 Show Posts
|
|
Pages: [1] 2 3 4 5 »
|
Bitcoin (as others blockchains projects as well) relies not only on cryptography, but heavily on theory of state machine replication and incentives theories (let's say it has also founded a new way to do SMR compared to "classical" ones, imho its biggest legacy). If you are interested in those topics as well, the most interesting theoretical analysis I have ever found is Tim Roughgarden's Foundations of Blockchains: https://www.youtube.com/playlist?list=PLEGCF-WLh2RLOHv_xUGLqRts_9JxrckiA |
|
|
|
Hi I don't know about certifications, but of course there are many sources out there, given the cryptocurrencies deal with many many fundamental topics worth their own course (computer science, cryptography, games theory, economy just to mention the major ones). Laying on those, any cryptocurrency has its peculiarities, and this again open a big landscape. So I guess first you should understand what you want to improve (I suppose you already have a basic knowledge of the tech). That said, my opinionated hint is Foundations of Blockchains by Tim Roughgarden: https://www.youtube.com/playlist?list=PLEGCF-WLh2RLOHv_xUGLqRts_9JxrckiAno certification, and not all the lectures have been released yet (my educated guess is half of total have been; it's partially funded by IBM grants so I have no worries about its completion) but it's a very high bar course (university level) and free of charge. It deals with computer science side of blockchains, the only resource I have found going very deep on state machine replication flavours, BFT, longest consensus, PoW e PoS anti-sybil leader election strategies, and more. All of that with agnostic style. It's a long term effort, and you won't master a specific cryptocurrency after it, but you'll have powerful knowledge tools to analyze the many promises of this field, and why not, to choose which technology to devote to. my2c Hello everyone, I plan on improving my CV by adding some cryptocurrency courses . Since one can gain a certificate online, I want to use my free time to study a course; [...]
|
|
|
|
The statement is the bitcoin consensus rules, basically expressing "I know a chain of blocks that is valid and results in chain state X". The (private) witness is the chain of blocks. The chain state contains data like the block height, the total work, etc, but also a UTXO set commitment. To get a feeling for it, see our demo https://zerosync.org/headers-chain.htmlSo, is it correct to say that when you'll have The Full Chain Proof, your proof will prove that you known a set of ordered blocks (the witness) which starts from the Genesis one and produce -following all BTC consensus rules- the current UTXO set you advertise (and the additional data you have mentioned - height, total work,...)? If so I think it's important -without of course forgetting the non-easy need for Full Chain Proof- to underline explicitly the result I have summarized above, because it would mean that, with publicly and widely audited scheme proved sound, the only way to cheat "for you" (aka for anyone advertising a current state by means of your tech) would be to be able to reconstruct a valid blockchain from the beginning, which should reassure many doubts. Wish you to make fast progresses toward Full-Chain-Proof |
|
|
|
Hi, I am the project lead at ZeroSync. Happy to see our work discussed on bitcointalk. Would like to clarify a few points mentioned here:
thanks your notes Just to have an high level idea in a quick/lazy way ;-) , any diagram/note/schema about who plays the role of public STATEMENT & private WITNESS (in the SNARK meaning of those keywords) in each of the 3 stages of your chainproof (header/assumedvalid/full)? |
|
|
|
ll Knowledge" system would be more suitable for public blockchain verification, there is no sense in wrapping stuff in ZK for the hell of it.
[...]
These things are not going to be any better than SPV at network security, might they offer a trusted solution that is scalable? Hopefully. But other than that no one will replace a full node with zero knowledge unless they dont care about what code they are running and in that case why even run a node?
I'm not ZeroSync evangelist nor I have any interest with them. That said, I think you are thinking to zkSNARKs, but SNARKs can be also non-ZK. Their use is justified by being "Succinct", short proof (and quickly verifiable). Also ZK-Rollups, despite the name, are not zero knowledge, they use SNARKs because of succinctness. So, I don't know if ZeroSync idea is good for blockchain size reduction (because any serious evaluation of schemes of that complexity should require a careful study of the proposed solution) , or if it will be accepted (I don't think so to be honest), but the usage of SNARKs to have succinct and fast checkable proof is brand new but well established.. confusing it with ZK flavours is not a good service to the OP imho |
|
|
|
I am not sure how the Bitcoin community and pro full-node proponents will accept the idea of not being the ones that perform the full verification process themselves. If the idea has always been to verify and not trust, I don't see that changing. I guess it's also going to depend on how ZeroSync exactly verifies those transactions. An increase in centralization will surely not be something hardcore-bitcoiners will approve of.
I don't know ZeroSync actual tech, but from what I read my educated guess is they are going to use recursive or folded SNARKs, in the path of an "old" idea called UTREEXO... so not possible to judge just from that simple article, but tech to do something good exist... and StarkWare funding seems reassuring |
|
|
|
There is no 'proof' it's part of the basic concept of PoW.
I'm sure OP is thinking to Bitcoin, so it's ok for current level of talk to identify consensus with PoW, but for the sake of accuracy it depends on longest-chain consensus style, not on PoW leader election strategy. The need to wait a number of blocks before considering finalized a previous one would apply in whichever uniform way we could choose the "miner", e.g. even in the "extreme" case of round-robin choice in a permissioned context. Or, as far as I know, Cardano using PoS on longest-chain as an analogous probabilistic finality concept. I guess it's common to identify PoW with Longest-Chain cause it seems a bad idea to use it with BFT-style consensus, so everywhere you have PoW you also have LC  |
|
|
|
If you are really "brave", well motivated and with quite enough time to devote to your interest about that, here there's what imho is nearest to a proof. It's in lecture 8 videos while lecture 9 specialize the analysis to PoW blockchains, but you definitely need to watch (and understand) the whole course till there to understand... the many concepts needed -just to deal with it in a rigorous way- are introduced in a step by step way: https://www.youtube.com/playlist?list=PLEGCF-WLh2RLOHv_xUGLqRts_9JxrckiAjust a quick note about what you have to expect: longest chain consensus attain PROBABILISTIC finality, even when formally described. The probabilistic nature comes from the fact there isn't an a-priori knowledge of which node is an adversarial one, whichever leader election strategy (=way to choose who build the next block) it's chosen Wish you a good learning work! Yes, I know this, but I need mathematical proof
|
|
|
|
well, forking and subsequent reorgs are local events, so we cannot be sure forkmonitor offers a statistical reliable view from global/overall perspective. But agreeing it does (I'm sure actual tuning cause few forks/reorgs because of the 10sec/10min ratio), my point is that long propagation times due to offline nodes, only sporadically peering with the BTC network, would increase the risk. Disconnected nodes/client cannot be sure to share an updated status of the ledger, and if they are enough to have miners between them, well.. enjoy the mess ...the matter is that BTC has a global consensus model, but the way it works depends on quite strictly bounded propagation times (which cannot be taken for granted with a significant number of offline nodes) |
|
|
|
|
Hi everybody
about this thread, I hope it's useful to remember that propagation time / mining interval ratio is of huge importance regarding forks/reorgs and so double spending issues, but also underline that it has a role in setting sufficient conditions about safe honest/byzantine nodes ratio... so an offline scenario is highly risky considering a Nakamoto Consensus network as a whole. I guess sharding could be a plan-b, but I'm currently not expert enough to speak about it, and more important it wouldn't be BTC anymore (at least not as we know it now)
|
|
|
|
There is scriptSig and scriptPubKey. And when you provide scriptPubKey — you provide your public key and some opcodes are added. But when you provide scriptSig — what do you sign?
I wrote it in 2019 so it's not up-to-date with taproot & co, but maybe it can someway help you, as far as you are starting from the bases: https://github.com/baro77/btcUnlockingLockingScriptCS |
|
|
|
Is it possible to make DEX on Monero?
if you mean something involving HTLC no imho, even if -using pairings- atomic swaps tries are being developed. Anyway, depending how strong is your definition of DEX, you can follow these two projects: https://haveno.exchangehttps://serai.exchange |
|
|
|
I guess that many of us first reference was Mastering Bitcoin by Andreas Antonopoulos: today outdated regarding many recent developments (let's hope in a 3rd edition  ), but still a solid foundation of the field for geek-level readers |
|
|
|
I also thought about that. But then, there is a bigger problem, because you need some way to implement mining. So, I can see two options: hashing each message separately, or implementing a hidden chain. I prefer the second, because then all hashes could be hidden as commitments. Then, the only option to stop that, would require banning all ways of encrypting anything (or pushing any random, non-explained data), which is hard to enforce.
Could you elaborate a bit more about this idea? I'm not understanding neither of the two options... |
|
|
|
i think the know the use-case would be relevant to choose the way to store the message: OP_RETURN is for sure the cleanest/most elegant way, however it's prunable ( https://en.bitcoin.it/wiki/OP_RETURN)... so imho it should be evaluated if its presence guaranteed only in full nodes is ok or not |
|
|
|
|
