Blockchain Nonce – Cryptography – BitcoinWiki

Mining mempool tx sweep

Hi all. Is anyone aware of when mining software chooses to add transactions from the mempool into the merle tree of the block it is currently hashing and trying to find the winning nonce for?
Is it the case that a single snapshot of the mempool is taken (with some selection filters applied), built into a tree and then submitted to the ASICs for hashing? Or is the merkle tree updated regularly during the round in order to include higher priority transactions? Doing this changes the header so would probably result in resetting the nonce.
Edit: Actually, same question for the block time field in the header... at what point does mining software set this? Only once at the beginning of the round, or does it update it continually with each iteration (acting like a mining nonce)?
Bitcoin wiki says this vague line: "The block is also occasionally updated as you are working on it."
I'm interested to know what typical practice is here. I'd guess cgminer and equivalents have customisable and default params which set some threshold for decision making. If new tx priority is below threshold then don't update the header, if it is over the threshold then its worth the i/o(?) cost to switch out the header.
Edit: This is a full node listening for new transactions and blocks. The new transactions list (mempool) continually grows, a few tx per second, and then mostly clears on the arrival of a new block. This implies that miners, who receive a similar mempool to this node, are updating their block header with new transactions all the time thought out the round.
submitted by opacey to BitcoinMining [link] [comments]

[HALVING MEGATHREAD] Block 630000 has been mined. Mining subsidy is now 6.25 BTC per block. The third Bitcoin Halving is now complete!

As of now, 630,000 blocks have been mined on the Bitcoin network, and the block reward has successfully halved for the second THIRD time. The previous block reward was 12.5 BTC, and the new block reward is now 6.25 BTC. Since the previous halving at Block 420000, monetary inflation decreased from 4.17%% to 3.57%. Block 630000 signals an immediate 50% reduction to 1.79%. The next halving will occur at Block 840000 in approximately four years. Godspeed, Bitcoin!
Here's Block 630000 in all its glory!
{ "hash": "000000000000000000024bead8df69990852c202db0e0097c1a12ea637d7e96d", "confirmations": "1", "strippedsize": "1186930", "weight": "3993250", "height": "630000", "version": "536870912", "merkleroot": "b191f5f973b9040e81c4f75f99c7e43c92010ba8654718e3dd1a4800851d300d", "tx": "3134", "time": "1589225023", "nonce": "2302182970", "bits": "387021369", "difficulty": "16104807485529", "previousblockhash": "0000000000000000000d656be18bb095db1b23bd797266b0ac3ba720b1962b1e", } 
coinbase transaction: 6.25 BTC + 0.90968084 BTC in fees
block size: 1186.93 KB
transactions: 3134
total bitcoins: 18,375,000
remaining bitcoins: ~2,625,000
previous halving: 3 years 10 months 2 days 2 hours 37 minutes 30 seconds ago
[Monetary Inflation Chart] [Controlled Supply] [Bitcoin Clock]
[] [] [] [] [] []
submitted by BashCo to Bitcoin [link] [comments]

3 key data points show it wasn't Satoshi who moved 50 Bitcoin

3 key data points show it wasn't Satoshi who moved 50 Bitcoin submitted by JosefinaCrane to CryptoCurrency [link] [comments]

CelesOS Research Institute丨DPoW consensus mechanism-combustible mining and voting

CelesOS Research Institute丨DPoW consensus mechanism-combustible mining and voting
The token economy and the blockchain complement each other, while at the same time, the consensus mechanism forms the basis of the blockchain, whom constitutes the basic technical framework of the token economy.
The mainstream blockchain, like Bitcoin, Ethereum, and EOS have all compromised on certain aspects of the "impossible triangle" features.
Bitcoin, as a decentralized digital currency, has sacrificed performance to meet the design requirements of decentralization and security, rendering it the target of highest attacking cost among all PoW public chains. The ASIC mining machines updates continually and new versions launch, both can continuously improve the computing power of the entire network.
Ethereum 2.0 will use a proof of stake (PoS) consensus mechanism. On the Ethereum network, money can be transfered and smart contracts can be operated, presenting a more complicated application scenario. However, due to its low performance, Ethereum is more prone to get congested.
EOS, as a blockchain application platform, is often suspected of being centralized. EOS uses a delegated proof of stake (DPoS) consensus mechanism. Having 21 super nodes responsible for bookkeeping and block generation, the EOS main network can handle more than 4,000 TPS now. However, due to its small number of nodes, it’s one of the three major public chains that are most easily questioned by the outside world on the "decentralization" feature.
An inefficient blockchain will only be a game in the laboratory, and an efficient blockchain without decentralization will only be taken advantage of by big players.
New generation consensus algorithm DPoW
Is there any consensus mechanism that can achieve a better balance between decentralization and efficiency, and can give miners incentives to invest in hardware resources? If we separate the two acts of "acquiring accounting rights" and "receiving block rewards", the above dilemma can be solved. By separating the above two, DPoW has finally achieved the effect of balancing efficiency and centralization.
Drawing on the design concept and operating experience of the preceding consensus mechanisms, DPoW is a new-generation consensus mechanism formed based on PoB and DPoS.
Before explaining DPoW, it’s necessary to introduce PoB.
PoB (Proof of Burn) is called the burning proof mechanism. (Source:
PoB is a way to vote who has a commitment to the leadership of the network by burning tokens possessed. The greater the number of tokens burned, the higher the probability of gaining network leadership.
PoB is a method of distributed consensus and an alternative method of proof-of-work mechanism. It can also be used to guide a cryptocurrency.
In the DPoW-based blockchain, the miner's mining reward is no longer a token, but a "wood" that can be burned-burning wood. Through the hash algorithm, miners use their own computing power to get the corresponding non-tradable wood after proving their workload eventually. When the wood has accumulated to a certain amount, it can be burnt in the burning site.
DPoW technical solutions
Voting with computing power is the biggest innovation of the present invention. It uses the proof of work of the PoW algorithm to replace the stakes as votes, yet retains the BFT-DPoS block generation mechanism.
Specific steps are as follow:
  1. POW question acquisition
Obtain the question of proof of work. The proof of work of the present invention is to perform a Hash operation on a PoW problem; the questions is:
target = hash(block_id + account) ^ difficulty 
  1. POW question answering
A mathematical hash operation of a random number (nonce) is performed on the question, and if the hash value obtained is less than a certain value, the question is answered;
Question answering process:
nonce = random ()ret = max() while(ret > target) { if(hash(nonce+account + block_id)< target) { wood = nonce; break; } nonce++; } 
  1. Voting
Voting is to cast the specific answers to the question to the candidate BP. By such, it’s submitted to the blockchain and counted to the blockchain's status database; within an election period, the maximum value of the answer that each voter can calculate is N, and each answer can only be voted to one candidate BP, and the number of votes that can be cast is N.
The information and process that voting requires:
  • Answer to the question
  • Miner account
  • Block id
  • Block
  • Voting objects (candidate BP)
  • Verify that the vote is valid
  • After verification, it will be credited to BP
4. Count the votes
At the end of an election period, votes are counted and sorted top-down according to the number of votes under the name of the candidate BP. The top X candidate BPs are selected and inserted into the BP list, and the block generating order of the selected BP is written to the blockchain status database.
If X is the number of BPs generated by the system, namely a multiple of 3, it will be set in the genesis block and cannot be changed.
  1. Block generation
The DPoW block generation mechanism is the same as BFT-DPoS. The elected BP negotiates a block generation ownership order based on its own network resource status. When each BP node has block generation rights, the block reward is a fixed reward for each effective irreversible block. At the same time, the blocks that have been generated use the BFT signature mechanism. After getting 2/3 BP's signature, the block will become an irreversible block.
DPoW’s advantage in balance
Compared with existing technical solutions, the DPoW consensus protocol has the following feature.
  1. When the stock of burning wood is large, the nodes in the system tend to burn burning wood to vote instead of logging through computing power, which is similar to the DPoS under this situation.
  2. When the stock of burning wood is few, the nodes in this system tend to log to obtain burning wood for voting, which is similar to PoW under this situation, presenting the feature of decentralization. In order to ensure the high-speed operation of the system and attract ticket sources, BP will maintain a stable investment in computer resources to keep the system highly efficient.
Choosing to vote by logging or burning wood depends on the nodes’ own optimal choice, resulting in constant choosing between the two consensus mechanisms of PoW and DPoS. This will make nodes tend to choose PoW when decentralization is needed, and to choose DPoS when efficiency is needed.
For a system, whether it is decentralized does not depend on whether each block needs to be decentralized. The key is whether the system can provide a channel to decentralization and fair competition when needed. As long as the channel is reasonable, the system will be considered decentralized.
By decoupling vote by logging and block generation, they can be done asynchronously to achieve the effects of decentralization and high efficiency.
Learning and updating the preceding practices in blockchain technology, DPoW manages to achieve both decentralization and efficiency, as “having the cake and eating it”.

📷 Telegram
📷 Twitter
📷 Reddit
📷 Medium
📷 Facebook
📷 Youtube
submitted by CelesOS to u/CelesOS [link] [comments]

Mining and Dogecoin - Some FAQs

Hey shibes,
I see a lot of posts about mining lately and questions about the core wallet and how to mine with it, so here are some facts!
Feel free to add information to that thread or correct me if I did any mistake.

You downloaded the core wallet

Great! After a decade it probably synced and now you are wondering how to get coins? Bad news: You don't get coins by running your wallet, even running it as a full node. Check what a full node is here.
Maybe you thought so, because you saw a very old screenshot of a wallet, like this (Version 1.2). This version had a "Dig" tab where you can enter your mining configuration. The current version doesn't have this anymore, probably because it doesn't make sense anymore.

You downloaded a GPU/CPU miner

Nice! You did it, even your antivirus system probably went postal and you started covering all your webcams... But here is the bad news again: Since people are using ASIC miners, you just can't compete with your CPU hardware anymore. Even with your more advanced GPU you will have a hard time. The hashrate is too high for a desktop PC to compete with them. The blocks should be mined every 1 minute (or so) and that's causing the difficulty to go up - and we are out... So definitly check what is your hashrate while you are mining, you would need about 1.5 MH/s to make 1 Doge in 24 hours!

Mining Doge

Let us start with a quote:
"Dogecoin Core 1.8 introduces AuxPoW from block 371,337. AuxPoW is a technology which enables miners to submit work done while mining other coins, as work on the Dogecoin block chain."
- langerhans
What does this mean? You could waste your hashrate only on the Dogecoin chain, probably find never a block, but when, you only receive about 10.000 Dogecoins, currently worth about $25. Or you could apply your hashrate to LTC and Doge (and probably even more) at the same time. Your change of solving the block (finding the nonce) is your hashrate divided by the hashrat in sum - and this is about the same for Doge and LTC. This means you will always want to submit your work to all chains available!

Mining solo versus pool

So let's face it - mining solo won't get you anywhere, so let's mine on a pool! If you have a really bad Hashrate, please consider that: Often you need about $1 or $2 worth of crypto to receive a payout (without fees). This means, you have to get there. With 100 MH/s on prohashing, it takes about 6 days, running 24/7 to get to that threshold. Now you can do the math... 1 MH/s = 1000 KH/s, if you are below 1 MH/s, you probably won't have fun.

Buying an ASIC

You found an old BTC USB-miner with 24 GH/s (1 GH/s = 1000 MH/s) for $80 bucks - next stop lambo!? Sorry, bad news again, this hashrate is for SHA-256! If you want to mine LTC/Doge you will need a miner using scrypt with quite lower numbers on the hashrate per second, so don't fall for that. Often when you have a big miner (= also loud), you get more Hashrate per $ spent on the miner, but most will still run on a operational loss, because the electricity is too expensive and the miners will be outdated soon again. Leading me to my next point...

Making profit

You won't make money running your miner. Just do the math: What if you would have bougth a miner 1 year ago? Substract costs for electricity and then compare to: What if you just have bought coins. In most cases you would have a greater profit by just buying coins, maybe even with a "stable" coin like Doges.

Cloud Mining

Okay, this was a lot of text and you are still on the hook? Maybe you are desperated enough to invest in some cloud mining contract... But this isn't a good idea either, because most of such contracts are scams based on a ponzi scheme. You often can spot them easy, because they guarantee way to high profits, or they fake payouts that never happened, etc.
Just a thought: If someone in a subway says to you: Give me $1 and lets meet in one year, right here and I give you $54,211,841, you wouldn't trust him and if some mining contract says they will give you 5% a day it is basically the same.
Also rember the merged mining part. Nobody would offer you to mine Doges, they would offer you to buy a hashrate for scrypt that will apply on multiple chains.

Alternative coins

Maybe try to mine a coin where you don't have ASICs yet, like Monero and exchange them to Doge. If somebody already tried this - feel free to add your thoughts!

Folding at Home (Doge)

Some people say folding at home (FAH - still the best. I just installed the tool and it says I would make 69.852 points a day, running on medium power what equates to 8 Doges. It is easy, it was fun, but it isn't much.
Thanks for reading
submitted by _nformant to dogecoin [link] [comments]

You can call you a Bitcoiner if you know/can explain these terms...

10 Minutes
10,000 BTC Pizza
2016 Blocks
21 Million
210,000 Blocks
51% Attack
Asic Boost
Bitcoin Cash
Bitcoin Improvement Proposal (BIP)
Bitcoin SV
Block height
Block reward
Bloom Filter
Brain Wallet
Change Address
Child pays for parent (CPFP)
Coinbase (not the exchange)
Coinmarketcap (CMC)
Colored Coin
Custodial Wallet
Craig Wright
David Kleinman
Difficulty adjustment
Difficulty Target
Dorian Nakamoto
Double spend
Elliptic Curve Digital Signature Algorithm (ECDSA)
Full Node
Gavin Andresen
Genesis Block
Getting goxed
Hard Fork
Hardware Wallet
Hierarchical Deterministic (HD) Wallet
Hot Wallet
Initial Coin Offering (ICO)
Initial Exchange Offering (IEO)
Light Node
Master Private Key
Master Public Key
Master Seed
Merkle Tree
Mining Farm
Mining Pool
Not your keys,...
Orphan block
Paper Wallet
Pieter Wuille
Private key
Proof of Stake (PoS)
Proof of Work (PoW)
Public key
Replace by Fee (RBF)
Roger Ver
Satoshi Nakamoto
Schnorr Signatures
Segregated Witness (Segwit)
Simplified Payment Verification (SPV)
Smart Contract
Soft Fork
Transaction Fees
TransactionId (Txid)
User Activated Soft Fork (UASF)
Wallet Import Format (WIF)
Watch-Only Address
List obviously not complete. Suggestions appreciated.
submitted by PolaT1x to Bitcoin [link] [comments]

Knowledge Drop: Mining and the role it plays with the Ethereum blockchain

The term mining is used to represent the creation, verification, publishing, and propagation of blocks in Ethereum. It’s an analogy to digging precious metals out of the ground, since Ether and Bitcoin before it, are scarce resources with fixed amounts, similar to gold.
However, miners in Ethereum are not digging. They are using computational power to rapidly input a nonce, or a number that can only be used once, into a Proof of Work algorithm called Ethash in order to achieve a result that satisfies a given difficulty.
submitted by blockstasy to CryptoTechnology [link] [comments]

The elephant in the (Crypto) room: "Mining" and its energy waste

I know this post is a bit of a wall of text but hear me out. I do my best to explain my thoughts on the drawbacks of mining and why cryptos that cut out mining are so important.
"Mining" is a misnomer. To laypeople, using this term to describe the consensus mechanism for Proof of Work cryptocurrencies makes it sound like something productive and worthwhile. Who would criticize someone with the admirable and noble task of working to extract gold from the Earth? A valuable piece of metal is produced thanks to their hard work. But crypto mining is different; while it does have a purpose, it is far from productive.

So what is bitcoin mining? If you're to believe the most basic explanations offered such as from this video (, miners solve "complex math problems". I can still remember when I heard this for the first time (years ago) and even though I'm pretty mathematically inclined, I had assumed this meant that these complex math problems were actually useful and necessary to 'unlock' those bitcoins somehow, and for a long time I didn't think anything more of it. To my mind, I imagined it like there's a million problems to solve and each time you solve one you get a reward. The math problem might have been, for example, to find the next largest prime. Instead the actual problem is, at its most basic level, nonce finding. See Different coins or forks may use a different problem but the end result is the same - energy is spent solving a pointless problem ('pointless' in the sense that the actual math answer doesn't benefit anyone).

In reality bitcoin mining could be better described as "provably expending energy in exchange for lottery tickets". It's an arms race of everyone competing to waste energy. The more energy wasted, the more likely one is to win the lottery. See here for an example: I find it abhorrent that there are entire businesses (at several scales at that) set up primarily to "mine" bitcoin or other coins. I see videos like this one (Digital Gold: and think it bizarre that it's considered acceptable for businesses set up to waste energy to protect the network and that people are so sad when the market takes a turn and they have to close up shop. Your business model is to compete with other people to waste energy to earn lottery tickets that have variable value. Those who can lower their operating costs the most will be the most profitable (or with the way difficulty adjustments happen, perhaps the *only* ones profitable). A portion of the money flowing in to buy BitCoin is being used to prop up these wasteful businesses. Because it's considered normal by now people don't get outraged at this fact.

Some people who have been around crypto for years take it for granted that this type of process is necessary for security of the network, and to some extent this misunderstanding is forgivable as it is the oldest method and has worked quite well especially at small scale (not mass adoption) when the total energy expenditure was not all that high. Proof of Stake cryptos have demonstrated this is not the case (that the waste is necessary), and in particular cryptos like Nano with its Delegated Proof of Stake show potential for being just as, if not more, secure than PoW coins due to there being less centralization pressure due to having no significant incentive to trying to control more of the vote versus economies of scale pushing the small miners out of business in PoW. A big part of the reason BitCoin transactions became so expensive in Dec 2017 was that to "buy" a transaction in the BitCoin network you had to pay for a part of the combined energy wastage of the network; the other component being that you're also in a bidding war against other people determined to get their transaction included in the next block. So your transaction fee (aka 'mining fee') is you trying to outbid other people to see who gets to pay for the person wasting electricity. Imagine if each end-user scoffing at the $20+ withdraw fee on coinbase at the time actually understood what was behind that fee rather than thinking of it as a nebulous "network fee".

A quote I saw on cc that exemplifies this mindset is as follows:
"And a chain with no fees has no mechanism to pay for security. There NEED to be fees, they just need to be lower than with fiat payment systems."

So many of the BitCoin clones/forks make some attempt to mitigate this problem by, for example, increasing blocksize or changing other parameters like block times. In the end though, most of them are still based on this method of energy wastage to secure the network, aka Proof of Work.
Now if there were no more efficient method than PoW mining then it might be fair to say that its energy expenditure (comparable to the entire energy use of a small country like Belgium) is a necessary price to pay for the value provided by the unique features of the network. In other words, that the energy cost is 'worth it'. The thing is though, there *are* ways to secure a network with far less (or virtually no) energy cost and Nano provides one such case.

Does anyone else find it insane that people in this space think it's normal the energy waste that goes into so called "mining"? Do we need to re-label mining to something that better reflect its nature? Because the end user is generally not involved with the mining, I think they don't really consider the energy cost that their transactions have. And to most of these people, telling them the entire Nano network can be powered by a single wind turbine probably doesn't mean anything. Does there need to be a grassroots movement to push back against wasteful 'mining'? Laypeople concerned about the environmental impact caused by the energy wastage of cryptos often seem to be under the impression that all crypto is necessarily wasteful. How can we get people to care if at the end of the day they just pay a fee and don't get to see the impact? Nano being feeless is one of its biggest strengths but not just because it saves people using it a little bit of money; it's more the fact it cuts out the massive-scale problem of mining. This is hard to get across in a short slogan like "fast, feeless, scalable" though.
submitted by manageablemanatee to nanocurrency [link] [comments]

[HALVING MEGATHREAD] Block 420000 has been mined. Mining reward is now 12.5 BTC per block. The second halvening is now complete!

As of now, 420,000 blocks have been mined on the Bitcoin network, and the block reward has successfully halved for the second time. The previous block reward was 25 BTC, and the new block reward is now 12.5 BTC. Since the previous halving at Block 210000, monetary inflation decreased from 12.5% to 8.33%. Block 420000 signals an immediate 50% reduction to 4.17%. The next halving will occur at Block 630000 in approximately four years. Godspeed, Bitcoin!
Here's Block 420000 in all its glory!
{ "hash": "000000000000000002cce816c0ab2c5c269cb081896b7dcb34b8422d6b74ffa1", "confirmations": "1", "height": "420000", "version": "536870912", "merkleroot": "028323a5bcacb0057274ee0a4366e5671278bc736b57176d9bb929c3a69e0ffa", "time": "1468082773", "nonce": "2193437364", "bits": "180526fd", "difficulty": "213398925331.324", "previousblockhash": "000000000000000003035bc31911d3eea46c8a23b36d6d558141d1d09cc960cf", } 
coinbase transaction: 16.66666666 BTC + -3.59096985 BTC in fees (this line was automatically fetched from which was reporting inaccurate info and has since been fixed. appears correct.)
actual coinbase transaction: 13.07569681 BTC + 0.57569681 BTC in fees
block size: 999.838 KB
transactions: 1257
total bitcoins: 15,750,000
remaining bitcoins: ~5,250,000
previous halving: 3 years 7 months 11 days 1 hours 21 minutes 35 seconds ago
[ chart] [Controlled Supply] [Bitcoin Clock]
[] [] [] [] [] []
submitted by BashCo to Bitcoin [link] [comments]

AsicBoost and the strange case of CVE-2017-9230

About CVEs

In the public interest of tracking and remedying cybersecurity vulnerabilities quickly, a public database was created in 2000: the CVE List [1].
CVE stands for Common Vulnerabilities and Exposures. Its database records, known as CVEs, track and record publicly known cybersecurity vulnerabilities. Each recorded vulnerability has a unique ID and lifecycle where it follows certain states.

The AsicBoost controversy

In April 2017, Greg Maxwell published an email [2] on the bitcoin-dev mailing list which described AsicBoost - a patented optimization to the algorithm used in Bitcoin mining - as an attack on the Bitcoin protocol.
There was much contention [3] about whether AsicBoost constituted some kind of harmful exploit, or whether it was merely a technological innovation which enabled more efficient mining hardware (ASICs).
There were allegations, widely reported in media, that the patent served the interest of Bitmain [4]. The purported benefits of exploiting this patent as alleged by Core developers were contemporaneously disputed by other miners [5].

CVE-2017-9230 raised against AsicBoost

On 18 May 2017, Cameron Garnham posted to the bitcoin-dev list [6], urging for getting a CVE assigned to the perceived vulnerability.
On 24 May 2017, this CVE was created as CVE-2017-9230 [7]. It was simultaneously published under Bugtraq ID 'BID 98657' at [8].
The justification in the CVE stated that the AsicBoost method
'violates the security assumptions of (1) the choice of input, outside of the dedicated nonce area, fed into the Proof-of-Work function should not change its difficulty to evaluate and (2) every Proof-of-Work function execution should be independent.'
It seemed a plausible enough reasoning for the CVE to be assigned. It was entered in the list of Bitcoin-related CVE's at [9]. Detailed information on this particular CVE is still missing/incomplete on the wiki page, a year after the CVE was raised.

What happened since the CVE was raised

If you've followed along, you've learned that the CVE was raised to counter the exploitation of the AsicBoost method by miners.
Since then, however, a Core developer, BtcDrak, has been involved in the founding of a mining company, Halong Mining. Several online sources state his (part?) ownership of this company.
BtcDrak has put forward a proposal [10] which would enable the use of AsicBoost within the Bitcoin Core software (the dominant client software on the BTC network).
This proposal appears to directly contradict the CVE claims of how AsicBoost violates "security assumptions" of Bitcoin, and indeed does not address how it mitigates them, nor is CVE-2017-9230 referenced in any of its related documentation.
While the proposal's specification [11] and implementation [12] have not yet been formally accepted, the situation is that Halong has shipped mining equipment which is now actively employing AsicBoost [13,14] on the Bitcoin (BTC) network. There is even a website showing the blocks where AsicBoost was used [15].

Conflict of interest

There a clear conflict of interest in the actions of the Core developer BtcDrak. His actions as a Core developer appear to be furthering his company's interests and competitive advantage in the mining industry by exploiting a vulnerability of which he must have been keenly aware, having participated on the same bitcoin-dev mailing list where it was discussed.
The CVE was vociferously used to paint Bitmain as culpable for delaying Segwit (Bitmain was accused of using AsicBoost and blocking Segwit activation for their own profit motive - claims that Bitmain has publicly denied strongly and which were never substantiated).
One might have expected a similar outcry against Halong's proven and announced use of AsicBoost, but the parties that had previously condemned Bitmain remained mostly silent. Only an anonymous non-developer, Cobra-Bitcoin, co-owner of the domain, spoke out on the Github pull request in [11], and Core developer Luke-jr spoke out against the use of the proposal on the Bitcoin network while consensus had not been reached on it [16].
Subsequent discussion on the bitcoin-dev list on this topic since March has been minimal and only concerned with technicalities of stratum protocol changes.

The bigger elephant in the room

It seems logical that either AsicBoost constitutes an exploitable weakness, and thus merits a CVE and measures taken to prevent its use on the Bitcoin network entirely.
Or it is not a problem and the CVE should be invalidated.
The Bitcoin Core project should use its consensus processes to arrive at a coherent decision.

Other problems raised by the use of overt AsicBoost

The Halong implementation uses version rolling of the nversion bits of the header. It reserves a subset of those bits for overt AsicBoost.
These bits are no longer available to BIP9, but there was no update of BIP9 proposed to address this impact.
This is a question of sensible procedures being followed (or not). The author did not find any review comment mentioning the lack of BIP9 specification update, which suggest a lack of thorough review on a proposal which dates back several months.
A minor issue is that the Core implementation warns when a certain proportion of unrecognized version bits are detected. This behavior can be triggered by the AsicBoost method used on the network.
  1. make dates unambiguous, make it clear that [5] disputes the benefits alleged by Core developers
submitted by btcfork to btc [link] [comments]

Bitcoin and Minning

Bitcoin[a] () is a cryptocurrency. It is a decentralized digital currency without a central bank or single administrator that can be sent from user to user on the peer-to-peer bitcoin network without the need for intermediaries.[8]
Transactions are verified by network nodes) through cryptography and recorded in a public distributed ledger called a blockchain. Bitcoin was invented by an unknown person or group of people using the name Satoshi Nakamoto[15] and was released as open-source software in 2009.[16] Bitcoins are created as a reward for a process known as mining. They can be exchanged for other currencies, products, and services.[17] Research produced by University of Cambridge estimates that in 2017, there were 2.9 to 5.8 million unique users using a cryptocurrency wallet, most of them using bitcoin.[18]
Bitcoin has been criticized for its use in illegal transactions, its high electricity consumption, price volatility, thefts from exchanges, and by reputable economists stating that "it should have a zero price".[19] Bitcoin has also been used as an investment, although several regulatory agencies have issued investor alerts about bitcoin.[20][21]
Mining is a record-keeping service done through the use of computer processing power.[f] Miners keep the blockchain consistent, complete, and unalterable by repeatedly grouping newly broadcast transactions into a block, which is then broadcast to the network and verified by recipient nodes.[80] Each block contains a SHA-256 cryptographic hash of the previous block,[80] thus linking it to the previous block and giving the blockchain its name.[7]:ch. 7[80]
To be accepted by the rest of the network, a new block must contain a proof-of-work (PoW).[80] The system used is based on Adam Back's 1997 anti-spam scheme, Hashcash.[91][failed verification][4] The PoW requires miners to find a number called a nonce, such that when the block content is hashed along with the nonce, the result is numerically smaller than the network's difficulty target.[7]:ch. 8 This proof is easy for any node in the network to verify, but extremely time-consuming to generate, as for a secure cryptographic hash, miners must try many different nonce values (usually the sequence of tested values is the ascending natural numbers: 0, 1, 2, 3, ...[7]:ch. 8) before meeting the difficulty target.
Every 2,016 blocks (approximately 14 days at roughly 10 min per block), the difficulty target is adjusted based on the network's recent performance, with the aim of keeping the average time between new blocks at ten minutes. In this way the system automatically adapts to the total amount of mining power on the network.[7]:ch. 8Between 1 March 2014 and 1 March 2015, the average number of nonces miners had to try before creating a new block increased from 16.4 quintillion to 200.5 quintillion.[92]
The proof-of-work system, alongside the chaining of blocks, makes modifications of the blockchain extremely hard, as an attacker must modify all subsequent blocks in order for the modifications of one block to be accepted.[93] As new blocks are mined all the time, the difficulty of modifying a block increases as time passes and the number of subsequent blocks (also called confirmations of the given block) increases.[80]
submitted by TheResearcher012 to GreatLifePostsGoTeam [link] [comments]

Surae's (me) end-of-November (2017!) update.

You can check it out on the forums here. Here's a copypasta:
Surae's End of November (2017!) Update
Hello, everyone! Sarang posted his update a few days ago to give the community time to review his work before the end of the month. I was hoping to finish multisig off before the end of this month... so I held off on writing this update until then... but it looks like I'm somewhere between 2 days and a week behind on that estimate.
MRL Announcements
Meetings. We are holding weekly meetings on Mondays at 17:00 UTC. Logs are to be posted on my github soon(tm). Usually we alternate between "office hours" and "research meetings." At office hours, we want members of the community to come in and be able to ask questions, so we are considering opening up a relay to the freenode channel during office hours times, unless things get out of hand.
POW-Difficulty Replacement Contest. Some time in December, I am going to formalize an FFS "idea" to open up a multiple-round contest for possible replacements for our proof of work game. The first round would have a 3- or 6-month deadline. Personally, I would love it if this FFS could have an unbounded reward amount. If the community is extremely generous, we could easily whip up a large enough reward to spur lots and lots of interest across the world.
The Bitcoin POW game uses SHA256 to find nonces that produce hashes with sufficiently small digests according to the Bitcoin difficulty metric. Our current POW game uses CryptoNight to find nonces that produce hashes with sufficiently small digests according to the CryptoNote difficulty metric. The winner need not be proof of work. My current thoughts are roughly this:
All submissions will be public. Submissions that minimize incentives for centralized mining (or maximize disincentives) will be preferred over submissions that do not. Submissions that are elegant will be preferred over submissions that are not. Submissions that have provable claims about desirable properties will be preferred over submissions that do not (e.g. for either the Bitcoin or the Monero POW games, the necessary and sufficient network conditions for these games to produce blocks in a Poisson process have not been identified, to my understanding). Submissions that have a smaller environmental impact will be preferred over submissions that have a larger impact. And so on. I would like as many ideas as possible about a judging rubric for the first round. Especially if a large amount of money will be put up as a prize.
The details of the next round would be announced along with the winners of the first round. The reward funds should be released when a set of judges agree on a winner. MRL and Monero Core should each have representation on the panel of judges, and there ought to be at least one independent judge not directly associated with the Monero Project, like Peter Todd, Tim Ruffing, or someone along those lines. But, again, this is just an idea. If the community doesn't like it, we can drop it.
Here is a rundown for November
Multisig. Almost done. I know, I know, it's been forever. We, as a community, have recently come to see how important it is to carefully and formally ensure the correctness of our schemes before proceeding. Multisig is a delicate thing because a naively implemented multisig can reveal information about the participants.
I'm finishing vetting key creation today, finishing signatures tomorrow and the next day. Then I'm passing the result off to moneromooo and luigi to ensure that my description of their code is accurate up to their understanding. Then onto Sarang for final reviews before submission, hopefully by the end of the month. I have my life until Sunday evening blocked off to finish this. A copy of the document will be made available to the community ASAP (an older version is on my github), after more checking and writing is completed.
This whitepaper on multisig will be broken into two papers: one will be intended for peer review describing multi-ring signatures, and one will be a Monero Standard. More about that later...
RTRS RingCT column-linkability and amortization. You may say "what? I thought we were putting RTRS RingCT on the back burner?" Well, I'm still think ing about amortization of signatures. I'm thinking it will be possible (although perhaps not feasible) for miners to include amortized signatures upon finding new blocks. This would allow users to cite an amortized signature for fast verification, but has some possible drawbacks. But more exciting, I'm also chatting with Tim Ruffing, one of the authors on the RTRS RingCT papers: he thinks he has a solution to our "linkability by columns" problem with MLSAG and RingCT. Currently we try to avoid using more than one ring signature per recipient. This avoids linking distinct outputs based on bundling of these ring signatures. Ruffing believes RTRS RingCT can be tweaked to prove several commitments in a vector of commitments; this would allow a single RTRS RingCT to be computed and checked for each output being spent.
Once all the details are checked, I'll write up a document and make a copy of it available to the community. If it works, of course.
Consequences of bulletproofs. In my last end-of-month update I hinted at issues with an exponential space-time trade-off in RTRS RingCT. Due to the speed and space savings with bulletproofs, it may now be feasible to implement RTRS RingCT. With improved verification time savings with bulletproofs we can relax our requirements for verification times for signatures. This will allow the slightly longer verification times of RTRS RingCT to be counter-acted. Solving the problem "what ring sizes can we really get away with?" involves some modeling and solving some linear programming problems (linear programming, or linear optimization, is an anachronistically named area of applied mathematics involved with optimizing logistic problems... see here for more information).
Hence, we will be inserting bulletproofs into Monero with low friction, and then we will look into the logistics of moving to RTRS RingCT.
Monero Standards. Right now, we don't have a comprehensive list of how Monero works, all the various primitives and how they all fit together. Sarang and I have begun working on some Monero Standards that are similar to the original Cryptonote Standards (see here for more information). For each standard, from our hash function on upward, we will describe the standard, provide a justification for Monero's choices in those standards (complete with references), as well as a list of possible replacement standards. For example, our Monero RingCT Standard should describe the RingCT scheme described by shen, which is essentially a ring signature with linear combinations of signing keys + amount commitments. Under the "possible replacements" section, we would describe both the RTRS RingCT scheme and the doubly efficient zk-snark technology as two separate options.
These standards may take awhile to complete, and will be living documents as we change the protocol over the years. In the meantime, it will make it dramatically easier for future researchers to step into MRL and pick up where previous researchers have left off.
Hierarchical view keys. Exploiting the algebra we currently use for computing one-time keys, the sub-address scheme plays with view keys in a certain way, allowing a user to have one single view key for many wallets. Similarly, we may split a view key into several shares, where each subset of shares can be used to grant partial view access to the wallet. A receiver can request that a sender use a particular basepoint in their transaction key where different subsets of shares of the view key grant access to transactions with different basepoints in their transaction keys. None of these are protocol-level observations, they are wallet-level observations. Moreover, these require only that a receiver optionally specify a basepoint.
In other words: hierarchical view keys are a latent feature of our one-time address scheme that has not seen specific development yet. It's a rather low priority compared to the other projects under development; it grants users fine-grained control over their legal compliance, but Monero Standards will have great long-term impact on development and research at Monero.
Criticisms. Monero has suffered some recent criticisms about our hash function. I want to briefly address them.
First, I believe part of the criticism came from a confusion between Keccak3, SHA-3, and Keccak: we have never claimed to use SHA-3 as our hash function, we have only used the Keccak3 hash function, which is a legacy choice inherited from the original CryptoNote reference code. Many developers confuse the two, but Keccak3 was the hash function on which SHA-3 is based. In particular, the Keccak sponge construction can be used to fashion lots and lots of primitives, all of which could fairly be called "Keccak:" both Keccak3 and SHA-3 are Keccak constructions. This may be a subtle nomenclature issue, but it's important because a good portion of our criticisms say "Hey, they aren't using SHA-3!"
Second, I believe part of the criticism also comes from our choice of library, which in my opinion isn't a big deal as long as the library does what it says on the tin. In this case, our hash function is a valid implementation of Keccak3 according to the Keccak3 documentation. The most important criticism, from my point of view, is our choice of pre-SHA-3 Keccak3 as our hash function. Keccak3 underwent lots of analysis during the SHA contest, and Keccak3 is a well-vetted hash funtion. However, it has not been chosen as an international standard. There is a sentiment in the cryptocurrency community to distrust standards, which is probably a healthy sentiment. In this case, however, it means that our choice of hash function is not likely to be supported in common, well-vetted libraries in the future. Moreover, since SHA-3 is an international standard, it shall be undergoing heavy stress testing over the coming decades, a benefit Keccak3 shall not enjoy.
Last month, after some discussions, we made changes to our choice of PRNG in Monero to match the PRNG for Bitcoin. There has since been some discussions instantiated by anonimal about this choice of PRNG. We at MRL are doing our best to assist the core team in weighing the relative costs and benefits of switching to a library like crypto++, and so we believe these criticisms fall into the same category. We intend to address these issues and make formal recommendations in the aforementioned Monero Standards. Sorry for using the word aforementioned.
Things that didn't move much include a) educational outreach, b) SPECTRE, c) anti-ASIC roadmap, d) refund transactions. Most of which was on hold to complete multisig.
As far as educational outreach, I contacted a few members of a few math/cs depts at universities around me, but I haven't gotten anything hopeful yet. I wanted to go local (with respect to me) to make it easier to organize, but that's looking less likely. No matter how enthusiastic of a department we find, garnering participation from faculty members, beginning an application process for new students, squirelling up funding, working out logistics of getting teachers or lecturers/speakers from point A to point B, where to stash students, etc would be a challenge to finish before, say, July. And some schools start their fall semesters in mid-August. So I'm thinking that Summer 2019 is reasonable as the first Monero Summer School... and would be a real fun way to finish off a two-year post-doc!
December plan. I am going to finish multisig, and then finish the zk-lit review with Jeffrey Quesnelle, since these are both slam dunks. Any other time in December I have will be devoted to a) looking into the logistics of using the bulletproofs + RTRS RingCT set-up, b) reading the new zk-stark paper and assessing its importance for Monero, c) beginning work on Monero Standards, which includes addressing our hash function criticisms, our PRNG, etc.
Thank you again! This is an incredible opportunity, and this community is filled with some smart cookies. Every day is a challenge, and I couldn't ask for a more fun thing to be doing with my life right now. I'm hoping that my work ends up making Monero better for you.
submitted by snoether to Monero [link] [comments]

EasyMine: WTF Happened?

UPDATE: VTC mining on Easymine back to normal, payouts have resumed. Zero fees for the rest of the month.
Here's a more detailed response to - bear with me and put on your nerd hat for a few mins.
The stratum server for all EasyMine pools is node-merged-pool - a merge mining fork of node-stratum-pool. See my repo here @
This is what miners connect to for work and to submit valid shares on the search for blocks. The information that is exchanged in hex digits, and the data coming back from the miner includes the time, the job, ExtraNonce2 and nonce (see All of these fields are used to notify the server of valid work exceeding a specific difficulty.
Hex digits are not case-sensitive. So 'FF00AA11' is the same as 'ff00aa11'. Both equate to decimal 4278233617. So for the purposes of construction a block header, it doesn't matter if the hex digits are uppercase, lowercase, or a mixture of both - it all works out the same, and produces the same hash. Hold this thought.
The stratum server knows what shares each miner has submitted, it keeps a track of all of the data in an array. It checks every time that work is submitted that the same work hasn't been submitted before whilst searching for the next block. If it was submitted, then the new submission is rejected as duplicate work.
Now, where this has all gone wrong is that the way the data is stored in this array was a string containing the four fields mentioned above. Strings are case-sensitive and when making comparisons 'FF00AA11' != 'ff00aa11', as well as 'ff00aA11' and 'ff00AA11' and so on.... This allowed our attacker to submit the same work many many times, altering only the case of the hex digits (he was doing it to the nonce, but the other fields are also susceptible to the attack), so the logic to check for duplicate work wasn't firing, the shares were valid (as they produced a valid hash above difficulty), and our attacker was faking most of his hash-rate. A lot. A shit-ton of it.
I have fixed this in my fork of node-stratum-pool - the fix is very easy, we just make all the characters lower case before testing for duplicate shares. See for my fix.
My big concern is that the other forks I've seen for node-stratum-pool are susceptible to the attack, and quite possibly other pool software is too possibly even p2pool? I've not looked. If someone can check and let me know and I'll update this. p2pool has been confirmed as resilient to this type of attack.
So, Who-The-F&*k did this. This is what I have so far:
He's used the following VTC and NIX addresses:
I've seen connections coming in from the following IP addresses:
He is still attacking EasyMine, but it's not having any effect now. Actually the server keeps banning him now as it's detecting that he's submitting too many invalid shares. Take that.
The path forward
I have a big mess to clean up, he's made off with about 652 VTC and about 3576 NIX, essentially stolen from you miners. I will see what I can do to recover some of this (not all of it has been paid to him yet), but there is going to be a substantial shortfall. Mr Attacker, feel free to PM me and we can arrange a settlement :)
Payouts on both the VTC & NIX pools are suspended until i can clean this up, I hope this won't take more than a couple of days.
submitted by nzsquirrell to vertcoin [link] [comments]

Question about how mining works

I'm trying to understand how bitcoin mining works and some things don't make sense.
According to my understanding of mining, a bunch of data is hashed and if the resulting hash has more leading zeros than the target difficulty value then you have a valid hash and your block is confirmed.
The data that's passed into this hash function is
  1. A Merkel tree of the transactions you want to confirm
  2. Current version of bitcoin
  3. Hash of the previous block
  4. Current time
  5. Target difficulty
  6. Nonce (just a counter of how many times you've tried to guess a hash that matches the difficulty)
  1. My first question has to do with the Nonce value. This is a 32 bit number so the worst-case number of guesses (hashes) you need make is 2,147,483,647. Can the Nonce value be negative? If it can't, is the value signed or unsigned?
  2. Secondly, if I only need to make around 2,147,483,647 hashes, then wouldn't a mining pool be able to guess an acceptable answer very quickly?
  3. According to the wiki page I referenced, the time value that is passed into the hash function updates every few seconds which, in turn, changes the hash. Does this mean that after a few seconds I have to start my hash all over again? It's like I was counting from 0-100 but after 5 seconds I started over at 0 again.
  4. If the time in the hash value changes every few seconds, why wouldn't I just create a mining network running an altered version of the software that doesn't change the time to make it easier on myself?

submitted by themattman18 to Bitcoin [link] [comments]

So you’ve got your miner working, busy hashing away … but what is it really doing?

Posted for eternity @
Your miner is repeatedly hashing (see below for detail about a hash) a block of data, looking for a resulting output that is lower than a predetermined target. Each time this calculation is performed, one of the fields in the input data is changed, and this results in a different output. The output is not able to be determined until the work is completed – otherwise why would we bother doing the work in the first place?
Each hash takes a block header (see more below, but basically this is a 80-byte block of data). It runs this through the hashing function, and what comes out is a 32-byte output. For each, we usually represent that output in hexadecimal format, so it looks something like:
(that’s 64 hexadecimal characters – each character represents 4-bits. 64 x 4 bits = 256bit = 32 bytes)
The maximum value for our hash is:
And the lowest is:
The goal in Proof-of-Work systems is to look for a hash that is lower than a specific target, i.e. starts with a specific number of leading zeros. This target is what determines the difficulty.
As the output of the hash is indeterminate, we look to statistics and probability to estimate how much work (i.e. attempts at hashing) we need to complete to find a hash that is lower than a specific target. So, we can therefore assume that to find a hash that starts with a leading zero will take, on average, 16 hashes. To find one that will start with two leading zeros (00), we’re looking at 256 hashes. Four leading zeros (0000) will take 65,536 hashes. Eight leading zeros (00000000) takes 4,294,967,296 hashes. So on and so on, until we realize that it will take 2 ^ 256 (a number too big for me to show here) attempts at hitting our minimum hash value.
Remember – this number of hashes is just an estimate. Think of it like rolling a dice. A 16-sided dice. And then rolling it 64 times in a row. And hoping to strike a specific number of leading zeros. Sometimes it will take far less than the estimate, sometimes it will take far more. Over a long enough time period though (with our dice it may take many billions of years), the averages hold true.
Difficulty is a measure used in cryptocurrencies to simply show how much work is needed to find a specific block. A block of difficulty 1 must have a hash smaller than:
A block of difficulty 1/256 (0.00390625) must have a hash lower than:
And a block of difficulty 256 must have a hash lower than:
So the higher the difficulty, the lower the hash must be; therefore more work must be completed to find the block.
Take a recent Vertcoin block – block # 852545, difficulty 41878.60056944499. This required a hash lower than:
The achieve finding this, a single miner would need to have completed, on average 179,867,219,848,013 hashes (calculated by taking the number of hashes needed for a difficulty 1 block - 4,294,967,296 or 2 ^ 32 or 16 ^ 8 – and multiplied by the difficulty). Of course, our single miner may have found this sooner – or later – than predicted.
Cryptocurrencies alter the required difficulty on a regular basis (some like Vertcoin do it after every block, others like Bitcoin or Litecoin do it every 2016 blocks), to ensure the correct number of blocks are found per day. As the hash rate of miners increases, so does the difficulty to ensure this average time between blocks remains the same. Likewise, as hash rate decreases, the difficulty decreases.
With difficulties as high as the above example, solo-mining (mining by yourself, not in a pool) becomes a very difficult task. Assume our miner can produce 100 MH/s. Plugging in this into the numbers above, we can see it’s going to take him (on average) 1,798,673 seconds of hashing to find a hash lower than the target – that’s just short of 21 days. But, if his luck is down, it could easily take twice that long. Or, if he’s lucky, half that time.
So, assuming he hit’s the average, for his 21 days mining he has earned 25 VTC.
Lets take another look at the same miner, but this time he’s going to join a pool, where he is working with a stack of other miners looking for that elusive hash. Assume the pool he has joined does 50 GH/s – in that case he has 0.1 / 50 or 0.2% of the pool’s hash rate. So for any blocks the pool finds he should earn 0.2% of 25 VTC = 0.05 VTC. At 50 GH/s, the pool should expect to spend 3,597 seconds between finding blocks (2 ^ 32 * difficulty / hashrate). So about every hour, our miner can expect to earn 0.05 VTC. This works out to be about 1.2 VTC per day, and when we extrapolate over the estimated 21 days of solo mining above, we’re back to 25 VTC.
The beauty of pooled-mining over solo-mining is that the time between blocks, whilst they can vary, should be closer to the predicted / estimated times over a shorter time period. The same applies when comparing pools – pools with a smaller hash rate will experience a greater variance in time between blocks than a pool with a greater hash rate. But in the end, looking back over a longer period of time, earnings will be the same.
A Hash is a cryptographic function that can take an arbitrary sized block of data and maps it to a fixed sized output. It is a one-way function – only knowing the input data can one calculate the output; the reverse action is impossible. Also, small changes to the input data usually result in significant changes to the output value.
For example, take the following string:
“the quick brown fox jumps over the lazy dog” 
If we perform a SHA256 hash of this, it results in:
If we change a single character in the input string (in this case we will replace the ‘o’ in ‘over’ to a zero), the resulting hash becomes:
A block is made up of a header, and at least one transaction. The first transaction in the block is called the Coinbase transaction – it is the transactions that creates new coins, and it specifies the addresses that those coins go to. The Coinbase transaction is always the first transaction in a block, and there can only be one. All other transactions included in a block are transactions that send coins from one wallet address to another.
The block header is an 80-byte block of data that is made up of the following information in this order:
  • Version – a 32-bit/4-byte integer
  • Previous Block’s SHA256d Hash – 32 bytes
  • Merkle Hash of the Transactions – 32 bytes
  • Timestamp - a 32-bit/4-byte integer the represents the time of the block in seconds past 1st January 1970 00:00 UTC
  • nBits - a 32-bit/4-byte integer that represents the maximum value of the hash of the block
  • Nonce - a 32-bit/4-byte integer
The Version of a block remains relatively static through a coin’s lifetime – most blocks will have the same version. Typically only used to introduce new features or enforce new rules – for instance Segwit adoption is enforced by encoding information into the Version field.
The Previous Blocks’ Hash is simple a doubled SHA256 hash of the last valid blocks header.
The Merkle Hash is a hash generated by chaining all of the transactions together in a hash tree – thus ensuring that once a transaction is included in a block, it cannot be changed. It becomes a permanent record in the blockchain.
Timestamp loosely represents the time the block was generated – it does not have to be exact, anywhere within an hour each way of the real time will be accepted.
nBits – this is the maximum hash that this block must have in order to be considered valid. Bitcoin encodes the maximum hash into a 4-byte value as this is more efficient and provides sufficient accuracy.
Nonce – a simple 4-byte integer value that is incremented by a miner in order to find a resulting hash that is lower than that specified by nBits.
submitted by nzsquirrell to VertcoinMining [link] [comments]


TERA is an open source and collaborative project. It means everyone can view and eventually modify its source code for hehis own needs. And it also means anyone is welcome to integrate its working community. The Tera community works to develop, deploy and maintain Tera nodes and decentralized applications that are part of the TERA Network.
The TERA technology serves the cryptocurrency concepts, trying to design a modern coins and contracts blockchain application : fast block generation, high transaction throughput and user-friendly application. It was officialy launched on 30th of June 2018 on the bitcointalk forum.
[Yuriy Ivanov](mailto:[email protected]) is the founder and core developer of the project. The Tera community is more familiar with the alias « vtools ».


In the aim to make this crypto currency project more friendly to end-users, some interesting innovations have been implemented in regards to the first generation of crpyto currency applications. The bitcoin and its thousands of child or fork, required a good level of IT skills in order to manage all the application chain from its own : from miners and its hardware, through stratum servers, proxies, to blockchain nodes. The Tera project intend to go one step further regarding crypto currency features integration into a single application : once installed, an efficient web application is available on localhost on port 8080. Then, any web browser supporting javascript may be able to access this application and to operate fully the Tera node.



The mining activity consist in calling a mathematical procedure we can’t predict the result before we run it. But we intend to obtain a very specific result, which usually consist in a certain number of 0 as the first chars before any random answer. If we found the nonce (a random object) combined with the transaction data and the coin algorithm that produce such result, we’ll have solve a transaction block and we’ll get a reward for that. Thanks to this work, the transaction listed in the block will be added to the blockchain and anyone will be able to check our work. That’s the concept of ‘proof of work’ allowing anyone to replay the mathematical procedure with the nonce discovered by the node that solved the block and to confirm block inclusion into the blockchain.


The Tera project is young. It will have to face the same problems is facing today the Bitcoin platform :
Any Crypto Currency Project with the goal its money and contracts to be used as any other historical money or service contract has to consider its political and ethical usage. Processes have to be imagined, designed and implemented in order to be able to fight against extortion, corruption and illegal activities threating crypto-currency development.



wallet, accounts, payments, mining, node settings and utilities, blockchain explorer and utilities…


d-app : forum, stock exchange, payment plugins for third party platform, …


Tera is entirely written in Java) over the NodeJS library as functional layer in order to take advantages of a robust and high level library designed to allow large and effective network node management.
The miner part is imported from an external repository and is written in C in order to get the best performances for this module.
Tera is actually officially supported on Linux and Windows.
If you start mining Tera thanks to this article, you can add my account 188131 as advisor to yours. On simple demand I’ll refund you half of the extra coins generated for advisors when you’ll solve blocks (@freddy#8516 on discord).


Mining Tera has one major design constraint : you need one public IP per Tera node or miner. Yet, you can easily mine it on a computer desktop at home. The mining algorithm has been designed in order to be GPU resistant. In order to mine Tera coin you’ll need a multi-core processor (2 minimum) and some RAM, between 1 and 4GB per process that will mine. The mining reward level depends of the « power » used to solve a block (Top Tera Miners).


There is two main cost centers in order to mine a crypto currency :
  1. the cost of the hardware and the energy required to make a huge amount of mathematical operations connected to the blockchain network through the Internet,
  2. the human cost in order to deploy, maintain and keep running miners and blockchain nodes.
As the speculation actually drives the value of crypto currencies, it is not possible to answer if the mining activity is profitable or not. Moreover, hardware, energy and human costs are not the same around the globe. To appreciate if mining a crypto currency is profitable we should take all indirect costs : nature cost (for hardware and energy production), human cost (coins and contracts usage, social rights of blockchain workers).

Original: https://freddy.linuxtribe.frecherche-et-developpement/blockchain-cryptocurrency-mining/tera-crypto-currency-project/
Author: Freddy Frouin, [email protected].
submitted by Terafoundation to u/Terafoundation [link] [comments]


Блокче́йн (англ. blockchain, изначально block chain) — выстроенная по определённым правилам непрерывная последовательная цепочка блоков (связный список), содержащих информацию. Чаще всего копии цепочек блоков хранятся на множестве разных компьютеров независимо друг от друга.
Впервые термин появился как название полностью реплицированной) распределённой базы данных, реализованной в системе «Биткойн», из-за чего блокчейн часто относят к транзакциям) в различных криптовалютах, однако технология цепочек блоков может быть распространена на любые взаимосвязанные информационные блоки. Биткойн стал первым применением технологии блокчейн в октябре 2008 года.
Блок транзакций
Блок транзакций — специальная структура для записи группы транзакций в системе Биткойн и аналогичных ей. Транзакция считается завершённой и достоверной («подтверждённой»), когда проверены её формат и подписи, и когда сама транзакция объединена в группу с несколькими другими и записана в специальную структуру — блок. Содержимое блоков может быть проверено, так как каждый блок содержит информацию о предыдущем блоке. Все блоки выстроены в одну цепочку, которая содержит информацию обо всех совершённых когда-либо операциях в базе. Самый первый блок в цепочке — первичный блок (англ. genesis block) — рассматривается как отдельный случай, так как у него отсутствует родительский блок.
Блок состоит из заголовка и списка транзакций. Заголовок блока включает в себя свой хеш, хеш предыдущего блока, хеши транзакций и дополнительную служебную информацию. В системе Биткойн первой транзакцией в блоке всегда указывается получение комиссии, которая станет наградой майнеру за созданный блок. Далее идёт список транзакций, сформированный из очереди транзакций, ещё не записанных в предыдущие блоки. Критерий отбора из очереди задаёт майнер самостоятельно. Это не обязательно должна быть хронология по времени. Например, могут включаться только операции с высокой комиссией или с участием заданного списка адресов. Для транзакций в блоке используется древовидное хеширование, аналогичное формированию хеш-суммы для файла в протоколе BitTorrent). Транзакции, кроме начисления комиссии за создание блока, содержат внутри параметра input ссылку на транзакцию с предыдущим состоянием данных (в системе Биткойн, например, даётся ссылка на ту транзакцию, по которой были получены расходуемые биткойны). Операции по передаче майнеру комиссии за создание блока не имеют «входных» транзакций, поэтому в данном параметре может указываться любая информация (для них это поле носит название англ. Coinbase parameter).
Созданный блок будет принят остальными пользователями, если числовое значение хеша заголовка равно или меньше определённого целевого числа, величина которого периодически корректируется. Так как результат хеширования функции SHA-256 считается необратимым, на данный момент нет алгоритма получения желаемого результата, кроме случайного перебора. Если хеш не удовлетворяет условию, то в заголовке изменяется параметр nonce и хеш пересчитывается. Обычно требуется большое количество пересчётов. Когда вариант найден, узел рассылает полученный блок другим подключенным узлам, которые проверяют блок. Если ошибок нет, то блок считается добавленным в цепочку и следующий блок должен включить в себя его хеш.
Величина целевого числа, с которым сравнивается хеш, в системе Биткойн корректируется через каждые 2016 блоков. Запланировано, что вся сеть системы Биткойн должна тратить на генерацию одного блока примерно 10 минут, на 2016 блоков — около двух недель. Если 2016 блоков сформированы быстрее, то цель немного уменьшается и достичь её становится труднее, в противном случае цель увеличивается. Изменение сложности вычислений не влияет на надёжность сети Биткойн и требуется лишь для того, чтобы система генерировала блоки почти с постоянной скоростью, не зависящей от вычислительной мощности участников сети.

Цепочка блоков

📷Основная последовательность блоков (чёрные) является самой длинной от начального (зелёный) до текущего. Побочные ветви (фиолетовые) отсекаются.
Блоки одновременно формируются множеством «майнеров». Удовлетворяющие критериям блоки отправляются в сеть, включаясь во все репликации) распределённой базы блоков. Регулярно возникают ситуации, когда несколько новых блоков в разных частях распределённой сети называют предыдущим один и тот же блок, то есть цепочка блоков может ветвиться. Специально или случайно можно ограничить ретрансляцию информации о новых блоках (например, одна из цепочек может развиваться в рамках локальной сети). В этом случае возможно параллельное наращивание различных ветвей. В каждом из новых блоков могут встречаться как одинаковые транзакции, так и разные, вошедшие только в один из них. Когда ретрансляция блоков возобновляется, майнеры начинают считать главной цепочку с учётом уровня сложности хеша и длины цепочки. При равенстве сложности и длины предпочтение отдаётся той цепочке, конечный блок которой появился раньше. Транзакции, вошедшие только в отвергнутую ветку (в том числе по выплате вознаграждения), теряют статус подтверждённых. Если это транзакция по передаче биткойнов, то она будет поставлена в очередь и затем включена в очередной блок. Транзакции получения вознаграждения за создание отсечённых блоков не дублируются в другой ветке, то есть «лишние» биткойны, выплаченные за формирование отсечённых блоков, не получают дальнейших подтверждений и «утрачиваются».
Таким образом, цепочка блоков содержит историю владения, с которой можно ознакомиться, например, на специализированных сайтах.
Блокчейн формируется как непрерывно растущая цепочка блоков с записями обо всех транзакциях. Копии базы или её части одновременно хранятся на множестве компьютеров и синхронизируются согласно формальным правилам построения цепочки блоков. Информация в блоках не шифрована и доступна в открытом виде, но отсутствие изменений удостоверяется криптографически через хеш-цепочки (элемент цифровой подписи).
База публично хранит в незашифрованном виде информацию о всех транзакциях), подписываемых с помощью асимметричного шифрования. Для предотвращения многократной траты одной и той же суммы используются метки времени, реализованные путём разбиения БД на цепочку специальных блоков, каждый из которых, в числе прочего, содержит в себе хеш предыдущего блока и свой порядковый номер. Каждый новый блок осуществляет подтверждение транзакций, информацию о которых содержит и дополнительное подтверждение транзакций во всех предыдущих блоках цепочки. Изменять информацию в блоке, который уже находится в цепи, не практично, так как в таком случае пришлось бы редактировать информацию во всех последующих блоках. Благодаря этому успешная double-spending атака (повторная трата ранее израсходованных средств) на практике крайне маловероятна.
Чаще всего умышленное изменение информации в любой из копий базы или даже в достаточно большом количестве копий не будет признано истинным, так как не будет соответствовать правилам. Некоторые изменения могут быть приняты, если будут внесены во все копии базы (например, удаление нескольких последних блоков из-за ошибки в их формировании).
Для более наглядного объяснения механизма работы платёжной системы Сатоси Накамото ввёл понятие «цифровая монета», определив его как цепочку цифровых подписей. В отличие от стандартизированных номиналов обычных монет, каждая «цифровая монета» имеет свой собственный номинал. Каждому биткойн-адресу может сопоставляться любое количество «цифровых монет». При помощи транзакций их можно делить и объединять, при этом сохраняется общая сумма их номиналов за вычетом комиссии.
До версии 0.8.0 для хранения цепочки блоков основной клиент использовал Berkeley DB, начиная с версии 0.8.0 разработчики перешли на LevelDB.

Подтверждение транзакций[править | править код]

Пока транзакция не включена в блок, система считает, что количество биткойнов на некоем адресе остаётся неизменным. В это время есть техническая возможность оформить несколько разных транзакций по передаче с одного адреса одних и тех же биткойнов разным получателям. Но как только одна из подобных транзакций будет включена в блок, остальные транзакции с этими же биткойнами система будет уже игнорировать. Например, если в блок будет включена более поздняя транзакция, то более ранняя будет считаться ошибочной. Есть небольшая вероятность, что при ветвлении две подобные транзакции попадут в блоки разных ветвей. Каждая из них будет считаться правильной, лишь при отмирании ветви одна из транзакций станет считаться ошибочной. При этом не будет иметь значения время совершения операции.
Таким образом, попадание транзакции в блок является подтверждением её достоверности вне зависимости от наличия других транзакций с теми же биткойнами. Каждый новый блок считается дополнительным «подтверждением» транзакций из предыдущих блоков. Если в цепочке 3 блока, то транзакции из последнего блока будут подтверждены 1 раз, а помещённые в первый блок будут иметь 3 подтверждения. Достаточно дождаться нескольких подтверждений, чтобы вероятность отмены транзакции стала очень низкой.
Для уменьшения влияния подобных ситуаций на сеть существуют ограничения на распоряжение только что полученными биткойнами. Согласно сервису, до мая 2015 года максимальная длина отвергнутых цепочек была 5 блоков. Необходимое число подтверждений для разблокирования полученного зависит от программы-клиента либо от указаний принимающей стороны. Клиент «Bitcoin-qt» для отправки не требует наличия подтверждений, но у большинства получателей по умолчанию выставлено требование 6 подтверждений, то есть реально воспользоваться полученным обычно можно через час. Различные онлайн-сервисы часто устанавливают свой порог подтверждений.
Биткойны, полученные за создание блока, протокол разрешает использовать после 100 подтверждений[16], но стандартная программа-клиент показывает комиссию через 120 подтверждений, то есть обычно воспользоваться комиссией можно примерно через 20 часов после её начисления.

«Двойное расходование»

Основная статья: Двойное расходование
Если контролировать более 50 % суммарной вычислительной мощности сети, то существует теоретическая возможность при любом пороге подтверждений одни и те же биткойны передать два раза разным получателям — одна из транзакций будет публичной и подтверждаться в общем порядке, а вторая не будет афишироваться, её подтверждения будут происходить блоками скрытой параллельной ветви. Лишь через некоторое время сеть получит сведения о второй транзакции, она станет подтверждённой, а первая утратит подтверждения и будет игнорироваться. В результате не произойдёт удвоения биткойнов, но изменится их текущий владелец, при этом первый получатель утратит биткойны без каких-либо компенсаций.
Открытость цепочки блоков позволяет внести в произвольный блок изменения. Но тогда потребуется пересчёт хеша не только изменённого блока, но и всех последующих. Фактически, для такой операции потребуется мощность не меньше той, которая была использована для создания изменённого и последующих блоков (то есть всей текущей мощности), что делает такую возможность крайне маловероятной.
На 1 декабря 2013 года суммарная мощность сети превысила 6000 THash/s. С начала 2014 года объединение майнеров (пул) длительное время контролирует свыше 40 % суммарной мощности сети «Биткойн», а в начале июня 2014 года в нём кратковременно концентрировалось более 50 % мощности сети.
Двойное расходование биткойнов на практике не было зафиксировано ни разу. На май 2015 года параллельные цепочки никогда не превышали 5 блоков.


За требование к хешам блоков отвечает специальный параметр, называемый «сложность». Так как вычислительные мощности сети непостоянны, этот параметр пересчитывается клиентами сети через каждые 2016 блоков таким образом, чтобы поддерживать среднюю скорость формирования блокчейна на уровне 2016 блоков в две недели. Таким образом, 1 блок должен создаваться примерно раз в десять минут. На практике, когда вычислительная мощность сети растёт — соответствующие временные промежутки короче, а когда снижается — длиннее. Перерасчёт сложности с привязкой ко времени возможен благодаря наличию в заголовках блоков времени их создания. Оно записывается в Unix-формате по системным часам автора блока (если блок создается в пуле, то по системным часам сервера этого пула).
submitted by ivbittar to u/ivbittar [link] [comments]

Dogecoin giveaway - Comment here to receive 100 doge. Also, AMA about cryptocurrency.

Once you get tipped, click the +accept link that the bot PMs you. You can then see your balance and recent dogetipbot transaction history with +history
I will also be answering any questions you have. I'm a moderator on /dogecoin and have been studying cryptocurrency for almost 3 years. Here's a glossary of terms you may not know which may help spark some questions if you don't know what to ask:
Hash: The result of an algorithm that takes any input data of arbitrary size and produces a fixed size output. It is impossible to discover the input data based on the resulting hash.
Private keys, public keys and addresses (privkey, pubkey, addr): Put simply, a private key is just a number. A really really big number. There are 2 ^ 160 possible private keys, each is a 256 bit integer in binary. Using the ECDSA your private keys correspond to a public key. And a hash of your public key is your wallet address.
Wallet: Software which generates and stores your keys and addresses.
Transaction (tx): A piece of data that contains where coins are coming from (inputs) and where they are going to (outputs). To be valid, your wallet software must sign the transaction with the private keys of all the inputs, this is how ownership of coins is proven.
Block: A data structure used by cryptocurrency networks which contains transactions.
Blockchain: The collection of blocks in a cryptocurrency network. Each new block contains the hash of the previous block, this is required for it to be valid. In this way, blocks are chained together, each one depends on the previous one to be valid.
Proof of work (POW): The process of hashing random data to discover a hash value that is lower than a predetermined number, that number is the "difficulty".
Mining: Miners collect all the transactions on the network and assemble them into a block. Using POW, miners insert random data (called a nonce, aka number used once) into the block and hash the block. When they find a hash value below the target difficulty, the block is considered valid by the rules of the network and miners broadcast the block to the network. The transactions in the block now have 1 confirmation. Miners are also allowed to claim a block reward (sort of a finder's fee) for their work. This incentivizes miners for their work. Mining is what secures the network from attack. If you have 51% of the entire network's mining power, then you can block transactions or even reverse transactions, so it is important that mining remains as decentralized as possible.
Node: A computer that is running cryptocurrency software which generates, validates and relays transactions and blocks. They download and validate the full blockchain. Nodes can also be wallets, this software is often called "core". The network of nodes IS the cryptocurrency network, they are what make the whole thing work. The node software also contains a friendly JSON API which can be used to perform many functions, such as looking up a transaction in the blockchain history.
submitted by peoplma to RedditDayOf [link] [comments]

XMR-Stak - proudly XMR-only mining network stack (and CPU miner)

I want to show off what I was working on for the past 7 weeks or so. Just to clarify (there seems to be a lot of "give me money" posts around here recently), it will be FOSS. This is not some kind of crowd funding attempt.
Of course the purpose of this topic is to gage interest - I want to be sure that it is worth my time to polish up "own-use grade" into release grade software, so if you like what you see please upvote and make a noise.

What do you mean by a network stack? What's wrong with the current one?

Network stack is essentially all the logic that lives between the hashing code and the output to the pool. While the software that I'm writing currently has a CPU miner on top, there is no reason why it can't be modified to hash through GPU.
Current stack used by the open source CPU miner and some GPU miners has been knocking around since 2011. Its design is less than ideal - command line args put a limit on how complex the configuration can get, and the flawed network interaction design means that it needs to keep talking to the pool (keep-alive) to detect that it is still there.
Most importantly though, the code was designed for Bitcoin. Cryptonight coins have hashing speeds many orders of magnitude slower, which leads to different design choices. For example both BTC and XMR have 32 bit nonce. That means you have slightly over 4 billion attempts to find a block and you need to add fudge code in BTC that is not needed in XMR.

CPU mining performance

I started off with Wolf's hashing code, but by the time I was done there are only a couple lines of code that are similar.
Performance is nearly identical to the closed source paid miners. Here are some numbers:

Output samples

One of the most annoying things for me about the old mining stack was that it kept spewing huge amounts of redundant information. XMR-Stak prints reports when you request it to do so instead. Here they are (taken from the X5650 system running on Arch).
HASHRATE REPORT | ID | 2.5s | 60s | 15m | ID | 2.5s | 60s | 15m | | 0 | 38.3 | 38.3 | 38.3 | 1 | 38.4 | 38.4 | 38.4 | | 2 | 38.4 | 38.3 | 38.3 | 3 | 38.4 | 38.4 | 38.4 | | 4 | 38.3 | 38.3 | 38.3 | 5 | 38.4 | 38.4 | 38.4 | | 6 | 38.3 | 38.3 | 38.3 | 7 | 38.4 | 38.4 | 38.4 | | 8 | 40.0 | 40.0 | 40.0 | 9 | 40.1 | 40.1 | 40.1 | | 10 | 40.0 | 40.0 | 40.0 | 11 | 40.1 | 40.1 | 40.1 | ----------------------------------------------------- Totals: 467.0 467.0 467.0 H/s Highest: 467.0 H/s 
Since this is a CLI server it is very uniform as you would expect. You can also see that some threads would gain 1.5H/s if they were on better NUMA nodes.
RESULT REPORT Difficulty : 8192 Good results : 316 / 316 (100.0 %) Avg result time : 17.9 sec Pool-side hashes : 2588672 Top 10 best results found: | 0 | 516321 | 1 | 488669 | | 2 | 391229 | 3 | 384157 | | 4 | 380941 | 5 | 379807 | | 6 | 347487 | 7 | 292038 | | 8 | 246997 | 9 | 244569 | Error details: Yay! No errors. 
And last one:
CONNECTION REPORT Connected since : 2016-12-19 20:21:38 Pool ping time : 141 ms Network error log: Yay! No errors. 
Sample config file is as follows:

Low power mode

This is a bit of an academic exercise, showing why I don't believe that memory latency is be-all and end-all of PoW. Idea is very simple. We do two hashes at a time, we double the performance (as we have more time to load data from L3). We are of course still constrained by the L3 cache, but FPGAs with 50-100MB of on-chip memory are out already.

Some things for the future

Let me know what you think.
-----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v2 mQENBFhYUmUBCAC6493W5y1MMs38ApRbI11jWUqNdFm686XLkZWGDfYImzL6pEYk RdWkyt9ziCyA6NUeWFQYniv/z10RxYKq8ulVVJaKb9qPGMU0ESfdxlFNJkU/pf28 sEVBagGvGw8uFxjQONnBJ7y7iNRWMN7qSRS636wN5ryTHNsmqI4ClXPHkXkDCDUX QvhXZpG9RRM6jsE3jBGz/LJi3FyZLo/vB60OZBODJ2IA0wSR41RRiOq01OqDueva 9jPoAokNglJfn/CniQ+lqUEXj1vjAZ1D5Mn9fISzA/UPen5Z7Sipaa9aAtsDBOfP K9iPKOsWa2uTafoyXgiwEVXCCeMMUjCGaoFBABEBAAG0ImZpcmVpY2VfdWsgPGZp cmVpY2UueG1yQGdtYWlsLmNvbT6JATcEEwEIACEFAlhYUmUCGwMFCwkIBwIGFQgJ CgsCBBYCAwECHgECF4AACgkQ+yT3mn7UHDTEcQf8CMhqaZ0IOBxeBnsq5HZr2X6z E5bODp5cPs6ha1tjH3CWpk1AFeykNtXH7kPW9hcDt/e4UQtcHs+lu6YU59X7xLJQ udOkpWdmooJMXRWS/zeeon4ivT9d69jNnwubh8EJOyw8xm/se6n48BcewfHekW/6 mVrbhLbF1dnuUGXzRN1WxsUZx3uJd2UvrkJhAtHtX92/qIVhT0+3PXV0bmpHURlK YKhhm8dPLV9jPX8QVRHQXCOHSMqy/KoWEe6CnT0Isbkq3JtS3K4VBVeTX9gkySRc IFxrNJdXsI9BxKv4O8yajP8DohpoGLMDKZKSO0yq0BRMgMh0cw6Lk22uyulGALkB DQRYWFJlAQgAqikfViOmIccCZKVMZfNHjnigKtQqNrbJpYZCOImql4FqbZu9F7TD 9HIXA43SPcwziWlyazSy8Pa9nCpc6PuPPO1wxAaNIc5nt+w/x2EGGTIFGjRoubmP 3i5jZzOFYsvR2W3PgVa3/ujeYYJYo1oeVeuGmmJRejs0rp1mbvBSKw1Cq6C4cI0x GTY1yXFGLIgdfYNMmiLsTy1Qwq8YStbFKeUYAMMG3128SAIaT3Eet911f5Jx4tC8 6kWUr6PX1rQ0LQJqyIsLq9U53XybUksRfJC9IEfgvgBxRBHSD8WfqEhHjhW1VsZG dcYgr7A1PIneWsCEY+5VUnqTlt2HPaKweQARAQABiQEfBBgBCAAJBQJYWFJlAhsM AAoJEPsk95p+1Bw0Pr8H/0vZ6U2zaih03jOHOvsrYxRfDXSmgudOp1VS45aHIREd 2nrJ+drleeFVyb14UQqO/6iX9GuDX2yBEHdCg2aljeP98AaMU//RiEtebE6CUWsL HPVXHIkxwBCBe0YkJINHUQqLz/5f6qLsNUp1uTH2++zhdBWvg+gErTYbx8aFMFYH 0GoOtqE5rtlAh5MTvDZm+UcDwKJCxhrLaN3R3dDoyrDNRTgHQQuX5/opJBiUnVNK d+vugnxzpMIJQP11yCZkz/KxV8zQ2QPMuZdAoh3znd/vGCJcp0rWphn4pqxA4vDp c4hC0Yg9Dha1OoE5CJCqVL+ic4vAyB1urAwBlsd/wH8= =B5I+ -----END PGP PUBLIC KEY BLOCK----- 
submitted by fireice_uk to Monero [link] [comments]

QRL Versus IOTA - An Overview of Quantum Resistant Cryptography

QRL and IOTA (iota) are quantum resistant cryptocurrencies - to my knowledge, they are the only such cryptocurrencies. I wanted to learn some more about the differences between the two and I thought it would be helpful to share my research with the QRL community.
Disclaimer: I own an amount of both QRL and IOTA.
QRL uses hash-based XMSS digital signatures and Winternitz OTS+ digital signatures for security. The QRL protocol is a custom POS algorithm which uses iterative hash-chains for randomness. (Source)
And we're in the weeds already. Here are some definitions:
Hash-based cryptography: This is the digital security which is implemented by a cryptocurrency. The different types of digital security are defined as digital signature schemes. There are many different signatures out there: Bitcoin uses Secure Hash Algorithm 256-bit (SHA-256); Ethereum uses Ethash; QRL uses XMSS - see below.
XMSS: A hash-based signature scheme (eXtended Merkle Signature Scheme). XMSS is designed specifically as an efficient post-quantum signature scheme. XMSS is PQ-CRYPTO recommended. ("PQ-Crypto is a forum for researchers to present results and exchange ideas on the topic of cryptography in an era with large-scale quantum computers." I won't go much more into this, although it appears to be a solid endorsement of the digital signatures chosen by QRL.)
Winternitz OTS+ (W-OTS+): A hash-based signature scheme, or more specifically a Winternitz type one-time signature scheme (W-OTS). Here is an extract from the QRL Whitepaper explaining the difference between OTS and OTS+ signatures:
Buchmann introduced a variant of the original Winternitz OTS by changing the iterating one-way function to instead be applied to a random number, x, repeatedly but this time parameterised by a key, k, which is generated from the previous iteration of fk(x). This is strongly unforgeable under adaptive chosen message attacks when using a pseudo random function (PRF) and a security proof can be computed for given parameters. It eliminates the need for a collision resistant hash function family by performing a random walk through the function instead of simple iteration. Huelsing introduced a further variant W-OTS+, enabling creation of smaller signatures for equivalent bit security through the addition of a bitmask XOR in the iterative chaining function. Another difference between W-OTS(2011 variant)/ W-OTS+ and W-OTS is that the message is parsed log2(w) bits at a time rather than w, decreasing hash function iterations but increasing keys and signature sizes.
Future improvements planned for QRL include second layer protocol enhancements: an Ephemeral messaging layer which uses lattice-based crypto to enable completely private, and cryptographically authenticated end-end post-quantum secure data channels. As these are not yet implemented, I will not dig into them.
IOTA uses a custom hash-based signature called Kerl and implements Winternitz digital signatures for security. Kerl is written in ternary/trinary, as compared to the traditional binary.
Kerl is the recently upgraded version of Curl, which was upgraded due to the discovery of a security flaw. (The details of this flaw are best left for another post. I discovered this news while researching this post; I will assume Kerl solves the vulnerability issues of Curl for the purposes of this post.)
The official explanation of the quantum proof nature of IOTA is as follows (emphasis mine):
IOTA uses hash-based signatures ( instead of elliptic curve cryptography (ECC). Not only is hash-based signatures a lot faster than ECC, but it also greatly simplifies the overall protocol (signing and verification). What actually makes IOTA quantum-secure is the fact that we use Winternitz signatures. IOTA's ternary hash function is called Curl.
And here is the explanation direct from the IOTA Whitepaper:
4.3 Resistance to quantum computations
It is known that a (today still hypothetical) sufficiently large quantum computer can be very efficient for handling problems where only way to solve it is to guess answers repeatedly and check them. The process of finding a nonce in order to generate a Bitcoin block is a good example of such a problem. As of today, in average one must check around 268 nonces to find a suitable hash that allows to generate a block. It is known (see e.g. [13]) that a quantum computer would need Θ(√N) operations to solve a problem of the above sort that needs Θ(N) operations on a classical computer. Therefore, a quantum computer would be around √2 68 = 234 ≈ 17 billion times more efficient in Bitcoin mining than a classical one. Also, it is worth noting that if blockchain does not increase its difficulty in response to increased hashing power, that would lead to increased rate of orphaned blocks.
Observe that, for the same reason, the “large weight” attack described above would also be much more efficient on a quantum computer. However, capping the weight from above (as suggested in Section 4) would effectively fence off a quantum computer attack as well, due to the following reason. In iota, the number of nonces that one needs to check in order to find a suitable hash for issuing a transaction is not so huge, it is only around 38. The gain of efficiency for an “ideal” quantum computer would be therefore of order 34 = 81, which is already quite acceptable (also, remember that Θ(√N) could easily mean 10√N or so). Also, the algorithm is such that the time to find a nonce is not much larger than the time needed for other tasks necessary to issue a transaction, and the latter part is much more resistant against quantum computing.
Therefore, the above discussion suggests that the tangle provides a much better protection against an adversary with a quantum computer compared to the (Bitcoin) blockchain.
QRL and IOTA both use Winternitz-based digital signatures. Based on my understanding, these two are both reliably quantum resistant. However, QRL's Winternitz OTS+ has the edge on IOTA due to the introduction of additional randomized variables in the generation of the digital signatures. Whether this additional level of randomization is significant, I cannot say.
One takeaway from this research was the conclusion that both QRL and IOTA may be quantum resistant, but they do not appear to be quantum proof. However, like many elements of this analysis, that may not prove to be a significant distinction. In the event of a quantum attack on Bitcoin or another non-quantum resistant cryptocurrency, I would imagine the distinction disappears entirely (in the short term).
Please chime in if you see any errors or are able to shed light on any of the discussed topics. A healthy, critical discussion is good for QRL, for IOTA, and for all other cryptocurrencies.
References (some of these have been linked to already): (This reference was particularly useful)
The QRL Whitepaper
The IOTA Whitepaper
Previous comparison discussion:
submitted by HoagiesFortune to QRL [link] [comments]

Tìm hiểu về công nghệ blockchain

Tìm hiểu về công nghệ blockchain
Mình sẽ bắt đầu bài viết này với một cái tên rất quen thuộc đối với mọi người trong những năm gần đây, đó là bitcoin. Được tạo ra vào năm 2009 bởi một người (nhóm?) có bí danh Satoshi Nakamoto, bitcoin nhanh chóng trở thành một cái tên hết sức nổi tiếng trong giới công nghệ cũng như trong giới tài chính.
Vậy bitcoin và blockchain có mối liên hệ gì với nhau? Bitcoin và blockchain có phải là một? Không. Tuy nhiên, chúng có mối liên hệ rất chặt chẽ. Khi bitcoin được phát hành dưới dạng mã nguồn mở, blockchain đã được gói cùng với bitcoin trong mã nguồn. Và vì bitcoin là ứng dụng đầu tiên của blockchain nên mọi người thường vô tình sử dụng "bitcoin" để có nghĩa là blockchain. Sự hiểu lầm này vẫn tồn tại phổ biến cho đến bây giờ, khi mà công nghệ blockchain đã được ứng dụng trong rất nhiều các ngành công nghiệp và công nghệ khác.
Lời tác giả (1): Bài viết được thực hiện dựa trên kiến thức cá nhân cũng như thông tin được tổng hợp từ nhiều nguồn (tham khảo nguồn ở cuối bài). Bài viết ảnh hưởng đến mình nhiều nhất là từ nguồn hackernoon, sẽ có rất nhiều thông tin và hình ảnh được trích dẫn, lược dịch từ nguồn này. Một số từ tiếng Anh sẽ không được dịch để đảm bảo ý nghĩa (hoặc người viết không biết dịch thế nào ^^). Trong trường hợp nội dung có sai sót rất mong có được góp ý dưới comment. Lời tác giả (2): Blog này mình viết về công nghệ, đôi khi là góc nhìn cá nhân về một vấn đề nào đó. Bài viết này mình cũng sẽ viết tập trung về công nghệ. Nếu bạn đang tìm một bài nói về việc đầu tư bitcoin thế nào cho có lãi, thị trường bitcoin tương lai ra sao, tham gia thị trường này như thế nào ... thì có lẽ bài viết này không phải là thứ bạn đang mong muốn. Tuy nhiên, nếu bạn là một nhà đầu tư chưa có kiến thức gì về bitcoin, và bạn không muốn đầu tư vào một thứ mà bạn không hiểu gì, mình hi vọng những kiến thức mình chia sẻ sau đây sẽ giúp các bạn có tâm lý tốt hơn khi đầu tư vào thị trường này.

Màn dạo đầu về vấn đề tiền tệ và lòng tin

Bitcoin là chủ đề yêu thích của các phương tiện truyền thông trong thời gian gần đây, lượng người biết đến bitcoin cũng như đầu tư vào thị trường này càng ngày càng nhiều. Ngay cả những người chưa bao giờ hiểu về công nghệ, về kỹ thuật mật mã hay về blockchain ... cũng đang bàn tán về nó.
Bitcoin được tạo ra với ý tưởng về một loại tiền tệ vượt qua kiểm soát của chính phủ và đơn giản hóa các giao dịch trực tuyến bằng cách loại bỏ các bên trung gian để xử lý quá trình giao dịch.
Các giao dịch bitcoin được lưu trữ và thực hiện sử dụng một cuốn sổ cái được phân tán trên mạng ngang hàng. Blockchain là công nghệ nền tảng duy trì sổ cái giao dịch của bitcoin.
Chúng ta sẽ bắt đầu với câu chuyện về blockchain bằng một ví dụ về tiền tệ và giao dịch, dĩ nhiên công nghệ blockchain giải quyết được nhiều vấn đề khác, nhưng rõ ràng ví dụ về tiền thì thường dễ hiểu và nhiều cảm hứng hơn.
Giả sử bạn nợ thằng Joe một khoản và nó thì đang hết tiền, dĩ nhiên là nó sẽ đòi tiền bạn, bạn quyết định sẽ thôi lầy lội và chuyển khoản cho nó. Bạn mở iBanking lên, thực hiện lệnh chuyển tiền, ngân hàng kiểm tra số dư tài khoản, thực hiện việc chuyển tiền. Xong.
Về cơ bản, sẽ có đâu đó một bản ghi như thế này:
Trong trường hợp này, cả bạn và Joe đều tin tưởng vào ngân hàng để quản lý tài khoản của mình. Chẳng ngân hàng nào thực sự cầm tiền của bạn và gửi shipper đem cho Joe cả (ít nhất là ở thời đại này). Tất cả những gì cần thiết là một mục nhập trong sổ đăng ký hoặc cơ sở dữ liệu của ngân hàng mà bạn và Joe đều không kiểm soát hoặc sở hữu.
Tiền là vật ngang giá chung có tính thanh khoản cao nhất dùng để trao đổi lấy hàng hóa và dịch vụ nhằm thỏa mãn bản thân và mang tính dễ thu nhận ... Thông qua việc chứng thực các giá trị này dưới dạng của một vật cụ thể (Ví dụ như tiền giấy hay tiền kim loại) hay dưới dạng văn bản (dữ liệu được ghi nhớ của một tài khoản) mà hình thành một phương tiện thanh toán được một cộng đồng công nhận trong một vùng phổ biến nhất định. - wiki
Như vậy đối với ngân hàng, trên khía cạnh quản lý, tiền của bạn thực sự cũng chỉ là những con số đại diện và chúng ta chấp nhận tin tưởng những con số đó cũng như tin tưởng vào ngân hàng. Nói một cách tổng quát hơn, để thiết lập giao dịch, chúng ta phụ thuộc vào cá nhân thứ ba. Và đó cũng là vấn đề của các hệ thống hiện tại.
Điều gì sẽ xảy ra trong trường hợp "người thứ 3" không đáng tin cậy và cuỗm số tiền thật của chúng ta đi? Nếu cuốn sổ cái chứa thông tin tài khoản của bạn bị mất, bị hư hỏng? Nếu thằng cha nào đó ở ngân hàng vô tình hay hữu ý ghi nhầm 1000$ của bạn thành 100$? Dĩ nhiên, đó là ví dụ, trên thực tế bạn có nhiều cách để chứng thực số tiền với ngân hàng, ở đây, chúng ta nhấn mạnh việc rủi ro khi thực hiện giao dịch thông qua sự tin tưởng ở "người thứ 3".
Như vậy, thứ chúng ta cần là một hệ thống mà chúng ta có thể chuyển tiền không cần ngân hàng. Chúng ta có thể xây dựng được một hệ thống như thế không? Dĩ nhiên là có rồi. Các bạn biết rõ là bài viết đang muốn nói đến blockchain. Tuy nhiên hãy để cho mọi thứ thi vị hơn chút bằng cách đi chầm chậm từ bản chất vấn đề. ^^
Thay vì trao đổi tiền thật, chúng ta cũng cần một hệ thống quản lý những con số, những bản ghi, giống như của ngân hàng.
Bằng công nghệ blockchain, chúng ta có thể tự quản lý cuốn sổ cái chứa tài khoản và giao dịch của mình và mọi người.

Thực hiện giao dịch như thế nào?

Điều mấu chốt ở đây là, muốn thực hiện giao dịch, chúng ta phải giao dịch với những người cùng không tin tưởng vào hệ thống ngân hàng và tạm cho rằng hội, nhóm này có khả năng tự quản lý cuốn sổ cái chung.
Cần bao nhiêu người cho một nhóm như trên? Tối thiểu là 3, dĩ nhiên. Nếu 2 người tin tưởng nhau rồi thì chẳng có chuyện gì để bàn cả.
Giả sử chúng ta có 10 người nhé. Trên cơ sở 1 thỏa thuận chung giữa 10 người, họ có chi tiết về tài khoản của nhau nhưng lại không biết danh tính của người giữ tài khoản đó. Nghe hơi khó hiểu chút nhưng bạn có thể tưởng tượng đơn giản là bạn đang cầm sổ tài khoản của ai đó có mã số NOTE7749 mà không biết đích xác cuốn sổ này là của ai trong 9 người còn lại.

1. Hộp đựng tài liệu rỗng

Mỗi người đều sẽ có một hộp đừng tài liệu rỗng để bắt đầu. Hộp này để khi các giao dịch được thực hiện, mười cá nhân này có thể lưu trữ các trang giấy đã ghi lại giao dịch vào các hộp đựng. Tập hợp các trang này sẽ tạo thành một cuốn sổ cái riêng để theo dõi các giao dịch.

2. Khi thực hiện giao dịch

Tiếp theo, tất cả mọi người ngồi với một trang giấy trắng và một cây bút, sẵn sàng để viết bất kỳ giao dịch xảy ra.
Bây giờ, nếu người số 2 muốn gửi $10 đến số 9. Để thực hiện giao dịch, người số 2 nói với tất cả mọi người: "Tôi muốn chuyển $10 đến số 9. Tất cả mọi người, xin vui lòng ghi vào giấy."
Vậy là tất cả mọi người kiểm tra tài khoản của người có số thứ tự 2, nếu tài khoản đó có đủ tiền, mọi người đồng loạt ghi vào tờ giấy của họ như sau:
Giao dịch hoàn thành.

3. Giao dịch tiếp theo

Khi thời gian trôi qua, số giao dịch được tăng lên. Bất cứ khi nào họ muốn thực hiện một giao dịch, họ thông báo nó cho tất cả mọi người khác và mỗi người sau đó lại cập nhật lại bản ghi của mình.
Giao dịch được thực hiện cho đến khi 'hết giấy'. Giả sử một trang chỉ có chỗ ghi mười giao dịch thì ngay khi giao dịch thứ mười được thực hiện, mọi người đều đang ở dòng cuối cùng.
Để tiếp tục thực hiện giao dịch, tất cả mọi người phải cất hết những tờ giấy cũ vào hộp và chuẩn bị giấy mới.

4. Niêm phong bản ghi cũ

Trước khi đưa những tờ giấy - bản ghi cũ vào hộp, chúng ta cần phải khóa nó với một chìa khóa duy nhất mà tất cả mọi người trong mạng đều đồng ý rằng chìa khóa đó là an toàn. Bằng cách niêm phong nó, chúng ta sẽ đảm bảo rằng không ai có thể thay đổi nội dung của các bản ghi. Một khi trong hộp, nó sẽ luôn luôn ở trong hộp và được niêm phong. Nếu mọi người tin tưởng vào chìa khóa đồng nghĩa với việc mọi người tin tưởng vào nội dung của của các bản ghi được cất trong hộp. Chìa khóa - con dấu ở đây chính là mấu chốt của vấn đề.
Việc niêm phong bản ghi ở trên còn được gọi là 'đào', tuy nhiên ở bài viết này, chúng ta sẽ vẫn gọi là hành động 'niêm phong' hay 'khóa'.
Như vậy, thay vì tin tưởng vào người trung gian để thực hiện giao dịch, bây giờ chúng ta sẽ tin tưởng vào chìa khóa - hay con dấu khi thực hiện giao dịch.

Vấn đề niêm phong các bản ghi

Trước khi chúng ta tìm hiểu làm thế nào chúng ta có thể niêm phong các bản ghi, chúng ta sẽ tìm hiểu cách thức hoạt động của con dấu nói chung.

Chiếc hộp kỳ diệu

Hãy tưởng tượng một chiếc hộp vô cùng bí ẩn. Nếu bạn gửi vào bên trái hộp một vật, nó sẽ đẩy ra bên phải một vật khác.
Bạn có thể biết về 'Hash Function' hay 'hàm băm' hay 'hàm mã hóa' hoặc đại loại thế, tuy nhiên chúng ta sẽ vẫn dùng 'chiếc hộp kỳ diệu' cho dễ hiểu.
Giả sử, chúng ta gửi vào hộp 1 cái xúc xích, con lợn sẽ chạy ra ở bên phải hộp. Làm thế nào để cái xúc xích thành con lợn, chẳng ai biết cả.
Lời người viết (3): Ở bài gốc trên hackernoon dùng các chữ số đầu vào và chữ cái đầu ra, mình không thích thế lắm nên dùng các đồ vật và con vật cho dễ hiểu, sau khi đã có cái nhìn cơ bản, mình sẽ chuyển về với chữ và số giống như trên hackernoon.
Thêm nữa, việc đoán cái gì được đưa vào trong hộp phải là không thể, chúng ta khi thấy con voi chạy ra thì không thể đoán cái gì đã được nhét vào hộp, nhưng cứ khi nào nhét cái xúc xích vào, sẽ vẫn là con lợn chạy ra.
Thử nhét vào cái bút.
Chúng ta có con gà chạy ra.
Bây giờ, chúng ta có một câu hỏi như sau:
Liệu có thể đoán được phải nhét cái gì vào bên trái để có 1 con vật 4 chân chạy ra từ bên phải hộp.
Vấn đề là, chúng ta không thể đoán được khi nhét cái gì vào thì con gì sẽ chạy ra. Cách duy nhất để tìm trả lời được đó là thử tất cả mọi thứ trên đời cho đến khi có một con vật 4 chân chạy ra: chả giò, nem chua, đồng hồ, bút, thước, ba con sói ...
Cứ giả sử, nếu may mắn, sau khi nhét hàng núi đồ vào, con chuột chạy ra và 1 đáp án của chúng ta là cái usb.
Rất khó để tính toán đầu vào cho đầu ra, chúng ta tạm coi việc đó là không thể. Tuy nhiên, rất dễ dàng để xác minh nếu đầu vào cho đầu ra đúng yêu cầu. Bạn nghĩ câu trả lời là gì nếu ta ném cái usb vào? Một con vật 4 chân có chạy ra không? Xác minh rất dễ, chỉ cần ném thử cái usb vào và đếm số chân của con chuột chạy ra.
Thuộc tính quan trọng của chiếc hộp kỳ diệu:
"Cho một đầu ra, rất khó để đoán đầu vào, nhưng rất dễ để xác minh đầu vào có cho ra chính xác thứ ta mong đợi ở đầu ra không"

Sử dụng chiếc hộp kỳ diệu

Bây giờ quay lại vấn đề các bản ghi, các bản ghi thì là chữ và số vì vậy ta tạm rời xa các con vật vậy, hộp kỳ diệu bây giờ sẽ làm việc với những con số.
Hãy tưởng tượng chúng ta có hai hộp chứa bản ghi. Hộp đầu tiên chứa số 20893. Yêu cầu bây giờ là: "Tìm một con số khi kết hợp số trong hộp đầu tiên và cho vào chiếc hộp kỳ diệu sẽ cho chúng ta một dãy bắt đầu bằng ba chữ số 0?"
Bạn còn nhớ cách chúng ta tìm ra chiếc usb? Phải vậy, chúng ta sẽ thử lần lượt từng số cho đến khi tìm được đầu ra đúng yêu cầu. Sau vài nghìn lần thử, có thể hàng vạn hoặc hơn, chúng ta gặp một số, giả sử 21191 đi, mà khi thêm vào 20893 (21191 + 20893 = 42084) và cho vào hộp kỹ diệu thì đầu ra sẽ cho chúng ta một dãy thỏa mãn.
Trong trường hợp này, con số 21191 trở thành con dấu cho số 20893. Giả sử có một trang có số 20893 viết trên đó. Để đóng dấu trang đó (nghĩa là không ai có thể thay đổi nội dung của nó), chúng ta sẽ đặt một khóa có số niêm phong '21191' và khóa nó lại. Việc niêm phong được hoàn thành.
Số niêm phong được gọi là 'Proof Of Work', con số này là bằng chứng cho thấy các nỗ lực đã được tính toán.
Nếu ai đó muốn xác minh xem bản ghi đã bị thay đổi hay không, tất cả những gì người đó phải làm là thêm nội dung của bản ghi với số niêm phong và nhét vào hộp kỳ diệu. Nếu chiếc hộp đưa ra một dãy với bắt đầu với ba chữ số 0 thì tức là nội dung không bị ảnh hưởng. Nếu dãy xuất hiện không đáp ứng được yêu cầu, chúng ta có thể hủy bỏ bản ghi vì nội dung của nó đã bị xâm nhập và không còn hiệu lực.
Chúng ta sẽ sử dụng cơ chế niêm phong tương tự để đóng dấu tất cả các bản ghi và sắp xếp chúng trong các hộp chứa tương ứng.
Ghi chú: Thực ra việc sử dụng "một dãy với bắt đầu với ba chữ số 0" hoàn toàn là để đơn giản hóa vấn đề, trên thực tế mọi thứ phực tạp hơn nhiều lần.
Bây giờ, giả sử ai đó muốn thay đổi nội dung của trang, số niêm phong sẽ cho phép chúng ta biết liệu trang đó có bị thay đổi hay chưa.
Chúng ta sẽ quay lại thời điểm mọi người bắt đầu cất bản ghi vào hộp lưu trữ, khi mà tờ giấy đã ghi đủ 10 giao dịch.
Khi mọi người đều hết giấy, họ sẽ bắt đầu việc đóng dấu bằng cách tính toán con số niêm phong, người đầu tiên tìm được con số này sẽ thông báo cho tất cả mọi người.
Ngay lập tức khi nghe thấy ai đó đọc số niêm phong, mọi người sẽ dừng việc tính toán lại và kiểm tra số niêm phong nghe được, nếu số này hợp lệ, tất cả mọi người sẽ niêm phong tài liệu lại bằng số này.
Vậy điều gì sảy ra nếu ai đó nói ra con số đầu tiên nhưng con số này không hợp lệ? Trường hợp như vậy xảy ra rất thường xuyên với những lý do có thể là:
  • Người đó nghe sai một giao dịch
  • Người đó ghi sai một giao dịch
  • Người đó cố ý làm sai lệch giao dịch
Dù lý do gì đi nữa, để tiếp tục thì người đó chỉ có một cách duy nhất đó là copy lại giấy của người khác. Nếu anh ta không đưa trang của anh vào hộp đựng tài liệu, anh ta không thể tiếp tục viết thêm các giao dịch nữa.
Bất kể con số niêm phong là gì, khi được đa số đồng ý, sẽ trở thành con số niêm phong hợp lệ.
Vậy tại sao tất cả mọi người lại bỏ công sức để tính toán khi họ biết ai đó sẽ tính toán và thông báo cho họ? Tại sao không ngồi im và đợi kết quả của người khác?
Câu trả lời đó là tiền thưởng. Tất cả mọi người là thành viên của nhóm đều đủ điều kiện nhận phần thưởng. Người đầu tiên tính số niêm phong được khen thưởng bằng tiền cho những nỗ lực của anh ta.
Đó là cách bitcoin ra đời và hoạt động như là đơn vị tiền tệ đầu tiên được giao dịch trên blockchain.
Để giữ cho mọi người làm việc, mọi người sẽ được trao thưởng bitcoin.
Coi một trang giấy để ghi giao dịch làm một khối (Block), hộp đựng tài liệu như một danh sách các bản ghi (Chain), chúng ta sẽ có một "BlockChain"
Chưa hết, chúng ta có một vấn đề cần phải giải quyết.
Bây giờ giả sử một ai đó muốn gian lận và quay lại thay đổi thông tin một giao dịch nào đó đã được cất trong hộp, dĩ nhiên con số niêm phong sẽ tố cáo việc bản ghi đã bị thay đổi, nhưng nếu anh ta tính toán lại cả con số niêm phong?
Để tránh việc con số niêm phong bị tính toán lại, thay vì chỉ đưa vào hộp kỳ diệu 2 thông số là mã giao dịch và con số niêm phong hợp lệ, bây giờ ta sẽ yêu cầu phải thêm một thông số nữa vào hộp kỳ diệu, đó là dãy đầu ra được tính toán của giao dịch trước đó.
Với thủ thuật này, chúng ta đảm bảo rằng mọi trang đều bị phụ thuộc vào trang trước của nó. Do đó, nếu ai đó muốn sửa đổi một trang thì cũng phải thay đổi nội dung và con số niêm phong của tất cả các trang sau đó để giữ cho toàn bộ chuỗi là hợp lệ.
Nếu một trong mười người cố lừa dối và sửa đổi nội dung của blockchain (thư mục chứa các trang có danh sách giao dịch), anh ta sẽ phải điều chỉnh rất nhiều trang và tương ứng với việc phải tính toán số niêm phong mới số cho tất cả các trang sau đó, anh ta có thể tạo ra một chuỗi giao dịch khác với mọi người. Tuy nhiên độ khó của việc tìm kiếm số niêm phong khiến cho chuỗi của anh ta sẽ không bao giờ đuổi kịp chuỗi của 9 người còn lại.
Như vậy, chúng ta có thể kết luận:
Chuỗi dài nhất là chuỗi hợp lệ
Vậy, điều gì xảy ra nếu thay vì một người có ý định xấu, có tới 6 người có ý định xấu?
Đây là một điểm yếu và là một lỗ hổng về mặt cấu trúc của bitcoin và blockchain. Khi mà phần lớn các cá nhân trong mạng quyết định không trung thực và ăn gian phần giao dịch còn lại của mạng, toàn bộ giao thức sẽ đổ vỡ.
Về cơ bản, mô hình bitcoin được xây dựng trên giả định rằng đa số đám đông luôn luôn là trung thực. Trong trường hợp một cuộc tấn công như thế diễn ra thành công, chắc chắn sự tin tưởng vào đồng tiền sẽ bị mất và giá trị của một đồng tiền sẽ giảm nhanh chóng.

51% attack - tấn công 51%

Làm thế nào để những người có ý định xấu có toàn quyền kiểm soát mạng?
Không hẳn toàn bộ. 51% mạng là đủ.
Như một hệ quả của mô hình tin tưởng đám đông đã trình bày ở các phần trước đó. Khi một nhóm người nắm được 51% mạng lưới, họ có thể ngăn các giao dịch mà họ chọn không xác nhận, làm cho chúng không hợp lệ, ngăn cản mọi người gửi bitcoin giữa các địa chỉ. Họ cũng có thể đảo ngược các giao dịch mà họ gửi trong thời gian họ kiểm soát được và họ có thể ngăn không cho các thợ mỏ khác tìm thấy bất kỳ khối bitcoin nào trong một khoảng thời gian.
Tuy nhiên họ vẫn không thể đảo ngược được những giao dịch từ đầu hay tạo ra những đồng tiền mới hoặc ăn cắp tiền từ ví của người khác. Dẫu vậy, việc này có thể gây ra một sự hoảng loạn trên thị trường và sẽ trực tiếp đe doạ việc sử dụng bitcoin như là một loại tiền tệ trực tuyến.
Một cuộc tấn công 51% là hoàn toàn khả thi, đặc biệt là với sự gia tăng của các mỏ khai thác bitcoin lớn. Ở mức độ khai thác và độ khó hiện tại, một chính phủ có thể dễ dàng tiến hành một cuộc tấn công 51%.
Trên thực tế thì những trường hợp tương tự đã từng xảy ra. đã nắm hơn 50% sức mạnh tính toán của mạng bitcoin vào tháng 7 năm 2014, sau đó họ có cam kết trong một tuyên bố rằng họ sẽ giảm năng suất xuống và sẽ không đạt 40% năng suất của toàn bộ hệ thống trong tương lai.
Krypton và Shift Krypton và Shift, hai blockchain dựa trên nền tảng ethereum, bị tấn công 51% vào tháng 8 năm 2016.

Genesis block

Tất cả các khối trong mạng lưới đều liên kết tới một khối được giao dịch trước đó. Vậy, khối đầu tiên thì liên kết với cái gì và nó được tạo ra như thế nào?
Thực tế thì các khối đầu tiên này thường được tạo bằng tay (hard-code). Trong trường hợp của bitcoin, khối này được gọi là Genesis Block. Genesis Block hầu như luôn luôn được mã hóa cứng trong các phần mềm. Đây là một khối đặc biệt vì nó không liên kết đến một khối trước nó.
Khối Genesis chứa một thông điệp ẩn trong giao dịch coinbase - nó nói rằng ""The Times 03/Jan/2009 Chancellor on brink of second bailout for banks." Đây rõ ràng là một thông điệp từ Satoshi Nakomoto với dụng ý chỉ ra những vấn đề với chính sách cứu trợ của chính phủ hiện nay đối với ngân hàng quá lớn cũng như vấn đề nguy hiểm về đạo đức.
Về cơ bản nó sẽ giống như sau:
00000000 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00000020 00 00 00 00 3B A3 ED FD 7A 7B 12 B2 7A C7 2C 3E ....;£íýz{.²zÇ,> 00000030 67 76 8F 61 7F C8 1B C3 88 8A 51 32 3A 9F B8 AA gv.a.È.ÈŠQ2:Ÿ¸ª 00000040 4B 1E 5E 4A 29 AB 5F 49 FF FF 00 1D 1D AC 2B 7C K.^J)«_Iÿÿ...¬+| 00000050 01 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 ................ 00000060 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00000070 00 00 00 00 00 00 FF FF FF FF 4D 04 FF FF 00 1D ......ÿÿÿÿM.ÿÿ.. 00000080 01 04 45 54 68 65 20 54 69 6D 65 73 20 30 33 2F ..EThe Times 03/ 00000090 4A 61 6E 2F 32 30 30 39 20 43 68 61 6E 63 65 6C Jan/2009 Chancel 000000A0 6C 6F 72 20 6F 6E 20 62 72 69 6E 6B 20 6F 66 20 lor on brink of 000000B0 73 65 63 6F 6E 64 20 62 61 69 6C 6F 75 74 20 66 second bailout f 000000C0 6F 72 20 62 61 6E 6B 73 FF FF FF FF 01 00 F2 05 or banksÿÿÿÿ..ò. 000000D0 2A 01 00 00 00 43 41 04 67 8A FD B0 FE 55 48 27 *....CA.gŠý°þUH' 000000E0 19 67 F1 A6 71 30 B7 10 5C D6 A8 28 E0 39 09 A6 .gñ¦q0·.\Ö¨(à9.¦ 000000F0 79 62 E0 EA 1F 61 DE B6 49 F6 BC 3F 4C EF 38 C4 ybàê.aÞ¶Iö¼?Lï8Ä 00000100 F3 55 04 E5 1E C1 12 DE 5C 38 4D F7 BA 0B 8D 57 óU.å.Á.Þ\8M÷º..W 00000110 8A 4C 70 2B 6B F1 1D 5F AC 00 00 00 00 ŠLp+kñ._¬.... 
Còn trong phiên bản ban đầu của bitcoin, nó được miêu tả như sau:
GetHash() = 0x000000000019d6689c085ae165831e934ff763ae46a2a6c172b3f1b60a8ce26f hashMerkleRoot = 0x4a5e1e4baab89f3a32518a88c31bc87f618f76673e2cc77ab2127b7afdeda33b[0].scriptSig = 486604799 4 0x736B6E616220726F662074756F6C69616220646E6F63657320666F206B6E697262206E6F20726F6C6C65636E61684320393030322F6E614A2F33302073656D695420656854 txNew.vout[0].nValue = 5000000000 txNew.vout[0].scriptPubKey = 0x5F1DF16B2B704C8A578D0BBAF74D385CDE12C11EE50455F3C438EF4C3FBCF649B6DE611FEAE06279A60939E028A8D65C10B73071A6F16719274855FEB0FD8A6704 OP_CHECKSIG block.nVersion = 1 block.nTime = 1231006505 block.nBits = 0x1d00ffff block.nNonce = 2083236893 CBlock(hash=000000000019d6, ver=1, hashPrevBlock=00000000000000, hashMerkleRoot=4a5e1e, nTime=1231006505, nBits=1d00ffff, nNonce=2083236893, vtx=1) CTransaction(hash=4a5e1e, ver=1, vin.size=1, vout.size=1, nLockTime=0) CTxIn(COutPoint(000000, -1), coinbase 04ffff001d0104455468652054696d65732030332f4a616e2f32303039204368616e63656c6c6f72206f6e206272696e6b206f66207365636f6e64206261696c6f757420666f722062616e6b73) CTxOut(nValue=50.00000000, scriptPubKey=0x5F1DF16B2B704C8A578D0B) vMerkleTree: 4a5e1e 

Tài Liệu Tham khảo:

Header cover: Forexnewsnow
tags: blockchain, bitcoin
submitted by shibob89 to u/shibob89 [link] [comments]

Bitcoin Mining Explained in Detail: Nonce, Merkle Root, SPV,...  Part 15 Cryptography Crashcourse Nonce – Definition, Meaning, Review, Description, Example, Proof-Of-Work Bitcoin BITCOIN IS FALLING!!!! THE BREAKOUT CAME TODAY! $8,500 ... What Bitcoin Miners Actually Do What is a Bitcoin nonce? - YouTube

Nonce è un numero che può essere utilizzato solo una volta nella crittografia è un codice una tantum, vibrant overcome o pseudorandom modo, che viene utilizzato per biopsia il principale per fare la trasmissione, impedendo di prendere il potere della riproduzione.. Nel processo minerario di Bitcoin, l'obiettivo è quello di trovare un hash al di sotto di un numero di obiettivo che è ... In Bitcoin's mining process, the goal is to find a hash below a target number which is calculated based on the difficulty. Proof-of-work in Bitcoin's mining takes an input consists of Merkle Root, timestamp, previous block hash and few other things plus a nonce which is completely random number. If the output results in hash is smaller than the target hash you win the block and the consensus ... Golden Nonce Pool is a mining pool that allows mining bitcoins (BTC) and offers DGM payouts. It has been running since 27 March 2018. It has been running since 27 March 2018. One server located in the US and one opening soon in the EU. The "nonce" in a bitcoin block is a 32-bit (4-byte) field whose value is adjusted by miners so that the hash of the block will be less than or equal to the current target of the network. The rest of the fields may not be changed, as they have a defined meaning. Any change to the block data (such as the nonce) will make the block hash completely different. Since it is believed infeasible to ... Nonce («number that can only be used once») ist ein Einmal-Code, eine dynamische Überwindung oder Pseudozufallsart. Es wird verwendet, um die Übertragung hauptsächlich zu biopsieren, um die Macht der Reproduktion zu nehmen. Im Bitcoin-Mining-Prozess besteht das Ziel darin, unter einer Zielnummer einen Hashwert zu finden, der anhand der Schwierigkeit berechnet wird. Proof-of-Work in ...

[index] [29872] [5438] [21857] [21926] [14197] [2664] [8578] [21915] [29778] [5113]

Bitcoin Mining Explained in Detail: Nonce, Merkle Root, SPV,... Part 15 Cryptography Crashcourse

If you’re interested in the crypto world, and can’t pull the headphones out of your ears, welcome to the BitcoinWiki channel! Here you'll find voiced article... Bybit $60 Bonus: Bybit Tutorial: Bitcoin Technical Analysis & Bitc... Bitcoin has bounced strongly off the 200 SMA, but is bitcoin's bounce the start of the "wildcard" scenario? We look at the charts. #Bitcoin #BTCUSD #AlessioR... Bitcoin nonce example: The "nonce" in a bitcoin block is a 32-bit (4-byte) field whose value is set so that the hash of the block will contain a run of leading zeros. The rest of the fields may ... What is the nonce that Miners adjust in their blocks, and what's its relationship to the Block itself? Why do we need nonces in Bitcoin, and where did this s...