Thank you for that.  And I'm likely to take you up on it when I think I've got stuff ready.  Recent versions of Windows are completely a mystery to me, and I wouldn't know where to start. 


Sure.  I haven't made the new edits on my blog post yet, but please include a link back to it.


Sure, I understand that.  When I'm getting ready to support a codebase, I spend hours a day just READING the code to try to understand all the parts and how they work together.  So I completely understand the need to see it and get familiar with it and see how everything interacts.  The name change though, is total and unambiguous, so it can really be done in one step and doing it otherwise I'd be afraid of missing stuff or making mistakes. 

I know Windows works really well for a lot of people, but all I really remember about it is being frustrated whenever I tried to do anything complicated from the command line.  It has environment variables, some filename globbing and you can use pipes to send output to files or devices or the next command, so the command line isn't overtly broken.  But recursive utilities, stream editors, patterned renaming, anything like the find command...  I never discovered any way to do those things. I don't know if that's because I just am ignorant about tools and utilities available on Windows, or if those tools and utilities really don't exist.  Anyway, I don't mean to insult it - I just don't know how people do the tasks that make me reach for those utilities. 

I guess I'm writing this guide aimed at Unix/Linux users because I don't even know HOW to do most of this stuff on Windows.

No, that whole afterlife thing is mainly just the death cults.  Christianity, Islam, and several others in history.

But Jews and Buddhists for example don't really have afterlife-centric beliefs.  If you ask a rabbi, he'll tell you "souls come from God and they return to God."  And there's not really even so much as speculation about whether there is an experiential afterlife and whether it is filled with suffering or glory.   

If you ask a Buddhist, then depending on what path of Buddhist, he'll either tell you the question is irrelevant, or tell you that we are to be reincarnated until we have no more to learn - and there isn't much in the way of any belief about what happens after that point; "Nirvana" is a concept, not a place anyone expects to experience.  What they expect to experience on achieving Nirvana - is Nothing.  Pure oblivion, a complete cessation of experience.  And there are lots of variations on that belief throughout the Eastern hemisphere. 

These are MAJOR religions, with millions, and sometimes billions, of followers.  They just happen not to be the kind of death cults that drive this sort of violence.

Weirdly enough, you aren't the first person to mention that I might be. 

But the fact is, I'm not.  Really and truly, cross my heart, I'm not Satoshi.

Which, of course, is the exact same thing I'd tell you if I were.   

Yes, I think that's probably it.  And yes, you can construct a circuit to do an addition of three values in one step on an ASIC.  And no, this is not you being ignorant, this is fairly obscure stuff.  ASICs follow their own weird set of rules and it's not quite the same ones that software follows.


I believe that the message expansion step can be a near-NOP like bitshifting on an ASIC; you are right about the final hash value though, so I was off by eight.

Here's one round of SHA256, expressed as a pseudo-circuit diagram:

where the red pluses indicate 32-bit addition and the dark-blue boxes are defined as
,
,
,

(and of course the plus inside the circle is xor).

It looks like the implementation you linked to is using extra additions to feed into Ch and Ma - which is an artifact of not being able to directly split the circuit traces that come off the EFG and ABC registers respectively.  It, or something very like it, is probably the best you can do in software. 

Do the edits make it clearer for normal people to read? 

Hmm, okay.  The list format with headers in bold is considered clearer?  I can do that, I guess.  Good reminder about what normal people like, though.  I always forget how visually oriented most people are; I live and breathe text and code and don't even notice visual details like that.  It's a communication problem, actually.  People present pictures thinking they're clearer, and to me they just aren't.  Important parts of the information are always missing from pictures.  At least I don't see them there.  Normal people think a map is clearer than written instructions, even when the map doesn't give the names of the darn streets!  So I get lost not knowing what streets to be looking for because the place never really looks like the map.  But enough about one of my personal issues.... 

It looks like he's got good expertise for doing it on Windows, which I have heard is tough.  He even uses the Windows command line fairly effectively, even though it looks like the Windows command line is still almost as crippled as I remember it being.  He couldn't even do a recursive string replacement from his command line, let alone changing filenames.  If you have to do it by hand like that, editing and renaming every file one at a time, you're going to make mistakes and miss stuff.  Scary.

Wait, it looks like he didn't rename files.  He's got an alt, and all the source files are still named bitcoin-whatever?  And he has to rename his executables every time after he builds?  Ergh.  That would bother me a lot more than it does him, I guess.  Is not being bothered by text inconsistencies like that another "normal people" thing? 

It does look like he's gotten a lot further with his guide than I have yet, covering topics like hosting and premine and retargeting and so on that I haven't touched yet.  So props to him for that.

I'm probably going to need someone with that kind of Windows expertise to port my stuff when I launch.  I haven't used Windows in a long time, and it would be hard for me to test a windows build even if I attempted to make one.  I'd probably have to rent a cloud server with Windows on it, then read a lot about how to configure a build environment on Windows, and start really from zero. 

I've now put a version of this article on my blog, at: http://dillingers.com/blog/2015/04/21/altcoin-difficulty-adjustment-with-midas/ .  If you quote it or post it elsewhere, please include a link back to that page.

Altcoin Difficulty Adjustment With MIDAS

Okay, I promised I’d give a way to fix the difficulty retargeting issue. Here it is.

Go to the file src/pow.cpp. Delete the function GetNextWorkRequired.

Replace it with the code attached to this post.

MIDAS or Multi Interval Difficulty Adjustment System is my own invention. It responds very well to sudden changes in hashing power whether up or down. Emergency adjustments if needed usually kick in within ten blocks, and in non-emergencies it’s got a responsive but gradual and well-damped adjustment.

Additionally, it makes an effort to keep the block chain height approximately synchronized with real time – although real time here should be thought of more in terms of calendar date than clock time. If it’s more than a couple of weeks behind, MIDAS will be trying to make block times about 10% faster than nominal, and if it’s more than a couple of weeks ahead, it will be trying to make block times about 10% slower than nominal. Inbetween, there’s a linear interpolation between those speeds – meaning the point toward which MIDAS regulates will be exactly the nominal block time whenever it there’s an exact correspondence between block height and real time. Whenever the hashing rate has been reasonably steady for the last month or so, the correspondence between block height and actual time should be within a few hours.

This was originally proposed as a reaction to (and replacement for) the first version of the Kimoto Gravity Well algorithm, which was extremely “twitchy” in that whenever two blocks arrived whose timestamps were too close together, or reversed in sequence, it would make extreme adjustments to the difficulty rate. By checking multiple different intervals and making adjustments only when there is agreement as judged by several intervals as to which way and approximately how extreme the adjustment should be, MIDAS both avoids twitchiness and permits fairly extreme adjustments when they are actually needed.

Because the intervals it checks have no common divisor, it is also extremely resistant to timewarp attacks; there are no “harmonics” for an attacker to exploit that would allow bogus timestamps at particular intervals to reinforce each other leading to spurious adjustments, and no way for a bogus timestamp to cause a disproportional difficulty adjustment.

In my opinion, MIDAS is something that almost every altcoin ought to have; I believe it to be better behaved than anything else I know of that’s in use.

Setting Parameters – Block Intervals

Back in the file ChainParams.cpp, there are some parameters you can change that will change the behavior of your difficulty retargeting. The most important one is nTargetSpacing, in all three of the parameters initializers. For Bitcoin this is set (in all three places) to 600 (10 * 60) because the Bitcoin protocol is built around ten-minute blocks and there are 600 seconds in a block. If you want six-minute blocks for Newcoin, set it to 360 (6 * 60) instead. Most alts make this faster, which tends to centralize mining at places with good connectivity because the shorter the block time is, the more likely the miner is to get an orphan block due to otherwise-insignificant differences in network lag. If you make the block times too short, the network won’t be able to synchronize because blocks won’t even be able to cross the network before

Setting Parameters – Adjustment Interval
The second is the nAdjustmentInterval, which is set directly below nTargetSpacing in all three blocks. MIDAS uses this variable for an entirely different purpose than Bitcoin’s difficulty adjustment algorithm used it for. In MIDAS, this is the period over which the block intervals are regulated +- 10% depending on how far the block height is from correspondence with the timestamps. From Bitcoin’s code this is 60 * 60 * 24 * 7 — one week’s worth of seconds. I’m leaving that value in place.

MIDAS stretches or shrinks blocks slightly as it seeks to make (genesis time + block height * nTargetSpacing) approximately equal to the timestamps of the blocks it’s receiving. nTargetSpacing, or the nominal block time, given our value of 6 minutes, is 360 seconds. In fact, the block intervals that MIDAS will regulate toward range from 324 (360-36) seconds if it’s a full adjustment period or more behind, to 396 (360+36) seconds if it’s a full adjustment period or more ahead. In between, there’s a smooth interpolation, so as long as the correspondence is reasonably close we should never be regulating toward an interval more than a few seconds longer or shorter than 360. If you made the adjustment interval very short, then smaller differences in correspondence would result in greater differences in the block timing MIDAS regulates to achieve. As written, the difference from nominal spacing is limited to ten percent.

The Code:

Most recent 'Cryptocurrency 101' blog post at

http://dillingers.com/blog/2015/04/18/how-to-make-an-altcoin/

Explains how to adapt the Bitcoin 0.10 sources to make an altcoin.

For educational purposes mostly, although I'm sure it will mean some people make alts that otherwise wouldn't have.  

Here's a paste of the full text article:  Additions and corrections are welcome.


How to make an altcoin

Okay, I’m going to preface this article by asking you two things:

First, WHY do you want to create an altcoin?

This is a starting point.  If you don’t have some original ideas, and the ability to actually read and write C++ code to implement them, then you’re going to create something that can’t do anything Bitcoin can’t do, and in that case there’s no point in releasing it.  So don’t.

If you want to release an altcoin, pump it, get a lot of suckers to invest their money, bribe a cryptocurrency exchange to put up a trading market in it, and then dump a bunch of premined coins on the inflated market and leave all the suckers holding the bag, then “don’t” isn’t quite all the advice I want to give you.  Additionally, “go die in a fire”.

So. If you have a reason to create an altcoin – something you’ve thought of a way to do that won’t ever get into Bitcoin itself and which would enable your ideal cryptocurrency to function in ways Bitcoin can’t – then I have a second question for you.

Can you commit yourself to maintaining a release?

This is serious. If you’re going to release an altcoin, you’re going to have a forty-hour-a-week job supporting it. You’re going to have to spend time every day just reading the code to make sure you know what every part of it does. And you’ll need that knowledge, because you’re going to have to figure out technical problems and make technical fixes, in emergency situations, when some joker attacks your block chain. Bitcoin has some stability because Bitcoin has a majority of the hashing power on the planet devoted to it. Your altcoin isn’t even a fart in a hurricane yet, and your proof-of-work block chain will be subject to attacks that you’re going to have to either anticipate or counter in real time. Reading code every day is preparation. The only way you can find your way around it fast enough to make fixes is if you know it inside and out. Anyway, you can have a full time job, or a social and family life, and maintain a released altcoin – but probably not both, unless you’re one of those people who regards sleep as a wholly inadequate time-wasting substitute for caffeine.

Now, with all that said, this article will cover only the beginning of the process: shamelessly cloning an existing coin. Whatever innovations you intend to make, I can’t anticipate them, so there’s no guide here to making them. You have to read the code until you understand it well enough to make them yourself. For purposes of this article, we’re going to use Bitcoin’s 0.10 source code, we’re going to make a near-clone of it named “Newcoin”, and I’m going to be working with Debian Jessie.

Get the source code
Open up a command line shell. Make a new directory in your home directory named src. It’s where you’ll be working. So your first three command lines are


Now use your web browser to go to https://bitcoin.org/en/download, find the button in the lower right corner of the box that says “source code”, and get the archive. Its name should be bitcoin-0.10.0(1).tar.gz. Copy it into your new directory and unpack it using the commands:


In the above two commands, the backslashes before the parens are because there are actual parentheses in the filename, and if you just type them, your shell will try to interpret the command differently. And the directory ~/Downloads is where stuff lands on my system when I download it with my web browser. If you’ve got yours set up differently, you should adjust the command to use your download directory instead, whatever it’s named.

And the last command makes a clone of the bitcoin-0.10.0 directory named newcoin – with its own copies of all the files you just extracted. You should use whatever you want thename of your new altcoin to be for the name of this directory.

Next, you need to get all the stuff that building Bitcoin depends on. Here’s a sequence of commands to do that.

Get the stuff the code depends on

Now, I cheated a little bit here. Debian has a Bitcoin package available in its ‘sid’ distribution, but it doesn’t use the same version of the source code we want to work with. The first line makes you root, because root has the permission to modify sources.list and install packages. It’ll ask for the root password and you need to enter it. The second line changes sources.list to add the sid sources to what’s available to your apt command. The third line tells Debian to download all the meta-information about those sources, so it knows what the build process for these packages require. The fourth and fifth lines tell it to download and install all the stuff you would need to build the sid Bitcoin source code package. But you didn’t download the sid source code package, you downloaded the new source code directly from the site instead. The cheat is that the dependencies are the same, so this is an easy way to get everything you need to build. And the last line is to quit being root.

Test build to make sure you got everything set up
The next step is build Bitcoin just to make sure you got everything. So let’s do that. Here are some more command lines. Some of these may take a few minutes to run to completion; this is normal.
How all that worked. (the Automake system)
aclocal generates a file called ‘aclocal.m4′ which is a bunch of macro definitions and so on that automake works with. There was already an aclocal.m4 in the directory, but it is for a version of automake that probably isn’t the one installed on your Jessie system.

automake –add-missing invokes automake, which uses those macros and the file Makefile.am, which is already there, to create another file named Makefile.in. The –add-missing argument tells it to create a couple of standard macro packages that automake uses, because the Bitcoin sources didn’t provide them; it didn’t need to provide them, because it uses the defaults provided by –add-missing.

Makefile.in specifies what configuration needs to know and do and saves that in a shell script named configure. Then ./configure runs that shell script, which tests a lot of things on your system, finds what’s available to build with and link against, and generally figures out in detail how to build the Bitcoin sources it’s looking at, saving that information in a makefile. The –with-incompatible-bdb argument says it’s okay with you to use a version of the Berkeley database later than the one the original Bitcoin client was built with.

Finally make actually uses the makefile that you just built using ./configure, to build the Bitcoin project.

And if you got all the stuff you needed to build with, the whole process should finish without an error.

Check to make sure your test build worked.
Here’s a couple more command lines to make sure that the build worked, by checking to make sure the executable files it was supposed to build are actually there.

Got ‘em? Excellent! That means your build environment has everything you need to work with to make an altcoin. So, now that the smoke test is over, it’s time to actually go to the newcoin directory and start making your altcoin. So here are some more command lines:
Start your altcoin by using its name instead of Bitcoin's
The first four commands change every occurrence of the string ‘bitcoin’ in four capitalizations to the string ‘newcoin’ in all the files in this directory or under it, in three different capitalizations. The second three commands do the same thing to the string ‘btc’, transforming every instance of it into all-caps.

Rename 'bitcoin' filenames to the name of your altcoin
Now, because this also affected makefiles which contain filenames, and affected source files which have filenames in their include statements, you’ve got to change all the filenames that have the string ‘bitcoin’ in them to match what’s now in the include statements and makefiles. Fortunately, this is just as easy.
Will rename every file that has ‘bitcoin’ or ‘btc’ in the name, recursing into subdirectories as needed. So now your filenames match up with your changed makefiles and include statements.


Check for stuff your edits missed because it was misspelled.
Now look for misspellings of it.
Aside from uncovering a bunch of references in source code to nDebitCached and a few similarly named variables, reveals that in Arabic translations ‘Bitcoin’ was rendered as ‘Bitcion’ in several translated sentences. In Dutch, it mentions a "bitcon:-URI", and it became ‘Bitconi’ once in a language I don’t recognize at all but which may be Estonian.

The Dutch is certainly a misspelling, because URI’s are spelled the same regardless of language. So
sorts that.

I remember about Arabic that it inflects words using patterns of triple vowels, and ‘bitcion’ is used more than once, so it might not be a misspelling. A quick check on Google, however, reveals a lot of instances of ‘Bitcoin’ misspelled in English, and no Arabic pages. So with more evidence, I think I’ll conclude that it probably is a misspelling – about which, again, there’s a chance I’m wrong, and if ‘newcoin’ were what you were actually naming your new alt, you should write on your list of things to do asking someone who actually speaks Arabic about it. But for now patch it using
And then there’s the Estonian-or-whatever-it-is. I haven’t heard of any languages outside the middle east that inflect by modifying vowel sequences, and ‘Bitconi’ seems likely to be a misspelling, so once more I’ll just make a possibly-dumb assumption and patch it.
Fix the copyright notices and credits

Now, the license under which you have access to this code mentions, among other things, leaving copyright notices intact – and you mangled ‘em when you switched ‘Bitcoin’ to ‘Newcoin’ because the boilerplate line there refers to the ‘Bitcoin Development Team’. So you need to change ‘Newcoin’ back to ‘Bitcoin’ but only on the lines where it’s part of a copyright statement.
sorts that. I left the first letter off of ‘Copyright’ because I didn’t want it to care about the capitalization.

There were also a lot of references to Bitcoin in the release-notes files, and it would be an outright lie to pretend that those earlier releases were releases of your alt rather than releases of Bitcoin, so those need changed back, too.
handles that.

Change the port numbers
Bitcoin uses ports 8332 and 18332 on its main net and 8333 and 18333 on its test net. You want newcoin to use different ports, just to make it handy for people to run both clients at the same time.
will switch newcoin to using ports 9443 and 19443 on mainnet and 9444 and 19444 on testnet. Once again, you should provide your own values. But don’t change any of the port numbers to anything below 1000, or nobody except root will be able to run it. I should mention here that in addition to the port numbers, you just changed a couple of hex strings in the testing directory that the test framework feeds to the RPC interface. But you were going to fail those tests anyway, because other edits you’re making will make Newcoin keys different from Bitcoin keys.

Use your own artwork
You don’t really want to show Bitcoin’s icons and images every time you start up, so you need to go and edit some graphics in the directory src/qt/res. When editing, be sure to save new images that are exactly the same size and file format as the old ones. When you want to change the sizes and/or file formats, you need to understand the QT framework first.

I don’t have any nifty command lines that can help you make good art, so you’re on your own here. At the very least, you’re going to want to edit newcoin.ico, newcoin.png, newcoin_testnet.ico, newcoin_testnet.png, and newcoin.icns. I suggest using GIMP for all of these edits; it speaks all those graphics formats. The ico and icns files are particularly annoying to deal with because you have to make similar (but not identical) changes on many different layers of the saved image.

Build for the first time
Now we’re done with wholesale edits. It’s time to see whether you broke anything yet. So type
and wait a few minutes.

Did it build? You now have newcoind, newcoin-cli, and newcoin-qt? Awesome! So now that we managed to get the wholesale edits right, it’s time to actually look at source code and start doing some very specific edits.

In chainparams.cpp, edit the checkpoints

Get your favorite programming editor, go to the newcoin/src/ directory, and open up chainparams.cpp.

Search for the string ‘mapCheckpoints’ and it will take you immediately to line 55, which sets a static variable named mapCheckpoints to a list of pairs – the first member of each pair is the block height, and the second is the hash of that block. The Bitcoin client uses these as it verifies the Bitcoin block chain. So if you leave those in, the newcoin client will be looking for blocks that don’t exist in the newcoin block chain. So get rid of ‘em, and put a place holder for your genesis block in instead. This place holder will be wrong, but we can’t fix it until after we mine a genesis block. After your edit, it should look like this:

Zero is the block height of the genesis block, and uint256(“0×001″) is a wild guess about what the hash is going to be.

Make the same edit at the locations where it sets ‘mapCheckpointsTestnet’ and ‘mapCheckpointsRegtest’.

Edit the Checkpoint Data
Right under each of these edited checkpoint lists, there are statements that set a corresponding variable. These are named data (for the main network), dataTestnet (for the test network), and dataRegtest (for regression testing). Go to the command line and type
to find out what the current unix epoch date is, then overwrite the first number in each of these blocks with the current date. You’ll have to do this again (and mine new genesis blocks) right before launch. The second number in each block is a transaction count as of the most recent checkpoint; it should be replaced by zero, because there are no transactions before the genesis block. The third number doesn’t matter as much, but for now I suggest 500 for the main network, 250 for the test network, and zero for the regtest. Updating these numbers as the amount of traffic on your coin’s block chain changes is one of the things you do as dev, if you want your clients to make accurate estimates of their progress as they reindex or verify the block chain.

Change the protocol 'magic' bytes

The next block after dataRegtest is setting another variable named CMainParams. And you have a lot of things to change here. The first four lines of code set values in an array called pchMessageStart. These are the network ‘magic bytes’; They’re a series of four bytes that identify messages as belonging to a particular protocol. 0xf9, 0xbe, 0xb4, and 0xd9 are the ones Bitcoin uses. You want to use something else, so that nobody can ever trick your newcoin client into connecting to the Bitcoin network, or vice versa. It doesn’t matter what these are except that they shouldn’t match the ones used in other protocols (particularly other cryptocurrency block chains). They have to be values between 0 and 255. I suggest going back to the shell and using
Just repeat the command, and write down the last three digits whenever they’re under 255. When you’ve got four of them, set the pchMessageStart values in CMainParams. When you’ve got four more, set the pchMessageStart values in CTestNetParams. And when you’ve got four more, set the pchMessageStart values in CRegTestParams.

Make your alert and genesis coinbase keys
The next line (in the first two params objects) sets vAlertPubKey values. So go back to the command line to get some.
Will create private keys and drop them into files named alertkey.pem, testnetalert.pem, and genesiscoinbase.pem, then expand them into key pairs and drop the key pairs in hex format into files named alertkey.hex, testnetalert.hex, and genesiscoinbase.hex.

Insert your alert keys
Will show the contents of alertkey.hex. Copy the four lines that appear between ‘pub’ and ‘ASN1 OID: secp256k1′ and paste them into the source code file replacing the string contents in the line that says vAlertPubKey = ParseHex(“…”);

Then edit to strip the colon characters and linefeeds out of it, and you’ve got an alert key. If you ever need to send an alert out over the network, you can use the corresponding private key.
will show you a key for testnet, so you can set the vAlertPubKey the CTestNetParams block. The CRegTest block doesn’t have one of its own; if it ever needs one, it uses the testnet key.

Edit the timestamp string
Now we skip down to the famous timestamp string, at the line
It’s traditional to pick a newspaper headline for the day of launch, but you don’t have to. Whatever you use, keep it short. If it’s over 90 characters or so the block will fail a length check that’s supposed to prevent denial-of-service attacks from people attaching big data to transactions.

Insert the genesis pubkey.
will show you a key for the genesis coinbase transaction, so you can paste that into the CMainParams block replacing the string contents in the line

Set the date in CMainParams
Going down a little more, change the line in the CMainParams block that sets genesis.nTime so that it sets it to the same Unix epoch date you got using the ‘date’ command above. Repeat that edit in the CTestNetParams block.

Delete Bitcoin's seed nodes
Skipping down past the hashGenesisBlock stuff, you’ll see a series of lines that set values for a list named vSeeds. These are network addresses where long-lived Bitcoin nodes are supposed to be found, so that people can always connect to the Bitcoin network. Which, as you’re establishing now, is not your network. Until you put up servers to do that for your new network, replace these lines (in both CMainParams and CTestNetParams) with the simple statements:

Change the Key prefixes
Moving on down, we get to a block of statements that set values in an array of lists named base58Prefixes. These are prefix bytes that are added to the keys. By setting them to different values, you can assure that keys for coins on Newcoin’s network will never be valid Bitcoin keys and vice versa. To a certain extent, setting these numbers also determines what characters the base58 form of the keys that users see starts with. The chances of a random collision in keys are ridiculous, but “chances” and “random” are quaint old-fashioned ideas here; you’re working on code that somebody is going to deliberately attack. So change the values. You can use echo $RANDOM at the command line again if you want. If you care about what initial characters your choices will result in for the base58 form of the keys, consult the list at the Bitcoin wiki. There is one important constraint here: none of the lists can be identical, because the clients look at the initial bytes to figure out what kind of key they’re dealing with. Also, don’t change the length of any list until you’ve read the code enough to know everything that will affect.

PUBKEY_ADDRESS is the value prefixed to public keys – these are the public half of the pubkey/private key pair that represents a txOut and the ability to spend it. SECRET_KEY, predictably, are the prefixes for the private half of the pair. SCRIPT_ADDRESS is affixed to addresses that are the hashes of scripts; looking for the difference between the initial bytes is how the client knows which of the two “default” spend scripts to apply. Finally, EXT_PUBLIC_KEY and EXT_SECRET_KEY are four-byte prefixes for the so-called “stealth addresses” that got introduced in Bitcoin version 0.9, which allow fun things like addresses that can be used to generate new keys that can receive payments but not spend them. Aaaanyway, it doesn’t matter what you change them to, it just matters that they don’t match anything they might ever be confused with, like Bitcoin keys – or each other. So give them new values in CMainParams, CTestNetParams, and CRegTestParams.

Add code to mine a genesis block
Finally, we’re just about ready to mine a Genesis block. But the code to actually mine a Genesis block hasn’t been in Bitcoin for a long time; that block is already mined. Its parameters are there to check against, but there’s no code to establish what some of them ought to be. You need to fix that. So in the CMainParams initializer, right after
and before
paste this code:
Use the same code in the CTestNetParams initializer, except change ‘mainnet’ into ‘testnet.’ Likewise the CRegTestParams initializer, except change ‘mainnet’ into ‘regtest’.

Now build again. This time you have already done all the autoconf stuff, so you just need to type
and you only changed one file, which isn’t included anywhere else. So it should be built in a few seconds.

Mine the genesis block and insert the new values
Got all that? Now run newcoin-qt.

It will throw up a dialog box asking where to install. Let it have the default it wants, which will be a new subdirectory of your home directory named ~/.newcoin.

Then Nothing will happen.  For twenty minutes to an hour, usually.  Maybe more than an hour, depending on dumb luck and the speed of your computer.  If your computer’s slow, this may be a good time to go get a sandwich.

Here's what's actually happening.  It set the nonce, hashed the genesis block, noticed it didn’t match 0x01, and is now living in that tight little empty for loop, incrementing the hash, hashing the block, and checking to see whether the new hash is low enough to meet proof-of-work requirements.

After a while, it will die. Meaning, it found a nonce that gave the genesis block a hash low enough to pass proof-of-work, got out of the for loop, logged the new hash and nonce and the Merkle tree value, and then hit the assert that still insists on the hash value being Bitcoin’s genesis block hash value. So you want to see the new values. Type
and you’ll see the last few lines of logfile output.
Now you have a nonce and a hash and a Merkle root so go change the necessary lines in the CMainNet initializer.

In the code you pasted in, you initialized hashGenesisBlock to uint256("0x01").  Change that to your new genesis hash.

Right above the code you pasted in, you’ll see a line that sets a value for genesis.nNonce. Change it to your new nonce value.

Right below the code you pasted in, you’ll find assert() statements that check the value of the Merkle root and the hash. Change those to your new Merkle root and Hash values.

Near the top of the file, there’s your mapCheckpoints list, claiming that the hash of the genesis block is 0×01. Change that to your new hash value.

Mine the Testnet and Regtest genesis blocks
Once you’ve made these edits, recompile and run it again. The same thing will happen all over, but this time for testnet. And you change the same things in the CTestNetParams initializer (and the testnet checkpoints) that you changed for CMainParams.

Recompile and run it again, and it will trip on the regtest values. So you change the same things in the CRegTestParams initializer.

STOP mining genesis blocks
Okay? Now you have mined your genesis block. Now, in the code you pasted in, see where the stupid-looking if condition checks for
?
Change those three ‘true’s to ‘false’s. The purpose of this ‘true/false’ business is to make it easy for you to switch back and forth from mining genesis blocks to not mining genesis blocks. You’ll need to mine a new genesis block right before launch, and may need several more during testing and development depending on whether you do anything that changes the block headers or initial coinbase transaction. But in the client you actually test and release, you don’t want genesis block mining turned on. If it sees a wrong genesis block in its folder, you want it to bomb out immediately, not sit there chewing and trying to create a new one.

Whenever you need to mine new genesis blocks because you changed something that invalidated the old one during development, you can come back to chainparams.cpp, update the date parameter and timestamp string, make the three true/false edits, recompile, do
so it doesn’t see the (now) wrong former genesis block in the data there, and mine new genesis blocks.

What you've got

At this point you have created a complete, and completely simple, clone of Bitcoin version 0.10. If this is all you’re doing, then it’s been a nice learning experience but don’t launch this coin. Unless doing something new, there is no point.

Problems you still need to fix

This thing you have created cannot possibly survive as an altcoin; Aside from having no network seeds of its own, its difficulty adjustment algorithm will not respond quickly enough to prevent your block chain from getting instamined, and then stuck. Mining whales will scoop up two weeks of coins while processing almost no transactions, in less than an hour while your block chain is profitable, then when the difficulty adjustment for that two weeks hits they’ll leave your chain with an impossibly high difficulty and go on to something else. You won’t get a block for days and nobody will be able to use your alt to make any kind of transaction because of it. The result is a block chain that can handle transactions for maybe two hours out of every year, which is useless to everyone.

So the next thing you need to do is go fix that. And when you’ve fixed it, your new alt still won’t be capable of surviving; everybody has fixes for the difficulty problem that a cloned coin creates. Once again, you either have a new idea and the ability to develop and support it, or you don’t have anything that’s worthwhile to launch. What I have shown you here are the first three steps on a long road.

I’ll talk about one way to fix the difficulty in the next installment.

512 32-bit shifts for SHA256, 1024 for SHA256D. 8 per round.

But on an ASIC, Bit shifts are not logic operations.  Not even gates. They're just circuit traces that go at an angle instead of directly straight into the next array of gates.

And yes, SHA256D is SHA256D(oubled). 

Think about this:  Not only have Satoshi's coins not been sold or spent; Satoshi's coins haven't even moved.

Except for a 10BTC test transaction he spent to Hal in 2009, and maybe one or two coinbases that nobody noticed or tracked down to him, they are all still sitting there untouched in his mined coinbase txOuts. I have a list of over 5000 of his coinbase addresses, and they have not budged.  He hasn't consolidated coins in one wallet, he hasn't tumbled coins, he hasn't bought anything from overstock.com or anywhere else.

We're talking here about someone who could cause deep unrest, perhaps bordering on panic, just by generating a new address and sending 50BTC from one of his old addresses to it.  I can name dozens of places that would light up like Christmas trees if even one of his known addresses moved; hell, my own computer would light up like a Catharine wheel.  I'd have a text message within fifteen seconds of a transaction spending one of those addresses hitting the Bitcoin network, and that message hasn't been sent even once in the months since I set up the script. 

No. 

BIP65's OP_CHECKLOCKTIMEVERIFY is about a script instruction to create a transaction whose outputs are unspendable until some particular block (or time).  nLockTime is a transaction that cannot be put into the block chain in the first place until some particular block (or time).  Both of these are of the "not yet" variety rather than the "not any more" variety.

You are looking for nLastTime, which I have been assured will never be accepted into Bitcoin core because people don't want to deal with legitimate transactions (ie, not depending on a deliberate double spend) becoming undone in the event of a reorg. 

The issue is that if Alice pays Bob with a transaction with an nLastTime set for block n, and Bob gets into into block n-1 and immediately spends the output to Carol and David, and then there's a reorg back to block n-1 - except this time Alice's transaction to Bob doesn't get into block n-1, because the miner in the reorg didn't pick it up.  Alice and Bob know what's going on, because they made that transaction and the nLastTime was their choice.  But Carol and David have done nothing wrong, and their money from Bob just disappeared.  They had valid transactions, those transactions haven't changed at all, and they can't get into the new block chain.  The effect against them is the same as though Bob had gotten away with a double spend.  Bob is out nothing, because the payment he wound up not making to Carol and David is the same money he didn't get from Alice.  Alice is looking at an nLastTime order that Bob didn't exercise before time ran out, so she doesn't see anything wrong.  But Carol and David got screwed over, especially if Bob now has merchandise from them.

It occurs to me that with an OP_CHECKLOCKTIMEVERIFY to make sure that nobody spends the output of an nLastTime transaction until it's at least a dozen blocks deep in the block chain, much of the problem with nLastTime goes away.  So maybe you can consider OP_CHECKLOCKTIMEVERIFY as something that isn't yet what you want, but makes it possible to add what you want without causing horrible problems.

I haven't heard of this happening, so this is just wild guessing... 

First, have you gone to blockchain.io to see if you have the most recent block and your client believes it's 3 hours behind for some different reason? 

If that's the case, check to see if your computer is set to use GMT internally, or if the system clock is set to your local timezone.  Or, for that matter, whether your system clock is set just plain wrong.

SHA256 is sixty-four rounds comprising

384 32-bit additions (6 per round)
320 32-bit ORs (5 per round)
448 32-bit XORs (7 per round)

And a bunch of bit shifts, but bit shifts are free on an ASIC.  

SHA256D, which is what Bitcoin uses, is 128 rounds, comprising

768 additions,
640 ORs
896 XORs

And a bunch of bit shifts but bit shifts are free on an ASIC.

SHA256D is an interesting choice, actually; usually you don't see it except in a context where someone is worried about an extension attack - which doesn't really apply to the way Bitcoin uses it.

I'm looking at the 'bitcoin_0.10(1).tar.gz' sources downloaded today.  I think the confusion is because I misreported the capitalization.  Correcting that below:  

grep bitcion src/qt/locale/* will pop up two occurrences in the file bitcoin_ar.ts.

grep Bitconi src/qt/locale/* will pop up one occurrence in the file bitcoin_et.ts

grep Bitcon src/qt/locale/* will pop up the occurrence  in bitcoin_da.ts as well as repeating the one about 'Bitconi' above.

grep Bitcon doc/release-notes/* will pop up the occurrence in release-notes-0.6.3.md.

The string 'bitconi' appears once in src/qt/locale/bitcoin_et.ts.

Similarly, the string 'bitcion' which appears twice in src/qt/locale/bitcoin_ar.ts.

A search on DuckDuckGo does not reveal these strings occurring elsewhere in Arabic or whatever-the-other-language-is, so I believe they are more likely to be misspellings than correct inflections.  But I do not know these languages to be sure.

Can we consult someone who actually speaks those languages for confirmation?

On a more certain note, we have 'Bitcon' appearing in English in doc/release-notes-0.6.3.md and 'bitcon' in Dutch in src/qt/locale/bitcoin_da.ts.  These latter two cases I am absolutely certain are misspellings.

Huh.  So people are doing exactly that.  I think I'm going to stick with my initial assessment and call it a bad idea.  Handy, but now the dev can screw everybody over. 

You know what a "trusted" entity is, don't you?  It means one that can wreck your security. 


People know the genesis block output of bitcoin is unspendable, but they still send bits to that address - sort of like a religious observance or a symbolic act.  So yes, people make offerings to the Spirit of Satoshi.  Here, go look:

https://blockchain.info/address/1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa

And I seem to recall several altcoin developers who mentioned that they were leaving their genesis blocks unspendable, for the same reason - to give an acknowledgement of sorts. 


Hum.  You know what, I probably should.  It would be a good series of blog articles for the cryptocurrency-101 thing.

Probably too expensive for execution of criminals in general, but I like the idea of dropping them out of a high-altitude airplane over the middle of the ocean. 

Death, when it comes, is quick, clean, humane, and completely painless.   Terminal impact on the water literally happens too fast to feel physical sensation before the brain is destroyed.  But the condemned would have a couple of exciting minutes on the way down, to spend either screaming in terror or making peace with God, as he prefers.

As far as the code is concerned, there is no such thing as a checkpoint key.  The so-called checkpoint key, as far as I know, is just the signing key that allows people to check diffs into the Github repository.  So that is just a hosting issue.  A new checkpoint is just a one-line addition to the source code, not something that the program auto-updates in response to a signed message that it has to know a key for.  Allowing a signed message to automagically add a checkpoint to running clients is interesting - and a fairly straightforward hack - but is probably a bad idea.

With that mechanism the dev could send out a new checkpoint at any time.  The good news is that it would be a way to resolve forks or "unstick" a stuck block chain by checkpointing one of the competing branches or the last orphan block prior to whatever it got stuck on.  The bad news is that it would give the dev power to undo any transaction on demand by rolling back the block chain.  All he'd have to do would be mine one block based on the block before the tx he wants to undo, with a tx spending at least one of its inputs. Then publish the "new" block and checkpoint it.  Suddenly the block chain containing the other tx, even if now many blocks longer, is invalid.  Poof, the dev has the power to double spend.  And if he undoes a bunch of blocks this way, everybody else who's spent something they want to "unspend" would get at least a chance to do the same.

You do have a point about the alert key though - and unless you want to gift your coinbase txOut to the "Spirit of Satoshi" you'll want to generate a coinbase txOut key as well.  


will drop a public/private keypair in the file key.pem.  

The public key in that file is in hex format, with a semicolon between bytes.  Strip the semicolons and linefeeds out of it, and you can paste it directly in as the vAlertPubKey (still in chainparams.cpp).  That makes the private key of the pair the one you need to sign alerts to send out to the whole network.  So save that private key somewhere you won't lose it.  

Next the coinbase key.  

You can repeat the command line above to generate another key pair, then strip the semicolons and linefeeds out of THAT public key, go to the initializer for CMainParams and replace the key in the "txNew.vOut[0].scriptPubKey with the hexadecimal string for the new public key.  

Then the corresponding private key would be the one you need to spend the coinbase transaaction.  The coinbase transaction won't appear in any wallet by default, because no wallets exist yet at the time the transaction gets created.  So if you ever want to spend the coinbase, you have to keep that private key.  Convert it into base58check format, and you'll have a key you can later import into your wallet.

Converting into base58check is annoying, but do-able.  Rather than explain it, I'm going to point at https://en.bitcoin.it/wiki/Base58Check_encoding.  Keep in mind that your keys use a different version byte than the Bitcoin keys though.

That means you changed the coinbase transaction though, so you'll have changed the Merkle root of the genesis block, so your hashes (for mainnet and testnet) won't be valid any more.  

To fix this, you'll need to do


Then mine the genesis blocks again.  


Man, this is getting to be more than twelve steps, isn't it?  Maybe I'll need to do a full-on guide.

I'm sick of people thinking religion is even an important question.

It doesn't fucking matter what religion someone is.  It doesn't even matter whether they find justification for what they're doing in religion.  What matters is what they do.

I would count it as real progress in the world if we didn't even know how many muslims, how many christians, how many atheists, etc, because everybody understood that the question was too darn trivial to even bother asking.