Crypto Mining Pools 2019 : How To Choose The Best Pool

[Discord Conv] Dynamic IOTA


Disclaimer: This is my editing, so there could be some misunderstandings.
For the general view of 'what's going on?' of this dynamic ride...

2/16
dom어제 오전 5:44
Just FYI: the team is now working on a plan on how to recover from this and get the network back into operations while also allowing anyone who might have been affected to safely transition. there are no guarantees just yet, but we will do our best to get this through ASAP. Hopefully we will have a concrete action plan tomorrow and will then communicate it.
On the vulnerability side, all parties are notified and they are working with law enforcement and external auditors to fully understand how this happened. We will keep you guys posted.

dom어제 오전 5:47
needless to say, that the vulnerability itself was rather sophisticated and required access on multiple levels to be able to execute it on this scale. Hopefully we will be able to share more soon.
[Did the vulnerability existed after or before the audit on trinity?]
after the audit

dom어제 오전 5:51
Currently it looks like this will only be for recent Trinity Desktop users

dom어제 오전 5:56
the entire Trinity team did an amazing job and there is not a single person to blame. The attack itself was very sophisticated and targeted at IOTA and Trinity itself. We are already working on v2 where none of this would be possible. We will share our learnings from this publicly and also share what kind of precautionary measures we are taking.

dom어제 오전 5:58
The community also did an amazing job in helping to guide us through and give assistance to other community members.

dom어제 오전 5:58
we actually were having discussions a few weeks ago to rename Trinity (because of the religious connotation)

Jelle Millenaar [IF]어제 오전 6:37
We didn't really have panic and chaos. We actually worked really well together.

Jelle Millenaar [IF]어제 오전 6:38
[IF members, do you get paid Over Time for all the awesome work or PURE DEDICATION?]
nobody considers this overtime or anything. We just contribute because we know it is needed.

dom어제 오전 7:45
[If dependencies carry this risk, maybe they should've done an official CORE wallet and saved all the fluffy stuff for a third party app.]
that's how the new Trinity will work. Sucks that it happened now especially after we wanted to put it into maintenance mode anyways

dom어제 오전 7:49
[How do we know if the hacker has our seeds?]
this is related to a third party, unrelated to IF or IOTA

dom어제 오전 7:50
we know that this could have only been done through intrusion / collusion of an external source.
[Dom are you fully confident to solve all those problems especially regarding the possibility of even more people getting scammed instantly after coo is back again?]
yes, relatively sure. That is why we are taking the necessary time to plan accordingly.

dom어제 오전 7:55
We will provide more information on how this exploit was done soon. All the involved parties are aware of the situation

dom어제 오전 7:58
[Please give us some time before you start the coo information that we can move to new seed instantly]
don't worry, we will get it all sorted out.

dom어제 오전 8:22
once life is a bit less "tumultuos" I still want to work on that Autonomous Bar concept powered by IOTA (access control, id verification, payment and a bunch of robots)

Eric Hop [IF]어제 오후 2:44
Pretty good. I'd be surprised if we find more theft bundles. Only found one more today, while building a timeline of the theft.

Eric Hop [IF]어제 오후 2:50
We have several separate teams. One is looking at how to resume. One is looking at how to be able to rescue the funds. Others are interacting with law enforcement and third parties. I'm part of DAFT. The Data Analysis Forensics Team. Haha

Eric Hop [IF]어제 오후 3:01
Some if the people in Coordicide team like Hans have been helping out. It was an all hands on deck situation. I actually loved it. We haven't had this much of a team spirit in quite a while. Usually everyone plays in their own sand box. But this time we all played together on the beach.
It's such a joy working with so many extremely smart people. With so many eyes on the ball we did not miss much opportunities to figure things out.

Eric Hop [IF]어제 오후 3:07
And for me personally this was a great time. I am all about puzzle solving. And this was the greatest puzzle of all. With a built-in time limit. Haha

Eric Hop [IF]어제 오후 3:12
I'm not doing official statements. But we have a good overview of what happened and the extent of it. Right now we want to hammer down how to resume without risks and how to safeguard the stuck funds if possible. What is especially funny to me is that the coordinator that everyone was bitching about for years did exactly the thing it was meant to do. It allowed us to halt an exploit that otherwise would have cost everyone dearly.

Eric Hop [IF]어제 오후 3:15
It was meant as safeguard, training wheels, while we mature. And while we need to remove it due to it being a single point of failure and a bottle neck to scaling, I will be kind of sad to see it go.
Yes, IF would have done the same to safeguard funds, if a third party wallet would have been the cause. Just because we can.

Eric Hop [IF]어제 오후 3:37
Yes it was a manual attack. The sophistication was in the exploit. But he seemed to be not too sophisticated iota-wise. Everyone has their specialties I guess.

Eric Hop [IF]어제 오후 3:41
And as an aside I wish people would fuck off about the whole iota not being decentralized because of coordinator, when every block chain token is centralized around a few mining pools that seriously disrupt any possibility for positive software development. They fucking hold back everything that influences their bottom line. Which is why Bitcoin and the rest have pretty much been stagnant for years while we move forward constantly.

dom오늘 오전 7:08
We will release a new Trinity version tomorrow with the fixes implemented. It's not yet the full transition tool, but it's the first step towards fully going back to operations.

dom오늘 오전 7:09
Just wait for the rest. It is important that we get this 100% right and we are still further investigating, so there is a lot of behind the scenes work happening right now.

David Sønstebø오늘 오전 8:52
So... Tangle EE
Quite cool eh?
It's so unfortunate that this asshole managed to distract everything away from one of the biggest steps towards global adoption
Let's not give this fuckface further attention. The cause has been identified, law enforcement is involved and mitigation strategy is being worked on. There will be further official updates, but let's not halt the whole IOTA project due to one idiot.

David Sønstebø오늘 오전 8:56
[Is he identified?]
Let's just say that there's a lot of traces. The attacker does not seem to have been too sophisticated. Official update on Monday will provide details.

David Sønstebø오늘 오전 9:03
[How will this situation affect iotas partners?]
My best guess: further increasing our reputation as an organization that solves hard problems efficiently and doesn't shy away from difficulties. Every company in the world has had issues similar to this. Keep in mind that this does not at all affect the protocol/Tangle/IOTA.

David Sønstebø오늘 오전 9:08
We do have a bounty program. This/these individual/s were not interested in the greater good, pure greed and incompetence

David Sønstebø오늘 오전 9:10
[Any examples of use cases for DID on the tangle?]
Virtually all use cases on Tangle requires a secure identifier and verifiable credentials. What I think will happen is that once Tangle EE ships the first version, all other companies using IOTA will start to implement it
[One more question: How transparent will tangle EE be for the community?]
100%. This is why I/we consider Tangle EE to be such a significant milestone, it's not "just" IF, this is a coalition of major companies, start-ups and leading academic institutions building the solutions

David Sønstebø오늘 오전 9:11
[any ETA for the 1st Version?]
That's another good thing, IF won't issue the ETAs, Tangle EE will :

David Sønstebø오늘 오전 9:12
[What does T(angle)EE do exactly?]
It's a partnership and collaboration between several entities to develop and ship code and blueprints that are relevant for product developers and service providers
That blog post is a good read to get better comprehension

David Sønstebø오늘 오전 9:13
It's incredibly important that IF's role slowly but surely decreases in importance. IOTA has to succeed independent of IF post-Coordicide and multiversial-slicing (advanced sharding equivalent)

David Sønstebø오늘 오전 9:14
I would say that it's an incredible important piece of the puzzle. Naturally Object Management Group (OMG) in Tangle EE will be key here as well, but IOTA is not married to "just" Eclipse. We also work closely with Linux Foundation. However, Tangle EE is very focused

David Sønstebø오늘 오전 9:22
I don't think IF will disappear, however, it will hopefully be purely R&D-driven in 10 years, whereas the other efforts are taken over by the ecosystem (companies, academia, start-ups and enthusiasts). Even post-Coordicide, we already now have theories on how to go way beyond even that. If we achieve our goal of IOTA being equivalent to TCP/IP, there will naturally be continuous development and research in the foreseeable future. I doubt we will reach complete satisfaction, especially now that smart contracts and oracles enter the equation: there's certainly more work to be done for IF, but my goal is for IF to "simply" be R&D

David Sønstebø오늘 오전 9:27
Definitely. This is why I coined the requirement for a "grandma on crack"; this is truly how simply using IOTA should be in 2-5 years. Just like very few even know wtf TCP/IP is

David Sønstebø오늘 오전 9:57
I agree 100% with your assessment, though as would Netflix do with Blockbuster's assessment when they declined to acquire Netflix. At the end of the day it's all about basic economic and human behavioural principles.
Human nature does not change, but our environment does. Disruption will continue forever. Darwinian principles will forever remain true.
A better option = adoption. It doesn't matter how hard the incumbents fight against it, they either adapt or go Kodak/Nokia/AOL
submitted by btlkhs to Iota [link] [comments]

MiniSwap -- A New Hybrid Incentive Model in DeFi

Cryptocurrency exchanges process over $20 billion in trade volume per day. Most of the transactions are going through centralized exchanges, where the users need to fully trust them for managing their assests and transactions. However, the risk of trusting these centralized exchanges has also been seen. For example, QuadrigaCX, which was the largest cryptocurrency exchange in Canada, lost $19 million of their customers' assets [1].
Decentralized Exchanges (DEXes) have been introduced to address this problem -- they allow traders to purchase and sell cryptocurrencies in a peer-to-peer manner, so no involvement of any trusted party is required. Atomic Swap is one of the promising technology for implementing a DEX. While it enables pure peer to peer trading, it also introduces problems such as unfairness and long confirmation latency. While existing work [2] has provided a solution towards a fair atomic swap protocol, the issue of long confirmation latency is inherent.
Another promising direction is leveraging liquidity pools. With liquidity pools, pairs of assets are reserved for trading. For any pair of assets supported by the liquidity pool, traders can exchange their assets without any third party. As traders can only perform the transactions if there are reserved assets, one core problem is how to attract liquidity providers to provide liquidity by reserving assets. It is not difficult to see that incentive [3,4], which has been a key component of all permissionless blockchains, can be equipped to incentivize liqudity providers. However, flawed incentive designs will lead to attacks and other concerns [5-13].
There are two main types of incentive designs, namely "trans-fee mining" and "liquidity mining". They are different from the Proof-of-X mining in blockchains for reaching consensus (a detailed analysis can be found in the survey [14]). Rather, they are used to incentivise users to join the ecosystem.
"Trans-fee mining" was proposed by FCoin in 2018 [15]. With FCoin, each time a transaction is created, 100% of its transaction fee will be returned in FCoin token to the payer as a reward. This is one incentive design to encourage traders to join the system. However, as FCoin may have no value to the trader, FCoin also introduces extra reward to all coin holders -- 80% of the transaction fee in its native currency (such as ETH) will be distributed to all coin holders. So, traders are incentivized to join the system, becoming a holder of FCoin token, and obtaining a share of the transaction fee of every transaction in the FCoin ecosystem.
While this had successful attracted traders, it is not sustainable. Rather than charging a trader to perform transactions, FCoin rewards traders. Profit-driven traders will create transactions at full speed to earn FCoin token and the share as a token holder. Indeed, the trading volume of FCoin was the top one among all exchange services, and the daily reward can be as high as 6000 BTC [16]. However, once all coins are minted, then the system would lose liveness as there is not enough supply to be distributed.
"Liquidity mining" aims at giving reward to the liquidity providers rather than the traders. There are different ways to implement liquidity mining. Compound [17] is a famous example of protocols deploying liquidity mining. With Compound, users become a liquidity provider by supply assets to a pool and obtain interests for its contribution (similar to depositing money into a bank). Liquidity providers first reserve some assets in the pool and obtain "cToken" of Compound which entitles the owner to an increasing quantity of the underlying asset. Users can use their "cToken" to borrow different assets available on the Compound and pay some interests to Compund. The borrowers may have some quick gains through the financial games [18]. Both borrowers and liquidity providers can withdraw their asset by trading them back with "cToken". Oners of "cToken" can also manage the business direction and decisions of Compound through weighted voting. The potential concern here is that rich users might be able to take over the control of the system.
Uniswap [19] is another popular DEX deploying liquidity mining. Uniswap incentivizes liquidity providers by giving them a share of the earned transaction fees. In particular, Uniswap changes each transaction a 0.3% fee, where 0.25% will be distributed to the liquidity providers, and 0.05% will go to the Uniswap account. One issue is how to incentivize traders. With Uniswap, traders are incentivized by the potential profit it can gain through the price difference between Uniswap and other exchanges. Uniswap price oracle is based on a constant function market makers [20,21], where the product of the number of reserved tokens is a constant. For example, if Uniswap has a pair of X token A and Y token B, then when a user using X' token A to buy Y' token B, the product of the reserved number of tokens should remain the same, i.e., XY = (X+X')(Y-Y'). The price of Uniswap (V1) is also defined in this way. This allows traders to speculate in the exchange market as the asset price on Uniswap is changed dynamically and is different from other exchanges. This, on the other hand, may have a security risk as the price can be easily manipulated. Uniswap (V2) fixed this problem by taking an accumulated price over a period of time [22]. However, as speculation/manipulation becomes harder, the trading volume may decrease.
MiniSwap [23] introduces a hybrid model (a mixture of "trans-fee mining" and "liquidity mining") to address the above issues. MiniSwap provides three types of rewards. For each trade with transaction fee f ETH in MiniSwap, a number of MiniSwap tokens (called MINI) worth 2f ETH will be minted. A (parameterized) portion of the tokens are given to the trader, and the rest are distribued to the liqudity providers. The transaction fee (f ETH) is used to exchange MINI in the liquidity pool. 50% of the obtained MINI will be distributed to all MINI holders, and the other 50% will be destroyed. In this way, both traders and liquidity providers are incentivized to join the ecosystem.
Recall that with FCoin, there is a problem when all coins are minted. MiniSwap has an upper bound (of 500,000 tokens) on the number of tokens can be created every day, and this limit reduces every month until a point where the limit (18,000 tokens) remains unchanged. This guarantees the sustainability of the system as the mining process can last for 100 years. The parameterized ratio of tokens as the reward to the trader and liquidity provider can also strengthen sustainability. It enables the system to dynamically balance the incentive of different parties in the system to make it more sustainable.
Overall, the MiniSwap hybrid model has taken the benefit of both "trans-fee mining" model and "liquidity mining" model, while eliminated the potential concerns. Formally defining and analyzing these models, e.g. through the game-theoretic approach [24], would be an interesting direction.
Reference
[1] The Guardian, Cryptocurrency investors locked out of $190m after exchange founder dies, 2019.
[2] Runchao Han, Haoyu Lin, Jiangshan Yu. On the optionality and fairness of Atomic Swaps, ACM Conference on Advances in Financial Technologies, 2019.
[3] Satoshi Nakamoto. 2008. Bitcoin: a peer-to-peer electronic cash system
[4] Jiangshan Yu, David Kozhaya, Jeremie Decouchant, and Paulo Verissimo. Repucoin: your reputation is your power. IEEE Transactions on Computers, 2019.
[5] Joseph Bonneau. Why Buy When You Can Rent? - Bribery Attacks on Bitcoin-Style Consensus. Financial Cryptography and Data Security - International Workshops on BITCOIN, VOTING, and WAHC, 2016.
[6] Yujin Kwon, Hyoungshick Kim, Jinwoo Shin, and Yongdae Kim. Bitcoin vs. Bitcoin Cash: Coexistence or Downfall of Bitcoin Cash, IEEE Symposium on Security and Privacy (SP), 2019.
[7] Kevin Liao and Jonathan Katz. Incentivizing blockchain forks via whale transactions. International Conference on Financial Cryptography and Data Security, 2017.
[8] Ayelet Sapirshtein, Yonatan Sompolinsky, and Aviv Zohar. Optimal Selfish Mining Strategies in Bitcoin. Financial Cryptography and Data Security, 2016.
[9] Ittay Eyal and Emin Gün Sirer. Majority Is Not Enough: Bitcoin Mining Is Vulnerable. Financial Cryptography and Data Security, 2014.
[10] Ittay Eyal. The Miner’s Dilemma. IEEE Symposium on Security and Privacy, 2015.
[11] Miles Carlsten, Harry A. Kalodner, S. Matthew Weinberg, and Arvind Narayanan. On the Instability of Bitcoin Without the Block Reward. ACM SIGSAC Conference on Computer and Communications Security, 2016.
[12] Kartik Nayak, Srijan Kumar, Andrew Miller, and Elaine Shi. Stubborn mining: generalizing selfish mining and combining with an eclipse attack. IEEE European Symposium on Security and Privacy, 2016.
[13] Runchao Han, Zhimei Sui, Jiangshan Yu, Joseph K. Liu, Shiping Chen. Sucker punch makes you richer: Rethinking Proof-of-Work security model, IACR Cryptol. ePrint Arch, 2019.
[14] Christopher Natoli, Jiangshan Yu, Vincent Gramoli, Paulo Jorge Esteves Veríssimo.
Deconstructing Blockchains: A Comprehensive Survey on Consensus, Membership and Structure. CoRR abs/1908.08316, 2019.
[15] FCoin, https://www.fcoin.pro
[16] The Block Crypto. Cryptocurrency exchange Fcoin expects to default on as much as $125M of users' bitcoin, 2020.
[17] Compound, https://compound.finance.
[18] Philip Daian, Steven Goldfeder, Tyler Kell, Yunqi Li, Xueyuan Zhao, Iddo Bentov, Lorenz Breidenbach, Ari Juels. Flash Boys 2.0: Frontrunning, Transaction Reordering, and Consensus Instability in Decentralized Exchanges. IEEE Symposium on Security and Privacy, 2020.
[19] Uniswap. https://uniswap.org
[20] Bowen Liu, Pawel Szalachowski. A First Look into DeFi Oracles. CoRR abs/2005.04377, 2020.
[21] Guillermo Angeris, Tarun Chitra. Improved Price Oracles: Constant Function Market Makers, CoRR abs/ 2003.10001, 2020.
[22] Uniswap V2.0 whitepaper. https://uniswap.org/whitepaper.pdf
[23] MiniSwap. https://www.miniswap.org
[24] Ziyao Liu, Nguyen Cong Luong, Wenbo Wang, Dusit Niyato, Ping Wang, Ying-Chang Liang, Dong In Kim. A Survey on Blockchain: A Game Theoretical Perspective. IEEE Access, 2019.
submitted by MINISWAP to u/MINISWAP [link] [comments]

Monero, the Most Private Cryptocurrency

Monero, the Most Private Cryptocurrency
Written by the CoinEx Institution, this series of jocular and easy to understand articles will show you everything you need to know about major cryptocurrencies, making you fully prepared before jumping into crypto!

https://preview.redd.it/ryvcznqspe451.jpg?width=720&format=pjpg&auto=webp&s=5fa91e26288d7b0a624113ed21172cc9fd5624a3
Monero, or XMR for short, is an open-source cryptocurrency that is safe, reliable, private, and untraceable. It can run on Windows, Mac, Linux, and FreeBSD, and is known as one of the most private cryptocurrencies. In 2018, Monero already ranked 10th in terms of trading volume, with its market value beyond 1 billion US dollars, an evidence for its great fame in this field.
By a special method in cryptography, Monero ensures that all transactions remain 100% irrelevant and untraceable. Perhaps after reading this article, you will understand why it is so special and popular in the increasingly transparent and traceable cryptocurrency circle (After all privacy comes first!).
In fact, many large cryptocurrencies in the world are not anonymous. All transactions on Bitcoin and Ethereum are made public and traceable, which means that anyone can eavesdrop on transactions flowing into and out of the wallet. That has given rise to a new type of cryptocurrency called “privacy currency”! These “privacy currencies” hide encrypted transactions by adopting specific types of passwords. One typical example is Monero, one of the largest privacy cryptocurrencies in the world.
Monero was created on April 18, 2014 under the name BitMonero, literally the combination of Bit (Bitcoin) and Monero (the “coin” in Esperanto). In five days, the community decided to change its name to Monero.
Interestingly, Monero’s creators valued personal privacy and tried to behave in a low-key manner with pseudonyms instead of the real names. It is said that the Monero major contributor’s nickname is “thankful for today”, yet this guy has gradually disappeared from public view as Monero developed day by day.
Unlike many cryptocurrencies derived from BTC, Monero is based on the CryptoNote protocol. It is also the first branch based on the Bytecoin of CryptoNote currency. Here is some information about Bytecoin: BCN, for short, is a decentralized cryptocurrency with a high degree of privacy; it has open-source codes that allow everyone to contribute to the development of the Bytecoin network; and the Bytecoin network provides global users with instant private transactions that are not traceable and at no additional cost.
Yet, as a branch of BCN, Monero outshines its parent in reputation by being different in two ways. First, Monero’s target block time was reduced from 120 seconds to 60 seconds; second, the issuance speed was cut by 50% (which reverted to 120-second residence later, with the issuance time maintained and the reward for each new block doubled). By the way, during the fork, the Monero developers also found a lot of low-quality codes and then refactored them. (That is exactly what geeks will do)
Monero’s modular code structure was also highly appreciated by Wladimir J. van der Laan, one of the core maintainers of Bitcoin.
Monero values privacy, decentralization and scalability, and there are significant algorithm differences in blockchain fuzzification, which sets it apart from its peers. How private is it? Here are more details.
1. Safe and reliable
For a decentralized cryptocurrency, decentralization means that its network is operated by users; transactions are confirmed by decentralized consensus and then recorded on the blockchain irrevocably. Monero needs no third party to guarantee the safety of funds;
2. Privacy protection
Monero confuses all transaction sources, amounts, and recipients through ring signatures, ring confidential transactions, and invisible addresses. Apart from all the advantages of a decentralized cryptocurrency, it is by no means inferior in safeguarding privacy;
3. Unable to track
The sender, the receiver and the transaction amount of all Monero transactions must be anonymous by default. The information on the Monero Blockchain cannot be matched with physical individuals or specific users, so there is no trace to track;
4. Scalable
Everyone knows that Bitcoin’sability to process transactions has always been limited by the scalability issue; as we have mentioned before in the introduction of Bitcoin, the block size of 1MB makes things difficult. But Monero’s developers have created a system that allows the network to process more transactions when needed; what’s more, Monero does not have any “pre-set” restrictions on block size.
Of course, this also means that some malicious miners may block the system with large blocks. To prevent this from happening, Monero has worked out countermeasures: the block reward penalty of the system.
On October 18, 2018, Monero’s latest hard fork changed the consensus mechanism algorithm to CrypotoNight V8. In this hard fork, it introduced the BulletProff bulletproof protocol, which can also effectively reduce the transaction fee of miners without disclosing transactions
It is said that Monero will issue about 18.4 million XMR in around 8 years. Moreover, it eclipses its counterparts in distribution — with no pre-mining or pre-sale, all block rewards will be left to miners by means of the POW mechanism.
Here is the reward scheme of Monero in two stages:
  1. Acceleration: mine 18132000 XMR before May 2022;
  2. Deceleration: Deceleration starts right after 18132000 XMR are mined, and there will be a reward of 0.6XMR for each block mined afterwards. In this way, the overall supply will be kept on a small scale and decelerated.
Monero is also excellent in its development concept that is designed to be anti-ASIC from the very beginning. Here is a brief introduction to ASIC (Special Application Integrated Circuit).
Due to the specificity of ASICs, specially designed ASICs can usually have much higher hashrate than general CPUs, GPUs, and even FPGAs — that makes hashrate excessively centralized and makes it vulnerable to the monopoly of single centralized institutions. Yet the cryptonight algorithm used by Monero allows most CPUs and even FPGAs to get involved and get mining rewards, instead of making GPU the only one that can efficiently mine.
In other words, Monero’s core development team will modify the consensus mechanism algorithm and have a hard fork after some time to ensure its strength against ASIC and the monopoly of hashrate.
However, although Monero has been designed against ASICs to avoid centralization, nearly 43% of its hashrate is still owned by 3 mining pools; in addition, it is not a BTC-based currency, making it even harder to introduce some elements. Of course, Monero is not that newbie-friendly, and thus has not been widely accepted.
Yet each cryptocurrency has its own features. As long as Monero keeps improving its privacy, it will definitely attract increasing followers. If you are interested in Monero, welcome to CoinEx for exchange or trade.

About CoinEx

As a global and professional cryptocurrency exchange service provider, CoinEx was founded in December 2017 with Bitmain-led investment and has obtained a legal license in Estonia. It is a subsidiary brand of the ViaBTC Group, which owns the fifth largest BTC mining pool, which is also the largest of BCH mining, in the world.
CoinEx supports perpetual contract, spot, margin trading and other derivatives trading, and its service reaches global users in nearly 100 countries/regions with various languages available, such as Chinese, English, Korean and Russian.
Website: https://www.coinex.com/
Twitter: https://twitter.com/coinexcom
Telegram: https://t.me/CoinExOfficialENG
Click here to register on CoinEx!
submitted by CoinEx_Institution to Coinex [link] [comments]

51% attacks are morally justifiable

In this short post I want to set out my case for the moral justifiability of 51% attacks against proof of work cryptocurrencies. In the past, a 51% attack was a theoretical construct that most people didn´t seem to think would be practically achievable or lucrative. This has now changed, as hashpower can be rented on sites like Nicehash and Mining Rig Rentals for a few hours at a time. The attack delivers the attacker two prominent opportunities:
-You can orphan blocks of ¨legitimate¨ miners. This essentially means that whatever work was produced by legitimate miners during your attack became worthless. Mine a secret chain of two hours worth of blocks, release it and you orphaned 2 hours worth of blocks by your competitors. By the time most of the miners have noticed their blocks were orphaned in an attack, their nodes will have been automatically mining on your own chain for a while and it will be too late for them to do anything about it. The amount of money they lost would be equivalent to the amount you had to spend to produce your chain. Because mining is an industry with tight margins, the economic impact on these miners can be very big. The cost may be sufficient in case of a very long attack, to persuade them to quit their endeavor and get a real job.
-The more important opportunity is that you´re able to double spend your coins. This is potentially, incredibly lucrative. How lucrative it is tends to depend primarily on the inflation rate of a cryptocurrency. A low inflation rate means relatively little ¨work¨ is done to maintain the security of the system. A high inflation rate on the other hand, turns the cryptocurrency into a very poor long-term investment. As a consequence, most cryptocurrencies face declining inflation rates, that delay the problem of their ultimately unsustainability into the future. The bank of international settlements explains this issue here.
When it comes to the moral justification of a 51% attack, we first have to ask ourselves why proof of work is morally unjustifiable. There are two main reasons for this:
-Proof of work has an enormous environmental impact, that ensures future generations will have to deal with the dramatic consequences of climate change. There is no proper justification for this environmental impact, as it delivers no clear benefits over existing payment systems other than the ability to carry out morally unjustifiable actions like blackmail.
-Proof of work is fundamentally unsustainable, because of the economic burden it places on participants in cryptocurrency schemes. Cryptocurrencies can´t produce wealth out of thin air. The people who get rich from a cryptocurrency becomes rich, due to the fact that other people step in later. In this sense we´re dealing with a pyramid scheme, but the difference from regular pyramid schemes lies in the fact that huge sums of wealth are not merely redistributed, but destroyed, to sustain the scheme. The cost of the work to sustain the scheme is bigger than you might expect, because the reality is that relatively little money has entered bitcoin. JP Morgan claims that for the crypto assets at large, a fiat amplifier of 117.5 is present, as a purported $2 billion in net inflow pushed Bitcoin’s market capitalization from $15 billion to $250 billion. You have to consider that the Digiconomist estimates that $2.6 billion dollar leaves the Bitcoin scheme on an annual basis, in the form of mining costs to sustain Bitcoin. The vast majority of retail customers who entered this scheme ended up losing money from it. In some cases this lead to suicides.
The fact that proof of work is morally unjustifiable doesn´t directly lead to a moral justification for a 51% attack. After all a sane society would use government intervention to eliminate the decentralized ponzi schemes that are cryptocurrencies. There are a few things that need to be considered however:
-Governments have so far failed in their responsibility to address the cryptocurrency schemes. Instead you tend to see officials insist that proof of work might suck and most cryptocurrency is a scam, but ¨blockchain technology¨ will somehow change the world for the better. Most libertarians who saw these schemes emerge insisted that it´s stupid to participate in them because the government would eventually ban them and round up the people who participated in them. This didn´t happen because of the logistical difficulty of suppressing these schemes (anyone with an internet connection can set one up) as well as the fact that suppressing them would lend credence to the anti-government anarcho-capitalist ideology on which these schemes are based. Goverments might say ¨these schemes facilitate crime, ruin the environment and redistribute wealth from naive individuals to scammers¨, but anarcho-capitalists would insist that governments have grown so tyrannical that they want to ban you from exchanging numbers on computers.
-Because cryptocurrency is fundamentally an online social arrangement, governments have very limited influence over the phenomenon. Binance seeks to become a stateless organization, not subject to the jurisdiction of any particular government. Just as with regular money laundering and tax evasion that hides in small nations that can earn huge sums of money by facilitating these practises, governments are dependent on the actions of individuals to address these practices. Whistleblowers released the panama papers and the tax evasion by German individuals through Swiss bank accounts. Through such individuals, the phenomenon could be properly addressed. In a similar manner, cryptocurrency schemes will need to be addressed through the actions of individuals who recognize the damage these schemes cause to the fabric of society.
-The very nature of a 51% attack means that it primarily punishes those who set up and facilitate the cryptocurrency scheme in the first place. The miners who pollute our environment to satiate their own greed are bankrupted by the fact that their blocks are orphaned. The exchange operators are bankrupted due to double-spend attacks against the scams that they facilitate. When this happens, the cryptocurrency in question should lose value, which then destroys the incentive to devote huge sums of electricity to it.
Finally, there´s the question of whether 51% attacks are viable as a response to cryptocurrency. There´s the obvious problem you run into, that the biggest and oldest scams are the most difficult to shut down. In addition, cryptocurrencies that fell victim to an attack tend to move towards a checkpoint system. However, there are a few things that need to be considered here:
-51% attacks against small cryptocurrencies might not have a huge impact, but their benefit is nonetheless apparent. Most of the new scams don´t require participants to mine, instead the new schemes generally depend on ¨staking¨. If people had not engage in 51% attacks, the environmental impact would have been even bigger now.
-51% attacks against currencies that implement checkpointing are not impossible, if the checkpoints are decentrally produced. What happens in that case is a chain split, as long as the hostile chain is released at the right time. This would mean that different exchanges may get stuck on different forks, which would still allow people to double spend their cryptocurrency.
-There are other attacks that can be used against proof of work cryptocurrencies. The most important one is the block withholding attack. It´s possible for people who dislike a cryptocurrency to join a pool and to start mining. However, whenever the miner finds a valid solution that would produce a block, he fails to share the solution with the pool. This costs money for the pool operator, but it can be lucrative for the actor if he also operates a competing pool himself. In the best case it leads to miners moving to his pool, which then potentially allows him to execute a 51% attack against the cryptocurrency.
-It´s possible to put up a 51% attack bounty, allowing others to do the work for you. This works as following. You make transaction A : 100 bitcoin to exchange X, for a fee of 0.001 BTC. Once this transaction has been included in a block, you immediately broadcast a conflicting transaction with another node: You´ŕe sending those 100 bitcoin to your own wallet, but you´re also including a 50 bitcoin fee for the miners. The miners now have a strong incentive to disregard the valid chain and to start mining a new chain on an older block that can still include your conflicting transaction. Provided that pool operators are rational economic agents, they should grab the opportunity.
-Selfish mining in combination with a Sybil attack allows someone to eclipse the rest of the network, while controlling less than 51% of the hashrate. Your malicious nodes will simply refuse to propagante blocks of your competitors, thereby giving you more time to release your own block. Selfish mining will always be possible with 33% of the hashrate and as far as I can tell there are no pathways known currently to make the scheme impossible for people with 25% of the hashrate. This potentially makes a 51% attacks lucrative without having to carry out double-spend attacks against exchanges. Although double spending is a form of theft, it´s not clear to me whether a selfish mining attack would get you into legal trouble or not.

Conclusion:

The dreaded 51% attack is a morally justifiable and potentially lucrative solution to the Nakamoto scheme.
submitted by milkversussoy to Buttcoin [link] [comments]

Searching for the Unicorn Cryptocurrency

Searching for the Unicorn Cryptocurrency
For someone first starting out as a cryptocurrency investor, finding a trustworthy manual for screening a cryptocurrency’s merits is nonexistent as we are still in the early, Wild West days of the cryptocurrency market. One would need to become deeply familiar with the inner workings of blockchain to be able to perform the bare minimum due diligence.
One might believe, over time, that finding the perfect cryptocurrency may be nothing short of futile. If a cryptocurrency purports infinite scalability, then it is probably either lightweight with limited features or it is highly centralized among a limited number of nodes that perform consensus services especially Proof of Stake or Delegated Proof of Stake. Similarly, a cryptocurrency that purports comprehensive privacy may have technical obstacles to overcome if it aims to expand its applications such as in smart contracts. The bottom line is that it is extremely difficult for a cryptocurrency to have all important features jam-packed into itself.
The cryptocurrency space is stuck in the era of the “dial-up internet” in a manner of speaking. Currently blockchain can’t scale – not without certain tradeoffs – and it hasn’t fully resolved certain intractable issues such as user-unfriendly long addresses and how the blockchain size is forever increasing to name two.
In other words, we haven’t found the ultimate cryptocurrency. That is, we haven’t found the mystical unicorn cryptocurrency that ushers the era of decentralization while eschewing all the limitations of traditional blockchain systems.
“But wait – what about Ethereum once it implements sharding?”
“Wouldn’t IOTA be able to scale infinitely with smart contracts through its Qubic offering?”
“Isn’t Dash capable of having privacy, smart contracts, and instantaneous transactions?”
Those thoughts and comments may come from cryptocurrency investors who have done their research. It is natural for the informed investors to invest in projects that are believed to bring cutting edge technological transformation to blockchain. Sooner or later, the sinking realization will hit that any variation of the current blockchain technology will always likely have certain limitations.
Let us pretend that there indeed exists a unicorn cryptocurrency somewhere that may or may not be here yet. What would it look like, exactly? Let us set the 5 criteria of the unicorn cryptocurrency:
Unicorn Criteria
(1) Perfectly solves the blockchain trilemma:
o Infinite scalability
o Full security
o Full decentralization
(2) Zero or minimal transaction fee
(3) Full privacy
(4) Full smart contract capabilities
(5) Fair distribution and fair governance
For each of the above 5 criteria, there would not be any middle ground. For example, a cryptocurrency with just an in-protocol mixer would not be considered as having full privacy. As another example, an Initial Coin Offering (ICO) may possibly violate criterion (5) since with an ICO the distribution and governance are often heavily favored towards an oligarchy – this in turn would defy the spirit of decentralization that Bitcoin was found on.
There is no cryptocurrency currently that fits the above profile of the unicorn cryptocurrency. Let us examine an arbitrary list of highly hyped cryptocurrencies that meet the above list at least partially. The following list is by no means comprehensive but may be a sufficient sampling of various blockchain implementations:
Bitcoin (BTC)
Bitcoin is the very first and the best known cryptocurrency that started it all. While Bitcoin is generally considered extremely secure, it suffers from mining centralization to a degree. Bitcoin is not anonymous, lacks smart contracts, and most worrisomely, can only do about 7 transactions per seconds (TPS). Bitcoin is not the unicorn notwithstanding all the Bitcoin maximalists.
Ethereum (ETH)
Ethereum is widely considered the gold standard of smart contracts aside from its scalability problem. Sharding as part of Casper’s release is generally considered to be the solution to Ethereum’s scalability problem.
The goal of sharding is to split up validating responsibilities among various groups or shards. Ethereum’s sharding comes down to duplicating the existing blockchain architecture and sharing a token. This does not solve the core issue and simply kicks the can further down the road. After all, full nodes still need to exist one way or another.
Ethereum’s blockchain size problem is also an issue as will be explained more later in this article.
As a result, Ethereum is not the unicorn due to its incomplete approach to scalability and, to a degree, security.
Dash
Dash’s masternodes are widely considered to be centralized due to their high funding requirements, and there are accounts of a pre-mine in the beginning. Dash is not the unicorn due to its questionable decentralization.
Nano
Nano boasts rightfully for its instant, free transactions. But it lacks smart contracts and privacy, and it may be exposed to well orchestrated DDOS attacks. Therefore, it goes without saying that Nano is not the unicorn.
EOS
While EOS claims to execute millions of transactions per seconds, a quick glance reveals centralized parameters with 21 nodes and a questionable governance system. Therefore, EOS fails to achieve the unicorn status.
Monero (XMR)
One of the best known and respected privacy coins, Monero lacks smart contracts and may fall short of infinite scalability due to CryptoNote’s design. The unicorn rank is out of Monero’s reach.
IOTA
IOTA’s scalability is based on the number of transactions the network processes, and so its supposedly infinite scalability would fluctuate and is subject to the whims of the underlying transactions. While IOTA’s scalability approach is innovative and may work in the long term, it should be reminded that the unicorn cryptocurrency has no middle ground. The unicorn cryptocurrency would be expected to scale infinitely on a consistent basis from the beginning.
In addition, IOTA’s Masked Authenticated Messaging (MAM) feature does not bring privacy to the masses in a highly convenient manner. Consequently, the unicorn is not found with IOTA.

PascalCoin as a Candidate for the Unicorn Cryptocurrency
Please allow me to present a candidate for the cryptocurrency unicorn: PascalCoin.
According to the website, PascalCoin claims the following:
“PascalCoin is an instant, zero-fee, infinitely scalable, and decentralized cryptocurrency with advanced privacy and smart contract capabilities. Enabled by the SafeBox technology to become the world’s first blockchain independent of historical operations, PascalCoin possesses unlimited potential.”
The above summary is a mouthful to be sure, but let’s take a deep dive on how PascalCoin innovates with the SafeBox and more. Before we do this, I encourage you to first become acquainted with PascalCoin by watching the following video introduction:
https://www.youtube.com/watch?time_continue=4&v=F25UU-0W9Dk
The rest of this section will be split into 10 parts in order to illustrate most of the notable features of PascalCoin. Naturally, let’s start off with the SafeBox.
Part #1: The SafeBox
Unlike traditional UTXO-based cryptocurrencies in which the blockchain records the specifics of each transaction (address, sender address, amount of funds transferred, etc.), the blockchain in PascalCoin is only used to mutate the SafeBox. The SafeBox is a separate but equivalent cryptographic data structure that snapshots account balances. PascalCoin’s blockchain is comparable to a machine that feeds the most important data – namely, the state of an account – into the SafeBox. Any node can still independently compute and verify the cumulative Proof-of-Work required to construct the SafeBox.
The PascalCoin whitepaper elegantly highlights the unique historical independence that the SafeBox possesses:
“While there are approaches that cryptocurrencies could use such as pruning, warp-sync, "finality checkpoints", UTXO-snapshotting, etc, there is a fundamental difference with PascalCoin. Their new nodes can only prove they are on most-work-chain using the infinite history whereas in PascalCoin, new nodes can prove they are on the most-work chain without the infinite history.”
Some cryptocurrency old-timers might instinctively balk at the idea of full nodes eschewing the entire history for security, but such a reaction would showcase a lack of understanding on what the SafeBox really does.
A concrete example would go a long way to best illustrate what the SafeBox does. Let’s say I input the following operations in my calculator:
5 * 5 – 10 / 2 + 5
It does not take a genius to calculate the answer, 25. Now, the expression “5 \ 5 – 10 / 2 + 5”* would be forever imbued on a traditional blockchain’s history. But the SafeBox begs to differ. It says that the expression “5 \ 5 – 10 / 2 + 5”* should instead be simply “25” so as preserve simplicity, time, and space. In other words, the SafeBox simply preserves the account balance.
But some might still be unsatisfied and claim that if one cannot trace the series of operations (transactions) that lead to the final number (balance) of 25, the blockchain is inherently insecure.
Here are four important security aspects of the SafeBox that some people fail to realize:
(1) SafeBox Follows the Longest Chain of Proof-of-Work
The SafeBox mutates itself per 100 blocks. Each new SafeBox mutation must reference both to the previous SafeBox mutation and the preceding 100 blocks in order to be valid, and the resultant hash of the new mutated SafeBox must then be referenced by each of the new subsequent blocks, and the process repeats itself forever.
The fact that each new SafeBox mutation must reference to the previous SafeBox mutation is comparable to relying on the entire history. This is because the previous SafeBox mutation encapsulates the result of cumulative entire history except for the 100 blocks which is why each new SafeBox mutation requires both the previous SafeBox mutation and the preceding 100 blocks.
So in a sense, there is a single interconnected chain of inflows and outflows, supported by Byzantine Proof-of-Work consensus, instead of the entire history of transactions.
More concretely, the SafeBox follows the path of the longest chain of Proof-of-Work simply by design, and is thus cryptographically equivalent to the entire history even without tracing specific operations in the past. If the chain is rolled back with a 51% attack, only the attacker’s own account(s) in the SafeBox can be manipulated as is explained in the next part.
(2) A 51% Attack on PascalCoin Functions the Same as Others
A 51% attack on PascalCoin would work in a similar way as with other Proof-of-Work cryptocurrencies. An attacker cannot modify a transaction in the past without affecting the current SafeBox hash which is accepted by all honest nodes.
Someone might claim that if you roll back all the current blocks plus the 100 blocks prior to the SafeBox’s mutation, one could create a forged SafeBox with different balances for all accounts. This would be incorrect as one would be able to manipulate only his or her own account(s) in the SafeBox with a 51% attack – just as is the case with other UTXO cryptocurrencies. The SafeBox stores the balances of all accounts which are in turn irreversibly linked only to their respective owners’ private keys.
(3) One Could Preserve the Entire History of the PascalCoin Blockchain
No blockchain data in PascalCoin is ever deleted even in the presence of the SafeBox. Since the SafeBox is cryptographically equivalent to a full node with the entire history as explained above, PascalCoin full nodes are not expected to contain infinite history. But for whatever reason(s) one may have, one could still keep all the PascalCoin blockchain history as well along with the SafeBox as an option even though it would be redundant.
Without storing the entire history of the PascalCoin blockchain, you can still trace the specific operations of the 100 blocks prior to when the SafeBox absorbs and reflects the net result (a single balance for each account) from those 100 blocks. But if you’re interested in tracing operations over a longer period in the past – as redundant as that may be – you’d have the option to do so by storing the entire history of the PascalCoin blockchain.
(4) The SafeBox is Equivalent to the Entire Blockchain History
Some skeptics may ask this question: “What if the SafeBox is forever lost? How would you be able to verify your accounts?” Asking this question is tantamount to asking to what would happen to Bitcoin if all of its entire history was erased. The result would be chaos, of course, but the SafeBox is still in line with the general security model of a traditional blockchain with respect to black swans.
Now that we know the security of the SafeBox is not compromised, what are the implications of this new blockchain paradigm? A colorful illustration as follows still wouldn’t do justice to the subtle revolution that the SafeBox ushers. The automobiles we see on the street are the cookie-and-butter representation of traditional blockchain systems. The SafeBox, on the other hand, supercharges those traditional cars to become the Transformers from Michael Bay’s films.
The SafeBox is an entirely different blockchain architecture that is impressive in its simplicity and ingenuity. The SafeBox’s design is only the opening act for PascalCoin’s vast nuclear arsenal. If the above was all that PascalCoin offers, it still wouldn’t come close to achieving the unicorn status but luckily, we have just scratched the surface. Please keep on reading on if you want to learn how PascalCoin is going to shatter the cryptocurrency industry into pieces. Buckle down as this is going to be a long read as we explore further about the SafeBox’s implications.
Part #2: 0-Confirmation Transactions
To begin, 0-confirmation transactions are secure in PascalCoin thanks to the SafeBox.
The following paraphrases an explanation of PascalCoin’s 0-confirmations from the whitepaper:
“Since PascalCoin is not a UTXO-based currency but rather a State-based currency thanks to the SafeBox, the security guarantee of 0-confirmation transactions are much stronger than in UTXO-based currencies. For example, in Bitcoin if a merchant accepts a 0-confirmation transaction for a coffee, the buyer can simply roll that transaction back after receiving the coffee but before the transaction is confirmed in a block. The way the buyer does this is by re-spending those UTXOs to himself in a new transaction (with a higher fee) thus invalidating them for the merchant. In PascalCoin, this is virtually impossible since the buyer's transaction to the merchant is simply a delta-operation to debit/credit a quantity from/to accounts respectively. The buyer is unable to erase or pre-empt this two-sided, debit/credit-based transaction from the network’s pending pool until it either enters a block for confirmation or is discarded with respect to both sender and receiver ends. If the buyer tries to double-spend the coffee funds after receiving the coffee but before they clear, the double-spend transaction will not propagate the network since nodes cannot propagate a double-spending transaction thanks to the debit/credit nature of the transaction. A UTXO-based transaction is initially one-sided before confirmation and therefore is more exposed to one-sided malicious schemes of double spending.”
Phew, that explanation was technical but it had to be done. In summary, PascalCoin possesses the only secure 0-confirmation transactions in the cryptocurrency industry, and it goes without saying that this means PascalCoin is extremely fast. In fact, PascalCoin is capable of 72,000 TPS even prior to any additional extensive optimizations down the road. In other words, PascalCoin is as instant as it gets and gives Nano a run for its money.
Part #3: Zero Fee
Let’s circle back to our discussion of PascalCoin’s 0-confirmation capability. Here’s a little fun magical twist to PascalCoin’s 0-confirmation magic: 0-confirmation transactions are zero-fee. As in you don’t pay a single cent in fee for each 0-confirmation! There is just a tiny downside: if you create a second transaction in a 5-minute block window then you’d need to pay a minimal fee. Imagine using Nano but with a significantly stronger anti-DDOS protection for spam! But there shouldn’t be any complaint as this fee would amount to 0.0001 Pascal or $0.00002 based on the current price of a Pascal at the time of this writing.
So, how come the fee for blazingly fast transactions is nonexistent? This is where the magic of the SafeBox arises in three ways:
(1) PascalCoin possesses the secure 0-confirmation feature as discussed above that enables this speed.
(2) There is no fee bidding competition of transaction priority typical in UTXO cryptocurrencies since, once again, PascalCoin operates on secure 0-confirmations.
(3) There is no fee incentive needed to run full nodes on behalf of the network’s security beyond the consensus rewards.
Part #4: Blockchain Size
Let’s expand more on the third point above, using Ethereum as an example. Since Ethereum’s launch in 2015, its full blockchain size is currently around 2 TB, give or take, but let’s just say its blockchain size is 100 GB for now to avoid offending the Ethereum elitists who insist there are different types of full nodes that are lighter. Whoever runs Ethereum’s full nodes would expect storage fees on top of the typical consensus fees as it takes significant resources to shoulder Ethereum’s full blockchain size and in turn secure the network. What if I told you that PascalCoin’s full blockchain size will never exceed few GBs after thousands of years? That is just what the SafeBox enables PascalCoin to do so. It is estimated that by 2072, PascalCoin’s full nodes will only be 6 GB which is low enough not to warrant any fee incentives for hosting full nodes. Remember, the SafeBox is an ultra-light cryptographic data structure that is cryptographically equivalent to a blockchain with the entire transaction history. In other words, the SafeBox is a compact spreadsheet of all account balances that functions as PascalCoin’s full node!
Not only does the SafeBox’s infinitesimal memory size helps to reduce transaction fees by phasing out any storage fees, but it also paves the way for true decentralization. It would be trivial for every PascalCoin user to opt a full node in the form of a wallet. This is extreme decentralization at its finest since the majority of users of other cryptocurrencies ditch full nodes due to their burdensome sizes. It is naïve to believe that storage costs would reduce enough to the point where hosting full nodes are trivial. Take a look at the following chart outlining the trend of storage cost.

* https://www.backblaze.com/blog/hard-drive-cost-per-gigabyte/
As we can see, storage costs continue to decrease but the descent is slowing down as is the norm with technological improvements. In the meantime, blockchain sizes of other cryptocurrencies are increasing linearly or, in the case of smart contract engines like Ethereum, parabolically. Imagine a cryptocurrency smart contract engine like Ethereum garnering worldwide adoption; how do you think Ethereum’s size would look like in the far future based on the following chart?


https://i.redd.it/k57nimdjmo621.png

Ethereum’s future blockchain size is not looking pretty in terms of sustainable security. Sharding is not a fix for this issue since there still needs to be full nodes but that is a different topic for another time.
It is astonishing that the cryptocurrency community as a whole has passively accepted this forever-expanding-blockchain-size problem as an inescapable fate.
PascalCoin is the only cryptocurrency that has fully escaped the death vortex of forever expanding blockchain size. Its blockchain size wouldn’t exceed 10 GB even after many hundreds of years of worldwide adoption. Ethereum’s blockchain size after hundreds of years of worldwide adoption would make fine comedy.
Part #5: Simple, Short, and Ordinal Addresses
Remember how the SafeBox works by snapshotting all account balances? As it turns out, the account address system is almost as cool as the SafeBox itself.
Imagine yourself in this situation: on a very hot and sunny day, you’re wandering down the street across from your house and ran into a lemonade stand – the old-fashioned kind without any QR code or credit card terminal. The kid across you is selling a lemonade cup for 1 Pascal with a poster outlining the payment address as 5471-55. You flip out your phone and click “Send” with 1 Pascal to the address 5471-55; viola, exactly one second later you’re drinking your lemonade without paying a cent for the transaction fee!
The last thing one wants to do is to figure out how to copy/paste to, say, the following address 1BoatSLRHtKNngkdXEeobR76b53LETtpyT on the spot wouldn’t it? Gone are the obnoxiously long addresses that plague all cryptocurrencies. The days of those unreadable addresses will be long gone – it has to be if blockchain is to innovate itself for the general public. EOS has a similar feature for readable addresses but in a very limited manner in comparison, and nicknames attached to addresses in GUIs don’t count since blockchain-wide compatibility wouldn’t hold.
Not only does PascalCoin has the neat feature of having addresses (called PASAs) that amount to up to 6 or 7 digits, but PascalCoin can also incorporate in-protocol address naming as opposed to GUI address nicknames. Suppose I want to order something from Amazon using Pascal; I simply search the word “Amazon” then the corresponding account number shows up. Pretty neat, right?
The astute reader may gather that PascalCoin’s address system makes it necessary to commoditize addresses, and he/she would be correct. Some view this as a weakness; part #10 later in this segment addresses this incorrect perception.
Part #6: Privacy
As if the above wasn’t enough, here’s another secret that PascalCoin has: it is a full-blown privacy coin. It uses two separate foundations to achieve comprehensive anonymity: in-protocol mixer for transfer amounts and zn-SNARKs for private balances. The former has been implemented and the latter is on the roadmap. Both the 0-confirmation transaction and the negligible transaction fee would make PascalCoin the most scalable privacy coin of any other cryptocurrencies pending the zk-SNARKs implementation.
Part #7: Smart Contracts
Next, PascalCoin will take smart contracts to the next level with a layer-2 overlay consensus system that pioneers sidechains and other smart contract implementations.
In formal terms, this layer-2 architecture will facilitate the transfer of data between PASAs which in turn allows clean enveloping of layer-2 protocols inside layer-1 much in the same way that HTTP lives inside TCP.
To summarize:
· The layer-2 consensus method is separate from the layer-1 Proof-of-Work. This layer-2 consensus method is independent and flexible. A sidechain – based on a single encompassing PASA – could apply Proof-of-Stake (POS), Delegated Proof-of-Stake (DPOS), or Directed Acyclic Graph (DAG) as the consensus system of its choice.
· Such a layer-2 smart contract platform can be written in any languages.
· Layer-2 sidechains will also provide very strong anonymity since funds are all pooled and keys are not used to unlock them.
· This layer-2 architecture is ingenious in which the computation is separate from layer-2 consensus, in effect removing any bottleneck.
· Horizontal scaling exists in this paradigm as there is no interdependence between smart contracts and states are not managed by slow sidechains.
· Speed and scalability are fully independent of PascalCoin.
One would be able to run the entire global financial system on PascalCoin’s infinitely scalable smart contract platform and it would still scale infinitely. In fact, this layer-2 architecture would be exponentially faster than Ethereum even after its sharding is implemented.
All this is the main focus of PascalCoin’s upcoming version 5 in 2019. A whitepaper add-on for this major upgrade will be released in early 2019.
Part #8: RandomHash Algorithm
Surely there must be some tradeoffs to PascalCoin’s impressive capabilities, you might be asking yourself. One might bring up the fact that PascalCoin’s layer-1 is based on Proof-of-Work and is thus susceptible to mining centralization. This would be a fallacy as PascalCoin has pioneered the very first true ASIC, GPU, and dual-mining resistant algorithm known as RandomHash that obliterates anything that is not CPU based and gives all the power back to solo miners.
Here is the official description of RandomHash:
“RandomHash is a high-level cryptographic hash algorithm that combines other well-known hash primitives in a highly serial manner. The distinguishing feature is that calculations for a nonce are dependent on partial calculations of other nonces, selected at random. This allows a serial hasher (CPU) to re-use these partial calculations in subsequent mining saving 50% or more of the work-load. Parallel hashers (GPU) cannot benefit from this optimization since the optimal nonce-set cannot be pre-calculated as it is determined on-the-fly. As a result, parallel hashers (GPU) are required to perform the full workload for every nonce. Also, the algorithm results in 10x memory bloat for a parallel implementation. In addition to its serial nature, it is branch-heavy and recursive making in optimal for CPU-only mining.”
One might be understandably skeptical of any Proof-of-Work algorithm that solves ASIC and GPU centralization once for all because there have been countless proposals being thrown around for various algorithms since the dawn of Bitcoin. Is RandomHash truly the ASIC & GPU killer that it claims to be?
Herman Schoenfeld, the inventor behind RandomHash, described his algorithm in the following:
“RandomHash offers endless ASIC-design breaking surface due to its use of recursion, hash algo selection, memory hardness and random number generation.
For example, changing how round hash selection is made and/or random number generator algo and/or checksum algo and/or their sequencing will totally break an ASIC design. Conceptually if you can significantly change the structure of the output assembly whilst keeping the high-level algorithm as invariant as possible, the ASIC design will necessarily require proportional restructuring. This results from the fact that ASIC designs mirror the ASM of the algorithm rather than the algorithm itself.”
Polyminer1 (pseudonym), one of the members of the PascalCoin core team who developed RHMiner (official software for mining RandomHash), claimed as follows:
“The design of RandomHash is, to my experience, a genuine innovation. I’ve been 30 years in the field. I’ve rarely been surprised by anything. RandomHash was one of my rare surprises. It’s elegant, simple, and achieves resistance in all fronts.”
PascalCoin may have been the first party to achieve the race of what could possibly be described as the “God algorithm” for Proof-of-Work cryptocurrencies. Look no further than one of Monero’s core developers since 2015, Howard Chu. In September 2018, Howard declared that he has found a solution, called RandomJS, to permanently keep ASICs off the network without repetitive algorithm changes. This solution actually closely mirrors RandomHash’s algorithm. Discussing about his algorithm, Howard asserted that “RandomJS is coming at the problem from a direction that nobody else is.”
Link to Howard Chu’s article on RandomJS:
https://www.coindesk.com/one-musicians-creative-solution-to-drive-asics-off-monero
Yet when Herman was asked about Howard’s approach, he responded:
“Yes, looks like it may work although using Javascript was a bit much. They should’ve just used an assembly subset and generated random ASM programs. In a way, RandomHash does this with its repeated use of random mem-transforms during expansion phase.”
In the end, PascalCoin may have successfully implemented the most revolutionary Proof-of-Work algorithm, one that eclipses Howard’s burgeoning vision, to date that almost nobody knows about. To learn more about RandomHash, refer to the following resources:
RandomHash whitepaper:
https://www.pascalcoin.org/storage/whitepapers/RandomHash_Whitepaper.pdf
Technical proposal for RandomHash:
https://github.com/PascalCoin/PascalCoin/blob/mastePIP/PIP-0009.md
Someone might claim that PascalCoin still suffers from mining centralization after RandomHash, and this is somewhat misleading as will be explained in part #10.
Part #9: Fair Distribution and Governance
Not only does PascalCoin rest on superior technology, but it also has its roots in the correct philosophy of decentralized distribution and governance. There was no ICO or pre-mine, and the developer fund exists as a percentage of mining rewards as voted by the community. This developer fund is 100% governed by a decentralized autonomous organization – currently facilitated by the PascalCoin Foundation – that will eventually be transformed into an autonomous smart contract platform. Not only is the developer fund voted upon by the community, but PascalCoin’s development roadmap is also voted upon the community via the Protocol Improvement Proposals (PIPs).
This decentralized governance also serves an important benefit as a powerful deterrent to unseemly fork wars that befall many cryptocurrencies.
Part #10: Common Misconceptions of PascalCoin
“The branding is terrible”
PascalCoin is currently working very hard on its image and is preparing for several branding and marketing initiatives in the short term. For example, two of the core developers of the PascalCoin recently interviewed with the Fox Business Network. A YouTube replay of this interview will be heavily promoted.
Some people object to the name PascalCoin. First, it’s worth noting that PascalCoin is the name of the project while Pascal is the name of the underlying currency. Secondly, Google and YouTube received excessive criticisms back then in the beginning with their name choices. Look at where those companies are nowadays – surely a somewhat similar situation faces PascalCoin until the name’s familiarity percolates into the public.
“The wallet GUI is terrible”
As the team is run by a small yet extremely dedicated developers, multiple priorities can be challenging to juggle. The lack of funding through an ICO or a pre-mine also makes it challenging to accelerate development. The top priority of the core developers is to continue developing full-time on the groundbreaking technology that PascalCoin offers. In the meantime, an updated and user-friendly wallet GUI has been worked upon for some time and will be released in due time. Rome wasn’t built in one day.
“One would need to purchase a PASA in the first place”
This is a complicated topic since PASAs need to be commoditized by the SafeBox’s design, meaning that PASAs cannot be obtained at no charge to prevent systematic abuse. This raises two seemingly valid concerns:
· As a chicken and egg problem, how would one purchase a PASA using Pascal in the first place if one cannot obtain Pascal without a PASA?
· How would the price of PASAs stay low and affordable in the face of significant demand?
With regards to the chicken and egg problem, there are many ways – some finished and some unfinished – to obtain your first PASA as explained on the “Get Started” page on the PascalCoin website:
https://www.pascalcoin.org/get_started
More importantly, however, is the fact that there are few methods that can get your first PASA for free. The team will also release another method soon in which you could obtain your first PASA for free via a single SMS message. This would probably become by far the simplest and the easiest way to obtain your first PASA for free. There will be more new ways to easily obtain your first PASA for free down the road.
What about ensuring the PASA market at large remains inexpensive and affordable following your first (and probably free) PASA acquisition? This would be achieved in two ways:
· Decentralized governance of the PASA economics per the explanation in the FAQ section on the bottom of the PascalCoin website (https://www.pascalcoin.org/)
· Unlimited and free pseudo-PASAs based on layer-2 in the next version release.
“PascalCoin is still centralized after the release of RandomHash”
Did the implementation of RandomHash from version 4 live up to its promise?
The official goals of RandomHash were as follow:
(1) Implement a GPU & ASIC resistant hash algorithm
(2) Eliminate dual mining
The two goals above were achieved by every possible measure.
Yet a mining pool, Nanopool, was able to regain its hash majority after a significant but a temporary dip.
The official conclusion is that, from a probabilistic viewpoint, solo miners are more profitable than pool miners. However, pool mining is enticing for solo miners who 1) have limited hardware as it ensures a steady income instead of highly profitable but probabilistic income via solo mining, and 2) who prefer convenient software and/or GUI.
What is the next step, then? While the barrier of entry for solo miners has successfully been put down, additional work needs to be done. The PascalCoin team and the community are earnestly investigating additional steps to improve mining decentralization with respect to pool mining specifically to add on top of RandomHash’s successful elimination of GPU, ASIC, and dual-mining dominance.
It is likely that the PascalCoin community will promote the following two initiatives in the near future:
(1) Establish a community-driven, nonprofit mining pool with attractive incentives.
(2) Optimize RHMiner, PascalCoin’s official solo mining software, for performance upgrades.
A single pool dominance is likely short lived once more options emerge for individual CPU miners who want to avoid solo mining for whatever reason(s).
Let us use Bitcoin as an example. Bitcoin mining is dominated by ASICs and mining pools but no single pool is – at the time of this writing – even close on obtaining the hash majority. With CPU solo mining being a feasible option in conjunction with ASIC and GPU mining eradication with RandomHash, the future hash rate distribution of PascalCoin would be far more promising than Bitcoin’s hash rate distribution.
PascalCoin is the Unicorn Cryptocurrency
If you’ve read this far, let’s cut straight to the point: PascalCoin IS the unicorn cryptocurrency.
It is worth noting that PascalCoin is still a young cryptocurrency as it was launched at the end of 2016. This means that many features are still work in progress such as zn-SNARKs, smart contracts, and pool decentralization to name few. However, it appears that all of the unicorn criteria are within PascalCoin’s reach once PascalCoin’s technical roadmap is mostly completed.
Based on this expository on PascalCoin’s technology, there is every reason to believe that PascalCoin is the unicorn cryptocurrency. PascalCoin also solves two fundamental blockchain problems beyond the unicorn criteria that were previously considered unsolvable: blockchain size and simple address system. The SafeBox pushes PascalCoin to the forefront of cryptocurrency zeitgeist since it is a superior solution compared to UTXO, Directed Acyclic Graph (DAG), Block Lattice, Tangle, and any other blockchain innovations.


THE UNICORN

Author: Tyler Swob
submitted by Kosass to CryptoCurrency [link] [comments]

How often does mining pay out?

I just started mining with a usb block erupter a couple days ago. I'm using bfgminer with an eclipse mining pool. I don't expect much, but I'm wondering when to expect my first payout.
EDIT:
In case anyone's interested - my rig: http://gvty.co/i/BfKFTQ
Raspberry Pi running it to keep electricity costs down.
I'm waiting on 3 of these 2GH usb's:
http://www.amazon.com/BITMAIN-ANTMINER-U2-Bitcoin-Overclockable/dp/B00ITD5NV6/
submitted by Brettc286 to Bitcoin [link] [comments]

Dumb guy facts about bitcoin, for other dumb guys

tldr: CHINA
my qualifications: i took a class on bitcoin in college (i dont remember much but it was a 400-level CS course).
Ethereum and bitcoin are battling right now for who will be the official mainstream cryptocurrency. That is why prices are flying as people "bet" on who comes out on top (sorta).
My problem is that chinese companies own over 50% of the mining power ("mining pools") so therefore control over 50% of the bitcoin. https://blockchain.info/pools
Chinese govt is most likely:
a) in control of these pools, and if not, it's state-run internet so they can just take it. This is bad because we're essentially investing in China for 0 gain
b) using those services to launder their own money, or some type of other fraud (not a finance guy but something something fiat currencies)
So my grand conspiracy is that China is gonna perform some eclipse attack* and fuck the entire bitcoin economy up. Not a big deal now, but food for thought on if you really trust the system in the future.
*. Eclipse attack: https://www.usenix.org/node/190891, "Our attack allows an adversary controlling a sufficient number of IP addresses to monopolize all connections to and from a victim bitcoin node"
submitted by nomahhhhhh to barstoolsports [link] [comments]

Hijacking Bitcoin: Routing Attacks on Cryptocurrencies

arXiv:1605.07524
Date: 2017-03-24
Author(s): Maria Apostolaki, Aviv Zohar, Laurent Vanbever

Link to Paper


Abstract
As the most successful cryptocurrency to date, Bitcoin constitutes a target of choice for attackers. While many attack vectors have already been uncovered, one important vector has been left out though: attacking the currency via the Internet routing infrastructure itself. Indeed, by manipulating routing advertisements (BGP hijacks) or by naturally intercepting traffic, Autonomous Systems (ASes) can intercept and manipulate a large fraction of Bitcoin traffic. This paper presents the first taxonomy of routing attacks and their impact on Bitcoin, considering both small-scale attacks, targeting individual nodes, and large-scale attacks, targeting the network as a whole. While challenging, we show that two key properties make routing attacks practical: (i) the efficiency of routing manipulation; and (ii) the significant centralization of Bitcoin in terms of mining and routing. Specifically, we find that any network attacker can hijack few (<100) BGP prefixes to isolate ~50% of the mining power---even when considering that mining pools are heavily multi-homed. We also show that on-path network attackers can considerably slow down block propagation by interfering with few key Bitcoin messages. We demonstrate the feasibility of each attack against the deployed Bitcoin software. We also quantify their effectiveness on the current Bitcoin topology using data collected from a Bitcoin supernode combined with BGP routing data. The potential damage to Bitcoin is worrying. By isolating parts of the network or delaying block propagation, attackers can cause a significant amount of mining power to be wasted, leading to revenue losses and enabling a wide range of exploits such as double spending. To prevent such effects in practice, we provide both short and long-term countermeasures, some of which can be deployed immediately.

References
[1] “A Next-Generation Smart Contract and Decentralized Application Platform ,” https://github.com/ethereum/wiki/wiki/White-Paper.
[2] “Bitcoin Blockchain Statistics,” https://blockchain.info/.
[3] “bitnodes,” https://bitnodes.21.co/.
[4] “Bitnodes. Estimating the size of Bitcoin network,” https://bitnodes.21.co/.
[5] “CAIDA Macroscopic Internet Topology Data Kit.” https://www.caida.org/data/internet-topology-data-kit/.
[6] “Dyn Research. Pakistan hijacks YouTube.” http://research.dyn.com/2008/02/pakistan-hijacks-youtube-1/.
[7] “FALCON,” http://www.falcon-net.org/.
[8] “FIBRE,” http://bitcoinfibre.org/.
[9] “Litecoin ,” https://litecoin.org.
[10] “RIPE RIS Raw Data,” https://www.ripe.net/data-tools/stats/ris/ris-raw-data.
[11] “Routeviews Prefix to AS mappings Dataset (pfx2as) for IPv4 and IPv6.” https://www.caida.org/data/routing/routeviews-prefix2as.xml.
[12] “Scapy.” http://www.secdev.org/projects/scapy/.
[13] “The Relay Network,” http://bitcoinrelaynetwork.org/.
[14] “ZCash,” https://z.cash/.
[15] A. M. Antonopoulos, “The bitcoin network,” in Mastering Bitcoin. O’Reilly Media, Inc., 2013, ch. 6.
[16] H. Ballani, P. Francis, and X. Zhang, “A Study of Prefix Hijacking and Interception in the Internet,” ser. SIGCOMM ’07. New York, NY, USA: ACM, 2007, pp. 265–276.
[17] A. Boldyreva and R. Lychev, “Provable Security of S-BGP and Other Path Vector Protocols: Model, Analysis and Extensions,” ser. CCS ’12. New York, NY, USA: ACM, 2012, pp. 541–552.
[18] J. Bonneau, A. Miller, J. Clark, A. Narayanan, J. A. Kroll, and E. W. Felten, “Sok: Research perspectives and challenges for bitcoin and cryptocurrencies,” in Security and Privacy (SP), 2015 IEEE Symposium on. IEEE, 2015, pp. 104–121.
[19] P. Bosshart, D. Daly, G. Gibb, M. Izzard, N. McKeown, J. Rexford, C. Schlesinger, D. Talayco, A. Vahdat, G. Varghese et al., “P4: Programming protocol-independent packet processors,” ACM SIGCOMM Computer Communication Review, vol. 44, no. 3, pp. 87–95, 2014.
[20] C. Decker and R. Wattenhofer, “Information propagation in the bitcoin network,” in Peer-to-Peer Computing (P2P), 2013 IEEE Thirteenth International Conference on. IEEE, 2013, pp. 1–10.
[21] ——, Bitcoin Transaction Malleability and MtGox. Cham: Springer International Publishing, 2014, pp. 313–326. [Online]. Available: http://dx.doi.org/10.1007/978-3-319-11212-1_18
[22] M. Edman and P. Syverson, “As-awareness in tor path selection,” in Proceedings of the 16th ACM Conference on Computer and Communications Security, ser. CCS ’09, 2009.
[23] I. Eyal, “The miner’s dilemma,” in 2015 IEEE Symposium on Security and Privacy. IEEE, 2015, pp. 89–103.
[24] I. Eyal and E. G. Sirer, “Majority is not enough: Bitcoin mining is vulnerable,” in Financial Cryptography and Data Security. Springer, 2014, pp. 436–454.
[25] N. Feamster and R. Dingledine, “Location diversity in anonymity networks,” in WPES, Washington, DC, USA, October 2004.
[26] J. Garay, A. Kiayias, and N. Leonardos, “The bitcoin backbone protocol: Analysis and applications,” in Advances in Cryptology-EUROCRYPT 2015. Springer, 2015, pp. 281–310.
[27] A. Gervais, G. O. Karama, V. Capkun, and S. Capkun, “Is bitcoin a decentralized currency?” IEEE security & privacy, vol. 12, no. 3, pp. 54–60, 2014.
[28] A. Gervais, H. Ritzdorf, G. O. Karame, and S. Capkun, “Tampering with the delivery of blocks and transactions in bitcoin,” in Proceedings of the 22Nd ACM SIGSAC Conference on Computer and Communications Security, ser. CCS ’15. New York, NY, USA: ACM, 2015, pp. 692–705.
[29] P. Gill, M. Schapira, and S. Goldberg, “Let the Market Drive Deployment: A Strategy for Transitioning to BGP Security,” ser. SIGCOMM ’11. New York, NY, USA: ACM, 2011, pp. 14–25.
[30] S. Goldberg, M. Schapira, P. Hummon, and J. Rexford, “How Secure Are Secure Interdomain Routing Protocols,” in SIGCOMM, 2010.
[31] E. Heilman, A. Kendler, A. Zohar, and S. Goldberg, “Eclipse attacks on bitcoin’s peer-to-peer network,” in 24th USENIX Security Symposium (USENIX Security 15), 2015, pp. 129–144.
[32] Y.-C. Hu, A. Perrig, and M. Sirbu, “SPV: Secure Path Vector Routing for Securing BGP,” ser. SIGCOMM ’04. New York, NY, USA: ACM, 2004, pp. 179–192.
[33] J. Karlin, S. Forrest, and J. Rexford, “Pretty Good BGP: Improving BGP by Cautiously Adopting Routes,” in Proceedings of the Proceedings of the 2006 IEEE International Conference on Network Protocols, ser. ICNP ’06. Washington, DC, USA: IEEE Computer Society, 2006, pp. 290–299.
[34] E. K. Kogias, P. Jovanovic, N. Gailly, I. Khoffi, L. Gasser, and B. Ford, “Enhancing bitcoin security and performance with strong consistency via collective signing,” in 25th USENIX Security Symposium (USENIX Security 16). Austin, TX: USENIX Association, 2016, pp. 279–296.
[35] J. A. Kroll, I. C. Davey, and E. W. Felten, “The economics of bitcoin mining, or bitcoin in the presence of adversaries.” Citeseer.
[36] A. Miller, J. Litton, A. Pachulski, N. Gupta, D. Levin, N. Spring, and B. Bhattacharjee, “Discovering bitcoin’s public topology and influential nodes.”
[37] S. J. Murdoch and P. Zielinski, “Sampled traffic analysis by Internet- ´ exchange-level adversaries,” in Privacy Enhancing Technologies: 7th International Symposium, PET 2007, N. Borisov and P. Golle, Eds. Springer-Verlag, LNCS 4776, 2007, pp. 167–183.
[38] K. Nayak, S. Kumar, A. Miller, and E. Shi, “Stubborn mining: Generalizing selfish mining and combining with an eclipse attack,” IACR Cryptology ePrint Archive, vol. 2015, p. 796, 2015.
[39] T. Neudecker, P. Andelfinger, and H. Hartenstein, “A simulation model for analysis of attacks on the bitcoin peer-to-peer network,” in IFIP/IEEE International Symposium on Internet Management. IEEE, 2015, pp. 1327–1332.
[40] P. v. Oorschot, T. Wan, and E. Kranakis, “On interdomain routing security and pretty secure bgp (psbgp),” ACM Trans. Inf. Syst. Secur., vol. 10, no. 3, Jul. 2007.
[41] A. Pilosov and T. Kapela, “Stealing The Internet. An Internet-Scale Man In The Middle Attack.” DEFCON 16.
[42] Y. Rekhter and T. Li, A Border Gateway Protocol 4 (BGP-4), IETF, Mar. 1995, rFC 1771.
[43] M. Rosenfeld, “Analysis of hashrate-based double spending,” arXiv preprint arXiv:1402.2009, 2014.
[44] A. Sapirshtein, Y. Sompolinsky, and A. Zohar, “Optimal selfish mining strategies in bitcoin,” CoRR, vol. abs/1507.06183, 2015.
[45] E. B. Sasson, A. Chiesa, C. Garman, M. Green, I. Miers, E. Tromer, and M. Virza, “Zerocash: Decentralized anonymous payments from bitcoin,” in 2014 IEEE Symposium on Security and Privacy. IEEE, 2014, pp. 459–474.
[46] B. Schlinker, K. Zarifis, I. Cunha, N. Feamster, and E. Katz-Bassett, “Peering: An as for us,” in Proceedings of the 13th ACM Workshop on Hot Topics in Networks, ser. HotNets-XIII. New York, NY, USA: ACM, 2014, pp. 18:1–18:7.
[47] J. Schnelli, “BIP 151: Peer-to-Peer Communication Encryption,” Mar. 2016, https://github.com/bitcoin/bips/blob/mastebip-0151.mediawiki.
[48] X. Shi, Y. Xiang, Z. Wang, X. Yin, and J. Wu, “Detecting prefix hijackings in the Internet with Argus,” ser. IMC ’12. New York, NY, USA: ACM, 2012, pp. 15–28.
[49] Y. Sompolinsky and A. Zohar, “Secure high-rate transaction processing in bitcoin,” in Financial Cryptography and Data Security. Springer, 2015, pp. 507–527.
[50] Y. Sun, A. Edmundson, L. Vanbever, O. Li, J. Rexford, M. Chiang, and P. Mittal, “RAPTOR: Routing attacks on privacy in TOR.” in USENIX Security, 2015.
[51] A. Tonk, “Large scale BGP hijack out of India,” 2015, http://www.bgpmon.net/large-scale-bgp-hijack-out-of-india/.
[52] ——, “Massive route leak causes Internet slowdown,” 2015, http://www.bgpmon.net/massive-route-leak-cause-internet-slowdown/.
[53] L. Vanbever, O. Li, J. Rexford, and P. Mittal, “Anonymity on quicksand: Using BGP to compromise TOR,” in ACM HotNets, 2014.
[54] Z. Zhang, Y. Zhang, Y. C. Hu, and Z. M. Mao, “Practical defenses against BGP prefix hijacking,” ser. CoNEXT ’07. New York, NY, USA: ACM, 2007.
[55] Z. Zhang, Y. Zhang, Y. C. Hu, Z. M. Mao, and R. Bush, “iSPY: Detecting IP prefix hijacking on my own,” IEEE/ACM Trans. Netw., vol. 18, no. 6, pp. 1815–1828, Dec. 2010.
submitted by dj-gutz to myrXiv [link] [comments]

FruitChains: A Fair Blockchain

Cryptology ePrint Archive: Report 2016/916
Date: 2017-05-05
Author(s): Rafael Pass, Elaine Shi

Link to Paper


Abstract
Nakamoto's famous blockchain protocol enables achieving consensus in a so-called permissionless setting---anyone can join (or leave) the protocol execution, and the protocol instructions do not depend on the identities of the players. His ingenious protocol prevents ``sybil attacks'' (where an adversary spawns any number of new players) by relying on computational puzzles (a.k.a. ``moderately hard functions') introduced by Dwork and Naor (Crypto'92). Recent work by Garay et al (EuroCrypt'15) and Pass et al (manuscript, 2016) demonstrate that this protocol provably achieves consistency and liveness assuming a) honest players control a majority of the computational power in the network, b) the puzzle-hardness is appropriately set as a function of the maximum network delay and the total computational power of the network, and c) the computational puzzle is modeled as a random oracle.
Assuming honest participation, however, is a strong assumption, especially in a setting where honest players are expected to perform a lot of work (to solve the computational puzzles). In Nakamoto's Bitcoin application of the blockchain protocol, players are incentivized to solve these puzzles by receiving rewards for every ``blocks'' (of transactions) they contribute to the blockchain. An elegant work by Eyal and Sirer (FinancialCrypt'14), strengthening and formalizing an earlier attack discussed on the Bitcoin forum, demonstrates that a coalition controlling even a minority fraction of the computational power in the network can gain (close to) 2 times its ``fair share'' of the rewards (and transation fees) by deviating from the protocol instructions. In contrast, in a fair protocol, one would expect that players controlling a ϕϕ fraction of the computational resources to reap a ϕϕ fraction of the rewards.
In this work, we present a new blockchain protocol---the FruitChain protocol---which satisfies the same consistency and liveness properties as Nakamoto's protocol (assuming an honest majority of the computing power), and additionally is δδ-approximately fair: with overwhelming probability, any honest set of players controlling a ϕϕ fraction of computational power is guaranteed to get at least a fraction (1−δ)ϕ(1−δ)ϕ of the blocks (and thus rewards) in any Omega(κ/δ)Omega(κ/δ) length segment of the chain (where κκ is the security parameter).
As a consequence, if this blockchain protocol is used as the ledger underlying a cryptocurrency system, where rewards and transaction fees are evenly distributed among the miners of blocks in a length kappa segment of the chain, no coalition controlling less than a majority of the computing power can gain more than a factor (1+3δ)(1+3δ) by deviating from the protocol (i.e., honest participation is an n/2n/2-coalition-safe 3δ3δ-Nash equilibrium).
Finally, the fruit chain protocol enables decreasing the variance of mining rewards and as such significantly lessens (or even obliterates) the need for mining pools.

References
[sol] http://www.coinwarz.com/calculators/bitcoin-mining-calculator.
[BCL+05] Boaz Barak, Ran Canetti, Yehuda Lindell, Rafael Pass, and Tal Rabin. Secure computation without authentication. In CRYPTO’05, 2005.
[BHP+] Iddo Bentov, Yuncong Hu, Rafael Pass, Elaine Shi, and Siqiu Yao. Decentralized pooled mining: An implementation of fruitchain. Manuscript.
[BPS16] Iddo Bentov, Rafael Pass, and Elaine Shi. Snow white: Provably secure proofs of stake. Cryptology ePrint Archive, Report 2016/919, 2016. http://eprint.iacr.org/2016/919.
[CKWN16] Miles Carlsten, Harry A. Kalodner, S. Matthew Weinberg, and Arvind Narayanan. On the instability of bitcoin without the block reward. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, Vienna, Austria, October 24-28, 2016, pages 154–167, 2016.
[DN92] Cynthia Dwork and Moni Naor. Pricing via processing or combatting junk mail. In CRYPTO’92, pages 139–147, 1992.
[ES14] Ittay Eyal and Emin G¨un Sirer. Majority is not enough: Bitcoin mining is vulnerable. In Financial Cryptography and Data Security, pages 436–454. Springer, 2014.
[GKL15] Juan Garay, Aggelos Kiayias, and Nikos Leonardos. The bitcoin backbone protocol: Analysis and applications. In Advances in Cryptology-EUROCRYPT 2015, pages 281–310. Springer, 2015. 25
[HP15] Joseph Y. Halpern and Rafael Pass. Algorithmic rationality: Game theory with costly computation. J. Economic Theory, 156:246–268, 2015.
[KKKT16] Aggelos Kiayias, Elias Koutsoupias, Maria Kyropoulou, and Yiannis Tselekounis. Blockchain mining games. In Proceedings of the 2016 ACM Conference on Economics and Computation, EC ’16, pages 365–382, 2016.
[KP15] Aggelos Kiayias and Giorgos Panagiotakos. Speed-security tradeoffs in blockchain protocols, 2015.
[KP16] Aggelos Kiayias and Giorgos Panagiotakos. On trees, chains and fast transactions in the blockchain. IACR Cryptology ePrint Archive, 2016:545, 2016.
[KRDO16] Aggelos Kiayias, Alexander Russell, Bernardo David, and Roman Oliynykov. Ouroboros: A provably secure proof-of-stake blockchain protocol. Cryptology ePrint Archive, Report 2016/889, 2016. http://eprint.iacr.org/2016/889.
[LSZ15] Yoad Lewenberg, Yonatan Sompolinsky, and Aviv Zohar. Inclusive block chain protocols. In Financial Crypto’15, 2015.
[mtg10] mtgox. https://bitcointalk.org/index.php?topic=2227.msg29606#msg29606, 2010.
[Nak08] Satoshi Nakamoto. Bitcoin: A peer-to-peer electronic cash system, 2008.
[NKMS16] Kartik Nayak, Srijan Kumar, Andrew Miller, and Elaine Shi. Stubborn mining: Generalizing selfish mining and combining with an eclipse attack. In IEEE European Symposium on Security and Privacy, EuroS&P 2016, Saarbr¨ucken, Germany, March 21-24, 2016, pages 305–320, 2016.
[PSS17] Rafael Pass, Lior Seeman, and Abhi Shelat. Analysis of the blockchain protocol in asynchronous networks. In Eurocrypt, 2017.
[PS16] Rafael Pass and Elaine Shi. Hybrid consensus. http://eprint.iacr.org/2016/917, 2016.
[SSZ16] Ayelet Sapirshtein, Yonatan Sompolinsky, and Aviv Zohar. Optimal selfish mining strategies in bitcoin. In Financial Crypto’16, 2016.
[SZ15] Yonatan Sompolinsky and Aviv Zohar. Secure high-rate transaction processing in bitcoin. In Financial Cryptography and Data Security - 19th International Conference, FC 2015, San Juan, Puerto Rico, January 26-30, 2015, Revised Selected Papers, pages 507–527, 2015.
submitted by dj-gutz to myrXiv [link] [comments]

Security of the Blockchain against Long Delay Attack

Cryptology ePrint Archive: Report 2018/800
Date: 2018-08-31
Author(s): Puwen Wei, Quan Yuan, Yuliang Zheng

Link to Paper


Abstract
The consensus protocol underlying Bitcoin (the blockchain) works remarkably well in practice. However proving its security in a formal setting has been an elusive goal. A recent analytical result by Pass, Seeman and shelat indicates that an idealized blockchain is indeed secure against attacks in an asynchronous network where messages are maliciously delayed by at most Δ≪1/npΔ≪1/np, with nn being the number of miners and pp the mining hardness. This paper improves upon the result by showing that if appropriate inconsistency tolerance is allowed the blockchain can withstand even more powerful external attacks in the honest miner setting. Specifically we prove that the blockchain is secure against long delay attacks with Δ≥1/npΔ≥1/np in an asynchronous network.

References
  1. Badertscher, C., Garay, J., Maurer, U., Tschudi, D., Zikas, V.: But why does it work? a rational protocol design treatment of bitcoin. In: Nielsen, J., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10821, pp. 34–65. Springer, Cham (2018)
  2. Ben-Sasson, E., Chiesa, A., Garman, C., Green, M., Miers, I., Tromer, E., Virza, M.: Zerocash: Decentralized anonymous payment from bitcoin. IEEE Symposium on Security and Privacy pp. 459–474 (2014)
  3. Carlsten, M., Kalodner, H.A., Weinberg, S.M., Narayanan, A.: On the instability of bitcoin without the block reward. In: ACM CCS 2016. pp. 154–167. ACM Press, New York (2016)
  4. Daian, P., Pass, R., Shi, E.: Snow white: Provably secure proofs of stake. IACR Cryptology ePrint Archive, Report 2016/919 (2016)
  5. David, B., Gaˇzi, P., Kiayias, A., Russell, A.: Ouroboros Praos: An adaptivelysecure, semi-synchronous proof-of-stake protocol. In: Nielsen, J., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10821, pp. 66–98. Springer, Cham (2018)
  6. Decker, C., Wattenhofer, R.: Information propagation in the bitcoin network. In: 13th IEEE International Conference on Peer-to-Peer Computing. pp. 1–10. IEEE Computer Society Press (2013)
  7. Dubhashi, D.P., Panconesi, A.: Concentration of measure for the analysis of randomized algorithms. Cambridge University Press (2009)
  8. Eyal, I., Sirer, E.G.: Majority is not enough: Bitcoin mining is vulnerable. In: Christin, N., Safavi-Naini, R. (eds.) FC 2014. LNCS, vol. 8437, pp. 436–454. Springer, Berlin, Heidelberg (2014)
  9. Eyal, I., Sirer, E.G.: The miner’s dilemma. In: 2015 IEEE Symposium on Security and Privacy. vol. 2015-7, pp. 89–103. IEEE Computer Society Press (2015)
  10. Garay, J., Kiayias, A., Leonardos, N.: The bitcoin backbone protocol: Analysis and applications. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9057, pp. 281–310. Springer, Berlin, Heidelberg (2015)
  11. Garay, J., Kiayias, A., Leonardos, N.: The bitcoin backbone protocol with chains of variable difficulty. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10401, pp. 291–323. Springer, Cham (2017)
  12. Gervais, A., Karame, G.O., Wust, K., Glykantzis, V., Ritzdorf, H., Capkun, S.: On the security and performance of proof of work blockchains. In: ACM CCS 2016. pp. 3–16. ACM Press (2016)
  13. Gilad, Y., Hemo, R., Micali, S., Vlachos, G., Zeldovich, N.: Algorand: Scaling byzantine agreements for cryptocurrencies. IACR Cryptology ePrint Archive, Report 2017/454 (2017)
  14. Heilman, E., Kendler, A., Zohar, A., Goldberg, S.: Eclipse attacks on bitcoins peer-to-peer network. In: Jung, J. (ed.) 24th USENIX Security Symposium. pp. 129–144. USENIX Association (2015)
  15. Kiayias, A., Koutsoupias, E., Kyropoulou, M., Tselekounis, Y.: Blockchain mining games. In: 2016 ACM Conference on Economics and Computation. pp. 365–382. ACM Press (2016)
  16. Kiayias, A., Panagiotakos, G.: Speed-security tradeoffs in blockchain protocols. IACR Cryptology ePrint Archive: Report 2015/1019 (2016)
  17. Kiayias, A., Russell, A., David, B., Oliynykov, R.: Ouroboros: A provably secure proof-of-stake blockchain protocol. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10401, pp. 357–388. Springer, Cham (2017) Security of the Blockchain against Long Delay Attack 23
  18. Miller, A., LaViola, J.J.: Anonymous byzantine consensus from moderately-hard puzzles: A model of bitcoin. University of Central Florida. Tech Report, CS-TR14-01 (2014)
  19. Nakamoto, S.: Bitcoin: A peer-to-peer electronic cash system (2008)
  20. Natoli, C., Gramoli, V.: The balance attack against proof-of-work blockchains: The R3 testbed as an example. Computing Research Repository (2016), arXiv:1612.09426
  21. Nayak, K., Kumar, S., Miller, A., Shi, E.: Stubborn mining: Generalizing selfish mining and combining with an eclipse attack. In: 2016 IEEE European Symposium on Security and Privacy. vol. 142, pp. 305–320. IEEE Computer Society Press (2016)
  22. Pass, R., Seeman, L., abhi shelat: Analysis of the blockchain protocol in asynchronous networks. In: Coron, J., Nielsen, J. (eds.) Advances in Cryptology - EUROCRYPT 2017. LNCS, vol. 10211, pp. 643–673. Springer-Verlag, Cham (2017)
  23. Pass, R., Shi, E.: Fruitchains: A fair blockchain. In: ACM Symposium on Principles of Distributed Computing. pp. 315–324. ACM Press (2017)
  24. Pass, R., Shi, E.: The sleepy model of consensus. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017. LNCS, vol. 10625, pp. 380–409. Springer, Cham (2017)
  25. Pass, R., Shi, E.: Thunderella: Blockchains with optimistic instant confirmation. In: Nielsen., J., Rijmen, V. (eds.) EUROCRYPT 2018. vol. 10821, pp. 3–33. Springer (2018)
  26. Rosenfeld, M.: Analysis of bitcoin pooled mining reward systems. arXiv preprint:1112.4980 (2011), arXiv:1112.4980
  27. Sapirshtein, A., Sompolinsky, Y., Zohar, A.: Optimal selfish mining strategies in bitcoin. In: Grossklags, J., Preneel, B. (eds.) FC 2016. LNCS, vol. 9603, pp. 515–532. Springer, Berlin, Heidelberg (2016)
  28. Schrijvers, O., Bonneau, J., Boneh, D., Roughgarden, T.: Incentive compatibility of bitcoin mining pool reward functions. In: Grossklags, J., Preneel, B. (eds.) FC 2016. LNCS, vol. 9603, pp. 477–498. Springer, Berlin, Heidelberg (2016)
  29. Sompolinsky, Y., Zohar, A.: Secure high-rate transaction processing in bitcoin. IACR Cryptology ePrint Archive: Report 2013/881 (2017)
  30. Teutsch, J., Jain, S., Saxena, P.: When cryptocurrencies mine their own business. In: Grossklags, J., Preneel, B. (eds.) FC 2016. LNCS, vol. 9603, pp. 499–514. Springer, Berlin, Heidelberg (2016)
  31. Zohar, A.: Bitcoin: under the hood. In: Communications of the ACM. vol. 58, pp. 104–113. ACM Press (2015)
submitted by dj-gutz to myrXiv [link] [comments]

Deconstructing the Blockchain to Approach Physical Limits

arXiv:1810.08092
Date: 2018-11-08
Author(s): Vivek Bagaria, Sreeram Kannan, David Tse, Giulia Fanti, Pramod Viswanath

Link to Paper


Abstract
Transaction throughput, confirmation latency and confirmation reliability are fundamental performance measures of any blockchain system in addition to its security. In a decentralized setting, these measures are limited by two underlying physical network attributes: communication capacity and speed-of-light propagation delay. Existing systems operate far away from these physical limits. In this work we introduce Prism, a new proof-of-work blockchain protocol, which can achieve 1) security against up to 50% adversarial hashing power; 2) optimal throughput up to the capacity C of the network; 3) confirmation latency for honest transactions proportional to the propagation delay D, with confirmation error probability exponentially small in CD ; 4) eventual total ordering of all transactions. Our approach to the design of this protocol is based on deconstructing the blockchain into its basic functionalities and systematically scaling up these functionalities to approach their physical limits.

References
  1. Ethereum Wiki proof of stake faqs: Grinding attacks. https://github.com/ethereum/wiki/wiki/Proof-of-Stake-FAQs.
  2. David Aldous and Jim Fill. Reversible markov chains and random walks on graphs, 2002.
  3. Gavin Andresen. Weak block thoughts... bitcoin-dev. https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2015-Septembe011157.html.
  4. Vivek Bagaria, Giulia Fanti, Sreeram Kannan, David Tse, and Pramod Viswanath. Prism++: a throughput-latency-security-incentive optimal proof of stake blockchain algorithm. In Working paper, 2018.
  5. Vitalik Buterin. On slow and fast block times, 2015. https://blog.ethereum.org/2015/09/14/on-slow-and-fast-block-times/.
  6. Alex de Vries. Bitcoin’s growing energy problem. Joule, 2(5):801–805, 2018.
  7. C. Decker and R. Wattenhofer. Information propagation in the bitcoin network. In IEEE P2P 2013 Proceedings, pages 1–10, Sept 2013.
  8. Ittay Eyal, Adem Efe Gencer, Emin G¨un Sirer, and Robbert Van Renesse. Bitcoinng: A scalable blockchain protocol. In NSDI, pages 45–59, 2016.
  9. Ittay Eyal and Emin G¨un Sirer. Majority is not enough: Bitcoin mining is vulnerable. Communications of the ACM, 61(7):95–102, 2018.
  10. Juan Garay, Aggelos Kiayias, and Nikos Leonardos. The bitcoin backbone protocol: Analysis and applications. In Annual International Conference on the Theory and Applications of Cryptographic Techniques, pages 281–310. Springer, 2015.
  11. Dina Katabi, Mark Handley, and Charlie Rohrs. Congestion control for high bandwidth-delay product networks. ACM SIGCOMM computer communication review, 32(4):89–102, 2002.
  12. Aggelos Kiayias, Alexander Russell, Bernardo David, and Roman Oliynykov. Ouroboros: A provably secure proof-of-stake blockchain protocol. In Annual International Cryptology Conference, pages 357–388. Springer, 2017.
  13. Uri Klarman, Soumya Basu, Aleksandar Kuzmanovic, and Emin G¨un Sirer. bloxroute: A scalable trustless blockchain distribution network whitepaper.
  14. Yoad Lewenberg, Yoram Bachrach, Yonatan Sompolinsky, Aviv Zohar, and Jeffrey S Rosenschein. Bitcoin mining pools: A cooperative game theoretic analysis. In Proceedings of the 2015 International Conference on Autonomous Agents and Multiagent Systems, pages 919–927. International Foundation for Autonomous Agents and Multiagent Systems, 2015.
  15. Yoad Lewenberg, Yonatan Sompolinsky, and Aviv Zohar. Inclusive block chain protocols. In International Conference on Financial Cryptography and Data Security, pages 528–547. Springer, 2015.
  16. Chenxing Li, Peilun Li, Wei Xu, Fan Long, and Andrew Chi-chih Yao. Scaling nakamoto consensus to thousands of transactions per second. arXiv preprint arXiv:1805.03870, 2018.
  17. Wenting Li, S´ebastien Andreina, Jens-Matthias Bohli, and Ghassan Karame. Securing proof-of-stake blockchain protocols. In Data Privacy Management, Cryptocurrencies and Blockchain Technology, pages 297–315. Springer, 2017.
  18. Satoshi Nakamoto. Bitcoin: A peer-to-peer electronic cash system. 2008.
  19. Christopher Natoli and Vincent Gramoli. The balance attack against proof-of-work blockchains: The r3 testbed as an example. arXiv preprint arXiv:1612.09426, 2016.
  20. Kartik Nayak, Srijan Kumar, Andrew Miller, and Elaine Shi. Stubborn mining: Generalizing selfish mining and combining with an eclipse attack. In Security and Privacy (EuroS&P), 2016 IEEE European Symposium on, pages 305–320. IEEE, 2016.
  21. Rafael Pass, Lior Seeman, and Abhi Shelat. Analysis of the blockchain protocol in asynchronous networks. In Annual International Conference on the Theory and Applications of Cryptographic Techniques, pages 643–673. Springer, 2017.
  22. Rafael Pass and Elaine Shi. Fruitchains: A fair blockchain. In Proceedings of the ACM Symposium on Principles of Distributed Computing. ACM, 2017.
  23. Rafael Pass and Elaine Shi. Hybrid consensus: Efficient consensus in the permissionless model. In LIPIcs-Leibniz International Proceedings in Informatics, volume 91. Schloss Dagstuhl-Leibniz-Zentrum fuer Informatik, 2017.
  24. Rafael Pass and Elaine Shi. Thunderella: Blockchains with optimistic instant confirmation. In Annual International Conference on the Theory and Applications of Cryptographic Techniques, pages 3–33. Springer, 2018.
  25. Peter R Rizun. Subchains: A technique to scale bitcoin and improve the user experience. Ledger, 1:38–52, 2016.
  26. Ayelet Sapirshtein, Yonatan Sompolinsky, and Aviv Zohar. Optimal selfish mining strategies in bitcoin. In International Conference on Financial Cryptography and Data Security, pages 515–532. Springer, 2016.
  27. Y Sompolinsky and A Zohar. Phantom: A scalable blockdag protocol, 2018.
  28. Yonatan Sompolinsky, Yoad Lewenberg, and Aviv Zohar. Spectre: A fast and scalable cryptocurrency protocol. IACR Cryptology ePrint Archive, 2016:1159, 2016.
  29. Yonatan Sompolinsky and Aviv Zohar. Secure high-rate transaction processing in bitcoin. In International Conference on Financial Cryptography and Data Security, pages 507–527. Springer, 2015.
  30. Statoshi. Bandwidth usage. https://statoshi.info/dashboard/db/bandwidth-usage.
  31. TierNolan. Decoupling transactions and pow. Bitcoin Forum. https://bitcointalk.org/index.php?topic=179598.0.
submitted by dj-gutz to myrXiv [link] [comments]

Merged Mining: Curse or Cure?

Cryptology ePrint Archive: Report 2017/791
Date: 2017-08-22
Author(s): Aljosha Judmayer, Alexei Zamyatin, Nicholas Stifter, Artemios Voyiatzis, Edgar Weippl

Link to Paper


Abstract
Merged mining refers to the concept of mining more than one cryptocurrency without necessitating additional proof-of-work effort. Although merged mining has been adopted by a number of cryptocurrencies already, to this date little is known about the effects and implications. We shed light on this topic area by performing a comprehensive analysis of merged mining in practice. As part of this analysis, we present a block attribution scheme for mining pools to assist in the evaluation of mining centralization. Our findings disclose that mining pools in merge-mined cryptocurrencies have operated at the edge of, and even beyond, the security guarantees offered by the underlying Nakamoto consensus for extended periods. We discuss the implications and security considerations for these cryptocurrencies and the mining ecosystem as a whole, and link our findings to the intended effects of merged mining.

References
  1. M. Ali, J. Nelson, R. Shea, and M. J. Freedman. Blockstack: A global naming and storage system secured by blockchains. In 2016 USENIX Annual Technical Conference (USENIX ATC 16), pages 181–194, Denver, CO, 2016. USENIX Association.
  2. L. Anderson, R. Holz, A. Ponomarev, P. Rimba, and I. Weber. New kids on the block: an analysis of modern blockchains. http://arxiv.org/pdf/1606.06530.pdf, 2016. Accessed: 2016-11-10.
  3. E. Androulaki, S. Capkun, and G. O. Karame. Two bitcoins at the price of one? doublespending attacks on fast payments in bitcoin. In CCS, 2012.
  4. A. Back, M. Corallo, L. Dashjr, M. Friedenbach, G. Maxwell, A. Miller, A. Poelstra, J. Timon, and P. Wuille. Enabling blockchain innovations with pegged ´ sidechains. http://newspaper23.com/ripped/2014/11/http-_____-___-_www___-blockstream___-com__-_sidechains.pdf, 2014. Accessed: 2016-11-10.
  5. I. Bentov, R. Pass, and E. Shi. Snow white: Provably secure proofs of stake, 2016. https://eprint.iacr.org/2016/919.pdf.
  6. C. Decker and R. Wattenhofer. Information propagation in the bitcoin network. In Peerto-Peer Computing (P2P), 2013 IEEE Thirteenth International Conference on, pages 1–10. IEEE, 2013.
  7. C. Decker and R. Wattenhofer. Bitcoin transaction malleability and mtgox. In Computer Security-ESORICS 2014, pages 313–326. Springer, 2014.
  8. Dogecoin community. Dogecoin reference implementation. github.com/dogecoin/dogecoin. Accessed: 2016-11-10.
  9. I. Eyal. The miner’s dilemma. In Security and Privacy (SP), 2015 IEEE Symposium on, pages 89–103. IEEE, 2015.
  10. I. Eyal and E. G. Sirer. Majority is not enough: Bitcoin mining is vulnerable. In Financial Cryptography and Data Security, pages 436–454. Springer, 2014.
  11. P. Franco. Understanding Bitcoin: Cryptography, engineering and economics. John Wiley & Sons, 2014.
  12. A. Gervais, G. O. Karame, K. Wust, V. Glykantzis, H. Ritzdorf, and S. Capkun. On the ¨ security and performance of proof of work blockchains. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, CCS ’16, pages 3–16, New York, NY, USA, 2016. ACM.
  13. E. Heilman, A. Kendler, A. Zohar, and S. Goldberg. Eclipse attacks on bitcoin’s peer-to-peer network. In 24th USENIX Security Symposium (USENIX Security 15), pages 129–144, 2015.
  14. Huntercoin developers. Huntercoin reference implementation. https://github.com/chronokings/huntercoin. Accessed: 2017-06-05.
  15. M. Jakobsson and A. Juels. Proofs of work and bread pudding protocols. In Secure Information Networks, pages 258–272. Springer, 1999.
  16. H. Kalodner, M. Carlsten, P. Ellenbogen, J. Bonneau, and A. Narayanan. An empirical study of namecoin and lessons for decentralized namespace design. In WEIS, 2015.
  17. G. O. Karame, E. Androulaki, M. Roeschlin, A. Gervais, and S. Capkun. Misbehavior in ˇ bitcoin: A study of double-spending and accountability. volume 18, page 2. ACM, 2015.
  18. A. Kiayias, A. Russell, B. David, and R. Oliynykov. Ouroboros: A provably secure proof-of-stake blockchain protocol. https://pdfs.semanticscholar.org/1c14/549f7ba7d6a000d79a7d12255eb11113e6fa.pdf, 2016. Accessed: 2017-02-20.
  19. Lerner, Sergio D. Rootstock plattform. http://www.the-blockchain.com/docs/Rootstock-WhitePaper-Overview.pdf. Accessed: 2017-06-05.
  20. Y. Lewenberg, Y. Bachrach, Y. Sompolinsky, A. Zohar, and J. S. Rosenschein. Bitcoin mining pools: A cooperative game theoretic analysis. In Proceedings of the 2015 International Conference on Autonomous Agents and Multiagent Systems, pages 919–927. International Foundation for Autonomous Agents and Multiagent Systems, 2015.
  21. Litecoin community. Litecoin reference implementation. github.com/litecoinproject/litecoin. Accessed: 2016-11-10.
  22. S. Micali. Algorand: The efficient and democratic ledger. http://arxiv.org/abs/1607.01341, 2016. Accessed: 2017-02-09.
  23. Myriad core developers. Myriadcoin reference implementation. https://github.com/myriadcoin/myriadcoin. Accessed: 2017-06-05.
  24. S. Nakamoto. Bitcoin: A peer-to-peer electronic cash system. https://bitcoin.org/bitcoin.pdf, Dec 2008. Accessed: 2016-11-10.
  25. S. Nakamoto. Merged mining specification. en.bitcoin.it/wiki/Merged_mining_specification, Apr 2011. Accessed: 2016-11-10.
  26. Namecoin community. Namecoin reference implementation. https://github.com/namecoin/namecoin. Accessed: 2016-11-10.
  27. A. Narayanan, J. Bonneau, E. Felten, A. Miller, and S. Goldfeder. Bitcoin and Cryptocurrency Technologies: A Comprehensive Introduction. Princeton University Press, Princeton, NJ, USA, 2016.
  28. K. Nayak, S. Kumar, A. Miller, and E. Shi. Stubborn mining: Generalizing selfish mining and combining with an eclipse attack. In 1st IEEE European Symposium on Security and Privacy, 2016. IEEE, 2016.
  29. R. Pass and E. Shi. Hybrid consensus: Scalable permissionless consensus. https://eprint.iacr.org/2016/917.pdf, Sep 2016. Accessed: 2016-11-10.
  30. M. Rosenfeld. Analysis of bitcoin pooled mining reward systems. arXiv preprint arXiv:1112.4980, 2011.
  31. M. Rosenfeld. Analysis of hashrate-based double spending. http://arxiv.org/abs/1402.2009, 2014. Accessed: 2016-11-10.
  32. A. Sapirshtein, Y. Sompolinsky, and A. Zohar. Optimal Selfish Mining Strategies in Bitcoin, pages 515–532. Springer Berlin Heidelberg, Berlin, Heidelberg, 2017.
  33. Sathoshi Nakamoto. Comment in ”bitdns and generalizing bitcoin” bitcointalk thread. https://bitcointalk.org/index.php?topic=1790.msg28696#msg28696. Accessed: 2017-06-05.
  34. O. Schrijvers, J. Bonneau, D. Boneh, and T. Roughgarden. Incentive compatibility of bitcoin mining pool reward functions. In FC ’16: Proceedings of the the 20th International Conference on Financial Cryptography, February 2016.
  35. M. B. Taylor. Bitcoin and the age of bespoke silicon. In Proceedings of the 2013 International Conference on Compilers, Architectures and Synthesis for Embedded Systems, page 16. IEEE Press, 2013.
submitted by dj-gutz to myrXiv [link] [comments]

Merged Mining: Analysis of Effects and Implications

Date: 2017-08-24
Author(s): Alexei Zamyatin, Edgar Weippl

Link to Paper


Abstract
Merged mining refers to the concept of mining more than one cryptocurrency without necessitating additional proof-of-work effort. Merged mining was introduced in 2011 as a boostrapping mechanism for new cryptocurrencies and countermeasures against the fragmentation of mining power across competing systems. Although merged mining has already been adopted by a number of cryptocurrencies, to this date little is known about the effects and implications.
In this thesis, we shed light on this topic area by performing a comprehensive analysis of merged mining in practice. As part of this analysis, we present a block attribution scheme for mining pools to assist in the evaluation of mining centralization. Our findings disclose that mining pools in merge-mined cryptocurrencies have operated at the edge of, and even beyond, the security guarantees offered by the underlying Nakamoto consensus for extended periods. We discuss the implications and security considerations for these cryptocurrencies and the mining ecosystem as a whole, and link our findings to the intended effects of merged mining.

Bibliography
[1] Coinmarketcap. http://coinmarketcap.com/. Accessed 2017-09-28.
[2] P2pool. http://p2pool.org/. Accessed: 2017-05-10.
[3] M. Ali, J. Nelson, R. Shea, and M. J. Freedman. Blockstack: Design and implementation of a global naming system with blockchains. http://www.the-blockchain.com/docs/BlockstackDesignandImplementationofaGlobalNamingSystem.pdf, 2016. Accessed: 2016-03-29.
[4] G. Andersen. Comment in "faster blocks vs bigger blocks". https://bitcointalk.org/index.php?topic=673415.msg7658481#msg7658481, 2014. Accessed: 2017-05-10.
[5] G. Andersen. [bitcoin-dev] weak block thoughts... https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2015-Septembe011157.html, 2015. Accessed: 2017-05-10.
[6] L. Anderson, R. Holz, A. Ponomarev, P. Rimba, and I. Weber. New kids on the block: an analysis of modern blockchains. http://arxiv.org/pdf/1606.06530.pdf, 2016. Accessed: 2016-07-04.
[7] E. Androulaki, S. Capkun, and G. O. Karame. Two bitcoins at the price of one? double-spending attacks on fast payments in bitcoin. In CCS, 2012.
[8] A. Back, M. Corallo, L. Dashjr, M. Friedenbach, G. Maxwell, A. Miller, A. Poelstra, J. Timón, and P. Wuille. Enabling blockchain innovations with pegged sidechains. http://newspaper23.com/ripped/2014/11/http-_____-___-_www___-blockstream___-com__-_sidechains.pdf, 2014. Accessed: 2017-09-28.
[9] A. Back et al. Hashcash - a denial of service counter-measure. http://www.hashcash.org/papers/hashcash.pdf, 2002. Accessed: 2017-09-28.
[10] S. Barber, X. Boyen, E. Shi, and E. Uzun. Bitter to better - how to make bitcoin a better currency. In Financial cryptography and data security, pages 399–414. Springer, 2012.
[11] J. Becker, D. Breuker, T. Heide, J. Holler, H. P. Rauer, and R. Böhme. Can we afford integrity by proof-of-work? scenarios inspired by the bitcoin currency. In WEIS. Springer, 2012.
[12] I. Bentov, R. Pass, and E. Shi. Snow white: Provably secure proofs of stake. https://eprint.iacr.org/2016/919.pdf, 2016. Accessed: 2017-09-28.
[13] Bitcoin Community. Bitcoin developer guide- transaction data. https://bitcoin.org/en/developer-guide#term-merkle-tree. Accessed: 2017-06-05.
[14] Bitcoin Community. Bitcoin protocol documentation - merkle trees. https://en.bitcoin.it/wiki/Protocol_documentation#Merkle_Trees. Accessed: 2017-06-05.
[15] Bitcoin community. Bitcoin protocol rules. https://en.bitcoin.it/wiki/Protocol_rules. Accessed: 2017-08-22.
[16] V. Buterin. Chain interoperability. Technical report, Tech. rep. 1. R3CEV, 2016.
[17] W. Dai. bmoney. http://www.weidai.com/bmoney.txt, 1998. Accessed: 2017-09-28.
[18] C. Decker and R. Wattenhofer. Information propagation in the bitcoin network. In Peer-to-Peer Computing (P2P), 2013 IEEE Thirteenth International Conference on, pages 1–10. IEEE, 2013.
[19] C. Decker and R. Wattenhofer. Bitcoin transaction malleability and mtgox. In Computer Security-ESORICS 2014, pages 313–326. Springer, 2014.
[20] Dogecoin community. Dogecoin reference implementation. https://github.com/dogecoin/
[27] A. Gervais, G. Karame, S. Capkun, and V. Capkun. Is bitcoin a decentralized currency? volume 12, pages 54–60, 2014.
[28] A. Gervais, G. O. Karame, K. Wüst, V. Glykantzis, H. Ritzdorf, and S. Capkun. On the security and performance of proof of work blockchains. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pages 3–16. ACM, 2016.
[29] I. Giechaskiel, C. Cremers, and K. B. Rasmussen. On bitcoin security in the presence of broken cryptographic primitives. In European Symposium on Research in Computer Security (ESORICS), September 2016.
[30] J. Göbel, H. P. Keeler, A. E. Krzesinski, and P. G. Taylor. Bitcoin blockchain dynamics: The selfish-mine strategy in the presence of propagation delay. Performance Evaluation, 104:23–41, 2016.
[31] E. Heilman, A. Kendler, A. Zohar, and S. Goldberg. Eclipse attacks on bitcoin’s peer-to-peer network. In 24th USENIX Security Symposium (USENIX Security 15), pages 129–144, 2015.
[32] Huntercoin developers. Huntercoin reference implementation. https://github.com/chronokings/huntercoin. Accessed: 2017-06-05.
[33] B. Jakobsson and A. Juels. Proofs of work and bread pudding protocols, Apr. 8 2008. US Patent 7,356,696; Accessed: 2017-06-05.
[34] M. Jakobsson and A. Juels. Proofs of work and bread pudding protocols. In Secure Information Networks, pages 258–272. Springer, 1999.
[35] A. Judmayer, N. Stifter, K. Krombholz, and E. Weippl. Blocks and chains: Introduction to bitcoin, cryptocurrencies, and their consensus mechanisms. Synthesis Lectures on Information Security, Privacy, & Trust, 9(1):1–123, 2017.
[36] A. Juels and J. G. Brainard. Client puzzles: A cryptographic countermeasure against connection depletion attacks. In NDSS, volume 99, pages 151–165, 1999.
[37] A. Juels and B. S. Kaliski Jr. Pors: Proofs of retrievability for large files. In Proceedings of the 14th ACM conference on Computer and communications security, pages 584–597. Acm, 2007.
[38] H. Kalodner, M. Carlsten, P. Ellenbogen, J. Bonneau, and A. Narayanan. An empirical study of namecoin and lessons for decentralized namespace design. In WEIS, 2015.
[39] G. O. Karame, E. Androulaki, and S. Capkun. Double-spending fast payments in bitcoin. In Proceedings of the 2012 ACM conference on Computer and communications security, pages 906–917. ACM, 2012.
[40] G. O. Karame, E. Androulaki, M. Roeschlin, A. Gervais, and S. Čapkun. Misbehavior in bitcoin: A study of double-spending and accountability. volume 18, page 2. ACM, 2015.
[41] A. Kiayias, A. Russell, B. David, and R. Oliynykov. Ouroboros: A provably secure proof-of-stake blockchain protocol. In Annual International Cryptology Conference, pages 357–388. Springer, 2017.
[42] S. King. Primecoin: Cryptocurrency with prime number proof-of-work. July 7th, 2013.
[43] T. Kluyver, B. Ragan-Kelley, F. Pérez, B. E. Granger, M. Bussonnier, J. Frederic, K. Kelley, J. B. Hamrick, J. Grout, S. Corlay, et al. Jupyter notebooks-a publishing format for reproducible computational workflows. In ELPUB, pages 87–90, 2016.
[44] Lerner, Sergio D. Rootstock plattform. http://www.the-blockchain.com/docs/Rootstock-WhitePaper-Overview.pdf. Accessed: 2017-06-05.
[45] Y. Lewenberg, Y. Bachrach, Y. Sompolinsky, A. Zohar, and J. S. Rosenschein. Bitcoin mining pools: A cooperative game theoretic analysis. In Proceedings of the 2015 International Conference on Autonomous Agents and Multiagent Systems, pages 919–927. International Foundation for Autonomous Agents and Multiagent Systems, 2015.
[46] Litecoin community. Litecoin reference implementation. https://github.com/litecoin-project/litecoin. Accessed: 2017-09-28.
[47] I. Maven. Apache maven project, 2011.
[48] G. Maxwell. Comment in "[bitcoin-dev] weak block thoughts...". https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2015-Septembe011198.html, 2016. Accessed: 2017-05-10.
[49] S. Meiklejohn, M. Pomarole, G. Jordan, K. Levchenko, D. McCoy, G. M. Voelker, and S. Savage. A fistful of bitcoins: characterizing payments among men with no names. In Proceedings of the 2013 conference on Internet measurement conference, pages 127–140. ACM, 2013.
[50] S. Micali. Algorand: The efficient and democratic ledger. http://arxiv.org/abs/1607.01341, 2016. Accessed: 2017-02-09.
[51] A. Miller, A. Juels, E. Shi, B. Parno, and J. Katz. Permacoin: Repurposing bitcoin work for data preservation. In Security and Privacy (SP), 2014 IEEE Symposium on, pages 475–490. IEEE, 2014.
[52] A. Miller, A. Kosba, J. Katz, and E. Shi. Nonoutsourceable scratch-off puzzles to discourage bitcoin mining coalitions. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pages 680–691. ACM, 2015.
[53] B. Momjian. PostgreSQL: introduction and concepts, volume 192. Addison-Wesley New York, 2001.
[54] Myriad core developers. Myriadcoin reference implementation. https://github.com/myriadcoin/myriadcoin. Accessed: 2017-06-05.
[55] S. Nakamoto. Bitcoin: A peer-to-peer electronic cash system. https://bitcoin.org/bitcoin.pdf, Dec 2008. Accessed: 2017-09-28.
[56] S. Nakamoto. Merged mining specification. https://en.bitcoin.it/wiki/Merged_mining_specification, Apr 2011. Accessed: 2017-09-28.
[57] Namecoin Community. Merged mining. https://github.com/namecoin/wiki/blob/masteMerged-Mining.mediawiki#Goal_of_this_namecoin_change. Accessed: 2017-08-20.
[58] Namecoin community. Namecoin reference implementation. https://github.com/namecoin/namecoin. Accessed: 2017-09-28.
[59] A. Narayanan, J. Bonneau, E. Felten, A. Miller, and S. Goldfeder. Bitcoin and Cryptocurrency Technologies: A Comprehensive Introduction. Princeton University Press, 2016.
[60] K. Nayak, S. Kumar, A. Miller, and E. Shi. Stubborn mining: Generalizing selfish mining and combining with an eclipse attack. In 1st IEEE European Symposium on Security and Privacy, 2016. IEEE, 2016.
[61] K. J. O’Dwyer and D. Malone. Bitcoin mining and its energy footprint. 2014.
[62] R. Pass, L. Seeman, and A. Shelat. Analysis of the blockchain protocol in asynchronous networks. In Annual International Conference on the Theory and Applications of Cryptographic Techniques, pages 643–673. Springer, 2017.
[63] D. Pointcheval and J. Stern. Security arguments for digital signatures and blind signatures. Journal of cryptology, 13(3):361–396, 2000.
[64] Pseudonymous("TierNolan"). Decoupling transactions and pow. https://bitcointalk.org/index.php?topic=179598.0, 2013. Accessed: 2017-05-10.
[65] P. R. Rizun. Subchains: A technique to scale bitcoin and improve the user experience. Ledger, 1:38–52, 2016.
[66] K. Rosenbaum. Weak blocks - the good and the bad. http://popeller.io/index.php/2016/01/19/weak-blocks-the-good-and-the-bad/, 2016. Accessed: 2017-05-10.
[67] K. Rosenbaum and R. Russell. Iblt and weak block propagation performance. Scaling Bitcoin Hong Kong (6 December 2015), 2015.
[68] M. Rosenfeld. Analysis of bitcoin pooled mining reward systems. arXiv preprint arXiv:1112.4980, 2011.
[69] M. Rosenfeld. Analysis of hashrate-based double spending. http://arxiv.org/abs/1402.2009, 2014. Accessed: 2016-03-09.
[70] R. Russel. Weak block simulator for bitcoin. https://github.com/rustyrussell/weak-blocks, 2014. Accessed: 2017-05-10.
[71] A. Sapirshtein, Y. Sompolinsky, and A. Zohar. Optimal selfish mining strategies in bitcoin. In International Conference on Financial Cryptography and Data Security, pages 515–532. Springer, 2016.
[72] Sathoshi Nakamoto. Comment in "bitdns and generalizing bitcoin" bitcointalk thread. https://bitcointalk.org/index.php?topic=1790.msg28696#msg28696. Accessed: 2017-06-05.
[73] O. Schrijvers, J. Bonneau, D. Boneh, and T. Roughgarden. Incentive compatibility of bitcoin mining pool reward functions. In FC ’16: Proceedings of the the 20th International Conference on Financial Cryptography, February 2016.
[74] B. Sengupta, S. Bag, S. Ruj, and K. Sakurai. Retricoin: Bitcoin based on compact proofs of retrievability. In Proceedings of the 17th International Conference on Distributed Computing and Networking, page 14. ACM, 2016.
[75] N. Szabo. Bit gold. http://unenumerated.blogspot.co.at/2005/12/bit-gold.html, 2005. Accessed: 2017-09-28.
[76] M. B. Taylor. Bitcoin and the age of bespoke silicon. In Proceedings of the 2013 International Conference on Compilers, Architectures and Synthesis for Embedded Systems, page 16. IEEE Press, 2013.
[77] Unitus developers. Unitus reference implementation. https://github.com/unitusdev/unitus. Accessed: 2017-08-22.
[78] M. Vukolić. The quest for scalable blockchain fabric: Proof-of-work vs. bft replication. In International Workshop on Open Problems in Network Security, pages 112–125. Springer, 2015.
[79] P. Webb, D. Syer, J. Long, S. Nicoll, R. Winch, A. Wilkinson, M. Overdijk, C. Dupuis, and S. Deleuze. Spring boot reference guide. Technical report, 2013-2016.
[80] A. Zamyatin. Name-squatting in namecoin. (unpublished BSc thesis, Vienna University of Technology), 2015.
submitted by dj-gutz to myrXiv [link] [comments]

Pitchforks in Cryptocurrencies: Enforcing rule changes through offensive forking- and consensus techniques

Cryptology ePrint Archive: Report 2018/836
Date: 2018-09-05
Author(s): Aljosha Judmayer, Nicholas Stifter, Philipp Schindler, Edgar Weippl

Link to Paper


Abstract
The increasing number of cryptocurrencies, as well as the rising number of actors within each single cryptocurrency, inevitably leads to tensions between the respective communities. As with open source projects, (protocol) forks are often the result of broad disagreement. Usually, after a permanent fork both communities ``mine'' their own business and the conflict is resolved. But what if this is not the case? In this paper, we outline the possibility of malicious forking and consensus techniques that aim at destroying the other branch of a protocol fork. Thereby, we illustrate how merged mining can be used as an attack method against a permissionless PoW cryptocurrency, which itself involuntarily serves as the parent chain for an attacking merge mined branch of a hard fork.

References
  1. J. Bonneau. Why buy when you can rent? bribery attacks on bitcoin consensus. In BITCOIN ’16: Proceedings of the 3rd Workshop on Bitcoin and Blockchain Research, February 2016.
  2. J. Bonneau. Hostile blockchain takeovers (short paper). In 5th Workshop on Bitcoin and Blockchain Research, Financial Cryptography and Data Security 18 (FC). Springer, 2018.
  3. K. Croman, C. Decker, I. Eyal, A. E. Gencer, A. Juels, A. Kosba, A. Miller, P. Saxena, E. Shi, and E. G¨un. On scaling decentralized blockchains. In 3rd Workshop on Bitcoin and Blockchain Research, Financial Cryptography 16, 2016.
  4. I. Eyal, A. E. Gencer, E. G. Sirer, and R. van Renesse. Bitcoin-ng: A scalable blockchain protocol. In 13th USENIX Security Symposium on Networked Systems Design and Implementation (NSDI’16). USENIX Association, Mar 2016.
  5. I. Eyal and E. G. Sirer. Majority is not enough: Bitcoin mining is vulnerable. In Financial Cryptography and Data Security, pages 436–454. Springer, 2014.
  6. A. Gervais, G. O. Karame, K. W¨ust, V. Glykantzis, H. Ritzdo rf, and S. Capkun. On the security and performance of proof of work blockchains. In Proceedings of the 2016 ACM SIGSAC, pages 3–16. ACM, 2016.
  7. A. Judmayer, A. Zamyatin, N. Stifter, A. G. Voyiatzis, and E. Weippl. Merged mining: Curse or cure? In CBT’17: Proceedings of the International Workshop on Cryptocurrencies and Blockchain Technology, Sep 2017.
  8. A. Kiayias, A. Miller, and D. Zindros. Non-interactive proofs of proof-of-work. Cryptology ePrint Archive, Report 2017/963, 2017. Accessed:2017-10-03.
  9. J. A. Kroll, I. C. Davey, and E. W. Felten. The economics of bitcoin mining, or bitcoin in the presence of adversaries. In Proceedings of WEIS, volume 2013, page 11, 2013.
  10. K. Liao and J. Katz. Incentivizing blockchain forks via whale transactions. In International Conference on Financial Cryptography and Data Security, pages 264–279. Springer, 2017.
  11. P. McCorry, A. Hicks, and S. Meiklejohn. Smart contracts for bribing miners. In 5th Workshop on Bitcoin and Blockchain Research, Financial Cryptography and Data Security 18 (FC). Springer, 2018.
  12. Narayanan, Arvind and Bonneau, Joseph and Felten, Edward and Miller, Andrew and Goldfeder, Steven. Bitcoin and cryptocurrency technologies. http://bitcoinbook.cs.princeton.edu/, 2016. Accessed: 2016-03-29.
  13. K. Nayak, S. Kumar, A. Miller, and E. Shi. Stubborn mining: Generalizing selfish mining and combining with an eclipse attack. In 1st IEEE European Symposium on Security and Privacy, 2016. IEEE, 2016.
  14. J. Teutsch, S. Jain, and P. Saxena. When cryptocurrencies mine their own business. In Financial Cryptography and Data Security (FC 2016), Feb 2016.
  15. Y. Velner, J. Teutsch, and L. Luu. Smart contracts make bitcoin mining pools vulnerable. In International Conference on Financial Cryptography and Data Security, pages 298–316. Springer, 2017.
  16. A. Zamyatin, N. Stifter, A. Judmayer, P. Schindler, E. Weippl, and W. J. Knottebelt. (Short Paper) A Wild Velvet Fork Appears! Inclusive Blockchain Protocol Changes in Practice. In 5th Workshop on Bitcoin and Blockchain Research, Financial Cryptography and Data Security 18 (FC). Springer, 2018.
submitted by dj-gutz to myrXiv [link] [comments]

This is why BTCP could be worth more than $1037 per coin...

At the time of writing, BTCP is the highest valued zkSNARKs enabled coin, ranked at #24 at Coinmarketcap. Trading volume is still low compared to other coins, but it has rapidly gone from ~$500,000 volume to $2,300,000 volume in just five days, and the trend in volume still points steeply upwards! :-)
 
Very nice to see all this. After a rough start and a rather depressing time post-fork, with Bears and FUD'ers all around, it's nice to see some life emerging in the crypto-world in general, and in Bitcoin Private in particular. Of course there will be backlashes, but why not enjoy this situation? Spring is in the air! :-)
 
BTC breaking out of its negative trend and Coinmarketcap getting their sh!t together regarding BTCP Circulating Supply happening at roughly the same time, what are the odds? The planets aligned... ;-)
 
At the time of writing, BTCP is about to overtake Bitcoin Gold. Only $20M in market cap to go. If it doesn't happen today, it will happen soon enough. But eclipsing Bitcoin Gold isn't the goal.
 
The goal is to create a coin with utility. A coin that can actually be used as money! This is where the true value will be, and what will bring longevity to the project. What will differ it from thousands of other coins that will sooner or later fade away.
 
Privacy is essential here. Let's make an analogy to plain, traditional cash! Coins and bills! What if it would be possible to track every coin, from the moment it left the coin foundry to the moment it ceased to exist. Every hand and pocket it visited during its entire existence; who received it, to whom it was passed along, and for what! Imagine it would be possible for everyone (including government and authorities, neighbors, your competitors, etc) to track and monitor every single purchase you make, every single sale you make! In a cash society, everyone would find this thought repulsive and completely unacceptable!
 
But this is how block chains work. They are open for everyone to see. Forever. Nothing is forgotten, nothing can be altered, it's all there for everyone to see.
 
Bitcoin, the original, had the vision to be used as digital cash money, which of course included privacy. And for a long time it was private. Kind of. By being anonymous. However, now it has become clear that similar tools that are used for analyzing social media flows, can be used to unveil a great deal of information from block chains. By cross-referencing information like time stamps, amounts, and other online activities between multiple relevant network logs and databases, it has been proven to be possible to identify people, their transactions, and what they have bought. Oops! :-O
 
There is no grey-scale in this area. Either it's private, or it's not. Being "kind of" private is utterly worthless. The analyzing tools will evolve. They will become better, more powerful, more specialized. New technology will be developed. And the block chains will be there forever, along with their entire and complete track record of everything that has happened in their entire existence. Information just sitting there, forever, just waiting for all those future fancy tools to dig in to.
 
There are some "privacy" coins that are actually used in online trade today. The most famous and the most used ones aren't really private since no data is encrypted. Instead they use "privacy by obfuscation", which even per design is less private compared to proper encryption. And as it turns out, Monero and Verge (and more?) weren't as "private" as people thought, it has been possible to connect people to their purchases by analyzing the block chains.
 
The proper privacy coins are the zkSNARKs ones. But they are small; they don't have the Bitcoin coin base. This is why Bitcoin Private totally eclipsed ZenCash, Zclassic, and as of today (may be different tomorrow, but still) overtook Zcash position as the highest valued zkSNARKs coin at a mere $54 compared to Zcash's whopping $278. And none of the others has the Bitcoin branding, indisputably the most famous and well-known cryptocurrency trademark. Even grandmothers knows about the "Bitcoin" brand.
 
So in privacy, the Bitcoin Private is kind of well positioned already (and rumors has it that many exciting development plans are still to be presented; "You'll be blown away").
 
But again, the aim is to truly be able to function as money. As Cash. Bitcoin. Cash. Now some of you may think: "Eeh, Bitcoin Cash?" ;-) Well, indeed that one was a fork meant to address some of the big problems with Bitcoin Original; that it wasn't possible anymore to use Bitcoin as a mean of payments due to very slow transactions and high fees (and extreme volatility, but that wasn't on BCH's agenda).
 
But the thing is, Bitcoin Cash is broken in this regard. Has been for a long time. It's slow and unreliable. Here is what Miningpoolhub writes about Bitcoin Cash on its pool-page:
 
Withdraw only. This pool is not for mining. Auto exchange to other coin would be impossible or too slow. If you want to exchange Bithcoin-Cash to other coin, withdraw and exchange manually. Coin withdrawal would be delayed due to slow block generation. https://blockchair.com/bitcoin-cash/blocks Thanks! 
 
Have a look at the linked page. It could be 45 minutes between blocks. Besides this, it has no privacy which kind of disqualifies it from its original "Bitcoin Cash" purpose, doesn't it? Who wants a cash-coin with no privacy today?!
 
In every fundamental technical aspect, Bitcoin Private is a superior coin compared to Bitcoin Cash. So it should be worth more. Some say that Bitcoin Cash is valued ridiculously high, but it is what it is. It went from a $15 Billion market cap to the current $21 Billion market cap in just a few days. Looking at Bitcoin Private's coin supply through Bitcoin Cash's valuation ($21 167 792 068 / 20 403 830) gives a price of $1037 per BTCP. And a technically superior coin with more "real values" should be valued higher, right?
 
Bitcoin Private has assimilated Bitcoin Cash's main features and reasons to exist. Bitcoin Private has also assimilated Bitcoin Gold's main features and reasons to exist. It has the entire Bitcoin coin base, and many key Bitcoin features. It has the name. And it has proper privacy, which no other Bitcoin has.
 
Bitcoin Private is Bitcoin, done right!
 
And I don't know about the $1037 figure. A fantasy? Could become real? A long way to go, in any case. But one thing I definitely hold for certain is: Bitcoin Private is seriously undervalued today!
 
:-)
submitted by DynamicMiffo to BitcoinPrivate [link] [comments]

Free bitcoin mining pool - YouTube Bitcoin mining with your browser. Bitcoin & Cryptocurrency Mining Pools Explained  Best ... Bitcoin Miner Pool Deutsch - Erklärungsvideo How to choose a Bitcoin mining pool - YouTube

Eclipse Mining Consortium (Eclipse MC) Mining Pool Review May 2018 Update – Unfortunately Eclipse MC stopped running some time ago, this article remains online as a reference. A look at Eclipse Mining Consortium’s Mining Pool Please note: This review is based on a relatively … According to BlockTrail, Bitfury is the third largest Bitcoin mining pool and mines about 11% of all blocks. The main difference between the Bitfury pool and other mining pools is that Bitfury is a private pool. Bitfury, the company, makes its own mining hardware and runs its own pool. So, unlike Slush or Antpool, Bitfury cannot be joined if you run mining hardware at home. Bitfury 16nm ASIC ... As the FOI states, BFL have been using customers ASICs to mine at the Eclipse Mining Pool.... which is owned by BFL and was purchased in 2012 (Part 4, Page 3 of 7 at the bottom).. Move your ASICs away from BFL. It's the ethical thing to do (as well as makes a statement saying that we, the customers, will not accept or condone this kind of behaviour). Bitcoin Mining Pool - Eclipse Mining Consortium. Report this website. Eclipsemc.com Website Analysis (Review) Eclipsemc.com has 708 daily visitors and has the potential to earn up to 85 USD per month by showing ads. See traffic statistics for more information. Hosted on IP address 104.24.121.242 in San Francisco, United States. You can find similar websites and websites using the same design ... Eclipse Mining Consortium is a mining pool with server locations in the US and EU. It is run by Josh Zerlan. This pool pays out using a double geometric share reward system. It also offers simultaneous merged mining of BTC and NMC].. The service was first available on June 13, 2011.. The coinbase signature for this pool is: "EMC".

[index] [19431] [3084] [25607] [24982] [18703] [40452] [27310] [12633] [45591] [18561]

Free bitcoin mining pool - YouTube

Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube. Bitcoin Mining Pool 🎓 BitClub Network Akademie Deutsch 🇩🇪 - Duration: 10:05. Ronald Steimel 26,615 views. 10:05. USB Miner mit Pool verbinden - emarks minen - bitcoin mining tutorial ... Mine Bitcoin: https://secure.iqmining.com/tiny/zBYaH What is Bitcoin Mining? Bitcoin Mining is a peer-to-peer computer process used to secure and verify bitc... Failed at focus in the beginning but recover after intro. That aside here is my vlog series for setting up the SOAT Mining Pool Server environment. Featuring... if you want real payment , you need to creat account by Below link : 👇👇👇👇👇👇👇👇👇👇👇👇👇 👉 http://bit.ly/10daysfreebtc ...

#