small;"><span style="background: transparent;"><a href="https://en.bitcoin.it/wiki/Elliptic_Curve_Digital_Signature_Algorithm">https://en.bitcoin.it/wiki/Elliptic_Curve_Digital_Signature_Algorithm</a></span></span></span></span></div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; line-height: 114%; margin-bottom: 0in; text-decoration: none;">
<br /></div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; line-height: 114%; margin-bottom: 0in; text-decoration: none;">
<br /></div>
<div style="font-style: normal; font-variant: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial, sans-serif;"><span style="font-size: small;"><b><span style="background: transparent;">2.
Basics of the Scripting Language</span></b></span></span></span></div>
<div style="font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial, sans-serif;"><span style="font-size: small;"><i><span style="background: transparent;"> </span></i></span></span></span></div>
<div style="font-variant: normal; font-weight: normal; text-decoration: none;">
<br />
<br /></div>
<div style="line-height: 114%; margin-bottom: 0in;">
<span style="font-variant: normal;"><span style="color: black;"><span style="text-decoration: none;"><span style="background: transparent;">
<span style="font-family: Arial, sans-serif;"><span style="font-size: small;"><span style="font-style: normal;"><span style="font-weight: normal;">The
scripting language in Bitcoin is a <a href="http://en.wikipedia.org/wiki/Stack-oriented_programming_language">stack
based language</a>. A <a href="http://en.wikipedia.org/wiki/Stack_%28abstract_data_type%29">stack</a>
is a data structure where the first object you put into the stack is
the last thing that comes out. All operation in a stack based
programming language is done on the stack. Satoshi implemented the
stack based scripting language in the very first version of the
Bitcoin software released in January of 2009. Since he made no
mention of the scripting language in the original white paper
released in November 2008, it could be assumed that this was
something he created between those two times. </span></span></span></span></span></span></span></span>
</div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; line-height: 114%; margin-bottom: 0in; text-decoration: none;">
<br /></div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; line-height: 114%; margin-bottom: 0in; text-decoration: none;">
<span style="color: black;"><span style="background: transparent;"> <span style="font-family: Arial, sans-serif;"><span style="font-size: small;">In
the Bitcoin scripting language, there are two stacks: the instruction
stack and the data stack. The instruction stack contains the actual
script that needs to be executed. Instructions from the instruction
stack is removed and executed one by one. Each instruction performs
its task by manipulating the data stack. A walk through of a simple
program is the easiest way to understand how a stack based language
works. Below, we walk through an example program “OP_4 OP_6
OP_ADD”. “OP_4 OP_6 OP_ADD” contains three op codes (or
instructions) and you can see in Figure A how they function. </span></span></span></span><br />
<span style="color: black;"><span style="background: transparent;"><span style="font-family: Arial, sans-serif;"><span style="font-size: small;"> </span></span></span></span>
</div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; line-height: 114%; margin-bottom: 0in; text-decoration: none;">
<a href="https://www.blogger.com/null" name="docs-internal-guid-35c995c7-8892-0786-c0a1-f1a5103845b7"></a>
</div>
<table cellpadding="7" cellspacing="0" style="width: 653px;">
<colgroup><col width="72"></col>
<col width="106"></col>
<col width="141"></col>
<col width="277"></col>
</colgroup><tbody>
<tr>
<td style="border: 1px solid #000000; padding: 0.07in;" width="72"><div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">Step</span></span></span></span></div>
</td>
<td style="border: 1px solid #000000; padding: 0.07in;" width="106"><div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">Data
Stack</span></span></span></span></div>
</td>
<td style="border: 1px solid #000000; padding: 0.07in;" width="141"><div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">Instruction
Stack</span></span></span></span></div>
</td>
<td style="border: 1px solid #000000; padding: 0.07in;" width="277"><div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">Explanation
</span></span></span></span>
</div>
</td>
</tr>
<tr>
<td style="border: 1px solid #000000; padding: 0.07in;" width="72"><div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">1.</span></span></span></span></div>
</td>
<td style="border: 1px solid #000000; padding: 0.07in;" width="106"><div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">Empty</span></span></span></span></div>
</td>
<td style="border: 1px solid #000000; padding: 0.07in;" width="141"><div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">OP_4</span></span></span></span></div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">OP_6</span></span></span></span></div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">OP_ADD
</span></span></span></span>
</div>
</td>
<td style="border: 1px solid #000000; padding: 0.07in;" width="277"><div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">The
entire script is loaded into the instruction stack. The first
command to be executed is on the top of the stack, and the last
command to be executed is on the bottom of the stack.</span></span></span></span></div>
</td>
</tr>
<tr>
<td style="border: 1px solid #000000; padding: 0.07in;" width="72"><div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">2.</span></span></span></span></div>
</td>
<td style="border: 1px solid #000000; padding: 0.07in;" width="106"><div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">4</span></span></span></span></div>
</td>
<td style="border: 1px solid #000000; padding: 0.07in;" width="141"><div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">OP_6</span></span></span></span></div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">OP_ADD</span></span></span></span></div>
</td>
<td style="border: 1px solid #000000; padding: 0.07in;" width="277"><span style="font-variant: normal;"><span style="color: black;"><span style="text-decoration: none;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="font-style: normal;"><span style="font-weight: normal;"><span style="background: transparent;">OP_4
is an instruction that says </span></span></span></span></span></span></span></span><span style="font-variant: normal;"><span style="color: black;"><span style="text-decoration: none;"><span style="background: transparent;">“</span></span></span></span><span style="font-variant: normal;"><span style="color: black;"><span style="text-decoration: none;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="font-style: normal;"><span style="font-weight: normal;"><span style="background: transparent;">take
the number 4 and put it on the data stack.”, thus OP_4 gets
removed from the instruction stack and the number 4 gets put on
the data stack.</span></span></span></span></span></span></span></span></td>
</tr>
<tr>
<td style="border: 1px solid #000000; padding: 0.07in;" width="72"><div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">3.</span></span></span></span></div>
</td>
<td style="border: 1px solid #000000; padding: 0.07in;" width="106"><div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">6</span></span></span></span></div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">4</span></span></span></span></div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<br /></div>
</td>
<td style="border: 1px solid #000000; padding: 0.07in;" width="141"><div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">OP_ADD</span></span></span></span></div>
</td>
<td style="border: 1px solid #000000; padding: 0.07in;" width="277"><div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">OP_6
works the same way as OP_4, except it puts the number “6” on
the data stack. </span></span></span></span>
</div>
</td>
</tr>
<tr>
<td style="border: 1px solid #000000; padding: 0.07in;" width="72"><div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">4.</span></span></span></span></div>
</td>
<td style="border: 1px solid #000000; padding: 0.07in;" width="106"><div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">10</span></span></span></span></div>
</td>
<td style="border: 1px solid #000000; padding: 0.07in;" width="141"><div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">Empty
</span></span></span></span>
</div>
</td>
<td style="border: 1px solid #000000; padding: 0.07in;" width="277"><div style="font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="background: transparent;">OP_ADD
is an instruction that says remove the two topmost data on the
data stack, add it together, and put the result on the data stack.
</span></span></span></span>
</div>
</td>
</tr>
</tbody></table>
<div style="font-variant: normal; font-weight: normal; line-height: 114%; margin-bottom: 0in; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial, sans-serif;"><span style="font-size: small;"><i><span style="background: transparent;">Figure A</span></i></span></span></span></div>
<div style="font-variant: normal; font-weight: normal; line-height: 114%; margin-bottom: 0in; text-decoration: none;">
<br /></div>
<div style="line-height: 114%; margin-bottom: 0in;">
<span style="font-family: Arial, sans-serif;"><span style="font-size: small;"> </span></span></div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; line-height: 114%; margin-bottom: 0in; text-decoration: none;">
<span style="color: black;"><span style="background: transparent;">
<span style="font-family: Arial, sans-serif;"><span style="font-size: small;">Walking through this
simple example, we can see the reason that Satoshi chose a stack
based language for the scripting. The advantage of a stack based
language is that the state of the program is always clearly defined
by the data stack. This makes it easy to spot potential errors in the
implementation of the scripting language. It is incredibly important
for the scripting language to be error free as bugs can threaten the
security of the blockchain. </span></span></span></span>
</div>
<div style="line-height: 114%; margin-bottom: 0in;">
<br /></div>
<div style="line-height: 114%; margin-bottom: 0in;">
<br /></div>
<div style="font-style: normal; font-variant: normal; line-height: 114%; margin-bottom: 0in; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial, sans-serif;"><span style="font-size: small;"><b><span style="background: transparent;">3.
Basics of Bitcoin Transactions</span></b></span></span></span></div>
<br />
<br />
<div style="line-height: 114%; margin-bottom: 0in;">
<span style="color: black;"><span style="background: transparent;"><span style="font-variant: normal;"><span style="text-decoration: none;">
<span style="font-family: Arial, sans-serif;"><span style="font-size: small;"><span style="font-style: normal;"><span style="font-weight: normal;">We
will start by covering the basics of what a Bitcoin transaction looks
like. </span></span></span></span></span></span><span style="font-family: Arial, sans-serif;"><span style="font-size: small;"><span style="font-family: Arial, sans-serif;">This
is necessary in order to understand the scripting language in
Bitcoin, because the scripts are contained in the transactions.</span><span style="font-variant: normal;"><span style="text-decoration: none;"><span style="font-style: normal;"><span style="font-weight: normal;">
In a Bitcoin transaction, there is always at least one input and one
output. Most transactions will contain multiple inputs and outputs.
An input describes where the Bitcoins come from and an output
describes where the Bitcoins will be spent. </span></span></span></span></span></span></span></span>
</div>
<br />
<div style="line-height: 114%; margin-bottom: 0in;">
<span style="font-variant: normal;"><span style="color: black;"><span style="text-decoration: none;"><span style="background: transparent;">
<span style="font-family: Arial, sans-serif;"><span style="font-size: small;"><span style="font-style: normal;"><span style="font-weight: normal;">An
input must describe where the Bitcoins come from by referring to the
output of a previous transaction. This becomes obvious when you
realize that any coins you want to send, must have been sent to you
previously by another person. Furthermore, not only does an input
need to refer to the output that it comes from, it needs to prove
that the transaction creator has rights to access that specific
output. This is done through a cryptographic signature derived from
the private key that the transaction creator owns ( if this is
confusing to you, please read the Bitcoin wiki on </span></span></span></span></span></span></span></span><a href="https://en.bitcoin.it/wiki/Technical_background_of_Bitcoin_addresses%20"><span style="font-family: Arial, sans-serif;"><span style="font-size: small;">Bitcoin
Addresses</span></span></a><span style="font-variant: normal;"><span style="color: black;"><span style="text-decoration: none;"><span style="font-family: Arial, sans-serif;"><span style="font-size: small;"><span style="font-style: normal;"><span style="font-weight: normal;"><span style="background: transparent;">
and </span></span></span></span></span></span></span></span><a href="https://en.bitcoin.it/wiki/Elliptic_Curve_Digital_Signature_Algorithm"><span style="font-family: Arial, sans-serif;"><span style="font-size: small;">Elliptic
Curve Digital Signature Algorithm</span></span></a><span style="font-variant: normal;"><span style="color: black;"><span style="text-decoration: none;"><span style="font-family: Arial, sans-serif;"><span style="font-size: small;"><span style="font-style: normal;"><span style="font-weight: normal;"><span style="background: transparent;">
before proceeding).</span></span></span></span></span></span></span></span></div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; line-height: 114%; margin-bottom: 0in; text-decoration: none;">
<br /></div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; line-height: 114%; margin-bottom: 0in; text-decoration: none;">
<span style="color: black;"><span style="background: transparent;"> <span style="font-family: Arial, sans-serif;"><span style="font-size: small;">The
output must describe how much Bitcoins are spent from the input and
describe where the Bitcoins will be spent. The output commonly
describes where the Bitcoins will be spent by referring to the
Bitcoin address of the transaction receiver. Essentially, this allows
us to link outputs from previous transactions to inputs of new
transactions.</span></span></span></span><br />
<span style="color: black;"><span style="background: transparent;"><span style="font-family: Arial, sans-serif;"><span style="font-size: small;"> </span></span></span></span></div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; line-height: 114%; margin-bottom: 0in; text-decoration: none;">
<span style="color: black;"><span style="font-family: Arial, sans-serif;"><span style="font-size: small;"><span style="background: transparent;"> </span></span></span></span></div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; line-height: 114%; margin-bottom: 0in; text-decoration: none;">
<span style="color: black;"><span style="background: transparent;">
<span style="font-family: Arial, sans-serif;"><span style="font-size: small;">Walking through a simple
scenario will make this more clear. Referring to the below Figure B,
we have a scenario where Bob wants to send 1 Bitcoin to Chris. Bob
received 1 Bitcoin from Alice some time ago in transaction 1, and
this is what he will send to Chris. Thus in Bob's transaction input,
he must refer to the output in transaction 1 and also provide his
signature using his private key. In his output, he will specify where
the Bitcoins will be spent by using Chris's Bitcoin address.</span></span></span></span></div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; line-height: 114%; margin-bottom: 0in; text-decoration: none;">
<br /></div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; line-height: 114%; margin-bottom: 0in; text-decoration: none;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhgkNim8Dld3TpN5qm01BUJiRwZ1DJMi0xKTB0RGNxOq2It3mdMKnSxL7lvkR3hwhBnh8xH99Ej1cBduVARRULMBDYT-EwXxJBgfBOnwuvufq7X_qZuEjFqXyhA40Uq0BRcRm5JspqRSBG-/s1600/scripting+figures.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhgkNim8Dld3TpN5qm01BUJiRwZ1DJMi0xKTB0RGNxOq2It3mdMKnSxL7lvkR3hwhBnh8xH99Ej1cBduVARRULMBDYT-EwXxJBgfBOnwuvufq7X_qZuEjFqXyhA40Uq0BRcRm5JspqRSBG-/s1600/scripting+figures.png" height="177" width="320" /></a></div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; line-height: 114%; margin-bottom: 0in; text-decoration: none;">
<br /></div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; line-height: 114%; margin-bottom: 0in; text-decoration: none;">
<br /></div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; line-height: 114%; margin-bottom: 0in; text-decoration: none;">
<br /></div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; line-height: 114%; margin-bottom: 0in; text-decoration: none;">
<br /></div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; line-height: 114%; margin-bottom: 0in; text-decoration: none;">
<span style="color: black;"><span style="background: transparent;">
</span></span>
</div>
<div style="font-variant: normal; line-height: 114%; margin-bottom: 0in; text-decoration: none;">
</div>
<div style="font-variant: normal; line-height: 114%; margin-bottom: 0in; text-decoration: none;">
<br /></div>
<div style="font-variant: normal; line-height: 114%; margin-bottom: 0in; text-decoration: none;">
<br /></div>
<div style="font-variant: normal; line-height: 114%; margin-bottom: 0in; text-decoration: none;">
<br /></div>
<div style="font-variant: normal; line-height: 114%; margin-bottom: 0in; text-decoration: none;">
<br /></div>
<div style="font-variant: normal; line-height: 114%; margin-bottom: 0in; text-decoration: none;">
<br /></div>
<div style="font-variant: normal; line-height: 114%; margin-bottom: 0in; text-decoration: none;">
<br /></div>
<div style="font-variant: normal; line-height: 114%; margin-bottom: 0in; text-decoration: none;">
<br />
<span style="color: black;"><span style="font-family: Arial, sans-serif;"><span style="font-size: small;"><i><span style="background: transparent;">Figure B </span></i></span></span></span>
</div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-3711467895183670801.post-5767546939260700452014-07-29T16:19:00.001-07:002020-11-02T14:19:34.665-08:00AboutMy name is Kay Kurokawa. I’m a software engineer with a decade of experience with a B.S and M.S from Carnegie Mellon University in Electrical and Computer Engineering. I’ve worked in a wide range of industries, from audio digital signal processing, algorithm development for spectrometry equipment, and high frequency trading in US equity markets. My main strength is turning complex technical specifications into reality. <br />
<br />
I started studying Bitcoins in early 2013, and realized that amazing things could be done with this technology. I helped launched <a href="http://lbry.io/">LBRY</a>, a peer to peer digital marketplace that utilizes the blockchain for name resolution. I've consulted for and <a href="http://www.kkurokawa.com/2015/10/atomic-cross-chain-transfer-overview.html">written</a> <a href="http://www.kkurokawa.com/2015/06/front-running-decentralized-exchanges.html">extensively</a> on decentralized cryptocurrency exchange platforms. I also spend my time spreading Bitcoin memes on social media and writing about cryptocurrencies here, and at <a href="https://medium.com/@kaykurokawa">Medium</a>.
<br />
<br />
<i>Social Media:</i> <a href="https://www.linkedin.com/in/kay-umpei-kurokawa-b96a3a10/">Linked-In</a>, <a href="https://twitter.com/kaykurokawa">Twitter</a><br />
<i>Email:</i> kay@kkurokawa.comUnknownnoreply@blogger.com0