Bitcoin Wiki - User contributions [en]

User:Tris T7

2022-06-11T18:41:32Z

Tris T7: /* About TrisT */ Edited

=Business Management · Risk Management · Corporate and Brand Development=

==About TrisT==
This is Tris T7 from Thailand.
Let me know if you need any translation of Any language into Thai or Thai to English.
I am Professional Photographer from Thailand. Running Modeling and Advertising Agency business.

==Skills==
===Soft Skills===
* Good communication skills:
** Asking the right questions
** Listening to and understanding your client's wants or needs
** Remaining positive about the vision and outcome
** Persevering through changes or setbacks
** Working well under pressure or meeting tight deadlines
** Showing patience in your work and with those you are working with
** Staying dedicated to the project, even when long hours are required
** Ability to work well under pressure and meet deadlines
** Patience, dedication and attention to detail
** Ability to work independently and with a team
* System thinking skills
* Artistic skills
* Creative skills
* Good communication skills
* System thinking skills
* Artistic skills
* Creativity skills
* Networking skills
* Interpersonal skills
* Entrepreneurial skills
* Detail-oriented
* Archiving
* Critical Thinking
* Understanding of Intellectual Property
* Presentation
* Consistency
* Branding skills

===Hard Skills===
====Photography Skills====
* Composition: Artistic Ability
** Balance
** Color
** Creativity
** Design
** Form
** Formatting
** Good Eyesight
** Lighting
** Patterns
** Shape
* Hardware Nikon D850 Ranking to the top of best Nikon
** Camera Type: DSLR
** Sensor: Full-frame
** Megapixels: 45.7MP
** Max video resolution: 4K UHD
** User level: Professional
* Attention to detail
* Software
** Digital Imaging
** Editing Software
** DSLR Cameras
** Electronic Image Handling
** High-resolution imaging
** Image manipulation
** ISO Speeds
** Lenses
** Printing
** Resizing
** Shooting Film

====Software Skill====
=====Adobe Creative Suite Software Skill=====
* Adobe Photoshop (Ps)
* Adobe Illustrator (Ai)
* Adobe InDesign (Id)
* Adobe Lightroom (Lr)
=====macOS Software Skill=====
* Keynote
* Pages
* Number
* Aperture
=====Google Software Skill=====
* Crome + extension
* Maps
* Crowdsource

==Contributions for Wikimedia Projects==
Following is my contribution to Wikimedia Projects as Volunteer role.
* Meta-Wiki
Meta-Wiki with Autopatrollers right. as Translator and Tech Ambassador.
https://meta.wikimedia.org/wiki/Tech/Ambassadors/List https://meta.wikimedia.org/wiki/Special:Contributions/Tris_T7
* MediaWiki
MediaWiki with Autopatrollers right. as Translator.
https://www.mediawiki.org/wiki/Special:Contributions/Tris_T7
* Wikimania
Wikimania.wikimedia.org
https://wikimania.wikimedia.org/wiki/Special:Contributions/Tris_T7
* Wikimedia Foundation
https://foundation.wikimedia.org/ as Translator.
https://foundation.wikimedia.org/wiki/Special:Contributions/Tris_T7
* Wikimedia Commons
https://commons.wikimedia.org/ as Contributor, Translator, and Machine vision tester.
https://commons.wikimedia.org/wiki/User:Tris_T7
* Wikipedia Thai
https://th.wikipedia.org/wiki/ผู้ใช้:Tris_T7

==Contact Information==

* Country: Thailand
* via email at trist7@yahoo.com
* Bitcoin address here: 3R1j4sTxxMuSGThpLAtPqPSr6gXmFj8dpi

==Reference==

[[Category:Freelancers]] [[Category:Freelancers-Translation]]

User:Tris T7

2022-05-18T09:37:40Z

Tris T7: added introduction

=Business Management · Risk Management · Corporate and Brand Development=

==About TrisT==
This is Tris T7 from Thailand.
Let me know if you need any translation of Any language into Thai or Thai to English.
I am Professional Photographer from Thailand. Running Modelling and Advertising Agency business.
Graduated from

==Skills==
===Soft Skills===
* Good communication skills:
** Asking the right questions
** Listening to and understanding your client's wants or needs
** Remaining positive about the vision and outcome
** Persevering through changes or setbacks
** Working well under pressure or meeting tight deadlines
** Showing patience in your work and with those you are working with
** Staying dedicated to the project, even when long hours are required
** Ability to work well under pressure and meet deadlines
** Patience, dedication and attention to detail
** Ability to work independently and with a team
* System thinking skills
* Artistic skills
* Creative skills
* Good communication skills
* System thinking skills
* Artistic skills
* Creativity skills
* Networking skills
* Interpersonal skills
* Entrepreneurial skills
* Detail-oriented
* Archiving
* Critical Thinking
* Understanding of Intellectual Property
* Presentation
* Consistency
* Branding skills

===Hard Skills===
====Photography Skills====
* Composition: Artistic Ability
** Balance
** Color
** Creativity
** Design
** Form
** Formatting
** Good Eyesight
** Lighting
** Patterns
** Shape
* Hardware Nikon D850 Ranking to the top of best Nikon
** Camera Type: DSLR
** Sensor: Full-frame
** Megapixels: 45.7MP
** Max video resolution: 4K UHD
** User level: Professional
* Attention to detail
* Software
** Digital Imaging
** Editing Software
** DSLR Cameras
** Electronic Image Handling
** High-resolution imaging
** Image manipulation
** ISO Speeds
** Lenses
** Printing
** Resizing
** Shooting Film

====Software Skill====
=====Adobe Creative Suite Software Skill=====
* Adobe Photoshop (Ps)
* Adobe Illustrator (Ai)
* Adobe InDesign (Id)
* Adobe Lightroom (Lr)
=====macOS Software Skill=====
* Keynote
* Pages
* Number
* Aperture
=====Google Software Skill=====
* Crome + extension
* Maps
* Crowdsource

==Contributions for Wikimedia Projects==
Following is my contribution to Wikimedia Projects as Volunteer role.
* Meta-Wiki
Meta-Wiki with Autopatrollers right. as Translator and Tech Ambassador.
https://meta.wikimedia.org/wiki/Tech/Ambassadors/List https://meta.wikimedia.org/wiki/Special:Contributions/Tris_T7
* MediaWiki
MediaWiki with Autopatrollers right. as Translator.
https://www.mediawiki.org/wiki/Special:Contributions/Tris_T7
* Wikimania
Wikimania.wikimedia.org
https://wikimania.wikimedia.org/wiki/Special:Contributions/Tris_T7
* Wikimedia Foundation
https://foundation.wikimedia.org/ as Translator.
https://foundation.wikimedia.org/wiki/Special:Contributions/Tris_T7
* Wikimedia Commons
https://commons.wikimedia.org/ as Contributor, Translator, and Machine vision tester.
https://commons.wikimedia.org/wiki/User:Tris_T7
* Wikipedia Thai
https://th.wikipedia.org/wiki/ผู้ใช้:Tris_T7

==Contact Information==

* Country: Thailand
* via email at trist7@yahoo.com
* Bitcoin address here: 3R1j4sTxxMuSGThpLAtPqPSr6gXmFj8dpi

==Reference==

[[Category:Freelancers]] [[Category:Freelancers-Translation]]

User:Tris T7

2022-05-16T09:23:35Z

Tris T7: added bitcoin address

Hi, This is Tris T7 from Thailand.
Let me know if you need any translation into Thai.
I am Professional Photographer from Thailand.

Following is my contribution to Wikimedia Projects

* Meta-Wiki with Autopatrollers right. as Translator and Tech Ambassador.
https://meta.wikimedia.org/wiki/Tech/Ambassadors/List https://meta.wikimedia.org/wiki/Special:Contributions/Tris_T7

* MediaWiki with Autopatrollers right. as Translator.
https://www.mediawiki.org/wiki/Special:Contributions/Tris_T7

* Wikimania.wikimedia.org
https://wikimania.wikimedia.org/wiki/Special:Contributions/Tris_T7

* https://foundation.wikimedia.org/ as Translator.
https://foundation.wikimedia.org/wiki/Special:Contributions/Tris_T7

* https://commons.wikimedia.org/ as Contributor, Translator, and Machine vision tester.
https://commons.wikimedia.org/wiki/User:Tris_T7

Bitcoin address here: 3R1j4sTxxMuSGThpLAtPqPSr6gXmFj8dpi

If you wish to contact me you can contact me via email at trist7@yahoo.com

[[Category:Freelancers]] [[Category:Freelancers-Translation]]

User:Tris T7

2022-05-09T03:54:05Z

Tris T7: Added personal info

Hi, This is Tris T7 from Thailand.
Let me know if you need any translation into Thai.
I am Professional Photographer from Thailand.

Following is my contribution to Wikimedia Projects

* Meta-Wiki with Autopatrollers right. as Translator and Tech Ambassador.
https://meta.wikimedia.org/wiki/Tech/Ambassadors/List https://meta.wikimedia.org/wiki/Special:Contributions/Tris_T7

* MediaWiki with Autopatrollers right. as Translator.
https://www.mediawiki.org/wiki/Special:Contributions/Tris_T7

* Wikimania.wikimedia.org
https://wikimania.wikimedia.org/wiki/Special:Contributions/Tris_T7

* https://foundation.wikimedia.org/ as Translator.
https://foundation.wikimedia.org/wiki/Special:Contributions/Tris_T7

* https://commons.wikimedia.org/ as Contributor, Translator, and Machine vision tester.
https://commons.wikimedia.org/wiki/User:Tris_T7

If you wish to contact me you can contact me via email at trist7@yahoo.com

[[Category:Freelancers]] [[Category:Freelancers-Translation]]

User:Tris T7

2022-05-05T05:27:15Z

Tris T7: added user in category

Hi This is Tris T7 from Thailand.
Let me know if you need any translation into Thai.
I am Professional Photographer from Thailand.
I am also Editor and Translator for Wikimedia Projects such as
https://commons.wikimedia.org/wiki/User:Tris_T7

[[Category:Freelancers]] [[Category:Freelancers-Translation]]

Units

2022-05-04T22:09:45Z

Tris T7: added link for preparing to create related article

Most commonly, units of bitcoin are expressed in decimal exponents such as BTC ("bitcoins"), mBTC ("millibitcoins") and μBTC ("[[bit (unit)|micro-bitcoin]] or [[bit (unit)|bit]] ").

==Decimal metric units==

The BTC unit was chosen to represent a value of 108 so as to give sub-unit precision rather than large whole numbers.
Mirroring the standard ''Le Système International d'Unités'', this allows for divisions of 1/10th (deci-bitcoins, dBTC), 1/100th (centi-bitcoins, cBTC), 1/1 000th (milli-bitcoins, mBTC), and 1/1 000 000 (micro-bitcoins, μBTC).

===Bits===

Many have adopted the practice of referring to the micro-bitcoin metric sub-unit as "bits".


==Table of all units==

This table is intended to include all well-defined units of bitcoin value, including less common and niche units.

{| class="wikitable sortable" style="text-align:right;font-family:Console, fixed, monospace"
|-
! Unit !! Abbreviation !! Decimal (BTC) !! Alternate names !! Info
|-
| Algorithmic maximum || || 20,999,999.9769     || || [http://www.wolframalpha.com/input/?i=%28sum%28210000*floor%285000000000%2F2^i%29%29%2C+i%3D0+to+32%29%2F10000000 Calculation]
|- style="background-color:#ddffdd"
| tam-bitcoin || || 2,814,749.76710656 || || 1,0000,0000 tonal
|- style="background-color:#ddddff"
| mega-bitcoin || MBTC || 1,000,000          || || Rare in context
|- style="background-color:#ddddff"
| kilo-bitcoin || kBTC || 1,000          || || Rare in context
|- style="background-color:#ddddff"
| hecto-bitcoin || hBTC || 100          || || Rare
|-
| Initial block subsidy || || 50          || || Until [[Halving day 2012|block 210000]]<ref>{{cite block|209999|year=2012|month=11|day=28|hash=00000000000000f3819164645360294b5dee7f2e846001ac9f41a70b7a9a3de1}}</ref>
|- style="background-color:#ddffdd"
| bong-bitcoin || ᵇTBC || 42.94967296 || || 1,0000 tonal
|-
| Current block subsidy || || 6.25        || block || As of halving day 2020, block 630000
|- style="background-color:#ddddff"
| deca-bitcoin || daBTC || 10          || || Rare
|- style="background-color:#ddffdd"
| mill-bitcoin || ᵐTBC || 2.68435456 || || 1000 tonal
|- style="background-color:#ddddff"
| bitcoin || BTC || 1          || coin || SI base unit
|- style="background-color:#ddffdd"
| san-bitcoin || ˢTBC || 0.16777216 || || 100 tonal
|- style="background-color:#ddddff"
| [[deci-bitcoin|deci-bitcoin]] || dBTC || 0.1        || || Rare
|- style="background-color:#ddffdd"
| ton-bitcoin || ᵗTBC || 0.01048576 || || 10 tonal
|- style="background-color:#ddddff"
| centi-bitcoin || cBTC || 0.01       || bitcent || Formerly frequent<ref>Bitcents were frequent until the November 2013 bubble</ref>
|- style="background-color:#ddddff"
| [[millibit|milli-bitcoin]] || mBTC || 0.001      || [[millibit]], millie || Occasional
|- style="background-color:#ddffdd"
| bitcoin || TBC || 0.00065536 || || Tonal base unit
|- style="background-color:#ddffdd"
| bitcoin-ton || TBCᵗ || 0.00004096 || || 0.1 tonal
|- style="background-color:#ddffdd"
| bitcoin-san || TBCˢ || 0.00000256 || || 0.01 tonal
|- style="background-color:#ddddff"
| [[bit (unit)|micro-bitcoin]] || μBTC || 0.000001   || [[bit (unit)|bit]] || Frequent
|- style="background-color:#ddffdd"
| bitcoin-mill || TBCᵐ || 0.00000016 || || 0.001 tonal
|-
| || || 0.0000001  || finney<ref>[http://www.reddit.com/r/Bitcoin/comments/2ewp3z/i_propose_we_rename_00000001_btc_as_the_finney/ After Hal Finney, Bitcoin Pioneer]</ref> ||
|- style="background-color:#ddffdd"
| bitcoin-bong || TBCᵇ || 0.00000001 || || 0.0001 tonal
|-
| || sat || 0.00000001 || [[Satoshi (unit)|satoshi]] || Blockchain value
|-
| || msat || 0.00000000001 || millisatoshi<ref>[https://github.com/ElementsProject/lightning/blob/master/README.md#receiving-and-receiving-payments Receiving and receiving payments]</ref> || [[Lightning Network|Payment channel value]]
|}

==See also==
*[[Tonal Bitcoin]]
*[[Satoshi (unit)]]

==References==
<references />

[[de:Einheiten]]

Units

2022-05-04T21:54:40Z

Tris T7: Added standard unit for standard terms

Most commonly, units of bitcoin are expressed in decimal exponents such as BTC ("bitcoins"), mBTC ("millibitcoins") and μBTC ("[[bit (unit)|micro-bitcoin]] or [[bit (unit)|bit]] ").

==Decimal metric units==

The BTC unit was chosen to represent a value of 108 so as to give sub-unit precision rather than large whole numbers.
Mirroring the standard ''Le Système International d'Unités'', this allows for divisions of 1/10th (deci-bitcoins, dBTC), 1/100th (centi-bitcoins, cBTC), 1/1 000th (milli-bitcoins, mBTC), and 1/1 000 000 (micro-bitcoins, μBTC).

===Bits===

Many have adopted the practice of referring to the micro-bitcoin metric sub-unit as "bits".


==Table of all units==

This table is intended to include all well-defined units of bitcoin value, including less common and niche units.

{| class="wikitable sortable" style="text-align:right;font-family:Console, fixed, monospace"
|-
! Unit !! Abbreviation !! Decimal (BTC) !! Alternate names !! Info
|-
| Algorithmic maximum || || 20,999,999.9769     || || [http://www.wolframalpha.com/input/?i=%28sum%28210000*floor%285000000000%2F2^i%29%29%2C+i%3D0+to+32%29%2F10000000 Calculation]
|- style="background-color:#ddffdd"
| tam-bitcoin || || 2,814,749.76710656 || || 1,0000,0000 tonal
|- style="background-color:#ddddff"
| mega-bitcoin || MBTC || 1,000,000          || || Rare in context
|- style="background-color:#ddddff"
| kilo-bitcoin || kBTC || 1,000          || || Rare in context
|- style="background-color:#ddddff"
| hecto-bitcoin || hBTC || 100          || || Rare
|-
| Initial block subsidy || || 50          || || Until [[Halving day 2012|block 210000]]<ref>{{cite block|209999|year=2012|month=11|day=28|hash=00000000000000f3819164645360294b5dee7f2e846001ac9f41a70b7a9a3de1}}</ref>
|- style="background-color:#ddffdd"
| bong-bitcoin || ᵇTBC || 42.94967296 || || 1,0000 tonal
|-
| Current block subsidy || || 6.25        || block || As of halving day 2020, block 630000
|- style="background-color:#ddddff"
| deca-bitcoin || daBTC || 10          || || Rare
|- style="background-color:#ddffdd"
| mill-bitcoin || ᵐTBC || 2.68435456 || || 1000 tonal
|- style="background-color:#ddddff"
| bitcoin || BTC || 1          || coin || SI base unit
|- style="background-color:#ddffdd"
| san-bitcoin || ˢTBC || 0.16777216 || || 100 tonal
|- style="background-color:#ddddff"
| deci-bitcoin || dBTC || 0.1        || || Rare
|- style="background-color:#ddffdd"
| ton-bitcoin || ᵗTBC || 0.01048576 || || 10 tonal
|- style="background-color:#ddddff"
| centi-bitcoin || cBTC || 0.01       || bitcent || Formerly frequent<ref>Bitcents were frequent until the November 2013 bubble</ref>
|- style="background-color:#ddddff"
| [[millibit|milli-bitcoin]] || mBTC || 0.001      || [[millibit]], millie || Occasional
|- style="background-color:#ddffdd"
| bitcoin || TBC || 0.00065536 || || Tonal base unit
|- style="background-color:#ddffdd"
| bitcoin-ton || TBCᵗ || 0.00004096 || || 0.1 tonal
|- style="background-color:#ddffdd"
| bitcoin-san || TBCˢ || 0.00000256 || || 0.01 tonal
|- style="background-color:#ddddff"
| [[bit (unit)|micro-bitcoin]] || μBTC || 0.000001   || [[bit (unit)|bit]] || Frequent
|- style="background-color:#ddffdd"
| bitcoin-mill || TBCᵐ || 0.00000016 || || 0.001 tonal
|-
| || || 0.0000001  || finney<ref>[http://www.reddit.com/r/Bitcoin/comments/2ewp3z/i_propose_we_rename_00000001_btc_as_the_finney/ After Hal Finney, Bitcoin Pioneer]</ref> ||
|- style="background-color:#ddffdd"
| bitcoin-bong || TBCᵇ || 0.00000001 || || 0.0001 tonal
|-
| || sat || 0.00000001 || [[Satoshi (unit)|satoshi]] || Blockchain value
|-
| || msat || 0.00000000001 || millisatoshi<ref>[https://github.com/ElementsProject/lightning/blob/master/README.md#receiving-and-receiving-payments Receiving and receiving payments]</ref> || [[Lightning Network|Payment channel value]]
|}

==See also==
*[[Tonal Bitcoin]]
*[[Satoshi (unit)]]

==References==
<references />

[[de:Einheiten]]

Sidechain

2022-04-08T16:56:26Z

Tris T7: /* Discussion */ edited ref

A ''sidechain'' or ''pegged sidechain'' enables bitcoins and other ledger assets to be transferred between multiple blockchains. This gives users access to new and innovative cryptocurrency systems using the assets they already own. By reusing Bitcoin's currency, these systems can more easily interoperate with each other and with Bitcoin, avoiding the liquidity shortages and market fluctuations associated with new currencies. Since sidechains are separate systems, technical and economic innovation is not hindered. Despite bidirectional transferability between Bitcoin and pegged sidechains, they are isolated: in the case of a cryptographic break (or malicious design) in a sidechain, the damage is entirely confined to the sidechain itself.

== Discussion ==

A sidechain is a mechanism that allows you to move your bitcoins to another, completely independent blockchain, trade them there, and they can then be moved back to main bitcoin blockchain I will try to explain how it should work:

You may have already encountered the idea of a one-way peg. This means that you destroy some BTC, and you gain some other currency for doing that. Example: when Counterparty started, people could “burn” some of their BTC by sending them to an unspendable address, and for doing it, they received newly created XCP tokens. This is called a one-way peg, and it cannot be reversed. You can only move the money one way, you cannot turn it back to BTC later.

Sidechains extends this idea, and creates a two-way peg, that lets you move it back and forth. Instead of destroying BTC by making them unspendable, you lock them in little boxes. These boxes do not belong to any address, they are instead controlled by a bitcoin script. For each box you lock this way, you get newly created tokens on the sidechain (which is another blockchain, complete separate network). You can then give these tokens to someone, pay with them, and when he wants to bring them back to the Bitcoin blockchain, he can just destroy the tokens in the same way. Providing a cryptographic proof that he destroyed the tokens will allow him to open a locked box and collect the Bitcoin.

So the value is pegged, because you can freely turn one into the other at any time.

The purpose of this trick is to allow people to safely experiment with different rules, networks and consensus mechanisms, that may be suitable for different purposes, without putting the main Bitcoin network at risk. In other words, it creates an area where you can bring some of the BTC you have, try some crazy experimental stuff, and then bring them back.<ref>https://www.reddit.com/r/Bitcoin/comments/32w9he/eli5_how_do_sidechains_work/cqfb0te/</ref>

== External links ==

* https://blockstream.com/sidechains.pdf

==References==
<references />

[[Category:Technical]]
[[Category:Scalability]]
[[Category:Privacy]]

Timelock

2022-04-08T16:54:01Z

Tris T7: /* Relative locktime */ edited ref

A '''Timelock''' is a type of smart contract primitive that restricts the spending of some bitcoins until a specified future time or block height. Timelocks feature prominently in many Bitcoin [[Contracts|smart contracts]], including [[payment channels]] and [[Hashed Timelock Contracts|hashed timelock contracts]]. It can also be used to lock-up bitcoins held as an investment for a period of months or years. Time lock is also used to make [[fee sniping]] less profitable, and for [[Techniques_to_reduce_transaction_fees#Pre-computed_fee_bumping|trustless precomputed fee bumping]].

== Primitives ==

=== nLockTime ===

''Main article: [[nLockTime]]''

In the original Bitcoin release, nodes would not relay nor mine transactions with nLockTime equal to or greater than the current block height (unless all inputs' sequence numbers were 0xffffffff), however they would accept blocks containing transactions with any value of nLockTime. In Bitcoin 0.1.6, the interpretation of nLockTime was adjusted to also allow time-based locking.<ref>https://github.com/bitcoin/bitcoin/commit/dd519206a684c772a4a06ceecc87c665ad09d8be#diff-23cfe05393c8433e384d2c385f06ab93R406</ref> Then, starting from block 31001 (December of 2009), the nLockTime restrictions were activated as a rule that also applied to block acceptance.<ref>https://github.com/bitcoin/bitcoin/commit/dd519206a684c772a4a06ceecc87c665ad09d8be#diff-118fcbaaba162ba17933c7893247df3aR1222</ref> Later, in July of 2016, the time based locks were changed to operate on the [[median time past]] instead of the block's timestamp.<ref>https://github.com/bitcoin/bips/blob/master/bip-0113.mediawiki</ref>

Although every transaction contains the nLockTime field, every wallet up until recently set nLockTime to <code>0</code>, meaning the transaction was valid in any block. Starting with [[Bitcoin Core]] 0.11.0, every normal transaction automatically generated by began including an nLockTime set to a recent block height as a way to make hypothesized [[fee sniping]] less profitable<ref name="anti_fee_sniping"/>; other wallets are recommended to do the same. Approximately 20% of all bitcoin transactions set a nLockTime value different from zero<ref>https://p2sh.info/dashboard/db/blocks-statistics?panelId=4&fullscreen&orgId=1</ref> as of early-2019.

=== CheckLockTimeVerify ===

In late 2015, the BIP65 soft fork<ref name="bip65"/> redefined the NOP2 opcode as the [[CheckLockTimeVerify]] (CLTV) opcode, allowing transaction outputs (rather than whole transactions) to be encumbered by a timelock. When the CLTV opcode is called, it will cause the script to fail unless the nLockTime on the transaction is equal to or greater than the time parameter provided to the CLTV opcode. Since a transaction may only be included in a valid block if its nLockTime is in the past, this ensures the CLTV-based timelock has expired before the transaction may be included in a valid block.

CLTV is currently used in [[Payment_channels#CLTV-style_payment_channels|CLTV-style payment channels]] and [[fidelity bonds#Time-Locked Fidelity Bond|Time-Locked fidelity bonds]].

=== Relative locktime ===

In mid-2016, the [[BIP 0068]]/[[BIP 0112|112]]/[[BIP 0113|113]] soft fork gave consensus-enforced meaning to some values in the [[nSequence]] field<ref name="bip68"/> that is a part of every transaction input, creating a "relative locktime".{{citation needed}} This allowed an input to specify the earliest time it can be added to a block based on how long ago the output being spent by that input was included in a block on the block chain.

=== CheckSequenceVerify ===

Also part of the BIP68/112/113 soft fork was the [[CheckSequenceVerify]] opcode<ref name="bip112"/>, which provides for relative locktime the same feature CLTV provides for absolute locktime. When the CSV opcode is called, it will cause the script to fail unless the nSequence on the transaction indicates an equal or greater amount of relative locktime has passed than the parameter provided to the CSV opcode. Since an input may only be included in a valid block if its relative locktime is expired, this ensures the CSV-based timelock has expired before the transaction may be included in a valid block.

CSV is used by [[Lightning Network]] transactions.

== Far-future locks ==

It is not advised to lock up bitcoins into the far future because it takes on risk of the bitcoin network changing. For example, if there were an ECDSA or RIPEMD160 algorithm break that made any coins spendable with a few months of CPU time, the network might need to to prohibit moving old unspent coins after some transition, but long locktimed coins could not make such a transition.

OP_CheckSequenceVerify allows locking for at most 65535 blocks (about 455 days) or for at most 65535*512 seconds (about 388 days). OP_CheckLockTimeVerify could be used to lock up coins for several centuries.

Occasionally coins have been accidentally locked up for a long time.<ref>https://github.com/OutCast3k/coinbin/issues/35#issuecomment-167440998</ref>

== See Also ==

* [https://coinb.in/#newTimeLocked coinb.in's time-locked page] javascript page for creating time-locked bitcoin wallets.
* [https://www.reddit.com/r/Bitcoin/comments/4p4klg/bitcoin_core_project_the_csv_soft_fork_has/d4i01he/ Reddit discussion of the possible uses OP_CHECKSEQUENCEVERIFY]

== References ==
<references>
<ref name="bip65">[https://github.com/bitcoin/bips/blob/master/bip-0065.mediawiki BIP65: OP_CHECKLOCKTIMEVERIFY] Peter Todd Retrieved 2016-04-12</ref>
<ref name="bip68">[https://github.com/bitcoin/bips/blob/master/bip-0068.mediawiki BIP68: Relative lock-time using consensus-enforced sequence numbers] Mark Friedenbach, BtcDrak, Nicolas Dorier, and kinoshitajona Retrieved 2016-04-12</ref>
<ref name="bip112">[https://github.com/bitcoin/bips/blob/master/bip-0112.mediawiki BIP112: CHECKSEQUENCEVERIFY] BtcDrak, Mark Friedenbach, Eric Lombrozo Retrieved 2016-04-12</ref>
<ref name="anti_fee_sniping">[https://bitcoin.org/en/release/v0.11.0 Bitcoin Core 0.11.0 release notes] Bitcoin.org Retrieved 2016-11-06</ref>
</references>

[[Category:Technical]]

Seed phrase

2022-04-08T16:48:45Z

Tris T7: /* Paper and pencil backup */ edited ref code

{{sample}}

A '''seed phrase''', '''seed recovery phrase''' or '''backup seed phrase''' is a list of words which [[Storing bitcoins|store]] all the information needed to recover Bitcoin funds [[Transaction|on-chain]]. Wallet software will typically generate a seed phrase and instruct the user to write it down on paper. If the user's computer breaks or their hard drive becomes corrupted, they can download the same wallet software again and use the paper backup to get their bitcoins back.

Anybody else who discovers the phrase can steal the bitcoins, so it must be kept safe like jewels or cash. For example, it must not be typed into any website.

Seed phrases are an excellent way of backing up and [[storing bitcoins]], so they are used by almost all well-regarded wallets.<ref>[https://bitcoin.org/en/choose-your-wallet Bitcoin.org: Choose your wallet]</ref>

Seed phrases can only backups funds on the [[block chain]]. They cannot store funds involved in [[off-chain transactions]] such as [[Lightning Network]] or [[Blinded bearer certificates]]. Although these technologies are in their infancy as of 2019 so its possible in future seed phrases could be used to backup them.

== BIP39 and its flaws ==

[[BIP_0039|BIP39]] is the most common standard used for seed phrases. One notable example is [[Electrum|Electrum wallet]], which is using its own standard, and for good reasons. BIP39 has some flaws, known in the technical community but not known much wider. They are described [https://electrum.readthedocs.io/en/latest/seedphrase.html#motivation here on this electrum doc page]. Most seriously, BIP39 flaws mean it is not true to say that backing up a BIP39 seed phrase and name of wallet software is the only thing a user needs to do to keep their money safe. BIP39 works this way because its designers wanted their hardware wallet to also support [[altcoin]]s. [https://walletsrecovery.org/ walletsrecovery.org] is an attempt at helping with this issue, but ideally there will be a better solution in the future.

== Example ==

An example of a non-BIP39 seed phrase is:

witch collapse practice feed shame open despair {{taggant private key}}creek road again ice least

The word order is important.

[[File:Mnemonic-seed-still-life.jpg|300px|thumb|none|alt=An example seed phrase written on paper|Example seed phrase on paper.]]

== Explanation ==

A simplified explanation of how seed phrases work is that the wallet software has a list of words taken from a dictionary, with each word assigned to a number. The seed phrase can be converted to a number which is used as the seed integer to a [[Deterministic wallet|deterministic wallet]] that generates all the [[Private key|key pairs]] used in the wallet.

The English-language wordlist for the BIP39 standard has 2048 words, so if the phrase contained only 12 random words, the number of possible combinations would be 2048^12 = 2^132 and the phrase would have 132 bits of security. However, some of the data in a BIP39 phrase is not random,<ref>[https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki#Generating_the_mnemonic BIP39: Generating the mnemonic]</ref> so the actual security of a 12-word BIP39 seed phrase is only 128 bits. This is approximately the same strength as all Bitcoin private keys, so most experts consider it to be sufficiently secure.<ref>[https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki#Security BIP32: Security]</ref>

It is not safe to invent your own seed phrase because humans are bad at generating randomness. The best way is to allow the wallet software to generate a phrase which you write down.

As seed phrases use natural language words, they have excellent error correction. Words written in bad handwriting can often still be read. If one or two letters are missing or unreadable the word can often still be deduced. The [[#Word_Lists|word list]] that the seed phrase words are drawn from is carefully chosen so that the first four letters of each word are enough to uniquely identify it. This compares well with writing down a raw [[private key]] where a single letter being unreadable or incorrect can make the private key useless (depending on the serialization format).

== Two-factor seed phrases ==

Seed phrases, like all backups, can store any amount of bitcoins. It's a concerning idea to possibly have enough money to purchase the entire building just sitting on a sheet of paper without any protection. For this reason many wallets make it possible to encrypt a seed phrase with a password.

The password can be used to create a two-factor seed phrase where both ''"something you have"'' plus ''"something you know"'' is required to unlock the bitcoins.

This works by the wallet creating a seed phrase and asking the user for a password. Then both the seed phrase and extra word are required to recover the wallet. Electrum and some other wallets call the passphrase a '''"seed extension"''', '''"extension word"''' or '''"13th/25th word"'''. The BIP39 standard defines a way of passphrase-protecting a seed phrase. A similar scheme is also used in the Electrum standard. If a passphrase is not present, an empty string "" is used instead.

'''Warning''': Forgetting this password will result in the bitcoin wallet and any contained money being lost. Do not overestimate your ability to remember passphrases especially when you may not use it very often.

'''Warning''': The seed phrase password should not be confused with the password used to encrypt the wallet file on disk. This is probably why many wallets call it an extension word instead of a password.

== Storing seed phrases for the long term ==

Most people write down phrases on paper but they can be stored in many other ways such as [[Brainwallet|memorizing]], engraving or stamping on metal, writing in the margins of a book, chiselling into a stone tablet or any other creative and inventive way.

In the past many people have accidentally lost bitcoins because of failed backups, mistyped letters, forgotten hard drives, or corrupted SSD devices. It's also important to protect the seed from accidental loss.

It could be a good idea to write some words of explanation on the same paper as the seed phrase. If storing for the long term you may forget what a phrase is how it should be treated. A sample explanation that can be adapted is:

<blockquote>These twelve words have control over BITCOINS. Keep this paper safe and secret like cash or jewellery. The bitcoin information on this paper is encrypted with a passphrase. It is part of a multi-signature wallet and was made by Electrum bitcoin wallet software on 2019-01-01.</blockquote>

==== Paper and pencil backup ====

Through bitter experience it has been found that one of the most practical storage mediums is '''pencil and paper'''. The private keys of a bitcoin wallet are encoded into [[seed phrase|random words from a dictionary]] which can be written down. If your hard drive crashes, you can find the paper with the [[seed phrase]] and restore the entire wallet. As [[seed phrase]]s use natural language words, they have good error correction. Words written in bad handwriting can often still be read. If one or two letters are missing the word can often still be deduced. The [[Seed_phrase#Word_Lists|word list]] that the seed phrase words are drawn from is carefully chosen so that the first four letters of each word are enough to uniquely identify it.

For storing on paper writing with pencil is much better than pen.<ref>[http://www.joethorn.net/blog/2011/12/07/pencil-does-not-fade Pencil Does Not Fade]
</ref><ref>[https://www.quora.com/How-do-I-maintain-a-paper-notebook-that-can-remain-for-years How do I maintain a paper notebook that can remain for years?]
</ref>
Paper should be acid-free or archival paper, and stored in the dark avoiding extremes of heat and moisture.<ref>[https://www.loc.gov/preservation/care/deterioratebrochure.html Essential facts about preservation of Paper]
</ref><ref>[https://www.quora.com/If-I-write-with-a-pencil-on-my-notebook-will-the-writing-last-for-a-long-time-say-50-years-or-will-it-just-fade-away-gradually Writing in a notebook with pencil]
</ref><ref>[http://copar.org/bulletin14.htm CoPAR: Creating records that will last]</ref>

==== Metal backup ====

Seed phrases can also be [https://blog.lopp.net/metal-bitcoin-seed-storage-stress-test--part-ii-/ stamped or engraved into metal] which is significantly more durable than paper. Metal backups are recommended if the threat model involves fire, water, extremes of temperature or physical stress.

==== Methods that are not recommended ====

Some methods that are not recommended are: storing in a file on a computer (including online), or storing online.

Some people get the idea to split up their phrases, like storing 6 words in one location and the other 6 words in another location. This is a bad idea and should not be done, because if one set of 6 words is discovered then it becomes far easier to brute-force the rest of the phrase. Storing bitcoins in multiple locations like this should be done with [[multi-signature]] wallets instead.

The [[Shamir Secret Sharing]] algorithm is sometimes promoted as a way to divide control of bitcoins, but in practice there are many pitfalls and trade-offs that make it not worth it.<ref>[https://blog.keys.casa/shamirs-secret-sharing-security-shortcomings/ Shamir's Secret Sharing Shortcomings] by Jameson Lopp, Casa blog, 2020</ref> 

Another bad idea is to add random decoy words that are somehow meaningful to you and later remove them to be left with only the 12-word phrase. The phrase words come from a known dictionary (see next section), so anybody can use that dictionary to weed out the decoy words.

It's possible but risky to memorize ([[Brainwallet]]s) seed phrases. This should probably only be done in situations that really need it, such as crossing a hostile border where one expects to be searched.

== Word lists ==

Generally, a seed phrase only works with the same wallet software that created it. If storing for a long period of time it's a good idea to write the name of the wallet too.

The BIP39 English word list has each word being uniquely identified by the first four letters, which can be useful when space to write them is scarce.

* [https://github.com/bitcoin/bips/blob/master/bip-0039/bip-0039-wordlists.md BIP39 wordlists]
* [https://github.com/spesmilo/electrum/blob/1.9.8/lib/mnemonic.py Electrum old-style wordlist]
* [https://github.com/spesmilo/electrum/blob/master/electrum/wordlist/english.txt Electrum new-style wordlist]

== Alternative name "mnemonic phrase" ==

Seed phrases are sometimes called ''mnemonic phrases'', especially in older literature. This is a bad name because the word "mnemonic" implies that the phrase should be memorized. It is less misleading to call them seed phrases.

== The power of backups ==

An especially interesting aspect in the power of paper backups is allowing your money to be two places at once. At the London Inside Bitcoin conference, the keynote speaker showed 25 paper backups they were carrying—all password-protected. With that, one can carry $100,000 which can instantly be moved to a phone or transferred yet with total security. If it's stolen, then there is no risk because it is backed up elsewhere. That is powerful.<ref>https://www.reddit.com/r/Bitcoin/comments/2hmnru/poll_do_you_use_paper_wallets_why_why_not_what/</ref>

== See also ==

* [https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki BIP39 seed phrase standard]
* [[Deterministic wallet]]
* [[Storing bitcoins]]
* [[Brainwallet]]
* [https://github.com/6102bitcoin/FAQ/blob/master/seed.md FAQ regarding bitcoin seeds]
* [https://www.hodlalert.com/2020/12/21/generating-cryptographically-secure-random-numbers-with-coins-and-a-cup/ Generating Bitcoin Seed Phrases With Coins and A Cup]

==References==
<references />

[[Category:Technical]]

Seed phrase

2022-04-08T16:47:52Z

Tris T7: /* Paper and pencil backup */ edited ref

{{sample}}

A '''seed phrase''', '''seed recovery phrase''' or '''backup seed phrase''' is a list of words which [[Storing bitcoins|store]] all the information needed to recover Bitcoin funds [[Transaction|on-chain]]. Wallet software will typically generate a seed phrase and instruct the user to write it down on paper. If the user's computer breaks or their hard drive becomes corrupted, they can download the same wallet software again and use the paper backup to get their bitcoins back.

Anybody else who discovers the phrase can steal the bitcoins, so it must be kept safe like jewels or cash. For example, it must not be typed into any website.

Seed phrases are an excellent way of backing up and [[storing bitcoins]], so they are used by almost all well-regarded wallets.<ref>[https://bitcoin.org/en/choose-your-wallet Bitcoin.org: Choose your wallet]</ref>

Seed phrases can only backups funds on the [[block chain]]. They cannot store funds involved in [[off-chain transactions]] such as [[Lightning Network]] or [[Blinded bearer certificates]]. Although these technologies are in their infancy as of 2019 so its possible in future seed phrases could be used to backup them.

== BIP39 and its flaws ==

[[BIP_0039|BIP39]] is the most common standard used for seed phrases. One notable example is [[Electrum|Electrum wallet]], which is using its own standard, and for good reasons. BIP39 has some flaws, known in the technical community but not known much wider. They are described [https://electrum.readthedocs.io/en/latest/seedphrase.html#motivation here on this electrum doc page]. Most seriously, BIP39 flaws mean it is not true to say that backing up a BIP39 seed phrase and name of wallet software is the only thing a user needs to do to keep their money safe. BIP39 works this way because its designers wanted their hardware wallet to also support [[altcoin]]s. [https://walletsrecovery.org/ walletsrecovery.org] is an attempt at helping with this issue, but ideally there will be a better solution in the future.

== Example ==

An example of a non-BIP39 seed phrase is:

witch collapse practice feed shame open despair {{taggant private key}}creek road again ice least

The word order is important.

[[File:Mnemonic-seed-still-life.jpg|300px|thumb|none|alt=An example seed phrase written on paper|Example seed phrase on paper.]]

== Explanation ==

A simplified explanation of how seed phrases work is that the wallet software has a list of words taken from a dictionary, with each word assigned to a number. The seed phrase can be converted to a number which is used as the seed integer to a [[Deterministic wallet|deterministic wallet]] that generates all the [[Private key|key pairs]] used in the wallet.

The English-language wordlist for the BIP39 standard has 2048 words, so if the phrase contained only 12 random words, the number of possible combinations would be 2048^12 = 2^132 and the phrase would have 132 bits of security. However, some of the data in a BIP39 phrase is not random,<ref>[https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki#Generating_the_mnemonic BIP39: Generating the mnemonic]</ref> so the actual security of a 12-word BIP39 seed phrase is only 128 bits. This is approximately the same strength as all Bitcoin private keys, so most experts consider it to be sufficiently secure.<ref>[https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki#Security BIP32: Security]</ref>

It is not safe to invent your own seed phrase because humans are bad at generating randomness. The best way is to allow the wallet software to generate a phrase which you write down.

As seed phrases use natural language words, they have excellent error correction. Words written in bad handwriting can often still be read. If one or two letters are missing or unreadable the word can often still be deduced. The [[#Word_Lists|word list]] that the seed phrase words are drawn from is carefully chosen so that the first four letters of each word are enough to uniquely identify it. This compares well with writing down a raw [[private key]] where a single letter being unreadable or incorrect can make the private key useless (depending on the serialization format).

== Two-factor seed phrases ==

Seed phrases, like all backups, can store any amount of bitcoins. It's a concerning idea to possibly have enough money to purchase the entire building just sitting on a sheet of paper without any protection. For this reason many wallets make it possible to encrypt a seed phrase with a password.

The password can be used to create a two-factor seed phrase where both ''"something you have"'' plus ''"something you know"'' is required to unlock the bitcoins.

This works by the wallet creating a seed phrase and asking the user for a password. Then both the seed phrase and extra word are required to recover the wallet. Electrum and some other wallets call the passphrase a '''"seed extension"''', '''"extension word"''' or '''"13th/25th word"'''. The BIP39 standard defines a way of passphrase-protecting a seed phrase. A similar scheme is also used in the Electrum standard. If a passphrase is not present, an empty string "" is used instead.

'''Warning''': Forgetting this password will result in the bitcoin wallet and any contained money being lost. Do not overestimate your ability to remember passphrases especially when you may not use it very often.

'''Warning''': The seed phrase password should not be confused with the password used to encrypt the wallet file on disk. This is probably why many wallets call it an extension word instead of a password.

== Storing seed phrases for the long term ==

Most people write down phrases on paper but they can be stored in many other ways such as [[Brainwallet|memorizing]], engraving or stamping on metal, writing in the margins of a book, chiselling into a stone tablet or any other creative and inventive way.

In the past many people have accidentally lost bitcoins because of failed backups, mistyped letters, forgotten hard drives, or corrupted SSD devices. It's also important to protect the seed from accidental loss.

It could be a good idea to write some words of explanation on the same paper as the seed phrase. If storing for the long term you may forget what a phrase is how it should be treated. A sample explanation that can be adapted is:

<blockquote>These twelve words have control over BITCOINS. Keep this paper safe and secret like cash or jewellery. The bitcoin information on this paper is encrypted with a passphrase. It is part of a multi-signature wallet and was made by Electrum bitcoin wallet software on 2019-01-01.</blockquote>

==== Paper and pencil backup ====

Through bitter experience it has been found that one of the most practical storage mediums is '''pencil and paper'''. The private keys of a bitcoin wallet are encoded into [[seed phrase|random words from a dictionary]] which can be written down. If your hard drive crashes, you can find the paper with the [[seed phrase]] and restore the entire wallet. As [[seed phrase]]s use natural language words, they have good error correction. Words written in bad handwriting can often still be read. If one or two letters are missing the word can often still be deduced. The [[Seed_phrase#Word_Lists|word list]] that the seed phrase words are drawn from is carefully chosen so that the first four letters of each word are enough to uniquely identify it.

For storing on paper writing with pencil is much better than pen.
<ref>[http://www.joethorn.net/blog/2011/12/07/pencil-does-not-fade Pencil Does Not Fade]
</ref><ref>[https://www.quora.com/How-do-I-maintain-a-paper-notebook-that-can-remain-for-years How do I maintain a paper notebook that can remain for years?]
</ref>
Paper should be acid-free or archival paper, and stored in the dark avoiding extremes of heat and moisture
<ref>[https://www.loc.gov/preservation/care/deterioratebrochure.html Essential facts about preservation of Paper]
</ref><ref>[https://www.quora.com/If-I-write-with-a-pencil-on-my-notebook-will-the-writing-last-for-a-long-time-say-50-years-or-will-it-just-fade-away-gradually Writing in a notebook with pencil]
</ref><ref>[http://copar.org/bulletin14.htm CoPAR: Creating records that will last]</ref>.

==== Metal backup ====

Seed phrases can also be [https://blog.lopp.net/metal-bitcoin-seed-storage-stress-test--part-ii-/ stamped or engraved into metal] which is significantly more durable than paper. Metal backups are recommended if the threat model involves fire, water, extremes of temperature or physical stress.

==== Methods that are not recommended ====

Some methods that are not recommended are: storing in a file on a computer (including online), or storing online.

Some people get the idea to split up their phrases, like storing 6 words in one location and the other 6 words in another location. This is a bad idea and should not be done, because if one set of 6 words is discovered then it becomes far easier to brute-force the rest of the phrase. Storing bitcoins in multiple locations like this should be done with [[multi-signature]] wallets instead.

The [[Shamir Secret Sharing]] algorithm is sometimes promoted as a way to divide control of bitcoins, but in practice there are many pitfalls and trade-offs that make it not worth it.<ref>[https://blog.keys.casa/shamirs-secret-sharing-security-shortcomings/ Shamir's Secret Sharing Shortcomings] by Jameson Lopp, Casa blog, 2020</ref> 

Another bad idea is to add random decoy words that are somehow meaningful to you and later remove them to be left with only the 12-word phrase. The phrase words come from a known dictionary (see next section), so anybody can use that dictionary to weed out the decoy words.

It's possible but risky to memorize ([[Brainwallet]]s) seed phrases. This should probably only be done in situations that really need it, such as crossing a hostile border where one expects to be searched.

== Word lists ==

Generally, a seed phrase only works with the same wallet software that created it. If storing for a long period of time it's a good idea to write the name of the wallet too.

The BIP39 English word list has each word being uniquely identified by the first four letters, which can be useful when space to write them is scarce.

* [https://github.com/bitcoin/bips/blob/master/bip-0039/bip-0039-wordlists.md BIP39 wordlists]
* [https://github.com/spesmilo/electrum/blob/1.9.8/lib/mnemonic.py Electrum old-style wordlist]
* [https://github.com/spesmilo/electrum/blob/master/electrum/wordlist/english.txt Electrum new-style wordlist]

== Alternative name "mnemonic phrase" ==

Seed phrases are sometimes called ''mnemonic phrases'', especially in older literature. This is a bad name because the word "mnemonic" implies that the phrase should be memorized. It is less misleading to call them seed phrases.

== The power of backups ==

An especially interesting aspect in the power of paper backups is allowing your money to be two places at once. At the London Inside Bitcoin conference, the keynote speaker showed 25 paper backups they were carrying—all password-protected. With that, one can carry $100,000 which can instantly be moved to a phone or transferred yet with total security. If it's stolen, then there is no risk because it is backed up elsewhere. That is powerful.<ref>https://www.reddit.com/r/Bitcoin/comments/2hmnru/poll_do_you_use_paper_wallets_why_why_not_what/</ref>

== See also ==

* [https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki BIP39 seed phrase standard]
* [[Deterministic wallet]]
* [[Storing bitcoins]]
* [[Brainwallet]]
* [https://github.com/6102bitcoin/FAQ/blob/master/seed.md FAQ regarding bitcoin seeds]
* [https://www.hodlalert.com/2020/12/21/generating-cryptographically-secure-random-numbers-with-coins-and-a-cup/ Generating Bitcoin Seed Phrases With Coins and A Cup]

==References==
<references />

[[Category:Technical]]

Hardware wallet

2022-04-08T16:44:49Z

Tris T7: /* Opendime: Bitcoin Credit Stick */ removed code for article link error

A '''hardware wallet''' is a special type of [[wallet|bitcoin wallet]] which stores the user's private keys in a secure hardware device.

They have major advantages over standard software wallets:

* private keys are often stored in a protected area of a microcontroller, and cannot be transferred out of the device in plaintext
* immune to computer viruses that steal from software wallets
* can be used securely and interactively, private keys never need to touch potentially-vulnerable software
* much of the time, the software is open source, allowing a user to validate the entire operation of the device

This page is an attempt to summarize all the known developments of hardware wallets that can use Bitcoin as part of their operation.

== Security risks ==

To date there have been no verifiable incidents of Bitcoins stolen from hardware wallets. Hardware wallets are relatively new, but at least for the time being they have maintained a good track record, unlike the numerous incidents of Bitcoin theft from Internet-connected computers.

However, it's important to understand that hardware wallets are a high value target and depend on various assumptions holding true to maintain security. They are not a silver bullet, and there are several realistic ways in which a hardware wallet can fail to protect your Bitcoin. These risks need to be carefully considered when deciding how much trust to place in a hardware wallet, and which hardware wallet to buy.

How a hardware wallet could fail to protect your Bitcoin:

# '''Malware swaps recipient Bitcoin addresses''': a hardware wallet won't protect you from being tricked into sending Bitcoin to the wrong address. For example, malware on a PC could monitor for high value transactions and then swap out the recipient's authentic Bitcoin address for an address controlled by the attacker. When the stakes are high, multi factor (e.g., over the phone) confirmation of a recipient's Bitcoin address is recommended.
# '''Insecure RNG ([https://en.wikipedia.org/wiki/Random_number_generation Random Number Generator])''': hardware wallets rely on the security of an RNG, often embedded in hardware, to generate your wallet's private keys securely. Unfortunately, it is notoriously difficult to verify the true randomness of the RNG. An insecure RNG may create wallet keys that can later be recreated by an attacker, by generating psuedo-randomness that would seem statistically indistinguishable from true randomness yet still be predictable to an advanced attacker. An RNG may become insecure as a result of malicious weakening or an unintentional mistake. This failure mode is common to any wallet generation procedure in which the true randomness of the source of entropy being used can not be verified.
# '''Imperfect implementation''': the security of all computing devices relies on the quality of their implementation. Hardware wallets are no exception. Bugs at the software, firmware or hardware level may allow attackers to break into a hardware wallet and gain unauthorized access to secrets. Even if the design is perfect, proving the security of a hardware or software implementation is a very hard, mostly unsolved problem. To date, no wallet in existence is implemented using provably correct software.
# '''Compromised production process''': even a perfect software and hardware implementation of a hardware wallet would be vulnerable to a corrupt production process that introduces intentional or unintentional holes into the final product. The introduction of hardware backdoors is a [https://www.wired.com/2016/06/demonically-clever-backdoor-hides-inside-computer-chip/ real concern] for high risk financial and military applications.
# '''Compromised shipping process''': a compromised fulfillment process may substitute or modify secure devices for superficially identical but insecure replacements. Government programs that intercept hardware and modify them in route to insert backdoors [https://arstechnica.com/.../photos-of-an-nsa-upgrade-factory-show-cisco-router-getting-implant/ are known to exist].

In summary:

* While not a silver bullet hardware wallets can still be extremely useful, assuming you take care to use a good one: an authentic device manufactured by trustworthy, technically competent security experts with a good reputation (e.g., [[TREZOR]]).

* [[Cold storage]] solutions implemented with open source software and general purpose hardware (e.g., [[BitKey]], Pi Wallet), using a verifiable source of entropy such as physical dice may provide superior security for some use cases (e.g., long term savings).

== Connecting to a full node ==

By default, most hardware wallets instruct the user to connect to the manufacturer's own web interface. The web page cannot steal the user's private keys but can spy on them or trick them into accept fake payments.

Hardware wallets only keep the [[private keys]] safe and create spending transactions; they cannot tell you if you have actually received coins and in what quantity. Bitcoin's security model also requires that [[full node]] wallets are used. If not, somebody could pay you with a transaction of something other than bitcoin. If bitcoin is digital gold then a full node wallet is your own personal goldsmith who checks that the incoming payments are actually real. Also the third-party wallet will see all your [[Address|bitcoin addresses]] so this is very damaging to your privacy.

Most hardware wallets can be connected to [[Electrum]] bitcoin wallet. Electrum can be connected to your own [[Electrum#Electrum Personal Server|full node via a server]].

See also: [[Full node#Why should you use a full node wallet]]

== Commercial hardware wallets (ordered chronologically) ==

=== [[Trezor|Trezor One]] ===
[[File:Trezor-tx.jpg|300px|thumb|left|Confirming the transaction with Trezor]]

[[Trezor]] is a secure bitcoin storage and a transaction signing tool with open source hardware and software. The private keys are generated by the device and never leave it thus they cannot be accessed by a malware.

It uses a deterministic wallet structure which means it can hold an unlimited number of keys ([[BIP 0032]]/[[BIP 0044]]). A recovery seed is generated when the device is initialized. In case Trezor gets lost or stolen, all its contents can be recovered using this seed (private keys, bitcoin balance and transaction history) into a new device or another [[BIP 0039]]/[[BIP 0044]] compatible wallet.

Trezor also introduced a unique way of PIN entering preventing keyloggers from recording it even when entered on a compromised computer. An encryption passphrase can be set on top of the PIN protection. More passphrases can be used for plausible deniability.

Trezor One offers everything needed to protect cryptocurrency funds together with advanced features like [https://wiki.trezor.io/User_manual:Password_Manager Password manager] or [https://wiki.trezor.io/User_manual:Two-factor_Authentication_with_U2F U2F two-factor authorization].

''See also [[Hardware wallet#Trezor Model T|Trezor Model T - next-generation cryptocurrency hardware wallet]]''

[https://shop.trezor.io Trezor E-shop] | [https://wiki.trezor.io Trezor Wiki] | [https://trezor.io Trezor Homepage]

 

=== KeepKey: Your Private Bitcoin Vault ===
[[File:keepkey.jpg|300px|thumb|left|KeepKey showing a bitcoin transaction that needs to be manually approved.]]

KeepKey is a USB device that stores and secures your bitcoins. When you entrust KeepKey with your money, each and every bitcoin transaction you make must be reviewed and approved via it's OLED display and confirmation button.

KeepKey has a unique recovery feature utilizing a rotating cipher to restore private keys with a [[BIP 0039]] recovery seed. This means it is not necessary to store your private keys on KeepKey: the recovery process is secure enough so that KeepKey can be used as a transaction device for paper backups.

[https://www.keepkey.com keepkey.com]

 

=== Opendime: Bitcoin Credit Stick ===

[[file:Opendime.jpeg|300px|thumb|left|Opendime Package]]

The 1st Bitcoin Bearer Bond or just call it a "Bitcoin Stick"

Opendime is a small USB stick that allows you to spend Bitcoin like a dollar bill. Pass it along multiple times.
Connect to any USB to check balance. Unseal anytime to spend online. Trust no one.

It comes in the shape of a mini USB, and Opendime-ui.png|setting it up is astonishingly quick and simple. You plug OpenDime into a USB port, and it behaves just like a USB drive with a tiny amount of storage. In its folder, is a web page. You open the webpage in your browser, and there’s only one instruction to follow: “Drop a file onto the drive”. Once you do that, the OpenDime automagically generates a unique address for you to receive Bitcoin with.

[https://opendime.com Opendime.com]

* [https://opendime.com/#faq Opendime FAQ]
* You can watch a [https://www.youtube.com/watch?v=9UFF9d3Y1BY video here]
* Read this [https://medium.com/@beautyon_/exquisite-opendime-ad1195a2790e review]
* Multi-language user interface: 中文 • 日本語 • English • Portuguese • Français • Deutsch • Русский
* Works as USB drive with no need for software
* [https://github.com/opendime/electrum Opendime Electrum plugin]
* [https://github.com/opendime/ Opendime source files and key verification]

 

=== Coldcard: Ultra-secure Bitcoin Hardware Wallet ===

[[file:Coldcard.png|300px|thumb|left|Coldcard Front and Back]]

* Coldcard is an easy to use, ultra-secure, open-source and affordable hardware wallet that is easy to back up via an encrypted microSD card. Your private key is stored in a dedicated security chip. MicroPython software design allows you to make changes.
* BIP39 based, which means you can backup the secret words onto paper, and have lots of sub-accounts and unlimited independent payment addresses. Now with BIP39 passphrase support, unlocking up to 5.9e197 additional wallets from the same seed words! It knows how to understand transactions, so you can see what you are approving.
* The first "Partially Signed Bitcoin Transaction Format" - PSBT (BIP 174) native wallet which can be used completely offline for its entire lifecycle. See HWI for Bitcoin Core support!
* True air-gap cold operation via MicroSD sneakernet or standard via USB

[http://www.coldcardwallet.com Coldcardwallet.com]

* [https://coldcardwallet.com/faq Coldcard FAQ]
* [https://coldcardwallet.com/docs Coldcard Docs]
* [https://github.com/coldcard/firmware Coldcard Source Code]

 

=== CoolWallet: The Ultimate Bitcoin Safe ===


[[File:CoolWallet in the box.jpeg|300px|thumb|left|CoolWallet showing Launch App, waiting for user to connect with smartphone via Bluetooth]]

CoolWallet is a credit card sized Bluetooth device that stores and secures your bitcoins and private keys. It fits in your wallet and works wirelessly.

Every Bitcoin transaction must be manually confirmed and approved through its e-paper display and button.

CoolWallet only acknowledges the paired smartphone. Whoever stole the CoolWallet are not able to steal any bitcoins. Using recovery Seed can restore all your bitcoins in case you lost the device.

[https://coolbitx.com coolbitx.com] | [https://github.com/CoolBitX-Technology/coolwallet-ios Source and specifications]

 

=== BlochsTech card: Your user friendly Bitcoin wallet ===


[[file:BlochsTech Bitcoin card hardware wallet.jpg|300px|thumb|left|Graphic printed on front of BlochsTech cards.]]

The BlochsTech open Bitcoin card is an open protocol secure hardware Bitcoin wallet your grandmother could use.
For shops it's faster to accept than slow QR code based wallets and more reliable as it works offline.

Currently it's of course in a novelty phase like Casascius coins (of which thousands were sold),
however in the long run it is fully capable of functionally replacing the VISA system in all nations.

[http://www.BlochsTech.com BlochsTech.com]

 

=== BitLox Bitcoin Hardware Wallet ===
[[file:Bitlox.jpg|300px|thumb|left|BitLox Bitcoin Hardware Wallet]]

BitLox is a metal cased (aluminum or titanium) bitcoin hardware wallet that works with their own web based wallet by USB and apps for iPhone and Android using Bluetooth LE.

At present it is the only bitcoin hardware wallet you can buy that works with iPhone. The device weighs one ounce and is the size of a credit card 4 mm thick.

Bitlox allows you to set up hidden wallets. Unlike other hardware wallets your seed is never displayed on a connected computer or phone but only on the Bitlox. All your wallet, device and transaction PINs are only entered on the BitLox and never on any app.

BitLox has also implemented several advanced security features not available on any other bitcoin hardware wallet.

[http://www.bitlox.com bitlox.com]

 

=== Ledger Nano S ===
[[File:ledger_wallet_nanos_photo.png|300px|thumb|left|Ledger Wallet Nano S]]

Ledger Nano S is a secure Bitcoin hardware wallet. It connects to any computer through USB and embeds a built-in OLED display to double-check and confirm each transaction with a single tap on its buttons. It is architectured around a Secure Element (ST31 family) and built on top of the BOLOS platform, a powerful and flexible Operating System allowing the secure execution of multiple Open Source applications in full isolation.

Main features:
* cryptographic secrets protected by a secure chip
* open source embedded Bitcoin app
* Confirmation of transactions on the embedded screen
* Built-in 4 digits PIN security lock
* Built-in onboarding (seed generation and recovery)
* BIP39 seed (12/18/24 words), easy backup and restoration
* Multi-apps support: FIDO U2F, GPG, SSH…
* USB connectivity
* Foldable and compact casing

[https://www.ledgerwallet.com/products/12-ledger-nano-s Ledger Nano S product page]

 

=== Ledger Nano X ===

[[File:Ledger Nano X.png|300px|thumb|left|Ledger Wallet Nano X]]
Ledger Nano X is a secure hardware wallet. It features Bluetooth Low Energy (BLE) connectivity enabling it to be used with Android or iOS devices without the need of a cable. 
Main features:
* Multi-services: Hardware Wallet, Cryptographic Platform, Password Manager, Second Factor authenticator
(FIDO)
* Comply with several cryptocurrencies
* USB connectivity
* BLE v5.0 connectivity
* Open Source Device App: all Device Apps developed by Ledger can be reviewed and verified by End-Users
* Developer friendly: develop a Device App and then install it on the Ledger Nano X
* Comply with the main BIP standards: [BIP32], [BIP39] and [BIP44]
* Multi-platform: Windows (7+), Mac (10.9+), Linux or Chrome OS
* OLED screen: to verify the transaction data (amount, address)
* Buttons: used to get the End-User’s consent relative to sensitive operations like unlocking the device or processing a transaction
* PIN: to unlock the Ledger Nano X
* Plausible deniability: an additional PIN linked to a passphrase can be defined to create an hidden account
* Genuine PSD: cryptographic attestation mechanisms ensuring that the Ledger Nano X is a genuine one
* Post-issuance capability: all piece of software (MCU Firmware, SE Firmware, Device Apps) can be securely updated

[https://shop.ledger.com/products/ledger-nano-x Ledger Nano X product page]

 
=== [[Prokey|Prokey Optimum Trezor clone]] ===
[[File:Optimum-in-hand.jpg|300px|thumb|left|WebUSB-enabled hardware wallet, the Prokey Optimum]]
The Prokey Optimum is a [[Trezor|Trezor One clone]] that connects to any computer and android phones through USB and users required to always press OK button on device to confirm right addresses, amounts, and fees before making any transactions.
It focuses on the following features :

* Secure Firmware: Genuine firmware that implements mutual authentication between the device and the server to prevents supply-chain attacks.
* All-Inclusivity: No third-party wallets, manage everything on a single platform
* Supports Bitcoin, Ethereum, ERC20 Tokens, OMNI Layer and more cryptocurrencies, It's the first hardware wallet that fully support USDT as both Omni and ERC20 Tokens
* In-Browser Operation: WebUSB-based operations renders no need of additional download of bridges, applications, extensions, or executable files

Equipped with other features like passphrases and offline recovery seed checking, the Prokey Optimum offers maximum security and also is user-friendly to provide the best experience when dealing with cryptocurrency.

[https://prokey.io/ Homepage of Prokey Hardware Wallet]

 

=== Secalot ===
[[File:secalot_wallet.png|300px|thumb|left|Secalot]]

Main features:
* Software and hardware are fully open sourced.
* Utilizes a secure microcontroller with a high performance dedicated cryptographic co-processor.
* Integrates with the popular Electrum wallet.
* PIN-code protected.
* Confirm transactions with a touch button press on the device.
* Supports P2PKH, P2SH, and segWit transactions.
* Updatable firmware.
* Extra functionality: OpenPGP smart card, FIDO U2F authenticator, one-time password generator.

Website: [https://www.secalot.com www.secalot.com]

 

=== ELLIPAL - Airgapped hardware wallet with mobile support ===
[[File:Ellipal wallet.png|300px|thumb|left|ELLIPAL]]

ELLIPAL hardware wallet secures keys in cold storage without connections except for LCD screen. It works with companion mobile App via QR code.

Main features:
* Working with mobile phone via QR code
* Internet Isolated Cold Wallet
* Supporting multi-currencies and more than 7,000 tokens
* Supports P2PKH, P2SH, and segWit transactions
* 4" Screen with touch panel
* Support private key import
* PIN-code and gesture pattern protect
* Confirmation of transactions details on the screen
* BIP32/BIP39/BIP44
* iPhone and Android companion App: account management, market info and coin exchange.

[https://www.ellipal.com ELLIPAL Hardware Wallet Homepage] | [https://www.ellipal.com/pages/coin-list ELLIPAL Supported Coins]

 

=== ELLIPAL Titan Cold Wallet ===
[[File:Ellipaltitan.jpg|300px|thumb|left|ELLIPAL Titan]]

ELLIPAL Titan is the upgraded version of the ELLIPAL EC01 hardware wallet. Main upgrades are within the hardware which improves protection against physical attacks while keeping absolute protection against remote attacks. ELLIPAL Titan works with ELLIPAL mobile App to secure and manage your cryptocurrency. Information is transferred between the cold wallet and App via QR code only.

New additional features:
* IP65 metal sealed frame - Light water jet & dust protection
* Disassembly test: [https://www.youtube.com/watch?v=DuPcJudtd2o Video]
* Fully isolated components, can never be connected to another device
* USB port removed - no ports on the device
* Anti-Tamper feature - data automatically deleted upon detection of a breach
* Decentralized Finance: [https://www.ellipal.com/pages/buy-crypto buy cryptocurrency], exchange, and stake of coins.
* Verifiable and secure QR code [https://github.com/ELLIPAL?tab=repositories Github]

[https://www.ellipal.com/pages/coldwallet Buy Cold Wallet] | [https://www.reddit.com/r/ELLIPAL_Official/ ELLIPAL on Reddit] | [https://www.ellipal.com/pages/reviews ELLIPAL Reviews]

 

=== [[Trezor|Trezor Model T]] ===
[[File:Trezor-model-t-photo-front.jpg|300px|thumb|left|Trezor Model T]]

Trezor Model T is the premium version and next-generation cryptocurrency hardware wallet. In addition to the functionalities of Trezor One, it has a colored touchscreen for secure on-device input, modern design, an SD card slot, and some other more advanced features.
For more information see [https://wiki.trezor.io/Trezor_Model_T Trezor Model T] and this [https://trezor.io/#comparison comparison table]

[https://shop.trezor.io Trezor E-shop] | [https://wiki.trezor.io Trezor Wiki] | [https://trezor.io Trezor Homepage]

 

=== D'CENT Biometric Wallet - BLE enabled Hardware Wallet ===
[[File:DCENT_Biometric_Wallet.png|300px|thumb|left|D'CENT Biometric Wallet]]

D'CENT Biometric Wallet is a secure multi-cryptocurrency hardware wallet. It connects by using Bluetooth or USB to any mobile devices. The wallet is based on multi-IC architecture built on Secure Element(EAL5+) embedded with the SecureOS to provide robust security for the secure execution of multiple wallet applications.

Main features:
* Cryptographic secrets protected by a secure chip
* Large OLED (128x128) display for confirmation of transactions and QR Code for P2P transactions
* Built-in biometric sensor for authentication and also supports the PIN
* Built-in onboarding (seed and key generation in Secure Element)
* BIP39 seed (24 words), easy backup and recovery
* Easy and convenient FW update (no recovery is required after update)
* Bluetooth and USB connectivity

[https://dcentwallet.com D'CENT Wallet Homepage] | [https://medium.com/dcentwallet D'CENT on Medium] | [https://www.youtube.com/channel/UCKnYqiM3g3iaaAKcRZf-kbA D'CENT Youtube]

 

=== Cobo Vault - Air-gapped with QR code and Secure Element ===
[[File:Vault_pro.png|300px|thumb|left|Cobo Vault Essential/Pro/Ultimate]]

Cobo Vault is a completely air-gapped hardware wallet that uses verifiable QR codes to transmit transaction information back and forth with a mobile app. It houses an FIPS 140-2 Secure Element that uses four superimposed physical sources for true random number generation (TRNG). Private keys never leave the Secure Element when transactions are signed. Cobo Vault’s innovative Web Authentication process helps prevent supply chain attacks through double asymmetric encryption implementing our backend HSM server. Cobo Vault’s Secure Element’s BIP 32, 39, and 44 compliant firmware is open source ([https://github.com/CoboVault Github]).

Cobo Vault Essential, Pro & Ultimate Features:
* Air-gapped through auditable QR code data transmissions
* Secure Element physical entropy private key generation and side-channel attack prevention
* Open source Secure Element firmware (industry first)
* Detachable battery (industry first)
* MicroSD firmware upgrading
* 4-inch touchscreen

Cobo Vault Essential and Pro Features:
* AAA battery support to prevent battery failure
* Bitcon-only firmware version compatibility
* Better camera for smoother QR code transactions
* Features we will be adding (see the full product roadmap list in [https://medium.com/cobo-vault/second-gen-hardware-wallets-feature-support-c0aaf00a4216 our launch article])

Cobo Vault Pro Features:
* Fingerprint sensor for device unlock and transaction signing
* Upgraded self-destruct mechanism
* Rechargeable battery

[https://cobo.com/hardware-wallet Cobo Vault Homepage] | [https://medium.com/cobo-vault Cobo Vault on Medium] | [https://shop.cobo.com Cobo Vault Shop]

 

=== BitBox02: Swiss made open source ===
[[File:BitBox02.png.jpg|300px|thumb|left|BitBox02]]

The BitBox02 hardware wallet equips individuals to easily store, protect and transact in Bitcoin. Its companion, the BitBoxApp, provides an all-in-one solution to securely manage your coins.

Simple and secure, a good starting point for beginners:
* Create your wallet in minutes via the setup wizardInstant backup to the included microSD card
* In-app guide that answers common questions
* A bright OLED screen and intuitive touch sensors to securely verify and confirm transactions
* The USB-C connector works with your computer or Android smartphone (adapter and extension cable included)

Many advanced features for expert users:
* Easy connection to your own Bitcoin full node
* Secure multi-signature with account registration directly on the device
* Backup to microSD card with additional option to export the BIP39 recovery words
* Granular coin control for Bitcoin UTXO
* Reproducible builds of firmware to make sure binary releases actually run the open-source code
* Supported by Electrum and wallets using HWI

Secure hardware made in Switzerland:
* Software and hardware are open-source and can be independently audited
* Secure dual-chip architecture allows usage of a secure chip for physical device hardening
* Bitcoin-only edition features focused firmware with less attack surface
* Very discreet due to its small form factor and no visible screen when powered off
* BitBox hardware wallets have been available since 2016
* Engineered and manufactured in Switzerland

[https://shiftcrypto.ch/bitbox02 BitBox02 product page] | [https://github.com/digitalbitbox Source code]

 

== Not purchasable hardware wallets ==

=== Ledger HW.1 - USB Smartcard Hardware Wallet ===
[[File:Btchip_dongle.jpg|220px|thumb|left|HW.1 inserted in a laptop]]

HW.1 is an implementation of a deterministic ([[BIP 0032]]) Hardware Wallet on a USB smartcard.

It is typically used as a blind secure device for multi signature transactions - holding a set of derived private keys and signing transactions without requiring user confirmation.

Power users can rely on it to confirm all transactions with a second factor scheme turning the dongle into a keyboard typing what the user is supposed to have signed, as a protection against malware.

It is also possible to customize HW.1 for more specific needs, such as creating a prepaid card without revealing the deterministic seed before it is received by the user, or securing bitcoin transactions on a server.

[https://www.ledgerwallet.com/products/3-ledger-hw-1 E-shop] | [https://ledgerhq.github.io/btchip-doc/bitcoin-technical.html Technical Documentation]

 

=== Ledger Nano - USB Smartcard Hardware Wallet ===
[[File:ledger_wallet_photo.jpg|300px|thumb|left|Ledger Wallet USB]]

Ledger Nano protects your Bitcoin data within a smartcard. Its micro-processor certified against all types of attacks (both physical and logical), and has been used in the banking industry for decades (think credit card chips). The device connects to your computer through the USB port and will do all the Bitcoin cryptographic heavy lifting such as signing transactions inside its secure environment. You can therefore use your Bitcoin account with maximum trust, even on an insecure or compromised computer.

The second factor verification of the transaction signature can be done either with a paired smartphone (Android, iOS) or a physical security card.

The Ledger Wallet Chrome application (available also on Chromium) provides an easy onboarding as well as a seamless user experience, and the Nano is compatible with numerous third party software: [[Electrum]], [[Mycelium]], [[GreenAddress]], Greenbits, [[Coinkite]] and Copay.

[https://www.ledgerwallet.com/products/1-ledger-nano Ledger Nano product page] | [https://github.com/LedgerHQ Source and specifications]

 

=== Ledger Unplugged - NFC Smartcard Hardware Wallet ===
[[File:ledger_unplugged_photo.jpg|300px|thumb|left|Ledger Unplugged NFC]]

The Ledger Unplugged is a credit card sized NFC hardware wallet. It embeds an open source Java Card app and is compatible with all NFC enabled Android phones.

The device can be used with Mycelium or Greenbits. In case of loss, you can restore it on any Ledger Wallet (Nano or another one) or all other compatible solutions (BIP 39).

[https://www.ledgerwallet.com/products/6-ledger-unplugged Ledger Unplugged product page] | [https://github.com/LedgerHQ/ledger-javacard Source code]

 

=== BWALLET TREZOR clone ===

[[File:BWALLET_Trezor_Clone.jpeg|200px|thumb|left|Chinese clone of Trezor]]

BWALLET is a clone of Trezor by a Chinese company.
Trezor code is open source and this device operates like a Trezor.
However, this product has been [https://www.reddit.com/r/Bitcoin/comments/2tyier/bwallet_review_by_trezor_developer/ reviewed by Marek aka Slush(Trezor developer)] and he has found some problems which makes this device less than 100% compatible, for example it doesn't work with [http://mytrezor.com myTREZOR.com] website and it does not work with Trezor official firmware.

[http://mybwallet.com MyBWALLET.com] | [http://www.bidingxing.com/en/bwallet Buy BWALLET]

 

=== Pi Wallet - cold storage ===
[[File:Piwallet.jpeg|300px|thumb|left|Pi-Wallet]]

The Pi-Wallet is a small computer with the [[Armory]] bitcoin client.

Transactions are signed offline, then transferred on a USB stick via [https://en.wikipedia.org/wiki/Sneakernet Sneakernet] to an online system for broadcasting.

[https://www.pi-wallet.com/ pi-wallet.com]

 

=== BitcoinCard Megion Technologies-Card based wallet ===
[[File:Bitcoincard-medley-large.jpg|400px|thumb|left|Bitcoin Card]]
[http://www.bitcoincard.org/ Bitcoincard Home Page]

[http://blog.bitinstant.com/blog/2012/6/19/our-discovery-in-vienna-the-bitcoin-card.html Excellent review by evoorhees]

Incorporates a e-paper display, keypad, and radio (custom ISM band protocol.) Unfortunately it is fairly limited in terms of transaction I/O, requiring a radio gateway or another bitcoincard wherever funds need to be transferred.

 

=== BitSafe - allten/someone42's hardware wallet ===
[[File:Bitsafe-wallet-sizecompare.jpg|200px|thumb|left|Bitsafe wallet]]
[https://bitcointalk.org/index.php?topic=152517.0 Final BitSafe announcement]

Signing transactions only, requires USB host software for transactions & USB power. Has a OLED display and Confirm/Cancel buttons. Evolved out of someone42's prototype below, and has significant contributions from someone42 as well.
 

=== Swiss Bank in Your Pocket - Hardware wallet ===
[[File:SBIYP.png|300px|thumb|left|Swiss Bank In Your Pocket]]

The Swiss Bank in Your Pocket is a Windows Desktop Application providing functionality for 5 Bitcoin Wallets and a Bitcoin Vault.

The Bitcoin Vault can only send Bitcoins to the Bitcoin Wallets with in the application. Each Bitcoin wallet can have up to 5 Receive addresses. The intuitive user interface is designed for ease of use. USB security key is required to make any type of transaction. frontend software is installed on windows. Package includes secure USB key, and an additional recovery USB key. So in case of an accident, customer will have an additional backup to access their wallets.

[https://swissbankinyourpocket.com/ swissbankinyourpocket.com]

 

=== BitBox 01 (Digital Bitbox) ===
[[file:Digital-bitbox.png|thumb|left|Digital Bitbox Hardware Wallet]]

* Secure hardware RNG & key storage using [http://www.atmel.com/Images/Atmel-8914-CryptoAuth-ATAES132A-Datasheet.pdf crypto element] with 50 year lifespan and an epoxy-filled case.
* Offline backup and recovery of [[BIP_0032|BIP-32]] seed with a micro SD card rather than [[BIP_0039|BIP-39]] phrase written on paper as in Trezor.
* Native software wallet client and ability to use a mobile phone for 2FA and to verify transaction details.
* Multisig out-of-the-box including Copay support.
* [https://github.com/digitalbitbox Open Source] ([https://github.com/digitalbitbox/mcu#digital-bitbox-firmware firmware], [https://github.com/digitalbitbox/mcu/blob/bf48984fd4a47d9ebf6814f7d01b078964587c7c/src/bootloader.c bootloader], [https://github.com/digitalbitbox/dbb-app desktop client]).
* Full FIDO U2F support (https://en.wikipedia.org/wiki/Universal_2nd_Factor)
* Made in Switzerland (a country with strong privacy laws) by [[Bitcoin Core]] developer Jonas Schnelli.

[https://digitalbitbox.com digitalbitbox.com]

 

=== someone42's original prototype ===
[[File:Someone42-wallet-prototype.jpg|300px|thumb|left|someone42's original prototype]]
[https://bitcointalk.org/index.php?topic=78614.0 Hardware Bitcoin wallet - a minimal Bitcoin wallet for embedded devices]

Signing transactions only, requires USB host software for transactions & USB power. All work is rolled into the above BitSafe wallet currently.
 
=== Other/Defunct but with good discussion: ===
* natman3400's BitClip Jun 2011 [https://bitcointalk.org/index.php?topic=24852.0 https://bitcointalk.org/index.php?topic=24852.0]
:Seems to have gone defunct around Dec 2011. Some good ideas though and seemed to have started on execution.
* jim618 hardware wallet proposal Apr 2012 [https://bitcointalk.org/index.php?topic=77553.0 Dedicated bitcoin devices - dealing with untrusted networks]
:Great discussion and good ideas from jim618. Also linked the following video:
* Prof. Clemens Cap's hardware wallet? (video:)[https://www.youtube.com/watch?v=IavQ-Wc8S1U Clemens Cap about electronic bitcoin wallet at EuroBit]
:Clemens Cap of Uni Rostock explains the Electronic Bitcoin wallet device he's working on. It's based on adafruit microtouch device.
* ripper234's discussion based on Yubikeys Aug 2012 [https://bitcointalk.org/index.php?topic=99492 Having a YUBIKEY as one of the parties for m-of-n signatures]
:The use of Yubikeys. They only support symmetric crypto, so you'd have to trust the host device.
* kalleguld's hardware wallet proposal Oct 2012 [https://bitcointalk.org/index.php?topic=115294.0 Proposal: Hardware wallet (Win 3 BTC)]
* Vaporware: Matthew N Wright's ellet [https://bitcointalk.org/index.php?topic=85931.0 ANN The world's first handheld Bitcoin device, the Ellet!] (Vaporware)

== Smart Card based wallets ==
This type of device requires complete trust in the host device, as there is no method for user input.
See [[Smart card wallet]]

== Related Resources ==
* [https://bitcoinnewsmagazine.com/best-bitcoin-hardware-wallet-2015/ Best Bitcoin Hardware Wallet 2015] - reviews of all bitcoin hardware wallets.
* [http://99bitcoins.com/trezor-vs-ledger-hands-hardware-wallets-review/ TREZOR vs. Ledger] - User reviews and Reddit feedback
* [https://bitcointalk.org/index.php?topic=125383.0 Hardware wallet wire protocol]: slush's Hardware wallet wire protocol discussion
* [https://bitcointalk.org/index.php?topic=19080.msg272348#msg272348 Re: Split private keys]: kjj's Todo List discussion for client protocol requirements
* [https://bitcointalk.org/index.php?topic=134277.0 Hardware Wallet Roundup]
* [https://www.buybitcoinworldwide.com/wallets/ Bitcoin Hardware Wallet Comparison] - information about using Bitcoin hardware wallets for cold storage.
* [https://www.weusecoins.com/bitcoin-ledger-wallet-review/ Ledger Wallet Review]

== See Also ==

* [[Storing bitcoins]]
* [[How to set up a secure offline savings wallet]]
* [[Cold storage]]

[[Category:Security]]
[[Category:Wallets| ]]
[[Category:Hardware]]

Irreversible Transactions

2022-04-08T16:39:02Z

Tris T7: /* How many confirmations are required */ edited ref

When used correctly, Bitcoin's base layer transactions on the [[blockchain]] are irreversible and final. It's no exaggeration to say that the entirety of bitcoin's system of [[blockchain]], [[mining]], [[proof of work]], [[difficulty]] etc, exist to produce this history of transactions that is computationally impractical to modify.

In the literature on electronic cash, this property was often refer to as "solving the double-spending problem". Double-spending is the result of successfully spending some money more than once. Bitcoin users protect themselves from double spending fraud by waiting for [[confirmation|confirmations]] when receiving payments on the blockchain, the transactions become more irreversible as the number of confirmations rises.

Other electronic systems prevent double-spending by having a master authoritative source that follows business rules for authorizing each transaction. Bitcoin uses a decentralized system, where a [[Full node#Economic_strength|consensus]] among nodes following the same protocol and [[proof of work]] is substituted for a central authority. This means bitcoin has special properties not shared by centralized systems. For example if you keep the [[private key]] of a bitcoin secret and the transaction has enough confirmations, then nobody can take the bitcoin from you no matter for what reason, no matter how good the excuse, no matter what. Possession of bitcoin is not enforced by business rules and policy, but cryptography and game theory.

Because bitcoin transactions can be final, merchants do not need to hassle customers for extra information like billing address, name, etc, so bitcoin can be used without registering a real name or excluding users based on age, nationality or residency. Finality in transactions means [[Contract|smart contracts]] can be created with a "code-is-law" ethos.

==Attack vectors==

===Race attack===

Traders and merchants who accept a payment immediately on seeing "0/unconfirmed" are exposed to the transaction being reversed. An attempt at fraud could work that the fraudster sends a transaction paying the merchant directly to the merchant, and sends a conflicting transaction spending the coin to himself to the rest of the network. It is likely that the second conflicting transaction will be mined into a block and accepted by bitcoin nodes as genuine.

Merchants can take precautions (e.g., disable incoming connections, only connect to well connected nodes) to lessen the risk of a race attack but the risk cannot be eliminated. Therefore, the cost/benefit of the risk needs to be considered when accepting payment on 0/unconfirmed when there is no recourse against the attacker.

The [[research]] paper [http://eprint.iacr.org/2012/248.pdf Two Bitcoins at the Price of One] finds that the protocol allows a high degree of success by an attacker in performing race attacks. The method studied in the research paper depends on access to the merchant's Bitcoin node which is why that even prior to this paper, recommendations for merchants include disabling incoming connections and to choose specific outgoing connections.<ref>[http://bitcointalk.org/index.php?topic=79090.msg881283#msg881283 BitcoinTalk Thread - Two Bitcoins at the Price of One]</ref>

===Finney attack===

Another attack the trader or merchant is exposed to when accepting payment on 0/unconfirmed. The Finney attack is a fraudulent double-spend that requires the participation of a miner once a block has been mined.<ref>[http://www.bitcointalk.org/index.php?topic=3441.msg48384#msg48384 Best practice for fast transaction acceptance - how high is the risk?]</ref> The risk of a Finney attack cannot be eliminated regardless of the precautions taken by the merchant, but some miner hash power is required and a specific sequence of events must occur. Just like with the race attack, a trader or merchant should consider the cost / benefit when accepting payment on just one confirmation when there is no recourse against the attacker.

A Finney attack works as follows: Suppose the attacker is generating blocks occasionally. in each block he generates, he includes a transfer from address A to address B, both of which he controls. To cheat you, when he generates a block, he doesn't broadcast it. Instead, he opens your store web page and makes a payment to your address C with his address A. You may wait a few seconds for double-spends, not hear anything, and then transfer the goods. He broadcasts his block now, and his transaction will take precedence over yours.

===Vector76 attack===

Also referred to as a one-confirmation attack, is a combination of the race attack and the Finney attack such that a transaction that even has one confirmation can still be reversed. The same protective action for the race attack (no incoming connections, explicit outgoing connection to a well-connected node) significantly reduces the risk of this occurring.

It is worth noting that a successful attack costs the attacker one block - they need to 'sacrifice' a block by not broadcasting it, and instead relaying it only to the attacked node.

See on [http://bitcointalk.org/index.php?topic=36788.msg463391#msg463391 BitcoinTalk] or further [http://www.reddit.com/r/Bitcoin/comments/2e7bfa/vector76_double_spend_attack/cjwya6x example of an attack scenario].

=== Blockchain reorganization attack===

Also called alternative history attack. This attack has a chance to work even if the merchant waits for some confirmations, but requires relatively high hashrate and risk of significant expense in wasted electricity to the attacking miner.

The attacker submits to the merchant/network a transaction which pays the merchant, while privately mining an alternative blockchain fork in which a fraudulent double-spending transaction is included instead. After waiting for ''n'' confirmations, the merchant sends the product. If the attacker happened to find more than ''n'' blocks at this point, he releases his fork and regains his coins; otherwise, he can try to continue extending his fork with the hope of being able to catch up with the network. If he never manages to do this then the attack fails, the attacker has wasted a significant amount of electricity and the payment to the merchant will not be reversed.

===[[Majority attack]]===

Also referred to as a 51% attack or >50% attack. If the attacker controls more than half of the network hashrate, the previously-mentioned Alternative history attack has a probability of 100% to succeed. Since the attacker can generate blocks faster than the rest of the network, he can simply persevere with his private fork until it becomes longer than the branch built by the honest network, from whatever disadvantage.

No amount of confirmations can prevent this attack; however, waiting for confirmations does increase the aggregate resource cost of performing the attack, which could potentially make it unprofitable or delay it long enough for the circumstances to change or slower-acting synchronization methods to kick in. Bitcoin's security model relies on no single coalition of miners controlling more than half the mining power. A miner with more than 50% hash power is incentived to reduce their mining power and reframe from attacking in order for their mining equipment and bitcoin income to retain it's value.

== How many confirmations are required ==

The probability of success is a function of the attacker's hashrate (as a proportion of the total network hashrate) and the number of confirmations the merchant waits for. An online calculator can be found here: https://people.xiph.org/~greg/attack_success.html

For example, if the attacker controls 10% of the network hashrate but the merchant waits for 6 confirmations, the success probability is on the order of 0.1%.<ref>[https://bitcoil.co.il/Doublespend.pdf Analysis of hashrate-based double-spending]</ref> Because of the opportunity cost of this attack, it is only game-theory possible if the bitcoin amount traded is comparable to the block reward (but note that an attacking miner can attempt a brute force attack against several counterparties at once).

If the bitcoin amount being transacted is so large that it is comparable to the block reward, then merchants should wait 100 confirmations for their incoming transactions to be irreversible.

=== Bribing miners to reorg a confirmed [[transaction]] ===

In the past after large bitcoin thefts, it has been suggested that the theft victim attempts to bribe miners into reversing the confirmed transaction. This does not work because the thief can easily outbid with their own bribe. The thief gets a head-start as the transaction would already have confirmations. Every block that gets mined adds a block reward amount of bitcoins more that the attacker could keep while still paying more than the victim, as is every percentage of hashpower that doesn't go along with it. Such a reorg attempt, if successful, would also cause massive disruption in the bitcoin network and open the reorganizing miners and victim to litigation.

Examples:

* In August 2016 the Bitfinex exchange suffered a hack of 120000 bitcoins. Here is a reddit discussion involving bitcoin experts about bribing miners to reorg and why that's a bad idea: https://archive.is/S2fBH

* In May 2019 the Binance exchange was hacked for 7000 bitcoins and a similar suggestion was made: https://twitter.com/JeremyRubin/status/1125919526485254144

==Successful Double-Spends in Practice==

* In November 2013 it was discovered that the GHash.io mining pool appeared to be engaging in repeated payment fraud against BetCoin Dice, a gambling site<ref>[https://bitcointalk.org/index.php?topic=327767.0 BitcoinTalk Thread - GHash.IO and double-spending against BetCoin Dice]</ref>. Dice sites use one transaction per bet and don’t wait for confirmations. GHash.io claimed they had investigated and found a rogue employee who had been doing the double spending, who was fired. However no evidence supporting this was provided and the incident left a permanent cloud hanging over the pool. Regardless, it didn’t seem to hurt their market share much: most miners probably never heard about the incident at all.

==Consumer Protection==

Although bitcoin's base layer blockchain transactions are irreversible, consumer protection can be implemented on a layer on top.

For example [[Secure_Trading#Use_an_Escrow_Service|using an escrow agent]] is a powerful technique especially when combined with [[Multisignature|multisignature smart contracts]]. Also bitcoin sites such as online casinos rely on their long-standing reputation and some regulated brokers and exchanges simply rely on the legal system.

See also: [[Myths#Bitcoin_has_no_built-in_chargeback_mechanism_and_this_is_bad]]

==See Also==

* [[Weaknesses]]
* [[Bitcoin as a medium of exchange]]
* [http://codinginmysleep.com/bitcoin-attacks-in-plain-english Bitcoin Attacks in Plain English] by David Perry
* [https://medium.com/@bramcohen/the-inevitable-demise-of-unconfirmed-bitcoin-transactions-8b5f66a44a35 Thorough discussion of zero-confirm on-chain transactions in bitcoin] by Bram Cohen
* [https://bitcoin.stackexchange.com/questions/87652/51-attack-apparently-very-easy-refering-to-czs-rollback-btc-chain-how-t/87655#87655 stackexchange discussion on exchanges bribing miners to reverse transactions]
* [https://pooldetective.org/ MIT DCI’s pool detective app monitors various mining pools for odd behaviour like censorship, selfish mining or reorg attempts]

[[de:Doppelausgaben]]

==References==
<references />

[[Category:Technical]]

Irreversible Transactions

2022-04-08T16:38:06Z

Tris T7: /* Finney attack */ edited ref

When used correctly, Bitcoin's base layer transactions on the [[blockchain]] are irreversible and final. It's no exaggeration to say that the entirety of bitcoin's system of [[blockchain]], [[mining]], [[proof of work]], [[difficulty]] etc, exist to produce this history of transactions that is computationally impractical to modify.

In the literature on electronic cash, this property was often refer to as "solving the double-spending problem". Double-spending is the result of successfully spending some money more than once. Bitcoin users protect themselves from double spending fraud by waiting for [[confirmation|confirmations]] when receiving payments on the blockchain, the transactions become more irreversible as the number of confirmations rises.

Other electronic systems prevent double-spending by having a master authoritative source that follows business rules for authorizing each transaction. Bitcoin uses a decentralized system, where a [[Full node#Economic_strength|consensus]] among nodes following the same protocol and [[proof of work]] is substituted for a central authority. This means bitcoin has special properties not shared by centralized systems. For example if you keep the [[private key]] of a bitcoin secret and the transaction has enough confirmations, then nobody can take the bitcoin from you no matter for what reason, no matter how good the excuse, no matter what. Possession of bitcoin is not enforced by business rules and policy, but cryptography and game theory.

Because bitcoin transactions can be final, merchants do not need to hassle customers for extra information like billing address, name, etc, so bitcoin can be used without registering a real name or excluding users based on age, nationality or residency. Finality in transactions means [[Contract|smart contracts]] can be created with a "code-is-law" ethos.

==Attack vectors==

===Race attack===

Traders and merchants who accept a payment immediately on seeing "0/unconfirmed" are exposed to the transaction being reversed. An attempt at fraud could work that the fraudster sends a transaction paying the merchant directly to the merchant, and sends a conflicting transaction spending the coin to himself to the rest of the network. It is likely that the second conflicting transaction will be mined into a block and accepted by bitcoin nodes as genuine.

Merchants can take precautions (e.g., disable incoming connections, only connect to well connected nodes) to lessen the risk of a race attack but the risk cannot be eliminated. Therefore, the cost/benefit of the risk needs to be considered when accepting payment on 0/unconfirmed when there is no recourse against the attacker.

The [[research]] paper [http://eprint.iacr.org/2012/248.pdf Two Bitcoins at the Price of One] finds that the protocol allows a high degree of success by an attacker in performing race attacks. The method studied in the research paper depends on access to the merchant's Bitcoin node which is why that even prior to this paper, recommendations for merchants include disabling incoming connections and to choose specific outgoing connections.<ref>[http://bitcointalk.org/index.php?topic=79090.msg881283#msg881283 BitcoinTalk Thread - Two Bitcoins at the Price of One]</ref>

===Finney attack===

Another attack the trader or merchant is exposed to when accepting payment on 0/unconfirmed. The Finney attack is a fraudulent double-spend that requires the participation of a miner once a block has been mined.<ref>[http://www.bitcointalk.org/index.php?topic=3441.msg48384#msg48384 Best practice for fast transaction acceptance - how high is the risk?]</ref> The risk of a Finney attack cannot be eliminated regardless of the precautions taken by the merchant, but some miner hash power is required and a specific sequence of events must occur. Just like with the race attack, a trader or merchant should consider the cost / benefit when accepting payment on just one confirmation when there is no recourse against the attacker.

A Finney attack works as follows: Suppose the attacker is generating blocks occasionally. in each block he generates, he includes a transfer from address A to address B, both of which he controls. To cheat you, when he generates a block, he doesn't broadcast it. Instead, he opens your store web page and makes a payment to your address C with his address A. You may wait a few seconds for double-spends, not hear anything, and then transfer the goods. He broadcasts his block now, and his transaction will take precedence over yours.

===Vector76 attack===

Also referred to as a one-confirmation attack, is a combination of the race attack and the Finney attack such that a transaction that even has one confirmation can still be reversed. The same protective action for the race attack (no incoming connections, explicit outgoing connection to a well-connected node) significantly reduces the risk of this occurring.

It is worth noting that a successful attack costs the attacker one block - they need to 'sacrifice' a block by not broadcasting it, and instead relaying it only to the attacked node.

See on [http://bitcointalk.org/index.php?topic=36788.msg463391#msg463391 BitcoinTalk] or further [http://www.reddit.com/r/Bitcoin/comments/2e7bfa/vector76_double_spend_attack/cjwya6x example of an attack scenario].

=== Blockchain reorganization attack===

Also called alternative history attack. This attack has a chance to work even if the merchant waits for some confirmations, but requires relatively high hashrate and risk of significant expense in wasted electricity to the attacking miner.

The attacker submits to the merchant/network a transaction which pays the merchant, while privately mining an alternative blockchain fork in which a fraudulent double-spending transaction is included instead. After waiting for ''n'' confirmations, the merchant sends the product. If the attacker happened to find more than ''n'' blocks at this point, he releases his fork and regains his coins; otherwise, he can try to continue extending his fork with the hope of being able to catch up with the network. If he never manages to do this then the attack fails, the attacker has wasted a significant amount of electricity and the payment to the merchant will not be reversed.

===[[Majority attack]]===

Also referred to as a 51% attack or >50% attack. If the attacker controls more than half of the network hashrate, the previously-mentioned Alternative history attack has a probability of 100% to succeed. Since the attacker can generate blocks faster than the rest of the network, he can simply persevere with his private fork until it becomes longer than the branch built by the honest network, from whatever disadvantage.

No amount of confirmations can prevent this attack; however, waiting for confirmations does increase the aggregate resource cost of performing the attack, which could potentially make it unprofitable or delay it long enough for the circumstances to change or slower-acting synchronization methods to kick in. Bitcoin's security model relies on no single coalition of miners controlling more than half the mining power. A miner with more than 50% hash power is incentived to reduce their mining power and reframe from attacking in order for their mining equipment and bitcoin income to retain it's value.

== How many confirmations are required ==

The probability of success is a function of the attacker's hashrate (as a proportion of the total network hashrate) and the number of confirmations the merchant waits for. An online calculator can be found here: https://people.xiph.org/~greg/attack_success.html

For example, if the attacker controls 10% of the network hashrate but the merchant waits for 6 confirmations, the success probability is on the order of 0.1%<ref>[https://bitcoil.co.il/Doublespend.pdf Analysis of hashrate-based double-spending]</ref>. Because of the opportunity cost of this attack, it is only game-theory possible if the bitcoin amount traded is comparable to the block reward (but note that an attacking miner can attempt a brute force attack against several counterparties at once).

If the bitcoin amount being transacted is so large that it is comparable to the block reward, then merchants should wait 100 confirmations for their incoming transactions to be irreversible.

=== Bribing miners to reorg a confirmed [[transaction]] ===

In the past after large bitcoin thefts, it has been suggested that the theft victim attempts to bribe miners into reversing the confirmed transaction. This does not work because the thief can easily outbid with their own bribe. The thief gets a head-start as the transaction would already have confirmations. Every block that gets mined adds a block reward amount of bitcoins more that the attacker could keep while still paying more than the victim, as is every percentage of hashpower that doesn't go along with it. Such a reorg attempt, if successful, would also cause massive disruption in the bitcoin network and open the reorganizing miners and victim to litigation.

Examples:

* In August 2016 the Bitfinex exchange suffered a hack of 120000 bitcoins. Here is a reddit discussion involving bitcoin experts about bribing miners to reorg and why that's a bad idea: https://archive.is/S2fBH

* In May 2019 the Binance exchange was hacked for 7000 bitcoins and a similar suggestion was made: https://twitter.com/JeremyRubin/status/1125919526485254144

==Successful Double-Spends in Practice==

* In November 2013 it was discovered that the GHash.io mining pool appeared to be engaging in repeated payment fraud against BetCoin Dice, a gambling site<ref>[https://bitcointalk.org/index.php?topic=327767.0 BitcoinTalk Thread - GHash.IO and double-spending against BetCoin Dice]</ref>. Dice sites use one transaction per bet and don’t wait for confirmations. GHash.io claimed they had investigated and found a rogue employee who had been doing the double spending, who was fired. However no evidence supporting this was provided and the incident left a permanent cloud hanging over the pool. Regardless, it didn’t seem to hurt their market share much: most miners probably never heard about the incident at all.

==Consumer Protection==

Although bitcoin's base layer blockchain transactions are irreversible, consumer protection can be implemented on a layer on top.

For example [[Secure_Trading#Use_an_Escrow_Service|using an escrow agent]] is a powerful technique especially when combined with [[Multisignature|multisignature smart contracts]]. Also bitcoin sites such as online casinos rely on their long-standing reputation and some regulated brokers and exchanges simply rely on the legal system.

See also: [[Myths#Bitcoin_has_no_built-in_chargeback_mechanism_and_this_is_bad]]

==See Also==

* [[Weaknesses]]
* [[Bitcoin as a medium of exchange]]
* [http://codinginmysleep.com/bitcoin-attacks-in-plain-english Bitcoin Attacks in Plain English] by David Perry
* [https://medium.com/@bramcohen/the-inevitable-demise-of-unconfirmed-bitcoin-transactions-8b5f66a44a35 Thorough discussion of zero-confirm on-chain transactions in bitcoin] by Bram Cohen
* [https://bitcoin.stackexchange.com/questions/87652/51-attack-apparently-very-easy-refering-to-czs-rollback-btc-chain-how-t/87655#87655 stackexchange discussion on exchanges bribing miners to reverse transactions]
* [https://pooldetective.org/ MIT DCI’s pool detective app monitors various mining pools for odd behaviour like censorship, selfish mining or reorg attempts]

[[de:Doppelausgaben]]

==References==
<references />

[[Category:Technical]]

Irreversible Transactions

2022-04-08T16:36:16Z

Tris T7: /* Race attack */ edit ref

When used correctly, Bitcoin's base layer transactions on the [[blockchain]] are irreversible and final. It's no exaggeration to say that the entirety of bitcoin's system of [[blockchain]], [[mining]], [[proof of work]], [[difficulty]] etc, exist to produce this history of transactions that is computationally impractical to modify.

In the literature on electronic cash, this property was often refer to as "solving the double-spending problem". Double-spending is the result of successfully spending some money more than once. Bitcoin users protect themselves from double spending fraud by waiting for [[confirmation|confirmations]] when receiving payments on the blockchain, the transactions become more irreversible as the number of confirmations rises.

Other electronic systems prevent double-spending by having a master authoritative source that follows business rules for authorizing each transaction. Bitcoin uses a decentralized system, where a [[Full node#Economic_strength|consensus]] among nodes following the same protocol and [[proof of work]] is substituted for a central authority. This means bitcoin has special properties not shared by centralized systems. For example if you keep the [[private key]] of a bitcoin secret and the transaction has enough confirmations, then nobody can take the bitcoin from you no matter for what reason, no matter how good the excuse, no matter what. Possession of bitcoin is not enforced by business rules and policy, but cryptography and game theory.

Because bitcoin transactions can be final, merchants do not need to hassle customers for extra information like billing address, name, etc, so bitcoin can be used without registering a real name or excluding users based on age, nationality or residency. Finality in transactions means [[Contract|smart contracts]] can be created with a "code-is-law" ethos.

==Attack vectors==

===Race attack===

Traders and merchants who accept a payment immediately on seeing "0/unconfirmed" are exposed to the transaction being reversed. An attempt at fraud could work that the fraudster sends a transaction paying the merchant directly to the merchant, and sends a conflicting transaction spending the coin to himself to the rest of the network. It is likely that the second conflicting transaction will be mined into a block and accepted by bitcoin nodes as genuine.

Merchants can take precautions (e.g., disable incoming connections, only connect to well connected nodes) to lessen the risk of a race attack but the risk cannot be eliminated. Therefore, the cost/benefit of the risk needs to be considered when accepting payment on 0/unconfirmed when there is no recourse against the attacker.

The [[research]] paper [http://eprint.iacr.org/2012/248.pdf Two Bitcoins at the Price of One] finds that the protocol allows a high degree of success by an attacker in performing race attacks. The method studied in the research paper depends on access to the merchant's Bitcoin node which is why that even prior to this paper, recommendations for merchants include disabling incoming connections and to choose specific outgoing connections.<ref>[http://bitcointalk.org/index.php?topic=79090.msg881283#msg881283 BitcoinTalk Thread - Two Bitcoins at the Price of One]</ref>

===Finney attack===

Another attack the trader or merchant is exposed to when accepting payment on 0/unconfirmed. The Finney attack is a fraudulent double-spend that requires the participation of a miner once a block has been mined<ref>[http://www.bitcointalk.org/index.php?topic=3441.msg48384#msg48384 Best practice for fast transaction acceptance - how high is the risk?]</ref>. The risk of a Finney attack cannot be eliminated regardless of the precautions taken by the merchant, but some miner hash power is required and a specific sequence of events must occur. Just like with the race attack, a trader or merchant should consider the cost / benefit when accepting payment on just one confirmation when there is no recourse against the attacker.

A Finney attack works as follows: Suppose the attacker is generating blocks occasionally. in each block he generates, he includes a transfer from address A to address B, both of which he controls. To cheat you, when he generates a block, he doesn't broadcast it. Instead, he opens your store web page and makes a payment to your address C with his address A. You may wait a few seconds for double-spends, not hear anything, and then transfer the goods. He broadcasts his block now, and his transaction will take precedence over yours.

===Vector76 attack===

Also referred to as a one-confirmation attack, is a combination of the race attack and the Finney attack such that a transaction that even has one confirmation can still be reversed. The same protective action for the race attack (no incoming connections, explicit outgoing connection to a well-connected node) significantly reduces the risk of this occurring.

It is worth noting that a successful attack costs the attacker one block - they need to 'sacrifice' a block by not broadcasting it, and instead relaying it only to the attacked node.

See on [http://bitcointalk.org/index.php?topic=36788.msg463391#msg463391 BitcoinTalk] or further [http://www.reddit.com/r/Bitcoin/comments/2e7bfa/vector76_double_spend_attack/cjwya6x example of an attack scenario].

=== Blockchain reorganization attack===

Also called alternative history attack. This attack has a chance to work even if the merchant waits for some confirmations, but requires relatively high hashrate and risk of significant expense in wasted electricity to the attacking miner.

The attacker submits to the merchant/network a transaction which pays the merchant, while privately mining an alternative blockchain fork in which a fraudulent double-spending transaction is included instead. After waiting for ''n'' confirmations, the merchant sends the product. If the attacker happened to find more than ''n'' blocks at this point, he releases his fork and regains his coins; otherwise, he can try to continue extending his fork with the hope of being able to catch up with the network. If he never manages to do this then the attack fails, the attacker has wasted a significant amount of electricity and the payment to the merchant will not be reversed.

===[[Majority attack]]===

Also referred to as a 51% attack or >50% attack. If the attacker controls more than half of the network hashrate, the previously-mentioned Alternative history attack has a probability of 100% to succeed. Since the attacker can generate blocks faster than the rest of the network, he can simply persevere with his private fork until it becomes longer than the branch built by the honest network, from whatever disadvantage.

No amount of confirmations can prevent this attack; however, waiting for confirmations does increase the aggregate resource cost of performing the attack, which could potentially make it unprofitable or delay it long enough for the circumstances to change or slower-acting synchronization methods to kick in. Bitcoin's security model relies on no single coalition of miners controlling more than half the mining power. A miner with more than 50% hash power is incentived to reduce their mining power and reframe from attacking in order for their mining equipment and bitcoin income to retain it's value.

== How many confirmations are required ==

The probability of success is a function of the attacker's hashrate (as a proportion of the total network hashrate) and the number of confirmations the merchant waits for. An online calculator can be found here: https://people.xiph.org/~greg/attack_success.html

For example, if the attacker controls 10% of the network hashrate but the merchant waits for 6 confirmations, the success probability is on the order of 0.1%<ref>[https://bitcoil.co.il/Doublespend.pdf Analysis of hashrate-based double-spending]</ref>. Because of the opportunity cost of this attack, it is only game-theory possible if the bitcoin amount traded is comparable to the block reward (but note that an attacking miner can attempt a brute force attack against several counterparties at once).

If the bitcoin amount being transacted is so large that it is comparable to the block reward, then merchants should wait 100 confirmations for their incoming transactions to be irreversible.

=== Bribing miners to reorg a confirmed [[transaction]] ===

In the past after large bitcoin thefts, it has been suggested that the theft victim attempts to bribe miners into reversing the confirmed transaction. This does not work because the thief can easily outbid with their own bribe. The thief gets a head-start as the transaction would already have confirmations. Every block that gets mined adds a block reward amount of bitcoins more that the attacker could keep while still paying more than the victim, as is every percentage of hashpower that doesn't go along with it. Such a reorg attempt, if successful, would also cause massive disruption in the bitcoin network and open the reorganizing miners and victim to litigation.

Examples:

* In August 2016 the Bitfinex exchange suffered a hack of 120000 bitcoins. Here is a reddit discussion involving bitcoin experts about bribing miners to reorg and why that's a bad idea: https://archive.is/S2fBH

* In May 2019 the Binance exchange was hacked for 7000 bitcoins and a similar suggestion was made: https://twitter.com/JeremyRubin/status/1125919526485254144

==Successful Double-Spends in Practice==

* In November 2013 it was discovered that the GHash.io mining pool appeared to be engaging in repeated payment fraud against BetCoin Dice, a gambling site<ref>[https://bitcointalk.org/index.php?topic=327767.0 BitcoinTalk Thread - GHash.IO and double-spending against BetCoin Dice]</ref>. Dice sites use one transaction per bet and don’t wait for confirmations. GHash.io claimed they had investigated and found a rogue employee who had been doing the double spending, who was fired. However no evidence supporting this was provided and the incident left a permanent cloud hanging over the pool. Regardless, it didn’t seem to hurt their market share much: most miners probably never heard about the incident at all.

==Consumer Protection==

Although bitcoin's base layer blockchain transactions are irreversible, consumer protection can be implemented on a layer on top.

For example [[Secure_Trading#Use_an_Escrow_Service|using an escrow agent]] is a powerful technique especially when combined with [[Multisignature|multisignature smart contracts]]. Also bitcoin sites such as online casinos rely on their long-standing reputation and some regulated brokers and exchanges simply rely on the legal system.

See also: [[Myths#Bitcoin_has_no_built-in_chargeback_mechanism_and_this_is_bad]]

==See Also==

* [[Weaknesses]]
* [[Bitcoin as a medium of exchange]]
* [http://codinginmysleep.com/bitcoin-attacks-in-plain-english Bitcoin Attacks in Plain English] by David Perry
* [https://medium.com/@bramcohen/the-inevitable-demise-of-unconfirmed-bitcoin-transactions-8b5f66a44a35 Thorough discussion of zero-confirm on-chain transactions in bitcoin] by Bram Cohen
* [https://bitcoin.stackexchange.com/questions/87652/51-attack-apparently-very-easy-refering-to-czs-rollback-btc-chain-how-t/87655#87655 stackexchange discussion on exchanges bribing miners to reverse transactions]
* [https://pooldetective.org/ MIT DCI’s pool detective app monitors various mining pools for odd behaviour like censorship, selfish mining or reorg attempts]

[[de:Doppelausgaben]]

==References==
<references />

[[Category:Technical]]

Hashcash

2022-04-08T16:33:23Z

Tris T7: /* Hash function choices */ added article link

This page explains hashcash and how bitcoin uses it.

==Hashcash==

Bitcoin uses the [http://en.wikipedia.org/wiki/Hashcash hashcash] [[Proof_of_work]] function as the mining core. All bitcoin miners whether CPU, GPU, FPGA or ASICs are expending their effort creating hashcash proofs-of-work which act as a vote in the blockchain evolution and validate the blockchain transaction log.

Like many cryptographic algorithms hashcash uses a hash function as a building block, in the same way that HMAC, or RSA signatures are defined on a pluggable hash-function (commonly denoted by the naming convention of algorithm-hash: HMAC-SHA1, HMAC-MD5, HMAC-SHA256, RSA-SHA1, etc), hashcash can be instantiated with different functions, hashcash-SHA1 (original), hashcash-SHA256^2 (bitcoin), hashcash-Scrypt(iter=1).

===History===

The Hashcash [[proof-of-work]] function was invented in 1997 by [[Adam Back]], and proposed for anti-DoS uses including preventing: anonymous remailer and mail2news gateway abuse, nym name squatting on nymservers (replyable pseudonymous remailer severs), as well as general email anti-spam and general network abuse throttling. Before bitcoin, hashcash was used by SpamAssasin, and (with an incompatible format) by Microsoft (with the name "email postmark") in hotmail, exchange, outlook etc and by i2p anonymity network, mixmaster anonymous remailer components and other systems. Hashcash was also used by [[Hal Finney]]'s bitcoin precursor RPOW as a way to mine coins. [[Wei Dai]]'s [[B-money Proposal]], and [[Nick Szabo]]'s similar [[Bit Gold proposal]] bitcoin precursors, also were proposed in the context of hashcash mining.

===Hash function choices===

In the original 1997 algorithm hashcash used SHA1 because at that time, this was the defacto and NIST recommended hash, and the previous defacto hash MD5 had recently started to show signs of weakness. Bitcoin being specified/released in 2008/2009 uses [[SHA256]]. There is actually no strong reason [[SHA1]] would not have worked also, hashcash relies only on the hash partial preimage resistance property (security up to hash-size, 160-bit with SHA1) and not birthday collision hardness (security up to 80-bit), so the SHA1 hash is big enough. Bitcoin is anyway built to 128-bit security because 256-bit ECDSA is used, which also offers 128-bit security. Never the less SHA256 is the correct and more conservative choice because even SHA1 has started to show some weakenesses, though only in birthday collision, not in 2nd-preimage.

===Cryptanalytic Risks===

A practical issue with switching to hashcash-SHA3 is that it would invalidate all existing ASIC mining hardware, and so is a change that would unlikely to be made except in the face of security risk; there is no indication that SHA1 or SHA256, or SHA256^2 are vulnerable to pre-image attack so the motivation is missing absent new cryptanalytic developments. In addition even if SHA256^2 became easier due to cryptanalytic attack, and miners started using whatever the new algorithmic approach was, it does not necessarily matter as difficulty would just adapt to it. One likely side-effect however would be that it would introduce more memory or pre-computation tradeoffs which could make ASICs unprofitable, or give advantages to people with large resources to do the pre-computations. Pre-computation advantages would perhaps be enough motivation to replace the hash with SHA3. Anyway this is all speculation if and until any pre-image affecting cryptanalytic attacks are found on SHA256.

==Hashcash function==

The hashcash algorithm is relatively simple to understand. The idea builds on a security property of cryptographic hashes, that they are designed to be hard to invert (so-called one-way or pre-image resistant property). You can compute y from x cheaply y=H(x) but it's very hard to find x given only y. A full hash inversion has a known computationally infeasible brute-force running time, being O(2^k) where k is the hash size eg SHA256, k=256, and if a pre-image was found anyone could very efficiently verify it by computing one hash, so there is a huge asymmetry in full pre-image mining (computationally infeasible) vs verification (a single hash invocation).

A second hash pre-image means given one-preimage x of hash y where y=H(x), the task is to find another pre-image of hash y: x' so that y=H(x'). This is not to be confused with a birthday collision which is to find two values x, x' so that H(x)=H(x'), this can be done in much lower work O(sqrt(2^k))=O(2^(k/2)) because you can proceed by computing many H(x) values and storing them until you find a matching pair. It takes a lot of memory, but there are memory-time tradeoffs.

Version 0 of hashcash protocol (1997) used a partial 2nd pre-image, however the later version 1 (2002) uses partial pre-images of a fairly chosen string, rather than digits of pi or something arbitrary, 0^k (ie all 0 string) is used for convenience, so the work is to find x such that H(x)=0. This is also equally fair and only requires one hash invocation to verify vs two with 2nd partial-pre-images. (This optimisation was proposed by Hal Finney & independently by Thomas Boschloo). To make the work easier the definition of a partial-pre-image is to find x such that H(x)/2^(n-k) = 0 where / is the integer quotient from division, n is the size of the hash output (n=256-bits for SHA256) and k is the work factor, ie, the first k bits of the hash output are 0 . So for example k=20 requires average 1 million tries. It is actually the output that partially matches, not the pre-image, so could perhaps more accurately called a pre-image with a partial output match, however partial pre-image effectively a short-hand for that.

===Adding purpose===

If the partial-pre-image x from y=H(x) is random it is just a disconnected proof-of-work to no purpose, everyone can see you did do the work, but they don't know why, so users could reuse the same work for different services. To make the proof-of-work be bound to a service, or purpose, the hash must include s, a service string so the work becomes to find H(s,c)/2^(n-k)=0. The miner varies counter c until this is true. The service string could be a web server domain name, a recipients email address, or in bitcoin a block of the bitcoin blockchain ledger.

One additional problem is that if multiple people are mining, using the same service string, they must not start with the same x or they may end up with the same proof, and anyone looking at it will not honor a duplicated copy of the same work as it could have been copied without work, the first to present it will be rewarded, and others will find their work rejected. To avoid risking wasting work in this way, there needs to be a random starting point, and so the work becomes to find H(s,x,c)/2^(n-k) = 0 where x is random (eg 128-bits to make it statistically infeasible for two users to maliciously or accidentally start at the same point), and c is the counter being varied, and s is the service string.

This is what hashcash version 1 and bitcoin does. In fact in bitcoin the service string is the coinbase and the coinbase includes the recipients reward address, as well as the transactions to validate in the block. Bitcoin actually does not include a random start point x, reusing the reward address as the randomization factor to avoid collisions for this random start point purpose, which saves 16-bytes of space in the coinbase. For privacy bitcoin expect the miner to use a different reward address on each successful block.

===More Precise Work===

Hashcash as originally proposed has work 2^k where k is an integer, this means difficulty can only be scaled in powers of 2, this is slightly simpler as you can see and fully measure the difficulty just by counting 0s in hex/binary and was adequate for prior uses. (A lot of hashcash design choices are motivated by simplicity).

But because bitcoin needs more precise and dynamic control of work (to target 10-minute block interval accurately), it changes k to be a fractional (floating-point) so the work becomes to find H(s,x,c) < 2^(n-k) which is equivalent if k is an integer. Bitcoin defines target = 2^(n-k), so the work can be more simply written to find H(s,x,c) < target. Of course because of luck the block time actually has quite high variance, but the average is still more accurately targeted by the introduction of fractional k.

===Work, difficulty & cryptographic security===

Hashcash expresses security margin in the standard cryptographic security terms O(2^k) where for comparison DES offers k=56-bits of security, ECDSA-256 offers k=128-bits of security, and because its widely used this log2 way of expressing work and security can also be useful for making security comparisons.

Bitcoin rate of work is called the [https://blockchain.info/q/hashrate network hashrate] in GH/sec. As the target block interval is 10 minutes that can be converted to cryptographic security as log2(hashrate*600), so that of Nov 2013 hashrate is 4 petahash/sec and bitcoin's hashcash-256^2 proofs-of-works are 62-bits (including +1 for double hash).

Bitcoin also defines a new notion of (relative) difficulty which is the work required so that at current network hashrate a block is expected to be found every 10 minutes. It is expressed relative to a minimum work unit of 2^32 iterations (approximately, technically minimum work is 0xFFFF0000 due to bitcoin implementation level details). Bitcoin difficulty is simple to approximately convert to log2 cryptographic security: k=log2(difficulty)+32 (or for high accuracy log2(difficulty*0xFFFF0000)). Difficulty is related to the target simply as difficulty = target / 0xFFFF0000.

It is perhaps easier to deal with high difficulties in log2 scale (a petahash/second is a 16 decimal digit number of hashes per second), and makes them comparable to other cryptographic security statements. For example the EFF "deepcrack" [https://en.wikipedia.org/wiki/EFF_DES_cracker DES cracker] project built a hardware brute force machine capable of breaking a DES key in 56 hours to make a political point that 56-bit DES was too weak in 1998 at a cost of $250,000 (plus volunteer design time). By comparison bitcoin network does 62-bits (including +1 for double hash) every 10-minutes and is 537,000 times more powerful than deepcrack, or could if it were focused on DES rather than SHA256 crack a DES key in 9 seconds to deepcracks 56 hours.

===Miner privacy===

In principle a miner should therefore for privacy use a different reward-address for each block (and reset the counter to 0). Why Satoshi's early mined bitcoins were potentially linked, was because while he changed the reward-addresss, he forgot to reset the counter after each successful mine, which is a bitcoin mining privacy bug. In fact with bitcoin the counter also should be obscured otherwise you would reveal your effort level, and if you have a lot of mining power that may imply who the coin belongs to. Bitcoin does this via the nonce and extra-nonce. Nonce starts at 0, but extra nonce is random. Together these form a randomized counter hiding the amount of effort that went into the proof, so no one can tell if it was a powerful but unlucky miner who worked hard, or a weak miner who was very lucky.

Additionally with the introduction of mining pools, if the miner uses the same reward address for all users, which is what the current mining protocols do, then there is risk that users may redo work. To avoid users redoing work, miners hand out defined work for the users to do. However this creates an unnecessary communication round trip and in early protocol versions perhaps was a factor in the decision to have the pool send the actual block to mine, which means the miners are not validating their own blocks, which delegates validation authority, though not work, to the pool operator, reducing the security of the bitcoin network. The more recent mining protocol version allows the user to add their own block definition, but still unnecessarily incur round trips for handing out work allocation. Because the new pooled-mining protocol has a miner chosen extraNonce this acts as a random start factor so there is actually no need to talk to the pool for work allocation, a pool could have a static published address, and miners could just do work of whatever size they chose, and submit it to the pool as a UDP packet. (If privacy is required by the miner, it could use the public derivation method from BIP 32 to allow the node to tell the miner via an encrypted message with the mining work, which factor to multiply the static public key by.)

===Scrypt proof-of-work===

It is a misunderstanding to talk about the Scrypt proof-of-work.
Scrypt is not intended as a proof-of-work function, but a stretched key-derivation function, and while it is by design expensive to compute with high iterations, it can not be used to make an efficiently publicly auditable proof-of-work, as verifying costs the same as creating.

Hashcash with the internal hash function of Scrypt may be denoted hashcash-Scrypt(1). Scrypt, by Colin Percival, is a key-derivation function for converting user chosen passphrases into keys. It is salted (to prevent pre-computation/rainbow table attacks), and the hash is iterated many times to slow down passphrase grinding. Scrypt is similar in purpose to the defacto standard passphrase key-derivation function PBKDF2 (which uses HMAC-SHA1 internally). The differentiator and why people might choose Scrypt rather than PBDF2 is that Scrypt's inner hash uses more memory so the GPU (or theoretical Scrypt ASIC/FPGA) advantage in password grinding is reduced compared to CPUs.

This does not use the key-stretching feature of Scrypt so mining is not actually using Scrypt directly, but only the inner Scrypt hash (accessed by setting the iteration parameter to one iteration). So Scrypt's key-stretching function is not being used at all to contribute to the hardness, unlike its normal use for key protection eg in deriving the encryption key from user passphrase to encrypt bitcoin wallets. The reason Scrypt's key-stretching can not be used for mining is because that simultaneously makes it more expensive to verify by the same factor. This hashcash variant can be denoted hashcash-Scrypt(iter=1,mem=128KB) or shortened to hashcash-Scrypt(1). The other major scrypt parameter denotes the amount of memory used (usually 128kB).

===Decentralization: hashcash-Scrypt vs hashcash-SHA256===

The 128kB Scrypt memory footprint makes it arguably less vulnerable to centralization of mining power arising from limited access to or ownership of ASIC equipment by users. It's arguable and unclear, because there are counter arguments: that hashcash-SHA256^2 is very simple, so a skilled individual with his personal savings or a small Kickstarter project could design and put in an order with a chip-fabricator. This simplicity ensures that many people will do it and ASICs should become available. Conversely it is somewhat more difficult in comparison to make an hashcash-Scrypt(1) ASIC so perhaps it will prove in the mid-term actually worse for centralization, if a well funded commercial entity corners the market by having faster, but proprietary, not available on the market, hashcash-Scrypt(1) ASICs that render scrypt GPU mining unprofitable.

Note also a mitigating factor is that it is considered that hashcash-Scrypt(1) should offer less speed up from ASIC implementation vs GPUs than hashcash-SHA256^2. This is claimed because of the argument that the die area taken up by 128kB of RAM, which it might be thought must be dedicated to each Scrypt(1) core, would reduce the number of Scrypt(1) cores that fit per chip. Note however that Scrypt(1) is not actually securely memory-hard in that it makes no attempt to prevent time-memory tradeoffs, so it is actually possible to repeat the computation of internal rounds to reduce the memory requirement. In theory therefore it would be possible though more computation expensive to implement Scrypt(iter=1, mem=128kB) with minimal memory, just with more work. In hardware the time-memory tradeoff would be optimized to find the optimal amount of memory to use, and it is quite possible the optimal amount would be less than 128kB.

Hashcash-Scrypt(1) also has a disadvantage relative to hashcash-SHA256^2 in that it is significantly slower to verify, as the verification cost of one iteration of Scrypt(mem=128kB) is far higher than a two SHA256 hashes. This makes validating scrypt blockchains more CPU and memory intensive for all full nodes. Note however that the dominating CPU work of validation is the verification of the per transaction ECDSA signatures of the multiple transactions in a block. Even one ECDSA signature is slower than one Scrypt(1) verification which is done once per block, and there are many transactions (and so ECDSA signature verifications) to verify within a block.

Block chain

2022-04-08T16:25:34Z

Tris T7: /* Time chain */ edit ref

[[File:blockchain.png|thumb|Blocks in the main chain (black) are the longest series of blocks that go from the genesis block (green) to the current block. Purple blocks are blocks that are not in the longest chain and therefore not used.]]

A '''block chain''' is a transaction database shared by all [[Node|nodes]] participating in a system based on the Bitcoin protocol. A full copy of a currency's block chain contains every [[transaction]] ever executed in the currency. With this information, one can find out how much value belonged to each [[address]] at any point in history.

Every [[Blocks|block]] contains a [[hash]] of the previous block. This has the effect of creating a chain of blocks from the [[genesis block]] to the current block. Each block is guaranteed to come after the previous block chronologically because the previous block's hash would otherwise not be known. Each block is also computationally impractical to modify once it has been in the chain for a while because every block after it would also have to be regenerated. These properties are what make bitcoins transactions [[Irreversible Transactions|irreversible]]. The block chain is the main innovation of Bitcoin.

Honest generators only build onto a block (by referencing it in blocks they create) if it is the latest block in the longest valid chain. "Length" is calculated as total combined difficulty of that chain, not number of blocks, though this distinction is only important in the context of a few potential attacks. A chain is valid if all of the blocks and transactions within it are valid, and only if it starts with the genesis block.

For any block on the chain, there is only one path to the genesis block. Coming from the genesis block, however, there can be forks. One-block forks are created from time to time when two blocks are created just a few seconds apart. When that happens, generating nodes build onto whichever one of the blocks they received first. Whichever block ends up being included in the next block becomes part of the main chain because that chain is longer. More serious forks have occurred after fixing bugs that required backward-incompatible changes.

Blocks in shorter chains (or invalid chains) are not used for anything. When the bitcoin client switches to another, longer chain, all valid transactions of the blocks inside the shorter chain are re-added to the pool of queued transactions and will be included in another block. The reward for the blocks on the shorter chain will not be present in the longest chain, so they will be practically lost, which is why a network-enforced 100-block maturation time for generations exists.

These blocks on the shorter chains are often called "orphan" blocks. This is because the generation transactions do not have a parent block in the longest chain, so these generation transactions show up as orphan in the listtransactions RPC call. Several pools have misinterpreted these messages and started calling their blocks "orphans". In reality, these blocks have a parent block, and might even have children.

Because a block can only reference one previous block, it is impossible for two forked chains to merge.

It's possible to use the block chain algorithm for non-financial purposes: see [[Alternative chain]].

The block chain is broadcast to all nodes on the networking using a flood protocol: see [[Block chain download]].

== Time chain ==

[[Satoshi]] actually used the term time chain.<ref>[https://cryptoinsider.media/timechain-satoshis-original-vision-blockchain-bitcoin/ Timechain is Satoshi's Original Vision for Blockchain and Bitcoin, Crypto Insider], by Vlad Costea</ref> Only at a later point the word ''blockchain'' became in widespread use, but mostly by promoters of [[altcoin]]s and consulting agencies marketing their services to big corporations and governments.

== Blockchain nonsense ==

Blockchain is touted as a magical fairy dust solution that you can sprinkle over a problem and end up with an amazing solution. ICOs have perfected this art (often combining it with other buzz words like IoT and AI) and raised billions of dollars to deliver virtually nothing. If someone comes to you talking about a blockchain project: run if you don't know them. If they're a friend or family, explain to them that it's nonsense to use a blockchain without strong [[proof of work]] and an adequately decentralized network of nodes. 

[[Category:Technical]]
[[Category:Vocabulary]]

==See Also==
*[http://bitcoinproperly.org/ The real value of bitcoin and crypto currency technology - The Blockchain explained]

* [https://bitupper.com/en/explorer/bitcoin Bitupper Explorer] - Clean and fast web-based Bitcoin blockchain explorer
* [https://bitcoinchain.com BitcoinChain.com] - Bitcoin Live Platform that provides Block Explorer Service
* [[BlockChain.info]] - Utility site and [[EWallet]] provider of similar name
* [[BlockTrail.com]] - Advanced API and Block Explorer for Bitcoin
* [[Coinprism.info]] - Web based blockchain explorer for bitcoin and colored coin
* [[Biteasy|Biteasy.com]] - Web based blockchain explorer
* [http://www.blockr.io Blockr.io] - Web based blockchain explorer
* [https://bchain.info bchain.info] - Block Explorer for Bitcoin
[[ru:цепочка блоков]]

Full node

2022-04-08T16:16:09Z

Tris T7: /* Privacy */ edit ref

Any computer that connects to the Bitcoin [[network]] is called a '''node'''. Nodes that fully verify all of the rules of Bitcoin are called '''full nodes'''. The most popular software implementation of full nodes is called [[Bitcoin Core]], its latest release can be found [https://github.com/bitcoin/bitcoin/releases on the github page].

==What makes a full node?==

Full nodes download every block and transaction and check them against Bitcoin's consensus rules. Here are examples of consensus rules, though there are many more:
* Blocks may only [[controlled supply|create]] a certain number of bitcoins. (Currently 6.25 BTC per block.)
* Transactions must have correct signatures for the bitcoins being spent.
* Transactions/blocks must be in the correct data format.
* Within a single [[block chain]], a transaction output cannot be double-spent.

If a transaction or block violates the consensus rules, then it is absolutely rejected, even if every other node on the network thinks that it is valid. This is one of the most important characteristics of full nodes: they do what's right ''no matter what''. For full nodes, miners actually have fairly limited power: they can only reorder or remove transactions, and only by spending a lot of computing power. A powerful miner is able to execute [[Weaknesses#Attacker_has_a_lot_of_computing_power|some serious attacks]], but because full nodes rely on miners only for a few things, miners could not completely change or destroy Bitcoin.

Nodes that have different ''consensus'' rules are actually using two different networks/currencies. Changing any of the consensus rules requires a [[hard fork]], which can be thought of as creating a new currency and having everyone move to it. Consensus rules are different from ''policy'' rules, which specify how a node or miner prioritizes or discourages certain things. Policy rules can be changed freely, and different nodes can have different policy rules. Because all full nodes must use ''exactly'' the same consensus rules in order to remain compatible with each other, even duplicating bugs and oddities in the original consensus rules, creating a full node from scratch is extremely difficult and dangerous. It is therefore recommended that everyone who wishes to run a full node uses software based on the [[reference client]], which is the only client guaranteed to behave correctly.

At minimum, a full node must download every transaction that has ever taken place, all new transactions, and all block headers. Additionally, full nodes must store information about every unspent transaction output until it is spent. By default full nodes are inefficient in that they download each new transaction at least twice, and they store the entire block chain (more than 165 GB as of 20180214) forever, even though only the unspent transaction outputs (<2 GB) are required. Performance can improved by enabling <code>[https://bitcointalk.org/index.php?topic=1377345.0 -blocksonly]</code> mode and enabling [https://bitcoin.org/en/release/v0.12.0#wallet-pruning pruning].

===Archival Nodes===

A subset of full nodes also accept incoming connections and upload old blocks to other peers on the network. This happens if the software is run with <code>-listen=1</code> as is default. Contrary to some popular misconceptions, being an archival node is not necessary to being a full node. If a user's bandwidth is constrained then they can use <code>-listen=0</code>, if their disk space is constrained they can use pruning, all the while still being a fully-validating node that enforces bitcoin's consensus rules and contributing to bitcoin's overall security.

== Why should you use a full node wallet ==

==== Summary ====
Running a full node is the only way you can use Bitcoin in a trustless way. You will know for sure that all the rules of Bitcoin are being followed, for example that no bitcoins are spent not belonging to the owner, that no coins were spent twice, that no inflation happens outside of the [[Controlled_supply|schedule]] and that all the rules needed to make the system work (e.g. [[difficulty]]) are followed. Full nodes are currently the most [[Privacy|private]] way to use Bitcoin, with nobody else learning which bitcoin [[Address|addresses]] belong to you. Full nodes are the most secure way to use Bitcoin, they do not suffer from many attacks that affect lightweight wallets.

=== Economic strength ===

This is by far the most important reason for running a full node, though it is a little difficult to understand.

As explained previously, full nodes enforce the consensus rules no matter what. However, lightweight nodes do not do this. Lightweight nodes do whatever the majority of mining power says. Therefore, if most of the miners got together to increase their block reward, for example, lightweight nodes would blindly go along with it. If this ever happened, the network would split such that lightweight nodes and full nodes would end up on separate networks, using separate currencies. People using lightweight nodes would be unable to transact with people using full nodes. If all businesses and many users are using full nodes, then this network split is not a ''critical'' problem because users of lightweight clients will quickly notice that they can't send or receive bitcoins to/from most of the people who they usually do business with, and so they'll stop using Bitcoin until the evil miners are overcome, which is the appropriate response. ''However'', if almost everyone on the network is using lightweight nodes in this situation, then everyone would continue being able to transact with each other, and so Bitcoin could very well end up "hijacked" by evil miners.

In practice, miners are unlikely to attempt anything like the above scenario as long as full nodes are prevalent because the miners would lose a lot of money. But the incentives completely change if everyone uses lightweight nodes. In that case, miners definitely ''do'' have an incentive to change Bitcoin's rules in their favor. It is only reasonably secure to use a lightweight node ''because'' most of the Bitcoin economy uses full nodes.

Therefore, it is critical for Bitcoin's survival that the great majority of the Bitcoin economy be backed by full nodes, not lightweight nodes. This is especially important for Bitcoin businesses, which have more economic weight. To contribute to Bitcoin's economic strength, you must actually use a full node for your real transactions (or use a lightweight node connected to a full node that you personally control). Just running a full node on a server somewhere does not contribute to Bitcoin's economic strength.

More details https://www.reddit.com/r/BitcoinBeginners/comments/3eq3y7/full_node_question/ctk4lnd

=== Privacy ===

Downloading the entire blockchain is the most private way to operate a wallet. All other lightweight solutions leak information about which addresses are yours because they must query third-party servers. The Electrum servers will know which addresses belong to you and can link them together. Despite bloom filtering, SPV nodes based on BitcoinJ [[BIP37 privacy problems|do not provide much privacy]] against nodes who connected directly to the wallet.<ref>[https://jonasnick.github.io/blog/2015/02/12/privacy-in-bitcoinj/ Privacy in BitcoinJ ]</ref>

For some use cases, such privacy may not be required. But an important reason to run a full node and use it as a wallet is to get the full privacy benefits.

=== Security ===

Lightweight nodes are sometimes able to be temporarily tricked into accepting transactions or blocks that are not actually valid. This could cause serious financial damage, especially for websites that automatically process Bitcoin transactions. Full nodes provide the maximum security possible, and so they should be used by all businesses, and also by regular users whenever doing so is convenient.

=== Network services ===

Full nodes may provide various services to other network participants (if the software is run with <code>-listen=1</code> as is default). This is especially important for lightweight nodes.

These services include:
* Filtering transactions and blocks on behalf of lightweight nodes so that lightweight nodes do not need to download every transaction ever made on the network in order to find their own transactions.
* Serving historical full blocks to nodes that have been offline for a while.
* Transmitting new transactions from users to miners.
* Broadcasting new blocks from miners to other nodes.

For the most part, these services are only usefully performed by full nodes that are listening on port 8333. The more full nodes that accept incoming connections there are, the more users the Bitcoin network can support. Although if there is ever a shortage, lots of archival nodes can be easily created by cheaply renting VPS or AWS space.

=== Some are incentivizing it ===
Bitnodes ran a program to incentivize full node operators until the end of 2015.<ref>[https://bitcoinmagazine.com/19620/bitnodes-project-issues-first-incentives-node-operators/ Bitnodes Project Issues First Incentives For Node Operators by Joel Dalas] of [http://bitcoinmagazine.com/ Bitcoin Magazine]; cf. https://blog.bitcoinfoundation.org/bitnodes-project-2015-q1-report-peer-index-and-incentivized-full-nodes/</ref>

== How to run a full node ==

If you run the [[Bitcoin Core]]/[[bitcoind]] wallet, you are running a full node. If you open port 8333, you will contribute to the network's capacity. If you actually use the wallet feature, or if you use a lightweight client like [[MultiBit]] but configure it to connect exclusively to your full node, then you will contribute to the network's economic strength and receive protection from some possible attacks against lightweight nodes.

There are a few alternate full node implementations, but they are not recommended for serious use because it is currently difficult to determine whether they implement the consensus rules with 100% accuracy. Even very slight inaccuracies could cause serious problems for the users of these alternate clients. Example of implementations [https://bitcore.io/guides/full-node/ Bitcore], [[libbitcoin]], [[btcd]].

=== Tips and tricks for running a node ===

For [[Bitcoin Core]]:

* Bandwidth consumption can be reduced using this guide: https://btcinformation.org/en/full-node#reduce-traffic

* Requirement for disk space can be reduced using this guide: https://btcinformation.org/en/full-node#reduce-storage See also the [https://github.com/bitcoin/bitcoin/blob/v0.11.0/doc/release-notes.md#block-file-pruning release notes which explain pruning].

* This site has a nice predefined template for generating bitcoin config files https://jlopp.github.io/bitcoin-core-config-generator/

* Improve sync speed by increasing the dbcache value in configuration. This value controls how many megabytes of RAM to use for the database cache, increase it to as much as your hardware allows to reduce the disk operations and increase speed.

* To store the blockchain files on an external hard drive use <tt>-datadir</tt>. e.g. <tt>-datadir=/path/to/your/bitcoin/directory</tt>.

* Store the chainstate directory on an SSD drive to improve the speed.<ref>[https://www.reddit.com/r/Bitcoin/comments/7iaa3t/if_you_run_a_full_node_on_a_hdd_put_your/ If you run a full node on a hdd put your chainstate directory on an external ssd].</ref>
** See [[Splitting the data directory]]

See Also: [[Running Bitcoin]]

== See Also ==

* [[Clearing Up Misconceptions About Full Nodes]]

* [[Why Your Business Should Use a Full Node to Accept Bitcoin]]

* [[Bitcoin is not ruled by miners]]

==References==
<references />

[[Category:Technical]]
[[Category:Privacy]]

{{Bitcoin Core documentation}}

Bitcoin Core

2022-04-08T16:14:11Z

Tris T7: edit ref

'''Bitcoin Core''' (formerly '''Bitcoin-Qt''') is the third [[Bitcoin]] [[Clients|client]], developed by [[Wladimir van der Laan]] based on the original reference code by [[Satoshi Nakamoto]].<ref>https://gavintech.blogspot.co.uk/2012/03/full-disclosure-bitcoin-qt-on-windows.html, Full disclosure: Bitcoin-Qt on Windows vulnerability, 21st October 2012</ref><ref>https://nvd.nist.gov/vuln/detail/CVE-2012-4682, Vulnerability Summary for CVE-2012-4682, 21st October 2012</ref> It has been bundled with [[bitcoind]] since version 0.5. Bitcoin-Qt has been rebranded to '''[[Bitcoin Core]]''' since version 0.9.0.<ref name="Rebranding to Bitcoin Core">{{cite web|title=Bitcoin Core version 0.9.0 released|url=https://bitcoin.org/en/release/v0.9.0|publisher=Bitcoin.org|accessdate=19 March 2014}}</ref>

Bitcoin Core can be used as a desktop client for regular payments or as a server utility for merchants and other payment services.

===Current version===
Source code (and build instructions for supported platforms) can be found on the [https://github.com/bitcoin/bitcoin Bitcoin GitHub page].

==Features==
* Most popular software implementation of a bitcoin [[full node]]. Provides trustless validation that all of bitcoin's consensus rules are being followed.
* Has an RPC interface allowing developers to interface with Core and access the bitcoin currency trustlessly.
* Has a GUI frontend, Bitcoin-Qt, allowing ordinary users to use bitcoin with full validation.
* Compatibility with Linux (both GNOME and KDE), Mac OS X and Windows
* All functionality of the original wxWidgets client
* Asks for confirmation before sending coins
* CSV export of transactions
* Clearer transaction list with status icons and real-time filtering
* Progress bar on initial block download
* Languages: Dutch, English, German, Chinese and many more. Translations are being done by volunteers on [https://www.transifex.com/projects/p/bitcoin/ Transifex].
* Sendmany support in UI (send to multiple recipients in one transaction)
* Multiple [[Units|unit]] support, can show subdivided bitcoins (mBTC, µBTC) for users that like large numbers (only decimal units)
* Splash screen that details progress
* Debug window
* Payment requests (BIP 70)
* Coin control
* Bitcoin Core uses OpenTimestamps.org to timestamp merge commits.<ref>{{cite web|url=https://github.com/bitcoin/bitcoin/blob/ebd786b72a2a15143d7ef4ea2229fef121bd8f12/contrib/devtools/README.md#create-and-verify-timestamps-of-merge-commits|title=Bitcoin Core devtools README - Create and verify timestamps of merge commits|date=|website=GitHub|archive-url=|archive-date=|accessdate=May 5, 2018}}</ref>
* Checkpoints which have been hard coded into the client are used only to prevent Denial of Service attacks against nodes which are initially syncing the chain. For this reason the checkpoints included are only as of several years ago.<ref name="check">{{cite web |url=https://github.com/bitcoin/bitcoin/blob/master/src/checkpoints.cpp |title=checkpoints.cpp |work=Repository source code |publisher=GitHub, Inc. |accessdate=13 November 2016 }}</ref><ref>{{cite web |title=bitcoin/chainparams.cpp |url=https://github.com/bitcoin/bitcoin/blob/master/src/chainparams.cpp |website=GitHub |accessdate=21 October 2018}}</ref>
* A network alert system was included by Satoshi Nakamoto as a way of informing users of important news regarding bitcoin.<ref name="asr">{{cite web |url=https://bitcoin.org/en/alert/2016-11-01-alert-retirement |title=Alert System Retirement |date=1 November 2016 |publisher=Bitcoin Project |accessdate=16 November 2016 }}</ref> In November 2016 it was retired. It had become obsolete as news on bitcoin is now widely disseminated.

== Naming Controversy ==

Some people like Peter Todd, Luke-jr and Greg Maxwell warned against the renaming to Bitcoin Core because it implied a centralization.<ref>https://www.reddit.com/r/Bitcoin/comments/60jmq2/a_proposal_for_and_demo_of_a_new_bitcoin_address/df73k2h/</ref><ref>https://www.reddit.com/r/Bitcoin/comments/60owl3/did_you_know_that_bitcoin_core_opposed_its_own/</ref><ref>https://bitcoinfoundation.org/forum/index.php?/topic/95-new-name-for-bitcoin-qt-bitcoind/&</ref>.

Bitcoin Core right now may be the most popular or "reference" [[full node]] implementation, but that status depends on the [[economic majority]] continuing to use it<ref>https://bitcoinmagazine.com/articles/a-primer-on-bitcoin-governance-or-why-developers-aren-t-in-charge-of-the-protocol-1473270427/</ref>. Should one day come where another implementation overtakes it economically, that implementation would become the reference implementation. In one situation in 2017 significant parts of the economy moved to the BIP148 [[UASF]] implementation<ref>https://bitcoinmagazine.com/articles/long-road-segwit-how-bitcoins-biggest-protocol-upgrade-became-reality/</ref> and then moved back to Core after BIP148 was successful. The point here is that Bitcoin Core does not control bitcoin and the naming "Core" is misleading in that respect.

On the other hand, many people are happy with the name Bitcoin Core and continue to use it. As long as it's emphasized that Bitcoin Core is just one possible software implementation of bitcoin that people are free to use or not use.

==Development==
The original creator of the bitcoin client has described their approach to the software's authorship as it being written first to prove to themselves that the concept of purely peer-to-peer electronic cash was valid and that a paper with solutions could be written. The lead developer is Wladimir J. van der Laan, who took over the role on 8 April 2014.<ref name="hunt"/> [[Gavin Andresen]] was the former lead maintainer for the software client. Andresen left the role of lead developer for bitcoin to work on the strategic development of its technology.<ref name="hunt">Bitcoin: The Hunt of Satoshi Nakamoto, Alex Preukschat, Josep Busquet, 2015, Europe Comics, ISBN 9791032800201, page 87 [https://play.google.com/store/books/details?id=438FCwAAQBAJ]</ref> Bitcoin Core developers have been in charge of bitcoin's development since [[Satoshi Nakamoto]] left the project.<ref name="wtbf">{{Cite news |url=https://www.forbes.com/sites/laurashin/2017/10/23/will-this-battle-for-the-soul-of-bitcoin-destroy-it/#62d19db23d3c |title=Will This Battle For The Soul Of Bitcoin Destroy It? |author=Laura Shin |accessdate=14 April 2018 |date=23 October 2017 |work=Forbes }}</ref> Bitcoin Core in 2015 was central to a dispute with [[Bitcoin XT]], a competing client that sought to increase the blocksize.<ref name="NewYorker">{{Cite news |url=https://www.newyorker.com/business/currency/inside-the-fight-over-bitcoins-future
|title=Inside the Fight Over Bitcoin’s Future |author=Maria Bustillos |accessdate=29 June 2020 |date=25 August 2015 |work=New Yorker}}</ref> Over a dozen different companies and industry groups fund the development of Bitcoin Core.<ref>{{cite web|url=https://blog.bitmex.com/who-funds-bitcoin-development/|title=Who Funds Bitcoin Development?|date=2020-03-28|publisher=BitMex Research|access-date=2020-06-30}}</ref>

[https://www.youtube.com/watch?v=FIt7GLxxIpY Visualization of code changes during 2015]

==Version history==
Bitcoin 0.1 was released on 9 January 2009 by Satoshi Nakamoto with only Windows supported. This was followed by some minor bug fixing versions. On 16 December 2009 Bitcoin 0.2 was released. It included a Linux version for the first time and made use of multi-core processors for mining. In version 0.3.2 Nakamoto included checkpoints as a safeguard. After the release of version 0.3.9, Satoshi Nakamoto left the project and shortly after stopped communicating on online forums.

Between 2011 and 2013 new versions of the software were released at Bitcoin.org.<ref name="abo">{{cite web |url=https://bitcoin.org/en/about-us#sponsorship |title=About bitcoin.org |publisher=Bitcoin Project |accessdate=14 November 2016 }}</ref> Developers wanted to differentiate themselves as creators of software rather than advocates for bitcoin and so now maintain bitcoincore.org for just the software.

Bitcoin-Qt version 0.5.0 was released on 1 November 2011. It introduced a front end that uses the Qt user interface toolkit.<ref name="bqt">{{cite web |url=https://bitcoin.org/en/release/v0.5.0 |title=Bitcoin-Qt version 0.5.0 released |date=1 November 2011 |publisher=Bitcoin Project |accessdate=13 November 2016 }}</ref> The software previously used Berkeley DB for database management. Developers switched to LevelDB in release 0.8 in order to reduce blockchain synchronization time ([[initial block download]], beware, a misnomer). The update to this release resulted in a minor blockchain fork on the 11 March 2013. The fork was resolved shortly afterwards. Seeding nodes through Internet Relay Chat was discontinued in version 0.8.2. From version 0.9.0 the software was renamed to Bitcoin Core. Transaction fees were reduced again by a factor of ten as a means to encourage microtransactions. Although Bitcoin Core does not use OpenSSL for the operation of the network, the software did use OpenSSL for remote procedure calls. Version 0.9.1 was released to remove the network's vulnerability to the Heartbleed bug.

Release 0.10 was made public on 16 February 2015. It introduced a consensus library which gave programmers easy access to the rules governing consensus on the network. In version 0.11.2 developers added a new feature which allowed transactions to be made unspendable until a specific time in the future.<ref name="v0.11.2">{{cite web |url=https://bitcoin.org/en/release/v0.11.2 |title=Bitcoin Core version 0.11.2 released |date=13 November 2015 |publisher=Bitcoin Project |accessdate=14 November 2016 }}</ref> Bitcoin Core 0.12.1 was released on April 15, 2016 and enabled multiple soft forks to occur concurrently.<ref name="0.12.1rel">{{Cite news |url=http://www.nasdaq.com/article/bitcoin-core-0121-released-major-step-forward-for-scalability-cm607209 |title=Bitcoin Core 0.12.1 Released, Major Step Forward for Scalability |author=Kyle Torpey |accessdate=7 November 2016 |date=15 April 2016 |work=Bitcoin Magazine |publisher=NASDAQ.com }}</ref> Around 100 contributors worked on Bitcoin Core 0.13.0 which was released on 23 August 2016.

In July 2016, the CheckSequenceVerify soft fork activated.<ref>Mastering Bitcoin: Programming the Open Blockchain. Quote "BIP-68 and BIP-112 were activated in May 2016 as a soft fork upgrade to the consensus rules."</ref>

In October 2016, Bitcoin Core’s 0.13.1 release featured the "[[Segwit]]" soft fork that included a scaling improvement aiming to optimize the bitcoin blocksize. The patch which was originally finalised in April, and 35 developers were engaged to deploy it. This release featured Segregated Witness ([[SegWit]]) which aimed to place downward pressure on transaction fees as well as increase the maximum transaction capacity of the network.<ref name="rel13.1">{{cite web |url=https://bitcoincore.org/en/releases/0.13.1/ |title=Bitcoin Core 0.13.1 |publisher=Bitcoin Core |accessdate=25 October 2016 }}</ref> The 0.13.1 release endured extensive testing and research leading to some delays in its release date. SegWit prevents various forms of transaction malleability.<ref name="swb">{{cite web|url=https://bitcoincore.org/en/2016/01/26/segwit-benefits/|title=Segregated Witness Benefits|last=|first=|date=January 26, 2016|work=Bitcoin Core|archive-url=|archive-date=|accessdate=October 20, 2018}}</ref>

In September 2018, a Bitcoin Cash developer discovered the vulnerability CVE 2018-17144 in the Bitcoin Core software that could allow an attacker to crash vulnerable Bitcoin Core nodes and exceed the 21 million coin limit.<ref>{{Cite news|url=https://bitcoincore.org/en/2018/09/20/notice/|title=CVE-2018-17144 Full Disclosure|work=Bitcoin Core|access-date=2018-09-23|language=en}}</ref>

==Bitcoin Improvement Proposals==
A [[Bitcoin Improvement Proposal]] (BIP) is a design document, typically describing a new feature for Bitcoin with a concise technical specification of the feature and the rationale for it. Bitcoin Core implements some of these design documents.

==See also==

* [[bitcoind]]
* [[Full node]]
* [[Bitcoin Knots]]
* [[QBitcoin]]

==External Links==

* [https://bitcoin.org/en/download Download link at bitcoin.org]
* [https://bitcoin.org/en/version-history Version history]
* [https://bitcoincore.org/ Bitcoin Core website]
* [https://bitcointalk.org/index.php?topic=15276.0 Forum thread] (includes screenshots)
* [https://github.com/bitcoin/bitcoin Current GitHub repository shared with bitcoind]

== References ==

<references/>

[[es:Bitcoin-Qt]]

[[Category:User Interfaces]]
[[Category:Frontends]]
[[Category:Free Software]]
[[Category:Open Source]]

{{Bitcoin Core documentation}}

Satoshi Nakamoto

2022-04-08T16:10:14Z

Tris T7: /* Possible Motives */ edited ref space

:''For the unit, see [[satoshi (unit)]].''
'''Satoshi Nakamoto''' is the founder of [[Bitcoin]] and initial creator of the [[Original Bitcoin client]]. He has said in a P2P foundation profile<ref name="p2p_f_profile">[http://p2pfoundation.ning.com/profile/SatoshiNakamoto Satoshi Nakamoto profile on P2P Foundation]</ref> that he is from Japan. Beyond that, not much else is known about him and his identity. He has been working on the Bitcoin project since 2007.<ref>[https://bitcointalk.org/index.php?topic=13.msg46#msg46 Re: Questions about Bitcoin]</ref>

His involvement in the Bitcoin project had tapered and by late 2010 it has ended. The most recent messages reportedly indicate that Satoshi is "gone for good"<ref>[http://bitcoinstats.com/irc/bitcoin-dev/logs/2011/04/26#l1303826036.0 Transcript of #bitcoin-dev for 2011/04/26]</ref>.

==Possible Motives==
He left some clues about why he is doing this project with the inclusion of the following text in the [[Genesis block]], "The Times 03/Jan/2009 Chancellor on brink of second bailout for banks".

Some interesting quotes:
<blockquote>Yes, [we will not find a solution to political problems in cryptography,] but we can win a major battle in the arms race and gain a new territory of
freedom for several years.

Governments are good at cutting off the heads of a centrally controlled
networks like Napster, but pure P2P networks like Gnutella and Tor seem to be
holding their own.<ref>[http://www.mail-archive.com/cryptography@metzdowd.com/msg09971.html Re: Bitcoin P2P e-cash paper Fri, 07 Nov 2008 09:30:36 -0800]</ref></blockquote>

<blockquote>It's very attractive to the libertarian viewpoint if we can explain it
properly. I'm better with code than with words though.<ref>[http://www.mail-archive.com/cryptography@metzdowd.com/msg10001.html Re: Bitcoin P2P e-cash paper Fri, 14 Nov 2008 14:29:22]</ref></blockquote>

==Possible identity==
His identity and nationality are unknown.

He is entirely unknown outside of Bitcoin as far as anyone can tell, and his (never used) PGP key was created just months prior to the date of the genesis block. He seems to be very familiar with the cryptography mailing list, but there are no non-Bitcoin posts from him on it. He has used an email address from an anonymous mail hosting service (vistomail) as well as one from a free webmail account (gmx.com) and sends mail when connected via Tor. Some have speculated that his entire identity was created in advance in order to protect himself or the network. Perhaps he chose the name Satoshi because it can mean "wisdom" or "reason" and Nakamoto can mean "Central source".

Ultimately the design of Bitcoin and its use of cryptographic proof and fully open implementation is one that makes its creator, in a sense, irrelevant and only of interest for historical reasons.

==External links==
* [http://bitcointalk.org/Satoshi_Nakamoto.asc Satoshi's PGP public key]
* [http://www.bitcoin.org/bitcoin.pdf Bitcoin: A Peer-to-Peer Electronic Cash System] Paper
* <s>[http://sourceforge.net/users/s_nakamoto SourceForge page]</s> this link is invalid as of [https://timestamps.glencooper.com/ 20190522T0153Z] :-(
* [http://nakamotoinstitute.org Satoshi Nakamoto Institute]

==References==
<references/>

[[de:Satoshi Nakamoto]]
[[es:Satoshi Nakamoto]]

[[Category:People]]

Bitcoin

2022-04-08T12:01:45Z

Tris T7: edit reference

'''Bitcoin''' is a decentralized [[digital currency]] created by an unknown person or group of people under the name [[Satoshi Nakamoto]] and released as open-source software in 2009. It does not rely on a central server to process transactions or store funds. There are a maximum of 2,099,999,997,690,000 bitcoin elements (called satoshis, the unit has been named in collective homage to the original creator), which are currently most commonly measured in units of 100,000,000 known as BTC. There will only ever be 21 million bitcoin (BTC) to ever be created.

{{As of|January 2018}}, it is the most widely used alternative currency,<ref name="Quantitative Analysis of the Full Bitcoin Transaction Graph">{{cite web|title=Quantitative Analysis of the Full Bitcoin Transaction Graph|url=https://eprint.iacr.org/2012/584.pdf|publisher=Cryptology ePrint Archive|accessdate=18 October 2012|author=Ron Dorit|coauthors=Adi Shamir|page=17|quote=The Bitcoin system is the best known and most widely used alternative payment scheme,...}}</ref><ref name="Cryptocurrency Market Capitalization">{{Cite web|title=Coinmarketcap.com|url=https://coinmarketcap.com/}}</ref> now with the total market cap around 250 billion US dollars.<ref>{{cite web|title=Market Capitalization|url=https://coinmarketcap.com/currencies/bitcoin/|publisher=Coinmarketcap.com|accessdate=10 January 2018}}</ref>

Bitcoin has no central issuer; instead, the peer-to-peer network regulates bitcoins, transactions and issuance according to consensus in network software. These transactions are verified by network nodes through the use of cryptography and recorded in a public distributed ledger called a blockchain.

Bitcoins are issued to various nodes that verify transactions through computing power;
it is established that there will be a limited and scheduled release of no more than BTC 21 million worth of coins, which will be fully issued by the year 2140.

Bitcoins are created as a reward for a process known as mining. They can be exchanged for other currencies, products, and services. As of February 2015, over 100,000 merchants and vendors accepted bitcoins as payment. Research produced by the University of Cambridge estimates that in 2017, there were 2.9 to 5.8 million unique users using a cryptocurrency wallet, most of them using Bitcoin.

Internationally, bitcoins can be exchanged and managed through various websites and [[software]] along with physical banknotes and coins.<ref>{{Cite web|title=Physical Bitcoins by Casascius|url=https://www.casascius.com/|publisher=Casascius Coins|accessdate=29 September 2012}}</ref><ref>{{Cite web|title=Bitbills|url=http://www.bitbills.com/|publisher=Bitbills|accessdate=29 September 2012}}</ref>

==History==
{{main|History}}

A cryptographic system for untraceable payments was first described by David Chaum in 1982.<ref>[http://blog.koehntopp.de/uploads/Chaum.BlindSigForPayment.1982.PDF David Chaum, Blind signatures for untraceable payments], Advances in Cryptology - Crypto '82, Springer-Verlag (1983), 199–203.</ref> In 1990 Chaum extended this system to create the first cryptographic anonymous electronic cash system.,<ref>{{cite journal|journal=Lecture Notes in Computer Science|last1=Chaum|first1=David|last2=Fiat|first2=Amos|last3=Naor|first3=Moni|title=Untraceable Electronic Cash|url=http://blog.koehntopp.de/uploads/chaum_fiat_naor_ecash.pdf}}</ref> which became known as ecash.
<ref>{{cite web|url=https://www.wired.com/wired/archive/2.12/emoney.html|publisher=Wired|title=E-Money (That's What I Want)|date=1994–2012|author=Steven Levy}}</ref> In 1998 [[Wei Dai]] published a description of an anonymous, distributed electronic cash system which he called "b-money".<ref>{{cite web|title=B-Money|url=http://www.weidai.com/bmoney.txt|author=Wei Dai|year=1998}}</ref> Around the same time, Nick Szabo created ''bit gold''.<ref>{{cite web|url=https://spectrum.ieee.org/computing/software/bitcoin-the-cryptoanarchists-answer-to-cash/0|title=Bitcoin: The Cryptoanarchists’ Answer to Cash|publisher=IEEE Spectrum|quote=Around the same time, Nick Szabo, a computer scientist who now blogs about law and the history of money, was one of the first to imagine a new digital currency from the ground up. Although many consider his scheme, which he calls “bit gold,” to be a precursor to Bitcoin}}</ref><ref name="bitgold">{{cite web|title=Bit gold|url=https://unenumerated.blogspot.co.uk/2005/12/bit-gold.html|author=Nick Szabo|quote=My proposal for bit gold is based on computing a string of bits from a string of challenge bits, using functions called variously "client puzzle function," "proof of work function," or "secure benchmark function.". The resulting string of bits is the proof of work.... The last-created string of bit gold provides the challenge bits for the next-created string.}}</ref> Like Bitcoin, ''Bit gold'' was a currency system where users would compete to solve a [[proof of work]] function, with solutions being cryptographically chained together and published via a distributed property title registry. A variant of ''Bit gold'', called ''Reusable Proofs of Work'', was implemented by Hal Finney.<ref name="bitgold"/>

In 2008, Satoshi Nakamoto published a [[Bitcoin_white_paper|paper]]<ref name="whitepaper">{{cite web
|last= Nakamoto
|first= Satoshi
|title= Bitcoin: A Peer-to-Peer Electronic Cash System
|url= http://www.cs.kent.edu/~JAVED/class-P2P12F/papers-2012/PAPER2012-p2p-bitcoin-satoshinakamoto.pdf
|accessdate = 14 December 2010
|date= 24 May 2009
|postscript=
}}</ref><ref>{{cite web
|url= https://article.gmane.org/gmane.comp.encryption.general/12588/
|title= Bitcoin P2P e-cash paper
}}</ref> on The Cryptography Mailing list at metzdowd.com<ref>[https://www.mail-archive.com/search?l=cryptography@metzdowd.com&q=from:%22Satoshi+Nakamoto%22 Satoshi's posts to Cryptography mailing list]</ref> describing the Bitcoin protocol.

The Bitcoin network came into existence on 3 January 2009 with the release of the first Bitcoin client, [[wxBitcoin]], and the issuance of the first bitcoins.<ref>{{cite web |title=Block 0 – Bitcoin Block Explorer |url=https://blockexplorer.com/block/000000000019d6689c085ae165831e934ff763ae46a2a6c172b3f1b60a8ce26f }}</ref><ref>{{cite web |url=https://www.mail-archive.com/cryptography@metzdowd.com/msg10142.html |title=Bitcoin v0.1 released}}</ref><ref>{{cite web |url=https://sourceforge.net/news/?group_id=244765 |title=SourceForge.net: Bitcoin}}</ref>
A year after, the initial exchange rates for Bitcoin were set by individuals on the bitcointalk forums.{{Citation needed|date=October 2012}} The most significant transaction involved a BTC 10,000 pizza.<ref>{{cite web|title=The Rise and Fall of Bitcoin|url=https://www.wired.com/magazine/2011/11/mf_bitcoin/|publisher=Wired|accessdate=13 October 2012}}</ref>
Today, the majority of bitcoin exchanges occur on the [[Bitstamp]] bitcoin exchange.<ref>{{cite web | title = Exchange volume distribution | work = by market | publisher = [[Bitcoin Charts]] | date = 15 April 2014 | url = https://bitcoincharts.com/charts/volumepie/ | accessdate = 15 April 2014 }}</ref>

In 2011, Wikileaks,<ref>{{cite news
|last= Greenberg
|first= Andy
|url= http://blogs.forbes.com/andygreenberg/2011/06/14/wikileaks-asks-for-anonymous-bitcoin-donations/
|title= WikiLeaks Asks For Anonymous Bitcoin Donations – Andy Greenberg – The Firewall – Forbes
|publisher= Blogs.forbes.com
|date= 14 June 2011
|accessdate = 22 June 2011
}}</ref> [[Freenet]],<ref>{{cite web
|url= https://freenetproject.org/donate.html
|title= /donate
|publisher= The Freenet Project
|date=
|accessdate = 22 June 2011
}}</ref> Singularity Institute,<ref>[http://singinst.org/donate/ SIAI donation page]</ref> Internet Archive,<ref>[https://www.archive.org/donate/index.php Internet Archive donation page]</ref> Free Software Foundation<ref>[https://my.fsf.org/donate/other/ Other ways to donate]</ref> and others, began [[Receiving_donations_with_bitcoin|to accept donations in bitcoins]]. The Electronic Frontier Foundation did so for a while but has since stopped, citing concerns about a lack of legal precedent about new currency systems, and because they "generally don't endorse any type of product or service".<ref>{{cite web
|url= https://www.eff.org/deeplinks/2011/06/eff-and-bitcoin
|title= EFF and Bitcoin | Electronic Frontier Foundation
|publisher= Eff.org
|date= 14 June 2011
|accessdate = 22 June 2011
}}</ref> Some small businesses had started to adopt Bitcoin. LaCie, a public company, accepts bitcoins for its Wuala service.<ref>{{Cite web|url=http://www.wuala.com/en/bitcoin |title=Secure Online Storage – Backup. Sync. Share. Access Everywhere |publisher=Wuala |date= |accessdate = 24 January 2012}}</ref>

In 2012, BitPay reports of having over 1000 merchants accepting bitcoins under its payment processing service.<ref>{{cite web|title=BitPay Signs 1,000 Merchants to Accept Bitcoin Payments|url=http://www.americanbanker.com/issues/177_176/bitpay-signs-1000-merchants-to-accept-bitcoin-payments-1052538-1.html|publisher=American Banker|accessdate=12 October 2012}}</ref>

==Administration==
Bitcoin is administered through a decentralized peer-to-peer network.<ref name="whitepaper"/> Cryptographic technologies and the peer-to-peer network of computing power enables users to make and verify irreversible, instant online bitcoin payments, without an obligation to trust and use centralized banking institutions and authorities. Dispute resolution services are not made directly available. Instead it is left to the users to verify and trust the parties they are sending money to through their choice of methods.

Bitcoins are issued according to rules agreed to by the majority of the computing power within the Bitcoin network. The core rules describing the predictable issuance of bitcoins to its verifying servers, a voluntary and competitive transaction fee system and the hard limit of no more than BTC 21 million issued in total.<ref name="whitepaper"/>

Bitcoin does not require a central bank, State,<ref>{{cite web
|url= https://spectrum.ieee.org/computing/software/bitcoin-the-cryptoanarchists-answer-to-cash/3
|title= Bitcoin: The Cryptoanarchists' Answer to Cash
|publisher= IEEE.org
|date= June 2012
|accessdate = 5 June 2012
}}</ref> or incorporated backers.

==Services==
{{main|Wallet}}

Bitcoins are sent and received through software and websites called wallets. They send and confirm transactions to the network through Bitcoin addresses, the identifiers for users' Bitcoin wallets within the network.<ref name="whitepaper"/>

===Bitcoin addresses===
{{main|Address}}

Payments are made to Bitcoin "addresses": human-readable strings of numbers and letters around 33 characters in length, always beginning with the digit 1 or 3, as in the example of ''31uEbMgunupShBVTewXjtqbBv5MndwfXhb''.

Users obtain new Bitcoin addresses from their Bitcoin software. Creating a new address can be a completely offline process and require no communication with the Bitcoin network. Web services often generate a new Bitcoin address for every user, allowing them to have their custom deposit addresses.{{dubious}}

===Transaction fees===
{{main|Transaction fees}}
Transaction fees may be included with any transfer of bitcoins. While it's technically possible to send a transaction with zero fee, {{as of|2017|lc=on}} it's highly unlikely that one of these transactions confirms in a realistic amount of time, causing most nodes on the network to drop it. For transactions which consume or produce many outputs (and therefore have a large data size), higher transaction fees are usually expected.

===Confirmations===
{{main|Confirmation}}

The network's software confirms a transaction when it records it in a block. Further blocks of transactions confirm it even further. After six confirmations/blocks, a transaction is confirmed beyond reasonable doubt.

The network must store the whole transaction history inside the blockchain, which grows constantly as new records are added and never removed. Nakamoto conceived that as the database became larger, users would desire applications for Bitcoin that didn't store the entire database on their computer. To enable this, the blockchain uses a [[merkle tree]] to organize the transaction records in such a way that client software can locally delete portions of its own database it knows it will never need, such as earlier transaction records of bitcoins that have changed ownership multiple times.

==Economics==

===Initial distribution===

Bitcoin has no centralized issuing authority.<ref name="ars-06-08-11">
{{Cite news
|first= Thomas
|last= Lowenthal
|title= Bitcoin: inside the encrypted, peer-to-peer digital currency
|newspaper= Ars Technica
|date= 8 June 2011
|url= https://arstechnica.com/tech-policy/news/2011/06/bitcoin-inside-the-encrypted-peer-to-peer-currency.ars
}}</ref><ref>{{cite news
|author= Sponsored by
|url= http://www.economist.com/blogs/babbage/2011/06/virtual-currency
|title= Virtual currency: Bits and bob
|publisher= The Economist
|date=
|accessdate = 22 June 2011
}}</ref><ref>{{cite web
|last= Geere
|first= Duncan
|url= https://www.wired.co.uk/news/archive/2011-05/16/bitcoin-p2p-currency
|title= Peer-to-peer currency Bitcoin sidesteps financial institutions (Wired UK)
|publisher= Wired.co.uk
|date=
|accessdate = 22 June 2011
}}</ref> The network is programmed to increase the money supply as a geometric series until the total number of bitcoins reaches 21 million.<ref name="Quantitative Analysis of the Full Bitcoin Transaction Graph"/> {{As of|2012|10}} slightly over 10 million of the total BTC 21 million had been created; the current total number created is available online.<ref>{{cite web
|title= Total Number of Bitcoins in Existence
|url= https://blockexplorer.com/q/totalbc
|work= Bitcoin Block Explorer
|accessdate = 3 October 2012
}}</ref> By 2013 half of the total supply will have been generated, and by 2017, three-quarters will have been generated. To ensure sufficient granularity of the [[money supply]], clients can divide each BTC unit down to eight decimal places (a total of 2.1 × 1015 or 2.1 quadrillion units).<ref name="lwn">{{Cite news
|author= Nathan Willis
|date= 10 November 2010
|title= Bitcoin: Virtual money created by CPU cycles
|publisher= LWN.net
|url= https://lwn.net/Articles/414452/
}}</ref>

The network {{As of|2012|lc=on}} required over one million times more work for confirming a block and receiving an award (BTC 25 {{As of|2012|2|lc=on}}) than when the first blocks were confirmed.
The difficulty is automatically adjusted every 2016 blocks based on the time taken to find the previous 2016 blocks such that one block is created roughly every 10 minutes.

Those who chose to put computational and electrical resources toward mining early on had a greater chance at receiving awards for block generations. This served to make available enough processing power to process blocks. Indeed, without miners there are no transactions and the bitcoin economy comes to a halt.

===Exchange rate===
Prices fluctuate relative to goods and services more than more widely accepted currencies;
the price of a bitcoin is not static.

In August 2012, 1 bitcoin traded at around US$10.00. Taking into account the total number of bitcoins mined, the monetary base of the Bitcoin network stands at over USD 110 million.<ref>[http://www.bitcoinwatch.com/ http://www.bitcoinwatch.com/] Bitcoin statistics</ref>

== Anonymity ==
{{main|Anonymity & Security}}

=== Transactions ===

While using bitcoins is an excellent way to make your purchases, donations, and p2p payments without losing money through inflated transaction fees, transactions are never truly anonymous. Buying bitcoin you pass identification, Bitcoin transactions are stored publicly and permanently on the network, which means anyone can see the balance and transactions of any Bitcoin address. Bitcoin activities are recorded and available publicly via the [[blockchain]], a comprehensive database which keeps a record of Bitcoin transactions.

=== Buying/selling bitcoins ===

All exchange companies require the user to scan ID documents, and large transactions must be reported to the proper governmental authority.

This means that a third party with an interest in tracking your activities can use your visible balance and ID information as a basis from which to track your future transactions or to study previous activity. In short, you have compromised your [[security]] and [[privacy]].

In addition to conventional exchanges there are also peer-to-peer exchanges. Peer to peer exchanges will often not collect KYC and identity information directly from users, instead they let the users handle KYC amongst themselves. These can often be a better alternative for those looking to purchase bitcoins quickly and without KYC delay.

=== Mixing services ===

[http://anonymity.co.in/mixing_services.html Mixing services] are used to avoid compromising of privacy and security. Mixing services provide to periodically exchange your bitcoins for different ones which cannot be associated with the original owner.

== Security ==
{{seealso|Weaknesses}}

In the history of Bitcoin, there have been a few [[incidents]], caused by problematic as well as malicious transactions. In the worst such incident, and the only one of its type, a person was able to pretend that he had a practically infinite supply of bitcoins, for almost 9 hours.

Bitcoin relies, among other things, on [https://en.wikipedia.org/wiki/Public-key_cryptography public key cryptography] and thus may be vulnerable to [https://en.wikipedia.org/wiki/Elliptic_curve_cryptography#Quantum_computing_attacks quantum computing attacks] if and when practical quantum computers can be constructed.

If multiple different software packages, whose usage becomes widespread on the Bitcoin network, disagree on the protocol and the rules for transactions, this could potentially cause a fork in the block chain with each faction of users being able to accept only their own version of the history of transactions. This could influence the price of bitcoins.

A global, organized campaign against the currency or the software could also influence the demand for bitcoins, and thus the exchange price.

==Bitcoin mining==
{{main|Mining}}

Bitcoin mining nodes are responsible for managing the Bitcoin network.

Bitcoins are awarded to Bitcoin nodes known as "miners" for the solution to a difficult [[proof-of-work]] problem which confirms transactions and prevents double-spending. This incentive, as the Nakamoto white paper describes it, encourages "nodes to support the network, and provides a way to initially distribute coins into circulation, since no central authority issues them."<ref name="whitepaper" />

Nakamoto compared the generation of new coins by expending CPU time and electricity to gold miners expending resources to add gold to circulation.<ref name="whitepaper"/>

[[File:Cryptocurrency Mining Farm.jpg|right|350px|thumb|Iceland is a good location for [[mining]] bitcoins because of the natural cold temperature.]]

===Node operation===

The node software for the Bitcoin network is based on peer-to-peer networking, digital signatures and cryptographic proof to make and verify transactions. Nodes broadcast transactions to the network, which records them in a public record of all transactions called the ''blockchain'' after validating them with a [[proof-of-work|proof-of-work system]].

Satoshi Nakamoto designed the first Bitcoin node and mining software<ref name="processors">{{Cite news
|last= Davis
|first= Joshua
|title= The Crypto-Currency
|url= https://www.wired.com/magazine/2011/11/mf_bitcoin/all
|accessdate = 11 November 2011
|newspaper= Wired Magazine
|date= 10 November 2011
}}</ref> and developed the majority of the first implementation, Bitcoind, from 2007 to mid-2010.<ref name="code_start">{{cite web
|url= https://bitcointalk.org/index.php?topic=13.msg46#msg46
|title= Questions about Bitcoin
|publisher= Bitcoin forum
|date= 10 December 2009
}}</ref>

Node implementations include core software such as Bitcoind/Bitcoin-Qt, [[libbitcoin]], [[cbitcoin]]<ref>{{Cite web|title=cbitcoin|url=https://github.com/MatthewLM/cbitcoin|accessdate=3 October 2012}}</ref> and [[BitCoinJ|bitcoinj]].<ref>{{cite web
|url= https://news.slashdot.org/story/11/03/23/0210207/Google-Engineer-Releases-Open-Source-Bitcoin-Client
|title= Google Engineer Releases Open Source Bitcoin Client
|author= angry tapir, timothy
|date= 23 March 2011
|publisher= Slashdot
|accessdate = 18 May 2011
}}</ref><ref>{{cite web
|url= http://www.javaworld.com/javaworld/jw-01-2012/120110-bitcoin-for-beginners-3.html?page=1
|title= Bitcoin for beginners: The BitcoinJ API
|author= Dirk Merkel
|date= 10 January 2012
|publisher= JavaWorld
|accessdate = 3 August 2012
}}</ref>

Every node in the Bitcoin network collects all the unacknowledged transactions it knows of in a file called a ''block'', which also contains a reference to the previous valid block known to that node. It then appends a [[nonce]] value to this previous block and computes the SHA-256 cryptographic hash of the block and the appended nonce value. The node repeats this process until it adds a nonce that allows for the generation of a hash with a value lower than a specified ''target''. Because computers cannot practically reverse the hash function, finding such a nonce is hard and requires on average a predictable amount of repetitious trial and error. This is where the ''[[proof-of-work]]'' concept comes in to play. When a node finds such a solution, it announces it to the rest of the network. Peers receiving the new solved block validate it by computing the hash and checking that it really starts with the given number of zero bits (i.e., that the hash is within the target). Then they accept it and add it to the chain.

===Mining rewards===
In addition to receiving the pending transactions confirmed in the block, a generating node adds a ''generate'' transaction, which awards new bitcoins to the operator of the node that generated the block. The system sets the payout of this generated transaction according to its defined inflation schedule. The miner that generates a block also receives the fees that users have paid as an incentive to give particular transactions priority for faster confirmation.<ref>[https://www.bitcoinmining.com Bitcoin Mining]</ref>

The network never creates more than a BTC 50 reward per block and this amount will decrease over time towards zero, such that no more than BTC 21 million will ever exist.<ref name="lwn" /> As this payout decreases, the incentive for users to run block-generating nodes is intended to change to earning [[#Transaction fees|transaction fees]].

===Mining pools===
{{main|Pooled mining}}

Bitcoin users often pool computational effort to increase the stability of the collected fees and subsidy they receive.<ref name="We Use Coins Mining">{{cite web|title=About Bitcoin Mining|url=https://www.weusecoins.com/en/mining-guide/|publisher=We Use Coins|accessdate=27 May 2015}}</ref>

===Mining difficulty===
{{main|Difficulty}}

In order to throttle the creation of blocks, the difficulty of generating new blocks is adjusted over time. If mining output increases or decreases, the difficulty increases or decreases accordingly.

The adjustment is done by changing the threshold that a hash is required to be less than. A lower threshold means fewer possible hashes can be accepted, and thus a higher degree of difficulty. The target rate of block generation is one block every 10 minutes, or 2016 blocks every two weeks. Bitcoin changes the difficulty of finding a valid block every 2016 blocks, using the difficulty that would have been most likely to cause the prior 2016 blocks to have taken two weeks to generate, according to the timestamps on the blocks. Technically, this is done by modelling the generation of bitcoins as Poisson process. All nodes perform and enforce the same difficulty calculation.

Difficulty is intended as an automatic stabilizer allowing mining for bitcoins to remain profitable in the long run for the most efficient miners, independently of the fluctuations in demand of the bitcoin in relation to other currencies.

===Mining hardware===
{{main|Mining Hardware Comparison}}

Bitcoins used to be mined through Intel/AMD CPUs. {{As of | 2012}}, mining has gradually moved to [[GPU]] and [[FPGA]] hardware.<ref name="bitcoinmag-butterfly" /> [[Application-specific integrated circuit|ASIC]]-based hardware for bitcoin mining has been announced by several manufacturers who intend to ship products from late 2012 to early 2013.<ref name="bitcoinmag-butterfly">{{Cite web|title=Bitpay Breaks Daily Volume Record with Butterfly ASIC mining release|url=http://bitcoinmagazine.net/bitpay-breaks-daily-volume-record-with-butterfly-asic-mining-release/|publisher=Bitcoin Magazine}}</ref>

==Concerns==

===As an investment===
{{main|Bitcoin as an investment}}

Bitcoin describes itself as an experimental digital currency. Reuben Grinberg has noted that Bitcoin's supporters have argued that bitcoins are neither securities nor investments because they fail to meet the criteria for either category.<ref name="grinberg">{{cite web | url=http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1817857 | title=Bitcoin: An Innovative Alternative Digital Currency | publisher=SSRN | date=9 December 2011 | accessdate=4 December 2012 | author=Grinberg, Reuben}}</ref> Although it is a virtual currency, some people see it as an investment<ref name="cnbc">{{cite web | url=http://www.cnbc.com/id/45030812/The_Pros_And_Cons_Of_Biting_on_Bitcoins | title=The Pros And Cons Of Biting on Bitcoins | publisher=CNBC | date=23 November 2011 | accessdate=4 December 2012 | author=Gustke, Constance}}</ref> or accuse it of being a form of investment fraud known as a Ponzi scheme.<ref>{{cite web |url=https://www.theregister.co.uk/2011/06/08/bitcoin_under_attack/ |title=US senators draw a bead on Bitcoin |last1=Chirgwin |first1=Richard |date=8 June 2011 |publisher=The Register |accessdate=14 November 2012}}</ref><ref>{{cite web |url=http://uk.reuters.com/article/2012/04/01/uk-traders-bitcoin-idUKBRE8300JL20120401 |title=Bitcoin, the City traders' anarchic new toy |last1=O'Leary |first1=Naomi |date=2 April 2012 |publisher=Reuters |accessdate=14 November 2012}}</ref> A report by the European Central Bank, using the U.S. Securities and Exchange Commission's definition of a Ponzi scheme, found that the use of bitcoins shares some characteristics with Ponzi schemes, but also has characteristics of its own which contradict several common aspects of Ponzi schemes.<ref name="ecbreport">{{cite web | url=http://www.ecb.europa.eu/pub/pdf/other/virtualcurrencyschemes201210en.pdf | title=Virtual Currency Schemes | publisher=European Central Bank | date=October 2012 | accessdate=4 December 2012}}</ref>

===Privacy===
Because transactions are broadcast to the entire network, they are inherently public. Unlike regular banking,<ref>{{cite web
|url= https://spectrum.ieee.org/computing/software/bitcoin-the-cryptoanarchists-answer-to-cash/0
|title= Bitcoin: The Cryptoanarchists' Answer to Cash
|publisher= IEEE.org
|date= June 2012
|accessdate = 5 June 2012
}}</ref> which preserves customer privacy by keeping transaction records private, loose transactional privacy is accomplished in Bitcoin by using many unique addresses for every wallet while at the same time publishing all transactions. As an example, if Alice sends BTC 123.45 to Bob, the network creates a public record that allows anyone to see that 123.45 has been sent from one address to another. However, unless Alice or Bob make their ownership of these addresses known, it is difficult for anyone else to connect the transaction with them. However, if someone connects an address to a user at any point they could follow back a series of transactions as each participant likely knows who paid them and may disclose that information on request or under duress.

It can be difficult to associate Bitcoin identities with real-life identities.<ref name="An Analysis of Anonymity in the Bitcoin System">Fergal Reid and Martin Harrigan (24 July 2011). [https://anonymity-in-bitcoin.blogspot.com/2011/07/bitcoin-is-not-anonymous.html An Analysis of Anonymity in the Bitcoin System]. An Analysis of Anonymity in the Bitcoin System.</ref> This property makes Bitcoin transactions attractive to sellers of illegal products.<ref name="Forbes">Andy Greenberg (20 April 2011). [http://www.forbes.com/forbes/2011/0509/technology-psilocybin-bitcoins-gavin-andresen-crypto-currency.html Crypto Currency]. Forbes Magazine.</ref><ref>{{cite web
|last= Madrigal
|first= Alexis
|title= Libertarian Dream? A Site Where You Buy Drugs With Digital Dollars
|publisher= The Atlantic Monthly
|date= 1 June 2011
|url= https://www.theatlantic.com/technology/archive/2011/06/libertarian-dream-a-site-where-you-buy-drugs-with-digital-dollars/239776/
|accessdate = 5 June 2011
}}</ref>

===Illicit use===

====Cracking====
The cracking organization "LulzSec" accepted donations in bitcoins, having said that the group "needs Bitcoin donations to continue their hacking efforts".<ref name="CNET">{{cite web
|last= Reisinger
|first= Don
|url= https://news.cnet.com/8301-13506_3-20070268-17/senators-target-bitcoin-currency-citing-drug-sales/
|title= Senators target Bitcoin currency, citing drug sales | The Digital Home – CNET News
|publisher= News.cnet.com
|date= 9 June 2011
|accessdate = 22 June 2011
}}</ref><ref>{{cite news
|last= Olson
|first= Parmy
|url= http://blogs.forbes.com/parmyolson/2011/06/06/lulzsec-hackers-posts-sony-dev-source-code-get-7k-donation/
|title= LulzSec Hackers Post Sony Dev. Source Code, Get $7K Donation – Parmy Olson – Disruptors – Forbes
|publisher= Blogs.forbes.com
|date= 6 June 2011
|accessdate = 22 June 2011
}}</ref>

====Silk Road====
[[Silk Road]] is an anonymous black market that uses only the bitcoin.<ref name="npr-06-12-11">
{{Cite news
|url= https://www.npr.org/2011/06/12/137138008/silk-road-not-your-fathers-amazon-com
|date= 12 June 2011
|newspaper= NPR
|title= Silk Road: Not Your Father's Amazon.com
|author= Staff
}}</ref>

In a 2011 letter to Attorney General Eric Holder and the Drug Enforcement Administration, senators Charles Schumer of New York and Joe Manchin of West Virginia called for an investigation into Silk Road and the bitcoin.<ref name="npr-06-12-11"/>
Schumer described the use of bitcoins at Silk Road as a form of money laundering.<ref name="ars-06-08-11"/>

====Botnet mining====
In June 2011, Symantec warned about the possibility of botnets engaging in covert "mining" of bitcoins,<ref>{{Cite web|author=Updated: 17 June 2011 | Translations available: 日本語 |url=http://www.symantec.com/connect/blogs/bitcoin-botnet-mining |title=Bitcoin Botnet Mining | Symantec Connect Community |publisher=Symantec.com |date=17 June 2011 |accessdate = 24 January 2012}}</ref><ref>{{Cite web|url=http://www.zdnet.com/blog/security/researchers-find-malware-rigged-with-bitcoin-miner/8934 |title=Researchers find malware rigged with Bitcoin miner |publisher=ZDNet |date=29 June 2011 |accessdate = 24 January 2012}}</ref> consuming computing cycles, using extra electricity and possibly increasing the temperature of the computer (not associated with [http://snowafter.com Snow Day Calculator]). Later that month, the Australian Broadcasting Corporation caught an employee using the company's servers to generate bitcoins without permission.<ref>{{Cite web|url=http://thenextweb.com/au/2011/06/23/abc-employee-caught-mining-for-bitcoins-on-company-servers/ |title=ABC employee caught mining for Bitcoins on company servers |publisher=The Next Web |date=23 June 2011 |accessdate = 24 January 2012}}</ref> Some malware also uses the parallel processing capabilities of the GPUs built into many modern-day video cards.<ref>{{Cite news |url=https://www.theregister.co.uk/2011/08/16/gpu_bitcoin_brute_forcing/ |title=Malware mints virtual currency using victim's GPU |date=16 August 2011|first=Dan |last=Goodin }}</ref> In mid August 2011, bitcoin miner botnets were found;<ref>{{Cite web|url=http://www.infosecurity-magazine.com/view/20211/researcher-discovers-distributed-bitcoin-cracking-trojan-malware/ |title=Infosecurity – Researcher discovers distributed bitcoin cracking trojan malware |publisher=Infosecurity-magazine.com |date=19 August 2011 |accessdate = 24 January 2012}}</ref> trojans infecting Mac OS X have also been uncovered.<ref>{{Cite web|url=http://www.techworld.com.au/article/405849/mac_os_x_trojan_steals_processing_power_produce_bitcoins |title=Mac OS X Trojan steals processing power to produce Bitcoins – sophos, security, malware, Intego – Vulnerabilities – Security |publisher=Techworld |date=1 November 2011 |accessdate = 24 January 2012}}</ref>

===Theft and fraud===
On 19 June 2011, a security breach of the Mt.Gox (an acronym for ''M''agic: ''T''he ''G''athering ''O''nline E''x''change, its original purpose) bitcoin exchange caused the price of a bitcoin to briefly drop to US$0.01 on the Mt.Gox exchange (though it remained unaffected on other exchanges) after a hacker allegedly used credentials from a Mt.Gox auditor's compromised computer to illegally transfer a large number of bitcoins to him- or herself and sell them all, creating a massive "ask" order at any price. Within minutes the price rebounded to over $15 before Mt.Gox shut down their exchange and cancelled all trades that happened during the hacking period.<ref>[https://mtgox.com/press_release_20110630.html Clarification of Mt Gox Compromised Accounts and Major Bitcoin Sell-Off]</ref><ref>[https://www.youtube.com/watch?v=T1X6qQt9ONg YouTube. Bitcoin Report]</ref> The exchange rate of bitcoins quickly returned to near pre-crash values.<ref name="mick">Jason Mick, 19 June 2011, [http://www.dailytech.com/Inside+the+MegaHack+of+Bitcoin+the+Full+Story/article21942.htm Inside the Mega-Hack of Bitcoin: the Full Story], DailyTech</ref><ref>Timothy B. Lee, 19 June 2011, [https://arstechnica.com/tech-policy/news/2011/06/bitcoin-price-plummets-on-compromised-exchange.ars Bitcoin prices plummet on hacked exchange], Ars Technica</ref><ref>Mark Karpeles, 20 June 2011, [https://support.mtgox.com/entries/20208066-huge-bitcoin-sell-off-due-to-a-compromised-account-rollback Huge Bitcoin sell off due to a compromised account – rollback], Mt.Gox Support</ref><ref name="register1">{{Cite news
|title= Bitcoin collapses on malicious trade – Mt Gox scrambling to raise the Titanic
|url= https://www.theregister.co.uk/2011/06/19/bitcoin_values_collapse_again/
|date= 19 June 2011
|author= Chirgwin, Richard
|publisher= The Register
}}</ref> Accounts with the equivalent of more than USD 8,750,000 were affected.<ref name="mick" />

In July 2011, The operator of Bitomat, the third largest bitcoin exchange, announced that he lost access to his wallet.dat file with about 17,000 bitcoins (roughly equivalent to USD 220,000 at that time). He announced that he would sell the service for the missing amount, aiming to use funds from the sale to refund his customers.<ref>[http://siliconangle.com/blog/2011/08/01/third-largest-bitcoin-exchange-bitomat-lost-their-wallet-over-17000-bitcoins-missing/ Third Largest Bitcoin Exchange Bitomat Lost Their Wallet, Over 17,000 Bitcoins Missing]. SiliconAngle</ref>

In August 2011, MyBitcoin, one of the popular Bitcoin transaction processors, declared that it was hacked, which resulted in it being shut down with paying 49% on customer deposits leaving more than 78,000 BitCoins (roughly equivalent to USD 800,000 at that time) unaccounted for.<ref>[http://betabeat.com/2011/08/mybitcoin-spokesman-finally-comes-forward-what-did-you-think-we-did-after-the-hack-we-got-shitfaced/ MyBitcoin Spokesman Finally Comes Forward: “What Did You Think We Did After the Hack? We Got Shitfaced”]. BetaBeat</ref><ref>[http://betabeat.com/2011/08/search-for-owners-of-mybitcoin-loses-steam/ Search for Owners of MyBitcoin Loses Steam]. BetaBeat</ref>

In early August 2012, a lawsuit was filed in San Francisco court against Bitcoinica, claiming about USD 460,000 from the company. Bitcoinica was hacked twice in 2012, which led to allegations of neglecting the safety of customers' money and cheating them out of withdrawal requests.<ref>[https://arstechnica.com/tech-policy/2012/08/bitcoinica-users-sue-for-460k-in-lost-bitcoins/ Bitcoinica users sue for $460k in lost Bitcoins]. Arstechnica</ref><ref>[https://spectrum.ieee.org/tech-talk/computing/networks/first-bitcoin-lawsuit-filed-in-san-francisco First Bitcoin Lawsuit Filed In San Francisco]. IEEE Spectrum</ref>

In late August 2012, Bitcoin Savings and Trust was shut down by the owner, allegedly leaving around $5.6 million in debts; this led to allegations of the operation being a Ponzi scheme.<ref>{{Cite web|title=Bitcoin ponzi scheme – investors lose $5 million USD in online hedge fund|url=https://rt.com/usa/news/investors-currency-digital-fund-868/|publisher=RT}}</ref><ref>{{Cite web|last=Jeffries|first=Adrianne|title=Suspected multi-million dollar Bitcoin pyramid scheme shuts down, investors revolt|url=http://www.theverge.com/2012/8/27/3271637/bitcoin-savings-trust-pyramid-scheme-shuts-down|publisher=The Verge}}</ref><ref>{{Cite web|last=Mick|first=Jason|title="Pirateat40" Makes Off $5.6M USD in Bitcoin From Pyramid Scheme|url=http://www.dailytech.com/Pirateat40+Makes+Off+56M+USD+in+BitCoins+From+Pyramid+Scheme/article25538.htm|publisher=DailyTech}}</ref><ref>[https://pandodaily.com/2012/08/31/bitcoin-how-a-virtual-currency-became-real-with-a-5-6m-fraud/ Bitcoin: How a Virtual Currency Became Real with a $5.6M Fraud]. PandoDaily</ref> In September 2012, it was reported that U.S. Securities and Exchange Commission has started an investigation on the case.<ref>[http://blogs.telegraph.co.uk/technology/willardfoxton2/100007836/bitcoin-pirate-scandal-sec-steps-in-amid-allegations-that-the-whole-thing-was-a-ponzi-scheme/ Bitcoin 'Pirate' scandal: SEC steps in amid allegations that the whole thing was a Ponzi scheme ]. The Telegraph</ref>

In September 2012, Bitfloor bitcoin exchange also reported being hacked, with 24,000 bitcoins (roughly equivalent to USD 250,000) stolen. As a result, Bitfloor suspended operations.<ref>[http://www.bbc.co.uk/news/technology-19486695 Bitcoin theft causes Bitfloor exchange to go offline]. BBC</ref><ref>[http://www.theverge.com/2012/9/5/3293375/bitfloor-bitcoin-exchange-suspended-theft Bitcoin exchange BitFloor suspends operations after $250,000 theft bitcoin exchange BitFloor suspends operations after $250,000 theft]. The Verge</ref> The same month, Bitfloor resumed operations, with its founder saying that he reported the theft to FBI, and that he is planning to repay the victims, though the time frame for such repayment is unclear.<ref>[http://www.pcworld.com/article/2010586/bitcoin-exchange-back-online-after-hack.html?tk=rel_news Bitcoin exchange back online after hack]. PCWorld</ref>

===Taxation===
In September 2012, the Intra-European Organization of Tax Administrations (IOTA), in Tbilisi, Georgia, held a workshop titled "Auditing Individuals and Legal Entities in the Use of e-Money". The workshop was attended by representatives from 23 countries.<ref name="Bitcoin Tax issues Oct 2012">{{cite journal | title=2012 TNT 209-4 NEWS ANALYSIS: VIRTUAL CURRENCY: A NEW WORRY FOR TAX ADMINISTRATORS? (Release Date: OCTOBER 17, 2012) (Doc 2012-21516) | author=Stewart, David D. and Soong Johnston, Stephanie D. | journal=Tax Notes Today | date=29 October 2012 | volume=2012 TNT 209-4 | issue=2012 TNT 209-4}}</ref> Jerry Taylor, IOTA's technical taxation expert, said, "There's an awful lot happening on the Internet environment which is fascinating at the moment and introducing new challenges for auditors when it comes to virtual currency."<ref name="Bitcoin Tax issues Oct 2012">{{cite journal | title=2012 TNT 209-4 NEWS ANALYSIS: VIRTUAL CURRENCY: A NEW WORRY FOR TAX ADMINISTRATORS? (Release Date: OCTOBER 17, 2012) (Doc 2012-21516) | author=Stewart, David D. and Soong Johnston, Stephanie D. | journal=Tax Notes Today | date=29 October 2012 | volume=2012 TNT 209-4 | issue=2012 TNT 209-4}}</ref> Bitcoin was mentioned during the workshop.<ref name="Bitcoin Tax issues Oct 2012">{{cite journal | title=2012 TNT 209-4 NEWS ANALYSIS: VIRTUAL CURRENCY: A NEW WORRY FOR TAX ADMINISTRATORS? (Release Date: OCTOBER 17, 2012) (Doc 2012-21516) | author=Stewart, David D. and Soong Johnston, Stephanie D. | journal=Tax Notes Today | date=29 October 2012 | volume=2012 TNT 209-4 | issue=2012 TNT 209-4}}</ref>

Matthew Elias, founder of the [[Cryptocurrency Legal Advocacy Group]] (CLAG) published "Staying Between the Lines: A Survey of U.S. Income Taxation and its Ramifications on Cryptocurrencies", which discusses "the taxability of cryptocurrencies such as Bitcoin".<ref name="Bitcoin Tax issues Oct 2012">{{cite journal | title=2012 TNT 209-4 NEWS ANALYSIS: VIRTUAL CURRENCY: A NEW WORRY FOR TAX ADMINISTRATORS? (Release Date: OCTOBER 17, 2012) (Doc 2012-21516) | author=Stewart, David D. and Soong Johnston, Stephanie D. | journal=Tax Notes Today | date=29 October 2012 | volume=2012 TNT 209-4 | issue=2012 TNT 209-4}}</ref> CLAG "stressed the importance for taxpayers to determine on their own whether taxes are due on a Bitcoin-related transaction based on whether one has "experienced a realization event."<ref name="Bitcoin Tax issues Oct 2012">{{cite journal | title=2012 TNT 209-4 NEWS ANALYSIS: VIRTUAL CURRENCY: A NEW WORRY FOR TAX ADMINISTRATORS? (Release Date: OCTOBER 17, 2012) (Doc 2012-21516) | author=Stewart, David D. and Soong Johnston, Stephanie D. | journal=Tax Notes Today | date=29 October 2012 | volume=2012 TNT 209-4 | issue=2012 TNT 209-4}}</ref> Such examples are "when a taxpayer has provided a service in exchange for Bitcoins, a realization event has probably occurred, and any gain or loss would likely be calculated using fair market values for the service provided."<ref name="Bitcoin Tax issues Oct 2012">{{cite journal | title=2012 TNT 209-4 NEWS ANALYSIS: VIRTUAL CURRENCY: A NEW WORRY FOR TAX ADMINISTRATORS? (Release Date: OCTOBER 17, 2012) (Doc 2012-21516) | author=Stewart, David D. and Soong Johnston, Stephanie D. | journal=Tax Notes Today | date=29 October 2012 | volume=2012 TNT 209-4 | issue=2012 TNT 209-4}}</ref>

[[Peter Vessenes]], [[Bitcoin Foundation|Bitcoin Foundation's]] executive director, said, since the foundation is trying to pay for everything in bitcoins, including salaries, "How do we W-2 someone for their Bitcoins? Do we mark-to-market every time a transfer happens? Payroll companies cringe."<ref name="BitCoin Tax issues Oct 2012">{{cite journal | title=2012 TNT 209-4 NEWS ANALYSIS: VIRTUAL CURRENCY: A NEW WORRY FOR TAX ADMINISTRATORS? (Release Date: OCTOBER 17, 2012) (Doc 2012-21516) | author=Stewart, David D. and Soong Johnston, Stephanie D. | journal=Tax Notes Today | date=29 October 2012 | volume=2012 TNT 209-4 | issue=2012 TNT 209-4}}</ref> The Bitcoin Foundation hopes "to push for solid guidance about its legal and tax treatment." [[Patrick Murck]], legal counsel for the Bitcoin Foundation, said he would like "to help regulators understand the technology better so they can make better decisions."<ref name="BitCoin Tax issues Oct 2012">{{cite journal | title=2012 TNT 209-4 NEWS ANALYSIS: VIRTUAL CURRENCY: A NEW WORRY FOR TAX ADMINISTRATORS? (Release Date: OCTOBER 17, 2012) (Doc 2012-21516) | author=Stewart, David D. and Soong Johnston, Stephanie D. | journal=Tax Notes Today | date=29 October 2012 | volume=2012 TNT 209-4 | issue=2012 TNT 209-4}}</ref> Murck said, "Bitcoin has the potential to become much more than a niche currency, but it needs the guidance and understanding of regulators." and "The full potential of Bitcoin could be realized through clearer guidelines and a better understanding by financial and tax regulators." and "Part of making that happen is to talk to regulators, the IRS, and tax professionals and helping them understand that Bitcoin is not this nefarious thing, it's just software, it's a community, and there's nothing inherently nefarious about either of those things."<ref name="BitCoin Tax issues Oct 2012">{{cite journal | title=2012 TNT 209-4 NEWS ANALYSIS: VIRTUAL CURRENCY: A NEW WORRY FOR TAX ADMINISTRATORS? (Release Date: OCTOBER 17, 2012) (Doc 2012-21516) | author=Stewart, David D. and Soong Johnston, Stephanie D. | journal=Tax Notes Today | date=29 October 2012 | volume=2012 TNT 209-4 | issue=2012 TNT 209-4}}</ref>

==See Also==
* [[Introduction]]
* [[Getting started]]
* [[Using_Bitcoin|Detailed tutorial]]
* [[FAQ]]
* [https://www.weusecoins.com What Is Bitcoin?]
* [https://www.bitcoinmining.com What Is Bitcoin Mining?]
* [https://maticz.com/cryptocurrency-exchange-software-development Crypto Exchange]

==References==
<references />

[[Category:Digital currencies]]
{{wp}}{{p-move}}{{good}}
[[es:Bitcoin]][[de:Bitcoin]]

User:Tris T7

2022-03-19T10:02:04Z

Tris T7: Create User page info