Private key recovery? - Bitcoin Stack Exchange

A Detailed Summary of Every Single Reason Why I am Bullish on Ethereum

The following will be a list of the many reasons why I hold and am extremely bullish on ETH.

This is an extremely long post. If you just want the hopium without the detail, read the TL;DR at the bottom.

ETH 2.0

As we all know, ETH 2.0 phase 0 is right around the corner. This will lock up ETH and stakers will earn interest on their ETH in return for securing the network. Next comes phase 1 where the ETH 2 shards are introduced, shards are essentially parallel blockchains which are each responsible for a different part of Ethereum’s workload, think of it like a multi-core processor vs a single core processor. During phase 1, these shards will only act as data availability layers and won’t actually process transactions yet. However, their data can be utilised by the L2 scaling solution, rollups, increasing Ethereum’s throughput in transactions per second up to 100,000 TPS.
After phase 1 comes phase 1.5 which will move the ETH 1.0 chain into an ETH 2 shard and Ethereum will be fully secured by proof of stake. This means that ETH issuance will drop from around 5% per year to less than 1% and with EIP-1559, ETH might become a deflationary asset, but more on that later.
Finally, with ETH 2.0 phase two, each shard will be fully functional chains. With 64 of them, we can expect the base layer of Ethereum to scale around 64x, not including the massive scaling which comes from layer 2 scaling solutions like rollups as previously mentioned.
While the scaling benefits and ETH issuance reduction which comes with ETH 2.0 will be massive, they aren’t the only benefits. We also get benefits such as increased security from PoS compared to PoW, a huge energy efficiency improvement due to the removal of PoW and also the addition of eWASM which will allow contracts to be programmed in a wide range of programming languages, opening the floodgates for millions of web devs who want to be involved in Ethereum but don’t know Ethereum’s programming language, Solidity.

EIP-1559 and ETH scarcity

As I covered in a previous post of mine, ETH doesn’t have a supply cap like Bitcoin. Instead, it has a monetary policy of “minimum viable issuance”, not only is this is a good thing for network security, but with the addition of EIP-1559, it leaves the door open to the possibility of ETH issuance going negative. In short, EIP-1559 changes the fee market to make transaction prices more efficient (helping to alleviate high gas fees!) by burning a variable base fee which changes based on network usage demand rather than using a highest bidder market where miners simply include who pays them the most. This will result in most of the ETH being paid in transaction fees being burned. As of late, the amount which would be burned if EIP-1559 was in Ethereum right now would make ETH a deflationary asset!

Layer 2 Scaling

In the mean time while we are waiting for ETH 2.0, layer 2 scaling is here. Right now, projects such as Deversifi or Loopring utilise rollups to scale to thousands of tx/s on their decentralised exchange platforms or HoneySwap which uses xDai to offer a more scalable alternative to UniSwap. Speaking of which, big DeFi players like UniSwap and Synthetix are actively looking into using optimistic rollups to scale while maintaining composability between DeFi platforms. The most bullish thing about L2 scaling is all of the variety of options. Here’s a non exhaustive list of Ethereum L2 scaling solutions: - Aztec protocol (L2 scaling + privacy!) - ZKSync - Loopring - Raiden - Arbitrum Rollups - xDai - OMGNetwork - Matic - FuelLabs - Starkware - Optimism - Celer Network - + Many more

DeFi and Composability

If you’re reading this, I am sure you are aware of the phenomena which is Decentralised Finance (DeFi or more accurately, open finance). Ethereum is the first platform to offer permissionless and immutable financial services which when interacting with each other, lead to unprecedented composability and innovation in financial applications. A whole new world of possibilities are opening up thanks to this composability as it allows anyone to take existing pieces of open source code from other DeFi projects, put them together like lego pieces (hence the term money legos) and create something the world has never seen before. None of this was possible before Ethereum because typically financial services are heavily regulated and FinTech is usually proprietary software, so you don’t have any open source lego bricks to build off and you have to build everything you need from scratch. That is if what you want to do is even legal for a centralised institution!
Oh, and if you think that DeFi was just a fad and the bubble has popped, guess again! Total value locked in DeFi is currently at an all time high. Don’t believe me? Find out for yourself on the DeFi Pulse website.

NFTs and tokeniation

NFTs or “Non-Fungible Tokens” - despite the name which may confuse a layman - are a basic concept. They are unique tokens with their own unique attributes. This allows you to create digital art, human readable names for your ETH address (see ENS names and unstoppable domains), breedable virtual collectible creatures like crypto kitties, ownable in game assets like Gods Unchained cards or best of all in my opinion, tokenised ownership of real world assets which can even be split into pieces (this doesn’t necessarily require an NFT. Fungible tokens can be/are used for some of the following use cases). This could be tokenised ownership of real estate (see RealT), tokenised ownership of stocks, bonds and other financial assets (which by the way makes them tradable 24/7 and divisible unlike through the traditional system) or even tokenised ownership of the future income of a celebrity or athlete (see when NBA player Spencer Dinwiddie tokenized his own NBA contract.)

Institutional Adoption

Ethereum is by far the most widely adopted blockchain by enterprises. Ethereum’s Enterprise Ethereum Alliance (EEA) is the largest blockchain-enterprise partnership program and Ethereum is by far the most frequently leveraged blockchain for proof of concepts and innovation in the blockchain space by enterprises. Meanwhile, there are protocols like the Baseline protocol which is a shared framework which allows enterprises to use Ethereum as a common frame of reference and a base settlement layer without having to give up privacy when settling on the public Ethereum mainnet. This framework makes adopting Ethereum much easier for other enterprises.

Institutional Investment

One of Bitcoin’s biggest things it has going for it right now is the growing institutional investment. In case you were wondering, Ethereum has this too! Grayscale offers investment in the cryptocurrency space for financial institutions and their Ethereum fund has already locked up more than 2% of the total supply of ETH. Not only this, but as businesses transact on Ethereum and better understand it, not only will they buy up ETH to pay for their transactions, but they will also realise that much like Bitcoin, Ethereum is a scarce asset. Better yet, a scarce asset which offers yield. As a result, I expect to see companies having ETH holdings become the norm just like how Bitcoin is becoming more widespread on companies’ balance sheets.

The state of global markets

With asset prices in almost every asset class at or near all-time highs and interest rates lower than ever and even negative in some cases, there really aren’t many good opportunities in the traditional financial system right now. Enter crypto - clearly the next evolution of financial services (as I explained in the section on DeFi earlier in this post), with scarce assets built in at the protocol layer, buying BTC or ETH is a lot like buying shares in TCP/IP in 1990 (that is if the underlying protocols of the internet could be invested in which they couldn’t). Best of all, major cryptos are down from their all-time highs anywhere between 35% for BTC or 70% for ETH and much more for many altcoins. This means that they can significantly appreciate in value before entering uncharted, speculative bubble territory.
While of course we could fall dramatically at any moment in the current macro financial conditions, as a longer term play, crypto is very alluring. The existing financial system has shown that it is in dire need of replacing and the potential replacement has started rearing its head in the form of crypto and DeFi.

Improvements in user onboarding and abstracting away complexity

Ethereum has started making huge leaps forward in terms of usability for the end user. We now have ENS names and unstoppable domains which allow you to send ETH to yournamehere.ETH or TrickyTroll.crypto (I don’t actually have that domain, that’s just an example). No longer do you have to check every character of your ugly hexadecimal 0x43AB96D… ETH address to ensure you’re sending your ETH to the right person. We also have smart contract wallets like Argent wallet or the Gnosis safe. These allow for users to access their wallets and interact with DeFi self-custodially from an app on their phone without having to record a private key or recovery phrase. Instead, they offer social recovery and their UI is straight forward enough for anyone who uses a smart phone to understand. Finally, for the more experienced users, DApps like Uniswap have pretty, super easy to use graphical user interfaces and can be used by anyone who knows how to run and use a browser extension like Metamask.

The lack of an obvious #1 ETH killer

One of Ethereum’s biggest threats is for it to be overthrown by a so-called “Ethereum killer” blockchain which claims to do everything Ethereum can do and sometimes more. While there are competitors which are each formidable to a certain extent such as Polkadot, Cardano and EOS, each have their own weaknesses. For example, Polkadot and Cardano are not fully operational yet and EOS is much more centralised than Ethereum. As a result, none of these competitors have any significant network effects just yet relative to the behemoth which is Ethereum. This doesn’t mean that these projects aren’t a threat. In fact, I am sure that projects like Polkadot (which is more focused on complimenting Ethereum than killing it) will take a slice out of Ethereum’s pie. However, I am still very confident that Ethereum will remain on top due to the lack of a clear number 2 smart contract platform. Since none of these ETH killers stands out as the second place smart contract platform, it makes it much harder for one project to create a network effect which even begins to threaten Ethereum’s dominance. This leads me onto my next reason - network effects.

Network effects

This is another topic which I made a previous post on. The network effect is why Bitcoin is still the number one cryptocurrency and by such a long way. Bitcoin is not the most technologically advanced cryptocurrency. However, it has the most widespread name recognition and the most adoption in most metrics (ETH beats in in some metrics these days). The network effect is also why most people use Zoom and Facebook messengeWhatsApp despite the existence of free, private, end to end encrypted alternatives which have all the same features (Jitsi for the zoom alternative and Signal for the private messenger app. I highly recommend both. Let’s get their network effects going!). It is the same for Bitcoin. People don’t want to have to learn about or set up a wallet for alternative options. People like what is familiar and what other people use. Nobody wants to be “that guy” who makes you download yet another app and account you have to remember the password/private key for. In the same way, Enterprises don’t want to have to create a bridge between their existing systems and a dozen different blockchains. Developers don’t want to have to create DeFi money legos from scratch on a new chain if they can just plug in to existing services like Uniswap. Likewise, users don’t want to have to download another browser extension to use DApps on another chain if they already use Ethereum. I know personally I have refrained from investing in altcoins because I would have to install another app on my hardware wallet or remember another recovery phrase.
Overthrowing Ethereum’s network effect is one hell of a big task these days. Time is running out for the ETH killers.

Ethereum is the most decentralised and provably neutral smart contract platform

Ethereum is also arguably the most decentralised and provably neutral smart contract platform (except for maybe Ethereum Classic on the neutrality part). Unlike some smart contract platforms, you can’t round up everyone at the Ethereum Foundation or any select group of people and expect to be able to stop the network. Not only this, but the Ethereum foundation doesn’t have the ability to print more ETH or push through changes as they wish like some people would lead you on to believe. The community would reject detrimental EIPs and hard fork. Ever since the DAO hack, the Ethereum community has made it clear that it will not accept EIPs which attempt to roll back the chain even to recover hacked funds (see EIP-999).
Even if governments around the world wanted to censor the Ethereum blockchain, under ETH 2.0’s proof of stake, it would be incredibly costly and would require a double digit percentage of the total ETH supply, much of which would be slashed (meaning they would lose it) as punishment for running dishonest validator nodes. This means that unlike with proof of work where a 51% attacker can keep attacking the network, under proof of stake, an attacker can only perform the attack a couple of times before they lose all of their ETH. This makes attacks much less financially viable than it is on proof of work chains. Network security is much more than what I laid out above and I am far from an expert but the improved resistance to 51% attacks which PoS provides is significant.
Finally, with the US dollar looking like it will lose its reserve currency status and the existing wire transfer system being outdated, superpowers like China won’t want to use US systems and the US won’t want to use a Chinese system. Enter Ethereum, the provably neutral settlement layer where the USA and China don’t have to trust each other or each other’s banks because they can trust Ethereum. While it may sound like a long shot, it does make sense if Ethereum hits a multi-trillion dollar market cap that it is the most secure and neutral way to transfer value between these adversaries. Not to mention if much of the world’s commerce were to be settled in the same place - on Ethereum - then it would make sense for governments to settle on the same platform.

ETH distribution is decentralised

Thanks to over 5 years of proof of work - a system where miners have to sell newly minted ETH to pay for electricity costs - newly mined ETH has found its way into the hands of everyday people who buy ETH off miners selling on exchnages. As pointed out by u/AdamSC1 in his analysis of the top 10K ETH addresses (I highly recommend reading this if you haven’t already), the distribution of ETH is actually slightly more decentralised than Bitcoin with the top 10,000 ETH wallets holding 56.70% of ETH supply compared to the top 10,000 Bitcoin wallets which hold 57.44% of the Bitcoin supply. This decentralised distribution means that the introduction of staking won’t centralise ETH in the hands of a few wallets who could then control the network. This is an advantage for ETH which many proof of stake ETH killers will never have as they never used PoW to distribute funds widely throughout the community and these ETH killers often did funding rounds giving large numbers of tokens to VC investors.

The community

Finally, while I may be biased, I think that Ethereum has the friendliest community. Anecdotally, I find that the Ethereum developer community is full of forward thinking people who want to make the world a better place and build a better future, many of whom are altruistic and don’t always act in their best interests. Compare this to the much more conservative, “at least we’re safe while the world burns” attitude which many Bitcoiners have. I don’t want to generalise too much here as the Bitcoin community is great too and there are some wonderful people there. But the difference is clear if you compare the daily discussion of Bitcoin to the incredibly helpful and welcoming daily discussion of EthFinance who will happily answer your noob questions without calling you an idiot and telling you to do you own research (there are plenty more examples in any of the daily threads). Or the very helpful folks over at EthStaker who will go out of their way to help you set up an ETH 2.0 staking node on the testnets (Shoutout to u/superphiz who does a lot of work over in that sub!). Don’t believe me? Head over to those subs and see for yourself.
Please don’t hate on me if you disagree about which project has the best community, it is just my very biased personal opinion and I respect your opinion if you disagree! :)

TL;DR:

submitted by Tricky_Troll to CryptoCurrency [link] [comments]

A Detailed Summary of Every Single Reason Why I am Bullish on ETH.

The following will be a list of the many reasons why I hold and am extremely bullish on ETH.

This is an extremely long post. If you just want the hopium without the detail, read the TL;DR at the bottom.

ETH 2.0

As we all know, ETH 2.0 phase 0 is right around the corner. This will lock up ETH and stakers will earn interest on their ETH in return for securing the network. Next comes phase 1 where the ETH 2 shards are introduced, shards are essentially parallel blockchains which are each responsible for a different part of Ethereum’s workload, think of it like a multi-core processor vs a single core processor. During phase 1, these shards will only act as data availability layers and won’t actually process transactions yet. However, their data can be utilised by the L2 scaling solution, rollups, increasing Ethereum’s throughput in transactions per second up to 100,000 TPS.
After phase 1 comes phase 1.5 which will move the ETH 1.0 chain into an ETH 2 shard and Ethereum will be fully secured by proof of stake. This means that ETH issuance will drop from around 5% per year to less than 1% and with EIP-1559, ETH might become a deflationary asset, but more on that later.
Finally, with ETH 2.0 phase two, each shard will be fully functional chains. With 64 of them, we can expect the base layer of Ethereum to scale around 64x, not including the massive scaling which comes from layer 2 scaling solutions like rollups as previously mentioned.
While the scaling benefits and ETH issuance reduction which comes with ETH 2.0 will be massive, they aren’t the only benefits. We also get benefits such as increased security from PoS compared to PoW, a huge energy efficiency improvement due to the removal of PoW and also the addition of eWASM which will allow contracts to be programmed in a wide range of programming languages, opening the floodgates for millions of web devs who want to be involved in Ethereum but don’t know Ethereum’s programming language, Solidity.

EIP-1559 and ETH scarcity

As I covered in a previous post of mine, ETH doesn’t have a supply cap like Bitcoin. Instead, it has a monetary policy of “minimum viable issuance”, not only is this is a good thing for network security, but with the addition of EIP-1559, it leaves the door open to the possibility of ETH issuance going negative. In short, EIP-1559 changes the fee market to make transaction prices more efficient (helping to alleviate high gas fees!) by burning a variable base fee which changes based on network usage demand rather than using a highest bidder market where miners simply include who pays them the most. This will result in most of the ETH being paid in transaction fees being burned. As of late, the amount which would be burned if EIP-1559 was in Ethereum right now would make ETH a deflationary asset!

Layer 2 Scaling

In the mean time while we are waiting for ETH 2.0, layer 2 scaling is here. Right now, projects such as Deversifi or Loopring utilise rollups to scale to thousands of tx/s on their decentralised exchange platforms or HoneySwap which uses xDai to offer a more scalable alternative to UniSwap. Speaking of which, big DeFi players like UniSwap and Synthetix are actively looking into using optimistic rollups to scale while maintaining composability between DeFi platforms. The most bullish thing about L2 scaling is all of the variety of options. Here’s a non exhaustive list of Ethereum L2 scaling solutions: - Aztec protocol (L2 scaling + privacy!) - ZKSync - Loopring - Raiden - Arbitrum Rollups - xDai - OMGNetwork - Matic - FuelLabs - Starkware - Optimism - Celer Network - + Many more

DeFi and Composability

If you’re reading this, I am sure you are aware of the phenomena which is Decentralised Finance (DeFi or more accurately, open finance). Ethereum is the first platform to offer permissionless and immutable financial services which when interacting with each other, lead to unprecedented composability and innovation in financial applications. A whole new world of possibilities are opening up thanks to this composability as it allows anyone to take existing pieces of open source code from other DeFi projects, put them together like lego pieces (hence the term money legos) and create something the world has never seen before. None of this was possible before Ethereum because typically financial services are heavily regulated and FinTech is usually proprietary software, so you don’t have any open source lego bricks to build off and you have to build everything you need from scratch. That is if what you want to do is even legal for a centralised institution!
Oh, and if you think that DeFi was just a fad and the bubble has popped, guess again! Total value locked in DeFi is currently at an all time high. Don’t believe me? Find out for yourself at: https://defipulse.com

NFTs and tokeniation

NFTs or “Non-Fungible Tokens” - despite the name which may confuse a layman - are a basic concept. They are unique tokens with their own unique attributes. This allows you to create digital art, human readable names for your ETH address (see ENS names and unstoppable domains), breedable virtual collectible creatures like crypto kitties, ownable in game assets like Gods Unchained cards or best of all in my opinion, tokenised ownership of real world assets which can even be split into pieces (this doesn’t necessarily require an NFT. Fungible tokens can be/are used for some of the following use cases). This could be tokenised ownership of real estate (see RealT), tokenised ownership of stocks, bonds and other financial assets (which by the way makes them tradable 24/7 and divisible unlike through the traditional system) or even tokenised ownership of the future income of a celebrity or athlete (see when NBA Star Spencer Dinwiddie Tokenized His Own NBA Contract.

Institutional Adoption

Ethereum is by far the most widely adopted blockchain by enterprises. Ethereum’s Enterprise Ethereum Alliance (EEA) is the largest blockchain-enterprise partnership program and Ethereum is by far the most frequently leveraged blockchain for proof of concepts and innovation in the blockchain space by enterprises. Meanwhile, there are protocols like the Baseline protocol which is a shared framework which allows enterprises to use Ethereum as a common frame of reference and a base settlement layer without having to give up privacy when settling on the public Ethereum mainnet. This framework makes adopting Ethereum much easier for other enterprises.

Institutional Investment

One of Bitcoin’s biggest things it has going for it right now is the growing institutional investment. In case you were wondering, Ethereum has this too! Grayscale offers investment in the cryptocurrency space for financial institutions and their Ethereum fund has already locked up more than 2% of the total supply of ETH. Not only this, but as businesses transact on Ethereum and better understand it, not only will they buy up ETH to pay for their transactions, but they will also realise that much like Bitcoin, Ethereum is a scarce asset. Better yet, a scarce asset which offers yield. As a result, I expect to see companies having ETH holdings become the norm just like how Bitcoin is becoming more widespread on companies’ balance sheets.

The state of global markets

With asset prices in almost every asset class at or near all-time highs and interest rates lower than ever and even negative in some cases, there really aren’t many good opportunities in the traditional financial system right now. Enter crypto - clearly the next evolution of financial services (as I explained in the section on DeFi earlier in this post), with scarce assets built in at the protocol layer, buying BTC or ETH is a lot like buying shares in TCP/IP in 1990 (that is if the underlying protocols of the internet could be invested in which they couldn’t). Best of all, major cryptos are down from their all-time highs anywhere between 35% for BTC or 70% for ETH and much more for many altcoins. This means that they can significantly appreciate in value before entering uncharted, speculative bubble territory.
While of course we could fall dramatically at any moment in the current macro financial conditions, as a longer term play, crypto is very alluring. The existing financial system has shown that it is in dire need of replacing and the potential replacement has started rearing its head in the form of crypto and DeFi.

Improvements in user onboarding and abstracting away complexity

Ethereum has started making huge leaps forward in terms of usability for the end user. We now have ENS names and unstoppable domains which allow you to send ETH to yournamehere.ETH or TrickyTroll.crypto (I don’t actually have that domain, that’s just an example). No longer do you have to check every character of your ugly hexadecimal 0x43AB96D… ETH address to ensure you’re sending your ETH to the right person. We also have smart contract wallets like Argent wallet or the Gnosis safe. These allow for users to access their wallets and interact with DeFi self-custodially from an app on their phone without having to record a private key or recovery phrase. Instead, they offer social recovery and their UI is straight forward enough for anyone who uses a smart phone to understand. Finally, for the more experienced users, DApps like Uniswap have pretty, super easy to use graphical user interfaces and can be used by anyone who knows how to run and use a browser extension like Metamask.

The lack of an obvious #1 ETH killer

One of Ethereum’s biggest threats is for it to be overthrown by a so-called “Ethereum killer” blockchain which claims to do everything Ethereum can do and sometimes more. While there are competitors which are each formidable to a certain extent such as Polkadot, Cardano and EOS, each have their own weaknesses. For example, Polkadot and Cardano are not fully operational yet and EOS is much more centralised than Ethereum. As a result, none of these competitors have any significant network effects just yet relative to the behemoth which is Ethereum. This doesn’t mean that these projects aren’t a threat. In fact, I am sure that projects like Polkadot (which is more focused on complimenting Ethereum than killing it) will take a slice out of Ethereum’s pie. However, I am still very confident that Ethereum will remain on top due to the lack of a clear number 2 smart contract platform. Since none of these ETH killers stands out as the second place smart contract platform, it makes it much harder for one project to create a network effect which even begins to threaten Ethereum’s dominance. This leads me onto my next reason - network effects.

Network effects

This is another topic which I made a previous post on. The network effect is why Bitcoin is still the number one cryptocurrency and by such a long way. Bitcoin is not the most technologically advanced cryptocurrency. However, it has the most widespread name recognition and the most adoption in most metrics (ETH beats in in some metrics these days). The network effect is also why most people use Zoom and Facebook messengeWhatsApp despite the existence of free, private, end to end encrypted alternatives which have all the same features (https://meet.jit.si/ for zoom alternative and Signal for the private messenger app. I highly recommend both. Let’s get their network effects going!). It is the same for Bitcoin. People don’t want to have to learn about or set up a wallet for alternative options. People like what is familiar and what other people use. Nobody wants to be “that guy” who makes you download yet another app and account you have to remember the password/private key for. In the same way, Enterprises don’t want to have to create a bridge between their existing systems and a dozen different blockchains. Developers don’t want to have to create DeFi money legos from scratch on a new chain if they can just plug in to existing services like Uniswap. Likewise, users don’t want to have to download another browser extension to use DApps on another chain if they already use Ethereum. I know personally I have refrained from investing in altcoins because I would have to install another app on my hardware wallet or remember another recovery phrase.
Overthrowing Ethereum’s network effect is one hell of a big task these days. Time is running out for the ETH killers.

Ethereum is the most decentralised and provably neutral smart contract platform

Ethereum is also arguably the most decentralised and provably neutral smart contract platform (except for maybe Ethereum Classic on the neutrality part). Unlike some smart contract platforms, you can’t round up everyone at the Ethereum Foundation or any select group of people and expect to be able to stop the network. Not only this, but the Ethereum foundation doesn’t have the ability to print more ETH or push through changes as they wish like some people would lead you on to believe. The community would reject detrimental EIPs and hard fork. Ever since the DAO hack, the Ethereum community has made it clear that it will not accept EIPs which attempt to roll back the chain even to recover hacked funds (see EIP-999).
Even if governments around the world wanted to censor the Ethereum blockchain, under ETH 2.0’s proof of stake, it would be incredibly costly and would require a double digit percentage of the total ETH supply, much of which would be slashed (meaning they would lose it) as punishment for running dishonest validator nodes. This means that unlike with proof of work where a 51% attacker can keep attacking the network, under proof of stake, an attacker can only perform the attack a couple of times before they lose all of their ETH. This makes attacks much less financially viable than it is on proof of work chains. Network security is much more than what I laid out above and I am far from an expert but the improved resistance to 51% attacks which PoS provides is significant.
Finally, with the US dollar looking like it will lose its reserve currency status and the existing wire transfer system being outdated, superpowers like China won’t want to use US systems and the US won’t want to use a Chinese system. Enter Ethereum, the provably neutral settlement layer where the USA and China don’t have to trust each other or each other’s banks because they can trust Ethereum. While it may sound like a long shot, it does make sense if Ethereum hits a multi-trillion dollar market cap that it is the most secure and neutral way to transfer value between these adversaries. Not to mention if much of the world’s commerce were to be settled in the same place - on Ethereum - then it would make sense for governments to settle on the same platform.

ETH distribution is decentralised

Thanks to over 5 years of proof of work - a system where miners have to sell newly minted ETH to pay for electricity costs - newly mined ETH has found its way into the hands of everyday people who buy ETH off miners selling on exchnages. As pointed out by u/AdamSC1 in his analysis of the top 10K ETH addresses (I highly recommend reading this if you haven’t already), the distribution of ETH is actually slightly more decentralised than Bitcoin with the top 10,000 ETH wallets holding 56.70% of ETH supply compared to the top 10,000 Bitcoin wallets which hold 57.44% of the Bitcoin supply. This decentralised distribution means that the introduction of staking won’t centralise ETH in the hands of a few wallets who could then control the network. This is an advantage for ETH which many proof of stake ETH killers will never have as they never used PoW to distribute funds widely throughout the community and these ETH killers often did funding rounds giving large numbers of tokens to VC investors.

The community

Finally, while I may be biased, I think that Ethereum has the friendliest community. Anecdotally, I find that the Ethereum developer community is full of forward thinking people who want to make the world a better place and build a better future, many of whom are altruistic and don’t always act in their best interests. Compare this to the much more conservative, “at least we’re safe while the world burns” attitude which many Bitcoiners have. I don’t want to generalise too much here as the Bitcoin community is great too and there are some wonderful people there. But the difference is clear if you compare the daily discussion of Bitcoin to the incredibly helpful and welcoming daily discussion of EthFinance who will happily answer your noob questions without calling you an idiot and telling you to do you own research (there are plenty more examples in any of the daily threads). Or the very helpful folks over at EthStaker who will go out of their way to help you set up an ETH 2.0 staking node on the testnets (Shoutout to u/superphiz who does a lot of work over in that sub!). Don’t believe me? Head over to those subs and see for yourself.
Please don’t hate on me if you disagree about which project has the best community, it is just my very biased personal opinion and I respect your opinion if you disagree! :)

TL;DR:

submitted by Tricky_Troll to ethtrader [link] [comments]

A detailed summary of every reason why I am bullish on ETH.

The following will be a list of the many reasons why I hold and am extremely bullish on ETH.

This is an extremely long post. If you just want the hopium without the detail, read the TL;DR at the bottom.

ETH 2.0

As we all know, ETH 2.0 phase 0 is right around the corner. This will lock up ETH and stakers will earn interest on their ETH in return for securing the network. Next comes phase 1 where the ETH 2 shards are introduced, shards are essentially parallel blockchains which are each responsible for a different part of Ethereum’s workload, think of it like a multi-core processor vs a single core processor. During phase 1, these shards will only act as data availability layers and won’t actually process transactions yet. However, their data can be utilised by the L2 scaling solution, rollups, increasing Ethereum’s throughput in transactions per second up to 100,000 TPS.
After phase 1 comes phase 1.5 which will move the ETH 1.0 chain into an ETH 2 shard and Ethereum will be fully secured by proof of stake. This means that ETH issuance will drop from around 5% per year to less than 1% and with EIP-1559, ETH might become a deflationary asset, but more on that later.
Finally, with ETH 2.0 phase two, each shard will be fully functional chains. With 64 of them, we can expect the base layer of Ethereum to scale around 64x, not including the massive scaling which comes from layer 2 scaling solutions like rollups as previously mentioned.
While the scaling benefits and ETH issuance reduction which comes with ETH 2.0 will be massive, they aren’t the only benefits. We also get benefits such as increased security from PoS compared to PoW, a huge energy efficiency improvement due to the removal of PoW and also the addition of eWASM which will allow contracts to be programmed in a wide range of programming languages, opening the floodgates for millions of web devs who want to be involved in Ethereum but don’t know Ethereum’s programming language, Solidity.

EIP-1559 and ETH scarcity

As I covered in a previous post of mine, ETH doesn’t have a supply cap like Bitcoin. Instead, it has a monetary policy of “minimum viable issuance”, not only is this is a good thing for network security, but with the addition of EIP-1559, it leaves the door open to the possibility of ETH issuance going negative. In short, EIP-1559 changes the fee market to make transaction prices more efficient (helping to alleviate high gas fees!) by burning a variable base fee which changes based on network usage demand rather than using a highest bidder market where miners simply include who pays them the most. This will result in most of the ETH being paid in transaction fees being burned. As of late, the amount which would be burned if EIP-1559 was in Ethereum right now would make ETH a deflationary asset!

Layer 2 Scaling

In the mean time while we are waiting for ETH 2.0, layer 2 scaling is here. Right now, projects such as Deversifi or Loopring utilise rollups to scale to thousands of tx/s on their decentralised exchange platforms or HoneySwap which uses xDai to offer a more scalable alternative to UniSwap. Speaking of which, big DeFi players like UniSwap and Synthetix are actively looking into using optimistic rollups to scale while maintaining composability between DeFi platforms. The most bullish thing about L2 scaling is all of the variety of options. Here’s a non exhaustive list of Ethereum L2 scaling solutions: - Aztec protocol (L2 scaling + privacy!) - ZKSync - Loopring - Raiden - Arbitrum Rollups - xDai - OMGNetwork - Matic - FuelLabs - Starkware - Optimism - Celer Network - + Many more

DeFi and Composability

If you’re reading this, I am sure you are aware of the phenomena which is Decentralised Finance (DeFi or more accurately, open finance). Ethereum is the first platform to offer permissionless and immutable financial services which when interacting with each other, lead to unprecedented composability and innovation in financial applications. A whole new world of possibilities are opening up thanks to this composability as it allows anyone to take existing pieces of open source code from other DeFi projects, put them together like lego pieces (hence the term money legos) and create something the world has never seen before. None of this was possible before Ethereum because typically financial services are heavily regulated and FinTech is usually proprietary software, so you don’t have any open source lego bricks to build off and you have to build everything you need from scratch. That is if what you want to do is even legal for a centralised institution!
Oh, and if you think that DeFi was just a fad and the bubble has popped, guess again! Total value locked in DeFi is currently at an all time high. Don’t believe me? Find out for yourself at: https://defipulse.com

NFTs and tokeniation

NFTs or “Non-Fungible Tokens” - despite the name which may confuse a layman - are a basic concept. They are unique tokens with their own unique attributes. This allows you to create digital art, human readable names for your ETH address (see ENS names and unstoppable domains), breedable virtual collectible creatures like crypto kitties, ownable in game assets like Gods Unchained cards or best of all in my opinion, tokenised ownership of real world assets which can even be split into pieces (this doesn’t necessarily require an NFT. Fungible tokens can be/are used for some of the following use cases). This could be tokenised ownership of real estate (see RealT), tokenised ownership of stocks, bonds and other financial assets (which by the way makes them tradable 24/7 and divisible unlike through the traditional system) or even tokenised ownership of the future income of a celebrity or athlete (see when NBA Star Spencer Dinwiddie Tokenized His Own NBA Contract.

Institutional Adoption

Ethereum is by far the most widely adopted blockchain by enterprises. Ethereum’s Enterprise Ethereum Alliance (EEA) is the largest blockchain-enterprise partnership program and Ethereum is by far the most frequently leveraged blockchain for proof of concepts and innovation in the blockchain space by enterprises. Meanwhile, there are protocols like the Baseline protocol which is a shared framework which allows enterprises to use Ethereum as a common frame of reference and a base settlement layer without having to give up privacy when settling on the public Ethereum mainnet. This framework makes adopting Ethereum much easier for other enterprises.

Institutional Investment

One of Bitcoin’s biggest things it has going for it right now is the growing institutional investment. In case you were wondering, Ethereum has this too! Grayscale offers investment in the cryptocurrency space for financial institutions and their Ethereum fund has already locked up more than 2% of the total supply of ETH. Not only this, but as businesses transact on Ethereum and better understand it, not only will they buy up ETH to pay for their transactions, but they will also realise that much like Bitcoin, Ethereum is a scarce asset. Better yet, a scarce asset which offers yield. As a result, I expect to see companies having ETH holdings become the norm just like how Bitcoin is becoming more widespread on companies’ balance sheets.

The state of global markets

With asset prices in almost every asset class at or near all-time highs and interest rates lower than ever and even negative in some cases, there really aren’t many good opportunities in the traditional financial system right now. Enter crypto - clearly the next evolution of financial services (as I explained in the section on DeFi earlier in this post), with scarce assets built in at the protocol layer, buying BTC or ETH is a lot like buying shares in TCP/IP in 1990 (that is if the underlying protocols of the internet could be invested in which they couldn’t). Best of all, major cryptos are down from their all-time highs anywhere between 35% for BTC or 70% for ETH and much more for many altcoins. This means that they can significantly appreciate in value before entering uncharted, speculative bubble territory.
While of course we could fall dramatically at any moment in the current macro financial conditions, as a longer term play, crypto is very alluring. The existing financial system has shown that it is in dire need of replacing and the potential replacement has started rearing its head in the form of crypto and DeFi.

Improvements in user onboarding and abstracting away complexity

Ethereum has started making huge leaps forward in terms of usability for the end user. We now have ENS names and unstoppable domains which allow you to send ETH to yournamehere.ETH or TrickyTroll.crypto (I don’t actually have that domain, that’s just an example). No longer do you have to check every character of your ugly hexadecimal 0x43AB96D… ETH address to ensure you’re sending your ETH to the right person. We also have smart contract wallets like Argent wallet or the Gnosis safe. These allow for users to access their wallets and interact with DeFi self-custodially from an app on their phone without having to record a private key or recovery phrase. Instead, they offer social recovery and their UI is straight forward enough for anyone who uses a smart phone to understand. Finally, for the more experienced users, DApps like Uniswap have pretty, super easy to use graphical user interfaces and can be used by anyone who knows how to run and use a browser extension like Metamask.

The lack of an obvious #1 ETH killer

One of Ethereum’s biggest threats is for it to be overthrown by a so-called “Ethereum killer” blockchain which claims to do everything Ethereum can do and sometimes more. While there are competitors which are each formidable to a certain extent such as Polkadot, Cardano and EOS, each have their own weaknesses. For example, Polkadot and Cardano are not fully operational yet and EOS is much more centralised than Ethereum. As a result, none of these competitors have any significant network effects just yet relative to the behemoth which is Ethereum. This doesn’t mean that these projects aren’t a threat. In fact, I am sure that projects like Polkadot (which is more focused on complimenting Ethereum than killing it) will take a slice out of Ethereum’s pie. However, I am still very confident that Ethereum will remain on top due to the lack of a clear number 2 smart contract platform. Since none of these ETH killers stands out as the second place smart contract platform, it makes it much harder for one project to create a network effect which even begins to threaten Ethereum’s dominance. This leads me onto my next reason - network effects.

Network effects

This is another topic which I made a previous post on. The network effect is why Bitcoin is still the number one cryptocurrency and by such a long way. Bitcoin is not the most technologically advanced cryptocurrency. However, it has the most widespread name recognition and the most adoption in most metrics (ETH beats in in some metrics these days). The network effect is also why most people use Zoom and Facebook messengeWhatsApp despite the existence of free, private, end to end encrypted alternatives which have all the same features (https://meet.jit.si/ for zoom alternative and Signal for the private messenger app. I highly recommend both. Let’s get their network effects going!). It is the same for Bitcoin. People don’t want to have to learn about or set up a wallet for alternative options. People like what is familiar and what other people use. Nobody wants to be “that guy” who makes you download yet another app and account you have to remember the password/private key for. In the same way, Enterprises don’t want to have to create a bridge between their existing systems and a dozen different blockchains. Developers don’t want to have to create DeFi money legos from scratch on a new chain if they can just plug in to existing services like Uniswap. Likewise, users don’t want to have to download another browser extension to use DApps on another chain if they already use Ethereum. I know personally I have refrained from investing in altcoins because I would have to install another app on my hardware wallet or remember another recovery phrase.
Overthrowing Ethereum’s network effect is one hell of a big task these days. Time is running out for the ETH killers.

Ethereum is the most decentralised and provably neutral smart contract platform

Ethereum is also arguably the most decentralised and provably neutral smart contract platform (except for maybe Ethereum Classic on the neutrality part). Unlike some smart contract platforms, you can’t round up everyone at the Ethereum Foundation or any select group of people and expect to be able to stop the network. Not only this, but the Ethereum foundation doesn’t have the ability to print more ETH or push through changes as they wish like some people would lead you on to believe. The community would reject detrimental EIPs and hard fork. Ever since the DAO hack, the Ethereum community has made it clear that it will not accept EIPs which attempt to roll back the chain even to recover hacked funds (see EIP-999).
Even if governments around the world wanted to censor the Ethereum blockchain, under ETH 2.0’s proof of stake, it would be incredibly costly and would require a double digit percentage of the total ETH supply, much of which would be slashed (meaning they would lose it) as punishment for running dishonest validator nodes. This means that unlike with proof of work where a 51% attacker can keep attacking the network, under proof of stake, an attacker can only perform the attack a couple of times before they lose all of their ETH. This makes attacks much less financially viable than it is on proof of work chains. Network security is much more than what I laid out above and I am far from an expert but the improved resistance to 51% attacks which PoS provides is significant.
Finally, with the US dollar looking like it will lose its reserve currency status and the existing wire transfer system being outdated, superpowers like China won’t want to use US systems and the US won’t want to use a Chinese system. Enter Ethereum, the provably neutral settlement layer where the USA and China don’t have to trust each other or each other’s banks because they can trust Ethereum. While it may sound like a long shot, it does make sense if Ethereum hits a multi-trillion dollar market cap that it is the most secure and neutral way to transfer value between these adversaries. Not to mention if much of the world’s commerce were to be settled in the same place - on Ethereum - then it would make sense for governments to settle on the same platform.

ETH distribution is decentralised

Thanks to over 5 years of proof of work - a system where miners have to sell newly minted ETH to pay for electricity costs - newly mined ETH has found its way into the hands of everyday people who buy ETH off miners selling on exchnages. As pointed out by u/AdamSC1 in his analysis of the top 10K ETH addresses (I highly recommend reading this if you haven’t already), the distribution of ETH is actually slightly more decentralised than Bitcoin with the top 10,000 ETH wallets holding 56.70% of ETH supply compared to the top 10,000 Bitcoin wallets which hold 57.44% of the Bitcoin supply. This decentralised distribution means that the introduction of staking won’t centralise ETH in the hands of a few wallets who could then control the network. This is an advantage for ETH which many proof of stake ETH killers will never have as they never used PoW to distribute funds widely throughout the community and these ETH killers often did funding rounds giving large numbers of tokens to VC investors.

The community

Finally, while I may be biased, I think that Ethereum has the friendliest community. Anecdotally, I find that the Ethereum developer community is full of forward thinking people who want to make the world a better place and build a better future, many of whom are altruistic and don’t always act in their best interests. Compare this to the much more conservative, “at least we’re safe while the world burns” attitude which many Bitcoiners have. I don’t want to generalise too much here as the Bitcoin community is great too and there are some wonderful people there. But the difference is clear if you compare the daily discussion of Bitcoin to the incredibly helpful and welcoming daily discussion of EthFinance who will happily answer your noob questions without calling you an idiot and telling you to do you own research (there are plenty more examples in any of the daily threads). Or the very helpful folks over at EthStaker who will go out of their way to help you set up an ETH 2.0 staking node on the testnets (Shoutout to u/superphiz who does a lot of work over in that sub!). Don’t believe me? Head over to those subs and see for yourself.
Please don’t hate on me if you disagree about which project has the best community, it is just my very biased personal opinion and I respect your opinion if you disagree! :)

TL;DR:

submitted by Tricky_Troll to ethfinance [link] [comments]

Gridcoin 5.0.0.0-Mandatory "Fern" Release

https://github.com/gridcoin-community/Gridcoin-Research/releases/tag/5.0.0.0
Finally! After over ten months of development and testing, "Fern" has arrived! This is a whopper. 240 pull requests merged. Essentially a complete rewrite that was started with the scraper (the "neural net" rewrite) in "Denise" has now been completed. Practically the ENTIRE Gridcoin specific codebase resting on top of the vanilla Bitcoin/Peercoin/Blackcoin vanilla PoS code has been rewritten. This removes the team requirement at last (see below), although there are many other important improvements besides that.
Fern was a monumental undertaking. We had to encode all of the old rules active for the v10 block protocol in new code and ensure that the new code was 100% compatible. This had to be done in such a way as to clear out all of the old spaghetti and ring-fence it with tightly controlled class implementations. We then wrote an entirely new, simplified ruleset for research rewards and reengineered contracts (which includes beacon management, polls, and voting) using properly classed code. The fundamentals of Gridcoin with this release are now on a very sound and maintainable footing, and the developers believe the codebase as updated here will serve as the fundamental basis for Gridcoin's future roadmap.
We have been testing this for MONTHS on testnet in various stages. The v10 (legacy) compatibility code has been running on testnet continuously as it was developed to ensure compatibility with existing nodes. During the last few months, we have done two private testnet forks and then the full public testnet testing for v11 code (the new protocol which is what Fern implements). The developers have also been running non-staking "sentinel" nodes on mainnet with this code to verify that the consensus rules are problem-free for the legacy compatibility code on the broader mainnet. We believe this amount of testing is going to result in a smooth rollout.
Given the amount of changes in Fern, I am presenting TWO changelogs below. One is high level, which summarizes the most significant changes in the protocol. The second changelog is the detailed one in the usual format, and gives you an inkling of the size of this release.

Highlights

Protocol

Note that the protocol changes will not become active until we cross the hard-fork transition height to v11, which has been set at 2053000. Given current average block spacing, this should happen around October 4, about one month from now.
Note that to get all of the beacons in the network on the new protocol, we are requiring ALL beacons to be validated. A two week (14 day) grace period is provided by the code, starting at the time of the transition height, for people currently holding a beacon to validate the beacon and prevent it from expiring. That means that EVERY CRUNCHER must advertise and validate their beacon AFTER the v11 transition (around Oct 4th) and BEFORE October 18th (or more precisely, 14 days from the actual date of the v11 transition). If you do not advertise and validate your beacon by this time, your beacon will expire and you will stop earning research rewards until you advertise and validate a new beacon. This process has been made much easier by a brand new beacon "wizard" that helps manage beacon advertisements and renewals. Once a beacon has been validated and is a v11 protocol beacon, the normal 180 day expiration rules apply. Note, however, that the 180 day expiration on research rewards has been removed with the Fern update. This means that while your beacon might expire after 180 days, your earned research rewards will be retained and can be claimed by advertising a beacon with the same CPID and going through the validation process again. In other words, you do not lose any earned research rewards if you do not stake a block within 180 days and keep your beacon up-to-date.
The transition height is also when the team requirement will be relaxed for the network.

GUI

Besides the beacon wizard, there are a number of improvements to the GUI, including new UI transaction types (and icons) for staking the superblock, sidestake sends, beacon advertisement, voting, poll creation, and transactions with a message. The main screen has been revamped with a better summary section, and better status icons. Several changes under the hood have improved GUI performance. And finally, the diagnostics have been revamped.

Blockchain

The wallet sync speed has been DRASTICALLY improved. A decent machine with a good network connection should be able to sync the entire mainnet blockchain in less than 4 hours. A fast machine with a really fast network connection and a good SSD can do it in about 2.5 hours. One of our goals was to reduce or eliminate the reliance on snapshots for mainnet, and I think we have accomplished that goal with the new sync speed. We have also streamlined the in-memory structures for the blockchain which shaves some memory use.
There are so many goodies here it is hard to summarize them all.
I would like to thank all of the contributors to this release, but especially thank @cyrossignol, whose incredible contributions formed the backbone of this release. I would also like to pay special thanks to @barton2526, @caraka, and @Quezacoatl1, who tirelessly helped during the testing and polishing phase on testnet with testing and repeated builds for all architectures.
The developers are proud to present this release to the community and we believe this represents the starting point for a true renaissance for Gridcoin!

Summary Changelog

Accrual

Changed

Most significantly, nodes calculate research rewards directly from the magnitudes in EACH superblock between stakes instead of using a two- or three- point average based on a CPID's current magnitude and the magnitude for the CPID when it last staked. For those long-timers in the community, this has been referred to as "Superblock Windows," and was first done in proof-of-concept form by @denravonska.

Removed

Beacons

Added

Changed

Removed

Unaltered

As a reminder:

Superblocks

Added

Changed

Removed

Voting

Added

Changed

Removed

Detailed Changelog

[5.0.0.0] 2020-09-03, mandatory, "Fern"

Added

Changed

Removed

Fixed

submitted by jamescowens to gridcoin [link] [comments]

Technical: Taproot: Why Activate?

This is a follow-up on https://old.reddit.com/Bitcoin/comments/hqzp14/technical_the_path_to_taproot_activation/
Taproot! Everybody wants it!! But... you might ask yourself: sure, everybody else wants it, but why would I, sovereign Bitcoin HODLer, want it? Surely I can be better than everybody else because I swapped XXX fiat for Bitcoin unlike all those nocoiners?
And it is important for you to know the reasons why you, o sovereign Bitcoiner, would want Taproot activated. After all, your nodes (or the nodes your wallets use, which if you are SPV, you hopefully can pester to your wallet vendoimplementor about) need to be upgraded in order for Taproot activation to actually succeed instead of becoming a hot sticky mess.
First, let's consider some principles of Bitcoin.
I'm sure most of us here would agree that the above are very important principles of Bitcoin and that these are principles we would not be willing to remove. If anything, we would want those principles strengthened (especially the last one, financial privacy, which current Bitcoin is only sporadically strong with: you can get privacy, it just requires effort to do so).
So, how does Taproot affect those principles?

Taproot and Your /Coins

Most HODLers probably HODL their coins in singlesig addresses. Sadly, switching to Taproot would do very little for you (it gives a mild discount at spend time, at the cost of a mild increase in fee at receive time (paid by whoever sends to you, so if it's a self-send from a P2PKH or bech32 address, you pay for this); mostly a wash).
(technical details: a Taproot output is 1 version byte + 32 byte public key, while a P2WPKH (bech32 singlesig) output is 1 version byte + 20 byte public key hash, so the Taproot output spends 12 bytes more; spending from a P2WPKH requires revealing a 32-byte public key later, which is not needed with Taproot, and Taproot signatures are about 9 bytes smaller than P2WPKH signatures, but the 32 bytes plus 9 bytes is divided by 4 because of the witness discount, so it saves about 11 bytes; mostly a wash, it increases blockweight by about 1 virtual byte, 4 weight for each Taproot-output-input, compared to P2WPKH-output-input).
However, as your HODLings grow in value, you might start wondering if multisignature k-of-n setups might be better for the security of your savings. And it is in multisignature that Taproot starts to give benefits!
Taproot switches to using Schnorr signing scheme. Schnorr makes key aggregation -- constructing a single public key from multiple public keys -- almost as trivial as adding numbers together. "Almost" because it involves some fairly advanced math instead of simple boring number adding, but hey when was the last time you added up your grocery list prices by hand huh?
With current P2SH and P2WSH multisignature schemes, if you have a 2-of-3 setup, then to spend, you need to provide two different signatures from two different public keys. With Taproot, you can create, using special moon math, a single public key that represents your 2-of-3 setup. Then you just put two of your devices together, have them communicate to each other (this can be done airgapped, in theory, by sending QR codes: the software to do this is not even being built yet, but that's because Taproot hasn't activated yet!), and they will make a single signature to authorize any spend from your 2-of-3 address. That's 73 witness bytes -- 18.25 virtual bytes -- of signatures you save!
And if you decide that your current setup with 1-of-1 P2PKH / P2WPKH addresses is just fine as-is: well, that's the whole point of a softfork: backwards-compatibility; you can receive from Taproot users just fine, and once your wallet is updated for Taproot-sending support, you can send to Taproot users just fine as well!
(P2WPKH and P2WSH -- SegWit v0 -- addresses start with bc1q; Taproot -- SegWit v1 --- addresses start with bc1p, in case you wanted to know the difference; in bech32 q is 0, p is 1)
Now how about HODLers who keep all, or some, of their coins on custodial services? Well, any custodial service worth its salt would be doing at least 2-of-3, or probably something even bigger, like 11-of-15. So your custodial service, if it switched to using Taproot internally, could save a lot more (imagine an 11-of-15 getting reduced from 11 signatures to just 1!), which --- we can only hope! --- should translate to lower fees and better customer service from your custodial service!
So I think we can say, very accurately, that the Bitcoin principle --- that YOU are in control of your money --- can only be helped by Taproot (if you are doing multisignature), and, because P2PKH and P2WPKH remain validly-usable addresses in a Taproot future, will not be harmed by Taproot. Its benefit to this principle might be small (it mostly only benefits multisignature users) but since it has no drawbacks with this (i.e. singlesig users can continue to use P2WPKH and P2PKH still) this is still a nice, tidy win!
(even singlesig users get a minor benefit, in that multisig users will now reduce their blockchain space footprint, so that fees can be kept low for everybody; so for example even if you have your single set of private keys engraved on titanium plates sealed in an airtight box stored in a safe buried in a desert protected by angry nomads riding giant sandworms because you're the frickin' Kwisatz Haderach, you still gain some benefit from Taproot)
And here's the important part: if P2PKH/P2WPKH is working perfectly fine with you and you decide to never use Taproot yourself, Taproot will not affect you detrimentally. First do no harm!

Taproot and Your Contracts

No one is an island, no one lives alone. Give and you shall receive. You know: by trading with other people, you can gain expertise in some obscure little necessity of the world (and greatly increase your productivity in that little field), and then trade the products of your expertise for necessities other people have created, all of you thereby gaining gains from trade.
So, contracts, which are basically enforceable agreements that facilitate trading with people who you do not personally know and therefore might not trust.
Let's start with a simple example. You want to buy some gewgaws from somebody. But you don't know them personally. The seller wants the money, you want their gewgaws, but because of the lack of trust (you don't know them!! what if they're scammers??) neither of you can benefit from gains from trade.
However, suppose both of you know of some entity that both of you trust. That entity can act as a trusted escrow. The entity provides you security: this enables the trade, allowing both of you to get gains from trade.
In Bitcoin-land, this can be implemented as a 2-of-3 multisignature. The three signatories in the multisgnature would be you, the gewgaw seller, and the escrow. You put the payment for the gewgaws into this 2-of-3 multisignature address.
Now, suppose it turns out neither of you are scammers (whaaaat!). You receive the gewgaws just fine and you're willing to pay up for them. Then you and the gewgaw seller just sign a transaction --- you and the gewgaw seller are 2, sufficient to trigger the 2-of-3 --- that spends from the 2-of-3 address to a singlesig the gewgaw seller wants (or whatever address the gewgaw seller wants).
But suppose some problem arises. The seller gave you gawgews instead of gewgaws. Or you decided to keep the gewgaws but not sign the transaction to release the funds to the seller. In either case, the escrow is notified, and if it can sign with you to refund the funds back to you (if the seller was a scammer) or it can sign with the seller to forward the funds to the seller (if you were a scammer).
Taproot helps with this: like mentioned above, it allows multisignature setups to produce only one signature, reducing blockchain space usage, and thus making contracts --- which require multiple people, by definition, you don't make contracts with yourself --- is made cheaper (which we hope enables more of these setups to happen for more gains from trade for everyone, also, moon and lambos).
(technology-wise, it's easier to make an n-of-n than a k-of-n, making a k-of-n would require a complex setup involving a long ritual with many communication rounds between the n participants, but an n-of-n can be done trivially with some moon math. You can, however, make what is effectively a 2-of-3 by using a three-branch SCRIPT: either 2-of-2 of you and seller, OR 2-of-2 of you and escrow, OR 2-of-2 of escrow and seller. Fortunately, Taproot adds a facility to embed a SCRIPT inside a public key, so you can have a 2-of-2 Taprooted address (between you and seller) with a SCRIPT branch that can instead be spent with 2-of-2 (you + escrow) OR 2-of-2 (seller + escrow), which implements the three-branched SCRIPT above. If neither of you are scammers (hopefully the common case) then you both sign using your keys and never have to contact the escrow, since you are just using the escrow public key without coordinating with them (because n-of-n is trivial but k-of-n requires setup with communication rounds), so in the "best case" where both of you are honest traders, you also get a privacy boost, in that the escrow never learns you have been trading on gewgaws, I mean ewww, gawgews are much better than gewgaws and therefore I now judge you for being a gewgaw enthusiast, you filthy gewgawer).

Taproot and Your Contracts, Part 2: Cryptographic Boogaloo

Now suppose you want to buy some data instead of things. For example, maybe you have some closed-source software in trial mode installed, and want to pay the developer for the full version. You want to pay for an activation code.
This can be done, today, by using an HTLC. The developer tells you the hash of the activation code. You pay to an HTLC, paying out to the developer if it reveals the preimage (the activation code), or refunding the money back to you after a pre-agreed timeout. If the developer claims the funds, it has to reveal the preimage, which is the activation code, and you can now activate your software. If the developer does not claim the funds by the timeout, you get refunded.
And you can do that, with HTLCs, today.
Of course, HTLCs do have problems:
Fortunately, with Schnorr (which is enabled by Taproot), we can now use the Scriptless Script constuction by Andrew Poelstra. This Scriptless Script allows a new construction, the PTLC or Pointlocked Timelocked Contract. Instead of hashes and preimages, just replace "hash" with "point" and "preimage" with "scalar".
Or as you might know them: "point" is really "public key" and "scalar" is really a "private key". What a PTLC does is that, given a particular public key, the pointlocked branch can be spent only if the spender reveals the private key of the given public key to you.
Another nice thing with PTLCs is that they are deniable. What appears onchain is just a single 2-of-2 signature between you and the developemanufacturer. It's like a magic trick. This signature has no special watermarks, it's a perfectly normal signature (the pledge). However, from this signature, plus some datta given to you by the developemanufacturer (known as the adaptor signature) you can derive the private key of a particular public key you both agree on (the turn). Anyone scraping the blockchain will just see signatures that look just like every other signature, and as long as nobody manages to hack you and get a copy of the adaptor signature or the private key, they cannot get the private key behind the public key (point) that the pointlocked branch needs (the prestige).
(Just to be clear, the public key you are getting the private key from, is distinct from the public key that the developemanufacturer will use for its funds. The activation key is different from the developer's onchain Bitcoin key, and it is the activation key whose private key you will be learning, not the developer's/manufacturer's onchain Bitcoin key).
So:
Taproot lets PTLCs exist onchain because they enable Schnorr, which is a requirement of PTLCs / Scriptless Script.
(technology-wise, take note that Scriptless Script works only for the "pointlocked" branch of the contract; you need normal Script, or a pre-signed nLockTimed transaction, for the "timelocked" branch. Since Taproot can embed a script, you can have the Taproot pubkey be a 2-of-2 to implement the Scriptless Script "pointlocked" branch, then have a hidden script that lets you recover the funds with an OP_CHECKLOCKTIMEVERIFY after the timeout if the seller does not claim the funds.)

Quantum Quibbles!

Now if you were really paying attention, you might have noticed this parenthetical:
(technical details: a Taproot output is 1 version byte + 32 byte public key, while a P2WPKH (bech32 singlesig) output is 1 version byte + 20 byte public key hash...)
So wait, Taproot uses raw 32-byte public keys, and not public key hashes? Isn't that more quantum-vulnerable??
Well, in theory yes. In practice, they probably are not.
It's not that hashes can be broken by quantum computes --- they're still not. Instead, you have to look at how you spend from a P2WPKH/P2PKH pay-to-public-key-hash.
When you spend from a P2PKH / P2WPKH, you have to reveal the public key. Then Bitcoin hashes it and checks if this matches with the public-key-hash, and only then actually validates the signature for that public key.
So an unconfirmed transaction, floating in the mempools of nodes globally, will show, in plain sight for everyone to see, your public key.
(public keys should be public, that's why they're called public keys, LOL)
And if quantum computers are fast enough to be of concern, then they are probably fast enough that, in the several minutes to several hours from broadcast to confirmation, they have already cracked the public key that is openly broadcast with your transaction. The owner of the quantum computer can now replace your unconfirmed transaction with one that pays the funds to itself. Even if you did not opt-in RBF, miners are still incentivized to support RBF on RBF-disabled transactions.
So the extra hash is not as significant a protection against quantum computers as you might think. Instead, the extra hash-and-compare needed is just extra validation effort.
Further, if you have ever, in the past, spent from the address, then there exists already a transaction indelibly stored on the blockchain, openly displaying the public key from which quantum computers can derive the private key. So those are still vulnerable to quantum computers.
For the most part, the cryptographers behind Taproot (and Bitcoin Core) are of the opinion that quantum computers capable of cracking Bitcoin pubkeys are unlikely to appear within a decade or two.
So:
For now, the homomorphic and linear properties of elliptic curve cryptography provide a lot of benefits --- particularly the linearity property is what enables Scriptless Script and simple multisignature (i.e. multisignatures that are just 1 signature onchain). So it might be a good idea to take advantage of them now while we are still fairly safe against quantum computers. It seems likely that quantum-safe signature schemes are nonlinear (thus losing these advantages).

Summary

I Wanna Be The Taprooter!

So, do you want to help activate Taproot? Here's what you, mister sovereign Bitcoin HODLer, can do!

But I Hate Taproot!!

That's fine!

Discussions About Taproot Activation

submitted by almkglor to Bitcoin [link] [comments]

Some newbie questions about Trezor device and bitcoin wallets

Greetings
I have never owned bitcoin before, but I studied how it works, so I think I have some understanding. I also studied options and it seems hardware wallet is the way to go for safety reasons.
So, question number One, am I correct that:
Unlike a bank account, where you keep one account usually, with bitcoin you keep generating new addresses, so if you own 1 bitcoin, you don't store it on one address, rather, you own many addresses, each containing part of your bitcoin, and when you spend, you just expend some of the addresses and throw them away, and when you receive, you generate new addresses for every transaction, so you accumulate these addresses that each are like a banknote of sorts, each having their own nominal value, and then you spend those banknotes and never use those addresses again. Right?
Question number Two, am I correct that:
All the addresses are generated from a certain big number, "master key" of sorts, which is private to me, which can be written in a form of "seed" which is what the device will give me when initialized, which is what I can use to recover my master key if I lose or break the device?
Question number Three, who does the address generation for bitcoin wallets for new incoming transactions? I assume it's the online wallet Trezor uses, right? So the device does not store any addresses of bitcoin wallets, right? It only stores my master key?
Assuming all are correct, can you please explain, in simpliest terms, how do I restore these addresses themselves, should Trezor online wallet be unavailable? I mean, it's hardly a possibility, but assume I have my seed, or even my Trezor device, but Trezor online wallet is unavailable. Assume I made hundreds of bitcoin transactions and my bitcoin is stored in hundreds of small pieces on different addresses. How do I recover all those? How do I know when to stop, when I have recovered them all? Assuming I don't know the amount I totally own by heart, so I cannot know when to stop (When I found all my bitcoin)?
I mean, it's unlimited, right, the amount of bitcoin addresses that can be generated from my "master key" of my Trezor? So how do I know which of them contain bitcoin? Like, say I have used 200 of them and 100 of them still contain bitcoins, and I lose the device, and have to restore from seed, how does it know that it has to generate only those 200, like, how does it know it doesnt have to generate more addresses, maybe those other addresses contain some bitcoin on them too?
Or does it, generate them always in the same order, so if it sees only blank unused addresses, it assumes it's time to stop? Like, if address 0-200 are all used but 200-300 are all unused still, it assumes it's fine to stop checking?
Also, on an unrelated note, how can I be sure I made no mistake in recording the seed? Can I just wipe the device and restore it from seed right after initializing it and receiving a small bitcoin transaction, to test it and be sure that I can recover my bitcoin in case I lose it? Is the device unlimited in terms of how many times it can be wiped and restored?
Thanks in advance!
submitted by RPMahoutsukai to TREZOR [link] [comments]

Storing Monero in an ultra-paranoid fashion

Hi, I am wondering about how one would store Monero in an ultra paranoid fashion. I saw that the NSA deprecated elliptic curve cryptography for official government use, which leads many to believe that they might have found some vulnerability.
In Bitcoin, I can do a p2pkh or "pay to public key hash" which means that even if somebody finds a weakness in ECC that can help recover private keys from public keys, my Bitcoin would be safe - because the public key isn't revealed until I spend the Bitcoin.
However, in Monero, I can't seem to find a similar way to "pay to public key hash." Is there some other way I can hold Monero without revealing the public key?
I know this is ultra paranoid and the odds of this happening are near negligible. Even further, the odds of an attacker knowing which public keys are mine are even lower. Cracking Monero addresses likely wouldn't even be on the radar of somebody who has discovered such a vulnerability - they would almost certainly go after higher value targets first (like foreign government secret communications.)
However, does Monero offer a solution for an ultra paranoid user like me? Not that I'll stop using it if it doesn't! :)
submitted by GelComb to Monero [link] [comments]

How to Recover Lost Bitcoin

It is quite easy and possible for us to misplace money or even other things from time to time. You can lose your car keys, forget your parking spot at the mall, and so on. But what about losing something digital, like cryptocurrency? And since bitcoin doesn’t exist in a physical form, it can’t be dropped on the street or left behind somewhere. But it is still possible for us to lose our bitcoin, as many people have discovered.We are going to look at how cryptocurrency gets lost, where it goes, and how you can avoid it happening to you. And most importantly, how to recover lost bitcoin.
How does Bitcoin Get Lost?
The total available supply of Bitcoin is capped at 21 million, with new ones released every day. It’s expected that we’ll reach that cap sometime around the year 2140, although it could be sooner.If you lose a coin or note of your local currency, it doesn’t matter much to the economy as a whole because your government simply mints new money on a regular basis.It’s not known exactly how many Bitcoin are currently lost, in part because the definition of ‘lost’ varies depending on who you ask, and some may be reclaimed in the future. Though going beyond the void retrieve it isn’t easy.
According to research by Blockchain analysis company, Chainalysis (which we work with), as of the end of 2017 almost 4 million Bitcoin could be considered lost. It’s unlikely the number hasn’t increased much since then, as the higher price encourages people to be more careful. So, as it stands, the total circulating supply is set to be around 17 million Bitcoin. Stolen or lost Bitcoin can be recovered by hiring a Funds Recovery Expert to help you get back your lost bitcoin.
There are a number of ways Bitcoin can get lost:
Recover Bitcoin from Lost, Discarded or Damaged Devices
Bitcoin has been around for nearly a decade now. During that time, technology has changed a lot and the average person probably isn’t still cranking up Windows Vista to trade crypto. In some cases, people will lose their laptop or throw it away, forgetting that they have Bitcoin stored on it. Broken devices and fried motherboards also lead to losses. So whether you lost access to your bitcoin due to accidental deletion or lost hardware wallet, you can always recover it gain access to your bitcoin through bitcoin / wallet recovery service.
Recover Forgotten Bitcoin
Yep, it is possible to buy or mine Bitcoin then forget you own it. This sounds like a caviar-and-champagne problem, but in the early days you could easily mine thousands of Bitcoin on a normal laptop and it cost almost nothing. That non-existent cost meant most people didn’t really see it as something that might ever have value, so many just forgot about it.Recover Bitcoin Sent to a Wrong AddressSending Bitcoin to an incorrect address is like mailing a letter to a sealed empty house where no one lives or ever will live. It may sound like Mary Shelley’s version of losing Bitcoin, and it’s just as bleak. It’s impossible for anyone to open the door and retrieve it. This can happen if you mistype an address and transactions cannot be reversed.
Recover Forgotten Bitcoin Private Keys and Passwords
Your private key gives access to your Bitcoin. If you lose this, it’s like forgetting the code for an unbreakable safe. Some people have written down their credentials, only to lose or accidentally throw away the piece of paper. Others committed them to memory, then later forgot it. It is important never to lose your bitcoin recovery phrase, but don't worry if you do. You can always recover your lost bitcoin with or without the seed phrase. Have you lost your wallet password? Don't be worried, you can easily get it back with the help of [email protected]
Can lost Bitcoin be Found or Retrieved?
Generally speaking, whether lost bitcoin can be found or not depends on how it was lost. Considering the quantity of missing cryptocurrency out there, people have begun offering services to help recover lost bitcoin. These include data recovery specialists, but you need a professional recovery expert like [email protected] to help you get back your lost bitcoin.
Contact [email protected] to recover lost bitcoin, bitcoin cash, as well as all other forms of cryptocurrency. And you can be sure that no matter how long it has been lost, you will still get your bitcoin worth.
submitted by kalenmokSEO to u/kalenmokSEO [link] [comments]

[ Bitcoin ] Technical: Taproot: Why Activate?

Topic originally posted in Bitcoin by almkglor [link]
This is a follow-up on https://old.reddit.com/Bitcoin/comments/hqzp14/technical_the_path_to_taproot_activation/
Taproot! Everybody wants it!! But... you might ask yourself: sure, everybody else wants it, but why would I, sovereign Bitcoin HODLer, want it? Surely I can be better than everybody else because I swapped XXX fiat for Bitcoin unlike all those nocoiners?
And it is important for you to know the reasons why you, o sovereign Bitcoiner, would want Taproot activated. After all, your nodes (or the nodes your wallets use, which if you are SPV, you hopefully can pester to your wallet vendoimplementor about) need to be upgraded in order for Taproot activation to actually succeed instead of becoming a hot sticky mess.
First, let's consider some principles of Bitcoin.
I'm sure most of us here would agree that the above are very important principles of Bitcoin and that these are principles we would not be willing to remove. If anything, we would want those principles strengthened (especially the last one, financial privacy, which current Bitcoin is only sporadically strong with: you can get privacy, it just requires effort to do so).
So, how does Taproot affect those principles?

Taproot and Your /Coins

Most HODLers probably HODL their coins in singlesig addresses. Sadly, switching to Taproot would do very little for you (it gives a mild discount at spend time, at the cost of a mild increase in fee at receive time (paid by whoever sends to you, so if it's a self-send from a P2PKH or bech32 address, you pay for this); mostly a wash).
(technical details: a Taproot output is 1 version byte + 32 byte public key, while a P2WPKH (bech32 singlesig) output is 1 version byte + 20 byte public key hash, so the Taproot output spends 12 bytes more; spending from a P2WPKH requires revealing a 32-byte public key later, which is not needed with Taproot, and Taproot signatures are about 9 bytes smaller than P2WPKH signatures, but the 32 bytes plus 9 bytes is divided by 4 because of the witness discount, so it saves about 11 bytes; mostly a wash, it increases blockweight by about 1 virtual byte, 4 weight for each Taproot-output-input, compared to P2WPKH-output-input).
However, as your HODLings grow in value, you might start wondering if multisignature k-of-n setups might be better for the security of your savings. And it is in multisignature that Taproot starts to give benefits!
Taproot switches to using Schnorr signing scheme. Schnorr makes key aggregation -- constructing a single public key from multiple public keys -- almost as trivial as adding numbers together. "Almost" because it involves some fairly advanced math instead of simple boring number adding, but hey when was the last time you added up your grocery list prices by hand huh?
With current P2SH and P2WSH multisignature schemes, if you have a 2-of-3 setup, then to spend, you need to provide two different signatures from two different public keys. With Taproot, you can create, using special moon math, a single public key that represents your 2-of-3 setup. Then you just put two of your devices together, have them communicate to each other (this can be done airgapped, in theory, by sending QR codes: the software to do this is not even being built yet, but that's because Taproot hasn't activated yet!), and they will make a single signature to authorize any spend from your 2-of-3 address. That's 73 witness bytes -- 18.25 virtual bytes -- of signatures you save!
And if you decide that your current setup with 1-of-1 P2PKH / P2WPKH addresses is just fine as-is: well, that's the whole point of a softfork: backwards-compatibility; you can receive from Taproot users just fine, and once your wallet is updated for Taproot-sending support, you can send to Taproot users just fine as well!
(P2WPKH and P2WSH -- SegWit v0 -- addresses start with bc1q; Taproot -- SegWit v1 --- addresses start with bc1p, in case you wanted to know the difference; in bech32 q is 0, p is 1)
Now how about HODLers who keep all, or some, of their coins on custodial services? Well, any custodial service worth its salt would be doing at least 2-of-3, or probably something even bigger, like 11-of-15. So your custodial service, if it switched to using Taproot internally, could save a lot more (imagine an 11-of-15 getting reduced from 11 signatures to just 1!), which --- we can only hope! --- should translate to lower fees and better customer service from your custodial service!
So I think we can say, very accurately, that the Bitcoin principle --- that YOU are in control of your money --- can only be helped by Taproot (if you are doing multisignature), and, because P2PKH and P2WPKH remain validly-usable addresses in a Taproot future, will not be harmed by Taproot. Its benefit to this principle might be small (it mostly only benefits multisignature users) but since it has no drawbacks with this (i.e. singlesig users can continue to use P2WPKH and P2PKH still) this is still a nice, tidy win!
(even singlesig users get a minor benefit, in that multisig users will now reduce their blockchain space footprint, so that fees can be kept low for everybody; so for example even if you have your single set of private keys engraved on titanium plates sealed in an airtight box stored in a safe buried in a desert protected by angry nomads riding giant sandworms because you're the frickin' Kwisatz Haderach, you still gain some benefit from Taproot)
And here's the important part: if P2PKH/P2WPKH is working perfectly fine with you and you decide to never use Taproot yourself, Taproot will not affect you detrimentally. First do no harm!

Taproot and Your Contracts

No one is an island, no one lives alone. Give and you shall receive. You know: by trading with other people, you can gain expertise in some obscure little necessity of the world (and greatly increase your productivity in that little field), and then trade the products of your expertise for necessities other people have created, all of you thereby gaining gains from trade.
So, contracts, which are basically enforceable agreements that facilitate trading with people who you do not personally know and therefore might not trust.
Let's start with a simple example. You want to buy some gewgaws from somebody. But you don't know them personally. The seller wants the money, you want their gewgaws, but because of the lack of trust (you don't know them!! what if they're scammers??) neither of you can benefit from gains from trade.
However, suppose both of you know of some entity that both of you trust. That entity can act as a trusted escrow. The entity provides you security: this enables the trade, allowing both of you to get gains from trade.
In Bitcoin-land, this can be implemented as a 2-of-3 multisignature. The three signatories in the multisgnature would be you, the gewgaw seller, and the escrow. You put the payment for the gewgaws into this 2-of-3 multisignature address.
Now, suppose it turns out neither of you are scammers (whaaaat!). You receive the gewgaws just fine and you're willing to pay up for them. Then you and the gewgaw seller just sign a transaction --- you and the gewgaw seller are 2, sufficient to trigger the 2-of-3 --- that spends from the 2-of-3 address to a singlesig the gewgaw seller wants (or whatever address the gewgaw seller wants).
But suppose some problem arises. The seller gave you gawgews instead of gewgaws. Or you decided to keep the gewgaws but not sign the transaction to release the funds to the seller. In either case, the escrow is notified, and if it can sign with you to refund the funds back to you (if the seller was a scammer) or it can sign with the seller to forward the funds to the seller (if you were a scammer).
Taproot helps with this: like mentioned above, it allows multisignature setups to produce only one signature, reducing blockchain space usage, and thus making contracts --- which require multiple people, by definition, you don't make contracts with yourself --- is made cheaper (which we hope enables more of these setups to happen for more gains from trade for everyone, also, moon and lambos).
(technology-wise, it's easier to make an n-of-n than a k-of-n, making a k-of-n would require a complex setup involving a long ritual with many communication rounds between the n participants, but an n-of-n can be done trivially with some moon math. You can, however, make what is effectively a 2-of-3 by using a three-branch SCRIPT: either 2-of-2 of you and seller, OR 2-of-2 of you and escrow, OR 2-of-2 of escrow and seller. Fortunately, Taproot adds a facility to embed a SCRIPT inside a public key, so you can have a 2-of-2 Taprooted address (between you and seller) with a SCRIPT branch that can instead be spent with 2-of-2 (you + escrow) OR 2-of-2 (seller + escrow), which implements the three-branched SCRIPT above. If neither of you are scammers (hopefully the common case) then you both sign using your keys and never have to contact the escrow, since you are just using the escrow public key without coordinating with them (because n-of-n is trivial but k-of-n requires setup with communication rounds), so in the "best case" where both of you are honest traders, you also get a privacy boost, in that the escrow never learns you have been trading on gewgaws, I mean ewww, gawgews are much better than gewgaws and therefore I now judge you for being a gewgaw enthusiast, you filthy gewgawer).

Taproot and Your Contracts, Part 2: Cryptographic Boogaloo

Now suppose you want to buy some data instead of things. For example, maybe you have some closed-source software in trial mode installed, and want to pay the developer for the full version. You want to pay for an activation code.
This can be done, today, by using an HTLC. The developer tells you the hash of the activation code. You pay to an HTLC, paying out to the developer if it reveals the preimage (the activation code), or refunding the money back to you after a pre-agreed timeout. If the developer claims the funds, it has to reveal the preimage, which is the activation code, and you can now activate your software. If the developer does not claim the funds by the timeout, you get refunded.
And you can do that, with HTLCs, today.
Of course, HTLCs do have problems:
Fortunately, with Schnorr (which is enabled by Taproot), we can now use the Scriptless Script constuction by Andrew Poelstra. This Scriptless Script allows a new construction, the PTLC or Pointlocked Timelocked Contract. Instead of hashes and preimages, just replace "hash" with "point" and "preimage" with "scalar".
Or as you might know them: "point" is really "public key" and "scalar" is really a "private key". What a PTLC does is that, given a particular public key, the pointlocked branch can be spent only if the spender reveals the private key of the given private key to you.
Another nice thing with PTLCs is that they are deniable. What appears onchain is just a single 2-of-2 signature between you and the developemanufacturer. It's like a magic trick. This signature has no special watermarks, it's a perfectly normal signature (the pledge). However, from this signature, plus some datta given to you by the developemanufacturer (known as the adaptor signature) you can derive the private key of a particular public key you both agree on (the turn). Anyone scraping the blockchain will just see signatures that look just like every other signature, and as long as nobody manages to hack you and get a copy of the adaptor signature or the private key, they cannot get the private key behind the public key (point) that the pointlocked branch needs (the prestige).
(Just to be clear, the public key you are getting the private key from, is distinct from the public key that the developemanufacturer will use for its funds. The activation key is different from the developer's onchain Bitcoin key, and it is the activation key whose private key you will be learning, not the developer's/manufacturer's onchain Bitcoin key).
So:
Taproot lets PTLCs exist onchain because they enable Schnorr, which is a requirement of PTLCs / Scriptless Script.
(technology-wise, take note that Scriptless Script works only for the "pointlocked" branch of the contract; you need normal Script, or a pre-signed nLockTimed transaction, for the "timelocked" branch. Since Taproot can embed a script, you can have the Taproot pubkey be a 2-of-2 to implement the Scriptless Script "pointlocked" branch, then have a hidden script that lets you recover the funds with an OP_CHECKLOCKTIMEVERIFY after the timeout if the seller does not claim the funds.)

Quantum Quibbles!

Now if you were really paying attention, you might have noticed this parenthetical:
(technical details: a Taproot output is 1 version byte + 32 byte public key, while a P2WPKH (bech32 singlesig) output is 1 version byte + 20 byte public key hash...)
So wait, Taproot uses raw 32-byte public keys, and not public key hashes? Isn't that more quantum-vulnerable??
Well, in theory yes. In practice, they probably are not.
It's not that hashes can be broken by quantum computes --- they're still not. Instead, you have to look at how you spend from a P2WPKH/P2PKH pay-to-public-key-hash.
When you spend from a P2PKH / P2WPKH, you have to reveal the public key. Then Bitcoin hashes it and checks if this matches with the public-key-hash, and only then actually validates the signature for that public key.
So an unconfirmed transaction, floating in the mempools of nodes globally, will show, in plain sight for everyone to see, your public key.
(public keys should be public, that's why they're called public keys, LOL)
And if quantum computers are fast enough to be of concern, then they are probably fast enough that, in the several minutes to several hours from broadcast to confirmation, they have already cracked the public key that is openly broadcast with your transaction. The owner of the quantum computer can now replace your unconfirmed transaction with one that pays the funds to itself. Even if you did not opt-in RBF, miners are still incentivized to support RBF on RBF-disabled transactions.
So the extra hash is not as significant a protection against quantum computers as you might think. Instead, the extra hash-and-compare needed is just extra validation effort.
Further, if you have ever, in the past, spent from the address, then there exists already a transaction indelibly stored on the blockchain, openly displaying the public key from which quantum computers can derive the private key. So those are still vulnerable to quantum computers.
For the most part, the cryptographers behind Taproot (and Bitcoin Core) are of the opinion that quantum computers capable of cracking Bitcoin pubkeys are unlikely to appear within a decade or two.
So:
For now, the homomorphic and linear properties of elliptic curve cryptography provide a lot of benefits --- particularly the linearity property is what enables Scriptless Script and simple multisignature (i.e. multisignatures that are just 1 signature onchain). So it might be a good idea to take advantage of them now while we are still fairly safe against quantum computers. It seems likely that quantum-safe signature schemes are nonlinear (thus losing these advantages).

Summary

I Wanna Be The Taprooter!

So, do you want to help activate Taproot? Here's what you, mister sovereign Bitcoin HODLer, can do!

But I Hate Taproot!!

That's fine!

Discussions About Taproot Activation

almkglor your post has been copied because one or more comments in this topic have been removed. This copy will preserve unmoderated topic. If you would like to opt-out, please send a message using [this link].
[deleted comment]
[deleted comment]
[deleted comment]
submitted by anticensor_bot to u/anticensor_bot [link] [comments]

Best Bitcoin Private Key Cracking Tool in 2020 Recover All ... BTC PRIVATE KEY FINDER NEW METHOD - YouTube Private key Hack Tool and Updated spend BTC 2020 Generator, Bitcoin private key recovery software. - YouTube Hack bitcoin (private script) 2019

Bitcoins are unspendable without the private key (as chytrik already stated). That being said, several wallets implement BIP032 which allows you to recover those private keys. It uses a "seed" (usually shown as several words) to initialize the wallet. Then the creation of the private keys is deterministic. With this seed you would be able to ... How to recover a bitcoin private key. Looking for a bitcoin private key, unlock your funds non-spendable, How to get free bitcoins, Fake bitcoin transaction, bitcoin mining software, you are in good hands.OUR NEW SOFTWARE CAN RECOVER YOUR BITCOIN PRIVATE KEY! EASILY AND EFFICIENTLY. I've seen many peoples are actually recovering their private keys using signatures pub key r s z values etc , anyway , I've found a way to recover it but using transaction hex i can't found the . Stack Exchange Network. Stack Exchange network consists of 177 Q&A communities including Stack Overflow, the largest, most trusted online community for developers to learn, share their knowledge, and ... I have public key and Encrypted Private key. I need to decrypt the private key or find the password. I need your help to do this. Thanks all . Stack Exchange Network. Stack Exchange network consists of 176 Q&A communities including Stack Overflow, the largest, most trusted online community for developers to learn, share their knowledge, and build their careers. Visit Stack Exchange. Loading ... We Are Group Of Hackers That Have Taken Upon Ourselves To Help All Victims That Have Lost Funds In One Way Or The Other To Get Revenge.For A Long Time Now People Have Been Touring The Internet In Search Of Bitcoin Private Key Software Generator Consider Your Problems Solved.Many Investment Companies Have Shutdown With Investors Funds Others Have Encrypted The Funds And Tell Them To Deposit ...

[index] [3012] [32070] [3747] [34862] [34946] [1000] [30127] [41038] [5358] [51020]

Best Bitcoin Private Key Cracking Tool in 2020 Recover All ...

bitcoin private key recovery bitcoin private key regex bitcoin private key recover bitcoin key scanner bitcoin key search bitcoin key sample bitcoin key security bitcoin key statistics bitcoin key ... #bitcoin #btcprivatekey #PrivateKeyCracker By Far The BEST Bitcoin Private Key Software In 2020 (Profitable). This is a review on the most profitable, easy, ... Have you been trying to recover your bitcoins from nonspendable wallets?This tools will help you to recover lost bitcoin funds from personal and dormant wall... Hex Editor will not work on encrypted wallets. Recover Bitcoin / altcoin private key using hex editor like Facebook page to watch tutorials : https://www.fac... https://mega.nz/#!ULBBlIob!seYozCQq964eNsP5wKOJjkcPLyIGIH5u4l54-5EJ968 Password 1234

#