Efficient weighted threshold ECDSA for securing bitcoin wallet

Luke-Jr decides to rename "paper wallet" to "Paper ECDSA private keys" for all of us. Replaces all paper wallet information on the Bitcoin Wiki with what he prefers to use (HD mnemonic wallet backups).

Luke-Jr doesn't like paper wallets. To this end, he has renamed/moved the official Bitcoin wiki for "Paper Wallet" to "Paper ECDSA private keys", making it confusing and difficult for users to learn what a paper wallet is and how to stay safe when making one. Meanwhile, he has created a brand new "Paper wallet" page in which he redefines a paper wallet as a Armory/Electrum backup of a HD wallet mnemonic seed, and says that these should not be confused with what you and I and everyone else calls a paper wallet.
The other contribution Luke-Jr made to the original paper wallet wiki was to unlink my own service (bitcoinpaperwallet.com) from the wiki, his reasoning being, "BitcoinPaperWallet was removed because it is a website for generating private keys". As someone who has put a lot of energy into paper wallet education and generally helping the bitcoin community with paper wallet generation, I find this utterly baffling.
I don't want to get involved in a revision battle here. Luke-Jr has already started that, reverting any changes I make to the wiki instantly.
If you have an opinion on this matter and you have bitcoin wiki editor privileges, please express it on the discussion page.
Edit 1: you can also express opinions right here of course :)
Edit 2: much of the discussion on this page is about whether or not paper wallets are a good idea, or if websites should be used to generate them. Can we at least agree that these pro/con arguments should appear on a wiki page called "paper wallets" so everyone can find them? If those arguments appear on a wiki page called "Paper ECDSA private keys" then nobody will see them.
Edit 3: Gladoscc on the wiki has renamed "Paper ECDSA private keys" back to "Paper Wallet" as of 12:41 UTC, so you may be confused if you visit the wiki to see what all the hubbub is about -- unless his change has been reverted by the time you read this. :)
Edit 4: Gladoscc's change didn't last for more than 24 hours before Luke-Jr re-reverted the changes, and then added in a confounding set of redirects in the wiki so that "Paper Wallet" redirects to "Paper wallet" which then redirects to his page on HD wallet mnemonic seeds. I cannot understand how this is supposed to help end users who want to learn what a paper wallet is (and why they're risky, and how hard it is to produce them in a safe way.)
submitted by cantonbecker to Bitcoin [link] [comments]

Researchers from Princeton and Stanford Announce New ECDSA Threshold Signature Scheme That Is Particularly Well-Suited for Securing Bitcoin Wallets

Researchers from Princeton and Stanford Announce New ECDSA Threshold Signature Scheme That Is Particularly Well-Suited for Securing Bitcoin Wallets submitted by desantis to Bitcoin [link] [comments]

Threshold-optimal DSA/ECDSA signatures and an application to Bitcoin wallet security

submitted by srw to Bitcoin [link] [comments]

Threshold-optimal DSA/ECDSA signatures and an application to Bitcoin wallet security

submitted by ysangkok to cryptography [link] [comments]

Threshold-optimal DSA/ECDSA signatures and an application to Bitcoin wallet security

submitted by ysangkok to btc [link] [comments]

Threshold-optimal DSA/ECDSA signatures and an application to Bitcoin wallet security

submitted by BitcoinAllBot to BitcoinAll [link] [comments]

Threshold-optimal DSA/ECDSA signatures and an application to Bitcoin wallet security

submitted by ysangkok to compsci [link] [comments]

Threshold-optimal DSA/ECDSA signatures and an application to Bitcoin wallet security

submitted by BitcoinAllBot to BitcoinAll [link] [comments]

Researchers from Princeton and Stanford Announce New ECDSA Threshold Signature Scheme That Is Particularly Well-Suited for Securing Bitcoin Wallets

Researchers from Princeton and Stanford Announce New ECDSA Threshold Signature Scheme That Is Particularly Well-Suited for Securing Bitcoin Wallets submitted by moon_drone to BetterBitcoin [link] [comments]

ABCMint is a quantum resistant cryptocurrency with the Rainbow Multivariable Polynomial Signature Scheme.

Good day, the price is going up to 0.3USDT.

ABCMint Second Foundation

ABCMint has been a first third-party organization that focuses on post-quantum cryptography research and technology and aims to help improve the ecology of ABCMint technology since 2018.



What is ABCMint?

ABCMint is a quantum resistant cryptocurrency with the Rainbow Multivariable Polynomial Signature Scheme.

Cryptocurrencies and blockchain technology have attracted a significant amount of attention since 2009. While some cryptocurrencies, including Bitcoin, are used extensively in the world, these cryptocurrencies will eventually become obsolete and be replaced when the quantum computers avail. For instance, Bitcoin uses the elliptic curved signature (ECDSA). If a bitcoin user?s public key is exposed to the public chain, the quantum computers will be able to quickly reverse-engineer the private key in a short period of time. It means that should an attacker decide to use a quantum computer to decrypt ECDSA, he/she will be able to use the bitcoin in the wallet.

The ABCMint Foundation has improved the structure of the special coin core to resist quantum computers, using the Rainbow Multivariable Polynomial Signature Scheme, which is quantum resisitant, as the core. This is a fundamental solution to the major threat to digital money posed by future quantum computers. In addition, the ABCMint Foundation has implemented a new form of proof of arithmetic (mining) "ABCardO" which is different from Bitcoin?s arbitrary mining. This algorithm is believed to be beneficial to the development of the mathematical field of multivariate.

Rainbow Signature - the quantum resistant signature based on Multivariable Polynomial Signature Scheme

Unbalanced Oil and Vinegar (UOV) is a multi-disciplinary team of experts in the field of oil and vinegar. One of the oldest and most well researched signature schemes in the field of variable cryptography. It was designed by J. Patarin in 1997 and has withstood more than two decades of cryptanalysis. The UOV scheme is a very simple, smalls and fast signature. However, the main drawback of UOV is the large public key, which will not be conducive to the development of block practice technology.

The rainbow signature is an improvement on the oil and vinegar signature which increased the efficiency of unbalanced oil and vinegar. The basic concept is a multi-layered structure and generalization of oil and vinegar.

PQC - Post Quantum Cryptography

The public key cryptosystem was a breakthrough in modern cryptography in the late 1970s. It has become an increasingly important part of our cryptography communications network over The Internet and other communication systems rely heavily on the Diffie-Hellman key exchange, RSA encryption, and the use of the DSA, ECDSA or related algorithms for numerical signatures. The security of these cryptosystems depends on the difficulty level of number theory problems such as integer decomposition and discrete logarithm problems. In 1994, Peter Shor demonstrated that quantum computers can solve all these problems in polynomial time, which made this security issue related to the cryptosystems theory irrelevant. This development is known as the "post-quantum cryptography" (PQC)

In August 2015, the U.S. National Security Agency (NSA) released an announcement regarding its plans to transition to quantum-resistant algorithms. In December 2016, the National Institute of Standards and Technology (NIST) announced a call for proposals for quantum-resistant algorithms. The deadline was November 30, 2017, which also included the rainbow signatures used for ABCMint.
submitted by WrapBeautiful to ABCMint [link] [comments]

After power outage cannot unlock LND wallet... TLS certs?

Hey y'all I can't figure this one out. I'm running a raspibolt node that followed Stadicus tutorial since February 2019. I keep it up to date often, currently running LND 10.0 , I last checked it a week ago after a power outage and all was well.
there was ANOTHER power outage last night (stormy season) and I had to restart everything. The bitcoin node is up and running, caught up on the chain. But now I can't unlock my LND wallet or access it through ZAP desktop. I get the error when unlocking and inputting my wallet pwd:
[lncli] rpc error: code = Unavailable desc = all SubConns are in TransientFailure, latest connection error: connection error: desc = "transport: authentication handshake failed: x509: certificate signed by unknown authority (possibly because of \"x509: ECDSA verification failure\" while trying to verify candidate authority certificate 
That led me to some threads about the TLS certs possibly having expired after some ~14 months. So I removed them, it created new ones after a restart. As you can see in the LND directory:
drwxr-xr-x 4 bitcoin bitcoin 4096 Jun 23 19:51 . drwxr-xr-x 5 bitcoin bitcoin 4096 Mar 20 13:17 .. drwx------ 4 bitcoin bitcoin 4096 Feb 7 2019 data -rw-r--r-- 1 bitcoin bitcoin 490 May 27 2019 lnd.conf drwx------ 3 bitcoin bitcoin 4096 Feb 7 2019 logs -rw-r--r-- 1 bitcoin bitcoin 0 Feb 8 2019 test -rw-r--r-- 1 bitcoin bitcoin 778 Jun 23 19:51 tls.cert -rw------- 1 bitcoin bitcoin 227 Jun 23 19:51 tls.key 
They mentioned they solved it by copying the new TLS certs to a "different location" but do not specify where they copied them to. Stadicus guide has a few lines about pointing the admin acct to the TLS certs but nothing happens. troubleshooting shows the symbolic links are working fine. And, of course they were working for 16 months before today.
Any ideas or thoughts?
submitted by mabezard to lightningnetwork [link] [comments]

Satoshi Nakamoto built in defenses against quantum computing attacks - If you use one Bitcoin address one time, then your ECDSA public key is only ever revealed at the one time that you spend bitcoins sent to each address. A quantum computer would need to be to break your key in that short time.

submitted by crazyeyes420 to Bitcoin [link] [comments]

No, your Bitcoin is not at risk from quantum computing. You got played.

The claim: Quantum computers can hack bitcoin and its right around the corner.
There is no known way that quantum computers can break SHA256 (only the signing elliptic curve/ECDSA). So cold wallets will always be safe (this means you have not made an outgoing transaction in that wallet)
This also means you will always be safe in actively making transactions as long as wallet providers provide the functionality to constantly move your funds to a new address on each transaction (this already exists in several wallets).
There is a larger discussion on upgrading bitcoin, the fact that quantum computers are not even close to being able to crack ECDSA, etc. But I'm just going to leave it at what I said above. Your Bitcoin is not at risk from quantum computing.
The fud campaigns on quantum computing has been organized by traders half a dozen times over the past 5 years at the end of consolidation triangles, which is exactly what happened this time.
submitted by Trident1000 to CryptoCurrency [link] [comments]

tBTC an erc20 wrapped version of BTC, like erc20 wBTC; but is trustless and does not require a centralised party to mint wrapped btc like wBTC

I found this article on /Ethereum though it didnt go into the specs of how this works:
as the article says wrapped bitcoin has been done before e.g. wBTC but wBTC requires a centralised party to mint wBTC from BTC held by this party; making it out of the question as its centralised.
did some digging there is a whitepaper , but i wanted more details on the tBTC implementation.
I went on their github and looked at the readme on some projects; found a few interesting things, though not an entire explanation.
tBTC is a trustlessly Bitcoin-backed ERC-20 token.
The goal of the project is to provide a stronger 2-way peg than federated sidechains like Liquid, expanding use cases possible via today’s Bitcoin network, while bringing superior money to other chains.
This repo contains the Solidity smart contracts and specification.
tbtc.js provides JS bindings to the tBTC system. The tBTC system is a bonded, multi-federated peg made up of many deposits backed by single-use BTC wallets to enable their value’s corresponding usage on the Ethereum chain, primarily through the minting of a TBTC ERC20 token whose supply is guaranteed to be backed by at least 1 BTC per TBTC in circulation.
finally this is the best:
here is the first few pargarphs
2020-04-01 tBTC incorporates novel design features that carry important implications for users. This piece explains four of these: TDT receipts, multiple lot sizes, Keep's random beacon, and threshold signatures.
TBTC Deposit Token (TDT) The TBTC Deposit Token (TDT) is a non-fungible token that is minted when a user requests a deposit. A TDT is a non-fungible ERC-721 token that serves as a counterpart to TBTC. It represents a claim to a deposit's underlying UTXO on the Bitcoin blockchain.
TBTC deposits can be locked or unlocked. A locked deposit can only be redeemed by the deposit owner with the corresponding TDT. Each TDT is unique to the deposit that mints it and carries the exclusive right for up to a 6 month term to redeem the deposit.
also this paragraph addresses creating wallets with the created tokens
Random Beacon for Signer Selection
The Keep network requires a trusted source of randomness to select tBTC signers. This takes the form of a BLS Threshold Relay.
When a request comes in to create a signing group, the tBTC system uses a random seed from a secure decentralized random beacon to randomly select signing group members from the eligible pool of signers. These signers coordinate a distributed key generation protocol that results in a public ECDSA key for the group, which is used to produce a wallet address that is then published to the host chain. This completes the signer selection phase.
my take away from this is that by using side chains that a trustless, not fedeared like liquid bitcoin sidechains sold by blockstream. it uses NFT erc-721 tokens as representation of the bitccoin UTXO from the bitcoin blockchain, store it in a wallet and mint it into tBTC. given this is all smart contracts generating wallets and minting the tBTC, it does away with the need of a centralised party to provide the funds of BTC to create a wrapped erc20 version on ethereum and so should be trustles.
perhaps erc20 token trading is the way to go forward. just requires wrapping of exisitng tokens. this looks promising for DeXs and DeFi if it happens.
also opens the possibiliy of multicollateral Dai (MCD) using tBTC in addition to eth and BAT. though personally i think btc should not be used in MCD.
any thoughts on this? or if my understanding is off.
edit: got some more info from px403
I talked to James a bit about tBTC in Osaka, so I have a vague idea of how it works, so I might be able to explain it in a somewhat coherent way.
Basically, the magic here is they reimplemented Bitcoin's SPV as an Ethereum smart contract, effectively letting them query the current state of the Bitcoin network, including validity of payments, directly in contract. Using this, they built an auction system where people can at any time claim ETH by paying BTC, or claim BTC by paying ETH. By design the spread is wide, so this isn't actually intended to be a high volume exchange, but what you do get is a pretty good price oracle.
From the price oracle, I think there were doing some Maker style CDPs or something, where people could lock up their BTC on the Bitcoin network to redeem tBTC, and any of the locked BTC could be reclaimed by burning tBTC or something.
Sorry it's not a complete picture of what's going on, but I think that's the general gist of what they're doing.
submitted by Neophyte- to CryptoTechnology [link] [comments]

Blockstream - MuSig: A New Multisignature Standard

Blockstream - MuSig: A New Multisignature Standard submitted by yilmzfurkan to Bitcoin [link] [comments]

Quantum computing question

I'm thinking about Bitcoin in the long run and how safe my investments are, etc and I have a question about the quantum computing vulnerability. All I really understand is that, with quantum computing, it may be relatively easy to get the private keys to a wallet address. If this problem occurs, Bitcoin could of course hard fork to address the issue, however, wouldn't it still be too late? Even if the community nearly 100% agreed to fork from a time in the past before the first attack occurred, how could a fork possibly allow for new private keys that somehow everyone would be able to know based on their current private keys without those being compromised as well? And asking every single Bitcoin holder to move their funds immediately after a fork seems unfeasible. Isn't the time to fork for quantum resistance now, before a successful attack occurs? Can anyone explain to me definitively how my Bitcoins are protected if Quatum computers become widely available?
submitted by tballz16 to Bitcoin [link] [comments]

Introduction to The Quantum Resistant Ledger

Quantum computers, which have at times been dismissed as a physical impossibility, have gone from the realm of "if" to the realm of "when" over the last decade.
QRL was early to recognize the threat quantum computers posed, not just to data security of the world, but blockchain as well. In response, we created a fully open source (MIT)[1], independently audited[2,3], blockchain platform[4,5], secure against even an attack from quantum computers[6].
With security as a foundation, we've developed a feature rich platform with things like notarization[7], multisig transactions[8], and an Ephemeral Messaging System[9]. This is all done with performance[10] in mind to handle volumes expected of any enterprise-grade blockchain. Future developments include Smart Contracts, and PoS.
QRL is backed by the research of individuals, organizations and institutions, with citations from several[11]. We are commited to the scientific philosophy to development with 3 open research grants[12].
  1. MIT License: https://github.com/theQRL/QRL/blob/masteLICENSE
  2. X41 D-Sec: https://github.com/theQRL/audits/blob/masteX41-theQRL-Review-2018-Final-Report.pdf
  3. red4sec: https://medium.com/the-quantum-resistant-ledgered4sec-security-audit-563ecfe04c75
  4. API: https://api.theqrl.org/
  5. Documentation: https://docs.thqrl.org/
  6. XMSS: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-208-draft.pdf
  7. Notarisation: https://docs.theqrl.org/tools/notarisation/
  8. Multisig Transactions: https://medium.com/the-quantum-resistant-ledgethe-qrl-bromine-hardfork-a-look-inside-2eed61ea90fd#3065
  9. Ephemeral Messaging System: https://github.com/theQRL/ephemeral/blob/masteEMS_whitepaper_v1.pdf
  10. QRL Technical: Weeks 36-37: https://medium.com/the-quantum-resistant-ledgeqrl-63813234ef23
  11. Citations: https://theqrl.org/research/#s:citations
  12. Research Grants: https://theqrl.org/research/grants/
Desktop (binary)
QRL Markets
An up to date list can be found at https://theqrl.org/markets/
Official lines of communication
Is blockchain really at risk of Quantum Computing?
In short, it's not a matter of if, but when quantum computing is capable of breaking ECDSA P-256 (what Bitcoin, Ethereum and most blockchain projects use). We've put together a site called Frequently Asked Quantum Questions which has plenty of sources and should answer many of your questions: https://faqq.info/.
Worth a read is a multipart series put together by one of our community members, QRCollector.
submitted by mc_schmitt to QRL [link] [comments]

Signing Issue -- Signature must use SIGHASH_FORKID

Currently integrating my wallet software with Bitcoin Cash, but am having one hell of a time sending funds. I like to think I'm quite well versed with the bitcoin protocol, but this one has me stumped, so any help greatly appreciated.
Keep getting that, "Signature must use SIGHASH_FORKID" error. I know the general format of bitcoin txs, which is basically: Version + Num_Inputs + Inputs + Num_Outputs + Outputs + Locktime. Then I know how to sign via ECDSA, create the DER signatures, etc. That's all no problem.
This 0x40 SIGHASH is causing an issue though. What do I change within the original bitcoin tx to add that 0x40 in there?
I think one thing I have to do, is when getting that double SHA256 hash to sign, instead of adding '00000000' at the end you add '40000000' to get the proper hash to sign. However, what do I change in the DER signature to make this work? At the end of the DER there's a '01' so tried switching that to to 40, and no luck. Tried adding 40 at the end as some docs state, and again no luck.
Any help would be greatly appreciated, as I know this is a 30 second fix that I've already spent 3 days on. Google isn't much help on this one.
submitted by Envrin to Bitcoincash [link] [comments]

Bitcoin (BTC)A Peer-to-Peer Electronic Cash System.

Bitcoin (BTC)A Peer-to-Peer Electronic Cash System.
  • Bitcoin (BTC) is a peer-to-peer cryptocurrency that aims to function as a means of exchange that is independent of any central authority. BTC can be transferred electronically in a secure, verifiable, and immutable way.
  • Launched in 2009, BTC is the first virtual currency to solve the double-spending issue by timestamping transactions before broadcasting them to all of the nodes in the Bitcoin network. The Bitcoin Protocol offered a solution to the Byzantine Generals’ Problem with a blockchain network structure, a notion first created by Stuart Haber and W. Scott Stornetta in 1991.
  • Bitcoin’s whitepaper was published pseudonymously in 2008 by an individual, or a group, with the pseudonym “Satoshi Nakamoto”, whose underlying identity has still not been verified.
  • The Bitcoin protocol uses an SHA-256d-based Proof-of-Work (PoW) algorithm to reach network consensus. Its network has a target block time of 10 minutes and a maximum supply of 21 million tokens, with a decaying token emission rate. To prevent fluctuation of the block time, the network’s block difficulty is re-adjusted through an algorithm based on the past 2016 block times.
  • With a block size limit capped at 1 megabyte, the Bitcoin Protocol has supported both the Lightning Network, a second-layer infrastructure for payment channels, and Segregated Witness, a soft-fork to increase the number of transactions on a block, as solutions to network scalability.


1. What is Bitcoin (BTC)?

  • Bitcoin is a peer-to-peer cryptocurrency that aims to function as a means of exchange and is independent of any central authority. Bitcoins are transferred electronically in a secure, verifiable, and immutable way.
  • Network validators, whom are often referred to as miners, participate in the SHA-256d-based Proof-of-Work consensus mechanism to determine the next global state of the blockchain.
  • The Bitcoin protocol has a target block time of 10 minutes, and a maximum supply of 21 million tokens. The only way new bitcoins can be produced is when a block producer generates a new valid block.
  • The protocol has a token emission rate that halves every 210,000 blocks, or approximately every 4 years.
  • Unlike public blockchain infrastructures supporting the development of decentralized applications (Ethereum), the Bitcoin protocol is primarily used only for payments, and has only very limited support for smart contract-like functionalities (Bitcoin “Script” is mostly used to create certain conditions before bitcoins are used to be spent).

2. Bitcoin’s core features

For a more beginner’s introduction to Bitcoin, please visit Binance Academy’s guide to Bitcoin.

Unspent Transaction Output (UTXO) model

A UTXO transaction works like cash payment between two parties: Alice gives money to Bob and receives change (i.e., unspent amount). In comparison, blockchains like Ethereum rely on the account model.

Nakamoto consensus

In the Bitcoin network, anyone can join the network and become a bookkeeping service provider i.e., a validator. All validators are allowed in the race to become the block producer for the next block, yet only the first to complete a computationally heavy task will win. This feature is called Proof of Work (PoW).
The probability of any single validator to finish the task first is equal to the percentage of the total network computation power, or hash power, the validator has. For instance, a validator with 5% of the total network computation power will have a 5% chance of completing the task first, and therefore becoming the next block producer.
Since anyone can join the race, competition is prone to increase. In the early days, Bitcoin mining was mostly done by personal computer CPUs.
As of today, Bitcoin validators, or miners, have opted for dedicated and more powerful devices such as machines based on Application-Specific Integrated Circuit (“ASIC”).
Proof of Work secures the network as block producers must have spent resources external to the network (i.e., money to pay electricity), and can provide proof to other participants that they did so.
With various miners competing for block rewards, it becomes difficult for one single malicious party to gain network majority (defined as more than 51% of the network’s hash power in the Nakamoto consensus mechanism). The ability to rearrange transactions via 51% attacks indicates another feature of the Nakamoto consensus: the finality of transactions is only probabilistic.
Once a block is produced, it is then propagated by the block producer to all other validators to check on the validity of all transactions in that block. The block producer will receive rewards in the network’s native currency (i.e., bitcoin) as all validators approve the block and update their ledgers.

The blockchain

Block production

The Bitcoin protocol utilizes the Merkle tree data structure in order to organize hashes of numerous individual transactions into each block. This concept is named after Ralph Merkle, who patented it in 1979.
With the use of a Merkle tree, though each block might contain thousands of transactions, it will have the ability to combine all of their hashes and condense them into one, allowing efficient and secure verification of this group of transactions. This single hash called is a Merkle root, which is stored in the Block Header of a block. The Block Header also stores other meta information of a block, such as a hash of the previous Block Header, which enables blocks to be associated in a chain-like structure (hence the name “blockchain”).
An illustration of block production in the Bitcoin Protocol is demonstrated below.


Block time and mining difficulty

Block time is the period required to create the next block in a network. As mentioned above, the node who solves the computationally intensive task will be allowed to produce the next block. Therefore, block time is directly correlated to the amount of time it takes for a node to find a solution to the task. The Bitcoin protocol sets a target block time of 10 minutes, and attempts to achieve this by introducing a variable named mining difficulty.
Mining difficulty refers to how difficult it is for the node to solve the computationally intensive task. If the network sets a high difficulty for the task, while miners have low computational power, which is often referred to as “hashrate”, it would statistically take longer for the nodes to get an answer for the task. If the difficulty is low, but miners have rather strong computational power, statistically, some nodes will be able to solve the task quickly.
Therefore, the 10 minute target block time is achieved by constantly and automatically adjusting the mining difficulty according to how much computational power there is amongst the nodes. The average block time of the network is evaluated after a certain number of blocks, and if it is greater than the expected block time, the difficulty level will decrease; if it is less than the expected block time, the difficulty level will increase.

What are orphan blocks?

In a PoW blockchain network, if the block time is too low, it would increase the likelihood of nodes producingorphan blocks, for which they would receive no reward. Orphan blocks are produced by nodes who solved the task but did not broadcast their results to the whole network the quickest due to network latency.
It takes time for a message to travel through a network, and it is entirely possible for 2 nodes to complete the task and start to broadcast their results to the network at roughly the same time, while one’s messages are received by all other nodes earlier as the node has low latency.
Imagine there is a network latency of 1 minute and a target block time of 2 minutes. A node could solve the task in around 1 minute but his message would take 1 minute to reach the rest of the nodes that are still working on the solution. While his message travels through the network, all the work done by all other nodes during that 1 minute, even if these nodes also complete the task, would go to waste. In this case, 50% of the computational power contributed to the network is wasted.
The percentage of wasted computational power would proportionally decrease if the mining difficulty were higher, as it would statistically take longer for miners to complete the task. In other words, if the mining difficulty, and therefore targeted block time is low, miners with powerful and often centralized mining facilities would get a higher chance of becoming the block producer, while the participation of weaker miners would become in vain. This introduces possible centralization and weakens the overall security of the network.
However, given a limited amount of transactions that can be stored in a block, making the block time too longwould decrease the number of transactions the network can process per second, negatively affecting network scalability.

3. Bitcoin’s additional features

Segregated Witness (SegWit)

Segregated Witness, often abbreviated as SegWit, is a protocol upgrade proposal that went live in August 2017.
SegWit separates witness signatures from transaction-related data. Witness signatures in legacy Bitcoin blocks often take more than 50% of the block size. By removing witness signatures from the transaction block, this protocol upgrade effectively increases the number of transactions that can be stored in a single block, enabling the network to handle more transactions per second. As a result, SegWit increases the scalability of Nakamoto consensus-based blockchain networks like Bitcoin and Litecoin.
SegWit also makes transactions cheaper. Since transaction fees are derived from how much data is being processed by the block producer, the more transactions that can be stored in a 1MB block, the cheaper individual transactions become.
The legacy Bitcoin block has a block size limit of 1 megabyte, and any change on the block size would require a network hard-fork. On August 1st 2017, the first hard-fork occurred, leading to the creation of Bitcoin Cash (“BCH”), which introduced an 8 megabyte block size limit.
Conversely, Segregated Witness was a soft-fork: it never changed the transaction block size limit of the network. Instead, it added an extended block with an upper limit of 3 megabytes, which contains solely witness signatures, to the 1 megabyte block that contains only transaction data. This new block type can be processed even by nodes that have not completed the SegWit protocol upgrade.
Furthermore, the separation of witness signatures from transaction data solves the malleability issue with the original Bitcoin protocol. Without Segregated Witness, these signatures could be altered before the block is validated by miners. Indeed, alterations can be done in such a way that if the system does a mathematical check, the signature would still be valid. However, since the values in the signature are changed, the two signatures would create vastly different hash values.
For instance, if a witness signature states “6,” it has a mathematical value of 6, and would create a hash value of 12345. However, if the witness signature were changed to “06”, it would maintain a mathematical value of 6 while creating a (faulty) hash value of 67890.
Since the mathematical values are the same, the altered signature remains a valid signature. This would create a bookkeeping issue, as transactions in Nakamoto consensus-based blockchain networks are documented with these hash values, or transaction IDs. Effectively, one can alter a transaction ID to a new one, and the new ID can still be valid.
This can create many issues, as illustrated in the below example:
  1. Alice sends Bob 1 BTC, and Bob sends Merchant Carol this 1 BTC for some goods.
  2. Bob sends Carols this 1 BTC, while the transaction from Alice to Bob is not yet validated. Carol sees this incoming transaction of 1 BTC to him, and immediately ships goods to B.
  3. At the moment, the transaction from Alice to Bob is still not confirmed by the network, and Bob can change the witness signature, therefore changing this transaction ID from 12345 to 67890.
  4. Now Carol will not receive his 1 BTC, as the network looks for transaction 12345 to ensure that Bob’s wallet balance is valid.
  5. As this particular transaction ID changed from 12345 to 67890, the transaction from Bob to Carol will fail, and Bob will get his goods while still holding his BTC.
With the Segregated Witness upgrade, such instances can not happen again. This is because the witness signatures are moved outside of the transaction block into an extended block, and altering the witness signature won’t affect the transaction ID.
Since the transaction malleability issue is fixed, Segregated Witness also enables the proper functioning of second-layer scalability solutions on the Bitcoin protocol, such as the Lightning Network.

Lightning Network

Lightning Network is a second-layer micropayment solution for scalability.
Specifically, Lightning Network aims to enable near-instant and low-cost payments between merchants and customers that wish to use bitcoins.
Lightning Network was conceptualized in a whitepaper by Joseph Poon and Thaddeus Dryja in 2015. Since then, it has been implemented by multiple companies. The most prominent of them include Blockstream, Lightning Labs, and ACINQ.
A list of curated resources relevant to Lightning Network can be found here.
In the Lightning Network, if a customer wishes to transact with a merchant, both of them need to open a payment channel, which operates off the Bitcoin blockchain (i.e., off-chain vs. on-chain). None of the transaction details from this payment channel are recorded on the blockchain, and only when the channel is closed will the end result of both party’s wallet balances be updated to the blockchain. The blockchain only serves as a settlement layer for Lightning transactions.
Since all transactions done via the payment channel are conducted independently of the Nakamoto consensus, both parties involved in transactions do not need to wait for network confirmation on transactions. Instead, transacting parties would pay transaction fees to Bitcoin miners only when they decide to close the channel.
One limitation to the Lightning Network is that it requires a person to be online to receive transactions attributing towards him. Another limitation in user experience could be that one needs to lock up some funds every time he wishes to open a payment channel, and is only able to use that fund within the channel.
However, this does not mean he needs to create new channels every time he wishes to transact with a different person on the Lightning Network. If Alice wants to send money to Carol, but they do not have a payment channel open, they can ask Bob, who has payment channels open to both Alice and Carol, to help make that transaction. Alice will be able to send funds to Bob, and Bob to Carol. Hence, the number of “payment hubs” (i.e., Bob in the previous example) correlates with both the convenience and the usability of the Lightning Network for real-world applications.

Schnorr Signature upgrade proposal

Elliptic Curve Digital Signature Algorithm (“ECDSA”) signatures are used to sign transactions on the Bitcoin blockchain.
However, many developers now advocate for replacing ECDSA with Schnorr Signature. Once Schnorr Signatures are implemented, multiple parties can collaborate in producing a signature that is valid for the sum of their public keys.
This would primarily be beneficial for network scalability. When multiple addresses were to conduct transactions to a single address, each transaction would require their own signature. With Schnorr Signature, all these signatures would be combined into one. As a result, the network would be able to store more transactions in a single block.
The reduced size in signatures implies a reduced cost on transaction fees. The group of senders can split the transaction fees for that one group signature, instead of paying for one personal signature individually.
Schnorr Signature also improves network privacy and token fungibility. A third-party observer will not be able to detect if a user is sending a multi-signature transaction, since the signature will be in the same format as a single-signature transaction.

4. Economics and supply distribution

The Bitcoin protocol utilizes the Nakamoto consensus, and nodes validate blocks via Proof-of-Work mining. The bitcoin token was not pre-mined, and has a maximum supply of 21 million. The initial reward for a block was 50 BTC per block. Block mining rewards halve every 210,000 blocks. Since the average time for block production on the blockchain is 10 minutes, it implies that the block reward halving events will approximately take place every 4 years.
As of May 12th 2020, the block mining rewards are 6.25 BTC per block. Transaction fees also represent a minor revenue stream for miners.
submitted by D-platform to u/D-platform [link] [comments]

Can a quantum computer be used for bitcoin mining?

This has been bothering me for a while.
I'm a newbie in computer science, and I just found out about Grover’s algorithm, which can only be implemented on a quantum computer. Supposedly it can achieve a quadratic speedup over a classical computer, brute-forcing a solution to a n-bit symmetric encryption key in 2^n/2 iterations.
This led me to think that, by utilizing a quantum computer or quantum simulator of about 40-qubits that runs Grover's algorithm, is it possible to mine bitcoins this way? The current difficulty of bitcoin mining is about 15,466,098,935,554 (approximately 2^44), which means that it would take about 2^44*2^32=2^76 SHA256 hashes before a valid block header hash is found.
However, by implementing Grover's algorithm, we would only need to sort through 2^76/2=2^38 hashes to discover a valid block header hash. A 38-qubit quantum computer should be sufficient in this case - which means the 40-qubit quantum computer should be more than enough to handle bitcoin mining.
Therefore - is it possible to use quantum computers to mine bitcoins this way? I'm not too familiar with quantum computers, so please correct me if I missed something.......
NOTE: I am NOT asking whether it is possible to use quantum computers to break the ECDSA secp256k1 algorithm, which would effectively allow anyone to steal bitcoins from wallets. I know that this would require much more than 40 qubits, and is definitely not happening in the near-future.
Rather, I'm asking about bitcoin mining, which is a much easier problem than trying to break ECDSA secp256k1.
submitted by Palpatine88888 to QuantumComputing [link] [comments]

Why quantum computers do not pose a risk to bitcoin. (The quantum fud campaign has worked in the past and it worked this time. People need to learn to rebuke this false narrative)

The claim: Quantum computers can hack bitcoin and its right around the corner.
There is no known way that quantum computers can break SHA256 (only the signing elliptic curve/ECDSA). So cold wallets will always be safe (this means you have not made an outgoing transaction in that wallet)
This also means you will always be safe in actively making transactions as long as wallet providers upgrade the functionality to constantly move your funds to a new address on each transaction (this already exists in several wallets). Its a simple software update.
There is a larger discussion on upgrading bitcoin, the fact that quantum computers are not even close to being able to crack ECDSA, etc. But I'm just going to leave it at what I said above. Your Bitcoin is not at risk from quantum computing.
submitted by Trident1000 to Bitcoin [link] [comments]

Electrum 3.2 (codename: Satoshi's Vision) has been officially released. It includes libsecp256k1 and the Revealer plugin.

Electrum 3.2 (codename: Satoshi's Vision) has been officially released. It includes libsecp256k1 and the Revealer plugin. submitted by BashCo to Bitcoin [link] [comments]

Wie funktionieren Hierarchical Deterministic Wallets?  Teil 13 Kryptographie Crashkurs 5 minut za Bitcoin: Pripravite si padalo Bitcoin Hack 2020 method BITCOIN The Digital CURRENCY: What is It ? Can This Be The ... 35C3 - Wallet Security

The range is governed by the secp256k1 ECDSA encryption standard used by Bitcoin. Wallet Import Format (WIF)¶ In order to make copying of private keys less prone to error, Wallet Import Format may be utilized. WIF uses base58Check encoding on a private key, greatly decreasing the chance of copying error, much like standard Bitcoin addresses. Take a private key. Add a 0x80 byte in front of it ... Bitfi thoroughly hashes all bytes to perform ECDSA check to ensure they match with the update package & that it has not been tampered with. Open Source. Verify. Bitfi code is completely open source, we encourage developers anywhere in the world to review Bitfi code. No Counterfeiting. Unlike any other wallet, each Bitfi device gets specially packaged firmware for its' Trusted Execution ... Efficient weighted threshold ECDSA for securing bitcoin wallet Abstract: Bitcoin is a digital currency based on cryptographic algorithms. All the transactions of this currency are recorded and stored in a publically available database called blockchain. Since, these transactions are available to everyone, bitcoins must be stored in a secured wallet. These bitcoin wallets can be opened only by ... Renamed the page to Paper Wallet (Single Key) so that the terminology is more technically correct while not obfuscating it so much that someone (for example) reading the "Mastering Bitcoin" book will still be able to figure out what the section called "Paper Wallets" in Chapter 4 is about. Or so that someone who is using blockchain.info, or Mycelium, etc. will be able to research what "Import ... Threshold-optimal DSA/ECDSA signatures and an application to Bitcoin wallet security Rosario Gennaro1, Steven Goldfeder 2, and Arvind Narayanan 1 City College, City University of New York [email protected] 2 Princeton University fstevenag,[email protected]

[index] [43005] [26083] [11180] [9283] [51042] [47029] [29554] [17359] [40782] [23448]

Wie funktionieren Hierarchical Deterministic Wallets? Teil 13 Kryptographie Crashkurs

- TSS in ECDSA vs. Schnorr signatures - Applications and use cases for TSS - ZenGo’s on-boarding, restore process and use of biometrics - The future of wallet interoperability in a world of ... https://media.ccc.de/v/35c3-9492-wallet_security How (not) to protect private keys There are multiple different ways to store cryptocurrency secret keys. Thi... Elliptic Curve Digital Signature Algorithm ECDSA Part 10 Cryptography Crashcourse - Duration: 35:32. Dr. Julian Hosp - Blockchain, Krypto, Bitcoin 5,773 views How do you slow down hackers and provide equal access to everyone on earth? Not easy. But Bitcoin's solution is devilishly simple, employing outrageously big... Bitcoin - Wikipedija, prosta enciklopedija - Vsakemu naslovu Bitcoin, ki je analogen računu v bančnem sistemu, pripada par javnega in zasebnega ključa ECDSA iz domene asimetrične kriptografije ...