Re: [bitcoin-dev] Considering starting a toy full-node implementation. Any advice?
Hi there. Been there, done that. -Don't try to set big goals at once. Start small and aim for small steps, i.e. by connecting to nodes, then getting some data from them, then downloading blocks, then parsing blocks, then building an UTXO set, etc. My first long term goal was to simply compute the balance of an address. -Expect to work with huge and varied sets of data. You'll have to build and use tens of Gb of indexes, for example. Early transactions also have all sorts of non-standard scripts, and testnet have all sorts of weird non-standard scripts, so plan accordingly. -Don't write off making a wallet or mining. The latter is easy to do on CPU on testnet and learning to make valid blocks helps a lot in understanding how things work. A wallet, on the other hand, gives you good understanding of keys and transactions, especially if you want to try doing all the EC math yourself. I also wrote things to be generic between several forks and chains, like Litecoin, Doge, Zcash and a bunch of now-dead alts - there is so little difference between many of them that all it takes is a parameter or two. Helps with perspective. Naturally, stay away from mainnets and real money if you do your own wallet and crypto. -Don't get too excited when you'd see exploitable signatures. All of them were plundered years ago, and by now no one makes mistakes like that. Also, there are plenty of bots which are constantly scanning the chain for weak keys and signatures, any new ones will be gone in a few seconds. -Expect cthulhus. There used to be plenty of artwork and puzzles in the early blockchain. Here is a short write up with a few of the things i found: https www dot ribbonfarm dot com/2017/07/20/the-ominouslier-roar-of-the-bitcoin-wave/ For references, good ones i found and used were: https bitcoin dot org/en/developer-reference https en dot bitcoin dot it/wiki/Protocol_documentation Also, BIPs contain a lot of specific details: https github dot com/bitcoin/bips That should get you started, and by the time you get into the devilish details you'll have to look at the code for reference. No idea about 3), haven't looked at it. Good luck and have fun. -Artem ср, 7 нояб. 2018 г. в 15:01, : > > Date: Tue, 6 Nov 2018 23:21:11 +0200 > From: rze > To: bitcoin-dev@lists.linuxfoundation.org > Subject: [bitcoin-dev] Considering starting a toy full-node implementation. > Any advice? > > Hello, > > I'm considering to start developing a toy full validating node implementation > (no wallet, no mining) for educational purposes. > > Some questions: > > 1) which resource do you suggest for as a reference for the protocol? > 2) which part do you suggest to start with? > 3) I was thinking to use btcd as a reference since I'm not familiar with C++ > (bitcoind) > 4) are there any other general advice or tips for such endeavours? > > Thanks in advance. > ___ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
Re: [bitcoin-dev] Schnorr signatures BIP
Neat. Some minor notes as an outsider who just spent an hour implementing and playing with this: -In several places you have things like "Let k = int(hash(bytes(d) || m)) mod n", but reference code says things like "e = sha256(R[0].to_bytes(32, byteorder="big") + bytes_point(point_mul(G, seckey)) + msg)", no modulo. Confusing. -x is not defined in "The signature is *bytes(x(R)) || bytes(k + ex mod n)*", apparently it's the private key. -jacobi function is great at exposing bugs in divmod implementations, due to the full 256 bit exponent. Add a line about it being something to watch for? -"bytes" notation is defined as "turn to bytes" for an integer, but the same for a point is "take X with prefix and turn to bytes". Confusing, might be a good idea to name it differently? -Finally, it would have been nice to have a larger set of test vectors in a JSON or CSV file, covering all the edge cases. Artem ___ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
[bitcoin-dev] Miner dilution attack on Bitcoin - is that something plausible?
Dilution is a potential attack i randomly came up with in a Twitter arguement and couldn't find any references to or convincing arguments of it being implausible. Suppose a malicious actor were to acquire a majority of hash power, and proceed to use that hash power to produce valid, but empty blocks. As far as i understand it, this would effectively reduce the block rate by half or more and since nodes can't differentiate block relay and block production there would be nothing they can do to adjust difficulty or black list the attacker. At a rough estimate of $52 per TH equipment cost (Antminer pricing) and 12.5 BTC per 10 minutes power cost we are looking at an order of $2 billion of equipment and $0.4 billion a month of power costs (ignoring block reward) to maintain an attack - easily within means of even a minor government-scale actor. Is that a plausible scenario, or am i chasing a mirage? If it is plausible, what could be done to mitigate it? -Artem ___ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
[bitcoin-dev] Why is deriving public key from the signature not used in Segwit?
Greetings. I wanted to ask what was the rationale behind still having both public key and signature in Segwit witness? As is known for a while, the public key can be derived from the signature and a quadrant byte, a trick that is successfully used both in Bitcoin message signing algorithm and in Ethereum transaction signatures. The later in particular suggests that this is a perfectly functional and secure alternative. Leaving out the public key would have saved 33 bytes per signature, which is quite a lot. So, the question is - was there a good reason to do it the old way (security, performance, privacy, something else?), or was it something that haven't been thought of/considered at the time? ___ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev