Solving Quantum Cryptography : Bitcoin – New ICO Telegraph

Technical: Taproot: Why Activate?

This is a follow-up on https://old.reddit.com/Bitcoin/comments/hqzp14/technical_the_path_to_taproot_activation/
Taproot! Everybody wants it!! But... you might ask yourself: sure, everybody else wants it, but why would I, sovereign Bitcoin HODLer, want it? Surely I can be better than everybody else because I swapped XXX fiat for Bitcoin unlike all those nocoiners?
And it is important for you to know the reasons why you, o sovereign Bitcoiner, would want Taproot activated. After all, your nodes (or the nodes your wallets use, which if you are SPV, you hopefully can pester to your wallet vendoimplementor about) need to be upgraded in order for Taproot activation to actually succeed instead of becoming a hot sticky mess.
First, let's consider some principles of Bitcoin.
I'm sure most of us here would agree that the above are very important principles of Bitcoin and that these are principles we would not be willing to remove. If anything, we would want those principles strengthened (especially the last one, financial privacy, which current Bitcoin is only sporadically strong with: you can get privacy, it just requires effort to do so).
So, how does Taproot affect those principles?

Taproot and Your /Coins

Most HODLers probably HODL their coins in singlesig addresses. Sadly, switching to Taproot would do very little for you (it gives a mild discount at spend time, at the cost of a mild increase in fee at receive time (paid by whoever sends to you, so if it's a self-send from a P2PKH or bech32 address, you pay for this); mostly a wash).
(technical details: a Taproot output is 1 version byte + 32 byte public key, while a P2WPKH (bech32 singlesig) output is 1 version byte + 20 byte public key hash, so the Taproot output spends 12 bytes more; spending from a P2WPKH requires revealing a 32-byte public key later, which is not needed with Taproot, and Taproot signatures are about 9 bytes smaller than P2WPKH signatures, but the 32 bytes plus 9 bytes is divided by 4 because of the witness discount, so it saves about 11 bytes; mostly a wash, it increases blockweight by about 1 virtual byte, 4 weight for each Taproot-output-input, compared to P2WPKH-output-input).
However, as your HODLings grow in value, you might start wondering if multisignature k-of-n setups might be better for the security of your savings. And it is in multisignature that Taproot starts to give benefits!
Taproot switches to using Schnorr signing scheme. Schnorr makes key aggregation -- constructing a single public key from multiple public keys -- almost as trivial as adding numbers together. "Almost" because it involves some fairly advanced math instead of simple boring number adding, but hey when was the last time you added up your grocery list prices by hand huh?
With current P2SH and P2WSH multisignature schemes, if you have a 2-of-3 setup, then to spend, you need to provide two different signatures from two different public keys. With Taproot, you can create, using special moon math, a single public key that represents your 2-of-3 setup. Then you just put two of your devices together, have them communicate to each other (this can be done airgapped, in theory, by sending QR codes: the software to do this is not even being built yet, but that's because Taproot hasn't activated yet!), and they will make a single signature to authorize any spend from your 2-of-3 address. That's 73 witness bytes -- 18.25 virtual bytes -- of signatures you save!
And if you decide that your current setup with 1-of-1 P2PKH / P2WPKH addresses is just fine as-is: well, that's the whole point of a softfork: backwards-compatibility; you can receive from Taproot users just fine, and once your wallet is updated for Taproot-sending support, you can send to Taproot users just fine as well!
(P2WPKH and P2WSH -- SegWit v0 -- addresses start with bc1q; Taproot -- SegWit v1 --- addresses start with bc1p, in case you wanted to know the difference; in bech32 q is 0, p is 1)
Now how about HODLers who keep all, or some, of their coins on custodial services? Well, any custodial service worth its salt would be doing at least 2-of-3, or probably something even bigger, like 11-of-15. So your custodial service, if it switched to using Taproot internally, could save a lot more (imagine an 11-of-15 getting reduced from 11 signatures to just 1!), which --- we can only hope! --- should translate to lower fees and better customer service from your custodial service!
So I think we can say, very accurately, that the Bitcoin principle --- that YOU are in control of your money --- can only be helped by Taproot (if you are doing multisignature), and, because P2PKH and P2WPKH remain validly-usable addresses in a Taproot future, will not be harmed by Taproot. Its benefit to this principle might be small (it mostly only benefits multisignature users) but since it has no drawbacks with this (i.e. singlesig users can continue to use P2WPKH and P2PKH still) this is still a nice, tidy win!
(even singlesig users get a minor benefit, in that multisig users will now reduce their blockchain space footprint, so that fees can be kept low for everybody; so for example even if you have your single set of private keys engraved on titanium plates sealed in an airtight box stored in a safe buried in a desert protected by angry nomads riding giant sandworms because you're the frickin' Kwisatz Haderach, you still gain some benefit from Taproot)
And here's the important part: if P2PKH/P2WPKH is working perfectly fine with you and you decide to never use Taproot yourself, Taproot will not affect you detrimentally. First do no harm!

Taproot and Your Contracts

No one is an island, no one lives alone. Give and you shall receive. You know: by trading with other people, you can gain expertise in some obscure little necessity of the world (and greatly increase your productivity in that little field), and then trade the products of your expertise for necessities other people have created, all of you thereby gaining gains from trade.
So, contracts, which are basically enforceable agreements that facilitate trading with people who you do not personally know and therefore might not trust.
Let's start with a simple example. You want to buy some gewgaws from somebody. But you don't know them personally. The seller wants the money, you want their gewgaws, but because of the lack of trust (you don't know them!! what if they're scammers??) neither of you can benefit from gains from trade.
However, suppose both of you know of some entity that both of you trust. That entity can act as a trusted escrow. The entity provides you security: this enables the trade, allowing both of you to get gains from trade.
In Bitcoin-land, this can be implemented as a 2-of-3 multisignature. The three signatories in the multisgnature would be you, the gewgaw seller, and the escrow. You put the payment for the gewgaws into this 2-of-3 multisignature address.
Now, suppose it turns out neither of you are scammers (whaaaat!). You receive the gewgaws just fine and you're willing to pay up for them. Then you and the gewgaw seller just sign a transaction --- you and the gewgaw seller are 2, sufficient to trigger the 2-of-3 --- that spends from the 2-of-3 address to a singlesig the gewgaw seller wants (or whatever address the gewgaw seller wants).
But suppose some problem arises. The seller gave you gawgews instead of gewgaws. Or you decided to keep the gewgaws but not sign the transaction to release the funds to the seller. In either case, the escrow is notified, and if it can sign with you to refund the funds back to you (if the seller was a scammer) or it can sign with the seller to forward the funds to the seller (if you were a scammer).
Taproot helps with this: like mentioned above, it allows multisignature setups to produce only one signature, reducing blockchain space usage, and thus making contracts --- which require multiple people, by definition, you don't make contracts with yourself --- is made cheaper (which we hope enables more of these setups to happen for more gains from trade for everyone, also, moon and lambos).
(technology-wise, it's easier to make an n-of-n than a k-of-n, making a k-of-n would require a complex setup involving a long ritual with many communication rounds between the n participants, but an n-of-n can be done trivially with some moon math. You can, however, make what is effectively a 2-of-3 by using a three-branch SCRIPT: either 2-of-2 of you and seller, OR 2-of-2 of you and escrow, OR 2-of-2 of escrow and seller. Fortunately, Taproot adds a facility to embed a SCRIPT inside a public key, so you can have a 2-of-2 Taprooted address (between you and seller) with a SCRIPT branch that can instead be spent with 2-of-2 (you + escrow) OR 2-of-2 (seller + escrow), which implements the three-branched SCRIPT above. If neither of you are scammers (hopefully the common case) then you both sign using your keys and never have to contact the escrow, since you are just using the escrow public key without coordinating with them (because n-of-n is trivial but k-of-n requires setup with communication rounds), so in the "best case" where both of you are honest traders, you also get a privacy boost, in that the escrow never learns you have been trading on gewgaws, I mean ewww, gawgews are much better than gewgaws and therefore I now judge you for being a gewgaw enthusiast, you filthy gewgawer).

Taproot and Your Contracts, Part 2: Cryptographic Boogaloo

Now suppose you want to buy some data instead of things. For example, maybe you have some closed-source software in trial mode installed, and want to pay the developer for the full version. You want to pay for an activation code.
This can be done, today, by using an HTLC. The developer tells you the hash of the activation code. You pay to an HTLC, paying out to the developer if it reveals the preimage (the activation code), or refunding the money back to you after a pre-agreed timeout. If the developer claims the funds, it has to reveal the preimage, which is the activation code, and you can now activate your software. If the developer does not claim the funds by the timeout, you get refunded.
And you can do that, with HTLCs, today.
Of course, HTLCs do have problems:
Fortunately, with Schnorr (which is enabled by Taproot), we can now use the Scriptless Script constuction by Andrew Poelstra. This Scriptless Script allows a new construction, the PTLC or Pointlocked Timelocked Contract. Instead of hashes and preimages, just replace "hash" with "point" and "preimage" with "scalar".
Or as you might know them: "point" is really "public key" and "scalar" is really a "private key". What a PTLC does is that, given a particular public key, the pointlocked branch can be spent only if the spender reveals the private key of the given public key to you.
Another nice thing with PTLCs is that they are deniable. What appears onchain is just a single 2-of-2 signature between you and the developemanufacturer. It's like a magic trick. This signature has no special watermarks, it's a perfectly normal signature (the pledge). However, from this signature, plus some datta given to you by the developemanufacturer (known as the adaptor signature) you can derive the private key of a particular public key you both agree on (the turn). Anyone scraping the blockchain will just see signatures that look just like every other signature, and as long as nobody manages to hack you and get a copy of the adaptor signature or the private key, they cannot get the private key behind the public key (point) that the pointlocked branch needs (the prestige).
(Just to be clear, the public key you are getting the private key from, is distinct from the public key that the developemanufacturer will use for its funds. The activation key is different from the developer's onchain Bitcoin key, and it is the activation key whose private key you will be learning, not the developer's/manufacturer's onchain Bitcoin key).
So:
Taproot lets PTLCs exist onchain because they enable Schnorr, which is a requirement of PTLCs / Scriptless Script.
(technology-wise, take note that Scriptless Script works only for the "pointlocked" branch of the contract; you need normal Script, or a pre-signed nLockTimed transaction, for the "timelocked" branch. Since Taproot can embed a script, you can have the Taproot pubkey be a 2-of-2 to implement the Scriptless Script "pointlocked" branch, then have a hidden script that lets you recover the funds with an OP_CHECKLOCKTIMEVERIFY after the timeout if the seller does not claim the funds.)

Quantum Quibbles!

Now if you were really paying attention, you might have noticed this parenthetical:
(technical details: a Taproot output is 1 version byte + 32 byte public key, while a P2WPKH (bech32 singlesig) output is 1 version byte + 20 byte public key hash...)
So wait, Taproot uses raw 32-byte public keys, and not public key hashes? Isn't that more quantum-vulnerable??
Well, in theory yes. In practice, they probably are not.
It's not that hashes can be broken by quantum computes --- they're still not. Instead, you have to look at how you spend from a P2WPKH/P2PKH pay-to-public-key-hash.
When you spend from a P2PKH / P2WPKH, you have to reveal the public key. Then Bitcoin hashes it and checks if this matches with the public-key-hash, and only then actually validates the signature for that public key.
So an unconfirmed transaction, floating in the mempools of nodes globally, will show, in plain sight for everyone to see, your public key.
(public keys should be public, that's why they're called public keys, LOL)
And if quantum computers are fast enough to be of concern, then they are probably fast enough that, in the several minutes to several hours from broadcast to confirmation, they have already cracked the public key that is openly broadcast with your transaction. The owner of the quantum computer can now replace your unconfirmed transaction with one that pays the funds to itself. Even if you did not opt-in RBF, miners are still incentivized to support RBF on RBF-disabled transactions.
So the extra hash is not as significant a protection against quantum computers as you might think. Instead, the extra hash-and-compare needed is just extra validation effort.
Further, if you have ever, in the past, spent from the address, then there exists already a transaction indelibly stored on the blockchain, openly displaying the public key from which quantum computers can derive the private key. So those are still vulnerable to quantum computers.
For the most part, the cryptographers behind Taproot (and Bitcoin Core) are of the opinion that quantum computers capable of cracking Bitcoin pubkeys are unlikely to appear within a decade or two.
So:
For now, the homomorphic and linear properties of elliptic curve cryptography provide a lot of benefits --- particularly the linearity property is what enables Scriptless Script and simple multisignature (i.e. multisignatures that are just 1 signature onchain). So it might be a good idea to take advantage of them now while we are still fairly safe against quantum computers. It seems likely that quantum-safe signature schemes are nonlinear (thus losing these advantages).

Summary

I Wanna Be The Taprooter!

So, do you want to help activate Taproot? Here's what you, mister sovereign Bitcoin HODLer, can do!

But I Hate Taproot!!

That's fine!

Discussions About Taproot Activation

submitted by almkglor to Bitcoin [link] [comments]

Zano Newcomers Introduction/FAQ - please read!

Welcome to the Zano Sticky Introduction/FAQ!

https://preview.redd.it/al1gy9t9v9q51.png?width=424&format=png&auto=webp&s=b29a60402d30576a4fd95f592b392fae202026ca
Hopefully any questions you have will be answered by the resources below, but if you have additional questions feel free to ask them in the comments. If you're quite technically-minded, the Zano whitepaper gives a thorough overview of Zano's design and its main features.
So, what is Zano? In brief, Zano is a project started by the original developers of CryptoNote. Coins with market caps totalling well over a billion dollars (Monero, Haven, Loki and countless others) run upon the codebase they created. Zano is a continuation of their efforts to create the "perfect money", and brings a wealth of enhancements to their original CryptoNote code.
Development happens at a lightning pace, as the Github activity shows, but Zano is still very much a work-in-progress. Let's cut right to it:
Here's why you should pay attention to Zano over the next 12-18 months. Quoting from a recent update:
Anton Sokolov has recently joined the Zano team. ... For the last months Anton has been working on theoretical work dedicated to log-size ring signatures. These signatures theoretically allows for a logarithmic relationship between the number of decoys and the size/performance of transactions. This means that we can set mixins at a level from up to 1000, keeping the reasonable size and processing speed of transactions. This will take Zano’s privacy to a whole new level, and we believe this technology will turn out to be groundbreaking!
If successful, this scheme will make Zano the most private, powerful and performant CryptoNote implementation on the planet. Bar none. A quantum leap in privacy with a minimal increase in resource usage. And if there's one team capable of pulling it off, it's this one.

What else makes Zano special?

You mean aside from having "the Godfather of CryptoNote" as the project lead? ;) Actually, the calibre of the developers/researchers at Zano probably is the project's single greatest strength. Drawing on years of experience, they've made careful design choices, optimizing performance with an asynchronous core architecture, and flexibility and extensibility with a modular code structure. This means that the developers are able to build and iterate fast, refining features and adding new ones at a rate that makes bigger and better-funded teams look sluggish at best.
Zano also has some unique features that set it apart from similar projects:
Privacy Firstly, if you're familiar with CryptoNote you won't be surprised that Zano transactions are private. The perfect money is fungible, and therefore must be untraceable. Bitcoin, for the most part, does little to hide your transaction data from unscrupulous observers. With Zano, privacy is the default.
The untraceability and unlinkability of Zano transactions come from its use of ring signatures and stealth addresses. What this means is that no outside observer is able to tell if two transactions were sent to the same address, and for each transaction there is a set of possible senders that make it impossible to determine who the real sender is.
Hybrid PoW-PoS consensus mechanism Zano achieves an optimal level of security by utilizing both Proof of Work and Proof of Stake for consensus. By combining the two systems, it mitigates their individual vulnerabilities (see 51% attack and "nothing at stake" problem). For an attack on Zano to have even a remote chance of success the attacker would have to obtain not only a majority of hashing power, but also a majority of the coins involved in staking. The system and its design considerations are discussed at length in the whitepaper.
Aliases Here's a stealth address: ZxDdULdxC7NRFYhCGdxkcTZoEGQoqvbZqcDHj5a7Gad8Y8wZKAGZZmVCUf9AvSPNMK68L8r8JfAfxP4z1GcFQVCS2Jb9wVzoe. I have a hard enough time remembering my phone number. Fortunately, Zano has an alias system that lets you register an address to a human-readable name. (@orsonj if you want to anonymously buy me a coffee)
Multisig
Multisignature (multisig) refers to requiring multiple keys to authorize a Zano transaction. It has a number of applications, such as dividing up responsibility for a single Zano wallet among multiple parties, or creating backups where loss of a single seed doesn't lead to loss of the wallet.
Multisig and escrow are key components of the planned Decentralized Marketplace (see below), so consideration was given to each of them from the design stages. Thus Zano's multisig, rather than being tagged on at the wallet-level as an afterthought, is part of its its core architecture being incorporated at the protocol level. This base-layer integration means months won't be spent in the future on complicated refactoring efforts in order to integrate multisig into a codebase that wasn't designed for it. Plus, it makes it far easier for third-party developers to include multisig (implemented correctly) in any Zano wallets and applications they create in the future.
(Double Deposit MAD) Escrow
With Zano's escrow service you can create fully customizable p2p contracts that are designed to, once signed by participants, enforce adherence to their conditions in such a way that no trusted third-party escrow agent is required.
https://preview.redd.it/jp4oghyhv9q51.png?width=1762&format=png&auto=webp&s=12a1e76f76f902ed328886283050e416db3838a5
The Particl project, aside from a couple of minor differences, uses an escrow scheme that works the same way, so I've borrowed the term they coined ("Double Deposit MAD Escrow") as I think it describes the scheme perfectly. The system requires participants to make additional deposits, which they will forfeit if there is any attempt to act in a way that breaches the terms of the contract. Full details can be found in the Escrow section of the whitepaper.
The usefulness of multisig and the escrow system may not seem obvious at first, but as mentioned before they'll form the backbone of Zano's Decentralized Marketplace service (described in the next section).

What does the future hold for Zano?

The planned upgrade to Zano's privacy, mentioned at the start, is obviously one of the most exciting things the team is working on, but it's not the only thing.
Zano Roadmap
Decentralized Marketplace
From the beginning, the Zano team's goal has been to create the perfect money. And money can't just be some vehicle for speculative investment, money must be used. To that end, the team have created a set of tools to make it as simple as possible for Zano to be integrated into eCommerce platforms. Zano's API’s and plugins are easy to use, allowing even those with very little coding experience to use them in their E-commerce-related ventures. The culmination of this effort will be a full Decentralized Anonymous Marketplace built on top of the Zano blockchain. Rather than being accessed via the wallet, it will act more as a service - Marketplace as a Service (MAAS) - for anyone who wishes to use it. The inclusion of a simple "snippet" of code into a website is all that's needed to become part a global decentralized, trustless and private E-commerce network.
Atomic Swaps
Just as Zano's marketplace will allow you to transact without needing to trust your counterparty, atomic swaps will let you to easily convert between Zano and other cyryptocurrencies without having to trust a third-party service such as a centralized exchange. On top of that, it will also lead to the way to Zano's inclusion in the many decentralized exchange (DEX) services that have emerged in recent years.

Where can I buy Zano?

Zano's currently listed on the following exchanges:
https://coinmarketcap.com/currencies/zano/markets/
It goes without saying, neither I nor the Zano team work for any of the exchanges or can vouch for their reliability. Use at your own risk and never leave coins on a centralized exchange for longer than necessary. Your keys, your coins!
If you have any old graphics cards lying around(both AMD & NVIDIA), then Zano is also mineable through its unique ProgPowZ algorithm. Here's a guide on how to get started.
Once you have some Zano, you can safely store it in one of the desktop or mobile wallets (available for all major platforms).

How can I support Zano?

Zano has no marketing department, which is why this post has been written by some guy and not the "Chief Growth Engineer @ Zano Enterprises". The hard part is already done: there's a team of world class developers and researchers gathered here. But, at least at the current prices, the team's funds are enough to cover the cost of development and little more. So the job of publicizing the project falls to the community. If you have any experience in community building/growth hacking at another cryptocurrency or open source project, or if you're a Zano holder who would like to ensure the project's long-term success by helping to spread the word, then send me a pm. We need to get organized.
Researchers and developers are also very welcome. Working at the cutting edge of mathematics and cryptography means Zano provides challenging and rewarding work for anyone in those fields. Please contact the project's Community Manager u/Jed_T if you're interested in joining the team.
Social Links:
Twitter
Discord Server
Telegram Group
Medium blog
I'll do my best to keep this post accurate and up to date. Message me please with any suggested improvements and leave any questions you have below.
Welcome to the Zano community and the new decentralized private economy!
submitted by OrsonJ to Zano [link] [comments]

Quantum Resistance

Before jumping to conclusions about this post, know that I am not looking to spread any FUD but rather am trying to understand a forthcoming risk and potential solutions from an unbiased standpoint. My research has not yielded any definitive answer so I am turning here to seek direction from those more knowledgable than me.
--
When it comes to predicting quantum computing's ability to break Bitcoin cryptographically, I've seen estimates as small as two years and as large as 25 years. Either way, it is easily conceivable that quantum processors will improve to the point of threatening Bitcoin as a reliable form of currency and store of value.
One way to prevent vulnerability to quantum threats is by storing Bitcoin in an address that has only ever received Bitcoin and never sent it. Although, this is an unrealistic mitigant for an asset/currency that is intended to be bought and sold, for all trust will be lost in the network once quantum computing becomes powerful enough to hack Bitcoin. Nobody will place any value in a currency that can be hacked by sending a transaction.
Another argument I've seen is that once quantum computing is strong enough to hack Bitcoin's cryptography, Bitcoin will be a non-factor compared to the other digital security breakdowns that will have transpired. For example, nuclear codes, bank accounts, digital privacy, etc. However, those centralized networks will have the ability to preemptively update their internal security to the standard required in a quantum computing world. In a similar manner, cryptocurrency and blockchain as a whole will survive such transition via improved cryptography.
But when it comes to Bitcoin specifically, will it be possible to generate consensus among the miners to switch to a quantum resistant protocol? My research has found conflicting perspectives - one side being that in order to upgrade Bitcoin's security, it would require manual movement of coins to a new address by all users, and a burning of the coins that did not move after a "sufficient" amount of time. Burning one's assets would undoubtedly not hold in a court of law. Even if we are still several years away, an unsolvable existential threat on the horizon would be priced into the value of Bitcoin and drive it down to zero.
With that being said, are there any feasible solutions to bring Bitcoin to quantum resistance? How can Bitcoin survive this threat in the long run? What is being done currently to resolve such problem?
submitted by fuegoblue to Bitcoin [link] [comments]

Scaling Reddit Community Points with Arbitrum Rollup: a piece of cake

Scaling Reddit Community Points with Arbitrum Rollup: a piece of cake
https://preview.redd.it/b80c05tnb9e51.jpg?width=2550&format=pjpg&auto=webp&s=850282c1a3962466ed44f73886dae1c8872d0f31
Submitted for consideration to The Great Reddit Scaling Bake-Off
Baked by the pastry chefs at Offchain Labs
Please send questions or comments to [[email protected] ](mailto:[email protected])
1. Overview
We're excited to submit Arbitrum Rollup for consideration to The Great Reddit Scaling Bake-Off. Arbitrum Rollup is the only Ethereum scaling solution that supports arbitrary smart contracts without compromising on Ethereum's security or adding points of centralization. For Reddit, this means that Arbitrum can not only scale the minting and transfer of Community Points, but it can foster a creative ecosystem built around Reddit Community Points enabling points to be used in a wide variety of third party applications. That's right -- you can have your cake and eat it too!
Arbitrum Rollup isn't just Ethereum-style. Its Layer 2 transactions are byte-for-byte identical to Ethereum, which means Ethereum users can continue to use their existing addresses and wallets, and Ethereum developers can continue to use their favorite toolchains and development environments out-of-the-box with Arbitrum. Coupling Arbitrum’s tooling-compatibility with its trustless asset interoperability, Reddit not only can scale but can onboard the entire Ethereum community at no cost by giving them the same experience they already know and love (well, certainly know).
To benchmark how Arbitrum can scale Reddit Community Points, we launched the Reddit contracts on an Arbitrum Rollup chain. Since Arbitrum provides full Solidity support, we didn't have to rewrite the Reddit contracts or try to mimic their functionality using an unfamiliar paradigm. Nope, none of that. We launched the Reddit contracts unmodified on Arbitrum Rollup complete with support for minting and distributing points. Like every Arbitrum Rollup chain, the chain included a bridge interface in which users can transfer Community Points or any other asset between the L1 and L2 chains. Arbitrum Rollup chains also support dynamic contract loading, which would allow third-party developers to launch custom ecosystem apps that integrate with Community Points on the very same chain that runs the Reddit contracts.
1.1 Why Ethereum
Perhaps the most exciting benefit of distributing Community Points using a blockchain is the ability to seamlessly port points to other applications and use them in a wide variety of contexts. Applications may include simple transfers such as a restaurant that allows Redditors to spend points on drinks. Or it may include complex smart contracts -- such as placing Community Points as a wager for a multiparty game or as collateral in a financial contract.
The common denominator between all of the fun uses of Reddit points is that it needs a thriving ecosystem of both users and developers, and the Ethereum blockchain is perhaps the only smart contract platform with significant adoption today. While many Layer 1 blockchains boast lower cost or higher throughput than the Ethereum blockchain, more often than not, these attributes mask the reality of little usage, weaker security, or both.
Perhaps another platform with significant usage will rise in the future. But today, Ethereum captures the mindshare of the blockchain community, and for Community Points to provide the most utility, the Ethereum blockchain is the natural choice.
1.2 Why Arbitrum
While Ethereum's ecosystem is unmatched, the reality is that fees are high and capacity is too low to support the scale of Reddit Community Points. Enter Arbitrum. Arbitrum Rollup provides all of the ecosystem benefits of Ethereum, but with orders of magnitude more capacity and at a fraction of the cost of native Ethereum smart contracts. And most of all, we don't change the experience from users. They continue to use the same wallets, addresses, languages, and tools.
Arbitrum Rollup is not the only solution that can scale payments, but it is the only developed solution that can scale both payments and arbitrary smart contracts trustlessly, which means that third party users can build highly scalable add-on apps that can be used without withdrawing money from the Rollup chain. If you believe that Reddit users will want to use their Community Points in smart contracts--and we believe they will--then it makes the most sense to choose a single scaling solution that can support the entire ecosystem, eliminating friction for users.
We view being able to run smart contracts in the same scaling solution as fundamentally critical since if there's significant demand in running smart contracts from Reddit's ecosystem, this would be a load on Ethereum and would itself require a scaling solution. Moreover, having different scaling solutions for the minting/distribution/spending of points and for third party apps would be burdensome for users as they'd have to constantly shuffle their Points back and forth.
2. Arbitrum at a glance
Arbitrum Rollup has a unique value proposition as it offers a combination of features that no other scaling solution achieves. Here we highlight its core attributes.
Decentralized. Arbitrum Rollup is as decentralized as Ethereum. Unlike some other Layer 2 scaling projects, Arbitrum Rollup doesn't have any centralized components or centralized operators who can censor users or delay transactions. Even in non-custodial systems, centralized components provide a risk as the operators are generally incentivized to increase their profit by extracting rent from users often in ways that severely degrade user experience. Even if centralized operators are altruistic, centralized components are subject to hacking, coercion, and potential liability.
Massive Scaling. Arbitrum achieves order of magnitude scaling over Ethereum's L1 smart contracts. Our software currently supports 453 transactions-per-second for basic transactions (at 1616 Ethereum gas per tx). We have a lot of room left to optimize (e.g. aggregating signatures), and over the next several months capacity will increase significantly. As described in detail below, Arbitrum can easily support and surpass Reddit's anticipated initial load, and its capacity will continue to improve as Reddit's capacity needs grow.
Low cost. The cost of running Arbitrum Rollup is quite low compared to L1 Ethereum and other scaling solutions such as those based on zero-knowledge proofs. Layer 2 fees are low, fixed, and predictable and should not be overly burdensome for Reddit to cover. Nobody needs to use special equipment or high-end machines. Arbitrum requires validators, which is a permissionless role that can be run on any reasonable on-line machine. Although anybody can act as a validator, in order to protect against a “tragedy of the commons” and make sure reputable validators are participating, we support a notion of “invited validators” that are compensated for their costs. In general, users pay (low) fees to cover the invited validators’ costs, but we imagine that Reddit may cover this cost for its users. See more on the costs and validator options below.
Ethereum Developer Experience. Not only does Arbitrum support EVM smart contracts, but the developer experience is identical to that of L1 Ethereum contracts and fully compatible with Ethereum tooling. Developers can port existing Solidity apps or write new ones using their favorite and familiar toolchains (e.g. Truffle, Buidler). There are no new languages or coding paradigms to learn.
Ethereum wallet compatibility. Just as in Ethereum, Arbitrum users need only hold keys, but do not have to store any coin history or additional data to protect or access their funds. Since Arbitrum transactions are semantically identical to Ethereum L1 transactions, existing Ethereum users can use their existing Ethereum keys with their existing wallet software such as Metamask.
Token interoperability. Users can easily transfer their ETH, ERC-20 and ERC-721 tokens between Ethereum and the Arbitrum Rollup chain. As we explain in detail below, it is possible to mint tokens in L2 that can subsequently be withdrawn and recognized by the L1 token contract.
Fast finality. Transactions complete with the same finality time as Ethereum L1 (and it's possible to get faster finality guarantees by trading away trust assumptions; see the Arbitrum Rollup whitepaper for details).
Non-custodial. Arbitrum Rollup is a non-custodial scaling solution, so users control their funds/points and neither Reddit nor anyone else can ever access or revoke points held by users.
Censorship Resistant. Since it's completely decentralized, and the Arbitrum protocol guarantees progress trustlessly, Arbitrum Rollup is just as censorship-proof as Ethereum.
Block explorer. The Arbitrum Rollup block explorer allows users to view and analyze transactions on the Rollup chain.
Limitations
Although this is a bake-off, we're not going to sugar coat anything. Arbitrum Rollup, like any Optimistic Rollup protocol, does have one limitation, and that's the delay on withdrawals.
As for the concrete length of the delay, we've done a good deal of internal modeling and have blogged about this as well. Our current modeling suggests a 3-hour delay is sufficient (but as discussed in the linked post there is a tradeoff space between the length of the challenge period and the size of the validators’ deposit).
Note that this doesn't mean that the chain is delayed for three hours. Arbitrum Rollup supports pipelining of execution, which means that validators can keep building new states even while previous ones are “in the pipeline” for confirmation. As the challenge delays expire for each update, a new state will be confirmed (read more about this here).
So activity and progress on the chain are not delayed by the challenge period. The only thing that's delayed is the consummation of withdrawals. Recall though that any single honest validator knows immediately (at the speed of L1 finality) which state updates are correct and can guarantee that they will eventually be confirmed, so once a valid withdrawal has been requested on-chain, every honest party knows that the withdrawal will definitely happen. There's a natural place here for a liquidity market in which a validator (or someone who trusts a validator) can provide withdrawal loans for a small interest fee. This is a no-risk business for them as they know which withdrawals will be confirmed (and can force their confirmation trustlessly no matter what anyone else does) but are just waiting for on-chain finality.
3. The recipe: How Arbitrum Rollup works
For a description of the technical components of Arbitrum Rollup and how they interact to create a highly scalable protocol with a developer experience that is identical to Ethereum, please refer to the following documents:
Arbitrum Rollup Whitepaper
Arbitrum academic paper (describes a previous version of Arbitrum)
4. Developer docs and APIs
For full details about how to set up and interact with an Arbitrum Rollup chain or validator, please refer to our developer docs, which can be found at https://developer.offchainlabs.com/.
Note that the Arbitrum version described on that site is older and will soon be replaced by the version we are entering in Reddit Bake-Off, which is still undergoing internal testing before public release.
5. Who are the validators?
As with any Layer 2 protocol, advancing the protocol correctly requires at least one validator (sometimes called block producers) that is honest and available. A natural question is: who are the validators?
Recall that the validator set for an Arbitrum chain is open and permissionless; anyone can start or stop validating at will. (A useful analogy is to full nodes on an L1 chain.) But we understand that even though anyone can participate, Reddit may want to guarantee that highly reputable nodes are validating their chain. Reddit may choose to validate the chain themselves and/or hire third-party validators.To this end, we have begun building a marketplace for validator-for-hire services so that dapp developers can outsource validation services to reputable nodes with high up-time. We've announced a partnership in which Chainlink nodes will provide Arbitrum validation services, and we expect to announce more partnerships shortly with other blockchain infrastructure providers.
Although there is no requirement that validators are paid, Arbitrum’s economic model tracks validators’ costs (e.g. amount of computation and storage) and can charge small fees on user transactions, using a gas-type system, to cover those costs. Alternatively, a single party such as Reddit can agree to cover the costs of invited validators.
6. Reddit Contract Support
Since Arbitrum contracts and transactions are byte-for-byte compatible with Ethereum, supporting the Reddit contracts is as simple as launching them on an Arbitrum chain.
Minting. Arbitrum Rollup supports hybrid L1/L2 tokens which can be minted in L2 and then withdrawn onto the L1. An L1 contract at address A can make a special call to the EthBridge which deploys a "buddy contract" to the same address A on an Arbitrum chain. Since it's deployed at the same address, users can know that the L2 contract is the authorized "buddy" of the L1 contract on the Arbitrum chain.
For minting, the L1 contract is a standard ERC-20 contract which mints and burns tokens when requested by the L2 contract. It is paired with an ERC-20 contract in L2 which mints tokens based on whatever programmer provided minting facility is desired and burns tokens when they are withdrawn from the rollup chain. Given this base infrastructure, Arbitrum can support any smart contract based method for minting tokens in L2, and indeed we directly support Reddit's signature/claim based minting in L2.
Batch minting. What's better than a mint cookie? A whole batch! In addition to supporting Reddit’s current minting/claiming scheme, we built a second minting design, which we believe outperforms the signature/claim system in many scenarios.
In the current system, Reddit periodically issues signed statements to users, who then take those statements to the blockchain to claim their tokens. An alternative approach would have Reddit directly submit the list of users/amounts to the blockchain and distribute the tokens to the users without the signature/claim process.
To optimize the cost efficiency of this approach, we designed an application-specific compression scheme to minimize the size of the batch distribution list. We analyzed the data from Reddit's previous distributions and found that the data is highly compressible since token amounts are small and repeated, and addresses appear multiple times. Our function groups transactions by size, and replaces previously-seen addresses with a shorter index value. We wrote client code to compress the data, wrote a Solidity decompressing function, and integrated that function into Reddit’s contract running on Arbitrum.
When we ran the compression function on the previous Reddit distribution data, we found that we could compress batched minting data down to to 11.8 bytes per minting event (averaged over a 6-month trace of Reddit’s historical token grants)compared with roughly 174 bytes of on-chain data needed for the signature claim approach to minting (roughly 43 for an RLP-encoded null transaction + 65 for Reddit's signature + 65 for the user's signature + roughly 8 for the number of Points) .
The relative benefit of the two approaches with respect to on-chain call data cost depends on the percentage of users that will actually claim their tokens on chain. With the above figures, batch minting will be cheaper if roughly 5% of users redeem their claims. We stress that our compression scheme is not Arbitrum-specific and would be beneficial in any general-purpose smart contract platform.
8. Benchmarks and costs
In this section, we give the full costs of operating the Reddit contracts on an Arbitrum Rollup chain including the L1 gas costs for the Rollup chain, the costs of computation and storage for the L2 validators as well as the capital lockup requirements for staking.
Arbitrum Rollup is still on testnet, so we did not run mainnet benchmarks. Instead, we measured the L1 gas cost and L2 workload for Reddit operations on Arbitrum and calculated the total cost assuming current Ethereum gas prices. As noted below in detail, our measurements do not assume that Arbitrum is consuming the entire capacity of Ethereum. We will present the details of our model now, but for full transparency you can also play around with it yourself and adjust the parameters, by copying the spreadsheet found here.
Our cost model is based on measurements of Reddit’s contracts, running unmodified (except for the addition of a batch minting function) on Arbitrum Rollup on top of Ethereum.
On the distribution of transactions and frequency of assertions. Reddit's instructions specify the following minimum parameters that submissions should support:
Over a 5 day period, your scaling PoC should be able to handle:
  • 100,000 point claims (minting & distributing points)
  • 25,000 subscriptions
  • 75,000 one-off points burning
  • 100,000 transfers
We provide the full costs of operating an Arbitrum Rollup chain with this usage under the assumption that tokens are minted or granted to users in batches, but other transactions are uniformly distributed over the 5 day period. Unlike some other submissions, we do not make unrealistic assumptions that all operations can be submitted in enormous batches. We assume that batch minting is done in batches that use only a few percent on an L1 block’s gas, and that other operations come in evenly over time and are submitted in batches, with one batch every five minutes to keep latency reasonable. (Users are probably already waiting for L1 finality, which takes at least that long to achieve.)
We note that assuming that there are only 300,000 transactions that arrive uniformly over the 5 day period will make our benchmark numbers lower, but we believe that this will reflect the true cost of running the system. To see why, say that batches are submitted every five minutes (20 L1 blocks) and there's a fixed overhead of c bytes of calldata per batch, the cost of which will get amortized over all transactions executed in that batch. Assume that each individual transaction adds a marginal cost of t. Lastly assume the capacity of the scaling system is high enough that it can support all of Reddit's 300,000 transactions within a single 20-block batch (i.e. that there is more than c + 300,000*t byes of calldata available in 20 blocks).
Consider what happens if c, the per-batch overhead, is large (which it is in some systems, but not in Arbitrum). In the scenario that transactions actually arrive at the system's capacity and each batch is full, then c gets amortized over 300,000 transactions. But if we assume that the system is not running at capacity--and only receives 300,000 transactions arriving uniformly over 5 days-- then each 20-block assertion will contain about 200 transactions, and thus each transaction will pay a nontrivial cost due to c.
We are aware that other proposals presented scaling numbers assuming that 300,000 transactions arrived at maximum capacity and was executed in a single mega-transaction, but according to our estimates, for at least one such report, this led to a reported gas price that was 2-3 orders of magnitude lower than it would have been assuming uniform arrival. We make more realistic batching assumptions, and we believe Arbitrum compares well when batch sizes are realistic.
Our model. Our cost model includes several sources of cost:
  • L1 gas costs: This is the cost of posting transactions as calldata on the L1 chain, as well as the overhead associated with each batch of transactions, and the L1 cost of settling transactions in the Arbitrum protocol.
  • Validator’s staking costs: In normal operation, one validator will need to be staked. The stake is assumed to be 0.2% of the total value of the chain (which is assumed to be $1 per user who is eligible to claim points). The cost of staking is the interest that could be earned on the money if it were not staked.
  • Validator computation and storage: Every validator must do computation to track the chain’s processing of transactions, and must maintain storage to keep track of the contracts’ EVM storage. The cost of computation and storage are estimated based on measurements, with the dollar cost of resources based on Amazon Web Services pricing.
It’s clear from our modeling that the predominant cost is for L1 calldata. This will probably be true for any plausible rollup-based system.
Our model also shows that Arbitrum can scale to workloads much larger than Reddit’s nominal workload, without exhausting L1 or L2 resources. The scaling bottleneck will ultimately be calldata on the L1 chain. We believe that cost could be reduced substantially if necessary by clever encoding of data. (In our design any compression / decompression of L2 transaction calldata would be done by client software and L2 programs, never by an L1 contract.)
9. Status of Arbitrum Rollup
Arbitrum Rollup is live on Ethereum testnet. All of the code written to date including everything included in the Reddit demo is open source and permissively licensed under the Apache V2 license. The first testnet version of Arbitrum Rollup was released on testnet in February. Our current internal version, which we used to benchmark the Reddit contracts, will be released soon and will be a major upgrade.
Both the Arbitrum design as well as the implementation are heavily audited by independent third parties. The Arbitrum academic paper was published at USENIX Security, a top-tier peer-reviewed academic venue. For the Arbitrum software, we have engaged Trail of Bits for a security audit, which is currently ongoing, and we are committed to have a clean report before launching on Ethereum mainnet.
10. Reddit Universe Arbitrum Rollup Chain
The benchmarks described in this document were all measured using the latest internal build of our software. When we release the new software upgrade publicly we will launch a Reddit Universe Arbitrum Rollup chain as a public demo, which will contain the Reddit contracts as well as a Uniswap instance and a Connext Hub, demonstrating how Community Points can be integrated into third party apps. We will also allow members of the public to dynamically launch ecosystem contracts. We at Offchain Labs will cover the validating costs for the Reddit Universe public demo.
If the folks at Reddit would like to evaluate our software prior to our public demo, please email us at [email protected] and we'd be more than happy to provide early access.
11. Even more scaling: Arbitrum Sidechains
Rollups are an excellent approach to scaling, and we are excited about Arbitrum Rollup which far surpasses Reddit's scaling needs. But looking forward to Reddit's eventual goal of supporting hundreds of millions of users, there will likely come a time when Reddit needs more scaling than any Rollup protocol can provide.
While Rollups greatly reduce costs, they don't break the linear barrier. That is, all transactions have an on-chain footprint (because all calldata must be posted on-chain), albeit a far smaller one than on native Ethereum, and the L1 limitations end up being the bottleneck for capacity and cost. Since Ethereum has limited capacity, this linear use of on-chain resources means that costs will eventually increase superlinearly with traffic.
The good news is that we at Offchain Labs have a solution in our roadmap that can satisfy this extreme-scaling setting as well: Arbitrum AnyTrust Sidechains. Arbitrum Sidechains are similar to Arbitrum Rollup, but deviate in that they name a permissioned set of validators. When a chain’s validators agree off-chain, they can greatly reduce the on-chain footprint of the protocol and require almost no data to be put on-chain. When validators can't reach unanimous agreement off-chain, the protocol reverts to Arbitrum Rollup. Technically, Arbitrum Sidechains can be viewed as a hybrid between state channels and Rollup, switching back and forth as necessary, and combining the performance and cost that state channels can achieve in the optimistic case, with the robustness of Rollup in other cases. The core technical challenge is how to switch seamlessly between modes and how to guarantee that security is maintained throughout.
Arbitrum Sidechains break through this linear barrier, while still maintaining a high level of security and decentralization. Arbitrum Sidechains provide the AnyTrust guarantee, which says that as long as any one validator is honest and available (even if you don't know which one will be), the L2 chain is guaranteed to execute correctly according to its code and guaranteed to make progress. Unlike in a state channel, offchain progress does not require unanimous consent, and liveness is preserved as long as there is a single honest validator.
Note that the trust model for Arbitrum Sidechains is much stronger than for typical BFT-style chains which introduce a consensus "voting" protocols among a small permissioned group of validators. BFT-based protocols require a supermajority (more than 2/3) of validators to agree. In Arbitrum Sidechains, by contrast, all you need is a single honest validator to achieve guaranteed correctness and progress. Notice that in Arbitrum adding validators strictly increases security since the AnyTrust guarantee provides correctness as long as any one validator is honest and available. By contrast, in BFT-style protocols, adding nodes can be dangerous as a coalition of dishonest nodes can break the protocol.
Like Arbitrum Rollup, the developer and user experiences for Arbitrum Sidechains will be identical to that of Ethereum. Reddit would be able to choose a large and diverse set of validators, and all that they would need to guarantee to break through the scaling barrier is that a single one of them will remain honest.
We hope to have Arbitrum Sidechains in production in early 2021, and thus when Reddit reaches the scale that surpasses the capacity of Rollups, Arbitrum Sidechains will be waiting and ready to help.
While the idea to switch between channels and Rollup to get the best of both worlds is conceptually simple, getting the details right and making sure that the switch does not introduce any attack vectors is highly non-trivial and has been the subject of years of our research (indeed, we were working on this design for years before the term Rollup was even coined).
12. How Arbitrum compares
We include a comparison to several other categories as well as specific projects when appropriate. and explain why we believe that Arbitrum is best suited for Reddit's purposes. We focus our attention on other Ethereum projects.
Payment only Rollups. Compared to Arbitrum Rollup, ZK-Rollups and other Rollups that only support token transfers have several disadvantages:
  • As outlined throughout the proposal, we believe that the entire draw of Ethereum is in its rich smart contracts support which is simply not achievable with today's zero-knowledge proof technology. Indeed, scaling with a ZK-Rollup will add friction to the deployment of smart contracts that interact with Community Points as users will have to withdraw their coins from the ZK-Rollup and transfer them to a smart contract system (like Arbitrum). The community will be best served if Reddit builds on a platform that has built-in, frictionless smart-contract support.
  • All other Rollup protocols of which we are aware employ a centralized operator. While it's true that users retain custody of their coins, the centralized operator can often profit from censoring, reordering, or delaying transactions. A common misconception is that since they're non-custodial protocols, a centralized sequencer does not pose a risk but this is incorrect as the sequencer can wreak havoc or shake down users for side payments without directly stealing funds.
  • Sidechain type protocols can eliminate some of these issues, but they are not trustless. Instead, they require trust in some quorum of a committee, often requiring two-third of the committee to be honest, compared to rollup protocols like Arbitrum that require only a single honest party. In addition, not all sidechain type protocols have committees that are diverse, or even non-centralized, in practice.
  • Plasma-style protocols have a centralized operator and do not support general smart contracts.
13. Concluding Remarks
While it's ultimately up to the judges’ palate, we believe that Arbitrum Rollup is the bakeoff choice that Reddit kneads. We far surpass Reddit's specified workload requirement at present, have much room to optimize Arbitrum Rollup in the near term, and have a clear path to get Reddit to hundreds of millions of users. Furthermore, we are the only project that gives developers and users the identical interface as the Ethereum blockchain and is fully interoperable and tooling-compatible, and we do this all without any new trust assumptions or centralized components.
But no matter how the cookie crumbles, we're glad to have participated in this bake-off and we thank you for your consideration.
About Offchain Labs
Offchain Labs, Inc. is a venture-funded New York company that spun out of Princeton University research, and is building the Arbitrum platform to usher in the next generation of scalable, interoperable, and compatible smart contracts. Offchain Labs is backed by Pantera Capital, Compound VC, Coinbase Ventures, and others.
Leadership Team
Ed Felten
Ed Felten is Co-founder and Chief Scientist at Offchain Labs. He is on leave from Princeton University, where he is the Robert E. Kahn Professor of Computer Science and Public Affairs. From 2015 to 2017 he served at the White House as Deputy United States Chief Technology Officer and senior advisor to the President. He is an ACM Fellow and member of the National Academy of Engineering. Outside of work, he is an avid runner, cook, and L.A. Dodgers fan.
Steven Goldfeder
Steven Goldfeder is Co-founder and Chief Executive Officer at Offchain Labs. He holds a PhD from Princeton University, where he worked at the intersection of cryptography and cryptocurrencies including threshold cryptography, zero-knowledge proof systems, and post-quantum signatures. He is a co-author of Bitcoin and Cryptocurrency Technologies, the leading textbook on cryptocurrencies, and he has previously worked at Google and Microsoft Research, where he co-invented the Picnic signature algorithm. When not working, you can find Steven spending time with his family, taking a nature walk, or twisting balloons.
Harry Kalodner
Harry Kalodner is Co-founder and Chief Technology Officer at Offchain Labs where he leads the engineering team. Before the company he attended Princeton as a Ph.D candidate where his research explored economics, anonymity, and incentive compatibility of cryptocurrencies, and he also has worked at Apple. When not up at 3:00am writing code, Harry occasionally sleeps.
submitted by hkalodner to ethereum [link] [comments]

[ Bitcoin ] Technical: Taproot: Why Activate?

Topic originally posted in Bitcoin by almkglor [link]
This is a follow-up on https://old.reddit.com/Bitcoin/comments/hqzp14/technical_the_path_to_taproot_activation/
Taproot! Everybody wants it!! But... you might ask yourself: sure, everybody else wants it, but why would I, sovereign Bitcoin HODLer, want it? Surely I can be better than everybody else because I swapped XXX fiat for Bitcoin unlike all those nocoiners?
And it is important for you to know the reasons why you, o sovereign Bitcoiner, would want Taproot activated. After all, your nodes (or the nodes your wallets use, which if you are SPV, you hopefully can pester to your wallet vendoimplementor about) need to be upgraded in order for Taproot activation to actually succeed instead of becoming a hot sticky mess.
First, let's consider some principles of Bitcoin.
I'm sure most of us here would agree that the above are very important principles of Bitcoin and that these are principles we would not be willing to remove. If anything, we would want those principles strengthened (especially the last one, financial privacy, which current Bitcoin is only sporadically strong with: you can get privacy, it just requires effort to do so).
So, how does Taproot affect those principles?

Taproot and Your /Coins

Most HODLers probably HODL their coins in singlesig addresses. Sadly, switching to Taproot would do very little for you (it gives a mild discount at spend time, at the cost of a mild increase in fee at receive time (paid by whoever sends to you, so if it's a self-send from a P2PKH or bech32 address, you pay for this); mostly a wash).
(technical details: a Taproot output is 1 version byte + 32 byte public key, while a P2WPKH (bech32 singlesig) output is 1 version byte + 20 byte public key hash, so the Taproot output spends 12 bytes more; spending from a P2WPKH requires revealing a 32-byte public key later, which is not needed with Taproot, and Taproot signatures are about 9 bytes smaller than P2WPKH signatures, but the 32 bytes plus 9 bytes is divided by 4 because of the witness discount, so it saves about 11 bytes; mostly a wash, it increases blockweight by about 1 virtual byte, 4 weight for each Taproot-output-input, compared to P2WPKH-output-input).
However, as your HODLings grow in value, you might start wondering if multisignature k-of-n setups might be better for the security of your savings. And it is in multisignature that Taproot starts to give benefits!
Taproot switches to using Schnorr signing scheme. Schnorr makes key aggregation -- constructing a single public key from multiple public keys -- almost as trivial as adding numbers together. "Almost" because it involves some fairly advanced math instead of simple boring number adding, but hey when was the last time you added up your grocery list prices by hand huh?
With current P2SH and P2WSH multisignature schemes, if you have a 2-of-3 setup, then to spend, you need to provide two different signatures from two different public keys. With Taproot, you can create, using special moon math, a single public key that represents your 2-of-3 setup. Then you just put two of your devices together, have them communicate to each other (this can be done airgapped, in theory, by sending QR codes: the software to do this is not even being built yet, but that's because Taproot hasn't activated yet!), and they will make a single signature to authorize any spend from your 2-of-3 address. That's 73 witness bytes -- 18.25 virtual bytes -- of signatures you save!
And if you decide that your current setup with 1-of-1 P2PKH / P2WPKH addresses is just fine as-is: well, that's the whole point of a softfork: backwards-compatibility; you can receive from Taproot users just fine, and once your wallet is updated for Taproot-sending support, you can send to Taproot users just fine as well!
(P2WPKH and P2WSH -- SegWit v0 -- addresses start with bc1q; Taproot -- SegWit v1 --- addresses start with bc1p, in case you wanted to know the difference; in bech32 q is 0, p is 1)
Now how about HODLers who keep all, or some, of their coins on custodial services? Well, any custodial service worth its salt would be doing at least 2-of-3, or probably something even bigger, like 11-of-15. So your custodial service, if it switched to using Taproot internally, could save a lot more (imagine an 11-of-15 getting reduced from 11 signatures to just 1!), which --- we can only hope! --- should translate to lower fees and better customer service from your custodial service!
So I think we can say, very accurately, that the Bitcoin principle --- that YOU are in control of your money --- can only be helped by Taproot (if you are doing multisignature), and, because P2PKH and P2WPKH remain validly-usable addresses in a Taproot future, will not be harmed by Taproot. Its benefit to this principle might be small (it mostly only benefits multisignature users) but since it has no drawbacks with this (i.e. singlesig users can continue to use P2WPKH and P2PKH still) this is still a nice, tidy win!
(even singlesig users get a minor benefit, in that multisig users will now reduce their blockchain space footprint, so that fees can be kept low for everybody; so for example even if you have your single set of private keys engraved on titanium plates sealed in an airtight box stored in a safe buried in a desert protected by angry nomads riding giant sandworms because you're the frickin' Kwisatz Haderach, you still gain some benefit from Taproot)
And here's the important part: if P2PKH/P2WPKH is working perfectly fine with you and you decide to never use Taproot yourself, Taproot will not affect you detrimentally. First do no harm!

Taproot and Your Contracts

No one is an island, no one lives alone. Give and you shall receive. You know: by trading with other people, you can gain expertise in some obscure little necessity of the world (and greatly increase your productivity in that little field), and then trade the products of your expertise for necessities other people have created, all of you thereby gaining gains from trade.
So, contracts, which are basically enforceable agreements that facilitate trading with people who you do not personally know and therefore might not trust.
Let's start with a simple example. You want to buy some gewgaws from somebody. But you don't know them personally. The seller wants the money, you want their gewgaws, but because of the lack of trust (you don't know them!! what if they're scammers??) neither of you can benefit from gains from trade.
However, suppose both of you know of some entity that both of you trust. That entity can act as a trusted escrow. The entity provides you security: this enables the trade, allowing both of you to get gains from trade.
In Bitcoin-land, this can be implemented as a 2-of-3 multisignature. The three signatories in the multisgnature would be you, the gewgaw seller, and the escrow. You put the payment for the gewgaws into this 2-of-3 multisignature address.
Now, suppose it turns out neither of you are scammers (whaaaat!). You receive the gewgaws just fine and you're willing to pay up for them. Then you and the gewgaw seller just sign a transaction --- you and the gewgaw seller are 2, sufficient to trigger the 2-of-3 --- that spends from the 2-of-3 address to a singlesig the gewgaw seller wants (or whatever address the gewgaw seller wants).
But suppose some problem arises. The seller gave you gawgews instead of gewgaws. Or you decided to keep the gewgaws but not sign the transaction to release the funds to the seller. In either case, the escrow is notified, and if it can sign with you to refund the funds back to you (if the seller was a scammer) or it can sign with the seller to forward the funds to the seller (if you were a scammer).
Taproot helps with this: like mentioned above, it allows multisignature setups to produce only one signature, reducing blockchain space usage, and thus making contracts --- which require multiple people, by definition, you don't make contracts with yourself --- is made cheaper (which we hope enables more of these setups to happen for more gains from trade for everyone, also, moon and lambos).
(technology-wise, it's easier to make an n-of-n than a k-of-n, making a k-of-n would require a complex setup involving a long ritual with many communication rounds between the n participants, but an n-of-n can be done trivially with some moon math. You can, however, make what is effectively a 2-of-3 by using a three-branch SCRIPT: either 2-of-2 of you and seller, OR 2-of-2 of you and escrow, OR 2-of-2 of escrow and seller. Fortunately, Taproot adds a facility to embed a SCRIPT inside a public key, so you can have a 2-of-2 Taprooted address (between you and seller) with a SCRIPT branch that can instead be spent with 2-of-2 (you + escrow) OR 2-of-2 (seller + escrow), which implements the three-branched SCRIPT above. If neither of you are scammers (hopefully the common case) then you both sign using your keys and never have to contact the escrow, since you are just using the escrow public key without coordinating with them (because n-of-n is trivial but k-of-n requires setup with communication rounds), so in the "best case" where both of you are honest traders, you also get a privacy boost, in that the escrow never learns you have been trading on gewgaws, I mean ewww, gawgews are much better than gewgaws and therefore I now judge you for being a gewgaw enthusiast, you filthy gewgawer).

Taproot and Your Contracts, Part 2: Cryptographic Boogaloo

Now suppose you want to buy some data instead of things. For example, maybe you have some closed-source software in trial mode installed, and want to pay the developer for the full version. You want to pay for an activation code.
This can be done, today, by using an HTLC. The developer tells you the hash of the activation code. You pay to an HTLC, paying out to the developer if it reveals the preimage (the activation code), or refunding the money back to you after a pre-agreed timeout. If the developer claims the funds, it has to reveal the preimage, which is the activation code, and you can now activate your software. If the developer does not claim the funds by the timeout, you get refunded.
And you can do that, with HTLCs, today.
Of course, HTLCs do have problems:
Fortunately, with Schnorr (which is enabled by Taproot), we can now use the Scriptless Script constuction by Andrew Poelstra. This Scriptless Script allows a new construction, the PTLC or Pointlocked Timelocked Contract. Instead of hashes and preimages, just replace "hash" with "point" and "preimage" with "scalar".
Or as you might know them: "point" is really "public key" and "scalar" is really a "private key". What a PTLC does is that, given a particular public key, the pointlocked branch can be spent only if the spender reveals the private key of the given private key to you.
Another nice thing with PTLCs is that they are deniable. What appears onchain is just a single 2-of-2 signature between you and the developemanufacturer. It's like a magic trick. This signature has no special watermarks, it's a perfectly normal signature (the pledge). However, from this signature, plus some datta given to you by the developemanufacturer (known as the adaptor signature) you can derive the private key of a particular public key you both agree on (the turn). Anyone scraping the blockchain will just see signatures that look just like every other signature, and as long as nobody manages to hack you and get a copy of the adaptor signature or the private key, they cannot get the private key behind the public key (point) that the pointlocked branch needs (the prestige).
(Just to be clear, the public key you are getting the private key from, is distinct from the public key that the developemanufacturer will use for its funds. The activation key is different from the developer's onchain Bitcoin key, and it is the activation key whose private key you will be learning, not the developer's/manufacturer's onchain Bitcoin key).
So:
Taproot lets PTLCs exist onchain because they enable Schnorr, which is a requirement of PTLCs / Scriptless Script.
(technology-wise, take note that Scriptless Script works only for the "pointlocked" branch of the contract; you need normal Script, or a pre-signed nLockTimed transaction, for the "timelocked" branch. Since Taproot can embed a script, you can have the Taproot pubkey be a 2-of-2 to implement the Scriptless Script "pointlocked" branch, then have a hidden script that lets you recover the funds with an OP_CHECKLOCKTIMEVERIFY after the timeout if the seller does not claim the funds.)

Quantum Quibbles!

Now if you were really paying attention, you might have noticed this parenthetical:
(technical details: a Taproot output is 1 version byte + 32 byte public key, while a P2WPKH (bech32 singlesig) output is 1 version byte + 20 byte public key hash...)
So wait, Taproot uses raw 32-byte public keys, and not public key hashes? Isn't that more quantum-vulnerable??
Well, in theory yes. In practice, they probably are not.
It's not that hashes can be broken by quantum computes --- they're still not. Instead, you have to look at how you spend from a P2WPKH/P2PKH pay-to-public-key-hash.
When you spend from a P2PKH / P2WPKH, you have to reveal the public key. Then Bitcoin hashes it and checks if this matches with the public-key-hash, and only then actually validates the signature for that public key.
So an unconfirmed transaction, floating in the mempools of nodes globally, will show, in plain sight for everyone to see, your public key.
(public keys should be public, that's why they're called public keys, LOL)
And if quantum computers are fast enough to be of concern, then they are probably fast enough that, in the several minutes to several hours from broadcast to confirmation, they have already cracked the public key that is openly broadcast with your transaction. The owner of the quantum computer can now replace your unconfirmed transaction with one that pays the funds to itself. Even if you did not opt-in RBF, miners are still incentivized to support RBF on RBF-disabled transactions.
So the extra hash is not as significant a protection against quantum computers as you might think. Instead, the extra hash-and-compare needed is just extra validation effort.
Further, if you have ever, in the past, spent from the address, then there exists already a transaction indelibly stored on the blockchain, openly displaying the public key from which quantum computers can derive the private key. So those are still vulnerable to quantum computers.
For the most part, the cryptographers behind Taproot (and Bitcoin Core) are of the opinion that quantum computers capable of cracking Bitcoin pubkeys are unlikely to appear within a decade or two.
So:
For now, the homomorphic and linear properties of elliptic curve cryptography provide a lot of benefits --- particularly the linearity property is what enables Scriptless Script and simple multisignature (i.e. multisignatures that are just 1 signature onchain). So it might be a good idea to take advantage of them now while we are still fairly safe against quantum computers. It seems likely that quantum-safe signature schemes are nonlinear (thus losing these advantages).

Summary

I Wanna Be The Taprooter!

So, do you want to help activate Taproot? Here's what you, mister sovereign Bitcoin HODLer, can do!

But I Hate Taproot!!

That's fine!

Discussions About Taproot Activation

almkglor your post has been copied because one or more comments in this topic have been removed. This copy will preserve unmoderated topic. If you would like to opt-out, please send a message using [this link].
[deleted comment]
[deleted comment]
[deleted comment]
submitted by anticensor_bot to u/anticensor_bot [link] [comments]

ABCMint is a quantum resistant cryptocurrency with the Rainbow Multivariable Polynomial Signature Scheme.

Good day, the price is going up to 0.3USDT.

ABCMint Second Foundation

ABCMint has been a first third-party organization that focuses on post-quantum cryptography research and technology and aims to help improve the ecology of ABCMint technology since 2018.


https://abcmintsf.com

https://abcmintsf.com/exchange


What is ABCMint?

ABCMint is a quantum resistant cryptocurrency with the Rainbow Multivariable Polynomial Signature Scheme.

Cryptocurrencies and blockchain technology have attracted a significant amount of attention since 2009. While some cryptocurrencies, including Bitcoin, are used extensively in the world, these cryptocurrencies will eventually become obsolete and be replaced when the quantum computers avail. For instance, Bitcoin uses the elliptic curved signature (ECDSA). If a bitcoin user?s public key is exposed to the public chain, the quantum computers will be able to quickly reverse-engineer the private key in a short period of time. It means that should an attacker decide to use a quantum computer to decrypt ECDSA, he/she will be able to use the bitcoin in the wallet.

The ABCMint Foundation has improved the structure of the special coin core to resist quantum computers, using the Rainbow Multivariable Polynomial Signature Scheme, which is quantum resisitant, as the core. This is a fundamental solution to the major threat to digital money posed by future quantum computers. In addition, the ABCMint Foundation has implemented a new form of proof of arithmetic (mining) "ABCardO" which is different from Bitcoin?s arbitrary mining. This algorithm is believed to be beneficial to the development of the mathematical field of multivariate.


Rainbow Signature - the quantum resistant signature based on Multivariable Polynomial Signature Scheme

Unbalanced Oil and Vinegar (UOV) is a multi-disciplinary team of experts in the field of oil and vinegar. One of the oldest and most well researched signature schemes in the field of variable cryptography. It was designed by J. Patarin in 1997 and has withstood more than two decades of cryptanalysis. The UOV scheme is a very simple, smalls and fast signature. However, the main drawback of UOV is the large public key, which will not be conducive to the development of block practice technology.

The rainbow signature is an improvement on the oil and vinegar signature which increased the efficiency of unbalanced oil and vinegar. The basic concept is a multi-layered structure and generalization of oil and vinegar.


PQC - Post Quantum Cryptography

The public key cryptosystem was a breakthrough in modern cryptography in the late 1970s. It has become an increasingly important part of our cryptography communications network over The Internet and other communication systems rely heavily on the Diffie-Hellman key exchange, RSA encryption, and the use of the DSA, ECDSA or related algorithms for numerical signatures. The security of these cryptosystems depends on the difficulty level of number theory problems such as integer decomposition and discrete logarithm problems. In 1994, Peter Shor demonstrated that quantum computers can solve all these problems in polynomial time, which made this security issue related to the cryptosystems theory irrelevant. This development is known as the "post-quantum cryptography" (PQC)

In August 2015, the U.S. National Security Agency (NSA) released an announcement regarding its plans to transition to quantum-resistant algorithms. In December 2016, the National Institute of Standards and Technology (NIST) announced a call for proposals for quantum-resistant algorithms. The deadline was November 30, 2017, which also included the rainbow signatures used for ABCMint.
submitted by WrapBeautiful to ABCMint [link] [comments]

r/Futurology 2020 Prediction Competition

We’ve never done it before, but we thought it would be fun to have a 2020 Prediction Competition where people put up their Futurology related predictions for 2020 and we vote a winner this time next year based on who gets the most right.
Apart from bragging rights, we’ve some Reddit Gold & Silver to give away as prizes and we’ll probably think up a title for the winner to use as their flair. So just think, potentially you could be Futurology Grand Wizard of Foretelling & showered with gold.
We’ll use some means of democratic Reddit hivemind voting to figure out the winner, but here’s some rules.
Bonus Point for a prediction that has a reason or further qualification attached and both come true, use brackets to separate the two. Example: Bitcoin price will have crashed by the end of 2020. BetteMore points - Bitcoin price will have crashed by the end of 2020 ( A recession will have forced investors to flee from risky asset classes).
Announced or established plans don’t count as predictions Example: China has established plans to launch the first module of its space station in 2020. Therefore saying China will launch a module of its space station in 2020 does not count as a prediction.
Be specific, generalities don’t count. Example: There will be major advances in quantum cryptography in 2020 does not count as a prediction
Comments Closed as of Jan 6th 2020
submitted by lughnasadh to Futurology [link] [comments]

Why Bitcoin could Fail

Below in my opinion are three legitimate reasons why Bitcoin could fail.
  1. Cryptography becomes insecure. If cryptography can be broken we're all screwed. Since 2009 people have planned for and reviewed what would happen when quantum computers come, or what would happen if computers millions of times more powerful are developed, but I'd categorize this as "known unknowns". There still remains "unknown unknowns" that could end digital security. A Black swan event or whatever you want to call it can absolutely happen, and it it could take 100 years before the puzzle makers jump ahead of the puzzle breakers again.
  2. Governments make it illegal. P2p music sharing has effectively been destroyed. The technology still exists but the rule of law and informal pressure that governments have makes it too hard for most citizens to bother. Why risk breaking the law, when a good enough alternative exists for a small fee. For those that argue that Bitcoin is not breaking any laws in the United States, that really doesn't mean anything as new laws can always be written. Anthony Scaramucci (of all people) articulated this point well on the Off The Chain Podcast. In a situation that is deemed a crisis, the United States government is going to do whatever it wants to keep citizens ""safe"".
  3. The most scary, most concerning threat to Bitcoin is apathy. What if people just don't care enough. The average person doesn't get hyped about decentralized currency. The masses care when the price goes up, but the market is a game that just can't be predicted, and it can't go up forever. To get the masses on board they pretty much have to be forced to. The world uses cell phones because the benefits are so so great even the homeless are forced to go out and obtain one. Unless new technology is a necessity, the average person does not want to jump through new hoops. There are so many products out there looking to gain a userbase, they put thousands/millions of dollars into marketing and strategy and endorsements, teams of people working round the clock to figure out "how do we please the customer" and how many of those products ultimately end up failing. There's a push and pull with Bitcoin to please the customers while at the same time remaining decentralized. How many humans are willing to work on a project and receive no money or recognition in return?
So that's what I got. Any thoughts or feedback welcome. Thanks.
submitted by Th3M0rn1ng5h0w to Bitcoin [link] [comments]

05-13 13:45 - 'Fundamental questions to the success of Bitcoin' (self.Bitcoin) by /u/banditcleaner2 removed from /r/Bitcoin within 0-5min

'''
I see some conflicting opinions happening in this subreddit quite often and wanted somebody with a pretty sizable knowledge to answer some questions I have.
Bitcoin is often touted to be valuable because it can be used a currency, and that mass adoptions should rely on this concept. However, fundamentally bitcoin is far too slow to be used by a massive amount of the earth's population. In times of high price action, volume increases, and so do wait times. Now I know what you're thinking:
Just use the lightning network.
The problem with this is that most people are honestly just not technical enough to want to use and/or learn to use the lightning network. It's not a simplistic process for normal people, especially not for the majority of the older population that doesn't and/or can't learn to use bitcoin in the normal which, way is much more simple. So unless fundamentally lightning network becomes less techy and more easy to use, this isn't a viable solution.
So based on that, is it even really possible for Bitcoin to achieve mass adoption on the premise of being the world's first deflationary reserve currency? If those problems aren't solved, I don't think so.
The other issue is that people often say that Bitcoin is a store of value. If bitcoin fundamentally fails to become a widely adopted currency, how does it manage as a store of value? It's value is based primarily on it being adopted as a currency, and speculation on it's future.
Simple scarcity should not make something valuable, and this fact isn't removed from Bitcoin. While a trustless, deflationary, supply limited currency is a great idea, I don't see it succeeding as a store of value if it fails as a currency.
The other main question in relation to Bitcoin is quantum. What will quantum computing do to Bitcoin? Elliptic curve cryptography can be used to save modern websites security, and banks, but if the proof of work structure of Bitcoin is not changed to something that is quantum proof, don't we have a problem there as well?
I know this is bitcoin, but aren't there are other coins that serve as a currency better? Ones that are much faster (Litecoin and Dash come to mind, albeit may be less secure? Litecoin in particular does have a fairly sizable blockchain history, which is often touted as one of the best preventors for 51% attacks; but Litecoin is much faster.
What about Bitcoin as a whole makes it the candidate most for success, I guess? Couldn't we just extrapolate the idea of a blockchain to create a coin that is faster, just as secure, and better used a currency, that would then have a better store of value? What about Bitcoin, beside it having the longest blockchain, and highest price/supply ratio, makes it the best candidate?
That's all I've got. Hoping this sparks some discussion about Bitcoin, the probability that it becomes a real success and replaces fiat, and maybe educates some noobs in the sub. More specifically WITHOUT talking about price.
Thanks for coming to my ted talk.
'''
Fundamental questions to the success of Bitcoin
Go1dfish undelete link
unreddit undelete link
Author: banditcleaner2
submitted by removalbot to removalbot [link] [comments]

Subreddit Stats: CryptoTechnology top posts from 2017-12-23 to 2020-01-20 15:51 PDT

Period: 758.36 days
Submissions Comments
Total 956 13660
Rate (per day) 1.26 18.01
Unique Redditors 584 3144
Combined Score 21553 44566

Top Submitters' Top Submissions

  1. 1166 points, 43 submissions: Neophyte-
    1. "Do you need a Blockchain?" - this paper is fantastic, everyone should read this before evaluating a coin and if requires a block chain to solve a solution the coin is promising to solve. (136 points, 41 comments)
    2. Do any of you foresee a crypto being widely adopted as a general purpose payment coin? nano, btc, btccash etc (take your pick). I think it won't happen for reasons in this post. What do you think? (59 points, 54 comments)
    3. Noticed the huge rise of EOS lately what does it have over NEO and ethereum and to a lesser extent Cardano? I tried researching it, but wasn't sold. (54 points, 55 comments)
    4. Hard Problems in Cryptocurrency: Five Years Later ~Vitalik (46 points, 1 comment)
    5. I had a Q&A with Bruno head architect / CEO of oyster, thought you guys might like it. (45 points, 2 comments)
    6. A good article that explains in simple terms how Eth2 works, how it will be rolled out and migrated from eth1 (42 points, 4 comments)
    7. DAI the stablecoin can now be transferred GAS free (article explaining how it works via new MCD DAI contract). This holds alot of promise for the so called "Web3" (40 points, 8 comments)
    8. Veriblock is consuming 27% of bitcoins block space - what does this mean for bitcoins future? (39 points, 16 comments)
    9. Vitalik: Alternative proposal for early eth1 <-> eth2 merge (38 points, 3 comments)
    10. Is launching a PoW permissionless blockchain still possible today? or would it be too susceptible to a 51% attack? (37 points, 37 comments)
  2. 578 points, 16 submissions: crypto_ha
    1. Why is Ripple considered a cryptocurrency (by many)? (109 points, 63 comments)
    2. So reportedly there are serious vulnerabilities found in EOS’ code. And it seems like those are more than just random software bugs. (97 points, 29 comments)
    3. Guide: How to get started with Blockchain development? (60 points, 6 comments)
    4. A newly found vulnerability in Nano's Android wallet (44 points, 12 comments)
    5. The history and state of Ethereum's Casper research - Vitalik Buterin (39 points, 4 comments)
    6. What is the difference between Sidechain vs Child Chain vs Off Chain? (39 points, 12 comments)
    7. EOS mainnet is official live (finally), but... (36 points, 24 comments)
    8. Bitcoin's "doomsday" economics - Bank of International Settlements (34 points, 23 comments)
    9. How Wall Street’s embrace could undermine Bitcoin (30 points, 9 comments)
    10. Ethereum ERC 1497: DApp Dispute Evidence Standard (24 points, 0 comments)
  3. 513 points, 20 submissions: ndha1995
    1. Ethereum Classic is currently being 51% attacked (103 points, 31 comments)
    2. Why are there so many garbage posts the past 24 hours? (58 points, 10 comments)
    3. Google Unveils 72-Qubit Quantum Processor With Low Error Rates (48 points, 24 comments)
    4. IOTA's Network-Bound PoW consensus, is it feasible? (42 points, 13 comments)
    5. The Challenges of Investigating Cryptocurrencies and Blockchain Related Crime (29 points, 7 comments)
    6. Deep dive into zk-STARKs with Vitalik Buterin's blog posts (26 points, 3 comments)
    7. Tether discussion thread (26 points, 21 comments)
    8. Vitalik Buterin Proposes a Consensus Algorithm That Requires Only 1% to Be Honest (24 points, 8 comments)
    9. Can somebody compare Qtum vs. NEO, technology-wise? (E.g. PoS vs. PoW; smart contract protocols...) (21 points, 15 comments)
    10. Introduction to Non Fungible Tokens (NFTs) (21 points, 9 comments)
  4. 377 points, 16 submissions: turtleflax
    1. Around 13% of DASH's privateSends are traceable to their origin (69 points, 3 comments)
    2. "Big Bang" attack could leverage Monero's dynamic blocksize to bloat the blockchain to 30TB in only 36 hours (52 points, 3 comments)
    3. The case for the obsolescence of Proof of Work and why 2018 will be the year of Proof of Stake (41 points, 29 comments)
    4. Monero vs PIVX: The First Scheduled Privacy Coin Debate Thread on /CryptoCurrency (38 points, 12 comments)
    5. Introducing the Privacy Coin Matrix, a cross-team collaboration comparing 20 privacy coins in 100 categories (26 points, 25 comments)
    6. Do permissioned blockchains have any merits? (25 points, 23 comments)
    7. The State of Hashing Algorithms — The Why, The How, and The Future (21 points, 4 comments)
    8. How Zerocoin Works in 5 Minutes (19 points, 5 comments)
    9. Errors made by Satoshi (17 points, 8 comments)
    10. How Much Privacy is Enough? Threats, Scaling, and Trade-offs in Blockchain Privacy Protocols - Ian Miers (Cornell Tech, Zerocoin, Zerocash) (17 points, 4 comments)
  5. 321 points, 6 submissions: Qwahzi
    1. Technical comparison of LIGHTNING vs TANGLE vs HASHGRAPH vs NANO (133 points, 37 comments)
    2. Addressing Nano's weaknesses (bandwidth usage and disk IO). Nano voting traffic to be reduced by 99.9% by implementing vote by hash, lazy bootstrapping, and reduced vote rebroadcasting (x-post CryptoCurrency) (78 points, 8 comments)
    3. Emergent centralization due to economies of scale (PoW vs DPoS) – Colin LeMahieu (52 points, 37 comments)
    4. Nano community member developing a distributed "mining" service to pay people to do PoW for third-parties (e.g. exchanges, light wallet services, etc) (32 points, 20 comments)
    5. What do you think about OpenCAP, the cryptocurrency alias protocol that mirrors traditional email addresses? (15 points, 12 comments)
    6. Bitcoin would be a calamity, not an economy (11 points, 52 comments)
  6. 256 points, 4 submissions: rockyrainy
    1. Bitcoin Gold hit by Double Spend Attack (51% attack). The Attacker reversed 22 blocks. (179 points, 102 comments)
    2. ZK-starks white paper published (44 points, 16 comments)
    3. [Q] How does a network reach consensus on what time it is? (21 points, 17 comments)
    4. Stateless (no history) Cryptocurrency via snapshots? (12 points, 7 comments)
  7. 244 points, 3 submissions: HSPremier
    1. From a technical standpoint: Why does every blockchain projects need their own coins? (181 points, 50 comments)
    2. What is Reddit's obsession with REQ? (61 points, 43 comments)
    3. What is the technological difference between a privacy coin and a privacy coin platform? Won't a privacy coin platform be more superior than a privacy coin? (2 points, 3 comments)
  8. 234 points, 2 submissions: Realness100
    1. A Guided Reading of Bitcoin’s Original White Paper (202 points, 10 comments)
    2. A Guided Reading of Ethereum's Original White Paper! (32 points, 5 comments)
  9. 185 points, 4 submissions: tracyspacygo
    1. My brief observation of most common Consensus Algorithms (159 points, 49 comments)
    2. What are the main Trends/Challenges for Bitcoin and whole crytpocurrencies industry? (12 points, 33 comments)
    3. Guideline for Newbies: Trying out Bitcoin transactions with TESTNET (7 points, 1 comment)
    4. Most advanced Cryptocurrencies Comparison Table (7 points, 8 comments)
  10. 177 points, 9 submissions: benmdi
    1. What's the best argument against cryptotechnology? I.e. Steelman the cryptocurrency skeptic (43 points, 42 comments)
    2. Would there be interest from this community in crypto resources aimed at developers? If so, what topics? (29 points, 14 comments)
    3. Has the window for bootstrapping a new PoW coin closed? (24 points, 57 comments)
    4. What can we, as a community, learn from the rise & acquisition of GitHub (23 points, 8 comments)
    5. 🍱 Rollup Roundup: Understanding Ethereum's Emerging Layer 2 (19 points, 1 comment)
    6. Video Tutorial: Introducing An Experience Dev To Smart Contract Coding (17 points, 3 comments)
    7. Do we need a blockchain to be decentralized? What questions would you ask a self described fan of decentralization, but blockchain skeptic? (11 points, 19 comments)
    8. ETH Block Rewards And Second Order Effects On Hardware Availability (7 points, 8 comments)
    9. Which Of The Big Tech Companies Is Most Likely To Bring Crypto Mainstream? Here's Why I Think It's Apple (4 points, 7 comments)
  11. 175 points, 9 submissions: galan77
    1. Is the Lightning Network a massive threat to the blockchain? (49 points, 66 comments)
    2. TPS of Lightning Network vs. Sharding, which one does better? (28 points, 7 comments)
    3. Are there any major downsides to sharding? (21 points, 33 comments)
    4. What's the difference between trustlessness and permissionlessness (19 points, 7 comments)
    5. Which consensus algorithm is the best, PoW, PoS, PoAuthority, PoAsset? (18 points, 57 comments)
    6. How can XRP reach 50,000 TPS when they have no sharding and every node has to validate every single transaction. (15 points, 14 comments)
    7. A few questions about the Lightning Network (14 points, 6 comments)
    8. Pascalcoin can do 72,000 tps apparently. Is this legit? The new Nano? (8 points, 39 comments)
    9. How does Ripple's (XRB's) consensus algorithm Proof of Correctness work, are there any downsides? (3 points, 23 comments)
  12. 175 points, 1 submission: ilielezi
    1. Why white papers in crypto world are so unprofessional? (175 points, 88 comments)
  13. 165 points, 6 submissions: CryptoMaximalist
    1. Facebook's Libra (48 points, 55 comments)
    2. “Fake Stake” attacks on some Proof-of-Stake cryptocurrencies responsibly disclosed by researchers from the Decentralized Systems Lab at UIUC (31 points, 9 comments)
    3. Quantum Computing and the Cryptography in Crypto (27 points, 14 comments)
    4. PING and REJECT attacks on ZCash (Patch available) | Stanford Applied Crypto Group (22 points, 1 comment)
    5. Introduction to Cryptography: Part 1 - Jinglan Wang (19 points, 1 comment)
    6. New site howmanyconfs.com shows the amount of time and confirmations of Proof of Work coins to match 6 confirmations on Bitcoin (18 points, 11 comments)
  14. 163 points, 10 submissions: GainsLean
    1. Videos For Developers Who Want To Learn Blockchain In A Practical Way (36 points, 17 comments)
    2. What Do You Want To Learn? (32 points, 20 comments)
    3. Get Involved With The Smart Contract Coding Challenge (25 points, 4 comments)
    4. Solution To $10K Art Prize (25 points, 3 comments)
    5. Blockchain Course Outline Has Been Released - Feedback warranted (22 points, 12 comments)
    6. Introduction To Distributed Systems And Consensus Protocols (9 points, 2 comments)
    7. Are there any closed source crypto wallets? (4 points, 19 comments)
    8. Are there any successful proof of identity projects? (4 points, 8 comments)
    9. SPV Wallets Vs API Wallets (4 points, 1 comment)
    10. 12 Popular Consensus Algorithms - Explained (2 points, 0 comments)
  15. 163 points, 7 submissions: QRCollector
    1. Part 5. I'm writing a series about blockchain tech and possible future security risks. This is the fifth part of the series talking about an advanced vulnerability of BTC. (43 points, 43 comments)
    2. I'm writing a series about blockchain tech and possible future security risks. This is the third part of the series introducing Quantum resistant blockchains. (36 points, 4 comments)
    3. Part 4B. I’m writing a series about blockchain tech and possible future security risks. This is the fourth part of the series explaining the special quality of going quantum resistant from genesis block. (25 points, 21 comments)
    4. Part 6. (Last part) I'm writing a series about blockchain tech and possible future security risks. Failing shortcuts in an attempt to accomplish Quantum Resistance (24 points, 38 comments)
    5. I'm writing a series about blockchain tech and possible future security risks. This is the first part of the series introducing the basic concept of blockchain and what makes it reliable. (23 points, 10 comments)
    6. I'm writing a series about blockchain tech and possible future security risks. This is the fourth part of the series explaining the special quality of going quantum resistant from genesis block. (7 points, 1 comment)
    7. Part 2. I'm writing a series about blockchain tech and possible future security risks. This is the second part of the series: An accessible description of hashing and signature schemes. (5 points, 0 comments)
  16. 162 points, 3 submissions: FashionistaGuru
    1. How do we change the culture around cryptocurrency? (118 points, 54 comments)
    2. Which cryptos have the best new user experience? (30 points, 34 comments)
    3. Why does Apple prevent many crypto apps from entering the App Store? (14 points, 8 comments)
  17. 157 points, 7 submissions: SamsungGalaxyPlayer
    1. Breaking Monero Episodes 1-3: Introduction, Ring Signatures, 0-Decoy and Chain Reactions (45 points, 1 comment)
    2. "No, dPoW Isn't a Perfect Solution" (35 points, 48 comments)
    3. Breaking Mimblewimble’s Privacy Model - Dragonfly Research (27 points, 10 comments)
    4. Breaking Monero (and Zcash) Episodes 7-9: Remote Nodes, Timing Attacks, Poisoned Outputs (EAE Attack) (21 points, 2 comments)
    5. "Attacker Collection of IP Metadata" (18 points, 10 comments)
    6. "Tracing Transactions Across Cryptocurrency Ledgers" Using Shapeshift and Changelly (6 points, 4 comments)
    7. Breaking Monero Episodes 4-6: Chain Splits (Key Image Attack), Input Selection Algorithm, Unusual Ringsize (5 points, 2 comments)
  18. 147 points, 1 submission: shunsaitakahashi
    1. Proof-of-Approval: Stake Based, 1 Block Finality & History Attack Defense (147 points, 4 comments)
  19. 146 points, 6 submissions: themoderndayhercules
    1. "The selfish mining fallacy" explained and debunked (60 points, 8 comments)
    2. A Discussion of Stable coins and Decentralized Oracles (35 points, 8 comments)
    3. A Selfish Mining Double Spending attack Simulator (25 points, 2 comments)
    4. Why reputation systems don't work (15 points, 12 comments)
    5. A better incentivization for Swarm (6 points, 0 comments)
    6. When Mises met Szabo - A Discussion of the value of Bitcoin (5 points, 16 comments)
  20. 143 points, 7 submissions: KomodoWorld
    1. Komodo Platform's core developer and founder jl777 has started his own blog on Medium. The blog is aimed for senior developers who want to learn about blockchain. (46 points, 15 comments)
    2. Delayed Proof of Work (dPoW) security explained (36 points, 46 comments)
    3. Proof-of-Gameplay (19 points, 3 comments)
    4. Good guide for getting started with the Custom Consensus tech for Komodo-based blockchains (17 points, 0 comments)
    5. Cross-chain migration of coins with Crypto Conditions - by smk762 (12 points, 0 comments)
    6. A step-by-step example of working with a Crypto Conditions based Oracle - by smk762 (10 points, 0 comments)
    7. Changing consensus rules on the fly with Crypto Conditions (3 points, 0 comments)
  21. 141 points, 8 submissions: Stormy1997
    1. What technical/business advantages does a private blockchain have over a SQL server? (49 points, 79 comments)
    2. Is sharding to scale bad? (24 points, 28 comments)
    3. How would one create a fiat gateway theoretically? (19 points, 19 comments)
    4. Looking for Stellar smart contract/side chain code examples (16 points, 1 comment)
    5. Question - Securing personal information on a centralized server with user-owned keys (13 points, 3 comments)
    6. How do blockchains/smart contracts communicate with oracles? (10 points, 4 comments)
    7. Bandwidth scaling for TPS (8 points, 2 comments)
    8. Best method to transmit detailed data between two parties via existing platforms (2 points, 1 comment)
  22. 141 points, 3 submissions: seventyfiver
    1. Why does Ethereum use Solidity while other ecosystems like NEO stick with popular ones like Java and C#? (94 points, 26 comments)
    2. Chainlink's initial Go implementation went live this morning. Has anyone reviewed the code and can comment on it's quality? (40 points, 3 comments)
    3. What are some great books on cryptoeconomics or blockchain technology? (7 points, 4 comments)
  23. 134 points, 6 submissions: johnny_milkshakes
    1. Sub dedicated to DAG based coins (42 points, 8 comments)
    2. Thoughts on this? (28 points, 38 comments)
    3. This is very interesting (24 points, 19 comments)
    4. Educational presentation by Clara Shikhelman (18 points, 0 comments)
    5. Ethics question. (12 points, 40 comments)
    6. How to scale on chain? (10 points, 30 comments)
  24. 127 points, 4 submissions: sukitrebek
    1. What are you currently obsessed with, and why? (58 points, 150 comments)
    2. Crypto-based social network without a cryptocurrency. (42 points, 23 comments)
    3. How does underlying architecture affect what kinds of applications are possible? (17 points, 3 comments)
    4. Holochain vs. Radix DLT (10 points, 11 comments)
  25. 126 points, 1 submission: RufusTheFirefly
    1. Everytime I try to investigate the technology behind Cardano(Ada), I come across the words "scientific" and "peer-reviewed" over and over but almost no actual details. Can someone fill how this coin actually works and where they are in development? (126 points, 49 comments)
  26. 112 points, 1 submission: rocksolid77
    1. Can we have a real debate about the Bitcoin scaling issue? (112 points, 89 comments)
  27. 110 points, 4 submissions: kelluk
    1. What one can learn from browsing 30 million Ethereum addresses (72 points, 21 comments)
    2. I wanted to categorize all coins/tokens, and this is my proposal (23 points, 33 comments)
    3. Should whitepapers be understood by ordinary people? (10 points, 41 comments)
    4. Querying the Ethereum blockchain: how to & what to? (5 points, 5 comments)
  28. 107 points, 1 submission: NewDietTrend
    1. Outside of currency and voting, blockchain is awful and shouldnt be used. Can anyone explain where blockchain is worth the cost? (107 points, 166 comments)
  29. 105 points, 1 submission: insette
    1. /CryptoTech PSA: there are broadly TWO TYPES of Decentralized Exchanges. Which type are you investing in? (105 points, 55 comments)
  30. 103 points, 3 submissions: dtheme
    1. How to accept crypto payments for digital downloads if you are a small business? Solutions, e-commerce sites are lacking (46 points, 38 comments)
    2. How many 24 letter seeds and "Bitcoin" keys can there be? (34 points, 24 comments)
    3. Is there any reason why the big tech companies are not getting into crypto? (23 points, 36 comments)
  31. 103 points, 3 submissions: dvnielng
    1. Why do so many of these businesses need a token? (Unsure) (61 points, 86 comments)
    2. DAPPS - Only coins that have intrinsic value? Ethereum , Neo? (31 points, 10 comments)
    3. How could blockchain work for expensive purchases/escrow? (11 points, 2 comments)
  32. 101 points, 1 submission: kickso
    1. Is NANO everything it says it is? (101 points, 96 comments)
  33. 98 points, 3 submissions: heart_mind_body
    1. How can we breathe some life into this sub? (56 points, 22 comments)
    2. Can anyone give an example for a technology that provides a "public permissioned blockchain"? (28 points, 16 comments)
    3. Can we do a discussion on ICON and "clusters of private chains connected to a public chain" ? (14 points, 13 comments)
  34. 97 points, 8 submissions: kelraku
    1. Thoughts on Mimblewimble? (23 points, 13 comments)
    2. Has anyone looked at the lelantus protocol? (18 points, 6 comments)
    3. How much control do developers have over the coins (18 points, 6 comments)
    4. Lesser known protocols? (11 points, 17 comments)
    5. Zerocoin and Blockchain Analysis (9 points, 5 comments)
    6. Zerocoin vs Cryptonote (7 points, 14 comments)
    7. Lightning network privacy (6 points, 13 comments)
    8. Integrity of the DAG (5 points, 17 comments)
  35. 96 points, 6 submissions: blockstasy
    1. How to Get to One Million Devs (32 points, 12 comments)
    2. The Decade in Blockchain — 2010 to 2020 in Review (27 points, 4 comments)
    3. Ethereum by the Numbers – The Year of 2019 (26 points, 9 comments)
    4. Knowledge Drop: Mining and the role it plays with the Ethereum blockchain (5 points, 0 comments)
    5. A great article that explains Ethereum’s Muir Glacier Update (4 points, 0 comments)
    6. Youtube Silences Crypto Community (2 points, 6 comments)
  36. 93 points, 3 submissions: OneOverNever
    1. Which is the last WHITE PAPER you've read that's truly impacted you? (77 points, 81 comments)
    2. [CMV] Bitcoin's intrinsic technological value. (14 points, 29 comments)
    3. What are some weak points that still hold XVG back from becoming a top player in crypto? (Technically speaking, not marketing and etc.) (2 points, 19 comments)
  37. 93 points, 3 submissions: ryano-ark
    1. (ARK) ACES Completes Integration of ARK Channels for Two-way Transfers for Easy ICOs When Paired With ARK Deployer (Push-Button-Blockchains) (57 points, 5 comments)
    2. (ARK) ACES Releases Fast (Ansible) Deployments for all ACES Applications. (23 points, 4 comments)
    3. A Future of Cryptocurrencies and Blockchains (13 points, 3 comments)
  38. 92 points, 2 submissions: BobUltra
    1. Our blockchains are all centralized! (51 points, 34 comments)
    2. List of qualities needed to dethrone Bitcoin. (41 points, 43 comments)
  39. 90 points, 1 submission: refreshx2
    1. CMV: It doesn't make sense for (crypto)companies to create coins linked to their tech (90 points, 18 comments)
  40. 89 points, 1 submission: perceptron01
    1. What does Nano do better than Steem? (89 points, 55 comments)
  41. 87 points, 1 submission: Shuk
    1. How does one begin to develop an employable skill in blockchain development? (87 points, 25 comments)
  42. 87 points, 1 submission: conorohiggins
    1. I spent three weeks researching and writing a huge guide to stablecoins. Enjoy! (87 points, 36 comments)
  43. 86 points, 1 submission: Bacon_Hero
    1. ELI5: Why did it take so long for blockchain technology to be created? (86 points, 66 comments)
  44. 85 points, 3 submissions: theFoot58
    1. If crypto now is like 'the Internet' of the past, where are we? (65 points, 53 comments)
    2. If the Internet had its Genesis Block, what would it be? (14 points, 9 comments)
    3. Coin grouping - ruby and CryptoCompare API (6 points, 1 comment)
  45. 85 points, 1 submission: youngm2
    1. Which decentralised exchange has the most promise for 2018? (85 points, 89 comments)
  46. 84 points, 4 submissions: bLbGoldeN
    1. On Mass Adoption of Cryptocurrencies (28 points, 68 comments)
    2. Join the Bloom team for our first tech AMA tomorrow (Tuesday, March 13th) at 7 PM GMT! (23 points, 2 comments)
    3. Join the Decred team for an AMA - Friday, June 1st from 19:00 to 22:00 UTC (17 points, 10 comments)
    4. Join the district0x team for an AMA Monday, April 2nd at 5:00 PM (GMT) (16 points, 0 comments)
  47. 82 points, 2 submissions: SubsequentDownfall
    1. Has a 51% attack ever been witnessed? (45 points, 46 comments)
    2. Is a DAG coin like RaiBlocks able to be private like Monero? (37 points, 40 comments)
  48. 82 points, 2 submissions: guidre
    1. Tron and other source Code (42 points, 24 comments)
    2. Why Will companies adopt blockchain, the user interface is complex and i'm not sure that many companies want all their internal dealings made public. (40 points, 19 comments)
  49. 81 points, 4 submissions: solar128
    1. New Atomic Swap Tools Released (35 points, 4 comments)
    2. Using Blockchain to make a censorship-resistant Reddit (28 points, 14 comments)
    3. Best security practices for addressing Spectre & Meltdown (13 points, 0 comments)
    4. Influence of on-chain governance weighted by wealth - good or bad? (5 points, 2 comments)
  50. 81 points, 2 submissions: Blockchainsapiens
    1. Blockchain study finds 0.00% success rate and vendors don't call back when asked for evidence (47 points, 30 comments)
    2. The elephant in the room: would the public ever use a volatile currency over a stable currency? (34 points, 45 comments)
  51. 81 points, 1 submission: Mycryptopedia
    1. Understanding the Tech Behind RaiBlocks (81 points, 7 comments)
  52. 81 points, 1 submission: davidvanbeveren
    1. Article thoroughly analysing / comparing IOTA and RaiBlocks (x-post /CryptoCurrency) (81 points, 10 comments)
  53. 77 points, 4 submissions: DeleteMyOldAccount
    1. HD Wallets Explained: What they are, and how to make them coin agnostic (28 points, 11 comments)
    2. Bitcoin Cash May 15th fork (23 points, 22 comments)
    3. So you want to build a Bitcoin HD wallet? Part 1 (23 points, 3 comments)
    4. Applications of Blockchain in Supply Chain (3 points, 9 comments)
  54. 76 points, 3 submissions: kryptofinger
    1. Why would anyone bother using any DPOS coins for dapps like Eos over normal systems like AWS? (44 points, 104 comments)
    2. Could a state backed privacy coin work? (22 points, 32 comments)
    3. Thoughts on Elastos? (10 points, 8 comments)
  55. 76 points, 1 submission: francohab
    1. 55% of the Nano representative nodes are "official representatives", presumably held by developers. How big of an issue is that? (76 points, 46 comments)
  56. 75 points, 2 submissions: MerkleChainsaw
    1. The biggest challenge for cryptocurrencies and how to mitigate it (73 points, 37 comments)
    2. Short and long term design tradeoffs in crypto (2 points, 2 comments)
  57. 75 points, 1 submission: jatsignwork
    1. Raiblocks & Spam (75 points, 60 comments)
  58. 74 points, 1 submission: behindtext
    1. Hello, this is Jake Yocom-Piatt. Ask me anything about Decred! (74 points, 49 comments)
  59. 73 points, 2 submissions: TexasRadical83
    1. Why use a new "currency" at all? (40 points, 48 comments)
    2. Why are big price increases for crypto a good thing? (33 points, 41 comments)

Top Commenters

  1. Neophyte- (1649 points, 746 comments)
  2. ndha1995 (583 points, 98 comments)
  3. turtleflax (406 points, 116 comments)
  4. senzheng (326 points, 193 comments)
  5. holomntn (294 points, 40 comments)
  6. manly_ (286 points, 43 comments)
  7. signos_de_admiracion (250 points, 18 comments)
  8. fgiveme (231 points, 77 comments)
  9. crypto_kang (222 points, 45 comments)
  10. jatsignwork (220 points, 37 comments)
  11. GainsLean (218 points, 76 comments)
  12. benthecarman (211 points, 48 comments)
  13. rockyrainy (200 points, 39 comments)
  14. hungryforitalianfood (197 points, 58 comments)
  15. rocksolid77 (190 points, 20 comments)
  16. bannercoin (189 points, 11 comments)
  17. insette (181 points, 47 comments)
  18. DiogenicOrder (175 points, 41 comments)
  19. islanavarino (173 points, 51 comments)
  20. behindtext (172 points, 14 comments)
  21. takitus (171 points, 25 comments)
  22. sukitrebek (170 points, 42 comments)
  23. UnknownEssence (170 points, 31 comments)
  24. crypto_ha (170 points, 26 comments)
  25. AlexCoventry (167 points, 17 comments)
  26. DragonWhsiperer (165 points, 38 comments)
  27. stop-making-accounts (164 points, 57 comments)
  28. KnifeOfPi2 (157 points, 13 comments)
  29. Edgegasm (156 points, 42 comments)
  30. ippond (152 points, 15 comments)
  31. dontlikecomputers (151 points, 61 comments)
  32. QRCollector (150 points, 46 comments)
  33. alexrecuenco (145 points, 18 comments)
  34. BobUltra (144 points, 88 comments)
  35. SpamCamel (135 points, 22 comments)
  36. InterdisciplinaryHum (133 points, 107 comments)
  37. theglitteringone (132 points, 10 comments)
  38. ChocolateSunrise (128 points, 23 comments)
  39. PM_ME_UR_QUINES (125 points, 4 comments)
  40. narwhale111 (122 points, 15 comments)
  41. pepe_le_shoe (121 points, 47 comments)
  42. Darius510 (119 points, 39 comments)
  43. glen-hodl (118 points, 21 comments)
  44. HOG_ZADDY (117 points, 23 comments)
  45. coranos2 (116 points, 44 comments)
  46. etherenvoy (116 points, 15 comments)
  47. johnny_milkshakes (115 points, 55 comments)
  48. galan77 (115 points, 52 comments)
  49. hybridsole (113 points, 40 comments)
  50. funciton (113 points, 8 comments)
  51. Mr0ldy (110 points, 24 comments)
  52. Corm (109 points, 42 comments)
  53. cryptoscopia (109 points, 7 comments)
  54. ReportFromHell (106 points, 39 comments)
  55. broscientologist (105 points, 26 comments)
  56. straytjacquet (104 points, 28 comments)
  57. Quadling (101 points, 24 comments)
  58. BlockEnthusiast (101 points, 17 comments)
  59. thats_not_montana (99 points, 37 comments)
  60. TheRealMotherOfOP (98 points, 27 comments)
  61. yarauuta (96 points, 11 comments)
  62. pegasuspect93 (96 points, 1 comment)
  63. andrew_bao (93 points, 40 comments)
  64. samdotla (93 points, 6 comments)
  65. melodious_punk (91 points, 34 comments)
  66. Mquantum (91 points, 31 comments)
  67. TJ_Hooker15 (91 points, 27 comments)
  68. NoFaptain99 (91 points, 3 comments)
  69. ilielezi (87 points, 10 comments)
  70. Raapop (87 points, 2 comments)
  71. Allways_Wrong (86 points, 36 comments)
  72. bLbGoldeN (86 points, 19 comments)
  73. ResIpsaLoquiturrr (86 points, 15 comments)
  74. kabelman93 (85 points, 29 comments)
  75. no_pants_gamer (84 points, 9 comments)
  76. AnkurTechracers (83 points, 16 comments)
  77. ric2b (83 points, 11 comments)
  78. Big_Goose (83 points, 10 comments)
  79. Lifeistooshor1 (82 points, 21 comments)
  80. vornth (82 points, 11 comments)
  81. Sargos (81 points, 25 comments)
  82. refreshx2 (81 points, 16 comments)
  83. Qwahzi (78 points, 27 comments)
  84. StupidRandomGuy (77 points, 35 comments)
  85. WikiTextBot (77 points, 24 comments)
  86. SnootyEuropean (77 points, 5 comments)
  87. cryptogainz (76 points, 14 comments)
  88. frequentlywrong (76 points, 4 comments)
  89. the_defiant (76 points, 4 comments)
  90. BrangdonJ (75 points, 28 comments)
  91. hendrik_v (75 points, 7 comments)
  92. solar128 (74 points, 18 comments)
  93. foobazzler (74 points, 8 comments)
  94. ginger_beer_m (73 points, 35 comments)
  95. kAhmij (73 points, 25 comments)
  96. DeleteMyOldAccount (73 points, 20 comments)
  97. sn0wr4in (73 points, 9 comments)
  98. Dyslectic_Sabreur (72 points, 5 comments)
  99. X7spyWqcRY (71 points, 8 comments)
  100. Krapser (70 points, 5 comments)

Top Submissions

  1. A Guided Reading of Bitcoin’s Original White Paper by Realness100 (202 points, 10 comments)
  2. From a technical standpoint: Why does every blockchain projects need their own coins? by HSPremier (181 points, 50 comments)
  3. Bitcoin Gold hit by Double Spend Attack (51% attack). The Attacker reversed 22 blocks. by rockyrainy (179 points, 102 comments)
  4. Why white papers in crypto world are so unprofessional? by ilielezi (175 points, 88 comments)
  5. My brief observation of most common Consensus Algorithms by tracyspacygo (159 points, 49 comments)
  6. Proof-of-Approval: Stake Based, 1 Block Finality & History Attack Defense by shunsaitakahashi (147 points, 4 comments)
  7. "Do you need a Blockchain?" - this paper is fantastic, everyone should read this before evaluating a coin and if requires a block chain to solve a solution the coin is promising to solve. by Neophyte- (136 points, 41 comments)
  8. Technical comparison of LIGHTNING vs TANGLE vs HASHGRAPH vs NANO by Qwahzi (133 points, 37 comments)
  9. Everytime I try to investigate the technology behind Cardano(Ada), I come across the words "scientific" and "peer-reviewed" over and over but almost no actual details. Can someone fill how this coin actually works and where they are in development? by RufusTheFirefly (126 points, 49 comments)
  10. How do we change the culture around cryptocurrency? by FashionistaGuru (118 points, 54 comments)

Top Comments

  1. 160 points: holomntn's comment in ELI5: Why did it take so long for blockchain technology to be created?
  2. 121 points: KnifeOfPi2's comment in How do we change the culture around cryptocurrency?
  3. 105 points: theglitteringone's comment in Outside of currency and voting, blockchain is awful and shouldnt be used. Can anyone explain where blockchain is worth the cost?
  4. 102 points: benthecarman's comment in If crypto now is like 'the Internet' of the past, where are we?
  5. 96 points: pegasuspect93's comment in If crypto now is like 'the Internet' of the past, where are we?
  6. 95 points: bannercoin's comment in Realistically, why would anybody expect the startup crypto platforms to beat out the corporate giants who are developing their own Blockchain as a Service (BaaS) solutions? Ex. IBM, SAP, JP Morgan...
  7. 83 points: AlexCoventry's comment in Ethereum private key with all zeroes leads to an account with 5000$ on it
  8. 82 points: deleted's comment in Is blockchain really useful ?
  9. 81 points: signos_de_admiracion's comment in Why white papers in crypto world are so unprofessional?
  10. 78 points: NoFaptain99's comment in Why do so many of these businesses need a token? (Unsure)
Generated with BBoe's Subreddit Stats
submitted by subreddit_stats to subreddit_stats [link] [comments]

Cardano Shelley Hard Fork, Elrond, BTC Price, & Crypto News! // Crypto Over Coffee ep. 25 Will Quantum Computing Destroy Bitcoin? Bitcoin Price Falls on Panic over Quantum Computers, Bakkt Failure, & Miner Exodus How to protect cryptography from Quantum Computing – Michael Osbourne  IBM Think 2019 Bitcoin Q&A:

Table 2 Quantum Cryptography Market, 20172022 (USD Million) Table 3 Quantum Cryptography Market Size, By ... 3:10 PM ET Trading in Bitcoins on Mt.Gox since Wednesday. The price of... bitcoin May 10, 2018. Genesis Bitcoin Atm. Bitcoin ATM Map How to Find and Use Bitcoin ATMs A Bitcoin ATM lets you buy bitcoin with cash. Similar to the way you i... bitcoin Apr 8, 2018. Bitcoin Money Laundering ... Current scientific estimations predict that a quantum computer will take about 8 hours to derive a typical Bitcoin private key, which means that Bitcoin should be, in principle, resistant to quantum attacks (as long as you do not reuse addresses). However, as the field of quantum computers is still in its infancy, it is unclear how fast such a quantum computer will become in the future. If a ... The problem isn’t really Bitcoin. If we get quantum computers that can do thousands of qubits without a correction and consistent results, we have a much bigger problem. The bigger problem we have is that the entire world’s classified communications, confidential communications, financial systems etc, all depend on cryptography today. We ... Quantum cryptography is used today in a small amount of applications. Some interesting research in this field ... XRP Surges Above $0.22 Following Bitcoin Price Explosion. Ripple Price Analysis & Overview; Bitcoin Is Here To Stay As Majority Thinks Crypto Will Play a Role In The Next Decade, Survey Says; Chinese Kennel Owner Caught Stealing Electricity to Power Underground Bitcoin Mining Farm ... Solving Quantum Cryptography : Bitcoin. by newicotelegraph September 30, 2020. Share 0. A community dedicated to Bitcoin, the currency of the Internet. Bitcoin is a distributed, worldwide, decentralized digital money. Bitcoins are issued and managed without any central authority whatsoever: there is no government, company, or bank in charge of Bitcoin. You might be interested in Bitcoin if you ...

[index] [44487] [28284] [42338] [34567] [17451] [20479] [37958] [9788] [22613] [20233]

Cardano Shelley Hard Fork, Elrond, BTC Price, & Crypto News! // Crypto Over Coffee ep. 25

No. Sources: We’re Close to a Universal Quantum Computer, Here’s Where We're At https://www.youtube.com/watch?v=6yaY4Fw-ovM&t=403s McAfee Interview - ICO Shi... Google says it has achieved "quantum supremacy." What does this mean? Is Bitcoin's cryptography now broken? Keep calm, carry on. This question is from the third session of MOOC 12, which took ... aantonop's YouTube channel is THE place to find free, unbiased educational videos on all things Bitcoin and open blockchain. Subscribe & join the channel to ... This is a topic that has been covered quite a bit but it is VERY TECHNICAL. So in this video I'll cover the potential risks from quantum computers that Bitcoin and other similar cryptocurrencies ... We’ll stop supporting this browser soon. For the best experience please update your browser.

#