
Blockchain Demo [video] - spaceboy
https://anders.com/blockchain/
======
mthoms
This is extraordinarily well done and begs to be shared widely.

Once blockchain tech is understood by the masses, the sky (moon?) is truly the
limit. As this video demonstrates, it's not actually that complicated.

It could be made better (perhaps) by clearly establishing at the begining what
problem the blockchain attempts to solve. Otherwise, this is a phenominal
"blockchain for idiots" introduction that even your grandmother would
understand. That's not easy.

~~~
grey-area
_This is extraordinarily well done and begs to be shared widely._

Agreed, this is a wonderful demonstration of the interesting principles behind
the idea of a blockchain (or a distributed merkle tree). Definitely worth
playing with for anyone interested in this, and the video is a nice overview
as well.

As far as the moon being the limit, unfortunately we still inhabit the
corrupted sublunary sphere, and blockchain technology (at least as implemented
in Bitcoin) has some limitations which make it unsuitable as a currency or log
of transactions between untrusted parties. On your last point, I'm not really
sure people know what problems blockchain solves, because there are no
problems which directly map to this solution, and there are plenty of problems
it half-solves.

Problems it purports to solve but fails at:

Anonymity - good enough to protect criminals, not good enough to protect
citizens against a state

Trustless consensus - 51% attack makes this unreliable, esp. with semi-
anonymous actors

Trustless transactions - POW as in bitcoin makes this impractical due to
energy use and delays

People _want_ centralised trust in many cases for verified identity,
transaction rollback, legal constraints on transactions, so in an important
sense it is solving the wrong problems (pseudo-anonymity, fungible cash, sort-
of trustless consensus) while leaving important problems untouched.

Still, the video and website are an excellent demonstration of the ideas
behind a blockchain or Bitcoin.

~~~
c0achmcguirk
_Anonymity - good enough to protect criminals, not good enough to protect
citizens against a state_

If you really want anonymity, bitcoin isn't the only blockchain technology you
have. I know you were focusing on bitcoin in your answer, but I feel the need
to expand here because blockchain != bitcoin.

 _Trustless consensus - 51% attack makes this unreliable, esp. with semi-
anonymous actors_

51% attack is overblown. The bitcoin miners self-police and are switching
pools as they get close to 50%. And the worst thing that could happen with a
51% is a double-spend. Big whoop.

 _Trustless transactions - POW as in bitcoin makes this impractical due to
energy use and delays_

I don't follow you here. Sometimes the block size limit delays a transaction
for a bit, but you still get trustless transactions. The bitcoin community is
working to address this problem and I am confident this problem will be
solved.

~~~
ajnin
> _And the worst thing that could happen with a 51% is a double-spend._

Maybe I misunderstood something, but couldn't someone with 51% of the power
rewrite a block at any point in time in the past, and change history ? Or even
write bogus transactions to the blockchain ? This would seem much more serious
than double-spend, which in itself is already unacceptable for a monetary
transaction system, and not to be brushed off so casually.

~~~
c0achmcguirk
_but couldn 't someone with 51% of the power rewrite a block at any point in
time in the past, and change history._

In order to change history your miners would need to solve blocks much faster
than the rest of the network consistently for multiple blocks. Then all the
nodes on the bitcoin network would accept the false fork because it was
longer.

 _Or even write bogus transactions to the blockchain ? This would seem much
more serious than double-spend_

You can't write a transaction without knowing the private key of the address
you're transferring from. This is true whether there's a 51% attack or not. So
you can't just write any old transaction to the blockchain. The rest of the
network would reject the block with bad transactions in it.

The big problem is buying something with bitcoin and receiving the purchased
good--this transaction goes in Fork A. Then the attacker would start the 51%
attack and create another fork--Fork B--which competes with Fork A. In Fork B
the attack writes another transaction in which she sends the coins back to a
wallet she controls.

Then the attacker must continue to solve blocks at a faster rate than the rest
of the network is solving it....AND before the rest of the bitcoin network
notices what is going on. This is no small feat.

 _and not to be brushed off so casually_

It's not brushed off casually. The 51% attack is brought up a lot in the
cryptocurrency community. But it really isn't feasible on closer examination.

In bitcoin it hasn't been a big deal because everyone is aware of the
potential and self-polices.

------
starik36
Pretty cool. This is the first time I looked at the blockchain and his
explanation was immediately understandable.

Having said that, he mentioned that everyone has a copy of the blockchain. So,
is that really true? Wouldn't "everyone" be overwhelmed by the number of
blocks?

Is there a specific example where blockchain is used, other than bitcoin?

~~~
antocv
Not everyone, just people who like to run a full node, the others run "light
clients" or other variants of light clients, like Electrum, but eventually, if
nobody run full nodes it wouldnt work at all.

The bitcoin database size is more than 100GB now in 2017.

Blockchain is used by all altcoins and Namecoin for distributed DNS like
system.

~~~
moxious
What's the rate of growth on the size of the block chain? How big would it be
for example after 5 years if 1/100th of economic activity was in BTC?

~~~
antocv
The rate of growth depends on the amount and size of each transaction people
are doing on it. There are methods of pruning or discarding spent
transactions, but someone somewhere would have to keep it all.

The amount of transactions people are willing to do depends on the value each
does, so some people think if bitcoin transactions are almost free some other
people would "spam" the network with their "worthless" transactions, thus
increasing/growing the size needlessly. So these people claim high fees should
ensure only really valuable transactions happen on the network, and not for
buying coffe/payment-processing.

So your other question, astronomical, completely otterly astronomical.

Which is why people invent [https://byteball.org](https://byteball.org) and
others to solve these problems.

~~~
reddytowns
Why would someone need to keep the all? I would think that only the hash would
be needed for blocks without UTXO's

~~~
RationPhantoms
That actually brings up the idea of sharding which is to assign a node a
specific set of transactions and discard the rest. This allows us not to all
need an entire record of the blockchain but implementing that into Bitcoin
isn't exactly the easiest.

~~~
Taek
There's no method for sharding the blockchain today which is considered
secure, but it is an active area of research.

------
Xophmeister
Maybe this is off-topic, as Bitcoin is an implementation of a blockchain, but
I'm interested in how the reward and consensus system works.

This video implies that, while expensive, it's not _that_ expensive to
calculate a correct nonce. Why, therefore, is mining now only viable to huge
ASIC farms? My presumption is that it must be to do to with either speed
(i.e., the farms get there first), or influence (i.e., the farms have more
peers, so can sway the vote in their favour).

~~~
Taek
With Bitcoin today, instead of needing 4 leading zeroes you need something
like 17 leading zeroes (in hex, or ~1 in 2^68 chance of finding a block).

Every 2016 blocks, the difficulty adjusts. This is supposed to take 20,160
minutes, but if the timestamps indicate that it took less than that, the
difficulty will increase, requiring more leading zeroes. If it takes more time
than 20,160 minutes, the difficulty will decrease, essentially requiring less
leading zeroes.

Also worth pointing out that the hash can be evaluated as an integer. Instead
of requiring an exact number of leading zeroes, you require the hash to have
an integer representation than is lower than a certain value.

There's actually a lot of work that has gone into Bitcoin to make sure that
having higher hashrate and higher influence does not make it more likely so
that you can find a block. Ideally, if you have 0.01% of the hashrate, you
have a 0.01% chance of finding each block, and if you have 33% hashrate, you
have a 33% chance of finding each block. In reality, Bitcoin is not quite this
perfect, but it's pretty close. The 33% hashrate miner may have a 34% or 35%
of actually finding each block.

~~~
sneak
This, in my opinion, is one of the true core innovations in bitcoin: the
negative feedback of collective hashpower causing the block target to shift.

It's absolutely brilliant. Blocks come at approximately 10 minute intervals
whether it's just two people cpu mining in their basement or a global network
of ASIC farms consuming megawatts.

It's certainly been fun to watch. When I started mining on the very first
publicly released GPU miner, my ~$500USD ATI PCI GPU yielded a block (each
with a 50 bitcoin reward) every hour or two. I was mining somewhere around 10%
of all the blocks in the chain.

Now, doing that very nearly requires owning a hydroelectric dam.

------
mckoss
Nice job.

Nit - it would be nice not to use the term "signed" for a block that has a
sufficiently small hash. The term "valid" is more commonly used for this
attribute of a block, and less confusing with signed transactions.

------
zutronics
I saw Anders give this overview live at a Hubweek presentation at the Boston
Fed a few months back. Excellent overview. Not sure if he's still working at
Circle, but their recent pivot away from Bitcoin is a bummer - but I'm told
they're still utilizing the Blockchain as an underlying technology for their
systems.

~~~
anders94
Thanks for the comment - I am still with Circle, and indeed we still use the
bitcoin blockchain behind the scenes. We're also working on a smart contract
platform called Spark. More to come on that in a bit.

------
baby
Wait what is the coinbase thing?

EDIT: Oh, that's when you successfully mine a block. I'm guessing they chose
the name "Coinbase" instead of "reward" to promote Coinbase.

~~~
wcoenen
"coinbase" is a term from the bitcoin source code[1]. The company came later.

[1]
[https://github.com/bitcoin/bitcoin/blob/master/src/coins.cpp](https://github.com/bitcoin/bitcoin/blob/master/src/coins.cpp)

------
avenoir
I'm more than sure I misunderstand something. Is the purpose of mining to
introduce cost to recalculating a chain? So basically if someone changes a
block in the chain mining makes it impractical to extend the change upstream?
If so how did this impact the security of blockchains in the early days when
mining complexity was very low and attainable on a single CPU.

By the way, amazing find. Immensely thankful to the OP for sharing.

~~~
arglebarnacle
So in a blockchain, it's straightforward to verify whether a block contains
only valid transactions or not (in the sense of an address only being allowed
to spend coins it really has for example). Any node running the reference
implementation will reject any block that is invalid regardless of mining.

The issue with one actor controlling over 50% of mining power is that they can
spend their money, then go back in time to before the spend to create an
alternative chain. Since they control the majority of hashpower, their
alternative chain catches up and ultimately becomes the reference chain in the
view of the nodes in the peer to peer network. The bad actor is then free to
spend the coins from their original transaction again, despite presumably
having already received the goods or services from the original transaction.

The real innovation of the blockchain is that it solves the Byzantine Generals
problem in the case where less than 50% of the hashpower in the network
belongs to coordinating bad actors. In the absence of that level of
centralization and collusion, you can be sure that nobody is cheating.

------
blinry
I'd like to start a Reddit community around interactive explanations like this
– wanna join?
[https://www.reddit.com/r/explorables/](https://www.reddit.com/r/explorables/)

~~~
Curious42
Yes please.

------
nul_byte
So I guess where he talks about the consensus of the peers 11.10seconds, this
is a good way to understand a 51% attack?

~~~
baby
Yup, this is it.

What I'm wondering is how many blockchains are you verifying as a peer. When
you download the blockchain software, you start verifying the entire
blockchain, do you keep getting blockchain hashes from other peers and keep
comparing them to see what's the consensus?

~~~
Natanael_L
You ask for blocks from everybody, starting with the genesis block (block #1).

You verify that they're all valid, and the blockchain with the greatest
accumulated difficulty (correlated with chain length) is assumed to be the
valid one used by the whole network.

Whenever you get new blocks you first verify validity, and then you check if
they make up for a conflicting blockchain longer than yours (if so, you
switch), shorter than yours (ignore), or if it extends the blockchain you have
(then you add them).

Number of peers don't matter in Bitcoin.

~~~
baby
OK. So you get an arbitrary number of blockchains, you check which one is the
longest, it wins. Doesn't matter if you have 50 against 1 that are shorter and
on a different path?

~~~
Natanael_L
Only one thing matters - a validly formed blockchain with a total accumulated
proof of work greater than that of any other individual chain.

This typically also means that the longest individual blockchain wins.

------
fidz
Great explanation. Thank you very much. However, it raises question for me:

\- So "Hash" it combination of Block Number, Nonce, and the Data? \- If
"mining" means computing the Nonce, what is the actual data to be hashed? \-
For Coinbase case, is it the data is the miner's Coinbase Account? So that if
mining successful, the miner will get the "money"? If so, how do the first
miner advertise the result so that the other peer can trust that the first
miner actually get the money?

~~~
Canada
It's an expression containing a public key controlled by the miner.

The way you give value to someone else is by saying, "whoever can make this
expression evaluate true can move the funds"

[https://en.bitcoin.it/wiki/Script](https://en.bitcoin.it/wiki/Script)

------
mnemotronic
At about 8:50 he describes how changes to early blocks cause the chain to
"resist change". I understand how a change to a previous block will require
re-computation of subsequent blocks, but how is this "resisting change"? Just
recompute the nonce for each of the remaining 2 or 3 blocks. No big deal. What
am I missing?

~~~
bshanks
The blockchain is supposed to be used as an append-only data structure. There
are a number of nodes who have copies of what is supposed to be (or at least,
converge to) exactly the same data. The nodes are all constantly telling each
other what they believe to be the most up-to-date version of the data. The
purpose of the blockchain is to support a consensus-finding algorithm by which
the nodes may start out disagreeing on the contents of the most recent few
blocks in the log, but eventually converge to a consensus, at least for
relatively old blocks.

But some of the nodes are evil (or maybe just faulty, or maybe just out-of-
touch), and want to try to change past data and get the other nodes to accept
their fake history (the "fake chain").

When any node notices that some other nodes are saying different things
(proposing different chains), it prefers to believe in whichever chain is
longer (this is a slight simplification, actually it's accumulated
difficulty).

Many of the nodes are constantly accepting new data and 'mining' new blocks to
append to the end of the real chain. They are doing this as fast as they can.
The problem of finding a new hash for new blocks is embarrassingly parallel,
so if there are 1000 nodes in the network they can mine about 1000x as fast as
one node (however, the protocol is constantly adjusting the difficulty (the
number of prefix zeros required in the hash) to ensure that on average the
blockchain is getting longer at a fixed rate).

If the evil nodes want to change something far back in history, they're going
to have to try to mine a whole bunch of new blocks before the fake chain gets
as long as the real chain. Recall that the other nodes will reject the fake
chain as long as they are aware of another chain which is longer. But while
the evil nodes are trying to catch up, the good nodes are also going to be
trying to mine new blocks to append to the end of the real chain.

Assuming there are more good nodes than evil ones (or rather, that the total
computing power of the good nodes is greater than the total computing power of
the evil ones), on average the speed that the evil nodes can mine new blocks
is slower than the speed that the real chain is getting longer.

Therefore the rule that the longest chain is the right one works.

Now, through random chance it's always possible for the evil chain to get
lucky and mine a block much faster than the good chain. But if it alters
something deep in history, then in order to catch up, it would have to get
lucky in this way many times in a row; the chance of that happening decreases
geometrically with the number of blocks it is behind. Therefore, you can be
very confident that a block deep in the chain won't be altered.

To reiterate, the reason that it's important that the further back you change
something, the more hashes you need to recompute, is that this leads to the
following property: if there are two competing chains of different lengths,
the probability that the shorter chain will eventually become the longest
decreases geometrically with the initial difference in lengths. This property
is why the algorithm converges to a consensus on the data in older blocks.

~~~
mnemotronic
Thank you very much for that expanded explanation. I now know more, but
knowledge is a dangerous thing.

Let's pretend I have the fastest hash generation engine (actually I'd need 2
for this scheme). I would create a real node that uses my engine and becomes
part of the node community. Then I create 100 bogus nodes that proxy to my
real node. Now I have a large number of nodes that are essentially using my
version of "reality" which, in the beginning, is what everyone else says is
truth. Meanwhile I'm busy re-writing history to give myself 10 bazillion
bitcoins. My other hash engine is recomputing the chain with my bogus history
in the background. At some point it catches up with the present. At that point
I substitute my bogus chain for the real chain on my main node. My main node
is now in disagreement with everyone else's view of reality. My bogus chain
also shows up on my 100 other nodes that are proxying my main node. I now have
101 nodes showing my bogus bitcoins. If 101 nodes isn't enough to win the vote
then add more bogus nodes until I have 51% of the total nodes.

Also, what's to prevent me from adding many real but zero sum transactions to
my chain before I tell the world about those transactions? He who has the
biggest chain wins.

Unrelated thought: quantum computing sounds like it could throw a monkey
spanner into the wrench works.

~~~
bshanks
> If 101 nodes isn't enough to win the vote then add more bogus nodes until I
> have 51% of the total nodes.

You could do that, but it would be expensive. It's not the number of nodes
that matters, it's the total computing power of those nodes, because they need
to hash faster than the rest of the network. Your nodes, combined, would need
to have more computing power than all of the other nodes, combined. If the
blockchain you are attacking is popular, the cost of this much computing power
would be prohibitive (eg for Bitcoin today
[[https://gobitcoin.io/tools/cost-51-attack/](https://gobitcoin.io/tools/cost-51-attack/)]
estimates it would cost around $1 billion for the machines plus $2 million per
day for electricity).

> Also, what's to prevent me from adding many real but zero sum transactions
> to my chain before I tell the world about those transactions? He who has the
> biggest chain wins.

Since each block must contain the hash of the previous block, these blocks,
although empty of data, still have different hashes. So you have to compute
just as many hashes, regardless.

> Unrelated thought: quantum computing sounds like it could throw a monkey
> spanner into the wrench works.

Yes, maybe. See
[[https://en.bitcoin.it/wiki/Quantum_computing_and_Bitcoin](https://en.bitcoin.it/wiki/Quantum_computing_and_Bitcoin)]

------
eecks
How are updates propagated to all different copies of the blockchain?

~~~
Taek
Another commenter linked to a discussion about updating the Bitcoin software,
but are you talking about updates to the Bitcoin blockchain?

An 'update' would be a new block or transaction. The Bitcoin network shares
new blocks and transaction over a flood network where every node is peered
with 8+ other nodes, and will tell all of them when it sees a new block or
transaction.

------
chrisseaton
Why does the number have to be a nonce? If you can find a number that gives a
block the correct number of zeros, but it has been previously used to give a
totally different block the correct number of zeros, what is wrong with using
it?

~~~
mthoms
By design, the chance of a previous nonce being re-usable are virtually nill.
[http://preshing.com/20110504/hash-collision-
probabilities/](http://preshing.com/20110504/hash-collision-probabilities/)

The Bitcoin "nonce" is actually a much bigger number than shown in the video.
32 bits I believe.

~~~
Natanael_L
32 bits is actually just 4 billion values. Technically it isn't enough to
reliably find valid blocks with today's difficulty if that's all that you
modify.

That's why current miners tamper with both the coinbase transaction, timestamp
AND the nonce to find potentially valid blocks in mining.

~~~
mthoms
Interesting. Is that allowed by the protocol?

~~~
Natanael_L
Yes, because there's multiple valid ways to format coinbase transactions and
there's a few bits worth of margin in the timestamps that you can change.

------
stevehiehn
There is something i don't understand: At the point a transaction is made
there is only one copy. Does that not mean at that point its vulnerable to
fraud before more copies are made?

~~~
pizza
[https://en.bitcoin.it/wiki/Double-
spending#Finney_attack](https://en.bitcoin.it/wiki/Double-
spending#Finney_attack)

The key is to wait for confirmations

------
martinkallstrom
Very nice explanation. Not oversimplifying and not too detailed. Could anyone
care to explain smart contracts in the same balanced fashion? I always
struggle to convey my understanding.

~~~
antocv
In bitcoin you can have a transaction which requires 2 or more people to sign
it before the transaction can happen/is considered valid at all.

Smart contracts, is specifying conditions which can be checked in the
blockchain, like existence of certain data you expect to be posted in the
OP_RETURN (comment-like field) by other transactions. When your conditions are
met the "smart-contract" makes/signs and publishes its own transaction, and
other contracts can depend on this output of your contract.

------
pcmaffey
So absolute truth on the blockchain is held by majority rule?

~~~
Taek
Not quite. Bitcoin has very specific rules that transactions must follow. For
example, there is a very strict way that you can create new money. Existing
money can only be spent by the owner, etc.

So, if the longest chain violates one of the core rules, that chain is
ignored. You only ever follow the longest chain that also follows all of the
rules.

~~~
runeks
It's not the longest chain (most blocks) that is preferred, it's the chain
with the most cumulative work. Ie. the valid chain whose sum of block
difficulties is the greatest.

------
2sk21
Anders Brownworth is the cohost of the Asymco podcast along with Horace Dediu.
He mostly takes the back seat to Horace in that podcast so I'm amazed to see
how talented he is at explaining things. He did in a podcast that he is
working on blockchain related startup (apart from being a helicopter pilot!)

------
gamapuna
This was posted before , but IMO is very well written:-
[https://www.igvita.com/2014/05/05/minimum-viable-block-
chain...](https://www.igvita.com/2014/05/05/minimum-viable-block-chain/)

------
Curious42
There's a nice analogy that can be drawn between linked lists and the way
blockchains work.

------
kriro
Very interesting and well explained. I like the style with the code/tabs. Link
to that code: [https://github.com/anders94/blockchain-
demo](https://github.com/anders94/blockchain-demo)

------
quwert95
I really like this demo; it makes sense and was stepped through beautifully.

I would love to see a 'weaknesses' explanations about blockchains though, like
how 'truthiness' is generated and speed of verification and distribution.

Well done.

~~~
Natanael_L
If the blockchain follows the rules in the code / protocol and it is part of
the blockchain fork currently known to have the greatest amount of accumulated
proof of work, it is considered canonical / real.

------
Curious42
What's the guarantee that every peer has the same number of blocks? Are they
asynchronously updated through a global endpoint or something similar?

And how do these peers communicate with each other?

~~~
Natanael_L
All full nodes propagates blocks they generate or receive to everybody else.
The blockchain system aims for global concensus.

The chain with the greatest amount of proof of work will propagate to the
majority of the network and be accepted as valid by these nodes (assuming it
also follows the protocol rules).

------
dmux
One of his last comments -- the one about having an immutable, agreed upon
history -- seems like a great tool for recording facts in our "alternate-
facts" world.

~~~
moxious
Block chain has always seemed technically excellent but of limited practical
value to me.

It clearly excels in a world where the participants are anonymous and can't
trust each other. The trouble is that doesn't describe most business
transactions worldwide. Humanity has a couple thousand years of business
experience that generally always bent towards parties identifying one another,
building trust, and using courts when those previous methods failed.

So there seems a big mismatch here...block chain seems really excellent at
solving a problem that doesn't exist in most places.

Bitcoin is a good counter example. And crypto libertarians who would prefer
anonymity will clearly always be attracted, but society would have a lot of
cultural habits to undo before this would seem attractive in the mainstream.

~~~
Taek
> generally always bent towards parties identifying one another, building
> trust, and using courts when those previous methods failed

That costs a lot of money. It makes it hard to get started if you are
untrusted, and it means you have to have a court system, you have to do legal
stuff, you have to constantly be wary of the potentially changing
trustworthiness of your counterparty.

Blockchains eliminate all of this overhead. It doesn't matter if you are
dealing with a highly regulated bank or if you are dealing with Bob the hobo,
the blockchain guarantees that you can't be stabbed in the back (... err, when
used correctly. Used incorrectly it will not provide any security at all).

I think this is something a lot of people fail to grasp. The true power of the
blockchain is its ability to bring trust to places where it's currently
inaccessible. Banks that don't trust eachother can do buisness directly.
Countries that don't trust eachother can do business directly. A person with
no name, no reputation, and no tether to a court system can also be transacted
with safely, because the courts, names, and reputations are made strictly
unnecessary.

And the proposal is that doing things this way is much cheaper than doing
things the traditional way, especially when you consider all of the innovation
that could never happen simply because the innovator was unknown or untrusted.
All of the energy and money that goes into mining Bitcoin, in my opinion, is
more than made up for by the value-add here.

~~~
moxious
> The true power of the blockchain is its ability to bring trust to places
> where it's currently inaccessible.

Where is that? Because trust seems accessible to me everywhere there is a
reasonably open democracy and rule of law.

And why does this trust cost so much? Take payment cards like VISA. Max, they
cost 1-1.5%. There's not much to save there. Sure, it would be cheaper if I
paid 0.01%, but the cost is already low enough that it's not really preventing
any transactions. And of course bitcoin is not going in the direction of
enabling micro payments because of transaction costs and volumes.

~~~
Taek
Ask any merchant who as ever received a chargeback for legitimate goods that
they shipped for a credit card payment. Bitcoin has no chargebacks, which is
great for merchants who are shipping to somebody they've never met on the
other side of the world. VISA costs ~2.7% if you never have any customers who
issue chargebacks. But if you're an online retailer, you've probably got an
entire fraud department beyond just what VISA charges.

And some services (namely adult services and gambling services) can't get any
access to digital payments at all. VISA, Paypal, etc. all block them, despite
the fact that these services are entirely legal. Bitcoin makes it possible to
use these types of services without some central party deciding that
supporting an adult cam site is bad for business.

This is also great for the unbanked. If you are in Africa with no local bank,
no government id, etc, something like Bitcoin can enable you where no bank
would ever trust you.

And Bitcoin is in fact going in the direction of enabling micropayments. There
is a huge upgrade to Bitcoin in the works called the lightning network, which
means you basically have to make 1-6 starter transactions on-chain, but after
that you can make an unlimited number of micropayments around the network for
essentially free.

~~~
moxious
Not having charge backs doesn't make bitcoin less expensive, it just shifts
costs. Good for retailers, bad for customers who can't dispute, or who had
their money taken by fraud.

Bitcoin has been around for a number of years now, what do you think is the
thing that's preventing it from catching on?

~~~
Taek
It has been catching on. The ecosystem has been growing substatially and
consistently, even if the price is not keeping up.

[http://www.coindesk.com/data/bitcoin-daily-
transactions/](http://www.coindesk.com/data/bitcoin-daily-transactions/)

------
amadeuspzs
Terrific visual explanation. Would love to see this extended to explain
permissions and smart contract aspects of hyperledger/ethereum.

------
pizza
(Are/Why aren't) encrypted wallet keys written to & referenced from the
blockchain itself?

~~~
Natanael_L
Storing the master keys where?

Bitcoin already has brainwallets, password derived private keys.

~~~
pizza
Storing the keys into the ledger itself, maybe via the OP_RETURN field. People
have stored images in the blockchain, so I imagine you can use it as a
persistent decentralized filesystem in theory. Wouldn't you just need a way to
chunk your desired keys into 80-byte segments? The initial wallet used to
create the transaction is simply for bootstrapping, after that as long as you
know which transactions are necessary to fetch the encrypted keys, and you
retain the means of decryption, you could reconstitute the _blockchain-stored_
keys necessary to sign further transactions. At that point you could even
dispose of the bootstrapping wallet.

Kinda like if you kept a key in one of those banks that let you rent deposit
boxes, and you stored another key there. Then you'd have a way to use the
expected greater robustness of the bank (blockchain) compared to, say, keeping
the key under your mattress.

~~~
Natanael_L
Why not just use the existing hierarchical wallets (BIP32) based on a secret
you've got somewhere perhaps stored split up using Shamir's Secret Sharing
Scheme?

~~~
pizza
Interesting. The use-case I was envisioning is an always-accessible but still
secure, trust-less cloud wallet.

------
mrfusion
Can sha asics be put to other uses? Is there value in finding these hashes
quickly?

~~~
runeks
Not really, no. As the name implies, these ASICs are highly specialized. They
take in a half-calculated 512 bit SHA-256 block, and hash it _twice_.

So unless you need to SHA256 hash something twice at a rate of trillions of
hashes per second, there's really no alternative use. But, again, that's the
purpose of ASICs: an increase in performance from a decrease in generality.

------
luvz2code
Very nice demo and explanation of concepts. Thanks.

------
arc_of_descent
Really nice. Clear and concise.

