Bitcoin Core version 0.19.0.1 released

Developers: Java Schnorr Signature Implementation Review

I believe the Secp256k1 Schnorr Signature verification implementation I wrote is the first-ever Java implementation. This is cool, but forces me to extra (extra) careful, since I can't bounce the signatures off a reference implementation. To my knowledge, even bitcoinj does not have Schnorr implemented (though they can achieve this with the JNI version of their libsecp25k1, if they recompile it with the flag enabled, I believe). Bouncy Castle also does not implement an Secp256k1 Schnorr verification--especially with the particular choices made by Pieter Wuille's implementation.
From what I can tell, Bitcoin ABC only has one signature verification check test--it's possible they have more, but I'm not terrifically familiar with their codebase, so it's possible I am just looking in the wrong place. Thanks rinexc for pointing out the additional Schnorr tests.
My (Bitcoin Verde's) implementation passes their test, but that's not to say it's 100% good to go (for instance, I had bug despite passing the original test: the r, s, and e variables weren't being parsed as unsigned integers up until a few minutes ago... which would have caused some valid signatures to fail had I not caught it).
Therefore, I'd love to have any cypherpunks review my implementation (at least those that are familiar with Pieter Wuille's BIP (and/or the 2019-05 HF), and are familiar with Java). That can be found here.
My (aka ABC's) single test is located here.
If you wish to pull down the full repo, the Schnorr implementation is currently found in the feature/schnorr-signatures/master branch.
Thanks!
submitted by FerriestaPatronum to btc [link] [comments]

Investigating the work behind bitcoin: An history of Schnorr signatures within Bitcoin.

Introduction

Schnorr signatures are currently on the Bitcoin core roadmap and an implementation was supposed to be released before the end of this year. Being a mathematician I have been inquiring about Schnorr signature, the math behind it and its implications for bitcoin if it is ever implemented. This post is a list of links if anyone also wants source on the subject.
TLDR: To sum it up, Schnorr signature were introduced first as a potential optimization (batch verifications) and then as a possible scheme for signature aggregation. None of this has been implemented yet as many theoretical issue remain. To know more on these issues and on what “signature aggregation means” please refer to the links in this post.

An history of Schnorr signature within Bitcoin

As you may or may not know:
Schnorr algorithm has long been at the top of the wish list for many Bitcoin developers.
And indeed, it has been a long time... Are they top priority for Bitcoin core? I do not know, but they seem to be pretty high up on the priority list. Here is a quick timeline:
  1. Hal Finney talks about speeding up signature verification by implementing “batch signature verification”. This does not refer to Schnorr, but it is the starting point. February 2011.
  2. Mike Hearn elaborates on “batch signature verification”. He mentions a paper by the famous cryptograph D. Bernstein which successfully implemented such batch verification by using the twisted Edwards curve Ed25519 which relies on Schnorr signatures. August 2012.
  3. An anonymous user released a white paper proposing Boneh–Lynn–Shacham in order to implement signature aggregation. September 2013.
  4. Adam Back talks about his preference for Schnorr signatures over ECDSA due to the possible signature aggregation. October 2013.
  5. Gregory Maxwell and Adam Back talk about Schnorr signatures natively supporting multisig. March 2014.
  6. Gavin Andresen mentions it on his wish list in October 2014.
  7. Here is pretty good summary on Schnorr signatures advantages by David Harding. January 2015.
  8. Gregory Maxwell mentions it (quite negatively I might add) during his talk at the SF Bitcoin Devs Seminar in April 2015. Once again the reference is related to multisig and signature aggregation (from minute mark 20 to 40 ish).
  9. Pieter Wuille and Gregory Maxwell wrote a Schnorr API which was committed on July/August 2015. The latest change date from December 2015 and regards documentation.
  10. Gregory Maxwell referenced the post#3 of this list as a starting point to justify the implementation of Schnorr signatures. His justifications are towards batch verification and signature aggregation. February 2016.
  11. Pieter Wuille talks at Scaling Bitcoin 2016 Milan about Schnorr signatures, the history, the advantages and the problems they face. October 2016 (from minute mark 38 to 1H05 ish).
  12. Bitcoin Core technology roadmap announcing an upcoming whitepaper on Schnorr signature but also a BIP which would be announced by the end of 2017. March 2017.
  13. Pieter Wuille says that there will be a concrete proposal and implementation in 2018. November 2017.
Edit: formatting.
submitted by Azeroth7 to btc [link] [comments]

On why 0.10's release notes say "we have reason to believe that libsecp256k1 is better tested and more thoroughly reviewed than the implementation in OpenSSL"

Today OpenSSL de-embargoed CVE-2014-3570 "Bignum squaring may produce incorrect results". That particular security advisory is not a concern for Bitcoin users, but it allows me to explain some of the context behind a slightly cryptic statement I made in the release notes for the upcoing Bitcoin Core 0.10:
"we have reason to believe that libsecp256k1 is better tested and more thoroughly reviewed than the implementation in OpenSSL"
Part of that "reason to believe" was our discovery of this OpenSSL flaw.
In Bitcoin Core 0.10 we are migrating transaction signing, and only signing for now, to a cryptographic library we're currently developing-- libsecp256k1-- which is intended to provide a high-speed, sidechannel avoiding, and high-assurance implementation of the underlying public-key cryptography used in Bitcoin. Doing this allows us to deliver safer and more reliable software that better fits Bitcoin's specific needs. The library is mostly the work of Bitcoin Core super-contributor Pieter Wuille (sipa), though many other people are working on it too-- software created alone tends to be inherently unreviewed. This library is part of what Pieter and I are working on at Blockstream.
During the development of libsecp256k1 we've been building a rather extensive test suite and employing a number of strategies to increase the assurance level of the software. Part of our testing verified the agreement of our internal functions with other implementations such as the ones in OpenSSL on random and specially-constructed random inputs. While doing this our tests turned up a case where OpenSSL's implementation of number squaring gave a wrong result. I've written a bit more about the technical details in a post in / programming. This error in OpenSSL could result in a number of cryptographic operations (for many different kinds of cryptosystems) yielding wrong results but due to good fortune the issue is not a concern for Bitcoin implementations.
The incorrectly squared numbers would be expected to be found randomly with probability around one in 2128, and so when one of the reference implementations of ed25519 had a very similar mistake some described it as "a bug that can only be found by auditing, not by randomized tests". But when we found this weren't auditing OpenSSL (the issue was burred deep in optimized code). Our tests used specially formed random numbers that were intended to explore a class of rare corner cases, a technique I'd previously used in the development of the Opus audio codec. Since our 'random' testing in libsecp256k1 was good enough to find one-in-a-{number too big to name} chance bugs which could "only be found by auditing" I'm a least a little bit proud of the work we've been doing there. (Obviously, we also use many other approaches than random testing on our own code.).
I generally don't consider my own software adequately enough tested until its tests have turned up a bug in a compiletoolchain. So far I've not encountered a compiler bug for libsecp256k1-- GCC and clang have been getting much better the last few years-- beyond some cases where the compiler produced brain-dead slow but correct output, so I may have to settle for discovering that a ubiquitous system library couldn't square correctly.
I consider this a fun example of how the Bitcoin ecosystem can contribute to driving forward the state of the art in the security of cryptographic tools, and how our needs justify higher level of assurance than has been found in common software in the past. This example isn't the only reason I have to believe that this new code is better tested and reviewed, but it's a very concrete example.
submitted by nullc to Bitcoin [link] [comments]

Schnorr signatures in Bitcoin?

Some movement from Bitcoin contributors to implement Schnorr signatures. Good BIP write-up: standard for 64-byte Schnorr signatures over the elliptic curve secp256k1. https://github.com/sipa/bips/blob/bip-schnorbip-schnorr.mediawiki#introduction https://github.com/bitcoin-core/secp256k1/pull/558
submitted by hansie_ to tari [link] [comments]

Butters planning to migrate Butt Core to self-developed crypto library, nothing could possibly go wrong

This post just brought to my attention that the core development team is apparently planning to migrate to a newly developed library named libsecp256k1 for cryptographic functionality.
 
In Bitcoin Core 0.10 we are migrating transaction signing, and only signing for now, to a cryptographic library we're currently developing-- libsecp256k1-- which is intended to provide a high-speed, sidechannel free, and high-assurance implementation of the underlying public-key cryptography used in Bitcoin.
 
This new library is mainly being developed by Pieter Wuille who seems to hold a Ph.D. in Engineering/CS according to his CV but does not seem to have any relevant professional or academic experience with cryptography. This is bad in so far as correctly implementing cryptographic methods is notoriously hard. Anyone who is not an experienced expert should not ever attempt to write crypto code for production use and even the experts make mistakes from time to time.
Elliptic curve cryptography can pose some implementation pitfalls which newer curves (e.g. Curve25519) try to avoid. This means that the security of an ECC scheme on these older curves can easily be compromised by mistakes in the implementation.
Having someone who is not a proven expert write a library like that from scratch and then deploying it into productive use without a lot of audits and long-term testing by people who know what they are doing is probably the worst thing you could do. But I'm sure nothing bad will happen.
TL;DR Never implement your own crypto and don't use obscure NIST curves. Of course, Butters are doing exactly that.
submitted by this_user to Buttcoin [link] [comments]

Bitcoin dev IRC meeting in layman's terms (2015-11-05)

Once again my attempt to summarize and explain the weekly bitcoin developer meeting in layman's terms. Link to last weeks summarization Note that I crosspost this to Voat, bitcoin.com and the bitcoin-discuss mailing list every week. I can't control what's being talking about in the meeting, if certain things come up I might not be able to post here because of "guidelines".
Disclaimer
Please bear in mind I'm not a developer and I'd have problems coding "hello world!", so some things might be incorrect or plain wrong. Like any other write-up it likely contains personal biases, although I try to stay as neutral as I can. There are no decisions being made in these meetings, so if I say "everyone agrees" this means everyone present in the meeting, that's not consensus, but since a fair amount of devs are present it's a good representation. The dev IRC and mailinglist are for bitcoin development purposes. If you have not contributed actual code to a bitcoin-implementation, this is probably not the place you want to reach out to. There are many places to discuss things that the developers read, including this sub-reddit.
link to this week logs Meeting minutes by meetbot
Main topics discussed where:
Sigcache performance Performance goals for 0.12 transaction priority sigops flooding attack chain limits
Short topics/notes
Note: cfields, mcelrath and BlueMatt (and maybe more) missed the meeting because of daylight saving time.
Closing date for proposals for the scaling bitcoin workshop is the 9th.
Check to see if there are any other commits for the 0.11.2 RC. As soon as 6948 and 6825 are merged it seems good to go. We need to move fairly quick as there are already miners voting for CLTV (F2Pool). Also testnet is CLTV locked already and is constantly forking. 0.11.2 RC1 has been released as of today: https://bitcoin.org/bin/bitcoin-core-0.11.2/test/
Most of the mempool-limiting analysis assumed child-pays-for-parent, however that isn't ready for 0.12 yet, so we should think about possible abuses in context of the existing mining algorithm.
Because of time-constrains opt-in replace-by-fee has been deferred to next weeks meeting, but most people seem to want it in 0.12. sdaftuar makes a note that we need to make clear to users what they need to do if they don't want to accept opt-in transactions.
Sigcache performance
The signature cache, which is in place to increase performance (by not having to check the signature multiple times), and to mitigate some attacks currently has a default limit of 50 000 signatures. Sipa has a pull-request which proposes to: Change the limit from number of entries to megabytes Change the default to 40MB, which corresponds to 500 000 signatures Store salted hashes instead of full entries Remove entries that have been validated in a block
Sipa did benchmarks for various signature cache sizes on hitrate in blocks (how many of the cached signatures are in the block). The maximum sigcache size was 68MB, resulting in a 3% miss-rate. Some blocks though have extremely high miss rates (60%) while others have none. Likely caused by miners running different policies. Gmaxwell proposed to always run script verification for mempool transactions, even if these transactions get rejected into the mempool by the clients policy. The result of that is that even a 300MB sigcache size only gets down to 15% misses. So there's too much crap being relayed to keep any reasonable sized cache. Gmaxwell points out downsides to not checking any rejected transactions, namely: there are some DOS attacks possible, and you increase your misrate if you set a policy which is more restrictive than the typical network, which might result in a race to the bottom.
Sipa continues his work and seeks out other strategies
Performance goals for 0.12
Bitcoin-core 0.12 is scheduled for release December 1st.
Everybody likes to include secp256k1 ASAP, as it has a very large performance increase. Some people would like to include the sigcache pull-request, BIP30, modifyNewCoins and a createNewBlock rewrite if it's ready. Wumpus advises against merging last-minute performance improvements for 0.12.
Mentioned pull-requests should be reviewed, prioritizing CreateNewBlock
transaction priority
Each transaction is assigned a priority, determined by the age, size, and number of inputs. Which makes some transactions free.
Sipa thinks we should get rid of the current priority completely and replace it with a function that modifies fee or size of a transaction. There's a pull-request available that optimizes the current transaction priority, thereby avoiding the political debate that goes with changing the definition of transaction priority. Luke-jr thinks the old policy should remain possible.
Check to see if PR #6357 is safe and efficient enough.
sigops flooding attack
The number of ECDSA signature-checking operations or sigops is currently limited to 20 000 per block. This in order to prevent miners creating blocks that take ages to verify as those operations are time-consuming. You could however construct transactions that have a very high sigops count and since most miners don't take into account the sigops count they end up with very small blocks because the sigop limit is reached. This attack is described here.
Suggestion to take the number of sigops relative to the maximum blocksize into account with the total size. Meaning a 10k sigops transaction would currently be viewed as 500kB in size (for that single transaction, not towards the block). That suggestion would be easy to change in the mining code, but more invasive to try and plug that into everything that looks at feerate. This would also open up attacks on the mempool if these transactions are not evicted by mempool limiting. Luke-jr has a bytes-per-sigop limit, that filters out these attack transactions.
More analysis should be done, people seem fine with the general direction of fixing it.
chain limits
Chain in this context means connected transactions. When you send a transaction that depends on another transaction that has yet to be confirmed we talk about a chain of transactions. Miners ideally take the whole chain into account instead of just every single transaction (although that's not widely implemented afaik). So while a single transaction might not have a sufficient fee, a depending transaction could have a high enough fee to make it worthwhile to mine both. This is commonly known as child-pays-for-parent. Since you can make these chains very big it's possible to clog up the mempool this way. With the recent malleability attacks, anyone who made transactions going multiple layers deep would've already encountered huge problems doing this (beautifully explained in let's talk bitcoin #258 from 13:50 onwards) Proposal and github link.
sdaftuar's analysis shows that 40% of blocks contain a chain that exceeds the proposed limits. Even a small bump doesn't make the problem go away. Possible sources of these chains: a service paying the fees on other transactions (child-pays-for-parent), an iOS wallet that gladly spends unconfirmed change. A business confirms they use child-pays-for-parent when they receive bitcoins from an unspent chain. It is possible that these long chains are delivered to miners directly, in which case they wouldn't be affected by the proposed relay limits (and by malleability). Since this is a problem that needs to be addressed, people seem fine with merging it anyway, communicating in advance to let businesses think about how this affects them.
Merge "Policy: Lower default limits for tx chains" Morcos will mail the developer mailing list after it's merged.
Participants
morcos Alex Morcos gmaxwell Gregory Maxwell wumpus Wladimir J. van der Laan sipa Pieter Wuille jgarzik Jeff Garzik Luke-Jr Luke Dashjr phantomcircuit Patrick Strateman sdaftuar Suhas Daftuar btcdrak btcdrak jouke ??Jouke Hofman?? jtimon Jorge Timón jonasschnelli Jonas Schnelli 
Comic relief
20:01 wumpus #meetingend 20:01 wumpus #meetingstop 20:01 gmaxwell Thanks all. 20:01 btcdrak #exitmeeting 20:01 gmaxwell #nomeetingnonono 20:01 btcdrak #meedingexit 20:01 wumpus #endmeeting 20:01 lightningbot Meeting ended Thu Nov 5 20:01:29 2015 UTC. Information about MeetBot at http://wiki.debian.org/MeetBot . 20:01 btcdrak #rekt 
submitted by G1lius to Bitcoin [link] [comments]

Bitmain Crap Coin (BCC) is done. Stick a fork in it! (pun intended)

This needs to be repeated: https://www.reddit.com/Bitcoin/comments/6pwxtu/bitrefill_will_automatically_dump_the_toxic_bcc/dktdoai/ The bigger issues with BCC are incompetent development and lack of infrastructure.
And, of course, for the last several days BIP148 UASF has been enjoying its well deserved 100% hashrate. (AKA SegWit)
I drink to the suicide of the 6th or 7th hard fork threat from the mining cartel.
Cheers gents!
submitted by xboox to Bitcoin [link] [comments]

[Q] Schnorr multi-signatures

I've been wandering through /bitcoin and I've seen that there is a bit of noise because some changes in the bitcoin prococol.
One of these is the substitution of actual ECDSA signing algorithm to Schnorr one. It is alleged that Schnorr signing algorithm allows "multi-signature", that is, if many participants sign the same message, instead of storing the full list of signatures, it is stored only one single signature which represent the signs of every participant. So, the system spares a lot of space.
I'm not sure if I understand mathematically the process. I do understand EC-maths including single Schnorr signature applied to EC, but I don't get clearly the full basis and implications of multi-sig.
My searches drive me to bitcoin sites, but I'd like to see a more fundamental and mathematical statement of the matter. The closest one I've seen is: https://github.com/sipa/secp256k1/blob/968e2f415a5e764d159ee03e95815ea11460854e/src/modules/schnorschnorr.md
May be people of /crypto can show me other resources.
TIA.
submitted by azenbugranto to crypto [link] [comments]

Bitcoin dev IRC meeting in layman's terms (2015-11-05)

Once again my attempt to summarize and explain the weekly bitcoin developer meeting in layman's terms. Link to last weeks summarization
On a personal note: I really don't like the fact someone pm'ed me telling me "a majority of bitcoiners have moved to btc", it's not (yet) true and comes across as very spammy. This combined with the tin-foiled hat people-bashing which seems to be popular makes me almost not want to join this community. I hope this can become like bitcoin, but with the freedom to discuss and mention any topic, not a mindless crusade against bitcoin, theymos, blockstream, etc.
Disclaimer
Please bear in mind I'm not a developer and I'd have problems coding "hello world!", so some things might be incorrect or plain wrong. Like any other write-up it likely contains personal biases, although I try to stay as neutral as I can. There are no decisions being made in these meetings, so if I say "everyone agrees" this means everyone present in the meeting, that's not consensus, but since a fair amount of devs are present it's a good representation. The dev IRC and mailinglist are for bitcoin development purposes. If you have not contributed actual code to a bitcoin-implementation, this is probably not the place you want to reach out to. There are many places to discuss things that the developers read, including this sub-reddit.
link to this week logs Meeting minutes by meetbot
Main topics discussed where:
Sigcache performance Performance goals for 0.12 transaction priority sigops flooding attack chain limits
Short topics/notes
Note: cfields, mcelrath and BlueMatt (and maybe more) missed the meeting because of daylight saving time.
Closing date for proposals for the scaling bitcoin workshop is the 9th.
Check to see if there are any other commits for the 0.11.2 RC. As soon as 6948 and 6825 are merged it seems good to go. We need to move fairly quick as there are already miners voting for CLTV (F2Pool). Also testnet is CLTV locked already and is constantly forking. 0.11.2 RC1 has been released as of today: https://bitcoin.org/bin/bitcoin-core-0.11.2/test/
Most of the mempool-limiting analysis assumed child-pays-for-parent, however that isn't ready for 0.12 yet, so we should think about possible abuses in context of the existing mining algorithm.
Because of time-constrains opt-in replace-by-fee has been deferred to next weeks meeting, but most people seem to want it in 0.12. sdaftuar makes a note that we need to make clear to users what they need to do if they don't want to accept opt-in transactions.
Sigcache performance
The signature cache, which is in place to increase performance (by not having to check the signature multiple times), and to mitigate some attacks currently has a default limit of 50 000 signatures. Sipa has a pull-request which proposes to: Change the limit from number of entries to megabytes Change the default to 40MB, which corresponds to 500 000 signatures Store salted hashes instead of full entries Remove entries that have been validated in a block
Sipa did benchmarks for various signature cache sizes on hitrate in blocks (how many of the cached signatures are in the block). The maximum sigcache size was 68MB, resulting in a 3% miss-rate. Some blocks though have extremely high miss rates (60%) while others have none. Likely caused by miners running different policies. Gmaxwell proposed to always run script verification for mempool transactions, even if these transactions get rejected into the mempool by the clients policy. The result of that is that even a 300MB sigcache size only gets down to 15% misses. So there's too much crap being relayed to keep any reasonable sized cache. Gmaxwell points out downsides to not checking any rejected transactions, namely: there are some DOS attacks possible, and you increase your misrate if you set a policy which is more restrictive than the typical network, which might result in a race to the bottom.
Sipa continues his work and seeks out other strategies
Performance goals for 0.12
Bitcoin-core 0.12 is scheduled for release December 1st.
Everybody likes to include secp256k1 ASAP, as it has a very large performance increase. Some people would like to include the sigcache pull-request, BIP30, modifyNewCoins and a createNewBlock rewrite if it's ready. Wumpus advises against merging last-minute performance improvements for 0.12.
Mentioned pull-requests should be reviewed, prioritizing CreateNewBlock
transaction priority
Each transaction is assigned a priority, determined by the age, size, and number of inputs. Which makes some transactions free.
Sipa thinks we should get rid of the current priority completely and replace it with a function that modifies fee or size of a transaction. There's a pull-request available that optimizes the current transaction priority, thereby avoiding the political debate that goes with changing the definition of transaction priority. Luke-jr thinks the old policy should remain possible.
Check to see if PR #6357 is safe and efficient enough.
sigops flooding attack
The number of ECDSA signature-checking operations or sigops is currently limited to 20 000 per block. This in order to prevent miners creating blocks that take ages to verify as those operations are time-consuming. You could however construct transactions that have a very high sigops count and since most miners don't take into account the sigops count they end up with very small blocks because the sigop limit is reached. This attack is described here.
Suggestion to take the number of sigops relative to the maximum blocksize into account with the total size. Meaning a 10k sigops transaction would currently be viewed as 500kB in size (for that single transaction, not towards the block). That suggestion would be easy to change in the mining code, but more invasive to try and plug that into everything that looks at feerate. This would also open up attacks on the mempool if these transactions are not evicted by mempool limiting. Luke-jr has a bytes-per-sigop limit, that filters out these attack transactions.
More analysis should be done, people seem fine with the general direction of fixing it.
chain limits
Chain in this context means connected transactions. When you send a transaction that depends on another transaction that has yet to be confirmed we talk about a chain of transactions. Miners ideally take the whole chain into account instead of just every single transaction (although that's not widely implemented afaik). So while a single transaction might not have a sufficient fee, a depending transaction could have a high enough fee to make it worthwhile to mine both. This is commonly known as child-pays-for-parent. Since you can make these chains very big it's possible to clog up the mempool this way. With the recent malleability attacks, anyone who made transactions going multiple layers deep would've already encountered huge problems doing this (beautifully explained in let's talk bitcoin #258 from 13:50 onwards) Proposal and github link.
sdaftuar's analysis shows that 40% of blocks contain a chain that exceeds the proposed limits. Even a small bump doesn't make the problem go away. Possible sources of these chains: a service paying the fees on other transactions (child-pays-for-parent), an iOS wallet that gladly spends unconfirmed change. A business confirms they use child-pays-for-parent when they receive bitcoins from an unspent chain. It is possible that these long chains are delivered to miners directly, in which case they wouldn't be affected by the proposed relay limits (and by malleability). Since this is a problem that needs to be addressed, people seem fine with merging it anyway, communicating in advance to let businesses think about how this affects them.
Merge "Policy: Lower default limits for tx chains" Morcos will mail the developer mailing list after it's merged.
Participants
morcos Alex Morcos gmaxwell Gregory Maxwell wumpus Wladimir J. van der Laan sipa Pieter Wuille jgarzik Jeff Garzik Luke-Jr Luke Dashjr phantomcircuit Patrick Strateman sdaftuar Suhas Daftuar btcdrak btcdrak jouke ??Jouke Hofman?? jtimon Jorge Timón jonasschnelli Jonas Schnelli 
Comic relief
20:01 wumpus #meetingend 20:01 wumpus #meetingstop 20:01 gmaxwell Thanks all. 20:01 btcdrak #exitmeeting 20:01 gmaxwell #nomeetingnonono 20:01 btcdrak #meedingexit 20:01 wumpus #endmeeting 20:01 lightningbot Meeting ended Thu Nov 5 20:01:29 2015 UTC. Information about MeetBot at http://wiki.debian.org/MeetBot . 20:01 btcdrak #rekt 
submitted by G1lius to btc [link] [comments]

EthereumCash★ETHC★Masternode - Pos★Payout 50% Profit To Holders★

Our Project is EthereumCash Coin not Token. We have our system, with our plan, we not clone or scam. Masternode and Payout profit every month to holders. And Our coin Symbol is ETHC not ECASH. Thanks! NOTE: 1. We dont make any Masternode. Masternode just for big holder with 50k coin. We dont want to have more masternode because more coin mined, price of ETHC will drop. This is coin of my company, more coin of us with more potetial will posted soon. Now more work to do. Thanks
  1. BIG EVENT will coming at 1 NOV when more potential coins of us end ICO and list on exchange. We will update information about our coins after 1 NOV. Very potential coins. We will payout Bounty at 18 OCT. Next payout will inform later.
BOUNTY REWARD will decrease soon. Let's GO. We must change some rule about rewards. New rule will better and make ETHC reach high value. Thanks
  1. Just only 4 mil ETHC on exchange, no more coin. We hold 73% premine to get profit from our project.
NEWS: * Today, our team will discuss about how to use money when ETHC sale on exchange, 50% want to share 50% profit to holders to make great project. But we must have more agree, hope we have good news soon.
Finally, Our team decide share 50% profit from sale ETHC on exchange for holders, hope all investors will hold ETHC to get BTC. Thanks.
https://www.emoneyspace.com/banner_stats.php?h=%2FkfqBZeXOos%3D https://www.emoneyspace.com/forum/index.php?action=profile;u=10955
We just payout 400 address quickly fill out form bounty on twitter, other must wait later . Thanks!
EthereumCash Project
What is EthereumCash ?
EthereumCash is an experimental new digital currency that enables anonymous, instant payments to anyone, anywhere in the world. EthereumCash uses peer-to-peer technology to operate with no central authority: managing transactions and issuing money are carried out collectively by the network. EthereumCash is a PoS-based cryptocurrency, and depend upon libsecp256k1 by sipa, the sources for which can be found here: https://github.com/bitcoin/secp256k1
EthereumCash is a project which was created in January 2017, launched by a group of Masters graduated in Technology Institutes of Hardware, Web Programming and CryptoCurrency. Currently, the project has 60 Antminer L3 + devices. EthereumCash was released to fund the development of the project, and using funds was a way to purchase new Antminer devices. The special issue is that we will pay EthereumCash holders 50% of the profits from the mining of us every 45 days since EthereumCash is listed on the exchange. On the other hand, our project is also interested in partners and is ready to collaborate by buying 30% EthereumCash and allowing us to use their existing Antminer devices with low fee. Our mining plan at the beginning of the project was to mine the coins to be issued or newly listed, with low difficult and then we waited and sold out at high prices beyond expectations. Besides, when we find the coin that we see has the potential for growth or high price expectations we will also bring all our equipment to mine those coin. We are young with a dynamic creativity, willing to devote as much to the success and development of the company.
EthereumCash Details
Coin Name : EthereumCash Coin abbreviation : ETHC Coin Type : Full POS Algorith : SHA256 Total Coin Supply : 100 Million Premine : 15% (15 Million) Masternode Rewards : 60% Stake : 10 ETHC Minimum Stake Age : 8 hours Number of confirmation : 10 For more information, as well as an immediately useable, binary version of the EthereumCash Core software, see https://ethereumcash.io
Premine Distribution
Our Company : 50% Dev Team : 23% ( 73% not allow to sale, just hold and get profit) Sale on Exchange : 20% Bounty & Airdrop : 7% (1.050.000 Coins)
How to mine ?
You can buy some coins and stake them to get rewards. More coins more rewards. Masternode require 50k coins. It just for big holders, we dont want to make more masternode because more reward, easy to get reward, price of coin will drop more. But with payout 50% profit from our mining, we hope ETHC will rise up for along term.
Download wallet ?
Download your EthereumCash wallet for free. This wallet protects your EthereumCash and stores it securely. You can use this wallet for all kind of EthereumCash transactions.
Windows wallet: (we check our wallet on virustotal,it 's negative alert. Dont worried. thanks) https://github.com/ethereumcashdev/ethereumcash/files/1385162/ethereumcash-qt-windows.zip
Linux wallet: (please install libdb5.1++ before run linux wallet by command apt-get install libdb5.1++) https://github.com/ethereumcashdev/ethereumcash/files/1384405/ethereumcash-qt-linux.zip
MacOSX wallet: https://github.com/ethereumcashdev/ethereumcash/files/1390116/ethereumcash-qt-macosx.zip
Our Website
https://ethereumcash.io
Block Explorer
https://explorer.ethereumcash.io
Exchange
Coming soon next week
Our coins
We will post some Our potential coins soon...
How to config masternode
Maternode is running, please check https://explorer.ethereumcash.io
Code: Step 1: getnewaddress 0
Save: E7udTdWf49RkPfbiQuVgEvK1U96pqETH7i 
Step 2: Send 50.000 ETHC coin to your masternode address (EWb9GpJptZ5ywdybAdSSGm1mALkKBD46Ev)
Step 3: masternode genkey
Save: 12a54351ffd564ccbcac47a1571e1fbd52d7dba855680b5f5ca28d0e6741df4c 
Step 4: masternode outputs
Save: { "ce450aa1fbaaa5689b6836bde326d2b3cbc818947c6d14e2e377a0aa719159b5" : "0" } 
Step 5: add below to windows wallet config port=8888 masternode=1 masternodeaddr=185.44.145.34:8888 (Ip of masternode VPS) masternodeprivkey=12a54351ffd564ccbcac47a1571e1fbd52d7dba855680b5f5ca28d0e6741df4c
Bounty: 200 ETHC to build MacOSx wallet, we have more task with high priority as make guide for masternode, invest tool and no more users use MacOSx. Thanks
https://i.imgur.com/J3DrMgs.png https://i.imgur.com/TCTRXUq.png https://i.imgur.com/fC8Yu2c.png https://i.imgur.com/z38FcFJ.png https://i.imgur.com/iXpb3WO.png https://i.imgur.com/mmej68L.png https://i.imgur.com/hjUFEfG.png https://i.imgur.com/cdglnPr.png https://i.imgur.com/97qyONt.png https://i.imgur.com/70hms4P.png
Twitter bounty Campaign Rules: 1- Each member is to make positive post about the EthereumCash project with #ethereumcashdev #ethereumcash #ETHC 2- Each member should follow official EthereumCash twitter page. This is office twitter page: https://twitter.com/ethereum_cash 3- How many ETHC per post ? under 1000 followers -> 10 ETHC under 2000 followers -> 20 ETHC ...... under 50000 followers -> 500 ETHC ..... 4- Fill out this form https://docs.google.com/forms/d/1p2AjsIDwlY2xoKejYj4t-P0HLw2O7YQJodmuWFobj5Q
Slack bounty Campaign
1- When you register your slack account at this link https://ethereumcash.herokuapp.com and make a positive comment on slack, you will receive 10 ETHC. 2- Fill out this form https://docs.google.com/forms/d/14Z039UoLJ7sfr66OI0CvIrySRZyxmSlw9vsseIKHUlY
submitted by EthereumCash to EthereumCash [link] [comments]

[Meta] Re: Bitcoin Core 0.13.2 released | Luke Dashjr | Jan 07 2017

Luke Dashjr on Jan 07 2017:
I don't think release announcements are really appropriate for the bitcoin-dev
mailing list. People who want these can subscribe to the bitcoin-core-dev list
and/or the Core announce mailing list. Maybe sending to bitcoin-discuss would
also make sense, but not bitcoin-dev...
Luke
On Tuesday, January 03, 2017 8:47:36 AM Wladimir J. van der Laan via bitcoin-
dev wrote:
Bitcoin Core version 0.13.2 is now available from:
https://bitcoin.org/bin/bitcoin-core-0.13.2/
Or by bittorrent:
magnet:?xt=urn:btih:746697d03db3ff531158b1133bab5d1e4cef4e5a&dn=bitcoin-co
re-0.13.2&tr=udp%3A%2F%2Ftracker.openbittorrent.com%3A80%2Fannounce&tr=udp%
3A%2F%2Ftracker.publicbt.com%3A80%2Fannounce&tr=udp%3A%2F%2Ftracker.ccc.de%
3A80%2Fannounce&tr=udp%3A%2F%2Ftracker.coppersurfer.tk%3A6969&tr=udp%3A%2F%
2Ftracker.leechers-paradise.org%3A6969&ws=https%3A%2F%2Fbitcoin.org%2Fbin%2
F
This is a new minor version release, including various bugfixes and
performance improvements, as well as updated translations.
Please report bugs using the issue tracker at github:
https://github.com/bitcoin/bitcoin/issues
To receive security and update notifications, please subscribe to:
https://bitcoincore.org/en/list/announcements/join/
Compatibility

Microsoft ended support for Windows XP on [April 8th,
2014](https://www.microsoft.com/en-us/WindowsForBusiness/end-of-xp-support
), an OS initially released in 2001. This means that not even critical
security updates will be released anymore. Without security updates, using
a bitcoin wallet on a XP machine is irresponsible at least.
In addition to that, with 0.12.x there have been varied reports of Bitcoin
Core randomly crashing on Windows XP. It is [not
clear](https://github.com/bitcoin/bitcoin/issues/7681#issuecomment-2174398
91) what the source of these crashes is, but it is likely that upstream
libraries such as Qt are no longer being tested on XP.
We do not have time nor resources to provide support for an OS that is
end-of-life. From 0.13.0 on, Windows XP is no longer supported. Users are
suggested to upgrade to a newer version of Windows, or install an
alternative OS that is supported.
No attempt is made to prevent installing or running the software on Windows
XP, you can still do so at your own risk, but do not expect it to work: do
not report issues about Windows XP to the issue tracker.
From 0.13.1 onwards OS X 10.7 is no longer supported. 0.13.0 was intended
to work on 10.7+, but severe issues with the libc++ version on 10.7.x keep
it from running reliably. 0.13.1 now requires 10.8+, and will communicate
that to 10.7 users, rather than crashing unexpectedly.
Notable changes

Change to wallet handling of mempool rejection
When a newly created transaction failed to enter the mempool due to
the limits on chains of unconfirmed transactions the sending RPC
calls would return an error. The transaction would still be queued
in the wallet and, once some of the parent transactions were
confirmed, broadcast after the software was restarted.
This behavior has been changed to return success and to reattempt
mempool insertion at the same time transaction rebroadcast is
attempted, avoiding a need for a restart.
Transactions in the wallet which cannot be accepted into the mempool
can be abandoned with the previously existing abandontransaction RPC
(or in the GUI via a context menu on the transaction).
0.13.2 Change log

Detailed release notes follow. This overview includes changes that affect
behavior, not code moves, refactors and string updates. For convenience in
locating the code changes and accompanying discussion, both the pull
request and git merge commit are mentioned.

Consensus

  • #9293 e591c10 [0.13 Backport #9053] IBD using chainwork instead of
height and not using header timestamp (gmaxwell) - #9053 5b93eee IBD
using chainwork instead of height and not using header timestamps
(gmaxwell)

RPC and other APIs

  • 8845 1d048b9 Don't return the address of a P2SH of a P2SH (jnewbery)

  • 9041 87fbced keypoololdest denote Unix epoch, not GMT

(s-matthew-english) - #9122 f82c81b fix getnettotals RPC description
about timemillis (visvirial) - #9042 5bcb05d [rpc] ParseHash: Fail when
length is not 64 (MarcoFalke) - #9194 f26dab7 Add option to return
non-segwit serialization via rpc (instagibbs) - #9347 b711390 [0.13.2]
wallet/rpc backports (MarcoFalke)
  • #9292 c365556 Complain when unknown rpcserialversion is specified
(sipa) - #9322 49a612f [qa] Don't set unknown rpcserialversion
(MarcoFalke)

Block and transaction handling

  • 8357 ce0d817 [mempool] Fix relaypriority calculation error (maiiz)

  • 9267 0a4aa87 [0.13 backport #9239] Disable fee estimates for a confirm

target of 1 block (morcos) - #9196 0c09d9f Send tip change notification
from invalidateblock (ryanofsky)

P2P protocol and network code

  • #8995 9ef3875 Add missing cs_main lock to ::GETBLOCKTXN processing
(TheBlueMatt) - #9234 94531b5 torcontrol: Explicitly request RSA1024
private key (laanwj) - #8637 2cad5db Compact Block Tweaks (rebase of

8235) (sipa)

  • #9058 286e548 Fixes for p2p-compactblocks.py test timeouts on travis
(#8842) (ryanofsky) - #8865 4c71fc4 Decouple peer-processing-logic from
block-connection-logic (TheBlueMatt) - #9117 6fe3981 net: don't send
feefilter messages before the version handshake is complete (theuni) -

9188 ca1fd75 Make orphan parent fetching ask for witnesses (gmaxwell) -

9052 3a3bcbf Use RelevantServices instead of node_network in

AttemptToEvict (gmaxwell) - #9048 9460771 [0.13 backport #9026] Fix
handling of invalid compact blocks (sdaftuar) - #9357 03b6f62 [0.13
backport #9352] Attempt reconstruction from all compact block
announcements (sdaftuar) - #9189 b96a8f7 Always add
default_witness_commitment with GBT client support (sipa) - #9253
28d0f22 Fix calculation of number of bound sockets to use (TheBlueMatt)
  • #9199 da5a16b Always drop the least preferred HB peer when adding a
new one (gmaxwell)

Build system

  • 9169 d1b4da9 build: fix qt5.7 build under macOS (theuni)

  • 9326 a0f7ece Update for OpenSSL 1.1 API (gmaxwell)

  • 9224 396c405 Prevent FD_SETSIZE error building on OpenBSD (ivdsangen)

GUI

  • #8972 6f86b53 Make warnings label selectable (jonasschnelli)
(MarcoFalke) - #9185 6d70a73 Fix coincontrol sort issue (jonasschnelli)
  • #9094 5f3a12c Use correct conversion function for boost::path datadir
(laanwj) - #8908 4a974b2 Update bitcoin-qt.desktop (s-matthew-english)
  • #9190 dc46b10 Plug many memory leaks (laanwj)

Wallet

  • #9290 35174a0 Make RelayWalletTransaction attempt to AcceptToMemoryPool
(gmaxwell) - #9295 43bcfca Bugfix: Fundrawtransaction: don't terminate
when keypool is empty (jonasschnelli) - #9302 f5d606e Return txid even
if ATMP fails for new transaction (sipa) - #9262 fe39f26 Prefer coins
that have fewer ancestors, sanity check txn before ATMP (instagibbs)

Tests and QA

  • #9159 eca9b46 Wait for specific block announcement in p2p-compactblocks
(ryanofsky) - #9186 dccdc3a Fix use-after-free in scheduler tests
(laanwj)
  • #9168 3107280 Add assert_raises_message to check specific error message
(mrbandrews) - #9191 29435db 0.13.2 Backports (MarcoFalke)
  • 9077 1d4c884 Increase wallet-dump RPC timeout (ryanofsky)

  • 9098 ecd7db5 Handle zombies and cluttered tmpdirs (MarcoFalke)

  • 8927 387ec9d Add script tests for FindAndDelete in pre-segwit and

segwit scripts (jl2012) - #9200 eebc699 bench: Fix subtle counting issue
when rescaling iteration count (laanwj)

Miscellaneous

  • #8838 094848b Calculate size and weight of block correctly in
CreateNewBlock() (jnewbery) - #8920 40169dc Set minimum required Boost
to 1.47.0 (fanquake)
  • #9251 a710a43 Improvement of documentation of command line parameter
'whitelist' (wodry) - #8932 106da69 Allow bitcoin-tx to create v2
transactions (btcdrak) - #8929 12428b4 add software-properties-common
(sigwo)
  • #9120 08d1c90 bug: Missed one "return false" in recent refactoring in

9067 (UdjinM6) - #9067 f85ee01 Fix exit codes (UdjinM6)

  • 9340 fb987b3 [0.13] Update secp256k1 subtree (MarcoFalke)

  • 9229 b172377 Remove calls to getaddrinfo_a (TheBlueMatt)

Credits

Thanks to everyone who directly contributed to this release:
  • Alex Morcos
  • BtcDrak
  • Cory Fields
  • fanquake
  • Gregory Maxwell
  • Gregory Sanders
  • instagibbs
  • Ivo van der Sangen
  • jnewbery
  • Johnson Lau
  • Jonas Schnelli
  • Luke Dashjr
  • maiiz
  • MarcoFalke
  • Masahiko Hyuga
  • Matt Corallo
  • matthias
  • mrbandrews
  • Pavel Janík
  • Pieter Wuille
  • randy-waterhouse
  • Russell Yanofsky
  • S. Matthew English
  • Steven
  • Suhas Daftuar
  • UdjinM6
  • Wladimir J. van der Laan
  • wodry
As well as everyone that helped translating on
Transifex.
bitcoin-dev mailing list
bitcoin-dev at lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
original: https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-January/013442.html
submitted by dev_list_bot to bitcoin_devlist [link] [comments]

Bitcoin Core 0.13.2 released | Wladimir J. van der Laan | Jan 03 2017

Wladimir J. van der Laan on Jan 03 2017:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Bitcoin Core version 0.13.2 is now available from:
https://bitcoin.org/bin/bitcoin-core-0.13.2/
Or by bittorrent:
magnet:?xt=urn:btih:746697d03db3ff531158b1133bab5d1e4cef4e5a&dn;=bitcoin-core-0.13.2&tr;=udp%3A%2F%2Ftracker.openbittorrent.com%3A80%2Fannounce&tr;=udp%3A%2F%2Ftracker.publicbt.com%3A80%2Fannounce&tr;=udp%3A%2F%2Ftracker.ccc.de%3A80%2Fannounce&tr;=udp%3A%2F%2Ftracker.coppersurfer.tk%3A6969&tr;=udp%3A%2F%2Ftracker.leechers-paradise.org%3A6969&ws;=https%3A%2F%2Fbitcoin.org%2Fbin%2F
This is a new minor version release, including various bugfixes and
performance improvements, as well as updated translations.
Please report bugs using the issue tracker at github:
https://github.com/bitcoin/bitcoin/issues
To receive security and update notifications, please subscribe to:
https://bitcoincore.org/en/list/announcements/join/
Compatibility

Microsoft ended support for Windows XP on April 8th, 2014,
an OS initially released in 2001. This means that not even critical security
updates will be released anymore. Without security updates, using a bitcoin
wallet on a XP machine is irresponsible at least.
In addition to that, with 0.12.x there have been varied reports of Bitcoin Core
randomly crashing on Windows XP. It is not clear
what the source of these crashes is, but it is likely that upstream
libraries such as Qt are no longer being tested on XP.
We do not have time nor resources to provide support for an OS that is
end-of-life. From 0.13.0 on, Windows XP is no longer supported. Users are
suggested to upgrade to a newer version of Windows, or install an alternative OS
that is supported.
No attempt is made to prevent installing or running the software on Windows XP,
you can still do so at your own risk, but do not expect it to work: do not
report issues about Windows XP to the issue tracker.
but severe issues with the libc++ version on 10.7.x keep it from running reliably.
0.13.1 now requires 10.8+, and will communicate that to 10.7 users, rather than crashing unexpectedly.
Notable changes

Change to wallet handling of mempool rejection
When a newly created transaction failed to enter the mempool due to
the limits on chains of unconfirmed transactions the sending RPC
calls would return an error. The transaction would still be queued
in the wallet and, once some of the parent transactions were
confirmed, broadcast after the software was restarted.
This behavior has been changed to return success and to reattempt
mempool insertion at the same time transaction rebroadcast is
attempted, avoiding a need for a restart.
Transactions in the wallet which cannot be accepted into the mempool
can be abandoned with the previously existing abandontransaction RPC
(or in the GUI via a context menu on the transaction).
0.13.2 Change log

Detailed release notes follow. This overview includes changes that affect
behavior, not code moves, refactors and string updates. For convenience in locating
the code changes and accompanying discussion, both the pull request and
git merge commit are mentioned.

Consensus

RPC and other APIs

Block and transaction handling

P2P protocol and network code

Build system

GUI

Wallet

Tests and QA

Miscellaneous

Credits

Thanks to everyone who directly contributed to this release:
As well as everyone that helped translating on Transifex.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBCgAGBQJYa2IbAAoJEHSBCwEjRsmmiQsIALbkHVVwO7nViQKH1Ub2qpD4
TplOuAP0/4vYotizuI12Gqdnu8SjPmhKwAgIXhVinE6TS4OzGNjy+6LtWGzpcpud
B1pcziZ72Mlfxdbdd1UhDMWEjoBumS9RmXMSqzTlMVlHRv4iiISzdaAROu1jHvdF
YTsnmKXB8OvcXOecxRMY9LrnpSzLALM2MYTDmYwlhhExHIA8ZqI2niky6GCfyfDi
KD7bgfIFJzlgFTpAdhQXOXtWoRV5iHqN7T29ot8Y+yIhVCRhHYXS93Z50GKbkqYV
MXsVAkpZF3qqcKYSPFjbif7faMdrMqcEiII6QhXdDTRGI/35IfuTDbWzzQlnVyY=
=ncCY
-----END PGP SIGNATURE-----
original: https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-January/013412.html
submitted by dev_list_bot to bitcoin_devlist [link] [comments]

Bitcoin is going to rule the world! here's why ->

https://github.com/sipa/secp256k1/tree/mastesrc
^ There's the code! Available for ALL to review and critique. Peer review on steroids and MIT licensed.
Us humans have been trusting computers for one major function since the 70s, a receipt for a transaction with a unique number to independently identify it. That's all Bitcoin is. Only difference, it's got a stock ticker assigned to it now.
Bitcoin isn't big, Bitcoin is fucking massive!
submitted by tunage to Bitcoin [link] [comments]

Bitcoin 101 Elliptic Curve Cryptography Part 4 Generating the Public Key in Python Blockchain tutorial 11: Elliptic Curve key pair generation ECC secp256k1 full java Attacks Against Bitcoin And The Cryptocurrency Space Bitcoin 101 - Elliptic Curve Cryptography - Part 4 - Generating the Public Key (in Python)

Optimized C library for EC operations on curve secp256k1. This library is a work in progress and is being used to research best practices. Use at your own risk. Features: secp256k1 ECDSA signing/verification and key generation. Adding/multiplying private/public keys. Serialization/parsing of private keys, public keys, signatures. Covert ECDH over secp256k1. If ECDH is used to establish a shared session secret for an encrypted connection, two elliptic curve points need to be transmitted (one in each direction) before encryption starts. It's been 1.5 years since our secp256k1 subtree was updated, while the upstream project has undergone a number of incremental improvements (performance, tests, build system fixes), plus gained the groundwork for batch verification. As we're early in the 0.19 window, this seems like a good time to get these merged. However, for the secp256k1 curve, the order is sufficiently close to 2 256 that this bias is not observable (1 - n / 2 256 is around 1.27 * 2-128). Acknowledgements This document is the result of many discussions around Schnorr based signatures over the years, and had input from Johnson Lau, Greg Maxwell, Andrew Poelstra, Rusty Russell, and Bitcoin Core should also work on most other Unix-like systems but is not as frequently tested on them. It is not recommended to use Bitcoin Core on unsupported systems. From Bitcoin Core 0.20.0 onwards, macOS versions earlier than 10.12 are no longer supported.

[index] [28917] [4727] [739] [20661] [23433] [13244] [16157] [1490] [18515] [2991]

Bitcoin 101 Elliptic Curve Cryptography Part 4 Generating the Public Key in Python

If you've been wondering about the secp256k1 (arguably the most important piece of code in Bitcoin), well then this is the video for you. This is part 4 of our upcoming series on Elliptic Curves. Bitcoin makes use of two hashing functions, SHA-256 and RIPEMD-160, but it also uses Elliptic Curve DSA on the curve secp256k1 to perform signatures. The C++ implementation uses a local copy of ... Bitcoin released as open source software in 2009 is a cryptocurrency invented by Satoshi Nakamoto (unidentified person or group of persons). After the introduction of Bitcoin many Bitcoin ... In diesem Tutorial behandeln wir den Schlüsselstandard von Bitcoin. Früherer Zugang zu Tutorials, Abstimmungen, Live-Events und Downloads https:/... Bitcoin has traditionally used ECDSA signatures over the secp256k1 curve for authenticating transactions. These are standardized, but have a number of downsi...

Flag Counter