Raw Transactions - BitcoinWiki

Generation of Coinbase Transaction

Hello Again,
I'm researching solo mining, but I need help in finding information on how the Coinbase Transaction is Generated:
It should be explained within the 'getblocktemplate' page on the Bitcoin Wiki (https://en.bitcoin.it), but this only explains how to build a coinbase transaction with the help of "coinbasetxn"; and it's my understanding that "coinbasetxn" is only supported within Mining Pools, not the Bitcoin Wallet - remember, I'm researching solo mining.
What's also making things complicated is "Segregated Witness" (Segwit): With Segwit, all transactions now have a 'txid' and a 'hash'; sometimes, the 'txid' and 'hash' will match, but most of the time (including in some Coinbase Transactions) they don't. And I can't find anything online on how to generate a Coinbase Transaction while accounting for Segwit.
Can anyone find an example algorithm that can build a Coinbase Transaction in a solo mining environment while also accounting for Segwit?
You can share it in any code you like, but I'd prefer Python.
submitted by sparky77734 to Bitcoin [link] [comments]

Calculate txn_id from raw txn_hex

I'm trying to calculate a txn_id from raw txn_hex. The procedure works fine for legacy TXNs but gets non-expected results on Segwit TXNs. I compared this snippet of code to what txn_id was produced by Electrum and the blockchain.com TXN decoder:
  1. Take in TXN in hex
  2. Convert the hex to binarray
  3. Double hash binarray
  4. Reverse the resultant digest because of endianness
  5. Display in hex.
t0 is my legacy testnet TXN and t1 is my segwit testnet TXN.
Thoughts?

UPDATE

Found the relevant source in Electrum transaction.py:1036
Basically you strip the flags and tx_witnesses listed in the wiki spec
```python

!/usbin/env python3

[repo] https://github.com/brianddk/reddit ... python/txn_hash.py

[ref] https://www.reddit.com/g4hvyf

from hashlib import sha256
def txid(tx): bin = bytes.fromhex(tx) txid = sha256(sha256(bin).digest()).digest()[::-1].hex() return txid

Raw Legacy

t0 = ('0200000001cd3b93f5b24ae190ce5141235091cd93fbb2908e24e5b9ff6776ae' 'c11b0e04e5000000006b4830450221009f156db3585c19fe8e294578edbf5b5e' '4159a7afc3a7a00ebaab080dc25ecb9702202581f8ae41d7ade2f06c9bb9869e' '42e9091bafe39290820438b97931dab61e140121030e669acac1f280d1ddf441' 'cd2ba5e97417bf2689e4bbec86df4f831bf9f7ffd0fdffffff010005d9010000' '00001976a91485eb47fe98f349065d6f044e27a4ac541af79ee288ac00000000')

Raw Segwit

t1 = ('0200000000010100ff121dd31ead0f06e3014d9192be8485afd6459e36b09179' 'd8c372c1c494e20000000000fdffffff013ba3bf070000000017a914051877a0' 'cc43165e48975c1e62bdef3b6c942a38870247304402205644234fa352d1ddbe' 'c754c863638d2c26abb9381966358ace8ad7c52dda4250022074d8501460f4e4' 'f5ca9788e60afafa1e1bcbf93e51529defa48317ad83e069dd012103adc58245' 'cf28406af0ef5cc24b8afba7f1be6c72f279b642d85c48798685f86200000000')

UPDATE Raw Segwit with flags and tx_witnesses stripped

t2 = ('02000000' '0100ff121dd31ead0f06e3014d9192be8485afd6459e36b09179' 'd8c372c1c494e20000000000fdffffff013ba3bf070000000017a914051877a0' 'cc43165e48975c1e62bdef3b6c942a3887' '00000000')
print(f"t0: {txid(t0)}\nt1: {txid(t1)}\nt2: {txid(t2)}")

TXN_IDs from the above python

t0: cb33472bcaed59c66fae30d7802b6ea2ca97dc33c6aad76ce2e553b1b4a4e017

t1: b11fdde7e3e635c7f15863a9399cca42d46b5a42d87f4e779dfd4806af2401ce

t2: d360581ee248be29da9636b3d2e9470d8852de1afcf3c3644770c1005d415b30

TXN_IDs from Electrum

t0: cb33472bcaed59c66fae30d7802b6ea2ca97dc33c6aad76ce2e553b1b4a4e017

t1: d360581ee248be29da9636b3d2e9470d8852de1afcf3c3644770c1005d415b30

```
submitted by brianddk to Bitcoin [link] [comments]

You can call you a Bitcoiner if you know/can explain these terms...

03/Jan/2009
10 Minutes
10,000 BTC Pizza
2016 Blocks
21 Million
210,000 Blocks
51% Attack
Address
Altcoin
Antonopoulos
Asic
Asic Boost
Base58
Batching
Bech32
Bit
Bitcoin Cash
Bitcoin Improvement Proposal (BIP)
Bitcoin SV
Bitmain
Block
Block height
Block reward
Blockchain
Blockexplorer
Bloom Filter
Brain Wallet
Buidl
Change Address
Child pays for parent (CPFP)
Coinbase (not the exchange)
CoinJoin
Coinmarketcap (CMC)
Colored Coin
Confirmation
Consensus
Custodial Wallet
Craig Wright
David Kleinman
Difficulty
Difficulty adjustment
Difficulty Target
Dogecoin
Dorian Nakamoto
Double spend
Elliptic Curve Digital Signature Algorithm (ECDSA)
Ethereum
Faketoshi
Fork
Full Node
Gavin Andresen
Genesis Block
Getting goxed
Halving
Hard Fork
Hardware Wallet
Hash
Hashing
Hierarchical Deterministic (HD) Wallet
Hodl
Hot Wallet
Initial Coin Offering (ICO)
Initial Exchange Offering (IEO)
Ledger
Light Node
Lightning
Litecoin
Locktime
Mainnet
Malleability
Master Private Key
Master Public Key
Master Seed
mBTC
Mempool
Merkle Tree
Mining
Mining Farm
Mining Pool
Mixing
MtGox
Multisig
Nonce
Not your keys,...
Opcode
Orphan block
P2PKH
P2SH
Paper Wallet
Peers
Pieter Wuille
Premining
Private key
Proof of Stake (PoS)
Proof of Work (PoW)
Pruning
Public key
Pump'n'Dump
Replace by Fee (RBF)
Ripemd160
Roger Ver
sat
Satoshi Nakamoto
Schnorr Signatures
Script
Segregated Witness (Segwit)
Sha256
Shitcoin
Sidechain
Signature
Signing
Simplified Payment Verification (SPV)
Smart Contract
Soft Fork
Stratum
Syncing
Testnet
Transaction
Transaction Fees
TransactionId (Txid)
Trezor
User Activated Soft Fork (UASF)
Utxo
Wallet Import Format (WIF)
Watch-Only Address
Whitepaper
List obviously not complete. Suggestions appreciated.
Refs:
https://bitcoin.org/en/developer-glossary https://en.bitcoin.it/wiki/Main_Page https://www.youtube.com/channel/UCgo7FCCPuylVk4luP3JAgVw https://www.youtube.com/useaantonop
submitted by PolaT1x to Bitcoin [link] [comments]

Strange behavior of small OP_RETURN outputs

I'm hoping someone familiar with the structure of an OP_RETURN output can help point me to a technical resource or help explain some strange behavior I've noticed in OP_RETURN outputs that are 4 bytes or smaller. It seems that data 4 bytes or less doesn't get pushed onto the stack in the same manner as outputs with 5-80 bytes.
For example, bitcoin txid 71a5e4e683b06b1b2accdab265abfad8335d75f3d5436e7435d0e48a33f283bb has an OP_RETURN output that looks like this:
 [vout] => Array ( [0] => Array ( [value] => 0 [n] => 0 [scriptPubKey] => Array ( [asm] => OP_RETURN 24897 [hex] => 6a024161 [type] => nulldata ) ) 
The OP_RETURN hex value of 6a024161 should have scripted with the OP_RETURN (6a) pushing 2 bytes of data (02) to the stack, with the data being 4161. Yet the data that was actually pushed is 24897. This doesn't appear consistent with the script specification (https://en.bitcoin.it/wiki/Script). I've been able to consistently reproduce these results by building transactions with bitcoin core, and once the data is 5 bytes or larger it behaves consistent with the specification. Does anyone know what's going on here or have any information they can share on this?
Thanks!
submitted by sepharose to Bitcoin [link] [comments]

A technical dive into CTOR

Over the last several days I've been looking into detail at numerous aspects of the now infamous CTOR change to that is scheduled for the November hard fork. I'd like to offer a concrete overview of what exactly CTOR is, what the code looks like, how well it works, what the algorithms are, and outlook. If anyone finds the change to be mysterious or unclear, then hopefully this will help them out.
This document is placed into public domain.

What is TTOR? CTOR? AOR?

Currently in Bitcoin Cash, there are many possible ways to order the transactions in a block. There is only a partial ordering requirement in that transactions must be ordered causally -- if a transaction spends an output from another transaction in the same block, then the spending transaction must come after. This is known as the Topological Transaction Ordering Rule (TTOR) since it can be mathematically described as a topological ordering of the graph of transactions held inside the block.
The November 2018 hard fork will change to a Canonical Transaction Ordering Rule (CTOR). This CTOR will enforce that for a given set of transactions in a block, there is only one valid order (hence "canonical"). Any future blocks that deviate from this ordering rule will be deemed invalid. The specific canonical ordering that has been chosen for November is a dictionary ordering (lexicographic) based on the transaction ID. You can see an example of it in this testnet block (explorer here, provided this testnet is still alive). Note that the txids are all in dictionary order, except for the coinbase transaction which always comes first. The precise canonical ordering rule can be described as "coinbase first, then ascending lexicographic order based on txid".
(If you want to have your bitcoin node join this testnet, see the instructions here. Hopefully we can get a public faucet and ElectrumX server running soon, so light wallet users can play with the testnet too.)
Another ordering rule that has been suggested is removing restrictions on ordering (except that the coinbase must come first) -- this is known as the Any Ordering Rule (AOR). There are no serious proposals to switch to AOR but it will be important in the discussions below.

Two changes: removing the old order (TTOR->AOR), and installing a new order (AOR->CTOR)

The proposed November upgrade combines two changes in one step:
  1. Removing the old causal rule: now, a spending transaction can come before the output that it spends from the same block.
  2. Adding a new rule that fixes the ordering of all transactions in the block.
In this document I am going to distinguish these two steps (TTOR->AOR, AOR->CTOR) as I believe it helps to clarify the way different components are affected by the change.

Code changes in Bitcoin ABC

In Bitcoin ABC, several thousand lines of code have been changed from version 0.17.1 to version 0.18.1 (the current version at time of writing). The differences can be viewed here, on github. The vast majority of these changes appear to be various refactorings, code style changes, and so on. The relevant bits of code that deal with the November hard fork activation can be found by searching for "MagneticAnomaly"; the variable magneticanomalyactivationtime sets the time at which the new rules will activate.
The main changes relating to transaction ordering are found in the file src/validation.cpp:
There are other changes as well:

Algorithms

Serial block processing (one thread)

One of the most important steps in validating blocks is updating the unspent transaction outputs (UTXO) set. It is during this process that double spends are detected and invalidated.
The standard way to process a block in bitcoin is to loop through transactions one-by-one, removing spent outputs and then adding new outputs. This straightforward approach requires exact topological order and fails otherwise (therefore it automatically verifies TTOR). In pseudocode:
for tx in transactions: remove_utxos(tx.inputs) add_utxos(tx.outputs) 
Note that modern implementations do not apply these changes immediately, rather, the adds/removes are saved into a commit. After validation is completed, the commit is applied to the UTXO database in batch.
By breaking this into two loops, it becomes possible to update the UTXO set in a way that doesn't care about ordering. This is known as the outputs-then-inputs (OTI) algorithm.
for tx in transactions: add_utxos(tx.outputs) for tx in transactions: remove_utxos(tx.inputs) 
Benchmarks by Jonathan Toomim with Bitcoin ABC, and by myself with ElectrumX, show that the performance penalty of OTI's two loops (as opposed to the one loop version) is negligible.

Concurrent block processing

The UTXO updates actually form a significant fraction of the time needed for block processing. It would be helpful if they could be parallelized.
There are some concurrent algorithms for block validation that require quasi-topological order to function correctly. For example, multiple workers could process the standard loop shown above, starting at the beginning. A worker temporarily pauses if the utxo does not exist yet, since it's possible that another worker will soon create that utxo.
There are issues with such order-sensitive concurrent block processing algorithms:
In contrast, the OTI algorithm's loops are fully parallelizable: the worker threads can operate in an independent manner and touch transactions in any order. Until recently, OTI was thought to be unable to verify TTOR, so one reason to remove TTOR was that it would allow changing to parallel OTI. It turns out however that this is not true: Jonathan Toomim has shown that TTOR enforcement is easily added by recording new UTXOs' indices within-block, and then comparing indices during the remove phase.
In any case, it appears to me that any concurrent validation algorithm would need such additional code to verify that TTOR is being exactly respected; thus for concurrent validation TTOR is a hindrance at best.

Advanced parallel techniques

With Bitcoin Cash blocks scaling to large sizes, it may one day be necessary to scale onto advanced server architectures involving sharding. A lot of discussion has been made over this possibility, but really it is too early to start optimizing for sharding. I would note that at this scale, TTOR is not going to be helpful, and CTOR may or may not lead to performance optimizations.

Block propagation (graphene)

A major bottleneck that exists in Bitcoin Cash today is block propagation. During the stress test, it was noticed that the largest blocks (~20 MB) could take minutes to propagate across the network. This is a serious concern since propagation delays mean increased orphan rates, which in turn complicate the economics and incentives of mining.
'Graphene' is a set reconciliation technique using bloom filters and invertible bloom lookup tables. It drastically reduces the amount of bandwidth required to communicate a block. Unfortunately, the core graphene mechanism does not provide ordering information, and so if many orderings are possible then ordering information needs to be appended. For large blocks, this ordering information makes up the majority of the graphene message.
To reduce the size of ordering information while keeping TTOR, miners could optionally decide to order their transactions in a canonical ordering (Gavin's order, for example) and the graphene protocol could be hard coded so that this kind of special order is transmitted in one byte. This would add a significant technical burden on mining software (to create blocks in such a specific unusual order) as well as graphene (which must detect this order, and be able to reconstruct it). It is not clear to me whether it would be possible to efficiently parallelize sorting algortithms that reconstruct these orderings.
The adoption of CTOR gives an easy solution to all this: there is only one ordering, so no extra ordering information needs to be appended. The ordering is recovered with a comparison sort, which parallelizes better than a topological sort. This should simplify the graphene codebase and it removes the need to start considering supporting various optional ordering encodings.

Reversibility and technical debt

Can the change to CTOR be undone at a later time? Yes and no.
For block validators / block explorers that look over historical blocks, the removal of TTOR will permanently rule out usage of the standard serial processing algorithm. This is not really a problem (aside from the one-time annoyance), since OTI appears to be just as efficient in serial, and it parallelizes well.
For anything that deals with new blocks (like graphene, network protocol, block builders for mining, new block validation), it is not a problem to change the ordering at a later date (to AOR / TTOR or back to CTOR again, or something else). These changes would add no long term technical debt, since they only involve new blocks. For past-block validation it can be retroactively declared that old blocks (older than a few months) have no ordering requirement.

Summary and outlook

Taking a broader view, graphene is not the magic bullet for network propagation. Even with the CTOR-improved graphene, we might not see vastly better performance right away. There is also work needed in the network layer to simply move the messages faster between nodes. In the last stress test, we also saw limitations on mempool performance (tx acceptance and relaying). I hope both of these fronts see optimizations before the next stress test, so that a fresh set of bottlenecks can be revealed.
submitted by markblundeberg to btc [link] [comments]

TIL in 2011 a user running a modified mining client intentionally underpaid himself 1 satoshi, which is the only time bitcoin have ever truly been destroyed.

In block 124724 you'll find txid 5d80a29b which has a payout of 49.99999999 BTC at a time when the block reward was 50 BTC. A transaction fee of 0.01 BTC was also forfeited. This bitcoin no longer exists anywhere in the network, as opposed to "burned" coins which technically still exist in a wallet which no one can ever access (ex: 1BitcoinEaterAddressDontSendf59kuE).
On bitcointalk user midnightmagic explains a deeper meaning behind this:
I did it as a tribute to our missing Satoshi: we are missing Satoshi, and now the blockchain is missing 1 Satoshi too, for all time.
EDIT: Users have pointed out in the comments that this isn't actually the only time coins have been destroyed, there are actually several different ways coins have been destroyed in the past. sumBTC also points out that the satoshi wasn't destroyed-- it was never created in the first place.
Another interesting way to destroy coins is by creating a duplicate transaction. This is again done with a modified client. For example see block 91722 and block 91880. They both contain txid e3bf3d07. The newer transaction essentially overwrites the old transaction, destroying the previous one and the associated coins. This issue was briefly discussed on Github #612 and determined to not be a big deal. In 2012 they realized that duplicated transactions could be used as part of an attack on the network so this was fixed and is no longer possible.
Provably burning coins was actually added as a feature in 2014 via OP_RETURN. Transactions marked with this opcode MAY be pruned from a client's unspent transaction database. Whether or not these coins still exist is a matter of opinion.
Finally, at least 1,000 blocks forfeited transactions fees due to a software bug. Forfeited transaction fees are lost forever and are unaccounted for in any wallet.
Further reading: https://bitcoin.stackexchange.com/questions/30862/how-much-bitcoin-is-lost-on-average/30864#30864 https://bitcoin.stackexchange.com/questions/38994/will-there-be-21-million-bitcoins-eventually/38998#38998
submitted by NewLlama to Bitcoin [link] [comments]

How SegWit Decapitated Bitcoin, and how Bitcoin Cash resurrected Bitcoin before it was too late.

Segregated Witness (SegWit) effectively breaks the existing transaction structure of Bitcoin in order to create 2 transaction IDs instead of 1, and in order to run "future signature scripts" - scripts that aren't defined in the original Bitcoin protocol or whitepaper.
Despite the issue with signature hashes being slightly different potentially being a feature of Bitcoin to reduce second-layer dependency or crutches, this inability to be malleable was targeted as the prime problem with Bitcoin, and that's what lead to Segregated Witness AKA the Decapitation of Bitcoin as well as hardcore Bitcoin enthusiasts and developers who were paying attention to duplicate (fork) the open-source software before it was modified irreversibly by activating SegWit.
There is no need for 2 IDs but this was done in the name of expanding Bitcoin via "second-layer solutions" because, "Bitcoin doesn't work", "It can't scale", and "It has malleability issues" among other supposed issues - All of which are demonstrably false (every day) with Bitcoin Cash. Meanwhile the old chain IDs live on in a ghostly form but they have been rendered utterly meaningless according to the new SegWit scripts.
According to the specification of SegWit (and SegWit users here often outright deny) "signature data [now] becomes optional". Signature data, the data that is required and described by Bitcoin as a fundamental building block as part of the process of verifying transaction data as it is propagated to the network.
Bitcoin uses something called a Elliptical Curve Digital Signature Algorithm: https://en.wikipedia.org/wiki/Elliptic_Curve_Digital_Signature_Algorithm - with SegWit the signature data is separated out from the transactions: "This BIP defines a new structure called a "witness" that is committed to blocks separately from the transaction merkle tree." See for yourself: with SegWit, "signature data is no longer part of the transaction hash" source.
Segwit is "removing this data from the transaction structure committed to the transaction merkle tree" source.
Making transaction structure more modifiable/malleable was presented as making it easier to expand with future software (such as lightning and schnorr, etc) by Blockstream et al. To make it modifiable transaction IDs are tied together, it does this by instead creating TWO transaction IDs and tying them together with a Segregated Witness script..."A new data structure, witness, is defined. Each transaction will have 2 IDs. " source and the witness ID references the original like a mirror copy.
In its own words: "how the transaction was signed are no longer relevant to transaction identification". This effectively makes a ghost chain that continues on as if it is still alive and SegWit takes over. It appears as though that Bitcoin chain is alive but it is, in fact, long dead.
"It allows creation of unconfirmed transaction dependency chains" [... in other words, chains that aren't really Bitcoin ...] "an important feature for offchain protocols such as the Lightning Network". It forces Bitcoin to rely on second-layer solutions, and even calls them dependency chains.
"Since a version byte is pushed before a witness program, and programs with unknown versions are always considered as anyone-can-spend script, it is possible to introduce any new script system with a soft fork." - so essentially the old chain would be able to become effectively deprecated ... was this really a good thing? was there really a problem to be fixed? did we want any new script system like SegWit to define the new blockchain from now on?
Micro-transactions and near instant transactions with extremely low fees are happening daily already with Bitcoin Cash with zero issues and Bitcoin Cash now has 32MB blocks (Instead of 1MB/2MB) without an unnecessary change to transaction data or signature scripts making it fully scale-able. Bitcoin Cash is Bitcoin. Bitcoin Cash continues the legacy of Bitcoin on a daily basis, while SegWit has effectively decapitated the Bitcoin chain moving everyone over to SegWit. Segregated Witness was a takeover of the old chain signature scripts (or rules) with the new ones that don't actually disable the old methods and system but also don't allow any Devs to go back and work with the old scripts anymore, they're considered completely irrelevant now. The document referenced in this post describes the Bitcoin protocol as "current protocol" and then explains the new SegWit "consensus layer", it is the "official Bitcoin Improvement Proposal" (BIP) document that describes an already complete change to the transaction structure that changes Bitcoin forever.
This effectively kills Bitcoin as you know it. Bitcoin has been decapitated. From now on it is SegWit and second-layer or nothing. It forces Bitcoin Devs to work with the new Segregated Witness IDs from now on, or be forgotten, and of course Bitcoin Cash Devs were having none of that. Thankfully they duplicated the entire project before SegWit was activated and continued the Bitcoin legacy through Bitcoin Cash without the needless extra transaction ID ties.
Bitcoin SegWit Devs are now forced to use the new Segregated Witness protocol and any future scripts must run according to the Segregated Witness procotol that has the wtxid and 2 transaction ID format. Not long from now the original txid will likely be deprecated and the ashes scattered into the wind and everything will move over to just using wtxid... and Lightning, Bitcoin SegWit Devs will probably still be called Bitcoin Devs but in reality they are Lightning Devs along with contributing to all the dangers of using second-layer solutions moving forward. This is fairly obvious because, those "old" signature scripts are still being used today with no issues by Bitcoin Cash just fine. Bitcoin Cash has resurrected Bitcoin and the same Bitcoin developer community that was there in the start is now being revived from the ashes in all the hundreds of ecosystem developments over the last few months, by Bitcoin Cash.
submitted by crockscream to btc [link] [comments]

Do you know what the word malleability means?

The word malleability was picked and used intentionally. Why would you want transaction structure to be modified or adjusted or smudged like clay? You wouldn't right? You'd want to trust in the accuracy of the transaction structure and not let some second-layer or third party, or separate script, confirm trust in transaction validity. Right?
Except that, despite the issue with signature hashes being slightly different being a minor thing, this inability to be malleable is what was targeted as the prime problem with Bitcoin, and that's what lead to segregated witness. Segregated Witness effectively breaks the existing transaction structure in order to create 2 transaction IDs instead of 1, and in order to run new signature scripts - scripts that aren't defined in the original Bitcoin protocol or whitepaper, in the name of expanding Bitcoin because, "Bitcoin doesn't work". "It can't scale" and "It has malleability issues".
When people talk about "the malleability bug" they are referencing signature smudging, as in, when transactions are signed there may be some slight discrepancy regarding the hash before one of the transaction IDs gets cemented into the ledger, for an example as a metaphor: "a capital I might look like a lowercase l" but since it is the signature and not the output data it will still be verified by network nodes before getting added to blocks. What they don't mention is that this doesn't actually have any effect on the transaction output data though, it doesn't result in any problems unless you are reading the data incorrectly. Yep, no effect, money is still transferred just fine. There is no evidence of fraud due to this supposed issue (except for supposedly big one, MtGox). For the vast majority of cases there is no issue. As usual, there is only one transaction that gets cemented into blocks (no doublespends).
Important to note here is that, there is no evidence that this is actually a problem with Bitcoin instead of a problem with second-layer or external services or exchanges such as the MtGox scenario where this "malleability bug" becomes a huge problem because they didn't account for the possibility that this slight variation of transaction ID might be entirely intentional.
This possibly, seemingly intentional, "flaw" that Bitcoin had (before it was modified to have segregated witness) to "fix the bug" is what makes things like lightning network completely unnecessary as is demonstrated daily by Bitcoin Cash users, the transaction structure is important and signature data is important and neither should be modified or adjusted. It was made that way for a reason. In addition, it isn't an issue if some of the signature data can be slightly off, again, the way the system is designed is that only one record becomes cemented into the blockchain. (No doublespend).
Of course, making transaction structure more modifiable was presented as making it easier to expand with future software (such as lightning and schnorr, etc) by Blockstream et al, because it apparently makes it so that there is only ever one definite data tied to one transaction ID, by instead creating TWO transaction IDs and tying them together with a segregated witness script..."A new data structure, witness, is defined. Each transaction will have 2 IDs. " source and the witness ID references the original like a mirror copy, but that also opens up some potentially huge problems later on, and the worst part about it is that these problems would be difficult to prove by a user after they've happened. Why is that? Because if you examine the transaction structure it would appear as though everything is in order even though there may have been an issue (or according to the specification: maybe locked, maybe in a segwit wallet, maybe not yet validated). While there is no proof that money could be stolen if you do not upgrade, there was alarming uncertainty regarding the future of your funds and the future of the network and it does feel like a threat if you do not upgrade.
According to the specification of segwit (and segwit users here often deny) "signature data becomes optional". Signature data, the data that is required and described by Bitcoin as a fundamental building block as part of the process of verifying transaction data as it is propagated to the network. Bitcoin uses something called a Elliptical Curve Digital Signature Algorithm. https://en.wikipedia.org/wiki/Elliptic_Curve_Digital_Signature_Algorithm - with segwit the signature data is separated out from the transactions: "This BIP defines a new structure called a "witness" that is committed to blocks separately from the transaction merkle tree."
See for yourself: with segwit, "signature data is no longer part of the transaction hash" source.
Segwit is "removing this data from the transaction structure committed to the transaction merkle tree" source.
In its own words: "how the transaction was signed are no longer relevant to transaction identification".
"It allows creation of unconfirmed transaction dependency chains" [... in other words, chains that aren't really Bitcoin ...] "an important feature for offchain protocols such as the Lightning Network".
"Segregated witness fixes the problem of transaction malleability fundamentally" the specification then goes on to basically describe Lightning - but is this really a good thing? Micro-transactions with extremely low fees are happening daily already with Bitcoin Cash with zero issues and Bitcoin Cash now has 32MB blocks (Instead of 1MB/2MB) without an unnecessary change to transaction data or signature scripts.
"Since a version byte is pushed before a witness program, and programs with unknown versions are always considered as anyone-can-spend script, it is possible to introduce any new script system with a soft fork." - so essentially the old chain would be able to become deprecated ... is this really a good thing? was there really a problem to be fixed? do we want any new script system like segwit to define the new blockchain from now on?
Actually this is exactly what this is all about, segregated witness is.... in reality... a covert takeover of the old chain signature scripts (or rules) with the new ones that don't actually disable the old methods and system but also don't allow any devs to go back and work with the old scripts anymore, they're considered completely irrelevant now. This effectively kills Bitcoin as you know it. It forces devs to work with the new segregated witness from now on, or be forgotten. Devs are now forced to use the new segregated witness protocol and any future scripts must run according to the segregated witness procotol that has the wtxid and 2 transaction ID format. Not long from now the original txid will likely be deprecated and everything will move over to just using wtxid... this is fairly obvious because, those old signature scripts are still being used today with no issues by Bitcoin Cash just fine.
submitted by crockscream to btc [link] [comments]

Scenario: I am using an 3rd party source for my addresses' utxo's. What is the most malicious thing that api provider could perform against me? (other than denial or service or possible

Experienced bitcoiners skip below below the line Very brief summary for those unfamiliar (not going too deep into it as they would be unlikely to produce a trustworthy answer to this question.)
The info required for a new transaction is essentially no more than: * What transaction output is unspent and capable of being used to fund your next transaction (aka user0 --1btc-> usera. Usera must look back and retrieve the serialized tx so usera knows: * The txid * The index of the output that refers sent to your address
Imagine a tx with addrM sending 0.1 each to addrx, addra, and addrz. Therefor the owner of addra must reference that transaction and their place on the list of outputs (0 = addrx, 1 = addra, 2 = addrz)
Here's an example of using bitcoind to create a new transaction using the txid and the addr index of which you want to spent coins from. bitcoind createrawtransaction '[{"txid":"a9d4599e15b53f3eb531608ddb31f48c695c3d0b3538a6bda871e8b34f2f430c","vout":0 <-- index 0}]' '{"mkZBYBiq6DNoQEKakpMJegyDbw2YiNQnHT":50 <-- the new transaction's recipient:amount to send}'
READ THIS FOR MORE INFO I didnt want to get into much more than an abstract

The point is....

One must have access to an up to date blockchain/UTXO set in order to be certain that the transaction you will broadcast is valid

*Suppose a malicious actor had the ability to falsify what data i put into the utxo's txid and index ((but not anything like the send to address or the scriptsig/redeemscript), *what is the most malicious thing they could do other thing simple denial of service by feeding you falsified utxo data and the tx's ending up getting rejected be the network.
But would it be possible to get someone to spend their own money as a miner fee by sending a utxo (the attacker must know that this particular utxo is redeemable by the victim) dataset that lowballs the utxo value--causing the victim to create a transaction where they are under the impression that, for example, the have 0.5 to spend and want to spend .45, but realistically that utxo is 2 bitcoins. sThe victim would create a tx that sends .45 to the intended recipient of that tx, then 0.0499 sent tto the victim's change address.
So to summarize:
Victim> hey source of blockchain data, gimme a utxo attacker> ok here you go, you were sent .5 btc to addr 123212321... index 4 Victim> thanks bro. im gonna broadcast this tx utilizing that utxo and it looks like the following
Victims understanding of the situation addr1 (0.5) > addrZ (0.45) > changeaddr1 (0.0499) fee = utxo - sum(outputs) fee = 0.5 - (0.45 + 0.0499) fee = 0.0001
What is actually happening:
addr1 (1.00) > addrZ (0.45) > changeaddr1 (0.0499) fee = utxo - sum(outputs) fee = 1.00 - (0.45 + 0.0499) fee = 0.5001
Thus despite the attack requiring one to be in a position like this anyways, the most likely attack scenario would involve a mining pool + online wallet operator. After solving a block, the pool owner withholds it and provides the fake utxo data to their wallet users and after the attacker ends up getting enough victims to have created these crazy high fee tx's, they then publish the block and reap the rewards from the users tricked into paying a crazy high fee.
Is what i'm saying making sense? is this attack--despite its specificity of situation--doable? The bottom line is what is the worst you risk when trusting a third party for utxo data.
I got progressively more and more tired through out this so i could have done a better job writing it--I hope people understand what im getting at.
Resources regarding these topics below
submitted by NYC_Prisoner to Bitcoin [link] [comments]

Qtum - Quantum Chain Design Document

Serialization: Qtum Foundation Design Document

Foreword
In this series of articles, the Qtum Quantum Chain Foundation will make public its early design documents for the first time, hoping to help the community understand the design intent of Qtum and the implementation details of key technologies. The article will be based on the original design draft in order to restore the designer's original ideas. Follow-up Qtum project team will be further collation and interpretation, to help readers understand more technical details, so stay tuned.
The topics that may be included in this series include
* Qtum account abstraction layer AAL
* Qtum distributed autonomous protocol DGP
* Qtum wallet (qt, mobile wallet, etc.) and browser
* Add RPC call
* Mutual interest consensus mechanism MPoS
* Add opcode
* Integration of EVM and Qtum blockchain
* Qtum x86 virtual machine
* Others...
The Qtum quantum chain public number will be updated from time to time around the above topics to restore the history of the Qtum project and key technologies from scratch.
Qtum original design document summary -- Qtum new OPCODE
As we all know, Qtum uses the same UTXO model as Bitcoin. The original UTXO script was not compatible with the EVM account model, so Qtum added three OP_CREATE, OP_CALL, and OP_SPEND opcodes to the UTXO transaction script for the purpose of providing operational support for conversions between UTXO and EVM account models. The original names of the three opcodes are OP_EXEC(OP_CREATE), OP_EXEC_ASSIGN(OP_CALL) and OP_TXHASH(OP_SPEND), respectively.
The following is an excerpt of representative original documents for interested readers.
OP_CREATE (or OP_EXEC**)**
OP_CREATE (or OP_EXEC) is used to create a smart contract. The original design files (with Chinese translation) related to this opcode by the Qtum development team are as follows (ps: QTUM <#> or QTUMCORE<#> in the document numbering internal design documents. ):
QTUMCORE-3:Add EVM and OP_CREATE for contract execution Description:After this story, the EVM should be integrated and a very basic contract should be capable of being executed. There will be a new opcode, OP_CREATE (formerly OP_EXEC), which takes 4 arguments, in push order: 1. VM version (currently 1 is EVM) 2. Gas price (not yet used, anything is valid) 3. Gas limit (not yet used, assume very high limit) 4. bytecodeFor now it is OK that this script format be forced and mandatory for OP_CREATE transactions on the blockchain. (ie, only "standard" allowed on the blockchain) When OP_CREATE is encountered, it should execute the EVM and persist the contract to a database (triedb) Note: Make sure to follow policy for external code (commit vanilla unmodified code first, and then change it as needed) Make the EVM test suite functional as well (someone else can setup continuous integration changes for it though) 
The above document describes the functions required by OP_CREATE and the parameters used.

OP_CALL (or OP_EXEC_ASSIGN)

OP_CALL is used for contract execution and is one of the most commonly used opcodes. There are many descriptions in the original design document.
QTUM6: Implement calling environment info in EVM for OP_EXEC_ASSIGN 
Description: Solidity expects certain information to be pushed onto the stack as part of it's ABI. So, when data is sent into the contract using OP_EXEC_ASSIGN we need to make sure to provide this data. This data includes the Solidity "function selector" as well as ensuring the opcodes CALLER and ORIGIN function properly. This looks to be fairly easy, it should just be transferring some data from the Bitcoin stack to the EVM stack, and setting some fields for the origin info. However, this story should be split into multiple tasks and re-evaluated if it isn't easy. See also: https://github.com/ethereum/wiki/wiki/Ethereum-Contract-ABI For populating the CALLER and ORIGIN value, the following should be done: OP_EXEC_ASSIGN should take 2 extra arguments, SENDER and SENDER_SIGNATURE. Sender should be a public key. Sender Signature is the signature of all the vins for the current transaction, signed of course using the SENDER value.On the EVM side, CALLER's value will be a public key hash, ie, a hash of the SENDER public key. This public key hash should be compatible with Bitcoin's public key hash for it's standard version 1 addresses. IF the given SENDER_SIGNATURE does not match successfully, then the transaction should be considered invalid. If the SENDER public key is 0, then SENDER_SIGNATURE must also be 0, and the given CALLER opcode etc should just return 0.
The above document describes the OP_EXEC_ASSIGN calling environment information that needs to be implemented in the EVM.
QTUM8: Implement OP_EXEC_ASSIGN for sending money to contracts 
Description: A new opcode should be added, OP_EXEC_ASSIGN. This opcode should take these arguments in push order: # version number (VM version to use, currently just 1)

gas price (can be ignored for now)

gas refund script (can be ignored for now)

data (The data to hand to the smart contract. This will include things like the Solidity ABI Function Selector and other data that will later be available using the CALLERDATA EVM opcode) # smart contract address (txid + vout number)

It should return two values right now, 0 and 0. These are for spendable and out of gas, respectively. Making them spendable and dealing with out of gas will be in a future storyFor this story, the EVM contract does not actually need to be executed. This opcode should only be a placeholder so that the accounting system can determine how much money a contract has control of
The above document describes the OP_EXEC_ASSIGN implementation details.
QTUM15: Execute the relevant contract during OP_EXEC_ASSIGN 
Description: After this story is complete, when OP_EXEC_ASSIGN is reached, it should actually execute the contract whose address was given to it, passing the relevant data from the bitcoin script stack with it. Other data such as the caller and sender can be left for a later story. Making the CALLER, ORIGIN etc opcodes work properly will be fixed with a later story
The above document describes OP_EXEC_ASSIGN how the script runs the relevant contract code.
QTUM40: Allow contracts to send money to pubkeyhash addresses Description: We need to allow contracts to send money back to pubkeyhash addresses, so that people can withdraw their coins from contracts when allowed, etc. This should work similar to how version 0 contract sends work. Instead of using an OP_EXEC_ASSIGN vout though, we need to instead use a standard pubkeyhash script. So, upon spending to a pubkeyhash, the following transaction should be placed on the blockchain: vin: [standard contract OP_EXEC_ASSIGN inputs] ... vout: OP_DUP OP_HASH160 [pubKeyHash] OP_EQUALVERIFY OP_CHECKSIG change output - version 0 OP_EXEC_ASSIGN back to spending contract These outputs should be directly spendable in the wallet with no changes to the wallet code itself 
The above document describes how to allow contracts to send QTUM to pubkeyhash addresses.
QTUMCORE-10:Add ability for contracts to call other deployed contracts Description:Contracts should be capable of calling other contracts using a new opcode, OP_CALL. Arguments in push order:version (32 bit integer) gas price (64 bit integer) gas limit (64 bit integer) contract address (160 bits) data (any length) OP_CALL should ways return false for now. OP_CALL only results in contract execution when used in a vout; Similar to OP_CREATE, it uses the special rule to process the script during vout processing (rather than when spent as is normal in Bitcoin). Contract execution should only be triggered when the transaction script is in this standard format and has no extra opcodes. If OP_CALL is created that uses an invalid contract address, then no contract execution should take place. The transaction should still be valid in the blockchain however. If money was sent with OP_CALL, then that money (minus the gas fees) should result in a refund transaction to send the funds back to vin[0]'s vout script. The "sender" exposed to EVM should be the pubkeyhash spent by vin[0]. If the vout spent by vin[0] is not a pubkeyhash, then the sender should be 0.Funds can be sent to the contract using an OP_CALL vout. These funds will be handled by the account abstraciton layer in a different story, to expose this to the EVM. Multiple OP_CALLS can be used in a single transaction. However, before contract execution, the gas price and gas limit of each OP_CALL vout should be checked to ensure that the transaction provides enough transaction fees to cover the gas. Additionally, this should be verified even when the contract is not executed, such as when it is accepted in the mempool. 
The above document describes how the contract calls other contracts via OP_CALL.

OP_SPEND (or OP_TXHASH, OP_EXEC_SPEND)

OP_SPEND is used for the cost of the contract balance. Because the contract address is a special address, in order to ensure consensus, the UTXO needs to be specially processed. Therefore, there are more descriptions of the OP_SPEND operation code in the original design document.
QTUM20: Create OP_EXEC_SPEND transaction when a contract spends money 
Description: When a CALL opcode or similar to used from an EVM contract to send another contract money, this should be shown on the blockchain as a new transaction. When a money transfer is done in the contract, the miner should add a new transaction exactly after the currently processing transaction in the block. This transaction should spend an input owned by the contract by using EXEC_SPEND in it's redeemScript. For the purposes of this story, assume change is not something to be worried about and consume as many inputs are needed. Properly picking effecient coins and sending back money to the originating contract will come in a later story. Edge cases to watch for: The transaction for sending money to the contract must come directly after the executing transaction. The outputs should use a version-0 OP_EXEC_ASSIGN vout, so that if the transaction were received out of context, it would still mean to not execute the contract.
The above document describes the timing of creating a OP_SPEND transaction.
QTUM21: Create consensus-critical change and coin-picking algorithm for OP_EXEC_SPEND transactions Description: Building on #20, now a consensus-critical algorithm must be made that picks the most optimal outputs belonging to the contract, and spends them, and also makes a change output that returns the "change" from the transaction back to the contract. All outputs in this case should be using a version-0 OP_EXEC_ASSIGN, to avoid running into the limitation that prevents more than one (version 1) OP_EXEC_ASSIGN transaction from being in a single transaction. The transaction should have as many vins as needed, and exactly 2 vouts. The first vout to go to the target contract, and the second vout to send change back to the source contract. 
QTUM22: Disallow more than one EVM execution per transaction
Description: In order to avoid significant edge cases, for now, disallow more than one EVM execution to take place in a single transaction. This includes both deployment and fund assignment vouts. Instead, such things should be split into multiple transactions If two EVM executions are encountered, the transaction should be treated as completely invalid and not suitable for broadcast nor putting into a block
QTUM23: Add "version 0" OP_EXEC_ASSIGN, which does not execute EVM Description: To counteract problems from #22, we should allow OP_EXEC_ASSIGN to be used to fund a contract without the contract actually being executed. This will be used later for "change" outputs to (multiple) contracts. If the version number passed in for OP_EXEC_ASSIGN is 0, then the contract is not executed. Also, this is only valid if the data provided to OP_EXEC_ASSIGN is just a single byte "0". Multiple version-0 OP_EXEC_ASSIGN vouts should be valid in a transaction, or 1 non-version-0 OP_EXEC_ASSIGN (or an OP_EXEC deployment) and multiple version-0 OP_EXEC_ASSIGN vouts. This will be used for all money spending that is sent from a contract to another contract
The above three documents describe that if the consensus-associated coin-picking algorithm guarantees that the OP_SPEND opcode does not cause a consensus error, the correctness of the change is ensured. At the same time, it describes the situation where the contract does not need to be run and how it is handled.
QTUM34: Disallow OP_EXEC and OP_EXEC_ASSIGN from coinbase transactions Description: Because of problems with coinbase maturity and potential side effects from ordering of gas-refund scripts, it should not be legal for coinbase outputs to be anything which results in EVM execution or directly changing EVM account balances. This includes version 0 OP_EXEC_ASSIGN outputs. 
The above document stipulates that coinbase transactions should not include contract-related scripts.

Other related documents

In addition, there are some documents describing the infrastructure needed for the new operation code.
QTUMCORE-51:Formalize the version field for OP_CREATE and OP_CALL Description:In order to sustain future extensions to the protocol, we need to set some rules for how we will later upgrade and add new VMs by changing the "version" argument to OP_CREATE and OP_CALL. We need a definitive VM version format beyond our current "just increment when doing upgrades". This would allow us to more easily plan upgrades and soft-forks. Proposed fields: 
  1. VM Format (can be increased from 0 to extend this format in the future): 2 bits2. Root VM - The actual VM to use, such as EVM, Lua, JVM, etc: 6 bits
  2. VM Version - The version of the Root VM to use (for upgrading the root VM with backwards compatibility) - 8 bits
  3. Flag options - For flags to the VM execution and AAL: 16 bits Total: 32 bits (4 bytes). Size is important since it will be in every EXEC transaction Flag option bits that control contract creation: (only apply to OP_CREATE) • 0 (reserve) Fixed gas schedule - if true, then this contract chooses to opt-out of allowing different gas schedules. Using OP_CALL with a gas schedule other than the one specified in it's creation will result in an immediate exception and result in an out of gas refund condition • 1 (reserve) Enable contract admin interface (reserve only, this will be implemented later. Will allow contracts to control for themselves what VM versions and such they allow, and allows the values to be changed over the lifecycle of the contract) • 2 (reserve) Disallow version 0 funding - If true, this contract is not capable of receiving money through version 0 OP_CALL, other than as required for the account abstraction layer. • bits 3-15 available for future extensions Flag options that control contract calls: (only apply to OP_CALL) • (none yet) Flag options that control both contract calls and creation: • (none yet) These flags will be implemented in a later story Note that the version field now MUST be a 4 byte push. A standard EVM contract would now use the version number (in hex) "01 00 00 00" Consensus behavior: VM Format must be 0 to be valid in a block Root VM can be any value. 1 is EVM, 0 is no-exec. All other values result in no-exec (allowed, but the no execution, for easier soft-forks later) VM Version can be any value (soft-fork compatibility). If a new version is used than 0 (0 is initial release version), then it will execute using version 0 and ignore the value Flag options can be any value (soft-fork compatibility). (inactive flag fields are ignored) Standard mempool behavior: VM Format must be 0Root VM must be 0 or 1VM Version must be 0Flag options - all valid fields can be set. All fields that are not assigned must be set to 0Defaults for EVM: VM Format: 0Root VM: 1VM Version: 0Flags: 0
The above documents formally identified OP_CREATE and OP_CALL needed version information, paving the way for subsequent multi-virtual machine support for Qtum.
QTUMCORE-52:Contract Admin Interface Description:(note, this isn't a goal for mainnet, though it would be a nice feature to include) It should be possible to manage the lifecycle of a contract internally within the contract itself. Such variables and configuration values that might need to be changed over the course of a contract's lifecycle: • Allowable gas schedules 
• Allowable VM versions (ie, if a future VM version breaks this contract, don't allow it to be used, as well as deprecating past VM versions from being used to interact with this contract) • Creation flags (the version flags in OP_CREATE) All of these variables must be able to be controlled within the contract itself, using decentralized code. For instance, in a DAO scenario, it might be something that participants can vote on within the contract, and then the contract triggers the code that changes these parameters. In addition, a contract should be capable of detecting it's own settings throughout it's execution as well as when it is initially created. I propose implementing this interface as a special pre-compiled contract. For a contract ot interact with it, it would call it using the Solidity ABI like any other contract. Proposed ABI for the contract: • bytes[2048] GasSchedule(int n) • int GasScheduleCount() • int AddGasSchedule(bytes[2048] • bytes[32] AllowedVMVersions() • void SetAllowedVMVersions(bytes[32]) Alternative implementations: There could be a specific Solidity function which is called in order to validate that the contract should allow itself to be called in a particular manner: pragma solidity 0.4.0; contract BlockHashTest {function BlockHashTest() { }function ValidateGasSchedule(bytes32 addr) public returns (bool) {if(addr=="123454") { return true; //allow contract to run }return false; //do not allow contract to run}function ValidateVMVersion(byte version) public returns (bool){if(version >= 2 && version < 10) { return true; //allow to run on versions 2-9. Say for example 1 had a vulnerability in it, and 10 broke the contract }return false; } } In this way a contract is responsible for managing it's own state. The basic way it would work is that when a you use OP_CALL to call a contract, it would first execute these two functions (and their execution would be included in gas costs). If either function returns false, then it immediately triggers an out of gas condition and cancels execution. It's slightly complicated to manage the "ValidateVMVersion" callback however, because we must decide which VM version to use. A bad one could cause this function itself to misbeha`ve.```````
pragma solidity 0.4.0; contract BlockHashTest {function BlockHashTest() { }function ValidateGasSchedule(bytes32 addr) public returns (bool) {if(addr=="123454") { return true; //allow contract to run }return false; //do not allow contract to run}function ValidateVMVersion(byte version) public returns (bool){if(version >= 2 && version < 10) { return true; //allow to run on versions 2-9. Say for example 1 had a vulnerability in it, and 10 broke the contract }return false; }
} 
The above document describes the management interface of the contract, and yes the contract can manage its own status.
QTUMCORE-53:Add opt-out flags to contracts for version 0 sends Description:Some contracts may wish to opt-out of certain features in Qtum that are not present in Ethereum. This way more Ethereum contracts can be ported to Qtum without worrying about new features in the Qtum blockchain Two flag options should be added to the Version field, which only have an effect in OP_CREATE for creating the contract: 2. (1st bit) Disallow "version 0" OP_CALLs to this contract outside of the AAL. (DisallowVersion0)  If this is enabled, then an OP_CALL using "root VM 0" (which causes no execution) is not allowed to be sent to this contract. If money is attempted to be sent to this contract using "version 0" OP_CALL, then it will result in an out of gas exception and the funds should be refunded. Version 0 payments made internally within the Account Abstraction Layer should not be affected by this flag. Along with these new consensus rules, there should also be some standard mempool checks: 
  1. If an OP_CALL tx uses a different gas schedule than the contract creation, and the disallow dynamic gas flag is set, then the transaction should be rejected from the mempool as a non-standard transaction (version 0 payments should not be allowed as standard transactions in the mempool anyway)
The above document describes how to get better EVM compatibility by ignoring certain Qtum specific features in order to port Ethereum contract code. This makes smart contracts in the Ethereum ecosystem more easily compatible with Qtum.

summary

The Qtum original design document presented above describes Qtu's increased opcode associated with the contract run, laying the groundwork for subsequent Qtum's EVM VMs that are compatible with the account model on top of the UTXO model, and also making the account abstraction layer AAL possible. The subsequent Qtum project team will further interpret the key documents. If you have any questions, readers can post comments in the comments area or contact the Qtum project team .
The Qtum quantum chain public number will be updated from time to time around the above topics to restore the history of the Qtum project and key technologies from scratch .
Please note that based on Patrick Dai's translation request, the content in this material is translated to English and published on Reddit.
OP's Qtum Address: QMmYAMEFgvPJGwK9nrwqYw1DHhBkiuEi78
submitted by szhman to Qtum [link] [comments]

Notes on a first quick test of NTumblebit, on Linux and regtest.

I just thought I'd jot down a few notes on the experience of trying out the current NTumbleBit code.
This is testing on regtest, done for the simple reason that you don't have to wait for testnet blocks (nor sync testnet which is mildly annoying). At this stage I just wanted to learn how this works.
Your starting point is this wiki page.

Installation

You need to download Bitcoin Core. Use at least 0.13.1 - this turned out to be only major blocking point in the whole test, funnily enough, for me - it took me a few hours(!) in debugging to realize that the reason my wallet's coins were not being recognized was simply because 0.12.1 didn't support the necessary RPC syntax. (Note to devs: is there a way to expose errors/exception to the user in the client to help with under-the-hood errors like that? RPC configuration errors are exposed, so that's good of course).
Since this is regtest, that's it: you don't need to sync any blockchains :)
However, you do of course have to configure and start it. Put a bitcoin.conf somewhere (if you're currently running a node it's easiest to make a separate one from your main ~/.bitcoin/bitcoin.conf one, of course. I put one in ~/bitcoin.conf with these settings:
rpcuser=bitcoinrpc rpcpassword=123456abcdef 
(you'll need those values again in a minute) and then run with
~/bitcoininstallationdibitcoind -regtest -daemon -conf=homedibitcoin.conf 
(I didn't need to add server=1 to config).
Note that coins are not available until maturity, so you need to use the generate command to mine blocks, like this:
~/bitcoininstallationdibitcoin-cli -regtest -rpcuser=bitcoinrpc -rpcpassword=123456abcdef generate 101 
Now your regtest bitcoind is running, you can move on to Tumblebit. Follow the instructions in the wiki page mentioned at the start; install .Net Core - the Microsoft instructions are easy to follow, just a couple of apt-gets and install the *.deb. Next, clone the github repo and run the Unit Tests. They passed first time for me.

Running

Next, start up the server, following the instructions in the wiki, except note you're using regtest, so:
cd NTumbleBit.TumblerServer dotnet run -regtest 
The first start up will compile but also set up RSA keys, all that is fine without changes, but you'll need to edit the config so that the RPC is pointing at your regtest instance properly. In this case it (the new config should be located in ~/.ntumblebit/RegTest/server.config) should be edited to look like:
rpc.url=http://localhost:18332/ rpc.user=bitcoinrpc rpc.password=123456abcdef #rpc.cookiefile=yourbitcoinfolde.cookie 
Then restart and check you get no RPC errors. Leave that console open, it's running a server loop.
Next, configure and start the client. Note, we are still following the wiki page, except for the regtest element, so:
cd NTumbleBit.CLI dotnet run -regtest 
You'll most likely get an RPC error again, before it shuts down. Now we need to edit the ~/.ntumblebit/RegTest/client.config file. The server can be left as the default localhost:5000, but you need the right RPC settings:
rpc.url=http://localhost:18332/ rpc.user=bitcoinrpc rpc.password=123456abcdef #rpc.cookiefile=yourbitcoinfolde.cookie tumbler.server=http://localhost:5000 outputwallet.extpubkey= outputwallet.keypath=0 
the last two fields are the important bit, which the wiki page explains in some detail for the testnet case.

Details on setting up a receiving wallet (for this test!)

What you need is a BIP32 based wallet (HD) that supports testnet, and can be run against regtest here (which in most cases will be the same thing to a wallet, as long as it can connect via RPC to sync itself). The good news is the wallet doesn't need to contain any coins. The details of the following probably won't be suitable for most (if you've never used joinmarket it's a bit convoluted), so you'll probably want to find another easy to use wallet; the wiki page should be a good starting point.
For my test I used joinmarket; all we need to do is (a) hook it up to the regtest instance, and (b) extract the BIP32 xpub key that we'll be sending coins to. So in my case the flow of coins is:
Regtest Bitcoin Core wallet (containing 'mined' coins) one branch of my BIP32 joinmarket wallet, configured to sync against the same regtest instance.
I used my new joinmarket code but it's the same for the main joinmarket code. I overwrote joinmarket.cfg to have regtest settings (use this file; only the highlighted settings matter, those are the right ones for this test), then just run python wallet-tool.py randomseed. "randomseed" there can be literally anything, it's read as a brainwallet style seed for the bip32 wallet (because testnet, we don't care about its insecurity). The tpub.. keys seen for each branch are the "xpub" public keys at that branch of the BIP32 wallet. Tumblebit is going to send to a branch below whatever xpub we need, so the simplest is to add a print statement to print the xpub key above that; e.g. add this code:
for i in range(max_mix_depth): print('master for index: ' + str( i) + ' : ' + btc.bip32_privtopub(mixing_depth_keys[i])) 
immediately above this line. Then run again python wallet-tool.py randomseed.
Extract an xpub for any one of the "mixdepths", e.g. I chose:
master for index: 3 : tpubDBFGvUbWtEPKXeWPeG7rUh98iV9GuXSDbnk6ZrZHjcmp134BPByT293HPPQ93DktrVFKpZeAU1ULSdyfmwWuUGvUVLP19JkdUq2mzNKFJPR 
and put that tpub.. key into the field pubkey in the above mentioned 'client.config':
outputwallet.extpubkey=tpubDBFGvUbWtEPKXeWPeG7rUh98iV9GuXSDbnk6ZrZHjcmp134BPByT293HPPQ93DktrVFKpZeAU1ULSdyfmwWuUGvUVLP19JkdUq2mzNKFJPR outputwallet.keypath=0 
Now save and quit.

Running the tumble

Restart the client. If RPC is right, it'll start running, waiting for blocks. Your regtest Core instance will have coins (after the previous generate 101), and those coins will be automatically tumbled, one coin at a time, into the output wallet (in my case, the branch m/0/3/0 which is labelled there 'mixdepth 3, external').
Now you can test and watch the process! Open up a third console and repeatedly generate blocks:
/path/to/bitcoin/bin/bitcoin-cli -regtest -rpcpassword=123456abcdef generate 1 
As each block is generated you'll see the state in the client terminal window updating, showing the phases. A new 'epoch' (right term?) is started every N blocks (I haven't investigated the timing yet), and several epochs run concurrently. In each one, the client can pay in 1 Bitcoin (from Core) and eventually get out 1 coin - fees to the destination (Joinmarket in my case, any other BIP32 in yours). You can replace generate 1 with generate N but I'm not sure if the code will always correctly handle you mining lots of blocks at once! After a large enough number of blocks you'll start to see 'ClientCashout phase' occurring, and txids being printed out. You can go back to your (JM or other) wallet and see the coins arriving; here's what I see after a few epochs have gone through (using my python wallet-tool.py randomseed command):
for mixdepth=2 balance=0.00000000btc mixing depth 3 m/0/3/ external addresses m/0/3/0 tpubDDMAxSHJmxzeXwDnATuvtDizqNSsQKpXGufBDnER44BzEbHy7kg485zZwHqvzprgf6yEQYg9qYYfsLYS1HMmdSuXDzQb2dJSiga9geyM62R m/0/3/0/007 mw9s7tYucxB9yr2L6HkqeDVsh3wdgMdcyK used 0.99995750 btc m/0/3/0/008 mq5TgTNgwYHv88Q4T7wL6kTb1MBSPE3mqK used 0.99995750 btc m/0/3/0/009 mhzQFY8FNvux6SKWKLKmhBB3Sw4MLaSnyu used 0.99995750 btc m/0/3/0/010 mrYECmCf5UKa1BBRMuzprVugsCi9z7oiHo new 0.00000000 btc m/0/3/0/011 mopUNXmHT8ngfBymM3c3EYMg7RLZAf6Zc6 new 0.00000000 btc m/0/3/0/012 mmaVXVfQP4UAYJPhMpQ3FhgXfHzujaxyw4 new 0.00000000 btc m/0/3/0/013 mzYD1AcUFz8SVwJM8EjVCfEM6pcYnHooBR new 0.00000000 btc m/0/3/0/014 my5unLCEMWQBkXBdeJ75VVGk1wrMrT8iDE new 0.00000000 btc m/0/3/0/015 muA76YSTtKKmD6HnVKYhkd9K9TZnPLh8pp new 0.00000000 btc internal addresses m/0/3/1 for mixdepth=3 balance=2.99987250btc 
As you can see, 3 coins have arrived.
submitted by waxwing to TumbleBit [link] [comments]

Qtum Quantum Chain Design Document -- Add RPC Calls (Seven)

Qtum original design document summary (7) -- Qtum added RPC call
https://mp.weixin.qq.com/s/JdJLxEIBjD255qey6ITO_g
Qtum's core program, qtumd, runs all core logic including validation and creation of blocks. However, to achieve interaction with qtumd, you need to rely on RPC (Remote Procedure Call). Through RPC, you can interact with qtumd from the outside to implement basic functions such as sending and receiving QTUM and obtaining blockchain information.
The initial version of the Qtum RPC call is compatible with Bitcoin. On this basis, because the Qtum blockchain is different from Bitcoin, and Qtum supports the smart contract function that Bitcoin does not have, it is necessary to add a new RPC or improve the existing RPC to achieve Qtum. Full interaction of nodes.
The following section captures the relevant original design documents (with Chinese translation) for the Qtum RPC call from the early Qtum development team (ps: QTUM<#> or QTUMCORE<#> in the document is the internal design document number):
 
QTUM-35: Add RPC call for off-chain contract execution
Description: In Ethereum there are some contract's that can be executed without needing to be on the blockchain. This is useful especially for retrieving the status and results from a contract, and will make no changes to the on-chain storage or state. We should Add an RPC call to cover this functionality
 
Callcontract [address] [data]
Returns/prints hex encoded return data
 
Task: Add an RPC (Remote Procedure Call) call to run under the chain Description: It is useful to have some contracts in Ethereum that are not working on the blockchain, especially when retrieving the status and results of contracts, and not changing the storage and status of the chain. We should add an RPC call to implement this functionality. Callcontract [address] [data] Return / print hexadecimal encoded return data
 
QTUMCORE-14: Add "callcontract" RPC call for off-chain computations
Description: There should be an RPC call that executes a contract without requiring interaction with the blockchain network, and thus without gas or other fees. Callcontract contract-address data (sender) This should execute the contract locally, and if the contract function returns data, it should be returned/printed by the RPC call. Sender is optional and does not require an owned vout (it can be any valid address)
Task: Add a "callcontract" RPC call for the calculation of the chain Description: There should be an RPC call that does not require interaction with the blockchain network to run the contract, so it does not require gas or other fees. The format is as follows: Callcontract contract-address data (sender) It can run the contract locally, and if the contract function returns data, the RPC call can return/print the data. The sender is optional and does not need to have vout (it can be any valid address).
The above two tasks add a callcontract RPC call interface to implement a local chain call contract, which is convenient for viewing contract status or obtaining contract results without changing any information on the chain.
 
QTUMCORE-7: Add "createcontract" RPC call
 
Description: A new RPC call should be added call "deploycontract" "createcontract". This RPC call will be used to deploy a new smart contract to the Qtum blockchain.
Syntax:
Deploycontract createcontract gas-price gas-limit bytecode [sender-address] [txfee] [broadcast]
If no address is specified, then it should be picked randomly from the wallet. If no outputs exist to spend using that sender-address, then an error should be shown and no transaction created.
Tsfee is optional and if not specified should use the same auto txfee as the rest of the wallet (for example sendtoaddress uses an auto txfee)
Broadcast should default to true. If broadcast is false, then the transaction is created and signed, and then printed to the screen in hex rather than broadcast to the network.
If the sender-address does have an output, but it is not enough to cover the gas costs and tx fees, then any UTXO owned by the wallet should be used by the transaction to cover those fees. (not all funds must come from sender -address, but the sender-address must be vin[0])
After execution, if broadcast is true, it should print the txid and the new contract address.
Task: Add "createcontract" RPC call
Description: Add a "createcontract" RPC call that will be used to deploy a new smart contract on the Qtum blockchain.
grammar:
Createcontract gas-price gas-limit bytecode [sender-address] [txfee] [broadcast]
Among them, sender-address (sender address) is optional. If no address is specified, an address will be randomly selected from the wallet. If there is no output available in the sender-address, an error will be displayed and the transaction will not be created.
Txfee (transaction fee) is optional. If not specified, it should use the same automatic txfee as the rest of the wallet (for example, the automatic txfee used by sendtoaddress)
Broadcast should be true by default. If broadcast is false, the transaction is created and signed, and will be printed to the screen in hexadecimal format instead of being broadcast to the network.
If the sender-address does have an output, but it does not cover the gas charges and transaction fees, then any UTXO owned by the wallet can be used by the transaction to pay for these charges. (Not all funds must come from sender-address, but sender-address must be vin[0])
After running, if broadcast is true, the transaction id and the new contract address are printed.
The above task adds the RPC call createcontract for creating and deploying new smart contracts, and describes the specific meaning of the parameters and their corresponding behavior.
 
QTUMCORE-13: Add "sendtocontract" RPC call
Description: An rpc call should be adding for sending data and (optionally) money to a contract that has been deployed on the blockchain.
The format should be:
Sendtocontract contract-address data (value gaslimit gasprice sender broadcast)
This should create a contract call transaction using OP_CALL.
Value defaults to 0.
If no address is specified, then it should be picked randomly from the wallet. If no outputs exist to spend using that sender-address, then an error should be shown and no transaction created.
Broadcast should default to true. If broadcast is false, then the transaction is created and signed, and then printed to the screen in hex rather than broadcast to the network.
If the sender-address does have an output, but it is not enough to cover the gas costs, tx fees, and value, then any UTXO owned by the wallet should be used by the transaction to cover the remainder. (not all funds must Come from sender-address, but the sender-address must be vin[0])
After execution, if broadcast is true, it should print the txid and the new contract address.
Task: Add "sendtocontract" RPC call
Description: In order to send data or funds to a contract already deployed on the blockchain, an RPC call should be added.
The format should be:
Sendtocontract contract-address data (value gaslimit gasprice sender broadcast)
You can use OP_CALL to create a contract call transaction.
Value defaults to 0.
The sender-address is optional. If no address is specified, an address will be randomly selected from the wallet. If there are no outputs available in the sender-address, an error will be displayed and no transaction will be created.
Broadcast is default to true. If broadcast is false, then the transaction is created and signed and then printed to the screen in hexadecimal format instead of being broadcast to the network.
If the sender-address does have an output, but the output is not sufficient to cover the gas fee, transaction cost, and value, then any UTXO owned by the wallet can be traded to pay the remaining fee. (Not all funds must come from sender-address, but sender-address must be vin[0])
After running, if broadcast is true, the transaction id and the new contract address should be printed.
In order to implement the contract on the chain, the above task adds a sendtocontract RPC call. Its functionality is similar to callcontract and can be used to run contracts. The biggest difference is that sendtocontract implements the chain call, which requires the cost of the Gas, and the running result needs to be verified by the entire network node, and will change the storage state on the contract chain.
 
QTUMCORE-81:create getTransactionReceipt rpc call
Description: We need to create getTransactionReceipt rpc call that returns the same values ​​as here:
https://github.com/ethereum/wiki/wiki/JavaScript-API#web3ethgettransactionreceipt
Most important part is the logs. they can either be stored into a separate db or use one of the existing tx or eth related db.
Task: Create getTransactionReceipt RPC call
Description: We need to create a getTransactionReceipt RPC call that returns the same value as in the following link:
https://github.com/ethereum/wiki/wiki/JavaScript-API#web3ethgettransactionreceipt
The most important part is the log. They can be stored in a separate database, or they can use existing transactions or Ethereum-related databases.
The above task adds a gettransactionreceipt RPC call to the smart contract log to get the contract transaction related logs, which is very useful for understanding the status of smart contracts.
 
QTUMCORE-90: add searchlogs rpc call
Description: we need to add an rpc call to allow us to search the eth event logs, we need to support similar parameters as eth:
https://github.com/ethereum/wiki/wiki/JavaScript-API#web3ethfilter
So it would be: searchlogs(fromBlock, toBlock, address, topics)
fromBlock, toBlock should support latest keyword
Adderss: optional should be an array of one or more addresses
Topics: optional (check the link above)
Unlike eth where you have to call watch, this method should just output the filtered logs
Task: Add searchlogs RPC call
Description: We need to add a PRC call that allows searching for smart contract event logs, and we need to support parameters similar to Ethereum:
https://github.com/ethereum/wiki/wiki/JavaScript-API#web3ethfilter
So its form is as follows: searchlogs(fromBlock, toBlock, address, topics)
fromBlock: toBlock should support the latest keywords
Address: an optional array of one or more addresses
Topics: optional (refer to the link above)
Unlike the Ethereum, which needs to call watch, this method only outputs the filtered log.
The above task adds an RPC for retrieving the smart contract event log to facilitate screening of event logs that satisfy the condition. Users can quickly get the contract status they care about.
 
QTUMCORE-92: add getcode and getstorageat rpc calls
Description: We need to implement Qtum equivalent of these 2 rpc calls:
https://github.com/ethereum/wiki/wiki/JavaScript-API#web3ethgetcode
https://github.com/ethereum/wiki/wiki/JavaScript-API#web3ethgetstorageat
No need to implement callback function for now.
For the default block, we can use block number, or keyword "latest" (default)
Task: Add getcode and getstorageat RPC calls
Description: We need to implement the QTP version of the RPC call equivalent to the following two RPCs:
https://github.com/ethereum/wiki/wiki/JavaScript-API#web3ethgetcode
https://github.com/ethereum/wiki/wiki/JavaScript-API#web3ethgetstorageat
There is currently no need to implement a callback function.
For the default block, we can use the block number, or the keyword "latest" (default)
The above task implements an equivalent RPC similar to Ethereum for obtaining contract code and storing information.
 
QTUMCORE-97: Change validation of contract rpc calls inputs
Description: Change validation of contract rpc calls inputs to accept only hex
Task: Modify the verification of the input value of the contract RPC call
Description: Modify the validation of the input value of the contract RPC call to accept only hexadecimal.
The above task stipulates that the RPC of the verification contract only accepts the hexadecimal data parameters, so that the rpc interface is as consistent as possible.
 
QTUMCORE-123: Add "excepted": to gettransactionreceipt
Description: We need to add the "excepted": field to gettransactionreceipt rpc call which lists "None" if no exception occured, or lists the actual exception that happened.
The same lessons is in callcontract call.
We need the change to be backward compatible, which means it should not break the current logs db, but people who want to see exceptions would have to recreate/reindex the logs db
Task: Add "excepted": field in gettransactionreceipt
Description: We need to add the "excepted": field to the gettransactionreceipt RPC call. If no exception occurs, it will display "None", otherwise it will list the actual exception.
The same is true for Callcontract calls.
We need to modify it to be forward compatible, which means it can't break the current log database, but if you want to see these exceptions, you must rebuild/reindex the log database.
The above tasks enable a number of RPCs associated with smart contracts to throw exceptions that are convenient for the user to understand the wrong running state of the contract and also help developers debug the code.
 
QTUMCORE-124:Add "changeToSender" to sendtoaddress and make sure the "Don't use change address" option also affects sendtoaddress
Description: We need to add "changeToSender" parameter to sendtoaddress rpc call, same as we did for sendtocontract.
Also we need to make sure the "Don't use change address" also affects sendtoaddress
Task: Add "changeToSender" to sendtoaddress and make sure the "Don't use change address" option is also valid for sendtoaddress
Description: We need to add the "changeToSender" parameter to the sendtoaddress RPC call, which is also added to the sendtocontract.
We also need to make sure that the "Don't use change address" option is also valid for sendtoaddress.
Due to the UTXO model, the change of the contract call is easy to confuse the user. Therefore, the above task adds the option of "do not use the change address" for the sendtoaddressRPC, from which the user can choose to return to the original address.
 
QTUMCORE-125: Add callcontract support to "createrawtransaction" rpc call
Description: As requested by some exchanges, which use "createrawtransaction" to create raw transactions before signing on a cold wallet, we need to add
1- raw contract data support to "createrawtransaction" rpc call.
Currently "createrawtransaction" supports two types of outputs in the outputs arguments:
First is "address": x.xxx which created a standard P2PKH output
The second is "data": "hex" which creates an OP_RETURN output
We need to add:
1- "callcontract":
{contractAddress:"address", data:"data", amount:"amount", gasLimit:"gaslimit", gasPrice:"gasPrice"}
Where:
contractAddress: a valid contract address (valid hash160 hex data)
Data: the hex data to add in the OP_CALL output (should validate it's hex data, you can check the validation done in sendtocontract)
Amount (optional): the value of the output (value in QTUM to send with the call), should be a valid amount, default 0
gasLimit (optional): the gas limit for the transaction (same as in sendtocontract), defaults to the default/DGP value
GasPrice (optional): the gas price for the transaction (same as in sendtocontract), defaults to the default/DGP value
After parsing and validation all the values ​​an OP_CALL output should be constructed
Similar to this:
CScript scriptPubKey = CScript() << CScriptNum(VersionVM::GetEVMDefault().toRaw()) << CScriptNum(nGasLimit) << CScriptNum(nGasPrice) << ParseHex(datahex) << ParseHex(contractaddress) << OP_CALL;
Task: Make the "createrawtransaction" RPC call support callcontract
Description: Before some transactions are signed on the cold wallet, use "createrawtransaction" to create the original transaction. At the request of these exchanges, we should add:
1 -- original contract data support for "createrawtransaction" RPC calls
Currently, for the outputs parameter, "createrawtransaction" supports two types of outputs:
The first type is "address": x.xxx, which creates a standard P2PKH output
The second type is "data": "hexadecimal", creating an OP_RETURN output
We need to add:
1 -- "callcontract":
{contractAddress:"address", data:"data", amount:"amount", gasLimit:"gaslimit", gasPrice:"gasPrice"}
among them,
contractAddress: a valid contract address (valid hash 160 hex data)
Data: hexadecimal data added in OP_CALL output (should be verified as hexadecimal data, you can check if it is verified in sendtocontract)
Amount (optional): The value of output (the value in QTUM, sent with this call), should be a valid value, the default is 0
gasLimit (optional): the gas limit of the transaction (same as sendtocontract), the default is the default/DGP value
gasPrice (optional): the gas price of the transaction (same as sendtocontract), defaults to the default/DGP value
After parsing and verifying all the values, you should build an OP_CALL output.
The build method is similar to the following:
CScript scriptPubKey = CScript() << CScriptNum(VersionVM::GetEVMDefault().toRaw()) << CScriptNum(nGasLimit) << CScriptNum(nGasPrice) << ParseHex(datahex) << ParseHex(contractaddress) << OP_CALL;
Prior to the above task, the createrawtransaction RPC call was consistent with Bitcoin and could only be used to send standard transactions. Qtum extends it to compatible contract transactions. From then on, the RPC can be used to create original contract transactions for developers or exchanges.
Summary
The RPC call is the most important way to interact with the qtumd core program. It provides a call interface for getting all kinds of information on the blockchain and local. It is the basis for many applications such as wallets, browsers, and exchanges. A good RPC interface design enables developers to get more accurate information and develop more feature-rich applications. Qtum provides developers with sophisticated RPC calls, making it possible for many third-party applications, such as predicting market projects, Bodhi.
submitted by thisthingismud to Qtum [link] [comments]

Extension block proposal by Jeffrey et al | Luke Dashjr | Apr 04 2017

Luke Dashjr on Apr 04 2017:
Recently there has been some discussion of an apparent work-in-progress
extension block proposal by Christopher Jeffrey, Joseph Poon, Fedor Indutny,
and Steven Pair. Since this hasn't been formally posted on the ML yet, perhaps
it is still in pre-draft stages and not quite ready for review, but in light
of public interest, I think it is appropriate to open it to discussion, and
toward this end, I have reviewed the current revision.
For reference, the WIP proposal itself is here:
https://github.com/tothemoon-org/extension-blocks 
==Overall analysis & comparison==
This is a relatively complicated proposal, creating a lot of additional
technical debt and complexity in comparison to both BIP 141 and hardforks. It
offers no actual benefits beyond BIP 141 or hardforks, so seems irrational to
consider at face value. In fact, it fits much better the inaccurate criticisms
made by segwit detractors against BIP 141.
That being said, this proposal is very interesting in construction and is for
the most part technically sound. While ill-fit to merely making blocks larger,
it may be an ideal fit for fundamentally different block designs such as
Rootstock and MimbleWimble in absence of decentralised non-integrated
sidechains (extension blocks are fundamentally sidechains tied into Bitcoin
directly).
==Fundamental problem==
Extension blocks are a risk of creating two classes of "full nodes": those
which verify the full block (and are therefore truly full nodes), and those
which only verify the "base" block. However, because the extension is
consensus-critical, the latter are in fact not full nodes at all, and are left
insecure like pseudo-SPV (not even real SPV) nodes. This technical nature is
of course true of a softfork as well, but softforks are intentionally designed
such that all nodes are capable of trivially upgrading, and there is no
expectation for anyone to run with pre-softfork rules.
In general, hardforks can provide the same benefits of an extension block, but
without the false expectation and pointless complexity.
==Other problems & questions==
These outpoints may not be spent inside the mempool (they must be redeemed
from the next resolution txid in reality).
This breaks the ability to spend unconfirmed funds in the same block (as is
required for CPFP).
The extension block's transaction count is not cryptographically committed-to
anywhere. (This is an outstanding bug in Bitcoin today, but impractical to
exploit in practice; however, exploiting it in an extension block may not be
as impractical, and it should be fixed given the opportunity.)
The merkle root is to be calculated as a merkle tree with all extension
block txids and wtxids as the leaves.
This needs to elaborate how the merkle tree is constructed. Are all the txids
followed by all the wtxids (tx hashes)? Are they alternated? Are txid and
wtxid trees built independently and merged at the tip?
Output script code aside from witness programs, p2pkh or p2sh is considered
invalid in extension blocks.
Why? This prevents extblock users from sending to bare multisig or other
various possible destinations. (While static address forms do not exist for
other types, they can all be used by the payment protocol.)
Additionally, this forbids datacarrier (OP_RETURN), and forces spam to create
unprovably-unspendable UTXOs. Is that intentional?
The maximum extension size should be intentionally high.
This has the same "attacks can do more damage than ordinary benefit" issue as
BIP141, but even more extreme since it is planned to be used for future size
increases.
Witness key hash v0 shall be worth 1 point, multiplied by a factor of 8.
What is a "point"? What does it mean multiplied by a factor of 8? Why not just
say "8 points"?
Witness script hash v0 shall be worth the number of accurately counted
sigops in the redeem script, multiplied by a factor of 8.
Please define "accurately counted" here. Is this using BIP16 static counting,
or accurately counting sigops during execution?
To reduce the chance of having redeem scripts which simply allow for garbage
data in the witness vector, every 73 bytes in the serialized witness vector is
worth 1 additional point.
Is the size rounded up or down? If down, 72-byte scripts will carry 0
points...)
==Trivial & process==
BIPs must be in MediaWiki format, not Markdown. They should be submitted for
discussion to the bitcoin-dev mailing list, not social media and news.
Layer: Consensus (soft-fork)
Extension blocks are more of a hard-fork IMO.
License: Public Domain
BIPs may not be "public domain" due to non-recognition in some jurisdictions.
Can you agree on one or more of these?
https://github.com/bitcoin/bips/blob/mastebip-0002.mediawiki#Recommended_licenses

Abstract

This specification defines a method of increasing bitcoin transaction
throughput without altering any existing consensus rules.
This is inaccurate. Even softforks alter consensus rules.

Motivation

Bitcoin retargetting ensures that the time in between mined blocks will be
roughly 10 minutes. It is not possible to change this rule. There has been
great debate regarding other ways of increasing transaction throughput, with
no proposed consensus-layer solutions that have proven themselves to be
particularly safe.
Block time seems entirely unrelated to this spec. Motivation is unclear.
Extension blocks leverage several features of BIP141, BIP143, and BIP144 for
transaction opt-in, serialization, verification, and network services, and as
such, extension block activation entails BIP141 activation.
As stated in the next paragraph, the rules in BIP 141 are fundamentally
incompatible with this one, so saying BIP 141 is activated is confusingly
incorrect.
This specification should be considered an extension and modification to
these BIPs. Extension blocks are not compatible with BIP141 in its current
form, and will require a few minor additional rules.
Extension blocks should be compatible with BIP 141, there doesn’t appear to be
any justification for not making them compatible.
This specification prescribes a way of fooling non-upgraded nodes into
believing the existing UTXO set is still behaving as they would expect.
The UTXO set behaves fundamentally different to old nodes with this proposal,
albeit in a mostly compatible manner.
Note that canonical blocks containing entering outputs MUST contain an
extension block commitment (all zeroes if nothing is present in the extension
block).
Please explain why in Rationale.
Coinbase outputs MUST NOT contain witness programs, as they cannot be
sweeped by the resolution transaction due to previously existing consensus
rules.
Seems like an annoying technical debt. I wonder if it can be avoided.
The genesis resolution transaction MAY also include a 1-100 byte pushdata in
the first input script, allowing the miner of the genesis resolution to add a
special message. The pushdata MUST be castable to a true boolean.
Why? Unlike the coinbase, this seems to create additional technical debt with
no apparent purpose. Better to just have a consensus rule every input must be
null.
The resolution transaction's version MUST be set to the uint32 max (`232 -
1`).
Transaction versions are signed, so I assume this is actually simply -1.
(While signed transaction versions seemed silly to me, using it for special
cases like this actually makes sense.)

Exiting the extension block

Should specify that spending such an exit must use the resolution txid, not
the extblock's txid.
On the policy layer, transaction fees may be calculated by transaction cost
as well as additional size/legacy-sigops added to the canonical block due to
entering or exiting outputs.
BIPs should not specify policy at all. Perhaps prefix "For the avoidance of
doubt:" to be clear that miners may perform any fee logic they like.
Transactions within the extended transaction vector MAY include a witness
vector using BIP141 transaction serialization.
Since extblock transactions are all required to be segwit, why wouldn't this
be mandatory?
consensus rule.
Note this makes adoption slower: wallets cannot use the extblock until the
economy has updated to support segwit-native addresses.
To reduce the chance of having redeem scripts which simply allow for garbage
data in the witness vector, every 73 bytes in the serialized witness vector is
worth 1 additional point.
Please explain why 73 bytes in Rationale.
This leaves room for 7 future soft-fork upgrades to relax DoS limits.
How so? Please explain.
A consensus dust threshold is now enforced within the extension block.
Why?
If the second highest transaction version bit (30th bit) is set to to 1
within an extension block transaction, an extra 700-bytes is reserved on the
transaction space used up in the block.
Why wouldn't users set this on all transactions?
default_witness_commitment has been renamed to
default_extension_commitment and includes the extension block commitment
script.
default_witness_commitment was never part of the GBT spec. At least describe
what this new key is.
Should be just extblk if backward compatibility is supported (and !extblk
when not).
The "deactivation" deployment'...[message truncated here by reddit bot]...
original: https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-April/013981.html
submitted by dev_list_bot to bitcoin_devlist [link] [comments]

Can someone explain SegWit transaction composition?

I pulled up a transaction with one input and one output from the bitcoin wiki and decoded it here:
https://chainquery.com/bitcoin-api/getrawtransaction/5a4ebf66822b0b2d56bd9dc64ece0bc38ee7844a23ff1d7320a88c5fdb2ad3e2/1
It is my understanding that this is the smallest possible transaction in terms of bytes. Is that accurate? If not, can you provide a smaller txid?
Second question: Can someone tell me, with certainty, which parts of the transaction are moved to the extended block (ie. what is the witness data)?
Is it the vin and vout sections?
edit: nullc I see you're online now, can you comment?
submitted by i0X to Bitcoin [link] [comments]

BIP for Proof of Payment | Kalle Rosenbaum | Jun 06 2015

Kalle Rosenbaum on Jun 06 2015:
Hi
Following earlier posts on Proof of Payment I'm now proposing the following
BIP (To read it formatted instead, go to
https://github.com/kallerosenbaum/poppoc/wiki/Proof-of-Payment-BIP).
Regards,
Kalle Rosenbaum
BIP:
Title: Proof of Payment
Author: Kalle Rosenbaum <kalle at rosenbaum.se>
Status: Draft
Type: Standards Track
Created:
== Abstract ==
This BIP describes how a wallet can prove to a server that it has the
ability to sign a certain transaction.
== Motivation ==
There are several scenarios in which it would be useful to prove that you
have paid for something. For example:
any device.
this period you can upload new content to the sign whenever you like using
PoP.
PoP.
is selected among the transactions to that address. You exchange the prize
for a PoP for the winning transaction.
With Proof of Payment, these use cases can be achieved without any personal
information (user name, password, e-mail address, etc) being involved.
== Rationale ==
Desirable properties:

A PoP should be generated on demand.

It should only be usable once to avoid issues due to theft.

It should be able to create a PoP for any payment, regardless of script

type (P2SH, P2PKH, etc.).

It should prove that you have enough credentials to unlock all the inputs

of the proven transaction.

It should be easy to implement by wallets and servers to ease adoption.

Current methods of proving a payment:
the request makes some sort of proof. However, it does not meet 1, 2 or 4
and it obviously only meets 3 if the payment is made through BIP0070. Also,
there's no standard way to request/provide the proof. If standardized it
would probably meet 5.
sign the transaction. This could meet 1 and 2 but probably not 3. This is
not standardized either. 4 Could be met if designed so.
If the script type is P2SH, any satisfying script should do, just like for
a payment. For M-of-N multisig scripts, that would mean that any set of M
keys should be sufficient, not neccesarily the same set of M keys that
signed the transaction. This is important because strictly demanding the
same set of M keys would undermine the purpose of a multisig address.
== Specification ==
=== Data structure ===
A proof of payment for a transaction T, here called PoP(T), is used to
prove that one has ownership of the credentials needed to unlock all the
inputs of T. It has the exact same structure as a bitcoin transaction with
the same inputs and outputs as T and in the same order as in T. There is
also one OP_RETURN output inserted at index 0, here called the pop output.
This output must have the following format:
OP_RETURN
{|
! Field !! Size [B] !! Description
|-
| || 2 || Version, little endian, currently 0x01 0x00
|-
| || 32 || The transaction to prove
|-
| || 6 || Random data
|}
The value of the pop output is set to the same value as the transaction fee
of T. Also, if the outputs of T contains an OP_RETURN output, that output
must not be included in the PoP because there can only be one OP_RETURN
output in a transaction. The value of that OP_RETURN output is instead
added to the value of the pop output.
An illustration of the PoP data structure and its original payment is shown
below.
T
+----------------------------------------------+
|inputs | outputs |
| Value | Value Script |
+----------------------------------------------+
|input0 1 | 0 pay to A |
|input1 3 | 2 OP_RETURN |
|input2 4 | 1 pay to B |
| | 4 pay to C |
+----------------------------------------------+
PoP(T)
+----------------------------------------------------------+
|inputs | outputs |
| Value | Value Script |
+----------------------------------------------------------+
|input0 1 | 3 OP_RETURN |
|input1 3 | 0 pay to A |
|input2 4 | 1 pay to B |
| | 4 pay to C |
+----------------------------------------------------------+
The PoP is signed using the same signing process that is used for bitcoin
transactions.
The purpose of the nonce is to make it harder to use a stolen PoP; Once the
PoP has reached the server, that PoP is useless since the server will
generate a new nonce for every PoP request.
Since a PoP is indistinguishable from a bitcoin transaction, there is a
risk that it, accidently or maliciously, enters the bitcoin p2p network. If
T is still unconfirmed, or if a reorg takes place, chances are that PoP(T)
ends up in a block, invalidating T. Therefore it is important that the
outputs of the PoP are the same as in T. The zero transaction fee in PoP(T)
is to minimize the incentives for miners to select PoP(T) for inclusion.
=== Process ===

A proof of payment request is sent from the server to the wallet. The PoP

request contains:

a random nonce

a destination where to send the PoP, for example a https URL

data hinting the wallet which transaction to create a proof for. For

example:

* txid, if known by the server

* PaymentRequest.PaymentDetails.merchant_data (in case of a BIP0070

payment)

* amount, label, message or other information from a BIP0021 URL

The wallet identifies a transaction T, if possible. Otherwise it asks the

user to select among the ones that match the hints in 1.iii.

The wallet creates an unsigned PoP (UPoP) for T, and asks the user to

sign it.

The user confirms

The UPoP(T) is signed by the wallet, creating PoP(T).

The PoP is sent to the destination in 1.ii.

The server receiving the PoP validates it and responds with “valid” or

“invalid”.

The wallet displays the response in some way to the user.

'''Remarks:'''
  • The method of transferring the PoP request at step 1 is not specified
here. Instead that is specified in separate specifications. See [btcpop
scheme BIP](btcpop scheme BIP).
  • The nonce must be randomly generated by the server for every new PoP
request.
=== Validating a PoP ===
The server needs to validate the PoP and reply with "valid" or "invalid".
That process is outlined below. If any step fails, the validation is
aborted and "invalid" is returned:

Check the format of the PoP. It must pass normal transaction checks,

except that the inputs may already be spent.

Check the PoP output at index 0. It must conform to the OP_RETURN output

format outlined above.

Check that the rest of the outputs exactly corresponds to the outputs of

T and that they appear in the same order as in T. An exception to this is
that any OP_RETURN outputs of T must not be included in the PoP. All output
value from the OP_RETURN must instead be included in the PoP output.

Check that the nonce is the same as the one you requested.

Check that the inputs of the PoP are exactly the same as in transaction

T, and in the same order.

Check the scripts of all the inputs, as would be done on a normal

transaction.

Check that the txid in the PoP output is the transaction you actually

want proof for. If you don’t know exactly what transaction you want proof
for, check that the transaction actually pays for the product/service you
deliver.

Return "valid".

== Security considerations ==
  • Someone can intercept the PoP-request and change the PoP destination so
that the user sends the PoP to the bad actor.
  • Someone can intercept the PoP-request and change for example the txid to
trick the user to sign a PoP for another transaction than the intended.
This can of course be avoided if the user is actually looking at the UPoP
before signing it. The bad actor could also set hints for a transaction,
existing or not, that the user didn’t make, resulting in a broken service.
  • Someone can steal a PoP and try to use the service hoping to get a
matching nonce. Probability per try: 1/(248). The server should have a
mechanism for detecting a brute force attack of this kind, or at least slow
down the process by delaying the PoP request by some 100 ms or so.
  • Even if a wallet has no funds it might still be valuable as a generator
for PoPs. This makes it important to keep the security of the wallet after
it has been emptied.
  • Transaction malleability may cause the server to have another transaction
id than the wallet for the payment. In that case the wallet will not be
able to prove the transaction for the server. Wallets should not rely on
the transaction id of the outgoing transaction. Instead it should listen
for the transaction on the network and put that in its list of transactions.
The first two issues are the same attack vector as for traditional, ie
BIP0021, bitcoin payments. They could be mitigated by using secure
connections.
== Reference implementation ==
[https://github.com/kallerosenbaum/poppoc poppoc on GitHub]
[https://github.com/kallerosenbaum/wallet Mycelium fork on GitHub]
== References ==
[https://github.com/bitcoin/bips/blob/mastebip-0021.mediawiki BIP0021]:
URI Scheme
[https://github.com/bitcoin/bips/blob/mastebip-0070.mediawiki BIP0070]:
Payment Protocol
[[btcpop scheme BIP]]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20150606/3aae1db3/attachment.html>
original: http://lists.linuxfoundation.org/pipermail/bitcoin-dev/2015-June/008498.html
submitted by bitcoin-devlist-bot to bitcoin_devlist [link] [comments]

Instead of finger-pointing how about we clearly explain to devs how to work-around the bug.

I understand the bug (and just because it has existed for years doesn't preclude it from this characterization.) That said, what is the recommended way to address it in wallet service software built off of bitcoind where bitcoind is only being used for key management and transaction notification? (I think the explanation to this more specific question would also adequately inform the preferred handling for "non-canonical" implementations.)
1) My instincts are to record the txid at the time of send (as would anyone's -- and apparently was Gox's.) I should keep this in my own set of unconfirmed sends.
2) Listen for -walletnotify messages for all of my users' public addresses.
3) When I'm notified a txn involving one of my users becomes confirmed I should cross-check it with the set of unconfirmed sends I'm tracking. If I see the inputs/outputs are identical but the hash has mutated I can re-associate the txid in my database with the one that has been accepted into a block.
Edit: This solution assumes you aren't spending unconfirmed outputs.
Does this work? If not, then what should I do differently?
Note: I fully intend to add the accepted solution to the wiki here where it would be most helpful for other developers.
submitted by andyd00d to Bitcoin [link] [comments]

Short review of previously-proposed exotic SIGHASH types | Bryan Bishop | Aug 30 2015

Bryan Bishop on Aug 30 2015:
Here is a short review of previously-proposed and exotic SIGHASH types.
SIGHASH_MULTIPLE
SIGHASH_LIST:
https://bitcointalk.org/index.php?topic=252960.0
https://bitcointalk.org/index.php?topic=212555.0
SIGHASH_MULTIPLE
SIGHASH_WITHINPUTVALUE:
https://bitcointalk.org/index.php?topic=191003.0
SIGHASH_WITHINPUTVALUE:
http://lists.linuxfoundation.org/pipermail/bitcoin-dev/2015-January/007185.html
SIGHASH_NOINPUT:
https://github.com/Roasbeef/bitcoin/commit/4b3c3f1baf7985208ceb6887261ee150ab6e3328
https://github.com/Roasbeef/btcd/commit/67830e506fa135d5239177340918cea39909e6a4
http://lightning.network/lightning-network-paper.pdf
SIGHASH_NORMALIZED
SIGHASH_NOINPUT:
http://diyhpl.us/wiki/transcripts/sf-bitcoin-meetup/2015-02-23-scaling-bitcoin-to-billions-of-transactions-per-day/
SIGHASH_WITHOUT_PREV_SCRIPTPUBKEY
SIGHASH_WITHOUT_PREV_VALUE
SIGHASH_WITHOUT_INPUT_TXID
SIGHASH_WITHOUT_INPUT_INDEX
SIGHASH_WITHOUT_INPUT_SEQUENCE
SIGHASH_WITHOUT_OUTPUT_SCRIPTPUBKEY
SIGHASH_WITHOUT_OUTPUT_VALUE
SIGHASH_WITHOUT_INPUTS
SIGHASH_WITHOUT_OUTPUTS
SIGHASH_WITHOUT_INPUT_SELF
SIGHASH_WITHOUT_OUTPUT_SELF
SIGHASH_WITHOUT_TX_VERSION
SIGHASH_WITHOUT_TX_LOCKTIME
SIGHASH_SIGN_STACK_ELEMENT:
https://github.com/scmorse/bitcoin-misc/blob/mastesighash_proposal.md
Similarly, petertodd has asked for a SIGHASH_DONT_SIGN_TXID before to
make OP_CODESEPARATOR more useful.
SIGHASH_DANGEROUSLYPROMISCUOUS:
http://gnusha.org/bitcoin-wizards/2015-04-17.log
SIGHASH_DOUBLE:
06:41 < lorenzoasr> maybe a SIGHASH_DOUBLE that signs INPUT[i] and
OUTPUT[i] and OUTPUT[i+1] could be very helpful
Some sighash types briefly proposed by petertodd in #bitcoin-dev:
SIGHASH_NLOCKTIMEVERIFY
SIGHASH_SUM (for merging multiple payments)
And finally one from wumpus (#bitcoin-dev):
SIGHASH_UNICORN
http://heybryan.org/
1 512 203 0507
original: http://lists.linuxfoundation.org/pipermail/bitcoin-dev/2015-August/010759.html
submitted by bitcoin-devlist-bot to bitcoin_devlist [link] [comments]

Bitcoin Core 0.10.0 released | Wladimir | Feb 16 2015

Wladimir on Feb 16 2015:
Bitcoin Core version 0.10.0 is now available from:
https://bitcoin.org/bin/0.10.0/
This is a new major version release, bringing both new features and
bug fixes.
Please report bugs using the issue tracker at github:
https://github.com/bitcoin/bitcoin/issues
The whole distribution is also available as torrent:
https://bitcoin.org/bin/0.10.0/bitcoin-0.10.0.torrent
magnet:?xt=urn:btih:170c61fe09dafecfbb97cb4dccd32173383f4e68&dn;=0.10.0&tr;=udp%3A%2F%2Ftracker.openbittorrent.com%3A80%2Fannounce&tr;=udp%3A%2F%2Ftracker.publicbt.com%3A80%2Fannounce&tr;=udp%3A%2F%2Ftracker.ccc.de%3A80%2Fannounce&tr;=udp%3A%2F%2Ftracker.coppersurfer.tk%3A6969&tr;=udp%3A%2F%2Fopen.demonii.com%3A1337&ws;=https%3A%2F%2Fbitcoin.org%2Fbin%2F
Upgrading and downgrading

How to Upgrade
If you are running an older version, shut it down. Wait until it has completely
shut down (which might take a few minutes for older versions), then run the
installer (on Windows) or just copy over /Applications/Bitcoin-Qt (on Mac) or
bitcoind/bitcoin-qt (on Linux).
Downgrading warning
Because release 0.10.0 makes use of headers-first synchronization and parallel
block download (see further), the block files and databases are not
backwards-compatible with older versions of Bitcoin Core or other software:
  • Blocks will be stored on disk out of order (in the order they are
received, really), which makes it incompatible with some tools or
other programs. Reindexing using earlier versions will also not work
anymore as a result of this.
  • The block index database will now hold headers for which no block is
stored on disk, which earlier versions won't support.
If you want to be able to downgrade smoothly, make a backup of your entire data
directory. Without this your node will need start syncing (or importing from
bootstrap.dat) anew afterwards. It is possible that the data from a completely
synchronised 0.10 node may be usable in older versions as-is, but this is not
supported and may break as soon as the older version attempts to reindex.
This does not affect wallet forward or backward compatibility.
Notable changes

Faster synchronization
Bitcoin Core now uses 'headers-first synchronization'. This means that we first
ask peers for block headers (a total of 27 megabytes, as of December 2014) and
validate those. In a second stage, when the headers have been discovered, we
download the blocks. However, as we already know about the whole chain in
advance, the blocks can be downloaded in parallel from all available peers.
In practice, this means a much faster and more robust synchronization. On
recent hardware with a decent network link, it can be as little as 3 hours
for an initial full synchronization. You may notice a slower progress in the
very first few minutes, when headers are still being fetched and verified, but
it should gain speed afterwards.
A few RPCs were added/updated as a result of this:
  • getblockchaininfo now returns the number of validated headers in addition to
the number of validated blocks.
  • getpeerinfo lists both the number of blocks and headers we know we have in
common with each peer. While synchronizing, the heights of the blocks that we
have requested from peers (but haven't received yet) are also listed as
'inflight'.
  • A new RPC getchaintips lists all known branches of the block chain,
including those we only have headers for.
Transaction fee changes
This release automatically estimates how high a transaction fee (or how
high a priority) transactions require to be confirmed quickly. The default
settings will create transactions that confirm quickly; see the new
'txconfirmtarget' setting to control the tradeoff between fees and
confirmation times. Fees are added by default unless the 'sendfreetransactions'
setting is enabled.
Prior releases used hard-coded fees (and priorities), and would
sometimes create transactions that took a very long time to confirm.
Statistics used to estimate fees and priorities are saved in the
data directory in the fee_estimates.dat file just before
program shutdown, and are read in at startup.
New command line options for transaction fee changes:
  • -txconfirmtarget=n : create transactions that have enough fees (or priority)
so they are likely to begin confirmation within n blocks (default: 1). This setting
is over-ridden by the -paytxfee option.
  • -sendfreetransactions : Send transactions as zero-fee transactions if possible
(default: 0)
New RPC commands for fee estimation:
  • estimatefee nblocks : Returns approximate fee-per-1,000-bytes needed for
a transaction to begin confirmation within nblocks. Returns -1 if not enough
transactions have been observed to compute a good estimate.
  • estimatepriority nblocks : Returns approximate priority needed for
a zero-fee transaction to begin confirmation within nblocks. Returns -1 if not
enough free transactions have been observed to compute a good
estimate.
RPC access control changes
Subnet matching for the purpose of access control is now done
by matching the binary network address, instead of with string wildcard matching.
For the user this means that -rpcallowip takes a subnet specification, which can be
  • a single IP address (e.g. 1.2.3.4 or fe80::0012:3456:789a:bcde)
  • a network/CIDR (e.g. 1.2.3.0/24 or fe80::0000/64)
  • a network/netmask (e.g. 1.2.3.4/255.255.255.0 or fe80::0012:3456:789a:bcde/ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff)
An arbitrary number of -rpcallow arguments can be given. An incoming connection will be accepted if its origin address
matches one of them.
For example:
| 0.9.x and before | 0.10.x |
|--------------------------------------------|---------------------------------------|
| -rpcallowip=192.168.1.1 | -rpcallowip=192.168.1.1 (unchanged) |
| -rpcallowip=192.168.1.* | -rpcallowip=192.168.1.0/24 |
| -rpcallowip=192.168.* | -rpcallowip=192.168.0.0/16 |
| -rpcallowip=* (dangerous!) | -rpcallowip=::/0 (still dangerous!) |
Using wildcards will result in the rule being rejected with the following error in debug.log:
 Error: Invalid -rpcallowip subnet specification: *. Valid are a single IP (e.g. 1.2.3.4), a network/netmask (e.g. 1.2.3.4/255.255.255.0) or a network/CIDR (e.g. 1.2.3.4/24). 
REST interface
A new HTTP API is exposed when running with the -rest flag, which allows
unauthenticated access to public node data.
It is served on the same port as RPC, but does not need a password, and uses
plain HTTP instead of JSON-RPC.
Assuming a local RPC server running on port 8332, it is possible to request:
In every case, EXT can be bin (for raw binary data), hex (for hex-encoded
binary) or json.
For more details, see the doc/REST-interface.md document in the repository.
RPC Server "Warm-Up" Mode
The RPC server is started earlier now, before most of the expensive
intialisations like loading the block index. It is available now almost
immediately after starting the process. However, until all initialisations
are done, it always returns an immediate error with code -28 to all calls.
This new behaviour can be useful for clients to know that a server is already
started and will be available soon (for instance, so that they do not
have to start it themselves).
Improved signing security
For 0.10 the security of signing against unusual attacks has been
improved by making the signatures constant time and deterministic.
This change is a result of switching signing to use libsecp256k1
instead of OpenSSL. Libsecp256k1 is a cryptographic library
optimized for the curve Bitcoin uses which was created by Bitcoin
Core developer Pieter Wuille.
There exist attacks[1] against most ECC implementations where an
attacker on shared virtual machine hardware could extract a private
key if they could cause a target to sign using the same key hundreds
of times. While using shared hosts and reusing keys are inadvisable
for other reasons, it's a better practice to avoid the exposure.
OpenSSL has code in their source repository for derandomization
and reduction in timing leaks that we've eagerly wanted to use for a
long time, but this functionality has still not made its
way into a released version of OpenSSL. Libsecp256k1 achieves
significantly stronger protection: As far as we're aware this is
the only deployed implementation of constant time signing for
the curve Bitcoin uses and we have reason to believe that
libsecp256k1 is better tested and more thoroughly reviewed
than the implementation in OpenSSL.
[1] https://eprint.iacr.org/2014/161.pdf
Watch-only wallet support
The wallet can now track transactions to and from wallets for which you know
all addresses (or scripts), even without the private keys.
This can be used to track payments without needing the private keys online on a
possibly vulnerable system. In addition, it can help for (manual) construction
of multisig transactions where you are only one of the signers.
One new RPC, importaddress, is added which functions similarly to
importprivkey, but instead takes an address or script (in hexadecimal) as
argument. After using it, outputs credited to this address or script are
considered to be received, and transactions consuming these outputs will be
considered to be sent.
The following RPCs have optional support for watch-only:
getbalance, listreceivedbyaddress, listreceivedbyaccount,
listtransactions, listaccounts, listsinceblock, gettransaction. See the
RPC documentation for those methods for more information.
Compared to using getrawtransaction, this mechanism does not require
-txindex, scales better, integrates better with the wallet, and is compatible
with future block chain pruning functionality. It does mean that all relevant
addresses need to added to the wallet before the payment, though.
Consensus library
Starting from 0.10.0, the Bitcoin Core distribution includes a consensus library.
The purpose of this library is to make the verification functionality that is
critical to Bitcoin's consensus available to other applications, e.g. to language
bindings such as [python-bitcoinlib](https://pypi.python.org/pypi/python-bitcoinlib) or
alternative node implementations.
This library is called libbitcoinconsensus.so (or, .dll for Windows).
Its interface is defined in the C header [bitcoinconsensus.h](https://github.com/bitcoin/bitcoin/blob/0.10/src/script/bitcoinconsensus.h).
In its initial version the API includes two functions:
  • bitcoinconsensus_verify_script verifies a script. It returns whether the indicated input of the provided serialized transaction
correctly spends the passed scriptPubKey under additional constraints indicated by flags
  • bitcoinconsensus_version returns the API version, currently at an experimental 0
The functionality is planned to be extended to e.g. UTXO management in upcoming releases, but the interface
for existing methods should remain stable.
Standard script rules relaxed for P2SH addresses
The IsStandard() rules have been almost completely removed for P2SH
redemption scripts, allowing applications to make use of any valid
script type, such as "n-of-m OR y", hash-locked oracle addresses, etc.
While the Bitcoin protocol has always supported these types of script,
actually using them on mainnet has been previously inconvenient as
standard Bitcoin Core nodes wouldn't relay them to miners, nor would
most miners include them in blocks they mined.
bitcoin-tx
It has been observed that many of the RPC functions offered by bitcoind are
"pure functions", and operate independently of the bitcoind wallet. This
included many of the RPC "raw transaction" API functions, such as
createrawtransaction.
bitcoin-tx is a newly introduced command line utility designed to enable easy
manipulation of bitcoin transactions. A summary of its operation may be
obtained via "bitcoin-tx --help" Transactions may be created or signed in a
manner similar to the RPC raw tx API. Transactions may be updated, deleting
inputs or outputs, or appending new inputs and outputs. Custom scripts may be
easily composed using a simple text notation, borrowed from the bitcoin test
suite.
This tool may be used for experimenting with new transaction types, signing
multi-party transactions, and many other uses. Long term, the goal is to
deprecate and remove "pure function" RPC API calls, as those do not require a
server round-trip to execute.
Other utilities "bitcoin-key" and "bitcoin-script" have been proposed, making
key and script operations easily accessible via command line.
Mining and relay policy enhancements
Bitcoin Core's block templates are now for version 3 blocks only, and any mining
software relying on its getblocktemplate must be updated in parallel to use
libblkmaker either version 0.4.2 or any version from 0.5.1 onward.
If you are solo mining, this will affect you the moment you upgrade Bitcoin
Core, which must be done prior to BIP66 achieving its 951/1001 status.
If you are mining with the stratum mining protocol: this does not affect you.
If you are mining with the getblocktemplate protocol to a pool: this will affect
you at the pool operator's discretion, which must be no later than BIP66
achieving its 951/1001 status.
The prioritisetransaction RPC method has been added to enable miners to
manipulate the priority of transactions on an individual basis.
Bitcoin Core now supports BIP 22 long polling, so mining software can be
notified immediately of new templates rather than having to poll periodically.
Support for BIP 23 block proposals is now available in Bitcoin Core's
getblocktemplate method. This enables miners to check the basic validity of
their next block before expending work on it, reducing risks of accidental
hardforks or mining invalid blocks.
Two new options to control mining policy:
  • -datacarrier=0/1 : Relay and mine "data carrier" (OP_RETURN) transactions
if this is 1.
  • -datacarriersize=n : Maximum size, in bytes, we consider acceptable for
"data carrier" outputs.
The relay policy has changed to more properly implement the desired behavior of not
relaying free (or very low fee) transactions unless they have a priority above the
AllowFreeThreshold(), in which case they are relayed subject to the rate limiter.
BIP 66: strict DER encoding for signatures
Bitcoin Core 0.10 implements BIP 66, which introduces block version 3, and a new
consensus rule, which prohibits non-DER signatures. Such transactions have been
non-standard since Bitcoin v0.8.0 (released in February 2013), but were
technically still permitted inside blocks.
This change breaks the dependency on OpenSSL's signature parsing, and is
required if implementations would want to remove all of OpenSSL from the
consensus code.
The same miner-voting mechanism as in BIP 34 is used: when 751 out of a
sequence of 1001 blocks have version number 3 or higher, the new consensus
rule becomes active for those blocks. When 951 out of a sequence of 1001
blocks have version number 3 or higher, it becomes mandatory for all blocks.
Backward compatibility with current mining software is NOT provided, thus miners
should read the first paragraph of "Mining and relay policy enhancements" above.
0.10.0 Change log

Detailed release notes follow. This overview includes changes that affect external
behavior, not code moves, refactors or string updates.
RPC:
  • f923c07 Support IPv6 lookup in bitcoin-cli even when IPv6 only bound on localhost
  • b641c9c Fix addnode "onetry": Connect with OpenNetworkConnection
  • 171ca77 estimatefee / estimatepriority RPC methods
  • b750cf1 Remove cli functionality from bitcoind
  • f6984e8 Add "chain" to getmininginfo, improve help in getblockchaininfo
  • 99ddc6c Add nLocalServices info to RPC getinfo
  • cf0c47b Remove getwork() RPC call
  • 2a72d45 prioritisetransaction
  • e44fea5 Add an option -datacarrier to allow users to disable relaying/mining data carrier transactions
  • 2ec5a3d Prevent easy RPC memory exhaustion attack
  • d4640d7 Added argument to getbalance to include watchonly addresses and fixed errors in balance calculation
  • 83f3543 Added argument to listaccounts to include watchonly addresses
  • 952877e Showing 'involvesWatchonly' property for transactions returned by 'listtransactions' and 'listsinceblock'. It is only appended when the transaction involves a watchonly address
  • d7d5d23 Added argument to listtransactions and listsinceblock to include watchonly addresses
  • f87ba3d added includeWatchonly argument to 'gettransaction' because it affects balance calculation
  • 0fa2f88 added includedWatchonly argument to listreceivedbyaddress/...account
  • 6c37f7f getrawchangeaddress: fail when keypool exhausted and wallet locked
  • ff6a7af getblocktemplate: longpolling support
  • c4a321f Add peerid to getpeerinfo to allow correlation with the logs
  • 1b4568c Add vout to ListTransactions output
  • b33bd7a Implement "getchaintips" RPC command to monitor blockchain forks
  • 733177e Remove size limit in RPC client, keep it in server
  • 6b5b7cb Categorize rpc help overview
  • 6f2c26a Closely track mempool byte total. Add "getmempoolinfo" RPC
  • aa82795 Add detailed network info to getnetworkinfo RPC
  • 01094bd Don't reveal whether password is <20 or >20 characters in RPC
  • 57153d4 rpc: Compute number of confirmations of a block from block height
  • ff36cbe getnetworkinfo: export local node's client sub-version string
  • d14d7de SanitizeString: allow '(' and ')'
  • 31d6390 Fixed setaccount accepting foreign address
  • b5ec5fe update getnetworkinfo help with subversion
  • ad6e601 RPC additions after headers-first
  • 33dfbf5 rpc: Fix leveldb iterator leak, and flush before gettxoutsetinfo
  • 2aa6329 Enable customising node policy for datacarrier data size with a -datacarriersize option
  • f877aaa submitblock: Use a temporary CValidationState to determine accurately the outcome of ProcessBlock
  • e69a587 submitblock: Support for returning specific rejection reasons
  • af82884 Add "warmup mode" for RPC server
  • e2655e0 Add unauthenticated HTTP REST interface to public blockchain data
  • 683dc40 Disable SSLv3 (in favor of TLS) for the RPC client and server
  • 44b4c0d signrawtransaction: validate private key
  • 9765a50 Implement BIP 23 Block Proposal
  • f9de17e Add warning comment to getinfo
Command-line options:
  • ee21912 Use netmasks instead of wildcards for IP address matching
  • deb3572 Add -rpcbind option to allow binding RPC port on a specific interface
  • 96b733e Add -version option to get just the version
  • 1569353 Add -stopafterblockimport option
  • 77cbd46 Let -zapwallettxes recover transaction meta data
  • 1c750db remove -tor compatibility code (only allow -onion)
  • 4aaa017 rework help messages for fee-related options
  • 4278b1d Clarify error message when invalid -rpcallowip
  • 6b407e4 -datadir is now allowed in config files
  • bdd5b58 Add option -sysperms to disable 077 umask (create new files with system default umask)
  • cbe39a3 Add "bitcoin-tx" command line utility and supporting modules
  • dbca89b Trigger -alertnotify if network is upgrading without you
  • ad96e7c Make -reindex cope with out-of-order blocks
  • 16d5194 Skip reindexed blocks individually
  • ec01243 --tracerpc option for regression tests
  • f654f00 Change -genproclimit default to 1
  • 3c77714 Make -proxy set all network types, avoiding a connect leak
  • 57be955 Remove -printblock, -printblocktree, and -printblockindex
  • ad3d208 remove -maxorphanblocks config parameter since it is no longer functional
Block and transaction handling:
  • 7a0e84d ProcessGetData(): abort if a block file is missing from disk
  • 8c93bf4 LoadBlockIndexDB(): Require block db reindex if any blk*.dat files are missing
  • 77339e5 Get rid of the static chainMostWork (optimization)
  • 4e0eed8 Allow ActivateBestChain to release its lock on cs_main
  • 18e7216 Push cs_mains down in ProcessBlock
  • fa126ef Avoid undefined behavior using CFlatData in CScript serialization
  • 7f3b4e9 Relax IsStandard rules for pay-to-script-hash transactions
  • c9a0918 Add a skiplist to the CBlockIndex structure
  • bc42503 Use unordered_map for CCoinsViewCache with salted hash (optimization)
  • d4d3fbd Do not flush the cache after every block outside of IBD (optimization)
  • ad08d0b Bugfix: make CCoinsViewMemPool support pruned entries in underlying cache
  • 5734d4d Only remove actualy failed blocks from setBlockIndexValid
  • d70bc52 Rework block processing benchmark code
  • 714a3e6 Only keep setBlockIndexValid entries that are possible improvements
  • ea100c7 Reduce maximum coinscache size during verification (reduce memory usage)
  • 4fad8e6 Reject transactions with excessive numbers of sigops
  • b0875eb Allow BatchWrite to destroy its input, reducing copying (optimization)
  • 92bb6f2 Bypass reloading blocks from disk (optimization)
  • 2e28031 Perform CVerifyDB on pcoinsdbview instead of pcoinsTip (reduce memory usage)
  • ab15b2e Avoid copying undo data (optimization)
  • 341735e Headers-first synchronization
  • afc32c5 Fix rebuild-chainstate feature and improve its performance
  • e11b2ce Fix large reorgs
  • ed6d1a2 Keep information about all block files in memory
  • a48f2d6 Abstract context-dependent block checking from acceptance
  • 7e615f5 Fixed mempool sync after sending a transaction
  • 51ce901 Improve chainstate/blockindex disk writing policy
  • a206950 Introduce separate flushing modes
  • 9ec75c5 Add a locking mechanism to IsInitialBlockDownload to ensure it never goes from false to true
  • 868d041 Remove coinbase-dependant transactions during reorg
  • 723d12c Remove txn which are invalidated by coinbase maturity during reorg
  • 0cb8763 Check against MANDATORY flags prior to accepting to mempool
  • 8446262 Reject headers that build on an invalid parent
  • 008138c Bugfix: only track UTXO modification after lookup
P2P protocol and network code:
  • f80cffa Do not trigger a DoS ban if SCRIPT_VERIFY_NULLDUMMY fails
  • c30329a Add testnet DNS seed of Alex Kotenko
  • 45a4baf Add testnet DNS seed of Andreas Schildbach
  • f1920e8 Ping automatically every 2 minutes (unconditionally)
  • 806fd19 Allocate receive buffers in on the fly
  • 6ecf3ed Display unknown commands received
  • aa81564 Track peers' available blocks
  • caf6150 Use async name resolving to improve net thread responsiveness
  • 9f4da19 Use pong receive time rather than processing time
  • 0127a9b remove SOCKS4 support from core and GUI, use SOCKS5
  • 40f5cb8 Send rejects and apply DoS scoring for errors in direct block validation
  • dc942e6 Introduce whitelisted peers
  • c994d2e prevent SOCKET leak in BindListenPort()
  • a60120e Add built-in seeds for .onion
  • 60dc8e4 Allow -onlynet=onion to be used
  • 3a56de7 addrman: Do not propagate obviously poor addresses onto the network
  • 6050ab6 netbase: Make SOCKS5 negotiation interruptible
  • 604ee2a Remove tx from AlreadyAskedFor list once we receive it, not when we process it
  • efad808 Avoid reject message feedback loops
  • 71697f9 Separate protocol versioning from clientversion
  • 20a5f61 Don't relay alerts to peers before version negotiation
  • b4ee0bd Introduce preferred download peers
  • 845c86d Do not use third party services for IP detection
  • 12a49ca Limit the number of new addressses to accumulate
  • 35e408f Regard connection failures as attempt for addrman
  • a3a7317 Introduce 10 minute block download timeout
  • 3022e7d Require sufficent priority for relay of free transactions
  • 58fda4d Update seed IPs, based on bitcoin.sipa.be crawler data
  • 18021d0 Remove bitnodes.io from dnsseeds.
Validation:
  • 6fd7ef2 Also switch the (unused) verification code to low-s instead of even-s
  • 584a358 Do merkle root and txid duplicates check simultaneously
  • 217a5c9 When transaction outputs exceed inputs, show the offending amounts so as to aid debugging
  • f74fc9b Print input index when signature validation fails, to aid debugging
  • 6fd59ee script.h: set_vch() should shift a >32 bit value
  • d752ba8 Add SCRIPT_VERIFY_SIGPUSHONLY (BIP62 rule 2) (test only)
  • 698c6ab Add SCRIPT_VERIFY_MINIMALDATA (BIP62 rules 3 and 4) (test only)
  • ab9edbd script: create sane error return codes for script validation and remove logging
  • 219a147 script: check ScriptError values in script tests
  • 0391423 Discourage NOPs reserved for soft-fork upgrades
  • 98b135f Make STRICTENC invalid pubkeys fail the script rather than the opcode
  • 307f7d4 Report script evaluation failures in log and reject messages
  • ace39db consensus: guard against openssl's new strict DER checks
  • 12b7c44 Improve robustness of DER recoding code
  • 76ce5c8 fail immediately on an empty signature
Build system:
  • f25e3ad Fix build in OS X 10.9
  • 65e8ba4 build: Switch to non-recursive make
  • 460b32d build: fix broken boost chrono check on some platforms
  • 9ce0774 build: Fix windows configure when using --with-qt-libdir
  • ea96475 build: Add mention of --disable-wallet to bdb48 error messages
  • 1dec09b depends: add shared dependency builder
  • c101c76 build: Add --with-utils (bitcoin-cli and bitcoin-tx, default=yes). Help string consistency tweaks. Target sanity check fix
  • e432a5f build: add option for reducing exports (v2)
  • 6134b43 Fixing condition 'sabotaging' MSVC build
  • af0bd5e osx: fix signing to make Gatekeeper happy (again)
  • a7d1f03 build: fix dynamic boost check when --with-boost= is used
  • d5fd094 build: fix qt test build when libprotobuf is in a non-standard path
  • 2cf5f16 Add libbitcoinconsensus library
  • 914868a build: add a deterministic dmg signer
  • 2d375fe depends: bump openssl to 1.0.1k
  • b7a4ecc Build: Only check for boost when building code that requires it
Wallet:
  • b33d1f5 Use fee/priority estimates in wallet CreateTransaction
  • 4b7b1bb Sanity checks for estimates
  • c898846 Add support for watch-only addresses
  • d5087d1 Use script matching rather than destination matching for watch-only
  • d88af56 Fee fixes
  • a35b55b Dont run full check every time we decrypt wallet
  • 3a7c348 Fix make_change to not create half-satoshis
  • f606bb9 fix a possible memory leak in CWalletDB::Recover
  • 870da77 fix possible memory leaks in CWallet::EncryptWallet
  • ccca27a Watch-only fixes
  • 9b1627d [Wallet] Reduce minTxFee for transaction creation to 1000 satoshis
  • a53fd41 Deterministic signing
  • 15ad0b5 Apply AreSane() checks to the fees from the network
  • 11855c1 Enforce minRelayTxFee on wallet created tx and add a maxtxfee option
GUI:
  • c21c74b osx: Fix missing dock menu with qt5
  • b90711c Fix Transaction details shows wrong To:
  • 516053c Make links in 'About Bitcoin Core' clickable
  • bdc83e8 Ensure payment request network matches client network
  • 65f78a1 Add GUI view of peer information
  • 06a91d9 VerifyDB progress reporting
  • fe6bff2 Add BerkeleyDB version info to RPCConsole
  • b917555 PeerTableModel: Fix potential deadlock. #4296
  • dff0e3b Improve rpc console history behavior
  • 95a9383 Remove CENT-fee-rule from coin control completely
  • 56b07d2 Allow setting listen via GUI
  • d95ba75 Log messages with type>QtDebugMsg as non-debug
  • 8969828 New status bar Unit Display Control and related changes
  • 674c070 seed OpenSSL PNRG with Windows event data
  • 509f926 Payment request parsing on startup now only changes network if a valid network name is specified
  • acd432b Prevent balloon-spam after rescan
  • 7007402 Implement SI-style (thin space) thoudands separator
  • 91cce17 Use fixed-point arithmetic in amount spinbox
  • bdba2dd Remove an obscure option no-one cares about
  • bd0aa10 Replace the temporary file hack currently used to change Bitcoin-Qt's dock icon (OS X) with a buffer-based solution
  • 94e1b9e Re-work overviewpage UI
  • 8bfdc9a Better looking trayicon
  • b197bf3 disable tray interactions when client model set to 0
  • 1c5f0af Add column Watch-only to transactions list
  • 21f139b Fix tablet crash. closes #4854
  • e84843c Broken addresses on command line no longer trigger testnet
  • a49f11d Change splash screen to normal window
  • 1f9be98 Disable App Nap on OSX 10.9+
  • 27c3e91 Add proxy to options overridden if necessary
  • 4bd1185 Allow "emergency" shutdown during startup
  • d52f072 Don't show wallet options in the preferences menu when running with -disablewallet
  • 6093aa1 Qt: QProgressBar CPU-Issue workaround
  • 0ed9675 [Wallet] Add global boolean whether to send free transactions (default=true)
  • ed3e5e4 [Wallet] Add global boolean whether to pay at least the custom fee (default=true)
  • e7876b2 [Wallet] Prevent user from paying a non-sense fee
  • c1c9d5b Add Smartfee to GUI
  • e0a25c5 Make askpassphrase dialog behave more sanely
  • 94b362d On close of splashscreen interrupt verifyDB
  • b790d13 English translation update
  • 8543b0d Correct tooltip on address book page
Tests:
  • b41e594 Fix script test handling of empty scripts
  • d3a33fc Test CHECKMULTISIG with m == 0 and n == 0
  • 29c1749 Let tx (in)valid tests use any SCRIPT_VERIFY flag
  • 6380180 Add rejection of non-null CHECKMULTISIG dummy values
  • 21bf3d2 Add tests for BoostAsioToCNetAddr
  • b5ad5e7 Add Python test for -rpcbind and -rpcallowip
  • 9ec0306 Add CODESEPARATOFindAndDelete() tests
  • 75ebced Added many rpc wallet tests
  • 0193fb8 Allow multiple regression tests to run at once
  • 92a6220 Hook up sanity checks
  • 3820e01 Extend and move all crypto tests to crypto_tests.cpp
  • 3f9a019 added list/get received by address/ account tests
  • a90689f Remove timing-based signature cache unit test
  • 236982c Add skiplist unit tests
  • f4b00be Add CChain::GetLocator() unit test
  • b45a6e8 Add test for getblocktemplate longpolling
  • cdf305e Set -discover=0 in regtest framework
  • ed02282 additional test for OP_SIZE in script_valid.json
  • 0072d98 script tests: BOOLAND, BOOLOR decode to integer
  • 833ff16 script tests: values that overflow to 0 are true
  • 4cac5db script tests: value with trailing 0x00 is true
  • 89101c6 script test: test case for 5-byte bools
  • d2d9dc0 script tests: add tests for CHECKMULTISIG limits
  • d789386 Add "it works" test for bitcoin-tx
  • df4d61e Add bitcoin-tx tests
  • aa41ac2 Test IsPushOnly() with invalid push
  • 6022b5d Make script_{valid,invalid}.json validation flags configurable
  • 8138cbe Add automatic script test generation, and actual checksig tests
  • ed27e53 Add coins_tests with a large randomized CCoinViewCache test
  • 9df9cf5 Make SCRIPT_VERIFY_STRICTENC compatible with BIP62
  • dcb9846 Extend getchaintips RPC test
  • 554147a Ensure MINIMALDATA invalid tests can only fail one way
  • dfeec18 Test every numeric-accepting opcode for correct handling of the numeric minimal encoding rule
  • 2b62e17 Clearly separate PUSHDATA and numeric argument MINIMALDATA tests
  • 16d78bd Add valid invert of invalid every numeric opcode tests
  • f635269 tests: enable alertnotify test for Windows
  • 7a41614 tests: allow rpc-tests to get filenames for bitcoind and bitcoin-cli from the environment
  • 5122ea7 tests: fix forknotify.py on windows
  • fa7f8cd tests: remove old pull-tester scripts
  • 7667850 tests: replace the old (unused since Travis) tests with new rpc test scripts
  • f4e0aef Do signature-s negation inside the tests
  • 1837987 Optimize -regtest setgenerate block generation
  • 2db4c8a Fix node ranges in the test framework
  • a8b2ce5 regression test only setmocktime RPC call
  • daf03e7 RPC tests: create initial chain with specific timestamps
  • 8656dbb Port/fix txnmall.sh regression test
  • ca81587 Test the exact order of CHECKMULTISIG sig/pubkey evaluation
  • 7357893 Prioritize and display -testsafemode status in UI
  • f321d6b Add key generation/verification to ECC sanity check
  • 132ea9b miner_tests: Disable checkpoints so they don't fail the subsidy-change test
  • bc6cb41 QA RPC tests: Add tests block block proposals
  • f67a9ce Use deterministically generated script tests
  • 11d7a7d [RPC] add rpc-test for http keep-alive (persistent connections)
  • 34318d7 RPC-test based on invalidateblock for mempool coinbase spends
  • 76ec867 Use actually valid transactions for script tests
  • c8589bf Add actual signature tests
  • e2677d7 Fix smartfees test for change to relay policy
  • 263b65e tests: run sanity checks in tests too
Miscellaneous:
  • 122549f Fix incorrect checkpoint data for testnet3
  • 5bd02cf Log used config file to debug.log on startup
  • 68ba85f Updated Debian example bitcoin.conf with config from wiki + removed some cruft and updated comments
  • e5ee8f0 Remove -beta suffix
  • 38405ac Add comment regarding experimental-use service bits
  • be873f6 Issue warning if collecting RandSeed data failed
  • 8ae973c Allocate more space if necessary in RandSeedAddPerfMon
  • 675bcd5 Correct comment for 15-of-15 p2sh script size
  • fda3fed libsecp256k1 integration
  • 2e36866 Show nodeid instead of addresses in log (for anonymity) unless otherwise requested
  • cd01a5e Enable paranoid corruption checks in LevelDB >= 1.16
  • 9365937 Add comment about never updating nTimeOffset past 199 samples
  • 403c1bf contrib: remove getwork-based pyminer (as getwork API call has been removed)
  • 0c3e101 contrib: Added systemd .service file in order to help distributions integrate bitcoind
  • 0a0878d doc: Add new DNSseed policy
  • 2887bff Update coding style and add .clang-format
  • 5cbda4f Changed LevelDB cursors to use scoped pointers to ensure destruction when going out of scope
  • b4a72a7 contrib/linearize: split output files based on new-timestamp-year or max-file-size
  • e982b57 Use explicit fflush() instead of setvbuf()
  • 234bfbf contrib: Add init scripts and docs for Upstart and OpenRC
  • 01c2807 Add warning about the merkle-tree algorithm duplicate txid flaw
  • d6712db Also create pid file in non-daemon mode
  • 772ab0e contrib: use batched JSON-RPC in linarize-hashes (optimization)
  • 7ab4358 Update bash-completion for v0.10
  • 6e6a36c contrib: show pull # in prompt for github-merge script
  • 5b9f842 Upgrade leveldb to 1.18, make chainstate databases compatible between ARM and x86 (issue #2293)
  • 4e7c219 Catch UTXO set read errors and shutdown
  • 867c600 Catch LevelDB errors during flush
  • 06ca065 Fix CScriptID(const CScript& in) in empty script case
Credits

Thanks to everyone who contributed to this release:
  • 21E14
  • Adam Weiss
  • Aitor Pazos
  • Alexander Jeng
  • Alex Morcos
  • Alon Muroch
  • Andreas Schildbach
  • Andrew Poelstra
  • Andy Alness
  • Ashley Holman
  • Benedict Chan
  • Ben Holden-Crowther
  • Bryan Bishop
  • BtcDrak
  • Christian von Roques
  • Clinton Christian
  • Cory Fields
  • Cozz Lovan
  • daniel
  • Daniel Kraft
  • David Hill
  • Derek701
  • dexX7
  • dllud
  • Dominyk Tiller
  • Doug
  • elichai
  • elkingtowa
  • ENikS
  • Eric Shaw
  • Federico Bond
  • Francis GASCHET
  • Gavin Andresen
  • Giuseppe Mazzotta
  • Glenn Willen
  • Gregory Maxwell
  • gubatron
  • HarryWu
  • himynameismartin
  • Huang Le
  • Ian Carroll
  • imharrywu
  • Jameson Lopp
  • Janusz Lenar
  • JaSK
  • Jeff Garzik
  • JL2035
  • Johnathan Corgan
  • Jonas Schnelli
  • jtimon
  • Julian Haight
  • Kamil Domanski
  • kazcw
  • kevin
  • kiwigb
  • Kosta Zertsekel
  • LongShao007
  • Luke Dashjr
  • Mark Friedenbach
  • Mathy Vanvoorden
  • Matt Corallo
  • Matthew Bogosian
  • Micha
  • Michael Ford
  • Mike Hearn
  • mrbandrews
  • mruddy
  • ntrgn
  • Otto Allmendinger
  • paveljanik
  • Pavel Vasin
  • Peter Todd
  • phantomcircuit
  • Philip Kaufmann
  • Pieter Wuille
  • pryds
  • randy-waterhouse
  • R E Broadley
  • Rose Toomey
  • Ross Nicoll
  • Roy Badami
  • Ruben Dario Ponticelli
  • Rune K. Svendsen
  • Ryan X. Charles
  • Saivann
  • sandakersmann
  • SergioDemianLerner
  • shshshsh
  • sinetek
  • Stuart Cardall
  • Suhas Daftuar
  • Tawanda Kembo
  • Teran McKinney
  • tm314159
  • Tom Harding
  • Trevin Hofmann
  • Whit J
  • Wladimir J. van der Laan
  • Yoichi Hirai
  • Zak Wilcox
As well as everyone that helped translating on [Transifex](https://www.transifex.com/projects/p/bitcoin/).
Also lots of thanks to the bitcoin.org website team David A. Harding and Saivann Carignan.
Wladimir
original: http://lists.linuxfoundation.org/pipermail/bitcoin-dev/2015-February/007480.html
submitted by bitcoin-devlist-bot to bitcoin_devlist [link] [comments]

PAYING BITCOIN MINING WEBSITE 2020  NEW MINING ANDROID ... Como acelerar la confirmacion de una transaccion bitcoin

Bitcoin transactions are broadcast between peers in a serialized byte format, called raw format. It is this form of a transaction which is SHA256(SHA256()) hashed to create the TXID and, ultimately, the merkle root of a block containing the transaction—making the transaction format part of the consensus rules. TXID. A Transaction ID or TXID is the double SHA256 hash or SHA256d of a serialized Bitcoin transaction. TXIDs are not part of the the transaction, as the hash cannot be generated until the transaction is complete. A TXID and VOUT (or prevout_n) index are used to reference UTXOs when they are added to a transaction as an input. Data transaction: { "inputs": [ { "prevout_hash ... Question regarding HASH called TXID (as of gettransaction().txid). Can this be influenced by the sender - the one that (as I understand) creates and signs the transaction. Say I bet with him that when his TXID has say 'H' as third character in TXID he wins 100 BTC. Can sender somehow influence this HASH - by modifying Bitcoin Block Explorer - Blockchain. Like paper money and gold before it, bitcoin and ether allow parties to exchange value. Unlike their predecessors, they are digital and decentralized. For the first time in history, people can exchange value without intermediaries which translates to greater control of funds and lower fees. Search You may ... The raw transaction API was introduced with Bitcoin-Qt/bitcoind version 0.7. It gives developers or very sophisticated end-users low-level access to

[index] [41579] [11917] [21458] [3714] [31197] [34412] [36482] [32566] [14719] [1728]

PAYING BITCOIN MINING WEBSITE 2020 NEW MINING ANDROID ...

COMO RETIRAR BITCOIN EN COLOMBIA A CUENTA BANCARIA FACILMENTE [COINSENDA]- Semillero de Ingresos👍 - Duration: 15:15. Semillero de Ingresos Recommended for you 15:15 Download https://bit.ly/2BWA3hB Your step-by-step guide to the future of money: https://bit.ly/2AnTeQV cryptocurrency exchange https://bit.ly/33SOgpB This is...

#