[HN Gopher] A from-scratch tour of Bitcoin in Python ___________________________________________________________________ A from-scratch tour of Bitcoin in Python Author : yigitdemirag Score : 578 points Date : 2021-06-22 16:30 UTC (6 hours ago) (HTM) web link (karpathy.github.io) (TXT) w3m dump (karpathy.github.io) | runbathtime wrote: | In Step 1, he explains how to create a cryptographic identity- | the private public key pair. I came across an argument that a | number cannot be property or owned because you can't legally own | a number. If this is true then you can't own UTXOs associated | with a private key or a cryptographic identity. | | I do think that bitcoin is fundamentally too complicated to | understand, mathematically, for most people- myself included. I | would argue everyone needs to do this exercise, from scratch, and | also understand what they are doing (the math), to have | confidence in bitcoin payment network. Anyone who thinks you | don't need to get it is most likely in it for speculation alone. | | With something so abstract like bitcoin, it has a much larger | uphill battle for understanding than a physical commodity like | Gold, the precursor of paper dollars. | modeless wrote: | You don't own the number that is your private key, just as you | don't own the number that is your bank account PIN or balance. | What you own is space on the blockchain. | | And just as you don't need to tour the mint to have confidence | in the dollar, or implement Diffie-Hellman to have confidence | in your TLS connection to Amazon, you don't need to understand | elliptic curve cryptography to have faith in Bitcoin. | runbathtime wrote: | A bank account balance is representative value of dollars | that bank owes you. If someone tries to steal it by | pretending to be you even if they just steal your PIN, they | are committing fraud. | | If someone steals a private key by committing another crime | like stealing a laptop, that is a crime because you own the | laptop. If they learn of your private key without committing | a crime, that is not theft. | | You don't own 'space on the blockchain.' I have no idea what | that even means. | | You do need to understand elliptic curve cryptography to have | confidence (not faith) in bitcoin because you make the | transactions in bitcoin. You are responsible, not some third | party. People understand the dollar because it is physical | and you can get them on demand and they originally got their | value from Gold, not some abstraction like proof of spent | energy one time awhile back. | modeless wrote: | The bank PIN is just a number. Your bank account balance is | just a number in a database. Your private key is just a | number. Your bitcoin balance is just a number in a database | (a blockchain is a kind of database). There is no | distinction that makes stealing dollars using a bank PIN | fraud but stealing bitcoin using a private key _not_ fraud | somehow. | noxer wrote: | "...Bitcoin is a living, breathing, developing code base that is | moving forward with new features to continue to scale..." | | There is exactly zero progress to make it scale in the last 10+ | years. | wyager wrote: | > There is exactly zero progress to make it scale in the last | 10+ years. | | Lol, literally this week: https://taproot.watch/ | uncletammy wrote: | Oh good, BTC can finally support Schnorr signatures, a | feature that been available on BCH for years now. A feature | that is useless until wallet developers add Schnorr signing | functionality. | | Taproot is the update we get after ten years of the BTC devs | doing nothing except gaslighting users about the protocol's | scalability? All that momentum wasted. | ric2b wrote: | > Schnorr signatures, a feature that been available on BCH | for years now. | | Not in a useful way: https://www.reddit.com/r/btc/comments/ | l8v8sa/heres_a_6of9_sc... | coding123 wrote: | Bitcoin doesn't scale. | | https://digiconomist.net/bitcoin-energy-consumption | | Just watch this video: | | https://www.youtube.com/watch?v=UDKntG4F0hg | | So in about 5 years pretend everyone in the United States | melts a wrench like that... Then a month later they do that | twice, a month later they do it three times. | | Hey, at least it will be fun. | Shosty123 wrote: | Why does every discussion about Bitcoin's environmental | impact reduce to "it uses a lot of electricity therefore it | should be stopped". | | We're not going to shut down entire sectors of the economy | because of their environmental impact. People are going to | innovate and invest in alternative sources of energy | because it is becoming profitable to do so. The solution is | hardly ever "just stop doing it", it's "how can we do this | better". | noxer wrote: | It has been "done better" in 2013 or so when the first | FBA system where created as an direct answer to bitcoins | expected future environmental impact and scalability | problems. | | See https://news.ycombinator.com/item?id=27596590 | MrLeap wrote: | Instead of watching that video, perhaps watch it on | photonic induction's channel, seeing as he's the creator. | | https://www.youtube.com/watch?v=DJOX0c60wQE | lawn wrote: | Segwit was also supposed to scale Bitcoin, and it turns out | it was a massively inefficient solution, which took years to | even reach it's lackluster potential. | | Taproot will in practice have an even smaller impact, as it | only affects special transactions that normal people won't | use. | | So yeah, it's not zero progress, but it's certainly not much. | doomroot wrote: | Segwit itself provided an effective 2x increase in onchain | transaction capacity and it fixed transaction malleability | which was necessary for lightning network. Lightning | network has 50,000+ open channels where payments can be | routed without going onchain. Given the lightning network's | strict requirements to keep a node online & responsive, | less you lose all your funds, I think that's extremely | impressive and shows a real demand for fast cheap payments. | | Now, in November taproot/schnor activates which gives us | ptlc's on the lightning network as well as makes a | lightning channel opening transaction look like a normal | single signature transaction, yay privacy. All of this lays | the groundwork for the next major base layer change, in | probably ~2023, anyprevout. This will give us "eltoo" on | lightning which is nirvana. Eltoo removes the penalty | mechanism which makes running a lightning node on a mobile | phone or home node much more reasonable. | | Protocols take a long time to develop, especially ones | where a miss-step could mean the loss of billions of | dollars. | | Do not believe anyone telling you that their coin solved | bitcoin's scaling problems years ago. | noxer wrote: | Bitcoins scaling problem was solved by removing PoW/PoS | and by removing the incentive structure (block rewards). | As soon as this is gone there was no reason anymore why | it would not scale like similar systems. Its basically | limited only by how fast data can propagate trough the | network. | | PoW/PoS was replaced by FBA (Federated Byzantine | Agreement) Its not a coin its technology used by several | systems and based on BFT (which is way older than bitcoin | and bitcoin actually is based on BFT as well although | maybe unintentional). | | FBA just adds the federated part so a decentral system | can be build. While bitcoin instead used a work-reward | lottery system (PoW) to decide who can write the next | block rather than finding a block everyone agrees on. Its | really not that hard to figure out which of these | solutions probably works better and scales somewhat like | a distributes system is expected to scale. | noxer wrote: | Taproot doesn't make bitcoin scale its mainly to increase | privacy. | wyager wrote: | Taproot decreases the size of multisig and other complex | transactions significantly, in the happy path of a | cooperative signature. | | It also enables Schnorr, which produces smaller signatures | than ECDSA. | | It also contains features to further improve the efficiency | of Lightning, which is a shockingly effective scaling | mechanism. | simias wrote: | Lightning doesn't work because it either leads to a chaos | of routing that doesn't scale or it ends up centralized | and you lose the point of bitcoin in the first step. | | And don't bother coming up with hand wavy explanations of | how it _could_ work, _some day_. People have been talking | about Lightning for years, literally billions of dollars | have been poured into the "tech", the fact that even | bitcoin enthusiasts barely ever use it is all the proof I | need. | | I wonder how many more years of empty promises we'll have | to suffer through before people accept that | cryptocurrencies are a very good pyramid scheme with a | thick layer of technobabble around it. | noxer wrote: | Daily reminder that cryptocurrencies are not == bitcoin | | All the problems with bitcoin are long long solved just | not with bitcoin because its not possible to fix | something when the majority (of hashpower) thinks its not | broken or rather profit form its brokenness. | | FBA coins exists since 2013 or so. | wyager wrote: | FBA is centralized. Period. There's a reason ripple | hasn't dominated the secure payments industry. | noxer wrote: | _faceplam_ FBA is a technology its not a thing or a | running system. It can not be centralized its just bunch | of math that BTW is mathematically proven to work. There | are many FBA based "blockchains" out there some | centralized some not. Ripple is a company that uses such | a FBA system. | normac2 wrote: | Would you include environmental impact as a solved | problem? My understanding is that Proof of Stake is the | best serious option and that it's very controversial if | it'll work. | noxer wrote: | Solves as in it does not use more energy than what the | hardware needs to process the data + it doubles every | time you double the number of nodes (obviously since they | all have to do the same work too) Its not wasting energy | for a PoW lottery it just uses energy like a comparable | instant messenger with global server farm would. The more | people who use it the more energy it will use there is no | way around that. | | FBA is completely different form PoS. It does not work on | incentives and penalties it works with a global final | state, global rules and (federated) byzantine agreement | (FBA) for progress (adding the next "block"). No way to | re-org, no block/staking reward, no censorship. If | someone doesn't act in everyone's interest other nodes | simply wont listen to them anymore. Not following the | rules its publicly visible for anyone. And since there is | no reward anyway there is no financial reason why anyone | would participate who does not simply want to help the | system. | wyager wrote: | Proof of stake lacks the security properties of proof of | work, e.g. via grinding attacks. | Permit wrote: | > Daily reminder that cryptocurrencies are not == bitcoin | | This is an interesting feature of cryptocurrencies. | Someone levels a fair criticism of a particular | implementation but it can be handwaved away because an | entirely separate cryptocurrency solved this particular | problem (nevermind that whatever replacement you've | chosen has its own host of separate problems because | those can be handwaved away the same way). | wyager wrote: | Your entire premise is based on nonsense. People use | lightning all the time and it works great. | RazTeve wrote: | lightning works, at least you are having fun tho | nednar wrote: | Well, the "pyramid scheme" + "technobabble" is not | totally worthless, if it enables the investment of | "literally billions of dollars" in otherwise totally | unproven technology paths, doesn't it? Finally there is | one area where people are really investing money into | computer science! A cause to celebrate in my book. | prox wrote: | _cough_ dotcom bubble. | | Seriously, investing money in a bubble is nothing to | celebrate. That's why it is called a bubble. It pops and | many people loose their money. | plebianRube wrote: | Weird Lightning works perfect for me, every time I use | it. Low fees instant transactions. Maybe the trouble is | in your trolling? | noxer wrote: | Who cares, the size could be 10 times smaller and it | would not make a dent in the scalability problem. Its a | few transaction per second at max and it would need to be | be several hundred just so people could move their | "owned" bitcoins away from exchange wallets without | loosing several % in fees. | | LN is not part of bitcoin and a total joke anyway. | [deleted] | iamastrangeloop wrote: | There has been great progress in scaling the original protocol | through the Bitcoin SV implementation: - | Transaction fees are ~$0.0001 - The network has shown | capacity for 50k tps - On March 14, 2021, the network | processed a world record 638 MB block - As of June 4, | 2021 the chain size exceeded that of the BTC implementation and | is currently 418.17 GB - New business based on | micropayments have emerged like twetch, streamanity, peergame, | etc | | [1] https://www.prnewswire.com/news-releases/bsv-proves-that- | bit... | uncletammy wrote: | There has been great progress in scaling on just about every | other cryptocurrency, including many flavours of bitcoin. BTC | is the only coin who finds scaling too difficult. | ric2b wrote: | > - The network has shown capacity for 50k tps | | No, that was a lab demo of a single beefy system being | directly fed with test data and being measured on how long it | takes to process it. | noxer wrote: | Everyone knows faketoshi is a fraud. | iamastrangeloop wrote: | Above is proof that the original bitcoin protocol can | scale, and recently testnet can do 90k tps. What you think | of certain people doesn't change the fact. | noxer wrote: | Its centralized and run by the people around this fraud. | It doesn't matter if the tech is good since no one will | use it for anything beside speculation or abuse it as | storage which just wont be sustainable in the long run | with no limits in place. | iamastrangeloop wrote: | The protocol remains the original and it scales | significantly. I'd focus on protocol not people. If | people changed the protocol then it's no longer bitcoin. | | Twetch.app has more than 50k users. It's also a genuine | use case. So is etched.page or the other above-mentioned | services. | | How can you abuse storage if there is a 0.5 satoshis/byte | fee to write data on chain currently? Miners are for- | profit entities and will always charge for storage. | ric2b wrote: | > I'd focus on protocol not people. | | The protocol encompasses the nodes on the network. If the | network is highly centralized the protocol is unsafe. | noxer wrote: | You completely ignore my points so I will yours | | Have a nice day | iamastrangeloop wrote: | Which point specifically? | | You claim centralized manipulation of bitcoin and | fraudulent people while the protocol hasn't changed. Do | you have legal evidence? | | Also you claim price speculation as the only use case | while I've listed several apps with real users. | | You mention storage abuse and I argue that miner fees | prevent that. | noxer wrote: | You can stop now dear green name we all can see you only | joined to shill ButtcoinShitVison No one here cares. | exit wrote: | segwit facilitates the construction of lightning channels. | | taproot, which recently locked in, reduces the space needed to | represent complex contracts. | | moreover, bitcoin aims at being a concise and focused base | layer on top of which secondary layers and sidechains can be | built. | | your absolute statement "exactly zero" is absolutely wrong. | uncletammy wrote: | > taproot, which recently locked in, reduces the space needed | to represent complex contracts. | | Complex contracts? Are you joking? What kind of complex | contracts do you think can be done on BTC? Their scripting | language and capabilities has been neutered just like their | blocksize. Good luck writing a useful contract on BTC. | tsimionescu wrote: | > moreover, bitcoin aims at being a concise and focused base | layer on top of which secondary layers and sidechains can be | built. | | Have you ever read the white paper that outlines what bitcoin | aims to be? | noxer wrote: | It should be p2p cash then turn into store of value after | some years and then it becomes the settlement layer for | centralized second layer solutions that only exist because | the first layer sucks. | | Just kidding, it should only be p2p cash and it failed at | that. | | PoW/PoS will be replace by FBA in the next years and every | system that can not switch away from PoW will become | irrelevant. | uncletammy wrote: | > Have you ever read the white paper that outlines what | bitcoin aims to be? | | ... or even the title | wtsnz wrote: | There was a demo of node software that is capable of 50,000 | transactions per second just a few weeks ago. | https://www.youtube.com/watch?v=i3As9-9uSXs | | (Yes this is on the Bitcoin SV implementation of the Bitcoin | protocol - where they're using the original protocol that | Satoshi envisioned) | uncletammy wrote: | From what I understand, that's 50,000 pre-generated | transactions pumped directly to the mining node. Not 50,000 | transactions spread across hundreds of non-mining nodes and | relayed to the mining node. There's a huge difference. | Correct me if I'm wrong here. | | Either way, bitcoin the protocol can handle waaaaaay more | transactions than the BTC devs have constrained it to. | SnowProblem wrote: | Yes, more-or-less, but that how it is designed to work. The | most reliable way to get a transaction into a block is to | send it directly to a miner or set of miners. Apps on BSV | do this today via MAPI REST endpoints, similar to how this | test was configured. Non-mining nodes will see the | transactions later, but they won't do the same verification | that mining nodes require because they are not part of | consensus. BSV generally sees the eventual network | configuration as a small-world network for the mining core, | and a mandala network for the apps and services surrounding | it, rather than as a mesh network which most blockchain | systems strive to be. | SnowProblem wrote: | So-called heretics have been scaling Bitcoin in spite of BTC's | braindead decisions. Last week, 50K TPS were demonstrated | publicly on Bitcoin SV: | https://www.youtube.com/watch?v=i3As9-9uSXs. More privately. | ric2b wrote: | That's just a lab demo of a single system, not the network or | even a common node configuration. | wtsnz wrote: | This. | andai wrote: | What happened to the lightning network? (Serious question, I am | out of the loop.) | RazTeve wrote: | its maturing, works pretty well already, but surely patience | helps with emergent tech | thesausageking wrote: | It launched, is usable in most wallets, and is starting to | get adoption. It's going to be a key piece of the recently | passed legislation in El Salvador which makes Bitcoin legal | tender. | hypnotist wrote: | El Salvador not Colombia | thesausageking wrote: | Yes. Not sure why I wrote Colombia. Thx. | simias wrote: | Using a closed, centralized implementation that doesn't | accept third party nodes. The use of bitcoin is pure | marketing, it's just MySQL with extra steps. | krick wrote: | This is interesting. Obviously, I heard about the whole | "El Salvador _something something_ Bitcoin " deal, but am | completely unaware of the actual situation. Can somebody | point me in the direction of some nice writeup explaining | these details? I can only vaguely imagine how one can | take Bitcoin and make it essentially an extension of | SWIFT, and struggle to clearly visualize what the | implications of this are. | pixelperfect wrote: | The legislation that made Bitcoin legal tender in El | Salvador does not legislate the use of Strike. Businesses | can use whatever system they want, as long as they can | accept payment in Bitcoin. Strike is providing a service | that allows any business to take Bitcoin lightning | payments and have them automatically converted to | dollars, for businesses that do not want to hold Bitcoin. | It's not fair to just call this a "sql database" because | it's connected to an open payment network and the | customer can use whatever means they want to pay the | business, even if the business decides to just uses | Strike. | counternotions wrote: | From Strike CEO Jack Maller [1]: | | Let's walk through a user story. I want to send $1,000 to | a friend of mine in El Salvador: | | * When I initiate the $1,000 payment, Strike debits my | existing USD balance. | | * Strike then automatically converts my $1,000 to | bitcoins ready for use in its infrastructure using its | real-time automated risk management and trading | infrastructure. | | * Strike then moves the bitcoins across the Gulf of | Mexico where it arrives in our Central American | infrastructure in less than a second and for no cost. | | * Strike then takes the bitcoins and automatically | converts them back into USDT (synthetic digital dollar | known as Tether) using its real-time automated risk | management and trading infrastructure. | | * Strike then credits the existing user with the USDT to | their Strike account. | | [1] https://jimmymow.medium.com/announcing-strike- | global-2392b90... | noxer wrote: | There is no bitcoin needed for this at all its does not | even move on the chain for the transfer. | | Both sides are Strike entities all this does is use | bitcoin as a bridge for USD to USD which is completely | pointless as both sides are USD. | | You could just buy USDT (or another stabelcoin) and send | it there. | | Its a different story if there is actually a switch in | currency needed. There is this famous and from bitcoin | people often hated company called Ripple that specializes | on cross-border settlement using crypto as a bridge | currency. For that however the crypto must be actually | moved and be sold locally for the local currency. And for | that to work without risk due to volatility it must be | fast. Hence they use XRP (4 sec) instead of bitcoin (10+ | min). They call it ODL (On-Demand Liquidity). | | See https://ripple.com/ripplenet/on-demand-liquidity/ | delaaxe wrote: | Source? | lawn wrote: | They will be using Strike, which is a custodial wallet. | doomroot wrote: | The ceo of strike said they are continually promoting | that banks and businesses in the El Salvador operate | their own lightning network nodes & not to solely rely on | them. Only the government's official (but optional) app | will be a wrapper around strike. | WanderPanda wrote: | Wait, it does not allow third party nodes? What is my | Raspberry Pi right next to me doing? Just pretending to | be a Lightning Node? | cmckn wrote: | Parent is referring to El Salvador's proposed usage, not | the wider lightning network. | espadrine wrote: | I am puzzled by one thorn it is intended to solve. | | In the case of merchant/customer interactions, the LN | channel blocks customer funds from their balance, but they | will never receive money from the merchant. So that balance | will be sent to the merchant, payment by payment. | | Not only does that block funds for the customer (which | wants to reduce those, to avoid blocking too much, but that | reduces the number of payments that can be made off-chain), | but it also blocks the merchant's reception of those | payments: the merchant wants to be able to spend it soon, | but it can only spend it on-chain. | | That is compounded by the fact that most merchant/customer | interactions are rare one-offs in the real world. I just | don't buy stamps every day. | | LN channels are only most useful when the two parties | exchange money bidirectionally on average. | doomroot wrote: | It's an ongoing problem for sure, but the simple answer | is users maintaining multiple well connected channels. | | It's very common on lightning to pay liquidity providers | to balance your channels to you. Lightning Labs has a | service called loop where you can pay them an onchain | transaction and it will make a lightning network payment | to your channel for that amount, thus giving you more | spend liquidity. Loop is sweet cause it does this in a | non custodial way, look into it. | xwolfi wrote: | El Salvador, the military dictatorship that managed to make | western dreamer hype it like a shitcoin... | lottin wrote: | Apparently it has serious design flaws that compromise its | security and performance. | uncletammy wrote: | In order to get money on and off lightning network, you still | need to make on-chain BTC transactions. Meanwhile, the BTC | devs have intentionally changed the network so that it's | expensive to make on-chain transactions. From this you can | probably figure out why lightning network failed. | kemonocode wrote: | It exists, and it very much works [0] but it has yet to reach | the massive levels of adoption people would have expected by | now. Simple as that. | | [0] https://1ml.com/ | WanderPanda wrote: | Afaik it is still considered #reckless to put bigger | amounts on your lightning node and at least the "lnd" | implementation seems to be in "beta" (according to their | Github releases). Idk about the roadmap for a solid, | production ready version is. But in this case safe seems to | be better than sorry | Taek wrote: | Lightning network more or less failed to live up to the hype. | Problems like routing complexity, liquidity, and a lack of | on-chain space to open and close channels have | delayed/limited its impact. | SnowProblem wrote: | To expand on this, to receive money over Lightning, you | need someone else to lock up their bitcoins for you. This | is called inbound liquidity, and the problem of users | getting inbound liquidity is no joke. Lightning Labs | recently launched Lightning Pool to help with this, but | fees range from 5% to 25%. Uncompetitive. If you think | about it too, it makes sense, because anyone locking up | their bitcoins for others should expect a several % return, | or else they would loan it out at similar rates. Current | Lightning wallets are basically giving their users inbound | liquidity for free using VC funds, but is this honestly | sustainable? There are other problems with Lightning, like | the requirement to be online to receive payments, | watchtowers, UX complexity of channels. Some of these are | solvable through centralization. But that is why you'll | hear people say Lightning recreate the banking model, | because realistically that looks like the only way it could | work. Oddly, this was all pointed out by many people over | the years, but Lightning seems to get endless forgiveness | in its inability to deliver, because it is BTC's only hope | to maintain the peer-to-peer cash narrative. | noxer wrote: | The looking up of liquidity is the whole reason LN can | not scale or be cheap ever. | | Today people in crypto may be willing to look up bitcoins | they hold long term anyway. But in the real world this | would be dead and trapped capital it doesn't work for you | and you cant even use it to quickly buy something an take | advantage of a market situation. | | The only reason why someone would look up capital like | that if is it makes money. So people who use someone else | locked up bitcoins have to pay. This makes LN impossible | to be cheap. You literally lend money to send money to | someone. Its complete absurd. And as you said to make | this more efficient large centralized pools are created | so there will be a monopoly or oligopoly for lending, | hows that gonna be good for the fees. | | LN was dead before they started coding it. | delaaxe wrote: | lock up* | wickoff wrote: | If I decide I want to be long BTC, why not also lock it | up to earn fees? | colordrops wrote: | Does this blog entry hang Brave on Android for anyone else? | Happens on two phones for me. | Thorentis wrote: | Yep, just happened for me. Hangs and can't scroll. | archon810 wrote: | Created a bug report https://bugs.chromium.org/p/chromium/issue | s/detail?id=122283.... | archon810 wrote: | Hangs Chrome for Android completely too. | [deleted] | ubi3921 wrote: | > We don't just get to share code, we get to share a running | computer, and anyone anywhere can use it in an open and | permissionless manner | | Can someone explain what this means? Its not explained anywhere | in the post. | olalonde wrote: | Bitcoin transactions, or more precisely transaction outputs, | are little scripts that are executed in a VM. To spend a | transaction output, you have to "solve it" by providing it an | input which makes it return true. The most common transaction | script checks that you possess a private key through a | signature check, but it's possible to make more complex scripts | like the "Pay To Multisig" script. Of course, Bitcoin scripts | are quite limited and, unlike Ethereum smart contracts, they | are non-Turing-complete and can't store state. | | Permissionless just means anyone can create transactions | because there's essentially no way to block someone from doing | so, unlike say a transaction on PayPal. | counternotions wrote: | Presumably a reference to blockchain as a distributed ledger. | legutierr wrote: | He is probably referring to Ethereum, which was conceived as a | "global computer", operating in an open and permissionless | manner. | jazzyjackson wrote: | Ethereum extends the concept, but Bitcoin transactions are | programs running on the global blockchain (well, the op codes | are executed by a single node, but the result is published | and verified by the network, if I understand it right) | | But just wanted to make the point that Bitcoin is a global | computer as much as ethereum is, Solidity is just Turing | complete while (Bitcoin's) Script is intentionally limited to | a few instructions. | aazaa wrote: | You can think of the Bitcoin block chain as the state of a | globally-accessible machine. The state is updated through the | publication of valid blocks, each of which builds on a previous | block. A block is composed of transactions, each of which | incrementally advances the machine's state. Each transaction | contains a small program "script" that defines the conditions | for the state transition it causes. | | There's this persistent misconception out there that only | Ethereum works this way. It's a testament to marketing. Bitcoin | has been doing "smart contracts" long before Ethereum was even | a gleam in Vitalik's eye. | spinny wrote: | Bitcoin's script language is very restricted, claiming that | Bitcoin has been doing "smart contracts" is disingenuous to | me. I wouldn't call a bitcoin script as "smart". Ethereum was | born because of this | aazaa wrote: | Script is restricted, but it permits everything outlined by | Nick Szabo's definition. As Wikipedia notes: | | > Smart contracts were first proposed in the early 1990s by | Nick Szabo, who coined the term, using it to refer to "a | set of promises, specified in digital form, including | protocols within which the parties perform on these | promises". | | https://en.wikipedia.org/wiki/Smart_contract | | We don't get to decide what smart contracts are. Nick Szabo | decided long ago. | | Marketing vs reality has been a big problem in this space. | isoprophlex wrote: | He links committing transactions to the blockchain to storing | state in a distributed data structure... which is of course, in | the case of Bitcoin, implemented in arguably the most wasteful, | ham-fisted, environmentally disastrous way possible. | | There's also the ethereum VM which is a slow decentralized | state machine capable of executing code... | plebianRube wrote: | Check yourself.All progress was 'wasteful' with resources at | one time. And yes, bitcoin is progress. | tsimionescu wrote: | All progress was 'wasteful' at some point, but all | 'progress' is wasteful. And yes, bitcoin is 'progress'. | | I suppose Bitcoin is better than gold. Unfortunately, for | BTC, we already have much more advanced financial | technology. | plebianRube wrote: | Permissioned legacy technology is not advanced. The | stronger, harder money wins. Good luck with your guess. | toxik wrote: | If you, like me, were curious about what the secret key 1 is on | the mainnet, then here you are: 1 | 1BgGZ9tcN4rm9KBzDn7KprQz87SZ26SAMH https://www.blockchain.com/btc | /address/1BgGZ9tcN4rm9KBzDn7KprQz87SZ26SAMH | | Some others: 2 | 1cMh228HTCiwS8ZsaakH8A8wze1JR5ZsP https://www.blockchain.com/btc | /address/1cMh228HTCiwS8ZsaakH8A8wze1JR5ZsP 3 | 1CUNEBjYrCn2y1SdiUMohaKUi4wpP326Lb https://www.blockchain.com/btc | /address/1CUNEBjYrCn2y1SdiUMohaKUi4wpP326Lb 42 | 1EMxdcJsfN5jwtZRVRvztDns1LgquGUTwi https://www.blockchain.com/btc | /address/1EMxdcJsfN5jwtZRVRvztDns1LgquGUTwi 1337 | 1DN76uuAUDY1DLxABD3JAyunhhAreJbCjT https://www.blockchain.com/btc | /address/1DN76uuAUDY1DLxABD3JAyunhhAreJbCjT | [deleted] | 21eleven wrote: | Looks like the exercise left to the reader has been completed: | https://www.blockchain.com/btc-testnet/tx/182bf9202649ded3a6... | noxer wrote: | 0.00090000 BTC moved 0.00005000 BTC Fees Thats 5.55% | | On the test net! On the real net it would be like 20% or more | in fees. | bogota wrote: | Fees are dictated by the user and the time they have for the | transaction to take place. The fee could have been much | lower. | | I think we are well past the point of debating if bitcoin | layer one will be used for day to day transactions however. A | custodial service or lighting will have to be used for that. | Additionally most people treat bitcoin closer to gold than a | dollar currently. | noxer wrote: | I disagree but wont bother explain why because I know you | dont care. | AlexAndScripts wrote: | Then why bother writing that useless comment? | noxer wrote: | Why ask that useless question? | karpathy wrote: | the plot thickens :) | https://twitter.com/YuleHou/status/1407395412575592453 | grokstar wrote: | The thickening intensifies :) | https://twitter.com/grokology/status/1407433078914437120 | counternotions wrote: | > steal my bitcoins from my 3rd identity wallet | (mgh4VjZx5MpkHRis9mDsF2ZcKLdXoP3oQ4) to your own wallet ;) If | done successfully, the 3rd wallet will show "Final Balance" of | 0. At the time of writing this is 0.00095000 BTC, as we | intended and expected. | | Can someone explain how this was executed? | meowface wrote: | Guessing it's because the private key is right in the code: | | >secret_key3 = int.from_bytes(b"Andrej's Super Secret 3rd | Wallet", 'big') # or just random.randrange(1, bitcoin_gen.n) | | (Obviously a private key intended for actual use generally | wouldn't just be some ASCII bytes of an English phrase and | wouldn't be posted publicly. Though, of course, there have | been instances of both...) | toxik wrote: | You have the secret key, just sign away the txouts. | [deleted] | igravious wrote: | Super interesting and informative, I learned lots that I didn't | already know. Who are the cryptominers on the testnet btw? | adamnemecek wrote: | Kind of surprised Andrej has time to work on anything besides | self-driving cars | canada_dry wrote: | Related... his recent presentation at CVPR is quite | interesting: | https://www.youtube.com/watch?v=eOL_rCK59ZI&t=28286s | karpathy wrote: | https://twitter.com/karpathy/status/1407378320551923718 :) But | more seriously, I just really love learning and worked on this | on the side, in small increments in between the cracks, and | purely from interest for fun. | adamnemecek wrote: | How many hours a day do you work? And what does your daily | schedule look like? | [deleted] | karpathy wrote: | I count myself very fortunate that I find the word "work" | very confusing. | adamnemecek wrote: | I know what you mean but I still think that there's a | number you can give. Like this counts as work. | | What does your average daily schedule look like? | exdsq wrote: | I'm interested in this too Karpathy, would love to know. | Not sure why you're being down voted Adam. | [deleted] | cs702 wrote: | It's awesome to see you doing this, and taking the time to | respond here! Ditto for your (re)implementation of | transformers a while back, which you clearly worked on for | fun as a side project too. The world would be such a better | place if every executive in charge of technology at a large | company engaged in these kinds of side projects for fun on a | regular basis :-) | | If I may, let me ask you an unrelated question that just | 'popped in my head' only now but is related to your recent | presentation at CVPR: Are you guys at Tesla fusing video with | _audio_ data for self-driving? | | Just curious. I ask because (a) sound waves at frequencies | detectable by the human ear appear to be quite important for | both routine and edge-case situations (e.g., sounds of other | vehicles braking/screeching/accelerating/passing, sirens of | ambulances/police cars/fire trucks, bursts of honks from | other vehicles, people suddenly shouting/screaming nearby), | and (b) audio and video signals are already synchronized, so | I imagine fusing them should be more straightforward (e.g., | there's already some research out there on applying deep | learning to video clips with audio). | [deleted] | polishdude20 wrote: | Would you be open to doing an AMA on here? I'm sure a lot of | software people would love to hear more of your thoughts on | software and stuff! | adflux wrote: | Haven't seen tesla do much self driving in practice yet. 3 | years late now? | plebianRube wrote: | No, same timeline they state every year - FSD by the end of | the year. | papito wrote: | Sometimes I actually find more energy for working on an | endless slog at work when I have an exciting side project | going. Easy to get caught up in the side project, however. | mzs wrote: | His boss has a passing interest... | fpgaminer wrote: | Nobody can work 100% of the time, everyone needs breaks. But | some engineers take breaks from their regular work by doing | other "work". I find it bizarre that there are so many comments | making this out to be some kind of dire situation where he's | working on other things because Tesla is sinking or something. | Is working on hobby projects as a way to relax really that | uncommon? | | For reference, I started a small Bitcoin mining hardware | business back in the day, while still holding a 200/hr week/8 | days a week/400 days a year full-time job. Working on Bitcoin | stuff was my "break" from regular work. | dswalter wrote: | It's maybe an ... interesting sign that someone with | substantial liquidity from tesla shares at this point in | history is apparently finding cryptocurrency an enjoyable | diversion/investment vehicle? | js4 wrote: | I was thinking the same thing. | yumraj wrote: | Maybe he is losing faith in self driving cars and is looking | for an alternate field. | malux85 wrote: | Diversification of interests accelerates creativity due to | axiomatic discovery and reinforcement, idea plasticity and | abstraction practice. Other interests are not just important, | they are necessary. | GeorgeTirebiter wrote: | Right. All really smart people 'play'. Famously, Feynman | was spinning plates in the Caltech cafeteria on his | fingertip, which gave him the ideas that ended up winning | him a Nobel prize. | | Play is important for children of all ages. | karpathy wrote: | Surely You're Joking is one of my all time favorite | books, for sure. | torcete wrote: | I wonder how strong would Elliptic Curve Cryptography be compared | to other methods if there is a major breakthrough in quantum | computing. | SuchAnonMuchWow wrote: | In theory, it is also broken. | | It practice, it appears to be slightly harder to break than RSA | for the same security level as we define it in non-quantum | computing, but not by much. | chadhutchins10 wrote: | I wish this were talked about more. Quantum computing is the | biggest long-term threat to crypto imo. What's the plan once | elliptic curve cryptography can be broken? | | There will be a point in time where there are just a few | quantum computers that can break everything before the general | public has access to quantum computing. Can crypto work in that | scenario? Normal computers wouldn't be able to work with the | beastly algorithms a quantum computer could handle. | exdsq wrote: | There's a lot of research and practical work on quantum-proof | cryptography which is already in use in some cryptocurrencies | - 'just' need to hardfork and update it when it's ready for | Bitcoin | 21eleven wrote: | What cryptocurrencies are currently using post-quantum | cryptography? | DennisP wrote: | Only one I'm aware of is QRL ("quantum-resistant | ledger"). | | https://www.theqrl.org/ | eigenvalue wrote: | The first entities that are likely to achieve practical | quantum computers will either be governments or big tech | companies like Google. And it will be a big deal, so there | would likely be several years of warning before it could be | at the point where it would make sense to use it to steal | someone's bitcoins (I guess the original Satoshi coin address | would be the biggest bounty). And in the time period between | when the big development is first announced and before it's | practical, Bitcoin and other cryptocurrency projects can do a | fork to a new digital signature scheme that is quantum proof | (such as LegRoast) so that anyone who is concerned can move | their coins to a new secure address. So while it would | certainly be disruptive, it wouldn't necessarily spell the | doom of Bitcoin. | only_as_i_fall wrote: | Depends on the incentives. If the only interest in quantum | computing is to break classically hard encryption then I | think the time between poc and widespread availability | could be relatively short. | 21eleven wrote: | While not implemented I think there are "lattice based" forms | of cryptography that are believed to QC resistant that | blockchains could migrate over to if QCs begin to show signs | of increased fault tolerance and size. | EnigmaCurry wrote: | Just don't re-use addresses. Bitcoin does not expose your | public key until you spend from it. | nannal wrote: | > Bitcoin does not expose your public key until you spend | from it. | | Are you sure, what about when someone sends to it? | DennisP wrote: | They're correct. The blockchain just records that the | funds were sent to your address. To spend the funds you | have to show the public key which hashes to that address, | in another transaction signed by the private key. | | If the sender wanted to send you a private message, they | would need your public key, but that's not what | transactions do. | shoghicp wrote: | Sending to an address means sending it to a "hash" of a | public key (or a more complex script) on all modern | formats. Then such script and data is revealed on spend. | DennisP wrote: | If the QC can crack your private key within a few minutes, | it would still have a decent chance to steal your money. | G3rn0ti wrote: | > What's the plan once elliptic curve cryptography can be | broken? | | A likely drop-in replacement for elliptic curve cryptography | (ECC) currently used by Bitcoin could be | | https://en.wikipedia.org/wiki/Supersingular_isogeny_key_exch. | .. | | I am not a Mathematician, but what I understood, it's | basically an extension of ECC using multiple elliptic curves, | allows to re-use the Diffie-Hellman key exchange protocol | (private keys kept secret, public keys exchanged) and memory | requirements are small. So it would be a perfect replacement | in wallets and validation nodes. But I can not explain why it | is safe against an attack using quantum computers. | leishman wrote: | > I wish this were talked about more. | | This is talked about all the time in Bitcoin dev circles. | IncRnd wrote: | Shor's algorithm, which runs partially on a classical computer | and a portion on a quantum computer, breaks elliptic-curve | cryptography. | plebianRube wrote: | Yes, with major caveats - knowing the public key and having | 100s of messages signed by corresponding private key. | Nowadays people only expose their public key one time per | transaction, and never reuse their address. So to steal | coins, not only do you have only ~10 mins between blocks to | find the private key, currently Shor's algorithm is | unfeasible with only 1 signed message. | tromp wrote: | Not only do many people still reuse keys, but there is also | still a huge amount of bitcoin in P2PK outputs, i.e. with | exposed public keys. | erostrate wrote: | Sorry if that's a naive question but why do you need | several signed messages? If you have a quantum computer and | a quantum period finding function don't you get immediately | the discrete log? Assuming you have one public key (not | hashed) doesn't that give you the private key immediately? | plebianRube wrote: | Broadly speaking, more signed messages can get you more | points on the curve you're trying to guess. | | https://www.cs.umd.edu/~amchilds/teaching/w08/l03.pdf | | May help if you're actually interested. | IncRnd wrote: | Shor's integer factorization algorithm needs a single | number or key to factor, not hundreds of transactions. I've | certainly sent money to old addresses, which exist in | perpetuity on the blockchain. I can also use web searches | to find hundreds of current public keys in a matter of | minutes. | | > currently Shor's algorithm is unfeasible with only 1 | signed message. | | The algorithm is currently unfeasible with 100s of | messages. Shor's algorithm uses a quantum computer to | reduce the complexity of integer factorization from sub- | exponential to polynomial-time. It is not an attack that | fine-tunes the output according to the amount of network | traffic. | plebianRube wrote: | Try actually reading it's aplication to eliptix curve | cryptography. No really. Come back when all the bitcoin | are belong to you. | [deleted] | plondon514 wrote: | Taking this opportunity to promote my side project codeamigo and | a tutorial I wrote for building your own Bitcoin wallet | https://codeamigo.dev/lessons/start/53 | sethgecko wrote: | I've made something similar in order to learn how everything | works and made it into a python library. Everything is in pure | python with no dependencies, only std lib. I've implemented all | the crypto stuff, address generation including HD, transaction | serialization and even the bitcoin script. | https://github.com/mcdallas/cryptotools | mountainboy wrote: | respect. | halotrope wrote: | Implementing things from scratch is probably the ultimate test of | thorough understanding. Chapeau! On another note I am amused that | Mr. Karphathys name describes exactly what he is doing in his day | job. | sombremesa wrote: | Sometimes implementing things from scratch is the ultimate | proof of thorough misunderstanding. | RyanGoosling wrote: | Bitcoin is taking up all the water | msgilligan wrote: | This is reminds me of Ken Shirriff's 2014 "Bitcoins the Hard Way" | blog post that also used Python to build a Bitcoin transaction | from scratch: http://www.righto.com/2014/02/bitcoins-hard-way- | using-raw-bi... | | (The subtitle of the blog is "Computer history, restoring vintage | computers, IC reverse engineering, and whatever" and it is full | of fascinating articles, several of which have been featured here | on HN) | animex wrote: | No, the hardest way is using pencil and paper to mine a block | :) | | https://gizmodo.com/mining-bitcoin-with-pencil-and-paper-164... | rantwasp wrote: | technically it said "the hard way" not "the hardest way". | also, computing a hash != mining. mining needs forming the | block and computing the hash | blocked_again wrote: | That's a lot of upvotes. Do you folks really spend hours going | through the whole blog post? I for one can never go through the | whole blog post. My brain would be shouting at me the whole time | to work on something that can generate passive recurring revenue | instead. | nednar wrote: | If your capital does not grow from gaining more knowledge then | invest a few hours into investment theories. | j4yav wrote: | You could also read it for fun, curiosity, and/or because you | already have enough recurring revenue. | hermitsings wrote: | This dude writes stuff hitting the sweet spot! | jaycroft wrote: | One little nitpick: the checksum error probability should be more | like 9 nines. The checksum contains 4 bytes, not 4 bits, and so | the false positive rate should be about 1 in 2^32, not 1 in 2^4. | | "The raw 25 bytes of our address though contain 1 byte for a | Version (the Bitcoin "main net" is b'\x00', while the Bitcoin | "test net" uses b'\x6f'), then the 20 bytes from the hash digest, | and finally 4 bytes for a checksum so we can throw an error with | 1 - 1/2*4 = 93.75% probability in case a user messes up typing in | their Bitcoin address into some textbox." | Cantinflas wrote: | "NIST publishes recommendations on which ones to use, but people | prefer to use other curves (like secp256k1) that are less likely | to have backdoors built into them" | | Does this make any sense? How is a curve going to have backdoors | on it? Or he means a specific implementation? Or is this a joke? | I'm confused | stcredzero wrote: | There's been a history of mathematical information used in | cryptography produced by the NSA, for which it's later | revealed, they had pre-developed an attack. Example: the | s-boxes of DES. | inter_netuser wrote: | ECC NIST curves were proposed by the NSA. They have some | unusual hand-selected constants that nobody quite understands | exactly why they were selected. | | https://miracl.com/blog/backdoors-in-nist-elliptic-curves/ | | "Working in collaboration with the NSA, NIST included three | sets of recommended elliptic curves in FIPS 186-2 that were | generated using the algorithms in the American National | Standard (ANS) X9.62 standard and Institute of Electrical and | Electronics Engineers (IEEE) P1363 standards.": What exactly is | NIST's justification for making claims regarding the method | that NSA used to generate these curves? The fact that a hash | matches is publicly verifiable, but the distribution of | "random" inputs is not. I have heard NSA employees claiming | that the "random" inputs were actually generated as hashes of | English text chosen (and later forgotten) by Jerry Solinas." | | https://csrc.nist.gov/CSRC/media/Publications/sp/800-186/dra... | | It's all quite public. | scoofy wrote: | Here's a computerphile video that explains it very simply: | https://youtu.be/nybVFJVXbww | Cantinflas wrote: | Thanks! Thanks to the other answers too. Amazing stuff! | rkagerer wrote: | https://services.math.duke.edu/~bray/Courses/89s-MOU/2016/Pa... | | Quoting from the paper: | | _The standard given by the NIST gives a list of explicit | parameters ... describing the elliptic curve behind the | algorithm. | | Examining the points P and Q here, it is obvious why | cryptographers were suspicious of the Dual EC ... once the | scalar k is known, it is a "simple matter to determine the | secret internal state s of the pseudo-random bit generator" | [6], by observing as few as 32 bytes of output._ | | It goes on to quote one of the NSA contractors who admitted | that instead of being randomly chosen, _" Q is (in essence) the | public key for some random private key."_ | | _" It could also be generated like a(nother) canonical G, but | NSA kyboshed this idea, and I was not allowed to publicly | discuss it, just in case you may think of going there."_ | | Straying from the prescribed points was discouraged, and NIST | only provided FIPS validation to clients using the original P | and Q. | | More recently, GPRS was also shown to have been intentionally | weakened - presumably to pass export controls - although in | this case I think it was the algorithm and not a "cherry | picked" curve: https://eprint.iacr.org/2021/819.pdf | DrNuke wrote: | That's neat, as a case study for implementation at the very | least. Thanks! | kozak wrote: | I'm amazed that he has time for this kind of hobby work. | yellow_lead wrote: | For others: Andrej Karpathy is the director of artificial | intelligence and Autopilot Vision at Tesla. | | Was on front page yesterday for a presentation on Tesla's | Autopilot / Autonomous features: | https://www.youtube.com/watch?v=NSDTZQdo6H8 | actinium226 wrote: | I know right? I had to do a double take when I saw the link, | and then had to click it to confirm it was _that_ Karpathy | meekaaku wrote: | He was doing this kind of hobby work well before. I learnt | solving Rubik's cube from his page[0]. | | [0] http://badmephisto.com | isaacimagine wrote: | Woah, he's him? Same here! | enchiridion wrote: | I had no idea!!! That's amazing. | therein wrote: | Oh wow, me too. | mlcrypto wrote: | Maybe most of his job is hype & marketing without delivering | much | ketamine__ wrote: | FSD rollout has been delayed many times. He's | underperforming. | nexuist wrote: | This is a very cynical way of looking at development | progress. Did the iPhone team underperform by shipping in | 2007 instead of 2005? | animex wrote: | Or Elon is over-performing. | throwkeep wrote: | He's almost certainly a 100x engineer. | ketamine__ wrote: | Has he saved 100x lives with FSD? | doggosphere wrote: | 100x means he produces 100x you (or 100x the average | engineer). | delaaxe wrote: | Definitely saved plenty of lives already. You should | watch that video from yesterday | boringg wrote: | Probably helps his boss is the "tecnoking" and cfo is the | "master of coin". | | Agreed though - impressive he has that kind of sidebar time or | is so capable he doesn't need that much time to figure it out. | woah wrote: | This stuff isn't that hard to figure out, given the number of | specifications and tutorials already out there. What's | impressive is the fact that he thought of a reasonably sized | task, and (presumably) executed it efficiently and completely | without getting stuck or distracted. | delaaxe wrote: | He started tweeting about this like months ago | andai wrote: | "If you want something done quickly, give it to the busiest | person." | delaaxe wrote: | "I choose a lazy person to do a hard job. Because a lazy | person will find an easy way to do it." | | -- Bill Gates ___________________________________________________________________ (page generated 2021-06-22 23:00 UTC)