Nonce - Bitcoin Wiki

Mining mempool tx sweep

Hi all. Is anyone aware of when mining software chooses to add transactions from the mempool into the merle tree of the block it is currently hashing and trying to find the winning nonce for?
Is it the case that a single snapshot of the mempool is taken (with some selection filters applied), built into a tree and then submitted to the ASICs for hashing? Or is the merkle tree updated regularly during the round in order to include higher priority transactions? Doing this changes the header so would probably result in resetting the nonce.
Edit: Actually, same question for the block time field in the header... at what point does mining software set this? Only once at the beginning of the round, or does it update it continually with each iteration (acting like a mining nonce)?
Bitcoin wiki says this vague line: "The block is also occasionally updated as you are working on it." https://en.bitcoin.it/wiki/Block_hashing_algorithm
I'm interested to know what typical practice is here. I'd guess cgminer and equivalents have customisable and default params which set some threshold for decision making. If new tx priority is below threshold then don't update the header, if it is over the threshold then its worth the i/o(?) cost to switch out the header.
Edit: https://youtu.be/L8TQQxARdxo This is a full node listening for new transactions and blocks. The new transactions list (mempool) continually grows, a few tx per second, and then mostly clears on the arrival of a new block. This implies that miners, who receive a similar mempool to this node, are updating their block header with new transactions all the time thought out the round.
submitted by opacey to BitcoinMining [link] [comments]

[HALVING MEGATHREAD] Block 630000 has been mined. Mining subsidy is now 6.25 BTC per block. The third Bitcoin Halving is now complete!

As of now, 630,000 blocks have been mined on the Bitcoin network, and the block reward has successfully halved for the second THIRD time. The previous block reward was 12.5 BTC, and the new block reward is now 6.25 BTC. Since the previous halving at Block 420000, monetary inflation decreased from 4.17%% to 3.57%. Block 630000 signals an immediate 50% reduction to 1.79%. The next halving will occur at Block 840000 in approximately four years. Godspeed, Bitcoin!
Here's Block 630000 in all its glory!
{ "hash": "000000000000000000024bead8df69990852c202db0e0097c1a12ea637d7e96d", "confirmations": "1", "strippedsize": "1186930", "weight": "3993250", "height": "630000", "version": "536870912", "merkleroot": "b191f5f973b9040e81c4f75f99c7e43c92010ba8654718e3dd1a4800851d300d", "tx": "3134", "time": "1589225023", "nonce": "2302182970", "bits": "387021369", "difficulty": "16104807485529", "previousblockhash": "0000000000000000000d656be18bb095db1b23bd797266b0ac3ba720b1962b1e", } 
coinbase transaction: 6.25 BTC + 0.90968084 BTC in fees
block size: 1186.93 KB
transactions: 3134
total bitcoins: 18,375,000
remaining bitcoins: ~2,625,000
previous halving: 3 years 10 months 2 days 2 hours 37 minutes 30 seconds ago
[Monetary Inflation Chart] [Controlled Supply] [Bitcoin Clock]
[blockstream.info] [insight.io] [tradeblock.com] [mempool.space] [btc.com] [blockchain.com]
submitted by BashCo to Bitcoin [link] [comments]

Bob The Magic Custodian



Summary: Everyone knows that when you give your assets to someone else, they always keep them safe. If this is true for individuals, it is certainly true for businesses.
Custodians always tell the truth and manage funds properly. They won't have any interest in taking the assets as an exchange operator would. Auditors tell the truth and can't be misled. That's because organizations that are regulated are incapable of lying and don't make mistakes.

First, some background. Here is a summary of how custodians make us more secure:

Previously, we might give Alice our crypto assets to hold. There were risks:

But "no worries", Alice has a custodian named Bob. Bob is dressed in a nice suit. He knows some politicians. And he drives a Porsche. "So you have nothing to worry about!". And look at all the benefits we get:
See - all problems are solved! All we have to worry about now is:
It's pretty simple. Before we had to trust Alice. Now we only have to trust Alice, Bob, and all the ways in which they communicate. Just think of how much more secure we are!

"On top of that", Bob assures us, "we're using a special wallet structure". Bob shows Alice a diagram. "We've broken the balance up and store it in lots of smaller wallets. That way", he assures her, "a thief can't take it all at once". And he points to a historic case where a large sum was taken "because it was stored in a single wallet... how stupid".
"Very early on, we used to have all the crypto in one wallet", he said, "and then one Christmas a hacker came and took it all. We call him the Grinch. Now we individually wrap each crypto and stick it under a binary search tree. The Grinch has never been back since."

"As well", Bob continues, "even if someone were to get in, we've got insurance. It covers all thefts and even coercion, collusion, and misplaced keys - only subject to the policy terms and conditions." And with that, he pulls out a phone-book sized contract and slams it on the desk with a thud. "Yep", he continues, "we're paying top dollar for one of the best policies in the country!"
"Can I read it?' Alice asks. "Sure," Bob says, "just as soon as our legal team is done with it. They're almost through the first chapter." He pauses, then continues. "And can you believe that sales guy Mike? He has the same year Porsche as me. I mean, what are the odds?"

"Do you use multi-sig?", Alice asks. "Absolutely!" Bob replies. "All our engineers are fully trained in multi-sig. Whenever we want to set up a new wallet, we generate 2 separate keys in an air-gapped process and store them in this proprietary system here. Look, it even requires the biometric signature from one of our team members to initiate any withdrawal." He demonstrates by pressing his thumb into the display. "We use a third-party cloud validation API to match the thumbprint and authorize each withdrawal. The keys are also backed up daily to an off-site third-party."
"Wow that's really impressive," Alice says, "but what if we need access for a withdrawal outside of office hours?" "Well that's no issue", Bob says, "just send us an email, call, or text message and we always have someone on staff to help out. Just another part of our strong commitment to all our customers!"

"What about Proof of Reserve?", Alice asks. "Of course", Bob replies, "though rather than publish any blockchain addresses or signed transaction, for privacy we just do a SHA256 refactoring of the inverse hash modulus for each UTXO nonce and combine the smart contract coefficient consensus in our hyperledger lightning node. But it's really simple to use." He pushes a button and a large green checkmark appears on a screen. "See - the algorithm ran through and reserves are proven."
"Wow", Alice says, "you really know your stuff! And that is easy to use! What about fiat balances?" "Yeah, we have an auditor too", Bob replies, "Been using him for a long time so we have quite a strong relationship going! We have special books we give him every year and he's very efficient! Checks the fiat, crypto, and everything all at once!"

"We used to have a nice offline multi-sig setup we've been using without issue for the past 5 years, but I think we'll move all our funds over to your facility," Alice says. "Awesome", Bob replies, "Thanks so much! This is perfect timing too - my Porsche got a dent on it this morning. We have the paperwork right over here." "Great!", Alice replies.
And with that, Alice gets out her pen and Bob gets the contract. "Don't worry", he says, "you can take your crypto-assets back anytime you like - just subject to our cancellation policy. Our annual management fees are also super low and we don't adjust them often".

How many holes have to exist for your funds to get stolen?
Just one.

Why are we taking a powerful offline multi-sig setup, widely used globally in hundreds of different/lacking regulatory environments with 0 breaches to date, and circumventing it by a demonstrably weak third party layer? And paying a great expense to do so?
If you go through the list of breaches in the past 2 years to highly credible organizations, you go through the list of major corporate frauds (only the ones we know about), you go through the list of all the times platforms have lost funds, you go through the list of times and ways that people have lost their crypto from identity theft, hot wallet exploits, extortion, etc... and then you go through this custodian with a fine-tooth comb and truly believe they have value to add far beyond what you could, sticking your funds in a wallet (or set of wallets) they control exclusively is the absolute worst possible way to take advantage of that security.

The best way to add security for crypto-assets is to make a stronger multi-sig. With one custodian, what you are doing is giving them your cryptocurrency and hoping they're honest, competent, and flawlessly secure. It's no different than storing it on a really secure exchange. Maybe the insurance will cover you. Didn't work for Bitpay in 2015. Didn't work for Yapizon in 2017. Insurance has never paid a claim in the entire history of cryptocurrency. But maybe you'll get lucky. Maybe your exact scenario will buck the trend and be what they're willing to cover. After the large deductible and hopefully without a long and expensive court battle.

And you want to advertise this increase in risk, the lapse of judgement, an accident waiting to happen, as though it's some kind of benefit to customers ("Free institutional-grade storage for your digital assets.")? And then some people are writing to the OSC that custodians should be mandatory for all funds on every exchange platform? That this somehow will make Canadians as a whole more secure or better protected compared with standard air-gapped multi-sig? On what planet?

Most of the problems in Canada stemmed from one thing - a lack of transparency. If Canadians had known what a joke Quadriga was - it wouldn't have grown to lose $400m from hard-working Canadians from coast to coast to coast. And Gerald Cotten would be in jail, not wherever he is now (at best, rotting peacefully). EZ-BTC and mister Dave Smilie would have been a tiny little scam to his friends, not a multi-million dollar fraud. Einstein would have got their act together or been shut down BEFORE losing millions and millions more in people's funds generously donated to criminals. MapleChange wouldn't have even been a thing. And maybe we'd know a little more about CoinTradeNewNote - like how much was lost in there. Almost all of the major losses with cryptocurrency exchanges involve deception with unbacked funds.
So it's great to see transparency reports from BitBuy and ShakePay where someone independently verified the backing. The only thing we don't have is:
It's not complicated to validate cryptocurrency assets. They need to exist, they need to be spendable, and they need to cover the total balances. There are plenty of credible people and firms across the country that have the capacity to reasonably perform this validation. Having more frequent checks by different, independent, parties who publish transparent reports is far more valuable than an annual check by a single "more credible/official" party who does the exact same basic checks and may or may not publish anything. Here's an example set of requirements that could be mandated:
There are ways to structure audits such that neither crypto assets nor customer information are ever put at risk, and both can still be properly validated and publicly verifiable. There are also ways to structure audits such that they are completely reasonable for small platforms and don't inhibit innovation in any way. By making the process as reasonable as possible, we can completely eliminate any reason/excuse that an honest platform would have for not being audited. That is arguable far more important than any incremental improvement we might get from mandating "the best of the best" accountants. Right now we have nothing mandated and tons of Canadians using offshore exchanges with no oversight whatsoever.

Transparency does not prove crypto assets are safe. CoinTradeNewNote, Flexcoin ($600k), and Canadian Bitcoins ($100k) are examples where crypto-assets were breached from platforms in Canada. All of them were online wallets and used no multi-sig as far as any records show. This is consistent with what we see globally - air-gapped multi-sig wallets have an impeccable record, while other schemes tend to suffer breach after breach. We don't actually know how much CoinTrader lost because there was no visibility. Rather than publishing details of what happened, the co-founder of CoinTrader silently moved on to found another platform - the "most trusted way to buy and sell crypto" - a site that has no information whatsoever (that I could find) on the storage practices and a FAQ advising that “[t]rading cryptocurrency is completely safe” and that having your own wallet is “entirely up to you! You can certainly keep cryptocurrency, or fiat, or both, on the app.” Doesn't sound like much was learned here, which is really sad to see.
It's not that complicated or unreasonable to set up a proper hardware wallet. Multi-sig can be learned in a single course. Something the equivalent complexity of a driver's license test could prevent all the cold storage exploits we've seen to date - even globally. Platform operators have a key advantage in detecting and preventing fraud - they know their customers far better than any custodian ever would. The best job that custodians can do is to find high integrity individuals and train them to form even better wallet signatories. Rather than mandating that all platforms expose themselves to arbitrary third party risks, regulations should center around ensuring that all signatories are background-checked, properly trained, and using proper procedures. We also need to make sure that signatories are empowered with rights and responsibilities to reject and report fraud. They need to know that they can safely challenge and delay a transaction - even if it turns out they made a mistake. We need to have an environment where mistakes are brought to the surface and dealt with. Not one where firms and people feel the need to hide what happened. In addition to a knowledge-based test, an auditor can privately interview each signatory to make sure they're not in coercive situations, and we should make sure they can freely and anonymously report any issues without threat of retaliation.
A proper multi-sig has each signature held by a separate person and is governed by policies and mutual decisions instead of a hierarchy. It includes at least one redundant signature. For best results, 3of4, 3of5, 3of6, 4of5, 4of6, 4of7, 5of6, or 5of7.

History has demonstrated over and over again the risk of hot wallets even to highly credible organizations. Nonetheless, many platforms have hot wallets for convenience. While such losses are generally compensated by platforms without issue (for example Poloniex, Bitstamp, Bitfinex, Gatecoin, Coincheck, Bithumb, Zaif, CoinBene, Binance, Bitrue, Bitpoint, Upbit, VinDAX, and now KuCoin), the public tends to focus more on cases that didn't end well. Regardless of what systems are employed, there is always some level of risk. For that reason, most members of the public would prefer to see third party insurance.
Rather than trying to convince third party profit-seekers to provide comprehensive insurance and then relying on an expensive and slow legal system to enforce against whatever legal loopholes they manage to find each and every time something goes wrong, insurance could be run through multiple exchange operators and regulators, with the shared interest of having a reputable industry, keeping costs down, and taking care of Canadians. For example, a 4 of 7 multi-sig insurance fund held between 5 independent exchange operators and 2 regulatory bodies. All Canadian exchanges could pay premiums at a set rate based on their needed coverage, with a higher price paid for hot wallet coverage (anything not an air-gapped multi-sig cold wallet). Such a model would be much cheaper to manage, offer better coverage, and be much more reliable to payout when needed. The kind of coverage you could have under this model is unheard of. You could even create something like the CDIC to protect Canadians who get their trading accounts hacked if they can sufficiently prove the loss is legitimate. In cases of fraud, gross negligence, or insolvency, the fund can be used to pay affected users directly (utilizing the last transparent balance report in the worst case), something which private insurance would never touch. While it's recommended to have official policies for coverage, a model where members vote would fully cover edge cases. (Could be similar to the Supreme Court where justices vote based on case law.)
Such a model could fully protect all Canadians across all platforms. You can have a fiat coverage governed by legal agreements, and crypto-asset coverage governed by both multi-sig and legal agreements. It could be practical, affordable, and inclusive.

Now, we are at a crossroads. We can happily give up our freedom, our innovation, and our money. We can pay hefty expenses to auditors, lawyers, and regulators year after year (and make no mistake - this cost will grow to many millions or even billions as the industry grows - and it will be borne by all Canadians on every platform because platforms are not going to eat up these costs at a loss). We can make it nearly impossible for any new platform to enter the marketplace, forcing Canadians to use the same stagnant platforms year after year. We can centralize and consolidate the entire industry into 2 or 3 big players and have everyone else fail (possibly to heavy losses of users of those platforms). And when a flawed security model doesn't work and gets breached, we can make it even more complicated with even more people in suits making big money doing the job that blockchain was supposed to do in the first place. We can build a system which is so intertwined and dependent on big government, traditional finance, and central bankers that it's future depends entirely on that of the fiat system, of fractional banking, and of government bail-outs. If we choose this path, as history has shown us over and over again, we can not go back, save for revolution. Our children and grandchildren will still be paying the consequences of what we decided today.
Or, we can find solutions that work. We can maintain an open and innovative environment while making the adjustments we need to make to fully protect Canadian investors and cryptocurrency users, giving easy and affordable access to cryptocurrency for all Canadians on the platform of their choice, and creating an environment in which entrepreneurs and problem solvers can bring those solutions forward easily. None of the above precludes innovation in any way, or adds any unreasonable cost - and these three policies would demonstrably eliminate or resolve all 109 historic cases as studied here - that's every single case researched so far going back to 2011. It includes every loss that was studied so far not just in Canada but globally as well.
Unfortunately, finding answers is the least challenging part. Far more challenging is to get platform operators and regulators to agree on anything. My last post got no response whatsoever, and while the OSC has told me they're happy for industry feedback, I believe my opinion alone is fairly meaningless. This takes the whole community working together to solve. So please let me know your thoughts. Please take the time to upvote and share this with people. Please - let's get this solved and not leave it up to other people to do.

Facts/background/sources (skip if you like):



Thoughts?
submitted by azoundria2 to QuadrigaInitiative [link] [comments]

Proof of work algorithm

Proof of work algorithm
Although the Proof of Work algorithm gained popularity only in the last decade, due to the fact that it is one of the basic principles in the operation of the BTC network, it first appeared in the early 90s. At the time of its creation, its task was to provide protection against DoS attacks, loading the computer from which the requests originated with the need to carry out certain calculations to access the needed resource. This did not affect the basic processes in any way, but if a DoS attack was carried out from the PC, it exceedingly overloaded it.

EXBASE.IO
Almost 20 years later, Satoshi Nakamoto decided to apply it, when it became necessary to guarantee the reliability of the mined blocks of information before they become part of the blockchain. The concept has become so successful that it is used in almost every existing cryptocurrency, albeit with some changes.
In order to better understand the principle of operation of this algorithm, you need to look at BTC and the practice of its application in this particular cryptocurrency. As you know, the Blockchain network consists of many equivalent nodes that are looking for a solution to the equation for the selection of a pseudo-random nonce number, so that a new block can be added to the network (mining). The mentioned number, after passing through the hash function, together with the information that is directly in the block, should return the hash of the new block. And the task of other participants is to substitute it into a function in order to make sure that it is correct (validation). This is much faster and more efficient than if everyone was just looking for this number, even when one of the nodes already founded it. As a result, a new block is added by the node that first found a solution, and it receives a reward, provided that other nodes have verified the authenticity of the number.
However, a new block cannot be added if the nonce number was not found. Each new block stores information about the hash of the previous one, respectively, they are cryptographically linked. Taking into account the fact that for the appearance of a new block it is necessary to perform a large amount of work, the algorithm was called Proof of Work.
Although PoW has significant drawbacks - a large amount of computing power is required, therefore, a regular PC can't be used for it, and besides it, a huge amount of electricity is needed to power all equipment, the algorithm has proven its effectiveness. It is reliable, it copes with the task perfectly and doesn't have many successful analogues.
#ProofofWork #PoW
Website: https://exbase.io/ru/ Twitter: @exbase_io_ Facebook: https://www.facebook.com/exbase.io/ Telegram customer support: https://t.me/Exbaseofficial
submitted by ExBase_io to u/ExBase_io [link] [comments]

3 key data points show it wasn't Satoshi who moved 50 Bitcoin

3 key data points show it wasn't Satoshi who moved 50 Bitcoin submitted by JosefinaCrane to CryptoCurrency [link] [comments]

CelesOS Research Institute丨DPoW consensus mechanism-combustible mining and voting

CelesOS Research Institute丨DPoW consensus mechanism-combustible mining and voting
The token economy and the blockchain complement each other, while at the same time, the consensus mechanism forms the basis of the blockchain, whom constitutes the basic technical framework of the token economy.
The mainstream blockchain, like Bitcoin, Ethereum, and EOS have all compromised on certain aspects of the "impossible triangle" features.
https://preview.redd.it/8ocq98swpt551.png?width=554&format=png&auto=webp&s=37ab0235c07b450217e22531ad5291d5b4bcbbee
Bitcoin, as a decentralized digital currency, has sacrificed performance to meet the design requirements of decentralization and security, rendering it the target of highest attacking cost among all PoW public chains. The ASIC mining machines updates continually and new versions launch, both can continuously improve the computing power of the entire network.
Ethereum 2.0 will use a proof of stake (PoS) consensus mechanism. On the Ethereum network, money can be transfered and smart contracts can be operated, presenting a more complicated application scenario. However, due to its low performance, Ethereum is more prone to get congested.
EOS, as a blockchain application platform, is often suspected of being centralized. EOS uses a delegated proof of stake (DPoS) consensus mechanism. Having 21 super nodes responsible for bookkeeping and block generation, the EOS main network can handle more than 4,000 TPS now. However, due to its small number of nodes, it’s one of the three major public chains that are most easily questioned by the outside world on the "decentralization" feature.
An inefficient blockchain will only be a game in the laboratory, and an efficient blockchain without decentralization will only be taken advantage of by big players.
New generation consensus algorithm DPoW
Is there any consensus mechanism that can achieve a better balance between decentralization and efficiency, and can give miners incentives to invest in hardware resources? If we separate the two acts of "acquiring accounting rights" and "receiving block rewards", the above dilemma can be solved. By separating the above two, DPoW has finally achieved the effect of balancing efficiency and centralization.

https://preview.redd.it/www3h8swpt551.png?width=731&format=png&auto=webp&s=c0bf49a42751a9501828d0294bc9280f856c441e
Drawing on the design concept and operating experience of the preceding consensus mechanisms, DPoW is a new-generation consensus mechanism formed based on PoB and DPoS.
Before explaining DPoW, it’s necessary to introduce PoB.
PoB (Proof of Burn) is called the burning proof mechanism. (Source: https://en.bitcoin.it/wiki/Proof_of_burn))

https://preview.redd.it/payq2duzpt551.png?width=554&format=png&auto=webp&s=4b8e9181d95d31a8d5b75a7acab27c851a4a3a4d
PoB is a way to vote who has a commitment to the leadership of the network by burning tokens possessed. The greater the number of tokens burned, the higher the probability of gaining network leadership.
PoB is a method of distributed consensus and an alternative method of proof-of-work mechanism. It can also be used to guide a cryptocurrency.

https://preview.redd.it/4lmhs1i1qt551.png?width=554&format=png&auto=webp&s=e8c50b1638d8ec8d8a2dac2e842b50a2979984fb
In the DPoW-based blockchain, the miner's mining reward is no longer a token, but a "wood" that can be burned-burning wood. Through the hash algorithm, miners use their own computing power to get the corresponding non-tradable wood after proving their workload eventually. When the wood has accumulated to a certain amount, it can be burnt in the burning site.
DPoW technical solutions
Voting with computing power is the biggest innovation of the present invention. It uses the proof of work of the PoW algorithm to replace the stakes as votes, yet retains the BFT-DPoS block generation mechanism.
Specific steps are as follow:
  1. POW question acquisition
Obtain the question of proof of work. The proof of work of the present invention is to perform a Hash operation on a PoW problem; the questions is:
target = hash(block_id + account) ^ difficulty 
  1. POW question answering
A mathematical hash operation of a random number (nonce) is performed on the question, and if the hash value obtained is less than a certain value, the question is answered;
Question answering process:
nonce = random ()ret = max() while(ret > target) { if(hash(nonce+account + block_id)< target) { wood = nonce; break; } nonce++; } 
  1. Voting
Voting is to cast the specific answers to the question to the candidate BP. By such, it’s submitted to the blockchain and counted to the blockchain's status database; within an election period, the maximum value of the answer that each voter can calculate is N, and each answer can only be voted to one candidate BP, and the number of votes that can be cast is N.
The information and process that voting requires:
  • Answer to the question
  • Miner account
  • Block id
  • Block
  • Voting objects (candidate BP)
  • Verify that the vote is valid
  • After verification, it will be credited to BP
4. Count the votes
At the end of an election period, votes are counted and sorted top-down according to the number of votes under the name of the candidate BP. The top X candidate BPs are selected and inserted into the BP list, and the block generating order of the selected BP is written to the blockchain status database.
If X is the number of BPs generated by the system, namely a multiple of 3, it will be set in the genesis block and cannot be changed.
  1. Block generation
The DPoW block generation mechanism is the same as BFT-DPoS. The elected BP negotiates a block generation ownership order based on its own network resource status. When each BP node has block generation rights, the block reward is a fixed reward for each effective irreversible block. At the same time, the blocks that have been generated use the BFT signature mechanism. After getting 2/3 BP's signature, the block will become an irreversible block.
DPoW’s advantage in balance
Compared with existing technical solutions, the DPoW consensus protocol has the following feature.
  1. When the stock of burning wood is large, the nodes in the system tend to burn burning wood to vote instead of logging through computing power, which is similar to the DPoS under this situation.
  2. When the stock of burning wood is few, the nodes in this system tend to log to obtain burning wood for voting, which is similar to PoW under this situation, presenting the feature of decentralization. In order to ensure the high-speed operation of the system and attract ticket sources, BP will maintain a stable investment in computer resources to keep the system highly efficient.
Choosing to vote by logging or burning wood depends on the nodes’ own optimal choice, resulting in constant choosing between the two consensus mechanisms of PoW and DPoS. This will make nodes tend to choose PoW when decentralization is needed, and to choose DPoS when efficiency is needed.
For a system, whether it is decentralized does not depend on whether each block needs to be decentralized. The key is whether the system can provide a channel to decentralization and fair competition when needed. As long as the channel is reasonable, the system will be considered decentralized.
By decoupling vote by logging and block generation, they can be done asynchronously to achieve the effects of decentralization and high efficiency.
Learning and updating the preceding practices in blockchain technology, DPoW manages to achieve both decentralization and efficiency, as “having the cake and eating it”.

📷Website
https://www.celesos.com/
📷 Telegram
https://t.me/celeschain
📷 Twitter
https://twitter.com/CelesChain
📷 Reddit
https://www.reddit.com/useCelesOS
📷 Medium
https://medium.com/@celesos
📷 Facebook
https://www.facebook.com/CelesOS1
📷 Youtube
https://www.youtube.com/channel/UC1Xsd8wU957D-R8RQVZPfGA
submitted by CelesOS to u/CelesOS [link] [comments]

Mining and Dogecoin - Some FAQs

Hey shibes,
I see a lot of posts about mining lately and questions about the core wallet and how to mine with it, so here are some facts!
Feel free to add information to that thread or correct me if I did any mistake.

You downloaded the core wallet

Great! After a decade it probably synced and now you are wondering how to get coins? Bad news: You don't get coins by running your wallet, even running it as a full node. Check what a full node is here.
Maybe you thought so, because you saw a very old screenshot of a wallet, like this (Version 1.2). This version had a "Dig" tab where you can enter your mining configuration. The current version doesn't have this anymore, probably because it doesn't make sense anymore.

You downloaded a GPU/CPU miner

Nice! You did it, even your antivirus system probably went postal and you started covering all your webcams... But here is the bad news again: Since people are using ASIC miners, you just can't compete with your CPU hardware anymore. Even with your more advanced GPU you will have a hard time. The hashrate is too high for a desktop PC to compete with them. The blocks should be mined every 1 minute (or so) and that's causing the difficulty to go up - and we are out... So definitly check what is your hashrate while you are mining, you would need about 1.5 MH/s to make 1 Doge in 24 hours!

Mining Doge

Let us start with a quote:
"Dogecoin Core 1.8 introduces AuxPoW from block 371,337. AuxPoW is a technology which enables miners to submit work done while mining other coins, as work on the Dogecoin block chain."
- langerhans
What does this mean? You could waste your hashrate only on the Dogecoin chain, probably find never a block, but when, you only receive about 10.000 Dogecoins, currently worth about $25. Or you could apply your hashrate to LTC and Doge (and probably even more) at the same time. Your change of solving the block (finding the nonce) is your hashrate divided by the hashrat in sum - and this is about the same for Doge and LTC. This means you will always want to submit your work to all chains available!

Mining solo versus pool

So let's face it - mining solo won't get you anywhere, so let's mine on a pool! If you have a really bad Hashrate, please consider that: Often you need about $1 or $2 worth of crypto to receive a payout (without fees). This means, you have to get there. With 100 MH/s on prohashing, it takes about 6 days, running 24/7 to get to that threshold. Now you can do the math... 1 MH/s = 1000 KH/s, if you are below 1 MH/s, you probably won't have fun.

Buying an ASIC

You found an old BTC USB-miner with 24 GH/s (1 GH/s = 1000 MH/s) for $80 bucks - next stop lambo!? Sorry, bad news again, this hashrate is for SHA-256! If you want to mine LTC/Doge you will need a miner using scrypt with quite lower numbers on the hashrate per second, so don't fall for that. Often when you have a big miner (= also loud), you get more Hashrate per $ spent on the miner, but most will still run on a operational loss, because the electricity is too expensive and the miners will be outdated soon again. Leading me to my next point...

Making profit

You won't make money running your miner. Just do the math: What if you would have bougth a miner 1 year ago? Substract costs for electricity and then compare to: What if you just have bought coins. In most cases you would have a greater profit by just buying coins, maybe even with a "stable" coin like Doges.

Cloud Mining

Okay, this was a lot of text and you are still on the hook? Maybe you are desperated enough to invest in some cloud mining contract... But this isn't a good idea either, because most of such contracts are scams based on a ponzi scheme. You often can spot them easy, because they guarantee way to high profits, or they fake payouts that never happened, etc.
Just a thought: If someone in a subway says to you: Give me $1 and lets meet in one year, right here and I give you $54,211,841, you wouldn't trust him and if some mining contract says they will give you 5% a day it is basically the same.
Also rember the merged mining part. Nobody would offer you to mine Doges, they would offer you to buy a hashrate for scrypt that will apply on multiple chains.

Alternative coins

Maybe try to mine a coin where you don't have ASICs yet, like Monero and exchange them to Doge. If somebody already tried this - feel free to add your thoughts!

Folding at Home (Doge)

Some people say folding at home (FAH - https://www.dogecoinfah.com/) still the best. I just installed the tool and it says I would make 69.852 points a day, running on medium power what equates to 8 Doges. It is easy, it was fun, but it isn't much.
Thanks for reading
_nformant
submitted by _nformant to dogecoin [link] [comments]

You can call you a Bitcoiner if you know/can explain these terms...

03/Jan/2009
10 Minutes
10,000 BTC Pizza
2016 Blocks
21 Million
210,000 Blocks
51% Attack
Address
Altcoin
Antonopoulos
Asic
Asic Boost
Base58
Batching
Bech32
Bit
Bitcoin Cash
Bitcoin Improvement Proposal (BIP)
Bitcoin SV
Bitmain
Block
Block height
Block reward
Blockchain
Blockexplorer
Bloom Filter
Brain Wallet
Buidl
Change Address
Child pays for parent (CPFP)
Coinbase (not the exchange)
CoinJoin
Coinmarketcap (CMC)
Colored Coin
Confirmation
Consensus
Custodial Wallet
Craig Wright
David Kleinman
Difficulty
Difficulty adjustment
Difficulty Target
Dogecoin
Dorian Nakamoto
Double spend
Elliptic Curve Digital Signature Algorithm (ECDSA)
Ethereum
Faketoshi
Fork
Full Node
Gavin Andresen
Genesis Block
Getting goxed
Halving
Hard Fork
Hardware Wallet
Hash
Hashing
Hierarchical Deterministic (HD) Wallet
Hodl
Hot Wallet
Initial Coin Offering (ICO)
Initial Exchange Offering (IEO)
Ledger
Light Node
Lightning
Litecoin
Locktime
Mainnet
Malleability
Master Private Key
Master Public Key
Master Seed
mBTC
Mempool
Merkle Tree
Mining
Mining Farm
Mining Pool
Mixing
MtGox
Multisig
Nonce
Not your keys,...
Opcode
Orphan block
P2PKH
P2SH
Paper Wallet
Peers
Pieter Wuille
Premining
Private key
Proof of Stake (PoS)
Proof of Work (PoW)
Pruning
Public key
Pump'n'Dump
Replace by Fee (RBF)
Ripemd160
Roger Ver
sat
Satoshi Nakamoto
Schnorr Signatures
Script
Segregated Witness (Segwit)
Sha256
Shitcoin
Sidechain
Signature
Signing
Simplified Payment Verification (SPV)
Smart Contract
Soft Fork
Stratum
Syncing
Testnet
Transaction
Transaction Fees
TransactionId (Txid)
Trezor
User Activated Soft Fork (UASF)
Utxo
Wallet Import Format (WIF)
Watch-Only Address
Whitepaper
List obviously not complete. Suggestions appreciated.
Refs:
https://bitcoin.org/en/developer-glossary https://en.bitcoin.it/wiki/Main_Page https://www.youtube.com/channel/UCgo7FCCPuylVk4luP3JAgVw https://www.youtube.com/useaantonop
submitted by PolaT1x to Bitcoin [link] [comments]

The elephant in the (Crypto) room: "Mining" and its energy waste

I know this post is a bit of a wall of text but hear me out. I do my best to explain my thoughts on the drawbacks of mining and why cryptos that cut out mining are so important.
"Mining" is a misnomer. To laypeople, using this term to describe the consensus mechanism for Proof of Work cryptocurrencies makes it sound like something productive and worthwhile. Who would criticize someone with the admirable and noble task of working to extract gold from the Earth? A valuable piece of metal is produced thanks to their hard work. But crypto mining is different; while it does have a purpose, it is far from productive.

So what is bitcoin mining? If you're to believe the most basic explanations offered such as from this video (https://www.youtube.com/watch?v=GmOzih6I1zs), miners solve "complex math problems". I can still remember when I heard this for the first time (years ago) and even though I'm pretty mathematically inclined, I had assumed this meant that these complex math problems were actually useful and necessary to 'unlock' those bitcoins somehow, and for a long time I didn't think anything more of it. To my mind, I imagined it like there's a million problems to solve and each time you solve one you get a reward. The math problem might have been, for example, to find the next largest prime. Instead the actual problem is, at its most basic level, nonce finding. See https://en.bitcoin.it/wiki/Nonce. Different coins or forks may use a different problem but the end result is the same - energy is spent solving a pointless problem ('pointless' in the sense that the actual math answer doesn't benefit anyone).

In reality bitcoin mining could be better described as "provably expending energy in exchange for lottery tickets". It's an arms race of everyone competing to waste energy. The more energy wasted, the more likely one is to win the lottery. See here for an example: https://www.youtube.com/watch?v=K8kua5B5K3I&t=2m44s. I find it abhorrent that there are entire businesses (at several scales at that) set up primarily to "mine" bitcoin or other coins. I see videos like this one (Digital Gold: https://www.youtube.com/watch?v=kxbCHlXZ-0U) and think it bizarre that it's considered acceptable for businesses set up to waste energy to protect the network and that people are so sad when the market takes a turn and they have to close up shop. Your business model is to compete with other people to waste energy to earn lottery tickets that have variable value. Those who can lower their operating costs the most will be the most profitable (or with the way difficulty adjustments happen, perhaps the *only* ones profitable). A portion of the money flowing in to buy BitCoin is being used to prop up these wasteful businesses. Because it's considered normal by now people don't get outraged at this fact.

Some people who have been around crypto for years take it for granted that this type of process is necessary for security of the network, and to some extent this misunderstanding is forgivable as it is the oldest method and has worked quite well especially at small scale (not mass adoption) when the total energy expenditure was not all that high. Proof of Stake cryptos have demonstrated this is not the case (that the waste is necessary), and in particular cryptos like Nano with its Delegated Proof of Stake show potential for being just as, if not more, secure than PoW coins due to there being less centralization pressure due to having no significant incentive to trying to control more of the vote versus economies of scale pushing the small miners out of business in PoW. A big part of the reason BitCoin transactions became so expensive in Dec 2017 was that to "buy" a transaction in the BitCoin network you had to pay for a part of the combined energy wastage of the network; the other component being that you're also in a bidding war against other people determined to get their transaction included in the next block. So your transaction fee (aka 'mining fee') is you trying to outbid other people to see who gets to pay for the person wasting electricity. Imagine if each end-user scoffing at the $20+ withdraw fee on coinbase at the time actually understood what was behind that fee rather than thinking of it as a nebulous "network fee".

A quote I saw on cc that exemplifies this mindset is as follows:
"And a chain with no fees has no mechanism to pay for security. There NEED to be fees, they just need to be lower than with fiat payment systems."

So many of the BitCoin clones/forks make some attempt to mitigate this problem by, for example, increasing blocksize or changing other parameters like block times. In the end though, most of them are still based on this method of energy wastage to secure the network, aka Proof of Work.
Now if there were no more efficient method than PoW mining then it might be fair to say that its energy expenditure (comparable to the entire energy use of a small country like Belgium) is a necessary price to pay for the value provided by the unique features of the network. In other words, that the energy cost is 'worth it'. The thing is though, there *are* ways to secure a network with far less (or virtually no) energy cost and Nano provides one such case.

Does anyone else find it insane that people in this space think it's normal the energy waste that goes into so called "mining"? Do we need to re-label mining to something that better reflect its nature? Because the end user is generally not involved with the mining, I think they don't really consider the energy cost that their transactions have. And to most of these people, telling them the entire Nano network can be powered by a single wind turbine probably doesn't mean anything. Does there need to be a grassroots movement to push back against wasteful 'mining'? Laypeople concerned about the environmental impact caused by the energy wastage of cryptos often seem to be under the impression that all crypto is necessarily wasteful. How can we get people to care if at the end of the day they just pay a fee and don't get to see the impact? Nano being feeless is one of its biggest strengths but not just because it saves people using it a little bit of money; it's more the fact it cuts out the massive-scale problem of mining. This is hard to get across in a short slogan like "fast, feeless, scalable" though.
submitted by manageablemanatee to nanocurrency [link] [comments]

Knowledge Drop: Mining and the role it plays with the Ethereum blockchain

The term mining is used to represent the creation, verification, publishing, and propagation of blocks in Ethereum. It’s an analogy to digging precious metals out of the ground, since Ether and Bitcoin before it, are scarce resources with fixed amounts, similar to gold.
However, miners in Ethereum are not digging. They are using computational power to rapidly input a nonce, or a number that can only be used once, into a Proof of Work algorithm called Ethash in order to achieve a result that satisfies a given difficulty.
submitted by blockstasy to CryptoTechnology [link] [comments]

[HALVING MEGATHREAD] Block 420000 has been mined. Mining reward is now 12.5 BTC per block. The second halvening is now complete!

As of now, 420,000 blocks have been mined on the Bitcoin network, and the block reward has successfully halved for the second time. The previous block reward was 25 BTC, and the new block reward is now 12.5 BTC. Since the previous halving at Block 210000, monetary inflation decreased from 12.5% to 8.33%. Block 420000 signals an immediate 50% reduction to 4.17%. The next halving will occur at Block 630000 in approximately four years. Godspeed, Bitcoin!
Here's Block 420000 in all its glory!
{ "hash": "000000000000000002cce816c0ab2c5c269cb081896b7dcb34b8422d6b74ffa1", "confirmations": "1", "height": "420000", "version": "536870912", "merkleroot": "028323a5bcacb0057274ee0a4366e5671278bc736b57176d9bb929c3a69e0ffa", "time": "1468082773", "nonce": "2193437364", "bits": "180526fd", "difficulty": "213398925331.324", "previousblockhash": "000000000000000003035bc31911d3eea46c8a23b36d6d558141d1d09cc960cf", } 
coinbase transaction: 16.66666666 BTC + -3.59096985 BTC in fees (this line was automatically fetched from blockchain.info which was reporting inaccurate info and has since been fixed. insight.bitpay.com appears correct.)
actual coinbase transaction: 13.07569681 BTC + 0.57569681 BTC in fees
block size: 999.838 KB
transactions: 1257
total bitcoins: 15,750,000
remaining bitcoins: ~5,250,000
previous halving: 3 years 7 months 11 days 1 hours 21 minutes 35 seconds ago
[plot.ly chart] [Controlled Supply] [Bitcoin Clock]
[blockchain.info] [insight.io] [tradeblock.com] [blocktrail.com] [blockr.io] [blockexplorer.com]
submitted by BashCo to Bitcoin [link] [comments]

AsicBoost and the strange case of CVE-2017-9230

About CVEs

In the public interest of tracking and remedying cybersecurity vulnerabilities quickly, a public database was created in 2000: the CVE List [1].
CVE stands for Common Vulnerabilities and Exposures. Its database records, known as CVEs, track and record publicly known cybersecurity vulnerabilities. Each recorded vulnerability has a unique ID and lifecycle where it follows certain states.

The AsicBoost controversy

In April 2017, Greg Maxwell published an email [2] on the bitcoin-dev mailing list which described AsicBoost - a patented optimization to the algorithm used in Bitcoin mining - as an attack on the Bitcoin protocol.
There was much contention [3] about whether AsicBoost constituted some kind of harmful exploit, or whether it was merely a technological innovation which enabled more efficient mining hardware (ASICs).
There were allegations, widely reported in media, that the patent served the interest of Bitmain [4]. The purported benefits of exploiting this patent as alleged by Core developers were contemporaneously disputed by other miners [5].

CVE-2017-9230 raised against AsicBoost

On 18 May 2017, Cameron Garnham posted to the bitcoin-dev list [6], urging for getting a CVE assigned to the perceived vulnerability.
On 24 May 2017, this CVE was created as CVE-2017-9230 [7]. It was simultaneously published under Bugtraq ID 'BID 98657' at [8].
The justification in the CVE stated that the AsicBoost method
'violates the security assumptions of (1) the choice of input, outside of the dedicated nonce area, fed into the Proof-of-Work function should not change its difficulty to evaluate and (2) every Proof-of-Work function execution should be independent.'
It seemed a plausible enough reasoning for the CVE to be assigned. It was entered in the list of Bitcoin-related CVE's at [9]. Detailed information on this particular CVE is still missing/incomplete on the wiki page, a year after the CVE was raised.

What happened since the CVE was raised

If you've followed along, you've learned that the CVE was raised to counter the exploitation of the AsicBoost method by miners.
Since then, however, a Core developer, BtcDrak, has been involved in the founding of a mining company, Halong Mining. Several online sources state his (part?) ownership of this company.
BtcDrak has put forward a proposal [10] which would enable the use of AsicBoost within the Bitcoin Core software (the dominant client software on the BTC network).
This proposal appears to directly contradict the CVE claims of how AsicBoost violates "security assumptions" of Bitcoin, and indeed does not address how it mitigates them, nor is CVE-2017-9230 referenced in any of its related documentation.
While the proposal's specification [11] and implementation [12] have not yet been formally accepted, the situation is that Halong has shipped mining equipment which is now actively employing AsicBoost [13,14] on the Bitcoin (BTC) network. There is even a website showing the blocks where AsicBoost was used [15].

Conflict of interest

There a clear conflict of interest in the actions of the Core developer BtcDrak. His actions as a Core developer appear to be furthering his company's interests and competitive advantage in the mining industry by exploiting a vulnerability of which he must have been keenly aware, having participated on the same bitcoin-dev mailing list where it was discussed.
The CVE was vociferously used to paint Bitmain as culpable for delaying Segwit (Bitmain was accused of using AsicBoost and blocking Segwit activation for their own profit motive - claims that Bitmain has publicly denied strongly and which were never substantiated).
One might have expected a similar outcry against Halong's proven and announced use of AsicBoost, but the parties that had previously condemned Bitmain remained mostly silent. Only an anonymous non-developer, Cobra-Bitcoin, co-owner of the bitcoin.org domain, spoke out on the Github pull request in [11], and Core developer Luke-jr spoke out against the use of the proposal on the Bitcoin network while consensus had not been reached on it [16].
Subsequent discussion on the bitcoin-dev list on this topic since March has been minimal and only concerned with technicalities of stratum protocol changes.

The bigger elephant in the room

It seems logical that either AsicBoost constitutes an exploitable weakness, and thus merits a CVE and measures taken to prevent its use on the Bitcoin network entirely.
Or it is not a problem and the CVE should be invalidated.
The Bitcoin Core project should use its consensus processes to arrive at a coherent decision.

Other problems raised by the use of overt AsicBoost

The Halong implementation uses version rolling of the nversion bits of the header. It reserves a subset of those bits for overt AsicBoost.
These bits are no longer available to BIP9, but there was no update of BIP9 proposed to address this impact.
This is a question of sensible procedures being followed (or not). The author did not find any review comment mentioning the lack of BIP9 specification update, which suggest a lack of thorough review on a proposal which dates back several months.
A minor issue is that the Core implementation warns when a certain proportion of unrecognized version bits are detected. This behavior can be triggered by the AsicBoost method used on the network.
[1] https://cve.mitre.org/about/history.html
[2] https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-April/013996.html
[3] https://news.bitcoin.com/developers-clash-exploit-secret-core-organization/
[4] https://archive.is/q2Q4t
[5] https://medium.com/@vcorem/the-real-savings-from-asicboost-to-bitmaintech-ff265c2d305b
[6] https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-May/014349.html
[7] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9230
[8] https://www.securityfocus.com/bid/98657
[9] https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures
[10] https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2018-March/015801.html
[11] https://github.com/bitcoin/bips/pull/661
[12] https://github.com/bitcoin/bitcoin/pull/12633
[13] https://bitcoinmagazine.com/articles/halong-mining-first-bitcoin-mining-hardware-producer-implement-overt-asicboost/
[14] https://bitcoinmagazine.com/articles/slush-pool-now-compatible-asicboost-miners/
[15] https://asicboost.dance
[16] https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2018-March/015802.html
EDITS:
  1. make dates unambiguous, make it clear that [5] disputes the benefits alleged by Core developers
submitted by btcfork to btc [link] [comments]

Bitcoin and Minning

Bitcoin[a] () is a cryptocurrency. It is a decentralized digital currency without a central bank or single administrator that can be sent from user to user on the peer-to-peer bitcoin network without the need for intermediaries.[8]
Transactions are verified by network nodes) through cryptography and recorded in a public distributed ledger called a blockchain. Bitcoin was invented by an unknown person or group of people using the name Satoshi Nakamoto[15] and was released as open-source software in 2009.[16] Bitcoins are created as a reward for a process known as mining. They can be exchanged for other currencies, products, and services.[17] Research produced by University of Cambridge estimates that in 2017, there were 2.9 to 5.8 million unique users using a cryptocurrency wallet, most of them using bitcoin.[18]
Bitcoin has been criticized for its use in illegal transactions, its high electricity consumption, price volatility, thefts from exchanges, and by reputable economists stating that "it should have a zero price".[19] Bitcoin has also been used as an investment, although several regulatory agencies have issued investor alerts about bitcoin.[20][21]
Mining is a record-keeping service done through the use of computer processing power.[f] Miners keep the blockchain consistent, complete, and unalterable by repeatedly grouping newly broadcast transactions into a block, which is then broadcast to the network and verified by recipient nodes.[80] Each block contains a SHA-256 cryptographic hash of the previous block,[80] thus linking it to the previous block and giving the blockchain its name.[7]:ch. 7[80]
To be accepted by the rest of the network, a new block must contain a proof-of-work (PoW).[80] The system used is based on Adam Back's 1997 anti-spam scheme, Hashcash.[91][failed verification][4] The PoW requires miners to find a number called a nonce, such that when the block content is hashed along with the nonce, the result is numerically smaller than the network's difficulty target.[7]:ch. 8 This proof is easy for any node in the network to verify, but extremely time-consuming to generate, as for a secure cryptographic hash, miners must try many different nonce values (usually the sequence of tested values is the ascending natural numbers: 0, 1, 2, 3, ...[7]:ch. 8) before meeting the difficulty target.
Every 2,016 blocks (approximately 14 days at roughly 10 min per block), the difficulty target is adjusted based on the network's recent performance, with the aim of keeping the average time between new blocks at ten minutes. In this way the system automatically adapts to the total amount of mining power on the network.[7]:ch. 8Between 1 March 2014 and 1 March 2015, the average number of nonces miners had to try before creating a new block increased from 16.4 quintillion to 200.5 quintillion.[92]
The proof-of-work system, alongside the chaining of blocks, makes modifications of the blockchain extremely hard, as an attacker must modify all subsequent blocks in order for the modifications of one block to be accepted.[93] As new blocks are mined all the time, the difficulty of modifying a block increases as time passes and the number of subsequent blocks (also called confirmations of the given block) increases.[80]
submitted by TheResearcher012 to GreatLifePostsGoTeam [link] [comments]

Surae's (me) end-of-November (2017!) update.

You can check it out on the forums here. Here's a copypasta:
Surae's End of November (2017!) Update
Hello, everyone! Sarang posted his update a few days ago to give the community time to review his work before the end of the month. I was hoping to finish multisig off before the end of this month... so I held off on writing this update until then... but it looks like I'm somewhere between 2 days and a week behind on that estimate.
MRL Announcements
Meetings. We are holding weekly meetings on Mondays at 17:00 UTC. Logs are to be posted on my github soon(tm). Usually we alternate between "office hours" and "research meetings." At office hours, we want members of the community to come in and be able to ask questions, so we are considering opening up a relay to the freenode channel during office hours times, unless things get out of hand.
POW-Difficulty Replacement Contest. Some time in December, I am going to formalize an FFS "idea" to open up a multiple-round contest for possible replacements for our proof of work game. The first round would have a 3- or 6-month deadline. Personally, I would love it if this FFS could have an unbounded reward amount. If the community is extremely generous, we could easily whip up a large enough reward to spur lots and lots of interest across the world.
The Bitcoin POW game uses SHA256 to find nonces that produce hashes with sufficiently small digests according to the Bitcoin difficulty metric. Our current POW game uses CryptoNight to find nonces that produce hashes with sufficiently small digests according to the CryptoNote difficulty metric. The winner need not be proof of work. My current thoughts are roughly this:
All submissions will be public. Submissions that minimize incentives for centralized mining (or maximize disincentives) will be preferred over submissions that do not. Submissions that are elegant will be preferred over submissions that are not. Submissions that have provable claims about desirable properties will be preferred over submissions that do not (e.g. for either the Bitcoin or the Monero POW games, the necessary and sufficient network conditions for these games to produce blocks in a Poisson process have not been identified, to my understanding). Submissions that have a smaller environmental impact will be preferred over submissions that have a larger impact. And so on. I would like as many ideas as possible about a judging rubric for the first round. Especially if a large amount of money will be put up as a prize.
The details of the next round would be announced along with the winners of the first round. The reward funds should be released when a set of judges agree on a winner. MRL and Monero Core should each have representation on the panel of judges, and there ought to be at least one independent judge not directly associated with the Monero Project, like Peter Todd, Tim Ruffing, or someone along those lines. But, again, this is just an idea. If the community doesn't like it, we can drop it.
Here is a rundown for November
Multisig. Almost done. I know, I know, it's been forever. We, as a community, have recently come to see how important it is to carefully and formally ensure the correctness of our schemes before proceeding. Multisig is a delicate thing because a naively implemented multisig can reveal information about the participants.
I'm finishing vetting key creation today, finishing signatures tomorrow and the next day. Then I'm passing the result off to moneromooo and luigi to ensure that my description of their code is accurate up to their understanding. Then onto Sarang for final reviews before submission, hopefully by the end of the month. I have my life until Sunday evening blocked off to finish this. A copy of the document will be made available to the community ASAP (an older version is on my github), after more checking and writing is completed.
This whitepaper on multisig will be broken into two papers: one will be intended for peer review describing multi-ring signatures, and one will be a Monero Standard. More about that later...
RTRS RingCT column-linkability and amortization. You may say "what? I thought we were putting RTRS RingCT on the back burner?" Well, I'm still think ing about amortization of signatures. I'm thinking it will be possible (although perhaps not feasible) for miners to include amortized signatures upon finding new blocks. This would allow users to cite an amortized signature for fast verification, but has some possible drawbacks. But more exciting, I'm also chatting with Tim Ruffing, one of the authors on the RTRS RingCT papers: he thinks he has a solution to our "linkability by columns" problem with MLSAG and RingCT. Currently we try to avoid using more than one ring signature per recipient. This avoids linking distinct outputs based on bundling of these ring signatures. Ruffing believes RTRS RingCT can be tweaked to prove several commitments in a vector of commitments; this would allow a single RTRS RingCT to be computed and checked for each output being spent.
Once all the details are checked, I'll write up a document and make a copy of it available to the community. If it works, of course.
Consequences of bulletproofs. In my last end-of-month update I hinted at issues with an exponential space-time trade-off in RTRS RingCT. Due to the speed and space savings with bulletproofs, it may now be feasible to implement RTRS RingCT. With improved verification time savings with bulletproofs we can relax our requirements for verification times for signatures. This will allow the slightly longer verification times of RTRS RingCT to be counter-acted. Solving the problem "what ring sizes can we really get away with?" involves some modeling and solving some linear programming problems (linear programming, or linear optimization, is an anachronistically named area of applied mathematics involved with optimizing logistic problems... see here for more information).
Hence, we will be inserting bulletproofs into Monero with low friction, and then we will look into the logistics of moving to RTRS RingCT.
Monero Standards. Right now, we don't have a comprehensive list of how Monero works, all the various primitives and how they all fit together. Sarang and I have begun working on some Monero Standards that are similar to the original Cryptonote Standards (see here for more information). For each standard, from our hash function on upward, we will describe the standard, provide a justification for Monero's choices in those standards (complete with references), as well as a list of possible replacement standards. For example, our Monero RingCT Standard should describe the RingCT scheme described by shen, which is essentially a ring signature with linear combinations of signing keys + amount commitments. Under the "possible replacements" section, we would describe both the RTRS RingCT scheme and the doubly efficient zk-snark technology as two separate options.
These standards may take awhile to complete, and will be living documents as we change the protocol over the years. In the meantime, it will make it dramatically easier for future researchers to step into MRL and pick up where previous researchers have left off.
Hierarchical view keys. Exploiting the algebra we currently use for computing one-time keys, the sub-address scheme plays with view keys in a certain way, allowing a user to have one single view key for many wallets. Similarly, we may split a view key into several shares, where each subset of shares can be used to grant partial view access to the wallet. A receiver can request that a sender use a particular basepoint in their transaction key where different subsets of shares of the view key grant access to transactions with different basepoints in their transaction keys. None of these are protocol-level observations, they are wallet-level observations. Moreover, these require only that a receiver optionally specify a basepoint.
In other words: hierarchical view keys are a latent feature of our one-time address scheme that has not seen specific development yet. It's a rather low priority compared to the other projects under development; it grants users fine-grained control over their legal compliance, but Monero Standards will have great long-term impact on development and research at Monero.
Criticisms. Monero has suffered some recent criticisms about our hash function. I want to briefly address them.
First, I believe part of the criticism came from a confusion between Keccak3, SHA-3, and Keccak: we have never claimed to use SHA-3 as our hash function, we have only used the Keccak3 hash function, which is a legacy choice inherited from the original CryptoNote reference code. Many developers confuse the two, but Keccak3 was the hash function on which SHA-3 is based. In particular, the Keccak sponge construction can be used to fashion lots and lots of primitives, all of which could fairly be called "Keccak:" both Keccak3 and SHA-3 are Keccak constructions. This may be a subtle nomenclature issue, but it's important because a good portion of our criticisms say "Hey, they aren't using SHA-3!"
Second, I believe part of the criticism also comes from our choice of library, which in my opinion isn't a big deal as long as the library does what it says on the tin. In this case, our hash function is a valid implementation of Keccak3 according to the Keccak3 documentation. The most important criticism, from my point of view, is our choice of pre-SHA-3 Keccak3 as our hash function. Keccak3 underwent lots of analysis during the SHA contest, and Keccak3 is a well-vetted hash funtion. However, it has not been chosen as an international standard. There is a sentiment in the cryptocurrency community to distrust standards, which is probably a healthy sentiment. In this case, however, it means that our choice of hash function is not likely to be supported in common, well-vetted libraries in the future. Moreover, since SHA-3 is an international standard, it shall be undergoing heavy stress testing over the coming decades, a benefit Keccak3 shall not enjoy.
Last month, after some discussions, we made changes to our choice of PRNG in Monero to match the PRNG for Bitcoin. There has since been some discussions instantiated by anonimal about this choice of PRNG. We at MRL are doing our best to assist the core team in weighing the relative costs and benefits of switching to a library like crypto++, and so we believe these criticisms fall into the same category. We intend to address these issues and make formal recommendations in the aforementioned Monero Standards. Sorry for using the word aforementioned.
Things that didn't move much include a) educational outreach, b) SPECTRE, c) anti-ASIC roadmap, d) refund transactions. Most of which was on hold to complete multisig.
As far as educational outreach, I contacted a few members of a few math/cs depts at universities around me, but I haven't gotten anything hopeful yet. I wanted to go local (with respect to me) to make it easier to organize, but that's looking less likely. No matter how enthusiastic of a department we find, garnering participation from faculty members, beginning an application process for new students, squirelling up funding, working out logistics of getting teachers or lecturers/speakers from point A to point B, where to stash students, etc would be a challenge to finish before, say, July. And some schools start their fall semesters in mid-August. So I'm thinking that Summer 2019 is reasonable as the first Monero Summer School... and would be a real fun way to finish off a two-year post-doc!
December plan. I am going to finish multisig, and then finish the zk-lit review with Jeffrey Quesnelle, since these are both slam dunks. Any other time in December I have will be devoted to a) looking into the logistics of using the bulletproofs + RTRS RingCT set-up, b) reading the new zk-stark paper and assessing its importance for Monero, c) beginning work on Monero Standards, which includes addressing our hash function criticisms, our PRNG, etc.
Thank you again! This is an incredible opportunity, and this community is filled with some smart cookies. Every day is a challenge, and I couldn't ask for a more fun thing to be doing with my life right now. I'm hoping that my work ends up making Monero better for you.
submitted by snoether to Monero [link] [comments]

EasyMine: WTF Happened?

UPDATE: VTC mining on Easymine back to normal, payouts have resumed. Zero fees for the rest of the month.
Here's a more detailed response to https://old.reddit.com/vertcoin/comments/96z77t/psa_easy_mine_problem/ - bear with me and put on your nerd hat for a few mins.
The stratum server for all EasyMine pools is node-merged-pool - a merge mining fork of node-stratum-pool. See my repo here @ https://github.com/nzsquirrell/node-merged-pool
This is what miners connect to for work and to submit valid shares on the search for blocks. The information that is exchanged in hex digits, and the data coming back from the miner includes the time, the job, ExtraNonce2 and nonce (see https://en.bitcoin.it/wiki/Stratum_mining_protocol#mining.submit). All of these fields are used to notify the server of valid work exceeding a specific difficulty.
Hex digits are not case-sensitive. So 'FF00AA11' is the same as 'ff00aa11'. Both equate to decimal 4278233617. So for the purposes of construction a block header, it doesn't matter if the hex digits are uppercase, lowercase, or a mixture of both - it all works out the same, and produces the same hash. Hold this thought.
The stratum server knows what shares each miner has submitted, it keeps a track of all of the data in an array. It checks every time that work is submitted that the same work hasn't been submitted before whilst searching for the next block. If it was submitted, then the new submission is rejected as duplicate work.
Now, where this has all gone wrong is that the way the data is stored in this array was a string containing the four fields mentioned above. Strings are case-sensitive and when making comparisons 'FF00AA11' != 'ff00aa11', as well as 'ff00aA11' and 'ff00AA11' and so on.... This allowed our attacker to submit the same work many many times, altering only the case of the hex digits (he was doing it to the nonce, but the other fields are also susceptible to the attack), so the logic to check for duplicate work wasn't firing, the shares were valid (as they produced a valid hash above difficulty), and our attacker was faking most of his hash-rate. A lot. A shit-ton of it.
I have fixed this in my fork of node-stratum-pool - the fix is very easy, we just make all the characters lower case before testing for duplicate shares. See https://github.com/nzsquirrell/node-merged-pool/commit/9d068535d042516835f565a859852c7cf715da98 for my fix.
My big concern is that the other forks I've seen for node-stratum-pool are susceptible to the attack, and quite possibly other pool software is too possibly even p2pool? I've not looked. If someone can check and let me know and I'll update this. p2pool has been confirmed as resilient to this type of attack.
So, Who-The-F&*k did this. This is what I have so far:
He's used the following VTC and NIX addresses:
I've seen connections coming in from the following IP addresses:
He is still attacking EasyMine, but it's not having any effect now. Actually the server keeps banning him now as it's detecting that he's submitting too many invalid shares. Take that.
The path forward
I have a big mess to clean up, he's made off with about 652 VTC and about 3576 NIX, essentially stolen from you miners. I will see what I can do to recover some of this (not all of it has been paid to him yet), but there is going to be a substantial shortfall. Mr Attacker, feel free to PM me and we can arrange a settlement :)
Payouts on both the VTC & NIX pools are suspended until i can clean this up, I hope this won't take more than a couple of days.
Thanks.
submitted by nzsquirrell to vertcoin [link] [comments]

Question about how mining works

I'm trying to understand how bitcoin mining works and some things don't make sense.
According to my understanding of mining, a bunch of data is hashed and if the resulting hash has more leading zeros than the target difficulty value then you have a valid hash and your block is confirmed.
The data that's passed into this hash function is
  1. A Merkel tree of the transactions you want to confirm
  2. Current version of bitcoin
  3. Hash of the previous block
  4. Current time
  5. Target difficulty
  6. Nonce (just a counter of how many times you've tried to guess a hash that matches the difficulty)
Reference: https://en.bitcoin.it/wiki/Block_hashing_algorithm
  1. My first question has to do with the Nonce value. This is a 32 bit number so the worst-case number of guesses (hashes) you need make is 2,147,483,647. Can the Nonce value be negative? If it can't, is the value signed or unsigned?
  2. Secondly, if I only need to make around 2,147,483,647 hashes, then wouldn't a mining pool be able to guess an acceptable answer very quickly?
  3. According to the wiki page I referenced, the time value that is passed into the hash function updates every few seconds which, in turn, changes the hash. Does this mean that after a few seconds I have to start my hash all over again? It's like I was counting from 0-100 but after 5 seconds I started over at 0 again.
  4. If the time in the hash value changes every few seconds, why wouldn't I just create a mining network running an altered version of the software that doesn't change the time to make it easier on myself?


submitted by themattman18 to Bitcoin [link] [comments]

So you’ve got your miner working, busy hashing away … but what is it really doing?

Posted for eternity @ https://vertcoin.easymine.online/articles/mining
Your miner is repeatedly hashing (see below for detail about a hash) a block of data, looking for a resulting output that is lower than a predetermined target. Each time this calculation is performed, one of the fields in the input data is changed, and this results in a different output. The output is not able to be determined until the work is completed – otherwise why would we bother doing the work in the first place?
Each hash takes a block header (see more below, but basically this is a 80-byte block of data). It runs this through the hashing function, and what comes out is a 32-byte output. For each, we usually represent that output in hexadecimal format, so it looks something like:
5da4bcb997a90bec188542365365d8b913af3f1eb7deaf55038cfcd04f0b11a0 
(that’s 64 hexadecimal characters – each character represents 4-bits. 64 x 4 bits = 256bit = 32 bytes)
The maximum value for our hash is:
FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF 
And the lowest is:
0000000000000000000000000000000000000000000000000000000000000000 
The goal in Proof-of-Work systems is to look for a hash that is lower than a specific target, i.e. starts with a specific number of leading zeros. This target is what determines the difficulty.
As the output of the hash is indeterminate, we look to statistics and probability to estimate how much work (i.e. attempts at hashing) we need to complete to find a hash that is lower than a specific target. So, we can therefore assume that to find a hash that starts with a leading zero will take, on average, 16 hashes. To find one that will start with two leading zeros (00), we’re looking at 256 hashes. Four leading zeros (0000) will take 65,536 hashes. Eight leading zeros (00000000) takes 4,294,967,296 hashes. So on and so on, until we realize that it will take 2 ^ 256 (a number too big for me to show here) attempts at hitting our minimum hash value.
Remember – this number of hashes is just an estimate. Think of it like rolling a dice. A 16-sided dice. And then rolling it 64 times in a row. And hoping to strike a specific number of leading zeros. Sometimes it will take far less than the estimate, sometimes it will take far more. Over a long enough time period though (with our dice it may take many billions of years), the averages hold true.
Difficulty is a measure used in cryptocurrencies to simply show how much work is needed to find a specific block. A block of difficulty 1 must have a hash smaller than:
00000000FFFF0000000000000000000000000000000000000000000000000000 
A block of difficulty 1/256 (0.00390625) must have a hash lower than:
000000FFFF000000000000000000000000000000000000000000000000000000 
And a block of difficulty 256 must have a hash lower than:
0000000000FFFF00000000000000000000000000000000000000000000000000 
So the higher the difficulty, the lower the hash must be; therefore more work must be completed to find the block.
Take a recent Vertcoin block – block # 852545, difficulty 41878.60056944499. This required a hash lower than:
000000000001909c000000000000000000000000000000000000000000000000 
The achieve finding this, a single miner would need to have completed, on average 179,867,219,848,013 hashes (calculated by taking the number of hashes needed for a difficulty 1 block - 4,294,967,296 or 2 ^ 32 or 16 ^ 8 – and multiplied by the difficulty). Of course, our single miner may have found this sooner – or later – than predicted.
Cryptocurrencies alter the required difficulty on a regular basis (some like Vertcoin do it after every block, others like Bitcoin or Litecoin do it every 2016 blocks), to ensure the correct number of blocks are found per day. As the hash rate of miners increases, so does the difficulty to ensure this average time between blocks remains the same. Likewise, as hash rate decreases, the difficulty decreases.
With difficulties as high as the above example, solo-mining (mining by yourself, not in a pool) becomes a very difficult task. Assume our miner can produce 100 MH/s. Plugging in this into the numbers above, we can see it’s going to take him (on average) 1,798,673 seconds of hashing to find a hash lower than the target – that’s just short of 21 days. But, if his luck is down, it could easily take twice that long. Or, if he’s lucky, half that time.
So, assuming he hit’s the average, for his 21 days mining he has earned 25 VTC.
Lets take another look at the same miner, but this time he’s going to join a pool, where he is working with a stack of other miners looking for that elusive hash. Assume the pool he has joined does 50 GH/s – in that case he has 0.1 / 50 or 0.2% of the pool’s hash rate. So for any blocks the pool finds he should earn 0.2% of 25 VTC = 0.05 VTC. At 50 GH/s, the pool should expect to spend 3,597 seconds between finding blocks (2 ^ 32 * difficulty / hashrate). So about every hour, our miner can expect to earn 0.05 VTC. This works out to be about 1.2 VTC per day, and when we extrapolate over the estimated 21 days of solo mining above, we’re back to 25 VTC.
The beauty of pooled-mining over solo-mining is that the time between blocks, whilst they can vary, should be closer to the predicted / estimated times over a shorter time period. The same applies when comparing pools – pools with a smaller hash rate will experience a greater variance in time between blocks than a pool with a greater hash rate. But in the end, looking back over a longer period of time, earnings will be the same.
Hashes
A Hash is a cryptographic function that can take an arbitrary sized block of data and maps it to a fixed sized output. It is a one-way function – only knowing the input data can one calculate the output; the reverse action is impossible. Also, small changes to the input data usually result in significant changes to the output value.
For example, take the following string:
“the quick brown fox jumps over the lazy dog” 
If we perform a SHA256 hash of this, it results in:
05c6e08f1d9fdafa03147fcb8f82f124c76d2f70e3d989dc8aadb5e7d7450bec 
If we change a single character in the input string (in this case we will replace the ‘o’ in ‘over’ to a zero), the resulting hash becomes:
de492f861d6bb8438f65b2beb2e98ae96a8519f19c24042b171d02ff4dfecc82 
Blocks
A block is made up of a header, and at least one transaction. The first transaction in the block is called the Coinbase transaction – it is the transactions that creates new coins, and it specifies the addresses that those coins go to. The Coinbase transaction is always the first transaction in a block, and there can only be one. All other transactions included in a block are transactions that send coins from one wallet address to another.
The block header is an 80-byte block of data that is made up of the following information in this order:
  • Version – a 32-bit/4-byte integer
  • Previous Block’s SHA256d Hash – 32 bytes
  • Merkle Hash of the Transactions – 32 bytes
  • Timestamp - a 32-bit/4-byte integer the represents the time of the block in seconds past 1st January 1970 00:00 UTC
  • nBits - a 32-bit/4-byte integer that represents the maximum value of the hash of the block
  • Nonce - a 32-bit/4-byte integer
The Version of a block remains relatively static through a coin’s lifetime – most blocks will have the same version. Typically only used to introduce new features or enforce new rules – for instance Segwit adoption is enforced by encoding information into the Version field.
The Previous Blocks’ Hash is simple a doubled SHA256 hash of the last valid blocks header.
The Merkle Hash is a hash generated by chaining all of the transactions together in a hash tree – thus ensuring that once a transaction is included in a block, it cannot be changed. It becomes a permanent record in the blockchain.
Timestamp loosely represents the time the block was generated – it does not have to be exact, anywhere within an hour each way of the real time will be accepted.
nBits – this is the maximum hash that this block must have in order to be considered valid. Bitcoin encodes the maximum hash into a 4-byte value as this is more efficient and provides sufficient accuracy.
Nonce – a simple 4-byte integer value that is incremented by a miner in order to find a resulting hash that is lower than that specified by nBits.
submitted by nzsquirrell to VertcoinMining [link] [comments]

TERA CRYPTO CURRENCY PROJECT

TERA is an open source and collaborative project. It means everyone can view and eventually modify its source code for hehis own needs. And it also means anyone is welcome to integrate its working community. The Tera community works to develop, deploy and maintain Tera nodes and decentralized applications that are part of the TERA Network.
The TERA technology serves the cryptocurrency concepts, trying to design a modern coins and contracts blockchain application : fast block generation, high transaction throughput and user-friendly application. It was officialy launched on 30th of June 2018 on the bitcointalk forum.
[Yuriy Ivanov](mailto:[email protected]) is the founder and core developer of the project. The Tera community is more familiar with the alias « vtools ».

USER FRIENDLY APPLICATION

In the aim to make this crypto currency project more friendly to end-users, some interesting innovations have been implemented in regards to the first generation of crpyto currency applications. The bitcoin and its thousands of child or fork, required a good level of IT skills in order to manage all the application chain from its own : from miners and its hardware, through stratum servers, proxies, to blockchain nodes. The Tera project intend to go one step further regarding crypto currency features integration into a single application : once installed, an efficient web application is available on localhost on port 8080. Then, any web browser supporting javascript may be able to access this application and to operate fully the Tera node.

MINING A CRYPTO CURRENCY

MINING CONCEPT

The mining activity consist in calling a mathematical procedure we can’t predict the result before we run it. But we intend to obtain a very specific result, which usually consist in a certain number of 0 as the first chars before any random answer. If we found the nonce (a random object) combined with the transaction data and the coin algorithm that produce such result, we’ll have solve a transaction block and we’ll get a reward for that. Thanks to this work, the transaction listed in the block will be added to the blockchain and anyone will be able to check our work. That’s the concept of ‘proof of work’ allowing anyone to replay the mathematical procedure with the nonce discovered by the node that solved the block and to confirm block inclusion into the blockchain.

POLITICAL AND ETHICAL CONSIDERATIONS

The Tera project is young. It will have to face the same problems is facing today the Bitcoin platform :
Any Crypto Currency Project with the goal its money and contracts to be used as any other historical money or service contract has to consider its political and ethical usage. Processes have to be imagined, designed and implemented in order to be able to fight against extortion, corruption and illegal activities threating crypto-currency development.

FAST BLOCK GENERATION AND HIGH THROUGHPUT

CLASSIC CRYPTO CURRENCY FEATURES

wallet, accounts, payments, mining, node settings and utilities, blockchain explorer and utilities…

DECENTRALIZED APP CATALOGUE

d-app : forum, stock exchange, payment plugins for third party platform, …

TECHNOLOGY DEPENDENCIES

Tera is entirely written in Java) over the NodeJS library as functional layer in order to take advantages of a robust and high level library designed to allow large and effective network node management.
The miner part is imported from an external repository and is written in C in order to get the best performances for this module.
Tera is actually officially supported on Linux and Windows.
If you start mining Tera thanks to this article, you can add my account 188131 as advisor to yours. On simple demand I’ll refund you half of the extra coins generated for advisors when you’ll solve blocks (@freddy#8516 on discord).

MINING TERA

Mining Tera has one major design constraint : you need one public IP per Tera node or miner. Yet, you can easily mine it on a computer desktop at home. The mining algorithm has been designed in order to be GPU resistant. In order to mine Tera coin you’ll need a multi-core processor (2 minimum) and some RAM, between 1 and 4GB per process that will mine. The mining reward level depends of the « power » used to solve a block (Top Tera Miners).

COST AND USAGE CONSIDERATIONS

There is two main cost centers in order to mine a crypto currency :
  1. the cost of the hardware and the energy required to make a huge amount of mathematical operations connected to the blockchain network through the Internet,
  2. the human cost in order to deploy, maintain and keep running miners and blockchain nodes.
As the speculation actually drives the value of crypto currencies, it is not possible to answer if the mining activity is profitable or not. Moreover, hardware, energy and human costs are not the same around the globe. To appreciate if mining a crypto currency is profitable we should take all indirect costs : nature cost (for hardware and energy production), human cost (coins and contracts usage, social rights of blockchain workers).

Original: https://freddy.linuxtribe.frecherche-et-developpement/blockchain-cryptocurrency-mining/tera-crypto-currency-project/
Author: Freddy Frouin, [email protected].
submitted by Terafoundation to u/Terafoundation [link] [comments]

Блокче́йн

Блокче́йн

https://preview.redd.it/qsh04fwlunl21.jpg?width=300&format=pjpg&auto=webp&s=372351c3d7de4f40647fe6e068446435a5c04baa
Блокче́йн (англ. blockchain, изначально block chain) — выстроенная по определённым правилам непрерывная последовательная цепочка блоков (связный список), содержащих информацию. Чаще всего копии цепочек блоков хранятся на множестве разных компьютеров независимо друг от друга.
Впервые термин появился как название полностью реплицированной) распределённой базы данных, реализованной в системе «Биткойн», из-за чего блокчейн часто относят к транзакциям) в различных криптовалютах, однако технология цепочек блоков может быть распространена на любые взаимосвязанные информационные блоки. Биткойн стал первым применением технологии блокчейн в октябре 2008 года.
Блок транзакций
Блок транзакций — специальная структура для записи группы транзакций в системе Биткойн и аналогичных ей. Транзакция считается завершённой и достоверной («подтверждённой»), когда проверены её формат и подписи, и когда сама транзакция объединена в группу с несколькими другими и записана в специальную структуру — блок. Содержимое блоков может быть проверено, так как каждый блок содержит информацию о предыдущем блоке. Все блоки выстроены в одну цепочку, которая содержит информацию обо всех совершённых когда-либо операциях в базе. Самый первый блок в цепочке — первичный блок (англ. genesis block) — рассматривается как отдельный случай, так как у него отсутствует родительский блок.
Блок состоит из заголовка и списка транзакций. Заголовок блока включает в себя свой хеш, хеш предыдущего блока, хеши транзакций и дополнительную служебную информацию. В системе Биткойн первой транзакцией в блоке всегда указывается получение комиссии, которая станет наградой майнеру за созданный блок. Далее идёт список транзакций, сформированный из очереди транзакций, ещё не записанных в предыдущие блоки. Критерий отбора из очереди задаёт майнер самостоятельно. Это не обязательно должна быть хронология по времени. Например, могут включаться только операции с высокой комиссией или с участием заданного списка адресов. Для транзакций в блоке используется древовидное хеширование, аналогичное формированию хеш-суммы для файла в протоколе BitTorrent). Транзакции, кроме начисления комиссии за создание блока, содержат внутри параметра input ссылку на транзакцию с предыдущим состоянием данных (в системе Биткойн, например, даётся ссылка на ту транзакцию, по которой были получены расходуемые биткойны). Операции по передаче майнеру комиссии за создание блока не имеют «входных» транзакций, поэтому в данном параметре может указываться любая информация (для них это поле носит название англ. Coinbase parameter).
Созданный блок будет принят остальными пользователями, если числовое значение хеша заголовка равно или меньше определённого целевого числа, величина которого периодически корректируется. Так как результат хеширования функции SHA-256 считается необратимым, на данный момент нет алгоритма получения желаемого результата, кроме случайного перебора. Если хеш не удовлетворяет условию, то в заголовке изменяется параметр nonce и хеш пересчитывается. Обычно требуется большое количество пересчётов. Когда вариант найден, узел рассылает полученный блок другим подключенным узлам, которые проверяют блок. Если ошибок нет, то блок считается добавленным в цепочку и следующий блок должен включить в себя его хеш.
Величина целевого числа, с которым сравнивается хеш, в системе Биткойн корректируется через каждые 2016 блоков. Запланировано, что вся сеть системы Биткойн должна тратить на генерацию одного блока примерно 10 минут, на 2016 блоков — около двух недель. Если 2016 блоков сформированы быстрее, то цель немного уменьшается и достичь её становится труднее, в противном случае цель увеличивается. Изменение сложности вычислений не влияет на надёжность сети Биткойн и требуется лишь для того, чтобы система генерировала блоки почти с постоянной скоростью, не зависящей от вычислительной мощности участников сети.

Цепочка блоков

📷Основная последовательность блоков (чёрные) является самой длинной от начального (зелёный) до текущего. Побочные ветви (фиолетовые) отсекаются.
Блоки одновременно формируются множеством «майнеров». Удовлетворяющие критериям блоки отправляются в сеть, включаясь во все репликации) распределённой базы блоков. Регулярно возникают ситуации, когда несколько новых блоков в разных частях распределённой сети называют предыдущим один и тот же блок, то есть цепочка блоков может ветвиться. Специально или случайно можно ограничить ретрансляцию информации о новых блоках (например, одна из цепочек может развиваться в рамках локальной сети). В этом случае возможно параллельное наращивание различных ветвей. В каждом из новых блоков могут встречаться как одинаковые транзакции, так и разные, вошедшие только в один из них. Когда ретрансляция блоков возобновляется, майнеры начинают считать главной цепочку с учётом уровня сложности хеша и длины цепочки. При равенстве сложности и длины предпочтение отдаётся той цепочке, конечный блок которой появился раньше. Транзакции, вошедшие только в отвергнутую ветку (в том числе по выплате вознаграждения), теряют статус подтверждённых. Если это транзакция по передаче биткойнов, то она будет поставлена в очередь и затем включена в очередной блок. Транзакции получения вознаграждения за создание отсечённых блоков не дублируются в другой ветке, то есть «лишние» биткойны, выплаченные за формирование отсечённых блоков, не получают дальнейших подтверждений и «утрачиваются».
Таким образом, цепочка блоков содержит историю владения, с которой можно ознакомиться, например, на специализированных сайтах.
Блокчейн формируется как непрерывно растущая цепочка блоков с записями обо всех транзакциях. Копии базы или её части одновременно хранятся на множестве компьютеров и синхронизируются согласно формальным правилам построения цепочки блоков. Информация в блоках не шифрована и доступна в открытом виде, но отсутствие изменений удостоверяется криптографически через хеш-цепочки (элемент цифровой подписи).
База публично хранит в незашифрованном виде информацию о всех транзакциях), подписываемых с помощью асимметричного шифрования. Для предотвращения многократной траты одной и той же суммы используются метки времени, реализованные путём разбиения БД на цепочку специальных блоков, каждый из которых, в числе прочего, содержит в себе хеш предыдущего блока и свой порядковый номер. Каждый новый блок осуществляет подтверждение транзакций, информацию о которых содержит и дополнительное подтверждение транзакций во всех предыдущих блоках цепочки. Изменять информацию в блоке, который уже находится в цепи, не практично, так как в таком случае пришлось бы редактировать информацию во всех последующих блоках. Благодаря этому успешная double-spending атака (повторная трата ранее израсходованных средств) на практике крайне маловероятна.
Чаще всего умышленное изменение информации в любой из копий базы или даже в достаточно большом количестве копий не будет признано истинным, так как не будет соответствовать правилам. Некоторые изменения могут быть приняты, если будут внесены во все копии базы (например, удаление нескольких последних блоков из-за ошибки в их формировании).
Для более наглядного объяснения механизма работы платёжной системы Сатоси Накамото ввёл понятие «цифровая монета», определив его как цепочку цифровых подписей. В отличие от стандартизированных номиналов обычных монет, каждая «цифровая монета» имеет свой собственный номинал. Каждому биткойн-адресу может сопоставляться любое количество «цифровых монет». При помощи транзакций их можно делить и объединять, при этом сохраняется общая сумма их номиналов за вычетом комиссии.
До версии 0.8.0 для хранения цепочки блоков основной клиент использовал Berkeley DB, начиная с версии 0.8.0 разработчики перешли на LevelDB.

Подтверждение транзакций[править | править код]

Пока транзакция не включена в блок, система считает, что количество биткойнов на некоем адресе остаётся неизменным. В это время есть техническая возможность оформить несколько разных транзакций по передаче с одного адреса одних и тех же биткойнов разным получателям. Но как только одна из подобных транзакций будет включена в блок, остальные транзакции с этими же биткойнами система будет уже игнорировать. Например, если в блок будет включена более поздняя транзакция, то более ранняя будет считаться ошибочной. Есть небольшая вероятность, что при ветвлении две подобные транзакции попадут в блоки разных ветвей. Каждая из них будет считаться правильной, лишь при отмирании ветви одна из транзакций станет считаться ошибочной. При этом не будет иметь значения время совершения операции.
Таким образом, попадание транзакции в блок является подтверждением её достоверности вне зависимости от наличия других транзакций с теми же биткойнами. Каждый новый блок считается дополнительным «подтверждением» транзакций из предыдущих блоков. Если в цепочке 3 блока, то транзакции из последнего блока будут подтверждены 1 раз, а помещённые в первый блок будут иметь 3 подтверждения. Достаточно дождаться нескольких подтверждений, чтобы вероятность отмены транзакции стала очень низкой.
Для уменьшения влияния подобных ситуаций на сеть существуют ограничения на распоряжение только что полученными биткойнами. Согласно сервису blockchain.info, до мая 2015 года максимальная длина отвергнутых цепочек была 5 блоков. Необходимое число подтверждений для разблокирования полученного зависит от программы-клиента либо от указаний принимающей стороны. Клиент «Bitcoin-qt» для отправки не требует наличия подтверждений, но у большинства получателей по умолчанию выставлено требование 6 подтверждений, то есть реально воспользоваться полученным обычно можно через час. Различные онлайн-сервисы часто устанавливают свой порог подтверждений.
Биткойны, полученные за создание блока, протокол разрешает использовать после 100 подтверждений[16], но стандартная программа-клиент показывает комиссию через 120 подтверждений, то есть обычно воспользоваться комиссией можно примерно через 20 часов после её начисления.

«Двойное расходование»

Основная статья: Двойное расходование
Если контролировать более 50 % суммарной вычислительной мощности сети, то существует теоретическая возможность при любом пороге подтверждений одни и те же биткойны передать два раза разным получателям — одна из транзакций будет публичной и подтверждаться в общем порядке, а вторая не будет афишироваться, её подтверждения будут происходить блоками скрытой параллельной ветви. Лишь через некоторое время сеть получит сведения о второй транзакции, она станет подтверждённой, а первая утратит подтверждения и будет игнорироваться. В результате не произойдёт удвоения биткойнов, но изменится их текущий владелец, при этом первый получатель утратит биткойны без каких-либо компенсаций.
Открытость цепочки блоков позволяет внести в произвольный блок изменения. Но тогда потребуется пересчёт хеша не только изменённого блока, но и всех последующих. Фактически, для такой операции потребуется мощность не меньше той, которая была использована для создания изменённого и последующих блоков (то есть всей текущей мощности), что делает такую возможность крайне маловероятной.
На 1 декабря 2013 года суммарная мощность сети превысила 6000 THash/s. С начала 2014 года объединение майнеров (пул) Ghash.io длительное время контролирует свыше 40 % суммарной мощности сети «Биткойн», а в начале июня 2014 года в нём кратковременно концентрировалось более 50 % мощности сети.
Двойное расходование биткойнов на практике не было зафиксировано ни разу. На май 2015 года параллельные цепочки никогда не превышали 5 блоков.

Сложность

За требование к хешам блоков отвечает специальный параметр, называемый «сложность». Так как вычислительные мощности сети непостоянны, этот параметр пересчитывается клиентами сети через каждые 2016 блоков таким образом, чтобы поддерживать среднюю скорость формирования блокчейна на уровне 2016 блоков в две недели. Таким образом, 1 блок должен создаваться примерно раз в десять минут. На практике, когда вычислительная мощность сети растёт — соответствующие временные промежутки короче, а когда снижается — длиннее. Перерасчёт сложности с привязкой ко времени возможен благодаря наличию в заголовках блоков времени их создания. Оно записывается в Unix-формате по системным часам автора блока (если блок создается в пуле, то по системным часам сервера этого пула).
submitted by ivbittar to u/ivbittar [link] [comments]

Dogecoin giveaway - Comment here to receive 100 doge. Also, AMA about cryptocurrency.

Once you get tipped, click the +accept link that the bot PMs you. You can then see your balance and recent dogetipbot transaction history with +history
I will also be answering any questions you have. I'm a moderator on /dogecoin and have been studying cryptocurrency for almost 3 years. Here's a glossary of terms you may not know which may help spark some questions if you don't know what to ask:
Hash: The result of an algorithm that takes any input data of arbitrary size and produces a fixed size output. It is impossible to discover the input data based on the resulting hash.
Private keys, public keys and addresses (privkey, pubkey, addr): Put simply, a private key is just a number. A really really big number. There are 2 ^ 160 possible private keys, each is a 256 bit integer in binary. Using the ECDSA your private keys correspond to a public key. And a hash of your public key is your wallet address.
Wallet: Software which generates and stores your keys and addresses.
Transaction (tx): A piece of data that contains where coins are coming from (inputs) and where they are going to (outputs). To be valid, your wallet software must sign the transaction with the private keys of all the inputs, this is how ownership of coins is proven.
Block: A data structure used by cryptocurrency networks which contains transactions.
Blockchain: The collection of blocks in a cryptocurrency network. Each new block contains the hash of the previous block, this is required for it to be valid. In this way, blocks are chained together, each one depends on the previous one to be valid.
Proof of work (POW): The process of hashing random data to discover a hash value that is lower than a predetermined number, that number is the "difficulty".
Mining: Miners collect all the transactions on the network and assemble them into a block. Using POW, miners insert random data (called a nonce, aka number used once) into the block and hash the block. When they find a hash value below the target difficulty, the block is considered valid by the rules of the network and miners broadcast the block to the network. The transactions in the block now have 1 confirmation. Miners are also allowed to claim a block reward (sort of a finder's fee) for their work. This incentivizes miners for their work. Mining is what secures the network from attack. If you have 51% of the entire network's mining power, then you can block transactions or even reverse transactions, so it is important that mining remains as decentralized as possible.
Node: A computer that is running cryptocurrency software which generates, validates and relays transactions and blocks. They download and validate the full blockchain. Nodes can also be wallets, this software is often called "core". The network of nodes IS the cryptocurrency network, they are what make the whole thing work. The node software also contains a friendly JSON API which can be used to perform many functions, such as looking up a transaction in the blockchain history.
submitted by peoplma to RedditDayOf [link] [comments]

XMR-Stak - proudly XMR-only mining network stack (and CPU miner)

I want to show off what I was working on for the past 7 weeks or so. Just to clarify (there seems to be a lot of "give me money" posts around here recently), it will be FOSS. This is not some kind of crowd funding attempt.
Of course the purpose of this topic is to gage interest - I want to be sure that it is worth my time to polish up "own-use grade" into release grade software, so if you like what you see please upvote and make a noise.
 

What do you mean by a network stack? What's wrong with the current one?

Network stack is essentially all the logic that lives between the hashing code and the output to the pool. While the software that I'm writing currently has a CPU miner on top, there is no reason why it can't be modified to hash through GPU.
Current stack used by the open source CPU miner and some GPU miners has been knocking around since 2011. Its design is less than ideal - command line args put a limit on how complex the configuration can get, and the flawed network interaction design means that it needs to keep talking to the pool (keep-alive) to detect that it is still there.
Most importantly though, the code was designed for Bitcoin. Cryptonight coins have hashing speeds many orders of magnitude slower, which leads to different design choices. For example both BTC and XMR have 32 bit nonce. That means you have slightly over 4 billion attempts to find a block and you need to add fudge code in BTC that is not needed in XMR.
 

CPU mining performance

I started off with Wolf's hashing code, but by the time I was done there are only a couple lines of code that are similar.
Performance is nearly identical to the closed source paid miners. Here are some numbers:
 

Output samples

One of the most annoying things for me about the old mining stack was that it kept spewing huge amounts of redundant information. XMR-Stak prints reports when you request it to do so instead. Here they are (taken from the X5650 system running on Arch).
HASHRATE REPORT | ID | 2.5s | 60s | 15m | ID | 2.5s | 60s | 15m | | 0 | 38.3 | 38.3 | 38.3 | 1 | 38.4 | 38.4 | 38.4 | | 2 | 38.4 | 38.3 | 38.3 | 3 | 38.4 | 38.4 | 38.4 | | 4 | 38.3 | 38.3 | 38.3 | 5 | 38.4 | 38.4 | 38.4 | | 6 | 38.3 | 38.3 | 38.3 | 7 | 38.4 | 38.4 | 38.4 | | 8 | 40.0 | 40.0 | 40.0 | 9 | 40.1 | 40.1 | 40.1 | | 10 | 40.0 | 40.0 | 40.0 | 11 | 40.1 | 40.1 | 40.1 | ----------------------------------------------------- Totals: 467.0 467.0 467.0 H/s Highest: 467.0 H/s 
Since this is a CLI server it is very uniform as you would expect. You can also see that some threads would gain 1.5H/s if they were on better NUMA nodes.
RESULT REPORT Difficulty : 8192 Good results : 316 / 316 (100.0 %) Avg result time : 17.9 sec Pool-side hashes : 2588672 Top 10 best results found: | 0 | 516321 | 1 | 488669 | | 2 | 391229 | 3 | 384157 | | 4 | 380941 | 5 | 379807 | | 6 | 347487 | 7 | 292038 | | 8 | 246997 | 9 | 244569 | Error details: Yay! No errors. 
And last one:
CONNECTION REPORT Connected since : 2016-12-19 20:21:38 Pool ping time : 141 ms Network error log: Yay! No errors. 
Sample config file is as follows:
http://pastebin.com/EqyvkWkB
 

Low power mode

This is a bit of an academic exercise, showing why I don't believe that memory latency is be-all and end-all of PoW. Idea is very simple. We do two hashes at a time, we double the performance (as we have more time to load data from L3). We are of course still constrained by the L3 cache, but FPGAs with 50-100MB of on-chip memory are out already.
 

Some things for the future

Let me know what you think.
-----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v2 mQENBFhYUmUBCAC6493W5y1MMs38ApRbI11jWUqNdFm686XLkZWGDfYImzL6pEYk RdWkyt9ziCyA6NUeWFQYniv/z10RxYKq8ulVVJaKb9qPGMU0ESfdxlFNJkU/pf28 sEVBagGvGw8uFxjQONnBJ7y7iNRWMN7qSRS636wN5ryTHNsmqI4ClXPHkXkDCDUX QvhXZpG9RRM6jsE3jBGz/LJi3FyZLo/vB60OZBODJ2IA0wSR41RRiOq01OqDueva 9jPoAokNglJfn/CniQ+lqUEXj1vjAZ1D5Mn9fISzA/UPen5Z7Sipaa9aAtsDBOfP K9iPKOsWa2uTafoyXgiwEVXCCeMMUjCGaoFBABEBAAG0ImZpcmVpY2VfdWsgPGZp cmVpY2UueG1yQGdtYWlsLmNvbT6JATcEEwEIACEFAlhYUmUCGwMFCwkIBwIGFQgJ CgsCBBYCAwECHgECF4AACgkQ+yT3mn7UHDTEcQf8CMhqaZ0IOBxeBnsq5HZr2X6z E5bODp5cPs6ha1tjH3CWpk1AFeykNtXH7kPW9hcDt/e4UQtcHs+lu6YU59X7xLJQ udOkpWdmooJMXRWS/zeeon4ivT9d69jNnwubh8EJOyw8xm/se6n48BcewfHekW/6 mVrbhLbF1dnuUGXzRN1WxsUZx3uJd2UvrkJhAtHtX92/qIVhT0+3PXV0bmpHURlK YKhhm8dPLV9jPX8QVRHQXCOHSMqy/KoWEe6CnT0Isbkq3JtS3K4VBVeTX9gkySRc IFxrNJdXsI9BxKv4O8yajP8DohpoGLMDKZKSO0yq0BRMgMh0cw6Lk22uyulGALkB DQRYWFJlAQgAqikfViOmIccCZKVMZfNHjnigKtQqNrbJpYZCOImql4FqbZu9F7TD 9HIXA43SPcwziWlyazSy8Pa9nCpc6PuPPO1wxAaNIc5nt+w/x2EGGTIFGjRoubmP 3i5jZzOFYsvR2W3PgVa3/ujeYYJYo1oeVeuGmmJRejs0rp1mbvBSKw1Cq6C4cI0x GTY1yXFGLIgdfYNMmiLsTy1Qwq8YStbFKeUYAMMG3128SAIaT3Eet911f5Jx4tC8 6kWUr6PX1rQ0LQJqyIsLq9U53XybUksRfJC9IEfgvgBxRBHSD8WfqEhHjhW1VsZG dcYgr7A1PIneWsCEY+5VUnqTlt2HPaKweQARAQABiQEfBBgBCAAJBQJYWFJlAhsM AAoJEPsk95p+1Bw0Pr8H/0vZ6U2zaih03jOHOvsrYxRfDXSmgudOp1VS45aHIREd 2nrJ+drleeFVyb14UQqO/6iX9GuDX2yBEHdCg2aljeP98AaMU//RiEtebE6CUWsL HPVXHIkxwBCBe0YkJINHUQqLz/5f6qLsNUp1uTH2++zhdBWvg+gErTYbx8aFMFYH 0GoOtqE5rtlAh5MTvDZm+UcDwKJCxhrLaN3R3dDoyrDNRTgHQQuX5/opJBiUnVNK d+vugnxzpMIJQP11yCZkz/KxV8zQ2QPMuZdAoh3znd/vGCJcp0rWphn4pqxA4vDp c4hC0Yg9Dha1OoE5CJCqVL+ic4vAyB1urAwBlsd/wH8= =B5I+ -----END PGP PUBLIC KEY BLOCK----- 
submitted by fireice_uk to Monero [link] [comments]

Blockchain - Proof of work - YouTube Bitcoin Q&A: Nonces, mining, and quantum computing BitcoinWiki Channel - YouTube Blockchain A-Z: Nonce 08 - Blockchain, mining, mining pool.

Nonce è un numero che può essere utilizzato solo una volta nella crittografia è un codice una tantum, vibrant overcome o pseudorandom modo, che viene utilizzato per biopsia il principale per fare la trasmissione, impedendo di prendere il potere della riproduzione.. Nel processo minerario di Bitcoin, l'obiettivo è quello di trovare un hash al di sotto di un numero di obiettivo che è ... In Bitcoin's mining process, the goal is to find a hash below a target number which is calculated based on the difficulty. Proof-of-work in Bitcoin's mining takes an input consists of Merkle Root, timestamp, previous block hash and few other things plus a nonce which is completely random number. If the output results in hash is smaller than the target hash you win the block and the consensus ... Aus Bitcoin Wiki. Wechseln zu: Navigation, Suche. Die "nonce" in einem Bitcoin Block ist ein 32-Bit (4-Byte) Feld, dessen Wert so eingestellt ist, dass der Hash-Block eine Serie von Nullen enthält. Der Rest der Felder sollte nicht geändert werden, da sie eine definierte Bedeutung haben. Jede Änderung der Daten des Blocks (so wie die nonce) verändert den Hash-Block komplett. Da es ... The "nonce" in a bitcoin block is a 32-bit (4-byte) field whose value is adjusted by miners during the Proof of Work process in an effort to generate a block hash less than or equal to the current target of the network. The rest of the fields, with the exception of the timestamp, may not be changed, as they have a defined meaning. Any change to the block data (such as the nonce) will make the ... From Bitcoin Wiki. Jump to: navigation, search. The "nonce" in a bitcoin block is a 32-bit (4-byte) field whose value is adjusted by miners so that the hash of the block will be less than or equal to the current target of the network. The rest of the fields may not be changed, as they have a defined meaning. Any change to the block data (such as the nonce) will make the block hash completely ...

[index] [35456] [16317] [38820] [44464] [37776] [28603] [25200] [50013] [13774] [36953]

Blockchain - Proof of work - YouTube

Visit https://blockchain.wtf to learn even more about cryptocurrency & blockchains! Welcome to Blockchain A-Z! In this clip, we talk about "nonce", an arbitr... Blockchain - Proof of work Watch more videos at https://www.tutorialspoint.com/videotutorials/index.htm Lecture By: Mr. Parth Joshi, Tutorials Point India Pr... What is the nonce? Is it possible guess it on the first try? How is the nonce found in mining pools? When a miner wins the block reward, how does the block know which address to pay? When does a ... Who generates the nonce? What makes it random? How is nonce-guessing important to the competitive process of mining? What happens if the hashing algorithm (SHA-256) was compromised? Is quantum ... What is the nonce that Miners adjust in their blocks, and what's its relationship to the Block itself? Why do we need nonces in Bitcoin, and where did this s...

#