A large reputable member threshold multisig operating as functionaries for a Bitcoin-pegged
deterministic replicated state machine sidechain with as-compatible-as-possible-with-mainchain
semantics is probably more reliable and secure that most alternative chains.
Large: The number of functionaries should be large enough to ensure geographic,
jurisdictional, and administrative distribution.
Reputable members: Functionaries should be chosen who would suffer a reputational loss
in the case of poor performance.
Threshold multisig: A M-of-N multisig. M should be at least ⌊N/2+1⌋, to reduce the
chance of equivocation.
Deterministic, functionaries: Discretion is unpredictable and morally hazardous. The
semantics enforced by the functionaries should be deterministic and predictable, not
discretionary. Semantics should never change, and if they must, changes should be announced
long enough in advance to make exit practical.
Bitcoin-pegged: If the currency of the sidechain isn't bitcoin, users of the sidechain
cannot meaningfully exit. Ability to exit incentives the functionaries to be good stewards
of the sidechain.
Replicated state machine: The state of all functionaries should be the same, and it
should be able to recreate and run ones own copy of the state machine.
Sidechain: Functionaries should publish a sequence of block headers where each block
header includes the hash of the current state, as well as the hash of the previous state.
Previous states should also be made available by functionaries, in order to make the system
As-compatible-as-possible-with-mainchain semantics: The ability of users to exit should
be maximized, and making the semantics of the sidechain as close as possible to those of
the mainchain maximizes the ability to exit, by allowing users to destroy atomically
destroy assets on the sidechain in exchange for mainchain assets which mimic the properties
of the atomically destroyed assets.
Probably more reliable and secure than most alternative chains: Alternative chains
suffer from many issues. Proof-of-work suffer from a large global pool of potential
hashrate that can attack. Proof-of-stake chains suffer from byzantine consensus mechanisms
of ever increasing complexity which must operate in a fully adversarial environment, and
have economics which allow and incentivize centralization. A multisig chain operates with a
far simpler and more understandable security model: the functionaries periodically agree on
a new set of transactions, run the transactions on the old state to produce the new state,
and sign and publish the result. Such a system should be more reliable, predictable, and
And not only that, if the functionaries are chosen carefully, such that there is a huge
number of them, perhaps greater than 50, and they are all reputable entities, they should
be both incentivized to run the chain properly, and with limited latitude for malicious
There are a lot of things that I wish would happen, but don't have the time to actually do
myself. I complain about such things all the time to basically anyone who will listen. Such
efforts are all well and good, and sometimes actually pay off, but additionally, I'd like to
materially support people who might actually do these things.
This post, which I'll try to keep up-to-date, if I remember, documents the projects which I
wish some talented go-getter would take on, and in which I would invest money in if given the
If you are one of these aforementioned go-getters, email
Email-based messaging: The only reason we use anything but email to communicate is
because email is missing features that could easily be added. Deliver us from
multi-messaging app hell!
RSS-based social networking: RSS could easily serve as the basis for standards-based
social networking, and would be useful even without taking a significant market share.
Bitcoin-based NFTs: NFTs are getting lots of creative people both excited and paid. Let
them suckle at mama Bitcoin's sweet and bountiful bosem instead of Ethereum's shrivled,
insecure, bitter, centralized tit. This can't be done on the Bitcoin L1, so should be
pursued as an L2. The key here is figuring out how to avoid needing a new token.
Bitcoin-based smart contracts: Much like the NFT item above. Let the degens feast at the
Bitcoin board, not at the Ethereum kiddy table. Must avoid needing a new token. The best
path forward is to fork Liquid, add smart contract functionality to Elements, and run it as
Self-hosted block game: There should be a Minecraft-like game that can be programmed and
modded from within the game.
Good evening list,
This mail is inspired by Chia's coin IDs. Chia coin IDs consist of:
sha256(parent id, sha256(scriptpubkey), amount)
One consequence of this is that outputs in Chia have a dedicated textual ID. This seems
beneficial, separate from any larger technical consequences, and made me wonder if we couldn't
replicate that in Bitcoin.
Outputs, a.k.a. outpoints, are commonly represented as
TXID:INDEX. For example,
the first output of transaction
c7dd35a4f81977feac0d235d0e77265cacd362bfc2f0246e384a80d3b0a53a9b is represented as
I find this representation unsatisfying:
- It places outpoints hierarchically beneath transactions, even though after a transaction
is confirmed, the outpoint is relatively independent.
- It can't be double-clicked to be easily copied.
- It isn't popular or widely used. I tried using it in searches in a few block
explorers, and none of them support it, even though they do support direct searches by
transaction ID, block hash, and block height.
I propose a dedicated representation of outputs using Bech32m. Bech32m is especially
legible, due to its human-readable part, and is compact, and easy to type and verify. Although
having error correction doesn't seem absolutely necessary, it doesn't seem like a downside. The
representation uses "coin" as the human-readable part, with the payload being the transaction
ID, followed by the 4 byte index.
Anacdotally, I find that many non-expert users I talk to think and talk about Bitcoin as if
it were an account-based system, and tend to think in terms of transactions. I wonder if having
coin IDs, in the form I propose or in some other form, would help remedy this, similar to how
transaction ids, block hashes, and addresses help reify those concepts. The particulars of the
representation are of secondary importance.
 blockstream.info, blockchain.com, mempool.space, blockcypher.com, and blockchair.com
Federated blind mints have attractive privacy, scaling, and security properties that are
highly complementary to those of Bitcoin and the Lightning Network.
I originally became interested in blind mints while thinking about Lightning Network wallet
usability issues. When Lightning works, it is fantastic, but keeping a node running and
managing a wallet present a number of challenges, such as channel unavailability due to force
closes, the unpredictability of the on-chain fee environment, the complexity of channel backup,
and the involved and often subtle need to manage liquidity.
All of these problems are tractable for a skilled node operator, but may not be
soluble in the context of self-hosted wallets operated by non-technical users, hereafter
normies. If this is the case, then normies may have no choice but to use hosted
Lightning wallets, compromising their privacy and exposing them to custodial risk.
Chaumian mints, also known as Chaumian banks, or blind mints, offer a compelling solution to
these problems, particularly when operation is federated. Chaumian mints, through the use of
blind signatures, have extremely
appealing privacy properties. The mint operators do not know the number of users, their
identities, account balances, or transaction histories. Additionally, mint transactions are
cheap and can be performed at unlimited scale.
Mint implementations, typified by eCash,
have hitherto been centralized, and thus, like all centralized, custodial services, expose
users to custodial risk in the form of operator absquatulation and mismanagement. To fix this,
mint operation can be federated, with all operations performed by a quorum of nodes controlled
by different parties.
Despite these interesting properties, Chaumian mints have largely been forgotten. This
post gives an excellent overview of the
phenomenon. I believe that Chaumian mints are currently severely underrated in general, and in
particular deserve consideration as a potential avenue for improving custodial Lightning
Compared to a naïve hosted Lightning Network wallet, a service operated as a federated
Chaumian mint offers excellent privacy, usability, security, and scaling.
Privacy: Privacy leaks from a Lightning mint come in two forms,
internal and external, when a mint operator or an outside actor,
respectively, observes sensitive information.
Blind signatures protect against internal privacy leaks, making them a strict improvement in
that respect over custodial Lightning wallets.
When compared to a single-user Lightning network wallet, Lightning mints also protect
against external privacy leaks. If the activity of a single-user Lightning Network wallet can
be observed, which is possible but non-trivial, all such activity is preemptively that of the
owner of the wallet. However, similar to a standard custodial Lightning Network wallet, any
observable Lightning Network activity of a Lightning mint is the aggregate activity of its
users, who thus form an anonymity set. If the number of users, and thus the anonymity set size,
is large, external privacy leaks are also prevented.
Usability: Compared to a self-managed Lightning Network wallet, and similar
to a standard custodial Lightning Network wallet, Lightning mint wallets offer superior
usability. A user need not be concerned with the details of node operation or channel
management, and can deposit to and withdraw from their account with standard Lightning Network
Security: The security of a Lightning mint is weaker than that of a
self-hosted wallet. A quorum of federation members can abscond with funds. However, compared to
a standard custodial Lightning Network wallet, security is greatly improved. Additionally,
federation members might be located in different jurisdictions, making the mint robust to
regulatory interference. Furthermore, members might be entities with online reputations, such
as anonymous Bitcoin Twitter users with an established history of productive shitposting,
providing further assurances against mismanagement and fraud.
Scaling: Mint operations are extremely lightweight, similar to Lightning
Network transactions, so scaling properties are similar to the Lightning Network itself.
Additionally, users need not manage their own channels, so a well-capitalized federation can
open channels efficiently, lowering the per-transaction channel management overhead.
Interoperability and market dynamics: Additionally, my hope is that such
systems will be developed with a standardized protocol for communication between wallet
interfaces and mint backends. This would allow users to use different backends with the same
local wallet interface, encouraging competition in the market.
For more discussion of Chaumian mints and their applicability to Bitcoin, see fedimint.org. Elsirion, the author, is also at work on MiniMint, a
federated Chaumian mint with Bitcoin and eventually Lightning Network support.
To close with a bit of speculation, I believe that Chaumian mints were never of particular
interest or importance because they were limited to interoperating with the fiat currencies of
the time. With the ascendance of Bitcoin, mints now have access to a powerful, decentralized,
and uncensorable currency , made economical and fast by the Lightning Network.
I believe this layering of Chaumian mints on top of Bitcoin and the Lightning Network will,
in the fullness of time, be demonstrated to be enormously powerful, and make Chaumian mints
themselves worthy of renewed study and consideration.
Bitcoin will greatly reduce the power of the state, which rests entirely on its capacity for
violence. This capacity is maintained by paying and equipping people to commit violence on its
behalf, and it acquires the resources to do so by printing money, collecting taxes, and issuing
BTC chart lookin' spicy 👀👀👀
A Kademlia-inspired modification of
Dandelion for use in Grin.
We all stood, gathered our things, walked down the cafe stairs and out to the dark and
bustling Berlin street.
After a few goodbyes and handshakes, everyone headed off in different directions, for
The meeting had felt momentous to me, a marker of strange and interesting times to come. I
headed to the U-Bahn, alone.
Lighting Network payment channels could be established between users and exchanges to
speed the transfer of funds.
This would be a huge boon, moving many on-chain deposit and withdrawal transactions
off-chain, but is possibly only the beginning.
Since Lightning Network payments can span different blockchains, an exchange could use a
cross-chain Lightning node to expose its internal order book to external entities.
IOTA is a cryptocurrency targeting the internet of things. It purports to be scalable,
decentralized, and feeless. Unfortunately it is none of those things.
In this article I attempt to summarize the numerous technical, social, and ethical
problems surrounding the IOTA project, The IOTA Foundation, and the IOTA developers.
Investing in cryptocurrencies is not the same as buying simple equity in a company.
Although each company has a different business model, they and the equity they issue are
largely structurally homogeneous. They hold their monies in banks, pay for their expenses with
wire transfers and cheques, follow prescribed rules of accounting, and issue stock that
operates according to well understood rules. This is not to say that said practices are good or
bad. They are simply a known factor.
Cryptocurrencies and tokens, however, are structurally heterogeneous. They have different
codebases, modes of operation, levels of complexity, and security models. Although broadly
lumped into the same category, they can, by the nature of these differences, have almost
nothing in common.
Investing in one is like buying stock in a company with novel business models, banking
practices, and accounting methods, and furthermore whose stock is issued under a bespoke scheme
and follows unique trading rules.
Accordingly, a much, much greater level of care is required when making such investments. If
any one of these novel mechanisms fail, your investment may go up in billowing smoke and flames
This is not to say that you should completely avoid cryptocurrencies and tokens, just, you
know, do your homework.