How to Mine Bitcoin Private: Complete Beginner’s Guide

Technical: Taproot: Why Activate?

This is a follow-up on https://old.reddit.com/Bitcoin/comments/hqzp14/technical_the_path_to_taproot_activation/
Taproot! Everybody wants it!! But... you might ask yourself: sure, everybody else wants it, but why would I, sovereign Bitcoin HODLer, want it? Surely I can be better than everybody else because I swapped XXX fiat for Bitcoin unlike all those nocoiners?
And it is important for you to know the reasons why you, o sovereign Bitcoiner, would want Taproot activated. After all, your nodes (or the nodes your wallets use, which if you are SPV, you hopefully can pester to your wallet vendoimplementor about) need to be upgraded in order for Taproot activation to actually succeed instead of becoming a hot sticky mess.
First, let's consider some principles of Bitcoin.
I'm sure most of us here would agree that the above are very important principles of Bitcoin and that these are principles we would not be willing to remove. If anything, we would want those principles strengthened (especially the last one, financial privacy, which current Bitcoin is only sporadically strong with: you can get privacy, it just requires effort to do so).
So, how does Taproot affect those principles?

Taproot and Your /Coins

Most HODLers probably HODL their coins in singlesig addresses. Sadly, switching to Taproot would do very little for you (it gives a mild discount at spend time, at the cost of a mild increase in fee at receive time (paid by whoever sends to you, so if it's a self-send from a P2PKH or bech32 address, you pay for this); mostly a wash).
(technical details: a Taproot output is 1 version byte + 32 byte public key, while a P2WPKH (bech32 singlesig) output is 1 version byte + 20 byte public key hash, so the Taproot output spends 12 bytes more; spending from a P2WPKH requires revealing a 32-byte public key later, which is not needed with Taproot, and Taproot signatures are about 9 bytes smaller than P2WPKH signatures, but the 32 bytes plus 9 bytes is divided by 4 because of the witness discount, so it saves about 11 bytes; mostly a wash, it increases blockweight by about 1 virtual byte, 4 weight for each Taproot-output-input, compared to P2WPKH-output-input).
However, as your HODLings grow in value, you might start wondering if multisignature k-of-n setups might be better for the security of your savings. And it is in multisignature that Taproot starts to give benefits!
Taproot switches to using Schnorr signing scheme. Schnorr makes key aggregation -- constructing a single public key from multiple public keys -- almost as trivial as adding numbers together. "Almost" because it involves some fairly advanced math instead of simple boring number adding, but hey when was the last time you added up your grocery list prices by hand huh?
With current P2SH and P2WSH multisignature schemes, if you have a 2-of-3 setup, then to spend, you need to provide two different signatures from two different public keys. With Taproot, you can create, using special moon math, a single public key that represents your 2-of-3 setup. Then you just put two of your devices together, have them communicate to each other (this can be done airgapped, in theory, by sending QR codes: the software to do this is not even being built yet, but that's because Taproot hasn't activated yet!), and they will make a single signature to authorize any spend from your 2-of-3 address. That's 73 witness bytes -- 18.25 virtual bytes -- of signatures you save!
And if you decide that your current setup with 1-of-1 P2PKH / P2WPKH addresses is just fine as-is: well, that's the whole point of a softfork: backwards-compatibility; you can receive from Taproot users just fine, and once your wallet is updated for Taproot-sending support, you can send to Taproot users just fine as well!
(P2WPKH and P2WSH -- SegWit v0 -- addresses start with bc1q; Taproot -- SegWit v1 --- addresses start with bc1p, in case you wanted to know the difference; in bech32 q is 0, p is 1)
Now how about HODLers who keep all, or some, of their coins on custodial services? Well, any custodial service worth its salt would be doing at least 2-of-3, or probably something even bigger, like 11-of-15. So your custodial service, if it switched to using Taproot internally, could save a lot more (imagine an 11-of-15 getting reduced from 11 signatures to just 1!), which --- we can only hope! --- should translate to lower fees and better customer service from your custodial service!
So I think we can say, very accurately, that the Bitcoin principle --- that YOU are in control of your money --- can only be helped by Taproot (if you are doing multisignature), and, because P2PKH and P2WPKH remain validly-usable addresses in a Taproot future, will not be harmed by Taproot. Its benefit to this principle might be small (it mostly only benefits multisignature users) but since it has no drawbacks with this (i.e. singlesig users can continue to use P2WPKH and P2PKH still) this is still a nice, tidy win!
(even singlesig users get a minor benefit, in that multisig users will now reduce their blockchain space footprint, so that fees can be kept low for everybody; so for example even if you have your single set of private keys engraved on titanium plates sealed in an airtight box stored in a safe buried in a desert protected by angry nomads riding giant sandworms because you're the frickin' Kwisatz Haderach, you still gain some benefit from Taproot)
And here's the important part: if P2PKH/P2WPKH is working perfectly fine with you and you decide to never use Taproot yourself, Taproot will not affect you detrimentally. First do no harm!

Taproot and Your Contracts

No one is an island, no one lives alone. Give and you shall receive. You know: by trading with other people, you can gain expertise in some obscure little necessity of the world (and greatly increase your productivity in that little field), and then trade the products of your expertise for necessities other people have created, all of you thereby gaining gains from trade.
So, contracts, which are basically enforceable agreements that facilitate trading with people who you do not personally know and therefore might not trust.
Let's start with a simple example. You want to buy some gewgaws from somebody. But you don't know them personally. The seller wants the money, you want their gewgaws, but because of the lack of trust (you don't know them!! what if they're scammers??) neither of you can benefit from gains from trade.
However, suppose both of you know of some entity that both of you trust. That entity can act as a trusted escrow. The entity provides you security: this enables the trade, allowing both of you to get gains from trade.
In Bitcoin-land, this can be implemented as a 2-of-3 multisignature. The three signatories in the multisgnature would be you, the gewgaw seller, and the escrow. You put the payment for the gewgaws into this 2-of-3 multisignature address.
Now, suppose it turns out neither of you are scammers (whaaaat!). You receive the gewgaws just fine and you're willing to pay up for them. Then you and the gewgaw seller just sign a transaction --- you and the gewgaw seller are 2, sufficient to trigger the 2-of-3 --- that spends from the 2-of-3 address to a singlesig the gewgaw seller wants (or whatever address the gewgaw seller wants).
But suppose some problem arises. The seller gave you gawgews instead of gewgaws. Or you decided to keep the gewgaws but not sign the transaction to release the funds to the seller. In either case, the escrow is notified, and if it can sign with you to refund the funds back to you (if the seller was a scammer) or it can sign with the seller to forward the funds to the seller (if you were a scammer).
Taproot helps with this: like mentioned above, it allows multisignature setups to produce only one signature, reducing blockchain space usage, and thus making contracts --- which require multiple people, by definition, you don't make contracts with yourself --- is made cheaper (which we hope enables more of these setups to happen for more gains from trade for everyone, also, moon and lambos).
(technology-wise, it's easier to make an n-of-n than a k-of-n, making a k-of-n would require a complex setup involving a long ritual with many communication rounds between the n participants, but an n-of-n can be done trivially with some moon math. You can, however, make what is effectively a 2-of-3 by using a three-branch SCRIPT: either 2-of-2 of you and seller, OR 2-of-2 of you and escrow, OR 2-of-2 of escrow and seller. Fortunately, Taproot adds a facility to embed a SCRIPT inside a public key, so you can have a 2-of-2 Taprooted address (between you and seller) with a SCRIPT branch that can instead be spent with 2-of-2 (you + escrow) OR 2-of-2 (seller + escrow), which implements the three-branched SCRIPT above. If neither of you are scammers (hopefully the common case) then you both sign using your keys and never have to contact the escrow, since you are just using the escrow public key without coordinating with them (because n-of-n is trivial but k-of-n requires setup with communication rounds), so in the "best case" where both of you are honest traders, you also get a privacy boost, in that the escrow never learns you have been trading on gewgaws, I mean ewww, gawgews are much better than gewgaws and therefore I now judge you for being a gewgaw enthusiast, you filthy gewgawer).

Taproot and Your Contracts, Part 2: Cryptographic Boogaloo

Now suppose you want to buy some data instead of things. For example, maybe you have some closed-source software in trial mode installed, and want to pay the developer for the full version. You want to pay for an activation code.
This can be done, today, by using an HTLC. The developer tells you the hash of the activation code. You pay to an HTLC, paying out to the developer if it reveals the preimage (the activation code), or refunding the money back to you after a pre-agreed timeout. If the developer claims the funds, it has to reveal the preimage, which is the activation code, and you can now activate your software. If the developer does not claim the funds by the timeout, you get refunded.
And you can do that, with HTLCs, today.
Of course, HTLCs do have problems:
Fortunately, with Schnorr (which is enabled by Taproot), we can now use the Scriptless Script constuction by Andrew Poelstra. This Scriptless Script allows a new construction, the PTLC or Pointlocked Timelocked Contract. Instead of hashes and preimages, just replace "hash" with "point" and "preimage" with "scalar".
Or as you might know them: "point" is really "public key" and "scalar" is really a "private key". What a PTLC does is that, given a particular public key, the pointlocked branch can be spent only if the spender reveals the private key of the given public key to you.
Another nice thing with PTLCs is that they are deniable. What appears onchain is just a single 2-of-2 signature between you and the developemanufacturer. It's like a magic trick. This signature has no special watermarks, it's a perfectly normal signature (the pledge). However, from this signature, plus some datta given to you by the developemanufacturer (known as the adaptor signature) you can derive the private key of a particular public key you both agree on (the turn). Anyone scraping the blockchain will just see signatures that look just like every other signature, and as long as nobody manages to hack you and get a copy of the adaptor signature or the private key, they cannot get the private key behind the public key (point) that the pointlocked branch needs (the prestige).
(Just to be clear, the public key you are getting the private key from, is distinct from the public key that the developemanufacturer will use for its funds. The activation key is different from the developer's onchain Bitcoin key, and it is the activation key whose private key you will be learning, not the developer's/manufacturer's onchain Bitcoin key).
So:
Taproot lets PTLCs exist onchain because they enable Schnorr, which is a requirement of PTLCs / Scriptless Script.
(technology-wise, take note that Scriptless Script works only for the "pointlocked" branch of the contract; you need normal Script, or a pre-signed nLockTimed transaction, for the "timelocked" branch. Since Taproot can embed a script, you can have the Taproot pubkey be a 2-of-2 to implement the Scriptless Script "pointlocked" branch, then have a hidden script that lets you recover the funds with an OP_CHECKLOCKTIMEVERIFY after the timeout if the seller does not claim the funds.)

Quantum Quibbles!

Now if you were really paying attention, you might have noticed this parenthetical:
(technical details: a Taproot output is 1 version byte + 32 byte public key, while a P2WPKH (bech32 singlesig) output is 1 version byte + 20 byte public key hash...)
So wait, Taproot uses raw 32-byte public keys, and not public key hashes? Isn't that more quantum-vulnerable??
Well, in theory yes. In practice, they probably are not.
It's not that hashes can be broken by quantum computes --- they're still not. Instead, you have to look at how you spend from a P2WPKH/P2PKH pay-to-public-key-hash.
When you spend from a P2PKH / P2WPKH, you have to reveal the public key. Then Bitcoin hashes it and checks if this matches with the public-key-hash, and only then actually validates the signature for that public key.
So an unconfirmed transaction, floating in the mempools of nodes globally, will show, in plain sight for everyone to see, your public key.
(public keys should be public, that's why they're called public keys, LOL)
And if quantum computers are fast enough to be of concern, then they are probably fast enough that, in the several minutes to several hours from broadcast to confirmation, they have already cracked the public key that is openly broadcast with your transaction. The owner of the quantum computer can now replace your unconfirmed transaction with one that pays the funds to itself. Even if you did not opt-in RBF, miners are still incentivized to support RBF on RBF-disabled transactions.
So the extra hash is not as significant a protection against quantum computers as you might think. Instead, the extra hash-and-compare needed is just extra validation effort.
Further, if you have ever, in the past, spent from the address, then there exists already a transaction indelibly stored on the blockchain, openly displaying the public key from which quantum computers can derive the private key. So those are still vulnerable to quantum computers.
For the most part, the cryptographers behind Taproot (and Bitcoin Core) are of the opinion that quantum computers capable of cracking Bitcoin pubkeys are unlikely to appear within a decade or two.
So:
For now, the homomorphic and linear properties of elliptic curve cryptography provide a lot of benefits --- particularly the linearity property is what enables Scriptless Script and simple multisignature (i.e. multisignatures that are just 1 signature onchain). So it might be a good idea to take advantage of them now while we are still fairly safe against quantum computers. It seems likely that quantum-safe signature schemes are nonlinear (thus losing these advantages).

Summary

I Wanna Be The Taprooter!

So, do you want to help activate Taproot? Here's what you, mister sovereign Bitcoin HODLer, can do!

But I Hate Taproot!!

That's fine!

Discussions About Taproot Activation

submitted by almkglor to Bitcoin [link] [comments]

[ Bitcoin ] Technical: Taproot: Why Activate?

Topic originally posted in Bitcoin by almkglor [link]
This is a follow-up on https://old.reddit.com/Bitcoin/comments/hqzp14/technical_the_path_to_taproot_activation/
Taproot! Everybody wants it!! But... you might ask yourself: sure, everybody else wants it, but why would I, sovereign Bitcoin HODLer, want it? Surely I can be better than everybody else because I swapped XXX fiat for Bitcoin unlike all those nocoiners?
And it is important for you to know the reasons why you, o sovereign Bitcoiner, would want Taproot activated. After all, your nodes (or the nodes your wallets use, which if you are SPV, you hopefully can pester to your wallet vendoimplementor about) need to be upgraded in order for Taproot activation to actually succeed instead of becoming a hot sticky mess.
First, let's consider some principles of Bitcoin.
I'm sure most of us here would agree that the above are very important principles of Bitcoin and that these are principles we would not be willing to remove. If anything, we would want those principles strengthened (especially the last one, financial privacy, which current Bitcoin is only sporadically strong with: you can get privacy, it just requires effort to do so).
So, how does Taproot affect those principles?

Taproot and Your /Coins

Most HODLers probably HODL their coins in singlesig addresses. Sadly, switching to Taproot would do very little for you (it gives a mild discount at spend time, at the cost of a mild increase in fee at receive time (paid by whoever sends to you, so if it's a self-send from a P2PKH or bech32 address, you pay for this); mostly a wash).
(technical details: a Taproot output is 1 version byte + 32 byte public key, while a P2WPKH (bech32 singlesig) output is 1 version byte + 20 byte public key hash, so the Taproot output spends 12 bytes more; spending from a P2WPKH requires revealing a 32-byte public key later, which is not needed with Taproot, and Taproot signatures are about 9 bytes smaller than P2WPKH signatures, but the 32 bytes plus 9 bytes is divided by 4 because of the witness discount, so it saves about 11 bytes; mostly a wash, it increases blockweight by about 1 virtual byte, 4 weight for each Taproot-output-input, compared to P2WPKH-output-input).
However, as your HODLings grow in value, you might start wondering if multisignature k-of-n setups might be better for the security of your savings. And it is in multisignature that Taproot starts to give benefits!
Taproot switches to using Schnorr signing scheme. Schnorr makes key aggregation -- constructing a single public key from multiple public keys -- almost as trivial as adding numbers together. "Almost" because it involves some fairly advanced math instead of simple boring number adding, but hey when was the last time you added up your grocery list prices by hand huh?
With current P2SH and P2WSH multisignature schemes, if you have a 2-of-3 setup, then to spend, you need to provide two different signatures from two different public keys. With Taproot, you can create, using special moon math, a single public key that represents your 2-of-3 setup. Then you just put two of your devices together, have them communicate to each other (this can be done airgapped, in theory, by sending QR codes: the software to do this is not even being built yet, but that's because Taproot hasn't activated yet!), and they will make a single signature to authorize any spend from your 2-of-3 address. That's 73 witness bytes -- 18.25 virtual bytes -- of signatures you save!
And if you decide that your current setup with 1-of-1 P2PKH / P2WPKH addresses is just fine as-is: well, that's the whole point of a softfork: backwards-compatibility; you can receive from Taproot users just fine, and once your wallet is updated for Taproot-sending support, you can send to Taproot users just fine as well!
(P2WPKH and P2WSH -- SegWit v0 -- addresses start with bc1q; Taproot -- SegWit v1 --- addresses start with bc1p, in case you wanted to know the difference; in bech32 q is 0, p is 1)
Now how about HODLers who keep all, or some, of their coins on custodial services? Well, any custodial service worth its salt would be doing at least 2-of-3, or probably something even bigger, like 11-of-15. So your custodial service, if it switched to using Taproot internally, could save a lot more (imagine an 11-of-15 getting reduced from 11 signatures to just 1!), which --- we can only hope! --- should translate to lower fees and better customer service from your custodial service!
So I think we can say, very accurately, that the Bitcoin principle --- that YOU are in control of your money --- can only be helped by Taproot (if you are doing multisignature), and, because P2PKH and P2WPKH remain validly-usable addresses in a Taproot future, will not be harmed by Taproot. Its benefit to this principle might be small (it mostly only benefits multisignature users) but since it has no drawbacks with this (i.e. singlesig users can continue to use P2WPKH and P2PKH still) this is still a nice, tidy win!
(even singlesig users get a minor benefit, in that multisig users will now reduce their blockchain space footprint, so that fees can be kept low for everybody; so for example even if you have your single set of private keys engraved on titanium plates sealed in an airtight box stored in a safe buried in a desert protected by angry nomads riding giant sandworms because you're the frickin' Kwisatz Haderach, you still gain some benefit from Taproot)
And here's the important part: if P2PKH/P2WPKH is working perfectly fine with you and you decide to never use Taproot yourself, Taproot will not affect you detrimentally. First do no harm!

Taproot and Your Contracts

No one is an island, no one lives alone. Give and you shall receive. You know: by trading with other people, you can gain expertise in some obscure little necessity of the world (and greatly increase your productivity in that little field), and then trade the products of your expertise for necessities other people have created, all of you thereby gaining gains from trade.
So, contracts, which are basically enforceable agreements that facilitate trading with people who you do not personally know and therefore might not trust.
Let's start with a simple example. You want to buy some gewgaws from somebody. But you don't know them personally. The seller wants the money, you want their gewgaws, but because of the lack of trust (you don't know them!! what if they're scammers??) neither of you can benefit from gains from trade.
However, suppose both of you know of some entity that both of you trust. That entity can act as a trusted escrow. The entity provides you security: this enables the trade, allowing both of you to get gains from trade.
In Bitcoin-land, this can be implemented as a 2-of-3 multisignature. The three signatories in the multisgnature would be you, the gewgaw seller, and the escrow. You put the payment for the gewgaws into this 2-of-3 multisignature address.
Now, suppose it turns out neither of you are scammers (whaaaat!). You receive the gewgaws just fine and you're willing to pay up for them. Then you and the gewgaw seller just sign a transaction --- you and the gewgaw seller are 2, sufficient to trigger the 2-of-3 --- that spends from the 2-of-3 address to a singlesig the gewgaw seller wants (or whatever address the gewgaw seller wants).
But suppose some problem arises. The seller gave you gawgews instead of gewgaws. Or you decided to keep the gewgaws but not sign the transaction to release the funds to the seller. In either case, the escrow is notified, and if it can sign with you to refund the funds back to you (if the seller was a scammer) or it can sign with the seller to forward the funds to the seller (if you were a scammer).
Taproot helps with this: like mentioned above, it allows multisignature setups to produce only one signature, reducing blockchain space usage, and thus making contracts --- which require multiple people, by definition, you don't make contracts with yourself --- is made cheaper (which we hope enables more of these setups to happen for more gains from trade for everyone, also, moon and lambos).
(technology-wise, it's easier to make an n-of-n than a k-of-n, making a k-of-n would require a complex setup involving a long ritual with many communication rounds between the n participants, but an n-of-n can be done trivially with some moon math. You can, however, make what is effectively a 2-of-3 by using a three-branch SCRIPT: either 2-of-2 of you and seller, OR 2-of-2 of you and escrow, OR 2-of-2 of escrow and seller. Fortunately, Taproot adds a facility to embed a SCRIPT inside a public key, so you can have a 2-of-2 Taprooted address (between you and seller) with a SCRIPT branch that can instead be spent with 2-of-2 (you + escrow) OR 2-of-2 (seller + escrow), which implements the three-branched SCRIPT above. If neither of you are scammers (hopefully the common case) then you both sign using your keys and never have to contact the escrow, since you are just using the escrow public key without coordinating with them (because n-of-n is trivial but k-of-n requires setup with communication rounds), so in the "best case" where both of you are honest traders, you also get a privacy boost, in that the escrow never learns you have been trading on gewgaws, I mean ewww, gawgews are much better than gewgaws and therefore I now judge you for being a gewgaw enthusiast, you filthy gewgawer).

Taproot and Your Contracts, Part 2: Cryptographic Boogaloo

Now suppose you want to buy some data instead of things. For example, maybe you have some closed-source software in trial mode installed, and want to pay the developer for the full version. You want to pay for an activation code.
This can be done, today, by using an HTLC. The developer tells you the hash of the activation code. You pay to an HTLC, paying out to the developer if it reveals the preimage (the activation code), or refunding the money back to you after a pre-agreed timeout. If the developer claims the funds, it has to reveal the preimage, which is the activation code, and you can now activate your software. If the developer does not claim the funds by the timeout, you get refunded.
And you can do that, with HTLCs, today.
Of course, HTLCs do have problems:
Fortunately, with Schnorr (which is enabled by Taproot), we can now use the Scriptless Script constuction by Andrew Poelstra. This Scriptless Script allows a new construction, the PTLC or Pointlocked Timelocked Contract. Instead of hashes and preimages, just replace "hash" with "point" and "preimage" with "scalar".
Or as you might know them: "point" is really "public key" and "scalar" is really a "private key". What a PTLC does is that, given a particular public key, the pointlocked branch can be spent only if the spender reveals the private key of the given private key to you.
Another nice thing with PTLCs is that they are deniable. What appears onchain is just a single 2-of-2 signature between you and the developemanufacturer. It's like a magic trick. This signature has no special watermarks, it's a perfectly normal signature (the pledge). However, from this signature, plus some datta given to you by the developemanufacturer (known as the adaptor signature) you can derive the private key of a particular public key you both agree on (the turn). Anyone scraping the blockchain will just see signatures that look just like every other signature, and as long as nobody manages to hack you and get a copy of the adaptor signature or the private key, they cannot get the private key behind the public key (point) that the pointlocked branch needs (the prestige).
(Just to be clear, the public key you are getting the private key from, is distinct from the public key that the developemanufacturer will use for its funds. The activation key is different from the developer's onchain Bitcoin key, and it is the activation key whose private key you will be learning, not the developer's/manufacturer's onchain Bitcoin key).
So:
Taproot lets PTLCs exist onchain because they enable Schnorr, which is a requirement of PTLCs / Scriptless Script.
(technology-wise, take note that Scriptless Script works only for the "pointlocked" branch of the contract; you need normal Script, or a pre-signed nLockTimed transaction, for the "timelocked" branch. Since Taproot can embed a script, you can have the Taproot pubkey be a 2-of-2 to implement the Scriptless Script "pointlocked" branch, then have a hidden script that lets you recover the funds with an OP_CHECKLOCKTIMEVERIFY after the timeout if the seller does not claim the funds.)

Quantum Quibbles!

Now if you were really paying attention, you might have noticed this parenthetical:
(technical details: a Taproot output is 1 version byte + 32 byte public key, while a P2WPKH (bech32 singlesig) output is 1 version byte + 20 byte public key hash...)
So wait, Taproot uses raw 32-byte public keys, and not public key hashes? Isn't that more quantum-vulnerable??
Well, in theory yes. In practice, they probably are not.
It's not that hashes can be broken by quantum computes --- they're still not. Instead, you have to look at how you spend from a P2WPKH/P2PKH pay-to-public-key-hash.
When you spend from a P2PKH / P2WPKH, you have to reveal the public key. Then Bitcoin hashes it and checks if this matches with the public-key-hash, and only then actually validates the signature for that public key.
So an unconfirmed transaction, floating in the mempools of nodes globally, will show, in plain sight for everyone to see, your public key.
(public keys should be public, that's why they're called public keys, LOL)
And if quantum computers are fast enough to be of concern, then they are probably fast enough that, in the several minutes to several hours from broadcast to confirmation, they have already cracked the public key that is openly broadcast with your transaction. The owner of the quantum computer can now replace your unconfirmed transaction with one that pays the funds to itself. Even if you did not opt-in RBF, miners are still incentivized to support RBF on RBF-disabled transactions.
So the extra hash is not as significant a protection against quantum computers as you might think. Instead, the extra hash-and-compare needed is just extra validation effort.
Further, if you have ever, in the past, spent from the address, then there exists already a transaction indelibly stored on the blockchain, openly displaying the public key from which quantum computers can derive the private key. So those are still vulnerable to quantum computers.
For the most part, the cryptographers behind Taproot (and Bitcoin Core) are of the opinion that quantum computers capable of cracking Bitcoin pubkeys are unlikely to appear within a decade or two.
So:
For now, the homomorphic and linear properties of elliptic curve cryptography provide a lot of benefits --- particularly the linearity property is what enables Scriptless Script and simple multisignature (i.e. multisignatures that are just 1 signature onchain). So it might be a good idea to take advantage of them now while we are still fairly safe against quantum computers. It seems likely that quantum-safe signature schemes are nonlinear (thus losing these advantages).

Summary

I Wanna Be The Taprooter!

So, do you want to help activate Taproot? Here's what you, mister sovereign Bitcoin HODLer, can do!

But I Hate Taproot!!

That's fine!

Discussions About Taproot Activation

almkglor your post has been copied because one or more comments in this topic have been removed. This copy will preserve unmoderated topic. If you would like to opt-out, please send a message using [this link].
[deleted comment]
[deleted comment]
[deleted comment]
submitted by anticensor_bot to u/anticensor_bot [link] [comments]

The Unofficial Cardano FAQ - V3

(if you would like to add information or see mistakes, just comment below and I will credit you)
What is Cardano? Cardano is an open source and permissionless "Third Generation" blockchain project being developed by IOHK. Development and research started in 2015, with the 1.0 mainnet launching in 2017. Cardano blockchain is currently being developed into two layers. The first one is the ledger of account values, and the second one is the reason why values are transferred from one account to the other.
  1. Cardano Settlement Layer (CSL) - The CSL acts as the ledger of account or balance ledger. This is an idea created as an improvement of bitcoin blockchain. It uses a proof-of-stake consensus algorithm known as Ouroboros to generate new blocks and confirm transactions.
  2. Cardano Computation Layer (CCL) - The CCL contains the data how values are transferred. Since the computation layer is not connected to balance ledger, users of the CCL can create customized rules (smart contracts) when evaluating transactions. (https://support.bitkub.com/hc/en-us/articles/360006678892-What-are-the-two-layers-of-Cardano-)
IOHK has the contract with an undisclosed party to develop the project until the end of 2020, at which point the community may elect another development team - on the assumption that the voting infrastructure has been completed. However CEO Charles Hoskinson has stated that they will develop the project until it is completed, and they are simply financed until the end of 2020.
Cardano was the first project built on a peer-reviewed scientific development method, resulting in dozens of research papers produced by IOHK. Among these papers is Ouroboros Genesis, proving that a Proof of Stake protocol can be just as secure as Proof of Work - which was originally developed for Bitcoin, and refined for Ethereum. This PoS protocol considerably lowers the resources cost to maintain network while still maintaining security and network speed.
Cardano as a financial infrastructure is not yet completed, With significant development to be rolled out.
What were the other two generations of blockchain? Gen 1 was Bitcoin. It exists by itself and talks to nobody but Bitcoin. It is capable of peer to peer transactions without a third party in such a way that you cannot cheat the system. This was a major step forward for the E-cash concept that people have been working on for the 20 years prior.
Gen 2 was Ethereum and other smart-contract platforms that allow other coins and platforms to be built on top of their infrastructure. These coins can interact with others on the platform, but cannot interact with other platforms. Meaning it is still not truly interoperable. Most Gen 2 blockchains are also using Proof of Work likes Bitcoin, which effects scaling. Also missing is a built-in method to pay for upgrades and voting mechanics for decision making.
Gen 3 blockchains are a complete package designed to replace the current financial infrastructure of the world. Cardano is using Proof of Stake to ensure security and decentralisation(Shelley). Scaling through parallel computation (Hydra in Basho), Sidechains to allow the platform to interact with other platforms (Basho), and also include mechanisms for voting for project funding, changes to the protocol and improvement proposals (Voltaire). Finally smart contracts platform for new and established projects that are developer friendly (Goguen).
Who is the team behind Cardano? There are three organisations that are contributing to the development of Cardano. The first is the Cardano Foundation, an objective, non-profit organisation based in Switzerland. Its core responsibilities are to nurture, grow and educate Cardano users and commercial communities, to engage with authorities on regulatory and commercial matters and to act as a blockchain and cryptocurrency standards body. The second entity is IOHK, a leading cryptocurrency research and development company, which holds the contract to develop the platform until 2020. The final business partner is Emurgo, which invests in start-ups and assists commercial ventures to build on the Cardano blockchain.
www.Cardano.org www.emurgo.io https://cardanofoundation.org/en/
What is the difference between Proof of Work and Proof of stake? Both these protocols are known as “consensus protocols” that confirm whether a transaction is valid or invalid without a middleman like Visa or your bank. Every node (active and updated copy of the blockchain) can agree that the transaction did take place legitimately. If more than half validators agree, then the ledger is updated and the transaction is now secured. Proof-of-Work (PoW) happens when a miner is elected to solve an exceptionally difficult math problem and gets credit for adding a verified block to the blockchain. Finding a solution is an arduous guessing game that takes a considerable amount of computing power to compete for the correct answer. It is like “pick a number between 1 and one trillion” and when you get it right, you get $30,000 in Bitcoin, so the more computers you have working on it, the faster you can solve it. Also the more people who are trying to solve the same block, the harder the algorithm, so it may become 1 in 20 trillion. The downside is the massive amounts of power required to run the computers that run the network, and the slow pace that blocks are solved. To “Hack” a PoW system, you need 51% of the computing power, which would allow you to deny transactions, or spend the same coin twice. At the moment there are 8 main mining operations for bitcoin, and 4 of them make up more that 51% of the mining power.
PoS instead selects a coin at random that already exists, and the person who owns that coin is elected to put the work in to validate the block. This means there is no contest and no guessing game. Some computer power is required, but only a fraction of a PoW system. The complex nature of selecting a coin that exists on the correct and longest chain and is owned by someone who can complete the block, AND in such a way that it is secure AND that computer currently running AND that person also having an incentive to complete the work, has made the development of PoS very slow. However only a few years ago it wasn’t even possible. In this method, the more of the coin (ADA) you stake, the more likely you are to be selected to close a block. Cardano also allows you to delegate your stake to someone else to validate the block so they do the work, and you share in the reward for doing so.
To “hack” a PoS blockchain you need to own 51% of the tokens, which is significantly harder than owning 51% of the computing power.
What is ADA and how is it different to Cardano? Cardano is the name of the network infrastructure, and can be thought of like a rail network. ADA is the native token that has been developed alongside Cardano to facilitate the network operation. This helps confusion and maintains distinction, compared to Ethereum being the native token of Ethereum. Similar to bitcoin or any other token, ADA can be sent peer to peer as payment, but is also the reward for running the network, and what is taken as transaction fees.
In this metaphor “Cardano” is the train tracks, that everything runs on. A stake pool would be the locomotive, facilitating transactions on the network while ADA is the coal that powers the locomotive. The train carriages are Decentralised applications (Dapps) that are also running on cardano tracks, but are not actively powering the network.
What is staking Cardano is a Proof of Stake protocol, and uses already existing coins like a marker to ensure security. The protocol chooses a coin at random and the owner of that coin is elected to validate a block of transactions. Staking is the process of adding your ADA coins to a Pool that has the resources to run the network. If the pool you have chosen to "delegate" your stake to is chosen to close/validate a block, then you get a portion of the rewards. The ADA never leaves your wallet, and you can "undelegate" whenever you like. this increases stability of the network and also gives an incentive to pool operators to invest the time and hardware required to run a pool.
What is a stake-pool and how does it work? Cardano.org FAQ on the issue goes into much more detail
A stake pool is where the computing power of the network takes place. During ITN there was 1200 registered stake pools while 300 were creating blocks. You can manage your own stake-pool or delegate your ADA to an already registered pool. Rewards are determined by the protocol, however the pool may elect to charge fee Percentages, or flat rate fee to upkeep their pool.
Can I Stake my ADA right now? The staking testnet has closed, If you participated in the Incentivised Test Net and earned rewards, instructions to check the balance are here.
However if you have just purchased some or it was held on an exchange, then you will need to wait until the Shelley mainnet launch happening at the end of July 2020.
Where do I stake my ADA? Daedalus Flight wallet, and Yoroi Wallet (as a chrome extension) are the current best options. Adalite and several other third-party wallets also exist. Coinbase will also allow staking as a custodial service, and many exchanges may offer “staking as a service” so you can leave your coins on the exchange and still earn rewards if you enjoy trading. I do not recommend leaving coins on an exchange unless you are actively trading.
What are the staking rewards now and what can I expect on a return in the future? The Incentivised Test Net (ITN) Delivered 10%-15%pa returns on average. The future of staking will most likely be lower, but will depend on the amount of ADA staked across the network and the amount of network traffic.
Check https://staking.cardano.org/en/calculato for a clearer picture.
what is a Pledge? To stop one person operating many pools, the rewards that a pool earns will vary depending on the amount of personal ADA they “pledge” to open the pool. This means that 50 pools with a 1,00ADA pledge each will be overall less profitable than 1-2 pool with the max ADA pledge (unknown but likely around 300k). Even if the 50 pools have the same over stake delegated by other users and have a better chance of being selected to close a block, the 50 pools may receive lower rewards.. (at least that is the theory)
Who is IOHK? IOHK is a for-profit software engineering company founded by CEO Charles Hoskinson and Jeremy Wood in 2015 that has taken a scientific approach to the development of blockchain. IOHK started with “first principles” and looked at questions like “what is a blockchain” and “what should a blockchain be able to do” rather than accepting the established paradigm of Bitcoin and Ethereum. IOHK was originally Input Output Hong Kong, but is now Input Output Global and is based in Wyoming USA employing over 230 staff. IOHK has established research labs in several universities in order to complete the Cardano project, and is also developing Ethereum Classic, Atala, Mantis and possibly other Blockchain related programs and infrastructure.
Who is Charles? Charles Hoskinson is an early adopter of cryptocurrencies, American entrepreneur and cryptocurrency specialist. Charles Co-founded Ethereum with Vitalik Buterin and 5-8 others, However he only worked on that project for approximately six-months. Charles is now the CEO of IOHK and the director of The Bitcoin Education Project.
Why isn’t ADA on coinbase? Cardano and coinbase have recently connected in a big way. With IOHK turning over all their ADA to the custodial services of Coinbase. This means that Cardano and Coinbase have been working together for some time and there is a strong partnership forming. Staking and cold storage will be available and trading on Coinbase will most likely become available after the release of Shelley (although no official word yet)
Why Doesn’t Cardano have a Wikipedia Page? Wikipedia has strict guidelines on what can be turned into an article. As there has been no coverage of Cardano from mainstream media or “noteworthy” sources, there is no article yet. Wikipedia will also not accept sources from IOHK as they are not considered “reliable” and must come from a third party. This will most likely change soon.
Cardano does have a dedicated community driven wiki
https://cardanowiki.info/wiki/Home
What is Atala and why do I care?*
Atala is a suite of services being developed on top of the cardano blockchain by IOHK that focusses on credential certification, for things like education, work history and degrees (Atala Prism). Product counterfeiting protection through registering products on a blockchain and create taper-proof provenance. This does not only apply to Gucci handbags, but also medication, art, and anything that can be counterfeited (Atala Scan). As well as supply chain tracking to see issues and inefficiencies with greater transparency(Atala Trace).
Im new, how much is a good investment?
Cardano is still a speculative market and although there is amazing potential here, it is still only potential. When investing in any High risk market like Crypto, only every invest what you are willing to lose. Cardano may be testing the 10c barrier now. But in March it dumped to 1.7c. And if you suddenly need your money back during the dump then you are out of luck. Do your research before you FOMO in. Start with a small amount and send it between wallets and exchanges to understand how the system works. Store your private keys offline (or online cloud service but encrypted) with a method that is unlikely to be damaged AND have multiple copies. So in the case of a house fire or a blow to the head, or the cloud service being shutdown/destroyed, you do not lose your money.
Timelines
https://roadmap.cardano.org/en/
Shelley Decentralisation rollout and news
Goguen smart contract rollout
Voltaire Voting mechanics – no official roll out timeline (though promised for 2020)
Basho scaling and sidechains – no official roll out time line (most likely 2021)
submitted by YourBestMateRobbo to cardano [link] [comments]

Let's discuss some of the issues with Nano

Let's talk about some of Nano's biggest issues. I also made a video about this topic, available here: https://youtu.be/d9yb9ifurbg.
00:12 Spam
Issues
Potential Mitigations & Outstanding Issues
01:58 Privacy
Issues
  • Nano has no privacy. It is pseudonymous (like Bitcoin), not anonymous.
Potential Mitigations & Outstanding Issues & Outstanding Issues*
  • Second layer solutions like mixers can help, but some argue that isn't enough privacy.
  • The current protocol design + the computational overhead of privacy does not allow Nano to implement first layer privacy without compromising it's other features (fast, feeless, and scalable transactions).
02:56 Decentralization
Issues
  • Nano is currently not as decentralized as it could be. ~25% of the voting weight is held by Binance.
  • Users must choose representatives, and users don't always choose the best ones (or never choose).
Potential Mitigations & Outstanding Issues
  • Currently 4 unrelated parties (who all have a verifiable interest in keeping the network running) would have to work together to attack the network
  • Unlike Bitcoin, there is no mining or fees in Nano. This means that there is not a strong incentive for emergent centralization from profit maximization and economies of scale. We've seen this firsthand, as Nano's decentralization has increased over time.
  • Nano representative percentages are not that far off from Bitcoin mining pool percentages.
  • In Nano, voting weight can be remotely re-delegated to anyone at any time. This differs from Bitcoin, where consensus is controlled by miners and requires significant hardware investment.
  • The cost of a 51% attack scales with the market cap of Nano.
06:49 Marketing & adoption
Issues
  • The best technology doesn't always win. If no one knows about or uses Nano, it will die.
Potential Mitigations & Outstanding Issues
  • I would argue that the best technology typically does win, but it needs to be best in every way (price, speed, accessbility, etc). Nano is currently in a good place if you agree with that argument.
  • Bitcoin started small, and didn't spend money on marketing. It takes time to build a community.
  • The developers have said they will market more once the protocol is where they want it to be (v20 or v21?).
  • Community marketing initiatives have started to form organically (e.g. Twitter campaigns, YouTube ads, etc).
  • Marketing and adoption is a very difficult problem to solve, especially when you don't have first mover advantage or consistent cashflow.
08:07 Small developer fund
Issues
  • The developer fund only has 3 million NANO left (~$4MM), what happens after that?
Potential Mitigations & Outstanding Issues
  • The goal for Nano is to be an Internet RFC like TCP/IP or SMTP - development naturally slows down when the protocol is in a good place.
  • Nano development is completely open source, so anyone can participate. Multiple developers are now familiar with the Nano protocol.
  • Businesses and whales that benefit from Nano (exchanges, remittances, merchant services, etc) are incentivized to keep the protocol developed and running.
  • The developer fund was only ~5% of the supply - compare that to some of the other major cryptocurrencies.
10:08 Node incentives
Issues
  • There are no transaction fees, why would people run nodes to keep the network running?
Potential Mitigations & Outstanding Issues
  • The cost of consensus is so low in Nano that the benefits of the network itself are the incentive: decentralized money with 0 transaction fees that can be sent anywhere in the world nearly instantly. Similar to TCP/IP, email servers, and http servers. Just like Bitcoin full nodes.
  • Paying $50-$100 a month for a high-end node is a lot cheaper for merchants than paying 1-3% in total sales.
  • Businesses and whales that benefit from Nano (exchanges, remittances, merchant services, etc) are incentivized to keep the protocol developed and running.
11:58 No smart contracts
Issues
  • Nano doesn't support smart contracts.
Potential Mitigations & Outstanding Issues
  • Nano's sole goal is to be the most efficient peer-to-peer value transfer protocol possible. Adding smart contracts makes keeping Nano feeless, fast, and decentralized much more difficult.
  • Other solutions (e.g. Ethereum) exist for creating and enforcing smart contracts.
  • Code can still interact with Nano, but not on the first layer in a decentralized matter.
  • Real world smart contract adoption and usage is pretty limited at the moment, but that might not always be the case.
13:20 Price stability
Issues
  • Why would anyone accept or spend Nano if the price fluctuates so much?
  • Why wouldn't people just use a stablecoin version of Nano for sending and receiving money?
Potential Mitigations & Outstanding Issues
  • With good fiat gateways (stable, low fees, etc), you can always buy back the fiat equivalent of what you've spent.
  • The hope is that with enough adoption, people and businesses will eventually skip the fiat conversion and use Nano directly.
  • Because Nano is so fast, volatility is less of an issue. Transactions are confirmed in <10 seconds, and prices change less in that timeframe (vs 10 minutes to hours for Bitcoin).
  • Stablecoins reintroduce trust. Stable against what? Who controls the supply, and how do you get people to adopt them? What happens if the assets they're stable against fail? Nano is pure supply and demand.
  • With worldwide adoption, the market capitalization of Nano would be in the trillions. If that happens, even millions of dollars won't move the price significantly.
15:06 Deflation
Issues
  • Nano's current supply == max supply. Why would people spend Nano today if it could be worth more tomorrow?
  • What happens to principal representatives and voting weight as private keys are lost? How do you know keys are lost?
Potential Mitigations & Outstanding Issues
  • Nano is extremely divisible. 1 NANO is 1030 raw. Since there are no transaction fees, smaller and smaller amounts of Nano could be used to transact, even if the market cap reaches trillions.
  • People will always buy things they need (food, housing, etc).
  • I'm not sure what the plan is to adjust for lost keys. Probably requires more discussion.
Long-term Scalability
Issue
  • Current node software and hardware cannot handle thousands of TPS (low-end nodes fall behind at even 50 TPS).
  • The more representatives that exist, the more vote traffic is required (network bandwidth).
  • Low-end nodes currently slow down the network significantly. Principal representatives waste their resources constantly bootstrapping these weak nodes during network saturation.
Potential Mitigations & Outstanding Issues
  • Even as is, Nano can comfortably handle 50 TPS average - which is roughly the amount of transactions per day PayPal was doing in 2011 with nearly 100 million users.
  • Network bandwidth increases 50% a year.
  • There are some discussions of prioritizing bootstrapping by vote weight to limit the impact of weak nodes.
  • Since Nano uses an account balance system, pruning could drastically reduce storage requirements. You only need current state to keep the network running, not the full transaction history.
  • In the future, vote stapling could drastically reduce bandwidth usage by collecting all representative signatures up front and then only sharing that single aggregate signature.
  • Nano has no artificial protocol-based limits (e.g. block sizes or block times). It scales with hardware.
Obviously there is still a lot of work to be done in some areas, but overall I think Nano is a good place. For people that aren't Nano fans, what are your biggest concerns?
submitted by Qwahzi to CryptoCurrency [link] [comments]

Groestlcoin 6th Anniversary Release

Introduction

Dear Groestlers, it goes without saying that 2020 has been a difficult time for millions of people worldwide. The groestlcoin team would like to take this opportunity to wish everyone our best to everyone coping with the direct and indirect effects of COVID-19. Let it bring out the best in us all and show that collectively, we can conquer anything.
The centralised banks and our national governments are facing unprecedented times with interest rates worldwide dropping to record lows in places. Rest assured that this can only strengthen the fundamentals of all decentralised cryptocurrencies and the vision that was seeded with Satoshi's Bitcoin whitepaper over 10 years ago. Despite everything that has been thrown at us this year, the show must go on and the team will still progress and advance to continue the momentum that we have developed over the past 6 years.
In addition to this, we'd like to remind you all that this is Groestlcoin's 6th Birthday release! In terms of price there have been some crazy highs and lows over the years (with highs of around $2.60 and lows of $0.000077!), but in terms of value– Groestlcoin just keeps getting more valuable! In these uncertain times, one thing remains clear – Groestlcoin will keep going and keep innovating regardless. On with what has been worked on and completed over the past few months.

UPDATED - Groestlcoin Core 2.18.2

This is a major release of Groestlcoin Core with many protocol level improvements and code optimizations, featuring the technical equivalent of Bitcoin v0.18.2 but with Groestlcoin-specific patches. On a general level, most of what is new is a new 'Groestlcoin-wallet' tool which is now distributed alongside Groestlcoin Core's other executables.
NOTE: The 'Account' API has been removed from this version which was typically used in some tip bots. Please ensure you check the release notes from 2.17.2 for details on replacing this functionality.

How to Upgrade?

Windows
If you are running an older version, shut it down. Wait until it has completely shut down (which might take a few minutes for older versions), then run the installer.
OSX
If you are running an older version, shut it down. Wait until it has completely shut down (which might take a few minutes for older versions), run the dmg and drag Groestlcoin Core to Applications.
Ubuntu
http://groestlcoin.org/forum/index.php?topic=441.0

Other Linux

http://groestlcoin.org/forum/index.php?topic=97.0

Download

Download the Windows Installer (64 bit) here
Download the Windows Installer (32 bit) here
Download the Windows binaries (64 bit) here
Download the Windows binaries (32 bit) here
Download the OSX Installer here
Download the OSX binaries here
Download the Linux binaries (64 bit) here
Download the Linux binaries (32 bit) here
Download the ARM Linux binaries (64 bit) here
Download the ARM Linux binaries (32 bit) here

Source

ALL NEW - Groestlcoin Moonshine iOS/Android Wallet

Built with React Native, Moonshine utilizes Electrum-GRS's JSON-RPC methods to interact with the Groestlcoin network.
GRS Moonshine's intended use is as a hot wallet. Meaning, your keys are only as safe as the device you install this wallet on. As with any hot wallet, please ensure that you keep only a small, responsible amount of Groestlcoin on it at any given time.

Features

Download

iOS
Android

Source

ALL NEW! – HODL GRS Android Wallet

HODL GRS connects directly to the Groestlcoin network using SPV mode and doesn't rely on servers that can be hacked or disabled.
HODL GRS utilizes AES hardware encryption, app sandboxing, and the latest security features to protect users from malware, browser security holes, and even physical theft. Private keys are stored only in the secure enclave of the user's phone, inaccessible to anyone other than the user.
Simplicity and ease-of-use is the core design principle of HODL GRS. A simple recovery phrase (which we call a Backup Recovery Key) is all that is needed to restore the user's wallet if they ever lose or replace their device. HODL GRS is deterministic, which means the user's balance and transaction history can be recovered just from the backup recovery key.

Features

Download

Main Release (Main Net)
Testnet Release

Source

ALL NEW! – GroestlcoinSeed Savior

Groestlcoin Seed Savior is a tool for recovering BIP39 seed phrases.
This tool is meant to help users with recovering a slightly incorrect Groestlcoin mnemonic phrase (AKA backup or seed). You can enter an existing BIP39 mnemonic and get derived addresses in various formats.
To find out if one of the suggested addresses is the right one, you can click on the suggested address to check the address' transaction history on a block explorer.

Features

Live Version (Not Recommended)

https://www.groestlcoin.org/recovery/

Download

https://github.com/Groestlcoin/mnemonic-recovery/archive/master.zip

Source

ALL NEW! – Vanity Search Vanity Address Generator

NOTE: NVidia GPU or