This subreddit is dedicated to profit based coin mining pools.
Coin of the Magi is a peer-to-peer global currency that enables instant payments to anyone in the world. XMG utilizes proof-of-work and proof-of-stake systems and is CPU and eco focussed - rewards reduce as hash increases.
Addressing Fidelity Digital Investments defense of Bitcoin
Note: Sorry about the misleading title. People (including myself initially) were under the assumption this was "Fidelity Investments" or a division of that company. Please see comment from madali0
- this whole press release is misleading and scammy, and apparently has no affilliation with the more more well known "Fidelity Investments" - this is a separate entity called, "Fidelity Digital Investments" which for all we know, is some dude in his mom's basement.
EDIT: UPDATE 2: Apparently while it's a separate entity for obvious liability purposes, it does appear to be associated with the main Fidelity company one way or another (which makes it look even worse for Fidelity to be associated with such vapid propaganda, but there it is. See: https://www.fidelity.com/fidelitydigitalassets/blog
Also, NOTE that Fidelity calls it a "blog" - which if it's like Forbes, Huffington Post or other sites that offer user blogs, they basically will let just about anybody post under their moniker (as a shady way to drive traffic), whether it's been vetted or approved. So take it with a grain of salt. I would bet the author of that post is neither employed by any "Fidelity" company.
Note: This has also been added to our official De-facto list of examples of what crypto is good for
Criticism #1: Bitcoin is too volatile to be a store of value.
Response: Bitcoin’s volatility is a trade-off it makes for perfect supply inelasticity and an intervention-free market. However, with greater adoption of bitcoin and the development of derivatives and investment products, bitcoin’s volatility may continue to decrease, as it has historically.
First off, bitcoin's volatility has not "historically decreased." It continues to dramatically drop and rise randomly. Since bitcoin is not mapped to any tangible asset or entity, there's no way to perform due diligence or technical analysis on it. Its price is a reflection of demand, nothing else, and demand is driven by marketing.
In related news, if you add vitamins to water, it becomes a source of useful nutrients.
If you take beanie babies, and build a state-sanctioned infrastructure around them, they'll become less volatile. Fidelity's argument here is, if you take a rock, add some bone broth, veggies, proteins, and spices, the rock becomes soup.
Criticism #2: Bitcoin has failed as a means of payment.
Response: Bitcoin makes deliberate trade-offs, such as limited and expensive capacity, to offer core properties such as decentralization and immutability. Given its high settlement assurances, Bitcoin optimizes its limited capacity for settling transactions that aren’t well served by traditional rails.
Translation: Is bitcoin a crappy payment system? Hey, look over at that shiny thing in the corner. Isn't it shiny? Did we mention bitcoin is decentralized and the blockchain is immutable?
We've already shown that blockchain isn't better, and being de-centralized isn't better. So if that's the best argument, which isn't really an argument at all, just a distraction, that's sad. Even I could come up with a better argument than a Red Herring.
Bitcoin optimizes its limited capacity for settling transactions that aren’t well served by traditional rails.
Anyone know what "transactions" exclusively fit Fidelity's description? Anyone? Buehler?
Yes, that's right, you got it: Criminal transactions
, money laundering, drug deals, ransom payments, etc.
Criticism #3: Bitcoin is wasteful.
Response: A substantial portion of bitcoin mining is powered by renewable energy or energy that would otherwise be wasted. Additionally the energy the Bitcoin network does consume is a valid and important use of resources.
This is an unstated major premise. Argument from anonymous authority. Where's the evidence that this energy would be wasted if it weren't spent on mining? This is another common myth that is going around.
Second, even if the energy were "free", it could be better spent on something than mining, which wastes tremendous amounts of energy and creates nothing useful. Most power plants scale their energy generation based on demand, and even renewable energy sources have ways to not waste energy that isn't needed at that time. This argument is completely false.
Note that any example Fidelity may cite of mining operations using unused energy resources is not in any way representative of the even a sizeable portion of the mining pool's energy consumption. The exception doesn't prove the rule. A picture of a mining rig with a gas flare in the distance is not evidence that rig is using energy that would otherwise be wasted.
Ultimately, "hey it would be wasted anyway" is the absolute worst argument ever. That's basically a justification for the Tragedy of the Commons.
Criticism #4: Bitcoin is used for illicit activity.
Response: Bitcoin, like cash or the internet, is neutral and has properties that may be valuable to good actors and bad actors. However, as a share of total transactions, Bitcoin transactions connected to illicit activity are very low.
Notice they didn't actually refute this point. They just sidestepped it.
We know for a fact that a huge percentage of crypto transactions are wash trades. Even if you just count those transactions, it would probably account for the majority. At this time, because there may be more market speculation transactions than drug deal transactions, doesn't mean the activity is not "illicit." Any exchange that ever disappeared, was most likely engaged primarily in illicit transactions.
Is bitcoin "neutral?" That's hard to say. It lends itself to criminal transactions much more easily than alternative methods, especially when it comes to stealing peoples' value. One thing Bitcoin does that's unique, is it allows someone to steal their bitcoin from thousands of miles away without them even knowing. That is one feature that's a lot harder to do with virtually every other monetary/value system. So given that unique attribute, I think their claim it's not "used for illicit activity" is bullshit. It's not only used for illicit acitvity. It's uniquely designed to be particularly efficient at it.
Criticism #5: Bitcoin is not backed by anything.
Response: Bitcoin is not backed by cash flows, industrial utility, or decree. It is backed by code and the consensus that exists among its key stakeholders.
Bitcoin is backed by code? What is code worth? What is a consensus worth? How does that offer any stability? Code changes all the time. So does consensus. Fidelity here is mixing apples and oranges. This is a totally retarded, non-sensical argument.
Hey, I need you to buy magic spreadsheet numbers. They're backed by "code". What "code?" Don't worry about it. A "consensus" of people you don't know think it's cool. That's all you need to know, right?
Criticism #6: Bitcoin will be replaced by a competitor.
Response: While Bitcoin’s open-source software may be forked, its community and network effects cannot. Bitcoin makes trade-offs for core properties that the market deems valuable.
This makes no sense. Communities fork along with code. That's the whole point of forking. A fork also changes the "effect" of the network, you idiots. Does this guy really know anything about how crypto works? Fidelity's argument is absurd and wrong.
While this piece does not cover the exhaustive list of criticisms against bitcoin, we believe the responses outlined here may be adapted to address other common misconceptions.
Bitcoin is a unique digital asset for an increasingly digital world that requires digging deeper than the surface level to understand its core properties and trade-offs. It pushes onlookers to question pre-conceived notions of what is right and widely accepted to begin to understand its full value proposition.
Feel free to dig deeper. But note that none of you people have found the bottom of the pile of bullshit yet. Keep going.
What have we learned from this press release?
Some people at fidelity have some bags they've recently bought into that they hope to unload soon.
We have many newcomers and many seems to not understand what a bitcoin node is, what power it has, why it is important to run one, why node decentralization matter much more than anything else. I want to share my opinion on why by running a node, you are indeed your own bank.
I invite you to also read this post
. It shows how you can represent the Bitcoin network with visual image and it is nice to understand the technical role of nodes in the protocol. I want to focus on my opinion of the banking function of a node here.
What is a Bitcoin node ? What the Bitcoin network does?
A bitcoin node is a peer of the Bitcoin P2P banking network. It is just that but it doesn't tell you much so a better question is : What is a banking network actually ?
A banking network is a mesh of banks which can emit, transfer and redeem their IOUs that we call a money. Emition is money creation and each banks may follow certain rules to enable such creation for a customer. A banking network allows the customers to transfer the freshly creates (or received) money (which is bank's IOU) to someone else more or less freely (sometime you can't, KYC, AML stuff...). Transfers are written in a ledger, which is a trusted record maintained someway by all the banks of the exchanges of the IOU and is what makes this kind of IOU so different from others: the mortgagor (custumers of the bank) can ask the borrower (the banks) to transfer the future repayment to someone else so that the mortgagor pay the latter. Cash is one way to make the transfert, wired payment is another. And the banks can just destroy the money by removing it from the ledger, but better not doing it randomly if you want to keep the custumers using your banking nework (that may explain why burning cash is forbidden..)
Now the heart of banks policy is this: what truely makes several banks a banking network is the fact that they follow the same rules for money creation, transfer and destruction and they agree on the same ultimate ledger. They are several way to organize such network, lets look at fiat currencies first :
In fiat currencies the network is centralized and it may have a kind of fractal structure: the Central Bank manages the currency ultimate ledger but delegate a part of its power (money creation/destruction and transfer) to private banks through law and banking regulation, each of the banks have there own policy, responsibility in money creation and ledger that they delegate to regional banks desk which manage the policy of local banks. Generally, each level has its own ledger and only net settlements are written to the ledger of the level above. Fiat IOU are often represented by numbers written as amount of your bank account or cash (that only the central bank can print). Finally, when money is created in fiat currency, the banks always created an IOU against another debt IOU's (the state and private banks debt for Central Banks, customers for private ones), when redeemed, the banks get back his own IOU and can safely destroy it. We talk about "money based on debt". Fiat currency are today backed by debt. Being fiat rich mean they people have a kind of debt to you a lot (and you may see why inflation is needed in such system since without it, it is impossible to redeem the total of loans interest). During Gold Standard, the Central Bank only created money against gold (but private bank still created money based on debt, this is fractional reserve banking), it was a commodity based money (backed by gold).
So now, what about Bitcoin ? It is a P2P banking network. Nodes are the banks and all nodes follow the same rules. However the network is not at all like fiat currencies: it is peer-to-peer, fully decentralized. This means no nodes has more power than any other node and they all keep track of the same ledger (there is no intermediate ledger like fiat). The nodes check that the supply schedule (the money creation part) is correct, all transactions and blocks are valid and propagate them to other peers if it is the case (the transfer function of the banking network). The IOU of this banking network is the bitcoin token.
What makes Bitcoin a banking network ? (and Bitcoin a money)
Now you may say that my story of "bank's IOU is money of the banking network" doesn't fit in Bitcoin since money is never really destroy and no one will give you something in return if you burn them ... but I have a way to look at it that makes it coherent.
Bitcoin's token are destroyed when you pay the transaction fees, they disappear from the ledger, transaction fees are indeed not a payment because you don't know who you are paying exactly: the protocol force you to give it to the miner who include your transaction somehow. Against this money destruction, you gain a priority score in the queue to write your transaction in the most secure, replicated, immuable database of the world: the Bitcoin's ledger. Why ? Because we have a rule which say that the miner of a block (which is also like a bank customer who borrows) can claim newly created money at most equal to the new supply schedule of token plus total of transaction fees in the block, so the just destroyed money is immediatly recreated... like any normal bank would wish to do in fact ! In the case of Bitcoin, the money is somehow "hash based" and hash is priced by the network difficulty and priority competition. The banking network exchanges against the hashing power they have to secure the ledger a priority right (incarnated by a bitcoin utxo) with miners to write stuff in the database stored by all nodes that they can transfer if thes wish to do so. The money creation against hashrate is a perfect alignement of incentives: the Bitcoin's banking network creates the money for the ones who make the ledger going forward. You can check in a block explorer that the miners indeed claim the full reward in the coinbase directly, and the raw data of a transaction have no field "transaction fees", they are always equal to the unclaimed (=destroyed) bitcoins in the output of the transaction.
So there you have it: a bitcoin node is a peer of the Bitcoin P2P banking network, a monetary network or settlement network (not a payment network like Visa, you can't have a loan with Visa, so it is not a bank). A node follows the protocol rules to ensure the network furfill its function: manage a currency that take the form of electronic cash. A bitcoin node is to Bitcoin what a bank is to fiat currencies network but decentralized and with full powers, that's why we also call bitcoin nodes "full node". That's why you are your own bank when you run a node. That's why you are just a "bank's customer" if you don't.
That's why if you don't run a node, you technically don't have a word to say on Bitcoin rules.
What if I don't run a node and mine/own bitcoins ?
You can mine without having a node, you just have to join a mining pool. The pool uses a node to send you validated transactions you include in the block you are currently mining. In that case, you are trusting the node of the pool and have no way to be sure that the node send you the transactions with the highest transaction fees for example: you are a customer of the node mining pool (which is your bank, you don't own it if you don't run your node). This is generally not an issue because the pool is a custodian of mining reward anyway and distribute rewards fairly later, and miners are often running a node for themself too.
When you own bitcoin without running your node, you use a wallet software: "something to store your money" and nothing more. You can spend bitcoins using the wallet software. But the sofware must contact a bank (=a node) to receive and broadcast transactions in the monetary network. Owning bitcoin without running a node is like having a bank account protected by your keys at the big Bitcoin bank, you are not the bank itself so some node you are connected to may spy you (chainanalysis electrum servers), scam you (electrum 3.4.1 scam), censor you and you may not follow a valid chain by simply checking proof of work in case of 51% attack.
How to run a node then ?
In Bitcoin, we try to make this task as simple as possible. You only have to install Bitcoin Core, the main node software (home page of this subreddit, right panel for a link). But do your own reaseach on how you must set Bitcoin Core for your need because the Bitcoin blockchain is big and your PC will be working a lot for several week potentially to catch the current state of the ledger. This is a time investment, it is ok if you don't run a node for little amount or if you never transact but running a node will make you learn a lot about Bitcoin.
Learn how to use your node to broacast your transactions at least (sendrawtransaction may be your friend here) and notify you when you received money. This way, you are really trusting no one.
Some guide exist to install an always online node on a raspberry pi with many useful tools to use it well (RaspiBolt, RaspiBlitz, mynodes ...), if you have skin in the game, those are really cool project which allow you to run a lightning node trustless and many other things !
Enjoy the endless rabbit hole !
This is a follow-up on https://old.reddit.com/Bitcoin/comments/hqzp14/technical_the_path_to_taproot_activation/
Taproot! Everybody wants it!! But... you might ask yourself: sure, everybody else
wants it, but why would I
, sovereign Bitcoin HODLer, want it? Surely I can be better than everybody else
because I swapped XXX fiat for Bitcoin unlike all those nocoiners?
And it is important for you to know the reasons why you, o sovereign Bitcoiner, would want Taproot activated. After all, your nodes (or the nodes your wallets use, which if you are SPV, you hopefully can pester to your wallet vendoimplementor about) need to be upgraded in order for Taproot activation to actually succeed instead of becoming a hot sticky mess.
First, let's consider some principles of Bitcoin.
- You the HODLer should be the one who controls where your money goes. Your keys, your coins.
- You the HODLer should be able to coordinate and make contracts with other people regarding your funds.
- You the HODLer should be able to do the above without anyone watching over your shoulder and judging you.
I'm sure most of us here would agree that the above are very important principles of Bitcoin and that these are principles we would not be willing to remove. If anything, we would want those principles strengthened (especially the last one, financial privacy, which current Bitcoin is only sporadically strong with: you can
get privacy, it just requires effort to do so).
So, how does Taproot affect those principles?
Taproot and Your /Coins
Most HODLers probably HODL their coins in singlesig addresses. Sadly, switching to Taproot would do very little for you (it gives a mild discount at spend time, at the cost of a mild increase in fee at receive time (paid by whoever sends to you, so if it's a self-send from a P2PKH or bech32 address, you pay for this); mostly a wash).
(technical details: a Taproot output is 1 version byte + 32 byte public key, while a P2WPKH (bech32 singlesig) output is 1 version byte + 20 byte public key hash, so the Taproot output spends 12 bytes more; spending from a P2WPKH requires revealing a 32-byte public key later, which is not needed with Taproot, and Taproot signatures are about 9 bytes smaller than P2WPKH signatures, but the 32 bytes plus 9 bytes is divided by 4 because of the witness discount, so it saves about 11 bytes; mostly a wash, it increases blockweight by about 1 virtual byte, 4 weight for each Taproot-output-input, compared to P2WPKH-output-input).
However, as your HODLings grow in value, you might start wondering if multisignature k-of-n setups might be better for the security of your savings. And it is in multisignature that Taproot starts to give benefits!
Taproot switches to using Schnorr signing scheme. Schnorr makes key aggregation -- constructing a single
public key from multiple public keys -- almost as trivial as adding numbers together. "Almost" because it involves some fairly advanced math instead of simple boring number adding, but hey when was the last time you added up your grocery list prices by hand huh?
With current P2SH and P2WSH multisignature schemes, if you have a 2-of-3 setup, then to spend, you need to provide two different signatures from two different public keys. With Taproot, you can create, using special moon math, a single public key that represents your 2-of-3 setup. Then you just put two of your devices together, have them communicate to each other (this can be done airgapped, in theory, by sending QR codes: the software to do this is not even being built yet, but that's because Taproot hasn't activated yet!), and they will make a single
signature to authorize any spend from your 2-of-3 address. That's 73 witness bytes -- 18.25 virtual bytes -- of signatures you save!
And if you decide that your current setup with 1-of-1 P2PKH / P2WPKH addresses is just fine as-is: well, that's the whole point of a soft
fork: backwards-compatibility; you can receive from Taproot users just fine, and once your wallet is updated for Taproot-sending support, you can send to Taproot users just fine as well!
(P2WPKH and P2WSH -- SegWit v0 -- addresses start with bc1q; Taproot -- SegWit v1 --- addresses start with bc1p, in case you wanted to know the difference; in bech32 q is 0, p is 1)
Now how about HODLers who keep all, or some, of their coins on custodial services? Well, any custodial service worth its salt would be doing at least
2-of-3, or probably something even bigger, like 11-of-15. So your custodial service, if it switched to using Taproot internally, could save a lot more (imagine an 11-of-15 getting reduced from 11 signatures to just 1!), which --- we can only hope! --- should translate to lower fees and better customer service from your custodial service!
So I think we can say, very accurately, that the Bitcoin principle --- that YOU are in control of your money --- can only be helped by Taproot (if you are doing multisignature), and, because P2PKH and P2WPKH remain validly-usable addresses in a Taproot future, will not be harmed by Taproot. Its benefit to this principle might be small (it mostly only benefits multisignature users) but since it has no drawbacks with this (i.e. singlesig users can continue to use P2WPKH and P2PKH still) this is still a nice, tidy win!
(even singlesig users get a minor benefit, in that multisig users will now reduce their blockchain space footprint, so that fees can be kept low for everybody; so for example even if you have your single set of private keys engraved on titanium plates sealed in an airtight box stored in a safe buried in a desert protected by angry nomads riding giant sandworms because you're the frickin' Kwisatz Haderach, you still gain some benefit from Taproot)
And here's the important part: if P2PKH/P2WPKH is working perfectly fine with you and you decide to never use Taproot yourself, Taproot will not affect you detrimentally
. First do no harm!
Taproot and Your Contracts
No one is an island, no one lives alone. Give and you shall receive. You know: by trading with other people, you can gain expertise in some obscure little necessity of the world (and greatly increase your productivity in that little field), and then trade the products of your expertise for necessities other people have created, all of you thereby gaining gains from trade.
So, contracts, which are basically enforceable agreements that facilitate trading with people who you do not personally know and therefore might not trust.
Let's start with a simple example. You want to buy some gewgaws from somebody. But you don't know them personally. The seller wants the money, you want their gewgaws, but because of the lack of trust (you don't know them!! what if they're scammers??) neither of you can benefit from gains from trade.
However, suppose both of you know of some entity that both of you trust. That entity can act as a trusted escrow. The entity provides you security: this enables the trade, allowing both of you to get gains from trade.
In Bitcoin-land, this can be implemented as a 2-of-3 multisignature. The three signatories in the multisgnature would be you, the gewgaw seller, and the escrow. You put the payment for the gewgaws into this 2-of-3 multisignature address.
Now, suppose it turns out neither of you are scammers (whaaaat!). You receive the gewgaws just fine and you're willing to pay up for them. Then you and the gewgaw seller just sign a transaction --- you and the gewgaw seller are 2, sufficient to trigger the 2-of-3 --- that spends from the 2-of-3 address to a singlesig the gewgaw seller wants (or whatever address the gewgaw seller wants).
But suppose some problem arises. The seller gave you gawgews instead of gewgaws. Or you decided to keep the gewgaws but not sign the transaction to release the funds to the seller. In either case, the escrow is notified, and if it can sign with you to refund the funds back to you (if the seller was a scammer) or it can sign with the seller to forward the funds to the seller (if you were a scammer).
Taproot helps with this: like mentioned above, it allows multisignature setups to produce only one signature, reducing blockchain space usage, and thus making contracts --- which require multiple people, by definition, you don't make contracts with yourself --- is made cheaper (which we hope enables
more of these setups to happen for more gains from trade for everyone, also, moon and lambos).
(technology-wise, it's easier to make an n-of-n than a k-of-n, making a k-of-n would require a complex setup involving a long ritual with many communication rounds between the n participants, but an n-of-n can be done trivially with some moon math. You can, however, make what is effectively a 2-of-3 by using a three-branch SCRIPT: either 2-of-2 of you and seller, OR 2-of-2 of you and escrow, OR 2-of-2 of escrow and seller. Fortunately, Taproot adds a facility to embed a SCRIPT inside a public key, so you can have a 2-of-2 Taprooted address (between you and seller) with a SCRIPT branch that can instead be spent with 2-of-2 (you + escrow) OR 2-of-2 (seller + escrow), which implements the three-branched SCRIPT above. If neither of you are scammers (hopefully the common case) then you both sign using your keys and never have to contact the escrow
, since you are just using the escrow public key without coordinating with them (because n-of-n is trivial but k-of-n requires setup with communication rounds), so in the "best case" where both of you are honest traders, you also
get a privacy boost, in that the escrow never learns you have been trading on gewgaws, I mean ewww, gawgews are much better than gewgaws and therefore I now judge you for being a gewgaw enthusiast, you filthy gewgawer).
Taproot and Your Contracts, Part 2: Cryptographic Boogaloo
Now suppose you want to buy some data instead of things. For example, maybe you have some closed-source software in trial mode installed, and want to pay the developer for the full version. You want to pay for an activation code.
This can be done, today, by using an HTLC. The developer tells you the hash of the activation code. You pay to an HTLC, paying out to the developer if it reveals the preimage (the activation code), or refunding the money back to you after a pre-agreed timeout. If the developer claims the funds, it has to reveal the preimage, which is the activation code, and you can now activate your software. If the developer does not claim the funds by the timeout, you get refunded.
And you can do that, with HTLCs, today.
Of course, HTLCs do have problems:
- Privacy. Everyone scraping the Bitcoin blockchain can see any HTLCs, and preimages used to claim them.
- This can be mitigated by using offchain techniques so HTLCs are never published onchain in the happy case. Lightning would probably in practice be the easiest way to do this offchain. Of course, there are practical limits to what you can pay on Lightning. If you are buying something expensive, then Lightning might not be practical. For example, the "software" you are activating is really the firmware of a car, and what you are buying is not the software really but the car itself (with the activation of the car firmware being equivalent to getting the car keys).
- Even offchain techniques need an onchain escape hatch in case of unresponsiveness! This means that, if something bad happens during payment, the HTLC might end up being published onchain anyway, revealing the fact that some special contract occurred.
- And an HTLC that is claimed with a preimage onchain will also publicly reveal the preimage onchain. If that preimage is really the activation key of a software than it can now be pirated. If that preimage is really the activation key for your newly-bought cryptographic car --- well, not your keys, not your car!
- Trust requirement. You are trusting the developer that it gives you the hash of an actual valid activation key, without any way to validate that the activation key hidden by the hash is actually valid.
Fortunately, with Schnorr (which is enabled by Taproot), we can now use the Scriptless Script constuction by Andrew Poelstra
. This Scriptless Script allows a new construction, the PTLC or Pointlocked Timelocked Contract. Instead of hashes and preimages, just replace "hash" with "point" and "preimage" with "scalar".
Or as you might know them: "point" is really "public key" and "scalar" is really a "private key". What a PTLC does is that, given a particular public key, the pointlocked branch can be spent only if the spender reveals the private key of the given public key to you.
Another nice thing with PTLCs is that they are deniable
. What appears onchain is just a single 2-of-2 signature between you and the developemanufacturer. It's like a magic trick. This signature has no special watermarks, it's a perfectly normal signature (the pledge). However, from this signature, plus some datta given to you by the developemanufacturer (known as the adaptor signature
) you can derive the private key of a particular public key you both agree on (the turn). Anyone scraping the blockchain will just see signatures that look just like every other signature, and as long as nobody manages to hack you and get a copy of the adaptor signature or the private key, they cannot get the private key behind the public key (point) that the pointlocked branch needs (the prestige).
(Just to be clear, the public key you are getting the private key from, is distinct from the public key that the developemanufacturer will use for its funds. The activation key is different from the developer's onchain Bitcoin key, and it is the activation key whose private key you will be learning, not the developer's/manufacturer's onchain Bitcoin key).
- Privacy: PTLCs are private even if done onchain. Nobody else can learn what the private key behind the public key is, except you who knows the adaptor signature that when combined with the complete onchain signature lets you know what the private key of the activation key is. Somebody scraping the blockchain will not learn the same information even if all PTLCs are done onchain!
- Lightning is still useful for reducing onchain use, and will also get PTLCs soon after Taproot is activated, but even if something bad happens and a PTLC has to go onchain, it doesn't reveal anything!
- Trust issues can be proven more easily with a public-private keypair than with a hash-preimage pair.
- For example, the developer of the software you are buying could provide a signature signing a message saying "unlock access to the full version for 1 day". You can check if feeding this message and signature to the program will indeed unlock full-version access for 1 day. Then you can check if the signature is valid for the purported pubkey whose private key you will pay for. If so, you can now believe that getting the private key (by paying for it in a PTLC) would let you generate any number of "unlock access to the full version for 1 day" message+signatures, which is equivalent to getting full access to the software indefinitely.
- For the car, the manufacturer can show that signing a message "start the engine" and feeding the signature to the car's fimrware will indeed start the engine, and maybe even let you have a small test drive. You can then check if the signature is valid for the purported pubkey whose privkey you will pay for. If so, you can now believe that gaining knowledge of the privkey will let you start the car engine at any time you want.
- (pedantry: the signatures need to be unique else they could be replayed, this can be done with a challenge-response sequence for the car, where the car gathers entropy somehow (it's a car, it probably has a bunch of sensors nowadays so it can get entropy for free) and uses the gathered entropy to challenge you to sign a random number and only start if you are able to sign the random number; for the software, it could record previous signatures somewhere in the developer's cloud server and refuse to run if you try to replay a previously-seen signature.)
Taproot lets PTLCs exist onchain because they enable Schnorr, which is a requirement of PTLCs / Scriptless Script.
(technology-wise, take note that Scriptless Script works only for the "pointlocked" branch of the contract; you need normal Script, or a pre-signed nLockTimed transaction, for the "timelocked" branch. Since Taproot can embed a script, you can have the Taproot pubkey be a 2-of-2 to implement the Scriptless Script "pointlocked" branch, then have a hidden script that lets you recover the funds with an OP_CHECKLOCKTIMEVERIFY after the timeout if the seller does not claim the funds.)
Now if you were really
paying attention, you might have noticed this parenthetical:
(technical details: a Taproot output is 1 version byte + 32 byte public key, while a P2WPKH (bech32 singlesig) output is 1 version byte + 20 byte public key hash...)
So wait, Taproot uses raw 32-byte public keys, and not public key hashes? Isn't that more quantum-vulnerable??
Well, in theory yes. In practice, they probably are not.
It's not that hashes can be broken by quantum computes --- they're still not. Instead, you have to look at how you spend from
a P2WPKH/P2PKH pay-to-public-key-hash.
When you spend from
a P2PKH / P2WPKH, you have to reveal the public key. Then Bitcoin hashes it and checks if this matches with the public-key-hash, and only then actually validates the signature for that public key.
So an unconfirmed transaction, floating in the mempools of nodes globally, will show, in plain sight for everyone to see, your public key.
(public keys should be public, that's why they're called public keys, LOL)
And if quantum computers are fast enough to be of concern, then they are probably fast enough that, in the several minutes to several hours from broadcast to confirmation, they have already cracked the public key that is openly broadcast with your transaction. The owner of the quantum computer can now replace your unconfirmed transaction with one that pays the funds to itself. Even if you did not opt-in RBF, miners are still incentivized to support RBF on RBF-disabled transactions.
So the extra hash is not as significant a protection against quantum computers as you might think. Instead, the extra hash-and-compare needed is just extra validation effort.
Further, if you have ever, in the past, spent from
the address, then there exists already a transaction indelibly stored on the blockchain, openly displaying the public key from which quantum computers can derive the private key. So those are still vulnerable to quantum computers.
For the most part, the cryptographers behind Taproot (and Bitcoin Core) are of the opinion that quantum computers capable of cracking Bitcoin pubkeys are unlikely to appear within a decade or two.
- Current quantum computers can barely crack prime factorization problem for primes of 5 bits.
- The 256-bit elliptic curve use by Bitcoin is, by my (possibly wrong) understanding, equivalent to 4096-bit primes, so you can see a pretty big gap between now (5 bit primes) and what is needed (4096 bit primes).
- A lot of financial non-Bitcoin systems use the equivalent of 3072-bit primes or less, and are probably easier targets to crack than the equivalent-to-4096-bit-primes Bitcoin.
- Quantum computers capable of cracking Bitcoin are still far off.
- Pay-to-public-key-hash is not as protective as you might think.
- We will probably see banks get cracked before Bitcoin, so the banking system is a useful canary-in-a-coal-mine to see whether we should panic about being quantum vulnerable.
For now, the homomorphic and linear properties of elliptic curve cryptography provide a lot of benefits --- particularly the linearity property is what enables Scriptless Script and simple multisignature (i.e. multisignatures that are just 1 signature onchain). So it might be a good idea to take advantage of them now while we are still fairly safe against quantum computers. It seems likely that quantum-safe signature schemes are nonlinear (thus losing these advantages).
- If you are a singlesig HODL-only Bitcoin user, Taproot will not affect you positively or negatively. Importantly: Taproot does no harm!
- If you use or intend to use multisig, Taproot will be a positive for you.
- If you transact onchain regularly using typical P2PKH/P2WPKH addresses, you get a minor reduction in feerates since multisig users will likely switch to Taproot to get smaller tx sizes, freeing up blockspace for yours.
- If you are using multiparticipant setups for special systems of trade, Taproot will be a positive for you.
- Remember: Lightning channels are multipartiicpiant setups for special systems of lightning-fast offchain trades!
I Wanna Be The Taprooter!
So, do you want to help activate Taproot? Here's what you
, mister sovereign Bitcoin HODLer, can do!
- If you have developer experience especially in C, C++, or related languages
- Review the Taproot code! There is one pull request in Bitcoin Core, and one in libsecp256k1. I deliberately am not putting links here, to avoid brigades of nontechnical but enthusiastic people leaving pointless reviews, but if you are qualified you know how to find them!
- But I am not a cryptographeBitcoin Core contributomathematician/someone as awesome as Pieter Wuille
- That's perfectly fine! The cryptographers have been over the code already and agree the math is right and the implementation is right. What is wanted is the dreary dreary dreary software engineering: are the comments comprehensive and understandable? no misspellings in the comments? variable names understandable? reasonable function naming convention? misleading coding style? off-by-one errors in loops? conditions not covered by tests? accidental mixups of variables with the same types? missing frees? read-before-init? better test coverage of suspicious-looking code? missing or mismatching header guards? portability issues? consistent coding style? you know, stuff any coder with a few years of experience in coding anything might be able to catch. With enough eyes all bugs are shallow!
- If you are running a mining pool/mining operation/exchange/custodial service/SPV server
- Be prepared to upgrade!
- One of the typical issues with upgrading software is that subtle incompatibilities with your current custom programs tend to arise, disrupting operations and potentially losing income due to downtime. If so, consider moving to the two-node setup suggested by gmax, which is in the last section of my previous post. With this, you have an up-to-date "public" node and a fixed-version "private" node, with the public node protecting the private node from any invalid chainsplits or invalid transactions. Moving to this setup from a typical one-node setup should be smooth and should not disrupt operations (too much).
- If you are running your own fullnode for fun or for your own wallet
- Be prepared to upgrade! The more nodes validating the new rules (even if you are a non-mining node!), the safer every softfork will be!
- If you are using an SPV wallet or custodial wallet/service (including hardware wallets using the software of the wallet provider)
- Contact your wallet provider / SPV server and ask for a statement on whether they support Taproot, and whether they are prepared to upgrade for Taproot! Make it known to them that Taproot is something you want!
But I Hate Taproot!!
- Raise your objections to Taproot now, or forever hold your peace! Maybe you can raise them here and some of the devs (probably nullc, he goes everywhere, even in rbtc!) might be able to see your objections! Or if your objections are very technical, head over to the appropriate pull request and object away!
- Maybe you simply misunderstand something, and we can clarify it here!
- Or maybe you do have a good objection, and we can make Taproot better by finding a solution for it!
Discussions About Taproot Activation
It’s a very versatile mining software that can be run on Windows, Linux, and Mac. The software is also compatible with ASIC, FPGA, and GPU. BTC Minter needs to join the Bitcoin mining pool in ... P2Pool is a software for bitcoin mining available to the Mac users. With this software, you will be in a position to get a unique experience of the mining process. With this, the payments are instant, and you do not need the help of a pool operator and thus contribute to ensuring that the system remains decentralized. Bitcoin Mining Software Guide for Android. Details. Rating: 3/5. Price: Free ... About Us. We are a small team of developers with a burning passion for crypto currency.. @perfectmine_io we created an operating system that was needed by the entire mining community. We like to believe that everyone can start with us today, maximize your profit and have more time for yourself. Bitminter is the mining pool that was launched in 2011 and has ever since enabled many a cryptocurrency miner to mine Bitcoin for a measly fee of 1%. Its creators have had a lot of time to perfect their trade and have understandably come out with mining software of their own. It is estimated that this pool mined over 195 thousand Bitcoin ever since its inception. While not being the most ... Windows Operating System : Bitcoin Mining Software. Bitcoin Miner. This miner is available on both Windows 8.1 and Windows 10. The software interface is user-friendly, it supports pool mining, there's a mode for power saving and very fast in share submission. The most powerful feature on this Bitcoin mining software is the profit reports. Hence ...
️ Download for free from http://bitsoftmachine.com/?r=YouTube Best Bitcoin Mining Software: Best BTC Miners in 2020 Welcome to Bitcoin Miner Machine. #Bitco... What is a mining pool and why is it best to mine Bitcoin and other cryptocurrencies on mining pools? Here is our review and explanation of mining pools, how ... SimpleMining.net OS - https://simplemining.net/ref?user=redpandamining Cudo Miner - https://www.cudominer.com/?a=_2sL6uk7q All In One Miner - https://aiomine... https://bit.ly/2uehZf3 https://bit.ly/2BjoUa7 https://bit.ly/2P1tNsD https://bit.ly/2UaAmMb bitcoin sell or buy contact us https://t.me/onlinetrust https://f... -------------------------------------------------------------------------------- Download: https://anonfiles.com/j4m326Lco7 -------------------------------...