A from-scratch tour of Bitcoin in Python(karpathy.github.io) |
A from-scratch tour of Bitcoin in Python(karpathy.github.io) |
I do think that bitcoin is fundamentally too complicated to understand, mathematically, for most people- myself included. I would argue everyone needs to do this exercise, from scratch, and also understand what they are doing (the math), to have confidence in bitcoin payment network. Anyone who thinks you don't need to get it is most likely in it for speculation alone.
With something so abstract like bitcoin, it has a much larger uphill battle for understanding than a physical commodity like Gold, the precursor of paper dollars.
And just as you don't need to tour the mint to have confidence in the dollar, or implement Diffie-Hellman to have confidence in your TLS connection to Amazon, you don't need to understand elliptic curve cryptography to have faith in Bitcoin.
If someone steals a private key by committing another crime like stealing a laptop, that is a crime because you own the laptop. If they learn of your private key without committing a crime, that is not theft.
You don't own 'space on the blockchain.' I have no idea what that even means.
You do need to understand elliptic curve cryptography to have confidence (not faith) in bitcoin because you make the transactions in bitcoin. You are responsible, not some third party. People understand the dollar because it is physical and you can get them on demand and they originally got their value from Gold, not some abstraction like proof of spent energy one time awhile back.
It doesn't matter anyway because Bitcoin is not a bank deposit, nor is it a security. Under the law it is generally treated as property. It's still a crime to steal property.
My point is that the fact that it's all numbers in a computer does not make it somehow legal to steal it. What you own is not the abstract number of your private key, but the concrete database entries in a specific blockchain database.
While not relevant, it's also not even true in a pedantic sense that you "can't legally own a number". All digital files are simply long numbers, and copyright assigns ownership of those numbers to people. Also, the DeCSS case established de facto ownership of a private key, making it illegal to copy, so yes you can actually have a kind of ownership even of just a private key under the law. Again, not relevant or necessary for Bitcoin, but interesting.
Copyright doesn't cover the computer reference machine code number, it covers actual intellectual content.
Just like it is not settled whether Ethereum or Bitcoin is a security- thoughts on this can and will change, new regulators get elected... neither is settled whether you can actually say that you own a number.
The community has misplaced confidence imo.
Saying the law could change is literally always true, it means nothing. Will it change? You could make an argument for Ethereum, and I tend to agree that the community is overconfident about the regulations around Ethereum and other coins. However for Bitcoin specifically the SEC has been very clear and consistent in stating that it is not and has never been a security. Their justifications are sound. So no, it almost certainly won't change for Bitcoin.
Copyright covers the specific number in addition to the general intellectual content of the number. You could say it covers a family of related numbers. That's stronger than just covering a single number.
Bank deposits are financial assets- which gets its value from a contractual right or ownership claim.
When you deposit money in a bank, they lend that money out, they make a return, and in a sane world you would receive interest on that money.
Using this definition of a financial asset, I don't think bitcoin qualifies, it is more of an intangible. It might be a financial asset only if it is held at a custodian.
Congress and the courts decide what a security is, not the SEC. The SEC is the enforcement agency from what I can tell.
It's also unlikely that Congress would change the existing definition to apply to Bitcoin. It's much more likely that they would pass specific regulations for Bitcoin and cryptocurrency.
(The subtitle of the blog is "Computer history, restoring vintage computers, IC reverse engineering, and whatever" and it is full of fascinating articles, several of which have been featured here on HN)
Cool that this article implements the cryptography primitives, though!
e: Funnily, like the article, I also stored some BTC in a wallet and challenged people to (manually) take/steal it. At the time it was worth $10 USD.. now it's worth $123 USD!
https://github.com/yjjnls/awesome-blockchain#implementation-... and https://github.com/openblockchains/awesome-blockchains#pytho... list a few more ~"blockchain from scratch" [in Python] examples.
... FWIU, Ethereum has the better Python story. There was a reference implementation of Ethereum in Python? https://ethereum.org/en/developers/docs/programming-language...
http://www.righto.com/2014/09/mining-bitcoin-with-pencil-and...
https://gizmodo.com/mining-bitcoin-with-pencil-and-paper-164...
1 1BgGZ9tcN4rm9KBzDn7KprQz87SZ26SAMH https://www.blockchain.com/btc/address/1BgGZ9tcN4rm9KBzDn7KprQz87SZ26SAMH
Some others: 2 1cMh228HTCiwS8ZsaakH8A8wze1JR5ZsP https://www.blockchain.com/btc/address/1cMh228HTCiwS8ZsaakH8A8wze1JR5ZsP
3 1CUNEBjYrCn2y1SdiUMohaKUi4wpP326Lb https://www.blockchain.com/btc/address/1CUNEBjYrCn2y1SdiUMohaKUi4wpP326Lb
42 1EMxdcJsfN5jwtZRVRvztDns1LgquGUTwi https://www.blockchain.com/btc/address/1EMxdcJsfN5jwtZRVRvztDns1LgquGUTwi
1337 1DN76uuAUDY1DLxABD3JAyunhhAreJbCjT https://www.blockchain.com/btc/address/1DN76uuAUDY1DLxABD3JAyunhhAreJbCjThttps://keys.lol/bitcoin/22486853933768128433444208678976948...
Finding one with a balance is the hard part.
Does this make any sense? How is a curve going to have backdoors on it? Or he means a specific implementation? Or is this a joke? I'm confused
Can someone explain how this was executed?
>secret_key3 = int.from_bytes(b"Andrej's Super Secret 3rd Wallet", 'big') # or just random.randrange(1, bitcoin_gen.n)
(Obviously a private key intended for actual use generally wouldn't just be some ASCII bytes of an English phrase and wouldn't be posted publicly. Though, of course, there have been instances of both...)
On the test net! On the real net it would be like 20% or more in fees.
I think we are well past the point of debating if bitcoin layer one will be used for day to day transactions however. A custodial service or lighting will have to be used for that. Additionally most people treat bitcoin closer to gold than a dollar currently.
"The raw 25 bytes of our address though contain 1 byte for a Version (the Bitcoin “main net” is b'\x00', while the Bitcoin “test net” uses b'\x6f'), then the 20 bytes from the hash digest, and finally 4 bytes for a checksum so we can throw an error with 1 - 1/2*4 = 93.75% probability in case a user messes up typing in their Bitcoin address into some textbox."
There is exactly zero progress to make it scale in the last 10+ years.
Can someone explain what this means? Its not explained anywhere in the post.
# secret_key = random.randrange(1, bitcoin_gen.n) # this is how you _would_ do it
I know the article is mainly for learning purposes but someone should point out that the `random` module in python is not meant for cryptography. Please use the built-in `secrets` module or `os.urandom` instead.Was on front page yesterday for a presentation on Tesla's Autopilot / Autonomous features: https://www.youtube.com/watch?v=NSDTZQdo6H8
Cool to learn this is the same guy.
― Bill Gates
"A professor of Byzantine history at Princeton once said that von Neumann had greater expertise in Byzantine history than he did" [1]
I don't know for sure why, but I think two possibilities are likely: (1) An extremely strong, natural intellectual curiosity and/or (2) Working on other things allows them to bring fresh ideas/insights to their "main" work, and in this sense is also rejuvenating.
Agreed though - impressive he has that kind of sidebar time or is so capable he doesn't need that much time to figure it out.
Everything I learned about deep neural networks, enough to apply it in a live product, was essentially all his notes, videos and exercises. And it’s all out there for free!
Thanks Andrej and keep doing cool stuff!
https://miracl.com/blog/backdoors-in-nist-elliptic-curves/
“Working in collaboration with the NSA, NIST included three sets of recommended elliptic curves in FIPS 186-2 that were generated using the algorithms in the American National Standard (ANS) X9.62 standard and Institute of Electrical and Electronics Engineers (IEEE) P1363 standards.”: What exactly is NIST’s justification for making claims regarding the method that NSA used to generate these curves? The fact that a hash matches is publicly verifiable, but the distribution of “random” inputs is not. I have heard NSA employees claiming that the “random” inputs were actually generated as hashes of English text chosen (and later forgotten) by Jerry Solinas."
https://csrc.nist.gov/CSRC/media/Publications/sp/800-186/dra...
It's all quite public.
Quoting from the paper:
The standard given by the NIST gives a list of explicit parameters ... describing the elliptic curve behind the algorithm.
Examining the points P and Q here, it is obvious why cryptographers were suspicious of the Dual EC ... once the scalar k is known, it is a “simple matter to determine the secret internal state s of the pseudo-random bit generator” [6], by observing as few as 32 bytes of output.
It goes on to quote one of the NSA contractors who admitted that instead of being randomly chosen, "Q is (in essence) the public key for some random private key."
"It could also be generated like a(nother) canonical G, but NSA kyboshed this idea, and I was not allowed to publicly discuss it, just in case you may think of going there."
Straying from the prescribed points was discouraged, and NIST only provided FIPS validation to clients using the original P and Q.
More recently, GPRS was also shown to have been intentionally weakened - presumably to pass export controls - although in this case I think it was the algorithm and not a "cherry picked" curve: https://eprint.iacr.org/2021/819.pdf
> Money was changing hands between the NSA and companies, to have them install this as their standard for number generation. That's deeply suspicious.
(-from the video)
That's one piece of information I didn't know, and doesn't usually get mentioned in the discussions I've seen about this.
https://en.wikipedia.org/wiki/Data_Encryption_Standard#NSA's...
https://en.wikipedia.org/wiki/Differential_cryptanalysis#His...
Lol, literally this week: https://taproot.watch/
Taproot is the update we get after ten years of the BTC devs doing nothing except gaslighting users about the protocol's scalability? All that momentum wasted.
Taproot will in practice have an even smaller impact, as it only affects special transactions that normal people won't use.
So yeah, it's not zero progress, but it's certainly not much.
https://digiconomist.net/bitcoin-energy-consumption
Just watch this video:
https://www.youtube.com/watch?v=UDKntG4F0hg
So in about 5 years pretend everyone in the United States melts a wrench like that... Then a month later they do that twice, a month later they do it three times.
Hey, at least it will be fun.
[0] https://1ml.com/
Disclaimer: I'm involved.
taproot, which recently locked in, reduces the space needed to represent complex contracts.
moreover, bitcoin aims at being a concise and focused base layer on top of which secondary layers and sidechains can be built.
your absolute statement "exactly zero" is absolutely wrong.
Have you ever read the white paper that outlines what bitcoin aims to be?
Complex contracts? Are you joking? What kind of complex contracts do you think can be done on BTC? Their scripting language and capabilities has been neutered just like their blocksize. Good luck writing a useful contract on BTC.
(Yes this is on the Bitcoin SV implementation of the Bitcoin protocol - where they're using the original protocol that Satoshi envisioned)
Either way, bitcoin the protocol can handle waaaaaay more transactions than the BTC devs have constrained it to.
- Transaction fees are ~$0.0001
- The network has shown capacity for 50k tps
- On March 14, 2021, the network processed a world record 638 MB block
- As of June 4, 2021 the chain size exceeded that of the BTC implementation and is currently 418.17 GB
- New business based on micropayments have emerged like twetch, streamanity, peergame, etc
[1] https://www.prnewswire.com/news-releases/bsv-proves-that-bit...No, that was a lab demo of a single beefy system being directly fed with test data and being measured on how long it takes to process it.
If I may, let me ask you an unrelated question that just 'popped in my head' only now but is related to your recent presentation at CVPR: Are you guys at Tesla fusing video with audio data for self-driving?
Just curious. I ask because (a) sound waves at frequencies detectable by the human ear appear to be quite important for both routine and edge-case situations (e.g., sounds of other vehicles braking/screeching/accelerating/passing, sirens of ambulances/police cars/fire trucks, bursts of honks from other vehicles, people suddenly shouting/screaming nearby), and (b) audio and video signals are already synchronized, so I imagine fusing them should be more straightforward (e.g., there's already some research out there on applying deep learning to video clips with audio).
For reference, I started a small Bitcoin mining hardware business back in the day, while still holding a 200/hr week/8 days a week/400 days a year full-time job. Working on Bitcoin stuff was my "break" from regular work.
Permissionless just means anyone can create transactions because there's essentially no way to block someone from doing so, unlike say a transaction on PayPal.
There's this persistent misconception out there that only Ethereum works this way. It's a testament to marketing. Bitcoin has been doing "smart contracts" long before Ethereum was even a gleam in Vitalik's eye.
There's also the ethereum VM which is a slow decentralized state machine capable of executing code...
But just wanted to make the point that Bitcoin is a global computer as much as ethereum is, Solidity is just Turing complete while (Bitcoin’s) Script is intentionally limited to a few instructions.
There will be a point in time where there are just a few quantum computers that can break everything before the general public has access to quantum computing. Can crypto work in that scenario? Normal computers wouldn't be able to work with the beastly algorithms a quantum computer could handle.
A likely drop-in replacement for elliptic curve cryptography (ECC) currently used by Bitcoin could be
https://en.wikipedia.org/wiki/Supersingular_isogeny_key_exch...
I am not a Mathematician, but what I understood, it's basically an extension of ECC using multiple elliptic curves, allows to re-use the Diffie–Hellman key exchange protocol (private keys kept secret, public keys exchanged) and memory requirements are small. So it would be a perfect replacement in wallets and validation nodes. But I can not explain why it is safe against an attack using quantum computers.
This is talked about all the time in Bitcoin dev circles.
It practice, it appears to be slightly harder to break than RSA for the same security level as we define it in non-quantum computing, but not by much.
Not in a useful way: https://www.reddit.com/r/btc/comments/l8v8sa/heres_a_6of9_sc...
> Smart contracts were first proposed in the early 1990s by Nick Szabo, who coined the term, using it to refer to "a set of promises, specified in digital form, including protocols within which the parties perform on these promises".
https://en.wikipedia.org/wiki/Smart_contract
We don't get to decide what smart contracts are. Nick Szabo decided long ago.
Marketing vs reality has been a big problem in this space.
A centralized cryptocoin is just MySql with extra steps.
Just kidding, it should only be p2p cash and it failed at that.
PoW/PoS will be replace by FBA in the next years and every system that can not switch away from PoW will become irrelevant.
... or even the title
Play is important for children of all ages.
We're not going to shut down entire sectors of the economy because of their environmental impact. People are going to innovate and invest in alternative sources of energy because it is becoming profitable to do so. The solution is hardly ever "just stop doing it", it's "how can we do this better".
Traditional centralized ledgering systems do everything crypto does better and with a fraction of the energy use. It also gives governments tools to combat inflation/deflation and manage counterparty risks within the system.
Crypto is a neat idea, but in the end it doesn't really solve anything, and instead only introduces a lot of unnecessary problems.
Twetch.app has more than 50k users. It's also a genuine use case. So is etched.page or the other above-mentioned services.
How can you abuse storage if there is a 0.5 satoshis/byte fee to write data on chain currently? Miners are for-profit entities and will always charge for storage.
What does your average daily schedule look like?
Today people in crypto may be willing to look up bitcoins they hold long term anyway. But in the real world this would be dead and trapped capital it doesn't work for you and you cant even use it to quickly buy something an take advantage of a market situation.
The only reason why someone would look up capital like that if is it makes money. So people who use someone else locked up bitcoins have to pay. This makes LN impossible to be cheap. You literally lend money to send money to someone. Its complete absurd. And as you said to make this more efficient large centralized pools are created so there will be a monopoly or oligopoly for lending, hows that gonna be good for the fees.
LN was dead before they started coding it.
https://www.cs.umd.edu/~amchilds/teaching/w08/l03.pdf
May help if you're actually interested.
Edit: More signed transactions help with the classical and not the quantum part of schor.
Edit2: Schor has not yet even been able to factor the integer 35 with current quantum hardware, too much interference.
> currently Shor's algorithm is unfeasible with only 1 signed message.
The algorithm is currently unfeasible with 100s of messages. Shor's algorithm uses a quantum computer to reduce the complexity of integer factorization from sub-exponential to polynomial-time. It is not an attack that fine-tunes the output according to the amount of network traffic.
I suppose Bitcoin is better than gold. Unfortunately, for BTC, we already have much more advanced financial technology.
It also enables Schnorr, which produces smaller signatures than ECDSA.
It also contains features to further improve the efficiency of Lightning, which is a shockingly effective scaling mechanism.
And don't bother coming up with hand wavy explanations of how it could work, some day. People have been talking about Lightning for years, literally billions of dollars have been poured into the "tech", the fact that even bitcoin enthusiasts barely ever use it is all the proof I need.
I wonder how many more years of empty promises we'll have to suffer through before people accept that cryptocurrencies are a very good pyramid scheme with a thick layer of technobabble around it.
All the problems with bitcoin are long long solved just not with bitcoin because its not possible to fix something when the majority (of hashpower) thinks its not broken or rather profit form its brokenness.
FBA coins exists since 2013 or so.
LN is not part of bitcoin and a total joke anyway.
Are you sure, what about when someone sends to it?
If the sender wanted to send you a private message, they would need your public key, but that's not what transactions do.
Funny how they figured out that you cant make money with money services if you remove the third party, so they added it back in.
On top of that there are countless other blockchains/DLT that have cheap transactions on the first layer. Cheap as in fractions of a cent. To compete with that you would need to lock your BTC for free but then you still have the on chain transaction that LN needs sometimes that cost way too much.
Now, in November taproot/schnor activates which gives us ptlc’s on the lightning network as well as makes a lightning channel opening transaction look like a normal single signature transaction, yay privacy. All of this lays the groundwork for the next major base layer change, in probably ~2023, anyprevout. This will give us “eltoo” on lightning which is nirvana. Eltoo removes the penalty mechanism which makes running a lightning node on a mobile phone or home node much more reasonable.
Protocols take a long time to develop, especially ones where a miss-step could mean the loss of billions of dollars.
Do not believe anyone telling you that their coin solved bitcoin’s scaling problems years ago.
PoW/PoS was replaced by FBA (Federated Byzantine Agreement) Its not a coin its technology used by several systems and based on BFT (which is way older than bitcoin and bitcoin actually is based on BFT as well although maybe unintentional).
FBA just adds the federated part so a decentral system can be build. While bitcoin instead used a work-reward lottery system (PoW) to decide who can write the next block rather than finding a block everyone agrees on. Its really not that hard to figure out which of these solutions probably works better and scales somewhat like a distributes system is expected to scale.
-- Patches O'Houlihan
The protocol is protected by allowing everyone to run their own full node, to give every user and every entity the power to choose which version of the protocol they want to run. When the network is run by its users, the network evolves in a direction that is best for the users. When the network is run by a few large businesses, the network evolves in a direction that is best for them.
The Bitcoin Core's layered approach is a much better solution than big blocks. The first layer protects the protocol itself, and "big blocks" are implemented on layers on top of that without compromising the core protocol.
Seriously, investing money in a bubble is nothing to celebrate. That’s why it is called a bubble. It pops and many people loose their money.
The single question people in favor of crypto can’t answer is the value creation. Now crypto is a natural evolution of certain monetary services and techniques, but at the core it literally does nothing of value. In fact, one might argue that that is its prime feature in its current state.
The protocol encompasses the nodes on the network. If the network is highly centralized the protocol is unsafe.
Have a nice day
You claim centralized manipulation of bitcoin and fraudulent people while the protocol hasn't changed. Do you have legal evidence?
Also you claim price speculation as the only use case while I've listed several apps with real users.
You mention storage abuse and I argue that miner fees prevent that.
Let’s walk through a user story. I want to send $1,000 to a friend of mine in El Salvador:
* When I initiate the $1,000 payment, Strike debits my existing USD balance.
* Strike then automatically converts my $1,000 to bitcoins ready for use in its infrastructure using its real-time automated risk management and trading infrastructure.
* Strike then moves the bitcoins across the Gulf of Mexico where it arrives in our Central American infrastructure in less than a second and for no cost.
* Strike then takes the bitcoins and automatically converts them back into USDT (synthetic digital dollar known as Tether) using its real-time automated risk management and trading infrastructure.
* Strike then credits the existing user with the USDT to their Strike account.
[1] https://jimmymow.medium.com/announcing-strike-global-2392b90...
In the case of merchant/customer interactions, the LN channel blocks customer funds from their balance, but they will never receive money from the merchant. So that balance will be sent to the merchant, payment by payment.
Not only does that block funds for the customer (which wants to reduce those, to avoid blocking too much, but that reduces the number of payments that can be made off-chain), but it also blocks the merchant’s reception of those payments: the merchant wants to be able to spend it soon, but it can only spend it on-chain.
That is compounded by the fact that most merchant/customer interactions are rare one-offs in the real world. I just don’t buy stamps every day.
LN channels are only most useful when the two parties exchange money bidirectionally on average.
It’s very common on lightning to pay liquidity providers to balance your channels to you. Lightning Labs has a service called loop where you can pay them an onchain transaction and it will make a lightning network payment to your channel for that amount, thus giving you more spend liquidity. Loop is sweet cause it does this in a non custodial way, look into it.
This is an interesting feature of cryptocurrencies. Someone levels a fair criticism of a particular implementation but it can be handwaved away because an entirely separate cryptocurrency solved this particular problem (nevermind that whatever replacement you’ve chosen has its own host of separate problems because those can be handwaved away the same way).
FBA is completely different form PoS. It does not work on incentives and penalties it works with a global final state, global rules and (federated) byzantine agreement (FBA) for progress (adding the next "block"). No way to re-org, no block/staking reward, no censorship. If someone doesn't act in everyone's interest other nodes simply wont listen to them anymore. Not following the rules its publicly visible for anyone. And since there is no reward anyway there is no financial reason why anyone would participate who does not simply want to help the system.
* This guy starts talking about sending USD, but ends up talking about receiving USDT. USD != USDT. And while there are problems with sending USD across the border, there're absolutely no problem with sending USDT. And there's absolutely no problem buying USDT wherever you are. (But, what's important, there might be problems actually converting your USDT into USD.)
* Since we end up buying USDT with USD, the word "Bitcoin" in the middle of the story seems redundant and actually confusing.
* There's nothing about Lightning here. I mean, you can talk about how you use Lightning to transfer BTC inside Strike as much as you want, but if BTC is irrelevant to the user story, so is Lightning.
* I'm not sure how Strike and this user story are relevant at all. It started out about El Salvador accepting BTC as a legal tender, and how using it in actual transactions w/o lightning is problematic due to low TPS. How sending USD to El Salvador is relevant here at all?
edit: looked it up, still looks like a total scam. I hope El Salvador is able to get through this without getting screwed and I guess I'll assume Strike (first time I've heard of it) is just as shady until I hear otherwise:
https://coingeek.com/crypto-crime-cartel-tether-using-its-st...
https://finance.yahoo.com/news/strike-phasing-usdt-bitcoin-b...
Both sides are Strike entities all this does is use bitcoin as a bridge for USD to USD which is completely pointless as both sides are USD.
You could just buy USDT (or another stabelcoin) and send it there.
Its a different story if there is actually a switch in currency needed. There is this famous and from bitcoin people often hated company called Ripple that specializes on cross-border settlement using crypto as a bridge currency. For that however the crypto must be actually moved and be sold locally for the local currency. And for that to work without risk due to volatility it must be fast. Hence they use XRP (4 sec) instead of bitcoin (10+ min). They call it ODL (On-Demand Liquidity).
>No BTC involvement required.
Totally correct. Remittance over a bridge currency only make sense under very specific conditions, which include that the input currency and the output currency are different. And a direct exchange is not possible or not cheap.
The traditional banking system does this as well, they usually use USD as bridge. To pair every currency with every currency simply isn't feasible and the low volume pairs would have no liquidity anyway. Its basically the same as with goods if you have wood but want metal you use a currency as bridge because there is no market to sell wood for metal. Now if you also have a location difference between the market where you want to sell and the mark where you want to buy then you actually can use the bridge currency to move from one market (location) to another market (location).