First Confirmed Female Bitcoin Core Developer Is True Face

Dogecoin

The most amazing place on reddit! A subreddit for sharing, discussing, hoarding and wow'ing about Dogecoins. The new innovative crypto-currency.
[link]

On Bitcoin Core developer mailing list: Hardfork to fix difficulty drop algorithm suggested to take care of potential drop in number of miners after the halvening this July. However, if a hardfork is considered anyway, then why not increase block size in that same hardfork while we're at it?

submitted by r5t6y7 to Bitcoin [link] [comments]

Monero pumpers trying to take BTC spot with darknetmarkets. I think bitcoin fungibility should be on the top of core developers priority list.

Monero pumpers trying to take BTC spot with darknetmarkets. I think bitcoin fungibility should be on the top of core developers priority list. submitted by CosmosKing98 to Bitcoin [link] [comments]

Idea: Institution IDs, an optional extension to add a little trust to Bitcoin

Edit: ninja_parade has convincingly shot this idea down. I'm leaving the post up for thought exercises.
I was thinking about the Blockchain bloat and microtransaction problems today, and a thought occurred to me.
What if we made an optional extension to Bitcoin? A centrally managed (Presumably by the Bitcoin core developers) list of institutions that manage Bitcoin wallets for end-users, such as blockchain.info, coinbase, and the exchanges. The purpose of this scheme is to allow batching transactions between trusting institutions, both reducing blockchain-bloat and enabling inter-institution micropayments.
Let's assume for example we end up with an 8-character ID string, leading to addresses like this - 1qwertyu:31uEbMgunupShBVTewXjtqbBv5MndwfXhb
The entire suggestion requires a single change to existing software that will not participate in the scheme. It must be programmed to take any recipient address and strip everything up to and including any ":" in the address. No other changes would be necessary.
An example of how I envision this working: I sign into my coinbase to send 0.001BTC to a blockchain.info user. I tell coinbase to send the balance to the full-form address. Coinbase looks at the Institution ID, realizes it has a trusting relationship with blockchain.info, and communicates the transaction off-blockchain. coinbase debits my account instantly, and blockchain.info credits the recipient instantly. After a set amount of time or a certain number or value of transactions have batched this way, coinbase sends a lump-sum bitcoin transaction to a receiving wallet at blockchain.info.
If I'm going to be receiving funds at coinbase, and wish to maintain full anonymity, I just strip the institution ID from the receiving address I give to the sender, and the transaction will happen on-blockchain as expected, with the costs and delays that entails.
This entire post is shower-logic. If it were to be implemented I think it would benefit many users of Bitcoin, while taking absolutely nothing away from it. Critique is welcome. Apologies if this is (an independently arrived at!) repost.
submitted by starslab to Bitcoin [link] [comments]

Who are Gal Buki and Tomas CaseyWilco? Both are the listed developers on Ubuntu's Software Center of Bitcoin Core and Electrum, respectively. Also, Software Center tells me that Bitcoin Core isn't installed, when in fact I installed through apt-get...

Who are Gal Buki and Tomas CaseyWilco? Both are the listed developers on Ubuntu's Software Center of Bitcoin Core and Electrum, respectively. Also, Software Center tells me that Bitcoin Core isn't installed, when in fact I installed through apt-get... submitted by modern_life_blues to Bitcoin [link] [comments]

Core developers are now actively fighting the listing of a Bitcoin ETF to keep control

What more is there to say?
submitted by dontcensormebro2 to btc [link] [comments]

A Growing list of Tactics used by Core recruits and supporters to harm Bitcoin development

op by silverjustice: https://www.reddit.com/btc/comments/5zhy0a/a_growing_list_of_tactics_used_by_core_recruits/
The DOS attack on BU is just another act in a growing list of desperate moves by Core recruits and supporters. Its number 9 on the list below.
  1. Strategy of distraction - The real problems the Bitcoin network faces right now are the growing fees, and the delayed payments due to the network congestion. Blockstream supporters will argue that you need to upgrade your wallet, and pay the appropriate fee to have your transaction processed. This is a classic distraction method which does not address the problem whatsoever. It instead places the user in an awkward position, believing they have done something wrong.
  2. Create problems, then offer solutions. - Make no mistake, the 1MB limit was created. Satoshi may have placed it to begin with, but Satoshi also clearly stated that this limit should be increased as adoption of Bitcoin grows. By holding it back at 1MB, it ‘forces’ the problem, which in turn is used to push the “Segwit” agenda.
  3. Forced Degradation. - The quality of the network will continue to suffer. The fees aren’t rising in a linearpattern. No. They are exponentially growing, and soon will be matching western union transfer fees. This strategy is adopted by governments and revolutionists when looking to create a change in any socio-economic system.
  4. Strategy of Differing. - “Painful but necessary”. We hear this mantra from Blockstream supporters all the time. “Rising fees are a byproduct” of Bitcoin’s success. Or perhaps to hear that these are the “teething issues of a growing network”. – In truth, the simple solution is right there in front of our eyes, and simply requires a tweak to one line of code.
  5. Maintain intellectual superiority. - Core developers hold that they know what is best for Bitcoin because… well, after all they are great developers. But in the real world, rarely do developers ever, dictate what the users want, should have, or need. In any business or software eco-system, it is offcourse the users which drive special features, enhancements or otherwise. Developers may know how to code, but they are not economists, nor are they business owners that rely on Bitcoin for payments.
  6. To replace “revolt” with guilt.- In Blockstream’s opinion, anyone who supports Bitcoin Unlimited, or is pro blocksize increase, is stifling scalability, and is therefore accused of blocking Segwit. To the contrary, Segwit will offer a very mild blocksize increase, and will require a long time before it is not only activated, but also before its capacity increase can at all be realised. By then it would be beyond far too little, and too late. Bitcoin Unlimited, can resolve the situation now pending adoption.
  7. Discard critical thinking as religious fervour - . I can personally attest to being attacked as a Satoshi worshipping idiot simply for backing Satoshi’s white paper. “Satoshi isn’t God”, I was told. On countless times actually… When in truth, by holding to Satoshi’s vision, you are separating yourself from anything that is centralized in the first place. This libertarian view is the furthest point of any deity or governance over Bitcoin.
  8. Threaten false worst case scenarios. - "Supporting Bitcoin Unlimited will create an Alt-Coin". This again assumes the general public understand nothing about Bitcoin, and comes from Blockstream maintaining their intellectual superiority. Bitcoin was developed, not to be governed by any entity. The market, and the people should always dictate its direction, not Blockstream, and certainly not any centrally governed entity. Bitcoin Unlimited will always follow the most popular Bitcoin chain. It will not force anything on anyone. If miners using Bitcoin Unlimited choose to mine bigger blocks, that is their choosing. If you were to look purely at the technical, Segwit is so radical to Bitcoin, that technically, it could be the very alt-coin in question. But let’s not stoop to that level. Blockstream’s behaviour comes ultimately from a place of entitlement. By threatening that Bitcoin Unlimited will create an altcoin comes from a place where Blockstream believe they are the true developers, and keeper of the keys for Bitcoin. This thinking places Blockstream on par with Bitcoin, forcing the belief that without Blockstream there is no Bitcoin
  9. Illegal network attacks to compromise network support. - Consistent with the approach used against Bitcoin XT. - we knew it was a matter of time - On 15/03/2017. Even though BU had released a patch, Peter todd posts details concerning the exploit and BU gets attacked via a Denial of Service attack. Core supporting bitcoin actively remove all posts concerning hotfix mentions but leave all comments slandering BU. Clearly consensus is not the aim of Core's agenda. Its not a vote - its a dictatorship. If you have more - add them to the list.
submitted by Geovestigator to btc [link] [comments]

While development may have stalled on core, surely bitcoin cash can fill up this list?

submitted by Bitman321 to btc [link] [comments]

Zapchain: Who is 'BTCDrak'? Why is he considered a Core developer? Why was he made moderator of the bitcoin-dev mailing list? Is he a Blockstream investor?

Zapchain: Who is 'BTCDrak'? Why is he considered a Core developer? Why was he made moderator of the bitcoin-dev mailing list? Is he a Blockstream investor? submitted by saintgermaine1 to btc [link] [comments]

Who are Gal Buki and Tomas CaseyWilco? Both are the listed developers on Ubuntu's Software Center of Bitcoin Core and Electrum, respectively. Also, Software Center tells me that Bitcoin Core isn't installed, when in fact I installed through apt-get... /r/Bitcoin

Who are Gal Buki and Tomas CaseyWilco? Both are the listed developers on Ubuntu's Software Center of Bitcoin Core and Electrum, respectively. Also, Software Center tells me that Bitcoin Core isn't installed, when in fact I installed through apt-get... /Bitcoin submitted by ABitcoinAllBot to BitcoinAll [link] [comments]

Mike Hearn is listed as Bitcoin Core Developer on START Summit 2016 18-19 feb St. Gallen Switzerland

Mike Hearn is listed as Bitcoin Core Developer on START Summit 2016 18-19 feb St. Gallen Switzerland submitted by goodbtc to Bitcoin [link] [comments]

Why is Blockstream not on this list? Are these companies relevant for the progress of Bitcoin? Are there bitcoin core developers working in these companies?

Why is Blockstream not on this list? Are these companies relevant for the progress of Bitcoin? Are there bitcoin core developers working in these companies? submitted by MRDAT21 to Bitcoin [link] [comments]

Why is Blockstream not on this list? Are these companies relevant for the progress of Bitcoin? Are there bitcoin core developers working in these companies?

Why is Blockstream not on this list? Are these companies relevant for the progress of Bitcoin? Are there bitcoin core developers working in these companies? submitted by BitcoinAllBot to BitcoinAll [link] [comments]

Monero pumpers trying to take BTC spot with darknetmarkets. I think bitcoin fungibility should be on the top of core developers priority list.

Monero pumpers trying to take BTC spot with darknetmarkets. I think bitcoin fungibility should be on the top of core developers priority list. submitted by BitcoinAllBot to BitcoinAll [link] [comments]

Zapchain: Who is 'BTCDrak'? Why is he considered a Core developer? Why was he made moderator of the bitcoin-dev mailing list? Is he a Blockstream investor?

Zapchain: Who is 'BTCDrak'? Why is he considered a Core developer? Why was he made moderator of the bitcoin-dev mailing list? Is he a Blockstream investor? submitted by BitcoinAllBot to BitcoinAll [link] [comments]

On Bitcoin Core developer mailing list: Hardfork to fix difficulty drop algorithm suggested to take care of potential drop in number of miners after the halvening this July. However, if a hardfork is considered anyway, then why not increase block size in that same hardfork while we're at it?

submitted by BitcoinAllBot to BitcoinAll [link] [comments]

Heres a list of Bitcoin Core developers that have been hired by Blockstream: Gregory Maxwell, Matt Corallo, Jorge Timon, Mark Friedenbach (maaku), Patrick Strateman (phantomcircuit), Warren Togami, Adam Back, Pieter Wuille. Every person on this list has a conflict of interest /r/Bitcoin

Heres a list of Bitcoin Core developers that have been hired by Blockstream: Gregory Maxwell, Matt Corallo, Jorge Timon, Mark Friedenbach (maaku), Patrick Strateman (phantomcircuit), Warren Togami, Adam Back, Pieter Wuille. Every person on this list has a conflict of interest /Bitcoin submitted by BitcoinAllBot to BitcoinAll [link] [comments]

List of developers and contributors to Bitcoin Core

List of developers and contributors to Bitcoin Core submitted by ripper2345 to Bitcoin [link] [comments]

Core developers are now actively fighting the listing of a Bitcoin ETF to keep control /r/btc

Core developers are now actively fighting the listing of a Bitcoin ETF to keep control /btc submitted by BitcoinAllBot to BitcoinAll [link] [comments]

A Growing list of Tactics used by Core recruits and supporters to harm Bitcoin development /r/btc

A Growing list of Tactics used by Core recruits and supporters to harm Bitcoin development /btc submitted by BitcoinAllBot to BitcoinAll [link] [comments]

Mike Hearn is listed as Bitcoin Core Developer on START Summit 2016 18-19 feb St. Gallen Switzerland

Mike Hearn is listed as Bitcoin Core Developer on START Summit 2016 18-19 feb St. Gallen Switzerland submitted by BitcoinAllBot to BitcoinAll [link] [comments]

Technical: The Path to Taproot Activation

Taproot! Everybody wants to have it, somebody wants to make it, nobody knows how to get it!
(If you are asking why everybody wants it, see: Technical: Taproot: Why Activate?)
(Pedants: I mostly elide over lockin times)
Briefly, Taproot is that neat new thing that gets us:
So yes, let's activate taproot!

The SegWit Wars

The biggest problem with activating Taproot is PTSD from the previous softfork, SegWit. Pieter Wuille, one of the authors of the current Taproot proposal, has consistently held the position that he will not discuss activation, and will accept whatever activation process is imposed on Taproot. Other developers have expressed similar opinions.
So what happened with SegWit activation that was so traumatic? SegWit used the BIP9 activation method. Let's dive into BIP9!

BIP9 Miner-Activated Soft Fork

Basically, BIP9 has a bunch of parameters:
Now there are other parameters (name, starttime) but they are not anywhere near as important as the above two.
A number that is not a parameter, is 95%. Basically, activation of a BIP9 softfork is considered as actually succeeding if at least 95% of blocks in the last 2 weeks had the specified bit in the nVersion set. If less than 95% had this bit set before the timeout, then the upgrade fails and never goes into the network. This is not a parameter: it is a constant defined by BIP9, and developers using BIP9 activation cannot change this.
So, first some simple questions and their answers:

The Great Battles of the SegWit Wars

SegWit not only fixed transaction malleability, it also created a practical softforkable blocksize increase that also rebalanced weights so that the cost of spending a UTXO is about the same as the cost of creating UTXOs (and spending UTXOs is "better" since it limits the size of the UTXO set that every fullnode has to maintain).
So SegWit was written, the activation was decided to be BIP9, and then.... miner signalling stalled at below 75%.
Thus were the Great SegWit Wars started.

BIP9 Feature Hostage

If you are a miner with at least 5% global hashpower, you can hold a BIP9-activated softfork hostage.
You might even secretly want the softfork to actually push through. But you might want to extract concession from the users and the developers. Like removing the halvening. Or raising or even removing the block size caps (which helps larger miners more than smaller miners, making it easier to become a bigger fish that eats all the smaller fishes). Or whatever.
With BIP9, you can hold the softfork hostage. You just hold out and refuse to signal. You tell everyone you will signal, if and only if certain concessions are given to you.
This ability by miners to hold a feature hostage was enabled because of the miner-exit allowed by the timeout on BIP9. Prior to that, miners were considered little more than expendable security guards, paid for the risk they take to secure the network, but not special in the grand scheme of Bitcoin.

Covert ASICBoost

ASICBoost was a novel way of optimizing SHA256 mining, by taking advantage of the structure of the 80-byte header that is hashed in order to perform proof-of-work. The details of ASICBoost are out-of-scope here but you can read about it elsewhere
Here is a short summary of the two types of ASICBoost, relevant to the activation discussion.
Now, "overt" means "obvious", while "covert" means hidden. Overt ASICBoost is obvious because nVersion bits that are not currently in use for BIP9 activations are usually 0 by default, so setting those bits to 1 makes it obvious that you are doing something weird (namely, Overt ASICBoost). Covert ASICBoost is non-obvious because the order of transactions in a block are up to the miner anyway, so the miner rearranging the transactions in order to get lower power consumption is not going to be detected.
Unfortunately, while Overt ASICBoost was compatible with SegWit, Covert ASICBoost was not. This is because, pre-SegWit, only the block header Merkle tree committed to the transaction ordering. However, with SegWit, another Merkle tree exists, which commits to transaction ordering as well. Covert ASICBoost would require more computation to manipulate two Merkle trees, obviating the power benefits of Covert ASICBoost anyway.
Now, miners want to use ASICBoost (indeed, about 60->70% of current miners probably use the Overt ASICBoost nowadays; if you have a Bitcoin fullnode running you will see the logs with lots of "60 of last 100 blocks had unexpected versions" which is exactly what you would see with the nVersion manipulation that Overt ASICBoost does). But remember: ASICBoost was, at around the time, a novel improvement. Not all miners had ASICBoost hardware. Those who did, did not want it known that they had ASICBoost hardware, and wanted to do Covert ASICBoost!
But Covert ASICBoost is incompatible with SegWit, because SegWit actually has two Merkle trees of transaction data, and Covert ASICBoost works by fudging around with transaction ordering in a block, and recomputing two Merkle Trees is more expensive than recomputing just one (and loses the ASICBoost advantage).
Of course, those miners that wanted Covert ASICBoost did not want to openly admit that they had ASICBoost hardware, they wanted to keep their advantage secret because miners are strongly competitive in a very tight market. And doing ASICBoost Covertly was just the ticket, but they could not work post-SegWit.
Fortunately, due to the BIP9 activation process, they could hold SegWit hostage while covertly taking advantage of Covert ASICBoost!

UASF: BIP148 and BIP8

When the incompatibility between Covert ASICBoost and SegWit was realized, still, activation of SegWit stalled, and miners were still not openly claiming that ASICBoost was related to non-activation of SegWit.
Eventually, a new proposal was created: BIP148. With this rule, 3 months before the end of the SegWit timeout, nodes would reject blocks that did not signal SegWit. Thus, 3 months before SegWit timeout, BIP148 would force activation of SegWit.
This proposal was not accepted by Bitcoin Core, due to the shortening of the timeout (it effectively times out 3 months before the initial SegWit timeout). Instead, a fork of Bitcoin Core was created which added the patch to comply with BIP148. This was claimed as a User Activated Soft Fork, UASF, since users could freely download the alternate fork rather than sticking with the developers of Bitcoin Core.
Now, BIP148 effectively is just a BIP9 activation, except at its (earlier) timeout, the new rules would be activated anyway (instead of the BIP9-mandated behavior that the upgrade is cancelled at the end of the timeout).
BIP148 was actually inspired by the BIP8 proposal (the link here is a historical version; BIP8 has been updated recently, precisely in preparation for Taproot activation). BIP8 is basically BIP9, but at the end of timeout, the softfork is activated anyway rather than cancelled.
This removed the ability of miners to hold the softfork hostage. At best, they can delay the activation, but not stop it entirely by holding out as in BIP9.
Of course, this implies risk that not all miners have upgraded before activation, leading to possible losses for SPV users, as well as again re-pressuring miners to signal activation, possibly without the miners actually upgrading their software to properly impose the new softfork rules.

BIP91, SegWit2X, and The Aftermath

BIP148 inspired countermeasures, possibly from the Covert ASiCBoost miners, possibly from concerned users who wanted to offer concessions to miners. To this day, the common name for BIP148 - UASF - remains an emotionally-charged rallying cry for parts of the Bitcoin community.
One of these was SegWit2X. This was brokered in a deal between some Bitcoin personalities at a conference in New York, and thus part of the so-called "New York Agreement" or NYA, another emotionally-charged acronym.
The text of the NYA was basically:
  1. Set up a new activation threshold at 80% signalled at bit 4 (vs bit 1 for SegWit).
    • When this 80% signalling was reached, miners would require that bit 1 for SegWit be signalled to achive the 95% activation needed for SegWit.
  2. If the bit 4 signalling reached 80%, increase the block weight limit from the SegWit 4000000 to the SegWit2X 8000000, 6 months after bit 1 activation.
The first item above was coded in BIP91.
Unfortunately, if you read the BIP91, independently of NYA, you might come to the conclusion that BIP91 was only about lowering the threshold to 80%. In particular, BIP91 never mentions anything about the second point above, it never mentions that bit 4 80% threshold would also signal for a later hardfork increase in weight limit.
Because of this, even though there are claims that NYA (SegWit2X) reached 80% dominance, a close reading of BIP91 shows that the 80% dominance was only for SegWit activation, without necessarily a later 2x capacity hardfork (SegWit2X).
This ambiguity of bit 4 (NYA says it includes a 2x capacity hardfork, BIP91 says it does not) has continued to be a thorn in blocksize debates later. Economically speaking, Bitcoin futures between SegWit and SegWit2X showed strong economic dominance in favor of SegWit (SegWit2X futures were traded at a fraction in value of SegWit futures: I personally made a tidy but small amount of money betting against SegWit2X in the futures market), so suggesting that NYA achieved 80% dominance even in mining is laughable, but the NYA text that ties bit 4 to SegWit2X still exists.
Historically, BIP91 triggered which caused SegWit to activate before the BIP148 shorter timeout. BIP148 proponents continue to hold this day that it was the BIP148 shorter timeout and no-compromises-activate-on-August-1 that made miners flock to BIP91 as a face-saving tactic that actually removed the second clause of NYA. NYA supporters keep pointing to the bit 4 text in the NYA and the historical activation of BIP91 as a failed promise by Bitcoin developers.

Taproot Activation Proposals

There are two primary proposals I can see for Taproot activation:
  1. BIP8.
  2. Modern Softfork Activation.
We have discussed BIP8: roughly, it has bit and timeout, if 95% of miners signal bit it activates, at the end of timeout it activates. (EDIT: BIP8 has had recent updates: at the end of timeout it can now activate or fail. For the most part, in the below text "BIP8", means BIP8-and-activate-at-timeout, and "BIP9" means BIP8-and-fail-at-timeout)
So let's take a look at Modern Softfork Activation!

Modern Softfork Activation

This is a more complex activation method, composed of BIP9 and BIP8 as supcomponents.
  1. First have a 12-month BIP9 (fail at timeout).
  2. If the above fails to activate, have a 6-month discussion period during which users and developers and miners discuss whether to continue to step 3.
  3. Have a 24-month BIP8 (activate at timeout).
The total above is 42 months, if you are counting: 3.5 years worst-case activation.
The logic here is that if there are no problems, BIP9 will work just fine anyway. And if there are problems, the 6-month period should weed it out. Finally, miners cannot hold the feature hostage since the 24-month BIP8 period will exist anyway.

PSA: Being Resilient to Upgrades

Software is very birttle.
Anyone who has been using software for a long time has experienced something like this:
  1. You hear a new version of your favorite software has a nice new feature.
  2. Excited, you install the new version.
  3. You find that the new version has subtle incompatibilities with your current workflow.
  4. You are sad and downgrade to the older version.
  5. You find out that the new version has changed your files in incompatible ways that the old version cannot work with anymore.
  6. You tearfully reinstall the newer version and figure out how to get your lost productivity now that you have to adapt to a new workflow
If you are a technically-competent user, you might codify your workflow into a bunch of programs. And then you upgrade one of the external pieces of software you are using, and find that it has a subtle incompatibility with your current workflow which is based on a bunch of simple programs you wrote yourself. And if those simple programs are used as the basis of some important production system, you hve just screwed up because you upgraded software on an important production system.
And well, one of the issues with new softfork activation is that if not enough people (users and miners) upgrade to the newest Bitcoin software, the security of the new softfork rules are at risk.
Upgrading software of any kind is always a risk, and the more software you build on top of the software-being-upgraded, the greater you risk your tower of software collapsing while you change its foundations.
So if you have some complex Bitcoin-manipulating system with Bitcoin somewhere at the foundations, consider running two Bitcoin nodes:
  1. One is a "stable-version" Bitcoin node. Once it has synced, set it up to connect=x.x.x.x to the second node below (so that your ISP bandwidth is only spent on the second node). Use this node to run all your software: it's a stable version that you don't change for long periods of time. Enable txiindex, disable pruning, whatever your software needs.
  2. The other is an "always-up-to-date" Bitcoin Node. Keep its stoarge down with pruning (initially sync it off the "stable-version" node). You can't use blocksonly if your "stable-version" node needs to send transactions, but otherwise this "always-up-to-date" Bitcoin node can be kept as a low-resource node, so you can run both nodes in the same machine.
When a new Bitcoin version comes up, you just upgrade the "always-up-to-date" Bitcoin node. This protects you if a future softfork activates, you will only receive valid Bitcoin blocks and transactions. Since this node has nothing running on top of it, it is just a special peer of the "stable-version" node, any software incompatibilities with your system software do not exist.
Your "stable-version" Bitcoin node remains the same version until you are ready to actually upgrade this node and are prepared to rewrite most of the software you have running on top of it due to version compatibility problems.
When upgrading the "always-up-to-date", you can bring it down safely and then start it later. Your "stable-version" wil keep running, disconnected from the network, but otherwise still available for whatever queries. You do need some system to stop the "always-up-to-date" node if for any reason the "stable-version" goes down (otherwisee if the "always-up-to-date" advances its pruning window past what your "stable-version" has, the "stable-version" cannot sync afterwards), but if you are technically competent enough that you need to do this, you are technically competent enough to write such a trivial monitor program (EDIT: gmax notes you can adjust the pruning window by RPC commands to help with this as well).
This recommendation is from gmaxwell on IRC, by the way.
submitted by almkglor to Bitcoin [link] [comments]

Technical: Taproot: Why Activate?

This is a follow-up on https://old.reddit.com/Bitcoin/comments/hqzp14/technical_the_path_to_taproot_activation/
Taproot! Everybody wants it!! But... you might ask yourself: sure, everybody else wants it, but why would I, sovereign Bitcoin HODLer, want it? Surely I can be better than everybody else because I swapped XXX fiat for Bitcoin unlike all those nocoiners?
And it is important for you to know the reasons why you, o sovereign Bitcoiner, would want Taproot activated. After all, your nodes (or the nodes your wallets use, which if you are SPV, you hopefully can pester to your wallet vendoimplementor about) need to be upgraded in order for Taproot activation to actually succeed instead of becoming a hot sticky mess.
First, let's consider some principles of Bitcoin.
I'm sure most of us here would agree that the above are very important principles of Bitcoin and that these are principles we would not be willing to remove. If anything, we would want those principles strengthened (especially the last one, financial privacy, which current Bitcoin is only sporadically strong with: you can get privacy, it just requires effort to do so).
So, how does Taproot affect those principles?

Taproot and Your /Coins

Most HODLers probably HODL their coins in singlesig addresses. Sadly, switching to Taproot would do very little for you (it gives a mild discount at spend time, at the cost of a mild increase in fee at receive time (paid by whoever sends to you, so if it's a self-send from a P2PKH or bech32 address, you pay for this); mostly a wash).
(technical details: a Taproot output is 1 version byte + 32 byte public key, while a P2WPKH (bech32 singlesig) output is 1 version byte + 20 byte public key hash, so the Taproot output spends 12 bytes more; spending from a P2WPKH requires revealing a 32-byte public key later, which is not needed with Taproot, and Taproot signatures are about 9 bytes smaller than P2WPKH signatures, but the 32 bytes plus 9 bytes is divided by 4 because of the witness discount, so it saves about 11 bytes; mostly a wash, it increases blockweight by about 1 virtual byte, 4 weight for each Taproot-output-input, compared to P2WPKH-output-input).
However, as your HODLings grow in value, you might start wondering if multisignature k-of-n setups might be better for the security of your savings. And it is in multisignature that Taproot starts to give benefits!
Taproot switches to using Schnorr signing scheme. Schnorr makes key aggregation -- constructing a single public key from multiple public keys -- almost as trivial as adding numbers together. "Almost" because it involves some fairly advanced math instead of simple boring number adding, but hey when was the last time you added up your grocery list prices by hand huh?
With current P2SH and P2WSH multisignature schemes, if you have a 2-of-3 setup, then to spend, you need to provide two different signatures from two different public keys. With Taproot, you can create, using special moon math, a single public key that represents your 2-of-3 setup. Then you just put two of your devices together, have them communicate to each other (this can be done airgapped, in theory, by sending QR codes: the software to do this is not even being built yet, but that's because Taproot hasn't activated yet!), and they will make a single signature to authorize any spend from your 2-of-3 address. That's 73 witness bytes -- 18.25 virtual bytes -- of signatures you save!
And if you decide that your current setup with 1-of-1 P2PKH / P2WPKH addresses is just fine as-is: well, that's the whole point of a softfork: backwards-compatibility; you can receive from Taproot users just fine, and once your wallet is updated for Taproot-sending support, you can send to Taproot users just fine as well!
(P2WPKH and P2WSH -- SegWit v0 -- addresses start with bc1q; Taproot -- SegWit v1 --- addresses start with bc1p, in case you wanted to know the difference; in bech32 q is 0, p is 1)
Now how about HODLers who keep all, or some, of their coins on custodial services? Well, any custodial service worth its salt would be doing at least 2-of-3, or probably something even bigger, like 11-of-15. So your custodial service, if it switched to using Taproot internally, could save a lot more (imagine an 11-of-15 getting reduced from 11 signatures to just 1!), which --- we can only hope! --- should translate to lower fees and better customer service from your custodial service!
So I think we can say, very accurately, that the Bitcoin principle --- that YOU are in control of your money --- can only be helped by Taproot (if you are doing multisignature), and, because P2PKH and P2WPKH remain validly-usable addresses in a Taproot future, will not be harmed by Taproot. Its benefit to this principle might be small (it mostly only benefits multisignature users) but since it has no drawbacks with this (i.e. singlesig users can continue to use P2WPKH and P2PKH still) this is still a nice, tidy win!
(even singlesig users get a minor benefit, in that multisig users will now reduce their blockchain space footprint, so that fees can be kept low for everybody; so for example even if you have your single set of private keys engraved on titanium plates sealed in an airtight box stored in a safe buried in a desert protected by angry nomads riding giant sandworms because you're the frickin' Kwisatz Haderach, you still gain some benefit from Taproot)
And here's the important part: if P2PKH/P2WPKH is working perfectly fine with you and you decide to never use Taproot yourself, Taproot will not affect you detrimentally. First do no harm!

Taproot and Your Contracts

No one is an island, no one lives alone. Give and you shall receive. You know: by trading with other people, you can gain expertise in some obscure little necessity of the world (and greatly increase your productivity in that little field), and then trade the products of your expertise for necessities other people have created, all of you thereby gaining gains from trade.
So, contracts, which are basically enforceable agreements that facilitate trading with people who you do not personally know and therefore might not trust.
Let's start with a simple example. You want to buy some gewgaws from somebody. But you don't know them personally. The seller wants the money, you want their gewgaws, but because of the lack of trust (you don't know them!! what if they're scammers??) neither of you can benefit from gains from trade.
However, suppose both of you know of some entity that both of you trust. That entity can act as a trusted escrow. The entity provides you security: this enables the trade, allowing both of you to get gains from trade.
In Bitcoin-land, this can be implemented as a 2-of-3 multisignature. The three signatories in the multisgnature would be you, the gewgaw seller, and the escrow. You put the payment for the gewgaws into this 2-of-3 multisignature address.
Now, suppose it turns out neither of you are scammers (whaaaat!). You receive the gewgaws just fine and you're willing to pay up for them. Then you and the gewgaw seller just sign a transaction --- you and the gewgaw seller are 2, sufficient to trigger the 2-of-3 --- that spends from the 2-of-3 address to a singlesig the gewgaw seller wants (or whatever address the gewgaw seller wants).
But suppose some problem arises. The seller gave you gawgews instead of gewgaws. Or you decided to keep the gewgaws but not sign the transaction to release the funds to the seller. In either case, the escrow is notified, and if it can sign with you to refund the funds back to you (if the seller was a scammer) or it can sign with the seller to forward the funds to the seller (if you were a scammer).
Taproot helps with this: like mentioned above, it allows multisignature setups to produce only one signature, reducing blockchain space usage, and thus making contracts --- which require multiple people, by definition, you don't make contracts with yourself --- is made cheaper (which we hope enables more of these setups to happen for more gains from trade for everyone, also, moon and lambos).
(technology-wise, it's easier to make an n-of-n than a k-of-n, making a k-of-n would require a complex setup involving a long ritual with many communication rounds between the n participants, but an n-of-n can be done trivially with some moon math. You can, however, make what is effectively a 2-of-3 by using a three-branch SCRIPT: either 2-of-2 of you and seller, OR 2-of-2 of you and escrow, OR 2-of-2 of escrow and seller. Fortunately, Taproot adds a facility to embed a SCRIPT inside a public key, so you can have a 2-of-2 Taprooted address (between you and seller) with a SCRIPT branch that can instead be spent with 2-of-2 (you + escrow) OR 2-of-2 (seller + escrow), which implements the three-branched SCRIPT above. If neither of you are scammers (hopefully the common case) then you both sign using your keys and never have to contact the escrow, since you are just using the escrow public key without coordinating with them (because n-of-n is trivial but k-of-n requires setup with communication rounds), so in the "best case" where both of you are honest traders, you also get a privacy boost, in that the escrow never learns you have been trading on gewgaws, I mean ewww, gawgews are much better than gewgaws and therefore I now judge you for being a gewgaw enthusiast, you filthy gewgawer).

Taproot and Your Contracts, Part 2: Cryptographic Boogaloo

Now suppose you want to buy some data instead of things. For example, maybe you have some closed-source software in trial mode installed, and want to pay the developer for the full version. You want to pay for an activation code.
This can be done, today, by using an HTLC. The developer tells you the hash of the activation code. You pay to an HTLC, paying out to the developer if it reveals the preimage (the activation code), or refunding the money back to you after a pre-agreed timeout. If the developer claims the funds, it has to reveal the preimage, which is the activation code, and you can now activate your software. If the developer does not claim the funds by the timeout, you get refunded.
And you can do that, with HTLCs, today.
Of course, HTLCs do have problems:
Fortunately, with Schnorr (which is enabled by Taproot), we can now use the Scriptless Script constuction by Andrew Poelstra. This Scriptless Script allows a new construction, the PTLC or Pointlocked Timelocked Contract. Instead of hashes and preimages, just replace "hash" with "point" and "preimage" with "scalar".
Or as you might know them: "point" is really "public key" and "scalar" is really a "private key". What a PTLC does is that, given a particular public key, the pointlocked branch can be spent only if the spender reveals the private key of the given public key to you.
Another nice thing with PTLCs is that they are deniable. What appears onchain is just a single 2-of-2 signature between you and the developemanufacturer. It's like a magic trick. This signature has no special watermarks, it's a perfectly normal signature (the pledge). However, from this signature, plus some datta given to you by the developemanufacturer (known as the adaptor signature) you can derive the private key of a particular public key you both agree on (the turn). Anyone scraping the blockchain will just see signatures that look just like every other signature, and as long as nobody manages to hack you and get a copy of the adaptor signature or the private key, they cannot get the private key behind the public key (point) that the pointlocked branch needs (the prestige).
(Just to be clear, the public key you are getting the private key from, is distinct from the public key that the developemanufacturer will use for its funds. The activation key is different from the developer's onchain Bitcoin key, and it is the activation key whose private key you will be learning, not the developer's/manufacturer's onchain Bitcoin key).
So:
Taproot lets PTLCs exist onchain because they enable Schnorr, which is a requirement of PTLCs / Scriptless Script.
(technology-wise, take note that Scriptless Script works only for the "pointlocked" branch of the contract; you need normal Script, or a pre-signed nLockTimed transaction, for the "timelocked" branch. Since Taproot can embed a script, you can have the Taproot pubkey be a 2-of-2 to implement the Scriptless Script "pointlocked" branch, then have a hidden script that lets you recover the funds with an OP_CHECKLOCKTIMEVERIFY after the timeout if the seller does not claim the funds.)

Quantum Quibbles!

Now if you were really paying attention, you might have noticed this parenthetical:
(technical details: a Taproot output is 1 version byte + 32 byte public key, while a P2WPKH (bech32 singlesig) output is 1 version byte + 20 byte public key hash...)
So wait, Taproot uses raw 32-byte public keys, and not public key hashes? Isn't that more quantum-vulnerable??
Well, in theory yes. In practice, they probably are not.
It's not that hashes can be broken by quantum computes --- they're still not. Instead, you have to look at how you spend from a P2WPKH/P2PKH pay-to-public-key-hash.
When you spend from a P2PKH / P2WPKH, you have to reveal the public key. Then Bitcoin hashes it and checks if this matches with the public-key-hash, and only then actually validates the signature for that public key.
So an unconfirmed transaction, floating in the mempools of nodes globally, will show, in plain sight for everyone to see, your public key.
(public keys should be public, that's why they're called public keys, LOL)
And if quantum computers are fast enough to be of concern, then they are probably fast enough that, in the several minutes to several hours from broadcast to confirmation, they have already cracked the public key that is openly broadcast with your transaction. The owner of the quantum computer can now replace your unconfirmed transaction with one that pays the funds to itself. Even if you did not opt-in RBF, miners are still incentivized to support RBF on RBF-disabled transactions.
So the extra hash is not as significant a protection against quantum computers as you might think. Instead, the extra hash-and-compare needed is just extra validation effort.
Further, if you have ever, in the past, spent from the address, then there exists already a transaction indelibly stored on the blockchain, openly displaying the public key from which quantum computers can derive the private key. So those are still vulnerable to quantum computers.
For the most part, the cryptographers behind Taproot (and Bitcoin Core) are of the opinion that quantum computers capable of cracking Bitcoin pubkeys are unlikely to appear within a decade or two.
So:
For now, the homomorphic and linear properties of elliptic curve cryptography provide a lot of benefits --- particularly the linearity property is what enables Scriptless Script and simple multisignature (i.e. multisignatures that are just 1 signature onchain). So it might be a good idea to take advantage of them now while we are still fairly safe against quantum computers. It seems likely that quantum-safe signature schemes are nonlinear (thus losing these advantages).

Summary

I Wanna Be The Taprooter!

So, do you want to help activate Taproot? Here's what you, mister sovereign Bitcoin HODLer, can do!

But I Hate Taproot!!

That's fine!

Discussions About Taproot Activation

submitted by almkglor to Bitcoin [link] [comments]

Bitcoin Core - Development 2016 Activity Report Mike Hearn, Bitcoin Core Developer NBC2014 Is Bitcoin Core Development Corrupted From The Inside? Who’s Really In Control? Bitcoin Core - Development 2017 Activity Report Blockchain In 7 Minutes  What Is Blockchain  Blockchain Explained Simply  Blockchain Simplilearn

Programming languages for Bitcoin: developers speak. Post author By bitcoinkeyfinder; At the time of publication of the White Paper, a preliminary version of the Bitcoin software, known today as Bitcoin Core, already existed, as two months later the Genesis block was mined on January 3, 2009. About us. Bitcoin Core is an open source project which maintains and releases Bitcoin client software called “Bitcoin Core”.. It is a direct descendant of the original Bitcoin software client released by Satoshi Nakamoto after he published the famous Bitcoin whitepaper.. Bitcoin Core consists of both “full-node” software for fully validating the blockchain as well as a bitcoin wallet. Documentation for Bitcoin Core users and developers Pages in category "Bitcoin Core documentation" The following 30 pages are in this category, out of 30 total. Bitcoin Core is security software that helps protect assets worth billions of dollars, so every code change needs to be reviewed by experienced developers. It can take a long time for other developers to review your pull requests. Remember that all reviewers are taking time away from their own projects to review your pull requests, so be Bitcoin Core is programmed to decide which block chain contains valid transactions. The users of Bitcoin Core only accept transactions for that block chain, making it the Bitcoin block chain that everyone else wants to use. For the latest developments related to Bitcoin Core, be sure to visit the project’s official website.

[index] [30975] [20879] [9256] [3539] [14285] [24509] [14463] [15288] [19761] [26690]

Bitcoin Core - Development 2016 Activity Report

Bitcoin Core Development Stats 2017 including Git Visualisation. Keynote - Mike Hearn, Bitcoin Core Developer: ex google. He shows you a critical view of the development process behind bitcoin. Only 10 people make the bitcoin software core. This is done in a ... Greg Maxwell, Bitcoin Core developer and Cofounder and CTO of Blockstream, spoke about about the new features and improvements in Bitcoin Core 0.15 and upcoming work. SLIDES: https://people.xiph ... Who has control of Bitcon’s core development? Could Bitcoin be corrupted from the inside, intentionally holding it back? Camps from both Bitcoin Cash and Bitcoin Satoshi Vision say that ... Bitcoin Core - Development 2017 Activity Report - Duration: 3:01. Bitcoin Core 10,235 views. 3:01. How does a blockchain work - Simply Explained - Duration: 6:00.

Flag Counter