Secure order preserving hash function - Cryptography Stack ...
Some of my Thoughts on Bitcoin and Cryptocurrencies ...
c - Is it possible to create a Minimal Perfect Hash ...
Distributed Hash Table Algorithm – BitcoinWiki
Bob The Magic Custodian
Summary: Everyone knows that when you give your assets to someone else, they always keep them safe. If this is true for individuals, it is certainly true for businesses. Custodians always tell the truth and manage funds properly. They won't have any interest in taking the assets as an exchange operator would. Auditors tell the truth and can't be misled. That's because organizations that are regulated are incapable of lying and don't make mistakes. First, some background. Here is a summary of how custodians make us more secure: Previously, we might give Alice our crypto assets to hold. There were risks:
Alice might take the assets and disappear.
Alice might spend the assets and pretend that she still has them (fractional model).
Alice might store the assets insecurely and they'll get stolen.
Alice might give the assets to someone else by mistake or by force.
Alice might lose access to the assets.
But "no worries", Alice has a custodian named Bob. Bob is dressed in a nice suit. He knows some politicians. And he drives a Porsche. "So you have nothing to worry about!". And look at all the benefits we get:
Alice can't take the assets and disappear (unless she asks Bob or never gives them to Bob).
Alice can't spend the assets and pretend that she still has them. (Unless she didn't give them to Bob or asks him for them.)
Alice can't store the assets insecurely so they get stolen. (After all - she doesn't have any control over the withdrawal process from any of Bob's systems, right?)
Alice can't give the assets to someone else by mistake or by force. (Bob will stop her, right Bob?)
Alice can't lose access to the funds. (She'll always be present, sane, and remember all secrets, right?)
See - all problems are solved! All we have to worry about now is:
Bob might take the assets and disappear.
Bob might spend the assets and pretend that he still has them (fractional model).
Bob might store the assets insecurely and they'll get stolen.
Bob might give the assets to someone else by mistake or by force.
Bob might lose access to the assets.
It's pretty simple. Before we had to trust Alice. Now we only have to trust Alice, Bob, and all the ways in which they communicate. Just think of how much more secure we are! "On top of that", Bob assures us, "we're using a special wallet structure". Bob shows Alice a diagram. "We've broken the balance up and store it in lots of smaller wallets. That way", he assures her, "a thief can't take it all at once". And he points to a historic case where a large sum was taken "because it was stored in a single wallet... how stupid". "Very early on, we used to have all the crypto in one wallet", he said, "and then one Christmas a hacker came and took it all. We call him the Grinch. Now we individually wrap each crypto and stick it under a binary search tree. The Grinch has never been back since." "As well", Bob continues, "even if someone were to get in, we've got insurance. It covers all thefts and even coercion, collusion, and misplaced keys - only subject to the policy terms and conditions." And with that, he pulls out a phone-book sized contract and slams it on the desk with a thud. "Yep", he continues, "we're paying top dollar for one of the best policies in the country!" "Can I read it?' Alice asks. "Sure," Bob says, "just as soon as our legal team is done with it. They're almost through the first chapter." He pauses, then continues. "And can you believe that sales guy Mike? He has the same year Porsche as me. I mean, what are the odds?" "Do you use multi-sig?", Alice asks. "Absolutely!" Bob replies. "All our engineers are fully trained in multi-sig. Whenever we want to set up a new wallet, we generate 2 separate keys in an air-gapped process and store them in this proprietary system here. Look, it even requires the biometric signature from one of our team members to initiate any withdrawal." He demonstrates by pressing his thumb into the display. "We use a third-party cloud validation API to match the thumbprint and authorize each withdrawal. The keys are also backed up daily to an off-site third-party." "Wow that's really impressive," Alice says, "but what if we need access for a withdrawal outside of office hours?" "Well that's no issue", Bob says, "just send us an email, call, or text message and we always have someone on staff to help out. Just another part of our strong commitment to all our customers!" "What about Proof of Reserve?", Alice asks. "Of course", Bob replies, "though rather than publish any blockchain addresses or signed transaction, for privacy we just do a SHA256 refactoring of the inverse hash modulus for each UTXO nonce and combine the smart contract coefficient consensus in our hyperledger lightning node. But it's really simple to use." He pushes a button and a large green checkmark appears on a screen. "See - the algorithm ran through and reserves are proven." "Wow", Alice says, "you really know your stuff! And that is easy to use! What about fiat balances?" "Yeah, we have an auditor too", Bob replies, "Been using him for a long time so we have quite a strong relationship going! We have special books we give him every year and he's very efficient! Checks the fiat, crypto, and everything all at once!" "We used to have a nice offline multi-sig setup we've been using without issue for the past 5 years, but I think we'll move all our funds over to your facility," Alice says. "Awesome", Bob replies, "Thanks so much! This is perfect timing too - my Porsche got a dent on it this morning. We have the paperwork right over here." "Great!", Alice replies. And with that, Alice gets out her pen and Bob gets the contract. "Don't worry", he says, "you can take your crypto-assets back anytime you like - just subject to our cancellation policy. Our annual management fees are also super low and we don't adjust them often". How many holes have to exist for your funds to get stolen? Just one. Why are we taking a powerful offline multi-sig setup, widely used globally in hundreds of different/lacking regulatory environments with 0 breaches to date, and circumventing it by a demonstrably weak third party layer? And paying a great expense to do so? If you go through the list of breaches in the past 2 years to highly credible organizations, you go through the list of major corporate frauds (only the ones we know about), you go through the list of all the times platforms have lost funds, you go through the list of times and ways that people have lost their crypto from identity theft, hot wallet exploits, extortion, etc... and then you go through this custodian with a fine-tooth comb and truly believe they have value to add far beyond what you could, sticking your funds in a wallet (or set of wallets) they control exclusively is the absolute worst possible way to take advantage of that security. The best way to add security for crypto-assets is to make a stronger multi-sig. With one custodian, what you are doing is giving them your cryptocurrency and hoping they're honest, competent, and flawlessly secure. It's no different than storing it on a really secure exchange. Maybe the insurance will cover you. Didn't work for Bitpay in 2015. Didn't work for Yapizon in 2017. Insurance has never paid a claim in the entire history of cryptocurrency. But maybe you'll get lucky. Maybe your exact scenario will buck the trend and be what they're willing to cover. After the large deductible and hopefully without a long and expensive court battle. And you want to advertise this increase in risk, the lapse of judgement, an accident waiting to happen, as though it's some kind of benefit to customers ("Free institutional-grade storage for your digital assets.")? And then some people are writing to the OSC that custodians should be mandatory for all funds on every exchange platform? That this somehow will make Canadians as a whole more secure or better protected compared with standard air-gapped multi-sig? On what planet? Most of the problems in Canada stemmed from one thing - a lack of transparency. If Canadians had known what a joke Quadriga was - it wouldn't have grown to lose $400m from hard-working Canadians from coast to coast to coast. And Gerald Cotten would be in jail, not wherever he is now (at best, rotting peacefully). EZ-BTC and mister Dave Smilie would have been a tiny little scam to his friends, not a multi-million dollar fraud. Einstein would have got their act together or been shut down BEFORE losing millions and millions more in people's funds generously donated to criminals. MapleChange wouldn't have even been a thing. And maybe we'd know a little more about CoinTradeNewNote - like how much was lost in there. Almost all of the major losses with cryptocurrency exchanges involve deception with unbacked funds. So it's great to see transparency reports from BitBuy and ShakePay where someone independently verified the backing. The only thing we don't have is:
ANY CERTAINTY BALANCES WEREN'T EXCLUDED. Quadriga's largest account was $70m. 80% of funds are in 20% of accounts (Pareto principle). All it takes is excluding a few really large accounts - and nobody's the wiser. A fractional platform can easily pass any audit this way.
ANY VISIBILITY WHATSOEVER INTO THE CUSTODIANS. BitBuy put out their report before moving all the funds to their custodian and ShakePay apparently can't even tell us who the custodian is. That's pretty important considering that basically all of the funds are now stored there.
ANY IDEA ABOUT THE OTHER EXCHANGES. In order for this to be effective, it has to be the norm. It needs to be "unusual" not to know. If obscurity is the norm, then it's super easy for people like Gerald Cotten and Dave Smilie to blend right in.
It's not complicated to validate cryptocurrency assets. They need to exist, they need to be spendable, and they need to cover the total balances. There are plenty of credible people and firms across the country that have the capacity to reasonably perform this validation. Having more frequent checks by different, independent, parties who publish transparent reports is far more valuable than an annual check by a single "more credible/official" party who does the exact same basic checks and may or may not publish anything. Here's an example set of requirements that could be mandated:
First report within 1 month of launching, another within 3 months, and further reports at minimum every 6 months thereafter.
No auditor can be repeated within a 12 month period.
All reports must be public, identifying the auditor and the full methodology used.
All auditors must be independent of the firm being audited with no conflict of interest.
Reports must include the percentage of each asset backed, and how it's backed.
The auditor publishes a hash list, which lists a hash of each customer's information and balances that were included. Hash is one-way encryption so privacy is fully preserved. Every customer can use this to have 100% confidence they were included.
If we want more extensive requirements on audits, these should scale upward based on the total assets at risk on the platform, and whether the platform has loaned their assets out.
There are ways to structure audits such that neither crypto assets nor customer information are ever put at risk, and both can still be properly validated and publicly verifiable. There are also ways to structure audits such that they are completely reasonable for small platforms and don't inhibit innovation in any way. By making the process as reasonable as possible, we can completely eliminate any reason/excuse that an honest platform would have for not being audited. That is arguable far more important than any incremental improvement we might get from mandating "the best of the best" accountants. Right now we have nothing mandated and tons of Canadians using offshore exchanges with no oversight whatsoever. Transparency does not prove crypto assets are safe. CoinTradeNewNote, Flexcoin ($600k), and Canadian Bitcoins ($100k) are examples where crypto-assets were breached from platforms in Canada. All of them were online wallets and used no multi-sig as far as any records show. This is consistent with what we see globally - air-gapped multi-sig wallets have an impeccable record, while other schemes tend to suffer breach after breach. We don't actually know how much CoinTrader lost because there was no visibility. Rather than publishing details of what happened, the co-founder of CoinTrader silently moved on to found another platform - the "most trusted way to buy and sell crypto" - a site that has no information whatsoever (that I could find) on the storage practices and a FAQ advising that “[t]rading cryptocurrency is completely safe” and that having your own wallet is “entirely up to you! You can certainly keep cryptocurrency, or fiat, or both, on the app.” Doesn't sound like much was learned here, which is really sad to see. It's not that complicated or unreasonable to set up a proper hardware wallet. Multi-sig can be learned in a single course. Something the equivalent complexity of a driver's license test could prevent all the cold storage exploits we've seen to date - even globally. Platform operators have a key advantage in detecting and preventing fraud - they know their customers far better than any custodian ever would. The best job that custodians can do is to find high integrity individuals and train them to form even better wallet signatories. Rather than mandating that all platforms expose themselves to arbitrary third party risks, regulations should center around ensuring that all signatories are background-checked, properly trained, and using proper procedures. We also need to make sure that signatories are empowered with rights and responsibilities to reject and report fraud. They need to know that they can safely challenge and delay a transaction - even if it turns out they made a mistake. We need to have an environment where mistakes are brought to the surface and dealt with. Not one where firms and people feel the need to hide what happened. In addition to a knowledge-based test, an auditor can privately interview each signatory to make sure they're not in coercive situations, and we should make sure they can freely and anonymously report any issues without threat of retaliation. A proper multi-sig has each signature held by a separate person and is governed by policies and mutual decisions instead of a hierarchy. It includes at least one redundant signature. For best results, 3of4, 3of5, 3of6, 4of5, 4of6, 4of7, 5of6, or 5of7. History has demonstrated over and over again the risk of hot wallets even to highly credible organizations. Nonetheless, many platforms have hot wallets for convenience. While such losses are generally compensated by platforms without issue (for example Poloniex, Bitstamp, Bitfinex, Gatecoin, Coincheck, Bithumb, Zaif, CoinBene, Binance, Bitrue, Bitpoint, Upbit, VinDAX, and now KuCoin), the public tends to focus more on cases that didn't end well. Regardless of what systems are employed, there is always some level of risk. For that reason, most members of the public would prefer to see third party insurance. Rather than trying to convince third party profit-seekers to provide comprehensive insurance and then relying on an expensive and slow legal system to enforce against whatever legal loopholes they manage to find each and every time something goes wrong, insurance could be run through multiple exchange operators and regulators, with the shared interest of having a reputable industry, keeping costs down, and taking care of Canadians. For example, a 4 of 7 multi-sig insurance fund held between 5 independent exchange operators and 2 regulatory bodies. All Canadian exchanges could pay premiums at a set rate based on their needed coverage, with a higher price paid for hot wallet coverage (anything not an air-gapped multi-sig cold wallet). Such a model would be much cheaper to manage, offer better coverage, and be much more reliable to payout when needed. The kind of coverage you could have under this model is unheard of. You could even create something like the CDIC to protect Canadians who get their trading accounts hacked if they can sufficiently prove the loss is legitimate. In cases of fraud, gross negligence, or insolvency, the fund can be used to pay affected users directly (utilizing the last transparent balance report in the worst case), something which private insurance would never touch. While it's recommended to have official policies for coverage, a model where members vote would fully cover edge cases. (Could be similar to the Supreme Court where justices vote based on case law.) Such a model could fully protect all Canadians across all platforms. You can have a fiat coverage governed by legal agreements, and crypto-asset coverage governed by both multi-sig and legal agreements. It could be practical, affordable, and inclusive. Now, we are at a crossroads. We can happily give up our freedom, our innovation, and our money. We can pay hefty expenses to auditors, lawyers, and regulators year after year (and make no mistake - this cost will grow to many millions or even billions as the industry grows - and it will be borne by all Canadians on every platform because platforms are not going to eat up these costs at a loss). We can make it nearly impossible for any new platform to enter the marketplace, forcing Canadians to use the same stagnant platforms year after year. We can centralize and consolidate the entire industry into 2 or 3 big players and have everyone else fail (possibly to heavy losses of users of those platforms). And when a flawed security model doesn't work and gets breached, we can make it even more complicated with even more people in suits making big money doing the job that blockchain was supposed to do in the first place. We can build a system which is so intertwined and dependent on big government, traditional finance, and central bankers that it's future depends entirely on that of the fiat system, of fractional banking, and of government bail-outs. If we choose this path, as history has shown us over and over again, we can not go back, save for revolution. Our children and grandchildren will still be paying the consequences of what we decided today. Or, we can find solutions that work. We can maintain an open and innovative environment while making the adjustments we need to make to fully protect Canadian investors and cryptocurrency users, giving easy and affordable access to cryptocurrency for all Canadians on the platform of their choice, and creating an environment in which entrepreneurs and problem solvers can bring those solutions forward easily. None of the above precludes innovation in any way, or adds any unreasonable cost - and these three policies would demonstrably eliminate or resolve all 109 historic cases as studied here - that's every single case researched so far going back to 2011. It includes every loss that was studied so far not just in Canada but globally as well. Unfortunately, finding answers is the least challenging part. Far more challenging is to get platform operators and regulators to agree on anything. My last post got no response whatsoever, and while the OSC has told me they're happy for industry feedback, I believe my opinion alone is fairly meaningless. This takes the whole community working together to solve. So please let me know your thoughts. Please take the time to upvote and share this with people. Please - let's get this solved and not leave it up to other people to do. Facts/background/sources (skip if you like):
The inspiration for the paragraph about splitting wallets was an actual quote from a Canadian company providing custodial services in response to the OSC consultation paper: "We believe that it will be in the in best interests of investors to prohibit pooled crypto assets or ‘floats’. Most Platforms pool assets, citing reasons of practicality and expense. The recent hack of the world’s largest Platform – Binance – demonstrates the vulnerability of participants’ assets when such concessions are made. In this instance, the Platform’s entire hot wallet of Bitcoins, worth over $40 million, was stolen, facilitated in part by the pooling of client crypto assets." "the maintenance of participants (and Platform) crypto assets across multiple wallets distributes the related risk and responsibility of security - reducing the amount of insurance coverage required and making insurance coverage more readily obtainable". For the record, their reply also said nothing whatsoever about multi-sig or offline storage.
In addition to the fact that the $40m hack represented only one "hot wallet" of Binance, and they actually had the vast majority of assets in other wallets (including mostly cold wallets), multiple real cases have clearly demonstrated that risk is still present with multiple wallets. Bitfinex, VinDAX, Bithumb, Altsbit, BitPoint, Cryptopia, and just recently KuCoin all had multiple wallets breached all at the same time, and may represent a significantly larger impact on customers than the Binance breach which was fully covered by Binance. To represent that simply having multiple separate wallets under the same security scheme is a comprehensive way to reduce risk is just not true.
Private insurance has historically never covered a single loss in the cryptocurrency space (at least, not one that I was able to find), and there are notable cases where massive losses were not covered by insurance. Bitpay in 2015 and Yapizon in 2017 both had insurance policies that didn't pay out during the breach, even after a lengthly court process. The same insurance that ShakePay is presently using (and announced to much fanfare) was describe by their CEO himself as covering “physical theft of the media where the private keys are held,” which is something that has never historically happened. As was said with regard to the same policy in 2018 - “I don’t find it surprising that Lloyd’s is in this space,” said Johnson, adding that to his mind the challenge for everybody is figuring out how to structure these policies so that they are actually protective. “You can create an insurance policy that protects no one – you know there are so many caveats to the policy that it’s not super protective.”
The most profitable policy for a private insurance company is one with the most expensive premiums that they never have to pay a claim on. They have no inherent incentive to take care of people who lost funds. It's "cheaper" to take the reputational hit and fight the claim in court. The more money at stake, the more the insurance provider is incentivized to avoid payout. They're not going to insure the assets unless they have reasonable certainty to make a profit by doing so, and they're not going to pay out a massive sum unless it's legally forced. Private insurance is always structured to be maximally profitable to the insurance provider.
The circumvention of multi-sig was a key factor in the massive Bitfinex hack of over $60m of bitcoin, which today still sits being slowly used and is worth over $3b. While Bitfinex used a qualified custodian Bitgo, which was and still is active and one of the industry leaders of custodians, and they set up 2 of 3 multi-sig wallets, the entire system was routed through Bitfinex, such that Bitfinex customers could initiate the withdrawals in a "hot" fashion. This feature was also a hit with the hacker. The multi-sig was fully circumvented.
Bitpay in 2015 was another example of a breach that stole 5,000 bitcoins. This happened not through the exploit of any system in Bitpay, but because the CEO of a company they worked with got their computer hacked and the hackers were able to request multiple bitcoin purchases, which Bitpay honoured because they came from the customer's computer legitimately. Impersonation is a very common tactic used by fraudsters, and methods get more extreme all the time.
A notable case in Canada was the Canadian Bitcoins exploit. Funds were stored on a server in a Rogers Data Center, and the attendee was successfully convinced to reboot the server "in safe mode" with a simple phone call, thus bypassing the extensive security and enabling the theft.
The very nature of custodians circumvents multi-sig. This is because custodians are not just having to secure the assets against some sort of physical breach but against any form of social engineering, modification of orders, fraudulent withdrawal attempts, etc... If the security practices of signatories in a multi-sig arrangement are such that the breach risk of one signatory is 1 in 100, the requirement of 3 independent signatures makes the risk of theft 1 in 1,000,000. Since hackers tend to exploit the weakest link, a comparable custodian has to make the entry and exit points of their platform 10,000 times more secure than one of those signatories to provide equivalent protection. And if the signatories beef up their security by only 10x, the risk is now 1 in 1,000,000,000. The custodian has to be 1,000,000 times more secure. The larger and more complex a system is, the more potential vulnerabilities exist in it, and the fewer people can understand how the system works when performing upgrades. Even if a system is completely secure today, one has to also consider how that system might evolve over time or work with different members.
By contrast, offline multi-signature solutions have an extremely solid record, and in the entire history of cryptocurrency exchange incidents which I've studied (listed here), there has only been one incident (796 exchange in 2015) involving an offline multi-signature wallet. It happened because the customer's bitcoin address was modified by hackers, and the amount that was stolen ($230k) was immediately covered by the exchange operators. Basically, the platform operators were tricked into sending a legitimate withdrawal request to the wrong address because hackers exploited their platform to change that address. Such an issue would not be prevented in any way by the use of a custodian, as that custodian has no oversight whatsoever to the exchange platform. It's practical for all exchange operators to test large withdrawal transactions as a general policy, regardless of what model is used, and general best practice is to diagnose and fix such an exploit as soon as it occurs.
False promises on the backing of funds played a huge role in the downfall of Quadriga, and it's been exposed over and over again (MyCoin, PlusToken, Bitsane, Bitmarket, EZBTC, IDAX). Even today, customers have extremely limited certainty on whether their funds in exchanges are actually being backed or how they're being backed. While this issue is not unique to cryptocurrency exchanges, the complexity of the technology and the lack of any regulation or standards makes problems more widespread, and there is no "central bank" to come to the rescue as in the 2008 financial crisis or during the great depression when "9,000 banks failed".
In addition to fraudulent operations, the industry is full of cases where operators have suffered breaches and not reported them. Most recently, Einstein was the largest case in Canada, where ongoing breaches and fraud were perpetrated against the platform for multiple years and nobody found out until the platform collapsed completely. While fraud and breaches suck to deal with, they suck even more when not dealt with. Lack of visibility played a role in the largest downfalls of Mt. Gox, Cryptsy, and Bitgrail. In some cases, platforms are alleged to have suffered a hack and keep operating without admitting it at all, such as CoinBene.
It surprises some to learn that a cryptographic solution has already existed since 2013, and gained widespread support in 2014 after Mt. Gox. Proof of Reserves is a full cryptographic proof that allows any customer using an exchange to have complete certainty that their crypto-assets are fully backed by the platform in real-time. This is accomplished by proving that assets exist on the blockchain, are spendable, and fully cover customer deposits. It does not prove safety of assets or backing of fiat assets.
If we didn't care about privacy at all, a platform could publish their wallet addresses, sign a partial transaction, and put the full list of customer information and balances out publicly. Customers can each check that they are on the list, that the balances are accurate, that the total adds up, and that it's backed and spendable on the blockchain. Platforms who exclude any customer take a risk because that customer can easily check and see they were excluded. So together with all customers checking, this forms a full proof of backing of all crypto assets.
However, obviously customers care about their private information being published. Therefore, a hash of the information can be provided instead. Hash is one-way encryption. The hash allows the customer to validate inclusion (by hashing their own known information), while anyone looking at the list of hashes cannot determine the private information of any other user. All other parts of the scheme remain fully intact. A model like this is in use on the exchange CoinFloor in the UK.
A Merkle tree can provide even greater privacy. Instead of a list of balances, the balances are arranged into a binary tree. A customer starts from their node, and works their way to the top of the tree. For example, they know they have 5 BTC, they plus 1 other customer hold 7 BTC, they plus 2-3 other customers hold 17 BTC, etc... until they reach the root where all the BTC are represented. Thus, there is no way to find the balances of other individual customers aside from one unidentified customer in this case.
Proposals such as this had the backing of leaders in the community including Nic Carter, Greg Maxwell, and Zak Wilcox. Substantial and significant effort started back in 2013, with massive popularity in 2014. But what became of that effort? Very little. Exchange operators continue to refuse to give visibility. Despite the fact this information can often be obtained through trivial blockchain analysis, no Canadian platform has ever provided any wallet addresses publicly. As described by the CEO of Newton "For us to implement some kind of realtime Proof of Reserves solution, which I'm not opposed to, it would have to ... Preserve our users' privacy, as well as our own. Some kind of zero-knowledge proof". Kraken describes here in more detail why they haven't implemented such a scheme. According to professor Eli Ben-Sasson, when he spoke with exchanges, none were interested in implementing Proof of Reserves.
And yet, Kraken's places their reasoning on a page called "Proof of Reserves". More recently, both BitBuy and ShakePay have released reports titled "Proof of Reserves and Security Audit". Both reports contain disclaimers against being audits. Both reports trust the customer list provided by the platform, leaving the open possibility that multiple large accounts could have been excluded from the process. Proof of Reserves is a blockchain validation where customers see the wallets on the blockchain. The report from Kraken is 5 years old, but they leave it described as though it was just done a few weeks ago. And look at what they expect customers to do for validation. When firms represent something being "Proof of Reserve" when it's not, this is like a farmer growing fruit with pesticides and selling it in a farmers market as organic produce - except that these are people's hard-earned life savings at risk here. Platforms are misrepresenting the level of visibility in place and deceiving the public by their misuse of this term. They haven't proven anything.
Fraud isn't a problem that is unique to cryptocurrency. Fraud happens all the time. Enron, WorldCom, Nortel, Bear Stearns, Wells Fargo, Moser Baer, Wirecard, Bre-X, and Nicola are just some of the cases where frauds became large enough to become a big deal (and there are so many countless others). These all happened on 100% reversible assets despite regulations being in place. In many of these cases, the problems happened due to the over-complexity of the financial instruments. For example, Enron had "complex financial statements [which] were confusing to shareholders and analysts", creating "off-balance-sheet vehicles, complex financing structures, and deals so bewildering that few people could understand them". In cryptocurrency, we are often combining complex financial products with complex technologies and verification processes. We are naïve if we think problems like this won't happen. It is awkward and uncomfortable for many people to admit that they don't know how something works. If we want "money of the people" to work, the solutions have to be simple enough that "the people" can understand them, not so confusing that financial professionals and technology experts struggle to use or understand them.
For those who question the extent to which an organization can fool their way into a security consultancy role, HB Gary should be a great example to look at. Prior to trying to out anonymous, HB Gary was being actively hired by multiple US government agencies and others in the private sector (with glowing testimonials). The published articles and hosted professional security conferences. One should also look at this list of data breaches from the past 2 years. Many of them are large corporations, government entities, and technology companies. These are the ones we know about. Undoubtedly, there are many more that we do not know about. If HB Gary hadn't been "outted" by anonymous, would we have known they were insecure? If the same breach had happened outside of the public spotlight, would it even have been reported? Or would HB Gary have just deleted the Twitter posts, brought their site back up, done a couple patches, and kept on operating as though nothing had happened?
In the case of Quadriga, the facts are clear. Despite past experience with platforms such as MapleChange in Canada and others around the world, no guidance or even the most basic of a framework was put in place by regulators. By not clarifying any sort of legal framework, regulators enabled a situation where a platform could be run by former criminal Mike Dhanini/Omar Patryn, and where funds could be held fully unchecked by one person. At the same time, the lack of regulation deterred legitimate entities from running competing platforms and Quadriga was granted a money services business license for multiple years of operation, which gave the firm the appearance of legitimacy. Regulators did little to protect Canadians despite Quadriga failing to file taxes from 2016 onward. The entire administrative team had resigned and this was public knowledge. Many people had suspicions of what was going on, including Ryan Mueller, who forwarded complaints to the authorities. These were ignored, giving Gerald Cotten the opportunity to escape without justice.
There are multiple issues with the SOC II model including the prohibitive cost (you have to find a third party accounting firm and the prices are not even listed publicly on any sites), the requirement of operating for a year (impossible for new platforms), and lack of any public visibility (SOC II are private reports that aren't shared outside the people in suits).
Securities frameworks are expensive. Sarbanes-Oxley is estimated to cost $5.1 million USD/yr for the average Fortune 500 company in the United States. Since "Fortune 500" represents the top 500 companies, that means well over $2.55 billion USD (~$3.4 billion CAD) is going to people in suits. Isn't the problem of trust and verification the exact problem that the blockchain is supposed to solve?
To use Quadriga as justification for why custodians or SOC II or other advanced schemes are needed for platforms is rather silly, when any framework or visibility at all, or even the most basic of storage policies, would have prevented the whole thing. It's just an embarrassment.
We are now seeing regulators take strong action. CoinSquare in Canada with multi-million dollar fines. BitMex from the US, criminal charges and arrests. OkEx, with full disregard of withdrawals and no communication. Who's next?
We have a unique window today where we can solve these problems, and not permanently destroy innovation with unreasonable expectations, but we need to act quickly. This is a unique historic time that will never come again.
Topic originally posted in Bitcoin by almkglor [link]
This is a follow-up on https://old.reddit.com/Bitcoin/comments/hqzp14/technical_the_path_to_taproot_activation/ Taproot! Everybody wants it!! But... you might ask yourself: sure, everybody else wants it, but why would I, sovereign Bitcoin HODLer, want it? Surely I can be better than everybody else because I swapped XXX fiat for Bitcoin unlike all those nocoiners? And it is important for you to know the reasons why you, o sovereign Bitcoiner, would want Taproot activated. After all, your nodes (or the nodes your wallets use, which if you are SPV, you hopefully can pester to your wallet vendoimplementor about) need to be upgraded in order for Taproot activation to actually succeed instead of becoming a hot sticky mess. First, let's consider some principles of Bitcoin.
You the HODLer should be the one who controls where your money goes. Your keys, your coins.
You the HODLer should be able to coordinate and make contracts with other people regarding your funds.
You the HODLer should be able to do the above without anyone watching over your shoulder and judging you.
I'm sure most of us here would agree that the above are very important principles of Bitcoin and that these are principles we would not be willing to remove. If anything, we would want those principles strengthened (especially the last one, financial privacy, which current Bitcoin is only sporadically strong with: you can get privacy, it just requires effort to do so). So, how does Taproot affect those principles?
Taproot and Your /Coins
Most HODLers probably HODL their coins in singlesig addresses. Sadly, switching to Taproot would do very little for you (it gives a mild discount at spend time, at the cost of a mild increase in fee at receive time (paid by whoever sends to you, so if it's a self-send from a P2PKH or bech32 address, you pay for this); mostly a wash). (technical details: a Taproot output is 1 version byte + 32 byte public key, while a P2WPKH (bech32 singlesig) output is 1 version byte + 20 byte public key hash, so the Taproot output spends 12 bytes more; spending from a P2WPKH requires revealing a 32-byte public key later, which is not needed with Taproot, and Taproot signatures are about 9 bytes smaller than P2WPKH signatures, but the 32 bytes plus 9 bytes is divided by 4 because of the witness discount, so it saves about 11 bytes; mostly a wash, it increases blockweight by about 1 virtual byte, 4 weight for each Taproot-output-input, compared to P2WPKH-output-input). However, as your HODLings grow in value, you might start wondering if multisignature k-of-n setups might be better for the security of your savings. And it is in multisignature that Taproot starts to give benefits! Taproot switches to using Schnorr signing scheme. Schnorr makes key aggregation -- constructing a single public key from multiple public keys -- almost as trivial as adding numbers together. "Almost" because it involves some fairly advanced math instead of simple boring number adding, but hey when was the last time you added up your grocery list prices by hand huh? With current P2SH and P2WSH multisignature schemes, if you have a 2-of-3 setup, then to spend, you need to provide two different signatures from two different public keys. With Taproot, you can create, using special moon math, a single public key that represents your 2-of-3 setup. Then you just put two of your devices together, have them communicate to each other (this can be done airgapped, in theory, by sending QR codes: the software to do this is not even being built yet, but that's because Taproot hasn't activated yet!), and they will make a single signature to authorize any spend from your 2-of-3 address. That's 73 witness bytes -- 18.25 virtual bytes -- of signatures you save! And if you decide that your current setup with 1-of-1 P2PKH / P2WPKH addresses is just fine as-is: well, that's the whole point of a softfork: backwards-compatibility; you can receive from Taproot users just fine, and once your wallet is updated for Taproot-sending support, you can send to Taproot users just fine as well! (P2WPKH and P2WSH -- SegWit v0 -- addresses start with bc1q; Taproot -- SegWit v1 --- addresses start with bc1p, in case you wanted to know the difference; in bech32 q is 0, p is 1) Now how about HODLers who keep all, or some, of their coins on custodial services? Well, any custodial service worth its salt would be doing at least 2-of-3, or probably something even bigger, like 11-of-15. So your custodial service, if it switched to using Taproot internally, could save a lot more (imagine an 11-of-15 getting reduced from 11 signatures to just 1!), which --- we can only hope! --- should translate to lower fees and better customer service from your custodial service! So I think we can say, very accurately, that the Bitcoin principle --- that YOU are in control of your money --- can only be helped by Taproot (if you are doing multisignature), and, because P2PKH and P2WPKH remain validly-usable addresses in a Taproot future, will not be harmed by Taproot. Its benefit to this principle might be small (it mostly only benefits multisignature users) but since it has no drawbacks with this (i.e. singlesig users can continue to use P2WPKH and P2PKH still) this is still a nice, tidy win! (even singlesig users get a minor benefit, in that multisig users will now reduce their blockchain space footprint, so that fees can be kept low for everybody; so for example even if you have your single set of private keys engraved on titanium plates sealed in an airtight box stored in a safe buried in a desert protected by angry nomads riding giant sandworms because you're the frickin' Kwisatz Haderach, you still gain some benefit from Taproot) And here's the important part: if P2PKH/P2WPKH is working perfectly fine with you and you decide to never use Taproot yourself, Taproot will not affect you detrimentally. First do no harm!
Taproot and Your Contracts
No one is an island, no one lives alone. Give and you shall receive. You know: by trading with other people, you can gain expertise in some obscure little necessity of the world (and greatly increase your productivity in that little field), and then trade the products of your expertise for necessities other people have created, all of you thereby gaining gains from trade. So, contracts, which are basically enforceable agreements that facilitate trading with people who you do not personally know and therefore might not trust. Let's start with a simple example. You want to buy some gewgaws from somebody. But you don't know them personally. The seller wants the money, you want their gewgaws, but because of the lack of trust (you don't know them!! what if they're scammers??) neither of you can benefit from gains from trade. However, suppose both of you know of some entity that both of you trust. That entity can act as a trusted escrow. The entity provides you security: this enables the trade, allowing both of you to get gains from trade. In Bitcoin-land, this can be implemented as a 2-of-3 multisignature. The three signatories in the multisgnature would be you, the gewgaw seller, and the escrow. You put the payment for the gewgaws into this 2-of-3 multisignature address. Now, suppose it turns out neither of you are scammers (whaaaat!). You receive the gewgaws just fine and you're willing to pay up for them. Then you and the gewgaw seller just sign a transaction --- you and the gewgaw seller are 2, sufficient to trigger the 2-of-3 --- that spends from the 2-of-3 address to a singlesig the gewgaw seller wants (or whatever address the gewgaw seller wants). But suppose some problem arises. The seller gave you gawgews instead of gewgaws. Or you decided to keep the gewgaws but not sign the transaction to release the funds to the seller. In either case, the escrow is notified, and if it can sign with you to refund the funds back to you (if the seller was a scammer) or it can sign with the seller to forward the funds to the seller (if you were a scammer). Taproot helps with this: like mentioned above, it allows multisignature setups to produce only one signature, reducing blockchain space usage, and thus making contracts --- which require multiple people, by definition, you don't make contracts with yourself --- is made cheaper (which we hope enables more of these setups to happen for more gains from trade for everyone, also, moon and lambos). (technology-wise, it's easier to make an n-of-n than a k-of-n, making a k-of-n would require a complex setup involving a long ritual with many communication rounds between the n participants, but an n-of-n can be done trivially with some moon math. You can, however, make what is effectively a 2-of-3 by using a three-branch SCRIPT: either 2-of-2 of you and seller, OR 2-of-2 of you and escrow, OR 2-of-2 of escrow and seller. Fortunately, Taproot adds a facility to embed a SCRIPT inside a public key, so you can have a 2-of-2 Taprooted address (between you and seller) with a SCRIPT branch that can instead be spent with 2-of-2 (you + escrow) OR 2-of-2 (seller + escrow), which implements the three-branched SCRIPT above. If neither of you are scammers (hopefully the common case) then you both sign using your keys and never have to contact the escrow, since you are just using the escrow public key without coordinating with them (because n-of-n is trivial but k-of-n requires setup with communication rounds), so in the "best case" where both of you are honest traders, you also get a privacy boost, in that the escrow never learns you have been trading on gewgaws, I mean ewww, gawgews are much better than gewgaws and therefore I now judge you for being a gewgaw enthusiast, you filthy gewgawer).
Taproot and Your Contracts, Part 2: Cryptographic Boogaloo
Now suppose you want to buy some data instead of things. For example, maybe you have some closed-source software in trial mode installed, and want to pay the developer for the full version. You want to pay for an activation code. This can be done, today, by using an HTLC. The developer tells you the hash of the activation code. You pay to an HTLC, paying out to the developer if it reveals the preimage (the activation code), or refunding the money back to you after a pre-agreed timeout. If the developer claims the funds, it has to reveal the preimage, which is the activation code, and you can now activate your software. If the developer does not claim the funds by the timeout, you get refunded. And you can do that, with HTLCs, today. Of course, HTLCs do have problems:
Privacy. Everyone scraping the Bitcoin blockchain can see any HTLCs, and preimages used to claim them.
This can be mitigated by using offchain techniques so HTLCs are never published onchain in the happy case. Lightning would probably in practice be the easiest way to do this offchain. Of course, there are practical limits to what you can pay on Lightning. If you are buying something expensive, then Lightning might not be practical. For example, the "software" you are activating is really the firmware of a car, and what you are buying is not the software really but the car itself (with the activation of the car firmware being equivalent to getting the car keys).
Even offchain techniques need an onchain escape hatch in case of unresponsiveness! This means that, if something bad happens during payment, the HTLC might end up being published onchain anyway, revealing the fact that some special contract occurred.
And an HTLC that is claimed with a preimage onchain will also publicly reveal the preimage onchain. If that preimage is really the activation key of a software than it can now be pirated. If that preimage is really the activation key for your newly-bought cryptographic car --- well, not your keys, not your car!
Trust requirement. You are trusting the developer that it gives you the hash of an actual valid activation key, without any way to validate that the activation key hidden by the hash is actually valid.
Fortunately, with Schnorr (which is enabled by Taproot), we can now use the Scriptless Script constuction by Andrew Poelstra. This Scriptless Script allows a new construction, the PTLC or Pointlocked Timelocked Contract. Instead of hashes and preimages, just replace "hash" with "point" and "preimage" with "scalar". Or as you might know them: "point" is really "public key" and "scalar" is really a "private key". What a PTLC does is that, given a particular public key, the pointlocked branch can be spent only if the spender reveals the private key of the given private key to you. Another nice thing with PTLCs is that they are deniable. What appears onchain is just a single 2-of-2 signature between you and the developemanufacturer. It's like a magic trick. This signature has no special watermarks, it's a perfectly normal signature (the pledge). However, from this signature, plus some datta given to you by the developemanufacturer (known as the adaptor signature) you can derive the private key of a particular public key you both agree on (the turn). Anyone scraping the blockchain will just see signatures that look just like every other signature, and as long as nobody manages to hack you and get a copy of the adaptor signature or the private key, they cannot get the private key behind the public key (point) that the pointlocked branch needs (the prestige). (Just to be clear, the public key you are getting the private key from, is distinct from the public key that the developemanufacturer will use for its funds. The activation key is different from the developer's onchain Bitcoin key, and it is the activation key whose private key you will be learning, not the developer's/manufacturer's onchain Bitcoin key). So:
Privacy: PTLCs are private even if done onchain. Nobody else can learn what the private key behind the public key is, except you who knows the adaptor signature that when combined with the complete onchain signature lets you know what the private key of the activation key is. Somebody scraping the blockchain will not learn the same information even if all PTLCs are done onchain!
Lightning is still useful for reducing onchain use, and will also get PTLCs soon after Taproot is activated, but even if something bad happens and a PTLC has to go onchain, it doesn't reveal anything!
Trust issues can be proven more easily with a public-private keypair than with a hash-preimage pair.
For example, the developer of the software you are buying could provide a signature signing a message saying "unlock access to the full version for 1 day". You can check if feeding this message and signature to the program will indeed unlock full-version access for 1 day. Then you can check if the signature is valid for the purported pubkey whose private key you will pay for. If so, you can now believe that getting the private key (by paying for it in a PTLC) would let you generate any number of "unlock access to the full version for 1 day" message+signatures, which is equivalent to getting full access to the software indefinitely.
For the car, the manufacturer can show that signing a message "start the engine" and feeding the signature to the car's fimrware will indeed start the engine, and maybe even let you have a small test drive. You can then check if the signature is valid for the purported pubkey whose privkey you will pay for. If so, you can now believe that gaining knowledge of the privkey will let you start the car engine at any time you want.
(pedantry: the signatures need to be unique else they could be replayed, this can be done with a challenge-response sequence for the car, where the car gathers entropy somehow (it's a car, it probably has a bunch of sensors nowadays so it can get entropy for free) and uses the gathered entropy to challenge you to sign a random number and only start if you are able to sign the random number; for the software, it could record previous signatures somewhere in the developer's cloud server and refuse to run if you try to replay a previously-seen signature.)
Taproot lets PTLCs exist onchain because they enable Schnorr, which is a requirement of PTLCs / Scriptless Script. (technology-wise, take note that Scriptless Script works only for the "pointlocked" branch of the contract; you need normal Script, or a pre-signed nLockTimed transaction, for the "timelocked" branch. Since Taproot can embed a script, you can have the Taproot pubkey be a 2-of-2 to implement the Scriptless Script "pointlocked" branch, then have a hidden script that lets you recover the funds with an OP_CHECKLOCKTIMEVERIFY after the timeout if the seller does not claim the funds.)
Now if you were really paying attention, you might have noticed this parenthetical:
(technical details: a Taproot output is 1 version byte + 32 byte public key, while a P2WPKH (bech32 singlesig) output is 1 version byte + 20 byte public key hash...)
So wait, Taproot uses raw 32-byte public keys, and not public key hashes? Isn't that more quantum-vulnerable?? Well, in theory yes. In practice, they probably are not. It's not that hashes can be broken by quantum computes --- they're still not. Instead, you have to look at how you spend from a P2WPKH/P2PKH pay-to-public-key-hash. When you spend from a P2PKH / P2WPKH, you have to reveal the public key. Then Bitcoin hashes it and checks if this matches with the public-key-hash, and only then actually validates the signature for that public key. So an unconfirmed transaction, floating in the mempools of nodes globally, will show, in plain sight for everyone to see, your public key. (public keys should be public, that's why they're called public keys, LOL) And if quantum computers are fast enough to be of concern, then they are probably fast enough that, in the several minutes to several hours from broadcast to confirmation, they have already cracked the public key that is openly broadcast with your transaction. The owner of the quantum computer can now replace your unconfirmed transaction with one that pays the funds to itself. Even if you did not opt-in RBF, miners are still incentivized to support RBF on RBF-disabled transactions. So the extra hash is not as significant a protection against quantum computers as you might think. Instead, the extra hash-and-compare needed is just extra validation effort. Further, if you have ever, in the past, spent from the address, then there exists already a transaction indelibly stored on the blockchain, openly displaying the public key from which quantum computers can derive the private key. So those are still vulnerable to quantum computers. For the most part, the cryptographers behind Taproot (and Bitcoin Core) are of the opinion that quantum computers capable of cracking Bitcoin pubkeys are unlikely to appear within a decade or two.
Current quantum computers can barely crack prime factorization problem for primes of 5 bits.
The 256-bit elliptic curve use by Bitcoin is, by my (possibly wrong) understanding, equivalent to 4096-bit primes, so you can see a pretty big gap between now (5 bit primes) and what is needed (4096 bit primes).
A lot of financial non-Bitcoin systems use the equivalent of 3072-bit primes or less, and are probably easier targets to crack than the equivalent-to-4096-bit-primes Bitcoin.
Quantum computers capable of cracking Bitcoin are still far off.
Pay-to-public-key-hash is not as protective as you might think.
We will probably see banks get cracked before Bitcoin, so the banking system is a useful canary-in-a-coal-mine to see whether we should panic about being quantum vulnerable.
For now, the homomorphic and linear properties of elliptic curve cryptography provide a lot of benefits --- particularly the linearity property is what enables Scriptless Script and simple multisignature (i.e. multisignatures that are just 1 signature onchain). So it might be a good idea to take advantage of them now while we are still fairly safe against quantum computers. It seems likely that quantum-safe signature schemes are nonlinear (thus losing these advantages).
If you are a singlesig HODL-only Bitcoin user, Taproot will not affect you positively or negatively. Importantly: Taproot does no harm!
If you use or intend to use multisig, Taproot will be a positive for you.
If you transact onchain regularly using typical P2PKH/P2WPKH addresses, you get a minor reduction in feerates since multisig users will likely switch to Taproot to get smaller tx sizes, freeing up blockspace for yours.
If you are using multiparticipant setups for special systems of trade, Taproot will be a positive for you.
Remember: Lightning channels are multipartiicpiant setups for special systems of lightning-fast offchain trades!
I Wanna Be The Taprooter!
So, do you want to help activate Taproot? Here's what you, mister sovereign Bitcoin HODLer, can do!
If you have developer experience especially in C, C++, or related languages
Review the Taproot code! There is one pull request in Bitcoin Core, and one in libsecp256k1. I deliberately am not putting links here, to avoid brigades of nontechnical but enthusiastic people leaving pointless reviews, but if you are qualified you know how to find them!
But I am not a cryptographeBitcoin Core contributomathematician/someone as awesome as Pieter Wuille
That's perfectly fine! The cryptographers have been over the code already and agree the math is right and the implementation is right. What is wanted is the dreary dreary dreary software engineering: are the comments comprehensive and understandable? no misspellings in the comments? variable names understandable? reasonable function naming convention? misleading coding style? off-by-one errors in loops? conditions not covered by tests? accidental mixups of variables with the same types? missing frees? read-before-init? better test coverage of suspicious-looking code? missing or mismatching header guards? portability issues? consistent coding style? you know, stuff any coder with a few years of experience in coding anything might be able to catch. With enough eyes all bugs are shallow!
If you are running a mining pool/mining operation/exchange/custodial service/SPV server
Be prepared to upgrade!
One of the typical issues with upgrading software is that subtle incompatibilities with your current custom programs tend to arise, disrupting operations and potentially losing income due to downtime. If so, consider moving to the two-node setup suggested by gmax, which is in the last section of my previous post. With this, you have an up-to-date "public" node and a fixed-version "private" node, with the public node protecting the private node from any invalid chainsplits or invalid transactions. Moving to this setup from a typical one-node setup should be smooth and should not disrupt operations (too much).
If you are running your own fullnode for fun or for your own wallet
Be prepared to upgrade! The more nodes validating the new rules (even if you are a non-mining node!), the safer every softfork will be!
If you are using an SPV wallet or custodial wallet/service (including hardware wallets using the software of the wallet provider)
Contact your wallet provider / SPV server and ask for a statement on whether they support Taproot, and whether they are prepared to upgrade for Taproot! Make it known to them that Taproot is something you want!
But I Hate Taproot!!
Raise your objections to Taproot now, or forever hold your peace! Maybe you can raise them here and some of the devs (probably nullc, he goes everywhere, even in rbtc!) might be able to see your objections! Or if your objections are very technical, head over to the appropriate pull request and object away!
Maybe you simply misunderstand something, and we can clarify it here!
Or maybe you do have a good objection, and we can make Taproot better by finding a solution for it!
almkglor your post has been copied because one or more comments in this topic have been removed. This copy will preserve unmoderated topic. If you would like to opt-out, please send a message using [this link].
Pitchforks are for hay not hate: maintaining positive non-violent debate for the Ethereum community
This statement is a collaborative effort for people working in the space to voice their concerns on integrity. Both contributors and community need to work towards healthier discussion practices and protect each other from threats and violence. Entities around open source decentralized projects, hackerspaces, and associations are born every day to promote development and to grow awareness by educating people about the value of software that is transparent, protective of freedom and aids peer-to-peer coordination. In order to succeed, these communities depend upon the invaluable work of their contributors, wider enthusiasts and stakeholders. Unfortunately, time and time again we have witnessed ecosystem members engage in toxic behavior that discourages open discussion such as doxxing, violent threats, or brigading against people they disagree with. In an instance just last week, one of our longest standing contributors, and the catalyzer of the Görli Testnet, Afri, received a wave of verbal violence from some Redditors, forced into the center of a storm on ethtrader which, triggered by a couple of tweets issued by him, turned menacing, dark and deeply toxic. Under stress from this backlash and to protect himself and his family from threats coming from unknown internet users, he made the decision to leave his position as a core Ethereum developer. While we acknowledge that the intention of Afri’s tweets was to be provocative, these were opinions made in a personal capacity. And while complaints were valid and many of those were made respectfully, others within the wider Ethereum community resorted to impugning Afri’s reputation by asserting his involvement in wild conspiracies, demanding his immediate resignation, and most disturbing of all, issuing personal threats. It is hugely upsetting and chills free speech when any contributor, whether a developer, community builder or otherwise, is attacked, intimidated and is deliberately made to feel unsafe. This is far from the first time similar acts have been perpetrated. To give a few examples, Lane Rettig’s thoughtful post on increasing diversity in the space sparked unnecessary ad hominem comments.Taylor Monahan, who has been an utterly invaluable contributor to the space, tirelessly spearheading initiatives to raising awareness about security and usability, was also targeted following the birth of MyCrypto and then again, for expressing positive remarks about non-Ethereum technologies. Of course, Ethereum is not the only online crypto community being damaged by such behaviour. Jameson Lopp’s very real world ordeal caused by an anonymous person deliberately mis-identifying Jameson as an active shooter thereby drawing armed police to his home is yet another awful example of the intimidation that can be wrought in the midst of very heated debates. As Jameson wrote, “had a few variables been different that day, I could easily be dead.” We reiterate that the community aims to welcome constructive feedback on all decisions as best we can, given the global, digital environment of our project. Many ecosystem members have voiced valid concerns regarding influential players’ perceived or potential conflicts of interest, a more formalized recognition of how backlash can form when someone speaks provocatively in a widely used social media platform, and information for strong contributors who might be vulnerable to burnout. We also believe these concerns are valid, though designing a solution that the community can rally around will take time and lots of input. We call on the Fellowship of Ethereum Magicians to continue discussing these (and other) valid concerns in their forums and at the Paris meeting in March. Nonetheless, we cannot tolerate destructive behavior even if there are areas we can improve as a community. We, the undersigned, contributors and workers behind scores of projects, and those seeking to build better systems, feel that these actions have gone far beyond acceptable standards of debate: whatever the circumstance, threats against a person’s well-being can never be justified and we categorically reject such toxicity in digital communities. We also believe the Ethereum community values freedom, free speech, and privacy, but above all, it values basic respect for all human beings and seeks to promote and build systems which in turn promote and incentivize those very values. It should also be said that the Ethereum network is built, maintained and scaled by HUMANS. Though we are a global community, no single individual can be expected to be on call 24/7. Although many contributors represent projects funded by a vast array of people around the world, those contributors are entitled to express personal opinions through any medium they choose. We must preserve the mental and emotional health of those humans -- especially as they labor through their nights, weekends, often without pay in order to manifest the mission and vision of Ethereum. So we support Afri in this respect and will stand by and protect any others that are being intimidated, at any given time. Finally, Ethereum governance as a whole is a very pressing issue, which we as a community have yet to resolve. Those issues include how to hold the decisions and actions of core devs/contributors to wider scrutiny, and also ensuring that our community’s current power structures don’t sideline stakeholders with legitimate concerns. Ethereum is far from perfect. Like any other chain, we are experimenting with technologies never seen before. Navigating the frontier of discovery throws up the greatest turbulence. So as we build stronger systems for all of us to benefit, let’s also work together to ensure that we build better protocols for expressing community concerns and governing ourselves. To this end please join the conversation this March in Paris. Signatures (sorted alphabetically) Adam Kolar (Solidified) Adrian Manning (Sigma Prime - Lighthouse eth 2.0) Aidan Hyman (ChainSafe Systems- Lodestar eth 2.0 ) Alex Boerger (ETHBerlin - DoD) Alex Van de Sande (Ethereum Foundation) Andreas Wallendahl (ConsenSyS, kauri) Andrew (@cyber_hokie, AO.capital, EthHub Contributor) Anthony Lusardi (ETC Cooperative) Arjun Bhuptani (Connext) Arlyn Culwick (the Blocknet) Artem Kharlamov (@crypto_eli5) Auryn Macmillan(Colony) Ben Edgington (PegaSys) Billy Rennekamp (Clovers.network, Cosmos, Gnosis, ENSNifty, Memelordz) Boris Mann Bryant Eisenbach (fubuloubu) Caspar Schwa (DoD - ETHBerlin - brainbot) Chelsea Palmer (Carpe Lunam Events) Chris Fenos (ChainSafe Systems- Lodestar eth 2.0) Chris Hutchinson (Status) Coogan Brennan (ConsenSys Academy) Corey Petty (Status, Hashing It Out, The Bitcoin Podcast Network) Daud Zulfacar (license.rocks - Berlin Blockchain Week) Dave Appleton (HelloGold, Akomba Labs) David Ansermino (ChainSafe) Dean Eigenmann (ENS & ZK Labs) Devon Krantz (Linum Labs) Diederik Loerakker (Eth 2.0 contrib.) Dustin Brickwood (ChainSafe - Lodestar eth 2.0) E.G. Galano (@egalano Infura) Elias Haase (B9lab - DoD) Elissa Shevinsky (ETH Secure group, Soho Token Labs) Elizabeth Binks (ChainSafe) exiledsurfer (DoD) Fábio Hildebrand (Solidified) Fanny Lakoubay (Snark.art) Fauve Altman (State of the DApps - BerChain) Franziska Heintel (Brainbot - DoD) Gary Bernstein (CoTrader.com) Gonçalo Sá (@GNSPS) Gregory Markou (ChainSafe) Guto Martino (Dezentral - DoD) Helena Flack (Quantstamp - ETHBerlin- DoD) Harry Denley Holger Drewes (EthereumJS) Hudson Jameson (Ethereum Foundation) Igor Mandrigin (Status) Jacek Sieka (Status) Jack Gane (Authio) James Beck (ConsenSys) James Hancock (a Nobody in Berlin) James Moreau (@jrmoreau) James Quinn (Independent Ethereum Developer) Jamie Pitts (Eth. Foundation, Eth. Magicians, Eth. Financial Tools) Jason Civalleri (UNH Law Adjunct Professor) Jérôme de Tychey (Asseth - ConsenSys) John Light (Aragon One) Josef Jelacic (Ethereum Foundation, Institute of Cryptoanarchy) Joshua Mir (Parity Tech) Josh Stark (L4, ETHGlobal) Kirill Pimenov (Parity Tech) Kris Jones (Canada - just a social researcher that wants to see blockchain succeed and maintain healthy feedback mechanisms) Laura Giron (ConsenSys Design @lauragirons) Leo Arias (Zeppelin) Levi Morris (Lambdeth) ligi (EF - WallETH - DoD) Lili Feyerabend (radi.cards - DoD) Luke Anderson (Sigma Prime - Lighthouse eth 2.0) Maciej Hirsz (Parity Tech) María Paula Fernández (Golem- ETHBerlin - DoD) Martin Holst Swende (EF) Martin Lundfall (Dapphub) Martin Quensel (Centrifuge) Matej Nemcek (Progressbar, @yangwao, independent Ethereum developer) Matt Condon (XLNT) Maurelian (ConsenSys Diligence) Mick Ayzenberg (Security Innovation) Michael Yankelev (Linum Labs)Simona Pop (Bounties Network) Maya Byskov (Centrifuge - Berlin Blockchain Week) Mehdi Zerouali (Sigma Prime - Lighthouse eth 2.0) Mudit Gupta (Polymath) Nathalia Scherer (DAOstack) Nick Johnson (Ethereum Name Service) Nick Munoz-McDonald (Melon Technical Council) Nicolas Liochon (ConsenSys - PegaSys) Niran Babalola (Panvala) Oliver Nordbjerg (@ONordbjerg)Paul Hauner (Sigma Prime) Paul Vienhage - (Authio) Pet3rpan (MetaCartel) Philip Stehlik (Centrifuge - DoD) Piper Merriam (Snake Charmer) Preston Van Loon (Prysmatic Labs - Prysm eth 2.0) Priom Chowdhury (ChainSafe - Lodestar eth 2.0) Raul Romanutti (Parity Tech - DoD) Rex Hygate (SecurEth) Rhys Lindmark (MIT DCI, Grey Mirror) Robert Bent (Ethereum Foundation) Robert Habermeier (Parity Tech) Ryan Noble (Linum Labs) Scott Lewis (Concourse Open Community) Scott Moore (Gitcoin) Simona Pop (Bounties Network) Shiv Malik (Streamr) Stina Gustafsson (DoD) Stu Peters (Chainsafe) Terence Tsao (Prysmatic Labs - Prysm eth 2.0) Tim Beiko - (PegaSys) Tim Daubenschütz (Independent Ethereum Developer) Tomasz Kolinko (Eveem) Will Villanueva (R&D) Yalda Mousavinia (Autark - Space Decentral) Yaniv Fe Ziggy Zeidan (POA Network)
dcrd: Several steps towards multipeer downloads completed: an optimization to use in-memory block index and a new 1337 chain view. Maintenance: improved test coverage, upgrading dependency management system and preparing for the upcoming Go 1.11 release. dcrwallet: A big change introducing optional privacy-preserving SPV sync mode was merged. In this mode dcrwallet does not download the full blockchain but only gets the "filters", uses them to determine which blocks it needs and fetches them from random nodes on the network. This has on-disk footprint of 300-400 MB and sync time of minutes, compared to ~3.4 GB and sync time of hours for full sync (these are rough estimates).
jy-p: the server side of SPV (in dcrd) was deployed in v1.2.0, the client side of SPV (in dcrwallet) is in our next release, v1.3.0. Still some minor bugs in SPV that are being worked out. There will be an update to add the latest features from BIP 157/158 in the next few months. SPV will be optional in v1.3.0, but it will become the default after we get a proper header commitment for it (#general)
Decrediton: besides regular bugfixes and design improvements, several components are being developed in parallel like SPV mode, Politeia integration and Trezor support. Politeia: testing started on mainnet, thanks to everyone who is participating. A lot of testing, bugfixing and polishing is happening in preparation for full mainnet launch. There are also a few missing features to be added before launch, e.g. capacity to edit a proposal and versioning for that, discussion to remain open once voting starts. Decrediton integration is moving forward, check out this video for a demo and this meta issue for the full checklist. Trezor: Decrediton integration of initial Trezor support is in progress and there is a demo. Android: app design version 2.0 completed. dcrdata: development of several chart visualizations was completed and is awaiting deployment. Specifically, voting agendas and historic charts are merged while ticket pool visualization is in testing. atomicswap: @glendc is seeking reviews of his Ethereum support pull request. Dev activity stats for July: 252 active PRs, 220 master commits, 34,754 added and 12,847 deleted lines spread across 6 repositories. Contributions came from 6-10 developers per repository. (chart)
Hashrate: the month started at 40.5 and ended at 51.6 PH/s, with a low of 33.3 and a new all time high of 68.4 PH/s. F2Pool is leading with 40-45%, followed by the new BeePool at 15-25% and coinmine.pl at 18-23%. Staking: 30-day average ticket price is 92.6 DCR (-2.1). The price started the month at 94.6 and quickly retreated to month's low of 85 until 1,860 tickets were bought within a single period (versus target 720). This pushed the pool of tickets to 41,970 (2.5% above target), which in turn caused 10 price increases in a row to the month's high of 100.4. This was the highest ticket price seen on the new ticket price algorithm which has been in effect since Jul 2017. Second half of the month there was unusually low volatility between 92 and 94 DCR per ticket. Locked DCR held between 3.75 and 3.87 million or 46.6-48.0% of supply (+0.1% from previous peak). Nodes: there are 212 public listening and 216 normal nodes per dcred.eu. Version distribution: 67% on v1.2.0 (+10%), 24% on v1.1.2 (-1%), 7% on v1.1.0 (-7%). Node count data is not perfect but we can see the steady trend of upgrading to v1.2.0. This version of dcrd is notable for serving compact filters. The increased count of such full nodes allows the developers to test SPV client mode in preparations for the upcoming v1.3.0 release.
Obelisk posted three updates in July. For the most recent daily updates join their Discord. New miner from iBeLink: DSM7T hashes Blake256 at 7 TH/s or Blake2b at 3.5 TH/s, consumes 2,100 W and costs $3,800, shipping Aug 5-10. There were also speculations about the mysterious Pangolin Whatsminer DCR with the speed of 44 TH/s at 2,200 W and the cost of $3,888, shipping November. If you know more about it please share with us in #pow-mining channel.
emiliomann: stakebrasil is one of the pools with the lowest number of missed and expired tickets. It was one of the first and has a smaller percentage than the most recent ones who haven’t had the time to do so. (...) The Brazilian pool should be the one with the more servers spread around the world: 6 to decrease the latency. This is to explain to you why the [pool fee] rate of 5% (currently around 0.06 DCR) on the reward is also one of the highest. girino: 8 voting wallets now. I just finished setting up a new one yesterday. All of them in different datacenters, 3 in europe, 3 in north america, 1 in brazil and one in asia. We also have 3 more servers, 1 for the front end, one for "stats" and one for dcrdata. (#general)
On the mining side, Luxor started a new set of pool servers inside mainland China, while zpool has enabled Decred mining. StatX announced Decred integration into their live dashboard and public chat. Decred was added to Satowallet with BTC and ETH trading pairs. Caution: do your best to understand the security model before using any wallet software.
Marina Silva is the first presidential candidate in Brazil using blockchain to keep all their electoral donations transparent and traceable. VotoLegal uses Decred technology, awesome use case! (reddit)
We continue to see institutional interest in DCR. Large block buyers love the concept of staking as a way to earn additional income and appreciate the stakeholder rights it affords them. Likening a DCR investment to an activist shareholdebondholder gives these institutions some comfort while dipping their toes into a burgeoning new asset class.
Targeted advertising reports released for June and July. As usual, reach @timhebel for full versions.
Big news in June: Facebook reversed their policy on banning crypto ads. ICO ads are still banned, but we should be OK. My team filled out the appeal today, so we should hopefully hear something within a few days. (u/timhebel on reddit)
After couple weeks Facebook finally responded to the appeal and the next step is to verify the domain name via DNS. A pack of Stakey Telegram stickers is now available. Have fun!
Meetup in Berlin, Germany hosted by BlueYard Capital. @jz_bz and @lftherios discussed open source incentivization, the value of governance and their respective projects @decredproject and @oscoin. See @issedjur's feedback here. (photos: 1, 2, 3)
O'Reilly Open Source Convention in Portland, USA. @raedah's talk was "Decentralizing decision-making on the blockchain". Read his report here and see on the photos how the Big Stakey was entertaining the public. (photos: 1, 2, 3)
oregonisaac: many open source devs at OSCON were VERY interested in Politeia and it was probably the #1 hook that resulted in lots of long conversations about what makes Decred unique from the ground up. (#politeia)
Blockchain Meetup in Faro, Portugal. Marco Peereboom gave a talk "Decred 101" and answered questions.
Meetup in Lisbon, Portugal on Aug 2. @moo31337 and @mm will be presenting on Decred with talk "Decred 101 - Governance with skin in the game". Co-hosted by The Block Cafe. Free entrance.
Meetup in Taipei, Taiwan on Aug 5. @morphymore will give a short intro on Decred.
OKEx Global Meetup Tour in Ho Chi Minh City, Vietnam on Aug 9. @joshuam will introduce Decred and on-chain governance and take part in a panel discussion.
Twitter: Ari Paul debates "There can be only one" aka "highlander argument". Reddit and Forum: how ticket pool size influences average vote time; roadmap concerns; why ticket price was volatile; ideas for using Reddit chat for dcrtrader and alternative chat systems; insette's write-up on Andrew Stone's GROUP proposal for miner-validated tokenization that is superior to current OP_RETURN-based schemes; James Liu's paper to extend atomic swaps to financial derivatives; what happens when all DCR are mined, tail emission and incentives for miners. Chats: why tickets don't have 100% chance to vote; ideas for more straightforward marketing; long-running chat about world economy and failure modes; @brandon's thoughts on tokenizing everything, ICOs, securities, sidechains and more; challenges of staking with Trezor; ideas how to use CryptoSteel wallet with Decred; why exchange can't stake your coins, how staking can increase security, why the function to export seed from wallet is bad idea and why dcrwallet doesn't ever store the seed; ticket voting math; discussion about how GitHub workflow forces to depend on modern web browser and possible alternatives; funding marketing and education in developing markets, vetting contractors based on deliverables, "Decred contractor clearance", continued in #governance. #dex channel continues to attract thinkers and host chats about influence of exchanges, regulation, HFT, lot sizes, liquidity, on-chain vs off-chain swaps, to name a few topics. #governance also keeps growing and hosting high quality conversations.
In July DCR was trading in USD 56-76 and BTC 0.0072-0.0109 range. A recovery started after a volume boost of up to $10.5 m on Fex around Jul 13, but once Bitcoin headed towards USD ~8,000 DCR declined along with most altcoins. WalletInvestor posted a prediction on dcrtrader. Decred was noticed in top 10 mineable coins on coinmarketcap.com.
One million PCs in China were infected via browser plugins to mine Decred, Siacoin and Digibyte. In a Unchained podcast episode David Vorick shared why ASICs are better than GPUs even if they tend toward mining centralization and also described Obelisk's new Launchpad service. (missed in June issue) Sia project moved to GitLab. The stated reasons are to avoid the risk of depending on centralized service, to avoid vendor lock-in, better continuous integration and testing, better access control and the general direction to support decentralized and open source projects. Luxor explained why PPS pools are better. @nic__carter published slides from his talk "An Overview of Governance in Blockchains" from Zcon0. This article arguing the importance of governance systems dates back to 2007. Bancor wallet was hacked. This reminds us about the fake feeling of decentralizaion, that custody of funds is dangerous and that smart contracts must have minimum complexity and be verifiable. Circle announced official Poloniex mobile apps for iOS and Android. On Jul 27 Circle announced delisting of 9 coins from Poloniex that led to a loss of 23-81% of their value same day. Sad reminder about how much a project can depend on a single centralized exchange. DCR supply and market cap is now correct on onchainfx.com and finally, on coinmarketcap.com. Thanks to @sumiflow, @jz and others doing the tedious work to reach out the various websites.
About This Issue
An extensive guide for cashing out bitcoin and cryptocurrencies into private banks
Hey guys. Merry Xmas ! I am coming back to you with a follow up post, as I have helped many people cash out this year and I have streamlined the process. After my original post, I received many requests to be more specific and provide more details. I thought that after the amazing rally we have been attending over the last few months, and the volatility of the last few days, it would be interesting to revisit more extensively. The attitude of banks around crypto is changing slowly, but it is still a tough stance. For the first partial cash out I operated around a year ago for a client, it took me months to find a bank. They wouldn’t want to even consider the case and we had to knock at each and every door. Despite all my contacts it was very difficult back in the days. This has changed now, and banks have started to open their doors, but there is a process, a set of best practices and codes one has to follow. I often get requests from crypto guys who are very privacy-oriented, and it takes me months to have them understand that I am bound by Swiss law on banking secrecy, and I am their ally in this onboarding process. It’s funny how I have to convince people that banks are legit, while on the other side, banks ask me to show that crypto millionaires are legit. I have a solid background in both banking and in crypto so I manage to make the bridge, but yeah sometimes it is tough to reconcile the two worlds. I am a crypto enthusiast myself and I can say that after years of work in the banking industry I have grown disillusioned towards banks as well, like many of you. Still an account in a Private bank is convenient and powerful. So let’s get started.
A. What is required to open an account in a Private bank when you made your fortune through crypto.
There are two different aspects to your onboarding in a Swiss Private bank, compliance-wise. *The origin of your crypto wealth *Your background (residence, citizenship and probity) These two aspects must be documented in-depth. How to document your crypto wealth. Each new crypto millionaire has a different story. I may detail a few fun stories later in this post, but at the end of the day, most of crypto rich I have met can be categorized within the following profiles: the miner, the early adopter, the trader, the corporate entity, the black market, the libertarian/OTC buyer. The real question is how you prove your wealth is legit. 1. Context around the original amount/investment Generally speaking, your first crypto purchase may not be documented. But the context around this acquisition can be. I have had many cases where the original amount was bought through Mtgox, and no proof of purchase could be provided, nor could be documented any Mtgox claim. That’s perfectly fine. At some point Mtgox amounted 70% of the bitcoin transactions globally, and people who bought there and managed to withdraw and keep hold of their bitcoins do not have any Mtgox claim. This is absolutely fine. However, if you can show me the record of a wire from your bank to Tisbane (Mtgox's parent company) it's a great way to start. Otherwise, what I am trying to document here is the following: I need context. If you made your first purchase by saving from summer jobs, show me a payroll. Even if it was USD 2k. If you acquired your first bitcoins from mining, show me the bills of your mining equipment from 2012 or if it was through a pool mine, give me your slushpool account ref for instance. If you were given bitcoin against a service you charged, show me an invoice. 2. Tracking your wealth until today and making sense of it. What I have been doing over the last few months was basically educating compliance officers. Thanks God, the blockchain is a global digital ledger! I have been telling my auditors and compliance officers they have the best tool at their disposal to lead a proper investigation. Whether you like it or not, your wealth can be tracked, from address to address. You may have thought all along this was a bad feature, but I am telling you, if you want to cash out, in the context of Private Banking onboarding, tracking your wealth through the block explorer is a boon. We can see the inflows, outflows. We can see the age behind an address. An early adopter who bought 1000 BTC in 2010, and let his bitcoin behind one address and held thus far is legit, whether or not he has a proof of purchase to show. That’s just common sense. My job is to explain that to the banks in a language they understand. Let’s have a look at a few examples and how to document the few profiles I mentioned earlier. The trader. I love traders. These are easy cases. I have a ton of respect for them. Being a trader myself in investment banks for a decade earlier in my career has taught me that controlling one’s emotions and having the discipline to impose oneself some proper risk management system is really really hard. Further, being able to avoid the exchange bankruptcy and hacks throughout crypto history is outstanding. It shows real survival instinct, or just plain blissed ignorance. In any cases traders at exchange are easy cases to corroborate since their whole track record is potentially available. Some traders I have met have automated their trading and have shown me more than 500k trades done over the span of 4 years. Obviously in this kind of scenario I don’t show everything to the bank to avoid information overload, and prefer to do some snacking here and there. My strategy is to show the early trades, the most profitable ones, explain the trading strategy and (partially expose) the situation as of now with id pages of the exchanges and current balance. Many traders have become insensitive to the risk of parking their crypto at exchange as they want to be able to trade or to grasp an occasion any minute, so they generally do not secure a substantial portion on the blockchain which tends to make me very nervous. The early adopter. Provided that he has not mixed his coin, the early adopter or “hodler” is not a difficult case either. Who cares how you bought your first 10k btc if you bought them below 3$ ? Even if you do not have a purchase proof, I would generally manage to find ways. We just have to corroborate the original 30’000 USD investment in this case. I mainly focus on three things here: *proof of early adoption I have managed to educate some banks on a few evidences specifically related to crypto markets. For instance with me, an old bitcointalk account can serve as a proof of early adoption. Even an old reddit post from a few years ago where you say how much you despise this Ripple premined scam can prove to be a treasure readily available to show you were early. *story telling Compliance officers like to know when, why and how. They are human being looking for simple answers to simple questions and they don’t want like to be played fool. Telling the truth, even without a proof can do wonders, and even though bluffing might still work because banks don’t fully understand bitcoin yet, it is a risky strategy that is less and less likely to pay off as they are getting more sophisticated by the day. *micro transaction from an old address you control This is the killer feature. Send a $20 worth transaction from an old address to my company wallet and to one of my partner bank’s wallet and you are all set ! This is gold and considered a very solid piece of evidence. You can also do a microtransaction to your own wallet, but banks generally prefer transfer to their own wallet. Patience with them please. they are still learning. *signature message Why do a micro transaction when you can sign a message and avoid potentially tainting your coins ? *ICO millionaire Some clients made their wealth participating in ETH crowdsale or IOTA ICO. They were very easy to deal with obviously and the account opening was very smooth since we could evidence the GENESIS TxHash flow. The miner Not so easy to proof the wealth is legit in that case. Most early miners never took screenshot of the blocks on bitcoin core, nor did they note down the block number of each block they mined. Until the the Slashdot article from August 2010 anyone could mine on his laptop, let his computer run overnight and wake up to a freshly minted block containing 50 bitcoins back in the days. Not many people were structured enough to store and secure these coins, avoid malwares while syncing the blockchain continuously, let alone document the mined blocks in the process. What was 50 BTC worth really for the early miners ? dust of dollars, games and magic cards… Even miners post 2010 are generally difficult to deal with in terms of compliance onboarding. Many pool mining are long dead. Deepbit is down for instance and the founders are MIA. So my strategy to proof mining activity is as follow: *Focusing on IT background whenever possible. An IT background does help a lot to bring some substance to the fact you had the technical ability to operate a mining rig. *Showing mining equipment receipts. If you mined on your own you must have bought the hardware to do so. For instance mining equipment receipts from butterfly lab from 2012-2013 could help document your case. Similarly, high electricity bill from your household on a consistent basis back in the day could help. I have already unlocked a tricky case in the past with such documents when the bank was doubtful. *Wallet.dat files with block mining transactions from 2011 thereafter This obviously is a fantastic piece of evidence for both you and me if you have an old wallet and if you control an address that received original mined blocks, (even if the wallet is now empty). I will make sure compliance officers understand what it means, and as for the early adopter, you can prove your control over these wallet through a microtransaction. With these kind of addresses, I can show on the block explorer the mined block rewards hitting at regular time interval, and I can even spot when difficulty level increased or when halvening process happened. *Poolmining account. Here again I have educated my partner bank to understand that a slush account opened in 2013 or an OnionTip presence was enough to corroborate mining activity. The block explorer then helps me to do the bridge with your current wallet. *Describing your set up and putting it in context In the history of mining we had CPU, GPU, FPG and ASICs mining. I will describe your technical set up and explain why and how your set up was competitive at that time. The corporate entity Remember 2012 when we were all convinced bitcoin would take over the world, and soon everyone would pay his coffee in bitcoin? How naïve we were to think transaction fees would remain low forever. I don’t blame bitcoin cash supporters; I once shared this dream as well. Remember when we thought global adoption was right around the corner and some brick and mortar would soon accept bitcoin transaction as a common mean of payment? Well, some shop actually did accept payment and held. I had a few cases as such of shops holders, who made it to the multi million mark holding and had invoices or receipts to proof the transactions. If you are organized enough to keep a record for these trades and are willing to cooperate for the documentation, you are making your life easy. The digital advertising business is also a big market for the bitcoin industry, and affiliates partner compensated in btc are common. It is good to show an invoice, it is better to show a contract. If you do not have a contract (which is common since all advertising deals are about ticking a check box on the website to accept terms and conditions), there are ways around that. If you are in that case, pm me. The black market Sorry guys, I can’t do much for you officially. Not that I am judging you. I am a libertarian myself. It’s just already very difficult to onboard legit btc adopters, so the black market is a market I cannot afford to consider. My company is regulated so KYC and compliance are key for me if I want to stay in business. Behind each case I push forward I am risking the credibility and reputation I have built over the years. So I am sorry guys I am not risking it to make an extra buck. Your best hope is that crypto will eventually take over the world and you won’t need to cash out anyway. Or go find a Lithuanian bank that is light on compliance and cooperative. The OTC buyer and the libertarian. Generally a very difficult case. If you bought your stack during your journey in Japan 5 years ago to a guy you never met again; or if you accumulated on https://localbitcoins.com/ and kept no record or lost your account, it is going to be difficult. Not impossible but difficult. We will try to build a case with everything else we have, and I may be able to onboard you. However I am risking a lot here so I need to be 100% confident you are legit, before I defend you. Come & see me in Geneva, and we will talk. I will run forensic services like elliptic, chainalysis, or scorechain on an extract of your wallet. If this scan does not raise too many red flags, then maybe we can work together ! If you mixed your coins all along your crypto history, and shredded your seeds because you were paranoid, or if you made your wealth mining professionally monero over the last 3 years but never opened an account at an exchange. ¯_(ツ)_/¯ I am not a magician and don’t get me wrong, I love monero, it’s not the point. Cashing out ICOs Private companies or foundations who have ran an ICO generally have a very hard time opening a bank account. The few banks that accept such projects would generally look at 4 criteria: *Seriousness of the project Extensive study of the whitepaper to limit the reputation risk *AML of the onboarding process ICOs 1.0 have no chance basically if a background check of the investors has not been conducted *Structure of the moral entity List of signatories, certificate of incumbency, work contract, premises... *Fiscal conformity Did the company informed the authorities and seek a fiscal ruling.
B. The tax issue I am not a tax specialist, but I can say that this year I have seen it all. Again I am not judging. You made $100m hodling, and still wouldn’t pay your taxes ? Your decision.I personally advise everyone to pay their taxes, but also to be generous, to give to charities. I mean you eventually made it. Good for you. What about you contribute to make the world a better place now? I will stop patronizing you. It’s just my 2cts, and it’s your money.
For the record, I am not into the tax avoidance business, so people come to me with a set up and I see if I can make it work within the legal framework imposed to me. First, stop thinking Switzerland is a “offshore heaven” Swiss banks have made deals with many governments for the exchange of fiscal information. If you are a French citizen, resident in France and want to open an account in a Private Bank in Switzerland to cash out your bitcoins, you will get slaughtered (>60%). There are ways around that, and I could refer you to good tax specialists for fiscal optimization, but I cannot organize it myself. It would be illegal for me. Swiss private banks makes it easy for you to keep a good your relation with your retail bank and continue paying your bills without headaches. They are integrated to SEPA, provide ebanking and credit cards. For information, these are the kind of set up some of my clients came up with. It’s all legal; obviously I do not onboard clients that are not tax compliant. Further disclaimer: I did not contribute myself to these set up. Do not ask me to organize it for you. I won’t. EU tricks Swiss lump sum taxation Foreign nationals resident in Switzerland can be taxed on a lump-sum basis if they are not gainfully employed in our country. Under the lump-sum tax regime, foreign nationals taking residence in Switzerland may choose to pay an expense-based tax instead of ordinary income and wealth tax. Attractive cantons for the lump sum taxation are Zug, Vaud, Valais, Grisons, Lucerne and Berne. To make it short, you will be paying somewhere between 200 and 400k a year and all expenses will be deductible. Switzerland has adopted a very friendly attitude towards crypto currency in general. There is a whole crypto valley in Zug now. 30% of ICOs are operated in Switzerland. The reason is that Switzerland has thrived for centuries on banking secrecy, and today with FATCA and exchange of fiscal info with EU, banking secrecy is dead. Regulators in Switzerland have understood that digital ledger technologies were a way to roll over this competitive advantage for the generations to come. Switzerland does not tax capital gains on crypto profits. The Finma has a very pragmatic approach. They have issued guidance- updated guidelines here. They let the business get organized and operate their analysis on a case per case basis. Only after getting a deep understanding of the market will they issue a global fintech license in 2019. This approach is much more realistic than legislations which try to regulate everything beforehand. Italy new tax exemption. It’s a brand new fiscal exemption. Go to Aoste, get residency and you could be taxed a 100k/year for 10years. Yes, really. Portugal What’s crazy in Europe is the lack of fiscal harmonization. Even if no one in Brussels dares admit it, every other country is doing fiscal dumping. Portugal is such a country and has proved very friendly fiscally speaking. I personally have a hard time trusting Europe. I have witnessed what happened in Greece over the last few years. Some of our ultra high net worth clients got stuck with capital controls. I mean no way you got out of crypto to have your funds confiscated at the next financial crisis! Anyway. FYI Malta Generally speaking, if you get a residence somewhere you have to live there for a certain period of time. Being stuck in Italy is no big deal with Schengen Agreement, but in Malta it is a different story. In Malta, the ordinary residence scheme is more attractive than the HNWI residence scheme. Being an individual, you can hold a residence permit under this scheme and pay zero income tax in Malta in a completely legal way. Monaco Not suitable for French citizens, but for other Ultra High Net worth individual, Monaco is worth considering. You need an account at a local bank as a proof of fortune, and this account generally has to be seeded with at least EUR500k. You also need a proof of residence. I do mean UHNI because if you don’t cash out minimum 30m it’s not interesting. Everything is expensive in Monaco. Real Estate is EUR 50k per square meter. A breakfast at Monte Carlo Bay hotel is 70 EUR. Monaco is sunny but sometimes it feels like a golden jail. Do you really want that for your kids? Dubaï
Set up a company in Dubaï, get your resident card.
Spend one day every 6 month there
Be tax free
US tricks Some Private banks in Geneva do have the license to manage the assets of US persons and U.S citizens. However, do not think it is a way to avoid paying taxes in the US. Opening an account at an authorized Swiss Private banks is literally the same tax-wise as opening an account at Fidelity or at Bank of America in the US. The only difference is that you will avoid all the horror stories. Horror stories are all real by the way. In Switzerland, if you build a decent case and answer all the questions and corroborate your case in depth, you will manage to convince compliance officers beforehand. When the money eventually hits your account, it is actually available and not frozen. The IRS and FATCA require to file FBAR if an offshore account is open. However FBAR is a reporting requirement and does not have taxes related to holding an account outside the US. The taxes would be the same if the account was in the US. However penalties for non compliance with FBAR are very large. The tax liability management is actually performed through the management of the assets ( for exemple by maximizing long term capital gains and minimizing short term gains). The case for Porto Rico. Full disclaimer here. I am not encouraging this. Have not collaborated on such tax avoidance schemes. if you are interested I strongly encourage you to seek a tax advisor and get a legal opinion. I am not responsible for anything written below. I am not going to say much because I am so afraid of uncle Sam that I prefer to humbly pass the hot potato to pwc From here all it takes is a good advisor and some creativity to be tax free on your crypto wealth if you are a US person apparently. Please, please please don’t ask me more. And read the disclaimer again. Trust tricks Generally speaking I do not accept fringe fiscal situation because it puts me in a difficult situation to the banks I work with, and it is already difficult enough to defend a legit crypto case. Trust might be a way to optimize your fiscal situation. Belize. Bahamas. Seychelles. Panama, You name it. At the end of the day, what matters for Swiss Banks are the beneficial owner and the settlor. Get a legal opinion, get it done, and when you eventually knock at a private bank’s door, don’t say it was for fiscal avoidance you stupid ! You will get the door smashed upon you. Be smarter. It will work. My advice is just to have it done by a great tax specialist lawyer, even if it costs you some money, as the entity itself needs to be structured in a professional way. Remember that with trust you are dispossessing yourself off your wealth. Not something to be taken lightly. “Anonymous” cash out. Right. I think I am not going into this topic, neither expose the ways to get it done. Pm me for details. I already feel a bit uncomfortable with all the info I have provided. I am just going to mention many people fear that crypto exchange might become reporting entities soon, and rightly so. This might happen anyday. You have been warned. FYI, this only works for non-US and large cash out. The difference between traders an investors. Danmark, Holland and Germany all make a huge difference if you are a passive investor or if you are a trader. ICO is considered investing for instance and is not taxed, while trading might be considered as income and charged aggressively. I would try my best to protect you and put a focus on your investor profile whenever possible, so you don't have to pay 52% tax if you do not have to :D
C. The cash out itself So you have accumulated patiently a good amount of wealth. For some of us who have been involved in crypto since 2010, it took years. Remember when BTC was stuck at 200$ for months? I personally feel like it was yesterday. There is no way you screw up your wealth by cashing out in a hurry or with low security standards. Here is how the cash out takes should place.
Full cash out or partial cash out? People who have been sitting on crypto for long have grown an emotional and irrational link with their coins. They come to me and say, look, I have 50m in crypto but I would like to cash out 500k only. So first let me tell you that as a wealth manager my advice to you is to take some off the table. Doing a partial cash out is absolutely fine. The market is bullish. We are witnessing a redistribution of wealth at a global scale. Bitcoin is the real #occupywallstreet, and every one will discuss crypto at Xmas eve which will make the market even more supportive beginning 2018, especially with all hedge funds entering the scene. If you want to stay exposed to bitcoin and altcoins, and believe these techs will change the world, it’s just natural you want to keep some coins. In the meantime, if you have lived off pizzas over the last years, and have the means to now buy yourself an nice house and have an account at a private bank, then f***ing do it mate ! Buy physical gold with this account, buy real estate, have some cash at hands. Even though US dollar is worthless to your eyes, it’s good and convenient to have some. Also remember your wife deserves it ! And if you have no wife yet and you are socially awkward like the rest of us, then maybe cashing out partially will help your situation ;) What the Private Banks expect. Joke aside, it is important you understand something. If you come around in Zurich to open a bank account and partially cash out, just don’t expect Private Banks will make an exception for you if you are small. You can’t ask them to facilitate your cash out, buy a 1m apartment with the proceeds of the sale, and not leave anything on your current account. It won’t work. Sadly, under 5m you are considered small in private banking. The bank is ok to let you open an account, provided that your kyc and compliance file are validated, but they will also want you to become a client and leave some money there to invest. This might me despicable, but I am just explaining you their rules. If you want to cash out, you should sell enough to be comfortable and have some left. Also expect the account opening to last at least 3-4 week if everything goes well. You can't just open an account overnight. The cash out logistics. Cashing out 1m USD a day in bitcoin or more is not so hard. Let me just tell you this: Even if you get a Tier 4 account with Kraken and ask Alejandro there to raise your limit over $100k per day, Even if you have a bitfinex account and you are willing to expose your wealth there, Even if you have managed to pass all the crazy due diligence at Bitstamp, The amount should be fractioned to avoid risking your full wealth on exchange and getting slaughtered on the price by trading big quantities. Cashing out involves significant risks at all time. There is a security risk of compromising your keys, a counterparty risk, a fat finger risk. Let it be done by professionals. It is worth every single penny. Most importantly, there is a major difference between trading on an exchange and trading OTC. Even though it’s not publicly disclosed some exchange like Kraken do have OTC desks. Trading on an exchange for a large amount will weight on the prices. Bitcoin is a thin market. In my opinion over 30% of the coins are lost in translation forever. Selling $10m on an exchange in a day can weight on the prices more than you’d think. And if you trade on a exchange, everything is shown on record, and you might wipe out the prices because on exchanges like bitstamp or kraken ultimately your counterparties are retail investors and the market depth is not huge. It is a bit better on Bitfinex. It is way better to trade OTC. Accessing the institutional OTC market is not easy, and that is also the reason why you should ask a regulated financial intermediary if we are talking about huge amounts. Last point, always chose EUR as opposed to USD. EU correspondent banks won’t generally block institutional amounts. However we had the cases of USD funds frozen or delayed by weeks. Most well-known OTC desks are Cumberlandmining (ask for Lucas), Genesis (ask for Martin), Bitcoin Suisse AG (ask for Niklas), circletrade, B2C2, or Altcoinomy (ask for Olivier) Very very large whales can also set up escrow accounts for massive block trades. This world, where blocks over 30k BTC are exchanged between 2 parties would deserve a reddit thread of its own. Crazyness all around. Your options: DIY or going through a regulated financial intermediary. Execution trading is a job in itself. You have to be patient, be careful not to wipe out the order book and place limit orders, monitor the market intraday for spikes or opportunities. At big levels, for a large cash out that may take weeks, these kind of details will save you hundred thousands of dollars. I understand crypto holders are suspicious and may prefer to do it by themselves, but there are regulated entities who now offer the services. Besides, being a crypto millionaire is not a guarantee you will get institutional daily withdrawal limits at exchange. You might, but it will take you another round of KYC with them, and surprisingly this round might be even more aggressive that the ones at Private banks since exchange have gone under intense scrutiny by regulators lately. The fees for cashing out through a regulated financial intermediary to help you with your cash out should be around 1-2% flat on the nominal, not more. And for this price you should get the full package: execution/monitoring of the trades AND onboarding in a private bank. If you are asked more, you are being abused. Of course, you also have the option to do it yourself. It is a way more tedious and risky process. Compliance with the exchange, compliance with the private bank, trading BTC/fiat, monitoring the transfers…You will save some money but it will take you some time and stress. Further, if you approach a private bank directly, it will trigger a series of red flag to the banks. As I said in my previous post, they call a direct approach a “walk-in”. They will be more suspicious than if you were introduced by someone and won’t hesitate to show you high fees and load your portfolio with in-house products that earn more money to the banks than to you. Remember also most banks still do not understand crypto so you will have a lot of explanations to provide and you will have to start form scratch with them! The paradox of crypto millionaires Most of my clients who made their wealth through crypto all took massive amount of risks to end up where they are. However, most of them want their bank account to be managed with a low volatility fixed income capital preservation risk profile. This is a paradox I have a hard time to explain and I think it is mainly due to the fact that most are distrustful towards banks and financial markets in general. Many clients who have sold their crypto also have a cash-out blues in the first few months. This is a classic situation. The emotions involved in hodling for so long, the relief that everything has eventually gone well, the life-changing dynamics, the difficulties to find a new motivation in life…All these elements may trigger a post cash-out depression. It is another paradox of the crypto rich who has every card in his hand to be happy, but often feel a bit sad and lonely. Sometimes, even though it’s not my job, I had to do some psychological support. A lot of clients have also become my friends, because we have the same age and went through the same “ordeal”. First world problem I know… Remember, cashing out is not the end. It’s actually the beginning. Don’t look back, don’t regret. Cash out partially, because it does not make sense to cash out in full, regret it and want back in. relax. The race to cash out crypto billionaire and the concept of late exiter. The Winklevoss brothers are obviously the first of a series. There will be crypto billionaires. Many of them. At a certain level you can have a whole family office working for you to manage your assets and take care of your needs . However, let me tell you it’s is not because you made it so big that you should think you are a genius and know everything better than anyone. You should hire professionals to help you. Managing assets require some education around the investment vehicles and risk management strategies. Sorry guys but with all the respect I have for wallstreebet, AMD and YOLO stock picking, some discipline is necessary. The investors who have made money through crypto are generally early adopters. However I have started to see another profile popping up. They are not early adopters. They are late exiters. It is another way but just as efficient. Last week I met the first crypto millionaire I know who first bough bitcoin over 1000$. 55k invested at the beginning of this year. Late adopter & late exiter is a route that can lead to the million. Last remarks. I know banks, bankers, and FIAT currencies are so last century. I know some of you despise them and would like to have them burn to the ground. With compliance officers taking over the business, I would like to start the fire myself sometimes. I hope this extensive guide has helped some of you. I am around if you need more details. I love my job despite all my frustration towards the banking industry because it makes me meet interesting people on a daily basis. I am a crypto enthusiast myself, and I do think this tech is here to stay and will change the world. Banks will have to adapt big time. Things have started to change already; they understand the threat is real. I can feel the generational gap in Geneva, with all these old bankers who don’t get what’s going on. They glaze at the bitcoin chart on CNBC in disbelief and they start to get it. This bitcoin thing is not a joke. Deep inside, as an early adopter who also intends to be a late exiter, as a libertarian myself, it makes me smile with satisfaction. Cheers. @swisspb on telegram
A distributed hash table (DHT) is a class of a decentralized distributed system that provides a lookup service similar to a hash table: (key, value) pairs are stored in a DHT, and any participating node can efficiently retrieve the value associated with a given key. Responsibility for maintaining the mapping from keys to values is distributed among the nodes, in such a way that a change in the ... According to NIST (I'm no expert) a Pearson hash can be order-preserving. The hash uses an auxiliary table. Such a table can (in theory) be constructed such that the resulting hash is order preserving. It doesn't meet your full requirements though, because it doesn't reduce the size as you would like. I'm posting this in case other people are ... That money sits in a landfill now! Especially if Bitcoin wants to go more mainstream there would be some security issues to be resolved. But they have to be resolved in a way so as to not throw out the baby with the bathwater, i.e., by preserving the payment finality, anonymity, and convenience of Bitcoin. A third Bitcoin investment option: Futures In their original paper, Storing a sparse table with O(1) worst case access time (Fredman, Kolmos and Szemeredi, Proc. FOCS '82, IEEE, 1982), the authors show that a perfect hash function must exist, provided that the table is the square of the number of elements in the key space. The key part of the proof bounds the number of possible keys that can produce a particular collision. Order-preserving minimal perfect hash functions require necessarily bits to be represented. Related constructions . A simple alternative to perfect hashing, which also allows dynamic updates, is cuckoo hashing. This scheme maps keys to two or more locations within a range (unlike perfect hashing which maps each key to a single location) but does so in such a way that the keys can be assigned ...
Bitcoin Cash Hash War, Hard Fork and Shadiness, A Video Essay on BCH + BSV, Bitcoin Satoshi Vision
WARNING: BITCOIN IS ABOUT TO DO SOMETHING IT HASN'T DONE IN 7 YEARS (btc price prediction today news - Duration: 39:09. Crypto Crew University 35,073 views 39:09 Bitcoin : How to Find Hash ID and What is it? BITCOIN SIMPLIFIED #4 - Duration: 9:29. ... Clueless White Guy Orders in Perfect Chinese, Shocks Patrons and Staff - Duration: 8:11. Xiaomanyc ... First lecture of the Bitcoin and cryptocurrency technologies online course. For the accompanying textbook, including the free draft version, see: http://bitc... Bitcoin Cash split into two on November 15th, 2018. The whole situation was pretty insane from an observer's point of view. I was deep in the community and could see everything going on. Here I ... made with ezvid, BitCoin World Hindi. ePay.info was lunched on September, 2014 to give multiple services to Bitcoin community. Right now we offer Faucet middle man service . That allowed faucet ...