Aaron Toponce : Analysis of RIPEMD-160

Generate bitcoin address with numbers in python

I have been trying to get the code to increment (loop) to other numbers like 2,3,4.... But it stops at the default which is 1... import argparse import hashlib from binascii import hexlify, unhexlify from struct import Struct from utils import g, b58encode, b58decode PACKER = Struct('>QQQQ') def count_leading_zeroes(s): count = 0 for c in s: if c == '\0': count += 1 else: break return count def base58_check_encode(prefix, payload, compressed=False):

Add version byte in front of RIPEMD-160 hash (0x00 for Main Network)

s = prefix + payload if compressed: s = prefix + payload + b'\x01'

Add the 4 checksum bytes at the end of extended RIPEMD-160 hash. This is the 25-byte binary Bitcoin Address.

checksum = hashlib.sha256(hashlib.sha256(s).digest()).digest()[0:4] result = s + checksum return '1' * count_leading_zeroes(result) + b58encode(result).decode() def pub_key_to_addr(s): ripemd160 = hashlib.new('ripemd160') hash_sha256 = hashlib.new('SHA256')

Perform SHA-256 hashing on the public key

hash_sha256.update(bytes.fromhex(s))

Perform RIPEMD-160 hashing on the result of SHA-256

ripemd160.update(hash_sha256.digest()) return base58_check_encode(b'\0', ripemd160.digest()) def int_to_address(number): number0 = number >> 192 number1 = (number >> 128) & 0xffffffffffffffff number2 = (number >> 64) & 0xffffffffffffffff number3 = number & 0xffffffffffffffff private_key = hexlify(PACKER.pack(number0, number1, number2, number3)).decode("utf-8") print('Converting from: ' + str(int(private_key, 16))) compressed_key = base58_check_encode(b'\x80', unhexlify(private_key), True) print('Private key: ' + compressed_key)

address

x, y = str(g * int(private_key, 16)).split() len1 = len(x) len2 = len(y) if len1 != 64: z = 64 - len1 x = '0'z + x if len2 != 64: z = 64 - len2 y = '0'z + y compressed_public_key_with_out_prefix = x + y pk_prefix = '02' if not int(compressed_public_key_with_out_prefix[64:], 16) % 2 == 0: pk_prefix = '03' compressed_public_key = pk_prefix + compressed_public_key_with_out_prefix[:64] print('Public key: ' + compressed_public_key) print('Bitcoin address: ' + pub_key_to_addr(compressed_public_key)) def wif_to_key(wif): slicer = 4 if wif[0] in ['K', 'L']: slicer = 5 return hexlify(b58decode(wif)[1:-slicer]).decode('utf-8') def main(): parser = argparse.ArgumentParser(description='Generates private key, public key and wallet address from number') parser.add_argument('number', type=int, nargs='?', default=1, help='A required integer number argument') args = parser.parse_args() int_to_address(args.number)

int_to_address(12345678900987654321)

if name == "main": main()
Please, how do I make it to increment to other numbers.. The full code is on github https://github.com/PaulGregoBitcoin-Keys-Generatoblob/mastegenerators.py
submitted by Far-Onion-4112 to Bitcoin [link] [comments]

Reddcoin (RDD) 02/20 Progress Report - Core Wallet v3.1 Evolution & PoSV v2 - Commits & More Commits to v3.1! (Bitcoin Core 0.10, MacOS Catalina, QT Enhanced Speed and Security and more!)

Reddcoin (RDD) Core Dev Team Informal Progress Report, Feb 2020 - As any blockchain or software expert will confirm, the hardest part of making successful progress in blockchain and crypto is invisible to most users. As developers, the Reddcoin Core team relies on internal experts like John Nash, contributors offering their own code improvements to our repos (which we would love to see more of!) and especially upstream commits from experts working on open source projects like Bitcoin itself. We'd like tothank each and everyone who's hard work has contributed to this progress.
As part of Reddcoin's evolution, and in order to include required security fixes, speed improvements that are long overdue, the team has up to this point incorporated the following code commits since our last v3.0.1 public release. In attempting to solve the relatively minor font display issue with MacOS Catalina, we uncovered a complicated interweaving of updates between Reddcoin Core, QT software, MacOS SDK, Bitcoin Core and related libraries and dependencies that mandated we take a holistic approach to both solve the Catalina display problem, but in doing so, prepare a more streamlined overall build and test system, allowing the team to roll out more frequent and more secure updates in the future. And also to include some badly needed fixes in the current version of Core, which we have tentatively labeled Reddcoin Core Wallet v3.1.
Note: As indicated below, v3.1 is NOT YET AVAILABLE FOR DOWNLOAD BY PUBLIC. We wil advise when it is.
The new v3.1 version should be ready for internal QA and build testing by the end of this week, with luck, and will be turned over to the public shortly thereafter once testing has proven no unexpected issues have been introduced. We know the delay has been a bit extended for our ReddHead MacOS Catalina stakers, and we hope to have them all aboard soon. We have moved with all possible speed while attempting to incorproate all the required work, testing, and ensuring security and safety for our ReddHeads.
Which leads us to: PoSV v2 activation and the supermajority on Mainnet at the time of this writing has reached 5625/9000 blocks or 62.5%. We have progressed quite well and without any reported user issues since release, but we need all of the community to participate! This activation, much like the funding mechanisms currently being debated by BCH and others, and employed by DASH, will mean not only a catalyst for Reddcoin but ensure it's future by providing funding for the dev team. As a personal plea from the team, please help us support the PoSV v2 activation by staking your RDD, no matter how large or small your amount of stake.
Every block and every RDD counts, and if you don't know how, we'll teach you! Live chat is fun as well as providing tech support you can trust from devs and community ReddHead members. Join us today in staking and online and collect some RDD "rain" from users and devs alike!
If you're holding Reddcoin and not staking, or you haven't upgraded your v2.x wallet to v3.0.1 (current release), we need you to help achieve consensus and activate PoSV v2! For details, see the pinned message here or our website or medium channel. Upgrade is simple and takes moments; if you're nervous or unsure, we're here to help live in Telegram or Discord, as well as other chat programs. See our website for links.
Look for more updates shortly as our long-anticipated Reddcoin Payment Gateway and Merchant Services API come online with point-of-sale support, as we announce the cross-crypto-project Aussie firefighter fundraiser program, as well as a comprehensive update to our development roadmap and more.
Work has restarted on ReddID and multiple initiatives are underway to begin educating and sharing information about ReddID, what it is, and how to use it, as we approach a releasable ReddID product. We enthusiastically encourage anyone interested in working to bring these efforts to life, whether writers, UX/UI experts, big data analysts, graphic artists, coders, front-end, back-end, AI, DevOps, the Reddcoin Core dev team is growing, and there's more opportunity and work than ever!
Bring your talents to a community and dev team that truly appreciates it, and share the Reddcoin Love!
And now, lots of commits. As v3.1 is not yet quite ready for public release, these commits have not been pushed publicly, but in the interests of sharing progress transparently, and including our ReddHead community in the process, see below for mind-numbing technical detail of work accomplished.
e5c143404 - - 2014-08-07 - Ross Nicoll - Changed LevelDB cursors to use scoped pointers to ensure destruction when going out of scope. *99a7dba2e - - 2014-08-15 - Cory Fields - tests: fix test-runner for osx. Closes ##4708 *8c667f1be - - 2014-08-15 - Cory Fields - build: add funcs.mk to the list of meta-depends *bcc1b2b2f - - 2014-08-15 - Cory Fields - depends: fix shasum on osx < 10.9 *54dac77d1 - - 2014-08-18 - Cory Fields - build: add option for reducing exports (v2) *6fb9611c0 - - 2014-08-16 - randy-waterhouse - build : fix CPPFLAGS for libbitcoin_cli *9958cc923 - - 2014-08-16 - randy-waterhouse - build: Add --with-utils (bitcoin-cli and bitcoin-tx, default=yes). Help string consistency tweaks. Target sanity check fix. *342aa98ea - - 2014-08-07 - Cory Fields - build: fix automake warnings about the use of INCLUDES *46db8ad51 - - 2020-02-18 - John Nash - build: add build.h to the correct target *a24de1e4c - - 2014-11-26 - Pavel Janík - Use complete path to include bitcoin-config.h. *fd8f506e5 - - 2014-08-04 - Wladimir J. van der Laan - qt: Demote ReportInvalidCertificate message to qDebug *f12aaf3b1 - - 2020-02-17 - John Nash - build: QT5 compiled with fPIC require fPIC to be enabled, fPIE is not enough *7a991b37e - - 2014-08-12 - Wladimir J. van der Laan - build: check for sys/prctl.h in the proper way *2cfa63a48 - - 2014-08-11 - Wladimir J. van der Laan - build: Add mention of --disable-wallet to bdb48 error messages *9aa580f04 - - 2014-07-23 - Cory Fields - depends: add shared dependency builder *8853d4645 - - 2014-08-08 - Philip Kaufmann - [Qt] move SubstituteFonts() above ToolTipToRichTextFilter *0c98e21db - - 2014-08-02 - Ross Nicoll - URLs containing a / after the address no longer cause parsing errors. *7baa77731 - - 2014-08-07 - ntrgn - Fixes ignored qt 4.8 codecs path on windows when configuring with --with-qt-libdir *2a3df4617 - - 2014-08-06 - Cory Fields - qt: fix unicode character display on osx when building with 10.7 sdk *71a36303d - - 2014-08-04 - Cory Fields - build: fix race in 'make deploy' for windows *077295498 - - 2014-08-04 - Cory Fields - build: Fix 'make deploy' when binaries haven't been built yet *ffdcc4d7d - - 2014-08-04 - Cory Fields - build: hook up qt translations for static osx packaging *25a7e9c90 - - 2014-08-04 - Cory Fields - build: add --with-qt-translationdir to configure for use with static qt *11cfcef37 - - 2014-08-04 - Cory Fields - build: teach macdeploy the -translations-dir argument, for use with static qt *4c4ae35b1 - - 2014-07-23 - Cory Fields - build: Find the proper xcb/pcre dependencies *942e77dd2 - - 2014-08-06 - Cory Fields - build: silence mingw fpic warning spew *e73e2b834 - - 2014-06-27 - Huang Le - Use async name resolving to improve net thread responsiveness *c88e76e8e - - 2014-07-23 - Cory Fields - build: don't let libtool insert rpath into binaries *18e14e11c - - 2014-08-05 - ntrgn - build: Fix windows configure when using --with-qt-libdir *bb92d65c4 - - 2014-07-31 - Cory Fields - test: don't let the port number exceed the legal range *62b95290a - - 2014-06-18 - Cory Fields - test: redirect comparison tool output to stdout *cefe447e9 - - 2014-07-22 - Cory Fields - gitian: remove unneeded option after last commit *9347402ca - - 2014-07-21 - Cory Fields - build: fix broken boost chrono check on some platforms *c9ed039cf - - 2014-06-03 - Cory Fields - build: fix whitespace in pkg-config variable *3bcc5ad37 - - 2014-06-03 - Cory Fields - build: allow linux and osx to build against static qt5 *01a44ba90 - - 2014-07-17 - Cory Fields - build: silence false errors during make clean *d1fbf7ba2 - - 2014-07-08 - Cory Fields - build: fix win32 static linking after libtool merge *005ae2fa4 - - 2014-07-08 - Cory Fields - build: re-add AM_LDFLAGS where it's overridden *37043076d - - 2014-07-02 - Wladimir J. van der Laan - Fix the Qt5 build after d95ba75 *f3b4bbf40 - - 2014-07-01 - Wladimir J. van der Laan - qt: Change serious messages from qDebug to qWarning *f4706f753 - - 2014-07-01 - Wladimir J. van der Laan - qt: Log messages with type>QtDebugMsg as non-debug *98e85fa1f - - 2014-06-06 - Pieter Wuille - libsecp256k1 integration *5f1f2e226 - - 2020-02-17 - John Nash - Merge branch 'switch_verification_code' into Build *1f30416c9 - - 2014-02-07 - Pieter Wuille - Also switch the (unused) verification code to low-s instead of even-s. *1c093d55e - - 2014-06-06 - Cory Fields - secp256k1: Add build-side changes for libsecp256k1 *7f3114484 - - 2014-06-06 - Cory Fields - secp256k1: add libtool as a dependency *2531f9299 - - 2020-02-17 - John Nash - Move network-time related functions to timedata.cpp/h *d003e4c57 - - 2020-02-16 - John Nash - build: fix build weirdness after 54372482. *7035f5034 - - 2020-02-16 - John Nash - Add ::OUTPUT_SIZE *2a864c4d8 - - 2014-06-09 - Cory Fields - crypto: create a separate lib for crypto functions *03a4e4c70 - - 2014-06-09 - Cory Fields - crypto: explicitly check for byte read/write functions *a78462a2a - - 2014-06-09 - Cory Fields - build: move bitcoin-config.h to its own directory *a885721c4 - - 2014-05-31 - Pieter Wuille - Extend and move all crypto tests to crypto_tests.cpp *5f308f528 - - 2014-05-03 - Pieter Wuille - Move {Read,Write}{LE,BE}{32,64} to common.h and use builtins if possible *0161cc426 - - 2014-05-01 - Pieter Wuille - Add built-in RIPEMD-160 implementation *deefc27c0 - - 2014-04-28 - Pieter Wuille - Move crypto implementations to src/crypto/ *d6a12182b - - 2014-04-28 - Pieter Wuille - Add built-in SHA-1 implementation. *c3c4f9f2e - - 2014-04-27 - Pieter Wuille - Switch miner.cpp to use sha2 instead of OpenSSL. *b6ed6def9 - - 2014-04-28 - Pieter Wuille - Remove getwork() RPC call *0a09c1c60 - - 2014-04-26 - Pieter Wuille - Switch script.cpp and hash.cpp to use sha2.cpp instead of OpenSSL. *8ed091692 - - 2014-04-20 - Pieter Wuille - Add a built-in SHA256/SHA512 implementation. *0c4c99b3f - - 2014-06-21 - Philip Kaufmann - small cleanup in src/compat .h and .cpp *ab1369745 - - 2014-06-13 - Cory Fields - sanity: hook up sanity checks *f598c67e0 - - 2014-06-13 - Cory Fields - sanity: add libc/stdlib sanity checks *b241b3e13 - - 2014-06-13 - Cory Fields - sanity: autoconf check for sys/select.h *cad980a4f - - 2019-07-03 - John Nash - build: Add a top-level forwarding target for src/ objects *f4533ee1c - - 2019-07-03 - John Nash - build: qt: split locale resources. Fixes non-deterministic distcheck *4a0e46e76 - - 2019-06-29 - John Nash - build: fix version dependency *2f61699d9 - - 2019-06-29 - John Nash - build: quit abusing AMCPPFLAGS *99b60ba49 - - 2019-06-29 - John Nash - build: avoid the use of top and abs_ dir paths *c8f673d5d - - 2019-06-29 - John Nash - build: Tidy up file generation output *5318bce57 - - 2019-06-29 - John Nash - build: nuke Makefile.include from orbit *672a25349 - - 2019-06-29 - John Nash - build: add stub makefiles for easier subdir builds *562b7c5a6 - - 2020-02-08 - John Nash - build: delete old Makefile.am's *066120079 - - 2020-02-08 - John Nash - build: Switch to non-recursive make
Whew! No wonder it's taken the dev team a while! :)
TL;DR: Trying to fix MacOS Catalina font display led to requiring all kinds of work to migrate and evolve the Reddcoin Core software with Apple, Bitcoin and QT components. Lots of work done, v3.1 public release soon. Also other exciting things and ReddID back under active dev effort.
submitted by TechAdept to reddCoin [link] [comments]

Is Crypto Currency truly at risk due to Quantum Computers, and what can you do about it?

Is Crypto Currency truly at risk due to Quantum Computers, and what can you do about it?

There is no denying that the Quantum revolution is coming. Security protocols for the internet, banking, telecommunications, etc... are all at risk, and your Bitcoins (and alt-cryptos) are next!
This article is not really about quantum computers[i], but, rather, how they will affect the future of cryptocurrency, and what steps a smart investor will take. Since this is a complicated subject, my intention is to provide just enough relevant information without being too “techy.”

The Quantum Evolution

In 1982, Nobel winning physicist, Richard Feynman, hypothesized how quantum computers[ii] would be used in modern life.
Just one year later, Apple released the “Apple Lisa”[iii] – a home computer with a 7.89MHz processor and a whopping 5MB hard drive, and, if you enjoy nostalgia, it used 5.25in floppy disks.
Today, we walk around with portable devices that are thousands of times more powerful, and, yet, our modern day computers still work in a simple manner, with simple math, and simple operators[iv]. They now just do it so fast and efficient that we forget what’s happening behind the scenes.
No doubt, the human race is accelerating at a remarkable speed, and we’ve become obsessed with quantifying everything - from the everyday details of life to the entire universe[v]. Not only do we know how to precisely measure elementary particles, we also know how to control their actions!
Yet, even with all this advancement, modern computers cannot “crack” cryptocurrencies without the use of a great deal more computing power, and since it’s more than the planet can currently supply, it could take millions, if not billions, of years.
However, what current computers can’t do, quantum computers can!
So, how can something that was conceptualized in the 1980’s, and, as of yet, has no practical application, compromise cryptocurrencies and take over Bitcoin?
To best answer this question, let’s begin by looking at a bitcoin address.

What exactly is a Bitcoin address?

Well, in layman terms, a Bitcoin address is used to send and receive Bitcoins, and looking a bit closer (excuse the pun), it has two parts:[vi]
A public key that is openly shared with the world to accept payments. A public key that is derived from the private key. The private key is made up of 256 bits of information in a (hopefully) random order. This 256 bit code is 64 characters long (in the range of 0-9/a-f) and further compressed into a 52 character code (using RIPEMD-160).
NOTE: Although many people talk about Bitcoin encryption, Bitcoin does not use Encryption. Instead, Bitcoin uses a hashing algorithm (for more info, please see endnote below[vii]).
Now, back to understanding the private key:
The Bitcoin address “1EHNa6Q4Jz2uvNExL497mE43ikXhwF6kZm” translates to a private key of “5HpHagT65TZzG1PH3CSu63k8DbpvD8s5ip4nEB3kEsreAnchuDf” which further translates to a 256 bit private key of “0000000000000000000000000000000000000000000000000000000000000001” (this should go without saying, but do not use this address/private key because it was compromised long ago.) Although there are a few more calculations that go behind the scenes, these are the most relevant details.
Now, to access a Bitcoin address, you first need the private key, and from this private key, the public key is derived. With current computers, it’s classically impractical to attempt to find a private key based on a public key. Simply put, you need the private key to know the public key.
However, it has already been theorized (and technically proven) that due to private key compression, multiple private keys can be used to access the same public key (aka address). This means that your Bitcoin address has multiple private keys associated with it, and, if someone accidentally discovers or “cracks” any one of those private keys, they have access to all the funds in that specific address.
There is even a pool of a few dedicated people hunting for these potential overlaps[viii], and they are, in fact, getting very efficient at it. The creator of the pool also has a website listing every possible Bitcoin private key/address in existence[ix], and, as of this writing, the pool averages 204 trillion keys per day!
But wait! Before you get scared and start panic selling, the probability of finding a Bitcoin address containing funds (or even being used) is highly unlikely – nevertheless, still possible!
However, the more Bitcoin users, the more likely a “collision” (finding overlapping private/public key pairs)! You see, the security of a Bitcoin address is simply based on large numbers! How large? Well, according to my math, 1.157920892373x1077 potential private keys exist (that number represents over 9,500 digits in length! For some perspective, this entire article contains just over 14,000 characters. Therefore, the total number of Bitcoin addresses is so great that the probability of finding an active address with funds is infinitesimal.

So, how do Quantum Computers present a threat?

At this point, you might be thinking, “How can a quantum computer defeat this overwhelming number of possibilities?” Well, to put it simple; Superposition and Entanglement[x].
Superposition allows a quantum bit (qbit) to be in multiple states at the same time. Entanglement allows an observer to know the measurement of a particle in any location in the universe. If you have ever heard Einstein’s quote, “Spooky Action at a Distance,” he was talking about Entanglement!
To give you an idea of how this works, imagine how efficient you would be if you could make your coffee, drive your car, and walk your dog all at the same time, while also knowing the temperature of your coffee before drinking, the current maintenance requirements for your car, and even what your dog is thinking! In a nutshell, quantum computers have the ability to process and analyze countless bits of information simultaneously – and so fast, and in such a different way, that no human mind can comprehend!
At this stage, it is estimated that the Bitcoin address hash algorithm will be defeated by quantum computers before 2028 (and quite possibly much sooner)! The NSA has even stated that the SHA256 hash algorithm (the same hash algorithm that Bitcoin uses) is no longer considered secure, and, as a result, the NSA has now moved to new hashing techniques, and that was in 2016! Prior to that, in 2014, the NSA also invested a large amount of money in a research program called “Penetrating Hard Targets project”[xi] which was used for further Quantum Computer study and how to break “strong encryption and hashing algorithms.” Does NSA know something they’re not saying or are they just preemptively preparing?
Nonetheless, before long, we will be in a post-quantum cryptography world where quantum computers can crack crypto addresses and take all the funds in any wallet.

What are Bitcoin core developers doing about this threat?

Well, as of now, absolutely nothing. Quantum computers are not considered a threat by Bitcoin developers nor by most of the crypto-community. I’m sure when the time comes, Bitcoin core developers will implement a new cryptographic algorithm that all future addresses/transactions will utilize. However, will this happen before post-quantum cryptography[xii]?
Moreover, even after new cryptographic implementation, what about all the old addresses? Well, if your address has been actively used on the network (sending funds), it will be in imminent danger of a quantum attack. Therefore, everyone who is holding funds in an old address will need to send their funds to a new address (using a quantum safe crypto-format). If you think network congestion is a problem now, just wait…
Additionally, there is the potential that the transition to a new hashing algorithm will require a hard fork (a soft fork may also suffice), and this could result in a serious problem because there should not be multiple copies of the same blockchain/ledger. If one fork gets attacked, the address on the other fork is also compromised. As a side-note, the blockchain Nebulas[xiii] will have the ability to modify the base blockchain software without any forks. This includes adding new and more secure hashing algorithms over time! Nebulas is due to be released in 2018.

Who would want to attack Bitcoin?

Bitcoin and cryptocurrency represent a threat to the controlling financial system of our modern economy. Entire countries have outright banned cryptocurrency[xiv] and even arrested people[xv], and while discrediting it, some countries are copying cryptocurrency to use (and control) in their economy[xvi]!
Furthermore, Visa[xvii], Mastercard[xviii], Discover[xix], and most banks act like they want nothing to do with cryptocurrency, all the while seeing the potential of blockchain technology and developing their own[xx]. Just like any disruptive technology, Bitcoin and cryptocurrencies have their fair share of enemies!
As of now, quantum computers are being developed by some of the largest companies in the world, as well as private government agencies.
No doubt, we will see a post-quantum cryptography world sooner than most realize. By that point, who knows how long “3 letter agencies” will have been using quantum technology - and what they’ll be capable of!

What can we do to protect ourselves today?

Of course, the best option is to start looking at how Bitcoin can implement new cryptographic features immediately, but it will take time, and we have seen how slow the process can be just for scaling[xxi].
The other thing we can do is use a Bitcoin address only once for outgoing transactions. When quantum computers attack Bitcoin (and other crypto currencies), their first target will be addresses that have outgoing transactions on the blockchain that contain funds.
This is due to the fact that when computers first attempt to crack a Bitcoin address, the starting point is when a transaction becomes public. In other words, when the transaction is first signed – a signed transaction is a digital signature derived from the private key, and it validates the transaction on the network. Compared to classical computers, quantum computers can exponentially extrapolate this information.
Initially, Bitcoin Core Software might provide some level of protection because it only uses an address once, and then sends the remaining balance (if any) to another address in your keypool. However, third party Bitcoin wallets can and do use an address multiple times for outgoing transactions. For instance, this could be a big problem for users that accept donations (if they don’t update their donation address every time they remove funds). The biggest downside to Bitcoin Core Software is the amount of hard-drive space required, as well as diligently retaining an up-to-date copy of the entire blockchain ledger.
Nonetheless, as quantum computers evolve, they will inevitably render SHA256 vulnerable, and although this will be one of the first hash algorithms cracked by quantum computers, it won’t be the last!

Are any cryptocurrencies planning for the post-quantum cryptography world?

Yes, indeed, there are! Here is a short list of ones you may want to know more about:

Full disclosure:

Although I am in no way associated with any project listed above, I do hold coins in all as well as Bitcoin, Litecoin and many others.
The thoughts above are based on my personal research, but I make no claims to being a quantum scientist or cryptographer. So, don’t take my word for anything. Instead, do your own research and draw your own conclusions. I’ve included many references below, but there are many more to explore.
In conclusion, the intention of this article is not to create fear or panic, nor any other negative effects. It is simply to educate. If you see an error in any of my statements, please, politely, let me know, and I will do my best to update the error.
Thanks for reading!

References

[i] https://www.youtube.com/watch?v=JhHMJCUmq28 – A great video explaining quantum computers.
[ii] https://www.doc.ic.ac.uk/~nd/surprise_97/journal/vol4/spb3/ - A brief history of quantum computing.
[iii] https://en.wikipedia.org/wiki/Apple_Lisa - More than you would ever want to know about the Apple Lisa.
[iv] https://www.youtube.com/watch?v=tpIctyqH29Q&list=PL8dPuuaLjXtNlUrzyH5r6jN9ulIgZBpdo - Want to learn more about computer science? Here is a great crash course for it!
[v] https://www.collinsdictionary.com/dictionary/english/quantify - What does quantify mean?
[vi] https://en.bitcoin.it/wiki/Private_key - More info about Bitcoin private keys.
[vii] https://www.securityinnovationeurope.com/blog/page/whats-the-difference-between-hashing-and-encrypting - A good example of the deference between Hash and Encryption
[viii] https://lbc.cryptoguru.org/stats - The Large Bitcoin Collider.
[ix] http://directory.io/ - A list of every possible Bitcoin private key. This website is a clever way of converting the 64 character uncompressed key to the private key 128 at a time. Since it is impossible to save all this data in a database and search, it is not considered a threat! It’s equated with looking for a single needle on the entire planet.
[x] https://uwaterloo.ca/institute-for-quantum-computing/quantum-computing-101#Superposition-and-entanglement – Brief overview of Superposition and Entanglement.
[xi] https://www.washingtonpost.com/world/national-security/nsa-seeks-to-build-quantum-computer-that-could-crack-most-types-of-encryption/2014/01/02/8fff297e-7195-11e3-8def-a33011492df2_story.html?utm_term=.e05a9dfb6333 – A review of the Penetrating Hard Targets project.
[xii] https://en.wikipedia.org/wiki/Post-quantum_cryptography - Explains post-quantum cryptography.
[xiii] https://www.nebulas.io/ - The nebulas project has some amazing technology planned in their roadmap. They are currently in testnet stage with initial launch expected taking place in a few weeks. If you don’t know about Nebulas, you should check them out. [xiv] https://en.wikipedia.org/wiki/Legality_of_bitcoin_by_country_or_territory - Country’s stance on crypto currencies.
[xv] https://www.cnbc.com/2017/08/30/venezuela-is-one-of-the-worlds-most-dangerous-places-to-mine-bitcoin.html - Don’t be a miner in Venezuela!
[xvi] http://www.newsweek.com/russia-bitcoin-avoid-us-sanctions-cryptocurrency-768742 - Russia’s plan for their own crypto currency.
[xvii] http://www.telegraph.co.uk/technology/2018/01/05/visa-locks-bitcoin-payment-cards-crackdown-card-issue - Recent attack from visa against crypto currency.
[xviii] https://www.ccn.com/non-government-digital-currency-junk-says-mastercard-ceo-rejecting-bitcoin/ - Mastercards position about Bitcoin.
[xix] http://www.livebitcoinnews.com/discover-joins-visa-mastercard-barring-bitcoin-support/ - Discovers position about Bitcoin.
[xx] http://fortune.com/2017/10/20/mastercard-blockchain-bitcoin/ - Mastercard is making their own blockchain.
[xxi] https://bitcoincore.org/en/2015/12/21/capacity-increase/ - News about Bitcoin capacity. Not a lot of news…
[xxii] https://learn.iota.org/faq/what-makes-iota-quantum-secure - IOTA and quantum encryption.
[xxiii] https://eprint.iacr.org/2011/191.pdf - The whitepaper of Winternitz One-Time Signature Scheme
[xxiv] https://cardanoroadmap.com/ - The Cardano project roadmap.
[xxv] https://eprint.iacr.org/2017/490 - More about the BLISS hash system.
[xxvi] https://www.ethereum.org/ - Home of the Ethereum project.
[xxvii] https://en.wikipedia.org/wiki/SHA-3#Security_against_quantum_attacks – SHA3 hash algorithm vs quantum computers.
[xxviii] https://en.wikipedia.org/wiki/Lamport_signature - Lamport signature information.
[xxix] https://theqrl.org/ - Home of the Quantum Resistant Ledger project.
submitted by satoshibytes to CryptoCurrency [link] [comments]

Proof of Failure - "I'll get you next time Salty Roger" :-)

"actus non facit reum nisi mens sit rea"
Just under 7 days ago I posted the following SHA256 hash to both the BSV blockchain and BAB blockchain.
I actually posted at 2019-06-16 20:00:00 but it took some minutes (as you'll see I predicted) to appear in the next block of the aforementioned blockchains, thus remaining a permanent immutable record.
memo.sv post Block Time: 2019-06-16 20:38:22 Block Number: 587160
memo.cash post Block Time: 2019-06-16 20:29:44 Block Number: 587318
This is verifiable proof that I held the plaintext to make this hash on that date. The hash as you can see is which is a SHA256:-
52f42a5a4c073a2a14ed76e5a1d356c4586e6f2dea2a91d9a3dcf5f57799442e
Just after posting to the blockchain this hash, I sent private messages to 3 members of this subreddit with the following text, and thus this is the reason why I am now forced to reveal the hash, as I expect them to take my words seriously.
It doesn't matter in the grand scheme of things (as all I did is cryptographically proven) that I did this, however I wanted to so I would be forced to reveal the plaintext within 7 days. I won't name them, but if they want to confirm that they did indeed receive this message then I'll leave that up to them.
Hi guys. Look I am doing something kinda funny here, but for now needs to be secret. Here is a SHA256 hash, write it down!
"52f42a5a4c073a2a14ed76e5a1d356c4586e6f2dea2a91d9a3dcf5f57799442e"
If I don't reveal what plaintext is the source of this hash within the next 7 days then it means I am a fraud, and I am not to be trusted and I request I am permabanned from the subreddit, and all communications with me should cease.
This hash has been published on both the BSV & BAB blockchains as a memo message, as proof it wasn't created after the time it appears in the blockchains, and proof of immutability of content.
You can see it here (BSV):- https://memo.sv/profile/1gr5whAEV4ffA6df71JTdQ7gSNQWTkgnm Or here (BAB):- https://memo.cash/profile/1gr5whAEV4ffA6df71JTdQ7gSNQWTkgnm
And timestamp will be a few seconds or minutes after timestamp below, as and when message gets confirmed in next block on each respective chain. PoW!
If I happen to be banned from reddit in the meantime don't worry as hash reveal will take place on these memo channels within 7 days.
If this works you're all gonna LOL real hard cause it will cause one big massive social media shitstorm! And we all know the only way to destroy a PoSM shitcoin like BAB is with social media!
Cheers fellas! jim-btc 2019-06-16T20:00:00Z End of message.
I actually sent it to them as an image
This is all those 3 members have seen, and all 3 have confirmed, one with "I'll be watching" another with a "LOL" type response and another with a rather concerned "what's this?" type response. I gave them no further information - so now all reading this post know exactly the same about this all as they do - which is basically nothing, other than this hash 52f42a5a4c073a2a14ed76e5a1d356c4586e6f2dea2a91d9a3dcf5f57799442e must be something interesting.
So what was the plaintext behind this hash? What does it have to do with Salty Roger?
Well I'm gonna take some inspiration from Dr. Craig S. Wright here to add some tension... I still have a few hours to reveal the plain-text, which is in fact a computer program. We shall all see.
UPDATE
OK here it is: https://gofile.io/?c=FsGtJD
Go check that SHA256 hash.
Here's the code:
#!/usbin/env python # bab-destroy.py # Should work in Python2.7 & Python 3.x # Author: jim-btc # If you change any character in this code (including newlines so careful # Windows users - it will fail to reproduce the excercise! # This is BAB Destroy. Some code designed to make Salty Roger Ver, head of # Bitcoin Cash (BAB) look very stupid and get owned by cryptohashes once again. # # The BABies (that's users of said coin) seem to spout the mantra "Code is Law" # so I thought what better way to own them all than by using some code to do # it! # Purpose of this program is to generate a fake (unspendable) Bitcoin address # and to hash various messages. Hash for this program (hence the entire process # in the pwnage of Salty Roger will be published on both the Bitcoin Cash (BAB) # and Bitcoin (BSV) blockchains as "proof-of-LOL" so what I am doing here can # easily be verified as non-illegal and non-fraudulent *after the event* by # simply running this code and verifying all messages/hashes produced - to # replay the sequence of events as it were. # # A non-spendable address is used to demonstrate even if Roger was dumb enough # to send BTC that it is the equivalent of burning money - i.e. nobody can # benefit. Also for any legal eagles reading allow me introduce some Latin: # "actus non facit reum nisi mens sit rea". Interesting case study to be made # perhaps regarding blockchains as immutable evidence. # The idea is the following happens:- # # 1) Hash of this program code is published on BAB & BSV blockchains to proove # timestamp that this effort was started, using memo.cash / memo.sv # # 2) A few community memebers from Bitcoin (BSV) subreddit are sent a hashed # message stating that there is a hash on BAB/BSV blockchain and if I don't # reveal how to make it within 7 days then I am a fraud, a scammer and should # be removed from the community - this is to ensure nobody can claim the # argument "jim-btc was just testing to see if Roger would pay" and to # ensure revealing of this code regardless of the outcome. # # 3) Roger recieves a message from me basically stating "Pay me 1BTC and I will # stop attacking your coin and community and work for you attacking BSV". # # 4) Roger publishes this message on /btc (or /npc as it's better called) # and tries to state that jim-btc is a scammer, and possibly that this is # a scam/community atack by the entire community of BSV. The idea is that # Roger basically publisizes this for maximum effect so when the truth is # revealed his own publicity owns him. An alternative (but very unlikely) is # that Roger sends 1BTC to the address - where I then publish this entire # message chain to prove (once again) that Roger is an idiot and has no # problem employing sockpuppets for nefarious purposes and has just burned 1BTC # for his very silly efforts! Remember if he sends any funds there - I cannot # spend it as you see that the public address has no corresponding private key. # (it's a fake address). # # 5) Bonus LOLpoints will be rewarded if this news makes it to Roger's Twitter # account and/or his news.bitcoin.com website as some sort of proof that # "criminal blackmailers are attempting to destroy BAB" or the now famous # classic quote they use "It's an attack" as they keep needing to invent a # common external enemy like Orwell's 1984 as some way for cohesion in their # destroyed and rotten "community". It is expected that as Salty Roger loves to # play victim he shall play victim to maximum effect. Let's hope so! # # 6) Program code is revealed. Orignal hash on BAB/BSV blockchains is shown as # matching the hash of the program code. Roger looks dumb, all BABies are # awakened as to just how easy it is to attack a PoSM (Proof of Social Media) # shitcoin such as Bitcoin Cash (BAB). The crypto world laughs, lawyers debate # the legality of this all - everyone is confused but most agree Roger has once # again proved he knows nothing about crypto and is easily spoofed. # # People read this program code and these comments and find out just how bad # things are with BABcoin. They sell the idea of "decentralized development" # when in reality Amaury Sachet (ABC node developer) bans Andrew Stone, LEAD # developer of Bitcoin Unlimited from any meetings. It also encourages BABies # to look at the ideas floating around in the dev community - such as spending # funding money on developer get-togethers when clearly the fundraising they # are doing is supposed to be paying for developers to develop. People are # encouraged to look into the transparency of all fundraising and realise that # this is not a sustainable model for a anti-business coin such as BAB. # # Once again I'd ask people to seriously debate the difference and the # narrative:- # # "Satosh added checkpoints to Bitcoins source code - checkpoints are OK" # -- the BAB narrative # # The reality:- # These checkpoints were added days/weeks/months after the blocks were mined # for pretty obvious reasons. # Amaury Sachet (shitlord dictator of ABC) added them within ~10 minutes of # blocks being mined and colluded with exchanges to use this special software # within minutes. That is not fair competition, this is not PoW. That is a PoSM # shitcoin and shall be destroyed - only way to do it is with social media! # # This program is dedicated to unwriter and Craig S. Wright (Satoshi Nakamoto). # # Read unwriters phenomenal message to all devs:- # # https://medium.com/@_unwritethe-resolution-of-the-bitcoin # -cash-experiment-52b86d8cd187 # # OK - let's get started... # # These are the only 3 functions we need to import. from binascii import hexlify from hashlib import sha256 from os import path BASE_58_ALPHABET = '123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz' # First let's make a public key based on some text, unless we manage to break # cryptography we will have no way of knowing the private key for this message # thus any coins sent here are effectivley burned (unspendable). # This message will give us fake address 1MCpARZExPsW5EmBMEYj2NoyUxaoWyZt8N BITCOIN_PUBKEY_MESSAGE = b'Roger Ver is an idiot, jim-btc owns him!' MESSAGE_TO_ROGER = '''Hey Roger. You see I am attacking BCH continuously. If you want me to stop (and switch teams and work for you guys attacking BSV) then I will accept the job. I can be paid a salary of 1 BTC to this address to get started:- {} Don\'t try and share this message and slander me cause I will just deny it. I am a lot cleverer than you guys - admit it! Not interested in further communications, except confirmation, and I shall not respond. Payment to the aforementioned address is the acceptance of hiring me - not negotiable. End of message.''' MEMO_SV = 'https://memo.sv/profile/1gr5whAEV4ffA6df71JTdQ7gSNQWTkgnm' MEMO_BAB = 'https://memo.cash/profile/1gr5whAEV4ffA6df71JTdQ7gSNQWTkgnm' MESSAGE_TO_FOLKS = '''Hi guys. Look I am doing something kinda funny here, but for now needs to be secret. Here is a SHA256 hash, write it down! "{}" If I don't reveal what plaintext is the source of this hash within the next 7 days then it means I am a fraud, and I am not to be trusted and I request I am permabanned from the subreddit, and all communications with me should cease. This hash has been published on both the BSV & BAB blockchains as a memo message, as proof it wasn't created after the time it appears in the blockchains, and proof of immutability of content. You can see it here (BSV):- {} Or here (BAB):- {} And timestamp will be a few seconds or minutes after timestamp below, as and when message gets confirmed in next block on each respective chain. PoW! If I happen to be banned from reddit in the meantime don\'t worry as hash reveal will take place on these memo channels within 7 days. If this works you\'re all gonna LOL real hard cause it will cause one big massive social media shitstorm! And we all know the only way to destroy a PoSM shitcoin like BAB is with social media! Cheers fellas! jim-btc 2019-06-16T20:00:00Z End of message.''' SEPERATOR = '*' * 80 WARNING_ADDR = '''WARNING: Hey if you are running this code to prove the hashes, DO NOT SEND ANY BSV/BTC/BAB to the address! I cannot spend it as I don\'t have the private key and it\'s impossible to find it - you will just be burning your crypto!''' def make_bitcoin_address(pubkey_hash): with_network_byte = b'\x00' + pubkey_hash full_checksum = sha256(sha256(with_network_byte).digest()).hexdigest() checksum = full_checksum[:4 * 2] address_hex = hexlify(with_network_byte).decode() + checksum b58_string = '' # Get the number of leading zeros leading_zeros = len(address_hex) - len(address_hex.lstrip('0')) # Convert hex to decimal address_int = int(address_hex, 16) # Append digits to the start of string while address_int > 0: digit = address_int % 58 digit_char = BASE_58_ALPHABET[digit] b58_string = digit_char + b58_string address_int //= 58 # Add '1' for each 2 leading zeros ones = leading_zeros // 2 for one in range(ones): b58_string = '1' + b58_string return b58_string def main(): # We'll use first 160 bits of sha256 of message - doesn't really matter! # as long as we have 160 bits like RIPEMD-160 pubkey_hash = sha256(BITCOIN_PUBKEY_MESSAGE).digest()[:160 // 8] # If you wanna test the function then follow this blog post # https://www.freecodecamp.org/news/how-to-create-a-bitcoin-wallet-address # -from-a-private-key-eca3ddd9c05f/ # and hardcode it as:- # pubkey_hash = b'E23`\n\x968K\xb8\[email protected]\t\x84\x11z\xc8M~\x8b' # and you will get result '17JsmEygbbEUEpvt4PFtYaTeSqfb9ki1F1' as per blog fake_bitcoin_address = make_bitcoin_address(pubkey_hash) source_code = path.abspath(path.realpath(__file__)) hash_of_this_source_code = sha256() # We'll hash this source code. Hashing this is proof of the entire # operation! and allows anybody to see what was done, when, and why. with open(source_code, 'rb') as _: hash_of_this_source_code.update(_.read()) source_hash = hash_of_this_source_code.hexdigest() # We now input the hashes etc... into the messages, print them on screen # for easy copy pasta! message_to_folks_with_hash = MESSAGE_TO_FOLKS.format(source_hash, MEMO_SV, MEMO_BAB) message_to_roger = MESSAGE_TO_ROGER.format(fake_bitcoin_address) print(SEPERATOR) print(message_to_folks_with_hash) print(SEPERATOR) print(message_to_roger) print(SEPERATOR) print(WARNING_ADDR) if __name__ == "__main__": main() 
This is what output looks like if you run it (you'll see it hashes itself but you can do sha256sum on the program file if you want)
******************************************************************************** Hi guys. Look I am doing something kinda funny here, but for now needs to be secret. Here is a SHA256 hash, write it down! "52f42a5a4c073a2a14ed76e5a1d356c4586e6f2dea2a91d9a3dcf5f57799442e" If I don't reveal what plaintext is the source of this hash within the next 7 days then it means I am a fraud, and I am not to be trusted and I request I am permabanned from the subreddit, and all communications with me should cease. This hash has been published on both the BSV & BAB blockchains as a memo message, as proof it wasn't created after the time it appears in the blockchains, and proof of immutability of content. You can see it here (BSV):- https://memo.sv/profile/1gr5whAEV4ffA6df71JTdQ7gSNQWTkgnm Or here (BAB):- https://memo.cash/profile/1gr5whAEV4ffA6df71JTdQ7gSNQWTkgnm And timestamp will be a few seconds or minutes after timestamp below, as and when message gets confirmed in next block on each respective chain. PoW! If I happen to be banned from reddit in the meantime don't worry as hash reveal will take place on these memo channels within 7 days. If this works you're all gonna LOL real hard cause it will cause one big massive social media shitstorm! And we all know the only way to destroy a PoSM shitcoin like BAB is with social media! Cheers fellas! jim-btc 2019-06-16T20:00:00Z End of message. ******************************************************************************** Hey Roger. You see I am attacking BCH continuously. If you want me to stop (and switch teams and work for you guys attacking BSV) then I will accept the job. I can be paid a salary of 1 BTC to this address to get started:- 1MCpARZExPsW5EmBMEYj2NoyUxaoWyZt8N Don't try and share this message and slander me cause I will just deny it. I am a lot cleverer than you guys - admit it! Not interested in further communications, except confirmation, and I shall not respond. Payment to the aforementioned address is the acceptance of hiring me - not negotiable. End of message. ******************************************************************************** WARNING: Hey if you are running this code to prove the hashes, DO NOT SEND ANY BSV/BTC/BAB to the address! I cannot spend it as I don't have the private key and it's impossible to find it - you will just be burning your crypto! 
Any technical questions / comments feel free to ask below.
submitted by jim-btc to bitcoincashSV [link] [comments]

Bitcoin’s Security and Hash Rate Explained

Bitcoin’s Security and Hash Rate Explained
As the Bitcoin hash rate reaches new all-time highs, there’s never been a better time to discuss blockchain security and its relation to the hashing power and the Proof of Work (PoW) that feed the network. The Bitcoin system is based on a form of decentralized trust, heavily relying on cryptography. This makes its blockchain highly secure and able to be used for financial transactions and other operations requiring a trustless ledger.
Far from popular belief, cryptography dates back to thousands of years ago. The same root of the word encryption — crypt — comes from the Greek word ‘kryptos’, meaning hidden or secret. Indeed, humans have always wanted to keep some information private. The Assyrians, the Chinese, the Romans, and the Greeks, they all tried over the centuries to conceal some information like trade deals or manufacturing secrets by using symbols or ciphers carved in stone or leather. In 1900 BC, Egyptians used hieroglyphics and experts often refer to them as the first example of cryptography.
Back to our days, Bitcoin uses cryptographic technologies such as:
  1. Cryptographic hash functions (i.e. SHA-256 and RIPEMD-160)
  2. Public Key Cryptography (i.e. ECDSA — the Elliptic Curve Digital Signature Algorithm)
While Public Key Cryptography, bitcoin addresses, and digital signatures are used to provide ownership of bitcoins, the SHA-256 hash function is used to verify data and block integrity and to establish the chronological order of the blockchain. A cryptographic hash function is a mathematical function that verifies the integrity of data by transforming it into a unique unidentifiable code.
Here is a graphic example to make things more clear:

– Extract from the MOOC (Massive Open Online Course) in Digital Currencies at the University of Nicosia.
Furthermore, hash functions are used as part of the PoW algorithm, which is a prominent part of the Bitcoin mining algorithm and this is what is of more interest to understand the security of the network. Mining creates new bitcoins in each block, almost like a central bank printing new money and creates trust by ensuring that transactions are confirmed only when enough computational power is devoted to the block that contains them. More blocks mean more computation, which means more trust.
With PoW, miners compete against each other to complete transactions on the network and get rewarded. Basically they need to solve a complicated mathematical puzzle and a possibility to easily prove the solution. The more hashing power, the higher the chance to resolve the puzzle and therefore perform the proof of work. In more simple words, bitcoins exist thanks to a peer to peer network that helps validate transactions in the ledger and provides enough trust to avoid that a third party is involved in the process. It also exists because miners give it life by resolving that computational puzzle, through the mining reward incentive they are receiving.
For more info, contact Block.co directly or email at [email protected].
Tel +357 70007828
Get the latest from Block.co, like and follow us on social media:
✔️Facebook
✔️LinkedIn
✔️Twitter
✔️YouTube
✔️Medium
✔️Instagram
✔️Telegram
✔️Reddit
✔️GitHub
submitted by BlockDotCo to u/BlockDotCo [link] [comments]

I made my own Blockchain in Java (Part 2) now with Source Code!

Hello all! Same guy that posted about a Java Bitcoin Address Generator. I've completed my blockchain mockup and I couldn't be happier with it. Although it doesn't have persistent state and doesn't use new addresses as Change addresses (since the wallets are not HD, just single-keypair wallets), I learned a lot from doing this.
It really does help to understand the complexity of cryptocurrencies when you try to make it from scratch by yourself. There's a ton of security behind bitcoin, and some of it may seem absurd (SHA-256 hashing into RIPEMD-160 into 2x SHA-256 like Damn... all for a checksum).
If you want to mess around with the program, I've uploaded it to Github (Link here). It's a functioning wallet-type program that has Accounts you can switch between where each account has its own KeyPair that you can then send and receive funds to. There is a block reward for mining new blocks that is distributed from the "coinbase" wallet.
NOTE: This is intended to be for educational purposes and should in no way be considered a real cryptocurrency/blockchain. It only runs for the time you have it open and loses all information when closed. The addresses it generates ARE valid bitcoin addresses that you can use, but do so at your own risk and know what you're doing. There is no seed for the addresses that are generated.
submitted by Septem_151 to Bitcoin [link] [comments]

Ren will present on Bitcoin Wednesday’s 6-Year Anniversary on 3 July 2019

Bitcoin Wednesday’s 6-Year Anniversary on 3 July 2019 presents cryptographer Ren Zhang, who will compare Proof of Work (PoW) to Proof of Stake (PoS). Proof of Work is a mathematical algorithm that produces results that are difficult to calculate but easy to verify, the governing principle that secures Bitcoin. Although the PoW concept was first proposed in the early 90s, Satoshi Nakamoto’s novel use of it, described in the Bitcoin white paper, sparked the cryptocurrency revolution.

In his talk for Bitcoin Wednesday Ren will explain what Proof of Work brings us that was previously impossible and how it compares to alternatives like Proof of Stake. He writes:

More than $146 billion in crypto-assets (75% of them worldwide) are secured by Proof of Work. As of June 2019, $1 million worth of Bitcoin is created every day to compensate miners who use physical resources to secure the system. These numers are not small, and it is likely that they will grow even larger if cryptocurrencies continue to thrive. In order to avoid PoW’s high level of energy consumption, many new cryptocurrencies turn to other consensus mechanisms. How do they match up to Proof of Work? Have they achieved their goals? What do they sacrifice, if anything?

Ren is a cryptography researcher at COSIC Research Group at KU Leuven in Belgium, where he focuses on blockchain consensus protocols and privacy- and security-related problems in peer-to-peer networks. He is currently working on a variant of Nakamoto Consensus with higher throughput known as NC-Max. He is a cryptographer for Nervos, a new Proof-of-Work blockchain, and a research assistant to Bart Preneel, the designer of RIPEMD 160, the hash function used to compute from your Bitcoin public key to your Bitcoin address. Ren’s research group at KU Leuven happens to be the birthplace of AES, the advanced encryption standard used in almost all electronic devices.

In 2017, after Ren discovered design flaws in the Bitcoin Unlimited scaling proposal, he was invited to work with Pieter Wuillie and Gregory Maxwell at Blockstream. His paper, “Lay Down the Common Metrics: Evaluating Proof-of-Work Consensus Protocol’s Security” which he co-authored with Bart Preneel, was presented at the 2019 IEEE SP symposium in Oakland.

https://www.bitcoinwednesday.com/speakers/ren-zhang-cryptographer-ku-leuven-nervos/
submitted by Aimeedeer to NervosNetwork [link] [comments]

Steal this art. Crack its key.

The race is on. Steal this art by cracking the key and it's yours!
The artwork is spray paint on 50# paper with a stenciled private key but with two characters missing. Assigned to its address is a token that, because I say so, gives the holder ownership of the artwork.
Complete the private key correctly and you will have the power to transfer that token (using Counterparty) to an address you control. Once the transfer is confirmed and you sign a message with the owning address, I will recognize you as the new owner of the work and ship it to you at no charge in the US or at cost internationally. Whether it's shipped or not, you will own it and can transfer ownership to anyone who will enjoy the same offer to ship it to them.
How is this done?
While anyone can create a token and post a partial private key to do a giveaway, here a two-way cryptographic link has been made between the work and a token recorded in the Bitcoin block chain.
In this case, a Counterparty asset named KETF was created with one indivisible unit, locked so no further units can be issued, and a RIPEMD-160 hash of the above image was included in the asset description when it was issued. Since it is the first record of the hash on the block chain, you can be confident that this token is genuine. Since the image file shows irreproducible characteristics of the artwork, it makes it simple to authenticate that the artwork is the one in the image, at least if you're holding it in your hands and can feel the spray painted texture.
Verification
To verify that this is genuine, download the image from imgur and check it's RIPEMD-160 hash using http://ripemd-160.com/ (a site I setup) or the OpenSSL rmd160 command on your platform of choice. Then search for that hash using Blockscan checking the box to also search past descriptions. The first and oldest record should be in the genuine token. Any others are just copycats.
Why?
Bitcoin is fascinating on so many levels. Some of the more recent developments in the space have been around smart property and smart contracts and I wanted to see how a physical object and digital asset could be linked. How would people be able to verify the link? What does ownership mean when a token is involved? How can simple links be made that are easy to strongly verify? Making this work, and others, is an attempt to answer those questions.
Edit: The key has been cracked and the token transferred. Thanks for playing!
For anyone who is interested in getting something like this I have a thread here: https://bitcointalk.org/index.php?topic=954740
submitted by dsterry to Bitcoin [link] [comments]

Comprehensive guide to safely browse the SilkRoad

Summary
I) INTRODUCTION
II) SOFTWARES & LINKS
III) ENCRYPTION USING TRUECRYPT
IV) CREATION OF A VIRTUAL MACHINE USING VBOX
V) TWEAKS TO VBOX
VI) INSTALLING AND SETTING UP LINUX
VII) INSTALLING TOR
VIII) SHORT INTRODUCTION TO PGP VIA TERMINAL
IX) ADDITIONAL THOUGHTS
I) INTRODUCTION
First of all, I'm no security expert. The following guide will be nothing but technical instructions to securing your machine to make digital information storage and transmission secure.
Your security is divided in 3 parts. Also remember your security (as in lowering chances to get caught) is only as strong and your weakest link. Those 3 parts are :
a) Money
You can (and will) get caught if you aren't careful with how you move money. Banks and LE work hand-in-hand to trace money. I won't cover that aspect but you need a bulletproof way of buying (if you are a buyer) and/or selling (if you are a seller) your bitcoins.
b) Drugs
Yes, you'll get caught if you don't handle drugs in a secure fashion, ldo. It includes shipping, stealthing, receiving packages, storing. You get the idea.
c) Information
Here is the part I'll develop in this guide. How to handle information (mostly digital information) to not get caught and be as stealthy as possible.
II) SOFTWARES USED AND LINKS
All the following softwares are :
1) Free - you don't have (and shouldn't, as sad as it sounds for security reasons) to pay anything to fully use them
2) Open source - Anyone with knowledge can see what the programs are made of. Def a security plus.
We will need (In order of use) :
a) a good anti-virus
Before even starting the job, we need to make sure we're working in a safe environnement. If you have a keylogger installed on your computer then all futur steps will be for NOTHING. So if you don't have an updated AV installed yet, get one. I personally use AVG. Here is the link but it's recommended you search it yourself using google, after all, I could be a hacker myself.
http://free.avg.com/
b) a password manager
You'll need to save at least 5 complex passwords. I strongly recommend using a password manager (with passwords creation) such as KeePass. It's multi plateform (windows/linux/android).
http://keepass.info/
c) TrueCrypt
Very powerful piece of software which allows you to encrypt files/folder or even full system partition using bulletproof algorythm such as AES.
http://www.truecrypt.org/
d) VirtualBox
Very powerful software which allows you to run a completely autonom virtual machine inside your physical machine.
https://www.virtualbox.org
e) Ubuntu 13.04
Free OS. Very safe. Not so user friendly but you'll only use it to browse SilkRoad and use PGP (more on that later).
http://www.ubuntu.com/
d) Tor Browser Bundle (TBB)
A package of pre-configured software to use TOR. Awesome.
https://www.torproject.org/projects/torbrowser.html.en
III) ENCRYPTION USING TRUECRYPT
I assume you already installed the antivirus and ran a minutious scan on your system. Your system was clean already ? Great, you can read what's next.
So first, we want to create an encrypted folder so that we can install a complete different OS in it. It'll be 100% safe and impossible (without the passphrase ldo) to know what it is you are putting in the folder.
a) Click on "Create Volume"
b) Select "Create an encrypted file container"
c) Select "Standard TrueCrypt volume"
note : Do your research on which option you want to use.
d) For Volume Location, select where you want to save the file. Type in a random name and click "save" then "Next" !! Note : You can select a USB pendrive (with at least 10GB and USB 3.0 strongly recommended) so that you have a portable, encrypted OS. Very useful since that you can physically hide it from LE in case of a search at your place) !!
e) Encryption Options
I advise to use AES. The technology is old which, in security, is a good thing since it means it has been tested by many security experts. I don't know about Hash Algorithm. I think I use RIPEMD-160 but it's up to you to do your godamn research on which option you want to use.
f) Volume Size
Pick at least 10gb, (no more than 15GB really). Note : TrueCrypt will encrypt the whole 10GB no matter what it is you put in, even empty space. So consider the number you type in (10GB here) as gone once you click "Next".
g) Volume Password
Open KeePass (!!!!!!!! with a strong masterpassword !!!!!!!!) and generate a random passphrase using at least 15 (25+ advised) characters (with lowercase, uppercase, numbers, symbols, space everything checked). Save it carefully, and copy paste it twice in TryeCrypt.
h) Large Files
Select "Yes"
i) Volume Format
Move your mouse randomly (to create randomness in the Key) a few seconds then click "Format", wait.
Congratulation, you now are the owner of an encrypted file container.
IV) CREATION OF A VIRTUAL MACHINE USING VIRTUALBOX
First, you need to mount the encrypted folder you just created. For this, open TrueCrypt, and click on random letter (remember it and always use the same to avoid corruption). I personally use R: (don't ask me why, I guess I used it the first time and it stuck). Then, click on "Select File" and browse to your newly created folder, click on "Open". Then, click on "Mount", it'll ask for your passphrase. Open it with KeePass and copy past it. Click "OK". If everything went well, you can know access your encrypted folder using Windows Explorer in computer. Truecrypt created a virtual partition.
Okay, so now, off to creating a Virtual Machine. You must have downloaded Ubuntu 13.04 (700MO or so). Good, save the .iso file somwhere.
a) Open VirtualBox, click on "New". In name, type in Ubuntu, it'll automatically select the type and version needed. Click "Next".
b) Memory Size. It's the amount of RAM you want to allocate to your virtual machine. I personally have 12GB of RAM and I allocated 4096MO to my VM (virtual machine). Note : Consider that the amount of RAM you give to your VM gone from your physical machine. Even if you don't run anything on your VM, the amount given (4096MO) won't be usable by your physical machine until you shutdown your VM. Click "Next".
c) Hard-Drive. Select "Create a virtual hard drive now", click "Create".
d) Type of hard drive file Select "VDI (Image disk VirtualBox)" Click "Next".
e) Select "Fixed Size", click "Next".
f) File location and size For location, click the yellow folder and go to the letter you mounted the file in TrueCrypt (for me R:\the-name-of-your-VM.vdi) In size, pick whatever the amount of GB you allocated to the crypted folder MINUS 1.5GB. !! Note : very important. For exemple, if your crypted folder is 10GB, you must pick 8,50 Gio. !! Click "Create" and wait a minute or two for VBox to create your VM.
V) TWEAKS TO VBOX
Here are the settings I use for my SilkRoad Machine.
To access settings, in VirtualBox, select your newly created VM and click "Configuration". Go to the onglet "System" => "Proc", select a reasonnable Value (where the green and red meets is generally ok). Type in 90% in allocated ressources. Go to the onglet "Display" => "Video", select a reasonnable Value (where the green and red meets is generally ok). Number of screen, 1 by default. You can use more screens if you have more than one. Vbox supports it beautifully. Click "OK".
VI) INSTALLING AND SETTING UP LINUX
a) Open VBox, select your virtual machine in the left and click "Start" at the top. You now are running your virtual machine.
Now you must install Linux on it. A window will pop up and ask you to select a booting disk. Click the yellow folder and browse to the Ubuntu.iso file you previously downloaded. Click on "Start".
You VM will now boot using Ubuntu. Install it, check "Download updated while installing", leave everything else as is.
Select "Erase disk and install Ubuntu". File in the settings needed. In name, type whatever you want (note : I usually just type in the same letter I used to mount the folder with TrueCrypt). Pick a password (a new fresh password, that one isn't necessarily important but make sure you remember it). Select "Require my password to log in", you don't mind extra lawyers of security. Click "Continue". Now, wait, the installation can take up to an hour or two.
When done, click on "Restart Now". When rebooting, you will be asked to if you want to boot using the installation, DON'T anything and wait. Now you have a beautiful orange/purple page asking you for your password. Type in the password you wrote during the installation process and press Enter. Welcome to Ubuntu.
b) You need to setup a few things.
First, you can go fullscreen pressing Right CTRL + F (the CTRL next to the arrows on the right of your keyboard). Better, right ?
You'll notice those black borders onto the sides. That's ugly and bad for your eyes. To remediate, you need to install a pack of drivers especially made for Virtual machines.
To do so, put your cursor to the very bottom center of your screen (if you are in fullscreen mode, else you have access to the options at the very top of the window). Click on "Peripheric", Click on "Install Guest Additions". An autorun window will open up, select "Run Software" and click "OK". Enter your Ubuntu password. Click "Authenticate". An ugly purple window will open with ugly white characters, it's the terminal. We'll use it later for different stuff. Wait a minute or two until you have the terminal says this "Press Return to close this window...". Press Return on your keyboard (above Enter) to close the window, ldo.
Reboot the virtual machine by going to the very top right of your screen. Now to go the options, on the left, you'll see a dock of icons, click the Gear with the Red hammer or whatever you call it in english (I know it's not a hammer). Double click on "Displays", pick your favorite resolution. Click "Apply" then "Keep that resolution". Much better, cierto ?
You will notice the OS seems slow and laggy, even more so if you installed your VM on a USB pendrive. To remediate, follow those steps.
Run the terminal (push ALT + F2 and type in "Terminal", double click to open it. Copy past that command :
/uslib/nux/unity_support_test -p
The following should appear :
Not software rendered: no
Not blacklisted: yes
GLX fbconfig: yes
GLX texture from pixmap: yes
GL npot or rect textures: yes
GL vertex program: yes
GL fragment program: yes
GL vertex buffer object: yes
GL framebuffer object: yes
GL version is 1.4+: yes
Unity 3D supported: no
As you can see, 3D acceleration isn't activated. To activate it, return to terminal and copy past that command, enter password when asked. When "asked to continue [Y/n] ?", type in Y then press enter.
sudo bash -c 'echo vboxvideo >> /etc/modules'
Shutdown the virtual machine (you can do it manually inside the VM or press Right CTRL + Q and select "Send extinction signal".
Go back to VirtualBox and go to configuration => display. Check Activate 3D acceleration.
Boot your VM, open terminal and type
/uslib/nux/unity_support_test -p
You should now see that Unity 3D is supported and your OS is fluid. Don't expect native performances tho, it's still an emulated OS.
VII) INSTALLING TOR
Run your VM. Open a firefox window and go to https://www.torproject.org/projects/torbrowser.html.en
Select the Linux version and download it. Close Firefox. We want to use that machine on the clearweb as little as possible.
Unpack (or drag&drop) the tor-browser_en-US folder in the folder "Home" or desktop or whervere you want.
Open the folder and double click on "start-tor-browser". It will open a weird text editor with gibberish stuff in it. Close it. We need to activate an option first.
Push ALT, in that window, type "dconf-editor" and press Enter. In dconfg-editor go to: org => gnome => nautilus =>preferences Click on "executable-text-activation" and from drop down menu select: "launch: to launch scripts as programs." Close dconf-editor.
You can now launch TOR. and browse anonymously the road. I strongly advise you to install KeePass for linux by going to Ubuntu Software Center to save passwords for Silkroad as well as your PGP passphrase.
VIII) SHORT INTRODUCTION TO PGP VIA THE LINUX TERMINAL
PGP is a powerful protocal that allows you to encrypt and decrypt messages and files. It has been used for over 15 years and is the standard all over the world for industry and governement communications.
So first, we must create our own set of keys.
A) Creating your own keys
To do so, open the terminal and type GPG. It will reply :
gpg: Go ahead and type your message ...
Ok, you've got GPG installed already, perfect.
To create your key, type :
gpg --gen-key
Type 1 then hit Enter
You'll be asked to chose between 1024 and 4096 bits. Chose 4096 (the most secure), hit Enter.
Next window, type 0, press Enter, then type Y, press Enter.
You are now asked to enter your name, it's important you don't type in your Real Name obviously but it's also important to chose something that identifies you. I chose my Silkroad name so that my contacts know the key is mine.
Email adress : [email protected] or whatever you want, shouldn't be real.
Comment : none, press Enter
Type in "O" to confirm, press Enter
Enter passphrase, very important to chose something very secure. As usual, open up KeePass and generate a strong passphrase, there is no limitation AFAIK.
Then you'll be asked to do random stuff on your computer to generate bytes to ensure randomness in your key pool. Do stuff, open a random file and type in stuff for exemple. Once it's done (it can take a few minutes), you now have your own set of keys.
What we want to do know is to export the public key so that you can share it with your sellers/buyers.
Type :
gpg --armor --export your-email-adress-used-before
Copy paste the public key in a .txt file on your desktop and share it whenever you buy/sell.
B) Importing a public key
To send a message to someone, you must important its key. To do so, create a document and copy paste the key there, close & save it.
Now, open seahorse (hit ALT and type in Seahorse, open the program called "Passwords and keys".
Put your cursor in the very top left of your screen and click file => import, select the file you saved the key in. Done.
C) Encrypting a message
Open the terminal and type :
gpg -ear name-or-email-of-your-contact < Press Enter Type your message
Press Enter, finish by typing "end" and press Enter again.
You'll have your encrypted message. Something that looks like that :
-----BEGIN PGP MESSAGE----- Version: GnuPG v1.4.12 (GNU/Linux)
hQIMA7eD31/5BBRZAQ/9Hq1r1gpOIf2r06zSIL8Ww0tUCC9PlNiMpemPwhpZsccB vO4MOMrnV41BHToTQNfh0xiZdXFxO/T6ow4oatP2Ap/BvZtipcAAjJKowP6aaTOJ Wgd7nC4FTJvRUjgkW/p3imlQsdTVb3+2dNzCPp0yrr8NocW77+4Ka/+4aoql0UmI 3mKLjo0+eof8qAnQd5jOaAcWTszhIwBd99rXVbRCjNa/jMsSQ9Vnn7L+WqYGHuAI MMdOCU3peifV/7zA6A0bMKzStWc1JIa84wus91/mmErkRcNZHqThCje8eulinzRm RthaH0yi7ty65F3IuSqbq/qdpdE9UXvwjySbFE7ANCPpnkP4jv+oL95UezyjbO2x ra1Il7XKbYvaf0oXJAz5xKsLfeHKB3kCR+Kxzt9NmdRZ4rPZ4ZjSN5WI9YeOL0t/ W7oaCyBcFD/6/m/63VNYZTrwrqBGqsWhXVFpoHalvd+09CffsdQjwDIMy9u3TtRk j+FDSGuukKrS/7exWSoajSDhTK+koSS8CIFvyocZ81EkGhnUjd4kxlIAu4UCXmG6 LiJXXo7X5PK7knGtlzZXstrtrrttr8FFeAbSHsZ0+ihdxtNSvx1EPewl TtLSKoUT9ickUrxFoPm2z1vqBwN/087EaCU6BSX8uwZ8GrxMwSKgVmQKfVyfgMDS RAGGtmuRwgfyhthrertwF0KV8nTajDnSqoGiMAgK7y+e320OEFnYXOKIXlue l7FvOHwi9jZbBAR4HHAfhgJIj78P =OT60 -----END PGP MESSAGE-----
You can now send the encrypted message to your contact.
D) Decrypting messages
Open the terminal and type :
gpg -da < Press enter, then copy paste the message you received. Press Enter, finish by tiping end then press Enter again.
You will be asked to enter the passphrase to decrypt it. Open KeePass and copy paste it. The result will be like this :
You need a passphrase to unlock the secret key for user: "abcd [email protected]" 4096-bit RSA key, ID xx, created 2013-05-08 (main key ID xxx)
gpg: encrypted with 4096-bit RSA key, ID xxx, created 2013-05-08 "abcd [email protected]" ENCRYPTED MESSAGE TO THE SILK ROAD HERE
You can now safely converse with your vendors.
IX) ADDITIONAL THOUGHTS
I hope everything worked well. Finally, the most important security advice someone can give is to use your brain. Don't do anything stupid and you should be fine.
Feel free to discuss issues you may have encontered here or by PM, I'll gladly help you getting setup.
Remember also that your security is only as good as your contacts security. For exemple, if your seller is stupid and keeps detailed informations of his buyers on file, then there isn't much you can do in case he gets caught.
I could have sold this tutorial but I chose not to because my personnal security is guaranteed only if yours is aswell. You get my point.
MUST BE ANONYMOUS
-----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.12 (GNU/Linux)
mQENBFGIAIUBCAC75V2SJ50dU6+gUY7jdrHxJKmdjXjlOxWjE+CTuti+Pq8NveTK aPXWHmFZpsEtW+v7tHmPPT/cjEKlmo/B9Wxl9daFis+6gFQHnaKNRCFVmOSt9GL8 7qBxrxC/HZTeBgdE8dWf4RPSc911PRb2+iCCrdgj+5ILwp3fcM5EHoRqKiFDpb3A fybrw3prvpPx8dyt1H/p73S6Gfk+Iuwcq2+iIAMJUJQUc+CwMFFCplQ1BUeiD+nn 5o24FXF9Krcbw8w5lZCfPVPSh0GYTvNMaj1VWjEQFU4j0rCOiJ+UVckpgJ4MRrxI MbKJ8srGLSJRnCHM2syQC0Zq/2iwRuZY7zWXABEBAAG0EVdoYXRzdXA1NiA8YUBi LmM+iQE4BBMBAgAiBQJRiACFAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAK CRBioWhoc3JRsCrhB/9M2AptCTjyitpQR1ZnqwFop/NDdOIY1DtERkyQKfbHftzK 5I/LI3wxP5rhts2NY/EMVl8ziJVZ7h0J9japkoia8uOYX9Un6aMasHM0PH7Mln2K 936BeoZDQbPQV8NOCyNT4lMNt7Ajd+6GJcmAIduPmUi6xjgge716MhQlTBg5HG 94ZJT3Xm7W9tuIiJh8H9Dkr60F9UuwtIPfKPEeXyxUI25fZAQ+nyVz39ap2fjyeW EYMB6y90zxWjFPiFfpx+BfcWOmzHaXkps/bG6kSbOcVn9UJS32C0JyIFmfa96N6H +tSmk+WW98u5dSBzhIoYYiXxWPihJDOjTCUYkFC9uQENBFGIAIUBCADrkKs31LOL 4MQ6fdzhw2MvTI8zDad2bJZCd/+Gf8yGTNKhagJIHo8KEuCDINydQXHCt+aNKZZ7 d/QG09nABaybZJfqf1ffOiD5L1PivcKJMdJNozNuIhWxc4E35A7c/wCPJdDOBV0v eqf57illUo+yz7CKfyO088BYMGTrBRi/ifqmPyMuYzzC4SZcx1MJFU1mzONYU1r0 ZYj0eeKdRrbHPfJUAWQUr6MteMvJp5g8JfyYC+Th+zASEYRRfs3I52rsLb1hpxoi 87xUK89xoXdg4uLysz1Iy/PhGjmtbi61sZCv1oh+o9biNsy9zIjqwhCW7oMPwmJ6 Szh2nNTMCuNFABEBAAGJAR8EGAECAAkFAlGIAIUCGwwACgkQYqFoaHNyUbBKWAf5 AbYVbQVRNYVw5pR6+NDLw1qxlafGz/7j6YnApif0vuVzBEE9aFOUdxfKyIy+Ka8l NYjoAItym2mDTsRZqJwEm1FPbmVFu7WPAnnmn1ECyHBSV0vnJjCL5qkoMx9d/EHs WBW7htnRVtbuJEzVZzzSfddjWEYXGqYcqocebBwQpNgdfuQrHadAbkSmDwLfz+KD r17m1i9sUej8hiFLr64XGau7nl2l+iRMR2vTcVpNZDTJa/t4JlrwMINR95ORo3ze bRVKbedZIn3ifeSzyWDTsScvkNVAe4dovATaHWU/+tkNgL4ECI1UNS8XYsGqWe+r pbfj19eRRPAc4lbNfLlUKQ== =aq6t -----END PGP PUBLIC KEY BLOCK-----
edit : Fixed a few typos.Reorganized chapters using roman letters.
submitted by MUST-BE-ANONYMOUS to SilkRoad [link] [comments]

Using Electrum and Bootable Ubuntu USB to Create a Secure Cold Storage Wallet

Here is a short guide that is hopefully newb friendly for creating a cold-storage wallet with Electrum. All you will need is at least one USB flash drive with at least 2 GB of free space, your PC, and pen & paper.
You will need The Universal USB Installer, as well as the Ubuntu .iso image file. Choose the 32 bit version to be safe. Download both, plug in your USB flash drive, and launch the installer. Select Ubuntu in Step 1 in the installer. Then in Step 2 browse and locate the Ubuntu .iso image file you downloaded. Then in Step 3 select the drive you have inserted, as well as click the box to format the drive and erase contents. Do NOT set a persistence as this will reduce the security. Then click create and wait for it to finish.
Once booted into Ubuntu, make sure to click "try ubuntu". You are only trying it out on the USB, and not installing it onto your main hard drive. The reason for using the bootable drive is everything exists in memory and mostly disappears when you shut down Ubuntu.
(It would be more ideal to install electrum in a complete cold environment, but I have heard that could cause some problems with Electrum at this time and it is best to install it while connected to the internet. But if you want true cold storage you must have zero internet connection at the time of creating the wallet. Since we are disconnecting before Electrum creates the seed, we should be good.)
At this point you are done, just shut down Ubuntu to make sure the evidence of the seed is erased. Then you can send Bitcoins to your cold storage wallet. You have effectively created a very secure cold storage wallet, in my opinion. To restore the cold wallet, just launch electrum and choose "restore wallet" option, type in your seed, and voila you have a hot wallet ready to spend again.
Extra: Using Truecrypt Encryption
Bonus tutorial is if you would prefer to save your seed on another USB or digital device. It is not recommended to do this, unless the seed in encrypted. Even then I would only leave it on a USB and not plug it into any hot device just to be safe. I would recommend Truecrypt although its possible the NSA has hacked Truecrypt, so use at your own risk.
sudo add-apt-repository ppa:stefansundin/truecrypt
sudo apt-get update
sudo apt-get install truecrypt
Hit enter after each command. If it asks permission, press y. Sometimes I had problems getting commands to work in the past. For some reason first installing flash from the software center fixes the problem, but I have no idea why.
Choose a size for the file, probably 5 MB is enough, but by all means choose more if you want to hold more files. Click next and make sure to choose a SECURE password for the file. If you don't pick a good enough password it will be brute forced easily. Use numbers, letters, capitals, lowercase, symbols, and make it long as possible. Try to have it something you can memorize if possible. Then click next. Then format it as FAT, and click next. Move your mouse around for entropy and then click Format, and your truecrypt container has been created.
I think this is a decent easy to follow tutorial. Hopefully this can help some newbies out, if I made any mistakes please feel free to correct me.
Edit: Sorry formatting sucks.
submitted by btcfreedom to Bitcoin [link] [comments]

BIP Number Request: Open Asset | Nicolas Dorier | May 26 2016

Nicolas Dorier on May 26 2016:
Open Asset is a simple and well known colored coin protocol made by Flavien
Charlon, which has been around for more than two years ago.
Open Asset is OP_RETURN to store coin's color. Since then, the only
modification to the protocol has been for allowing OA data to be into any
push into an OP_RETURN.
The protocol is here:
https://github.com/OpenAssets/open-assets-protocol/blob/mastespecification.mediawiki
I asked to Flavien Charlon if he was OK if I submit the protocol to the
mailing list before posting.
Additional BIP number might be required to cover for example the "colored
address" format:
https://github.com/OpenAssets/open-assets-protocol/blob/masteaddress-format.mediawiki
But I will do it in a separate request.
Here is the core of the Open Asset specification:
Title: Open Assets Protocol (OAP/1.0)
Author: Flavien Charlon
Created: 2013-12-12
==Abstract==
This document describes a protocol used for storing and transferring
custom, non-native assets on the Blockchain. Assets are represented by
tokens called colored coins.
An issuer would first issue colored coins and associate them with a
formal or informal promise that he will redeem the coins according to
terms he has defined. Colored coins can then be transferred using
transactions that preserve the quantity of every asset.
==Motivation==
In the current Bitcoin implementation, outputs represent a quantity of
Bitcoin, secured by an output script. With the Open Assets Protocol,
outputs can encapsulate a quantity of a user-defined asset on top of
that Bitcoin amount.
There are many applications:
could then be traded frictionlessly through the Bitcoin
infrastructure.
could withdraw and deposit money in colored coins, and trade those, or
use them to pay for goods and services. The Blockchain becomes a
system allowing to transact not only in Bitcoin, but in any currency.
of colored coins. The door would only open when presented with a
wallet containing that specific coin.
==Protocol Overview==
Outputs using the Open Assets Protocol to store an asset have two new
characteristics:
asset stored on the output.
many units of that asset are stored on the output.
This document describes how the asset ID and asset quantity of an
output are calculated.
Each output in the Blockchain can be either colored or uncolored:
both undefined).
non-null asset ID.
The ID of an asset is the RIPEMD-160 hash of the SHA-256 hash of the
output script referenced by the first input of the transaction that
initially issued that asset (script_hash =
RIPEMD160(SHA256(script))). An issuer can reissue more of an
already existing asset as long as they retain the private key for that
asset ID. Assets on two different outputs can only be mixed together
if they have the same asset ID.
Like addresses, asset IDs can be represented in base 58. They must use
version byte 23 (115 in TestNet3) when represented in base 58. The
base 58 representation of an asset ID therefore starts with the
character 'A' in MainNet.
The process to generate an asset ID and the matching private key is
described in the following example:

The issuer first generates a private key:

18E14A7B6A307F426A94F8114701E7C8E774E7F9A47E2C2035DB29A206321725.

He calculates the corresponding address:

16UwLL9Risc3QfPqBUvKofHmBQ7wMtjvM.

Next, he builds the Pay-to-PubKey-Hash script associated to that

address: OP_DUP OP_HASH160
010966776006953D5567439E5E39F86A0D273BEE OP_EQUALVERIFY
OP_CHECKSIG.

The script is hashed: 36e0ea8e93eaa0285d641305f4c81e563aa570a2

Finally, the hash is converted to a base 58 string with checksum

using version byte 23:
ALn3aK1fSuG27N96UGYB1kUYUpGKRhBuBC.
The private key from the first step is required to issue assets
identified by the asset ID
ALn3aK1fSuG27N96UGYB1kUYUpGKRhBuBC. This acts as a
digital signature, and gives the guarantee that nobody else but the
original issuer is able to issue assets identified by this specific
asset ID.
==Open Assets Transactions==
Transactions relevant to the Open Assets Protocol must have a special
output called the marker output. This allows clients to recognize such
transactions. Open Assets transactions can be used to issue new
assets, or transfer ownership of assets.
Transactions that are not recognized as an Open Assets transaction are
considered as having all their outputs uncolored.
===Marker output===
The marker output can have a zero or non-zero value. The marker output
starts with the OP_RETURN opcode, and can be followed by any sequence
of opcodes, but it must contain a PUSHDATA opcode containing a
parsable Open Assets marker payload. If multiple parsable PUSHDATA
opcodes exist in the same output, the first one is used, and the other
ones are ignored.
If multiple valid marker outputs exist in the same transaction, the
first one is used and the other ones are considered as regular
outputs. If no valid marker output exists in the transaction, all
outputs are considered uncolored.
The payload as defined by the Open Assets protocol has the following format:
{|
! Field !! Description !! Size
|-
! OAP Marker || A tag indicating that this transaction is an
Open Assets transaction. It is always 0x4f41. || 2 bytes
|-
! Version number || The major revision number of the Open Assets
Protocol. For this version, it is 1 (0x0100). || 2 bytes
|-
! Asset quantity count || A
[https://en.bitcoin.it/wiki/Protocol_specification#Variable_length_integer
var-integer] representing the number of items in the asset
quantity list field. || 1-9 bytes
|-
! Asset quantity list || A list of zero or more
[http://en.wikipedia.org/wiki/LEB128 LEB128-encoded] unsigned integers
representing the asset quantity of every output in order (excluding
the marker output). || Variable
|-
! Metadata length || The
[https://en.bitcoin.it/wiki/Protocol_specification#Variable_length_integer
var-integer] encoded length of the metadata field. || 1-9
bytes
|-
! Metadata || Arbitrary metadata to be associated with
this transaction. This can be empty. || Variable
|}
Possible formats for the metadata field are outside of
scope of this protocol, and may be described in separate protocol
specifications building on top of this one.
The asset quantity list field is used to determine the
asset quantity of each output. Each integer is encoded using variable
length [http://en.wikipedia.org/wiki/LEB128 LEB128] encoding (also
used in [https://developers.google.com/protocol-buffers/docs/encoding#varints
Google Protocol Buffers]). If the LEB128-encoded asset quantity of any
output exceeds 9 bytes, the marker output is deemed invalid. The
maximum valid asset quantity for an output is 263 - 1
units.
If the marker output is malformed, it is considered non-parsable.
Coinbase transactions and transactions with zero inputs cannot have a
valid marker output, even if it would be otherwise considered valid.
If there are less items in the asset quantity list than
the number of colorable outputs (all the outputs except the marker
output), the outputs in excess receive an asset quantity of zero. If
there are more items in the asset quantity list than the
number of colorable outputs, the marker output is deemed invalid. The
marker output is always uncolored.
After the asset quantity list has been used to assign an
asset quantity to every output, asset IDs are assigned to outputs.
Outputs before the marker output are used for asset issuance, and
outputs after the marker output are used for asset transfer.
====Example====
This example illustrates how a marker output is decoded. Assuming the
marker output is output 1:
Data in the marker output Description ----------------------------- 
0x6a The OP_RETURN opcode. 0x10 The PUSHDATA opcode for a 16 bytes payload. 0x4f 0x41 The Open Assets Protocol tag. 0x01 0x00 Version 1 of the protocol. 0x03 There are 3 items in the asset quantity list. 0xac 0x02 0x00 0xe5 0x8e 0x26 The asset quantity list: - '0xac 0x02' means output 0 has an 
asset quantity of 300.
 - Output 1 is skipped and has an 
asset quantity of 0
 because it is the marker output. - '0x00' means output 2 has an 
asset quantity of 0.
 - '0xe5 0x8e 0x26' means output 3 
has an asset quantity of 624,485.
 - Outputs after output 3 (if any) 
have an asset quantity of 0.
0x04 The metadata is 4 bytes long. 0x12 0x34 0x56 0x78 Some arbitrary metadata. 
===Asset issuance outputs===
All the outputs before the marker output are used for asset issuance.
All outputs preceding the marker output and with a non-zero asset ...[message truncated here by reddit bot]...
original: https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2016-May/012741.html
submitted by dev_list_bot to bitcoin_devlist [link] [comments]

[uncensored-r/CryptoCurrency] Is Crypto Currency truly at risk due to Quantum Computers, and what can you do about it?

The following post by satoshibytes is being replicated because some comments within the post(but not the post itself) have been openly removed.
The original post can be found(in censored form) at this link:
np.reddit.com/ CryptoCurrency/comments/7uvomu
The original post's content was as follows:

Is Crypto Currency truly at risk due to Quantum Computers, and what can you do about it?

There is no denying that the Quantum revolution is coming. Security protocols for the internet, banking, telecommunications, etc... are all at risk, and your Bitcoins (and alt-cryptos) are next!
This article is not really about quantum computers[i], but, rather, how they will affect the future of cryptocurrency, and what steps a smart investor will take. Since this is a complicated subject, my intention is to provide just enough relevant information without being too “techy.”

The Quantum Evolution

In 1982, Nobel winning physicist, Richard Feynman, hypothesized how quantum computers[ii] would be used in modern life.
Just one year later, Apple released the “Apple Lisa”[iii] – a home computer with a 7.89MHz processor and a whopping 5MB hard drive, and, if you enjoy nostalgia, it used 5.25in floppy disks.
Today, we walk around with portable devices that are thousands of times more powerful, and, yet, our modern day computers still work in a simple manner, with simple math, and simple operators[iv]. They now just do it so fast and efficient that we forget what’s happening behind the scenes.
No doubt, the human race is accelerating at a remarkable speed, and we’ve become obsessed with quantifying everything - from the everyday details of life to the entire universe[v]. Not only do we know how to precisely measure elementary particles, we also know how to control their actions!
Yet, even with all this advancement, modern computers cannot “crack” cryptocurrencies without the use of a great deal more computing power, and since it’s more than the planet can currently supply, it could take millions, if not billions, of years.
However, what current computers can’t do, quantum computers can!
So, how can something that was conceptualized in the 1980’s, and, as of yet, has no practical application, compromise cryptocurrencies and take over Bitcoin?
To best answer this question, let’s begin by looking at a bitcoin address.

What exactly is a Bitcoin address?

Well, in layman terms, a Bitcoin address is used to send and receive Bitcoins, and looking a bit closer (excuse the pun), it has two parts:[vi]
A public key that is openly shared with the world to accept payments. A private key that is derived from the public key. The private key is made up of 256 bits of information in a (hopefully) random order. This 256 bit code is 64 characters long (in the range of 0-9/a-f) and further compressed into a 52 character code (using RIPEMD-160).
NOTE: Although many people talk about Bitcoin encryption, Bitcoin does not use Encryption. Instead, Bitcoin uses a hashing algorithm (for more info, please see endnote below[vii]).
Now, back to understanding the private key:
The Bitcoin address “1EHNa6Q4Jz2uvNExL497mE43ikXhwF6kZm” translates to a private key of “5HpHagT65TZzG1PH3CSu63k8DbpvD8s5ip4nEB3kEsreAnchuDf” which further translates to a 256 bit private key of “0000000000000000000000000000000000000000000000000000000000000001” (this should go without saying, but do not use this address/private key because it was compromised long ago.) Although there are a few more calculations that go behind the scenes, these are the most relevant details.
Now, to access a Bitcoin address, you first need the private key, and from this private key, the public key is derived. With current computers, it’s classically impractical to attempt to find a private key based on a public key. Simply put, you need the private key to know the public key.
However, it has already been theorized (and technically proven) that due to private key compression, multiple private keys can be used to access the same public key (aka address). This means that your Bitcoin address has multiple private keys associated with it, and, if someone accidentally discovers or “cracks” any one of those private keys, they have access to all the funds in that specific address.
There is even a pool of a few dedicated people hunting for these potential overlaps[viii], and they are, in fact, getting very efficient at it. The creator of the pool also has a website listing every possible Bitcoin private key/address in existence[ix], and, as of this writing, the pool averages 204 trillion keys per day!
But wait! Before you get scared and start panic selling, the probability of finding a Bitcoin address containing funds (or even being used) is highly unlikely – nevertheless, still possible!
However, the more Bitcoin users, the more likely a “collision” (finding overlapping private/public key pairs)! You see, the security of a Bitcoin address is simply based on large numbers! How large? Well, according to my math, 1.157920892373x1077 potential private keys exist (that number represents over 9,500 digits in length! For some perspective, this entire article contains just over 14,000 characters. Therefore, the total number of Bitcoin addresses is so great that the probability of finding an active address with funds is infinitesimal.

So, how do Quantum Computers present a threat?

At this point, you might be thinking, “How can a quantum computer defeat this overwhelming number of possibilities?” Well, to put it simple; Superposition and Entanglement[x].
Superposition allows a quantum bit (qbit) to be in multiple states at the same time. Entanglement allows an observer to know the measurement of a particle in any location in the universe. If you have ever heard Einstein’s quote, “Spooky Action at a Distance,” he was talking about Entanglement!
To give you an idea of how this works, imagine how efficient you would be if you could make your coffee, drive your car, and walk your dog all at the same time, while also knowing the temperature of your coffee before drinking, the current maintenance requirements for your car, and even what your dog is thinking! In a nutshell, quantum computers have the ability to process and analyze countless bits of information simultaneously – and so fast, and in such a different way, that no human mind can comprehend!
At this stage, it is estimated that the Bitcoin address hash algorithm will be defeated by quantum computers before 2028 (and quite possibly much sooner)! The NSA has even stated that the SHA256 hash algorithm (the same hash algorithm that Bitcoin uses) is no longer considered secure, and, as a result, the NSA has now moved to new hashing techniques, and that was in 2016! Prior to that, in 2014, the NSA also invested a large amount of money in a research program called “Penetrating Hard Targets project”[xi] which was used for further Quantum Computer study and how to break “strong encryption and hashing algorithms.” Does NSA know something they’re not saying or are they just preemptively preparing?
Nonetheless, before long, we will be in a post-quantum cryptography world where quantum computers can crack crypto addresses and take all the funds in any wallet.

What are Bitcoin core developers doing about this threat?

Well, as of now, absolutely nothing. Quantum computers are not considered a threat by Bitcoin developers nor by most of the crypto-community. I’m sure when the time comes, Bitcoin core developers will implement a new cryptographic algorithm that all future addresses/transactions will utilize. However, will this happen before post-quantum cryptography[xii]?
Moreover, even after new cryptographic implementation, what about all the old addresses? Well, if your address has been actively used on the network (sending funds), it will be in imminent danger of a quantum attack. Therefore, everyone who is holding funds in an old address will need to send their funds to a new address (using a quantum safe crypto-format). If you think network congestion is a problem now, just wait…
Additionally, there is the potential that the transition to a new hashing algorithm will require a hard fork (a soft fork may also suffice), and this could result in a serious problem because there should not be multiple copies of the same blockchain/ledger. If one fork gets attacked, the address on the other fork is also compromised. As a side-note, the blockchain Nebulas[xiii] will have the ability to modify the base blockchain software without any forks. This includes adding new and more secure hashing algorithms over time! Nebulas is due to be released in 2018.

Who would want to attack Bitcoin?

Bitcoin and cryptocurrency represent a threat to the controlling financial system of our modern economy. Entire countries have outright banned cryptocurrency[xiv] and even arrested people[xv], and while discrediting it, some countries are copying cryptocurrency to use (and control) in their economy[xvi]!
Furthermore, Visa[xvii], Mastercard[xviii], Discover[xix], and most banks act like they want nothing to do with cryptocurrency, all the while seeing the potential of blockchain technology and developing their own[xx]. Just like any disruptive technology, Bitcoin and cryptocurrencies have their fair share of enemies!
As of now, quantum computers are being developed by some of the largest companies in the world, as well as private government agencies.
No doubt, we will see a post-quantum cryptography world sooner than most realize. By that point, who knows how long “3 letter agencies” will have been using quantum technology - and what they’ll be capable of!

What can we do to protect ourselves today?

...
submitted by censorship_notifier to noncensored_bitcoin [link] [comments]

What happens when a [RIPEMD-160] ASIC is created?

For those unfamiliar with the technicals, RIPEMD-160 is the hashing algorithm used when dealing with the generation of public keys for your Bitcoin receiving addresses.
The probability for a collision in generating addresses is so low (2128 addresses) that it costs nothing to generate a new address and things like vanity address generators can blow through millions of receiving addresses and render them useless, arriving at your vanity address.
...BUT...
What happens if you put an ASIC on the dedicated task to search for collision addresses? What are the implications?
I can't seem to find any related discussion on it so any constructive input is appreciated!
submitted by knivesngunz to Bitcoin [link] [comments]

Creating bitcoin addresses (tech questions)

I'm currently looking into the fundamentals of creating new bitcoin addresses and private keys. I have made a php-script that converts any 64-byte hex-key into both a private key and a bitcoin address. When i was researching the specifications i found this example on "https://en.bitcoin.it/wiki/Protocol_specification" "hello 2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824 (first round is sha-256) b6a9c8c230722b7c748331a8b450f05566dc7d0f (with ripemd-160)" The ripemd-160 address contains 1 satoshi which can be seen on blockchain. Is there any way to find the private key to this address or is that impossible since since just "sha + ripemd" isnt the protocol and the result is just a random address with unknown private key? Secondly i'm also generating vanity addresses with oclvanitygen. I tried generating a few addresses with 7 letters (ignoring case) like "1satoshi" and "1qwertyu". But it seems that they have different difficulity (estimated time to 50%) even though they have the same amount of letters. I can't seem to find an explanation to that.
submitted by bitcoinqwerty to Bitcoin [link] [comments]

Bitcoin Core 0.13.1 released | Wladimir J. van der Laan | Oct 27 2016

Wladimir J. van der Laan on Oct 27 2016:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Bitcoin Core version 0.13.1 is now available from:
https://bitcoin.org/bin/bitcoin-core-0.13.1/
Or through bittorrent:
magnet:?xt=urn:btih:dbe48c446b1113890644bbef03e361269f69c49a&dn;=bitcoin-core-0.13.1&tr;=udp%3A%2F%2Ftracker.openbittorrent.com%3A80%2Fannounce&tr;=udp%3A%2F%2Ftracker.publicbt.com%3A80%2Fannounce&tr;=udp%3A%2F%2Ftracker.ccc.de%3A80%2Fannounce&tr;=udp%3A%2F%2Ftracker.coppersurfer.tk%3A6969&tr;=udp%3A%2F%2Ftracker.leechers-paradise.org%3A6969&ws;=https%3A%2F%2Fbitcoin.org%2Fbin%2F
This is a new minor version release, including activation parameters for the
segwit softfork, various bugfixes and performance improvements, as well as
updated translations.
Please report bugs using the issue tracker at github:
https://github.com/bitcoin/bitcoin/issues
To receive security and update notifications, please subscribe to:
https://bitcoincore.org/en/list/announcements/join/
Compatibility

Microsoft ended support for Windows XP on April 8th, 2014,
an OS initially released in 2001. This means that not even critical security
updates will be released anymore. Without security updates, using a bitcoin
wallet on a XP machine is irresponsible at least.
In addition to that, with 0.12.x there have been varied reports of Bitcoin Core
randomly crashing on Windows XP. It is not clear
what the source of these crashes is, but it is likely that upstream
libraries such as Qt are no longer being tested on XP.
We do not have time nor resources to provide support for an OS that is
end-of-life. From 0.13.0 on, Windows XP is no longer supported. Users are
suggested to upgrade to a newer version of Windows, or install an alternative OS
that is supported.
No attempt is made to prevent installing or running the software on Windows XP,
you can still do so at your own risk, but do not expect it to work: do not
report issues about Windows XP to the issue tracker.
but severe issues with the libc++ version on 10.7.x keep it from running reliably.
0.13.1 now requires 10.8+, and will communicate that to 10.7 users, rather than crashing unexpectedly.
Notable changes

Segregated witness soft fork
Segregated witness (segwit) is a soft fork that, if activated, will
allow transaction-producing software to separate (segregate) transaction
signatures (witnesses) from the part of the data in a transaction that is
covered by the txid. This provides several immediate benefits:
Activation for the segwit soft fork is being managed using BIP9
versionbits. Segwit's version bit is bit 1, and nodes will begin
tracking which blocks signal support for segwit at the beginning of the
first retarget period after segwit's start date of 15 November 2016. If
95% of blocks within a 2,016-block retarget period (about two weeks)
signal support for segwit, the soft fork will be locked in. After
another 2,016 blocks, segwit will activate.
For more information about segwit, please see...[message truncated here by reddit bot]...
original: https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2016-Octobe013265.html
submitted by dev_list_bot to bitcoin_devlist [link] [comments]

Does Multi-Sig have weaker crypto than a standard transaction ?

Hello,
I am not versed in cryptography at all but from what I understand, storing funds in a multi-signature "wallet" for the long term, seems less safe than storing them in a standard single-address wallet.
Assuming we have built quantum super-computers and we have broken ECDSA aka we can calculate the private key of any given public key.
TL;DR I understand that multi-sig is essentially pay-to-more-than-one-public-key and not pay-to-more-than-one-public-key-hash.
According to a bitcoin magazine article this was a crypto pitfall that was avoided early on.
Have we taken a step back from that direction ?
submitted by starsRunderground to Bitcoin [link] [comments]

Idea for safely implementing "Opt-In Full-RBF": Make it receiver opt-in rather than sender opt-in.

There are currently a lot of arguments against opt-in RBF about how it could become a usability nightmare and can enable double spends against unwitting people. This stems from the fact that it's opt-in by the sender and this requires a certain amount of knowledge by the receiver to avoid being scammed. But what if it was opt-in by the receiver instead? Then the sender has no way of issuing a RBF transaction against someone who is unwilling to accept a RBF transaction.
Currently there is no way to do this. The Bitcoin network is unaware of anything to do with the receiver of a transaction other than the public key hash or script hash. It can however tell the difference between the two types of keys. Standard public key hashes are prefixed with "1" and script hash keys are prefixed with "3". https://en.bitcoin.it/wiki/List_of_address_prefixes
I'm suggesting a hard fork that adds 2 new prefixes to public addresses. The new prefixes could be anything, but for the sake of this example let's say the the new prefixes are "R" and "r". "R" would become the prefix for public key hash addresses that are willing to accept RBF transactions and "r" for opt-in RBF script hash addresses. Now there is no need for transactions to be declared by the sender as RBF. Nodes and miners will simply reject any double spend attempts unless all outputs of the transaction are prefixed with either "R" or "r". The sender could even choose to opt-out of RBF by using a non-RBF prefixed address as one of the change outputs.
This does create an issue where you can spoof the intent of the receiver by changing the prefix on the address, so the function used to calculate the public address would need to be slightly different. The sender can't be allowed to reverse engineer an "R" address from a "1" address. There are two possible solutions here.
Option 1: Make a small change to the public key hashing algorithm. This could be something as simple as performing the RIPEMD-160 hash twice instead of once when creating a RBF address. This method has the benefit of not adding any cryptographic complexity to the system but the cons are that once you spend from an address and reveal the true public key, anyone can generate both public addresses. You only have the security of receiving non-RBF transactions exclusively as long as you don't reuse the address once you spend from it, or if you generate a new address for each incoming transaction. Also, wallet and block explorer software would need to be updated so that the possibility of two different addresses pointing to the same public key won't break it.
Option 2: Use a different ECDSA curve. This is the cleanest option when it comes to usability and writing code, but at the expense of adding more cryptographic complexity to the system. More points of failure to worry about.
Personally I think option 1 might be better. Address reuse is already discouraged and thanks to the popularity of HD wallets, following that rule is not that big a deal.
submitted by testing1567 to btc [link] [comments]

[BIP] OP_CHECKPRIVPUBPAIR | Mats Jerratsch | Nov 27 2015

Mats Jerratsch on Nov 27 2015:
Prior discussion:
http://lists.linuxfoundation.org/pipermail/lightning-dev/2015-Novembe000309.html
Goal:
Greatly improve security for payment networks like the 'Lightning
Network' (LN) [1]
Introduction:
To improve privacy while using a payment network, it is possible to
use onion-routing to make a payment to someone. In this context,
onion-routing means encrypting the data about subsequent hops in a way
that each node only knows where it received a payment from and the
direct next node it should send the payment to. This way we can route
a payment over N nodes, and none of these will know
(1) at which position it is within the route (first, middle, last?)
(2) which node initially issued the payment (payer)
(3) which node consumes the payment (payee).
However, given the way payments in LN work, each payment is uniquely
identifiable by a preimage-hash pair R-H. H is included in the output
script of the commit transaction, such that the payment is enforceable
if you ever get to know the preimage R.
In a payment network each node makes a promise to pay the next node,
if they can produce R. They can pass on the payment, as they know that
they can enforce the payment from a previous node using the same
preimage R. This severely damages privacy, as it lowers the amount of
nodes an attacker has to control to gain information about payer and
payee.
Problem:
The problem was inherited by using RIPEMD-160 for preimage-hash
construction. For any cryptographic hash-function it is fundamentally
unfeasible to correlate preimage and hash in such a way, that
F1(R1) = R2 and
F2(H1) = H2, while
SHA(R1) = H1 and SHA(R2) = H2.
In other words, I cannot give a node H1 and H2 and ask it to receive
my payment using H1, but pass it on using H2, as the node has no way
of verifying it can produce R1 out of the R2 it will receive. If it
cannot produce R1, it is unable to enforce my part of the contract.
Solution:
While above functions are merely impossible to construct for a
cryptographic hash functions, they are trivial when R and H is a EC
private/public key pair. The original sender can make a payment using
H1 and pass on a random number M1, such that the node can calculate a
new public key
H2 = H1 + M1.
When he later receives the private key R2, he can construct
R1 = R2 - M1
to be able to enforce the other payment. M1 can be passed on in the
onion object, such that each node can only see M for that hop.
Furthermore, it is unfeasible to brute-force, given a sufficiently
large number M.
Example:
Given that E wants to receive a payment from A, payable to H. (if A
can produce R, it can be used as a prove he made the payment and E
received it)
A decides to route the payment over the nodes B, C and D. A uses four
numbers M1...M4 to calculate H1...H4. The following payments then take
place
A->B using H4
B->C using H3
C->D using H2
D->E using H1.
When E receives H1, he can use attached M1 to calculate R1 from it.
The chain will resolve itself, and A is able to calculate R using
M1...M4. It also means that all privacy is at the sole discretion of
the sender, and that not even the original pair H is known to any of
the nodes.
To improve privacy, E could also be a rendezvous point chosen by the
real receiver of the payment, similar constructions are similar in
that direction as well.
Caveats:
Currently it is difficult to enforce a payment to a private-public key
pair on the blockchain. While there exists OP_HASH160 OP_EQUAL to
enforce a payment to a hash, the same does not hold true for EC keys.
To make above possible we would therefore need some easy way to force
a private key, given a public key. This could be done by using one of
the unused OP_NOP codes, which will verify
OP_CHECKPRIVPUBPAIR
and fails if these are not correlated or NOP otherwise. Would need
OP_2DROP afterwards. This would allow deployment using a softfork.
As there are requests for all sort of general crypto operations in
script, we can also introduce a new general OP_CRYPTO and prepend one
byte for the operation, so
0x01 OP_CRYPTO = OP_CHECKPRIVPUBPAIR
0x02-0xff OP_CRYPTO = OP_NOP
to allow for extension at some later point.
Alternatives:
In the attached discussion there are some constructions that would
allow breaking the signature scheme, but they are either very large in
script language or expensive to calculate. Given that the blocksize is
a difficult topic already, it would not be beneficial to have a 400B+
for each open payment in case one party breaches the contract. (or
just disappears for a couple of days)
It is also possible to use a NIZKP - more specifically SNARK - to
prove to one node that it is able to recover a preimage R1 = R2 XOR
M1, given only H1, H2 and M1. However, these are expensive to
calculate and experimental in it's current state.
Acknowledgements:
Gregory Maxwell for pointing out addition of M1 for EC points is much
less expensive
Pieter Wuille for helping with general understanding of EC math.
Anthony Towns for bringing up the issue and explaining SNARKs
[1]
http://lightning.network/
original: http://lists.linuxfoundation.org/pipermail/bitcoin-dev/2015-Novembe011827.html
submitted by dev_list_bot to bitcoin_devlist [link] [comments]

Bigeathash:Encrypt and Decrypt hash Blockchain, Hash, propuesta de uso y mineria The Math Behind Bitcoin CoinSummit - YouTube Onecoin Latest News

RIPEMD was used because it produces the shortest hashes whose uniqueness is still sufficiently assured. This allows Bitcoin addresses to be shorter. SHA256 is used as well because Bitcoin's use of a hash of a public key might create unique weaknesses due to unexpected interactions between RIPEMD and ECDSA (the public key signature algorithm). RIPEMD-160. Bitcoin uses SHA-256 and RIPEMD-160 cryptographic hashes. There are many aspects of Bitcoin that use hashes and the vast majority of them use a double SHA-256 encryption. However, in a few situations that require hashes (such as e-mail addresses), a singular SHA-256 is used in combination with a singular RIPEMD-160 hash.. These hashes, when calculated on a GPU, make it feasible to ... RIPEMD-160 19 points 20 points 21 points 1 year ago Be wary, there's an agenda being pushed here. Bcash supporters want nothing more than for Bitcoin to change PoW so that most of the dedicated ASIC's currently used to secure the Bitcoin network are instead pointed to the Bcash chain in order to remain profitable. RIPEMD-160 is an ISO/IEC standard and has been applied to generate the Bitcoin address with SHA-256. Due to the complex dual-stream structure, the first collision attack on reduced RIPEMD-160 presented by Liu, Mendel and Wang at Asiacrypt 2017 only reaches 30 steps, having a time complexity of $$2^{70}$$. This means it is taking the Bitcoin distributed network approximately 2.4x10^31 seconds to completely exhaust the RIPEMD-160 digest space, or about 7.7x10^23 years. So even then, at the amazing brute force pace of 60 million billion hashes per second, it's still unreasonable to find legitimate collisions for a 160-bit digest.

[index] [31766] [17914] [8354] [26324] [16207] [18976] [20853] [29714] [19861] [30953]

Bigeathash:Encrypt and Decrypt hash

Elliptic curves, SHA256, and RIPEMD160, oh my. Dr. Darren Tapp presents the fundamental mathematics needed for Bitcoin to work as intended, prepared so that people of many levels can get something ... Cuando Satoshi Nakamoto publicó su whitepaper de Bitcoin, explicó el porque y como uso de SHA-256 y RIPEMD-160 en Bitcoin. Desde entonces, la tecnología blockchain ha evolucionado mucho, pero ... This completely free online service allows you to encrypt and decrypt hash like md2, md4, md5, sha1, sha224, sha256, sha384, sha512, ripemd128, ripemd160, ripemd256 ... On the use of RIPEMD-160 in creating Bitcoin addresses - Duration: 3:20. Thinklair 57 views. 3:20. Cryptanalytic Attacks (CISSP Free by Skillset.com) - Duration: 5:48. The program does not require an Internet connection, since the generation of bitcoin addresses with private keys occurs, SHA 256, RIPEMD-160 , base58 are already built into the program Category ...

#