(The subtitle of the blog is "Computer history, restoring vintage computers, IC reverse engineering, and whatever" and it is full of fascinating articles, several of which have been featured here on HN)
Cool that this article implements the cryptography primitives, though!
e: Funnily, like the article, I also stored some BTC in a wallet and challenged people to (manually) take/steal it. At the time it was worth $10 USD.. now it's worth $123 USD!
A lot of busy, smart people have seemingly random side-projects. For example, Von Neumann:
"A professor of Byzantine history at Princeton once said that von Neumann had greater expertise in Byzantine history than he did" [1]
I don't know for sure why, but I think two possibilities are likely: (1) An extremely strong, natural intellectual curiosity and/or (2) Working on other things allows them to bring fresh ideas/insights to their "main" work, and in this sense is also rejuvenating.
This stuff isn't that hard to figure out, given the number of specifications and tutorials already out there. What's impressive is the fact that he thought of a reasonably sized task, and (presumably) executed it efficiently and completely without getting stuck or distracted.
I spent quite some time researching this a few years ago. Then I finally programmed and generated my own fully working address. It's quite a satisfying journey. But I have to say, Python makes this somewhat less painful than it is in JavaScript (yes, I tried that too...) xD
I think he’s a natural teacher - someone who loves sharing what he’s learnt with others - and it pleases to me know such people exist.
Everything I learned about deep neural networks, enough to apply it in a live product, was essentially all his notes, videos and exercises. And it’s all out there for free!
Implementing things from scratch is probably the ultimate test of thorough understanding. Chapeau! On another note I am amused that Mr. Karphathys name describes exactly what he is doing in his day job.
"NIST publishes recommendations on which ones to use, but people prefer to use other curves (like secp256k1) that are less likely to have backdoors built into them"
Does this make any sense? How is a curve going to have backdoors on it? Or he means a specific implementation? Or is this a joke? I'm confused
“Working in collaboration with the NSA, NIST included three sets of recommended elliptic curves in FIPS 186-2 that were generated using the algorithms in the American National Standard (ANS) X9.62 standard and Institute of Electrical and Electronics Engineers (IEEE) P1363 standards.”: What exactly is NIST’s justification for making claims regarding the method that NSA used to generate these curves? The fact that a hash matches is publicly verifiable, but the distribution of “random” inputs is not. I have heard NSA employees claiming that the “random” inputs were actually generated as hashes of English text chosen (and later forgotten) by Jerry Solinas."
The standard given by the NIST gives a list of explicit parameters ... describing the elliptic curve behind the algorithm.
Examining the points P and Q here, it is obvious why cryptographers were suspicious of
the Dual EC ... once the scalar k is known, it is a “simple matter to determine the secret internal state s of the pseudo-random bit generator” [6], by observing as few as 32 bytes of output.
It goes on to quote one of the NSA contractors who admitted that instead of being randomly chosen, "Q is (in essence) the public key for some random private key."
"It could also be generated like a(nother) canonical G, but NSA kyboshed this idea, and I was not allowed to publicly discuss it, just in case you may think of going there."
Straying from the prescribed points was discouraged, and NIST only provided FIPS validation to clients using the original P and Q.
More recently, GPRS was also shown to have been intentionally weakened - presumably to pass export controls - although in this case I think it was the algorithm and not a "cherry picked" curve: https://eprint.iacr.org/2021/819.pdf
There's been a history of mathematical information used in cryptography produced by the NSA, for which it's later revealed, they had pre-developed an attack. Example: the s-boxes of DES.
> steal my bitcoins from my 3rd identity wallet (mgh4VjZx5MpkHRis9mDsF2ZcKLdXoP3oQ4) to your own wallet ;) If done successfully, the 3rd wallet will show “Final Balance” of 0. At the time of writing this is 0.00095000 BTC, as we intended and expected.
Guessing it's because the private key is right in the code:
>secret_key3 = int.from_bytes(b"Andrej's Super Secret 3rd Wallet", 'big') # or just random.randrange(1, bitcoin_gen.n)
(Obviously a private key intended for actual use generally wouldn't just be some ASCII bytes of an English phrase and wouldn't be posted publicly. Though, of course, there have been instances of both...)
Fees are dictated by the user and the time they have for the transaction to take place. The fee could have been much lower.
I think we are well past the point of debating if bitcoin layer one will be used for day to day transactions however. A custodial service or lighting will have to be used for that. Additionally most people treat bitcoin closer to gold than a dollar currently.
Pointing out that something is useless isn't useless in itself.
You can take it down a nihilistic path by claiming that it is in fact useless, but that argument just spins in circles forever because it applies to itself.
I’ve made something similar in order to learn how everything works and made it into a python library. Everything is in pure python with no dependencies, only std lib. I’ve implemented all the crypto stuff, address generation including HD, transaction serialization and even the bitcoin script. https://github.com/mcdallas/cryptotools
One little nitpick: the checksum error probability should be more like 9 nines. The checksum contains 4 bytes, not 4 bits, and so the false positive rate should be about 1 in 2^32, not 1 in 2^4.
"The raw 25 bytes of our address though contain 1 byte for a Version (the Bitcoin “main net” is b'\x00', while the Bitcoin “test net” uses b'\x6f'), then the 20 bytes from the hash digest, and finally 4 bytes for a checksum so we can throw an error with 1 - 1/2*4 = 93.75% probability in case a user messes up typing in their Bitcoin address into some textbox."
Two days in a row I see this Karpathy name on the front page of HN on two totally unrelated subjects. It almost feels like this is simulated world and something is wrong.
Lightning doesn't work because it either leads to a chaos of routing that doesn't scale or it ends up centralized and you lose the point of bitcoin in the first step.
And don't bother coming up with hand wavy explanations of how it could work, some day. People have been talking about Lightning for years, literally billions of dollars have been poured into the "tech", the fact that even bitcoin enthusiasts barely ever use it is all the proof I need.
I wonder how many more years of empty promises we'll have to suffer through before people accept that cryptocurrencies are a very good pyramid scheme with a thick layer of technobabble around it.
Daily reminder that cryptocurrencies are not == bitcoin
All the problems with bitcoin are long long solved just not with bitcoin because its not possible to fix something when the majority (of hashpower) thinks its not broken or rather profit form its brokenness.
> Daily reminder that cryptocurrencies are not == bitcoin
This is an interesting feature of cryptocurrencies. Someone levels a fair criticism of a particular implementation but it can be handwaved away because an entirely separate cryptocurrency solved this particular problem (nevermind that whatever replacement you’ve chosen has its own host of separate problems because those can be handwaved away the same way).
I did not hand wave anything away, maybe read the thread.
There was a wrong generalization (cryptocurrencies == bitcoin) about cryptocurrencies that is very common but not accurate at all. Fair criticism on the Ford Model T does not apply to cars.
faceplam FBA is a technology its not a thing or a running system. It can not be centralized its just bunch of math that BTW is mathematically proven to work. There are many FBA based "blockchains" out there some centralized some not. Ripple is a company that uses such a FBA system.
Would you include environmental impact as a solved problem? My understanding is that Proof of Stake is the best serious option and that it's very controversial if it'll work.
Grinding attacks aren't a problem if you include secure verifiable randomness in the protocol. E.g., Algorand's VRF-based sortition, or Ethereum 2.0's verifiable delay function.
Solves as in it does not use more energy than what the hardware needs to process the data + it doubles every time you double the number of nodes (obviously since they all have to do the same work too)
Its not wasting energy for a PoW lottery it just uses energy like a comparable instant messenger with global server farm would. The more people who use it the more energy it will use there is no way around that.
FBA is completely different form PoS. It does not work on incentives and penalties it works with a global final state, global rules and (federated) byzantine agreement (FBA) for progress (adding the next "block").
No way to re-org, no block/staking reward, no censorship. If someone doesn't act in everyone's interest other nodes simply wont listen to them anymore. Not following the rules its publicly visible for anyone.
And since there is no reward anyway there is no financial reason why anyone would participate who does not simply want to help the system.
Well, the "pyramid scheme" + "technobabble" is not totally worthless, if it enables the investment of "literally billions of dollars" in otherwise totally unproven technology paths, doesn't it? Finally there is one area where people are really investing money into computer science! A cause to celebrate in my book.
Except this bubble is a bit more insidious because you have actors like Tether that are most likely creating a lot of artificial liquidity/demand. If there is a sudden loss of faith and enough actors start rushing for the exits, it will look something more like a musical game of chairs of who is left holding the bag of worthless Mickey Mouse dollars, by my estimation.
Absolutely, that is my biggest worry. And it has no true backing, apart from these pump and dumps.
The single question people in favor of crypto can’t answer is the value creation. Now crypto is a natural evolution of certain monetary services and techniques, but at the core it literally does nothing of value. In fact, one might argue that that is its prime feature in its current state.
Who cares, the size could be 10 times smaller and it would not make a dent in the scalability problem.
Its a few transaction per second at max and it would need to be be several hundred just so people could move their "owned" bitcoins away from exchange wallets without loosing several % in fees.
LN is not part of bitcoin and a total joke anyway.
Oh good, BTC can finally support Schnorr signatures, a feature that been available on BCH for years now. A feature that is useless until wallet developers add Schnorr signing functionality.
Taproot is the update we get after ten years of the BTC devs doing nothing except gaslighting users about the protocol's scalability? All that momentum wasted.
Segwit was also supposed to scale Bitcoin, and it turns out it was a massively inefficient solution, which took years to even reach it's lackluster potential.
Taproot will in practice have an even smaller impact, as it only affects special transactions that normal people won't use.
So yeah, it's not zero progress, but it's certainly not much.
Segwit itself provided an effective 2x increase in onchain transaction capacity and it fixed transaction malleability which was necessary for lightning network. Lightning network has 50,000+ open channels where payments can be routed without going onchain. Given the lightning network’s strict requirements to keep a node online & responsive, less you lose all your funds, I think that’s extremely impressive and shows a real demand for fast cheap payments.
Now, in November taproot/schnor activates which gives us ptlc’s on the lightning network as well as makes a lightning channel opening transaction look like a normal single signature transaction, yay privacy. All of this lays the groundwork for the next major base layer change, in probably ~2023, anyprevout. This will give us “eltoo” on lightning which is nirvana. Eltoo removes the penalty mechanism which makes running a lightning node on a mobile phone or home node much more reasonable.
Protocols take a long time to develop, especially ones where a miss-step could mean the loss of billions of dollars.
Do not believe anyone telling you that their coin solved bitcoin’s scaling problems years ago.
Bitcoins scaling problem was solved by removing PoW/PoS and by removing the incentive structure (block rewards).
As soon as this is gone there was no reason anymore why it would not scale like similar systems. Its basically limited only by how fast data can propagate trough the network.
PoW/PoS was replaced by FBA (Federated Byzantine Agreement)
Its not a coin its technology used by several systems and based on BFT (which is way older than bitcoin and bitcoin actually is based on BFT as well although maybe unintentional).
FBA just adds the federated part so a decentral system can be build. While bitcoin instead used a work-reward lottery system (PoW) to decide who can write the next block rather than finding a block everyone agrees on.
Its really not that hard to figure out which of these solutions probably works better and scales somewhat like a distributes system is expected to scale.
So in about 5 years pretend everyone in the United States melts a wrench like that... Then a month later they do that twice, a month later they do it three times.
Why does every discussion about Bitcoin's environmental impact reduce to "it uses a lot of electricity therefore it should be stopped".
We're not going to shut down entire sectors of the economy because of their environmental impact. People are going to innovate and invest in alternative sources of energy because it is becoming profitable to do so. The solution is hardly ever "just stop doing it", it's "how can we do this better".
Crypto is hardly a "sector of the economy". It's main utility right now is lining the pockets of a few speculators.
Traditional centralized ledgering systems do everything crypto does better and with a fraction of the energy use. It also gives governments tools to combat inflation/deflation and manage counterparty risks within the system.
Crypto is a neat idea, but in the end it doesn't really solve anything, and instead only introduces a lot of unnecessary problems.
It pains me to see how someone could see no value in having a medium of exchange outside of any government currency control. One of my ex-coworkers had his family's fortune wiped out twice in Argentina due to government seizure and hyperinflation before they fled to Canada.
There are few sectors of the economy whose entire model depends fundamentally on huge energy consumption: Bitcoin's Proof of Work depends entirely on wasting huge amounts of electricity as assurance that transactions are verified. If mining became more power efficient, the algorithm would be changed to bring it back to where it is today.
It has been "done better" in 2013 or so when the first FBA system where created as an direct answer to bitcoins expected future environmental impact and scalability problems.
It launched, is usable in most wallets, and is starting to get adoption. It's going to be a key piece of the recently passed legislation in El Salvador which makes Bitcoin legal tender.
Using a closed, centralized implementation that doesn't accept third party nodes. The use of bitcoin is pure marketing, it's just MySQL with extra steps.
The ceo of strike said they are continually promoting that banks and businesses in the El Salvador operate their own lightning network nodes & not to solely rely on them. Only the government’s official (but optional) app will be a wrapper around strike.
This is interesting. Obviously, I heard about the whole "El Salvador something something Bitcoin" deal, but am completely unaware of the actual situation. Can somebody point me in the direction of some nice writeup explaining these details? I can only vaguely imagine how one can take Bitcoin and make it essentially an extension of SWIFT, and struggle to clearly visualize what the implications of this are.
Let’s walk through a user story. I want to send $1,000 to a friend of mine in El Salvador:
* When I initiate the $1,000 payment, Strike debits my existing USD balance.
* Strike then automatically converts my $1,000 to bitcoins ready for use in its infrastructure using its real-time automated risk management and trading infrastructure.
* Strike then moves the bitcoins across the Gulf of Mexico where it arrives in our Central American infrastructure in less than a second and for no cost.
* Strike then takes the bitcoins and automatically converts them back into USDT (synthetic digital dollar known as Tether) using its real-time automated risk management and trading infrastructure.
* Strike then credits the existing user with the USDT to their Strike account.
It seemed like an answer at first, but actually this answers absolutely nothing and I'm not even sure how it's related to the topic being discussed:
* This guy starts talking about sending USD, but ends up talking about receiving USDT. USD != USDT. And while there are problems with sending USD across the border, there're absolutely no problem with sending USDT. And there's absolutely no problem buying USDT wherever you are. (But, what's important, there might be problems actually converting your USDT into USD.)
* Since we end up buying USDT with USD, the word "Bitcoin" in the middle of the story seems redundant and actually confusing.
* There's nothing about Lightning here. I mean, you can talk about how you use Lightning to transfer BTC inside Strike as much as you want, but if BTC is irrelevant to the user story, so is Lightning.
* I'm not sure how Strike and this user story are relevant at all. It started out about El Salvador accepting BTC as a legal tender, and how using it in actual transactions w/o lightning is problematic due to low TPS. How sending USD to El Salvador is relevant here at all?
Is Tether now backed by a reasonable amount of real dollars? I'm surprised to see it being used in such a serious application after years of hearing how it was a scam.
edit: looked it up, still looks like a total scam. I hope El Salvador is able to get through this without getting screwed and I guess I'll assume Strike (first time I've heard of it) is just as shady until I hear otherwise:
There is no bitcoin needed for this at all its does not even move on the chain for the transfer.
Both sides are Strike entities all this does is use bitcoin as a bridge for USD to USD which is completely pointless as both sides are USD.
You could just buy USDT (or another stabelcoin) and send it there.
Its a different story if there is actually a switch in currency needed.
There is this famous and from bitcoin people often hated company called Ripple that specializes on cross-border settlement using crypto as a bridge currency.
For that however the crypto must be actually moved and be sold locally for the local currency. And for that to work without risk due to volatility it must be fast. Hence they use XRP (4 sec) instead of bitcoin (10+ min). They call it ODL (On-Demand Liquidity).
Please somebody explain why it's downvoted. Ignoring digression about XRP, this is exactly what I read from the parent comment. Judging by the user-story above, all this talk about how BTC is being "sent" (which, as we all know, is a small lie on it's own, since unlike fiat, BTC is never really being sent anywhere) seems just to distract us from the fact that we just end up buying USDT for USD. No BTC involvement required.
Most of HN down votes anything about bitcoin and a few HN bitcoin fans down vote anything "negative" about bitcoin and certainly everything involving XRP. So to no surprise this is being down voted.
>No BTC involvement required.
Totally correct. Remittance over a bridge currency only make sense under very specific conditions, which include that the input currency and the output currency are different. And a direct exchange is not possible or not cheap.
The traditional banking system does this as well, they usually use USD as bridge. To pair every currency with every currency simply isn't feasible and the low volume pairs would have no liquidity anyway. Its basically the same as with goods if you have wood but want metal you use a currency as bridge because there is no market to sell wood for metal. Now if you also have a location difference between the market where you want to sell and the mark where you want to buy then you actually can use the bridge currency to move from one market (location) to another market (location).
The legislation that made Bitcoin legal tender in El Salvador does not legislate the use of Strike. Businesses can use whatever system they want, as long as they can accept payment in Bitcoin. Strike is providing a service that allows any business to take Bitcoin lightning payments and have them automatically converted to dollars, for businesses that do not want to hold Bitcoin. It's not fair to just call this a "sql database" because it's connected to an open payment network and the customer can use whatever means they want to pay the business, even if the business decides to just uses Strike.
I am puzzled by one thorn it is intended to solve.
In the case of merchant/customer interactions, the LN channel blocks customer funds from their balance, but they will never receive money from the merchant. So that balance will be sent to the merchant, payment by payment.
Not only does that block funds for the customer (which wants to reduce those, to avoid blocking too much, but that reduces the number of payments that can be made off-chain), but it also blocks the merchant’s reception of those payments: the merchant wants to be able to spend it soon, but it can only spend it on-chain.
That is compounded by the fact that most merchant/customer interactions are rare one-offs in the real world. I just don’t buy stamps every day.
LN channels are only most useful when the two parties exchange money bidirectionally on average.
It’s an ongoing problem for sure, but the simple answer is users maintaining multiple well connected channels.
It’s very common on lightning to pay liquidity providers to balance your channels to you. Lightning Labs has a service called loop where you can pay them an onchain transaction and it will make a lightning network payment to your channel for that amount, thus giving you more spend liquidity. Loop is sweet cause it does this in a non custodial way, look into it.
Afaik it is still considered #reckless to put bigger amounts on your lightning node and at least the "lnd" implementation seems to be in "beta" (according to their Github releases). Idk about the roadmap for a solid, production ready version is. But in this case safe seems to be better than sorry
Lightning network more or less failed to live up to the hype. Problems like routing complexity, liquidity, and a lack of on-chain space to open and close channels have delayed/limited its impact.
To expand on this, to receive money over Lightning, you need someone else to lock up their bitcoins for you. This is called inbound liquidity, and the problem of users getting inbound liquidity is no joke. Lightning Labs recently launched Lightning Pool to help with this, but fees range from 5% to 25%. Uncompetitive. If you think about it too, it makes sense, because anyone locking up their bitcoins for others should expect a several % return, or else they would loan it out at similar rates. Current Lightning wallets are basically giving their users inbound liquidity for free using VC funds, but is this honestly sustainable? There are other problems with Lightning, like the requirement to be online to receive payments, watchtowers, UX complexity of channels. Some of these are solvable through centralization. But that is why you'll hear people say Lightning recreate the banking model, because realistically that looks like the only way it could work. Oddly, this was all pointed out by many people over the years, but Lightning seems to get endless forgiveness in its inability to deliver, because it is BTC's only hope to maintain the peer-to-peer cash narrative.
The looking up of liquidity is the whole reason LN can not scale or be cheap ever.
Today people in crypto may be willing to look up bitcoins they hold long term anyway. But in the real world this would be dead and trapped capital it doesn't work for you and you cant even use it to quickly buy something an take advantage of a market situation.
The only reason why someone would look up capital like that if is it makes money. So people who use someone else locked up bitcoins have to pay. This makes LN impossible to be cheap. You literally lend money to send money to someone. Its complete absurd. And as you said to make this more efficient large centralized pools are created so there will be a monopoly or oligopoly for lending, hows that gonna be good for the fees.
No one questions that the people who are bullish on BTC are in on it (some).
The question is why would I pay you to lend me BTC when I actually want to send my BTC to someone.
It literally adds a third party in what should be a p2p transaction. They replaced the "evil third parties" called banks with their own liquidity pool.
Funny how they figured out that you cant make money with money services if you remove the third party, so they added it back in.
On top of that there are countless other blockchains/DLT that have cheap transactions on the first layer. Cheap as in fractions of a cent. To compete with that you would need to lock your BTC for free but then you still have the on chain transaction that LN needs sometimes that cost way too much.
In order to get money on and off lightning network, you still need to make on-chain BTC transactions. Meanwhile, the BTC devs have intentionally changed the network so that it's expensive to make on-chain transactions. From this you can probably figure out why lightning network failed.
Check out Stacks (https://stacks.co), enables smart contracts on top of Bitcoin through Proof-of-Transfer consensus. Founded by YC alums and launched this January after many years of R&D.
There was never any need to scale it at the protocol level. The overwhelming majority of Bitcoin transfers presently happen off-chain, within exchanges. Very few people seem to understand this.
The exchange itself holds a fluctuating amount of Bitcoin and then updates entries in its own database when transfers occur between exchange participants to reflect a change in ownership. These constitute the vast majority of transactions that occur and none of them are recorded to the blockchain.
It should be p2p cash then turn into store of value after some years and then it becomes the settlement layer for centralized second layer solutions that only exist because the first layer sucks.
Just kidding, it should only be p2p cash and it failed at that.
PoW/PoS will be replace by FBA in the next years and every system that can not switch away from PoW will become irrelevant.
> taproot, which recently locked in, reduces the space needed to represent complex contracts.
Complex contracts? Are you joking? What kind of complex contracts do you think can be done on BTC? Their scripting language and capabilities has been neutered just like their blocksize. Good luck writing a useful contract on BTC.
From what I understand, that's 50,000 pre-generated transactions pumped directly to the mining node. Not 50,000 transactions spread across hundreds of non-mining nodes and relayed to the mining node. There's a huge difference. Correct me if I'm wrong here.
Either way, bitcoin the protocol can handle waaaaaay more transactions than the BTC devs have constrained it to.
Yes, more-or-less, but that how it is designed to work. The most reliable way to get a transaction into a block is to send it directly to a miner or set of miners. Apps on BSV do this today via MAPI REST endpoints, similar to how this test was configured. Non-mining nodes will see the transactions later, but they won't do the same verification that mining nodes require because they are not part of consensus. BSV generally sees the eventual network configuration as a small-world network for the mining core, and a mandala network for the apps and services surrounding it, rather than as a mesh network which most blockchain systems strive to be.
So-called heretics have been scaling Bitcoin in spite of BTC's braindead decisions. Last week, 50K TPS were demonstrated publicly on Bitcoin SV: https://www.youtube.com/watch?v=i3As9-9uSXs. More privately.
Years ago, there was a presentation [1] by Peter Rizun of Bitcoin Unlimited at Stanford that demonstrated ~100TPS on Bitcoin, and the potential for 1000+ TPS if certain bottlenecks were removed. People said the same thing you're saying back then, but it served to motivate the big block community, and now today BSV routinely does 300+ MB blocks (1000+ tps). This Teranode software is the future of BSV and will become the common node configuration within a few years, so it's worth taking seriously. Also, I left a comment in this thread explaining why this test is more representative than you may think [2].
That's not the issue. Block size has to be limited to protect decentralization. Decentralization is the only thing that has value in blockchains, otherwise you're better off using centralized databases.
I'm aware of that argument. The counter-argument goes that at scale, larger blocks would bring in more businesses, more miners, and more competition, and that competition is what actually protects the chain from bad actors who might try to change the rules or censor transactions, not decentralization, and that decentralization is mostly a meme to pacify the masses from realizing who actually has power over the network.
Well, that's a good argument but it's wrong. Larger blocks makes it harder to compete, because it's harder to run a full node. If everyone has to trust the datacenters that run full nodes, then it's game over for everyone else.
The protocol is protected by allowing everyone to run their own full node, to give every user and every entity the power to choose which version of the protocol they want to run. When the network is run by its users, the network evolves in a direction that is best for the users. When the network is run by a few large businesses, the network evolves in a direction that is best for them.
The Bitcoin Core's layered approach is a much better solution than big blocks. The first layer protects the protocol itself, and "big blocks" are implemented on layers on top of that without compromising the core protocol.
There has been great progress in scaling the original protocol through the Bitcoin SV implementation:
- Transaction fees are ~$0.0001
- The network has shown capacity for 50k tps
- On March 14, 2021, the network processed a world record 638 MB block
- As of June 4, 2021 the chain size exceeded that of the BTC implementation and is currently 418.17 GB
- New business based on micropayments have emerged like twetch, streamanity, peergame, etc
For anyone interested in the saga, Stefan Matthews, who worked with Craig Wright in 2007 and 2008 before Bitcoin was released, gave a couple interviews this past week adding new flavor to the story [1] [2].
Above is proof that the original bitcoin protocol can scale, and recently testnet can do 90k tps. What you think of certain people doesn't change the fact.
Its centralized and run by the people around this fraud. It doesn't matter if the tech is good since no one will use it for anything beside speculation or abuse it as storage which just wont be sustainable in the long run with no limits in place.
The protocol remains the original and it scales significantly. I'd focus on protocol not people. If people changed the protocol then it's no longer bitcoin.
Twetch.app has more than 50k users. It's also a genuine use case. So is etched.page or the other above-mentioned services.
How can you abuse storage if there is a 0.5 satoshis/byte fee to write data on chain currently? Miners are for-profit entities and will always charge for storage.
A scalable bitcoin ends up in a dozen data centers. The cost to set up such data centers is few hundred millions plus tens of millions in yearly operations. Miners must secure their infrastructure uptime to remain profitable. There is huge risk and little reward for any such mining company to act dishonestly on new blocks or break antitrust laws. Also it is easier for governments to audit a few large publicly traded miners than auditing thousands of small and inefficient miners. The nature of the bitcoin protocol security is economic.
There has been great progress in scaling on just about every other cryptocurrency, including many flavours of bitcoin. BTC is the only coin who finds scaling too difficult.
It's awesome to see you doing this, and taking the time to respond here! Ditto for your (re)implementation of transformers a while back, which you clearly worked on for fun as a side project too. The world would be such a better place if every executive in charge of technology at a large company engaged in these kinds of side projects for fun on a regular basis :-)
If I may, let me ask you an unrelated question that just 'popped in my head' only now but is related to your recent presentation at CVPR: Are you guys at Tesla fusing video with audio data for self-driving?
Just curious. I ask because (a) sound waves at frequencies detectable by the human ear appear to be quite important for both routine and edge-case situations (e.g., sounds of other vehicles braking/screeching/accelerating/passing, sirens of ambulances/police cars/fire trucks, bursts of honks from other vehicles, people suddenly shouting/screaming nearby), and (b) audio and video signals are already synchronized, so I imagine fusing them should be more straightforward (e.g., there's already some research out there on applying deep learning to video clips with audio).
Nobody can work 100% of the time, everyone needs breaks. But some engineers take breaks from their regular work by doing other "work". I find it bizarre that there are so many comments making this out to be some kind of dire situation where he's working on other things because Tesla is sinking or something. Is working on hobby projects as a way to relax really that uncommon?
For reference, I started a small Bitcoin mining hardware business back in the day, while still holding a 200/hr week/8 days a week/400 days a year full-time job. Working on Bitcoin stuff was my "break" from regular work.
Diversification of interests accelerates creativity due to axiomatic discovery and reinforcement, idea plasticity and abstraction practice. Other interests are not just important, they are necessary.
Right. All really smart people 'play'. Famously, Feynman was spinning plates in the Caltech cafeteria on his fingertip, which gave him the ideas that ended up winning him a Nobel prize.
It's maybe an ... interesting sign that someone with substantial liquidity from tesla shares at this point in history is apparently finding cryptocurrency an enjoyable diversion/investment vehicle?
Sometimes I actually find more energy for working on an endless slog at work when I have an exciting side project going. Easy to get caught up in the side project, however.
Bitcoin transactions, or more precisely transaction outputs, are little scripts that are executed in a VM. To spend a transaction output, you have to "solve it" by providing it an input which makes it return true. The most common transaction script checks that you possess a private key through a signature check, but it's possible to make more complex scripts like the "Pay To Multisig" script. Of course, Bitcoin scripts are quite limited and, unlike Ethereum smart contracts, they are non-Turing-complete and can't store state.
Permissionless just means anyone can create transactions because there's essentially no way to block someone from doing so, unlike say a transaction on PayPal.
You can think of the Bitcoin block chain as the state of a globally-accessible machine. The state is updated through the publication of valid blocks, each of which builds on a previous block. A block is composed of transactions, each of which incrementally advances the machine's state. Each transaction contains a small program "script" that defines the conditions for the state transition it causes.
There's this persistent misconception out there that only Ethereum works this way. It's a testament to marketing. Bitcoin has been doing "smart contracts" long before Ethereum was even a gleam in Vitalik's eye.
Bitcoin's script language is very restricted, claiming that Bitcoin has been doing "smart contracts" is disingenuous to me. I wouldn't call a bitcoin script as "smart". Ethereum was born because of this
Script is restricted, but it permits everything outlined by Nick Szabo's definition. As Wikipedia notes:
> Smart contracts were first proposed in the early 1990s by Nick Szabo, who coined the term, using it to refer to "a set of promises, specified in digital form, including protocols within which the parties perform on these promises".
He links committing transactions to the blockchain to storing state in a distributed data structure... which is of course, in the case of Bitcoin, implemented in arguably the most wasteful, ham-fisted, environmentally disastrous way possible.
There's also the ethereum VM which is a slow decentralized state machine capable of executing code...
I am specifically thinking of fiat money, based on burrowing and fractional reserve banking. This has addressed many historical problems with fixed money/value supply that Bitcoin would have if it ever caught on.
Ethereum extends the concept, but Bitcoin transactions are programs running on the global blockchain (well, the op codes are executed by a single node, but the result is published and verified by the network, if I understand it right)
But just wanted to make the point that Bitcoin is a global computer as much as ethereum is, Solidity is just Turing complete while (Bitcoin’s) Script is intentionally limited to a few instructions.
Bitcoin is surprisingly easy, I'm currently working on a similar thing, but in Pharo/Smalltalk (I took it up as a project to learn Pharo). It's been pretty nice so far.
Yes, with major caveats - knowing the public key and having 100s of messages signed by corresponding private key. Nowadays people only expose their public key one time per transaction, and never reuse their address. So to steal coins, not only do you have only ~10 mins between blocks to find the private key, currently Shor's algorithm is unfeasible with only 1 signed message.
Sorry if that's a naive question but why do you need several signed messages? If you have a quantum computer and a quantum period finding function don't you get immediately the discrete log? Assuming you have one public key (not hashed) doesn't that give you the private key immediately?
Shor's integer factorization algorithm needs a single number or key to factor, not hundreds of transactions. I've certainly sent money to old addresses, which exist in perpetuity on the blockchain. I can also use web searches to find hundreds of current public keys in a matter of minutes.
> currently Shor's algorithm is unfeasible with only 1 signed message.
The algorithm is currently unfeasible with 100s of messages. Shor's algorithm uses a quantum computer to reduce the complexity of integer factorization from sub-exponential to polynomial-time. It is not an attack that fine-tunes the output according to the amount of network traffic.
I wish this were talked about more. Quantum computing is the biggest long-term threat to crypto imo. What's the plan once elliptic curve cryptography can be broken?
There will be a point in time where there are just a few quantum computers that can break everything before the general public has access to quantum computing. Can crypto work in that scenario? Normal computers wouldn't be able to work with the beastly algorithms a quantum computer could handle.
The first entities that are likely to achieve practical quantum computers will either be governments or big tech companies like Google. And it will be a big deal, so there would likely be several years of warning before it could be at the point where it would make sense to use it to steal someone's bitcoins (I guess the original Satoshi coin address would be the biggest bounty). And in the time period between when the big development is first announced and before it's practical, Bitcoin and other cryptocurrency projects can do a fork to a new digital signature scheme that is quantum proof (such as LegRoast) so that anyone who is concerned can move their coins to a new secure address. So while it would certainly be disruptive, it wouldn't necessarily spell the doom of Bitcoin.
Depends on the incentives. If the only interest in quantum computing is to break classically hard encryption then I think the time between poc and widespread availability could be relatively short.
I am not a Mathematician, but what I understood, it's basically an extension of ECC using multiple elliptic curves, allows to re-use the Diffie–Hellman key exchange protocol (private keys kept secret, public keys exchanged) and memory requirements are small. So it would be a perfect replacement in wallets and validation nodes. But I can not explain why it is safe against an attack using quantum computers.
They're correct. The blockchain just records that the funds were sent to your address. To spend the funds you have to show the public key which hashes to that address, in another transaction signed by the private key.
If the sender wanted to send you a private message, they would need your public key, but that's not what transactions do.
Sending to an address means sending it to a "hash" of a public key (or a more complex script) on all modern formats. Then such script and data is revealed on spend.
While not implemented I think there are "lattice based" forms of cryptography that are believed to QC resistant that blockchains could migrate over to if QCs begin to show signs of increased fault tolerance and size.
There's a lot of research and practical work on quantum-proof cryptography which is already in use in some cryptocurrencies - 'just' need to hardfork and update it when it's ready for Bitcoin
# secret_key = random.randrange(1, bitcoin_gen.n) # this is how you _would_ do it
I know the article is mainly for learning purposes but someone should point out that the `random` module in python is not meant for cryptography. Please use the built-in `secrets` module or `os.urandom` instead.
Taking this opportunity to promote my side project codeamigo and a tutorial I wrote for building your own Bitcoin wallet https://codeamigo.dev/lessons/start/53
In Step 1, he explains how to create a cryptographic identity- the private public key pair.
I came across an argument that a number cannot be property or owned because you can't legally own a number.
If this is true then you can't own UTXOs associated with a private key or a cryptographic identity.
I do think that bitcoin is fundamentally too complicated to understand, mathematically, for most people- myself included. I would argue everyone needs to do this exercise, from scratch, and also understand what they are doing (the math), to have confidence in bitcoin payment network. Anyone who thinks you don't need to get it is most likely in it for speculation alone.
With something so abstract like bitcoin, it has a much larger uphill battle for understanding than a physical commodity like Gold, the precursor of paper dollars.
You don't own the number that is your private key, just as you don't own the number that is your bank account PIN or balance. What you own is space on the blockchain.
And just as you don't need to tour the mint to have confidence in the dollar, or implement Diffie-Hellman to have confidence in your TLS connection to Amazon, you don't need to understand elliptic curve cryptography to have faith in Bitcoin.
A bank account balance is representative value of dollars that bank owes you. If someone tries to steal it by pretending to be you even if they just steal your PIN, they are committing fraud.
If someone steals a private key by committing another crime like stealing a laptop, that is a crime because you own the laptop. If they learn of your private key without committing a crime, that is not theft.
You don't own 'space on the blockchain.' I have no idea what that even means.
You do need to understand elliptic curve cryptography to have confidence (not faith) in bitcoin because you make the transactions in bitcoin. You are responsible, not some third party. People understand the dollar because it is physical and you can get them on demand and they originally got their value from Gold, not some abstraction like proof of spent energy one time awhile back.
The bank PIN is just a number. Your bank account balance is just a number in a database. Your private key is just a number. Your bitcoin balance is just a number in a database (a blockchain is a kind of database). There is no distinction that makes stealing dollars using a bank PIN fraud but stealing bitcoin using a private key not fraud somehow.
Bank deposits are securities. You have a claim on your bank when you make a deposit.
If you think there is no difference between a bank account and a bitcoin private public key pair then bitcoin is a security.
You are making the argument bitcoin is a security. Who is the issuer? I would say the miners are selling securities and you give them money (like a deposit) in exchange for the miners continuing to mine in the future, so when you decide to spend your bitcoin, bitcoin will still be running.
If bitcoin is a security issued by the miners then yes bitcoin becomes more than just a number.
If bank deposits were securities governed by securities law then they would be regulated by the SEC. They are not.
It doesn't matter anyway because Bitcoin is not a bank deposit, nor is it a security. Under the law it is generally treated as property. It's still a crime to steal property.
My point is that the fact that it's all numbers in a computer does not make it somehow legal to steal it. What you own is not the abstract number of your private key, but the concrete database entries in a specific blockchain database.
While not relevant, it's also not even true in a pedantic sense that you "can't legally own a number". All digital files are simply long numbers, and copyright assigns ownership of those numbers to people. Also, the DeCSS case established de facto ownership of a private key, making it illegal to copy, so yes you can actually have a kind of ownership even of just a private key under the law. Again, not relevant or necessary for Bitcoin, but interesting.
You are incorrect. Deposits in banks are securities, I suggest you read this section titled "Every security that is issued must be held by someone until it is retired" here:
https://www.hussmanfunds.com/comment/mc210614/
Copyright doesn't cover the computer reference machine code number, it covers actual intellectual content.
Just like it is not settled whether Ethereum or Bitcoin is a security- thoughts on this can and will change, new regulators get elected... neither is settled whether you can actually say that you own a number.
We're talking about the law, not some guy's blog. If you believe that bank accounts and Bitcoin are securities under the law, then you are incorrect. It doesn't matter whether some guy calls bank accounts securities on his blog. That doesn't change the law.
Saying the law could change is literally always true, it means nothing. Will it change? You could make an argument for Ethereum, and I tend to agree that the community is overconfident about the regulations around Ethereum and other coins. However for Bitcoin specifically the SEC has been very clear and consistent in stating that it is not and has never been a security. Their justifications are sound. So no, it almost certainly won't change for Bitcoin.
Copyright covers the specific number in addition to the general intellectual content of the number. You could say it covers a family of related numbers. That's stronger than just covering a single number.
Bank deposits are financial assets- which gets its value from a contractual right or ownership claim.
When you deposit money in a bank, they lend that money out, they make a return, and in a sane world you would receive interest on that money.
Using this definition of a financial asset, I don't think bitcoin qualifies, it is more of an intangible. It might be a financial asset only if it is held at a custodian.
Congress and the courts decide what a security is, not the SEC. The SEC is the enforcement agency from what I can tell.
Congress defines a security, and the SEC interprets the definition, and the courts subsequently interpret it if the SEC sues. Congress has made a definition that does not apply to Bitcoin, and the SEC has interpreted the definition to not apply to Bitcoin. It hasn't come up in court, and it won't unless the SEC changes their minds first. But their arguments are sound and it's extremely unlikely that their interpretation could change, or that a court would agree with them if they did change.
It's also unlikely that Congress would change the existing definition to apply to Bitcoin. It's much more likely that they would pass specific regulations for Bitcoin and cryptocurrency.
That's a lot of upvotes. Do you folks really spend hours going through the whole blog post? I for one can never go through the whole blog post. My brain would be shouting at me the whole time to work on something that can generate passive recurring revenue instead.
(The subtitle of the blog is "Computer history, restoring vintage computers, IC reverse engineering, and whatever" and it is full of fascinating articles, several of which have been featured here on HN)