How come output value( The total value of all transaction outputs per day ) of bitcoin has stayed basically the same ( https://www.blockchain.com/charts/output-volume?timespan=all&daysAverageString=7 ) for so long and not actually grow as more bitcoins are mined? I did some googling and it doesnt seem to be talked about and to me it seems like it should weird bitcoin-holders out, it would for me atleast if I had bought into the scheme.... Just looked through stats and it looked odd, maybe I'am just retarded, let me know.
The ‘Trilemma’ of Blockchain space - Scalability, Security, and Decentralization - are the three things every blockchain is trying to solve simultaneously. But it’s easier said than done, as proven by the scalability issue faced by Ethereum. Higher scalability transcends to higher market adoption. This is where Cardano and Algorand have come into the picture. They have their similarities and differences that seem to work for them for now. Rather than telling you which one has more potential, it’s better to present the entire case and let you decide how they fare against each other.
Star Player of the Team
Anyone would agree that having a renowned and accomplished team player always gives a boost to the project.
Cardano’s Charles Hoskinson
If the name seems familiar, that’s because he is also the co-founder of Ethereum. A tech entrepreneur and mathematician with an interest in analytic number theory, Charles Hoskinson moved into blockchain space in 2013. He co-developed the Ethereum blockchain with Vitalik Buterin before leaving the project in June 2014. Hoskinson joined crypto and blockchain research firm IOHK to develop Cardano and since then has sponsored various blockchain research labs at the Tokyo Institute of Technology and the University of Edinburgh. He also founded Invictus Innovations. Hoskinson was the founding chairman of the education committee of the Bitcoin Foundation and established the Cryptocurrency Research Group in 2013. His current focus lies in educating people on the use of crypto and decentralization.
Algorand’s Silvio Micali
Unlike the innovators of other blockchain projects, Silvio Micali is already a famous name in cryptography long before he started developing Algorand. Deemed as one of the top cryptographers, he is a recipient of the prestigious Turing Award in 2012 and RSA prize for cryptography, Gödel Prize (theoretical computer science) in 1993, and ACM fellowship in 2017. Micali’s work spans around public-key cryptosystems, pseudorandom functions, digital signatures, oblivious transfer, and secure multi-party computation among others. In 1989, he co-invented Zero-Knowledge Proofs with Shafi Goldwasser and Charles Rackoff. He also developed Peppercoin, a cryptographic system for processing micropayments. A professor at MIT’s electrical engineering and computer science department since 1983, Silvio Micali is also working as a computer scientist at MIT Computer Science and Artificial Intelligence Laboratory. His doctoral students include Shai Halevi, Mihir Bellare, Rafail Ostrovsky, Bonnie Berger, Rafael Pass, Chris Peikert, and Phillip Rogaway - each renowned in their respective fields.
Project Partners and Collaborators
For any business, partnerships and collaborations are the most important aspect since they drive growth and innovation.
Cardano has formed 17 partnerships so far that either enhance its capabilities or grow its business.
Metaps Plus: To integrate the ADA coins into the MeTaps Plus, South Korea’s one of the largest mobile payment platforms.
IBM Research: For a software distribution project commissioned by the European Union.
PriceWaterhouseCoopers (PwC): To develop a new commercial strategy, probably to bring enterprise users to Cardano.
New Balance: All customers can authenticate the footwear purchases on the Cardano blockchain.
SIRIN LABS: To integrate the Cardano blockchain in their blockchain smartphone FINNEY and its SIRIN OS.
Konfidio: To drive the adoption of the blockchain business model platform among corporations and governments.
Algoz: To offer liquidity solutions and trading solutions for its native ADA token.
Priviledge: To study and publish decentralized software updates Priviledge is a consortium of renowned companies and scientific universities with the European Union.
South Korea Government-Approved Trade Associations:Signed two MoUs with Korea Mobile Game Association (KMGA) and Korea Blockchain Contents Association (KBCCA) to implement Cardano for Korean mobile gaming and digital content.
Ethiopian Government: To develop a new digital payment system and combine it with identity cards using its Atala blockchain framework.
Georgian Government: Signed MoU to implement Cardano blockchain-enabled projects across education, business, and government services.
Cardano’s other major partnership includes Z/Yen Group’s Distributed Futures practice, COTI Network, and Ellipal Hardware.
Algorand’s innovativeness and potential to be the blockchain leader has helped it bag a plethora of valuable partnerships across the world. Here are a few partnerships out of the 17 -
International Blockchain Monetary Reserve (IBMR): To launch the Southeast Asia Microfinance Platform and create a stablecoin called Asia Reserve Currency Coin (ARCC) to encourage financial inclusion in Southeast Asia.
SFB Technologies: To build the infrastructure to create a CBDC (central bank digital currency) dubbed ‘SOV’ for the Marshall Islands.
Meld: To tokenize gold and track it over the supply chain using stablecoin for the Australian gold industry.
Caratan: To build financial tools and products to promote Fintech adoption at an institutional level.
Italian Society of Authors and Publishers (SIAE): To develop copyright management tools and services.
DUST Identity: To authenticate physical objects and validate transactions over the blockchain.
AssetBlock: A real estate startup launched its tokenized property investment platform on Algorand
PlanetWatch: Focused on environmental monitoring, the first "CERN Spin-off " labeled organization is building the world's first immutable air quality ledger on the Algorand blockchain using IoT technologies.
Other major partnerships include World Chess - the commercial arm of the World Chess Federation, Big Data company Syncsort, and Tether.
Both Cardano and Algorand use PoS or Proof of Stake consensus mechanism at their heart, but that’s where the similarity ends. Each of them has its own spin to it. In the PoS mechanism, a person can validate a block depending on how many stakes or coins he holds. The stake quantity determines the amount of mining power one has. So how does each of them differ?
Cardano’s version is called Ouroboros PoS.
Cardano allows stakeholders to pool their resources together in a single ‘stake pool’, thus delegating their stakes to the pool. This is because every elected stakeholder may not have the expertise to create blocks.
The physical timeline is divided into small blocks called ‘epochs’ that are made up of fixed slots. These epochs are cyclic.
Each such epoch consists of a set of pooled stakeholders.
While the endorsers are elected depending on the weight of the number of stakes held by them, a slot leader (for every epoch) is randomly chosen by a digital coin toss among stakeholders. When the endorsers approve the blocks produced by slot leaders, it gets added to the blockchain.
The slot leader also selects the slot leader for the next epoch through the ‘coin toss’.
Note that having a higher stake increases the probability of getting elected.
Currently, the list of validators is fixed and the succession is known beforehand.
With the launch of the Shelley mainnet, Cardano plans to remove the above issue. But this will be a hard fork. Here, the community will decide on block validators through staking.
The version Algorand uses is called PPoS (Pure Proof of Stake) consensus mechanism.
PPoS randomly selects a token holder as a block producer.
The proposed block gets approved by a committee of 1000 randomly selected token owners and then added to the blockchain.
The algorithm runs a cryptographically verifiable lucky draw over all the accounts to randomly select committee members as well as the block proposer.
This means the identities of the participants are unknown until the blocks are added to the chain.
This selection does not depend on the stake size of the nodes at all.
PPoS runs this lottery process in complete isolation with other nodes in the network.
The completely randomized election and secret identities of the committee members drastically reduce the chances of any foul playing within the network. As the number of users grows, the network gets stronger and more secure. Algorand’s PPoS has embraced a more egalitarian ecosystem to negate the wealth gap present in traditional PoS.
Currently, Cardano offers 50-250 TPS. But with incorporating sharding technology in its Ouroboros Hydra version, the scalability can increase to one million TPS theoretically. The processing speed will increase as more users or nodes join the network.
In Algorand, every lottery takes just a microsecond to run. Since such lotteries run independently of each other, multiple lotteries can run simultaneously. This inherently makes PPoS highly scalable. The mainnet itself has the capability to handle 1000 TPS.
Both Cardano and Algorand have sound tech and teams that believe in extensive research and meticulously designed products. Having an early start, there’s no denying that Cardano has established itself in a superior position thanks to the technological achievement, consistency, and transparency it has showcased. But with Algorand’s ecosystem growing fast, the competition has intensified. Algorand’s aim to bring full transparency, technological innovation, and successful partnerships just within a year have made it a prime challenger to Cardano. While referring to Algorand, Cardano chief Hoskinson voiced similar opinion - “... they are another one of the science coins and we all kind of support each other. Even though we get academically competitive, we're able to reference each other's work and learn from each other and grow from each other.”
Bitcoin To Reach $397,000 By 2030 According To A Crypto Research Report
Researchers Also Predicted Ethereum To Reach Prices Of Over $3,600 By 2030 The latest report by CryptoReseach made a shocking price prediction that Bitcoin, the world’s largest cryptocurrency by market cap, would be over $397,000 by 2030. The researchers also noted that the price movement of the altcoin sector would closely follow Bitcoin. Interestingly, researchers noted that the biggest price surge would be in the following five years, with another five years of steady price increases. Researchers believe that Bitcoin “is still in its early phase of mass adoption”, as the crypto leader is only working with 0,44% of its potential addressable market. “If Bitcoin manages to penetrate and reach 10% of its potential market, we are seeing non-discounted prices of $400,000 per Bitcoin”, the report stated. The CryptoResearch team also took one of the best-performing cryptocurrencies into account. It turns out that Ethereum (ETH) is anticipated to grow ten-fold over the course of the next five years, Litecoin (LTC) would surge from its present $83 price point to $2,252 by 2030. The report also includes Bitcoin Cash (BCH) and Stellar (XLM). The price increases mean that Bitcoin would up its price by 4,000% by 2030, while Ethereum, Litecoin, and Bitcoin Cash would see a price increase of 1,600%, 5,000%, and 5,400%, respectively. Stellar, however, is set to gain the most, with an 11,000% total price increase by 2030. Source: Crypto Research The research company used the Target Addressable Market (TAM) metric, which is used to “determine the implied future price of crypto assets.” The researchers explained that they use numerous metrics to derive their predictions, such as tax evasion, remittance, store of value, micropayments, online transactions, online loans and gambling, crypto trading, and others. CryptoResearch also noted that the off-chain velocity of the researched crypto assets is increasing, as opposed to their on-chain velocity numbers. Off-chain velocity is referred to as trading on crypto exchanges, while the on-chain velocity is a measure of the amount of transaction on a given blockchain. For instance, Bitcoin’s off-chain velocity and the price moved almost simultaneously. https://preview.redd.it/i0vo86uulu751.jpg?width=1300&format=pjpg&auto=webp&s=cba4cd3dde364869d747a88b3229e6c4e39e5833 “If cryptos see mass adoption in the long run, as well as short-run speculative or retail usage, their prices will definitely go up. However, the increase in off-chain velocity means cryptocurrencies are primarily used as speculation assets, rather than a store of value.” The researchers concluded.
Increase Nano Projects and Developer Resources | Among other ideas
To increase adoption I think marketing should be focused on two things and only enacted once they've somewhat been fulfilled. Otherwise Nano is just some weird version of Bitcoin and doesn't have much use. Alternative platforms improved by Nano and how developers can build on Nano. While these both are very intertwined I do think they should be separated. For the first one we simply need more projects for people to use. The build off was a great start but I think we need to go futher. There needs to be alternatives to products that exists but are clearly not only enhanced by better because of Nano. Take for instance Venmo. The whole idea is making it easy, cheap, and fast to send money to people you know. Of course at the moment PayPal charges a fee for the ability to send money fast, it is also locked to the United States, and finally has privacy issues. Now if a wallet was created that makes it easy to buy Nano, has human readable addresses, makes tax compliance simple, allow businesses to use it, and with some marketing we could have a real Venmo competitor. Now of course Venmo was just one example but this could be applied to many things such as Ecommerce, micropayments, etc. Take Ecommerce for example. Besides just creating an easy way to integrate with the major self hosted platforms there could be an alternative to Ebay/Amazon but prices would be slighty discounted (2% or something) if you used Nano instead of a Debt/Credit Card. As the sellers wouldn't be losing profit fees and wouldn't have to worry about charge backs. Along with this Nano cash back programs could exist on these platforms. My point is we need alternative online platforms to the major ones today (Reddit, YouTube, Facebook, PayPal, etc.) that are improved by Nano. (Side Note: Making a list of platforms that could be improved by Nano with a bounty for creating said platforms would be a good start for something like this.) Once we have those platforms then use marketing to focus on why they're better and people should use them. Otherwise Nano is just a feeless currency which exists in the form of debit cards. (For the users not the business accepting said debit cards.) For my second point Nano development needs some sort of really well written tutorial (written or in video format) that teaches viewers how to create various projects and everything else we can about Nano. This would greatly speed up adoption as developers would be able to master Nano much faster then they are now. With this there should be a library/suite of well documented tools to help create projects quicker. Also how cool would it be if there was some sort of Nano magazine that teaches developers and enthusiasts how to build random projects. That would help a lot with creating an active community. Finally developers they need an incentive. That's why I think creating some sort of foundation and or a permanent build off would be a boon to Nano. As mass innovation would be encouraged. These could be funded through user nano donations. Something similar to a Pateron where we'd all donate x-amount and get name recognition if we wanted too. This would be a crazy boost to community involvement and adoption. Also If the price could be stabilized that would also help. All of these would drive adoption because they drive interest and use. TLDR: Create better developer resources and a couple alternatives to major online services. Then spend the budget on marketing those in the their respective circles.
https://preview.redd.it/tb8bvi3nec351.png?width=1920&format=png&auto=webp&s=2c02d9d52f7b00d460ad0ccf87d069e1fc2d31b2 The First layer scaling solution is comprised of 3 different scaling mechanisms: · Sharding · Hard fork · SegWit In my last two articles, I have already covered Hard Fork and Sharding. So here in this article, I will focus on the last scaling solution i.e SegWit. What is SegWit? SegWit stands for Segregating Witness i.e separating the signatures from the transactions. In this process, certain parts of a transaction are removed, which will free up space so that more transactions can be added to the chain. The idea behind using this method is to overcome the block size limit of blockchain transactions. In simple terms, SegWit changed the way data are stored, therefore helping the Bitcoin network to run faster and more smoothly.
It was suggested as a soft fork change in the transaction format of Bitcoin in the Bitcoin Improvement Proposal number BIP141.
Problem Statement In the Bitcoin platform, Blocks are getting generated every 10 minutes and are constrained to a maximum size of 1 megabyte (MB). As the number of transactions is increasing, more blocks need to be added to the chain. But due to the block size constraint, only a certain number of transactions can be added to a block. The weight of the transactions can cause delays in processing and verifying transactions. Sometimes, it takes hours to confirm a transaction as valid. This can slow down further when the network is busy. The Solution To overcome the block size limit issue and to enhance the transaction speed, the transaction is divided into two segments. Removing the unlocking signature (witness) from the original portion and appending it as a separate structure at the end. The original portion will still have the sender and receiver data, and the new "witness" structure would contain scripts and signatures. The original data segment would be counted normally, but the new "witness" segment becomes one-fourth of its original size.
Digital signature accounts for 65% of the space in a given transaction.
SegWit is backward compatible, which means nodes that are updated with the SegWit Bitcoin protocol can still work with nodes that haven’t been updated. SegWit measures blocks by block weight. The formula used to calculate block weight: (tx size with witness data stripped) * 3 + (tx size) Since segregated witness creates a sidechain where witness data is stored, it prevents transaction IDs from being altered by dishonest users. It also addresses signature malleability, by serializing signatures separately from the rest of the transaction data, so that the transaction ID is no longer malleable. History Pieter Wuille, a bitcoin developer, first proposed the concept of SegWit. On 24 July 2017 as a part of the software upgrade process i.e Bitcoin Improvement Proposal (BIP) 91, the concept of Segregated Witness is activated at block 477,120. Within one week of implementation, the bitcoin price seen a spike of 50%. The transaction usage rate using SegWit further increased from 7% to 10% in the first week of October. As of February 2018, SegWit transactions exceed 30%. However, a group of China-based bitcoin miners were unhappy with the implementation and later forked to created Bitcoin Cash. Lightning Network - Layer 2 solution Lightning Network operates on top of bitcoin and is referred to as a “Layer 2” component. It is an off-chain micropayment system that is designed to enhance the transaction speed in the blockchain network. SegWit acts as a base component for the Lightning Network. By implementing SegWit, the transaction malleability issue can be prevented which will allow this secure payment system to process millions of transactions per second in the Bitcoin network. Advantages of SegWit: · Prevents transaction malleability problem. · Prevents signature malleability problem. · Helps in scaling the bitcoin network. · Increases block size. · Reduced transaction fees. · Acts as a base for the lightning protocol. Conclusion There is no doubt that Bitcoin technology is very revolutionary but like any other technology, it has certain drawbacks as well as challenges. Scaling is one of them which has restricted in large scale applications adopted. It is capable of processing only 7-10 transactions per second on the base layer. Many developers, researchers from the Bitcoin community are working hard to overcome the problem. SegWit along with the Lightning Network together aiming to allow Bitcoin to process millions (or more) transactions per second. But the real scenario will depend on the success of future projects. Read More: A Guide to Smart Contracts
How long with the Stellar consolidation last? A forecast from the XLMwallet
It’s been three weeks since the Bitcoin halving, but the rally so many were waiting for didn’t happen, at least for now. Stellar is consolidating and seems to be going up. When can you expect significant gains? As always XLMwallet analytics offer a forecast. Stellar is still trying to recover from the big hit it took on May 10, together with Bitcoin and the rest. It went from $0.072 to $0.064 — a 12% fall. It scrapped a lot of the gains made in the previous month. https://xlmwallet.co/ What happened? Why did XLM fall so much? Don’t panic — and definitely don’t sell. If you hold lumens in your XLMwallet, continue to do so. (We hope you do, because XLMwallet is awesome.) What happened was a banal Bitcoin liquidation. Just before the halving, there was lots of volatility in the market, with people getting excited. The price started rising and even tried to go beyond $10,000. For Bitcoin, it’s been a very strong level or resistance since last summer. When the price couldn’t cross the $10k mark, it became clear that the ceiling is reached for now. And people started to sell. The price began to fall. Then, a massive liquidation of short positions followed. Those are the futures positions on exchanges like BitMex: a lot of people were shorting BTC. Once some of the positions automatically closed, the price fell a bit further, more positions were liquidated, the price fell again, and so on. It was a chain reaction. Nothing happened to Bitcoin, nothing happened to Stellar. It was all just a technical process. Stellar, Ethereum and the others simply followed. That’s the unfortunate reality of crypto: all the altcoins follow BTC, like sheep follow a dog. Bitcoin has been struggling to grow back ever since, and so is Stellar. In addition, there are a lot of Bitcoin miners selling the BTC they accumulated in the past few months, creating additional downward pressure. What should you do? As we’ve said, definitely not sell. It will take Bitcoin a couple of months to get out of its consolidation stage, and then it can start growing properly, tagging the rest of the coins along. We expect very good gains for Stellar starting from July — definitely higher than where it was in early May. Moreover, the Stellar Foundation has just made another investment. It gave $550,000 to a startup called SatoshiPay. It’s a micropayments product that is now eyeing an expansion into the B2B territory, mostly to let creators of online content get paid across borders. As we all know, Stellar is the perfect cryptocurrency for cross-border payments: it’s extremely fast and cheap. As we always say, if you can HODL your lumens in the XLMwallet, do so. But if you have to pay with crypto somewhere, do it with Stellar rather than in BTC. Especially now, after the halving, when the BTC transaction fee has risen above $3 — many thousands of times more than with XLM! In a few words: our advice for XLM owners is hold. A rally is coming, though we’ll have to wait a couple of months for it. We’re pretty sure that the worst for Stellar is over this year, and the only way to go is up. Website — https://xlmwallet.co/ Medium — https://medium.com/@XLMwalletCo Teletype — https://teletype.in/@XLMwalletCo Twitter — https://twitter.com/XLMwalletCo Reddit — https://www.reddit.com/XLM_wallet/
In a world where technology rules with an iron fist, a group of rebels use phone apps to cast spells and weave enchantments into megaphones, motorcycles, and electric guitars. Magepunk is the future.
Cyber punk by way of the council of elrond. I really don't think this one came out great. It's...okay. I would probably skip it unless you really want to see lord of the rings re-imagined as cyberpunk. Art banged on the door and pulled his hood up against the rain and spysats.”Lomir,” he whispered. The concealment spell spread out around them to infect every digital eye in a block. It would only last a minute; the enemy was stronger than ever, but it should be enough. He spoke to the man next to him. “Okay Fred, everything is going to be okay now. These are the best magi in the world, if anybody can help us it’s them.” The man next to him huddled in his coat. They both had brown hair, but where Art was tall, broad, and lean, with grey eyes, fitting for an ex-Army ranger, Fred was short with brown eyes and shaggy hair. A thin woman with long dark hair opened the door a crack. “Were you followed?” she hissed. Art shook his head. “No, I took precautions El. I’ve got a concealment spell up but I think they know we’re in the area.” His eyes went wide as he felt some of the cameras start to come back online. “Shit. I think the Eye is looking for us. The spell is failing. Let us in!” El jerked the door open and waved them in before slamming it shut. She snapped off a single hair from her head and wrapped the doorknob, and whispered “findele.” The hair dissolved in to a mass of nanites that set about reinforcing the door. El turned back around to face them. She was pretty but could have been any age from a rough 25 to a well preserved 50. “That should hold them for a while. With any luck they’ll just think it was a random outage.” She examined Fred. “So. You’re supposed to save us all.” Fred shuffled his feet. “I guess. I don’t really understand everything, but Art found me. Said I needed to take this to Oculus headquarters to destroy it.” Fred pulled a ring out of his pocket and held it up. El stared. She started to reach out to examine it but caught herself in time and pulled back. “You...you just hold on to that.” She brushed past them to move down the hall. “Come on, you’re the last ones to arrive. We have a war council to attend.” She led them down a dark hallway. “Cala.” The old LED lights along the hallway glowed gently to life, still good after all these years. They came out in a large room, lined with monitors and humming server racks, with a large table in the center. There were 4 other people already sitting around it. “Okay, so this is everyone. That’s Legs,” she pointed to a tall lanky blonde man, who nodded, “Grim,” a shorter man, about Freds height, with a bushy beard, wearing a lot of leather, “Barry,” he was a bit shorter than Art but had the same coloring, “And Gramps,” and old man with a scraggly beard, holding a staff, he was wearing grey robes. “I told you my name is Linus,” he snapped. “And I told you that we aren’t using our real names. This council is warded and air gapped but we can’t take chances. Gramps.” He grumbled and crossed his arms. El gestured to the table. “Go ahead and take a seat. Coffee?” Everyone nodded. “Tulu yullas,” she said in a clear voice. Fred could hear a coffee maker hum to life and saw a small drone zip over to it with a tray. “Coffee should be around shortly, everyone. Now, Gramps,” she smirked as she said it, “I think it would be best if you told us what you found.” Gramps grumbled and stood up. “Very well. It started a month ago when I went to meet with one of my contacts, Sarah. Known her for years. I wanted to discuss recent movements Oculus has been making. Buying up opposition, squashing dissident stories. They haven’t put out a new product in years, ever since Google crushed them in the AR wars, but there was rumbling that something big was going to happen soon. Sarah said she had information on it.” Gramps took a cup of coffee from the drone and took a sip. “She was at least telling the truth about that. I told her that the ring,” he nodded to Fred, “had turned up again like a bad penny and was making its way around the world. She seemed pretty shocked by that, and insisted that we secure it. We quarrelled over it, I wanted it to be destroyed, she said I was being a fool. I said that with this we could destroy oculus forever, but she just wanted the power.” Gramps sighed. “I trusted her, so I didn’t have any firewalls up. She finally told me that she had joined forces with Oculus, and wanted to know if I would join her. I laughed in her face. That’s when she triggered her binding. Burnt out almost everything I had on me all at once, including my phone,” he threw a burnt piece of plastic on the table, “supposed to be military grade but the battery blew out immediately. Blew out my ID, my rings, everything. Then she triggered another app, the walls of a cage shot up around me. I was stuck and she knew it. She told me I would have plenty of time to think about it and left.” Gramps grinned. “But all her fancy apps failed to account for my walking stick here.” He picked it up. “Had a backup ID and com ring deep in a secret compartment, wrapped in a faraday cage. Took me a while to get it wired up to the aether, but once I did, I was able to make contact with a friend of mine, he was able to get me out. Came here soon as I was able.” Fred raised his hand. El smiled at that. “You don’t have to do that here, Fred. You have a question?” Fred nodded. “But what’s so special about this ring, anyway? It’s just a ring.” El shook her head. “Unfortunately, it’s not just a ring. It’s a biometric lock that gives you access to all of their bitcoin deposits. It has the original passcode that all of their accounting was based on. If you were to take that to their headquarters, you would have complete control over their company. You could do whatever you wanted with it, burn it to the ground, control it, sell it, anything. And there’s nothing they could do to stop you. They will do literally anything to get a hold of it.” “But why me?” “That’s an incredible coincidence. According to my scrying, well, you remember your Uncle Bill?” Fred nodded. “He was their CFO since the beginning. Crypto wasn’t as popular then and people were still worried about security, so he went to the main server of the company and had it create a ring. That ring. It contains the password to give you access to all of their crypto accounts, and you can only access it if you have the right biohash. His biohash, as it turns out. And you happen - by some one in a billion chance - to share the right markers with him. Given enough time, any of us in this room could fake it. But you can just use it outright.” El nodded to Gramps. “Thank you, Gramps, please take a seat. Barry, I believe you were next?” Barry stood up and nodded to Art. “Some of you I’ve met before, some I haven’t, but I’m Barry. Me and my brother Frank, we’re heirs to one of the Google fortunes. And we’ve been digging.” “I remember the technomage wars, a lot of us do, and I know that the official history is that the remnants of the Fang alliance - after Facebook was crushed - was able to defeat oculus and kill their chance at recovery, but I’m here to tell you that just isn’t true. It was largely a draw, until Oculus just withdrew. They stopped fighting everywhere, ended all their rituals, and went back in to research and development mode. And look around you. They might have officially ‘lost,’ but Oculus still makes the best haptics around. That’s why they are still the most popular, even years after they stopped producing anything new.” “My brother, Frank, he’s the oldest, so he gets a chance to play with the newest technology. He showed me this new piece that lets you hack in your dreams. You know how fast dream time is, well, the response time on this lets you pass through firewalls like they aren’t even there. So, one night, he took me scrying with him. We decided to go for oculus headquarters. We thought they were dead. We were wrong.” “It was six of us. Frank was having a party and everyone wanted to try out the newest scrying method, so we went under and followed him over the aether into the oculus servers. Like I said, we thought they were dead, but what we saw there...massive databases chugging away, servers running at peak capacity, security like nothing I’ve ever seen. We had to hide from bot patrols every five minutes. I wanted to leave but Frank wanted to keep looking, so we went deeper in to the racks. That was a mistake.” “They shouldn’t have been able to find us, but, well, someone was dropping packets. One of the bots was able to spot his tracks and start running us down. Frank heard the alarm going off before any of us. He told us to run, to get back to the party. We did, but not everyone made it.” Barry slumped forward. “Frank and I, we’re the best. We’ve been hacking since we were old enough to punch a keyboard. We made it out. But the rest of them weren’t so lucky. The bots caught them, and...this is the part I don’t understand, they killed them. Not in the aether, in the real. Every other person in our party had seizures and died right there. We knew right then that we had to do something. Once I heard that the ring was back in play, well, I knew I needed to come here and talk it out with El. Frank stayed behind. He’s fighting them every night in his dreams, trying to slow down whatever they’re doing, but he needs help. We all do.” Barry sat down heavily and stared at his coffee. “You got any whiskey for this?” Grim grunted and pulled a flask out of his vest. “Take it, lad.” He slid it across the table. Barry raised it back to Grim in a toast, then uncapped it and filled up his coffee cup with it. Grim stood up. “Might as well go next. Go by Grim.” He had a scottish accent. “I’m not famous like some of ye, but I’m one of the best damn app programmers in the world. Runs in the family. My father, he wrote the very first micropayment app. We have a reputation. You need something new built? You come to the Grim family. We can build anything.” “So we weren’t all that surprised when a representative from Oculus came by a few weeks ago. Really slimy shite, hands like he’d never woven a script in his life. He said he wanted something new. Something like the world had never seen. He said he couldn’t offer us the details until we signed, but he promised to make it worth our while. And then, he pulled out a ring, like that one,” he nodded to Fred, who shoved the hand inside his pocket, “and told us that it was a biometric lock, keyed to one of the outstanding Oculus crypto fortunes. The exact numbers had been lost, but it was worth a fortune. And they would key it to us, as long as we agreed to work with them.” “Well, my father thanked him for his time and told him we would be in touch, and then showed him the door. He told me ‘Laddie, I don’t care what they wanted us to build, that price was too much.’ We sat up late that night, drinking whiskey, and we couldn’t figure out what they might want so badly. Or for that matter, how in the world oculus had that much money to throw at us. It was wrong. And then we talked about the Fang war, when huge swaths of people could be cut off at a moment's notice as the aether buckled under the traffic. He told me ‘I don’t know what’s going to happen, lad, but it’s bad. I can feel it in me bones.’ He said he knew you, El, from way back, said you would have some insight as to what’s going on. I can tell you, after hearing all these stories, I’m starting to think my da was right.” Grim sat back down. Everyone looked at Legs. He lifted his eyebrows. “Oh, me?” He had an english accent. He smiled at Grim. “I think his father’s correct. And there’s no way I’m going to let my man go into that kind of danger alone.” Grim blushed. “No need to bring up our personal life, Legs. I’m happy to have you along.” Legs leaned over and ruffled his hair. Grim tried to sink into the chair. El smiled. “I can respect that, Legs. I believe that with this new information, I finally understand what is going on there.” She stood. “Barry was correct when he said that Oculus chose to lose the Fang war. I believe, after hearing your stories, I know why. What I know for sure is that on the day the turned inward, their head of engineering died. He was trying out a new haptic protocol. His death sounds very much like what your friends experienced, Barry. They have been snapping up all the best magi in the world, which is obviously why they came for you Gramps, and you, Grim. They are weaving something dark in there. Let me show you something.” She raised her voice. “Tul!” A wheeled cage came rolling in on it’s own. Inside was a man that was all skin and bones. He flinched from the light and cowered in his cage. El sighed. “This...WAS...Gary. He was an associate of mine, but he was doing something very similar to your friends, Barry. He was trying out a new haptic that gave him unprecedented response time, because it operated on a different part of the brain. He was using it just like you, to explore the oculus servers. But maybe because they didn’t perceive him as a threat, they didn’t kill him. They enslaved him. When we took off the haptics, he started attacking everyone. It took eight of us to seal him in this cage. His mind is gone. I’ve communed with him, I’ve dived deep into his mind, but it’s gone. The only desire left is to kill for oculus. Make no mistake, if I were to let him out of this cage he would do his best to kill all of us. Vanya.” The cage rolled back into the shadows. “I believe this is what they are working towards. This is why their security is so tight, why their servers run day and night creating terrible engines, why the corrupted Sarah. Their plan is to deploy this evil thing to every Oculus haptic out there and create an army of slaves. They will take over the world without firing a shot. The only good news is that since they are still recruiting, they have not completed the project. We still have time to bring them down. With that ring, Fred, we can go to the center of their headquarters, and destroy all their power. We can transfer away all of their savings and leave them with nothing, and they will collapse.” She turned her gaze to the rest of the table. “But he cannot go alone. Who will go with him?” Art was the first one to stand. “I’m just a grunt, but,” he pulled out the monomolecular blade on his back, “you have my sword.” Barry stood up. “And my code.” Grim stood up and pounded his fist on the table. “And my apps!” Legs and Gramps also nodded. El smiled. “Good. Then we have a fellowship.”
Technical: A Brief History of Payment Channels: from Satoshi to Lightning Network
Who cares about political tweets from some random country's president when payment channels are a much more interesting and are actually capable of carrying value? So let's have a short history of various payment channel techs!
Generation 0: Satoshi's Broken nSequence Channels
Because Satoshi's Vision included payment channels, except his implementation sucked so hard we had to go fix it and added RBF as a by-product. Originally, the plan for nSequence was that mempools would replace any transaction spending certain inputs with another transaction spending the same inputs, but only if the nSequence field of the replacement was larger. Since 0xFFFFFFFF was the highest value that nSequence could get, this would mark a transaction as "final" and not replaceable on the mempool anymore. In fact, this "nSequence channel" I will describe is the reason why we have this weird rule about nLockTime and nSequence. nLockTime actually only works if nSequence is not 0xFFFFFFFF i.e. final. If nSequence is 0xFFFFFFFF then nLockTime is ignored, because this if the "final" version of the transaction. So what you'd do would be something like this:
You go to a bar and promise the bartender to pay by the time the bar closes. Because this is the Bitcoin universe, time is measured in blockheight, so the closing time of the bar is indicated as some future blockheight.
For your first drink, you'd make a transaction paying to the bartender for that drink, paying from some coins you have. The transaction has an nLockTime equal to the closing time of the bar, and a starting nSequence of 0. You hand over the transaction and the bartender hands you your drink.
For your succeeding drink, you'd remake the same transaction, adding the payment for that drink to the transaction output that goes to the bartender (so that output keeps getting larger, by the amount of payment), and having an nSequence that is one higher than the previous one.
Eventually you have to stop drinking. It comes down to one of two possibilities:
You drink until the bar closes. Since it is now the nLockTime indicated in the transaction, the bartender is able to broadcast the latest transaction and tells the bouncers to kick you out of the bar.
You wisely consider the state of your liver. So you re-sign the last transaction with a "final" nSequence of 0xFFFFFFFF i.e. the maximum possible value it can have. This allows the bartender to get his or her funds immediately (nLockTime is ignored if nSequence is 0xFFFFFFFF), so he or she tells the bouncers to let you out of the bar.
Now that of course is a payment channel. Individual payments (purchases of alcohol, so I guess buying coffee is not in scope for payment channels). Closing is done by creating a "final" transaction that is the sum of the individual payments. Sure there's no routing and channels are unidirectional and channels have a maximum lifetime but give Satoshi a break, he was also busy inventing Bitcoin at the time. Now if you noticed I called this kind of payment channel "broken". This is because the mempool rules are not consensus rules, and cannot be validated (nothing about the mempool can be validated onchain: I sigh every time somebody proposes "let's make block size dependent on mempool size", mempool state cannot be validated by onchain data). Fullnodes can't see all of the transactions you signed, and then validate that the final one with the maximum nSequence is the one that actually is used onchain. So you can do the below:
Become friends with Jihan Wu, because he owns >51% of the mining hashrate (he totally reorged Bitcoin to reverse the Binance hack right?).
Slip Jihan Wu some of the more interesting drinks you're ordering as an incentive to cooperate with you. So say you end up ordering 100 drinks, you split it with Jihan Wu and give him 50 of the drinks.
When the bar closes, Jihan Wu quickly calls his mining rig and tells them to mine the version of your transaction with nSequence 0. You know, that first one where you pay for only one drink.
Because fullnodes cannot validate nSequence, they'll accept even the nSequence=0 version and confirm it, immutably adding you paying for a single alcoholic drink to the blockchain.
The bartender, pissed at being cheated, takes out a shotgun from under the bar and shoots at you and Jihan Wu.
Jihan Wu uses his mystical chi powers (actually the combined exhaust from all of his mining rigs) to slow down the shotgun pellets, making them hit you as softly as petals drifting in the wind.
The bartender mutters some words, clothes ripping apart as he or she (hard to believe it could be a she but hey) turns into a bear, ready to maul you for cheating him or her of the payment for all the 100 drinks you ordered from him or her.
Steely-eyed, you stand in front of the bartender-turned-bear, daring him to touch you. You've watched Revenant, you know Leonardo di Caprio could survive a bear mauling, and if some posh actor can survive that, you know you can too. You make a pose. "Drunken troll logic attack!"
I think I got sidetracked here.
Bears are bad news.
You can't reasonably invoke "Satoshi's Vision" and simultaneously reject the Lightning Network because it's not onchain. Satoshi's Vision included a half-assed implementation of payment channels with nSequence, where the onchain transaction represented multiple logical payments, exactly what modern offchain techniques do (except modern offchain techniques actually work). nSequence (the field, but not its modern meaning) has been in Bitcoin since BitCoin For Windows Alpha 0.1.0. And its original intent was payment channels. You can't get nearer to Satoshi's Vision than being a field that Satoshi personally added to transactions on the very first public release of the BitCoin software, like srsly.
Miners can totally bypass mempool rules. In fact, the reason why nSequence has been repurposed to indicate "optional" replace-by-fee is because miners are already incentivized by the nSequence system to always follow replace-by-fee anyway. I mean, what do you think those drinks you passed to Jihan Wu are, other than the fee you pay him to mine a specific version of your transaction?
Satoshi made mistakes. The original design for nSequence is one of them. Today, we no longer use nSequence in this way. So diverging from Satoshi's original design is part and parcel of Bitcoin development, because over time, we learn new lessons that Satoshi never knew about. Satoshi was an important landmark in this technology. He will not be the last, or most important, that we will remember in the future: he will only be the first.
Incentive-compatible time-limited unidirectional channel; or, Satoshi's Vision, Fixed (if transaction malleability hadn't been a problem, that is). Now, we know the bartender will turn into a bear and maul you if you try to cheat the payment channel, and now that we've revealed you're good friends with Jihan Wu, the bartender will no longer accept a payment channel scheme that lets one you cooperate with a miner to cheat the bartender. Fortunately, Jeremy Spilman proposed a better way that would not let you cheat the bartender. First, you and the bartender perform this ritual:
You get some funds and create a transaction that pays to a 2-of-2 multisig between you and the bartender. You don't broadcast this yet: you just sign it and get its txid.
You create another transaction that spends the above transaction. This transaction (the "backoff") has an nLockTime equal to the closing time of the bar, plus one block. You sign it and give this backoff transaction (but not the above transaction) to the bartender.
The bartender signs the backoff and gives it back to you. It is now valid since it's spending a 2-of-2 of you and the bartender, and both of you have signed the backoff transaction.
Now you broadcast the first transaction onchain. You and the bartender wait for it to be deeply confirmed, then you can start ordering.
The above is probably vaguely familiar to LN users. It's the funding process of payment channels! The first transaction, the one that pays to a 2-of-2 multisig, is the funding transaction that backs the payment channel funds. So now you start ordering in this way:
For your first drink, you create a transaction spending the funding transaction output and sending the price of the drink to the bartender, with the rest returning to you.
You sign the transaction and pass it to the bartender, who serves your first drink.
For your succeeding drinks, you recreate the same transaction, adding the price of the new drink to the sum that goes to the bartender and reducing the money returned to you. You sign the transaction and give it to the bartender, who serves you your next drink.
At the end:
If the bar closing time is reached, the bartender signs the latest transaction, completing the needed 2-of-2 signatures and broadcasting this to the Bitcoin network. Since the backoff transaction is the closing time + 1, it can't get used at closing time.
If you decide you want to leave early because your liver is crying, you just tell the bartender to go ahead and close the channel (which the bartender can do at any time by just signing and broadcasting the latest transaction: the bartender won't do that because he or she is hoping you'll stay and drink more).
If you ended up just hanging around the bar and never ordering, then at closing time + 1 you broadcast the backoff transaction and get your funds back in full.
Now, even if you pass 50 drinks to Jihan Wu, you can't give him the first transaction (the one which pays for only one drink) and ask him to mine it: it's spending a 2-of-2 and the copy you have only contains your own signature. You need the bartender's signature to make it valid, but he or she sure as hell isn't going to cooperate in something that would lose him or her money, so a signature from the bartender validating old state where he or she gets paid less isn't going to happen. So, problem solved, right? Right? Okay, let's try it. So you get your funds, put them in a funding tx, get the backoff tx, confirm the funding tx... Once the funding transaction confirms deeply, the bartender laughs uproariously. He or she summons the bouncers, who surround you menacingly. "I'm refusing service to you," the bartender says. "Fine," you say. "I was leaving anyway;" You smirk. "I'll get back my money with the backoff transaction, and posting about your poor service on reddit so you get negative karma, so there!" "Not so fast," the bartender says. His or her voice chills your bones. It looks like your exploitation of the Satoshi nSequence payment channel is still fresh in his or her mind. "Look at the txid of the funding transaction that got confirmed." "What about it?" you ask nonchalantly, as you flip open your desktop computer and open a reputable blockchain explorer. What you see shocks you. "What the --- the txid is different! You--- you changed my signature?? But how? I put the only copy of my private key in a sealed envelope in a cast-iron box inside a safe buried in the Gobi desert protected by a clan of nomads who have dedicated their lives and their childrens' lives to keeping my private key safe in perpetuity!" "Didn't you know?" the bartender asks. "The components of the signature are just very large numbers. The sign of one of the signature components can be changed, from positive to negative, or negative to positive, and the signature will remain valid. Anyone can do that, even if they don't know the private key. But because Bitcoin includes the signatures in the transaction when it's generating the txid, this little change also changes the txid." He or she chuckles. "They say they'll fix it by separating the signatures from the transaction body. They're saying that these kinds of signature malleability won't affect transaction ids anymore after they do this, but I bet I can get my good friend Jihan Wu to delay this 'SepSig' plan for a good while yet. Friendly guy, this Jihan Wu, it turns out all I had to do was slip him 51 drinks and he was willing to mine a tx with the signature signs flipped." His or her grin widens. "I'm afraid your backoff transaction won't work anymore, since it spends a txid that is not existent and will never be confirmed. So here's the deal. You pay me 99% of the funds in the funding transaction, in exchange for me signing the transaction that spends with the txid that you see onchain. Refuse, and you lose 100% of the funds and every other HODLer, including me, benefits from the reduction in coin supply. Accept, and you get to keep 1%. I lose nothing if you refuse, so I won't care if you do, but consider the difference of getting zilch vs. getting 1% of your funds." His or her eyes glow. "GENUFLECT RIGHT NOW." Lesson learned?
Payback's a bitch.
Transaction malleability is a bitchier bitch. It's why we needed to fix the bug in SegWit. Sure, MtGox claimed they were attacked this way because someone kept messing with their transaction signatures and thus they lost track of where their funds went, but really, the bigger impetus for fixing transaction malleability was to support payment channels.
Yes, including the signatures in the hash that ultimately defines the txid was a mistake. Satoshi made a lot of those. So we're just reiterating the lesson "Satoshi was not an infinite being of infinite wisdom" here. Satoshi just gets a pass because of how awesome Bitcoin is.
CLTV-protected Spilman Channels
Using CLTV for the backoff branch. This variation is simply Spilman channels, but with the backoff transaction replaced with a backoff branch in the SCRIPT you pay to. It only became possible after OP_CHECKLOCKTIMEVERIFY (CLTV) was enabled in 2015. Now as we saw in the Spilman Channels discussion, transaction malleability means that any pre-signed offchain transaction can easily be invalidated by flipping the sign of the signature of the funding transaction while the funding transaction is not yet confirmed. This can be avoided by simply putting any special requirements into an explicit branch of the Bitcoin SCRIPT. Now, the backoff branch is supposed to create a maximum lifetime for the payment channel, and prior to the introduction of OP_CHECKLOCKTIMEVERIFY this could only be done by having a pre-signed nLockTime transaction. With CLTV, however, we can now make the branches explicit in the SCRIPT that the funding transaction pays to. Instead of paying to a 2-of-2 in order to set up the funding transaction, you pay to a SCRIPT which is basically "2-of-2, OR this singlesig after a specified lock time". With this, there is no backoff transaction that is pre-signed and which refers to a specific txid. Instead, you can create the backoff transaction later, using whatever txid the funding transaction ends up being confirmed under. Since the funding transaction is immutable once confirmed, it is no longer possible to change the txid afterwards.
Todd Micropayment Networks
The old hub-spoke model (that isn't how LN today actually works). One of the more direct predecessors of the Lightning Network was the hub-spoke model discussed by Peter Todd. In this model, instead of payers directly having channels to payees, payers and payees connect to a central hub server. This allows any payer to pay any payee, using the same channel for every payee on the hub. Similarly, this allows any payee to receive from any payer, using the same channel. Remember from the above Spilman example? When you open a channel to the bartender, you have to wait around for the funding tx to confirm. This will take an hour at best. Now consider that you have to make channels for everyone you want to pay to. That's not very scalable. So the Todd hub-spoke model has a central "clearing house" that transport money from payers to payees. The "Moonbeam" project takes this model. Of course, this reveals to the hub who the payer and payee are, and thus the hub can potentially censor transactions. Generally, though, it was considered that a hub would more efficiently censor by just not maintaining a channel with the payer or payee that it wants to censor (since the money it owned in the channel would just be locked uselessly if the hub won't process payments to/from the censored user). In any case, the ability of the central hub to monitor payments means that it can surveill the payer and payee, and then sell this private transactional data to third parties. This loss of privacy would be intolerable today. Peter Todd also proposed that there might be multiple hubs that could transport funds to each other on behalf of their users, providing somewhat better privacy. Another point of note is that at the time such networks were proposed, only unidirectional (Spilman) channels were available. Thus, while one could be a payer, or payee, you would have to use separate channels for your income versus for your spending. Worse, if you wanted to transfer money from your income channel to your spending channel, you had to close both and reshuffle the money between them, both onchain activities.
Poon-Dryja Lightning Network
Bidirectional two-participant channels. The Poon-Dryja channel mechanism has two important properties:
No time limit.
Both the original Satoshi and the two Spilman variants are unidirectional: there is a payer and a payee, and if the payee wants to do a refund, or wants to pay for a different service or product the payer is providing, then they can't use the same unidirectional channel. The Poon-Dryjam mechanism allows channels, however, to be bidirectional instead: you are not a payer or a payee on the channel, you can receive or send at any time as long as both you and the channel counterparty are online. Further, unlike either of the Spilman variants, there is no time limit for the lifetime of a channel. Instead, you can keep the channel open for as long as you want. Both properties, together, form a very powerful scaling property that I believe most people have not appreciated. With unidirectional channels, as mentioned before, if you both earn and spend over the same network of payment channels, you would have separate channels for earning and spending. You would then need to perform onchain operations to "reverse" the directions of your channels periodically. Secondly, since Spilman channels have a fixed lifetime, even if you never used either channel, you would have to periodically "refresh" it by closing it and reopening. With bidirectional, indefinite-lifetime channels, you may instead open some channels when you first begin managing your own money, then close them only after your lawyers have executed your last will and testament on how the money in your channels get divided up to your heirs: that's just two onchain transactions in your entire lifetime. That is the potentially very powerful scaling property that bidirectional, indefinite-lifetime channels allow. I won't discuss the transaction structure needed for Poon-Dryja bidirectional channels --- it's complicated and you can easily get explanations with cute graphics elsewhere. There is a weakness of Poon-Dryja that people tend to gloss over (because it was fixed very well by RustyReddit):
You have to store all the revocation keys of a channel. This implies you are storing 1 revocation key for every channel update, so if you perform millions of updates over your entire lifetime, you'd be storing several megabytes of keys, for only a single channel. RustyReddit fixed this by requiring that the revocation keys be generated from a "Seed" revocation key, and every key is just the application of SHA256 on that key, repeatedly. For example, suppose I tell you that my first revocation key is SHA256(SHA256(seed)). You can store that in O(1) space. Then for the next revocation, I tell you SHA256(seed). From SHA256(key), you yourself can compute SHA256(SHA256(seed)) (i.e. the previous revocation key). So you can remember just the most recent revocation key, and from there you'd be able to compute every previous revocation key. When you start a channel, you perform SHA256 on your seed for several million times, then use the result as the first revocation key, removing one layer of SHA256 for every revocation key you need to generate. RustyReddit not only came up with this, but also suggested an efficient O(log n) storage structure, the shachain, so that you can quickly look up any revocation key in the past in case of a breach. People no longer really talk about this O(n) revocation storage problem anymore because it was solved very very well by this mechanism.
Another thing I want to emphasize is that while the Lightning Network paper and many of the earlier presentations developed from the old Peter Todd hub-and-spoke model, the modern Lightning Network takes the logical conclusion of removing a strict separation between "hubs" and "spokes". Any node on the Lightning Network can very well work as a hub for any other node. Thus, while you might operate as "mostly a payer", "mostly a forwarding node", "mostly a payee", you still end up being at least partially a forwarding node ("hub") on the network, at least part of the time. This greatly reduces the problems of privacy inherent in having only a few hub nodes: forwarding nodes cannot get significantly useful data from the payments passing through them, because the distance between the payer and the payee can be so large that it would be likely that the ultimate payer and the ultimate payee could be anyone on the Lightning Network. Lessons learned?
We can decentralize if we try hard enough!
"Hubs bad" can be made "hubs good" if everybody is a hub.
Smart people can solve problems. It's kinda why they're smart.
After LN, there's also the Decker-Wattenhofer Duplex Micropayment Channels (DMC). This post is long enough as-is, LOL. But for now, it uses a novel "decrementing nSequence channel", using the new relative-timelock semantics of nSequence (not the broken one originally by Satoshi). It actually uses multiple such "decrementing nSequence" constructs, terminating in a pair of Spilman channels, one in both directions (thus "duplex"). Maybe I'll discuss it some other time. The realization that channel constructions could actually hold more channel constructions inside them (the way the Decker-Wattenhofer puts a pair of Spilman channels inside a series of "decrementing nSequence channels") lead to the further thought behind Burchert-Decker-Wattenhofer channel factories. Basically, you could host multiple two-participant channel constructs inside a larger multiparticipant "channel" construct (i.e. host multiple channels inside a factory). Further, we have the Decker-Russell-Osuntokun or "eltoo" construction. I'd argue that this is "nSequence done right". I'll write more about this later, because this post is long enough. Lessons learned?
Bitcoin offchain scaling is more powerful than you ever thought.
Transcript of discussion between an ASIC designer and several proof-of-work designers from #monero-pow channel on Freenode this morning
[08:07:01] lukminer contains precompiled cn/r math sequences for some blocks: https://lukminer.org/2019/03/09/oh-kay-v4r-here-we-come/ [08:07:11] try that with RandomX :P [08:09:00] tevador: are you ready for some RandomX feedback? it looks like the CNv4 is slowly stabilizing, hashrate comes down... [08:09:07] how does it even make sense to precompile it? [08:09:14] mine 1% faster for 2 minutes? [08:09:35] naturally we think the entire asic-resistance strategy is doomed to fail :) but that's a high-level thing, who knows. people may think it's great. [08:09:49] about RandomX: looks like the cache size was chosen to make it GPU-hard [08:09:56] looking forward to more docs [08:11:38] after initial skimming, I would think it's possible to make a 10x asic for RandomX. But at least for us, we will only make an ASIC if there is not a total ASIC hostility there in the first place. That's better for the secret miners then. [08:13:12] What I propose is this: we are working on an Ethash ASIC right now, and once we have that working, we would invite tevador or whoever wants to come to HK/Shenzhen and we walk you guys through how we would make a RandomX ASIC. You can then process this input in any way you like. Something like that. [08:13:49] unless asics (or other accelerators) re-emerge on XMR faster than expected, it looks like there is a little bit of time before RandomX rollout [08:14:22] 10x in what measure? $/hash or watt/hash? [08:14:46] watt/hash [08:15:19] so you can make 10 times more efficient double precisio FPU? [08:16:02] like I said let's try to be productive. You are having me here, let's work together! [08:16:15] continue with RandomX, publish more docs. that's always helpful. [08:16:37] I'm trying to understand how it's possible at all. Why AMD/Intel are so inefficient at running FP calculations? [08:18:05] midipoet ([email protected]/web/irccloud.com/x-vszshqqxwybvtsjm) has joined #monero-pow [08:18:17] hardware development works the other way round. We start with 1) math then 2) optimization priority 3) hw/sw boundary 4) IP selection 5) physical implementation [08:22:32] This still doesn't explain at which point you get 10x [08:23:07] Weren't you the ones claiming "We can accelerate ProgPoW by a factor of 3x to 8x." ? I find it hard to believe too. [08:30:20] sure [08:30:26] so my idea: first we finish our current chip [08:30:35] from simulation to silicon :) [08:30:40] we love this stuff... we do it anyway [08:30:59] now we have a communication channel, and we don't call each other names immediately anymore: big progress! [08:31:06] you know, we russians have a saying "it was smooth on paper, but they forgot about ravines" [08:31:12] So I need a bit more details [08:31:16] ha ha. good! [08:31:31] that's why I want to avoid to just make claims [08:31:34] let's work [08:31:40] RandomX comes in Sep/Oct, right? [08:31:45] Maybe [08:32:20] We need to audit it first [08:32:31] ok [08:32:59] we don't make chips to prove sw devs that their assumptions about hardware are wrong. especially not if these guys then promptly hardfork and move to the next wrong assumption :) [08:33:10] from the outside, this only means that hw & sw are devaluing each other [08:33:24] neither of us should do this [08:33:47] we are making chips that can hopefully accelerate more crypto ops in the future [08:33:52] signing, verifying, proving, etc. [08:34:02] PoW is just a feature like others [08:34:18] sech1: is it easy for you to come to Hong Kong? (visa-wise) [08:34:20] or difficult? [08:34:33] or are you there sometimes? [08:34:41] It's kind of far away [08:35:13] we are looking forward to more RandomX docs. that's the first step. [08:35:31] I want to avoid that we have some meme "Linzhi says they can accelerate XYZ by factor x" .... "ha ha ha" [08:35:37] right? we don't want that :) [08:35:39] doc is almost finished [08:35:40] What docs do you need? It's described pretty good [08:35:41] so I better say nothing now [08:35:50] we focus on our Ethash chip [08:36:05] then based on that, we are happy to walk interested people through the design and what else it can do [08:36:22] that's a better approach from my view than making claims that are laughed away (rightfully so, because no silicon...) [08:36:37] ethash ASIC is basically a glorified memory controller [08:36:39] sech1: tevador said something more is coming (he just did it again) [08:37:03] yes, some parts of RandomX are not described well [08:37:10] like dataset access logic [08:37:37] RandomX looks like progpow for CPU [08:37:54] yes [08:38:03] it is designed to reflect CPU [08:38:34] so any ASIC for it = CPU in essence [08:39:04] of course there are still some things in regular CPU that can be thrown away for RandomX [08:40:20] uncore parts are not used, but those will use very little power [08:40:37] except for memory controller [08:41:09] I'm just surprised sometimes, ok? let me ask: have you designed or taped out an asic before? isn't it risky to make assumptions about things that are largely unknown? [08:41:23] I would worry [08:41:31] that I get something wrong... [08:41:44] but I also worry like crazy that CNv4 will blow up, where you guys seem to be relaxed [08:42:06] I didn't want to bring up anything RandomX because CNv4 is such a nailbiter... :) [08:42:15] how do you guys know you don't have asics in a week or two? [08:42:38] we don't have experience with ASIC design, but RandomX is simply designed to exactly fit CPU capabilities, which is the best you can do anyways [08:43:09] similar as ProgPoW did with GPUs [08:43:14] some people say they want to do asic-resistance only until the vast majority of coins has been issued [08:43:21] that's at least reasonable [08:43:43] yeah but progpow totally will not work as advertised :) [08:44:08] yeah, I've seen that comment about progpow a few times already [08:44:11] which is no surprise if you know it's just a random sales story to sell a few more GPUs [08:44:13] RandomX is not permanent, we are expecting to switch to ASIC friendly in a few years if possible [08:44:18] yes [08:44:21] that makes sense [08:44:40] linzhi-sonia: how so? will it break or will it be asic-able with decent performance gains? [08:44:41] are you happy with CNv4 so far? [08:45:10] ah, long story. progpow is a masterpiece of deception, let's not get into it here. [08:45:21] if you know chip marketing it makes more sense [08:45:24] linzhi-sonia: So far? lol! a bit early to tell, don't you think? [08:45:35] the diff is coming down [08:45:41] first few hours looked scary [08:45:43] I remain skeptical: I only see ASICs being reasonable if they are already as ubiquitous as smartphones [08:45:46] yes, so far so good [08:46:01] we kbew the diff would not come down ubtil affter block 75 [08:46:10] yes [08:46:22] but first few hours it looks like only 5% hashrate left [08:46:27] looked [08:46:29] now it's better [08:46:51] the next worry is: when will "unexplainable" hashrate come back? [08:47:00] you hope 2-3 months? more? [08:47:05] so give it another couple of days. will probably overshoot to the downside, and then rise a bit as miners get updated and return [08:47:22] 3 months minimum turnaround, yes [08:47:28] nah [08:47:36] don't underestimate asicmakers :) [08:47:54] you guys don't get #1 priority on chip fabs [08:47:56] 3 months = 90 days. do you know what is happening in those 90 days exactly? I'm pretty sure you don't. same thing as before. [08:48:13] we don't do any secret chips btw [08:48:21] 3 months assumes they had a complete design ready to go, and added the last minute change in 1 day [08:48:24] do you know who is behind the hashrate that is now bricked? [08:48:27] innosilicon? [08:48:34] hyc: no no, and no. :) [08:48:44] hyc: have you designed or taped out a chip before? [08:48:51] yes, many years ago [08:49:10] then you should know that 90 days is not a fixed number [08:49:35] sure, but like I said, other makers have greater demand [08:49:35] especially not if you can prepare, if you just have to modify something, or you have more programmability in the chip than some people assume [08:50:07] we are chipmakers, we would never dare to do what you guys are doing with CNv4 :) but maybe that just means you are cooler! [08:50:07] and yes, programmability makes some aspect of turnaround easier [08:50:10] all fine [08:50:10] I hope it works! [08:50:28] do you know who is behind the hashrate that is now bricked? [08:50:29] inno? [08:50:41] we suspect so, but have no evidence [08:50:44] maybe we can try to find them, but we cannot spend too much time on this [08:50:53] it's probably not so much of a secret [08:51:01] why should it be, right? [08:51:10] devs want this cat-and-mouse game? devs get it... [08:51:35] there was one leak saying it's innosilicon [08:51:36] so you think 3 months, ok [08:51:43] inno is cool [08:51:46] good team [08:51:49] IP design house [08:51:54] in Wuhan [08:52:06] they send their people to conferences with fake biz cards :) [08:52:19] pretending to be other companies? [08:52:26] sure [08:52:28] ha ha [08:52:39] so when we see them, we look at whatever card they carry and laugh :) [08:52:52] they are perfectly suited for secret mining games [08:52:59] they made at most $6 million in 2 months of mining, so I wonder if it was worth it [08:53:10] yeah. no way to know [08:53:15] but it's good that you calculate! [08:53:24] this is all about cost/benefit [08:53:25] then you also understand - imagine the value of XMR goes up 5x, 10x [08:53:34] that whole "asic resistance" thing will come down like a house of cards [08:53:41] I would imagine they sell immediately [08:53:53] the investor may fully understand the risk [08:53:57] the buyer [08:54:13] it's not healthy, but that's another discussion [08:54:23] so mid-June [08:54:27] let's see [08:54:49] I would be susprised if CNv4 ASICs show up at all [08:54:56] surprised* [08:54:56] why? [08:55:05] is only an economic question [08:55:12] yeah should be interesting. FPGAs will be near their limits as well [08:55:16] unless XMR goes up a lot [08:55:19] no, not *only*. it's also a technology question [08:55:44] you believe CNv4 is "asic resistant"? which feature? [08:55:53] it's not [08:55:59] cnv4 = Rabdomx ? [08:56:03] no [08:56:07] cnv4=cryptinight/r [08:56:11] ah [08:56:18] CNv4 is the one we have now, I think [08:56:21] since yesterday [08:56:30] it's plenty enough resistant for current XMR price [08:56:45] that may be, yes! [08:56:55] I look at daily payouts. XMR = ca. 100k USD / day [08:57:03] it can hold until October, but it's not asic resistant [08:57:23] well, last 24h only 22,442 USD :) [08:57:32] I think 80 h/s per watt ASICs are possible for CNv4 [08:57:38] linzhi-sonia where do you produce your chips? TSMC? [08:57:44] I'm cruious how you would expect to build a randomX ASIC that outperforms ARM cores for efficiency, or Intel cores for raw speed [08:57:48] curious [08:58:01] yes, tsmc [08:58:21] Our team did the world's first bitcoin asic, Avalon [08:58:25] and upcoming 2nd gen Ryzens (64-core EPYC) will be a blast at RandomX [08:58:28] designed and manufactured [08:58:53] still being marketed? [08:59:03] linzhi-sonia: do you understand what xmr wants to achieve, community-wise? [08:59:14] Avalon? as part of Canaan Creative, yes I think so. [08:59:25] there's not much interesting oing on in SHA256 [08:59:29] Inge-: I would think so, but please speak [08:59:32] hyc: yes [09:00:28] linzhi-sonia: i am curious to hear your thoughts. I am fairly new to this space myself... [09:00:51] oh [09:00:56] we are grandpas, and grandmas [09:01:36] yet I have no problem understanding why ASICS are currently reviled. [09:01:48] xmr's main differentiators to, let's say btc, are anonymity and fungibility [09:01:58] I find the client terribly slow btw [09:02:21] and I think the asic-forking since last may is wrong, doesn't create value and doesn't help with the project objectives [09:02:25] which "the client" ? [09:02:52] Monero GUI client maybe [09:03:12] MacOS, yes [09:03:28] What exactly is slow? [09:03:30] linzhi-sonia: I run my own node, and use the CLI and Monerujo. Have not had issues. [09:03:49] staying in sync [09:03:49] linzhi-sonia: decentralization is also a key principle [09:03:56] one that Bitcoin has failed to maintain [09:04:39] hmm [09:05:00] looks fairly decentralized to me. decentralization is the result of 3 goals imo: resilient, trustless, permissionless [09:05:28] don't ask a hardware maker about physical decentralization. that's too ideological. we focus on logical decentralization. [09:06:11] physical decentralization is important. with bulk of bitnoin mining centered on Chinese hydroelectric dams [09:06:19] have you thought about including block data in the PoW? [09:06:41] yes, of course. [09:07:39] is that already in an algo? [09:08:10] hyc: about "centered on chinese hydro" - what is your source? the best paper I know is this: https://coinshares.co.uk/wp-content/uploads/2018/11/Mining-Whitepaper-Final.pdf [09:09:01] linzhi-sonia: do you mine on your ASICs before you sell them? [09:09:13] besides testing of course [09:09:45] that paper puts Chinese btc miners at 60% max [09:10:05] tevador: I think everybody learned that that is not healthy long-term! [09:10:16] because it gives the chipmaker a cost advantage over its own customers [09:10:33] and cost advantage leads to centralization (physical and logical) [09:10:51] you guys should know who finances progpow and why :) [09:11:05] but let's not get into this, ha ha. want to keep the channel civilized. right OhGodAGirl ? :) [09:11:34] tevador: so the answer is no! 100% and definitely no [09:11:54] that "self-mining" disease was one of the problems we have now with asics, and their bad reputation (rightfully so) [09:13:08] I plan to write a nice short 2-page paper or so on our chip design process. maybe it's interesting to some people here. [09:13:15] basically the 5 steps I mentioned before, from math to physical [09:13:32] linzhi-sonia: the paper you linked puts 48% of bitcoin mining in Sichuan. the total in China is much more than 60% [09:13:38] need to run it by a few people to fix bugs, will post it here when published [09:14:06] hyc: ok! I am just sharing the "best" document I know today. it definitely may be wrong and there may be a better one now. [09:14:18] hyc: if you see some reports, please share [09:14:51] hey I am really curious about this: where is a PoW algo that puts block data into the PoW? [09:15:02] the previous paper I read is from here http://hackingdistributed.com/2018/01/15/decentralization-bitcoin-ethereum/ [09:15:38] hyc: you said that already exists? (block data in PoW) [09:15:45] it would make verification harder [09:15:49] linzhi-sonia: http