All Bitcoin Private keys

Useful snippet to dump all Bitcoin addresses and privkeys from your wallet.

Useful snippet to dump all Bitcoin addresses and privkeys from your wallet. submitted by dyslexiccoder to Bitcoin [link] [comments]

noobQuestion. If i have bitcoin in a deterministic wallet like electrum and i import just one private key to a different computer will all my addresses be accessible that came from the same seed. Without the seed words being transferred to the other computer, just one privkey.

if this questions doesn't make sense i will try again.
basically i want my brother to have access to one address i control so i can put money in there and also move it out when i need to. but i don't want all my BTC to pop up in his electrum.
submitted by MakeTotalDestr0i to Bitcoin [link] [comments]

noobQuestion. If i have bitcoin in a deterministic wallet like electrum and i import just one private key to a different computer will all my addresses be accessible that came from the same seed. Without the seed words being transferred to the other computer, just one privkey. /r/Bitcoin

noobQuestion. If i have bitcoin in a deterministic wallet like electrum and i import just one private key to a different computer will all my addresses be accessible that came from the same seed. Without the seed words being transferred to the other computer, just one privkey. /Bitcoin submitted by BitcoinAllBot to BitcoinAll [link] [comments]

Technical: Taproot: Why Activate?

This is a follow-up on https://old.reddit.com/Bitcoin/comments/hqzp14/technical_the_path_to_taproot_activation/
Taproot! Everybody wants it!! But... you might ask yourself: sure, everybody else wants it, but why would I, sovereign Bitcoin HODLer, want it? Surely I can be better than everybody else because I swapped XXX fiat for Bitcoin unlike all those nocoiners?
And it is important for you to know the reasons why you, o sovereign Bitcoiner, would want Taproot activated. After all, your nodes (or the nodes your wallets use, which if you are SPV, you hopefully can pester to your wallet vendoimplementor about) need to be upgraded in order for Taproot activation to actually succeed instead of becoming a hot sticky mess.
First, let's consider some principles of Bitcoin.
I'm sure most of us here would agree that the above are very important principles of Bitcoin and that these are principles we would not be willing to remove. If anything, we would want those principles strengthened (especially the last one, financial privacy, which current Bitcoin is only sporadically strong with: you can get privacy, it just requires effort to do so).
So, how does Taproot affect those principles?

Taproot and Your /Coins

Most HODLers probably HODL their coins in singlesig addresses. Sadly, switching to Taproot would do very little for you (it gives a mild discount at spend time, at the cost of a mild increase in fee at receive time (paid by whoever sends to you, so if it's a self-send from a P2PKH or bech32 address, you pay for this); mostly a wash).
(technical details: a Taproot output is 1 version byte + 32 byte public key, while a P2WPKH (bech32 singlesig) output is 1 version byte + 20 byte public key hash, so the Taproot output spends 12 bytes more; spending from a P2WPKH requires revealing a 32-byte public key later, which is not needed with Taproot, and Taproot signatures are about 9 bytes smaller than P2WPKH signatures, but the 32 bytes plus 9 bytes is divided by 4 because of the witness discount, so it saves about 11 bytes; mostly a wash, it increases blockweight by about 1 virtual byte, 4 weight for each Taproot-output-input, compared to P2WPKH-output-input).
However, as your HODLings grow in value, you might start wondering if multisignature k-of-n setups might be better for the security of your savings. And it is in multisignature that Taproot starts to give benefits!
Taproot switches to using Schnorr signing scheme. Schnorr makes key aggregation -- constructing a single public key from multiple public keys -- almost as trivial as adding numbers together. "Almost" because it involves some fairly advanced math instead of simple boring number adding, but hey when was the last time you added up your grocery list prices by hand huh?
With current P2SH and P2WSH multisignature schemes, if you have a 2-of-3 setup, then to spend, you need to provide two different signatures from two different public keys. With Taproot, you can create, using special moon math, a single public key that represents your 2-of-3 setup. Then you just put two of your devices together, have them communicate to each other (this can be done airgapped, in theory, by sending QR codes: the software to do this is not even being built yet, but that's because Taproot hasn't activated yet!), and they will make a single signature to authorize any spend from your 2-of-3 address. That's 73 witness bytes -- 18.25 virtual bytes -- of signatures you save!
And if you decide that your current setup with 1-of-1 P2PKH / P2WPKH addresses is just fine as-is: well, that's the whole point of a softfork: backwards-compatibility; you can receive from Taproot users just fine, and once your wallet is updated for Taproot-sending support, you can send to Taproot users just fine as well!
(P2WPKH and P2WSH -- SegWit v0 -- addresses start with bc1q; Taproot -- SegWit v1 --- addresses start with bc1p, in case you wanted to know the difference; in bech32 q is 0, p is 1)
Now how about HODLers who keep all, or some, of their coins on custodial services? Well, any custodial service worth its salt would be doing at least 2-of-3, or probably something even bigger, like 11-of-15. So your custodial service, if it switched to using Taproot internally, could save a lot more (imagine an 11-of-15 getting reduced from 11 signatures to just 1!), which --- we can only hope! --- should translate to lower fees and better customer service from your custodial service!
So I think we can say, very accurately, that the Bitcoin principle --- that YOU are in control of your money --- can only be helped by Taproot (if you are doing multisignature), and, because P2PKH and P2WPKH remain validly-usable addresses in a Taproot future, will not be harmed by Taproot. Its benefit to this principle might be small (it mostly only benefits multisignature users) but since it has no drawbacks with this (i.e. singlesig users can continue to use P2WPKH and P2PKH still) this is still a nice, tidy win!
(even singlesig users get a minor benefit, in that multisig users will now reduce their blockchain space footprint, so that fees can be kept low for everybody; so for example even if you have your single set of private keys engraved on titanium plates sealed in an airtight box stored in a safe buried in a desert protected by angry nomads riding giant sandworms because you're the frickin' Kwisatz Haderach, you still gain some benefit from Taproot)
And here's the important part: if P2PKH/P2WPKH is working perfectly fine with you and you decide to never use Taproot yourself, Taproot will not affect you detrimentally. First do no harm!

Taproot and Your Contracts

No one is an island, no one lives alone. Give and you shall receive. You know: by trading with other people, you can gain expertise in some obscure little necessity of the world (and greatly increase your productivity in that little field), and then trade the products of your expertise for necessities other people have created, all of you thereby gaining gains from trade.
So, contracts, which are basically enforceable agreements that facilitate trading with people who you do not personally know and therefore might not trust.
Let's start with a simple example. You want to buy some gewgaws from somebody. But you don't know them personally. The seller wants the money, you want their gewgaws, but because of the lack of trust (you don't know them!! what if they're scammers??) neither of you can benefit from gains from trade.
However, suppose both of you know of some entity that both of you trust. That entity can act as a trusted escrow. The entity provides you security: this enables the trade, allowing both of you to get gains from trade.
In Bitcoin-land, this can be implemented as a 2-of-3 multisignature. The three signatories in the multisgnature would be you, the gewgaw seller, and the escrow. You put the payment for the gewgaws into this 2-of-3 multisignature address.
Now, suppose it turns out neither of you are scammers (whaaaat!). You receive the gewgaws just fine and you're willing to pay up for them. Then you and the gewgaw seller just sign a transaction --- you and the gewgaw seller are 2, sufficient to trigger the 2-of-3 --- that spends from the 2-of-3 address to a singlesig the gewgaw seller wants (or whatever address the gewgaw seller wants).
But suppose some problem arises. The seller gave you gawgews instead of gewgaws. Or you decided to keep the gewgaws but not sign the transaction to release the funds to the seller. In either case, the escrow is notified, and if it can sign with you to refund the funds back to you (if the seller was a scammer) or it can sign with the seller to forward the funds to the seller (if you were a scammer).
Taproot helps with this: like mentioned above, it allows multisignature setups to produce only one signature, reducing blockchain space usage, and thus making contracts --- which require multiple people, by definition, you don't make contracts with yourself --- is made cheaper (which we hope enables more of these setups to happen for more gains from trade for everyone, also, moon and lambos).
(technology-wise, it's easier to make an n-of-n than a k-of-n, making a k-of-n would require a complex setup involving a long ritual with many communication rounds between the n participants, but an n-of-n can be done trivially with some moon math. You can, however, make what is effectively a 2-of-3 by using a three-branch SCRIPT: either 2-of-2 of you and seller, OR 2-of-2 of you and escrow, OR 2-of-2 of escrow and seller. Fortunately, Taproot adds a facility to embed a SCRIPT inside a public key, so you can have a 2-of-2 Taprooted address (between you and seller) with a SCRIPT branch that can instead be spent with 2-of-2 (you + escrow) OR 2-of-2 (seller + escrow), which implements the three-branched SCRIPT above. If neither of you are scammers (hopefully the common case) then you both sign using your keys and never have to contact the escrow, since you are just using the escrow public key without coordinating with them (because n-of-n is trivial but k-of-n requires setup with communication rounds), so in the "best case" where both of you are honest traders, you also get a privacy boost, in that the escrow never learns you have been trading on gewgaws, I mean ewww, gawgews are much better than gewgaws and therefore I now judge you for being a gewgaw enthusiast, you filthy gewgawer).

Taproot and Your Contracts, Part 2: Cryptographic Boogaloo

Now suppose you want to buy some data instead of things. For example, maybe you have some closed-source software in trial mode installed, and want to pay the developer for the full version. You want to pay for an activation code.
This can be done, today, by using an HTLC. The developer tells you the hash of the activation code. You pay to an HTLC, paying out to the developer if it reveals the preimage (the activation code), or refunding the money back to you after a pre-agreed timeout. If the developer claims the funds, it has to reveal the preimage, which is the activation code, and you can now activate your software. If the developer does not claim the funds by the timeout, you get refunded.
And you can do that, with HTLCs, today.
Of course, HTLCs do have problems:
Fortunately, with Schnorr (which is enabled by Taproot), we can now use the Scriptless Script constuction by Andrew Poelstra. This Scriptless Script allows a new construction, the PTLC or Pointlocked Timelocked Contract. Instead of hashes and preimages, just replace "hash" with "point" and "preimage" with "scalar".
Or as you might know them: "point" is really "public key" and "scalar" is really a "private key". What a PTLC does is that, given a particular public key, the pointlocked branch can be spent only if the spender reveals the private key of the given public key to you.
Another nice thing with PTLCs is that they are deniable. What appears onchain is just a single 2-of-2 signature between you and the developemanufacturer. It's like a magic trick. This signature has no special watermarks, it's a perfectly normal signature (the pledge). However, from this signature, plus some datta given to you by the developemanufacturer (known as the adaptor signature) you can derive the private key of a particular public key you both agree on (the turn). Anyone scraping the blockchain will just see signatures that look just like every other signature, and as long as nobody manages to hack you and get a copy of the adaptor signature or the private key, they cannot get the private key behind the public key (point) that the pointlocked branch needs (the prestige).
(Just to be clear, the public key you are getting the private key from, is distinct from the public key that the developemanufacturer will use for its funds. The activation key is different from the developer's onchain Bitcoin key, and it is the activation key whose private key you will be learning, not the developer's/manufacturer's onchain Bitcoin key).
So:
Taproot lets PTLCs exist onchain because they enable Schnorr, which is a requirement of PTLCs / Scriptless Script.
(technology-wise, take note that Scriptless Script works only for the "pointlocked" branch of the contract; you need normal Script, or a pre-signed nLockTimed transaction, for the "timelocked" branch. Since Taproot can embed a script, you can have the Taproot pubkey be a 2-of-2 to implement the Scriptless Script "pointlocked" branch, then have a hidden script that lets you recover the funds with an OP_CHECKLOCKTIMEVERIFY after the timeout if the seller does not claim the funds.)

Quantum Quibbles!

Now if you were really paying attention, you might have noticed this parenthetical:
(technical details: a Taproot output is 1 version byte + 32 byte public key, while a P2WPKH (bech32 singlesig) output is 1 version byte + 20 byte public key hash...)
So wait, Taproot uses raw 32-byte public keys, and not public key hashes? Isn't that more quantum-vulnerable??
Well, in theory yes. In practice, they probably are not.
It's not that hashes can be broken by quantum computes --- they're still not. Instead, you have to look at how you spend from a P2WPKH/P2PKH pay-to-public-key-hash.
When you spend from a P2PKH / P2WPKH, you have to reveal the public key. Then Bitcoin hashes it and checks if this matches with the public-key-hash, and only then actually validates the signature for that public key.
So an unconfirmed transaction, floating in the mempools of nodes globally, will show, in plain sight for everyone to see, your public key.
(public keys should be public, that's why they're called public keys, LOL)
And if quantum computers are fast enough to be of concern, then they are probably fast enough that, in the several minutes to several hours from broadcast to confirmation, they have already cracked the public key that is openly broadcast with your transaction. The owner of the quantum computer can now replace your unconfirmed transaction with one that pays the funds to itself. Even if you did not opt-in RBF, miners are still incentivized to support RBF on RBF-disabled transactions.
So the extra hash is not as significant a protection against quantum computers as you might think. Instead, the extra hash-and-compare needed is just extra validation effort.
Further, if you have ever, in the past, spent from the address, then there exists already a transaction indelibly stored on the blockchain, openly displaying the public key from which quantum computers can derive the private key. So those are still vulnerable to quantum computers.
For the most part, the cryptographers behind Taproot (and Bitcoin Core) are of the opinion that quantum computers capable of cracking Bitcoin pubkeys are unlikely to appear within a decade or two.
So:
For now, the homomorphic and linear properties of elliptic curve cryptography provide a lot of benefits --- particularly the linearity property is what enables Scriptless Script and simple multisignature (i.e. multisignatures that are just 1 signature onchain). So it might be a good idea to take advantage of them now while we are still fairly safe against quantum computers. It seems likely that quantum-safe signature schemes are nonlinear (thus losing these advantages).

Summary

I Wanna Be The Taprooter!

So, do you want to help activate Taproot? Here's what you, mister sovereign Bitcoin HODLer, can do!

But I Hate Taproot!!

That's fine!

Discussions About Taproot Activation

submitted by almkglor to Bitcoin [link] [comments]

Weird behavior when scripting electrum's ECPrivkey(...).sign_transaction(...)

Update

Nevermind... Electrum is performing low-value R-grinding and bitcoinlib and CoinBin are not. For anyone interested, the grinding code his here. Nuking the while look makes the sigs the same.
A few days ago I used bitcoinlib to create a OP_CLTV transaction. Tonight I did the same with Electrum 4.0.4 via python and my sigs don't match.
The TXN I'm trying to match is:
The TXN has the following characteristics:
When I try signing the sighash (pre-image hash) using both bitcoinlib and Electrum 4.0.4, I get different results. I coded the TXN through another wallet as well (CoinBin), and bitcoinlib seems to be producing the proper signature, but Electrum's seems off.
I'm sure there is something simple I'm missing, but I can't figure it out.
Here's a test script to illustrate the differences:
``` from bitcoin.core.key import use_libsecp256k1_for_signing from bitcoin.core import x, b2x from bitcoin.wallet import CBitcoinSecret from electrum.ecc import ECPrivkey from electrum.bitcoin import EncodeBase58Check
use_libsecp256k1_for_signing(True) sechex = '535b755a4c265772c4f6c7e0316bfd21e24c9e47441989e14e8133c7cb2f41a3' hashhex = '9039c54c1c34aa12b69b4dda962f501bb6c9cdb6745014ef326f5d4d0472aa99' seckey = CBitcoinSecret.from_secret_bytes(x(sechex)) sig = seckey.sign(x(hashhex)) b_wif = str(seckey) b_pub = b2x(seckey.pub) b_sig = b2x(sig) seckey = ECPrivkey(x(sechex)) sig = seckey.sign_transaction(x(hashhex)) e_wif = EncodeBase58Check(b'\x80' + seckey.get_secret_bytes() + b'\x01') e_pub = seckey.get_public_key_hex(compressed=True) e_sig = b2x(sig) assert b_wif == e_wif assert b_pub == e_pub print("wif:", b_wif) print("pub:", b_pub) print("sighash:", hashhex) print("bitcoinlib sig:", b_sig) print("electrum sig: ", e_sig) 
```
The resultant sigs are:
Thoughts?
submitted by brianddk to Electrum [link] [comments]

[ Bitcoin ] Technical: Taproot: Why Activate?

Topic originally posted in Bitcoin by almkglor [link]
This is a follow-up on https://old.reddit.com/Bitcoin/comments/hqzp14/technical_the_path_to_taproot_activation/
Taproot! Everybody wants it!! But... you might ask yourself: sure, everybody else wants it, but why would I, sovereign Bitcoin HODLer, want it? Surely I can be better than everybody else because I swapped XXX fiat for Bitcoin unlike all those nocoiners?
And it is important for you to know the reasons why you, o sovereign Bitcoiner, would want Taproot activated. After all, your nodes (or the nodes your wallets use, which if you are SPV, you hopefully can pester to your wallet vendoimplementor about) need to be upgraded in order for Taproot activation to actually succeed instead of becoming a hot sticky mess.
First, let's consider some principles of Bitcoin.
I'm sure most of us here would agree that the above are very important principles of Bitcoin and that these are principles we would not be willing to remove. If anything, we would want those principles strengthened (especially the last one, financial privacy, which current Bitcoin is only sporadically strong with: you can get privacy, it just requires effort to do so).
So, how does Taproot affect those principles?

Taproot and Your /Coins

Most HODLers probably HODL their coins in singlesig addresses. Sadly, switching to Taproot would do very little for you (it gives a mild discount at spend time, at the cost of a mild increase in fee at receive time (paid by whoever sends to you, so if it's a self-send from a P2PKH or bech32 address, you pay for this); mostly a wash).
(technical details: a Taproot output is 1 version byte + 32 byte public key, while a P2WPKH (bech32 singlesig) output is 1 version byte + 20 byte public key hash, so the Taproot output spends 12 bytes more; spending from a P2WPKH requires revealing a 32-byte public key later, which is not needed with Taproot, and Taproot signatures are about 9 bytes smaller than P2WPKH signatures, but the 32 bytes plus 9 bytes is divided by 4 because of the witness discount, so it saves about 11 bytes; mostly a wash, it increases blockweight by about 1 virtual byte, 4 weight for each Taproot-output-input, compared to P2WPKH-output-input).
However, as your HODLings grow in value, you might start wondering if multisignature k-of-n setups might be better for the security of your savings. And it is in multisignature that Taproot starts to give benefits!
Taproot switches to using Schnorr signing scheme. Schnorr makes key aggregation -- constructing a single public key from multiple public keys -- almost as trivial as adding numbers together. "Almost" because it involves some fairly advanced math instead of simple boring number adding, but hey when was the last time you added up your grocery list prices by hand huh?
With current P2SH and P2WSH multisignature schemes, if you have a 2-of-3 setup, then to spend, you need to provide two different signatures from two different public keys. With Taproot, you can create, using special moon math, a single public key that represents your 2-of-3 setup. Then you just put two of your devices together, have them communicate to each other (this can be done airgapped, in theory, by sending QR codes: the software to do this is not even being built yet, but that's because Taproot hasn't activated yet!), and they will make a single signature to authorize any spend from your 2-of-3 address. That's 73 witness bytes -- 18.25 virtual bytes -- of signatures you save!
And if you decide that your current setup with 1-of-1 P2PKH / P2WPKH addresses is just fine as-is: well, that's the whole point of a softfork: backwards-compatibility; you can receive from Taproot users just fine, and once your wallet is updated for Taproot-sending support, you can send to Taproot users just fine as well!
(P2WPKH and P2WSH -- SegWit v0 -- addresses start with bc1q; Taproot -- SegWit v1 --- addresses start with bc1p, in case you wanted to know the difference; in bech32 q is 0, p is 1)
Now how about HODLers who keep all, or some, of their coins on custodial services? Well, any custodial service worth its salt would be doing at least 2-of-3, or probably something even bigger, like 11-of-15. So your custodial service, if it switched to using Taproot internally, could save a lot more (imagine an 11-of-15 getting reduced from 11 signatures to just 1!), which --- we can only hope! --- should translate to lower fees and better customer service from your custodial service!
So I think we can say, very accurately, that the Bitcoin principle --- that YOU are in control of your money --- can only be helped by Taproot (if you are doing multisignature), and, because P2PKH and P2WPKH remain validly-usable addresses in a Taproot future, will not be harmed by Taproot. Its benefit to this principle might be small (it mostly only benefits multisignature users) but since it has no drawbacks with this (i.e. singlesig users can continue to use P2WPKH and P2PKH still) this is still a nice, tidy win!
(even singlesig users get a minor benefit, in that multisig users will now reduce their blockchain space footprint, so that fees can be kept low for everybody; so for example even if you have your single set of private keys engraved on titanium plates sealed in an airtight box stored in a safe buried in a desert protected by angry nomads riding giant sandworms because you're the frickin' Kwisatz Haderach, you still gain some benefit from Taproot)
And here's the important part: if P2PKH/P2WPKH is working perfectly fine with you and you decide to never use Taproot yourself, Taproot will not affect you detrimentally. First do no harm!

Taproot and Your Contracts

No one is an island, no one lives alone. Give and you shall receive. You know: by trading with other people, you can gain expertise in some obscure little necessity of the world (and greatly increase your productivity in that little field), and then trade the products of your expertise for necessities other people have created, all of you thereby gaining gains from trade.
So, contracts, which are basically enforceable agreements that facilitate trading with people who you do not personally know and therefore might not trust.
Let's start with a simple example. You want to buy some gewgaws from somebody. But you don't know them personally. The seller wants the money, you want their gewgaws, but because of the lack of trust (you don't know them!! what if they're scammers??) neither of you can benefit from gains from trade.
However, suppose both of you know of some entity that both of you trust. That entity can act as a trusted escrow. The entity provides you security: this enables the trade, allowing both of you to get gains from trade.
In Bitcoin-land, this can be implemented as a 2-of-3 multisignature. The three signatories in the multisgnature would be you, the gewgaw seller, and the escrow. You put the payment for the gewgaws into this 2-of-3 multisignature address.
Now, suppose it turns out neither of you are scammers (whaaaat!). You receive the gewgaws just fine and you're willing to pay up for them. Then you and the gewgaw seller just sign a transaction --- you and the gewgaw seller are 2, sufficient to trigger the 2-of-3 --- that spends from the 2-of-3 address to a singlesig the gewgaw seller wants (or whatever address the gewgaw seller wants).
But suppose some problem arises. The seller gave you gawgews instead of gewgaws. Or you decided to keep the gewgaws but not sign the transaction to release the funds to the seller. In either case, the escrow is notified, and if it can sign with you to refund the funds back to you (if the seller was a scammer) or it can sign with the seller to forward the funds to the seller (if you were a scammer).
Taproot helps with this: like mentioned above, it allows multisignature setups to produce only one signature, reducing blockchain space usage, and thus making contracts --- which require multiple people, by definition, you don't make contracts with yourself --- is made cheaper (which we hope enables more of these setups to happen for more gains from trade for everyone, also, moon and lambos).
(technology-wise, it's easier to make an n-of-n than a k-of-n, making a k-of-n would require a complex setup involving a long ritual with many communication rounds between the n participants, but an n-of-n can be done trivially with some moon math. You can, however, make what is effectively a 2-of-3 by using a three-branch SCRIPT: either 2-of-2 of you and seller, OR 2-of-2 of you and escrow, OR 2-of-2 of escrow and seller. Fortunately, Taproot adds a facility to embed a SCRIPT inside a public key, so you can have a 2-of-2 Taprooted address (between you and seller) with a SCRIPT branch that can instead be spent with 2-of-2 (you + escrow) OR 2-of-2 (seller + escrow), which implements the three-branched SCRIPT above. If neither of you are scammers (hopefully the common case) then you both sign using your keys and never have to contact the escrow, since you are just using the escrow public key without coordinating with them (because n-of-n is trivial but k-of-n requires setup with communication rounds), so in the "best case" where both of you are honest traders, you also get a privacy boost, in that the escrow never learns you have been trading on gewgaws, I mean ewww, gawgews are much better than gewgaws and therefore I now judge you for being a gewgaw enthusiast, you filthy gewgawer).

Taproot and Your Contracts, Part 2: Cryptographic Boogaloo

Now suppose you want to buy some data instead of things. For example, maybe you have some closed-source software in trial mode installed, and want to pay the developer for the full version. You want to pay for an activation code.
This can be done, today, by using an HTLC. The developer tells you the hash of the activation code. You pay to an HTLC, paying out to the developer if it reveals the preimage (the activation code), or refunding the money back to you after a pre-agreed timeout. If the developer claims the funds, it has to reveal the preimage, which is the activation code, and you can now activate your software. If the developer does not claim the funds by the timeout, you get refunded.
And you can do that, with HTLCs, today.
Of course, HTLCs do have problems:
Fortunately, with Schnorr (which is enabled by Taproot), we can now use the Scriptless Script constuction by Andrew Poelstra. This Scriptless Script allows a new construction, the PTLC or Pointlocked Timelocked Contract. Instead of hashes and preimages, just replace "hash" with "point" and "preimage" with "scalar".
Or as you might know them: "point" is really "public key" and "scalar" is really a "private key". What a PTLC does is that, given a particular public key, the pointlocked branch can be spent only if the spender reveals the private key of the given private key to you.
Another nice thing with PTLCs is that they are deniable. What appears onchain is just a single 2-of-2 signature between you and the developemanufacturer. It's like a magic trick. This signature has no special watermarks, it's a perfectly normal signature (the pledge). However, from this signature, plus some datta given to you by the developemanufacturer (known as the adaptor signature) you can derive the private key of a particular public key you both agree on (the turn). Anyone scraping the blockchain will just see signatures that look just like every other signature, and as long as nobody manages to hack you and get a copy of the adaptor signature or the private key, they cannot get the private key behind the public key (point) that the pointlocked branch needs (the prestige).
(Just to be clear, the public key you are getting the private key from, is distinct from the public key that the developemanufacturer will use for its funds. The activation key is different from the developer's onchain Bitcoin key, and it is the activation key whose private key you will be learning, not the developer's/manufacturer's onchain Bitcoin key).
So:
Taproot lets PTLCs exist onchain because they enable Schnorr, which is a requirement of PTLCs / Scriptless Script.
(technology-wise, take note that Scriptless Script works only for the "pointlocked" branch of the contract; you need normal Script, or a pre-signed nLockTimed transaction, for the "timelocked" branch. Since Taproot can embed a script, you can have the Taproot pubkey be a 2-of-2 to implement the Scriptless Script "pointlocked" branch, then have a hidden script that lets you recover the funds with an OP_CHECKLOCKTIMEVERIFY after the timeout if the seller does not claim the funds.)

Quantum Quibbles!

Now if you were really paying attention, you might have noticed this parenthetical:
(technical details: a Taproot output is 1 version byte + 32 byte public key, while a P2WPKH (bech32 singlesig) output is 1 version byte + 20 byte public key hash...)
So wait, Taproot uses raw 32-byte public keys, and not public key hashes? Isn't that more quantum-vulnerable??
Well, in theory yes. In practice, they probably are not.
It's not that hashes can be broken by quantum computes --- they're still not. Instead, you have to look at how you spend from a P2WPKH/P2PKH pay-to-public-key-hash.
When you spend from a P2PKH / P2WPKH, you have to reveal the public key. Then Bitcoin hashes it and checks if this matches with the public-key-hash, and only then actually validates the signature for that public key.
So an unconfirmed transaction, floating in the mempools of nodes globally, will show, in plain sight for everyone to see, your public key.
(public keys should be public, that's why they're called public keys, LOL)
And if quantum computers are fast enough to be of concern, then they are probably fast enough that, in the several minutes to several hours from broadcast to confirmation, they have already cracked the public key that is openly broadcast with your transaction. The owner of the quantum computer can now replace your unconfirmed transaction with one that pays the funds to itself. Even if you did not opt-in RBF, miners are still incentivized to support RBF on RBF-disabled transactions.
So the extra hash is not as significant a protection against quantum computers as you might think. Instead, the extra hash-and-compare needed is just extra validation effort.
Further, if you have ever, in the past, spent from the address, then there exists already a transaction indelibly stored on the blockchain, openly displaying the public key from which quantum computers can derive the private key. So those are still vulnerable to quantum computers.
For the most part, the cryptographers behind Taproot (and Bitcoin Core) are of the opinion that quantum computers capable of cracking Bitcoin pubkeys are unlikely to appear within a decade or two.
So:
For now, the homomorphic and linear properties of elliptic curve cryptography provide a lot of benefits --- particularly the linearity property is what enables Scriptless Script and simple multisignature (i.e. multisignatures that are just 1 signature onchain). So it might be a good idea to take advantage of them now while we are still fairly safe against quantum computers. It seems likely that quantum-safe signature schemes are nonlinear (thus losing these advantages).

Summary

I Wanna Be The Taprooter!

So, do you want to help activate Taproot? Here's what you, mister sovereign Bitcoin HODLer, can do!

But I Hate Taproot!!

That's fine!

Discussions About Taproot Activation

almkglor your post has been copied because one or more comments in this topic have been removed. This copy will preserve unmoderated topic. If you would like to opt-out, please send a message using [this link].
[deleted comment]
[deleted comment]
[deleted comment]
submitted by anticensor_bot to u/anticensor_bot [link] [comments]

This format isn't working in electrum for a compressed address with corresponding wif key compressed



Tried to get this to work in electrum, but it does not, corresponding with the wif key compressed / perhaps a different format could work here ,
privkey="yourprivatkeyhere" orig_format,secret,compressed=bitcoin.deserialize_privkey( privkey ) bitcoin.serialize_privkey(secret,False,orig_format)
trying to get the compressed version, somehow in electrum or other wallet format
submitted by braonmyheadformask to Bitcoin [link] [comments]

This format isn't working in electrum for a compressed address with corresponding wif key compressed


Tried to get this to work in electrum, but it does not, corresponding with the wif key compressed / perhaps a different format could work here ,
privkey="yourprivatkeyhere" orig_format,secret,compressed=bitcoin.deserialize_privkey( privkey ) bitcoin.serialize_privkey(secret,False,orig_format)
trying to get the compressed version, somehow in electrum or other wallet format
submitted by braonmyheadformask to btc [link] [comments]

Keylogger found on several HP laptops

http://www.zdnet.com/article/keylogger-found-on-several-hp-laptops/
Another risk for brain wallets. In-app soft keyboard should be considered.
Edit: soft keyboard provided by OS may not help.
submitted by exab to Bitcoin [link] [comments]

Jeff Garzik on Twitter: "P.S. Core alternatives not just subject to verbal attacks. Every single Core alternative has been DDoS'd. Pools DDoS'd after supporting alts"

Jeff Garzik on Twitter: submitted by sandakersmann to btc [link] [comments]

Upcoming Updates to Bitcoin Consensus

Price and Libra posts are shit boring, so let's focus on a technical topic for a change.
Let me start by presenting a few of the upcoming Bitcoin consensus changes.
(as these are consensus changes and not P2P changes it does not include erlay or dandelion)
Let's hope the community strongly supports these upcoming updates!

Schnorr

The sexy new signing algo.

Advantages

Disadvantages

MuSig

A provably-secure way for a group of n participants to form an aggregate pubkey and signature. Creating their group pubkey does not require their coordination other than getting individual pubkeys from each participant, but creating their signature does require all participants to be online near-simultaneously.

Advantages

Disadvantages

Taproot

Hiding a Bitcoin SCRIPT inside a pubkey, letting you sign with the pubkey without revealing the SCRIPT, or reveal the SCRIPT without signing with the pubkey.

Advantages

Disadvantages

MAST

Encode each possible branch of a Bitcoin contract separately, and only require revelation of the exact branch taken, without revealing any of the other branches. One of the Taproot script versions will be used to denote a MAST construction. If the contract has only one branch then MAST does not add more overhead.

Advantages

Disadvantages

submitted by almkglor to Bitcoin [link] [comments]

A little gift for the little newborn of a friend of mine. The deal is to hold it for the next 10 years :-)

A little gift for the little newborn of a friend of mine. The deal is to hold it for the next 10 years :-) submitted by zener79 to Bitcoin [link] [comments]

Bitcoin Wallet For Mom

My mom collects what she like to call "protection fee" from me monthly. Basically just some some money to send her way to show I care. Starting next month she wants me to send her bitcoins instead. What kind of wallet should I set up for her?
Requirements:
My current plan is just plain ol paper wallet. What do you guys think?
submitted by kay_wolfe to Bitcoin [link] [comments]

Why is Bitcoin protocol not fixed against TX malleability once and for all?

At present, a transaction malleability attack is hitting the Bitcoin network. This causes no loss of funds but often requires manual interactions at the side of service providers and also wallet end users. Moreover, it renders Bitcoin's feature of spending unconfirmed transactions useless, which is a pity.
The problem is that the sender's signature of a transaction does not cover the complete transaction string, so an attacker can pick any unconfirmed transaction, change the parts that are not covered by the signature, thereby creating a new valid(!) transaction that he broadcasts to the network. This looks like a double spend then (albeit with identical in- and outputs).
To me this is a fundamental design flaw that should be fixed soon!
The signature that the sender adds to the transaction should cover every single bit of the transaction (incl. any tx IDs or whatever), and not only input+output addresses and fee and amounts. This way, any tx malleability would be impossible by design!
The fact that this is not the case seems like a fundamental and completely unnecessary Bitcoin design flaw, actually I am shocked that it is still there.
I am even more shocked to read that there might(?) be several different/unknown malleability attacks possible.
Shouldn't it be easy to fix this once and for all with a protocol upgrade which respects the most basic property of a digital signature, namely that the signature spans over the COMPLETE transaction string? I cannot see what disadvantages this should bring and assume the fix should be relatively simple for a new protocol version.
It could even be downwards compatible in that the new transaction format is introduced on top of the legacy format (which still remains valid [and prone to malleability]). So wallets could implement the new format and thereby advertise to be 100% safe against tx malleability. At a later point in time, once the old format amounts to less than 1% of all transactions, another protocol update could be introduced that renders the old transaction format invalid.
submitted by Amichateur to Bitcoin [link] [comments]

Bitcoin Core Wallet - Signing BTC Issue

I'm trying to claim HEX by signing BTC now
my BTC is in Bitcoin Core wallet v0.18.1
my addresses all start with the number 3
when I try to sign the addresses I get an error: "The entered address does not refer to a key."

Someone with same issue:
https://bitcointalk.org/index.php?topic=3225732.msg34149122#msg34149122

Bitcoin Github Issue: Signmessage doesn't work with segwit addresses
https://github.com/bitcoin/bitcoin/issues/10542

More References:
https://github.com/bitcoin/bitcoin/issues/12539
https://www.reddit.com/Bitcoin/comments/80dutq/bitcoin_core_016_cannot_signverify_message_with/
https://github.com/ChristopherA/Learning-Bitcoin-from-the-Command-Line/issues/36

UPDATE: FOUND SOLUTION
  1. dumpprivkey "address"
  2. signmessagewithprivkey "privkey" "message"
Please click my referral link if this helped you
https://hex.win/?r=0x36ECd27625efeECeF5E8e62Cfdbd3F990801bA96
submitted by togoshige to HEXcrypto [link] [comments]

I don't dare to split my pre-fork BCH.

Want to convert all to BSV. My BCH are now in ledger Bitcoin Cash wallet.The Electron Cash how to split tutorial is too complicated.
Bitcoinsv.io guide to split says "wait until we announce safe solution/tool".
But me and many here want to split and convert now. Looking for a wallet/tool where, after importing the 24-word seed used in ledger I will get 2 wallets/adresses with equal amounts of BCH and BSV, which I then can use with the old or new seed/privkey.
Please help
submitted by Felixjp to bitcoincashSV [link] [comments]

Dogecoin buy with AGC?

Where can I sell a $5 Amazon Gift card code for Doge?
And I need a Dogecoin wallet which works on Ubuntu?
Thank you
Ps: Sorry, new to this and everything.
submitted by jemaiyah to dogecoin [link] [comments]

Bitcoin-qt is taking weeks to sync and Im not half way, is there a way to access an encrypted wallet.dat

submitted by snickers01 to Bitcoin [link] [comments]

N00b question about importing keys

If I take my profit keys and put it into another wallet does it transfer all my coins into that wallet? If I import it into another wallet and make a transaction with that wallet will it be reflected in my current wallet?
submitted by idonthaveanametoday to BitcoinBeginners [link] [comments]

How to get the private keys to your android wallet?

Only who has the keys has the coins is the old saying we use all the time. How can I get the private keys to my addres I use on my android dogecoin wallet?
I've read a lot of guides, but no solution has worked for me so far. Maybe the guides are outdated?
I have the android app installed and my android wallet is working fine. Before you copy and paste old guides to me, let me say I have bitcoinj and dogecoinj installed and running, I have OpenSSL running but I was still not successful so far. I also have root access on the phone, as this might help.
Any input is very much apprechiated!
submitted by RealParity to dogecoin [link] [comments]

How to safely use a private key more than once across time?

I would like to create a relatively safe way to keep bitcoin. I decided to use a paper wallet that I will keep in more than one location.
So I ran Ubuntu off a flash-drive and loaded bitaddress.org. I went off line, then made a paper wallet and printed it. I formatted the Ubuntu flash-drive. I put ten eurocents in the wallet and I can see it works: the money arrived.
Now I want to test whether retrieving also works. Cause I don't want to put a bigger sum of money into something I'm not sure of I can take it out of again.
With Mycelium on my Android phone I can tap on "Cold starage" and I could take 5 cents out of the wallet. The Mycelium app says that "every trace of the private key will be erased", but how do I know whether I can trust that?
So for the sake of testing (@ 5 cents) but also for the sake of one day maybe wanting to take out only 20% of the funds, I would like to safely use the private key more than once across time. How do I safely do that?
I suppose the answer is to only use a private key once and empty it out completely, but lets say I want to reuse it and accept to be "sub-safe", what would the best way be?
Thanks for the advice. T
submitted by T9Da8Bre to Bitcoin [link] [comments]

Electrum question

Quick question regarding electrum, will the version that I have installed currently (2.7.18) always be useable to access my bitcoins? Or is there a chance that bitcoin will change in someway making my current version of electrum obsolete.
submitted by Bitcoinewbie1 to Bitcoin [link] [comments]

Database Bitcoin Private key How to Generate a Private Key from a Bitcoin watch only ... Bitcoin Private key and Adress list Download ! 2020 ... How to Convert Massive #Bitcoin Private keys extended hex ... Importing Private Keys Into Dogecoin Wallet  Wallet ...

Introduction. Ownership of Bitcoin Cash is established through digital keys, Bitcoin Cash addresses, and digital signatures.The digital keys are not actually stored in the network, but are instead created and stored by users in a file, or simple database, called a wallet.The digital keys in a user’s wallet are completely independent of the Bitcoin Cash protocol and can be generated and ... Bitcoin wallet import format. Apirone Bitcoin all private keys. All Private Keys.com. About wallets. Get Lucky. Check Bitcoin address. Add keys. All private keys. Try our new Version with native Segregated Witness and Bitcoin Cash addresses. 10 random Bitcoin wallets: There are random generated Bitcoin private keys, converted into WIF format and hashed to addresses. After getting Bitcoin ... Bitcoin Private Keys Directory. PrivateKeys.pw is the most complete Bitcoin, Bitcoin Segwit, Bitcoin Cash, Bitcoin SV, Ethereum, Litecoin, Dogecoin, Dash, Zcash, CLAM private keys explorer. Our directory contains all possible Elliptic Curve Digital Signature Algorithm (ECDSA) secp256k1 private keys in decimal, hexadecimal, raw, and WIF formats. In cryptocurrencies, a private key allows a user to gain access to their wallet. The person who holds the private key fully controls the coins in that wallet. For this reason, you should keep it secret. And if you really want to generate the key yourself, it makes sense to generate it in a secure way. Here, I will provide an introduction to private keys and show you how you can generate your ... I created a website and add bitcoin payment option on it, create a new wallet on the blockchain, I have an API key from blockchain.info and xpub key, but for the transaction, I need a “bitcoin Secret key”. I just want to know that, every key have is own private key, so if i extract the private or secret key and add in site admin panel so it works for all. I am confused,

[index] [38909] [23476] [37873] [34691] [40419] [9016] [24156] [21919] [20903] [9012]

Database Bitcoin Private key

HI GUYS..BAGI KAMU YANG MAU DAPAT BONUS 100% DEPOSIT SILAHKAN DAFTAR DI https://bit.ly/2z5fQ7B https://bit.ly/2z5fQ7B =====... Hi Here some bitcoin adress and private keys. You can transfer all to your wallet. I do not want to risk and i sell them cheaply. You can download here : htt... Check how easy it might be, the tool is available at: https://bitcointalk.org/index.php?topic=421842.0 #MassPrivatekeysToWIF Convert Massive #Bitcoin Private keys extended hex to WIF at once. This tool convert private keys bitcoin hexadecimal format to WIF for... Database Bitcoin Private Key 2017, bitcoin private key hack.

#