- Components Of Cryptosystem CryptoCoins Info Club
- Classification Of Cryptography CryptoCoins Info Club
- Bitcoin System Review: New Auto Crypto Trading Software ...
- 4 Categories Of Cryptocurrency You Should Know Cryptoverze
- Blockchain Cryptography - History Cryptosystem - DataFlair

A bit about Bitcoin The first time I saw a commercial about bitcoin was by DW german news channel and it was at 2011 mid https://www.youtube.com/watch?v=gTubc12Y9M8&t=13s at that time LibertyReserve.com was at peak before getting shutdown by feds.After that I seen people shifting to perfectmoney.com ,they started blocking account and after that bitcoin was at rise you can say criminals started to enjoy the money safety it provides and being anonymous.

Satoshi Nakamoto is very much hidden and watch all whats going around as he created bitcointalk.org and his last post were active till Name: satoshi Posts: 575 Activity: 364 Merit: 1271 Position: Founder Date Registered: November 19, 2009, 07:12:39 PM Last Active: December 13, 2010, 04:45:41 PM

why he is still around because after he reg bitcointalk.org Domain Name:BITCOINTALK.ORG Domain ID: D162601474-LROR Creation Date: 2011-06-24T05:19:00Z his last mailing list at sourceforge.net[bitcoin-list] Bitcoin 0.3.19 is released From: Satoshi Nakamoto [email protected]... - 2010-12-13 16:12:09 https://sourceforge.net/p/bitcoin/mailman/bitcoin-list/?viewmonth=201012

anyway bitcoin.org was also reg by satoshi Nakamoto Domain Name:BITCOIN.ORG Domain ID: D153621148-LROR Creation Date: 2008-08-18T13:19:55Z Updated Date: 2014-12-21T06:06:33Z Registry Expiry Date: 2021-08-18T13:19:55Z Sponsoring Registrar:eNom, Inc. (R39-LROR)

it plays main role as this was his start ,I dont understand why feds dont seize whole group at bitcoin.org as there is no proof that Santoshi handed over to gavinandresen, jgarzik, sipa as these guys still knows a lot about it but wont tell to the world.

Anyway since there is a deep link between satoshi Nakamoto and bitcoin.org ,Why Iam linking them both is Satoshi was its creator and second Dw German New Channel publish its first bitcoin ads for Room77 bar in germany ,you could see the Qr logo https://drive.google.com/file/d/1sREIj2gEQl1IuI6X24UvMuOIYGk1sP6x/view?usp=sharing was at its front store window of room77 at mid 2010 www.letsee.ga/go.php?name=https://drive.google.com/file/d/10QRE5LG7QdGsyZy6fAoa4Y3r0UdSjnvY/view?usp=sharing

and at that time Santoshi didnt handover bitcoin.org to gavinandresen.

what I did is I Download the pdf which is available at bitcoin.org site https://bitcoin.org/bitcoin.pdf and tried to see [color=yellow][b]the meta data of its PDF [/b][/color] and the results are astonishing .Iam listing the images below.

you can also check pdf meta data at https://www.get-metadata.com/ www.letsee.ga/go.php?name=https://drive.google.com/file/d/1IzZU8eE7Plbwci5sKq0-jKCHJ5Aa4DhL/view?usp=sharing www.letsee.ga/go.php?name=https://drive.google.com/file/d/1XUxI3uE3NAGyq8vCfFww912VvRCLZy6u/view?usp=sharing

Below are its Description Category application Create Date 2009:03:24 11:33:15-06:00 (santoshi PDF Creation Date is 2009-03-24 Creationdate Tue Mar 24 11:33:15 2009 Creator Writer Encrypted no File Modify Date 2018:06:08 01:52:39+02:00 (File was modified Recently)

Language en-GB (Santoshi Choose Language GB why?its already at forum he sounds British and he is not from Japan )

PDF FONTS Name BAAAAA+CenturySchoolbook-Bold Type TrueType Encoding WinAnsi Embedded 1 Subset 1 Unicode 1 Object Id 33 Name CAAAAA+TimesNewRomanPSMT Type TrueType Encoding WinAnsi Embedded 1 Subset 1 Unicode 1 Object Id 53 Name DAAAAA+TimesNewRomanPS-BoldMT Type TrueType Encoding WinAnsi Embedded 1 Subset 1 Unicode 1 Object Id 63 Name EAAAAA+ArialMT Type TrueType Encoding WinAnsi Embedded 1 Subset 1 Unicode 1 Object Id 38 Name FAAAAA+TimesNewRomanPS-ItalicMT Type TrueType Encoding WinAnsi Embedded 1 Subset 1 Unicode 1 Object Id 58 Name GAAAAA+OpenSymbol Type TrueType Encoding WinAnsi Embedded 1 Subset 1 Unicode 1 Object Id 43 Name HAAAAA+CourierNewPSMT Type TrueType Encoding WinAnsi Embedded 1 Subset 1 Unicode 1 Object Id 48 Pdf Version 1.4 Producer OpenOffice.org 2.4 Suspects no Tagged no Type pdf Userproperties no (total used 8 Fonts seems like a whole team is there to make professional posting)

link https://www.get-metadata.com/result/f61c5b7d-9136-4e4a-8dfd-2d3d21990bf3

there is another thing which I noted at satoshi pdf

References [1] W. Dai, "b-money," http://www.weidai.com/bmoney.txt, 1998. [2] H. Massias, X.S. Avila, and J.-J. Quisquater, "Design of a secure timestamping service with minimal trust requirements," In 20th Symposium on Information Theory in the Benelux, May 1999. [3] S. Haber, W.S. Stornetta, "How to time-stamp a digital document," In Journal of Cryptology, vol 3, no 2, pages 99-111, 1991. [4] D. Bayer, S. Haber, W.S. Stornetta, "Improving the efficiency and reliability of digital time-stamping," In Sequences II: Methods in Communication, Security and Computer Science, pages 329-334, 1993. [5] S. Haber, W.S. Stornetta, "Secure names for bit-strings," In Proceedings of the 4th ACM Conference on Computer and Communications Security, pages 28-35, April 1997. [6] A. Back, "Hashcash - a denial of service counter-measure," http://www.hashcash.org/papers/hashcash.pdf, 2002. [7] R.C. Merkle, "Protocols for public key cryptosystems," In Proc. 1980 Symposium on Security and Privacy, IEEE Computer Society, pages 122-133, April 1980. [8] W. Feller, "An introduction to probability theory and its applications," 1957.

if you check the domain whois the info creation date of these domain is different

submitted by surbex1 to bitcoinxt [link] [comments]
Satoshi Nakamoto is very much hidden and watch all whats going around as he created bitcointalk.org and his last post were active till Name: satoshi Posts: 575 Activity: 364 Merit: 1271 Position: Founder Date Registered: November 19, 2009, 07:12:39 PM Last Active: December 13, 2010, 04:45:41 PM

why he is still around because after he reg bitcointalk.org Domain Name:BITCOINTALK.ORG Domain ID: D162601474-LROR Creation Date: 2011-06-24T05:19:00Z his last mailing list at sourceforge.net[bitcoin-list] Bitcoin 0.3.19 is released From: Satoshi Nakamoto [email protected]... - 2010-12-13 16:12:09 https://sourceforge.net/p/bitcoin/mailman/bitcoin-list/?viewmonth=201012

anyway bitcoin.org was also reg by satoshi Nakamoto Domain Name:BITCOIN.ORG Domain ID: D153621148-LROR Creation Date: 2008-08-18T13:19:55Z Updated Date: 2014-12-21T06:06:33Z Registry Expiry Date: 2021-08-18T13:19:55Z Sponsoring Registrar:eNom, Inc. (R39-LROR)

it plays main role as this was his start ,I dont understand why feds dont seize whole group at bitcoin.org as there is no proof that Santoshi handed over to gavinandresen, jgarzik, sipa as these guys still knows a lot about it but wont tell to the world.

Anyway since there is a deep link between satoshi Nakamoto and bitcoin.org ,Why Iam linking them both is Satoshi was its creator and second Dw German New Channel publish its first bitcoin ads for Room77 bar in germany ,you could see the Qr logo https://drive.google.com/file/d/1sREIj2gEQl1IuI6X24UvMuOIYGk1sP6x/view?usp=sharing was at its front store window of room77 at mid 2010 www.letsee.ga/go.php?name=https://drive.google.com/file/d/10QRE5LG7QdGsyZy6fAoa4Y3r0UdSjnvY/view?usp=sharing

and at that time Santoshi didnt handover bitcoin.org to gavinandresen.

what I did is I Download the pdf which is available at bitcoin.org site https://bitcoin.org/bitcoin.pdf and tried to see [color=yellow][b]the meta data of its PDF [/b][/color] and the results are astonishing .Iam listing the images below.

you can also check pdf meta data at https://www.get-metadata.com/ www.letsee.ga/go.php?name=https://drive.google.com/file/d/1IzZU8eE7Plbwci5sKq0-jKCHJ5Aa4DhL/view?usp=sharing www.letsee.ga/go.php?name=https://drive.google.com/file/d/1XUxI3uE3NAGyq8vCfFww912VvRCLZy6u/view?usp=sharing

Below are its Description Category application Create Date 2009:03:24 11:33:15-06:00 (santoshi PDF Creation Date is 2009-03-24 Creationdate Tue Mar 24 11:33:15 2009 Creator Writer Encrypted no File Modify Date 2018:06:08 01:52:39+02:00 (File was modified Recently)

Language en-GB (Santoshi Choose Language GB why?its already at forum he sounds British and he is not from Japan )

PDF FONTS Name BAAAAA+CenturySchoolbook-Bold Type TrueType Encoding WinAnsi Embedded 1 Subset 1 Unicode 1 Object Id 33 Name CAAAAA+TimesNewRomanPSMT Type TrueType Encoding WinAnsi Embedded 1 Subset 1 Unicode 1 Object Id 53 Name DAAAAA+TimesNewRomanPS-BoldMT Type TrueType Encoding WinAnsi Embedded 1 Subset 1 Unicode 1 Object Id 63 Name EAAAAA+ArialMT Type TrueType Encoding WinAnsi Embedded 1 Subset 1 Unicode 1 Object Id 38 Name FAAAAA+TimesNewRomanPS-ItalicMT Type TrueType Encoding WinAnsi Embedded 1 Subset 1 Unicode 1 Object Id 58 Name GAAAAA+OpenSymbol Type TrueType Encoding WinAnsi Embedded 1 Subset 1 Unicode 1 Object Id 43 Name HAAAAA+CourierNewPSMT Type TrueType Encoding WinAnsi Embedded 1 Subset 1 Unicode 1 Object Id 48 Pdf Version 1.4 Producer OpenOffice.org 2.4 Suspects no Tagged no Type pdf Userproperties no (total used 8 Fonts seems like a whole team is there to make professional posting)

link https://www.get-metadata.com/result/f61c5b7d-9136-4e4a-8dfd-2d3d21990bf3

there is another thing which I noted at satoshi pdf

References [1] W. Dai, "b-money," http://www.weidai.com/bmoney.txt, 1998. [2] H. Massias, X.S. Avila, and J.-J. Quisquater, "Design of a secure timestamping service with minimal trust requirements," In 20th Symposium on Information Theory in the Benelux, May 1999. [3] S. Haber, W.S. Stornetta, "How to time-stamp a digital document," In Journal of Cryptology, vol 3, no 2, pages 99-111, 1991. [4] D. Bayer, S. Haber, W.S. Stornetta, "Improving the efficiency and reliability of digital time-stamping," In Sequences II: Methods in Communication, Security and Computer Science, pages 329-334, 1993. [5] S. Haber, W.S. Stornetta, "Secure names for bit-strings," In Proceedings of the 4th ACM Conference on Computer and Communications Security, pages 28-35, April 1997. [6] A. Back, "Hashcash - a denial of service counter-measure," http://www.hashcash.org/papers/hashcash.pdf, 2002. [7] R.C. Merkle, "Protocols for public key cryptosystems," In Proc. 1980 Symposium on Security and Privacy, IEEE Computer Society, pages 122-133, April 1980. [8] W. Feller, "An introduction to probability theory and its applications," 1957.

if you check the domain whois the info creation date of these domain is different

I know, I know, a healthy debate is healthy and all - and maybe I'm just not used to the tumult and jostling which would be inevitable in a real live open major debate about something as vital as Bitcoin.

And I really do agree with the starry-eyed idealists who say Bitcoin is

But this particular debate, about the blocksize, doesn't seem to be getting resolved at all.

Pretty much every time I read one of the long-form major arguments contributed by Bitcoin "thinkers" who I've come to respect over the past few years, this weird thing happens: I usually end up finding myself nodding my head and

But that should be impossible - because a lot of these people vehemently disagree!

So how can both sides sound so convincing to me, simply depending on whichever piece I

Does anyone else feel this way? Or am I just a gullible idiot?

When you first look at it or hear about it, increasing the size seems almost like a no-brainer: The "big-block" supporters say just increase the blocksize to 20 MB or 8 MB, or do some kind of scheduled or calculated regular increment which tries to take into account the capabilities of the infrastructure and the needs of the users. We do have the bandwidth and the memory to at least increase the blocksize now, they say - and we're probably gonna continue to have more bandwidth and memory in order to be able to keep increasing the blocksize for another couple decades - pretty much like everything else computer-based we've seen over the years (some of this stuff is called by names such as "Moore's Law").

On the other hand, whenever the "small-block" supporters warn about the utter catastrophe that a failed hard-fork would mean, I get totally freaked by their possible doomsday scenarios, which seem totally plausible and terrifying - so I end up feeling that the only way I'd want to go with a hard-fork would be if there was some pre-agreed "triggering" mechanism where the fork itself would only actually "switch on" and take effect provided that some "supermajority" of the network (of who? the miners? the full nodes?) had signaled (presumably via some kind of totally reliable p2p trustless software-based voting system?) that they do indeed "pre-agree" to actually adopt the pre-scheduled fork (and thereby avoid

So in this "conservative" scenario, I'm talking about wanting at least 95% pre-adoption agreement - not the mere 75% which I recall some proposals call for, which seems like it could easily lead to a 75/25 blockchain split.

But this time, with this long drawn-out blocksize debate, the core devs, and several other important voices who have become prominent opinion shapers over the past few years, can't seem to come to any real agreement on this.

As far as I can see, there's this weird split: Gavin and Mike seem to be the only people among the devs who really want a major blocksize increase - and all the other devs seem to be vehemently against them.

But then on the other hand, the

And there are meta-questions about governance, about about why this didn't come out as a BIP, and what the availability of Bitcoin XT means.

And today or yesterday there was this really cool big-blockian exponential graph based on doubling the blocksize every two years for twenty years, reminding us of the pure

On the one hand, Gavin's and Mike's blocksize increase proposal initially seemed like a no-brainer to me.

And on the other hand, all the other devs seem to be against them. Which is weird - not what I'd initially expected at all (but maybe I'm just a fool who's seduced by exponential chart porn?).

Look, I don't mean to be rude to any of the core devs, and I don't want to come off like someone wearing a tinfoil hat - but it has to cross people's minds that the powers that be (the Fed and the other central banks and the governments that use their debt-issued money to run this world into a ditch) could very well be much more scared shitless than they're letting on. If we assume that the powers that be are using their usual playbook and tactics, then it could be worth looking at the book "Confessions of an Economic Hitman" by John Perkins, to get an idea of how they might try to attack Bitcoin. So, what I'm saying is, they do have a track record of sending in "experts" to try to derail projects and keep everyone enslaved to the Creature from Jekyll Island. I'm just saying. So, without getting ad hominem - let's just make sure that our ideas can really stand scrutiny on their own - as Nick Szabo says, we need to make sure there is "more computer science, less noise" in this debate.

When Gavin Andresen first came out with the 20 MB thing - I sat back and tried to imagine if I could download 20 MB in 10 minutes (which seems to be one of the basic mathematical and technological constraints here - right?)

I figured, "Yeah, I could download that" - even with my crappy internet connection.

And I guess the telecoms

On the other hand - I think we should be careful about entrusting the financial freedom of the world into the greedy hands of the telecoms companies - given all their shady shenanigans over the past few years in many countries. After decades of the MPAA and the FBI trying to chip away at BitTorrent, lately PirateBay has been hard to access. I would say it's quite likely that certain persons at institutions like JPMorgan and Goldman Sachs and the Fed might be very, very motivated to see Bitcoin fail - so we shouldn't be too sure about scaling plans which depend on the willingness of companies Verizon and AT&T to double our bandwith every two years.

I think I've read all the major stuff on the blocksize debate from Gavin Andresen, Mike Hearn, Greg Maxwell, Peter Todd, Adam Back, and Jeff Garzick and several other major contributors - and, oddly enough,

I say to myself: What's going on with me? How can I possibly agree with

I mean, think back to the glory days of a couple of years ago, when all we were hearing was how this amazing unprecedented grassroots innovation called Bitcoin was going to benefit everyone from all walks of life, all around the world:

- wealthy individuals trying to preserve and transport their wealth across space and across time
- iPhone and Android users who want to buy a latte on their smartphone at Starbucks
- Venezuelans and Argentinians and Cypriots and Russian oligarchs and Greeks and anyone else whose state-backed currency sucks
- unbanked Africans who will someday be texting around money via SMS messages on their cellphones
- online content providers who will finally be able to get paid via micropayments
- smart contracts and stock brokering and lawyering and land deeding and the refrigerator calling out to order more milk and distributed anonymous corporations (DACs) automatically negotiating and adjusting driverless taxicab fares in the Uber-future of the Internet of Things

(Although let me say that I think that people's focus on ideas like driverless cabs creating realtime fare markets based on supply and demand seems to be setting our sights a bit low as far as Bitcoin's abilities to correct the financial world's capital-misallocation problems which seem to have been made possible by infinite debt-based fiat. I would have hoped that a Bitcoin-based economy would solve much more noble, much more urgent capital-allocation problems than driverless taxicabs creating fare markets or refrigerators ordering milk on the internet of things. I was thinking more along the lines that Bitcoin would finally strangle dead-end debt-based deadly-toxic energy industries like fossil fuels and let profitable clean energy industries like Thorium LFTRs take over - but that's another topic. :=)

Let me summarize the major paradoxes I see here:

(1) Regarding the people (the majority of the core devs) who are

But now suddenly, for the first time in the history of technology, we seem to have a majority of the devs, on a major

I don't know, maybe I'm missing something here, maybe someone else could enlighten me, but I don't think I've ever seen this sort of thing happen in the last few decades of the history of technology - devs arguing

(2) But... on the other hand... the dire warnings of the small-blockians about what could happen if a hard-fork were to

I must say, that nearly all of the long-form arguments I've read - as well as many, many of the shorter comments I've read from many users in the threads, whose names I at least have come to more-or-less recognize over the past few months and years on reddit and bitcointalk - have been amazingly impressive in their ability to analyze all aspects of the lifecycle and management of open-source software projects, bringing up lots of serious points which I could never have come up with, and which seem to come from long experience with programming and project management - as well as dealing with economics and human nature (eg, greed - the game-theory stuff).

So a lot of really smart and experienced people with major expertise in various areas ranging from programming to management to game theory to politics to economics have been making some serious, mature, compelling arguments.

But, as I've been saying, the only problem to me is: in many of these cases, these arguments are vehemently in opposition to each other! So I find myself agreeing with pretty much all of them, one by one - which means the end result is just a giant contradiction.

I mean, today we have Bram Cohen, the inventor of BitTorrent, arguing (quite cogently and convincingly to me), that it would be dangerous to increase the blocksize. And this seems to be a guy who would know a few things about scaling out a massive global p2p network - since the protocol which he invented, BitTorrent, is now apparently responsible for like a third of the traffic on the internet (and this despite the long-term concerted efforts of major evil players such as the MPAA and the FBI to shut the whole thing down).

By the way - I would like to go on a slight tangent here and say that one of the main reasons why I felt so "comfortable" jumping on the Bitcoin train back a few years ago, when I first heard about it and got into it, was the whole rough analogy I saw with BitTorrent.

I remembered the perhaps paradoxical fact that when a torrent is

(BitTorrent manages to pull this off by essentially adding a certain structure to the file being shared, so that it's not simply like an append-only

The efficiency of the BitTorrent network seemed to jive with that "network law" (Metcalfe's Law?) about fax machines. This law states that the more fax machines there are, the more valuable the network of fax machines becomes. Or the value of the network grows on the order of the square of the number of nodes.

This is in contrast with other technology like cars, where the

And regarding the "stress test" supposedly happening right now in the middle of this ongoing blocksize debate, I don't know what worries me more: the fact that it apparently is taking only $5,000 to do a simple kind of DoS on the blockchain - or the fact that there are a few rumors swirling around saying that the unknown company doing the stress test shares the same physical mailing address with a "scam" company?

Or maybe we should just be worried that so much of this debate is happening on a handful of forums which are controlled by some guy named theymos who's already engaged in some pretty "contentious" or "controversial" behavior like blowing a million dollars on writing forum software (I guess he never heard that reddit.com software is open-source)?

So I worry that the great promise of "decentralization" might be more fragile than we originally thought.

Anyways, back to Metcalfe's Law: with virtual stuff, like torrents and fax machines, the more the merrier. The more people downloading a given movie, the faster it arrives - and the more people own fax machines, the more valuable the overall fax network.

So I kindof (naïvely?) assumed that Bitcoin, being "virtual" and p2p, would somehow scale up the same magical way BitTorrrent did. I just figured that more people using it would somehow automatically make it stronger and faster.

But now a lot of devs have started talking in terms of the old "scarcity" paradigm, talking about blockspace being a "scarce resource" and talking about "fee markets" - which seems kinda scary, and antithetical to much of the earlier rhetoric we heard about Bitcoin (the stuff about supporting our favorite creators with micropayments, and the stuff about Africans using SMS to send around payments).

Look, when some asshole is in line in front of you at the cash register and he's holding up the line so they can run his

Now, correct me if I'm wrong, but if some guy buys a coffee on the blockchain, or if somebody pays an online artist $1.99 for their work - then that transaction, a few bytes or so, has to live on the blockchain forever?

Or is there some "pruning" thing that gets rid of it after a while?

And this could lead to another question: Viewed from the perspective of double-entry bookkeeping, is the blockchain "world-wide ledger" more like the "balance sheet" part of accounting, i.e. a

When I think of thousands of machines around the globe having to lug around multiple identical copies of a multi-gigabyte file containing some asshole's coffee purchase forever and ever... I feel like I'm ideologically drifting in one direction (where I'd end up also being against really cool stuff like online micropayments and Africans banking via SMS)... so I don't want to go there.

But on the other hand, when really experienced and battle-tested veterans with major experience in the world of open-souce programming and project management (the "small-blockians") warn of the catastrophic consequences of a possible failed hard-fork, I get freaked out and I wonder if Bitcoin really was destined to be a settlement layer for big transactions.

And I don't mean to appeal to authority - but heck, where the hell is Satoshi Nakamoto in all this? I do understand that he/she/they would want to maintain absolute anonymity - but on the other hand, I assume SN wants Bitcoin to succeed (both for the future of humanity - or at least for all the bitcoins SN allegedly holds :-) - and I understand there is a way that SN can cryptographically sign a message - and I understand that as the original developer of Bitcoin, SN had some very specific opinions about the blocksize... So I'm kinda wondering of Satoshi could weigh in from time to time. Just to help out a bit. I'm not saying "Show us a sign" like a deity or something - but damn it sure would be fascinating and possibly very helpful if Satoshi gave us his/hetheir 2 satoshis worth at this really confusing juncture.

I'm not a programming or game-theory whiz, I'm just a casual user who has tried to keep up with technology over the years.

It just seems weird to me that here we have this massive supercomputer (500 times more powerful than the all the supercomputers in the world combined) doing fairly straightforward "embarassingly parallel" number-crunching operations to secure a p2p world-wide ledger called the blockchain to keep track of a measly 2.1 quadrillion tokens spread out among a few billion addresses - and a couple of years ago you had people like Rick Falkvinge saying the blockchain would someday be supporting multi-million-dollar letters of credit for international trade and you had people like Andreas Antonopoulos saying the blockchain would someday allow billions of "unbanked" people to send remittances around the village or around the world dirt-cheap - and now suddenly in June 2015 we're talking about blockspace as a "scarce resource" and talking about "fee markets" and partially centralized, corporate-sponsored "Level 2" vaporware like Lightning Network and some mysterious company is "stess testing" or "DoS-ing" the system by throwing away a measly $5,000 and suddenly it sounds like the whole system could eventually head right back into PayPal and Western Union territory again, in terms of expensive fees.

When I got into Bitcoin, I really was heavily influenced by vague analogies with BitTorrent: I figured everyone would just have tiny little like utorrent-type program running on their machine (ie, Bitcoin-QT or Armory or Mycelium etc.).

I figured that just like anyone can host a their own blog or webserver, anyone would be able to host their own bank.

Yeah, Google and and Mozilla and Twitter and Facebook and WhatsApp did come along and build stuff on top of TCP/IP, so I did expect a bunch of companies to build layers on top of the Bitcoin protocol as well. But I still figured the basic unit of bitcoin client software powering the overall system would be small and personal and affordable and p2p - like a bittorrent client - or at the most, like a cheap server hosting a blog or email server.

And I figured there would be a way at the software level, at the architecture level, at the algorithmic level, at the data structure level - to let the thing scale - if not infinitely, at least fairly massively and gracefully - the same way the BitTorrent network has.

Of course, I do also understand that with BitTorrent, you're sharing a read-only object (eg, a movie) - whereas with Bitcoin, you're achieving distributed trustless consensus and appending it to a write-only (or append-only) database.

So I do understand that the problem which BitTorrent solves is much simpler than the problem which Bitcoin sets out to solve.

But still, it seems that there's

It just seems that Bitcoin has

Right? Right?

I'll finally weigh with my personal perspective - although I might be biased due to my background (which is more on the theoretical side of computer science).

My own modest - or perhaps radical - suggestion would be to ask whether we're really looking at all the best possible algorithms and architectures and data structures out there.

From this perspective, I sometimes worry that the overwhelming majority of the great minds working on the programming and game-theory stuff might come from a rather specific, shall we say "von Neumann" or "procedural" or "imperative" school of programming (ie, C and Python and Java programmers).

It seems strange to me that such a cutting-edge and important computer project would have so little participation from the great minds at the

For example, I was struck in particular by statements I've seen here and there (which seemed rather hubristic or lackadaisical to me - for something as important as

I mean, many computer scientists are aware of the Curry-Howard isomorophism, which basically says that the relationship between a theorem and its proof is equivalent to the relationship between a specification and its implementation. In other words, there is a long tradition in mathematics (and in computer programming) of:

- separating the compact (and easy-to-check) statement of a theorem from the messy (and hard-to-check) details of its proof(s);
- separating the specification of a system from its implementation(s); and
- being able to
*prove*that an implementation does indeed satisfy its specification.

So I worry that we've got this tradition, from the open-source github C/Java programming tradition, of never actually writing our "specification", and only writing the "implementation". In mission-critical military-grade programming projects (which often use languages like Ada or Maude) this is simply not allowed. It would seem that a project as mission-critical as Bitcoin - which could literally be crucial for humanity's continued survival - should also use this kind of military-grade software development approach.

And I'm not saying rewrite the implementations in these kind of theoretical languages. But it might be helpful if the C/Python/Java programmers in the Bitcoin imperative programming world could build some bridges to the Maude/Haskell/ML programmers of the functional and algebraic programming worlds to see if any kind of useful cross-pollination might take place - between specifications and implementations.

For example, the JavaFAN formal analyzer for multi-threaded Java programs (developed using tools based on the Maude language) was applied to the Remote Agent AI program aboard NASA's Deep Space 1 shuttle, written in Java - and it took only a few minutes using formal mathematical reasoning to detect a potential deadlock which would have occurred years later during the space mission when the damn spacecraft was already way out around Pluto.

And "the Maude-NRL (Naval Research Laboratory) Protocol Analyzer (Maude-NPA) is a tool used to provide security proofs of cryptographic protocols and to search for protocol flaws and cryptosystem attacks."

These are open-source formal reasoning tools developed by DARPA and used by NASA and the US Navy to ensure that program implementations satisfy their specifications. It would be great if some of the people involved in these kinds of projects could contribute to help ensure the security and scalability of Bitcoin.

But there is a wide abyss between the kinds of programmers who use languages like Maude and the kinds of programmers who use languages like C/Python/Java - and it can be really hard to get the two worlds to meet. There is a bit of rapprochement between these language communities in languages which might be considered as being somewhere in the middle, such as Haskell and ML. I just worry that Bitcoin might be turning into being an exclusively C/Python/Java project (with the algorithms and practitioners traditionally of that community), when it could be more advantageous if it also had some people from the functional and algebraic-specification and program-verification community involved as well. The thing is, though: the theoretical practitioners are big on "semantics" - I've heard them say stuff like "Yes but a C / C++ program has no easily identifiable semantics". So to get them involved, you really have to first be able to talk about

And so in the theoretical programming community you've got major research on various logics such as Girard's Linear Logic (which is resource-conscious) and Bruni and Montanari's Tile Logic (which enables "pasting" bigger systems together from smaller ones in space and time), and executable algebraic specification languages such as Meseguer's Maude (which would be perfect for game theory modeling, with its functional modules for specifying the deterministic parts of systems and its system modules for specifiying non-deterministic parts of systems, and its parameterized skeletons for sketching out the typical architectures of mobile systems, and its formal reasoning and verification tools and libraries which have been specifically applied to testing and breaking - and fixing - cryptographic protocols).

And somewhat closer to the practical hands-on world, you've got stuff like Google's MapReduce and lots of Big Data database languages developed by Google as well. And yet here we are with a mempool growing dangerously big for RAM on a single machine, and a 20-GB append-only list as our database - and not much debate on practical results from Google's Big Data databases.

(And by the way: maybe I'm totally ignorant for asking this, but I'll ask anyways: why the hell does the mempool have to stay in RAM? Couldn't it work just as well if it were stored temporarily on the hard drive?)

And you've got CalvinDB out of Yale which apparently provides an ACID layer on top of a massively distributed database.

Look, I'm just an armchair follower cheering on these projects. I can barely manage to write a query in SQL, or read through a C or Python or Java program. But I would argue two points here: (1) these languages may be too low-level and "non-formal" for writing and modeling and formally reasoning about and proving properties of mission-critical

I mean, the protocol solved the hard stuff: the elliptical-curve stuff and the Byzantine General stuff. How the heck can we be falling down on the comparatively "easier" stuff - like scaling the blocksize?

It just seems like defeatism to say "Well, the blockchain is already 20-30 GB and it's gonna be 20-30 TB ten years from now - and we need 10 Mbs bandwidth now and 10,000 Mbs bandwidth 20 years from - assuming the evil Verizon and AT&T actually give us that - so let's just become a settlement platform and give up on buying coffee or banking the unbanked or doing micropayments, and let's push all that stuff into some corporate-controlled vaporware without even a whitepaper yet."

So you've got Peter Todd doing some possibly brilliant theorizing and extrapolating on the idea of "treechains" - there is a Let's Talk Bitcoin podcast from about a year ago where he sketches the rough outlines of this idea out in a very inspiring, high-level way - although the specifics have yet to be hammered out. And we've got Blockstream also doing some hopeful hand-waving about the Lightning Network.

Things like Peter Todd's treechains - which may be similar to the spark in some devs' eyes called Lightning Network - are examples of the kind of algorithm or architecture which

It just seems like a kindof tiny dev community working on this stuff.

XML and UML are crap modeling and specification languages, and C and Java and Python are even worse (as

But there

One just doesn't often see the practical, hands-on world of open-source github implementation-level programmers and the academic, theoretical world of specification-level programmers meeting very often. I wish there were some way to get these two worlds to collaborate on Bitcoin.

Maybe a good first step to reach out to the theoretical people would be to provide a modular executable algebraic specification of the Bitcoin protocol in a recognized, military/NASA-grade specification language such as Maude - because that's something the theoretical community can actually wrap their heads around, whereas it's very hard to get them to pay attention to something written

They can't check whether the program does what it's supposed to do - if you don't provide a formal mathematical definition of what the program is supposed to do.

You have to remember: the theoretical community is

Bitcoin is currently confronted with a mathematical or "computer science" problem: how to secure the network while getting high enough transactional throughput, while staying within the limited RAM, bandwidth and hard drive space limitations of current and future infrastructure.

There should be a plethora of whitepapers out now proposing algorithmic solutions to these scaling issues. Remember, all we have to do is apply the Byzantine General consensus-reaching procedure to a worldwide database which shuffles 2.1 quadrillion tokens among a few billion addresses. The 21 company has emphatically pointed out that racing to compute a hash to add a block is an "embarrassingly parallel" problem - very easy to decompose among cheap, fault-prone, commodity boxes, and recompose into an overall solution - along the lines of Google's highly successful MapReduce.

I guess what I'm really saying is (and I don't mean to be rude here), is that C and Python and Java programmers might not be the best qualified people to develop and formally prove the correctness of (note I do not say: "test", I say "formally prove the correctness of") these kinds of algorithms.

I really believe in the importance of getting the algorithms and architectures right - look at Google Search itself, it uses some pretty brilliant algorithms and architectures (eg, MapReduce, Paxos) which enable it to achieve amazing performance - on pretty crappy commodity hardware. And look at BitTorrent, which is truly p2p, where more demand leads to more supply.

So, in this vein, I will close this lengthy rant with an oddly specific link - which may or may not be able to make some interesting contributions to finding suitable algorithms, architectures and data structures which might help Bitcoin scale massively. I have no idea if this link could be helpful - but given the near-total lack of people from the Haskell and ML and functional worlds in these Bitcoin specification debates, I thought I'd be remiss if I didn't throw this out - just in case there might be something here which could help us channel the massive computing power of the Bitcoin network in such a way as to enable us simply sidestep this kind of desperate debate where both sides seem right because the other side seems wrong.

https://personal.cis.strath.ac.uk/neil.ghani/papers/ghani-calco07

The above paper is about "higher dimensional trees". It uses a bit of category theory (not a whole lot) and a bit of Haskell (again not a lot - just a simple data structure called a Rose tree, which has a wikipedia page) to develop a very expressive and efficient data structure which generalizes from lists to trees to higher dimensions.

I have no idea if this kind of data structure could be applicable to the current scaling mess we apparently are getting bogged down in - I don't have the game-theory skills to figure it out.

I just thought that since the blockchain is like a list, and since there are some tree-like structures which have been grafted on for efficiency (eg Merkle trees) and since many of the futuristic scaling proposals seem to also involve generalizing from list-like structures (eg, the blockchain) to tree-like structures (eg, side-chains and tree-chains)... well, who knows, there might be some nugget of algorithmic or architectural or data-structure inspiration there.

(1) I'm freaked out that this blocksize debate has splintered the community so badly and dragged on so long, with no resolution in sight, and both sides seeming so right (because the other side seems so wrong).

(2) I think Bitcoin could gain immensely by using high-level formal, algebraic and co-algebraic program specification and verification languages (such as Maude including Maude-NPA, Mobile Maude parameterized skeletons, etc.) to specify (and possibly also, to some degree, verify)

(3) I wonder if there are some Big Data approaches out there (eg, along the lines of Google's MapReduce and BigTable, or Yale's CalvinDB), which could be implemented to allow Bitcoin to scale massively and painlessly - and to satisfy all stakeholders, ranging from millionaires to micropayments, coffee drinkers to the great "unbanked".

'''

1 Basic knowledge of cryptography 1.1 Basic knowledge of elliptic curves 1.1.1Elliptic curve profile Let denote a finite domain, an elliptic curve defined in it, actually this curve represented as a set of points, defines an operation on elliptic curve, and two points on the elliptic curve, a + = for the two point addition operation. The intersection of the line and the curve represented by the point, and the point on the elliptic curve of the symmetry. At this point, when = when, the intersection of the tangent and the curve is represented as the point on the axis of the elliptic curve. Thus, the Abel group is formed on the finite field (+ +), and the addition unit element is. 1.1.2 Signature algorithm Defines an elliptic curve called [()) and its base point, which is the order. For the curve @ (), make a public key pair, in which the private key is the public key and can be made public. Step1: first, using Hash function to calculate the plaintext message, the Hash function algorithm used MD5 algorithm or SHA-1 algorithm can calculate the plaintext message value = (Step2); then in the interval [1, and the private key a random integer as the signature of a range of 1]; Step3: calculation a public key =;Step4: = = K, where K is the abscissa of the public key and, if = 0, returns to Step2; Step5: = = Q/ (+), which is the private key of the sender A, and if = 0, returns to Step2; Step6: the sender A transmits the message signature (to) to the receiver B. The receiver receives the message signature (B,), the specific verification process to sign the message as follows: Step1: firstly, message signature and verification, i.e. whether it is in the interval [1, N1] positive integer range, if the signature does not comply with the signature of the message, that message signature received (,) is not a valid legal signature; Step2: according to the signature public key of the sender A, the sender A and the receiver B have the same Hash function digest value, and the digest value of the signed message is calculated (=); Step3: calculates the parameter value = Q/; Step4: calculates the parameter value = = Step5: calculates the parameter value = = Step6: calculates the parameter value = +; Step7: if = 0, the receiver B may deny the signature. Otherwise, calculate '= K', where K is the parameter A horizontal coordinate; a signature. The digital signature based on ECC, partly because this scheme can avoid the order operation in the inverse operation, so it is better than the signature scheme based on discrete logarithm algorithm should be simple; on the other hand it is because the calculation of the plaintext message () (,) than the calculation simple, so its speed Schnorr digital signature scheme is faster than. Therefore, the digital signature scheme based on elliptic curve cryptography has good application advantages in resisting attack security strength, key length, computation speed, computation cost and bandwidth requirement. 1.2 Threshold key sharing technology 1.2.1 Shamir Threshold key sharing concept Threshold key sharing technology solves the key security management problem. The design of modern cryptography system is that depends on the security of cryptosystem in the cryptographic key leakage means the lost security system, so the key management plays an important role in the research and design of security in cryptography. Especially when multiple stakeholders manage an account, the key of the account is trusted, and it is very difficult to distribute it safely to multi-party participants. To solve this problem, the Israeli cryptographer Shamir proposed Shamir (,) the concept of threshold secret sharing: the key is divided into portions assigned to participants, each participant to grasp a key share, only collect more than key share, can the key recovery. 1.2.2 Linear secret sharing mechanism Linear secret sharing is the generalization of Shamir threshold key sharing. Its essence is that both the primary key space, the sub key space and the random input set are linear spaces, and the key reconstruction function is linear. The formal definition is as follows: let be a finite domain, PI is a key access structure sharing system, is the main key space. We say that Pi is a linear key sharing system, if the following conditions are met: 1) sub key is linear space, namely for, constant B, the sub key space B cd. Remember - B, e (,) as the components of B CD vector space is received, this component is dependent on the primary key and the random number 2) each authorization set may obtain the master key by means of a linear combination of sub keys, that is, for any one delegate The right to set in, constant {b, e:, B, less than 1 and less than or equal to b}, such that for any master key and random number, All = KD and l /jejcd B, e, B (E, II). 1.2.3 Shamir Polynomial interpolation threshold secret sharing scheme Shamir combines the characteristics of polynomials over finite fields and the theory of Lagrange's reconstructed polynomial, designs a threshold key management scheme based on Lagrange interpolation polynomial, and the scheme is as follows 1.3 Secure multi-party computation 1.3.1 The background of secure multiparty computation With the rapid development of Internet, more and more applications require cooperative computing among network users. But because of privacy protection and data security considerations, the user does not want to participate in collaborative computing and other users to calculate data sharing, this problem leads to collaborative computing cannot be performed, which leads to efficient use and share some of the scenarios can not be difficult to achieve the cyber source. Secure multi-party computation (secure multi-party computation) makes this problem easy to solve, and it provides a theoretical basis for solving the contradiction between data privacy protection and collaborative computing. Secure multi-party computation is the theoretical foundation of distributed cryptography, and also a basic problem of distributed computing. Secure multi-party computation means that in a non trusted multi-user network, two or more users can cooperate with each other to execute a computing task without leaking their private input information. In brief, secure multi-party computation refers to a set of people, such as /...... Q, computing functions together safely,...... , q = (/),...... (Q). Where the input of this function is held by the participant secretly, the secret input of B is B, and after the calculation, B gets the output B. Here is the safety requirements of cheating participants even in some cases, to ensure the correctness of the calculated results, which is calculated after the end of each honest participant B can get the correct output of B, but also requires each participant to ensure confidentiality of input, namely each participant B (B, b) in addition. Don't get any other information. Secure multi-party computation has been rich in theoretical results and powerful tools. Although its practical application is still in its infancy, it will eventually become an indispensable part of computer security. 1.3.2 Classification of secure multiparty computation protocols At present, secure multi-party computation protocols can be divided into four categories according to the different implementations: L secure multi-party computation protocol based on VSS sub protocol Most of the existing secure multi-party computation protocols adopt verifiable key sharing VSS (Verifiable Secret) (Sharing) the sub protocol is the basis of protocol construction, which is suitable for computing functions on any finite field. The finite field of arbitrary function can be expressed as the domain definition of addition and multiplication of the directed graph, so long as can secure computing addition and multiplication, we can calculate each addition and multiplication to calculate any function over finite fields. L secure multi-party computation protocol based on Mix-Match The secure multi-party computation protocol based on VSS sub protocol can compute arbitrary functions, but it can not efficiently calculate Boolean functions. Therefore, another secure multi-party protocol called Mix-Match is proposed. The basic idea of this protocol is that participants use secret sharing schemes to share the system's private key, and the system's public key is open. During the protocol, the participants randomly encrypt their own input public key y, then publish their own encryption results, and finally make all participants gain common output through Mix-Match. L secure multi-party computation protocol based on OT OT based secure multi-party computation protocol for computing arbitrary bit functions. It implements with "OT sub Protocol" and (and), or (or) "," (not) "three basic operations, then the arbitrary bit operation function is decomposed into a combination of three basic operations, finally by using iterative method to calculate the bit operation function. L secure multi-party computation based on homomorphic encryption Homomorphic encryption, secure multi-party computation can resist active attacks based on it is the idea of the selected atom is calculated, the calculation can be decomposed into a sequence of atomic computing allows arbitrary function and atomic calculation of input and output using homomorphic encryption, to get the final results in the encrypted state, only a specific set of participants will be able to the calculation results decrypted plaintext. 1.4 Introduction to ring signature In 2001, Rivest et al proposed a new signature technique, called Ring Signature, in the context of how to reveal the secret anonymously. Ring signature can be regarded as a kind of special group signature (Group Signature), because the establishment process need the trusted center and security group signature, often there are loopholes in the protection of anonymous (signer is traceable to the trusted center), group signature and ring signature in the foundation process in addition to the establishment of a trusted center and security. For the verifier, the signer is completely anonymous, so ring signature is more practical. Since the self ring signature was proposed, a large number of scholars have discovered its important value, such as elliptic curve, threshold and other ring signatures Volume design and development can be divided into four categories: 1. threshold ring signature 2. associated ring signature 3. revocable anonymous ring signature 4. deniable ring signature for block chain contract intelligent token transactions privacy, we use a linkable ring signature, in order to achieve privacy and prevent double problem. 2 A secure account generation scheme based on secure multi-party computation and threshold key sharing 2.1 Basic operations of secure multi-party computation The addition and multiplication, inverse element into three basic operations on the finite field, any computation can be decomposed into a sequence of the finite field addition and multiplication, inverse element, so long as to complete the three basic operations of multi-party computation, so the calculation process can be arbitrary finite domains through multi-party computation the basic operation to iterate the agreement. In this paper, we introduce a secure multi-party computation algorithm for finite fields based on secret sharing scheme based on Lagrange interpolation polynomial. 2.1.1 Addition In the secret sharing scheme based on Lagrange interpolation polynomial, the need to identify a polynomial, a shared secret is the constant term of this polynomial, and the secret share was value of this polynomial at a certain point. It is possible to set and share two secrets, the corresponding polynomials are w and X, and the secret share of participant B is b = w, B = X. In order to get the secret share of secret +, the participant B needs to construct a polynomial so that the constant of the polynomial is +, and B can be calculated. The construction process is as follows: B and B share a secret dreams and secrets, and the corresponding polynomial for W and X L = w + W / +. + W, oQ/oQ/ = {x + / +, +. X, oQ/oQ/ Might as well define = w + x = = w + x = B + B It was - 1 polynomial, and the constant term is +, for this polynomial in value * b = as + secret secret share Secure multi-party computation algorithm obtained by adding the above construction process: Addition of multi-party computation algorithms: secret, secret share, B, B output: Secret + secret share B 1)B = B + B 2.1.2 multiplication Set up two secrets, the corresponding polynomials are w and X, and the secret share of participant B is b = w, B = X. If the participants directly in the local computing B and B share a secret product, although the calculation after sharing secret is the constant term polynomials, but the degree of the polynomial is 2 (- 1), so the need to reduce the number of polynomial. The W and X share the secret share of the participant B, and the product of W and X is: Wx = w = x + / +. + (oQ/), (oQ/) Wx x = w, 1 = 1 + 1 = 2. Represented by matrices: - 1 When the upper coefficient matrix is written, it is obviously a nonsingular matrix, and the inverse matrix is denoted as Q/, which is a constant Number matrix. Remember (/, - - -, oQ/) is the first line of the matrix Q/, there are: /wx = 1 + - + - - oQ/wx, 2 - 1 Each participant randomly selected 2 - 1 - 1 - - - / polynomial, and, oQ/, to meet the requirements of B 0 = wx. Definition = "B, oQ/ Obviously: OQ/. 0 = b b 0 = /wx 1 + - - - 2 - 1 = oQ/wx +. B OQ/. = b b B Therefore, the secret is to share the secret and share the secret. A multi-party computation algorithm for multiplication 2.1.3 yuan inverse Set the secret of sharing, the corresponding polynomial is w, and the secret share of participant B is b = W. One yuan Inversion is refers to the participants by B B secret share calculation Q/ w (c) a secret share, but in the process of calculation Can not disclose, Q/ and secret share of the two. The calculation is as follows: Participant B selects the random number B, and selects the random polynomial B () to compute its secret share be = B () to the participant E. To accept all the secret share, e n = Q. Thus all participants share the same random number David - +q + = / s.. Using the multiplicative multi-party computation algorithm, the secret obtained by the secret share is calculated Share w, and sent to the other participants, so it can be recovered by using the Lagrange interpolation, we may assume that = . It is clear that the W - a Q/ C = n, i.e. Q/'s Secret share. 2.2 lock account generation scenarios The lock account generation scheme is an improvement on threshold key management scheme based on Lagrange interpolation polynomial. Its basic idea is that through the threshold secret sharing, all the authentication nodes generate a lock account in a centralized way, and each verification node has a share of the lock private key. This ensures that the lock account private key is distributed in the entire network in the form of the private key share, so it can be centralized management. 2.3 lock account signature scheme The lock account signature algorithm uses the ECDSA signature algorithm, because it is the current block chain project's mainstream signature algorithm, this choice can improve the system compatibility. In a locked account signature generation process, different from the original ECDSA signature algorithm, the private key and the random number to account is in the form of multi-party computation involved in ECDSA signature process; lock account signature verification process with the original ECDSA signature verification algorithm. Therefore, only the lock account signature generation process is described

'''

klcchain

Go1dfish undelete link

unreddit undelete link

Author: klcchain

submitted by removalbot to removalbot [link] [comments]
1 Basic knowledge of cryptography 1.1 Basic knowledge of elliptic curves 1.1.1Elliptic curve profile Let denote a finite domain, an elliptic curve defined in it, actually this curve represented as a set of points, defines an operation on elliptic curve, and two points on the elliptic curve, a + = for the two point addition operation. The intersection of the line and the curve represented by the point, and the point on the elliptic curve of the symmetry. At this point, when = when, the intersection of the tangent and the curve is represented as the point on the axis of the elliptic curve. Thus, the Abel group is formed on the finite field (+ +), and the addition unit element is. 1.1.2 Signature algorithm Defines an elliptic curve called [()) and its base point, which is the order. For the curve @ (), make a public key pair, in which the private key is the public key and can be made public. Step1: first, using Hash function to calculate the plaintext message, the Hash function algorithm used MD5 algorithm or SHA-1 algorithm can calculate the plaintext message value = (Step2); then in the interval [1, and the private key a random integer as the signature of a range of 1]; Step3: calculation a public key =;Step4: = = K, where K is the abscissa of the public key and, if = 0, returns to Step2; Step5: = = Q/ (+), which is the private key of the sender A, and if = 0, returns to Step2; Step6: the sender A transmits the message signature (to) to the receiver B. The receiver receives the message signature (B,), the specific verification process to sign the message as follows: Step1: firstly, message signature and verification, i.e. whether it is in the interval [1, N1] positive integer range, if the signature does not comply with the signature of the message, that message signature received (,) is not a valid legal signature; Step2: according to the signature public key of the sender A, the sender A and the receiver B have the same Hash function digest value, and the digest value of the signed message is calculated (=); Step3: calculates the parameter value = Q/; Step4: calculates the parameter value = = Step5: calculates the parameter value = = Step6: calculates the parameter value = +; Step7: if = 0, the receiver B may deny the signature. Otherwise, calculate '= K', where K is the parameter A horizontal coordinate; a signature. The digital signature based on ECC, partly because this scheme can avoid the order operation in the inverse operation, so it is better than the signature scheme based on discrete logarithm algorithm should be simple; on the other hand it is because the calculation of the plaintext message () (,) than the calculation simple, so its speed Schnorr digital signature scheme is faster than. Therefore, the digital signature scheme based on elliptic curve cryptography has good application advantages in resisting attack security strength, key length, computation speed, computation cost and bandwidth requirement. 1.2 Threshold key sharing technology 1.2.1 Shamir Threshold key sharing concept Threshold key sharing technology solves the key security management problem. The design of modern cryptography system is that depends on the security of cryptosystem in the cryptographic key leakage means the lost security system, so the key management plays an important role in the research and design of security in cryptography. Especially when multiple stakeholders manage an account, the key of the account is trusted, and it is very difficult to distribute it safely to multi-party participants. To solve this problem, the Israeli cryptographer Shamir proposed Shamir (,) the concept of threshold secret sharing: the key is divided into portions assigned to participants, each participant to grasp a key share, only collect more than key share, can the key recovery. 1.2.2 Linear secret sharing mechanism Linear secret sharing is the generalization of Shamir threshold key sharing. Its essence is that both the primary key space, the sub key space and the random input set are linear spaces, and the key reconstruction function is linear. The formal definition is as follows: let be a finite domain, PI is a key access structure sharing system, is the main key space. We say that Pi is a linear key sharing system, if the following conditions are met: 1) sub key is linear space, namely for, constant B, the sub key space B cd. Remember - B, e (,) as the components of B CD vector space is received, this component is dependent on the primary key and the random number 2) each authorization set may obtain the master key by means of a linear combination of sub keys, that is, for any one delegate The right to set in, constant {b, e:, B, less than 1 and less than or equal to b}, such that for any master key and random number, All = KD and l /jejcd B, e, B (E, II). 1.2.3 Shamir Polynomial interpolation threshold secret sharing scheme Shamir combines the characteristics of polynomials over finite fields and the theory of Lagrange's reconstructed polynomial, designs a threshold key management scheme based on Lagrange interpolation polynomial, and the scheme is as follows 1.3 Secure multi-party computation 1.3.1 The background of secure multiparty computation With the rapid development of Internet, more and more applications require cooperative computing among network users. But because of privacy protection and data security considerations, the user does not want to participate in collaborative computing and other users to calculate data sharing, this problem leads to collaborative computing cannot be performed, which leads to efficient use and share some of the scenarios can not be difficult to achieve the cyber source. Secure multi-party computation (secure multi-party computation) makes this problem easy to solve, and it provides a theoretical basis for solving the contradiction between data privacy protection and collaborative computing. Secure multi-party computation is the theoretical foundation of distributed cryptography, and also a basic problem of distributed computing. Secure multi-party computation means that in a non trusted multi-user network, two or more users can cooperate with each other to execute a computing task without leaking their private input information. In brief, secure multi-party computation refers to a set of people, such as /...... Q, computing functions together safely,...... , q = (/),...... (Q). Where the input of this function is held by the participant secretly, the secret input of B is B, and after the calculation, B gets the output B. Here is the safety requirements of cheating participants even in some cases, to ensure the correctness of the calculated results, which is calculated after the end of each honest participant B can get the correct output of B, but also requires each participant to ensure confidentiality of input, namely each participant B (B, b) in addition. Don't get any other information. Secure multi-party computation has been rich in theoretical results and powerful tools. Although its practical application is still in its infancy, it will eventually become an indispensable part of computer security. 1.3.2 Classification of secure multiparty computation protocols At present, secure multi-party computation protocols can be divided into four categories according to the different implementations: L secure multi-party computation protocol based on VSS sub protocol Most of the existing secure multi-party computation protocols adopt verifiable key sharing VSS (Verifiable Secret) (Sharing) the sub protocol is the basis of protocol construction, which is suitable for computing functions on any finite field. The finite field of arbitrary function can be expressed as the domain definition of addition and multiplication of the directed graph, so long as can secure computing addition and multiplication, we can calculate each addition and multiplication to calculate any function over finite fields. L secure multi-party computation protocol based on Mix-Match The secure multi-party computation protocol based on VSS sub protocol can compute arbitrary functions, but it can not efficiently calculate Boolean functions. Therefore, another secure multi-party protocol called Mix-Match is proposed. The basic idea of this protocol is that participants use secret sharing schemes to share the system's private key, and the system's public key is open. During the protocol, the participants randomly encrypt their own input public key y, then publish their own encryption results, and finally make all participants gain common output through Mix-Match. L secure multi-party computation protocol based on OT OT based secure multi-party computation protocol for computing arbitrary bit functions. It implements with "OT sub Protocol" and (and), or (or) "," (not) "three basic operations, then the arbitrary bit operation function is decomposed into a combination of three basic operations, finally by using iterative method to calculate the bit operation function. L secure multi-party computation based on homomorphic encryption Homomorphic encryption, secure multi-party computation can resist active attacks based on it is the idea of the selected atom is calculated, the calculation can be decomposed into a sequence of atomic computing allows arbitrary function and atomic calculation of input and output using homomorphic encryption, to get the final results in the encrypted state, only a specific set of participants will be able to the calculation results decrypted plaintext. 1.4 Introduction to ring signature In 2001, Rivest et al proposed a new signature technique, called Ring Signature, in the context of how to reveal the secret anonymously. Ring signature can be regarded as a kind of special group signature (Group Signature), because the establishment process need the trusted center and security group signature, often there are loopholes in the protection of anonymous (signer is traceable to the trusted center), group signature and ring signature in the foundation process in addition to the establishment of a trusted center and security. For the verifier, the signer is completely anonymous, so ring signature is more practical. Since the self ring signature was proposed, a large number of scholars have discovered its important value, such as elliptic curve, threshold and other ring signatures Volume design and development can be divided into four categories: 1. threshold ring signature 2. associated ring signature 3. revocable anonymous ring signature 4. deniable ring signature for block chain contract intelligent token transactions privacy, we use a linkable ring signature, in order to achieve privacy and prevent double problem. 2 A secure account generation scheme based on secure multi-party computation and threshold key sharing 2.1 Basic operations of secure multi-party computation The addition and multiplication, inverse element into three basic operations on the finite field, any computation can be decomposed into a sequence of the finite field addition and multiplication, inverse element, so long as to complete the three basic operations of multi-party computation, so the calculation process can be arbitrary finite domains through multi-party computation the basic operation to iterate the agreement. In this paper, we introduce a secure multi-party computation algorithm for finite fields based on secret sharing scheme based on Lagrange interpolation polynomial. 2.1.1 Addition In the secret sharing scheme based on Lagrange interpolation polynomial, the need to identify a polynomial, a shared secret is the constant term of this polynomial, and the secret share was value of this polynomial at a certain point. It is possible to set and share two secrets, the corresponding polynomials are w and X, and the secret share of participant B is b = w, B = X. In order to get the secret share of secret +, the participant B needs to construct a polynomial so that the constant of the polynomial is +, and B can be calculated. The construction process is as follows: B and B share a secret dreams and secrets, and the corresponding polynomial for W and X L = w + W / +. + W, oQ/oQ/ = {x + / +, +. X, oQ/oQ/ Might as well define = w + x = = w + x = B + B It was - 1 polynomial, and the constant term is +, for this polynomial in value * b = as + secret secret share Secure multi-party computation algorithm obtained by adding the above construction process: Addition of multi-party computation algorithms: secret, secret share, B, B output: Secret + secret share B 1)B = B + B 2.1.2 multiplication Set up two secrets, the corresponding polynomials are w and X, and the secret share of participant B is b = w, B = X. If the participants directly in the local computing B and B share a secret product, although the calculation after sharing secret is the constant term polynomials, but the degree of the polynomial is 2 (- 1), so the need to reduce the number of polynomial. The W and X share the secret share of the participant B, and the product of W and X is: Wx = w = x + / +. + (oQ/), (oQ/) Wx x = w, 1 = 1 + 1 = 2. Represented by matrices: - 1 When the upper coefficient matrix is written, it is obviously a nonsingular matrix, and the inverse matrix is denoted as Q/, which is a constant Number matrix. Remember (/, - - -, oQ/) is the first line of the matrix Q/, there are: /wx = 1 + - + - - oQ/wx, 2 - 1 Each participant randomly selected 2 - 1 - 1 - - - / polynomial, and, oQ/, to meet the requirements of B 0 = wx. Definition = "B, oQ/ Obviously: OQ/. 0 = b b 0 = /wx 1 + - - - 2 - 1 = oQ/wx +. B OQ/. = b b B Therefore, the secret is to share the secret and share the secret. A multi-party computation algorithm for multiplication 2.1.3 yuan inverse Set the secret of sharing, the corresponding polynomial is w, and the secret share of participant B is b = W. One yuan Inversion is refers to the participants by B B secret share calculation Q/ w (c) a secret share, but in the process of calculation Can not disclose, Q/ and secret share of the two. The calculation is as follows: Participant B selects the random number B, and selects the random polynomial B () to compute its secret share be = B () to the participant E. To accept all the secret share, e n = Q. Thus all participants share the same random number David - +q + = / s.. Using the multiplicative multi-party computation algorithm, the secret obtained by the secret share is calculated Share w, and sent to the other participants, so it can be recovered by using the Lagrange interpolation, we may assume that = . It is clear that the W - a Q/ C = n, i.e. Q/'s Secret share. 2.2 lock account generation scenarios The lock account generation scheme is an improvement on threshold key management scheme based on Lagrange interpolation polynomial. Its basic idea is that through the threshold secret sharing, all the authentication nodes generate a lock account in a centralized way, and each verification node has a share of the lock private key. This ensures that the lock account private key is distributed in the entire network in the form of the private key share, so it can be centralized management. 2.3 lock account signature scheme The lock account signature algorithm uses the ECDSA signature algorithm, because it is the current block chain project's mainstream signature algorithm, this choice can improve the system compatibility. In a locked account signature generation process, different from the original ECDSA signature algorithm, the private key and the random number to account is in the form of multi-party computation involved in ECDSA signature process; lock account signature verification process with the original ECDSA signature verification algorithm. Therefore, only the lock account signature generation process is described

'''

klcchain

Go1dfish undelete link

unreddit undelete link

Author: klcchain

The following post by klcchain is being replicated because the post has been silently removed.

The original post can be found(in censored form) at this link:

np.reddit.com/ Bitcoin/comments/74zyfl

The original post's content was as follows:

submitted by censorship_notifier to noncensored_bitcoin [link] [comments]
The original post can be found(in censored form) at this link:

np.reddit.com/ Bitcoin/comments/74zyfl

The original post's content was as follows:

1 Basic knowledge of cryptography 1.1 Basic knowledge of elliptic curves 1.1.1Elliptic curve profile Let denote a finite domain, an elliptic curve defined in it, actually this curve represented as a set of points, defines an operation on elliptic curve, and two points on the elliptic curve, a + = for the two point addition operation. The intersection of the line and the curve represented by the point, and the point on the elliptic curve of the symmetry. At this point, when = when, the intersection of the tangent and the curve is represented as the point on the axis of the elliptic curve. Thus, the Abel group is formed on the finite field (+ +), and the addition unit element is. 1.1.2 Signature algorithm Defines an elliptic curve called [()) and its base point, which is the order. For the curve @ (), make a public key pair, in which the private key is the public key and can be made public. Step1: first, using Hash function to calculate the plaintext message, the Hash function algorithm used MD5 algorithm or SHA-1 algorithm can calculate the plaintext message value = (Step2); then in the interval [1, and the private key a random integer as the signature of a range of 1]; Step3: calculation a public key =;Step4: = = K, where K is the abscissa of the public key and, if = 0, returns to Step2; Step5: = = Q/ (+), which is the private key of the sender A, and if = 0, returns to Step2; Step6: the sender A transmits the message signature (to) to the receiver B. The receiver receives the message signature (B,), the specific verification process to sign the message as follows: Step1: firstly, message signature and verification, i.e. whether it is in the interval [1, N1] positive integer range, if the signature does not comply with the signature of the message, that message signature received (,) is not a valid legal signature; Step2: according to the signature public key of the sender A, the sender A and the receiver B have the same Hash function digest value, and the digest value of the signed message is calculated (=); Step3: calculates the parameter value = Q/; Step4: calculates the parameter value = = Step5: calculates the parameter value = = Step6: calculates the parameter value = +; Step7: if = 0, the receiver B may deny the signature. Otherwise, calculate '= K', where K is the parameter A horizontal coordinate; a signature. The digital signature based on ECC, partly because this scheme can avoid the order operation in the inverse operation, so it is better than the signature scheme based on discrete logarithm algorithm should be simple; on the other hand it is because the calculation of the plaintext message () (,) than the calculation simple, so its speed Schnorr digital signature scheme is faster than. Therefore, the digital signature scheme based on elliptic curve cryptography has good application advantages in resisting attack security strength, key length, computation speed, computation cost and bandwidth requirement. 1.2 Threshold key sharing technology 1.2.1 Shamir Threshold key sharing concept Threshold key sharing technology solves the key security management problem. The design of modern cryptography system is that depends on the security of cryptosystem in the cryptographic key leakage means the lost security system, so the key management plays an important role in the research and design of security in cryptography. Especially when multiple stakeholders manage an account, the key of the account is trusted, and it is very difficult to distribute it safely to multi-party participants. To solve this problem, the Israeli cryptographer Shamir proposed Shamir (,) the concept of threshold secret sharing: the key is divided into portions assigned to participants, each participant to grasp a key share, only collect more than key share, can the key recovery. 1.2.2 Linear secret sharing mechanism Linear secret sharing is the generalization of Shamir threshold key sharing. Its essence is that both the primary key space, the sub key space and the random input set are linear spaces, and the key reconstruction function is linear. The formal definition is as follows: let be a finite domain, PI is a key access structure sharing system, is the main key space. We say that Pi is a linear key sharing system, if the following conditions are met: 1) sub key is linear space, namely for, constant B, the sub key space B cd. Remember - B, e (,) as the components of B CD vector space is received, this component is dependent on the primary key and the random number 2) each authorization set may obtain the master key by means of a linear combination of sub keys, that is, for any one delegate The right to set in, constant {b, e:, B, less than 1 and less than or equal to b}, such that for any master key and random number, All = KD and l /jejcd B, e, B (E, II). 1.2.3 Shamir Polynomial interpolation threshold secret sharing scheme Shamir combines the characteristics of polynomials over finite fields and the theory of Lagrange's reconstructed polynomial, designs a threshold key management scheme based on Lagrange interpolation polynomial, and the scheme is as follows 1.3 Secure multi-party computation 1.3.1 The background of secure multiparty computation With the rapid development of Internet, more and more applications require cooperative computing among network users. But because of privacy protection and data security considerations, the user does not want to participate in collaborative computing and other users to calculate data sharing, this problem leads to collaborative computing cannot be performed, which leads to efficient use and share some of the scenarios can not be difficult to achieve the cyber source. Secure multi-party computation (secure multi-party computation) makes this problem easy to solve, and it provides a theoretical basis for solving the contradiction between data privacy protection and collaborative computing. Secure multi-party computation is the theoretical foundation of distributed cryptography, and also a basic problem of distributed computing. Secure multi-party computation means that in a non trusted multi-user network, two or more users can cooperate with each other to execute a computing task without leaking their private input information. In brief, secure multi-party computation refers to a set of people, such as /...... Q, computing functions together safely,...... , q = (/),...... (Q). Where the input of this function is held by the participant secretly, the secret input of B is B, and after the calculation, B gets the output B. Here is the safety requirements of cheating participants even in some cases, to ensure the correctness of the calculated results, which is calculated after the end of each honest participant B can get the correct output of B, but also requires each participant to ensure confidentiality of input, namely each participant B (B, b) in addition. Don't get any other information. Secure multi-party computation has been rich in theoretical results and powerful tools. Although its practical application is still in its infancy, it will eventually become an indispensable part of computer security. 1.3.2 Classification of secure multiparty computation protocols At present, secure multi-party computation protocols can be divided into four categories according to the different implementations: L secure multi-party computation protocol based on VSS sub protocol Most of the existing secure multi-party computation protocols adopt verifiable key sharing VSS (Verifiable Secret) (Sharing) the sub protocol is the basis of protocol construction, which is suitable for computing functions on any finite field. The finite field of arbitrary function can be expressed as the domain definition of addition and multiplication of the directed graph, so long as can secure computing addition and multiplication, we can calculate each addition and multiplication to calculate any function over finite fields. L secure multi-party computation protocol based on Mix-Match The secure multi-party computation protocol based on VSS sub protocol can compute arbitrary functions, but it can not efficiently calculate Boolean functions. Therefore, another secure multi-party protocol called Mix-Match is proposed. The basic idea of this protocol is that participants use secret sharing schemes to share the system's private key, and the system's public key is open. During the protocol, the participants randomly encrypt their own input public key y, then publish their own encryption results, and finally make all participants gain common output through Mix-Match. L secure multi-party computation protocol based on OT OT based secure multi-party computation protocol for computing arbitrary bit functions. It implements with "OT sub Protocol" and (and), or (or) "," (not) "three basic operations, then the arbitrary bit operation function is decomposed into a combination of three basic operations, finally by using iterative method to calculate the bit operation function. L secure multi-party computation based on homomorphic encryption Homomorphic encryption, secure multi-party computation can resist active attacks based on it is the idea of the selected atom is calculated, the calculation can be decomposed into a sequence of atomic computing allows arbitrary function and atomic calculation of input and output using homomorphic encryption, to get the final results in the encrypted state, only a specific set of participants will be able to the calculation results decrypted plaintext. 1.4 Introduction to ring signature In 2001, Rivest et al proposed a new signature technique, called Ring Signature, in the context of how to reveal the secret anonymously. Ring si...

Bitcoin is one of the most popular cryptocurrencies in this category but recently we have witnessed its limitations in the area of scalability and privacy. A lot of alternative cryptocurrencies has thus been designed to provide a solution for the aforementioned aspects. Scalability: Transaction scalability is essential to create a robust platform where mass adoption is possible. 5. Cryptosystem. We typically use one or more cryptographic primitives to develop a lot of complicated algorithms, referred to as a cryptographic system, or cryptosystem. Cryptosystems designs to produce specific functionality whereas guaranteeing certain security properties. Microsoft has patented a cryptocurrency mining system that leverages human activities, including brain waves and body heat, when performing online tasks such as using search engines, chatbots, and rea Microsoft Patents New Cryptocurrency System Using Body Activity Data A cryptosystem is an implementation of cryptographic techniques and their accompanying infrastructure to provide information security services. A cryptosystem is also referred to as a cipher system. Let us discuss a simple model of a cryptosystem that provides confidentiality to the information being transmitted. This Bitcoin displayed remarkable consistency last week, nearly touching the $11,000 mark at times but spending most of the time hovering between $10,700-10,800. There was some negative price action following the news that BitMEX’s Arthur Hayes, Benjamin Delo, and Samuel Reed were indicted alongside a civil action from the Commodity Futures Trading Commission, but in general, Bitcoin has been ...

[index] [18522] [16247] [7308] [17304] [17034] [10290] [23492] [17945] [26556] [40168]

#SCAM #Bitcoin #DHDL. Category Entertainment; Show more Show less. Loading... Advertisement Autoplay When autoplay is enabled, a suggested video will automatically play next. Up next Kitchen ... Bitcoin Loophole™ Review: Does it really work? Read full review: https://automatedbinaryoption.com/bitcoin-loophole/ Visit official site:https://automatedbin... Регистрация https://bit.ly/31if1Bc ВНИМАНИЕ!!! ПРЕДСТАРТ НОВОГО ТОПОВОГО ПРОЕКТА #SYNHROS !!! ВХОД ВСЕГО 0.01 ETH Одним из ... Crypto-Währungen wie Bitcoin, Ethereum, IOTA und Ripple bewegen gerade deutsche Anleger und Unternehmer gleichermaßen. Doch welche Cryptocurrency kann eig... - trh BTCUSD (Bitcoin vs. Dolár) - timeframe: 15 minútový graf - vstupný kapitál: 10 000 USD - obdobie: 2016-2018 - max. riziko na obchod: 4%