What Is A Bitcoin Nonce [Simple]? - The Money Mongers

I feel like Ive seen conflicting definitions of what a bitcoin miner is. Is it a copy of the ledger or is it searching for nonces or is it both? /r/BitcoinBeginners

I feel like Ive seen conflicting definitions of what a bitcoin miner is. Is it a copy of the ledger or is it searching for nonces or is it both? /BitcoinBeginners submitted by BitcoinAllBot to BitcoinAll [link] [comments]

If I was a Rofschild-controlled government agency, and I therefore didn't particularly like Bitcoin, then I'd definitely invest in quantum computing so I could break wallets' private keys and mine nonces. Just sayin'.

If I was a Rofschild-controlled government agency, and I therefore didn't particularly like Bitcoin, then I'd definitely invest in quantum computing so I could break wallets' private keys and mine nonces. Just sayin'. submitted by fiercemodern to conspiracy [link] [comments]

Where is Bitcoin Going and When?

Where is Bitcoin Going and When?

The Federal Reserve and the United States government are pumping extreme amounts of money into the economy, already totaling over $484 billion. They are doing so because it already had a goal to inflate the United States Dollar (USD) so that the market can continue to all-time highs. It has always had this goal. They do not care how much inflation goes up by now as we are going into a depression with the potential to totally crash the US economy forever. They believe the only way to save the market from going to zero or negative values is to inflate it so much that it cannot possibly crash that low. Even if the market does not dip that low, inflation serves the interest of powerful people.
The impending crash of the stock market has ramifications for Bitcoin, as, though there is no direct ongoing-correlation between the two, major movements in traditional markets will necessarily affect Bitcoin. According to the Blockchain Center’s Cryptocurrency Correlation Tool, Bitcoin is not correlated with the stock market. However, when major market movements occur, they send ripples throughout the financial ecosystem which necessary affect even ordinarily uncorrelated assets.
Therefore, Bitcoin will reach X price on X date after crashing to a price of X by X date.

Stock Market Crash

The Federal Reserve has caused some serious consternation with their release of ridiculous amounts of money in an attempt to buoy the economy. At face value, it does not seem to have any rationale or logic behind it other than keeping the economy afloat long enough for individuals to profit financially and politically. However, there is an underlying basis to what is going on which is important to understand in order to profit financially.
All markets are functionally price probing systems. They constantly undergo a price-discovery process. In a fiat system, money is an illusory and a fundamentally synthetic instrument with no intrinsic value – similar to Bitcoin. The primary difference between Bitcoin is the underlying technology which provides a slew of benefits that fiat does not. Fiat, however, has an advantage in being able to have the support of powerful nation-states which can use their might to insure the currency’s prosperity.
Traditional stock markets are composed of indices (pl. of index). Indices are non-trading market instruments which are essentially summaries of business values which comprise them. They are continuously recalculated throughout a trading day, and sometimes reflected through tradable instruments such as Exchange Traded Funds or Futures. Indices are weighted by market capitalizations of various businesses.
Price theory essentially states that when a market fails to take out a new low in a given range, it will have an objective to take out the high. When a market fails to take out a new high, it has an objective to make a new low. This is why price-time charts go up and down, as it does this on a second-by-second, minute-by-minute, day-by-day, and even century-by-century basis. Therefore, market indices will always return to some type of bull market as, once a true low is formed, the market will have a price objective to take out a new high outside of its’ given range – which is an all-time high. Instruments can only functionally fall to zero, whereas they can grow infinitely.
So, why inflate the economy so much?
Deflation is disastrous for central banks and markets as it raises the possibility of producing an overall price objective of zero or negative values. Therefore, under a fractional reserve system with a fiat currency managed by a central bank – the goal of the central bank is to depreciate the currency. The dollar is manipulated constantly with the intention of depreciating its’ value.
Central banks have a goal of continued inflated fiat values. They tend to ordinarily contain it at less than ten percent (10%) per annum in order for the psyche of the general populace to slowly adjust price increases. As such, the markets are divorced from any other logic. Economic policy is the maintenance of human egos, not catering to fundamental analysis. Gross Domestic Product (GDP) growth is well-known not to be a measure of actual growth or output. It is a measure of increase in dollars processed. Banks seek to produce raising numbers which make society feel like it is growing economically, making people optimistic. To do so, the currency is inflated, though inflation itself does not actually increase growth. When society is optimistic, it spends and engages in business – resulting in actual growth. It also encourages people to take on credit and debts, creating more fictional fiat.
Inflation is necessary for markets to continue to reach new heights, generating positive emotional responses from the populace, encouraging spending, encouraging debt intake, further inflating the currency, and increasing the sale of government bonds. The fiat system only survives by generating more imaginary money on a regular basis.
Bitcoin investors may profit from this by realizing that stock investors as a whole always stand to profit from the market so long as it is managed by a central bank and does not collapse entirely. If those elements are filled, it has an unending price objective to raise to new heights. It also allows us to realize that this response indicates that the higher-ups believe that the economy could crash in entirety, and it may be wise for investors to have multiple well-thought-out exit strategies.

Economic Analysis of Bitcoin

The reason why the Fed is so aggressively inflating the economy is due to fears that it will collapse forever or never rebound. As such, coupled with a global depression, a huge demand will appear for a reserve currency which is fundamentally different than the previous system. Bitcoin, though a currency or asset, is also a market. It also undergoes a constant price-probing process. Unlike traditional markets, Bitcoin has the exact opposite goal. Bitcoin seeks to appreciate in value and not depreciate. This has a quite different affect in that Bitcoin could potentially become worthless and have a price objective of zero.
Bitcoin was created in 2008 by a now famous mysterious figure known as Satoshi Nakamoto and its’ open source code was released in 2009. It was the first decentralized cryptocurrency to utilize a novel protocol known as the blockchain. Up to one megabyte of data may be sent with each transaction. It is decentralized, anonymous, transparent, easy to set-up, and provides myriad other benefits. Bitcoin is not backed up by anything other than its’ own technology.
Bitcoin is can never be expected to collapse as a framework, even were it to become worthless. The stock market has the potential to collapse in entirety, whereas, as long as the internet exists, Bitcoin will be a functional system with a self-authenticating framework. That capacity to persist regardless of the actual price of Bitcoin and the deflationary nature of Bitcoin means that it has something which fiat does not – inherent value.
Bitcoin is based on a distributed database known as the “blockchain.” Blockchains are essentially decentralized virtual ledger books, replete with pages known as “blocks.” Each page in a ledger is composed of paragraph entries, which are the actual transactions in the block.
Blockchains store information in the form of numerical transactions, which are just numbers. We can consider these numbers digital assets, such as Bitcoin. The data in a blockchain is immutable and recorded only by consensus-based algorithms. Bitcoin is cryptographic and all transactions are direct, without intermediary, peer-to-peer.
Bitcoin does not require trust in a central bank. It requires trust on the technology behind it, which is open-source and may be evaluated by anyone at any time. Furthermore, it is impossible to manipulate as doing so would require all of the nodes in the network to be hacked at once – unlike the stock market which is manipulated by the government and “Market Makers”. Bitcoin is also private in that, though the ledge is openly distributed, it is encrypted. Bitcoin’s blockchain has one of the greatest redundancy and information disaster recovery systems ever developed.
Bitcoin has a distributed governance model in that it is controlled by its’ users. There is no need to trust a payment processor or bank, or even to pay fees to such entities. There are also no third-party fees for transaction processing. As the ledge is immutable and transparent it is never possible to change it – the data on the blockchain is permanent. The system is not easily susceptible to attacks as it is widely distributed. Furthermore, as users of Bitcoin have their private keys assigned to their transactions, they are virtually impossible to fake. No lengthy verification, reconciliation, nor clearing process exists with Bitcoin.
Bitcoin is based on a proof-of-work algorithm. Every transaction on the network has an associated mathetical “puzzle”. Computers known as miners compete to solve the complex cryptographic hash algorithm that comprises that puzzle. The solution is proof that the miner engaged in sufficient work. The puzzle is known as a nonce, a number used only once. There is only one major nonce at a time and it issues 12.5 Bitcoin. Once it is solved, the fact that the nonce has been solved is made public.
A block is mined on average of once every ten minutes. However, the blockchain checks every 2,016,000 minutes (approximately four years) if 201,600 blocks were mined. If it was faster, it increases difficulty by half, thereby deflating Bitcoin. If it was slower, it decreases, thereby inflating Bitcoin. It will continue to do this until zero Bitcoin are issued, projected at the year 2140. On the twelfth of May, 2020, the blockchain will halve the amount of Bitcoin issued when each nonce is guessed. When Bitcoin was first created, fifty were issued per block as a reward to miners. 6.25 BTC will be issued from that point on once each nonce is solved.
Unlike fiat, Bitcoin is a deflationary currency. As BTC becomes scarcer, demand for it will increase, also raising the price. In this, BTC is similar to gold. It is predictable in its’ output, unlike the USD, as it is based on a programmed supply. We can predict BTC’s deflation and inflation almost exactly, if not exactly. Only 21 million BTC will ever be produced, unless the entire network concedes to change the protocol – which is highly unlikely.
Some of the drawbacks to BTC include congestion. At peak congestion, it may take an entire day to process a Bitcoin transaction as only three to five transactions may be processed per second. Receiving priority on a payment may cost up to the equivalent of twenty dollars ($20). Bitcoin mining consumes enough energy in one day to power a single-family home for an entire week.

Trading or Investing?

The fundamental divide in trading revolves around the question of market structure. Many feel that the market operates totally randomly and its’ behavior cannot be predicted. For the purposes of this article, we will assume that the market has a structure, but that that structure is not perfect. That market structure naturally generates chart patterns as the market records prices in time. In order to determine when the stock market will crash, causing a major decline in BTC price, we will analyze an instrument, an exchange traded fund, which represents an index, as opposed to a particular stock. The price patterns of the various stocks in an index are effectively smoothed out. In doing so, a more technical picture arises. Perhaps the most popular of these is the SPDR S&P Standard and Poor 500 Exchange Traded Fund ($SPY).
In trading, little to no concern is given about value of underlying asset. We are concerned primarily about liquidity and trading ranges, which are the amount of value fluctuating on a short-term basis, as measured by volatility-implied trading ranges. Fundamental analysis plays a role, however markets often do not react to real-world factors in a logical fashion. Therefore, fundamental analysis is more appropriate for long-term investing.
The fundamental derivatives of a chart are time (x-axis) and price (y-axis). The primary technical indicator is price, as everything else is lagging in the past. Price represents current asking price and incorrectly implementing positions based on price is one of the biggest trading errors.
Markets and currencies ordinarily have noise, their tendency to back-and-fill, which must be filtered out for true pattern recognition. That noise does have a utility, however, in allowing traders second chances to enter favorable positions at slightly less favorable entry points. When you have any market with enough liquidity for historical data to record a pattern, then a structure can be divined. The market probes prices as part of an ongoing price-discovery process. Market technicians must sometimes look outside of the technical realm and use visual inspection to ascertain the relevance of certain patterns, using a qualitative eye that recognizes the underlying quantitative nature
Markets and instruments rise slower than they correct, however they rise much more than they fall. In the same vein, instruments can only fall to having no worth, whereas they could theoretically grow infinitely and have continued to grow over time. Money in a fiat system is illusory. It is a fundamentally synthetic instrument which has no intrinsic value. Hence, the recent seemingly illogical fluctuations in the market.
According to trade theory, the unending purpose of a market or instrument is to create and break price ranges according to the laws of supply and demand. We must determine when to trade based on each market inflection point as defined in price and in time as opposed to abandoning the trend (as the contrarian trading in this sub often does). Time and Price symmetry must be used to be in accordance with the trend. When coupled with a favorable risk to reward ratio, the ability to stay in the market for most of the defined time period, and adherence to risk management rules; the trader has a solid methodology for achieving considerable gains.
We will engage in a longer term market-oriented analysis to avoid any time-focused pressure. The Bitcoin market is open twenty-four-hours a day, so trading may be done when the individual is ready, without any pressing need to be constantly alert. Let alone, we can safely project months in advance with relatively high accuracy. Bitcoin is an asset which an individual can both trade and invest, however this article will be focused on trading due to the wide volatility in BTC prices over the short-term.

Technical Indicator Analysis of Bitcoin

Technical indicators are often considered self-fulfilling prophecies due to mass-market psychology gravitating towards certain common numbers yielded from them. They are also often discounted when it comes to BTC. That means a trader must be especially aware of these numbers as they can prognosticate market movements. Often, they are meaningless in the larger picture of things.
  • Volume – derived from the market itself, it is mostly irrelevant. The major problem with volume for stocks is that the US market open causes tremendous volume surges eradicating any intrinsic volume analysis. This does not occur with BTC, as it is open twenty-four-seven. At major highs and lows, the market is typically anemic. Most traders are not active at terminal discretes (peaks and troughs) because of levels of fear. Volume allows us confidence in time and price symmetry market inflection points, if we observe low volume at a foretold range of values. We can rationalize that an absolute discrete is usually only discovered and anticipated by very few traders. As the general market realizes it, a herd mentality will push the market in the direction favorable to defending it. Volume is also useful for swing trading, as chances for swing’s validity increases if an increase in volume is seen on and after the swing’s activation. Volume is steadily decreasing. Lows and highs are reached when volume is lower.
Therefore, due to the relatively high volume on the 12th of March, we can safely determine that a low for BTC was not reached.
  • VIX – Volatility Index, this technical indicator indicates level of fear by the amount of options-based “insurance” in portfolios. A low VIX environment, less than 20 for the S&P index, indicates a stable market with a possible uptrend. A high VIX, over 20, indicates a possible downtrend. VIX is essentially useless for BTC as BTC-based options do not exist. It allows us to predict the market low for $SPY, which will have an indirect impact on BTC in the short term, likely leading to the yearly low. However, it is equally important to see how VIX is changing over time, if it is decreasing or increasing, as that indicates increasing or decreasing fear. Low volatility allows high leverage without risk or rest. Occasionally, markets do rise with high VIX.
As VIX is unusually high, in the forties, we can be confident that a downtrend for the S&P 500 is imminent.
  • RSI (Relative Strength Index): The most important technical indicator, useful for determining highs and lows when time symmetry is not availing itself. Sometimes analysis of RSI can conflict in different time frames, easiest way to use it is when it is at extremes – either under 30 or over 70. Extremes can be used for filtering highs or lows based on time-and-price window calculations. Highly instructive as to major corrective clues and indicative of continued directional movement. Must determine if longer-term RSI values find support at same values as before. It is currently at 73.56.
  • Secondly, RSI may be used as a high or low filter, to observe the level that short-term RSI reaches in counter-trend corrections. Repetitions based on market movements based on RSI determine how long a trade should be held onto. Once a short term RSI reaches an extreme and stay there, the other RSI’s should gradually reach the same extremes. Once all RSI’s are at extreme highs, a trend confirmation should occur and RSI’s should drop to their midpoint.

Trend Definition Analysis of Bitcoin

Trend definition is highly powerful, cannot be understated. Knowledge of trend logic is enough to be a profitable trader, yet defining a trend is an arduous process. Multiple trends coexist across multiple time frames and across multiple market sectors. Like time structure, it makes the underlying price of the instrument irrelevant. Trend definitions cannot determine the validity of newly formed discretes. Trend becomes apparent when trades based in counter-trend inflection points continue to fail.
Downtrends are defined as an instrument making lower lows and lower highs that are recurrent, additive, qualified swing setups. Downtrends for all instruments are similar, except forex. They are fast and complete much quicker than uptrends. An average downtrend is 18 months, something which we will return to. An uptrend inception occurs when an instrument reaches a point where it fails to make a new low, then that low will be tested. After that, the instrument will either have a deep range retracement or it may take out the low slightly, resulting in a double-bottom. A swing must eventually form.
A simple way to roughly determine trend is to attempt to draw a line from three tops going upwards (uptrend) or a line from three bottoms going downwards (downtrend). It is not possible to correctly draw a downtrend line on the BTC chart, but it is possible to correctly draw an uptrend – indicating that the overall trend is downwards. The only mitigating factor is the impending stock market crash.

Time Symmetry Analysis of Bitcoin

Time is the movement from the past through the present into the future. It is a measurement in quantified intervals. In many ways, our perception of it is a human construct. It is more powerful than price as time may be utilized for a trade regardless of the market inflection point’s price. Were it possible to perfectly understand time, price would be totally irrelevant due to the predictive certainty time affords. Time structure is easier to learn than price, but much more difficult to apply with any accuracy. It is the hardest aspect of trading to learn, but also the most rewarding.
Humans do not have the ability to recognize every time window, however the ability to define market inflection points in terms of time is the single most powerful trading edge. Regardless, price should not be abandoned for time alone. Time structure analysis It is inherently flawed, as such the markets have a fail-safe, which is Price Structure. Even though Time is much more powerful, Price Structure should never be completely ignored. Time is the qualifier for Price and vice versa. Time can fail by tricking traders into counter-trend trading.
Time is a predestined trade quantifier, a filter to slow trades down, as it allows a trader to specifically focus on specific time windows and rest at others. It allows for quantitative measurements to reach deterministic values and is the primary qualifier for trends. Time structure should be utilized before price structure, and it is the primary trade criterion which requires support from price. We can see price structure on a chart, as areas of mathematical support or resistance, but we cannot see time structure.
Time may be used to tell us an exact point in the future where the market will inflect, after Price Theory has been fulfilled. In the present, price objectives based on price theory added to possible future times for market inflection points give us the exact time of market inflection points and price.
Time Structure is repetitions of time or inherent cycles of time, occurring in a methodical way to provide time windows which may be utilized for inflection points. They are not easily recognized and not easily defined by a price chart as measuring and observing time is very exact. Time structure is not a science, yet it does require precise measurements. Nothing is certain or definite. The critical question must be if a particular approach to time structure is currently lucrative or not.
We will measure it in intervals of 180 bars. Our goal is to determine time windows, when the market will react and when we should pay the most attention. By using time repetitions, the fact that market inflection points occurred at some point in the past and should, therefore, reoccur at some point in the future, we should obtain confidence as to when SPY will reach a market inflection point. Time repetitions are essentially the market’s memory. However, simply measuring the time between two points then trying to extrapolate into the future does not work. Measuring time is not the same as defining time repetitions. We will evaluate past sessions for market inflection points, whether discretes, qualified swings, or intra-range. Then records the times that the market has made highs or lows in a comparable time period to the future one seeks to trade in.
What follows is a time Histogram – A grouping of times which appear close together, then segregated based on that closeness. Time is aligned into combined histogram of repetitions and cycles, however cycles are irrelevant on a daily basis. If trading on an hourly basis, do not use hours.
  • Yearly Lows (last seven years): 1/1/13, 4/10/14, 1/15/15, 1/17/16, 1/1/17, 12/15/18, 2/6/19
  • Monthly Mode: 1, 1, 1, 1, 2, 4, 12
  • Daily Mode: 1, 1, 6, 10, 15, 15, 17
  • Monthly Lows (for the last year): 3/12/20 (10:00pm), 2/28/20 (7:09am), 1/2/20 (8:09pm), 12/18/19 (8:00am), 11/25/19 (1:00am), 10/24/19 (2:59am), 9/30/19 (2:59am), 8/29,19 (4:00am), 7/17/19 (7:59am), 6/4/19 (5:59pm), 5/1/19 (12:00am), 4/1/19 (12:00am)
  • Daily Lows Mode for those Months: 1, 1, 2, 4, 12, 17, 18, 24, 25, 28, 29, 30
  • Hourly Lows Mode for those Months (Military time): 0100, 0200, 0200, 0400, 0700, 0700, 0800, 1200, 1200, 1700, 2000, 2200
  • Minute Lows Mode for those Months: 00, 00, 00, 00, 00, 00, 09, 09, 59, 59, 59, 59
  • Day of the Week Lows (last twenty-six weeks):
Weighted Times are repetitions which appears multiple times within the same list, observed and accentuated once divided into relevant sections of the histogram. They are important in the presently defined trading time period and are similar to a mathematical mode with respect to a series. Phased times are essentially periodical patterns in histograms, though they do not guarantee inflection points
Evaluating the yearly lows, we see that BTC tends to have its lows primarily at the beginning of every year, with a possibility of it being at the end of the year. Following the same methodology, we get the middle of the month as the likeliest day. However, evaluating the monthly lows for the past year, the beginning and end of the month are more likely for lows.
Therefore, we have two primary dates from our histogram.
1/1/21, 1/15/21, and 1/29/21
2:00am, 8:00am, 12:00pm, or 10:00pm
In fact, the high for this year was February the 14th, only thirty days off from our histogram calculations.
The 8.6-Year Armstrong-Princeton Global Economic Confidence model states that 2.15 year intervals occur between corrections, relevant highs and lows. 2.15 years from the all-time peak discrete is February 9, 2020 – a reasonably accurate depiction of the low for this year (which was on 3/12/20). (Taking only the Armstrong model into account, the next high should be Saturday, April 23, 2022). Therefore, the Armstrong model indicates that we have actually bottomed out for the year!
Bear markets cannot exist in perpetuity whereas bull markets can. Bear markets will eventually have price objectives of zero, whereas bull markets can increase to infinity. It can occur for individual market instruments, but not markets as a whole. Since bull markets are defined by low volatility, they also last longer. Once a bull market is indicated, the trader can remain in a long position until a new high is reached, then switch to shorts. The average bear market is eighteen months long, giving us a date of August 19th, 2021 for the end of this bear market – roughly speaking. They cannot be shorter than fifteen months for a central-bank controlled market, which does not apply to Bitcoin. (Otherwise, it would continue until Sunday, September 12, 2021.) However, we should expect Bitcoin to experience its’ exponential growth after the stock market re-enters a bull market.
Terry Laundy’s T-Theory implemented by measuring the time of an indicator from peak to trough, then using that to define a future time window. It is similar to an head-and-shoulders pattern in that it is the process of forming the right side from a synthetic technical indicator. If the indicator is making continued lows, then time is recalculated for defining the right side of the T. The date of the market inflection point may be a price or indicator inflection date, so it is not always exactly useful. It is better to make us aware of possible market inflection points, clustered with other data. It gives us an RSI low of May, 9th 2020.
The Bradley Cycle is coupled with volatility allows start dates for campaigns or put options as insurance in portfolios for stocks. However, it is also useful for predicting market moves instead of terminal dates for discretes. Using dates which correspond to discretes, we can see how those dates correspond with changes in VIX.
Therefore, our timeline looks like:
  • 2/14/20 – yearly high ($10372 USD)
  • 3/12/20 – yearly low thus far ($3858 USD)
  • 5/9/20 – T-Theory true yearly low (BTC between 4863 and 3569)
  • 5/26/20 – hashrate difficulty halvening
  • 11/14/20 – stock market low
  • 1/15/21 – yearly low for BTC, around $8528
  • 8/19/21 – end of stock bear market
  • 11/26/21 – eighteen months from halvening, average peak from halvenings (BTC begins rising from $3000 area to above $23,312)
  • 4/23/22 – all-time high
Taken from my blog: http://aliamin.info/2020/
submitted by aibnsamin1 to Bitcoin [link] [comments]

Proof of Drinks: An Open-Source Bitcoin Drinking Game

I’ve developed a new game that is played P2P…
Proof of Drinks: An Open-Source Bitcoin Drinking Game
Player Types:
1. Includes Drinkers, Buyers, and Sellers 2. Anyone within The Market may play any of the aforementioned roles at any time. 3. Manages BITCOIN PROTOCOL - Block Reward (frequency, amount, halving) - Die Rolls - Drink Pour 
1. Acts autonomously; is not included within The Market. 2. Sells glasses and drinks to Drinkers. 3. Manages PRICE LIST OF GOODS - Glasses (fiat/glass) - Drinks (fiat/oz.) 
1. Acts autonomously; is not included within The Market. 2. Manages MONETARY POLICY - Inflation Rate - Circulating Supply of Fiat 
Items needed:
  2. One six-sided die.
  3. A number of six-ounce measuring glasses equal to the number of players within The Market.
  4. Drinks (alcoholic or otherwise).
  5. Fiat money (or Monopoly money).
  6. Minimum 6 players or so.
Object of the Game:
  1. To learn the mechanics of bitcoin and the economy through drinking and having fun.
  2. The game ends when one or more of the following conditions are met:
    • You run out of drinks.
    • Everyone is tired of drinking.
    • Everyone is tired of playing.
  3. At the end of the game, the person with the highest net worth (fiat + bitcoin) is deemed The Winner.
General Rules and Definitions:
  1. All die rolls are performed in front of all participants.
  2. Bathroom breaks are permitted, however gameplay continues. If a Drinker is in the bathroom during their round, their round is forfeited.
  3. Anyone within The Market may buy and sell anything at anytime.
  4. Round: The procedure for drinking; may or may not result in the production of bitcoin.
  5. Block: A round that results in the production of bitcoin.
  6. Anyone within The Market can propose a change to any rule at any time.
    • If everyone agrees, game play continues with the new rule.
    • If no one agrees, the person who proposed the change may continue playing or quit the game.
    • If some, but not all, agree, then the game may be forked into two separate games (Note: this may cause hurt feelings). The Government and The Bartender tend to both games.
  7. All values (bitcoin, block reward, fiat, etc) are to be rounded to the nearest whole number.
  1. Drinkers = Miners
  2. Glasses = Mining equipment
  3. Drinking = Proof of Work
  4. Die roll after drinking = Mining for the nonce
  5. Drink pour = Difficulty
  6. Bathroom break = Mining equipment maintenance
  7. All drinks and die rolls observed by everyone = Nodes validating
Game Setup:
  1. Designate a minimum of one player to be The Government.
  2. Designate a minimum of one player to be The Bartender.
  3. All other players (minimum 2? 3? 4?) are collectively The Market.
  4. The Government gives The Bartender and everyone within The Market ___ dollars each.
  5. For the first round, everyone within The Market is a Drinker (in subsequent rounds, anyone can step in our step out of the Drinker role).
  6. All Drinkers claim a chair around a table.
  7. All Drinkers purchase a glass from The Bartender at ___ dollars per glass. (Use a 6 oz. measuring glass for ease of pour.)
  8. All Drinkers roll a die; the Drinker with the highest number goes first. Subsequent rounds proceed clockwise.
  9. The Bartender determines the initial Cost of Drinking (fiat/drink).
  10. Determine the beginning Block Reward (50?).
Round Procedure:
  1. Determine the Nonce
    • Someone in The Market rolls a die. The number rolled is the Nonce for the Block.
  2. Determine the Pour
    • Someone, other than the Drinker for this round, rolls a die. The number rolled equals the amount of drink poured (e.g., a roll of “3” means 3 ounces is poured into the Drinker’s glass).
  3. The Drinker drinks the pour, then, once The Market has collectively determined the glass is free of liquid, the Drinker rolls a die. All participants in The Market verify the die roll.
    • If the die matches the Nonce, the Drinker receives the Block Reward! It is now the next Drinker’s turn, beginning again with Step 1 above.
    • If the die does not match the Nonce, no Block Reward is granted. It is now the next Drinker’s turn, beginning with Step 2 above.
  4. Every 10 Blocks, the Block Reward is cut in half.
  5. Once all Drinkers have completed a Round, The Government determines a new Inflation Rate and inflates the Circulating Supply of Fiat accordingly.
    • The Government rolls a die in another room then comes out and announces the result of the die roll. The number of the result is the inflation rate (e.g., if the roll is “3” the inflation rate is 3%).
    • The Government multiplies the Circulating Supply of Fiat by the Inflation Rate and adds this amount to the Circulating Supply of Fiat. The Government can do anything it wants with the fiat created.
  6. The value of each bitcoin (fiat/bitcoin) is determined by members of The Market.
    • For the determination of the Winner at the end of the game, the final value of bitcoin is the last value at which it traded.
submitted by SufficientRadio to Bitcoin [link] [comments]

Mining and Dogecoin - Some FAQs

Hey shibes,
I see a lot of posts about mining lately and questions about the core wallet and how to mine with it, so here are some facts!
Feel free to add information to that thread or correct me if I did any mistake.

You downloaded the core wallet

Great! After a decade it probably synced and now you are wondering how to get coins? Bad news: You don't get coins by running your wallet, even running it as a full node. Check what a full node is here.
Maybe you thought so, because you saw a very old screenshot of a wallet, like this (Version 1.2). This version had a "Dig" tab where you can enter your mining configuration. The current version doesn't have this anymore, probably because it doesn't make sense anymore.

You downloaded a GPU/CPU miner

Nice! You did it, even your antivirus system probably went postal and you started covering all your webcams... But here is the bad news again: Since people are using ASIC miners, you just can't compete with your CPU hardware anymore. Even with your more advanced GPU you will have a hard time. The hashrate is too high for a desktop PC to compete with them. The blocks should be mined every 1 minute (or so) and that's causing the difficulty to go up - and we are out... So definitly check what is your hashrate while you are mining, you would need about 1.5 MH/s to make 1 Doge in 24 hours!

Mining Doge

Let us start with a quote:
"Dogecoin Core 1.8 introduces AuxPoW from block 371,337. AuxPoW is a technology which enables miners to submit work done while mining other coins, as work on the Dogecoin block chain."
- langerhans
What does this mean? You could waste your hashrate only on the Dogecoin chain, probably find never a block, but when, you only receive about 10.000 Dogecoins, currently worth about $25. Or you could apply your hashrate to LTC and Doge (and probably even more) at the same time. Your change of solving the block (finding the nonce) is your hashrate divided by the hashrat in sum - and this is about the same for Doge and LTC. This means you will always want to submit your work to all chains available!

Mining solo versus pool

So let's face it - mining solo won't get you anywhere, so let's mine on a pool! If you have a really bad Hashrate, please consider that: Often you need about $1 or $2 worth of crypto to receive a payout (without fees). This means, you have to get there. With 100 MH/s on prohashing, it takes about 6 days, running 24/7 to get to that threshold. Now you can do the math... 1 MH/s = 1000 KH/s, if you are below 1 MH/s, you probably won't have fun.

Buying an ASIC

You found an old BTC USB-miner with 24 GH/s (1 GH/s = 1000 MH/s) for $80 bucks - next stop lambo!? Sorry, bad news again, this hashrate is for SHA-256! If you want to mine LTC/Doge you will need a miner using scrypt with quite lower numbers on the hashrate per second, so don't fall for that. Often when you have a big miner (= also loud), you get more Hashrate per $ spent on the miner, but most will still run on a operational loss, because the electricity is too expensive and the miners will be outdated soon again. Leading me to my next point...

Making profit

You won't make money running your miner. Just do the math: What if you would have bougth a miner 1 year ago? Substract costs for electricity and then compare to: What if you just have bought coins. In most cases you would have a greater profit by just buying coins, maybe even with a "stable" coin like Doges.

Cloud Mining

Okay, this was a lot of text and you are still on the hook? Maybe you are desperated enough to invest in some cloud mining contract... But this isn't a good idea either, because most of such contracts are scams based on a ponzi scheme. You often can spot them easy, because they guarantee way to high profits, or they fake payouts that never happened, etc.
Just a thought: If someone in a subway says to you: Give me $1 and lets meet in one year, right here and I give you $54,211,841, you wouldn't trust him and if some mining contract says they will give you 5% a day it is basically the same.
Also rember the merged mining part. Nobody would offer you to mine Doges, they would offer you to buy a hashrate for scrypt that will apply on multiple chains.

Alternative coins

Maybe try to mine a coin where you don't have ASICs yet, like Monero and exchange them to Doge. If somebody already tried this - feel free to add your thoughts!

Folding at Home (Doge)

Some people say folding at home (FAH - https://www.dogecoinfah.com/) still the best. I just installed the tool and it says I would make 69.852 points a day, running on medium power what equates to 8 Doges. It is easy, it was fun, but it isn't much.
Thanks for reading
submitted by _nformant to dogecoin [link] [comments]

[For newbies]You’d Better Know 40 Jargons in Cryptocurrency World.

Many newbies may feel strange or even confused about various jargons when we step into cryptocurrency world for the first time. I read lots of information on the Internet and combined my understanding to sort out the 40 jargons and some useful questions that are common while mining. I will divide these into several parts. If there is something wrong in my description, please point it out directly, thank you very much!

1.Digital Currency
A digital currency is a form of currency that is available only in digital or electronic form, and not in physical form. It is also called digital money, electronic money, electronic currency, or cyber cash.Digital currency includes virtual currency, cryptocurrency, electronic money, and so on.

A cryptocurrency is a digital or virtual currency that uses cryptography for security. A cryptocurrency is difficult to counterfeit because of this security feature. Many cryptocurrencies are decentralized systems based on blockchain technology, a distributed ledger enforced by a disparate network of computers. A defining feature of a cryptocurrency, and arguably its biggest allure, is its organic nature; it is not issued by any central authority, rendering it theoretically immune to government interference or manipulation.There are currently well over one thousand different cryptocurrencies in the world and many people see them as the lynchpin of a fairer, future economy.Countries have different definitions of cryptocurrencies, such as property, commodities, currency, virtual currency, etc.

Tokens are different from bitcoins and altcoins in that they are not mined by their owners nor primarily meant to be traded (although they may be traded on exchanges if the company that issued them becomes valuable enough in the eyes of the public), but to be sold for fiat or cryptocurrency in order to fund the start-up's tech project.Moreover, the amount of token allocation is often determined in advance, such as how much of the token is allocated to the developer and how much is used for operations.

An altcoin is any digital cryptocurrency similar to Bitcoin. The term is said to stand for “alternative to Bitcoin” and is used describe any cryptocurrency that is not a Bitcoin. Altcoins are created by diverging from Bitcoin consensus rules (the fundamental rules of the cryptocurrency’s network) or by developing a new cryptocurrency from scratch.

A type of distributed digital ledger to which data is recorded sequentially and permanently in ’blocks’. Each new block is linked to the immediately previous block with a cryptographic signature, forming a ‘chain’. This tamper-proof selfvalidation of the data allows transactions to be processed and recorded to the chain without recourse to a third party certification agent. The ledger is not hosted in one location or managed by a single owner, but is shared and accessed by anyone with the appropriate permissions – hence ‘distributed’.Each of the computers in the distributed network maintains a copy of the ledger to prevent a single point of failure (SPOF) and all copies are updated and validated simultaneously.

A package of data containing multiple transactions over a given period of time. A block is a record set of some or all of the latest bitcoin transactions and is not recorded by other previous blocks.

7. Block Header
A block header is used to identify a particular block on an entire blockchain and is hashed repeatedly to create proof of work for mining rewards.The head of the block is divided into six components:the version number of the software,the hash of the previous block( the hash of the previous block is contained in the hash of the new block, the blocks of the blockchain all build on each other),he root hash of the Merkle tree,the time in seconds since 1970–01–01 T00: 00 UTC,the goal of the current difficulty(The lower the goal in bits is, the harder it is to find a matching hash),the nonce(The nonce is the variable incremented by the proof of work. In this way, the miner guesses a valid hash, a hash that is smaller than the target.).As a part of a standard mining exercise, a block header is hashed repeatedly by miners by altering the nonce value. Through this exercise, they attempt to create proof of work, which helps miners get rewarded for their contributions to keep the blockchain system running.

Hashing is the result of applying an algorithmic function to data in order to convert them into a random string of numbers and letters. This acts as a digital fingerprint of that data, allowing it to be locked in place within the blockchain.

9.Enesis Block
The genesis block is the first block in any blockchain-based protocol. It is the foundation on which additional blocks are sequentially added to form a chain of blocks, resulting in the term, blockchain being coined.The genesis block is also referred to as block zero. The second block to be added on top of block zero would then be referred to as block number one.

10. Block Height
The number used to refer to the ordering of blocks is known as the block height number. A blockchain contains a series of blocks, hence the block height number is always a positive integer greater than zero.

In the next few days,we will continue to post posts about jargons and some useful questions that are common while mining, please continue to follow our posts.
submitted by hashaltcoin to u/hashaltcoin [link] [comments]

QRL Versus IOTA - An Overview of Quantum Resistant Cryptography

QRL and IOTA (iota) are quantum resistant cryptocurrencies - to my knowledge, they are the only such cryptocurrencies. I wanted to learn some more about the differences between the two and I thought it would be helpful to share my research with the QRL community.
Disclaimer: I own an amount of both QRL and IOTA.
QRL uses hash-based XMSS digital signatures and Winternitz OTS+ digital signatures for security. The QRL protocol is a custom POS algorithm which uses iterative hash-chains for randomness. (Source)
And we're in the weeds already. Here are some definitions:
Hash-based cryptography: This is the digital security which is implemented by a cryptocurrency. The different types of digital security are defined as digital signature schemes. There are many different signatures out there: Bitcoin uses Secure Hash Algorithm 256-bit (SHA-256); Ethereum uses Ethash; QRL uses XMSS - see below.
XMSS: A hash-based signature scheme (eXtended Merkle Signature Scheme). XMSS is designed specifically as an efficient post-quantum signature scheme. XMSS is PQ-CRYPTO recommended. ("PQ-Crypto is a forum for researchers to present results and exchange ideas on the topic of cryptography in an era with large-scale quantum computers." I won't go much more into this, although it appears to be a solid endorsement of the digital signatures chosen by QRL.)
Winternitz OTS+ (W-OTS+): A hash-based signature scheme, or more specifically a Winternitz type one-time signature scheme (W-OTS). Here is an extract from the QRL Whitepaper explaining the difference between OTS and OTS+ signatures:
Buchmann introduced a variant of the original Winternitz OTS by changing the iterating one-way function to instead be applied to a random number, x, repeatedly but this time parameterised by a key, k, which is generated from the previous iteration of fk(x). This is strongly unforgeable under adaptive chosen message attacks when using a pseudo random function (PRF) and a security proof can be computed for given parameters. It eliminates the need for a collision resistant hash function family by performing a random walk through the function instead of simple iteration. Huelsing introduced a further variant W-OTS+, enabling creation of smaller signatures for equivalent bit security through the addition of a bitmask XOR in the iterative chaining function. Another difference between W-OTS(2011 variant)/ W-OTS+ and W-OTS is that the message is parsed log2(w) bits at a time rather than w, decreasing hash function iterations but increasing keys and signature sizes.
Future improvements planned for QRL include second layer protocol enhancements: an Ephemeral messaging layer which uses lattice-based crypto to enable completely private, and cryptographically authenticated end-end post-quantum secure data channels. As these are not yet implemented, I will not dig into them.
IOTA uses a custom hash-based signature called Kerl and implements Winternitz digital signatures for security. Kerl is written in ternary/trinary, as compared to the traditional binary.
Kerl is the recently upgraded version of Curl, which was upgraded due to the discovery of a security flaw. (The details of this flaw are best left for another post. I discovered this news while researching this post; I will assume Kerl solves the vulnerability issues of Curl for the purposes of this post.)
The official explanation of the quantum proof nature of IOTA is as follows (emphasis mine):
IOTA uses hash-based signatures (https://www.imperialviolet.org/2013/07/18/hashsig.html) instead of elliptic curve cryptography (ECC). Not only is hash-based signatures a lot faster than ECC, but it also greatly simplifies the overall protocol (signing and verification). What actually makes IOTA quantum-secure is the fact that we use Winternitz signatures. IOTA's ternary hash function is called Curl.
And here is the explanation direct from the IOTA Whitepaper:
4.3 Resistance to quantum computations
It is known that a (today still hypothetical) sufficiently large quantum computer can be very efficient for handling problems where only way to solve it is to guess answers repeatedly and check them. The process of finding a nonce in order to generate a Bitcoin block is a good example of such a problem. As of today, in average one must check around 268 nonces to find a suitable hash that allows to generate a block. It is known (see e.g. [13]) that a quantum computer would need Θ(√N) operations to solve a problem of the above sort that needs Θ(N) operations on a classical computer. Therefore, a quantum computer would be around √2 68 = 234 ≈ 17 billion times more efficient in Bitcoin mining than a classical one. Also, it is worth noting that if blockchain does not increase its difficulty in response to increased hashing power, that would lead to increased rate of orphaned blocks.
Observe that, for the same reason, the “large weight” attack described above would also be much more efficient on a quantum computer. However, capping the weight from above (as suggested in Section 4) would effectively fence off a quantum computer attack as well, due to the following reason. In iota, the number of nonces that one needs to check in order to find a suitable hash for issuing a transaction is not so huge, it is only around 38. The gain of efficiency for an “ideal” quantum computer would be therefore of order 34 = 81, which is already quite acceptable (also, remember that Θ(√N) could easily mean 10√N or so). Also, the algorithm is such that the time to find a nonce is not much larger than the time needed for other tasks necessary to issue a transaction, and the latter part is much more resistant against quantum computing.
Therefore, the above discussion suggests that the tangle provides a much better protection against an adversary with a quantum computer compared to the (Bitcoin) blockchain.
QRL and IOTA both use Winternitz-based digital signatures. Based on my understanding, these two are both reliably quantum resistant. However, QRL's Winternitz OTS+ has the edge on IOTA due to the introduction of additional randomized variables in the generation of the digital signatures. Whether this additional level of randomization is significant, I cannot say.
One takeaway from this research was the conclusion that both QRL and IOTA may be quantum resistant, but they do not appear to be quantum proof. However, like many elements of this analysis, that may not prove to be a significant distinction. In the event of a quantum attack on Bitcoin or another non-quantum resistant cryptocurrency, I would imagine the distinction disappears entirely (in the short term).
Please chime in if you see any errors or are able to shed light on any of the discussed topics. A healthy, critical discussion is good for QRL, for IOTA, and for all other cryptocurrencies.
References (some of these have been linked to already):
https://hacked.com/quantum-resistant-ledger-readies-battle-quantum-computing-hires-testers-seeks-feedback/ (This reference was particularly useful)
The QRL Whitepaper
The IOTA Whitepaper
Previous comparison discussion: https://www.reddit.com/QRL/comments/6ywi2q/how_does_qrl_compare_to_iota/
submitted by HoagiesFortune to QRL [link] [comments]

"POS stands for the future? Qtum brings deep analysis"

Each cryptocurrency will adopt some kind of consensus mechanism so that the entire distributed network can maintain synchronization. Bitcoin adopted the Proof of Work (PoW) consensus mechanism from the very beginning of its birth to achieve proof of workload through continuous digital cryptographic hash operations. Since the hashing algorithm is unidirectional, even a small change in the input data will make the output hash value completely different. If the calculated hash value satisfies certain conditions (referred to as "mining difficulty"), participants in the bitcoin network identify the workload proof. Mining difficulty is an ever-changing hash target. When the speed of network-generated blocks becomes faster, the difficulty is automatically increased to maintain the average of the entire network every 10 minutes.
For those who are not very familiar with the blockchain, here are some basic definitions to help understand the post:
PoW and Blockchain Consensus System
Through 8 years of development of Bitcoin, the security of the PoW mechanism has been confirmed. However, PoW has the following problems:
  1. PoW has wasted a lot of power resources and is not friendly to the environment;
  2. PoW is only economically advantageous for big people who have a lot of power (normal users can hardly mine into mines);
  3. PoW lacks incentives for users to hold or use coins;
  4. PoW has a certain risk of centralization, because miners tend to join large pools, which makes large pools have a greater influence on the network;
The right to benefit prove mechanism (Proof of Stake, hereinafter referred to as PoS) can solve a lot of problems among this, because it enables any user with tokens in your wallet can have the opportunity to dig mine (of course, will get mining reward). The PoS was originally proposed by Sunny King in Peercoin. It was later refined and adopted in a variety of cryptocurrencies. Among these are PoS Vasin's PoS 2.0, Larry Ren's PoS Velocity, and the recent CASPER proposed by Vlad Zamfir, as well as various other relatively unknown projects.
The consensus mechanism adopted by Qtum is based on PoS3.0. PoS3.0 is an upgraded version of PoS2.0, also proposed and implemented by Pavel Vasin. This article will focus on this version of the PoS implementation. Qtum made some changes based on PoS3.0, but the core consensus mechanism is basically the same.
For general community members and even some developers, PoS is not particularly easy to understand because there are currently fewer documents detailing how to ensure network security in networks that use only token ownership to achieve consensus. This article will elaborate on how to generate, verify, and secure the PoS blockchain in PoS3.0. The article may involve some technical knowledge, but I will try to describe it with some of the basic definitions provided in this article. But at least the reader needs to have a basic idea of ​​a UTXO-based blockchain.
Before introducing PoS, let me briefly introduce PoW's working mechanism, which can help the following understanding of PoS. The PoW mining process can be represented by the following pseudocode:  
While(blockhash > difficulty) { Block.nonce = block.nonce + 1 Blockhash = sha256(sha256(block)) } 
The hash operation used here I explained earlier, that is, to use arbitrary length data as input, after a series of operations, get a fixed-length information digest as an output, but only know the information digest but it is impossible to reverse the corresponding input data . The whole process is a lot like the lottery winning mechanism. You can create a “voucher” by hashing the data and compare it with the target hash range to determine if you “win”. If you don't win, you can create a new "voucher" again by slightly changing some of the data. The random number nonce in Bitcoin is used to adjust the input data. Once the required hash is found, the block is legitimate and can be broadcast to a distributed network. Once the other miners in the network receive this new block message and pass the verification, they will add the block to the chain and continue to build the block after the new block.
PoS protocol structure and rules
Now we begin to introduce PoS. PoS has the following goals :
  1. Cannot fake blocks;
  2. "Large households" will not receive much disproportionately large rewards;
  3. Having strong computing power does not help create blocks;
  4. No one or several members of the network can control the entire blockchain;
The basic concept of PoS is very similar to PoW, and it is like a lottery. The only difference is that PoS can't get new "lotteries" just by fine-tuning the input data, PoW uses "block hash" as lottery ticket, and PoS introduces the concept of "kernel hash".
The Kernel hash takes as input multiple unmodifiable data in the current block. So, because the miners can't find a simple way to modify the kernal hash, they can't get legal through a lot of traversal of the possible hash.New block.
In order to achieve this goal, PoS added many additional consensus rules.
First, unlike PoW, the PoS's coinbase transaction (that is, the first transaction in the block) has zero output. At the same time, in order to reward Staker, a staking transaction was introduced as the second transaction of the block. The staking transaction has the following features:
  1. There are at least 1 legal vin
  2. The first vout must be empty script
  3. The second vout must not be empty
In addition, staking transactions must also obey the following rules :
  1. The second vout must be a pubkey script (note that it is not pubkeyhash) or an OP_RETURN script that cannot be used to save data on the chain;
  2. The timestamp in the transaction must be consistent with the block timestamp;
  3. The total output value of the staking transaction must be less than or equal to the sum of all input values, PoS block awards, and transaction fees (ie output <= (input + block_reward + tx_fees));
  4. The output corresponding to the first vin must pass the confirmation of at least 500 blocks (that is, the currency spent needs at least 500 blocks to confirm);
  5. Although the staking transaction can have multiple input vins, only the first vin is used for the consensus mechanism;
These rules make it easy to identify the staking transaction, thus ensuring that it can provide enough information to verify the block. It should be noted here that the first vout is not the only way to identify the staking transaction, but since the PoS3.0 designer Sunny King started using this method, and proved its reliability in long-term practice, so we have also adopted this method to identify staking transactions.
Now that we know the definition of the staking transaction and we understand the rules that it must follow, let's introduce the rules of the PoS block :
The most important of these rules for PoS is the "kernal hash". The role of the kernel hash is similar to that of the block hash in PoW. That is, if the hash value matches the condition, the block is considered valid. However, kernal hash cannot be obtained by directly modifying part of the current block. Next, I will first introduce the structure and operating mechanism of kernal hash, and then further explain the purpose of this design, and if you change the unforeseen consequences of this design will bring.
Kernel Hash in PoS
The kernal hash consists of the following data in order as input:
The "skate modifier" of a block refers to the hash value of the following data:
There are only two ways to change the current kernel hash (for mining), either change "prevout" or change the current block time.
In general, a wallet will contain multiple UTXOs. The balance of the wallet is actually the sum of all available UTXOs in the current wallet. This is also applicable in PoS wallets and is even more important because arbitrary output may be used for staking. One of these outputs will be the prevout in the staking transaction, which will be used to generate a valid block.
In addition, there is one more important change in the PoS block mining process (compared to PoW), which is that the difficulty of mining is inversely proportional to the number of coins owned (rather than the number of UTXOs). For example, a wallet with 2 coins is only half the difficulty of mining. If it is not designed this way, users will be encouraged to generate many UTXOs with small micro-regulations, which will cause the block size to become larger and may cause some security problems.
The calculation of kernal hash can be expressed in pseudo-code as:
While(true){ Foreach(utxo in wallet){ blockTime = currentTime - currentTime % 16 posDifficulty = difficulty * utxo.value Hash = hash(previousStakeModifier << utxo.time << utxo.hash << utxo.n << blockTime) If(hash < posDifficulty){ Done } } Wait 16s -- wait 16 seconds, until the block time can be changed } 
Through the above process, we find that one of the UTXOs can be used to generate a staking transaction. This staking transaction has 1 vin, the UTXO we found. At the same time this staking transaction has at least two vouts, the first one is empty, which is used to identify the blockchain, the second vout is an OP_RETURN transaction containing only one public key, or contains the pay-to-pub-key script. The role of the latter is relatively pure (payment), and data transactions can have more uses (such as an independent block signature machine) without destroying the original UTXO model.
Finally, all transactions in the mempool will be added to the block. What we need to do next is generate the signature. This signature must use the public key corresponding to the second vout of the staking transaction. The actual transaction data is calculated by block hash. After signing, we can broadcast this block to the network. Other nodes in the network will verify the block. If the block is valid, the node will accept the block and connect it to its own blockchain while broadcasting the new block to other nodes it connects to.
Through the above steps, we can get a complete and secure PoS3.0 blockchain. PoS3.0 is considered to be the best consensus mechanism against malicious attacks in a fully decentralized consensus system. Why is this conclusion? We can understand the history of PoS development.
The development of PoS
PoS has a long history. Here is a brief description:
PoS1.0 — Applied in Peercoin , heavily dependent on coin age (ie, the time elapsed since UTXO was spent), the higher the coin age, the lower the difficulty of mining. This has the side effect that the user will choose to open a wallet for a long period of time (for example, one month or longer), so that the UTXO of the wallet will have a relatively large currency and the user can quickly find a new block. This will lead to double-spend attacks more easily. Peercoin itself is not affected by this, because it uses PoW and PoS mixing mechanisms, and PoW can reduce this negative effect.
PoS2.0 — The coin age was removed from the consensus mechanism and a different stake modifier was used than PoS1.0. The contents of the amendments are relatively numerous, but basically they are all about how to remove the coin age and realize the security consensus mechanism without using the PoW/PoS hybrid mode.
PoS3.0 — PoS3.0 can actually be said to be an upgraded version of PoS2.0. In PoS2.0, the snapshot modifier also contains the block time of the previous block, which was removed in 3.0, mainly to prevent the so-called "short-range" attack, that is, it is possible to change the previous area by traversing. Block time to traverse mining. PoS2.0 uses block time and transaction time to determine the age of UTXO, which is slightly different from the previous coinage age. It indicates that a UTXO can be used for the minimum number of confirmations required by staking. The UTXO age in PoS 3.0 becomes simpler, it is determined by the height of the block. This avoids the introduction of a less accurate timestamp in the blockchain and can effectively immunize the "timewarp" attack. PoS3.0 also adds OP_RETURN support for staking transactions, making voutYou can include only the public key, not necessarily the full pay-to-pubkey script.
submitted by thisthingismud to Qtum [link] [comments]

Introduction to Dalilcoin

Dalilcoin is a cryptocurrency and p2p network with support for publishing formalised mathematics. The code is based on a fork of Qeditas (qeditas.org). Like Qeditas, the initial distribution is an airdrop based on Bitcoin balances from May 2015 (Bitcoin block 350,000). The testnet for Dalilcoin started running on March 29, 2018, and the mainnet is expected to start in April or May 2018. The code is on github (github.com/aliibrahim80/dalilcoin).
Unlike most cryptocurrencies, Dalilcoin is not intended to support general payments. Instead the primary purpose is to allow people to publish documents creating definitions and proving propositions. Before a proposition has been proven, users can put a bounty on the proposition to encourage someone to prove it (or prove its negation). The publisher of a document can (and must) create ownership assets (deeds) to indicate ownership of the new objects defined and new propositions proven in the document. The owner can optionally allow later documents to import the object (without redefining it) or import the proposition (without reproving it). Such imports may require "rights" to be purchased from the corresponding owner's address. (Owners also have the option to allow objects and propositions to be freely imported without purchasing rights, or completely disallow such imports.) Deeds are also transferable.
Following Qeditas, the primary currency units are called fraenks. The smallest currency units are called cants. There are 100 billion cants in each fraenk. As in Bitcoin, there will never be more than 21 million Dalilcoin fraenks. The initial 14 million fraenks come from the airdrop corresponding to the Qeditas snapshot from 2015. The remaining 7 million fraenks will be distributed as rewards for creating blocks, using the same reward schedule as Bitcoin (where Dalilcoin's first block will correspond to Bitcoin's 350,000th block). The initial reward will be 25 fraenks for 70,000 blocks. It will then halve every 210,000 blocks.
More details about the currency and support for theorem proving can be found in the Qeditas white paper (qeditas.org/docs/qeditas.pdf).
The most significant change Dalilcoin made after forking from Qeditas is the consensus algorithm. Dalilcoin uses a combination of Proof of Burn and Proof of Stake, with the Proof of Burn relying on a second more established blockchain (Litecoin). In order to make limited use of valuable Litecoin block space, Dalilcoin will have very slow blocks. On average there should be 4 blocks per day, or one block every 6 hours. This will only require 4 corresponding Litecoin transactions per day. Due to the slow block time, there will only be approximately 100 fraenks produced as rewards per day and the first halving will take place after roughly 47 years.
Consensus Algorithm
Qeditas was designed to use Proof of Stake and Proof of Storage. There are a number of criticisms of Proof of Stake, and Dalilcoin addresses some of these by combining Proof of Stake with Proof of Burn. Everytime a Dalilcoin block is staked, the staker must create a transaction published to the Litecoin network. The Litecoin transaction must have a hash that begins with the two bytes 0x4461 (ASCII "Da") so that Dalilcoin nodes listening to the Litecoin network only need to examine the small percentage of Litecoin transactions whose txid begins with 4461. (To prevent transaction malleability, Dalilcoin stakers should only be spending from SegWit addresses.) The first output in this Litecoin transaction must be an OP_RETURN containing a push of at least 64 bytes. The first 32 bytes must be the hash of the previous Litecoin burn tx (or all 0s in the case of the first burn tx for the Dalilcoin Genesis Block) and the next 32 bytes must be the hash of the next Dalilcoin block (the one being created). In general the OP_RETURN will push more than 64 bytes with the extra bytes being used as a nonce to ensure the Litecoin tx has a hash beginning with 0x4461. The OP_RETURN output will also burn some litecoins (possibly burning 0 litecoins). The number of litoshis burned is multiplied by 1 million and added to the number of cants held by the staked asset. The resulting value is multiplied by Dalilcoin's coinage and used to determine if the staker has a "hit" and is allowed to stake a block. (To be more precise, Dalilcoin's staking code computes how many litoshis would need to be burned in order to stake with a given asset during a given second. If the amount to be burned is sufficiently low, a block is minted.)
The stake modifier for the next Dalilcoin block is determined by hashing the previous burn tx and the hash of the Litecoin block header in which the burn tx was published. This is essentially using Litecoin miners as random number generators to choose the next Dalilcoin stakers. (Of course, Litecoin miners are rewarded for this by the fees in the burn txs.)
Any node that has access to the Litecoin block chain will be able to use the information in the Litecoin burn transactions to know the current state of the Dalilcoin block tree. The primary question that remains is how one determines the current "best" block. The usual way is to compute some cumulative weight (e.g., cumulative Proof of Work) and choose the block with the highest such value. Here we can rely on Litecoin to make the most important choices, as it can act as a way to determine when one Dalilcoin block was minted before another.
Suppose a Dalilcoin Block B1 was minted with a Litecoin burn tx at (Litecoin) height H1. Next suppose a Dalilcoin Block B2 (successor to B1) was minted at height H2>H1. If someone mints an alternative Dalilcoin Block B2' (successor to B1) and publishes the burn tx at height H2' > H2, Dalilcoin will consider B2 to be the best block, with two exceptions.
First, the minter of B2' could reorganize the Litecoin block chain so that H2' < H2. To avoid this possibility, we rely on the security of the Litecoin block chain.
Second, no one might build a successor to B2 for a week (based on both the Litecoin block count and the median times in Litecoin blocks). If no one built a successor to B2 in one week, but a successor to B2' (possibly B2' itself) is less than a week old, then it becomes the best block. This second case has the consequence that if no one mints a Dalilcoin block for a week, the Dalilcoin block chain will no longer be live, and it would require a hard fork to reactivate.
In the rare case that two Dalilcoin blocks were minted close enough in time that both burn txs are included in the same Litecoin block, Dalilcoin will consider both equally good and wait for the next block to resolve the tie.
The coin age factor for staking assets is also novel, and is dependent on the properties of the currency asset being staked. Assets from the initial distribution (with birthday 0) start with a maximum age of 1089 (33 squared). Unlocked currency assets with a positive birthday have coinage factor n squared, where n increases every 16 blocks (roughly 4 days) until n is 33 (after roughly 4 months). Currency assets can also be locked until a certain block height L. For locked currency assets that are not block rewards, the asset has maximum age of 1089 until 8 blocks before the asset unlocks. After the asset has passed the lock height, it ages slowly, with age n squared with n increasing roughly once every 4 months until n is 33. Block rewards must always be locked for at least 512 blocks (about 4 months). In the case of block rewards, starting after 32 blocks (8 days) the asset becomes available for staking and ages in the same manner as an unlocked asset ages (increasing n every 3 days). When a reward is 8 blocks from being unlocked, it is not available for staking. After the lock height has passed, a reward begins gaining coinage using the slow formula, with n increasing every 4 months until n is 33.
The consensus algorithm for the Dalilcoin testnet is the same, except the Litecoin testnet is used instead of the mainnet.
Initial Distribution
As mentioned above the initial distribution of 14 million fraenks corresponds to Bitcoin balances as of Bitcoin block 350,000. In a system partly based on Proof of Stake, there is a danger in having the vast majority of the currency left as an untouched airdrop for an indefinite period of time. On the other hand, those who wish to participate in the network should have a sufficient amount of time to find out about the network and claim their part of the airdrop. The compromise position Dalilcoin has taken is to have the full 14 million fraenks available for Bitcoin holders from the time of the snapshot to claim for roughly 6 months (730 Dalilcoin blocks) after which the value of the unclaimed airdrop distribution will halve. Such a halving will continue every 730 blocks for roughly 27 years, at which time the unclaimed portion of the initial distribution will have no value. This means if you had 2 bitcoins at the time of the snapshot, you can claim 2 fraenks for the first 730 Dalilcoin blocks. If you do not claim these 2 fraenks, you will be able to only claim 1 fraenk for the next 730 Dalilcoin blocks, and so on.
One of the cryptographically responsible aspects of Qeditas was the use of Bitcoin signed endorsements to claim airdropped fraenks. Dalilcoin also supports endorsements. Anyone who has the private key for a Bitcoin address that had a nonzero balance can claim their part of the airdrop without importing their private key to the Dalilcoin software. Instead users can sign a message with their Bitcoin private key that "endorses" a different Dalilcoin address to be able to sign Dalilcoin transactions for the airdrop address. Conclusion
Dalilcoin is a very different kind of cryptocurrency project, targeting formalised mathematics instead of payments. The consensus algorithm makes use of an established secure blockchain (Litecoin's). The block time is far too slow to be useful for payments. Instead Dalilcoin blocks can be seen as something between a cryptocurrency ledger and an academic journal. Four blocks per day is very slow for a cryptocurrency, but very fast for journal issues.
The testnet is running now and the mainnet should be running soon. In a future article I will give more detailed instructions on how to run a node. In the meantime, feel free to clone the git repo or download the latest release, compile the code and try to connect to the testnet network. If you have trouble, ask questions here on the Dalilcoin subreddit (or, if you are desperate enough, read the README file in the repo).
submitted by aliibrahim80 to dalilcoin [link] [comments]

The missing explanation of Proof of Stake Version 3 - Article by earlz.net

The missing explanation of Proof of Stake Version 3

In every cryptocurrency there must be some consensus mechanism which keeps the entire distributed network in sync. When Bitcoin first came out, it introduced the Proof of Work (PoW) system. PoW is done by cryptographically hashing a piece of data (the block header) over and over. Because of how one-way hashing works. One tiny change in the data can cause an extremely different hash to come of it. Participants in the network determine if the PoW is valid complete by judging if the final hash meets a certain condition, called difficulty. The difficulty is an ever changing "target" which the hash must meet or exceed. Whenever the network is creating more blocks than scheduled, this target is changed automatically by the network so that the target becomes more and more difficult to meet. And thus, requires more and more computing power to find a hash that matches the target within the target time of 10 minutes.


Some basic definitions might be unfamiliar to some people not familiar with the blockchain code, these are:

Proof of Work and Blockchain Consensus Systems

Proof of Work is a proven consensus mechanism that has made Bitcoin secure and trustworthy for 8 years now. However, it is not without it's fair share of problems. PoW's major drawbacks are:
  1. PoW wastes a lot of electricity, harming the environment.
  2. PoW benefits greatly from economies of scale, so it tends to benefit big players the most, rather than small participants in the network.
  3. PoW provides no incentive to use or keep the tokens.
  4. PoW has some centralization risks, because it tends to encourage miners to participate in the biggest mining pool (a group of miners who share the block reward), thus the biggest mining pool operator holds a lot of control over the network.
Proof of Stake was invented to solve many of these problems by allowing participants to create and mine new blocks (and thus also get a block reward), simply by holding onto coins in their wallet and allowing their wallet to do automatic "staking". Proof Of Stake was originally invented by Sunny King and implemented in Peercoin. It has since been improved and adapted by many other people. This includes "Proof of Stake Version 2" by Pavel Vasin, "Proof of Stake Velocity" by Larry Ren, and most recently CASPER by Vlad Zamfir, as well as countless other experiments and lesser known projects.
For Qtum we have decided to build upon "Proof of Stake Version 3", an improvement over version 2 that was also made by Pavel Vasin and implemented in the Blackcoin project. This version of PoS as implemented in Blackcoin is what we will be describing here. Some minor details of it has been modified in Qtum, but the core consensus model is identical.
For many community members and developers alike, proof of stake is a difficult topic, because there has been very little written on how it manages to accomplish keeping the network safe using only proof of ownership of tokens on the network. This blog post will go into fine detail about Proof of Stake Version 3 and how it's blocks are created, validated, and ultimately how a pure Proof of Stake blockchain is possible to secure. This will assume some technical knowledge, but I will try to explain things so that most of the knowledge can be gathered from context. You should at least be familiar with the concept of the UTXO-based blockchain.
Before we talk about PoS, it helps to understand how the much simpler PoW consensus mechanism works. It's mining process can be described in just a few lines of pseudo-code:
while(blockhash > difficulty) { block.nonce = block.nonce + 1 blockhash = sha256(sha256(block)) } 
A hash is a cryptographic algorithm which takes an arbritrary amount of input data, does a lot of processing of it, and outputs a fixed-size "digest" of that data. It is impossible to figure out the input data with just the digest. So, PoW tends to function like a lottery, where you find out if you won by creating the hash and checking it against the target, and you create another ticket by changing some piece of data in the block. In Bitcoin's case, nonce is used for this, as well as some other fields (usually called "extraNonce"). Once a blockhash is found which is less than the difficulty target, the block is valid, and can be broadcast to the rest of the distributed network. Miners will then see it and start building the next block on top of this block.

Proof of Stake's Protocol Structures and Rules

Now enter Proof of Stake. We have these goals for PoS:
  1. Impossible to counterfeit a block
  2. Big players do not get disproportionally bigger rewards
  3. More computing power is not useful for creating blocks
  4. No one member of the network can control the entire blockchain
The core concept of PoS is very similar to PoW, a lottery. However, the big difference is that it is not possible to "get more tickets" to the lottery by simply changing some data in the block. Instead of the "block hash" being the lottery ticket to judge against a target, PoS invents the notion of a "kernel hash".
The kernel hash is composed of several pieces of data that are not readily modifiable in the current block. And so, because the miners do not have an easy way to modify the kernel hash, they can not simply iterate through a large amount of hashes like in PoW.
Proof of Stake blocks add many additional consensus rules in order to realize it's goals. First, unlike in PoW, the coinbase transaction (the first transaction in the block) must be empty and reward 0 tokens. Instead, to reward stakers, there is a special "stake transaction" which must be the 2nd transaction in the block. A stake transaction is defined as any transaction that:
  1. Has at least 1 valid vin
  2. It's first vout must be an empty script
  3. It's second vout must not be empty
Furthermore, staking transactions must abide by these rules to be valid in a block:
  1. The second vout must be either a pubkey (not pubkeyhash!) script, or an OP_RETURN script that is unspendable (data-only) but stores data for a public key
  2. The timestamp in the transaction must be equal to the block timestamp
  3. the total output value of a stake transaction must be less than or equal to the total inputs plus the PoS block reward plus the block's total transaction fees. output <= (input + block_reward + tx_fees)
  4. The first spent vin's output must be confirmed by at least 500 blocks (in otherwords, the coins being spent must be at least 500 blocks old)
  5. Though more vins can used and spent in a staking transaction, the first vin is the only one used for consensus parameters.
These rules ensure that the stake transaction is easy to identify, and ensures that it gives enough info to the blockchain to validate the block. The empty vout method is not the only way staking transactions could have been identified, but this was the original design from Sunny King and has worked well enough.
Now that we understand what a staking transaction is, and what rules they must abide by, the next piece is to cover the rules for PoS blocks:
There are a lot of details here that we'll cover in a bit. The most important part that really makes PoS effective lies in the "kernel hash". The kernel hash is used similar to PoW (if hash meets difficulty, then block is valid). However, the kernel hash is not directly modifiable in the context of the current block. We will first cover exactly what goes into these structures and mechanisms, and later explain why this design is exactly this way, and what unexpected consequences can come from minor changes to it.

The Proof of Stake Kernel Hash

The kernel hash specifically consists of the following exact pieces of data (in order):
The stake modifier of a block is a hash of exactly:
The only way to change the current kernel hash (in order to mine a block), is thus to either change your "prevout", or to change the current block time.
A single wallet typically contains many UTXOs. The balance of the wallet is basically the total amount of all the UTXOs that can be spent by the wallet. This is of course the same in a PoS wallet. This is important though, because any output can be used for staking. One of these outputs are what can become the "prevout" in a staking transaction to form a valid PoS block.
Finally, there is one more aspect that is changed in the mining process of a PoS block. The difficulty is weighted against the number of coins in the staking transaction. The PoS difficulty ends up being twice as easy to achieve when staking 2 coins, compared to staking just 1 coin. If this were not the case, then it would encourage creating many tiny UTXOs for staking, which would bloat the size of the blockchain and ultimately cause the entire network to require more resources to maintain, as well as potentially compromise the blockchain's overall security.
So, if we were to show some pseudo-code for finding a valid kernel hash now, it would look like:
while(true){ foreach(utxo in wallet){ blockTime = currentTime - currentTime % 16 posDifficulty = difficulty * utxo.value hash = hash(previousStakeModifier << utxo.time << utxo.hash << utxo.n << blockTime) if(hash < posDifficulty){ done } } wait 16s -- wait 16 seconds, until the block time can be changed } 
This code isn't so easy to understand as our PoW example, so I'll attempt to explain it in plain english:
Do the following over and over for infinity: Calculate the blockTime to be the current time minus itself modulus 16 (modulus is like dividing by 16, but then only instead of taking the result, taking the remainder) Calculate the posDifficulty as the network difficulty, multiplied by the number of coins held by the UTXO. Cycle through each UTXO in the wallet. With each UTXO, calculate a SHA256 hash using the previous block's stake modifier, as well as some data from the the UTXO, and finally the blockTime. Compare this hash to the posDifficulty. If the hash is less than the posDifficulty, then the kernel hash is valid and you can create a new block. After going through all UTXOs, if no hash produced is less than the posDifficulty, then wait 16 seconds and do it all over again. 
Now that we have found a valid kernel hash using one of the UTXOs we can spend, we can create a staking transaction. This staking transaction will have 1 vin, which spends the UTXO we found that has a valid kernel hash. It will have (at least) 2 vouts. The first vout will be empty, identifying to the blockchain that it is a staking transaction. The second vout will either contain an OP_RETURN data transaction that contains a single public key, or it will contain a pay-to-pubkey script. The latter is usually used for simplicity, but using a data transaction for this allows for some advanced use cases (such as a separate block signing machine) without needlessly cluttering the UTXO set.
Finally, any transactions from the mempool are added to the block. The only thing left to do now is to create a signature, proving that we have approved the otherwise valid PoS block. The signature must use the public key that is encoded (either as pay-pubkey script, or as a data OP_RETURN script) in the second vout of the staking transaction. The actual data signed in the block hash. After the signature is applied, the block can be broadcast to the network. Nodes in the network will then validate the block and if it finds it valid and there is no better blockchain then it will accept it into it's own blockchain and broadcast the block to all the nodes it has connection to.
Now we have a fully functional and secure PoSv3 blockchain. PoSv3 is what we determined to be most resistant to attack while maintaining a pure decentralized consensus system (ie, without master nodes or currators). To understand why we approached this conclusion however, we must understand it's history.

PoSv3's History

Proof of Stake has a fairly long history. I won't cover every detail, but cover broadly what was changed between each version to arrive at PoSv3 for historical purposes:
PoSv1 - This version is implemented in Peercoin. It relied heavily on the notion of "coin age", or how long a UTXO has not been spent on the blockchain. It's implementation would basically make it so that the higher the coin age, the more the difficulty is reduced. This had the bad side-effect however of encouraging people to only open their wallet every month or longer for staking. Assuming the coins were all relatively old, they would almost instantaneously produce new staking blocks. This however makes double-spend attacks extremely easy to execute. Peercoin itself is not affected by this because it is a hybrid PoW and PoS blockchain, so the PoW blocks mitigated this effect.
PoSv2 - This version removes coin age completely from consensus, as well as using a completely different stake modifier mechanism from v1. The number of changes are too numerous to list here. All of this was done to remove coin age from consensus and make it a safe consensus mechanism without requiring a PoW/PoS hybrid blockchain to mitigate various attacks.
PoSv3 - PoSv3 is really more of an incremental improvement over PoSv2. In PoSv2 the stake modifier also included the previous block time. This was removed to prevent a "short-range" attack where it was possible to iteratively mine an alternative blockchain by iterating through previous block times. PoSv2 used block and transaction times to determine the age of a UTXO; this is not the same as coin age, but rather is the "minimum confirmations required" before a UTXO can be used for staking. This was changed to a much simpler mechanism where the age of a UTXO is determined by it's depth in the blockchain. This thus doesn't incentivize inaccurate timestamps to be used on the blockchain, and is also more immune to "timewarp" attacks. PoSv3 also added support for OP_RETURN coinstake transactions which allows for a vout to contain the public key for signing the block without requiring a full pay-to-pubkey script.


  1. https://peercoin.net/assets/papepeercoin-paper.pdf
  2. https://blackcoin.co/blackcoin-pos-protocol-v2-whitepaper.pdf
  3. https://www.reddcoin.com/papers/PoSV.pdf
  4. https://blog.ethereum.org/2015/08/01/introducing-casper-friendly-ghost/
  5. https://github.com/JohnDolittle/blackcoin-old/blob/mastesrc/kernel.h#L11
  6. https://github.com/JohnDolittle/blackcoin-old/blob/mastesrc/main.cpp#L2032
  7. https://github.com/JohnDolittle/blackcoin-old/blob/mastesrc/main.h#L279
  8. http://earlz.net/view/2017/07/27/1820/what-is-a-utxo-and-how-does-it
  9. https://en.bitcoin.it/wiki/Script#Obsolete_pay-to-pubkey_transaction
  10. https://en.bitcoin.it/wiki/Script#Standard_Transaction_to_Bitcoin_address_.28pay-to-pubkey-hash.29
  11. https://en.bitcoin.it/wiki/Script#Provably_Unspendable.2FPrunable_Outputs
Article by earlz.net
submitted by B3TeC to Moin [link] [comments]

Blockchain & mining - my attempt to explain it

There are so many people invested in crypto now, but there are still quite a lot of people who don’t actually know what a “Blockchain” really is, nor do they truly understand its usefulness.
People hear these phrases like “digital ledger secured using cryptography” and think it sounds cool, but what exactly does that mean?
There are literally tons of informational resources on the net, but most of them fly straight over the heads of the average Joe. I thought it would be worth breaking down the concept of “Blockchain” to make it easy for anyone to understand.
So first and foremost, what is a “block” in a Blockchain? Well a block is a bunch of transactions grouped together. When I say “transactions”, I am referring to a ledger or list of transactional information.
Let me offer an example of a “transaction”:
Joe has $1000
Joe’s bank account is 1234-5678 @ HSBC
Joe sends Sarah $200
Sarah has $2000
Sarah’s bank account is 8765-4321 @ Bank of China
The time of the transaction is 12:47pm 20th Feb 2018
Joe’s account will now be $800
Sarah’s bank account is $2200
This is a simple example, but fundamentally this short list of information pertaining to a single transaction. This transferral of money ($200 from one person to another) is added to a “block” alongside a whole bunch of other transactions from other people.
Let’s use Bitcoin for the remaining examples. Each “block” on the bitcoin blockchain is 1mb in length. So what exactly is 1mb? Well 1mb or “mega-byte”, represents one million bytes of information. Now one “byte” of information represents a single ascii character. Every single character I am typing right now represents one byte. So “Hello” (without the quotations) represents 5 bytes of information.
So if we go back to my example transaction above, the number of bytes that this transaction took up is 246 bytes. This is just a fraction of 1mb, so you can see a lot of transactions of this size could be stored in a 1mb block.
OK so hopefully you understand what a “block” at least represents. So the next question would be, how do you ensure this “block” of information has not been tampered with? After all, it would be utterly disastrous if someone were to access a block of information and change some of the information. Imagine changing the destination bank address, or the amounts involved!
In order to secure a “block” we use cryptography. Specifically we use something called a “hash”. A hash essentially takes a bunch of data, applies a fixed set of mathematical operations to the data, and the eventual output is a “hash” of the data.
Let me give you an example of an ultra-basic “hash algorithm” -
Step 1. Take a number and double it
Step 2. Add 6
Step 3. Divide it by 2
That’s it…. A basic hash algorithm!
Let’s take a couple of numbers and apply the hash algorithm to the numbers.
First we’ll start with 20
Step 1. 20 x 2 = 40
Step 2. 40 + 6 = 46
Step 3. 46 / 2 = 23
So in this example, the “hash” of the original number (20) is 23
Let’s apply it to another number….This time 22
Step 1. 22 x 2 = 44 Step 2. 44 + 6 = 50 Step 3. 50 / 2 = 25
So the “hash” of the original number (22) is now 25
Now any different number you try as your input will always produce a different number as your hashed output. However, if you apply my hashing algorithm to the number 20, the “hash” will always be 23, and if you apply it to the number 22, the “hash” will always be 25.
If we take the numbers I used in the above examples (20 & 22) as “inputs”, then the “output” (the hash) will always produce the same result, but any changes to the input will always affect the output.
Ok so that’s applying a hash to a number…..what about text? How do we “hash” a string of text?
Well that’s where something called the “Ascii Table” comes in. The Ascii Table offers a unique code for every alphanumeric character. This allows us to convert a string of text into a number. Let’s take the word “Hello” (without the quotes) and convert it to a number using the Ascii table.
Ascii Table : https://www.cs.cmu.edu/~pattis/15-1XX/common/handouts/ascii.html
Capital H is represented as 72
Lower case e is represented as 101
Lower case l is represented as 108
Lower case l is represented as 108
Lower case o is represented as 111
If we concatenate these numbers we’d get 72101108108101
So we have a number…..lets apply my basic hashing algorithm to this number
Step 1. 72101108108101 x 2 = 144202216216202
Step 2. 144202216216202 + 6 = 144202216216208
Step 3. 144202216216208 / 2 = 72101108108104
So in this example, the “hash” of the word Hello is 72101108108104
If I changed any letter, the hash would be different. If I even changed the Captial H to a lower case h, the hash would be different. If anything at all changes the hash would be different.
So hopefully you understand the concept of hashing….. Now I should state that my example hashing algorithm is painfully simple. If would be trivial to reverse engineer this, simply by reversing the steps. However this is my example hash.
Let’s compare this to the SHA256 hash.
The SHA256 “hash” of the word “welcome” (without the quotes) is 280D44AB1E9F79B5CCE2DD4F58F5FE91F0FBACDAC9F7447DFFC318CEB79F2D02
If you apply the SHA256 hash algorithm to the word welcome, the hash will ALWAYS be 280D44AB1E9F79B5CCE2DD4F58F5FE91F0FBACDAC9F7447DFFC318CEB79F2D02
Try it yourself on a few different online SHA256 calculators:
So we know that if we apply the SHA256 hashing algorithm to the word welcome, we will of course always get the same result, because the steps involved in “hashing” data using SHA256 algorithm are publicly documented, albiet very complex.
However, the steps are far from the simple 3-step process I gave in my example…..Sha256 uses 64 steps, and none of them are as basic as the 3-step example I included of using plus, minus, multiply and divide.
I won’t go into the entire 64-step process (There are plenty of resources out there if you are interested) but just to give you an idea of the complexity of the hashing algorithm, I’ll go through the first few steps. But before we do this, we need to “prepare” the input.
To do this we first split the word into 4-byte chunks starting from the first character. The word "welcome" (without the quotes) contains 7 characters, so it is split into two chunks
Chunk A – welc
Chunk B - ome
Ok, now for each chunk, we convert this to ascii
Chunk A – welc = 119 101 108 99
Chunk B – ome = 111 109 101
Now we convert these values to a HEX value (for information on hex, take a look here : http://whatis.techtarget.com/definition/hexadecimal)
Chunk A – 119 101 108 99 = 77 65 6c 63
Chunk B – 111 109 101 = 6f 6d 65
Now any Chunk that is not a complete 4-bytes, needs to be “padded” to make it a complete 4-byte chunk. This padding always represents “80” in hex
Chunk A is fine….it's 4-bytes, so does not require any padding. Chunk B is only 3 bytes, so it needs an extra byte of padding. To do this we simply append hex 80 to the end.
So Chunk B becomes 6f 6d 65 80
The two binary values are now concatenated back together and padded out to create a 56 byte data string. They are padded out with zeros. Hex characters are represented with two characters, so 0 in hex is 00
So the two strings go together and lots of hex value zeros go on the end to make 56 bytes
77 65 6C 63 6F 6D 65 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
We now calculate the length of the actual message in bytes including the padding (77 65 6C 63 6F 6D 65 80) and this is a total of 8 bytes, so this value of 8 (The number 8 is represented as 38 in hex) is appended to the very end of the 56 bytes to create a complete 64-byte string.
So the total 64-byte string has become:
77 65 6C 63 6F 6D 65 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 38
The 64 byte string is then converted to binary….
01110111 01100101 01101100 01100011 01101111 01101101 01100101 10000000
00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000 00000000 00000000 00000000 00111000
In the data section (the first 56 bytes) the first byte of data (01110111 in binary) represents 77 in hex, which in turn represents the decimal value of 119, which is the ascii value of w
The second byte of data (01100101 in binary) represents 65 in hex, which in turn represents the decimal value of 101, which is the ascii value of e
In the final section, the very last byte of data (00111000 in binary) represents 38 in hex, which in turn represents the decimal value of 56, which is the ascii value of 8, which represents the length of the padded data string. This value will always be a multiple of 4.
Ok so now we’ve got that 64-byte data stream, we now apply some other things to it.
At this point Sha256 does some "shifting" of the data.
"Shifting" is when you move data around – So for example if we “shift” every square on the grid backwards 7 places, then this is what would happen.
10000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00111000 01110111 01100101 01101100 01100011 01101111 01101101 01100101
Ok so Sha256 does a few more rounds of shifting until eventually, the data has been moved around and looks completely different on the grid to what it started with.
After all this is done, only then is the data “prepared” and ready to be manipulated through the 64 steps to create the hash! Now on the face of things at first glance, this actually looks complicated, but for a computer to hash data using Sha256, it’s actually fairly simple. It can do it extremely quickly! A human being could in fact do the complete SHA256 hash with enough patience. Somewhere actually did this with a pen and paper and it took them a little over a day.
After the 64 rounds of adjustment, the final hashed value of welcome comes to 280D44AB1E9F79B5CCE2DD4F58F5FE91F0FBACDAC9F7447DFFC318CEB79F2D02 and providing that you used sha256 to hash it, the word welcome will always hash to this value. If I change the anything in the input, the output hash changes dramatically.
For example, if I change welcome to Welcome (capital W), the Sha256 hash becomes 0E2226B5235F0FF94A276EB4D07A3BFEA74B7E3B8B85E9EFCA6C18430F041BF8 As you can see it’s totally unrecognisable compared to the previous hash.
So hopefully now you have an understanding of hashing, you can see that the data stored in a block can be hashed, and it will generate a hash value.
Copy the following section of transaction text into any online SHA256 calculator:
Joe has $1000
Joe’s bank account is 1234-5678 @ HSBC
Joe sends Sarah $200
Sarah has $2000
Sarah’s bank account is 8765-4321 @ Bank of China
The time of the transaction is 12:47pm 20th Feb 2018
Joe’s account will now be $800
Sarah’s bank account is $2200
You should get the following hash value:
Now this is just one transaction, but the point is that you will never see that same hash value again, unless the EXACT same transaction information is hashed with SHA256. If you change anything at all, the hash value will change completely.
Now I won’t go into why this is virtually impossible to reverse engineer, but suffice to say the estimates of computing power required to reverse a SHA256 hash are as follows:
Based on current computing power, brute-forcing SHA256 would take a powerful modern PC approximately 71,430,540,814,238,958,387,154 years. Some scientists believe the sun will “extinguish” in about 5,000,000,000 years.
For now, SHA256 is pretty secure!
So if we have a “hashed block”, suffice to say it is pretty much impossible to break.
So there we have it...a block!
OK so what does the word “chain” in blockchain mean?
Simple….. you take the hash value of the first block, and stick it into the very next block as the first part of data, just before you start adding your new transactions. Can you see what effect this has?
If my first block hash is:
If I put this just in front of all my new transactional data, then the total data in the new block (including the hash of the previous block) all gets hashed as one to create a new hash for the second block. If anyone tampers with the first block, the hash changes, and therefore won’t match with the hash put into the second block. This has a knock-on effect to all subsequent blocks.
So if you have a block-chain full of nodes (servers) and node A is reporting a cumulative hash of all blocks on the latest block on the chain to be XXXXXX but node B, node C, and node D are reporting the cumulative hash for all blocks to be YYYYYYYY, then it’s immediately obvious that node A has been compromised, and needs to be removed….after all, the entire block chain of entries ultimately ends up with an up-to-date hash of all the previous blocks, and if anything changes…..literally one single character in any single block changes…..then hash proves that the chain has been compromised!
So what exactly is mining? Mining is simply re-running the hash over and over and over again onto a block, until you reach a constant…..What I mean by a constant is as follows:
  1. You take your block of data
  2. You hash it to get a hash value
  3. You check to see if the hash begins with four zeros 0000
  4. If it doesn’t you now add 1 to the data and re-hash
  5. You check to see if the hash begins with four zeros 0000
  6. If it doesn’t you now increment the number by one and re-hash
You now repeat steps 5 & 6 over and over and over again, until eventually, at some point, you will see 4 zeros.
This extra value you are adding is what is known as a “nonce” and is actually short for the word nonsense! It basically means that you are adding a number that increments in the block, whilst everything else in the block remains constant.
Let’s take a simple transaction to use as an example:
Fred has $200
Claire has $300
Joe sends Claire $50
Fred now has $150
Claire now has $350
Ok nice and simple….. Let’s use a great website resource to demonstrate mining this data.
Copy this basic transaction into the “data” section of this web page and delete any visible “nonce” value (if there is one there) - https://anders.com/blockchain/block.html
(NOTE: when you copy/paste from reddit it might also copy the spaces between the lines, so you would need to remove them, as a space is also a valid ascii character.)
If done correctly, you should see a hash value at the bottom of f710ba16e8b987575a23ce0fe13a4dfbd3e72676c65890a7b8acab421748195b
Now this doesn’t begin with 0000, so now let’s click on the "mine" button, and the page will keep incrementing the nonce value until eventually the hash will begin with 0000.
The process should take around 5-10 seconds, and eventually the hash will be displayed as 00009db80aa366297984130a3f2b74b4f3a6eb044df24de700a616ca9e6aacb6
This does begin with 0000 and it took 15,708 “hashes” to reach it. You have reached a constant!
This block would now be deemed as a valid block, and the hash of this block is what is passed onto the next block! This is basically mining!
Mining is necessary to ensure that all blocks on the block chain are valid and accurate. Obvioulsy doing this requires computational power, which requires equipment (computers) and energy (electricity) which must be paid for, hence the reason that "miners" are compensated with coins for their efforts.
So hopefully you now have a better understanding of block chains and mining :-)
submitted by jpowell79 to u/jpowell79 [link] [comments]

Forcenet: an experimental network with a new header format | Johnson Lau | Dec 04 2016

Johnson Lau on Dec 04 2016:
Based on Luke Dashjr’s code and BIP: https://github.com/luke-jbips/blob/bip-mmhf/bip-mmhf.mediawiki , I created an experimental network to show how a new header format may be implemented.
Basically, the header hash is calculated in a way that non-upgrading nodes would see it as a block with only the coinbase tx and zero output value. They are effectively broken as they won’t see any transactions confirmed. This allows rewriting most of the rules related to block and transaction validity. Such technique has different names like soft-hardfork, firmfork, evil softfork, and could be itself a controversial topic. However, I’d rather not to focus on its soft-hardfork property, as that would be trivial to turn this into a true hardfork (e.g. setting the sign bit in block nVersion, or setting the most significant bit in the dummy coinbase nLockTime)
Instead of its soft-HF property, I think the more interesting thing is the new header format. The current bitcoin header has only 80 bytes. It provides only 32bits of nonce space and is far not enough for ASICs. It also provides no room for committing to additional data. Therefore, people are forced to put many different data in the coinbase transaction, such as merge-mining commitments, and the segwit commitment. It is not a ideal solution, especially for light wallets.
Following the practice of segwit development of making a experimental network (segnet), I made something similar and call it the Forcenet (as it forces legacy nodes to follow the post-fork chain)
The header of forcenet is mostly described in Luke’s BIP, but I have made some amendments as I implemented it. The format is (size in parentheses; little endian):
Height (4), BIP9 signalling field (4), hardfork signalling field (3), merge-mining hard fork signalling field (1), prev hash (32), timestamp (4), nonce1 (4), nonce2 (4), nonce3 (compactSize + variable), Hash TMR (32), Hash WMR (32), total tx size (8) , total tx weight (8), total sigops (8), number of tx (4), merkle branches leading to header C (compactSize + 32 bit hashes)
In addition to increasing the max block size, I also showed how the calculation and validation of witness commitment may be changed with a new header. For example, since the commitment is no longer in the coinbase tx, we don’t need to use a 0000….0000 hash for the coinbase tx like in BIP141.
Something not yet done:
  1. The new merkle root algorithm described in the MMHF BIP
  2. The nTxsSigops has no meaning currently
  3. Communication with legacy nodes. This version can’t talk to legacy nodes through the P2P network, but theoretically they could be linked up with a bridge node
  4. A new block weight definition to provide incentives for slowing down UTXO growth
  5. Many other interesting hardfork ideas, and softfork ideas that works better with a header redesign
For easier testing, forcenet has the following parameters:
Hardfork at block 200
Segwit is always activated
1 minutes block with 40000 (prefork) and 80000 (postfork) weight limit
50 blocks coinbase maturity
21000 blocks halving
144 blocks retarget
How to join: codes at https://github.com/jl2012/bitcoin/tree/forcenet1 , start with "bitcoind —forcenet" .
Connection: I’m running a node at 8333.info with default port (38901)
Mining: there is only basic internal mining support. Limited GBT support is theoretically possible but needs more hacking. To use the internal miner, writeup a shell script to repeatedly call “bitcoin-cli —forcenet generate 1”
New RPC commands: getlegacyblock and getlegacyblockheader, which generates blocks and headers that are compatible with legacy nodes.
This is largely work-in-progress so expect a reset every couple weeks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 671 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20161205/126aae21/attachment.sig
original: https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2016-Decembe013338.html
submitted by dev_list_bot to bitcoin_devlist [link] [comments]

The /r/btc China Dispatch: Episode 3 - Block Size, Chinese Miners and The Great Firewall

Good Sunday morning, /btc! The question of why Chinese miners don’t use a node outside of China to route around the Great Firewall of China (hereafter abbreviated as “the GFW”) and relay blocks more efficiently, a question with profound implications for any future block size proposal, has come up more than once over the last couple of days here, so for this episode I personally submitted the above question to one of China’s largest and most active bitcoin forums, 8btc.com and got some interesting responses that might surprise you.
For those of you who missed the last two episodes, you can catch up here and here. Also by popular request I will see if I can submit translations of the most upvoted comments here back to 8btc.com so we can establish an ongoing dialogue between both sides of the GFW.
Posted by KoKansei
Subject: If Chinese miners are concerned that the GFW will affect their ability to process big blocks, why don’t they set up a node outside of China?
My question concerns the subject above.
No doubt Chinese bitcoiners are well-aware that an irreconcilable schism has occurred in the Bitcoin development sphere and this split has shaken many users’ confidence in the currency. As a result a majority of miners, including those in China, have expressed support for the Bitcoin Classic client, which will increase the upper block size limit. However, although many miners within China support classic, they have also expressed concerns about further increases in the block size going forward since the GFW may limit the bandwidth of their connection with nodes outside of China, thereby resulting in losses to their mining business.
As a mod of /btc (one of the largest uncensored forums outside of China) I would like to pose a question to the esteemed regulars of this board: if Chinese miners are concerned that the GFW will affect their ability to process large blocks, why don’t they set up nodes outside of China?
If this thread gets a fair number of responses I will repost your thoughts to /btc to promote an exchange of ideas between our two bitcoin communities. Thank you!
[Reply 1]
Posted by LaibitePool (LTC1BTC.com)
I would like to respond briefly as the manager of a mining pool.
  1. A new block can only be broadcast outward by a single node and two blocks which are produced simultaneously by two different nodes cannot be broadcast at the same time.
  2. For every second that a broadcasted block is delayed, there is a 1/600 chance that the network will produce a new block, so the risk of the block being orphaned increases by 1/600.
  3. Currently the majority of hashing power is concentrated in China and the state of China’s Internet within China is quite good so the nodes from which China’s pools initially broadcast are located in China.
  4. An initial broadcast to foreign nodes must get over the GFW. Currently all large mining pools have already established nodes outside of China, but they’re only there to speed up the whole process and do not allow circumventing of the GFW.
Supplementary Edit:
It is not at all uncommon for Internet traffic going across national borders to be relatively slow, so the issue can’t be entirely blamed on just the GFW. Speeds are largely affected by a country / region’s total international bandwidth limits as well as related network topology.
For example, we tested transmission from Shenzhen to Hong Kong and found that when you use suitable data centers the ping back and forth is less than 10 ms, but when you try and transmit a block from Hong Kong to the US or Europe (note that the GFW is not an obstacle here!) transmission is much slower than within China.
I’m not sure who first proposed the notion that “block transmission is affected by the GFW,” but I don’t think this notion is really accurate. Putting it like that gives people the impression that bitcoin has already been subjugated by some kind of evil organization, producing negative effects as well as conflict and division within the community.
It is more accurate to say: the transmission of blocks is limited by China’s outgoing international bandwidth availability which has always been poor. This is mostly because China’s domestic Internet is already sufficiently vast and the needs of the vast majority of users can be satisfied domestically. This is different that the US and Europe where almost all services involve transmission across national borders. If you’re interested in more details regarding China’s outgoing international bandwidth, you can take a look at a few reports, like “How Embarrassing! China’s Per Capita International Trunk Line Bandwidth is Only Half of Africa’s!”
[Reply 2]
Posted by KoKansei
Thanks a lot for taking time to post such a detailed response.
If I may, I’d like to ask two more questions:
(1) Given the current situation with the GFW, what do you think is the highest block size that Chinese miners are capable of dealing with? Is it possible to estimate such a number?
(2) My understanding is that the most important part of a new block is the header. Were a Chinese miner to establish a node outside of China then it should be possible for them to send just the header of any new blocks across the GFW to said node, where the block can be broadcast. Using this method, should solve the issue of having to transmit a whole block across the GFW. Are there currently any miners who are using or considering using this method?
Thanks again for all your insight!
[Reply 3]
Posted by Ma_Ya
I would like to respond briefly as a dedicated bitcoiner.
  1. I don’t think that the developer sphere has necessarily undergone a schism, it’s just that now there exists a new competing version. Even in the event of a schism it is still possible to restore consensus. The only people who have had their confidence shaken are a minority of bitcoin speculators and traders; the confidence of the majority of bitcoin fans / faithful will not be shaken simply because of a split among the developers. A split is nothing - even if all of the developers were to disappear bitcoin could continue to function. The core framework of bitcoin was already completed during Satoshi’s time and all that’s left now is a bit of tweaking and adjustment.
  2. Even if the GFW were to limit bandwidth, the miners’ business would not suffer - on the contrary it is the Western mining pools who would suffer losses. You have to realize that more than 50% of bitcoin’s hashing power is located in China, which is to say that the majority of new blocks are created in China. Once such a new block is created, it is first received by the nodes of other pools within China, after which it slowly makes its way over the GFW to the nodes of Western pools. That is to say the foreign pools are slower to receive blocks due to the GFW, which is actually beneficial to Chinese pools. Furthermore, it’s really not a big deal to transmit one or two MB worth of data in a 10 minute interval.
  3. It is feasible to set up a node outside of China, but would you be able to take all of your miners with you outside China? Furthermore, miners need to be associated with a mining pool and there are not that many mining pools outside of China, so you’d just end up having to connect to a Chinese pool anyway. You’d still need to send data to and from China, so getting over the GFW is still an issue. Actually this is all just theoretical; in reality bitcoin has not been blocked by the GFW and due to bitcoin’s decentralized nature it would be difficult to block bitcoin. You worry too much, OP.
[Reply 4]
Posted by LaibitePool (LTC1BTC.com)
  1. I just added some content to my other reply. Given China’s current international bandwidth limitations, I think that 4MB is a reasonable value. Actually I support first going to 2MB since 2MB is enough for now. Future lifting of the cap can be done when it’s necessary.
  2. China’s pools, under the guidance of F2Pool, have already employed the method you’re talking about. I suggest that Western pools also participate (as far as I know, there exist similar alliances in the West). Ideally Bitcoin Core should be upgraded to directly incorporate this functionality so that all pools can act as an interconnected subnetwork, solving the orphan problem. Once a block is released, each pool broadcasts to all standard nodes, thereby increasing the speed with which blocks propagate throughout the network.
[Reply 5]
Posted by Ma_Ya
I too would like to respond briefly to both of your questions.
(1) In theory they should be able to easily deal with sizes as large as 100MB. Blocks of this size could be transmitted in minutes with even a standard home connection and this time is significantly reduced for miners who maintain specialized high-speed connections. Ultimately there is no firewall blocking transmission between pools in China and in any case the sum of China’s hashing power is already over 51%.
(2) If you understood the principles of mining and what I said before, you wouldn’t ask this question. First of all, China’s mining pools are not in any rush to broadcast the nonce of a successfully mined block to nodes across the globe. It only needs to be received by several of the larger pools in China. This is because once it is received by several large pools in China, you’ve already reached more than half [of available hashing power], which is the same as achieving global consensus. When you look at it like this, Chinese miners should actually want there to be interference from the GFW to hinder Western pools. Also, you mentioned setting up a node outside of China and reconstituting [blocks] there, but in reality you wouldn’t save much time that way. Think about it: what is the big difference between transmitting 1MB or 2MB and a few KB? It's probably around nothing more than one second. 10 minutes and 1 second - that’s a factor of 600:1 which is trivial when you take into account the randomness of mining itself. Furthermore your proposition is only advantageous for Western pools and provides no benefit to Chinese pools.
[Reply 6]
Posted by hzq0760
It's not at all surprising that there is some controversy on this subject. The fact that one country has more than 50% of the hashing power and also [translator's note: the sentence cuts off abruptly here with four dashes. Possible auto-censor?]. It's definitely a problem. China's mining pools should do something to resolve this issue.
Note that some posts in this thread were omitted from the translation due to time constraints.
submitted by KoKansei to btc [link] [comments]

Leela Zero Credits: a cryptocurrency proposal

There have been many discussions in the other thread about reasons for DeepMind to refrain from releasing the very strong AlphaGo Zero weights which they spent a lot to produce and which a lot of people yearn for. In fact, not only DeepMind, many companies and groups (e.g. Fine Art (Tencent), DeepZenGo, Crazy Stone, DolBaram, Tianrang) are devoting a lot of resources and competing to make good Go bots, just to make good PR, showcase their AI capabilities, and gain reputation, but they don't care about the welfare of the Go community and have no motivation to share the weights or the training data (self-play games). Our Leela Zero is open-source and all training data are open, but although it has become very popular, it doesn't attract many more clients to contribute games.
It's said that AI is the new force of production and blockchains are reshaping the relations of production. We are not working for a company but working towards a common goal: creating the strongest Go engine, which as we all know, depends crucially on the amount of self-play games. I hereby propose a new cryptocurrency that allows us to earn rewards for producing games (more precisely, for doing NN evals). In Bitcoin people try to find a number (nonce) which when hashed (SHA256) with current transaction data yields a number less than a difficulty threshold; they compete to do so and in this way they secure the authenticity of transactions and the distributed ledger, but their computations are otherwise useless. I propose to replace this proof-of-work (PoW) algorithm with a combination of neural network evaluation (NN eval, aka. inference) and hashing; the transaction data will be used as a random seed to generate some noise in the input to the NN (NNs are robust against noise), and if a "lucky" hashed NN eval result is less than the difficulty, a block can be created and a reward gained. Notice that the majority of the work in game production is NN eval (especially so for larger NN); the tree search is only small overheads. Although (the verification of) a single NN eval is slower (currently <1ms on best commodity GPU, slower for larger networks, faster for next-generation GPUs) than SHA256, I think it still serves as a viable PoW algorithm.
The plan is the following:
(1) implement the idea and release the P2P client for the blockchain; leelaz needs to be modified to communicate NN eval results with the P2P client (experienced programmer wanted!);
(2) current contributors start to run the P2P client in addition to autogtp and earn rewards;
(3) other people gradually attracted to join, especially Go enthusiasts and miners of other GPU cryptocurrencies. If a small percentage of GPUs mining Ethereum etc. turns to us, we will have enough computing power to reach AlphaGo Zero 40-day in a few months and keep going from there.
(4) a strong and improving Leela Zero definitely create good PR for our cryptocurrency and attract more supporters to join (possibly by purchasing the cryptocurrency to boost the price and thereby support what's going on inside the blockchain). Cryptocurrency stakeholders will have incentive to improve LZ by doing the training and/or optimizing the engine.
(5) In the (hopefully near) future, when Leela Zero becomes very strong and reliable, the blockchain could become a platform to trade GPU cycles for reviewing/analyzing games.
Some technical issues:
(1) People may be tempted to do NN eval only and not the tree search; however since tree search isn't costly at all compared to NN eval, the desire to make the Leela Zero stronger is sufficient to motivate them to do it and produce complete games (and upload them to the server or send them to whoever need them via the P2P network). As an additional measure, I also propose clients to probabilistically reject/discard an NN eval result that is not contained in a valid tree search for a move (to ease verification, all the NN eval results in the tree search are sent to other clients, but not stored in the block).
(2) Reproducibility (ability to verify NN eval results). We currently use floating-point arithmetic for NN evals, and the results vary across GPUs/platforms. There are two ways to solve this: 1. use fixed-point arithmetic instead, which may sacrifice speed or accuracy (but worthy if more computing power is attracted); 2. divide the real line into intervals in an agreed-upon way, and round the result to the nearest endpoint of an interval before hashing; when verifying, NN eval results within an error margin will be accepted.
Some ideas about implementation: 1. start from scratch and incorporate newest blockchain ideas; 2. fork a mature cryptocurrency such as Bitcoin and make the necessary changes; probably requires a fairly complete understanding of the large codebase; 3. start from a toy model /proof of ceoncept with e.g. naivecoin.
Footnote. Actually, for a variety of research projects needing a lot of computations (including LCZero), we can create a cryptocurrency to attract similar-minded advocates to devote their computing power and get reward. People could also "post jobs" with attached reward, i.e. provide input data for which they want to get the NN evals, and if a block is created with the provided input data, the miner will get the reward. However the inputs shouldn't be too large; one input should fit nicely into a block. Machine translation seems to fit into such a system, but I am not so sure about image recognition.
Basics about proof-of-work](https://keepingstock.net/explaining-blockchain-how-proof-of-work-enables-trustless-consensus-2abed27f0845)
For challenges to design useful PoW, see: 1 2 3
Earlier idea: Nooshare
submitted by alreadydone00 to cbaduk [link] [comments]

Compact Block Relay BIP | Matt Corallo | May 02 2016

Matt Corallo on May 02 2016:
Hi all,
The following is a BIP-formatted design spec for compact block relay
designed to limit on wire bytes during block relay. You can find the
latest version of this document at
There are several TODO items left on the document as indicated.
Additionally, the implementation linked at the bottom of the document
has a few remaining TODO items as well:
time, as the spec requires.
spec, up to 10K in transactions.
Luke (CC'd): Can you assign a BIP number?
Title: Compact block relay
Author: Matt Corallo
Status: Draft
Type: Standards Track
Created: 2016-04-27
Compact blocks on the wire as a way to save bandwidth for nodes on the
P2P network.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
document are to be interpreted as described in RFC 2119.
Historically, the Bitcoin P2P protocol has not been very bandwidth
efficient for block relay. Every transaction in a block is included when
relayed, even though a large number of the transactions in a given block
are already available to nodes before the block is relayed. This causes
moderate inbound bandwidth spikes for nodes when receiving blocks, but
can cause very significant outbound bandwidth spikes for some nodes
which receive a block before their peers. When such spikes occur, buffer
bloat can make consumer-grade internet connections temporarily unusable,
and can delay the relay of blocks to remote peers who may choose to wait
instead of redundantly requesting the same block from other, less
congested, peers.
Thus, decreasing the bandwidth used during block relay is very useful
for many individuals running nodes.
While the goal of this work is explicitly not to reduce block transfer
latency, it does, as a side effect reduce block transfer latencies in
some rather significant ways. Additionally, this work forms a foundation
for future work explicitly targeting low-latency block transfer.
===Intended Protocol Flow===
TODO: Diagrams
The protocol is intended to be used in two ways, depending on the peers
and bandwidth available, as discussed [[#Implementation_Details|later]].
The "high-bandwidth" mode, which nodes may only enable for a few of
their peers, is enabled by setting the first boolean to 1 in a
"sendcmpct" message. In this mode, peers send new block announcements
with the short transaction IDs already, possibly even before fully
validating the block. In some cases no further round-trip is needed, and
the receiver can reconstruct the block and process it as usual
immediately. When some transactions were not available from local
sources (ie mempool), a getblocktxn/blocktxn roundtrip is neccessary,
bringing the best-case latency to the same 1.5*RTT minimum time that
nodes take today, though with significantly less bandwidth usage.
The "low-bandwidth" mode is enabled by setting the first boolean to 0 in
a "sendcmpct" message. In this mode, peers send new block announcements
with the usual inv/headers announcements (as per BIP130, and after fully
validating the block). The receiving peer may then request the block
using a MSG_CMPCT_BLOCK getdata reqeuest, which will receive a response
of the header and short transaction IDs. In some cases no further
round-trip is needed, and the receiver can reconstruct the block and
process it as usual, taking the same 1.5*RTT minimum time that nodes
take today, though with significantly less bandwidth usage. When some
transactions were not available from local sources (ie mempool), a
getblocktxn/blocktxn roundtrip is neccessary, bringing the best-case
latency to 2.5*RTT, again with significantly less bandwidth usage than
today. Because TCP often exhibits worse transfer latency for larger data
sizes (as a multiple of RTT), total latency is expected to be reduced
even when full the 2.5*RTT transfer mechanism is used.
===New data structures===
Several new data structures are added to the P2P network to relay
compact blocks: PrefilledTransaction, HeaderAndShortIDs,
BlockTransactionsRequest, and BlockTransactions. Additionally, we
introduce a new variable-length integer encoding for use in these data
For the purposes of this section, CompactSize refers to the
variable-length integer encoding used across the existing P2P protocol
to encode array lengths, among other things, in 1, 3, 5 or 9 bytes.
====New VarInt====
TODO: I just copied this out of the src...Something that is
wiki-formatted and more descriptive should be used here isntead.
Variable-length integers: bytes are a MSB base-128 encoding of the number.
The high bit in each byte signifies whether another digit follows. To make
sure the encoding is one-to-one, one is subtracted from all but the last
Thus, the byte sequence a[] with length len, where all but the last byte
has bit 128 set, encodes the number:
(a[len-1] & 0x7F) + sum(i=1..len-1, 128i*((a[len-i-1] & 0x7F)+1))
0: [0x00] 256: [0x81 0x00]
1: [0x01] 16383: [0xFE 0x7F]
127: [0x7F] 16384: [0xFF 0x00]
128: [0x80 0x00] 16511: [0x80 0xFF 0x7F]
255: [0x80 0x7F] 65535: [0x82 0xFD 0x7F]
232: [0x8E 0xFE 0xFE 0xFF 0x00]
Several uses of New VarInts below are "differentially encoded". For
these, instead of using raw indexes, the number encoded is the
difference between the current index and the previous index, minus one.
For example, a first index of 0 implies a real index of 0, a second
index of 0 thereafter refers to a real index of 1, etc.
A PrefilledTransaction structure is used in HeaderAndShortIDs to provide
a list of a few transactions explicitly.
|Field Name||Type||Size||Encoding||Purpose
|index||New VarInt||1-3 bytes||[[#New_VarInt|New VarInt]],
differentially encoded since the last PrefilledTransaction in a
list||The index into the block at which this transaction is
|tx||Transaction||variable||As encoded in "tx" messages||The transaction
which is in the block at index index.
A HeaderAndShortIDs structure is used to relay a block header, the short
transactions IDs used for matching already-available transactions, and a
select few transactions which we expect a peer may be missing.
|Field Name||Type||Size||Encoding||Purpose
|header||Block header||80 bytes||First 80 bytes of the block as defined
by the encoding used by "block" messages||The header of the block being
|nonce||uint64_t||8 bytes||Little Endian||A nonce for use in short
transaction ID calculations
|shortids_length||CompactSize||1, 3, 5, or 9 bytes||As used elsewhere to
encode array lengths||The number of short transaction IDs in shortids
|shortids||List of uint64_ts||8*shortids_length bytes||Little
Endian||The short transaction IDs calculated from the transactions which
were not provided explicitly in prefilledtxn
|prefilledtxn_length||CompactSize||1, 3, 5, or 9 bytes||As used
elsewhere to encode array lengths||The number of prefilled transactions
in prefilledtxn
|prefilledtxn||List of PrefilledTransactions||variable
size*prefilledtxn_length||As defined by PrefilledTransaction definition,
above||Used to provide the coinbase transaction and a select few which
we expect a peer may be missing
A BlockTransactionsRequest structure is used to list transaction indexes
in a block being requested.
|Field Name||Type||Size||Encoding||Purpose
|blockhash||Binary blob||32 bytes||The output from a double-SHA256 of
the block header, as used elsewhere||The blockhash of the block which
the transactions being requested are in
|indexes_length||New VarInt||1-3 bytes||As defined in [[#New_VarInt|New
VarInt]]||The number of transactions being requested
|indexes||List of New VarInts||1-3 bytes*indexes_length||As defined in
[[#New_VarInt|New VarInt]], differentially encoded||The indexes of the
transactions being requested in the block
A BlockTransactions structure is used to provide some of the
transactions in a block, as requested.
|Field Name||Type||Size||Encoding||Purpose
|blockhash||Binary blob||32 bytes||The output from a double-SHA256 of
the block header, as used elsewhere||The blockhash of the block which
the transactions being provided are in
|transactions_length||New VarInt||1-3 bytes||As defined in
[[#New_VarInt|New VarInt]]||The number of transactions provided
|transactions||List of Transactions||variable||As encoded in "tx"
messages||The transactions provided
====Short transaction IDs====
Short transaction IDs are used to represent a transaction without
sending a full 256-bit hash. They are calculated by:

single-SHA256 hashing the block header with the nonce appended (in


XORing each 8-byte chunk of the double-SHA256 transaction hash with

each correspondi...[message truncated here by reddit bot]...
original: http://lists.linuxfoundation.org/pipermail/bitcoin-dev/2016-May/012624.html
submitted by dev_list_bot to bitcoin_devlist [link] [comments]

Bitcoin and cryptocurrency mining explained - YouTube BitcoinWiki Channel - YouTube How Does Bitcoin Work? - YouTube Blockchain 101 Ep 47 - What is a Timestamp? - YouTube Bitcoin Q&A: Nonces, mining, and quantum computing

Nonce: A nonce ("number only used once") is a number added to a hashed block that, when rehashed, meets the difficulty level restrictions. The nonce is the number that blockchain miners are ... Bitcoin Nonce is a 4-byte (32-bit) field in the input (block’s header, to be explained later…) of the SHA-256 function that is used to produce Bitcoin Hashes.The nonce needs to be set in such a way that its hashed output should have a certain number of leading zeros and to achieve these miners keep playing with this 4-byte field. Nonce im Block inkrementieren, bis ein Wert gefunden wird, der dem Block-Hash die erforderlichen Null-Bits gibt. Sobald der CPU-Aufwand aufgebraucht ist, um den Arbeitsbeweis zu erfüllen, kann der Block nicht geändert werden, ohne die Arbeit erneut auszuführen. Da Bitcoin ist dezentral und frei von der Kontrolle durch Regierungen, Banken und Konzerne. Es wird deshalb von Freidenkern und Hackern als Währung der Zukunft gehandelt. Abgesichert sind die ... Nonce is a 32 bit arbitrary random number that is typically used once. In Bitcoin's mining process, the goal is to find a hash below a target number which is calculated based on the difficulty. Proof of work in Bitcoin's mining takes an input consists of Merkle Root, timestamp, previous block hash and few other things plus a nonce which is completely random number.

[index] [48884] [8024] [43360] [3199] [43854] [30356] [21194] [19049] [7572] [9081]

Bitcoin and cryptocurrency mining explained - YouTube

What is a blockchain and how do they work? I'll explain why blockchains are so special in simple and plain English! 💰 Want to buy Bitcoin or Ethereum? Buy fo... what is bitcoin what is bitcoin mining what is bitcoin worth what is bitcoin backed by what is bitcoin payment what is bitcoin address what is bitcoin wallet... He is the author of two books: “Mastering Bitcoin,” published by O’Reilly Media and considered the best technical guide to bitcoin; “The Internet of Money,” a book about why bitcoin matters. Thanks to Away for sponsoring this video! Go to https://www.awaytravel.com/techquickie and use promo code techquickie to get $20 off your next order! Bitcoin... In this short live stream, you'll learn what Bitcoin is, how it works, and how it is changing the world economy. Free Video Reveals: How To Earn 3.24 BTC In ...