Bitcoin Confirmations | How many confirmations required?

Technical: The Path to Taproot Activation

Taproot! Everybody wants to have it, somebody wants to make it, nobody knows how to get it!
(If you are asking why everybody wants it, see: Technical: Taproot: Why Activate?)
(Pedants: I mostly elide over lockin times)
Briefly, Taproot is that neat new thing that gets us:
So yes, let's activate taproot!

The SegWit Wars

The biggest problem with activating Taproot is PTSD from the previous softfork, SegWit. Pieter Wuille, one of the authors of the current Taproot proposal, has consistently held the position that he will not discuss activation, and will accept whatever activation process is imposed on Taproot. Other developers have expressed similar opinions.
So what happened with SegWit activation that was so traumatic? SegWit used the BIP9 activation method. Let's dive into BIP9!

BIP9 Miner-Activated Soft Fork

Basically, BIP9 has a bunch of parameters:
Now there are other parameters (name, starttime) but they are not anywhere near as important as the above two.
A number that is not a parameter, is 95%. Basically, activation of a BIP9 softfork is considered as actually succeeding if at least 95% of blocks in the last 2 weeks had the specified bit in the nVersion set. If less than 95% had this bit set before the timeout, then the upgrade fails and never goes into the network. This is not a parameter: it is a constant defined by BIP9, and developers using BIP9 activation cannot change this.
So, first some simple questions and their answers:

The Great Battles of the SegWit Wars

SegWit not only fixed transaction malleability, it also created a practical softforkable blocksize increase that also rebalanced weights so that the cost of spending a UTXO is about the same as the cost of creating UTXOs (and spending UTXOs is "better" since it limits the size of the UTXO set that every fullnode has to maintain).
So SegWit was written, the activation was decided to be BIP9, and then.... miner signalling stalled at below 75%.
Thus were the Great SegWit Wars started.

BIP9 Feature Hostage

If you are a miner with at least 5% global hashpower, you can hold a BIP9-activated softfork hostage.
You might even secretly want the softfork to actually push through. But you might want to extract concession from the users and the developers. Like removing the halvening. Or raising or even removing the block size caps (which helps larger miners more than smaller miners, making it easier to become a bigger fish that eats all the smaller fishes). Or whatever.
With BIP9, you can hold the softfork hostage. You just hold out and refuse to signal. You tell everyone you will signal, if and only if certain concessions are given to you.
This ability by miners to hold a feature hostage was enabled because of the miner-exit allowed by the timeout on BIP9. Prior to that, miners were considered little more than expendable security guards, paid for the risk they take to secure the network, but not special in the grand scheme of Bitcoin.

Covert ASICBoost

ASICBoost was a novel way of optimizing SHA256 mining, by taking advantage of the structure of the 80-byte header that is hashed in order to perform proof-of-work. The details of ASICBoost are out-of-scope here but you can read about it elsewhere
Here is a short summary of the two types of ASICBoost, relevant to the activation discussion.
Now, "overt" means "obvious", while "covert" means hidden. Overt ASICBoost is obvious because nVersion bits that are not currently in use for BIP9 activations are usually 0 by default, so setting those bits to 1 makes it obvious that you are doing something weird (namely, Overt ASICBoost). Covert ASICBoost is non-obvious because the order of transactions in a block are up to the miner anyway, so the miner rearranging the transactions in order to get lower power consumption is not going to be detected.
Unfortunately, while Overt ASICBoost was compatible with SegWit, Covert ASICBoost was not. This is because, pre-SegWit, only the block header Merkle tree committed to the transaction ordering. However, with SegWit, another Merkle tree exists, which commits to transaction ordering as well. Covert ASICBoost would require more computation to manipulate two Merkle trees, obviating the power benefits of Covert ASICBoost anyway.
Now, miners want to use ASICBoost (indeed, about 60->70% of current miners probably use the Overt ASICBoost nowadays; if you have a Bitcoin fullnode running you will see the logs with lots of "60 of last 100 blocks had unexpected versions" which is exactly what you would see with the nVersion manipulation that Overt ASICBoost does). But remember: ASICBoost was, at around the time, a novel improvement. Not all miners had ASICBoost hardware. Those who did, did not want it known that they had ASICBoost hardware, and wanted to do Covert ASICBoost!
But Covert ASICBoost is incompatible with SegWit, because SegWit actually has two Merkle trees of transaction data, and Covert ASICBoost works by fudging around with transaction ordering in a block, and recomputing two Merkle Trees is more expensive than recomputing just one (and loses the ASICBoost advantage).
Of course, those miners that wanted Covert ASICBoost did not want to openly admit that they had ASICBoost hardware, they wanted to keep their advantage secret because miners are strongly competitive in a very tight market. And doing ASICBoost Covertly was just the ticket, but they could not work post-SegWit.
Fortunately, due to the BIP9 activation process, they could hold SegWit hostage while covertly taking advantage of Covert ASICBoost!

UASF: BIP148 and BIP8

When the incompatibility between Covert ASICBoost and SegWit was realized, still, activation of SegWit stalled, and miners were still not openly claiming that ASICBoost was related to non-activation of SegWit.
Eventually, a new proposal was created: BIP148. With this rule, 3 months before the end of the SegWit timeout, nodes would reject blocks that did not signal SegWit. Thus, 3 months before SegWit timeout, BIP148 would force activation of SegWit.
This proposal was not accepted by Bitcoin Core, due to the shortening of the timeout (it effectively times out 3 months before the initial SegWit timeout). Instead, a fork of Bitcoin Core was created which added the patch to comply with BIP148. This was claimed as a User Activated Soft Fork, UASF, since users could freely download the alternate fork rather than sticking with the developers of Bitcoin Core.
Now, BIP148 effectively is just a BIP9 activation, except at its (earlier) timeout, the new rules would be activated anyway (instead of the BIP9-mandated behavior that the upgrade is cancelled at the end of the timeout).
BIP148 was actually inspired by the BIP8 proposal (the link here is a historical version; BIP8 has been updated recently, precisely in preparation for Taproot activation). BIP8 is basically BIP9, but at the end of timeout, the softfork is activated anyway rather than cancelled.
This removed the ability of miners to hold the softfork hostage. At best, they can delay the activation, but not stop it entirely by holding out as in BIP9.
Of course, this implies risk that not all miners have upgraded before activation, leading to possible losses for SPV users, as well as again re-pressuring miners to signal activation, possibly without the miners actually upgrading their software to properly impose the new softfork rules.

BIP91, SegWit2X, and The Aftermath

BIP148 inspired countermeasures, possibly from the Covert ASiCBoost miners, possibly from concerned users who wanted to offer concessions to miners. To this day, the common name for BIP148 - UASF - remains an emotionally-charged rallying cry for parts of the Bitcoin community.
One of these was SegWit2X. This was brokered in a deal between some Bitcoin personalities at a conference in New York, and thus part of the so-called "New York Agreement" or NYA, another emotionally-charged acronym.
The text of the NYA was basically:
  1. Set up a new activation threshold at 80% signalled at bit 4 (vs bit 1 for SegWit).
    • When this 80% signalling was reached, miners would require that bit 1 for SegWit be signalled to achive the 95% activation needed for SegWit.
  2. If the bit 4 signalling reached 80%, increase the block weight limit from the SegWit 4000000 to the SegWit2X 8000000, 6 months after bit 1 activation.
The first item above was coded in BIP91.
Unfortunately, if you read the BIP91, independently of NYA, you might come to the conclusion that BIP91 was only about lowering the threshold to 80%. In particular, BIP91 never mentions anything about the second point above, it never mentions that bit 4 80% threshold would also signal for a later hardfork increase in weight limit.
Because of this, even though there are claims that NYA (SegWit2X) reached 80% dominance, a close reading of BIP91 shows that the 80% dominance was only for SegWit activation, without necessarily a later 2x capacity hardfork (SegWit2X).
This ambiguity of bit 4 (NYA says it includes a 2x capacity hardfork, BIP91 says it does not) has continued to be a thorn in blocksize debates later. Economically speaking, Bitcoin futures between SegWit and SegWit2X showed strong economic dominance in favor of SegWit (SegWit2X futures were traded at a fraction in value of SegWit futures: I personally made a tidy but small amount of money betting against SegWit2X in the futures market), so suggesting that NYA achieved 80% dominance even in mining is laughable, but the NYA text that ties bit 4 to SegWit2X still exists.
Historically, BIP91 triggered which caused SegWit to activate before the BIP148 shorter timeout. BIP148 proponents continue to hold this day that it was the BIP148 shorter timeout and no-compromises-activate-on-August-1 that made miners flock to BIP91 as a face-saving tactic that actually removed the second clause of NYA. NYA supporters keep pointing to the bit 4 text in the NYA and the historical activation of BIP91 as a failed promise by Bitcoin developers.

Taproot Activation Proposals

There are two primary proposals I can see for Taproot activation:
  1. BIP8.
  2. Modern Softfork Activation.
We have discussed BIP8: roughly, it has bit and timeout, if 95% of miners signal bit it activates, at the end of timeout it activates. (EDIT: BIP8 has had recent updates: at the end of timeout it can now activate or fail. For the most part, in the below text "BIP8", means BIP8-and-activate-at-timeout, and "BIP9" means BIP8-and-fail-at-timeout)
So let's take a look at Modern Softfork Activation!

Modern Softfork Activation

This is a more complex activation method, composed of BIP9 and BIP8 as supcomponents.
  1. First have a 12-month BIP9 (fail at timeout).
  2. If the above fails to activate, have a 6-month discussion period during which users and developers and miners discuss whether to continue to step 3.
  3. Have a 24-month BIP8 (activate at timeout).
The total above is 42 months, if you are counting: 3.5 years worst-case activation.
The logic here is that if there are no problems, BIP9 will work just fine anyway. And if there are problems, the 6-month period should weed it out. Finally, miners cannot hold the feature hostage since the 24-month BIP8 period will exist anyway.

PSA: Being Resilient to Upgrades

Software is very birttle.
Anyone who has been using software for a long time has experienced something like this:
  1. You hear a new version of your favorite software has a nice new feature.
  2. Excited, you install the new version.
  3. You find that the new version has subtle incompatibilities with your current workflow.
  4. You are sad and downgrade to the older version.
  5. You find out that the new version has changed your files in incompatible ways that the old version cannot work with anymore.
  6. You tearfully reinstall the newer version and figure out how to get your lost productivity now that you have to adapt to a new workflow
If you are a technically-competent user, you might codify your workflow into a bunch of programs. And then you upgrade one of the external pieces of software you are using, and find that it has a subtle incompatibility with your current workflow which is based on a bunch of simple programs you wrote yourself. And if those simple programs are used as the basis of some important production system, you hve just screwed up because you upgraded software on an important production system.
And well, one of the issues with new softfork activation is that if not enough people (users and miners) upgrade to the newest Bitcoin software, the security of the new softfork rules are at risk.
Upgrading software of any kind is always a risk, and the more software you build on top of the software-being-upgraded, the greater you risk your tower of software collapsing while you change its foundations.
So if you have some complex Bitcoin-manipulating system with Bitcoin somewhere at the foundations, consider running two Bitcoin nodes:
  1. One is a "stable-version" Bitcoin node. Once it has synced, set it up to connect=x.x.x.x to the second node below (so that your ISP bandwidth is only spent on the second node). Use this node to run all your software: it's a stable version that you don't change for long periods of time. Enable txiindex, disable pruning, whatever your software needs.
  2. The other is an "always-up-to-date" Bitcoin Node. Keep its stoarge down with pruning (initially sync it off the "stable-version" node). You can't use blocksonly if your "stable-version" node needs to send transactions, but otherwise this "always-up-to-date" Bitcoin node can be kept as a low-resource node, so you can run both nodes in the same machine.
When a new Bitcoin version comes up, you just upgrade the "always-up-to-date" Bitcoin node. This protects you if a future softfork activates, you will only receive valid Bitcoin blocks and transactions. Since this node has nothing running on top of it, it is just a special peer of the "stable-version" node, any software incompatibilities with your system software do not exist.
Your "stable-version" Bitcoin node remains the same version until you are ready to actually upgrade this node and are prepared to rewrite most of the software you have running on top of it due to version compatibility problems.
When upgrading the "always-up-to-date", you can bring it down safely and then start it later. Your "stable-version" wil keep running, disconnected from the network, but otherwise still available for whatever queries. You do need some system to stop the "always-up-to-date" node if for any reason the "stable-version" goes down (otherwisee if the "always-up-to-date" advances its pruning window past what your "stable-version" has, the "stable-version" cannot sync afterwards), but if you are technically competent enough that you need to do this, you are technically competent enough to write such a trivial monitor program (EDIT: gmax notes you can adjust the pruning window by RPC commands to help with this as well).
This recommendation is from gmaxwell on IRC, by the way.
submitted by almkglor to Bitcoin [link] [comments]

Technical: Taproot: Why Activate?

This is a follow-up on https://old.reddit.com/Bitcoin/comments/hqzp14/technical_the_path_to_taproot_activation/
Taproot! Everybody wants it!! But... you might ask yourself: sure, everybody else wants it, but why would I, sovereign Bitcoin HODLer, want it? Surely I can be better than everybody else because I swapped XXX fiat for Bitcoin unlike all those nocoiners?
And it is important for you to know the reasons why you, o sovereign Bitcoiner, would want Taproot activated. After all, your nodes (or the nodes your wallets use, which if you are SPV, you hopefully can pester to your wallet vendoimplementor about) need to be upgraded in order for Taproot activation to actually succeed instead of becoming a hot sticky mess.
First, let's consider some principles of Bitcoin.
I'm sure most of us here would agree that the above are very important principles of Bitcoin and that these are principles we would not be willing to remove. If anything, we would want those principles strengthened (especially the last one, financial privacy, which current Bitcoin is only sporadically strong with: you can get privacy, it just requires effort to do so).
So, how does Taproot affect those principles?

Taproot and Your /Coins

Most HODLers probably HODL their coins in singlesig addresses. Sadly, switching to Taproot would do very little for you (it gives a mild discount at spend time, at the cost of a mild increase in fee at receive time (paid by whoever sends to you, so if it's a self-send from a P2PKH or bech32 address, you pay for this); mostly a wash).
(technical details: a Taproot output is 1 version byte + 32 byte public key, while a P2WPKH (bech32 singlesig) output is 1 version byte + 20 byte public key hash, so the Taproot output spends 12 bytes more; spending from a P2WPKH requires revealing a 32-byte public key later, which is not needed with Taproot, and Taproot signatures are about 9 bytes smaller than P2WPKH signatures, but the 32 bytes plus 9 bytes is divided by 4 because of the witness discount, so it saves about 11 bytes; mostly a wash, it increases blockweight by about 1 virtual byte, 4 weight for each Taproot-output-input, compared to P2WPKH-output-input).
However, as your HODLings grow in value, you might start wondering if multisignature k-of-n setups might be better for the security of your savings. And it is in multisignature that Taproot starts to give benefits!
Taproot switches to using Schnorr signing scheme. Schnorr makes key aggregation -- constructing a single public key from multiple public keys -- almost as trivial as adding numbers together. "Almost" because it involves some fairly advanced math instead of simple boring number adding, but hey when was the last time you added up your grocery list prices by hand huh?
With current P2SH and P2WSH multisignature schemes, if you have a 2-of-3 setup, then to spend, you need to provide two different signatures from two different public keys. With Taproot, you can create, using special moon math, a single public key that represents your 2-of-3 setup. Then you just put two of your devices together, have them communicate to each other (this can be done airgapped, in theory, by sending QR codes: the software to do this is not even being built yet, but that's because Taproot hasn't activated yet!), and they will make a single signature to authorize any spend from your 2-of-3 address. That's 73 witness bytes -- 18.25 virtual bytes -- of signatures you save!
And if you decide that your current setup with 1-of-1 P2PKH / P2WPKH addresses is just fine as-is: well, that's the whole point of a softfork: backwards-compatibility; you can receive from Taproot users just fine, and once your wallet is updated for Taproot-sending support, you can send to Taproot users just fine as well!
(P2WPKH and P2WSH -- SegWit v0 -- addresses start with bc1q; Taproot -- SegWit v1 --- addresses start with bc1p, in case you wanted to know the difference; in bech32 q is 0, p is 1)
Now how about HODLers who keep all, or some, of their coins on custodial services? Well, any custodial service worth its salt would be doing at least 2-of-3, or probably something even bigger, like 11-of-15. So your custodial service, if it switched to using Taproot internally, could save a lot more (imagine an 11-of-15 getting reduced from 11 signatures to just 1!), which --- we can only hope! --- should translate to lower fees and better customer service from your custodial service!
So I think we can say, very accurately, that the Bitcoin principle --- that YOU are in control of your money --- can only be helped by Taproot (if you are doing multisignature), and, because P2PKH and P2WPKH remain validly-usable addresses in a Taproot future, will not be harmed by Taproot. Its benefit to this principle might be small (it mostly only benefits multisignature users) but since it has no drawbacks with this (i.e. singlesig users can continue to use P2WPKH and P2PKH still) this is still a nice, tidy win!
(even singlesig users get a minor benefit, in that multisig users will now reduce their blockchain space footprint, so that fees can be kept low for everybody; so for example even if you have your single set of private keys engraved on titanium plates sealed in an airtight box stored in a safe buried in a desert protected by angry nomads riding giant sandworms because you're the frickin' Kwisatz Haderach, you still gain some benefit from Taproot)
And here's the important part: if P2PKH/P2WPKH is working perfectly fine with you and you decide to never use Taproot yourself, Taproot will not affect you detrimentally. First do no harm!

Taproot and Your Contracts

No one is an island, no one lives alone. Give and you shall receive. You know: by trading with other people, you can gain expertise in some obscure little necessity of the world (and greatly increase your productivity in that little field), and then trade the products of your expertise for necessities other people have created, all of you thereby gaining gains from trade.
So, contracts, which are basically enforceable agreements that facilitate trading with people who you do not personally know and therefore might not trust.
Let's start with a simple example. You want to buy some gewgaws from somebody. But you don't know them personally. The seller wants the money, you want their gewgaws, but because of the lack of trust (you don't know them!! what if they're scammers??) neither of you can benefit from gains from trade.
However, suppose both of you know of some entity that both of you trust. That entity can act as a trusted escrow. The entity provides you security: this enables the trade, allowing both of you to get gains from trade.
In Bitcoin-land, this can be implemented as a 2-of-3 multisignature. The three signatories in the multisgnature would be you, the gewgaw seller, and the escrow. You put the payment for the gewgaws into this 2-of-3 multisignature address.
Now, suppose it turns out neither of you are scammers (whaaaat!). You receive the gewgaws just fine and you're willing to pay up for them. Then you and the gewgaw seller just sign a transaction --- you and the gewgaw seller are 2, sufficient to trigger the 2-of-3 --- that spends from the 2-of-3 address to a singlesig the gewgaw seller wants (or whatever address the gewgaw seller wants).
But suppose some problem arises. The seller gave you gawgews instead of gewgaws. Or you decided to keep the gewgaws but not sign the transaction to release the funds to the seller. In either case, the escrow is notified, and if it can sign with you to refund the funds back to you (if the seller was a scammer) or it can sign with the seller to forward the funds to the seller (if you were a scammer).
Taproot helps with this: like mentioned above, it allows multisignature setups to produce only one signature, reducing blockchain space usage, and thus making contracts --- which require multiple people, by definition, you don't make contracts with yourself --- is made cheaper (which we hope enables more of these setups to happen for more gains from trade for everyone, also, moon and lambos).
(technology-wise, it's easier to make an n-of-n than a k-of-n, making a k-of-n would require a complex setup involving a long ritual with many communication rounds between the n participants, but an n-of-n can be done trivially with some moon math. You can, however, make what is effectively a 2-of-3 by using a three-branch SCRIPT: either 2-of-2 of you and seller, OR 2-of-2 of you and escrow, OR 2-of-2 of escrow and seller. Fortunately, Taproot adds a facility to embed a SCRIPT inside a public key, so you can have a 2-of-2 Taprooted address (between you and seller) with a SCRIPT branch that can instead be spent with 2-of-2 (you + escrow) OR 2-of-2 (seller + escrow), which implements the three-branched SCRIPT above. If neither of you are scammers (hopefully the common case) then you both sign using your keys and never have to contact the escrow, since you are just using the escrow public key without coordinating with them (because n-of-n is trivial but k-of-n requires setup with communication rounds), so in the "best case" where both of you are honest traders, you also get a privacy boost, in that the escrow never learns you have been trading on gewgaws, I mean ewww, gawgews are much better than gewgaws and therefore I now judge you for being a gewgaw enthusiast, you filthy gewgawer).

Taproot and Your Contracts, Part 2: Cryptographic Boogaloo

Now suppose you want to buy some data instead of things. For example, maybe you have some closed-source software in trial mode installed, and want to pay the developer for the full version. You want to pay for an activation code.
This can be done, today, by using an HTLC. The developer tells you the hash of the activation code. You pay to an HTLC, paying out to the developer if it reveals the preimage (the activation code), or refunding the money back to you after a pre-agreed timeout. If the developer claims the funds, it has to reveal the preimage, which is the activation code, and you can now activate your software. If the developer does not claim the funds by the timeout, you get refunded.
And you can do that, with HTLCs, today.
Of course, HTLCs do have problems:
Fortunately, with Schnorr (which is enabled by Taproot), we can now use the Scriptless Script constuction by Andrew Poelstra. This Scriptless Script allows a new construction, the PTLC or Pointlocked Timelocked Contract. Instead of hashes and preimages, just replace "hash" with "point" and "preimage" with "scalar".
Or as you might know them: "point" is really "public key" and "scalar" is really a "private key". What a PTLC does is that, given a particular public key, the pointlocked branch can be spent only if the spender reveals the private key of the given public key to you.
Another nice thing with PTLCs is that they are deniable. What appears onchain is just a single 2-of-2 signature between you and the developemanufacturer. It's like a magic trick. This signature has no special watermarks, it's a perfectly normal signature (the pledge). However, from this signature, plus some datta given to you by the developemanufacturer (known as the adaptor signature) you can derive the private key of a particular public key you both agree on (the turn). Anyone scraping the blockchain will just see signatures that look just like every other signature, and as long as nobody manages to hack you and get a copy of the adaptor signature or the private key, they cannot get the private key behind the public key (point) that the pointlocked branch needs (the prestige).
(Just to be clear, the public key you are getting the private key from, is distinct from the public key that the developemanufacturer will use for its funds. The activation key is different from the developer's onchain Bitcoin key, and it is the activation key whose private key you will be learning, not the developer's/manufacturer's onchain Bitcoin key).
So:
Taproot lets PTLCs exist onchain because they enable Schnorr, which is a requirement of PTLCs / Scriptless Script.
(technology-wise, take note that Scriptless Script works only for the "pointlocked" branch of the contract; you need normal Script, or a pre-signed nLockTimed transaction, for the "timelocked" branch. Since Taproot can embed a script, you can have the Taproot pubkey be a 2-of-2 to implement the Scriptless Script "pointlocked" branch, then have a hidden script that lets you recover the funds with an OP_CHECKLOCKTIMEVERIFY after the timeout if the seller does not claim the funds.)

Quantum Quibbles!

Now if you were really paying attention, you might have noticed this parenthetical:
(technical details: a Taproot output is 1 version byte + 32 byte public key, while a P2WPKH (bech32 singlesig) output is 1 version byte + 20 byte public key hash...)
So wait, Taproot uses raw 32-byte public keys, and not public key hashes? Isn't that more quantum-vulnerable??
Well, in theory yes. In practice, they probably are not.
It's not that hashes can be broken by quantum computes --- they're still not. Instead, you have to look at how you spend from a P2WPKH/P2PKH pay-to-public-key-hash.
When you spend from a P2PKH / P2WPKH, you have to reveal the public key. Then Bitcoin hashes it and checks if this matches with the public-key-hash, and only then actually validates the signature for that public key.
So an unconfirmed transaction, floating in the mempools of nodes globally, will show, in plain sight for everyone to see, your public key.
(public keys should be public, that's why they're called public keys, LOL)
And if quantum computers are fast enough to be of concern, then they are probably fast enough that, in the several minutes to several hours from broadcast to confirmation, they have already cracked the public key that is openly broadcast with your transaction. The owner of the quantum computer can now replace your unconfirmed transaction with one that pays the funds to itself. Even if you did not opt-in RBF, miners are still incentivized to support RBF on RBF-disabled transactions.
So the extra hash is not as significant a protection against quantum computers as you might think. Instead, the extra hash-and-compare needed is just extra validation effort.
Further, if you have ever, in the past, spent from the address, then there exists already a transaction indelibly stored on the blockchain, openly displaying the public key from which quantum computers can derive the private key. So those are still vulnerable to quantum computers.
For the most part, the cryptographers behind Taproot (and Bitcoin Core) are of the opinion that quantum computers capable of cracking Bitcoin pubkeys are unlikely to appear within a decade or two.
So:
For now, the homomorphic and linear properties of elliptic curve cryptography provide a lot of benefits --- particularly the linearity property is what enables Scriptless Script and simple multisignature (i.e. multisignatures that are just 1 signature onchain). So it might be a good idea to take advantage of them now while we are still fairly safe against quantum computers. It seems likely that quantum-safe signature schemes are nonlinear (thus losing these advantages).

Summary

I Wanna Be The Taprooter!

So, do you want to help activate Taproot? Here's what you, mister sovereign Bitcoin HODLer, can do!

But I Hate Taproot!!

That's fine!

Discussions About Taproot Activation

submitted by almkglor to Bitcoin [link] [comments]

[ Bitcoin ] Technical: Taproot: Why Activate?

Topic originally posted in Bitcoin by almkglor [link]
This is a follow-up on https://old.reddit.com/Bitcoin/comments/hqzp14/technical_the_path_to_taproot_activation/
Taproot! Everybody wants it!! But... you might ask yourself: sure, everybody else wants it, but why would I, sovereign Bitcoin HODLer, want it? Surely I can be better than everybody else because I swapped XXX fiat for Bitcoin unlike all those nocoiners?
And it is important for you to know the reasons why you, o sovereign Bitcoiner, would want Taproot activated. After all, your nodes (or the nodes your wallets use, which if you are SPV, you hopefully can pester to your wallet vendoimplementor about) need to be upgraded in order for Taproot activation to actually succeed instead of becoming a hot sticky mess.
First, let's consider some principles of Bitcoin.
I'm sure most of us here would agree that the above are very important principles of Bitcoin and that these are principles we would not be willing to remove. If anything, we would want those principles strengthened (especially the last one, financial privacy, which current Bitcoin is only sporadically strong with: you can get privacy, it just requires effort to do so).
So, how does Taproot affect those principles?

Taproot and Your /Coins

Most HODLers probably HODL their coins in singlesig addresses. Sadly, switching to Taproot would do very little for you (it gives a mild discount at spend time, at the cost of a mild increase in fee at receive time (paid by whoever sends to you, so if it's a self-send from a P2PKH or bech32 address, you pay for this); mostly a wash).
(technical details: a Taproot output is 1 version byte + 32 byte public key, while a P2WPKH (bech32 singlesig) output is 1 version byte + 20 byte public key hash, so the Taproot output spends 12 bytes more; spending from a P2WPKH requires revealing a 32-byte public key later, which is not needed with Taproot, and Taproot signatures are about 9 bytes smaller than P2WPKH signatures, but the 32 bytes plus 9 bytes is divided by 4 because of the witness discount, so it saves about 11 bytes; mostly a wash, it increases blockweight by about 1 virtual byte, 4 weight for each Taproot-output-input, compared to P2WPKH-output-input).
However, as your HODLings grow in value, you might start wondering if multisignature k-of-n setups might be better for the security of your savings. And it is in multisignature that Taproot starts to give benefits!
Taproot switches to using Schnorr signing scheme. Schnorr makes key aggregation -- constructing a single public key from multiple public keys -- almost as trivial as adding numbers together. "Almost" because it involves some fairly advanced math instead of simple boring number adding, but hey when was the last time you added up your grocery list prices by hand huh?
With current P2SH and P2WSH multisignature schemes, if you have a 2-of-3 setup, then to spend, you need to provide two different signatures from two different public keys. With Taproot, you can create, using special moon math, a single public key that represents your 2-of-3 setup. Then you just put two of your devices together, have them communicate to each other (this can be done airgapped, in theory, by sending QR codes: the software to do this is not even being built yet, but that's because Taproot hasn't activated yet!), and they will make a single signature to authorize any spend from your 2-of-3 address. That's 73 witness bytes -- 18.25 virtual bytes -- of signatures you save!
And if you decide that your current setup with 1-of-1 P2PKH / P2WPKH addresses is just fine as-is: well, that's the whole point of a softfork: backwards-compatibility; you can receive from Taproot users just fine, and once your wallet is updated for Taproot-sending support, you can send to Taproot users just fine as well!
(P2WPKH and P2WSH -- SegWit v0 -- addresses start with bc1q; Taproot -- SegWit v1 --- addresses start with bc1p, in case you wanted to know the difference; in bech32 q is 0, p is 1)
Now how about HODLers who keep all, or some, of their coins on custodial services? Well, any custodial service worth its salt would be doing at least 2-of-3, or probably something even bigger, like 11-of-15. So your custodial service, if it switched to using Taproot internally, could save a lot more (imagine an 11-of-15 getting reduced from 11 signatures to just 1!), which --- we can only hope! --- should translate to lower fees and better customer service from your custodial service!
So I think we can say, very accurately, that the Bitcoin principle --- that YOU are in control of your money --- can only be helped by Taproot (if you are doing multisignature), and, because P2PKH and P2WPKH remain validly-usable addresses in a Taproot future, will not be harmed by Taproot. Its benefit to this principle might be small (it mostly only benefits multisignature users) but since it has no drawbacks with this (i.e. singlesig users can continue to use P2WPKH and P2PKH still) this is still a nice, tidy win!
(even singlesig users get a minor benefit, in that multisig users will now reduce their blockchain space footprint, so that fees can be kept low for everybody; so for example even if you have your single set of private keys engraved on titanium plates sealed in an airtight box stored in a safe buried in a desert protected by angry nomads riding giant sandworms because you're the frickin' Kwisatz Haderach, you still gain some benefit from Taproot)
And here's the important part: if P2PKH/P2WPKH is working perfectly fine with you and you decide to never use Taproot yourself, Taproot will not affect you detrimentally. First do no harm!

Taproot and Your Contracts

No one is an island, no one lives alone. Give and you shall receive. You know: by trading with other people, you can gain expertise in some obscure little necessity of the world (and greatly increase your productivity in that little field), and then trade the products of your expertise for necessities other people have created, all of you thereby gaining gains from trade.
So, contracts, which are basically enforceable agreements that facilitate trading with people who you do not personally know and therefore might not trust.
Let's start with a simple example. You want to buy some gewgaws from somebody. But you don't know them personally. The seller wants the money, you want their gewgaws, but because of the lack of trust (you don't know them!! what if they're scammers??) neither of you can benefit from gains from trade.
However, suppose both of you know of some entity that both of you trust. That entity can act as a trusted escrow. The entity provides you security: this enables the trade, allowing both of you to get gains from trade.
In Bitcoin-land, this can be implemented as a 2-of-3 multisignature. The three signatories in the multisgnature would be you, the gewgaw seller, and the escrow. You put the payment for the gewgaws into this 2-of-3 multisignature address.
Now, suppose it turns out neither of you are scammers (whaaaat!). You receive the gewgaws just fine and you're willing to pay up for them. Then you and the gewgaw seller just sign a transaction --- you and the gewgaw seller are 2, sufficient to trigger the 2-of-3 --- that spends from the 2-of-3 address to a singlesig the gewgaw seller wants (or whatever address the gewgaw seller wants).
But suppose some problem arises. The seller gave you gawgews instead of gewgaws. Or you decided to keep the gewgaws but not sign the transaction to release the funds to the seller. In either case, the escrow is notified, and if it can sign with you to refund the funds back to you (if the seller was a scammer) or it can sign with the seller to forward the funds to the seller (if you were a scammer).
Taproot helps with this: like mentioned above, it allows multisignature setups to produce only one signature, reducing blockchain space usage, and thus making contracts --- which require multiple people, by definition, you don't make contracts with yourself --- is made cheaper (which we hope enables more of these setups to happen for more gains from trade for everyone, also, moon and lambos).
(technology-wise, it's easier to make an n-of-n than a k-of-n, making a k-of-n would require a complex setup involving a long ritual with many communication rounds between the n participants, but an n-of-n can be done trivially with some moon math. You can, however, make what is effectively a 2-of-3 by using a three-branch SCRIPT: either 2-of-2 of you and seller, OR 2-of-2 of you and escrow, OR 2-of-2 of escrow and seller. Fortunately, Taproot adds a facility to embed a SCRIPT inside a public key, so you can have a 2-of-2 Taprooted address (between you and seller) with a SCRIPT branch that can instead be spent with 2-of-2 (you + escrow) OR 2-of-2 (seller + escrow), which implements the three-branched SCRIPT above. If neither of you are scammers (hopefully the common case) then you both sign using your keys and never have to contact the escrow, since you are just using the escrow public key without coordinating with them (because n-of-n is trivial but k-of-n requires setup with communication rounds), so in the "best case" where both of you are honest traders, you also get a privacy boost, in that the escrow never learns you have been trading on gewgaws, I mean ewww, gawgews are much better than gewgaws and therefore I now judge you for being a gewgaw enthusiast, you filthy gewgawer).

Taproot and Your Contracts, Part 2: Cryptographic Boogaloo

Now suppose you want to buy some data instead of things. For example, maybe you have some closed-source software in trial mode installed, and want to pay the developer for the full version. You want to pay for an activation code.
This can be done, today, by using an HTLC. The developer tells you the hash of the activation code. You pay to an HTLC, paying out to the developer if it reveals the preimage (the activation code), or refunding the money back to you after a pre-agreed timeout. If the developer claims the funds, it has to reveal the preimage, which is the activation code, and you can now activate your software. If the developer does not claim the funds by the timeout, you get refunded.
And you can do that, with HTLCs, today.
Of course, HTLCs do have problems:
Fortunately, with Schnorr (which is enabled by Taproot), we can now use the Scriptless Script constuction by Andrew Poelstra. This Scriptless Script allows a new construction, the PTLC or Pointlocked Timelocked Contract. Instead of hashes and preimages, just replace "hash" with "point" and "preimage" with "scalar".
Or as you might know them: "point" is really "public key" and "scalar" is really a "private key". What a PTLC does is that, given a particular public key, the pointlocked branch can be spent only if the spender reveals the private key of the given private key to you.
Another nice thing with PTLCs is that they are deniable. What appears onchain is just a single 2-of-2 signature between you and the developemanufacturer. It's like a magic trick. This signature has no special watermarks, it's a perfectly normal signature (the pledge). However, from this signature, plus some datta given to you by the developemanufacturer (known as the adaptor signature) you can derive the private key of a particular public key you both agree on (the turn). Anyone scraping the blockchain will just see signatures that look just like every other signature, and as long as nobody manages to hack you and get a copy of the adaptor signature or the private key, they cannot get the private key behind the public key (point) that the pointlocked branch needs (the prestige).
(Just to be clear, the public key you are getting the private key from, is distinct from the public key that the developemanufacturer will use for its funds. The activation key is different from the developer's onchain Bitcoin key, and it is the activation key whose private key you will be learning, not the developer's/manufacturer's onchain Bitcoin key).
So:
Taproot lets PTLCs exist onchain because they enable Schnorr, which is a requirement of PTLCs / Scriptless Script.
(technology-wise, take note that Scriptless Script works only for the "pointlocked" branch of the contract; you need normal Script, or a pre-signed nLockTimed transaction, for the "timelocked" branch. Since Taproot can embed a script, you can have the Taproot pubkey be a 2-of-2 to implement the Scriptless Script "pointlocked" branch, then have a hidden script that lets you recover the funds with an OP_CHECKLOCKTIMEVERIFY after the timeout if the seller does not claim the funds.)

Quantum Quibbles!

Now if you were really paying attention, you might have noticed this parenthetical:
(technical details: a Taproot output is 1 version byte + 32 byte public key, while a P2WPKH (bech32 singlesig) output is 1 version byte + 20 byte public key hash...)
So wait, Taproot uses raw 32-byte public keys, and not public key hashes? Isn't that more quantum-vulnerable??
Well, in theory yes. In practice, they probably are not.
It's not that hashes can be broken by quantum computes --- they're still not. Instead, you have to look at how you spend from a P2WPKH/P2PKH pay-to-public-key-hash.
When you spend from a P2PKH / P2WPKH, you have to reveal the public key. Then Bitcoin hashes it and checks if this matches with the public-key-hash, and only then actually validates the signature for that public key.
So an unconfirmed transaction, floating in the mempools of nodes globally, will show, in plain sight for everyone to see, your public key.
(public keys should be public, that's why they're called public keys, LOL)
And if quantum computers are fast enough to be of concern, then they are probably fast enough that, in the several minutes to several hours from broadcast to confirmation, they have already cracked the public key that is openly broadcast with your transaction. The owner of the quantum computer can now replace your unconfirmed transaction with one that pays the funds to itself. Even if you did not opt-in RBF, miners are still incentivized to support RBF on RBF-disabled transactions.
So the extra hash is not as significant a protection against quantum computers as you might think. Instead, the extra hash-and-compare needed is just extra validation effort.
Further, if you have ever, in the past, spent from the address, then there exists already a transaction indelibly stored on the blockchain, openly displaying the public key from which quantum computers can derive the private key. So those are still vulnerable to quantum computers.
For the most part, the cryptographers behind Taproot (and Bitcoin Core) are of the opinion that quantum computers capable of cracking Bitcoin pubkeys are unlikely to appear within a decade or two.
So:
For now, the homomorphic and linear properties of elliptic curve cryptography provide a lot of benefits --- particularly the linearity property is what enables Scriptless Script and simple multisignature (i.e. multisignatures that are just 1 signature onchain). So it might be a good idea to take advantage of them now while we are still fairly safe against quantum computers. It seems likely that quantum-safe signature schemes are nonlinear (thus losing these advantages).

Summary

I Wanna Be The Taprooter!

So, do you want to help activate Taproot? Here's what you, mister sovereign Bitcoin HODLer, can do!

But I Hate Taproot!!

That's fine!

Discussions About Taproot Activation

almkglor your post has been copied because one or more comments in this topic have been removed. This copy will preserve unmoderated topic. If you would like to opt-out, please send a message using [this link].
[deleted comment]
[deleted comment]
[deleted comment]
submitted by anticensor_bot to u/anticensor_bot [link] [comments]

Since they're calling for r/btc to be banned...

Maybe it's time to discuss bitcoin's history again. Credit to u/singularity87 for the original post over 3 years ago.

People should get the full story of bitcoin because it is probably one of the strangest of all reddit subs.
bitcoin, the main sub for the bitcoin community is held and run by a person who goes by the pseudonym u/theymos. Theymos not only controls bitcoin, but also bitcoin.org and bitcointalk.com. These are top three communication channels for the bitcoin community, all controlled by just one person.
For most of bitcoin's history this did not create a problem (at least not an obvious one anyway) until around mid 2015. This happened to be around the time a new player appeared on the scene, a for-profit company called Blockstream. Blockstream was made up of/hired many (but not all) of the main bitcoin developers. (To be clear, Blockstream was founded before mid 2015 but did not become publicly active until then). A lot of people, including myself, tried to point out there we're some very serious potential conflicts of interest that could arise when one single company controls most of the main developers for the biggest decentralised and distributed cryptocurrency. There were a lot of unknowns but people seemed to give them the benefit of the doubt because they were apparently about to release some new software called "sidechains" that could offer some benefits to the network.
Not long after Blockstream came on the scene the issue of bitcoin's scalability once again came to forefront of the community. This issue came within the community a number of times since bitcoins inception. Bitcoin, as dictated in the code, cannot handle any more than around 3 transactions per second at the moment. To put that in perspective Paypal handles around 15 transactions per second on average and VISA handles something like 2000 transactions per second. The discussion in the community has been around how best to allow bitcoin to scale to allow a higher number of transactions in a given amount of time. I suggest that if anyone is interested in learning more about this problem from a technical angle, they go to btc and do a search. It's a complex issue but for many who have followed bitcoin for many years, the possible solutions seem relatively obvious. Essentially, currently the limit is put in place in just a few lines of code. This was not originally present when bitcoin was first released. It was in fact put in place afterwards as a measure to stop a bloating attack on the network. Because all bitcoin transactions have to be stored forever on the bitcoin network, someone could theoretically simply transmit a large number of transactions which would have to be stored by the entire network forever. When bitcoin was released, transactions were actually for free as the only people running the network were enthusiasts. In fact a single bitcoin did not even have any specific value so it would be impossible set a fee value. This meant that a malicious person could make the size of the bitcoin ledger grow very rapidly without much/any cost which would stop people from wanting to join the network due to the resource requirements needed to store it, which at the time would have been for very little gain.
Towards the end of the summer last year, this bitcoin scaling debate surfaced again as it was becoming clear that the transaction limit for bitcoin was semi regularly being reached and that it would not be long until it would be regularly hit and the network would become congested. This was a very serious issue for a currency. Bitcoin had made progress over the years to the point of retailers starting to offer it as a payment option. Bitcoin companies like, Microsoft, Paypal, Steam and many more had began to adopt it. If the transaction limit would be constantly maxed out, the network would become unreliable and slow for users. Users and businesses would not be able to make a reliable estimate when their transaction would be confirmed by the network.
Users, developers and businesses (which at the time was pretty much the only real bitcoin subreddit) started to discuss how we should solve the problem bitcoin. There was significant support from the users and businesses behind a simple solution put forward by the developer Gavin Andreesen. Gavin was the lead developer after Satoshi Nakamoto left bitcoin and he left it in his hands. Gavin initially proposed a very simple solution of increasing the limit which was to change the few lines of code to increase the maximum number of transactions that are allowed. For most of bitcoin's history the transaction limit had been set far far higher than the number of transactions that could potentially happen on the network. The concept of increasing the limit one time was based on the fact that history had proven that no issue had been cause by this in the past.
A certain group of bitcoin developers decided that increasing the limit by this amount was too much and that it was dangerous. They said that the increased use of resources that the network would use would create centralisation pressures which could destroy the network. The theory was that a miner of the network with more resources could publish many more transactions than a competing small miner could handle and therefore the network would tend towards few large miners rather than many small miners. The group of developers who supported this theory were all developers who worked for the company Blockstream. The argument from people in support of increasing the transaction capacity by this amount was that there are always inherent centralisation pressure with bitcoin mining. For example miners who can access the cheapest electricity will tend to succeed and that bigger miners will be able to find this cheaper electricity easier. Miners who have access to the most efficient computer chips will tend to succeed and that larger miners are more likely to be able to afford the development of them. The argument from Gavin and other who supported increasing the transaction capacity by this method are essentially there are economies of scale in mining and that these economies have far bigger centralisation pressures than increased resource cost for a larger number of transactions (up to the new limit proposed). For example, at the time the total size of the blockchain was around 50GB. Even for the cost of a 500GB SSD is only $150 and would last a number of years. This is in-comparison to the $100,000's in revenue per day a miner would be making.
Various developers put forth various other proposals, including Gavin Andresen who put forth a more conservative increase that would then continue to increase over time inline with technological improvements. Some of the employees of blockstream also put forth some proposals, but all were so conservative, it would take bitcoin many decades before it could reach a scale of VISA. Even though there was significant support from the community behind Gavin's simple proposal of increasing the limit it was becoming clear certain members of the bitcoin community who were part of Blockstream were starting to become increasingly vitriolic and divisive. Gavin then teamed up with one of the other main bitcoin developers Mike Hearn and released a coded (i.e. working) version of the bitcoin software that would only activate if it was supported by a significant majority of the network. What happened next was where things really started to get weird.
After this free and open source software was released, Theymos, the person who controls all the main communication channels for the bitcoin community implemented a new moderation policy that disallowed any discussion of this new software. Specifically, if people were to discuss this software, their comments would be deleted and ultimately they would be banned temporarily or permanently. This caused chaos within the community as there was very clear support for this software at the time and it seemed our best hope for finally solving the problem and moving on. Instead a censorship campaign was started. At first it 'all' they were doing was banning and removing discussions but after a while it turned into actively manipulating the discussion. For example, if a thread was created where there was positive sentiment for increasing the transaction capacity or being negative about the moderation policies or negative about the actions of certain bitcoin developers, the mods of bitcoin would selectively change the sorting order of threads to 'controversial' so that the most support opinions would be sorted to the bottom of the thread and the most vitriolic would be sorted to the top of the thread. This was initially very transparent as it was possible to see that the most downvoted comments were at the top and some of the most upvoted were at the bottom. So they then implemented hiding the voting scores next to the users name. This made impossible to work out the sentiment of the community and when combined with selectively setting the sorting order to controversial it was possible control what information users were seeing. Also, due to the very very large number of removed comments and users it was becoming obvious the scale of censorship going on. To hide this they implemented code in their CSS for the sub that completely hid comments that they had removed so that the censorship itself was hidden. Anyone in support of scaling bitcoin were removed from the main communication channels. Theymos even proudly announced that he didn't care if he had to remove 90% of the users. He also later acknowledged that he knew he had the ability to block support of this software using the control he had over the communication channels.
While this was all going on, Blockstream and it's employees started lobbying the community by paying for conferences about scaling bitcoin, but with the very very strange rule that no decisions could be made and no complete solutions could be proposed. These conferences were likely strategically (and successfully) created to stunt support for the scaling software Gavin and Mike had released by forcing the community to take a "lets wait and see what comes from the conferences" kind of approach. Since no final solutions were allowed at these conferences, they only served to hinder and splinter the communities efforts to find a solution. As the software Gavin and Mike released called BitcoinXT gained support it started to be attacked. Users of the software were attack by DDOS. Employees of Blockstream were recommending attacks against the software, such as faking support for it, to only then drop support at the last moment to put the network in disarray. Blockstream employees were also publicly talking about suing Gavin and Mike from various different angles simply for releasing this open source software that no one was forced to run. In the end Mike Hearn decided to leave due to the way many members of the bitcoin community had treated him. This was due to the massive disinformation campaign against him on bitcoin. One of the many tactics that are used against anyone who does not support Blockstream and the bitcoin developers who work for them is that you will be targeted in a smear campaign. This has happened to a number of individuals and companies who showed support for scaling bitcoin. Theymos has threatened companies that he will ban any discussion of them on the communication channels he controls (i.e. all the main ones) for simply running software that he disagrees with (i.e. any software that scales bitcoin).
As time passed, more and more proposals were offered, all against the backdrop of ever increasing censorship in the main bitcoin communication channels. It finally come down the smallest and most conservative solution. This solution was much smaller than even the employees of Blockstream had proposed months earlier. As usual there was enormous attacks from all sides and the most vocal opponents were the employees of Blockstream. These attacks still are ongoing today. As this software started to gain support, Blockstream organised more meetings, especially with the biggest bitcoin miners and made a pact with them. They promised that they would release code that would offer an on-chain scaling solution hardfork within about 4 months, but if the miners wanted this they would have to commit to running their software and only their software. The miners agreed and the ended up not running the most conservative proposal possible. This was in February last year. There is no hardfork proposal in sight from the people who agreed to this pact and bitcoin is still stuck with the exact same transaction limit it has had since the limit was put in place about 6 years ago. Gavin has also been publicly smeared by the developers at Blockstream and a plot was made against him to have him removed from the development team. Gavin has now been, for all intents an purposes, expelled from bitcoin development. This has meant that all control of bitcoin development is in the hands of the developers working at Blockstream.
There is a new proposal that offers a market based approach to scaling bitcoin. This essentially lets the market decide. Of course, as usual there has been attacks against it, and verbal attacks from the employees of Blockstream. This has the biggest chance of gaining wide support and solving the problem for good.
To give you an idea of Blockstream; It has hired most of the main and active bitcoin developers and is now synonymous with the "Core" bitcoin development team. They AFAIK no products at all. They have received around $75m in funding. Every single thing they do is supported by theymos. They have started implementing an entirely new economic system for bitcoin against the will of it's users and have blocked any and all attempts to scaling the network in line with the original vision.
Although this comment is ridiculously long, it really only covers the tip of the iceberg. You could write a book on the last two years of bitcoin. The things that have been going on have been mind blowing. One last thing that I think is worth talking about is the u/bashco's claim of vote manipulation.
The users that the video talks about have very very large numbers of downvotes mostly due to them having a very very high chance of being astroturfers. Around about the same time last year when Blockstream came active on the scene every single bitcoin troll disappeared, and I mean literally every single one. In the years before that there were a large number of active anti-bitcoin trolls. They even have an active sub buttcoin. Up until last year you could go down to the bottom of pretty much any thread in bitcoin and see many of the usual trolls who were heavily downvoted for saying something along the lines of "bitcoin is shit", "You guys and your tulips" etc. But suddenly last year they all disappeared. Instead a new type of bitcoin user appeared. Someone who said they were fully in support of bitcoin but they just so happened to support every single thing Blockstream and its employees said and did. They had the exact same tone as the trolls who had disappeared. Their way to talking to people was aggressive, they'd call people names, they had a relatively poor understanding of how bitcoin fundamentally worked. They were extremely argumentative. These users are the majority of the list of that video. When the 10's of thousands of users were censored and expelled from bitcoin they ended up congregating in btc. The strange thing was that the users listed in that video also moved over to btc and spend all day everyday posting troll-like comments and misinformation. Naturally they get heavily downvoted by the real users in btc. They spend their time constantly causing as much drama as possible. At every opportunity they scream about "censorship" in btc while they are happy about the censorship in bitcoin. These people are astroturfers. What someone somewhere worked out, is that all you have to do to take down a community is say that you are on their side. It is an astoundingly effective form of psychological attack.
submitted by CuriousTitmouse to btc [link] [comments]

DDDD - The Rise of “Buy the Dip” Retail Investors and Why Another Crash Is Imminent

DDDD - The Rise of “Buy the Dip” Retail Investors and Why Another Crash Is Imminent
In this week's edition of DDDD (Data-driven DD), I'll be going over the real reason why we have been seeing a rally for the past few weeks, defying all logic and fundamentals - retail investors. We'll look into several data sets to see how retail interest in stock markets have reached record levels in the past few weeks, how this affected stock prices, and why we've most likely seen the top at this point, unless we see one of the "positive catalysts" that I mentioned in my previous post, which is unlikely (except for more news about Remdesivir).
Disclaimer - This is not financial advice, and a lot of the content below is my personal opinion. In fact, the numbers, facts, or explanations presented below could be wrong and be made up. Don't buy random options because some person on the internet says so; look at what happened to all the SPY 220p 4/17 bag holders. Do your own research and come to your own conclusions on what you should do with your own money, and how levered you want to be based on your personal risk tolerance.
Inspiration
Most people who know me personally know that I spend an unhealthy amount of my free time in finance and trading as a hobby, even competing in paper options trading competitions when I was in high school. A few weeks ago, I had a friend ask if he could call me because he just installed Robinhood and wanted to buy SPY puts after seeing everyone on wallstreetbets post gains posts from all the tendies they’ve made from their SPY puts. The problem was, he actually didn’t understand how options worked at all, and needed a thorough explanation about how options are priced, what strike prices and expiration dates mean, and what the right strategy to buying options are. That’s how I knew we were at the euphoria stage of buying SPY puts - it’s when dumb money starts to pour in, and people start buying securities because they see everyone else making money and they want in, even if they have no idea what they’re buying, and price becomes dislocated from fundementals. Sure enough, less than a week later, we started the bull rally that we are currently in. Bubbles are formed when people buy something not because of logic or even gut feeling, but when people who previously weren’t involved see their dumb neighbors make tons of money from it, and they don’t want to miss out.
A few days ago, I started getting questions from other friends about what stocks they should buy and if I thought something was a good investment. That inspired me to dig a bit deeper to see how many other people are thinking the same thing.
Data
Ever since March, we’ve seen an unprecedented amount of money pour into the stock market from retail investors.
Google Search Trends
\"what stock should I buy\" Google Trends 2004 - 2020
\"what stock should I buy\" Google Trends 12 months
\"stocks\" Google Trends 2004 - 2020
\"stocks\" Google Trends 12 months
Brokerage data
Robinhood SPY holders
\"Robinhood\" Google Trends 12 months
wallstreetbets' favorite broker Google Trends 12 months
Excerpt from E*Trade earnings statement
Excerpt from Schwab earnings statement
TD Ameritrade Excerpt
Media
cnbc.com Alexa rank
CNBC viewership & rankings
wallstreetbets comments / day

investing comments / day
Analysis
What we can see from Reddit numbers, Google Trends, and CNBC stats is that in between the first week of March and first week of April, we see a massive inflow of retail interest in the stock market. Not only that, but this inflow of interest is coming from all age cohorts, from internet-using Zoomers to TV-watching Boomers. Robinhood SPY holdings and earnings reports from E*Trade, TD Ameritrade, and Schwab have also all confirmed record numbers of new clients, number of trades, and assets. There’s something interesting going on if you look closer at the numbers. The numbers growth in brokers for designed for “less sophisticated” investors (i.e. Robinhood and E*Trade) are much larger than for real brokers (i.e. Schwab and Ameritrade). This implies that the record number of new users and trade volume is coming from dumb money. The numbers shown here only really apply to the US and Canada, but there’s also data to suggest that there’s also record numbers of foreign investors pouring money into the US stock market as well.
However, after the third week of March, we see the interest start to slowly decline and plateau, indicating that we probably have seen most of those new investors who wanted to have a long position in the market do so.
SPX daily
Rationale
Pretty much everything past this point is purely speculation, and isn’t really backed up by any solid data so take whatever I say here with a cup of salt. We could see from the graph that new investor interest started with the first bull trap we saw in the initial decline from early March, and peaking right after the end of the crash in March. So it would be fair to guess that we’re seeing a record amount of interest in the stock market from a “buy the dip” mentality, especially from Robinhood-using Millennials. Here’s a few points on my rationalization of this behavior, based on very weak anecdotal evidence
  • They missed out of their chance of getting in the stock market at the start of the bull market that happened at the end of 2009
  • They’ve all seen the stock market make record gains throughout their adult lives, but believing that the market might be overheated, they were waiting for a crash
  • Most of them have gotten towards the stage of their lives where they actually have some savings and can finally put some money aside for investments
  • This stock market crash seems like their once-in-a-decade opportunity that they’ve been waiting for, so everyone jumped in
  • Everyone’s stuck at their homes with vast amounts of unexpected free time on their hands
Most of these new investors got their first taste in the market near the bottom, and probably made some nice returns. Of course, since they didn’t know what they were doing, they probably put a very small amount of money at first, but after seeing a 10% return over one week, validating that maybe they do know something, they decide to slowly pour in more and more of their life savings. That’s what’s been fueling this bull market.
Sentiment & Magic Crayons
As I mentioned previously, this bull rally will keep going until enough bears convert to bulls. Markets go up when the amount of new bullish positions outnumber the amount of new bearish positions, and vice versa. Record amounts of new investors, who previously never held a position in the market before, fueled the bullish side of this equation, despite all the negative data that has come out and dislocating the price from fundamentals. All the smart money that was shorting the markets saw this happening, and flipped to become bulls because you don’t fight the trend, even if the trend doesn’t reflect reality.
From the data shown above, we can see new investor interest growth has started declining since mid March and started stagnating in early April. The declining volume in SPY since mid-March confirms this. That means, once the sentiment of the new retail investors starts to turn bearish, and everyone figures out how much the stocks they’re holding are really worth, another sell-off will begin. I’ve seen something very similar to this a few years ago with Bitcoin. Near the end of 2017, Bitcoin started to become mainstream and saw a flood of retail investors suddenly signing up for Coinbase (i.e. Robinhood) accounts and buying Bitcoin without actually understanding what it is and how it works. Suddenly everyone, from co-workers to grandparents, starts talking about Bitcoin and might have thrown a few thousand dollars into it. This appears to be a very similar parallel to what’s going on right now. Of course there’s differences here in that equities have an intrinsic value, although many of them have gone way above what they should be intrinsically worth, and the vast majority of retail investors don’t understand how to value companies. Then, during December, when people started thinking that the market was getting a bit overheated, some started taking their profits, and that’s when the prices crashed violently. This flip in sentiment now look like it has started with equities.
SPY daily
Technical Analysis, or magic crayons, is a discipline in finance that uses statistical analysis to predict market trends based on market sentiment. Of course, a lot of this is hand-wavy and is very subjective; two people doing TA on the same price history can end up getting opposite results, so TA should always be taken with a grain of salt and ideally be backed with underlying justification and not be blindly followed. In fact, I’ve since corrected the ascending wedge I had on SPY since my last post since this new wedge is a better fit for the new trading data.
There’s a few things going on in this chart. The entire bull rally we’ve had since the lows can be modelled using a rising wedge. This is a pattern where there is a convergence of a rising support and resistance trendline, along with falling volume. This indicates a slow decline in net bullish sentiment with investors, with smaller and smaller upside after each bounce off the support until it hits a resistance. The smaller the bounces, the less bullish investors are. When the bearish sentiment takes over across investors, the price breaks below this wedge - a breakdown, and indicates a start of another downtrend.
This happened when the wedge hit resistance at around 293, which is around the same price as the 200 day moving average, the 62% retracement (considered to be the upper bound of a bull trap), and a price level that acted as a support and resistance throughout 2019. The fact that it gapped down to break this wedge is also a strong signal, indicating a sudden swing in investor sentiment overnight. The volume of the break down also broke the downwards trend of volume we’ve had since the beginning of the bull rally, indicating a sudden surge of people selling their shares. This doesn’t necessarily mean that we will go straight from here, and I personally think that we will see the completion of a heads-and-shoulders pattern complete before SPY goes below 274, which in itself is a strong support level. In other words, SPY might go from 282 -> 274 -> 284 -> 274 before breaking the 274 support level.
VIX Daily
Doing TA is already sketchy, and doing TA on something like VIX is even more sketchy, but I found this interesting so I’ll mention it. Since the start of the bull rally, we’ve had VIX inside a descending channel. With the breakdown we had in SPY yesterday, VIX has also gapped up to have a breakout from this channel, indicating that we may see future volatility in the next week or so.
Putting Everything Together
Finally, we get to my thesis. This entire bull rally has been fueled by new retail investors buying the dip, bringing the stock price to euphoric levels. Over the past few weeks, we’ve been seeing the people waiting at the sidelines for years to get into the stock market slowly FOMO into the rally in smaller and smaller volumes, while the smart money have been locking in their profits at an even slower rate - hence an ascending wedge. As the amount of new retail interest in the stock market started slowed down, the amount of new bulls started to decline. It looks like Friday might have been the start of the bearish sentiment taking over, meaning it’s likely that 293 was the top, unless any significant bullish events happen in the next two weeks like a fourth round of stimulus, in which case we might see 300. This doesn’t mean we’ll instantly go back to circuit breakers on Monday, and we might see 282 -> 274 -> 284 -> 274 happen before panic, this time by the first-time investors, eventually bringing us down towards SPY 180.
tldr; we've reached the top
EDIT - I'll keep a my live thoughts here as we move throughout this week in case anyone's still reading this and interested.
5/4 8PM - /ES was red last night but steadily climbed, which was expected since 1h RSI was borderline oversold, leaving us to a slightly green day. /ES looks like it has momentum going up, but is approaching towards overbought territory now. Expecting it to go towards 284 (possibly where we'll open tomorrow) and bouncing back down from that price level
5/5 Market Open - Well there goes my price target. I guess at this point it might go up to 293 again, but will need a lot of momentum to push back there to 300. Seems like this is being driven by oil prices skyrocketing.
5/5 3:50PM - Volume for the upwards price action had very little volume behind it. Seeing a selloff EOD today, could go either way although I have a bearish bias. Going to hold cash until it goes towards one end of the 274-293 channel (see last week's thesis). Still believe that we will see it drop below 274 next week, but we might be moving sideways in the channel this week and a bit of next week before that happens. Plan for tomorrow is buy short dated puts if open < 285. Otherwise, wait till it goes to 293 before buying those puts
5/5 6PM - What we saw today could be a false breakout above 284. Need tomorrow to open below 285 for that to be confirmed. If so, my original thesis of it going back down to 274 before bouncing back up will still be in play.
5/6 EOD - Wasn't a false breakout. Looks like it's still forming the head-and-shoulders pattern mentioned before, but 288 instead of 284 as the level. Still not sure yet so I'm personally going to be holding cash and waiting this out for the next few days. Will enter into short positions if we either go near 293 again or drop below 270. Might look into VIX calls if VIX goes down near 30.
5/7 Market Open - Still waiting. If we break 289 we're probably heading to 293. I'll make my entry to short positions when we hit that a second time. There's very little bullish momentum left (see MACD 1D), so if we hit 293 and then drop back down, we'll have a MACD crossover event which many traders and algos use as a sell signal. Oil is doing some weird shit.
5/7 Noon - Looks like we're headed to 293. Picked up VIX 32.5c 5/27 since VIX is near 30.
5/7 11PM - /ES is hovering right above 2910, with 4h and 1h charts are bullish from MACD and 1h is almost overbought in RSI. Unless something dramatic happens we'll probably hit near 293 tomorrow, which is where I'll get some SPY puts. We might drop down before ever touching it, or go all the way to 295 (like last time) during the day, but expecting it to close at or below 293. After that I'm expecting a gap down Monday as we start the final leg down next week towards 274. Expecting 1D MACD to crossover in the final leg down, which will be a signal for bears to take over and institutions / day traders will start selling again
5/8 Market Open - Plan is to wait till a good entry today, either when technicals looks good or we hit 293, and then buy some SPY June 285p and July 275p
5/8 Noon - Everything still going according to plan. Most likely going to slowly inch towards 293 by EOD. Will probably pick up SPY puts and more VIX calls at power hour (3 - 4PM). Monday will probably gap down, although there's a small chance of one more green / sideways day before that happens if we have bullish catalysts on the weekend.
5/8 3:55PM - SPY at 292.60. This is probably going to be the closest we get to 293. Bought SPY 290-260 6/19 debit spreads and 292-272 5/15 debit spreads, as well as doubling down on VIX calls from yesterday, decreasing my cost basis. Still looks like there's room for one more green day on Monday, so I left some money on the side to double down if that's the case, although it's more likely than not we won't get there.
5/8 EOD - Looks like we barely touched 293 exactly AH before rebounding down. Too bad you can't buy options AH, but more convinced we'll see a gap down on Monday. Going to work on another post over the weekend and do my updates there. Have a great weekend everyone!
submitted by ASoftEngStudent to wallstreetbets [link] [comments]

The Unofficial Cardano FAQ - V3

(if you would like to add information or see mistakes, just comment below and I will credit you)
What is Cardano? Cardano is an open source and permissionless "Third Generation" blockchain project being developed by IOHK. Development and research started in 2015, with the 1.0 mainnet launching in 2017. Cardano blockchain is currently being developed into two layers. The first one is the ledger of account values, and the second one is the reason why values are transferred from one account to the other.
  1. Cardano Settlement Layer (CSL) - The CSL acts as the ledger of account or balance ledger. This is an idea created as an improvement of bitcoin blockchain. It uses a proof-of-stake consensus algorithm known as Ouroboros to generate new blocks and confirm transactions.
  2. Cardano Computation Layer (CCL) - The CCL contains the data how values are transferred. Since the computation layer is not connected to balance ledger, users of the CCL can create customized rules (smart contracts) when evaluating transactions. (https://support.bitkub.com/hc/en-us/articles/360006678892-What-are-the-two-layers-of-Cardano-)
IOHK has the contract with an undisclosed party to develop the project until the end of 2020, at which point the community may elect another development team - on the assumption that the voting infrastructure has been completed. However CEO Charles Hoskinson has stated that they will develop the project until it is completed, and they are simply financed until the end of 2020.
Cardano was the first project built on a peer-reviewed scientific development method, resulting in dozens of research papers produced by IOHK. Among these papers is Ouroboros Genesis, proving that a Proof of Stake protocol can be just as secure as Proof of Work - which was originally developed for Bitcoin, and refined for Ethereum. This PoS protocol considerably lowers the resources cost to maintain network while still maintaining security and network speed.
Cardano as a financial infrastructure is not yet completed, With significant development to be rolled out.
What were the other two generations of blockchain? Gen 1 was Bitcoin. It exists by itself and talks to nobody but Bitcoin. It is capable of peer to peer transactions without a third party in such a way that you cannot cheat the system. This was a major step forward for the E-cash concept that people have been working on for the 20 years prior.
Gen 2 was Ethereum and other smart-contract platforms that allow other coins and platforms to be built on top of their infrastructure. These coins can interact with others on the platform, but cannot interact with other platforms. Meaning it is still not truly interoperable. Most Gen 2 blockchains are also using Proof of Work likes Bitcoin, which effects scaling. Also missing is a built-in method to pay for upgrades and voting mechanics for decision making.
Gen 3 blockchains are a complete package designed to replace the current financial infrastructure of the world. Cardano is using Proof of Stake to ensure security and decentralisation(Shelley). Scaling through parallel computation (Hydra in Basho), Sidechains to allow the platform to interact with other platforms (Basho), and also include mechanisms for voting for project funding, changes to the protocol and improvement proposals (Voltaire). Finally smart contracts platform for new and established projects that are developer friendly (Goguen).
Who is the team behind Cardano? There are three organisations that are contributing to the development of Cardano. The first is the Cardano Foundation, an objective, non-profit organisation based in Switzerland. Its core responsibilities are to nurture, grow and educate Cardano users and commercial communities, to engage with authorities on regulatory and commercial matters and to act as a blockchain and cryptocurrency standards body. The second entity is IOHK, a leading cryptocurrency research and development company, which holds the contract to develop the platform until 2020. The final business partner is Emurgo, which invests in start-ups and assists commercial ventures to build on the Cardano blockchain.
www.Cardano.org www.emurgo.io https://cardanofoundation.org/en/
What is the difference between Proof of Work and Proof of stake? Both these protocols are known as “consensus protocols” that confirm whether a transaction is valid or invalid without a middleman like Visa or your bank. Every node (active and updated copy of the blockchain) can agree that the transaction did take place legitimately. If more than half validators agree, then the ledger is updated and the transaction is now secured. Proof-of-Work (PoW) happens when a miner is elected to solve an exceptionally difficult math problem and gets credit for adding a verified block to the blockchain. Finding a solution is an arduous guessing game that takes a considerable amount of computing power to compete for the correct answer. It is like “pick a number between 1 and one trillion” and when you get it right, you get $30,000 in Bitcoin, so the more computers you have working on it, the faster you can solve it. Also the more people who are trying to solve the same block, the harder the algorithm, so it may become 1 in 20 trillion. The downside is the massive amounts of power required to run the computers that run the network, and the slow pace that blocks are solved. To “Hack” a PoW system, you need 51% of the computing power, which would allow you to deny transactions, or spend the same coin twice. At the moment there are 8 main mining operations for bitcoin, and 4 of them make up more that 51% of the mining power.
PoS instead selects a coin at random that already exists, and the person who owns that coin is elected to put the work in to validate the block. This means there is no contest and no guessing game. Some computer power is required, but only a fraction of a PoW system. The complex nature of selecting a coin that exists on the correct and longest chain and is owned by someone who can complete the block, AND in such a way that it is secure AND that computer currently running AND that person also having an incentive to complete the work, has made the development of PoS very slow. However only a few years ago it wasn’t even possible. In this method, the more of the coin (ADA) you stake, the more likely you are to be selected to close a block. Cardano also allows you to delegate your stake to someone else to validate the block so they do the work, and you share in the reward for doing so.
To “hack” a PoS blockchain you need to own 51% of the tokens, which is significantly harder than owning 51% of the computing power.
What is ADA and how is it different to Cardano? Cardano is the name of the network infrastructure, and can be thought of like a rail network. ADA is the native token that has been developed alongside Cardano to facilitate the network operation. This helps confusion and maintains distinction, compared to Ethereum being the native token of Ethereum. Similar to bitcoin or any other token, ADA can be sent peer to peer as payment, but is also the reward for running the network, and what is taken as transaction fees.
In this metaphor “Cardano” is the train tracks, that everything runs on. A stake pool would be the locomotive, facilitating transactions on the network while ADA is the coal that powers the locomotive. The train carriages are Decentralised applications (Dapps) that are also running on cardano tracks, but are not actively powering the network.
What is staking Cardano is a Proof of Stake protocol, and uses already existing coins like a marker to ensure security. The protocol chooses a coin at random and the owner of that coin is elected to validate a block of transactions. Staking is the process of adding your ADA coins to a Pool that has the resources to run the network. If the pool you have chosen to "delegate" your stake to is chosen to close/validate a block, then you get a portion of the rewards. The ADA never leaves your wallet, and you can "undelegate" whenever you like. this increases stability of the network and also gives an incentive to pool operators to invest the time and hardware required to run a pool.
What is a stake-pool and how does it work? Cardano.org FAQ on the issue goes into much more detail
A stake pool is where the computing power of the network takes place. During ITN there was 1200 registered stake pools while 300 were creating blocks. You can manage your own stake-pool or delegate your ADA to an already registered pool. Rewards are determined by the protocol, however the pool may elect to charge fee Percentages, or flat rate fee to upkeep their pool.
Can I Stake my ADA right now? The staking testnet has closed, If you participated in the Incentivised Test Net and earned rewards, instructions to check the balance are here.
However if you have just purchased some or it was held on an exchange, then you will need to wait until the Shelley mainnet launch happening at the end of July 2020.
Where do I stake my ADA? Daedalus Flight wallet, and Yoroi Wallet (as a chrome extension) are the current best options. Adalite and several other third-party wallets also exist. Coinbase will also allow staking as a custodial service, and many exchanges may offer “staking as a service” so you can leave your coins on the exchange and still earn rewards if you enjoy trading. I do not recommend leaving coins on an exchange unless you are actively trading.
What are the staking rewards now and what can I expect on a return in the future? The Incentivised Test Net (ITN) Delivered 10%-15%pa returns on average. The future of staking will most likely be lower, but will depend on the amount of ADA staked across the network and the amount of network traffic.
Check https://staking.cardano.org/en/calculato for a clearer picture.
what is a Pledge? To stop one person operating many pools, the rewards that a pool earns will vary depending on the amount of personal ADA they “pledge” to open the pool. This means that 50 pools with a 1,00ADA pledge each will be overall less profitable than 1-2 pool with the max ADA pledge (unknown but likely around 300k). Even if the 50 pools have the same over stake delegated by other users and have a better chance of being selected to close a block, the 50 pools may receive lower rewards.. (at least that is the theory)
Who is IOHK? IOHK is a for-profit software engineering company founded by CEO Charles Hoskinson and Jeremy Wood in 2015 that has taken a scientific approach to the development of blockchain. IOHK started with “first principles” and looked at questions like “what is a blockchain” and “what should a blockchain be able to do” rather than accepting the established paradigm of Bitcoin and Ethereum. IOHK was originally Input Output Hong Kong, but is now Input Output Global and is based in Wyoming USA employing over 230 staff. IOHK has established research labs in several universities in order to complete the Cardano project, and is also developing Ethereum Classic, Atala, Mantis and possibly other Blockchain related programs and infrastructure.
Who is Charles? Charles Hoskinson is an early adopter of cryptocurrencies, American entrepreneur and cryptocurrency specialist. Charles Co-founded Ethereum with Vitalik Buterin and 5-8 others, However he only worked on that project for approximately six-months. Charles is now the CEO of IOHK and the director of The Bitcoin Education Project.
Why isn’t ADA on coinbase? Cardano and coinbase have recently connected in a big way. With IOHK turning over all their ADA to the custodial services of Coinbase. This means that Cardano and Coinbase have been working together for some time and there is a strong partnership forming. Staking and cold storage will be available and trading on Coinbase will most likely become available after the release of Shelley (although no official word yet)
Why Doesn’t Cardano have a Wikipedia Page? Wikipedia has strict guidelines on what can be turned into an article. As there has been no coverage of Cardano from mainstream media or “noteworthy” sources, there is no article yet. Wikipedia will also not accept sources from IOHK as they are not considered “reliable” and must come from a third party. This will most likely change soon.
Cardano does have a dedicated community driven wiki
https://cardanowiki.info/wiki/Home
What is Atala and why do I care?*
Atala is a suite of services being developed on top of the cardano blockchain by IOHK that focusses on credential certification, for things like education, work history and degrees (Atala Prism). Product counterfeiting protection through registering products on a blockchain and create taper-proof provenance. This does not only apply to Gucci handbags, but also medication, art, and anything that can be counterfeited (Atala Scan). As well as supply chain tracking to see issues and inefficiencies with greater transparency(Atala Trace).
Im new, how much is a good investment?
Cardano is still a speculative market and although there is amazing potential here, it is still only potential. When investing in any High risk market like Crypto, only every invest what you are willing to lose. Cardano may be testing the 10c barrier now. But in March it dumped to 1.7c. And if you suddenly need your money back during the dump then you are out of luck. Do your research before you FOMO in. Start with a small amount and send it between wallets and exchanges to understand how the system works. Store your private keys offline (or online cloud service but encrypted) with a method that is unlikely to be damaged AND have multiple copies. So in the case of a house fire or a blow to the head, or the cloud service being shutdown/destroyed, you do not lose your money.
Timelines
https://roadmap.cardano.org/en/
Shelley Decentralisation rollout and news
Goguen smart contract rollout
Voltaire Voting mechanics – no official roll out timeline (though promised for 2020)
Basho scaling and sidechains – no official roll out time line (most likely 2021)
submitted by YourBestMateRobbo to cardano [link] [comments]

All in Cardano!

Cardano Monetary Policy - https://docs.cardano.org/cardano/monetary-policy/
There is a difference between the monetary policy of Bitcoin And Cardano.
1 BTC = 108 Sats 1 ADA = 106 Lovelaces
Interesting point to note is that all that will ever be are Sats and Lovelaces to buy and sell. We just call a dollar to be 100 cents for the sake of simplicity.
Makes more sense to exchange in day to day life by buying food for $10 than 1000 cents. You won't have to take care of zeros for multiplication etc.
Not knowing that there are less number of Lovelaces in 1 Ada than the number of Sats in BTC, creates a misconception that the total circulation of Cardano is greater in times than the total circulation of BTC.
My thought - This misconception will render anyone not choosing Cardano as a better investment than BTC. Cardano is in an early stage where it is heavily undervalued. Anyone would be able to hold more share in the supply switching from BTC,ETH etc.
Fact - more share you have in a confident supply, the better off you are than the rest.
If, it solves decentralisation with scalability and security, which it is most likely to do sooner than later then, Cardano will gain more price action relative to bitcoin or even break Bitcoin's dominance because Bitcoin is only a store of value.
Cardano is a buy for anyone looking for an investment in a revolution. ;)
I sold 5 BTCs and went all in Cardano today as shelly launch was previously confirmed in July and it seems that Cardano will have Goguen launching sooner too with entering in rest of the Eras following it.
I'd appreciate logical criticism.
DYOR
Cheers!
submitted by oto1911 to cardano [link] [comments]

Updated FAQ-Pre 420

Frequently Asked Questions

Here you will find our Frequently Asked Questions. Hopefully you can find the answer to your question here!

Payments

How can I pay for my order? We currently accept credit/debit cards. We do not currently accept Bitcoin, although we are implementing a system for Bitcoin payments.
My payment was declined, what can I do? It isn’t always obvious to us why a payment was declined. It could be something as simple as using the wrong billing address, or something more complex such as your bank restricting which regions you can purchase from.
My payment was declined but charges are still showing on my statement, why? These are pending payments - your bank will assign funds that were to be used in the order transaction. These funds will be made available to you once our payment provider communicates that the transaction was declined to your bank. You can usually contact your bank to have these funds returned quicker.
What currency do you charge in? Our base currency is USD. Your bank will deal with any currency conversions on their end, this could lead to minor discrepancies between your order total and what your bank eventually charges you.

Ordering

How do I know my order has actually gone through? There are three ways you can use to double check. - If, once your order is complete, you receive an order number on the screen. - You will be sent a confirmation email of your order. (If you can’t find it, check your Junk folder as it might be hiding in there.) - If you log in to your account, the order will show with the status ‘Processing’
Can I add something to an existing order? I’m afraid not. If you'd like to buy new items, you'll need to place a new order.
What is the current status of my order? You can log in to your account to see the status of your order. It will be marked as one of the following: - Processing: This means we have received payment from you and your order is in line waiting to be packed and shipped. - Packed: This means your order has been packed is ready for shipment shortly. You will receive another email notification when your order reaches this step. - Complete: This means your order has been shipped and a tracking number (if using a tracked service) is available for you. You will receive email notification of this status along with your tracking number.
I've provided the wrong address. What can be done? If your order has yet to be sent out, please send an immediate email to us via our Contact Form, or reply to your order confirmation email. If you order has already been shipped you will need to contact the shipping company as soon as possible.
How do I cancel my order? Before your order ships, you can use our Contact Form or reply to your order confirmation to cancel your order.
What voucher codes do you have? We don’t currently offer any voucher codes - we may intermittently offer them for Newsletter subscribers and you can sign up for that HERE.
Your X store doesn't have a strain that I'm looking for, can I order from one of your other stores? Unfortunately, we can only ship to the region specific to each store.

Shipping

Where do you ship to? We ship to most countries in the world! You can select your store based on your location. We do not ship to the following countries: Libya, Turkey, Russia, Somalia, South Africa & Yemen. This due to restrictions with our mailing system in reaching these countries.
How long will it take to ship my order? We aim to ship all orders within 2-3 business days of receiving payment. Sometimes delays can occur when we receive large quantities of orders at the same time.
How long will my order take to arrive? USA: You will receive a USPS tracking number once your order ships. USPS usually delivers within 3-5 days. Canada: If you used a tracked service you will receive a tracking number. Shipping normally takes 3-10 business days, depending on where in the country you are located. Our orders ship from Ontario. UK: Your order will normally arrive 1-2 business days after you receive your shipping email. EU: Orders can take 3-10 business days to arrive, depending on the shipping option chosen. Delays can often occur and shipping could potentially take much longer. A tracked service is highly recommended for EU shipping. Worldwide: It really depends on where you are located in the world. We only offer a tracked service for worldwide orders so you can keep a track of where your order is located.

Strains

Do you sell autoflowers? We ONLY sell autoflowers! All of our strains & freebies are autoflowering and feminized.
What strain would you recommend for me? We don’t provide personal recommendations for strains - all the information we have about strains is detailed on each product page, or you can click HERE to read through our Strain Guide which should provide more insight. Otherwise, you can join our community on Reddit.
When will X strain be back in stock? We can’t always give exact dates on when certain strains will be back in stock, unfortunately. We will announce across social media and via our Newsletter when we have a strain back in stock.

Freebies

How many freebies will I receive with my order? Our freebie tiers are as follows: $15-49: 2 free seeds $50-99: 5 free seeds $100-149: 7 free seeds $150+: 15 free seeds We don’t currently offer additional freebies for orders with a higher value, you can always place