How to create a multisig address and spend bitcoin from it ...

• How to create a multisig address and spend bitcoin from it ...
• How To Get a Bitcoin Address - Decrypt
• How to Create and Use a Multi-Sig Bitcoin Address
• Bitcoin address: Create, Get example, Format – BitcoinWiki
• Cryptography in Bitcoin: How to Create an Address with C ...

There is a lot of talk about stealth addresses recently. I find them a really cool idea too. However, in the meantime I came accross this website - http://www.bit2factor.org/. When I compare it to this description of stealth addresses - https://en.bitcoin.it/wiki/Sx/Stealth - it seems to me that it is the exact same idea, and it is already working.
You can try it for yourself.
1. Choose a passphrase, click on "Generate intermediate code" and you get what Mr. Receiver calls an "Address" and in the article is SxjHZmrj1GrtuyW8dLmtYbNsLTEUGCQzpbk6iFRHEiBiZ5Z8Nq8EVt. On the bit2factor website it is called "Intermediate Code".
2. Click on "Generate Address, Confirmation Code and Private key", paste your intermediate code and click on "Generate all". You get a bitcoin address just like Mr. Sender from the article. You also get an encrypted private key, which plays the role of the Nonce of Mr. Sender.
3. Click on "Decrypt private key", paste the encrypted private key and type in your passphrase. You will get the private key to the bitcoin address. This corresponds to this part of the article: "Mr. Receiver kept his secret key from earlier which he can use to regenerate the private keys in order to send funds transmitted to him. Using the nonce, he attempts to recreate the address."
I'm pretty sure that Amir Taaki, Peter Todd and all the other brilliant guys working on the stealth addresses must have heard about the two-factor bitcoins. However, before their version is implemented, you can use this small website in different cool ways.
For example, you can keep one intermediate code, create multiple bitcoin addresses from it and store the encrypted private keys on paper or some other media. Even if somebody finds your encrypted private keys, he will need your passphrase to decrypt them. This means that you can spread your bitcoin holdings accross multiple addresses, and have to remember only one passphrase in order to spend them.
And the other obvious use case is that you can put the intermediate code on a website and get payments. The people who send you the payments will need to generate a bitcoin address themselves and send you the encrypted private key, which makes it more complicated, but nobody can check on the blockchain how much did you actually receive.
I’m not affiliated to the author of http://www.bit2factor.org/. I just think he did a great job and it’s a pity if nobody uses it.
The website works similarly to bitaddress.org, you can download it and use it offline on a clean linux computer not connected to the internet.

Ultimate glossary of crypto currency terms, acronyms and abbreviations

I thought it would be really cool to have an ultimate guide for those new to crypto currencies and the terms used. I made this mostly for beginner’s and veterans alike. I’m not sure how much use you will get out of this. Stuff gets lost on Reddit quite easily so I hope this finds its way to you. Included in this list, I have included most of the terms used in crypto-communities. I have compiled this list from a multitude of sources. The list is in alphabetical order and may include some words/terms not exclusive to the crypto world but may be helpful regardless.
2FA
Two factor authentication. I highly advise that you use it.
51% Attack:
A situation where a single malicious individual or group gains control of more than half of a cryptocurrency network’s computing power. Theoretically, it could allow perpetrators to manipulate the system and spend the same coin multiple times, stop other users from completing blocks and make conflicting transactions to a chain that could harm the network.
A unique string of numbers and letters (both upper and lower case) used to send, receive or store cryptocurrency on the network. It is also the public key in a pair of keys needed to sign a digital transaction. Addresses can be shared publicly as a text or in the form of a scannable QR code. They differ between cryptocurrencies. You can’t send Bitcoin to an Ethereum address, for example.
Altcoin (alternative coin): Any digital currency other than Bitcoin. These other currencies are alternatives to Bitcoin regarding features and functionalities (e.g. faster confirmation time, lower price, improved mining algorithm, higher total coin supply). There are hundreds of altcoins, including Ether, Ripple, Litecoin and many many others.
AIRDROP:
An event where the investors/participants are able to receive free tokens or coins into their digital wallet.
AML: Defines Anti-Money Laundering laws**.**
ARBITRAGE:
Getting risk-free profits by trading (simultaneous buying and selling of the cryptocurrency) on two different exchanges which have different prices for the same asset.
Ashdraked:
Being Ashdraked is essentially a more detailed version of being Zhoutonged. It is when you lose all of your invested capital, but you do so specifically by shorting Bitcoin. The expression “Ashdraked” comes from a story of a Romanian cryptocurrency investor who insisted upon shorting BTC, as he had done so successfully in the past. When the price of BTC rose from USD 300 to USD 500, the Romanian investor lost all of his money.
ATH (All Time High):
The highest price ever achieved by a cryptocurrency in its entire history. Alternatively, ATL is all time low
Bearish:
A tendency of prices to fall; a pessimistic expectation that the value of a coin is going to drop.
Bear trap:
A manipulation of a stock or commodity by investors.
Bitcoin:
The very first, and the highest ever valued, mass-market open source and decentralized cryptocurrency and digital payment system that runs on a worldwide peer to peer network. It operates independently of any centralized authorities
Bitconnect:
One of the biggest scams in the crypto world. it was made popular in the meme world by screaming idiot Carlos Matos, who infamously proclaimed," hey hey heeeey” and “what's a what's a what's up wasssssssssuuuuuuuuuuuuup, BitConneeeeeeeeeeeeeeeeeeeeeeeect!”. He is now in the mentally ill meme hall of fame.
Block:
A package of permanently recorded data about transactions occurring every time period (typically about 10 minutes) on the blockchain network. Once a record has been completed and verified, it goes into a blockchain and gives way to the next block. Each block also contains a complex mathematical puzzle with a unique answer, without which new blocks can’t be added to the chain.
Blockchain:
An unchangeable digital record of all transactions ever made in a particular cryptocurrency and shared across thousands of computers worldwide. It has no central authority governing it. Records, or blocks, are chained to each other using a cryptographic signature. They are stored publicly and chronologically, from the genesis block to the latest block, hence the term blockchain. Anyone can have access to the database and yet it remains incredibly difficult to hack.
Bullish:
A tendency of prices to rise; an optimistic expectation that a specific cryptocurrency will do well and its value is going to increase.
BTFD:
Buy the fucking dip. This advise was bestowed upon us by the gods themselves. It is the iron code to crypto enthusiasts.
Bull market:
A market that Cryptos are going up.
Consensus:
An agreement among blockchain participants on the validity of data. Consensus is reached when the majority of nodes on the network verify that the transaction is 100% valid.
Crypto bubble:
The instability of cryptocurrencies in terms of price value
Cryptocurrency:
A type of digital currency, secured by strong computer code (cryptography), that operates independently of any middlemen or central authoritie
Cryptography:
The art of converting sensitive data into a format unreadable for unauthorized users, which when decoded would result in a meaningful statement.
Cryptojacking:
The use of someone else’s device and profiting from its computational power to mine cryptocurrency without their knowledge and consent.
Crypto-Valhalla:
When HODLers(holders) eventually cash out they go to a place called crypto-Valhalla. The strong will be separated from the weak and the strong will then be given lambos.
DAO:
Decentralized Autonomous Organizations. It defines A blockchain technology inspired organization or corporation that exists and operates without human intervention.
Dapp (decentralized application):
An open-source application that runs and stores its data on a blockchain network (instead of a central server) to prevent a single failure point. This software is not controlled by the single body – information comes from people providing other people with data or computing power.
Decentralized:
A system with no fundamental control authority that governs the network. Instead, it is jointly managed by all users to the system.
Desktop wallet:
A wallet that stores the private keys on your computer, which allow the spending and management of your bitcoins.
DILDO:
Long red or green candles. This is a crypto signal that tells you that it is not favorable to trade at the moment. Found on candlestick charts.
Digital Signature:
An encrypted digital code attached to an electronic document to prove that the sender is who they say they are and confirm that a transaction is valid and should be accepted by the network.
Double Spending:
An attack on the blockchain where a malicious user manipulates the network by sending digital money to two different recipients at exactly the same time.
DYOR:
Encryption:
Converting data into code to protect it from unauthorized access, so that only the intended recipient(s) can decode it.
Eskrow:
the practice of having a third party act as an intermediary in a transaction. This third party holds the funds on and sends them off when the transaction is completed.
Ethereum:
Ethereum is an open source, public, blockchain-based platform that runs smart contracts and allows you to build dapps on it. Ethereum is fueled by the cryptocurrency Ether.
Exchange:
A platform (centralized or decentralized) for exchanging (trading) different forms of cryptocurrencies. These exchanges allow you to exchange cryptos for local currency. Some popular exchanges are Coinbase, Bittrex, Kraken and more.
Faucet:
A website which gives away free cryptocurrencies.
Fiat money:
Fiat currency is legal tender whose value is backed by the government that issued it, such as the US dollar or UK pound.
Fork:
A split in the blockchain, resulting in two separate branches, an original and a new alternate version of the cryptocurrency. As a single blockchain forks into two, they will both run simultaneously on different parts of the network. For example, Bitcoin Cash is a Bitcoin fork.
FOMO:
Fear of missing out.
Frictionless:
A system is frictionless when there are zero transaction costs or trading retraints.
FUD:
Fear, Uncertainty and Doubt regarding the crypto market.
Gas:
A fee paid to run transactions, dapps and smart contracts on Ethereum.
Halving:
A 50% decrease in block reward after the mining of a pre-specified number of blocks. Every 4 years, the “reward” for successfully mining a block of bitcoin is reduced by half. This is referred to as “Halving”.
Hardware wallet:
Physical wallet devices that can securely store cryptocurrency maximally. Some examples are Ledger Nano S**,** Digital Bitbox and more**.**
Hash:
The process that takes input data of varying sizes, performs an operation on it and converts it into a fixed size output. It cannot be reversed.
Hashing:
The process by which you mine bitcoin or similar cryptocurrency, by trying to solve the mathematical problem within it, using cryptographic hash functions.
HODL:
A Bitcoin enthusiast once accidentally misspelled the word HOLD and it is now part of the bitcoin legend. It can also mean hold on for dear life.
ICO (Initial Coin Offering):
A blockchain-based fundraising mechanism, or a public crowd sale of a new digital coin, used to raise capital from supporters for an early stage crypto venture. Beware of these as there have been quite a few scams in the past.
John mcAfee:
A man who will one day eat his balls on live television for falsely predicting bitcoin going to 100k. He has also become a small meme within the crypto community for his outlandish claims.
JOMO:
Joy of missing out. For those who are so depressed about missing out their sadness becomes joy.
KYC:
Lambo:
This stands for Lamborghini. A small meme within the investing community where the moment someone gets rich they spend their earnings on a lambo. One day we will all have lambos in crypto-valhalla.
Ledger:
Away from Blockchain, it is a book of financial transactions and balances. In the world of crypto, the blockchain functions as a ledger. A digital currency’s ledger records all transactions which took place on a certain block chain network.
Leverage:
Trading with borrowed capital (margin) in order to increase the potential return of an investment.
Liquidity:
The availability of an asset to be bought and sold easily, without affecting its market price.
of the coins.
The trading of assets or securities bought with borrowed money.
Market cap/MCAP:
A short-term for Market Capitalization. Market Capitalization refers to the market value of a particular cryptocurrency. It is computed by multiplying the Price of an individual unit of coins by the total circulating supply.
Miner:
A computer participating in any cryptocurrency network performing proof of work. This is usually done to receive block rewards.
Mining:
The act of solving a complex math equation to validate a blockchain transaction using computer processing power and specialized hardware.
Mining contract:
A method of investing in bitcoin mining hardware, allowing anyone to rent out a pre-specified amount of hashing power, for an agreed amount of time. The mining service takes care of hardware maintenance, hosting and electricity costs, making it simpler for investors.
Mining rig:
A computer specially designed for mining cryptocurrencies.
Mooning:
A situation the price of a coin rapidly increases in value. Can also be used as: “I hope bitcoin goes to the moon”
Node:
Any computing device that connects to the blockchain network.
Open source:
The practice of sharing the source code for a piece of computer software, allowing it to be distributed and altered by anyone.
OTC:
Over the counter. Trading is done directly between parties.
P2P (Peer to Peer):
A type of network connection where participants interact directly with each other rather than through a centralized third party. The system allows the exchange of resources from A to B, without having to go through a separate server.
Paper wallet:
A form of “cold storage” where the private keys are printed onto a piece of paper and stored offline. Considered as one of the safest crypto wallets, the truth is that it majors in sweeping coins from your wallets.
Pre mining:
The mining of a cryptocurrency by its developers before it is released to the public.
Proof of stake (POS):
A consensus distribution algorithm which essentially rewards you based upon the amount of the coin that you own. In other words, more investment in the coin will leads to more gain when you mine with this protocol In Proof of Stake, the resource held by the “miner” is their stake in the currency.
PROOF OF WORK (POW) :
The competition of computers competing to solve a tough crypto math problem. The first computer that does this is allowed to create new blocks and record information.” The miner is then usually rewarded via transaction fees.
Protocol:
A standardized set of rules for formatting and processing data.
Public key / private key:
A cryptographic code that allows a user to receive cryptocurrencies into an account. The public key is made available to everyone via a publicly accessible directory, and the private key remains confidential to its respective owner. Because the key pair is mathematically related, whatever is encrypted with a public key may only be decrypted by its corresponding private key.
Pump and dump:
Massive buying and selling activity of cryptocurrencies (sometimes organized and to one’s benefit) which essentially result in a phenomenon where the significant surge in the value of coin followed by a huge crash take place in a short time frame.
Recovery phrase:
A set of phrases you are given whereby you can regain or access your wallet should you lose the private key to your wallets — paper, mobile, desktop, and hardware wallet. These phrases are some random 12–24 words. A recovery Phrase can also be called as Recovery seed, Seed Key, Recovery Key, or Seed Phrase.
REKT:
Referring to the word “wrecked”. It defines a situation whereby an investor or trader who has been ruined utterly following the massive losses suffered in crypto industry.
Ripple:
An alternative payment network to Bitcoin based on similar cryptography. The ripple network uses XRP as currency and is capable of sending any asset type.
ROI:
Return on investment.
Safu:
A crypto term for safe popularized by the Bizonnaci YouTube channel after the CEO of Binance tweeted
“Funds are safe."
“the exchage I use got hacked!”“Oh no, are your funds safu?”
“My coins better be safu!”

Sats/Satoshi:
The smallest fraction of a bitcoin is called a “satoshi” or “sat”. It represents one hundred-millionth of a bitcoin and is named after Satoshi Nakamoto.
Satoshi Nakamoto:
This was the pseudonym for the mysterious creator of Bitcoin.
Scalability:
The ability of a cryptocurrency to contain the massive use of its Blockchain.
Sharding:
A scaling solution for the Blockchain. It is generally a method that allows nodes to have partial copies of the complete blockchain in order to increase overall network performance and consensus speeds.
Shitcoin:
Coin with little potential or future prospects.
Shill:
Spreading buzz by heavily promoting a particular coin in the community to create awareness.
Short position:
Selling of a specific cryptocurrency with an expectation that it will drop in value.
The online marketplace where drugs and other illicit items were traded for Bitcoin. This marketplace is using accessed through “TOR”, and VPNs. In October 2013, a Silk Road was shut down in by the FBI.
Smart Contract:
Certain computational benchmarks or barriers that have to be met in turn for money or data to be deposited or even be used to verify things such as land rights.
Software Wallet:
A crypto wallet that exists purely as software files on a computer. Usually, software wallets can be generated for free from a variety of sources.
Solidity:
A contract-oriented coding language for implementing smart contracts on Ethereum. Its syntax is similar to that of JavaScript.
Stable coin:
A cryptocoin with an extremely low volatility that can be used to trade against the overall market.
Staking:
Staking is the process of actively participating in transaction validation (similar to mining) on a proof-of-stake (PoS) blockchain. On these blockchains, anyone with a minimum-required balance of a specific cryptocurrency can validate transactions and earn Staking rewards.
Surge:
When a crypto currency appreciates or goes up in price.
Tank:
The opposite of mooning. When a coin tanks it can also be described as crashing.
Tendies
For traders , the chief prize is “tendies” (chicken tenders, the treat an overgrown man-child receives for being a “Good Boy”) .
Token:
A unit of value that represents a digital asset built on a blockchain system. A token is usually considered as a “coin” of a cryptocurrency, but it really has a wider functionality.
TOR: “The Onion Router” is a free web browser designed to protect users’ anonymity and resist censorship. Tor is usually used surfing the web anonymously and access sites on the “Darkweb”.
Transaction fee:
An amount of money users are charged from their transaction when sending cryptocurrencies.
Volatility:
A measure of fluctuations in the price of a financial instrument over time. High volatility in bitcoin is seen as risky since its shifting value discourages people from spending or accepting it.
Wallet:
A file that stores all your private keys and communicates with the blockchain to perform transactions. It allows you to send and receive bitcoins securely as well as view your balance and transaction history.
Whale:
An investor that holds a tremendous amount of cryptocurrency. Their extraordinary large holdings allow them to control prices and manipulate the market.
Whitepaper:

A comprehensive report or guide made to understand an issue or help decision making. It is also seen as a technical write up that most cryptocurrencies provide to take a deep look into the structure and plan of the cryptocurrency/Blockchain project. Satoshi Nakamoto was the first to release a whitepaper on Bitcoin, titled “Bitcoin: A Peer-to-Peer Electronic Cash System” in late 2008.
And with that I finally complete my odyssey. I sincerely hope that this helped you and if you are new, I welcome you to crypto. If you read all of that I hope it increased, you in knowledge.
my final definition:
Crypto-Family:
A collection of all the HODLers and crypto fanatics. A place where all people alike unite over a love for crypto.
We are all in this together as we pioneer the new world that is crypto currency. I wish you a great day and Happy HODLing.
-u/flacciduck
feel free to comment words or terms that you feel should be included or about any errors I made.

1M BTC wallet

Can someone please explain me why Satoshi's 1 million BTC wallet is not visible on the blockchain?

[ilpt] my indepth guide to ewhoring (250+ a day)

New to this forum so id like to share some of my experience with one of the things that made me a lot, ewhoring.
​​​​​​​3) Smspva.com and smspool are great tools to get disposable phone numbers to create new accounts. For a small payment of like 50c to 1 per phone number. This can be paid through bitcoin. Hopefully you’ve made enough money at this stage through the traffic you got from your own number. (Yes using your own number is fine if you don’t care about getting banned from TindePOF) anyways. We will talk about how to get your ewhoring money into bitcoin in the next step. 4) Once your money is in bitcoin you can do whatever you want with it, in PayPal if you keep the money in your account to long it can be risked getting locked since you’ll be creating a PayPal account with your girls name/email. PayPal will constantly ask you to verify your account by adding a credit card or sometimes locking your account until you send proof of id. You can only get a maximum of 2500 per unverified PayPal account before they ask for verification (proof of id) you can create new PayPal accounts with new phone numbers through smspva/smspool. Paxful is a great tool to transfer your PayPal money to bitcoin. all tough ive heard you can trade PayPal to bitcoin on multiple other sites. Paxful was the one to work best for me. As I wouldn’t recommend keeping money in your PayPal account to long I suggest getting it into bitcoin asap. After a while paxful will ask for verification on your account. At this point you can just create a new account with a new email/phone number using smspool. I don’t think smspva has paxful verification phone numbers. Personally I traded about 300 at a time on paxful. And id be very wary of scammers. Once the bitcoin is in your paxful wallet. Transfer it to a third party wallet like Blockchain. 5) Let’s get back to the snapchat, remember it’s all about social engineering, get rid of the time wasters, all you want to do is create a private story to post a bunch of nude videos in and put on your main story and try advertise to everyone that your selling a premium snapchat, my prices were 20 monthly 30 lifetime to be a premium member. I charged 40 an hour for video calls. Yes I just blocked them after I received the payment. I charged 150 an hour 400 a night for meetups. With meetup scams I would ask them to pay a 75 deposit through PayPal and id send them the address, they can pay rest cash in hand or in PayPal. Once they would arrive at the address I’ve sent, (this would be a random for sale or address where no one lives in) I would tell them to pay the rest in PayPal and I’ll let them into the house. Even if they said they’d pay the rest in cash id still try tricking them into sending the rest of the payment in PayPal. I’ve made 750 of one guy using this method. Tips: • Do not transfer money over to a friend’s account to take it out through the bank its linked to, sometimes PayPal will ban all the accounts you’ve sent money to, I’ve no idea why this is a thing but I’ve had multiple peoples PayPal accounts get banned just because I’ve sent money to it. • Get rid of time wasters, if someone makes it clear they won’t pay block them or ignore. Don’t give away previews. The previews are on your story. • With big money transfers it must be your number one priority to get rid of that money from your PayPal account ASAP, remember that PayPal are always tracking you, they always have their eye on this sort of thing. Once a report has been made about your account it could be locked and you will not get your money back. • Make sure all your customers know to send money through PayPal using friends and family only. Business transfers can be reversed easily and it gets put on hold much more. • Don’t do anything stupid. Such as sign into the PayPal account on an iPhone. Phones have all your data on it; you can easily be traced on. Manage as many accounts on your pc/laptop and use the same name for everything, clear your cookies and don’t sign into your PayPal account multiple different times under different ip addresses, this will trigger 2fa and you won’t be able to verify your account with a disposable number • If your account does get locked under 2fa and you don’t have the original phone number. You can contact PayPal through live chat and just tell them it’s an old number you no longer have access to. They’ll ask for info such as your email full name and home address linked to the account. (Btw the home address can be set to any address just remember it) once you clarify this with the PayPal live support person they will unlock the account. I don’t know if this works 100 percent of the time but I speak from experience. • To download snapbreak you will have to downgrade using a tweak called Appstore++ snapbreak was a paid tweak that is no longer in development because it got cracked. It was originally 50 but now you can get it for free on some repos. ALWAYS remember to stay on the same version of snap per account. any feed back on this method would be greatly appreciated, tell me what you think :) submitted by ryansheraa to IllegalLifeProTips [link] [comments] Daily Discussion, June 08, 2020 Please utilize this sticky thread for all general Bitcoin discussions! If you see posts on the front page or /Bitcoin/new which are better suited for this daily discussion thread, please help out by directing the OP to this thread instead. Thank you! If you don't get an answer to your question, you can try phrasing it differently or commenting again tomorrow. Join us in the Bitcoin Chatroom! Please check the previous discussion thread for unanswered questions. submitted by rBitcoinMod to Bitcoin [link] [comments] Everyday info sec, hardcore info sec, and DNMs Edit: Currently writing a new version of this, dont know when it will be done. Edit: Since first post I have updated a few sections with additional information. I recommend reading it all even if it is very long, I might have placed some relevant info in different sections while thinking about what else needed to be added, plenty of steps remains mostly the same except when I comment directly on it. It is not necessary to do 100% security all the time, unless you absolutely need it, combining some high and some lower security ideas for a balance of security and convenience is useful. I will base this mostly on Windows, Linux users probably know this, and I have no idea how apple machines work (tho many things in here are still relevant for other operating systems, as they are just general tips) Disclaimer: There are certainly other steps that can make you more anonymous or safer, however I think for most people this will surfice. Any software I recommend should be independently verified for security, and examples of software are not to be taken as endorsements. I simply use examples and give recommendations when I believe it necessary, or helpful. I will not really differentiate between anonymity and security, they are often the same thing. As such the word security can mean either more anonymous, less vulnerable, or both. -------- Everyday Simple Info Sec: • Password for the device is an obvious one (8+ characters minimum, best if over +12), if there is sensitive information on any of the drives, either encrypt the entire drive or just the sensitive files, and make encrypted backups on a different memory storage device (There many programs to encrypt files and drives I'm sure a search will figure it out) -There could be a hidden administrator user on your PC, make sure to change its password • Always use the device on a non admin account • a VPN that doesn't log (use with kill switch on, should be enough for everyday stuff, more safe stuff in the high security section) (VPNs that claim they don't log sometimes do, it's bad, but I would like to point out that not using a VPN will always expose your traffic to your ISP and also remove additional encryption. Even if the VPN tracks, there is no downside because your ISP would track anyways, and VPNs can be more anonymous, and also add extra encryption) • disable location tracking (preferably make all your privacy setting to release minimal info, get rid or cortana, change privacy settings in all of your accounts as well, there's no reason why you should allow Facebook to give you target ads. Use the setting they give you. • TOR, Firefox or similar browser, stay the fuck away from Google Chrome. • your preferred search engine should be duckduckgo (other privacy focused search engines exist as well) • use an adblocker that also prevents the adding of tacking cookies • Use pgp with all your friends or messaging services that implemented end to end encryption (Implemented services can still be bypassed, but are way more convenient so for everyday use they should suffice, some examples should be Telegraph, Signal, WhatsApp etc) (more info on pgp in high security section) (Snapchat msgs, reddit dms, discord msgs, are just a few examples of msgs that are never encrypted) -Any info even send in encrypted msgs (and obviously non encrypted) should still be kept with possible deniability, don't say "I'm gonna do MDMA", say "I'm going out with molly." • use software (like ccleaner) that purges cookies and other data after every use, before shutting down your device • use a virus scanner daily (I like spy bot Search and destroy, many other options also exist) • never use the same password/passphrase twice (I will address what passphrase are below) (Better yet use randomized passwords that are stored in a master key chain, make them as long as possible (tho it is okay to go with the minimum of 12 never go below 7, I recommend 15+ depending on how often you have to manually enter the password instead of copying/pasting it) Don't generate too long keys for things you need to access regularly without copy/paste, except your master key ring) • its ideal to never use the same email or username as well, especially username, email is obviously tricky and also very annoying, but it would be best to always change the email. • it's also ideal to check https://haveibeenpwned.com and anything you have that comes up positive should be immediately changed -DO NOT STORE ANY PASSWORDS ON GOOGLE, IF GOOGLE LOGIN IS AUTHENTICATED IT WILL AUTFILL ALL PASSWORDS IT HAS SAVED (same with other similar services) (This means if you are logged in to chrome and someone has access to your machine, they can auto fill passwords without entering a single password) -use a rememberable passphrase, especially for your master key ring aka password manager A long sentence that is memorable makes an okay password (decent example,: "I met my wife at Little Ceasers for the first time on 07/09/20" better even if it's just something you know, if its impersonal, and if you can add special characters or numbers that you won't forget) (A better example for a passphrase is: "There is 0nly 0ne letter that d0esn’t appear in any U.S. state nameQ") • for your main password manager(key ring), I highly recommend Keepass 2, make backups of the file save to separate devices and drives (Flash drives, phone, PC, laptop, etc, if you loose that file, you lose all of your passwords) (Other good password managers exist as well, I don't recommend online password managers as you lose the control over passwords) -Purge your internet activity frequently, there's a reason why I only have one post, and a few comments appearing in my account, but thousands of kama. Exposing information needlessly is not good. -Never post private information publicly, and if you do, do it vaguely as possible. (Example: Not "I'm 15", say "I'm a teenager") Do not post any vital information ever, no birthdays, mother's maiden name, age, or anything you have ever seen in a security question. Never post your current activities while they are ongoing. You going on a vacation? Don't announce it to the world, taking picture there? Post them when you are home. • Any account that is supposed to remain anonymous and as secure as possible should only be used on secured devices. A unsecured device can link you to the account. • always shutdown your machine when leaving it (To prevent access, and to prevent a possible attack vector) • 2 factor factor authentication is not great anymore. Unless you can do it over a anonymous source. A cell phone is usually directly connected to you, so it is not a anonymous device. There might still be secure/anonymous 2 factor authentication methods that won't expose you, for example over a secure email. (If there is 2FA that doesn't need a device that removes anonymity and is secure, use it.) (Please don't misunderstand, 2FA is great, however it can remove the anonymity that you worked hard to establish) -Rethink how you do security questions. Many answers to security questions can be found in your internet history. One could use the first word of the security question as an answer, or a different sceme that will mean you always remember it. (Security question need to go, the amount of personal info an average person puts on the internet makes it easy to attack anything using security question) -------_ High level crimimal information security: The motto here is, "All the Security, All the Time" As one fuck up can end with you leaving a lick of traceability, and you could be fucked. Pre Note: All of your software should always be up to date. Also even perfect info sec does not guarantee you are completely safe, a new zero day (exploit) can still fuck you, but good info security makes you significantly safer, by eliminating as many attacks as possible. -Get a new device (or make a already owned device seem like you never owned it, do this only if you know how to, there's a lot of stuff that goes into that, like changing your mac adress etc) buy with cash, and your face covered, preferably far away from where you live. (Do I need to specify to not bring your phone or anything else that tracks your location to anywhere you want to go anonymously?) (Be aware that even hardware can have vulnerabilities, many cpus have known vulnerabilities, I can't list them all, do some research before buying) • Do not EVER use a high security device at any lower level of security. There are unique identifiers to your device, exposing them once can expose you for everything you do. -If you know how to use Tails (A linux distro designed for Info sec) use that, preferably on a USB. (Or learn how to use tails, its better, but complicated) Otherwise a clean copy of windows (make sure its not in any way associated with you) can do the job too, tho not as well. (Using a VM might give extra security, since VMs usually erase all data and RAM they were using on shutdown) -Get a non tracking VPN, Enable the kill switch (a setting that disables all traffic that doesn't go through the VPN) (change your firewall settings to only allow the traffic from the VPN, windows guide (Change settings so only traffic from the tor application is send) Edit: (Due to complaints: do not use vpn over tor, use tor over vpn. tor over vpn has no notable downside, if the VPN logs it makes no difference, your ISP will always log anyways, and vpns remove other attack vectors and also provide backup security should tor fail. Again even if the VPN tracks you only change the people doing the tracking, but now you are further removed making it more anonymous and also with less vulnerabilities) -rember privacy settings, cookie cleaner, and antivirus, password (There could be a hidden administrator user on your PC, make sure to change its password) -Always use the device on a non admin account -Ideally use this device only on networks that are not connected with you. Such as public networks (try to never use the same public networks twice, move around) (a home network should be fine now, as it should never be exposed, but more security is always better) (Its just a conveniences vs security trade) -Never use accounts that have been exposed to lower security on higher security machines -your browser is now TOR (or your preferred security focused browser, if you dont plan on using onion ) Make sure you get the standalone version of tor not the addon build (the standalone is safer, because there are less settings and options to tweak) -Change your tor settings, to safest mode, enable a bridge (to my knowledge there's no difference in security between the build in bridges in tor), enable automatic updates, set duckduckgo onion as your primary browser. Set dark.fail onion page as your home page. (Or your preferred privacy search engine and onion directory) • set up a new pgp (can't use the same one you use for regular use, again less safer accounts are never used on safer devices) Cleopatra is my choice, its simple to use. Make sure you back up the private key multiple times, on safe devices. (Dont let the private key fall into anyone's hands) Give it a generic name like "HighSecurityPGP" do not give the pgp key pair a name that could identify you. (No initials etc) (Some pgp key pair programs want an associated email for a key pair, you can create a safe email, or which I recoend you can use a different program (like Cleopatra) (Feds & LEOs are known to copy private keys if they have your machine, so you will need to set up a new key pair if they ever take a device with a private key copy) • a high security machine that facilitates criminal activity can not use many programs. Many programs collect your devices mac adress, which is a unique identifier, amongst other things. It's should be used only for the activity you want to do. -------_ How to use dark net markets (DNMs) If you finished your High Security setup, we can dive right in. Otherwise go do that. This is where all that is essential. Quick info on Tor, and onion sites. There is no search engine. It's all based of directories and addresses you are given by others. Tor will likely not be very quick, it has to pass through multiple networks to get to the destination. DNMs sometimes exit scam, an exit scam is when a market shuts down completely and takes all the money, this is a risk when using DNMs, it's not too common but happens maybe 0-4 times a year. The admins of thoese servers need to get out at some point, before they get jailed, so they exit the game, and scam everyone out of their money. -A very useful onion directory is dark.fail it has a lot of links, for all kinds of stuff. News, email, DNMs, Psychonautwiki (harm reduction website), forums etc. (Other directories also exist) -Pick a market, preferably one that handles secure connection server side instead of requiring you to establish the secure connection. Then create an account. Your account once created should include an entry box in your profile for a pgp key, post your PUBLIC key in there. (Verify the link is not a scam, most markets should provide a pgp signature) -Next is currency setup. All major cryptocurrency exchangers can be used, I can recommend coin base but there could be better ones out there. Unless you find a small non U.S., exchange, they will always ask for your identity. So unless you can find a trustworthy exchange that doesn't ID, you will need to give it to them. (Side note, all major crypto exchangers report to the IRS, if the IRS asks you if you bought cryptocurrency and you bought while having IDed yourself SAY YES, DO NOT COMMIT TAX FRAUD WHEN THEY KNOW YOU DID) • I recommend using Monero, it's hard to track, so it makes your job a lot easier. (If you use bitcoin you should run it through a scrambler, because BTC is tracable to anyone who knows what they are doing) -Transfer (monero you can send directly, btc you should scramble) to your wallet. There are two options a cold wallet (physical) or a software wallet. Software wallets usually dont cost anything so I recommend them, even if often less safe. Electrum is easy to use, and pretty safe. You can also do your own research and find a wallet that fits your needs. • decide where you want to ship it. You can send to your home, to a PO box, to a PO box that you opened with a fake ID (I don't recommend), an abandoned house, general mail (sending to a post office instead of a street adress) pickup up with fake ID, use a remailing service. These are some options, sending it to your own home, isn't ideal, but its pretty much the only easy way. -now you are ready to buy, only buy using escrow (it means the money is held by the market as a middle man until the product is delivered, they will also handle any issues like wrong quantity, cuts, etc), judge the reviews for a product, and if available look at the history of the vendor, until you find a product from a vendor you trust. (I recommend to buy within your country as much as possible, so it doesn't go through customs, it's very rare that something is found, but it can happen) -now you get to buy, depending on market, you either have cryptocurrency stored in their wallets (not recommend, you will lose it in an exit scam) or you can send it every order. When you send your delivery adress (or the one you want it to go to) encrypt the adress using the sellers public key. Make sure the adress is correct. -wait for the product, make sure to extend the escrow until the product arrives, if you can't extend it anymore dispute the order, and a moderator will step in -test the product, use it, and leave a review. PLEASE LEAVE A REVIEW, DNMs only work because of reviews. Edit: Didn't imagine I would write over 15000 words. Oh well, it was fun. Hope it helps, if you have any questions feel free to ask. No idea how long this will stay up, I might purge it in 7 days, or never. submitted by seven_N_A7 to u/seven_N_A7 [link] [comments] Gridcoin 5.0.0.0-Mandatory "Fern" Release https://github.com/gridcoin-community/Gridcoin-Research/releases/tag/5.0.0.0 Finally! After over ten months of development and testing, "Fern" has arrived! This is a whopper. 240 pull requests merged. Essentially a complete rewrite that was started with the scraper (the "neural net" rewrite) in "Denise" has now been completed. Practically the ENTIRE Gridcoin specific codebase resting on top of the vanilla Bitcoin/Peercoin/Blackcoin vanilla PoS code has been rewritten. This removes the team requirement at last (see below), although there are many other important improvements besides that. Fern was a monumental undertaking. We had to encode all of the old rules active for the v10 block protocol in new code and ensure that the new code was 100% compatible. This had to be done in such a way as to clear out all of the old spaghetti and ring-fence it with tightly controlled class implementations. We then wrote an entirely new, simplified ruleset for research rewards and reengineered contracts (which includes beacon management, polls, and voting) using properly classed code. The fundamentals of Gridcoin with this release are now on a very sound and maintainable footing, and the developers believe the codebase as updated here will serve as the fundamental basis for Gridcoin's future roadmap. We have been testing this for MONTHS on testnet in various stages. The v10 (legacy) compatibility code has been running on testnet continuously as it was developed to ensure compatibility with existing nodes. During the last few months, we have done two private testnet forks and then the full public testnet testing for v11 code (the new protocol which is what Fern implements). The developers have also been running non-staking "sentinel" nodes on mainnet with this code to verify that the consensus rules are problem-free for the legacy compatibility code on the broader mainnet. We believe this amount of testing is going to result in a smooth rollout. Given the amount of changes in Fern, I am presenting TWO changelogs below. One is high level, which summarizes the most significant changes in the protocol. The second changelog is the detailed one in the usual format, and gives you an inkling of the size of this release. Highlights Protocol Note that the protocol changes will not become active until we cross the hard-fork transition height to v11, which has been set at 2053000. Given current average block spacing, this should happen around October 4, about one month from now. Note that to get all of the beacons in the network on the new protocol, we are requiring ALL beacons to be validated. A two week (14 day) grace period is provided by the code, starting at the time of the transition height, for people currently holding a beacon to validate the beacon and prevent it from expiring. That means that EVERY CRUNCHER must advertise and validate their beacon AFTER the v11 transition (around Oct 4th) and BEFORE October 18th (or more precisely, 14 days from the actual date of the v11 transition). If you do not advertise and validate your beacon by this time, your beacon will expire and you will stop earning research rewards until you advertise and validate a new beacon. This process has been made much easier by a brand new beacon "wizard" that helps manage beacon advertisements and renewals. Once a beacon has been validated and is a v11 protocol beacon, the normal 180 day expiration rules apply. Note, however, that the 180 day expiration on research rewards has been removed with the Fern update. This means that while your beacon might expire after 180 days, your earned research rewards will be retained and can be claimed by advertising a beacon with the same CPID and going through the validation process again. In other words, you do not lose any earned research rewards if you do not stake a block within 180 days and keep your beacon up-to-date. The transition height is also when the team requirement will be relaxed for the network. GUI Besides the beacon wizard, there are a number of improvements to the GUI, including new UI transaction types (and icons) for staking the superblock, sidestake sends, beacon advertisement, voting, poll creation, and transactions with a message. The main screen has been revamped with a better summary section, and better status icons. Several changes under the hood have improved GUI performance. And finally, the diagnostics have been revamped. Blockchain The wallet sync speed has been DRASTICALLY improved. A decent machine with a good network connection should be able to sync the entire mainnet blockchain in less than 4 hours. A fast machine with a really fast network connection and a good SSD can do it in about 2.5 hours. One of our goals was to reduce or eliminate the reliance on snapshots for mainnet, and I think we have accomplished that goal with the new sync speed. We have also streamlined the in-memory structures for the blockchain which shaves some memory use. There are so many goodies here it is hard to summarize them all. I would like to thank all of the contributors to this release, but especially thank @cyrossignol, whose incredible contributions formed the backbone of this release. I would also like to pay special thanks to @barton2526, @caraka, and @Quezacoatl1, who tirelessly helped during the testing and polishing phase on testnet with testing and repeated builds for all architectures. The developers are proud to present this release to the community and we believe this represents the starting point for a true renaissance for Gridcoin! Summary Changelog Accrual Changed Most significantly, nodes calculate research rewards directly from the magnitudes in EACH superblock between stakes instead of using a two- or three- point average based on a CPID's current magnitude and the magnitude for the CPID when it last staked. For those long-timers in the community, this has been referred to as "Superblock Windows," and was first done in proof-of-concept form by @denravonska. • Network magnitude unit pinned to a static value of 0.25 • Max research reward allowed per block raised to 16384 GRC (from 12750 GRC) • New CPIDs begin accruing research rewards from the first superblock that contains the CPID instead of from the time of the beacon advertisement Removed • 500 GRC research reward limit for a CPID's first stake • 6-month expiration for unclaimed rewards • 10-block spacing requirement between research reward claims • Rolling 5-day payment-per-day limit • Legacy tolerances for floating-point error and time drift • The need to include a valid copy of a CPID's magnitude in a claim • 10-block emission adjustment interval for the magnitude unit Beacons Added • One-time beacon activation requires that participants temporarily change their usernames to a verification code at one whitelisted BOINC project • Verification codes of pending beacons expire after 3 days • Self-service beacon removal Changed • Burn fee for beacon advertisement increased from 0.00001 GRC to 0.5 GRC • Rain addresses derived from beacon keys instead of a default wallet address • Beacon expiration determined as of the current block instead of the previous block Removed • The ability for developers to remove beacons • The ability to sign research reward claims with non-current but unexpired beacons Unaltered As a reminder: • Beacons expire after 6 months pass (180 days) • Beacons can be renewed after 5 months pass (150 days) • Renewed beacons must be signed with the same key as the original beacon Superblocks Added • Magnitudes less than 1 include two fractional places • Magnitudes greater than or equal to 1 but less than 10 include one fractional place Changed • A valid superblock must match a scraper convergence Removed • Superblock popularity election mechanics Voting Added • Yes/no/abstain and single-choice response types (no user-facing support yet) Changed • To create a poll, a maximum of 250 UTXOs for a single address must add up to 100000 GRC. These are selected from the largest downwards. • Burn fee for creating polls scaled by the number of UTXOs claimed • 50 GRC for a poll contract • 0.001 GRC per claimed UTXO • Burn fee for casting votes scaled by the number of UTXOs claimed • 0.01 GRC for a vote contract • 0.01 GRC to claim magnitude • 0.01 GRC per claimed address • 0.001 GRC per claimed UTXO • Maximum length of a poll title: 80 characters • Maximum length of a poll question: 100 characters • Maximum length of a poll discussion website URL: 100 characters • Maximum number of poll choices: 20 • Maximum length of a poll choice label: 100 characters Removed • Magnitude, CPID count, and participant count poll weight types • The ability for developers to remove polls and votes Detailed Changelog [5.0.0.0] 2020-09-03, mandatory, "Fern" Added • Backport newer uint256 types from Bitcoin #1570 (@cyrossignol) • Implement project level rain for rainbymagnitude #1580 (@jamescowens) • Upgrade utilities (Update checker and snapshot downloadeapplication) #1576 (@iFoggz) • Provide fees collected in the block by the miner #1601 (@iFoggz) • Add support for generating legacy superblocks from scraper stats #1603 (@cyrossignol) • Port of the Bitcoin Logger to Gridcoin #1600 (@jamescowens) • Implement zapwallettxes #1605 (@jamescowens) • Implements a global event filter to suppress help question mark #1609 (@jamescowens) • Add next target difficulty to RPC output #1615 (@cyrossignol) • Add caching for block hashes to CBlock #1624 (@cyrossignol) • Make toolbars and tray icon red for testnet #1637 (@jamescowens) • Add an rpc call convergencereport #1643 (@jamescowens) • Implement newline filter on config file read in #1645 (@jamescowens) • Implement beacon status icon/button #1646 (@jamescowens) • Add gridcointestnet.png #1649 (@caraka) • Add precision to support magnitudes less than 1 #1651 (@cyrossignol) • Replace research accrual calculations with superblock snapshots #1657 (@cyrossignol) • Publish example gridcoinresearch.conf as a md document to the doc directory #1662 (@jamescowens) • Add options checkbox to disable transaction notifications #1666 (@jamescowens) • Add support for self-service beacon deletion #1695 (@cyrossignol) • Add support for type-specific contract fee amounts #1698 (@cyrossignol) • Add verifiedbeaconreport and pendingbeaconreport #1696 (@jamescowens) • Add preliminary testing option for block v11 height on testnet #1706 (@cyrossignol) • Add verified beacons manifest part to superblock validator #1711 (@cyrossignol) • Implement beacon, vote, and superblock display categories/icons in UI transaction model #1717 (@jamescowens) • neuralnet: Add integrity checking to researcher accrual snapshot registry #1727 (@jamescowens) • Add workaround for scrypt assembly on macOS #1740 (@cyrossignol) • gui: Build onboarding/beacon wizard #1739 (@cyrossignol) • doc: Add CONTRIBUTING.md from bitcoin #1723 (@div72) • rpc: Implement inspectaccrualsnapshot and parseaccrualsnapshotfile #1744 (@jamescowens) • scraper: Add disk based state backing for verified beacon list in scraper #1751 (@jamescowens) • Add ability to recover beacon in block version 11+ #1768 (@cyrossignol) • refactor: Add transaction context to contract handlers #1777 (@cyrossignol) • gui: Add context for when BOINC is attached to a pool #1775 (@cyrossignol) • doc: Clarify what to do if PR in multiple categories (for CONTRIBUTING.md) #1798 (@RoboticMind) • qt: Add option to choose not to start the wallet minimized #1804 (@jamescowens) • superblock: Add check for OutOfSyncByAge to SuperblockValidator::Validate #1806 (@jamescowens) • contract: Standardize contract validation and add block context #1808 (@cyrossignol) • add seed.gridcoin.pl to default config #1812 (@wilkart) • gui: Implement sidestake send display #1813 (@jamescowens) • gui: Add pool/investor pages to researcher wizard #1819 (@cyrossignol) • ci: Port lint scripts from Bitcoin #1823 (@div72) • doc: Create basic readme in contrib #1826 (@RoboticMind) • gui: Implement TransactionRecord::Message #1829 (@jamescowens) • rpc: Add private_key_available to beaconstatus #1833 (@a123b) • gui: Validate email address in researcher wizard #1840 (@a123b) • rpc: Add "getrawwallettransaction" RPC function #1842 (@cyrossignol) • consensus: Set block version 11 threshold height for mainnet #1862 (@cyrossignol) Changed • Upgrade LevelDB from v1.17 to v1.20 #1562 (@cyrossignol) • Re-enable scrypt optimizations #1450 (@denravonska) • Derive CScript from prevector type (optimization) #1554 (@cyrossignol) • Disable quorum for grandfathered blocks to speed up sync #1568 (@cyrossignol) • Refactor hashBoinc for binary claim contexts #1558 (@cyrossignol) • integrated_scraper_2 branch tracking PR #1559 (@jamescowens) • Upgrade depends - OpenSSL to 1.1.1d #1581 (@jamescowens) • Ubuntu 19.10 fixes #1590 (@denravonska) • Force a re-parse of legacy claims in generated blocks #1592 (@cyrossignol) • Improve the "versionreport" RPC output #1595 (@cyrossignol) • Overhaul the core tally and accrual system #1583 (@cyrossignol) • Overhaul the superblock quorum system #1597 (@cyrossignol) • Add more data to the "superblocks" RPC output #1599 (@cyrossignol) • Update Windows Build doc #1606 (@barton2526) • Change the order of calls in gridcoinresearchd.cpp to optimize rpc shunt path #1610 (@jamescowens) • Change staking tooltip to display frequency #1611 (@jamescowens) • Enhancements to ETTS #1442 (@jamescowens) • Standardize money values as integers #1614 (@cyrossignol) • Clean up and optimize legacy coin age code #1616 (@cyrossignol) • Some scraper cleanups #1620 (@jamescowens) • Reorganize accrual code and fix 6-month cutoff #1630 (@cyrossignol) • Update Copyright years #1633 (@barton2526) • Change team whitelist delimiter to <> for CPID detection #1634 (@cyrossignol) • Change team whitelist separator to <> to accomodate more team names #1632 (@jamescowens) • Change Curl download speed type to support older environments #1640 (@cyrossignol) • Optimize logo SVGs used for tray icons #1638 (@cyrossignol) • Tweak consolidateunspent rpc function #1644 (@jamescowens) • ETTS and staking icon enhancements #1650 (@jamescowens) • Implement new transaction fees for block version 11 #1652 (@jamescowens) • Optimize in-memory storage of superblock data #1653 (@cyrossignol) • Miscellaneous superblock API improvements and housekeeping #1654 (@cyrossignol) • Update openssl to 1.1.1f compatibility #1660 (@jamescowens) • Optimize bdb to avoid synchronous flush of database #1659 (@jamescowens) • Add support for CPID input to "lifetime" RPC function #1668 (@cyrossignol) • Overhaul the contract handling system #1669 (@cyrossignol) • Make the autostart mainnet/testnet aware #1671 (@jamescowens) • Remove slashes from User Agent in peers tab #1674 (@div72) • Refactor contracts for polymorphic binary payloads #1676 (@cyrossignol) • Overhaul the beacon system #1678 (@cyrossignol) • Replace boost::optional with non-owning pointers #1680 (@cyrossignol) • Optimize proof-of-stake validation #1681 (@cyrossignol) • Updated Slack link #1683 (@NeuralMiner) • Update build-unix.md #1686 (@Quezacoatl1) • Replace deprecated QT methods #1693 (@Pythonix) • Made protocol.h more similar to bitcoin #1688 (@Pythonix) • Touch up some details for block version 11 #1697 (@cyrossignol) • More tweaks for block version 11 #1700 (@cyrossignol) • Finish the conversion to the BCLog class based logger #1699 (@jamescowens) • Move claim version transitional code in miner for proper signature #1712 (@cyrossignol) • doc: Update threads in coding.txt #1730 (@div72) • qt: Include QPainterPath in trafficgraphwidget.cpp #1733 (@div72) • doc: Update doc/build-unix.md #1731 (@div72) • gui: Show peers tab on connections icon click #1734 (@div72) • refactor: Change return type of IsMine to isminetype && move wallet files to wallet directory #1722 (@div72) • build: Updates boost to 1.73.0 for depends #1673 (@jamescowens) • doc: Update Unit Test Readme #1743 (@RoboticMind) • wallet: Change Assert To Error Message In kernel.cpp #1748 (@RoboticMind) • scraper: Shorten display representation of verification codes #1754 (@cyrossignol) • log: Change ".B." to Clear Message #1758 (@RoboticMind) • util: Fix braindamage in GetDefaultDataDir() #1737 (@jamescowens) • scraper: Improve scraper processing of beacon verifications #1760 (@jamescowens) • scraper: Add instrumentation to convergencereport #1763 (@jamescowens) • rpc: Improve rpc stress test script #1767 (@tunisiano187) • Generalize enum serialization #1770 (@cyrossignol) • scraper: Improve handling of ETags in http class and tweak verified beacon logic #1776 (@jamescowens) • scraper: Improve ProcessNetworkWideFromProjectStats and other tweaks #1778 (@jamescowens) • researcher: Automate beacon advertisement for renewals only #1781 (@cyrossignol) • gui: Tweak behavior of beacon page in researcher wizard #1784 (@cyrossignol) • Prepare for block version 11 hard-fork on testnet #1787 (@cyrossignol) • scraper: Modify UpdateVerifiedBeaconsFromConsensus #1791 (@jamescowens) • gui: Optimize OverviewPage::updateTransactions() #1794 (@jamescowens) • ci: Adopt ci changes from Bitcoin #1795 (@div72) • consensus: switch snapshot accrual calculation to integer arithmetic #1799 (@cyrossignol) • voting: Overhaul the voting system #1809 (@cyrossignol) • contract: Optimize contract replay after chain reorganization #1815 (@cyrossignol) • contract: Reimplement transaction messages as contracts #1816 (@cyrossignol) • staking: Sign claim contracts with coinstake transaction #1817 (@cyrossignol) • gui: Change research wizard text #1820 (@div72) • net: Update protocol version and clean up net messaging #1824 (@cyrossignol) • rpc, wallet: Corrections to GetAmounts #1825 (@jamescowens) • gui: Tweak some minor researcher wizard details #1830 (@cyrossignol) • gui: Change GetEstimatedStakingFrequency text #1836 (@jamescowens) • scraper: Scraper global statistics cache optimization #1837 (@jamescowens) • doc: Update Vulnerability Response Process #1843 (@RoboticMind) • scraper: Optimization of manifest and parts sharing between ConvergedScraperStatsCache, mapManifest, and mapParts #1851 (@jamescowens) • consensus: Update Checkpoints #1855 (@barton2526) • docs: Update docs to build off master #1856 (@barton2526) • gui: Fix and improve GUI combo box styles #1858 (@cyrossignol) • build: Tweak Gridcoin installer for Fern release #1863 (@jamescowens) Removed • Remove old research age checks (rebase #1365) #1572 (@cyrossignol) • Remove PrimaryCPID check from diagnostics dialog #1586 (@cyrossignol) • Remove missed label for PrimaryCPID from diagnostics #1588 (@cyrossignol) • Remove legacy quorum messaging system (@neural network) #1589 (@cyrossignol) • Remove old remnants of legacy smart contract experiments #1594 (@cyrossignol) • Remove block nonce for version 11 #1622 (@cyrossignol) • Delete obsolete contrib/Installer and Upgrader directories #1623 (@jamescowens) • Remove redundant LoadAdminMessages() calls #1625 (@cyrossignol) • Remove some legacy informational RPC commands #1658 (@cyrossignol) • Remove informational magnitude field from binary claims #1661 (@cyrossignol) • Remove fDebug3,4, and net and convert to BCLog::LogFlags #1663 (@jamescowens) • Remove qt5.7.1 depends support build System #1665 (@iFoggz) • Remove unused jQuery library #1679 (@cyrossignol) • Remove unused NetworkTimer() function and global state #1701 (@cyrossignol) • Refactor claim context objects into contracts #1704 (@cyrossignol) • Clean old assets up #1718 (@div72) • Remove legacy "rain" RPC (not by-project rain) #1742 (@cyrossignol) • Temporarily disable voting system on testnet #1769 (@cyrossignol) • gui: Remove legacy GUI transaction description for contracts #1772 (@cyrossignol) • gui: Remove transaction fee setting #1780 (@cyrossignol) • trivial: Cleanup unused legacy functions #1793 (@cyrossignol) • mining, rpc: Remove kernel-diff-best and kernel-diff-sum #1796 (@jamescowens) • refactor: Remove libs subdirectory #1802 (@div72) • scraper: cleanup unused/unnecessary functions #1803 (@jamescowens) • gui: Remove useless "Detach databases at shutdown" #1810 (@jamescowens) • test: Remove testnet condition for standard transactions #1814 (@cyrossignol) • consensus: Remove transitional testnet code #1854 (@cyrossignol) Fixed • Fix "Owed" amount in output of "magnitude" RPC method #1569 (@cyrossignol) • Add support for paths with special characters on Windows #1571 (@cyrossignol) • Fix lingering peers.dat temp files and clean up remaining paths #1582 (@cyrossignol) • Fix incorrect beacon length warning in GUI transaction list #1585 (@cyrossignol) • Fix default config file line endings on Windows #1587 (@cyrossignol) • Reenable Travis builds for MacOS #1591 (@jamescowens) • Correct peer detail info background color #1593 (@jamescowens) • Fix exception in debug3 mode #1598 (@cyrossignol) • Fix deadlock in "getmininginfo" RPC function #1596 (@cyrossignol) • Fix accuracy of statistics in "network" RPC output #1602 (@cyrossignol) • Fix heights for quorum vote weight calculations #1604 (@cyrossignol) • Fix deadlock in log archiver when rename fails #1607 (@cyrossignol) • Fix a spurious segmentation fault during client load on Windows with fast CPUs #1608 (@jamescowens) • Fix lock order debugging and potential deadlocks #1612 (@jamescowens) • Add dependencies #1613 (@Scalextrix) • Fix std namespace pollution #1617 (@denravonska) • Add missing condition for newbie accrual computer #1618 (@cyrossignol) • Track first reward blocks in research accounts #1619 (@cyrossignol) • Fix lingering beacon warning after advertisement #1627 (@cyrossignol) • Fix accrual calculation for new, zero-magnitude CPIDs #1636 (@cyrossignol) • Fix diagnostics, add ETTS test, fix tooltipcolor, add missing lock, and add email=investor check #1647 (@jamescowens) • Fix help message of two RPC methods #1656 (@div72) • Fix legacy accrual for newbie with non-zero past reward #1667 (@cyrossignol) • Fix GUI autostart on Windows for paths with wide characters #1670 (@cyrossignol) • Qualify boost bind placeholders with their full namespace #1672 (@Ponce) • Fix suffix when copying txids #1677 (@div72) • Unnecessary if-statement removed #1685 (@Pythonix) • Fix consolidatemsunspent Help Message #1687 (@Pythonix) • Fix gettransaction help message #1691 (@Pythonix) • Fix GetNewMint To Look for Stakes #1692 (@RoboticMind) • Suppress deprecated copy warnings for Qt with GCC 9+ #1702 (@cyrossignol) • Fix exclusion error on stats processing and misplaced ENDLOCK logging entry #1710 (@jamescowens) • Removed unnecessary comparison #1708 (@Pythonix) • Fixed typo #1707 (@Pythonix) • Fix out-of-bounds exception for peers tab version slashes #1713 (@cyrossignol) • Fix transition for v1 superblocks when reorganizing #1714 (@cyrossignol) • Touch up transition to version 2 transactions #1715 (@cyrossignol) • Avoid mutating transactions in ConnectBlock() #1716 (@cyrossignol) • Skip beacon advertisement when already pending #1726 (@cyrossignol) • Fix Windows cross-compilation in newer environments #1728 (@cyrossignol) • Fix out-of-bounds access in IsMineInner() #1736 (@cyrossignol) • Fix a couple of block version 11 issues #1738 (@cyrossignol) • Fix null pointer dereference in GUI researcher model #1741 (@cyrossignol) • accrual: Reset research accounts when rebuilding accrual snapshots #1745 (@cyrossignol) • scraper: Correct update for verified beacons #1747 (@jamescowens) • accrual: Refactor tally initialization for snapshot rebuild #1749 (@cyrossignol) • rpc: Fix "cpid" field in "beaconconvergence" RPC output #1750 (@cyrossignol) • accrual: Fix snapshot accrual superblock state transitions #1752 (@cyrossignol) • scraper: Correct stale verified beacon logic #1753 (@jamescowens) • rpc: Correct possible divide by zero in getblockstats #1755 (@jamescowens) • gui: Fix issues with researcher wizard flow #1756 (@cyrossignol) • wallet: Stop Error When Starting From Zero #1759 (@RoboticMind) • Don't count empty email as explicit investor #1761 (@cyrossignol) • accrual: Fix snapshot accrual superblock state transitions #1764 (@cyrossignol) • rpc: Cleanup Help Message and Fix Typo #1771 (@RoboticMind) • scraper: Fix scraper etag header case sensitivity #1773 (@cyrossignol) • consensus: Use explicit time to check if superblock needed #1774 (@cyrossignol) • gui: Fix scroll area dark theme styles #1785 (@cyrossignol) • rpc, gui: Fix three divide by zero possibilities #1789 (@jamescowens) • rpc: Fix balance pre-check in "rainbymagnitude" RPC #1792 (@cyrossignol) • accrual: Fix outdated comment and correct grammar #1800 (@RoboticMind) • gui: Fix stuck cursor on labels #1801 (@div72) • beacon: Fix research wizard beacon renewal status #1805 (@cyrossignol) • gui: Fix translations for port numbers #1818 (@cyrossignol) • util: Create parent directory #1821 (@div72) • mining: Fix coinstake/claim signature order #1828 (@cyrossignol) • voting: Remove double increment in loop #1831 (@cyrossignol) • neuralnet, scraper: Fix compilation with gcc5 and older libcurl #1832 (@a123b) • wallet: Fix smallest coin selection for contracts #1841 (@cyrossignol) • gui: Fix display of polls with no votes yet #1844 (@cyrossignol) • gui: add indentation to diagnostic status bar labels #1849 (@jamescowens) • voting, gui: Fix formatting and alignment of vote shares and percent #1850 (@jamescowens) • wallet, rpc: Fix for self-transactions in listtransactions #1852 (@jamescowens) • accrual: Clear any accrual snapshots when syncing from pre-v11 #1853 (@cyrossignol) • accrual: Fix reset of accrual directory if starting sync below research age height #1857 (@jamescowens) • gui: Fix researcher wizard layout on macOS with native theme #1860 (@cyrossignol) submitted by jamescowens to gridcoin [link] [comments] In Light of CipherTrace, Let's Talk Opsec So I was very skeptical at first, but Dave maybe convinced me about 10% that they have some level of capability in the direction they're suggesting. The techniques are stuff we've known, and it would require large computational resources, combined with loads of offchain data, but maybe they have taken efforts to the next level. It's my belief that govts and banks really dislike Monero. So with that in mind lets give them some small benefit of the doubt and take some creative license: • They amalgamate data from as many publicly available places, some exchanges, and resource sharing with big brother, deep state, govt agencies. Verdict: Near certainty. And I think we have long been aware that the off-chain data is where weaknesses can really creep in. Certainly we have been aware of the dragnet collection ongoing for 2 decades. • Conducting dust or poisoned output attacks on known public addresses, particularly for targets of interest. Also highly likely. • Correlation of IP addresses with on chain data? Recently mitigated with Dandelion++, but previously, medium likelyhood. Seems unlikely that they were correlating every clearnet IP/Tx, and obviously alot of us use ToI2P. But for targeted individuals, yeah probably. Perhaps they're even getting a feed of filtered dragnet IP data. • Transaction graphs. Statistically low useability unless combined with off-chain data. They're probably taking medium probability topologies and corroborating them with off-chain data, as well as poisoned outputs, to significantly increase the confidence of linkages. • Synergy. Yeah, puke, I know. But putting all that together, stripping decoys, generating sets of correlated outputs, provides some ability to gain further resolution on the tx graph, iteratively. I imagine they run countless iterations under different initial assumptions and constants tuning. Again, they would need some serious computational power and off-chain data feeds. I also imagine that their models suffer from time-decay, especially without a constant stream of hueristic data. Notice at the end he emphasized opsec. Here, I really do believe him. So finally, lets talk opsec. • Run your own node, over Tor or I2P. Dandelion is great, but it doesn't hurt to add an extra layer. • Always generate new subaddresses for every new customer, and avoid posting them to public locations. The less opportunity someone has to turn you into a dust attack, the better. That "refund address" that you get on MorphToken? Yeah, generate a new sub-address and don't re-use it. Regularly cycle your Bisq addresses. • Limit transactions from your smart phone as much as possible. • Don't be turning around transactions immediately after the 20-block limit. • If you suspect that you may have been vulnerable or targeted for some of the above analysis, and/or that you might have a set of correlated outputs, I suggest this: Spend all your funds to self, to a NEW wallet. Yes this will almost certainly confirm their suspected linkage, because you will be doing a multiple input tx containing all of your suspected linked outputs... BUT ... it will also break their future linkage. You will now have one real output with all your funds. Over the course of weeks/months, randomly churn it. They now lose the ability to use multiple-input transactions, to create probabilistic transaction graphs on you. They will quickly lose you in the decoys. • Be PARTICULARLY carefull before depositing funds to an exchange, especially if you suspect you might have poisoned outputs. I have mixed feelings on this. One of our selling points is default privacy made easy. A lot of what I wrote above doesn't exactly sound simple. On the other hand, crypto is about self responsibility and knowledge. Most people ought to have been adhering to at least the basics (ToVPN, new subaddresses, run your own node). But even if we give CT the benefit of the doubt, the following is still true: Newb use of Monero is far more private than ninja use of Bitcoin. submitted by bawdyanarchist to Monero [link] [comments] Technical: Taproot: Why Activate? This is a follow-up on https://old.reddit.com/Bitcoin/comments/hqzp14/technical_the_path_to_taproot_activation/ Taproot! Everybody wants it!! But... you might ask yourself: sure, everybody else wants it, but why would I, sovereign Bitcoin HODLer, want it? Surely I can be better than everybody else because I swapped XXX fiat for Bitcoin unlike all those nocoiners? And it is important for you to know the reasons why you, o sovereign Bitcoiner, would want Taproot activated. After all, your nodes (or the nodes your wallets use, which if you are SPV, you hopefully can pester to your wallet vendoimplementor about) need to be upgraded in order for Taproot activation to actually succeed instead of becoming a hot sticky mess. First, let's consider some principles of Bitcoin. • You the HODLer should be the one who controls where your money goes. Your keys, your coins. • You the HODLer should be able to coordinate and make contracts with other people regarding your funds. • You the HODLer should be able to do the above without anyone watching over your shoulder and judging you. I'm sure most of us here would agree that the above are very important principles of Bitcoin and that these are principles we would not be willing to remove. If anything, we would want those principles strengthened (especially the last one, financial privacy, which current Bitcoin is only sporadically strong with: you can get privacy, it just requires effort to do so). So, how does Taproot affect those principles? Taproot and Your /Coins Most HODLers probably HODL their coins in singlesig addresses. Sadly, switching to Taproot would do very little for you (it gives a mild discount at spend time, at the cost of a mild increase in fee at receive time (paid by whoever sends to you, so if it's a self-send from a P2PKH or bech32 address, you pay for this); mostly a wash). (technical details: a Taproot output is 1 version byte + 32 byte public key, while a P2WPKH (bech32 singlesig) output is 1 version byte + 20 byte public key hash, so the Taproot output spends 12 bytes more; spending from a P2WPKH requires revealing a 32-byte public key later, which is not needed with Taproot, and Taproot signatures are about 9 bytes smaller than P2WPKH signatures, but the 32 bytes plus 9 bytes is divided by 4 because of the witness discount, so it saves about 11 bytes; mostly a wash, it increases blockweight by about 1 virtual byte, 4 weight for each Taproot-output-input, compared to P2WPKH-output-input). However, as your HODLings grow in value, you might start wondering if multisignature k-of-n setups might be better for the security of your savings. And it is in multisignature that Taproot starts to give benefits! Taproot switches to using Schnorr signing scheme. Schnorr makes key aggregation -- constructing a single public key from multiple public keys -- almost as trivial as adding numbers together. "Almost" because it involves some fairly advanced math instead of simple boring number adding, but hey when was the last time you added up your grocery list prices by hand huh? With current P2SH and P2WSH multisignature schemes, if you have a 2-of-3 setup, then to spend, you need to provide two different signatures from two different public keys. With Taproot, you can create, using special moon math, a single public key that represents your 2-of-3 setup. Then you just put two of your devices together, have them communicate to each other (this can be done airgapped, in theory, by sending QR codes: the software to do this is not even being built yet, but that's because Taproot hasn't activated yet!), and they will make a single signature to authorize any spend from your 2-of-3 address. That's 73 witness bytes -- 18.25 virtual bytes -- of signatures you save! And if you decide that your current setup with 1-of-1 P2PKH / P2WPKH addresses is just fine as-is: well, that's the whole point of a softfork: backwards-compatibility; you can receive from Taproot users just fine, and once your wallet is updated for Taproot-sending support, you can send to Taproot users just fine as well! (P2WPKH and P2WSH -- SegWit v0 -- addresses start with bc1q; Taproot -- SegWit v1 --- addresses start with bc1p, in case you wanted to know the difference; in bech32 q is 0, p is 1) Now how about HODLers who keep all, or some, of their coins on custodial services? Well, any custodial service worth its salt would be doing at least 2-of-3, or probably something even bigger, like 11-of-15. So your custodial service, if it switched to using Taproot internally, could save a lot more (imagine an 11-of-15 getting reduced from 11 signatures to just 1!), which --- we can only hope! --- should translate to lower fees and better customer service from your custodial service! So I think we can say, very accurately, that the Bitcoin principle --- that YOU are in control of your money --- can only be helped by Taproot (if you are doing multisignature), and, because P2PKH and P2WPKH remain validly-usable addresses in a Taproot future, will not be harmed by Taproot. Its benefit to this principle might be small (it mostly only benefits multisignature users) but since it has no drawbacks with this (i.e. singlesig users can continue to use P2WPKH and P2PKH still) this is still a nice, tidy win! (even singlesig users get a minor benefit, in that multisig users will now reduce their blockchain space footprint, so that fees can be kept low for everybody; so for example even if you have your single set of private keys engraved on titanium plates sealed in an airtight box stored in a safe buried in a desert protected by angry nomads riding giant sandworms because you're the frickin' Kwisatz Haderach, you still gain some benefit from Taproot) And here's the important part: if P2PKH/P2WPKH is working perfectly fine with you and you decide to never use Taproot yourself, Taproot will not affect you detrimentally. First do no harm! Taproot and Your Contracts No one is an island, no one lives alone. Give and you shall receive. You know: by trading with other people, you can gain expertise in some obscure little necessity of the world (and greatly increase your productivity in that little field), and then trade the products of your expertise for necessities other people have created, all of you thereby gaining gains from trade. So, contracts, which are basically enforceable agreements that facilitate trading with people who you do not personally know and therefore might not trust. Let's start with a simple example. You want to buy some gewgaws from somebody. But you don't know them personally. The seller wants the money, you want their gewgaws, but because of the lack of trust (you don't know them!! what if they're scammers??) neither of you can benefit from gains from trade. However, suppose both of you know of some entity that both of you trust. That entity can act as a trusted escrow. The entity provides you security: this enables the trade, allowing both of you to get gains from trade. In Bitcoin-land, this can be implemented as a 2-of-3 multisignature. The three signatories in the multisgnature would be you, the gewgaw seller, and the escrow. You put the payment for the gewgaws into this 2-of-3 multisignature address. Now, suppose it turns out neither of you are scammers (whaaaat!). You receive the gewgaws just fine and you're willing to pay up for them. Then you and the gewgaw seller just sign a transaction --- you and the gewgaw seller are 2, sufficient to trigger the 2-of-3 --- that spends from the 2-of-3 address to a singlesig the gewgaw seller wants (or whatever address the gewgaw seller wants). But suppose some problem arises. The seller gave you gawgews instead of gewgaws. Or you decided to keep the gewgaws but not sign the transaction to release the funds to the seller. In either case, the escrow is notified, and if it can sign with you to refund the funds back to you (if the seller was a scammer) or it can sign with the seller to forward the funds to the seller (if you were a scammer). Taproot helps with this: like mentioned above, it allows multisignature setups to produce only one signature, reducing blockchain space usage, and thus making contracts --- which require multiple people, by definition, you don't make contracts with yourself --- is made cheaper (which we hope enables more of these setups to happen for more gains from trade for everyone, also, moon and lambos). (technology-wise, it's easier to make an n-of-n than a k-of-n, making a k-of-n would require a complex setup involving a long ritual with many communication rounds between the n participants, but an n-of-n can be done trivially with some moon math. You can, however, make what is effectively a 2-of-3 by using a three-branch SCRIPT: either 2-of-2 of you and seller, OR 2-of-2 of you and escrow, OR 2-of-2 of escrow and seller. Fortunately, Taproot adds a facility to embed a SCRIPT inside a public key, so you can have a 2-of-2 Taprooted address (between you and seller) with a SCRIPT branch that can instead be spent with 2-of-2 (you + escrow) OR 2-of-2 (seller + escrow), which implements the three-branched SCRIPT above. If neither of you are scammers (hopefully the common case) then you both sign using your keys and never have to contact the escrow, since you are just using the escrow public key without coordinating with them (because n-of-n is trivial but k-of-n requires setup with communication rounds), so in the "best case" where both of you are honest traders, you also get a privacy boost, in that the escrow never learns you have been trading on gewgaws, I mean ewww, gawgews are much better than gewgaws and therefore I now judge you for being a gewgaw enthusiast, you filthy gewgawer). Taproot and Your Contracts, Part 2: Cryptographic Boogaloo Now suppose you want to buy some data instead of things. For example, maybe you have some closed-source software in trial mode installed, and want to pay the developer for the full version. You want to pay for an activation code. This can be done, today, by using an HTLC. The developer tells you the hash of the activation code. You pay to an HTLC, paying out to the developer if it reveals the preimage (the activation code), or refunding the money back to you after a pre-agreed timeout. If the developer claims the funds, it has to reveal the preimage, which is the activation code, and you can now activate your software. If the developer does not claim the funds by the timeout, you get refunded. And you can do that, with HTLCs, today. Of course, HTLCs do have problems: • Privacy. Everyone scraping the Bitcoin blockchain can see any HTLCs, and preimages used to claim them. • This can be mitigated by using offchain techniques so HTLCs are never published onchain in the happy case. Lightning would probably in practice be the easiest way to do this offchain. Of course, there are practical limits to what you can pay on Lightning. If you are buying something expensive, then Lightning might not be practical. For example, the "software" you are activating is really the firmware of a car, and what you are buying is not the software really but the car itself (with the activation of the car firmware being equivalent to getting the car keys). • Even offchain techniques need an onchain escape hatch in case of unresponsiveness! This means that, if something bad happens during payment, the HTLC might end up being published onchain anyway, revealing the fact that some special contract occurred. • And an HTLC that is claimed with a preimage onchain will also publicly reveal the preimage onchain. If that preimage is really the activation key of a software than it can now be pirated. If that preimage is really the activation key for your newly-bought cryptographic car --- well, not your keys, not your car! • Trust requirement. You are trusting the developer that it gives you the hash of an actual valid activation key, without any way to validate that the activation key hidden by the hash is actually valid. Fortunately, with Schnorr (which is enabled by Taproot), we can now use the Scriptless Script constuction by Andrew Poelstra. This Scriptless Script allows a new construction, the PTLC or Pointlocked Timelocked Contract. Instead of hashes and preimages, just replace "hash" with "point" and "preimage" with "scalar". Or as you might know them: "point" is really "public key" and "scalar" is really a "private key". What a PTLC does is that, given a particular public key, the pointlocked branch can be spent only if the spender reveals the private key of the given public key to you. Another nice thing with PTLCs is that they are deniable. What appears onchain is just a single 2-of-2 signature between you and the developemanufacturer. It's like a magic trick. This signature has no special watermarks, it's a perfectly normal signature (the pledge). However, from this signature, plus some datta given to you by the developemanufacturer (known as the adaptor signature) you can derive the private key of a particular public key you both agree on (the turn). Anyone scraping the blockchain will just see signatures that look just like every other signature, and as long as nobody manages to hack you and get a copy of the adaptor signature or the private key, they cannot get the private key behind the public key (point) that the pointlocked branch needs (the prestige). (Just to be clear, the public key you are getting the private key from, is distinct from the public key that the developemanufacturer will use for its funds. The activation key is different from the developer's onchain Bitcoin key, and it is the activation key whose private key you will be learning, not the developer's/manufacturer's onchain Bitcoin key). So: • Privacy: PTLCs are private even if done onchain. Nobody else can learn what the private key behind the public key is, except you who knows the adaptor signature that when combined with the complete onchain signature lets you know what the private key of the activation key is. Somebody scraping the blockchain will not learn the same information even if all PTLCs are done onchain! • Lightning is still useful for reducing onchain use, and will also get PTLCs soon after Taproot is activated, but even if something bad happens and a PTLC has to go onchain, it doesn't reveal anything! • Trust issues can be proven more easily with a public-private keypair than with a hash-preimage pair. • For example, the developer of the software you are buying could provide a signature signing a message saying "unlock access to the full version for 1 day". You can check if feeding this message and signature to the program will indeed unlock full-version access for 1 day. Then you can check if the signature is valid for the purported pubkey whose private key you will pay for. If so, you can now believe that getting the private key (by paying for it in a PTLC) would let you generate any number of "unlock access to the full version for 1 day" message+signatures, which is equivalent to getting full access to the software indefinitely. • For the car, the manufacturer can show that signing a message "start the engine" and feeding the signature to the car's fimrware will indeed start the engine, and maybe even let you have a small test drive. You can then check if the signature is valid for the purported pubkey whose privkey you will pay for. If so, you can now believe that gaining knowledge of the privkey will let you start the car engine at any time you want. • (pedantry: the signatures need to be unique else they could be replayed, this can be done with a challenge-response sequence for the car, where the car gathers entropy somehow (it's a car, it probably has a bunch of sensors nowadays so it can get entropy for free) and uses the gathered entropy to challenge you to sign a random number and only start if you are able to sign the random number; for the software, it could record previous signatures somewhere in the developer's cloud server and refuse to run if you try to replay a previously-seen signature.) Taproot lets PTLCs exist onchain because they enable Schnorr, which is a requirement of PTLCs / Scriptless Script. (technology-wise, take note that Scriptless Script works only for the "pointlocked" branch of the contract; you need normal Script, or a pre-signed nLockTimed transaction, for the "timelocked" branch. Since Taproot can embed a script, you can have the Taproot pubkey be a 2-of-2 to implement the Scriptless Script "pointlocked" branch, then have a hidden script that lets you recover the funds with an OP_CHECKLOCKTIMEVERIFY after the timeout if the seller does not claim the funds.) Quantum Quibbles! Now if you were really paying attention, you might have noticed this parenthetical: (technical details: a Taproot output is 1 version byte + 32 byte public key, while a P2WPKH (bech32 singlesig) output is 1 version byte + 20 byte public key hash...) So wait, Taproot uses raw 32-byte public keys, and not public key hashes? Isn't that more quantum-vulnerable?? Well, in theory yes. In practice, they probably are not. It's not that hashes can be broken by quantum computes --- they're still not. Instead, you have to look at how you spend from a P2WPKH/P2PKH pay-to-public-key-hash. When you spend from a P2PKH / P2WPKH, you have to reveal the public key. Then Bitcoin hashes it and checks if this matches with the public-key-hash, and only then actually validates the signature for that public key. So an unconfirmed transaction, floating in the mempools of nodes globally, will show, in plain sight for everyone to see, your public key. (public keys should be public, that's why they're called public keys, LOL) And if quantum computers are fast enough to be of concern, then they are probably fast enough that, in the several minutes to several hours from broadcast to confirmation, they have already cracked the public key that is openly broadcast with your transaction. The owner of the quantum computer can now replace your unconfirmed transaction with one that pays the funds to itself. Even if you did not opt-in RBF, miners are still incentivized to support RBF on RBF-disabled transactions. So the extra hash is not as significant a protection against quantum computers as you might think. Instead, the extra hash-and-compare needed is just extra validation effort. Further, if you have ever, in the past, spent from the address, then there exists already a transaction indelibly stored on the blockchain, openly displaying the public key from which quantum computers can derive the private key. So those are still vulnerable to quantum computers. For the most part, the cryptographers behind Taproot (and Bitcoin Core) are of the opinion that quantum computers capable of cracking Bitcoin pubkeys are unlikely to appear within a decade or two. • Current quantum computers can barely crack prime factorization problem for primes of 5 bits. • The 256-bit elliptic curve use by Bitcoin is, by my (possibly wrong) understanding, equivalent to 4096-bit primes, so you can see a pretty big gap between now (5 bit primes) and what is needed (4096 bit primes). • A lot of financial non-Bitcoin systems use the equivalent of 3072-bit primes or less, and are probably easier targets to crack than the equivalent-to-4096-bit-primes Bitcoin. So: • Quantum computers capable of cracking Bitcoin are still far off. • Pay-to-public-key-hash is not as protective as you might think. • We will probably see banks get cracked before Bitcoin, so the banking system is a useful canary-in-a-coal-mine to see whether we should panic about being quantum vulnerable. For now, the homomorphic and linear properties of elliptic curve cryptography provide a lot of benefits --- particularly the linearity property is what enables Scriptless Script and simple multisignature (i.e. multisignatures that are just 1 signature onchain). So it might be a good idea to take advantage of them now while we are still fairly safe against quantum computers. It seems likely that quantum-safe signature schemes are nonlinear (thus losing these advantages). Summary • If you are a singlesig HODL-only Bitcoin user, Taproot will not affect you positively or negatively. Importantly: Taproot does no harm! • If you use or intend to use multisig, Taproot will be a positive for you. • If you transact onchain regularly using typical P2PKH/P2WPKH addresses, you get a minor reduction in feerates since multisig users will likely switch to Taproot to get smaller tx sizes, freeing up blockspace for yours. • If you are using multiparticipant setups for special systems of trade, Taproot will be a positive for you. • Remember: Lightning channels are multipartiicpiant setups for special systems of lightning-fast offchain trades! I Wanna Be The Taprooter! So, do you want to help activate Taproot? Here's what you, mister sovereign Bitcoin HODLer, can do! • If you have developer experience especially in C, C++, or related languages • Review the Taproot code! There is one pull request in Bitcoin Core, and one in libsecp256k1. I deliberately am not putting links here, to avoid brigades of nontechnical but enthusiastic people leaving pointless reviews, but if you are qualified you know how to find them! • But I am not a cryptographeBitcoin Core contributomathematician/someone as awesome as Pieter Wuille • That's perfectly fine! The cryptographers have been over the code already and agree the math is right and the implementation is right. What is wanted is the dreary dreary dreary software engineering: are the comments comprehensive and understandable? no misspellings in the comments? variable names understandable? reasonable function naming convention? misleading coding style? off-by-one errors in loops? conditions not covered by tests? accidental mixups of variables with the same types? missing frees? read-before-init? better test coverage of suspicious-looking code? missing or mismatching header guards? portability issues? consistent coding style? you know, stuff any coder with a few years of experience in coding anything might be able to catch. With enough eyes all bugs are shallow! • If you are running a mining pool/mining operation/exchange/custodial service/SPV server • Be prepared to upgrade! • One of the typical issues with upgrading software is that subtle incompatibilities with your current custom programs tend to arise, disrupting operations and potentially losing income due to downtime. If so, consider moving to the two-node setup suggested by gmax, which is in the last section of my previous post. With this, you have an up-to-date "public" node and a fixed-version "private" node, with the public node protecting the private node from any invalid chainsplits or invalid transactions. Moving to this setup from a typical one-node setup should be smooth and should not disrupt operations (too much). • If you are running your own fullnode for fun or for your own wallet • Be prepared to upgrade! The more nodes validating the new rules (even if you are a non-mining node!), the safer every softfork will be! • If you are using an SPV wallet or custodial wallet/service (including hardware wallets using the software of the wallet provider) • Contact your wallet provider / SPV server and ask for a statement on whether they support Taproot, and whether they are prepared to upgrade for Taproot! Make it known to them that Taproot is something you want! But I Hate Taproot!! That's fine! • Raise your objections to Taproot now, or forever hold your peace! Maybe you can raise them here and some of the devs (probably nullc, he goes everywhere, even in rbtc!) might be able to see your objections! Or if your objections are very technical, head over to the appropriate pull request and object away! • Maybe you simply misunderstand something, and we can clarify it here! • Or maybe you do have a good objection, and we can make Taproot better by finding a solution for it! Discussions About Taproot Activation submitted by almkglor to Bitcoin [link] [comments] Zano Newcomers Introduction/FAQ - please read! Welcome to the Zano Sticky Introduction/FAQ! https://preview.redd.it/al1gy9t9v9q51.png?width=424&format=png&auto=webp&s=b29a60402d30576a4fd95f592b392fae202026ca Hopefully any questions you have will be answered by the resources below, but if you have additional questions feel free to ask them in the comments. If you're quite technically-minded, the Zano whitepaper gives a thorough overview of Zano's design and its main features. So, what is Zano? In brief, Zano is a project started by the original developers of CryptoNote. Coins with market caps totalling well over a billion dollars (Monero, Haven, Loki and countless others) run upon the codebase they created. Zano is a continuation of their efforts to create the "perfect money", and brings a wealth of enhancements to their original CryptoNote code. Development happens at a lightning pace, as the Github activity shows, but Zano is still very much a work-in-progress. Let's cut right to it: Here's why you should pay attention to Zano over the next 12-18 months. Quoting from a recent update: Anton Sokolov has recently joined the Zano team. ... For the last months Anton has been working on theoretical work dedicated to log-size ring signatures. These signatures theoretically allows for a logarithmic relationship between the number of decoys and the size/performance of transactions. This means that we can set mixins at a level from up to 1000, keeping the reasonable size and processing speed of transactions. This will take Zano’s privacy to a whole new level, and we believe this technology will turn out to be groundbreaking! If successful, this scheme will make Zano the most private, powerful and performant CryptoNote implementation on the planet. Bar none. A quantum leap in privacy with a minimal increase in resource usage. And if there's one team capable of pulling it off, it's this one. What else makes Zano special? You mean aside from having "the Godfather of CryptoNote" as the project lead? ;) Actually, the calibre of the developers/researchers at Zano probably is the project's single greatest strength. Drawing on years of experience, they've made careful design choices, optimizing performance with an asynchronous core architecture, and flexibility and extensibility with a modular code structure. This means that the developers are able to build and iterate fast, refining features and adding new ones at a rate that makes bigger and better-funded teams look sluggish at best. Zano also has some unique features that set it apart from similar projects: Privacy Firstly, if you're familiar with CryptoNote you won't be surprised that Zano transactions are private. The perfect money is fungible, and therefore must be untraceable. Bitcoin, for the most part, does little to hide your transaction data from unscrupulous observers. With Zano, privacy is the default. The untraceability and unlinkability of Zano transactions come from its use of ring signatures and stealth addresses. What this means is that no outside observer is able to tell if two transactions were sent to the same address, and for each transaction there is a set of possible senders that make it impossible to determine who the real sender is. Hybrid PoW-PoS consensus mechanism Zano achieves an optimal level of security by utilizing both Proof of Work and Proof of Stake for consensus. By combining the two systems, it mitigates their individual vulnerabilities (see 51% attack and "nothing at stake" problem). For an attack on Zano to have even a remote chance of success the attacker would have to obtain not only a majority of hashing power, but also a majority of the coins involved in staking. The system and its design considerations are discussed at length in the whitepaper. Aliases Here's a stealth address: ZxDdULdxC7NRFYhCGdxkcTZoEGQoqvbZqcDHj5a7Gad8Y8wZKAGZZmVCUf9AvSPNMK68L8r8JfAfxP4z1GcFQVCS2Jb9wVzoe. I have a hard enough time remembering my phone number. Fortunately, Zano has an alias system that lets you register an address to a human-readable name. (@orsonj if you want to anonymously buy me a coffee) Multisig Multisignature (multisig) refers to requiring multiple keys to authorize a Zano transaction. It has a number of applications, such as dividing up responsibility for a single Zano wallet among multiple parties, or creating backups where loss of a single seed doesn't lead to loss of the wallet. Multisig and escrow are key components of the planned Decentralized Marketplace (see below), so consideration was given to each of them from the design stages. Thus Zano's multisig, rather than being tagged on at the wallet-level as an afterthought, is part of its its core architecture being incorporated at the protocol level. This base-layer integration means months won't be spent in the future on complicated refactoring efforts in order to integrate multisig into a codebase that wasn't designed for it. Plus, it makes it far easier for third-party developers to include multisig (implemented correctly) in any Zano wallets and applications they create in the future. (Double Deposit MAD) Escrow With Zano's escrow service you can create fully customizable p2p contracts that are designed to, once signed by participants, enforce adherence to their conditions in such a way that no trusted third-party escrow agent is required. https://preview.redd.it/jp4oghyhv9q51.png?width=1762&format=png&auto=webp&s=12a1e76f76f902ed328886283050e416db3838a5 The Particl project, aside from a couple of minor differences, uses an escrow scheme that works the same way, so I've borrowed the term they coined ("Double Deposit MAD Escrow") as I think it describes the scheme perfectly. The system requires participants to make additional deposits, which they will forfeit if there is any attempt to act in a way that breaches the terms of the contract. Full details can be found in the Escrow section of the whitepaper. The usefulness of multisig and the escrow system may not seem obvious at first, but as mentioned before they'll form the backbone of Zano's Decentralized Marketplace service (described in the next section). What does the future hold for Zano? The planned upgrade to Zano's privacy, mentioned at the start, is obviously one of the most exciting things the team is working on, but it's not the only thing. Zano Roadmap Decentralized Marketplace From the beginning, the Zano team's goal has been to create the perfect money. And money can't just be some vehicle for speculative investment, money must be used. To that end, the team have created a set of tools to make it as simple as possible for Zano to be integrated into eCommerce platforms. Zano's API’s and plugins are easy to use, allowing even those with very little coding experience to use them in their E-commerce-related ventures. The culmination of this effort will be a full Decentralized Anonymous Marketplace built on top of the Zano blockchain. Rather than being accessed via the wallet, it will act more as a service - Marketplace as a Service (MAAS) - for anyone who wishes to use it. The inclusion of a simple "snippet" of code into a website is all that's needed to become part a global decentralized, trustless and private E-commerce network. Atomic Swaps Just as Zano's marketplace will allow you to transact without needing to trust your counterparty, atomic swaps will let you to easily convert between Zano and other cyryptocurrencies without having to trust a third-party service such as a centralized exchange. On top of that, it will also lead to the way to Zano's inclusion in the many decentralized exchange (DEX) services that have emerged in recent years. Where can I buy Zano? Zano's currently listed on the following exchanges: https://coinmarketcap.com/currencies/zano/markets/ It goes without saying, neither I nor the Zano team work for any of the exchanges or can vouch for their reliability. Use at your own risk and never leave coins on a centralized exchange for longer than necessary. Your keys, your coins! If you have any old graphics cards lying around(both AMD & NVIDIA), then Zano is also mineable through its unique ProgPowZ algorithm. Here's a guide on how to get started. Once you have some Zano, you can safely store it in one of the desktop or mobile wallets (available for all major platforms). How can I support Zano? Zano has no marketing department, which is why this post has been written by some guy and not the "Chief Growth Engineer @ Zano Enterprises". The hard part is already done: there's a team of world class developers and researchers gathered here. But, at least at the current prices, the team's funds are enough to cover the cost of development and little more. So the job of publicizing the project falls to the community. If you have any experience in community building/growth hacking at another cryptocurrency or open source project, or if you're a Zano holder who would like to ensure the project's long-term success by helping to spread the word, then send me a pm. We need to get organized. Researchers and developers are also very welcome. Working at the cutting edge of mathematics and cryptography means Zano provides challenging and rewarding work for anyone in those fields. Please contact the project's Community Manager u/Jed_T if you're interested in joining the team. Social Links: Twitter Discord Server Telegram Group Medium blog I'll do my best to keep this post accurate and up to date. Message me please with any suggested improvements and leave any questions you have below. Welcome to the Zano community and the new decentralized private economy! submitted by OrsonJ to Zano [link] [comments] Multiple Receiving Address Question - Ledger Nano S Does anyone know if there is a way to create multiple Bitcoin receiving addresses on the Ledger? I am only able to create one, which is not ideal as I get paid in Bitcoin and provide different addresses at different times. My Trezor supports this, but wasn't sure if there was a workaround for the Ledger? I've tried multiple accounts, etc - but only can generate one new receiving address at a time. Then only when it's used, I can generate a new one. submitted by CouponBuddy to ledgerwallet [link] [comments] Bob The Magic Custodian Summary: Everyone knows that when you give your assets to someone else, they always keep them safe. If this is true for individuals, it is certainly true for businesses. Custodians always tell the truth and manage funds properly. They won't have any interest in taking the assets as an exchange operator would. Auditors tell the truth and can't be misled. That's because organizations that are regulated are incapable of lying and don't make mistakes. First, some background. Here is a summary of how custodians make us more secure: Previously, we might give Alice our crypto assets to hold. There were risks: • Alice might take the assets and disappear. • Alice might spend the assets and pretend that she still has them (fractional model). • Alice might store the assets insecurely and they'll get stolen. • Alice might give the assets to someone else by mistake or by force. • Alice might lose access to the assets. But "no worries", Alice has a custodian named Bob. Bob is dressed in a nice suit. He knows some politicians. And he drives a Porsche. "So you have nothing to worry about!". And look at all the benefits we get: • Alice can't take the assets and disappear (unless she asks Bob or never gives them to Bob). • Alice can't spend the assets and pretend that she still has them. (Unless she didn't give them to Bob or asks him for them.) • Alice can't store the assets insecurely so they get stolen. (After all - she doesn't have any control over the withdrawal process from any of Bob's systems, right?) • Alice can't give the assets to someone else by mistake or by force. (Bob will stop her, right Bob?) • Alice can't lose access to the funds. (She'll always be present, sane, and remember all secrets, right?) See - all problems are solved! All we have to worry about now is: • Bob might take the assets and disappear. • Bob might spend the assets and pretend that he still has them (fractional model). • Bob might store the assets insecurely and they'll get stolen. • Bob might give the assets to someone else by mistake or by force. • Bob might lose access to the assets. It's pretty simple. Before we had to trust Alice. Now we only have to trust Alice, Bob, and all the ways in which they communicate. Just think of how much more secure we are! "On top of that", Bob assures us, "we're using a special wallet structure". Bob shows Alice a diagram. "We've broken the balance up and store it in lots of smaller wallets. That way", he assures her, "a thief can't take it all at once". And he points to a historic case where a large sum was taken "because it was stored in a single wallet... how stupid". "Very early on, we used to have all the crypto in one wallet", he said, "and then one Christmas a hacker came and took it all. We call him the Grinch. Now we individually wrap each crypto and stick it under a binary search tree. The Grinch has never been back since." "As well", Bob continues, "even if someone were to get in, we've got insurance. It covers all thefts and even coercion, collusion, and misplaced keys - only subject to the policy terms and conditions." And with that, he pulls out a phone-book sized contract and slams it on the desk with a thud. "Yep", he continues, "we're paying top dollar for one of the best policies in the country!" "Can I read it?' Alice asks. "Sure," Bob says, "just as soon as our legal team is done with it. They're almost through the first chapter." He pauses, then continues. "And can you believe that sales guy Mike? He has the same year Porsche as me. I mean, what are the odds?" "Do you use multi-sig?", Alice asks. "Absolutely!" Bob replies. "All our engineers are fully trained in multi-sig. Whenever we want to set up a new wallet, we generate 2 separate keys in an air-gapped process and store them in this proprietary system here. Look, it even requires the biometric signature from one of our team members to initiate any withdrawal." He demonstrates by pressing his thumb into the display. "We use a third-party cloud validation API to match the thumbprint and authorize each withdrawal. The keys are also backed up daily to an off-site third-party." "Wow that's really impressive," Alice says, "but what if we need access for a withdrawal outside of office hours?" "Well that's no issue", Bob says, "just send us an email, call, or text message and we always have someone on staff to help out. Just another part of our strong commitment to all our customers!" "What about Proof of Reserve?", Alice asks. "Of course", Bob replies, "though rather than publish any blockchain addresses or signed transaction, for privacy we just do a SHA256 refactoring of the inverse hash modulus for each UTXO nonce and combine the smart contract coefficient consensus in our hyperledger lightning node. But it's really simple to use." He pushes a button and a large green checkmark appears on a screen. "See - the algorithm ran through and reserves are proven." "Wow", Alice says, "you really know your stuff! And that is easy to use! What about fiat balances?" "Yeah, we have an auditor too", Bob replies, "Been using him for a long time so we have quite a strong relationship going! We have special books we give him every year and he's very efficient! Checks the fiat, crypto, and everything all at once!" "We used to have a nice offline multi-sig setup we've been using without issue for the past 5 years, but I think we'll move all our funds over to your facility," Alice says. "Awesome", Bob replies, "Thanks so much! This is perfect timing too - my Porsche got a dent on it this morning. We have the paperwork right over here." "Great!", Alice replies. And with that, Alice gets out her pen and Bob gets the contract. "Don't worry", he says, "you can take your crypto-assets back anytime you like - just subject to our cancellation policy. Our annual management fees are also super low and we don't adjust them often". How many holes have to exist for your funds to get stolen? Just one. Why are we taking a powerful offline multi-sig setup, widely used globally in hundreds of different/lacking regulatory environments with 0 breaches to date, and circumventing it by a demonstrably weak third party layer? And paying a great expense to do so? If you go through the list of breaches in the past 2 years to highly credible organizations, you go through the list of major corporate frauds (only the ones we know about), you go through the list of all the times platforms have lost funds, you go through the list of times and ways that people have lost their crypto from identity theft, hot wallet exploits, extortion, etc... and then you go through this custodian with a fine-tooth comb and truly believe they have value to add far beyond what you could, sticking your funds in a wallet (or set of wallets) they control exclusively is the absolute worst possible way to take advantage of that security. The best way to add security for crypto-assets is to make a stronger multi-sig. With one custodian, what you are doing is giving them your cryptocurrency and hoping they're honest, competent, and flawlessly secure. It's no different than storing it on a really secure exchange. Maybe the insurance will cover you. Didn't work for Bitpay in 2015. Didn't work for Yapizon in 2017. Insurance has never paid a claim in the entire history of cryptocurrency. But maybe you'll get lucky. Maybe your exact scenario will buck the trend and be what they're willing to cover. After the large deductible and hopefully without a long and expensive court battle. And you want to advertise this increase in risk, the lapse of judgement, an accident waiting to happen, as though it's some kind of benefit to customers ("Free institutional-grade storage for your digital assets.")? And then some people are writing to the OSC that custodians should be mandatory for all funds on every exchange platform? That this somehow will make Canadians as a whole more secure or better protected compared with standard air-gapped multi-sig? On what planet? Most of the problems in Canada stemmed from one thing - a lack of transparency. If Canadians had known what a joke Quadriga was - it wouldn't have grown to lose400m from hard-working Canadians from coast to coast to coast. And Gerald Cotten would be in jail, not wherever he is now (at best, rotting peacefully). EZ-BTC and mister Dave Smilie would have been a tiny little scam to his friends, not a multi-million dollar fraud. Einstein would have got their act together or been shut down BEFORE losing millions and millions more in people's funds generously donated to criminals. MapleChange wouldn't have even been a thing. And maybe we'd know a little more about CoinTradeNewNote - like how much was lost in there. Almost all of the major losses with cryptocurrency exchanges involve deception with unbacked funds.
So it's great to see transparency reports from BitBuy and ShakePay where someone independently verified the backing. The only thing we don't have is:
• ANY CERTAINTY BALANCES WEREN'T EXCLUDED. Quadriga's largest account was $70m. 80% of funds are in 20% of accounts (Pareto principle). All it takes is excluding a few really large accounts - and nobody's the wiser. A fractional platform can easily pass any audit this way. • ANY VISIBILITY WHATSOEVER INTO THE CUSTODIANS. BitBuy put out their report before moving all the funds to their custodian and ShakePay apparently can't even tell us who the custodian is. That's pretty important considering that basically all of the funds are now stored there. • ANY IDEA ABOUT THE OTHER EXCHANGES. In order for this to be effective, it has to be the norm. It needs to be "unusual" not to know. If obscurity is the norm, then it's super easy for people like Gerald Cotten and Dave Smilie to blend right in. It's not complicated to validate cryptocurrency assets. They need to exist, they need to be spendable, and they need to cover the total balances. There are plenty of credible people and firms across the country that have the capacity to reasonably perform this validation. Having more frequent checks by different, independent, parties who publish transparent reports is far more valuable than an annual check by a single "more credible/official" party who does the exact same basic checks and may or may not publish anything. Here's an example set of requirements that could be mandated: • First report within 1 month of launching, another within 3 months, and further reports at minimum every 6 months thereafter. • No auditor can be repeated within a 12 month period. • All reports must be public, identifying the auditor and the full methodology used. • All auditors must be independent of the firm being audited with no conflict of interest. • Reports must include the percentage of each asset backed, and how it's backed. • The auditor publishes a hash list, which lists a hash of each customer's information and balances that were included. Hash is one-way encryption so privacy is fully preserved. Every customer can use this to have 100% confidence they were included. • If we want more extensive requirements on audits, these should scale upward based on the total assets at risk on the platform, and whether the platform has loaned their assets out. There are ways to structure audits such that neither crypto assets nor customer information are ever put at risk, and both can still be properly validated and publicly verifiable. There are also ways to structure audits such that they are completely reasonable for small platforms and don't inhibit innovation in any way. By making the process as reasonable as possible, we can completely eliminate any reason/excuse that an honest platform would have for not being audited. That is arguable far more important than any incremental improvement we might get from mandating "the best of the best" accountants. Right now we have nothing mandated and tons of Canadians using offshore exchanges with no oversight whatsoever. Transparency does not prove crypto assets are safe. CoinTradeNewNote, Flexcoin ($600k), and Canadian Bitcoins ($100k) are examples where crypto-assets were breached from platforms in Canada. All of them were online wallets and used no multi-sig as far as any records show. This is consistent with what we see globally - air-gapped multi-sig wallets have an impeccable record, while other schemes tend to suffer breach after breach. We don't actually know how much CoinTrader lost because there was no visibility. Rather than publishing details of what happened, the co-founder of CoinTrader silently moved on to found another platform - the "most trusted way to buy and sell crypto" - a site that has no information whatsoever (that I could find) on the storage practices and a FAQ advising that “[t]rading cryptocurrency is completely safe” and that having your own wallet is “entirely up to you! You can certainly keep cryptocurrency, or fiat, or both, on the app.” Doesn't sound like much was learned here, which is really sad to see. It's not that complicated or unreasonable to set up a proper hardware wallet. Multi-sig can be learned in a single course. Something the equivalent complexity of a driver's license test could prevent all the cold storage exploits we've seen to date - even globally. Platform operators have a key advantage in detecting and preventing fraud - they know their customers far better than any custodian ever would. The best job that custodians can do is to find high integrity individuals and train them to form even better wallet signatories. Rather than mandating that all platforms expose themselves to arbitrary third party risks, regulations should center around ensuring that all signatories are background-checked, properly trained, and using proper procedures. We also need to make sure that signatories are empowered with rights and responsibilities to reject and report fraud. They need to know that they can safely challenge and delay a transaction - even if it turns out they made a mistake. We need to have an environment where mistakes are brought to the surface and dealt with. Not one where firms and people feel the need to hide what happened. In addition to a knowledge-based test, an auditor can privately interview each signatory to make sure they're not in coercive situations, and we should make sure they can freely and anonymously report any issues without threat of retaliation. A proper multi-sig has each signature held by a separate person and is governed by policies and mutual decisions instead of a hierarchy. It includes at least one redundant signature. For best results, 3of4, 3of5, 3of6, 4of5, 4of6, 4of7, 5of6, or 5of7. History has demonstrated over and over again the risk of hot wallets even to highly credible organizations. Nonetheless, many platforms have hot wallets for convenience. While such losses are generally compensated by platforms without issue (for example Poloniex, Bitstamp, Bitfinex, Gatecoin, Coincheck, Bithumb, Zaif, CoinBene, Binance, Bitrue, Bitpoint, Upbit, VinDAX, and now KuCoin), the public tends to focus more on cases that didn't end well. Regardless of what systems are employed, there is always some level of risk. For that reason, most members of the public would prefer to see third party insurance. Rather than trying to convince third party profit-seekers to provide comprehensive insurance and then relying on an expensive and slow legal system to enforce against whatever legal loopholes they manage to find each and every time something goes wrong, insurance could be run through multiple exchange operators and regulators, with the shared interest of having a reputable industry, keeping costs down, and taking care of Canadians. For example, a 4 of 7 multi-sig insurance fund held between 5 independent exchange operators and 2 regulatory bodies. All Canadian exchanges could pay premiums at a set rate based on their needed coverage, with a higher price paid for hot wallet coverage (anything not an air-gapped multi-sig cold wallet). Such a model would be much cheaper to manage, offer better coverage, and be much more reliable to payout when needed. The kind of coverage you could have under this model is unheard of. You could even create something like the CDIC to protect Canadians who get their trading accounts hacked if they can sufficiently prove the loss is legitimate. In cases of fraud, gross negligence, or insolvency, the fund can be used to pay affected users directly (utilizing the last transparent balance report in the worst case), something which private insurance would never touch. While it's recommended to have official policies for coverage, a model where members vote would fully cover edge cases. (Could be similar to the Supreme Court where justices vote based on case law.) Such a model could fully protect all Canadians across all platforms. You can have a fiat coverage governed by legal agreements, and crypto-asset coverage governed by both multi-sig and legal agreements. It could be practical, affordable, and inclusive. Now, we are at a crossroads. We can happily give up our freedom, our innovation, and our money. We can pay hefty expenses to auditors, lawyers, and regulators year after year (and make no mistake - this cost will grow to many millions or even billions as the industry grows - and it will be borne by all Canadians on every platform because platforms are not going to eat up these costs at a loss). We can make it nearly impossible for any new platform to enter the marketplace, forcing Canadians to use the same stagnant platforms year after year. We can centralize and consolidate the entire industry into 2 or 3 big players and have everyone else fail (possibly to heavy losses of users of those platforms). And when a flawed security model doesn't work and gets breached, we can make it even more complicated with even more people in suits making big money doing the job that blockchain was supposed to do in the first place. We can build a system which is so intertwined and dependent on big government, traditional finance, and central bankers that it's future depends entirely on that of the fiat system, of fractional banking, and of government bail-outs. If we choose this path, as history has shown us over and over again, we can not go back, save for revolution. Our children and grandchildren will still be paying the consequences of what we decided today. Or, we can find solutions that work. We can maintain an open and innovative environment while making the adjustments we need to make to fully protect Canadian investors and cryptocurrency users, giving easy and affordable access to cryptocurrency for all Canadians on the platform of their choice, and creating an environment in which entrepreneurs and problem solvers can bring those solutions forward easily. None of the above precludes innovation in any way, or adds any unreasonable cost - and these three policies would demonstrably eliminate or resolve all 109 historic cases as studied here - that's every single case researched so far going back to 2011. It includes every loss that was studied so far not just in Canada but globally as well. Unfortunately, finding answers is the least challenging part. Far more challenging is to get platform operators and regulators to agree on anything. My last post got no response whatsoever, and while the OSC has told me they're happy for industry feedback, I believe my opinion alone is fairly meaningless. This takes the whole community working together to solve. So please let me know your thoughts. Please take the time to upvote and share this with people. Please - let's get this solved and not leave it up to other people to do. Facts/background/sources (skip if you like): • The inspiration for the paragraph about splitting wallets was an actual quote from a Canadian company providing custodial services in response to the OSC consultation paper: "We believe that it will be in the in best interests of investors to prohibit pooled crypto assets or ‘floats’. Most Platforms pool assets, citing reasons of practicality and expense. The recent hack of the world’s largest Platform – Binance – demonstrates the vulnerability of participants’ assets when such concessions are made. In this instance, the Platform’s entire hot wallet of Bitcoins, worth over$40 million, was stolen, facilitated in part by the pooling of client crypto assets." "the maintenance of participants (and Platform) crypto assets across multiple wallets distributes the related risk and responsibility of security - reducing the amount of insurance coverage required and making insurance coverage more readily obtainable". For the record, their reply also said nothing whatsoever about multi-sig or offline storage.
• In addition to the fact that the $40m hack represented only one "hot wallet" of Binance, and they actually had the vast majority of assets in other wallets (including mostly cold wallets), multiple real cases have clearly demonstrated that risk is still present with multiple wallets. Bitfinex, VinDAX, Bithumb, Altsbit, BitPoint, Cryptopia, and just recently KuCoin all had multiple wallets breached all at the same time, and may represent a significantly larger impact on customers than the Binance breach which was fully covered by Binance. To represent that simply having multiple separate wallets under the same security scheme is a comprehensive way to reduce risk is just not true. • Private insurance has historically never covered a single loss in the cryptocurrency space (at least, not one that I was able to find), and there are notable cases where massive losses were not covered by insurance. Bitpay in 2015 and Yapizon in 2017 both had insurance policies that didn't pay out during the breach, even after a lengthly court process. The same insurance that ShakePay is presently using (and announced to much fanfare) was describe by their CEO himself as covering “physical theft of the media where the private keys are held,” which is something that has never historically happened. As was said with regard to the same policy in 2018 - “I don’t find it surprising that Lloyd’s is in this space,” said Johnson, adding that to his mind the challenge for everybody is figuring out how to structure these policies so that they are actually protective. “You can create an insurance policy that protects no one – you know there are so many caveats to the policy that it’s not super protective.” • The most profitable policy for a private insurance company is one with the most expensive premiums that they never have to pay a claim on. They have no inherent incentive to take care of people who lost funds. It's "cheaper" to take the reputational hit and fight the claim in court. The more money at stake, the more the insurance provider is incentivized to avoid payout. They're not going to insure the assets unless they have reasonable certainty to make a profit by doing so, and they're not going to pay out a massive sum unless it's legally forced. Private insurance is always structured to be maximally profitable to the insurance provider. • The circumvention of multi-sig was a key factor in the massive Bitfinex hack of over$60m of bitcoin, which today still sits being slowly used and is worth over $3b. While Bitfinex used a qualified custodian Bitgo, which was and still is active and one of the industry leaders of custodians, and they set up 2 of 3 multi-sig wallets, the entire system was routed through Bitfinex, such that Bitfinex customers could initiate the withdrawals in a "hot" fashion. This feature was also a hit with the hacker. The multi-sig was fully circumvented. • Bitpay in 2015 was another example of a breach that stole 5,000 bitcoins. This happened not through the exploit of any system in Bitpay, but because the CEO of a company they worked with got their computer hacked and the hackers were able to request multiple bitcoin purchases, which Bitpay honoured because they came from the customer's computer legitimately. Impersonation is a very common tactic used by fraudsters, and methods get more extreme all the time. • A notable case in Canada was the Canadian Bitcoins exploit. Funds were stored on a server in a Rogers Data Center, and the attendee was successfully convinced to reboot the server "in safe mode" with a simple phone call, thus bypassing the extensive security and enabling the theft. • Over$200m has been stolen impersonating users of cryptocurrency platforms by one group alone. Here's a list of 10 social engineering attacks against corporate companies. Here's an even larger case. While verification methods are improving, so are methods of identity theft and social engineering. We now have sim swapping and deep fake videos to contend with. Hackers have massive database sets of personal information they can utilize. As the sums at stake increase, so to will the level of effort criminals are willing to undertake. Obscurity for an insecure system will only postpone an attack until the "jackpot" is large enough.
• The very nature of custodians circumvents multi-sig. This is because custodians are not just having to secure the assets against some sort of physical breach but against any form of social engineering, modification of orders, fraudulent withdrawal attempts, etc... If the security practices of signatories in a multi-sig arrangement are such that the breach risk of one signatory is 1 in 100, the requirement of 3 independent signatures makes the risk of theft 1 in 1,000,000. Since hackers tend to exploit the weakest link, a comparable custodian has to make the entry and exit points of their platform 10,000 times more secure than one of those signatories to provide equivalent protection. And if the signatories beef up their security by only 10x, the risk is now 1 in 1,000,000,000. The custodian has to be 1,000,000 times more secure. The larger and more complex a system is, the more potential vulnerabilities exist in it, and the fewer people can understand how the system works when performing upgrades. Even if a system is completely secure today, one has to also consider how that system might evolve over time or work with different members.
• By contrast, offline multi-signature solutions have an extremely solid record, and in the entire history of cryptocurrency exchange incidents which I've studied (listed here), there has only been one incident (796 exchange in 2015) involving an offline multi-signature wallet. It happened because the customer's bitcoin address was modified by hackers, and the amount that was stolen ($230k) was immediately covered by the exchange operators. Basically, the platform operators were tricked into sending a legitimate withdrawal request to the wrong address because hackers exploited their platform to change that address. Such an issue would not be prevented in any way by the use of a custodian, as that custodian has no oversight whatsoever to the exchange platform. It's practical for all exchange operators to test large withdrawal transactions as a general policy, regardless of what model is used, and general best practice is to diagnose and fix such an exploit as soon as it occurs. • False promises on the backing of funds played a huge role in the downfall of Quadriga, and it's been exposed over and over again (MyCoin, PlusToken, Bitsane, Bitmarket, EZBTC, IDAX). Even today, customers have extremely limited certainty on whether their funds in exchanges are actually being backed or how they're being backed. While this issue is not unique to cryptocurrency exchanges, the complexity of the technology and the lack of any regulation or standards makes problems more widespread, and there is no "central bank" to come to the rescue as in the 2008 financial crisis or during the great depression when "9,000 banks failed". • In addition to fraudulent operations, the industry is full of cases where operators have suffered breaches and not reported them. Most recently, Einstein was the largest case in Canada, where ongoing breaches and fraud were perpetrated against the platform for multiple years and nobody found out until the platform collapsed completely. While fraud and breaches suck to deal with, they suck even more when not dealt with. Lack of visibility played a role in the largest downfalls of Mt. Gox, Cryptsy, and Bitgrail. In some cases, platforms are alleged to have suffered a hack and keep operating without admitting it at all, such as CoinBene. • It surprises some to learn that a cryptographic solution has already existed since 2013, and gained widespread support in 2014 after Mt. Gox. Proof of Reserves is a full cryptographic proof that allows any customer using an exchange to have complete certainty that their crypto-assets are fully backed by the platform in real-time. This is accomplished by proving that assets exist on the blockchain, are spendable, and fully cover customer deposits. It does not prove safety of assets or backing of fiat assets. • If we didn't care about privacy at all, a platform could publish their wallet addresses, sign a partial transaction, and put the full list of customer information and balances out publicly. Customers can each check that they are on the list, that the balances are accurate, that the total adds up, and that it's backed and spendable on the blockchain. Platforms who exclude any customer take a risk because that customer can easily check and see they were excluded. So together with all customers checking, this forms a full proof of backing of all crypto assets. • However, obviously customers care about their private information being published. Therefore, a hash of the information can be provided instead. Hash is one-way encryption. The hash allows the customer to validate inclusion (by hashing their own known information), while anyone looking at the list of hashes cannot determine the private information of any other user. All other parts of the scheme remain fully intact. A model like this is in use on the exchange CoinFloor in the UK. • A Merkle tree can provide even greater privacy. Instead of a list of balances, the balances are arranged into a binary tree. A customer starts from their node, and works their way to the top of the tree. For example, they know they have 5 BTC, they plus 1 other customer hold 7 BTC, they plus 2-3 other customers hold 17 BTC, etc... until they reach the root where all the BTC are represented. Thus, there is no way to find the balances of other individual customers aside from one unidentified customer in this case. • Proposals such as this had the backing of leaders in the community including Nic Carter, Greg Maxwell, and Zak Wilcox. Substantial and significant effort started back in 2013, with massive popularity in 2014. But what became of that effort? Very little. Exchange operators continue to refuse to give visibility. Despite the fact this information can often be obtained through trivial blockchain analysis, no Canadian platform has ever provided any wallet addresses publicly. As described by the CEO of Newton "For us to implement some kind of realtime Proof of Reserves solution, which I'm not opposed to, it would have to ... Preserve our users' privacy, as well as our own. Some kind of zero-knowledge proof". Kraken describes here in more detail why they haven't implemented such a scheme. According to professor Eli Ben-Sasson, when he spoke with exchanges, none were interested in implementing Proof of Reserves. • And yet, Kraken's places their reasoning on a page called "Proof of Reserves". More recently, both BitBuy and ShakePay have released reports titled "Proof of Reserves and Security Audit". Both reports contain disclaimers against being audits. Both reports trust the customer list provided by the platform, leaving the open possibility that multiple large accounts could have been excluded from the process. Proof of Reserves is a blockchain validation where customers see the wallets on the blockchain. The report from Kraken is 5 years old, but they leave it described as though it was just done a few weeks ago. And look at what they expect customers to do for validation. When firms represent something being "Proof of Reserve" when it's not, this is like a farmer growing fruit with pesticides and selling it in a farmers market as organic produce - except that these are people's hard-earned life savings at risk here. Platforms are misrepresenting the level of visibility in place and deceiving the public by their misuse of this term. They haven't proven anything. • Fraud isn't a problem that is unique to cryptocurrency. Fraud happens all the time. Enron, WorldCom, Nortel, Bear Stearns, Wells Fargo, Moser Baer, Wirecard, Bre-X, and Nicola are just some of the cases where frauds became large enough to become a big deal (and there are so many countless others). These all happened on 100% reversible assets despite regulations being in place. In many of these cases, the problems happened due to the over-complexity of the financial instruments. For example, Enron had "complex financial statements [which] were confusing to shareholders and analysts", creating "off-balance-sheet vehicles, complex financing structures, and deals so bewildering that few people could understand them". In cryptocurrency, we are often combining complex financial products with complex technologies and verification processes. We are naïve if we think problems like this won't happen. It is awkward and uncomfortable for many people to admit that they don't know how something works. If we want "money of the people" to work, the solutions have to be simple enough that "the people" can understand them, not so confusing that financial professionals and technology experts struggle to use or understand them. • For those who question the extent to which an organization can fool their way into a security consultancy role, HB Gary should be a great example to look at. Prior to trying to out anonymous, HB Gary was being actively hired by multiple US government agencies and others in the private sector (with glowing testimonials). The published articles and hosted professional security conferences. One should also look at this list of data breaches from the past 2 years. Many of them are large corporations, government entities, and technology companies. These are the ones we know about. Undoubtedly, there are many more that we do not know about. If HB Gary hadn't been "outted" by anonymous, would we have known they were insecure? If the same breach had happened outside of the public spotlight, would it even have been reported? Or would HB Gary have just deleted the Twitter posts, brought their site back up, done a couple patches, and kept on operating as though nothing had happened? • In the case of Quadriga, the facts are clear. Despite past experience with platforms such as MapleChange in Canada and others around the world, no guidance or even the most basic of a framework was put in place by regulators. By not clarifying any sort of legal framework, regulators enabled a situation where a platform could be run by former criminal Mike Dhanini/Omar Patryn, and where funds could be held fully unchecked by one person. At the same time, the lack of regulation deterred legitimate entities from running competing platforms and Quadriga was granted a money services business license for multiple years of operation, which gave the firm the appearance of legitimacy. Regulators did little to protect Canadians despite Quadriga failing to file taxes from 2016 onward. The entire administrative team had resigned and this was public knowledge. Many people had suspicions of what was going on, including Ryan Mueller, who forwarded complaints to the authorities. These were ignored, giving Gerald Cotten the opportunity to escape without justice. • There are multiple issues with the SOC II model including the prohibitive cost (you have to find a third party accounting firm and the prices are not even listed publicly on any sites), the requirement of operating for a year (impossible for new platforms), and lack of any public visibility (SOC II are private reports that aren't shared outside the people in suits). • Securities frameworks are expensive. Sarbanes-Oxley is estimated to cost$5.1 million USD/yr for the average Fortune 500 company in the United States. Since "Fortune 500" represents the top 500 companies, that means well over $2.55 billion USD (~$3.4 billion CAD) is going to people in suits. Isn't the problem of trust and verification the exact problem that the blockchain is supposed to solve?
• To use Quadriga as justification for why custodians or SOC II or other advanced schemes are needed for platforms is rather silly, when any framework or visibility at all, or even the most basic of storage policies, would have prevented the whole thing. It's just an embarrassment.
• We are now seeing regulators take strong action. CoinSquare in Canada with multi-million dollar fines. BitMex from the US, criminal charges and arrests. OkEx, with full disregard of withdrawals and no communication. Who's next?
• We have a unique window today where we can solve these problems, and not permanently destroy innovation with unreasonable expectations, but we need to act quickly. This is a unique historic time that will never come again.

Thoughts?
Bitcoin address is an identifier (account number), starting with 1 or 3 and containing 27-34 alphanumeric Latin characters (except 0, O, I). Bitcoin addresses can be also represented as a QR-code. The addresses are anonymous and do not contain information about the owner. A bitcoin address can be obtained for free, using, for example, Bitcoin ... In order to create a multisig address, you will need two or more public public keys to generate it. Multisig addresses start with the number 3. The more key holders or signers you want, the more ... Many cryptocurrency wallets allow users to generate multiple Bitcoin addresses, but this feature is rarely available on cryptocurrency exchanges. When taking your first steps into the Bitcoin and cryptocurrency space, your first challenge is finding a safe, secure way to store your crypto. Fortunately, there's a huge variety of Bitcoin wallet providers available. These allow you to create a ... Note $$2\times26 + 10 - 4 = 58$$. Removing these confusing characters makes it much less likely for Bitcoin addresses to be entered incorrectly. Creating Bitcoin Addresses in C. Bitcoin uses Elliptic Curve Cryptography to create a public and private key pair. You can use multi-sig addresses to create a kind of joint account, which requires you and your partner to both sign off on any withdrawals, or perhaps requires the majority of a company’s owners or executives to sign for expenditures . You can use them for savings wallets which require multiple signatures to increase security. Perhaps the most common use, however, is multi-sig escrow ...