Mining incentives and strategies

This lecture focusing on miner incentives and strategies. When someone decides to mine, there are options that a miner has to how they actually mine. It is not simply get hardware, cheap electricity, run and wish for good luck. Miners can be more choosy to determine which blocks they work on which is discussed in this lecture.
Questions answered in this Post:

  • What is the miner default strategy?
  • What are some of the deviations and how can you analyze it?
  • What is a forking attack?
  • And furthemore, what is a Goldfinger Attack?
  • What is a forking attack through bribery mean?
  • What exists in the blockchain to prevent this?
  • What is a block-withholding attack?
  • What is punitive forking and how is it different from feature forking?

Default Miner Behavior

I’ll describe below what are some of the considerations miners make when determining their strategy. Just to be clear, the job of a miner is to listen on the network for transactions and blocks as well as get ready to write a transactions into a block. A miner is unable to write and send out a valid block until they actual solve the mining puzzle though.

First, they have to determine which transactions to include in a block. Default behavir is any block above the minimum transaction fee. The second is which block to mine on top of. Usually this is the longest valid chain. The next is how to choose between colliding blocks. The miner picks the first block hear. The last is when to announce new blocks and by default, it should be immediately after finding one. From now, the lecturer jumps into different “attacks” which in my interpretations are deviations in behavior.

One factor that is key is “alpha” which is what percentage of mining power do you control. Depending on your power, this is tied to how well choosing a non-default strategy may be profitable.

Forking Attack: what is it?

This is the first of the non-default strategies. Forking has gotten more notice recently due to it causing large fluctuations in the price as well as the creation of BTCC. Additionally, within Ethereum, a fork is pending as a way to bring in new chagnes which Metropolis to improve scale.

The goal of a forking attack is to perform a double spend. Remember a double spend is when a set of coins is used in more than one transaction. It does not mean new coins are created but that you are using the same coins for two transactions and ultimately reneging on one of the transactions. This would be considered fraudalent behavior. An example is presented in the notes. This same miner will work on an earlier block (ideally about 6 blocks earlier) and transfer than same amount that was going to “Bob”, they will give the bitcoins to themselves. The lecturer brings up a point where this attack depends on the percentage of mining power that you hold.

A miner sends some funds to user (victim) “Bob”. It will likely appear to be in the longest chain. However the forking miner is up to something sneaky. The miner will start to write off another block, one that occurred 6 blocks earlier. The miner will create another transaction where they send bitcoin to another address that they own. If the miner has sufficient hash power (>.5), they will continue writing on this alternate chain making the chain with Bob invalid. Thus history gets rewritten so that the payment to Bob is invalid. The lecturer brings up the point that if you had traded Bob for something in the real world (Bob gives you a teddy bear, you give Bob bitcoin) you have now come out ahead. Also, it means that you keep whatever amount you had given Bob. Double win for yourself and effectively successfully completing a double spend.

Takeaways from the Forking Attack

To do this, you need to have considerable hash power ie greater than .5. He mentions that it may be possible with less due to network overhead and avoiding block collisions, though I have not researched this further. He does mention that 51% is not always sufficient to execute an attack, only that the probabiliy increases because completing an attack becomes easier. This attack is clearly detectable and could be reversed. Being reversed means that that the community decides to reject the newest alternative chain even if it is the longest. That strikes me as requiring quite a bit of coordination. He mentions that this double spend could completely crash the bitcoin exchange rate. This would be due to loss of confidence in bitcoin if a double spend successfully when through and thus through lack of trust or other emotional triggers, there would be a stop to buying bitcoin for fiat ultimtely crashing the coin. Kinda doomsday to me, and really something like this could have to traditional fiat currency as well pulling more people to use bitcoin. The reason is that if the triggers for this collapse are linked to human emotions and fear, really nothing is safe.

Goldfinger Attack

Goldfinger refers to the movie and is used to explain why someone would want to cause bitcoin to crash and burn. In the movie, the villian wanted to devalue the Fort Knox gold so that the villian would have control over the supply. Thus in the case of bitcoin, you would make a profit if you shorted bitcoin or if you had strong holdings in an alt-currency.

Forking through bribery

Forking through bribery is fairly straightforward to understand. Instead of requiring alpha or hash power be greater than 0.5, he mentions tat it may be easier just to temporarily buy someone off. I suppose you can just have some single serve friends meaning that this attack can be undertaken not by just billionaires. The lecturer then goes on to describe some payment methods such as phsyically handing someone fiat currency, run a mining pool at a loss to attract attention and “friends”, or by just leaving large tips in the blockchain. The core idea stays the same and they work just temporarily for you. These miners are not incentivized in the long run however perhaps individual miners may just want a temporary gain. Tragedy of the commons” is how he described it. According to wikipedia, with situatios of shared resources, it is a situation where individual actors can behavior opposite or maliciously to a common good due to their own shared interest. In this case, it would be short versus long term gain on which would be greater. If the miner truly did not care about bitcoin or the power of blockchain and did not want to miner for a long period of time, they would be better rewarded to align with malicious parties.

Prevention Mechanism: Checkpointing

Each version of the bitcoin client always releases with this checkpoint mechanism. The security safeguard locks-in the blockchain up to that point in history and rejects other chains. This does mean there is a central party who are deciding what is the valid blockchain but at the same time it’s the central party of bitcoin developers.

Block-withholding attack

Again, this was is self explanatory as well. As a miner, you do not announce the block right away. Instead, you “get ahead”, by finding two more in a row and thus the next time someone announce a block, you can just annoucne yours and create the longest block. At this point, it means all the work everyone else is doing is invalid/orphaned and you would be able to profit. It has the term “selfish mining” but that’s a misnomer according to the lecturer.

In the scenario, if you’re only ahead by 1 instead of 2, then you need to immediately push your hidden block and hope that people decide to choose yours. This creates a race condition since now there are two versions of the history and only the majority will prevail. The suprising characteristic to me was that this mechanism would work if you knew that you would always/in majority win that race condition race. The lecturer mentions that you need to have alpha over 25% to do this. Also, you could couple the other attacks like bribery to get ahead.

Punitive Forking

This mechanism is just vengeful. If someone just wants to blacklist transactions from a specific address, a miner can just refuse to mine on any chain with a transaction from X. This strategy realistically only works if you have alpha great than .5. However, I could see this as a strategy for future uses if government regulation came into play. Governments could easily just blacklist certain addresses that they knew were doing money laundering. This would be an extremely temporary solution since people could just keep changing addresses or not. If the ban was strong enough, the money could be stop gapped to a certain account for a longer period of time.

Feather-forking

This is similar to punitive is that it’s directed toward a certain address hwoever it is more practicaly. Instead of banning a address outright, you can refuse to mine directly on any block with a transaction from X however, you’ll remine after n confirming blocks. If you hold a alpha greater than some amount, you may be able to get others to join the blacklist because it induces an a^2 chance of losing a block. Since you’re transparent with this ban, it’s no secret if you’re doing this feather forking. Success depends on convincing others how likely you’ll actually fork the network.
Again, regulation and extortion could be used.

There was another case that miners can truly blacklist on any characteristic present in a block. THe lecturer brings up one where they may try to enforce a minimum transaction fee. That’s interesting and could work. According to what I’ve read, it’s on average $7.00. This already exists in that priority has to be greater than 0.576 as of May 2015 mentioned in the lecture.

I remember reading in Bloomberg where someone lost $70K due to gas fees in Ethereum. Clearly a miner was greatly compensated for their work.

Wrap up

In summary, just want to say this was quite a bit of information. Miners have incentives coming from everywhere yet most seem to follow a simple herd mentality whether due to laziness or lack of technical skills. There are game-theortic alternative strategies that perhaps have not been seen in the real world but would be interesting if they got out.

Mining Pools: Bitcoin style

Mining Pools

Mining Pools. Clearly from the previous lectures, it sounds expensive to be a small miner. It costs about $6,000 to purchase a rig. Expected time to find a block is 14 months and that breaks down to $1,000/month when amortized. Because this is all amortized valuation, things could go horribly wrong for you or you could get luck and achieve more. This is where mining pools come in in that it providers some insurance for the miner by banding with others. Mining pools are not just in bitcoin but are in other cryptocurrencies as well but I’ll get to that after I talk about the basics of what is a mining pool and a bit regarding the economies. This was a long lecture that covered many topics broadly and thus I hope to dive into some of the topics individually to truly learn more about them.

Questions answered in this Post:

  • Why did mining pools develop?
  • What is a mining pool?
  • What is a mining share?
  • How does a miner indicate how much work they have done and how that translates to income?
  • Describe what pay-per-share versus proportional method mean in relation to bitcoin mining.
  • Who is Luke-jr
  • what is pool hopping?
  • Why do mining pool protocols exist?
  • General Mining pool history

What is the intuition behind forming mining pools?

As with most lectures in this series, the lecturer starts at the very beginning of the topic to answer the question. He briefly described the risks involved with mining and the large amount of uncertainty that is present. Because of this, if this was the only option to mine, mining would be a very very risky business. To further illustrate the point of mining pools, the lecturer brought up a more traditional business model.

When small business/farms faced high risk, they historically formed mutual insurance companies to lower the risk. This translates to sharing the risk through the group ensuring that if one business had a bad year, they would not be at a complete loss. It does mean that some of the group members may earn a smaller share of profits to help counterbalance the lower performance of others. To me, this only makes sense if the group is diversified. Coming back to a concrete example of farmers, if this is a group of corn farmers from Illinois within 50 square miles of each other, I would guess that if one corn farmer suffered a loss due to poor weather conditions, all the other farmers would also have a poor year. However, if you had a group of corn farmers from all over the world perhaps weather and geopolitics as well as other risks maybe better distributed out. From this question, when people are determining who can join what mining pool, will they ask about location/hardware/costs as a factor?

Mining Pool: What is that?

A mining pool is mutual insurance for Bitcoin miners. It is a group of miners that form a pool and all attempt to mine a block with a designated coinbase recipient who is called the pool manager. Irrespective of who find the block, the pool manager receives all the rewards and then will evenly distribute it to all the participants based on some criteria, ideally ho much work each participant actually performed. The pool manager will also take a cut for managing the pool as well as keep the trust that each party has with them. They are responsible for accurately defining the payout criteria to each member. The book suggests that miners can prove their work by outputting mining shares which I will expand upon below.

Bitcoin mining pools are collections of Bitcoin miners who have the same strategy, group up to get a block solved, and share on the same reward. The reward sharing will depend on miner’s power contribution and the method that they are exercising towards Bitcoin mining. https://www.bitcoinminer.com/pools/

Mining shares: manner of defining miner’s work

Mining shares is a way that miners can probabilistically prove how much work they are doing by outputting shares or near-valid block. Near valid blocks means how close to the target number were you. The targets is usually some number that begins with many zeros (67 zeroes). A mining share may be valid if it is a number that contains 40 – 50 zeroes.

The pool manager will also run Bitcoin nod, collect transactions, and assemble them into a block. The manager will send their address and send the block to all participants of the pool. The pool participants can also work on this block and prove that they’ve been working by sending in shares. Once a valid block is found, the pool manager distributes the reward in proportion to the amount done. Thus, the winner of the block will only receive this average amount based on their work not based on if they were the winner or not.

Pool Manager: What criteria can they use to calculate pay?

The lecture describes two common approaches though I’m sure many more exist: pay-per-share and proportional.

Pay-per-share Method

The first is pay-per-share where the manager pay a flat fee for every share above a certain difficulty for the block that the pool is working on.
Miners send their shares to the pool manager right away and get paid without waiting for the pool to find a block. This works really well for the miner but moves all the risk to the pool manager. Because of this, pool managers will charger higher fees than other models as a reward for taking on so much risk. There is also no incentives for miners to send valid blocks to pool managers in that they can discard valid blocks and still keep getting paid. This means that a mining pool can keep paying out miners but the pool manager will never get a full block reward and likely will be running at a complete loss.

Proportional

The second is the proportional which the amount of payment depends on whether the pool actually found a valid block. Every time a valid block is fund, the rewards from the lock are distributed to the members proportional to how much work the miners actually did. Thus risk is not solely on the pool manager this time. If the pool is large than the variance of how often the pool finds blocks is low. There is lower risk for pool managers since they only pay out when valid blocks are found and thus they don’t risk overpaying people and miners are incentivized to send all blocks to the pool manager. Thus there is more work for the pool manager to verify, calculate, and distribute rewards. From the information they gave, it seems like using the proportional method makes the most sense for certain periods of time if you can get miners to say they will stay with the pool for a certain time interval.

Luke-jr approach

Luke-jr method is different because there is no management fee. Miners only get paid once they hit some minimum threshold usually 1 BTC. Thus you don’t make as much money when you are first starting out because of this minimum threshold. One thing that’s interesting is the Luke-Jr ( luke-jr) is the name of a real person. Luke Dashjr is a Bitcoin core developer and he founded the Eligis mining pool.

Issues like Pool Hopping

Pool hopping means switching between different mining pools at different times. There is some strategy involved though. The book mentioned that a miner may try mining in a proportional pool early in the cycle because the rewards per share are relatively high and then switch to the pay-per-share pool later in the cycle when the expected rewards are lower. As a result of this pool hopping, other more complicated schemes exist ie “pay per last N shares submitted”.

Mining Pool Protocols

Mining pool protocols is the mechanism that pool managers use to communicate with their members. There needs to be communication between the pool and the miners because pools need to provide work to the miners, collect their results, as well as ensure efficiency with the mining. The lecture mentions three mining protocols: getblockshare, getwork, and stratum. The simple getwork mining protocol just issued block headers for miners to solve. Thus, miners knew little about what was in the block and the pool operator was responsible for deciding which transactions were accepted. I think getblockshare is an error and that lecturer meant getblocktemplate. The getblocktemplate creation to the miner though the pools would set up the rules. While this still leaves a loop hole for fraudulent behavior from pools, the security is more decentralized in this fashion. Stratum is more of a open source client-server “overlay” protocol and is used by Electrum. Stratum replaced getwork in 2012. According to slushpool, Stratum resolves some earlier issues with getwork. Because it’s more of a line-based protocol using a TCP client with JSON-RPC, people don’t need to rely on HTTP overhead. The lecturer did not touch too heavily beyond this but I will definitely be looking more into this topic.

People have wanted to make these mining protocols standardized because they are important to the Bitcoin ecosystem. Certain hardware systems support specific protocols which lowers the barrier to entry for miners in terms of knowing how to setup a mining protocol.

Historical Context regarding Mining Pools

Mining pools first started in 2010 during the GPU era of bitcoin mining. Slushpool claims to be the first bitcoin mining pool starting in December 2010. Also by 2014, 90% of mining is pool based. There are monopolies in the Bitcoin mining pool which played a role in the SegWit issue.

Wrap-Up

Overall, the lecturer wraps up with the pros and cons. The positive as from the beginning of this article, pools reduce the risk and make it more predictable allowing for smaller miners to participate. Also, more miners end up using updated validation software since the pool managers are responsible for this. The negatives are that mining pools support centralization as well as discourage miners from running full nodes.

Energy Consumption and Ecology

Energy Consumption and Ecology

This lecture sought to look at the effects of bitcoin mining from a different perspective. At least in July 2016, bitcoin mining is dominated by certain p2p pools. If you want some historical data regarding the bitcoin mining network, checkout Neighbourhood Pool Watch. According to bitnode21, there were 7599 nodes running on June 2017. This does not necessarily indicate the number of existing miners but should shed some light. The estimation from this Brave New Coin article suggests around 100,000 miners. While, the statistics on mining pool estimates and miner hashrates is interesting, that was not the core focus on this lecture.

This lecturer focused on looking at the ecological effects that bitcoin may have.

Questions answered in this Post:

  • How do you defined energy used by bitcoin?
  • Where can I find the distribution of miners?
  • In terms of usage, how does that compare to modern life?
  • What should we do with this excess energy, if anything?
  • Think about more open questions.

The lecture first begins with the Landauer’s principle developed by Ralph, you guessed it, Landauer in the 1960s. The principle states that any non-reversible computation must consume a minimum amount of energy. Each bit change requires kT ln 2 joules. This amount derived from basic physics. However, currently this is the theoretical minimum and at this point in time there is significantly more energy used.

Because energy is never destroyed, but transformed into something else. Note, SHA-256 is not reversible meaning that energy consumption is inevitable. We walked through the three main energy aspects of mining: embodied energy, electricity, and cooling.

Main Energy Aspects

  1. Embodied energy: energy required to manufacture mining chips and ship it to the users which theoretically should decrease over time and returns to scale
  2. Electricity: energy needed to perform the computations which will increase over time and returns to scale. This is where Landauer’s energy comes to play.
  3. Cooling: energy need to protect equipment that is doing the mining which will cost more with increased scale

Follow up Notes

He makes a point regarding the embodied energy that I’m not sure I agree with. It is that mining circuits will be obsolete less quickly. This was counter to what was previously discussed where with mining rigs, people are able to get rewards initially but slowly over time, less rewards are gained. Also, companies keep making newer and newer hardware that individuals have to purchase to keep up with the increased difficulty. Maybe this is a longer term goal that will be achieved later on…

Also, these electricity costs are relative. If you do you mining in a cooler climate, you don’t need to spend as much on cooling.

From March 2015, they post some statistics about energy usage. $.10/kWh since each block at this time was worth $15,000. $25/s and upper bound of electricity consumed is 900 MW.
Then he went over a second calculation which was bottom-up approach. This approach looked at the number of hashes the miners were computing and then try to derive a lower bound of electricity consumption by assuming miners were using the most efficient hardware. The cutting edge ASICs performs 3 billion hashes per second while consuming 1 watt of power. The total network hashrate is about 350,000,000 GH/s then is takes about 117 MW to produce that many hashes per second. While these are just estimates, the idea is that miners are likely using a few hundred MW.

It was nice that after doing this calculation he gave a nice example of a frame of mind for what a megawatt means.

Name MW Used
Bitcoin Miner ~100-800 MW
Typical Hydroplant 1000 MW
Coal-fired plant 2000 MW
Nuclear Plant 4000 MW
Kashiwazaki-Kariwa (Nuclear) 7000 MW
Three Gorges Dam (Hydro) 10000 MW

 

The whole bitcoin network is consuming less than an entire power plant. That sounds more serious then the lecturer presented it as. Though he does rationalize it by saying that all payments systems require money such as storage of money/electronic transfers. It would be interesting if someone computed roughly the usage of credit cards as compared to the bitcoin miners.

Data Furnaces

Well, he then took the next logically step which was “Can we do something with this heat generated?”. The mining rig could also serve as a heater for your home. This mining rig is generating heat based on electricity. He mentions three challenges for this. One deals with that fact that gas heaters are 10x more efficient than electric heaters. Personally, while true, I don’t think this should prevent people from at least testing out this approach. I think electric versus gas and I think electric cars and Tesla. Simple minded, probably, but until I look into it further there is still a window of hope in my mind. The second challenge he mentioned was the ownership/maintenance model. Who owns the rewards that the machine gains? This is easily summed that the company would likely take the profit. It is foolish to think maybe if there is a smart contract on the mining rig that that contract should hold onto the coins? The last is that within the summer, the heater would not be used as heavily. If there is less mining power, what happens to the bitcoin mining? People would have odd incentives to use the heater in summer if they think others will not be using it and thus the difficulty may be lower.

This lecture was a series of “what ifs”. There is no conclusive evidence provided and merely this section to me sought to have the listener keep asking more questions.

Questions

Which of the following are assumptions made about the UPPER bound for the energy used for mining Bitcoins?

  • Miners mine up to the point that all of the money they earn is used to pay for electricity
  • Miners all pay the same for electricity

Which of the following are assumptions made about the LOWER bound for the energy used for mining bitcoins?

  • Everyone mines where it is cold(cooling doesn’t consume energy)
  • Everyone mines at the maximum claimed efficiency

Mining Hardware: what kind of special hardware do I need?

Mining Hardware

I’m not 100% why this lecture was not touched upon earlier. Since I thought I had this great understanding of SHA-256 back in lecture 1 and now I’m like, I was a fool.

Questions answered in this Post:

  • What else should I know about SHA256?
  • What is this mysterious function miners have to compute?
  • Where can I find a Bitcoin ATM?
  • What simple ways did they classify owners of bitcoin?
  • Using the fiat mediated transaction model, what happens when supply is too low?

SHA256: more words about it

As mentioned earlier, it is a general purpose hash function. General purpose meaning that there is a list of other SHA-2 functions. SHA-2 stands for Secure Hash Algorithm 2 and was designed by the NSA. Yes, there is a SHA-1 if you’re curious and people are working on SHA-3. SHA-2 consists of SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, SHA-512/256. They are considered unbroken cryptographically even if there are known weaknesses. SHA-256 is computed with 32-bit words and SHA-512 is computed with 64-bit words. One takeaway is that SHA-256 has been optimized for 32-bit systems.

He showed a picture which reminded me of a crazy logic puzzle. OK, not really that but here’s a representative picture below. This is not the exact picture but a very similar one taken from Wikipedia.

Yet even in this lecture, he says we don’t really need to know SHA-256. He did give an overview which was more than we got previously. In the pictures you see the letters “A-H”, which are actually 8 32-bit words. As a sanity check, 8 * 32 = 256 so we’re still working with 256 bits. There are four computation rounds that take place. In each computation round, different bits are tweaked and then their bits are added and then everything is mod 32. A complete computation does 80 different iterations.

Honestly whenever I’ve used SHA-256 I just use a library to do it without thinking about the mechanics. However, after learning more about the importance with mining , this reflects what kind of work miners have to do. A basic code as presented from the lectures is listed below and you can observe that they are also calling SHA256 not once but twice.

while (1) {

HDR[kNonePos]++;

if (SHA256(SHA256(HDR)) < (65535 << 208) / DIFFICULTY)

return;

}

A normal machine can compute this calculation 2^24 hashes per second (10 -20 MHz). When bitcoin first started that would have been sufficient. Back in 2013 when this lecture was released, he mentions it would take ~140,000 years.

The next level was to use GPU mining which allows for high-performance graphics allowing high parallelism and high throughput. It was implemented in OpenCL which had people hacking the individual implementation for specific cards used. There were advantage back then. It was easily available and to set up. You get parallel ALUs (arithmetic-logic units), bit-speciic instructions, overclocking, and rig multiple ones from 1 CPU. If people tell you they have their own mining rigs, I picture some crazy space cowboy rig from like Cowboy Bebop. Now even GPUs are not good enough.

People introduced FPGAs which allow for higher performance for GPU and have better cooling implementations. However as of when the lecture was released, it would take 25 years to find a bitcoin block. So yes you get superior performance than before but you’re really not good enough.

Nowadays people use ASICs is they mine. ASICs (Application Specific integrated circuits), are hardware machines that are specialized to mine bitcoin. They have been designed specifically for mining and have adjusted for any changes in the environment but they do require major expertise and long lead-times. Usually you have to pre-order the ASIC miner and the important question to ask is when the hardware will be shipped. It was interesting that the TerraMiner IV ($6000)  would take around 14 months to mine a block. Also, most boards are considered obsolete within 3-6 months and most profits are made in the first 6 weeks. That means time is of the essence to get this machine.

Basically miners have only really made money because the price if bitcoin has exploded. There are now professional mining centers. He mentions one from the Republic of Georgia. To create one, you need cheap power, good network, and cooler climate.

 

Takeaway from this lecture, you’re never going to be good enough to mine bitcoin unless you have special skills, money, and live in an appropriate environment…

Remaining questions:

  1. Can small miners stay in the game?
  2. Do ASICs violate the original Bitcoin vision by going against every individual being part of the netowrk and working together?
  3.  Would we be better off without ASICs?
    Which statement about Bitcoin miners is NOT true?
    Bitcoin miners can recoup a reasonable fraction of their initial expenses by selling their ASICs once they are done with them to other users for less computationall intense purposes.

To be a bitcoin miner….

Bitcoin Miners

Week 5! I’m curious if what bitcoin miners face is similar to what other digital currency miners face. With bitcoin, miners are required to store and broadcast the blockchain, validate new transactions, and they have the ability to vote by hash power on consensus. That being said, my favorite part of the lecture was just understanding some of the miner lingo.

Questions answered in this Post:

  • Who are the miners?
  • How do they operate?
  • What’s the business model like for miners?
  • What impact are miners having on the environment

Also, as I’ve mentioned in previous posts, trying to mine bitcoin is likely not going to be profitable easily. It requires quite a bit of hardware and people have had their AWS accounts hacked so that people could mine bitcoin. Hmmm…. The price tag for the specific hardware is pretty pricey. Other cryptocurrencies may have more potential.

How to be a bitcoin miner. Only 6 EASY steps

  1. Join the network, listen for transactions – validate all proposed transactions
  2. Listen for new blocks, maintain block chain
  3. Assemble a new valid block
  4. Find the nonce to make your block valid – Hard work trying to find that special number…
  5. Hope and pray everybody accepts your new block
  6. Profit. Repeat…

Who benefits from these steps
Steps 1-3 are useful to the bitcoin network because they are needed to maintain and thus this is where you provide!
4-6 incentive aspect, meaning this is where you gain!

The first two steps are handled by software that you download. In the first step, the node is listening to transactions in the network and then validates it based on a strict list of rules. In the second list, you’re listening for new blocks that have already been added to make sure that you’re validating each transaction in the block and checking that the block contains a valid nonce. The next steps where you start to build a candidate block to write to the blockchain is where things get interesting. Now, you’re setting yourself up to make a contribution to the blockchain and at the same time receive some incentives for the work. Once you have assembled this block, you now need to find the nonce to make your block valid.

I have discussed that earlier here where I spoke about hashed linked lists where each block is composed of a Merkle tree of transactions.
2. Then keep trying to find a nonce

Parameter in the coinbase transaction:
after you exhaust nonce in the block header 32 bit number
then try a new nonce after incrementing the coinbase.

Setting the mining difficult

Every two weeks, computed:

next_difficulty = previous_difficulty * 2 weeks/(time to mine last 2016 blocks)

expected number of blocks in 2 weeks at 10 minute node

so over time the mining difficulty gets worse even though there is a target to make new blocks every 10 minutes

Time to find a block is interesting because previously it used to go from 10 min down to 5 minutes but now its from 10 min only to 8 min. Thus, this suggests that the improvement seen in those two weeks is not as much.

Currency Exchange Markets: Cryptocurrency Edition

Currency Exchange Markets

Yes, I’m finally at the last lecture of week 4. Seriously, it’s so long. Also, I realize the first time I watched the lecture, I did not fully understand much of what was talked about during the lecture. I have remedied that by writing out this article.

Questions answered in this Post:

  • How is currency exchange markets different from bitcoin exchange?
  • How can I exchange my fiat for bitcoin?
  • Where can I find a Bitcoin ATM?
  • What simple ways did they classify owners of bitcoin?
  • Using the fiat mediated transaction model, what happens when supply is too low?

Currency Exchange Market, isn’t that just Forex?

Currency exchange markets in this lecture refer to trading bitcoin against fiat currency. If you know anything about foreign exchange markets than you’re in luck since they operate similarly. The exchange rate refers to how much someone is willing to buy one currency and sell another currency.
The site points to Bitcoincharts as an example of a place to view markets. This website gives you pricing of not just USD but for a wide variety of different fiat currency. If you’re just interested in just USD prices then use this link.
From viewing this site because of the constant updates, you can see this is a liquid market.

There is another option which is buying bitcoin in person with cash. There are sites like localbitcoins.com where you can choose to find people near you to make these trades. I observed that even though bitcoincharts showed the price of bitcoin to be about $1300 (according to Coinbase it’s $1312.99, the prices that people were posting were at least $1400. Some were even $1500 and more. This does show the distinction between using a more liquid versus this one to one exchange. If you still want to go this path, there are apparently regular meetups that people go to to trade bitcoin. I’m not sure if that would be more liquid but I think that you would have more competition and thus perhaps the price to buy bitcoin may be more standard and closer to the market price listed online. There are also bitcoin vending machines around the world where these machine may allow you to sell bitcoin. New Hampshire, USA has at least 5 bitcoin vending machines. Personally I think these machines are a bit shady in that I would be hesitant to use them given the transaction fees. This Coindesk article while a bit old does touch upon certain types of new machines that accept bitcoin. Now, the lecturer decided to start talking about market dynamics… (I know this is a terrible segue but I’m watching the video).

Basic Market Dynamics

  • market matches buyer and seller
  • large, liquid market reaches a market price
  • price set by supply (of BTC) and demand (for BTC)

Now how does that translate to the bitcoin land. When the video was filmed there was 13.1 million BTC. As of April 29, 2017, there are 16,300,750 BTC. Supply of a currency is equal to the amount of coins in circulation plus the amount in demand deposits. If you have bitcoins in demand deposit for dollars then that does have to be included. the amount of bitcoin may rise beyond 21 million BTC dependin on what supply you’re looking at. The demand of bitcoin is defined as one to mediate fiat-currency transaction and as an investment.

What does mediate fiat-currency transactions mean?
My interpretation is that you’re using Bitcoin as a tool to exchange other currencies and thus you have no plans to hold Bitcoin long term. The reason for doing this is that transferring money can be difficult. Using Western Union or MoneyGram can be expensive as well as you get large transaction fees as well as less ideal exchange rates. This is for transferring money internationally. Even domestically can be difficult if the two parties are not using the same bank and you need to transfer a large amount of money. If your’re actually interested in moving money without bitcoin, check out this article from Nerdwallet.
OFX, Transferwise, and XOOM are all newer companies that are helping reduce costs but I think by comparison using bitcoin may be cheaper. You won’t win with speed though or with convenience at this point.

Below I’ve written down a concrete scenario to hopefully remove any abstraction.

This means that Alice buys BTC for some dollars. Then Alice sends BTC to Bob Then Bob sells the BTC for $. Thus the main take away is that the BTC is out of circulation for this time. The reason for doni this is that you’ll get If you use it for investment purposes, the idea is that the market thinks demand will go up in the future.

Now that we understand what is being done, the next question is what effect does transaction mediate have on the price of bitcoin?

He walks through a simple model for modeling transaction-demand. While listening I kept nodding and was like great this makes sense. After I walked away then tried to explain the concept to myself again and was completely at a loss. If this happened to you, I hope my below explanation can help.

There are three variables that this model relies upon.

T (Total Transaction Value)

This is your demand in a rate format. It is how much money that needs to be moved during a certain period of time. In this case all money (fiat) is boiled down to a base value in dollars. The period of time used by this model is in seconds. My understanding of how to calculate this would be to sum up all the potential transactions that need to be taken a day and then divide that by (24 * 3600 =  84,600). While I now understand this variable, my question would be is this an easy number to calculate? Can you get this from reading the blockchain?

D (Duration)

This is how long those bitcoins will be out of circulation in order to mediate a transaction. I thought about those payment services individuals as a way of understanding this number. Let’s say a merchant hired a firm to handle the bitcoin processing. Thus the duration would be how long it takes the merchant to accept the bitcoin from the client and then return the dollar amount to the merchant. Again this gets measured in seconds.

S (Supply)

Since this is a demand-supply model, it makes sense that supply is the last value. This refers to the supply of bitcoin that are liquid in the market. That means you take the full supply of bitcoin around 16 million and subtract the amount of bitcoin that are used for long term investment. This supply is a number in terms of bitcoin. To get to any sort of dollar amount to work with T, you would need to multiply the S by the price of bitcoin.

P (Price of Bitcoin)

Very simple this is the price of bitcoin. However, think of P as Dollars/1 Bitcoin. This will make it easier for the below part.

S/D – Number of bitcoins available per second. You’re dividing the total supply by the time needed for a transaction. If the

T/P – Bitcoins needed per second. Right now, you’re converting the total transaction value which is in dollars into the number of bitcoins.

From these two simple values of Number of Bitcoins available and Number if Bitcoins needed, the lecturer goes through different cases. If you think back to Econ 101, there were always Demand and Supply curves. demand_supply

Thus at a specific moment in time there is a supply of S/D and demand of T/P and with this model, prices will fluctuate in order to bring supply and demand in line with each other. Now let’s look at the consequences of inequalities between supply and demand. In econ, if supply is higher than demand, then that means the suppliers will be willing to lower their price. That translates to higher supply in available bitcoin means that people who are selling bitcoin will be able to lower their asking price in order to sell them. If you just care about equations and direction of movement, for T/P, when price drops (note that means the the denominator is getting smaller) the demand increases. Similar in econ when the supply is smaller than demand, this means that the demand people are willing to pay a larger price for the fixed supply. Again, for this model, it means people who want to mediate transactions cannot because of a fixed supply and thus the price increases. If you’re an equations kinda of person, the below ones sum this all up quite nicely. equilibrium
What I thought was interesting, is this gives us a simple way to value the price of bitcoin. Using this equation, perhaps we can estimate if the price of bitcoin is higher or lower or matched up.

World of Cryptocurrencies

However, this lecture does not touch upon how many cryptocurrencies are out there that people trade. I almost think of bitcoin as the stable currency that people use to market the rest of their buys and sells against. There are different cryptocurrency exchanges that do not let you deal in fiat currency but instead you only use your cryptocurrency wallets.

Transaction Fees

Transaction Fees

I can’t believe I’m still on week four! There are only two more lectures left for this week: Transaction Fees and Currency Exchange Markets. If you just want to simple gist of this lecture. “Whenever there is a transaction, there is likely a fee. So pay up!” Also, at this point, I know more about the Ethereum fees rather than bitcoin. I’ll try to comment more about the Ethereum fee structure soon.

Questions answered in this Post:

  • What is a bitcoin transaction fee?
  • Who gets the transaction fee as a reward?
  • Why does the transaction fee exist at all?
  • How is this fee calculated?
  • Is there a way to send a transaction with no fee?
  • Random thought experiment.

Fees, fees, fees

We started the lecture by going over what is a transaction fee as defined by bitcoin. Transaction fee is the total value of coins that go into a transaction minus the total value of coins outputted. Well, to be honest that doesn’t tell me very much. I’ve gathered from this that the total coins outputted must be less than the coins inputted else the transaction cost would be negative or zero which does not make sense. This feed is given to the miner who includes the transaction into their block.

Why do fees exist?

Basic answer is “there is no such thing as a free lunch”. Every Economics teacher (and actually random math/comp sci teachers) has quoted that phrase to me. I’m sure you have heard it as well. Where’s the lunch?

no free lunch

Your transaction, of course. Why should someone put it into the blockchain for free? There are costs incurred to relay your transactions. A miner’s block is slightly larger to include your transaction. As with many things in bitcoin, you have the power to choose your own fee. You can choose no fee or pay a higher amount to further incentive miners to incorporate your transaction. If you choose to pay no fee, have no fear (maybe). According to bitcoin.it, there is a “Free transaction relay policy” in place. To be a part of this, the node must be connected to Lightfoot Hosting’s node, which relays indiscriminately. The site linked contains the exact instruction though.

Side note: I tried looking up Lightfoot Hosting. There is a place Lightfoot, Virginia as well as there is a host service. That is all I can comment about for now.

Breakdown of costs to relay transaction

  • peer to peer network
  • miners to record transaction
  • fee to just run a node

I’m sure the numbers listed in the video are outdated but I”ll throw them up anyway as well as get an updated list.

Current consensus feeds (2015)
No fee if

  • transaction has less than 1000 bytes
  • all outputs are .1 BTC or larger
  • large enough priority

Priority defined to be (sum of input age * input value) / (transaction size) or basically the longer a transaction is unspent the more it ages and increases the priority.

Otherwise the default fee is .0001 BTC per 1000 bytes. Just for from stats, most transactions are approximately 400 bytes: 148 bytes per input, 34 bytes for each output and ten bytes for other information.

Now fast forward to April 2017:

I have not seen information contradicting the free transaction so I’ll say for now they are still in place.

The cheapest fee is 220 Satoshis/byte so an average fee with a transaction size of 226 bytes is 50,000 Satoshis. Remember a Satoshi is 1.e- BTC. This information I got from bitcoinfees.

Per reddit , they post the price at  $.15 and remember bitcoin is around $1000. Yes it’s higher than that today almost $1300.

There is a bitcoinfees website that seems to be up to date as well as one at satoshi.info.

Again, not all of this is set in stone. The lecture makes this sound like guidelines. It is up to the miners to follow or not follow this.

Random Though Experiment

One thought experiment I had was what happens when the reward to mine a block goes to zero. Will the transaction cost have to some minimum amount to ensure that the transaction can still be persisted into the blockchain? My conclusion is that this time point in the future is so far in the future that perhaps new technology will be in place. Things like Raiden lightning may impact this if they become an intermediary layer for the actual blockchain. Another thought was if the bitcoin reward is decreasing logarithmic then perhaps the transaction fee would rise and stabilize to some transaction fee. There will definitely be a time at which the transaction fee will be greater than the reward.

Bitcoin Payment Services

This lecture focused on the merchant point of view for how they would interact with bitcoin. Many major businesses with brick and mortar stores, currently accept bitcoin such as Home Depot, Kmart, and Dell. Additionally, there are quite a few online companies such as Expedia, Steam, and Shopify that accept bitcoin as well. The first store I ever saw accepting bitcoin was Coupa Cafe in Palo Alto, CA like 2013. At the time, I thought it was silly to waste a small amount of bitcoin for coffee if the price was going to rise exponentially. Hindsight, I guess. But then, I’ll point you to this pizza story which I think is relevant and speaks about the behavior of the organizers of bitcoin. Short story, 2 Papa John’s pizzas purchased for 10,000 BTC in 2010.

Questions answered in this Post:

  • What is a bitcoin payment service?
  • What risks are merchants exposed to accept bitcoin?
  • Briefly explain a simple transactions for a merchant who has a payment service.
  • How does the payment service benefit?

Let’s start with a simple scenario as to why and how a merchant would go about accepting bitcoin. The Why? is simple, you want to increase your revenue and if you see consumers are willing to pay by bitcoin, then why would you reject money. That being said, it’s not that simple. I know several people who have never heard of bitcoin or even if they were to receive bitcoin would immediately want to convert it into cash. Also, if they are not technologically savvy, they may fear all the risks involved with this. Merchants want a simple way to implement this feature as well as not face maintenance issues.

The lecture covered certains risks that merchants may face: technology risk, security risk, and exchange rate risk. With any change in technology, the merchant may fear unknowns, if that sytem goes down, they will lose money. There are security risks that are faced by both the merchants and consumers in that their online wallets may be at risk from criminals. Furthermore, the volatility of bitcoin can be a concern. There have been times when bitcoin has jumped up 70% in one month as well as fallen from $1200 to $1000 in a few days. How can a person selling a cup of coffee ensure they receive about $2.50. This is where payments services come into the picture.

Payment Services

Now that I have made merchants look like incompetant technophobes who need to be handled carefully (I don’t think this is always the case…), I’ll describe the role of the bitcoin payment service as well as give some examples of bitcoin payment services. A payment service acts as an intermediary between customer and merchant. Companies like Venmo, PayPal, and Square allow vendors to easily integrate with their system and allow their clients to pay how they like. Bitcoin payment services have similar features.

First, a merchant will go to the payment service website and fill out information on what they want to sell, price, and maybe some display parameters. They may also have to get a bitcoin address to receive funds. This likely will have either a simple UI or allow a merchant to connect to it programmatically. Then the service will give an online vendor some code to copy and paste into their website which will allow the vendor to receive payments in bitcoin. The vendor deploys the code and that should be it on their part.

Look what happens on a transaction

  1. Clients picks out an item and chooses “Pay with Bitcoin”
  2. A HTTP request is sent to the payment service with info regarding the transaction
  3. Information is sent back to the client to tell them how to pay via Bitcoin
  4. Customer needs to initiate a bitcoin transfer to the pament service through their own wallet
  5. Once the user creates payment, payment service will update the merchant on the status
  6. Once the number of confirmations has occurred on the chain, the payment service sends the confirmation to the merchant
  7. The payment service will send the merchant the money and the merchant will ship the goods to the user
  8. The payment service pays the merchant in dollars/fiat currency hile taking a small percentage to do the transaction

From my perspective, there needs to be quite a bit of trust to the payment service and the payment service is absorbing all the risk. If there are wide fluctuations in bitcoin, then the payment service either loses/gains from the price change.

Who are some Bitcoin Payment Service Providers?

  • Mycelium Gear(https://gear.mycelium.com/) – Interestingly, they seem to deviate from their business model than the lecture. notes. According to their site, they take 0% commission and the transaction is peer to peer meaning that it does not pass through the Mycelium Gear wallet at all.
  • Coinbase (https://developers.coinbase.com/docs/merchants/payment-buttons) – Coinbase says if you keep your money in bitcoin then the transaction is free. Otherwise, they charge 1% or $0.15 (whichever is greater) to convert the bitcoin you receive into the local currency. The lecture did mention then specifically.
  • BitPOS (https://bitpos.me/) – This one is based in Australia and allow merchants who do both e-commerce and brick and mortar stores to sign up.
  • many many more….

Online Wallets and Cryptocurrency Exchanges, lazy person’s panacea or inevitable disaster?

Online Wallets, lazy person’s panacea or inevitable disaster?

Before I begin talking about this lecture, I want to say that I feel like a hypocrite. My prior posts have talked so much about protecting your keys and trying to keep your keys disconnected from the internet. This lecture discusses on types of online cryptocurrency wallets and exchanges. Thankfully this lecture stayed consistent with the rest of the previous lectures in discussing the risks associated with storing bitcoin via this mechanism. My takeaway from all these lectures are you should keep the bulk of your cryptocurrency secured and only put coin online when you are making a transaction. This is not like the stock markets where there is a centralization and regulation in place as well as it’s difficult to shoot yourself in the foot. By that I mean, it’s difficult to accidentally transfer all your money to another person because you accidentally typed the wrong key.

Questions answered in this Post:

  • What is an online wallet?
  • What are the pros and cons of online wallets?
  • What is a bitcoin exchange?
  • Why doesn’t a transaction get put on the blockchain when there is specific type of trade at a bitcoin exchange?
  • Explain briefly how it works.
  • How does multi-signatures improve the system?

Online Wallet- “like a local wallet but in the cloud”

That’s the tagline regarding the online wallet which is true. You manage the wallet except the information is stored on the cloud and thus you would access it through your computer or mobile app. I liken in more to internet banking. Some people may be thinking that’s amazing. This is super convenient and not tied to one location. Others may be worried about browser security and the fact there is trust with the app. Two popular sites listed in the lecture are Coinbase and Blockchain.info.

Trade-offs

  • convenient: nothing to install, works on multiple devices
  • but security worries if site is malicious or compromised

Now instead of online wallets, there is another online service provided. The lecture spends quite a bit of time likening a Bitcoin exchange to a bank. I’m not a fan of this metaphor and would have rather they describe this process like a forex exchange. You deposit money into the bank and the bank promises to give you back your money. The bank takes your money and reinvests. Banks just a fraction of their total investment in cash on hand called fractional reserve so that customers can withdraw money when required. Why is this like a bitcoin exchange?

Bitcoin Exchanges

With a bitcoin exchange, you deposit your fiat currency of bitcoin and the exchange promises that it will return you back your money. With the money in their system, you have the ability to make and receive bitcoin payments by potentially buying another cryptocurrency or transferring money to another person. They work with trading bitcoin where one customers wants to buy bitcoin with dollars where another person may want to sell bitcoin for dollars. If these parties prices match up then a transaction will occur!

So now they’ll work like a generic exchange. However, there are interesting consequences to doing these deals on the exchanges given what gets written to the blockchain. If you buy BTC at the exchange by spending dollars and you buy BTC from a seller on the same exchange, this does not get written to the blockchain. The exchange did not have to go the the blockchain to accomplish this deal. The bitcoin and cash associated with the deal are still kept at the exchange. The only thing that has change is now that the bank has to give you BTC and your remaining balance back. Now you get a way to connect the BTC economy to fiat allowing for easy transfers back and forth. There are risks involved which I’ll describe below.

What are some of the types of risk involved that both bitcoin exchanges and banks share?

Fiat Risk

This is the fear of a bank runs. A bank run occurs when all the clients want to withdraw all their money and the bank runs out of cash to give back. Now you have a bunch of angry people they can’t give you money back

Trust Risk

The second risk involves that the bank/exchange is run by crooks or unsavory characters. Their goal is not the allow you to lend money but instead your money.

Cyber Attack

Cyber attacks post a risk to any industry nowadays so it’s no surprise that exchanges and banks have to be wary of this.

Exchanges: Pros and Cons

  • pro: connect BTC economy to fiat currency economic easy to transfer value back and forth
  • con: risk, same kinds of risks as banks ie fiat, trust, and cyber

Some Troubling Stats:

45% of Bitcoin exchanges end up closing Apr 2013 – Ian Steadman

Mt. Gox largest bitcoin exchange Japanese company that ended up declaring bankruptcy as well as they faced losing clients’ bitcoins

OK, if banks and bitcoin exchanges face similar risks, what are they doing to prevent this? Why don’t banks have such a high rate of closing?

Bank Regulations

As much as people complain about bank regulation and how it is preventing trade, there is definitely merit to it. Many banks have a minimum reserve requirement. This means that while banks are allowed to take clients money and reinvest it, they need to maintain some amount in their coffers. This amount is usually some fraction of their deposits. This page contains values from the Federal Reserve Bank. I’d keep a ballpark answer of like 3 – 10% as a value to think about. Additionally, there are regulations in place in to control how much risk a bank takes on. Ensure that the risk is balanced or hedged in some way. This ensures that the banks assets are more secure. Governments helps banks by providing insurance.  Governments are also known to save banks by acting as lenders. This was seen during the Financial Crisis.

Opportunities to manage risk by Bitcoin Exchanges

Proof of Reserve

Bitcoin can prove and share with clients it has a fractional reserve again using some cryptographic tools. This should make depositers feel more protected because the exchange is effectively saying we have some percentage of bitcoin stored in house. Some exchanges even have 100% which means that they would be able to give back all money at any time. They can even prove this publishing valid payment-to-self of this amount. The clients can be given a signed challenge string to confirm this. It’s interesting that Ed, the lecturer mentions that bitcoin exchanges may under claim. Say they have at least some amount instead of giving the full amount. Perhaps the exchange may have a reserve that they do not want to share.

Proof of Liabilities

A liability is what the you are responsible for. In the context of exchanges, this means how many demand deposits are help. The lecturer prevents a scheme involving Merkly Trees to solve this. The Merkle Tree contains a leaf corresponding to each user and essentially each depositer can ensure they are in the tree and what the total deposits are. This can be done is O(logn) time as with every other binary tree presented in this courser.

Each proof reveals quite a bit of private information since it reveals the addresses used by exchanges. This is why proof of reserve according to the lecture is rare.

Proof of Solvency

This allows exchanges to reveal that they can manage and settle each customer’s account without revealing total liabilities, reserves, or addresses. It is called Provisions and I’ve listed a link to the paper.

Which of these risks of Bitcoin exchanges that are NOT risks of maintaining one’s own hot and cold wallet?
Ponzi schemes:
Bank Runs

Hot and Cold Storage and Hierarchical Wallets and Brain Wallets, Oh my

Lions, and Tigers and Bears, oh my! Hot and Cold Storage, Hierarchical Wallets, and Brain Wallets, Oh my!

Last time, I just discussed local storage. I listed several options for storing bitcoins and I talked about storing bitcoin from a security, availability, and convenience standpoint. This lecture is again looking at different key management system but from the idea of access to the internet/blockchain. I talk about hierarchical wallets, brain wallets, and paper wallets. I would say “All the wallets” but there are more wallets to come…

Questions answered in this Post:

  • What is cold and hot storage? How does that influence what wallet I choose?
  • This cold storage seems cool. Can I make it myself?
  • Why would you and how can you transfer coins from hot to cold and vice versa?
  • What is this hierarchical wallet? Is it similar to a hierarchical deterministic wallet?
  • What is a deterministic wallet? Has it been implemented and where?
  • What are the mechanisms used to do cold storage?
  • What is a brain wallet?
  • What is a tamper-proof seal device and give an example.

Hot and Cold Storage

If you have worked in technology the words hot and cold storage may have popped up before. Hot storage simple means it’s connected to the internet and thus has the opportunity to be considered risky. Thus when you put your key management on a internet connected computer, phone, or a browser, this would be hot storage. Hot storage is not bad; it is even necessary if you want to conveniently make transactions. Cold storage is when the key management that is offline and can be considered more archival. That paper wallet is a form of cold storage. Also, if you manage your keys on a non internet device, this is also cold storage.

I saw quite a few tutorials online showing how to create a cold storage device. I’ve listed them below since I thought it was interesting.

  1. Using Old Cellphone as Cold Storage: These instruction show how you can use an old cellphone as a cold storage device. It is a bit difficult to follow but there is a video here.
  2. Creating a Bitcoin Cold Storage Wallet: This creates a cheap cold storage wallet using Mycelium. The phone was an android phone.
  3. Creating a USB Bitcoin Wallet with MultiBit: This tutorial shows you how to make an encrypted USB Bitcoin Wallet.
  4. RavenBit: DIY Physical Bitcoin: This company actually sends you a brass coin.
  5. Cold Storage Paper: This tutorial came from Bitcoin.com where they describe creating a secure paper wallet.

Remember
Hot- online convenient but risky
Cold – offline archival but safer

 

Now that we know what hot and cold storage means, why did the people from Princeton devote an entire lecture to them and transferring bitcoin between each system? It is because it is something that will be necessary for owners and is non trivial. Suppose you get quite a bit of bitcoin via gambling in your hot storage and you need to offload that amount to your cold storage. You’ll need to transfer the coin from the hot key address to the cold key address. This can all be done with the cold storage offline, so this is an easy move. However, let us say you have been having a terrible gambling run and you have depleted your hot storage wallet. You can A. Quit and decide you’re done or B. Get more bitcoin into your account by transferring some of your secured funds from the cold storage to the hot.

 

How can you transfer from cold to hot if you’d prefer to keep your cold storage device offline for security? Likely, you’ll want to receive coins in a separate address with different secret keys each time, thereby requiring some mechanism to actively generate new fresh cold addresses each time. Having new addresses improves anonymity since someone cannot be identified for having several transactions between a single address. Also, if one private key is compromised, it’s good to have other options.

A very simple approach reminds me of a feature in Gmail. With Gmail, you can set up 2-Factor Authentication. (If you don’t have 2-Factor Auth set up, do it now!) 2-Factor Authentication means that when you log in, you submit your password but then you have to submit a second code. This enables better security since that second code is usually sent to a device that thwarts hackers from just brute forcing your password. This means every time you log into your Gmail, you type your password and then Google sends a code to you via email or text message. There are times when you’re not online or you’re traveling where that secondary device is just unavailable. At moments like that, Google allows you to print a list of codes and just use those codes to log in. These codes can be printed out before your trip and you’ll take this sheet of paper with you so that when you want to check your Gmail, you’ll use these codes as a replacement for that second code.

Thus cold storage can just generate a bunch of addresses and send them to the hot storage. The only problem is that periodically, the cold storage device will have to go online to generate and deliver a new set of codes to the hot storage.

This is where hierarchical wallets come into play.

Hierarchical Wallet

A hierarchical wallet allows the cold storage side to have an unbounded number of addresses and the hot side knows these addresses vi a short, one time communication between the both sides. This sounds perfect!

I’ll explain how it works as well as I understand it. We will still be using the ECDSA scheme since it has special properties which I”ll touch upon later. For hierarchical wallet, key generation is slightly modified. Regular key generate (generateKey) creates a public key (address) and a secret key. Instead, the generate key creates a public and private key generation info. With the generation info and an index number, you can generate the ith address in the sequence.

With this “generation info”, you can create a sequence of addresses instead of just one. The cool part is that the address generation info does not leak information regarding private keys so giving people the index and generation info is reasonably safe. The reason this works is because ECDSA supports hierarchical key generation. Now as long as the hot and cold side know the right sequence number, you can generate addresses from the hot side and private keys on the cold side. Also, the public key are not linkable meaning that even if you figure out one, you can just reverse engineer in some way to get the rest of them an that the private keys are still safe.

Now you must be thinking, where is this hierarchical, I just see two different sides hot and cold? There can actually be more levels with this wallet. Currently the hot side is the lower level while the cold is the top level. As with a company employee chain, the higher the chain the more secure you want the communication chain.

(HIerarchical) Deterministic Wallets

While this word was not mentioned in the lecture, I think it is worth mentioning deterministic wallets. A deterministic wallet allows the user to generate data for their keys from a single seed instead of randomly generating them The nice benefit of the deterministic wallet is that you can recreate your lost keys if say your hard drive gets corrupted as long as you know this seed. Honestly, to me this sounded just like hierarchical wallet ie a special generateKey function. Within the article that I linked to, when the author, Buterin explain the wallet, it sounds exactly the same as the hierarchical just with different words. If you read the article, just substitute the word generation info with master public key.

I’ve also listed several links that either talk about hierarchical deterministic (HD) wallets or are implementation of HD wallets. Just know, many wallets nowadays do implement this feature. Hierarchical Deterministic Wallet (HD) term was more prevalent than just the hierarchical wallet. I feel like the lecturers may have chosen a less used term to explain this feature.

  • Understanding Hierarchical Deterministic Wallets – This youtube video by LTB Network features a podcast type explanation of the different wallets. It is about an 11 minute video. He explains the BIP: 32 in a nice clear fashion.
  • Hierarchical Deterministic Wallets BIP: 32 – This links contains the exact Bitcoin Improvement Protocol (BIP) for adding HD wallets. It is a technical read but incredibly informative.
  • Electrum Protocol – This company which I listed last week as a bitcoin wallet. As mentioned from Bitcoin Magazine, the wallet full implement BIP32 making it a Hierarchical Deterministic Wallet
  • TREZOR – This is another bitcoin wallet that implements HD wallet. Different from other wallets discussed, this is a hardware wallet. Thus when you buy TREZOR, they will send you palm sized, tamper and water- proof device which is your wallet.
  • Armory Deterministic Wallet – I mentioned this company last time as being a security conscious bitcoin wallet. They have a neat implementation for a deterministic wallet.

Now, I know I listed some practical ways to do cold storage. I listed those DIY resources on how to make your phone, paper, or USB device into a cold storage. These methods incorporate methods such as brain wallets, paper wallet, and tamper-resistance devices. A paper wallet sometimes contains a tamper-evident seal over the private key. This makes sure there is not way to output or divulge the key. A brain wallet secures the bitcoins by a secret passphrase which I’ll discuss below.

Brain Wallets

A brain wallet is nice because you don’t need to have extra hardware to store your bitcoins. You only need to have a good memory or an effective but secure way to determine your passphrase. Once you have a good passphrase, then you can just hash it twice, maybe using SHA-256 to give you a secure public and private key. Now your password while it may look random, if the adversary knows how you generated the key and your passphrase, you will be at a loss. With your email, if someone puts into too many password, you can locked out, this does not happened with bitcoin. Thus if your passphrase is common, hackers can just use something called offline guess or password cracking to steal your coins. The lecture does discuss one way to do passphrase generation.

You just choose a random sequence of 6 random words from among the top 10,000 works in the English language. They are easy to remember and have roughly 80 characters. From there, use a hash function SHA-256 and compute is 2^20 times to just make it hard for the attacker.

Key Stretching – use a deliberately slow function to derive the private key from the passphrase to make it harder for attackers to brute force.

Metamask.io is a Chrome plugin. Besides having a cute evil fox, they use this brain wallet approach. When you create your new vault, as they call it, they give you 12 words that allows you to restore your MetaMask accounts for the vault. So you’ll be given words like “retreat brain math envelope earth dutch fake tired dot occasions worn focusing” which you need to store and use to recover your accounts.

There is one downside, if you forget the passphrase, you’re screwed…

4 Ways to do Cold Storage

  1. Information stored in device, device locked
  2. Brain wallet encrypt info under passphrase or password that a user remembers
  3. Paper wallet -print info on paper, lock up the paper
  4. “Tamper-proof device” device will sign things for you but won’t divulge keys

Wrap-Up

I’ve wrapped up below what I’ve talked about because it combined several components. I first discussed why there is a need for hot and cold storage as well as why you would want to transfer coins between these storage components. Additionally, I gave some links to tutorials on how to create a cold storage device. Next, I walked through how hierarchical wallets work. Next, I discussed deterministic wallets since this term is more actively used than hierarchical  wallet. Lastly, I discussed, what methods are used to do cold storage which involve offline devices, brain wallets, tamper-proof devices, and paper wallets.

Which of the following statements are true about cold wallet storage
Cold storage keys in device without network access
hot storage wallets can generate arbitrarily many cold storage addresses without contacting the cold storage

PHP Code Snippets Powered By : XYZScripts.com