Tandem's All New P2P Bitcoin Mobile App Now Available ...

New cheap way to flood & attack Bitcoin network? ("There is a limit of SIGOPS in transactions included to a block. MAX_BLOCK_SIGOPS is 20000.")

New cheap way to flood & attack Bitcoin network? ( submitted by eragmus to Bitcoin [link] [comments]

Got this in my inbox a couple of minutes back

A new user sent me this to my inbox, its a description of the events after the fork, with a signed message at the bottom. I've gone through it once but its very late here in my timezone, have to go through it again tomorrow. I'm sure I'm not the the only receipient, but just in case pinging some people here.
https://honest.cash/kiarahpromise/sigop-counting-4528

*** EDIT 2 ***
Before you continue. From the Bitcoin whitepaper:
" The system is secure as long as honest nodes collectively control more CPU power than any cooperating group of attacker nodes."

*** EDIT ***
Ok, I have slept over this.
How big is the chance that these two events, the sigop tx spamming of the network and the intended theft of funds stuck in segwit by an unknown miner, were coordinated and not coincidential? I slept over this message and am wondering if that was one two-phased plan and even this message was planned (probably a bit different but it was adapted afterwards to the new situation, that's why the first half of it is such a mess to read) to spread fear after the two plans got foiled.

The plan consisted of various Acts
Act 1) Distract and spam the network with sigop transactions that exploit a bug to cause distraction and halt all BCH transaction volume. The mempool would become filled with unconfirmed transactions
Act 2) When a patch is deployed, start your mining pool and mine the hell out of it to quickly create a legitimate block. They prepared the theft transactions and would hide them in the (predicted) massive mempool of unconfirmed transactions that would have been accumulated. They would mine a big block, everyone would be so happy that BCH works again, and devs would be busy looking for sigop transactions.
Act 3) Hope that the chain gets locked in via checkpoint so the theft cannot be reverted
Act 4) Leak to the media that plenty of BCH were stolen after the fork and the ABC client is so faulty it caused a halt of the network after the upgrade
Act 5) Make a shitload of money by shorting BCH (there was news about a appearance of a big short position right after the fork)

But the people who planned this attack have underestimated the awareness and speed of the BCH dev team. They were probably sure that Act 1 would take hours or even days so the mempool would be extremely bloated (maybe they speculated that everyone paniced and wanted to get out of BCH) and Act 2 would consequently be successful because no one would spot their theft transactions quick enough.

But they didn't calculate that someone is working together with various BCH pools in precaution to prevent exactly this scenario (segwit theft) and even prepared transactions to move all locked coins back to their owners.

Prohashings orphaned block was likely unpredicted collateral damage as Jonathan suggests below, because they were not involved in the plan of the two pools who prepared to return the segwit coins. I'm guessing that the pools did not expect a miner with an attacking theft block that early and had to decide quickly what to do when they spotted it.

So now that both plans have been foiled, Plan B) is coming into place again. Guerrilla style fear mongering about how BCH is not decentralized. Spread this info secretly in the community with the proof in form of a signed message connected to the transactions. Of course, the attacker worked actually alone, attacked us for our own good, and will do so again, because the evil dictatorship devs have to be eradicated....

As an unwanted side effect of these events the BTC.top and BTC.com "partnership" has been exposed. So what do we do with this new revelation is a question that we probably have to discuss.

They worked together with someone who wanted to return the segwit coins and avoided a theft. They used their combined hashing dominance to avoid a theft. I applaud them for that. From a moral perspective this is defendable and my suspicion that we have more backing for BCH than you can see with your eye by following hash rate charts is now being revealed as true again.

But the dilemma BCH has is revealed again as well. we need more of the SHA-256 hash rate cake because we actually do not want that any entity in this space has more than 50% hash power.

*** EDIT 2 ***
Added Satoshi's quote from the whitepaper.
submitted by grmpfpff to btc [link] [comments]

ABC Bug Explained

Disclaimers: I am a Bitcoin Verde developer, not an ABC developer. I know C++, but I am not completely familiar with ABC's codebase, its flow, and its nuances. Therefore, my explanation may not be completely correct. This explanation is an attempt to inform those that are at least semi- tech-savvy, so the upgrade hiccup does not become a scary boogyman that people don't understand.
1- When a new transaction is received by a node, it is added to the mempool (which is a collection of valid transactions that should/could be included in the next block).
2- During acceptance into the mempool, the number of "sigOps" is counted, which is the number of times a signature validation check is performed (technically, it's not a 1-to-1 count, but its purpose is the same).
2a- The reason behind limiting sigops is because signature verification is usually the most expensive operation to perform while ensuring a transaction is valid. Without limiting the number of sigops a single block can contain, an easy DOS (denial of service) attack can be constructed by creating a block that takes a very long to validate due to it containing transactions that require a disproportionately large number of sigops. Blocks that take too long to validate (i.e. ones with far too many sigops) can cause a lot of problems, including causing blocks to be slowly propagated--which disrupts user experience and can give the incumbent miner a non-negligible competitive advantage to mine the next block. Overall, slow-validating blocks are bad.
3- When accepted to the mempool, the transaction is recorded along with its number of sigops.
3a- This is where the ABC bug lived. During the acceptance of the mempool, the transaction's scripts are parsed and each occurrence of a sigop is counted. When OP_CHECKDATASIG was introduced during the November upgrade, the procedure that counted the number of sigops needed to know if it should count OP_CHECKDATASIG as a sigop or as nothing (since before November, it was not a signature checking operation). The way the procedure knows what to count is controlled by a "flag" that is passed along with the script. If the flag is included, OP_CHECKDATASIG is counted as a sigop; without it, it is counted as nothing. Last November, every place that counted sigops included the flag EXCEPT the place where they were recorded in the mempool--instead, the flag was omitted and transactions using OP_CHECKDATASIG were logged to the mempool as having no sigops.
4- When mining a block, the node creates a candidate block--this prototype is completely valid except for the nonce (and the extended nonce/coinbase). The act of mining is finding the correct nonce. When creating the prototype block, the node queries the mempool and finds transactions that can fit in the next block. One of the criteria used when determining applicability is the sigops count, since a block is only allowed to have a certain number of sigops.
4a- Recall the ABC bug described in step 3a. The number of sigops for transactions using OP_CHECKDATASIG is recorded as zero--but only during the mempool step, not during any of the other operations. So these OP_CHECKDATASIG transactions can all get grouped up into the same block. The prototype block builder thinks the block should have very few sigops, but the actual block has many, many, sigops.
5- When the miner module is ready to begin mining, it requests the prototype block the in step 4. It re-validates the block to ensure it has the correct rules. However, since the new block has too many sigops included in it, the mining software starts working on an empty block (which is not ideal, but more profitable than leaving thousands of ASICs idle doing nothing).
6- The empty block is mined and transmitted to the network. It is a valid block, but does not contain any other transactions other than the coinbase. Again, this is because the prototype block failed to validate due to having too many sigops.
This scenario could have happened at any time after OP_CHECKDATASIG was introduced. By creating many transactions that only use OP_CHECKDATASIG, and then spending them all at the same time would create blocks containing what the mempool thought was very few sigops, but everywhere else contained far too many sigops. Instead of mining an invalid block, the mining software decides to mine an empty block. This is also why the testnet did not discover this bug: the scenario encountered was fabricated by creating a large number of a specifically tailored transactions using OP_CHECKDATASIG, and then spending them all in a 10 minute timespan. This kind of behavior is not something developers (including myself) premeditated.
I hope my understanding is correct. Please, any of ABC devs correct me if I've explained the scenario wrong.
EDIT: markblundeberg added a more accurate explanation of step 5 here.
submitted by FerriestaPatronum to btc [link] [comments]

Bitcoin Unlimited - Bitcoin Cash edition 1.5.0.2 has just been released

Download the latest Bitcoin Cash compatible release of Bitcoin Unlimited (1.5.0.2, November 13th, 2018) from:
 
https://www.bitcoinunlimited.info/download
 
This is a minor bugs fix only release version based of Bitcoin Unlimited compatible with the Bitcoin Cash specifications you could find here:
This release also provides an RPC called 'signdata' to generate signatures compatible with the CHECKDATASIG opcode. Like 1.5.0.1 it is compatible with both Bitcoin Cash and SV changes to the consensus rules. SV features set is disabled by default, the default policy is to activate the set of changes as defined by the bitcoincash.org.
List of notable changes and fixes to the code base:
 
Release notes: https://github.com/BitcoinUnlimited/BitcoinUnlimited/blob/dev/doc/release-notes/release-notes-bucash1.5.0.2.md
 
PS:
submitted by s1ckpig to btc [link] [comments]

Help needed diagnosing another Bitcoin Unlimited Cash orphaned block

We had yet another bitcoin cash orphan this morning, at 7:11:23am EST. I attached the log and the getinfo() results below. I remember that jtoomim has said he was willing to look at logs, so perhaps he or someone else can figure this one out.
In this case, it does not appear as if bandwidth restrictions had any impact. The daemon never hit the bandwidth cap at any time, before or after the block was found by Bitcoin Unlimited Cash. The block was accepted by the daemon as valid, and then our checker later determined that it wasn't present on the main chain.
Does this log contain any information that could assist in determining why the orphan rate is around 5%? I thought that it should be lower than that.
{ "version": 1050100, "protocolversion": 80003, "walletversion": 130000, "balance": 11.99153576, "blocks": 561230, "timeoffset": 0, "connections": 16, "proxy": "", "difficulty": 137513968721.5887, "testnet": false, "keypoololdest": 1542387258, "keypoolsize": 100, "unlocked_until": 0, "paytxfee": 0.00000000, "relayfee": 0.00000000, "status": "ready", "errors": "", "fork": "Bitcoin Cash" } 

2018-12-17 12:02:38 Acceptable block: ver:20c00000 time:1545048143 size: 42558 Tx:106 Sig:179 2018-12-17 12:02:38 UpdateTip: new best=000000000000000003648d35c1bee30a62c93b004d8e5b05df1d0098a8d46aff height=561204 bits=403185772 log2_work=87.75729 tx=268355142 date=2018-12-17 12:02:23 progress=0.999999 cache=0.1MiB(351txo) 2018-12-17 12:02:38 CheckAndAlertUnknownVersionbits: 36 of last 100 blocks have unexpected version. One example: 0x20400000 2018-12-17 12:02:39 CreateNewBlock(): total size 1085 txs: 0 fees: 0 sigops 100 2018-12-17 12:02:39 Acceptable block: ver:20000000 time:1545048159 size: 193 Tx:1 Sig:1 2018-12-17 12:02:39 CreateNewBlock(): total size 1085 txs: 0 fees: 0 sigops 100 2018-12-17 12:02:39 Acceptable block: ver:20000000 time:1545048159 size: 193 Tx:1 Sig:1 2018-12-17 12:05:11 Acceptable block: ver:20000000 time:1545048307 size: 1584 Tx:6 Sig:13 2018-12-17 12:05:11 UpdateTip: new best=000000000000000005ded68295e2f941b4875ba4699e8d6ff5e925bfa7b8573a height=561205 bits=403190346 log2_work=87.757293 tx=268355148 date=2018-12-17 12:05:07 progress=1.000000 cache=0.1MiB(19txo) 2018-12-17 12:05:11 CheckAndAlertUnknownVersionbits: 36 of last 100 blocks have unexpected version. One example: 0x20400000 2018-12-17 12:05:11 CreateNewBlock(): total size 1085 txs: 0 fees: 0 sigops 100 2018-12-17 12:05:11 Acceptable block: ver:20000000 time:1545048311 size: 193 Tx:1 Sig:1 2018-12-17 12:05:11 CreateNewBlock(): total size 1085 txs: 0 fees: 0 sigops 100 2018-12-17 12:05:11 Acceptable block: ver:20000000 time:1545048311 size: 193 Tx:1 Sig:1 2018-12-17 12:11:23 Acceptable block: ver:20c00000 time:1545048311 size: 261 Tx:1 Sig:1 2018-12-17 12:11:23 UpdateTip: new best=000000000000000001d2d4401618fd1c598ab126f407a30df326ccfbf99d2823 height=561206 bits=403197915 log2_work=87.757296 tx=268355149 date=2018-12-17 12:05:11 progress=0.999978 cache=0.1MiB(48txo) 2018-12-17 12:11:23 CheckAndAlertUnknownVersionbits: 36 of last 100 blocks have unexpected version. One example: 0x20800000 2018-12-17 12:11:23 CreateNewBlock(): total size 10511 txs: 24 fees: 33055 sigops 144 2018-12-17 12:11:23 Acceptable block: ver:20000000 time:1545048683 size: 9619 Tx:25 Sig:42 2018-12-17 12:11:23 CreateNewBlock(): total size 10511 txs: 24 fees: 33055 sigops 144 2018-12-17 12:11:23 Acceptable block: ver:20000000 time:1545048683 size: 9619 Tx:25 Sig:42 2018-12-17 12:11:25 Acceptable block: ver:20000000 time:1545048655 size: 2987 Tx:8 Sig:14 2018-12-17 12:14:20 Acceptable block: ver:20000000 time:1545048836 size: 14401 Tx:37 Sig:62 2018-12-17 12:14:20 UpdateTip: new best=000000000000000005ded68295e2f941b4875ba4699e8d6ff5e925bfa7b8573a height=561205 bits=403190346 log2_work=87.757293 tx=268355148 date=2018-12-17 12:05:07 progress=0.999968 cache=0.1MiB(85txo) 2018-12-17 12:14:20 CheckAndAlertUnknownVersionbits: 36 of last 100 blocks have unexpected version. One example: 0x20400000 2018-12-17 12:14:20 UpdateTip: new best=000000000000000002b6dbc218db453dcf75ddce6e8fce27924769429f647c47 height=561206 bits=403197915 log2_work=87.757296 tx=268355156 date=2018-12-17 12:10:55 progress=0.999988 cache=0.1MiB(100txo) 2018-12-17 12:14:20 CheckAndAlertUnknownVersionbits: 35 of last 100 blocks have unexpected version. One example: 0x20800000 2018-12-17 12:14:20 UpdateTip: new best=0000000000000000051ed80cfac2bfcb6736608d13dd4c122365ef5095606dee height=561207 bits=403196363 log2_work=87.7573 tx=268355193 date=2018-12-17 12:13:56 progress=0.999999 cache=0.1MiB(167txo) 2018-12-17 12:14:20 CheckAndAlertUnknownVersionbits: 35 of last 100 blocks have unexpected version. One example: 0x20800000 2018-12-17 12:14:20 CreateNewBlock(): total size 2297 txs: 3 fees: 1223 sigops 114 2018-12-17 12:14:20 Acceptable block: ver:20000000 time:1545048860 size: 1405 Tx:4 Sig:9 2018-12-17 12:14:20 CreateNewBlock(): total size 2297 txs: 3 fees: 1223 sigops 114 2018-12-17 12:14:20 Acceptable block: ver:20000000 time:1545048860 size: 1405 Tx:4 Sig:9 2018-12-17 12:18:18 Acceptable block: ver:20000000 time:1545049076 size: 8023 Tx:21 Sig:41 2018-12-17 12:18:18 UpdateTip: new best=000000000000000003c4d52a41d6c702be827a7048816fdf74e8a3272cdd12eb height=561208 bits=403198104 log2_work=87.757303 tx=268355214 date=2018-12-17 12:17:56 progress=0.999999 cache=0.1MiB(101txo) 2018-12-17 12:18:18 CheckAndAlertUnknownVersionbits: 35 of last 100 blocks have unexpected version. One example: 0x20800000 2018-12-17 12:18:18 CreateNewBlock(): total size 3755 txs: 4 fees: 104676 sigops 108 2018-12-17 12:18:18 Acceptable block: ver:20000000 time:1545049098 size: 2863 Tx:5 Sig:9 2018-12-17 12:18:18 CreateNewBlock(): total size 3755 txs: 4 fees: 104676 sigops 108 2018-12-17 12:18:18 Acceptable block: ver:20000000 time:1545049098 size: 2863 Tx:5 Sig:9 2018-12-17 12:21:50 Acceptable block: ver:20800000 time:1545049250 size: 11480 Tx:26 Sig:41 2018-12-17 12:21:50 UpdateTip: new best=0000000000000000039d58dcb3bcd2e5a8a79b5b47227a97e21d22a1028e3dd4 height=561209 bits=403193955 log2_work=87.757306 tx=268355240 date=2018-12-17 12:20:50 progress=0.999997 cache=0.1MiB(115txo) 2018-12-17 12:21:50 CheckAndAlertUnknownVersionbits: 35 of last 100 blocks have unexpected version. One example: 0x20c00000 2018-12-17 12:21:50 CreateNewBlock(): total size 2463 txs: 4 fees: 2387 sigops 109 2018-12-17 12:21:50 Acceptable block: ver:20000000 time:1545049310 size: 1571 Tx:5 Sig:10 2018-12-17 12:21:50 CreateNewBlock(): total size 2463 txs: 4 fees: 2387 sigops 109 2018-12-17 12:21:50 Acceptable block: ver:20000000 time:1545049310 size: 1571 Tx:5 Sig:10 2018-12-17 12:30:52 connect() to [2607:f2c0:ecae:3d:1262:ebff:fe48:85f3]:8333 failed: Network is unreachable (101) 2018-12-17 12:37:40 Acceptable block: ver:20000000 time:1545050227 size: 69173 Tx:76 Sig:146 2018-12-17 12:37:40 UpdateTip: new best=000000000000000002b2982882663cf01b1db0bcc2876fa55c2a41d3ef354d7b height=561210 bits=403192877 log2_work=87.757309 tx=268355316 date=2018-12-17 12:37:07 progress=0.999998 cache=0.1MiB(548txo) 2018-12-17 12:37:40 CheckAndAlertUnknownVersionbits: 34 of last 100 blocks have unexpected version. One example: 0x20c00000 2018-12-17 12:37:40 CreateNewBlock(): total size 2533 txs: 2 fees: 2316 sigops 103 2018-12-17 12:37:40 Acceptable block: ver:20000000 time:1545050260 size: 1641 Tx:3 Sig:4 2018-12-17 12:37:40 CreateNewBlock(): total size 2533 txs: 2 fees: 2316 sigops 103 2018-12-17 12:37:40 Acceptable block: ver:20000000 time:1545050260 size: 1641 Tx:3 Sig:4 2018-12-17 12:45:19 Acceptable block: ver:20000000 time:1545050688 size: 10306 Tx:14 Sig:29 2018-12-17 12:45:19 UpdateTip: new best=00000000000000000378d55568094cb4aa60155798edd1e4d046c7bfac286a42 height=561211 bits=403185479 log2_work=87.757312 tx=268355330 date=2018-12-17 12:44:48 progress=0.999998 cache=0.1MiB(131txo) 2018-12-17 12:45:19 CheckAndAlertUnknownVersionbits: 34 of last 100 blocks have unexpected version. One example: 0x20c00000 2018-12-17 12:45:19 CreateNewBlock(): total size 13214 txs: 34 fees: 20859 sigops 165 2018-12-17 12:45:19 Acceptable block: ver:20000000 time:1545050719 size: 12322 Tx:35 Sig:55 2018-12-17 12:45:19 CreateNewBlock(): total size 13214 txs: 34 fees: 20859 sigops 165 2018-12-17 12:45:19 Acceptable block: ver:20000000 time:1545050719 size: 12322 Tx:35 Sig:55 2018-12-17 12:51:16 connect() to [2a02:1812:1426:a600:84e:ea09:30b:2772]:8333 failed: Network is unreachable (101) 2018-12-17 12:51:40 connect() to [2001:8003:258d:3200:43:6475:500:8286]:8333 failed: Network is unreachable (101) 

submitted by MattAbrams to btc [link] [comments]

Lies, FUD, and hyperbole

https://medium.com/@octskyward/the-resolution-of-the-bitcoin-experiment-dabb30201f7#.obcepgw0g
Lies, FUD, and hyperbole Part 1
With apologies to the length but Hearn does pack a lot of misrepresentations and lies into this article.
a system completely controlled by just a handful of people. Worse still, the network is on the brink of technical collapse.
This is patently untrue as power dynamics within bitcoin are a complex interwoven level of game theory shared by miners, nodes, developers, merchants and payment processors, and users. Even if one were to make the false assumption that Miners control all the power, the reality is mining pools are either made up of thousands of individual miners who can and do redirect their hashing power or private pools with companies controlled by multiple investors and owners.
Worse still, the network is on the brink of technical collapse.
If and when a fee event happens, bitcoin will be just fine. Wallets already can adjust for fees and tx fee pressures will be kept reasonable because they still need to compete with free off the chain solutions. Whether the Block size is raised to 2, 4, or 8 MB it will also be fine(in the short term) as long as corresponding sigop protections are included. The blocksize debate more has to do with bikeshedding and setting a long term direction for bitcoin than preventing a short term technical collapse.
Couldn’t move your existing money
Bitcoin functions as a payment rails system just fine, just ask Coinbase and bitpay.
Had wildly unpredictable fees that were high and rising fast
False, I normal pay 3-5 pennies , and tx instantly get to their destination and confirm between 5 min to 1 hour like normal. CC txs take weeks to months to confirm.
Allowed buyers to take back payments they’d made after walking out of shops, by simply pressing a button (if >you aren’t aware of this “feature” that’s because Bitcoin was only just changed to allow it)
RBF is opt in , and therefore payment processors won't accept this if they do 0 conf tx approvals.
Is suffering large backlogs and flaky payments
The block chain is full.
Blocks are 60-70% full on average . We have yet to see a continuous backlog lasting more than a few hours max. This conf backlog doesn't prevent tx from being processed unlike when the Visa/paypal network goes down and you cannot make a payment at all.
… which is controlled by China
People in China [b]partially [/b]Control one small aspect of the bitcoin ecosystem and why shouldn't they? They do represent 19% of the worlds population. This comment is both misleading and xenophobic.
… and in which the companies and people building it were in open civil war?
Most people are passionate but still friendly behind closed doors. The Blocksize debate has spurred decentralization of developer groups and new ideas which are good things. Sure there has been some unproductive infighting , but we will get through this and be stronger for it. "Civil wars" exist within and between all currencies anyways so this is nothing surprising.
Once upon a time, Bitcoin had the killer advantage of low and even zero fees, but it’s now common to be asked >to pay more to miners than a credit card would charge.
Credit cards charge 2.8% to 7% in the US and 5-8% in many other countries. Bitcoins once had fees up to 40 cents a tx , and for the past few years normal fees have been consistently between 2-8 pennies per tx on the chain and free off the chain.
Because the block chain is controlled by Chinese miners, just two of whom control more >than 50% of the hash >power.
At a recent conference over 95% of hashing power was controlled by a handful of guys sitting on a single stage.
Mining pools are controlled by many miners and interests , not individuals. Miners also share the control with many other competing interests and are limited in their ability to harm the bitcoin ecosystem if they so choose.
They have chosen instead to ignore the problem and hope it goes away.
Bitcoin core has already come to a consensus on a scaling proposal - https://bitcoincore.org/en/2015/12/21/capacity-increase/ https://bitcoincore.org/en/2015/12/23/capacity-increases-faq/ and various other implementations are developing theirs to propose to the community. Bitcoin Classic is another interesting implementations that appears to have found consensus around BIP102.
This gives them a perverse financial incentive to actually try and stop Bitcoin becoming popular.
The Chinese miners want bitcoin to scale to at least 2MB in the short term, something that both Core and Classic accommodate. Bitcoin will continue to scale with many other solutions and ultimately payment channels will allow it to scale to Visa like levels of TPS.
The resulting civil war has seen Coinbase — the largest and best known Bitcoin startup in the USA — be erased >from the official Bitcoin website for picking the “wrong” side and banned from the community forums.
Coinbase was re-added to bitcoin.org. Mike conveniently left that important datapoint off.
has gone from being a transparent and open community to one that is dominated by rampant censorship
There are more subreddits, more forums , and more information than ever before. The blocksize debate does sometimes create divisions in our ecosystem but the information is all there and easy for anyone to investigate.
But the inability to get news about XT or the censorship itself through to users has some problematic effects.
The failure of XT has nothing to do with the lack of information. If anything there is too much information available , being repeated over and over , in many different venues.
One of them, Gregory Maxwell, had an unusual set of views: he once claimed he had mathematically proven >Bitcoin to be impossible. More problematically, he did not believe in Satoshi’s original vision.
Satoshi never intended to be used as an argument from authority and if he does he can always come back and contribute. We should not depend upon an authority figure but evidence, valid reasoning, and testing.
And indeed back-of-the-envelope calculations suggested that, as he said to me, “it never really hits a scale >ceiling” even when looking at more factors than just bandwidth.
Hearn's calculations are wrong. More specifically they do not take into account TOR, decentralization in locations with bandwidth limitations, bandwidth softcaps imposed by ISP's, the true scale of historical bandwidth increases, and malicious actors attacking the system with sophisticated attacks.
Once the 5 developers with commit access to the code had been chosen and Gavin had decided he did not want >to be the leader, there was no procedure in place to ever remove one.
The 45 developers who contributed to Bitcoin Core in 2015 could be replaced instantly if the community wanted with little effort. Ultimately, the nodes, miners and users control which code they use and no group of developers can force them to upgrade. In fact Bitcoin Core deliberately avoids and auto-update feature with their releases at the cost of usability to specifically insure that users have to actively choose all new features and can opt out simply by not upgrading.
... end of part one...
submitted by bitusher to Bitcoin [link] [comments]

Bitcoin dev IRC meeting in layman's terms (2015-11-05)

Once again my attempt to summarize and explain the weekly bitcoin developer meeting in layman's terms. Link to last weeks summarization Note that I crosspost this to Voat, bitcoin.com and the bitcoin-discuss mailing list every week. I can't control what's being talking about in the meeting, if certain things come up I might not be able to post here because of "guidelines".
Disclaimer
Please bear in mind I'm not a developer and I'd have problems coding "hello world!", so some things might be incorrect or plain wrong. Like any other write-up it likely contains personal biases, although I try to stay as neutral as I can. There are no decisions being made in these meetings, so if I say "everyone agrees" this means everyone present in the meeting, that's not consensus, but since a fair amount of devs are present it's a good representation. The dev IRC and mailinglist are for bitcoin development purposes. If you have not contributed actual code to a bitcoin-implementation, this is probably not the place you want to reach out to. There are many places to discuss things that the developers read, including this sub-reddit.
link to this week logs Meeting minutes by meetbot
Main topics discussed where:
Sigcache performance Performance goals for 0.12 transaction priority sigops flooding attack chain limits
Short topics/notes
Note: cfields, mcelrath and BlueMatt (and maybe more) missed the meeting because of daylight saving time.
Closing date for proposals for the scaling bitcoin workshop is the 9th.
Check to see if there are any other commits for the 0.11.2 RC. As soon as 6948 and 6825 are merged it seems good to go. We need to move fairly quick as there are already miners voting for CLTV (F2Pool). Also testnet is CLTV locked already and is constantly forking. 0.11.2 RC1 has been released as of today: https://bitcoin.org/bin/bitcoin-core-0.11.2/test/
Most of the mempool-limiting analysis assumed child-pays-for-parent, however that isn't ready for 0.12 yet, so we should think about possible abuses in context of the existing mining algorithm.
Because of time-constrains opt-in replace-by-fee has been deferred to next weeks meeting, but most people seem to want it in 0.12. sdaftuar makes a note that we need to make clear to users what they need to do if they don't want to accept opt-in transactions.
Sigcache performance
The signature cache, which is in place to increase performance (by not having to check the signature multiple times), and to mitigate some attacks currently has a default limit of 50 000 signatures. Sipa has a pull-request which proposes to: Change the limit from number of entries to megabytes Change the default to 40MB, which corresponds to 500 000 signatures Store salted hashes instead of full entries Remove entries that have been validated in a block
Sipa did benchmarks for various signature cache sizes on hitrate in blocks (how many of the cached signatures are in the block). The maximum sigcache size was 68MB, resulting in a 3% miss-rate. Some blocks though have extremely high miss rates (60%) while others have none. Likely caused by miners running different policies. Gmaxwell proposed to always run script verification for mempool transactions, even if these transactions get rejected into the mempool by the clients policy. The result of that is that even a 300MB sigcache size only gets down to 15% misses. So there's too much crap being relayed to keep any reasonable sized cache. Gmaxwell points out downsides to not checking any rejected transactions, namely: there are some DOS attacks possible, and you increase your misrate if you set a policy which is more restrictive than the typical network, which might result in a race to the bottom.
Sipa continues his work and seeks out other strategies
Performance goals for 0.12
Bitcoin-core 0.12 is scheduled for release December 1st.
Everybody likes to include secp256k1 ASAP, as it has a very large performance increase. Some people would like to include the sigcache pull-request, BIP30, modifyNewCoins and a createNewBlock rewrite if it's ready. Wumpus advises against merging last-minute performance improvements for 0.12.
Mentioned pull-requests should be reviewed, prioritizing CreateNewBlock
transaction priority
Each transaction is assigned a priority, determined by the age, size, and number of inputs. Which makes some transactions free.
Sipa thinks we should get rid of the current priority completely and replace it with a function that modifies fee or size of a transaction. There's a pull-request available that optimizes the current transaction priority, thereby avoiding the political debate that goes with changing the definition of transaction priority. Luke-jr thinks the old policy should remain possible.
Check to see if PR #6357 is safe and efficient enough.
sigops flooding attack
The number of ECDSA signature-checking operations or sigops is currently limited to 20 000 per block. This in order to prevent miners creating blocks that take ages to verify as those operations are time-consuming. You could however construct transactions that have a very high sigops count and since most miners don't take into account the sigops count they end up with very small blocks because the sigop limit is reached. This attack is described here.
Suggestion to take the number of sigops relative to the maximum blocksize into account with the total size. Meaning a 10k sigops transaction would currently be viewed as 500kB in size (for that single transaction, not towards the block). That suggestion would be easy to change in the mining code, but more invasive to try and plug that into everything that looks at feerate. This would also open up attacks on the mempool if these transactions are not evicted by mempool limiting. Luke-jr has a bytes-per-sigop limit, that filters out these attack transactions.
More analysis should be done, people seem fine with the general direction of fixing it.
chain limits
Chain in this context means connected transactions. When you send a transaction that depends on another transaction that has yet to be confirmed we talk about a chain of transactions. Miners ideally take the whole chain into account instead of just every single transaction (although that's not widely implemented afaik). So while a single transaction might not have a sufficient fee, a depending transaction could have a high enough fee to make it worthwhile to mine both. This is commonly known as child-pays-for-parent. Since you can make these chains very big it's possible to clog up the mempool this way. With the recent malleability attacks, anyone who made transactions going multiple layers deep would've already encountered huge problems doing this (beautifully explained in let's talk bitcoin #258 from 13:50 onwards) Proposal and github link.
sdaftuar's analysis shows that 40% of blocks contain a chain that exceeds the proposed limits. Even a small bump doesn't make the problem go away. Possible sources of these chains: a service paying the fees on other transactions (child-pays-for-parent), an iOS wallet that gladly spends unconfirmed change. A business confirms they use child-pays-for-parent when they receive bitcoins from an unspent chain. It is possible that these long chains are delivered to miners directly, in which case they wouldn't be affected by the proposed relay limits (and by malleability). Since this is a problem that needs to be addressed, people seem fine with merging it anyway, communicating in advance to let businesses think about how this affects them.
Merge "Policy: Lower default limits for tx chains" Morcos will mail the developer mailing list after it's merged.
Participants
morcos Alex Morcos gmaxwell Gregory Maxwell wumpus Wladimir J. van der Laan sipa Pieter Wuille jgarzik Jeff Garzik Luke-Jr Luke Dashjr phantomcircuit Patrick Strateman sdaftuar Suhas Daftuar btcdrak btcdrak jouke ??Jouke Hofman?? jtimon Jorge Timón jonasschnelli Jonas Schnelli 
Comic relief
20:01 wumpus #meetingend 20:01 wumpus #meetingstop 20:01 gmaxwell Thanks all. 20:01 btcdrak #exitmeeting 20:01 gmaxwell #nomeetingnonono 20:01 btcdrak #meedingexit 20:01 wumpus #endmeeting 20:01 lightningbot Meeting ended Thu Nov 5 20:01:29 2015 UTC. Information about MeetBot at http://wiki.debian.org/MeetBot . 20:01 btcdrak #rekt 
submitted by G1lius to Bitcoin [link] [comments]

SegWit-as-a-softfork is a hack. Flexible-Transactions-as-a-hard-fork is simpler, safer and more future-proof than SegWit-as-a-soft-fork - trivially solving malleability, while adding a "tag-based" binary data format (like JSON, XML or HTML) for easier, safer future upgrades with less technical debt

TL;DR:
The Flexible Transaction upgrade proposal should be considered by anyone who cares about the protocol stability because:
https://zander.github.io/posts/Flexible_Transactions/
There is currently a lot of interest and discussion about upgrading Bitcoin to solve various problems (eg: fixing transaction malleability, providing modest on-chain scaling, reducing SigOps complexity. etc.).
One proposal is Blockstream/Core's SegWit-as-a-soft-fork (SWSF) - which most people - including myself - have expressed support for.
However, over the past few months, closer inspection of SegWit reveals several serious and avoidable flaws (possibly due to certain less-visible political / economic power struggles) - leading to the conclusion that that SegWit is inferior in several ways when compared with other, similar proposals - such as Flexible Transations.
Why is Flexible Transactions better than SegWit?
It is true that SegWit would introduce make Bitcoin better in many important ways.
But it also true that SegWit would introduce make Bitcoin worse in many other important ways - all of which are due to Core/Blockstream's mysterious (selfish?) insistence on doing SegWit-as-a-soft-fork.
Why is it better to hard-fork rather than soft-fork Bitcoin at this time?
There are 3 clear and easy-to-understand reasons why most people would agree that a hard fork is better than a soft fork for Bitcoin right now. This is because a hard fork is:
  • simpler and more powerful
  • safer
  • more future-proof
than a soft fork.
Further explanations on these three points are detailed below.
(1) Why is a hard fork simpler and more powerful than a soft fork?
By definition, a soft fork imposes additional restrictions in order to ensure backwards compatibility - because a soft fork cannot change any existing data structures.
Instead, a soft fork must use existing data structures as-is - while adding (optional) semantics to them - which only newer clients can understand and use, and older clients simply ignore.
This restriction (which applies only to soft forks, not to hard forks) severely limits the freedom of developers, making soft forks more complicated and less powerful than hard forks:
  • Some improvements must be implemented using overly complicated code - in order to "shoe-horn" or "force" them into existing data-structures.
  • Some improvements must be entirely abandoned - because there is not way to "shoe-horn" or "force" them into existing data-structures.
https://zander.github.io/posts/Flexible_Transactions/
SegWit wants to keep the data-structure of the transaction unchanged and it tries to fix the data structure of the transaction. This causes friction as you can't do both at the same time, so there will be a non-ideal situation and hacks are to be expected.
The problem, then, is that SegWit introduces more technical debt, a term software developers use to say the system-design isn't done and needs significant more work. And the term 'debt' is accurate as over time everyone that uses transactions will have to understand the defects to work with this properly. Which is quite similar to paying interest.
(2) Why is a hard fork safer than a soft fork?
Ironically, supporters of "soft forks" claim that their approach is "backwards-compatible" - but this claim is not really true in the real world, because:
  • If non-upgraded nodes are no longer able to validate transactions...
  • And If non-upgraded nodes don't even know that they're no longer able to validate transactions...
  • Then this is in many ways actually worse than simply requiring an explicit hard-fork upgrade (where at least everyone is required to explicitly upgrade - and nodes that do not upgrade "know" that they're no longer validating transactions).
It is good to explicitly incentivize and require all nodes to be in consensus regarding what software they should be running - by using a hard fork. This is similar to how Nakamoto consensus works (incentivize and require all nodes to be in consensus regarding the longest valid chain) - and it is also in line with Satoshi's suggestions for upgrading the network.
So, when SegWit supporters claim "a soft-fork is backwards-compatible", they are either (unconsciously) wrong or (consciously) lying.
With SegWit, non-upgraded nodes would no no longer be able to validate transactions - and wouldn't even know that they're no longer able to validate transactions - which is obviously more dangerous than simply requiring all nodes to explicitly upgrade.
https://zander.github.io/posts/Flexible_Transactions/
Using a Soft fork means old clients will stop being able to validate transactions, or even parse them fully. But these old clients are themselves convinced they are doing full validation.
(3) Why is Flexible Transactions more future-proof than SegWit?
https://zander.github.io/posts/Flexible_Transactions/
Using a tagged format for a transaction is a one time hard fork to upgrade the protocol and allow many more changes to be made with much lower impact on the system in the future.
Where SegWit tries to adjust a static memory-format by re-purposing existing fields, Flexible transactions presents a coherent simple design that removes lots of conflicting concepts.
Most importantly, years after Flexible transactions has been introduced we can continue to benefit from the tagged system to extend and fix issues we find then we haven't thought of today. In the same, consistent, concepts.
The basic idea is to change the transaction to be much more like modern systems like JSON, HTML and XML. Its a 'tag' based format and has various advantages over the closed binary-blob format.
For instance if you add a new field, much like tags in HTML, your old browser will just ignore that field making it backwards compatible and friendly to future upgrades.
Conclusions: Flexible Transactions is simpler, safer, more powerful and more future-proof (and even provides more scaling) than SegWit
SegWit has some good ideas and some needed fixes. Stealing all the good ideas and improving on them can be done, but require a hard fork.
Flexible Transactions lowers the amount of changes required in the entire ecosystem.
After SegWit has been in the design stage for a year and still we find show-stopping issues, delaying the release, dropping the requirement of staying backwards-compatible should be on the table.
The introduction of the Flexible Transaction upgrade has big benefits because the transaction design becomes extensible. A hardfork is done once to allow us to do soft upgrades in the future.
[Flexible transactions] introduces a tagged data structure. Conceptually like JSON and XML in that it is flexible, but the proposal is a compact and fast binary format.
Using the Flexible Transaction data format allows many future innovations to be done cleanly in a consistent and, at a later stage, a more backwards compatible manner than SegWit is able to do, even if given much more time.
On size, SegWit proposes to gain 60% space. Which is by removing the signatures minus the overhead introduced. Flexible transactions showed 75% gain.
submitted by ydtm to btc [link] [comments]

Agreement with Satoshi – On the Formalization of Nakamoto Consensus

Cryptology ePrint Archive: Report 2018/400
Date: 2018-05-01
Author(s): Nicholas Stifter, Aljosha Judmayer, Philipp Schindler, Alexei Zamyatin, Edgar Weippl

Link to Paper


Abstract
The term Nakamoto consensus is generally used to refer to Bitcoin's novel consensus mechanism, by which agreement on its underlying transaction ledger is reached. It is argued that this agreement protocol represents the core innovation behind Bitcoin, because it promises to facilitate the decentralization of trusted third parties. Specifically, Nakamoto consensus seeks to enable mutually distrusting entities with weak pseudonymous identities to reach eventual agreement while the set of participants may change over time. When the Bitcoin white paper was published in late 2008, it lacked a formal analysis of the protocol and the guarantees it claimed to provide. It would take the scientific community several years before first steps towards such a formalization of the Bitcoin protocol and Nakamoto consensus were presented. However, since then the number of works addressing this topic has grown substantially, providing many new and valuable insights. Herein, we present a coherent picture of advancements towards the formalization of Nakamoto consensus, as well as a contextualization in respect to previous research on the agreement problem and fault tolerant distributed computing. Thereby, we outline how Bitcoin's consensus mechanism sets itself apart from previous approaches and where it can provide new impulses and directions to the scientific community. Understanding the core properties and characteristics of Nakamoto consensus is of key importance, not only for assessing the security and reliability of various blockchain systems that are based on the fundamentals of this scheme, but also for designing future systems that aim to fulfill comparable goals.

References
[AAC+05] Amitanand S Aiyer, Lorenzo Alvisi, Allen Clement, Mike Dahlin, Jean-Philippe Martin, and Carl Porth. Bar fault tolerance for cooperative services. In ACM SIGOPS operating systems review, volume 39, pages 45–58. ACM, 2005.
[ABSFG08] Eduardo A Alchieri, Alysson Neves Bessani, Joni Silva Fraga, and Fab´ıola Greve. Byzantine consensus with unknown participants. In Proceedings of the 12th International Conference on Principles of Distributed Systems, pages 22–40. SpringerVerlag, 2008.
[AFJ06] Dana Angluin, Michael J Fischer, and Hong Jiang. Stabilizing consensus in mobile networks. In Distributed Computing in Sensor Systems, pages 37–50. Springer, 2006.
[AJK05] James Aspnes, Collin Jackson, and Arvind Krishnamurthy. Exposing computationally-challenged byzantine impostors. Department of Computer Science, Yale University, New Haven, CT, Tech. Rep, 2005.
[AMN+16] Ittai Abraham, Dahlia Malkhi, Kartik Nayak, Ling Ren, and Alexander Spiegelman. Solidus: An incentive-compatible cryptocurrency based on permissionless byzantine consensus. https://arxiv.org/abs/1612.02916, Dec 2016. Accessed: 2017-02-06.
[AS98] Yair Amir and Jonathan Stanton. The spread wide area group communication system. Technical report, TR CNDS-98-4, The Center for Networking and Distributed Systems, The Johns Hopkins University, 1998.
[Bag00] Walter Bagehot. The english constitution, volume 3. Kegan Paul, Trench, Trubner, 1900. ¨
[Ban98] Bela Ban. Design and implementation of a reliable group communication toolkit for java, 1998.
[BBRTP07] Roberto Baldoni, Marin Bertier, Michel Raynal, and Sara Tucci-Piergiovanni. Looking for a definition of dynamic distributed systems. In International Conference on Parallel Computing Technologies, pages 1–14. Springer, 2007.
[Bit] Bitcoin community. Bitcoin-core source code. https://github.com/bitcoin/bitcoin. Accessed: 2015-06-30.
[BJ87] Ken Birman and Thomas Joseph. Exploiting virtual synchrony in distributed systems. volume 21. ACM, 1987.
[BMC+15] Joseph Bonneau, Andrew Miller, Jeremy Clark, Arvind Narayanan, Joshua A Kroll, and Edward W Felten. Sok: Research perspectives and challenges for bitcoin and cryptocurrencies. In IEEE Symposium on Security and Privacy, 2015.
[BO83] Michael Ben-Or. Another advantage of free choice (extended abstract): Completely asynchronous agreement protocols. In Proceedings of the second annual ACM symposium on Principles of distributed computing, pages 27–30. ACM, 1983.
[BPS16a] Iddo Bentov, Rafael Pass, and Elaine Shi. The sleepy model of consensus. https://eprint.iacr.org/2016/918.pdf, 2016. Accessed: 2016-11-08.
[BPS16b] Iddo Bentov, Rafael Pass, and Elaine Shi. Snow white: Provably secure proofs of stake. https://eprint.iacr.org/2016/919.pdf, 2016. Accessed: 2016-11-08.
[BR09] Franc¸ois Bonnet and Michel Raynal. The price of anonymity: Optimal consensus despite asynchrony, crash and anonymity. In Proceedings of the 23rd international conference on Distributed computing, pages 341–355. Springer-Verlag, 2009.
[Bre00] EA Brewer. Towards robust distributed systems. abstract. In Proceedings of the Nineteenth Annual ACM Symposium on Principles of Distributed Computing, page 7, 2000.
[BSAB+17] Shehar Bano, Alberto Sonnino, Mustafa Al-Bassam, Sarah Azouvi, Patrick McCorry, Sarah Meiklejohn, and George Danezis. Consensus in the age of blockchains. arXiv:1711.03936, 2017. Accessed:2017-12-11.
[BT16] Zohir Bouzid and Corentin Travers. Anonymity-preserving failure detectors. In International Symposium on Distributed Computing, pages 173–186. Springer, 2016.
[Can00] Ran Canetti. Security and composition of multiparty cryptographic protocols. Journal of CRYPTOLOGY, 13(1):143–202, 2000.
[Can01] Ran Canetti. Universally composable security: A new paradigm for cryptographic protocols. In Foundations of Computer Science, 2001. Proceedings. 42nd IEEE Symposium on, pages 136–145. IEEE, 2001.
[CFN90] David Chaum, Amos Fiat, and Moni Naor. Untraceable electronic cash. In Proceedings on Advances in cryptology, pages 319–327. Springer-Verlag New York, Inc., 1990.
[CGR07] Tushar D Chandra, Robert Griesemer, and Joshua Redstone. Paxos made live: an engineering perspective. In Proceedings of the twenty-sixth annual ACM symposium on Principles of distributed computing, pages 398–407. ACM, 2007.
[CGR11] Christian Cachin, Rachid Guerraoui, and Luis Rodrigues. Introduction to reliable and secure distributed programming. Springer Science & Business Media, 2011.
[CKS00] Christian Cachin, Klaus Kursawe, and Victor Shoup. Random oracles in constantinople: Practical asynchronous byzantine agreement using cryptography. In Proceedings of the nineteenth annual ACM symposium on Principles of distributed computing, pages 123–132. ACM, 2000.
[CL+99] Miguel Castro, Barbara Liskov, et al. Practical byzantine fault tolerance. In OSDI, volume 99, pages 173–186, 1999.
[CL02] Miguel Castro and Barbara Liskov. Practical byzantine fault tolerance and proactive recovery. ACM Transactions on Computer Systems (TOCS), 20(4):398–461, 2002.
[CNV04] Miguel Correia, Nuno Ferreira Neves, and Paulo Verissimo. How to tolerate half less one byzantine nodes in practical distributed systems. In Reliable Distributed Systems, 2004. Proceedings of the 23rd IEEE International Symposium on, pages 174–183. IEEE, 2004.
[Coo09] J. L. Coolidge. The gambler’s ruin. Annals of Mathematics, 10(4):181–192, 1909.
[Cri91] Flaviu Cristian. Reaching agreement on processor-group membrship in synchronous distributed systems. Distributed Computing, 4(4):175–187, 1991.
[CT96] Tushar Deepak Chandra and Sam Toueg. Unreliable failure detectors for reliable distributed systems. volume 43, pages 225–267. ACM, 1996.
[CV17] Christian Cachin and Marko Vukolic. Blockchain con- ´sensus protocols in the wild. arXiv:1707.01873, 2017. Accessed:2017-09-26.
[CVL10] Miguel Correia, Giuliana S Veronese, and Lau Cheuk Lung. Asynchronous byzantine consensus with 2f+ 1 processes. In Proceedings of the 2010 ACM symposium on applied computing, pages 475–480. ACM, 2010.
[CVNV11] Miguel Correia, Giuliana Santos Veronese, Nuno Ferreira Neves, and Paulo Verissimo. Byzantine consensus in asynchronous message-passing systems: a survey. volume 2, pages 141–161. Inderscience Publishers, 2011.
[CWA+09] Allen Clement, Edmund L Wong, Lorenzo Alvisi, Michael Dahlin, and Mirco Marchetti. Making byzantine fault tolerant systems tolerate byzantine faults. In NSDI, volume 9, pages 153–168, 2009.
[DDS87] Danny Dolev, Cynthia Dwork, and Larry Stockmeyer. On the minimal synchronism needed for distributed consensus. volume 34, pages 77–97. ACM, 1987.
[Dei] Wei Dei. b-money. http://www.weidai.com/bmoney.txt. Accessed on 03/03/2017.
[DGFGK10] Carole Delporte-Gallet, Hugues Fauconnier, Rachid Guerraoui, and Anne-Marie Kermarrec. Brief announcement: Byzantine agreement with homonyms. In Proceedings of the twentysecond annual ACM symposium on Parallelism in algorithms and architectures, pages 74–75. ACM, 2010.
[DGG02] Assia Doudou, Benoˆıt Garbinato, and Rachid Guerraoui. Encapsulating failure detection: From crash to byzantine failures. In International Conference on Reliable Software Technologies, pages 24–50. Springer, 2002.
[DGKR17] Bernardo David, Peter Gazi, Aggelos Kiayias, and Alexan- ˇder Russell. Ouroboros praos: An adaptively-secure, semisynchronous proof-of-stake protocol. Cryptology ePrint Archive, Report 2017/573, 2017. Accessed: 2017-06-29.
[DLP+86] Danny Dolev, Nancy A Lynch, Shlomit S Pinter, Eugene W Stark, and William E Weihl. Reaching approximate agreement in the presence of faults. volume 33, pages 499–516. ACM, 1986.
[DLS88] Cynthia Dwork, Nancy Lynch, and Larry Stockmeyer. Consensus in the presence of partial synchrony. volume 35, pages 288–323. ACM, 1988.
[DN92] Cynthia Dwork and Moni Naor. Pricing via processing or combatting junk mail. In Annual International Cryptology Conference, pages 139–147. Springer, 1992.
[Dol81] Danny Dolev. Unanimity in an unknown and unreliable environment. In Foundations of Computer Science, 1981. SFCS’81. 22nd Annual Symposium on, pages 159–168. IEEE, 1981.
[Dou02] John R Douceur. The sybil attack. In International Workshop on Peer-to-Peer Systems, pages 251–260. Springer, 2002.
[DSU04] Xavier Defago, Andr ´ e Schiper, and P ´ eter Urb ´ an. Total order ´ broadcast and multicast algorithms: Taxonomy and survey. ACM Computing Surveys (CSUR), 36(4):372–421, 2004.
[DW13] Christian Decker and Roger Wattenhofer. Information propagation in the bitcoin network. In Peer-to-Peer Computing (P2P), 2013 IEEE Thirteenth International Conference on, pages 1–10. IEEE, 2013.
[EGSvR16] Ittay Eyal, Adem Efe Gencer, Emin Gun Sirer, and Robbert van Renesse. Bitcoin-ng: A scalable blockchain protocol. In 13th USENIX Security Symposium on Networked Systems Design and Implementation (NSDI’16). USENIX Association, Mar 2016.
[ES14] Ittay Eyal and Emin Gun Sirer. Majority is not enough: Bitcoin ¨ mining is vulnerable. In Financial Cryptography and Data Security, pages 436–454. Springer, 2014.
[Fin04] Hal Finney. Reusable proofs of work (rpow). http://web.archive.org/web/20071222072154/http://rpow.net/, 2004. Accessed: 2016-04-31.
[Fis83] Michael J Fischer. The consensus problem in unreliable distributed systems (a brief survey). In International Conference on Fundamentals of Computation Theory, pages 127–140. Springer, 1983.
[FL82] Michael J FISCHER and Nancy A LYNCH. A lower bound for the time to assure interactive consistency. volume 14, Jun 1982.
[FLP85] Michael J Fischer, Nancy A Lynch, and Michael S Paterson. Impossibility of distributed consensus with one faulty process. volume 32, pages 374–382. ACM, 1985.
[Fuz08] Rachele Fuzzati. A formal approach to fault tolerant distributed consensus. PhD thesis, EPFL, 2008.
[GHM+17] Yossi Gilad, Rotem Hemo, Silvio Micali, Georgios Vlachos, and Nickolai Zeldovich. Algorand: Scaling byzantine agreements for cryptocurrencies. Cryptology ePrint Archive, Report 2017/454, 2017. Accessed: 2017-06-29.
[GKL15] Juan Garay, Aggelos Kiayias, and Nikos Leonardos. The bitcoin backbone protocol: Analysis and applications. In Advances in Cryptology-EUROCRYPT 2015, pages 281–310. Springer, 2015.
[GKL16] Juan A. Garay, Aggelos Kiayias, and Nikos Leonardos. The bitcoin backbone protocol with chains of variable difficulty. http://eprint.iacr.org/2016/1048.pdf, 2016. Accessed: 2017-02-06.
[GKP17] Juan A. Garay, Aggelos Kiayias, and Giorgos Panagiotakos. Proofs of work for blockchain protocols. Cryptology ePrint Archive, Report 2017/775, 2017. http://eprint.iacr.org/2017/775.
[GKQV10] Rachid Guerraoui, Nikola Knezevi ˇ c, Vivien Qu ´ ema, and Marko ´ Vukolic. The next 700 bft protocols. In ´ Proceedings of the 5th European conference on Computer systems, pages 363–376. ACM, 2010.
[GKTZ12] Adam Groce, Jonathan Katz, Aishwarya Thiruvengadam, and Vassilis Zikas. Byzantine agreement with a rational adversary. pages 561–572. Springer, 2012.
[GKW+16] Arthur Gervais, Ghassan O Karame, Karl Wust, Vasileios ¨ Glykantzis, Hubert Ritzdorf, and Srdjan Capkun. On the security and performance of proof of work blockchains. https://eprint.iacr.org/2016/555.pdf, 2016. Accessed: 2016-08-10.
[GL02] Seth Gilbert and Nancy Lynch. Brewer’s conjecture and the feasibility of consistent, available, partition-tolerant web services. volume 33, pages 51–59. ACM, 2002.
[GRKC15] Arthur Gervais, Hubert Ritzdorf, Ghassan O Karame, and Srdjan Capkun. Tampering with the delivery of blocks and transactions in bitcoin. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pages 692–705. ACM, 2015.
[Her88] Maurice P Herlihy. Impossibility and universality results for wait-free synchronization. In Proceedings of the seventh annual ACM Symposium on Principles of distributed computing, pages 276–290. ACM, 1988.
[Her91] Maurice Herlihy. Wait-free synchronization. ACM Transactions on Programming Languages and Systems (TOPLAS), 13(1):124–149, 1991.
[HKZG15] Ethan Heilman, Alison Kendler, Aviv Zohar, and Sharon Goldberg. Eclipse attacks on bitcoin’s peer-to-peer network. In 24th USENIX Security Symposium (USENIX Security 15), pages 129–144, 2015.
[Hoe07] Jaap-Henk Hoepman. Distributed double spending prevention. In Security Protocols Workshop, pages 152–165. Springer, 2007.
[HT94] Vassos Hadzilacos and Sam Toueg. A modular approach to fault-tolerant broadcasts and related problems. Cornell University Technical Report 94-1425, 1994.
[IT08] Hideaki Ishii and Roberto Tempo. Las vegas randomized algorithms in distributed consensus problems. In 2008 American Control Conference, pages 2579–2584. IEEE, 2008.
[JB99] Ari Juels and John G Brainard. Client puzzles: A cryptographic countermeasure against connection depletion attacks. In NDSS, volume 99, pages 151–165, 1999.
[KMMS01] Kim Potter Kihlstrom, Louise E Moser, and P Michael MelliarSmith. The securering group communication system. ACM Transactions on Information and System Security (TISSEC), 4(4):371–406, 2001.
[KMMS03] Kim Potter Kihlstrom, Louise E Moser, and P Michael MelliarSmith. Byzantine fault detectors for solving consensus. volume 46, pages 16–35. Br Computer Soc, 2003.
[KMTZ13] Jonathan Katz, Ueli Maurer, Bjorn Tackmann, and Vassilis ¨ Zikas. Universally composable synchronous computation. In TCC, volume 7785, pages 477–498. Springer, 2013.
[KP15] Aggelos Kiayias and Giorgos Panagiotakos. Speed-security tradeoff s in blockchain protocols. https://eprint.iacr.org/2015/1019.pdf, Oct 2015. Accessed: 2016-10-17.
[KP16] Aggelos Kiayias and Giorgos Panagiotakos. On trees, chains and fast transactions in the blockchain. http://eprint.iacr.org/2016/545.pdf, 2016. Accessed: 2017-02-06.
[KRDO16] Aggelos Kiayias, Alexander Russell, Bernardo David, and Roman Oliynykov. Ouroboros: A provably secure proof-of-stake blockchain protocol. https://pdfs.semanticscholar.org/1c14/549f7ba7d6a000d79a7d12255eb11113e6fa.pdf, 2016. Accessed: 2017-02-20.
[Lam84] Leslie Lamport. Using time instead of timeout for fault-tolerant distributed systems. volume 6, pages 254–280. ACM, 1984.
[Lam98] Leslie Lamport. The part-time parliament. volume 16, pages 133–169. ACM, 1998.
[LCW+06] Harry C Li, Allen Clement, Edmund L Wong, Jeff Napper, Indrajit Roy, Lorenzo Alvisi, and Michael Dahlin. Bar gossip. In Proceedings of the 7th symposium on Operating systems design and implementation, pages 191–204. USENIX Association, 2006.
[LSM06] Brian Neil Levine, Clay Shields, and N Boris Margolin. A survey of solutions to the sybil attack. University of Massachusetts Amherst, Amherst, MA, 7, 2006.
[LSP82] Leslie Lamport, Robert Shostak, and Marshall Pease. The byzantine generals problem. volume 4, pages 382–401. ACM, 1982.
[LSZ15] Yoad Lewenberg, Yonatan Sompolinsky, and Aviv Zohar. Inclusive block chain protocols. In Financial Cryptography and Data Security, pages 528–547. Springer, 2015.
[LTKS15] Loi Luu, Jason Teutsch, Raghav Kulkarni, and Prateek Saxena. Demystifying incentives in the consensus computer. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pages 706–719. ACM, 2015.
[Lyn96] Nancy A Lynch. Distributed algorithms. Morgan Kaufmann, 1996.
[Mic16] Silvio Micali. Algorand: The efficient and democratic ledger. http://arxiv.org/abs/1607.01341, 2016. Accessed: 2017-02-09.
[Mic17] Silvio Micali. Byzantine agreement, made trivial. https://people.csail.mit.edu/silvio/SelectedApr 2017. Accessed:2018-02-21.
[MJ14] A Miller and LaViola JJ. Anonymous byzantine consensus from moderately-hard puzzles: A model for bitcoin. https://socrates1024.s3.amazonaws.com/consensus.pdf, 2014. Accessed: 2016-03-09.
[MMRT03] Dahlia Malkhi, Michael Merritt, Michael K Reiter, and Gadi Taubenfeld. Objects shared by byzantine processes. volume 16, pages 37–48. Springer, 2003.
[MPR01] Hugo Miranda, Alexandre Pinto, and Luıs Rodrigues. Appia, a flexible protocol kernel supporting multiple coordinated channels. In Distributed Computing Systems, 2001. 21st International Conference on., pages 707–710. IEEE, 2001.
[MR97] Dahlia Malkhi and Michael Reiter. Unreliable intrusion detection in distributed computations. In Computer Security Foundations Workshop, 1997. Proceedings., 10th, pages 116–124. IEEE, 1997.
[MRT00] Achour Mostefaoui, Michel Raynal, and Fred´ eric Tronel. From ´ binary consensus to multivalued consensus in asynchronous message-passing systems. Information Processing Letters, 73(5-6):207–212, 2000.
[MXC+16] Andrew Miller, Yu Xia, Kyle Croman, Elaine Shi, and Dawn Song. The honey badger of bft protocols. https://eprint.iacr.org/2016/199.pdf, 2016. Accessed: 2017-01-10.
[Nak08a] Satoshi Nakamoto. Bitcoin: A peer-to-peer electronic cash system. https://bitcoin.org/bitcoin.pdf, Dec 2008. Accessed: 2015-07-01.
[Nak08b] Satoshi Nakamoto. Bitcoin p2p e-cash paper, 2008.
[Nar16] Narayanan, Arvind and Bonneau, Joseph and Felten, Edward and Miller, Andrew and Goldfeder, Steven. Bitcoin and cryptocurrency technologies. https://d28rh4a8wq0iu5.cloudfront.net/bitcointech/readings/princeton bitcoin book.pdf?a=1, 2016. Accessed: 2016-03-29.
[Nei94] Gil Neiger. Distributed consensus revisited. Information processing letters, 49(4):195–201, 1994.
[NG16] Christopher Natoli and Vincent Gramoli. The blockchain anomaly. In Network Computing and Applications (NCA), 2016 IEEE 15th International Symposium on, pages 310–317. IEEE, 2016.
[NKMS16] Kartik Nayak, Srijan Kumar, Andrew Miller, and Elaine Shi. Stubborn mining: Generalizing selfish mining and combining with an eclipse attack. In 1st IEEE European Symposium on Security and Privacy, 2016. IEEE, 2016.
[PS16a] Rafael Pass and Elaine Shi. Fruitchains: A fair blockchain. http://eprint.iacr.org/2016/916.pdf, 2016. Accessed: 2016-11-08.
[PS16b] Rafael Pass and Elaine Shi. Hybrid consensus: Scalable permissionless consensus. https://eprint.iacr.org/2016/917.pdf, Sep 2016. Accessed: 2016-10-17.
[PS17] Rafael Pass and Elaine Shi. Thunderella: Blockchains with optimistic instant confirmation. Cryptology ePrint Archive, Report 2017/913, 2017. Accessed:2017-09-26.
[PSL80] Marshall Pease, Robert Shostak, and Leslie Lamport. Reaching agreement in the presence of faults. volume 27, pages 228–234. ACM, 1980.
[PSs16] Rafael Pass, Lior Seeman, and abhi shelat. Analysis of the blockchain protocol in asynchronous networks. http://eprint.iacr.org/2016/454.pdf, 2016. Accessed: 2016-08-01.
[Rab83] Michael O Rabin. Randomized byzantine generals. In Foundations of Computer Science, 1983., 24th Annual Symposium on, pages 403–409. IEEE, 1983.
[Rei96] Michael K Reiter. A secure group membership protocol. volume 22, page 31, 1996.
[Ric93] Aleta M Ricciardi. The group membership problem in asynchronous systems. PhD thesis, Cornell University, 1993.
[Ros14] M. Rosenfeld. Analysis of hashrate-based double spending. http://arxiv.org/abs/1402.2009, 2014. Accessed: 2016-03-09.
[RSW96] Ronald L Rivest, Adi Shamir, and David A Wagner. Time-lock puzzles and timed-release crypto. 1996.
[Sch90] Fred B Schneider. Implementing fault-tolerant services using the state machine approach: A tutorial. volume 22, pages 299–319. ACM, 1990.
[SLZ16] Yonatan Sompolinsky, Yoad Lewenberg, and Aviv Zohar. Spectre: A fast and scalable cryptocurrency protocol. Cryptology ePrint Archive, Report 2016/1159, 2016. Accessed: 2017-02-20.
[SSZ15] Ayelet Sapirshtein, Yonatan Sompolinsky, and Aviv Zohar. Optimal selfish mining strategies in bitcoin. http://arxiv.org/pdf/1507.06183.pdf, 2015. Accessed: 2016-08-22.
[SW16] David Stolz and Roger Wattenhofer. Byzantine agreement with median validity. In LIPIcs-Leibniz International Proceedings in Informatics, volume 46. Schloss Dagstuhl-Leibniz-Zentrum fuer Informatik, 2016.
[Swa15] Tim Swanson. Consensus-as-a-service: a brief report on the emergence of permissioned, distributed ledger systems. http://www.ofnumbers.com/wp-content/uploads/2015/04/Permissioned-distributed-ledgers.pdf, Apr 2015. Accessed: 2017-10-03.
[SZ13] Yonatan Sompolinsky and Aviv Zohar. Accelerating bitcoin’s transaction processing. fast money grows on trees, not chains, 2013.
[SZ16] Yonatan Sompolinsky and Aviv Zohar. Bitcoin’s security model revisited. http://arxiv.org/pdf/1605.09193, 2016. Accessed: 2016-07-04.
[Sza14] Nick Szabo. The dawn of trustworthy computing. http://unenumerated.blogspot.co.at/2014/12/the-dawn-of-trustworthy-computing.html, 2014. Accessed: 2017-12-01.
[TS16] Florian Tschorsch and Bjorn Scheuermann. Bitcoin and ¨ beyond: A technical survey on decentralized digital currencies. In IEEE Communications Surveys Tutorials, volume PP, pages 1–1, 2016.
[VCB+13] Giuliana Santos Veronese, Miguel Correia, Alysson Neves Bessani, Lau Cheuk Lung, and Paulo Verissimo. Efficient byzantine fault-tolerance. volume 62, pages 16–30. IEEE, 2013.
[Ver03] Paulo Ver´ıssimo. Uncertainty and predictability: Can they be reconciled? In Future Directions in Distributed Computing, pages 108–113. Springer, 2003.
[Vuk15] Marko Vukolic. The quest for scalable blockchain fabric: ´ Proof-of-work vs. bft replication. In International Workshop on Open Problems in Network Security, pages 112–125. Springer, 2015.
[Vuk16] Marko Vukolic. Eventually returning to strong consistency. https://pdfs.semanticscholar.org/a6a1/b70305b27c556aac779fb65429db9c2e1ef2.pdf, 2016. Accessed: 2016-08-10.
[XWS+17] Xiwei Xu, Ingo Weber, Mark Staples, Liming Zhu, Jan Bosch, Len Bass, Cesare Pautasso, and Paul Rimba. A taxonomy of blockchain-based systems for architecture design. In Software Architecture (ICSA), 2017 IEEE International Conference on , pages 243–252. IEEE, 2017.
[YHKC+16] Jesse Yli-Huumo, Deokyoon Ko, Sujin Choi, Sooyong Park, and Kari Smolander. Where is current research on blockchain technology? – a systematic review. volume 11, page e0163477. Public Library of Science, 2016.
[ZP17] Ren Zhang and Bart Preneel. On the necessity of a prescribed block validity consensus: Analyzing bitcoin unlimited mining protocol. http://eprint.iacr.org/2017/686, 2017. Accessed: 2017-07-20.
submitted by dj-gutz to myrXiv [link] [comments]

Bitcoin Unlimited - Bitcoin Cash edition 1.5.0.2 has just been released

Download the latest Bitcoin Cash compatible release of Bitcoin Unlimited (1.5.0.2, November 13th, 2018) from:
 
https://www.bitcoinunlimited.info/download
 
This is a minor bugs fix only release version based of Bitcoin Unlimited compatible with the Bitcoin Cash specifications you could find here:
This release also provides an RPC called 'signdata' to generate signatures compatible with the CHECKDATASIG opcode. Like 1.5.0.1 it is compatible with both Bitcoin Cash and SV changes to the consensus rules. SV features set is disabled by default, the default policy is to activate the set of changes as defined by the bitcoincash.org.
List of notable changes and fixes to the code base:
 
Release notes: https://github.com/BitcoinUnlimited/BitcoinUnlimited/blob/dev/doc/release-notes/release-notes-bucash1.5.0.2.md
 
PS:
submitted by s1ckpig to Bitcoincash [link] [comments]

Extension block proposal by Jeffrey et al | Luke Dashjr | Apr 04 2017

Luke Dashjr on Apr 04 2017:
Recently there has been some discussion of an apparent work-in-progress
extension block proposal by Christopher Jeffrey, Joseph Poon, Fedor Indutny,
and Steven Pair. Since this hasn't been formally posted on the ML yet, perhaps
it is still in pre-draft stages and not quite ready for review, but in light
of public interest, I think it is appropriate to open it to discussion, and
toward this end, I have reviewed the current revision.
For reference, the WIP proposal itself is here:
https://github.com/tothemoon-org/extension-blocks 
==Overall analysis & comparison==
This is a relatively complicated proposal, creating a lot of additional
technical debt and complexity in comparison to both BIP 141 and hardforks. It
offers no actual benefits beyond BIP 141 or hardforks, so seems irrational to
consider at face value. In fact, it fits much better the inaccurate criticisms
made by segwit detractors against BIP 141.
That being said, this proposal is very interesting in construction and is for
the most part technically sound. While ill-fit to merely making blocks larger,
it may be an ideal fit for fundamentally different block designs such as
Rootstock and MimbleWimble in absence of decentralised non-integrated
sidechains (extension blocks are fundamentally sidechains tied into Bitcoin
directly).
==Fundamental problem==
Extension blocks are a risk of creating two classes of "full nodes": those
which verify the full block (and are therefore truly full nodes), and those
which only verify the "base" block. However, because the extension is
consensus-critical, the latter are in fact not full nodes at all, and are left
insecure like pseudo-SPV (not even real SPV) nodes. This technical nature is
of course true of a softfork as well, but softforks are intentionally designed
such that all nodes are capable of trivially upgrading, and there is no
expectation for anyone to run with pre-softfork rules.
In general, hardforks can provide the same benefits of an extension block, but
without the false expectation and pointless complexity.
==Other problems & questions==
These outpoints may not be spent inside the mempool (they must be redeemed
from the next resolution txid in reality).
This breaks the ability to spend unconfirmed funds in the same block (as is
required for CPFP).
The extension block's transaction count is not cryptographically committed-to
anywhere. (This is an outstanding bug in Bitcoin today, but impractical to
exploit in practice; however, exploiting it in an extension block may not be
as impractical, and it should be fixed given the opportunity.)
The merkle root is to be calculated as a merkle tree with all extension
block txids and wtxids as the leaves.
This needs to elaborate how the merkle tree is constructed. Are all the txids
followed by all the wtxids (tx hashes)? Are they alternated? Are txid and
wtxid trees built independently and merged at the tip?
Output script code aside from witness programs, p2pkh or p2sh is considered
invalid in extension blocks.
Why? This prevents extblock users from sending to bare multisig or other
various possible destinations. (While static address forms do not exist for
other types, they can all be used by the payment protocol.)
Additionally, this forbids datacarrier (OP_RETURN), and forces spam to create
unprovably-unspendable UTXOs. Is that intentional?
The maximum extension size should be intentionally high.
This has the same "attacks can do more damage than ordinary benefit" issue as
BIP141, but even more extreme since it is planned to be used for future size
increases.
Witness key hash v0 shall be worth 1 point, multiplied by a factor of 8.
What is a "point"? What does it mean multiplied by a factor of 8? Why not just
say "8 points"?
Witness script hash v0 shall be worth the number of accurately counted
sigops in the redeem script, multiplied by a factor of 8.
Please define "accurately counted" here. Is this using BIP16 static counting,
or accurately counting sigops during execution?
To reduce the chance of having redeem scripts which simply allow for garbage
data in the witness vector, every 73 bytes in the serialized witness vector is
worth 1 additional point.
Is the size rounded up or down? If down, 72-byte scripts will carry 0
points...)
==Trivial & process==
BIPs must be in MediaWiki format, not Markdown. They should be submitted for
discussion to the bitcoin-dev mailing list, not social media and news.
Layer: Consensus (soft-fork)
Extension blocks are more of a hard-fork IMO.
License: Public Domain
BIPs may not be "public domain" due to non-recognition in some jurisdictions.
Can you agree on one or more of these?
https://github.com/bitcoin/bips/blob/mastebip-0002.mediawiki#Recommended_licenses

Abstract

This specification defines a method of increasing bitcoin transaction
throughput without altering any existing consensus rules.
This is inaccurate. Even softforks alter consensus rules.

Motivation

Bitcoin retargetting ensures that the time in between mined blocks will be
roughly 10 minutes. It is not possible to change this rule. There has been
great debate regarding other ways of increasing transaction throughput, with
no proposed consensus-layer solutions that have proven themselves to be
particularly safe.
Block time seems entirely unrelated to this spec. Motivation is unclear.
Extension blocks leverage several features of BIP141, BIP143, and BIP144 for
transaction opt-in, serialization, verification, and network services, and as
such, extension block activation entails BIP141 activation.
As stated in the next paragraph, the rules in BIP 141 are fundamentally
incompatible with this one, so saying BIP 141 is activated is confusingly
incorrect.
This specification should be considered an extension and modification to
these BIPs. Extension blocks are not compatible with BIP141 in its current
form, and will require a few minor additional rules.
Extension blocks should be compatible with BIP 141, there doesn’t appear to be
any justification for not making them compatible.
This specification prescribes a way of fooling non-upgraded nodes into
believing the existing UTXO set is still behaving as they would expect.
The UTXO set behaves fundamentally different to old nodes with this proposal,
albeit in a mostly compatible manner.
Note that canonical blocks containing entering outputs MUST contain an
extension block commitment (all zeroes if nothing is present in the extension
block).
Please explain why in Rationale.
Coinbase outputs MUST NOT contain witness programs, as they cannot be
sweeped by the resolution transaction due to previously existing consensus
rules.
Seems like an annoying technical debt. I wonder if it can be avoided.
The genesis resolution transaction MAY also include a 1-100 byte pushdata in
the first input script, allowing the miner of the genesis resolution to add a
special message. The pushdata MUST be castable to a true boolean.
Why? Unlike the coinbase, this seems to create additional technical debt with
no apparent purpose. Better to just have a consensus rule every input must be
null.
The resolution transaction's version MUST be set to the uint32 max (`232 -
1`).
Transaction versions are signed, so I assume this is actually simply -1.
(While signed transaction versions seemed silly to me, using it for special
cases like this actually makes sense.)

Exiting the extension block

Should specify that spending such an exit must use the resolution txid, not
the extblock's txid.
On the policy layer, transaction fees may be calculated by transaction cost
as well as additional size/legacy-sigops added to the canonical block due to
entering or exiting outputs.
BIPs should not specify policy at all. Perhaps prefix "For the avoidance of
doubt:" to be clear that miners may perform any fee logic they like.
Transactions within the extended transaction vector MAY include a witness
vector using BIP141 transaction serialization.
Since extblock transactions are all required to be segwit, why wouldn't this
be mandatory?
consensus rule.
Note this makes adoption slower: wallets cannot use the extblock until the
economy has updated to support segwit-native addresses.
To reduce the chance of having redeem scripts which simply allow for garbage
data in the witness vector, every 73 bytes in the serialized witness vector is
worth 1 additional point.
Please explain why 73 bytes in Rationale.
This leaves room for 7 future soft-fork upgrades to relax DoS limits.
How so? Please explain.
A consensus dust threshold is now enforced within the extension block.
Why?
If the second highest transaction version bit (30th bit) is set to to 1
within an extension block transaction, an extra 700-bytes is reserved on the
transaction space used up in the block.
Why wouldn't users set this on all transactions?
default_witness_commitment has been renamed to
default_extension_commitment and includes the extension block commitment
script.
default_witness_commitment was never part of the GBT spec. At least describe
what this new key is.
Should be just extblk if backward compatibility is supported (and !extblk
when not).
The "deactivation" deployment'...[message truncated here by reddit bot]...
original: https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-April/013981.html
submitted by dev_list_bot to bitcoin_devlist [link] [comments]

Explain version messages

Hi,
I was reviewing logs from a Bitcoin ABC node I set up to compare them with Bitcoin Unlimited Cash. The Bitcoin ABC node has a lot of these messages.
I thought that most of the nodes we would connect to would be using versions like BUCash or Bitcoin ABC or something like that. Am I misunderstanding what the "version message" means?
2019-01-18 05:49:19 receive version message: [5.9.151.109:47574] /bitcoin-core-sq-seeder:0.16.2/: version 80030, blocks=350000, us=50.225.198.67:6628, peer=70594 2019-01-18 05:50:15 receive version message: [5.189.177.233:9558] /bch-bu-seeder:0.01/: version 60000, blocks=350000, us=50.225.198.67:6628, peer=70595 2019-01-18 05:50:28 receive version message: [178.128.240.143:38235] /cashnodes.io:0.1/: version 70015, blocks=565788, us=50.225.198.67:6628, peer=70596 2019-01-18 05:51:19 receive version message: [173.249.34.172:32243] /cashnodes.io:0.0.1/: version 70015, blocks=565788, us=50.225.198.67:6628, peer=70597 2019-01-18 05:51:46 receive version message: [178.128.240.143:28031] /cashnodes.io:0.1/: version 70015, blocks=565788, us=50.225.198.67:6628, peer=70598 2019-01-18 05:52:01 receive version message: [54.212.243.152:58575] /bitnodes.coin.dance:0.1/: version 70015, blocks=565788, us=50.225.198.67:6628, peer=70599 2019-01-18 05:52:06 receive version message: [173.249.34.172:45171] /cashnodes.io:0.0.1/: version 70015, blocks=565788, us=50.225.198.67:6628, peer=70600 2019-01-18 05:52:23 receive version message: [173.208.197.29:58984] /bitcoin-core-sq-seeder:0.16.1/: version 70015, blocks=350000, us=50.225.198.67:6628, peer=70601 2019-01-18 05:52:37 receive version message: [35.194.22.118:40098] bitcoin-seeder:1.0.0/: version 70013, blocks=0, us=50.225.198.67:6628, peer=70602 2019-01-18 05:52:37 socket recv error Connection reset by peer (104) 2019-01-18 05:54:13 receive version message: [54.212.243.152:44234] /bitnodes.coin.dance:0.1/: version 70015, blocks=565788, us=50.225.198.67:6628, peer=70603 2019-01-18 05:54:57 receive version message: [173.249.34.172:22930] /cashnodes.io:0.0.1/: version 70015, blocks=565788, us=50.225.198.67:6628, peer=70604 2019-01-18 05:55:38 receive version message: [155.94.182.88:59722] /bitcoin-core-sq-seeder:0.16.2/: version 80030, blocks=350000, us=50.225.198.67:6628, peer=70605 2019-01-18 05:56:39 receive version message: [54.212.243.152:48395] /bitnodes.coin.dance:0.1/: version 70015, blocks=565788, us=50.225.198.67:6628, peer=70606 2019-01-18 05:56:57 receive version message: [173.249.34.172:44065] /cashnodes.io:0.0.1/: version 70015, blocks=565788, us=50.225.198.67:6628, peer=70607 2019-01-18 05:58:32 receive version message: [178.128.240.143:60113] /cashnodes.io:0.1/: version 70015, blocks=565788, us=50.225.198.67:6628, peer=70608 2019-01-18 05:58:59 receive version message: [178.128.240.143:49551] /cashnodes.io:0.1/: version 70015, blocks=565788, us=50.225.198.67:6628, peer=70609 2019-01-18 05:59:19 UpdateTip: new best=000000000000000003bfa7f1d462af8869c4c85942d899d318c6ed77a7ae03cf height=565789 version=0x20400000 log2_work=87.779927 tx=268661356 date='2019-01-18 05:59:08' progress=1.000000 cache=2.1MiB(9050txo) warning='44 of last 100 blocks have unexpected version' 2019-01-18 05:59:19 CreateNewBlock(): total size: 81 txs: 0 fees: 0 sigops 100 2019-01-18 05:59:32 receive version message: [173.249.34.172:63336] /cashnodes.io:0.0.1/: version 70015, blocks=565788, us=50.225.198.67:6628, peer=70610 2019-01-18 06:00:21 receive version message: [144.76.102.2:54521] /open-nodes:0.1/: version 70015, blocks=565720, us=50.225.198.67:6628, peer=70611 2019-01-18 06:00:28 UpdateTip: new best=0000000000000000047c4b037361f5bb05a710a5a0d7367ae159ea9939af1040 height=565790 version=0x20000000 log2_work=87.779932 tx=268661360 date='2019-01-18 06:00:21' progress=1.000000 cache=2.1MiB(9057txo) warning='43 of last 100 blocks have unexpected version' 2019-01-18 06:00:28 receive version message: [116.203.55.105:56895] /open-nodes:0.1/: version 70015, blocks=565726, us=50.225.198.67:6628, peer=70612 2019-01-18 06:00:28 CreateNewBlock(): total size: 81 txs: 0 fees: 0 sigops 100 2019-01-18 06:00:48 receive version message: [104.248.124.131:59884] /bitcoinstash-seeder:0.01/: version 60000, blocks=350000, us=50.225.198.67:6628, peer=70613 2019-01-18 06:00:53 receive version message: [188.214.30.95:54539] /open-nodes:0.1/: version 70015, blocks=565720, us=50.225.198.67:6628, peer=70614 2019-01-18 06:01:37 receive version message: [54.212.243.152:42967] /bitnodes.coin.dance:0.1/: version 70015, blocks=565788, us=50.225.198.67:6628, peer=70615 2019-01-18 06:02:16 receive version message: [173.249.34.172:52579] /cashnodes.io:0.0.1/: version 70015, blocks=565788, us=50.225.198.67:6628, peer=70616 2019-01-18 06:03:00 receive version message: [178.128.240.143:3987] /cashnodes.io:0.1/: version 70015, blocks=565788, us=50.225.198.67:6628, peer=70617 2019-01-18 06:04:33 receive version message: [54.212.243.152:45172] /bitnodes.coin.dance:0.1/: version 70015, blocks=565788, us=50.225.198.67:6628, peer=70618 2019-01-18 06:04:54 receive version message: [173.249.34.172:33730] /cashnodes.io:0.0.1/: version 70015, blocks=565788, us=50.225.198.67:6628, peer=70619 2019-01-18 06:05:03 receive version message: [54.212.243.152:34499] /bitnodes.coin.dance:0.1/: version 70015, blocks=565788, us=50.225.198.67:6628, peer=70620 2019-01-18 06:05:32 receive version message: [178.128.240.143:54213] /cashnodes.io:0.1/: version 70015, blocks=565790, us=50.225.198.67:6628, peer=70621 2019-01-18 06:06:24 receive version message: [5.9.151.109:54516] /bitcoin-core-sq-seeder:0.16.2/: version 80030, blocks=350000, us=50.225.198.67:6628, peer=70622 2019-01-18 06:07:08 receive version message: [54.212.243.152:45395] /bitnodes.coin.dance:0.1/: version 70015, blocks=565788, us=50.225.198.67:6628, peer=70623 2019-01-18 06:07:34 receive version message: [5.189.177.233:20330] /bch-bu-seeder:0.01/: version 60000, blocks=350000, us=50.225.198.67:6628, peer=70624 2019-01-18 06:07:48 receive version message: [54.212.243.152:39912] /bitnodes.coin.dance:0.1/: version 70015, blocks=565790, us=50.225.198.67:6628, peer=70625 2019-01-18 06:08:34 receive version message: [173.249.34.172:16400] /cashnodes.io:0.0.1/: version 70015, blocks=565790, us=50.225.198.67:6628, peer=70626 2019-01-18 06:09:21 receive version message: [173.249.34.172:12473] /cashnodes.io:0.0.1/: version 70015, blocks=565790, us=50.225.198.67:6628, peer=70627 2019-01-18 06:09:22 receive version message: [173.208.197.29:33966] /bitcoin-core-sq-seeder:0.16.1/: version 70015, blocks=350000, us=50.225.198.67:6628, peer=70628 2019-01-18 06:10:16 receive version message: [178.128.240.143:18253] /cashnodes.io:0.1/: version 70015, blocks=565790, us=50.225.198.67:6628, peer=70629 2019-01-18 06:10:59 receive version message: [178.128.240.143:6195] /cashnodes.io:0.1/: version 70015, blocks=565790, us=50.225.198.67:6628, peer=70630 2019-01-18 06:11:37 receive version message: [54.212.243.152:54479] /bitnodes.coin.dance:0.1/: version 70015, blocks=565790, us=50.225.198.67:6628, peer=70631 2019-01-18 06:12:43 receive version message: [155.94.182.88:52264] /bitcoin-core-sq-seeder:0.16.2/: version 80030, blocks=350000, us=50.225.198.67:6628, peer=70632 2019-01-18 06:12:55 receive version message: [54.212.243.152:35550] /bitnodes.coin.dance:0.1/: version 70015, blocks=565790, us=50.225.198.67:6628, peer=70633 2019-01-18 06:14:44 receive version message: [178.128.240.143:2405] /cashnodes.io:0.1/: version 70015, blocks=565790, us=50.225.198.67:6628, peer=70634 2019-01-18 06:14:46 receive version message: [54.212.243.152:59687] /bitnodes.coin.dance:0.1/: version 70015, blocks=565790, us=50.225.198.67:6628, peer=70635 2019-01-18 06:15:16 receive version message: [173.249.34.172:2259] /cashnodes.io:0.0.1/: version 70015, blocks=565790, us=50.225.198.67:6628, peer=70636 2019-01-18 06:15:27 UpdateTip: new best=000000000000000001478d5fd498e930c670889dd9fc14f5188d6b24194af389 height=565791 version=0x2fffc000 log2_work=87.779937 tx=268661419 date='2019-01-18 06:15:11' progress=1.000000 cache=2.1MiB(9372txo) warning='44 of last 100 blocks have unexpected version' 2019-01-18 06:15:27 CreateNewBlock(): total size: 81 txs: 0 fees: 0 sigops 100 2019-01-18 06:15:54 UpdateTip: new best=0000000000000000051c8a207e24ca0071260f706986cd40db0d5fc7716e6e8a height=565792 version=0x20000000 log2_work=87.779942 tx=268661420 date='2019-01-18 06:15:27' progress=1.000000 cache=2.1MiB(9419txo) warning='44 of last 100 blocks have unexpected version' 2019-01-18 06:15:54 CreateNewBlock(): total size: 81 txs: 5 fees: 8693 sigops 109 2019-01-18 06:16:32 receive version message: [116.203.55.105:53953] /open-nodes:0.1/: version 70015, blocks=565727, us=50.225.198.67:6628, peer=70637 2019-01-18 06:17:06 UpdateTip: new best=000000000000000003dc1f0cad6ffa9805b1eed06dc601bf179d31f31d405bbb height=565793 version=0x20400000 log2_work=87.779947 tx=268661431 date='2019-01-18 06:16:56' progress=1.000000 cache=2.1MiB(9425txo) warning='45 of last 100 blocks have unexpected version' 2019-01-18 06:17:06 CreateNewBlock(): total size: 81 txs: 1 fees: 278 sigops 102 2019-01-18 06:17:39 receive version message: [54.212.243.152:54002] /bitnodes.coin.dance:0.1/: version 70015, blocks=565790, us=50.225.198.67:6628, peer=70638 2019-01-18 06:17:55 receive version message: [173.249.34.172:29039] /cashnodes.io:0.0.1/: version 70015, blocks=565790, us=50.225.198.67:6628, peer=70639 2019-01-18 06:17:56 receive version message: [104.248.124.131:39294] /bitcoinstash-seeder:0.01/: version 60000, blocks=350000, us=50.225.198.67:6628, peer=70640 2019-01-18 06:18:36 receive version message: [178.128.240.143:16901] /cashnodes.io:0.1/: version 70015, blocks=565790, us=50.225.198.67:6628, peer=70641 2019-01-18 06:18:40 receive version message: [178.128.240.143:30221] /cashnodes.io:0.1/: version 70015, blocks=565790, us=50.225.198.67:6628, peer=70642 2019-01-18 06:19:00 receive version message: [54.212.243.152:60385] /bitnodes.coin.dance:0.1/: version 70015, blocks=565790, us=50.225.198.67:6628, peer=70643 2019-01-18 06:19:08 receive version message: [178.128.240.143:44829] /cashnodes.io:0.1/: version 70015, blocks=565790, us=50.225.198.67:6628, peer=70644 2019-01-18 06:19:57 receive version message: [54.212.243.152:33813] /bitnodes.coin.dance:0.1/: version 70015, blocks=565790, us=50.225.198.67:6628, peer=70645 2019-01-18 06:20:09 receive version message: [54.212.243.152:52174] /bitnodes.coin.dance:0.1/: version 70015, blocks=565790, us=50.225.198.67:6628, peer=70646 2019-01-18 06:21:05 receive version message: [54.212.243.152:53219] /bitnodes.coin.dance:0.1/: version 70015, blocks=565790, us=50.225.198.67:6628, peer=70647 2019-01-18 06:22:44 receive version message: [178.128.240.143:25371] /cashnodes.io:0.1/: version 70015, blocks=565793, us=50.225.198.67:6628, peer=70648 2019-01-18 06:23:06 receive version message: [173.249.34.172:30236] /cashnodes.io:0.0.1/: version 70015, blocks=565793, us=50.225.198.67:6628, peer=70649 2019-01-18 06:23:14 receive version message: [178.128.240.143:41429] /cashnodes.io:0.1/: version 70015, blocks=565793, us=50.225.198.67:6628, peer=70650 2019-01-18 06:23:30 receive version message: [5.9.151.109:33424] /bitcoin-core-sq-seeder:0.16.2/: version 80030, blocks=350000, us=50.225.198.67:6628, peer=70651 2019-01-18 06:24:46 receive version message: [5.189.177.233:31028] /bch-bu-seeder:0.01/: version 60000, blocks=350000, us=50.225.198.67:6628, peer=70652 2019-01-18 06:25:56 receive version message: [54.212.243.152:60943] /bitnodes.coin.dance:0.1/: version 70015, blocks=565793, us=50.225.198.67:6628, peer=70653 2019-01-18 06:26:07 receive version message: [54.212.243.152:50435] /bitnodes.coin.dance:0.1/: version 70015, blocks=565793, us=50.225.198.67:6628, peer=70654 2019-01-18 06:26:21 receive version message: [173.208.197.29:37180] /bitcoin-core-sq-seeder:0.16.1/: version 70015, blocks=350000, us=50.225.198.67:6628, peer=70655 2019-01-18 06:26:57 receive version message: [173.249.34.172:60696] /cashnodes.io:0.0.1/: version 70015, blocks=565793, us=50.225.198.67:6628, peer=70656 2019-01-18 06:27:04 receive version message: [178.128.240.143:37921] /cashnodes.io:0.1/: version 70015, blocks=565793, us=50.225.198.67:6628, peer=70657 2019-01-18 06:27:25 receive version message: [178.128.240.143:9459] /cashnodes.io:0.1/: version 70015, blocks=565793, us=50.225.198.67:6628, peer=70658 2019-01-18 06:29:52 receive version message: [155.94.182.88:45364] /bitcoin-core-sq-seeder:0.16.2/: version 80030, blocks=350000, us=50.225.198.67:6628, peer=70660 2019-01-18 06:30:59 receive version message: [178.128.240.143:7973] /cashnodes.io:0.1/: version 70015, blocks=565793, us=50.225.198.67:6628, peer=70661 2019-01-18 06:31:26 receive version message: [178.128.240.143:15683] /cashnodes.io:0.1/: version 70015, blocks=565793, us=50.225.198.67:6628, peer=70662 2019-01-18 06:31:35 receive version message: [173.249.34.172:62078] /cashnodes.io:0.0.1/: version 70015, blocks=565793, us=50.225.198.67:6628, peer=70663 2019-01-18 06:31:37 receive version message: [116.203.55.105:47825] /open-nodes:0.1/: version 70015, blocks=565728, us=50.225.198.67:6628, peer=70664 2019-01-18 06:31:40 receive version message: [54.212.243.152:43627] /bitnodes.coin.dance:0.1/: version 70015, blocks=565793, us=50.225.198.67:6628, peer=70665 2019-01-18 06:31:48 receive version message: [173.249.34.172:46152] /cashnodes.io:0.0.1/: version 70015, blocks=565793, us=50.225.198.67:6628, peer=70666 

submitted by MattAbrams to btc [link] [comments]

Bitcoin Unlimited - Bitcoin Cash edition 1.5.0.2 has just been released

Download the latest Bitcoin Cash compatible release of Bitcoin Unlimited (1.5.0.2, November 13th, 2018) from:
 
https://www.bitcoinunlimited.info/download
 
This is a minor bugs fix only release version based of Bitcoin Unlimited compatible with the Bitcoin Cash specifications you could find here:
This release also provides an RPC called 'signdata' to generate signatures compatible with the CHECKDATASIG opcode. Like 1.5.0.1 it is compatible with both Bitcoin Cash and SV changes to the consensus rules. SV features set is disabled by default, the default policy is to activate the set of changes as defined by the bitcoincash.org.
List of notable changes and fixes to the code base:
 
Release notes: https://github.com/BitcoinUnlimited/BitcoinUnlimited/blob/dev/doc/release-notes/release-notes-bucash1.5.0.2.md
 
PS:
submitted by s1ckpig to bitcoin_unlimited [link] [comments]

SCRY.INFO underlying double chain technology sharing

SCRY.INFO underlying double chain technology sharing
1.Background
In SCRY project, double chain structure is applied in clients. As for signature algorithm, we selected BIP143. In segregated witness, VERSION 0 applied BIP143 signature verification to increase efficiency, but BIP143S algorithm is not applied to general transactions. We have optimized general transaction signature and verification, apply BIP143 signature and verification to increase the efficiency.
1.1Signature algorithm
Bitcoin applied ECDSA (Elliptic Curve Digital Signature Algorithm) as digital signature algorithm. There are 3 use cases of digital signature algorithm in Bitcoin: 1. Signature can verify the owner of private key, the owner of money transferring in that transaction. 2. The proxy verification cannot be denied, that is the transaction cannot be denied. 3. The signature cannot be falsified, that is transaction (or details of transaction) cannot be adjusted by anyone after signature.
There are two parts of digital signature: one is using private key( signature key) to sign the hash of message(transaction), the other one is to allow everyone can verify the signature by provided public key and information.
  • Signature algorithm
The signature algorithm of Bitcoin is as following:
Sig = Fsig( Fhash(m), dA )
Explanation:
dA is private key signature
m is transaction (or part of transaction)
Fhash is hash function
Fsig is signature algorithm
Sig is result signature
There are 2 functions in the whole signature: Fhash and Fsig。
  • Fhash function
Fhash function is to generate Hash of transaction, first serialize the transaction, based on serialized binary data use SHA256 to calculate the transaction Hash. The general transaction (single input and single output) process is as following:
Transaction serialization:
1.nVersion Transaction version
2.InputCount Input count
3.Prevouts Serialize the input UTXO
4.OutputCount Output count
5.outpoint Serialize the output UTXO
6.nLocktime Locked period of transaction
7.Hash Twice SHA256 calculation based on the data above
  • Fsig function
Fsig function signature algorithm is based on ECDSA. There will be a K value every encryption. Based on this K value, the algorithm will generate a temporary public/private key (K,Q), select X axis of public key Q to get a value R, the formula is as following:
S=K-1 *(Hash(m) + dA *R) mod p
Explanation:
K is temporary private key
R is x axis of temporary public key
dA is signature private key
m is transaction data
p is the main sequence of elliptical curve
The function will generate a value S.
In elliptical curve every encryption will generate a K value. Reuse same K value will cause private key exposed, K value should be seriously secured. Bitcoin use FRC6979 TO ensure certainty, use SHA256 to ensure the security of K value. The simple formula is as following:
K =SHA256(dA+HASH(m))
Explanation,
dA is private key,
m is message.
Final signature will be generated with the combination of ( R and S)
  • Signature verification
Verification process is applying signature to generate inverse function, the formula is as following:
P=S-1 *Hash(m)*G +S-1*R*Qa
Explanation:
R and S are signature value
Qa is user(signer)’s public key
m is signed transaction data
G is generator point of elliptical curve
We can see from this formula, based on information (transaction or part of Hash value), public key and signature of signer(R and S value), calculate the P value, the value will be one point on elliptical curve. If the X axis equals R, then the signature is valid.
1.2

Bip143 brief introduction

There are 4 ECDSA (Elliptic Curve Digital Signature Algorithm) signature verification code(sigops):CHECKSIG, CHECKSIGVERIFY, CHECKMULTISIG, CHECKMULTISIGVERIFY. One transaction abstract will be SHA256 encryption twice.There are at least 2 disadvantages in Bitcoin original digital signature digest algorithm:
●Hash used for data verification is consistent with transaction bytes. The computation of signature verification is based on O(N2) time complexity, time for verification is too long, BIP143 optimizes digest algorithm by importing some “intermediate state” which can be duplicate, make the time complexity of signature verification turn into O(n).
●The other disadvantages of original signature: There are no Bitcoin amounts included in signature when having the transaction, it is not a disadvantage for nodes, but for offline transaction signature devices (cold wallet), since the importing amount is not available, causing that the exact amount and transaction fees cannot be calculated. BIP143 has included the amount in every transaction in the signature.
BIP143 defines a new kind of task digest algorithm, the standard is as following:
Transaction serialization
https://preview.redd.it/2b6c5q2mk7b11.png?width=783&format=png&auto=webp&s=eb952782464942b6930bbd2632fbcd0fbaaf5023
1,4,7,9,10 in the list is the same as original SIGHASH algorithm, original SIGHASH type meaning stay the same. The following contains are changed:
  • Serialization method
  • All SIGHASH commit amount for signature
  • FindAndDelete signature is not suitable for scripteCode;
  • AfterOP_CODESEPARATOR(S),OP_CODESEPARATOR will not delete scriptCode( lastOP_CODESEPARATOR will be deleted after every script);
  • SINGLE does not commit input index.When ANYONECANPAY has no setting,the meaning will not be changed,hashPrevouts and outpoint are implicit committed in input index. When SINGLE use ANYONECANPAY, signed input and output will exist in pairs, but have no limitation to index.
2.BIP143 Signature
In go language, we use btcsuite database to finish signature, btcsuite database is an integrated Bitcoin database, it can generate all nodes program of Bitcoin, but we just use btcsuite database public key/private key API, SHA API and sign RFC6979 signature API. In order to avoid redundancy, the following codes have no adjustments to codes.
2.1
Transaction HASH generation
Transaction information hash generation, every input in transaction will generate a hash value, if there are multi-input in the transaction, then a hash array will be generated, every hash in the array will be consistent with input in transaction.
https://preview.redd.it/n0x5bo9cl7b11.png?width=629&format=png&auto=webp&s=63f4951e5ca7d0cffc6e8905f5d4b33354aa6ecc
Like two transaction input in the image above, every transaction will generate a hash, the transaction above will generate two hash.
  • Fhash function
CalcSignatureHash(script []byte, hashType SigHashType, tx *EMsgTx, idx int)
Explanation:
Script,pubscript is input utxo unlocked script
HashType,signature method or signature type
Tx,details of transaction
Idx,Number of transaction, that is to calculate which transaction hash
The following is Fhash code
https://preview.redd.it/e8xx974gl7b11.png?width=506&format=png&auto=webp&s=9a4f419069bea2e76b8d5b7205a31e06692f3f67
For the situation that multi UTXO input in one transaction, for every input, you can deploy it as examples above, then generate a hash array. Before hash generation, you need to clear “SigantureScript”in other inputs, only leave the “SigantureScript” in this input,That is “ScriptSig”field.
https://preview.redd.it/0omhp2ahl7b11.png?width=462&format=png&auto=webp&s=4cee9b0e4fe10185a39d68bde1032ac4e4dbb9ad
The amount for every UTXO is different. You need to pay attention to the 6th step, what you need to input is the amount for every transaction
Multi-input function generation
func txHash(tx msgtx) ( *[][]byte)
Code details
https://preview.redd.it/rlnxv3lil7b11.png?width=581&format=png&auto=webp&s=804adbee92a9bb9811a4ffc395601ebf191fd664
Repeat deploy Fhash function(CalcSignatureHash)then you can generate a hash array.
2.2Sign with HASH
A hash array is generated in the methods above, for every input with a unique hash in the data, we use signRFC6979 signature function to sign the hash, here we deploy functions in btcsuite database directly.
signRFC6979(PrivateKey, hash)
Through this function, we can generate SigantureScript,add this value to every input SigantureScript field in the transaction.
2.3Multisig
Briefly, multi-sig technology is the question that one UTXO should be signed with how many private keys. There is one condition in script, N public keys are recorded in script, at least M public keys must provide signature to unlock the asset. That is also called M-N method, N is the amount of private keys, M is the signature amount needed for verification
The following is how to realize a 2-2 multisig based on P2SH(Pay-to-Script-Hash) script with go language.
2-2 codes of script function generation:
https://preview.redd.it/7dq7cv9kl7b11.png?width=582&format=png&auto=webp&s=108c6278d656e5fa6b51b5876d5a0f7a1231f933
The function above generated script in the following
2 2 OP_C HECKMULTISIG
Signature function
1. Based on transaction TX,it includes input array []TxIn,generate transaction HASH array,this process is the same as process in general transaction above, deploy the digest function of general transaction above.
func txHash(tx msgtx) ( *[][]byte)
this function generated a hash array, that is every transaction input is consistent with one hash value.
2. Use first public key in redeem script, sign with consistent private key. The process is as general transaction.
signRFC6979(PrivateKey, hash)
After signature, the signature array SignatureScriptArr1 with every single input is generated. Based on this signature value in the array, you can update every input TxIn "SigantureScript" field in transaction TX.
3.Based on updated TX deploy txHash function again, generate new hash array.
func txHash(tx msgtx) ( *[][]byte)
4. Use second public key in redeem script, the consistent private key is used for signature. Use the updated TX in the process above, generate every input hash and sign it.
signRFC6979(PrivateKey, hash)
//Combine the signature generated by first key, signature generated by secondkey and redeem script.
etxscript.EncodeSigScript(&(TX.TxIn[i].SignatureScript),&SigHash2, pkScript)
There are N transactions, so repeat it N times.
The final data is as following:
https://preview.redd.it/78aabhqll7b11.png?width=558&format=png&auto=webp&s=453f7129b2cf3c648b68c2369a4622963087d0c8
References
https://en.wikipedia.org/wiki/Digital_signature*
https://github.com/bitcoin/bips/blob/mastebip-0143.mediawiki
《OReilly.Mastering.Bitcoin.2nd.Edition》
http://www.8btc.com/rfc6979
submitted by StephenCuuuurry to SCRYDDD [link] [comments]

Updating the Scaling Roadmap | Paul Sztorc | Jul 10 2017

Paul Sztorc on Jul 10 2017:
Summary

In my opinion, Greg Maxwell's scaling roadmap [1] succeeded in a few
crucial ways. One success was that it synchronized the entire Bitcoin
community, helping to bring finality to the (endless) conversations of
that time, and get everyone back to work. However, I feel that the Dec
7, 2015 roadmap is simply too old to serve this function any longer. We
should revise it: remove what has been accomplished, introduce new
innovations and approaches, and update deadlines and projections.
Why We Should Update the Roadmap

In a P2P system like Bitcoin, we lack authoritative info-sources (for
example, a "textbook" or academic journal), and as a result
conversations tend to have a problematic lack of progress. They do not
"accumulate", as everyone must start over. Ironically, the scaling
conversation itself has a fatal O(n2) scaling problem.
The roadmap helped solve these problems by being constant in size, and
subjecting itself to publication, endorsement, criticism, and so forth.
Despite the (unavoidable) nuance and complexity of each individual
opinion, it was at least globally known that X participants endorsed Y
set of claims.
Unfortunately, the Dec 2015 roadmap is now 19 months old -- it is quite
obsolete and replacing it is long overdue. For example, it highlights
older items (CSV, compact blocks, versionbits) as being future
improvements, and makes no mention of new high-likelihood improvements
(Schnorr) or mis-emphasizes them (LN). It even contains mistakes (SegWit
fraud proofs). To read the old roadmap properly, one must already be a
technical expert. For me, this defeats the entire point of having one in
the first place.
A new roadmap would be worth your attention, even if you didn't sign it,
because a refusal to sign would still be informative (and, therefore,
helpful)!
So, with that in mind, let me present a first draft. Obviously, I am
strongly open to edits and feedback, because I have no way of knowing
everyone's opinions. I admit that I am partially campaigning for my
Drivechain project, and also for this "scalability"/"capacity"
distinction...that's because I believe in both and think they are
helpful. But please feel free to suggest edits.
I emphasized concrete numbers, and concrete dates.
And I did NOT necessarily write it from my own point of view, I tried
earnestly to capture a (useful) community view. So, let me know how I did.
==== Beginning of New ("July 2017") Roadmap Draft ====
This document updates the previous roadmap [1] of Dec 2015. The older
statement endorsed a belief that "the community is ready to deliver on
its shared vision that addresses the needs of the system while upholding
its values".
That belief has not changed, but the shared vision has certainly grown
sharper over the last 18 months. Below is a list of technologies which
either increase Bitcoin's maximum tps rate ("capacity"), or which make
it easier to process a higher volume of transactions ("scalability").
First, over the past 18 months, the technical community has completed a
number of items [2] on the Dec 2015 roadmap. VersonBits (BIP 9) enables
Bitcoin to handle multiple soft fork upgrades at once. Compact Blocks
(BIP 152) allows for much faster block propagation, as does the FIBRE
Network [3]. Check Sequence Verify (BIP 112) allows trading partners to
mutually update an active transaction without writing it to the
blockchain (this helps to enable the Lightning Network).
Second, Segregated Witness (BIP 141), which reorganizes data in blocks
to handle signatures separately, has been completed and awaits
activation (multiple BIPS). It is estimated to increase capacity by a
factor of 2.2. It also improves scalability in many ways. First, SW
includes a fee-policy which encourages users to minimize their impact on
the UTXO set. Second, SW achieves linear scaling of sighash operations,
which prevents the network from crashing when large transactions are
broadcast. Third, SW provides an efficiency gain for everyone who is not
verifying signatures, as these no longer need to be downloaded or
stored. SegWit is an enabling technology for the Lightning Network,
script versioning (specifically Schnorr signatures), and has a number of
benefits which
are unrelated to capacity [4].
Third, the Lightning Network, which allows users to transact without
broadcasting to the network, is complete [5, 6] and awaits the
activation of SegWit. For those users who are able to make a single
on-chain transaction, it is estimated to increase both capacity and
scalability by a factor of ~1000 (although these capacity increases will
vary with usage patterns). LN also greatly improves transaction speed
and transaction privacy.
Fourth, Transaction Compression [7], observes that Bitcoin transaction
serialization is not optimized for storage or network communication. If
transactions were optimally compressed (as is possible today), this
would improve scalability, but not capacity, by roughly 20%, and in some
cases over 30%.
Fifth, Schnorr Signature Aggregation, which shrinks transactions by
allowing many transactions to have a single shared signature, has been
implemented [8] in draft form in libsecp256k1, and will likely be ready
by Q4 of 2016. One analysis [9] suggests that signature aggregation
would result in storage and bandwidth savings of at least 25%, which
would therefore increase scalability and capacity by a factor of 1.33.
The relative savings are even greater for multisignature transactions.
Sixth, drivechain [10], which allows bitcoins to be temporarily
offloaded to 'alternative' blockchain networks ("sidechains"), is
currently under peer review and may be usable by end of 2017. Although
it has no impact on scalability, it does allow users to opt-in to
greater capacity, by moving their BTC to a new network (although, they
will achieve less decentralization as a result). Individual drivechains
may have different security tradeoffs (for example, a greater reliance
on UTXO commitments, or MimbleWimble's shrinking block history) which
may give them individually greater scalability than mainchain Bitcoin.
Finally, the capacity improvements outlined above may not be sufficient.
If so, it may be necessary to use a hard fork to increase the blocksize
(and blockweight, sigops, etc) by a moderate amount. Such an increase
should take advantage of the existing research on hard forks, which is
substantial [11]. Specifically, there is some consensus that Spoonnet
[12] is the most attractive option for such a hardfork. There is
currently no consensus on a hard fork date, but there is a rough
consensus that one would require at least 6 months to coordinate
effectively, which would place it in the year 2018 at earliest.
The above are only a small sample of current scaling technologies. And
even an exhaustive list of scaling technologies, would itself only be a
small sample of total Bitcoin innovation (which is proceeding at
breakneck speed).
Signed,
[1]
https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2015-Decembe011865.html
[2] https://bitcoincore.org/en/2017/03/13/performance-optimizations-1/
[3] http://bluematt.bitcoin.ninja/2016/07/07/relay-networks/
[4] https://bitcoincore.org/en/2016/01/26/segwit-benefits/
[5]
http://lightning.community/release/software/lnd/lightning/2017/05/03/litening/
[6] https://github.com/ACINQ/eclair
[7] https://people.xiph.org/~greg/compacted_txn.txt
[8]
https://github.com/ElementsProject/secp256k1-zkp/blob/d78f12b04ec3d9f5744cd4c51f20951106b9c41a/src/secp256k1.c#L592-L594
[9] https://bitcoincore.org/en/2017/03/23/schnorr-signature-aggregation/
[10] http://www.drivechain.info/
[11] https://bitcoinhardforkresearch.github.io/
[12]
https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-February/013542.html
==== End of Roadmap Draft ====
In short, please let me know:
  1. If you agree that it would be helpful if the roadmap were updated.
  2. To what extent, if any, you like this draft.
  3. Edits you would make (specifically, I wonder about Drivechain
thoughts and Hard Fork thoughts, particularly how to phrase the Hard
Fork date).
Google Doc (if you're into that kind of thing):
https://docs.google.com/document/d/1gxcUnmYl7yM0oKR9NY9zCPbBbPNocmCq-jjBOQSVH-A/edit?usp=sharing
Cheers,
Paul
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20170710/60d2fe7d/attachment.sig
original: https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-July/014718.html
submitted by dev_list_bot to bitcoin_devlist [link] [comments]

/u/jl_2012 comments on new extension block BIP - "a block reorg will almost guarantee changing txid of the resolution tx, that will permanently invalidate all the child txs based on the resolution tx"

Comments from jl_2012
I feel particularly disappointed that while this BIP is 80% similar to my proposal made 2 months ago ( https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-January/013490.html ), Matt Corallo was only the person replied me. Also, this BIP seems ignored the txid malleability of the resolution tx, as my major technical critique of xblock design.
But anyway, here I’m only making comments on the design. As I said in my earlier post, I consider this more as an academic topic than something really ready for production use.
This specification defines a method of increasing bitcoin transaction throughput without altering any existing consensus rules.
Softforks by definition tighten consensus rules
There has been great debate regarding other ways of increasing transaction throughput, with no proposed consensus-layer solutions that have proven themselves to be particularly safe.
so the authors don’t consider segwit as a consensus-layer solution to increase transaction throughput, or not think segwit is safe? But logically speaking if segwit is not safe, this BIP could only be worse. OTOH, segwit also obviously increases tx throughput, although it may not be as much as some people wish to have.
This specification refines many of Lau's ideas, and offers a much simpler method of tackling the value transfer issue, which, in Lau's proposal, was solved with consensus-layer UTXO selection.
The 2013 one is outdated. As the authors are not quoting it, not sure if they read my January proposal
extension block activation entails BIP141 activation.
I think extension block in the proposed form actually breaks BIP141. It may say it activates segregated witness as a general idea, but not a specific proposal like BIP141
The merkle root is to be calculated as a merkle tree with all extension block txids and wtxids as the leaves.
It needs to be more specific here. How are they exactly arranged? I suggest it uses a root of all txids, and a root of all wtxids, and combine them as the commitment. The reason is to allow people to prune the witness data, yet still able to serve the pruned tx to light wallets. If it makes txid and wtxid as pairs, after witness pruning it still needs to store all the wtxids or it can’t reconstruct the tree
Outputs signal to exit the extension block if the contained script is either a minimally encoded P2PKH or P2SH script.
This hits the biggest question I asked in my January post: do you want to allow direct exit payment to legacy addresses? As a block reorg will almost guarantee changing txid of the resolution tx, that will permanently invalidate all the child txs based on the resolution tx. This is a significant change to the current tx model. To fix this, you need to make exit outputs unspendable for up to 100 blocks. Doing this, however, will make legacy wallet users very confused as they do not anticipate funding being locked up for a long period of time. So you can’t let the money sent back to a legacy address directly, but sent to a new format address that only recognized by new wallet, which understands the lock up requirement. This way, however, introduces friction and some fungibility issues, and I’d expect people using cross chain atomic swap to exchange bitcoin and xbitcoin
To summarise, my questions are: 1. Is it acceptable to have massive txid malleability and transaction chain invalidation for every natural happening reorg? Yes: the current spec is ok; No: next question (I’d say no) 2. Is locking up exit outputs the best way to deal with the problem? (I tried really hard to find a better solution but failed) 3. How long the lock-up period should be? Answer could be anywhere from 1 to 100 4. With a lock-up period, should it allow direct exit to legacy address? (I think it’s ok if the lock-up is short, like 1-2 block. But is that safe enough?) 5. Due to the fungibility issues, it may need a new name for the tokens in the ext-block
Verification of transactions within the extension block shall enforce all currently deployed softforks, along with an extra BIP141-like ruleset.
I suggest to only allow push-only and OP_RETURN scriptPubKey in xblock. Especially, you don’t want to replicate the sighash bug to xblock. Also, requires scriptSig to be always empty
This leaves room for 7 future soft-fork upgrades to relax DoS limits.
Why 7? There are 16 unused witness program versions
Witness script hash v0 shall be worth the number of accurately counted sigops in the redeem script, multiplied by a factor of 8.
There is a flaw here: witness script with no sigop will be counted as 0 and have a lot free space
every 73 bytes in the serialized witness vector is worth 1 additional point.
so 72 bytes is 1 point or 0 point? Maybe it should just scale everything up by 64 or 128, and make 1 witness byte = 1 point . So it won’t provide any “free space” in the block.
Currently defined witness programs (v0) are each worth 8 points. Unknown witness program outputs are worth 1 point. Any exiting output is always worth 8 points.
I’d suggest to have at least 16 points for each witness v0 output, so it will make it always more expensive to create than spend UTXO. It may even provide extra “discount” if a tx has more input than output. The overall objective is to limit the UTXO growth. The ext block should be mainly for making transactions, not store of value (I’ll explain later)
Dust Threshold
In general I think it’s ok, but I’d suggest a higher threshold like 5000 satoshi. It may also combine the threshold with the output witness version, so unknown version may have a lower or no threshold. Alternatively, it may start with a high threshold and leave a backdoor softfork to reduce it.
Deactivation
It is a double-edged sword. While it is good for us to be able to discard an unused chain, it may create really bad user experience and people may even lose money. For example, people may have opened Lightning channels and they will find it not possible to close the channel. So you need to make sure people are not making time-locked tx for years, and require people to refresh their channel regularly. And have big red warning when the deactivation SF is locked in. Generally, xblock with deactivation should never be used as long-term storage of value.
———— some general comments:
  1. This BIP in current form is not compatible with BIP141. Since most nodes are already upgraded to BIP141, this BIP must not be activated unless BIP141 failed to activate. However, if the community really endorse the idea of ext block, I see no reason why we couldn’t activate BIP141 first (which could be done in 2 weeks), then work together to make ext block possible. Ext block is more complicated than segwit. If it took dozens of developers a whole year to release segwit, I don’t see how ext block could become ready for production with less time and efforts.
  2. Another reason to make this BIP compatible with BIP141 is we also need malleability fix in the main chain. As the xblock has a deactivation mechanism, it can’t be used for longterm value storage.
  3. I think the size and cost limit of the xblock should be lower at the beginning, and increases as we find it works smoothly. It could be a predefined growth curve like BIP103, or a backdoor softfork. With the current design, it leaves a massive space for miners to fill up with non-tx garbage. Also, I’d also like to see a complete SPV fraud-proof solution before the size grows bigger.
Source: https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-April/013982.html
submitted by jonny1000 to Bitcoin [link] [comments]

I'm still a "Big Blocker"... except when I'm not.

Let me preface this by saying that I try to respect everyone's opinions, so I'll ask that you respect mine, as well.
I'll get straight to the point: I do not now, nor will I ever, support ANY implementation of Emergent Consensus (EC) -- including Bitcoin Unlimited. I want bigger base blocks, but I do not want EC or BU, specifically.
OK, why?
It's simple. While I have never agreed with Core's conservative scaling Roadmap, and I've found many of them to have toxic attitudes, they have always been correct about exactly one very critical thing: Decentralization is THE most important, interesting, and ultimately valuable aspect of Bitcoin. Without it, the entire concept isn't worth the CPU bandwidth I'm using to write this post. Without it, the entire system loses its trustless and censorship-resistant nature. Without it, we're left with a corruptible database susceptible to all kinds of external influence and control.
Without it, the system is no longer Bitcoin.
I have been kicking, clawing, begging, pleading, engaging, asking, and a whole bunch of other -ings over the last year trying to establish a compromise that might satisfy both "sides" of this scaling "debate." All of my efforts to do so, both publicly and behind the scenes, have failed -- and, if I'm being completely honest, that was primarily because many who support Core are totally and completely unwilling to even listen. Shame on them for that.
On more than one occasion, I've approached the Core and Segwit devs with requests to assist me in drafting a formal BIP for the 2MB+SW Hardfork compromise that I believe a literal fuckton (valid measurement, look it up) of Bitcoin users would ultimately rally behind. Sadly, in every instance, they either outright refused to help me with the technical details I needed to understand, or they ignored my requests altogether. Even more sadly, I do not have the skills necessary to write the BIP, or the code, myself. (I've managed to work out some of the technical details by studying the papers and code, but there are still many nuances with things like SIGOPS and SW that I definitely need the developers to help me with).
Prior to that, I was also heavily involved in supporting the original version of Bitcoin Classic. It was a very straightforward increase to 2MB that would have provided everyone with some sense of compromise and contentment while the Core devs continued working on SW and other improvements in preparation for Layer2 solutions. Sadly, the original Bitcoin Classic efforts fell short -- likely due to a combination of their strange new governance model, the censorship in bitcoin, ridiculous community-wide character assassinations, and not enough native or developer support.
In fact, that's when the entire community, on every side of the issue, became a toxic mess. I mean it -- shit went off the fucking rails! And it has only gotten worse ever since...in BOTH subs!
OK, getting back to Emergent Consensus. The reason I am adamantly opposed to any implementation of EC is because, after studying the concept as thoroughly as possible, I have personally concluded that it will ultimately lead to a centralized version of Bitcoin that I'm not willing to accept or participate in -- something that resembles the oil industry's OPEC (aka Jihan's Wet Dream).
None of the hand-waving and wishful thinking of the BU/EC devs is going to squash those concerns for me. If you listen to any of them speak on the concerns, they use an awful lot of phrases like "I don't think," or "probably not." There is very little data or science to back up their predictions and theories, so their responses amount to nothing more than pseudo-educated guesses about the potential outcomes. Such guesses do not inspire confidence in said theories (or those who are proposing them).
And then there is the code itself. I won't go too much into this part of it because I believe recent events speak for themselves -- the BU devs are in WAY over their heads, there is very little peer review or testing done on the code they merge into releases, and the end result could/would/has placed $20 BILLION in jeopardy. There is literally no chance in hell that I'd run, or recommend running, their software on a production node -- even if I did support the BU concept. Doing so would be pure negligence.
As far as I'm concerned, this entire community needs to step back and realize that fighting for change, for the sake of change, is NOT the correct response to this situation. We should NOT be pushing drastically flawed solutions simply because they're the only ones that have gained any traction (or funding?) at all. We must find another way to achieve our ends that do not involve flawed concepts and code.
If any of you are like me, then all you want to see is on-chain scaling of SOME sort, other than JUST SegWit, in the near future. (That "near future" for me is sometime during the next 12-14 months).
Last year, the Core devs' biggest objections to a hard fork seemed to be the time requirement for doing a hard fork as safely as possible -- and the blocksize hard fork that's still on Core's roadmap (in the "Finally" section) would seem to line up with that. If memory serves, the time requirement they quoted most often was somewhere in the neighborhood of at least 9-12 months.
Well, guess what -- it's been 9-12 months since those objections and concerns were voiced, so we could have been in the final stages of preparation by now for a hard fork that contains both SW and an increase to base size.
OK... so... that obviously didn't happen, and here I am after this fairly long (and rambling, likely incoherent) rant. I'll close with this: I cannot support BU, but I still would like to see on-chain scaling, in addition to SegWit, and I want to see it sometime in the next 12-14 months.
What the hell can we do to make that happen? Is it too late? Is EC the only big-block option users will accept? Is that because it's the only one with any sort of traction, or is it based on some sort of technical merits I'm not understanding? (Please be honest with yourselves on these questions :).
Or, as another possibility, am I completely alone with these concerns and interests? Am I the only one around here who is still a Big Blocker... except when I'm not?
submitted by paleh0rse to btc [link] [comments]

Forcenet: an experimental network with a new header format | Johnson Lau | Dec 04 2016

Johnson Lau on Dec 04 2016:
Based on Luke Dashjr’s code and BIP: https://github.com/luke-jbips/blob/bip-mmhf/bip-mmhf.mediawiki , I created an experimental network to show how a new header format may be implemented.
Basically, the header hash is calculated in a way that non-upgrading nodes would see it as a block with only the coinbase tx and zero output value. They are effectively broken as they won’t see any transactions confirmed. This allows rewriting most of the rules related to block and transaction validity. Such technique has different names like soft-hardfork, firmfork, evil softfork, and could be itself a controversial topic. However, I’d rather not to focus on its soft-hardfork property, as that would be trivial to turn this into a true hardfork (e.g. setting the sign bit in block nVersion, or setting the most significant bit in the dummy coinbase nLockTime)
Instead of its soft-HF property, I think the more interesting thing is the new header format. The current bitcoin header has only 80 bytes. It provides only 32bits of nonce space and is far not enough for ASICs. It also provides no room for committing to additional data. Therefore, people are forced to put many different data in the coinbase transaction, such as merge-mining commitments, and the segwit commitment. It is not a ideal solution, especially for light wallets.
Following the practice of segwit development of making a experimental network (segnet), I made something similar and call it the Forcenet (as it forces legacy nodes to follow the post-fork chain)
The header of forcenet is mostly described in Luke’s BIP, but I have made some amendments as I implemented it. The format is (size in parentheses; little endian):
Height (4), BIP9 signalling field (4), hardfork signalling field (3), merge-mining hard fork signalling field (1), prev hash (32), timestamp (4), nonce1 (4), nonce2 (4), nonce3 (compactSize + variable), Hash TMR (32), Hash WMR (32), total tx size (8) , total tx weight (8), total sigops (8), number of tx (4), merkle branches leading to header C (compactSize + 32 bit hashes)
In addition to increasing the max block size, I also showed how the calculation and validation of witness commitment may be changed with a new header. For example, since the commitment is no longer in the coinbase tx, we don’t need to use a 0000….0000 hash for the coinbase tx like in BIP141.
Something not yet done:
  1. The new merkle root algorithm described in the MMHF BIP
  2. The nTxsSigops has no meaning currently
  3. Communication with legacy nodes. This version can’t talk to legacy nodes through the P2P network, but theoretically they could be linked up with a bridge node
  4. A new block weight definition to provide incentives for slowing down UTXO growth
  5. Many other interesting hardfork ideas, and softfork ideas that works better with a header redesign
For easier testing, forcenet has the following parameters:
Hardfork at block 200
Segwit is always activated
1 minutes block with 40000 (prefork) and 80000 (postfork) weight limit
50 blocks coinbase maturity
21000 blocks halving
144 blocks retarget
How to join: codes at https://github.com/jl2012/bitcoin/tree/forcenet1 , start with "bitcoind —forcenet" .
Connection: I’m running a node at 8333.info with default port (38901)
Mining: there is only basic internal mining support. Limited GBT support is theoretically possible but needs more hacking. To use the internal miner, writeup a shell script to repeatedly call “bitcoin-cli —forcenet generate 1”
New RPC commands: getlegacyblock and getlegacyblockheader, which generates blocks and headers that are compatible with legacy nodes.
This is largely work-in-progress so expect a reset every couple weeks
jl2012
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 671 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20161205/126aae21/attachment.sig
original: https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2016-Decembe013338.html
submitted by dev_list_bot to bitcoin_devlist [link] [comments]

BIP proposal: Increase block size limit to 2 megabytes | Gavin Andresen | Feb 05 2016

Gavin Andresen on Feb 05 2016:
This has been reviewed by merchants, miners and exchanges for a couple of
weeks, and has been implemented and tested as part of the Bitcoin Classic
and Bitcoin XT implementations.
Constructive feedback welcome; argument about whether or not it is a good
idea to roll out a hard fork now will be unproductive, so I vote we don't
go there.
Draft BIP:
https://github.com/gavinandresen/bips/blob/bump2mb/bip-bump2mb.mediawiki
Summary:
Increase block size limit to 2,000,000 bytes.
After 75% hashpower support then 28-day grace period.
With accurate sigop counting, but existing sigop limit (20,000)
And a new, high limit on signature hashing
Blog post walking through the code:
http://gavinandresen.ninja/a-guided-tour-of-the-2mb-fork
Blog post on a couple of the constants chosen:
http://gavinandresen.ninja/seventyfive-twentyeight

Gavin Andresen
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20160205/75a2eca2/attachment.html
original: http://lists.linuxfoundation.org/pipermail/bitcoin-dev/2016-February/012358.html
submitted by dev_list_bot to bitcoin_devlist [link] [comments]

Bitcoin dev IRC meeting in layman's terms (2015-11-05)

Once again my attempt to summarize and explain the weekly bitcoin developer meeting in layman's terms. Link to last weeks summarization
On a personal note: I really don't like the fact someone pm'ed me telling me "a majority of bitcoiners have moved to btc", it's not (yet) true and comes across as very spammy. This combined with the tin-foiled hat people-bashing which seems to be popular makes me almost not want to join this community. I hope this can become like bitcoin, but with the freedom to discuss and mention any topic, not a mindless crusade against bitcoin, theymos, blockstream, etc.
Disclaimer
Please bear in mind I'm not a developer and I'd have problems coding "hello world!", so some things might be incorrect or plain wrong. Like any other write-up it likely contains personal biases, although I try to stay as neutral as I can. There are no decisions being made in these meetings, so if I say "everyone agrees" this means everyone present in the meeting, that's not consensus, but since a fair amount of devs are present it's a good representation. The dev IRC and mailinglist are for bitcoin development purposes. If you have not contributed actual code to a bitcoin-implementation, this is probably not the place you want to reach out to. There are many places to discuss things that the developers read, including this sub-reddit.
link to this week logs Meeting minutes by meetbot
Main topics discussed where:
Sigcache performance Performance goals for 0.12 transaction priority sigops flooding attack chain limits
Short topics/notes
Note: cfields, mcelrath and BlueMatt (and maybe more) missed the meeting because of daylight saving time.
Closing date for proposals for the scaling bitcoin workshop is the 9th.
Check to see if there are any other commits for the 0.11.2 RC. As soon as 6948 and 6825 are merged it seems good to go. We need to move fairly quick as there are already miners voting for CLTV (F2Pool). Also testnet is CLTV locked already and is constantly forking. 0.11.2 RC1 has been released as of today: https://bitcoin.org/bin/bitcoin-core-0.11.2/test/
Most of the mempool-limiting analysis assumed child-pays-for-parent, however that isn't ready for 0.12 yet, so we should think about possible abuses in context of the existing mining algorithm.
Because of time-constrains opt-in replace-by-fee has been deferred to next weeks meeting, but most people seem to want it in 0.12. sdaftuar makes a note that we need to make clear to users what they need to do if they don't want to accept opt-in transactions.
Sigcache performance
The signature cache, which is in place to increase performance (by not having to check the signature multiple times), and to mitigate some attacks currently has a default limit of 50 000 signatures. Sipa has a pull-request which proposes to: Change the limit from number of entries to megabytes Change the default to 40MB, which corresponds to 500 000 signatures Store salted hashes instead of full entries Remove entries that have been validated in a block
Sipa did benchmarks for various signature cache sizes on hitrate in blocks (how many of the cached signatures are in the block). The maximum sigcache size was 68MB, resulting in a 3% miss-rate. Some blocks though have extremely high miss rates (60%) while others have none. Likely caused by miners running different policies. Gmaxwell proposed to always run script verification for mempool transactions, even if these transactions get rejected into the mempool by the clients policy. The result of that is that even a 300MB sigcache size only gets down to 15% misses. So there's too much crap being relayed to keep any reasonable sized cache. Gmaxwell points out downsides to not checking any rejected transactions, namely: there are some DOS attacks possible, and you increase your misrate if you set a policy which is more restrictive than the typical network, which might result in a race to the bottom.
Sipa continues his work and seeks out other strategies
Performance goals for 0.12
Bitcoin-core 0.12 is scheduled for release December 1st.
Everybody likes to include secp256k1 ASAP, as it has a very large performance increase. Some people would like to include the sigcache pull-request, BIP30, modifyNewCoins and a createNewBlock rewrite if it's ready. Wumpus advises against merging last-minute performance improvements for 0.12.
Mentioned pull-requests should be reviewed, prioritizing CreateNewBlock
transaction priority
Each transaction is assigned a priority, determined by the age, size, and number of inputs. Which makes some transactions free.
Sipa thinks we should get rid of the current priority completely and replace it with a function that modifies fee or size of a transaction. There's a pull-request available that optimizes the current transaction priority, thereby avoiding the political debate that goes with changing the definition of transaction priority. Luke-jr thinks the old policy should remain possible.
Check to see if PR #6357 is safe and efficient enough.
sigops flooding attack
The number of ECDSA signature-checking operations or sigops is currently limited to 20 000 per block. This in order to prevent miners creating blocks that take ages to verify as those operations are time-consuming. You could however construct transactions that have a very high sigops count and since most miners don't take into account the sigops count they end up with very small blocks because the sigop limit is reached. This attack is described here.
Suggestion to take the number of sigops relative to the maximum blocksize into account with the total size. Meaning a 10k sigops transaction would currently be viewed as 500kB in size (for that single transaction, not towards the block). That suggestion would be easy to change in the mining code, but more invasive to try and plug that into everything that looks at feerate. This would also open up attacks on the mempool if these transactions are not evicted by mempool limiting. Luke-jr has a bytes-per-sigop limit, that filters out these attack transactions.
More analysis should be done, people seem fine with the general direction of fixing it.
chain limits
Chain in this context means connected transactions. When you send a transaction that depends on another transaction that has yet to be confirmed we talk about a chain of transactions. Miners ideally take the whole chain into account instead of just every single transaction (although that's not widely implemented afaik). So while a single transaction might not have a sufficient fee, a depending transaction could have a high enough fee to make it worthwhile to mine both. This is commonly known as child-pays-for-parent. Since you can make these chains very big it's possible to clog up the mempool this way. With the recent malleability attacks, anyone who made transactions going multiple layers deep would've already encountered huge problems doing this (beautifully explained in let's talk bitcoin #258 from 13:50 onwards) Proposal and github link.
sdaftuar's analysis shows that 40% of blocks contain a chain that exceeds the proposed limits. Even a small bump doesn't make the problem go away. Possible sources of these chains: a service paying the fees on other transactions (child-pays-for-parent), an iOS wallet that gladly spends unconfirmed change. A business confirms they use child-pays-for-parent when they receive bitcoins from an unspent chain. It is possible that these long chains are delivered to miners directly, in which case they wouldn't be affected by the proposed relay limits (and by malleability). Since this is a problem that needs to be addressed, people seem fine with merging it anyway, communicating in advance to let businesses think about how this affects them.
Merge "Policy: Lower default limits for tx chains" Morcos will mail the developer mailing list after it's merged.
Participants
morcos Alex Morcos gmaxwell Gregory Maxwell wumpus Wladimir J. van der Laan sipa Pieter Wuille jgarzik Jeff Garzik Luke-Jr Luke Dashjr phantomcircuit Patrick Strateman sdaftuar Suhas Daftuar btcdrak btcdrak jouke ??Jouke Hofman?? jtimon Jorge Timón jonasschnelli Jonas Schnelli 
Comic relief
20:01 wumpus #meetingend 20:01 wumpus #meetingstop 20:01 gmaxwell Thanks all. 20:01 btcdrak #exitmeeting 20:01 gmaxwell #nomeetingnonono 20:01 btcdrak #meedingexit 20:01 wumpus #endmeeting 20:01 lightningbot Meeting ended Thu Nov 5 20:01:29 2015 UTC. Information about MeetBot at http://wiki.debian.org/MeetBot . 20:01 btcdrak #rekt 
submitted by G1lius to btc [link] [comments]

OptionVue 8.03 - What's new and what is coming next! BITCOIN muestra signos de VIDA - Bit2Me Crypto News - 25 ... Take the Money! 10 Thialfi: A Client Notification Service for Internet-Scale Applications Far Out M3 has TONS of Back-tested Results!

SIGOS: Digital Experience - 120 Mobilfunk-Netzbetreiber aus 60 Ländern treffen sich in Nürnberg It was a small shock to the Bitcoin cash community: the planned implementation of the Hard Fork at block height 582,600 initially followed by nine The same guy who did the last exploit attack on the network is at it again. You can read an interview he did with Motherboard here . He is now using a new exploit to fake sigOps to spam the network, and it s working. The conversation around this star.. All Bitcoin News. All Bitcoin discussion. All the time. BitcoinAll. jump to content. my subreddits. edit subscriptions. popular-all-random-users AskReddit-news-funny-todayilearned-pics-gaming-aww-videos-gifs-tifu-worldnews-Showerthoughts-movies-mildlyinteresting-Jokes-science-space-OldSchoolCool-explainlikeimfive-IAmA -sports-Futurology-EarthPorn-creepy-UpliftingNews-TwoXChromosomes-Art ... Bitcoin has followed this pattern for sometime now:It dips and gets everyone scared then after retesting an old resistance several times, we wake up one day to see it has burst through. This may not mean its going to keep doing that but it spells out the fact that we all need to buy now and ride with the profit flow. Dollar cost averaging may not be the best way now to accumulate as its slow ...

[index] [18255] [43666] [20920] [28909] [27138] [19073] [39335] [11976] [44048] [24326]

OptionVue 8.03 - What's new and what is coming next!

James Hogan from OptionVue gave us an overview of their new release. He highlighted some great features and more to come. Check it out! For a free 30-day trial, click here: https://www ... Signo y definición del término Nodo en lenguaje de signos. En una red de ordenadores cada una de las máquinas es un nodo. En internet, cada servidor constituye también un nodo. Puedes ... The 15th Bitcoin Cash Development video meeting for 2019 took place on October 24 at 15:00 UTC. Participants: Amaury Séchet - Bitcoin ABC Antony Zegers - Bitcoin ABC Jason B. Cox - Bitcoin ABC ... Do you know about the FOM3? If not, you should! Listen to Dave and John talk about this easier to trade version with the normal returns of an M3 trade. Learn more at: https://www ... http://sigops.org/sosp/sosp11/current/index.html#10-adya

#