Exploring Bitcoin one small project at a time.
|Project Number||Project Code||Description|
|001||IPQR||Instax Bitcoin QR codes|
|002||HDQR||Hand Drawn QR codes|
|003||SCEF||Surplus Clean Energy Fallacy|
|004||BOOH||BAT out of hell|
|006||LND||Lightning Network Intro|
|009||CJI||CoinJoin | Part I|
|010||CJII||CoinJoin | Part II|
|011||QRSA||QR Sketch App|
|012||SSQR||Shamirs Secret QR|
Instax Bitcoin QR codes
We evaluated the usefulness of the Instax mini 9 for making cheap, quick QR prints. It works well but would work seamlessly with a small update to samourai wallet to enable full screen QR codes. Samourai dev's have since agreed to add this feature.
Use this method as a secondary backup only - heat will degrade the prints rendering them useless after a fire
Sometimes, when using Bitcoin, you may desire a physical printout. For example, a physical backup of your private key in QR form so you can easily sweep it with a mobile wallet such as Samourai.
Typically people doing this have to take great care to ensure that both the printer and the computer connected to the printer remain offline at all times. This requires diligence and is not a portable method. We wanted to evaluate whether an instant camera could provide a neat solution to this niche problem.
Testing & Result
We began by making a new samourai wallet for this demo. The 12 word seed presented on screen was judged to be too small to backup using the camera. We had to make a note of these by hand. It would be brilliant if there was an option to make the words large so that this step could be done with the camera too.
We were surprised to find that you cannot view a private key for your samourai wallet on mobile until you have received some coins. We have not investigated the details of this but if it is possible to view a master private key in QR form before any funds are received this would be brilliant.
We attached the small snap on lens which comes with the instax mini 9 in order to take a close up image of the QR code.
Hand drawn qr code
A simple idea - can you draw a QR code by hand?
1 hour later and we found that yes, you can.
Surplus Clean Energy Fallacy
I recently had a long discussion on twitter with StopAndDecrypt about surplus clean energy bitcoin mining. This post explains why surplus clean energy bitcoin mining is a fallacy. Having written this out I have a feeling that S&D and I agree more than we disagree on this. The post that started the discussion was the following statement;
"If we can create an immutable ledger WITHOUT burning so much energy, why wouldn't we seek it out?" - Preethi Kasireddy
The following reply came from StopAndDecrypt;
"Because renewable energy is the future and clean energy can't be wasted when there's a surplus of it"
S&D's proposition is that Bitcoin mining will (eventually) be powered by surplus clean energy. I will explain why this is a fallacy in this post but first I will attempt to form a strongman of S&D's argument.
Renewable energy will dominate in the (distant) futureThis will lead to a considerable surplus capacity This surplus capacity will be used to mine Bitcoin as the alternative is for it to go to wasteMining will only use this 'surplus' energy and, as it would otherwise be wasted, this is not an issue.
In S&D's own words:
"Please explain to me why a solar or wind plant can't just stay running and sell that extra energy they create to a miner and/or mine themselves with that energy."
I shall tackle the scenario where the electricity obtained at zero cost by the wind turbine operator and used for mining. (Note, Zero cost electricity is impossible as there will be operational costs but we ignore these to present the strongest form of S&D's argument).
Let the term 'Mining Ratio' refer to the mining income per unit energy divided by the electricity cost per unit energy. The miner aims to mine with the maximum average mining ratio over the lifetime of their hardware in order to maximise profit. There are three possible scenarios;
1) A miner operates only on the 'surplus' energy provided by the wind farm - they make relatively high profit per unit time (as energy is 'free') while mining but zero (mining) profit per unit time while there is no surplus energy. 2) A miner operates only on grid energy which has a non-zero cost but is available at all times.3) A miner operates using surplus energy when possible and on grid energy when there is no surplus.
Let us compare these scenarios.
Let the Mining reward per unit energy be M.Let the Energy cost per unit energy be E. Let Profit per unit energy be P. This is calculated as M-E.Let U be the mining time (as a fraction of total time).
The profit per unit time is given by P * U.
|Scenario||Energy Source||Energy Cost (E)||Mining Time (U).||Avg. Profit|
|3||Surplus & Grid||0 Surplus & E Grid||X Surplus & Y Grid||M*X + Y*(M-E)|
For the average profit of scenario 1 to equal that in scenario 2 it must be that: M*X = M-E
X is given by the product of the fraction of the time that the wind turbine is running (R) and the fraction of the time that it is required to shut off (S) when it could be generating. That is, X = R*S. I will find sources for this in the future but in my experience R is generally about 0.4. The value of S is harder to get data for but is surely below 0.1, thus X ≤ 0.04.
Given this estimate (and it is only an estimate) we can see that E = 0.96M.
Scenario 2 is more profitable than Scenario 1 if E < 0.96M. That is, if the Energy cost (Per J) is less than 96% of the Mining Income (Per J).
Obviously mining profitability changes, but to put this finding into context Jimmy Song estimated that in 2017 Bitmain made about $120M/yr in mining profit on $23M/yr electricity (& data centre costs). This gives E=0.19M.
In the first scenario the miner is indeed only operating on surplus energy and S&D's argument is valid. However the back of the napkin calculations above show that for wind (the renewable energy source S&D refers to) this option is far less profitable than option 2. They are only shut off when supply exceeds demand and they are the most expensive (flexible) energy source (shut off order occurs in reverse Merit order. This means that the estimate of 0.1 for S is a conservative estimate.
The miner would make more profit operating the mining equipment under scenario 3. However, wind farm operators are paid to shut off their turbines, thus there is little incentive for turbine operators to waste time and energy outside their area of expertise to become miners. Gut reaction is to say that they will instead sell this energy to miners, but any miners using this energy would be switching to this intermittent energy source from the grid. Remember the only time wind turbines have 'surplus' energy is when supply exceeds demand, if miners temporarily shift away from the grid, the grid demand would drop further reducing demand leading to other wind turbines needing to shut off.
Finally, in the second and third scenario the miners add to base-load demand. As such - they are not operating solely on surplus energy - they are simply using energy like any other use case - which is fine.
S&D initially asked for clarification as to why wind or solar energy suppliers won’t simply continue to run and mine using the surplus energy. Hopefully the above has explained why this won’t happen. Later S&D posted an article which claims that a hydropower station is being refurbished to mine bitcoin, hydropower doesn’t have surplus supply as it forms the base-load in the grid and has a negligible unit cost thus has a very high merit order.
S&D's argument was that surplus clean energy will be used to mine, but for the reasons explained I believe this to be a fallacy.
Energy used to mine bitcoin is not wasted, there is no need to try and appease the mob by suggesting only surplus energy will be used. People are free to pay to use energy in whatever way they see fit. Miners chose to use energy to mine Bitcoin - thus it is not wasted. Read Beautyon's work to understand this further. In the long run miners will be using renewable energy to mine, but no 'surplus' is needed for this.
You can tweet responses to @6102bitcoin
BAT out of hell
The sirens are screaming and the fires are howling way down in the (bitcoin twitter) valley tonight. An enlightening conversation between Francis Pouliot and Brendan Eich (CEO of Brave.com) has revealed why brave uses its own token (BAT — Basic Attention Token) rather than Bitcoin, and the rationale is frankly insane. Brave is an unnecessary product for users (ublock origin blocks all ads) and simple ‘pay to read’ tools like satoshipay (but using bitcoin) are far superior.
BAT is an ethereum token which was created to perform as money in the Brave browser ecosystem. It is advertised to be used by “publishers, advertisers, and users” to “obtain a variety of advertising and attention-based services on the Brave platform”. The following graphic which how each participant is expected to use BAT:
How It Works — https://basicattentiontoken.org/images/bat_triad_diagram.png
As most users and publishers are not advertisers it is obvious that these two groups will want to exchange their BAT for something for which they have a use. Given that bitcoin acts as the money of the internet we must ask …
the obvious question; why not use bitcoin?
The recent tweets by brave CEO Brendan Eich display an impressive ability to doublethink. He listed a number of (incorrect) reasons why brave can’t use bitcoin. It is recommend that you read the full thread but the main points are summarised below:
Reason 1 - Bitcoin is slow and expensive
“(bitcoin) was terribly slow and expensive to buy in moderate amounts” (link)
WRONG. Bitcoin is very quick. Final settlement takes less than 1 hour and lightning is practically instant. A properly run bitcoin company should operate at practically the same speed as bitcoin by using the correct tools and methods. For example Azte.co (which is on the cusp of launch) enables quick and easy buying of bitcoin. Furthermore, if users earn their bitcoin (by using the brave browser and viewing ads) there is no need to buy bitcoin.
Reason 2 — We couldn’t give it away because bitcoin is not free
“We also could not give users grants of it, because no bitcoin holder was willing to give us a big pool of coins to hand out.” (link)
WRONG. It is very easy to give bitcoin to people. The cost of bitcoin has no impact on it’s ability to function as money. The difference is that giving out bitcoin has a cost (because bitcoin has a cost) whereas giving out BAT had no cost (because BAT was, quite literally, worthless). The benefit of receiving bitcoin is that is it useful immediately whereas BAT is only hypothetically useful in the future.
Reason 3 — Publishers won’t accept payment in bitcoin.
“How many among our over 20K and growing publishers, including big names we’ve announced and others have noted on Twitter via their contributions going through, do you dream are ready and willing to be paid in bitcoin — never mind be an LN endpoint?” (link)
WRONG. That publishers don’t currently accept bitcoin is not evidence that they won’t. Bitcoin is a publishers dream. Publishers will be willing to pay a premium for payment in bitcoin because it performs as a global, friction-less and hard money. This statement makes it clear that Brendan is designing brave for today while ignoring tomorrow. Furthermore, it is trivial for companies to convert bitcoin payments into local currency every month.
An interesting aside
6 months ago reddit user ‘nemomendel’ posted some concerns on the BAT subreddit. One of these concerns is particularly relevant:
"There is simply no way that the Ethereum blockchain can handle the number of transactions required for BAT to function properly.
This was addressed directly by ‘CryptoJennie’, the ‘ BAT Community Manager’ who said:
"we only push the transactions onto the blockchain once a month at most; all the microtransactions are accounted for off-chain by the Brave Ledger system. As for any worries of centralization, the whitepaper states that once state channel technology becomes available on Ethereum, we will be decentralizing this aspect as well."
Brave are completely relying on unproven technology to decentralize their ledger system. Brave could be pioneers of the lightning network and become decentralised today.
This is all you need to know if you are interested in owning bitcoin and need help to get started;
Learn how bitcoin works (particularly key management). This video does a good job.
Make an offline wallet - This is for the bulk of your bitcoin.
You can do this inconveniently but inexpensively by making a bootable operating system (for example tails). If this sounds too complicated and you don't want to learn you can just buy a ColdCard or a Trezor/Ledger. This will be your main savings and, given that the value of bitcoin could increase significantly while you hold bitcoin, you should take great care to ensure that this wallet never goes online (we call this 'Cold Storage'). When doing this you MUST backup your private key (this is often done by writing down 12/24 words which are presented to you when setting up the wallet. Backup your private key multiple times and put the copies somewhere no-one can find them. Note that this is your offline wallet when storing your backup (at the top of the piece of paper).Make a record of ~10 public keys from your offline wallet. It may be convenient to save these to an empty (formatted) memory stick. For each private key, make a handwritten note of the first 5 and last 5 characters. This note will be used later to ensure you are sending to the correct addresses. You can save each public key as a separate QR code images, or a text file which contains all 10 (or use both methods). If saving as images it is recommended you use the naming convention PublicKey001 - PublicKey010.
Manage your backups.
While the wallets have no value it is worth destroying them and trying to recover them. This is to make sure that you haven't made a mistake which could later cause you to lose all your bitcoin.To do this delete the wallet from your phone and turn off your PC. When you download the app (or boot up tails) you will need to select recover wallet and follow the instructions. You will know that you have recovered the wallet successfully if the public key presented matches that which you recorded earlier. Once you have checked your backups hide them somewhere no-one will find them. You should have multiple backups in multiple locations incase of a disaster (house burns down). When you are comfortable with your setup you can look into using multisig.
DO NOT PROCEED UNTIL STEP 2 IS COMPLETE.
Make a 'hot' wallet - This is for when you want to spend bitcoin easily.
Use Samourai Wallet on your Android mobile phone as your daily wallet (<$200). If you have an iPhone you will need to use another app until Samourai launches on iOS.Again, when doing this you MUST backup your private key (this is often done by writing down 12/24 words which are presented to you when setting up the wallet.
Buy bitcoin. It is recommended to Dollar Cost Average when buying.
Don't be fooled into thinking you need to provide your identity to someone in order to buy bitcoin. When you buy an amazon voucher at tesco you don't need ID, and bitcoin is no different. Currently there are very few companies that understand bitcoin, therefore many unreasonably demand ID - do not comply. LocalBitcoins supports face to face buying, but this has obvious risks (theft). Once azte.co launches it will be the premier way to buy bitcoin in high street stores.
Send your bitcoin to your offline wallet and to your online wallet. To do this you need the public keys.
You stored your public key for the offline wallet on a memory stick, copy the key from the stick. Be sure to check the key matches your handwritten note of the first 5 and last 5 characters. Each time you Dollar Cost Average you can send to a new public key. This helps obscure the total amount of bitcoin you own. When you do this it is sensible to re-name the file on the memory stick (From PublicKey001 to USED_PublicKey001).You can see the Samourai wallet public key by going to receive. Each time you receive to an address in Samourai, a new public key is shown so there is no additional action required to ensure you don't reuse addresses.
All Alts are scams. No Exceptions.
Repeat Steps 5 & 6.
Lightning Network Intro
What is lightning?
Instant & cheap bitcoin transactions.
how to try lightning
An easy way to try the lightning network. Just visit tippin.me and sign up. Use a bitcoin lightning wallet such as lightning-wallet on android. On iOS there is thin wallet but that is not yet opensource. Follow the instructions in the app you download to create a payment channel and send some satoshis to your tippin.me account.
What can i do now?
You can pay by lightning on a growing number of websites.
You could try reading a post on yalls.org or buy a phone voucher on bitrefill.
You could also try sending me some satoshis by visiting my tippin page, tippin.me/@6102bitcoin or clicking the button below!
Full featured Samourai wallet is version 0.99.03. This version is not available on the Google play store as Google demanded that Samourai nerf their product.
It all started with this tweet.
I agreed completely, I am passionare about bitcoin, not scam altcoins which waste time, money and provide an additional attack surface for any product / service which dabbles with them.
I thought, wouldn't it be great to have a website which lists only bitcoin only projects!
That day I built bitcoin-only.com.
I got a great reaction on twitter with 45000+ Impressions.
I don't know how many pageviews the site has had because because I don't use any analytics tools because I respect my readers.
The site has been up for nearly 3 weeks now and I have been inundated with tweets and emails suggesting pages to add! I have been working through these and adding regularly so be sure to check out the site!
If you have any suggestions for additions I would love to hear from you, please tweet me or email me: firstname.lastname@example.org.
CoinJoin | Part I
This is a summary of the BitcoinTalk thread which was started by Greg Maxwell back in 2013 in order to encourage development of implementations of CoinJoin. A 2of3 multisig donation address was created by Greg, Theymos and Pieter Wuille.
Interesting to note that as of today (2019–04–06) no payment has ever been made from this address (except to consolidate funds when fees were low).
Historic Donation Address Balance (bitinfocharts)
A recent comment by Theymos suggest that there may be payouts from the donated funds which now total 46.4 BTC (over $200k) - watch this space!
Part I ?
Yes, I am writing follow up articles which will dive into different aspects of this Bounty Thread and CoinJoin in general. The second article will summarise the projects which are mentioned below.
Follow me on twitter (@6102bitcoin) to be notified when I publish the next part.
2013 : Genesis
On 2013–08–22 Greg (Maxwell) wrote up an explanation of CoinJoins  and posted a bitcoin address to collect funds for a bounty to be used to encourage development of a practical implementation of CoinJoin.
Image from the original thread It was stated that 'The bounty fund will pay out as funds are available according to the signers best judgement for completed work proposed in this thread that furthers the goal of making improved transaction privacy a practical reality for Bitcoin users'. As such, it isn't a single payout bounty, it was intended to pay out on an ongoing basis as work was completed.
Just 5 days later (2013–08–27) 'genjix' (Amir Taaki) was the first to try and claim the bounty with a proof of concept  he had developed with 'Pablo'. A couple of days later (2013–08–29) he added a public 'lobby' to serve as a meeting point and flexible mixing amounts. He posted a video showing the system at work . A simple explanation of what was done was posted back on the main thread . Though Greg commented in thread there was no mention of a payout.
The next day (2013–08–28) 'Tom Scholl' pointed out  that 3 months prior he had worked on a fully decentralized solution called 'BitPrivacy' which he posted about on bitcointalk . A day later (2013–08–29) 'Tom Scholl' placed his claim to part of the bounty .
Greg posted  to clarify that 'My main criteria is that work done be actually usable by someone for something … show me the code', 'the whole idea is to flow some funds from people who want to see this exist to people who are working on making it exist and everyone leaving happy', 'And yes, I need to pay out some bounties to the work done by people so far'.
The next day (2013–08–30) 'maaku; posted  his work  called 'CoinJoin' on the topic.
Two days later (2013–09–01) Olivier Coutu posted  a link to his presentation  from the Bitcoin 2013 conference on Decentralized Mixers for Bitcoin as well as the .pdf  of his slides.
Over a week later (2013–09–10) maaku posted  the link to the thread  he made the day earlier where he was looking to crowdfunded donations (85 BTC). Side note, two weeks later (2013–09–25) maaku posted  saying that he had not recieved any donations. His last post in the crowdfunding thread was 4 months later, a month after he pushed the last commit to the project's github page .
2013–09–11 greg posted  that he was enjoying Peter Todd's dust-b-gone  tool.
2013–10–10 greg posted a great insight - 'Above all other criteria widespread usage is what makes the difference between your "plausible denyability" and whatever you'd call actual "anonymity".' 
2013–10–19 user 'n8rwJeTt8TrrLKPa55' pointed out  a post  by blockchain.info announcing that their coinjoin scheme (called Sharedcoin). It used a centralised server to co-ordinate transactions but it had no access to funds. The source code was also pushed to GitHub .
2013–11–03 'piuk' announced that the blockchain.info coinjoin implementation (Sharedcoin) was availible by default in their wallet. It mixed both with other users funds and a pool provided by blockchain.info to reduce wait times and 'reduce transaction taint'.
2013–11–09 laanwj opened an issue  on the bitcoin QT (now bitcoin core) github suggesting that 'it would be useful to support coinjoin in the client and GUI'. No-one took up the challenge and the closest anyone got to suggesting something that could be implemented was chris-belcher who, 3 years later, suggested  a way of integrating Bitcoin-qt & joinmaket, in the same post he pointed out a way to send coinjoins from Bitcoin Core wallet using joinmarket sendpayment.py script.
2013–11–14 a user posted  a link  to a reddit thread where further funds were being raised. At the time the post was made the bounty stood at ~16 BTC. Interestingly there were some users who expressed difficulty in sending to the donation address because it was a p2SH address which bitcoinj wallets (Armoury & MT Gox) could not send to.
2013–11–15 Theymos agreed to match donations over the proceeding 30 days up to a limit of 5 BTC (which was reached) . Within the next 4 days the donation address balance doubled to ~32 BTC
2013–11–15 'coinft' made the suggestion  that if miners operated liquid CoinJoin pools through which they passed all their new block rewards a large fraction of bitcoin would be 'tainted', effectively making blacklisting tainted coins impractical.
2013–11–22 'BurtW' pledged to donate 5 BTC as soon as the fund reached 36 BTC, and looking at the blockchain it looks like he did .
2013–12–11 'andytoshi' announced  development of a tool  'to make CoinJoining easier to do'. It required manual sending of a raw tx from each user to an individual acting as coordinator who would run a command to create an unsigned merged tx. This then had to be sent back to each individual who would sign and send back. The coordinator would then manually enter these signed tx's and submit to the network.
2014–02–02 'themgp' announced  development of a tool  called Coinmux in which peers communicate using JSON messages. Within 4 days it had been tested on mainnet  though it was soon found to be susceptible to IP snooping . 10 days later (2014–12–16) themgp added a GUI .
2014–03–30 maaku asked when bitcoin would be distributed to CoinJoin developers .
2014–04–01 greg replied  stating that "Any payouts would need to be discussed with the other signers, but my thinking had been to pay most of it to to the most substantive complete and usable implementation, and partial amounts to smaller efforts".
2014–05–02 'caedes' posted  about darkwallet's CoinJoin efforts.
2014–06–06 'laurentmt' posted  in detail some thoughts on tx entropy and address identification.
2014–06–10 'justusranvier' posted  a link to coinjoinsoduku's announcement  that they were soon going to release a tool to de-anonymise SharedCoin tx's (blockchain.info's CoinJoin offering). Indeed, the tool was later released . The details are interesting but out of scope for this article.
2014–08–08 'bencher' posted  that he had coded a simple implementation of CoinJoin ('CoinJumble') and linked to the announcement thread  in which the link to the project's github page was posted . Soon after he acknowledged that an electrum plugin would less likley to result in lost funds (with users not needing to manage exposed private keys).
2014–10–01 'dillpicklechips' posted  some links about CoinShuffle including a video explination  & GitHub links ,,.
2014–10–30 Belcher posted  how to improve darkwallet's CoinJoin. His proposal was to 'Pay the coinjoin makers. They will put up offers to do coinjoin along with a fee they ask'.
2015–01–09 Belcher posted  a link  to his announcement of 'JoinMarket' as well as a link to the GitHub page .
2015–05–08 Belcher posted  an announcement that JoinMarket was live on mainnet.
2015–06–12 'Mexles' posted  a link  to his work on Compact Confidential Transactions which greg described as super exciting and important , though there was no code. A problem was identified by Andrew Poelstra which resulted in the proofs being less compact than initially hoped. I tried to follow the thread but it gets … complicated, see photo
TPTBneedwar lost me by this point 
2016–05–23 belcher posted  a link to his paper  on address closures and clustering. He also commented that he had reached out to theymos, pieter and greg 6 months prior requesting some of the bounty.
2017–12–12 greg posted  that the address had been consolidated to take advantage of low fees on the network.
# note. It looks like the BCASH in the wallet was moved on 2017–05–08.
2017–12–18 wintercooled posted  that he and Adam Ficsor (nopara73) were looking for 100 testers for 'an implementation of a Chaumian CoinJoin mixer and client wallet using the ZeroLink framework and HiddenWallet' ,
2018–10–17 nopara73 posted  that he was applying for a part of the bounty. He provided a very comprehensive list of all of the things that he has done to improve bitcoin privacy.
2018–12–25 RHavar posted  that he had created bustapay ,
2019–04–03 nopara73 posted  again and noted that he had not recieved a reply from theymos or greg (though he had recieved one from pieter). He hilighted that Wasabi had mixed 22941 BTC. He explained all of the updates to the software.
2019–04–06 'coiner.de' posted  that he had got a reaction from theymos . In the linked reddit thread theymos said - 'We've been discussing whether wasabi/joinmarket deserve some of the bounty. Personally, I think that wasabi does deserve some of the bounty.'
If you enjoy this article and wish to send me BTC my tip address is 35Jp1ZWaHMcbARupHWQKikaYP881r4t4q6
QR Sketch App
It is very time consuming to hand sketch a qr code, though as we have previously shown it is possible, if you have approximately 1 hour to kill. I believe that there are occasions when it would be useful to be able to hand record a QR (more to come on this) - but unless it can be made an order of magnitude quicker (6 mins) it will never be used.
A simple idea for making sketching QR codes manually far easier. Simply split the 27x27 square grid into 9x9 squares, each square being composed of 3x3 smaller squares.
Use a phone app to display the 3x3 squares to be sketched, whilst also displaying the position of that square in the larger 9x9 grid and its coordinate (x,y).
Optional extra: Use a piece of card/plastic to reveal one square at a time.
Shamirs Secret QR
I expect that there is a chance that hand drawing QR codes might be an important tool for the bitcoiner of the future.
Shamir's secret sharing will be an incredibly important tool in the next few years. Splitting your private key using sss means that you can have strong guarantees of salvage when you need to retrieve your funds. Furthermore, by nesting sss schemes you can add further redundancy.
The obvious problem is how to get the shamir's secret's off the computer and onto something in meatspace.
Mnemonics are good because they are redundant - the first 4 characters are the only ones that matter and it's often easy to figure out what they are meant to be by looking at the whole word if a letter is smudged. That said, I don't think it will be easy to have mnemonics with sss (though I could very well be wrong).
If I am right, we will need to have an easy way to get data from the computer into meatspace and I think that this could be one easy way to do that with high reliability.
We humans are very good at pattern recognition and can easily check this kind of thing with very little effort
That is why I am interested in something that makes sketching QR codes far quicker and easier - I have had one idea so far.