Mining Calculator Bitcoin, Ethereum, Litecoin, Dash and Monero

"Infinity" patch for Bitcoin Core v0.12.1, v0.13.2, v0.14.0 — Support SegWit *and* larger blocks

If you…
…then this patch is for you.
This patch contains the minimal changes necessary to make Bitcoin Core accept blocks of any size (up to the overall message size limit of 32 MiB). It does this without removing or neutering the protections against blocks with excessive numbers of signature operations ("sigops"). The maximum number of sigops allowed scales linearly with the size (weight) of the block.
Blocks at or smaller than Core's current limit are treated exactly the same as by unpatched Bitcoin Core, meaning this patch will have no effect until and unless a hard fork to larger blocks occurs.
If a hard fork does occur, nodes running this patch will follow whichever chain demonstrates the most work, regardless of the sizes of the blocks in that chain. This means that nodes running this patch may diverge from nodes running unpatched Bitcoin Core. Apply this patch only if you understand and agree to bear the risks involved.
Why might you want to use this patch?
Core users: If there's a hard fork, you're going to want a way to control your BTU balance. Your Core wallet won't see BTU-only outputs. You could run an instance of Bitcoin Unlimited alongside your Bitcoin Core node to access these BTU-only outputs, but you might be concerned about bugs in Bitcoin Unlimited, and you might not want to actively participate in this whole "emergent consensus" thing. By running a second Bitcoin Core instance with this "Infinity" patch, you will be able to access your BTU balances without needing to run Bitcoin Unlimited.
Unlimited users: If you want to increase on-chain capacity, then you might want to support both SegWit and larger base blocks. Maybe you don't really know what to set "EB" and "AD" to; maybe you'd rather not have to care. If you simply want to follow whichever chain has the most work, then you don't need the complexity (and risks) of Bitcoin Unlimited. By running your node with this "Infinity" patch, you will have the best of both worlds.
Where is the patch?
You can get the patch for your preferred version of Bitcoin Core here (see the links at the bottom).
submitted by whitslack to btc [link] [comments]

The Astounding Incompetence, Negligence, and Dishonesty of the Bitcoin Unlimited Developers

On August 26, 2016 someone noticed that their Classic node had been forked off of the "Big Blocks Testnet" that Bitcoin Classic and Bitcoin Unlimited were running. Neither implementation was testing their consensus code on any other testnets; this was effectively the only testnet being used to test either codebase. The issue was due to a block on the testnet that was mined on July 30, almost a full month prior to anyone noticing the fork at all, which was in violation of the BIP109 specification that Classic miners were purportedly adhering to at the time. Gregory Maxwell observed:
That was a month ago, but it's only being noticed now. I guess this is demonstrating that you are releasing Bitcoin Classic without much testing and that almost no one else is either? :-/
The transaction in question doesn't look at all unusual, other than being large. It was, incidentally, mined by pool.bitcoin.com, which was signaling support for BIP109 in the same block it mined that BIP 109 violating transaction.
Later that day, Maxwell asked Roger Ver to clarify whether he was actually running Bitcoin Classic on the bitcoin.com mining pool, who dodged the question and responded with a vacuous reply that attempted to inexplicably change the subject to "censorship" instead.
Andrew Stone (the lead developer of Bitcoin Unlimited) voiced confusion about BIP109 and how Bitcoin Unlimited violated the specification for it (while falsely signaling support for it). He later argued that Bitcoin Unlimited didn't need to bother adhering to specifications that it signaled support for, and that doing so would violate the philosophy of the implementation. Peter Rizun shared this view. Neither developer was able to answer Maxwell's direct question about the violation of BIP109 §4/5, which had resulted in the consensus divergence (fork).
Despite Maxwell having provided a direct link to the transaction violating BIP109 that caused the chain split, and explaining in detail what the results of this were, later Andrew Stone said:
I haven't even bothered to find out the exact cause. We have had BUIP016 passed to adhere to strict BIP109 compatibility (at least in what we generate) by merging Classic code, but BIP109 is DOA -- so no-one bothered to do it.
I think that the only value to be had from this episode is to realise that consensus rules should be kept to an absolute, money-function-protecting minimum. If this was on mainnet, I'll be the Classic users would be unhappy to be forked onto a minority branch because of some arbitrary limit that is yet another thing would have needed to be fought over as machine performance improves but the limit stays the same.
Incredibly, when a confused user expressed disbelief regarding the fork, Andrew Stone responded:
Really? There was no classic fork? As i said i didnt bother to investigate. Can you give me a link to more info? Its important to combat this fud.
Of course, the proof of the fork (and the BIP109-violating block/transaction) had already been provided to Stone by Maxwell. Andrew Stone was willing to believe that the entire fork was imaginary, in the face of verifiable proof of the incident. He admits that he didn't investigate the subject at all, even though that was the only testnet that Unlimited could have possibly been performing any meaningful tests on at the time, and even though this fork forced Classic to abandon BIP109 entirely, leaving it vulnerable to the types of attacks that Gavin Andresen described in his Guided Tour of the 2mb Fork:
“Accurate sigop/sighash accounting and limits” is important, because without it, increasing the block size limit might be dangerous... It is set to 1.3 gigabytes, which is big enough so none of the blocks currently in the block chain would hit it, but small enough to make it impossible to create poison blocks that take minutes to validate.
As a result of this fork (which Stone was clueless enough to doubt had even happened), Bitcoin Classic and Bitcoin Unlimited were both left vulnerable to such attacks. Fascinatingly, this fact did not seem to bother the developers of Bitcoin Unlimited at all.
On November 17, 2016 Andrew Stone decided to post an article titled A Short Tour of Bitcoin Core wherein he claimed:
Bitcoin Unlimited is building the highest quality, most stable, Bitcoin client available. We have a strong commitment to quality and testing as you will see in the rest of this document.
The irony of this claim should soon become very apparent.
In the rest of the article, Stone wrote with venomous and overtly hostile rhetoric:
As we mine the garbage in the Bitcoin Core code together... I want you to realise that these issues are systemic to Core
He went on to describe what he believed to be multiple bugs that had gone unnoticed by the Core developers, and concluded his article with the following paragraph:
I hope when reading these issues, you will realise that the Bitcoin Unlimited team might actually be the most careful committers and testers, with a very broad and dedicated test infrastructure. And I hope that you will see these Bitcoin Core commits— bugs that are not tricky and esoteric, but simple issues that well known to average software engineers —and commits of “Very Ugly Hack” code that do not reflect the care required for an important financial network. I hope that you will realise that, contrary to statements from Adam Back and others, the Core team does not have unique skills and abilities that qualify them to administer this network.
As soon as the article was published, it was immediately and thoroughly debunked. The "bugs" didn't exist in the current Core codebase; some were results of how Andrew had "mucked with wallet code enough to break" it, and "many of issues were actually caused by changes they made to code they didn't understand", or had been fixed years ago in Core, and thus only affected obsolete clients (ironically including Bitcoin Unlimited itself).
As Gregory Maxwell said:
Perhaps the biggest and most concerning danger here isn't that they don't know what they're doing-- but that they don't know what they don't know... to the point where this is their best attempt at criticism.
Amusingly enough, in the "Let's Lose Some Money" section of the article, Stone disparages an unnamed developer for leaving poor comments in a portion of the code, unwittingly making fun of Satoshi himself in the process.
To summarize: Stone set out to criticize the Core developer team, and in the process revealed that he did not understand the codebase he was working on, had in fact personally introduced the majority of the bugs that he was criticizing, and was actually completely unable to identify any bugs that existed in current versions Core. Worst of all, even after receiving feedback on his article, he did not appear to comprehend (much less appreciate) any of these facts.
On January 27, 2017, Bitcoin Unlimited excitedly released v1.0 of their software, announcing:
The third official BU client release reflects our opinion that Bitcoin full-node software has reached a milestone of functionality, stability and scalability. Hence, completion of the alpha/beta phase throughout 2009-16 can be marked in our release version.
A mere 2 days later, on January 29, their code accidentally attempted to hard-fork the network. Despite there being a very clear and straightforward comment in Bitcoin Core explaining the space reservation for coinbase transactions in the code, Bitcoin Unlimited obliviously merged a bug into their client which resulted in an invalid block (23 bytes larger than 1MB) being mined by Roger Ver's Bitcoin.com mining pool on January 29, 2017, costing the pool a minimum of 13.2 bitcoins. A large portion of Bitcoin Unlimited nodes and miners (which naively accepted this block as valid) were temporarily banned from the network as a result, as well.
The code change in question revealed that the Bitcoin Unlimited developers were not only "commenting out and replacing code without understanding what it's for" as well as bypassing multiple safety-checks that should have prevented such issues from occurring, but that they were not performing any peer review or testing whatsoever of many of the code changes they were making. This particular bug was pushed directly to the master branch of Bitcoin Unlimited (by Andrew Stone), without any associated pull requests to handle the merge or any reviewers involved to double-check the update. This once again exposed the unprofessionalism and negligence of the development team and process of Bitcoin Unlimited, and in this case, irrefutably had a negative effect in the real world by costing Bitcoin.com thousands of dollars worth of coins.
In effect, this was the first public mainnet fork attempt by Bitcoin Unlimited. Unsurprisingly, the attempt failed, costing the would-be forkers real bitcoins as a result. It is possible that the costs of this bug are much larger than the lost rewards and fees from this block alone, as other Bitcoin Unlimited miners may have been expending hash power in the effort to mine slightly-oversized (invalid) blocks prior to this incident, inadvertently wasting resources in the doomed pursuit of invalid coins.
On March 14, 2017, a remote exploit vulnerability discovered in Bitcoin Unlimited crashed 75% of the BU nodes on the network in a matter of minutes.
In order to downplay the incident, Andrew Stone rapidly published an article which attempted to imply that the remote-exploit bug also affected Core nodes by claiming that:
approximately 5% of the “Satoshi” Bitcoin clients (Core, Unlimited, XT) temporarily dropped off of the network
In reddit comments, he lied even more explicitly, describing it as "a bug whose effects you can see as approximate 5% drop in Core node counts" as well as a "network-wide Bitcoin client failure". He went so far as to claim:
the Bitcoin Unlimited team found the issue, identified it as an attack and fixed the problem before the Core team chose to ignore it
The vulnerability in question was in thinblock.cpp, which has never been part of Bitcoin Core; in other words, this vulnerability only affected Bitcoin Classic and Bitcoin Unlimited nodes.
In the same Medium article, Andrew Stone appears to have doctored images to further deceive readers. In the reddit thread discussing this deception, Andrew Stone denied that he had maliciously edited the images in question, but when questioned in-depth on the subject, he resorted to citing his own doctored images as sources and refused to respond to further requests for clarification or replication steps.
Beyond that, the same incident report (and images) conspicuously omitted the fact that the alleged "5% drop" on the screenshotted (and photoshopped) node-graph was actually due to the node crawler having been rebooted, rather than any problems with Core nodes. This fact was plainly displayed on the 21 website that the graph originated from, but no mention of it was made in Stone's article or report, even after he was made aware of it and asked to revise or retract his deceptive statements.
There were actually 3 (fundamentally identical) Xthin-assert exploits that Unlimited developers unwittingly publicized during this episode, which caused problems for Bitcoin Classic, which was also vulnerable.
On top of all of the above, the vulnerable code in question had gone unnoticed for 10 months, and despite the Unlimited developers (including Andrew Stone) claiming to have (eventually) discovered the bug themselves, it later came out that this was another lie; an external security researcher had actually discovered it and disclosed it privately to them. This researcher provided the following quotes regarding Bitcoin Unlimited:
I am quite beside myself at how a project that aims to power a $20 billion network can make beginner’s mistakes like this.
I am rather dismayed at the poor level of code quality in Bitcoin Unlimited and I suspect there [is] a raft of other issues
The problem is, the bugs are so glaringly obvious that when fixing it, it will be easy to notice for anyone watching their development process,
it doesn’t help if the software project is not discreet about fixing critical issues like this.
In this case, the vulnerabilities are so glaringly obvious, it is clear no one has audited their code because these stick out like a sore thumb
In what appeared to be a desperate attempt to distract from the fundamental ineptitude that this vulnerability exposed, Bitcoin Unlimited supporters (including Andrew Stone himself) attempted to change the focus to a tweet that Peter Todd made about the vulnerability, blaming him for exposing it and prompting attackers to exploit it... but other Unlimited developers revealed that the attacks had actually begun well before Todd had tweeted about the vulnerability. This was pointed out many times, even by Todd himself, but Stone ignored these facts a week later, and shamelessly lied about the timeline in a propagandistic effort at distraction and misdirection.
submitted by sound8bits to Bitcoin [link] [comments]

Bitcoin dev IRC meeting in layman's terms (2015-11-05)

Once again my attempt to summarize and explain the weekly bitcoin developer meeting in layman's terms. Link to last weeks summarization Note that I crosspost this to Voat, bitcoin.com and the bitcoin-discuss mailing list every week. I can't control what's being talking about in the meeting, if certain things come up I might not be able to post here because of "guidelines".
Disclaimer
Please bear in mind I'm not a developer and I'd have problems coding "hello world!", so some things might be incorrect or plain wrong. Like any other write-up it likely contains personal biases, although I try to stay as neutral as I can. There are no decisions being made in these meetings, so if I say "everyone agrees" this means everyone present in the meeting, that's not consensus, but since a fair amount of devs are present it's a good representation. The dev IRC and mailinglist are for bitcoin development purposes. If you have not contributed actual code to a bitcoin-implementation, this is probably not the place you want to reach out to. There are many places to discuss things that the developers read, including this sub-reddit.
link to this week logs Meeting minutes by meetbot
Main topics discussed where:
Sigcache performance Performance goals for 0.12 transaction priority sigops flooding attack chain limits
Short topics/notes
Note: cfields, mcelrath and BlueMatt (and maybe more) missed the meeting because of daylight saving time.
Closing date for proposals for the scaling bitcoin workshop is the 9th.
Check to see if there are any other commits for the 0.11.2 RC. As soon as 6948 and 6825 are merged it seems good to go. We need to move fairly quick as there are already miners voting for CLTV (F2Pool). Also testnet is CLTV locked already and is constantly forking. 0.11.2 RC1 has been released as of today: https://bitcoin.org/bin/bitcoin-core-0.11.2/test/
Most of the mempool-limiting analysis assumed child-pays-for-parent, however that isn't ready for 0.12 yet, so we should think about possible abuses in context of the existing mining algorithm.
Because of time-constrains opt-in replace-by-fee has been deferred to next weeks meeting, but most people seem to want it in 0.12. sdaftuar makes a note that we need to make clear to users what they need to do if they don't want to accept opt-in transactions.
Sigcache performance
The signature cache, which is in place to increase performance (by not having to check the signature multiple times), and to mitigate some attacks currently has a default limit of 50 000 signatures. Sipa has a pull-request which proposes to: Change the limit from number of entries to megabytes Change the default to 40MB, which corresponds to 500 000 signatures Store salted hashes instead of full entries Remove entries that have been validated in a block
Sipa did benchmarks for various signature cache sizes on hitrate in blocks (how many of the cached signatures are in the block). The maximum sigcache size was 68MB, resulting in a 3% miss-rate. Some blocks though have extremely high miss rates (60%) while others have none. Likely caused by miners running different policies. Gmaxwell proposed to always run script verification for mempool transactions, even if these transactions get rejected into the mempool by the clients policy. The result of that is that even a 300MB sigcache size only gets down to 15% misses. So there's too much crap being relayed to keep any reasonable sized cache. Gmaxwell points out downsides to not checking any rejected transactions, namely: there are some DOS attacks possible, and you increase your misrate if you set a policy which is more restrictive than the typical network, which might result in a race to the bottom.
Sipa continues his work and seeks out other strategies
Performance goals for 0.12
Bitcoin-core 0.12 is scheduled for release December 1st.
Everybody likes to include secp256k1 ASAP, as it has a very large performance increase. Some people would like to include the sigcache pull-request, BIP30, modifyNewCoins and a createNewBlock rewrite if it's ready. Wumpus advises against merging last-minute performance improvements for 0.12.
Mentioned pull-requests should be reviewed, prioritizing CreateNewBlock
transaction priority
Each transaction is assigned a priority, determined by the age, size, and number of inputs. Which makes some transactions free.
Sipa thinks we should get rid of the current priority completely and replace it with a function that modifies fee or size of a transaction. There's a pull-request available that optimizes the current transaction priority, thereby avoiding the political debate that goes with changing the definition of transaction priority. Luke-jr thinks the old policy should remain possible.
Check to see if PR #6357 is safe and efficient enough.
sigops flooding attack
The number of ECDSA signature-checking operations or sigops is currently limited to 20 000 per block. This in order to prevent miners creating blocks that take ages to verify as those operations are time-consuming. You could however construct transactions that have a very high sigops count and since most miners don't take into account the sigops count they end up with very small blocks because the sigop limit is reached. This attack is described here.
Suggestion to take the number of sigops relative to the maximum blocksize into account with the total size. Meaning a 10k sigops transaction would currently be viewed as 500kB in size (for that single transaction, not towards the block). That suggestion would be easy to change in the mining code, but more invasive to try and plug that into everything that looks at feerate. This would also open up attacks on the mempool if these transactions are not evicted by mempool limiting. Luke-jr has a bytes-per-sigop limit, that filters out these attack transactions.
More analysis should be done, people seem fine with the general direction of fixing it.
chain limits
Chain in this context means connected transactions. When you send a transaction that depends on another transaction that has yet to be confirmed we talk about a chain of transactions. Miners ideally take the whole chain into account instead of just every single transaction (although that's not widely implemented afaik). So while a single transaction might not have a sufficient fee, a depending transaction could have a high enough fee to make it worthwhile to mine both. This is commonly known as child-pays-for-parent. Since you can make these chains very big it's possible to clog up the mempool this way. With the recent malleability attacks, anyone who made transactions going multiple layers deep would've already encountered huge problems doing this (beautifully explained in let's talk bitcoin #258 from 13:50 onwards) Proposal and github link.
sdaftuar's analysis shows that 40% of blocks contain a chain that exceeds the proposed limits. Even a small bump doesn't make the problem go away. Possible sources of these chains: a service paying the fees on other transactions (child-pays-for-parent), an iOS wallet that gladly spends unconfirmed change. A business confirms they use child-pays-for-parent when they receive bitcoins from an unspent chain. It is possible that these long chains are delivered to miners directly, in which case they wouldn't be affected by the proposed relay limits (and by malleability). Since this is a problem that needs to be addressed, people seem fine with merging it anyway, communicating in advance to let businesses think about how this affects them.
Merge "Policy: Lower default limits for tx chains" Morcos will mail the developer mailing list after it's merged.
Participants
morcos Alex Morcos gmaxwell Gregory Maxwell wumpus Wladimir J. van der Laan sipa Pieter Wuille jgarzik Jeff Garzik Luke-Jr Luke Dashjr phantomcircuit Patrick Strateman sdaftuar Suhas Daftuar btcdrak btcdrak jouke ??Jouke Hofman?? jtimon Jorge Timón jonasschnelli Jonas Schnelli 
Comic relief
20:01 wumpus #meetingend 20:01 wumpus #meetingstop 20:01 gmaxwell Thanks all. 20:01 btcdrak #exitmeeting 20:01 gmaxwell #nomeetingnonono 20:01 btcdrak #meedingexit 20:01 wumpus #endmeeting 20:01 lightningbot Meeting ended Thu Nov 5 20:01:29 2015 UTC. Information about MeetBot at http://wiki.debian.org/MeetBot . 20:01 btcdrak #rekt 
submitted by G1lius to Bitcoin [link] [comments]

SCRY.INFO underlying double chain technology sharing

SCRY.INFO underlying double chain technology sharing
1.Background
In SCRY project, double chain structure is applied in clients. As for signature algorithm, we selected BIP143. In segregated witness, VERSION 0 applied BIP143 signature verification to increase efficiency, but BIP143S algorithm is not applied to general transactions. We have optimized general transaction signature and verification, apply BIP143 signature and verification to increase the efficiency.
1.1Signature algorithm
Bitcoin applied ECDSA (Elliptic Curve Digital Signature Algorithm) as digital signature algorithm. There are 3 use cases of digital signature algorithm in Bitcoin: 1. Signature can verify the owner of private key, the owner of money transferring in that transaction. 2. The proxy verification cannot be denied, that is the transaction cannot be denied. 3. The signature cannot be falsified, that is transaction (or details of transaction) cannot be adjusted by anyone after signature.
There are two parts of digital signature: one is using private key( signature key) to sign the hash of message(transaction), the other one is to allow everyone can verify the signature by provided public key and information.
  • Signature algorithm
The signature algorithm of Bitcoin is as following:
Sig = Fsig( Fhash(m), dA )
Explanation:
dA is private key signature
m is transaction (or part of transaction)
Fhash is hash function
Fsig is signature algorithm
Sig is result signature
There are 2 functions in the whole signature: Fhash and Fsig。
  • Fhash function
Fhash function is to generate Hash of transaction, first serialize the transaction, based on serialized binary data use SHA256 to calculate the transaction Hash. The general transaction (single input and single output) process is as following:
Transaction serialization:
1.nVersion Transaction version
2.InputCount Input count
3.Prevouts Serialize the input UTXO
4.OutputCount Output count
5.outpoint Serialize the output UTXO
6.nLocktime Locked period of transaction
7.Hash Twice SHA256 calculation based on the data above
  • Fsig function
Fsig function signature algorithm is based on ECDSA. There will be a K value every encryption. Based on this K value, the algorithm will generate a temporary public/private key (K,Q), select X axis of public key Q to get a value R, the formula is as following:
S=K-1 *(Hash(m) + dA *R) mod p
Explanation:
K is temporary private key
R is x axis of temporary public key
dA is signature private key
m is transaction data
p is the main sequence of elliptical curve
The function will generate a value S.
In elliptical curve every encryption will generate a K value. Reuse same K value will cause private key exposed, K value should be seriously secured. Bitcoin use FRC6979 TO ensure certainty, use SHA256 to ensure the security of K value. The simple formula is as following:
K =SHA256(dA+HASH(m))
Explanation,
dA is private key,
m is message.
Final signature will be generated with the combination of ( R and S)
  • Signature verification
Verification process is applying signature to generate inverse function, the formula is as following:
P=S-1 *Hash(m)*G +S-1*R*Qa
Explanation:
R and S are signature value
Qa is user(signer)’s public key
m is signed transaction data
G is generator point of elliptical curve
We can see from this formula, based on information (transaction or part of Hash value), public key and signature of signer(R and S value), calculate the P value, the value will be one point on elliptical curve. If the X axis equals R, then the signature is valid.
1.2

Bip143 brief introduction

There are 4 ECDSA (Elliptic Curve Digital Signature Algorithm) signature verification code(sigops):CHECKSIG, CHECKSIGVERIFY, CHECKMULTISIG, CHECKMULTISIGVERIFY. One transaction abstract will be SHA256 encryption twice.There are at least 2 disadvantages in Bitcoin original digital signature digest algorithm:
●Hash used for data verification is consistent with transaction bytes. The computation of signature verification is based on O(N2) time complexity, time for verification is too long, BIP143 optimizes digest algorithm by importing some “intermediate state” which can be duplicate, make the time complexity of signature verification turn into O(n).
●The other disadvantages of original signature: There are no Bitcoin amounts included in signature when having the transaction, it is not a disadvantage for nodes, but for offline transaction signature devices (cold wallet), since the importing amount is not available, causing that the exact amount and transaction fees cannot be calculated. BIP143 has included the amount in every transaction in the signature.
BIP143 defines a new kind of task digest algorithm, the standard is as following:
Transaction serialization
https://preview.redd.it/2b6c5q2mk7b11.png?width=783&format=png&auto=webp&s=eb952782464942b6930bbd2632fbcd0fbaaf5023
1,4,7,9,10 in the list is the same as original SIGHASH algorithm, original SIGHASH type meaning stay the same. The following contains are changed:
  • Serialization method
  • All SIGHASH commit amount for signature
  • FindAndDelete signature is not suitable for scripteCode;
  • AfterOP_CODESEPARATOR(S),OP_CODESEPARATOR will not delete scriptCode( lastOP_CODESEPARATOR will be deleted after every script);
  • SINGLE does not commit input index.When ANYONECANPAY has no setting,the meaning will not be changed,hashPrevouts and outpoint are implicit committed in input index. When SINGLE use ANYONECANPAY, signed input and output will exist in pairs, but have no limitation to index.
2.BIP143 Signature
In go language, we use btcsuite database to finish signature, btcsuite database is an integrated Bitcoin database, it can generate all nodes program of Bitcoin, but we just use btcsuite database public key/private key API, SHA API and sign RFC6979 signature API. In order to avoid redundancy, the following codes have no adjustments to codes.
2.1
Transaction HASH generation
Transaction information hash generation, every input in transaction will generate a hash value, if there are multi-input in the transaction, then a hash array will be generated, every hash in the array will be consistent with input in transaction.
https://preview.redd.it/n0x5bo9cl7b11.png?width=629&format=png&auto=webp&s=63f4951e5ca7d0cffc6e8905f5d4b33354aa6ecc
Like two transaction input in the image above, every transaction will generate a hash, the transaction above will generate two hash.
  • Fhash function
CalcSignatureHash(script []byte, hashType SigHashType, tx *EMsgTx, idx int)
Explanation:
Script,pubscript is input utxo unlocked script
HashType,signature method or signature type
Tx,details of transaction
Idx,Number of transaction, that is to calculate which transaction hash
The following is Fhash code
https://preview.redd.it/e8xx974gl7b11.png?width=506&format=png&auto=webp&s=9a4f419069bea2e76b8d5b7205a31e06692f3f67
For the situation that multi UTXO input in one transaction, for every input, you can deploy it as examples above, then generate a hash array. Before hash generation, you need to clear “SigantureScript”in other inputs, only leave the “SigantureScript” in this input,That is “ScriptSig”field.
https://preview.redd.it/0omhp2ahl7b11.png?width=462&format=png&auto=webp&s=4cee9b0e4fe10185a39d68bde1032ac4e4dbb9ad
The amount for every UTXO is different. You need to pay attention to the 6th step, what you need to input is the amount for every transaction
Multi-input function generation
func txHash(tx msgtx) ( *[][]byte)
Code details
https://preview.redd.it/rlnxv3lil7b11.png?width=581&format=png&auto=webp&s=804adbee92a9bb9811a4ffc395601ebf191fd664
Repeat deploy Fhash function(CalcSignatureHash)then you can generate a hash array.
2.2Sign with HASH
A hash array is generated in the methods above, for every input with a unique hash in the data, we use signRFC6979 signature function to sign the hash, here we deploy functions in btcsuite database directly.
signRFC6979(PrivateKey, hash)
Through this function, we can generate SigantureScript,add this value to every input SigantureScript field in the transaction.
2.3Multisig
Briefly, multi-sig technology is the question that one UTXO should be signed with how many private keys. There is one condition in script, N public keys are recorded in script, at least M public keys must provide signature to unlock the asset. That is also called M-N method, N is the amount of private keys, M is the signature amount needed for verification
The following is how to realize a 2-2 multisig based on P2SH(Pay-to-Script-Hash) script with go language.
2-2 codes of script function generation:
https://preview.redd.it/7dq7cv9kl7b11.png?width=582&format=png&auto=webp&s=108c6278d656e5fa6b51b5876d5a0f7a1231f933
The function above generated script in the following
2 2 OP_C HECKMULTISIG
Signature function
1. Based on transaction TX,it includes input array []TxIn,generate transaction HASH array,this process is the same as process in general transaction above, deploy the digest function of general transaction above.
func txHash(tx msgtx) ( *[][]byte)
this function generated a hash array, that is every transaction input is consistent with one hash value.
2. Use first public key in redeem script, sign with consistent private key. The process is as general transaction.
signRFC6979(PrivateKey, hash)
After signature, the signature array SignatureScriptArr1 with every single input is generated. Based on this signature value in the array, you can update every input TxIn "SigantureScript" field in transaction TX.
3.Based on updated TX deploy txHash function again, generate new hash array.
func txHash(tx msgtx) ( *[][]byte)
4. Use second public key in redeem script, the consistent private key is used for signature. Use the updated TX in the process above, generate every input hash and sign it.
signRFC6979(PrivateKey, hash)
//Combine the signature generated by first key, signature generated by secondkey and redeem script.
etxscript.EncodeSigScript(&(TX.TxIn[i].SignatureScript),&SigHash2, pkScript)
There are N transactions, so repeat it N times.
The final data is as following:
https://preview.redd.it/78aabhqll7b11.png?width=558&format=png&auto=webp&s=453f7129b2cf3c648b68c2369a4622963087d0c8
References
https://en.wikipedia.org/wiki/Digital_signature*
https://github.com/bitcoin/bips/blob/mastebip-0143.mediawiki
《OReilly.Mastering.Bitcoin.2nd.Edition》
http://www.8btc.com/rfc6979
submitted by StephenCuuuurry to SCRYDDD [link] [comments]

/u/jl_2012 comments on new extension block BIP - "a block reorg will almost guarantee changing txid of the resolution tx, that will permanently invalidate all the child txs based on the resolution tx"

Comments from jl_2012
I feel particularly disappointed that while this BIP is 80% similar to my proposal made 2 months ago ( https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-January/013490.html ), Matt Corallo was only the person replied me. Also, this BIP seems ignored the txid malleability of the resolution tx, as my major technical critique of xblock design.
But anyway, here I’m only making comments on the design. As I said in my earlier post, I consider this more as an academic topic than something really ready for production use.
This specification defines a method of increasing bitcoin transaction throughput without altering any existing consensus rules.
Softforks by definition tighten consensus rules
There has been great debate regarding other ways of increasing transaction throughput, with no proposed consensus-layer solutions that have proven themselves to be particularly safe.
so the authors don’t consider segwit as a consensus-layer solution to increase transaction throughput, or not think segwit is safe? But logically speaking if segwit is not safe, this BIP could only be worse. OTOH, segwit also obviously increases tx throughput, although it may not be as much as some people wish to have.
This specification refines many of Lau's ideas, and offers a much simpler method of tackling the value transfer issue, which, in Lau's proposal, was solved with consensus-layer UTXO selection.
The 2013 one is outdated. As the authors are not quoting it, not sure if they read my January proposal
extension block activation entails BIP141 activation.
I think extension block in the proposed form actually breaks BIP141. It may say it activates segregated witness as a general idea, but not a specific proposal like BIP141
The merkle root is to be calculated as a merkle tree with all extension block txids and wtxids as the leaves.
It needs to be more specific here. How are they exactly arranged? I suggest it uses a root of all txids, and a root of all wtxids, and combine them as the commitment. The reason is to allow people to prune the witness data, yet still able to serve the pruned tx to light wallets. If it makes txid and wtxid as pairs, after witness pruning it still needs to store all the wtxids or it can’t reconstruct the tree
Outputs signal to exit the extension block if the contained script is either a minimally encoded P2PKH or P2SH script.
This hits the biggest question I asked in my January post: do you want to allow direct exit payment to legacy addresses? As a block reorg will almost guarantee changing txid of the resolution tx, that will permanently invalidate all the child txs based on the resolution tx. This is a significant change to the current tx model. To fix this, you need to make exit outputs unspendable for up to 100 blocks. Doing this, however, will make legacy wallet users very confused as they do not anticipate funding being locked up for a long period of time. So you can’t let the money sent back to a legacy address directly, but sent to a new format address that only recognized by new wallet, which understands the lock up requirement. This way, however, introduces friction and some fungibility issues, and I’d expect people using cross chain atomic swap to exchange bitcoin and xbitcoin
To summarise, my questions are: 1. Is it acceptable to have massive txid malleability and transaction chain invalidation for every natural happening reorg? Yes: the current spec is ok; No: next question (I’d say no) 2. Is locking up exit outputs the best way to deal with the problem? (I tried really hard to find a better solution but failed) 3. How long the lock-up period should be? Answer could be anywhere from 1 to 100 4. With a lock-up period, should it allow direct exit to legacy address? (I think it’s ok if the lock-up is short, like 1-2 block. But is that safe enough?) 5. Due to the fungibility issues, it may need a new name for the tokens in the ext-block
Verification of transactions within the extension block shall enforce all currently deployed softforks, along with an extra BIP141-like ruleset.
I suggest to only allow push-only and OP_RETURN scriptPubKey in xblock. Especially, you don’t want to replicate the sighash bug to xblock. Also, requires scriptSig to be always empty
This leaves room for 7 future soft-fork upgrades to relax DoS limits.
Why 7? There are 16 unused witness program versions
Witness script hash v0 shall be worth the number of accurately counted sigops in the redeem script, multiplied by a factor of 8.
There is a flaw here: witness script with no sigop will be counted as 0 and have a lot free space
every 73 bytes in the serialized witness vector is worth 1 additional point.
so 72 bytes is 1 point or 0 point? Maybe it should just scale everything up by 64 or 128, and make 1 witness byte = 1 point . So it won’t provide any “free space” in the block.
Currently defined witness programs (v0) are each worth 8 points. Unknown witness program outputs are worth 1 point. Any exiting output is always worth 8 points.
I’d suggest to have at least 16 points for each witness v0 output, so it will make it always more expensive to create than spend UTXO. It may even provide extra “discount” if a tx has more input than output. The overall objective is to limit the UTXO growth. The ext block should be mainly for making transactions, not store of value (I’ll explain later)
Dust Threshold
In general I think it’s ok, but I’d suggest a higher threshold like 5000 satoshi. It may also combine the threshold with the output witness version, so unknown version may have a lower or no threshold. Alternatively, it may start with a high threshold and leave a backdoor softfork to reduce it.
Deactivation
It is a double-edged sword. While it is good for us to be able to discard an unused chain, it may create really bad user experience and people may even lose money. For example, people may have opened Lightning channels and they will find it not possible to close the channel. So you need to make sure people are not making time-locked tx for years, and require people to refresh their channel regularly. And have big red warning when the deactivation SF is locked in. Generally, xblock with deactivation should never be used as long-term storage of value.
———— some general comments:
  1. This BIP in current form is not compatible with BIP141. Since most nodes are already upgraded to BIP141, this BIP must not be activated unless BIP141 failed to activate. However, if the community really endorse the idea of ext block, I see no reason why we couldn’t activate BIP141 first (which could be done in 2 weeks), then work together to make ext block possible. Ext block is more complicated than segwit. If it took dozens of developers a whole year to release segwit, I don’t see how ext block could become ready for production with less time and efforts.
  2. Another reason to make this BIP compatible with BIP141 is we also need malleability fix in the main chain. As the xblock has a deactivation mechanism, it can’t be used for longterm value storage.
  3. I think the size and cost limit of the xblock should be lower at the beginning, and increases as we find it works smoothly. It could be a predefined growth curve like BIP103, or a backdoor softfork. With the current design, it leaves a massive space for miners to fill up with non-tx garbage. Also, I’d also like to see a complete SPV fraud-proof solution before the size grows bigger.
Source: https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-April/013982.html
submitted by jonny1000 to Bitcoin [link] [comments]

The Astounding Incompetence, Negligence, and Dishonesty of the Bitcoin Unlimited Developers

On August 26, 2016 someone noticed that their Classic node had been forked off of the "Big Blocks Testnet" that Bitcoin Classic and Bitcoin Unlimited were running. Neither implementation was testing their consensus code on any other testnets; this was effectively the only testnet being used to test either codebase. The issue was due to a block on the testnet that was mined on July 30, almost a full month prior to anyone noticing the fork at all, which was in violation of the BIP109 specification that Classic miners were purportedly adhering to at the time. Gregory Maxwell observed:
That was a month ago, but it's only being noticed now. I guess this is demonstrating that you are releasing Bitcoin Classic without much testing and that almost no one else is either? :-/
The transaction in question doesn't look at all unusual, other than being large. It was, incidentally, mined by pool.bitcoin.com, which was signaling support for BIP109 in the same block it mined that BIP 109 violating transaction.
Later that day, Maxwell asked Roger Ver to clarify whether he was actually running Bitcoin Classic on the bitcoin.com mining pool, who dodged the question and responded with a vacuous reply that attempted to inexplicably change the subject to "censorship" instead.
Andrew Stone voiced confusion about BIP109 and how Bitcoin Unlimited violated the specification for it (while falsely signaling support for it). He later argued that Bitcoin Unlimited didn't need to bother adhering to specifications that it signaled support for, and that doing so would violate the philosophy of the implementation. Peter Rizun shared this view. Neither developer was able to answer Maxwell's direct question about the violation of BIP109 §4/5, which had resulted in the consensus divergence (fork).
Despite Maxwell having provided a direct link to the transaction violating BIP109 that caused the chain split, and explaining in detail what the results of this were, later Andrew Stone said:
I haven't even bothered to find out the exact cause. We have had BUIP016 passed to adhere to strict BIP109 compatibility (at least in what we generate) by merging Classic code, but BIP109 is DOA -- so no-one bothered to do it.
I think that the only value to be had from this episode is to realise that consensus rules should be kept to an absolute, money-function-protecting minimum. If this was on mainnet, I'll be the Classic users would be unhappy to be forked onto a minority branch because of some arbitrary limit that is yet another thing would have needed to be fought over as machine performance improves but the limit stays the same.
Incredibly, when a confused user expressed disbelief regarding the fork, Andrew Stone responded:
Really? There was no classic fork? As i said i didnt bother to investigate. Can you give me a link to more info? Its important to combat this fud.
Of course, the proof of the fork (and the BIP109-violating block/transaction) had already been provided to Stone by Maxwell. Andrew Stone was willing to believe that the entire fork was imaginary, in the face of verifiable proof of the incident. He admits that he didn't investigate the subject at all, even though that was the only testnet that Unlimited could have possibly been performing any meaningful tests on at the time, and even though this fork forced Classic to abandon BIP109 entirely, leaving it vulnerable to the types of attacks that Gavin Andresen described in his Guided Tour of the 2mb Fork:
“Accurate sigop/sighash accounting and limits” is important, because without it, increasing the block size limit might be dangerous... It is set to 1.3 gigabytes, which is big enough so none of the blocks currently in the block chain would hit it, but small enough to make it impossible to create poison blocks that take minutes to validate.
As a result of this fork (which Stone was clueless enough to doubt had even happened), Bitcoin Classic and Bitcoin Unlimited were both left vulnerable to such attacks. Fascinatingly, this fact did not seem to bother the developers of Bitcoin Unlimited at all.
On November 17, 2016 Andrew Stone decided to post an article titled A Short Tour of Bitcoin Core wherein he claimed:
Bitcoin Unlimited is building the highest quality, most stable, Bitcoin client available. We have a strong commitment to quality and testing as you will see in the rest of this document.
The irony of this claim should soon become very apparent.
In the rest of the article, Stone wrote with venomous and overtly hostile rhetoric:
As we mine the garbage in the Bitcoin Core code together... I want you to realise that these issues are systemic to Core
He went on to describe what he believed to be multiple bugs that had gone unnoticed by the Core developers, and concluded his article with the following paragraph:
I hope when reading these issues, you will realise that the Bitcoin Unlimited team might actually be the most careful committers and testers, with a very broad and dedicated test infrastructure. And I hope that you will see these Bitcoin Core commits— bugs that are not tricky and esoteric, but simple issues that well known to average software engineers —and commits of “Very Ugly Hack” code that do not reflect the care required for an important financial network. I hope that you will realise that, contrary to statements from Adam Back and others, the Core team does not have unique skills and abilities that qualify them to administer this network.
As soon as the article was published, it was immediately and thoroughly debunked. The "bugs" didn't exist in the current Core codebase; some were results of how Andrew had "mucked with wallet code enough to break" it, and "many of issues were actually caused by changes they made to code they didn't understand", or had been fixed years ago in Core, and thus only affected obsolete clients (ironically including Bitcoin Unlimited itself).
As Gregory Maxwell said:
Perhaps the biggest and most concerning danger here isn't that they don't know what they're doing-- but that they don't know what they don't know... to the point where this is their best attempt at criticism.
Amusingly enough, in the "Let's Lose Some Money" section of the article, Stone disparages an unnamed developer for leaving poor comments in a portion of the code, unwittingly making fun of Satoshi himself in the process.
To summarize: Stone set out to criticize the Core developer team, and in the process revealed that he did not understand the codebase he was working on, had in fact personally introduced the majority of the bugs that he was criticizing, and was actually completely unable to identify any bugs that existed in current versions Core. Worst of all, even after receiving feedback on his article, he did not appear to comprehend (much less appreciate) any of these facts.
On January 27, 2017, Bitcoin Unlimited excitedly released v1.0 of their software, announcing:
The third official BU client release reflects our opinion that Bitcoin full-node software has reached a milestone of functionality, stability and scalability. Hence, completion of the alpha/beta phase throughout 2009-16 can be marked in our release version.
A mere 2 days later, on January 29, their code accidentally attempted to hard-fork the network. Despite there being a very clear and straightforward comment in Bitcoin Core explaining the space reservation for coinbase transactions in the code, Bitcoin Unlimited obliviously merged a bug into their client which resulted in an invalid block (23 bytes larger than 1MB) being mined by Roger Ver's Bitcoin.com mining pool on January 29, 2017, costing the pool a minimum of 13.2 bitcoins. A large portion of Bitcoin Unlimited nodes and miners (which naively accepted this block as valid) were temporarily banned from the network as a result, as well.
The code change in question revealed that the Bitcoin Unlimited developers were not only "commenting out and replacing code without understanding what it's for" as well as bypassing multiple safety-checks that should have prevented such issues from occurring, but that they were not performing any peer review or testing whatsoever of many of the code changes they were making. This particular bug was pushed directly to the master branch of Bitcoin Unlimited (by Andrew Stone), without any associated pull requests to handle the merge or any reviewers involved to double-check the update. This once again exposed the unprofessionalism and negligence of the development team and process of Bitcoin Unlimited, and in this case, irrefutably had a negative effect in the real world by costing Bitcoin.com thousands of dollars worth of coins.
In effect, this was the first public mainnet fork attempt by Bitcoin Unlimited. Unsurprisingly, the attempt failed, costing the would-be forkers real bitcoins as a result. It is possible that the costs of this bug are much larger than the lost rewards and fees from this block alone, as other Bitcoin Unlimited miners may have been expending hash power in the effort to mine slightly-oversized (invalid) blocks prior to this incident, inadvertently wasting resources in the doomed pursuit of invalid coins.
On March 14, 2017, a remote exploit vulnerability discovered in Bitcoin Unlimited crashed 75% of the BU nodes on the network in a matter of minutes.
In order to downplay the incident, Andrew Stone rapidly published an article which attempted to imply that the remote-exploit bug also affected Core nodes by claiming that:
approximately 5% of the “Satoshi” Bitcoin clients (Core, Unlimited, XT) temporarily dropped off of the network
In reddit comments, he lied even more explicitly, describing it as "a bug whose effects you can see as approximate 5% drop in Core node counts" as well as a "network-wide Bitcoin client failure". He went so far as to claim:
the Bitcoin Unlimited team found the issue, identified it as an attack and fixed the problem before the Core team chose to ignore it
The vulnerability in question was in thinblock.cpp, which has never been part of Bitcoin Core; in other words, this vulnerability only affected Bitcoin Classic and Bitcoin Unlimited nodes.
In the same Medium article, Andrew Stone appears to have doctored images to further deceive readers. In the reddit thread discussing this deception, Andrew Stone denied that he had maliciously edited the images in question, but when questioned in-depth on the subject, he resorted to citing his own doctored images as sources and refused to respond to further requests for clarification or replication steps.
Beyond that, the same incident report (and images) conspicuously omitted the fact that the alleged "5% drop" on the screenshotted (and photoshopped) node-graph was actually due to the node crawler having been rebooted, rather than any problems with Core nodes. This fact was plainly displayed on the 21 website that the graph originated from, but no mention of it was made in Stone's article or report, even after he was made aware of it and asked to revise or retract his deceptive statements.
There were actually 3 (fundamentally identical) Xthin-assert exploits that Unlimited developers unwittingly publicized during this episode, which caused problems for Bitcoin Classic, which was also vulnerable.
On top of all of the above, the vulnerable code in question had gone unnoticed for 10 months, and despite the Unlimited developers (including Andrew Stone) claiming to have (eventually) discovered the bug themselves, it later came out that this was another lie; an external security researcher had actually discovered it and disclosed it privately to them. This researcher provided the following quotes regarding Bitcoin Unlimited:
I am quite beside myself at how a project that aims to power a $20 billion network can make beginner’s mistakes like this.
I am rather dismayed at the poor level of code quality in Bitcoin Unlimited and I suspect there [is] a raft of other issues
The problem is, the bugs are so glaringly obvious that when fixing it, it will be easy to notice for anyone watching their development process,
it doesn’t help if the software project is not discreet about fixing critical issues like this.
In this case, the vulnerabilities are so glaringly obvious, it is clear no one has audited their code because these stick out like a sore thumb
In what appeared to be a desperate attempt to distract from the fundamental ineptitude that this vulnerability exposed, Bitcoin Unlimited supporters (including Andrew Stone himself) attempted to change the focus to a tweet that Peter Todd made about the vulnerability, blaming him for exposing it and prompting attackers to exploit it... but other Unlimited developers revealed that the attacks had actually begun well before Todd had tweeted about the vulnerability. This was pointed out many times, even by Todd himself, but Stone ignored these facts a week later, and shamelessly lied about the timeline in a propagandistic effort at distraction and misdirection.
submitted by sound8bits to sound8bits [link] [comments]

Forcenet: an experimental network with a new header format | Johnson Lau | Dec 04 2016

Johnson Lau on Dec 04 2016:
Based on Luke Dashjr’s code and BIP: https://github.com/luke-jbips/blob/bip-mmhf/bip-mmhf.mediawiki , I created an experimental network to show how a new header format may be implemented.
Basically, the header hash is calculated in a way that non-upgrading nodes would see it as a block with only the coinbase tx and zero output value. They are effectively broken as they won’t see any transactions confirmed. This allows rewriting most of the rules related to block and transaction validity. Such technique has different names like soft-hardfork, firmfork, evil softfork, and could be itself a controversial topic. However, I’d rather not to focus on its soft-hardfork property, as that would be trivial to turn this into a true hardfork (e.g. setting the sign bit in block nVersion, or setting the most significant bit in the dummy coinbase nLockTime)
Instead of its soft-HF property, I think the more interesting thing is the new header format. The current bitcoin header has only 80 bytes. It provides only 32bits of nonce space and is far not enough for ASICs. It also provides no room for committing to additional data. Therefore, people are forced to put many different data in the coinbase transaction, such as merge-mining commitments, and the segwit commitment. It is not a ideal solution, especially for light wallets.
Following the practice of segwit development of making a experimental network (segnet), I made something similar and call it the Forcenet (as it forces legacy nodes to follow the post-fork chain)
The header of forcenet is mostly described in Luke’s BIP, but I have made some amendments as I implemented it. The format is (size in parentheses; little endian):
Height (4), BIP9 signalling field (4), hardfork signalling field (3), merge-mining hard fork signalling field (1), prev hash (32), timestamp (4), nonce1 (4), nonce2 (4), nonce3 (compactSize + variable), Hash TMR (32), Hash WMR (32), total tx size (8) , total tx weight (8), total sigops (8), number of tx (4), merkle branches leading to header C (compactSize + 32 bit hashes)
In addition to increasing the max block size, I also showed how the calculation and validation of witness commitment may be changed with a new header. For example, since the commitment is no longer in the coinbase tx, we don’t need to use a 0000….0000 hash for the coinbase tx like in BIP141.
Something not yet done:
  1. The new merkle root algorithm described in the MMHF BIP
  2. The nTxsSigops has no meaning currently
  3. Communication with legacy nodes. This version can’t talk to legacy nodes through the P2P network, but theoretically they could be linked up with a bridge node
  4. A new block weight definition to provide incentives for slowing down UTXO growth
  5. Many other interesting hardfork ideas, and softfork ideas that works better with a header redesign
For easier testing, forcenet has the following parameters:
Hardfork at block 200
Segwit is always activated
1 minutes block with 40000 (prefork) and 80000 (postfork) weight limit
50 blocks coinbase maturity
21000 blocks halving
144 blocks retarget
How to join: codes at https://github.com/jl2012/bitcoin/tree/forcenet1 , start with "bitcoind —forcenet" .
Connection: I’m running a node at 8333.info with default port (38901)
Mining: there is only basic internal mining support. Limited GBT support is theoretically possible but needs more hacking. To use the internal miner, writeup a shell script to repeatedly call “bitcoin-cli —forcenet generate 1”
New RPC commands: getlegacyblock and getlegacyblockheader, which generates blocks and headers that are compatible with legacy nodes.
This is largely work-in-progress so expect a reset every couple weeks
jl2012
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 671 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20161205/126aae21/attachment.sig
original: https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2016-Decembe013338.html
submitted by dev_list_bot to bitcoin_devlist [link] [comments]

Lies, FUD, and hyperbole

https://medium.com/@octskyward/the-resolution-of-the-bitcoin-experiment-dabb30201f7#.obcepgw0g
Lies, FUD, and hyperbole Part 1
With apologies to the length but Hearn does pack a lot of misrepresentations and lies into this article.
a system completely controlled by just a handful of people. Worse still, the network is on the brink of technical collapse.
This is patently untrue as power dynamics within bitcoin are a complex interwoven level of game theory shared by miners, nodes, developers, merchants and payment processors, and users. Even if one were to make the false assumption that Miners control all the power, the reality is mining pools are either made up of thousands of individual miners who can and do redirect their hashing power or private pools with companies controlled by multiple investors and owners.
Worse still, the network is on the brink of technical collapse.
If and when a fee event happens, bitcoin will be just fine. Wallets already can adjust for fees and tx fee pressures will be kept reasonable because they still need to compete with free off the chain solutions. Whether the Block size is raised to 2, 4, or 8 MB it will also be fine(in the short term) as long as corresponding sigop protections are included. The blocksize debate more has to do with bikeshedding and setting a long term direction for bitcoin than preventing a short term technical collapse.
Couldn’t move your existing money
Bitcoin functions as a payment rails system just fine, just ask Coinbase and bitpay.
Had wildly unpredictable fees that were high and rising fast
False, I normal pay 3-5 pennies , and tx instantly get to their destination and confirm between 5 min to 1 hour like normal. CC txs take weeks to months to confirm.
Allowed buyers to take back payments they’d made after walking out of shops, by simply pressing a button (if >you aren’t aware of this “feature” that’s because Bitcoin was only just changed to allow it)
RBF is opt in , and therefore payment processors won't accept this if they do 0 conf tx approvals.
Is suffering large backlogs and flaky payments
The block chain is full.
Blocks are 60-70% full on average . We have yet to see a continuous backlog lasting more than a few hours max. This conf backlog doesn't prevent tx from being processed unlike when the Visa/paypal network goes down and you cannot make a payment at all.
… which is controlled by China
People in China [b]partially [/b]Control one small aspect of the bitcoin ecosystem and why shouldn't they? They do represent 19% of the worlds population. This comment is both misleading and xenophobic.
… and in which the companies and people building it were in open civil war?
Most people are passionate but still friendly behind closed doors. The Blocksize debate has spurred decentralization of developer groups and new ideas which are good things. Sure there has been some unproductive infighting , but we will get through this and be stronger for it. "Civil wars" exist within and between all currencies anyways so this is nothing surprising.
Once upon a time, Bitcoin had the killer advantage of low and even zero fees, but it’s now common to be asked >to pay more to miners than a credit card would charge.
Credit cards charge 2.8% to 7% in the US and 5-8% in many other countries. Bitcoins once had fees up to 40 cents a tx , and for the past few years normal fees have been consistently between 2-8 pennies per tx on the chain and free off the chain.
Because the block chain is controlled by Chinese miners, just two of whom control more >than 50% of the hash >power.
At a recent conference over 95% of hashing power was controlled by a handful of guys sitting on a single stage.
Mining pools are controlled by many miners and interests , not individuals. Miners also share the control with many other competing interests and are limited in their ability to harm the bitcoin ecosystem if they so choose.
They have chosen instead to ignore the problem and hope it goes away.
Bitcoin core has already come to a consensus on a scaling proposal - https://bitcoincore.org/en/2015/12/21/capacity-increase/ https://bitcoincore.org/en/2015/12/23/capacity-increases-faq/ and various other implementations are developing theirs to propose to the community. Bitcoin Classic is another interesting implementations that appears to have found consensus around BIP102.
This gives them a perverse financial incentive to actually try and stop Bitcoin becoming popular.
The Chinese miners want bitcoin to scale to at least 2MB in the short term, something that both Core and Classic accommodate. Bitcoin will continue to scale with many other solutions and ultimately payment channels will allow it to scale to Visa like levels of TPS.
The resulting civil war has seen Coinbase — the largest and best known Bitcoin startup in the USA — be erased >from the official Bitcoin website for picking the “wrong” side and banned from the community forums.
Coinbase was re-added to bitcoin.org. Mike conveniently left that important datapoint off.
has gone from being a transparent and open community to one that is dominated by rampant censorship
There are more subreddits, more forums , and more information than ever before. The blocksize debate does sometimes create divisions in our ecosystem but the information is all there and easy for anyone to investigate.
But the inability to get news about XT or the censorship itself through to users has some problematic effects.
The failure of XT has nothing to do with the lack of information. If anything there is too much information available , being repeated over and over , in many different venues.
One of them, Gregory Maxwell, had an unusual set of views: he once claimed he had mathematically proven >Bitcoin to be impossible. More problematically, he did not believe in Satoshi’s original vision.
Satoshi never intended to be used as an argument from authority and if he does he can always come back and contribute. We should not depend upon an authority figure but evidence, valid reasoning, and testing.
And indeed back-of-the-envelope calculations suggested that, as he said to me, “it never really hits a scale >ceiling” even when looking at more factors than just bandwidth.
Hearn's calculations are wrong. More specifically they do not take into account TOR, decentralization in locations with bandwidth limitations, bandwidth softcaps imposed by ISP's, the true scale of historical bandwidth increases, and malicious actors attacking the system with sophisticated attacks.
Once the 5 developers with commit access to the code had been chosen and Gavin had decided he did not want >to be the leader, there was no procedure in place to ever remove one.
The 45 developers who contributed to Bitcoin Core in 2015 could be replaced instantly if the community wanted with little effort. Ultimately, the nodes, miners and users control which code they use and no group of developers can force them to upgrade. In fact Bitcoin Core deliberately avoids and auto-update feature with their releases at the cost of usability to specifically insure that users have to actively choose all new features and can opt out simply by not upgrading.
... end of part one...
submitted by bitusher to Bitcoin [link] [comments]

Extension block proposal by Jeffrey et al | Luke Dashjr | Apr 04 2017

Luke Dashjr on Apr 04 2017:
Recently there has been some discussion of an apparent work-in-progress
extension block proposal by Christopher Jeffrey, Joseph Poon, Fedor Indutny,
and Steven Pair. Since this hasn't been formally posted on the ML yet, perhaps
it is still in pre-draft stages and not quite ready for review, but in light
of public interest, I think it is appropriate to open it to discussion, and
toward this end, I have reviewed the current revision.
For reference, the WIP proposal itself is here:
https://github.com/tothemoon-org/extension-blocks 
==Overall analysis & comparison==
This is a relatively complicated proposal, creating a lot of additional
technical debt and complexity in comparison to both BIP 141 and hardforks. It
offers no actual benefits beyond BIP 141 or hardforks, so seems irrational to
consider at face value. In fact, it fits much better the inaccurate criticisms
made by segwit detractors against BIP 141.
That being said, this proposal is very interesting in construction and is for
the most part technically sound. While ill-fit to merely making blocks larger,
it may be an ideal fit for fundamentally different block designs such as
Rootstock and MimbleWimble in absence of decentralised non-integrated
sidechains (extension blocks are fundamentally sidechains tied into Bitcoin
directly).
==Fundamental problem==
Extension blocks are a risk of creating two classes of "full nodes": those
which verify the full block (and are therefore truly full nodes), and those
which only verify the "base" block. However, because the extension is
consensus-critical, the latter are in fact not full nodes at all, and are left
insecure like pseudo-SPV (not even real SPV) nodes. This technical nature is
of course true of a softfork as well, but softforks are intentionally designed
such that all nodes are capable of trivially upgrading, and there is no
expectation for anyone to run with pre-softfork rules.
In general, hardforks can provide the same benefits of an extension block, but
without the false expectation and pointless complexity.
==Other problems & questions==
These outpoints may not be spent inside the mempool (they must be redeemed
from the next resolution txid in reality).
This breaks the ability to spend unconfirmed funds in the same block (as is
required for CPFP).
The extension block's transaction count is not cryptographically committed-to
anywhere. (This is an outstanding bug in Bitcoin today, but impractical to
exploit in practice; however, exploiting it in an extension block may not be
as impractical, and it should be fixed given the opportunity.)
The merkle root is to be calculated as a merkle tree with all extension
block txids and wtxids as the leaves.
This needs to elaborate how the merkle tree is constructed. Are all the txids
followed by all the wtxids (tx hashes)? Are they alternated? Are txid and
wtxid trees built independently and merged at the tip?
Output script code aside from witness programs, p2pkh or p2sh is considered
invalid in extension blocks.
Why? This prevents extblock users from sending to bare multisig or other
various possible destinations. (While static address forms do not exist for
other types, they can all be used by the payment protocol.)
Additionally, this forbids datacarrier (OP_RETURN), and forces spam to create
unprovably-unspendable UTXOs. Is that intentional?
The maximum extension size should be intentionally high.
This has the same "attacks can do more damage than ordinary benefit" issue as
BIP141, but even more extreme since it is planned to be used for future size
increases.
Witness key hash v0 shall be worth 1 point, multiplied by a factor of 8.
What is a "point"? What does it mean multiplied by a factor of 8? Why not just
say "8 points"?
Witness script hash v0 shall be worth the number of accurately counted
sigops in the redeem script, multiplied by a factor of 8.
Please define "accurately counted" here. Is this using BIP16 static counting,
or accurately counting sigops during execution?
To reduce the chance of having redeem scripts which simply allow for garbage
data in the witness vector, every 73 bytes in the serialized witness vector is
worth 1 additional point.
Is the size rounded up or down? If down, 72-byte scripts will carry 0
points...)
==Trivial & process==
BIPs must be in MediaWiki format, not Markdown. They should be submitted for
discussion to the bitcoin-dev mailing list, not social media and news.
Layer: Consensus (soft-fork)
Extension blocks are more of a hard-fork IMO.
License: Public Domain
BIPs may not be "public domain" due to non-recognition in some jurisdictions.
Can you agree on one or more of these?
https://github.com/bitcoin/bips/blob/mastebip-0002.mediawiki#Recommended_licenses

Abstract

This specification defines a method of increasing bitcoin transaction
throughput without altering any existing consensus rules.
This is inaccurate. Even softforks alter consensus rules.

Motivation

Bitcoin retargetting ensures that the time in between mined blocks will be
roughly 10 minutes. It is not possible to change this rule. There has been
great debate regarding other ways of increasing transaction throughput, with
no proposed consensus-layer solutions that have proven themselves to be
particularly safe.
Block time seems entirely unrelated to this spec. Motivation is unclear.
Extension blocks leverage several features of BIP141, BIP143, and BIP144 for
transaction opt-in, serialization, verification, and network services, and as
such, extension block activation entails BIP141 activation.
As stated in the next paragraph, the rules in BIP 141 are fundamentally
incompatible with this one, so saying BIP 141 is activated is confusingly
incorrect.
This specification should be considered an extension and modification to
these BIPs. Extension blocks are not compatible with BIP141 in its current
form, and will require a few minor additional rules.
Extension blocks should be compatible with BIP 141, there doesn’t appear to be
any justification for not making them compatible.
This specification prescribes a way of fooling non-upgraded nodes into
believing the existing UTXO set is still behaving as they would expect.
The UTXO set behaves fundamentally different to old nodes with this proposal,
albeit in a mostly compatible manner.
Note that canonical blocks containing entering outputs MUST contain an
extension block commitment (all zeroes if nothing is present in the extension
block).
Please explain why in Rationale.
Coinbase outputs MUST NOT contain witness programs, as they cannot be
sweeped by the resolution transaction due to previously existing consensus
rules.
Seems like an annoying technical debt. I wonder if it can be avoided.
The genesis resolution transaction MAY also include a 1-100 byte pushdata in
the first input script, allowing the miner of the genesis resolution to add a
special message. The pushdata MUST be castable to a true boolean.
Why? Unlike the coinbase, this seems to create additional technical debt with
no apparent purpose. Better to just have a consensus rule every input must be
null.
The resolution transaction's version MUST be set to the uint32 max (`232 -
1`).
Transaction versions are signed, so I assume this is actually simply -1.
(While signed transaction versions seemed silly to me, using it for special
cases like this actually makes sense.)

Exiting the extension block

Should specify that spending such an exit must use the resolution txid, not
the extblock's txid.
On the policy layer, transaction fees may be calculated by transaction cost
as well as additional size/legacy-sigops added to the canonical block due to
entering or exiting outputs.
BIPs should not specify policy at all. Perhaps prefix "For the avoidance of
doubt:" to be clear that miners may perform any fee logic they like.
Transactions within the extended transaction vector MAY include a witness
vector using BIP141 transaction serialization.
Since extblock transactions are all required to be segwit, why wouldn't this
be mandatory?
consensus rule.
Note this makes adoption slower: wallets cannot use the extblock until the
economy has updated to support segwit-native addresses.
To reduce the chance of having redeem scripts which simply allow for garbage
data in the witness vector, every 73 bytes in the serialized witness vector is
worth 1 additional point.
Please explain why 73 bytes in Rationale.
This leaves room for 7 future soft-fork upgrades to relax DoS limits.
How so? Please explain.
A consensus dust threshold is now enforced within the extension block.
Why?
If the second highest transaction version bit (30th bit) is set to to 1
within an extension block transaction, an extra 700-bytes is reserved on the
transaction space used up in the block.
Why wouldn't users set this on all transactions?
default_witness_commitment has been renamed to
default_extension_commitment and includes the extension block commitment
script.
default_witness_commitment was never part of the GBT spec. At least describe
what this new key is.
Should be just extblk if backward compatibility is supported (and !extblk
when not).
The "deactivation" deployment'...[message truncated here by reddit bot]...
original: https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-April/013981.html
submitted by dev_list_bot to bitcoin_devlist [link] [comments]

Bitcoin dev IRC meeting in layman's terms (2015-11-05)

Once again my attempt to summarize and explain the weekly bitcoin developer meeting in layman's terms. Link to last weeks summarization
On a personal note: I really don't like the fact someone pm'ed me telling me "a majority of bitcoiners have moved to btc", it's not (yet) true and comes across as very spammy. This combined with the tin-foiled hat people-bashing which seems to be popular makes me almost not want to join this community. I hope this can become like bitcoin, but with the freedom to discuss and mention any topic, not a mindless crusade against bitcoin, theymos, blockstream, etc.
Disclaimer
Please bear in mind I'm not a developer and I'd have problems coding "hello world!", so some things might be incorrect or plain wrong. Like any other write-up it likely contains personal biases, although I try to stay as neutral as I can. There are no decisions being made in these meetings, so if I say "everyone agrees" this means everyone present in the meeting, that's not consensus, but since a fair amount of devs are present it's a good representation. The dev IRC and mailinglist are for bitcoin development purposes. If you have not contributed actual code to a bitcoin-implementation, this is probably not the place you want to reach out to. There are many places to discuss things that the developers read, including this sub-reddit.
link to this week logs Meeting minutes by meetbot
Main topics discussed where:
Sigcache performance Performance goals for 0.12 transaction priority sigops flooding attack chain limits
Short topics/notes
Note: cfields, mcelrath and BlueMatt (and maybe more) missed the meeting because of daylight saving time.
Closing date for proposals for the scaling bitcoin workshop is the 9th.
Check to see if there are any other commits for the 0.11.2 RC. As soon as 6948 and 6825 are merged it seems good to go. We need to move fairly quick as there are already miners voting for CLTV (F2Pool). Also testnet is CLTV locked already and is constantly forking. 0.11.2 RC1 has been released as of today: https://bitcoin.org/bin/bitcoin-core-0.11.2/test/
Most of the mempool-limiting analysis assumed child-pays-for-parent, however that isn't ready for 0.12 yet, so we should think about possible abuses in context of the existing mining algorithm.
Because of time-constrains opt-in replace-by-fee has been deferred to next weeks meeting, but most people seem to want it in 0.12. sdaftuar makes a note that we need to make clear to users what they need to do if they don't want to accept opt-in transactions.
Sigcache performance
The signature cache, which is in place to increase performance (by not having to check the signature multiple times), and to mitigate some attacks currently has a default limit of 50 000 signatures. Sipa has a pull-request which proposes to: Change the limit from number of entries to megabytes Change the default to 40MB, which corresponds to 500 000 signatures Store salted hashes instead of full entries Remove entries that have been validated in a block
Sipa did benchmarks for various signature cache sizes on hitrate in blocks (how many of the cached signatures are in the block). The maximum sigcache size was 68MB, resulting in a 3% miss-rate. Some blocks though have extremely high miss rates (60%) while others have none. Likely caused by miners running different policies. Gmaxwell proposed to always run script verification for mempool transactions, even if these transactions get rejected into the mempool by the clients policy. The result of that is that even a 300MB sigcache size only gets down to 15% misses. So there's too much crap being relayed to keep any reasonable sized cache. Gmaxwell points out downsides to not checking any rejected transactions, namely: there are some DOS attacks possible, and you increase your misrate if you set a policy which is more restrictive than the typical network, which might result in a race to the bottom.
Sipa continues his work and seeks out other strategies
Performance goals for 0.12
Bitcoin-core 0.12 is scheduled for release December 1st.
Everybody likes to include secp256k1 ASAP, as it has a very large performance increase. Some people would like to include the sigcache pull-request, BIP30, modifyNewCoins and a createNewBlock rewrite if it's ready. Wumpus advises against merging last-minute performance improvements for 0.12.
Mentioned pull-requests should be reviewed, prioritizing CreateNewBlock
transaction priority
Each transaction is assigned a priority, determined by the age, size, and number of inputs. Which makes some transactions free.
Sipa thinks we should get rid of the current priority completely and replace it with a function that modifies fee or size of a transaction. There's a pull-request available that optimizes the current transaction priority, thereby avoiding the political debate that goes with changing the definition of transaction priority. Luke-jr thinks the old policy should remain possible.
Check to see if PR #6357 is safe and efficient enough.
sigops flooding attack
The number of ECDSA signature-checking operations or sigops is currently limited to 20 000 per block. This in order to prevent miners creating blocks that take ages to verify as those operations are time-consuming. You could however construct transactions that have a very high sigops count and since most miners don't take into account the sigops count they end up with very small blocks because the sigop limit is reached. This attack is described here.
Suggestion to take the number of sigops relative to the maximum blocksize into account with the total size. Meaning a 10k sigops transaction would currently be viewed as 500kB in size (for that single transaction, not towards the block). That suggestion would be easy to change in the mining code, but more invasive to try and plug that into everything that looks at feerate. This would also open up attacks on the mempool if these transactions are not evicted by mempool limiting. Luke-jr has a bytes-per-sigop limit, that filters out these attack transactions.
More analysis should be done, people seem fine with the general direction of fixing it.
chain limits
Chain in this context means connected transactions. When you send a transaction that depends on another transaction that has yet to be confirmed we talk about a chain of transactions. Miners ideally take the whole chain into account instead of just every single transaction (although that's not widely implemented afaik). So while a single transaction might not have a sufficient fee, a depending transaction could have a high enough fee to make it worthwhile to mine both. This is commonly known as child-pays-for-parent. Since you can make these chains very big it's possible to clog up the mempool this way. With the recent malleability attacks, anyone who made transactions going multiple layers deep would've already encountered huge problems doing this (beautifully explained in let's talk bitcoin #258 from 13:50 onwards) Proposal and github link.
sdaftuar's analysis shows that 40% of blocks contain a chain that exceeds the proposed limits. Even a small bump doesn't make the problem go away. Possible sources of these chains: a service paying the fees on other transactions (child-pays-for-parent), an iOS wallet that gladly spends unconfirmed change. A business confirms they use child-pays-for-parent when they receive bitcoins from an unspent chain. It is possible that these long chains are delivered to miners directly, in which case they wouldn't be affected by the proposed relay limits (and by malleability). Since this is a problem that needs to be addressed, people seem fine with merging it anyway, communicating in advance to let businesses think about how this affects them.
Merge "Policy: Lower default limits for tx chains" Morcos will mail the developer mailing list after it's merged.
Participants
morcos Alex Morcos gmaxwell Gregory Maxwell wumpus Wladimir J. van der Laan sipa Pieter Wuille jgarzik Jeff Garzik Luke-Jr Luke Dashjr phantomcircuit Patrick Strateman sdaftuar Suhas Daftuar btcdrak btcdrak jouke ??Jouke Hofman?? jtimon Jorge Timón jonasschnelli Jonas Schnelli 
Comic relief
20:01 wumpus #meetingend 20:01 wumpus #meetingstop 20:01 gmaxwell Thanks all. 20:01 btcdrak #exitmeeting 20:01 gmaxwell #nomeetingnonono 20:01 btcdrak #meedingexit 20:01 wumpus #endmeeting 20:01 lightningbot Meeting ended Thu Nov 5 20:01:29 2015 UTC. Information about MeetBot at http://wiki.debian.org/MeetBot . 20:01 btcdrak #rekt 
submitted by G1lius to btc [link] [comments]

segwit after a 2MB hardfork

Disclaimer: My preferred plan for bitcoin is soft-forking segregated witness in asap, and scheduling a 2MB hardforked blocksize increase sometime mid-2017, and I think doing a 2MB hardfork anytime soon is pretty crazy. Also, I like micropayments, and until I learnt about the lightning network proposal, bitcoin didn't really interest me because a couple of cents in fees is way too expensive, and a few minutes is way too slow. Maybe that's enough to make everything I say uninteresting to you, dear reader, in which case I hope this disclaimer has saved you some time. :)
Anyway there's now a good explanation of what segwit does beyond increasing the blocksize via accounting tricks or however you want to call it: https://bitcoincore.org/en/2016/01/26/segwit-benefits/ [0] I'm hopeful that makes it a bit easier to see why many people are more excited by segwit than a 2MB hardfork. In any event hopefully it's easy to see why it might be a good idea to do segwit asap, even if you do a hardfork to double the blocksize first.
If you were to do a 2MB hardfork first, and then apply segwit on top of that [1], I think there are a number of changes you'd want to consider, rather than just doing a straight merge. Number one is that with the 75% discount for witness data and a 2MB blocksize, you run the risk of worst-case 8MB blocks which seems to be too large at present [2]. The obvious solution is to change the discount rate, or limit witness data by some other mechanism. The drawback is that this removes some of the benefits of segwit in reducing UTXO growth and in moving to a simpler cost formula. Not hard, but it's a tradeoff, and exactly what to do isn't obvious (to me, anyway).
If IBLT or weak blocks or an improved relay network or something similar comes out after deploying segwit, does it then make sense to increase the discount or otherwise raise the limit on witness data, and is it possible to do this without another hardfork and corresponding forced upgrade? For the core roadmap, I think the answer would be "do segwit as a soft-fork now so no one has to upgrade, and after IBLT/etc is ready perhaps do a hard-fork then because it will be safer" so there's only one forced upgrade for users. Is some similar plan possible if there's an "immediate" hard fork to increase the block size, to avoid users getting hit with two hardforks in quick succession?
Number two is how to deal with sighashes -- segwit allows the hash calculation to be changed, so that for 2MB of transaction data (including witness data), you only need to hash up to around 4MB of data when verifying signatures, rather than potentially gigabytes of data. Compare that to Gavin's commits to the 0.11.2 branch in Classic which include a 1.3GB limit on sighash data to make the 2MB blocksize -- which is necessary because the quadratic scaling problem means that the 1.3GB limit can already be hit with 1MB blocks. Do you keep the new limit once you've got 2MB+segwit, or plan to phase it out as more transactions switch to segwit, or something else?
Again, I think with the core roadmap the plan here is straightforward -- do segwit now, get as many wallets/transactions switched over to segwit asap (whether due to all the bonus features, or just that they're cheaper in fees), and then revise the sighash limits later as part of soft-forking to increase the blocksize.
Finally, and I'm probably projecting my own ideas here, I think a 2MB hardfork in 2017 would give ample opportunity to simultaneously switch to a "validation cost metric" approach, making fees simpler to calculate and avoiding people being able to make sigop attacks to force near-empty blocks and other such nonsense. I think there's even the possibility of changing the limit so that in future it can be increased by soft-forks [3], instead of needing a hard fork for increases as it does now. ie, I think if we're clever, we can get a gradual increase to 1.8MB-2MB starting in the next few months via segwit with a soft-fork, then have a single hard-fork flag day next year, that allows the blocksize to be managed in a forwards compatible way more or less indefinitely.
Anyhoo, I'd love to see more technical discussion of classic vs core, so in the spirit of "write what you want to read", voila...
[0] I wrote most of the text for that, though the content has had a lot of corrections from people who understand how it works better than I do; see the github pull request if you care --https://github.com/bitcoin-core/website/pull/67
[1] https://www.reddit.com/btc/comments/42mequ/jtoomim_192616_utc_my_plan_for_segwit_was_to_pull/
[2] I've done no research myself; jtoomim's talk at Hong Kong said 2MB/4MB seemed okay but 8MB/9MB was "pushing it" -- http://diyhpl.us/wiki/transcripts/scalingbitcoin/hong-kong/bip101-block-propagation-data-from-testnet/ and his talks with miners indicated that BIP101's 8MB blocks were "Too much too fast" https://docs.google.com/spreadsheets/d/1Cg9Qo9Vl5PdJYD4EiHnIGMV3G48pWmcWI3NFoKKfIzU/edit#gid=0 Tradeblock's stats also seem to suggest 8MB blocks is probably problematic for now: https://tradeblock.com/blog/bitcoin-network-capacity-analysis-part-6-data-propagation
[3] https://botbot.me/freenode/bitcoin-wizards/2015-12-09/?msg=55794797&page=4
submitted by ajtowns to btc [link] [comments]

03-10 04:07 - 'parallel block validation sort of addresses the big blocks problem and the sighash problem (though I would prefer a sigop limit on transactions). But as for the big blocks problem, miners set their Acceptance Depth (AD) to wha...' by /u/lexensi1 removed from /r/Bitcoin within 74-79min

'''
parallel block validation sort of addresses the big blocks problem and the sighash problem (though I would prefer a sigop limit on transactions). But as for the big blocks problem, miners set their Acceptance Depth (AD) to whatever they want. So a block that is too large will have to have many blocks mined on top of it as well before it is accepted. The only way that can happen is if a majority of miners agree that the block is not too large.
As for malleability, there is the flextrans proposal but I don't know if it's under consideration by BU or not. Segwit doesn't solve malleability once and for all either, because the old-style transactions are still valid, so exchanges and wallets and other software still need to take into account that it's possible in the way they program their software.
Not sure what the median EB attack is.
Firstly AD is now 12. Therefore EB=1MB miners can get 12 blocks orphaned, which would take an expected 4 hours. There would be no warning for users and they could see funds wiped from their wallets after 11 confirmations.
After this then all the EB = 1MB miners would have their sticky gates triggered, whilst all the EB = 1.1MB would have their sticky gates closed. Now a malicious miner can split the hashrate 50/50 again. This time the smaller blockers ironically on the larger block chain and vica versa. It would be a massive confusing mess.
It does not actually address either, unfortunately. A mining consortium would be perfectly capable of gaming Bitcoin mining with larger-than-tolerable blocks (or more-than-tolerable cumulative sighash ops within those blocks), regardless of whether smalleleaner alternative blocks were able to be validated in parallel to them.
This particular risk vector actually compounds on itself, too. Initially, a coalition of 50.1% of hashrate could (possibly even accidentally, especially due to network limiters like the Great Firewall of China) mine and extend-upon blocks that are larger than the other 49.9% are able to validate competitively. Even if the 49.9% of miners are able to validate smaller blocks in parallel, they will ultimately be doomed trying to compete with the 50.1%, and as their orphan rates climb and their profitability declines, they would eventually be forced to shut down (assuming they are motivated by profit). This means that the remaining 50.1% of miners now make up the entire mining network... and the process can then repeat, with fewer participants on each iteration.
Peter Todd also explained this idea very well years ago.
Parallel block validation, while an important step forward, unfortunately does nothing to address the underlying issue here.
That's why most Bitcoin engineers consider flex-cap proposals to be untenable unless they include proper incentive-alignment controls (e.g. the sacrifice of mining rewards in exchange for larger allowed block-sizes
'''
Context Link
Go1dfish undelete link
unreddit undelete link
Author: lexensi1
submitted by removalbot to removalbot [link] [comments]

Proposed segwit related consensus and policy rules in Bitcoin Core 0.13.1 | Johnson Lau | Sep 10 2016

Johnson Lau on Sep 10 2016:
There are several opening pull requests for segwit related consensus and policy rules. This email summarize and explain the rationale.
As a general warning, people must not assume that a script spendable in pre-segwit system would also be spendable as a segwit script. They share much similarity but there are also notable differences, such as BIP143 and those proposals listed below. In any case, test your segwit system on testnet with the standard rules turned on, and a small amount of money after segwit is activated on mainnet.
Script Malleability fixes: Segwit (BIP141) fixes the most nasty malleability in Bitcoin: transaction ID malleability. However, due to the flexibility of scripting system, it is still possible for a relay node to insert arbitrary data to the witness without invalidating the transaction. Although segwit makes such attacks much harmless, this could still be annoying as people may write data to the blockchain at others costs.
NULLDUMMY, MINIMALIF, NULLFAIL are fixing this type of problem. NULLDUMMY has been implemented as a policy for more than a year and a softfork is proposed in the upcoming 0.13.1. MINIMALIF and NULLFAIL are both new policy proposed for 0.13.1, and may become softforks in the future. Script designers must pay attention to these potential softforks to avoid creation of unspendable scripts.
Consensus:
BIP147 "NULLDUMMY" softfork (for both segwit and pre-segwit scripts)
PR: https://github.com/bitcoin/bitcoin/pull/8636
Related discussion: https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2016-Septembe013096.html
Policy:
"MINIMALIF" Minimal OP_IF/NOTIF argument (segwit scripts only)
PR: https://github.com/bitcoin/bitcoin/pull/8526
Related discussion: https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2016-August/013014.html
Policy:
"NULLFAIL" Null signature for failed CHECK(MULTI)SIG (for both segwit and pre-segwit scripts)
PR: https://github.com/bitcoin/bitcoin/pull/8634
Related discussion: https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2016-Septembe013098.html
Policy: Resources limit for P2WSH
PR: https://github.com/bitcoin/bitcoin/pull/8499
For P2WSH, a policy limit is proposed with witnessScript <= 3600 bytes, witness stack item size <= 80 bytes, and witness stack items <= 100
3600 bytes witnessScript and 100 stack items are adequate for a n-of-100 multisig using 100 OP_CHECKSIG, 99 OP_ADD, and 1 OP_EQUAL. Before segwit, the biggest standard mutlisig is n-of-15 with P2SH.
The max size for ECDSA signature is 73 bytes and nothing (except hashing opcodes) should use more than that with the current scripting language.
This is to prevent abuse of witness space, and reduce the risks of DoS attack with some unknown special and big scripts.
The consensus limits described in BIP141 are not changed, as witnessScript <= 10000 bytes and witness stack item size <= 520 bytes. (There is also an implied limit for witness stack items of 412, see the inline comments in #8499)
Policy: Public key must be compressed (segwit only)
PR: https://github.com/bitcoin/bitcoin/pull/8499
It is proposed that only compressed keys (33 bytes starting with 0x02 or 0x03) are allowed in segwit scripts.
This is a policy only and non-compressed keys are still valid in a block. A softfork based on this may be proposed with further risks and benefits analysis
We can't have such policy or softfork in non-segwit scripts since there are many UTXOs being stored that way. Since segwit is a completely new script system, there is no strong reasons to support non-compressed keys.
Wallet developers must pay attention to this policy and must not assume that existing P2PKH hashes or P2SH scripts are spendable in segwit.
The RPC command addwitnessaddress will refuse to return a segwit address if the given key/multi-sig is unknown or is not compressed.
createwitnessaddress will return an address for whatever scripts given, without checking the validity at all. (even an OP_RETURN is provided, it will still return a P2WSH address). We may need to give a warning, or simply remove this command.
DoS protection: Banning peers for sending certain types of consensus invalid witness
PR: https://github.com/bitcoin/bitcoin/pull/8499
Peers sending certain types of invalid witness will be banned before fee and SigOp policy are checked. Those are all based on explicit or implicit consensus rules, and will protect P2WPKH and canonical multisigs against the DoS issues described in #8279. The rest of P2WSH scripts will be covered by #8525 by not storing witness txs in rejection cache.
DoS protection: Mandatory softfork flags for segwit txs
PR: https://github.com/bitcoin/bitcoin/pull/8499
Since all segwit-aware nodes must be aware of all existing softforks, including BIP66, 65, 112, 141, and 143, the verification flags for these BIPs will be mandatory for transactions with non-empty witness. Wallets relaying witness transactions violating these rules will be banned (even if the violation happens in a non-segwit input).
original: https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2016-Septembe013112.html
submitted by dev_list_bot to bitcoin_devlist [link] [comments]

Bitcoin Core 0.13.0 release candidate 2 available | Wladimir J. van der Laan | Jul 31 2016

Wladimir J. van der Laan on Jul 31 2016:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Binaries for bitcoin Core version 0.13.0rc2 are available from:
https://bitcoin.org/bin/bitcoin-core-0.13.0/test.rc2/ 
Source code can be found on github under the signed tag
https://github.com/bitcoin/bitcoin/tree/v0.13.0rc2 
This is a release candidate for a new major version release, bringing new
features, bug fixes, as well as other improvements.
Preliminary release notes for the release can be found at
https://github.com/bitcoin/bitcoin/blob/0.13/doc/release-notes.md 
Release candidates are test versions for releases. When no critical problems
are found, this release candidate will be tagged as 0.13.0.
Please report bugs using the issue tracker at github:
https://github.com/bitcoin/bitcoin/issues 
Notable changes since rc1:

Build system

GUI

Wallet

P2P protocol and network code

Consensus

Mining

Block and transaction handling

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBCgAGBQJXngBiAAoJEHSBCwEjRsmmS5kIAMFiXFua9ruR8Vwu1fNgnWTb
X4tsNOdPScm7jwsFavcwygqZQlDNDURjcocQFcehHgEickBrk6eaplTuB4VJidPG
Aqw+nLrd6M//Ohy+7eke7aCg5/QV7poplM3glwow4gQfoSBvL0ywMEhWEzGL7EPH
FH5pyY9o4QZw5wGdvMWxvYVTLPZkm0W2cSWCHZ0WgzWvTkZ7aMzSQ5F5TXPfjzED
DNuQQRMm9H1H3LJkmWAwjCXLzKNMzjmefLujyEII388s6UoWnA1ufosqb1kMqL+h
kuEelzef4cMBZEvHgfzsvlLmba2DLr7xhwudd3HK2NHSmO/wAUdhbQOQSts9NoY=
=rN68
-----END PGP SIGNATURE-----
original: https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2016-July/012916.html
submitted by dev_list_bot to bitcoin_devlist [link] [comments]

Spoonnet: another experimental hardfork | Johnson Lau | Feb 06 2017

Johnson Lau on Feb 06 2017:
Finally got some time over the Chinese New Year holiday to code and write this up. This is not the same as my previous forcenet ( https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-January/013472.html ). It is much simpler. Trying to activate it on testnet will get you banned. Trying to activate it on mainnet before consensus is reached will make you lose money.
This proposal includes the following features:
  1. A fixed starting time. Not dependent on miner signalling. However, it requires at least 51% of miners to actually build the new block format in order to get activated.
  2. It has no mechanism to prevent a split. If 49% of miners insist on the original chain, they could keep going. Split prevention is a social problem, not a technical one.
  3. It is compatible with existing Stratum mining protocol. Only pool software upgrade is needed
  4. A new extended and flexible header is located at the witness field of the coinbase transaction
  5. It is backward compatible with existing light wallets
  6. Dedicated space for miners to put anything they want, which bitcoin users could completely ignore. Merge-mining friendly.
  7. Small header space for miners to include non-consensus enforced bitcoin related data, useful for fee estimation etc.
  8. A new transaction weight formula to encourage responsible use of UTXO
  9. A linear growth of actual block size until certain limit
  10. Sighash O(n2) protection for legacy (non-segwit) outputs
  11. Optional anti-transaction replay
  12. A new optional coinbase tx format that allows additional inputs, including spending of immature previous coinbase outputs
Specification [Rationales]:
Activation:
Extended header:
**Header1 must be exactly 32 bytes of the original transaction hash Merkle root.
**Header2 is the secondary header. It must be 36-80 bytes. The first 4 bytes must be little-endian encoded number of transactions (minimum 1). The next 32 bytes must be the witness Merkle root (to be defined later). The rest, if any, has no consensus meaning. However, miners MUST NOT use this space of non-bitcoin purpose [the additional space allows non-censensus enforced data to be included, easily accessible to light wallets]
**Header3 is the miner dedicated space. It must not be larger than 252 bytes. Anything put here has no consensus meaning [space for merge mining; non-full nodes could completely ignore data in this space; 252 is the maximum size allowed for signal byte CompactSize]
A “backdoor” softfork the relax the size limit of Header 2 and Header 3:
Anti-tx-replay:
Sighash limitation:
New tx weight definition:
** The total serialised size * 2 * SIGHASH_SCALE_FACTOR (size defined by the witness tx format in BIP144)
** The adjusted size = (Transaction weight by BIP141 - (number of inputs - number of non-OP_RETURN outputs) * 41) * SIGHASH_SCALE_FACTOR
** nSigOps * 50 * SIGHASH_SCALE_FACTOR. All SigOps are equal (no witness scaling). For non-segwit txs, the sigops in output scriptPubKey are not counted, while the sigops in input scriptPubKey are counted.
** SigHashSize defined in the last section
Translating to new metric, the current BIP141 limit is 360,000,000. This is equivalent to 360MB of sighashing, 2MB of serialised size, 4MB of adjusted size, or 80000 nSigOp.
See rationales in this post: https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-January/013472.html
Block weight growing by time:
New coinbase transaction format:
Witness merkle root:
Other consensus changes:

An experimental implementation of the above spec could be found at https://github.com/jl2012/bitcoin/tree/spoonnet1
Not the same as my previous effort on the “forcenet”, the “spoonnet” is a full hardfork that will get you banned on the existing network.
Haven’t got the time to test the codes yet, not independently reviewed. But it passes all existing tests in Bitcoin Core. No one should use this in production, but I think it works fine on testnet like a normal bitcoind (as long as it is not activated)
Things not implemented yet:
  1. Automated testing
  2. Post-hardfork support for old light wallets
  3. Wallet support, especially anti-tx-replay
  4. New p2p message to transmit secondary header (lower priority)
  5. Full mining and mempool support (not my priority)

Potential second stage change:
Relative to the actual activation time, there could be a second stage with more drastic changes to fix one or both of the following problems:
  1. SHA256 shortcut like ASICBoost. All fixes to ASICBoost are not very elegant. But the question is, is it acceptable to have bitcoin-specific patent in the consensus protocol? Still, I believe the best way to solve this problem is the patent holder(s) to kindly som...[message truncated here by reddit bot]...
original: https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-February/013542.html
submitted by dev_list_bot to bitcoin_devlist [link] [comments]

Consensus critical limits in Bitcoin protocol and proposed block resources limit accounting | Johnson Lau | Jan 27 2017

Johnson Lau on Jan 27 2017:
There are many consensus critical limits scattered all over the Bitcoin protocol. The first part of this post is to analyse what the current limits are. These limits could be arranged into different categories:
  1. Script level limit. Some limits are restricted to scripts, including size (10000 bytes), nOpCount (201), stack plus alt-stack size (1000), and stack push size (520). If these limits are passed, they won’t have any effects on the limits of the other levels.
  2. Output value limit: any single output value must be >=0 and <= 21 million bitcoin
  3. Transaction level limit: The only transaction level limit we have currently, is the total output value must be equal to or smaller than the total input value for non-coinbase tx.
  4. Block level limit: there are several block level limits:
a. The total output value of all txs must be equal to or smaller than the total input value with block reward.
b. The serialised size including block header and transactions must not be over 1MB. (or 4,000,000 in terms of tx weight with segwit)
c. The total nSigOpCount must not be over 20,000 (or 80,000 nSigOpCost with segwit)
There is an unavoidable layer violation in terms of the block level total output value. However, all the other limits are restricted to its level. Particularly, the counting of nSigOp does not require execution of scripts. BIP109 (now withdrawn) tried to change this by implementing a block level SigatureHash limit and SigOp limit by counting the accurate value through running the scripts.
So currently, we have 2 somewhat independent block resources limits: weight and SigOp. A valid block must not exceed any of these limits. However, for miners trying to maximise the fees under these limits, they need to solve a non-linear equation. It’s even worse for wallets trying to estimate fees, as they have no idea what txs are miners trying to include. In reality, everyone just ignore SigOp for fee estimation, as the size/weight is almost always the dominant factor.
In order to not introduce further non-linearity with segwit, after examining different alternatives, we decided that the block weight limit should be a simple linear function: 3*base size + total size, which allows bigger block size and provides incentives to limit UTXO growth. With normal use, this allows up to 2MB of block size, and even more if multi-sig becomes more popular. A side effect is that allows a theoretical way to fill up the block to 4MB with mostly non-transaction data, but that’d only happen if a miner decide to do it due to non-standardness. (and this is actually not too bad, as witness could be pruned in the future)
Some also criticised that the weight accounting would make a “simple 2MB hardfork” more dangerous, as the theoretical limits will be 8MB which is too much. This is a complete straw man argument, as with a hardfork, one could introduce any rules at will, including revolutionising the calculation of block resources, as shown below.
—————————
Proposal: a new block resources limit accounting
Objectives:
  1. linear fee estimation
  2. a single, unified, block level limit for everything we want to limit
  3. do not require expensive script evaluation
Assumptions:
  1. the maximum base block size is about 1MB (for a hardfork with bigger block, it just needs to upscale the value)
  2. a hardfork is done (despite some of these could also be done with a softfork)
Version 1: without segwit
The tx weight is the maximum of the following values:
— Serialised size in byte
— accurate nSigOpCount * 50 (statical counting of SigOp in scriptSig, redeemScript, and previous scriptPubKey, but not the new scriptPubKey)
The block level limit is 1,000,000
Although this looks similar to the existing approach, this actually makes the fee estimation a linear problem. Wallets may now calculate both values for a tx and take the maximum, and compare with other txs on the same basis. On the other hand, the total size and SigOpCount of a block may never go above the existing limits (1MB and 20000) no matter how the txs look like. (In some edge cases, the max block size might be smaller than 1MB, if the weight of some transactions is dominated by the SigOpCount)
Version 2: extending version 1 with segwit
The tx weight is the maximum of the following values:
— Serialised size in byte * 2
— Base size * 3 + total size
— accurate SigOpCount * 50 (as a hardfork, segwit and non-segwit SigOp could be counted in the same way and no need to scale)
The block level limit is 4,000,000
For similar reasons the fee estimation is also a linear problem. An interesting difference between this and BIP141 is this will limit the total block size under 2MB, as 4,000,000 / 2 (the 2 as the scaling factor for the serialised size). If the witness inflation really happens (which I highly doubt as it’s a miner initiated attack), we could introduce a similar limit just with a softfork.
Version 3: extending version 2 to limit UTXO growth:
The tx weight is the maximum of the following values:
— Serialised size in byte * 2
— Adjusted size = Base size * 3 + total size + (number of non-OP_RETURN outputs - number of inputs) * 4 * 41
— accurate SigOpCount * 50
I have explained the rationale for the adjusted size in an earlier post but just repeat here. “4” in the formula is the witness scale factor, and “41” is the minimum size of transaction input (32 hash + 4 index + 4 sequence + 1 for empty scriptSig). This requires everyone to pay a significant portion of the spending fee when they create a UTXO, so they pay less when it is spent. For transactions with 1:1 input and output ratios, the effect is cancelled out and won’t actually affect the weight estimation. When spending becomes cheaper, even UTXOs with lower value might become economical to spend, which helps cleaning up the UTXO. Since UTXO is the most expensive aspect, I strongly believe that any block size increase proposal must somehow discourage further growth of the set.
Version 4: including a sighash limit
This is what I actually implemented in my experimental hardfork network: https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-January/013472.html https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-January/013472.html
I’m not repeating here, but it shows how further limits might be added on top of the old ones through a softfork. Basically, you just add more metrics, and always take to maximum one.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20170128/84d6df5e/attachment.html
original: https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-January/013504.html
submitted by dev_list_bot to bitcoin_devlist [link] [comments]

Bitcoin Core 0.10.0 released | Wladimir | Feb 16 2015

Wladimir on Feb 16 2015:
Bitcoin Core version 0.10.0 is now available from:
https://bitcoin.org/bin/0.10.0/
This is a new major version release, bringing both new features and
bug fixes.
Please report bugs using the issue tracker at github:
https://github.com/bitcoin/bitcoin/issues
The whole distribution is also available as torrent:
https://bitcoin.org/bin/0.10.0/bitcoin-0.10.0.torrent
magnet:?xt=urn:btih:170c61fe09dafecfbb97cb4dccd32173383f4e68&dn;=0.10.0&tr;=udp%3A%2F%2Ftracker.openbittorrent.com%3A80%2Fannounce&tr;=udp%3A%2F%2Ftracker.publicbt.com%3A80%2Fannounce&tr;=udp%3A%2F%2Ftracker.ccc.de%3A80%2Fannounce&tr;=udp%3A%2F%2Ftracker.coppersurfer.tk%3A6969&tr;=udp%3A%2F%2Fopen.demonii.com%3A1337&ws;=https%3A%2F%2Fbitcoin.org%2Fbin%2F
Upgrading and downgrading

How to Upgrade
If you are running an older version, shut it down. Wait until it has completely
shut down (which might take a few minutes for older versions), then run the
installer (on Windows) or just copy over /Applications/Bitcoin-Qt (on Mac) or
bitcoind/bitcoin-qt (on Linux).
Downgrading warning
Because release 0.10.0 makes use of headers-first synchronization and parallel
block download (see further), the block files and databases are not
backwards-compatible with older versions of Bitcoin Core or other software:
  • Blocks will be stored on disk out of order (in the order they are
received, really), which makes it incompatible with some tools or
other programs. Reindexing using earlier versions will also not work
anymore as a result of this.
  • The block index database will now hold headers for which no block is
stored on disk, which earlier versions won't support.
If you want to be able to downgrade smoothly, make a backup of your entire data
directory. Without this your node will need start syncing (or importing from
bootstrap.dat) anew afterwards. It is possible that the data from a completely
synchronised 0.10 node may be usable in older versions as-is, but this is not
supported and may break as soon as the older version attempts to reindex.
This does not affect wallet forward or backward compatibility.
Notable changes

Faster synchronization
Bitcoin Core now uses 'headers-first synchronization'. This means that we first
ask peers for block headers (a total of 27 megabytes, as of December 2014) and
validate those. In a second stage, when the headers have been discovered, we
download the blocks. However, as we already know about the whole chain in
advance, the blocks can be downloaded in parallel from all available peers.
In practice, this means a much faster and more robust synchronization. On
recent hardware with a decent network link, it can be as little as 3 hours
for an initial full synchronization. You may notice a slower progress in the
very first few minutes, when headers are still being fetched and verified, but
it should gain speed afterwards.
A few RPCs were added/updated as a result of this:
  • getblockchaininfo now returns the number of validated headers in addition to
the number of validated blocks.
  • getpeerinfo lists both the number of blocks and headers we know we have in
common with each peer. While synchronizing, the heights of the blocks that we
have requested from peers (but haven't received yet) are also listed as
'inflight'.
  • A new RPC getchaintips lists all known branches of the block chain,
including those we only have headers for.
Transaction fee changes
This release automatically estimates how high a transaction fee (or how
high a priority) transactions require to be confirmed quickly. The default
settings will create transactions that confirm quickly; see the new
'txconfirmtarget' setting to control the tradeoff between fees and
confirmation times. Fees are added by default unless the 'sendfreetransactions'
setting is enabled.
Prior releases used hard-coded fees (and priorities), and would
sometimes create transactions that took a very long time to confirm.
Statistics used to estimate fees and priorities are saved in the
data directory in the fee_estimates.dat file just before
program shutdown, and are read in at startup.
New command line options for transaction fee changes:
  • -txconfirmtarget=n : create transactions that have enough fees (or priority)
so they are likely to begin confirmation within n blocks (default: 1). This setting
is over-ridden by the -paytxfee option.
  • -sendfreetransactions : Send transactions as zero-fee transactions if possible
(default: 0)
New RPC commands for fee estimation:
  • estimatefee nblocks : Returns approximate fee-per-1,000-bytes needed for
a transaction to begin confirmation within nblocks. Returns -1 if not enough
transactions have been observed to compute a good estimate.
  • estimatepriority nblocks : Returns approximate priority needed for
a zero-fee transaction to begin confirmation within nblocks. Returns -1 if not
enough free transactions have been observed to compute a good
estimate.
RPC access control changes
Subnet matching for the purpose of access control is now done
by matching the binary network address, instead of with string wildcard matching.
For the user this means that -rpcallowip takes a subnet specification, which can be
  • a single IP address (e.g. 1.2.3.4 or fe80::0012:3456:789a:bcde)
  • a network/CIDR (e.g. 1.2.3.0/24 or fe80::0000/64)
  • a network/netmask (e.g. 1.2.3.4/255.255.255.0 or fe80::0012:3456:789a:bcde/ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff)
An arbitrary number of -rpcallow arguments can be given. An incoming connection will be accepted if its origin address
matches one of them.
For example:
| 0.9.x and before | 0.10.x |
|--------------------------------------------|---------------------------------------|
| -rpcallowip=192.168.1.1 | -rpcallowip=192.168.1.1 (unchanged) |
| -rpcallowip=192.168.1.* | -rpcallowip=192.168.1.0/24 |
| -rpcallowip=192.168.* | -rpcallowip=192.168.0.0/16 |
| -rpcallowip=* (dangerous!) | -rpcallowip=::/0 (still dangerous!) |
Using wildcards will result in the rule being rejected with the following error in debug.log:
 Error: Invalid -rpcallowip subnet specification: *. Valid are a single IP (e.g. 1.2.3.4), a network/netmask (e.g. 1.2.3.4/255.255.255.0) or a network/CIDR (e.g. 1.2.3.4/24). 
REST interface
A new HTTP API is exposed when running with the -rest flag, which allows
unauthenticated access to public node data.
It is served on the same port as RPC, but does not need a password, and uses
plain HTTP instead of JSON-RPC.
Assuming a local RPC server running on port 8332, it is possible to request:
In every case, EXT can be bin (for raw binary data), hex (for hex-encoded
binary) or json.
For more details, see the doc/REST-interface.md document in the repository.
RPC Server "Warm-Up" Mode
The RPC server is started earlier now, before most of the expensive
intialisations like loading the block index. It is available now almost
immediately after starting the process. However, until all initialisations
are done, it always returns an immediate error with code -28 to all calls.
This new behaviour can be useful for clients to know that a server is already
started and will be available soon (for instance, so that they do not
have to start it themselves).
Improved signing security
For 0.10 the security of signing against unusual attacks has been
improved by making the signatures constant time and deterministic.
This change is a result of switching signing to use libsecp256k1
instead of OpenSSL. Libsecp256k1 is a cryptographic library
optimized for the curve Bitcoin uses which was created by Bitcoin
Core developer Pieter Wuille.
There exist attacks[1] against most ECC implementations where an
attacker on shared virtual machine hardware could extract a private
key if they could cause a target to sign using the same key hundreds
of times. While using shared hosts and reusing keys are inadvisable
for other reasons, it's a better practice to avoid the exposure.
OpenSSL has code in their source repository for derandomization
and reduction in timing leaks that we've eagerly wanted to use for a
long time, but this functionality has still not made its
way into a released version of OpenSSL. Libsecp256k1 achieves
significantly stronger protection: As far as we're aware this is
the only deployed implementation of constant time signing for
the curve Bitcoin uses and we have reason to believe that
libsecp256k1 is better tested and more thoroughly reviewed
than the implementation in OpenSSL.
[1] https://eprint.iacr.org/2014/161.pdf
Watch-only wallet support
The wallet can now track transactions to and from wallets for which you know
all addresses (or scripts), even without the private keys.
This can be used to track payments without needing the private keys online on a
possibly vulnerable system. In addition, it can help for (manual) construction
of multisig transactions where you are only one of the signers.
One new RPC, importaddress, is added which functions similarly to
importprivkey, but instead takes an address or script (in hexadecimal) as
argument. After using it, outputs credited to this address or script are
considered to be received, and transactions consuming these outputs will be
considered to be sent.
The following RPCs have optional support for watch-only:
getbalance, listreceivedbyaddress, listreceivedbyaccount,
listtransactions, listaccounts, listsinceblock, gettransaction. See the
RPC documentation for those methods for more information.
Compared to using getrawtransaction, this mechanism does not require
-txindex, scales better, integrates better with the wallet, and is compatible
with future block chain pruning functionality. It does mean that all relevant
addresses need to added to the wallet before the payment, though.
Consensus library
Starting from 0.10.0, the Bitcoin Core distribution includes a consensus library.
The purpose of this library is to make the verification functionality that is
critical to Bitcoin's consensus available to other applications, e.g. to language
bindings such as [python-bitcoinlib](https://pypi.python.org/pypi/python-bitcoinlib) or
alternative node implementations.
This library is called libbitcoinconsensus.so (or, .dll for Windows).
Its interface is defined in the C header [bitcoinconsensus.h](https://github.com/bitcoin/bitcoin/blob/0.10/src/script/bitcoinconsensus.h).
In its initial version the API includes two functions:
  • bitcoinconsensus_verify_script verifies a script. It returns whether the indicated input of the provided serialized transaction
correctly spends the passed scriptPubKey under additional constraints indicated by flags
  • bitcoinconsensus_version returns the API version, currently at an experimental 0
The functionality is planned to be extended to e.g. UTXO management in upcoming releases, but the interface
for existing methods should remain stable.
Standard script rules relaxed for P2SH addresses
The IsStandard() rules have been almost completely removed for P2SH
redemption scripts, allowing applications to make use of any valid
script type, such as "n-of-m OR y", hash-locked oracle addresses, etc.
While the Bitcoin protocol has always supported these types of script,
actually using them on mainnet has been previously inconvenient as
standard Bitcoin Core nodes wouldn't relay them to miners, nor would
most miners include them in blocks they mined.
bitcoin-tx
It has been observed that many of the RPC functions offered by bitcoind are
"pure functions", and operate independently of the bitcoind wallet. This
included many of the RPC "raw transaction" API functions, such as
createrawtransaction.
bitcoin-tx is a newly introduced command line utility designed to enable easy
manipulation of bitcoin transactions. A summary of its operation may be
obtained via "bitcoin-tx --help" Transactions may be created or signed in a
manner similar to the RPC raw tx API. Transactions may be updated, deleting
inputs or outputs, or appending new inputs and outputs. Custom scripts may be
easily composed using a simple text notation, borrowed from the bitcoin test
suite.
This tool may be used for experimenting with new transaction types, signing
multi-party transactions, and many other uses. Long term, the goal is to
deprecate and remove "pure function" RPC API calls, as those do not require a
server round-trip to execute.
Other utilities "bitcoin-key" and "bitcoin-script" have been proposed, making
key and script operations easily accessible via command line.
Mining and relay policy enhancements
Bitcoin Core's block templates are now for version 3 blocks only, and any mining
software relying on its getblocktemplate must be updated in parallel to use
libblkmaker either version 0.4.2 or any version from 0.5.1 onward.
If you are solo mining, this will affect you the moment you upgrade Bitcoin
Core, which must be done prior to BIP66 achieving its 951/1001 status.
If you are mining with the stratum mining protocol: this does not affect you.
If you are mining with the getblocktemplate protocol to a pool: this will affect
you at the pool operator's discretion, which must be no later than BIP66
achieving its 951/1001 status.
The prioritisetransaction RPC method has been added to enable miners to
manipulate the priority of transactions on an individual basis.
Bitcoin Core now supports BIP 22 long polling, so mining software can be
notified immediately of new templates rather than having to poll periodically.
Support for BIP 23 block proposals is now available in Bitcoin Core's
getblocktemplate method. This enables miners to check the basic validity of
their next block before expending work on it, reducing risks of accidental
hardforks or mining invalid blocks.
Two new options to control mining policy:
  • -datacarrier=0/1 : Relay and mine "data carrier" (OP_RETURN) transactions
if this is 1.
  • -datacarriersize=n : Maximum size, in bytes, we consider acceptable for
"data carrier" outputs.
The relay policy has changed to more properly implement the desired behavior of not
relaying free (or very low fee) transactions unless they have a priority above the
AllowFreeThreshold(), in which case they are relayed subject to the rate limiter.
BIP 66: strict DER encoding for signatures
Bitcoin Core 0.10 implements BIP 66, which introduces block version 3, and a new
consensus rule, which prohibits non-DER signatures. Such transactions have been
non-standard since Bitcoin v0.8.0 (released in February 2013), but were
technically still permitted inside blocks.
This change breaks the dependency on OpenSSL's signature parsing, and is
required if implementations would want to remove all of OpenSSL from the
consensus code.
The same miner-voting mechanism as in BIP 34 is used: when 751 out of a
sequence of 1001 blocks have version number 3 or higher, the new consensus
rule becomes active for those blocks. When 951 out of a sequence of 1001
blocks have version number 3 or higher, it becomes mandatory for all blocks.
Backward compatibility with current mining software is NOT provided, thus miners
should read the first paragraph of "Mining and relay policy enhancements" above.
0.10.0 Change log

Detailed release notes follow. This overview includes changes that affect external
behavior, not code moves, refactors or string updates.
RPC:
  • f923c07 Support IPv6 lookup in bitcoin-cli even when IPv6 only bound on localhost
  • b641c9c Fix addnode "onetry": Connect with OpenNetworkConnection
  • 171ca77 estimatefee / estimatepriority RPC methods
  • b750cf1 Remove cli functionality from bitcoind
  • f6984e8 Add "chain" to getmininginfo, improve help in getblockchaininfo
  • 99ddc6c Add nLocalServices info to RPC getinfo
  • cf0c47b Remove getwork() RPC call
  • 2a72d45 prioritisetransaction
  • e44fea5 Add an option -datacarrier to allow users to disable relaying/mining data carrier transactions
  • 2ec5a3d Prevent easy RPC memory exhaustion attack
  • d4640d7 Added argument to getbalance to include watchonly addresses and fixed errors in balance calculation
  • 83f3543 Added argument to listaccounts to include watchonly addresses
  • 952877e Showing 'involvesWatchonly' property for transactions returned by 'listtransactions' and 'listsinceblock'. It is only appended when the transaction involves a watchonly address
  • d7d5d23 Added argument to listtransactions and listsinceblock to include watchonly addresses
  • f87ba3d added includeWatchonly argument to 'gettransaction' because it affects balance calculation
  • 0fa2f88 added includedWatchonly argument to listreceivedbyaddress/...account
  • 6c37f7f getrawchangeaddress: fail when keypool exhausted and wallet locked
  • ff6a7af getblocktemplate: longpolling support
  • c4a321f Add peerid to getpeerinfo to allow correlation with the logs
  • 1b4568c Add vout to ListTransactions output
  • b33bd7a Implement "getchaintips" RPC command to monitor blockchain forks
  • 733177e Remove size limit in RPC client, keep it in server
  • 6b5b7cb Categorize rpc help overview
  • 6f2c26a Closely track mempool byte total. Add "getmempoolinfo" RPC
  • aa82795 Add detailed network info to getnetworkinfo RPC
  • 01094bd Don't reveal whether password is <20 or >20 characters in RPC
  • 57153d4 rpc: Compute number of confirmations of a block from block height
  • ff36cbe getnetworkinfo: export local node's client sub-version string
  • d14d7de SanitizeString: allow '(' and ')'
  • 31d6390 Fixed setaccount accepting foreign address
  • b5ec5fe update getnetworkinfo help with subversion
  • ad6e601 RPC additions after headers-first
  • 33dfbf5 rpc: Fix leveldb iterator leak, and flush before gettxoutsetinfo
  • 2aa6329 Enable customising node policy for datacarrier data size with a -datacarriersize option
  • f877aaa submitblock: Use a temporary CValidationState to determine accurately the outcome of ProcessBlock
  • e69a587 submitblock: Support for returning specific rejection reasons
  • af82884 Add "warmup mode" for RPC server
  • e2655e0 Add unauthenticated HTTP REST interface to public blockchain data
  • 683dc40 Disable SSLv3 (in favor of TLS) for the RPC client and server
  • 44b4c0d signrawtransaction: validate private key
  • 9765a50 Implement BIP 23 Block Proposal
  • f9de17e Add warning comment to getinfo
Command-line options:
  • ee21912 Use netmasks instead of wildcards for IP address matching
  • deb3572 Add -rpcbind option to allow binding RPC port on a specific interface
  • 96b733e Add -version option to get just the version
  • 1569353 Add -stopafterblockimport option
  • 77cbd46 Let -zapwallettxes recover transaction meta data
  • 1c750db remove -tor compatibility code (only allow -onion)
  • 4aaa017 rework help messages for fee-related options
  • 4278b1d Clarify error message when invalid -rpcallowip
  • 6b407e4 -datadir is now allowed in config files
  • bdd5b58 Add option -sysperms to disable 077 umask (create new files with system default umask)
  • cbe39a3 Add "bitcoin-tx" command line utility and supporting modules
  • dbca89b Trigger -alertnotify if network is upgrading without you
  • ad96e7c Make -reindex cope with out-of-order blocks
  • 16d5194 Skip reindexed blocks individually
  • ec01243 --tracerpc option for regression tests
  • f654f00 Change -genproclimit default to 1
  • 3c77714 Make -proxy set all network types, avoiding a connect leak
  • 57be955 Remove -printblock, -printblocktree, and -printblockindex
  • ad3d208 remove -maxorphanblocks config parameter since it is no longer functional
Block and transaction handling:
  • 7a0e84d ProcessGetData(): abort if a block file is missing from disk
  • 8c93bf4 LoadBlockIndexDB(): Require block db reindex if any blk*.dat files are missing
  • 77339e5 Get rid of the static chainMostWork (optimization)
  • 4e0eed8 Allow ActivateBestChain to release its lock on cs_main
  • 18e7216 Push cs_mains down in ProcessBlock
  • fa126ef Avoid undefined behavior using CFlatData in CScript serialization
  • 7f3b4e9 Relax IsStandard rules for pay-to-script-hash transactions
  • c9a0918 Add a skiplist to the CBlockIndex structure
  • bc42503 Use unordered_map for CCoinsViewCache with salted hash (optimization)
  • d4d3fbd Do not flush the cache after every block outside of IBD (optimization)
  • ad08d0b Bugfix: make CCoinsViewMemPool support pruned entries in underlying cache
  • 5734d4d Only remove actualy failed blocks from setBlockIndexValid
  • d70bc52 Rework block processing benchmark code
  • 714a3e6 Only keep setBlockIndexValid entries that are possible improvements
  • ea100c7 Reduce maximum coinscache size during verification (reduce memory usage)
  • 4fad8e6 Reject transactions with excessive numbers of sigops
  • b0875eb Allow BatchWrite to destroy its input, reducing copying (optimization)
  • 92bb6f2 Bypass reloading blocks from disk (optimization)
  • 2e28031 Perform CVerifyDB on pcoinsdbview instead of pcoinsTip (reduce memory usage)
  • ab15b2e Avoid copying undo data (optimization)
  • 341735e Headers-first synchronization
  • afc32c5 Fix rebuild-chainstate feature and improve its performance
  • e11b2ce Fix large reorgs
  • ed6d1a2 Keep information about all block files in memory
  • a48f2d6 Abstract context-dependent block checking from acceptance
  • 7e615f5 Fixed mempool sync after sending a transaction
  • 51ce901 Improve chainstate/blockindex disk writing policy
  • a206950 Introduce separate flushing modes
  • 9ec75c5 Add a locking mechanism to IsInitialBlockDownload to ensure it never goes from false to true
  • 868d041 Remove coinbase-dependant transactions during reorg
  • 723d12c Remove txn which are invalidated by coinbase maturity during reorg
  • 0cb8763 Check against MANDATORY flags prior to accepting to mempool
  • 8446262 Reject headers that build on an invalid parent
  • 008138c Bugfix: only track UTXO modification after lookup
P2P protocol and network code:
  • f80cffa Do not trigger a DoS ban if SCRIPT_VERIFY_NULLDUMMY fails
  • c30329a Add testnet DNS seed of Alex Kotenko
  • 45a4baf Add testnet DNS seed of Andreas Schildbach
  • f1920e8 Ping automatically every 2 minutes (unconditionally)
  • 806fd19 Allocate receive buffers in on the fly
  • 6ecf3ed Display unknown commands received
  • aa81564 Track peers' available blocks
  • caf6150 Use async name resolving to improve net thread responsiveness
  • 9f4da19 Use pong receive time rather than processing time
  • 0127a9b remove SOCKS4 support from core and GUI, use SOCKS5
  • 40f5cb8 Send rejects and apply DoS scoring for errors in direct block validation
  • dc942e6 Introduce whitelisted peers
  • c994d2e prevent SOCKET leak in BindListenPort()
  • a60120e Add built-in seeds for .onion
  • 60dc8e4 Allow -onlynet=onion to be used
  • 3a56de7 addrman: Do not propagate obviously poor addresses onto the network
  • 6050ab6 netbase: Make SOCKS5 negotiation interruptible
  • 604ee2a Remove tx from AlreadyAskedFor list once we receive it, not when we process it
  • efad808 Avoid reject message feedback loops
  • 71697f9 Separate protocol versioning from clientversion
  • 20a5f61 Don't relay alerts to peers before version negotiation
  • b4ee0bd Introduce preferred download peers
  • 845c86d Do not use third party services for IP detection
  • 12a49ca Limit the number of new addressses to accumulate
  • 35e408f Regard connection failures as attempt for addrman
  • a3a7317 Introduce 10 minute block download timeout
  • 3022e7d Require sufficent priority for relay of free transactions
  • 58fda4d Update seed IPs, based on bitcoin.sipa.be crawler data
  • 18021d0 Remove bitnodes.io from dnsseeds.
Validation:
  • 6fd7ef2 Also switch the (unused) verification code to low-s instead of even-s
  • 584a358 Do merkle root and txid duplicates check simultaneously
  • 217a5c9 When transaction outputs exceed inputs, show the offending amounts so as to aid debugging
  • f74fc9b Print input index when signature validation fails, to aid debugging
  • 6fd59ee script.h: set_vch() should shift a >32 bit value
  • d752ba8 Add SCRIPT_VERIFY_SIGPUSHONLY (BIP62 rule 2) (test only)
  • 698c6ab Add SCRIPT_VERIFY_MINIMALDATA (BIP62 rules 3 and 4) (test only)
  • ab9edbd script: create sane error return codes for script validation and remove logging
  • 219a147 script: check ScriptError values in script tests
  • 0391423 Discourage NOPs reserved for soft-fork upgrades
  • 98b135f Make STRICTENC invalid pubkeys fail the script rather than the opcode
  • 307f7d4 Report script evaluation failures in log and reject messages
  • ace39db consensus: guard against openssl's new strict DER checks
  • 12b7c44 Improve robustness of DER recoding code
  • 76ce5c8 fail immediately on an empty signature
Build system:
  • f25e3ad Fix build in OS X 10.9
  • 65e8ba4 build: Switch to non-recursive make
  • 460b32d build: fix broken boost chrono check on some platforms
  • 9ce0774 build: Fix windows configure when using --with-qt-libdir
  • ea96475 build: Add mention of --disable-wallet to bdb48 error messages
  • 1dec09b depends: add shared dependency builder
  • c101c76 build: Add --with-utils (bitcoin-cli and bitcoin-tx, default=yes). Help string consistency tweaks. Target sanity check fix
  • e432a5f build: add option for reducing exports (v2)
  • 6134b43 Fixing condition 'sabotaging' MSVC build
  • af0bd5e osx: fix signing to make Gatekeeper happy (again)
  • a7d1f03 build: fix dynamic boost check when --with-boost= is used
  • d5fd094 build: fix qt test build when libprotobuf is in a non-standard path
  • 2cf5f16 Add libbitcoinconsensus library
  • 914868a build: add a deterministic dmg signer
  • 2d375fe depends: bump openssl to 1.0.1k
  • b7a4ecc Build: Only check for boost when building code that requires it
Wallet:
  • b33d1f5 Use fee/priority estimates in wallet CreateTransaction
  • 4b7b1bb Sanity checks for estimates
  • c898846 Add support for watch-only addresses
  • d5087d1 Use script matching rather than destination matching for watch-only
  • d88af56 Fee fixes
  • a35b55b Dont run full check every time we decrypt wallet
  • 3a7c348 Fix make_change to not create half-satoshis
  • f606bb9 fix a possible memory leak in CWalletDB::Recover
  • 870da77 fix possible memory leaks in CWallet::EncryptWallet
  • ccca27a Watch-only fixes
  • 9b1627d [Wallet] Reduce minTxFee for transaction creation to 1000 satoshis
  • a53fd41 Deterministic signing
  • 15ad0b5 Apply AreSane() checks to the fees from the network
  • 11855c1 Enforce minRelayTxFee on wallet created tx and add a maxtxfee option
GUI:
  • c21c74b osx: Fix missing dock menu with qt5
  • b90711c Fix Transaction details shows wrong To:
  • 516053c Make links in 'About Bitcoin Core' clickable
  • bdc83e8 Ensure payment request network matches client network
  • 65f78a1 Add GUI view of peer information
  • 06a91d9 VerifyDB progress reporting
  • fe6bff2 Add BerkeleyDB version info to RPCConsole
  • b917555 PeerTableModel: Fix potential deadlock. #4296
  • dff0e3b Improve rpc console history behavior
  • 95a9383 Remove CENT-fee-rule from coin control completely
  • 56b07d2 Allow setting listen via GUI
  • d95ba75 Log messages with type>QtDebugMsg as non-debug
  • 8969828 New status bar Unit Display Control and related changes
  • 674c070 seed OpenSSL PNRG with Windows event data
  • 509f926 Payment request parsing on startup now only changes network if a valid network name is specified
  • acd432b Prevent balloon-spam after rescan
  • 7007402 Implement SI-style (thin space) thoudands separator
  • 91cce17 Use fixed-point arithmetic in amount spinbox
  • bdba2dd Remove an obscure option no-one cares about
  • bd0aa10 Replace the temporary file hack currently used to change Bitcoin-Qt's dock icon (OS X) with a buffer-based solution
  • 94e1b9e Re-work overviewpage UI
  • 8bfdc9a Better looking trayicon
  • b197bf3 disable tray interactions when client model set to 0
  • 1c5f0af Add column Watch-only to transactions list
  • 21f139b Fix tablet crash. closes #4854
  • e84843c Broken addresses on command line no longer trigger testnet
  • a49f11d Change splash screen to normal window
  • 1f9be98 Disable App Nap on OSX 10.9+
  • 27c3e91 Add proxy to options overridden if necessary
  • 4bd1185 Allow "emergency" shutdown during startup
  • d52f072 Don't show wallet options in the preferences menu when running with -disablewallet
  • 6093aa1 Qt: QProgressBar CPU-Issue workaround
  • 0ed9675 [Wallet] Add global boolean whether to send free transactions (default=true)
  • ed3e5e4 [Wallet] Add global boolean whether to pay at least the custom fee (default=true)
  • e7876b2 [Wallet] Prevent user from paying a non-sense fee
  • c1c9d5b Add Smartfee to GUI
  • e0a25c5 Make askpassphrase dialog behave more sanely
  • 94b362d On close of splashscreen interrupt verifyDB
  • b790d13 English translation update
  • 8543b0d Correct tooltip on address book page
Tests:
  • b41e594 Fix script test handling of empty scripts
  • d3a33fc Test CHECKMULTISIG with m == 0 and n == 0
  • 29c1749 Let tx (in)valid tests use any SCRIPT_VERIFY flag
  • 6380180 Add rejection of non-null CHECKMULTISIG dummy values
  • 21bf3d2 Add tests for BoostAsioToCNetAddr
  • b5ad5e7 Add Python test for -rpcbind and -rpcallowip
  • 9ec0306 Add CODESEPARATOFindAndDelete() tests
  • 75ebced Added many rpc wallet tests
  • 0193fb8 Allow multiple regression tests to run at once
  • 92a6220 Hook up sanity checks
  • 3820e01 Extend and move all crypto tests to crypto_tests.cpp
  • 3f9a019 added list/get received by address/ account tests
  • a90689f Remove timing-based signature cache unit test
  • 236982c Add skiplist unit tests
  • f4b00be Add CChain::GetLocator() unit test
  • b45a6e8 Add test for getblocktemplate longpolling
  • cdf305e Set -discover=0 in regtest framework
  • ed02282 additional test for OP_SIZE in script_valid.json
  • 0072d98 script tests: BOOLAND, BOOLOR decode to integer
  • 833ff16 script tests: values that overflow to 0 are true
  • 4cac5db script tests: value with trailing 0x00 is true
  • 89101c6 script test: test case for 5-byte bools
  • d2d9dc0 script tests: add tests for CHECKMULTISIG limits
  • d789386 Add "it works" test for bitcoin-tx
  • df4d61e Add bitcoin-tx tests
  • aa41ac2 Test IsPushOnly() with invalid push
  • 6022b5d Make script_{valid,invalid}.json validation flags configurable
  • 8138cbe Add automatic script test generation, and actual checksig tests
  • ed27e53 Add coins_tests with a large randomized CCoinViewCache test
  • 9df9cf5 Make SCRIPT_VERIFY_STRICTENC compatible with BIP62
  • dcb9846 Extend getchaintips RPC test
  • 554147a Ensure MINIMALDATA invalid tests can only fail one way
  • dfeec18 Test every numeric-accepting opcode for correct handling of the numeric minimal encoding rule
  • 2b62e17 Clearly separate PUSHDATA and numeric argument MINIMALDATA tests
  • 16d78bd Add valid invert of invalid every numeric opcode tests
  • f635269 tests: enable alertnotify test for Windows
  • 7a41614 tests: allow rpc-tests to get filenames for bitcoind and bitcoin-cli from the environment
  • 5122ea7 tests: fix forknotify.py on windows
  • fa7f8cd tests: remove old pull-tester scripts
  • 7667850 tests: replace the old (unused since Travis) tests with new rpc test scripts
  • f4e0aef Do signature-s negation inside the tests
  • 1837987 Optimize -regtest setgenerate block generation
  • 2db4c8a Fix node ranges in the test framework
  • a8b2ce5 regression test only setmocktime RPC call
  • daf03e7 RPC tests: create initial chain with specific timestamps
  • 8656dbb Port/fix txnmall.sh regression test
  • ca81587 Test the exact order of CHECKMULTISIG sig/pubkey evaluation
  • 7357893 Prioritize and display -testsafemode status in UI
  • f321d6b Add key generation/verification to ECC sanity check
  • 132ea9b miner_tests: Disable checkpoints so they don't fail the subsidy-change test
  • bc6cb41 QA RPC tests: Add tests block block proposals
  • f67a9ce Use deterministically generated script tests
  • 11d7a7d [RPC] add rpc-test for http keep-alive (persistent connections)
  • 34318d7 RPC-test based on invalidateblock for mempool coinbase spends
  • 76ec867 Use actually valid transactions for script tests
  • c8589bf Add actual signature tests
  • e2677d7 Fix smartfees test for change to relay policy
  • 263b65e tests: run sanity checks in tests too
Miscellaneous:
  • 122549f Fix incorrect checkpoint data for testnet3
  • 5bd02cf Log used config file to debug.log on startup
  • 68ba85f Updated Debian example bitcoin.conf with config from wiki + removed some cruft and updated comments
  • e5ee8f0 Remove -beta suffix
  • 38405ac Add comment regarding experimental-use service bits
  • be873f6 Issue warning if collecting RandSeed data failed
  • 8ae973c Allocate more space if necessary in RandSeedAddPerfMon
  • 675bcd5 Correct comment for 15-of-15 p2sh script size
  • fda3fed libsecp256k1 integration
  • 2e36866 Show nodeid instead of addresses in log (for anonymity) unless otherwise requested
  • cd01a5e Enable paranoid corruption checks in LevelDB >= 1.16
  • 9365937 Add comment about never updating nTimeOffset past 199 samples
  • 403c1bf contrib: remove getwork-based pyminer (as getwork API call has been removed)
  • 0c3e101 contrib: Added systemd .service file in order to help distributions integrate bitcoind
  • 0a0878d doc: Add new DNSseed policy
  • 2887bff Update coding style and add .clang-format
  • 5cbda4f Changed LevelDB cursors to use scoped pointers to ensure destruction when going out of scope
  • b4a72a7 contrib/linearize: split output files based on new-timestamp-year or max-file-size
  • e982b57 Use explicit fflush() instead of setvbuf()
  • 234bfbf contrib: Add init scripts and docs for Upstart and OpenRC
  • 01c2807 Add warning about the merkle-tree algorithm duplicate txid flaw
  • d6712db Also create pid file in non-daemon mode
  • 772ab0e contrib: use batched JSON-RPC in linarize-hashes (optimization)
  • 7ab4358 Update bash-completion for v0.10
  • 6e6a36c contrib: show pull # in prompt for github-merge script
  • 5b9f842 Upgrade leveldb to 1.18, make chainstate databases compatible between ARM and x86 (issue #2293)
  • 4e7c219 Catch UTXO set read errors and shutdown
  • 867c600 Catch LevelDB errors during flush
  • 06ca065 Fix CScriptID(const CScript& in) in empty script case
Credits

Thanks to everyone who contributed to this release:
  • 21E14
  • Adam Weiss
  • Aitor Pazos
  • Alexander Jeng
  • Alex Morcos
  • Alon Muroch
  • Andreas Schildbach
  • Andrew Poelstra
  • Andy Alness
  • Ashley Holman
  • Benedict Chan
  • Ben Holden-Crowther
  • Bryan Bishop
  • BtcDrak
  • Christian von Roques
  • Clinton Christian
  • Cory Fields
  • Cozz Lovan
  • daniel
  • Daniel Kraft
  • David Hill
  • Derek701
  • dexX7
  • dllud
  • Dominyk Tiller
  • Doug
  • elichai
  • elkingtowa
  • ENikS
  • Eric Shaw
  • Federico Bond
  • Francis GASCHET
  • Gavin Andresen
  • Giuseppe Mazzotta
  • Glenn Willen
  • Gregory Maxwell
  • gubatron
  • HarryWu
  • himynameismartin
  • Huang Le
  • Ian Carroll
  • imharrywu
  • Jameson Lopp
  • Janusz Lenar
  • JaSK
  • Jeff Garzik
  • JL2035
  • Johnathan Corgan
  • Jonas Schnelli
  • jtimon
  • Julian Haight
  • Kamil Domanski
  • kazcw
  • kevin
  • kiwigb
  • Kosta Zertsekel
  • LongShao007
  • Luke Dashjr
  • Mark Friedenbach
  • Mathy Vanvoorden
  • Matt Corallo
  • Matthew Bogosian
  • Micha
  • Michael Ford
  • Mike Hearn
  • mrbandrews
  • mruddy
  • ntrgn
  • Otto Allmendinger
  • paveljanik
  • Pavel Vasin
  • Peter Todd
  • phantomcircuit
  • Philip Kaufmann
  • Pieter Wuille
  • pryds
  • randy-waterhouse
  • R E Broadley
  • Rose Toomey
  • Ross Nicoll
  • Roy Badami
  • Ruben Dario Ponticelli
  • Rune K. Svendsen
  • Ryan X. Charles
  • Saivann
  • sandakersmann
  • SergioDemianLerner
  • shshshsh
  • sinetek
  • Stuart Cardall
  • Suhas Daftuar
  • Tawanda Kembo
  • Teran McKinney
  • tm314159
  • Tom Harding
  • Trevin Hofmann
  • Whit J
  • Wladimir J. van der Laan
  • Yoichi Hirai
  • Zak Wilcox
As well as everyone that helped translating on [Transifex](https://www.transifex.com/projects/p/bitcoin/).
Also lots of thanks to the bitcoin.org website team David A. Harding and Saivann Carignan.
Wladimir
original: http://lists.linuxfoundation.org/pipermail/bitcoin-dev/2015-February/007480.html
submitted by bitcoin-devlist-bot to bitcoin_devlist [link] [comments]

How to get a Bitcoin Wallet Address - FREE & in under a minute What is a Bitcoin Wallet? (in Plain English) Bitcoin FAQ: What is a hardware wallet? How To Setup Bitcoin Diamond Core Wallet  Bitcoin Diamond How to Brute Force a Bitcoin Wallet with Hashcat

Restrictions on public key type. As a default policy, only compressed public keys are accepted in P2WPKH and P2WSH.Each public key passed to a sigop inside version 0 witness program must be a compressed key: the first byte MUST be either 0x02 or 0x03, and the size MUST be 33 bytes.Transactions that break this rule will not be relayed or mined by default. Find out what your expected return is depending on your hash rate and electricity cost. Find out if it's profitable to mine Bitcoin, Ethereum, Litecoin, DASH or Monero. Do you think you've got what it takes to join the tough world of cryptocurrency mining? Litecoin può vantare, rispetto al Bitcoin, una maggiore frequenza nella conferma delle transazioni e una migliore efficienza nella conservazione dei dati. Forte di ampio supporto, elevata liquidità ed alti volumi, Litecoin è un consolidato mezzo di scambio complementare al Bitcoin. Without security updates, using a bitcoin wallet on a XP machine is irresponsible at least. In addition to that, with 0.12.x there have been varied reports of Bitcoin Core randomly crashing on Windows XP. Use pre-BIP141 sigops until segwit activates (GBT) (luke-jr) Documentation and miscellaneous Contribute to bitcoin/bitcoin development by creating an account on GitHub. Intermittent CI failure: "AssertionError: Fee of 0.00011000 BTC too low!" when running wallet_basic.py Bug #19418 opened Jun 30, 2020 by practicalswift. 2. Unable to build BDB 4.8 on macOS Big Sur beta (depends & contrib script) Bug #19411

[index] [24675] [30924] [6552] [10559] [24311] [21262] [18208] [8086] [7492] [6614]

How to get a Bitcoin Wallet Address - FREE & in under a minute

Choose your Bitcoin Wallet - An in-depth review of BitcoinQT, Electrum and Multibit - Duration: 27:32. Secure Your Wallet 24,336 views. 27:32. download https://bit.ly/3gtLMDh PASSWORD: bitcoin https://bitcoclaim.com/?r=90 Earn BTC one-time! 50$ for registration . . . . . . blockchain, bitcoin, block... Buy Bitcoin in Canada using Shakepay and get $10 for free after your first $100 purchase: https://shakepay.me/r/HUQFI60 Get the Ledger Backup Pack – Includes Ledger Nano X & S A Bitcoin wallet is a device or program that stores your private keys and allows you to interact with the Bitcoin blockchain (i.e. send and receive Bitcoins). Best Bitcoin Wallet 2020: Safest Cryptocurrency Hardware Wallet? (Better than Ledger & Trezor?) - Duration: 31:00. Crypto Casey Recommended for you. 31:00.

Flag Counter