[HN Gopher] A from-scratch tour of Bitcoin in Python
___________________________________________________________________
A from-scratch tour of Bitcoin in Python
Author : yigitdemirag
Score : 578 points
Date : 2021-06-22 16:30 UTC (6 hours ago)
(HTM) web link (karpathy.github.io)
(TXT) w3m dump (karpathy.github.io)
| runbathtime wrote:
| In Step 1, he explains how to create a cryptographic identity-
| the private public key pair. I came across an argument that a
| number cannot be property or owned because you can't legally own
| a number. If this is true then you can't own UTXOs associated
| with a private key or a cryptographic identity.
|
| I do think that bitcoin is fundamentally too complicated to
| understand, mathematically, for most people- myself included. I
| would argue everyone needs to do this exercise, from scratch, and
| also understand what they are doing (the math), to have
| confidence in bitcoin payment network. Anyone who thinks you
| don't need to get it is most likely in it for speculation alone.
|
| With something so abstract like bitcoin, it has a much larger
| uphill battle for understanding than a physical commodity like
| Gold, the precursor of paper dollars.
| modeless wrote:
| You don't own the number that is your private key, just as you
| don't own the number that is your bank account PIN or balance.
| What you own is space on the blockchain.
|
| And just as you don't need to tour the mint to have confidence
| in the dollar, or implement Diffie-Hellman to have confidence
| in your TLS connection to Amazon, you don't need to understand
| elliptic curve cryptography to have faith in Bitcoin.
| runbathtime wrote:
| A bank account balance is representative value of dollars
| that bank owes you. If someone tries to steal it by
| pretending to be you even if they just steal your PIN, they
| are committing fraud.
|
| If someone steals a private key by committing another crime
| like stealing a laptop, that is a crime because you own the
| laptop. If they learn of your private key without committing
| a crime, that is not theft.
|
| You don't own 'space on the blockchain.' I have no idea what
| that even means.
|
| You do need to understand elliptic curve cryptography to have
| confidence (not faith) in bitcoin because you make the
| transactions in bitcoin. You are responsible, not some third
| party. People understand the dollar because it is physical
| and you can get them on demand and they originally got their
| value from Gold, not some abstraction like proof of spent
| energy one time awhile back.
| modeless wrote:
| The bank PIN is just a number. Your bank account balance is
| just a number in a database. Your private key is just a
| number. Your bitcoin balance is just a number in a database
| (a blockchain is a kind of database). There is no
| distinction that makes stealing dollars using a bank PIN
| fraud but stealing bitcoin using a private key _not_ fraud
| somehow.
| noxer wrote:
| "...Bitcoin is a living, breathing, developing code base that is
| moving forward with new features to continue to scale..."
|
| There is exactly zero progress to make it scale in the last 10+
| years.
| wyager wrote:
| > There is exactly zero progress to make it scale in the last
| 10+ years.
|
| Lol, literally this week: https://taproot.watch/
| uncletammy wrote:
| Oh good, BTC can finally support Schnorr signatures, a
| feature that been available on BCH for years now. A feature
| that is useless until wallet developers add Schnorr signing
| functionality.
|
| Taproot is the update we get after ten years of the BTC devs
| doing nothing except gaslighting users about the protocol's
| scalability? All that momentum wasted.
| ric2b wrote:
| > Schnorr signatures, a feature that been available on BCH
| for years now.
|
| Not in a useful way: https://www.reddit.com/r/btc/comments/
| l8v8sa/heres_a_6of9_sc...
| coding123 wrote:
| Bitcoin doesn't scale.
|
| https://digiconomist.net/bitcoin-energy-consumption
|
| Just watch this video:
|
| https://www.youtube.com/watch?v=UDKntG4F0hg
|
| So in about 5 years pretend everyone in the United States
| melts a wrench like that... Then a month later they do that
| twice, a month later they do it three times.
|
| Hey, at least it will be fun.
| Shosty123 wrote:
| Why does every discussion about Bitcoin's environmental
| impact reduce to "it uses a lot of electricity therefore it
| should be stopped".
|
| We're not going to shut down entire sectors of the economy
| because of their environmental impact. People are going to
| innovate and invest in alternative sources of energy
| because it is becoming profitable to do so. The solution is
| hardly ever "just stop doing it", it's "how can we do this
| better".
| noxer wrote:
| It has been "done better" in 2013 or so when the first
| FBA system where created as an direct answer to bitcoins
| expected future environmental impact and scalability
| problems.
|
| See https://news.ycombinator.com/item?id=27596590
| MrLeap wrote:
| Instead of watching that video, perhaps watch it on
| photonic induction's channel, seeing as he's the creator.
|
| https://www.youtube.com/watch?v=DJOX0c60wQE
| lawn wrote:
| Segwit was also supposed to scale Bitcoin, and it turns out
| it was a massively inefficient solution, which took years to
| even reach it's lackluster potential.
|
| Taproot will in practice have an even smaller impact, as it
| only affects special transactions that normal people won't
| use.
|
| So yeah, it's not zero progress, but it's certainly not much.
| doomroot wrote:
| Segwit itself provided an effective 2x increase in onchain
| transaction capacity and it fixed transaction malleability
| which was necessary for lightning network. Lightning
| network has 50,000+ open channels where payments can be
| routed without going onchain. Given the lightning network's
| strict requirements to keep a node online & responsive,
| less you lose all your funds, I think that's extremely
| impressive and shows a real demand for fast cheap payments.
|
| Now, in November taproot/schnor activates which gives us
| ptlc's on the lightning network as well as makes a
| lightning channel opening transaction look like a normal
| single signature transaction, yay privacy. All of this lays
| the groundwork for the next major base layer change, in
| probably ~2023, anyprevout. This will give us "eltoo" on
| lightning which is nirvana. Eltoo removes the penalty
| mechanism which makes running a lightning node on a mobile
| phone or home node much more reasonable.
|
| Protocols take a long time to develop, especially ones
| where a miss-step could mean the loss of billions of
| dollars.
|
| Do not believe anyone telling you that their coin solved
| bitcoin's scaling problems years ago.
| noxer wrote:
| Bitcoins scaling problem was solved by removing PoW/PoS
| and by removing the incentive structure (block rewards).
| As soon as this is gone there was no reason anymore why
| it would not scale like similar systems. Its basically
| limited only by how fast data can propagate trough the
| network.
|
| PoW/PoS was replaced by FBA (Federated Byzantine
| Agreement) Its not a coin its technology used by several
| systems and based on BFT (which is way older than bitcoin
| and bitcoin actually is based on BFT as well although
| maybe unintentional).
|
| FBA just adds the federated part so a decentral system
| can be build. While bitcoin instead used a work-reward
| lottery system (PoW) to decide who can write the next
| block rather than finding a block everyone agrees on. Its
| really not that hard to figure out which of these
| solutions probably works better and scales somewhat like
| a distributes system is expected to scale.
| noxer wrote:
| Taproot doesn't make bitcoin scale its mainly to increase
| privacy.
| wyager wrote:
| Taproot decreases the size of multisig and other complex
| transactions significantly, in the happy path of a
| cooperative signature.
|
| It also enables Schnorr, which produces smaller signatures
| than ECDSA.
|
| It also contains features to further improve the efficiency
| of Lightning, which is a shockingly effective scaling
| mechanism.
| simias wrote:
| Lightning doesn't work because it either leads to a chaos
| of routing that doesn't scale or it ends up centralized
| and you lose the point of bitcoin in the first step.
|
| And don't bother coming up with hand wavy explanations of
| how it _could_ work, _some day_. People have been talking
| about Lightning for years, literally billions of dollars
| have been poured into the "tech", the fact that even
| bitcoin enthusiasts barely ever use it is all the proof I
| need.
|
| I wonder how many more years of empty promises we'll have
| to suffer through before people accept that
| cryptocurrencies are a very good pyramid scheme with a
| thick layer of technobabble around it.
| noxer wrote:
| Daily reminder that cryptocurrencies are not == bitcoin
|
| All the problems with bitcoin are long long solved just
| not with bitcoin because its not possible to fix
| something when the majority (of hashpower) thinks its not
| broken or rather profit form its brokenness.
|
| FBA coins exists since 2013 or so.
| wyager wrote:
| FBA is centralized. Period. There's a reason ripple
| hasn't dominated the secure payments industry.
| noxer wrote:
| _faceplam_ FBA is a technology its not a thing or a
| running system. It can not be centralized its just bunch
| of math that BTW is mathematically proven to work. There
| are many FBA based "blockchains" out there some
| centralized some not. Ripple is a company that uses such
| a FBA system.
| normac2 wrote:
| Would you include environmental impact as a solved
| problem? My understanding is that Proof of Stake is the
| best serious option and that it's very controversial if
| it'll work.
| noxer wrote:
| Solves as in it does not use more energy than what the
| hardware needs to process the data + it doubles every
| time you double the number of nodes (obviously since they
| all have to do the same work too) Its not wasting energy
| for a PoW lottery it just uses energy like a comparable
| instant messenger with global server farm would. The more
| people who use it the more energy it will use there is no
| way around that.
|
| FBA is completely different form PoS. It does not work on
| incentives and penalties it works with a global final
| state, global rules and (federated) byzantine agreement
| (FBA) for progress (adding the next "block"). No way to
| re-org, no block/staking reward, no censorship. If
| someone doesn't act in everyone's interest other nodes
| simply wont listen to them anymore. Not following the
| rules its publicly visible for anyone. And since there is
| no reward anyway there is no financial reason why anyone
| would participate who does not simply want to help the
| system.
| wyager wrote:
| Proof of stake lacks the security properties of proof of
| work, e.g. via grinding attacks.
| Permit wrote:
| > Daily reminder that cryptocurrencies are not == bitcoin
|
| This is an interesting feature of cryptocurrencies.
| Someone levels a fair criticism of a particular
| implementation but it can be handwaved away because an
| entirely separate cryptocurrency solved this particular
| problem (nevermind that whatever replacement you've
| chosen has its own host of separate problems because
| those can be handwaved away the same way).
| wyager wrote:
| Your entire premise is based on nonsense. People use
| lightning all the time and it works great.
| RazTeve wrote:
| lightning works, at least you are having fun tho
| nednar wrote:
| Well, the "pyramid scheme" + "technobabble" is not
| totally worthless, if it enables the investment of
| "literally billions of dollars" in otherwise totally
| unproven technology paths, doesn't it? Finally there is
| one area where people are really investing money into
| computer science! A cause to celebrate in my book.
| prox wrote:
| _cough_ dotcom bubble.
|
| Seriously, investing money in a bubble is nothing to
| celebrate. That's why it is called a bubble. It pops and
| many people loose their money.
| plebianRube wrote:
| Weird Lightning works perfect for me, every time I use
| it. Low fees instant transactions. Maybe the trouble is
| in your trolling?
| noxer wrote:
| Who cares, the size could be 10 times smaller and it
| would not make a dent in the scalability problem. Its a
| few transaction per second at max and it would need to be
| be several hundred just so people could move their
| "owned" bitcoins away from exchange wallets without
| loosing several % in fees.
|
| LN is not part of bitcoin and a total joke anyway.
| [deleted]
| iamastrangeloop wrote:
| There has been great progress in scaling the original protocol
| through the Bitcoin SV implementation: -
| Transaction fees are ~$0.0001 - The network has shown
| capacity for 50k tps - On March 14, 2021, the network
| processed a world record 638 MB block - As of June 4,
| 2021 the chain size exceeded that of the BTC implementation and
| is currently 418.17 GB - New business based on
| micropayments have emerged like twetch, streamanity, peergame,
| etc
|
| [1] https://www.prnewswire.com/news-releases/bsv-proves-that-
| bit...
| uncletammy wrote:
| There has been great progress in scaling on just about every
| other cryptocurrency, including many flavours of bitcoin. BTC
| is the only coin who finds scaling too difficult.
| ric2b wrote:
| > - The network has shown capacity for 50k tps
|
| No, that was a lab demo of a single beefy system being
| directly fed with test data and being measured on how long it
| takes to process it.
| noxer wrote:
| Everyone knows faketoshi is a fraud.
| iamastrangeloop wrote:
| Above is proof that the original bitcoin protocol can
| scale, and recently testnet can do 90k tps. What you think
| of certain people doesn't change the fact.
| noxer wrote:
| Its centralized and run by the people around this fraud.
| It doesn't matter if the tech is good since no one will
| use it for anything beside speculation or abuse it as
| storage which just wont be sustainable in the long run
| with no limits in place.
| iamastrangeloop wrote:
| The protocol remains the original and it scales
| significantly. I'd focus on protocol not people. If
| people changed the protocol then it's no longer bitcoin.
|
| Twetch.app has more than 50k users. It's also a genuine
| use case. So is etched.page or the other above-mentioned
| services.
|
| How can you abuse storage if there is a 0.5 satoshis/byte
| fee to write data on chain currently? Miners are for-
| profit entities and will always charge for storage.
| ric2b wrote:
| > I'd focus on protocol not people.
|
| The protocol encompasses the nodes on the network. If the
| network is highly centralized the protocol is unsafe.
| noxer wrote:
| You completely ignore my points so I will yours
|
| Have a nice day
| iamastrangeloop wrote:
| Which point specifically?
|
| You claim centralized manipulation of bitcoin and
| fraudulent people while the protocol hasn't changed. Do
| you have legal evidence?
|
| Also you claim price speculation as the only use case
| while I've listed several apps with real users.
|
| You mention storage abuse and I argue that miner fees
| prevent that.
| noxer wrote:
| You can stop now dear green name we all can see you only
| joined to shill ButtcoinShitVison No one here cares.
| exit wrote:
| segwit facilitates the construction of lightning channels.
|
| taproot, which recently locked in, reduces the space needed to
| represent complex contracts.
|
| moreover, bitcoin aims at being a concise and focused base
| layer on top of which secondary layers and sidechains can be
| built.
|
| your absolute statement "exactly zero" is absolutely wrong.
| uncletammy wrote:
| > taproot, which recently locked in, reduces the space needed
| to represent complex contracts.
|
| Complex contracts? Are you joking? What kind of complex
| contracts do you think can be done on BTC? Their scripting
| language and capabilities has been neutered just like their
| blocksize. Good luck writing a useful contract on BTC.
| tsimionescu wrote:
| > moreover, bitcoin aims at being a concise and focused base
| layer on top of which secondary layers and sidechains can be
| built.
|
| Have you ever read the white paper that outlines what bitcoin
| aims to be?
| noxer wrote:
| It should be p2p cash then turn into store of value after
| some years and then it becomes the settlement layer for
| centralized second layer solutions that only exist because
| the first layer sucks.
|
| Just kidding, it should only be p2p cash and it failed at
| that.
|
| PoW/PoS will be replace by FBA in the next years and every
| system that can not switch away from PoW will become
| irrelevant.
| uncletammy wrote:
| > Have you ever read the white paper that outlines what
| bitcoin aims to be?
|
| ... or even the title
| wtsnz wrote:
| There was a demo of node software that is capable of 50,000
| transactions per second just a few weeks ago.
| https://www.youtube.com/watch?v=i3As9-9uSXs
|
| (Yes this is on the Bitcoin SV implementation of the Bitcoin
| protocol - where they're using the original protocol that
| Satoshi envisioned)
| uncletammy wrote:
| From what I understand, that's 50,000 pre-generated
| transactions pumped directly to the mining node. Not 50,000
| transactions spread across hundreds of non-mining nodes and
| relayed to the mining node. There's a huge difference.
| Correct me if I'm wrong here.
|
| Either way, bitcoin the protocol can handle waaaaaay more
| transactions than the BTC devs have constrained it to.
| SnowProblem wrote:
| Yes, more-or-less, but that how it is designed to work. The
| most reliable way to get a transaction into a block is to
| send it directly to a miner or set of miners. Apps on BSV
| do this today via MAPI REST endpoints, similar to how this
| test was configured. Non-mining nodes will see the
| transactions later, but they won't do the same verification
| that mining nodes require because they are not part of
| consensus. BSV generally sees the eventual network
| configuration as a small-world network for the mining core,
| and a mandala network for the apps and services surrounding
| it, rather than as a mesh network which most blockchain
| systems strive to be.
| SnowProblem wrote:
| So-called heretics have been scaling Bitcoin in spite of BTC's
| braindead decisions. Last week, 50K TPS were demonstrated
| publicly on Bitcoin SV:
| https://www.youtube.com/watch?v=i3As9-9uSXs. More privately.
| ric2b wrote:
| That's just a lab demo of a single system, not the network or
| even a common node configuration.
| wtsnz wrote:
| This.
| andai wrote:
| What happened to the lightning network? (Serious question, I am
| out of the loop.)
| RazTeve wrote:
| its maturing, works pretty well already, but surely patience
| helps with emergent tech
| thesausageking wrote:
| It launched, is usable in most wallets, and is starting to
| get adoption. It's going to be a key piece of the recently
| passed legislation in El Salvador which makes Bitcoin legal
| tender.
| hypnotist wrote:
| El Salvador not Colombia
| thesausageking wrote:
| Yes. Not sure why I wrote Colombia. Thx.
| simias wrote:
| Using a closed, centralized implementation that doesn't
| accept third party nodes. The use of bitcoin is pure
| marketing, it's just MySQL with extra steps.
| krick wrote:
| This is interesting. Obviously, I heard about the whole
| "El Salvador _something something_ Bitcoin " deal, but am
| completely unaware of the actual situation. Can somebody
| point me in the direction of some nice writeup explaining
| these details? I can only vaguely imagine how one can
| take Bitcoin and make it essentially an extension of
| SWIFT, and struggle to clearly visualize what the
| implications of this are.
| pixelperfect wrote:
| The legislation that made Bitcoin legal tender in El
| Salvador does not legislate the use of Strike. Businesses
| can use whatever system they want, as long as they can
| accept payment in Bitcoin. Strike is providing a service
| that allows any business to take Bitcoin lightning
| payments and have them automatically converted to
| dollars, for businesses that do not want to hold Bitcoin.
| It's not fair to just call this a "sql database" because
| it's connected to an open payment network and the
| customer can use whatever means they want to pay the
| business, even if the business decides to just uses
| Strike.
| counternotions wrote:
| From Strike CEO Jack Maller [1]:
|
| Let's walk through a user story. I want to send $1,000 to
| a friend of mine in El Salvador:
|
| * When I initiate the $1,000 payment, Strike debits my
| existing USD balance.
|
| * Strike then automatically converts my $1,000 to
| bitcoins ready for use in its infrastructure using its
| real-time automated risk management and trading
| infrastructure.
|
| * Strike then moves the bitcoins across the Gulf of
| Mexico where it arrives in our Central American
| infrastructure in less than a second and for no cost.
|
| * Strike then takes the bitcoins and automatically
| converts them back into USDT (synthetic digital dollar
| known as Tether) using its real-time automated risk
| management and trading infrastructure.
|
| * Strike then credits the existing user with the USDT to
| their Strike account.
|
| [1] https://jimmymow.medium.com/announcing-strike-
| global-2392b90...
| noxer wrote:
| There is no bitcoin needed for this at all its does not
| even move on the chain for the transfer.
|
| Both sides are Strike entities all this does is use
| bitcoin as a bridge for USD to USD which is completely
| pointless as both sides are USD.
|
| You could just buy USDT (or another stabelcoin) and send
| it there.
|
| Its a different story if there is actually a switch in
| currency needed. There is this famous and from bitcoin
| people often hated company called Ripple that specializes
| on cross-border settlement using crypto as a bridge
| currency. For that however the crypto must be actually
| moved and be sold locally for the local currency. And for
| that to work without risk due to volatility it must be
| fast. Hence they use XRP (4 sec) instead of bitcoin (10+
| min). They call it ODL (On-Demand Liquidity).
|
| See https://ripple.com/ripplenet/on-demand-liquidity/
| delaaxe wrote:
| Source?
| lawn wrote:
| They will be using Strike, which is a custodial wallet.
| doomroot wrote:
| The ceo of strike said they are continually promoting
| that banks and businesses in the El Salvador operate
| their own lightning network nodes & not to solely rely on
| them. Only the government's official (but optional) app
| will be a wrapper around strike.
| WanderPanda wrote:
| Wait, it does not allow third party nodes? What is my
| Raspberry Pi right next to me doing? Just pretending to
| be a Lightning Node?
| cmckn wrote:
| Parent is referring to El Salvador's proposed usage, not
| the wider lightning network.
| espadrine wrote:
| I am puzzled by one thorn it is intended to solve.
|
| In the case of merchant/customer interactions, the LN
| channel blocks customer funds from their balance, but they
| will never receive money from the merchant. So that balance
| will be sent to the merchant, payment by payment.
|
| Not only does that block funds for the customer (which
| wants to reduce those, to avoid blocking too much, but that
| reduces the number of payments that can be made off-chain),
| but it also blocks the merchant's reception of those
| payments: the merchant wants to be able to spend it soon,
| but it can only spend it on-chain.
|
| That is compounded by the fact that most merchant/customer
| interactions are rare one-offs in the real world. I just
| don't buy stamps every day.
|
| LN channels are only most useful when the two parties
| exchange money bidirectionally on average.
| doomroot wrote:
| It's an ongoing problem for sure, but the simple answer
| is users maintaining multiple well connected channels.
|
| It's very common on lightning to pay liquidity providers
| to balance your channels to you. Lightning Labs has a
| service called loop where you can pay them an onchain
| transaction and it will make a lightning network payment
| to your channel for that amount, thus giving you more
| spend liquidity. Loop is sweet cause it does this in a
| non custodial way, look into it.
| xwolfi wrote:
| El Salvador, the military dictatorship that managed to make
| western dreamer hype it like a shitcoin...
| lottin wrote:
| Apparently it has serious design flaws that compromise its
| security and performance.
| uncletammy wrote:
| In order to get money on and off lightning network, you still
| need to make on-chain BTC transactions. Meanwhile, the BTC
| devs have intentionally changed the network so that it's
| expensive to make on-chain transactions. From this you can
| probably figure out why lightning network failed.
| kemonocode wrote:
| It exists, and it very much works [0] but it has yet to reach
| the massive levels of adoption people would have expected by
| now. Simple as that.
|
| [0] https://1ml.com/
| WanderPanda wrote:
| Afaik it is still considered #reckless to put bigger
| amounts on your lightning node and at least the "lnd"
| implementation seems to be in "beta" (according to their
| Github releases). Idk about the roadmap for a solid,
| production ready version is. But in this case safe seems to
| be better than sorry
| Taek wrote:
| Lightning network more or less failed to live up to the hype.
| Problems like routing complexity, liquidity, and a lack of
| on-chain space to open and close channels have
| delayed/limited its impact.
| SnowProblem wrote:
| To expand on this, to receive money over Lightning, you
| need someone else to lock up their bitcoins for you. This
| is called inbound liquidity, and the problem of users
| getting inbound liquidity is no joke. Lightning Labs
| recently launched Lightning Pool to help with this, but
| fees range from 5% to 25%. Uncompetitive. If you think
| about it too, it makes sense, because anyone locking up
| their bitcoins for others should expect a several % return,
| or else they would loan it out at similar rates. Current
| Lightning wallets are basically giving their users inbound
| liquidity for free using VC funds, but is this honestly
| sustainable? There are other problems with Lightning, like
| the requirement to be online to receive payments,
| watchtowers, UX complexity of channels. Some of these are
| solvable through centralization. But that is why you'll
| hear people say Lightning recreate the banking model,
| because realistically that looks like the only way it could
| work. Oddly, this was all pointed out by many people over
| the years, but Lightning seems to get endless forgiveness
| in its inability to deliver, because it is BTC's only hope
| to maintain the peer-to-peer cash narrative.
| noxer wrote:
| The looking up of liquidity is the whole reason LN can
| not scale or be cheap ever.
|
| Today people in crypto may be willing to look up bitcoins
| they hold long term anyway. But in the real world this
| would be dead and trapped capital it doesn't work for you
| and you cant even use it to quickly buy something an take
| advantage of a market situation.
|
| The only reason why someone would look up capital like
| that if is it makes money. So people who use someone else
| locked up bitcoins have to pay. This makes LN impossible
| to be cheap. You literally lend money to send money to
| someone. Its complete absurd. And as you said to make
| this more efficient large centralized pools are created
| so there will be a monopoly or oligopoly for lending,
| hows that gonna be good for the fees.
|
| LN was dead before they started coding it.
| delaaxe wrote:
| lock up*
| wickoff wrote:
| If I decide I want to be long BTC, why not also lock it
| up to earn fees?
| colordrops wrote:
| Does this blog entry hang Brave on Android for anyone else?
| Happens on two phones for me.
| Thorentis wrote:
| Yep, just happened for me. Hangs and can't scroll.
| archon810 wrote:
| Created a bug report https://bugs.chromium.org/p/chromium/issue
| s/detail?id=122283....
| archon810 wrote:
| Hangs Chrome for Android completely too.
| [deleted]
| ubi3921 wrote:
| > We don't just get to share code, we get to share a running
| computer, and anyone anywhere can use it in an open and
| permissionless manner
|
| Can someone explain what this means? Its not explained anywhere
| in the post.
| olalonde wrote:
| Bitcoin transactions, or more precisely transaction outputs,
| are little scripts that are executed in a VM. To spend a
| transaction output, you have to "solve it" by providing it an
| input which makes it return true. The most common transaction
| script checks that you possess a private key through a
| signature check, but it's possible to make more complex scripts
| like the "Pay To Multisig" script. Of course, Bitcoin scripts
| are quite limited and, unlike Ethereum smart contracts, they
| are non-Turing-complete and can't store state.
|
| Permissionless just means anyone can create transactions
| because there's essentially no way to block someone from doing
| so, unlike say a transaction on PayPal.
| counternotions wrote:
| Presumably a reference to blockchain as a distributed ledger.
| legutierr wrote:
| He is probably referring to Ethereum, which was conceived as a
| "global computer", operating in an open and permissionless
| manner.
| jazzyjackson wrote:
| Ethereum extends the concept, but Bitcoin transactions are
| programs running on the global blockchain (well, the op codes
| are executed by a single node, but the result is published
| and verified by the network, if I understand it right)
|
| But just wanted to make the point that Bitcoin is a global
| computer as much as ethereum is, Solidity is just Turing
| complete while (Bitcoin's) Script is intentionally limited to
| a few instructions.
| aazaa wrote:
| You can think of the Bitcoin block chain as the state of a
| globally-accessible machine. The state is updated through the
| publication of valid blocks, each of which builds on a previous
| block. A block is composed of transactions, each of which
| incrementally advances the machine's state. Each transaction
| contains a small program "script" that defines the conditions
| for the state transition it causes.
|
| There's this persistent misconception out there that only
| Ethereum works this way. It's a testament to marketing. Bitcoin
| has been doing "smart contracts" long before Ethereum was even
| a gleam in Vitalik's eye.
| spinny wrote:
| Bitcoin's script language is very restricted, claiming that
| Bitcoin has been doing "smart contracts" is disingenuous to
| me. I wouldn't call a bitcoin script as "smart". Ethereum was
| born because of this
| aazaa wrote:
| Script is restricted, but it permits everything outlined by
| Nick Szabo's definition. As Wikipedia notes:
|
| > Smart contracts were first proposed in the early 1990s by
| Nick Szabo, who coined the term, using it to refer to "a
| set of promises, specified in digital form, including
| protocols within which the parties perform on these
| promises".
|
| https://en.wikipedia.org/wiki/Smart_contract
|
| We don't get to decide what smart contracts are. Nick Szabo
| decided long ago.
|
| Marketing vs reality has been a big problem in this space.
| isoprophlex wrote:
| He links committing transactions to the blockchain to storing
| state in a distributed data structure... which is of course, in
| the case of Bitcoin, implemented in arguably the most wasteful,
| ham-fisted, environmentally disastrous way possible.
|
| There's also the ethereum VM which is a slow decentralized
| state machine capable of executing code...
| plebianRube wrote:
| Check yourself.All progress was 'wasteful' with resources at
| one time. And yes, bitcoin is progress.
| tsimionescu wrote:
| All progress was 'wasteful' at some point, but all
| 'progress' is wasteful. And yes, bitcoin is 'progress'.
|
| I suppose Bitcoin is better than gold. Unfortunately, for
| BTC, we already have much more advanced financial
| technology.
| plebianRube wrote:
| Permissioned legacy technology is not advanced. The
| stronger, harder money wins. Good luck with your guess.
| toxik wrote:
| If you, like me, were curious about what the secret key 1 is on
| the mainnet, then here you are: 1
| 1BgGZ9tcN4rm9KBzDn7KprQz87SZ26SAMH https://www.blockchain.com/btc
| /address/1BgGZ9tcN4rm9KBzDn7KprQz87SZ26SAMH
|
| Some others: 2
| 1cMh228HTCiwS8ZsaakH8A8wze1JR5ZsP https://www.blockchain.com/btc
| /address/1cMh228HTCiwS8ZsaakH8A8wze1JR5ZsP 3
| 1CUNEBjYrCn2y1SdiUMohaKUi4wpP326Lb https://www.blockchain.com/btc
| /address/1CUNEBjYrCn2y1SdiUMohaKUi4wpP326Lb 42
| 1EMxdcJsfN5jwtZRVRvztDns1LgquGUTwi https://www.blockchain.com/btc
| /address/1EMxdcJsfN5jwtZRVRvztDns1LgquGUTwi 1337
| 1DN76uuAUDY1DLxABD3JAyunhhAreJbCjT https://www.blockchain.com/btc
| /address/1DN76uuAUDY1DLxABD3JAyunhhAreJbCjT
| [deleted]
| 21eleven wrote:
| Looks like the exercise left to the reader has been completed:
| https://www.blockchain.com/btc-testnet/tx/182bf9202649ded3a6...
| noxer wrote:
| 0.00090000 BTC moved 0.00005000 BTC Fees Thats 5.55%
|
| On the test net! On the real net it would be like 20% or more
| in fees.
| bogota wrote:
| Fees are dictated by the user and the time they have for the
| transaction to take place. The fee could have been much
| lower.
|
| I think we are well past the point of debating if bitcoin
| layer one will be used for day to day transactions however. A
| custodial service or lighting will have to be used for that.
| Additionally most people treat bitcoin closer to gold than a
| dollar currently.
| noxer wrote:
| I disagree but wont bother explain why because I know you
| dont care.
| AlexAndScripts wrote:
| Then why bother writing that useless comment?
| noxer wrote:
| Why ask that useless question?
| karpathy wrote:
| the plot thickens :)
| https://twitter.com/YuleHou/status/1407395412575592453
| grokstar wrote:
| The thickening intensifies :)
| https://twitter.com/grokology/status/1407433078914437120
| counternotions wrote:
| > steal my bitcoins from my 3rd identity wallet
| (mgh4VjZx5MpkHRis9mDsF2ZcKLdXoP3oQ4) to your own wallet ;) If
| done successfully, the 3rd wallet will show "Final Balance" of
| 0. At the time of writing this is 0.00095000 BTC, as we
| intended and expected.
|
| Can someone explain how this was executed?
| meowface wrote:
| Guessing it's because the private key is right in the code:
|
| >secret_key3 = int.from_bytes(b"Andrej's Super Secret 3rd
| Wallet", 'big') # or just random.randrange(1, bitcoin_gen.n)
|
| (Obviously a private key intended for actual use generally
| wouldn't just be some ASCII bytes of an English phrase and
| wouldn't be posted publicly. Though, of course, there have
| been instances of both...)
| toxik wrote:
| You have the secret key, just sign away the txouts.
| [deleted]
| igravious wrote:
| Super interesting and informative, I learned lots that I didn't
| already know. Who are the cryptominers on the testnet btw?
| adamnemecek wrote:
| Kind of surprised Andrej has time to work on anything besides
| self-driving cars
| canada_dry wrote:
| Related... his recent presentation at CVPR is quite
| interesting:
| https://www.youtube.com/watch?v=eOL_rCK59ZI&t=28286s
| karpathy wrote:
| https://twitter.com/karpathy/status/1407378320551923718 :) But
| more seriously, I just really love learning and worked on this
| on the side, in small increments in between the cracks, and
| purely from interest for fun.
| adamnemecek wrote:
| How many hours a day do you work? And what does your daily
| schedule look like?
| [deleted]
| karpathy wrote:
| I count myself very fortunate that I find the word "work"
| very confusing.
| adamnemecek wrote:
| I know what you mean but I still think that there's a
| number you can give. Like this counts as work.
|
| What does your average daily schedule look like?
| exdsq wrote:
| I'm interested in this too Karpathy, would love to know.
| Not sure why you're being down voted Adam.
| [deleted]
| cs702 wrote:
| It's awesome to see you doing this, and taking the time to
| respond here! Ditto for your (re)implementation of
| transformers a while back, which you clearly worked on for
| fun as a side project too. The world would be such a better
| place if every executive in charge of technology at a large
| company engaged in these kinds of side projects for fun on a
| regular basis :-)
|
| If I may, let me ask you an unrelated question that just
| 'popped in my head' only now but is related to your recent
| presentation at CVPR: Are you guys at Tesla fusing video with
| _audio_ data for self-driving?
|
| Just curious. I ask because (a) sound waves at frequencies
| detectable by the human ear appear to be quite important for
| both routine and edge-case situations (e.g., sounds of other
| vehicles braking/screeching/accelerating/passing, sirens of
| ambulances/police cars/fire trucks, bursts of honks from
| other vehicles, people suddenly shouting/screaming nearby),
| and (b) audio and video signals are already synchronized, so
| I imagine fusing them should be more straightforward (e.g.,
| there's already some research out there on applying deep
| learning to video clips with audio).
| [deleted]
| polishdude20 wrote:
| Would you be open to doing an AMA on here? I'm sure a lot of
| software people would love to hear more of your thoughts on
| software and stuff!
| adflux wrote:
| Haven't seen tesla do much self driving in practice yet. 3
| years late now?
| plebianRube wrote:
| No, same timeline they state every year - FSD by the end of
| the year.
| papito wrote:
| Sometimes I actually find more energy for working on an
| endless slog at work when I have an exciting side project
| going. Easy to get caught up in the side project, however.
| mzs wrote:
| His boss has a passing interest...
| fpgaminer wrote:
| Nobody can work 100% of the time, everyone needs breaks. But
| some engineers take breaks from their regular work by doing
| other "work". I find it bizarre that there are so many comments
| making this out to be some kind of dire situation where he's
| working on other things because Tesla is sinking or something.
| Is working on hobby projects as a way to relax really that
| uncommon?
|
| For reference, I started a small Bitcoin mining hardware
| business back in the day, while still holding a 200/hr week/8
| days a week/400 days a year full-time job. Working on Bitcoin
| stuff was my "break" from regular work.
| dswalter wrote:
| It's maybe an ... interesting sign that someone with
| substantial liquidity from tesla shares at this point in
| history is apparently finding cryptocurrency an enjoyable
| diversion/investment vehicle?
| js4 wrote:
| I was thinking the same thing.
| yumraj wrote:
| Maybe he is losing faith in self driving cars and is looking
| for an alternate field.
| malux85 wrote:
| Diversification of interests accelerates creativity due to
| axiomatic discovery and reinforcement, idea plasticity and
| abstraction practice. Other interests are not just important,
| they are necessary.
| GeorgeTirebiter wrote:
| Right. All really smart people 'play'. Famously, Feynman
| was spinning plates in the Caltech cafeteria on his
| fingertip, which gave him the ideas that ended up winning
| him a Nobel prize.
|
| Play is important for children of all ages.
| karpathy wrote:
| Surely You're Joking is one of my all time favorite
| books, for sure.
| torcete wrote:
| I wonder how strong would Elliptic Curve Cryptography be compared
| to other methods if there is a major breakthrough in quantum
| computing.
| SuchAnonMuchWow wrote:
| In theory, it is also broken.
|
| It practice, it appears to be slightly harder to break than RSA
| for the same security level as we define it in non-quantum
| computing, but not by much.
| chadhutchins10 wrote:
| I wish this were talked about more. Quantum computing is the
| biggest long-term threat to crypto imo. What's the plan once
| elliptic curve cryptography can be broken?
|
| There will be a point in time where there are just a few
| quantum computers that can break everything before the general
| public has access to quantum computing. Can crypto work in that
| scenario? Normal computers wouldn't be able to work with the
| beastly algorithms a quantum computer could handle.
| exdsq wrote:
| There's a lot of research and practical work on quantum-proof
| cryptography which is already in use in some cryptocurrencies
| - 'just' need to hardfork and update it when it's ready for
| Bitcoin
| 21eleven wrote:
| What cryptocurrencies are currently using post-quantum
| cryptography?
| DennisP wrote:
| Only one I'm aware of is QRL ("quantum-resistant
| ledger").
|
| https://www.theqrl.org/
| eigenvalue wrote:
| The first entities that are likely to achieve practical
| quantum computers will either be governments or big tech
| companies like Google. And it will be a big deal, so there
| would likely be several years of warning before it could be
| at the point where it would make sense to use it to steal
| someone's bitcoins (I guess the original Satoshi coin address
| would be the biggest bounty). And in the time period between
| when the big development is first announced and before it's
| practical, Bitcoin and other cryptocurrency projects can do a
| fork to a new digital signature scheme that is quantum proof
| (such as LegRoast) so that anyone who is concerned can move
| their coins to a new secure address. So while it would
| certainly be disruptive, it wouldn't necessarily spell the
| doom of Bitcoin.
| only_as_i_fall wrote:
| Depends on the incentives. If the only interest in quantum
| computing is to break classically hard encryption then I
| think the time between poc and widespread availability
| could be relatively short.
| 21eleven wrote:
| While not implemented I think there are "lattice based" forms
| of cryptography that are believed to QC resistant that
| blockchains could migrate over to if QCs begin to show signs
| of increased fault tolerance and size.
| EnigmaCurry wrote:
| Just don't re-use addresses. Bitcoin does not expose your
| public key until you spend from it.
| nannal wrote:
| > Bitcoin does not expose your public key until you spend
| from it.
|
| Are you sure, what about when someone sends to it?
| DennisP wrote:
| They're correct. The blockchain just records that the
| funds were sent to your address. To spend the funds you
| have to show the public key which hashes to that address,
| in another transaction signed by the private key.
|
| If the sender wanted to send you a private message, they
| would need your public key, but that's not what
| transactions do.
| shoghicp wrote:
| Sending to an address means sending it to a "hash" of a
| public key (or a more complex script) on all modern
| formats. Then such script and data is revealed on spend.
| DennisP wrote:
| If the QC can crack your private key within a few minutes,
| it would still have a decent chance to steal your money.
| G3rn0ti wrote:
| > What's the plan once elliptic curve cryptography can be
| broken?
|
| A likely drop-in replacement for elliptic curve cryptography
| (ECC) currently used by Bitcoin could be
|
| https://en.wikipedia.org/wiki/Supersingular_isogeny_key_exch.
| ..
|
| I am not a Mathematician, but what I understood, it's
| basically an extension of ECC using multiple elliptic curves,
| allows to re-use the Diffie-Hellman key exchange protocol
| (private keys kept secret, public keys exchanged) and memory
| requirements are small. So it would be a perfect replacement
| in wallets and validation nodes. But I can not explain why it
| is safe against an attack using quantum computers.
| leishman wrote:
| > I wish this were talked about more.
|
| This is talked about all the time in Bitcoin dev circles.
| IncRnd wrote:
| Shor's algorithm, which runs partially on a classical computer
| and a portion on a quantum computer, breaks elliptic-curve
| cryptography.
| plebianRube wrote:
| Yes, with major caveats - knowing the public key and having
| 100s of messages signed by corresponding private key.
| Nowadays people only expose their public key one time per
| transaction, and never reuse their address. So to steal
| coins, not only do you have only ~10 mins between blocks to
| find the private key, currently Shor's algorithm is
| unfeasible with only 1 signed message.
| tromp wrote:
| Not only do many people still reuse keys, but there is also
| still a huge amount of bitcoin in P2PK outputs, i.e. with
| exposed public keys.
| erostrate wrote:
| Sorry if that's a naive question but why do you need
| several signed messages? If you have a quantum computer and
| a quantum period finding function don't you get immediately
| the discrete log? Assuming you have one public key (not
| hashed) doesn't that give you the private key immediately?
| plebianRube wrote:
| Broadly speaking, more signed messages can get you more
| points on the curve you're trying to guess.
|
| https://www.cs.umd.edu/~amchilds/teaching/w08/l03.pdf
|
| May help if you're actually interested.
| IncRnd wrote:
| Shor's integer factorization algorithm needs a single
| number or key to factor, not hundreds of transactions. I've
| certainly sent money to old addresses, which exist in
| perpetuity on the blockchain. I can also use web searches
| to find hundreds of current public keys in a matter of
| minutes.
|
| > currently Shor's algorithm is unfeasible with only 1
| signed message.
|
| The algorithm is currently unfeasible with 100s of
| messages. Shor's algorithm uses a quantum computer to
| reduce the complexity of integer factorization from sub-
| exponential to polynomial-time. It is not an attack that
| fine-tunes the output according to the amount of network
| traffic.
| plebianRube wrote:
| Try actually reading it's aplication to eliptix curve
| cryptography. No really. Come back when all the bitcoin
| are belong to you.
| [deleted]
| plondon514 wrote:
| Taking this opportunity to promote my side project codeamigo and
| a tutorial I wrote for building your own Bitcoin wallet
| https://codeamigo.dev/lessons/start/53
| sethgecko wrote:
| I've made something similar in order to learn how everything
| works and made it into a python library. Everything is in pure
| python with no dependencies, only std lib. I've implemented all
| the crypto stuff, address generation including HD, transaction
| serialization and even the bitcoin script.
| https://github.com/mcdallas/cryptotools
| mountainboy wrote:
| respect.
| halotrope wrote:
| Implementing things from scratch is probably the ultimate test of
| thorough understanding. Chapeau! On another note I am amused that
| Mr. Karphathys name describes exactly what he is doing in his day
| job.
| sombremesa wrote:
| Sometimes implementing things from scratch is the ultimate
| proof of thorough misunderstanding.
| RyanGoosling wrote:
| Bitcoin is taking up all the water
| msgilligan wrote:
| This is reminds me of Ken Shirriff's 2014 "Bitcoins the Hard Way"
| blog post that also used Python to build a Bitcoin transaction
| from scratch: http://www.righto.com/2014/02/bitcoins-hard-way-
| using-raw-bi...
|
| (The subtitle of the blog is "Computer history, restoring vintage
| computers, IC reverse engineering, and whatever" and it is full
| of fascinating articles, several of which have been featured here
| on HN)
| animex wrote:
| No, the hardest way is using pencil and paper to mine a block
| :)
|
| https://gizmodo.com/mining-bitcoin-with-pencil-and-paper-164...
| rantwasp wrote:
| technically it said "the hard way" not "the hardest way".
| also, computing a hash != mining. mining needs forming the
| block and computing the hash
| blocked_again wrote:
| That's a lot of upvotes. Do you folks really spend hours going
| through the whole blog post? I for one can never go through the
| whole blog post. My brain would be shouting at me the whole time
| to work on something that can generate passive recurring revenue
| instead.
| nednar wrote:
| If your capital does not grow from gaining more knowledge then
| invest a few hours into investment theories.
| j4yav wrote:
| You could also read it for fun, curiosity, and/or because you
| already have enough recurring revenue.
| hermitsings wrote:
| This dude writes stuff hitting the sweet spot!
| jaycroft wrote:
| One little nitpick: the checksum error probability should be more
| like 9 nines. The checksum contains 4 bytes, not 4 bits, and so
| the false positive rate should be about 1 in 2^32, not 1 in 2^4.
|
| "The raw 25 bytes of our address though contain 1 byte for a
| Version (the Bitcoin "main net" is b'\x00', while the Bitcoin
| "test net" uses b'\x6f'), then the 20 bytes from the hash digest,
| and finally 4 bytes for a checksum so we can throw an error with
| 1 - 1/2*4 = 93.75% probability in case a user messes up typing in
| their Bitcoin address into some textbox."
| Cantinflas wrote:
| "NIST publishes recommendations on which ones to use, but people
| prefer to use other curves (like secp256k1) that are less likely
| to have backdoors built into them"
|
| Does this make any sense? How is a curve going to have backdoors
| on it? Or he means a specific implementation? Or is this a joke?
| I'm confused
| stcredzero wrote:
| There's been a history of mathematical information used in
| cryptography produced by the NSA, for which it's later
| revealed, they had pre-developed an attack. Example: the
| s-boxes of DES.
| inter_netuser wrote:
| ECC NIST curves were proposed by the NSA. They have some
| unusual hand-selected constants that nobody quite understands
| exactly why they were selected.
|
| https://miracl.com/blog/backdoors-in-nist-elliptic-curves/
|
| "Working in collaboration with the NSA, NIST included three
| sets of recommended elliptic curves in FIPS 186-2 that were
| generated using the algorithms in the American National
| Standard (ANS) X9.62 standard and Institute of Electrical and
| Electronics Engineers (IEEE) P1363 standards.": What exactly is
| NIST's justification for making claims regarding the method
| that NSA used to generate these curves? The fact that a hash
| matches is publicly verifiable, but the distribution of
| "random" inputs is not. I have heard NSA employees claiming
| that the "random" inputs were actually generated as hashes of
| English text chosen (and later forgotten) by Jerry Solinas."
|
| https://csrc.nist.gov/CSRC/media/Publications/sp/800-186/dra...
|
| It's all quite public.
| scoofy wrote:
| Here's a computerphile video that explains it very simply:
| https://youtu.be/nybVFJVXbww
| Cantinflas wrote:
| Thanks! Thanks to the other answers too. Amazing stuff!
| rkagerer wrote:
| https://services.math.duke.edu/~bray/Courses/89s-MOU/2016/Pa...
|
| Quoting from the paper:
|
| _The standard given by the NIST gives a list of explicit
| parameters ... describing the elliptic curve behind the
| algorithm.
|
| Examining the points P and Q here, it is obvious why
| cryptographers were suspicious of the Dual EC ... once the
| scalar k is known, it is a "simple matter to determine the
| secret internal state s of the pseudo-random bit generator"
| [6], by observing as few as 32 bytes of output._
|
| It goes on to quote one of the NSA contractors who admitted
| that instead of being randomly chosen, _" Q is (in essence) the
| public key for some random private key."_
|
| _" It could also be generated like a(nother) canonical G, but
| NSA kyboshed this idea, and I was not allowed to publicly
| discuss it, just in case you may think of going there."_
|
| Straying from the prescribed points was discouraged, and NIST
| only provided FIPS validation to clients using the original P
| and Q.
|
| More recently, GPRS was also shown to have been intentionally
| weakened - presumably to pass export controls - although in
| this case I think it was the algorithm and not a "cherry
| picked" curve: https://eprint.iacr.org/2021/819.pdf
| DrNuke wrote:
| That's neat, as a case study for implementation at the very
| least. Thanks!
| kozak wrote:
| I'm amazed that he has time for this kind of hobby work.
| yellow_lead wrote:
| For others: Andrej Karpathy is the director of artificial
| intelligence and Autopilot Vision at Tesla.
|
| Was on front page yesterday for a presentation on Tesla's
| Autopilot / Autonomous features:
| https://www.youtube.com/watch?v=NSDTZQdo6H8
| actinium226 wrote:
| I know right? I had to do a double take when I saw the link,
| and then had to click it to confirm it was _that_ Karpathy
| meekaaku wrote:
| He was doing this kind of hobby work well before. I learnt
| solving Rubik's cube from his page[0].
|
| [0] http://badmephisto.com
| isaacimagine wrote:
| Woah, he's him? Same here!
| enchiridion wrote:
| I had no idea!!! That's amazing.
| therein wrote:
| Oh wow, me too.
| mlcrypto wrote:
| Maybe most of his job is hype & marketing without delivering
| much
| ketamine__ wrote:
| FSD rollout has been delayed many times. He's
| underperforming.
| nexuist wrote:
| This is a very cynical way of looking at development
| progress. Did the iPhone team underperform by shipping in
| 2007 instead of 2005?
| animex wrote:
| Or Elon is over-performing.
| throwkeep wrote:
| He's almost certainly a 100x engineer.
| ketamine__ wrote:
| Has he saved 100x lives with FSD?
| doggosphere wrote:
| 100x means he produces 100x you (or 100x the average
| engineer).
| delaaxe wrote:
| Definitely saved plenty of lives already. You should
| watch that video from yesterday
| boringg wrote:
| Probably helps his boss is the "tecnoking" and cfo is the
| "master of coin".
|
| Agreed though - impressive he has that kind of sidebar time or
| is so capable he doesn't need that much time to figure it out.
| woah wrote:
| This stuff isn't that hard to figure out, given the number of
| specifications and tutorials already out there. What's
| impressive is the fact that he thought of a reasonably sized
| task, and (presumably) executed it efficiently and completely
| without getting stuck or distracted.
| delaaxe wrote:
| He started tweeting about this like months ago
| andai wrote:
| "If you want something done quickly, give it to the busiest
| person."
| delaaxe wrote:
| "I choose a lazy person to do a hard job. Because a lazy
| person will find an easy way to do it."
|
| -- Bill Gates
___________________________________________________________________
(page generated 2021-06-22 23:00 UTC)