You can certainly create a p2sh address that you can spend.  p2sh is for any script, not just multi-signature scripts.

Of course, you can also create a p2sh address which cannot be spent because there is no script that both hashes to that value and succeeds when checked. 

IOW, anyone can write a script that says, in effect,

if (false) then
   the output may be spent.

and put funds in a p2sh transaction having a hash that corresponds to that script.  It's just not a very useful script.  There's already 1BitcoinEaterAddressDontSendf59kuE, which does the same thing.  But people don't usually create such scripts (which can't be spent) on purpose. 

Bitcoin is not really economically different from gold.

The supply is quite limited, it is durable, it can be used as a medium of exchange, and people have trouble keeping their individual stashes of it secure against robbery.

Therefore if we want to see Bitcoin's future, we should look at gold's past and present.

We should expect to see people paying online wallets a fee each year to keep their bitcoin safe, the same way people used to pay banks to keep their gold in the vault. We should expect to see the companies that operate those "vaults" buying insurance against theft, the way banks used to buy insurance against theft.  Then we should expect to see them getting laws passed that force their insurance expense to be borne by taxpayers at large, rather than just the people whose Bitcoin they're holding. 

Over time, we should expect to see Bitcoin concentrated in the hands of financial institutions and governments who will then loan it out - then issue promissory notes against it, operating on fractional reserves of it, and then.....  back to fiat currency. 

Face it, when was the last time ordinary people used gold or silver coins in their hands for daily transactions?  Well, Bitcoin is going to eventually occupy the same place that gold and silver do in our current economy; a place for investment capital to flee to, as a last-resort inflation hedge when the productive economy is administered by miss Helena Handbasket.  It will not likely be used by ordinary people.

The real question raised by this thread....

Does anger cause stupidity, or does stupidity cause anger?  Or are they simply correlated without a causal relation? 

Chinese dominance in mining is mostly because of their heavily subsidized electricity; power is cheaper there than nearly anywhere else.

Of course the *production* of power isn't cheaper; all that subsidy comes out of their economy via taxes and fees collected from the public by the government.  Chinese Bitcoin miners are getting rich basically by using the government to rip off their fellow citizens.  Bitcoin is just a new vehicle for that very ancient and traditional transaction.

You know what?  I don't mind a prison where people don't suffer so much. 

If you can keep them separate from the population they'd otherwise prey on, and not fuck them up so badly that they can never rejoin civilization again, I'd say you're doing your job.

The problem with treating prisoners badly is that you make them harder and nastier and more out-of-step with your civilian society than they were to start with.  You fuck them up so badly that releasing them doesn't work all that well. 

I get weirder stuff than that with my breakfast cereal.



In WWII, the Japanese built war tubas!

And here's something google street view managed to catch wandering the streets in Ottawa!



And I'm not entirely sure what's going on here but it looks like she's into it....



Also, did you know that America has a blue minority?  Swear to god, this guy appeared on the Today show.



This wouldn't be nearly as weird as it is if they didn't look all serious and dignified.  


And here's a cute couple but they have a bit of a problem;  It seems like they can't both get what they want in this relationship.

I kept looking at the OP's poll, and the only available answers were 'yes' and 'no'. 

Can we edit the poll to add a 'That's a Stupid Question' button?

I have no idea what my Alexa rating is - and honestly don't care much - but the last three articles in my "cryptocurrency 101" series are interesting reading for people interested in altcoins.

Here are the links:


Making an altcoin based on Bitcoin 0.10 sources:  http://dillingers.com/blog/2015/04/18/how-to-make-an-altcoin/
Difficulty adjustment for an altcoin using the MIDAS algorithm: http://dillingers.com/blog/2015/04/21/altcoin-difficulty-adjustment-with-midas/
Making the genesis coinbase spendable, and adding a premine: http://dillingers.com/blog/2015/04/23/adding-a-premine-to-an-altcoin/

Forgive what may be an unusually dumb question, but how exactly does it work, that a third party can change the script but cannot change what the script does?  

EDIT:

Nevermind, I get it.  It's the spend script, not the store script.  If they change what it does then there is no transaction. 

The problem with not using tx hashes as a transaction ID, is that tx hashes are exactly what the block chain itself uses as a tx ID when specifying what transaction's output to use as an input.  If you don't know the transaction hash in advance, you can't make a transaction that spends its output in advance.  And if you can't make transactions that spend outputs before the outputs they spend actually get into the block chain, then a lot of escrow and other protocols don't work. 

We need transaction ID's to be stable.  Can we make the tx hash by exclusively hashing things that nobody outside the original transaction set can change? 

Well, to be fair the issue is that the fuel is combining with twice its weight in oxygen.  You get triple the weight, but you picked up two thirds of it from the air.

Lots of people celebrate Earth Day around this time of year, but I have two other events on my calendar.

On April 19, there is the David Koresh Memorial Barbecue, to commemorate religious freedom in America.

And right around this time of year, we also celebrate the anniversary of Richard Nixon's death.

Why yes, I am, in fact, something of a cynic.  It works for me.

Okay, this time I'm going to talk about how to claim the coinbase transaction from the genesis block.  Those who want to stick a premine into the genesis block should be paying attention here.


Get the private key for the coinbase
Earlier, we used openssl to get a key pair to use for the genesis coinbase.  We pasted the public key, in hex form, into the coinbase transaction of the genesis block.   Under normal circumstances this coinbase is not spendable. Because there is no wallet at the time the coinbase transaction is created, the private key does not get saved into a wallet.  But if we can import the private key into our wallet after the wallet is created, then the genesis coinbase can be spent.

So, go back to the key pair whose public key you used for the genesis coinbase.  The corresponding private key is the one you need to spend it.  But first you have to figure out what the heck it looks like in the base58 format that you can import into your wallet.

So you need to take the private key and do things to it, to get it into wallet-importable format.  

Here is the sequence of steps you need to do:  

First, take your private key:  For this example, let's say it's
(which it certainly won't be, but I digress.)

Add the prefix byte for newcoin's secret keys.
Then, whatever byte you picked as the value for base58prefixes[SECRET_KEY] above, paste that byte in (in hex form!) as a prefix to the key.  We'll say our byte for base58prefixes was 0xAA.

So now you've got

Find SHA256D of the result

Now you take double SHA256 of that, which you can do from the command line again.
puts the key in binary form into the file temp.
outputs the SHA256 hash of that key.  It will look like this:
Now you copy the hex string and paste it into the following command:
The effect of that is to put the hash of the key, in binary form into the file temp2.  So now you can get SHA256 of the hash like so:
and openssl will spit out the hash of the hash.  

The effect is to do 2 iterations of SHA256 on the private key:  Without piping through xxd both times, we'd be doing SHA256 on a string of bytes which happens to be the ASCII representation of the hexadecimal string instead.  Anyway, the output from that is the  SHA256D hash of the prefix byte plus private key.  For our example, it happens to be

Extract the checksum bytes from the SHA256D hash
The first four bytes of that - which are 02, 70, 9d, 7a, are the checksum for the private key - this is a four-byte code that is appended to keys to make it extremely unlikely (about one chance in four billion) that a mistyped key will actually be a valid key.  This is intended to make it unlikely that people spend coins to wrong addresses.  Of course they do that anyway, but thanks to this checksum it's not because they mistype the addresses.


Append the Checksum bytes to the prefix-extended key
Anyway, you take the key, with the prefix byte, and put the checksum bits at the end of it, so you get

Now, this is a number in hexadecimal, which you have to convert into base58check form.  https://en.bitcoin.it/wiki/Base58Check_encoding  on the bitcoin wiki explains how base58check is encoded, but doesn't point at any handy utility to actually do it that doesn't depend on bitcoin's secret-key prefix.  So I'm going to code one.

A simple little lisp dialect called Scheme, believe it or not, is my favorite scripting language.  I have mit-scheme on my machine, and Scheme has standard bignums and understands numeric notation in hexadecimal.  If you're happier doing this sort of thing in Haskell or Eiffel or Python or whatever, use that instead.  But I'll actually write the six-line program for you if you want to use Scheme.  If you don't have it on your system, you can type

to get it. Then at the command line type

to start it, and paste this function definition into it:


Now you just have to give your key to that function as a hexadecimal number:


and mit-scheme will politely cough out the base58check form of it;  In our example, this is the string


And that is the form of the key that you need to import into your wallet, to enable you to spend the coinbase transaction from the genesis block.

Cool, huh?  Now type
and then 'y' at the yes/no prompt, to quit scheme.

Adding a Premine

Now we're going to come to one of the most abused features of cryptocurrency; I'm going to explain how to add a premine.  

The next thing, if you want to treat the genesis coinbase as your premine, is the question, how to change the amount?  There are three things you have to change.  The obvious thing is in chainparams.cpp,  in the line above the one where you pasted in the coinbase tx public key.  It's at the line where the code says


So, we'll say you want 5000 coins instead of 50 for your premine.  That's an easy enough change here; you just change the number here so it says
instead.  

Change GetBlockValue to Allow your Premine
But this is only the obvious thing.  There are two other things you have to change for this to work.  The next one is the function GetBlockValue in main.cpp.  If you don't change this, your block chain will not be valid when your client tries to check it. This function says what the coinbases are supposed to be worth, and if the client checking the block chain finds a coinbase transaction that doesn't match what this function says it ought to be, then it will reject the genesis block.  The function looks like


and you want to make the subsidy for the block at height zero (ie, the genesis block) worth 5000 coins instead of 50.  And while we're here we might as well correct the comment's assumption of ten-minute blocks.  So your revised function can look like this:


Then go back to chainparams.cpp  and set the subsidy halving interval to 350000 instead of 210000 to maintain the 4-year halving interval (assuming you want a 4-year halving interval).  Another effect of this change is that it will also change your ultimate number of coins to be issued to be ~35M instead of ~21M.  

Regenerate the Nonces

Okay, that was the second of three things.  Now for the third.  You should already know what this is.  When we changed the genesis coinbase,  We changed the hash of the transaction.  And when we changed the hash of the transaction, we changed the merkle root in the genesis block.  And that invalidated our nonce.  So you need to mine your genesis blocks again.  

I covered this already when I explained how to mine genesis blocks.  You go back to chainparams.cpp, change the 'false's to 'true's, erase the ~/.newcoin directory, compile, and start it up.  It'll take a while.  Then you look at the debug.log in the (re-created) ~/.newcoin directory to get the new values.  Paste them in for the main params, Rinse, repeat, paste in the testnet params.  Rinse, repeat, paste in the regtest params.  Then change the 'true's to 'false's, and compile again.

So now newcoin has a genesis block coinbase with a premine of 5000 coins, and you have a key you can import into your wallet later which will allow you to actually spend the 5000 coins.

Changing the number of coins that can be issued

With your premine and different halving interval you've changed the number of coins that can be issued.  But you need to change other parts of the code for this to be fully supported.  The first and most obvious is in amount.h, where it says
And, obviously, you change the 21000000 to 35004950.  (remember, you added 4950 coins to the total when you changed the output of the genesis coinbase).


The second is in rpcserver.cpp, in the function AmountFromValue. It looks like this:  
And once again, you need to change that 21000000 to 35004950.  And now you have code for a client that is correct for your new block spacing and coin distribution.  

This is mainly just my opinion, but proof-of-stake in the usual implementation undermines the utility of a cryptocurrency by providing people with a motive to *NOT* make transactions. 

If folks just sit there and hoard their coins, it doesn't make a very good medium of exchange. 

In general, tx malleability should never happen by accident or when the people making the transactions don't intend it.

Right now it never happens by accident - but it can be non-accidental on the part of somebody who *isn't* one of the people making the transaction.  Somebody out there on the network (especially if they're a miner) can deliberately construct a replacement transaction that has a different hash and broadcast that instead of the original transaction.  In that case tx malleability happens without the intent of the people making the tx. 

And it is this case that current efforts to limit tx malleability are trying to address. 

In the usual case, if the person doing it isn't a miner, the replacement transaction has to be the one that reaches more nodes of the network faster, or it won't get relayed.  And the original tx has a head-start.  A miner constructing modified transactions to put into a block doesn't have this logistical problem.  But in the normal case, miners also don't have any motive to do this. 

Having a 'canonical form' for transactions, meaning inputs and outputs are in a particular checkable sequence, and only one of the possible key transformations or signature forms can be used - would address the problem.  But every possible choice of canonical form to be used would conflict with the way *somebody* is using (deliberate) tx malleability now. 

The only problem I see with the per-bit masking of block version is old clients that misinterpret the bits without realizing that the same bit they expect to mean A, now means B.  

One way to avoid this is for the old clients to know at what block height their knowledge of the meaning of the bits was current; then when checking the block chain, if they see more than one on-off cycle during the block chain since that point they are aware that they no longer know the meaning of a bit.

If the transaction that put coins at that address was a no-fee transaction that was never picked up by a miner, then a transaction that spends the coins from that address isn't possible for a miner to pick up. 

You could rebroadcast the original tx; a miner might pick it up eventually.  If it was a no-fee transaction the odds aren't all that great, but at least it would have a higher priority by now.  Anyway, if the first one goes through, the second would become valid and could go through as well. 

A fair number of miners have "child-pays-for-parent" implemented, which means that if they can see the original no-fee tx, and another tx arrives spending its inputs but the second tx pays enough fees to cover them, they'll pick up both tx.  But if it's been more than a few days they can't still see the original unless you rebroadcast it.

http://www.norsam.com/rosetta.html

Engrave on nickel plate too small for eyes to see. 

Read with a microscope. 

Hide anywhere. 

Anyway, what I've got above is mostly applicable to whatever codebase you're forking from, assuming it is ultimately something that originated with a bitcoin fork.  You may have to find the respective functions living in different files with earlier versions, or they may be slightly differently structured, but adapting things is pretty straightforward.

And I haven't kept up with Litecoin; aren't they lagging behind Bitcoin in features these days?  Did stealth addresses, deterministic wallets, etc, ever make it into Litecoin? 

I think you're right about that.  Assuming the key for that coinbase transaction was saved, the key corresponding to the original coinbase could be used to spend any of the tx that have sent money to it.

That key can't automatically wind up in a wallet the way other mining keys do, because no wallet exists yet at the time the coinbase tx is created.  So you'd have to have planned ahead and taken a few fancy steps to even have that key.

For people who are interested in making altcoin, I've taken the original topic here and made a more serious treatment of it on another thread:  https://bitcointalk.org/index.php?topic=1030365.0