Dragonchain Great Reddit Scaling Bake-Off Public Proposal
Dragonchain Public Proposal TL;DR:
Dragonchain has demonstrated twice Reddit’s entire total daily volume (votes, comments, and postsper Reddit 2019 Year in Review) in a 24-hour demo on an operational network. Every single transaction on Dragonchain is decentralized immediately through 5 levels of Dragon Net, and then secured with combined proof on Bitcoin, Ethereum, Ethereum Classic, and Binance Chain, via Interchain. At the time, in January 2020, the entire cost of the demo was approximately $25K on a single system (transaction fees locked at $0.0001/txn). With current fees (lowest fee $0.0000025/txn), this would cost as little as $625. Watch Joe walk through the entire proposal and answer questions onYouTube. This proposal is also available on the Dragonchain blog.
Hello Reddit and Ethereum community!
I’m Joe Roets, Founder & CEO of Dragonchain. When the team and I first heard about The Great Reddit Scaling Bake-Off we were intrigued. We believe we have the solutions Reddit seeks for its community points system and we have them at scale. For your consideration, we have submitted our proposal below. The team at Dragonchain and I welcome and look forward to your technical questions, philosophical feedback, and fair criticism, to build a scaling solution for Reddit that will empower its users. Because our architecture is unlike other blockchain platforms out there today, we expect to receive many questions while people try to grasp our project. I will answer all questions here in this thread on Reddit, and I've answered some questions in the stream on YouTube. We have seen good discussions so far in the competition. We hope that Reddit’s scaling solution will emerge from The Great Reddit Scaling Bake-Off and that Reddit will have great success with the implementation.
Dragonchain is a robust open source hybrid blockchain platform that has proven to withstand the passing of time since our inception in 2014. We have continued to evolve to harness the scalability of private nodes, yet take full advantage of the security of public decentralized networks, like Ethereum. We have a live, operational, and fully functional Interchain network integrating Bitcoin, Ethereum, Ethereum Classic, and ~700 independent Dragonchain nodes. Every transaction is secured to Ethereum, Bitcoin, and Ethereum Classic. Transactions are immediately usable on chain, and the first decentralization is seen within 20 seconds on Dragon Net. Security increases further to public networks ETH, BTC, and ETC within 10 minutes to 2 hours. Smart contracts can be written in any executable language, offering full freedom to existing developers. We invite any developer to watch the demo, play with our SDK’s, review open source code, and to help us move forward. Dragonchain specializes in scalable loyalty & rewards solutions and has built a decentralized social network on chain, with very affordable transaction costs. This experience can be combined with the insights Reddit and the Ethereum community have gained in the past couple of months to roll out the solution at a rapid pace.
Response and PoC
In The Great Reddit Scaling Bake-Off post, Reddit has asked for a series of demonstrations, requirements, and other considerations. In this section, we will attempt to answer all of these requests.
A live proof of concept showing hundreds of thousands of transactions
On Jan 7, 2020, Dragonchain hosted a 24-hour live demonstration during which a quarter of a billion (250 million+) transactions executed fully on an operational network. Every single transaction on Dragonchain is decentralized immediately through 5 levels of Dragon Net, and then secured with combined proof on Bitcoin, Ethereum, Ethereum Classic, and Binance Chain, via Interchain. This means that every single transaction is secured by, and traceable to these networks. An attack on this system would require a simultaneous attack on all of the Interchained networks. 24 hours in 4 minutes (YouTube): 24 hours in 4 minutes The demonstration was of a single business system, and any user is able to scale this further, by running multiple systems simultaneously. Our goals for the event were to demonstrate a consistent capacity greater than that of Visa over an extended time period. Tooling to reproduce our demo is available here: https://github.com/dragonchain/spirit-bomb
Source code (for on & off-chain components as well tooling used for the PoC). The source code does not have to be shared publicly, but if Reddit decides to use a particular solution it will need to be shared with Reddit at some point.
Dragonchain’s architecture attacks the scalability issue from multiple angles. Dragonchain is a hybrid blockchain platform, wherein every transaction is protected on a business node to the requirements of that business or purpose. A business node may be held completely private or may be exposed or replicated to any level of exposure desired. Every node has its own blockchain and is independently scalable. Dragonchain established Context Based Verification as its consensus model. Every transaction is immediately usable on a trust basis, and in time is provable to an increasing level of decentralized consensus. A transaction will have a level of decentralization to independently owned and deployed Dragonchain nodes (~700 nodes) within seconds, and full decentralization to BTC and ETH within minutes or hours. Level 5 nodes (Interchain nodes) function to secure all transactions to public or otherwise external chains such as Bitcoin and Ethereum. These nodes scale the system by aggregating multiple blocks into a single Interchain transaction on a cadence. This timing is configurable based upon average fees for each respective chain. For detailed information about Dragonchain’s architecture, and Context Based Verification, please refer to the Dragonchain Architecture Document.
An interesting feature of Dragonchain’s network consensus is its economics and scarcity model. Since Dragon Net nodes (L2-L4) are independent staking nodes, deployment to cloud platforms would allow any of these nodes to scale to take on a large percentage of the verification work. This is great for scalability, but not good for the economy, because there is no scarcity, and pricing would develop a downward spiral and result in fewer verification nodes. For this reason, Dragonchain uses TIME as scarcity. TIME is calculated as the number of Dragons held, multiplied by the number of days held. TIME influences the user’s access to features within the Dragonchain ecosystem. It takes into account both the Dragon balance and length of time each Dragon is held. TIME is staked by users against every verification node and dictates how much of the transaction fees are awarded to each participating node for every block. TIME also dictates the transaction fee itself for the business node. TIME is staked against a business node to set a deterministic transaction fee level (see transaction fee table below in Cost section). This is very interesting in a discussion about scaling because it guarantees independence for business implementation. No matter how much traffic appears on the entire network, a business is guaranteed to not see an increased transaction fee rate.
Dragonchain uses Docker and Kubernetes to allow the use of best practices traditional system scaling. Dragonchain offers managed nodes with an easy to use web based console interface. The user may also deploy a Dragonchain node within their own datacenter or favorite cloud platform. Users have deployed Dragonchain nodes on-prem on Amazon AWS, Google Cloud, MS Azure, and other hosting platforms around the world. Any executable code, anything you can write, can be written into a smart contract. This flexibility is what allows us to say that developers with no blockchain experience can use any code language to access the benefits of blockchain. Customers have used NodeJS, Python, Java, and even BASH shell script to write smart contracts on Dragonchain. With Docker containers, we achieve better separation of concerns, faster deployment, higher reliability, and lower response times. We chose Kubernetes for its self-healing features, ability to run multiple services on one server, and its large and thriving development community. It is resilient, scalable, and automated. OpenFaaS allows us to package smart contracts as Docker images for easy deployment. Contract deployment time is now bounded only by the size of the Docker image being deployed but remains fast even for reasonably large images. We also take advantage of Docker’s flexibility and its ability to support any language that can run on x86 architecture. Any image, public or private, can be run as a smart contract using Dragonchain.
Flexibility in Scaling
Dragonchain’s architecture considers interoperability and integration as key features. From inception, we had a goal to increase adoption via integration with real business use cases and traditional systems. We envision the ability for Reddit, in the future, to be able to integrate alternate content storage platforms or other financial services along with the token.
LBRY - To allow users to deploy content natively to LBRY
MakerDAO to allow users to lend small amounts backed by their Reddit community points.
STORJ/SIA to allow decentralized on chain storage of portions of content. These integrations or any other are relatively easy to integrate on Dragonchain with an Interchain implementation.
Cost estimates (on-chain and off-chain) For the purpose of this proposal, we assume that all transactions are on chain (posts, replies, and votes).
On the Dragonchain network, transaction costs are deterministic/predictable. By staking TIME on the business node (as described above) Reddit can reduce transaction costs to as low as $0.0000025 per transaction. Dragonchain Fees Table
How to run it
Building on Dragonchain is simple and requires no blockchain experience. Spin up a business node (L1) in our managed environment (AWS), run it in your own cloud environment, or on-prem in your own datacenter. Clear documentation will walk you through the steps of spinning up your first Dragonchain Level 1 Business node. Getting started is easy...
Download Dragonchain’s dctl
Input three commands into a terminal
Build an image
More information can be found in our Get started documents.
Dragonchain is an open source hybrid platform. Through Dragon Net, each chain combines the power of a public blockchain (like Ethereum) with the privacy of a private blockchain. Dragonchain organizes its network into five separate levels. A Level 1, or business node, is a totally private blockchain only accessible through the use of public/private keypairs. All business logic, including smart contracts, can be executed on this node directly and added to the chain. After creating a block, the Level 1 business node broadcasts a version stripped of sensitive private data to Dragon Net. Three Level 2 Validating nodes validate the transaction based on guidelines determined from the business. A Level 3 Diversity node checks that the level 2 nodes are from a diverse array of locations. A Level 4 Notary node, hosted by a KYC partner, then signs the validation record received from the Level 3 node. The transaction hash is ledgered to the Level 5 public chain to take advantage of the hash power of massive public networks. Dragon Net can be thought of as a “blockchain of blockchains”, where every level is a complete private blockchain. Because an L1 can send to multiple nodes on a single level, proof of existence is distributed among many places in the network. Eventually, proof of existence reaches level 5 and is published on a public network.
Dragonchain is open source and even though the platform is easy enough for developers to code in any language they are comfortable with, we do not have so large a developer community as Ethereum. We would like to see the Ethereum developer community (and any other communities) become familiar with our SDK’s, our solutions, and our platform, to unlock the full potential of our Ethereum Interchain. Long ago we decided to prioritize both Bitcoin and Ethereum Interchains. We envision an ecosystem that encompasses different projects to give developers the ability to take full advantage of all the opportunities blockchain offers to create decentralized solutions not only for Reddit but for all of our current platforms and systems. We believe that together we will take the adoption of blockchain further. We currently have additional Interchain with Ethereum Classic. We look forward to Interchain with other blockchains in the future. We invite all blockchains projects who believe in decentralization and security to Interchain with Dragonchain.
While we only have 700 nodes compared to 8,000 Ethereum and 10,000 Bitcoin nodes. We harness those 18,000 nodes to scale to extremely high levels of security. See Dragonchain metrics.
Some may consider the centralization of Dragonchain’s business nodes as an issue at first glance, however, the model is by design to protect business data. We do not consider this a drawback as these nodes can make any, none, or all data public. Depending upon the implementation, every subreddit could have control of its own business node, for potential business and enterprise offerings, bringing new alternative revenue streams to Reddit.
Costs and resources
Summary of cost & resource information for both on-chain & off-chain components used in the PoC, as well as cost & resource estimates for further scaling. If your PoC is not on mainnet, make note of any mainnet caveats (such as congestion issues).
Every transaction on the PoC system had a transaction fee of $0.0001 (one-hundredth of a cent USD). At 256MM transactions, the demo cost $25,600. With current operational fees, the same demonstration would cost $640 USD. For the demonstration, to achieve throughput to mimic a worldwide payments network, we modeled several clients in AWS and 4-5 business nodes to handle the traffic. The business nodes were tuned to handle higher throughput by adjusting memory and machine footprint on AWS. This flexibility is valuable to implementing a system such as envisioned by Reddit. Given that Reddit’s daily traffic (posts, replies, and votes) is less than half that of our demo, we would expect that the entire Reddit system could be handled on 2-5 business nodes using right-sized containers on AWS or similar environments. Verification was accomplished on the operational Dragon Net network with over 700 independently owned verification nodes running around the world at no cost to the business other than paid transaction fees.
This PoC should scale to the numbers below with minimal costs (both on & off-chain). There should also be a clear path to supporting hundreds of millions of users. Over a 5 day period, your scaling PoC should be able to handle: *100,000 point claims (minting & distributing points) *25,000 subscriptions *75,000 one-off points burning *100,000 transfers
During Dragonchain’s 24 hour demo, the above required numbers were reached within the first few minutes. Reddit’s total activity is 9000% more than Ethereum’s total transaction level. Even if you do not include votes, it is still 700% more than Ethereum’s current volume. Dragonchain has demonstrated that it can handle 250 million transactions a day, and it’s architecture allows for multiple systems to work at that level simultaneously. In our PoC, we demonstrate double the full capacity of Reddit, and every transaction was proven all the way to Bitcoin and Ethereum. Reddit Scaling on Ethereum
Solutions should not depend on any single third-party provider. We prefer solutions that do not depend on specific entities such as Reddit or another provider, and solutions with no single point of control or failure in off-chain components but recognize there are numerous trade-offs to consider
Dragonchain’s architecture calls for a hybrid approach. Private business nodes hold the sensitive data while the validation and verification of transactions for the business are decentralized within seconds and secured to public blockchains within 10 minutes to 2 hours. Nodes could potentially be controlled by owners of individual subreddits for more organic decentralization.
Billing is currently centralized - there is a path to federation and decentralization of a scaled billing solution.
Operational on-premises capabilities
Operational deployment to any datacenter
Over 700 independent Community Verification Nodes with proof of ownership
Operational Interchain (Interoperable to Bitcoin, Ethereum, and Ethereum Classic, open to more)
Usability Scaling solutions should have a simple end user experience.
Users shouldn't have to maintain any extra state/proofs, regularly monitor activity, keep track of extra keys, or sign anything other than their normal transactions
Dragonchain and its customers have demonstrated extraordinary usability as a feature in many applications, where users do not need to know that the system is backed by a live blockchain. Lyceum is one of these examples, where the progress of academy courses is being tracked, and successful completion of courses is rewarded with certificates on chain. Our @Save_The_Tweet bot is popular on Twitter. When used with one of the following hashtags - #please, #blockchain, #ThankYou, or #eternalize the tweet is saved through Eternal to multiple blockchains. A proof report is available for future reference. Other examples in use are DEN, our decentralized social media platform, and our console, where users can track their node rewards, view their TIME, and operate a business node. Examples:
Transactions complete in a reasonable amount of time (seconds or minutes, not hours or days)
All transactions are immediately usable on chain by the system. A transaction begins the path to decentralization at the conclusion of a 5-second block when it gets distributed across 5 separate community run nodes. Full decentralization occurs within 10 minutes to 2 hours depending on which interchain (Bitcoin, Ethereum, or Ethereum Classic) the transaction hits first. Within approximately 2 hours, the combined hash power of all interchained blockchains secures the transaction.
Free to use for end users (no gas fees, or fixed/minimal fees that Reddit can pay on their behalf)
With transaction pricing as low as $0.0000025 per transaction, it may be considered reasonable for Reddit to cover transaction fees for users. All of Reddit's Transactions on Blockchain (month) Community points can be earned by users and distributed directly to their Reddit account in batch (as per Reddit minting plan), and allow users to withdraw rewards to their Ethereum wallet whenever they wish. Withdrawal fees can be paid by either user or Reddit. This model has been operating inside the Dragonchain system since 2018, and many security and financial compliance features can be optionally added. We feel that this capability greatly enhances user experience because it is seamless to a regular user without cryptocurrency experience, yet flexible to a tech savvy user. With regard to currency or token transactions, these would occur on the Reddit network, verified to BTC and ETH. These transactions would incur the $0.0000025 transaction fee. To estimate this fee we use the monthly active Reddit users statista with a 60% adoption rate and an estimated 10 transactions per month average resulting in an approximate $720 cost across the system. Reddit could feasibly incur all associated internal network charges (mining/minting, transfer, burn) as these are very low and controllable fees. Reddit Internal Token Transaction Fees Reddit Ethereum Token Transaction Fees When we consider further the Ethereum fees that might be incurred, we have a few choices for a solution.
Offload all Ethereum transaction fees (user withdrawals) to interested users as they wish to withdraw tokens for external use or sale.
Cover Ethereum transaction fees by aggregating them on a timed schedule. Users would request withdrawal (from Reddit or individual subreddits), and they would be transacted on the Ethereum network every hour (or some other schedule).
In a combination of the above, customers could cover aggregated fees.
Integrate with alternate Ethereum roll up solutions or other proposals to aggregate minting and distribution transactions onto Ethereum.
Users should be able to view their balances & transactions via a blockchain explorer-style interface
From interfaces for users who have no knowledge of blockchain technology to users who are well versed in blockchain terms such as those present in a typical block explorer, a system powered by Dragonchain has flexibility on how to provide balances and transaction data to users. Transactions can be made viewable in an Eternal Proof Report, which displays raw data along with TIME staking information and traceability all the way to Bitcoin, Ethereum, and every other Interchained network. The report shows fields such as transaction ID, timestamp, block ID, multiple verifications, and Interchain proof. See example here. Node payouts within the Dragonchain console are listed in chronological order and can be further seen in either Dragons or USD. See example here. In our social media platform, Dragon Den, users can see, in real-time, their NRG and MTR balances. See example here. A new influencer app powered by Dragonchain, Raiinmaker, breaks down data into a user friendly interface that shows coin portfolio, redeemed rewards, and social scores per campaign. See example here.
Exiting is fast & simple
Withdrawing funds on Dragonchain’s console requires three clicks, however, withdrawal scenarios with more enhanced security features per Reddit’s discretion are obtainable.
Interoperability Compatibility with third party apps (wallets/contracts/etc) is necessary.
Proven interoperability at scale that surpasses the required specifications. Our entire platform consists of interoperable blockchains connected to each other and traditional systems. APIs are well documented. Third party permissions are possible with a simple smart contract without the end user being aware. No need to learn any specialized proprietary language. Any code base (not subsets) is usable within a Docker container. Interoperable with any blockchain or traditional APIs. We’ve witnessed relatively complex systems built by engineers with no blockchain or cryptocurrency experience. We’ve also demonstrated the creation of smart contracts within minutes built with BASH shell and Node.js. Please see our source code and API documentation.
Scaling solutions should be extensible and allow third parties to build on top of it Open source and extensible APIs should be well documented and stable
Third-party permissionless integrations should be possible & straightforward Smart contracts are Docker based, can be written in any language, use full language (not subsets), and can therefore be integrated with any system including traditional system APIs. Simple is better. Learning an uncommon or proprietary language should not be necessary.
Advanced knowledge of mathematics, cryptography, or L2 scaling should not be required. Compatibility with common utilities & toolchains is expected. Dragonchain business nodes and smart contracts leverage Docker to allow the use of literally any language or executable code. No proprietary language is necessary. We’ve witnessed relatively complex systems built by engineers with no blockchain or cryptocurrency experience. We’ve also demonstrated the creation of smart contracts within minutes built with BASH shell and Node.js.
Bonus Points: Show us how it works. Do you have an idea for a cool new use case for Community Points? Build it!
Community points could be awarded to Reddit users based upon TIME too, whereas the longer someone is part of a subreddit, the more community points someone naturally gained, even if not actively commenting or sharing new posts. A daily login could be required for these community points to be credited. This grants awards to readers too and incentivizes readers to create an account on Reddit if they browse the website often. This concept could also be leveraged to provide some level of reputation based upon duration and consistency of contribution to a community subreddit.
Dragonchain has already built a social media platform that harnesses community involvement. Dragon Den is a decentralized community built on the Dragonchain blockchain platform. Dragon Den is Dragonchain’s answer to fake news, trolling, and censorship. It incentivizes the creation and evaluation of quality content within communities. It could be described as being a shareholder of a subreddit or Reddit in its entirety. The more your subreddit is thriving, the more rewarding it will be. Den is currently in a public beta and in active development, though the real token economy is not live yet. There are different tokens for various purposes. Two tokens are Lair Ownership Rights (LOR) and Lair Ownership Tokens (LOT). LOT is a non-fungible token for ownership of a specific Lair. LOT will only be created and converted from LOR. Energy (NRG) and Matter (MTR) work jointly. Your MTR determines how much NRG you receive in a 24-hour period. Providing quality content, or evaluating content will earn MTR.
Security. Users have full ownership & control of their points.
All community points awarded based upon any type of activity or gift, are secured and provable to all Interchain networks (currently BTC, ETH, ETC). Users are free to spend and withdraw their points as they please, depending on the features Reddit wants to bring into production.
Balances and transactions cannot be forged, manipulated, or blocked by Reddit or anyone else
Users can withdraw their balance to their ERC20 wallet, directly through Reddit. Reddit can cover the fees on their behalf, or the user covers this with a portion of their balance.
Users should own their points and be able to get on-chain ERC20 tokens without permission from anyone else
Through our console users can withdraw their ERC20 rewards. This can be achieved on Reddit too. Here is a walkthrough of our console, though this does not show the quick withdrawal functionality, a user can withdraw at any time. https://www.youtube.com/watch?v=aNlTMxnfVHw
Points should be recoverable to on-chain ERC20 tokens even if all third-parties involved go offline
If necessary, signed transactions from the Reddit system (e.g. Reddit + Subreddit) can be sent to the Ethereum smart contract for minting.
A public, third-party review attesting to the soundness of the design should be available
To our knowledge, at least two large corporations, including a top 3 accounting firm, have conducted positive reviews. These reviews have never been made public, as Dragonchain did not pay or contract for these studies to be released.
Bonus points Public, third-party implementation review available or in progress
Compatibility with HSMs & hardware wallets
For the purpose of this proposal, all tokenization would be on the Ethereum network using standard token contracts and as such, would be able to leverage all hardware wallet and Ethereum ecosystem services.
Minting/distributing tokens is not performed by Reddit directly
This operation can be automated by smart contract on Ethereum. Subreddits can if desired have a role to play.
One off point burning, as well as recurring, non-interactive point burning (for subreddit memberships) should be possible and scalable
This is possible and scalable with interaction between Dragonchain Reddit system and Ethereum token contract(s).
Fully open-source solutions are strongly preferred
Dragonchain is fully open source (see section on Disney release after conclusion).
Whether it is today, or in the future, we would like to work together to bring secure flexibility to the highest standards. It is our hope to be considered by Ethereum, Reddit, and other integrative solutions so we may further discuss the possibilities of implementation. In our public demonstration, 256 million transactions were handled in our operational network on chain in 24 hours, for the low cost of $25K, which if run today would cost $625. Dragonchain’s interoperable foundation provides the atmosphere necessary to implement a frictionless community points system. Thank you for your consideration of our proposal. We look forward to working with the community to make something great!
Disney Releases Blockchain Platform as Open Source
The team at Disney created the Disney Private Blockchain Platform. The system was a hybrid interoperable blockchain platform for ledgering and smart contract development geared toward solving problems with blockchain adoption and usability. All objective evaluation would consider the team’s output a success. We released a list of use cases that we explored in some capacity at Disney, and our input on blockchain standardization as part of our participation in the W3C Blockchain Community Group. https://lists.w3.org/Archives/Public/public-blockchain/2016May/0052.html
In 2016, Roets proposed to release the platform as open source to spread the technology outside of Disney, as others within the W3C group were interested in the solutions that had been created inside of Disney. Following a long process, step by step, the team met requirements for release. Among the requirements, the team had to:
Obtain VP support and approval for the release
Verify ownership of the software to be released
Verify that no proprietary content would be released
Convince the organization that there was a value to the open source community
Convince the organization that there was a value to Disney
Offer the plan for ongoing maintenance of the project outside of Disney
Itemize competing projects
Verify no conflict of interest
Change the project name to not use the name Disney, any Disney character, or any other associated IP - proposed Dragonchain - approved
Obtain legal approval
Approval from corporate, parks, and other business units
Approval from multiple Disney patent groups Copyright holder defined by Disney (Disney Connected and Advanced Technologies)
Trademark searches conducted for the selected name Dragonchain
Obtain IT security approval
Manual review of OSS components conducted
OWASP Dependency and Vulnerability Check Conducted
Obtain technical (software) approval
Offer management, process, and financial plans for the maintenance of the project.
Meet list of items to be addressed before release
Remove all Disney project references and scripts
Create a public distribution list for email communications
Remove Roets’ direct and internal contact information
Create public Slack channel and move from Disney slack channels
Create proper labels for issue tracking
Rename internal private Github repository
Add informative description to Github page
Expand README.md with more specific information
Add information beyond current “Blockchains are Magic”
Add getting started sections and info on cloning/forking the project
Add installation details
Add uninstall process
Add unit, functional, and integration test information
Detail how to contribute and get involved
Describe the git workflow that the project will use
Move to public, non-Disney git repository (Github or Bitbucket)
Obtain Disney Open Source Committee approval for release
On top of meeting the above criteria, as part of the process, the maintainer of the project had to receive the codebase on their own personal email and create accounts for maintenance (e.g. Github) with non-Disney accounts. Given the fact that the project spanned multiple business units, Roets was individually responsible for its ongoing maintenance. Because of this, he proposed in the open source application to create a non-profit organization to hold the IP and maintain the project. This was approved by Disney. The Disney Open Source Committee approved the application known as OSSRELEASE-10, and the code was released on October 2, 2016. Disney decided to not issue a press release. Original OSSRELASE-10 document
https://preview.redd.it/al1gy9t9v9q51.png?width=424&format=png&auto=webp&s=b29a60402d30576a4fd95f592b392fae202026ca Hopefully any questions you have will be answered by the resources below, but if you have additional questions feel free to ask them in the comments. If you're quite technically-minded, the Zano whitepaper gives a thorough overview of Zano's design and its main features. So, what is Zano? In brief, Zano is a project started by the original developers of CryptoNote. Coins with market caps totalling well over a billion dollars (Monero, Haven, Loki and countless others) run upon the codebase they created. Zano is a continuation of their efforts to create the "perfect money", and brings a wealth of enhancements to their original CryptoNote code. Development happens at a lightning pace, as the Github activity shows, but Zano is still very much a work-in-progress. Let's cut right to it: Here's why you should pay attention to Zano over the next 12-18 months. Quoting from a recent update:
Anton Sokolov has recently joined the Zano team. ... For the last months Anton has been working on theoretical work dedicated to log-size ring signatures. These signatures theoretically allows for a logarithmic relationship between the number of decoys and the size/performance of transactions. This means that we can set mixins at a level from up to 1000, keeping the reasonable size and processing speed of transactions. This will take Zano’s privacy to a whole new level, and we believe this technology will turn out to be groundbreaking!
If successful, this scheme will make Zano the most private, powerful and performant CryptoNote implementation on the planet. Bar none. A quantum leap in privacy with a minimal increase in resource usage. And if there's one team capable of pulling it off, it's this one.
What else makes Zano special?
You mean aside from having "the Godfather of CryptoNote" as the project lead? ;) Actually, the calibre of the developers/researchers at Zano probably is the project's single greatest strength. Drawing on years of experience, they've made careful design choices, optimizing performance with an asynchronous core architecture, and flexibility and extensibility with a modular code structure. This means that the developers are able to build and iterate fast, refining features and adding new ones at a rate that makes bigger and better-funded teams look sluggish at best. Zano also has some unique features that set it apart from similar projects: Privacy Firstly, if you're familiar with CryptoNote you won't be surprised that Zano transactions are private. The perfect money is fungible, and therefore must be untraceable. Bitcoin, for the most part, does little to hide your transaction data from unscrupulous observers. With Zano, privacy is the default. The untraceability and unlinkability of Zano transactions come from its use of ring signatures and stealth addresses. What this means is that no outside observer is able to tell if two transactions were sent to the same address, and for each transaction there is a set of possible senders that make it impossible to determine who the real sender is. Hybrid PoW-PoS consensus mechanism Zano achieves an optimal level of security by utilizing both Proof of Work and Proof of Stake for consensus. By combining the two systems, it mitigates their individual vulnerabilities (see 51% attack and "nothing at stake" problem). For an attack on Zano to have even a remote chance of success the attacker would have to obtain not only a majority of hashing power, but also a majority of the coins involved in staking. The system and its design considerations are discussed at length in the whitepaper. Aliases Here's a stealth address: ZxDdULdxC7NRFYhCGdxkcTZoEGQoqvbZqcDHj5a7Gad8Y8wZKAGZZmVCUf9AvSPNMK68L8r8JfAfxP4z1GcFQVCS2Jb9wVzoe. I have a hard enough time remembering my phone number. Fortunately, Zano has an alias system that lets you register an address to a human-readable name. (@orsonj if you want to anonymously buy me a coffee) Multisig Multisignature (multisig) refers to requiring multiple keys to authorize a Zano transaction. It has a number of applications, such as dividing up responsibility for a single Zano wallet among multiple parties, or creating backups where loss of a single seed doesn't lead to loss of the wallet. Multisig and escrow are key components of the planned Decentralized Marketplace (see below), so consideration was given to each of them from the design stages. Thus Zano's multisig, rather than being tagged on at the wallet-level as an afterthought, is part of its its core architecture being incorporated at the protocol level. This base-layer integration means months won't be spent in the future on complicated refactoring efforts in order to integrate multisig into a codebase that wasn't designed for it. Plus, it makes it far easier for third-party developers to include multisig (implemented correctly) in any Zano wallets and applications they create in the future. (Double Deposit MAD) Escrow With Zano's escrow service you can create fully customizable p2p contracts that are designed to, once signed by participants, enforce adherence to their conditions in such a way that no trusted third-party escrow agent is required. https://preview.redd.it/jp4oghyhv9q51.png?width=1762&format=png&auto=webp&s=12a1e76f76f902ed328886283050e416db3838a5 The Particl project, aside from a couple of minor differences, uses an escrow scheme that works the same way, so I've borrowed the term they coined ("Double Deposit MAD Escrow") as I think it describes the scheme perfectly. The system requires participants to make additional deposits, which they will forfeit if there is any attempt to act in a way that breaches the terms of the contract. Full details can be found in the Escrow section of the whitepaper. The usefulness of multisig and the escrow system may not seem obvious at first, but as mentioned before they'll form the backbone of Zano's Decentralized Marketplace service (described in the next section).
What does the future hold for Zano?
The planned upgrade to Zano's privacy, mentioned at the start, is obviously one of the most exciting things the team is working on, but it's not the only thing. Zano Roadmap Decentralized Marketplace From the beginning, the Zano team's goal has been to create the perfect money. And money can't just be some vehicle for speculative investment, money must be used. To that end, the team have created a set of tools to make it as simple as possible for Zano to be integrated into eCommerce platforms. Zano's API’s and plugins are easy to use, allowing even those with very little coding experience to use them in their E-commerce-related ventures. The culmination of this effort will be a full Decentralized Anonymous Marketplace built on top of the Zano blockchain. Rather than being accessed via the wallet, it will act more as a service - Marketplace as a Service (MAAS) - for anyone who wishes to use it. The inclusion of a simple "snippet" of code into a website is all that's needed to become part a global decentralized, trustless and private E-commerce network. Atomic Swaps Just as Zano's marketplace will allow you to transact without needing to trust your counterparty, atomic swaps will let you to easily convert between Zano and other cyryptocurrencies without having to trust a third-party service such as a centralized exchange. On top of that, it will also lead to the way to Zano's inclusion in the many decentralized exchange (DEX) services that have emerged in recent years.
Where can I buy Zano?
Zano's currently listed on the following exchanges: https://coinmarketcap.com/currencies/zano/markets/ It goes without saying, neither I nor the Zano team work for any of the exchanges or can vouch for their reliability. Use at your own risk and never leave coins on a centralized exchange for longer than necessary. Your keys, your coins! If you have any old graphics cards lying around(both AMD & NVIDIA), then Zano is also mineable through its unique ProgPowZ algorithm. Here's a guide on how to get started. Once you have some Zano, you can safely store it in one of the desktop or mobile wallets (available for all major platforms).
How can I support Zano?
Zano has no marketing department, which is why this post has been written by some guy and not the "Chief Growth Engineer @ Zano Enterprises". The hard part is already done: there's a team of world class developers and researchers gathered here. But, at least at the current prices, the team's funds are enough to cover the cost of development and little more. So the job of publicizing the project falls to the community. If you have any experience in community building/growth hacking at another cryptocurrency or open source project, or if you're a Zano holder who would like to ensure the project's long-term success by helping to spread the word, then send me a pm. We need to get organized. Researchers and developers are also very welcome. Working at the cutting edge of mathematics and cryptography means Zano provides challenging and rewarding work for anyone in those fields. Please contact the project's Community Manager u/Jed_T if you're interested in joining the team. Social Links: Twitter Discord Server Telegram Group Medium blog I'll do my best to keep this post accurate and up to date. Message me please with any suggested improvements and leave any questions you have below. Welcome to the Zano community and the new decentralizedprivateeconomy!
Summary: Everyone knows that when you give your assets to someone else, they always keep them safe. If this is true for individuals, it is certainly true for businesses. Custodians always tell the truth and manage funds properly. They won't have any interest in taking the assets as an exchange operator would. Auditors tell the truth and can't be misled. That's because organizations that are regulated are incapable of lying and don't make mistakes. First, some background. Here is a summary of how custodians make us more secure: Previously, we might give Alice our crypto assets to hold. There were risks:
Alice might take the assets and disappear.
Alice might spend the assets and pretend that she still has them (fractional model).
Alice might store the assets insecurely and they'll get stolen.
Alice might give the assets to someone else by mistake or by force.
Alice might lose access to the assets.
But "no worries", Alice has a custodian named Bob. Bob is dressed in a nice suit. He knows some politicians. And he drives a Porsche. "So you have nothing to worry about!". And look at all the benefits we get:
Alice can't take the assets and disappear (unless she asks Bob or never gives them to Bob).
Alice can't spend the assets and pretend that she still has them. (Unless she didn't give them to Bob or asks him for them.)
Alice can't store the assets insecurely so they get stolen. (After all - she doesn't have any control over the withdrawal process from any of Bob's systems, right?)
Alice can't give the assets to someone else by mistake or by force. (Bob will stop her, right Bob?)
Alice can't lose access to the funds. (She'll always be present, sane, and remember all secrets, right?)
See - all problems are solved! All we have to worry about now is:
Bob might take the assets and disappear.
Bob might spend the assets and pretend that he still has them (fractional model).
Bob might store the assets insecurely and they'll get stolen.
Bob might give the assets to someone else by mistake or by force.
Bob might lose access to the assets.
It's pretty simple. Before we had to trust Alice. Now we only have to trust Alice, Bob, and all the ways in which they communicate. Just think of how much more secure we are! "On top of that", Bob assures us, "we're using a special wallet structure". Bob shows Alice a diagram. "We've broken the balance up and store it in lots of smaller wallets. That way", he assures her, "a thief can't take it all at once". And he points to a historic case where a large sum was taken "because it was stored in a single wallet... how stupid". "Very early on, we used to have all the crypto in one wallet", he said, "and then one Christmas a hacker came and took it all. We call him the Grinch. Now we individually wrap each crypto and stick it under a binary search tree. The Grinch has never been back since." "As well", Bob continues, "even if someone were to get in, we've got insurance. It covers all thefts and even coercion, collusion, and misplaced keys - only subject to the policy terms and conditions." And with that, he pulls out a phone-book sized contract and slams it on the desk with a thud. "Yep", he continues, "we're paying top dollar for one of the best policies in the country!" "Can I read it?' Alice asks. "Sure," Bob says, "just as soon as our legal team is done with it. They're almost through the first chapter." He pauses, then continues. "And can you believe that sales guy Mike? He has the same year Porsche as me. I mean, what are the odds?" "Do you use multi-sig?", Alice asks. "Absolutely!" Bob replies. "All our engineers are fully trained in multi-sig. Whenever we want to set up a new wallet, we generate 2 separate keys in an air-gapped process and store them in this proprietary system here. Look, it even requires the biometric signature from one of our team members to initiate any withdrawal." He demonstrates by pressing his thumb into the display. "We use a third-party cloud validation API to match the thumbprint and authorize each withdrawal. The keys are also backed up daily to an off-site third-party." "Wow that's really impressive," Alice says, "but what if we need access for a withdrawal outside of office hours?" "Well that's no issue", Bob says, "just send us an email, call, or text message and we always have someone on staff to help out. Just another part of our strong commitment to all our customers!" "What about Proof of Reserve?", Alice asks. "Of course", Bob replies, "though rather than publish any blockchain addresses or signed transaction, for privacy we just do a SHA256 refactoring of the inverse hash modulus for each UTXO nonce and combine the smart contract coefficient consensus in our hyperledger lightning node. But it's really simple to use." He pushes a button and a large green checkmark appears on a screen. "See - the algorithm ran through and reserves are proven." "Wow", Alice says, "you really know your stuff! And that is easy to use! What about fiat balances?" "Yeah, we have an auditor too", Bob replies, "Been using him for a long time so we have quite a strong relationship going! We have special books we give him every year and he's very efficient! Checks the fiat, crypto, and everything all at once!" "We used to have a nice offline multi-sig setup we've been using without issue for the past 5 years, but I think we'll move all our funds over to your facility," Alice says. "Awesome", Bob replies, "Thanks so much! This is perfect timing too - my Porsche got a dent on it this morning. We have the paperwork right over here." "Great!", Alice replies. And with that, Alice gets out her pen and Bob gets the contract. "Don't worry", he says, "you can take your crypto-assets back anytime you like - just subject to our cancellation policy. Our annual management fees are also super low and we don't adjust them often". How many holes have to exist for your funds to get stolen? Just one. Why are we taking a powerful offline multi-sig setup, widely used globally in hundreds of different/lacking regulatory environments with 0 breaches to date, and circumventing it by a demonstrably weak third party layer? And paying a great expense to do so? If you go through the list of breaches in the past 2 years to highly credible organizations, you go through the list of major corporate frauds (only the ones we know about), you go through the list of all the times platforms have lost funds, you go through the list of times and ways that people have lost their crypto from identity theft, hot wallet exploits, extortion, etc... and then you go through this custodian with a fine-tooth comb and truly believe they have value to add far beyond what you could, sticking your funds in a wallet (or set of wallets) they control exclusively is the absolute worst possible way to take advantage of that security. The best way to add security for crypto-assets is to make a stronger multi-sig. With one custodian, what you are doing is giving them your cryptocurrency and hoping they're honest, competent, and flawlessly secure. It's no different than storing it on a really secure exchange. Maybe the insurance will cover you. Didn't work for Bitpay in 2015. Didn't work for Yapizon in 2017. Insurance has never paid a claim in the entire history of cryptocurrency. But maybe you'll get lucky. Maybe your exact scenario will buck the trend and be what they're willing to cover. After the large deductible and hopefully without a long and expensive court battle. And you want to advertise this increase in risk, the lapse of judgement, an accident waiting to happen, as though it's some kind of benefit to customers ("Free institutional-grade storage for your digital assets.")? And then some people are writing to the OSC that custodians should be mandatory for all funds on every exchange platform? That this somehow will make Canadians as a whole more secure or better protected compared with standard air-gapped multi-sig? On what planet? Most of the problems in Canada stemmed from one thing - a lack of transparency. If Canadians had known what a joke Quadriga was - it wouldn't have grown to lose $400m from hard-working Canadians from coast to coast to coast. And Gerald Cotten would be in jail, not wherever he is now (at best, rotting peacefully). EZ-BTC and mister Dave Smilie would have been a tiny little scam to his friends, not a multi-million dollar fraud. Einstein would have got their act together or been shut down BEFORE losing millions and millions more in people's funds generously donated to criminals. MapleChange wouldn't have even been a thing. And maybe we'd know a little more about CoinTradeNewNote - like how much was lost in there. Almost all of the major losses with cryptocurrency exchanges involve deception with unbacked funds. So it's great to see transparency reports from BitBuy and ShakePay where someone independently verified the backing. The only thing we don't have is:
ANY CERTAINTY BALANCES WEREN'T EXCLUDED. Quadriga's largest account was $70m. 80% of funds are in 20% of accounts (Pareto principle). All it takes is excluding a few really large accounts - and nobody's the wiser. A fractional platform can easily pass any audit this way.
ANY VISIBILITY WHATSOEVER INTO THE CUSTODIANS. BitBuy put out their report before moving all the funds to their custodian and ShakePay apparently can't even tell us who the custodian is. That's pretty important considering that basically all of the funds are now stored there.
ANY IDEA ABOUT THE OTHER EXCHANGES. In order for this to be effective, it has to be the norm. It needs to be "unusual" not to know. If obscurity is the norm, then it's super easy for people like Gerald Cotten and Dave Smilie to blend right in.
It's not complicated to validate cryptocurrency assets. They need to exist, they need to be spendable, and they need to cover the total balances. There are plenty of credible people and firms across the country that have the capacity to reasonably perform this validation. Having more frequent checks by different, independent, parties who publish transparent reports is far more valuable than an annual check by a single "more credible/official" party who does the exact same basic checks and may or may not publish anything. Here's an example set of requirements that could be mandated:
First report within 1 month of launching, another within 3 months, and further reports at minimum every 6 months thereafter.
No auditor can be repeated within a 12 month period.
All reports must be public, identifying the auditor and the full methodology used.
All auditors must be independent of the firm being audited with no conflict of interest.
Reports must include the percentage of each asset backed, and how it's backed.
The auditor publishes a hash list, which lists a hash of each customer's information and balances that were included. Hash is one-way encryption so privacy is fully preserved. Every customer can use this to have 100% confidence they were included.
If we want more extensive requirements on audits, these should scale upward based on the total assets at risk on the platform, and whether the platform has loaned their assets out.
There are ways to structure audits such that neither crypto assets nor customer information are ever put at risk, and both can still be properly validated and publicly verifiable. There are also ways to structure audits such that they are completely reasonable for small platforms and don't inhibit innovation in any way. By making the process as reasonable as possible, we can completely eliminate any reason/excuse that an honest platform would have for not being audited. That is arguable far more important than any incremental improvement we might get from mandating "the best of the best" accountants. Right now we have nothing mandated and tons of Canadians using offshore exchanges with no oversight whatsoever. Transparency does not prove crypto assets are safe. CoinTradeNewNote, Flexcoin ($600k), and Canadian Bitcoins ($100k) are examples where crypto-assets were breached from platforms in Canada. All of them were online wallets and used no multi-sig as far as any records show. This is consistent with what we see globally - air-gapped multi-sig wallets have an impeccable record, while other schemes tend to suffer breach after breach. We don't actually know how much CoinTrader lost because there was no visibility. Rather than publishing details of what happened, the co-founder of CoinTrader silently moved on to found another platform - the "most trusted way to buy and sell crypto" - a site that has no information whatsoever (that I could find) on the storage practices and a FAQ advising that “[t]rading cryptocurrency is completely safe” and that having your own wallet is “entirely up to you! You can certainly keep cryptocurrency, or fiat, or both, on the app.” Doesn't sound like much was learned here, which is really sad to see. It's not that complicated or unreasonable to set up a proper hardware wallet. Multi-sig can be learned in a single course. Something the equivalent complexity of a driver's license test could prevent all the cold storage exploits we've seen to date - even globally. Platform operators have a key advantage in detecting and preventing fraud - they know their customers far better than any custodian ever would. The best job that custodians can do is to find high integrity individuals and train them to form even better wallet signatories. Rather than mandating that all platforms expose themselves to arbitrary third party risks, regulations should center around ensuring that all signatories are background-checked, properly trained, and using proper procedures. We also need to make sure that signatories are empowered with rights and responsibilities to reject and report fraud. They need to know that they can safely challenge and delay a transaction - even if it turns out they made a mistake. We need to have an environment where mistakes are brought to the surface and dealt with. Not one where firms and people feel the need to hide what happened. In addition to a knowledge-based test, an auditor can privately interview each signatory to make sure they're not in coercive situations, and we should make sure they can freely and anonymously report any issues without threat of retaliation. A proper multi-sig has each signature held by a separate person and is governed by policies and mutual decisions instead of a hierarchy. It includes at least one redundant signature. For best results, 3of4, 3of5, 3of6, 4of5, 4of6, 4of7, 5of6, or 5of7. History has demonstrated over and over again the risk of hot wallets even to highly credible organizations. Nonetheless, many platforms have hot wallets for convenience. While such losses are generally compensated by platforms without issue (for example Poloniex, Bitstamp, Bitfinex, Gatecoin, Coincheck, Bithumb, Zaif, CoinBene, Binance, Bitrue, Bitpoint, Upbit, VinDAX, and now KuCoin), the public tends to focus more on cases that didn't end well. Regardless of what systems are employed, there is always some level of risk. For that reason, most members of the public would prefer to see third party insurance. Rather than trying to convince third party profit-seekers to provide comprehensive insurance and then relying on an expensive and slow legal system to enforce against whatever legal loopholes they manage to find each and every time something goes wrong, insurance could be run through multiple exchange operators and regulators, with the shared interest of having a reputable industry, keeping costs down, and taking care of Canadians. For example, a 4 of 7 multi-sig insurance fund held between 5 independent exchange operators and 2 regulatory bodies. All Canadian exchanges could pay premiums at a set rate based on their needed coverage, with a higher price paid for hot wallet coverage (anything not an air-gapped multi-sig cold wallet). Such a model would be much cheaper to manage, offer better coverage, and be much more reliable to payout when needed. The kind of coverage you could have under this model is unheard of. You could even create something like the CDIC to protect Canadians who get their trading accounts hacked if they can sufficiently prove the loss is legitimate. In cases of fraud, gross negligence, or insolvency, the fund can be used to pay affected users directly (utilizing the last transparent balance report in the worst case), something which private insurance would never touch. While it's recommended to have official policies for coverage, a model where members vote would fully cover edge cases. (Could be similar to the Supreme Court where justices vote based on case law.) Such a model could fully protect all Canadians across all platforms. You can have a fiat coverage governed by legal agreements, and crypto-asset coverage governed by both multi-sig and legal agreements. It could be practical, affordable, and inclusive. Now, we are at a crossroads. We can happily give up our freedom, our innovation, and our money. We can pay hefty expenses to auditors, lawyers, and regulators year after year (and make no mistake - this cost will grow to many millions or even billions as the industry grows - and it will be borne by all Canadians on every platform because platforms are not going to eat up these costs at a loss). We can make it nearly impossible for any new platform to enter the marketplace, forcing Canadians to use the same stagnant platforms year after year. We can centralize and consolidate the entire industry into 2 or 3 big players and have everyone else fail (possibly to heavy losses of users of those platforms). And when a flawed security model doesn't work and gets breached, we can make it even more complicated with even more people in suits making big money doing the job that blockchain was supposed to do in the first place. We can build a system which is so intertwined and dependent on big government, traditional finance, and central bankers that it's future depends entirely on that of the fiat system, of fractional banking, and of government bail-outs. If we choose this path, as history has shown us over and over again, we can not go back, save for revolution. Our children and grandchildren will still be paying the consequences of what we decided today. Or, we can find solutions that work. We can maintain an open and innovative environment while making the adjustments we need to make to fully protect Canadian investors and cryptocurrency users, giving easy and affordable access to cryptocurrency for all Canadians on the platform of their choice, and creating an environment in which entrepreneurs and problem solvers can bring those solutions forward easily. None of the above precludes innovation in any way, or adds any unreasonable cost - and these three policies would demonstrably eliminate or resolve all 109 historic cases as studied here - that's every single case researched so far going back to 2011. It includes every loss that was studied so far not just in Canada but globally as well. Unfortunately, finding answers is the least challenging part. Far more challenging is to get platform operators and regulators to agree on anything. My last post got no response whatsoever, and while the OSC has told me they're happy for industry feedback, I believe my opinion alone is fairly meaningless. This takes the whole community working together to solve. So please let me know your thoughts. Please take the time to upvote and share this with people. Please - let's get this solved and not leave it up to other people to do. Facts/background/sources (skip if you like):
The inspiration for the paragraph about splitting wallets was an actual quote from a Canadian company providing custodial services in response to the OSC consultation paper: "We believe that it will be in the in best interests of investors to prohibit pooled crypto assets or ‘floats’. Most Platforms pool assets, citing reasons of practicality and expense. The recent hack of the world’s largest Platform – Binance – demonstrates the vulnerability of participants’ assets when such concessions are made. In this instance, the Platform’s entire hot wallet of Bitcoins, worth over $40 million, was stolen, facilitated in part by the pooling of client crypto assets." "the maintenance of participants (and Platform) crypto assets across multiple wallets distributes the related risk and responsibility of security - reducing the amount of insurance coverage required and making insurance coverage more readily obtainable". For the record, their reply also said nothing whatsoever about multi-sig or offline storage.
In addition to the fact that the $40m hack represented only one "hot wallet" of Binance, and they actually had the vast majority of assets in other wallets (including mostly cold wallets), multiple real cases have clearly demonstrated that risk is still present with multiple wallets. Bitfinex, VinDAX, Bithumb, Altsbit, BitPoint, Cryptopia, and just recently KuCoin all had multiple wallets breached all at the same time, and may represent a significantly larger impact on customers than the Binance breach which was fully covered by Binance. To represent that simply having multiple separate wallets under the same security scheme is a comprehensive way to reduce risk is just not true.
Private insurance has historically never covered a single loss in the cryptocurrency space (at least, not one that I was able to find), and there are notable cases where massive losses were not covered by insurance. Bitpay in 2015 and Yapizon in 2017 both had insurance policies that didn't pay out during the breach, even after a lengthly court process. The same insurance that ShakePay is presently using (and announced to much fanfare) was describe by their CEO himself as covering “physical theft of the media where the private keys are held,” which is something that has never historically happened. As was said with regard to the same policy in 2018 - “I don’t find it surprising that Lloyd’s is in this space,” said Johnson, adding that to his mind the challenge for everybody is figuring out how to structure these policies so that they are actually protective. “You can create an insurance policy that protects no one – you know there are so many caveats to the policy that it’s not super protective.”
The most profitable policy for a private insurance company is one with the most expensive premiums that they never have to pay a claim on. They have no inherent incentive to take care of people who lost funds. It's "cheaper" to take the reputational hit and fight the claim in court. The more money at stake, the more the insurance provider is incentivized to avoid payout. They're not going to insure the assets unless they have reasonable certainty to make a profit by doing so, and they're not going to pay out a massive sum unless it's legally forced. Private insurance is always structured to be maximally profitable to the insurance provider.
The circumvention of multi-sig was a key factor in the massive Bitfinex hack of over $60m of bitcoin, which today still sits being slowly used and is worth over $3b. While Bitfinex used a qualified custodian Bitgo, which was and still is active and one of the industry leaders of custodians, and they set up 2 of 3 multi-sig wallets, the entire system was routed through Bitfinex, such that Bitfinex customers could initiate the withdrawals in a "hot" fashion. This feature was also a hit with the hacker. The multi-sig was fully circumvented.
Bitpay in 2015 was another example of a breach that stole 5,000 bitcoins. This happened not through the exploit of any system in Bitpay, but because the CEO of a company they worked with got their computer hacked and the hackers were able to request multiple bitcoin purchases, which Bitpay honoured because they came from the customer's computer legitimately. Impersonation is a very common tactic used by fraudsters, and methods get more extreme all the time.
A notable case in Canada was the Canadian Bitcoins exploit. Funds were stored on a server in a Rogers Data Center, and the attendee was successfully convinced to reboot the server "in safe mode" with a simple phone call, thus bypassing the extensive security and enabling the theft.
The very nature of custodians circumvents multi-sig. This is because custodians are not just having to secure the assets against some sort of physical breach but against any form of social engineering, modification of orders, fraudulent withdrawal attempts, etc... If the security practices of signatories in a multi-sig arrangement are such that the breach risk of one signatory is 1 in 100, the requirement of 3 independent signatures makes the risk of theft 1 in 1,000,000. Since hackers tend to exploit the weakest link, a comparable custodian has to make the entry and exit points of their platform 10,000 times more secure than one of those signatories to provide equivalent protection. And if the signatories beef up their security by only 10x, the risk is now 1 in 1,000,000,000. The custodian has to be 1,000,000 times more secure. The larger and more complex a system is, the more potential vulnerabilities exist in it, and the fewer people can understand how the system works when performing upgrades. Even if a system is completely secure today, one has to also consider how that system might evolve over time or work with different members.
By contrast, offline multi-signature solutions have an extremely solid record, and in the entire history of cryptocurrency exchange incidents which I've studied (listed here), there has only been one incident (796 exchange in 2015) involving an offline multi-signature wallet. It happened because the customer's bitcoin address was modified by hackers, and the amount that was stolen ($230k) was immediately covered by the exchange operators. Basically, the platform operators were tricked into sending a legitimate withdrawal request to the wrong address because hackers exploited their platform to change that address. Such an issue would not be prevented in any way by the use of a custodian, as that custodian has no oversight whatsoever to the exchange platform. It's practical for all exchange operators to test large withdrawal transactions as a general policy, regardless of what model is used, and general best practice is to diagnose and fix such an exploit as soon as it occurs.
False promises on the backing of funds played a huge role in the downfall of Quadriga, and it's been exposed over and over again (MyCoin, PlusToken, Bitsane, Bitmarket, EZBTC, IDAX). Even today, customers have extremely limited certainty on whether their funds in exchanges are actually being backed or how they're being backed. While this issue is not unique to cryptocurrency exchanges, the complexity of the technology and the lack of any regulation or standards makes problems more widespread, and there is no "central bank" to come to the rescue as in the 2008 financial crisis or during the great depression when "9,000 banks failed".
In addition to fraudulent operations, the industry is full of cases where operators have suffered breaches and not reported them. Most recently, Einstein was the largest case in Canada, where ongoing breaches and fraud were perpetrated against the platform for multiple years and nobody found out until the platform collapsed completely. While fraud and breaches suck to deal with, they suck even more when not dealt with. Lack of visibility played a role in the largest downfalls of Mt. Gox, Cryptsy, and Bitgrail. In some cases, platforms are alleged to have suffered a hack and keep operating without admitting it at all, such as CoinBene.
It surprises some to learn that a cryptographic solution has already existed since 2013, and gained widespread support in 2014 after Mt. Gox. Proof of Reserves is a full cryptographic proof that allows any customer using an exchange to have complete certainty that their crypto-assets are fully backed by the platform in real-time. This is accomplished by proving that assets exist on the blockchain, are spendable, and fully cover customer deposits. It does not prove safety of assets or backing of fiat assets.
If we didn't care about privacy at all, a platform could publish their wallet addresses, sign a partial transaction, and put the full list of customer information and balances out publicly. Customers can each check that they are on the list, that the balances are accurate, that the total adds up, and that it's backed and spendable on the blockchain. Platforms who exclude any customer take a risk because that customer can easily check and see they were excluded. So together with all customers checking, this forms a full proof of backing of all crypto assets.
However, obviously customers care about their private information being published. Therefore, a hash of the information can be provided instead. Hash is one-way encryption. The hash allows the customer to validate inclusion (by hashing their own known information), while anyone looking at the list of hashes cannot determine the private information of any other user. All other parts of the scheme remain fully intact. A model like this is in use on the exchange CoinFloor in the UK.
A Merkle tree can provide even greater privacy. Instead of a list of balances, the balances are arranged into a binary tree. A customer starts from their node, and works their way to the top of the tree. For example, they know they have 5 BTC, they plus 1 other customer hold 7 BTC, they plus 2-3 other customers hold 17 BTC, etc... until they reach the root where all the BTC are represented. Thus, there is no way to find the balances of other individual customers aside from one unidentified customer in this case.
Proposals such as this had the backing of leaders in the community including Nic Carter, Greg Maxwell, and Zak Wilcox. Substantial and significant effort started back in 2013, with massive popularity in 2014. But what became of that effort? Very little. Exchange operators continue to refuse to give visibility. Despite the fact this information can often be obtained through trivial blockchain analysis, no Canadian platform has ever provided any wallet addresses publicly. As described by the CEO of Newton "For us to implement some kind of realtime Proof of Reserves solution, which I'm not opposed to, it would have to ... Preserve our users' privacy, as well as our own. Some kind of zero-knowledge proof". Kraken describes here in more detail why they haven't implemented such a scheme. According to professor Eli Ben-Sasson, when he spoke with exchanges, none were interested in implementing Proof of Reserves.
And yet, Kraken's places their reasoning on a page called "Proof of Reserves". More recently, both BitBuy and ShakePay have released reports titled "Proof of Reserves and Security Audit". Both reports contain disclaimers against being audits. Both reports trust the customer list provided by the platform, leaving the open possibility that multiple large accounts could have been excluded from the process. Proof of Reserves is a blockchain validation where customers see the wallets on the blockchain. The report from Kraken is 5 years old, but they leave it described as though it was just done a few weeks ago. And look at what they expect customers to do for validation. When firms represent something being "Proof of Reserve" when it's not, this is like a farmer growing fruit with pesticides and selling it in a farmers market as organic produce - except that these are people's hard-earned life savings at risk here. Platforms are misrepresenting the level of visibility in place and deceiving the public by their misuse of this term. They haven't proven anything.
Fraud isn't a problem that is unique to cryptocurrency. Fraud happens all the time. Enron, WorldCom, Nortel, Bear Stearns, Wells Fargo, Moser Baer, Wirecard, Bre-X, and Nicola are just some of the cases where frauds became large enough to become a big deal (and there are so many countless others). These all happened on 100% reversible assets despite regulations being in place. In many of these cases, the problems happened due to the over-complexity of the financial instruments. For example, Enron had "complex financial statements [which] were confusing to shareholders and analysts", creating "off-balance-sheet vehicles, complex financing structures, and deals so bewildering that few people could understand them". In cryptocurrency, we are often combining complex financial products with complex technologies and verification processes. We are naïve if we think problems like this won't happen. It is awkward and uncomfortable for many people to admit that they don't know how something works. If we want "money of the people" to work, the solutions have to be simple enough that "the people" can understand them, not so confusing that financial professionals and technology experts struggle to use or understand them.
For those who question the extent to which an organization can fool their way into a security consultancy role, HB Gary should be a great example to look at. Prior to trying to out anonymous, HB Gary was being actively hired by multiple US government agencies and others in the private sector (with glowing testimonials). The published articles and hosted professional security conferences. One should also look at this list of data breaches from the past 2 years. Many of them are large corporations, government entities, and technology companies. These are the ones we know about. Undoubtedly, there are many more that we do not know about. If HB Gary hadn't been "outted" by anonymous, would we have known they were insecure? If the same breach had happened outside of the public spotlight, would it even have been reported? Or would HB Gary have just deleted the Twitter posts, brought their site back up, done a couple patches, and kept on operating as though nothing had happened?
In the case of Quadriga, the facts are clear. Despite past experience with platforms such as MapleChange in Canada and others around the world, no guidance or even the most basic of a framework was put in place by regulators. By not clarifying any sort of legal framework, regulators enabled a situation where a platform could be run by former criminal Mike Dhanini/Omar Patryn, and where funds could be held fully unchecked by one person. At the same time, the lack of regulation deterred legitimate entities from running competing platforms and Quadriga was granted a money services business license for multiple years of operation, which gave the firm the appearance of legitimacy. Regulators did little to protect Canadians despite Quadriga failing to file taxes from 2016 onward. The entire administrative team had resigned and this was public knowledge. Many people had suspicions of what was going on, including Ryan Mueller, who forwarded complaints to the authorities. These were ignored, giving Gerald Cotten the opportunity to escape without justice.
There are multiple issues with the SOC II model including the prohibitive cost (you have to find a third party accounting firm and the prices are not even listed publicly on any sites), the requirement of operating for a year (impossible for new platforms), and lack of any public visibility (SOC II are private reports that aren't shared outside the people in suits).
Securities frameworks are expensive. Sarbanes-Oxley is estimated to cost $5.1 million USD/yr for the average Fortune 500 company in the United States. Since "Fortune 500" represents the top 500 companies, that means well over $2.55 billion USD (~$3.4 billion CAD) is going to people in suits. Isn't the problem of trust and verification the exact problem that the blockchain is supposed to solve?
To use Quadriga as justification for why custodians or SOC II or other advanced schemes are needed for platforms is rather silly, when any framework or visibility at all, or even the most basic of storage policies, would have prevented the whole thing. It's just an embarrassment.
We are now seeing regulators take strong action. CoinSquare in Canada with multi-million dollar fines. BitMex from the US, criminal charges and arrests. OkEx, with full disregard of withdrawals and no communication. Who's next?
We have a unique window today where we can solve these problems, and not permanently destroy innovation with unreasonable expectations, but we need to act quickly. This is a unique historic time that will never come again.
Hi everybody, I'm holding a meetup in the DFW area for people interested in Urbit next month. If you're interested in the project or want to learn more about it, come hang out! Details are at the end of the post. I've got the blessing of u/ZorbaTHut to post this here contingent on explaining why Urbit is interesting, both in general and for this audience, so I'll give you a brief outline of the project if you're not familiar, and answer questions you may have once I'm home from work on Monday (though I encourage anybody else who'd like to to chime in until then -- I have to go to bed soon.)
What is Urbit?
Urbit is an interenet decentralization project, and a full networked computing stack from the ground up. Urbit's ultimate goal is to build a new internet on top of the old one, that is architecturally designed to avoid the need for centralized services by allowing individuals to run and program robust personal servers that are simple to manage. When Urbit conquers the world, your digital identity will be something you personally permanently own as a cryptographic key, not an line in a corporation's database; Facebook and Twitter will be protocols -- encrypted traffic and data shared directly between you and your friends & family, with no middlemen spying on you; your apps, social software and anything you program will have secure cryptocurrency payment mechanisms as a system call, payed out of a wallet on a device you fully control; and you will tangibly own and control your computer and the networked software you use on it. As I said, Urbit is a stack; at its core is Nock, a minimal, turing-complete function. Nock is built out into a deterministic operating system, Arvo, with its own functional programming language. For now, Arvo runs as a process, with a custom VM/interpreter on *nix machines. Your Arvo instance talks to other instances over a native, encrypted peer-to-peer network, though it can interface with the normal internet as well. Urbit's identity management system is called Azimuth, a public key infrastructure built on Ethereum. You own proof of your Urbit instance's identity as a token in the same way you own your Bitcoin wallet. Because the peer-to-peer network is built into Arvo, you get it 'for free' with any software you write or run on it. You run your own personal server, and run all the software you use to communicate with the world yourself. Because all of your services are running on computer you control using a single secure identity system, you can think of what it aspires to like a decentralized, cypherpunk version of WeChat -- a programmable, secure platform for everything you want to do with your computer in one place, without the downsides of other people running your software.
Why is it interesting?
Urbit is extremely ambitious and pretty strange. Why throw out the entire stack we've spent half a century building? Because it's a giant ball of mud -- millions of lines of code in the Linux kernel alone, with all the attendant security issues and complexity. You can run a personal server today if you're technically sophisticated; spin up a VPS, install all the software you need, configure everything and keep it secure. It's doable, but it sucks, and your mom can't do it. Urbit is designed from the beginning to avoid the pitfalls that led to cascading system complexity. Nock has 12 opcodes, and Arvo is somewhere in the neighborhood of 30,000 lines of code. The core pieces of Urbit are also ticking towards being 'frozen' -- reaching a state where they can no longer be changed, in order to ensure that they remain absolutely minimal. The point of all of this is to make a diamond-hard, unchanging core that a single person can actually understand in its entirety, ensure the security of the architecture, prevent insane dependency hell and leaky abstractions from overgrowing it, and allow for software you write today to run in a century. It also aims to be simple enough that a normal person can pay a commodity provider $5/mo (or something), log into their Urbit on their devices, and control it as easily as their phone. Urbit's network also has a routing hierarchy that is important to understand; while the total address space is 128-bit, the addresses are partitioned into different classes. 8-bit and 16-bit addresses act as network infrastructure, while human instances use 32-bit addresses. To use the network, you must be sponsored by the 16-bit node 'above' you -- which is to say 'be on good terms'. If you aren't on good terms, that sponsorship can be terminated, but that goes both ways -- if you don't like your sponsor, you can exit and choose another. Because 32-bit addresses are finite, they're scarce and have value, which disincentivizes spam and abuse. To be clear, the sponsor nodes only sign/deliver software updates, and perform peer discovery and NAT traversal; your connections with other people are direct and encrypted. Because there are many sponsor nodes, you can return to the network if you're kicked off unfairly. In the long term, this also allows for graceful political fragmentation of the network if necessary. The world created by Urbit is a world where individuals control their own data and digital communities live according to their mores. It's an internet that isn't funded by mass automated surveillance and ad companies that know your health problems. It's also the internet as a frontier like it once was, at least until this one is settled. Apologies if this comes off a little true-believer-y, but this project is something I'm genuinely excited about.
The world that Urbit aims to build is one not dissimilar from Scott's archipelago communism -- one of voluntaristic relations and communities, and exit in the face of conflict & coercion. It's technical infrastructure to move the internet away from the chokepoints of the major social media platforms and the concentration of political power that comes with centralized services. The seismic shifts affecting our institutions and society caused by the internet in the last decade have been commented on at length here and elsewhere, but as BTO said, you ain't seen nothin' yet. I suspect many people with a libertarian or anti-authoritarian bent would appreciate the principle of individual sovereignty over their computing and data. The project is also something I've discussed a few times with others on here, so I know there's some curiosity about it. The original developer of Urbit is also rather well known online, especially around here. Yarvin is a pretty controversial figure, but he departed the project in early 2019.
There's a lot more that I haven't mentioned, but I hope this has piqued your interest. If you're in DFW, you can find details of the first meetup here. There will be free pizza and a presentation about Urbit, help installing & using it (Mac & Linux only for now), as well as the opportunity to socialize. All are welcome! Feel free to bring a friend. If you're not in North Texas but are interested, there are also other regional meetups all over the world coming up soon.
STATUS: Majority of questions have been answered. If yours got missed, please feel free to post it again. Introduction All, Based on the rapid increase in popularity and price of bitcoin and other crypto currencies (particularly over the past year), I expect that lots of people have questions about how crypto currency will impact their taxes. This thread attempts to address several common issues. I'm posting similar versions of it here, in several major crypto subs, and eventually in the weekly "tax help" threads personalfinance runs. I'd like to thank the /personalfinance mod team and the /tax community for their help with this thread and especially for reading earlier versions and offering several valuable suggestions/corrections. This thread is NOT an endorsement of crypto currency as an investing strategy. There is a time and a place to debate the appropriateness of crypto as part of a diversified portfolio - but that time is not now and that place is not here. If you are interested in the general consensus of this sub on investing, I would urge you to consult the wiki while keeping in mind the general flowchart outlining basic steps to get your finances in order. Finally, please note that this thread attempts to provide information about your tax obligations as defined by United States law (and interpreted by the IRS under the direction of the Treasury Department). I understand that a certain portion of the crypto community tends to view crypto as "tax free" due to the (actual and perceived) difficulty for the IRS to "know" about the transactions involved. I will not discuss unlawfully concealing crypto gains here nor will I suggest illegal tax avoidance activities. The Basics This section is best for people that don't understand much about taxes. It covers some very basic tax principles. It also assumes that all you did during the year was buy/sell a single crypto currency. Fundamentally, the IRS treats crypto not as money, but as an asset (investment). While there are a few specific "twists" when it comes to crypto, when in doubt replace the word "crypto" with the word "stock" and you will get a pretty good idea how you should report and pay tax on crypto. The first thing you should know is that the majority of this discussion applies to the taxes you are currently working on (2017 taxes). The tax bill that just passed applies to 2018 taxes (with a few very tiny exceptions), which most people will file in early 2019. In general, you don't have to report or pay taxes on crypto currency holdings until you "cash out" all or part of your holdings. For now, I'm going to assume that you cash out by selling them for USD; however, other forms of cashing out will be covered later. When you sell crypto, you report the difference between your basis (purchase price) and proceeds (sale price) on Schedule D. Your purchase price is commonly referred to as your basis; while the two terms don't mean exactly the same thing, they are pretty close to one another (in particular, there are three two ways to calculate your basis - your average cost, a first-in, first-out method, and a "specific identification" method. See more about these here and here). EDIT - you may not use average cost method with crypto - see here. If you sell at a gain, this gain increases your tax liability; if you sell at a loss, this loss decreases your tax liability (in most cases). If you sell multiple times during the year, you report each transaction separately (bad news if you trade often) but get to lump all your gains/losses together when determining how the trades impact your income. One important thing to remember is that there are two different types of gains/losses from investments - short term gains (if you held an asset for one year or less) and long term gains (over one year; i.e. one year and one day). Short term gains are taxed at your marginal income rate (basically, just like if you had earned that money at a job) while long term gains are taxed at lower rates. For most people, long term capital gains are taxed at 15%. However, if you are in the 10% or 15% tax bracket, congrats - your gains (up to the maximum amount of "unused space" in your bracket) are tax free! If you are in the 25%, 28%, 33%, or 35% bracket, long term gains are taxed at 15%. If you are in the 39.6% bracket, long term gains are taxed at 20%. Additionally, there is an "extra" 3.8% tax that applies to gains for those above $200,000/$250,000 (single/married). The exact computation of this tax is a little complicated, but if you are close to the $200,000 level, just know that it exists. Finally, you should know that I'm assuming that you should treat your crypto gains/losses as investment gains/losses. I'm sure some people will try and argue that they are really "day traders" of crypto and trade as a full time job. While this is possible, the vast majority of people don't qualify for this status and you should really think several times before deciding you want to try that approach on the IRS. "Cashing Out" - Trading Crypto for Goods/Services I realize that not everyone that "cashes out" of crypto does so by selling it for USD. In fact, I understand that some in the crypto community view the necessity of cashing out itself as a type of myth. In this section, I discuss what happens if you trade your crypto for basically anything that isn't cash (minor sidenote - see next section for a special discussion on trading crypto for crypto; i.e. buying altcoins with crypto). The IRS views trading crypto for something of value as a type of bartering that must be included in income. From the IRS's perspective, it doesn't matter if you sold crypto for cash and bought a car with that cash or if you just traded crypto directly for the car - in both cases, the IRS views you as having sold your crypto. This approach isn't unique to crypto - it works the same way if you trade stock for something. This means that if you do trade your crypto for "stuff", you have to report every exchange as a sale of your crypto and calculate the gain/loss on that sale, just as if you had sold the crypto for cash. Finally, there is one important exception to this rule. If you give your crypto away to charity (one recognized by the IRS; like a 501(c)(3) organization), the IRS doesn't make you report/pay any capital gains on the transaction. Additionally, you still get to deduct the value of your donation on the date it was made. Now, from a "selfish" point of view, you will always end up with more money if you sell the crypto, pay the tax, and keep the rest. But, if you are going to make a donation anyway, especially a large one, giving crypto where you have a big unrealized/untaxed gain is a very efficient way of doing so. "Alt Coins" - Buying Crypto with Crypto The previous section discusses what happens when you trade crypto for stuff. However, one thing that surprises many people is that trading crypto for crypto is also a taxable event, just like trading crypto for a car. Whether you agree with this position or not, it makes a lot of sense once you realize that the IRS doesn't view crypto as money, but instead as an asset. So to the IRS, trading bitcoin for ripple isn't like trading dollars for euros, but it is instead like trading shares of Apple stock for shares of Tesla stock. Practically, what this means is that if you trade one crypto for another crypto (say BTC for XRP just to illustrate the point), the IRS views you as doing the following:
Selling for cash the amount of BTC you actually traded for XRP.
Owing capital gains/losses on the BTC based on its selling price (the fair market value at the moment of the exchange) and your purchase price (basis).
Buying a new investment (XRP) with a cost basis equal to the amount the BTC was worth when you exchanged them.
This means that if you "time" your trade wrong and the value of XRP goes down after you make the exchange, you still owe tax on your BTC gain even though you subsequently lost money. The one good piece of news in this is that when/if you sell your XRP (or change it back to BTC), you will get a capital loss for the value that XRP dropped. There is one final point worth discussing in this section - the so called "like kind exchange" rules (aka section 1031 exchange). At a high level, these rules say that you can "swap" property with someone else without having to pay taxes on the exchange as long as you get property in return that is "like kind". Typically, these rules are used in real estate transactions. However, they can also apply to other types of transactions as well. While the idea is simple (and makes it sound like crypto for crypto should qualify), the exact rules/details of this exception are very fact specific. Most experts (including myself, but certainly not calling myself an expert) believe that a crypto for crypto swap is not a like kind exchange. The recently passed tax bill also explicitly clarifies this issue - starting in 2018, only real estate qualifies for like kind exchange treatment. So, basically, the vast majority of evidence suggests that you can't use this "loophole" for 2017; however, there is a small minority view/some small amount of belief that this treatment would work for 2017 taxes and it is worth noting that I'm unaware of any court cases directly testing this approach. Dealing with "Forks" Perhaps another unpleasant surprise for crypto holders is that "forks" to create a new crypto also very likely generate a taxable event. The IRS has long (since at least the 1960s) held that "found" money is a taxable event. This approach has been litigated in court and courts have consistently upheld this position; it even has its own cool nerdy tax name - the "treasure trove" doctrine. Practically, what this means is that if you owned BTC and it "forked" to create BCH, then the fair market value of the BCH you received is considered a "treasure trove" that must be reported as income (ordinary income - no capital gain rates). This is true whether or not you sold your BCH; if you got BCH from a fork, that is a taxable event (note - I'll continue using BTC forking to BCH in this section as an example, but the logic applies to all forks). While everything I've discussed up to this point is pretty clearly established tax law, forks are really where things get messy with taxes. Thus, the remainder of this section contains more speculation than elsewhere in this post - the truth is that while the idea is simple (fork = free money = taxable), the details are messy and other kinds of tax treatment might apply to forks. One basic practical problem with forks is that the new currency doesn't necessarily start trading immediately. Thus, you may have received BCH before there was a clear price or market for it. Basically, you owe tax on the value of BCH when you received it, but it isn't completely clear what that value was. There are several ways you can handle this; I'll list them in order from most accurate to least accurate (but note that this is just my personal view and there is ongoing disagreement on this issue with little/no authoritative guidance).
Use a futures market to determine the value of the BCH - if reliable sources published realistic estimates of what BCH will trade for in the future once trading begins, use this estimate as the value of your BCH. Pros/cons - futures markets are, in theory, pretty accurate. However, if they are volatile/subject to manipulation, they may provide an incorrect estimate of the true value of BCH. It would suck to use the first futures value published only to have that value plummet shortly thereafter, leaving you to pay ordinary income tax but only have an unrealized capital loss.
Wait until an exchange starts trading BCH; use the actual ("spot" price) as the value. Pros/cons - spot prices certainly reflect what you could have sold BCH for; however, it is possible that the true value of the coin was highelower when you received it as compared to when it started trading on the exchange. Thus this method seems less accurate to me than a futures based approach, but it is still certainly fairly reasonable.
Assume that the value is $0. This is my least preferred option, but there is still a case to be made for it. If you receive something that you didn't want, can't access, can't sell, and might fail, does it have any value? I believe the answer is yes (maybe not value it perfectly, but value it somewhat accurately), but if you honestly think the answer is no, then the correct tax answer would be to report $0 in income from the fork. The IRS would be most likely to disagree with this approach, especially since it results in the least amount of income reported for the current year (and the most favorable rates going forward). Accordingly, if you go this route, make extra sure you understand what it entails.
Note, once you've decided what to report as taxable income, this amount also becomes your cost basis in the new crypto (BCH). Thus, when you ultimately sell your BCH (or trade it for something else as described above), you calculate your gain/loss based on what you included in taxable income from the fork. Finally, there is one more approach to dealing with forks worth mentioning. A fork "feels" a lot like a dividend - because you held BTC, you get BCH. In a stock world, if I get a cash dividend because I own the stock, that money is not treated as a "treasure trove" and subject to ordinary income rates - in most cases, it is a qualified dividend and subject to capital gain rates; in some cases, some types of stock dividends are completely non taxable. This article discusses this idea in slightly more detail and generally concludes that forks should not be treated as a dividend. Still, I would note that I'm unaware of any court cases directly testing this theory. Ultimately, this post is supposed to be practical, so let me make sure to leave you with two key thoughts about the taxation of forks. First, I believe that the majority of evidence suggests that forks should be treated as a "treasure trove" and reported as ordinary income based on their value at creation and that this is certainly the "safest" option. Second, out of everything discussed in this post, I also believe that the correct taxation of forks is the murkiest and most "up for debate" area. If you are interested in a more detailed discussion of forks, see this thread for a previous version of this post discussing it at even more length and the comments for a discussion of this with the tax community. Mining Crypto Successfully mining crypto coins is a taxable event. Depending on the amount of effort you put into mining, it is either considered a hobby or a self-employment (business) activity. The IRS provides the following list of questions to help decide the correct classification:
The manner in which the taxpayer carries on the activity.
The expertise of the taxpayer or his advisors.
The time and effort expended by the taxpayer in carrying on the activity.
Expectation that assets used in activity may appreciate in value.
The success of the taxpayer in carrying on other similar or dissimilar activities.
The taxpayer’s history of income or losses with respect to the activity.
The amount of occasional profits, if any, which are earned.
If this still sounds complicated, that's because the distinction is subject to some amount of interpretation. As a rule of thumb, randomly mining crypto on an old computer is probably a hobby; mining full time on a custom rig is probably a business. In either event, you must include in income the fair market value of any coins you successfully mine. These are ordinary income and your basis in these coins is their fair market value on the date they were mined. If your mining is a hobby, they go on line 21 (other income) and any expenses directly associated with mining go on schedule A (miscellaneous subject to 2% of AGI limitation). If your mining is a business, income and expenses go on schedule C. Both approaches have pros and cons - hobby income isn't subject to the 15.3% self-employment tax, only normal income tax, but you get fewer deductions against your income and the deductions you get are less valuable. Business income has more deductions available, but you have to pay payroll (self-employment) tax of about 15.3% in addition to normal income tax. What if I didn't keep good records? Do I really have to report every transaction? One nice thing about the IRS treating crypto as an asset is that we can look at how the IRS treats people that "day trade" stock and often don't keep great records/have lots of transactions. While you need to be as accurate as possible, it is ok to estimate a little bit if you don't have exact records (especially concerning your cost basis). You need to put in some effort (research historical prices, etc...) and be reasonable, but the IRS would much rather you do a little bit of reasonable estimation as opposed to just not reporting anything. Sure, they might decide to audit you/disagree with some specifics, but you earn yourself a lot of credit if you can show that you honestly did the best you reasonably could and are making efforts to improve going forward. However, concerning reporting every transaction - yes, sorry, it is clear that you have to do this, even if you made hundreds or thousands of them. Stock traders have had to go through this for many decades, and there is absolutely no reason to believe that the IRS would accept anything less from the crypto community. If you have the records or have any reasonable way of obtaining records/estimating them, you must report every transaction. What if I don't trust you? Well, first let me say that I can't believe you made it all the way down here to this section. Thanks for giving me an honest hearing. I would strongly encourage you to go read other well-written, honest guides. I'll link to some I like (both more technical IRS type guides and more crypto community driven guides). While a certain portion of the crypto community seems to view one of the benefits of crypto as avoiding all government regulation (including taxes), I've been pleasantly surprised to find that many crypto forums contain well reasoned, accurate tax guides. While I may not agree with 100% of their conclusions, that likely reflects true uncertainty around tax law that is fundamentally complex rather than an attempt on either end to help individuals unlawfully avoid taxes. IRS guides
Want to start fresh after the crypto crash? Here is a comprehensive guide on how to invest and prosper over the long term.
Well its happened, the crypto market just experienced the worst crash since 2014, the bubble has burst. The idiocy of newbies FOMO-ing into anything with low nominal value lead to endless twitter timelines like this, and now nobody has any idea where the market settles. What do you do now? In the following weeks it will be a good time to rethink your investment approach and how you arrive at your decisions. Just buying whatever is shilled on Twitter or Reddit and jumping from one crypto to another isn't going to work like it did these last two months. The good news is that we're finally back closer and closer to our long term moving average which is much more healthy for entrants, the bad news is that the fear might continue compounding if outstanding issues are not dealt with. Tether is the big concern for me personally for reasons I've stated many times, but some relief in the short term may come if the SEC and CFTC meeting on February 6th goes well. Nobody really knows where the bottom is but I think we're now past the "irrational exhuberance" stage and we're entering a period of more serious inspection where cryptos will actually have to prove themselves as useful. I suspect hype artists like CryptoNick and John McAfee will fall out of favor. But perhaps most importantly use this as a learning experience, don't try to point fingers now. The type of dumb behavior that people were engaging in that was rewarded in a bull market (chasing pumps, going all in on a shillcoin, following hype..etc) could only ever lead to what we are experiencing now. Just like so many people jumped on the crypto bandwagon during the bull run, they will just as quickly jump on whatever bandwagon is to be used to blame for the deflation of the bubble. Nobody who pumped money into garbage without any use case will accept that they themselves with their own investing behavior were the real reason for the gross overvaluation of most cryptocurrencies, and the inevitable crash. So if you're looking for a fresh start after the massacre (or just want to get in now), here is a guide:
Part A: Making a Investment Strategy
This is your money, put some effort into investing it with an actual strategy. Some simple yet essential advice that should apply to everyone, regardless of individual strategy:
Slow down and research each crypto that you're buying for at least a week.
Don't buy something just because it has risen.
Don't exit a position just because it has declined.
Invest only as much as you can afford to lose.
Prepare enter and exit strategies in advance.
First take some time to think about your ROI target, set your hold periods for each position and how much you are actually ready to risk losing. ROI targets A lot of young investors who are in crypto have unrealistic expectations about returns and risk. A lot of them have never invested in any other type of financial asset, and hence many seem to consider a 5-10% ROI in a month to be unexciting. But its important to temper your hype and realize why we had this exponential growth in the last year and how unlikely it is that we see 10x returns in the next year. What we saw recently was Greater Fool Theory in action. Those unexciting returns of 5-10% a month are much more of the norm, and much more healthy for an alternative investment class. You can think about setting a target in terms of the market ROI over a relevant holding period and then add or decrease based on your own risk profile. Example: Calculating a 2 year ROI target Lets say you want to hold for 2 years now, how could you set a realistic target to strive for? You could look at a historical 2 year return as a base, preferably during a period similar to what we're facing now. Now that we had a major correction, I think we can look at the two year period starting in 2015 after we had the 2014 crash. To calculate a 2 year CAGR starting in 2015:
Total Crypto Market Cap
Jan 1, 2015:
Jan 1, 2017:
Compounded annual growth return (CAGR): [(18/5.5)1/2]-1 = 81% This annual return rate of 81% comes out to about 4.9% compounded monthly. This may not sound exciting to the lambo moon crowd, but it will keep you grounded in reality. You can aim for a higher return (say 2x of that 81% rate) if you choose to take on more risky propositions. I can't tell you what return target you should set for yourself, but just make sure its not depended on you needing to achieve continual near vertical parabolic price action in small cap shillcoins because that isn't sustainable. Once you have a target you can construct your risk profile (low risk vs. high risk category coins) in your portfolio based on your target. Risk Management Everything you buy in crypto is risky, but it still helps to think of these 3 risk categories:
Core holdings - This is the exchange pairing cryptos and those that are well established. These are almost sure to be around in 5 years, and will recover after any bear market. The Coinbase pairs (Bitcoin, Litecoin and Ethereum) are in this class of risk, and I would also argue Monero.
Medium Risk Speculative - These would be cryptos which generally have a working product and niche, but higher risk than Core. Things like ZCash and Ripple, relatively established history but still uncertainty over long term viability.
High Risk Speculative - This is anything created within the last few months, ICOs, low caps, shillcoins...etc. Most cryptos are in this category.
How much risk should you take on? That depends on your own life situation for one, but also it should be proportional to how much expertise you have in both financial analysis and technology. The general starting point I would recommend is:
50-70% for newbies in Low Risk Core, then you can go down to 30% as you gains confidence and experience
Always try to keep at least a 1/3rd in safe core positions
Don't go all in on speculative picks.
Some more core principles on risk management to consider:
Diversify across sectors and rebalance your allocations periodically.
Consider using dollar cost averaging to enter a position. This generally means investing a X amount over several periods, instead of at once. You can also use downward biased dollar cost averaging to mitigate against downward risk. For example instead of investing $1000 at once in a position at market price, you can buy $500 at the market price today then set several limit orders at slightly lower intervals (for example $250 at 5% lower than market price, $250 at 10% lower than market price). This way your average cost of acquisition will be lower if the crypto happens to decline over the short term.
Don't have more than 5-10% of your net worth in crypto.
Have the majority of your holdings in things you feel good holding for at least 2 years. Don't use the majority of your investment for day trading or short term investing.
Remember you didn't actually make any money until you take some profits, so take do some profits when everyone else is at peak FOMO-ing mode.
Have some fiat in reserve at a FDIC-insured exchange (ex. Gemini), and be ready to add to your winning positions on a pullback. This should be part of your entry strategy.
Consider what level of loss you can't accept in a position with a high risk factor, and use stop-limit orders to hedge against sudden crashes. Set you stop price at about 5-10% above your lowest limit. Stop-limit orders aren't perfect but they're better than having no hedging strategy for a risky microcap in case of some meltdown. Only you can determine what bags you are unwilling to hold.
You can think of each crypto having a risk factor that is the summation of the general crypto market risk (Rm), but also its own inherent risk specific to its own goals (Ri). Rt = Rm +Ri The market risk is something you cannot avoid, it is essentially the risk that is carried by the entire market over things like regulations. What you can minimize though the Ri, the specific risks with your crypto. That will depend on the team composition, geographic risks (for example Chinese coins like NEO carry regulatory risks specific to China), competition within the space and likelihood of adoption and other factors, which I'll describe in Part 2: Crypto Picking Methodology. Portfolio Allocation Along with thinking about your portfolio in terms of risk categories described above, I really find it helpful to think about the segments you are in. OnChainFX has some segment categorization but I generally like to bring it down to:
Think about your "Circle of Competence", your body of knowledge that allows you to evaluate an investment. Your ability to properly judge risk and potential is going to largely correlated to your understanding of the subject matter. If you don't know anything about how supply chains functions, how can you competently judge whether VeChain or WaltonChain will achieve adoption? If you don't understand anything about the tech when you read the Cardano paper, are you really able to determine how likely it is to be adopted? Consider the historic correlations between your holdings. Generally when Bitcoin pumps, altcoins dump but at what rate depends on the coin. When Bitcoin goes sideways we tend to see pumping in altcoins, while when Bitcoin goes down, everything goes down. You should diversify but really shouldn't be in much more than around 12 cryptos, because you simply don't have enough competency to accurately access the risk across every segment and for every type of crypto you come across. If you have over 20 different cryptos in your portfolio you should probably think about consolidating to a few sectors you understand well.
Part B: Crypto Picking Methodology (Due Dilligence)
Do you struggle on how to fundamentally analyze cryptocurrencies? Here is a 3-step methodology to follow to perform your due dilligence:
Step 1: Filtering and Research
There is so much out there that you can get overwhelmed. The best way to start is to think back to your own portfolio allocation strategy and what you would like to get more off. For example in my view enterprise-focused blockchain solutions will be important in the next few years, and so I look to create a list of various cryptos that are in that segment. Upfolio has brief descriptions of the top 100 cryptos and is filterable by categories, for example you can click the "Enterprise" category and you have a neat list of VEN, FCT, WTC...etc. Once you have a list of potential candidates, its time to read about them:
Critically evaluate the website. If it's a cocktail of nonsensical buzzwords, if its unprofessional and poorly made, stay away. Always look for a roadmap, compare to what was actually delivered so far. Always check the team, try to find them on LinkedIn and what they did in the past.
Read the whitepaper or business development plan. You should fully understand how this crypto functions and how its trying to create value. If there is no use case or if the use case does not require or benefit from a blockchain, move on.
Check the blockchain explorer. How is the token distribution across accounts? Are the big accounts selling? Try to figure out who the whales are (not always easy!) and what the foundation/founder account is based on the initial allocation.
Look at the Github repos, does it look empty or is there plenty of activity?
Search out the subreddit and look at a few Medium or Steem blogs about the coin. How "shilly" is the community, and how much engagement is there between developer and the community?
I would also go through the BitcoinTalk thread and Twitter mentions, judge both the length and quality of the discussion.
You can actually filter out a lot of scams and bad investments by simply keeping your eye out on the following red flags:
allocations that give way too much to the founder
guaranteed promises of returns (Bitcooonnneeeect!)
vague whitepapers filled with buzzwords
vague timelines and no clear use case
Github with no useful code and sparse activity
a team that is difficult to find information on
Step 2: Passing a potential pick through a checklist
Once you feel fairly confident that a pick is worth analyzing further, run them through a standardized checklist of questions. This is one I use, you can add other questions yourself:
Crypto Analysis Checklist
What is the problem or transactional inefficiency the coin is trying to solve?
What is the Dev Team like? What is their track record? How are they funded, organized?
How big is the market they're targeting?
Who is their competition and what does it do better?
What is the roadmap they created and how well have they kept to it?
What current product exists?
How does the token/coin actually derive value for the holder? Is there a staking mechanism or is it transactional?
Is there any new tech, and is it informational or governance based?
Can it be easily copied?
What are the weaknesses or problems with this crypto?
The last question is the most important. This is where the riskiness of your crypto is evaluated, the Ri I talked about above. Here you should be able to accurate place the crypto into one of the three risk categories. I also like to run through this checklist of blockchain benefits and consider which specific properties of the blockchain are being used by the specific crypto to provide some increased utility over the current transactional method:
Benefits of Cryptocurrency
Decentralization - no need for a third party to agree or validate transactions.
Transparency and trust - As blockchain are shared, everyone can see what transactions occur. Useful for something like an online casino.
Immutability - It is extremely difficult to change a transaction once its been put onto a blockchain
Distributed availability - The system is spread on thousands of nodes on a P2P network, so its difficult to take the system down.
Security - cryptographically secured transactions provide integrity
Simplification and consolidation - a blockchain can serve as a shared ledger in industries where multiple entities previously kept their own data sources
Quicker Settlement - In the financial industry when we're dealing with post-trade settlement, a blockchain can drastically increase the speed of verification
Cost - in some cases avoiding a third party verification would drastically reduce costs.
Step 3: Create a valuation model
You don't need to get into full modeling or have a financial background. Even a simple model that just tries to derive a valuation through relative terms will put you above most crypto investors. Some simple valuation methods that anyone can do: Probablistic Scenario Valuation This is all about thinking of scenarios and probability, a helpful exercise in itself. For example: Bill Miller, a prominent value investor, wrote a probabilistic valuation case for Bitcoin in 2015. He looked at two possible scenarios for probabalistic valuation:
becoming a store-of-value equal to gold (a $6.4 trillion value), with a .25% probability of occurring
replacing payment processors like VISA, MasterCard, etc. (a $350 million dollar value) with a 2.5% probability
Combining those scenarios would give you the total expected market cap: (0.25% x 6.4 trillion) + (2.5% x 350 million). Divide this by the outstanding supply and you have your valuation. Metcalfe's Law Metcalfe's Law which states that the value of a network is proportional to the square of the number of connected users of the system (n2). So you can compare various currencies based on their market cap and square of active users or traffic. We can alter this to crypto by thinking about it in terms of both users and transactions: For example, compare the Coinbase pairs:
Daily Transactions (last 24hrs)
Active Addresses (Peak 1Yr)
Metcalfe Ratio (Transactions Based)
Metcalfe Ratio (Address Based)
Generally the higher the ratio, the higher the valuation given for each address/transaction. Market Cap to Industry comparisons Another easy one is simply looking at the total market for the industry that the coin is supposedly targeting and comparing it to the market cap of the coin. Think of the market cap not only with circulating supply like its shown on CMC but including total supply. For example the total supply for Dentacoin is 1,841,395,638,392, and when multiplied by its price in early January we get a market cap that is actually higher than the entire industry it aims to disrupt: Dentistry. More complex valuation models If you would like to get into more fleshed out models with Excel, I highly recommend Chris Burniske's blog about using Quantity Theory of Money to build an equivalent of a DCF analysis for crypto. Here is an Excel file example of OMG done by Nodar Janashia using Chris' model . You should create multiple scenarios with multiple assumptions, both positive and negative. Have a base scenario and then moderately optimistic/pessimistic and highly optimistic/pessimistic scenario. Personally I like to see at least a 50% upward potential before investing from my moderately pessimistic scenario, but you can set your own safety margin. The real beneficial thing about modelling isn't even the price or valuation comparisons it spits out, but that it forces you to think about why the coin has value and what your own assumption about the future are. For example the discount rate you apply to the net present utility formula drastically affects the valuation, and it reflects your own assumptions of how risky the crypto is. What exactly would be a reasonable discount rate? What about the digital economy you are assuming for the coin, what levers affects its size and adoption and how likely are your assumptions to come true? You'll be a drastically more intelligent investor if you think about the fundamental variables that give your coin the market cap you think it should hold.
Summing it up
The time for lambo psychosis is over. But that's no reason to feel down, this is a new day and what many were waiting for. I've put together in one place here how to construct a portfolio allocation (taking into consideration risk and return targets), and how to go through a systematic crypto picking method. I'm won't tell you what to buy, you should always decide that for yourself and DYOR. But as long as you follow a rational and thorough methodology (feel free to modify anything I said above to suit your own needs) you will feel pretty good about your investments, even in times like these. Edit: Also get a crypto prediction ferret. You won't regret it.
Is Crypto Currency truly at risk due to Quantum Computers, and what can you do about it?
Is Crypto Currency truly at risk due to Quantum Computers, and what can you do about it?
There is no denying that the Quantum revolution is coming. Security protocols for the internet, banking, telecommunications, etc... are all at risk, and your Bitcoins (and alt-cryptos) are next! This article is not really about quantum computers[i], but, rather, how they will affect the future of cryptocurrency, and what steps a smart investor will take. Since this is a complicated subject, my intention is to provide just enough relevant information without being too “techy.”
The Quantum Evolution
In 1982, Nobel winning physicist, Richard Feynman, hypothesized how quantum computers[ii] would be used in modern life. Just one year later, Apple released the “Apple Lisa”[iii] – a home computer with a 7.89MHz processor and a whopping 5MB hard drive, and, if you enjoy nostalgia, it used 5.25in floppy disks. Today, we walk around with portable devices that are thousands of times more powerful, and, yet, our modern day computers still work in a simple manner, with simple math, and simple operators[iv]. They now just do it so fast and efficient that we forget what’s happening behind the scenes. No doubt, the human race is accelerating at a remarkable speed, and we’ve become obsessed with quantifying everything - from the everyday details of life to the entire universe[v]. Not only do we know how to precisely measure elementary particles, we also know how to control their actions! Yet, even with all this advancement, modern computers cannot “crack” cryptocurrencies without the use of a great deal more computing power, and since it’s more than the planet can currently supply, it could take millions, if not billions, of years. However, what current computers can’t do, quantum computers can! So, how can something that was conceptualized in the 1980’s, and, as of yet, has no practical application, compromise cryptocurrencies and take over Bitcoin? To best answer this question, let’s begin by looking at a bitcoin address.
What exactly is a Bitcoin address?
Well, in layman terms, a Bitcoin address is used to send and receive Bitcoins, and looking a bit closer (excuse the pun), it has two parts:[vi] A public key that is openly shared with the world to accept payments. A public key that is derived from the private key. The private key is made up of 256 bits of information in a (hopefully) random order. This 256 bit code is 64 characters long (in the range of 0-9/a-f) and further compressed into a 52 character code (using RIPEMD-160). NOTE: Although many people talk about Bitcoin encryption, Bitcoin does not use Encryption. Instead, Bitcoin uses a hashing algorithm (for more info, please see endnote below[vii]). Now, back to understanding the private key: The Bitcoin address “1EHNa6Q4Jz2uvNExL497mE43ikXhwF6kZm” translates to a private key of “5HpHagT65TZzG1PH3CSu63k8DbpvD8s5ip4nEB3kEsreAnchuDf” which further translates to a 256 bit private key of “0000000000000000000000000000000000000000000000000000000000000001” (this should go without saying, but do not use this address/private key because it was compromised long ago.) Although there are a few more calculations that go behind the scenes, these are the most relevant details. Now, to access a Bitcoin address, you first need the private key, and from this private key, the public key is derived. With current computers, it’s classically impractical to attempt to find a private key based on a public key. Simply put, you need the private key to know the public key. However, it has already been theorized (and technically proven) that due to private key compression, multiple private keys can be used to access the same public key (aka address). This means that your Bitcoin address has multiple private keys associated with it, and, if someone accidentally discovers or “cracks” any one of those private keys, they have access to all the funds in that specific address. There is even a pool of a few dedicated people hunting for these potential overlaps[viii], and they are, in fact, getting very efficient at it. The creator of the pool also has a website listing every possible Bitcoin private key/address in existence[ix], and, as of this writing, the pool averages 204 trillion keys per day! But wait! Before you get scared and start panic selling, the probability of finding a Bitcoin address containing funds (or even being used) is highly unlikely – nevertheless, still possible! However, the more Bitcoin users, the more likely a “collision” (finding overlapping private/public key pairs)! You see, the security of a Bitcoin address is simply based on large numbers! How large? Well, according to my math, 1.157920892373x1077 potential private keys exist (that number represents over 9,500 digits in length! For some perspective, this entire article contains just over 14,000 characters. Therefore, the total number of Bitcoin addresses is so great that the probability of finding an active address with funds is infinitesimal.
So, how do Quantum Computers present a threat?
At this point, you might be thinking, “How can a quantum computer defeat this overwhelming number of possibilities?” Well, to put it simple; Superposition and Entanglement[x]. Superposition allows a quantum bit (qbit) to be in multiple states at the same time. Entanglement allows an observer to know the measurement of a particle in any location in the universe. If you have ever heard Einstein’s quote, “Spooky Action at a Distance,” he was talking about Entanglement! To give you an idea of how this works, imagine how efficient you would be if you could make your coffee, drive your car, and walk your dog all at the same time, while also knowing the temperature of your coffee before drinking, the current maintenance requirements for your car, and even what your dog is thinking! In a nutshell, quantum computers have the ability to process and analyze countless bits of information simultaneously – and so fast, and in such a different way, that no human mind can comprehend! At this stage, it is estimated that the Bitcoin address hash algorithm will be defeated by quantum computers before 2028 (and quite possibly much sooner)! The NSA has even stated that the SHA256 hash algorithm (the same hash algorithm that Bitcoin uses) is no longer considered secure, and, as a result, the NSA has now moved to new hashing techniques, and that was in 2016! Prior to that, in 2014, the NSA also invested a large amount of money in a research program called “Penetrating Hard Targets project”[xi] which was used for further Quantum Computer study and how to break “strong encryption and hashing algorithms.” Does NSA know something they’re not saying or are they just preemptively preparing? Nonetheless, before long, we will be in a post-quantum cryptography world where quantum computers can crack crypto addresses and take all the funds in any wallet.
What are Bitcoin core developers doing about this threat?
Well, as of now, absolutely nothing. Quantum computers are not considered a threat by Bitcoin developers nor by most of the crypto-community. I’m sure when the time comes, Bitcoin core developers will implement a new cryptographic algorithm that all future addresses/transactions will utilize. However, will this happen before post-quantum cryptography[xii]? Moreover, even after new cryptographic implementation, what about all the old addresses? Well, if your address has been actively used on the network (sending funds), it will be in imminent danger of a quantum attack. Therefore, everyone who is holding funds in an old address will need to send their funds to a new address (using a quantum safe crypto-format). If you think network congestion is a problem now, just wait… Additionally, there is the potential that the transition to a new hashing algorithm will require a hard fork (a soft fork may also suffice), and this could result in a serious problem because there should not be multiple copies of the same blockchain/ledger. If one fork gets attacked, the address on the other fork is also compromised. As a side-note, the blockchain Nebulas[xiii] will have the ability to modify the base blockchain software without any forks. This includes adding new and more secure hashing algorithms over time! Nebulas is due to be released in 2018.
Who would want to attack Bitcoin?
Bitcoin and cryptocurrency represent a threat to the controlling financial system of our modern economy. Entire countries have outright banned cryptocurrency[xiv] and even arrested people[xv], and while discrediting it, some countries are copying cryptocurrency to use (and control) in their economy[xvi]! Furthermore, Visa[xvii], Mastercard[xviii], Discover[xix], and most banks act like they want nothing to do with cryptocurrency, all the while seeing the potential of blockchain technology and developing their own[xx]. Just like any disruptive technology, Bitcoin and cryptocurrencies have their fair share of enemies! As of now, quantum computers are being developed by some of the largest companies in the world, as well as private government agencies. No doubt, we will see a post-quantum cryptography world sooner than most realize. By that point, who knows how long “3 letter agencies” will have been using quantum technology - and what they’ll be capable of!
What can we do to protect ourselves today?
Of course, the best option is to start looking at how Bitcoin can implement new cryptographic features immediately, but it will take time, and we have seen how slow the process can be just for scaling[xxi]. The other thing we can do is use a Bitcoin address only once for outgoing transactions. When quantum computers attack Bitcoin (and other crypto currencies), their first target will be addresses that have outgoing transactions on the blockchain that contain funds. This is due to the fact that when computers first attempt to crack a Bitcoin address, the starting point is when a transaction becomes public. In other words, when the transaction is first signed – a signed transaction is a digital signature derived from the private key, and it validates the transaction on the network. Compared to classical computers, quantum computers can exponentially extrapolate this information. Initially, Bitcoin Core Software might provide some level of protection because it only uses an address once, and then sends the remaining balance (if any) to another address in your keypool. However, third party Bitcoin wallets can and do use an address multiple times for outgoing transactions. For instance, this could be a big problem for users that accept donations (if they don’t update their donation address every time they remove funds). The biggest downside to Bitcoin Core Software is the amount of hard-drive space required, as well as diligently retaining an up-to-date copy of the entire blockchain ledger. Nonetheless, as quantum computers evolve, they will inevitably render SHA256 vulnerable, and although this will be one of the first hash algorithms cracked by quantum computers, it won’t be the last!
Are any cryptocurrencies planning for the post-quantum cryptography world?
Yes, indeed, there are! Here is a short list of ones you may want to know more about:
IOTA[xxii] IOTA uses Winternitz one-time signatures[xxiii]. As the name suggests, an address is considered compromised once it signs a transaction on the network, and, therefore, you can only send from an address one time before it’s compromised.
ADA (Cardano)[xxiv] The Cardano roadmap lists quantum resistant signatures using “BLISS.” While BLISS is a strong hashing method, it has an estimated lifespan with classical computers of 6000 signatures (usages)[xxv] but this number could be significantly reduced with quantum tech.
Ethereum[xxvi] The Ethereum network, as well as many more blockchain networks, use the SHA3[xxvii] hash algorithm which is superior to SHA256. Although this is considered by some to be resistant, it is not technically quantum resistant. There is talk of using Lamport Signatures[xxviii] in the future of Ethereum. Although it is not definite at this point, it’s great to see the developers proactive.
QRL (Quantum Resistant Ledger)[xxix] This blockchain concept was conceived in 2016 and is currently in beta testing. Using XMSS (Extended Merkle Signature Scheme) trees combined with Winternitz one-time signatures (but not one time!), it’s fast, salable and truly quantum resistant. If you have not yet checked out this project, I highly suggest you do. To understand why this project is truly post-quantum cryptography ready, do your own due diligence and read the QRL whitepaper.
Although I am in no way associated with any project listed above, I do hold coins in all as well as Bitcoin, Litecoin and many others. The thoughts above are based on my personal research, but I make no claims to being a quantum scientist or cryptographer. So, don’t take my word for anything. Instead, do your own research and draw your own conclusions. I’ve included many references below, but there are many more to explore. In conclusion, the intention of this article is not to create fear or panic, nor any other negative effects. It is simply to educate. If you see an error in any of my statements, please, politely, let me know, and I will do my best to update the error. Thanks for reading!
Bitcoin Basics (Part 1) - "Explained For Beginners" - YouTube
Get our free Bitcoin course here - https://chrisdunn.com/free-bitcoin-course This Bitcoin basics video series will explain Bitcoin for beginners. You'll lear... To get clarity to more such concepts, Buy the Book::“BITCOIN BASICS” LOGIC AND MGIC OF DIGITAL GOLD” :: https://amzn.to/2Icrb9O This Video is a discussion on... This video will show you how to start bitcoin mining from home. It's very easy and "free" to do if you have a gaming PC. *****... Learn how to Brute-Force your Bitcoin core wallet using Hashcat. Get the Bitcoin2John.py script here: https://github.com/magnumripper/JohnTheRipper/blob/blee... Critics say this is not really free, because they can at least use your name and email address for marketing in the future. Supporters say, what website do you know who doesn’t ask you for this ...