Taproot! Everybody wants to have it, somebody wants to make it, nobody knows how to get it! (If you are asking why everybody wants it, see: Technical: Taproot: Why Activate?) (Pedants: I mostly elide over lockin times) Briefly, Taproot is that neat new thing that gets us:
Multisignatures (n-of-n, k-of-n) that are just 1 signature (1-of-1) in length!! (MuSig/Schnorr)
Better privacy!! If all contract participants can agree, just use a multisignature. If there is a dispute, show the contract publicly and have the Bitcoin network resolve it (Taproot/MAST).
Activation lets devs work get back to work on the even newer stuff like!!!
Cross-input signature aggregation!! (transaction with multiple inputs can have a single signature for all inputs) --- needs Schnorr, but some more work needed to ensure that the interactions with SCRIPT are okay.
Block validation - Schnorr signatures for all taproot spends in a block can be validated in a single operation instead of for each transaction!! Speed up validation and maybe we can actually afford to increase block sizes (maybe)!!
SIGHASH_ANYPREVOUT - you know, for Decker-Russell-Osuntokun ("eltoo") magic!!!
OP_CHECKTEMPLATEVERIFY - vaulty vaults without requiring storing signatures, just transaction details!!
So yes, let's activate taproot!
The SegWit Wars
The biggest problem with activating Taproot is PTSD from the previous softfork, SegWit. Pieter Wuille, one of the authors of the current Taproot proposal, has consistently held the position that he will not discuss activation, and will accept whatever activation process is imposed on Taproot. Other developers have expressed similar opinions. So what happened with SegWit activation that was so traumatic? SegWit used the BIP9 activation method. Let's dive into BIP9!
bit - A field in the block header, the nVersion, has a number of bits. By setting a particular bit, the miner making the block indicates that it has upgraded its software to support a particular soft fork. The bit parameter for a BIP9 activation is which bit in this nVersion is used to indicate that the miner has upgraded software for a particular soft fork.
timeout - a time limit, expressed as an end date. If this timeout is reached without sufficient number of miners signaling that they upgraded, then the activation fails and Bitcoin Core goes back to the drawing board.
Now there are other parameters (name, starttime) but they are not anywhere near as important as the above two. A number that is not a parameter, is 95%. Basically, activation of a BIP9 softfork is considered as actually succeeding if at least 95% of blocks in the last 2 weeks had the specified bit in the nVersion set. If less than 95% had this bit set before the timeout, then the upgrade fails and never goes into the network. This is not a parameter: it is a constant defined by BIP9, and developers using BIP9 activation cannot change this. So, first some simple questions and their answers:
Why not just set a day when everyone starts imposing the new rules of the softfork?
This was done classically (in the days when Satoshi was still among us). But this might argued to put too much power to developers, since there would be no way to reject an upgrade without possible bad consequences. For example, developers might package an upgrade that the users do not want, together with vital security bugfixes. Either you live without vital security bugfixes and hire some other developers to fix it for you (which can be difficult, presumably the best developers are already the ones working on the codebase) or you get the vital security bugfixes and implicitly support the upgrade you might not want.
Sure, you could fork the code yourself (the ultimate threat in the FOSS world) and hire another set of developers who aren't assholes to do the dreary maintenance work of fixing security bugs, but Bitcoin needs strong bug-for-bug compatibility so everyone should really congregate around a single codebase.
Basically: even the devs do not want this power, because they fear being coerced into putting "upgrades" that are detrimental to users. Satoshi got a pass because nobody knew who he was and how to coerce him.
Suppose the threshold were lower, like 51%. If so, after activation, somebody can disrupt the Bitcoin network by creating a transaction that is valid under the pre-softfork rules, but are invalid under the post-softfork rules. Upgraded nodes would reject it, but 49% of miners would accept it and include it in a block (which makes the block invalid) And then the same 49% would accept the invalid block and build on top of that, possibly creating a short chain of doomed invalid blocks that confirm an invalid spend. This can confuse SPV wallets, who might see multiple confirmations of a transaction and accept the funds, but later find that in fact it is invalid under the now-activated softfork rules.
Thus, a very high threshold was imposed. 95% is considered safe. 50% is definitely not safe. Due to variance in the mining process, 80% could also be potentially unsafe (i.e. 80% of blocks signaling might have a good chance of coming from only 60% of miners), so a threshold of 95% was considered "safe enough for Bitcoin work".
Why have a timeout that disables the upgrade?
Before BIP9, what was used was either flag day or BIP34. BIP34 had no flag day of activation or a bit, instead, it was just a 95% threshold to signal an nVersion value greater than a specific value. Actually, it was two thresholds: at 75%, blocks with the new nVersion would have the new softfork rules imposed, but at 95% blocks with the old nVersion would be rejected (and only the new blocks, with the new softfork rules, were accepted). For one, between 75% and 95%, there was a situation where the softfork was only "partially imposed", only blocks signaling the new rules would actually have those rules, but blocks with the old rules were still valid. This was fine for BIP34, which only added rules for miners with negligible use for non-miners.
The reasons miners signalled support was because they felt they were being pressured to signal support. So they signalled support, with plans to actually upgrade later, but because of the widespread signalling, the new BIP66 version locked in before upgrade plans were finished. Thus, the timeout that disables the upgrade was added in BIP9 to allow miners an escape hatch.
The Great Battles of the SegWit Wars
SegWit not only fixed transaction malleability, it also created a practical softforkable blocksize increase that also rebalanced weights so that the cost of spending a UTXO is about the same as the cost of creating UTXOs (and spending UTXOs is "better" since it limits the size of the UTXO set that every fullnode has to maintain). So SegWit was written, the activation was decided to be BIP9, and then.... miner signalling stalled at below 75%. Thus were the Great SegWit Wars started.
BIP9 Feature Hostage
If you are a miner with at least 5% global hashpower, you can hold a BIP9-activated softfork hostage. You might even secretly want the softfork to actually push through. But you might want to extract concession from the users and the developers. Like removing the halvening. Or raising or even removing the block size caps (which helps larger miners more than smaller miners, making it easier to become a bigger fish that eats all the smaller fishes). Or whatever. With BIP9, you can hold the softfork hostage. You just hold out and refuse to signal. You tell everyone you will signal, if and only if certain concessions are given to you. This ability by miners to hold a feature hostage was enabled because of the miner-exit allowed by the timeout on BIP9. Prior to that, miners were considered little more than expendable security guards, paid for the risk they take to secure the network, but not special in the grand scheme of Bitcoin.
ASICBoost was a novel way of optimizing SHA256 mining, by taking advantage of the structure of the 80-byte header that is hashed in order to perform proof-of-work. The details of ASICBoost are out-of-scope here but you can read about it elsewhere Here is a short summary of the two types of ASICBoost, relevant to the activation discussion.
Overt ASICBoost - Manipulates the unused bits in nVersion to reduce power consumption in mining.
Covert ASICBoost - Manipulates the order of transactions in the block to reduce power consumption in mining.
Now, "overt" means "obvious", while "covert" means hidden. Overt ASICBoost is obvious because nVersion bits that are not currently in use for BIP9 activations are usually 0 by default, so setting those bits to 1 makes it obvious that you are doing something weird (namely, Overt ASICBoost). Covert ASICBoost is non-obvious because the order of transactions in a block are up to the miner anyway, so the miner rearranging the transactions in order to get lower power consumption is not going to be detected. Unfortunately, while Overt ASICBoost was compatible with SegWit, Covert ASICBoost was not. This is because, pre-SegWit, only the block header Merkle tree committed to the transaction ordering. However, with SegWit, another Merkle tree exists, which commits to transaction ordering as well. Covert ASICBoost would require more computation to manipulate two Merkle trees, obviating the power benefits of Covert ASICBoost anyway. Now, miners want to use ASICBoost (indeed, about 60->70% of current miners probably use the Overt ASICBoost nowadays; if you have a Bitcoin fullnode running you will see the logs with lots of "60 of last 100 blocks had unexpected versions" which is exactly what you would see with the nVersion manipulation that Overt ASICBoost does). But remember: ASICBoost was, at around the time, a novel improvement. Not all miners had ASICBoost hardware. Those who did, did not want it known that they had ASICBoost hardware, and wanted to do Covert ASICBoost! But Covert ASICBoost is incompatible with SegWit, because SegWit actually has two Merkle trees of transaction data, and Covert ASICBoost works by fudging around with transaction ordering in a block, and recomputing two Merkle Trees is more expensive than recomputing just one (and loses the ASICBoost advantage). Of course, those miners that wanted Covert ASICBoost did not want to openly admit that they had ASICBoost hardware, they wanted to keep their advantage secret because miners are strongly competitive in a very tight market. And doing ASICBoost Covertly was just the ticket, but they could not work post-SegWit. Fortunately, due to the BIP9 activation process, they could hold SegWit hostage while covertly taking advantage of Covert ASICBoost!
UASF: BIP148 and BIP8
When the incompatibility between Covert ASICBoost and SegWit was realized, still, activation of SegWit stalled, and miners were still not openly claiming that ASICBoost was related to non-activation of SegWit. Eventually, a new proposal was created: BIP148. With this rule, 3 months before the end of the SegWit timeout, nodes would reject blocks that did not signal SegWit. Thus, 3 months before SegWit timeout, BIP148 would force activation of SegWit. This proposal was not accepted by Bitcoin Core, due to the shortening of the timeout (it effectively times out 3 months before the initial SegWit timeout). Instead, a fork of Bitcoin Core was created which added the patch to comply with BIP148. This was claimed as a User Activated Soft Fork, UASF, since users could freely download the alternate fork rather than sticking with the developers of Bitcoin Core. Now, BIP148 effectively is just a BIP9 activation, except at its (earlier) timeout, the new rules would be activated anyway (instead of the BIP9-mandated behavior that the upgrade is cancelled at the end of the timeout). BIP148 was actually inspired by the BIP8 proposal (the link here is a historical version; BIP8 has been updated recently, precisely in preparation for Taproot activation). BIP8 is basically BIP9, but at the end of timeout, the softfork is activated anyway rather than cancelled. This removed the ability of miners to hold the softfork hostage. At best, they can delay the activation, but not stop it entirely by holding out as in BIP9. Of course, this implies risk that not all miners have upgraded before activation, leading to possible losses for SPV users, as well as again re-pressuring miners to signal activation, possibly without the miners actually upgrading their software to properly impose the new softfork rules.
BIP91, SegWit2X, and The Aftermath
BIP148 inspired countermeasures, possibly from the Covert ASiCBoost miners, possibly from concerned users who wanted to offer concessions to miners. To this day, the common name for BIP148 - UASF - remains an emotionally-charged rallying cry for parts of the Bitcoin community. One of these was SegWit2X. This was brokered in a deal between some Bitcoin personalities at a conference in New York, and thus part of the so-called "New York Agreement" or NYA, another emotionally-charged acronym. The text of the NYA was basically:
Set up a new activation threshold at 80% signalled at bit 4 (vs bit 1 for SegWit).
When this 80% signalling was reached, miners would require that bit 1 for SegWit be signalled to achive the 95% activation needed for SegWit.
If the bit 4 signalling reached 80%, increase the block weight limit from the SegWit 4000000 to the SegWit2X 8000000, 6 months after bit 1 activation.
The first item above was coded in BIP91. Unfortunately, if you read the BIP91, independently of NYA, you might come to the conclusion that BIP91 was only about lowering the threshold to 80%. In particular, BIP91 never mentions anything about the second point above, it never mentions that bit 4 80% threshold would also signal for a later hardfork increase in weight limit. Because of this, even though there are claims that NYA (SegWit2X) reached 80% dominance, a close reading of BIP91 shows that the 80% dominance was only for SegWit activation, without necessarily a later 2x capacity hardfork (SegWit2X). This ambiguity of bit 4 (NYA says it includes a 2x capacity hardfork, BIP91 says it does not) has continued to be a thorn in blocksize debates later. Economically speaking, Bitcoin futures between SegWit and SegWit2X showed strong economic dominance in favor of SegWit (SegWit2X futures were traded at a fraction in value of SegWit futures: I personally made a tidy but small amount of money betting against SegWit2X in the futures market), so suggesting that NYA achieved 80% dominance even in mining is laughable, but the NYA text that ties bit 4 to SegWit2X still exists. Historically, BIP91 triggered which caused SegWit to activate before the BIP148 shorter timeout. BIP148 proponents continue to hold this day that it was the BIP148 shorter timeout and no-compromises-activate-on-August-1 that made miners flock to BIP91 as a face-saving tactic that actually removed the second clause of NYA. NYA supporters keep pointing to the bit 4 text in the NYA and the historical activation of BIP91 as a failed promise by Bitcoin developers.
We have discussed BIP8: roughly, it has bit and timeout, if 95% of miners signal bit it activates, at the end of timeout it activates. (EDIT: BIP8 has had recent updates: at the end of timeout it can now activate or fail. For the most part, in the below text "BIP8", means BIP8-and-activate-at-timeout, and "BIP9" means BIP8-and-fail-at-timeout) So let's take a look at Modern Softfork Activation!
Modern Softfork Activation
This is a more complex activation method, composed of BIP9 and BIP8 as supcomponents.
First have a 12-month BIP9 (fail at timeout).
If the above fails to activate, have a 6-month discussion period during which users and developers and miners discuss whether to continue to step 3.
Have a 24-month BIP8 (activate at timeout).
The total above is 42 months, if you are counting: 3.5 years worst-case activation. The logic here is that if there are no problems, BIP9 will work just fine anyway. And if there are problems, the 6-month period should weed it out. Finally, miners cannot hold the feature hostage since the 24-month BIP8 period will exist anyway.
PSA: Being Resilient to Upgrades
Software is very birttle. Anyone who has been using software for a long time has experienced something like this:
You hear a new version of your favorite software has a nice new feature.
Excited, you install the new version.
You find that the new version has subtle incompatibilities with your current workflow.
You are sad and downgrade to the older version.
You find out that the new version has changed your files in incompatible ways that the old version cannot work with anymore.
You tearfully reinstall the newer version and figure out how to get your lost productivity now that you have to adapt to a new workflow
If you are a technically-competent user, you might codify your workflow into a bunch of programs. And then you upgrade one of the external pieces of software you are using, and find that it has a subtle incompatibility with your current workflow which is based on a bunch of simple programs you wrote yourself. And if those simple programs are used as the basis of some important production system, you hve just screwed up because you upgraded software on an important production system. And well, one of the issues with new softfork activation is that if not enough people (users and miners) upgrade to the newest Bitcoin software, the security of the new softfork rules are at risk. Upgrading software of any kind is always a risk, and the more software you build on top of the software-being-upgraded, the greater you risk your tower of software collapsing while you change its foundations. So if you have some complex Bitcoin-manipulating system with Bitcoin somewhere at the foundations, consider running two Bitcoin nodes:
One is a "stable-version" Bitcoin node. Once it has synced, set it up to connect=x.x.x.x to the second node below (so that your ISP bandwidth is only spent on the second node). Use this node to run all your software: it's a stable version that you don't change for long periods of time. Enable txiindex, disable pruning, whatever your software needs.
The other is an "always-up-to-date" Bitcoin Node. Keep its stoarge down with pruning (initially sync it off the "stable-version" node). You can't use blocksonly if your "stable-version" node needs to send transactions, but otherwise this "always-up-to-date" Bitcoin node can be kept as a low-resource node, so you can run both nodes in the same machine.
When a new Bitcoin version comes up, you just upgrade the "always-up-to-date" Bitcoin node. This protects you if a future softfork activates, you will only receive valid Bitcoin blocks and transactions. Since this node has nothing running on top of it, it is just a special peer of the "stable-version" node, any software incompatibilities with your system software do not exist. Your "stable-version" Bitcoin node remains the same version until you are ready to actually upgrade this node and are prepared to rewrite most of the software you have running on top of it due to version compatibility problems. When upgrading the "always-up-to-date", you can bring it down safely and then start it later. Your "stable-version" wil keep running, disconnected from the network, but otherwise still available for whatever queries. You do need some system to stop the "always-up-to-date" node if for any reason the "stable-version" goes down (otherwisee if the "always-up-to-date" advances its pruning window past what your "stable-version" has, the "stable-version" cannot sync afterwards), but if you are technically competent enough that you need to do this, you are technically competent enough to write such a trivial monitor program (EDIT: gmax notes you can adjust the pruning window by RPC commands to help with this as well). This recommendation is from gmaxwell on IRC, by the way.
Topic originally posted in Bitcoin by almkglor [link]
This is a follow-up on https://old.reddit.com/Bitcoin/comments/hqzp14/technical_the_path_to_taproot_activation/ Taproot! Everybody wants it!! But... you might ask yourself: sure, everybody else wants it, but why would I, sovereign Bitcoin HODLer, want it? Surely I can be better than everybody else because I swapped XXX fiat for Bitcoin unlike all those nocoiners? And it is important for you to know the reasons why you, o sovereign Bitcoiner, would want Taproot activated. After all, your nodes (or the nodes your wallets use, which if you are SPV, you hopefully can pester to your wallet vendoimplementor about) need to be upgraded in order for Taproot activation to actually succeed instead of becoming a hot sticky mess. First, let's consider some principles of Bitcoin.
You the HODLer should be the one who controls where your money goes. Your keys, your coins.
You the HODLer should be able to coordinate and make contracts with other people regarding your funds.
You the HODLer should be able to do the above without anyone watching over your shoulder and judging you.
I'm sure most of us here would agree that the above are very important principles of Bitcoin and that these are principles we would not be willing to remove. If anything, we would want those principles strengthened (especially the last one, financial privacy, which current Bitcoin is only sporadically strong with: you can get privacy, it just requires effort to do so). So, how does Taproot affect those principles?
Taproot and Your /Coins
Most HODLers probably HODL their coins in singlesig addresses. Sadly, switching to Taproot would do very little for you (it gives a mild discount at spend time, at the cost of a mild increase in fee at receive time (paid by whoever sends to you, so if it's a self-send from a P2PKH or bech32 address, you pay for this); mostly a wash). (technical details: a Taproot output is 1 version byte + 32 byte public key, while a P2WPKH (bech32 singlesig) output is 1 version byte + 20 byte public key hash, so the Taproot output spends 12 bytes more; spending from a P2WPKH requires revealing a 32-byte public key later, which is not needed with Taproot, and Taproot signatures are about 9 bytes smaller than P2WPKH signatures, but the 32 bytes plus 9 bytes is divided by 4 because of the witness discount, so it saves about 11 bytes; mostly a wash, it increases blockweight by about 1 virtual byte, 4 weight for each Taproot-output-input, compared to P2WPKH-output-input). However, as your HODLings grow in value, you might start wondering if multisignature k-of-n setups might be better for the security of your savings. And it is in multisignature that Taproot starts to give benefits! Taproot switches to using Schnorr signing scheme. Schnorr makes key aggregation -- constructing a single public key from multiple public keys -- almost as trivial as adding numbers together. "Almost" because it involves some fairly advanced math instead of simple boring number adding, but hey when was the last time you added up your grocery list prices by hand huh? With current P2SH and P2WSH multisignature schemes, if you have a 2-of-3 setup, then to spend, you need to provide two different signatures from two different public keys. With Taproot, you can create, using special moon math, a single public key that represents your 2-of-3 setup. Then you just put two of your devices together, have them communicate to each other (this can be done airgapped, in theory, by sending QR codes: the software to do this is not even being built yet, but that's because Taproot hasn't activated yet!), and they will make a single signature to authorize any spend from your 2-of-3 address. That's 73 witness bytes -- 18.25 virtual bytes -- of signatures you save! And if you decide that your current setup with 1-of-1 P2PKH / P2WPKH addresses is just fine as-is: well, that's the whole point of a softfork: backwards-compatibility; you can receive from Taproot users just fine, and once your wallet is updated for Taproot-sending support, you can send to Taproot users just fine as well! (P2WPKH and P2WSH -- SegWit v0 -- addresses start with bc1q; Taproot -- SegWit v1 --- addresses start with bc1p, in case you wanted to know the difference; in bech32 q is 0, p is 1) Now how about HODLers who keep all, or some, of their coins on custodial services? Well, any custodial service worth its salt would be doing at least 2-of-3, or probably something even bigger, like 11-of-15. So your custodial service, if it switched to using Taproot internally, could save a lot more (imagine an 11-of-15 getting reduced from 11 signatures to just 1!), which --- we can only hope! --- should translate to lower fees and better customer service from your custodial service! So I think we can say, very accurately, that the Bitcoin principle --- that YOU are in control of your money --- can only be helped by Taproot (if you are doing multisignature), and, because P2PKH and P2WPKH remain validly-usable addresses in a Taproot future, will not be harmed by Taproot. Its benefit to this principle might be small (it mostly only benefits multisignature users) but since it has no drawbacks with this (i.e. singlesig users can continue to use P2WPKH and P2PKH still) this is still a nice, tidy win! (even singlesig users get a minor benefit, in that multisig users will now reduce their blockchain space footprint, so that fees can be kept low for everybody; so for example even if you have your single set of private keys engraved on titanium plates sealed in an airtight box stored in a safe buried in a desert protected by angry nomads riding giant sandworms because you're the frickin' Kwisatz Haderach, you still gain some benefit from Taproot) And here's the important part: if P2PKH/P2WPKH is working perfectly fine with you and you decide to never use Taproot yourself, Taproot will not affect you detrimentally. First do no harm!
Taproot and Your Contracts
No one is an island, no one lives alone. Give and you shall receive. You know: by trading with other people, you can gain expertise in some obscure little necessity of the world (and greatly increase your productivity in that little field), and then trade the products of your expertise for necessities other people have created, all of you thereby gaining gains from trade. So, contracts, which are basically enforceable agreements that facilitate trading with people who you do not personally know and therefore might not trust. Let's start with a simple example. You want to buy some gewgaws from somebody. But you don't know them personally. The seller wants the money, you want their gewgaws, but because of the lack of trust (you don't know them!! what if they're scammers??) neither of you can benefit from gains from trade. However, suppose both of you know of some entity that both of you trust. That entity can act as a trusted escrow. The entity provides you security: this enables the trade, allowing both of you to get gains from trade. In Bitcoin-land, this can be implemented as a 2-of-3 multisignature. The three signatories in the multisgnature would be you, the gewgaw seller, and the escrow. You put the payment for the gewgaws into this 2-of-3 multisignature address. Now, suppose it turns out neither of you are scammers (whaaaat!). You receive the gewgaws just fine and you're willing to pay up for them. Then you and the gewgaw seller just sign a transaction --- you and the gewgaw seller are 2, sufficient to trigger the 2-of-3 --- that spends from the 2-of-3 address to a singlesig the gewgaw seller wants (or whatever address the gewgaw seller wants). But suppose some problem arises. The seller gave you gawgews instead of gewgaws. Or you decided to keep the gewgaws but not sign the transaction to release the funds to the seller. In either case, the escrow is notified, and if it can sign with you to refund the funds back to you (if the seller was a scammer) or it can sign with the seller to forward the funds to the seller (if you were a scammer). Taproot helps with this: like mentioned above, it allows multisignature setups to produce only one signature, reducing blockchain space usage, and thus making contracts --- which require multiple people, by definition, you don't make contracts with yourself --- is made cheaper (which we hope enables more of these setups to happen for more gains from trade for everyone, also, moon and lambos). (technology-wise, it's easier to make an n-of-n than a k-of-n, making a k-of-n would require a complex setup involving a long ritual with many communication rounds between the n participants, but an n-of-n can be done trivially with some moon math. You can, however, make what is effectively a 2-of-3 by using a three-branch SCRIPT: either 2-of-2 of you and seller, OR 2-of-2 of you and escrow, OR 2-of-2 of escrow and seller. Fortunately, Taproot adds a facility to embed a SCRIPT inside a public key, so you can have a 2-of-2 Taprooted address (between you and seller) with a SCRIPT branch that can instead be spent with 2-of-2 (you + escrow) OR 2-of-2 (seller + escrow), which implements the three-branched SCRIPT above. If neither of you are scammers (hopefully the common case) then you both sign using your keys and never have to contact the escrow, since you are just using the escrow public key without coordinating with them (because n-of-n is trivial but k-of-n requires setup with communication rounds), so in the "best case" where both of you are honest traders, you also get a privacy boost, in that the escrow never learns you have been trading on gewgaws, I mean ewww, gawgews are much better than gewgaws and therefore I now judge you for being a gewgaw enthusiast, you filthy gewgawer).
Taproot and Your Contracts, Part 2: Cryptographic Boogaloo
Now suppose you want to buy some data instead of things. For example, maybe you have some closed-source software in trial mode installed, and want to pay the developer for the full version. You want to pay for an activation code. This can be done, today, by using an HTLC. The developer tells you the hash of the activation code. You pay to an HTLC, paying out to the developer if it reveals the preimage (the activation code), or refunding the money back to you after a pre-agreed timeout. If the developer claims the funds, it has to reveal the preimage, which is the activation code, and you can now activate your software. If the developer does not claim the funds by the timeout, you get refunded. And you can do that, with HTLCs, today. Of course, HTLCs do have problems:
Privacy. Everyone scraping the Bitcoin blockchain can see any HTLCs, and preimages used to claim them.
This can be mitigated by using offchain techniques so HTLCs are never published onchain in the happy case. Lightning would probably in practice be the easiest way to do this offchain. Of course, there are practical limits to what you can pay on Lightning. If you are buying something expensive, then Lightning might not be practical. For example, the "software" you are activating is really the firmware of a car, and what you are buying is not the software really but the car itself (with the activation of the car firmware being equivalent to getting the car keys).
Even offchain techniques need an onchain escape hatch in case of unresponsiveness! This means that, if something bad happens during payment, the HTLC might end up being published onchain anyway, revealing the fact that some special contract occurred.
And an HTLC that is claimed with a preimage onchain will also publicly reveal the preimage onchain. If that preimage is really the activation key of a software than it can now be pirated. If that preimage is really the activation key for your newly-bought cryptographic car --- well, not your keys, not your car!
Trust requirement. You are trusting the developer that it gives you the hash of an actual valid activation key, without any way to validate that the activation key hidden by the hash is actually valid.
Fortunately, with Schnorr (which is enabled by Taproot), we can now use the Scriptless Script constuction by Andrew Poelstra. This Scriptless Script allows a new construction, the PTLC or Pointlocked Timelocked Contract. Instead of hashes and preimages, just replace "hash" with "point" and "preimage" with "scalar". Or as you might know them: "point" is really "public key" and "scalar" is really a "private key". What a PTLC does is that, given a particular public key, the pointlocked branch can be spent only if the spender reveals the private key of the given private key to you. Another nice thing with PTLCs is that they are deniable. What appears onchain is just a single 2-of-2 signature between you and the developemanufacturer. It's like a magic trick. This signature has no special watermarks, it's a perfectly normal signature (the pledge). However, from this signature, plus some datta given to you by the developemanufacturer (known as the adaptor signature) you can derive the private key of a particular public key you both agree on (the turn). Anyone scraping the blockchain will just see signatures that look just like every other signature, and as long as nobody manages to hack you and get a copy of the adaptor signature or the private key, they cannot get the private key behind the public key (point) that the pointlocked branch needs (the prestige). (Just to be clear, the public key you are getting the private key from, is distinct from the public key that the developemanufacturer will use for its funds. The activation key is different from the developer's onchain Bitcoin key, and it is the activation key whose private key you will be learning, not the developer's/manufacturer's onchain Bitcoin key). So:
Privacy: PTLCs are private even if done onchain. Nobody else can learn what the private key behind the public key is, except you who knows the adaptor signature that when combined with the complete onchain signature lets you know what the private key of the activation key is. Somebody scraping the blockchain will not learn the same information even if all PTLCs are done onchain!
Lightning is still useful for reducing onchain use, and will also get PTLCs soon after Taproot is activated, but even if something bad happens and a PTLC has to go onchain, it doesn't reveal anything!
Trust issues can be proven more easily with a public-private keypair than with a hash-preimage pair.
For example, the developer of the software you are buying could provide a signature signing a message saying "unlock access to the full version for 1 day". You can check if feeding this message and signature to the program will indeed unlock full-version access for 1 day. Then you can check if the signature is valid for the purported pubkey whose private key you will pay for. If so, you can now believe that getting the private key (by paying for it in a PTLC) would let you generate any number of "unlock access to the full version for 1 day" message+signatures, which is equivalent to getting full access to the software indefinitely.
For the car, the manufacturer can show that signing a message "start the engine" and feeding the signature to the car's fimrware will indeed start the engine, and maybe even let you have a small test drive. You can then check if the signature is valid for the purported pubkey whose privkey you will pay for. If so, you can now believe that gaining knowledge of the privkey will let you start the car engine at any time you want.
(pedantry: the signatures need to be unique else they could be replayed, this can be done with a challenge-response sequence for the car, where the car gathers entropy somehow (it's a car, it probably has a bunch of sensors nowadays so it can get entropy for free) and uses the gathered entropy to challenge you to sign a random number and only start if you are able to sign the random number; for the software, it could record previous signatures somewhere in the developer's cloud server and refuse to run if you try to replay a previously-seen signature.)
Taproot lets PTLCs exist onchain because they enable Schnorr, which is a requirement of PTLCs / Scriptless Script. (technology-wise, take note that Scriptless Script works only for the "pointlocked" branch of the contract; you need normal Script, or a pre-signed nLockTimed transaction, for the "timelocked" branch. Since Taproot can embed a script, you can have the Taproot pubkey be a 2-of-2 to implement the Scriptless Script "pointlocked" branch, then have a hidden script that lets you recover the funds with an OP_CHECKLOCKTIMEVERIFY after the timeout if the seller does not claim the funds.)
Now if you were really paying attention, you might have noticed this parenthetical:
(technical details: a Taproot output is 1 version byte + 32 byte public key, while a P2WPKH (bech32 singlesig) output is 1 version byte + 20 byte public key hash...)
So wait, Taproot uses raw 32-byte public keys, and not public key hashes? Isn't that more quantum-vulnerable?? Well, in theory yes. In practice, they probably are not. It's not that hashes can be broken by quantum computes --- they're still not. Instead, you have to look at how you spend from a P2WPKH/P2PKH pay-to-public-key-hash. When you spend from a P2PKH / P2WPKH, you have to reveal the public key. Then Bitcoin hashes it and checks if this matches with the public-key-hash, and only then actually validates the signature for that public key. So an unconfirmed transaction, floating in the mempools of nodes globally, will show, in plain sight for everyone to see, your public key. (public keys should be public, that's why they're called public keys, LOL) And if quantum computers are fast enough to be of concern, then they are probably fast enough that, in the several minutes to several hours from broadcast to confirmation, they have already cracked the public key that is openly broadcast with your transaction. The owner of the quantum computer can now replace your unconfirmed transaction with one that pays the funds to itself. Even if you did not opt-in RBF, miners are still incentivized to support RBF on RBF-disabled transactions. So the extra hash is not as significant a protection against quantum computers as you might think. Instead, the extra hash-and-compare needed is just extra validation effort. Further, if you have ever, in the past, spent from the address, then there exists already a transaction indelibly stored on the blockchain, openly displaying the public key from which quantum computers can derive the private key. So those are still vulnerable to quantum computers. For the most part, the cryptographers behind Taproot (and Bitcoin Core) are of the opinion that quantum computers capable of cracking Bitcoin pubkeys are unlikely to appear within a decade or two.
Current quantum computers can barely crack prime factorization problem for primes of 5 bits.
The 256-bit elliptic curve use by Bitcoin is, by my (possibly wrong) understanding, equivalent to 4096-bit primes, so you can see a pretty big gap between now (5 bit primes) and what is needed (4096 bit primes).
A lot of financial non-Bitcoin systems use the equivalent of 3072-bit primes or less, and are probably easier targets to crack than the equivalent-to-4096-bit-primes Bitcoin.
Quantum computers capable of cracking Bitcoin are still far off.
Pay-to-public-key-hash is not as protective as you might think.
We will probably see banks get cracked before Bitcoin, so the banking system is a useful canary-in-a-coal-mine to see whether we should panic about being quantum vulnerable.
For now, the homomorphic and linear properties of elliptic curve cryptography provide a lot of benefits --- particularly the linearity property is what enables Scriptless Script and simple multisignature (i.e. multisignatures that are just 1 signature onchain). So it might be a good idea to take advantage of them now while we are still fairly safe against quantum computers. It seems likely that quantum-safe signature schemes are nonlinear (thus losing these advantages).
If you are a singlesig HODL-only Bitcoin user, Taproot will not affect you positively or negatively. Importantly: Taproot does no harm!
If you use or intend to use multisig, Taproot will be a positive for you.
If you transact onchain regularly using typical P2PKH/P2WPKH addresses, you get a minor reduction in feerates since multisig users will likely switch to Taproot to get smaller tx sizes, freeing up blockspace for yours.
If you are using multiparticipant setups for special systems of trade, Taproot will be a positive for you.
Remember: Lightning channels are multipartiicpiant setups for special systems of lightning-fast offchain trades!
I Wanna Be The Taprooter!
So, do you want to help activate Taproot? Here's what you, mister sovereign Bitcoin HODLer, can do!
If you have developer experience especially in C, C++, or related languages
Review the Taproot code! There is one pull request in Bitcoin Core, and one in libsecp256k1. I deliberately am not putting links here, to avoid brigades of nontechnical but enthusiastic people leaving pointless reviews, but if you are qualified you know how to find them!
But I am not a cryptographeBitcoin Core contributomathematician/someone as awesome as Pieter Wuille
That's perfectly fine! The cryptographers have been over the code already and agree the math is right and the implementation is right. What is wanted is the dreary dreary dreary software engineering: are the comments comprehensive and understandable? no misspellings in the comments? variable names understandable? reasonable function naming convention? misleading coding style? off-by-one errors in loops? conditions not covered by tests? accidental mixups of variables with the same types? missing frees? read-before-init? better test coverage of suspicious-looking code? missing or mismatching header guards? portability issues? consistent coding style? you know, stuff any coder with a few years of experience in coding anything might be able to catch. With enough eyes all bugs are shallow!
If you are running a mining pool/mining operation/exchange/custodial service/SPV server
Be prepared to upgrade!
One of the typical issues with upgrading software is that subtle incompatibilities with your current custom programs tend to arise, disrupting operations and potentially losing income due to downtime. If so, consider moving to the two-node setup suggested by gmax, which is in the last section of my previous post. With this, you have an up-to-date "public" node and a fixed-version "private" node, with the public node protecting the private node from any invalid chainsplits or invalid transactions. Moving to this setup from a typical one-node setup should be smooth and should not disrupt operations (too much).
If you are running your own fullnode for fun or for your own wallet
Be prepared to upgrade! The more nodes validating the new rules (even if you are a non-mining node!), the safer every softfork will be!
If you are using an SPV wallet or custodial wallet/service (including hardware wallets using the software of the wallet provider)
Contact your wallet provider / SPV server and ask for a statement on whether they support Taproot, and whether they are prepared to upgrade for Taproot! Make it known to them that Taproot is something you want!
But I Hate Taproot!!
Raise your objections to Taproot now, or forever hold your peace! Maybe you can raise them here and some of the devs (probably nullc, he goes everywhere, even in rbtc!) might be able to see your objections! Or if your objections are very technical, head over to the appropriate pull request and object away!
Maybe you simply misunderstand something, and we can clarify it here!
Or maybe you do have a good objection, and we can make Taproot better by finding a solution for it!
almkglor your post has been copied because one or more comments in this topic have been removed. This copy will preserve unmoderated topic. If you would like to opt-out, please send a message using [this link].
Maybe it's time to discuss bitcoin's history again. Credit to u/singularity87 for the original post over 3 years ago. People should get the full story of bitcoin because it is probably one of the strangest of all reddit subs. bitcoin, the main sub for the bitcoin community is held and run by a person who goes by the pseudonym u/theymos. Theymos not only controls bitcoin, but also bitcoin.org and bitcointalk.com. These are top three communication channels for the bitcoin community, all controlled by just one person. For most of bitcoin's history this did not create a problem (at least not an obvious one anyway) until around mid 2015. This happened to be around the time a new player appeared on the scene, a for-profit company called Blockstream. Blockstream was made up of/hired many (but not all) of the main bitcoin developers. (To be clear, Blockstream was founded before mid 2015 but did not become publicly active until then). A lot of people, including myself, tried to point out there we're some very serious potential conflicts of interest that could arise when one single company controls most of the main developers for the biggest decentralised and distributed cryptocurrency. There were a lot of unknowns but people seemed to give them the benefit of the doubt because they were apparently about to release some new software called "sidechains" that could offer some benefits to the network. Not long after Blockstream came on the scene the issue of bitcoin's scalability once again came to forefront of the community. This issue came within the community a number of times since bitcoins inception. Bitcoin, as dictated in the code, cannot handle any more than around 3 transactions per second at the moment. To put that in perspective Paypal handles around 15 transactions per second on average and VISA handles something like 2000 transactions per second. The discussion in the community has been around how best to allow bitcoin to scale to allow a higher number of transactions in a given amount of time. I suggest that if anyone is interested in learning more about this problem from a technical angle, they go to btc and do a search. It's a complex issue but for many who have followed bitcoin for many years, the possible solutions seem relatively obvious. Essentially, currently the limit is put in place in just a few lines of code. This was not originally present when bitcoin was first released. It was in fact put in place afterwards as a measure to stop a bloating attack on the network. Because all bitcoin transactions have to be stored forever on the bitcoin network, someone could theoretically simply transmit a large number of transactions which would have to be stored by the entire network forever. When bitcoin was released, transactions were actually for free as the only people running the network were enthusiasts. In fact a single bitcoin did not even have any specific value so it would be impossible set a fee value. This meant that a malicious person could make the size of the bitcoin ledger grow very rapidly without much/any cost which would stop people from wanting to join the network due to the resource requirements needed to store it, which at the time would have been for very little gain. Towards the end of the summer last year, this bitcoin scaling debate surfaced again as it was becoming clear that the transaction limit for bitcoin was semi regularly being reached and that it would not be long until it would be regularly hit and the network would become congested. This was a very serious issue for a currency. Bitcoin had made progress over the years to the point of retailers starting to offer it as a payment option. Bitcoin companies like, Microsoft, Paypal, Steam and many more had began to adopt it. If the transaction limit would be constantly maxed out, the network would become unreliable and slow for users. Users and businesses would not be able to make a reliable estimate when their transaction would be confirmed by the network. Users, developers and businesses (which at the time was pretty much the only real bitcoin subreddit) started to discuss how we should solve the problem bitcoin. There was significant support from the users and businesses behind a simple solution put forward by the developer Gavin Andreesen. Gavin was the lead developer after Satoshi Nakamoto left bitcoin and he left it in his hands. Gavin initially proposed a very simple solution of increasing the limit which was to change the few lines of code to increase the maximum number of transactions that are allowed. For most of bitcoin's history the transaction limit had been set far far higher than the number of transactions that could potentially happen on the network. The concept of increasing the limit one time was based on the fact that history had proven that no issue had been cause by this in the past. A certain group of bitcoin developers decided that increasing the limit by this amount was too much and that it was dangerous. They said that the increased use of resources that the network would use would create centralisation pressures which could destroy the network. The theory was that a miner of the network with more resources could publish many more transactions than a competing small miner could handle and therefore the network would tend towards few large miners rather than many small miners. The group of developers who supported this theory were all developers who worked for the company Blockstream. The argument from people in support of increasing the transaction capacity by this amount was that there are always inherent centralisation pressure with bitcoin mining. For example miners who can access the cheapest electricity will tend to succeed and that bigger miners will be able to find this cheaper electricity easier. Miners who have access to the most efficient computer chips will tend to succeed and that larger miners are more likely to be able to afford the development of them. The argument from Gavin and other who supported increasing the transaction capacity by this method are essentially there are economies of scale in mining and that these economies have far bigger centralisation pressures than increased resource cost for a larger number of transactions (up to the new limit proposed). For example, at the time the total size of the blockchain was around 50GB. Even for the cost of a 500GB SSD is only $150 and would last a number of years. This is in-comparison to the $100,000's in revenue per day a miner would be making. Various developers put forth various other proposals, including Gavin Andresen who put forth a more conservative increase that would then continue to increase over time inline with technological improvements. Some of the employees of blockstream also put forth some proposals, but all were so conservative, it would take bitcoin many decades before it could reach a scale of VISA. Even though there was significant support from the community behind Gavin's simple proposal of increasing the limit it was becoming clear certain members of the bitcoin community who were part of Blockstream were starting to become increasingly vitriolic and divisive. Gavin then teamed up with one of the other main bitcoin developers Mike Hearn and released a coded (i.e. working) version of the bitcoin software that would only activate if it was supported by a significant majority of the network. What happened next was where things really started to get weird. After this free and open source software was released, Theymos, the person who controls all the main communication channels for the bitcoin community implemented a new moderation policy that disallowed any discussion of this new software. Specifically, if people were to discuss this software, their comments would be deleted and ultimately they would be banned temporarily or permanently. This caused chaos within the community as there was very clear support for this software at the time and it seemed our best hope for finally solving the problem and moving on. Instead a censorship campaign was started. At first it 'all' they were doing was banning and removing discussions but after a while it turned into actively manipulating the discussion. For example, if a thread was created where there was positive sentiment for increasing the transaction capacity or being negative about the moderation policies or negative about the actions of certain bitcoin developers, the mods of bitcoin would selectively change the sorting order of threads to 'controversial' so that the most support opinions would be sorted to the bottom of the thread and the most vitriolic would be sorted to the top of the thread. This was initially very transparent as it was possible to see that the most downvoted comments were at the top and some of the most upvoted were at the bottom. So they then implemented hiding the voting scores next to the users name. This made impossible to work out the sentiment of the community and when combined with selectively setting the sorting order to controversial it was possible control what information users were seeing. Also, due to the very very large number of removed comments and users it was becoming obvious the scale of censorship going on. To hide this they implemented code in their CSS for the sub that completely hid comments that they had removed so that the censorship itself was hidden. Anyone in support of scaling bitcoin were removed from the main communication channels. Theymos even proudly announced that he didn't care if he had to remove 90% of the users. He also later acknowledged that he knew he had the ability to block support of this software using the control he had over the communication channels. While this was all going on, Blockstream and it's employees started lobbying the community by paying for conferences about scaling bitcoin, but with the very very strange rule that no decisions could be made and no complete solutions could be proposed. These conferences were likely strategically (and successfully) created to stunt support for the scaling software Gavin and Mike had released by forcing the community to take a "lets wait and see what comes from the conferences" kind of approach. Since no final solutions were allowed at these conferences, they only served to hinder and splinter the communities efforts to find a solution. As the software Gavin and Mike released called BitcoinXT gained support it started to be attacked. Users of the software were attack by DDOS. Employees of Blockstream were recommending attacks against the software, such as faking support for it, to only then drop support at the last moment to put the network in disarray. Blockstream employees were also publicly talking about suing Gavin and Mike from various different angles simply for releasing this open source software that no one was forced to run. In the end Mike Hearn decided to leave due to the way many members of the bitcoin community had treated him. This was due to the massive disinformation campaign against him on bitcoin. One of the many tactics that are used against anyone who does not support Blockstream and the bitcoin developers who work for them is that you will be targeted in a smear campaign. This has happened to a number of individuals and companies who showed support for scaling bitcoin. Theymos has threatened companies that he will ban any discussion of them on the communication channels he controls (i.e. all the main ones) for simply running software that he disagrees with (i.e. any software that scales bitcoin). As time passed, more and more proposals were offered, all against the backdrop of ever increasing censorship in the main bitcoin communication channels. It finally come down the smallest and most conservative solution. This solution was much smaller than even the employees of Blockstream had proposed months earlier. As usual there was enormous attacks from all sides and the most vocal opponents were the employees of Blockstream. These attacks still are ongoing today. As this software started to gain support, Blockstream organised more meetings, especially with the biggest bitcoin miners and made a pact with them. They promised that they would release code that would offer an on-chain scaling solution hardfork within about 4 months, but if the miners wanted this they would have to commit to running their software and only their software. The miners agreed and the ended up not running the most conservative proposal possible. This was in February last year. There is no hardfork proposal in sight from the people who agreed to this pact and bitcoin is still stuck with the exact same transaction limit it has had since the limit was put in place about 6 years ago. Gavin has also been publicly smeared by the developers at Blockstream and a plot was made against him to have him removed from the development team. Gavin has now been, for all intents an purposes, expelled from bitcoin development. This has meant that all control of bitcoin development is in the hands of the developers working at Blockstream. There is a new proposal that offers a market based approach to scaling bitcoin. This essentially lets the market decide. Of course, as usual there has been attacks against it, and verbal attacks from the employees of Blockstream. This has the biggest chance of gaining wide support and solving the problem for good. To give you an idea of Blockstream; It has hired most of the main and active bitcoin developers and is now synonymous with the "Core" bitcoin development team. They AFAIK no products at all. They have received around $75m in funding. Every single thing they do is supported by theymos. They have started implementing an entirely new economic system for bitcoin against the will of it's users and have blocked any and all attempts to scaling the network in line with the original vision. Although this comment is ridiculously long, it really only covers the tip of the iceberg. You could write a book on the last two years of bitcoin. The things that have been going on have been mind blowing. One last thing that I think is worth talking about is the u/bashco's claim of vote manipulation. The users that the video talks about have very very large numbers of downvotes mostly due to them having a very very high chance of being astroturfers. Around about the same time last year when Blockstream came active on the scene every single bitcoin troll disappeared, and I mean literally every single one. In the years before that there were a large number of active anti-bitcoin trolls. They even have an active sub buttcoin. Up until last year you could go down to the bottom of pretty much any thread in bitcoin and see many of the usual trolls who were heavily downvoted for saying something along the lines of "bitcoin is shit", "You guys and your tulips" etc. But suddenly last year they all disappeared. Instead a new type of bitcoin user appeared. Someone who said they were fully in support of bitcoin but they just so happened to support every single thing Blockstream and its employees said and did. They had the exact same tone as the trolls who had disappeared. Their way to talking to people was aggressive, they'd call people names, they had a relatively poor understanding of how bitcoin fundamentally worked. They were extremely argumentative. These users are the majority of the list of that video. When the 10's of thousands of users were censored and expelled from bitcoin they ended up congregating in btc. The strange thing was that the users listed in that video also moved over to btc and spend all day everyday posting troll-like comments and misinformation. Naturally they get heavily downvoted by the real users in btc. They spend their time constantly causing as much drama as possible. At every opportunity they scream about "censorship" in btc while they are happy about the censorship in bitcoin. These people are astroturfers. What someone somewhere worked out, is that all you have to do to take down a community is say that you are on their side. It is an astoundingly effective form of psychological attack.
(if you would like to add information or see mistakes, just comment below and I will credit you) What is Cardano? Cardano is an open source and permissionless "Third Generation" blockchain project being developed by IOHK. Development and research started in 2015, with the 1.0 mainnet launching in 2017. Cardano blockchain is currently being developed into two layers. The first one is the ledger of account values, and the second one is the reason why values are transferred from one account to the other.
Cardano Settlement Layer (CSL) - The CSL acts as the ledger of account or balance ledger. This is an idea created as an improvement of bitcoin blockchain. It uses a proof-of-stake consensus algorithm known as Ouroboros to generate new blocks and confirm transactions.
IOHK has the contract with an undisclosed party to develop the project until the end of 2020, at which point the community may elect another development team - on the assumption that the voting infrastructure has been completed. However CEO Charles Hoskinson has stated that they will develop the project until it is completed, and they are simply financed until the end of 2020. Cardano was the first project built on a peer-reviewed scientific development method, resulting in dozens of research papers produced by IOHK. Among these papers is Ouroboros Genesis, proving that a Proof of Stake protocol can be just as secure as Proof of Work - which was originally developed for Bitcoin, and refined for Ethereum. This PoS protocol considerably lowers the resources cost to maintain network while still maintaining security and network speed. Cardano as a financial infrastructure is not yet completed, With significant development to be rolled out. What were the other two generations of blockchain? Gen 1 was Bitcoin. It exists by itself and talks to nobody but Bitcoin. It is capable of peer to peer transactions without a third party in such a way that you cannot cheat the system. This was a major step forward for the E-cash concept that people have been working on for the 20 years prior. Gen 2 was Ethereum and other smart-contract platforms that allow other coins and platforms to be built on top of their infrastructure. These coins can interact with others on the platform, but cannot interact with other platforms. Meaning it is still not truly interoperable. Most Gen 2 blockchains are also using Proof of Work likes Bitcoin, which effects scaling. Also missing is a built-in method to pay for upgrades and voting mechanics for decision making. Gen 3 blockchains are a complete package designed to replace the current financial infrastructure of the world. Cardano is using Proof of Stake to ensure security and decentralisation(Shelley). Scaling through parallel computation (Hydra in Basho), Sidechains to allow the platform to interact with other platforms (Basho), and also include mechanisms for voting for project funding, changes to the protocol and improvement proposals (Voltaire). Finally smart contracts platform for new and established projects that are developer friendly (Goguen). Who is the team behind Cardano? There are three organisations that are contributing to the development of Cardano. The first is the Cardano Foundation, an objective, non-profit organisation based in Switzerland. Its core responsibilities are to nurture, grow and educate Cardano users and commercial communities, to engage with authorities on regulatory and commercial matters and to act as a blockchain and cryptocurrency standards body. The second entity is IOHK, a leading cryptocurrency research and development company, which holds the contract to develop the platform until 2020. The final business partner is Emurgo, which invests in start-ups and assists commercial ventures to build on the Cardano blockchain. www.Cardano.orgwww.emurgo.iohttps://cardanofoundation.org/en/ What is the difference between Proof of Work and Proof of stake? Both these protocols are known as “consensus protocols” that confirm whether a transaction is valid or invalid without a middleman like Visa or your bank. Every node (active and updated copy of the blockchain) can agree that the transaction did take place legitimately. If more than half validators agree, then the ledger is updated and the transaction is now secured. Proof-of-Work (PoW) happens when a miner is elected to solve an exceptionally difficult math problem and gets credit for adding a verified block to the blockchain. Finding a solution is an arduous guessing game that takes a considerable amount of computing power to compete for the correct answer. It is like “pick a number between 1 and one trillion” and when you get it right, you get $30,000 in Bitcoin, so the more computers you have working on it, the faster you can solve it. Also the more people who are trying to solve the same block, the harder the algorithm, so it may become 1 in 20 trillion. The downside is the massive amounts of power required to run the computers that run the network, and the slow pace that blocks are solved. To “Hack” a PoW system, you need 51% of the computing power, which would allow you to deny transactions, or spend the same coin twice. At the moment there are 8 main mining operations for bitcoin, and 4 of them make up more that 51% of the mining power. PoS instead selects a coin at random that already exists, and the person who owns that coin is elected to put the work in to validate the block. This means there is no contest and no guessing game. Some computer power is required, but only a fraction of a PoW system. The complex nature of selecting a coin that exists on the correct and longest chain and is owned by someone who can complete the block, AND in such a way that it is secure AND that computer currently running AND that person also having an incentive to complete the work, has made the development of PoS very slow. However only a few years ago it wasn’t even possible. In this method, the more of the coin (ADA) you stake, the more likely you are to be selected to close a block. Cardano also allows you to delegate your stake to someone else to validate the block so they do the work, and you share in the reward for doing so. To “hack” a PoS blockchain you need to own 51% of the tokens, which is significantly harder than owning 51% of the computing power. What is ADA and how is it different to Cardano? Cardano is the name of the network infrastructure, and can be thought of like a rail network. ADA is the native token that has been developed alongside Cardano to facilitate the network operation. This helps confusion and maintains distinction, compared to Ethereum being the native token of Ethereum. Similar to bitcoin or any other token, ADA can be sent peer to peer as payment, but is also the reward for running the network, and what is taken as transaction fees. In this metaphor “Cardano” is the train tracks, that everything runs on. A stake pool would be the locomotive, facilitating transactions on the network while ADA is the coal that powers the locomotive. The train carriages are Decentralised applications (Dapps) that are also running on cardano tracks, but are not actively powering the network. What is staking Cardano is a Proof of Stake protocol, and uses already existing coins like a marker to ensure security. The protocol chooses a coin at random and the owner of that coin is elected to validate a block of transactions. Staking is the process of adding your ADA coins to a Pool that has the resources to run the network. If the pool you have chosen to "delegate" your stake to is chosen to close/validate a block, then you get a portion of the rewards. The ADA never leaves your wallet, and you can "undelegate" whenever you like. this increases stability of the network and also gives an incentive to pool operators to invest the time and hardware required to run a pool. What is a stake-pool and how does it work?Cardano.org FAQ on the issue goes into much more detail A stake pool is where the computing power of the network takes place. During ITN there was 1200 registered stake pools while 300 were creating blocks. You can manage your own stake-pool or delegate your ADA to an already registered pool. Rewards are determined by the protocol, however the pool may elect to charge fee Percentages, or flat rate fee to upkeep their pool. Can I Stake my ADA right now? The staking testnet has closed, If you participated in the Incentivised Test Net and earned rewards, instructions to check the balance are here. However if you have just purchased some or it was held on an exchange, then you will need to wait until the Shelley mainnet launch happening at the end of July 2020. Where do I stake my ADA? Daedalus Flight wallet, and Yoroi Wallet (as a chrome extension) are the current best options. Adalite and several other third-party wallets also exist. Coinbase will also allow staking as a custodial service, and many exchanges may offer “staking as a service” so you can leave your coins on the exchange and still earn rewards if you enjoy trading. I do not recommend leaving coins on an exchange unless you are actively trading. What are the staking rewards now and what can I expect on a return in the future? The Incentivised Test Net (ITN) Delivered 10%-15%pa returns on average. The future of staking will most likely be lower, but will depend on the amount of ADA staked across the network and the amount of network traffic. Check https://staking.cardano.org/en/calculato for a clearer picture. what is a Pledge? To stop one person operating many pools, the rewards that a pool earns will vary depending on the amount of personal ADA they “pledge” to open the pool. This means that 50 pools with a 1,00ADA pledge each will be overall less profitable than 1-2 pool with the max ADA pledge (unknown but likely around 300k). Even if the 50 pools have the same over stake delegated by other users and have a better chance of being selected to close a block, the 50 pools may receive lower rewards.. (at least that is the theory) Who is IOHK? IOHK is a for-profit software engineering company founded by CEO Charles Hoskinson and Jeremy Wood in 2015 that has taken a scientific approach to the development of blockchain. IOHK started with “first principles” and looked at questions like “what is a blockchain” and “what should a blockchain be able to do” rather than accepting the established paradigm of Bitcoin and Ethereum. IOHK was originally Input Output Hong Kong, but is now Input Output Global and is based in Wyoming USA employing over 230 staff. IOHK has established research labs in several universities in order to complete the Cardano project, and is also developing Ethereum Classic, Atala, Mantis and possibly other Blockchain related programs and infrastructure. Who is Charles? Charles Hoskinson is an early adopter of cryptocurrencies, American entrepreneur and cryptocurrency specialist. Charles Co-founded Ethereum with Vitalik Buterin and 5-8 others, However he only worked on that project for approximately six-months. Charles is now the CEO of IOHK and the director of The Bitcoin Education Project. Why isn’t ADA on coinbase? Cardano and coinbase have recently connected in a big way. With IOHK turning over all their ADA to the custodial services of Coinbase. This means that Cardano and Coinbase have been working together for some time and there is a strong partnership forming. Staking and cold storage will be available and trading on Coinbase will most likely become available after the release of Shelley (although no official word yet) Why Doesn’t Cardano have a Wikipedia Page? Wikipedia has strict guidelines on what can be turned into an article. As there has been no coverage of Cardano from mainstream media or “noteworthy” sources, there is no article yet. Wikipedia will also not accept sources from IOHK as they are not considered “reliable” and must come from a third party. This will most likely change soon. Cardano does have a dedicated community driven wiki https://cardanowiki.info/wiki/Home What is Atala and why do I care?* Atala is a suite of services being developed on top of the cardano blockchain by IOHK that focusses on credential certification, for things like education, work history and degrees (Atala Prism). Product counterfeiting protection through registering products on a blockchain and create taper-proof provenance. This does not only apply to Gucci handbags, but also medication, art, and anything that can be counterfeited (Atala Scan). As well as supply chain tracking to see issues and inefficiencies with greater transparency(Atala Trace). Im new, how much is a good investment? Cardano is still a speculative market and although there is amazing potential here, it is still only potential. When investing in any High risk market like Crypto, only every invest what you are willing to lose. Cardano may be testing the 10c barrier now. But in March it dumped to 1.7c. And if you suddenly need your money back during the dump then you are out of luck. Do your research before you FOMO in. Start with a small amount and send it between wallets and exchanges to understand how the system works. Store your private keys offline (or online cloud service but encrypted) with a method that is unlikely to be damaged AND have multiple copies. So in the case of a house fire or a blow to the head, or the cloud service being shutdown/destroyed, you do not lose your money. Timelines https://roadmap.cardano.org/en/ Shelley Decentralisation rollout and news Goguen smart contract rollout Voltaire Voting mechanics – no official roll out timeline (though promised for 2020) Basho scaling and sidechains – no official roll out time line (most likely 2021)
It is no doubt Grayscale’s booming popularity as a mainstream investment has caused a lot of community hullabaloo lately. As such, I felt it was worth making a FAQ regarding the topic. I’m looking to update this as needed and of course am open to suggestions / adding any questions. The goal is simply to have a thread we can link to anyone with questions on Grayscaleand its products. Instead of explaining the same thing 3 times a day, shoot those posters over to this thread.My hope is that these questions are answered in a fairly simple and easy to understand manner. I think as the sub grows it will be a nice reference point for newcomers. Disclaimer: I do NOT work for Grayscale and as such am basing all these answers on information that can be found on their website / reports. (Grayscale’s official FAQ can be found here). I also do NOT have a finance degree, I do NOT have a Series 6 / 7 / 140-whatever, and I do NOT work with investment products for my day job. I have an accounting background and work within the finance world so I have the general ‘business’ knowledge to put it all together, but this is all info determined in my best faith effort as a layman. The point being is this --- it is possible I may explain something wrong or missed the technical terms, and if that occurs I am more than happy to update anything that can be proven incorrect Everything below will be in reference to ETHE but will apply to GBTC as well.If those two segregate in any way, I will note that accordingly.
ETHE is essentially a stock that intends to loosely track the price of ETH. It does so by having each ETHE be backed by a specific amount of ETH that is held on chain. Initially, the newly minted ETHE can only be purchased by institutions and accredited investors directly from Grayscale. Once a year has passed (6 months for GBTC) it can then be listed on the OTCQX Best Market exchange for secondary trading. Once listed on OTCQX, anyone investor can purchase at this point. Additional information on ETHE can be found here.
So ETHE is an ETF?
No. For technical reasons beyond my personal understandings it is not labeled an ETF. I know it all flows back to the “Securities Act Rule 144”, but due to my limited knowledge on SEC regulations I don’t want to misspeak past that. If anyone is more knowledgeable on the subject I am happy to input their answer here.
How long has ETHE existed?
ETHE was formed 12/14/2017. GBTC was formed 9/25/2013.
How is ETHE created?
The trust will issue shares to “Authorized Participants” in groups of 100 shares (called baskets). Authorized Participants are the only persons that may place orders to create these baskets and they do it on behalf of the investor. Source: Creation and Redemption of Shares section on page 39 of the “Grayscale Ethereum Trust Annual Report (2019)” – Located Here Note – The way their reports word this makes it sound like there is an army of authorizers doing the dirty work, but in reality there is only one Authorized Participant. At this moment the “Genesis” company is the sole Authorized Participant. Genesis is owned by the “Digital Currency Group, Inc.” which is the parent company of Grayscale as well. (And to really go down the rabbit hole it looks like DCG is the parent company of CoinDesk and is “backing 150+ companies across 30 countries, including Coinbase, Ripple, and Chainalysis.”) Source: Digital Currency Group, Inc. informational section on page 77 of the “Grayscale Bitcoin Trust (BTC) Form 10-K (2019)” – Located Here Source: Barry E. Silbert informational section on page 75 of the “Grayscale Bitcoin Trust (BTC) Form 10-K (2019)” – Located Here
How does Grayscale acquire the ETH to collateralize the ETHE product?
An Investor may acquire ETHE by paying in cash or exchanging ETH already owned.
Cash: The investor pays the subscription amount in cash and the Authorized Participant will use that cash to purchase ETH.
ETH: The investor transfers the ETH to the Authorized Participant, which will contribute the ETH in-kind to the Trust.
Source: Creation and Redemption of Shares section on page 40 of the “Grayscale Ethereum Trust Annual Report (2019)” – Located Here
Where does Grayscale store their ETH? Does it have a specific wallet address we can follow?
ETH is stored with Coinbase Custody Trust Company, LLC. I am unaware of any specific address or set of addresses that can be used to verify the ETH is actually there. As an aside - I would actually love to see if anyone knows more about this as it’s something that’s sort of peaked my interest after being asked about it… I find it doubtful we can find that however. Source: Part C. Business Information, Item 8, subsection A. on page 16 of the “Grayscale Ethereum Trust Annual Report (2019)” – Located Here
Can ETHE be redeemed for ETH?
No, currently there is no way to give your shares of ETHE back to Grayscale to receive ETH back. The only method of getting back into ETH would be to sell your ETHE to someone else and then use those proceeds to buy ETH yourself. Source: Redemption Procedures on page 41 of the “Grayscale Ethereum Trust Annual Report (2019)” – Located Here
Why are they not redeeming shares?
I think the report summarizes it best:
Redemptions of Shares are currently not permitted and the Trust is unable to redeem Shares. Subject to receipt of regulatory approval from the SEC and approval by the Sponsor in its sole discretion, the Trust may in the future operate a redemption program. Because the Trust does not believe that the SEC would, at this time, entertain an application for the waiver of rules needed in order to operate an ongoing redemption program, the Trust currently has no intention of seeking regulatory approval from the SEC to operate an ongoing redemption program.
Source: Redemption Procedures on page 41 of the “Grayscale Ethereum Trust Annual Report (2019)” – Located Here
What is the fee structure?
ETHE has an annual fee of 2.5%. GBTC has an annual fee of 2.0%. Fees are paid by selling the underlying ETH / BTC collateralizing the asset. Source: ETHE’s informational page on Grayscale’s website - Located Here Source: Description of Trust on page 31 & 32 of the “Grayscale Ethereum Trust Annual Report (2019)” – Located Here
What is the ratio of ETH to ETHE?
At the time of posting (6/19/2020) each ETHE share is backed by .09391605 ETH. Each share of GBTC is backed by .00096038 BTC. ETHE & GBTC’s specific information page on Grayscale’s website updates the ratio daily – Located Here For a full historical look at this ratio, it can be found on the Grayscale home page on the upper right side if you go to Tax Documents > 2019 Tax Documents > Grayscale Ethereum Trust 2019 Tax Letter.
Why is the ratio not 1:1? Why is it always decreasing?
While I cannot say for certain why the initial distribution was not a 1:1 backing, it is more than likely to keep the price down and allow more investors a chance to purchase ETHE / GBTC. As noted above, fees are paid by selling off the ETH collateralizing ETHE. So this number will always be trending downward as time goes on. Source: Description of Trust on page 32 of the “Grayscale Ethereum Trust Annual Report (2019)” – Located Here
I keep hearing about how this is locked supply… explain?
As noted above, there is currently no redemption program for converting your ETHE back into ETH. This means that once an ETHE is issued, it will remain in circulation until a redemption program is formed --- something that doesn’t seem to be too urgent for the SEC or Grayscale at the moment. Tiny amounts will naturally be removed due to fees, but the bulk of the asset is in there for good. Knowing that ETHE cannot be taken back and destroyed at this time, the ETH collateralizing it will not be removed from the wallet for the foreseeable future. While it is not fully locked in the sense of say a totally lost key, it is not coming out any time soon. Per their annual statement:
The Trust’s ETH will be transferred out of the ETH Account only in the following circumstances: (i) transferred to pay the Sponsor’s Fee or any Additional Trust Expenses, (ii) distributed in connection with the redemption of Baskets (subject to the Trust’s obtaining regulatory approval from the SEC to operate an ongoing redemption program and the consent of the Sponsor), (iii) sold on an as-needed basis to pay Additional Trust Expenses or (iv) sold on behalf of the Trust in the event the Trust terminates and liquidates its assets or as otherwise required by law or regulation.
Source: Description of Trust on page 31 of the “Grayscale Ethereum Trust Annual Report (2019)” – Located Here
Grayscale now owns a huge chunk of both ETH and BTC’s supply… should we be worried about manipulation, a sell off to crash the market crash, a staking cartel?
First, it’s important to remember Grayscale is a lot more akin to an exchange then say an investment firm. Grayscale is working on behalf of its investors to create this product for investor control. Grayscale doesn’t ‘control’ the ETH it holds any more then Coinbase ‘controls’ the ETH in its hot wallet. (Note: There are likely some varying levels of control, but specific to this topic Grayscale cannot simply sell [legally, at least] the ETH by their own decision in the same manner Coinbase wouldn't be able to either.) That said, there shouldn’t be any worry in the short to medium time-frame. As noted above, Grayscale can’t really remove ETH other than for fees or termination of the product. At 2.5% a year, fees are noise in terms of volume. Grayscale seems to be the fastest growing product in the crypto space at the moment and termination of the product seems unlikely. IF redemptions were to happen tomorrow, it’s extremely unlikely we would see a mass exodus out of the product to redeem for ETH. And even if there was incentive to get back to ETH, the premium makes it so that it would be much more cost effective to just sell your ETHE on the secondary market and buy ETH yourself. Remember, any redemption is up to the investors and NOT something Grayscale has direct control over.
Yes, but what about [insert criminal act here]…
Alright, yes. Technically nothing is stopping Grayscale from selling all the ETH / BTC and running off to the Bahamas (Hawaii?). BUT there is no real reason for them to do so. Barry is an extremely public figure and it won’t be easy for him to get away with that. Grayscale’s Bitcoin Trust creates SEC reports weekly / bi-weekly and I’m sure given the sentiment towards crypto is being watched carefully. Plus, Grayscale is making tons of consistent revenue and thus has little to no incentive to give that up for a quick buck.
That’s a lot of ‘happy little feels’ Bob, is there even an independent audit or is this Tether 2.0?
Actually yes, an independent auditor report can be found in their annual reports. It is clearly aimed more towards the financial side and I doubt the auditors are crypto savants, but it is at least one extra set of eyes. Auditors are Friedman LLP – Auditor since 2015. Source: Independent Auditor Report starting on page 116 (of the PDF itself) of the “Grayscale Ethereum Trust Annual Report (2019)” – Located Here As mentioned by user TheCrpytosAndBloods (In Comments Below), a fun fact:
The company’s auditors Friedman LLP were also coincidentally TetheBitfinex’s auditors until They controversially parted ways in 2018 when the Tether controversy was at its height. I am not suggesting for one moment that there is anything shady about DCG - I just find it interesting it’s the same auditor.
“Grayscale sounds kind of lame” / “Not your keys not your crypto!” / “Why is anyone buying this, it sounds like a scam?”
Welp, for starters this honestly is not really a product aimed at the people likely to be reading this post. To each their own, but do remember just because something provides no value to you doesn’t mean it can’t provide value to someone else. That said some of the advertised benefits are as follows:
Access to trading within a tax advantaged retirement account
Institutions can easily and safely get exposure to crypto in a more legal-friendly manner
Ease of use for those who are not very technologically savvy
Ease of access for someone who doesn’t want to set up a Coinbase account
Perceived trust in institutional platforms over something like Coinbase or Kraken
Degen traders who just want access to the volatility ETHE provides that have no interest in crypto beyond that
So for example, I can set up an IRA at a brokerage account that has $0 trading fees. Then I can trade GBTC and ETHE all day without having to worry about tracking my taxes. All with the relative safety something like E-Trade provides over Binance. As for how it benefits the everyday ETH holder? I think the supply lock is a positive. I also think this product exposes the Ethereum ecosystem to people who otherwise wouldn’t know about it.
Why is there a premium? Why is ETHE’s premium so insanely high compared to GBTC’s premium?
There are a handful of theories of why a premium exists at all, some even mentioned in the annual report. The short list is as follows:
ETHE is NOT redeeming shares and as such doesn’t have an effective arbitrage mechanism
ETHE has a 1 year wait to be sold on the secondary market, again negating the ability to effectively arbitrage the premium
People may simply be willing to pay a premium for the benefits stated above.
Why is ETHE’s so much higher the GBTC’s? Again, a few thoughts:
ETHE hasn’t been around as long, so there is less secondary market supply to go around
ETHE was listed at an insanely high premium to begin with
ETHE might simply be more popular at the moment
Could just be sheer stupidity (investors think ETHE is a 1:1 ratio not 1:11)
Are there any other differences between ETHE and GBTC?
I touched on a few of the smaller differences, but one of the more interesting changes is GBTC is now a “SEC reporting company” as of January 2020. Which again goes beyond my scope of knowledge so I won’t comment on it too much… but the net result is GBTC is now putting out weekly / bi-weekly 8-K’s and annual 10-K’s. This means you can track GBTC that much easier at the moment as well as there is an extra layer of validity to the product IMO.
I’m looking for some statistics on ETHE… such as who is buying, how much is bought, etc?
There is a great Q1 2020 report I recommend you give a read that has a lot of cool graphs and data on the product. It’s a little GBTC centric, but there is some ETHE data as well. It can be found here hidden within the 8-K filings.Q1 2020 is the 4/16/2020 8-K filing. For those more into a GAAP style report see the 2019 annual 10-K of the same location.
Is Grayscale only just for BTC and ETH?
No, there are other products as well. In terms of a secondary market product, ETCG is the Ethereum Classic version of ETHE. Fun Fact – ETCG was actually put out to the secondary market first. It also has a 3% fee tied to it where 1% of it goes to some type of ETC development fund. In terms of institutional and accredited investors, there are a few ‘fan favorites’ such as Bitcoin Cash, Litcoin, Stellar, XRP, and Zcash. Something called Horizion (Backed by ZEN I guess? Idk to be honest what that is…). And a diversified Mutual Fund type fund that has a little bit of all of those. None of these products are available on the secondary market.
Are there alternatives to Grayscale?
I know they exist, but I don’t follow them. I’ll leave this as a “to be edited” section and will add as others comment on what they know. Per user Over-analyser (in comments below):
As asked by pegcity - Okay so I was under the impression you can just give them your own ETH and get ETHE, but do you get 11 ETHE per ETH or do you get the market value of ETH in USD worth of ETHE?
I have always understood that the ETHE issued directly through Grayscale is issued without the premium. As in, if I were to trade 1 ETH for ETHE I would get 11, not say only 2 or 3 because the secondary market premium is so high. And if I were paying cash only I would be paying the price to buy 1 ETH to get my 11 ETHE. Per page 39 of their annual statement, it reads as follows:
The Trust will issue Shares to Authorized Participants from time to time, but only in one or more Baskets (with a Basket being a block of 100 Shares). The Trust will not issue fractions of a Basket. The creation (and, should the Trust commence a redemption program, redemption) of Baskets will be made only in exchange for the delivery to the Trust, or the distribution by the Trust, of the number of whole and fractional ETH represented by each Basket being created (or, should the Trust commence a redemption program, redeemed), which is determined by dividing (x) the number of ETH owned by the Trust at 4:00 p.m., New York time, on the trade date of a creation or redemption order, after deducting the number of ETH representing the U.S. dollar value of accrued but unpaid fees and expenses of the Trust (converted using the ETH Index Price at such time, and carried to the eighth decimal place), by (y) the number of Shares outstanding at such time (with the quotient so obtained calculated to one one-hundred-millionth of one ETH (i.e., carried to the eighth decimal place)), and multiplying such quotient by 100 (the “Basket ETH Amount”). All questions as to the calculation of the Basket ETH Amount will be conclusively determined by the Sponsor and will be final and binding on all persons interested in the Trust. The Basket ETH Amount multiplied by the number of Baskets being created or redeemed is the “Total Basket ETH Amount.” The number of ETH represented by a Share will gradually decrease over time as the Trust’s ETH are used to pay the Trust’s expenses. Each Share represented approximately 0.0950 ETH and 0.0974 ETH as of December 31, 2019 and 2018, respectively.
Cardano FAQ What is Cardano? Cardano is an open source highly secure "Third Generation" blockchain project being developed by IOHK. Development and research started in 2015, with the 1.0 mainnet launching in 2017. Cardano blockchain is currently being developed into two layers. The first one is the ledger of account values, and the second one is the reason why values are transferred from one account to the other.
Cardano Settlement Layer (CSL) - The CSL acts as the ledger of account or balance ledger. This is an idea created as an improvement of bitcoin blockchain. It uses a proof-of-stake consensus algorithm to generate new blocks and confirm transactions.
IOHK has the contract with an undisclosed party to develop the project until the end of 2020, at which point the community may elect another - on the assumption that the voting infrastructure has been completed. However CEO Charles Hoskinson has stated that they will develop the project until it is completed, and they are simply financed until the end of 2020. Cardano was the first project built on a peer-reviewed scientific development method, resulting in dozens of research papers produced by IOHK. Among these papers is Ouroboros Genesis, proving that a Proof of Stake protocol can be just as secure as Proof of Work, which was originally developed for Bitcoin, and refined for Ethereum. This PoS protocol considerably lowers the resources cost to maintain network while still maintaining security and network speed. Cardano as a financial infrastructure is not yet completed, With significant development to be rolled out. What were the other two generations of blockchain? Gen 1 was Bitcoin. It exists by itself and talks to nobody but bitcoin. It is capable of peer to peer transactions without a third party in such a way that you cannot cheat the system. this was a major step forward for the E-cash concept. Gen 2 was Ethereum and other smart-contract platforms that allow other coins to be built on top of their infrastructure. These coins can interact with others on the platform, but cannot interact with other platforms like Stella, Bitcoin, cardano - and so on. Also most Gen 2 blockchains are also using Proof of Work likes Bitcoin, which effects scaling. Gen 3 blockchains are using Proof of Stake to ensure scaling, Sidechains to allow the platform to interact with other platforms, like ethereum and bitcoin, and also include smart contracts that are developer friendly. Who is the team behind Cardano? There are three organisations that are contributing to the development of Cardano. The first is the Cardano Foundation, an objective, non-profit organisation based in Switzerland. Its core responsibilities are to nurture, grow and educate Cardano users and commercial communities, to engage with authorities on regulatory and commercial matters and to act as a blockchain and cryptocurrency standards body. The second entity working on Cardano is IOHK, a leading cryptocurrency research and development company, which holds the contract to develop the platform until 2020. The final business partner is Emurgo, which invests in start-ups and assists commercial ventures to build on the Cardano blockchain. (from https://www.cardano.org/en/help-support/) What is the difference between PoS and PoW? Both these protocols are known as “consensus protocols” that confirm whether a transaction is valid or invalid without a middleman like Visa or your bank. Every node (active and updated copy of the blockchain) can agree that the transaction did take place legitimately. If more than half the network agrees, then the transaction is validated. Proof-of-Work (PoW) happens when a miner solves an exceptionally difficult math problem and gets credit for adding a verified block to the blockchain. Finding a solution is an arduous guessing game that takes a considerable amount of computing power to compete for the correct answer. It is like “pick a number between 1 and one trillion” and when you get it right, you get $30,000 in Bitcoin, so the more computers you have working on it, the faster you can solve it. Also the more people who are trying to solve the same block, the harder the algorithm, so it may become 1 in 20 trillion. The downside is the massive amounts of power required to run the computers that run the network, and the slow pace that blocks are solved. To “Hack” a PoW system, you need 51% of the computing power, which would allow you to deny transactions, or spend the same coin twice. PoS instead selects a coin at random that already exists, and the person who owns that coin is elected to put the work in to validate the block. This means there is no contest and no guessing game. Some computer power is required, but only a fraction of a PoW system. The complex nature of selecting a coin that exists on the correct and longest chain and is owned by someone who can complete the block, AND in such a way that it is secure AND that computer currently running AND that person also having an incentive to complete the work, has made the development of PoS very slow. However only a few years ago it wasn’t even possible. In this method, the more of the coin (ADA) you stake, the more likely you are to be selected to close a block. Cardano also allows you to delegate your stake to someone else to validate the block so they do the work, and you share in the reward for doing so. To “hack” a PoS blockchain you need to own 51% of the tokens, which is significantly harder than owning 51% of the computing power. What is ADA and how is it different to Cardano? Cardano is the name of the network infrastructure, and can be thought of like a rail network. ADA is the native token that has been developed alongside Cardano to facilitate the network operation. This helps confusion and maintains distinction, compared to Ethereum being the native token of Ethereum. Similar to bitcoin or any other token, ADA can be sent peer to peer as payment, but is also the reward for running the network, and what is taken as transaction fees. In this metaphor “Cardano” is the train tracks, that everything runs on. A stake pool would be the locomotive, facilitating transactions on the network while ADA is the coal that powers the locomotive. The train carriages are Decentralised applications (Dapps) that are also running on cardano tracks, but are not actively powering the network. What is staking Cardano is a Proof of Stake protocol, and uses already existing coins like a marker to ensure security. The protocol chooses a coin at random and the owner of that coin is elected to validate a block of transactions. Staking is the process of adding your ADA coins to a Pool that has the resources to run the network. If the pool you have chosen to "delegate" your stake to is chosen to close/validate a block, then you get a portion of the rewards. The ADA never leaves your wallet, and you can "undelegate" whenever you like. this increases stability of the network and also gives an incentive to pool operators to invest the time and hardware required to run a pool. What is a stake-pool and how does it work? A stake pool is where the computing power of the network takes place. Currently there are 1200 registered stake pools while 300 are creating blocks. You can manage your own stake-pool or delegate your ADA to an already registered pool. Rewards are determined by the protocol, however the pool may elect to charge fee Percentages, or flat rate fee to upkeep their pool. Can I Stake my ADA right now? If you had ADA in a Yoroi or Daedalus wallet before November 2019 then yes, you can stake. However if you have just purchased some or it was held on an exchange, then you will need to wait until August 18 (hopefully) for pools to start creating blocks, and first staking rewards will be 5 days later. Where do I stake my ADA? Daedalus Flight wallet - Or Daedalus ITN, and Yoroi Wallet (as a chrome extension) are the current best options. What are the staking rewards now and what can I expect on a return in the future? At the moment the Incentivised Test Net (ITN) is delivering 10%-15%pa returns on average. The future of staking will most likely be lower, but will depend on the amount of ADA staked across the network and the amount of network traffic. However it should not be completely dissimilar from the ITN, with most speculating 6%-10%pa compounding weekly….at this point there is no solid answer what is a Pledge? To stop one person operating many pools, the rewards that a pool earns will vary depending on the amount of personal ADA they “pledge” to open the pool. This means that 100 pools with a 10,00ADA pledge will be overall less profitable than 1 pool with 1,000,000 ADA pledge. (at least that is the theory) Who is IOHK? IOHK is a for-profit software engineering company founded by CEO Charles Hoskinson and Jeremy Wood in 2015 that has taken a scientific approach to the development of blockchain. IOHK started with “first principles” and looked at questions like “what is a blockchain” and “what should a blockchain be able to do” rather than accepting the established paradigm of Bitcoin and Ethereum. IOHK was originally Input Output Hong Kong, but is now Input Output Global and is based in Wyoming USA employing over 230 staff. IOHK has established research labs in several universities in order to complete the Cardano project, and is also developing Ethereum Classic, Atilia, Mantis and possibly other Blockchain related programs and infrastructure. Who is Charles? Charles Hoskinson is an American entrepreneur and cryptocurrency specialist. Charles is often cited in the media as the Co-founder of Ethereum, but only worked on that project for approximately six-months. Charles is now the CEO of IOHK and the director of The Bitcoin Education Project. Why isn’t ADA on coinbase? There is no official word specifically as to why Cardano is not on Coinbase, However there prevailing theory is that Coinbase requires the coins to be decentralised. and as Cardano is still being developed, it will not be added Shelley is released, or possibly never, it is totally up to coinbase. However Charles did mention in an AMA that IOG has been working with many exchanges for the Shelley rollout. Why Doesn’t Cardano have a Wikipedia Page? Wikipedia has strict guidelines on what can be turned into an article. As there has been no coverage of Cardano from mainstream media or “noteworthy” sources, there is no article yet. Wikipedia will also not accept sources from IOHK as they are not considered “reliable” and must come from a third party. This will most likely change soon. Cardano does have a dedicated community driven wiki https://cardanowiki.info/wiki/Home
Cardano FAQ What is Cardano? - Cardano is an open source highly secure blockchain 3.0 project being developed by IOHK. Development and research started in 2015, with the 1.0 mainnet launching in 2017. Cardano blockchain is currently being developed into two layers. The first one is the ledger of account values and the second one is the reason why values are transferred from one account to the other.
Cardano Settlement Layer (CSL) - The CSL acts as the ledger of account or balance ledger. This is an idea created as an improvement of bitcoin blockchain. It uses a proof-of-stake consensus algorithm to generate new blocks and confirm transactions.
IHOK has the contract with an undisclosed party to develop the project until the end of 2020, at which point the community may elect another - on the assumption that the voting infrastructure has been completed. However CEO Charles Hoskinson has stated that they will develop the project until it is completed, and they are simply financed until the end of 2020. Cardano was the first project built on a peer-reviewed scientific development method, resulting in dozens of research papers produced by IOHK. Amongst these papers is Ouroboros Genesis, proving that a Proof of Stake protocol can be just as secure as Proof of Work, which was originally developed for Bitcoin, and refined for Ethereum. This PoS protocol considerably lowers the resources cost to maintain network while still maintaining security and network speed. Cardano as a financial infrastructure is not yet completed, With significant development to be rolled out. Who is the team behind Cardano? There are three organisations that are contributing to the development of Cardano. The first is the Cardano Foundation, an objective, non-profit organisation based in Switzerland. Its core responsibilities are to nurture, grow and educate Cardano users and commercial communities, to engage with authorities on regulatory and commercial matters and to act as a blockchain and cryptocurrency standards body. The second entity working on Cardano is IOHK, a leading cryptocurrency research and development company, which holds the contract to develop the platform until 2020. The final business partner is Emurgo, which invests in start-ups and assists commercial ventures to build on the Cardano blockchain. (from https://www.cardano.org/en/help-support/) What is the difference between PoS and PoW? Both these protocols are known as “consensus protocols” that confirm whether a transaction is valid or invalid without a middleman like Visa or your bank. Every node (active and updated copy of the blockchain) can agree that the transaction did take place legitimately. If more than half the network agrees, then the transaction is validated. Proof-of-Work (PoW) happens when a miner solves an exceptionally difficult math problem and gets credit for adding a verified block to the blockchain. Finding a solution is an arduous guessing game that takes a considerable amount of computing power to compete for the correct answer. It is like “pick a number between 1 and one trillion” and when you get it right, you get $30,000 in Bitcoin, so the more computers you have working on it, the faster you can solve it. Also the more people who are trying to solve the same block, the harder the algorithm, so it may become 1 in 20 trillion. The downside is the massive amounts of power required to run the computers that run the network, and the slow pace that blocks are solved. To “Hack” a PoW system, you need 51% of the computing power, which would allow you to deny transactions, or spend the same coin twice. PoS instead selects a coin at random that already exists, and the person who owns that coin is elected to put the work in to validate the block. This means there is no contest and no guessing game. Some computer power is required, but only a fraction of a PoW system. The complex nature of selecting a coin that exists on the correct and longest chain and is owned by someone who can complete the block, AND in such a way that it is secure AND that computer currently running AND that person also having an incentive to complete the work, has made the development of PoS very slow. However only a few years ago it wasn’t even possible. In this method, the more of the coin (ADA) you stake, the more likely you are to be selected to close a block. Cardano also allows you to delegate your stake to someone else to validate the block so they do the work, and you share in the reward for doing so. To “hack” a PoS blockchain you need to own 51% of the tokens, which is significantly harder than owning 51% of the computing power. What is ADA and how is it different to Cardano? Cardano is the name of the network infrastructure, and can be thought of like a rail network. ADA is the native token that has been developed alongside Cardano to facilitate the network operation. This helps confusion and maintains distinction, compared to Ethereum being the native token of Ethereum. Similar to bitcoin or any other token, ADA can be sent peer to peer as payment, but is also the reward for running the network, and what is taken as transaction fees. In this metaphor “Cardano” is the train tracks, that everything runs on. A stake pool would be the locomotive, facilitating transactions on the network while ADA is the coal that powers the locomotive. The train carriages are Decentralised applications (Dapps) that are also running on cardano tracks, but are not actively powering the network. Can I Stake my ADA right now? If you had ADA in a Yoroi or Daedalus wallet before November 2019 then yes, you can stake. However if you have just purchased some or it was held on an exchange, then you will need to wait until August 18 (hopefully) for the release of the full staking capability. Where do I stake my ADA? Daedalus Flight wallet - Or Daedalus ITN, and Yoroi Wallet (as a chrome extension) are the current best options. What are the staking rewards now and what can I expect on a return in the future? At the moment the Incentivised Test Net (ITN) is delivering 10%-15%pa returns on average. The future of staking will most likely be lower, but will depend on the amount of ADA staked across the network and the amount of network traffic. However it should not be completely dissimilar from the ITN, with most speculating 6%-10%pa compounding weekly….at this point there is no solid answer What is a stake-pool and how does it work? A stake pool is where the computing power of the network takes place. Currently there are 1200 registered stake pools while 300 are creating blocks. You can manage your own stake-pool or delegate your ADA to an already registered pool. Rewards are determined by the protocol, however the pool may elect to charge fee Percentages, or flat rate fee to upkeep their pool. what is a Pledge? To stop one person operating many pools, the rewards that a pool earns will vary depending on the amount of personal ADA they “pledge” to open the pool. This means that 100 pools with a 10,00ADA pledge will be overall less profitable than 1 pool with 1,000,000 ADA pledge. (at least that is the theory) Who is IOHK? IOHK is a for-profit software engineering company founded by CEO Charles Hoskinson and Jeremy Wood in 2015 that has taken a scientific approach to the development of blockchain. IOHK started with “first principles” and looked at questions like “what is a blockchain” and “what should a blockchain be able to do” rather than accepting the established paradigm of Bitcoin and Ethereum. IOHK was originally Input Output Hong Kong, but is now Input Output Global and is based in Wyoming USA employing over 230 staff. IOHK has established research labs in several universities in order to complete the Cardano project, and is also developing Ethereum Classic, Atilia, Mantis and possibly other Blockchain related programs and infrastructure. Who is Charles? Charles Hoskinson is an American entrepreneur and cryptocurrency specialist. Charles is often cited in the media as the Co-founder of Ethereum, but only worked on that project for approximately six-months. Charles is now the CEO of IOHK and the director of The Bitcoin Education Project. Why isn’t ADA on coinbase? Coinbase requires the coins to essentially be “finished” and as Cardano is still being developed, it will not be added until there is more development rolled out. Why Doesn’t Cardano have a Wikipedia Page? Wikipedia has strict guidelines on what can be turned into an article. As there has been no coverage of Cardano from mainstream media or “noteworthy” sources, there is no article yet. Wikipedia will also not accept sources from IOHK as they are not considered “reliable” and must come from a third party. This will most likely change soon.
Long Term Incentives for Validators: Transaction Fees Should Be Rewarded, Not Burned
This post is a followup to question #2 in my original $AVA Native Token Questions. Thank you u/sekniqi for providing those answers. In Bitcoin, the intention was that eventually transaction fees would entirely replace the block reward through a very large volume of low-fee transactions . Since AVA fees are burned, they cannot replace the minting reward for validators after the $AVA supply cap is reached and minting ends. AVA currently lacks this long term incentive that Bitcoin was intended to have.
I am specifically curious about the plan after the $AVA supply cap is reached and minting ends completely. Price increases will not incentivize validation after minting rewards end. At that point, token holders will benefit from any price increases whether or not they are validators, but validators will suffer the expense of running a node and the opportunity cost of locking up tokens for staking.
It seems dangerous to speculate that future applications might create their own application tokens and decide to pay sufficient fees to validators in those application tokens. If it has already been decided that native $AVA transaction fees will be burned and will not be rewarded to validators, then what happens if future applications follow the same logic and decide to burn any fees or not require fees? In that case, there is little incentive left to be a validator, other than possibly for a few large businesses that depend on the existence of the AVA network. The security of the system should be inherent in the native base layer, not pushed off to hypothetical implementations of future applications. If details such as the sliding-cost function for transaction fees are still under prototyping, is it possible that the system could be updated prior to mainnet so that all transaction fees are not burned, and instead some or all fees are rewarded to the validators as minting decreases? If some fee burning is desired, perhaps the percent of transaction fees that are rewarded to validators could be one of the critical parameters adjustable via on-chain governance voting. The $AVA token paper acknowledges that the minting function should be adjustable to maintain a sufficient level of total staked supply . Using the same logic, as minting decreases and ends, the transaction fees rewarded to validators could be adjustable to maintain a sufficient level of validators or staked supply. Really though, it seems like all transaction fees should be rewarded to the validators to incentivize running the system. Some minimal fees are required to reduce congestion and incentivize validators to run the network. Beyond those two objectives, requiring additional fees for “burning” simply increases the burden on end-users and reduces the utility of the network. There are real costs associated with running a validating node, including hardware, bandwidth, and maintenance, but also the opportunity cost and time value of money for the staked $AVA locked up by a validator. After the $AVA supply cap is reached and minting ends, validators must be incentivized and compensated for these costs by very small transaction fees paid by a very large volume of transactions.
“Once a predetermined number of coins have entered circulation, the incentive can transition entirely to transaction fees and be completely inflation free.”
Nakamoto, Satoshi: Bitcoin: A Peer-to-Peer Electronic Cash System (2008)
“In a few decades when the reward gets too small, the transaction fee will become the main compensation for nodes. I'm sure that in 20 years there will either be very large transaction volume or no volume.”
“The cost of mediation increases transaction costs, limiting the minimum practical transaction size and cutting off the possibility for small casual transactions [referencing current weaknesses of commerce on the Internet]"
Nakamoto, Satoshi: Bitcoin: A Peer-to-Peer Electronic Cash System (2008)
"The goal of changing γ and λ is to increase total supply of tokens in case the empirically observed total staked supply is too low."
Buttolph, S., Moin, A., Sekniqi, K., Sirer, E.G.: AVA Native Token ($AVA) Dynamics (2020/02/09) Additional information:
“Validators, sometimes referred to as stakers, are compensated for their validation services based on staking amount and staking duration, amongst other properties."
Sekniqi, K., Laine, D., Buttolph, S., Sirer, E.G.: AVA Platform (2020/04/21) [Not necessarily true after minting ends and rewards cease?]
"Validators are incentivized to stay online and operate correctly as their rewards are based on proof-of-uptime and proof-of-correctness."
Buttolph, S., Moin, A., Sekniqi, K., Sirer, E.G.: AVA Native Token ($AVA) Dynamics (2020/02/09) [Not necessarily true after minting ends and rewards cease?] External links omitted to avoid the moderation queue.
Review and Prospect of Crypto Economy-Development and Evolution of Consensus Mechanism (2)
https://preview.redd.it/a51zsja94db51.png?width=567&format=png&auto=webp&s=99e8080c9e9b1fb5e11cbd70f915f9cb37188f81 Foreword The consensus mechanism is one of the important elements of the blockchain and the core rule of the normal operation of the distributed ledger. It is mainly used to solve the trust problem between people and determine who is responsible for generating new blocks and maintaining the effective unification of the system in the blockchain system. Thus, it has become an everlasting research hot topic in blockchain. This article starts with the concept and role of the consensus mechanism. First, it enables the reader to have a preliminary understanding of the consensus mechanism as a whole; then starting with the two armies and the Byzantine general problem, the evolution of the consensus mechanism is introduced in the order of the time when the consensus mechanism is proposed; Then, it briefly introduces the current mainstream consensus mechanism from three aspects of concept, working principle and representative project, and compares the advantages and disadvantages of the mainstream consensus mechanism; finally, it gives suggestions on how to choose a consensus mechanism for blockchain projects and pointed out the possibility of the future development of the consensus mechanism. Contents First, concept and function of the consensus mechanism 1.1 Concept: The core rules for the normal operation of distributed ledgers 1.2 Role: Solve the trust problem and decide the generation and maintenance of new blocks 1.2.1 Used to solve the trust problem between people 1.2.2 Used to decide who is responsible for generating new blocks and maintaining effective unity in the blockchain system 1.3 Mainstream model of consensus algorithm Second, the origin of the consensus mechanism 2.1 The two armies and the Byzantine generals 2.1.1 The two armies problem 2.1.2 The Byzantine generals problem 2.2 Development history of consensus mechanism 2.2.1 Classification of consensus mechanism 2.2.2 Development frontier of consensus mechanism Third, Common Consensus System Fourth, Selection of consensus mechanism and summary of current situation 4.1 How to choose a consensus mechanism that suits you 4.1.1 Determine whether the final result is important 4.1.2 Determine how fast the application process needs to be 4.1.2 Determining the degree to which the application requires for decentralization 4.1.3 Determine whether the system can be terminated 4.1.4 Select a suitable consensus algorithm after weighing the advantages and disadvantages 4.2 Future development of consensus mechanism Last lecture review: Chapter 1 Concept and Function of Consensus Mechanism plus Chapter 2 Origin of Consensus Mechanism Chapter 3 Common Consensus Mechanisms (Part 1) Figure 6 Summary of relatively mainstream consensus mechanisms 📷 https://preview.redd.it/9r7q3xra4db51.png?width=567&format=png&auto=webp&s=bae5554a596feaac948fae22dffafee98c4318a7 Source: Hasib Anwar, "Consensus Algorithms: The Root Of The Blockchain Technology" The picture above shows 14 relatively mainstream consensus mechanisms summarized by a geek Hasib Anwar, including PoW (Proof of Work), PoS (Proof of Stake), DPoS (Delegated Proof of Stake), LPoS (Lease Proof of Stake), PoET ( Proof of Elapsed Time), PBFT (Practical Byzantine Fault Tolerance), SBFT (Simple Byzantine Fault Tolerance), DBFT (Delegated Byzantine Fault Tolerance), DAG (Directed Acyclic Graph), Proof-of-Activity (Proof of Activity), Proof-of- Importance (Proof of Importance), Proof-of-Capacity (Proof of Capacity), Proof-of-Burn ( Proof of Burn), Proof-of-Weight (Proof of Weight). Next, we will mainly introduce and analyze the top ten consensus mechanisms of the current blockchain. 》POW -Concept: Work proof mechanism. That is, the proof of work means that it takes a certain amount of computer time to confirm the work. -Principle: Figure 7 PoW work proof principle 📷 https://preview.redd.it/xupacdfc4db51.png?width=554&format=png&auto=webp&s=3b6994641f5890804d93dfed9ecfd29308c8e0cc The PoW represented by Bitcoin uses the SHA-256 algorithm function, which is a 256-bit hash algorithm in the password hash function family: Proof of work output = SHA256 (SHA256 (block header)); if (output of proof of work if (output of proof of work >= target value), change the random number, recursive i logic, continue to compare with the target value. New difficulty value = old difficulty value* (time spent by last 2016 blocks /20160 minutes) Target value = maximum target value / difficulty value The maximum target value is a fixed number. If the last 2016 blocks took less than 20160 minutes, then this coefficient will be small, and the target value will be adjusted bigger, if not, the target value will be adjusted smaller. Bitcoin mining difficulty and block generation speed will be inversely proportional to the appropriate adjustment of block generation speed. -Representative applications: BTC, etc. 》POS -Concept: Proof of stake. That is, a mechanism for reaching consensus based on the holding currency. The longer the currency is held, the greater the probability of getting a reward. -Principle: PoS implementation algorithm formula: hash(block_header) = Coin age calculation formula: coinage = number of coins * remaining usage time of coins Among them, coinage means coin age, which means that the older the coin age, the easier it is to get answers. The calculation of the coin age is obtained by multiplying the coins owned by the miner by the remaining usage time of each coin, which also means that the more coins you have, the easier it is to get answers. In this way, pos solves the problem of wasting resources in pow, and miners cannot own 51% coins from the entire network, so it also solves the problem of 51% attacks. -Representative applications: ETH, etc. 》DPoS -Concept: Delegated proof of stake. That is, currency holding investors select super nodes by voting to operate the entire network , similar to the people's congress system. -Principle: The DPOS algorithm is divided into two parts. Elect a group of block producers and schedule production. Election: Only permanent nodes with the right to be elected can be elected, and ultimately only the top N witnesses can be elected. These N individuals must obtain more than 50% of the votes to be successfully elected. In addition, this list will be re-elected at regular intervals. Scheduled production: Under normal circumstances, block producers take turns to generate a block every 3 seconds. Assuming that no producer misses his order, then the chain they produce is bound to be the longest chain. When a witness produces a block, a block needs to be generated every 2s. If the specified time is exceeded, the current witness will lose the right to produce and the right will be transferred to the next witness. Then the witness is not only unpaid, but also may lose his identity. -Representative applications: EOS, etc. 》DPoW -Concept: Delayed proof of work. A new-generation consensus mechanism based on PoB and DPoS. Miners use their own computing power, through the hash algorithm, and finally prove their work, get the corresponding wood, wood is not tradable. After the wood has accumulated to a certain amount, you can go to the burning site to burn the wood. This can achieve a balance between computing power and mining rights. -Principle: In the DPoW-based blockchain, miners are no longer rewarded tokens, but "wood" that can be burned, burning wood. Miners use their own computing power, through the hash algorithm, and finally prove their work, get the corresponding wood, wood is not tradable. After the wood has accumulated to a certain amount, you can go to the burning site to burn the wood. Through a set of algorithms, people who burn more wood or BP or a group of BP can obtain the right to generate blocks in the next event segment, and get rewards (tokens) after successful block generation. Since more than one person may burn wood in a time period, the probability of producing blocks in the next time period is determined by the amount of wood burned by oneself. The more it is burned, the higher the probability of obtaining block rights in the next period. Two node types: notary node and normal node. The 64 notary nodes are elected by the stakeholders of the dPoW blockchain, and the notarized confirmed blocks can be added from the dPoW blockchain to the attached PoW blockchain. Once a block is added, the hash value of the block will be added to the Bitcoin transaction signed by 33 notary nodes, and a hash will be created to the dPow block record of the Bitcoin blockchain. This record has been notarized by most notary nodes in the network. In order to avoid wars on mining between notary nodes, and thereby reduce the efficiency of the network, Komodo designed a mining method that uses a polling mechanism. This method has two operating modes. In the "No Notary" (No Notary) mode, all network nodes can participate in mining, which is similar to the traditional PoW consensus mechanism. In the "Notaries Active" mode, network notaries use a significantly reduced network difficulty rate to mine. In the "Notary Public Activation" mode, each notary public is allowed to mine a block with its current difficulty, while other notary public nodes must use 10 times the difficulty of mining, and all normal nodes use 100 times the difficulty of the notary public node. Figure 8 DPoW operation process without a notary node 📷 https://preview.redd.it/3yuzpemd4db51.png?width=500&format=png&auto=webp&s=f3bc2a1c97b13cb861414d3eb23a312b42ea6547 -Representative applications: CelesOS, Komodo, etc. CelesOS Research Institute丨DPoW consensus mechanism-combustible mining and voting 》PBFT -Concept: Practical Byzantine fault tolerance algorithm. That is, the complexity of the algorithm is reduced from exponential to polynomial level, making the Byzantine fault-tolerant algorithm feasible in practical system applications. -Principle: Figure 9 PBFT algorithm principle 📷 https://preview.redd.it/8as7rgre4db51.png?width=567&format=png&auto=webp&s=372be730af428f991375146efedd5315926af1ca First, the client sends a request to the master node to call the service operation, and then the master node broadcasts other copies of the request. All copies execute the request and send the result back to the client. The client needs to wait for f+1 different replica nodes to return the same result as the final result of the entire operation. Two qualifications: 1. All nodes must be deterministic. That is to say, the results of the operation must be the same under the same conditions and parameters. 2. All nodes must start from the same status. Under these two limited qualifications, even if there are failed replica nodes, the PBFT algorithm agrees on the total order of execution of all non-failed replica nodes, thereby ensuring security. -Representative applications: Tendermint Consensus, etc. Next Lecture: Chapter 3 Common Consensus Mechanisms (Part 2) + Chapter 4 Consensus Mechanism Selection and Status Summary CelesOS As the first DPOW financial blockchain operating system, CelesOS adopts consensus mechanism 3.0 to break through the "impossible triangle", which can provide high TPS while also allowing for decentralization. Committed to creating a financial blockchain operating system that embraces supervision, providing services for financial institutions and the development of applications on the supervision chain, and formulating a role and consensus ecological supervision layer agreement for supervision. The CelesOS team is dedicated to building a bridge between blockchain and regulatory agencies/financial industry. We believe that only blockchain technology that cooperates with regulators will have a real future. We believe in and contribute to achieving this goal. 📷Website https://www.celesos.com/ 📷Telegram https://t.me/celeschain 📷Twitter https://twitter.com/CelesChain 📷Reddit https://www.reddit.com/useCelesOS 📷Medium https://medium.com/@celesos 📷Facebook https://www.facebook.com/CelesOS1 📷Youtube https://www.youtube.com/channel/UC1Xsd8wU957D-R8RQVZPfGA
The team’s overall technical background is good, and the CTO and CEO of the project have rich experience in related industries;
The current business scope of CoinEx has been expanded, and the development of the public chain has a decisive role in promoting the development of the exchange business;
The project operation information is transparent, and the development process is consistent with the road map;
The unlocking schedule is clear, and the token held by the team will be unlocked continuously in the next five years;
The project uses POS consensus mechanism. At present, it has been launched on the main network, and the block time is stable, between 2–3 seconds.
It is not clear enough yet whether the trichain operation planning can achieve the project’s development goals;
There is limited information on implementation details about cross-chain and other related technologies, and the development status needs to be assessed based on the later project development disclosure information;
The team currently hold a large share of the token, hence the distribution of tokens is relatively concentrated;
There are few application scenarios for project tokens, and more ecosystem scenarios need to be developed;
As a deflationary token, CET needs to be balanced by dealing with the contradiction between public chain users and token holders.
The development of CoinEx Chain contributes to the future development of CoinEx’s centralized and decentralized exchanges; the concept of trichain operation simplifies the functions of each chain, improving their performance. At present, there are few exchanges working on the public chain, and no fierce competition has occurred.
Considering the status and development prospects of the project, TokenInsight gives CoinEx a rating of BB with a stable outlook.
1. Multidimensional evaluation
2. Project analysis
CoinEx (CoinEx Technology Limited) was established in December 2017 and is headquartered in Hong Kong, China. It is a sub-brand of the ViaBTC mining pool. At present, CoinEx’s business scope includes CoinEx exchange, CoinEx public chain, and CoinEx decentralized exchange. The current development focus of the CoinEx platform are public chain and exchange. The main purpose of the public chain is to build a decentralized exchange (DEX) infrastructure and an ecosystem around DEX. CoinEx business structure，Source: CoinEx; TokenInsight
“ CoinEx Chain uses the parallel operation of three chains which are DEX, Smart, and Privacy, as well as cross-chain technologies to create a rich decentralized exchange ecosystem and blockchain financial infrastructure. The core of CoinEx’s early business was the exchange, consisted of two major categories which were spot and derivatives trading. Currently, there are 123 trading currencies online, covering 302 trading pairs. On June 28, 2019, CoinEx released the CoinEx Chain public chain white paper, aiming to build a decentralized trading system (CoinEx DEX) with community-based operations and transparent transaction rules, and providing user-controlled asset trading scenario by the highest technical standards in the industry; CoinEx Chain has become another development focus of CoinEx. CoinEx Token (CET), which was originally a native token of the CoinEx exchange, will also be developed mainly as a built-in token of the public chain. CoinEx Chain is a public chain based on the Tendermint consensus protocol and Cosmos SDK, and it uses POS mechanism. CoinEx Chain plans to support 42 nodes when the project starts, and any entity in the ecosystem can participate in the validator’s campaign by staking CET. CoinEx Chain will use the new block reward and the transaction fee contained in the block as the reward for running the node. CoinEx Chain has developed three public chains with different positioning and different functions in order to meet the needs of blockchain transactions for transaction performance, smart contracts, and privacy protection at the same time. They operate in parallel and collaborate with each other through cross-chain technology. At present, the block time of the public chain is between 2–3 seconds. According to the observation of TokenInsight, the block time is stable, but the number of transactions through the CoinEx public chain is still low at present, the number of transactions in 24 hours is about 30,000; The TPS on public chain disclosed by CoinEx can reach up to 1500 per second. CoinEx Chain uses a trichain parallel model to build a more vibrant ecosystem around DEX. The three chains are DEX public chain, Smart public chain, and Privacy public chain, respectively responsible for decentralized transactions, smart contracts, and on-chain privacy protection. CETs that need to participate in complex financial contracts can be transferred to the Smart public chain through the DEX public chain, then moved back to the DEX public chain after that. CET tokens that need to participate in token confusion can also be carried out through the privacy transaction of the Privacy public chain, and can eventually be returned to the DEX public chain. The three public chains are responsible for their respective duties, and they are interconnected through the cross-chain technology through the relay mechanism. In addition to ensuring their respective transaction processing speed and functional attributes, they can also jointly provide richer and safer functions, and synergistically constitute the CoinEx decentralized public chain ecosystem. In addition, CoinEx Chain also supports any participant to issue new tokens on the chain and create new trading pairs for the issued tokens. CoinEx Chain guarantees the circulation of new tokens by establishing a trading pair between the new token and CET.
2.2 Component architecture
“ Tendermint Core and Cosmos SDK have improved the performance and operation capability of the blockchain. The SDK packaging reduces the consideration of non-related logic, hence reducing the development complexity. CoinEx Chain is based on Tendermint Core and Cosmos SDK, both of which have brought a big boost to the development of CoinEx public chain performance. Cosmos-SDK will implement the application logic of the blockchain. Together with the Tendermint consensus engine, it implements the three-layer architecture of the CoinEx public chain: the application layer, the consensus layer, and the network layer. Tendermint Tendermint is based on the state machine replication technology and is suitable for blockchain ledger storage. It is a list of transactions making consensus with Byzantine fault tolerance, the transactions are executed in the same order, and eventually the same state is obtained. Tendermint can be used to build various distributed applications. Cosmos SDK Cosmos-SDK is a blockchain framework that supports the construction of multiple assets with a consensus mechanism of POS (Proof of Stake) or POA (Proof of Authority). The goal of the Cosmos SDK is to allow developers to easily build custom blockchains from 0, while enabling the interaction with other blockchains. Cosmos-SDK is a blockchain framework that supports the construction of multiple assets with a consensus mechanism of POS (Proof of Stake) or POA (Proof of Authority). The goal of the Cosmos SDK is to allow developers to easily build custom blockchains from 0, while enabling the interaction with other blockchains. The blockchain development framework Cosmos SDK implements general functions such as account management, community governance, and staking in a modular form. Therefore, using the Cosmos SDK to build a public chain can simplify development procedures and facilitate operation. Tendermint is a fixed protocol in a partially synchronized environment, which can achieve throughput within a delay range of the network and each process itself. The CoinEx public chain is developed based on both, improving the performance and operability of the blockchain. The SDK packaging further reduces considerations of non-related logic and reduces the complexity of developers creating. The two components of Tendermint and Cosmos SDK are connected and interacted through the Application Blockchain Interface. Cosmos SDK and Tendermint interworking structure，Source:CoinEx; TokenInsight
2.3 Project public chain planning
The development plan of the CoinEx public chain is to create a series of public chains with specific application directions, including:
DEX public chain: solve the problems of lack of security and opacity that are widely criticized by centralized exchanges at present; aim to build a transparent, safe, and permission-free financial platform; restore the experience of central exchanges to the greatest extent；
Smart public chain: a public chain that specifically supports smart contracts and provides a platform for building complex financial applications;
Privacy public chain: mainly provides transaction amount, account balance, and information protection and the hiding of both parties to the transaction.
In order to achieve the performance of each specific application public chain, each public chain in the CoinEx public chain focuses on the development of a certain function. For example, in order to improve the transaction processing speed of the DEX public chain, the DEX public chain only supports the necessary functions and does not support smart contracts. To achieve the smart contract function support, cross-chain connection between the DEX public chain and the Smart public chain is required.
2.4 Operation analysis
“ The CoinEx platform publishes monthly ecosystem reports with high transparency; but the monthly reports are limited to contents about transactions and development, and lack progress in ecosystem and community construction, making them relatively simple. 2.4.1 Disclosure of ecosystem information Operational risks have a direct impact on platform users. Whether platform operations are smooth and whether there is transparency are issues that platform users care about. The CoinEx platform was established in 2017 and has around 3 years of development. It is also one of the platforms that has been developing for a long time in the exchange industry. It has obtained a digital currency trading license issued by the Estonian Financial Intelligence Unit (FIU), and the platform’s compliance is guaranteed to some degree. The actual operation of the CoinEx platform will be displayed in the form of ecosystem monthly reports. The monthly report contains various types of content such as online currencies, new activities, plans for the next month, and ecosystem dynamics. It involves multiple business dimensions including the CoinEx exchange, CoinEx Public Chain, and CET token. https://preview.redd.it/4mt0999ere551.png?width=631&format=png&auto=webp&s=cba27a7c90275f4c033bdd2445a72e6f294265e8 Snippet of a CoinEx ecosystem monthly report，Source: CoinEx; TokenInsight 2.4.2 Roadmap CoinEx Chain released its development roadmap for the four quarters of 2020 in January 2020. The roadmap shows that CoinEx Chain will undergo major updates on smart contracts and DEX hard fork upgrades. The project roadmap is basically planned on a monthly basis, with a clear plan and a clear direction of development. CoinEx Public Chain 2020 Development Roadmap，Source: CoinEx; TokenInsight In addition to the development route planned in the roadmap, CoinEx public chain also discloses its goals for next month in its monthly ecological report. The project’s main net was launched online in November 2019. According to TokenInsight’s review of the development of CoinEx public chain from January to April and the disclosure of the project’s ecosystem monthly report, the project’s plan about development of the smart contract Demo in February failed to be completed as planned; the project completed launching of the new version of the blockchain browser and the Asian Atlantis upgrade; the smart contract virtual machine development was planned to be completed in April, but the progress related to supporting cross-chain agreements was not disclosed yet. Overall, the project’s development route planning is clear, and the project’s development schedule is consistent with the plan, but there are still some discrepancies. Operation and development information is disclosed every month, and information transparency is high.
3. Industry & Competitors
The earliest origin of the exchange layout in the public chain field began in early 2018 when Binance released an announcement to start the development of the Binance Public Chain officially. In June of the same year, Huobi announced at its brand upgrade conference that it will combine the technical capabilities of the Huobi technical team and the community developers to develop the Huobi public chain called “Huobi Chain”. In December of the same year, OK Group announced the launch of its self-developed public chain OKchain, dedicating to provide underlying technical support and services for startups stationed in B-Labs. The successful launch of the public chain brings huge strategic significance to the exchange, which can not only improve the performance of the existing business of the exchange but also achieve further expansion of its influence. As one of the most important blockchain infrastructures, the public chain can benefit the exchanges behind it. As a platform for developing public chain technology exchanges, CoinEx’s main competitors in the field of public chain development include Binance, Huobi, and OKEx. Although they are all exchange platforms for deploying public chains, the above four are different in terms of specific functions, economic models, and critical points of the public chain.
3.1 Development progress comparison
In 2019, Binance became the first exchange to launch a public chain among all digital asset exchanges, and its main product is Binance exchange (DEX). In April 2020, Binance announced the launch of a second smart contract chain, using Ethereum’s virtual machine, so that developers can build decentralized applications without affecting the performance and functionality of their original chain. OKEx launched OKChain’s testnet in February 2020 and completed open source two months later. OKChain is designed as the basis of large-scale blockchain-driven business applications, with the characteristics of source code decentralization, point-to-point, irreversibility, and efficient autonomy. Huobi released Huobi Chain for the first time in July 2019, the code is open source, and the testnet was released in February 2020. As a “regulator-friendly financial blockchain”, Huobi Chain focuses on providing compliance services for companies and financial institutions. The CoinEx public chain officially completed the main online launch in November 2019 and completed the new block browser’s launch in March 2020. On April 3, 2020, CoinEx DEX uploaded the underlying code to Github to achieve open source. The CoinEx public chain is more inclined to build a full DEX ecosystem to achieve a one-stop solution for issuing, listing, storing, and trading. The long-term goal is to create a blockchain financial infrastructure.
3.2 Comparison of economic models
At present, the exchange is more inclined to use its existing platform currency as the native token of the public chain in the construction of public chain ecology. CoinEx’s CET, Binance’s BNB, and Huobi’s HT all fall into this category. OKEx is the only exchange that issues new tokens for its OKChain, which means OKT is the only ‘inflation token’ in the exchange’s public chain, while CET, HT, and BNB are all deflationary.
3.3 Decentralization of public chain
The initial number of CoinEx public chain verification nodes is 42, which is currently the most decentralized among all exchange public chains, and able to take both efficiency and decentralization into account; OKChain also currently has a relatively high degree of decentralization in the exchange public chain (21 verification nodes), its nodes have a high degree of autonomy; by contrast, Binance still firmly controls the operation of nodes and transactions; In terms of encourages cooperation between regulators and the private financial aspects, Huobi provides a lesser degree of decentralization. Huobi Chain uses a variant of the DPoS consensus algorithm to provide functions such as “supervision nodes”, allowing regulators to become validators. Comparison of some dimensions of CoinEx, Huobi, Binance and OKEx public chain，Source: TokenInsight
4. Token Economy
CoinEx Token (CET) is a native token of the CoinEx ecosystem. It was issued in January 2018. Token holders can enjoy some user value-added services within the ecosystem. Currently, it is mainly used as a native token on the CoinEx Chain. As of 11 am on April 23, 2020, the current circulation of CET tokens in the market is 3,215,354,906.31, with a total of 5,842,177,609.53. CET tokens will not be further issued or inflated. Currently, daily repurchase and quarterly destruction are carried out. The repurchase destruction dynamics can now be tracked real-time on the CET repurchase system on the platform.
4.1 Token Distribution
The CET token used to be based on the ERC-20 token developed by Ethereum. Since the CoinEx Chain mainnet was launched in November 2019, some ERC-20 CET tokens have been mapped to the mainnet CET, and the rest of the CET will be mapped before November 10, 2020. CET holders need to deposit ERC-20 CET to the COinEX exchange, and the exchange will conduct the main network mapping. At present, CET is mainly circulated in the form of mainnet tokens, and only a small portion of ERC-20 CET has not been mapped. The distribution of token holdings currently circulating on the mainnet can be seen in the figure below. At present, the number of tokens held by the top ten holders accounts for about 60.44% of all mainnet CET tokens. Distribution of CET token holding addresses，Source: Etherscan; TokenInsight The following figure shows the initial distribution of tokens after the mainnet mapping preset by CoinEx. From the initial distribution map of CET, it shows that, after mapping, a large portion of CET remains concentrated in the hands of the team (31%), and the actual number of CET circulating in the market only accounts for 49% of the total. The initial distribution of CET token，Source: CoinEx; TokenInsight After the main net mapping, the 31% of the total CET (1.8 billion) held by the team will be gradually unlocked in the five years from 2020 to 2024, and 360 million CET will be unlocked each year. By 2024, the CET held by the team will be completely unlocked. From the current CET dynamics, the CET share held by some teams has been used for destruction purposes to achieve the purpose of CET austerity. If the frozen 1.8 billion CET held by the team are used for similar purposes, the development of CET and its platform can benefit from it. Team’s CET unlocking plan，Source: CoinEx; TokenInsight
4.2 Token economic model
4.2.1 Deflation mechanism Since the CET token went online in January 2018, CoinEx has increased the circulation of CET through airdrops, transaction fee refunds, operation promotion, and team unlocking. As one of the existing platform coins with long development time, the deflation mechanism of CET token has undergone a series of changes with the development of the industry. In 2018, when the concept of coin-based mining prevailed, CET used transaction mining, stake mining, and pending order mining, which were cancelled in October, December and, April respectively of the following year. The repurchase and destruction model currently used by CET was updated by CoinEx on April 11, 2020. The original CET quarterly repurchase and destruction policy of the platform will be adjusted to daily repurchase and quarterly destruction. After the implementation of the daily repurchase policy, CoinEx will take out 50% of the daily fee income for CET repurchase in the secondary market and implement quarterly destruction until the total remaining circulation is 3 billion (currently about 5.8 billion). At the same time that CoinEx updated the repurchase and destruction plan on April 11, the platform also launched a page dedicated to displaying CET repurchase information, so that users can clearly understand the progress of CET repurchase and destruction. As of April 23, 2020, the platform has destroyed 4,157,822,390.46 CET tokens, accounting for 41.6% of the initial total issuance. At the end of January 2019, it had destroyed 4 billion CETs (single destruction volume peak) at the end of this quarter. The number of CETs to be destroyed is 3,422,983.56. CET historical destruction data，Source: CoinEx; TokenInsight 4.2.2 Application scenarios The current usage scenarios of CET are discounted platform transaction fees, VIP services, special activities rights and interests, CoinEx Chain internal circulation fuel, and use of external scenarios. Deduction and discount of platform transaction fees CoinEx platform users can use CET to deduct transaction fees when conducting transactions within the platform. At the same time, using CET to pay transaction fees can enjoy the exclusive preferential rates provided by the platform. CET fee discount amount，Source：CoinEx; TokenInsight VIP service Holding a certain number of CETs can make a user become a platform VIP user. Users can also use CET to purchase platform VIPs to obtain corresponding privileges such as discounted rates, accelerated withdrawals, and exclusive customers. Special activity rights CET holders can enjoy special rights and interests in platform marketing activities, such as participating in the airdrop of tokens on the platform or accelerating opportunities for high-quality projects. CoinEx Chain built-in token CET will serve as a native token of CoinEx Chain, circulate and serve as fuel in CoinEx Chain, and users can also use CET to invest or trade other digital assets. In addition, CET can also serve as transaction fees and function fees (issuing Token, creating new trading pairs, account activation), etc. in the platform, and users can also participate in the campaign of validators by staking CET tokens. CET is currently used as a circulation token as well for CoinEx DEX to issue tokens, create orders, Bancor, address activation, set address aliases, and other application scenarios. In general, the types of application scenarios of CET are not plenty enough. In order to better develop the internal ecosystem of the platform, it is necessary to design and develop more CET usage scenarios and incentive mechanisms to increase the retention rate of users while adding new users. 4.2.3 Token incentive As the native token of the CoinEx public chain, CET will be used as a block incentive to increase community participation after the mainnet of the public chain launched. The 315 million CET held by the foundation in the total CET issuance will be used to incentivize initial verification nodes and Staking participants. CET annual incentive information，Source：CoinEx; TokenInsight
CoinEx’s investment is led by Bitmain and its main partners include Matrixport, Bitcoin.com, CoinBull, Consensus Lab, BTC.com, BTC.top, Hoo Exchange, Wa Yi, ChainFor.com, etc. Investment institutions and major partners have rich experience in the industry, which can promote the development of projects to a certain extent. However, the current industry involved by the partners is not wide enough, and it will have a limited role in promoting the future of CoinEx’s enriching business lines and increasing ecosystem functions. https://preview.redd.it/zjgzvv6ise551.png?width=533&format=png&auto=webp&s=a3f7fe3abb2c2d522e289213ae6fbc4e899825e0
6. Community Analysis
According to TokenInsight’s research of the CoinEx platform community, as of April 23, 2020, its official Twitter has 19,800 followers and 932 tweets; the official Telegram has 45 official groups, 3 in Chinese and English, and the other is Korean, Arabic, Vietnamese, Indian and other small language groups, with a total number of 56088 people; the current number of followers on Facebook accounts is 3,107. The overall community followers still have a lot of room for improvement, and community activeness needs to be improved. Number of followers on the CoinEx social platform，Source:TokenInsight At present, the project’s search popularity and official website visits are both top-notch, and monthly visits have slowly returned to their previous visit levels after experiencing a significant decline in December 2019. CoinEx visit popularity，Source: TokenInsight, Similarweb, Google At present, the visitors of the CoinEx website are distributed in multiple countries, and there are no visits concentration from a single country or region. Therefore, CoinEx’s comprehensive global influence is widely distributed and has a reasonable degree of internationalization. CoinEx official website’s top 5 countries by number of visitors，Source: CoinEx, TokenInsight Original article Click here to register on CoinEx!
(Number of unique (from or to) addresses per day) 734,798: 100 Largest Transactions: last 24h: 173,096 BTC ($1,594,405,826 USD) 21.97% Total: First Block (Bitcoin creation date) 2009-01-09: Blockchain Size (Bitcoin database size) 335.93 GB: Reddit subscribers: 1,515,435: Tweets per day #Bitcoin: 24,865: Github release: v0.20.0 (2020-06-03 The Bitcoin reward is divided by 2 every 210,000 blocks, or approximately four years. Some of the Bitcoins in circulation are believed to be lost forever or unspendable, for example because of lost passwords, wrong output addresses or mistakes in the output scripts. Value Transacted (24h) and down 8% over the last 2.5 months.At current prices, 10K Bitcoin would be worth nearly $100M.The knee-jerk reaction to that information seems bearish, i.e. "whales Bitcoin Fundamentals Are Excellent. When the price of Bitcoin was $7,500 on October 24, 2019, I wrote that the best time to buy Bitcoin was now. The average block size over the past 24 hours in megabytes. Transazioni al giorno. The aggregate number of confirmed transactions in the past 24 hours. Mempool Size (Bytes) Total Circulating Bitcoin. The total number of mined bitcoin that are currently circulating on the network.
Glassnode: retail investors continue to accumulate bitcoins
A block chain is a transaction database shared by all nodes participating in a system based on the Bitcoin protocol. A full copy of a currency's block chain contains every transaction ever ... The reason the Bitcoin halving is such a popular topic is because the number of Bitcoin that miners are rewarded with are essentially getting cut by 50%. So instead of earning 12.5BTC per block ... According to Glassnode research company, over the past year the number of Bitcoin wallets storing as minimum 0.1 BTC, increased by 14% and reached 3 million. There are now over 3 million Bitcoin ... The main chain (black) consists of the longest series of blocks from the genesis block (green) to the current block. Orphan blocks (purple) exist outside of the main chain. Bitcoin network data You Jun gives us an update on Bitcoin's NVT Ratio, which is the number of daily transactions relative to the current price. If this ratio is outside historical norms, we can say that Bitcoin is ...