Generate free online random Bitcoin addresses +> GeneratePlus
Generate free online random Bitcoin addresses +> GeneratePlus
Bitcoin Generator App - First Free Personal BTC Generator ...
Generate free online random Coin addresses +> GeneratePlus
Proof-of-Stake explained – Bitcoin Plus
The Wonders of Government Backstopped Promissory Notes..
Scientific Gaming Corporation (SGMS) is a very strange company. The operating income is fabulous, but when you factor in the gargantuan yearly interest payments, they consistently end up losing money. Over the 3 fiscal years spanning 2016-2018, they paid $1.86 billion in interest while generating only $788 million in operating income. What's worse is that even though this has been going on for almost two decades now, you can still only count on one hand how many times that they've booked a yearly profit. SGMS is, of course, a big player in gambling industry. For a lender to be profiting to that extent from the gambling industry, while at the same time providing little in terms of real tangible value to the company (all they did was loan the company money), seems almost equivalent to banks laundering 100's of billions for drug kingpins.. Could you imagine a situation where the fed, through its unprecedented entry into the HY corporate bond market, were to backstop SGMS's promissory notes through direct purchases in secondary markets.. Through their previously implemented Primary Dealer Credit Facility (PDCF), the fed has already agreed to swap equities for 3 month term loans. This, of course, would've been completely okay, but let's not forget, on March 17, 2020, the market was in freefall, so there was no way to reasonably price the collateral being exchanged to, as it says specifically in the federal reserve act, protect tax payers from losses. https://preview.redd.it/9iax3y939pu51.jpg?width=1200&format=pjpg&auto=webp&s=4a35289f80764b4905bfbf12bb9577422d366c7a https://preview.redd.it/bys73bc69pu51.jpg?width=1200&format=pjpg&auto=webp&s=d7377e54df5681473bbaed2962919e084b305554 Term Sheet for Primary Dealer Credit Facility (PDCF) "Collateral eligible for pledge under the PDCF includes all collateral eligible for pledge in open market operations (OMO);1 plus investment grade corporate debt securities, international agency securities, commercial paper, municipal securities, mortgage-backed securities, and asset-backed securities;2 ***plus equity securities.**** Foreign currency-denominated securities are not eligible for pledge under the PDCF at this time. " The PDCF functioned as an overnight loan facility for primary dealers (Investment Banks), similar to the way the Federal Reserve's discount window provides a backup source of funding to depository institutions. Considering the reversal starting in .March.23RD, 2020 (while the entire world was shutdown, and during America's worst GDP quarter in its 244 year history), it almost makes you question whether certain insiders knew what was going to happen..If you can simply exchange equities for short term cash, and receive these equities back after up to 90 days, if the stock market breaks momentum records during the lifespan of the exchange, that's a double win. Not only could you have purchased equities at the bottom with your own secret little fed subsidized margin account, but you could also receive the equities that you used to borrow the money to buy the new equities near the bottom back for the cash
Help recovering from old wallet.dat for an old friend.
Hey all, I've been in the Bitcoin space since early 2012. I have a situation that I would love to get some assistance with, I will explain the situation momentarily. Please do not message me and ask me for the wallet.dat file it's not going to happen. TL;DR I have an old wallet.dat file from late 2012 or early 2013 from a coin I sold to a friend. Tried to recover the coins in 2018 and failed, later found out that someone had access to the computer and could have easily stole them. Would the current Bitcoin Core be able to read an old wallet.dat file, and is there any way to easily view the balance of a 2012 wallet.dat file without having to load the entire blockchain? In the early days of Bitcoin as many of you OG's know, the only option to securely store your coins was to use the default Bitcoin wallet in a wallet.dat file. A friend of mine was really wanted to invest in Bitcoin but didn't know how, so I sold one to him because I didn't want him to get screwed. I installed Bitcoin QT on their home laptop, had him write down the password on a piece of paper and had him put a backup of the wallet.dat file onto a USB. Fast forward to when the price went to $20k plus, he calls me up super excited and said he wanted to sell his coin because he could use the money and I encouraged it because from my prior experience I knew the momentum was unsustainable and I had sold a few coins of my own. Anyway, I go over to his house and we huddle around his computer. He tells me that he upgraded the hard drive in his computer and gave me his old one and I went back to my house to get an external hard drive reader. I came back, booted up his old drive and remembered that we would have to let it sync up in order to get the coins out, and on his internet that wasn't going to happen anytime soon. He gave me the hard drive and I went home and left on Bitcoin QT overnight and in the morning I was shocked to see that there were no transactions on the wallet. Quick note, he had the wallet password in a file on his documents titled "Bitcoin Wallet Password.txt". smh. I started to panic, and I realized how bad this looked on me. I called him and told him that there were no coins on there and asked if he had his USB stick and he told me he had lost it years ago. I frantically looked through all of my old wallet files to find any transaction that could link to his address, to show that his coins were still in there. After a while I realized I had sent the coins from the now defunct btc-e.com, and had no way to check up on the coins. I did everything in my ability to try to recover lost data from the hard drive to no avail. I asked him if anyone else has had access to his computer, and then asked him how he replaced his hard drive because I know him well enough to know he wouldn't pull apart a laptop to replace the hard drive. He told me he took it to a shop to have it replaced a few months earlier. I suspect that I'm either trying to view the wallet incorrectly or whoever replaced his hard drive snooped on his hard drive, stole the coins and replaced the wallet.dat file and generated a new one. I have to admit, I was relieved a little bit to have an explanation to coins not being there but I could imagine he thinks I may have had something to do with it. I made a few more attempts over the years whenever I was reminded of the situation to no avail. We kind of fell out after that and haven't spoken in a while. Recently, I saw a post on his Facebook that his wife is pregnant they are having a baby, and that's why I'm here. I would love nothing more than to be able to message him and let him know that I have 11 grand waiting for him, because I'm certain the money would mean the world to him during such a stressful time. Any help or insights would be incredibly helpful and appreciated.
What I currently use for privacy (after almost 2 years of long investing into it)
This is a follow-up on https://old.reddit.com/Bitcoin/comments/hqzp14/technical_the_path_to_taproot_activation/ Taproot! Everybody wants it!! But... you might ask yourself: sure, everybody else wants it, but why would I, sovereign Bitcoin HODLer, want it? Surely I can be better than everybody else because I swapped XXX fiat for Bitcoin unlike all those nocoiners? And it is important for you to know the reasons why you, o sovereign Bitcoiner, would want Taproot activated. After all, your nodes (or the nodes your wallets use, which if you are SPV, you hopefully can pester to your wallet vendoimplementor about) need to be upgraded in order for Taproot activation to actually succeed instead of becoming a hot sticky mess. First, let's consider some principles of Bitcoin.
You the HODLer should be the one who controls where your money goes. Your keys, your coins.
You the HODLer should be able to coordinate and make contracts with other people regarding your funds.
You the HODLer should be able to do the above without anyone watching over your shoulder and judging you.
I'm sure most of us here would agree that the above are very important principles of Bitcoin and that these are principles we would not be willing to remove. If anything, we would want those principles strengthened (especially the last one, financial privacy, which current Bitcoin is only sporadically strong with: you can get privacy, it just requires effort to do so). So, how does Taproot affect those principles?
Taproot and Your /Coins
Most HODLers probably HODL their coins in singlesig addresses. Sadly, switching to Taproot would do very little for you (it gives a mild discount at spend time, at the cost of a mild increase in fee at receive time (paid by whoever sends to you, so if it's a self-send from a P2PKH or bech32 address, you pay for this); mostly a wash). (technical details: a Taproot output is 1 version byte + 32 byte public key, while a P2WPKH (bech32 singlesig) output is 1 version byte + 20 byte public key hash, so the Taproot output spends 12 bytes more; spending from a P2WPKH requires revealing a 32-byte public key later, which is not needed with Taproot, and Taproot signatures are about 9 bytes smaller than P2WPKH signatures, but the 32 bytes plus 9 bytes is divided by 4 because of the witness discount, so it saves about 11 bytes; mostly a wash, it increases blockweight by about 1 virtual byte, 4 weight for each Taproot-output-input, compared to P2WPKH-output-input). However, as your HODLings grow in value, you might start wondering if multisignature k-of-n setups might be better for the security of your savings. And it is in multisignature that Taproot starts to give benefits! Taproot switches to using Schnorr signing scheme. Schnorr makes key aggregation -- constructing a single public key from multiple public keys -- almost as trivial as adding numbers together. "Almost" because it involves some fairly advanced math instead of simple boring number adding, but hey when was the last time you added up your grocery list prices by hand huh? With current P2SH and P2WSH multisignature schemes, if you have a 2-of-3 setup, then to spend, you need to provide two different signatures from two different public keys. With Taproot, you can create, using special moon math, a single public key that represents your 2-of-3 setup. Then you just put two of your devices together, have them communicate to each other (this can be done airgapped, in theory, by sending QR codes: the software to do this is not even being built yet, but that's because Taproot hasn't activated yet!), and they will make a single signature to authorize any spend from your 2-of-3 address. That's 73 witness bytes -- 18.25 virtual bytes -- of signatures you save! And if you decide that your current setup with 1-of-1 P2PKH / P2WPKH addresses is just fine as-is: well, that's the whole point of a softfork: backwards-compatibility; you can receive from Taproot users just fine, and once your wallet is updated for Taproot-sending support, you can send to Taproot users just fine as well! (P2WPKH and P2WSH -- SegWit v0 -- addresses start with bc1q; Taproot -- SegWit v1 --- addresses start with bc1p, in case you wanted to know the difference; in bech32 q is 0, p is 1) Now how about HODLers who keep all, or some, of their coins on custodial services? Well, any custodial service worth its salt would be doing at least 2-of-3, or probably something even bigger, like 11-of-15. So your custodial service, if it switched to using Taproot internally, could save a lot more (imagine an 11-of-15 getting reduced from 11 signatures to just 1!), which --- we can only hope! --- should translate to lower fees and better customer service from your custodial service! So I think we can say, very accurately, that the Bitcoin principle --- that YOU are in control of your money --- can only be helped by Taproot (if you are doing multisignature), and, because P2PKH and P2WPKH remain validly-usable addresses in a Taproot future, will not be harmed by Taproot. Its benefit to this principle might be small (it mostly only benefits multisignature users) but since it has no drawbacks with this (i.e. singlesig users can continue to use P2WPKH and P2PKH still) this is still a nice, tidy win! (even singlesig users get a minor benefit, in that multisig users will now reduce their blockchain space footprint, so that fees can be kept low for everybody; so for example even if you have your single set of private keys engraved on titanium plates sealed in an airtight box stored in a safe buried in a desert protected by angry nomads riding giant sandworms because you're the frickin' Kwisatz Haderach, you still gain some benefit from Taproot) And here's the important part: if P2PKH/P2WPKH is working perfectly fine with you and you decide to never use Taproot yourself, Taproot will not affect you detrimentally. First do no harm!
Taproot and Your Contracts
No one is an island, no one lives alone. Give and you shall receive. You know: by trading with other people, you can gain expertise in some obscure little necessity of the world (and greatly increase your productivity in that little field), and then trade the products of your expertise for necessities other people have created, all of you thereby gaining gains from trade. So, contracts, which are basically enforceable agreements that facilitate trading with people who you do not personally know and therefore might not trust. Let's start with a simple example. You want to buy some gewgaws from somebody. But you don't know them personally. The seller wants the money, you want their gewgaws, but because of the lack of trust (you don't know them!! what if they're scammers??) neither of you can benefit from gains from trade. However, suppose both of you know of some entity that both of you trust. That entity can act as a trusted escrow. The entity provides you security: this enables the trade, allowing both of you to get gains from trade. In Bitcoin-land, this can be implemented as a 2-of-3 multisignature. The three signatories in the multisgnature would be you, the gewgaw seller, and the escrow. You put the payment for the gewgaws into this 2-of-3 multisignature address. Now, suppose it turns out neither of you are scammers (whaaaat!). You receive the gewgaws just fine and you're willing to pay up for them. Then you and the gewgaw seller just sign a transaction --- you and the gewgaw seller are 2, sufficient to trigger the 2-of-3 --- that spends from the 2-of-3 address to a singlesig the gewgaw seller wants (or whatever address the gewgaw seller wants). But suppose some problem arises. The seller gave you gawgews instead of gewgaws. Or you decided to keep the gewgaws but not sign the transaction to release the funds to the seller. In either case, the escrow is notified, and if it can sign with you to refund the funds back to you (if the seller was a scammer) or it can sign with the seller to forward the funds to the seller (if you were a scammer). Taproot helps with this: like mentioned above, it allows multisignature setups to produce only one signature, reducing blockchain space usage, and thus making contracts --- which require multiple people, by definition, you don't make contracts with yourself --- is made cheaper (which we hope enables more of these setups to happen for more gains from trade for everyone, also, moon and lambos). (technology-wise, it's easier to make an n-of-n than a k-of-n, making a k-of-n would require a complex setup involving a long ritual with many communication rounds between the n participants, but an n-of-n can be done trivially with some moon math. You can, however, make what is effectively a 2-of-3 by using a three-branch SCRIPT: either 2-of-2 of you and seller, OR 2-of-2 of you and escrow, OR 2-of-2 of escrow and seller. Fortunately, Taproot adds a facility to embed a SCRIPT inside a public key, so you can have a 2-of-2 Taprooted address (between you and seller) with a SCRIPT branch that can instead be spent with 2-of-2 (you + escrow) OR 2-of-2 (seller + escrow), which implements the three-branched SCRIPT above. If neither of you are scammers (hopefully the common case) then you both sign using your keys and never have to contact the escrow, since you are just using the escrow public key without coordinating with them (because n-of-n is trivial but k-of-n requires setup with communication rounds), so in the "best case" where both of you are honest traders, you also get a privacy boost, in that the escrow never learns you have been trading on gewgaws, I mean ewww, gawgews are much better than gewgaws and therefore I now judge you for being a gewgaw enthusiast, you filthy gewgawer).
Taproot and Your Contracts, Part 2: Cryptographic Boogaloo
Now suppose you want to buy some data instead of things. For example, maybe you have some closed-source software in trial mode installed, and want to pay the developer for the full version. You want to pay for an activation code. This can be done, today, by using an HTLC. The developer tells you the hash of the activation code. You pay to an HTLC, paying out to the developer if it reveals the preimage (the activation code), or refunding the money back to you after a pre-agreed timeout. If the developer claims the funds, it has to reveal the preimage, which is the activation code, and you can now activate your software. If the developer does not claim the funds by the timeout, you get refunded. And you can do that, with HTLCs, today. Of course, HTLCs do have problems:
Privacy. Everyone scraping the Bitcoin blockchain can see any HTLCs, and preimages used to claim them.
This can be mitigated by using offchain techniques so HTLCs are never published onchain in the happy case. Lightning would probably in practice be the easiest way to do this offchain. Of course, there are practical limits to what you can pay on Lightning. If you are buying something expensive, then Lightning might not be practical. For example, the "software" you are activating is really the firmware of a car, and what you are buying is not the software really but the car itself (with the activation of the car firmware being equivalent to getting the car keys).
Even offchain techniques need an onchain escape hatch in case of unresponsiveness! This means that, if something bad happens during payment, the HTLC might end up being published onchain anyway, revealing the fact that some special contract occurred.
And an HTLC that is claimed with a preimage onchain will also publicly reveal the preimage onchain. If that preimage is really the activation key of a software than it can now be pirated. If that preimage is really the activation key for your newly-bought cryptographic car --- well, not your keys, not your car!
Trust requirement. You are trusting the developer that it gives you the hash of an actual valid activation key, without any way to validate that the activation key hidden by the hash is actually valid.
Fortunately, with Schnorr (which is enabled by Taproot), we can now use the Scriptless Script constuction by Andrew Poelstra. This Scriptless Script allows a new construction, the PTLC or Pointlocked Timelocked Contract. Instead of hashes and preimages, just replace "hash" with "point" and "preimage" with "scalar". Or as you might know them: "point" is really "public key" and "scalar" is really a "private key". What a PTLC does is that, given a particular public key, the pointlocked branch can be spent only if the spender reveals the private key of the given public key to you. Another nice thing with PTLCs is that they are deniable. What appears onchain is just a single 2-of-2 signature between you and the developemanufacturer. It's like a magic trick. This signature has no special watermarks, it's a perfectly normal signature (the pledge). However, from this signature, plus some datta given to you by the developemanufacturer (known as the adaptor signature) you can derive the private key of a particular public key you both agree on (the turn). Anyone scraping the blockchain will just see signatures that look just like every other signature, and as long as nobody manages to hack you and get a copy of the adaptor signature or the private key, they cannot get the private key behind the public key (point) that the pointlocked branch needs (the prestige). (Just to be clear, the public key you are getting the private key from, is distinct from the public key that the developemanufacturer will use for its funds. The activation key is different from the developer's onchain Bitcoin key, and it is the activation key whose private key you will be learning, not the developer's/manufacturer's onchain Bitcoin key). So:
Privacy: PTLCs are private even if done onchain. Nobody else can learn what the private key behind the public key is, except you who knows the adaptor signature that when combined with the complete onchain signature lets you know what the private key of the activation key is. Somebody scraping the blockchain will not learn the same information even if all PTLCs are done onchain!
Lightning is still useful for reducing onchain use, and will also get PTLCs soon after Taproot is activated, but even if something bad happens and a PTLC has to go onchain, it doesn't reveal anything!
Trust issues can be proven more easily with a public-private keypair than with a hash-preimage pair.
For example, the developer of the software you are buying could provide a signature signing a message saying "unlock access to the full version for 1 day". You can check if feeding this message and signature to the program will indeed unlock full-version access for 1 day. Then you can check if the signature is valid for the purported pubkey whose private key you will pay for. If so, you can now believe that getting the private key (by paying for it in a PTLC) would let you generate any number of "unlock access to the full version for 1 day" message+signatures, which is equivalent to getting full access to the software indefinitely.
For the car, the manufacturer can show that signing a message "start the engine" and feeding the signature to the car's fimrware will indeed start the engine, and maybe even let you have a small test drive. You can then check if the signature is valid for the purported pubkey whose privkey you will pay for. If so, you can now believe that gaining knowledge of the privkey will let you start the car engine at any time you want.
(pedantry: the signatures need to be unique else they could be replayed, this can be done with a challenge-response sequence for the car, where the car gathers entropy somehow (it's a car, it probably has a bunch of sensors nowadays so it can get entropy for free) and uses the gathered entropy to challenge you to sign a random number and only start if you are able to sign the random number; for the software, it could record previous signatures somewhere in the developer's cloud server and refuse to run if you try to replay a previously-seen signature.)
Taproot lets PTLCs exist onchain because they enable Schnorr, which is a requirement of PTLCs / Scriptless Script. (technology-wise, take note that Scriptless Script works only for the "pointlocked" branch of the contract; you need normal Script, or a pre-signed nLockTimed transaction, for the "timelocked" branch. Since Taproot can embed a script, you can have the Taproot pubkey be a 2-of-2 to implement the Scriptless Script "pointlocked" branch, then have a hidden script that lets you recover the funds with an OP_CHECKLOCKTIMEVERIFY after the timeout if the seller does not claim the funds.)
Now if you were really paying attention, you might have noticed this parenthetical:
(technical details: a Taproot output is 1 version byte + 32 byte public key, while a P2WPKH (bech32 singlesig) output is 1 version byte + 20 byte public key hash...)
So wait, Taproot uses raw 32-byte public keys, and not public key hashes? Isn't that more quantum-vulnerable?? Well, in theory yes. In practice, they probably are not. It's not that hashes can be broken by quantum computes --- they're still not. Instead, you have to look at how you spend from a P2WPKH/P2PKH pay-to-public-key-hash. When you spend from a P2PKH / P2WPKH, you have to reveal the public key. Then Bitcoin hashes it and checks if this matches with the public-key-hash, and only then actually validates the signature for that public key. So an unconfirmed transaction, floating in the mempools of nodes globally, will show, in plain sight for everyone to see, your public key. (public keys should be public, that's why they're called public keys, LOL) And if quantum computers are fast enough to be of concern, then they are probably fast enough that, in the several minutes to several hours from broadcast to confirmation, they have already cracked the public key that is openly broadcast with your transaction. The owner of the quantum computer can now replace your unconfirmed transaction with one that pays the funds to itself. Even if you did not opt-in RBF, miners are still incentivized to support RBF on RBF-disabled transactions. So the extra hash is not as significant a protection against quantum computers as you might think. Instead, the extra hash-and-compare needed is just extra validation effort. Further, if you have ever, in the past, spent from the address, then there exists already a transaction indelibly stored on the blockchain, openly displaying the public key from which quantum computers can derive the private key. So those are still vulnerable to quantum computers. For the most part, the cryptographers behind Taproot (and Bitcoin Core) are of the opinion that quantum computers capable of cracking Bitcoin pubkeys are unlikely to appear within a decade or two.
Current quantum computers can barely crack prime factorization problem for primes of 5 bits.
The 256-bit elliptic curve use by Bitcoin is, by my (possibly wrong) understanding, equivalent to 4096-bit primes, so you can see a pretty big gap between now (5 bit primes) and what is needed (4096 bit primes).
A lot of financial non-Bitcoin systems use the equivalent of 3072-bit primes or less, and are probably easier targets to crack than the equivalent-to-4096-bit-primes Bitcoin.
Quantum computers capable of cracking Bitcoin are still far off.
Pay-to-public-key-hash is not as protective as you might think.
We will probably see banks get cracked before Bitcoin, so the banking system is a useful canary-in-a-coal-mine to see whether we should panic about being quantum vulnerable.
For now, the homomorphic and linear properties of elliptic curve cryptography provide a lot of benefits --- particularly the linearity property is what enables Scriptless Script and simple multisignature (i.e. multisignatures that are just 1 signature onchain). So it might be a good idea to take advantage of them now while we are still fairly safe against quantum computers. It seems likely that quantum-safe signature schemes are nonlinear (thus losing these advantages).
If you are a singlesig HODL-only Bitcoin user, Taproot will not affect you positively or negatively. Importantly: Taproot does no harm!
If you use or intend to use multisig, Taproot will be a positive for you.
If you transact onchain regularly using typical P2PKH/P2WPKH addresses, you get a minor reduction in feerates since multisig users will likely switch to Taproot to get smaller tx sizes, freeing up blockspace for yours.
If you are using multiparticipant setups for special systems of trade, Taproot will be a positive for you.
Remember: Lightning channels are multipartiicpiant setups for special systems of lightning-fast offchain trades!
I Wanna Be The Taprooter!
So, do you want to help activate Taproot? Here's what you, mister sovereign Bitcoin HODLer, can do!
If you have developer experience especially in C, C++, or related languages
Review the Taproot code! There is one pull request in Bitcoin Core, and one in libsecp256k1. I deliberately am not putting links here, to avoid brigades of nontechnical but enthusiastic people leaving pointless reviews, but if you are qualified you know how to find them!
But I am not a cryptographeBitcoin Core contributomathematician/someone as awesome as Pieter Wuille
That's perfectly fine! The cryptographers have been over the code already and agree the math is right and the implementation is right. What is wanted is the dreary dreary dreary software engineering: are the comments comprehensive and understandable? no misspellings in the comments? variable names understandable? reasonable function naming convention? misleading coding style? off-by-one errors in loops? conditions not covered by tests? accidental mixups of variables with the same types? missing frees? read-before-init? better test coverage of suspicious-looking code? missing or mismatching header guards? portability issues? consistent coding style? you know, stuff any coder with a few years of experience in coding anything might be able to catch. With enough eyes all bugs are shallow!
If you are running a mining pool/mining operation/exchange/custodial service/SPV server
Be prepared to upgrade!
One of the typical issues with upgrading software is that subtle incompatibilities with your current custom programs tend to arise, disrupting operations and potentially losing income due to downtime. If so, consider moving to the two-node setup suggested by gmax, which is in the last section of my previous post. With this, you have an up-to-date "public" node and a fixed-version "private" node, with the public node protecting the private node from any invalid chainsplits or invalid transactions. Moving to this setup from a typical one-node setup should be smooth and should not disrupt operations (too much).
If you are running your own fullnode for fun or for your own wallet
Be prepared to upgrade! The more nodes validating the new rules (even if you are a non-mining node!), the safer every softfork will be!
If you are using an SPV wallet or custodial wallet/service (including hardware wallets using the software of the wallet provider)
Contact your wallet provider / SPV server and ask for a statement on whether they support Taproot, and whether they are prepared to upgrade for Taproot! Make it known to them that Taproot is something you want!
But I Hate Taproot!!
Raise your objections to Taproot now, or forever hold your peace! Maybe you can raise them here and some of the devs (probably nullc, he goes everywhere, even in rbtc!) might be able to see your objections! Or if your objections are very technical, head over to the appropriate pull request and object away!
Maybe you simply misunderstand something, and we can clarify it here!
Or maybe you do have a good objection, and we can make Taproot better by finding a solution for it!
The dichotomy is between computationally infeasible vs informationally-theoretic infeasible. Basically:
Something is computationally infeasible if it could in theory be done, but you would not be able to build a practical computer to do it within the age of the universe and using only the power available in just one galaxy or thereabouts.
Something is informationally-theoretic infeasible if even if you had any arbitrarily large amount of time, space, and energy, you cannot do it.
Quantum breaks represent a possible reduction in computational infeasibility of certain things, but not information-theoretic infeasibility. For example, suppose you want to know what 256-bit preimages map to 256-bit hashes. In theory, you just need to build a table with 2256 entries and start from 0x0000000000000000000000000000000000000000000000000000000000000000 and so on. This is computationally infeasible, but not information-theoretic infeasible. However, suppose you want to know what preimages, of any size, map to 256-bit hashes. Since the preimages can be of any size, after finishing with 256-bit preimages, you have to proceed to 257-bit preimages. And so on. And there is no size limit, so you will literally never finish. Even if you lived forever, you would not complete it. This is information-theoretic infeasible.
How does this relate to confidential transactions? Basically, every confidential transaction simply hides the value behind a homomorphic commitment. What is a homomorphic commitment? Okay, let's start with commitments. A commitment is something which lets you hide something, and later reveal what you hid. Until you reveal it, even if somebody has access to the commitment, they cannot reverse it to find out what you hid. This is called the "hiding property" of commitments. However, when you do reveal it (or "open the commitment"), then you cannot replace what you hid with some other thing. This is called the "binding property" of commitments. For example, a hash of a preimage is a commitment. Suppose I want to commit to something. For example, I want to show that I can predict the future using the energy of a spare galaxy I have in my pocket. I can hide that something by hashing a description of the future. Then I can give the hash to you. You still cannot learn the future, because it's just a hash, and you can't reverse the hash ("hiding"). But suppose the future event occurs. I can reveal that I did, in fact, know the future. So I give you the description, and you hash it and compare it to the hash I gave earlier. Because of preimage resistance, I cannot retroactively change what I hid in the hash, so what I gave must have been known to me at the time that I gave you the commitment i..e. hash ("binding").
A homomorphic commitment simply means that if I can do certain operations on preimages of the commitment scheme, there are certain operations on the commitments that would create similar ("homo") changes ("morphic") to the commitments. For example, suppose I have a magical function h() which is a homomorphic commitment scheme. It can hide very large (near 256-bit) numbers. Then if h() is homomorphic, there may be certain operations on numbers behind the h() that have homomorphisms after the h(). For example, I might have an operation <+> that is homomorphic in h() on +, or in other words, if I have two large numbers a and b, then h(a + b) = h(a) <+> h(b). + and <+> are different operations, but they are homomorphic to each other. For example, elliptic curve scalars and points have homomorphic operations. Scalars (private keys) are "just" very large near-256-bit numbers, while points are a scalar times a standard generator point G. Elliptic curve operations exist where there is a <+> between points that is homomorphic on standard + on scalars, and a <*> between a scalar and a point that is homomorphic on standard * multiplication on scalars. For example, suppose I have two large scalars a and b. I can use elliptic curve points as a commitment scheme: I can take a <*> G to generate a point A. It is hiding since nobody can learn what a is unless I reveal it (a and A can be used in standard ECDSA private-public key cryptography, with the scalar a as the private key and the point A as the public key, and the a cannot be derived even if somebody else knows A). Thus, it is hiding. At the same time, for a particular point A and standard generator point G, there is only one possible scalar a which when "multiplied" with G yields A. So scalars and elliptic curve points are a commitment scheme, with both hiding and binding properties. Now, as mentioned there is a <+> operation on points that is homomorphic to the + operation on corresponding scalars. For example, suppose there are two scalars a and b. I can compute (a + b) <*> G to generate a particular point. But even if I don't know scalars a and b, but I do know points A = a <*> G and B = b <*> G, then I can use A <+> B to derive (a + b) <*> G (or equivalently, (a <*> G) <+> (b <*> G) == (a + b) <*> G). This makes points a homomorphic commitment scheme on scalars.
Confidential Transactions: A Sketch
This is useful since we can easily use the near-256-bit scalars in SECP256K1 elliptic curves to easily represent values in a monetary system, and hide those values by using a homomorphic commitment scheme. We can use the hiding property to prevent people from learning the values of the money we are sending and receiving. Now, in a proper cryptocurrency, a normal, non-coinbase transaction does not create or destroy coins: the values of the input coins are equal to the value of the output coins. We can use a homomorphic commitment scheme. Suppose I have a transaction that consumes an input value a and creates two output values b and c. That is, a = b + c, i.e. the sum of all inputs a equals the sum of all outputs b and c. But remember, with a homomorphic commitment scheme like elliptic curve points, there exists a <+> operation on points that is homomorphic to the ordinary school-arithmetic + addition on large numbers. So, confidential transactions can use points a <*> G as input, and points b <*> G and c <*> G as output, and we can easily prove that a <*> G = (b <*> G) <+> (c <*> G) if a = b + c, without revealing a, b, or c to anyone.
Actually, we cannot just use a <*> G as a commitment scheme in practice. Remember, Bitcoin has a cap on the number of satoshis ever to be created, and it's less than 253 satoshis, which is fairly trivial. I can easily compute all values of a <*> G for all values of a from 0 to 253 and know which a <*> G corresponds to which actual amount a. So in confidential transactions, we cannot naively use a <*> G commitments, we need Pedersen commitments. If you know what a "salt" is, then Pedersen commitments are fairly obvious. A "salt" is something you add to e.g. a password so that the hash of the password is much harder to attack. Humans are idiots and when asked to generate passwords, will output a password that takes less than 230 possibilities, which is fairly easy to grind. So what you do is that you "salt" a password by prepending a random string to it. You then hash the random string + password, and store the random string --- the salt --- together with the hash in your database. Then when somebody logs in, you take the password, prepend the salt, hash, and check if the hash matches with the in-database hash, and you let them log in. Now, with a hash, even if somebody copies your password database, the can't get the password. They're hashed. But with a salt, even techniques like rainbow tables make a hacker's life even harder. They can't hash a possible password and check every hash in your db for something that matches. Instead, if they get a possible password, they have to prepend each salt, hash, then compare. That greatly increases the computational needs of a hacker, which is why salts are good. What a Pedersen commitment is, is a point a <*> H, where a is the actual value you commit to, plus <+> another point r <*> G. H here is a second standard generator point, different from G. The r is the salt in the Pedersen commitment. It makes it so that even if you show (a <*> H) <+> (r <*> G) to somebody, they can't grind all possible values of a and try to match it with your point --- they also have to grind r (just as with the password-salt example above). And r is much larger, it can be a true near-256-bit number that is the range of scalars in SECP256K1, whereas a is constrained to "reasonable" numbers of satoshi, which cannot exceed 21 million Bitcoins. Now, in order to validate a transaction with input a and outputs b and c, you only have to prove a = b + c. Suppose we are hiding those amounts using Pedersen commitments. You have an input of amount a, and you know a and r. The blockchain has an amount (a <*> H) <+> (r <*> G). In order to create the two outputs b and c, you just have to create two new r scalars such that r = r + r. This is trivial, you just select a new random r and then compute r = r - r, it's just basic algebra. Then you create a transaction consuming the input (a <*> H) <+> (r <*> G) and outputs (b <*> H) <+> (r <*> G) and (c <*> H) <+> (r <*> G). You know that a = b + c, and r = r + r, while fullnodes around the world, who don't know any of the amounts or scalars involved, can just take the points (a <*> H) <+> (r <*> G) and see if it equals (b <*> H) <+> (r <*> G) <+> (c <*> H) <+> (r <*> G). That is all that fullnodes have to validate, they just need to perform <+> operations on points and comparison on points, and from there they validate transactions, all without knowing the actual values involved.
What does this mean? It's just a measure of how "impossible" binding vs hiding is. Pedersen commitments are computationally binding, meaning that in theory, a user of this commitment with arbitrary time and space and energy can, in theory, replace the amount with something else. However, it is information-theoretic hiding, meaning an attacker with arbitrary time and space and energy cannot figure out exactly what got hidden behind the commitment. But why? Now, we have been using a and a <*> G as private keys and public keys in ECDSA and Schnorr. There is an operation <*> on a scalar and a point that generates another point, but we cannot "revrese" this operation. For example, even if I know A, and know that A = a <*> G, but do not know a, I cannot derive a --- there is no operation between A G that lets me know a. Actually there is: I "just" need to have so much time, space, and energy that I just start counting a from 0 to 2256 and find which a results in A = a <*> G. This is a computational limit: I don't have a spare universe in my back pocket I can use to do all those computations. Now, replace a with h and A with H. Remember that Pedersen commitments use a "second" standard generator point. The generator points G and H are "not really special" --- they are just random points on the curve that we selected and standardized. There is no operation H G such that I can learn h where H = h <*> G, though if I happen to have a spare universe in my back pocket I can "just" brute force it. Suppose I do have a spare universe in my back pocket, and learn h = H G such that H = h <*> G. What can I do in Pedersen commitments? Well, I have an amount a that is committed to by (a <*> H) <+> (r <*> G). But I happen to know h! Suppose I want to double my money a without involving Elon Musk. Then:
(a <*> H) <+> (r <*> G)
== (a <*> (h <*> G)) <+> (r <*> G)
== ((a * h) <*> G) <+> (r <*> G); remember, <*> is also homomorphic on multiplication *.
== ((a * h + a * h - a * h) <*> G) <+> (r <*> G); just add 0.
== ((a * h + a * h) <*> G) <+> ((-a * h) <*> G) <+> (r <*> G)
== ((2 * a * h) <*> G) <+> ((r - a * h) <*> G)
== ((2 * a) <*> (h <*> G)) <+> ((r - a * h) <*> G)
== ((2 * a) <*> H) <+> ((r - a * h) <*> G); TADA!! I doubled my money!
That is what we mean by computationally binding: if I can compute h such that H = h <*> G, then I can find another number which opens the same commitment. And of course I'd make sure that number is much larger than what I originally had in that address! Now, the reason why it is "only" computationally binding is that it is information-theoretically hiding. Suppose somebody knows h, but has no money in the cryptocurrency. All they see are points. They can try to find what the original amounts are, but because any amount can be mapped to "the same" point with knowledge of h (e.g. in the above, a and 2 * a got mapped to the same point by "just" replacing the salt r with r - a * h; this can be done for 3 * a, 4 * a etc.), they cannot learn historical amounts --- the a in historical amounts could be anything. The drawback, though, is that --- as seen above --- arbitrary inflation is now introduced once somebody knows h. They can multiply their money by any arbitrary factor with knowledge of h. It is impossible to have both perfect hiding (i.e. historical amounts remain hidden even after a computational break) and perfect binding (i.e. you can't later open the commitment to a different, much larger, amount). Pedersen commitments just happen to have perfect hiding, but only computationally-infeasible binding. This means they allow hiding historical values, but in case of anything that allows better computational power --- including but not limited to quantum breaks --- they allow arbitrary inflation.
Changing The Tradeoffs with ElGamal Commitments
An ElGamal commitment is just a Pedersen commitment, but with the point r <*> G also stored in a separate section of the transaction. This commits the r, and fixes it to a specific value. This prevents me from opening my (a <*> H) <+> (r <*> G) as ((2 * a) <*> H) <+> ((r - a * h) <*> G), because the (r - a * h) would not match the r <*> G sitting in a separate section of the transaction. This forces me to be bound to that specific value, and no amount of computation power will let me escape --- it is information-theoretically binding i.e. perfectly binding. But that is now computationally hiding. An evil surveillor with arbitrary time and space can focus on the r <*> G sitting in a separate section of the transaction, and grind r from 0 to 2256 to determine what r matches that point. Then from there, they can negate r to get (-r) <*> G and add it to the (a <*> H) <+> (r <*> G) to get a <*> H, and then grind that to determine the value a. With massive increases in computational ability --- including but not limited to quantum breaks --- an evil surveillor can see all the historical amounts of confidential transactions.
This is the source of the tradeoff: either you design confidential transactions so in case of a quantum break, historical transactions continue to hide their amounts, but inflation of the money is now unavoidable, OR you make the money supply sacrosanct, but you potentially sacrifice amount hiding in case of some break, including but not limited to quantum breaks.
I sat thru an hour plus long video expecting to get some new ticker symbols for Paul's secret portfolio. He said in his email that he would provide "an opportunity to get the names for the ticker symbols". I should've read that closer as that means he was not going to provide them without a catch. This is a subscription that Paul charges $5k for. While I am a subscriber to his "Profits Unlimited", and have been satisfied with the results so far, I couldn’t afford the subscription if I wanted to. I took notes on the video and tried to get as much detail as I could (which is tough because he doesn't allow you to rewind or navigate the video in the interface he shows it on). I did research and think I found a couple, but I was hoping you guys confirm and potentially help identify any of these stocks that he personally invests in. I tried to type up what I saw from some of these stocks… Graphene stocks...
Graphene can filter ocean water in a single use, stop rust with graphene infused paint, and can detect cancer in the human body. He mentions gains by G6, Talga Resources, and Tunghsu Optoelectronic (so it can be assumed it's not one of these). Paul predicts Graphene industry to be 13x it's size by 2027. The company he mentions is developing a graphene-based powder that can strengthen any substance. they are a mining company based in Australia. They are also developing a new graphene-powered battery which could charge a phone in 1-2 minutes and electric vehicles in 5. After researching, I believe this is FGPHF. Let me know if you think different.
An offshoot of one of the largest industrial firms in Canada. Canada’s federal government is investing in it. A “tiny” company now that commissioned it’s first large-scale production facility with a production line that is 100% automated. This one I'm not sure of.
Blockchain stock. Soared 26,000% just for "adding blockchain to it’s name” and Paul thinks it will keep growing. I assume he is referring to the bitcoin boom in 2017. Paul states he thinks Bitcoin will hit $1mil in his lifetime. Not much detail here. Quick google search shows: Riot Blockchain, Hive Blockchain, and Long Blockchain Corp. One of these maybe?
This stock is one of the leading crypto miners in the world and the company’s revenues grew 66% last year. Not much info here.
Global energy storage market…
13x growth by 2030. Paul likes an energy storage firm that is developing a new type of battery that can last 20-25 years minimum. Flow battery company with a current value of about $30 million. They’ve done a 180 and are putting everything into a niche corner of the battery market. Completed their first full battery system 2 years ago. Company plans to provide batteries for telecom towers and is expanding into China, New Zealand, and Australia.
Company based out of France. A renewable powerhouse that owns over 100 power plants. Completed 7 renewable power plants last year and have another 10 in the works. Recently bought out another company operating 95 power plants and are expanding into Brazil, Mexico, Egypt, South Africa. Company has goal to increase energy output by 570% by 2023. I'm not sure about either of these companies.
Biotech….Paul extremely bullish stating this could eleminate cancer, diabetes and other diseases in this decade. A French biopharmaceutical company with 8 cancer-killing drugs in its pipeline. Is able to take T-cells (white blood cells) and transform them into cancer killers. In a study, 30 patients with lymphoblastic leukemia were given this treatment. Within weeks, 27 of them were in remission. This company partnered with Pfizer. Worth under $1 billion and generates less than $50 billion in revenue. If one of the eight drugs in it’s pipeline reaches the commercialization phase, it will receive up to $2.8 billion from it’s partners. I believe this is Cellectis (CLLS).
A leader in the use of psychoactive drugs for medical purposes. Wants to design drugs for international use. Recently brought in Canada’s top depression expert as CEO. One of it’s directors is a former law enforcement officer with 35 years experience in drug trafficking. I believe this is Champignon (SHRMF).
SPAC (Special-Purpose Acquisition Company)
Innovation on how companies go public. Monopolizing one of the fastest-growing entertainment markets in the world. Currently holds 60% market share. (Could soar 30k+ percent). Not sure, perhaps PSTH?
Another SPAC. A "pure play on American Infrastructure" with 90% recurring business. Again, not much information so I'm not sure on these ones.
Please let me know if you are able to find anything out and if you have opinions on any of the stocks, feel free to share em! Tldr: I got clues on 10 stocks from an expensive subscription service I can’t afford. Any help identifying the stocks 1-10 above is much appreciated!
Disclaimer: This is my editing, so there could be always some misunderstandings and exaggerations, plus many convos are from 'spec channel', so take it with a grain of salt, pls. + I added some recent convos afterward. -------------------------------------------------- 📷 Luigi Vigneri [IF]어제 오후 8:26 Giving the opportunity to everybody to set up/run nodes is one of IOTA's priority. A minimum amount of resources is obviously required to prevent easy attacks, but we are making sure that being active part of the IOTA network can be possible without crazy investments. we are building our solution in such a way that the protocol is fair and lightweight. 📷 Hans Moog [IF]어제 오후 11:24 IOTA is not "free to use" but it's - fee-less you have tokens? you can send them around for free 📷 Hans Moog [IF]어제 오후 11:25 you have no tokens? you have to pay to use the network 📷 lekanovic어제 오후 11:25 I think it is a smart way to avoid the spamming network problem 📷 Hans Moog [IF]어제 오후 11:26 owning tokens is essentially like owning a share of the actual network and the throughput it can process 📷 Hans Moog [IF]어제 오후 11:26**** if you don't need all of that yourself, you can rent it out to people and earn money 📷 Hans Moog [IF]어제 오후 11:27 mana = tokens * time since you own them simplified 📷 Hans Moog [IF]어제 오후 11:27 the longer you hold your tokens and the more you have, the more mana you have but every now and then you have to move them to "realize" that mana 📷 lekanovic어제 오후 11:28 Is there any other project that is using a Mana solution to the network fee problem ? 📷 Hans Moog [IF]어제 오후 11:28 nah the problem with current protocol is that they are leader based 📷 Hans Moog [IF]어제 오후 11:29 you need absolute consensus on who the current leaders are and what their influence in the network is that's how blockchains works 📷 Hans Moog [IF]어제 오후 11:29 if two block producers produce 2 blocks at the same time, then you have to choose which one wins and where everybody attaches their next block to IOTA works differently and doesn't need to choose a single leader we therefore have a much bigger flexibility of designing our sybil protection mechanisms in a way, mana is also supposed to solve the problem of "rewarding" the infrastructure instead of the validators in blockchain only the miners get all the money running a node and even if it's one that is used by a lot of people will only cost you won't get anything back no fees, nothing the miners get it all 📷 Hans Moog [IF]어제 오후 11:31 in IOTA, the node operators receive the mana which gives them a share of the network throughput 📷 Hans Moog [IF]어제 오후 11:32 because in blockchain you need to decide whose txs become part of the blocks and it's not really based on networking protocols like AIMD 📷 lekanovic어제 오후 11:33 And the more Mana your node have, the more trust your node has and you have more to say in the FPC, is that correct? 📷 Hans Moog [IF]어제 오후 11:33 yeah a node that has processed a lot of txs of its users will have more mana than other nodes and therefore a bigger say in deciding conflicts its a direct measure of "trust" by its users 📷 lekanovic어제 오후 11:34 And choosing committee for dRNG would be done on L1 protocol level? Everything regarding Mana will be L1 level, right? 📷 Hans Moog [IF]어제 오후 11:35 Yeah Mana is layer1, but will also be used as weight in L2 solutions like smart contracts 📷 lekanovic어제 오후 11:35 And you are not dependant on using SC to implement this 📷 Hans Moog [IF]어제 오후 11:35 No, you don't need smart contracts That's all the base layer 📷 Hans Moog [IF]어제 오후 11:37 'Time' actually takes into account things like decay So it doesn't just increase forever It's close to "Demurrage" in monetary theory 📷 lekanovic어제 오후 11:36 For projects to be able to connect to Polkadot or Cosmos, you need to get the state of the ledger. Will it be possible to get the Tangle state? If this would be possible, then I think it would be SUPER good for IOTA 📷 Hans Moog [IF]어제 오후 11:38 Yeah but polkadot is not connecting other dlts Just inhouse stuff 📷 Hyperware어제 오후 11:39 Is there still a cap on mana so that the rich don't get richer? 📷 Hans Moog [IF]어제 오후 11:39 Yes mana is capped 📷 TangleAccountant어제 오후 11:39 u/HansMoog [IF] My first thought is thatthe evolution of this renting system will lead to several big mana renting companies that pool together tons of token holders mana. That way businesses looking to rent mana just need to deal with a reliable mana renting company for years instead of a new individualevery couple of months (because life happens and you don't know if that individual will need to sell their IOTAs due to personal reasons). Any thoughts on this? 📷 Hans Moog [IF]어제 오후 11:41 u/TangleAccountantyes that is likely - but also not a bad thing - token holders will have a place to get their monthly payout and the companies that want to use the tangle without having tokens have a place to pay 📷 TangleAccountant어제 오후 11:42 Oh I completely agree.That's really cool. I'll take a stab at creating one of those companies in the US. 📷 Hans Moog [IF]어제 오후 11:42 And everybody who wants to run a node themselves or has tokens and wants use the tangle for free can do so But "leachers" that would want to use the network for free won't be able to do so I mean ultimately there will always be "fees", as there is no "free lunch". You have a certain amount of resources that a network can process and you have a certain demand. And that will naturally result in fees based on supply / demand what you can do however is to build a system where the actual users of that system that legitimately want to use it can do so for free, just because they already "invest" enough by having tokens or running infrastructure they are already contributing to the well-being of the network through these two aspects alone it would be stupid to ask those guys for additional fees and mana essentially tries to be such a measure of honesty among the users 📷 Hyperware어제 오후 11:47 It's interesting from an investment perspective that having tokens/mana is like owning a portion of the network. 📷 Hans Moog [IF]어제 오후 11:48 Yeah, you are owning a certain % of the throughput and whatever the price will ultimately be to execute on this network - you will earn proportionally but you have to keep in mind that we are trying to build the most efficient DLT that you could possibly ever build 📷 semibaron어제 오후 11:48 The whole mana (tokens) = share of network throuput sounds very much like EOS tbh Just that EOS uses DPoS 📷 Hans Moog [IF]어제 오후 11:50 yeah i mean there is really not too many new things under the sun - you can just tweak a few things here and there, when it comes to distributing resources DPoS is simply not very nice from a centralization aspect 📷 Hans Moog [IF]어제 오후 11:50 at least not the way EOS does it delegating weights is 1 thing but assuming that the weight will always be in a way that 21 "identities" run the whole network is bad in the current world you see a centralization of power but ultimately we want to build a future where the wealth is more evenly distributed and the same goes for voting power 📷 Hans Moog [IF]어제 오후 11:52 blockchain needs leader selection it only works with such a centralizing component IOTA doesn't need that it's delusional to say that IOTA wouldn't have any such centralization but maybe we get better than just a handselected nodes📷 📷 Phantom3D어제 오후 11:52 How would this affect a regular hodler without a node. Should i keep my tokens elsewere to generate mana and put the tokens to use? 📷 Hans Moog [IF]어제 오후 11:53 you can do whatever you want with your mana just make an account at a node you regularly use and use it to build up a reputation with that node to be able to use your funds for free or run a node yourself or rent it out to companies if you just hodl 📷 semibaron어제 오후 11:54 Will there be a build-in function into the node software / wallet to delegate ("sell") my mana? 📷 Hans Moog [IF]어제 오후 11:55 u/semibaronnot from the start - that would happen on a 2nd layer ------------------------------------------------------------------------------------------------------------ 📷 dom어제 오후 9:49
suddenly be incentive to hold iota?
to generate Mana 📷 Hyperware오늘 오전 4:21 The only thing I can really do, is believe that the IF have smart answers and are still building the best solutions they can for the sake of the vision 📷 dom오늘 오전 4:43 100% - which is why we're spending so much effort to communicate it more clearly now we'll do an AMA on this topic very soon 📷 M [s2]오늘 오전 4:54 u/dom please accept my question for the AMA: will IOTA remain a permissionless system and if so, how? 📷 dom오늘 오전 4:57 of course it remains permissionless 📷 dom오늘 오전 5:20 what is permissioned about it? is ETH or Bitcoin permissioned because you have to pay a transaction fee in their native token? 📷 Gerrit오늘 오전 5:24 How did your industry partners think about the mana solution and the fact they need to hold the token to ensure network throughput? 📷 dom오늘 오전 5:26 u/Gerritconsidering how the infrastructure, legal and regulatory frameworks are improving around the adoption and usage of crypto-currencies within large companies, I really think that we are introducing this concept exactly at the right time. It should make enterprise partners comfortable in using the permissionless network without much of a hurdle.They can always launch their own network if they want to ... 📷 Gerrit오늘 오전 5:27 Launching their own network can’t be what you want 📷 dom오늘 오전 5:27 exactly but that is what's happening with Ethereum and all the other networks they don't hold Ether tokens either. 📷 Gerrit오늘 오전 5:32 Will be very exciting to see if ongoing regulation will „allow“ companies to invest and hold the tokens. With upcoming custody solutions that would be a fantastic play. 📷 Hans Moog [IF]오늘 오전 5:34 It's still possible to send transactions even without mana - mana is only used in times of congestion to give the people that have more mana more priority there will still be sharding to keep the network free most of the time 📷 Hans Moog [IF]오늘 오전 5:35 but without a protection mechanism, somebody could just spam a lot of bullshit and you could break the network(수정됨) you need some form of protection from this 📷 M [s2]오늘 오전 5:36 u/HansMoog [IF]so when I have 0 Mana, I can still send transactions? This is actually the point where it got strange... 📷 Hans Moog [IF]오늘 오전 5:37 yes you can unless the network is close to its processing capabilities / being attacked by spammers then the nodes will favor the mana holders 📷 Hans Moog [IF]오늘 오전 5:37 but having mana is not a requirement for many years to come currently even people having fpgas can't spam that many tps and we will also have sharding implemented by then 📷 M [s2]오늘 오전 5:39 Thank youu/HansMoog [IF] ! This is the actually important piece of info! 📷 Basha오늘 오전 5:38 ok, i thought it was communicated that you need at least 1 mana to process a transaction. from the blogpost: "... a node with 0 mana can issue no transactions." maybe they meant during the congestion**, but if that's the case maybe you should add that** 📷 Hans Moog [IF]오늘 오전 5:42 its under the point "Congestion control:" yeah this only applies to spam attacks network not overloaded = no mana needed 📷 Hans Moog [IF]오늘 오전 5:43 if congested => favor txs from people who have the most skin in the game but sharding will try to keep the network non-congested most of the time - but there might be short periods of time where an attacker might bring the network close to its limits and of course its going to take a while to add this, so we need a protection mechanism till sharding is supported(수정됨) 📷 Hans Moog [IF]오늘 오전 6:36 I don't have a particular problem with EOS or their amount of validators - the reason why I think blockchain is inferior has really nothing to do with the way you do sybil protection and with validators I mean "voting nodes" I mean even bitcoin has less mining pools and you could compare mining pools to dpos in some sense where people assign their weight (in that case hashing power) to the corresponding mining pools so EOS is definitely not less decentralized than any other tech but having more identities having weight in the decision process definitely makes it harder to corrupt a reasonable fraction of the system and makes it easier to shard so its desirable to have this property(수정됨) ------------------------------------------------- 📷 Antonio Nardella [IF]오늘 오전 3:36
u/C3PO[92% Cooless]They could also add more git repos instead of the wallet one, and we would probably be #1 there too.. ---------------------------------------------------------------------------------- Disclaimer: I'm sorry, maybe I'm fueling some confusion through posting this mana-thing too soon, but, instead of erasing this posting, I'm adding recent convos. Certain things about mana seem to be not clear, yet. It would be better to wait for some official clarification. But, I hope the community gives its full support to IF, 'cause there could be always some bumps along the untouched, unchartered way. -------------------------------------------------------------------------------------- Recent Addition;
Billy Sanders [IF]오늘 오후 1:36
It's still possible to send transactions even without mana - mana is only used in times of congestion to give the people that have more mana more priority
u/HansMoog [IF] Im sorry Hans, but this is false in the current congestion control algorithm. No mana = no transactions. To be honest, we havent really tried to make it work so that you can sent transactions with no mana during ties with no congestion, but I dont see how you can enable this and still maintain the sybil protection required. u/LuigiVigneri [IF] What do you think?📷
Dave [EF]오늘 오후 2:19
Suggestion: Sidebar, then get back to us with the verdict.(수정됨)📷2📷
dom오늘 오후 2:27
No Mana no tx will definitely not be the case(수정됨)📷5📷7***[오후 2:28]***Billy probably means the previous rate control paper as it was written by Luigi. I'll clarify with them📷
Hans Moog [IF]오늘 오후 2:29
When was this decided u/BillySanders [IF] and by whom? Was this discussed at last resum when I wasnt there? The last info that I had was that the congestion control should only kick in when there is congestion?!?***[오후 2:29]***📷 📷 📷📷
Navin Ramachandran [IF]오늘 오후 2:30
Let's sidebar this discussion and return when we have agreement. Dave has the right idea
All you need to know about Yield Farming - The rocket fuel for Defi
Source It’s effectively July 2017 in the world of decentralized finance (DeFi), and as in the heady days of the initial coin offering (ICO) boom, the numbers are only trending up. According to DeFi Pulse, there is $1.9 billion in crypto assets locked in DeFi right now. According to the CoinDesk ICO Tracker, the ICO market started chugging past $1 billion in July 2017, just a few months before token sales started getting talked about on TV. Debate juxtaposing these numbers if you like, but what no one can question is this: Crypto users are putting more and more value to work in DeFi applications, driven largely by the introduction of a whole new yield-generating pasture, Compound’s COMP governance token. Governance tokens enable users to vote on the future of decentralized protocols, sure, but they also present fresh ways for DeFi founders to entice assets onto their platforms. That said, it’s the crypto liquidity providers who are the stars of the present moment. They even have a meme-worthy name: yield farmers. https://preview.redd.it/lxsvazp1g9l51.png?width=775&format=png&auto=webp&s=a36173ab679c701a5d5e0aac806c00fcc84d78c1
Where it started
Ethereum-based credit market Compound started distributing its governance token, COMP, to the protocol’s users this past June 15. Demand for the token (heightened by the way its automatic distribution was structured) kicked off the present craze and moved Compound into the leading position in DeFi. The hot new term in crypto is “yield farming,” a shorthand for clever strategies where putting crypto temporarily at the disposal of some startup’s application earns its owner more cryptocurrency. Another term floating about is “liquidity mining.” The buzz around these concepts has evolved into a low rumble as more and more people get interested. The casual crypto observer who only pops into the market when activity heats up might be starting to get faint vibes that something is happening right now. Take our word for it: Yield farming is the source of those vibes. But if all these terms (“DeFi,” “liquidity mining,” “yield farming”) are so much Greek to you, fear not. We’re here to catch you up. We’ll get into all of them. We’re going to go from very basic to more advanced, so feel free to skip ahead.
What are tokens?
Most CoinDesk readers probably know this, but just in case: Tokens are like the money video-game players earn while fighting monsters, money they can use to buy gear or weapons in the universe of their favorite game. But with blockchains, tokens aren’t limited to only one massively multiplayer online money game. They can be earned in one and used in lots of others. They usually represent either ownership in something (like a piece of a Uniswap liquidity pool, which we will get into later) or access to some service. For example, in the Brave browser, ads can only be bought using basic attention token (BAT). If tokens are worth money, then you can bank with them or at least do things that look very much like banking. Thus: decentralized finance. Tokens proved to be the big use case for Ethereum, the second-biggest blockchain in the world. The term of art here is “ERC-20 tokens,” which refers to a software standard that allows token creators to write rules for them. Tokens can be used a few ways. Often, they are used as a form of money within a set of applications. So the idea for Kin was to create a token that web users could spend with each other at such tiny amounts that it would almost feel like they weren’t spending anything; that is, money for the internet. Governance tokens are different. They are not like a token at a video-game arcade, as so many tokens were described in the past. They work more like certificates to serve in an ever-changing legislature in that they give holders the right to vote on changes to a protocol. So on the platform that proved DeFi could fly, MakerDAO, holders of its governance token, MKR, vote almost every week on small changes to parameters that govern how much it costs to borrow and how much savers earn, and so on. Read more:Why DeFi’s Billion-Dollar Milestone Matters One thing all crypto tokens have in common, though, is they are tradable and they have a price. So, if tokens are worth money, then you can bank with them or at least do things that look very much like banking. Thus: decentralized finance.
What is DeFi?
Fair question. For folks who tuned out for a bit in 2018, we used to call this “open finance.” That construction seems to have faded, though, and “DeFi” is the new lingo. In case that doesn’t jog your memory, DeFi is all the things that let you play with money, and the only identification you need is a crypto wallet. On the normal web, you can’t buy a blender without giving the site owner enough data to learn your whole life history. In DeFi, you can borrow money without anyone even asking for your name. I can explain this but nothing really brings it home like trying one of these applications. If you have an Ethereum wallet that has even $20 worth of crypto in it, go do something on one of these products. Pop over to Uniswap and buy yourself some FUN (a token for gambling apps) or WBTC (wrapped bitcoin). Go to MakerDAO and create $5 worth of DAI (a stablecoin that tends to be worth $1) out of the digital ether. Go to Compound and borrow $10 in USDC. (Notice the very small amounts I’m suggesting. The old crypto saying “don’t put in more than you can afford to lose” goes double for DeFi. This stuff is uber-complex and a lot can go wrong. These may be “savings” products but they’re not for your retirement savings.) Immature and experimental though it may be, the technology’s implications are staggering. On the normal web, you can’t buy a blender without giving the site owner enough data to learn your whole life history. In DeFi, you can borrow money without anyone even asking for your name. DeFi applications don’t worry about trusting you because they have the collateral you put up to back your debt (on Compound, for instance, a $10 debt will require around $20 in collateral). Read more:There Are More DAI on Compound Now Than There Are DAI in the World If you do take this advice and try something, note that you can swap all these things back as soon as you’ve taken them out. Open the loan and close it 10 minutes later. It’s fine. Fair warning: It might cost you a tiny bit in fees, and the cost of using Ethereum itself right now is much higher than usual, in part due to this fresh new activity. But it’s nothing that should ruin a crypto user. So what’s the point of borrowing for people who already have the money? Most people do it for some kind of trade. The most obvious example, to short a token (the act of profiting if its price falls). It’s also good for someone who wants to hold onto a token but still play the market.
Doesn’t running a bank take a lot of money up front?
It does, and in DeFi that money is largely provided by strangers on the internet. That’s why the startups behind these decentralized banking applications come up with clever ways to attract HODLers with idle assets. Liquidity is the chief concern of all these different products. That is: How much money do they have locked in their smart contracts? “In some types of products, the product experience gets much better if you have liquidity. Instead of borrowing from VCs or debt investors, you borrow from your users,” said Electric Capital managing partner Avichal Garg. Let’s take Uniswap as an example. Uniswap is an “automated market maker,” or AMM (another DeFi term of art). This means Uniswap is a robot on the internet that is always willing to buy and it’s also always willing to sell any cryptocurrency for which it has a market. On Uniswap, there is at least one market pair for almost any token on Ethereum. Behind the scenes, this means Uniswap can make it look like it is making a direct trade for any two tokens, which makes it easy for users, but it’s all built around pools of two tokens. And all these market pairs work better with bigger pools.
Why do I keep hearing about ‘pools’?
To illustrate why more money helps, let’s break down how Uniswap works. Let’s say there was a market for USDC and DAI. These are two tokens (both stablecoins but with different mechanisms for retaining their value) that are meant to be worth $1 each all the time, and that generally tends to be true for both. The price Uniswap shows for each token in any pooled market pair is based on the balance of each in the pool. So, simplifying this a lot for illustration’s sake, if someone were to set up a USDC/DAI pool, they should deposit equal amounts of both. In a pool with only 2 USDC and 2 DAI it would offer a price of 1 USDC for 1 DAI. But then imagine that someone put in 1 DAI and took out 1 USDC. Then the pool would have 1 USDC and 3 DAI. The pool would be very out of whack. A savvy investor could make an easy $0.50 profit by putting in 1 USDC and receiving 1.5 DAI. That’s a 50% arbitrage profit, and that’s the problem with limited liquidity. (Incidentally, this is why Uniswap’s prices tend to be accurate, because traders watch it for small discrepancies from the wider market and trade them away for arbitrage profits very quickly.) Read more:Uniswap V2 Launches With More Token-Swap Pairs, Oracle Service, Flash Loans However, if there were 500,000 USDC and 500,000 DAI in the pool, a trade of 1 DAI for 1 USDC would have a negligible impact on the relative price. That’s why liquidity is helpful. You can stick your assets on Compound and earn a little yield. But that’s not very creative. Users who look for angles to maximize that yield: those are the yield farmers. Similar effects hold across DeFi, so markets want more liquidity. Uniswap solves this by charging a tiny fee on every trade. It does this by shaving off a little bit from each trade and leaving that in the pool (so one DAI would actually trade for 0.997 USDC, after the fee, growing the overall pool by 0.003 USDC). This benefits liquidity providers because when someone puts liquidity in the pool they own a share of the pool. If there has been lots of trading in that pool, it has earned a lot of fees, and the value of each share will grow. And this brings us back to tokens. Liquidity added to Uniswap is represented by a token, not an account. So there’s no ledger saying, “Bob owns 0.000000678% of the DAI/USDC pool.” Bob just has a token in his wallet. And Bob doesn’t have to keep that token. He could sell it. Or use it in another product. We’ll circle back to this, but it helps to explain why people like to talk about DeFi products as “money Legos.”
So how much money do people make by putting money into these products?
It can be a lot more lucrative than putting money in a traditional bank, and that’s before startups started handing out governance tokens. Compound is the current darling of this space, so let’s use it as an illustration. As of this writing, a person can put USDC into Compound and earn 2.72% on it. They can put tether (USDT) into it and earn 2.11%. Most U.S. bank accounts earn less than 0.1% these days, which is close enough to nothing. However, there are some caveats. First, there’s a reason the interest rates are so much juicier: DeFi is a far riskier place to park your money. There’s no Federal Deposit Insurance Corporation (FDIC) protecting these funds. If there were a run on Compound, users could find themselves unable to withdraw their funds when they wanted. Plus, the interest is quite variable. You don’t know what you’ll earn over the course of a year. USDC’s rate is high right now. It was low last week. Usually, it hovers somewhere in the 1% range. Similarly, a user might get tempted by assets with more lucrative yields like USDT, which typically has a much higher interest rate than USDC. (Monday morning, the reverse was true, for unclear reasons; this is crypto, remember.) The trade-off here is USDT’s transparency about the real-world dollars it’s supposed to hold in a real-world bank is not nearly up to par with USDC’s. A difference in interest rates is often the market’s way of telling you the one instrument is viewed as dicier than another. Users making big bets on these products turn to companies Opyn and Nexus Mutual to insure their positions because there’s no government protections in this nascent space – more on the ample risks later on. So users can stick their assets in Compound or Uniswap and earn a little yield. But that’s not very creative. Users who look for angles to maximize that yield: those are the yield farmers.
OK, I already knew all of that. What is yield farming?
Broadly, yield farming is any effort to put crypto assets to work and generate the most returns possible on those assets. At the simplest level, a yield farmer might move assets around within Compound, constantly chasing whichever pool is offering the best APY from week to week. This might mean moving into riskier pools from time to time, but a yield farmer can handle risk. “Farming opens up new price arbs [arbitrage] that can spill over to other protocols whose tokens are in the pool,” said Maya Zehavi, a blockchain consultant. Because these positions are tokenized, though, they can go further. This was a brand-new kind of yield on a deposit. In fact, it was a way to earn a yield on a loan. Who has ever heard of a borrower earning a return on a debt from their lender? In a simple example, a yield farmer might put 100,000 USDT into Compound. They will get a token back for that stake, called cUSDT. Let’s say they get 100,000 cUSDT back (the formula on Compound is crazy so it’s not 1:1 like that but it doesn’t matter for our purposes here). They can then take that cUSDT and put it into a liquidity pool that takes cUSDT on Balancer, an AMM that allows users to set up self-rebalancing crypto index funds. In normal times, this could earn a small amount more in transaction fees. This is the basic idea of yield farming. The user looks for edge cases in the system to eke out as much yield as they can across as many products as it will work on. Right now, however, things are not normal, and they probably won’t be for a while.
Why is yield farming so hot right now?
Because of liquidity mining. Liquidity mining supercharges yield farming. Liquidity mining is when a yield farmer gets a new token as well as the usual return (that’s the “mining” part) in exchange for the farmer’s liquidity. “The idea is that stimulating usage of the platform increases the value of the token, thereby creating a positive usage loop to attract users,” said Richard Ma of smart-contract auditor Quantstamp. The yield farming examples above are only farming yield off the normal operations of different platforms. Supply liquidity to Compound or Uniswap and get a little cut of the business that runs over the protocols – very vanilla. But Compound announced earlier this year it wanted to truly decentralize the product and it wanted to give a good amount of ownership to the people who made it popular by using it. That ownership would take the form of the COMP token. Lest this sound too altruistic, keep in mind that the people who created it (the team and the investors) owned more than half of the equity. By giving away a healthy proportion to users, that was very likely to make it a much more popular place for lending. In turn, that would make everyone’s stake worth much more. So, Compound announced this four-year period where the protocol would give out COMP tokens to users, a fixed amount every day until it was gone. These COMP tokens control the protocol, just as shareholders ultimately control publicly traded companies. Every day, the Compound protocol looks at everyone who had lent money to the application and who had borrowed from it and gives them COMP proportional to their share of the day’s total business. The results were very surprising, even to Compound’s biggest promoters. COMP’s value will likely go down, and that’s why some investors are rushing to earn as much of it as they can right now. This was a brand-new kind of yield on a deposit into Compound. In fact, it was a way to earn a yield on a loan, as well, which is very weird: Who has ever heard of a borrower earning a return on a debt from their lender? COMP’s value has consistently been well over $200 since it started distributing on June 15. We did the math elsewhere but long story short: investors with fairly deep pockets can make a strong gain maximizing their daily returns in COMP. It is, in a way, free money. It’s possible to lend to Compound, borrow from it, deposit what you borrowed and so on. This can be done multiple times and DeFi startup Instadapp even built a tool to make it as capital-efficient as possible. “Yield farmers are extremely creative. They find ways to ‘stack’ yields and even earn multiple governance tokens at once,” said Spencer Noon of DTC Capital. COMP’s value spike is a temporary situation. The COMP distribution will only last four years and then there won’t be any more. Further, most people agree that the high price now is driven by the low float (that is, how much COMP is actually free to trade on the market – it will never be this low again). So the value will probably gradually go down, and that’s why savvy investors are trying to earn as much as they can now. Appealing to the speculative instincts of diehard crypto traders has proven to be a great way to increase liquidity on Compound. This fattens some pockets but also improves the user experience for all kinds of Compound users, including those who would use it whether they were going to earn COMP or not. As usual in crypto, when entrepreneurs see something successful, they imitate it. Balancer was the next protocol to start distributing a governance token, BAL, to liquidity providers. Flash loan provider bZx has announced a plan. Ren, Curve and Synthetixalso teamed up to promote a liquidity pool on Curve. It is a fair bet many of the more well-known DeFi projects will announce some kind of coin that can be mined by providing liquidity. The case to watch here is Uniswap versus Balancer. Balancer can do the same thing Uniswap does, but most users who want to do a quick token trade through their wallet use Uniswap. It will be interesting to see if Balancer’s BAL token convinces Uniswap’s liquidity providers to defect. So far, though, more liquidity has gone into Uniswap since the BAL announcement, according to its data site. That said, even more has gone into Balancer.
Did liquidity mining start with COMP?
No, but it was the most-used protocol with the most carefully designed liquidity mining scheme. This point is debated but the origins of liquidity mining probably date back to Fcoin, a Chinese exchange that created a token in 2018 that rewarded people for making trades. You won’t believe what happened next! Just kidding, you will: People just started running bots to do pointless trades with themselves to earn the token. Similarly, EOS is a blockchain where transactions are basically free, but since nothing is really free the absence of friction was an invitation for spam. Some malicious hacker who didn’t like EOS created a token called EIDOS on the network in late 2019. It rewarded people for tons of pointless transactions and somehow got an exchange listing. These initiatives illustrated how quickly crypto users respond to incentives. Read more:Compound Changes COMP Distribution Rules Following ‘Yield Farming’ Frenzy Fcoin aside, liquidity mining as we now know it first showed up on Ethereum when the marketplace for synthetic tokens, Synthetix, announced in July 2019 an award in its SNX token for users who helped add liquidity to the sETH/ETH pool on Uniswap. By October, that was one of Uniswap’s biggest pools. When Compound Labs, the company that launched the Compound protocol, decided to create COMP, the governance token, the firm took months designing just what kind of behavior it wanted and how to incentivize it. Even still, Compound Labs was surprised by the response. It led to unintended consequences such as crowding into a previously unpopular market (lending and borrowing BAT) in order to mine as much COMP as possible. Just last week, 115 different COMP wallet addresses – senators in Compound’s ever-changing legislature – voted to change the distribution mechanism in hopes of spreading liquidity out across the markets again.
Is there DeFi for bitcoin?
Yes, on Ethereum. Nothing has beaten bitcoin over time for returns, but there’s one thing bitcoin can’t do on its own: create more bitcoin. A smart trader can get in and out of bitcoin and dollars in a way that will earn them more bitcoin, but this is tedious and risky. It takes a certain kind of person. DeFi, however, offers ways to grow one’s bitcoin holdings – though somewhat indirectly. A long HODLer is happy to gain fresh BTC off their counterparty’s short-term win. That’s the game. For example, a user can create a simulated bitcoin on Ethereum using BitGo’s WBTC system. They put BTC in and get the same amount back out in freshly minted WBTC. WBTC can be traded back for BTC at any time, so it tends to be worth the same as BTC. Then the user can take that WBTC, stake it on Compound and earn a few percent each year in yield on their BTC. Odds are, the people who borrow that WBTC are probably doing it to short BTC (that is, they will sell it immediately, buy it back when the price goes down, close the loan and keep the difference). A long HODLer is happy to gain fresh BTC off their counterparty’s short-term win. That’s the game.
How risky is it?
Enough. “DeFi, with the combination of an assortment of digital funds, automation of key processes, and more complex incentive structures that work across protocols – each with their own rapidly changing tech and governance practices – make for new types of security risks,” said Liz Steininger of Least Authority, a crypto security auditor. “Yet, despite these risks, the high yields are undeniably attractive to draw more users.” We’ve seen big failures in DeFi products. MakerDAO had one so bad this year it’s called “Black Thursday.” There was also the exploit against flash loan provider bZx. These things do break and when they do money gets taken. As this sector gets more robust, we could see token holders greenlighting more ways for investors to profit from DeFi niches. Right now, the deal is too good for certain funds to resist, so they are moving a lot of money into these protocols to liquidity mine all the new governance tokens they can. But the funds – entities that pool the resources of typically well-to-do crypto investors – are also hedging. Nexus Mutual, a DeFi insurance provider of sorts, told CoinDesk it has maxed out its available coverage on these liquidity applications. Opyn, the trustless derivatives maker, created a way to short COMP, just in case this game comes to naught. And weird things have arisen. For example, there’s currently more DAI on Compound than have been minted in the world. This makes sense once unpacked but it still feels dicey to everyone. That said, distributing governance tokens might make things a lot less risky for startups, at least with regard to the money cops. “Protocols distributing their tokens to the public, meaning that there’s a new secondary listing for SAFT tokens, [gives] plausible deniability from any security accusation,” Zehavi wrote. (The Simple Agreement for Future Tokens was a legal structure favored by many token issuers during the ICO craze.) Whether a cryptocurrency is adequately decentralized has been a key feature of ICO settlements with the U.S. Securities and Exchange Commission (SEC).
What’s next for yield farming? (A prediction)
COMP turned out to be a bit of a surprise to the DeFi world, in technical ways and others. It has inspired a wave of new thinking. “Other projects are working on similar things,” said Nexus Mutual founder Hugh Karp. In fact, informed sources tell CoinDesk brand-new projects will launch with these models. We might soon see more prosaic yield farming applications. For example, forms of profit-sharing that reward certain kinds of behavior. Imagine if COMP holders decided, for example, that the protocol needed more people to put money in and leave it there longer. The community could create a proposal that shaved off a little of each token’s yield and paid that portion out only to the tokens that were older than six months. It probably wouldn’t be much, but an investor with the right time horizon and risk profile might take it into consideration before making a withdrawal. (There are precedents for this in traditional finance: A 10-year Treasury bond normally yields more than a one-month T-bill even though they’re both backed by the full faith and credit of Uncle Sam, a 12-month certificate of deposit pays higher interest than a checking account at the same bank, and so on.) As this sector gets more robust, its architects will come up with ever more robust ways to optimize liquidity incentives in increasingly refined ways. We could see token holders greenlighting more ways for investors to profit from DeFi niches. Questions abound for this nascent industry: What will MakerDAO do to restore its spot as the king of DeFi? Will Uniswap join the liquidity mining trend? Will anyone stick all these governance tokens into a decentralized autonomous organization (DAO)? Or would that be a yield farmers co-op? Whatever happens, crypto’s yield farmers will keep moving fast. Some fresh fields may open and some may soon bear much less luscious fruit. But that’s the nice thing about farming in DeFi: It is very easy to switch fields.
Summary: Everyone knows that when you give your assets to someone else, they always keep them safe. If this is true for individuals, it is certainly true for businesses. Custodians always tell the truth and manage funds properly. They won't have any interest in taking the assets as an exchange operator would. Auditors tell the truth and can't be misled. That's because organizations that are regulated are incapable of lying and don't make mistakes. First, some background. Here is a summary of how custodians make us more secure: Previously, we might give Alice our crypto assets to hold. There were risks:
Alice might take the assets and disappear.
Alice might spend the assets and pretend that she still has them (fractional model).
Alice might store the assets insecurely and they'll get stolen.
Alice might give the assets to someone else by mistake or by force.
Alice might lose access to the assets.
But "no worries", Alice has a custodian named Bob. Bob is dressed in a nice suit. He knows some politicians. And he drives a Porsche. "So you have nothing to worry about!". And look at all the benefits we get:
Alice can't take the assets and disappear (unless she asks Bob or never gives them to Bob).
Alice can't spend the assets and pretend that she still has them. (Unless she didn't give them to Bob or asks him for them.)
Alice can't store the assets insecurely so they get stolen. (After all - she doesn't have any control over the withdrawal process from any of Bob's systems, right?)
Alice can't give the assets to someone else by mistake or by force. (Bob will stop her, right Bob?)
Alice can't lose access to the funds. (She'll always be present, sane, and remember all secrets, right?)
See - all problems are solved! All we have to worry about now is:
Bob might take the assets and disappear.
Bob might spend the assets and pretend that he still has them (fractional model).
Bob might store the assets insecurely and they'll get stolen.
Bob might give the assets to someone else by mistake or by force.
Bob might lose access to the assets.
It's pretty simple. Before we had to trust Alice. Now we only have to trust Alice, Bob, and all the ways in which they communicate. Just think of how much more secure we are! "On top of that", Bob assures us, "we're using a special wallet structure". Bob shows Alice a diagram. "We've broken the balance up and store it in lots of smaller wallets. That way", he assures her, "a thief can't take it all at once". And he points to a historic case where a large sum was taken "because it was stored in a single wallet... how stupid". "Very early on, we used to have all the crypto in one wallet", he said, "and then one Christmas a hacker came and took it all. We call him the Grinch. Now we individually wrap each crypto and stick it under a binary search tree. The Grinch has never been back since." "As well", Bob continues, "even if someone were to get in, we've got insurance. It covers all thefts and even coercion, collusion, and misplaced keys - only subject to the policy terms and conditions." And with that, he pulls out a phone-book sized contract and slams it on the desk with a thud. "Yep", he continues, "we're paying top dollar for one of the best policies in the country!" "Can I read it?' Alice asks. "Sure," Bob says, "just as soon as our legal team is done with it. They're almost through the first chapter." He pauses, then continues. "And can you believe that sales guy Mike? He has the same year Porsche as me. I mean, what are the odds?" "Do you use multi-sig?", Alice asks. "Absolutely!" Bob replies. "All our engineers are fully trained in multi-sig. Whenever we want to set up a new wallet, we generate 2 separate keys in an air-gapped process and store them in this proprietary system here. Look, it even requires the biometric signature from one of our team members to initiate any withdrawal." He demonstrates by pressing his thumb into the display. "We use a third-party cloud validation API to match the thumbprint and authorize each withdrawal. The keys are also backed up daily to an off-site third-party." "Wow that's really impressive," Alice says, "but what if we need access for a withdrawal outside of office hours?" "Well that's no issue", Bob says, "just send us an email, call, or text message and we always have someone on staff to help out. Just another part of our strong commitment to all our customers!" "What about Proof of Reserve?", Alice asks. "Of course", Bob replies, "though rather than publish any blockchain addresses or signed transaction, for privacy we just do a SHA256 refactoring of the inverse hash modulus for each UTXO nonce and combine the smart contract coefficient consensus in our hyperledger lightning node. But it's really simple to use." He pushes a button and a large green checkmark appears on a screen. "See - the algorithm ran through and reserves are proven." "Wow", Alice says, "you really know your stuff! And that is easy to use! What about fiat balances?" "Yeah, we have an auditor too", Bob replies, "Been using him for a long time so we have quite a strong relationship going! We have special books we give him every year and he's very efficient! Checks the fiat, crypto, and everything all at once!" "We used to have a nice offline multi-sig setup we've been using without issue for the past 5 years, but I think we'll move all our funds over to your facility," Alice says. "Awesome", Bob replies, "Thanks so much! This is perfect timing too - my Porsche got a dent on it this morning. We have the paperwork right over here." "Great!", Alice replies. And with that, Alice gets out her pen and Bob gets the contract. "Don't worry", he says, "you can take your crypto-assets back anytime you like - just subject to our cancellation policy. Our annual management fees are also super low and we don't adjust them often". How many holes have to exist for your funds to get stolen? Just one. Why are we taking a powerful offline multi-sig setup, widely used globally in hundreds of different/lacking regulatory environments with 0 breaches to date, and circumventing it by a demonstrably weak third party layer? And paying a great expense to do so? If you go through the list of breaches in the past 2 years to highly credible organizations, you go through the list of major corporate frauds (only the ones we know about), you go through the list of all the times platforms have lost funds, you go through the list of times and ways that people have lost their crypto from identity theft, hot wallet exploits, extortion, etc... and then you go through this custodian with a fine-tooth comb and truly believe they have value to add far beyond what you could, sticking your funds in a wallet (or set of wallets) they control exclusively is the absolute worst possible way to take advantage of that security. The best way to add security for crypto-assets is to make a stronger multi-sig. With one custodian, what you are doing is giving them your cryptocurrency and hoping they're honest, competent, and flawlessly secure. It's no different than storing it on a really secure exchange. Maybe the insurance will cover you. Didn't work for Bitpay in 2015. Didn't work for Yapizon in 2017. Insurance has never paid a claim in the entire history of cryptocurrency. But maybe you'll get lucky. Maybe your exact scenario will buck the trend and be what they're willing to cover. After the large deductible and hopefully without a long and expensive court battle. And you want to advertise this increase in risk, the lapse of judgement, an accident waiting to happen, as though it's some kind of benefit to customers ("Free institutional-grade storage for your digital assets.")? And then some people are writing to the OSC that custodians should be mandatory for all funds on every exchange platform? That this somehow will make Canadians as a whole more secure or better protected compared with standard air-gapped multi-sig? On what planet? Most of the problems in Canada stemmed from one thing - a lack of transparency. If Canadians had known what a joke Quadriga was - it wouldn't have grown to lose $400m from hard-working Canadians from coast to coast to coast. And Gerald Cotten would be in jail, not wherever he is now (at best, rotting peacefully). EZ-BTC and mister Dave Smilie would have been a tiny little scam to his friends, not a multi-million dollar fraud. Einstein would have got their act together or been shut down BEFORE losing millions and millions more in people's funds generously donated to criminals. MapleChange wouldn't have even been a thing. And maybe we'd know a little more about CoinTradeNewNote - like how much was lost in there. Almost all of the major losses with cryptocurrency exchanges involve deception with unbacked funds. So it's great to see transparency reports from BitBuy and ShakePay where someone independently verified the backing. The only thing we don't have is:
ANY CERTAINTY BALANCES WEREN'T EXCLUDED. Quadriga's largest account was $70m. 80% of funds are in 20% of accounts (Pareto principle). All it takes is excluding a few really large accounts - and nobody's the wiser. A fractional platform can easily pass any audit this way.
ANY VISIBILITY WHATSOEVER INTO THE CUSTODIANS. BitBuy put out their report before moving all the funds to their custodian and ShakePay apparently can't even tell us who the custodian is. That's pretty important considering that basically all of the funds are now stored there.
ANY IDEA ABOUT THE OTHER EXCHANGES. In order for this to be effective, it has to be the norm. It needs to be "unusual" not to know. If obscurity is the norm, then it's super easy for people like Gerald Cotten and Dave Smilie to blend right in.
It's not complicated to validate cryptocurrency assets. They need to exist, they need to be spendable, and they need to cover the total balances. There are plenty of credible people and firms across the country that have the capacity to reasonably perform this validation. Having more frequent checks by different, independent, parties who publish transparent reports is far more valuable than an annual check by a single "more credible/official" party who does the exact same basic checks and may or may not publish anything. Here's an example set of requirements that could be mandated:
First report within 1 month of launching, another within 3 months, and further reports at minimum every 6 months thereafter.
No auditor can be repeated within a 12 month period.
All reports must be public, identifying the auditor and the full methodology used.
All auditors must be independent of the firm being audited with no conflict of interest.
Reports must include the percentage of each asset backed, and how it's backed.
The auditor publishes a hash list, which lists a hash of each customer's information and balances that were included. Hash is one-way encryption so privacy is fully preserved. Every customer can use this to have 100% confidence they were included.
If we want more extensive requirements on audits, these should scale upward based on the total assets at risk on the platform, and whether the platform has loaned their assets out.
There are ways to structure audits such that neither crypto assets nor customer information are ever put at risk, and both can still be properly validated and publicly verifiable. There are also ways to structure audits such that they are completely reasonable for small platforms and don't inhibit innovation in any way. By making the process as reasonable as possible, we can completely eliminate any reason/excuse that an honest platform would have for not being audited. That is arguable far more important than any incremental improvement we might get from mandating "the best of the best" accountants. Right now we have nothing mandated and tons of Canadians using offshore exchanges with no oversight whatsoever. Transparency does not prove crypto assets are safe. CoinTradeNewNote, Flexcoin ($600k), and Canadian Bitcoins ($100k) are examples where crypto-assets were breached from platforms in Canada. All of them were online wallets and used no multi-sig as far as any records show. This is consistent with what we see globally - air-gapped multi-sig wallets have an impeccable record, while other schemes tend to suffer breach after breach. We don't actually know how much CoinTrader lost because there was no visibility. Rather than publishing details of what happened, the co-founder of CoinTrader silently moved on to found another platform - the "most trusted way to buy and sell crypto" - a site that has no information whatsoever (that I could find) on the storage practices and a FAQ advising that “[t]rading cryptocurrency is completely safe” and that having your own wallet is “entirely up to you! You can certainly keep cryptocurrency, or fiat, or both, on the app.” Doesn't sound like much was learned here, which is really sad to see. It's not that complicated or unreasonable to set up a proper hardware wallet. Multi-sig can be learned in a single course. Something the equivalent complexity of a driver's license test could prevent all the cold storage exploits we've seen to date - even globally. Platform operators have a key advantage in detecting and preventing fraud - they know their customers far better than any custodian ever would. The best job that custodians can do is to find high integrity individuals and train them to form even better wallet signatories. Rather than mandating that all platforms expose themselves to arbitrary third party risks, regulations should center around ensuring that all signatories are background-checked, properly trained, and using proper procedures. We also need to make sure that signatories are empowered with rights and responsibilities to reject and report fraud. They need to know that they can safely challenge and delay a transaction - even if it turns out they made a mistake. We need to have an environment where mistakes are brought to the surface and dealt with. Not one where firms and people feel the need to hide what happened. In addition to a knowledge-based test, an auditor can privately interview each signatory to make sure they're not in coercive situations, and we should make sure they can freely and anonymously report any issues without threat of retaliation. A proper multi-sig has each signature held by a separate person and is governed by policies and mutual decisions instead of a hierarchy. It includes at least one redundant signature. For best results, 3of4, 3of5, 3of6, 4of5, 4of6, 4of7, 5of6, or 5of7. History has demonstrated over and over again the risk of hot wallets even to highly credible organizations. Nonetheless, many platforms have hot wallets for convenience. While such losses are generally compensated by platforms without issue (for example Poloniex, Bitstamp, Bitfinex, Gatecoin, Coincheck, Bithumb, Zaif, CoinBene, Binance, Bitrue, Bitpoint, Upbit, VinDAX, and now KuCoin), the public tends to focus more on cases that didn't end well. Regardless of what systems are employed, there is always some level of risk. For that reason, most members of the public would prefer to see third party insurance. Rather than trying to convince third party profit-seekers to provide comprehensive insurance and then relying on an expensive and slow legal system to enforce against whatever legal loopholes they manage to find each and every time something goes wrong, insurance could be run through multiple exchange operators and regulators, with the shared interest of having a reputable industry, keeping costs down, and taking care of Canadians. For example, a 4 of 7 multi-sig insurance fund held between 5 independent exchange operators and 2 regulatory bodies. All Canadian exchanges could pay premiums at a set rate based on their needed coverage, with a higher price paid for hot wallet coverage (anything not an air-gapped multi-sig cold wallet). Such a model would be much cheaper to manage, offer better coverage, and be much more reliable to payout when needed. The kind of coverage you could have under this model is unheard of. You could even create something like the CDIC to protect Canadians who get their trading accounts hacked if they can sufficiently prove the loss is legitimate. In cases of fraud, gross negligence, or insolvency, the fund can be used to pay affected users directly (utilizing the last transparent balance report in the worst case), something which private insurance would never touch. While it's recommended to have official policies for coverage, a model where members vote would fully cover edge cases. (Could be similar to the Supreme Court where justices vote based on case law.) Such a model could fully protect all Canadians across all platforms. You can have a fiat coverage governed by legal agreements, and crypto-asset coverage governed by both multi-sig and legal agreements. It could be practical, affordable, and inclusive. Now, we are at a crossroads. We can happily give up our freedom, our innovation, and our money. We can pay hefty expenses to auditors, lawyers, and regulators year after year (and make no mistake - this cost will grow to many millions or even billions as the industry grows - and it will be borne by all Canadians on every platform because platforms are not going to eat up these costs at a loss). We can make it nearly impossible for any new platform to enter the marketplace, forcing Canadians to use the same stagnant platforms year after year. We can centralize and consolidate the entire industry into 2 or 3 big players and have everyone else fail (possibly to heavy losses of users of those platforms). And when a flawed security model doesn't work and gets breached, we can make it even more complicated with even more people in suits making big money doing the job that blockchain was supposed to do in the first place. We can build a system which is so intertwined and dependent on big government, traditional finance, and central bankers that it's future depends entirely on that of the fiat system, of fractional banking, and of government bail-outs. If we choose this path, as history has shown us over and over again, we can not go back, save for revolution. Our children and grandchildren will still be paying the consequences of what we decided today. Or, we can find solutions that work. We can maintain an open and innovative environment while making the adjustments we need to make to fully protect Canadian investors and cryptocurrency users, giving easy and affordable access to cryptocurrency for all Canadians on the platform of their choice, and creating an environment in which entrepreneurs and problem solvers can bring those solutions forward easily. None of the above precludes innovation in any way, or adds any unreasonable cost - and these three policies would demonstrably eliminate or resolve all 109 historic cases as studied here - that's every single case researched so far going back to 2011. It includes every loss that was studied so far not just in Canada but globally as well. Unfortunately, finding answers is the least challenging part. Far more challenging is to get platform operators and regulators to agree on anything. My last post got no response whatsoever, and while the OSC has told me they're happy for industry feedback, I believe my opinion alone is fairly meaningless. This takes the whole community working together to solve. So please let me know your thoughts. Please take the time to upvote and share this with people. Please - let's get this solved and not leave it up to other people to do. Facts/background/sources (skip if you like):
The inspiration for the paragraph about splitting wallets was an actual quote from a Canadian company providing custodial services in response to the OSC consultation paper: "We believe that it will be in the in best interests of investors to prohibit pooled crypto assets or ‘floats’. Most Platforms pool assets, citing reasons of practicality and expense. The recent hack of the world’s largest Platform – Binance – demonstrates the vulnerability of participants’ assets when such concessions are made. In this instance, the Platform’s entire hot wallet of Bitcoins, worth over $40 million, was stolen, facilitated in part by the pooling of client crypto assets." "the maintenance of participants (and Platform) crypto assets across multiple wallets distributes the related risk and responsibility of security - reducing the amount of insurance coverage required and making insurance coverage more readily obtainable". For the record, their reply also said nothing whatsoever about multi-sig or offline storage.
In addition to the fact that the $40m hack represented only one "hot wallet" of Binance, and they actually had the vast majority of assets in other wallets (including mostly cold wallets), multiple real cases have clearly demonstrated that risk is still present with multiple wallets. Bitfinex, VinDAX, Bithumb, Altsbit, BitPoint, Cryptopia, and just recently KuCoin all had multiple wallets breached all at the same time, and may represent a significantly larger impact on customers than the Binance breach which was fully covered by Binance. To represent that simply having multiple separate wallets under the same security scheme is a comprehensive way to reduce risk is just not true.
Private insurance has historically never covered a single loss in the cryptocurrency space (at least, not one that I was able to find), and there are notable cases where massive losses were not covered by insurance. Bitpay in 2015 and Yapizon in 2017 both had insurance policies that didn't pay out during the breach, even after a lengthly court process. The same insurance that ShakePay is presently using (and announced to much fanfare) was describe by their CEO himself as covering “physical theft of the media where the private keys are held,” which is something that has never historically happened. As was said with regard to the same policy in 2018 - “I don’t find it surprising that Lloyd’s is in this space,” said Johnson, adding that to his mind the challenge for everybody is figuring out how to structure these policies so that they are actually protective. “You can create an insurance policy that protects no one – you know there are so many caveats to the policy that it’s not super protective.”
The most profitable policy for a private insurance company is one with the most expensive premiums that they never have to pay a claim on. They have no inherent incentive to take care of people who lost funds. It's "cheaper" to take the reputational hit and fight the claim in court. The more money at stake, the more the insurance provider is incentivized to avoid payout. They're not going to insure the assets unless they have reasonable certainty to make a profit by doing so, and they're not going to pay out a massive sum unless it's legally forced. Private insurance is always structured to be maximally profitable to the insurance provider.
The circumvention of multi-sig was a key factor in the massive Bitfinex hack of over $60m of bitcoin, which today still sits being slowly used and is worth over $3b. While Bitfinex used a qualified custodian Bitgo, which was and still is active and one of the industry leaders of custodians, and they set up 2 of 3 multi-sig wallets, the entire system was routed through Bitfinex, such that Bitfinex customers could initiate the withdrawals in a "hot" fashion. This feature was also a hit with the hacker. The multi-sig was fully circumvented.
Bitpay in 2015 was another example of a breach that stole 5,000 bitcoins. This happened not through the exploit of any system in Bitpay, but because the CEO of a company they worked with got their computer hacked and the hackers were able to request multiple bitcoin purchases, which Bitpay honoured because they came from the customer's computer legitimately. Impersonation is a very common tactic used by fraudsters, and methods get more extreme all the time.
A notable case in Canada was the Canadian Bitcoins exploit. Funds were stored on a server in a Rogers Data Center, and the attendee was successfully convinced to reboot the server "in safe mode" with a simple phone call, thus bypassing the extensive security and enabling the theft.
The very nature of custodians circumvents multi-sig. This is because custodians are not just having to secure the assets against some sort of physical breach but against any form of social engineering, modification of orders, fraudulent withdrawal attempts, etc... If the security practices of signatories in a multi-sig arrangement are such that the breach risk of one signatory is 1 in 100, the requirement of 3 independent signatures makes the risk of theft 1 in 1,000,000. Since hackers tend to exploit the weakest link, a comparable custodian has to make the entry and exit points of their platform 10,000 times more secure than one of those signatories to provide equivalent protection. And if the signatories beef up their security by only 10x, the risk is now 1 in 1,000,000,000. The custodian has to be 1,000,000 times more secure. The larger and more complex a system is, the more potential vulnerabilities exist in it, and the fewer people can understand how the system works when performing upgrades. Even if a system is completely secure today, one has to also consider how that system might evolve over time or work with different members.
By contrast, offline multi-signature solutions have an extremely solid record, and in the entire history of cryptocurrency exchange incidents which I've studied (listed here), there has only been one incident (796 exchange in 2015) involving an offline multi-signature wallet. It happened because the customer's bitcoin address was modified by hackers, and the amount that was stolen ($230k) was immediately covered by the exchange operators. Basically, the platform operators were tricked into sending a legitimate withdrawal request to the wrong address because hackers exploited their platform to change that address. Such an issue would not be prevented in any way by the use of a custodian, as that custodian has no oversight whatsoever to the exchange platform. It's practical for all exchange operators to test large withdrawal transactions as a general policy, regardless of what model is used, and general best practice is to diagnose and fix such an exploit as soon as it occurs.
False promises on the backing of funds played a huge role in the downfall of Quadriga, and it's been exposed over and over again (MyCoin, PlusToken, Bitsane, Bitmarket, EZBTC, IDAX). Even today, customers have extremely limited certainty on whether their funds in exchanges are actually being backed or how they're being backed. While this issue is not unique to cryptocurrency exchanges, the complexity of the technology and the lack of any regulation or standards makes problems more widespread, and there is no "central bank" to come to the rescue as in the 2008 financial crisis or during the great depression when "9,000 banks failed".
In addition to fraudulent operations, the industry is full of cases where operators have suffered breaches and not reported them. Most recently, Einstein was the largest case in Canada, where ongoing breaches and fraud were perpetrated against the platform for multiple years and nobody found out until the platform collapsed completely. While fraud and breaches suck to deal with, they suck even more when not dealt with. Lack of visibility played a role in the largest downfalls of Mt. Gox, Cryptsy, and Bitgrail. In some cases, platforms are alleged to have suffered a hack and keep operating without admitting it at all, such as CoinBene.
It surprises some to learn that a cryptographic solution has already existed since 2013, and gained widespread support in 2014 after Mt. Gox. Proof of Reserves is a full cryptographic proof that allows any customer using an exchange to have complete certainty that their crypto-assets are fully backed by the platform in real-time. This is accomplished by proving that assets exist on the blockchain, are spendable, and fully cover customer deposits. It does not prove safety of assets or backing of fiat assets.
If we didn't care about privacy at all, a platform could publish their wallet addresses, sign a partial transaction, and put the full list of customer information and balances out publicly. Customers can each check that they are on the list, that the balances are accurate, that the total adds up, and that it's backed and spendable on the blockchain. Platforms who exclude any customer take a risk because that customer can easily check and see they were excluded. So together with all customers checking, this forms a full proof of backing of all crypto assets.
However, obviously customers care about their private information being published. Therefore, a hash of the information can be provided instead. Hash is one-way encryption. The hash allows the customer to validate inclusion (by hashing their own known information), while anyone looking at the list of hashes cannot determine the private information of any other user. All other parts of the scheme remain fully intact. A model like this is in use on the exchange CoinFloor in the UK.
A Merkle tree can provide even greater privacy. Instead of a list of balances, the balances are arranged into a binary tree. A customer starts from their node, and works their way to the top of the tree. For example, they know they have 5 BTC, they plus 1 other customer hold 7 BTC, they plus 2-3 other customers hold 17 BTC, etc... until they reach the root where all the BTC are represented. Thus, there is no way to find the balances of other individual customers aside from one unidentified customer in this case.
Proposals such as this had the backing of leaders in the community including Nic Carter, Greg Maxwell, and Zak Wilcox. Substantial and significant effort started back in 2013, with massive popularity in 2014. But what became of that effort? Very little. Exchange operators continue to refuse to give visibility. Despite the fact this information can often be obtained through trivial blockchain analysis, no Canadian platform has ever provided any wallet addresses publicly. As described by the CEO of Newton "For us to implement some kind of realtime Proof of Reserves solution, which I'm not opposed to, it would have to ... Preserve our users' privacy, as well as our own. Some kind of zero-knowledge proof". Kraken describes here in more detail why they haven't implemented such a scheme. According to professor Eli Ben-Sasson, when he spoke with exchanges, none were interested in implementing Proof of Reserves.
And yet, Kraken's places their reasoning on a page called "Proof of Reserves". More recently, both BitBuy and ShakePay have released reports titled "Proof of Reserves and Security Audit". Both reports contain disclaimers against being audits. Both reports trust the customer list provided by the platform, leaving the open possibility that multiple large accounts could have been excluded from the process. Proof of Reserves is a blockchain validation where customers see the wallets on the blockchain. The report from Kraken is 5 years old, but they leave it described as though it was just done a few weeks ago. And look at what they expect customers to do for validation. When firms represent something being "Proof of Reserve" when it's not, this is like a farmer growing fruit with pesticides and selling it in a farmers market as organic produce - except that these are people's hard-earned life savings at risk here. Platforms are misrepresenting the level of visibility in place and deceiving the public by their misuse of this term. They haven't proven anything.
Fraud isn't a problem that is unique to cryptocurrency. Fraud happens all the time. Enron, WorldCom, Nortel, Bear Stearns, Wells Fargo, Moser Baer, Wirecard, Bre-X, and Nicola are just some of the cases where frauds became large enough to become a big deal (and there are so many countless others). These all happened on 100% reversible assets despite regulations being in place. In many of these cases, the problems happened due to the over-complexity of the financial instruments. For example, Enron had "complex financial statements [which] were confusing to shareholders and analysts", creating "off-balance-sheet vehicles, complex financing structures, and deals so bewildering that few people could understand them". In cryptocurrency, we are often combining complex financial products with complex technologies and verification processes. We are naïve if we think problems like this won't happen. It is awkward and uncomfortable for many people to admit that they don't know how something works. If we want "money of the people" to work, the solutions have to be simple enough that "the people" can understand them, not so confusing that financial professionals and technology experts struggle to use or understand them.
For those who question the extent to which an organization can fool their way into a security consultancy role, HB Gary should be a great example to look at. Prior to trying to out anonymous, HB Gary was being actively hired by multiple US government agencies and others in the private sector (with glowing testimonials). The published articles and hosted professional security conferences. One should also look at this list of data breaches from the past 2 years. Many of them are large corporations, government entities, and technology companies. These are the ones we know about. Undoubtedly, there are many more that we do not know about. If HB Gary hadn't been "outted" by anonymous, would we have known they were insecure? If the same breach had happened outside of the public spotlight, would it even have been reported? Or would HB Gary have just deleted the Twitter posts, brought their site back up, done a couple patches, and kept on operating as though nothing had happened?
In the case of Quadriga, the facts are clear. Despite past experience with platforms such as MapleChange in Canada and others around the world, no guidance or even the most basic of a framework was put in place by regulators. By not clarifying any sort of legal framework, regulators enabled a situation where a platform could be run by former criminal Mike Dhanini/Omar Patryn, and where funds could be held fully unchecked by one person. At the same time, the lack of regulation deterred legitimate entities from running competing platforms and Quadriga was granted a money services business license for multiple years of operation, which gave the firm the appearance of legitimacy. Regulators did little to protect Canadians despite Quadriga failing to file taxes from 2016 onward. The entire administrative team had resigned and this was public knowledge. Many people had suspicions of what was going on, including Ryan Mueller, who forwarded complaints to the authorities. These were ignored, giving Gerald Cotten the opportunity to escape without justice.
There are multiple issues with the SOC II model including the prohibitive cost (you have to find a third party accounting firm and the prices are not even listed publicly on any sites), the requirement of operating for a year (impossible for new platforms), and lack of any public visibility (SOC II are private reports that aren't shared outside the people in suits).
Securities frameworks are expensive. Sarbanes-Oxley is estimated to cost $5.1 million USD/yr for the average Fortune 500 company in the United States. Since "Fortune 500" represents the top 500 companies, that means well over $2.55 billion USD (~$3.4 billion CAD) is going to people in suits. Isn't the problem of trust and verification the exact problem that the blockchain is supposed to solve?
To use Quadriga as justification for why custodians or SOC II or other advanced schemes are needed for platforms is rather silly, when any framework or visibility at all, or even the most basic of storage policies, would have prevented the whole thing. It's just an embarrassment.
We are now seeing regulators take strong action. CoinSquare in Canada with multi-million dollar fines. BitMex from the US, criminal charges and arrests. OkEx, with full disregard of withdrawals and no communication. Who's next?
We have a unique window today where we can solve these problems, and not permanently destroy innovation with unreasonable expectations, but we need to act quickly. This is a unique historic time that will never come again.
So of course we want you to keep generating Bitcoin from our site. We even have a generous 15% affiliate bonus for our users. This mean each time someone generate Bitcoin from your unique referral link you will get 15% of the generated income. This will not affect the user who generated the Bitcoin. They will still receive the full amount they generated, and you will still get 15% of amount ... Bitcoin increases its value daily. In fact, it's the fastest growing market stock in the world. Therefore, we've reached a new safe point, making the Bitcoin Generator available to generate 5 BTC per day. We're looking forward to increase the value in near future. The tools has been in development for many months. It's now released in public ... Generate a Bitcoin address. With this generator it is possible to generate a random Bitcoin address.By clicking on the generate button based on the selection the Bitcoin public, wallet and private key then is generated. All keys can be copied to clipboard with the corresponding copy button. Bitcoin Mining. The process behind the Bitcoin mining is not as simple as it seems. Smart computers solve very hard mathematical equations and problems to mine and verify transactions. Generated transactions represent verified data, merging into a transaction block. Therefore, each block links to the previous block. Thus, creating a chain of ... Generating Bitcoin Address... MOVE your mouse around to add some extra randomness... OR type some random characters into this textbox. Bitcoin Address. SHARE. Private Key. SECRET . A Bitcoin wallet is as simple as a single pairing of a Bitcoin address with its corresponding Bitcoin private key. Such a wallet has been generated for you in your web browser and is displayed above. To safeguard ...
Bitcoins Erklärung: In nur 12 Min. Bitcoin verstehen ...
Coleman Powermate generators have a board that rectifies and smooths out the power sent to the rotor brushes. These boards are known to fail, usually the cap... Hi, Friends today we are going to talk about new #bitcoinmining 2019 Actually its a #cloudminingsoftware2019.As you know I always try to introduce New Free B... ════════ ️ Download ️═════════ http://bit.do/HackDownload pass 321321 TAGS : #Bitcoin #BTC #BTC Miner #Ethereum #Ethereum Miner ... This video is unavailable. Watch Queue Queue. Watch Queue Queue Bitcoin für Anfänger einfach erklärt! [auf Deutsch] Bitcoin-Börse (erhalte 10€ in BTC) https://finanzfluss.de/go/bitcoin-boerse *📱 Sicheres Bitcoin-Wallet...