[HN Gopher] A from-scratch tour of Bitcoin in Python
___________________________________________________________________
A from-scratch tour of Bitcoin in Python
Author : yigitdemirag
Score : 1143 points
Date : 2021-06-22 16:30 UTC (1 days ago)
(HTM) web link (karpathy.github.io)
(TXT) w3m dump (karpathy.github.io)
| akbirthko wrote:
| Andrej is an excellent teacher. I got into ML because of his
| blogs and Stanford's CS231n course (which he also started).
| runbathtime wrote:
| In Step 1, he explains how to create a cryptographic identity-
| the private public key pair. I came across an argument that a
| number cannot be property or owned because you can't legally own
| a number. If this is true then you can't own UTXOs associated
| with a private key or a cryptographic identity.
|
| I do think that bitcoin is fundamentally too complicated to
| understand, mathematically, for most people- myself included. I
| would argue everyone needs to do this exercise, from scratch, and
| also understand what they are doing (the math), to have
| confidence in bitcoin payment network. Anyone who thinks you
| don't need to get it is most likely in it for speculation alone.
|
| With something so abstract like bitcoin, it has a much larger
| uphill battle for understanding than a physical commodity like
| Gold, the precursor of paper dollars.
| modeless wrote:
| You don't own the number that is your private key, just as you
| don't own the number that is your bank account PIN or balance.
| What you own is space on the blockchain.
|
| And just as you don't need to tour the mint to have confidence
| in the dollar, or implement Diffie-Hellman to have confidence
| in your TLS connection to Amazon, you don't need to understand
| elliptic curve cryptography to have faith in Bitcoin.
| runbathtime wrote:
| A bank account balance is representative value of dollars
| that bank owes you. If someone tries to steal it by
| pretending to be you even if they just steal your PIN, they
| are committing fraud.
|
| If someone steals a private key by committing another crime
| like stealing a laptop, that is a crime because you own the
| laptop. If they learn of your private key without committing
| a crime, that is not theft.
|
| You don't own 'space on the blockchain.' I have no idea what
| that even means.
|
| You do need to understand elliptic curve cryptography to have
| confidence (not faith) in bitcoin because you make the
| transactions in bitcoin. You are responsible, not some third
| party. People understand the dollar because it is physical
| and you can get them on demand and they originally got their
| value from Gold, not some abstraction like proof of spent
| energy one time awhile back.
| modeless wrote:
| The bank PIN is just a number. Your bank account balance is
| just a number in a database. Your private key is just a
| number. Your bitcoin balance is just a number in a database
| (a blockchain is a kind of database). There is no
| distinction that makes stealing dollars using a bank PIN
| fraud but stealing bitcoin using a private key _not_ fraud
| somehow.
| runbathtime wrote:
| Bank deposits are securities. You have a claim on your
| bank when you make a deposit. If you think there is no
| difference between a bank account and a bitcoin private
| public key pair then bitcoin is a security. You are
| making the argument bitcoin is a security. Who is the
| issuer? I would say the miners are selling securities and
| you give them money (like a deposit) in exchange for the
| miners continuing to mine in the future, so when you
| decide to spend your bitcoin, bitcoin will still be
| running. If bitcoin is a security issued by the miners
| then yes bitcoin becomes more than just a number.
| modeless wrote:
| If bank deposits were securities governed by securities
| law then they would be regulated by the SEC. They are
| not.
|
| It doesn't matter anyway because Bitcoin is not a bank
| deposit, nor is it a security. Under the law it is
| generally treated as property. It's still a crime to
| steal property.
|
| My point is that the fact that it's all numbers in a
| computer does not make it somehow legal to steal it. What
| you own is not the abstract number of your private key,
| but the concrete database entries in a specific
| blockchain database.
|
| While not relevant, it's also not even true in a pedantic
| sense that you "can't legally own a number". All digital
| files are simply long numbers, and copyright assigns
| ownership of those numbers to people. Also, the DeCSS
| case established de facto ownership of a private key,
| making it illegal to copy, so yes you can actually have a
| kind of ownership even of just a private key under the
| law. Again, not relevant or necessary for Bitcoin, but
| interesting.
| runbathtime wrote:
| You are incorrect. Deposits in banks are securities, I
| suggest you read this section titled "Every security that
| is issued must be held by someone until it is retired"
| here: https://www.hussmanfunds.com/comment/mc210614/
|
| Copyright doesn't cover the computer reference machine
| code number, it covers actual intellectual content.
|
| Just like it is not settled whether Ethereum or Bitcoin
| is a security- thoughts on this can and will change, new
| regulators get elected... neither is settled whether you
| can actually say that you own a number.
|
| The community has misplaced confidence imo.
| modeless wrote:
| We're talking about the law, not some guy's blog. If you
| believe that bank accounts and Bitcoin are securities
| under the law, then you are incorrect. It doesn't matter
| whether some guy calls bank accounts securities on his
| blog. That doesn't change the law.
|
| Saying the law could change is literally always true, it
| means nothing. _Will_ it change? You could make an
| argument for Ethereum, and I tend to agree that the
| community is overconfident about the regulations around
| Ethereum and other coins. However for Bitcoin
| specifically the SEC has been very clear and consistent
| in stating that it is not and has never been a security.
| Their justifications are sound. So no, it almost
| certainly won 't change for Bitcoin.
|
| Copyright covers the specific number in addition to the
| general intellectual content of the number. You could say
| it covers a family of related numbers. That's stronger
| than just covering a single number.
| runbathtime wrote:
| Here is a good article.
| https://www.investopedia.com/terms/f/financialasset.asp
|
| Bank deposits are financial assets- which gets its value
| from a contractual right or ownership claim.
|
| When you deposit money in a bank, they lend that money
| out, they make a return, and in a sane world you would
| receive interest on that money.
|
| Using this definition of a financial asset, I don't think
| bitcoin qualifies, it is more of an intangible. It might
| be a financial asset only if it is held at a custodian.
|
| Congress and the courts decide what a security is, not
| the SEC. The SEC is the enforcement agency from what I
| can tell.
| modeless wrote:
| Congress defines a security, and the SEC interprets the
| definition, and the courts subsequently interpret it if
| the SEC sues. Congress has made a definition that does
| not apply to Bitcoin, and the SEC has interpreted the
| definition to not apply to Bitcoin. It hasn't come up in
| court, and it won't unless the SEC changes their minds
| first. But their arguments are sound and it's extremely
| unlikely that their interpretation could change, or that
| a court would agree with them if they did change.
|
| It's also unlikely that Congress would change the
| existing definition to apply to Bitcoin. It's much more
| likely that they would pass specific regulations for
| Bitcoin and cryptocurrency.
| noxer wrote:
| "...Bitcoin is a living, breathing, developing code base that is
| moving forward with new features to continue to scale..."
|
| There is exactly zero progress to make it scale in the last 10+
| years.
| owens99 wrote:
| Check out Stacks (https://stacks.co), enables smart contracts
| on top of Bitcoin through Proof-of-Transfer consensus. Founded
| by YC alums and launched this January after many years of R&D.
|
| Disclaimer: I'm involved.
| wyager wrote:
| > There is exactly zero progress to make it scale in the last
| 10+ years.
|
| Lol, literally this week: https://taproot.watch/
| uncletammy wrote:
| Oh good, BTC can finally support Schnorr signatures, a
| feature that been available on BCH for years now. A feature
| that is useless until wallet developers add Schnorr signing
| functionality.
|
| Taproot is the update we get after ten years of the BTC devs
| doing nothing except gaslighting users about the protocol's
| scalability? All that momentum wasted.
| ric2b wrote:
| > Schnorr signatures, a feature that been available on BCH
| for years now.
|
| Not in a useful way: https://www.reddit.com/r/btc/comments/
| l8v8sa/heres_a_6of9_sc...
| coding123 wrote:
| Bitcoin doesn't scale.
|
| https://digiconomist.net/bitcoin-energy-consumption
|
| Just watch this video:
|
| https://www.youtube.com/watch?v=UDKntG4F0hg
|
| So in about 5 years pretend everyone in the United States
| melts a wrench like that... Then a month later they do that
| twice, a month later they do it three times.
|
| Hey, at least it will be fun.
| Shosty123 wrote:
| Why does every discussion about Bitcoin's environmental
| impact reduce to "it uses a lot of electricity therefore it
| should be stopped".
|
| We're not going to shut down entire sectors of the economy
| because of their environmental impact. People are going to
| innovate and invest in alternative sources of energy
| because it is becoming profitable to do so. The solution is
| hardly ever "just stop doing it", it's "how can we do this
| better".
| noxer wrote:
| It has been "done better" in 2013 or so when the first
| FBA system where created as an direct answer to bitcoins
| expected future environmental impact and scalability
| problems.
|
| See https://news.ycombinator.com/item?id=27596590
| codebolt wrote:
| Crypto is hardly a "sector of the economy". It's main
| utility right now is lining the pockets of a few
| speculators.
|
| Traditional centralized ledgering systems do everything
| crypto does better and with a fraction of the energy use.
| It also gives governments tools to combat
| inflation/deflation and manage counterparty risks within
| the system.
|
| Crypto is a neat idea, but in the end it doesn't really
| solve anything, and instead only introduces a lot of
| unnecessary problems.
| Shosty123 wrote:
| It pains me to see how someone could see no value in
| having a medium of exchange outside of any government
| currency control. One of my ex-coworkers had his family's
| fortune wiped out twice in Argentina due to government
| seizure and hyperinflation before they fled to Canada.
| tsimionescu wrote:
| There are few sectors of the economy whose entire model
| depends fundamentally on huge energy consumption:
| Bitcoin's Proof of Work depends entirely on wasting huge
| amounts of electricity as assurance that transactions are
| verified. If mining became more power efficient, the
| algorithm would be changed to bring it back to where it
| is today.
| MrLeap wrote:
| Instead of watching that video, perhaps watch it on
| photonic induction's channel, seeing as he's the creator.
|
| https://www.youtube.com/watch?v=DJOX0c60wQE
| lawn wrote:
| Segwit was also supposed to scale Bitcoin, and it turns out
| it was a massively inefficient solution, which took years to
| even reach it's lackluster potential.
|
| Taproot will in practice have an even smaller impact, as it
| only affects special transactions that normal people won't
| use.
|
| So yeah, it's not zero progress, but it's certainly not much.
| doomroot wrote:
| Segwit itself provided an effective 2x increase in onchain
| transaction capacity and it fixed transaction malleability
| which was necessary for lightning network. Lightning
| network has 50,000+ open channels where payments can be
| routed without going onchain. Given the lightning network's
| strict requirements to keep a node online & responsive,
| less you lose all your funds, I think that's extremely
| impressive and shows a real demand for fast cheap payments.
|
| Now, in November taproot/schnor activates which gives us
| ptlc's on the lightning network as well as makes a
| lightning channel opening transaction look like a normal
| single signature transaction, yay privacy. All of this lays
| the groundwork for the next major base layer change, in
| probably ~2023, anyprevout. This will give us "eltoo" on
| lightning which is nirvana. Eltoo removes the penalty
| mechanism which makes running a lightning node on a mobile
| phone or home node much more reasonable.
|
| Protocols take a long time to develop, especially ones
| where a miss-step could mean the loss of billions of
| dollars.
|
| Do not believe anyone telling you that their coin solved
| bitcoin's scaling problems years ago.
| noxer wrote:
| Bitcoins scaling problem was solved by removing PoW/PoS
| and by removing the incentive structure (block rewards).
| As soon as this is gone there was no reason anymore why
| it would not scale like similar systems. Its basically
| limited only by how fast data can propagate trough the
| network.
|
| PoW/PoS was replaced by FBA (Federated Byzantine
| Agreement) Its not a coin its technology used by several
| systems and based on BFT (which is way older than bitcoin
| and bitcoin actually is based on BFT as well although
| maybe unintentional).
|
| FBA just adds the federated part so a decentral system
| can be build. While bitcoin instead used a work-reward
| lottery system (PoW) to decide who can write the next
| block rather than finding a block everyone agrees on. Its
| really not that hard to figure out which of these
| solutions probably works better and scales somewhat like
| a distributes system is expected to scale.
| itsdsmurrell wrote:
| Bitcoin Cash has taken the approach that Bitcoin should
| have. On chain scaling.
| noxer wrote:
| Taproot doesn't make bitcoin scale its mainly to increase
| privacy.
| wyager wrote:
| Taproot decreases the size of multisig and other complex
| transactions significantly, in the happy path of a
| cooperative signature.
|
| It also enables Schnorr, which produces smaller signatures
| than ECDSA.
|
| It also contains features to further improve the efficiency
| of Lightning, which is a shockingly effective scaling
| mechanism.
| simias wrote:
| Lightning doesn't work because it either leads to a chaos
| of routing that doesn't scale or it ends up centralized
| and you lose the point of bitcoin in the first step.
|
| And don't bother coming up with hand wavy explanations of
| how it _could_ work, _some day_. People have been talking
| about Lightning for years, literally billions of dollars
| have been poured into the "tech", the fact that even
| bitcoin enthusiasts barely ever use it is all the proof I
| need.
|
| I wonder how many more years of empty promises we'll have
| to suffer through before people accept that
| cryptocurrencies are a very good pyramid scheme with a
| thick layer of technobabble around it.
| noxer wrote:
| Daily reminder that cryptocurrencies are not == bitcoin
|
| All the problems with bitcoin are long long solved just
| not with bitcoin because its not possible to fix
| something when the majority (of hashpower) thinks its not
| broken or rather profit form its brokenness.
|
| FBA coins exists since 2013 or so.
| wyager wrote:
| FBA is centralized. Period. There's a reason ripple
| hasn't dominated the secure payments industry.
| noxer wrote:
| _faceplam_ FBA is a technology its not a thing or a
| running system. It can not be centralized its just bunch
| of math that BTW is mathematically proven to work. There
| are many FBA based "blockchains" out there some
| centralized some not. Ripple is a company that uses such
| a FBA system.
| normac2 wrote:
| Would you include environmental impact as a solved
| problem? My understanding is that Proof of Stake is the
| best serious option and that it's very controversial if
| it'll work.
| noxer wrote:
| Solves as in it does not use more energy than what the
| hardware needs to process the data + it doubles every
| time you double the number of nodes (obviously since they
| all have to do the same work too) Its not wasting energy
| for a PoW lottery it just uses energy like a comparable
| instant messenger with global server farm would. The more
| people who use it the more energy it will use there is no
| way around that.
|
| FBA is completely different form PoS. It does not work on
| incentives and penalties it works with a global final
| state, global rules and (federated) byzantine agreement
| (FBA) for progress (adding the next "block"). No way to
| re-org, no block/staking reward, no censorship. If
| someone doesn't act in everyone's interest other nodes
| simply wont listen to them anymore. Not following the
| rules its publicly visible for anyone. And since there is
| no reward anyway there is no financial reason why anyone
| would participate who does not simply want to help the
| system.
| wyager wrote:
| Proof of stake lacks the security properties of proof of
| work, e.g. via grinding attacks.
| AlexCoventry wrote:
| Grinding attacks aren't a problem if you include secure
| verifiable randomness in the protocol. E.g., Algorand's
| VRF-based sortition, or Ethereum 2.0's verifiable delay
| function.
| Permit wrote:
| > Daily reminder that cryptocurrencies are not == bitcoin
|
| This is an interesting feature of cryptocurrencies.
| Someone levels a fair criticism of a particular
| implementation but it can be handwaved away because an
| entirely separate cryptocurrency solved this particular
| problem (nevermind that whatever replacement you've
| chosen has its own host of separate problems because
| those can be handwaved away the same way).
| Karsteski wrote:
| Handwaved away? You mean improved?
| noxer wrote:
| I did not hand wave anything away, maybe read the thread.
| There was a wrong generalization (cryptocurrencies ==
| bitcoin) about cryptocurrencies that is very common but
| not accurate at all. Fair criticism on the Ford Model T
| does not apply to cars.
| wyager wrote:
| Your entire premise is based on nonsense. People use
| lightning all the time and it works great.
| RazTeve wrote:
| lightning works, at least you are having fun tho
| nednar wrote:
| Well, the "pyramid scheme" + "technobabble" is not
| totally worthless, if it enables the investment of
| "literally billions of dollars" in otherwise totally
| unproven technology paths, doesn't it? Finally there is
| one area where people are really investing money into
| computer science! A cause to celebrate in my book.
| prox wrote:
| _cough_ dotcom bubble.
|
| Seriously, investing money in a bubble is nothing to
| celebrate. That's why it is called a bubble. It pops and
| many people loose their money.
| codebolt wrote:
| Except this bubble is a bit more insidious because you
| have actors like Tether that are most likely creating a
| lot of artificial liquidity/demand. If there is a sudden
| loss of faith and enough actors start rushing for the
| exits, it will look something more like a musical game of
| chairs of who is left holding the bag of worthless Mickey
| Mouse dollars, by my estimation.
| prox wrote:
| Absolutely, that is my biggest worry. And it has no true
| backing, apart from these pump and dumps.
|
| The single question people in favor of crypto can't
| answer is the value creation. Now crypto is a natural
| evolution of certain monetary services and techniques,
| but at the core it literally does nothing of value. In
| fact, one might argue that that is its prime feature in
| its current state.
| plebianRube wrote:
| Weird Lightning works perfect for me, every time I use
| it. Low fees instant transactions. Maybe the trouble is
| in your trolling?
| noxer wrote:
| Who cares, the size could be 10 times smaller and it
| would not make a dent in the scalability problem. Its a
| few transaction per second at max and it would need to be
| be several hundred just so people could move their
| "owned" bitcoins away from exchange wallets without
| loosing several % in fees.
|
| LN is not part of bitcoin and a total joke anyway.
| [deleted]
| iamastrangeloop wrote:
| There has been great progress in scaling the original protocol
| through the Bitcoin SV implementation: -
| Transaction fees are ~$0.0001 - The network has shown
| capacity for 50k tps - On March 14, 2021, the network
| processed a world record 638 MB block - As of June 4,
| 2021 the chain size exceeded that of the BTC implementation and
| is currently 418.17 GB - New business based on
| micropayments have emerged like twetch, streamanity, peergame,
| etc
|
| [1] https://www.prnewswire.com/news-releases/bsv-proves-that-
| bit...
| uncletammy wrote:
| There has been great progress in scaling on just about every
| other cryptocurrency, including many flavours of bitcoin. BTC
| is the only coin who finds scaling too difficult.
| danlugo92 wrote:
| It does not scale, at the expense of centralization.
|
| A centralized cryptocoin is just MySql with extra steps.
| ric2b wrote:
| > - The network has shown capacity for 50k tps
|
| No, that was a lab demo of a single beefy system being
| directly fed with test data and being measured on how long it
| takes to process it.
| noxer wrote:
| Everyone knows faketoshi is a fraud.
| SnowProblem wrote:
| For anyone interested in the saga, Stefan Matthews, who
| worked with Craig Wright in 2007 and 2008 before Bitcoin
| was released, gave a couple interviews this past week
| adding new flavor to the story [1] [2].
|
| [1] https://www.youtube.com/watch?v=k3ACmnUwsZ4
|
| [2] https://www.youtube.com/watch?v=R03ypV9CsTc
| iamastrangeloop wrote:
| Above is proof that the original bitcoin protocol can
| scale, and recently testnet can do 90k tps. What you think
| of certain people doesn't change the fact.
| noxer wrote:
| Its centralized and run by the people around this fraud.
| It doesn't matter if the tech is good since no one will
| use it for anything beside speculation or abuse it as
| storage which just wont be sustainable in the long run
| with no limits in place.
| iamastrangeloop wrote:
| The protocol remains the original and it scales
| significantly. I'd focus on protocol not people. If
| people changed the protocol then it's no longer bitcoin.
|
| Twetch.app has more than 50k users. It's also a genuine
| use case. So is etched.page or the other above-mentioned
| services.
|
| How can you abuse storage if there is a 0.5 satoshis/byte
| fee to write data on chain currently? Miners are for-
| profit entities and will always charge for storage.
| ric2b wrote:
| > I'd focus on protocol not people.
|
| The protocol encompasses the nodes on the network. If the
| network is highly centralized the protocol is unsafe.
| iamastrangeloop wrote:
| A scalable bitcoin ends up in a dozen data centers. The
| cost to set up such data centers is few hundred millions
| plus tens of millions in yearly operations. Miners must
| secure their infrastructure uptime to remain profitable.
| There is huge risk and little reward for any such mining
| company to act dishonestly on new blocks or break
| antitrust laws. Also it is easier for governments to
| audit a few large publicly traded miners than auditing
| thousands of small and inefficient miners. The nature of
| the bitcoin protocol security is economic.
| noxer wrote:
| You completely ignore my points so I will yours
|
| Have a nice day
| iamastrangeloop wrote:
| Which point specifically?
|
| You claim centralized manipulation of bitcoin and
| fraudulent people while the protocol hasn't changed. Do
| you have legal evidence?
|
| Also you claim price speculation as the only use case
| while I've listed several apps with real users.
|
| You mention storage abuse and I argue that miner fees
| prevent that.
| noxer wrote:
| You can stop now dear green name we all can see you only
| joined to shill ButtcoinShitVison No one here cares.
| rebelos wrote:
| There was never any need to scale it at the protocol level. The
| overwhelming majority of Bitcoin transfers presently happen
| off-chain, within exchanges. Very few people seem to understand
| this.
| oblio wrote:
| I don't understand. How do Bitcoin transfers happen off-
| chain? Are those Bitcoin transactions that don't actually use
| the blockchain?
| rebelos wrote:
| The exchange itself holds a fluctuating amount of Bitcoin
| and then updates entries in its own database when transfers
| occur between exchange participants to reflect a change in
| ownership. These constitute the vast majority of
| transactions that occur and none of them are recorded to
| the blockchain.
| exit wrote:
| segwit facilitates the construction of lightning channels.
|
| taproot, which recently locked in, reduces the space needed to
| represent complex contracts.
|
| moreover, bitcoin aims at being a concise and focused base
| layer on top of which secondary layers and sidechains can be
| built.
|
| your absolute statement "exactly zero" is absolutely wrong.
| uncletammy wrote:
| > taproot, which recently locked in, reduces the space needed
| to represent complex contracts.
|
| Complex contracts? Are you joking? What kind of complex
| contracts do you think can be done on BTC? Their scripting
| language and capabilities has been neutered just like their
| blocksize. Good luck writing a useful contract on BTC.
| tsimionescu wrote:
| > moreover, bitcoin aims at being a concise and focused base
| layer on top of which secondary layers and sidechains can be
| built.
|
| Have you ever read the white paper that outlines what bitcoin
| aims to be?
| noxer wrote:
| It should be p2p cash then turn into store of value after
| some years and then it becomes the settlement layer for
| centralized second layer solutions that only exist because
| the first layer sucks.
|
| Just kidding, it should only be p2p cash and it failed at
| that.
|
| PoW/PoS will be replace by FBA in the next years and every
| system that can not switch away from PoW will become
| irrelevant.
| uncletammy wrote:
| > Have you ever read the white paper that outlines what
| bitcoin aims to be?
|
| ... or even the title
| wtsnz wrote:
| There was a demo of node software that is capable of 50,000
| transactions per second just a few weeks ago.
| https://www.youtube.com/watch?v=i3As9-9uSXs
|
| (Yes this is on the Bitcoin SV implementation of the Bitcoin
| protocol - where they're using the original protocol that
| Satoshi envisioned)
| uncletammy wrote:
| From what I understand, that's 50,000 pre-generated
| transactions pumped directly to the mining node. Not 50,000
| transactions spread across hundreds of non-mining nodes and
| relayed to the mining node. There's a huge difference.
| Correct me if I'm wrong here.
|
| Either way, bitcoin the protocol can handle waaaaaay more
| transactions than the BTC devs have constrained it to.
| SnowProblem wrote:
| Yes, more-or-less, but that how it is designed to work. The
| most reliable way to get a transaction into a block is to
| send it directly to a miner or set of miners. Apps on BSV
| do this today via MAPI REST endpoints, similar to how this
| test was configured. Non-mining nodes will see the
| transactions later, but they won't do the same verification
| that mining nodes require because they are not part of
| consensus. BSV generally sees the eventual network
| configuration as a small-world network for the mining core,
| and a mandala network for the apps and services surrounding
| it, rather than as a mesh network which most blockchain
| systems strive to be.
| SnowProblem wrote:
| So-called heretics have been scaling Bitcoin in spite of BTC's
| braindead decisions. Last week, 50K TPS were demonstrated
| publicly on Bitcoin SV:
| https://www.youtube.com/watch?v=i3As9-9uSXs. More privately.
| ric2b wrote:
| That's just a lab demo of a single system, not the network or
| even a common node configuration.
| SnowProblem wrote:
| Years ago, there was a presentation [1] by Peter Rizun of
| Bitcoin Unlimited at Stanford that demonstrated ~100TPS on
| Bitcoin, and the potential for 1000+ TPS if certain
| bottlenecks were removed. People said the same thing you're
| saying back then, but it served to motivate the big block
| community, and now today BSV routinely does 300+ MB blocks
| (1000+ tps). This Teranode software is the future of BSV
| and will become the common node configuration within a few
| years, so it's worth taking seriously. Also, I left a
| comment in this thread explaining why this test is more
| representative than you may think [2].
|
| [1] https://www.youtube.com/watch?v=5SJm2ep3X_M
|
| [2] https://news.ycombinator.com/item?id=27597510
| wtsnz wrote:
| This.
| andai wrote:
| What happened to the lightning network? (Serious question, I am
| out of the loop.)
| RazTeve wrote:
| its maturing, works pretty well already, but surely patience
| helps with emergent tech
| thesausageking wrote:
| It launched, is usable in most wallets, and is starting to
| get adoption. It's going to be a key piece of the recently
| passed legislation in El Salvador which makes Bitcoin legal
| tender.
| hypnotist wrote:
| El Salvador not Colombia
| thesausageking wrote:
| Yes. Not sure why I wrote Colombia. Thx.
| simias wrote:
| Using a closed, centralized implementation that doesn't
| accept third party nodes. The use of bitcoin is pure
| marketing, it's just MySQL with extra steps.
| krick wrote:
| This is interesting. Obviously, I heard about the whole
| "El Salvador _something something_ Bitcoin " deal, but am
| completely unaware of the actual situation. Can somebody
| point me in the direction of some nice writeup explaining
| these details? I can only vaguely imagine how one can
| take Bitcoin and make it essentially an extension of
| SWIFT, and struggle to clearly visualize what the
| implications of this are.
| pixelperfect wrote:
| The legislation that made Bitcoin legal tender in El
| Salvador does not legislate the use of Strike. Businesses
| can use whatever system they want, as long as they can
| accept payment in Bitcoin. Strike is providing a service
| that allows any business to take Bitcoin lightning
| payments and have them automatically converted to
| dollars, for businesses that do not want to hold Bitcoin.
| It's not fair to just call this a "sql database" because
| it's connected to an open payment network and the
| customer can use whatever means they want to pay the
| business, even if the business decides to just uses
| Strike.
| counternotions wrote:
| From Strike CEO Jack Maller [1]:
|
| Let's walk through a user story. I want to send $1,000 to
| a friend of mine in El Salvador:
|
| * When I initiate the $1,000 payment, Strike debits my
| existing USD balance.
|
| * Strike then automatically converts my $1,000 to
| bitcoins ready for use in its infrastructure using its
| real-time automated risk management and trading
| infrastructure.
|
| * Strike then moves the bitcoins across the Gulf of
| Mexico where it arrives in our Central American
| infrastructure in less than a second and for no cost.
|
| * Strike then takes the bitcoins and automatically
| converts them back into USDT (synthetic digital dollar
| known as Tether) using its real-time automated risk
| management and trading infrastructure.
|
| * Strike then credits the existing user with the USDT to
| their Strike account.
|
| [1] https://jimmymow.medium.com/announcing-strike-
| global-2392b90...
| noxer wrote:
| There is no bitcoin needed for this at all its does not
| even move on the chain for the transfer.
|
| Both sides are Strike entities all this does is use
| bitcoin as a bridge for USD to USD which is completely
| pointless as both sides are USD.
|
| You could just buy USDT (or another stabelcoin) and send
| it there.
|
| Its a different story if there is actually a switch in
| currency needed. There is this famous and from bitcoin
| people often hated company called Ripple that specializes
| on cross-border settlement using crypto as a bridge
| currency. For that however the crypto must be actually
| moved and be sold locally for the local currency. And for
| that to work without risk due to volatility it must be
| fast. Hence they use XRP (4 sec) instead of bitcoin (10+
| min). They call it ODL (On-Demand Liquidity).
|
| See https://ripple.com/ripplenet/on-demand-liquidity/
| krick wrote:
| Please somebody explain why it's downvoted. Ignoring
| digression about XRP, this is exactly what I read from
| the parent comment. Judging by the user-story above, all
| this talk about how BTC is being "sent" (which, as we all
| know, is a small lie on it's own, since unlike fiat, BTC
| is never really being sent anywhere) seems just to
| distract us from the fact that we just end up buying USDT
| for USD. No BTC involvement required.
| noxer wrote:
| Most of HN down votes anything about bitcoin and a few HN
| bitcoin fans down vote anything "negative" about bitcoin
| and certainly everything involving XRP. So to no surprise
| this is being down voted.
|
| >No BTC involvement required.
|
| Totally correct. Remittance over a bridge currency only
| make sense under very specific conditions, which include
| that the input currency and the output currency are
| different. And a direct exchange is not possible or not
| cheap.
|
| The traditional banking system does this as well, they
| usually use USD as bridge. To pair every currency with
| every currency simply isn't feasible and the low volume
| pairs would have no liquidity anyway. Its basically the
| same as with goods if you have wood but want metal you
| use a currency as bridge because there is no market to
| sell wood for metal. Now if you also have a location
| difference between the market where you want to sell and
| the mark where you want to buy then you actually can use
| the bridge currency to move from one market (location) to
| another market (location).
| krick wrote:
| It seemed like an answer at first, but actually this
| answers absolutely nothing and I'm not even sure how it's
| related to the topic being discussed:
|
| * This guy starts talking about sending USD, but ends up
| talking about receiving USDT. USD != USDT. And while
| there are problems with sending USD across the border,
| there're absolutely no problem with sending USDT. And
| there's absolutely no problem buying USDT wherever you
| are. (But, what's important, there might be problems
| actually converting your USDT into USD.)
|
| * Since we end up buying USDT with USD, the word
| "Bitcoin" in the middle of the story seems redundant and
| actually confusing.
|
| * There's nothing about Lightning here. I mean, you can
| talk about how you use Lightning to transfer BTC inside
| Strike as much as you want, but if BTC is irrelevant to
| the user story, so is Lightning.
|
| * I'm not sure how Strike and this user story are
| relevant at all. It started out about El Salvador
| accepting BTC as a legal tender, and how using it in
| actual transactions w/o lightning is problematic due to
| low TPS. How sending USD to El Salvador is relevant here
| at all?
| [deleted]
| kissickas wrote:
| Is Tether now backed by a reasonable amount of real
| dollars? I'm surprised to see it being used in such a
| serious application after years of hearing how it was a
| scam.
|
| edit: looked it up, still looks like a total scam. I hope
| El Salvador is able to get through this without getting
| screwed and I guess I'll assume Strike (first time I've
| heard of it) is just as shady until I hear otherwise:
|
| https://coingeek.com/crypto-crime-cartel-tether-using-
| its-st...
| ulzeraj wrote:
| Strike is phasing USDT out
|
| https://finance.yahoo.com/news/strike-phasing-usdt-
| bitcoin-b...
| delaaxe wrote:
| Source?
| lawn wrote:
| They will be using Strike, which is a custodial wallet.
| doomroot wrote:
| The ceo of strike said they are continually promoting
| that banks and businesses in the El Salvador operate
| their own lightning network nodes & not to solely rely on
| them. Only the government's official (but optional) app
| will be a wrapper around strike.
| WanderPanda wrote:
| Wait, it does not allow third party nodes? What is my
| Raspberry Pi right next to me doing? Just pretending to
| be a Lightning Node?
| cmckn wrote:
| Parent is referring to El Salvador's proposed usage, not
| the wider lightning network.
| espadrine wrote:
| I am puzzled by one thorn it is intended to solve.
|
| In the case of merchant/customer interactions, the LN
| channel blocks customer funds from their balance, but they
| will never receive money from the merchant. So that balance
| will be sent to the merchant, payment by payment.
|
| Not only does that block funds for the customer (which
| wants to reduce those, to avoid blocking too much, but that
| reduces the number of payments that can be made off-chain),
| but it also blocks the merchant's reception of those
| payments: the merchant wants to be able to spend it soon,
| but it can only spend it on-chain.
|
| That is compounded by the fact that most merchant/customer
| interactions are rare one-offs in the real world. I just
| don't buy stamps every day.
|
| LN channels are only most useful when the two parties
| exchange money bidirectionally on average.
| doomroot wrote:
| It's an ongoing problem for sure, but the simple answer
| is users maintaining multiple well connected channels.
|
| It's very common on lightning to pay liquidity providers
| to balance your channels to you. Lightning Labs has a
| service called loop where you can pay them an onchain
| transaction and it will make a lightning network payment
| to your channel for that amount, thus giving you more
| spend liquidity. Loop is sweet cause it does this in a
| non custodial way, look into it.
| xwolfi wrote:
| El Salvador, the military dictatorship that managed to make
| western dreamer hype it like a shitcoin...
| lottin wrote:
| Apparently it has serious design flaws that compromise its
| security and performance.
| uncletammy wrote:
| In order to get money on and off lightning network, you still
| need to make on-chain BTC transactions. Meanwhile, the BTC
| devs have intentionally changed the network so that it's
| expensive to make on-chain transactions. From this you can
| probably figure out why lightning network failed.
| kemonocode wrote:
| It exists, and it very much works [0] but it has yet to reach
| the massive levels of adoption people would have expected by
| now. Simple as that.
|
| [0] https://1ml.com/
| WanderPanda wrote:
| Afaik it is still considered #reckless to put bigger
| amounts on your lightning node and at least the "lnd"
| implementation seems to be in "beta" (according to their
| Github releases). Idk about the roadmap for a solid,
| production ready version is. But in this case safe seems to
| be better than sorry
| Taek wrote:
| Lightning network more or less failed to live up to the hype.
| Problems like routing complexity, liquidity, and a lack of
| on-chain space to open and close channels have
| delayed/limited its impact.
| SnowProblem wrote:
| To expand on this, to receive money over Lightning, you
| need someone else to lock up their bitcoins for you. This
| is called inbound liquidity, and the problem of users
| getting inbound liquidity is no joke. Lightning Labs
| recently launched Lightning Pool to help with this, but
| fees range from 5% to 25%. Uncompetitive. If you think
| about it too, it makes sense, because anyone locking up
| their bitcoins for others should expect a several % return,
| or else they would loan it out at similar rates. Current
| Lightning wallets are basically giving their users inbound
| liquidity for free using VC funds, but is this honestly
| sustainable? There are other problems with Lightning, like
| the requirement to be online to receive payments,
| watchtowers, UX complexity of channels. Some of these are
| solvable through centralization. But that is why you'll
| hear people say Lightning recreate the banking model,
| because realistically that looks like the only way it could
| work. Oddly, this was all pointed out by many people over
| the years, but Lightning seems to get endless forgiveness
| in its inability to deliver, because it is BTC's only hope
| to maintain the peer-to-peer cash narrative.
| noxer wrote:
| The looking up of liquidity is the whole reason LN can
| not scale or be cheap ever.
|
| Today people in crypto may be willing to look up bitcoins
| they hold long term anyway. But in the real world this
| would be dead and trapped capital it doesn't work for you
| and you cant even use it to quickly buy something an take
| advantage of a market situation.
|
| The only reason why someone would look up capital like
| that if is it makes money. So people who use someone else
| locked up bitcoins have to pay. This makes LN impossible
| to be cheap. You literally lend money to send money to
| someone. Its complete absurd. And as you said to make
| this more efficient large centralized pools are created
| so there will be a monopoly or oligopoly for lending,
| hows that gonna be good for the fees.
|
| LN was dead before they started coding it.
| delaaxe wrote:
| lock up*
| wickoff wrote:
| If I decide I want to be long BTC, why not also lock it
| up to earn fees?
| noxer wrote:
| No one questions that the people who are bullish on BTC
| are in on it (some). The question is why would I pay you
| to lend me BTC when I actually want to send my BTC to
| someone. It literally adds a third party in what should
| be a p2p transaction. They replaced the "evil third
| parties" called banks with their own liquidity pool.
|
| Funny how they figured out that you cant make money with
| money services if you remove the third party, so they
| added it back in.
|
| On top of that there are countless other blockchains/DLT
| that have cheap transactions on the first layer. Cheap as
| in fractions of a cent. To compete with that you would
| need to lock your BTC for free but then you still have
| the on chain transaction that LN needs sometimes that
| cost way too much.
| colordrops wrote:
| Does this blog entry hang Brave on Android for anyone else?
| Happens on two phones for me.
| Thorentis wrote:
| Yep, just happened for me. Hangs and can't scroll.
| archon810 wrote:
| Created a bug report https://bugs.chromium.org/p/chromium/issue
| s/detail?id=122283....
| astroanax wrote:
| Disabling js doesn't make it hang anymore for me.
| archon810 wrote:
| Hangs Chrome for Android completely too.
| [deleted]
| ubi3921 wrote:
| > We don't just get to share code, we get to share a running
| computer, and anyone anywhere can use it in an open and
| permissionless manner
|
| Can someone explain what this means? Its not explained anywhere
| in the post.
| olalonde wrote:
| Bitcoin transactions, or more precisely transaction outputs,
| are little scripts that are executed in a VM. To spend a
| transaction output, you have to "solve it" by providing it an
| input which makes it return true. The most common transaction
| script checks that you possess a private key through a
| signature check, but it's possible to make more complex scripts
| like the "Pay To Multisig" script. Of course, Bitcoin scripts
| are quite limited and, unlike Ethereum smart contracts, they
| are non-Turing-complete and can't store state.
|
| Permissionless just means anyone can create transactions
| because there's essentially no way to block someone from doing
| so, unlike say a transaction on PayPal.
| counternotions wrote:
| Presumably a reference to blockchain as a distributed ledger.
| legutierr wrote:
| He is probably referring to Ethereum, which was conceived as a
| "global computer", operating in an open and permissionless
| manner.
| jazzyjackson wrote:
| Ethereum extends the concept, but Bitcoin transactions are
| programs running on the global blockchain (well, the op codes
| are executed by a single node, but the result is published
| and verified by the network, if I understand it right)
|
| But just wanted to make the point that Bitcoin is a global
| computer as much as ethereum is, Solidity is just Turing
| complete while (Bitcoin's) Script is intentionally limited to
| a few instructions.
| aazaa wrote:
| You can think of the Bitcoin block chain as the state of a
| globally-accessible machine. The state is updated through the
| publication of valid blocks, each of which builds on a previous
| block. A block is composed of transactions, each of which
| incrementally advances the machine's state. Each transaction
| contains a small program "script" that defines the conditions
| for the state transition it causes.
|
| There's this persistent misconception out there that only
| Ethereum works this way. It's a testament to marketing. Bitcoin
| has been doing "smart contracts" long before Ethereum was even
| a gleam in Vitalik's eye.
| spinny wrote:
| Bitcoin's script language is very restricted, claiming that
| Bitcoin has been doing "smart contracts" is disingenuous to
| me. I wouldn't call a bitcoin script as "smart". Ethereum was
| born because of this
| aazaa wrote:
| Script is restricted, but it permits everything outlined by
| Nick Szabo's definition. As Wikipedia notes:
|
| > Smart contracts were first proposed in the early 1990s by
| Nick Szabo, who coined the term, using it to refer to "a
| set of promises, specified in digital form, including
| protocols within which the parties perform on these
| promises".
|
| https://en.wikipedia.org/wiki/Smart_contract
|
| We don't get to decide what smart contracts are. Nick Szabo
| decided long ago.
|
| Marketing vs reality has been a big problem in this space.
| isoprophlex wrote:
| He links committing transactions to the blockchain to storing
| state in a distributed data structure... which is of course, in
| the case of Bitcoin, implemented in arguably the most wasteful,
| ham-fisted, environmentally disastrous way possible.
|
| There's also the ethereum VM which is a slow decentralized
| state machine capable of executing code...
| plebianRube wrote:
| Check yourself.All progress was 'wasteful' with resources at
| one time. And yes, bitcoin is progress.
| tsimionescu wrote:
| All progress was 'wasteful' at some point, but all
| 'progress' is wasteful. And yes, bitcoin is 'progress'.
|
| I suppose Bitcoin is better than gold. Unfortunately, for
| BTC, we already have much more advanced financial
| technology.
| plebianRube wrote:
| Permissioned legacy technology is not advanced. The
| stronger, harder money wins. Good luck with your guess.
| tsimionescu wrote:
| I am specifically thinking of fiat money, based on
| burrowing and fractional reserve banking. This has
| addressed many historical problems with fixed money/value
| supply that Bitcoin would have if it ever caught on.
| toxik wrote:
| If you, like me, were curious about what the secret key 1 is on
| the mainnet, then here you are: 1
| 1BgGZ9tcN4rm9KBzDn7KprQz87SZ26SAMH https://www.blockchain.com/btc
| /address/1BgGZ9tcN4rm9KBzDn7KprQz87SZ26SAMH
|
| Some others: 2
| 1cMh228HTCiwS8ZsaakH8A8wze1JR5ZsP https://www.blockchain.com/btc
| /address/1cMh228HTCiwS8ZsaakH8A8wze1JR5ZsP 3
| 1CUNEBjYrCn2y1SdiUMohaKUi4wpP326Lb https://www.blockchain.com/btc
| /address/1CUNEBjYrCn2y1SdiUMohaKUi4wpP326Lb 42
| 1EMxdcJsfN5jwtZRVRvztDns1LgquGUTwi https://www.blockchain.com/btc
| /address/1EMxdcJsfN5jwtZRVRvztDns1LgquGUTwi 1337
| 1DN76uuAUDY1DLxABD3JAyunhhAreJbCjT https://www.blockchain.com/btc
| /address/1DN76uuAUDY1DLxABD3JAyunhhAreJbCjT
| zikduruqe wrote:
| If you are really curious, all the secrets are out there.
|
| https://keys.lol/bitcoin/22486853933768128433444208678976948...
|
| Finding one with a balance is the hard part.
| delaaxe wrote:
| Thanks, I was wondering the same but too lazy to figure out the
| addresses!
| [deleted]
| 21eleven wrote:
| Looks like the exercise left to the reader has been completed:
| https://www.blockchain.com/btc-testnet/tx/182bf9202649ded3a6...
| noxer wrote:
| 0.00090000 BTC moved 0.00005000 BTC Fees Thats 5.55%
|
| On the test net! On the real net it would be like 20% or more
| in fees.
| bogota wrote:
| Fees are dictated by the user and the time they have for the
| transaction to take place. The fee could have been much
| lower.
|
| I think we are well past the point of debating if bitcoin
| layer one will be used for day to day transactions however. A
| custodial service or lighting will have to be used for that.
| Additionally most people treat bitcoin closer to gold than a
| dollar currently.
| noxer wrote:
| I disagree but wont bother explain why because I know you
| dont care.
| AlexAndScripts wrote:
| Then why bother writing that useless comment?
| noxer wrote:
| Why ask that useless question?
| read_if_gay_ wrote:
| Pointing out that something is useless isn't useless in
| itself.
|
| You can take it down a nihilistic path by claiming that
| it is in fact useless, but that argument just spins in
| circles forever because it applies to itself.
| noxer wrote:
| However, answering a rhetorical question is in fact
| useless.
| karpathy wrote:
| the plot thickens :)
| https://twitter.com/YuleHou/status/1407395412575592453
| grokstar wrote:
| The thickening intensifies :)
| https://twitter.com/grokology/status/1407433078914437120
| counternotions wrote:
| > steal my bitcoins from my 3rd identity wallet
| (mgh4VjZx5MpkHRis9mDsF2ZcKLdXoP3oQ4) to your own wallet ;) If
| done successfully, the 3rd wallet will show "Final Balance" of
| 0. At the time of writing this is 0.00095000 BTC, as we
| intended and expected.
|
| Can someone explain how this was executed?
| meowface wrote:
| Guessing it's because the private key is right in the code:
|
| >secret_key3 = int.from_bytes(b"Andrej's Super Secret 3rd
| Wallet", 'big') # or just random.randrange(1, bitcoin_gen.n)
|
| (Obviously a private key intended for actual use generally
| wouldn't just be some ASCII bytes of an English phrase and
| wouldn't be posted publicly. Though, of course, there have
| been instances of both...)
| toxik wrote:
| You have the secret key, just sign away the txouts.
| [deleted]
| igravious wrote:
| Super interesting and informative, I learned lots that I didn't
| already know. Who are the cryptominers on the testnet btw?
| globular-toast wrote:
| I wish people would put this much effort into learning git, which
| is actually useful. It's very similar.
| adamnemecek wrote:
| Kind of surprised Andrej has time to work on anything besides
| self-driving cars
| canada_dry wrote:
| Related... his recent presentation at CVPR is quite
| interesting:
| https://www.youtube.com/watch?v=eOL_rCK59ZI&t=28286s
| karpathy wrote:
| https://twitter.com/karpathy/status/1407378320551923718 :) But
| more seriously, I just really love learning and worked on this
| on the side, in small increments in between the cracks, and
| purely from interest for fun.
| adamnemecek wrote:
| How many hours a day do you work? And what does your daily
| schedule look like?
| [deleted]
| karpathy wrote:
| I count myself very fortunate that I find the word "work"
| very confusing.
| adamnemecek wrote:
| I know what you mean but I still think that there's a
| number you can give. Like this counts as work.
|
| What does your average daily schedule look like?
| exdsq wrote:
| I'm interested in this too Karpathy, would love to know.
| Not sure why you're being down voted Adam.
| [deleted]
| cs702 wrote:
| It's awesome to see you doing this, and taking the time to
| respond here! Ditto for your (re)implementation of
| transformers a while back, which you clearly worked on for
| fun as a side project too. The world would be such a better
| place if every executive in charge of technology at a large
| company engaged in these kinds of side projects for fun on a
| regular basis :-)
|
| If I may, let me ask you an unrelated question that just
| 'popped in my head' only now but is related to your recent
| presentation at CVPR: Are you guys at Tesla fusing video with
| _audio_ data for self-driving?
|
| Just curious. I ask because (a) sound waves at frequencies
| detectable by the human ear appear to be quite important for
| both routine and edge-case situations (e.g., sounds of other
| vehicles braking/screeching/accelerating/passing, sirens of
| ambulances/police cars/fire trucks, bursts of honks from
| other vehicles, people suddenly shouting/screaming nearby),
| and (b) audio and video signals are already synchronized, so
| I imagine fusing them should be more straightforward (e.g.,
| there's already some research out there on applying deep
| learning to video clips with audio).
| [deleted]
| polishdude20 wrote:
| Would you be open to doing an AMA on here? I'm sure a lot of
| software people would love to hear more of your thoughts on
| software and stuff!
| adflux wrote:
| Haven't seen tesla do much self driving in practice yet. 3
| years late now?
| plebianRube wrote:
| No, same timeline they state every year - FSD by the end of
| the year.
| papito wrote:
| Sometimes I actually find more energy for working on an
| endless slog at work when I have an exciting side project
| going. Easy to get caught up in the side project, however.
| mzs wrote:
| His boss has a passing interest...
| fpgaminer wrote:
| Nobody can work 100% of the time, everyone needs breaks. But
| some engineers take breaks from their regular work by doing
| other "work". I find it bizarre that there are so many comments
| making this out to be some kind of dire situation where he's
| working on other things because Tesla is sinking or something.
| Is working on hobby projects as a way to relax really that
| uncommon?
|
| For reference, I started a small Bitcoin mining hardware
| business back in the day, while still holding a 200/hr week/8
| days a week/400 days a year full-time job. Working on Bitcoin
| stuff was my "break" from regular work.
| dswalter wrote:
| It's maybe an ... interesting sign that someone with
| substantial liquidity from tesla shares at this point in
| history is apparently finding cryptocurrency an enjoyable
| diversion/investment vehicle?
| js4 wrote:
| I was thinking the same thing.
| yumraj wrote:
| Maybe he is losing faith in self driving cars and is looking
| for an alternate field.
| malux85 wrote:
| Diversification of interests accelerates creativity due to
| axiomatic discovery and reinforcement, idea plasticity and
| abstraction practice. Other interests are not just important,
| they are necessary.
| GeorgeTirebiter wrote:
| Right. All really smart people 'play'. Famously, Feynman
| was spinning plates in the Caltech cafeteria on his
| fingertip, which gave him the ideas that ended up winning
| him a Nobel prize.
|
| Play is important for children of all ages.
| karpathy wrote:
| Surely You're Joking is one of my all time favorite
| books, for sure.
| cf499 wrote:
| # secret_key = random.randrange(1, bitcoin_gen.n) # this is how
| you _would_ do it
|
| I know the article is mainly for learning purposes but someone
| should point out that the `random` module in python is not meant
| for cryptography. Please use the built-in `secrets` module or
| `os.urandom` instead.
| torcete wrote:
| I wonder how strong would Elliptic Curve Cryptography be compared
| to other methods if there is a major breakthrough in quantum
| computing.
| SuchAnonMuchWow wrote:
| In theory, it is also broken.
|
| It practice, it appears to be slightly harder to break than RSA
| for the same security level as we define it in non-quantum
| computing, but not by much.
| chadhutchins10 wrote:
| I wish this were talked about more. Quantum computing is the
| biggest long-term threat to crypto imo. What's the plan once
| elliptic curve cryptography can be broken?
|
| There will be a point in time where there are just a few
| quantum computers that can break everything before the general
| public has access to quantum computing. Can crypto work in that
| scenario? Normal computers wouldn't be able to work with the
| beastly algorithms a quantum computer could handle.
| exdsq wrote:
| There's a lot of research and practical work on quantum-proof
| cryptography which is already in use in some cryptocurrencies
| - 'just' need to hardfork and update it when it's ready for
| Bitcoin
| 21eleven wrote:
| What cryptocurrencies are currently using post-quantum
| cryptography?
| DennisP wrote:
| Only one I'm aware of is QRL ("quantum-resistant
| ledger").
|
| https://www.theqrl.org/
| anonporridge wrote:
| No need for a hard fork. A soft fork like Taproot is doing
| this year would be sufficient.
| eigenvalue wrote:
| The first entities that are likely to achieve practical
| quantum computers will either be governments or big tech
| companies like Google. And it will be a big deal, so there
| would likely be several years of warning before it could be
| at the point where it would make sense to use it to steal
| someone's bitcoins (I guess the original Satoshi coin address
| would be the biggest bounty). And in the time period between
| when the big development is first announced and before it's
| practical, Bitcoin and other cryptocurrency projects can do a
| fork to a new digital signature scheme that is quantum proof
| (such as LegRoast) so that anyone who is concerned can move
| their coins to a new secure address. So while it would
| certainly be disruptive, it wouldn't necessarily spell the
| doom of Bitcoin.
| only_as_i_fall wrote:
| Depends on the incentives. If the only interest in quantum
| computing is to break classically hard encryption then I
| think the time between poc and widespread availability
| could be relatively short.
| 21eleven wrote:
| While not implemented I think there are "lattice based" forms
| of cryptography that are believed to QC resistant that
| blockchains could migrate over to if QCs begin to show signs
| of increased fault tolerance and size.
| EnigmaCurry wrote:
| Just don't re-use addresses. Bitcoin does not expose your
| public key until you spend from it.
| nannal wrote:
| > Bitcoin does not expose your public key until you spend
| from it.
|
| Are you sure, what about when someone sends to it?
| DennisP wrote:
| They're correct. The blockchain just records that the
| funds were sent to your address. To spend the funds you
| have to show the public key which hashes to that address,
| in another transaction signed by the private key.
|
| If the sender wanted to send you a private message, they
| would need your public key, but that's not what
| transactions do.
| nannal wrote:
| Fair enough, thank you.
| shoghicp wrote:
| Sending to an address means sending it to a "hash" of a
| public key (or a more complex script) on all modern
| formats. Then such script and data is revealed on spend.
| DennisP wrote:
| If the QC can crack your private key within a few minutes,
| it would still have a decent chance to steal your money.
| G3rn0ti wrote:
| > What's the plan once elliptic curve cryptography can be
| broken?
|
| A likely drop-in replacement for elliptic curve cryptography
| (ECC) currently used by Bitcoin could be
|
| https://en.wikipedia.org/wiki/Supersingular_isogeny_key_exch.
| ..
|
| I am not a Mathematician, but what I understood, it's
| basically an extension of ECC using multiple elliptic curves,
| allows to re-use the Diffie-Hellman key exchange protocol
| (private keys kept secret, public keys exchanged) and memory
| requirements are small. So it would be a perfect replacement
| in wallets and validation nodes. But I can not explain why it
| is safe against an attack using quantum computers.
| leishman wrote:
| > I wish this were talked about more.
|
| This is talked about all the time in Bitcoin dev circles.
| runeks wrote:
| We already have a solution
| (https://en.wikipedia.org/wiki/Lamport_signature) but there's
| no reason to deploy it yet since it reduces scalability.
| oblio wrote:
| The problem with "yet", in security, is that by the time
| you realize that "yet" is here, it's already too late.
| IncRnd wrote:
| Shor's algorithm, which runs partially on a classical computer
| and a portion on a quantum computer, breaks elliptic-curve
| cryptography.
| plebianRube wrote:
| Yes, with major caveats - knowing the public key and having
| 100s of messages signed by corresponding private key.
| Nowadays people only expose their public key one time per
| transaction, and never reuse their address. So to steal
| coins, not only do you have only ~10 mins between blocks to
| find the private key, currently Shor's algorithm is
| unfeasible with only 1 signed message.
| tromp wrote:
| Not only do many people still reuse keys, but there is also
| still a huge amount of bitcoin in P2PK outputs, i.e. with
| exposed public keys.
| erostrate wrote:
| Sorry if that's a naive question but why do you need
| several signed messages? If you have a quantum computer and
| a quantum period finding function don't you get immediately
| the discrete log? Assuming you have one public key (not
| hashed) doesn't that give you the private key immediately?
| plebianRube wrote:
| Broadly speaking, more signed messages can get you more
| points on the curve you're trying to guess.
|
| https://www.cs.umd.edu/~amchilds/teaching/w08/l03.pdf
|
| May help if you're actually interested.
|
| Edit: More signed transactions help with the classical
| and not the quantum part of schor.
|
| Edit2: Schor has not yet even been able to factor the
| integer 35 with current quantum hardware, too much
| interference.
| IncRnd wrote:
| Shor's integer factorization algorithm needs a single
| number or key to factor, not hundreds of transactions. I've
| certainly sent money to old addresses, which exist in
| perpetuity on the blockchain. I can also use web searches
| to find hundreds of current public keys in a matter of
| minutes.
|
| > currently Shor's algorithm is unfeasible with only 1
| signed message.
|
| The algorithm is currently unfeasible with 100s of
| messages. Shor's algorithm uses a quantum computer to
| reduce the complexity of integer factorization from sub-
| exponential to polynomial-time. It is not an attack that
| fine-tunes the output according to the amount of network
| traffic.
| plebianRube wrote:
| Try actually reading it's aplication to eliptix curve
| cryptography. No really. Come back when all the bitcoin
| are belong to you.
| [deleted]
| headsupftw wrote:
| Two days in a row I see this Karpathy name on the front page of
| HN on two totally unrelated subjects. It almost feels like this
| is simulated world and something is wrong.
| shaklee3 wrote:
| He's seni-famous even before working at Tesla
| plondon514 wrote:
| Taking this opportunity to promote my side project codeamigo and
| a tutorial I wrote for building your own Bitcoin wallet
| https://codeamigo.dev/lessons/start/53
| sethgecko wrote:
| I've made something similar in order to learn how everything
| works and made it into a python library. Everything is in pure
| python with no dependencies, only std lib. I've implemented all
| the crypto stuff, address generation including HD, transaction
| serialization and even the bitcoin script.
| https://github.com/mcdallas/cryptotools
| mountainboy wrote:
| respect.
| uyt wrote:
| In python 3.9 you don't need to implement extended euclidean and
| inv, you can just do `pow(x, -1, mod)`
| halotrope wrote:
| Implementing things from scratch is probably the ultimate test of
| thorough understanding. Chapeau! On another note I am amused that
| Mr. Karphathys name describes exactly what he is doing in his day
| job.
| ijlx wrote:
| An excellent example of nominative determinism!
| sombremesa wrote:
| Sometimes implementing things from scratch is the ultimate
| proof of thorough misunderstanding.
| yerwhat01010 wrote:
| I don't get it. What does the word "Karpathy" mean or sound
| like?
| aaronax wrote:
| Car pathing, as in getting cars to drive along a path.
| davidhowlett wrote:
| "car path ey" sounds like a thing connected to finding paths
| for cars.
| yerwhat01010 wrote:
| D'oh. I was trying to think of a connection between
| "Karpathy" and Bitcoin.
| RyanGoosling wrote:
| Bitcoin is taking up all the water
| msgilligan wrote:
| This is reminds me of Ken Shirriff's 2014 "Bitcoins the Hard Way"
| blog post that also used Python to build a Bitcoin transaction
| from scratch: http://www.righto.com/2014/02/bitcoins-hard-way-
| using-raw-bi...
|
| (The subtitle of the blog is "Computer history, restoring vintage
| computers, IC reverse engineering, and whatever" and it is full
| of fascinating articles, several of which have been featured here
| on HN)
| samlewis wrote:
| Shameless self-promotion but there's also this post I wrote in
| 2017 if anyone interested in a slightly different take (but a
| very similar write up to the OP):
| https://www.samlewis.me/2017/06/a-peek-under-bitcoins-hood/
|
| Cool that this article implements the cryptography primitives,
| though!
|
| e: Funnily, like the article, I also stored some BTC in a
| wallet and challenged people to (manually) take/steal it. At
| the time it was worth $10 USD.. now it's worth $123 USD!
| NextHendrix wrote:
| Ken's blog is great, as well as his work with CuriousMarc.
| Here's when he tried mining bitcoins by hand.
|
| http://www.righto.com/2014/09/mining-bitcoin-with-pencil-and...
| kens wrote:
| Thanks for the nice mention of my blog. I was wondering if
| anyone remembered my old bitcoin article :-)
| arthurcolle wrote:
| It's a classic. You will be forever remembered for your
| timeless contributions to the collective consciousness!
| audiometry wrote:
| The retro-computing stuff I see you guys doing on
| CuriousMarc's youtube channel blows my mind.
| martindale wrote:
| I go back to it twice yearly
| ngcc_hk wrote:
| We do
| animex wrote:
| No, the hardest way is using pencil and paper to mine a block
| :)
|
| https://gizmodo.com/mining-bitcoin-with-pencil-and-paper-164...
| rantwasp wrote:
| technically it said "the hard way" not "the hardest way".
| also, computing a hash != mining. mining needs forming the
| block and computing the hash
| alpb wrote:
| That's basically just a SHA256 hashing on pen and paper,
| doesn't have much to do with how bitcoin works.
| jazzyjackson wrote:
| To be fair, performing sha256 hashing is kind of the only
| work that Bitcoin is doing, from a kilowatt hour's
| perspective.
| Saig6 wrote:
| Same guy, Ken Shirriff
| blocked_again wrote:
| That's a lot of upvotes. Do you folks really spend hours going
| through the whole blog post? I for one can never go through the
| whole blog post. My brain would be shouting at me the whole time
| to work on something that can generate passive recurring revenue
| instead.
| nednar wrote:
| If your capital does not grow from gaining more knowledge then
| invest a few hours into investment theories.
| j4yav wrote:
| You could also read it for fun, curiosity, and/or because you
| already have enough recurring revenue.
| [deleted]
| onebot wrote:
| This is great, love it.
| hermitsings wrote:
| This dude writes stuff hitting the sweet spot!
| m00dy wrote:
| His implementation is missing Taproot :)
| anonporridge wrote:
| To be fair, taproot isn't live on mainnet yet.
| fredfoobar wrote:
| Bitcoin is surprisingly easy, I'm currently working on a similar
| thing, but in Pharo/Smalltalk (I took it up as a project to learn
| Pharo). It's been pretty nice so far.
| AzzieElbab wrote:
| Great post. One day someone will do Bitcoin from scratch in
| Scratch
| jaycroft wrote:
| One little nitpick: the checksum error probability should be more
| like 9 nines. The checksum contains 4 bytes, not 4 bits, and so
| the false positive rate should be about 1 in 2^32, not 1 in 2^4.
|
| "The raw 25 bytes of our address though contain 1 byte for a
| Version (the Bitcoin "main net" is b'\x00', while the Bitcoin
| "test net" uses b'\x6f'), then the 20 bytes from the hash digest,
| and finally 4 bytes for a checksum so we can throw an error with
| 1 - 1/2*4 = 93.75% probability in case a user messes up typing in
| their Bitcoin address into some textbox."
| Cantinflas wrote:
| "NIST publishes recommendations on which ones to use, but people
| prefer to use other curves (like secp256k1) that are less likely
| to have backdoors built into them"
|
| Does this make any sense? How is a curve going to have backdoors
| on it? Or he means a specific implementation? Or is this a joke?
| I'm confused
| stcredzero wrote:
| There's been a history of mathematical information used in
| cryptography produced by the NSA, for which it's later
| revealed, they had pre-developed an attack. Example: the
| s-boxes of DES.
| foo92691 wrote:
| Except NSA _strengthened_ DES against this not-yet-known-to-
| the-public attack (differential cryptanalysis).
|
| https://en.wikipedia.org/wiki/Data_Encryption_Standard#NSA's.
| ..
|
| https://en.wikipedia.org/wiki/Differential_cryptanalysis#His.
| ..
| inter_netuser wrote:
| ECC NIST curves were proposed by the NSA. They have some
| unusual hand-selected constants that nobody quite understands
| exactly why they were selected.
|
| https://miracl.com/blog/backdoors-in-nist-elliptic-curves/
|
| "Working in collaboration with the NSA, NIST included three
| sets of recommended elliptic curves in FIPS 186-2 that were
| generated using the algorithms in the American National
| Standard (ANS) X9.62 standard and Institute of Electrical and
| Electronics Engineers (IEEE) P1363 standards.": What exactly is
| NIST's justification for making claims regarding the method
| that NSA used to generate these curves? The fact that a hash
| matches is publicly verifiable, but the distribution of
| "random" inputs is not. I have heard NSA employees claiming
| that the "random" inputs were actually generated as hashes of
| English text chosen (and later forgotten) by Jerry Solinas."
|
| https://csrc.nist.gov/CSRC/media/Publications/sp/800-186/dra...
|
| It's all quite public.
| scoofy wrote:
| Here's a computerphile video that explains it very simply:
| https://youtu.be/nybVFJVXbww
| sundarurfriend wrote:
| > But then the Snowden leaks came along, and it looks even
| more suspicious.
|
| > Money was changing hands between the NSA and companies, to
| have them install this as their standard for number
| generation. That's deeply suspicious.
|
| (-from the video)
|
| That's one piece of information I didn't know, and doesn't
| usually get mentioned in the discussions I've seen about
| this.
| Cantinflas wrote:
| Thanks! Thanks to the other answers too. Amazing stuff!
| rkagerer wrote:
| https://services.math.duke.edu/~bray/Courses/89s-MOU/2016/Pa...
|
| Quoting from the paper:
|
| _The standard given by the NIST gives a list of explicit
| parameters ... describing the elliptic curve behind the
| algorithm.
|
| Examining the points P and Q here, it is obvious why
| cryptographers were suspicious of the Dual EC ... once the
| scalar k is known, it is a "simple matter to determine the
| secret internal state s of the pseudo-random bit generator"
| [6], by observing as few as 32 bytes of output._
|
| It goes on to quote one of the NSA contractors who admitted
| that instead of being randomly chosen, _" Q is (in essence) the
| public key for some random private key."_
|
| _" It could also be generated like a(nother) canonical G, but
| NSA kyboshed this idea, and I was not allowed to publicly
| discuss it, just in case you may think of going there."_
|
| Straying from the prescribed points was discouraged, and NIST
| only provided FIPS validation to clients using the original P
| and Q.
|
| More recently, GPRS was also shown to have been intentionally
| weakened - presumably to pass export controls - although in
| this case I think it was the algorithm and not a "cherry
| picked" curve: https://eprint.iacr.org/2021/819.pdf
| DrNuke wrote:
| That's neat, as a case study for implementation at the very
| least. Thanks!
| kozak wrote:
| I'm amazed that he has time for this kind of hobby work.
| yellow_lead wrote:
| For others: Andrej Karpathy is the director of artificial
| intelligence and Autopilot Vision at Tesla.
|
| Was on front page yesterday for a presentation on Tesla's
| Autopilot / Autonomous features:
| https://www.youtube.com/watch?v=NSDTZQdo6H8
| actinium226 wrote:
| I know right? I had to do a double take when I saw the link,
| and then had to click it to confirm it was _that_ Karpathy
| christophergs wrote:
| A lot of busy, smart people have seemingly random side-
| projects. For example, Von Neumann:
|
| "A professor of Byzantine history at Princeton once said that
| von Neumann had greater expertise in Byzantine history than he
| did" [1]
|
| I don't know for sure why, but I think two possibilities are
| likely: (1) An extremely strong, natural intellectual curiosity
| and/or (2) Working on other things allows them to bring fresh
| ideas/insights to their "main" work, and in this sense is also
| rejuvenating.
|
| [1] https://en.m.wikipedia.org/wiki/John_von_Neumann
| natmaka wrote:
| From this point of view intelligence and memory may be just
| like muscle: the more you use (train) it, the more is grows
| (performs well).
| [deleted]
| meekaaku wrote:
| He was doing this kind of hobby work well before. I learnt
| solving Rubik's cube from his page[0].
|
| [0] http://badmephisto.com
| isaacimagine wrote:
| Woah, he's him? Same here!
| prawn wrote:
| Same - recognised the domain instantly! Used it to teach my
| son as well.
| cusx wrote:
| What a pleasant surprise!
| enchiridion wrote:
| I had no idea!!! That's amazing.
| therein wrote:
| Oh wow, me too.
| [deleted]
| spoonjim wrote:
| He's smart enough to do the job he has because he has done this
| hobby work his whole life. See also Peter Norvig.
| roystonvassey wrote:
| I think he's a natural teacher - someone who loves sharing what
| he's learnt with others - and it pleases to me know such people
| exist.
|
| Everything I learned about deep neural networks, enough to
| apply it in a live product, was essentially all his notes,
| videos and exercises. And it's all out there for free!
|
| Thanks Andrej and keep doing cool stuff!
| mlcrypto wrote:
| Maybe most of his job is hype & marketing without delivering
| much
| ketamine__ wrote:
| FSD rollout has been delayed many times. He's
| underperforming.
| nexuist wrote:
| This is a very cynical way of looking at development
| progress. Did the iPhone team underperform by shipping in
| 2007 instead of 2005?
| animex wrote:
| Or Elon is over-performing.
| throwkeep wrote:
| He's almost certainly a 100x engineer.
| ketamine__ wrote:
| Has he saved 100x lives with FSD?
| doggosphere wrote:
| 100x means he produces 100x you (or 100x the average
| engineer).
| delaaxe wrote:
| Definitely saved plenty of lives already. You should
| watch that video from yesterday
| boringg wrote:
| Probably helps his boss is the "tecnoking" and cfo is the
| "master of coin".
|
| Agreed though - impressive he has that kind of sidebar time or
| is so capable he doesn't need that much time to figure it out.
| woah wrote:
| This stuff isn't that hard to figure out, given the number of
| specifications and tutorials already out there. What's
| impressive is the fact that he thought of a reasonably sized
| task, and (presumably) executed it efficiently and completely
| without getting stuck or distracted.
| kebman wrote:
| I spent quite some time researching this a few years ago.
| Then I finally programmed and generated my own fully
| working address. It's quite a satisfying journey. But I
| have to say, Python makes this somewhat less painful than
| it is in JavaScript (yes, I tried that too...) xD
| delaaxe wrote:
| He started tweeting about this like months ago
| andai wrote:
| "If you want something done quickly, give it to the busiest
| person."
| delaaxe wrote:
| "I choose a lazy person to do a hard job. Because a lazy
| person will find an easy way to do it."
|
| -- Bill Gates
| calvinmorrison wrote:
| Is it necessary for me to drink my own urine? No, but I do
| it anyway because it's sterile and I like the taste.
|
| -- Patches O'Houlihan
| qolop wrote:
| I am Groot
|
| -- Groot
| levi_n wrote:
| You miss 100% of the shots you don't take
|
| -- Wayne Gretzky -- Michael Scott
___________________________________________________________________
(page generated 2021-06-23 23:03 UTC)