Bitcoin Private Keys: Everything You Need To Know

Technical: Taproot: Why Activate?

This is a follow-up on https://old.reddit.com/Bitcoin/comments/hqzp14/technical_the_path_to_taproot_activation/
Taproot! Everybody wants it!! But... you might ask yourself: sure, everybody else wants it, but why would I, sovereign Bitcoin HODLer, want it? Surely I can be better than everybody else because I swapped XXX fiat for Bitcoin unlike all those nocoiners?
And it is important for you to know the reasons why you, o sovereign Bitcoiner, would want Taproot activated. After all, your nodes (or the nodes your wallets use, which if you are SPV, you hopefully can pester to your wallet vendoimplementor about) need to be upgraded in order for Taproot activation to actually succeed instead of becoming a hot sticky mess.
First, let's consider some principles of Bitcoin.
I'm sure most of us here would agree that the above are very important principles of Bitcoin and that these are principles we would not be willing to remove. If anything, we would want those principles strengthened (especially the last one, financial privacy, which current Bitcoin is only sporadically strong with: you can get privacy, it just requires effort to do so).
So, how does Taproot affect those principles?

Taproot and Your /Coins

Most HODLers probably HODL their coins in singlesig addresses. Sadly, switching to Taproot would do very little for you (it gives a mild discount at spend time, at the cost of a mild increase in fee at receive time (paid by whoever sends to you, so if it's a self-send from a P2PKH or bech32 address, you pay for this); mostly a wash).
(technical details: a Taproot output is 1 version byte + 32 byte public key, while a P2WPKH (bech32 singlesig) output is 1 version byte + 20 byte public key hash, so the Taproot output spends 12 bytes more; spending from a P2WPKH requires revealing a 32-byte public key later, which is not needed with Taproot, and Taproot signatures are about 9 bytes smaller than P2WPKH signatures, but the 32 bytes plus 9 bytes is divided by 4 because of the witness discount, so it saves about 11 bytes; mostly a wash, it increases blockweight by about 1 virtual byte, 4 weight for each Taproot-output-input, compared to P2WPKH-output-input).
However, as your HODLings grow in value, you might start wondering if multisignature k-of-n setups might be better for the security of your savings. And it is in multisignature that Taproot starts to give benefits!
Taproot switches to using Schnorr signing scheme. Schnorr makes key aggregation -- constructing a single public key from multiple public keys -- almost as trivial as adding numbers together. "Almost" because it involves some fairly advanced math instead of simple boring number adding, but hey when was the last time you added up your grocery list prices by hand huh?
With current P2SH and P2WSH multisignature schemes, if you have a 2-of-3 setup, then to spend, you need to provide two different signatures from two different public keys. With Taproot, you can create, using special moon math, a single public key that represents your 2-of-3 setup. Then you just put two of your devices together, have them communicate to each other (this can be done airgapped, in theory, by sending QR codes: the software to do this is not even being built yet, but that's because Taproot hasn't activated yet!), and they will make a single signature to authorize any spend from your 2-of-3 address. That's 73 witness bytes -- 18.25 virtual bytes -- of signatures you save!
And if you decide that your current setup with 1-of-1 P2PKH / P2WPKH addresses is just fine as-is: well, that's the whole point of a softfork: backwards-compatibility; you can receive from Taproot users just fine, and once your wallet is updated for Taproot-sending support, you can send to Taproot users just fine as well!
(P2WPKH and P2WSH -- SegWit v0 -- addresses start with bc1q; Taproot -- SegWit v1 --- addresses start with bc1p, in case you wanted to know the difference; in bech32 q is 0, p is 1)
Now how about HODLers who keep all, or some, of their coins on custodial services? Well, any custodial service worth its salt would be doing at least 2-of-3, or probably something even bigger, like 11-of-15. So your custodial service, if it switched to using Taproot internally, could save a lot more (imagine an 11-of-15 getting reduced from 11 signatures to just 1!), which --- we can only hope! --- should translate to lower fees and better customer service from your custodial service!
So I think we can say, very accurately, that the Bitcoin principle --- that YOU are in control of your money --- can only be helped by Taproot (if you are doing multisignature), and, because P2PKH and P2WPKH remain validly-usable addresses in a Taproot future, will not be harmed by Taproot. Its benefit to this principle might be small (it mostly only benefits multisignature users) but since it has no drawbacks with this (i.e. singlesig users can continue to use P2WPKH and P2PKH still) this is still a nice, tidy win!
(even singlesig users get a minor benefit, in that multisig users will now reduce their blockchain space footprint, so that fees can be kept low for everybody; so for example even if you have your single set of private keys engraved on titanium plates sealed in an airtight box stored in a safe buried in a desert protected by angry nomads riding giant sandworms because you're the frickin' Kwisatz Haderach, you still gain some benefit from Taproot)
And here's the important part: if P2PKH/P2WPKH is working perfectly fine with you and you decide to never use Taproot yourself, Taproot will not affect you detrimentally. First do no harm!

Taproot and Your Contracts

No one is an island, no one lives alone. Give and you shall receive. You know: by trading with other people, you can gain expertise in some obscure little necessity of the world (and greatly increase your productivity in that little field), and then trade the products of your expertise for necessities other people have created, all of you thereby gaining gains from trade.
So, contracts, which are basically enforceable agreements that facilitate trading with people who you do not personally know and therefore might not trust.
Let's start with a simple example. You want to buy some gewgaws from somebody. But you don't know them personally. The seller wants the money, you want their gewgaws, but because of the lack of trust (you don't know them!! what if they're scammers??) neither of you can benefit from gains from trade.
However, suppose both of you know of some entity that both of you trust. That entity can act as a trusted escrow. The entity provides you security: this enables the trade, allowing both of you to get gains from trade.
In Bitcoin-land, this can be implemented as a 2-of-3 multisignature. The three signatories in the multisgnature would be you, the gewgaw seller, and the escrow. You put the payment for the gewgaws into this 2-of-3 multisignature address.
Now, suppose it turns out neither of you are scammers (whaaaat!). You receive the gewgaws just fine and you're willing to pay up for them. Then you and the gewgaw seller just sign a transaction --- you and the gewgaw seller are 2, sufficient to trigger the 2-of-3 --- that spends from the 2-of-3 address to a singlesig the gewgaw seller wants (or whatever address the gewgaw seller wants).
But suppose some problem arises. The seller gave you gawgews instead of gewgaws. Or you decided to keep the gewgaws but not sign the transaction to release the funds to the seller. In either case, the escrow is notified, and if it can sign with you to refund the funds back to you (if the seller was a scammer) or it can sign with the seller to forward the funds to the seller (if you were a scammer).
Taproot helps with this: like mentioned above, it allows multisignature setups to produce only one signature, reducing blockchain space usage, and thus making contracts --- which require multiple people, by definition, you don't make contracts with yourself --- is made cheaper (which we hope enables more of these setups to happen for more gains from trade for everyone, also, moon and lambos).
(technology-wise, it's easier to make an n-of-n than a k-of-n, making a k-of-n would require a complex setup involving a long ritual with many communication rounds between the n participants, but an n-of-n can be done trivially with some moon math. You can, however, make what is effectively a 2-of-3 by using a three-branch SCRIPT: either 2-of-2 of you and seller, OR 2-of-2 of you and escrow, OR 2-of-2 of escrow and seller. Fortunately, Taproot adds a facility to embed a SCRIPT inside a public key, so you can have a 2-of-2 Taprooted address (between you and seller) with a SCRIPT branch that can instead be spent with 2-of-2 (you + escrow) OR 2-of-2 (seller + escrow), which implements the three-branched SCRIPT above. If neither of you are scammers (hopefully the common case) then you both sign using your keys and never have to contact the escrow, since you are just using the escrow public key without coordinating with them (because n-of-n is trivial but k-of-n requires setup with communication rounds), so in the "best case" where both of you are honest traders, you also get a privacy boost, in that the escrow never learns you have been trading on gewgaws, I mean ewww, gawgews are much better than gewgaws and therefore I now judge you for being a gewgaw enthusiast, you filthy gewgawer).

Taproot and Your Contracts, Part 2: Cryptographic Boogaloo

Now suppose you want to buy some data instead of things. For example, maybe you have some closed-source software in trial mode installed, and want to pay the developer for the full version. You want to pay for an activation code.
This can be done, today, by using an HTLC. The developer tells you the hash of the activation code. You pay to an HTLC, paying out to the developer if it reveals the preimage (the activation code), or refunding the money back to you after a pre-agreed timeout. If the developer claims the funds, it has to reveal the preimage, which is the activation code, and you can now activate your software. If the developer does not claim the funds by the timeout, you get refunded.
And you can do that, with HTLCs, today.
Of course, HTLCs do have problems:
Fortunately, with Schnorr (which is enabled by Taproot), we can now use the Scriptless Script constuction by Andrew Poelstra. This Scriptless Script allows a new construction, the PTLC or Pointlocked Timelocked Contract. Instead of hashes and preimages, just replace "hash" with "point" and "preimage" with "scalar".
Or as you might know them: "point" is really "public key" and "scalar" is really a "private key". What a PTLC does is that, given a particular public key, the pointlocked branch can be spent only if the spender reveals the private key of the given public key to you.
Another nice thing with PTLCs is that they are deniable. What appears onchain is just a single 2-of-2 signature between you and the developemanufacturer. It's like a magic trick. This signature has no special watermarks, it's a perfectly normal signature (the pledge). However, from this signature, plus some datta given to you by the developemanufacturer (known as the adaptor signature) you can derive the private key of a particular public key you both agree on (the turn). Anyone scraping the blockchain will just see signatures that look just like every other signature, and as long as nobody manages to hack you and get a copy of the adaptor signature or the private key, they cannot get the private key behind the public key (point) that the pointlocked branch needs (the prestige).
(Just to be clear, the public key you are getting the private key from, is distinct from the public key that the developemanufacturer will use for its funds. The activation key is different from the developer's onchain Bitcoin key, and it is the activation key whose private key you will be learning, not the developer's/manufacturer's onchain Bitcoin key).
So:
Taproot lets PTLCs exist onchain because they enable Schnorr, which is a requirement of PTLCs / Scriptless Script.
(technology-wise, take note that Scriptless Script works only for the "pointlocked" branch of the contract; you need normal Script, or a pre-signed nLockTimed transaction, for the "timelocked" branch. Since Taproot can embed a script, you can have the Taproot pubkey be a 2-of-2 to implement the Scriptless Script "pointlocked" branch, then have a hidden script that lets you recover the funds with an OP_CHECKLOCKTIMEVERIFY after the timeout if the seller does not claim the funds.)

Quantum Quibbles!

Now if you were really paying attention, you might have noticed this parenthetical:
(technical details: a Taproot output is 1 version byte + 32 byte public key, while a P2WPKH (bech32 singlesig) output is 1 version byte + 20 byte public key hash...)
So wait, Taproot uses raw 32-byte public keys, and not public key hashes? Isn't that more quantum-vulnerable??
Well, in theory yes. In practice, they probably are not.
It's not that hashes can be broken by quantum computes --- they're still not. Instead, you have to look at how you spend from a P2WPKH/P2PKH pay-to-public-key-hash.
When you spend from a P2PKH / P2WPKH, you have to reveal the public key. Then Bitcoin hashes it and checks if this matches with the public-key-hash, and only then actually validates the signature for that public key.
So an unconfirmed transaction, floating in the mempools of nodes globally, will show, in plain sight for everyone to see, your public key.
(public keys should be public, that's why they're called public keys, LOL)
And if quantum computers are fast enough to be of concern, then they are probably fast enough that, in the several minutes to several hours from broadcast to confirmation, they have already cracked the public key that is openly broadcast with your transaction. The owner of the quantum computer can now replace your unconfirmed transaction with one that pays the funds to itself. Even if you did not opt-in RBF, miners are still incentivized to support RBF on RBF-disabled transactions.
So the extra hash is not as significant a protection against quantum computers as you might think. Instead, the extra hash-and-compare needed is just extra validation effort.
Further, if you have ever, in the past, spent from the address, then there exists already a transaction indelibly stored on the blockchain, openly displaying the public key from which quantum computers can derive the private key. So those are still vulnerable to quantum computers.
For the most part, the cryptographers behind Taproot (and Bitcoin Core) are of the opinion that quantum computers capable of cracking Bitcoin pubkeys are unlikely to appear within a decade or two.
So:
For now, the homomorphic and linear properties of elliptic curve cryptography provide a lot of benefits --- particularly the linearity property is what enables Scriptless Script and simple multisignature (i.e. multisignatures that are just 1 signature onchain). So it might be a good idea to take advantage of them now while we are still fairly safe against quantum computers. It seems likely that quantum-safe signature schemes are nonlinear (thus losing these advantages).

Summary

I Wanna Be The Taprooter!

So, do you want to help activate Taproot? Here's what you, mister sovereign Bitcoin HODLer, can do!

But I Hate Taproot!!

That's fine!

Discussions About Taproot Activation

submitted by almkglor to Bitcoin [link] [comments]

[ Bitcoin ] Technical: Taproot: Why Activate?

Topic originally posted in Bitcoin by almkglor [link]
This is a follow-up on https://old.reddit.com/Bitcoin/comments/hqzp14/technical_the_path_to_taproot_activation/
Taproot! Everybody wants it!! But... you might ask yourself: sure, everybody else wants it, but why would I, sovereign Bitcoin HODLer, want it? Surely I can be better than everybody else because I swapped XXX fiat for Bitcoin unlike all those nocoiners?
And it is important for you to know the reasons why you, o sovereign Bitcoiner, would want Taproot activated. After all, your nodes (or the nodes your wallets use, which if you are SPV, you hopefully can pester to your wallet vendoimplementor about) need to be upgraded in order for Taproot activation to actually succeed instead of becoming a hot sticky mess.
First, let's consider some principles of Bitcoin.
I'm sure most of us here would agree that the above are very important principles of Bitcoin and that these are principles we would not be willing to remove. If anything, we would want those principles strengthened (especially the last one, financial privacy, which current Bitcoin is only sporadically strong with: you can get privacy, it just requires effort to do so).
So, how does Taproot affect those principles?

Taproot and Your /Coins

Most HODLers probably HODL their coins in singlesig addresses. Sadly, switching to Taproot would do very little for you (it gives a mild discount at spend time, at the cost of a mild increase in fee at receive time (paid by whoever sends to you, so if it's a self-send from a P2PKH or bech32 address, you pay for this); mostly a wash).
(technical details: a Taproot output is 1 version byte + 32 byte public key, while a P2WPKH (bech32 singlesig) output is 1 version byte + 20 byte public key hash, so the Taproot output spends 12 bytes more; spending from a P2WPKH requires revealing a 32-byte public key later, which is not needed with Taproot, and Taproot signatures are about 9 bytes smaller than P2WPKH signatures, but the 32 bytes plus 9 bytes is divided by 4 because of the witness discount, so it saves about 11 bytes; mostly a wash, it increases blockweight by about 1 virtual byte, 4 weight for each Taproot-output-input, compared to P2WPKH-output-input).
However, as your HODLings grow in value, you might start wondering if multisignature k-of-n setups might be better for the security of your savings. And it is in multisignature that Taproot starts to give benefits!
Taproot switches to using Schnorr signing scheme. Schnorr makes key aggregation -- constructing a single public key from multiple public keys -- almost as trivial as adding numbers together. "Almost" because it involves some fairly advanced math instead of simple boring number adding, but hey when was the last time you added up your grocery list prices by hand huh?
With current P2SH and P2WSH multisignature schemes, if you have a 2-of-3 setup, then to spend, you need to provide two different signatures from two different public keys. With Taproot, you can create, using special moon math, a single public key that represents your 2-of-3 setup. Then you just put two of your devices together, have them communicate to each other (this can be done airgapped, in theory, by sending QR codes: the software to do this is not even being built yet, but that's because Taproot hasn't activated yet!), and they will make a single signature to authorize any spend from your 2-of-3 address. That's 73 witness bytes -- 18.25 virtual bytes -- of signatures you save!
And if you decide that your current setup with 1-of-1 P2PKH / P2WPKH addresses is just fine as-is: well, that's the whole point of a softfork: backwards-compatibility; you can receive from Taproot users just fine, and once your wallet is updated for Taproot-sending support, you can send to Taproot users just fine as well!
(P2WPKH and P2WSH -- SegWit v0 -- addresses start with bc1q; Taproot -- SegWit v1 --- addresses start with bc1p, in case you wanted to know the difference; in bech32 q is 0, p is 1)
Now how about HODLers who keep all, or some, of their coins on custodial services? Well, any custodial service worth its salt would be doing at least 2-of-3, or probably something even bigger, like 11-of-15. So your custodial service, if it switched to using Taproot internally, could save a lot more (imagine an 11-of-15 getting reduced from 11 signatures to just 1!), which --- we can only hope! --- should translate to lower fees and better customer service from your custodial service!
So I think we can say, very accurately, that the Bitcoin principle --- that YOU are in control of your money --- can only be helped by Taproot (if you are doing multisignature), and, because P2PKH and P2WPKH remain validly-usable addresses in a Taproot future, will not be harmed by Taproot. Its benefit to this principle might be small (it mostly only benefits multisignature users) but since it has no drawbacks with this (i.e. singlesig users can continue to use P2WPKH and P2PKH still) this is still a nice, tidy win!
(even singlesig users get a minor benefit, in that multisig users will now reduce their blockchain space footprint, so that fees can be kept low for everybody; so for example even if you have your single set of private keys engraved on titanium plates sealed in an airtight box stored in a safe buried in a desert protected by angry nomads riding giant sandworms because you're the frickin' Kwisatz Haderach, you still gain some benefit from Taproot)
And here's the important part: if P2PKH/P2WPKH is working perfectly fine with you and you decide to never use Taproot yourself, Taproot will not affect you detrimentally. First do no harm!

Taproot and Your Contracts

No one is an island, no one lives alone. Give and you shall receive. You know: by trading with other people, you can gain expertise in some obscure little necessity of the world (and greatly increase your productivity in that little field), and then trade the products of your expertise for necessities other people have created, all of you thereby gaining gains from trade.
So, contracts, which are basically enforceable agreements that facilitate trading with people who you do not personally know and therefore might not trust.
Let's start with a simple example. You want to buy some gewgaws from somebody. But you don't know them personally. The seller wants the money, you want their gewgaws, but because of the lack of trust (you don't know them!! what if they're scammers??) neither of you can benefit from gains from trade.
However, suppose both of you know of some entity that both of you trust. That entity can act as a trusted escrow. The entity provides you security: this enables the trade, allowing both of you to get gains from trade.
In Bitcoin-land, this can be implemented as a 2-of-3 multisignature. The three signatories in the multisgnature would be you, the gewgaw seller, and the escrow. You put the payment for the gewgaws into this 2-of-3 multisignature address.
Now, suppose it turns out neither of you are scammers (whaaaat!). You receive the gewgaws just fine and you're willing to pay up for them. Then you and the gewgaw seller just sign a transaction --- you and the gewgaw seller are 2, sufficient to trigger the 2-of-3 --- that spends from the 2-of-3 address to a singlesig the gewgaw seller wants (or whatever address the gewgaw seller wants).
But suppose some problem arises. The seller gave you gawgews instead of gewgaws. Or you decided to keep the gewgaws but not sign the transaction to release the funds to the seller. In either case, the escrow is notified, and if it can sign with you to refund the funds back to you (if the seller was a scammer) or it can sign with the seller to forward the funds to the seller (if you were a scammer).
Taproot helps with this: like mentioned above, it allows multisignature setups to produce only one signature, reducing blockchain space usage, and thus making contracts --- which require multiple people, by definition, you don't make contracts with yourself --- is made cheaper (which we hope enables more of these setups to happen for more gains from trade for everyone, also, moon and lambos).
(technology-wise, it's easier to make an n-of-n than a k-of-n, making a k-of-n would require a complex setup involving a long ritual with many communication rounds between the n participants, but an n-of-n can be done trivially with some moon math. You can, however, make what is effectively a 2-of-3 by using a three-branch SCRIPT: either 2-of-2 of you and seller, OR 2-of-2 of you and escrow, OR 2-of-2 of escrow and seller. Fortunately, Taproot adds a facility to embed a SCRIPT inside a public key, so you can have a 2-of-2 Taprooted address (between you and seller) with a SCRIPT branch that can instead be spent with 2-of-2 (you + escrow) OR 2-of-2 (seller + escrow), which implements the three-branched SCRIPT above. If neither of you are scammers (hopefully the common case) then you both sign using your keys and never have to contact the escrow, since you are just using the escrow public key without coordinating with them (because n-of-n is trivial but k-of-n requires setup with communication rounds), so in the "best case" where both of you are honest traders, you also get a privacy boost, in that the escrow never learns you have been trading on gewgaws, I mean ewww, gawgews are much better than gewgaws and therefore I now judge you for being a gewgaw enthusiast, you filthy gewgawer).

Taproot and Your Contracts, Part 2: Cryptographic Boogaloo

Now suppose you want to buy some data instead of things. For example, maybe you have some closed-source software in trial mode installed, and want to pay the developer for the full version. You want to pay for an activation code.
This can be done, today, by using an HTLC. The developer tells you the hash of the activation code. You pay to an HTLC, paying out to the developer if it reveals the preimage (the activation code), or refunding the money back to you after a pre-agreed timeout. If the developer claims the funds, it has to reveal the preimage, which is the activation code, and you can now activate your software. If the developer does not claim the funds by the timeout, you get refunded.
And you can do that, with HTLCs, today.
Of course, HTLCs do have problems:
Fortunately, with Schnorr (which is enabled by Taproot), we can now use the Scriptless Script constuction by Andrew Poelstra. This Scriptless Script allows a new construction, the PTLC or Pointlocked Timelocked Contract. Instead of hashes and preimages, just replace "hash" with "point" and "preimage" with "scalar".
Or as you might know them: "point" is really "public key" and "scalar" is really a "private key". What a PTLC does is that, given a particular public key, the pointlocked branch can be spent only if the spender reveals the private key of the given private key to you.
Another nice thing with PTLCs is that they are deniable. What appears onchain is just a single 2-of-2 signature between you and the developemanufacturer. It's like a magic trick. This signature has no special watermarks, it's a perfectly normal signature (the pledge). However, from this signature, plus some datta given to you by the developemanufacturer (known as the adaptor signature) you can derive the private key of a particular public key you both agree on (the turn). Anyone scraping the blockchain will just see signatures that look just like every other signature, and as long as nobody manages to hack you and get a copy of the adaptor signature or the private key, they cannot get the private key behind the public key (point) that the pointlocked branch needs (the prestige).
(Just to be clear, the public key you are getting the private key from, is distinct from the public key that the developemanufacturer will use for its funds. The activation key is different from the developer's onchain Bitcoin key, and it is the activation key whose private key you will be learning, not the developer's/manufacturer's onchain Bitcoin key).
So:
Taproot lets PTLCs exist onchain because they enable Schnorr, which is a requirement of PTLCs / Scriptless Script.
(technology-wise, take note that Scriptless Script works only for the "pointlocked" branch of the contract; you need normal Script, or a pre-signed nLockTimed transaction, for the "timelocked" branch. Since Taproot can embed a script, you can have the Taproot pubkey be a 2-of-2 to implement the Scriptless Script "pointlocked" branch, then have a hidden script that lets you recover the funds with an OP_CHECKLOCKTIMEVERIFY after the timeout if the seller does not claim the funds.)

Quantum Quibbles!

Now if you were really paying attention, you might have noticed this parenthetical:
(technical details: a Taproot output is 1 version byte + 32 byte public key, while a P2WPKH (bech32 singlesig) output is 1 version byte + 20 byte public key hash...)
So wait, Taproot uses raw 32-byte public keys, and not public key hashes? Isn't that more quantum-vulnerable??
Well, in theory yes. In practice, they probably are not.
It's not that hashes can be broken by quantum computes --- they're still not. Instead, you have to look at how you spend from a P2WPKH/P2PKH pay-to-public-key-hash.
When you spend from a P2PKH / P2WPKH, you have to reveal the public key. Then Bitcoin hashes it and checks if this matches with the public-key-hash, and only then actually validates the signature for that public key.
So an unconfirmed transaction, floating in the mempools of nodes globally, will show, in plain sight for everyone to see, your public key.
(public keys should be public, that's why they're called public keys, LOL)
And if quantum computers are fast enough to be of concern, then they are probably fast enough that, in the several minutes to several hours from broadcast to confirmation, they have already cracked the public key that is openly broadcast with your transaction. The owner of the quantum computer can now replace your unconfirmed transaction with one that pays the funds to itself. Even if you did not opt-in RBF, miners are still incentivized to support RBF on RBF-disabled transactions.
So the extra hash is not as significant a protection against quantum computers as you might think. Instead, the extra hash-and-compare needed is just extra validation effort.
Further, if you have ever, in the past, spent from the address, then there exists already a transaction indelibly stored on the blockchain, openly displaying the public key from which quantum computers can derive the private key. So those are still vulnerable to quantum computers.
For the most part, the cryptographers behind Taproot (and Bitcoin Core) are of the opinion that quantum computers capable of cracking Bitcoin pubkeys are unlikely to appear within a decade or two.
So:
For now, the homomorphic and linear properties of elliptic curve cryptography provide a lot of benefits --- particularly the linearity property is what enables Scriptless Script and simple multisignature (i.e. multisignatures that are just 1 signature onchain). So it might be a good idea to take advantage of them now while we are still fairly safe against quantum computers. It seems likely that quantum-safe signature schemes are nonlinear (thus losing these advantages).

Summary

I Wanna Be The Taprooter!

So, do you want to help activate Taproot? Here's what you, mister sovereign Bitcoin HODLer, can do!

But I Hate Taproot!!

That's fine!

Discussions About Taproot Activation

almkglor your post has been copied because one or more comments in this topic have been removed. This copy will preserve unmoderated topic. If you would like to opt-out, please send a message using [this link].
[deleted comment]
[deleted comment]
[deleted comment]
submitted by anticensor_bot to u/anticensor_bot [link] [comments]

Continued censorship involving Ethereum's proposed fork to progPOW.

Our friends at Ethereum are subject to continued manipulation into forking their coin to progPOW. I decided to post this in /btc because it is the last bastion of free speech in the crypto community.
Today, after drawing attention to the sketchy history of progPOW's original proponent, my post was subjected to massive vote manipulation, and eventually deleted.
I have long suspected that progPOW favors NVIDIA miners, given the deep connections that progPOW's development team has to NVIDIA. Today, the progPOW team freely admitted that AMD miners will suffer a larger hashrate decrease compared to NVIDIA miners, so I created a poll:
Ethereum developers want to fork to ETH to progPOW [1], a proof-of-work algorithm that gives AMD GPUs a stronger hashrate penalty compared to NVIDIA [2][3]. Should Ethereum use ProgPOW for Proof-of-Work? Cast your vote with Ethereum [4].
Sources:
Below is my post that was deleted, in its entirety.
If you are curious about the CSW/Coingeek connection, scroll down.
Previous Posts
Criticism and Soft Power
I have received criticism for my posts mostly due to what people call "character attacks." I have two things to say about that:
  1. I have never engaged in any character attacks. In all cases, the character has made their modus operandi known by themselves, and I have simply shined a light on it. I don't need call people "mentally unstable gentlemen" [--source, Ohgodagirl Twitter] to get my point across.
  2. Algorithm change discussions must include economic and political introspection as well as a discussion of the proposed change's technical details. As I have stated before, progPOW would not exist without the people responsible for creating it. We must look at these people's history, character, prior accomplishments, and industry connections. The discussion must exist outside the scope of the proposed change, not inside of it.
Example: When people criticize my posts for "not looking at the technical details", they are making a mistake. If someone asked "which should we kill more often: baby seals or baby kittens?", we don't all immediately start discussing the optimal relation of kittens-per-second to seals-per-second that can be killed. No, our first reaction is "what the fuck, why should we kill anything?"
Onward
Customer complaints from people who bought cloud contracts from Kristy's previous company:
Coingeek Connection
Previously, I had promised to provide information regarding the CSW/Coingeek and Core Scientific connection.
When I was president of ImageShack.com (2003-2011), someone wanted to buy our company. When this happens, the buyer and seller usually write a purchase agreement similar to the business in which they are involved. This is done to ensure that the purchase is executed. In ImageShack's case, the buyer bought $500,000 worth of advertising from us. The logic was that ImageShack would be acquired, so they actually would pay themselves. If they didn't buy ImageShack, they would owe us $500,000.
Given the partnership between Core Scientific (Kristy's employer) and "Squire Mining" (effectively, Coingeek), I would not be surprised if Coingeek and Core Scientific made such an agreement, as well. In their case, it would likely be a hosting agreement. Since Coingeek has many ASICs, and Core Scientific is a large mining facility, I would not be surprised if those Coingeek ASICs are hosted by Core Scientific.
Individuals close to these parties can verify those claims, but I cannot share the proof at this time without revealing the identity of my sources.
Chatlog Dumps
Today, I also provide public comments from chatlog dumps showcasing Kristy Leigh Anne Minehan's deep connection to NVIDIA:
01/28/2018 - 22:34<@OhGodAGirl> Yo. ystarnaud/sling00: **I'll be meeting NV next week**. I think it's next week. The 4th! Anyway; if you have NVIDIA fixes you need for EthOS or something you want special attention on, PM me. 02/05/2018 - 06:47<@OhGodAGirl> Also I got a USB shaped like a NVIDIA GTX. It's the best thing ever. 02/05/2018 - 06:50<@OhGodAGirl> https://usercontent.irccloud-cdn.com/file/ffwT8M2j/IMG_2726.JPG 02/05/2018 - 06:50<@OhGodAGirl> Look at this adorable little shit. 
"Ah, but there's a catch. These USB drives are extremely rare—Nvidia only cranked out a couple thousand of these drives and will be giving them away to press and "influencers" at E3, along with 1,080 registered GeForce Experience members who are opted in to receive communications from Nvidia."
04/22/2018 - 20:17<@sling00> OhGodAGirl: what does ohgodanethlargement do 04/22/2018 - 20:17< cYnIxX3> https://youtu.be/2mj1nCfFvlI?t=2m16s 04/22/2018 - 20:19< cYnIxX3> sling00, about 10-25mh improvement to 1080 gpus. 04/22/2018 - 20:19< __virus__> about 40-50% improvement afaik 04/22/2018 - 20:21< OhGodAGirl> But...it's not under because NVIDIA asked me not to. 04/21/2018 - 16:51< OhGodAGirl> I have a ton of private tools for Mineority 04/21/2018 - 16:51< OhGodAGirl> Right now our Equihash kernel has a 25% advantage over Claymore. 04/21/2018 - 16:52< PL3> 25% on amds? 04/21/2018 - 16:52< OhGodAGirl> NVIDIA ;) 04/21/2018 - 16:52< PL3> you have claymore nvidia equi miner? 04/21/2018 - 16:52< OhGodAGirl> We're a NV only company. For now. 04/29/2018 - 00:53< OhGodAGirl> So uh, NVIDIA showed ETHlargement at an executive meeting 04/29/2018 - 00:53< OhGodAGirl> They thought it was hillarious 04/29/2018 - 00:53< acv_> that is awesome. 04/29/2018 - 01:22< OhGodAGirl> So many dicks on Youtube though 04/29/2018 - 01:22< OhGodAGirl> "RA RA IT'S A SCAM" 04/29/2018 - 01:22< OhGodAGirl> "RA RA IT WILL STEAL ALL YOUR PRIVKEYS" 04/29/2018 - 01:22< OhGodAGirl> "RA RA NO ONE IS EVER NICE IN THIS WORLD' 04/29/2018 - 01:22< OhGodAGirl> Well dammit I'm a nice person. =( 
submitted by ugtarmas to btc [link] [comments]

has anyone received Phase 2 UB?

not phase one, not phase 3, but phase 2. According to their twitter, the distribution is ongoing. The last tweet from 4h ago:
There are hundreds of thousands of small transactions to conduct but rest assured, we are working on a solution to speed up the process.
so presumably somebody must have received something. I haven't.
submitted by berepere to BitcoinAirdrops [link] [comments]

How to safely use a private key more than once across time?

I would like to create a relatively safe way to keep bitcoin. I decided to use a paper wallet that I will keep in more than one location.
So I ran Ubuntu off a flash-drive and loaded bitaddress.org. I went off line, then made a paper wallet and printed it. I formatted the Ubuntu flash-drive. I put ten eurocents in the wallet and I can see it works: the money arrived.
Now I want to test whether retrieving also works. Cause I don't want to put a bigger sum of money into something I'm not sure of I can take it out of again.
With Mycelium on my Android phone I can tap on "Cold starage" and I could take 5 cents out of the wallet. The Mycelium app says that "every trace of the private key will be erased", but how do I know whether I can trust that?
So for the sake of testing (@ 5 cents) but also for the sake of one day maybe wanting to take out only 20% of the funds, I would like to safely use the private key more than once across time. How do I safely do that?
I suppose the answer is to only use a private key once and empty it out completely, but lets say I want to reuse it and accept to be "sub-safe", what would the best way be?
Thanks for the advice. T
submitted by T9Da8Bre to Bitcoin [link] [comments]

The original proponent of progPOW, Kristy Leigh Anne Minehan, appears to have scammed people with cloud contracts, criticism, and soft power, and chatlog dumps.

Previous Posts
Criticism and Soft Power
I have received criticism for my posts mostly due to what people call "character attacks." I have two things to say about that:
  1. I have never engaged in any character attacks. In all cases, the character has made their modus operandi known by themselves, and I have simply shined a light on it. I don't need call people "mentally unstable gentlemen" [--source, Ohgodagirl Twitter] to get my point across.
  2. Algorithm change discussions must include economic and political introspection as well as a discussion of the proposed change's technical details. As I have stated before, progPOW would not exist without the people responsible for creating it. We must look at these people's history, character, prior accomplishments, and industry connections. The discussion must exist outside the scope of the proposed change, not inside of it.
Example: When people criticize my posts for "not looking at the technical details", they are making a mistake. If someone asked "which should we kill more often: baby seals or baby kittens?", we don't all immediately start discussing the optimal relation of kittens-per-second to seals-per-second that can be killed. No, our first reaction is "what the fuck, why should we kill anything?"
Onward
Customer complaints from people who bought cloud contracts from Kristy's previous company:
Coingeek Connection
Previously, I had promised to provide information regarding the CSW/Coingeek and Core Scientific connection.
When I was president of ImageShack.com (2003-2011), someone wanted to buy our company. When this happens, the buyer and seller usually write a purchase agreement similar to the business in which they are involved. This is done to ensure that the purchase is executed. In ImageShack's case, the buyer bought $500,000 worth of advertising from us. The logic was that ImageShack would be acquired, so they actually would pay themselves. If they didn't buy ImageShack, they would owe us $500,000.
Given the partnership between Core Scientific (Kristy's employer) and "Squire Mining" (effectively, Coingeek), I would not be surprised if Coingeek and Core Scientific made such an agreement, as well. In their case, it would likely be a hosting agreement. Since Coingeek has many ASICs, and Core Scientific is a large mining facility, I would not be surprised if those Coingeek ASICs are hosted by Core Scientific.
Individuals close to these parties can verify those claims, but I cannot share the proof at this time without revealing the identity of my sources.
Chatlog Dumps
Today, I also provide public comments from chatlog dumps showcasing Kristy Leigh Anne Minehan's deep connection to NVIDIA:
01/28/2018 - 22:34<@OhGodAGirl> Yo. ystarnaud/sling00: **I'll be meeting NV next week**. I think it's next week. The 4th! Anyway; if you have NVIDIA fixes you need for EthOS or something you want special attention on, PM me. 02/05/2018 - 06:47<@OhGodAGirl> Also I got a USB shaped like a NVIDIA GTX. It's the best thing ever. 02/05/2018 - 06:50<@OhGodAGirl> https://usercontent.irccloud-cdn.com/file/ffwT8M2j/IMG_2726.JPG 02/05/2018 - 06:50<@OhGodAGirl> Look at this adorable little shit. 
"Ah, but there's a catch. These USB drives are extremely rare—Nvidia only cranked out a couple thousand of these drives and will be giving them away to press and "influencers" at E3, along with 1,080 registered GeForce Experience members who are opted in to receive communications from Nvidia."
04/22/2018 - 20:17<@sling00> OhGodAGirl: what does ohgodanethlargement do 04/22/2018 - 20:17< cYnIxX3> https://youtu.be/2mj1nCfFvlI?t=2m16s 04/22/2018 - 20:19< cYnIxX3> sling00, about 10-25mh improvement to 1080 gpus. 04/22/2018 - 20:19< __virus__> about 40-50% improvement afaik 04/22/2018 - 20:21< OhGodAGirl> But...it's not under because NVIDIA asked me not to. 04/21/2018 - 16:51< OhGodAGirl> I have a ton of private tools for Mineority 04/21/2018 - 16:51< OhGodAGirl> Right now our Equihash kernel has a 25% advantage over Claymore. 04/21/2018 - 16:52< PL3> 25% on amds? 04/21/2018 - 16:52< OhGodAGirl> NVIDIA ;) 04/21/2018 - 16:52< PL3> you have claymore nvidia equi miner? 04/21/2018 - 16:52< OhGodAGirl> We're a NV only company. For now. 04/29/2018 - 00:53< OhGodAGirl> So uh, NVIDIA showed ETHlargement at an executive meeting 04/29/2018 - 00:53< OhGodAGirl> They thought it was hillarious 04/29/2018 - 00:53< acv_> that is awesome. 04/29/2018 - 01:22< OhGodAGirl> So many dicks on Youtube though 04/29/2018 - 01:22< OhGodAGirl> "RA RA IT'S A SCAM" 04/29/2018 - 01:22< OhGodAGirl> "RA RA IT WILL STEAL ALL YOUR PRIVKEYS" 04/29/2018 - 01:22< OhGodAGirl> "RA RA NO ONE IS EVER NICE IN THIS WORLD' 04/29/2018 - 01:22< OhGodAGirl> Well dammit I'm a nice person. =( 
submitted by ugtarmas to ethereum [link] [comments]

Bitcoin is controlled by a smaller group than the FED, and it's not owned by anyone.

People should understand that Bitcoin is not owned by anyone, but controlled. In the same way as its not decentralized, but distributed. There are basically 10 people in the world who ultimately control Bitcoin right now, so it’s not decentralized. You’ve got 5-10 Bitcoin core developers who contribute updates to the code base only if they are accepted by the 5-10 mining behemoths that call the shots. In theory, anyone can “fork” the Bitcoin core if they don’t like the miners’ rules, but most people will agree that this is in-feasible at best. It doesn’t help that no one knows who controls most of the global mining power or even who invented Bitcoin. Sounds shady, and in truth, it is more of a black box than most will admit. The good news is that the block chain is universally distributed, so at least people can see the global ledger of transactions, even if they don’t appreciate that a group smaller than the Fed actually controls Bitcoin.
submitted by ProCoin to Bitcoin [link] [comments]

Dogecoin giveaway - Comment here to receive 100 doge. Also, AMA about cryptocurrency.

Once you get tipped, click the +accept link that the bot PMs you. You can then see your balance and recent dogetipbot transaction history with +history
I will also be answering any questions you have. I'm a moderator on /dogecoin and have been studying cryptocurrency for almost 3 years. Here's a glossary of terms you may not know which may help spark some questions if you don't know what to ask:
Hash: The result of an algorithm that takes any input data of arbitrary size and produces a fixed size output. It is impossible to discover the input data based on the resulting hash.
Private keys, public keys and addresses (privkey, pubkey, addr): Put simply, a private key is just a number. A really really big number. There are 2 ^ 160 possible private keys, each is a 256 bit integer in binary. Using the ECDSA your private keys correspond to a public key. And a hash of your public key is your wallet address.
Wallet: Software which generates and stores your keys and addresses.
Transaction (tx): A piece of data that contains where coins are coming from (inputs) and where they are going to (outputs). To be valid, your wallet software must sign the transaction with the private keys of all the inputs, this is how ownership of coins is proven.
Block: A data structure used by cryptocurrency networks which contains transactions.
Blockchain: The collection of blocks in a cryptocurrency network. Each new block contains the hash of the previous block, this is required for it to be valid. In this way, blocks are chained together, each one depends on the previous one to be valid.
Proof of work (POW): The process of hashing random data to discover a hash value that is lower than a predetermined number, that number is the "difficulty".
Mining: Miners collect all the transactions on the network and assemble them into a block. Using POW, miners insert random data (called a nonce, aka number used once) into the block and hash the block. When they find a hash value below the target difficulty, the block is considered valid by the rules of the network and miners broadcast the block to the network. The transactions in the block now have 1 confirmation. Miners are also allowed to claim a block reward (sort of a finder's fee) for their work. This incentivizes miners for their work. Mining is what secures the network from attack. If you have 51% of the entire network's mining power, then you can block transactions or even reverse transactions, so it is important that mining remains as decentralized as possible.
Node: A computer that is running cryptocurrency software which generates, validates and relays transactions and blocks. They download and validate the full blockchain. Nodes can also be wallets, this software is often called "core". The network of nodes IS the cryptocurrency network, they are what make the whole thing work. The node software also contains a friendly JSON API which can be used to perform many functions, such as looking up a transaction in the blockchain history.
submitted by peoplma to RedditDayOf [link] [comments]

Achieving consensus in distributed systems – that chink in the armor hasn't gone away

First a disclosure: My name is Will, I founded Novauri, and our team is building a service that will allow users to buy and sell bitcoin in the US while keeping full control of their private keys as a mandatory design element, not an option.
Please SIGN UP for our US only closed beta test in 2015 here. It's super fast, takes 20 seconds, and we'll guarantee no transaction fees for the life of your account. Plus our rates will be highly competitive. Read all about it on the website!
I don’t like marketing, I intensely hate the spam I see on the forums, so my approach is going to be to write (semi) intelligent posts and hopefully gain customers through interaction and discourse, as opposed to spamming it up with astroturf and pictures of hipsters having fun that you could be like if you used our product. Now… my thoughts.
Proof of work – a tragedy of the commons
Not very long ago a mining pool called ghash.io reached 55% bitcoin mining power. It’s widely known that POW suffers from the tragedy of the commons. Mining is SHA256x2, which makes it really simple to build coin flipping application specific integrated circuits (ASICs) that run this faster than general purpose processors. This creates an economic incentive towards centralization where miners who can access the best ASICs first have a major advantage in hashing power per dollar.
Pools, a solution to a market demand that exacerbates the problem
A second problem is a solution to an economic demand, the existence of mining “pools”. Because a block is solved only every 10 minutes, as bitcoin scales, it becomes increasingly unlikely to ever solve a block by yourself, even with substantial processing power. Mining pools allow the “little guys” to participate too and contribute their hashing power to a pool of miners. This way they receive a portion of any block solved by the pool, enabling a steady and more consistent return on their investment in hardware, facilities and electricity.
Yet while pools solve a problem, they create a second issue, the centralization of mining power by pool operators. Because the blocks are “solved” by the managing pool directly, this gives the pool the same controls and ability to act poorly as if they had the hardware themselves.
One might argue that market forces will naturally correct things if a mining pool approaches 51%, but this has been disproven in practice with ghash.io. Selfish miners using ghash.io essentially put the entire system in dire peril by letting ghash.io reach 55%. They waited for others to “go first” before switching pools. This is the very definition of “tragedy of the commons”. I would argue it was only the price of bitcoin that changed the miners’ behavior, and reviewing the charts shows that the prices did not lead the mining power concentrations at all, which also defies common wisdom, but in reality is entirely true. P2P pool is a great idea, but it has not offered the same economic benefits to miners as other privately run pools on a balance sheet. Until it does, don't look there for a long term answer. Miners are trying to make a return, and if a pool gives them an advantage, most will use that pool over P2P. Mining is not a charity.
Proof of state – lack consensus and bring monopoly issues
Some might point to proof of stake as a potential solution (POS). Put very simply, POS is where by virtue of the fact that you own X virtual currency, you have a proportionate chance to win a vote or tiebreaker when confirming transactions.
Unfortunately, POS fails to provide a disincentive to fork and suffers from the monopoly problem. Ownership carries voting rights, and there is nothing wasted (no work) by voting for both sides of a fork. There is no consensus, so POS systems are generally hybrid models where POW is used to achieve consensus of forks regardless. POS also has a monopoly problem, which are as serious as POW’s problems. So solving bitcoin's problems with POS seems like a dead end. Very smart people have tried, and so far nothing viable has materialized that is stable enough to be trusted with something as mature and valuable as bitcoin.
So… let’s relist all of the bad news!!!
Solutions thus far are myopic, influenced by personal interests or blimp sized egos (I am one to talk), and are often more academic than pragmatic. Most are just to complicated to work or to be implemented safely without years of refinement in an alt coin.
Well, is there hope? What is the practical thing to do? Should we do nothing?
I would argue that there are three problems we must solve at once, and all three problems are very much interrelated. It’s one @[email protected]@ of a puzzle. We need to:
1) Make pooled mining uneconomical
2) Figure out a way to make small scale mining cost advantageous
3) Do 1 and 2 but allow normalized returns for little guys so they can run a small business or profitable hobby, without it being a lottery ticket.
Some say that a 51% issue would not be the end because we would know very quickly who the bad actor is and could react accordingly. I’m a little more concerned. A real shakeup in the core of bitcoin would shake confidence, and could set us back years. I feel we should as a community put a much higher priority on finding a practical, viable solution. Nothing academic, nothing incredibly complicated, but something that can shift the economics of the situation and solve the three problems listed above. While we have plenty of issues around individual usability, this is, in my humble opinion, the largest remaining vulnerability in bitcoin today.
So… what to do? How do we solve all three of these problems at once? What are the possible combinations of solutions that work? Let me take a stab at it…
1) Deterring pooled mining
Let’s give more serious consideration to two-phase mining.
The idea is to keep (SHA256(SHA256(header))) and add a requirement for (SHA256(SIG(header, privkey))), requiring the block to be signed with the private key of the miner. This kills pooled mining, dead. Miners can solve SHA256x2 but the pool needs the miner’s private key to sign the block header, which would allow the miner to steal the reward, which kills pools very fast.
2) Disincentivizing centralization of mining power
2a) Small scale heat recovery systems
We need to get people thinking about small scale heat recovery systems built around mining hardware. This will allow mining activity to serve as a source of heat in cold climates, or perform work where heat is required.
One example might be liquid submersion of the asic or heatsinks couples with a pump, radiator and fan in small, modular design might be economically viable. Electric heat is used very commonly, and when powered from clean power sources like solar, geothermal, nuclear (yes, nuclear I would count in the “clean” bucket) and wind, the net is a zero emission system that heats like an electric heater but adds security to the financial system in return, and generates profit for the beneficiary.
2b) Rotating or amorphous block hashing algorithms
Another possibility is to rotate or add complexity to the hash algorithms used to solve blocks. Instead of SHA256x2, perhaps SHA256x2 is rotated with scrypt? Perhaps there are many algorithms that rotate to add even more complixity. This would at a minimum make it much harder to design ASICs, and would institute a memory requirement as well. This would at least close the gap between specialized mining operations and home hobbyists. The problem is, what miner in their right mind would go with a hard fork in this direction? This is likely unviable because of economics.
2a is probably the way to go. Is there a 2c or d?
3) Normalizing returns
The issue here is that coinbase generation in a decentralized model is like winning the lottery. Your 2a heater would be unlikely to ever solve a block in it’s lifetime.
So this last issue is even harder to solve than 2. 3 is the reason mining pools were created in the first place. How do you increase reward frequency while lowering reward to generate a more predictable return?
Or maybe we are asking the wrong question or thinking in the wrong direction or dimension? Is there a way to centralize and normalize rewards in a safer way? Could the heater's price be subsidized by the mining activity if that activity was safely hard wired in the heater's hardware to pay block rewards to the reseller or manufacturer? Could electricity rates be offset by rewards going to electricity companies as a subsidy to completely smooth out the return on investment for a bitcoin heater?
That last one is tough and would need a really great strategy to reach a critical mass.
Does anyone smarter than me have an idea? This is really the problem. It’s three interrelated issues.
In closing, sign up for our closed US beta. There are still some spots left. We're poor but talented and our hearts are in the right place. Thank you!
submitted by MrMadden to Bitcoin [link] [comments]

Mining, transaction relaying, privkey security, and spending are distinct tasks best served by distinct apps.

It was necessary but odd that once upon a time all Bitcoin functions were wrapped into one app. But those days are gone. Nowadays, each task is most effectively addressed by apps competing in open market.
Although I personally do not mine, I run a full node, I manage private keys to serious money, and I broadcast many transactions each day. I have switched node hardware and software more than once, I have tried many approaches to privkey security, and today I use any of several transaction-sending clients, depending on the source, destination, and size of each transaction. But I no longer use the Core app at all. I would dissuade anyone from using Core.
Core is function-bloated. This was initially necessary but is no longer the case. To expect every bitcoiner to run Core is as senseless as expecting every email user to run the same SMTP server, or worse, the same email client. Hundreds of email servers and clients compete for customers. Hence, they have evolved far beyond the original prototypes. Similarly, bitcoiners will benefit from picking and choosing among competing apps for each task.
Obviously, all SMTP servers and clients must follow the same protocol. Similarly, all Bitcoin apps, whether miners, nodes, privkey managers, or broadcasters must follow the same protocol. That changes to the former protocol are managed by committee while changes to the latter are decided by miners is irrelevant to my point: App development for each task will blossom in a free market but continue to be stifled if seen as the turf of a few.
submitted by coqui33 to Bitcoin [link] [comments]

Custom Potcoin Addresses Tutorial :)

Before your heads explode take it step by step and you will be fine :)
Hello guys, thought it would be cool to share this little tutorial for you guys.
Basically this will show you how to make Custom Addresses (to a extent :P)
(Keep in mind these are mainly for short addresses after you get to many characters it could take a very very long time without a monster computer)
It will generate the address and give you the private key to import it to the wallet.
Keep in mind the longer the custom you want the longer you will have to wait (works better with fast cpu or gpu which you miners know about :P and some characters may come up as invalid because they can't be used in that order so you will have to play around a bit)
First off the addresses will always start with P since that's potcoin address setup just like bitcoin always starts with 1.
Few addresses that i generated within seconds as proof
(don't use these, since I posted Private keys they are are not PRIVATE ANYMORE )
These are just to show you what I mean
Pattern: Weed Address: PWeedMWASbZnsjEPJi7ndf1CyKRzpD8efc Privkey: 78kLLDRxWtY8v6ZiY2AsRJsrheLyo9XLwXTVooyza3gWEqNWwJq
OR
Difficulty: 264104224 Pattern: BLUNT Address: PBLUNTMJCN8S8Z5EYPxxDx6dEizHYJMyk8 Privkey: 7AUzg3k4Hwa44CcFb9ShLxy6noYoEBjMMmD3UAGb7FGVemJvKcY
So let's get started. First thing is download VanityGen from bitcointalk
https://bitcointalk.org/index.php?topic=25804.0
Second extract all the files (do it to a desktop folder, you will see why in a bit).
Then run CMD (command Prompt) and go to the folder vanitygen is located
(if you just extracted to desktop type)
cd Desktop\vanitygen-0.22-win
into command Prompt. If you named the folder something else typing CD and then a directory will direct you their
OK now that's done it gets more simple :)
Now that it should show you something like
http://i.imgur.com/xPTKrCj.png
Then you will type in
vanitygen -X 55 P or vanitygen64 -X 55 P
The 64 is for 64bit computers
The command vanitygen opens the program, the -X tells it that we are not trying to generate a bitcoin address, and 55 <--That's in Potcoins source code stating our addresses need to start with a P.
So for instance you wanted your own PASS (pass the joint :) ) address you would type the command
vanitygen64 -X 55 PASS
or
vanitygen64 -X 55 PWEED
for you own weed address, keep in mind if you have a 64 bit or not to use the correct command.
Notice it needs to be all CAPS.
Now wait for it to generate you the address,
Few things to remember
1.Long addresses take ALONG TIME 2.Some keys or characters are not allowed in addresses as stated above. 3.If you have any problems make sure you read the tutorial again (if you still have problems feel free to ask here). 4.Enjoy and make some sexy potcoin addresses. 5. Feel free to tip if you liked this tutorial :)
PASSyJ4HZ1R47D36ZjzJvt5PNg53rWu1sn <----One I just generated for donations :P
Have fun and Smoke Em if you got Em (Mad Potcoins you got that stuck in my head today :P)
PS. This is what it should look like if done correctly (it's generating the address) http://i.imgur.com/90Nxt2U.png
PPS. If enough people want or have trouble I can make a video tutorial :)
submitted by OriginalMrCoin to potcoin [link] [comments]

Eyeline Crypto Trading - Official Presentation - YouTube XUEZ MASTERNODE TUTORIAL - YouTube How to Generate a Private Key from a Bitcoin watch only ... Bitcoin Private key and Adress list Download ! 2020 ... Elastic Node on Raspberry Pi

This page contains sample addresses and/or private keys. Do not send bitcoins to or import any sample keys; you will lose your money. A private key in the context of Bitcoin is a secret number that allows bitcoins to be spent. Every Bitcoin wallet contains one or more private keys, which are saved in the wallet file. Bitcoin software uses the underlying operating system’s random number generators to produce 256 bits of entropy (randomness). Usually, the OS random number generator is initialized by a human source of randomness, which is why you may be asked to wiggle your mouse around for a few seconds. For the truly paranoid, nothing beats dice, pencil and paper. One Click Miner Tools Active Nodes ... Bitcoin Private uses the same privacy technology as ZClassic (zk-snarks). This means payments are published on a public blockchain, but the sender, recipient and other transactional metadata remain unidentifiable. Open Source . Bitcoin Private's entire codebase is publicly available for viewing and verification by anyone. It will always remain open source ... To decrypt the Private Key in the Encrypted Vircurvault Bitcoin Wallet you are sent, use the Casascius Bitcoin Address Utility and do the following: Open the BtcAddress.exe file and select Tools > KeyDecrypter. Enter the Private Key found inside the Encrypted Vircurvault in the top field. Note: It will start with “6P”. Enter your original passphrase in the bottom field. Click Decrypt. The ... It supports Bitcoin, Ethereum, and other popular altcoins, and connects with other software wallets like MyCelium. Here are few videos to learn more about Ledger Nano S: Paper Wallets (Cold Storage) Paper wallets are simply Bitcoin private keys printed on a piece of paper. It can have the Bitcoin public address also printed on it, but not necessarily. Paper wallets are an effective way of ...

[index] [10990] [27234] [11986] [46228] [13049] [39613] [41043] [19442] [28222] [38186]

Eyeline Crypto Trading - Official Presentation - YouTube

A video tutorial showing you how to get started with the VeriBlock wallet including how to import a makeaddress wallet.dat file. #veriblock #wallet #guide #### BULB UK Electricity & Gas #### Join ... https://wallet-dat-lombard.com/koshelki-bitcoin-coree/181-bitcoin-core-wallet-dat-31btc Баланс: 31 BTC Адрес с балансом ... Introduction of "The Hub" and presentation of most relevant features. A few how-to's are also included! Register for FREE using our referral link to support us for FREE: https://hub.kalkul.us ... COMING SOON! Email Chad: craigs1669 @ gmail dot com / +1 773- 829 -0737 It is important to understand that in an affiliate plan that offers a crypto trading ... Skip navigation Sign in. Search

#