A Design For An Efficient Coordinated Financial Computing Platform

A Design For An Efficient Coordinated Financial Computing Platform

Jag Sidhu

Feb 25, 2021·41 min read


Bitcoin was the first to attempt to offer a practical outcome in the General’s Dilemma using Crypto Economic rationale and incentives. Ethereum was the first to abstract the concept of Turing completeness within similar frameworks assumed by Bitcoin.

What Syscoin presents is a combination of both Bitcoin and Ethereum with intuitions built on top to achieve a more efficient financial computing platform which leverages coordination to achieve consensus using Crypto Economic rationale and incentives.

We propose a four-layer tech stack using Syscoin as the base (host) layer, which provides an efficient (ie, low gas cost per transaction) platform.

Some of the main advantages include building scalable decentralized applications, the introduction of a decentralized cost model around Ethereum Gas fees.

This new model proposes state-less parallelized execution and verification models while taking advantage of the security offered by the Bitcoin protocol. We may also refer to this as Web 3.0.

Table Of Contents

  • Abstract
  • Introduction
  • Syscoin Platform
  • Masternode Configuration
  • Chain Locks
  • Blockchain as a Computational Court
  • Scalability and Security
  • Efficiency
  • State Liveness and State Safety
  • Avoiding Re-execution of Transactions
  • Validity Proof Systems Overtop Proof-of-Work Systems
  • Quantum Resistance:
  • A Design Proposal for Web 3.0
  • Optimistic vs ZkRollup
  • Decentralized Cost Model
  • State-less Layer 1 Design
  • Related Works
  • Commercial Interests
  • Functional Overview
  • Give Me The Goods
  • Blockchain Foundry
  • Acknowledgements
  • References


Syscoin is a cryptocurrency borrowing security and trust models of Bitcoin but with services on top which are conducive for businesses to build distributed applications through tokenization capabilities.

Syscoin has evolved since being introduced in 2013 where it offered a unique set of services through a coloured coin implementation on top of Bitcoin.

These services included aliases (identity), assets (tokens), offers (marketplace), escrow (multisig payments between aliases and marketplaces), and certificates (digital credentials).

In its current iteration, it has evolved to serve availability of consensus rather than data storage itself which requires some liveness guarantees better suited to systems like Filecoin and IPFS.

The recent iteration of Syscoin, version 4.0, streamlined the on-chain footprint to exclusively serve assets, a service which requires on-chain data availability for double-spend protection.

Ultimately, the only data that belongs on the blockchain are proofs that executions occurred (eg, coin transfers, smart contract executions, etc.) and information required to validate those proofs.

We introduced high-throughput payment rails for our asset infrastructure through an innovation we called Z-DAG [1]. This innovation offered real-time probabilistic guarantees of double-spend protection and ledger settlement for real-time point-of-sale. As a result, the token platform is one step closer to mass adoption by providing scalable infrastructure and speed that met or exceeded what was necessary to transact with digital tokens in real-life scenarios.

In addition, a two-way bridge to trustlessly interoperate with Ethereum. This enables Ethereum users to benefit from fast, cheap and secure transactions on Syscoin, and Syscoin users to leverage the Turing complete contract capabilities and ecosystem of Ethereum, all of which exclude custodians or third-parties.

Every decision we’ve made has been with security in mind. We believe that one of the biggest advantages of Syscoin is that it is merge-mined with Bitcoin.

Rather than expend more energy, Syscoin recycles the same energy spent by Bitcoin miners in order to solve blocks while being secured by the most powerful cryptocurrency mining network available.

With this energy efficiency we were able to reduce the subsidy to miners and increase subsidy to masternodes without raising the overall inflation; see Fig 1 for configuration.

Unlike Dashpay, these masternodes are not what you expect, as they have the specific job of running full nodes.

Fig 1: Masternode setup

Syscoin Platform

Today, Syscoin offers an asset protocol and deterministic validators as an enhancement on top of Bitcoin, as summarized below:

  • UTXO Assets
  • Compliance through Notary
  • Fungible and Non-Fungible tokens (Generic Asset infrastructure named SPT — Syscoin Platform Tokens)
  • Z-DAG for fast probabilistic onchain payments, working alongside payment channel systems like Lightning Networks
  • Deterministic validators (Masternodes) which run as Long-Living Quorums for distributed consensus decisions such as Chain Locks
  • Decentralized Governance, 10% of block subsidy is saved to pay out in a governance mechanism through a network wide vote via masternodes
  • Merged-mined with Bitcoin for shared work alongside Bitcoin miners

Masternode Configuration

With 2400+ masternodes running fullnodes, Z-DAG becomes much more dependable, as does the propagation of blocks and potential forks.

The masternodes are bonded through a loss-less strategy of putting 100000 Syscoin in an output and running full nodes in exchange for block rewards.

A seniority model incentivizes the masternodes to share long-term growth by paying them more for the longer period of service. Half of the transaction fees are also shared between the PoW miners and masternodes to ensure long term alignment once subsidy becomes negligible.

The coins are not locked at any point, and there is no slashing condition if masternodes decide to move their coins, the rewards to those masternodes simply stop.

Sharing Bitcoin’s compact block design, it consumes very little bandwidth to propagate blocks assuming the memory pool of all these nodes is roughly synchronized [2].

The traffic on the network primarily consists of propagating the missing transactions to validate these blocks. Having a baseline for a large number of full-nodes that are paid to be running allows us to create a very secure environment for users.

It proposes higher costs to would-be attackers who either have to attempt a 51% attack of Syscoin (effectively also trying to attack the Bitcoin network), or try to game the mesh network by propagating bad information which is made more difficult by incentivized full-nodes.

The health of a decentralized network consists of the following;

(a) the mining component or consensus to produce blocks, and

(b) the network topology to disseminate information in a timely manner in conditions where adversaries might be lurking.

Other attacks related to race conditions in networking or consensus code are mostly negligible as Syscoin follows a rigorous and thorough continuous development process.

This includes deterministic builds, Fuzz tests, ASAN/MSAN/TSAN, functional/unit tests, multiple clients and adequate code coverage.

Syscoin and Bitcoin protocol code bases are merged daily such that the build/signing/test processes are all identical, allowing us to leverage the massive developer base of Bitcoin.

The quality of code is reflective of taking worst case situations into account. The most critical engineers and IT specialists need confidence that value is secure should they decide to move their business to that infrastructure.

It’s true that there are numerous new ideas, new consensus protocols and mechanisms for achieving synchronization among users in a system through light/full node implementations.

However, in our experience in the blockchain industry over the last 8 years, we understand that it takes years, sometimes generations to bring those functionalities to production level quality useful for commercial applications.

Chain Locks

With a subset of nodes offering sybil resistance through the requirement of bonding 100,000 SYS to become active, plus the upcoming deterministic masternode feature in Syscoin 4.2, we have enabled Chain Locks which attempts to solve a long-standing security problem in Bitcoin [3], where Dashcore was the first project to implement this idea [4] which the industry has since widely accepted as a viable solution [5].

Our implementation is an optimized version of this, in that we do not implement Instant Send or Private Send transactions and thus Syscoin’s Chain Lock implementation is much simpler.

Because of merged-mining functionality with Bitcoin, we believe our chain coupled with Chain Locks becomes the most secure via solving Bitcoin’s most vulnerable attack vector, selfish mining.

These Chain Locks are made part of Long-Living Quorums (LLMQ) which leverage aggregatable Boneh–Lynn–Shacham (BLS) signatures that have the property of being able to combine multiple signers in a Distributed Key Generation (DKG) event to sign on decisions. In this setup, a signature can be signed on a group of parties under threshold constraints without any one of those parties holding the private key associated with that signature. In our case, the signed messages would be a ChainLock Signature (CLSIG) which represent claims on what the block hashes represent of the canonical chain [4].

This model suggests a very efficient threshold signature design was needed to be able to quickly come to consensus across the Masternode layer to decide on chain tips and lock chains preventing selfish mining attacks. See [6] to understand the qualities of BLS signatures in the context of multi-sig use cases.

Ethereum 2.0 design centers around the use of BLS signatures through adding precompile opcodes in the Ethereum Virtual Machine (EVM) for the BLS12–381 curve [7] which Syscoin has adopted.

This curve was first introduced in 2017 by Bowe [8] to the ZCash protocol. Masternodes on Syscoin use this curve and have a BLS key that is associated with each validator. There is the performance comparison to ECDSA (Secp256k1) [9] that shows its usefulness in contrast to what Bitcoin and Syscoin natively use for signature verification.

Blockchain as a Computational Court

A computational court is a way of enforcing code execution on the blockchain’s state. This was first introduced by de la Rouvier [10].

Since the inception of  Syscoin  and  Blockchain Foundry we have subscribed to the idea that the blockchain should be used as a court system rather than a transaction processor.

This debate has stemmed from the block size debate in the Bitcoin community [11]. However, with recent revelations in cryptography surrounding Zero-Knowledge Proofs (ZKP) [12] and particularly Zero-Knowledge Succinct Non-Interactive Argument of Knowledge (zk-STARK) [13], we propose a secure ledger strategy using the Bitcoin protocol as a court (ie, host layer), an EVM or eWASM (ie, operating system layer), computational scaling through ZKP (ie, SDK layer) and business verticals (ie, application layer); see Fig 2

Fig 2: Four-layer tech stack

Scalability and Security

Scalability in blockchain environments is typically measured by Total Transactions per Second (TPS).

This means full trustlessness, decentralization and liveness properties as evidenced by something like Bitcoin.

If trade-offs are made to achieve higher scale it means another property is affected.

A full node is one that creates blocks and/or fully validates every block of transactions.

For the purpose of this discussion, we will refrain on expounding on designs where light-clients are used to give semblance of higher throughput, etc.

However, if two nodes are running the same hardware and doing the same work, the one that provides more TPS performance than the other is considered more scalable. This is not to be confused with throughput which is the measure of output that can be increased by simply adding more hardware resources. Hence, more throughput does not mean more scalable.

Some blockchains require the producers of blocks to run on higher specifications, offering higher throughput but not necessarily more scale.

However, there are projects which employ parallel processing to try to achieve higher scale whilst also enforcing more capable hardware to provide a more efficient overall system [33].

As a logical experiment, the throughput of a system divided by the scalability of the system is what we define as efficiency.

In the following sections, we will outline our proposal for improved efficiency.


The holy grail of blockchain design resides in the ability to have a ledger that can claim to be sublinear while retaining consistency, fault tolerance and full availability (ie, CAP Theorem).

This means there are roughly constant costs for an arbitrary amount of computation performed and being secured by that ledger.

This has always been thought of as impossible and it mostly is unless acceptable trade-offs appear in application designs and they are easy to understand and work around.

Most experts make the assumption that an O(1) ledger is simply impossible and thus design blockchains and force applications to work in certain ways as a result.

We will remove such assumptions and let business processes dictate how they work by giving the ability to achieve O(logk n) for some constant k (ie, polylogarithmic) efficiency with trade-offs.

A polylogarithmic design would give the ability for almost infinite scaling over time for all intents and purposes.

The only bottlenecks would be how fast information can be propagated across the network which would improve over time as telecom infrastructure naturally evolves and increases in both capability and affordability.

Put in context, even Lightning Networks for transactional counts qualifies as a form of sublinear scaling on a transactional basis but not per user, as users must necessarily enter the main chain first before entering a payment channel.

It requires the state of the blockchain to include the users joining the system.

This state (the UTXO balances) is the single biggest factor of efficiency degradation in Bitcoin.

Users need to first start on the main chain and then move into the payment channel system to receive money, meaning that scale is at best O (N) where N is the number of users.

There are some solutions to this problem of state storage on Bitcoin by reducing it via an alternative accumulator strategy to the cost of increased bandwidth [14].

This approach would make the chain state-less, however the validation costs would remain linear to the number of transactions being done. When combined with payment channels, only the costs to get in/out are factored into the validation and this offers an interesting design for payments themselves while providing for on-chain availability.

We consider this as a good path for futuristic scalable payments.

Hence, it is not possible to employ that strategy with general computations. With this design, we are still left with the issue on how to do general computations at higher efficiency.

What we present is the ability to have a polylogarithmic chain at the cost of availability for both payments and general computations where business processes dictate availability policies, and users fully understand these limitations when using such systems.

Users may also be provided the ability to ensure availability for themselves and others at their discretion. This will be expounded upon in the following sections.

State Liveness and State Safety

While many compelling arguments can be made migrating to a state-less design [15], it is not possible to achieve sublinear efficiency without sacrificing some other desired component that we outlined above.

To achieve polylogarithmic efficiency it’s necessary to have a mix of state and stateless nodes working together in harmony on a shared ledger [15].

This should be accomplished in such a way that business processes can dictate direction, and users can choose to pay a little more for security either by using a stateful yet very scalable ledgering mechanism or by paying to ensure their own data availability amortized over the life of that user on such systems.

Presenting the ability for users to make these choices allows us to separate the consensus of such systems and reduce overall complexity.

However, in whatever solution we adopt , we need to ensure that the final implementation allow for both the liveness and safety of that state, which are defined as follows:

State Liveness — Transferring coins in a timely manner

State Safety — Private custody

It is important to adhere to these concepts; if one cannot move one’s coins, then it is as useful as if one burned their coins. Hence, if we had third party custody in place, this would give rise to custodial solutions, and lose decentralized and trustless aspects of the solution, which again is not desired.

The options as described would allow users to decide their state liveliness at their own discretion, while state safety is a required constraint throughout any system design we provide. The doorway to possibilities of sublinear design is opened by giving users the ability to decide.

Avoiding Re-execution of Transactions

In order to scale arbitrarily, independent of the number of transactions — a desired property of increasing throughput — one requires a mechanism to avoid re-executing transactions.

Further, ideally it would be able to batch these transactions together for a two-fold scaling proposition.

There are a few mechanisms in literature that attempted to solve re-execution:

(a) TrueBit; (b) Plasma; and © Arbitrum avoided re-execution.

Unfortunately, they require challenge response systems to ensure security, which leads to intricate attack vectors of unbounded risk/reward scenarios.

Multi-Party Computation (MPC) is a mechanism to have parties act under a threshold to decide on actions such as computational integrity of a smart contract. MPC is used in Syscoin for BLS threshold signatures for Chain Locks and Proof-of-Service in quorums of validators deterministically chosen using Fiat-Shamir heuristics on recent block hashes.

The problem with this approach is that validators may become corrupt, hence need to be wrapped in a consensus system along with DKG and random deterministic selection. This was an interesting topic of discovery for the Syscoin team early-on as a way to potentially scale smart contract execution but was ultimately discarded due to the incentive for risk/reward scenarios to favour attacks as the value of the transactions increases.

Hardware enclaves (eg, Intel SGX through remote attestation) were also of particular interest to the Syscoin team as a way to offload execution and avoid re-execution costs.

However, there are a myriad of attack vectors and censorship concerns on the Intel platform . We also should note that the Antarctica model was interesting but required a firmware update from Intel to support such a feature which raises concerns over censorship long term.

The theme amongst all of these approaches is that although re-execution is avoided the communication complexity is largely still linear with the number of transactions on the main chain. The security and trust models are also different from that of the layer 1 assumptions which was not desired.
Lacking solvent solutions to avoid re-execution and enable sublinear overall complexity, we were led — in the development of Syscoin 4.0 — to build a trust-minimized two-way bridge between Syscoin and the Ethereum mainchain, offloading the concerns around smart contracts to Ethereum.

With the advent of such promising technology as ZKP and the optimizations happening around them, we have re-considered the possibilities and believe this will play an important role in the development of Web 3.0. This mathematical breakthrough led us to re-test our assumptions and options related to our desired design.

ZKP allows us the desired superlinear scaling trait we had been looking to achieve but they also offer other benefits; namely privacy is very easy to introduce and will not add detectable costs and complexities to verification on the mainchain.

With users controlling their own data, the mainchain and systems may be designed such that only balance adjustments are recorded, not transaction sets (we will explain the case with full data availability below). In this scenario there is no advantage for a miner to gain to be able to collude with users to launch attacks on systems such as Decentralize Finance (DeFi) pools and provenance of transactions.

The flexibility has to be there though for application developers that need experiences consistent with those we have today with Bitcoin/Syscoin/Ethereum, and to enable the privacy use-cases without requiring extra work, knowledge or costs.

Fig 3: Host and EVM layer

Validity Proof Systems Overtop Proof-of-Work Systems

Prior to the use of Proof Systems, the only option for “Validity Proofs” in a permissionless system involved naive replay, and as such greatly limited scalability; in essence this replay is what is still done today in Layer-1 blockchain (L1) solutions, with the known penalty to scalability.

Proof Systems offer a very appealing trait known as succinctness: in order to validate a state transition, one needs to only verify a proof, and this is done at a cost that is effectively independent of the size of the state transition (ie, polylogarithmic in the size of the state transition).

For maximal financial security, the amount of value being stored should depend on the amount of security provided on the settlement side of the ledger.

Proof-of-Work offers the highest amount of security guarantees. Our next generation financial systems begin with optimal ledgering security and add proof systems on top for scaling. Block times are not as important in a world where most users and activity are on Layer-2 blockchain (L2) validity proof based systems.

This liberates engineers who are focused on scalability to define blocks better; safe block times plus the maximal amount of data bandwidth that can be safely propagated in a time sensitive manner across full nodes in the network.

In Syscoin there are incentivized full nodes (ie, deterministic masternodes), so again we can maximize the bandwidth of ledgering capabilities while retaining Bitcoin Proof-of-Work (PoW) security through merged-mining.

Quantum Resistance:

Table 1: Estimates of quantum resilience for current cryptosystems (see [20])

As seen in Table 1, hashing with the SHA256 algorithm is regarded to be quantum safe because it requires Grover’s algorithm to crack in the post-quantum world, and at best the quantum computer will offer only 50% reduction in time to break.

On the other hand, where Shor’s algorithm applies, any pair based cryptographic system will be broken in hours.

For L2, we propose to implement ZKP in the SDK Layer (see Fig 2); namely Non-Interactive Zero Knowledge Proofs (NIZKP).

Popular implementations of NIZKP include Zero-Knowledge Succinct Non-interactive ARgument of Knowledge (zk-SNARKS) and Zero-Knowledge Scalable Transparent ARguments of Knowledge (zk-STARKS).

There are some zk-STARK/zk-SNARK friendly cipher’s employed in zkRollup designs such as MiMC and Pederson hashes for which we lack certainty on classical security, yet are hopeful and would offer quantum resistance within ZKPs.

It is important to note that Bitcoin was developed with change addresses in mind exposing the hash of a public key requires a quantum computer to use Grover’s Algorithm in order to attempt stealing that Bitcoin. Each time a Bitcoin Unspent Transaction Output (UTXO) is spent, the public key is exposed and a new change address — which does not expose the public key — is used as change.

With this in mind, any scalable L2 solution should be quantum resistant because otherwise we undermine Bitcoin design as the gold standard of security.

Fig 4: zkSync Rollup design

A Design Proposal for Web 3.0

The following describes the 4-layers (see Fig 2) of Syscoin’s proposed tech stack for Web 3.0:

[Host Layer] Bitcoin’s design is the gold standard for security and decentralization.

Proof-of-work and Nakamoto Consensus settlement security are widely regarded by academics as the most hardened solution for ledgering value.

It’s possible this may change, however it’s also arguable that the intricate design encompassing Game Theory, Economics, risk reward ratios for attack, and the minimal amounts of compromising attack vectors is likely not to change for the foreseeable future.

UTXO’s (and payments with them) are more efficient than account-based or EVM-based. That said, Bitcoin itself suffers from not being expressive enough to build abstraction for general computation.

[Operating System Layer]

EVM/eWASM is the gold standard for general computation because of its wide adoption in the community.

Anyone building smart contracts are likely using this model or will continue to use it as the standard for autonomous general computation with consensus.

[SDK Layer]

Zero-knowledge proofs are the gold standard for generalized computation scaling for blockchain applications. They enable one-time execution via a prover and enable aggregate proof checking instead of re-execution of complex transactions.

zk-STARKs or zk-SNARKs using collision resistant hash functions that work with only weak cryptographic assumptions and therefore are quantum safe.

At the moment generalized smart contracts are not there yet but we are quickly approaching the day (eg, Cairo, Zinc) when there will be abstractions made to have most Solidity code trans-compile into a native zero-knowledge aware compiler similar to how .NET runtime and C# allows an abstraction on top of C/C++ as an interpretive layer on top

[Application Layer]

Verticals or applications applying the above SDK to define business goals.

Surprisingly, these ideals represent a design that is not shared with any other project in the industry, including Bitcoin or Ethereum.

We feel these ideals, fashioned together in a singular protocol, could possibly present a grand vision for a “World Computer” blockchain infrastructure.

Syscoin has already implemented Geth + Syscoin nodes in one application instance already (ie, release 4.2), we foresee that it will not prove too challenging to have them cooperate on a consensus basis working together to form a dual chain secured by Syscoin’s PoW.

Fig 5: Proposed design

Fig 5 describes a system where nodes are running two sets of software processes, the Syscoin chain protocol and an EVM/eWASM chain protocol which are kept in sync through putting the EVM tip hash into the Syscoin block. Both have their own individual mempools and effectively the Ethereum contracts, tools and processes can directly integrate as is into the EVM chain as it stands.

Note that the two chains are processes running on the same computer together. Thus a SYS NODE and EVM NODE would be operating together on one machine instance (ie, Masternode) with ability to communicate with each other directly through Interprocess Communication (IPC).

The intersection between the two processes happens in three points:

Miner of the EVM chain collects the latest block hash and places it into the Syscoin block.

When validating Syscoin blocks, nodes confirm the validity of the EVM tip by consulting the EVM chain software locally.

Fees for the EVM chain are to be paid in SYS. We need an asset representing SYS on the EVM chain, which will be SYSX.

We will enable this through a similar working concept that we’ve already established (SysEthereum Bridge).

We may also enable pre-compiles on the EVM chain side to extract Syscoin block hashes and merkle roots to confirm validity of SYS to SYSX burn transactions.

This design separates concerns by not complicating the PoW chain with EVM execution information, keeping the processes separate yet operating within the same node.

To further delineate point 1 (see above), a miner would mine both chains. With Syscoin being merged-mined, the work spent on Bitcoin would be shared to create a Syscoin block that includes the EVM chain within it as a ledgering event representing the latest smart contract execution state (composed of Chain Hash, State Root, Receipt Root, and Transaction Trie Root).

Since the EVM chain has no consensus attached, technically a block can be created at any point in time. Creation of Syscoin and EVM blocks will be near simultaneous, and occur every one minute on average.

Fig 6: Merge mining on Syscoin

As seen in Fig 6, work done on BTC is reused to create SYS blocks through the  merged-mining specification. Concurrently, the miner will execute smart contracts in the memory pool of the node running the EVM chain. Once a chain hash has been established post-execution, it will be put into the coinbase of the Syscoin block and published to the network. Upon receiving these blocks, every node would verify that the EVM chain which they would locally execute (ie, similar to the miner) matches the state described by the Syscoin block.

Technically, one would want to ensure both the latest and previous EVM block hashes inside of their respective Syscoin blocks are valid.

The block->evmblock == evmblock && block->prev == evmblock->prev is all that is needed to link the chains together with work done by Bitcoin which is propagated to Syscoin through AUXPOW and can serve as a secure ledgering mechanism for the EVM chain.

Since (a) we may use eWASM; (b) there are paid full nodes running on the network; and © the mining costs are shared with Bitcoin miners, we should be able to safely increase the amount of bandwidth available in the EVM chain while remaining secure from large uncle orphan rates.

There has been much discussion as to what the safe block size should be on Ethereum. Gas limits are increasing as optimizations are made on the Ethereum network.

However, since this network would be ledgered by the Syscoin chain through PoW, there would be no concern for uncle orphaning of blocks since the blocks must adhere to the policy set inside of the Syscoin block. We should therefore be able to increase bandwidth significantly and parameterize for a system that will scale globally yet still be centered around L2 rollup designs.

A very important distinction here is that the design of Ethereum 2.0 centers around a Beacon chain and sharding served by a Casper consensus algorithm. The needs of the algorithm require a set of finality guarantees necessitating a move towards Proof-of-Stake (PoS).1

This has large security implications for which we may not have formal analysis for a long time, however we do know it comes with big risk.

We offer similar levels of scalability on a network while retaining Nakamoto Consensus security. The simpler design which has been market tested and academically verified to work would lead to a more efficient system as a whole with less unknown and undocumented attack vectors.

The only research that would need to be made therefore is on the optimal parameterization of the gas limit taking into account an L2 centric system but also a safe number of users we expect to be able to serve before fee market mechanisms begin to regulate the barrier of entry for these users.

This proposed system should be scalable enough to serve the needs of global generalized computation while sticking to the core fundamentals set forth in the design ideals above. Our upcoming whitepaper will have more analysis on these numbers but we include some theoretical scaling metrics at the end of this article.

Optimistic vs ZkRollup

ZKP are excellent for complex calculations above and beyond simple balance transfers. For payments, we feel UTXO payment channels combined with something like Z-DAG is an optimal solution.

However, we are left with rollup solutions for generalized computation involving more complex calculations requiring consensus.

Whatever solution we adopt has to be secured by L1 consensus that is considered decentralized and secure, which we achieve via merged-mining with Bitcoin.

There are two types of rollup solutions today:

(a) Optimistic roll ups (OR); and (b) zkRollups; which offer trade-offs.

Consensus about which chain or network you’re on is a really hard problem that is solved for us by Nakamoto consensus. We build on that secure longest chain rule (supplemented by Chain Locks to prevent selfish mining) to give us the world-view of the rollup states. The executions themselves can be done once by a market of provers, never to be re-executed, only verified, meaning it becomes an almost constant cost on an arbitrarily large number of executions batched together. With OR you have the same world-view but the world-view is editable without verifying executions. The role of determining the validity of that world-view is delegated to someone watching who provides guarantees through crypto-economics. Zero-knowledge proofs remove crypto-economics on execution guarantees and replace them with cryptography.

See [26] to see  between fraud proofs (optimistic) vs validity proofs (zk)

Key takeaways from this article are as follows

  • Eliminate a nasty tail risk: theft of funds from OR via intricate yet viable attack vectors;
  • Reduce withdrawal times from 1–2 weeks to a few minutes;
  • Enable fast tx confirmations and exits in practically unlimited volumes;
  • Introduce privacy by default.

One point missing is interoperability. A generalized form of cross-chain bridging can be seen in Chain A locking tokens based on a preimage commitment by Chain B to create a zero-knowledge proof, followed by verification of that proof as the basis for manifesting equivalence on Chain B. Any blockchain with the functionality to verify these proofs could participate in the ecosystem.

Our vision here is described using a zkRollup centric world-view, yet it can be replaced with other technologies should they be able to serve the same purpose. As an infrastructure we are not enforcing one or the other; developers can build on what they feel best suits their needs. We believe we are close to achieving this, and that the technology is nearing the point of being ready for the vision set forth in this article.

Decentralized Cost Model

Decentralized cost models lead to exponential efficiency gains in economies of scale. We set forth a more efficient design paradigm for execution models reflective of user intent. This design uses the UTXO model to reflect simple state transitions and a ZKP system for complex computations leading to state transitions. This leads to better scalability for a system by allowing people to actively make their trade-off within the same ecosystem, driven by the same miners securing that ecosystem backed by Bitcoin itself.

Furthermore, a decentralized cost model contributes to scalability in that ZKP gates can generalize complex computation better than fee-market resources like gas or the CPU/memory markets of EOS, etc.

This leads to better scalability for a system by allowing people to actively make their trade-off within the same ecosystem, driven by the same miners securing that ecosystem backed by Bitcoin itself.

Furthermore, a decentralized cost model contributes to scalability in that ZKP gates can generalize complex computation better than fee-market resources like gas or the CPU/memory markets of EOS, etc. This leads to more deterministic and efficient consumption of resources maximizing efficiency in calculations, and gives opportunity for those to scale up or down based on economic incentives without creating monopolistic opportunities unlike ASIC mining.

In other words, the cost is dictated by what the market can offer, via the cost of compute power (as dictated by Moore’s law), rather than the constrained costs of doing business on the blockchain itself.

This model could let the computing market dictate the price for Gas instead of being managed by miners of the blockchain. The miners would essentially only dictate the costs of the verification of these proofs when they enter the chain rather than the executions themselves.

 happening with ZKP and with a decentralized cost model it will be much easier to understand costs of running prover services as well as know how the costs scale based on the number of users and parameters of systems that businesses would like to employ. All things considered, it will be easier to make accurate decisions on data availability policies and the consensus systems needed to keep the system censorship resistant and secure.

Rollups will be friends, that is, users of one rollup system doing X TPS and users of another doing Y TPS, with the same trust model, will in effect get us to global rates of X*Y (where X is TPS of the sidechains/rollups and Y is the number of sidechains and rollups that exist). X is fairly static in that the execution models of rollups do not change drastically (and if they do, the majority of those rollup or sidechain designs end up switching to the most efficient design for execution over time).

State-less Layer 1 Design

The single biggest limiting factor of throughput in blockchains is  and access to the global state.

More specifically, in Bitcoin it is the UTXO set, and in Ethereum it is the Account Storage and World State tries. State lookups typically require SSD in Ethereum full nodes because real-time processing of transactions of block arrivals are critical to reaching consensus, this is especially the case for newly arriving blocks (ie, every 10–15 seconds).

As state and storage costs rise, the number of full verifying nodes decreases due to the resource consumption of fully validating nodes and providing timely responses to peers. Consequently, network health suffers due to the risks of centralization of consensus amongst the subset peers running full nodes.

State-less designs are an obvious preference to solve problems using alternative mechanisms to validate the chain without requiring continuous updates to the global state.

In a rollup, smart contracts on L1 do not access the global state unless entering or exiting a rollup. Therefore smart contracts that provide full data availability on-chain (ie, zkRollup), would only require state updates to the local set of users within that L2. Under designs where data availability is kept off-chain, there is no state update on L1, unless entering and exiting.

Therefore, it classifies as purely state-less, whereas in zkRollup mode we can consider this partially state-less. Since these L1 contracts are state-less to the global state, nodes on the network can parallelize verification of any executions to the contracts which do not involve entering or exiting. This is in addition to the organic and natural parallel executions of transactions that are composing these rollup aggregated transactions posted on L1.

State-less layer 1 designs also allow for parallelizable smart contract execution verification. The parallelization of smart contracts running on L1 in the EVM model is a recent topic of research that  which involves defining “intent” for the execution of a contract (because nodes do not know ahead of time what the smart contract execution will entail in terms of accessing global state).

Adding in the intent of a transaction as supplied as part of the commitment of that transaction would allow nodes to reject if the execution of that contract did not correspond with the intent, possibly costing the user fees for invalid commitments.

Although these designs may be flexible, they come at the cost of additional complexity through sorting, filtering and general logic that may be susceptible to intricate attacks.

In our case, the transaction can include a field that is understood by the EVM to denote if it is intending to use global state in any way (for rollups typically this would be false) then we can simply reject any access to global states for those specific types of executions.

This would allow nodes to execute these specific types of transactions in parallel knowing that no global state is allowed to access executions. If a transaction is rejected due to incorrectly setting this field the fees are still spent to prevent users from purposefully setting this field incorrectly.

Related Works

The following organizations offer various open source third party L2 scaling solutions:

Starkware is built using a general purpose language (Cairo) with Solidity (EVM) in mind, as is Matter labs with the (Zinc) language. Hermez developed custom circuits tailor-suited to fast transactions and Decentralized Exchange (DEX) like capability. These will be able to directly integrate into Syscoin without modification.

As such, the optimizations and improvements they make should directly be portable to Syscoin, hence becoming partners to our ecosystem.

Aleo uses Zero knowledge EXEcution (Zexe) for zkSNARK proof creation through circuits created from R1CS constraints. The interesting thing about Aleo is that there is a ledger itself that is purpose-built to only verify these Zexe proofs for privacy preserving transactability. The consensus is PoW, while the proof system involves optimizing over the ability to calculate the verifications of these proofs efficiently.

The more efficient these miners become at verifying these proofs, the faster they are able to mine and thus the system provides sybil resistance through providing resources to verify Zexe proofs as a service in exchange for block creation.

However, these proof creations can be done in parallel based on the business logic for the systems the developers need to create. There is no direct need for on-chain custom verification as these can be done in an EVM contract, similar to what Cairo Generic Proving Service (GPS) verifier and Zinc Verification do.

The goal of Aleo is to incentivize miners to create specialized hardware to more efficiently mine blocks with verification proofs.

However, provers can also do this as we have seen with Matter Labs’ recent release of  [27]. It is a desirable property to use PoW to achieve “world-view” consensus in Aleo; however they focus on private transactions. They are typically not batched and employ a recursive outer proof to guarantee execution of an inner proof where the outer proof is sent to the blockchain to be verified. This proof is a limited 2-step recursion, consequently batching of arbitrary amounts of transactions is not supported.

However, as a result the cost of proof verification is relatively constant with a trade-off of limiting the recursion depth. Aleo is not meant to be a scalable aggregator of transactions, but mainly oriented towards privacy in their zk-SNARK constructions using Zexe.

Commercial Interests

Commercial enterprises may start to create proprietary prover technologies where costs will be lower than market in an attempt to create an advantage for user adoption. This design is made possible since the code for the prover is not required for the verifier to ensure that executions are correct. The proof is succinct whether or not the code to make the proof is available.

While the barrier of entry is low in this industry, we’ve seen the open source model and its communities optimize hardware and software and undergo academic peer review using strategies that outpace private funded corporations.

That is plausible to play out over the long term. However, an organic market will likely form on its own, forging its own path leading to mass adoption through capitalist forces.

The point here is that the privately funded vs open source nature of proving services does not change the mechanism of secure and scalable executions of calculations that are eventually rooted to decentralized and open ledgers secured by Bitcoin.

The utmost interesting propositions are the verticals that become possible by allowing infrastructure that is parameterized to scale into those economies where they are needed most, and where trust, security and auditability of value are concerns.

Smart cities, IoT, AI and Digital sovereignty are large markets that intersect with blockchain as a security blanket.

Although ZKP are tremendously useful on their own, applying them to consensus systems for smart contract executions drive them to another level due to the autonomous nature of “code-is-law” and provable deterministic state of logic. We believe a large majority of the next generation economy will depend on many of the ideas presented here.

 is working with commercial and enterprise adopters of blockchain technology. Our direct interaction with clients combined with our many collective years of experience in this field are reflected in this design.

Functional Overview

Fig 7: High-level description

For scalable simple payments, one can leverage our Syscoin Platform Token (SPT) asset infrastructure and payment channels to transact at scale.

Unique characteristics of SPTs include a generalized 8 byte field for the asset ID which is split between the upper and lower 4 bytes; the upper 4 are issued and definable (ie, NFT use cases) and lower 4 are deterministic. This enables the ability to have a generalized asset model supporting both Non-fungible Tokens (NFT) and Fungible Tokens (FT) without much extra cost at the consensus layers. 1 extra byte is used for all tokens at best case and 5 extra bytes are used for NFT at worst case.

See [28] for more information on .

This model promotes multiple assets to be used as input and consequently as outputs, suggesting that atomic swaps between different assets are possible within 1 transaction. This has some desirable implications when using payment channels for use cases such as paying in one currency when merchants receive another atomically.

A multi-asset payment channel is a component that is desired so users are not constrained to single tokens within a network. Composability of assets as well as composability across systems (such as users from one L2 to another) is a core fundamental to UX and convenience that needs to be built into our next generation blockchain components that we believe will enable mass adoption.

The Connext box shows how potentially you can  as described in [29]. This would promote seamless cross-chain L2 communication without the high gas fees. Since these L2’s are operating under an EVM/eWASM model, there are many ways to enable this cross-communication.

An EVM layer will support general smart contracts compatible with existing Ethereum infrastructure and L2 rollups will enable massive scale. The different types of zkRollups will allow businesses and rollup providers to offer ability for custom fee markets (ie, pay for fees in tokens other than base layer token SYS).

In addition, it will remove costs and thus improve scale of systems by offering custom data availability consensus modules. This design discussed here shares similarities to the  where a smart contract would sign off on data availability checks that would get put into the ZKP as part of the validity of a zkBlock which goes on chain.

The overall idea of the zkPorter design is that the zkRollup system would be called a “shard”, and each shard would have a type either operating in “zkRollup” mode or operating in “normal” mode.

Taken from the zkPorter article the essence of it is:

If a shard type is zkRollup, then any transaction that modifies an account in this shard must contain the changes in the state that must be published as L1 calldata (same as a zkRollup).

Any transaction that modifies accounts in at least two different shards must be executed in zkRollup mode.

All other transactions that operate exclusively on the accounts of a specific shard can be executed in normal shard mode (we will call them shard transactions). If a block contains some shard transactions for a shard S, then the following rules must be observed:

  1. The root hash of the subtree of the shard S must be published once, as calldata on L1. This guarantees that users of all other shards will be able to reconstruct their part of the state.
  2. The smart contract of the data availability policy of this shard must be invoked to enforce additional requirements (e.g. verify the signature of the majority of the shard consensus participants).

This concludes that shards can define different consensus modules for data availability (censorship resistance mechanisms) via separating concerns around ledgering the world-view of the state (ie, ZKP that is put on L1 and the data that represents the state. Doing so would allow shards to increase scale, offload costs of data availability to consensus participants.

A few note-worthy examples of consensus for data availability are:

  1. Non-committee, non fraud proof based consensus for data availability checks. No ⅔ online assumption; see  [30].
  2. Sublinear block validation of ZKP system. Use something like  as a data availability proof engine and majority consensus; see  [31].
  3. Use a combination of above, as well as masternode quorum signatures for any of the available quorums to sign a message committing to data availability checks as well as data validity. Using masternodes can provide a deterministic set of nodes to validate decisions as a service. The data can be stored elsewhere accessible to the quorums as they reach consensus that it is indeed valid and available.

Give Me The Goods

You may be wondering what a system like this can offer in terms of scale …

Simple payments: since payment channels work with UTXO’s and also benefit from on-chain scaling via Z-DAG, 16MB blocks (with segwit weight) assumed, we will see somewhere around 8MB-12MB effectively per minute (per block).

We foresee that is sufficient to serve 7 Billion people who may enter and exit the once a year (ie, 2 transactions on chain per person per year) for a total of 14 Billion transactions.

Let’s conservatively assume 8MB blocks and 300 bytes per transaction. Once on a payment channel, the number of transactions is not limited to on-chain bandwidth, but to network related latencies and bandwidth costs. Therefore, we will conclude that our payment scalability will be able to serve billions of people doing 2 on-chain transactions per year which is arguably realistic based on the way we envision payments to unfold; whether that is an L2 or payment channel network that will hold users to pay through instant transaction mechanisms.

On-chain, we have some  [1]; in those cases someone needs to transact for point-of-sale using the Syscoin chain. The solution for payments ends up looking like a hybrid mechanism of on-chain (Z-DAG) and off-chain (ie, payment channel) style payments.

Complex transactions such as smart contracts using zkRollups require a small amount of time to verify each proof. In this case, we assume that we will host data off-chain while using an off-chain consensus mechanism to ensure data availability for censorship resistance; so the only thing that goes on the chain are validity proofs. We will assume that we will assign 16MB blocks for the EVM chain per minute.

A proof size will be about 300kB for about 300k transactions batched together which will take about 60–80ms to verify and roughly 5 to 10 minutes to create such proofs.

These are the   using zk-STARKs which present quantum resistance and no trusted setup.

After speaking with Eli Ben-Sasson, we were made aware that proving and verifications metrics are already developed compared to what is currently presented by Starkware [34].

Hence, zk-SNARKs offer even smaller proofs and verification times at the expense of trusted setups and stronger cryptography assumptions (not post-quantum safe).

We foresee that these numbers will improve over time as the cryptography improves, but current estimates suggest a rough theoretical capacity of around 1 Million TPS.

Starkware was able to process 300k transactions over 8 blocks with a total cost of 94.5M gas; final throughput was 3000 TPS (see Reddit bake-off estimates). As a result, or the following calculations, let’s assume one batch-run to be 300k transactions.

Ethereum can process ~200kB of data per minute, with a cost limit of 50M gas per minute. Therefore, considering the Starkware benchmark test, and assuming a block interval of 13 seconds, we would achieve ~ 3000 TPS (ie, 300 k transactions per batch-run / (8 blocks per batch-run * 13 seconds per block))

It is estimated that Syscoin will be able to process ~16MB of data per minute on the EVM layer (ie, SYSX in Fig 3), which is ~80x gain over Ethereum; thus a cost limit of 4B gas (ie, 80*50M) per minute.

Therefore, if the Starkware benchmark test was run on Syscoin, it is estimated that Syscoin could run the equivalent of 42 batch-runs per minute (ie, 4B gas per minute / 94.5 M gas per batch-run).

That would result in an equivalent of 210 k TPS (ie, 42 batch-runs per minute * 300 k transactions per batch-run / 60 seconds per minute).

If we were to consider using Validum on the Syscoin EVM layer, we estimate that we could achieve 800 batch-runs per minute (ie, 4B gas per minute / 5 M gas per batch-run). That would equate to an equivalent of 4M TPS (ie, 800 batch-runs per minute * 300 k transactions per batch-run / 60 seconds per minute).

Table 2: Gas costs and Total throughput

* Because all transactions are on-chain, which would include state lookups and modifications, it would likely result in a smaller total throughput depending on the node. This would be on average somewhere between 50–150 TPS total due to the state lookup bottlenecks, which are not an issue in a rollup design and can be done in a state-less way on-chain (meaning the throughput can instead be bounded by computational verification of the ZKPs)

**Rollups post the transitions on-chain and Validium does not, but note that the transitions on chain are account transitions and not transactions and so if some accounts interact within the same batch it will be just those account transitions recorded to the chain regardless of how many actual transactions are done between them.This is the minimum TPS with full layer 1 decentralized security. The amortized cost per Tx thus drops as accounts are reused within the This is the minimum TPS with full layer 1 decentralized security. The amortized cost per Tx thus drops as accounts are reused within the batch and the total TPS would subsequently rise.

Optimizations to the verification process are likely and would be required to get to those numbers, but the bandwidth would allow for such scale should those optimizations come to fruition.

For example 800 zk-STARK verifications at roughly 80ms per zk-STARK would take around 64 seconds, however these proofs can be verified in parallel so with a 32-core machine. It would take ~2–3 seconds total spent on these proofs, and likely decrease further with optimizations (note that TPS includes total account adjustments).

Because of the higher throughput capabilities of baseline EVM, we may look to  [32] to thwart DOS attacks.

The aforementioned calculations demonstrate the full State Safety of the mainchain secured by Bitcoin, and no asynchronous network assumptions which make theoretical calculations impractical in many other claims of blockchain throughput due to execution model bottlenecks.

These results were extrapolated based on real results with constant overhead added that becomes negligible with optimizations. It is imperative to note that transactions in this strategy are not re-executable; there is little to no complexity in this model other than verifying succinct proofs. The proof creation strategy is parallelized organically using this model. The verifications on the main chain can also be parallelized as they are executed on separate shards or rollup networks. Dual parallel execution and verification gives exponentially more scalability than other architectures.

Additionally, privacy can be built into these models at minimal to no extra cost, depending on the business model. Lastly, we suggest these are sustainable throughput calculations and not burst capacity numbers which would be much higher (albeit with a marginally higher fee based on fee markets).

For example Ethereum is operating at 15 TPS but there are around 150k transactions pending, and the average cost is about 200 gWei currently. The fee rate is based on the calculation that it takes around 10000 seconds to clear, assuming this many transactions, no new transactions, and there is demand to settle earlier.

Extrapolating on 4M TPS the ratio would become 40B transactions pending with 4M TPS to achieve the same fee rate on Ethereum today assuming the memory pool is big enough on nodes to support that many pending transactions.

Since masternodes on Syscoin are paid to provide uptime, we can expect network bandwidth to scale up naturally to support higher throughput as demand for transaction settlement increases.

Today, the ability to transact at a much higher rate using the same hardware provides the ability for a greater scale than the state-of-the-art in blockchain design without the added desired caveat of avoiding asynchronous network assumptions.

We believe this proposed design will become the new state-of-the-art blockchain, which is made viable due to its security, flexibility and parallelizable computational capacity.

In regards to uncle rates with higher block sizes, keep in mind we make uncle rates and re-organizations in general negligible through the use of the PoW chain mining Syscoin along with Chain Locks. We provide intuition that block sizes can be increased substantially without affecting network health.

Furthermore, the gas limits can be adjusted by miners up to 0.1% from the previous block and so a natural equilibrium can form where even if more than 4B gas is required it can be established based on demand and how well the network behaves with such increases.

There is a lot to unpack with such statements and so we will cover this in a separate technical post as it is out-of-scope for this discussion.

Blockchain Foundry

One of the main reasons for a profit company is to take advantage of some of the aforementioned verticals which we expect to underpin the economies of tomorrow with infrastructure similar to what is presented here.

Since the company’s beginning in 2016, we have spent the majority of our existence designing architecture parameterized to global financial markets.

Breakthroughs in cryptography and consensus designs as described here lead us to formalize these designs to apply to market verticals, formulating new applications and solutions that would not have been possible before.

Specifically, , we believe these ideas can be IP protected without requiring privatization of the entire tech stack. These value-added ideas that will use existing open-source tech stacks enabling a massive network effect of value through incentivization of commercial and enterprise adoption.

These new ideas, innovations and proprietary production quality solutions could steer in a new wave of  for civilization.


[1] J. Sidhu, E, Scott, and A. Gabriel, Z-DAG: An interactive DAG protocol for real-time crypto payments with Nakamoto consensus security parameters, Blockchain Foundry Inc, Feb. 2018. Accessed on: Feb 2021. [Online]. Available: 

[2] Bitcoin Core FAQ, Compact Blocks FAQ Accessed on: Feb 2021. [Online]. Available: 

[3] I. Eyal and E. G. Sirer, Majority is not enough: Bitcoin mining is vulnerableProceedings of International Conference on Financial Cryptography and Data Security, pp. 436–454, 2014.

[4] A. Block, Mitigating 51% attacks with LLMQ-based ChainLocks. Accessed on: Feb 2021. [Online], Nov 2018. Available: 

[5] J. Valenzuela, Andreas Antonopoulos Calls Dash ChainLocks “a Smart Way of” Preventing 51% Attacks. Aug 22, 2019. Accessed on: Feb 2021. [Online]. Available: 

[6] D. Boneh, M. Drijvers, and G. Neven, BLS Multi-Signatures With Public-Key Aggregation, Mar 2018. Accessed on: Feb 2021. [Online]. Available: 

[7] J. Drake. Pragmatic signature aggregation with BLS, May 2018. Accessed on: Feb 2021. [Online]. Available: 

[8] S. Bowe, BLS12–381: New zk-SNARK Elliptic Curve Construction, Mar 2017. Accessed on: Feb 2021. [Online]. Available: 

[9] A. Block, BLS: Is it really that slow?, Jul 2018. Accessed on: Feb 2021. [Online]. Available: 

[10] S. de la Rouvier. Interplanetary Linked Computing: Separating Merkle Computing from Blockchain Computational Courts, Jan 2017. Accessed on: Feb 2021. [Online]. Available: 

[11] Anonymous Kid, Why the fuck did Satoshi implement the 1 MB blocksize limit? [Online forum comment], Jan 2018, Accessed on: Feb 2021. [Online]. Available: 

[12] Zero-Knowledge Proofs What are they, how do they work, and are they fast yet? Accessed on: Feb 2021. [Online]. Available: 

[13] E. Ben-Sasson, I. Bentov, Y. Horesh, and M. Riabzev, Scalable, transparent, and post-quantum secure computational integrity, IACR Cryptol, 2018, pp 46

[14] Dryja, T, Utreexo: A dynamic hash-based accumulator optimized for the bitcoin UTXO set, IACR Cryptol. ePrint Arch., 2019, p. 611.

[15] G.I. Hotchkiss, The 1.x Files: The State of Stateless Ethereum, Dec 2019. Accessed on: Feb 2021. [Online]. Available: 

[16] S. Bowe, A. Chiesa, M. Green, I. Miers, P. Mishra, H. Wu: Zexe: Enabling decentralized private computation. Cryptology ePrint Archive, Report 2018/962 (2018). Accessed on: Feb 2021. [Online]. Available: 

[17] A. Nilsson, P.N. Bideh, J. Brorsson, A survey of published attacks on Intel SGX. 2020, arXiv:2006.13598

[18] C. Nelson, Zero-Knowledge Proofs: Privacy-Preserving Digital Identity, Oct 2018. Feb 2021. Accessed on: [Online]. Available: 

[19] D. Boneh, Discrete Log based Zero-Knowledge Proofs, Apr 2019, Accessed on: Feb 2021 [Online]. Available: 

[20] Quantum Computing’s Implications for Cryptography (Chapter 4), National Academies of Sciences, Engineering, and Medicine: Quantum Computing: Progress and Prospects. The National Academies Press, Washington, DC, 2018.

[21] S. Naihin, Goodbye Bitcoin… Hello Quantum, Apr 2019, Accessed on: Feb 2021 [Online]. 

[22] L.T. do Nascimento, S. Kumari, and V. Ganesan, Zero Knowledge Proofs Applied to Auctions, May 2019, Accessed on: Feb 2021 [Online]. Available: 

[23] G., Proof of Stake Versus Proof of Work. Technical Report, BitFury Group, 2015. Accessed on: Feb 2021. [Online]. Available: 

[24] V. Buterin and V. Griffith, Casper the Friendly Finality Gadget. CoRR, Vol. abs/1710.09437, 2017. arxiv: 1710.09437, 

[25] M. Neuder, D.J. Moroz, R. Rao, and D.C. Parkes, Low-cost attacks on Ethereum 2.0 by sub-1/3 stakeholders, 2021. arXiv:2102.02247, 

[26] Starkware, Validity Proofs vs. Fraud Proofs, Jan 2019, Accessed on: Feb 2021, [Online]. Available: 

[27] A. Gluchowski, World’s first practical hardware for zero-knowledge proofs acceleration, Jul 2020, Accessed on: Feb 2021 [Online]. Available: 

[28] Introducing an NFT Platform Like No Other, Accessed on: Feb 2021. [Online]. Available: 

[29] A. Bhuptani, Vector 0.1.0 Mainnet Release, The beginning of a multi-chain Ethereum ecosystem, Jan 2021, Accessed on: Feb 2021. [Online]. Available: 

[30] V. Buterin, With fraud-proof-free data availability proofs, we can have scalable data chains without committees, Jan 2020, Accessed on: Feb 2021. [Online]. Available: 

[31] M. Al-Bassam, A data availability blockchain with sub-linear full block validation, Jan 2020, Accessed on: Feb 2021. [Online]. Available: 

[32] T. Chen, X. Li, Y. Wang, J. Chen, Z Li, X. Luo, M. H. Au, and X. Zhang. An adaptive gas cost mechanism for Ethereum to defend against under-priced DoS attacks. Proceedings of Information Security Practice and Experience — 13th International Conference ISPEC, 2017

[33] Y. Sompolinsky, and A. Zohar, Secure High-rate Transaction Processing in Bitcoin, Proc. 19th Int. Conf. Financial Cryptogr, Data Secur. (FC’20), Jan 2015, pp. 507–527

[34] Starkware Team, Rescue STARK Documentation — Version 1.0, Jul 2020

Shared with 💚 by Free Spirit

✌ & 💚

BitHouse with 💚

Satoshi Nakamoto Quotes

“ It might make sense just to get some in case it catches on.

If enough people think the same way, that becomes a self fulfilling prophecy.

Once it gets bootstrapped, there are so many appli­ca­tions if you could effort­lessly pay a few cents to a website as easily as dropping coins in a vending machine. ”

Get some in case it catches on

“ In this sense, it’s more typical of a precious metal.

Instead of the supply changing to keep the value the same, the supply is prede­ter­mined and the value changes.

As the number of users grows, the value per coin increases.

It has the poten­tial for a positive feedback loop; as users increase, the value goes up, which could attract more users to take advan­tage of the increasing value. ”

Potential for a positive feedback loop

“ Maybe it could get an initial value circu­larly as you’ve suggested, by people foreseeing its poten­tial useful­ness for exchange. (I would definitely want some)

Maybe collec­tors, any random reason could spark it.

I think the tradi­tional quali­fi­ca­tions for money were written with the assump­tion that there are so many competing objects in the world that are scarce, an object with the automatic bootstrap of intrinsic value will surely win out over those without intrinsic value.

But if there were nothing in the world with intrinsic value that could be used as money, only scarce but no intrinsic value, I think people would still take up something. (I’m using the word scarce here to only mean limited poten­tial supply) ”

“ A rational market price for something that is expected to increase in value will already reflect the present value of the expected future increases. “

Rational market price

In your head, you do a proba­bility estimate balancing the odds that it keeps increasing. ”


“ I’m sure that in 20 years there will either be very large trans­ac­tion volume or no volume. ”

In 20 Years

“ Bitcoins have no dividend or poten­tial future dividend, there­fore not like a stock.

More like a collectible or commodity.“

Collectible vs Commodity

” [Lengthy exposition of vulnerability of a systm to use-of-force monopolies ellided.]

You will not find a solution to political problems in cryptography.

Yes, but we can win a major battle in the arms race and gain a new territory of freedom for several years.

Governments are good at cutting off the heads of a centrally controlled networks like Napster, but pure P2P networks like Gnutella and Tor seem to be holding their own. “

Pure P2P networks

” It’s very attractive to the libertarian viewpoint if we can explain it properly.

I’m better with code than with words though. “

Libertarian Viewpoint

” The proof-of-work is a Hashcash style SHA-256 collision finding.

It’s a memoryless process where you do millions of hashes a second, with a small chance of finding one each time.

The 3 or 4 fastest nodes’ dominance would only be proportional to their share of the total CPU power.

Anyone’s chance of finding a solution at any time is proportional to their CPU power.

There will be transaction fees, so nodes will have an incentive to receive and include all the transactions they can.

Nodes will eventually be compensated by transaction fees alone when the total coins created hits the pre-determined ceiling. “

Transactions Fees

” Right, it’s ECC digital signatures.

A new key pair is used for eveey transaction.

It’s not pseudonymous in the sense of nyms identifying people, but it is at least a little pseudonymous in that the next action on a coin can be identified as being from the owner of that coin.”


Bitcoin is a new electronic cash system that uses a peer-to-peer
network to prevent double-spending.

It’s completely decentralized
with no server or central authority

New electronic cash system

Total circulation will be 21,000,000 coins.

It’ll be distributed to network nodes when they make blocks, with the amount cut in half every 4 years

first 4 years: 10,500,000 coins

next 4 years: 5,250,000 coins

next 4 years: 2,625,000 coins

next 4 years: 1,312,500 coins

When that runs out, the system can support transaction fees if needed.

It’s based on open market competition, and there will probably always be nodes willing to process transactions for free.

Open Market Competition

” I would be surprised if 10 years from now we’re not using electronic currency in some way, now that we know a way to do it that won’t inevitably get dumbed down when the trusted third party gets cold feet.

It could get started in a narrow niche like reward points, donation tokens, currency for a game or micropayments for adult sites.

Initially it can be used in proof-of-work applications for services that could almost be free but not quite.

POW applications

It can already be used for pay-to-send e-mail.

The send dialog is resizeable and you can enter as long of a message as you like.

It’s sent directly when it connects.

The recipient doubleclicks on the transaction to see the full message.

If someone famous is getting more e-mail than they can read, but would still like to have a way for fans to contact them, they could set up Bitcoin and give out the IP address on their website. “

Pay-to-Send Email

“Send X bitcoins to my priority hotline at this IP and I’ll read the message personally.”

Send bitcoin

You can securely control neither your land nor your digitally centralized financial assets without the help of government. Thus the locality & importance of legal ownership in these things. You can securely control your globally seamless Bitcoin without the help of government.

Nick Szabo


Made with 💚 by Free Spirit

✌ & 💚

Did you find this article helpful?

If so, please consider a donation to help the evolution and development of more helpful articles in the future, and show your support for alternative articles.

Your generosity is 💚 ly appreciated

You can donate in any crypto your 💚 desires 😊

Thank you all for your time !!!

✌ & 💚

Bitcoin (BTC) :


LiteCoin(LTC) :


Ethereum(ETH) :


EthereumClassic(ETC) :


Cardano(ADA) :


BinanceCoin(BNB) :


BitcoinCash (BCH)


Bitcoin SV (BSV)


ZCash(ZEC) :


Dash(DASH) :


Shiba(SHIB) :


Tron(TRX) :


Stellar(XLM) :



Timothy C. May

Arise, you have nothing to lose but your barbed wired fences!

Timothy C. May

Wonder In Peace bright mind!

Thanks for the guidance and wisdom!

The world will never know how much they owe you!

✌ & 💚

Shared with 💚 by Free Spirit
& 💚


Web Dai – B-Money

I am fascinated by Tim May's crypto-anarchy. 

Unlike the communities
traditionally associated with the word "anarchy", in a crypto-anarchy the
government is not temporarily destroyed but permanently forbidden and
permanently unnecessary.

It's a community where the threat of violence is
impotent because violence is impossible, and violence is impossible because its participants cannot be linked to their true names or physical locations.
Until now it's not clear, even theoretically, how such a community could operate.

A community is defined by the cooperation of its participants, and efficient cooperation requires a medium of exchange (money) and a way to enforce contracts.

Traditionally these services have been provided by the government or government sponsored institutions and only to legal entities.

In this article I describe a protocol by which these services can be provided to and by untraceable entities.
I will actually describe two protocols. The first one is impractical,because it makes heavy use of a synchronous and unjammable anonymous
broadcast channel. However it will motivate the second, more practical protocol.

In both cases I will assume the existence of an untraceable network, where senders and receivers are identified only by digital
pseudonyms (i.e. public keys) and every messages is signed by its sender
and encrypted to its receiver.
In the first protocol, every participant maintains a (seperate) database of how much money belongs to each pseudonym. These accounts collectively define the ownership of money, and how these accounts are updated is the subject of this protocol.
1. The creation of money. Anyone can create money by broadcasting the
solution to a previously unsolved computational problem. The only
conditions are that it must be easy to determine how much computing effort
it took to solve the problem and the solution must otherwise have no
value, either practical or intellectual. The number of monetary units
created is equal to the cost of the computing effort in terms of a
standard basket of commodities. For example if a problem takes 100 hours
to solve on the computer that solves it most economically, and it takes 3
standard baskets to purchase 100 hours of computing time on that computer
on the open market, then upon the broadcast of the solution to that
problem everyone credits the broadcaster's account by 3 units.
2. The transfer of money. If Alice (owner of pseudonym K_A) wishes to
transfer X units of money to Bob (owner of pseudonym K_B), she broadcasts
the message "I give X units of money to K_B" signed by K_A.
Upon the broadcast of this message, everyone debits K_A's account by X units and
credits K_B's account by X units, unless this would create a negative
balance in K_A's account in which case the message is ignored.
3. The effecting of contracts. A valid contract must include a maximum
reparation in case of default for each participant party to it. It should
also include a party who will perform arbitration should there be a
dispute. All parties to a contract including the arbitrator must broadcast
their signatures of it before it becomes effective. Upon the broadcast of
the contract and all signatures, every participant debits the account of
each party by the amount of his maximum reparation and credits a special
account identified by a secure hash of the contract by the sum the maximum
reparations. The contract becomes effective if the debits succeed for
every party without producing a negative balance, otherwise the contract
is ignored and the accounts are rolled back. A sample contract might look
like this:
K_A agrees to send K_B the solution to problem P before 0:0:0 1/1/2000.
K_B agrees to pay K_A 100 MU (monetary units) before 0:0:0 1/1/2000. K_C
agrees to perform arbitration in case of dispute. K_A agrees to pay a
maximum of 1000 MU in case of default. K_B agrees to pay a maximum of 200
MU in case of default. K_C agrees to pay a maximum of 500 MU in case of
4. The conclusion of contracts. If a contract concludes without dispute,
each party broadcasts a signed message "The contract with SHA-1 hash H
concludes without reparations." or possibly "The contract with SHA-1 hash
H concludes with the following reparations: ..." Upon the broadcast of all
signatures, every participant credits the account of each party by the
amount of his maximum reparation, removes the contract account, then
credits or debits the account of each party according to the reparation
schedule if there is one.
5. The enforcement of contracts. If the parties to a contract cannot agree
on an appropriate conclusion even with the help of the arbitrator, each
party broadcasts a suggested reparation/fine schedule and any arguments or
evidence in his favor. Each participant makes a determination as to the
actual reparations and/or fines, and modifies his accounts accordingly.
In the second protocol, the accounts of who has how much money are kept by
a subset of the participants (called servers from now on) instead of
everyone. These servers are linked by a Usenet-style broadcast channel.

The format of transaction messages broadcasted on this channel remain the
same as in the first protocol, but the affected participants of each
transaction should verify that the message has been received and
successfully processed by a randomly selected subset of the servers.
Since the servers must be trusted to a degree, some mechanism is needed to
keep them honest. Each server is required to deposit a certain amount of
money in a special account to be used as potential fines or rewards for
proof of misconduct. Also, each server must periodically publish and
commit to its current money creation and money ownership databases. Each
participant should verify that his own account balances are correct and
that the sum of the account balances is not greater than the total amount
of money created. This prevents the servers, even in total collusion, from
permanently and costlessly expanding the money supply. New servers can
also use the published databases to synchronize with existing servers.
The protocol proposed in this article allows untraceable pseudonymous
entities to cooperate with each other more efficiently, by providing them
with a medium of exchange and a method of enforcing contracts. The
protocol can probably be made more efficient and secure, but I hope this
is a step toward making crypto-anarchy a practical as well as theoretical
Appendix A: alternative b-money creation
One of the more problematic parts in the b-money protocol is money
creation. This part of the protocol requires that all of the account
keepers decide and agree on the cost of particular computations.
Unfortunately because computing technology tends to advance rapidly and
not always publicly, this information may be unavailable, inaccurate, or
outdated, all of which would cause serious problems for the protocol.
So I propose an alternative money creation subprotocol, in which account
keepers (everyone in the first protocol, or the servers in the second
protocol) instead decide and agree on the amount of b-money to be created
each period, with the cost of creating that money determined by an
auction. Each money creation period is divided up into four phases, as
1. Planning. The account keepers compute and negotiate with each other to
determine an optimal increase in the money supply for the next period.

Whether or not the account keepers can reach a consensus, they each
broadcast their money creation quota and any macroeconomic calculations
done to support the figures.
2. Bidding. Anyone who wants to create b-money broadcasts a bid in the
form of <x, y> where x is the amount of b-money he wants to create, and y
is an unsolved problem from a predetermined problem class. Each problem in
this class should have a nominal cost (in MIPS-years say) which is
publicly agreed on.
3. Computation. After seeing the bids, the ones who placed bids in the
bidding phase may now solve the problems in their bids and broadcast the
4. Money creation. Each account keeper accepts the highest bids (among
those who actually broadcasted solutions) in terms of nominal cost per
unit of b-money created and credits the bidders' accounts accordingly


Shared with 💚 by Free Spirit

✌ & 💚

Mining Calculators

How to Calculate Mining Profitability: Top 6 Mining Calculators

Before we can even start mining, we should use one of the many profitability calculators online, that should give us beforehand a better ubderstanding if the GPU, FPGA, ASIC we choose to mine with will be profitable or not!

🔸️🔹️ Online calculators 🔹️🔸️

🔸️ WhatToMine

🔸️ Rubin Mining Calculator

🔸️ CoinWarz

🔸️ CryptoCompare

🔸️ Minerstat

🔸️ Crypto-Coinz

Before even entering sites to buy hardware, do GOOD...do VERY GOOD your R&D ... 

If you think reading is for dorks,nerds, geeks and boring people ... well...

Made with 💚 by Free Spirit

✌ & 💚

Bitcoin Quotes

Bitcoin Quotes from around the World

“Bitcoin actually has the balance and incentives right, and that is why it is starting to take off. “

Julian Assange

Bitcoin has the balance and incentives right

” It isn’t obvious that the world had to work this way.

But somehow the universe smiles on encryption.”

Julian Assange

The universe smiles on encryption

” The innovation is that BTC is hard to shut down. […]

Designed from the ground up to survive under the most adversarial conditions. “


Bitcoin is hard to shut down

” Bitcoin is the most successful privacy coin to date. “

Pierre Rochard

Most successful privacy coin to date

” Bitcoin is a mathematical miracle. “

Steve Wozniak (Apple Co-Founder)

Mathematical miracle

” Bitcoin is a technological innovation that happens once a species. “

Trace Mayer

Technological innovation that happens once in a species

” Bitcoin doesn’t care about who you are or what your feelings are.

Bitcoin represents equal opportunity to participate in a system not encumbered by our legacy fiat structures. “

White Rabbit

Participate in a system not encumbered by FIAT

” We’re here to unfuck the money and there’s no stopping us.

Fix the money, change the world. “

White Rabbit

Fix the money, change the world

” Hardly anybody actually understands money. “

Nick Szabo

Nobody underatands money

” When you have a disruptive technology, they call it a category killer.

Bitcoin is a serial killer – it’s going to go through 40 or 50 different industries. “

Dan Morehead

Bitcoin is a serial killer

” It’s 21 million or death.”

Robert Breedlove

21 million or death

” It might make sense just to get some in case it catches on. “

Satoshi Nakamoto

In case it catches on

” Trusted third parties are security holes. “

Nick Szabo

Trusted third parties

” There are only going to be 21 million coins, there are billions of people in the world, some reasonable percentage of who might find it interesting to own a piece of Bitcoin.”

Adam Back

21 Million Coins

” I think it’s essential for a program of this nature to be open source. “

Satoshi Nakamoto

Open Source

” SHA-256 is very strong. It’s not like the incremental step from MD5 to SHA1.

It can last several decades unless there’s some massive breakthrough attack. “

Satoshi Nakamoto


” Code mixed with robust game theory is superior to hierarchical command and control. “


Code superior to hierarchical command and control

” Given that money is one half of every commercial transaction and that whole civilizations literally rise and fall based on the quality of their money, we are talking about an awesome power, one that flies under the cover of night. “

Ron Paul

Money… an awesome power

” The world has to adapt to bitcoin, not the other way round. “


The world has to adapt to bitcoin

” When I first bought bitcoin it took me two years of speculation to understand what Bitcoin really was.

But once I fully had a grasp of it, it was life altering. “

Russell Okung

Bitcoin is life altering

” Many countries stand to gain from Bitcoin’s adoption as it would remove their dependence on the US dollar and provide them with a feasible alternative. “

Misir Mahmudov

Bitcoin a feasible alternative to the US $

” Bitcoin is a optimist bet on the future, a bet on human ingenuity.

Gold is a pessimist bet on the past and, often a bet the end of civilization. “

Rodolfo Novak

Bitcoin a bet on Human Ingenuity

” Everyone has got to believe in something.

Why not believe in something verifiable and unforgeable. “

Hass McCook

Believe in something verifiable and unforgeable

” Open source software is a meritocracy of ideas, not of people.

So people are always talking about “Who controls Bitcoin?”

Good ideas control Bitcoin.

Not people.”

Ben Prentice

Good ideeas control Bitcoin

“Bitcoin is a seed of hope in a society which lost vision years ago and perspective just recently. “

Kim Neunert

Bitcoin a seed of hope

” Bitcoin has an inescapable, unavoidable, and omnipotent magnetism for the brightest and most revolutionary minds on the planet.

I’ve never witnessed anything like it. “

Brandon Bridge

Bitcoin’s magnetism

” This is why proof of work needs to be expensive, if it is cheap you can roll back things easily.

You want it to be very difficult to change history.

The only way to make it difficult to change history is to make the process of writing the current history very expensive. “

Jimmy Song

Difficult to change history

” Bitcoin is like gold but with this magical ability that you can teleport it.”

Vijay Boyapati

Bitcoin magical ability to teleport it

” Can Bitcoin be stopped?

“Not really, this thing is a beast.

As Mises wrote:

Ideas can only be overcome by other ideas. “

Trace Mayer

Bitcoin cannot be stopped

“I’m not here to fix Bitcoin.”

Michael Saylor

Fix bitcoin

” Buying bitcoin is the most powerful protest an individual can make against the current economic system. “

Luc Dossis

Buying bitcoin is the most powerful protest

” These numbers have nothing to do with the technology of the devices; they are the maximums that thermodynamics will allow.

And they strongly imply that brute-force attacks against 256-bit keys will be infeasible until computers are built from something other than matter and occupy something other than space. “

Bruce Schneier

Maximums that thermodynamics will allow

” Cryptocurrency is such a powerful concept that it can almost overturn governments. “

Charles Lee

Cryptocurrency can almost overturn governments

” Bitcoin will do to banks what email did to the postal industry. “

Rick Falkvinge

Bitcoin is the email for the postal industry

” I do think Bitcoin is the first [encrypted money] that has the potential to do something like change the world. “

Peter Thiel

Bitcoin has the potential to change the world

” Bitcoin is the most important invention in the history of the world since the Internet. “

Roger Ver

Bitcoin the most important invention in the history since the Internet

” Gold is a great way to preserve wealth, but it is hard to move around. You do need some kind of alternative and Bitcoin fits the bill. “

Jim Rickards

Bitcoin fits the bill as a way to preserve wealth

” You can’t stop things like Bitcoin.

It will be everywhere and the world will have to readjust.

World governments will have to readjust. “

John McAfee

Bitcoin will be everywhere and the world will have to readjust

” I think the fact that within the bitcoin universe an algorithm replaces the function of the government… is actually pretty cool. “

Al Gore

An algorithm replaces the function of government

“People have made fortunes off Bitcoin, some have lost money.

It is volatile, but people make money off of volatility too.”

Richard Branson

Some lost, some won with Bitcoin

” The ability to create something which is not duplicable in the digital world has enormous value…

Lot’s of people will build businesses on top of that. “

Eric Schmidt

Create something wich is not duplicable

“PayPal had these goals of creating a new currency.

We failed at that…

I think Bitcoin has succeeded on the level of a new currency, but the payment system is lacking.”

Peter Thiel

Bitcoin succeeded as a new currency

” As people move into Bitcoin for payments and receipts they stop using US Dollars, Euros and Chinese Yuan which in the long-term devalues these currencies. “

John McAfee

Bitcoin devalues $ € ¥

” Bitcoin is the currency of resistance…

If Satoshi had released Bitcoin 10 years. earlier, 9/11 would never have happened. “

Max Keiser

Bitcoin the currency of resistance

“At its core, bitcoin is a smart currency, designed by very forward-thinking engineers. “

Peter Diamandis

Bitcoin is a smart currency

“The internet is going to be one of the major forces for reducing the role of government.

One thing that’s missing but that will soon be developed, is a reliable  e-cash.”

Milton Friedman


” Bitcoin is a technological tour de force. “

Bill Gates

Tour de force

” If you don’t believe it or don’t get it, I don’t have the time to try to convince you, sorry. “

Satoshi Nakamoto

Don’t have the time

“WikiLeaks has kicked the hornet’s nest, and the swarm is headed towards us.”

Satoshi Nakamoto


” Lost coins only make everyone else’s coins worth slightly more.

Think of it as a donation to everyone.”

Satoshi Nakamoto

Lost Coins

” In a few decades when the reward gets too small, the transaction fee will become the main compensation for [mining] nodes.

I’m sure that in 20 years there will either be very large transaction volume or no volume.”

Satoshi Nakamoto

Transaction fee

” As computers get faster and the total computing power applied to creating bitcoins increases, the difficulty increases proportionally to keep the total new production constant.

Thus, it is known in advance how many new bitcoins will be created every year in the future.

Coins have to get initially distributed somehow, and a constant rate seems like the best formula.”

Satoshi Nakamoto

Coins distribution at a constant rate is the best formula

” Bitcoin is the beginning of something great: a currency without a government, something necessary and imperative. “

Nassim Taleb

Bitcoin a currency without a government

” Those who believe in Bitcoin also believe in cleverness. “

Arif Naseem

Believe in bitcoin believe in cleverness

” Bitcoin is the most stellar and most useful system of mutual trust ever devised. “

Arif Naseem

Bitcoin a system of mutual trust

Cryptocurrency is freedom, Banking is slavery. “

Arif Naseem

Cryptocurrency is freedom

” Our basic thesis for bitcoin is that it is better than gold. “

Tyler Winklevoss

Bitcoin better than gold

” I think the whole narrative of blockchain without bitcoin will amount to very little. “

Fred Ehrsam

Blockchain without bitcoin

” Every informed person needs to know about Bitcoin because it might be one of the world’s most important developments. “

Leon Louw

Bitcoin world’s most important developments

” Bitcoin is a very exciting development, it might lead to a world currency.

I think over the next decade it will grow to become one of the most important ways to pay for things and transfer assets. “

Kim Dotcom (CEO of MegaUpload)


Bitcoin might lead to a world currency

” Bitcoin may be the TCP/IP of money. “

Paul Buchheit (Creator of Gmail)

Bitcoin the TCP/IP of money

” We have elected to put our money and faith in a mathematical framework that is free of politics and human error. “

Tyler Winklevoss (Co-inventor of Facebook)

Mathematical framework free of politics and human error

” I really like Bitcoin.

I own Bitcoins.

It’s a store of value, a distributed ledger.

It’s a great place to put assets, especially in places like Argentina with 40 percent inflation, where $1 today is worth 60 cents in a year, and a government’s currency does not hold value.

It’s also a good investment vehicle if you have an appetite for risk.

But it won’t be a currency until volatility slows down. “

David Marcus (CEO of Paypal)

Bitcoin a store of value

” [Virtual Currencies] may hold long-term promise, particularly if the innovations promote a faster, more secure and more efficient payment system. “

Ben Bernanke (Chairman of the Federal Reserve)

Bitcoin may hold long-term promise

There are 3 eras of currency: Commodity based, politically based, and now, math based. “

Chris Dixon (Co-founder of Hunch now owned by Ebay, Co-founder of SiteAdvisor now owned by McAfee)

Math based currency

” Bitcoin is here to stay.

There would be a hacker uproar to anyone who attempted to take credit for the patent of cryptocurrency.

And I wouldn’t want to be on the receiving end of hacker fury. “

Adam Draper

Bitcoin is here to stay

” It’s money 2.0, a huge hugehuge  deal. “

Chamath Palihapitiya (Previous head of AOL instant messenger)

Money 2.0

” If there is one positive takeaway from the collapse of Mt.Gox, it is the willingness of a new generation of Bitcoin companies to work together to ensure the future of Bitcoin and the security of customer funds. “

Brian Armstrong (CEO of Coinbase)

Future of bitcoin

” Bitcoin seems to be a very promising idea.

I like the idea of basing security on the assumption that the CPU power of honest participants outweighs that of the attacker.

It is a very modern notion that exploits the power of the long tail. “

Hal Finney

Bitcoin a promising idea

” Bitcoin enables certain uses that are very unique.

I think it offers possibilities that no other currency allows.

For example the ability to spend a coin that only occurs when two separate parties agree to spend the coin; with a third party that couldn’t run away with the coin itself. “

Pieter Wuille

Bitcoin enables uses that are very unique

” At its core, bitcoin is a smart currency, designed by very forward-thinking engineers.

It eliminates the need for banks, gets rid of credit cardfees, currency exchange fees, money transfer fees, and reduces the need for lawyers in transitions… all good things. “

Peter Diamandis

Good things

” There is so much potential, … I am just waiting for it to be a billion dollar industry.” “ Wow, Silk Road actually works ” “

Charlie Shrem

Silk Road actually works

Made with 💚 by Free Spirit

✌ & 💚

Asic Miners Vendors List


https://51asic.ru/ Russian

https://akminer.com/ Chinese

https://www.antminerdistribution.com/ – Holland

https://asicmarketplace.com/ – Hong Kong

https://asicminermarket.com/ – China

https://bitcoinmerch.com/ – USA

https://www.bitmart.co.za/ – Zanzibar

https://blokforge.com/ – USA

https://bt-miners.com/ – USA

https://casaminers.com/en – Italy

https://coinminer.com/ – USA

https://coinminingcentral.com/ – England

https://cryptosupply.de/ – Germany














Speculative Attack

Speculative Attack

Pierre Rochard

July 4, 2014


Bitcoin naysayers1 wring their hands over how Bitcoin can’t go mainstream. They gleefully worry that Bitcoin will not make it across the innovation chasm:

  • It’s too complicated
  • It doesn’t have the right governance structure2
  • The security is too hard to get right
  • Existing and upcoming fiat payment systems are or will be superior
  • It’s too volatile
  • The government will ban it
  • It won’t scale

The response from the Bitcoin community is to either endlessly argue over the above points3 or to find their inner Bitcoin Jonah4 with platitudes like:

  • Bitcoin the currency doesn’t matter, it’s the block chain technology that matters
  • It would be better if the block chain technology were used by banks and governments
  • Bitcoin should continue to be a niche system for the bit-curious, it’s just an experiment
  • Fiat and Bitcoin will live side-by-side, happily ever after
  • Bitcoin is the Myspace of ‘virtual currency’

The above sophisms are each worth their own article, if just to analyze the psycho-social archetypes of the relevant parrots.

A few of the criticisms mentioned earlier are correct, yet they are complete non sequiturs. Bitcoin will not be eagerly adopted by the mainstream, it will be forced upon them. Forced, as in “compelled by economic reality“.

People will be forced to pay with bitcoins, not because of ‘the technology’, but because no one will accept their worthless fiat for payments.

Contrary to popular belief, good money drives out bad. This “driving out” has started as a small fiat bleed.

It will rapidly escalate into Class IV hemorrhaging due to speculative attacks on weak fiat currencies. The end result will be hyperbitcoinization, i.e. “your money is no good here”.

Thiers’ Law: Good Money Drives Out Bad

Historically, it has been good, strong currencies that have driven out bad, weak currencies.

Over the span of several millennia, strong currencies have dominated and driven out weak in international competition.

The Persian daric, the Greek tetradrachma, the Macedonian stater, and the Roman denarius did not become dominant currencies of the ancient world because they were “bad” or “weak.”

The florinsducats and sequins of the Italian city-states did not become the “dollars of the Middle Ages” because they were bad coins; they were among the best coins ever made.

The pound sterling in the 19th century and the dollar in the 20th century did not become the dominant currencies of their time because they were weak.

Consistency, stability and high quality have been the attributes of great currencies that have won the competition for use as international money.

Robert Mundell“Uses and Abuses of Gresham’s Law in the History of Money”

Bitcoins are not just good money, they are the best money.5 

The Bitcoin network has the best monetary policy6 and the best brand.7 

We should therefore expect that bitcoins will drive out bad, weak currencies.8 

By what process will bitcoins become the dominant currency? Which fiat currencies will be the first to disappear?

These are the interesting questions of the day, as the necessary premises for these questions are already established truths.9

1. Fiat Bleed

Bitcoin’s current trend is to increase in value on an exponential trend line as new users arrive in waves.

The good money is “slowly” driving out the bad.

Two factors drive this:

  1. Reduction in information asymmetry – people are learning about Bitcoin and coming to the realization that bitcoins are indeed the best money. Possible overlapping motives:
    • ADHD – compulsive novelty fetichism induced by our post-war consumer culture and/or innate biological processes
    • FOMO – fear of missing out, see Regret Theory and ingroups, aka avarice and status-seeking
    • PISD – post-internet stress disorder, aka “disruption”, “next big thing”, “internet of money”
  2. Increasing liquidity – buying bitcoins is more convenient and has fewer fees attached today than a year ago. One can reasonably predict that this will also be the case a year from now. Why? Because selling bitcoins is a profitable and competitive business. Why? Because people want bitcoins, see above.

Due to group psychology, these newcomers arrive in waves.

The waves have a destabilizing effect on the exchange rate: speculators are unsure of the amplitude or wavelength of adoption, and amateurish punters let their excitement as well as subsequent fear overwhelm them.

Regardless, once the tide has pulled back and the weak hands have folded, the price is a few times higher than before the wave.

This ‘slow’ bleed is the current adoption model, and commentators generally assume one of the following:

  1. Slow bleed never occurred, it’s a fiction based on misleading data
  2. Slow bleed has stopped, the above motives only affect lolbertarians and angry teens
  3. The process will taper off now, as all the super tech-savvy people are already getting on board

My own prediction is that slow bleed has been accelerating and is only the first step.

The second step will be speculative attacks that use bitcoins as a platform.

The third and final step will be hyperbitcoinization.

2. Currency Crises

It might make sense just to get some in case it catches on.

If enough people think the same way, that becomes a self fulfilling prophecy.

” Once it gets bootstrapped, there are so many applications if you could effortlessly pay a few cents to a website as easily as dropping coins in a vending machine. “

Satoshi Nakamoto, 1/17/2009

Slow bleed leads to currency crisis as the expected value of bitcoins solidifies in people’s minds.

At first they are conservative, they invest “what they can afford to lose”.

After 12-18 months, their small stash of bitcoins has dramatically increased in value.

They see no reason why this long term trend should reverse: the fundamentals have improved and yet adoption remains low.

Their confidence increases. They buy more bitcoins. They rationalize: “well, it’s only [1-5%] of my investments”. They see the price crash a few times, due to bubbles bursting or just garden-variety panic sales – it entices them to buy more, “a bargain”. Bitcoin grows on the asset side of their balance sheet.

On the liability side of the Bitcoiner’s balance sheet there are mortgages, student loans, car loans, credit cards, etc.

Everyone admonishes people to not borrow in order to buy bitcoins.

The reality is that money is fungible: if you buy bitcoins instead of paying down your mortgage’s principal, you are a leveraged bitcoin investor.

Almost everyone is a leveraged bitcoin investor, because it makes economic sense (within reason).

The cost of borrowing (annualized interest rates ranging from 0% to 25%) is lower than the expected return of owning bitcoins.

How leveraged someone’s balance sheet is depends on the ratio between assets and liabilities.

The appeal of leveraging up increases if people believe that fiat-denominated liabilities are going to decrease in real terms, i.e. if they expect inflation to be greater than the interest rate they pay.

At that point it becomes a no-brainer to borrow the weak local currency using whatever collateral a bank will accept, invest in a strong foreign currency, and pay back the loan later with realized gains.

In this process, banks create more weak currency, amplifying the problem.

The effect of people, businesses, or financial institutions borrowing their local currency to buy bitcoins is that the bitcoin price in that currency would go up relative to other currencies.

To illustrate, let’s say that middle-class Indians trickle into bitcoin. Thousands of buyers turns into hundreds of thousands of buyers.

They borrow Indian Rupees using whatever unencumbered collateral they have – homes, businesses, gold jewelry, etc.

They use these Rupees to buy bitcoins. The price of bitcoins in Indian Rupees goes up, a premium develops relative to other currency pairs.

A bitcoin in India might be worth $600, while in the U.S. it trades at $500. Traders would buy bitcoins in the U.S. and sell them in India to net a $100 gain. They would then sell their Indian Rupees for dollars. This would weaken the Indian Rupee, causing import inflation and losses for foreign investors.

The Indian central bank would have to either increase interest rates to break the cycle, impose capital controls, or spend their foreign currency reserves trying to prop up the Rupee’s exchange rate.

Only raising interest rates would be a sustainable solution, though it would throw the country into a recession.

There’s a huge problem with the Indian central bank raising interest rates: bitcoin’s historical return is ~500% per year.

Even if investors expected future return is 1/10th of that, the central bank would have to increase interest rates to unconscionable levels to break the attack.

The result is evident: everyone would flee the Rupee and adopt bitcoins, due to economic duress rather than technological enlightenment.

This example is purely illustrative, it could happen in a small country at first, or it could happen simultaneously around the world.

Who leverages their balance sheet and how is impossible to predict, and it will be impossible to stop when the dam cracks.

Which countries are most vulnerable to a currency crisis?

Business Insider provides a helpful list here.

Bitcoins will have to reach certain threshold of liquidity, indicated by a solid exchange in every financial center and a real money supply – i.e. market cap – of at least $50 billion, before they can be used as an instrument in a speculative attack. This will either coincide with or cause a currency crisis.

3. Hyperbitcoinization

A speculative attack that seems isolated to one or a few weak currencies, but causes the purchasing power of bitcoins to go up dramatically, will rapidly turn into a contagion.

For example, the Swiss will see the price of bitcoins go up ten fold, and then a hundred fold.

At the margin they will buy bitcoins simply because they want to speculate on their value, not due to an inherent problem with the Swiss Franc.

The reflexivity here entails that the reduction in demand for Swiss Francs would actually cause higher than expected inflation and thus an inherent problem with the Swiss Franc.

The feedback loop between fiat inflation and bitcoin deflation will throw the world into full hyperbitcoinization, explained by Daniel here.


Bitcoin will become mainstream.

The Bitcoin skeptics don’t understand this due to their biases and lack of financial knowledge.

First, they are in as strong an echo chamber as Bitcoin skeptics.10 

They rabidly search for evidence that confirms their view of Bitcoin.

Second, they misunderstand how strong currencies like bitcoin overtake weak currencies like the dollar: it is through speculative attacks and currency crises caused by investors, not through the careful evaluation of tech journalists and ‘mainstream consumers’.

To honor these soon to be extinct skeptics, the Nakamoto Institute has launched A Tribute to Bold Assertions.

  1. No, seriously, there are people on the Internet spending a non-trivial amount of time writing about a currency they think is going to fail yet continues to succeed beyond anyone’s expectations. I get schadenfreude from their lack of schadenfreude. Granted, a few of them are being paid to write controversial click bait and/or just concern trolling – both activities that I respect and understand.
  2. This is generally stated by people who are in the ‘out-group’ and fantasize about being in the ‘in-group’ through politics/pedigree rather than economic/meritocratic processes. Demographically, they probably overlap with fans of The Secret. Economically, they are without exception bezzlers
  3. Bitcoin has entered its Eternal September, where every person new to Bitcoin thinks they have a unique understanding of Bitcoin and everyone ought to hear about it. There’s an endless flood of newbies ‘concerned’ about such and such ‘problem’ with Bitcoin. The Bitcoin community does these arrivistes a real disservice by taking them seriously instead of just telling them ‘read more’. 
  4. The opposite of Bitcoin Jesus. Bitcoin Jonah is a defeatist, self-sabotaging, and timid ‘man’ who is on a permanent quest to confirm Bitcoin’s weakness. 
  5. Bitcoin is the Best Unit of Account by Daniel Krawisz 
  6. The Bitcoin Central Bank’s Perfect Monetary Policy by Pierre Rochard 
  7. Bitcoin Has No Image Problem by Daniel Krawisz 
  8. Hyperbitcoinization by Daniel Krawisz
  9. If you disagree then either you have not been learning or you have not been engaging in the debate, go back to square one. 
  10. ‘I live in a rather special world. I only know one person who voted for Nixon. Where they are I don’t know. They’re outside my ken. But sometimes when I’m in a theater I can feel them.’ – Pauline Kael



Bitcoin’s Shroud of Subtlety and Allure

A new banner of freedom

Bitcoin’s Shroud of Subtlety and Allure

Daniel Krawisz

June 29, 2014

Attacks on Bitcoin

A successful attack on Bitcoin means attacking Bitcoin’s value.

There might well be a bug that could be exploited to put the network out of commission temporarily, but would soon be fixed and then the network would be up and running shortly thereafter.

To destroy Bitcoin permanently means to end the profit opportunities available with it, and that means either a malicious hashing attack on the network that makes mining impossible or such a malevolent policy against Bitcoin trade that even the black market abandons it.

Both of these require spending resources in proportion to the profits that Bitcoin enables.

In this article, I will discuss three reasons why such an attack is unlikely to succeed: antifragility, subtlety, and attacker defection.

The interplay of these three defenses makes Bitcoin into a kind of wave that rewards those who ride it and drowns those who resist it.

The first of these, antifragility, is exemplified in the fact that malicious hashing is impossible up to a certain fraction of the network.

Below the point that selfish mining becomes possible1 additional hashes per second are almost certainly beneficial because they increase the security of the network.

Any potential attacker, therefore, must weigh in the possibility that he may end up benefiting the network instead of destroying it.

A similar risk accompanies a legal attack on Bitcoin. Bitcoin can adapt to half-hearted attacks. It would move deeper into the black market where it would become permanently strengthened.

Furthermore, a legal attack could be easily corrupted into one that brings as many bitcoins as possible to the government agents instead of one that destroys it (see below).

Bitcoin’s Subtlety

Bitcoin adoption happens one person at a time, and this is true for potential attackers as well as the rest of us.

It takes an entrepreneurial mindset to be able to imagine what Bitcoin could become, given how comparatively small it is now.

It takes time and meditation for people to take Bitcoin seriously because most of its value is in the future.

By the time this happens, Bitcoin has become much more expensive than when they first learned of it.

Thus, Bitcoin is protected from attackers by being initially beyond their understanding.

When Bitcoin was very small, it was very stealthy and was completely unknown to the establishment.

Now they laugh at it, just as it has begun to grow bold.

Of course, we don’t know who really dismisses it and who is deliberately trying to draw attention away from it.

Bitcoin’s Allure

Furthermore, potential attackers are at a disadvantage for another reason.

Bitcoin tends to oppose organizations rather than people.

Even someone who stands to lose from Bitcoin by not reacting to it, such as a banker or government agent, stands to gain a great deal by buying now.

Only the very wealthiest people might reasonably expect to be worse off attempting to buy up as much as possible now than if it were gone. (This could happen if their attempt to buy caused the price to rise too fast relative to their ability to acquire additional bitcoins, to the point that they ultimately had less influence over the future Bitcoin economy than they have over the economy of today.)

Thus, the agency problem with Bitcoin affects bitcoin competitors as well as Bitcoin holders.

Nearly any government agent who begins to see bitcoin as a potential threat must also simultaneously see it as an opportunity.

He, too, can invest in Bitcoin. And why shouldn’t he?

Bitcoin may be a threat to his livelihood, but it may well be making him an offer he can’t refuse.

How can an organization that stands to lose by the adoption of Bitcoin provide its members with a better opportunity for staying loyal than Bitcoin provides for defection?

Even those who might resist the temptation to defect would have to think about the defection of his fellows.

How quickly is adoption happening? Is there time to mount an attack before Bitcoin becomes too powerful? How easily could the resources for such an attack be amassed, given both the ignorance and treachery of the other agents.

If such an attack would be unlikely to succeed, then buying now would be the only intelligent action.

Regardless of whether he liked Bitcoin, it would be futile to continue pursuing a doomed cause.

Potential Bitcoin attackers are in a Prisoner’s Dilemma.

In the same way that the people cannot easily rebel against the king owing to a lack of coordination on their part, governments cannot rebel against Bitcoin for the same reason.

The government puts the people in a Prisoner’s Dilemma against one another, and Bitcoin does the same to government agents.

Bitcoin is like Invasion of the Body Snatchers.

Bitcoin attracts inside men to act as covert saboteurs. There have long been predictions from both bitcoiners and naysayers of impending government attacks, but I think there is a possibility that Bitcoin could win without suffering much resistance.

Moreover, although I said above only that any legal bitcoin attack could be perverted, the considerations discussed in this section tend to make such diffusion very likely.

Bitcoin defends itself by being obscure, but once it has attracted someone’s attention, its best interest is for that person to understand the logic presented here. For then he will also understand that his best course is to deny Bitcoin’s threat to his superiors and quietly to become its willing slave.

  1. Right now Bitcoin Core does not follow the proper strategy to protect against selfish mining even at very low hashing rates, but the fix would be extremely easy to implement and would make selfish mining impossible up to 25% of the hash rate. 



Hal Finney

” Bitcoin and me (Hal Finney)

March 19, 2013, 08:40:02 PM
Last edit: March 25, 2013, 08:37:28 PM by Hal


I thought I’d write about the last four years, an eventful time for Bitcoin and me.

For those who don’t know me, I’m Hal Finney. I got my start in crypto working on an early version of PGP, working closely with Phil Zimmermann. When Phil decided to start PGP Corporation, I was one of the first hires. I would work on PGP until my retirement.

At the same time, I got involved with the Cypherpunks. I ran the first cryptographically based anonymous remailer, among other activities.

Fast forward to late 2008 and the announcement of Bitcoin.

I’ve noticed that cryptographic graybeards (I was in my mid 50’s) tend to get cynical. I was more idealistic; I have always loved crypto, the mystery and the paradox of it.

When Satoshi announced Bitcoin on the cryptography mailing list, he got a skeptical reception at best. Cryptographers have seen too many grand schemes by clueless noobs. They tend to have a knee jerk reaction.

I was more positive. I had long been interested in cryptographic payment schemes.

Plus I was lucky enough to meet and extensively correspond with both Wei Dai and Nick Szabo, generally acknowledged to have created ideas that would be realized with Bitcoin.

I had made an attempt to create my own proof of work based currency, called RPOW. So I found Bitcoin facinating.

When Satoshi announced the first release of the software, I grabbed it right away.

I think I was the first person besides Satoshi to run bitcoin.

I mined block 70-something, and I was the recipient of the first bitcoin transaction, when Satoshi sent ten coins to me as a test.

I carried on an email conversation with Satoshi over the next few days, mostly me reporting bugs and him fixing them.

Today, Satoshi’s true identity has become a mystery. But at the time, I thought I was dealing with a young man of Japanese ancestry who was very smart and sincere.

I’ve had the good fortune to know many brilliant people over the course of my life, so I recognize the signs.

After a few days, bitcoin was running pretty stably, so I left it running.

Those were the days when difficulty was 1, and you could find blocks with a CPU, not even a GPU.

I mined several blocks over the next days. But I turned it off because it made my computer run hot, and the fan noise bothered me.

In retrospect, I wish I had kept it up longer, but on the other hand I was extraordinarily lucky to be there at the beginning.

It’s one of those glass half full half empty things.

The next I heard of Bitcoin was late 2010, when I was surprised to find that it was not only still going, bitcoins actually had monetary value.

I dusted off my old wallet, and was relieved to discover that my bitcoins were still there.

As the price climbed up to real money, I transferred the coins into an offline wallet, where hopefully they’ll be worth something to my heirs.

Speaking of heirs, I got a surprise in 2009, when I was suddenly diagnosed with a fatal disease. I was in the best shape of my life at the start of that year, I’d lost a lot of weight and taken up distance running. I’d run several half marathons, and I was starting to train for a full marathon. I worked my way up to 20+ mile runs, and I thought I was all set. That’s when everything went wrong.

My body began to fail. I slurred my speech, lost strength in my hands, and my legs were slow to recover.

In August, 2009, I was given the diagnosis of ALS, also called Lou Gehrig’s disease, after the famous baseball player who got it.

ALS is a disease that kills moter neurons, which carry signals from the brain to the muscles. It causes first weakness, then gradually increasing paralysis. It is usually fatal in 2 to 5 years.

My symptoms were mild at first and I continued to work, but fatigue and voice problems forced me to retire in early 2011. Since then the disease has continued its inexorable progression.

Today, I am essentially paralyzed. I am fed through a tube, and my breathing is assisted through another tube. I operate the computer using a commercial eyetracker system. It also has a speech synthesizer, so this is my voice now. I spend all day in my power wheelchair. I worked up an interface using an arduino so that I can adjust my wheelchair’s position using my eyes.

It has been an adjustment, but my life is not too bad. I can still read, listen to music, and watch TV and movies. I recently discovered that I can even write code. It’s very slow, probably 50 times slower than I was before. But I still love programming and it gives me goals.

Currently I’m working on something Mike Hearn suggested, using the security features of modern processors, designed to support “Trusted Computing”, to harden Bitcoin wallets. It’s almost ready to release. I just have to do the documentation.

And of course the price gyrations of bitcoins are entertaining to me. I have skin in the game. But I came by my bitcoins through luck, with little credit to me. I lived through the crash of 2011. So I’ve seen it before. Easy come, easy go.

That’s my story. I’m pretty lucky overall. Even with the ALS, my life is very satisfying. But my life expectancy is limited. Those discussions about inheriting your bitcoins are of more than academic interest.

My bitcoins are stored in our safe deposit box, and my son and daughter are tech savvy. I think they’re safe enough. I’m comfortable with my legacy.
[edited slightly] “