CS代考 HASH160 69e…3d42e OP_EQUALVERIFY OP_CHECKSIG”

Altcoins & Introduction to Ethereum

At least 500 altcoins have been derived from Bitcoin
Data from mapofcoins.com

Copyright By PowCoder代写 加微信 powcoder

Coins as of 2012

Bitcoin and Ethereum remain the two largest

Altcoin genealogy

Graphic from mapofcoins.com

Altcoins differ from hard forks in starting over
● Hard forks: Share a prefix of blockchain with a parent project
○ E.g. Bitcoin Cash, Bitcoin SV
○ Often claim original project lost its way
● Altcoins: Start from fresh genesis block
○ Fully independent from other projects
○ Though often they are forks of the codebase

Altcoins must bootstrap several challenges
● Founding vision/ethos:
○ Often laid out in a whitepaper. Many whitepapers go no further
● Code: Often based on a fork of Bitcoin ○ Testnets sometimes run before official launch
● Miners: Typically will join if the coins are worth something
● Nodes/P2P network: Miners have to do this at least
● Exchange rate: Need coins to have value
○ Also need major exchanges to list them, often only after they have value!
● Community/governance: Process for updates, patches
○ Many altcoins have a more explicit foundation or a for-profit company

Altcoins must offer some selling point over Bitcoin
● Consensus layer: Better (or at least different) consensus mechanism ○ Many different mining puzzles
○ Proof-of-stake
● Transaction layer: Richer functionality
○ Smart contract/better scripting features
○ Better scalability/cheaper tx fees
○ Improved privacy
● Economic/social layer: Appeal to different community
○ Different monetary policy/fee structures
○ Community-focused coins
Many coins attempt to improve in multiple areas at once

archive of http://coingen.bluematt.me/
Automated Altcoin Generator

Altcoin infrastructure
● Tipbots, faucets
● Logos, brand, marketing
● Exchanges, payment processors
● Developer tools, block explorer, testnet
● Steering foundation

Initial Allocation / Fundraising
Pre-mine: founders get a Altcoin stash Pre-sale: founders get a stash of Bitcoin or $ Proof-of-Burn: (One-way peg)
Destroy 1 unit of Bitcoin, earn one unit of Altcoin Airdrop: give coins to members of some group Ownership of Bitcoin “grandfathered” in
Similar to a hard fork

The Pump-and-Dump cycle
1. Begin with an altcoin about to launch or an existing low-value, declining altcoin
2. Attacker buys lots of coins
3. Attacker launches marketing campaign to convince the public that altcoin has grassroots support
4. Attacker sells coins once price rises
5. Marketing campaign ends, altcoin declines

Arguments against altcoins: they harm the ecosystem
● Divided mining power means weak security
● Dilution of scarcity
● Pump-and-Dump schemes undermine public confidence in cryptocurrency

Arguments for altcoins: an essential part of the ecosystem
● Competition leads to better systems
● Bitcoin community is too risk averse
○ Altcoins are a testbed for new features
● Hedging against uncertainty/failure ○ Multi headed hydra
● “Jubilee” – reset the allocation of wealth

Litecoin: one of the first successful altcoins
● Litecoin launched in Sep. 2011
● Memory-hard mining puzzle
○ Intended to be GPU-resistant,
○ when Bitcoin mining was GPU-based
○ FPGA, ASICs, arrived but later than BTC
● 2nd most popular, 1st most widely forked
● Block rate is 4x faster

Litecoin peaked in 2016

First altcoin (launched in April 2011) Feature: Domain Name Registration
http://example.bit/
New name costs 0.01 NMC (about 1 cent US)
No renewal fee: must “ping” every 6 months
Names (and subdomains) can be transferred/sold Can be “merge-mined” with Bitcoin – defined later

Peercoin (aka PPCoin)
Launched August 2012 Hybrid mining:
● First Proof-of-Stake algorithm
○ mine by spending “stake” which accumulates
● Proof-of-Work can earn mining rewards
○ … but aren’t counted for choosing the main chain
● Also uses regularly published “checkpoints” ○ acts as a safeguard, planned to remove in future

Peercoin (aka PPCoin)
Launched August 2012 Hybrid mining:
● First Proof-of-Stake algorithm
○ mine by spending “stake” which accumulates
● Proof-of-Work can earn mining rewards
○ … but aren’t counted for choosing the main chain
● Also uses regularly published “checkpoints” ○ acts as a safeguard, planned to remove in future

Auroracoin: a community-focused coin for Iceland
Airdrop begins, March 25
Founder holds keys to 50% (10.5M of 21M) Result: 3.5M in circulation
Uncertainty in money supply
Launched Jan 24, ‘14
Airdrop: Every Iceland citizen can claim 31.8 AUC, starting Mar 25, ‘14 Population: ~330k so 10.5M potential giveaway
Accountability?

Tether: a cryptocurrency with stable exchange rate
USDT has become very common for transfer Value preserved by reserves held by Tether Perpetual fear of insolvency

Shitcoins: altcoins without any legitimate selling point
● a cryptocurrency with little to no value or immediate, discernible purpose
● The true selling point is that different people are in charge
○ Pump-and-dump scams
● Typically this is obfuscated with techno-babble ● Commonly called snake oil
One person’s shitcoin is another person’s altcoin

Dogecoin: prototypical “memecoin”
Launched in December 2013
Culture – tipping, charity, sponsorship

Dogecoin “feature”: random block rewards
Goal: each block bonus is “random”
Implementation: block bonus is pseudorandom function of previous block hash Problem: miners know next reward in advance
switch to other altcoin when reward is low Feature removed in March 2014

Dogecoin: Mining reward half-life
Mining reward cut in half every two months

Several ways to measure if an altcoin is catching on
● Market cap/monetary base ○ Total value of all coins
● Transaction volume
○ Difficult to tell what are “real” transactions
○ Can be manipulated
● Exchange volume
○ Depends on nature of third party exchanges
○ Can be manipulated fairly easily
● Total hashpower
● Merchant support and usage
● Twitter following and buzz

Two ways of measuring market cap
● Basic formula: (current exchange rate) * (current # of coins)
● Full diluted formula: (current exchange rate) * (total planned # of coins)

Market cap is an imprecise formula
● Overestimates total value:
○ If everybody tried to sell, price would go down
○ Some coins may be illiquid
● Underestimates value:
○ Some coins are lost or unusable
○ Satoshi owns around 1M BTC-over 5% of total supply!

Bootstrapping & Merged Mining

Mining attacks and altcoin infanticide
New projects have little hash power and are vulnerable to 51% attacks
Attacks like this have been a problem since the early days: Jan 2012: CoiledCoin – by Eligius pool Jul 2013: TerraCoin – unknown
Nov 2013: WorldCoin – unknown

Merge mining: a defense against infanticide
Ordinarily, mining is exclusive
Each attempt either has a chance to be a Bitcoin block,
or has a chance to be an Altcoin block
Obstacle to bootstrapping
What if we could mine Altcoin blocks
AND Bitcoin blocks at once?

Merge mining: a defense against infanticide
● Goal: allow Bitcoin miners to mine an altcoin “for free”
● Evaluate one nonce for both a Bitcoin block and an Altcoin block
● Problem: this doesn’t work for a basic mining puzzle:
Previous Bitcoin block Bitcoin transactions
H(prev || merkl_root || nonce) < TARGET Previous Altcoin block Altcoin transactions H(alt_prev || alt_merkl_root || nonce) < TARGET Solution: embed altcoin block in a Bitcoin block header H(prev || merkl_root || nonce) < TARGET H(prev || merkl_root || nonce) < TARGET a valid Altcoin block tx[0] (coinbase) scriptSig: scriptPubKey: ... alt header alt header alt_prev, alt_merkl_root Coinbase scriptSig is ignored by Bitcoin valid Altcoin transactions Merge mining is quite flexible Can be mined at higher difficulty to Bitcoin: Merge mining is quite flexible Can be mined at lower difficulty to Bitcoin: Merge mining is quite flexible Can be mined even if some Bitcoin miners don’t participate Merge mining is a mixed blessing Advantages: ● Much more difficult to attack altcoins, can get hash power quickly ● Still have flexibility over difficulty, block frequency, transaction layer ● Large mining pools can participate automatically for participants Downsides: ● Miners may be minimally invested in merge-mined coins ● Contribute to ecological impact of parent coin? Atomic cross-chain swaps Atomic cross chain swaps with TierNolan’s protocol : Alice has X BTC, Bob has Y LTC They want to swap, but who goes first? An example of counterparty risk Goal: Either both transactions complete, or neither do is an important property in many systems Atom in Greek means “not cuttable” or “that which can’t be split” Often we want to specify a series of steps as an atomic transaction-all happen or none do Common in database design (the A in ACID properties) Atomic cross chain swaps Step 1: Alice generates secret x, Alice&Bob sign RefundA x, h=H(x) Either sigA and sigB Or sigB and reveal x where H(x)=h Timelocked to T+2 Signed by by - Alice generates DepositA, but doesn’t publish it yet - Alice generates RefundA, and gets Bob’s signature on it - Once RefundA is signed, she publishes DepositA - If Bob learns x before time T+2 , he can take the 1BTC - If Alice does not reveal x, she can claim her refund at T+2 Atomic cross chain swaps Step 2: Bob deposits 1LTC, Alice&Bob sign RefundB - Bob generates DepositB, but doesn’t publish it yet - Bob generates RefundB, and gets Alice’s signature on it - Once RefundB is signed, he publishes DepositB - If Alice reveals x before time T+1 , she can take the 1LTC - If Alice does not reveal x, Bob can claim his refund Either sigA and sigB Or sigA and reveal x where H(x)=h Timelocked to T+1 Signed by by Atomic cross chain swaps Step 3: Alice reveals x, both players claim their coins x, h=H(x) Either sigA and sigB Or sigB and reveal x where H(x)=h Either sigA and sigB Or sigA and reveal x where H(x)=h Timelocked to T+2 Signed by by B Timelocked to T+1 Signed by by - If Alice does not reveal x, Bob can claim his refund at T+1 - If Alice takes the 1LTC she reveals x before time T+1 - If Bob learns x before time T+2, he can take the 1BTC - If Alice does not reveal x, she can claim her refund at T+2 Atomic cross chain swaps ● This protocol could provide secure, decentralized exchange between Altcoins ● This has rarely been seen in the wild ○ Disadvantages: multiple transactions, DoS risk ● Third party exchanges are used instead Bitcoin-pegged altcoins: “Side Chains” Bitcoin-to-Altcoin value transfer Launch an Altcoin, convince BTC users to join Options discussed so far are extremes: ● “Grandfather”: all BTC holders get one no risk taken - Altcoin crashes, nothing changes ● Unilateral exchange: burn BTC, get ALT full risk taken - Altcoin crashes, lost your BTC Bitcoin as a reserve currency Unilateral peg: 1 ALT worth at most 1 BTC 1 BTC deleted forever! Bilateral peg: 1 ALT always worth 1 BTC 1 BTC held in escrow 1 BTC released Side chains Bitcoin transactions that describe Altcoin’s validation rules 1 BTC - Can only spend after presenting evidence that 1 ALT has been deleted 1 ALT destroyed Naively, to support this transaction, every Bitcoin node must store all of the data for Altcoin Side chains - Improving efficiency Idea: Requires validating every transaction Only need to support SPV security Instead of TX is in Longest Valid Blockchain, TX is in Longest Blockchain 1 BTC - Can only spend after presenting evidence that 1 ALT has been deleted Only involves checking Block headers Goal: compact SPV proofs If an Altcoin has a very fast block rate, checking an SPV proof may still be slow O(N) time to check O(N) blocks Instead of a chain, store blocks in a structure supporting probabilistic SPV proof O(polylog N) time to check O(N) blocks ● Blocktree ● Range ● Skiplist Side Chains - Conclusion ● Altcoins that hold Bitcoin in reserve ○ Could smooth Altcoin launch risks ● Requires changes to Bitcoin for support ● Like other Altcoins, could be merge mined ... or avoid merge mining with an alternate puzzle Summary of Altcoins ● Bitcoin coexists with hundreds of Altcoins in many flavors: ○ Hard forks ○ Independent chains ○ Tokens/Layer 2 projects (to be discussed) ● Ecosystem remains competitive ○ Majority of Altcoins have disappeared ○ Much harder to get attention for altcoin with real innovation ○ Many big altcoins competing on smart contract functionality The road to smart contracts Recall: BTC contains a simple scripting language "tx_out":[ { "value":"10.12287097", "scriptPubKey":"OP_DUP OP_HASH160 69e...3d42e OP_EQUALVERIFY OP_CHECKSIG" Addresses are really scripts <30440220...> <0467d2c9...>
OP_DUP OP_HASH160 <69e02e18...> OP_EQUALVERIFY OP_CHECKSIG
scriptPubKey
TO VERIFY: Concatenated script must execute completely with no errors

Bitcoin script instructions
256 opcodes total (15 disabled, 75 reserved)
● Arithmetic
● Logic/data handling
○ Signature verification
○ Multi-signature verification

Bitcoin script is limited
Design goals
I am not impressed
● Built for Bitcoin (inspired by Forth)
● Simple, compact
● Support for cryptography
● Stack-based
● No looping
○ Not Turing-complete
● Time/memory usage bound by program size
image via . Amand

Some useful contracts can be done in Bitcoin
● Proof-of-burn
● MULTISIG/access control trees ● Pay-for-hash-preimage
○ Multi-party lotteries
○ Atomic cross-chain currency exchange
● Micropayment/payment channels
○ Greatly improved with OP_CHECKLOCKTIME

Extending Bitcoin functionality

Bitcoin script left developers wanting more
By adding a few opcodes to Bitcoin script, what if we could support:
● Distributed naming (Namecoin)
● Options, financial derivatives (OpenBazaar, MasterCoin) ● Prediction markets (Futurecoin)
● Open-ended, user-defined functionality?

Namecoin was the first fork of Bitcoin
Goal: distributed naming, similar functionality to DNS 3 new opcodes:
● NAME_NEW
● NAME_FIRST_UPDATE ● NAME_UPDATE

Case study: NameCoin
0x8ca3a9e8…
decentralized control
Zooko’s Triangle

Namecoin introduces three new opcodes NAME_NEW: H(r, “jbonneau”)
12 block delay (frontrunning)
NAME_FIRST_UPDATE: r, “jbonneau”, {“ip” : “68.178.254.235”}
NAME_UPDATE: “jbonneau”, {“ip6” : “2001:4860:0:1001::68”}

Namecoin introduces new global state
google → 172.217.18.110 [owner: Kg] reddit → 151.101.65.140 [owner: Kr]
NAME_NEW y
google reddit y
→ 172.217.18.110 [owner: Kg] → 151.101.65.140 [owner: Kr] → {pending} [owner: Kj]
NAME_FIRST_UPDATE jbonneau,r; 68…
google → 172.217.18.110 [owner: Kg] reddit → 151.101.65.140 [owner: Kr] jbonneau → 68.178.254.235 [owner: Kj]
NAME_UPDATE jbonneau, 2001:…
google → 172.217.18.110 [owner: Kg] reddit → 151.101.65.140 [owner: Kr] jbonneau → 2001:… [owner: Kj]

Namecoin introduces new fees, incentives

Side note: Namecoin got the incentives badly wrong
#Names claimed
An empirical study of Namecoin and lessons for decentralized namespace design
, Miles Carlsten, , and . WEIS 2015
% of all Namecoin registrations

Recap: several requirements for new functionality
new addition
in Namecoin
in Futurecoin
Global state
Track app-specific data
name → value map
list of markets, bets in each market
Express updates to global state
NAME_NEW etc.
OPEN_MARKET etc.
Limit computation & reads/writes to global state
Registration fees to limit squatting, maintenance fees
transaction fees per open market, exchange

Recap: Bitcoin itself implicitly defines state
new addition
in Bitcoin
Global state
Track app-specific data
Express updates to global state
transactions
Limit computation & reads/writes to global state
not required
This state is implicit
Bitcoin scripts only succeed/fail. No side effects on global state
Miners can produce blocks which are very costly to verify

Replicated State Machines

Replicated state machines are the classic abstraction
● Set of possible states S
● Set of possible inputs I
● Set of possible outputs O
● Transition function f: S × I → S × O
● Start state s ∈ S (genesis block)

“Blockchain” is an ordered list of inputs w/consensus
consensus info
consensus info
nonce=0x456…
A→B 17 signed(Alice)
consensus info
nonce=0x123…
B→C 11 signed(Bob)

“State” is really just a compression of history
Outputs: 25→Alice
Inputs: 1[0]
Outputs: 17→Bob, 8→ IGNED(Alice)
Inputs: 2[0]
Outputs: 8→Carol, 7→ IGNED(Bob)
Inputs: 2[1]
Outputs: 6→David, 2→ IGNED(Alice)
Efficient: track UTXO set
{1[0]: 25, A}
{2[0]: 17, B; 2[1]: 8, A}
Inefficient: Scan blockchain to check for validity
{2[1]: 8, A; 3[0]: 8, C, 3[1]: 7,B} is this valid?

Blockchains may include explicit state commitments
consensus info
state commitment
s = {A: 50}
consensus info
state commitment
nonce=0x456…
A→B 17 signed(Alice)
{A: 33, B:17}
consensus info
state commitment
nonce=0x123…
B→C 11 signed(Bob)
{A: 33, B:6, C: 11}

Explicit state commitments offer many advantages
consensus info
state commitment
nonce=0x123…
B→C 11 signed(Bob)
{A: 33, B:6, C: 11}
● Inconsistencies surface immediately
● Light clients can quickly get current state
● Can efficiently verify sequence between any two blocks

Ethereum: A universal RSM

To get Turing-completeness:
● Set of possible states S
● Set of possible inputs I
● Set of possible outputs O
● Transition function f: S × I → S × O
● Start state s ∈ S (genesis block)
Include arbitrary programs
Interpret programs

Universality brings on classic OS problems
● What state can a tx change?
○ memory protection
● How many resources can a contract use?
○ resource contention

Ethereum in one slide
● States S = a map from addresses to state
● Inputs I (transactions)
● Transition f:
○ validate signature
○ run to.code(from, data, value, startgas, gasprice)
● Start state: ∅
y affect the state of
value startgas gasprice
any address

The full* Ethereum blockchain structure
prev height nonce difficulty
state root
miner extra
transaction root receipt root

The full* Ethereum blockchain structure
prev height nonce difficulty
state root
miner extra
transaction root receipt root

The full* Ethereum blockchain structure
prev height nonce difficulty
state root
miner extra
transaction root receipt root
final state
log output

Ethereum addresses can be accounts or contracts
Note: no UTXOs in
H(pub_key)
H(creator, nonce)
Merkle storage root
ETH balance
#transaction sent
Volatile fields

程序代写 CS代考 加微信: powcoder QQ: 1823890830 Email: powcoder@163.com