Relictum Pro is an endless distributed registry with a developed system of smart contracts, describing (formalizing) any event in human life, ranging from buying and selling goods and services, recording logistic events, to tracking copyright and interacting with legal entities, including a number of selfexecuting transactions (smart contracts) in any field of activity submitted by IvanchinWas to CryptoMarkets [link] [comments] Relictum Pro is an endless distributed registry with a developed system of smart contracts describing more than 80% of significant events in a person’s daily lifeCurrently, modules and smart contracts have been developed, the platform is undergoing fullscale testing and we have achieved the following results: 100,000 transactions per second  Have been reached in real time at the moment1,000,000 transactions per second— The estimated network performanceWhen transactions not only get to the network but also blocks are written to each node when they return* — Results by _Testnet;

submitted by GTE_IO to u/GTE_IO [link] [comments] Article by Coindesk: William Foxley The Electric Coin Company (ECC) says it discovered a new way to scale blockchains with “recursive proof composition,” a proof to verify the entirety of a blockchain in one function. For the ECC and zcash, the new project, Halo, may hold the key to privacy at scale. A privacy coin based on zeroknowledge proofs, referred to as zkSNARKs, zcash’s current underlying protocol relies on “trusted setups.” These mathematical parameters were used twice in zcash’s short history: upon its launch in 2016 and first large protocol change, Sapling, in 2018. Zcash masks transations through zkSNARKs but the creation of initial parameters remains an issue. By not destroying a transaction’s mathematical foundation — the trusted setup — the holder can produce forged zcash. Moreover, the elaborate ‘ceremonies‘ the zcash community undergoes to create the trusted setups are expensive and a weak point for the entire system. The reliance on trusted setups with zkSNARKs was well known even before zcash’s debut in 2016. While other research failed to close the gap, recursive proofs make trusted setups a thing of the past, the ECC claims. Bowe’s HaloSpeaking with CoinDesk, ECC engineer and Halo inventor Sean Bowe said recursive proof composition is the result of years of labor — by him and others — and months of personal frustration. In fact, he almost gave up three separate times.Bowe began working for the ECC after his interest in zkSNARKs was noticed by ECC CEO and zcash cofounder Zooko Wilcox in 2015. After helping launch zcash and its first significant protocol change with Sapling, Bowe moved to fulltime research with the company. Before Halo, Bowe worked on a different zkSNARK variant, Sonic, requiring only one trusted setup. For most cypherpunks, that’s one too many. “People we are also starting to think as far back as 2008, we should be able to have proofs that can verify other proofs, what we call recursive proof composition. This happened in 2014,” Bowe told CoinDesk. Proofs, proofs and more proofsIn essence, Bowe and Co. discovered a new method of proving the validity of transactions, while masked, by compressing computational data to the bare minimum. As the ECC paper puts it, “proofs that are capable of verifying other instances of themselves.”Blockchain transaction such as bitcoin and zcash are based on elliptic curves with points on the curve serving as the basis for the public and private keys. The public address can be thought of the curve: we know what the elliptic curve looks like in general. What we do not know is where the private addresses are which reside on the curve. It is the function of zkSNARKs to communicate about private addresses and transactions–if an address exists and where it exists on the curve–anonymously. The secp256k1 elliptic curve, used for bitcoin and ethereum via Hackernoon Bowe’s work is similar to bulletproofs, another zkSNARK that requires no trusted setup. “What you should think of when you think of Halo is like recursive bulletproofs,” Bowe said. From a technical standpoint, bulletproofs rely on the “inner product argument,” which relays certain information about the curves to one another. Unfortunately, the argument is both very expensive and time consuming compared to your typical zkSNARK verification. By proving multiple zkSNARKs with one–a task thought impossible until Bowe’s research–computational energy is pruned to a fraction of the cost. “People have been thinking of bulletproofs on top of bulletproofs. The problem the bulletproof verifier is extremely expensive because of the inner product argument,” Bowe said. “I don’t use bulletproofs exactly, I use a previous idea bulletproofs are built on.” In fact, Bowe said recursive proofs mean you can prove the entirety of the bitcoin blockchain in less space than a bitcoin blockhead takes — 80bytes of data. The future of zcashWriting on Twitter, Wilcox said his company is currently studying the Halo implementation as a Layer 1 solution on zcash.Layer 1 solutions are implementations into the codebase constituting a blockchain. Most scaling solutions, like bitcoin’s Lightning Network, are Layer 2 solutions built on top of a blockchain’s state. The ECC’s interest in turning Halo into a Layer 1 solution speaks to the originality of the discovery as it will reside next to code copied from bitcoin’s creator himself, Satoshi Nakamoto. ECC is exploring the use of Halo for Zcash to both eliminate trusted setup and to scale Zcash at Layer 1 using nested proof composition. — zooko (@zooko) September 10, 2019 Since the early days of privacy coins, scaling has been a contentious issue: with so much data needed to mask transactions, how do you grow a global network? Bowe and the ECC claim recursive proofs solve this dilemma: with only one proof needed to verify an entire blockchain, data concerns could be a thing of the past: “Privacy and scalability are two different concepts, but they come together nicely here. About 5 years ago, academics were working on recursive snarks, a proof that could verify itself or another proof [and even] verify multiple proofs. So, what [recursive proof composition] means is you only need one proof to verify an entire blockchain.”To be sure, this isn’t sophomorelevel algebra: Bowe told CoinDesk the proof alone took close to nine months of glueing various pieces together. A new way to nodeA further implication of recursive proofs is the amount of data stored on the blockchain. Since the entire ledger can be verified in one function, onboarding new nodes will be easier than ever, Bowe said.“You’re going to see blockchains that have much higher capacity because you don’t have to communicate the entire history in one. The state chain still needs to be seen. But if you want to entire the network you don’t need to download the entire blockchain.”While state chains still need to be monitored for basic transaction verification, syncing the entire history of a blockchain–over 400 GB and 200 GB for ethereum and bitcoin respectively–becomes a redundancy. For zcash, Halo means easier hard forks. Without trusted setups, ECC research claims, “proofs of state changes need only reference the latest proof, allowing old history to be discarded forever.” When asked where his discovery ranks with other advancements, Bowe spoke on its practicality: “Where does this stand in the grand scheme of things in cryptocurrency? It’s a cryptographic tool to compress computation… and scale protocols.”Rubix cube image via Shutterstock 
Symbol  Definition 

mps  messages per second received/sent per individual node 
N  total number of nodes 
Tps  transactions per second processed by the whole network 
R  ledger redundancy 
P  fractional participation level of an individual node 
k  role call frequency 
Fixed parameters  

packet size (bytes)  260 
k (Hz)  1.00E06 
R  1000 
transaction fee ($)  $0.01 
Tps  

0.1  1  10  100  1,000  10,000  100,000  
Total monthly dividends  $2,592  $25,920  $259,200  $2,592,000  $25,920,000  $259,200,000  $2,592,000,000 
Decentralized node requirements  
mps (Hz)  28  89  283  894  2,828  8,944  28,284 
node traffic (bytes/s)  7.35E+03  2.33E+04  7.35E+04  2.33E+05  7.35E+05  2.33E+06  7.35E+06 
N  1.41E+04  4.47E+04  1.41E+05  4.47E+05  1.41E+06  4.47E+06  1.41E+07 
P  7.07E02  2.24E02  7.07E03  2.24E03  7.07E04  2.24E04  7.07E05 
Total Network Traffic (bytes/s)  1.04E+08  1.04E+09  1.04E+10  1.04E+11  1.04E+12  1.04E+13  1.04E+14 
Yearly Network Traffic (bytes)  3.28E+15  3.28E+16  3.28E+17  3.28E+18  3.28E+19  3.28E+20  3.28E+21 
Decentralized node income  
monthly per node ($)  $0.18  $0.58  $1.83  $5.80  $18.33  $57.96  $183.28 
income/GB ($/GB)  $0.0096  $0.0096  $0.0096  $0.0096  $0.0096  $0.0096  $0.0096 
Centralized node requirements  
mps (Hz)  2.01E+02  2.00E+03  2.00E+04  2.00E+05  2.00E+06  2.00E+07  2.00E+08 
node traffic (bytes/s)  5.23E+04  5.20E+05  5.20E+06  5.20E+07  5.20E+08  5.20E+09  5.20E+10 
N  1000  1000  1000  1000  1000  1000  1000 
P  1  1  1  1  1  1  1 
Total Network Traffic (bytes/s)  5.23E+07  5.20E+08  5.20E+09  5.20E+10  5.20E+11  5.20E+12  5.20E+13 
Yearly Network Traffic (bytes)  1.65E+15  1.64E+16  1.64E+17  1.64E+18  1.64E+19  1.64E+20  1.64E+21 
Centralized node income  
monthly per node ($)  $2.59  $25.92  $259.20  $2,592  $25,920  $259,200  $2,592,000 
income/GB ($/GB)  0.0191  0.0192  0.0192  0.0192  0.0192  0.0192  0.0192 
submitted by INTCHAIN to INT_Chain [link] [comments] https://preview.redd.it/kyigcq4j5p331.png?width=1280&format=png&auto=webp&s=0584cd96378f51ead05b447397dcb0489995af4e https://preview.redd.it/rfc3cw7q5p331.png?width=800&format=png&auto=webp&s=2b10b33defa0b354e0144745dd20c2f257812f29 The years of 2017 and ’18 were years focused on the topic of scaling. Coins forked and projects were hyped with this word as their sole mantra. What this debate brought us were solutions and showed us where we are right now satisfying the current need when paired with a plan for the future. What will be the focus of years to come will be anonymity and fungibility in mass adoption. In the quickly evolving world of connected data, privacy is becoming a topic of immediate importance. As it stands, we trust our privacy to centralized corporations where safety is ensured by the strength of your passwords and how much effort an attacker dedicates to breaking them. As we grow into the new age of the Internet, where all things are connected, trustless and cryptographic privacy must be at the base of all that it rests upon. In this future, what is at risk is not just photographs and credit card numbers, it is everything you interact with and the data it collects. If the goal is to do this in a decentralized and trustless network, the challenge will be finding solutions that have a range of applicability that equal the diversity of the ecosystem with the ability to match the scales predicted. Understanding this, INT has begun research into implementing two different privacy protocols into their network that conquer two of the major necessities of IoT: scalable private transactions and private smart contracts. MimblewimbleOne of the privacy protocols INT is looking into is Mimblewimble. Mimblewimble is a fairly new and novel implementation of the same elements of EllipticCurve Cryptography that serves as the basis of most cryptocurrencies. https://preview.redd.it/dsr6s6vt5p331.png?width=800&format=png&auto=webp&s=0249e76907c3c583e565edf19276e2afaa15ae08 In bitcoinwizards IRC channel in August 2016, an anonymous user posted a Tor link to a whitepaper claiming “an idea for improving privacy in bitcoin.” What followed was a blockchain proposal that uses a transaction construction radically different than anything seen today creating one of the most elegant uses of elliptic curve cryptography seen to date. While the whitepaper posted was enough to lay out the ideas and reasoning to support the theory, it contained no explicit mathematics or security analysis. Andrew Poelstra, a mathematician and the Director of Research at Blockstream, immediately began analyzing its merits and over the next two months, created a detailed whitepaper [Poel16] outlining the cryptography, fundamental theorems, and protocol involved in creating a standalone blockchain. What it sets out to do as a protocol is to wholly conceal the values in transactions and eliminate the need for addresses while simultaneously solving the scaling issue. Confidential TransactionsLet’s say you want to hide the amount that you are sending. One great way to hide information that is well known and quick: hashing! Hashing allows you to deterministically produce a random string of constant length regardless of the size of the input, that is impossible to reverse. We could then hash the amount and send that in the transaction. X = SHA256(amount) or 4A44DC15364204A80FE80E9039455CC1608281820FE2B24F1E5233ADE6AF1DD5 = SHA256(10) But since hashing is deterministic, all someone would have to do would be to catalog all the hashes for all possible amounts and the whole purpose for doing so in the first place would be nullified. So instead of just hashing the amount, lets first multiply this amount by a private blinding factor*.* If kept private, there is no way of knowing the amount inside the hash. X = SHA256(blinding factor * amount) This is called a commitment, you are committing to a value without revealing it and in a way that it cannot be changed without changing the resultant value of the commitment. But how then would a node validate a transaction using this commitment scheme? At the very least, we need to prove that you satisfy two conditions; one, you have enough coins, and two, you are not creating coins in the process. The way most protocols validate this is by consuming a previous input transaction (or multiple) and in the process, creating an output that does not exceed the sum of the inputs. If we hash the values and have no way validate this condition, one could create coins out of thin air. input(commit(bf,10), Alice) > output(commit(bf,9), BOB), outputchange(commit(bf,5), Alice) Or input(4A44DC15364204A80FE80E9039455CC1608281820FE2B24F1E5233ADE6AF1DD5, Alice) > output(19581E27DE7CED00FF1CE50B2047E7A567C76B1CBAEBABE5EF03F7C3017BB5B7, Bob) output(EF2D127DE37B942BAAD06145E54B0C619A1F22327B2EBBCFBEC78F5564AFE39D, Alice) As shown above, the later hashed values look just as valid as anything else and result in Alice creating 4 coins and receiving them as change in her transaction. In any transaction, the sum of the inputs must equal the sum of the outputs. We need some way of doing mathematics on these hashed values to be able to prove: commit(bf1,x) = commit(bf2,y1) + commit(bf3,y2) which, if it is a valid transaction would be: commit(bf1,x)  commit(bf2+bf3,y1+y2) = commit(bf1(bf2+bf3),0) Or just a commit of the leftover blinding factors. By the virtue of hashing algorithms, this isn’t possible. To verify this we would have to make all blinding factors and amounts public. But in doing so, nothing is private. How then can we make a valued public that is made with a privatevalue in such a way that you cannot reverse engineer the private value and still validate it satisfies some condition? It sounds a bit like public and private key cryptography… What we learned in our primer on EllipticCurve Cryptography was that by using an elliptic curve to define our number space, we can use a point on the curve, G, and multiply it by any number, x, and what you get is another valid point, P, on the same curve. This calculation is quick but in taking the resultant point and the publically known generator point G, it is practically impossible to figure out what multiplier was used. This way we can use the point P as the public key and the number x as the private key. Interestingly, they also have the curious property of being additive and communicative. If you take point P which is x • G and add point Q to it which is y • G, its resulting point, W = P + Q, is equal to creating a new point with the combined numbers x+y. So: https://preview.redd.it/yv0knclr6p331.png?width=800&format=png&auto=webp&s=9a3abccdc164e615651147141736356013e4b829 This property, homomorphism, allows us to do math with numbers we do not know. So if instead of using the raw amount and blinding factor in our commit, we use them each multiplied by a known generator point on an elliptic curve. Our commit can now be defined as: https://preview.redd.it/aas2wm0u6p331.png?width=800&format=png&auto=webp&s=c3ebb5728f755f30e878ce5f1885397f6667d4f3 This is called a Pedersen Commitment and serves as the core of all Confidential Transactions. Let’s call the blinding factors r, and the amounts v, and use H and G as generator points on the same elliptic curve (without going deep into Schnorr signatures, we will just accept that we have to use two different points for the blinding factor and value commits for validation purposes**). Applying this to our previous commitments: https://preview.redd.it/zf246t8z6p331.png?width=800&format=png&auto=webp&s=17e2e155c59002f05f38ccb27082f79a5dd98a1f and using the communicative properties: https://preview.redd.it/km4fuf017p331.png?width=800&format=png&auto=webp&s=13541d62ec3f6e5728388b7a8d995c3829364a42 which for a valid transaction, this would equal: with ri, vi being the values for the input, ro,vo being the values for the output and rco, vco being the values for the change output. This resultant difference is just a commit to the excess blinding factor, also called a commitmenttozero: https://preview.redd.it/tqnwao667p331.png?width=800&format=png&auto=webp&s=9da5ecab5c670024f171a441e0d2477cf8f41a56 You can see that in any case where the blinding factors were selected randomly, the committozero will be nonzero and in fact, is still a valid point on the elliptic curve with a public key, https://preview.redd.it/19ry9i297p331.png?width=800&format=png&auto=webp&s=4fb6628a01dc784816e1aea43cc0f5cfb025af52 And private key being the difference of the blinding factors. So, if the sum of the inputs minus the sum of the outputs produces a valid public key on the curve, you know that the values have balanced to zero and no coins were created. If the resultant difference is not of the form https://preview.redd.it/71mpdobb7p331.png?width=800&format=png&auto=webp&s=143d28da48d40208d5ef338444b3c7edea1fab9c for some excess blinding factor, it would not be a valid public key on the curve, and we would know that it is not a balanced transaction. To prove this, the transaction is then signed with this public key to prove the transaction is balanced and that all blinding factors are known, and in the process, no information about the transaction have been revealed (the by step details of the signature process can be read in [Arvan19]). All the above work assumed the numbers were positive. One could create just as valid of a balanced transaction with negative numbers, allowing users to create new coins with every transaction. Called Range Proofs, each transaction must be accompanied by a zeroknowledge argument of knowledge to prove that a private committed value lies within a predetermined range of values. Mimblewimble, as well as Monero, use BulletProofs which is a new way of calculating the proof which cuts down the size of the transaction by 80–90%. *Average sizes of transactions seen in current networks or by assuming 2 input 2.5 output average tx size for MW Up to this point, the protocol described is moreorless identical between Mimblewimble and Monero. The point of deviation is how transactions are signed. In Monero, there are two sets of keys/addresses, the spend keys, and the view keys. The spend key is used to generate and sign transactions, while the view key is used to “receive” transactions. Transactions are signed with what is called a Ring Signature which is derived from the output being spent, proving that one key out of the group of keys possesses the spend key. This is done by creating a combined Schnorr signature with your private key and a mix of decoy signers from the public keys of previous transactions. These decoy signers are all mathematically equally valid which results in an inability to determine which one is the real signer. Being that Monero uses Pedersen Commitments shown above, the addresses are never publically visible but are just used for the claiming, signing of transactions and generating blinding factors. Mimblewimble, on the other hand, does not use addresses of any type. Yes. That’s right, no addresses. This is the true brilliance of the protocol. What Jedusor proved was that the blinding factors within the Pedersen commit and the committozero can be used as singleuse public/private key pairs to create and sign transactions. All address based protocols using ellipticcurve cryptography generate publicprivate key pairs in essentially the same way. By multiplying a very large random number (k_priv) by a point (G) on an elliptic curve, the result (K_pub) is another valid point on the same curve. https://preview.redd.it/pt2xr33i7p331.png?width=800&format=png&auto=webp&s=1785cebcc842cab19b3987d848b2029032ae1195 This serves as the core of all address generation. Does that look familiar? Remember this commit from above: https://preview.redd.it/w9ooxudk7p331.png?width=800&format=png&auto=webp&s=d94ad3ac103352aa4c9653934d61cccc25a6bf8f Each blinding factor multiplied by generator point G (in red) is exactly that! r•G is the public key with private key r! So instead of using addresses, we can use these blinding factors as proof we own the inputs and outputs by using these values to build the signature. This seemingly minor change removes the linkability of addresses and the need for a scriptSig process to check for signature validity, which greatly simplifies the structure and size of Confidential Transactions. Of course, this means (at this time) that the transaction process requires interaction between parties to create signatures. CoinJoinEven though all addresses and amounts are now hidden, there is still some information that can be gathered from the transactions. In the above transaction format, it is still clear which outputs are consumed and what comes out of the transaction. This “transaction graph” can reveal information about the owners of the blinding factors and build a picture of the user based on seen transaction activity. In order to further hide and condense information, Mimblewimble implements an idea from Greg Maxwell called CoinJoin [Max13] which was originally developed for use in Bitcoin. CoinJoin is a trustless method for combining multiple inputs and outputs from multiple transactions, joining them into a single transaction. What this does is a mask that sender paid which recipient. To accomplish this in Bitcoin, users or wallets must interact to join transactions of like amounts so you cannot distinguish one from the other. If you were able to combine signatures without sharing private keys, you could create a combined signature for many transactions (like ring signatures) and not be bound by needing like amounts. In this CoinJoin tx, 3 addresses have 4 outputs with no way of correlating who sent what In Mimblewimble, doing the balance calculation for one transaction or many transactions still works out to a valid committozero. All we would need to do is to create a combined signature for the combined transaction. Mimblewimble is innately enabled to construct these combined signatures with the commit of Schnorr challenge transaction construction. Using “oneway aggregate signatures” (OWAS), nodes can combine transactions, while creating the block, into a single transaction with one aggregate signature. Using this, Mimblewimble joins all transactions at the block level, effectively creating each block as one big transaction of all inputs consumed and all outputs created. This simultaneously blurs the transaction graph and has the power to remove inbetween transactions that were spent during the block, cutting down the total size of blocks and the size of the blockchain. CutthroughWe can take this one step further. To validate this fully “joined” block, the node would sum all of the output commitments together, then subtract all the input commitments and validate that the result is a valid committozero. What is stopping us from only joining the transactions within a block? We could theoretically combine two blocks, removing any transactions that are created and spent in those blocks, and the result again is a valid transaction of just unspent commitments and nothing else. We could then do this all the way back to the genesis block, reducing the whole blockchain to just a state of unspent commitments. This is called Cutthrough. When doing this, we don’t have any need to retain the range proofs of spent outputs, they have been verified and can be discarded. This lends itself to a massive reduction in blockchain growth, reducing growth from O*(number of txs)* to O*(number of unspent outputs)*.To illustrate the impact of this, let’s imagine if Mimblewimble was implemented in the Bitcoin network from the beginning, with the network at block 576,000, the blockchain is about 210 GB with 413,675,000 total transactions and 55,400,000 total unspent outputs. In Mimblewimble, transaction outputs are about 5 kB (including range proof ~5 kB and Pedersen commit ~33 bytes), transaction inputs are about 32 bytes and transaction proof are about 105 bytes (committozero and signature), block headers are about 250 bytes (Merkle proof and PoW) and nonconfidential transactions are negligible. This sums up to a staggering 5.3 TB for a full sync blockchain of all information, with “only” 279 GB of that being the UTXOs. When we cutthrough, we don’t want to lose all the history of transactions, so we retain the proofs for all transactions as well as the UTXO set and all block headers. This reduces the blockchain to 322 GB, a 94% reduction in size. The result is basically a total consensus state of only that which has not been spent with a full proof history, greatly reducing the amount of sync time for new nodes. If Bulletproofs are implemented, the range proof is reduced from over 5kB to less than 1 kB, dropping the UTXO set in the above example from 279 GB to 57 GB. *Based on the assumptions and calculations above. There is also an interesting implication in PoS blockchains with explicit finality. Once finality has been obtained, or at some arbitrary blockchain depth beyond it, there is no longer the need to retain range proofs. Those transactions have been validated, the consensus state has been built upon it and they make up the vast majority of the blockchain size. If we say in this example that finality happens at 100 blocks deep, and assume that 10% of the UTXO set is prefinality, this would reduce the blockchain size by another 250 GB, resulting in a full sync weight of 73 GB, a 98.6% reduction (even down 65% from its current state). Imagine this. A 73 GB blockchain for 10 years of fully anonymous Bitcoin transactions, and one third the current blockchain size. It’s important to note that cutthrough has no impact on privacy or security. Each node may choose whether or not to store the entire chain without performing any cutthrough with the only cost being increased disk storage requirements. Cutthrough is purely a scalability feature resulting in Mimblewimble based blockchains being on average three times smaller than Bitcoin and fifteen times smaller than Monero (even with the recent implementation of Bulletproofs). What does this mean for INT and IoT?Transactions within an IoT network require speed, scaling to tremendous volumes, adapting to a variety of uses and devices with the ability to keep sensitive information private. Up till now, IoT networks have focused solely on scaling, creating networks that can transact with tremendous volume with varying degrees of decentralization and no focus on privacy. Without privacy, these networks will just make those who use it targets who feed their attackers the ammunition.Mimblewimble’s revolutionary use of ellipticcurve cryptography brings us a privacy protocol using Pedersen commitments for fully confidential transactions and in the process, removes the dependence on addresses and private keys in the way we are used to them. This transaction framework combined with Bulletproofs brings lightweight privacy and anonymity on par with Monero, in a blockchain that is 15 times smaller, utilizing full cutthrough. This provides the solution to private transactions that fit the scalability requirements of the INT network. The Mimblewimble protocol has been implemented in two different live networks, Grin and Beam. Both are purely transactional networks, focused on the private and anonymous transfer of value. Grin has taken a Bitcoinlike approach with communityfunded development, no premine or founders reward while Beam has the mindset of a startup, with VC funding and a large emphasis on a userfriendly experience. INT, on the other hand, is researching implementing this protocol either on the main chain, creating all INT asset transfer private or as an optional and addon subchain, allowing users to transfer their INT from nonprivate chain to the private chain, or vice versa, at will. Where it falls short？What makes this protocol revolutionary is the same thing that limits it. Almost all protocols, like Bitcoin, Ethereum, etc., use a basic scripting language with a function calls out in the actual transaction data that tells the verifier what script to use to validate it. In the simplest case, the data provided with the input calls “scriptSig” and provides two pieces of data, the signature that matches the transaction and the public key that proves you own the private key that created it. The output scripts use this provided data with the logic passed with it, to show the validator how to prove they are allowed to spend it. Using the public key provided, the validator then hashes it, checks that it matches the hashed public key in the output, if it does, it then checks to make sure the signature provided matches the input signature.https://preview.redd.it/5u6m1eiv7p331.png?width=1200&format=png&auto=webp&s=3729eb12037107ae744d15cea9f9bc1e18a3c719 This verification protocol allows some limited scripting ability in being able to tell validators what to do with the data provided. The Bitcoin network can be updated with new functions allowing it to adapt to new processes or data. Using this, the Bitcoin protocol can verify multiple signatures, lock transactions for a defined timespan and do more complex things like lock bitcoin in an account until some outside action is taken. In order to achieve more widely applicable public smart contracts like those in Ethereum, they need to be provided data in a nonshielded way or create shielded proofs that prove you satisfy the smart contract conditions. In Mimblewimble, as a consequence of using the blinding factors as the key pairs, greatly simplifying the signature verification process, there are no normal scripting opportunities in the base protocol. What is recorded on the blockchain is just: https://preview.redd.it/dwhiuc8y7p331.png?width=1200&format=png&auto=webp&s=69ea0a7797bc94a9766a4b31a639666bf9f1ebc4
There are some proposals for creative solutions to this problem by doing socalled scriptlessscripts†. By utilizing the properties of the Schnorr signatures used, you can achieve multisig transactions and more complex conditionbased transactions like atomic crosschain swaps and maybe even lightning network type state channels. Still, this is not enough complexity to fulfill all the needs of IoT smart contracts. And on top of it all, implementing cutthrough would remove transactions that might be smart contracts or rely on them. So you can see in this design we can successfully hide values and ownership but only for a single dimensional data point, quantity. Doing anything more complex than transferring ownership of coin is beyond its capabilities. But the proof of ownership and committozero is really just a specific type of Zeroknowledge (ZK) proof. So, what if, instead of blinding a value we blind a proof? Part 2 of this series will cover implementing private smart contracts with zkSNARKs. References and Noteshttps://github.com/ignopeverell/grin/blob/mastedoc/intro.mdhttps://github.com/mimblewimble/grin/blob/mastedoc/pow/pow.md https://github.com/mimblewimble/grin/wiki/GrinandMimbleWimblevsZCash https://bitcointalk.org/index.php?topic=30579 [poel16] http://diyhpl.us/~bryan/papers2/bitcoin/mimblewimbleandytoshiINCOMPLETEDRAFT20161006001.pdf ** In order to prove that v=0 and therefore the commit to zero, in fact, has no Hcomponent without revealing r, we must use Schnorr protocol: prover generates random integer n, computes and sends point 𝑇←n𝐻 verifier generates and sends random integer 𝑖 prover computes and sends integer 𝑠←𝑖𝑏+n modq, where q is the (public) order of the curve verifier knowing point r𝐻 computes point 𝑖(r𝐻), then point 𝑖(r𝐻)+𝑇; computes point 𝑠𝐻; and ensures 𝑖(r𝐻)+𝑇=𝑠𝐻. [Arvan19] https://medium.com/@brandonarvanaghi/grintransactionsexplainedstepbystepfdceb905a853 [Bulletproofs] https://eprint.iacr.org/2017/1066.pdf [Max13] https://bitcointalk.org/?topic=279249 [MaxCT]https://people.xiph.org/~greg/confidential_values.txt [Back13]https://bitcointalk.org/index.php?topic=305791.0 http://diyhpl.us/wiki/transcripts/grincon/2019/scriptlessscriptswithmimblewimble/ https://tlu.tarilabs.com/cryptography/scriptlessscripts/introductiontoscriptlessscripts.html#listofscriptlessscripts http://diyhpl.us/~bryan/papers2/bitcoin/201703mitbitcoinexpoandytoshimimblewmblescriptlessscripts.pdf 
BUIP024: Extension Blocks with Address Shardinghttps://np.reddit.com/btc/comments/54afm7/buip024_extension_blocks_with_address_sharding/
Why aren't we as a community talking about Sharding as a scaling solution?https://np.reddit.com/Bitcoin/comments/3u1m36/why_arent_we_as_a_community_talking_about/
[Brainstorming] Could Bitcoin ever scale like BitTorrent, using something like "mempool sharding"?https://np.reddit.com/btc/comments/3v070a/brainstorming_could_bitcoin_ever_scale_like/
[Brainstorming] "Let's Fork Smarter, Not Harder"? Can we find some natural way(s) of making the scaling problem "embarrassingly parallel", perhaps introducing some hierarchical (tree) structures or some natural "sharding" at the level of the network and/or the mempool and/or the blockchain?https://np.reddit.com/btc/comments/3wtwa7/brainstorming_lets_fork_smarter_not_harder_can_we/
"Braiding the Blockchain" (32 min + Q&A): We can't remove all sources of latency. We can redesign the "chain" to tolerate multiple simultaneous writers. Let miners mine and validate at the same time. Ideal block time / size / difficulty can become emergent pernode properties of the network topologyhttps://np.reddit.com/btc/comments/4su1gf/braiding_the_blockchain_32_min_qa_we_cant_remove/
As part of the clientserver network architecture, the volunteered machines each receive pieces of a simulation (work units), complete them, and return them to the project's database servers, where the units are compiled into an overall simulation.
In 2007, Guinness World Records recognized [email protected] as the most powerful distributed computing network. As of September 30, 2014, the project has 107,708 active CPU cores and 63,977 active GPUs for a total of 40.190 x86 petaFLOPS (19.282 native petaFLOPS). At the same time, the combined efforts of all distributed computing projects under BOINC totals 7.924 petaFLOPS.
Using distributed computing, [email protected] sends the millions of chunks of data to be analyzed offsite by home computers, and then have those computers report the results. Thus what appears an onerous problem in data analysis is reduced to a reasonable one by aid from a large, Internetbased community of borrowed computer resources.
Observational data are recorded on 2terabyte SATA hard disk drives at the Arecibo Observatory in Puerto Rico, each holding about 2.5 days of observations, which are then sent to Berkeley. Arecibo does not have a broadband Internet connection, so data must go by postal mail to Berkeley. Once there, it is divided in both time and frequency domains work units of 107 seconds of data, or approximately 0.35 megabytes (350 kilobytes or 350,000 bytes), which overlap in time but not in frequency. These work units are then sent from the [email protected] server over the Internet to personal computers around the world to analyze.
Data is merged into a database using [email protected] computers in Berkeley.
The [email protected] distributed computing software runs either as a screensaver or continuously while a user works, making use of processor time that would otherwise be unused.
Active users: 121,780 (January 2015)
PrimeGrid is a distributed computing project for searching for prime numbers of worldrecord size. It makes use of the Berkeley Open Infrastructure for Network Computing (BOINC) platform.
Active users 8,382 (March 2016)
A MapReduce program is composed of a Map() procedure (method) that performs filtering and sorting (such as sorting students by first name into queues, one queue for each name) and a Reduce() method that performs a summary operation (such as counting the number of students in each queue, yielding name frequencies).
Ein Blockheader ohne Transaktionen würde ungefähr 80 Bytes umfassen. Wenn wir annehmen, dass Blöcke alle 10 Minuten erzeugt werden, 80 Bytes * 6 * 24 * 365 = 4,2 MB pro Jahr. Mit Computersystemen, die typischerweise ab 2008 mit 2 GB RAM verkauft werden, und dem Mooreschen Gesetz, das ein aktuelles Wachstum von 1,2 GB pro Jahr vorhersagt ... Block to Megabyte (10^6 bytes) Megabyte (10^6 bytes) to Block: 1 Block = 3.814697265625E6 Gigabit [Gb] Block to Gigabit: Gigabit to Block: 1 Block = 4.7683715820311E7 Gigabyte [GB] Block to Gigabyte: Gigabyte to Block: 1 Block = 5.12E7 Gigabyte (10^9 bytes) Block to Gigabyte (10^9 bytes) Gigabyte (10^9 bytes) to Block For many Bitcoin machines online rates are available. Producers. Genesis Coin (4080) General Bytes (3362) BitAccess (1106) Coinsource (731) Lamassu (543) All producers; Countries. United States (9178) Canada (920) United Kingdom (286) Austria (148) Spain (104) All countries; More. Find bitcoin ATM near me; Submit new ATM ; Submit business to host ATM; Android app; iOS app; Charts; Remittance ... EUR/GBP: Aktueller Euro  Britische Pfund Kurs heute mit Chart, historischen Kursen und Nachrichten. Wechselkurs EUR in GBP. If the such an attack is executed, every node in the network will start trashing after 1.5 hours approximately, as Bitcoin application will be using more than 1.5 GB of RAM. After 2 hours, every node running in Windows 32bits will halt, since the address space of 2 Gb will be filled. After 8.7 hours, every 64bit node still alive will fill both the 2 Gb of RAM and the 4 gigabytes of hard disk ...
[index] [36212] [13733] [29449] [44008] [5550] [13070] [49910] [6358] [41704] [24388]
Today I show you how to mine the worlds #1 cryptocurrency  Bitcoin. Mining bitcoin is actually incredibly easy. This tutorial will tell you everything there... After the first Bitcoin Halving in November 2012 the price of Bitcoin crashed more than 80% a couple months later. How likely is such a Bitcoin dump after th... Unless you have over 1 BTC to trade, never send Bitcoin to an exchange!!! Why? You'll be charged an incredibly high fee because the Bitcoin network is so overworked at the moment. Why? Bitcoin  80 Trillion Dollar Exit. I talk about how Bitcoin will eventually become an exit ramp from the crashing 80 trillion dollar financial system, the ec... gerçek kimliği hala bilinmeyen satoshi nakamoto, bundan 10 yıl önce, var olan finansal düzenin tüm açıklarını kapatma iddiasındaki yepyeni bir sistemin ilk a...