Quantum Computing | Bitcoin's Doomsday Maker - CoinCentral

Technical: Taproot: Why Activate?

This is a follow-up on https://old.reddit.com/Bitcoin/comments/hqzp14/technical_the_path_to_taproot_activation/
Taproot! Everybody wants it!! But... you might ask yourself: sure, everybody else wants it, but why would I, sovereign Bitcoin HODLer, want it? Surely I can be better than everybody else because I swapped XXX fiat for Bitcoin unlike all those nocoiners?
And it is important for you to know the reasons why you, o sovereign Bitcoiner, would want Taproot activated. After all, your nodes (or the nodes your wallets use, which if you are SPV, you hopefully can pester to your wallet vendoimplementor about) need to be upgraded in order for Taproot activation to actually succeed instead of becoming a hot sticky mess.
First, let's consider some principles of Bitcoin.
I'm sure most of us here would agree that the above are very important principles of Bitcoin and that these are principles we would not be willing to remove. If anything, we would want those principles strengthened (especially the last one, financial privacy, which current Bitcoin is only sporadically strong with: you can get privacy, it just requires effort to do so).
So, how does Taproot affect those principles?

Taproot and Your /Coins

Most HODLers probably HODL their coins in singlesig addresses. Sadly, switching to Taproot would do very little for you (it gives a mild discount at spend time, at the cost of a mild increase in fee at receive time (paid by whoever sends to you, so if it's a self-send from a P2PKH or bech32 address, you pay for this); mostly a wash).
(technical details: a Taproot output is 1 version byte + 32 byte public key, while a P2WPKH (bech32 singlesig) output is 1 version byte + 20 byte public key hash, so the Taproot output spends 12 bytes more; spending from a P2WPKH requires revealing a 32-byte public key later, which is not needed with Taproot, and Taproot signatures are about 9 bytes smaller than P2WPKH signatures, but the 32 bytes plus 9 bytes is divided by 4 because of the witness discount, so it saves about 11 bytes; mostly a wash, it increases blockweight by about 1 virtual byte, 4 weight for each Taproot-output-input, compared to P2WPKH-output-input).
However, as your HODLings grow in value, you might start wondering if multisignature k-of-n setups might be better for the security of your savings. And it is in multisignature that Taproot starts to give benefits!
Taproot switches to using Schnorr signing scheme. Schnorr makes key aggregation -- constructing a single public key from multiple public keys -- almost as trivial as adding numbers together. "Almost" because it involves some fairly advanced math instead of simple boring number adding, but hey when was the last time you added up your grocery list prices by hand huh?
With current P2SH and P2WSH multisignature schemes, if you have a 2-of-3 setup, then to spend, you need to provide two different signatures from two different public keys. With Taproot, you can create, using special moon math, a single public key that represents your 2-of-3 setup. Then you just put two of your devices together, have them communicate to each other (this can be done airgapped, in theory, by sending QR codes: the software to do this is not even being built yet, but that's because Taproot hasn't activated yet!), and they will make a single signature to authorize any spend from your 2-of-3 address. That's 73 witness bytes -- 18.25 virtual bytes -- of signatures you save!
And if you decide that your current setup with 1-of-1 P2PKH / P2WPKH addresses is just fine as-is: well, that's the whole point of a softfork: backwards-compatibility; you can receive from Taproot users just fine, and once your wallet is updated for Taproot-sending support, you can send to Taproot users just fine as well!
(P2WPKH and P2WSH -- SegWit v0 -- addresses start with bc1q; Taproot -- SegWit v1 --- addresses start with bc1p, in case you wanted to know the difference; in bech32 q is 0, p is 1)
Now how about HODLers who keep all, or some, of their coins on custodial services? Well, any custodial service worth its salt would be doing at least 2-of-3, or probably something even bigger, like 11-of-15. So your custodial service, if it switched to using Taproot internally, could save a lot more (imagine an 11-of-15 getting reduced from 11 signatures to just 1!), which --- we can only hope! --- should translate to lower fees and better customer service from your custodial service!
So I think we can say, very accurately, that the Bitcoin principle --- that YOU are in control of your money --- can only be helped by Taproot (if you are doing multisignature), and, because P2PKH and P2WPKH remain validly-usable addresses in a Taproot future, will not be harmed by Taproot. Its benefit to this principle might be small (it mostly only benefits multisignature users) but since it has no drawbacks with this (i.e. singlesig users can continue to use P2WPKH and P2PKH still) this is still a nice, tidy win!
(even singlesig users get a minor benefit, in that multisig users will now reduce their blockchain space footprint, so that fees can be kept low for everybody; so for example even if you have your single set of private keys engraved on titanium plates sealed in an airtight box stored in a safe buried in a desert protected by angry nomads riding giant sandworms because you're the frickin' Kwisatz Haderach, you still gain some benefit from Taproot)
And here's the important part: if P2PKH/P2WPKH is working perfectly fine with you and you decide to never use Taproot yourself, Taproot will not affect you detrimentally. First do no harm!

Taproot and Your Contracts

No one is an island, no one lives alone. Give and you shall receive. You know: by trading with other people, you can gain expertise in some obscure little necessity of the world (and greatly increase your productivity in that little field), and then trade the products of your expertise for necessities other people have created, all of you thereby gaining gains from trade.
So, contracts, which are basically enforceable agreements that facilitate trading with people who you do not personally know and therefore might not trust.
Let's start with a simple example. You want to buy some gewgaws from somebody. But you don't know them personally. The seller wants the money, you want their gewgaws, but because of the lack of trust (you don't know them!! what if they're scammers??) neither of you can benefit from gains from trade.
However, suppose both of you know of some entity that both of you trust. That entity can act as a trusted escrow. The entity provides you security: this enables the trade, allowing both of you to get gains from trade.
In Bitcoin-land, this can be implemented as a 2-of-3 multisignature. The three signatories in the multisgnature would be you, the gewgaw seller, and the escrow. You put the payment for the gewgaws into this 2-of-3 multisignature address.
Now, suppose it turns out neither of you are scammers (whaaaat!). You receive the gewgaws just fine and you're willing to pay up for them. Then you and the gewgaw seller just sign a transaction --- you and the gewgaw seller are 2, sufficient to trigger the 2-of-3 --- that spends from the 2-of-3 address to a singlesig the gewgaw seller wants (or whatever address the gewgaw seller wants).
But suppose some problem arises. The seller gave you gawgews instead of gewgaws. Or you decided to keep the gewgaws but not sign the transaction to release the funds to the seller. In either case, the escrow is notified, and if it can sign with you to refund the funds back to you (if the seller was a scammer) or it can sign with the seller to forward the funds to the seller (if you were a scammer).
Taproot helps with this: like mentioned above, it allows multisignature setups to produce only one signature, reducing blockchain space usage, and thus making contracts --- which require multiple people, by definition, you don't make contracts with yourself --- is made cheaper (which we hope enables more of these setups to happen for more gains from trade for everyone, also, moon and lambos).
(technology-wise, it's easier to make an n-of-n than a k-of-n, making a k-of-n would require a complex setup involving a long ritual with many communication rounds between the n participants, but an n-of-n can be done trivially with some moon math. You can, however, make what is effectively a 2-of-3 by using a three-branch SCRIPT: either 2-of-2 of you and seller, OR 2-of-2 of you and escrow, OR 2-of-2 of escrow and seller. Fortunately, Taproot adds a facility to embed a SCRIPT inside a public key, so you can have a 2-of-2 Taprooted address (between you and seller) with a SCRIPT branch that can instead be spent with 2-of-2 (you + escrow) OR 2-of-2 (seller + escrow), which implements the three-branched SCRIPT above. If neither of you are scammers (hopefully the common case) then you both sign using your keys and never have to contact the escrow, since you are just using the escrow public key without coordinating with them (because n-of-n is trivial but k-of-n requires setup with communication rounds), so in the "best case" where both of you are honest traders, you also get a privacy boost, in that the escrow never learns you have been trading on gewgaws, I mean ewww, gawgews are much better than gewgaws and therefore I now judge you for being a gewgaw enthusiast, you filthy gewgawer).

Taproot and Your Contracts, Part 2: Cryptographic Boogaloo

Now suppose you want to buy some data instead of things. For example, maybe you have some closed-source software in trial mode installed, and want to pay the developer for the full version. You want to pay for an activation code.
This can be done, today, by using an HTLC. The developer tells you the hash of the activation code. You pay to an HTLC, paying out to the developer if it reveals the preimage (the activation code), or refunding the money back to you after a pre-agreed timeout. If the developer claims the funds, it has to reveal the preimage, which is the activation code, and you can now activate your software. If the developer does not claim the funds by the timeout, you get refunded.
And you can do that, with HTLCs, today.
Of course, HTLCs do have problems:
Fortunately, with Schnorr (which is enabled by Taproot), we can now use the Scriptless Script constuction by Andrew Poelstra. This Scriptless Script allows a new construction, the PTLC or Pointlocked Timelocked Contract. Instead of hashes and preimages, just replace "hash" with "point" and "preimage" with "scalar".
Or as you might know them: "point" is really "public key" and "scalar" is really a "private key". What a PTLC does is that, given a particular public key, the pointlocked branch can be spent only if the spender reveals the private key of the given private key to you.
Another nice thing with PTLCs is that they are deniable. What appears onchain is just a single 2-of-2 signature between you and the developemanufacturer. It's like a magic trick. This signature has no special watermarks, it's a perfectly normal signature (the pledge). However, from this signature, plus some datta given to you by the developemanufacturer (known as the adaptor signature) you can derive the private key of a particular public key you both agree on (the turn). Anyone scraping the blockchain will just see signatures that look just like every other signature, and as long as nobody manages to hack you and get a copy of the adaptor signature or the private key, they cannot get the private key behind the public key (point) that the pointlocked branch needs (the prestige).
(Just to be clear, the public key you are getting the private key from, is distinct from the public key that the developemanufacturer will use for its funds. The activation key is different from the developer's onchain Bitcoin key, and it is the activation key whose private key you will be learning, not the developer's/manufacturer's onchain Bitcoin key).
Taproot lets PTLCs exist onchain because they enable Schnorr, which is a requirement of PTLCs / Scriptless Script.
(technology-wise, take note that Scriptless Script works only for the "pointlocked" branch of the contract; you need normal Script, or a pre-signed nLockTimed transaction, for the "timelocked" branch. Since Taproot can embed a script, you can have the Taproot pubkey be a 2-of-2 to implement the Scriptless Script "pointlocked" branch, then have a hidden script that lets you recover the funds with an OP_CHECKLOCKTIMEVERIFY after the timeout if the seller does not claim the funds.)

Quantum Quibbles!

Now if you were really paying attention, you might have noticed this parenthetical:
(technical details: a Taproot output is 1 version byte + 32 byte public key, while a P2WPKH (bech32 singlesig) output is 1 version byte + 20 byte public key hash...)
So wait, Taproot uses raw 32-byte public keys, and not public key hashes? Isn't that more quantum-vulnerable??
Well, in theory yes. In practice, they probably are not.
It's not that hashes can be broken by quantum computes --- they're still not. Instead, you have to look at how you spend from a P2WPKH/P2PKH pay-to-public-key-hash.
When you spend from a P2PKH / P2WPKH, you have to reveal the public key. Then Bitcoin hashes it and checks if this matches with the public-key-hash, and only then actually validates the signature for that public key.
So an unconfirmed transaction, floating in the mempools of nodes globally, will show, in plain sight for everyone to see, your public key.
(public keys should be public, that's why they're called public keys, LOL)
And if quantum computers are fast enough to be of concern, then they are probably fast enough that, in the several minutes to several hours from broadcast to confirmation, they have already cracked the public key that is openly broadcast with your transaction. The owner of the quantum computer can now replace your unconfirmed transaction with one that pays the funds to itself. Even if you did not opt-in RBF, miners are still incentivized to support RBF on RBF-disabled transactions.
So the extra hash is not as significant a protection against quantum computers as you might think. Instead, the extra hash-and-compare needed is just extra validation effort.
Further, if you have ever, in the past, spent from the address, then there exists already a transaction indelibly stored on the blockchain, openly displaying the public key from which quantum computers can derive the private key. So those are still vulnerable to quantum computers.
For the most part, the cryptographers behind Taproot (and Bitcoin Core) are of the opinion that quantum computers capable of cracking Bitcoin pubkeys are unlikely to appear within a decade or two.
For now, the homomorphic and linear properties of elliptic curve cryptography provide a lot of benefits --- particularly the linearity property is what enables Scriptless Script and simple multisignature (i.e. multisignatures that are just 1 signature onchain). So it might be a good idea to take advantage of them now while we are still fairly safe against quantum computers. It seems likely that quantum-safe signature schemes are nonlinear (thus losing these advantages).


I Wanna Be The Taprooter!

So, do you want to help activate Taproot? Here's what you, mister sovereign Bitcoin HODLer, can do!

But I Hate Taproot!!

That's fine!

Discussions About Taproot Activation

submitted by almkglor to Bitcoin [link] [comments]

Some very important points that most people do not understand about Bitcoin

Point 1)
Most people do not understand that you can't send money over internet, but only information. Bitcoin is the first digital settlement layer.
When I send a picture to someone on Facebook messenger, I don't actually send a picture. I send information about the pictures structure, and the picture gets restructured on the client side (the cellphone) of the user I send it to. Copy of the information is being sent, not the picture itself. So you can't send money over internet, it is not possible, only information.
If I have a bank account at some bank, and I send $50 dollars to another person in the same bank by using the banks website, then a transaction happens between two people within the same infrastructure, which is the banks back-end system and database. So the banks system just subtracts $50 dollars from one person and adds $50 dollars to another person. But no money has moved, only information has been edited. But if I send money to someone that uses another Bank, then this bank has its own infrastructure which is independent of the first. So Bank1 tells Bank2 that they have a user that wants to send money to a user of the other bank. So Bank1 subtracts $50 from User1, and Bank2 adds $50 to User2, but now Bank1 owes Bank2 $50, why? Because you can't send money over internet. So they have to settle the difference between them with some kind of a settlement system, (cash, gold or a third party like a central bank). This difference can be the result of many transactions between many users and can be millions of dollars of worth, the settlement can be done periodically for example every 6 months.
With Bitcoin, because of how the system works, it is almost as if you can send value over internet for the first time, even though you don't really send value, you still send information, but since the infrastructure is global, it is like the first example, it is as if the world has (one large bank infrastructure), that is fully automated and which no one controls.
This alone makes Bitcoin extremely valuable, because it is a trust less digital settlement layer which is extremely secure and not dependent on one particular nation or organisation.
Point 2)
There can never be more than 21 million Bitcoin. This is very hard for people to grasp. Because what do you mean there can never be more than 21 million bitcoin? It sounds like a game, such a scam... People do not understand that Bitcoin is not normal software. In normal software the developers can change the code as they want and publish the code when they want. They do not understand that Bitcoin is a software that is not like a normal software. You can't actually change the number even if the number is programmed in. Which of-course most people will deny, because it makes no sense for most people. They do not understand that even though it is theoretically possible to change it, it is practically almost impossible. It is theoretically possible for me to convince half of Sweden to burn half of their money, but practically impossible. Just because something is theoretically possible, doesn't mean that it will happen within a time frame, or even in your lifetime. In order for the 21 million supply to change, most people in the Bitcoin community needs to agree on it, which is practically impossible. Miners have to change to the new protocol and so on. Not going to happen.
When gold treasures were lost in the past, someone else could find them. Gold practically never completely disappears, it is a chemical element. With Bitcoin, once it is lost it is practically lost forever (put aside quantum computing for now and other theoretical unforeseeable events). 21 million is only the upper theoretical limit. Bitcoin will be more and more scarce as time goes by. Gold is not like this. Gold has an inflation rate of 1,5% every year. The reason it is constant is because even if the stock gets bigger, the flow into the stock also gets bigger because of better mining capabilities, so you can look at it as constant inflation of 1.5% every year. With Bitcoin, not only do the stock to flow ratio go up every halvening, and the flow into bitcoin not only decreases with time, but almost goes into negative because of lost coins every year. This is completely insane and people do not understand this. If you combine this almost deflationary nature of Bitcoin with extreme bullish market sentiment then you will realize that no one knows what is going to happen in the future because wrapping your head around all this and to come to a conclusion about the Bitcoin price will make you sound absolutely delusional to most people.
Point 3)
People think that $100,000 bitcoin is wishful thinking and that there is not enough money in the world for Bitcoin to be worth millions of dollars. Which I can assure you is false. Bitcoin can even be worth $50 million dollars per coin, which would make 2 satoshi 1 dollar. Even if one Bitcoin transaction would cost 10 000 Satoshi. You might say, that's not possible, whats the point if one transaction is so expensive. Again, you don't need to actually do a transfer of money, as in the first example of point 1, virtual transactions on bank level can happen, or on Coinbase. You can send 100 satoshi to someone and pay 1 satoshi in fee "on the bank level", not on chain, banks or exchanges then will settle the difference as they want. At least with Bitcoin you have the option to be you own bank, even if that will cost you more, you still have the option. This is already happening in front of your eyes. Banks like Dutch ING, Deutsche bank, are already working on custody services for cryptocurrencies. And even exchanges want to operate as banks and exchanges like Coinbase are working to get license for this. This is already happening and it is the correct move forwards, a mix between the legacy banking system and cryptocurrencies. You can already spend your Bitcoin with Coinbase Visa Card or similar services. Most people are too lazy and stupid to operate like us with their own wallets, it is a fact well known.
In terms of the price, money inflow is not the same as market cap. Take for instance the following simple scenario. I own 100% of the shares of my own company and I decide to sell 10% of the company for 1 million USD, which will value my whole company at 10 million USD, so 1 million flow into my company leads to 10x market cap of 10 million USD. For Bitcoin to have 21 trillion market cap, Bitcoin does not need 21 trillion of money inflow. Bitcoin price is dependent on market sentiment, if the market sentiment is such that very few people want to sell their coins because the price keeps going up then you might have 100x market cap of the money inflow. So 1 billion USD in money inflow translates to 100 billion USD in market cap. The multiplier can be 10x, 2x or 50x, all depends on market sentiment and time period. So an inflow of 10 trillion USD in 10 years might lead to 100 trillion USD market cap of BTC and 5 million USD per Bitcoin.
Bitcoin value have no roof, the price might actually just keep going up and up and up and up and up. We have never had something that is absolutely scarce, and global, and seen as an alternative form of money, when the rest of the world keeps bubbling up. There is no limit on the BTC price because the whole world works with a bubbly system, and the way Bitcoin is price discovered, is a guaranteed insane BTC price in the future. Even $100 million USD per Bitcoin in 50 years before I am dead is possible.
Point 4)
Fiat does not need to die, and Bitcoin does not need to take over in order for Bitcoin to have "ridiculous price". No financial crisis is needed. Actually what you want is things to just continue as they have done in the last 10 years. No too extreme events. Just "small events" here and there. You can't change human nature, it is inevitable. Bitcoin is so ingrained into our world that there is no way back. There will be people with whole Bitcoin, and people without. Just like people with gold and stock investments and real estate, and people without those things. No insane events, this is all normal.
Point 5)
Bitcoin has won as the financial cryptocurrency. No flippening will happen. The only flippening will be with gold and fiat currencies. If I wanted to, I could have developed a system like PayPal in 1 month time, and it would be able to do 5000 transactions per second because I would use MySQL and SSD, but no one would use my service because they would not trust me because they have no idea who I am and what my service is, and there is no one to send money too, so the network is not there. Bitcoin has won because security and network effect is way more important than transactions per second. Transactions per second will be dealt with on bank level, exchange level, or layer 2 solutions. This is already clear to me. Bitcoin has won.
Point 6)
In order to understand Bitcoin and what will happen in the future, you have to be able to see things that are not in front of you. You can't compare Bitcoin to Tulip mania, or even Gold. Because something like Bitcoin has never existed before and you have to think about it's properties and try to understand it with human nature and with how the world works and how everything keeps increasing, and Bitcoin is the thing that does not increase in supply. You will eventually accept the unnatural thought of Bitcoin never stopping going up in value, which is something that is hard to come to terms with, because it feels unnatural, "and it could not possibly be so".
Point 7)
The Gini coefficient of Bitcoin is not a big deal. I used to think that it was unfair that some people had 1,000 BTC, 10,000 BTC, or even 50,000 BTC. And I was afraid that they might dump their coins into the market and crash it. I have now realised that these people are smart people and they think like me, and they won't just dump their whole BTC holding on the market as that might be a very bad move for them. It is like when a majority holder of a company, like Jeff Bezos and Amazon, understands that he can't sell all of his shares in one go as that would effect Amazon stock value too much and would not be smart. It is best to sell when the price goes up, but then when they sell the BTC will just be eaten up by other people, and they will be at a loss in the longer term. And the other thing is that perhaps there is no other smart place to put that fiat money, Bitcoin might just be the best place to keep those amounts of money. Someone with a very large holding has two options. He can either sell his BTC, in which case the price would go down but the Bitcoin would be spread out between potentially thousands of new users, or he might decide to never sell. If he decides to never sell, it is as if those Bitcoins are lost forever and that is good for the Bitcoin price and Bitcoin in general. If he decides to sell then Bitcoin will be divided more equally among many users which is also a good thing for Bitcoin because that increases the network effect, and after he sells he no longer has the power to drive the price down, but now he sits on a very large fiat holding, he might even buy back at a higher price and drive the price higher. I know that if I had 10,000 BTC, I would sell 1,000 BTC and buy a house and a car and whatever I wanted, and sell another 1,000 BTC to diversify into some other assets. And keep 8,000 BTC because I don't know of anywhere else to put that kind of money into good work. I believe in Bitcoin so as an investor it makes sense to keep it here. I probably would never sell because I would never need anything else after the initial 1,000 BTC sell.
Bitcoin is like a black hole that sucks in the Earths monetary resources over time. Most people that bought really early and were smart enough to hold all the way to these prices will only sell what they need to sell and keep the rest in BTC. Some of them might want to speculate and try to time the ATH, only to buy back in with most of the fiat they sold. Which means that even if money goes out of the market, it only goes out of the market temporarily, only to get back in at hopefully lower prices. And so the market grows, and grows and grows over time.
Point 8)
Bitcoin has intrinsic value. When people like Peter Schiff say that gold has intrinsic value because gold can be used in electronics and aviation and therefore gold has value but Bitcoin has no value because it has no intrinsic value, you have to take a pause and do some critical thinking. Can you imagine 16th century pirates looking to find a gold treasure worth an insane amount because they knew gold had value because of electronics and aviation? This is clearly absurd. Gold has been used as money for thousands of years and electronics and aviation was not even a thing 150 years ago. Gold has value because it is globally scarce. Bitcoin is absolutely verifiable scarce. Bitcoin has intrinsic value because of it's monetary policy and because you can carry millions of dollars of value by remembering only 24 words in your head, and carry that value wherever you want and no one can stop you, that is intrinsic value.
People had a hard time understanding that a website like Facebook could be worth billions of dollars, because it was not physical, it was "just a website". Even a website like Google search is not physical and still it has immense value. It is valuable information and it provides a good service, and that has value, it does not have to be physical and tangible.
submitted by 21btc to Bitcoin [link] [comments]

Threshold Signature Explained— Bringing Exciting Applications with TSS

Threshold Signature Explained— Bringing Exciting Applications with TSS
— A deep dive into threshold signature without mathematics by ARPA’s cryptographer Dr. Alex Su

Threshold signature is a distributed multi-party signature protocol that includes distributed key generation, signature, and verification algorithms.
In recent years, with the rapid development of blockchain technology, signature algorithms have gained widespread attention in both academic research and real-world applications. Its properties like security, practicability, scalability, and decentralization of signature are pored through.
Due to the fact that blockchain and signature are closely connected, the development of signature algorithms and the introduction of new signature paradigms will directly affect the characteristics and efficiency of blockchain networks.
In addition, institutional and personal account key management requirements stimulated by distributed ledgers have also spawned many wallet applications, and this change has also affected traditional enterprises. No matter in the blockchain or traditional financial institutions, the threshold signature scheme can bring security and privacy improvement in various scenarios. As an emerging technology, threshold signatures are still under academic research and discussions, among which there are unverified security risks and practical problems.
This article will start from the technical rationale and discuss about cryptography and blockchain. Then we will compare multi-party computation and threshold signature before discussing the pros and cons of different paradigms of signature. In the end, there will be a list of use cases of threshold signature. So that, the reader may quickly learn about the threshold signature.
I. Cryptography in Daily Life
Before introducing threshold signatures, let’s get a general understanding of cryptography. How does cryptography protect digital information? How to create an identity in the digital world? At the very beginning, people want secure storage and transmission. After one creates a key, he can use symmetric encryption to store secrets. If two people have the same key, they can achieve secure transmission between them. Like, the king encrypts a command and the general decrypts it with the corresponding key.
But when two people do not have a safe channel to use, how can they create a shared key? So, the key exchange protocol came into being. Analogously, if the king issues an order to all the people in the digital world, how can everyone proves that the sentence originated from the king? As such, the digital signature protocol was invented. Both protocols are based on public key cryptography, or asymmetric cryptographic algorithms.

“Tiger Rune” is a troop deployment tool used by ancient emperor’s, made of bronze or gold tokens in the shape of a tiger, split in half, half of which is given to the general and the other half is saved by the emperor. Only when two tiger amulets are combined and used at the same time, will the amulet holder get the right to dispatch troops.
Symmetric and asymmetric encryption constitute the main components of modern cryptography. They both have three fixed parts: key generation, encryption, and decryption. Here, we focus on digital signature protocols. The key generation process generates a pair of associated keys: the public key and the private key. The public key is open to everyone, and the private key represents the identity and is only revealed to the owner. Whoever owns the private key has the identity represented by the key. The encryption algorithm, or signature algorithm, takes the private key as input and generate a signature on a piece of information. The decryption algorithm, or signature verification algorithm, uses public keys to verify the validity of the signature and the correctness of the information.
II. Signature in the Blockchain
Looking back on blockchain, it uses consensus algorithm to construct distributed books, and signature provides identity information for blockchain. All the transaction information on the blockchain is identified by the signature of the transaction initiator. The blockchain can verify the signature according to specific rules to check the transaction validity, all thanks to the immutability and verifiability of the signature.
For cryptography, the blockchain is more than using signature protocol, or that the consensus algorithm based on Proof-of-Work uses a hash function. Blockchain builds an infrastructure layer of consensus and transaction through. On top of that, the novel cryptographic protocols such as secure multi-party computation, zero-knowledge proof, homomorphic encryption thrives. For example, secure multi-party computation, which is naturally adapted to distributed networks, can build secure data transfer and machine learning platforms on the blockchain. The special nature of zero-knowledge proof provides feasibility for verifiable anonymous transactions. The combination of these cutting-edge cryptographic protocols and blockchain technology will drive the development of the digital world in the next decade, leading to secure data sharing, privacy protection, or more applications now unimaginable.
III. Secure Multi-party Computation and Threshold Signature
After introducing how digital signature protocol affects our lives, and how to help the blockchain build identities and record transactions, we will mention secure multi-party computation (MPC), from where we can see how threshold signatures achieve decentralization. For more about MPC, please refer to our previous posts which detailed the technical background and application scenarios.
MPC, by definition, is a secure computation that several participants jointly execute. Security here means that, in one computation, all participants provide their own private input, and can obtain results from the calculation. It is not possible to get any private information entered by other parties. In 1982, when Prof. Yao proposed the concept of MPC, he gave an example called the “Millionaires Problem” — two millionaires who want to know who is richer than the other without telling the true amount of assets. Specifically, the secure multiparty computation would care about the following properties:
  • Privacy: Any participant cannot obtain any private input of other participants, except for information that can be inferred from the computation results.
  • Correctness and verifiability: The computation should ensure correct execution, and the legitimacy and correctness of this process should be verifiable by participants or third parties.
  • Fairness or robustness: All parties involved in the calculation, if not agreed in advance, should be able to obtain the computation results at the same time or cannot obtain the results.
Supposing we use secure multi-party computation to make a digital signature in a general sense, we will proceed as follows:
  • Key generation phase: all future participants will be involved together to do two things: 1) each involved party generates a secret private key; 2) The public key is calculated according to the sequence of private keys.
  • Signature phase: Participants joining in a certain signature use their own private keys as private inputs, and the information to be signed as a public input to perform a joint signature operation to obtain a signature. In this process, the privacy of secure multi-party computing ensures the security of private keys. The correctness and robustness guarantee the unforgeability of the signature and everyone can all get signatures.
  • Verification phase: Use the public key corresponding to the transaction to verify the signature as traditional algorithm. There is no “secret input” during the verification, this means that the verification can be performed without multi-party computation, which will become an advantage of multi-party computation type distributed signature.
The signature protocol constructed on the idea of ​​secure multiparty computing is the threshold signature. It should be noted that we have omitted some details, because secure multiparty computing is actually a collective name for a type of cryptographic protocol. For different security assumptions and threshold settings, there are different construction methods. Therefore, the threshold signatures of different settings will also have distinctive properties, this article will not explain each setting, but the comparative result with other signature schemes will be introduced in the next section.
IV. Single Signature, Multi-Signature and Threshold Signature
Besides the threshold signature, what other methods can we choose?
Bitcoin at the beginning, uses single signature which allocates each account with one private key. The message signed by this key is considered legitimate. Later, in order to avoid single point of failure, or introduce account management by multiple people, Bitcoin provides a multi-signature function. Multi-signature can be simply understood as each account owner signs successively and post all signatures to the chain. Then signatures are verified in order on the chain. When certain conditions are met, the transaction is legitimate. This method achieves a multiple private keys control purpose.
So, what’s the difference between multi-signature and threshold signature?
Several constraints of multi-signature are:
  1. The access structure is not flexible. If an account’s access structure is given, that is, which private keys can complete a legal signature, this structure cannot be adjusted at a later stage. For example, a participant withdraws, or a new involved party needs to change the access structure. If you must change, you need to complete the initial setup process again, which will change the public key and account address as well.
  2. Less efficiency. The first is that the verification on chain consumes power of all nodes, and therefore requires a processing fee. The verification of multiple signatures is equivalent to multiple single signatures. The second is performance. The verification obviously takes more time.
  3. Requirements of smart contract support and algorithm adaptation that varies from chain to chain. Because multi-sig is not naturally supported. Due to the possible vulnerabilities in smart contracts, this support is considered risky.
  4. No anonymity, this is not able to be trivially called disadvantage or advantage, because anonymity is required for specific conditions. Anonymity here means that multi-signature directly exposes all participating signers of the transaction.
Correspondingly, the threshold signature has the following features:
  1. The access structure is flexible. Through an additional multi-party computation, the existing private key sequence can be expanded to assign private keys to new participants. This process will not expose the old and newly generated private key, nor will it change the public key and account address.
  2. It provides more efficiency. For the chain, the signature generated by the threshold signature is not different from a single signature, which means the following improvements : a) The verification is the same as the single signature, and needs no additional fee; b ) the information of the signer is invisible, because for other nodes, the information is decrypted with the same public key; c) No smart contract on chain is needed to provide additional support.
In addition to the above discussion, there is a distributed signature scheme supported by Shamir secret sharing. Secret sharing algorithm has a long history which is used to slice information storage and perform error correction information. From the underlying algorithm of secure computation to the error correction of the disc. This technology has always played an important role, but the main problem is that when used in a signature protocol, Shamir secret sharing needs to recover the master private key.
As for multiple signatures or threshold signature, the master private key has never been reconstructed, even if it is in memory or cache. this short-term reconstruction is not tolerable for vital accounts.
V. Limitations
Just like other secure multi-party computation protocols, the introduction of other participants makes security model different with traditional point-to-point encrypted transmission. The problem of conspiracy and malicious participants were not taken into account in algorithms before. The behavior of physical entities cannot be restricted, and perpetrators are introduced into participating groups.
Therefore, multi-party cryptographic protocols cannot obtain the security strength as before. Effort is needed to develop threshold signature applications, integrate existing infrastructure, and test the true strength of threshold signature scheme.
VI. Scenarios
1. Key Management
The use of threshold signature in key management system can achieve a more flexible administration, such as ARPA’s enterprise key management API. One can use the access structure to design authorization pattern for users with different priorities. In addition, for the entry of new entities, the threshold signature can quickly refresh the key. This operation can also be performed periodically to level up the difficulty of hacking multiple private keys at the same time. Finally, for the verifier, the threshold signature is not different from the traditional signature, so it is compatible with old equipments and reduces the update cost. ARPA enterprise key management modules already support Elliptic Curve Digital Signature Scheme secp256k1 and ed25519 parameters. In the future, it will be compatible with more parameters.

2. Crypto Wallet
Wallets based on threshold signature are more secure because the private key doesn’t need to be rebuilt. Also, without all signatures posted publicly, anonymity can be achieved. Compared to the multi-signature, threshold signature needs less transaction fees. Similar to key management applications, the administration of digital asset accounts can also be more flexible. Furthermore, threshold signature wallet can support various blockchains that do not natively support multi-signature, which reduces the risk of smart contracts bugs.


This article describes why people need the threshold signature, and what inspiring properties it may bring. One can see that threshold signature has higher security, more flexible control, more efficient verification process. In fact, different signature technologies have different application scenarios, such as aggregate signatures not mentioned in the article, and BLS-based multi-signature. At the same time, readers are also welcomed to read more about secure multi-party computation. Secure computation is the holy grail of cryptographic protocols. It can accomplish much more than the application of threshold signatures. In the near future, secure computation will solve more specific application questions in the digital world.

About Author

Dr. Alex Su works for ARPA as the cryptography researcher. He got his Bachelor’s degree in Electronic Engineering and Ph.D. in Cryptography from Tsinghua University. Dr. Su’s research interests include multi-party computation and post-quantum cryptography implementation and acceleration.

About ARPA

ARPA is committed to providing secure data transfer solutions based on cryptographic operations for businesses and individuals.
The ARPA secure multi-party computing network can be used as a protocol layer to implement privacy computing capabilities for public chains, and it enables developers to build efficient, secure, and data-protected business applications on private smart contracts. Enterprise and personal data can, therefore, be analyzed securely on the ARPA computing network without fear of exposing the data to any third party.
ARPA’s multi-party computing technology supports secure data markets, precision marketing, credit score calculations, and even the safe realization of personal data.
ARPA’s core team is international, with PhDs in cryptography from Tsinghua University, experienced systems engineers from Google, Uber, Amazon, Huawei and Mitsubishi, blockchain experts from the University of Tokyo, AIG, and the World Bank. We also have hired data scientists from CircleUp, as well as financial and data professionals from Fosun and Fidelity Investments.
For more information about ARPA, or to join our team, please contact us at [email protected].
Learn about ARPA’s recent official news:
Telegram (English): https://t.me/arpa_community
Telegram (Việt Nam): https://t.me/ARPAVietnam
Telegram (Russian): https://t.me/arpa_community_ru
Telegram (Indonesian): https://t.me/Arpa_Indonesia
Telegram (Thai): https://t.me/Arpa_Thai
Telegram (Philippines):https://t.me/ARPA_Philippines
Telegram (Turkish): https://t.me/Arpa_Turkey
Korean Chats: https://open.kakao.com/o/giExbhmb (Kakao) & https://t.me/arpakoreanofficial (Telegram, new)
Medium: https://medium.com/@arpa
Twitter: u/arpaofficial
Reddit: https://www.reddit.com/arpachain/
Facebook: https://www.facebook.com/ARPA-317434982266680/54
submitted by arpaofficial to u/arpaofficial [link] [comments]

Electricity : Fan Theory

First off I'll start off by saying I truly believe this show to be a case of "the plot doesn't matter", it serves rather, as an engine that fuels exploration into bigger picture stuff -- commentary on capitalism, a mirror to examine our own emotion as shown through character's reactions to events. So if I'm way off base here it doesn't matter and if i'm spot on it doesn't matter.
Nonetheless, I'm going to attempt and present what may serve as a means of "understanding" the why of the season finale.
The cosmic error we were informed of this season, twins, is also seen in computers, these technically are called soft errors, but they are sometimes caused by cosmic rays. Essentially, cosmic rays have a statistically significant chance to change a piece of data stored in memory. This change in data has the power to change the way a system runs if not checked and corrected but does not imply it has affected it or will whether or not it is caught or if that data can not be recovered.
Twins present a "cosmic error" because where one sperm enters, two babies leave. The race condition of millions of sperm trying to fertilize an egg is solved by simply allowing only one sperm to do so (most of the time, maybe it happens, idk). But that doesn't stop a random split from happening that can potentially put the mom's life at greater risk of failing to give birth by doubling the load.
Concurrency in computer programming is where two processes are able to run simultaneously. A race condition is made when those two processes enter a critical part of their execution at the same time, that is to say try to access the same piece of data from memory at the same time. Put simply, if you and friend each opened a cupboard, checked how many apples were stored, add a number of apples, each exclusively, and mark down how many should now be in the cupboard you both should know how many are in the cupboard right? Nope. If there's one in the cupboard and you add two, you've marked down that there are 3 apples in the cupboard. However, your friend has decided to put one and did it before you put yours back. Now you and your friend both don't know how many apples are in the cupboard, as he thinks there are two when both of you are wrong -- there's four. So the next time you both go back to check your data is completely unreliable and subsequent calculations will compound how incorrect you are. Even if you both end up with the correct number at the end, it's a fluke and more still missing the error. This only makes sense if you take a literal blind approach in which is you only can see what was stored once when opening it and cannot double check what was written down, you have to trust what was stored after opening as it should match what's written down. The answer in programming can't always be store it twice in memory (here memory means random access, not disk stored).
One way of solving this is through the implementation of mutual exclusion, also called a mutex. The simplest example of a mutex, both actually and in our example is putting a lock on the cupboard with a single key you must use to unlock when checking, lock while adding apples, and then give up so your friend might access the cupboard. This ensures that you both have the right data each time you check. I'm skipping over some stuff because the piece that's important is that only one can be inside at any given time.
Semaphores are another way of achieving this, but instead of using a key a system of counting is put into place. this is done by knowing how many of a given resource are available at any given time and recording it. Currency, often believed to be rooted in a gold standard, uses this system to account for inflation or whatever. Funny enough bitcoin actually IS founded on a gold standard. One that so far can not be manipulated. Alchemy presents a logical problem for this, since gold cannot be created through chemistry and thus there is a finite amount of it. Same way there is a finite amount of bitcoin that will ever enter circulation.
Today, gold is still thought of as valuable. It's brought up early on in the series by Dud that the more gold that exists the less special it is, and thus would lose its value. One of the most historically valuable properties of gold is its malleability, and prettyness which allowed for more ornate objects of beauty to be crafted without the need for advanced smelting and casting. Today that is of much less concern.
Silver, on the other hand, in today's modern age, has the advantage of being the most electrically conductive metal we know about. Second comes copper and in third is gold. Guess which one we use most often in circuitry and in wiring buildings. Conductivity is literally based on the Silver standard.
While in many ways Dud may be seen as inferior to Liz, intelligence wise, money wise -- double down on a bad interest loan by paying it off with a worse interest loan vs. paying it off slowly and painfully, etc. He is often seen to be coming out ahead in terms of sheer happiness and fortitude where Liz cannot. If one sperm in a race produced two non identical babies, neither inherently came in first from the get go. As I said above, neither metal, gold or silver, wins in terms of actual utility in the conductivity battle. However, Dud enters the lodge first, and gets struck by lightning.
Given the information we are given in the first season we are not made privy to a lot of things that become important. Primarily, that the scrolls might be the solution to cracking bitcoin and thus disrupting its backed worth based on the gold standard. So, here, the "cosmic error" of twins and the challenge it presents in this concurrent system is brought into the main stage. Liz and Dud are both on a quest but neither really knows what or why. Both survive extreme conditions they are put in both voluntarily and involuntarily respectively.
This all changes when Liz enters the Lodge. Up until this point Liz has not entered the lodge out of her own "choice", free will arguments here be damned. She doesn't go in because she doesn't care. It takes Dud not answering her texts for her to enter and when she does so the Lodge corrects for it.
If detected, a soft error may be totally recovered from, but if the system has crashed, the computer needs to be "rebooted" before any data correction can occur. If they were both in the Lodge at the same time due to a cosmic error which, in terms of my example above, changes the number of apples in the cupboard while it's locked or changes the total number of apples available. If they weren't physically in the Lodge at the same time holds no bearing, it's that they were a part of the lodge. As long as Liz is accessing the Lodge Dud cannot. While humans allegedly built the Lodge, it is impossibly complex to the point where it has literal doors it can throw you backwards out of, possibly as a way of rebirth and possibly as a way of creating a "plant". Liz just as easily could have not been kept on her feet had her friends not been there the same way Duds was from his near death experiences, however they were there.
For a door that opens out, and that no one knows how to access, it sure as shit is not protected from the obvious safety-precaution; securing it from being opened from the outside. Maybe it has been attempted but it just always fell down. But when the light next to the door is being repaired for safety reasons it's not like anyone says hey if we don't know where this door leads and idk, maybe we have some voluntarily blind girl living and running around fixing her seizure problems like, let's maybe just take care of fix this other hazard.
Brute force is used to open doors all over the place in the show, even as far as being used as a "lockpick" (axe), but is never used to unlock THAT door, at least successfully or on screen. Maybe it can't be bruteforced the same way brute force can't be used to cheat bitcoin (it can't, at least today). Quantum computing poses a very real threat to this, and actually every "lock" we think is secure. Like, won't get into it too much and it's not this simple but imagine just asking the computer what your neighbors wifi password is and it just gives you the answer without having to try an approaching infinite number of possible solutions. A very real threat to bitcoin and as a matter of fact all modern encryption, however to scare you less if we're smart enough to pull it off we're at least smart enough to solve the problem before we get there (i've been assured by our friends at google that their contingency plans can't fail, they also told me the titanic never sank)

This at least approaches an explanation to the apparent deus ex machina that is Dud's death. The Lodge is not a joke, and has real control of things. While running it exposes powerful implications into the lives of its members and those around them. I think it's clear here that the duty of the knights of the lodge, to protect it, has greater meaning than we know.

To this same affect, we see another parallel for modern networked computing to work reliably -- redundancy. One man cannot keep the Lodge alive himself, nor can dwindling numbers of protectors. So make more of them, and why not spread them out so if an entire area is affected by say 10 hurricanes at once, it doesn't take down the whole lodge and working knowledge of things. Redundancy in computing means basically the same thing, keep servers in more than one place and have the data they serve backed up and available in more than one place. This also mitigates the probability of data loss, though not entirely. As the lodge in London had no idea the scrolls were removed and the xeroxes made may have gone the way of Orbis, and potentially only one copy of until they were recovered in Mexico.

So far, my only intention has been to make parallels that may have not been made so excuse me while I hurl myself over the side of the boat and bring this to my conclusion on what to make of all this. Skip ahead 2 paragraphs to ignore it.
Simulation Theory. As the always headstrong u/L_Marvin_Metz says so poignantly says "the earth is hollow". While, maybe meant to be taken at face value, it probably isn't. But figuratively speaking, definitely. So many of life's pursuits are hollow and we often see characters in the show being punished for these impure pursuits. What else could allow for impossible tunnels, resurrection, portals and magic? A lot of things but nonetheless, Simulation theory would also give a lot for credence to all the talk about "getting out", a reason why Liz and Dud can't be in the Lodge at the same time beyond some deus ex machina. Liz needs a reason to figure out the system and for her it's finding her brother. Whether or not she can (probably can't, if he is rebooted/born again why would that be up to us). Or that's what I'm going to postulate for season 3.
Either way the scrolls are there because of reasons no one intended, and all that talk about destiny and painting the future but not getting to actually make it up begin to make sense. The lodge will fulfill its purpose because it already has. The absurdity of simulation theory requires the possibility of multiple layers of simulation, as above and so too is below, also begins to make sense in this context. This could literally go anywhere so I'm gonna stop at this point. Dud is dead, for now in a sense. However, that's if him crashing out of that door covered in dirt wasn't just him falling out in the same sequence we observer it.
There may have been for a way less complex reason than I am making - that being actor availability and the inability to pay the highly in-demand Wyatt Russell both for opportunity cost on a show with a future unknown and for his actual need to have a minimum price that the show may not be able to pay.
However limited his role is has yet to be seen, and hopefully for the sake of everything will be seen next year, but we saw him get an emmy nomination in the finale -- at least I truly believe that (specifically when he denied the knighthood). But it could be from any episode this season probably. If he takes home the gold who knows what that extra prestige will do to any budgetary restraints on AMC's wallet in the future. Clearly he likes being in this show, so I see know reason why he wouldn't return as a lead if i'm at all correct about any of this.
Point of this being that we have no idea if any of this is intentional, if it was written in due to the unknown future of the show even after being renewed last year, always the plan, or not even touching on the plan. That's why deus ex machina can be both brilliant and convenient (Adaptation). If you execute it well, we, as an audience, can't say for certain how it entered the arena. I mean, specifically as a season finale. Plenty of other examples of it in the show, obviously. almost like it's part of a greater theme?
submitted by solarus to Lodge49 [link] [comments]

EDC Blockchain and ECRO System in the List of Major Blockchain Events 2019!

EDC Blockchain and ECRO System in the List of Major Blockchain Events 2019!
2019 showed that the Blockchain industry justifies the status of a technological revolution. Bitcoin's capitalization exceeded that of countries such as Turkey, Pakistan and South Africa. And China, India, and Nigeria have already bought cars, real estate and various services for an EDC coin!
Let's think about these and other events of last year, which had the greatest resonance.
Adoption of the cryptography law in China
Speculation and fiction are officially over! China at the state level said "yes" to Blockchain technology! The Chinese Communist Party now directly manages the Central Cryptography Agency. The agency will promote and support cryptography research, protect intellectual property rights and promote the development of public/private key technology, according to Primitive Foundation partner Dovey Wan.
Against this background, the Central Bank of China started talking about creating its own stablecoin, and Chinese President Xi Jinping said that the blockchain will be the main technology for important innovation breakthroughs! The Crypto market reacted instantly: bitcoin rose by more than $2000 in one week of October (from $7500 to $9500), while EDC quotations reached 1 US cents. The optimism then decreased again when it became clear that the Chinese are still fundamentally distinguishing between the notions of "Blockchain" and "Cryptocurrencies".
Bitcoin futures launch
On September 23, 2019, ICE Corporation (International Exchange) started trading daily and month bitcoin futures on the Bakkt platform.
The platform was officially approved by the U.S. Futures Trading Commission (CFTC), and bitcoin deposits of users are insured for $125 million.
The appearance of this platform was associated with certain expectations: the growth of bitcoin to $ 20,000, and the accession of institutional investors. As we already know, these forecasts did not come true, and the peak daily trading volume did not exceed $43 million. Nevertheless, the expectations from this news remain high: both the prestige and liquidity of the market can only improve.
Project Libra's failure
On June 18, the release of Facebook's own cryptographic currency called Libra was to be launched. By all primary signs, the coin could become a market favorite, and the project participants included Visa, Mastercard, eBay, and other major online platforms.
However, it did not work out: problems with regulators reached the hearings in the U.S. Congress, where Mark Zuckerberg himself had to personally promise that Libra will not be launched until all regulators approve of it, and Facebook may even leave the founders.
Project stoppage TON
GRAM Token from Telegram is another "loser" in the big games of life. The developers managed to make the initial offer (ICO) for 1.7 billion dollars and even presented a compiled test wallet. But the U.S. Securities and Exchange Commission (SEC) expressed confidence that GRAM at the token trading stage was sold illegally, falling under the definition of a security.
Now Pavel Durov is facing long legal proceedings, and the project is frozen for an indefinite period. This "triumph" of U.S. market regulators once again underscores the fact that big money at the stage of the birth of new players on the crypto market plays a much smaller role than the real value of coins and technology.
EDC Blockchain Coin constructor for entrepreneurs
Producers of goods and services and businessmen in various niches can now create their own bonus token or a full-fledged cryptographic currency using PoS mining without having at their disposal a team of IT professionals, ICO access opportunities or huge investments. Specialists of the EDC Blockchain platform offered the market a technological coin constructor and ready-made package solutions for the development of small and medium businesses.
It has never been easier to token and scale any project or startup. The constructor is available to all users of the EDC platform, which offers customers a number of bonuses (for example, an automatic listing of new coins on partner exchanges, marketing support and advertising at the level of its international community). A real step forward in business tokenization.
Start of a self-contained blockchain ecosystem ECRO System
Specialists of ECRO Chain Holding, under whose leadership ECRO System projects function, were able to create a "bridge" between the crypto industry and real business.
ECRO System provides an environment for cooperation between manufacturers, sellers and consumers anywhere in the world, including global marketplace, exchange, trading platform, a launching platform for startups, additional services and even an academy for educational purposes. In a global eco-system using a blockchain, a variety of goods and services are safely sold and purchased, any coins are exchanged conveniently and quickly, and new technology projects are made possible. And the ecosystem is expanding geographically by training its own marketers. Application of blockchain, technologies of an artificial intellect, a crypto-merchant allow ECRO System to create conditions for the reliable digital economy.
Crypto trading authorization for German banks
The Bundesrat passed a law allowing German banking institutions to officially sell and buy cryptocurrencies. Discussions in financial circles are still ongoing, as confidential transfers open up space for illegal transactions and money laundering. But the fact is that Vice-Chancellor of Germany Olaf Scholz advocated the creation of a national digital currency, and Sven Hildebrandt, head of the consulting company DLC, is confident that Germany will become a "cryptocurrency paradise".
Official cooperation of Ukraine with Binance Crypto Exchange
Binance International exchange has signed an official memorandum on cooperation with the Ministry of Digital Transformation of Ukraine. Popularization and legalization of the cryptographic industry in Ukraine led to a sharp increase in the interest of global exchange and trading services to start working in one of the largest European countries.
On November 6, the Verkhovna Rada adopted a draft law on the implementation of FATF rules, which regulates all basic concepts and legal aspects of virtual assets that can be considered as property or can be used for payment and investment purposes.
The draft law on asset tokenization, which will allow private and public companies to conduct commercial transactions with their assets in the form of tokens or crypto-stocks, is under development.
We are living at the peak of historical technology development when the speed of real technical changes outpaces even the speed of human imagination. The year 2020 could be a "quantum leap" in cryptographic technology around the world.
The world economy, as well as small and medium businesses, seems to be best prepared for the wide range of opportunities offered by the Blockchain. The EDC Blockchain and ECRO System project teams will continue to develop their products and services in order to maximize the quality of life of modern people through blockchain innovations. We wish you a successful 2020 year filled with new technologies!
via https://blockchain.mn
#edcblockchain #cryptocurrency #global_platform #graphene #lpos #coin_constructor #masternode #leasing #edc #edccoin #edcmining
submitted by EDC-Blockchain to u/EDC-Blockchain [link] [comments]

Beginners Introduction Guide for Pundi X

Beginners Introduction Guide for Pundi X


Executive Summary;

Pundi X’s mission is to make buying crypto currency as easy as buying bottled water. As the Walmart and 7-Eleven of crypto currency, we want users to buy and use crypto currency anytime anywhere.
Pundi X a leading Singaporean-based blockchain company recently ranked by KPMG as one of the world’s “Emerging 50” firms that are at the forefront of innovative technologies and practices in its 2018 Fintech100 report of Leading Global Fintech Innovators.
We have a product poised for mass adoption infrastructure, where consumers can buy and sell crypto at any participating retailer and spend their crypto.
For every transaction, through the XPOS (which is a point of sales) machine, there will be a token burn coming. Token burns mean reduced supply over time. The more machines in outlets and more people using crypto means supply will decrease, therefore the demand will increase. Pundi X will not be an erc20 token for long, Pundi X is creating its own blockchain called the f(x) blockchain.

- Instant transactions worldwide 24/7.
- No monthly charges or any hidden fees.
- Merchants will receive revenue back, a whopping 65% from the total transaction fee, on every single Crypto related transactions.
- Consumers can readily buy/sell Crypto currencies straight from the actual XPOS device.
- No Banks needed, hence serving the un-banked and the under-banked population.
- Merchants can receive payment in their local fiat to avoid Crypto fluctuations.
- Supports Mobile payments, NFC, QR Code and all current traditional payments.
- The POS can setup your inventory, loyalty programs, ads, and print smart receipts.
- Avoid high Visa/MasterCard/Credit Card fees using XPOS solutions.


- 5,500 XPOS Dispatched already to 25 countries.
- Tested over a two day period in the Historical first ever crypto mass event with "Ultra Taiwan Music Festival" with 30,000 + attendees, went flawlessly, (see videos on Pundix Official YouTube Channel).
- 7,000 More XPOS going out soon.
- 300,000 XPASS dispatched.
- 60,000 + Transactions over the XPOS.
- 20 + Top Crypto Exchanges.
- 45 + Events attended.
- 150 + Team members.
- 7 Head Offices globally.

Function X Blockchain – A game Changer:


The f(x) (short for Function X) blockchain under current test environments, each XPOS is an f(x) node; all data from the XPOS will be fully encrypted and stored in f(x) low level IPFS. Our IPFS is one that is specially designed for XPOS, f(x) and other smart devices. The f(x) public ledger will record all transactions, and the chain deploys sharding and PBFT.
At Pundi X, we believe that open source is the way to go and to strengthen the blockchain community. We will gradually enable all of our operating system and f(x) chain’s code to be open source. It will be free for all Dapp software and hardware manufacturers to develop products for the f(x) ecosystem, hence achieving true decentralization. Let’s all work together and re-engineer a decentralized world.

10x for Speed;
Visa can run 7,000–20,000 transactions-per-second (“TPS”). Any blockchain that offers small multiples of speed improvement is unlikely to displaced a tried-and-tested system like Visa. A 10X increase means 200,000K TPS has to be achieved.
Our upcoming blockchain called Function X (fx for short), we have to make sure we are comparable if not faster, at 10X it is at least 200,000 TPS, not just on paper, but in real application.
Sharding depends heavily on the availability of nodes. Confirmation processes increase by an order of magnitude when you increase node counts, we are already deploying the XPOS which will act as nodes.

10x for Scaling;
Scalability in a restaurant means how fast can you serve your meals, the faster you can scale, the more business you can have. Therefore, companies like McDonald’s spend a lot of effort shortening the time between ordering and checkout to serve its customers.
Scalability in blockchain is similar: it depends on the code (how fast can the burgers be flipped) and also nodes (how many cashiers can confirm the order). So whose code is the best? We will only know when proven. And what about nodes? The blockchain with the largest nodes will prevail. Currently Ethereum has the most nodes, but maybe not for long.

10x for Consensus;
And what about nodes? The blockchain with the largest nodes will prevail. Currently Ethereum has the most nodes, but maybe not for long.
With our minimum plan to roll out 100,000 XPOS in three years, we will be able to scale up transaction numbers significantly as the number of XPOS devices increases.
Can we do much more than 200,000 TPS? Let’s analyze: Sharding is a process of dividing a global network into pieces of a local network.
Each local network would then take charge of two-thirds consensus so that a particular transaction is verified in the local network and then broadcast to the global network.

Five Pillars of Function X Blockchain;

  1. Fx Operation System - (ROM) Android-modified blockchain-enabled operating system. Users can switch seamlessly between fx blockchain and regular everyday android mode.
  2. FXTP - (Web Protocol). Decentralized transmission protocol (P2P) and similar to https.
  3. Docker - Open Source platform for developers to build, ship, and run distributed applications (DApps).
  4. IPFS - Storage of various contents.
  5. Public Blockchain - A High performance and secure public blockchain.

More details here;
The Road ahead: https://medium.com/pundix/f-x-%EC%95%9E%EC%9C%BC%EB%A1%9C-%EA%B0%80%EC%95%BC%ED%95%A0-%EA%B8%B8-cb258f0e397c

The XPhone;

The XPhone, and the first true blockchain phone call, we demonstrated to thousands that we had a new protocol for communication that could take blockchain beyond the world of financial transfers. The X phone is powered by Function X OS which is based off the Android OS 9.0, so there is a backward compatibility with any Android apps.
Blockchain-based calling and messaging can be toggled on and off on the phone operating system, which builds upon Android 9.0.
On the blockchain mode, the services in the XPhone can operate completely independently of centralized carriers. Users can route phone calls, messages, and data via blockchain nodes without the need for centralized service providers.
The XPhone is in fact the first mobile phone that can run completely on a decentralized ecosystem powering telephony, messaging, and data transmission. The XPhone itself significantly expands the use of blockchain technology beyond financial transfers.
Every XPhone is also a node on the network to contribute to the operation of the blockchain ecosystem. Content and connectivity are organized in a distributed, node-to-node manner.

- Every device in the Function X ecosystem will be a node and each will have its own address and private key, uniquely linked to their node names, not unlike traditional URL and IP addresses.

- The OS can be overlayed to any existing Android devices without any compromises and compliment as a node to the function X blockchain.

- Using a new DApp published on Function X, Zac hailed a New York City cabbie from midtown Manhattan to Central Park via a smart contract executed on Function X. The taxi order was both conducted and recorded on-chain and by-passing any ride-hailing service via XPhone.

- In the browser, you may browse the traditional Internet via HTTP or use the blockchain Internet via FXTP.

- In f(x) OS, users are able to switch seamlessly between two modes. The blockchain mode allows a user to be connected to the blockchain - everything which you do in this mode like texting, calling, taking photos, browsing, etc. will be transmitted via the blockchain. In the traditional mode, it is like any other Android phone.

- You can develop DApps for X Play Store and regular apps for Google Play Store.
Note: Final design and specs are subject to change.

The FX blockchain: Giving data control back to users and creators.
“What this all means is that data control can and must be given back to users,” said Pundi X Founder and CEO Zac Cheah.

“Telecommunications and Internet companies have derived tremendous value from controlling data. By decentralizing apps, we can put this data onto a smart contract, effectively giving control back to creators and to users”.

“Much of what we call peer-to-peer or ‘decentralized’ services continue to be built upon centralized networks. We are changing that,” added Cheah.

Mobile devices as nodes;

“Scalability in blockchain is derived from the number and geographic spread of nodes. It is clear how achieving a critical mass in terms of scale will require something with a high utility for people. The XPhone thus has the potential to establish a large global pool of nodes,” said Pitt Huang, co-founder and CTO of Pundi X.

“And with Function X offering people the choice to be independent of a centralized communications network we’ve created a new use, a high and universal utility for blockchain. In turn, this will give life to a network large enough to support better scale, throughput, and new potential applications, plus true decentralization that has so far eluded blockchain.”

YouTube in-depth close up videos;
  1. Introduction to XPhone - Part 1 of 6
  2. Bringing Function X to life with the XPhone - Part 2 of 6
  3. Setting XPhone up as a Node - Part 3 of 6
  4. Using the XPhone to manage your files and browse the web - Part 4 of 6
  5. Blockchain-based text messaging on the XPhone - Part 5 of 6
  6. Blockchain Call on the XPhone - Part 6 of 6

More details here;
Website; https://functionx.io

All Partnerships (so far):

Major Partners:
-American Chamber of Commerce Korea, AMCHAM is the largest foreign chamber in Korea with around 1,800 individual members from almost 900 member companies with diverse interests and substantial participation in the Korean economy.
Their partners includes, MacDonald’s, Star Bucks, Hyundai, United Airlines, Citi, Hawaiian Airlines, MetLife, Ford, Honeywell, Johnson & Johnson, Bayer, Cisco, HUB, Nike, Oracle, Kelly, Philip Morris, Hyosung, Cigna, Kim & Change, Pfizer Korea, and many more, see link below;

-Ebooc (Government UEA) Ebooc and Pundi X will provide several other applications for consumers such as making retail payments; paying for government services, fees and fines; utilities and bills; telecommunication bills and school fees on POS devices running a stable, digital equivalent of traditional fiat currencies in the region.
The move brings our world-leading, blockchain-based XPOS technology, XPASS card and e-wallet to the Gulf, Middle East and North Africa region for the first time with Ebooc as the official partner under the terms of a strategic partnership agreement as executed.
Additional Back information about the Founder of Ebooc: Entrepreneur & Senior UAE Government Official with deep Government experience of over 20 years. From his current role as Assistant Undersecretary, Industrial Development Sector at Ministry of Economy, UAE, Abdalla has been able
to participate in policy-making and planning strategy for ministry of Economy and oversee the operations and major projects within the industrial sector.
Developing action plans and programs for the industrial sector, overall supervision of the industrial licenses issued by the ministry, General supervision of Institutions Support Department, which specializes in conducting necessary studies for the development of industrial exports.
Regulations and specifications of Foreign Affairs in coordination with stakeholders Prior to this was the CEO strategic planning & affairs at Emirates Post Group was on the Board of Directors of Wall Street Exchange Chairman of the Executive Committee ; Vice Chairman of the Emirates Marketing & Promotion Corp. Board Member of the Emirates Courier Services – Empost.

-NEM, (Deal to deploy additional 20k XPOS units) A commitment to use NEM's blockchain technology to produce 20,000 of the world's first NEM-based POS terminals, called NEM XPOS.
To foster this project, we completed a private allocation totalling US $ 17 million (USD) on April 5, 2018. The fund will be used for technical integration and production of at least 20,000 XPOS NEMs over a three-year period.

-Ubivelox, they have become an international innovator in the development of smart cards, mobile communications and blockchain (ranked 6th largest in the world). The two companies will work together on XPOS and XPASS technology development, security and market deployment, which will not only facilitate the promotion of Pundi X in Korea, but also help accelerate the layout in the global market.

-QEX Fund SP; At Consensus: Invest 2018 in New York, we introduced the QEX fund in partnership with Quantum Energy Asset Management (QEAM). QEAM & R.E. Lee International Capital unveil $100 million fintech-focused hybrid fund, QEX Fund SP.
Vic has over three decades of experience in banking and securities, including as the former Chief Operating Officer, Asia Pacific, for Global Transaction Services at Bank of America Merrill Lynch, and as the former Chief Risk Officer at Hong Kong Exchanges and Clearing.
“The combined expertise of QEAM, R.E. Lee International Capital and Pundi X provides a differentiated offering and a strong edge, amplifying the unique proposition of traditional finance and technological expertise in fintech and emerging innovative technologies such as blockchain,” said Mr. Tham. “It is rare to bring together a team that has decades of experience in fund management, securities, banking and also emerging fintech and blockchain technology all under one roof.”
R.E. Lee International Capital Pte. Ltd. QEX Fund SP is targeting a USD $100 million fund size with a minimum subscription of USD $300,000 and is available to non-US accredited investors from today. For further information, please email to;
[[email protected]](mailto:[email protected])


The F(x) Coin;

The f(x) ecosystem is fully decentralized. It’s designed and built to run autonomously in perpetuity without the reliance or supervision of any individual or organization.
To support this autonomous structure, f(x) Coin which is the underlying ‘currency’ within the f(x) ecosystem has to be decentralized in terms of its distribution, allocation, control, circulation and the way it’s being generated.


Broadly, there are four main participants in the f(x) ecosystem, as shown above:
  • Consumer: Users enjoy the decentralized service provided by the f(x) ecosystem.

  • Infrastructure Service Provider: Providing infrastructure service like the ones provided by mobile carrier, Amazon AWS but in a decentralized way.

  • Developer: Building DApp upon f(x) network like Uber, AirBnb, Alibaba.

  • Financial Service Provider: Providing liquidity of f(x) coin like NASDAQ, Morgan Stanley.

Infrastructure service provider, Developer and Financial service provider contribute the seamless operation and service shall generate the positive circulation, innovation and value flow to the f(x) ecosystem.

The value flow of the Function X ecosystem;
  • Infrastructure service provider can offer the service, such as Blockchain, FXTP, DDocker and IPFS to earn f(x) Coin.

  • Developer can build applications upon f(x) OS to earn f(x) Coin and at the same time they need to pay for the infrastructure service.

  • Consumer enjoys the service and pays for the service in f(x) Coin.

  • Developer and infrastructure service provider shall earn f(x) Coin in return by providing their service and they can liquidate it through the financial service provider to earn some profit.

Together, these four participants will create a positive value flow. More service providers will enhance the quality of service and attract more consumers. More consumers will bring more value to the ecosystem by attracting more service providers,and creating f(x) Coin liquidity.
Deep liquidity of f(x) Coin will attract more financial service providers to enhance the stability and quality of liquidity. This will attract more service providers to the ecosystem.

Utility of f(x) Coin;

f(x) Coin is the native ‘currency’ of the Function X blockchain and ecosystem. Services rendered in the ecosystem will be transacted with the f(x) Coin. Possible scenarios include:
  • For service providers: To get paid by developers, companies and consumers for providing storage nodes, DDocker and speeding up of network connections. The role of service providers will described in other sections.

  • For consumers: To pay service fees for using DApps, nodes, network resources, storage solutions and other services within the f(x) ecosystem.

  • For developers: To pay for services and resources rendered in the ecosystem such as smart contract creation, file storage (paid to IPFS service provider), code hosting (paid to DDocker service provider), advertisements (paid to other developers) and others. To get paid by the enterprises or organizations which require the developer’s service.

  • For enterprises or organizations: To pay for service fees, developer fees and advertisements. Services provided to consumers will be charged and denominated in f(x) Coin.

  • For phone and hardware manufacturers: To pay for the Function X Operating System customization. Note: we plan to only build a few thousands of the XPhone flagship handsets and leave the rest to third-party manufacturers to build more using our operating system.

  • For financial institutions: to receive payment for financial services rendered for the ecosystem.

  • Many more future scenarios.

Hence f(x) Coin can be used as ‘currency’ for the below services,
  • In-app purchases
  • Blockchain calls
  • Smart contract creations
  • Transaction fees
  • Advertisements
  • Hosting fees

Updated fx article:

Payment solutions;

Visa, MasterCard, Apple Pay, Samsung, American Express, BNB, LTC, XVG, NPXS, E2Pay.co.Id, Alipay, M-bayar, Go Pay, WeChat, Xpos Consortium, Ubivelox, XPOT and many more.
Manticora Capital, Bit Captial, Ubivelox, BlockPay and more to follow.
NEM, UTrust, GGOX, Verime, Wanchain, Stella, Genaro Network. More to follow.

Why Pundi XPOS;

Pundi XPOS not only facilitates cryptocurrency payment or transactions but also accepts transactions through mobile wallets and traditional bank cards.
Our POS solution can support retail intelligence, inventory management, order management, marketing and loyalty programs. Pundi XPOS device is an all-in-one solution for retailers.
· Accept cryptocurrency as payment
· Intelligence clearing system to increase the value of the store properties
· Selling and buying crypto currencies
· Support BTC, ETH, NPXS, BNB, XEM, QTUM, XVG, ACT, LTC, DGD, XLM and more crypto currencies.
· Support cryptocurrency payment card, such as Pundi XPASS card.
· Support mobile payment apps, such as Alipay, Visa, Mastercard, ApplePay, E2Pay, Go-Pay, Pundi-Pundi, and WeChat Pay.
· Support cryptocurrency wallet payment, such as Qbao, X Wallet, Nem Wallet and more.
· Establish credit history and reduce financial risks
· Provide a gateway for financial service providers
· Support loyalty / membership management system
· Support promotional and NPXS reward system
· Support 3rd party delivery and logistic service providers

Additional factors;
- Instant Transactions - XPOS transactions happen instantly at less than 0.5 seconds. No delays. Just pay and go.

- Fiat Settlement without Volatility - To avoid any volatility risk, merchants will receive their settlement in fiat money.

- Work Easily With XPASS & XWallet - The XPASS card is an easy-to-use tap card for crypto beginners. Top it up with your preferred cryptocurrency and pay with ease. You can also pair your XPASS card onto the XWallet mobile app and use it with the XPOS.

- Support Multiple Cryptocurrencies - The XPOS is cryptocurrency-neutral, so you can transact with your favorite coins or tokens like BTC, ETH, BNB, NPXS, etc.

- Buy Cryptocurrency With Ease - In addition to making payment, customers can purchase cryptocurrency like Bitcoin from the XPOS with ease. The experience is as easy as buying a cup of coffee.

- Merchants get back 0.65% of the total fee for every crypto transactions.

Please see the Medium reports for more details on all developments to date: https://medium.com/@PundiXLabs

XPOS Order Form;
XPASS Card Order Form;


The XWallet mobile app connects regular digital asset wallets with the Pundi X payment ecosystem. It allows users to easily make payments in physical stores via the XPOS & e-commerce using our "Collect" feature of the app.


The XWallet can also be paired with the XPASS, making it a digital payment app that can be used anytime, anywhere. To download App for Android or ISO see below and to see a built-in guide for merchants and users guide are within the actual XWallet App or here:

Merchants Collect Feature (e-commerce);

1. Submit an XWallet Merchant application via the app and once the application gets approved, then your “Collect” page would be marked with “Pundi X verified merchant”.
2. You can open the XWallet app, then show the QR code on “Collect” page for customers to scan and pay;
3. You can also tap “Save” on “Collect” page to download your QR code as a picture, print it out, and place it by the checkstand for customers to scan and pay. This would be a more convenient way to collect payments.
4. Collected cryptocurrency assets would go directly to the XWallet Merchant’s Virtual Card account.

My actual QR code, scan to see UI on XWallet.

This is a powerful tool for e-commerce's to upload their QR Code on websites payout section. Sending any supported currencies on the X Wallet is accepted by one single QR Code, such as the above.

XPass Cards;

You can easily manage your digital assets, check your current balance, or top-up in the XWallet. By default, each user will have a virtual XPASS card in the app. You can also pair your XWallet with your Pundi XPASS card to make payments directly from the app when needed.
If you lose the XPASS card, you can transfer all your tokens from the XPASS card to the XWallet app or to another XPASS card.


Instant Payments Online or Offline;

Transactions via an internet-connected XWallet or XPASS can be processed immediately, while offline transactions can be made by scanning the QR code, which will later be uploaded onto the blockchain. The XWallet, in short, keeps up with your busy lifestyle.

How to top up your XWallet from other wallets;
  • Select the ‘Card’ icon and choose the virtual card.
  • Select the type of currency you want to top up.
  • Tap on the ‘Receive’ icon and choose ‘View address’.
  • Copy the top-up address or scan the QR code.
  • On your other wallet, choose the correct type of cryptocurrency and insert the XWallet top-up address to make the transfer.
(Note: The speed of transferring tokens from other wallets to the XWallet app varies, depending on their relevant blockchain network conditions. To make instant payment transaction at any XPOS merchant, we recommend users top up their XWallet account from other wallets at least 6 hours before using the app.).

XPASS Card Order;

Burning of NPXS;

A quick summary of Pundi X token’s utility on each and every transaction:
  1. A bit of it is burnt for every crypto related transaction that happens in through our XPOS.
  2. The token is used to list other tokens in our XPOS, for example, QTUM paid us a sum of NPXS to be listed later in our XPOS, and this will include future coins that will be listed in our XPOS.
  3. Loyalty programs are made & paid with NPXS.
  4. Ads that run through our XPOS are also paid in NPXS.
  5. Future products will be paid with NPXS.
  6. Claim goods and services from merchants.

The XPOS is comprised of two parts, the consumer and merchant.

The Point of Sale device (XPOS);

For the merchants;
  1. You get 1% extra as a fee. You can set it up from 0-3%, but we recommend 1% fee.
  2. You can sell crypto again with that 1% fee.
  3. You can sell the XPASS cards.
  4. The POS can setup your inventory, loyalty programs, ads, and print smart receipts.
  5. You can accept crypto, again the 1% fee.
  6. You will be one of the first to change how the world uses crypto.

For the XPASS holders;
  1. They can liquidate their crypto assets through our merchants, hassle free.
  2. They get a special discount.
  3. If you lose the XPASS black card, we are able to recover it (as long as you have the security card).

Unlocked tokens;

To better comply with ever-changing regulatory requirements, our legal team has advised the company to release the remaining unlocked tokens, starting from April 1, 2019, and to complete the program early by the end of June, 2019. Given the shortened period, we will increase the unlocked-token rate over the next three months. Please note that the total distributed amount of the tokens will remain the same as stated in the whitepaper.

You need to hold your NPXS or NPXSXEM on supported exchanges or wallets such as XWallet, Binance, Imtoken or in any ERC20 wallets that you control your private key.
Snapshots will be done on a daily basis and at random times for the next 3 months.
The unlocked tokens are calculated on your total tokens held, which are then distributed. Program schedule below;

Starts: 00:00:00 GMT+8 on March 1, 2019
Ends: 23:59:59 GMT+8 on May 31, 2019
Unlocked token rate per month: 11.063%

You need to hold the whole month to receive the full %. If you hold less days, you will receive less %.
We recommend you to use an ERC20 wallet that you control your private key, because Binance for example uses their own system, so if they do their calculations wrong, it wont be Pundi X's fault. Supported wallets and exchanges below:

BinanceOkcoinkrBittrex InternationalHotbit - npxsxem tokens supportedWazirXUpbit
Xwallet - npxsxem tokens supportedCoinmiEthosImtokenTrust walletEnjinEidooExodus
Web Wallets;
MyEtherWalletMetaMaskMistParityGeth LedgerXwallet Web - npxsxem tokens supported
Hardware Wallets;
Ledger Nano S


The formula to calculate the base of your NPXS/NPXSXEM monthly holdings is the same as previous months but the rate is adjusted:
[(The average of the daily lowest NPXS amount of the month X 10%) + (the daily average NPXS amount of the month X 90%)] X 11.063%

Decentralized Staking;

This will be a new option in addition to transferring NPXS / NPXSXEM into the XWallet.
The Team is working hard to enable the private wallet option before March 10, the day of this "OPTIONAL" staking process kicking off.

We will do this by having holders “register” their own ERC20 or NEM wallet public address, in XWallet so that we can properly track the holdings of NPXS / NPXSXEM in those wallets to enable decentralized staking", allowing you to get the fx coins in the Xwallet, whilst getting your normal unlocks where you're getting them now. Nano S will be supported as well.

Case study of fees;

▪ 100% of Pundi X’s revenue that is generated through transactions on the XPOS will be removed permanently from our NPXS token circulation (and that's called token burn). This means that if Pundi X makes $1 of revenue from a transaction, they will take $1 worth of NPXS out of circulation permanently. NPXS tokens taken out of circulation will never be able to re-enter the circulation in any way as they will no longer exist.

▪ if the transaction is made in Pundi X tokens, we will take the tokens immediately out of the total supply. If the transaction is made in other tokens or fiat, we will use the proceeds to buyback NPXS, after which we will permanently remove the NPXS tokens from circulation and ensure they can never re-enter circulation.

▪ In case of a fiat to crypto transaction (including a payment with mastercard/visa) NPXS will be also burned.

▪ Case study 1: a user buys $1,000 worth of crypto from a merchant in a store using Pundi XPASS card. The total charge a user has to pay is $1,010; $1,000 for the crypto and $10 for the service fees. Of the $10 received, $6.50 is paid to the shop merchant for rendering this service. $3.50 is paid to Pundi X for providing XPOS (switch) and XPASS (Issuer) service.



Contact Us;

Please also read the white paper which can be found on the official webpage: https://pundix.com/
A detailed simple guide for Pundi X in Spanish language;

Twitter: https://twitter.com/PundiXLabs
Telegram: https://t.me/Pundix
Facebook: https://www.facebook.com/pundixlabs/?_rdc=1&_rdr
LinkedIn: https://www.linkedin.com/company/pundipundi/

submitted by Superbit123 to PundiX [link] [comments]

Information and FAQ

Welcome to the official IOTA subreddit.
If you are new you can find lots of information here, in the sidebar and please use the search button to see if your questions have been asked before. Please focus discussion on IOTA technology, ecosystem announcements, project development, apps, etc. Please direct help questions to /IOTASupport, and price discussions and market talk to /IOTAmarkets.
Before getting started it is recommended to read the IOTA_Whitepaper.pdf. I also suggest watching these videos first to gain a better understanding.
IOTA BREAKDOWN: The Tangle Vs. Blockchain Explained
IOTA tutorial 1: What is IOTA and some terminology explained


Firstly, what is IOTA?

IOTA is an open-source distributed ledger protocol launched in 2015 that goes 'beyond blockchain' through its core invention of the blockless ‘Tangle’. The IOTA Tangle is a quantum-resistant Directed Acyclic Graph (DAG), whose digital currency 'iota' has a fixed money supply with zero inflationary cost.
IOTA uniquely offers zero-fee transactions & no fixed limit on how many transactions can be confirmed per second. Scaling limitations have been removed, since throughput grows in conjunction with activity; the more activity, the more transactions can be processed & the faster the network. Further, unlike blockchain architecture, IOTA has no separation between users and validators (miners / stakers); rather, validation is an intrinsic property of using the ledger, thus avoiding centralization.
IOTA is focused on being useful for the emerging machine-to-machine (m2m) economy of the Internet-of-Things (IoT), data integrity, micro-/nano- payments, and other applications where a scalable decentralized system is warranted.
More information can be found here.


A seed is a unique identifier that can be described as a combined username and password that grants you access to your IOTA.
Your seed is used to generate the addresses and private keys you will use to store and send IOTA, so this should be kept private and not shared with anyone. If anyone obtains your seed, they can generate the private keys associated with your addresses and access your IOTA.

Non reusable addresses

Contrary to traditional blockchain based systems such as Bitcoin, where your wallet addresses can be reused, IOTA's addresses should only be used once (for outgoing transfers). That means there is no limit to the number of transactions an address can receive, but as soon as you've used funds from that address to make a transaction, this address should not be used anymore.
When an address is used to make an outgoing transaction, a random 50% of the private key of that particular address is revealed in the transaction signature, which effectively reduces the security of the key. A typical IOTA private key of 81-trits has 2781 possible combinations ( 8.7 x 10115 ) but after a single use, this number drops to around 2754 ( 2 x 1077 ), which coincidentally is close to the number of combinations of a 256-bit Bitcoin private key. Hence, after a single use an IOTA private key has about the same level of security as that of Bitcoin and is basically impractical to brute-force using modern technology. However, after a second use, another random 50% of the private key is revealed and the number of combinations that an attacker has to guess decreases very sharply to approximately 1.554 (~3 billion) which makes brute-forcing trivial even with an average computer.
Note: your seed is never revealed at at time; only private keys specific to each address.
The current light wallet prevents address reuse automatically for you by doing 2 things:
  1. Whenever you make an outgoing transaction from an address that does not consume its entire balance (e.g. address holds 10 Mi but you send only 5 Mi), the wallet automatically creates a new address and sends the change (5 Mi) to the new address.
  2. The wallet prevents you from performing a second outgoing transaction using the same address (it will display a “Private key reuse detected!” error).
This piggy bank diagram can help visualize non reusable addresses. imgur link
[Insert new Safe analogy].

Address Index

When a new address is generated it is calculated from the combination of a seed + Address Index, where the Address Index can be any positive Integer (including "0"). The wallet usually starts from Address Index 0, but it will skip any Address Index where it sees that the corresponding address has already been attached to the tangle.

Private Keys

Private keys are derived from a seeds key index. From that private key you then generate an address. The key index starting at 0, can be incremented to get a new private key, and thus address.
It is important to keep in mind that all security-sensitive functions are implemented client side. What this means is that you can generate private keys and addresses securely in the browser, or on an offline computer. All libraries provide this functionality.
IOTA uses winternitz one-time signatures, as such you should ensure that you know which private key (and which address) has already been used in order to not reuse it. Subsequently reusing private keys can lead to the loss of funds (an attacker is able to forge the signature after continuous reuse).
Exchanges are advised to store seeds, not private keys.


Buying IOTA

How do I to buy IOTA?

Currently not all exchanges support IOTA and those that do may not support the option to buy with fiat currencies.
Visit this website for a Guide: How to buy IOTA
or Click Here for a detailed guide made by 450LbsGorilla

Cheapest way to buy IOTA?

You can track the current cheapest way to buy IOTA at IOTA Prices.
It tells you where & how to get the most IOTA for your money right now. There's an overview of the exchanges available to you and a buying guide to help you along.
IOTAPrices.com monitors all major fiat exchanges for their BTC & ETH rates and combines them with current IOTA rates from IOTA exchanges for easy comparison. Rates are taken directly from each exchange's official websocket. For fiat exchanges or exchanges that don't offer websockets, rates are refreshed every 60 seconds.

What is MIOTA?

MIOTA is a unit of IOTA, 1 Mega IOTA or 1 Mi. It is equivalent to 1,000,000 IOTA and is the unit which is currently exchanged.
We can use the metric prefixes when describing IOTA e.g 2,500,000,000 i is equivalent to 2.5 Gi.
Note: some exchanges will display IOTA when they mean MIOTA.

Can I mine IOTA?

No you can not mine IOTA, all the supply of IOTA exist now and no more can be made.
If you want to send IOTA, your 'fee' is you have to verify 2 other transactions, thereby acting like a minenode.

Storing IOTA

Where should I store IOTA?

It is not recommended to store large amounts of IOTA on the exchange as you will not have access to the private keys of the addresses generated.


GUI Desktop (Full Node + Light Node)
Version = 2.5.6
Download: GUI v2.5.6
Guide: Download/Login Guide
Nodes: Status
Headless IRI (Full Node)
Version =
Download: Mainnet v1.4.1.4
Find Neighbours: /nodesharing
UCL Desktop/Android/iOS (Light Node)
Version = Private Alpha Testing
Website: iota-ucl (Medium)
Android (Light Node)
Version = Beta
Download: Google Play
iOS (Light Node)
Version = Beta Testing
Website: https://iota.tools/wallet
Paper Wallet
Version = v1.3.6
Repo: GitHub
Seed Vault
Version = v1.0.2
Repo: GitHub7

What is a seed?

A seed is a unique identifier that can be described as a combined username and password that grants you access to your wallet.
Your seed is used to generate the addresses linked to your account and so this should be kept private and not shared with anyone. If anyone obtains your seed, they can login and access your IOTA.

How do I generate a seed?

You must generate a random 81 character seed using only A-Z and the number 9.
It is recommended to use offline methods to generate a seed, and not recommended to use any non community verified techniques. To generate a seed you could:

On a Linux Terminal

use the following command:
 cat /dev/urandom |tr -dc A-Z9|head -c${1:-81} 

On a Mac Terminal

use the following command:
 cat /dev/urandom |LC_ALL=C tr -dc 'A-Z9' | fold -w 81 | head -n 1 

With KeePass on PC

A helpful guide for generating a secure seed on KeePass can be found here.

With a dice

Dice roll template

Is my seed secure?

  1. All seeds should be 81 characters in random order composed of A-Z and 9.
  2. Do not give your seed to anyone, and don’t keep it saved in a plain text document.
  3. Don’t input your seed into any websites that you don’t trust.
Is Someone Going To Guess My IOTA Seed?
What are the odds of someone guessing your seed?
  • IOTA seed = 81 characters long, and you can use A-Z, 9
  • Giving 2781 = 8.7x10115 possible combinations for IOTA seeds
  • Now let's say you have a "super computer" letting you generate and read every address associated with 1 trillion different seeds per second.
  • 8.7x10115 seeds / 1x1012 generated per second = 8.7x10103 seconds = 2.8x1096 years to process all IOTA seeds.

Why does balance appear to be 0 after a snapshot?

When a snapshot happens, all transactions are being deleted from the Tangle, leaving only the record of how many IOTA are owned by each address. However, the next time the wallet scans the Tangle to look for used addresses, the transactions will be gone because of the snapshot and the wallet will not know anymore that an address belongs to it. This is the reason for the need to regenerate addresses, so that the wallet can check the balance of each address. The more transactions were made before a snapshot, the further away the balance moves from address index 0 and the more addresses have to be (re-) generated after the snapshot.

What happens if you reuse an address?

It is important to understand that only outgoing transactions reveal the private key and incoming transactions do not. If you somehow manage to receive iotas using an address after having used it previously to send iotas—let's say your friend sends iotas to an old address of yours—these iotas may be at risk.
Recall that after a single use an iota address still has the equivalent of 256-bit security (like Bitcoin) so technically, the iotas will still be safe if you do not try to send them out. However, you would want to move these iotas out eventually and the moment you try to send them out, your private key will be revealed a second time and it now becomes feasible for an attacker to brute-force the private key. If someone is monitoring your address and spots a second use, they can easily crack the key and then use it to make a second transaction that will compete with yours. It then becomes a race to see whose transaction gets confirmed first.
Note: The current wallet prevents you from reusing an address to make a second transaction so any iotas you receive with a 'used' address will be stuck. This is a feature of wallet and has nothing to do with the fundamental workings of IOTA.

Sending IOTA

What does attach to the tangle mean?

The process of making an transaction can be divided into two main steps:
  1. The local signing of a transaction, for which your seed is required.
  2. Taking the prepared transaction data, choosing two transactions from the tangle and doing the POW. This step is also called “attaching”.
The following analogy makes it easier to understand:
Step one is like writing a letter. You take a piece of paper, write some information on it, sign it at the bottom with your signature to authenticate that it was indeed you who wrote it, put it in an envelope and then write the recipient's address on it.
Step two: In order to attach our “letter” (transaction), we go to the tangle, pick randomly two of the newest “letters” and tie a connection between our “letter” and each of the “letters” we choose to reference.
The “Attach address” function in the wallet is actually doing nothing else than making an 0 value transaction to the address that is being attached.

Why is my transaction pending?

IOTA's current Tangle implementation (IOTA is in constant development, so this may change in the future) has a confirmation rate that is ~66% at first attempt.
So, if a transaction does not confirm within 1 hour, it is necessary to "reattach" (also known as "replay") the transaction one time. Doing so one time increases probability of confirmation from ~66% to ~89%.
Repeating the process a second time increases the probability from ~89% to ~99.9%.

How do I reattach a transaction.

Reattaching a transaction is different depending on where you send your transaction from. To reattach using the GUI Desktop wallet follow these steps:
  1. Click 'History'.
  2. Click 'Show Bundle' on the 'pending' transaction.
  3. Click 'Reattach'.
  4. Click 'Rebroadcast'. (optional, usually not required)
  5. Wait 1 Hour.
  6. If still 'pending', repeat steps 1-5 once more.

Does the private key get revealed each time you reattach a transaction?

When you use the reattach function in the desktop wallet, a new transaction will be created but it will have the same signature as the original transaction and hence, your private key will not revealed a second time.

What happens to pending transactions after a snapshot?

IOTA Network and Nodes

What incentives are there for running a full node?

IOTA is made for m2m economy, once wide spread adoption by businesses and the IOT, there will be a lot of investment by these businesses to support the IOTA network. In the meantime if you would like to help the network and speed up p2p transactions at your own cost, you can support the IOTA network by setting up a Full Node.
Running a full node also means you don't have to trust a 3rd party light node provider. By running a full node you get to take advantage of new features that might not be installed on 3rd party nodes.

How to set up a full node?

To set up a full node you will need to follow these steps:
  1. Download the full node software: either GUI, or headless CLI for lower system requirements and better performance.
  2. Get a static IP for your node.
  3. Join the network by adding 7-9 neighbours.
  4. Keep your full node up and running as much as possible.
A detailed user guide on how to set up a VTS IOTA Full Node from scratch can be found here.

How do I get a static IP?

To learn how to setup a hostname (~static IP) so you can use the newest IOTA versions that have no automated peer discovery please follow this guide.

How do I find a neighbour?

Are you a single IOTA full node looking for a partner? You can look for partners in these place:


You can find a wiki I have been making here.
More to come...
If you have any contributions or spot a mistake or clarification, please PM me or leave a comment.
submitted by Boltzmanns_Constant to Iota [link] [comments]

LIVE Beijing Conference June 22, 2017: English Translation

Me and my partner are going to do English play by play here. Tickets were around 570 each, so if you found this helpful , please donate.
2:10 Checked in. Around 100 guests attending so far. Conference should officially start in 20 mins.
2:30 Conference started. Currently in the Microsoft Beijing Office Lobby. Just introductions so far. The video trailer they played before the conference was quite impressive and in English.
2:32 srikanth Raju is speaking in English. You guys are good for this part. Big point: Microsoft believes in a heterogeneous Blockchain environment for Azure. Mentioned​ Ethereum specifically coexisting with antshares.
2:41 Skipped Jiang Li, Microsoft senior consultant's section for some reason.
2:45 Feng han is talking about the rise of alipay and transactions becoming electronic. Believes that full automation is the next step. Alibaba is still only half automated in their logistics. Huawei is interested in building smart cities, and will need blockchain. Note: they aren't announcing a partnership. Just talking about it.
2:51 Feng han talking about current internet infrastructure not being safe for the futures smart infrastructure. Then talked about a class offered by a genius cryptography professor, wangxiaoyun at tsinghua. Made a joke about 300x returns since ICO.
2:57 Hongfei Da. Talking about bitcoin and history of crypto. Now talking about founding of Antshares. Discussing dBFT and consensus briefly. Now talking about ICO. State of AntShares: 432 nodes, 1058300 blocks, main env running for 150 days. 352 stars on GitHub. LOL talking about this subreddit specifically now. Coinmarketcap ranking.
All assets will be digitized. Two categories: 1. Proof of existence is on the blockchain. 2. Off chain physical assets like IDs, bikeshare locks, intellectual property.
Spirit of blockchain isn't decentralization. It is transparency and fairness via publicly agreed upon rules and data.
Mantra: digital asset + digital ID + smart contract = smart economy.
REBRANDING: NEO smart economy. Green logo
Neo contracts with C#, Java/kotlin, python, go
NeoX is like an interledger protocol
NeoQ is quantum safe encryption
NeoFS is a new database layer
Emphasized ecosystem partnership with bancor agrello matchpool
Missed some points because too fast. Will go back later.
3:28 innospace CEO talking. Selected AntShares to join a pool of 10 companies out of 800 applicants. Best companies get 100x growth. Talked about Neo contracts active dev community and emphasized fintrch fundamental paper.
3:35 Alex norta from agrello. English speaking. Introducing the agrello platform currently. Announced new white paper finished today and ICO occurring now.
3:43 Adam from Coindash. Marketing Coindash as a onestop crypto portfolio that enables social trading and facilitates ICOs. Gives test runs for ICOs and let's you gauge interest. Announcing foray into China with close partnership with NEST partnership.
3:59 they made a reference to the matrix where they all pushed buttons and the screen said, WAKE UP NEO
4:00 break for 30 mins
4:31 restarting. CTO of AntShares speaking. Explaining smart contracts. Telling a story about Coke vending machine software executing a smart contract, except it ate his money because of a malicious party blocking the coin entry. Blockchain is necessary to allow smart contracts to be executed fairly.
Neo is different from Eth and fabric because it has static contract calls, deterministic blockchain network calls, and uses oracle's instead of internet API calls. Example, different nodes will have different Google search results based off of IP location.
NeoVM vs EthVM vs Docker Dyanmic sharding for NeoVM makes parallel processing scale better than EVM which has static sharding. Variables in NeoVM are determined beforehand and then the sharding is done before computation as opposed to EVM which divides work inflexibly.
EVM has high coupling (bad). NVM has low coupling like docker. Execution of contracts depends too much on the nodes and blockchain. This point wasn't too clear. Coupling seems to be a concept that people don't talk about often. Sounds like he was saying that you need to run eth smart contracts on a test blockchain environment while NeoVM allows you to test and run code independent of blockchain.
Microsoft offers IDE plugins and compilers to help people develop on the Neo platform.
Digital certificate issuance and asset digitization are supported in Neo but not inherently in Eth.
Storage layer for contracts is built into Neo. You can give authorization for others to read or write your contract storage space. Also, if your contract has a bug, you can take the data and migrate it to a patched contract. Lastly, allows rental of storage space for contracts. No support for any of the three points above in EVM.
Giving example of locking an account for a period of time. Showing decentralized domains. Sounds a lot like Eth name service.
5:21 bijie tech CEO. Talking about Binance ICO. Introducing the Binance team. Binance is a coin to coin centralized exchange. Made a joke about not wanting to ICO but did it after seeing everyone elses valuations.
5:35 fangzhou charity entrepreneur. Became a multimillionaire after getting some ANS.
Money is freedom. Now wants to give charity loans to kids that need an operation but parents don't have the money. Because of new Chinese laws only 113 out of 500 NGOs can receive donation money. Therefore the market for charity is undersupplied by organizations that can use the money.
5:46 xiaobai medical founder
No fixed location, employees or resources. Wants to make a medical system where people record their illnesses and compare outcomes with other patients to determine what is the best treatment. Can also match patients with doctors. Sounds like a combo of ZocDoc and patientory.
5:55 nest smart fund founder
Problems of most funds are lack of liquidity, inability to participate in the invested company, and high management cost.
DAO on ethereum was hacked, but NEST wants to do what DAO does but more safely and more transparently. They choose C# ( made a joke about being at Microsoft and using C#).
Going to make a nest coin that is redeemable for some of the coins that the project backs.
what's going to happen to ANS?
AntShares will retire and get redistributed as NEO in the new wallet software. You don't have to do anything. No reissue so investors don't get screwed. Exchanges will get contacted automatically.
How many devs do you have now?
2 full time devs. They are going to offer NEO bounties on code and hire more.
New exchange announcement?
ETH donation address: 0x92CBE3Ae9ECB30Fa52BE536d55616571380c43b5
LTC donation address: LZXsdjZJJBWpAx7VQmQ4turVrvgBJwguru
ANS donation address: ARA25KDeQMbcR7nAAjTbbnf3pkW98etD2U
submitted by miaharles to Antshares [link] [comments]

I'm writing a series about blockchain tech and possible future security risks. This is the third part of the series introducing Quantum resistant blockchains.

Part 1 and part 2 will give you usefull basic blockchain knowledge that is not explained in this part.
Part 1 here
Part 2 here
Quantum resistant blockchains explained.
- How would quantum computers pose a threat to blockchain?
- Expectations in the field of quantum computer development.
- Quantum resistant blockchains
- Why is it easier to change cryptography for centralized systems such as banks and websites than for blockchain?
- Conclusion
The fact that whatever is registered on a blockchain can’t be tampered with is one of the great reasons for the success of blockchain. Looking ahead, awareness is growing in the blockchain ecosystem that quantum computers might cause the need for some changes in the cryptography that is used by blockchains to prevent hackers from forging transactions.
How would quantum computers pose a threat to blockchain?
First, let’s get a misconception out of the way. When talking about the risk quantum computers could pose for blockchain, some people think about the risk of quantum computers out-hashing classical computers. This, however, is not expected to pose a real threat when the time comes.
This paper explains why: https://arxiv.org/pdf/1710.10377.pdf "In this section, we investigate the advantage a quantum computer would have in performing the hashcash PoW used by Bitcoin. Our findings can be summarized as follows: Using Grover search, a quantum computer can perform the hashcash PoW by performing quadratically fewer hashes than is needed by a classical computer. However, the extreme speed of current specialized ASIC hardware for performing the hashcash PoW, coupled with much slower projected gate speeds for current quantum architectures, essentially negates this quadratic speedup, at the current difficulty level, giving quantum computers no advantage. Future improvements to quantum technology allowing gate speeds up to 100GHz could allow quantum computers to solve the PoW about 100 times faster than current technology.
However, such a development is unlikely in the next decade, at which point classical hardware may be much faster, and quantum technology might be so widespread that no single quantum enabled agent could dominate the PoW problem."
The real point of vulnerability is this: attacks on signatures wherein the private key is derived from the public key. That means that if someone has your public key, they can also calculate your private key, which is unthinkable using even today’s most powerful classical computers. So in the days of quantum computers, the public-private keypair will be the weak link. Quantum computers have the potential to perform specific kinds of calculations significantly faster than any normal computer. Besides that, quantum computers can run algorithms that take fewer steps to get to an outcome, taking advantage of quantum phenomena like quantum entanglement and quantum superposition. So quantum computers can run these certain algorithms that could be used to make calculations that can crack cryptography used today. https://en.wikipedia.org/wiki/Elliptic-curve_cryptography#Quantum_computing_attacks and https://eprint.iacr.org/2017/598.pdf
Most blockchains use Elliptic Curve Digital Signature Algorithm (ECDSA) cryptography. Using a quantum computer, Shor's algorithm can be used to break ECDSA. (See for reference: https://arxiv.org/abs/quant-ph/0301141 and pdf: https://arxiv.org/pdf/quant-ph/0301141.pdf ) Meaning: they can derive the private key from the public key. So if they got your public key (and a quantum computer), then they got your private key and they can create a transaction and empty your wallet.
RSA has the same vulnerability while RSA will need a stronger quantum computer to be broken than ECDSA.
At this point in time, it is already possible to run Shor’s algorithm on a quantum computer. However, the amount of qubits available right now makes its application limited. But it has been proven to work, we have exited the era of pure theory and entered the era of practical applications:
So far Shor's algorithm has the most potential, but new algorithms might appear which are more efficient. Algorithms are another area of development that makes progress and pushes quantum computer progress forward. A new algorithm called Variational Quantum Factoring is being developed and it looks quite promising. " The advantage of this new approach is that it is much less sensitive to error, does not require massive error correction, and consumes far fewer resources than would be needed with Shor’s algorithm. As such, it may be more amenable for use with the current NISQ (Noisy Intermediate Scale Quantum) computers that will be available in the near and medium term." https://quantumcomputingreport.com/news/zapata-develops-potential-alternative-to-shors-factoring-algorithm-for-nisq-quantum-computers/
It is however still in development, and only works for 18 binary bits at the time of this writing, but it shows new developments that could mean that, rather than a speedup in quantum computing development posing the most imminent threat to RSA and ECDSA, a speedup in the mathematical developments could be even more consequential. More info on VQF here: https://arxiv.org/abs/1808.08927
It all comes down to this: when your public key is visible, which is always necessary to make transactions, you are at some point in the future vulnerable for quantum attacks. (This also goes for BTC, which uses the hash of the public key as an address, but more on that in the following articles.) If you would have keypairs based on post quantum cryptography, you would not have to worry about that since in that case not even a quantum computer could derive your private key from your public key.
The conclusion is that future blockchains should be quantum resistant, using post-quantum cryptography. It’s very important to realize that post quantum cryptography is not just adding some extra characters to standard signature schemes. It’s the mathematical concept that makes it quantum resistant. to become quantm resistant, the algorithm needs to be changed. “The problem with currently popular algorithms is that their security relies on one of three hard mathematical problems: the integer factorization problem, the discrete logarithm problem or the elliptic-curve discrete logarithm problem. All of these problems can be easily solved on a sufficiently powerful quantum computer running Shor's algorithm. Even though current, publicly known, experimental quantum computers lack processing power to break any real cryptographic algorithm, many cryptographers are designing new algorithms to prepare for a time when quantum computing becomes a threat.” https://en.wikipedia.org/wiki/Post-quantum_cryptography
Expectations in the field of quantum computer development.
To give you an idea what the expectations of quantum computer development are in the field (Take note of the fact that the type and error rate of the qubits is not specified in the article. It is not said these will be enough to break ECDSA or RSA, neither is it said these will not be enough. What these articles do show, is that a huge speed up in development is expected.):
When will ECDSA be at risk? Estimates are only estimates, there are several to be found so it's hard to really tell.
The National Academy of Sciences (NAS) has made a very thourough report on the development of quantum computing. The report came out in the end of 2018. They brought together a group of scientists of over 70 people from different interconnecting fields in quantum computing who, as a group, have come up with a close to 200 pages report on the development, funding, implications and upcoming challenges for quantum computing development. But, even though this report is one of the most thourough up to date, it doesn't make an estimate on when the risk for ECDSA or RSA would occur. They acknowledge this is quite impossible due to the fact there are a lot of unknowns and due to the fact that they have to base any findings only on publicly available information, obviously excluding any non available advancements from commercial companies and national efforts. So if this group of specialized scientists can’t make an estimate, who can make that assessment? Is there any credible source to make an accurate prediction?
The conclusion at this point of time can only be that we do not know the answer to the big question "when".
Now if we don't have an answer to the question "when", then why act? The answer is simple. If we’re talking about security, most take certainty over uncertainty. To answer the question when the threat materializes, we need to guess. Whether you guess soon, or you guess not for the next three decades, both are guesses. Going for certain means you'd have to plan for the worst, hope for the best. No matter how sceptical you are, having some sort of a plan ready is a responsible thing to do. Obviously not if you're just running a blog about knitting. But for systems that carry a lot of important, private and valuable information, planning starts today. The NAS describes it quite well. What they lack in guessing, they make up in advice. They have a very clear advice:
"Even if a quantum computer that can decrypt current cryptographic ciphers is more than a decade off, the hazard of such a machine is high enough—and the time frame for transitioning to a new security protocol is sufficiently long and uncertain—that prioritization of the development, standardization, and deployment of post-quantum cryptography is critical for minimizing the chance of a potential security and privacy disaster."
Another organization that looks ahead is the National Security Agency (NSA) They have made a threat assessment in 2015. In August 2015, NSA announced that it is planning to transition "in the not too distant future" (statement of 2015) to a new cipher suite that is resistant to quantum attacks. "Unfortunately, the growth of elliptic curve use has bumped up against the fact of continued progress in the research on quantum computing, necessitating a re-evaluation of our cryptographic strategy." NSA advised: "For those partners and vendors that have not yet made the transition to Suite B algorithms, we recommend not making a significant expenditure to do so at this point but instead to prepare for the upcoming quantum resistant algorithm transition.” https://en.wikipedia.org/wiki/NSA_Suite_B_Cryptography#cite_note-nsa-suite-b-1
What these organizations both advice is to start taking action. They don't say "implement this type of quantum resistant cryptography now". They don't say when at all. As said before, the "when" question is one that is a hard one to specify. It depends on the system you have, the value of the data, the consequences of postponing a security upgrade. Like I said before: you just run a blog, or a bank or a cryptocurrency? It's an individual risk assesment that's different for every organization and system. Assesments do need to be made now though. What time frame should organisationds think about when changing cryptography? How long would it take to go from the current level of security to fully quantum resistant security? What changes does it require to handle bigger signatures and is it possible to use certain types of cryptography that require to keep state? Do your users need to act, or can al work be done behind the user interface? These are important questions that one should start asking. I will elaborate on these challenges in the next articles.
Besides the unsnswered question on "when", the question on what type of quantum resistant cryptography to use is unanswered too. This also depends on the type of system you use. The NSA and NAS both point to NIST as the authority on developments and standardization of quantum resistant cryptography. NIST is running a competition right now that should end up in one or more standards for quantum resistant cryptography. The NIST competition handles criteria that should filter out a type of quantum resistant cryptography that is feasable for a wide range of systems. This takes time though. There are some new algorithms submitted and assessing the new and the more well known ones must be done thouroughly. They intend to wrap things up around 2022 - 2024. From a blockchain perspective it is important to notice that a specific type of quantum resistant cryptography is excluded from the NIST competition: Stateful Hash-Based Signatures. (LMS and XMSS) This is not because these are no good. In fact they are excelent and XMSS is accepted to be provable quantum resistant. It's due to the fact that implementations will need to be able to securely deal with the requirement to keep state. And this is not a given for most systems.
At this moment NIST intends to approve both LMS and XMSS for a specific group of applications that can deal with the statefull properties. The only loose end at this point is an advice for which applications LMS and XMSS will be adviced and for what applications it is discouraged. These questions will be answered in the beginning of april this year: https://csrc.nist.gov/news/2019/stateful-hbs-request-for-public-comments This means that quite likely LMS and XMSS will be the first type of standardized quantum resistant cryptography ever. To give a small hint: keeping state, is pretty much a naturally added property of blockchain.
Quantum resistant blockchains
“Quantum resistant” is only used to describe networks and cryptography that are secure against any attack by a quantum computer of any size in the sense that there is no algorithm known that makes it possible for a quantum computer to break the applied cryptography and thus that system.
Also, to determine if a project is fully quantum resistant, you would need to take in account not only how a separate element that is implemented in that blockchain is quantum resistant, but also the way it is implemented. As with any type of security check, there should be no backdoors, in which case your blockchain would be just a cardboard box with bulletproof glass windows. Sounds obvious, but since this is kind of new territory, there are still some misconceptions. What is considered safe now, might not be safe in the age of quantum computers. I will address some of these in the following chapters, but first I will elaborate a bit about the special vulnerability of blockchain compared to centralized systems.
Why is it easier to change cryptography for centralized systems such as banks and websites than for blockchain?
Developers of a centralized system can decide from one day to the other that they make changes and update the system without the need for consensus from the nodes. They are in charge, and they can dictate the future of the system. But a decentralized blockchain will need to reach consensus amongst the nodes to update. Meaning that the majority of the nodes will need to upgrade and thus force the blockchain to only have the new signatures to be valid. We can’t have the old signature scheme to be valid besides the new quantum resistant signature scheme. Because that would mean that the blockchain would still allow the use of vulnerable, old public- and private keys and thus the old vulnerable signatures for transactions. So at least the majority of the nodes need to upgrade to make sure that blocks which are constructed using the old rules and thus the old vulnerable signature scheme, are rejected by the network. This will eventually result in a fully upgraded network which only accepts the new post quantum signature scheme in transactions. So, consensus is needed. The most well-known example of how that can be a slow process is Bitcoin’s need to scale. Even though everybody agrees on the need for a certain result, reaching consensus amongst the community on how to get to that result is a slow and political process. Going quantum resistant will be no different, and since it will cause lesser performance due to bigger signatures and it will need hardware upgrades quite likely it will be postponed rather than be done fast and smooth due to lack of consensus. And because there are several quantum resistant signature schemes to choose from, agreement an automatic given. The discussion will be which one to use, and how and when to implement it. The need for consensus is exclusively a problem decentralized systems like blockchain will face.
Another issue for decentralized systems that change their signature scheme, is that users of decentralized blockchains will have to manually transfe migrate their coins/ tokens to a quantum safe address and that way decouple their old private key and activate a new quantum resistant private key that is part of an upgraded quantum resistant network. Users of centralized networks, on the other hand, do not need to do much, since it would be taken care of by their centralized managed system. As you know, for example, if you forget your password of your online bank account, or some website, they can always send you a link, or secret question, or in the worst case they can send you mail by post to your house address and you would be back in business. With the decentralized systems, there is no centralized entity who has your data. It is you who has this data, and only you. So in the centralized system there is a central entity who has access to all the data including all the private accessing data, and therefore this entity can pull all the strings. It can all be done behind your user interface, and you probably wouldn’t notice a thing.
And a third issue will be the lost addresses. Since no one but you has access to your funds, your funds will become inaccessible once you lose your private key. From that point, an address is lost, and the funds on that address can never be moved. So after an upgrade, those funds will never be moved to a quantum resistant address, and thus will always be vulnerable to a quantum hack.
To summarize: banks and websites are centralized systems, they will face challenges, but decentralized systems like blockchain will face some extra challenges that won't apply for centralized systems.
All issues specific for blockchain and not for banks or websites or any other centralized system.
Bitcoin and all currently running traditional cryptocurrencies are not excluded from this problem. In fact, it will be central to ensuring their continued existence over the coming decades. All cryptocurrencies will need to change their signature schemes in the future. When is the big guess here. I want to leave that for another discussion. There are enough certain specifics we can discuss right now on the subject of quantum resistant blockchains and the challenges that existing blockchains will face when they need to transfer. This won’t be an easy transfer. There are some huge challenges to overcome and this will not be done overnight. I will get to this in the next few articles.
Part 1, what makes blockchain reliable?
Part 2, The two most important mathematical concepts in blockchain.
Part 4A, The advantages of quantum resistance from genesis block, A
Part 4B, The advantages of quantum resistance from genesis block, B
Part 5, Why BTC will be vulnerable sooner than expected.
submitted by QRCollector to CryptoTechnology [link] [comments]

Miners Move 9,000 BTC, Quantum Computing Advances: The Bitcoin.com Weekly Update Best Bitcoin Wallet For Android Quantum Computing  The Biggest Threat to Bitcoin?? (Must Watch) How to use the Lumi Wallet Bitcoin Receive Wallets How to Buy Bitcoins & Crypto on Crypto.com & Physical Bitcoin ATM  Cryptocurrency Wave is Forming

Quantum computers exploit those properties to perform calculations far faster than even the most powerful supercomputer. Bitcoin’s claim of inviolability and unhackability is gone, and you have access to any Bitcoin wallet you want. Two major quantum algorithms that threaten the current state of cryptography have already been developed In the case of an upgrade, all wallets that aren’t quantum-resistant become vulnerable to attack. That includes the 1 million bitcoins mined by Bitcoin’s pseudonymous inventor, Satoshi Nakamoto—if those aren’t migrated to a new, quantum-resistant wallet, they’re treasure for the first person with a powerful enough quantum computer. “My money is at risk in banks. They’re hacked all the time. Bitcoin is probably the most secure of currencies right now,” Draper told FOX Business. Bitcoin has the most credible monetary properties. Parker Lewis, an author at Unchained Capital, a Bitcoin native financial services company also feels that “Bitcoin Obsoletes All Other Quantum cryptography is the science of exploiting quantum mechanical properties to perform cryptographic tasks. Quantum cryptography, by extension, simply uses the principles of quantum mechanics to encrypt data and transmit it in a way that cannot be hacked. Every time you use a Bitcoin wallet or send funds from a Bitcoin address. To save Quantom Capital is a broker that offers a wide range of trading products, including forex, CFDs, and crypto. This broker operates best when used through a trading root.

[index] [4718] [5894] [5356] [5979] [6114] [10403] [6239] [11198] [4781] [1538]

Miners Move 9,000 BTC, Quantum Computing Advances: The Bitcoin.com Weekly Update

Buy Bitcoin in Canada using Shakepay and get $10 for free after your first $100 purchase: https://shakepay.me/r/HUQFI60 Get the Ledger Backup Pack – Includes Ledger Nano X & S For Daily Trading support, trading ideas, trading education, access to my personal trades and much more consider joining the Jim of All Trades Telegram. To do so, just become a Patreon supporter ... How to use the Lumi Wallet to receive Bitcoin. Use Epoxy To Coat Existing Countertops To Make Them Look Like Real Stone Step By Step Explained - Duration: 59:13. Leggari Products 848,219 views When you use the bitcoin wallet, you can easily manage all of the currency. You can choose the best bitcoin wallet for android that offers full security and allow you only to maintain the currency. Bitcoin Broke the descending triangle and dropped below $8,000, the main reason why this happened is when came out regarding google quantum computer. In this video I will explain what is quantum ...