How to trace and get back my Bitcoin after being scammed ...

Technical: Taproot: Why Activate?

This is a follow-up on https://old.reddit.com/Bitcoin/comments/hqzp14/technical_the_path_to_taproot_activation/
Taproot! Everybody wants it!! But... you might ask yourself: sure, everybody else wants it, but why would I, sovereign Bitcoin HODLer, want it? Surely I can be better than everybody else because I swapped XXX fiat for Bitcoin unlike all those nocoiners?
And it is important for you to know the reasons why you, o sovereign Bitcoiner, would want Taproot activated. After all, your nodes (or the nodes your wallets use, which if you are SPV, you hopefully can pester to your wallet vendoimplementor about) need to be upgraded in order for Taproot activation to actually succeed instead of becoming a hot sticky mess.
First, let's consider some principles of Bitcoin.
I'm sure most of us here would agree that the above are very important principles of Bitcoin and that these are principles we would not be willing to remove. If anything, we would want those principles strengthened (especially the last one, financial privacy, which current Bitcoin is only sporadically strong with: you can get privacy, it just requires effort to do so).
So, how does Taproot affect those principles?

Taproot and Your /Coins

Most HODLers probably HODL their coins in singlesig addresses. Sadly, switching to Taproot would do very little for you (it gives a mild discount at spend time, at the cost of a mild increase in fee at receive time (paid by whoever sends to you, so if it's a self-send from a P2PKH or bech32 address, you pay for this); mostly a wash).
(technical details: a Taproot output is 1 version byte + 32 byte public key, while a P2WPKH (bech32 singlesig) output is 1 version byte + 20 byte public key hash, so the Taproot output spends 12 bytes more; spending from a P2WPKH requires revealing a 32-byte public key later, which is not needed with Taproot, and Taproot signatures are about 9 bytes smaller than P2WPKH signatures, but the 32 bytes plus 9 bytes is divided by 4 because of the witness discount, so it saves about 11 bytes; mostly a wash, it increases blockweight by about 1 virtual byte, 4 weight for each Taproot-output-input, compared to P2WPKH-output-input).
However, as your HODLings grow in value, you might start wondering if multisignature k-of-n setups might be better for the security of your savings. And it is in multisignature that Taproot starts to give benefits!
Taproot switches to using Schnorr signing scheme. Schnorr makes key aggregation -- constructing a single public key from multiple public keys -- almost as trivial as adding numbers together. "Almost" because it involves some fairly advanced math instead of simple boring number adding, but hey when was the last time you added up your grocery list prices by hand huh?
With current P2SH and P2WSH multisignature schemes, if you have a 2-of-3 setup, then to spend, you need to provide two different signatures from two different public keys. With Taproot, you can create, using special moon math, a single public key that represents your 2-of-3 setup. Then you just put two of your devices together, have them communicate to each other (this can be done airgapped, in theory, by sending QR codes: the software to do this is not even being built yet, but that's because Taproot hasn't activated yet!), and they will make a single signature to authorize any spend from your 2-of-3 address. That's 73 witness bytes -- 18.25 virtual bytes -- of signatures you save!
And if you decide that your current setup with 1-of-1 P2PKH / P2WPKH addresses is just fine as-is: well, that's the whole point of a softfork: backwards-compatibility; you can receive from Taproot users just fine, and once your wallet is updated for Taproot-sending support, you can send to Taproot users just fine as well!
(P2WPKH and P2WSH -- SegWit v0 -- addresses start with bc1q; Taproot -- SegWit v1 --- addresses start with bc1p, in case you wanted to know the difference; in bech32 q is 0, p is 1)
Now how about HODLers who keep all, or some, of their coins on custodial services? Well, any custodial service worth its salt would be doing at least 2-of-3, or probably something even bigger, like 11-of-15. So your custodial service, if it switched to using Taproot internally, could save a lot more (imagine an 11-of-15 getting reduced from 11 signatures to just 1!), which --- we can only hope! --- should translate to lower fees and better customer service from your custodial service!
So I think we can say, very accurately, that the Bitcoin principle --- that YOU are in control of your money --- can only be helped by Taproot (if you are doing multisignature), and, because P2PKH and P2WPKH remain validly-usable addresses in a Taproot future, will not be harmed by Taproot. Its benefit to this principle might be small (it mostly only benefits multisignature users) but since it has no drawbacks with this (i.e. singlesig users can continue to use P2WPKH and P2PKH still) this is still a nice, tidy win!
(even singlesig users get a minor benefit, in that multisig users will now reduce their blockchain space footprint, so that fees can be kept low for everybody; so for example even if you have your single set of private keys engraved on titanium plates sealed in an airtight box stored in a safe buried in a desert protected by angry nomads riding giant sandworms because you're the frickin' Kwisatz Haderach, you still gain some benefit from Taproot)
And here's the important part: if P2PKH/P2WPKH is working perfectly fine with you and you decide to never use Taproot yourself, Taproot will not affect you detrimentally. First do no harm!

Taproot and Your Contracts

No one is an island, no one lives alone. Give and you shall receive. You know: by trading with other people, you can gain expertise in some obscure little necessity of the world (and greatly increase your productivity in that little field), and then trade the products of your expertise for necessities other people have created, all of you thereby gaining gains from trade.
So, contracts, which are basically enforceable agreements that facilitate trading with people who you do not personally know and therefore might not trust.
Let's start with a simple example. You want to buy some gewgaws from somebody. But you don't know them personally. The seller wants the money, you want their gewgaws, but because of the lack of trust (you don't know them!! what if they're scammers??) neither of you can benefit from gains from trade.
However, suppose both of you know of some entity that both of you trust. That entity can act as a trusted escrow. The entity provides you security: this enables the trade, allowing both of you to get gains from trade.
In Bitcoin-land, this can be implemented as a 2-of-3 multisignature. The three signatories in the multisgnature would be you, the gewgaw seller, and the escrow. You put the payment for the gewgaws into this 2-of-3 multisignature address.
Now, suppose it turns out neither of you are scammers (whaaaat!). You receive the gewgaws just fine and you're willing to pay up for them. Then you and the gewgaw seller just sign a transaction --- you and the gewgaw seller are 2, sufficient to trigger the 2-of-3 --- that spends from the 2-of-3 address to a singlesig the gewgaw seller wants (or whatever address the gewgaw seller wants).
But suppose some problem arises. The seller gave you gawgews instead of gewgaws. Or you decided to keep the gewgaws but not sign the transaction to release the funds to the seller. In either case, the escrow is notified, and if it can sign with you to refund the funds back to you (if the seller was a scammer) or it can sign with the seller to forward the funds to the seller (if you were a scammer).
Taproot helps with this: like mentioned above, it allows multisignature setups to produce only one signature, reducing blockchain space usage, and thus making contracts --- which require multiple people, by definition, you don't make contracts with yourself --- is made cheaper (which we hope enables more of these setups to happen for more gains from trade for everyone, also, moon and lambos).
(technology-wise, it's easier to make an n-of-n than a k-of-n, making a k-of-n would require a complex setup involving a long ritual with many communication rounds between the n participants, but an n-of-n can be done trivially with some moon math. You can, however, make what is effectively a 2-of-3 by using a three-branch SCRIPT: either 2-of-2 of you and seller, OR 2-of-2 of you and escrow, OR 2-of-2 of escrow and seller. Fortunately, Taproot adds a facility to embed a SCRIPT inside a public key, so you can have a 2-of-2 Taprooted address (between you and seller) with a SCRIPT branch that can instead be spent with 2-of-2 (you + escrow) OR 2-of-2 (seller + escrow), which implements the three-branched SCRIPT above. If neither of you are scammers (hopefully the common case) then you both sign using your keys and never have to contact the escrow, since you are just using the escrow public key without coordinating with them (because n-of-n is trivial but k-of-n requires setup with communication rounds), so in the "best case" where both of you are honest traders, you also get a privacy boost, in that the escrow never learns you have been trading on gewgaws, I mean ewww, gawgews are much better than gewgaws and therefore I now judge you for being a gewgaw enthusiast, you filthy gewgawer).

Taproot and Your Contracts, Part 2: Cryptographic Boogaloo

Now suppose you want to buy some data instead of things. For example, maybe you have some closed-source software in trial mode installed, and want to pay the developer for the full version. You want to pay for an activation code.
This can be done, today, by using an HTLC. The developer tells you the hash of the activation code. You pay to an HTLC, paying out to the developer if it reveals the preimage (the activation code), or refunding the money back to you after a pre-agreed timeout. If the developer claims the funds, it has to reveal the preimage, which is the activation code, and you can now activate your software. If the developer does not claim the funds by the timeout, you get refunded.
And you can do that, with HTLCs, today.
Of course, HTLCs do have problems:
Fortunately, with Schnorr (which is enabled by Taproot), we can now use the Scriptless Script constuction by Andrew Poelstra. This Scriptless Script allows a new construction, the PTLC or Pointlocked Timelocked Contract. Instead of hashes and preimages, just replace "hash" with "point" and "preimage" with "scalar".
Or as you might know them: "point" is really "public key" and "scalar" is really a "private key". What a PTLC does is that, given a particular public key, the pointlocked branch can be spent only if the spender reveals the private key of the given public key to you.
Another nice thing with PTLCs is that they are deniable. What appears onchain is just a single 2-of-2 signature between you and the developemanufacturer. It's like a magic trick. This signature has no special watermarks, it's a perfectly normal signature (the pledge). However, from this signature, plus some datta given to you by the developemanufacturer (known as the adaptor signature) you can derive the private key of a particular public key you both agree on (the turn). Anyone scraping the blockchain will just see signatures that look just like every other signature, and as long as nobody manages to hack you and get a copy of the adaptor signature or the private key, they cannot get the private key behind the public key (point) that the pointlocked branch needs (the prestige).
(Just to be clear, the public key you are getting the private key from, is distinct from the public key that the developemanufacturer will use for its funds. The activation key is different from the developer's onchain Bitcoin key, and it is the activation key whose private key you will be learning, not the developer's/manufacturer's onchain Bitcoin key).
So:
Taproot lets PTLCs exist onchain because they enable Schnorr, which is a requirement of PTLCs / Scriptless Script.
(technology-wise, take note that Scriptless Script works only for the "pointlocked" branch of the contract; you need normal Script, or a pre-signed nLockTimed transaction, for the "timelocked" branch. Since Taproot can embed a script, you can have the Taproot pubkey be a 2-of-2 to implement the Scriptless Script "pointlocked" branch, then have a hidden script that lets you recover the funds with an OP_CHECKLOCKTIMEVERIFY after the timeout if the seller does not claim the funds.)

Quantum Quibbles!

Now if you were really paying attention, you might have noticed this parenthetical:
(technical details: a Taproot output is 1 version byte + 32 byte public key, while a P2WPKH (bech32 singlesig) output is 1 version byte + 20 byte public key hash...)
So wait, Taproot uses raw 32-byte public keys, and not public key hashes? Isn't that more quantum-vulnerable??
Well, in theory yes. In practice, they probably are not.
It's not that hashes can be broken by quantum computes --- they're still not. Instead, you have to look at how you spend from a P2WPKH/P2PKH pay-to-public-key-hash.
When you spend from a P2PKH / P2WPKH, you have to reveal the public key. Then Bitcoin hashes it and checks if this matches with the public-key-hash, and only then actually validates the signature for that public key.
So an unconfirmed transaction, floating in the mempools of nodes globally, will show, in plain sight for everyone to see, your public key.
(public keys should be public, that's why they're called public keys, LOL)
And if quantum computers are fast enough to be of concern, then they are probably fast enough that, in the several minutes to several hours from broadcast to confirmation, they have already cracked the public key that is openly broadcast with your transaction. The owner of the quantum computer can now replace your unconfirmed transaction with one that pays the funds to itself. Even if you did not opt-in RBF, miners are still incentivized to support RBF on RBF-disabled transactions.
So the extra hash is not as significant a protection against quantum computers as you might think. Instead, the extra hash-and-compare needed is just extra validation effort.
Further, if you have ever, in the past, spent from the address, then there exists already a transaction indelibly stored on the blockchain, openly displaying the public key from which quantum computers can derive the private key. So those are still vulnerable to quantum computers.
For the most part, the cryptographers behind Taproot (and Bitcoin Core) are of the opinion that quantum computers capable of cracking Bitcoin pubkeys are unlikely to appear within a decade or two.
So:
For now, the homomorphic and linear properties of elliptic curve cryptography provide a lot of benefits --- particularly the linearity property is what enables Scriptless Script and simple multisignature (i.e. multisignatures that are just 1 signature onchain). So it might be a good idea to take advantage of them now while we are still fairly safe against quantum computers. It seems likely that quantum-safe signature schemes are nonlinear (thus losing these advantages).

Summary

I Wanna Be The Taprooter!

So, do you want to help activate Taproot? Here's what you, mister sovereign Bitcoin HODLer, can do!

But I Hate Taproot!!

That's fine!

Discussions About Taproot Activation

submitted by almkglor to Bitcoin [link] [comments]

[OWL WATCH] Waiting for "IOTA TIME" 14;

Disclaimer: This is my editing, so there could be some errors, misunderstandings or exaggerations.
Waiting for "IOTA TIME " (an era where IOTA defines nearly everything in terms of the block-chain world)

niels12어제 오후 4:51
IOTA funds are public: https://thetangle.org/address/IDNAFP9FWWKYGNDMKGJWZD9GATGRPTJYTYHLKFNDEQSISPSETLZQOSPGOHC99LMPXDEHSH9XYHNVOLUBBQPCEGHYK9 But they have probably other sources of income, like funding by government etc. And maybe also other IOTA funds on other addresses. I don't know.
Balance: 59.68 Ti


David Sønstebø어제 오후 9:41
I wonder how many times an out of context 2 year old private DM has to be addressed. At the time IOTA was approaching stagnation due to the actions of primarily CFB**, thus since we both started Jinn together which lead to IOTA,** I tried repeatedly to talk sense into him. I.E. "If you are going to torpedo all progress, let's just sell it all and start from scratch, fuck it" It's a figure of speech, while trying to talk sense into someone who insists that 1 + 1 = 3.59 My tax records show when I last sold iotas. February of 2018. Now stop reading into private DMs, especially ones taken out of context and especially those leaked by someone who's proclaimed he is going to ruin IOTA and my life. You need to go back to school if you think there is anything to 'speculate' on there.


dom어제 오후 4:15
u/unsy we will release the condensed version of them once we want to. Just because you so desperately desire them for whatever reason doesn't make us do it faster. Being in this space for so fucking long, last thing I want is to attempt to act in good faith again and then be screwed over by those trying to misconstrue reality and spread lies. We've been at that for too long. Once they are fully ready, and we have them in a format we like, we will publish them.


dom어제 오후 4:16
Our objective of the finance / legal department is to become one of the most trustworthy / transparent organizations in this space. Which is why we're setting up new and stricter policies in general


dom어제 오후 4:18
quite frankly, with everything that has happened up until now, I would certainly say that we are one of the most transparent organization (if we wanted it or not) u/unsy


dom어제 오후 4:21
u/unsy I am not worried about it. If we have problems, we always solve them - I think we've proven that by now. And as it stands right now with our current funding + our strategy, we are in good hands


David Sønstebø오늘 오전 6:41
Don't worry, a shitty FUD piece in a cryptoblog is nada
[오전 6:41]
We were once numero uno target by Jeffrey Epstein funded Joi Ito's MIT DCI
[오전 6:41]
This is nothing


------------------------------------------------------------------------------------

Antonio Nardella [IF]어제 오후 11:13
IMO the community has matured a lot, we have community and certified developers working with the IF in the X-Teams, there are new people coming in with direct interest in the tech (yeah, also spec is still popular) and from the chats that I've had, there are devs waiting for the breaking changes of Chrysalis P2, before starting to develop again.. But that's my assessment..


Jelle Millenaar [IF]어제 오후 9:15
Well, I can say the DID developments are going smooth. Starting publishing the first DIDs to the Tangle ;D


Jelle Millenaar [IF]어제 오후 9:15
And since I am totally not biased towards Identity, but its gonna be revolutionary ;D


Jelle Millenaar [IF]어제 오후 10:06
This is the perfect time to loose faith in the IOTA Foundations capability to deliver, especially after the network just received a major update with many improvements. Its just crypto being crypto,


dom오늘 오전 2:12
Yeh we'll go through it. This is the usual game...


Dominik Schiener
There is more tech maturity, more adoption and more progress than ever. We are one of the only projects which gets funding from government grants and corporations. Stop the attention grabbing headlines and get your sources right.


Long field
You can track their iota address, and I can tell they didn't sell any iota tokens in last two months


HusQy
IOTA is like a large decentralized network cable that connects any number of nodes with each other and that enables data and values ​​to be exchanged with one another, whereby the data is protected against manipulation and the value transactions against double spends. Thereon ...

... you can run any decentralized application (we call this layer) - e.g. a blockchain that stores certain data for as long as you want and limits the amount of data to be saved via fees like Bitcoin. Each of these uses inherit ...

... your security from the basic protocol and can specifically only save the data that is relevant for you (also decentralized). To say that IOTA is not a DLT is in principle not that wrong - it is a platform for DLTs and therefore much more powerful than all ...

... existing DLTs because it is much more flexible. For example, you can run Hashgraph in IOTA, or Bitcoin or whatever. And IOTA is the token that connects the entire ecosystem. This is of course "not yet" the case, but Chrysalis Part 2 is the first step.​


HusQy
@blocktrainerperhaps this explanation will enable you to understand where the journey is going. If a decentralized data storage is required, then you can build it with IOTA and it then has exactly the same properties in terms of permanent storage as Bitcoin.


Block trainer
We can also get a little more technical. The way you describe it, it sounds like an interoperability layer ... something like that here, which then equates to a polkadot etc.
📷

HusQy
In principle yes, only that it doesn't connect Bitcoin and ETH but "IOTA Smart Contracts" with "IOTA Storage" etc. It is not there to connect other projects but to offer the same as other projects, only faster and cheaper.

-------------------------------------------------------------------------------

Bitcoin Coach
And in 5 years there will be a completely new project, which then claims to be better than IOTA. And then should all the infrastructure be thrown overboard and the partners simply change the DLT?


HusQy
This is how technology works. It makes no sense to run the Internet on the basis of 64k modems just because many people have one at home. The change does not take place overnight but creeping and if you look at the BTC Dominance you can see that too.

Ultimately, everything will switch to the best technology and we'll see which that is :)


Block trainer
The "best" must also be defined. What are the classes to master?


HusQy
All classes. If there is a technology that can represent even one aspect better, then it is not yet good enough. Blockchain, for example, is a "degenerate" DAG with only one reference. The goal is that IOTA can also use blockchains if the use case requires it.


HusQy
The future is not "either DAG or blockchain" but both seamlessly linked within the same ecosystem. IOTA smart contracts use a blockchain, for example, but a separate chain for each smart contract and the blockchain is within the tangle.

Block trainer
According to the new definition, they are no longer saved ... A doublespent could change the reference retrospectively.


HusQy
That's not quite true. The tangle itself contains all information for all eternity and you cannot remove any information. Once the data has reached a certain age, it is no longer stored by every node in the network. But you can still ...

... still prove what happened in the part of the tangle that was "forgotten" by the nodes after a certain time. Now there are two ways to keep this evidence: 1. You save the evidence personally and can present it at any time. 2. Man ...​​

... writes a plug-in for the node, which monitors the Tangle for information of a certain type and keeps a copy of all car purchase-related data forever (or for at least 30 years, for example). All dealerships could then install this plugin and ...

... jointly store this data decentrally in order to query the information if necessary. However, you would only selectively save the data that interests you. The evidence they produce can still be verified by any node on the network.​​

If the server of a car dealership fails, it can download the data again from one of the other dealerships. Quasi like an application-related private blockchain which is secured by the Tangle. It is also conceivable that there are service providers for this ...

----------------------------------------------------------------------------------


HusQy
Data is only kept immutable. How do you intend to execute a token transaction over pure data? I'm simply sending the following two data transactions at the same time: 1. I'm sending $ 100 from address A to address B. 2. I'm sending $ 100 from address A to address C.


HusQy
In order to determine which transaction is successful / came first, you need consensus. Data transactions do not allow token transfer.


Block trainer
Why doesn't that allow token transfer? I can simply use it to sign my values. The question is about the meaning of the token. I can also sign that I have transferred € 10 for the petrol station. Or I transmit the proof via curled BTC ...


HusQy
Did I just describe you can publish two conflicting data transactions and no one knows which is the correct one: P


Block trainer
Unless you agree on a consensus. Time stamp + BTC (locked) in hash = value transmitted ... What else is the IOTA token for?


HusQy
Whether information is correct can only be seen in the context. Take a look at the difference between "data" and "information". For example, you can claim that you locked Bitcoin even though it didn't.


Block trainer
I may need a proof of this. See how, for example, BTC is unlocked in liquid or in the LN. The IOTA data layer is extremely similar to the principle of Lightning. Accordingly, the sending of tokens would be possible here, which means that I see the use case of the IOTA coin at risk


HusQy
Such a proof is impossible. The reason why this works with LN nodes is because LN nodes are Bitcoin nodes that know what is happening in the Bitcoin network and have "information" and not just "data": P What you are describing is technically impossible.


Block trainer
Data = information What can the LN not, what IOTA can sometimes?


HusQy
That's not rubbish. There is a huge difference between data and information, and inter-chain transactions are not possible because of that very difference. LN won't work - there are too many game theory problems: P​

--------------------------------------------------------------------------------------------

Dominik Schiener
There is more tech maturity, more adoption and more progress than ever. We are one of the only projects which gets funding from government grants and corporations. Stop the attention grabbing headlines and get your sources right.


Dominik Schiener
As an innovation leader in Europe, I certainly say we deserve to get grants. There is a below 7% success chance usually. And yes, everything is fully audited (by externals ofc), showing clearly how and that the money was used in achieving the milestones of the grant.

----------------------------------------------------------------------------------------------------------------------------------
submitted by btlkhs to Iota [link] [comments]

[ Bitcoin ] Technical: Taproot: Why Activate?

Topic originally posted in Bitcoin by almkglor [link]
This is a follow-up on https://old.reddit.com/Bitcoin/comments/hqzp14/technical_the_path_to_taproot_activation/
Taproot! Everybody wants it!! But... you might ask yourself: sure, everybody else wants it, but why would I, sovereign Bitcoin HODLer, want it? Surely I can be better than everybody else because I swapped XXX fiat for Bitcoin unlike all those nocoiners?
And it is important for you to know the reasons why you, o sovereign Bitcoiner, would want Taproot activated. After all, your nodes (or the nodes your wallets use, which if you are SPV, you hopefully can pester to your wallet vendoimplementor about) need to be upgraded in order for Taproot activation to actually succeed instead of becoming a hot sticky mess.
First, let's consider some principles of Bitcoin.
I'm sure most of us here would agree that the above are very important principles of Bitcoin and that these are principles we would not be willing to remove. If anything, we would want those principles strengthened (especially the last one, financial privacy, which current Bitcoin is only sporadically strong with: you can get privacy, it just requires effort to do so).
So, how does Taproot affect those principles?

Taproot and Your /Coins

Most HODLers probably HODL their coins in singlesig addresses. Sadly, switching to Taproot would do very little for you (it gives a mild discount at spend time, at the cost of a mild increase in fee at receive time (paid by whoever sends to you, so if it's a self-send from a P2PKH or bech32 address, you pay for this); mostly a wash).
(technical details: a Taproot output is 1 version byte + 32 byte public key, while a P2WPKH (bech32 singlesig) output is 1 version byte + 20 byte public key hash, so the Taproot output spends 12 bytes more; spending from a P2WPKH requires revealing a 32-byte public key later, which is not needed with Taproot, and Taproot signatures are about 9 bytes smaller than P2WPKH signatures, but the 32 bytes plus 9 bytes is divided by 4 because of the witness discount, so it saves about 11 bytes; mostly a wash, it increases blockweight by about 1 virtual byte, 4 weight for each Taproot-output-input, compared to P2WPKH-output-input).
However, as your HODLings grow in value, you might start wondering if multisignature k-of-n setups might be better for the security of your savings. And it is in multisignature that Taproot starts to give benefits!
Taproot switches to using Schnorr signing scheme. Schnorr makes key aggregation -- constructing a single public key from multiple public keys -- almost as trivial as adding numbers together. "Almost" because it involves some fairly advanced math instead of simple boring number adding, but hey when was the last time you added up your grocery list prices by hand huh?
With current P2SH and P2WSH multisignature schemes, if you have a 2-of-3 setup, then to spend, you need to provide two different signatures from two different public keys. With Taproot, you can create, using special moon math, a single public key that represents your 2-of-3 setup. Then you just put two of your devices together, have them communicate to each other (this can be done airgapped, in theory, by sending QR codes: the software to do this is not even being built yet, but that's because Taproot hasn't activated yet!), and they will make a single signature to authorize any spend from your 2-of-3 address. That's 73 witness bytes -- 18.25 virtual bytes -- of signatures you save!
And if you decide that your current setup with 1-of-1 P2PKH / P2WPKH addresses is just fine as-is: well, that's the whole point of a softfork: backwards-compatibility; you can receive from Taproot users just fine, and once your wallet is updated for Taproot-sending support, you can send to Taproot users just fine as well!
(P2WPKH and P2WSH -- SegWit v0 -- addresses start with bc1q; Taproot -- SegWit v1 --- addresses start with bc1p, in case you wanted to know the difference; in bech32 q is 0, p is 1)
Now how about HODLers who keep all, or some, of their coins on custodial services? Well, any custodial service worth its salt would be doing at least 2-of-3, or probably something even bigger, like 11-of-15. So your custodial service, if it switched to using Taproot internally, could save a lot more (imagine an 11-of-15 getting reduced from 11 signatures to just 1!), which --- we can only hope! --- should translate to lower fees and better customer service from your custodial service!
So I think we can say, very accurately, that the Bitcoin principle --- that YOU are in control of your money --- can only be helped by Taproot (if you are doing multisignature), and, because P2PKH and P2WPKH remain validly-usable addresses in a Taproot future, will not be harmed by Taproot. Its benefit to this principle might be small (it mostly only benefits multisignature users) but since it has no drawbacks with this (i.e. singlesig users can continue to use P2WPKH and P2PKH still) this is still a nice, tidy win!
(even singlesig users get a minor benefit, in that multisig users will now reduce their blockchain space footprint, so that fees can be kept low for everybody; so for example even if you have your single set of private keys engraved on titanium plates sealed in an airtight box stored in a safe buried in a desert protected by angry nomads riding giant sandworms because you're the frickin' Kwisatz Haderach, you still gain some benefit from Taproot)
And here's the important part: if P2PKH/P2WPKH is working perfectly fine with you and you decide to never use Taproot yourself, Taproot will not affect you detrimentally. First do no harm!

Taproot and Your Contracts

No one is an island, no one lives alone. Give and you shall receive. You know: by trading with other people, you can gain expertise in some obscure little necessity of the world (and greatly increase your productivity in that little field), and then trade the products of your expertise for necessities other people have created, all of you thereby gaining gains from trade.
So, contracts, which are basically enforceable agreements that facilitate trading with people who you do not personally know and therefore might not trust.
Let's start with a simple example. You want to buy some gewgaws from somebody. But you don't know them personally. The seller wants the money, you want their gewgaws, but because of the lack of trust (you don't know them!! what if they're scammers??) neither of you can benefit from gains from trade.
However, suppose both of you know of some entity that both of you trust. That entity can act as a trusted escrow. The entity provides you security: this enables the trade, allowing both of you to get gains from trade.
In Bitcoin-land, this can be implemented as a 2-of-3 multisignature. The three signatories in the multisgnature would be you, the gewgaw seller, and the escrow. You put the payment for the gewgaws into this 2-of-3 multisignature address.
Now, suppose it turns out neither of you are scammers (whaaaat!). You receive the gewgaws just fine and you're willing to pay up for them. Then you and the gewgaw seller just sign a transaction --- you and the gewgaw seller are 2, sufficient to trigger the 2-of-3 --- that spends from the 2-of-3 address to a singlesig the gewgaw seller wants (or whatever address the gewgaw seller wants).
But suppose some problem arises. The seller gave you gawgews instead of gewgaws. Or you decided to keep the gewgaws but not sign the transaction to release the funds to the seller. In either case, the escrow is notified, and if it can sign with you to refund the funds back to you (if the seller was a scammer) or it can sign with the seller to forward the funds to the seller (if you were a scammer).
Taproot helps with this: like mentioned above, it allows multisignature setups to produce only one signature, reducing blockchain space usage, and thus making contracts --- which require multiple people, by definition, you don't make contracts with yourself --- is made cheaper (which we hope enables more of these setups to happen for more gains from trade for everyone, also, moon and lambos).
(technology-wise, it's easier to make an n-of-n than a k-of-n, making a k-of-n would require a complex setup involving a long ritual with many communication rounds between the n participants, but an n-of-n can be done trivially with some moon math. You can, however, make what is effectively a 2-of-3 by using a three-branch SCRIPT: either 2-of-2 of you and seller, OR 2-of-2 of you and escrow, OR 2-of-2 of escrow and seller. Fortunately, Taproot adds a facility to embed a SCRIPT inside a public key, so you can have a 2-of-2 Taprooted address (between you and seller) with a SCRIPT branch that can instead be spent with 2-of-2 (you + escrow) OR 2-of-2 (seller + escrow), which implements the three-branched SCRIPT above. If neither of you are scammers (hopefully the common case) then you both sign using your keys and never have to contact the escrow, since you are just using the escrow public key without coordinating with them (because n-of-n is trivial but k-of-n requires setup with communication rounds), so in the "best case" where both of you are honest traders, you also get a privacy boost, in that the escrow never learns you have been trading on gewgaws, I mean ewww, gawgews are much better than gewgaws and therefore I now judge you for being a gewgaw enthusiast, you filthy gewgawer).

Taproot and Your Contracts, Part 2: Cryptographic Boogaloo

Now suppose you want to buy some data instead of things. For example, maybe you have some closed-source software in trial mode installed, and want to pay the developer for the full version. You want to pay for an activation code.
This can be done, today, by using an HTLC. The developer tells you the hash of the activation code. You pay to an HTLC, paying out to the developer if it reveals the preimage (the activation code), or refunding the money back to you after a pre-agreed timeout. If the developer claims the funds, it has to reveal the preimage, which is the activation code, and you can now activate your software. If the developer does not claim the funds by the timeout, you get refunded.
And you can do that, with HTLCs, today.
Of course, HTLCs do have problems:
Fortunately, with Schnorr (which is enabled by Taproot), we can now use the Scriptless Script constuction by Andrew Poelstra. This Scriptless Script allows a new construction, the PTLC or Pointlocked Timelocked Contract. Instead of hashes and preimages, just replace "hash" with "point" and "preimage" with "scalar".
Or as you might know them: "point" is really "public key" and "scalar" is really a "private key". What a PTLC does is that, given a particular public key, the pointlocked branch can be spent only if the spender reveals the private key of the given private key to you.
Another nice thing with PTLCs is that they are deniable. What appears onchain is just a single 2-of-2 signature between you and the developemanufacturer. It's like a magic trick. This signature has no special watermarks, it's a perfectly normal signature (the pledge). However, from this signature, plus some datta given to you by the developemanufacturer (known as the adaptor signature) you can derive the private key of a particular public key you both agree on (the turn). Anyone scraping the blockchain will just see signatures that look just like every other signature, and as long as nobody manages to hack you and get a copy of the adaptor signature or the private key, they cannot get the private key behind the public key (point) that the pointlocked branch needs (the prestige).
(Just to be clear, the public key you are getting the private key from, is distinct from the public key that the developemanufacturer will use for its funds. The activation key is different from the developer's onchain Bitcoin key, and it is the activation key whose private key you will be learning, not the developer's/manufacturer's onchain Bitcoin key).
So:
Taproot lets PTLCs exist onchain because they enable Schnorr, which is a requirement of PTLCs / Scriptless Script.
(technology-wise, take note that Scriptless Script works only for the "pointlocked" branch of the contract; you need normal Script, or a pre-signed nLockTimed transaction, for the "timelocked" branch. Since Taproot can embed a script, you can have the Taproot pubkey be a 2-of-2 to implement the Scriptless Script "pointlocked" branch, then have a hidden script that lets you recover the funds with an OP_CHECKLOCKTIMEVERIFY after the timeout if the seller does not claim the funds.)

Quantum Quibbles!

Now if you were really paying attention, you might have noticed this parenthetical:
(technical details: a Taproot output is 1 version byte + 32 byte public key, while a P2WPKH (bech32 singlesig) output is 1 version byte + 20 byte public key hash...)
So wait, Taproot uses raw 32-byte public keys, and not public key hashes? Isn't that more quantum-vulnerable??
Well, in theory yes. In practice, they probably are not.
It's not that hashes can be broken by quantum computes --- they're still not. Instead, you have to look at how you spend from a P2WPKH/P2PKH pay-to-public-key-hash.
When you spend from a P2PKH / P2WPKH, you have to reveal the public key. Then Bitcoin hashes it and checks if this matches with the public-key-hash, and only then actually validates the signature for that public key.
So an unconfirmed transaction, floating in the mempools of nodes globally, will show, in plain sight for everyone to see, your public key.
(public keys should be public, that's why they're called public keys, LOL)
And if quantum computers are fast enough to be of concern, then they are probably fast enough that, in the several minutes to several hours from broadcast to confirmation, they have already cracked the public key that is openly broadcast with your transaction. The owner of the quantum computer can now replace your unconfirmed transaction with one that pays the funds to itself. Even if you did not opt-in RBF, miners are still incentivized to support RBF on RBF-disabled transactions.
So the extra hash is not as significant a protection against quantum computers as you might think. Instead, the extra hash-and-compare needed is just extra validation effort.
Further, if you have ever, in the past, spent from the address, then there exists already a transaction indelibly stored on the blockchain, openly displaying the public key from which quantum computers can derive the private key. So those are still vulnerable to quantum computers.
For the most part, the cryptographers behind Taproot (and Bitcoin Core) are of the opinion that quantum computers capable of cracking Bitcoin pubkeys are unlikely to appear within a decade or two.
So:
For now, the homomorphic and linear properties of elliptic curve cryptography provide a lot of benefits --- particularly the linearity property is what enables Scriptless Script and simple multisignature (i.e. multisignatures that are just 1 signature onchain). So it might be a good idea to take advantage of them now while we are still fairly safe against quantum computers. It seems likely that quantum-safe signature schemes are nonlinear (thus losing these advantages).

Summary

I Wanna Be The Taprooter!

So, do you want to help activate Taproot? Here's what you, mister sovereign Bitcoin HODLer, can do!

But I Hate Taproot!!

That's fine!

Discussions About Taproot Activation

almkglor your post has been copied because one or more comments in this topic have been removed. This copy will preserve unmoderated topic. If you would like to opt-out, please send a message using [this link].
[deleted comment]
[deleted comment]
[deleted comment]
submitted by anticensor_bot to u/anticensor_bot [link] [comments]

I have been watching you for a while, you know. Wasn't sure whether to invest, but now I know that I must? (FUSION. Could have also prevented the Statera balancer hack?)

So this project caught my (and probably many other people's) attention at least once last year. Especially after the foundation had some of its funds stolen which saw the token's price tank massively. I kind of forgot about it until seeing it being veeeery low-key mentioned on TG again recently and it appears to have 5xed over the last few months, essentially returning back to its old price level, while still being relatively low cap. Also sitting nicely next to LTO (another actually professional, albeit slow-burning, project) on https://coinstats.network/, rising rapidly throughout the ranks over the last weeks. (The top three performers at the time of this post are VeChain, LTO, and FSN, as you can see at the right top.)
 
 
Anyway... I did some digging, and frankly, I feel like simply quoting Dejun Qian (leader of Fusion and also founder of BitSE, which later enabled the rise of VeChain), because he does an overall decent enough job at explaining the general gist behind Fusion -- a blockchain designed in particular with decentralized finance (DEFI) in mind:
 
 
Whereas...
 
 
...most of which (Time-Lock, DCRM and Quantum Swap) are patented. Although it should also be mentioned how the Telegram frequently questions the ability to enforce these patents. And depending on your personal outlook in regards to patents in the cryptospace, you could generally consider this a big negative point. Or, if you only care about money, a very positive one. With the latter likely aligning more with this sub's interests.
 
Anyway... Time-locking simply refers to you locking in any type of asset (real or digital) and then being able to lend it for some set amount of time (time-slice) without giving up ownership. This could have been useful in preventing, for example, the Statera Balancer hack, since you merely give up access to your asset for a certain amount of time while still retaining ownership yourself. E.g. you could have granted the Balancer 3 months of access to your assets. Whereas, had your assets been stolen by a bad actor within this time-frame as it happend in the Statera/Balancer case, you would still have received all of your assets back after these 3 months passed. No assets would have been lost on your end. So this mechanism, patented by Fusion, adds additional security. (Their Ticketed Proof of Stake (TPoS) mechanism works the same way -- You never risk actually losing your tokens forever. https://www.youtube.com/watch?v=FX57OwpNNMA )(Also: You are also free to correct me in case this doesn't actually work with Balancer's mechanics.)
 
In general, the borrowing of the (front end; now to some point in the future) time-slice finds application in finance what bonds, futures, options, etc is concerned, again making fusion a great choice for DEFI. To again cite Qian:
 
 
(If you're into this stuff, it's easy to just search for words such as "factoring" or "bank draft" or "clearing house" in the official Telegram channel https://t.me/FUSIONFoundation . Also in relationship to upcoming and borrowed FSN tokens, which can be combined to form whole FSN tokens.)
 
Another more concrete use-case would be, for example, the granting of access to a house's or car's digital lock without giving up direct ownership of these assets for a certain amount of time, after which said access will be returned to its owner. Additionally, it's also possible to resell parts of this access in case you no longer have any use for it. (E.g. if you license a software for 6 months, but suddenly decide to no longer have any use for it after a mere 2 months, you can resell the remaining 4 months that are left.)
 
 
Also worthy of mention might be some of the bigger Fusion-related DEFI (hype!) projects being built on the Fusion blockchain:
 
  • WeDefi, which aims to be, or allows for users to act as, a kind of decentralized bank; stream-lining lending/borrowing and other kinds of DEFI; will come as APP to the IOS and Play-Store for the Smartphone soon.
  • SMPCwallet. Will include DCRM dapps such as a multichain DEX, a multicustodial wallet, etc (fixing problems related to key exposure mentioned by Vitalik in an AMA linked later in this post)
  • Anyswap, a cross-chain/interoperability version of Uniswap. Qian suggests that it could in the future also serve a function similar to Compound, letting you pick up a collateral in exchange for the provision of liquidity. (Built on SMPCwallet AFAIK; a recent post shilling it here -> https://old.reddit.com/CryptoMoonShots/comments/hprd2p/anyswap_a_completely_decentralized_swap_exchange/)
  • An auto-loan platform by AXP
  • Realio and YAD Capital issuing digitized assets to be tokenized on the FSN blockchain. Meaning securities, etc. Currently they're trying to raise a $5mm tokenized fund. (Also worth mentioning here is that SolidX, who have experience and SEC connections working on a Bitcoin ETF, are part of Fusion's DCRM Alliance)
  • And more. https://www.fusion.org/partnerships hovering over the links gives some input. xDLT is built on fusion, for instance, offering an interoperable form of etherscan. (To my understanding...)
 
Then here's a great AMA you should read: https://fsnfeed.com/2020/05/23/on-23st-of-may-2020-dj-qian-ceo-of-fusion-foundation-had-a-live-ama-session-with-kevin-of-ama-series-stayhome/
 
And if you want to try out Fusion, you can sign up at WeDefi and play around with borrowed tokens and even earn full tokens by doing so. Take note, however, that only full tokens may be staked, should you plan to do so. ( https://www.wedefi.com/faq )
 
 
As for the FSN token value, it would appreciate simply by virtue of gas fees, staking, DCRM which can be licensed in exchange for 800k FSN, potential applications of time-locking relative to assets and the Fusion token (looking at safebet, for instance), etc... as Fusion is adopted. The staking ROI is currently at 23%. (I can't really make a prediction about the token's value development here, since the entire system and the potential applications really exceed my knowledge. And, being crypto, odds are that putting a price on it might be impossible for just about anyone.)
 
The best way of storing FSN is whallet, which can be used in conjunction with your Ledger's Ethereum app. (MyFusionWallet was experiencing synchronization problems the other day, but seems to be working perfectly fine again as of the time of this post.)
 
 
A relatively big negative point frequently mentioned by the community is the lack of marketing and the team losing its first-mover advantage, which is a concern the Fusion team has recently tried to address. As REN, for instance, which allows for but a portion of Fusion's use case such as an allegedly inferior version of DCRM and dark pools/clearing houses (and according to the Fusion community of course worse), has recently gone on a small bullrun of its own. Much to the chagrin of disillusioned Fusion bagholders. And I've personally also seen TrustSwap make an appearance, which appears to aim for the creation of a crosschain version of UniSwap much akin to AnySwap. (I'm not 100% sure about this, however.)
 
If you have any personal opinions, you are free to share them. Maybe you consider it obsolete in the future, especially if we do end up in a "one chain takes all" scenario? Alternatively you could be holding the belief that it can moon simply due to the #defi hype? Perhaps there's not enough marketing on the team's part? Or is FSN really under the radar, being ignored (and thus massively undervalued) for the time being only because the features offered by FSN are not yet fully appreciated in the still fledgling DEFI space, with ETH simply not being suitable for DEFI, and FSN suddenly making an appearance in the top 35 without anyone having noticed? Etc? Any disgruntled bagholders here who want to vent or add something I forgot? Now's your chance.
 
 
P.S.: All this is probably also a relatively superficial explaination that doesn't capture the project's value in a way people like Qian could explain it, especially what the use of time-slices (both front and back, and their combination), the long-term renting and valuation of front-slices, and the number of financial applications, is concerned... but I hope it serves as a good general overview, also what references to other DEFI projects is concerned. And it has taken off a bit recently, like many projects in this mini-bull run. So some people may no longer consider it low cap. But I'm still gonna post it so it doesn't go to waste. Lol. At the very least it might serve as general overview. That and the sub rules state "cryptos out of the top 100.")
 
Also disclaimer: I am holding a decently sized bag myself. (And I really hoped it wouldn't cross 70 cent so "soon," all things considered...)
submitted by sotaponi to CryptoMoonShots [link] [comments]

Epic Cash AMA Recap with CryptoDiffer Community

CryptoDiffer team Hello, everyone! We are glad to meet here: Max Freeman (@maxfreeman4), Project Lead at Epic Cash Yoga Dude (@Yogadude), PR&Marketing at Epic Cash Xenolink (@Xenolink), Advisor at Epic Cash
Max Freeman Project Lead at Epic Cash Thanks Max, we are excited to be here!
Yoga Dude PR&Marketing at Epic Cash Hello Everyone! Thank you for having us here!
Xenolink Advisor at Epic Cash Thank you to the CryptoDiffer team and CryptoDiffer community for hosting us!
CryptoDiffer team Let`s start from the first introduction question: Q1: Can you introduce yourself to the community? What is your background and how did you join Epic Cash?
Yoga Dude PR&Marketing at Epic Cash
Hello! My background is Marketing and Business Development, I’ve been in crypto since 2011 started with Bitcoin, then Monero in 2014, Ethereum in 2015 and at some point Doge for fun and profit. I joined Epic Cash team in September 2019 handling PR and Marketing.
I saw in Epic Cash what was missing in my previous cryptos — things that were missing in Bitcoin and Monero especially.
Xenolink Advisor at Epic Cash
Hello Cryptodiffer Community, I am not an original co-founder nor am I a developer for the Epic Cash project. I am however a community member that is involved in helping scale this project to higher levels. One of the many beauties of Epic Cash is that every single member in the community has the opportunity to be part of EPIC’s team, it can be from development all the way to content producing. Epic Cash is a community driven project. The true Core Team of Epic Cash is our community. I believe a community that is the Core Team is truly powerful. EPIC Cash has one of the freshest and strongest communities I have seen in quite a while. Which is one of the reasons why I became involved in this project. Epic displayed some of the most self community produced content I have seen in a project. I’m actually a doctor of medicine but in terms of my experience in crypto, I have been involved in the industry since 2012 beginning with mining Litecoin. Since then I have been doing deep dive analysis on different projects, investing, and building a network in crypto that I will utilize to help connect and scale Epic in every way I can. To give some credit to those people in my network that have been a part of helping give Epic exposure, I would like to give a special thanks to u/Tetsugan and u/Saurabhblr. Tetsugan has been doing a lot of work for the Japanese community to penetrate the Japanese market, and Japan has already developed a growing interest in Epic. Daku Sarabh the owner and creator of Crypto Daku Robinhooders, I would like to thank him and his community for giving us one of our first large AMA’s, which he has supported our project early and given us a free AMA. Many more to thank but can’t be disclosed. Also thank you to all the Epic Community leaders, developers, and Content producers!
Max Freeman Project Lead at Epic Cash
I’m Max Freeman, which stands for “Maximum Freedom for Mankind”. I started working on the ideas that would become Epic in 2018. I fell in love with Bitcoin in 2017 but realized that it needs privacy at the base layer, fungibility, better scalability in order to go to the next level.
CryptoDiffer team
Really interesting backgrounds I must admit, pleasure to see the team that clearly has one vision of the project by being completely decentralized:)
Q2: Can you briefly describe what is Epic Cash in 3–5 sentences? What technology stands behind Epic Cash and why it’s better than the existing one?
Max Freeman Project Lead at Epic Cash
I’d like to highlight the differences between Epic and the two highest-valued privacy coin projects, Monero and Zcash. XMR has always-on privacy like Epic does, but at a cost: Its blockchain is over 20x more data intensive than Epic, which limits its possibilities for scalability. Epic’s blockchain is small and light enough to run a full node on cell phones, something that is in our product road map. ZEC by comparison can’t run on low end devices because of its zero knowledge based approach, and only 1% of transactions are fully private. Epic is simply newer, more advanced technology than prior networks thanks to Mimblewimble
We will also add more algorithms to widen the range of hardware that can participate in mining. For example, cell phones and tablets based around ARM chips. Millions of people can mine Epic that can’t mine Bitcoin, and that will help grow the network rapidly.
There are some great short videos on our YouTube channel https://www.youtube.com/channel/UCQBFfksJlM97rgrplLRwNUg/videos
that explain why we believe we have created something truly special here.
Our core architecture derives from Grin, so we are fortunate to benefit on an ongoing basis from their considerable development efforts. We are focused on making our currency truly usable and widely available, beyond a store of value and becoming a true medium of exchange.
Yoga Dude PR&Marketing at Epic Cash
Well we all have our views, but in a nutshell, we offer things that were missing in the previous cryptos. We have sound fiscal emission schedule matching Bitcoin, but we are vastly more private and faster. Our blockchain is lighter than Bitcoin or Monero and our tech is more scalable. Also, we are unique in that we are mineable with CPUs and GPUs as well as ASICs, giving the broadest population the ability to mine Epic Cash. Plus, you can’t forget FUNGIBILITY 🙂 we are big on that — since you can’t have true privacy without fungibility.
Also, please understand, we have HUGE respect to all the cryptos that came before us, we learned a lot from them, and thanks to their mistakes we evolved.
Xenolink Advisor at Epic Cash
To add on, what also makes Epic Cash unique is the ability to decentralize the mining using a tri-algo model of Random X (CPU), Progpow (GPU), and Cuckoo (ASIC) for an ability to do hybrid mining. I believe this is an issue we can see today in Bitcoin having centralized mining and the average user has a costly barrier of entry.
To follow up on this one in my opinion one of the things we adopted that we have seen success for , in example Bitcoin and Monero, is a strong community driven coin. I believe having a community driven coin will provide a more organic atmosphere especially when starting with No ICO, or Premine with a fair distribution model for everyone.
CryptoDiffer team
Q3: What are the major milestones Epic Cash has achieved so far? Maybe you can share with us some exciting plans for future weeks/months?
Yoga Dude PR&Marketing at Epic Cash
Since we went live in September of 2019, we attracted a very large community of users, miners, investors and contributors from across the world. Epic Cash is a very international project with white papers translated into over 30 languages. We are very much a community driven project; this is very evident from our content and the amount of translations in our white papers and in our social media content.
We are constantly working on improving our usability, security and privacy, as well as getting our message and philosophy out into the world to achieve mass adoption. We have a lot of exciting plans for our project, the plan is to make Epic Cash into something that is More than Money.
You can tell I am the Marketing guy since my message is less about the actual tech and more about the usability and use cases for Epic Cash, I think our Team and Community have a great mix of technical, practical, social and fiscal experiences. Since we opened our YouTube channels content for community submissions, we have seen our content translated into Spanish, French, German, Polish, Chinese, Japanese, Arabic, Russian, and other languages
Max Freeman Project Lead at Epic Cash
Our future development roadmap will be published soon and includes 4 tracks:
Usability
Mining
Core Protocol
Ecosystem Development
Core Protocol
Epic Server 2.9.0 — this release improves the difficulty adjustment and is aimed at making block emission closer to the target 60 seconds, particularly reducing the incidence of extremely short and long blocks — Status: In Development (Testing) Anticipated Release: June 2020
Epic Server 3.0.0 — this completes the rebase to Grin 3.0.0 and serves as the prerequisite to some important functional building blocks for the future of the ecosystem. Specifically, sending via Tor (which eliminates the need to open ports), proof of payment (useful for certain dex applications e.g. Bisq), and our native mobile app. Status: In Development (Testing) Anticipated Release: Fall 2020
Non-Interactive Transactions — this will enhance usability by enabling “fire and forget” send-to-address functionality that users are accustomed to from most cryptocurrencies. Status: Drawing Board Anticipated Release: n/a
Scaling Options — when blocks start becoming full, how will we increase capacity? Two obvious options are increasing the block size, as well as a Lightning Network-style Layer 2 structure. Status: Drawing Board Anticipated Release: n/a
Confidential Assets — Similar to Raven, Tari, and Beam, the ability to create independently tradable assets that ride on the Epic Blockchain. Status: Drawing Board Anticipated Release: n/a
Usability
GUI Wallet 2.0 — Restore from seed words and various usability enhancements — Status: Needs Assessment Anticipated Release: Fall 2020
Mobile App — Native mobile experience for iOS and Android. Status: In Development (Testing) Anticipated Release: Winter 2020
Telegram Integration — Anonymous payments over the Telegram network, bot functionality for groups. Status: Drawing Board Anticipated Release: n/a
Mining
RandomX on ARM — Our 4th PoW algorithm, this will enable tablets, cell phones, and low power devices such as Raspberry Pi to participate in mining. Status: Needs Assessment Anticipated Release: n/a
The economics of mining Epic are extremely compelling for countries that have free or extremely cheap electricity, since anyone with an ordinary PC can mine. Individual people around the world can simply run the miner and earn meaningful money (imagine Venezuela for example), something that has not been possible since the very early days of Bitcoin.
Ecosystem Development
Atomic Swaps — Connecting Epic to other blockchains in a trustless way, starting with ETH so that Epic can trade on DeFi infrastructure such as Uniswap, Kyber, etc. Status: Drawing Board Anticipated Release: n/a
Xenolink Advisor at Epic Cash
From the Community aspect, we have been further developing our community international reach. We have been seeing an increase in interest from South America, China, Russia, Japan, Italy, and the Philippines. We are working on targeting more countries. We truly aim to be a decentralized project that is open to everyone worldwide.
CryptoDiffer team
Great, thank you for your answers, we now can move to community questions part!
Cryptodiffer Community
You have 3 mining algorithms, the question is: how do they not compete with each other? Is there any benefit of mining on the GPU and CPU if someone is mining on the ASIC?
Max Freeman Project Lead at Epic Cash
The block selection is deterministic, so that every 100 blocks, 60% are for RandomX (CPU), 38% for ProgPow (GPU), and 2% for Cuckoo (ASIC) — the policy is flexible so that we can have as many algorithms with any percentages we want. The goal is to make the most decentralized and resilient network possible, and with that in mind we are excited to work on enabling tablets and cell phones to mine, since that opens it up to millions of people that otherwise can’t take part.
Cryptodiffer Community
To Run a project smoothly, Funding is very important, From where does the Funding/revenue come from?
Xenolink Advisor at Epic Cash
Yes, early on this was realized and in order to scale a project funds are indeed needed. Epic Cash did not start with any funding and no ICO and was organically genesis mined with no pre-mine. Epic cash is also a nonprofit community driven project similar to Monero. There is no profit-driven entity in the picture. To overcome the revenue issue Epic Cash setup a development fund tax that decreases 1% every year until 2028 when Epic Cash reaches singularity with Bitcoin emissions. Currently it is at 7.77%. This will help support the scaling of the project.
Cryptodiffer Community
Hi! In your experience working also with MONERO can you please clarify which are those identified problems that EPIC CASH aims to develop and resolve? What’s the main advantage that EPIC CASH has over MONERO? Thank you!
Yoga Dude PR&Marketing at Epic Cash
First, I must admit that I am still a huge fan and HODLer of Monero. That said:
✅ our blockchain is MUCH lighter than Monero’s
✅ our transaction processing speed is much faster
✅ our address-less blockchain is more private
✅ Epic Cash can be mined with CPU (RandomX) GPU (ProgPow) and Cuckoo, whereas Monero migrated to RandomX and currently only mineable with CPU
Cryptodiffer Community
  1. the feature ‘Cut Through’ deletes old data, how is it decided which data will be deletes, and what are the consequences of it for the platform and therefore the users?
  2. On your website I see links to download Epic wallet and mining software for Linux,Windows and MacOs, I am a user of android, is there a version for me, or does it have a release date?
Max Freeman Project Lead at Epic Cash
  1. This is one of the most exciting features of Mimblewimble, which is its extraordinary ability to compress blockchain data. In Bitcoin, the entire history of a coin must be replayed every time it is spent, and comprehensive details are permanently stored in the blockchain. Epic discards spent transaction inputs and consolidates outputs, storing neither addresses or amounts, only a tiny kernel to allow sender and receiver to prove their transaction.
  2. The Vitex mobile app is great for today, and we have a native mobile app for iOS and Android in the works as well.
Cryptodiffer Community
$EPIC Have total Supply of 21,000,000 EPIC , is there any burning plan? Or Buyback program to maintain $EPIC price in the future?
Who is Epic Biggest competitors?
And what’s makes epic better than competitors?
Xenolink Advisor at Epic Cash
We respect the older generation coins like Bitcoin. But we have learned that the supply economics of Bitcoin is very sound. Until today we can witness how the Bitcoin is being adopted institutionally and by retail. We match the 21 million BTC supply economics because it is an inelastic fixed model which makes the long-term economics very sound. To have an elastic model of burning tokens or printing tokens will not have a solid economic future. Take for example the USD which is an inflating supply. In terms of competitors we look at everyone in crypto with respect and also learn from everyone. If we had to compare to other Mimblewimble tech coins, Grin is an inelastic forever inflating supply which in the long term is not sound economics. Beam however is an inelastic model but is formed as a corporation. The fair distribution is not there because of the permanent revenue model setup for them. Epic Cash a non-profit development tax fund model for scaling purposes that will disappear by 2028’s singularity.
Cryptodiffer Community
What your plans in place for global expansion, are you focusing on only market at this time? Or focus on building and developing or getting customers and users, or partnerships?
Yoga Dude PR&Marketing at Epic Cash
Since we are a community project, we have many developers, in addition to the core team.
Our plans for Global expansion are simple — we have advocates in different regions addressing their audiences in their native languages. We are growing organically, by explaining our ideology and usability. The idea is to grow beyond needing a fiat bridge for crypto use, but to rather replace fiat with our borderless, private and fungible crypto so people can use it to get goods and services without using banks.
We are not limiting ourselves to one particular demographic — Epic Cash is a valid solution for the gamers, investors, techie and non techie people, and the unbanked.
Cryptodiffer Community
EPIC confidential coin! Did you have any problems with the regulators? And there will be no problems with listing on centralized exchanges?
Xenolink Advisor at Epic Cash
In terms of structure, we are carefully set up to minimize these concerns. Without a company or investors in the picture, and having raised no funds, there is little scope to attack in terms of securities laws. Bitcoin and Ethereum are widely acknowledged as acceptable, and we follow in their well-established footprints in that respect. Centralized exchanges already trade other privacy coins, so we don’t see this as much of an issue either. In general, decentralized p2p exchange options are more interesting than today’s centralized platforms. They are more censorship resistant, secure, and privacy-protecting. As the technology gets better, they should continue to gain market share and that’s why we’re proud to be partnered with Vitex, whose exchange and mobile app work very well.
Cryptodiffer Community
What are the main utility and real-life usage of the #EPIC As an investor, why should we invest in the #EPIC project as a long-term investment?
Max Freeman Project Lead at Epic Cash
Because our blockchain is so light (only 1.16gb currently, and grows very slowly) it is naturally well suited to become a decentralized mobile money standard because people can run a full node on their phone, guaranteeing the security of their funds. Scalability in Bitcoin requires complicated and compromised workarounds such as Lightning Network and light clients, and these problems are solved in Epic.
With our forthcoming Mobile Mining app, hundreds of millions of cell phones and tablets will be able to easily join the network. People can quickly and cheaply send money to one another, fulfilling the long-envisioned promise of P2P electronic cash.
As an investor, it’s important to ask a few key questions. Bitcoin Standard tokenomics of disinflation and a fixed supply are well proven over a decade now. We follow this model exactly, with a permanently synchronized supply from 2028, and 4 emission halvings from now until then, with our first one in about two weeks. Beyond that, we can apply some simple logical tests. What is more valuable, money that can only be used in some cases (censorable Bitcoin based on a lack of fungibility) or money that can be used universally? (fungible Epic based on always-on privacy by default). Epic is also poised to be a more decentralized and therefore resilient network because of wider participation in mining. Epic is designed to be Bitcoin++ Privacy, Fungibility, Scalability
Cryptodiffer Community
Q1. What are advantages for choosing three mining algorithms RandomX+, ProgPow and CuckAToo31+ ?
Q2. Beam and Grin use MimbleWimble protocol, so what are difference for Epic? All of you will be friends for partners or competitors?
Max Freeman Project Lead at Epic Cash
RandomX and ProgPow are designed to use the entirety of a CPU / GPU’s unique processing capabilities in a way that other types of hardware don’t work as well. You can run RandomX on a GPU but it doesn’t work nearly as well as a much cheaper CPU, for example. Cuckoo is a “memory hard” algorithm that widens the range of companies that can produce the hardware.
Grin and Beam are great projects and we’ve learned a lot from them. We inherited our first codebase from Grin’s excellent Rust design, which is a better language for community participation than C++ that Beam currently uses.
Functionally, Mimblewimble is similar across the 3 coins, with standard Confidential Transactions, CoinJoin, Dandelion++, Schnorr Signatures and other advanced features. Grin is primarily ASIC-targeted, Beam is GPU-targeted, and Epic is multi-hardware.
The biggest differences though are in tokenomics and project structure. Grin has permanent inflation of 60 coins per block with no halvings, which means steady erosion of value over time due to new supply pressure. It also lacks a steady funding model, making future development in jeopardy, particularly as the per coin price falls. Beam has a for-profit model with heavy early inflation and a high developer tax. Epic builds on the strengths of these earlier mimblewimble projects and addresses the parts that could be improved.
Cryptodiffer Community Some privacy coin has scalability issues! How Epic cash will solve scalability issues? Why you choose randomX consensus algorithem?
Xenolink Advisor at Epic Cash
Fungibility means that you can’t distinguish one unit of currency from another, in example Gold. Fungibility has recently become a hot issue as people have been noticing Bitcoins being locked up by exchanges which may of had a nefarious history which are called Tainted Coins. In example coins that have been involved in a hack, darknet market transactions, or even processing coin through a mixer. Today we can already see freshly mined Bitcoins being sold at a premium price to avoid the fungibility problem Bitcoin carries today. Bitcoin can be tracked by chainalysis and is not a fungible cryptocurrency. One of the features that Epic has is privacy with added fungibility, because of Mimblewimble technology, Epic has no addresses recorded and therefore nothing can be tracked by chainalysis. Below I provide a link of an example of what the lack of fungibility is resulting in today with Bitcoin. One of the reasons why we chose the Random X algo. is because of the easy barrier of entry and also to further decentralize the mining. Random X algo can be mined on old computers or laptops. We also have 2 other algos Progpow (GPU), and Cuckoo (ASIC) to create a wider decentralization of mining methods for Epic.
Cryptodiffer Community
I’m a newbie in crypto and blockchain so how will Epic Cash team target and educate people who don’t know about blockchain and crypto?
What is the uniqueness of Epic Cash that cannot be found in other project that´s been released so far ?
Yoga Dude Pr&Marketing at Epic Cash
Actually, while we have our white paper translated into over 30 languages, we are more focused on explaining our uses and advantages rather than cold specs. Our tech is solid, but we not get hung up on pure tech talk which most casual users do not need to or care to understand. As long as our fundamentals and tech are secure and user friendly our primary goal is to educate about use cases and market potential.
The uniqueness of Epic Cash is its amalgamation of “whats good” in other cryptos. We use Mimblewimble for privacy and anonymity. Our blockchain is much lighter than our competitors. We are the only Mimblewimble crypto to use a unique cocktail of mining algorithms allowing to be mined by casual miners with gaming rigs and laptops, while remaining friendly to GPU and CPU farmers.
The “uniqueness” is learning from the mistakes of those who came before us, we evolved and learned, which is why our privacy is better, we are faster, we are fungible, we offer diverse mining and so on. We are the best blend — thats powerful and unique
Cryptodiffer Community
Can you share EPIC’s vision for decentralized finance (DEFI)? What features do EPIC have to support DEFI?
Yoga Dude PR&Marketing at Epic Cash
We view Epic as ideally suited to be the decentralized digital reserve asset of the new Private Internet of Money that’s emerging. At a technology level, atomic swaps can be created to build liquidity bridges so that wrapped Epic tokens (like WBTC, WETH) can trade on other networks as ERC20, BEP2, NEP5, VIP180, Algorand and so on. There is more Bitcoin value locked on Ethereum than in Lightning Network, so we will similarly integrate Epic so that it can trade on networks such as Uniswap, Kyber, and so on.
Longer term, if there is market demand for it, thanks to Scriptless Script functionality our blockchain has, we can build “Confidential Assets” (which Raven, Tari, and Beam are all also working on) that enable people to create tokenized assets in a private way.
Cryptodiffer Community
If you could choose one celebrity to promote Epic-cash, who that would be?
Max Freeman Project Lead at Epic Cash
I am a firm believer that the strength of the project lies in allowing community members to become their own celebrities, if their content is good enough the community will propel them to celebrity status. Organic celebrities with small but loyal following are vastly more beneficial than big name professional shills with inflated but non caring audiences.
I remember the early days of Apple when an enthusiastic dude named Guy Kawasaki became Apple Evangelist, he was literally going around stores that sold Apple and visited user groups and Evangelized his belief in Apple. This guy became a Legend and helped Apple become what it is today.
Epic Cash will have its OWN Celebrities
Cryptodiffer Community
How does $EPIC solve scalability of transactions? Current blockchains face issues with scalability a lot, how does $EPIC creates a solution to it?
Xenolink Advisor at Epic Cash
Epic Cash is utilizing Mimblewimble technology. Besides the privacy & fungibility aspect of the tech. There is the scalability features of it. It is implemented into Epic by transaction cut-through. Which means it allows nodes to remove all intermediate transactions, thus significantly reducing the blockchain size without affecting its validation. Mimblewimble also does not use addresses like a BTC address, and amount of transactions are also not recorded. One problem Monero and Bitcoin are facing now is scalability. It is evident today that data is getting more expensive and that will be a problem in the long run for those coins. Epic is 90% lighter and more scalable compared to Monero and Bitcoin.
Cryptodiffer Community
what are the ways that Epic Cash generates profits/revenue to maintain your project and what is its revenue model ? How can it make benefit win-win to both invester and your project ?
Max Freeman Project Lead at Epic Cash
There is a block subsidy of 7.77% that declines 1.11% per year until 0, where it stays after that. As a nonprofit community effort, this extremely modest amount goes much further than in other projects, which often take 20, 30, even 50+ % of the coin supply. We believe that this ongoing funding model best aligns the long term incentives for all participants and balances the compromises between the ends of the centralized/decentralized spectrum of choices that any project must make.
Cryptodiffer Community
Q1 : What are your major goals to archive in the next 3–4 years?
Q2 : What are your plans to expand and gain more adoption?
Yoga Dude Pr&Marketing at Epic Cash
Max already talked about our technical plans and goals in his roadmap. Allow me to talk more about the non technical 😁
We are aiming for broader reach in the non technical more mainstream community — this is a big challenge but we believe it is doable. By offering simpler ways to mine Epic Cash (with smart phones for example), and by doing more education we will achieve the holy grail of crypto — moving past the fiat bridges and getting Epic Cash to be accepted as means of payment for goods and services. We will accomplish this by working with regional advocacy groups, community interaction, off-line promotional activities and diverse social media targeting.
Cryptodiffer Community
It seems to me that EpicCash will have its first Halving, right? Why a halving so soon?
Is a mobile version feasible?
Max Freeman Project Lead at Epic Cash
Our supply emission catches up to that of Bitcoin’s first 19 years after 8 years in Epic, so that requires more frequent halvings. Today’s block emission is 16, next up are 8, 4, 2, and then finally 0.15625. After that, the supply of Epic and that of BTC stay synchronized until maxing out at 21m coins in 2140.
Today we have a mobile wallet through the Vitex app, a native mobile wallet coming, and are working on mobile mining.
Cryptodiffer Community
What markets will you add after that?
Yoga Dude PR&Marketing at Epic Cash
Well, we are aiming to have ALL markets
Epic Cash in its final iteration will be usable by everyone everywhere regardless of their technical expertise. We are not limiting ourselves to the technocrats, one of our main goals is to help the billions of unbanked. We want everyone to be able to mine, buy, and most of all USE Epic Cash — gamers, farmers, soccer moms, students, retirees, everyone really — even bankers (well once we defeat the banking industry)
We will continue building on the multilingual diversity of our global community adding support and advocacy groups in more countries in more languages.
Epic Cash is More than Money and its for Everyone.
Cryptodiffer Community
Almost, all cryptocurrencies are decentralized & no-one knows who owns that cryptocurrencies ! then also, why Privacy is needed? hats the advantages of Private coins?
Max Freeman Project Lead at Epic Cash
With a public transparent blockchain such as Bitcoin, you are permanently posting a detailed history of your money movements open for anyone to see (not just legitimate authorities, either!) — It would be considered crazy to post your credit card or bank statements to Twitter, but that’s what is happening every time you send a transaction that is not private. This excellent video from community contributor Spencer Lambert https://www.youtube.com/watch?v=0blbfmvCq\_4 explains better than I can.
Privacy is not just for criminals, it’s for everyone. Do you want your landlord to increase the rent when he sees that you get a raise? Your insurance company to raise your healthcare costs because they see you buying too much ice cream? If you’re a business, do you want your employees to see how much money their coworkers make? Do you want your competitors to trace your supplier and customer relationships? Of course not. By privacy being default for everyone, cryptocurrency can be used in a much wider range of situations without unacceptable compromises.
Cryptodiffer Community
What are the main utility and real-life usage of the #EPIC As an investor, why should we invest in the #EPIC project as a long-term investment?
Xenolink Advisor at Epic Cash
Epic Cash can be used as a Private and Fungible store of value, medium of exchange, and unit of account. As Epic Cash grows and becomes adopted it can be compared to how Bitcoin and Monero is used and adopted as well. As Epic is adopted by the masses, it can be accepted as a medium of exchange for store owners and as fungible payments without the worry of having money that is tainted. Epic Cash as a store of value may be a good long term aspect of investment to consider. Epic Cash carries an inelastic fixed supply economic model of 21 million coins. There will be 5 halvings which this month of June will be our first halving of epic. From a block reward of 16 Epic reduced to 8. If we look at BTC’s price action and history of their halvings it has been proven and show that there has been an increase in value due to the scarcity and from halvings a reduction of # of BTC’s mined per block. An inelastic supply model like Bitcoin provides proof of the circulating supply compared to the total supply by the history of it’s Price action which is evident in long term charts since the birth of Bitcoin. EPIC Plans to have 5 halvings before the year 2028 to match the emissions of Bitcoin which we call the singularity event. Below is a chart displaying our halvings model approaching singularity. Once bitcoin and cryptocurrency becomes adopted mainstream, the fungibility problem will be more noticed by the general public. Privacy coins and the features of fungibility/scalability will most likely be sought over. Right now a majority of people believe that all cryptocurrency is fungible. However, that is not true. We can already see Chainalysis confirming that they can trace and track and even for other well-known privacy coins today such as Z-Cash.
Cryptodiffer Community
  1. You aim to reach support from a global community, what are your plans to get spanish speakers involved into Epic Cash? And emerging markets like the african
  2. How am I secure I won’t be affected by receiving tainted money?
Max Freeman Project Lead at Epic Cash
Native speakers from our community are working to raise awareness in key markets such as mining in Argentina and Venezuela for Spanish (Roberto Navarro called Epic “the holy grail of cryptocurrency” and Ethiopia and certain North African countries that have the lowest electricity costs in the world. Remittances between USA and Latin American countries are expensive and slow, so Epic is also perfect for people to send money back home as well.
Cryptodiffer Community
Do EPICs in 2020 focus more on research and coding, or on sales and implementation?
Yoga Dude PR&Marketing at Epic Cash
We will definitely continue to work on research and coding, with emphasis on improved accessibility (especially via smartphones) usability, security and privacy.
In terms of financial infrastructure will continuing to add exchanges both KYC and non KYC.
Big part of our plans is in ongoing Marketing and PR outreach. The idea is to make Epic Cash a viral sensation of sorts. If we can get Epic Cash adopters to spread the word and tell their family, coworkers and friends about Epic Cash — there will be no stopping us and to help that happen we have a growing army of content creators, and supporters.
Everyone with skin in the game gets the benefit of advancing the cause.
Folks also, this isn’t an answer to the question but an example of a real-world Epic Cash content —
https://www.youtube.com/watch?v=XtAVEqKGgqY
a challenge from one of our content creators to beat his 21 pull ups and get 100 epics! This has not been claimed yet — people need to step up 🙂 and to help that I will match another 100 Epic Cash to the first person to beat this
Cryptodiffer Community
I was watching some videos explaining how to send and receive transactions in EpicCash, which consists of ports and sending links, my question is why this is so, which, for now, looks complex?
Let’s talk about the economic model, can EpicCash comply with the concept of value reserve?
Max Freeman Project Lead at Epic Cash
In V3, which is coming later this summer, Epic can be sent over Tor, which eliminates this issue of port opening, even though using tools like ngrok.io, it’s not necessarily as painful as directly configuring the router ports. Early Lightning Network had this issue as well and it’s something we have a plan to address via research into non-interactive transactions. “Fire and Forget” payments to an address, as people are used to in Bitcoin, is coming to Epic and we’re excited to develop functionality that other advanced mimblewimble coins don’t yet have. We are committed to constant improvement in usability and utility, to make our money system the ease of use leader.
We are involved in the project (anyone can join the Freeman Family) because we believe that simply by choosing to use a form of money that better aligns with our ideals, that we can make a positive change in the world. Some of my thoughts about how I got involved are here: https://medium.com/epic-cash/the-freeman-family-e3b9c3b3f166
Max Freeman Project Lead at Epic Cash
Huge thanks to our friends Maks and Vladyslav, we welcome everyone to come say hi at one of our friendly communities. It is extremely early in this journey, our market cap is only 0.5m right now, whereas the 3 other mimblewimble coins are at $20m, $30m and $100m respectively. Epic is a historic opportunity to follow in the footsteps of legends such as Bitcoin and Monero, and we hope to become the first Top 5 privacy coin project.
Xenolink Advisor at Epic Cash
Would like to Thank the Cryptodiffer Team and the Cryptodiffer community for hosting us and also engaging with us to learn more about Epic. If anyone else has more questions and wants to know more about EPIC , can find us at our telegram channel at https://t.me/EpicCash .
Yoga Dude Pr&Marketing at Epic Cash
Thank you, CryptoDiffer Team, and this wonderful Community!!!
Cryptodiffer TEAM
Thank you everyone for taking your time and asking great questions
Thank you for your time, it was an insightful session
Spread the love
submitted by EpicCashFrodo to epiccash [link] [comments]

Summary of Ryan Taylor's economics AMA

Ryan Taylor recently conducted an AMA (ask me anything) discussing the economics of reallocating Dash's block reward. The topic followed up on his "Improving Dash as a Store of Value" presentation from the 2019 open house. I've categorized and summarized his responses:
Objective: reduce the severity and duration of high inflation rates in our circulating supply
Implement joint masternode shares rather than a new proof of stake system
Increase masternode and treasury share of block reward, reduce mining share
Keep X11 mining for now, ensure Dash dominates X11 hashing by 10x
Block subsidy belongs to the network, to be used for all needs, not just mining
Commentary on masternode ROI, plans to conduct and release supporting analyses
Timing: discuss now, detailed proposals starting as early as next month
submitted by ISkiAtAlta to dashpay [link] [comments]

BTC Noob, Learning and Intrigued by News - How can BTC be seized?

I'm interested in Bitcoin and more broadly cryptocurrency being used and accepted more widely.
I have some general ideas and understanding about how some aspects of crypto works, but I saw a news story and hoped this sub can help fill some knowledge gaps.
In short - News report/press release in the US, talking about charges against people for laundering money through bitcoin.
https://www.justice.gov/opa/ptwo-chinese-nationals-charged-laundering-over-100-million-cryptocurrency-exchange-hack
I'm sorry to see another news example of "look look crypto bad because criminals use it", but obviously that is a broader issue that needs addressing.
I was very interested by the following quote though:
"The civil forfeiture complaint specifically names 113 virtual currency accounts and addresses that were used by the defendants and unnamed co-conspirators to launder funds. The forfeiture complaint seeks to recover the funds, a portion of which has already been seized."
My question (and pardon me if it shows my lack of understanding of some cryptocurrency fundamentals) is: how can it be seized? Certainly I appreciate that governments around the world are collaborating to stop money laundering, but I don't understand how it's possible from a "technical" perspective. If money is in account A, couldn't you just move it to account B before it was seized? When the government tries to seize it from B, wouldn't you move it to C? Cat and mouse, forever, no?
Also, what actually happens? Does a government say "these wallets are ours now?" or "these wallets are no longer valid"? If you had crypto in a cold wallet, could it simply be "locked" or seized and rendered worthless?
Tips for further reading, input, and feedback are greatly appreciated!
submitted by DIFH2019 to BitcoinBeginners [link] [comments]

The Dark Side Of Apple

Why you should not use Apple
Censorship
Spying
Worker abuse
Tax avoidance
Right to Repair Phones
Miscellaneous
submitted by Lukun7 to AeterneLabs [link] [comments]

Continuous Proof of Bitcoin Burn: trust minimized sidechains and bitcoin-pegs w/o oracles/federations today

Original design presented for discussion and criticism
originally posted here: https://bitcointalk.org/index.php?topic=5212814.0
TLDR: Proposing the following that's possible today to use for any existing or new altcoins:
_______________________________________

Disclaimer:

This is not an altcoin thread. I'm not making anything. The design discussed options for existing altcoins and new ways to built on top of Bitcoin inheriting some of its security guarantees. 2 parts: First, the design allows any altcoins to switch to securing themselves via Bitcoin instead of their own PoW or PoS with significant benefits to both altcoins and Bitcoin (and environment lol). Second, I explain how to create Bitcoin-pegged assets to turn altcoins into a Bitcoin sidechain equivalent. Let me know if this is of interest or if it exists, feel free to use or do anything with this, hopefully I can help.

Issue:

Solution to first few points:

PoW altcoin switching to CPoBB would trade:

PoS altcoin switching to CPoBB would trade:

We already have a permissionless, compact, public, high-cost-backed finality base layer to build on top - Bitcoin! It will handle sorting, data availability, finality, and has something of value to use instead of capital or energy that's outside the sidechain - the Bitcoin coins. The sunk costs of PoW can be simulated by burning Bitcoin, similar to concept known as Proof of Burn where Bitcoin are sent to unspendable address. Unlike ICO's, no contributors can take out the Bitcoins and get rewards for free. Unlike PoS, entry into supply lies outside the alt-chain and thus doesn't depend on permission of alt-chain stake-coin holders. It's hard to find a more bandwidth or state size protective blockchain to use other than Bitcoin as well so altcoins can be Bitcoin-aware at little marginal difficulty - 10 years of history fully validates in under a day.

What are typical issues with Proof of Burn?

Solution:

This should be required for any design for it to stay permissionless. Optional is constant fixed emission rate for altcoins not trying to be money if goal is to maximize accessibility. Since it's not depending on brand new PoW for security, they don't have to depend on massive early rewards giving disproportionate fraction of supply at earliest stage either. If 10 coins are created every block, after n blocks, at rate of 10 coins per block, % emission per block is = (100/n)%, an always decreasing number. Sidechain coin doesn't need to be scarce money, and could maximize distribution of control by encouraging further distribution. If no burners exist in a block, altcoin block reward is simply added to next block reward making emission predictable.
Sidechain block content should be committed in burn transaction via a root of the merkle tree of its transactions. Sidechain state will depend on Bitcoin for finality and block time between commitment broadcasts. However, the throughput can be of any size per block, unlimited number of such sidechains can exist with their own rules and validation costs are handled only by nodes that choose to be aware of a specific sidechain by running its consensus compatible software.
Important design decision is how can protocol determine the "true" side-block and how to distribute incentives. Simplest solution is to always :
  1. Agree on the valid sidechain block matching the merkle root commitment for the largest amount of Bitcoin burnt, earliest inclusion in the bitcoin block as the tie breaker
  2. Distribute block reward during the next side-block proportional to current amounts burnt
  3. Bitcoin fee market serves as deterrent for spam submissions of blocks to validate
e.g.
sidechain block reward is set always at 10 altcoins per block Bitcoin block contains the following content embedded and part of its transactions: tx11: burns 0.01 BTC & OP_RETURN tx56: burns 0.05 BTC & OP_RETURN ... <...root of valid sidechain block version 1> ... tx78: burns 1 BTC & OP_RETURN ... <...root of valid sidechain block version 2> ... tx124: burns 0.2 BTC & OP_RETURN ... <...root of INVALID sidechain block version 3> ...
Validity is deterministic by rules in client side node software (e.g. signature validation) so all nodes can independently see version 3 is invalid and thus burner of tx124 gets no reward allocated. The largest valid burn is from tx78 so version 2 is used for the blockchain in sidechain. The total valid burn is 1.06 BTC, so 10 altcoins to be distributed in the next block are 0.094, 0.472, 9.434 to owners of first 3 transactions, respectively.
Censorship attack would require continuous costs in Bitcoin on the attacker and can be waited out. Censorship would also be limited to on-sidechain specific transactions as emission distribution to others CPoB contributors wouldn't be affected as blocks without matching coin distributions on sidechain wouldn't be valid. Additionally, sidechains can allow a limited number of sidechain transactions to happen via embedding transaction data inside Bitcoin transactions (e.g. OP_RETURN) as a way to use Bitcoin for data availability layer in case sidechain transactions are being censored on their network. Since all sidechain nodes are Bitcoin aware, it would be trivial to include.
Sidechain blocks cannot be reverted without reverting Bitcoin blocks or hard forking the protocol used to derive sidechain state. If protocol is forked, the value of sidechain coins on each fork of sidechain state becomes important but Proof of Burn natively guarantees trust minimized and permissionless distribution of the coins, something inferior methods like obscure early distributions, trusted pre-mines, and trusted ICO's cannot do.
More bitcoins being burnt is parallel to more hash rate entering PoW, with each miner or burner getting smaller amount of altcoins on average making it unprofitable to burn or mine and forcing some to exit. At equilibrium costs of equipment and electricity approaches value gained from selling coins just as at equilibrium costs of burnt coins approaches value of altcoins rewarded. In both cases it incentivizes further distribution to markets to cover the costs making burners and miners dependent on users via markets. In both cases it's also possible to mine without permission and mine at a loss temporarily to gain some altcoins without permission if you want to.
Altcoins benefit by inheriting many of bitcoin security guarantees, bitcoin parties have to do nothing if they don't want to, but will see their coins grow more scarce through burning. The contributions to the fee market will contribute to higher Bitcoin miner rewards even after block reward is gone.

Sidechain Bitcoin-pegs:

What is the ideal goal of the sidechains? Ideally to have a token that has the bi-directionally pegged value to Bitcoin and tradeable ~1:1 for Bitcoin that gives Bitcoin users an option of a different rule set without compromising the base chain nor forcing base chain participants to do anything different.
Issues with value pegs:
Let's get rid of the idea of needing Bitcoin collateral to back pegged coins 1:1 as that's never secure, independent, or scalable at same security level. As drive-chain design suggested the peg doesn't have to be fast, can take months, just needs to exist so other methods can be used to speed it up like atomic swaps by volunteers taking on the risk for a fee.
In continuous proof of burn we have another source of Bitcoins, the burnt Bitcoins. Sidechain protocols can require some minor percentage (e.g. 20%) of burner tx value coins via another output to go to reimburse those withdrawing side-Bitcoins to Bitcoin chain until they are filled. If withdrawal queue is empty that % is burnt instead. Selection of who receives reimbursement is deterministic per burner. Percentage must be kept small as it's assumed it's possible to get up to that much discount on altcoin emissions.
Let's use a really simple example case where each burner pays 20% of burner tx amount to cover withdrawal in exact order requested with no attempts at other matching, capped at half amount requested per payout. Example:
withdrawal queue: request1: 0.2 sBTC request2: 1.0 sBTC request3: 0.5 sBTC
same block burners: tx burns 0.8 BTC, 0.1 BTC is sent to request1, 0.1 BTC is sent to request2 tx burns 0.4 BTC, 0.1 BTC is sent to request1 tx burns 0.08 BTC, 0.02 BTC is sent to request 1 tx burns 1.2 BTC, 0.1 BTC is sent to request1, 0.2 BTC is sent to request2
withdrawal queue: request1: filled with 0.32 BTC instead of 0.2 sBTC, removed from queue request2: partially-filled with 0.3 BTC out of 1.0 sBTC, 0.7 BTC remaining for next queue request3: still 0.5 sBTC
Withdrawal requests can either take long time to get to filled due to cap per burn or get overfilled as seen in "request1" example, hard to predict. Overfilling is not a big deal since we're not dealing with a finite source. The risk a user that chooses to use the sidechain pegged coin takes on is based on the rate at which they can expect to get paid based on value of altcoin emission that generally matches Bitcoin burn rate. If sidechain loses interest and nobody is burning enough bitcoin, the funds might be lost so the scale of risk has to be measured. If Bitcoins burnt per day is 0.5 BTC total and you hope to deposit or withdraw 5000 BTC, it might take a long time or never happen to withdraw it. But for amounts comparable or under 0.5 BTC/day average burnt with 5 side-BTC on sidechain outstanding total the risks are more reasonable.
Deposits onto the sidechain are far easier - by burning Bitcoin in a separate known unspendable deposit address for that sidechain and sidechain protocol issuing matching amount of side-Bitcoin. Withdrawn bitcoins are treated as burnt bitcoins for sake of dividing block rewards as long as they followed the deterministic rules for their burn to count as valid and percentage used for withdrawals is kept small to avoid approaching free altcoin emissions by paying for your own withdrawals and ensuring significant unforgeable losses.
Ideally more matching is used so large withdrawals don't completely block everyone else and small withdrawals don't completely block large withdrawals. Better methods should deterministically randomize assigned withdrawals via previous Bitcoin block hash, prioritized by request time (earliest arrivals should get paid earlier), and amount of peg outstanding vs burn amount (smaller burns should prioritize smaller outstanding balances). Fee market on bitcoin discourages doing withdrawals of too small amounts and encourages batching by burners.
The second method is less reliable but already known that uses over-collateralized loans that create a oracle-pegged token that can be pegged to the bitcoin value. It was already used by its inventors in 2014 on bitshares (e.g. bitCNY, bitUSD, bitBTC) and similarly by MakerDAO in 2018. The upside is a trust minimized distribution of CPoB coins can be used to distribute trust over selection of price feed oracles far better than pre-mined single trusted party based distributions used in MakerDAO (100% pre-mined) and to a bit lesser degree on bitshares (~50% mined, ~50% premined before dpos). The downside is 2 fold: first the supply of BTC pegged coin would depend on people opening an equivalent of a leveraged long position on the altcoin/BTC pair, which is hard to convince people to do as seen by very poor liquidity of bitBTC in the past. Second downside is oracles can still collude to mess with price feeds, and while their influence might be limited via capped price changes per unit time and might compromise their continuous revenue stream from fees, the leverage benefits might outweight the losses. The use of continous proof of burn to peg withdrawals is superior method as it is simply a minor byproduct of "mining" for altcoins and doesn't depend on traders positions. At the moment I'm not aware of any market-pegged coins on trust minimized platforms or implemented in trust minimized way (e.g. premined mkr on premined eth = 2 sets of trusted third parties each of which with full control over the design).
_______________________________________

Brief issues with current altchains options:

  1. PoW: New PoW altcoins suffer high risk of attacks. Additional PoW chains require high energy and capital costs to create permissionless entry and trust minimized miners that are forever dependent on markets to hold them accountable. Using same algorithm or equipment as another chain or merge-mining puts you at a disadvantage by allowing some miners to attack and still cover sunk costs on another chain. Using a different algorithm/equipment requires building up the value of sunk costs to protect against attacks with significant energy and capital costs. Drive-chains also require miners to allow it by having to be sidechain aware and thus incur additional costs on them and validating nodes if the sidechain rewards are of value and importance.
  2. PoS: PoS is permissioned (requires permission from internal party to use network or contribute to consensus on permitted scale), allows perpetual control without accountability to others, and incentivizes centralization of control over time. Without continuous source of sunk costs there's no reason to give up control. By having consensus entirely dependent on internal state network, unlike PoW but like private databases, cannot guarantee independent permissionless entry and thus cannot claim trust minimization. Has no built in distribution methods so depends on safe start (snapshot of trust minimized distributions or PoW period) followed by losing that on switch to PoS or starting off dependent on a single trusted party such as case in all significant pre-mines and ICO's.
  3. Proof of Capacity: PoC is just shifting costs further to capital over PoW to achieve same guarantees.
  4. PoW/PoS: Still require additional PoW chain creation. Strong dependence on PoS can render PoW irrelevant and thus inherit the worst properties of both protocols.
  5. Tokens inherit all trust dependencies of parent blockchain and thus depend on the above.
  6. Embedded consensus (counterparty, veriblock?, omni): Lacks mechanism for distribution, requires all tx data to be inside scarce Bitcoin block space so high cost to users instead of compensated miners. If you want to build a very expressive scripting language, might very hard & expensive to fit into Bitcoin tx vs CPoBB external content of unlimited size in a committed hash. Same as CPoBB is Bitcoin-aware so can respond to Bitcoin being sent but without source of Bitcoins like burning no way to do any trust minimized Bitcoin-pegs it can control fully.

Few extra notes from my talks with people:

Main questions to you:

open to working on this further with others
submitted by awasi868 to CryptoTechnology [link] [comments]

Bitcoin will make everyone rich!!! Here's how!!! What Are Hashed Lock Contracts? Applications In Bitcoin Payment Channels Bitcoin Block Details What Is A Bitcoin Wallet? - The Best Explanation EVER ... What is Bitcoin? Bitcoin Explained Simply for Dummies ...

Bitcoin is the first blockchain ever created relying on proof-of-work. It has since spread to become widely used in many cryptocurrencies. Transactions are connected to a user’s Bitcoin address, which is derived from the user’s private key. A transaction on the Bitcoin blockchain can be seen as a transfer of value between Bitcoin wallets ... Digital money that’s instant, private, and free from bank fees. Download our official wallet app and start using Bitcoin today. Read news, start mining, and buy BTC or BCH. Yes. All public addresses generated from your wallet can still receive funds, even if they no longer appear under Request.As explained here, a new bitcoin/bitcoin cash address will automatically display under Request once the previously displayed address receives a payment. Your receiving address for ether will not change. Unfortunately, the scammers do trick some people. One scammer made about 2.5 BTC, or $15,500 USD, in the first two days of their scam on July 11 and 12. We know this because Bitcoin transaction records are public, so it’s possible to see how much money was sent to the scammer’s wallet address. Don’t Negotiate or Pay. Don’t Even Respond. Non-Spendable Bitcoin scam There are two types of scams ongoing where this non-spendable BTC is used 1. Once you have lost your Money or BTC in any scam, you are angry and hopeless. Then you start looking for ways to scam the scam artist or to hac...

[index] [33768] [49478] [50447] [7277] [31418] [25764] [11784] [46006] [25941] [33468]

Bitcoin will make everyone rich!!! Here's how!!!

Start trading Bitcoin and cryptocurrency here: http://bit.ly/2Vptr2X Bitcoin is the first decentralized digital currency. All Bitcoin transactions are docume... This video is part of a larger online course, "From Barter to Bitcoin: Society, Technology and the Future of Money" run by Prof. Bill Maurer and Prof. Donald J. Patterson In addition to the video ... A look at the details of a bitcoin blockchain block This video is part of a larger online course, "From Barter to Bitcoin: Society, Technology and the Future of Money" run by Prof. Bill Maurer and ... ep 13: How is bitcoin "locked" to an address - OP_CHECKSIG, locking scripts, signatures, UTXO chain - Duration: 47:07. Matt Thomas 4,823 views. 47:07. Network Security 101: Full Workshop ... A simple yet full explanation of how the Script language in Bitcoin works. Includes examples of the most commonly used locking scripts (and unlocking scripts...

#