SHA1 online

RESEARCH REPORT ABOUT ARYACOIN

RESEARCH REPORT ABOUT ARYACOIN
Author: Gamals Ahmed, CoinEx Business Ambassador

https://preview.redd.it/a7jv4azk86u51.jpg?width=1600&format=pjpg&auto=webp&s=e4a4dbb5afacd5747076beaa59e6343b805c3392

ABSTRACT

Aryacoin is a new cryptocurrency, which allows for decentralized, peer to peer transactions of electronic cash. It is like Bitcoin and Litecoin, but the trading of the coin occurs on sales platforms that have no restriction to use. Further, it was created with the goal of addressing the double spend issues of Bitcoin and does so using a timestamp server to verify transactions. It works by taking the hash of a block of items to be timestamped and widely publishing the hash. The timestamp proves that the data must have existed at the time in order to get the hash. Each timestamp then includes the previous timestamp in its hash, forming a chain.
The Aryacoin team is continuously developing new use cases for the coin, including exchanges where users can exchange the coins without any fees or restrictions, and offline options where the coins can be bought and sold for cash. The coins can also be used on the company’s other platform, mrdigicoin.io. Along with the coin, there is a digital wallet that can be created and controlled by the user entirely, with no control being retained by the Aryacoin team.

1.INTRODUCTION

The concept of Blockchain first came to fame in October 2008, as part of a proposal for Bitcoin, with the aim to create P2P money without banks. Bitcoin introduced a novel solution to the age-old human problem of trust. The underlying blockchain technology allows us to trust the outputs of the system without trusting any actor within it. People and institutions who do not know or trust each other, reside in different countries, are subject to different jurisdictions, and who have no legally binding agreements with each other, can now interact over the Internet without the need for trusted third parties like banks, Internet platforms, or other types of clearing institutions.
When bitcoin was launched it was revolutionary allowing people to transfer money to anytime and anywhere with very low transaction fees . It was decentralized and their is no third party involved in the transaction , only the sender and receiver were involved.
This paper provide a solution to the double-spending problem using a peer-to-peer distributed timestamp server to generate computational proof of the chronological order of transactions.The system is secure as long as honest nodes collectively control more CPU power than any cooperating group of attacker nodes. Bitcoin was made so that it would not be controlled or regulated but now exchanges and governments are regulating bitcoin and other cryptocurrencies at every step. Aryacoin was developed to overcome these restrictions on a free currency.
Aryacoin is a new age cryptocurrency, which withholds the original principle on which the concept of cryptocurrency was established. Combining the best in blockchain technology since the time of its creation, Aryacoin strives to deliver the highest trading and mining standards for its community.

1.1 OVERVIEW ABOUT ARYACOIN

Aryacoin is a new age cryptocurrency, which withholds the original principle on which the concept of cryptocurrency was established. Combining the best in blockchain technology since the time of its creation, Aryacoin strives to deliver the highest trading and mining standards for its community.
Aryacoin is a blockchain based project that allows users to access their wallet on the web and mobile browsers, using their login details.
Aryacoin can be mined; it also can be exchanged by other digital currencies in several world-famous exchanges such as Hitbtc, CoinEx, P2pb2b, WhiteBit, Changelly and is also listed in reputable wallets such as Coinomi and Guarda.
Aryacoin is a coin, which can be used by anyone looking to use cryptocurrency which allows them to keep their privacy even when buying/selling the coin along with while using the coin during transactions. Proof of work and cryptographic hashes allows transactions to verified.
Stable Fee Per AYA is a unique feature of Aryacoin, so by increasing the amount or volume of the transaction, there is no change in the fee within the network, which means that the fee for sending an amount less than 1 AYA is equal to several hundred million AYA. Another unique feature of Aryacoin is the undetectability of transactions in Explorer, such as the DASH and Monero, of course, this operation is unique to Aryacoin.
Using Aryacoin digital currency, like other currencies, international transactions can be done very quickly and there are no limitations in this area as the creators claim.
Aryacoin aims to allow users to access the Aryacoin wallet via the web and mobile browsers using their login details.
Aryacoin is a peer-to-peer electronic cash system that enables users to send and receive payments directly from one party to another, and allow them to transfer funds across borders with no restriction or third party involvement. The blockchain-based system embraces the digital signature, which prevents double spending and low transfer fees, which enables users to transfer huge amounts with very low fees. The proof-of-work consensus mechanism allows each transaction to be verified and confirmed, while anonymity enables users to use the coin anywhere at any time.
According to the website of the operation, each wallet is divided into 2 or more AYA wallet addresses for each transaction, and depending on the volume of the transaction block, the origin, and destination of transactions in the network can not be traced and displayed to the public.
In fact, each wallet in Aryacoin consists of a total of several wallets. The number of these wallets increases per transaction to increase both security and privacy. Aryacoin also uses the dPoW protocol. In the dPoW protocol, a second layer is added to the network to verify transactions, which makes “51% attack” impossible even with more than half of the network hash, and blocks whose Blockchain uses this second layer of security never run the risk of 51% attacks.
AYA has been listed on a number of crypto exchanges, unlike other main cryptocurrencies, it cannot be directly purchased with fiats money. However, You can still easily buy this coin by
first buying Bitcoin from any large exchanges and then transfer to the exchange that offers to trade this coin.

1.1.1 ARYACOIN HISTORY

Aryacoin (AYA) is a new cryptocurrency, which has been created by a group of Iranian developers, is an altcoin which allows for decentralised, peer to peer transactions of electronic cash without any fees whatsoever. Along with the coin, there is a digital wallet that can be created and managed by the user entirely, with no control being retained by the Aryacoin team.
Aryacoin’s founder, Kiumars Parsa, has been a fan of alternative currencies and particularly Bitcoin.
We see people from all around the world using Blockchain technology and the great benefits that came with it and it then that I decided to solve this puzzle for find a way of bringing the last missing piece to the jigsaw. The idea for Aryacoin was born.” Parsa said.
Parsa and his team of Iranian ex-pats not only persevered but expedited the project and just a year later, in the summer of 2019, the first version of Aryacoin was released. In 2020, Aryacoin is the first and only Iranian coin listed on CMC.
Parsa goes on to state that it is now the strength of the community that has invested in the coin that will ultimately drive its success, alongside its robust technology and appealing 0% network fees.
We have thousands of voices behind Aryacoin. People for the people make this coin. It is a massive shout out for democracy. This had made us base the whole team strategy on the benefits for both our users and our traders.
One key example is that the network fee on AYA Blockchain is 0%. Yes, absolutely nothing, which which differentiates us from other networks. What also differentiates us from other coins is that we have AYAPAY which is the first cryptocurrency Gateway in the world which does not save funds on third party storage with all funds being forwarded directly to any wallet address that the Gateway owner requests”.
So for the first time ever, and unlike other gateways, incoming funds will be saved on the users account with submitted withdrawal requests then made on the Gateway host website. In AYAPAY which has also been developed by the Aryacoin team, all funds without extra fees or extra costs will directly forwarded to users wallets. We have named this technology as CloudWithdrawal.
We are continuously challenging ourselves as it is a crowded marketplace. We are striving to have a safer Blockchain against 51% attacks, faster confirmations speeds of transactions, cheaper network fee, growing the market by cooperation with Top tier Exchangers.

1.1.2 ARYACOIN’S MAIN GOAL

Aryacoin’s main goal is to educate people and give them the freedom to use cryptocurrency in any way they want. Aryacoin empowers the users to transfer, pay, trade cryptocurrency from any country around the globe.
Platforms that have been created by Aryacoin Team, as well as those that will go live in future, operate on the same principle and exclude absolutely no one.

1.1.3 PROBLEM ARYACOIN SEEKS TO SOLVE

Aryacoin aims to provide a long-term solution to the problem of double spending, which is still common in the crypto market. The developers of the system have created a peer-to-peer distributed timestamp server that generates computational proof of the transactions as they occur.
Besides, the system remains secure provided honest nodes control more CPU power than any cooperating group of attacker nodes. While Bitcoin was designed not to be regulated or controlled, many exchanges and governments have put regulatory measures on the pioneer cryptocurrency at every step. Aryacoin aims to overcome these restrictions as a free digital currency.

1.1.4 BENEFITS OF USING ARYACOIN

Aryacoin solution offers the following benefits:
  • Real-time update: whether you’re going on a holiday or a business trip, no problem. You can access your coins all over the world.
  • Instant operations: Aryacoin makes it quite easy for you to use your digital wallet and perform various operations with it.
  • Safe and secure: all your data is stored encrypted and can only be decrypted with your private key, seed, or password.
  • Strong security: The system has no control over your wallet. You are 100% in charge of your wallet and funds.

1.1.5 ARYACOIN FEATURES

1. Anonymity
The coin provides decent level of anonymity for all its users. The users can send their transactions to any of the public nodes to be broadcasted , the transaction sent to the nodes should be signed by the private key of the sender address . This allows the users to use the coin anywhere any time , sending transactions directly to the node allows users from any place and country .
2. Real Life Usage
aryacoin’s team is continuously developing new and innovative ways to use the coins , they are currently developing exchanges where the users can exchange the coins without any fees and any restrictions . They also are currently developing other innovative technologies, which would allow users to spend our coins everywhere and anywhere.
3. Offline Exchanges
They are also working with different offline vendors which would enable them to buy and sell the coins directly to our users on a fixed/variable price this would allow easy buy/sell directly using cash . This would allow the coins to be accessible to users without any restrictions which most of the online exchanges have, also increase the value and number of users along with new ways to spend the coin. This would increase anonymity level of the
coin. In addition, introduce new users into the cryptomarket and technology. Creating a revolution, which educates people about crypto and introduce them to the crypto world, which introduces a completely new group of people into crypto and a move towards a Decentralized future!
4. Transactions
When it comes to transactions, Aryacoin embraces a chain of digital signatures, where each owner simply transfers the coin to the next person by digitally signing a hash of the previous transaction and the public key of the next owner. The recipient can then verify the signatures to confirm the chain of ownership. Importantly, Aryacoin comes with a trusted central authority that checks every transaction for double spending.
5. Business Partner with Simplex
Aryacoin is the first and only Iranian digital currency that managed to obtain a trading license in other countries.
In collaboration with the foundation and financial giant Simplex, a major cryptocurrency company that has large companies such as Binance, P2P, Changelly, etc. Aryacoin has been licensed to enter the world’s major exchanges, as well as the possibility of purchasing AYA through Credit Cards, which will begin in the second half of 2020.
Also, the possibility of purchasing Aryacoin through Visa and MasterCard credit cards will be activated simultaneously inside the Aryacoin site. plus, in less than a year, AYA will be placed next to big names such as CoinCapMarket, Coinomi, P2P, Coinpayments and many other world-class brands today.

1.1.6 WHY CHOOSE ARYACOIN?

If you want to use a cryptocurrency that allows you to keep your privacy online even when buying and selling the coins, the Aryacoin team claims that AYA is the way to go. Aryacoin is putting in the work: with more ways to buy and sell, and fixing the issues that were present in the original Bitcoin, plus pushing the boundaries with innovative solutions in cryptocurrencies. You can get started using Aryacoin (AYA) payments simply by having a CoinPayments account!

1.1.7 ARYANA CENTRALIZED EXCHANGE

Aryana, the first Iranian exchange is a unique platform with the following features:
  • The first real international Persian exchange that obtains international licenses and is listed in CoinMarketCap.
  • The first Iranian exchange that has been cooperating with a legal and European exchange for 3 years.
  • The possibility of trading in Tomans (available currency in Iran) at the user’s desired price and getting rid of the transaction prices imposed by domestic sites inside Iran.
  • There is an internal fee payment plan by Iranian domestic banks for depositing and withdrawing Tomans for Aryacoin holders in Aryana Exchange.
  • The number that you see on the monitor and in your account will be equal to the number that is transferred to your bank account without a difference of one Rial.
  • The last but not least, noting the fact that there is a trading in Tomans possibility in Aryana exchange.
Aryana Exchange is using the most powerful, fastest, and most expensive server in the world, Google Cloud Platform (GCP), which is currently the highest quality server for an Iranian site, so that professional traders do not lag behind the market even for a second.
The feature of Smart Trading Robots is one of the most powerful features for digital currency traders. Digital cryptocurrency traders are well aware of how much they will benefit from smart trading robots. In the Aryana exchange, it is possible to connect exchange user accounts to intelligent trading bots and trade even when they are offline.
The injection of $ 1 million a day in liquidity by the WhiteBite exchange to maintain and support the price of Tether and eliminate the Tether fluctuations with Bitcoin instabilities used by profiteers to become a matter of course.

1.1.8 HOW DOES ARYACOIN WORK?

Aryacoin (AYA) tries to ensure a high level of security and privacy. The team has made sure to eliminate any trading restrictions for the network users: no verification is required to carry out transactions on AYA, making the project truly anonymous, decentralized, and giving it a real use in day-to-day life. The Delayed-Proof-of-Work (dPoW) algorithm makes the Aryacoin blockchain immune to any attempts of a 51% attack. AYA defines a coin as a chain of digital signatures — each owner transfers the coin to the next owner by digitally signing the hash of the previous transaction and the public key of the next owner, and the receiver verifies the signatures and the chain of ownership.

2. ARYACOIN TECHNOLOGY

2.1 PROOF-OF-WORK

They use a proof-of-work system similar to Adam Back’s Hashcash to implement a distributed timestamp server on a peer-to-peer basis, rather than newspaper or Usenet publications. The proof-of-work involves scanning for a value that when hashed, such as with SHA-256, the hash begins with a number of zero bits. The average work required is exponential in the number of zero bits required and can be verified by executing a single hash.
For their timestamp network, they implement the proof-of-work by incrementing a nonce in the block until a value is found that gives the block’s hash the required zero bits. Once the CPU effort has been expended to make it satisfy the proof-of-work, the block cannot be changed without redoing the work. As later blocks are chained after it, the work to change the block would include redoing all the blocks after it.
The proof-of-work also solves the problem of determining representation in majority decision making. If the majority were based on one-IP-address-one-vote, it could be subverted by anyone able to allocate many IPs. Proof-of-work is essentially one-CPU-one-vote. The majority decision is represented by the longest chain, which has the greatest proof-of-work effort invested in it. If honest nodes control a majority of CPU power, the honest chain will grow the fastest and outpace any competing chains. To modify a past
block, an attacker would have to redo the proof-of-work of the block and all blocks after it, then catch up with, and surpass the work of the honest nodes.

2.2 NETWORK

The steps to run the network are as follows:
  • New transactions are broadcast to all nodes.
  • Each node collects new transactions into a block.
  • Each node works on finding a difficult proof-of-work for its block.
  • When a node finds a proof-of-work, it broadcasts the block to all nodes.
  • Nodes accept the block only if all transactions in it are valid and not already spent.
This is a very simple system that makes the network fast and scalable, while also providing a decent level of anonymity for all users. Users can send their transactions to any of the public nodes to be broadcast, and the private key of the sender’s address should sign any transaction sent to the nodes. This way, all transaction info remains strictly confidential. It also allows users to send transactions directly to the node from any place at any time and allows the transferring of huge amounts with very low fees.

2.3 AYAPAY PAYMENT SERVICES GATEWAY:

According to creators Aryacoin, the development team has succeeded in inventing a new blockchain technology for the first time in the world, which is undoubtedly a big step and great news for all digital currency enthusiasts around the world.
This new technology has been implemented on the Aryacoin AYAPAY platform and was unveiled on October 2. AYAPAY payment platform is the only payment gateway in the world that does not save money in users’ accounts and transfers incoming coins directly to any wallet address requested by the gateway owner without any additional transaction or fee.
In other similar systems or even systems such as PayPal, money is stored in the user account.

2.4 CONSENSUS ALGORITHM IN ARYACOIN

The devs introduced the Delayed-Proof-of-Work (dPoW) algorithm, which represents a hybrid consensus method that allows one blockchain to take advantage of the security provided by the hashing power of another blockchain. The AYA blockchain works on dPoW and can use such consensus methods as Proof-of-Work (PoW) or Proof-of-Stake (PoS) and join to any desired PoW blockchain. The main purpose of this is to allow the blockchain to continue operating without notary nodes on the basis of its original consensus method. In this situation, additional security will no longer be provided through the attached blockchain, but this is not a particularly significant problem. dPoW can improve the security level and reduce energy consumption for any blockchain.

2.5 DOUBLE-SPEND PROBLEM AND SOLUTION

One of the main problems in the blockchain world is that a receiver is unable to verify whether or not one of the senders did not double-spend. Aryacoin provides the solution, and has established a trusted central authority, or mint, that checks every transaction for double-spending. Only the mint can issue a new coin and all the coins issued directly from the mint are trusted and cannot be double-spent. However, such a system cannot therefore
be fully decentralized because it depends on the company running the mint, similar to a bank. Aryacoin implements a scheme where the receiver knows that the previous owners did not sign any earlier transactions. The mint is aware of all transactions including which of them arrived first. The developers used an interesting solution called the Timestamp Server, which works by taking a hash of a block of items to be ‘timestamped’ and publishing the hash. Each timestamp includes the previous timestamp in its hash, forming a chain. To modify a block, an attacker would have to redo the proof-of-work of all previous blocks, then catch up with, and surpass the work of the honest nodes. This is almost impossible, and makes the network processes more secure. The proof-of-work difficulty varies according to circumstances. Such an approach ensures reliability and high throughput.

3. ARYACOIN ROADMAP

April 2019: The launch of Aryacoin; AYA ICO, resulting in over 30BTC collected
December 2019: The launch of AYA Pay
April 2020: The successful Hamedan Hardfork, supported by all AYA exchanges, aimed at integrating the dPoW algorithm, improving the security of the AYA blockchain.
June 2020: Aryana Exchange goes live, opening more trading opportunities globally
July 2020: The enabling of our Coin Exchanger
November 2020: The implementation of Smart Contracts into the Aryacoin Ecosystem
Q1 2021: Alef B goes live (more details coming soon)

4. THE NUCYBER NETWORK COMMUNITY & SOCIAL

Website: https://aryacoin.io/
Explorer: https://explorer.aryacoin.io/
Github: https://github.com/Aryacoin/Aryacoin
Twitter: 1.1k followers https://twitter.com/AryacoinAYA
Reddit: 442 members https://github.com/nucypher
Instagram: 3.8k followers https://www.instagram.com/mrdigicoin/ Telegram: 5.9k subscribers https://t.me/AYA_Global

5. SUMMARY

Aryacoin (AYA) is a new age cryptocurrency that combines the best of the blockchain technology and strives to deliver high trading and mining standards, enabling users to make peer-to-peer decentralized transactions of electronic cash. Aryacoin is part of an ecosystem that includes payment gateway Ayapay and the Ayabank. AYA has a partnership with the Microsoft Azure cloud platform, which provides the ability to develop applications and store data on servers located in distributed data centers. The network fee for the AYA Blockchain is 0%. In Ayapay service, which has been developed by the Aryacoin team, all funds without extra fees or costs are directly forwarded to users’ wallets with technology called CloudWithdrawal. The devs team is introducing new use cases including exchanges where users will exchange AYA without any restrictions. You can buy AYA on an exchange of your choice, create an Aryacoin wallet, and store it in Guarda.

6. REFERENCES

1) https://coincodex.com/crypto/aryacoin/
2) https://www.icosandstos.com/coin/Aryacoin%20AYA/YuXO60UPF3
3) https://www.publish0x.com/iran-and-cryptocurrency/a-brief-introduction-of-aryacoin-first-ever-iranian-cryptocu-xoldlom
4) https://techround.co.uk/cryptocurrency/aryacoin-the-digital-currency-created-by-iranians/
5) https://bitcoinexchangeguide.com/aryacoin/
6) https://blog.coinpayments.net/coin-spotlight/aryacoin
7) https://guarda.com/aryacoin-wallet
submitted by CoinEx_Institution to Coinex [link] [comments]

Introduction to Bitterfly: Butterfly Matrix Entropy Weight Consensus Algorithm

When Bitcoin launched 11 years ago, Satoshi Nakamoto had the vision of giving people power over their money. His vision lives on through BTC. However, the Bitcoin network has a few flaws. One of those flaws is the Proof of Work mechanism. Mining Bitcoin requires a huge amount of resources that are out of reach for most ordinary people. The result is that the BTC network is increasingly being placed in centralized control.The Bitterfly project hopes to change that using a revolutionary consensus mechanism called the Buttery that will be used on the Bitterfly blockchain.
About Bitterfly
Bitterfly wants to continue the vision that Nakamoto had for Bitcoin. The goal is to give power back to the people and place them in control of their finances. To do this, the Bitterfly team is working on three main areas that require improvement:
· The consensus mechanism
· The blockchain performance
· Community Governance
The Consensus Mechanism
To improve the consensus mechanism, the team behind Bitterfly has created the Butterfly algorithm that they will add to the PoW mechanism. Not only can it ensures that the hash rate is obtained fairly, it ensures that the hash rate of the whole network is enhanced via the butterfly effect.
Performance
In terms of performance, the Bitterfly blockchain has been upgraded to have a confirmed commercial speed of 5000TPS. Bitterfly is designed as a Blockchain As a Service open-source platform, which can be used in different applications.
Bitterfly will support different types of computing services that include cloud servers. As a result, it will utilize idle server resources to boost the hash rate support for the network.
Community Governance
When it comes to community Governance, Bitterfly plans to introduce a node competition mechanism that will release 210 nodes over time to enhance the butterfly effect. First, they will introduce the nodes via the Butterfly matrix network. Later, they will do so via a fair elimination process. The goal is to ensure that the nodes contribute to the success of Bitterfly.
The Encryption Algorithm
Encryption and decryption of data are at the core of the operation of any blockchain. It helps to guarantee the security of the whole blockchain. Only a corresponding private key can unlock data encrypted using a public key.
In most blockchains, the Hash Function and the Asymmetric Key Encryption Algorithm are used to encrypt and decrypt data. For the Hush Function, the main algorithms used are SHA and MD5.Bitterfly uses the SHA256 algorithm for encryption and RSA, DSA, and Elliptic curve algorithms for decryption. For the verification phase, Bitterfly developed the DFLYSChnorr, which is based on the SCHNOOR algorithm.
Consensus Algorithm
The consensus mechanism is used in the blockchain to ensure that each transaction is accurate. Bitterfly plans to operate within the enterprise space, which requires comprehensive and heterogeneous systems that are integrated with various communication protocols.
To deal with the challenges that might arise, Bitterfly developed a two-layer consensus algorithm for the PoW mechanism called the PBFT algorithm. Here is how the Bitterfly algorithm works:
· The network Structure
Bitterfly is designed as an internet payment and application protocol that is based on embracing the digital economy. It can facilitate value storage as well as the decentralized exchange of digital assets, payments, as well as clearing functions. Within Bitterfly, everyone can participate in productively. It will place a huge demand on Bitterfly. The network will offer performance guarantees as well as smart contracts.
· Bitterfly Consensus Algorithm
To meet the goal of decentralization and security, Bittefly wants to become a global computer instead of a P2P information system. Besides satisfying the decentralization and security needs of its users via PoW, the system will also need to perform at a high level.
As a result, the team opted to support smart contracts in commercial applications. To deal with the issue of energy consumption, the team came up with the Butterfly algorithm. The algorithm allows the use of PoW as well as other cross-chain methods such as the Layer 2 protocol. Confirmation of transactions is done via verification nodes.
Each node is preconfigured with a list of trusted nodes known as the Consensus Achievement List (CAL). The node list can be used to confirm transactions. Once a transaction is confirmed with the local ledger, it is integrated into the transaction candidate set while all illegal ones are discarded.
To improve the security of the network, the verification confirmation was raised to 60% unlike in other networks where it is 50% +1. A transaction is officially confirmed once it is confirmed by 80% of the CAL nodes. The process is known as the Last Closed Ledger, which represents the latest changes to the ledger.
Within Bitterfly, the identities of those taking part in the confirmation of transactions are known beforehand. AS a result, transactions are faster and the blockchain is more efficient.
Butterfly Matrix Entropy Weight Algorithm
Entropy is used to measure the level of uncertainty in the system. Bitterfly built a way to establish consensus using multiple factors. In the network, each data set has a corresponding weight.
Summary
For the past 11 years, Bitcoin has enjoyed tremendous success. The launch of Bitcoin ushered in a new era for humanity. For the first time in history, decentralized money that is outside the control of governments and other central entities is possible.
The new type of money gives people the power to control their finances and avoid the harsh effects of inflation caused by the wanton printing of government currency. When a new economic downturn hit the global economy, Bitcoin failed the litmus test. While Bitcoin should have helped to save people’s finances as the money printing began, it seemed to have followed the same trend as the sinking global economy.
It revealed that BTC still had numerous weaknesses that need to be corrected. Bitterfly wants to build on what Bitcoin has accomplished and do more with it. The team behind this project is quite optimistic. They believe that they can achieve what Bitcoin has achieved in the past 11 years. Besides that, they believe they can achieve where Bitcoin has failed in those past 11 years.
Social Media Links
TWITTER: https://twitter.com/BitterflyD
MEDIUM: https://medium.com/@BitterflyD
YOUTUBE: https://www.youtube.com/channel/UCxSNCzuQsNj-oCgepxzoXQg
TELEGRAM: https://t.me/Bitterfly_Disciples
submitted by Bitterfly_Disciples to u/Bitterfly_Disciples [link] [comments]

LONG NETWORK on blockchain with secret correspondence

Coin name: LONG COINCoin
ticker: LONG (LNG)
Hash algorithm: SHA-256Message
Encryption Algorithm: ecdh and aes cbcCoin
Type: POWBlock time: 2 minutesPremine: 0Mined
Blocks confirmation: 30 blocksTransactions
confirmation: 6 blocksBlock
reward: 10 000 LONG
Fixed fee: 1 LONG/Кб
- Short SMS — 1 LONG
- Standard financial transactions — 1 LONG
- The limit on the amount of data transaction is 64kB (max fee is 64 LONG)Multicast transactions with simultaneous transmission of coins and messages
LONG NETWORK Core — Cryptographic decentralized network on an open source blockchain (based on bitcoin-core-0.12.1)LONG NETWORK works on the principle of encryption of all outgoing messages. All messages automatically fall into a single blockchain,accessible to all network members, and the fact that messages appear on the blockchain is “seen” by everyone. But! Even the sender cannot determine which computer will ultimately “read” the message, since only the addressee who owns the secret private key associated with the recipient’s address can “read” the message.Unlike traditional crypto messengers and networks, it is impossible to establish the very fact of “contact” of the sender and the recipient,which is the most compromising factor and makes it easy to decrypt messages by striking devices on the head.The system uses addresses similar to Bitcoin network addresses, which can be created locally by the user in unlimited quantities.
Official site: https://longnetwork.github.io/
Downloads:GitHub Full Sources (with cross build tools:
https://github.com/longnetwork/LONGNETWORK
Build from sources Tutorial (very simple) https://youtu.be/H5FkmPRJiEo
Posting in LONG NETWORK Tutorial https://youtu.be/MjAP4zS61_s
Community:
https://bitcointalk.org/index.php?topic=5235729.msg54102346#msg54102346
https://discord.gg/JjbU47K
https://twitter.com/PepperSteep
network services:
Exchange 1 https://trade.crypton.cf/
Explorer http://longchain.crypton.cf/
Mining pool http://longpool.crypton.cf/

https://preview.redd.it/dfph1f0bvj051.jpg?width=2069&format=pjpg&auto=webp&s=2800a1f4ab655dc37e8b73bee0b77135ca09f3b1
submitted by Daltonik to promoted [link] [comments]

I posted for peer review a couple weeks back, here is the final result. An Intro to the technology behind Bitcoin.

submitted by Bukowskaii to Bitcoin [link] [comments]

AES Crypt security audit (1 serious issue found)

I just learned about privacytools.io this afternoon and started poking around at some of the software I hadn't heard of before. One in particular caught my eye: AES Crypt. It's listed as "Worth Mentioning" under "File Encryption". I found some minor issues and one major issue.
I only looked at the Linux version, written in C. However, most of the issues I highlight are relevant to all versions since it's part of the file format.
Update: So apparently the major issue has been known since 2012, but they've decided not to address it. Therefore Privacy Tools should not be recommending this software.
Update 2: AES Crypt was removed

The Bad News

Let's start with the most serious issue. An unauthenticated field in encrypted files is trusted, and this allows a man-in-the-middle to manipulate the plaintext without being detected. I wrote up a little example scenario in my bug report, along with proof of concept you can try for yourself:
GitHub issue #23: Unauthenticated header data is trusted, making the plaintext malleable
Instead of using a proper padding scheme, the size of the final block is stored in a last_block_size field in the file. Despite being placed between the encrypted message and the authentication tag, it's not authenticated. This is a huge no-no and must be fixed before it would be reasonable to recommend this tool to anyone for any use.
It's not a problem with the code, but the file format itself. Therefore all versions are affected, and the fix will require a new file format (version 3?).
It could be fixed by including the last_block_size field when authenticating, but it would be much better to drop this field and use a standard padding scheme like PKCS#5. As a really minor bonus, this would also hide the exact file length from snoops.

Weak key derivation

The encryption key is derived from the user-entered password by iterating SHA-256 8,192 times. It's not a showstopper, but this is very weak, and puts a lot more stress on choosing good passphrases. It is salted with the IV, which helps protect against some kinds of attacks.
This is part of the file format since the passphrase is usable between implementations, so all versions are affected.
Recommendation: Switch to a memory-hard KDF like Argon2 or scrypt. Less good option: allow the number of iterations to be configured, or just use more iterations. It's very easy to parallelize SHA-256, especially thanks to all those hardware implementations designed for mining Bitcoin.

More complicated than necessary

The passphrase is used to encrypt yet another key, which is used to encrypt the message. This offers no additional protection, and it's not used for anything. The only reason you might want something like this is so that you can encrypt the file with more than one passphrase, allowing it to be decrypted with any individual passphrase. But that's not a feature of AES Crypt.
Worse, it actually weakens the format since it makes brute force attacks on the passphrase faster. No need to check guesses against the entire ciphertext, just the fixed-length key!
This is part of the file format so all versions are affected.
Recommendation: Get rid of this. It's not a big deal, it's just pointless.

Some cargo culting

Entropy read from the operating system (/dev/urandom, etc.) isn't entirely trusted for some reason, so it's hashed along with the current time and PID. That's not sufficient to accomplish anything useful. It doesn't hurt, but it's a strange thing to do.
This isn't part of the file format, so it's just a quirk of the Linux and Windows implementations.

Ambiguous licensing

I am unable to find any license governing the C Linux and Windows versions of the software. There's no LICENSE file, and the individual sources are not consistently marked. The AES implementation is embedded and marked as GPL, which suggests the entire source is GPL.
So at the moment a conservative take would be that AES Crypt is source available but not necessarily Open Source.

Perhaps some code quality issues?

There were a couple cases of undefined behavior. I submitted a patch to fix these. (Update: This patch was never accepted, and so AES Crypt still invokes undefined behavior each time it's used to encrypt data, making all its output suspect.)
The very second time I ran the aescrypt command after compiling it, I got a segmentation fault, which was pretty alarming. I submitted a patch to fix this, too (Update: also never accepted), but considering how quickly I found this, I wonder how many more issues are lingering. File name handling is a mess. Though, as a command line program, it's probably reasonable to consider the command line arguments trusted inputs.
I looked mostly at the code that does encryption and decryption, and that part is pretty solid. It does thorough error checking and is even careful to clean up before bailing out.

Variable-time comparison

The memcmp() function is used to verify the authentication tag, which takes a variable amount of time to complete. It's not significant for a command line application like this since it's never going to behave as an oracle for an attacker, but something to notice, especially if the code is reused in, say, a server implementation of AES Crypt.

The Good News

It's not well documented, but the encryption scheme is AES-256 in CBC mode, authenticated with encrypt-then-authenticate HMAC-SHA256. Except for the lack of padding, it's all solid stuff. The IV is generated and used properly, and the (pointless) intermediate key is also generated properly (C version, Linux and Windows).
The program makes consistent and reasonable attempts to sanitize memory holding sensitive information. Well done!
As I noted, the actual file parsing and crypto routines are, for the most part, robust with error checking and input validation. (Though, I did notice the upper four bits of last_block_size is allowed to hold any value with no impact on the result.)
If the padding issue is fixed with a new file format, then it's reasonable to recommend this tool with the caveat that the KDF is weak and so your passphrases must be especially strong.
Disclaimer: I wrote and maintain a similar open source tool called Enchive which is perhaps a "competitor" in this area.
submitted by skeeto to privacytoolsIO [link] [comments]

Evidence Points to Bitcoin being an NSA-engineered Psyop to roll out One-World Digital Currency

Eye
I'm going to assume the readers who make it to this article are well informed enough that I don't have to go into the history of the global money changers and their desire for a one world currency.
(If you don't yet understand the goal of the globalist banking empire and the coming engineered collapse of the fiat currency system, you're already about 5,000 posts behind the curve.)
With that as a starting point, it's now becoming increasingly evident that Bitcoin may be a creation of the NSA and was rolled out as a "normalization" experiment to get the public familiar with digital currency.
Once this is established, the world's fiat currencies will be obliterated in an engineered debt collapse (see below for the sequence of events), then replaced with a government approved cryptocurrency with tracking of all transactions and digital wallets by the world's western governments.
NSA mathematicians detailed "digital cash" two decades ago
What evidence supports this notion?
First, take a look at this document entitled, "How to Make a Mint - The Cryptography of Anonymous Electronic Cash." This document, released in 1997 - yes, twenty years ago - detailed the overall structure and function of Bitcoin cryptocurrency.
Who authored the document?
Try not to be shocked when you learn it was authored by,
"mathematical cryptographers at the National Security Agency's Office of Information Security Research and Technology." 
The NSA, in other words, detailed key elements of Bitcoin long before Bitcoin ever came into existence.
Much of the Bitcoin protocol is detailed in this document, including signature authentication techniques, eliminating cryptocoin counterfeits through transaction authentication and several features that support anonymity and untraceability of transactions.
The document even outlines the heightened risk of money laundering that's easily accomplished with cryptocurrencies. It also describes "secure hashing" to be "both one-way and collision-free."
Although Bitcoin adds mining and a shared, peer-to-peer blockchain transaction authentication system to this structure, it's clear that the NSA was researching cryptocurrencies long before everyday users had ever heard of the term.
Note, too, that the name of the person credited with founding Bitcoin is Satoshi Nakamoto, who is reputed to have reserved one million Bitcoins for himself.
Millions of posts and online threads discuss the possible identity of Satishi Nakamoto, and some posts even claim the NSA has identified Satoshi.
However, another likely explanation is that Satoshi Nakamoto is the NSA, which means he is either working for the NSA or is a sock puppet character created by the NSA for the purpose of this whole grand experiment.
The NSA also wrote the crypto hash used by Bitcoin to secure all transactions
On top of the fact that the NSA authored a technical paper on cryptocurrency long before the arrival of Bitcoin, the agency is also the creator of the SHA-256 hash upon which every Bitcoin transaction in the world depends.
As The Hacker News (THN) explains.
"The integrity of Bitcoin depends on a hash function called **SHA-256**, which was designed by the NSA and published by the *National Institute for Standards and Technology* ([NIST](https://en.wikipedia.org/wiki/National_Institute_of_Standards_and_Technology))." 
THN also adds:
"If you assume that the NSA did something to SHA-256, which no outside researcher has detected, what you get is the ability, with credible and detectable action, they would be able to forge transactions. The really scary thing is somebody finds a way to find collisions in SHA-256 really fast without brute-forcing it or using lots of hardware and then they take control of the network." 
Cryptography researcher Matthew D. Green of Johns Hopkins University said.
In other words, if the SHA-256 hash, which was created by the NSA, actually has a backdoor method for cracking the encryption, it would mean the NSA could steal everybody's Bitcoins whenever it wants (call it "Zero Day.")
That same article, written by Mohit Kumar, mysteriously concludes,
"Even today it's too early to come to conclusions about Bitcoin. Possibly it was designed from day one as a tool to help maintain control of the money supplies of the world." 
And with that statement, Kumar has indeed stumbled upon the bigger goal in all this:
To seize control over the world money supply as the fiat currency system crumbles and is replaced with a one-world *digital currency controlled by globalists*. 
Think cryptography is bulletproof? Think again…
Lest you think that the cryptography of cryptocurrency is secure and bulletproof, consider this article from The Hacker News, 'Researchers Crack 1024-bit RSA Encryption in GnuPG Crypto Library,' which states,
"The attack allows an attacker to extract the secret crypto key from a system by analyzing the pattern of memory utilization or the electromagnetic outputs of the device that are emitted during the decryption process." 
Note, importantly, that this is a 1024-bit encryption system.
The same technique is also said to be able to crack 2048-bit encryption. In fact, encryption layers are cracked on a daily basis by clever hackers.
Some of those encryption layers are powering various cryptocurrencies right now. Unless you are an extremely high-level mathematician, there's no way you can know for sure whether any crypto currency is truly non-hackable.
In fact, every cryptocurrency becomes obsolete with the invention of large-scale quantum computing.
Once China manages to build a working 256-bit quantum computer, it can effectively steal all the Bitcoins in the world (plus steal most national secrets and commit other global mayhem at will).
(Video)
Ten steps to crypto-tyranny - The "big plan" by the globalists (and how it involves Bitcoin)
In summary, here's one possible plan by the globalists to seize total control over the world's money supply, savings, taxation and financial transactions while enslaving humanity.
And it all starts with Bitcoin...
  1.  Roll out the NSA-created Bitcoin to get the public excited about a digital currency. 
  2.  Quietly prepare a globalist-controlled cryptocurrency to take its place. (JP Morgan, anyone...?) 
  3.  Initiate a massive, global-scale [false flag operation](http://www.bibliotecapleyades.net/sociopolitica/sociopol_falseflag.htm) that crashes the global debt markets and sends fiat currencies down in flames (hoax alien invasion, hoax North Korean EMP attack, mass distributed power grid terrorism network, etc.) 
  4.  Blame whatever convenient enemy is politically acceptable (North Korea, "the Russians," Little Green Men or whatever it takes…) 
  5.  Allow the fiat currency debt pyramid to collapse and smolder until the sheeple get desperate. 
  6.  With great fanfare, announce a government-backed cryptocurrency replacement for all fiat currencies, and position world governments as the SAVIOR of humanity. Allow the desperate public to trade in their fiat currencies for official crypto currencies. 
  7.  [Outlaw cash](http://www.bibliotecapleyades.net/sociopolitica/sociopol_globalbanking.htm#Cashless_Society) and *criminalize gold and silver ownership by private citizens*. All in the name of "security," of course. 
  8.  Criminalize all non-official cryptocurrencies such as Bitcoin, crashing their value virtually overnight and funneling everyone into the one world government crypto, where the NSA controls the blockchain. This can easily be achieved by blaming the false flag event (see above) on some nation or group that is said to have been "funded by Bitcoin, the cryptocurrency used by terrorists." 
  9.  Require [embedded RFID](http://www.bibliotecapleyades.net/ciencia/secret_projects/implants.htm#RFID) or biometric identifiers for all transactions in order to "authenticate" the one-world digital crypto currency activities. *Mark of the Beast* becomes reality. No one is allowed to eat, travel or earn a wage without being marked. 
  10.  Once absolute control over the new one-world digital currency is achieved, weaponize the government-tracked blockchain to track all transactions, investments and commercial activities. Confiscate a portion of all crypto under the guise of "automated taxation." In an emergency, the government can even announce *negative interest rates* where your holdings automatically decrease each day. 
With all this accomplished, globalists can now roll out absolute totalitarian control over every aspect of private lives by enforcing financial "blackouts" for those individuals who criticize the government.
They can put in place automatic deductions for traffic violations, vehicle license plate taxes, internet taxes and a thousand other oppressive taxes invented by the bureaucracy.
With automatic deductions run by the government, citizens have no means to halt the endless confiscation of their "money" by totalitarian bureaucrats and their deep state lackeys.
How do you feel about your Bitcoin now...?
Video
by Mike Adams December 10, 2017 from NaturalNews Website
Source
submitted by Metaliano to conspiracy [link] [comments]

What's the f*****ng benefit of the reactivated OP_Codes?

Nobody explained what we can do with the soon to be reactivated OP_Codes for Bitcoin Cash, and nobody explained why we need them. It's a fact that there are risks associated with them, and there is no sufficient testing of these risks by independent developers, nor is there a sufficient explanation why they carry no risk. BitcoinABC developers, explain yourselves, please.
Edit: Instead of calling me a troll, please answer the question. If not, ask someone else.
Edit Edit: tomtomtom7 provided a resfreshing answer on the question:
https://www.reddit.com/btc/comments/7z3ly4/to_the_people_who_thing_we_urgently_need_to_add/dulkmnf/
The OP_Codes were disabled because bugs were found, and worry existed that more bugs could exist.
They are now being re-enabled with these bugs fixed, with sufficient test cases and they will be put through thorough review.
These are missing pieces in the language for which various use cases have been proposed over the years.
The reason to include these, is because all developers from various implementations have agreed that this is a good idea. No objections are raised.
Note that this does not mean that all these OP_Codes will make it in the next hardfork. This is obviously uncertain when testing and reviewing is still being done.
This is not yet the case for OP_GROUP. Some objection and questions have been raised which takes time to discuss and time to come to agreement. IMO this is a very healthy process.
Another good comment is here
https://www.reddit.com/btc/comments/7z49at/whats_the_fng_benefit_of_the_reactivated_op_codes/dullcek/
One precise thing: Allowing more bitwise logical operators can (will) yield smaller scripts, this saves data on the blockchain, the hex code gets smaller.
Here is a detailled answer. I did not goe through it if it is satisfying, but at least it is a very good start, Thank you silverjustice.
But further, if you want specific advantages for some of these, then I recommend you check out the below from the scaling Bitcoin conference:
opcodes are very useful, such as in for example with CAT you can do tree signatures even if you have a very complicated multisig design using CAT you could reduce that size to log(n) size. It would be much more compact. Or with XOR we could do some kind of deterministic random number generator by combining secret values from different parties so that nobody could cheat. They could combine and generate a new random number. If people think-- ... we could use LEFT to make weaker hash. These opcodes were re-enabled in sidechain elements project. It's a sidechain from Bitcoin Core. We can reintroduce these functions to bitcoin.
The other problem are the ... numeric operations which were disabled by Satoshi. There's another problem. Which is that the range of values accepted by script is limited and confused because the CScript.. is processed at ..... bit integers internally. But to these opcodes it's only 32 bits at most. So it's quite confusing. The other problem is that we have this.. it requires 251 encode or calculate or manipulate this number. So we need at least 52 bits. But right now it is only 32 bits. So the proposal is to expand the valid input range to 7 bytes which would allow 56 bits. And it limits the maximum size to 7 bytes so we could have the same size for inputs and outputs. For these operations, we could re-enable them within these safe limits. It would be safe for us to have these functions again.
The other problem is that we currently cannot commit to additional scripts. In the original design of bitcoin, we could have script operations inside of the signature. But the problem is that the signature is not covered by the signature itself. So any script in the scriptSig is modifiable by any third party in the network. For example, if we tried to do a CHECKSIG operation in the signature, people could simply replace it with an OP_0 and invalidate the transaction. This is a bypass of the.. signature check in the scriptSig. But actually this function is really useful, for example, we can do... delegation, people could add additional scripts to a new UTXO without first spending it. So people could do something like let's say to let their son spend their coin within a year if it is not first spent otherwise.. and also, people, talk about replay protection. So we have some ohter new opcode like pushing the blockhash to the stack, with this function we could have replay protection to make sure the transaction is valid only in a specified blockchain.
So the proposal is that in the future the CHECKSIG should have the ability to sign additional script and to execute these scripts. And finally the other problem is that the script has limited access to different parts of the transaction. There is only one type of operation that allowed to investigate different parts of the transaction, which is CHECKSIG and CHECKMULTISIG. But it is very limited. There are sighash limitations here... there are only 6 types of sighash. The advantage of doing this is that it's very compact and could use only one byte to indicate which component to sign. But the problem is that it's inflexible. The meaning of this sighash is set at the beginning and you can't change it. You need a new witness version to have another checksig. And the other problem is that the sighash can be complex and people might make mistakes so Satoshi made this mistake in the sighash design such as the well-known bug in validation time and also the SIGHASH_SINGLE bug. It's not easy to prevent.
The proposal is that we might have the next generation of sighash (sighashv2) to expand to two bytes, allow it to cover different parts of the transaction and allow people to choose which components they would like to sign. This would allow more flexibility and hopefully not overly complicated. But still this is probably not enough for more flexible design.
Another proposal is OP_PUSHTXDATA which pushes the value of different components of a transaction to the stack. It's easy to implement, for example, we could just push the scriptpubkey of the second output to the stack, okay. So it is actually easier to implement. We could do something more than just... because we have sighash, we could check where something is equal to the specified value. But if we could push the value, like the value of an output to the stack, then we could use other operations like more than or less than and then we could do something like checking whether the value of output x must be at least y bitcoin, which is a fixed value.
There are some other useful functions like MAST which would allow for more compact scripts by hiding the other unexecuted branches. There's also aggregation that would allow n-of-n multisig to be reduced to a single signature and so on. In the elements project, they implemented CHECKSIGFROMSTACK where they don't check the transaction structure but instead they verify a message on the stack. So it could be some message like not bitcoin maybe, perhaps cross-chain swap, or another bitcoin UTXO. And also we might have some elliptic curve point addition and operations which are also useful in lightning network design.
Here are some related works in progress. If you are interested in this topic, I would like to encourage you to join our discussions because it's a very active topic. jl2012 bip114 MAST, maaku's MBV, luke-jr or version-1 witness program, Simplicity, etc.
so you have your script template the amount value and there is a block impactor beause we have the sha chain whih allows you to hae the hashes.. we can hae that errortate constant beause you need the HTLC chashes, to properly reoke the prior states and if you an't do that then you can't onstruct the redeem script. Right now it ineeds a signature for eery state, you need all the HTLCs, it needs the netowrk erification state, and there's another cool thing you can do with which is like trap door erification and you can include it in the transaction itself and there can be a alsue where there is some margin for it.. Which make sit powerful, and then you can make it more private with these constructs. We only have a few minutes left, we can cover this.
One furthe rthing is that in the transformation, we have privacy issue because we need to keep going forward, we need to have hte private state, so there's a history of this in the ages in the past, the current one used replications, which was one of the cool things about lightning. We used to have deckman signatures we had a sequence value of like 30 days, we did an update, we had to switch sides then we make it 29 then 27 etc. You can only broadcast the most recent state because otherwise the other party can transact the other transaction. If you start with 30 days then you can only do about 30 bidirectiona lswitches. Then there was cdecker's payment channels where you have a root tree and every time you need to- you had two payment channels, you had to rebalance htem and then it's on your part of the channel you can reset the channel state. You can do 30 this way, you have another tree, you can do it that way, and then there's a new version of it in the indefinite lifetime... by keeping the transaction in CSV, the drawback on that paproahc because you have al arge validation tree, in the worst cas eyou have 8 or 10 on the tree, and then you nee dfor the prior state and then you do the 12 per day, and every time you have to make a state, you have to revoke the preimage from the prior state, this is cool because if they ever broadcast the entire state, eahc one has the caluse so that you can draw the entire money in the event o f a violation. There are some limitations for doing more complex verifications and you have this log(n) state that you have to deal with ehen you deal with that.
We're going to do the key power on the stack to limit key verifications on this main contract. this is all composable. You can do discreet log contracts. You can now check signtures on arbitrary messages. You can sign a message nad then we can enforce structure on the messages themselves. Right now you need to have sequene numbers. So each state we are going to increment the sequence numbers. So you give me a siequence number on that state. On the touputs we have a commitment ot the sequence number and the value r. So people on chain will know that how many places we did in that itself. The ool part about this is that because we have a seq number then I have the one if it's highest neough. Then I am opening that commitment to say this is state 5 and I present to you a new signed ommitment and open that as well, that's in a validation state. The cool things is that you only need one of those m. So we have to some auxiliary state, and each time I have a new state I an drop the old state. I have a signed commitment to revoke the prior state. This is a ibg deal beause the state is much smaller. Currently we require you to fwe use a state mahcine on state 2, and it also has implications for verifications and watch tower
So on lightning, there's this technique itself- it's timelocks CSV value and if you can't react within that value then you can't go to court and enforce judgement on this attacker. So the watchtower is a requirement, you delegate the state watching to the watchtower. They know which channels you're watching. You send some initial points, like a script template. For every one you send the signautre and the verification state. They can use the verification stat ethat collapses into a log(n) tree, you can basically use state where you send half the txids, you can decrypt this in... some time.
submitted by Der_Bergmann to btc [link] [comments]

Reasons to believe Julian Assange is in CIA custody and WikiLeaks under duress.

UPDATE (11/01/2017 - UK Date Format): Julian Assange is alive and still in the Embassy. He confirms WikiLeaks has not been compromised. Julian took questions from the Reddit AmA but answered them via live, current and interactive video. He did this very intentionally, and by so doing, was true to his word. Watch a recording of the live event here:
https://www.youtube.com/watch?v=rC2EjKYMCeg
On the 26th of September 2016 Secretary of State John Kerry (self admitted Skull and Bones member) visited Colombia. WikiLeaks reported that inside sources had confirmed that John Kerry also met with Ecuadorean President Rafael Correa in Ecuador to personally ask Ecuador to stop Assange from publishing documents about Clinton. This was initially fervently denied in the press only later to be confirmed by the Ecuadorian embassy who admitted cutting off Julian’s internet due to pressure from the US. Ecuador wanted to appear impartial.
For over four years, the Ecuadorian embassy has been under surveillance and Julian's human rights violated as he has been unlawfully detained termed "illegal arbitrary detention" by a recent UN ruling. During that time, it has been possible for intelligence agencies to gather critical information and build a detailed profile and plan to circumvent Julian's dead man's switch.
Both John Kerry and US intelligence agencies know perfectly well that cutting off Julian's internet would have no impact on the release of the leaked emails that are damaging to Hillary's campaign. It has been very clear for a long time that many US officials wanted Julian Assange dead, Hillary Clinton even has remarked, "can't we just drone the guy".
The cutting off of Julian's internet access was not for the purpose of preventing the leaks of the Podesta and Hillary emails. Unless intelligence agencies are truly inept, they know that media organisations already have the entire leaked email database and a schedule for release, they also know WikiLeaks staff would continue to leak regardless of Julian's ability to communicate.
Removing Assange would not be enough, they would need to circumvent his dead man's switch and then tarnish WikiLeaks reputation. Removing Assange's internet could have the effect of causing Assange to take steps that can be followed to prevent the automatic triggering of his DMS.
From the day Julian's internet was cut off, a series of peculiar and uncharacteristic events started to take place. The same day that Julian's internet was cut off, CBS reported that Pamela Anderson visited Assange and had "Tortured" him with a vegan sandwich. A few days before on the 14th, John Podesta tweeted "I bet the lobster risotto is better than the food at the Ecuadorian Embassy". Then on October the 16th the SHA-256 prerelease keys were issued on WikiLeaks twitter feed, although these events are odd and seemingly inconsequential, combined with John Kerry being in the UK from the 16th to the 17th sparked concern among the community for Julian's safety.
Assange supporters started to gather at the embassy to keep Assange safe and witness any foul play, some of these witnesses have claimed that a very swift police armed raid took place that lasted only 5 minutes while the crowd was kept under control and prevented from approaching, there have also been reports that they were prevented from taking photographs and that their phones were confiscated. A live periscope feed was also cut off. There have also been some reports of the presence of a mobile jamming van.
If Assange has been seized, any recognition by mainstream media would be detrimental to Hillary's campaign. A covert operation with media blackout would be the only effective way of seizing him at this time. On October the 18th Fox News said that Julian Assange would be "arrested soon, maybe in a matter of hours.". The was video was then promptly removed and articles relating to it have disappeared. However, one reddit user was able to find an alternative source and now the video can be found again on YouTube.
Although Julian's primary DMS (the release of insurance file encryption keys) did not activate, on October the 18th one of Julian's contingencies did activate, a script was activated that made https://file.wikileaks.org/file publicly visible and set all the file date and time stamps to 01/01/1984 (Orwell reference). This file repository contains many documents that had not been released prior.
Staffers Kristinn Hrafnsson and Sarah Harrison, have gone silent while the Ecuadorian embassy is refusing to provide any updates on Assange’s fate. There is a recorded call made to the embassy by a journalist where the receptionist refused to confirm that Julian was at the embassy, she also refused to confirm that Julian was even alive. Julian has not made an appearance at the window of the embassy since being cut off.
WikiLeaks suggested in a tweet that its supporters were responsible for the DDOS attacks on the 21st. Neither Assange or WikiLeaks would ever insinuate such a thing. WikiLeaks deceptively tweeted a video of Michael Moore that was actually recorded in June. The video was posted on the 24th of October giving the impression that Michael Moore had been speaking with Assange in the embassy. Why would WikiLeaks do this when they know they are already under suspicion?
WikiLeaks have been using their Twitter account to give the appearance of his safety while providing no concrete evidence of his safety. They issued a poll asking what proof would satisfy the public that Julian was safe. WikiLeaks have yet to follow up on the conclusive result of a video or window appearance.
Julian Assange is known for his attention to detail and his consistently good spelling and grammar. Currently the twitter feed has very poor spelling, there are numerous uncharacteristic spelling errors, for example, an accomplished cryptographer knows how to correctly spell algorithm and so do WikiLeaks staff.
On the 21st of October, there was a massive widespread DDOS attack that disrupted US and EU internet. Also on the 21st of October London City Airport was evacuated. The next day (the 22nd), Gavin MacFayden is reported dead. WikiLeaks made a further blunder by stating his death as the 23rd.
There has been a number of high level WikiLeaks deaths recently too. John Jones QC - WikiLeaks U.N. lawyer died on April 16th 2016. Michael Ratner - WikiLeaks chief counsel died on May 11th 2016. Seth Rich - Employee of the Democratic National Committee (DNC) was fatally shot on July 10th 2016 and Gavin MacFadyen - WikiLeaks director died October 22nd 2016.
If WikiLeaks has been compromised, it is already preparing the scene for future discrepancy to seriously tarnish WikiLeaks reputation. Nothing WikiLeaks has shared since the 15th of October 2016 should be trusted until Julian has been fully verified as alive.
My speculative fears are that Julian has been seized and removed from the Embassy. His internet being cut not being related to the release of the emails, but rather as a component of a plan of 4 years in the making to as secretly as possible remove Assange from the embassy, circumvent his DMS and hijack WikiLeaks with the key team members silenced or under duress.
My fears would be confirmed by no future public (mass witnessing and recorded/televised) appearance of Julian Assange discussing recent topics. His death by whatever means after the US presidential election would be extremely suspect. Until proof of life, assume the following compromised:
SHA-256 verification Keys posted after the 15th. WikiLeaks submission process and/or platform. WikiLeaks twitter feed. Any WikiLeaks leaks after the 15th October 2016.
EDIT: (01/11/2016 - 17:18GMT) URL and spelling corrections.
EDIT: Update 16/12/2016
Why demanding proof that WikiLeaks is not compromised is necessary:
https://www.facebook.com/events/309760466089922/ (PoL Event @ Ecuadorian Embassy London 17th December 2016) – If you live in the UK please come and let’s get REAL PoL. Please circulate.
1) Still no PGP (GPG) signed short message from WikiLeaks. 2) RiseUp’s warning canary may be dead (RiseUp is believed to host WL Twitter email account) 3) Julian’s internet hasn’t been restored as promised 4) The pre-commitment file hashes released in October do not match the released insurance files 5) Julian’s Swedish defense lawyer Per Samuelson was denied access during case questioning. No one actually saw Julian through the whole process.
Additional points:
-UK disregard for international law -Capabilities of combined intelligence agencies -WikiLeaks down on October 17th -Mass censorship -WikiLeaks reposting old stuff -See timelines below
Various timelines, some with minor errors: https://www.reddit.com/WikileaksTimeline/wiki/index https://www.reddit.com/WhereIsAssange/comments/5dmr57/timeline_of_events_regarding_julian_assange_and/ https://regated.com/2016/11/julian-assange-missing/
[Still no PGP (GPG) signed short message from WikiLeaks] Watch this https://youtu.be/GSIDS_lvRv4 video for a simple and good explanation of public/private key cryptography. Here https://riseup.net/en/canary is an example of how a legitimate cryptographically capable organisation uses PGP to sign a message and prove authenticity. WikiLeaks has this setup too. Why do they not use it and prove they are not compromised?
WikiLeaks could easily do this. They have their private key. The public has WikiLeaks public key. Even if Julian isn’t in possession of the key, WL most certainly is, no excuse for WL not to prove themselves. This has been heavily requested of WikiLeaks. I’d like to hear from the individuals who claim that their requests were removed (please leave comments). Of all the red flags, not posting a PGP signed message is by far the most damming. If we are to believe that the person in the audio recording at the FCM 2016 is Julian Assange, then what he says about the keys is missing the point. If he himself is not in possession of the key, then WikiLeaks will be. If WikiLeaks use the key to prove themselves, then we know they are not compromised. By extension, we will also be assured that Julian is safe as an uncompromised WikiLeaks would be in a position to confirm his safety and be believed. This audio file includes everything that he says regarding PGP keys: http://picosong.com/UyVw/ (I am not convinced this is Julian).
[RiseUp’s warning canary may be dead (RiseUp is believed to host WL Twitter email account)] RiseUp is an activist ISP providing secure services to activists. Its mission is to support liberatory social change via fighting social control and mass surveillance through distribution of secure tools (https://en.wikipedia.org/wiki/Riseup). RiseUp use a warrant canary as a means to protect their users in case RiseUp are ever issued with a NSL or gag order etc (https://riseup.net/en/canary). This is renewed quarterly, assuming no warrant has been issued. However, this is now considerably overdue so the assumption is that the canary is dead, and just like the canaries used in coal mines, everyone should get the hell out of there when it dies. https://theintercept.com/2016/11/29/something-happened-to-activist-email-provider-riseup-but-it-hasnt-been-compromised/. I would be grateful if someone could provide a source for the WikiLeaks twitter email account being hosted by RiseUp.
[Julian’s internet hasn’t been restored as promised] https://twitter.com/wikileaks/status/787889195507417088 https://twitter.com/wikileaks/status/788099178832420865 On the 26th of September 2016 Secretary of State John Kerry visited Colombia. WikiLeaks reported that inside sources had confirmed that John Kerry also met with Ecuadorean President Rafael Correa in Ecuador to personally ask Ecuador to stop Assange from publishing documents about Clinton. This was initially fervently denied in the press only later to be confirmed by the Ecuadorian Embassy who admitted cutting off Julian’s internet due to pressure from the US. Ecuador wanted to appear impartial.
Both John Kerry and US intelligence agencies knew perfectly well that cutting off Julian's internet would have no impact on the release of the leaked emails that were damaging to Hillary's campaign. The cutting off of Julian's internet access was not for the purpose of preventing the leaks of the Podesta and Hillary emails. Unless intelligence agencies are truly inept, they knew that media organisations already have the entire leaked email database and a schedule for release, they also knew WikiLeaks staff would continue to leak regardless of Julian's ability to communicate.
Now it is long after the election and Ecuador have still not restored Julian’s internet. Ecuador have no grounds to continue to restrict Julian’s internet. It does nothing apart from increase tensions and raise suspicion. Ecuador have always been supportive of Julian. However, after John Kerry applied pressure on Ecuador, that whole dynamic changed. Ecuador cut Julian's Internet. He then essentially threatened Ecuador, the UK and John Kerry by submitting those pre-commitment file hashes on Twitter. Since then we have only seen hostility towards Julian from all three parties. Ecuador didn't restore his internet and didn't let his lawyer interview him and no one actually saw him. The U.K. Denied him access to Gavin's funeral and denied him access to medical treatment. The UK also continually disregard the UN. The dynamic now is totally different. He has no political friends. It seems that both the UK and Ecuador are now working against Julian and Wikileaks. An environment where a collaborated siege would be feasible.
Finally, many have speculated about mobile signals being blocked at the Embassy. I can confirm that there is 4G signal right outside the Embassy door. I was there, with my phone, and tested it. There is no reason to think Julian cannot use a MiFi device (or similar) connected to a cellular network.
[The pre-commitment file hashes released in October do not match the released insurance files] Here are the October tweets with the file hashes:
https://twitter.com/wikileaks/status/787777344740163584 https://twitter.com/wikileaks/status/787781046519693316 https://twitter.com/wikileaks/status/787781519951720449
These 3 pre-commitment Twitter posts are SHA-256 file hashes. SHA-256 file hashes are 64 characters long. They are not encryption keys for insurance files. They simply are a mathematical formula for verifying that later released files are genuine and have not been altered.
These hashes were released because Julian felt threatened and in increased danger. They specifically targeted the UK FCO, Ecuador and John Kerry. All of whom are key players in his current predicament. On November 7th, WikiLeaks released 3 new insurance files. These files names match the names given in the pre-commitment hash tweets:
2016-11-07_WL-Insurance_EC.aes256 2016-11-07_WL-Insurance_UK.aes256 2016-11-07_WL-Insurance_US.aes256
EC = Ecuador, UK = UK FCO, US = John Kerry. Soon after these files were released, the 3 files hashes were compared to the 3 hashes posted on the 16th of October. They did not match. When this was brought to WikiLeaks attention, WikiLeaks released the following statement in a tweet: https://twitter.com/wikileaks/status/798997378552299521
“NOTE: When we release pre-commitment hashes they are for decrypted files (obviously). Mr. Assange appreciates the concern.”
This firstly proved that the hashes and the insurance files were related (a fact that was already clear). Secondly, it was a lie, as it implied historical use of pre-commitment hashes in this manner. Thirdly, the (obviously) comment was also a deception and an insult to supporters. It was not obvious to anyone, not even to our crypto guys in /cryptography/, on the contrary, they thought it highly suspicious. Additionally, what they suggest would be absolutely pointless. Pointless as a threat, as the UK, Ecuador and John Kerry would have no practical way of identifying the documents to confirm the threat. There's absolutely no scenario where an uncompromised WikiLeaks would either post bad file hashes or altered insurance files.
[Julian’s Swedish defense lawyer Per Samuelson was denied access during case questioning] This is highly unusual and very suspicious. Also, Jennifer Robinson was not in the room with Assange. https://www.youtube.com/watch?v=MYR0Pw9LfUQ&feature=youtu.be&t=9m55s and neither was the chief prosecutor http://www.bbc.co.uk/news/world-europe-37972528 “Swedish chief prosecutor Ingrid Isgren will not speak to Mr Assange directly”.
[UK disregard for international law] The UK threat is very real. Back in August 2012 the UK was poised to break international law citing the Diplomatic and Consular Premises Act of 1987 as a basis for entering the Embassy and arresting Assange (http://www.bbc.co.uk/news/world-19259623). It all became very public, very quickly and fortunately never happened (http://www.telegraph.co.uk/news/worldnews/southamerica/ecuado9488996/Ecuadors-president-raiding-embassy-to-snatch-Julian-Assange-suicidal.html). I expressed my concern at the time that the UK shouldn’t have even been contemplating such action, let alone threatening it in writing to Ecuador. More recently, the UK disregarded the UN ruling that Julian Assange was being arbitrarily detained (https://www.theguardian.com/media/2016/feb/04/julian-assange-wikileaks-arrest-friday-un-investigation). The UK appealed, and then finally lost their appeal in November (https://www.rt.com/news/368746-un-ruling-free-assange/). Julian has also been refused to leave the Embassy with a police escort for medical treatment as well as denied to attend Gavin MacFadyen’s funeral. The UK’s behaviour is appalling and clearly has no respect for international law. The reported raid on the Embassy during the latter part of October seems more plausible when taken in the context of past behavior.
This is the Britain I now live in: http://www.independent.co.uk/life-style/gadgets-and-tech/news/investigatory-powers-bill-act-snoopers-charter-browsing-history-what-does-it-mean-a7436251.html. I never used to be ashamed to be British.
[Combined capabilities of intelligence agencies] We know much about the combined powers of the intelligence agencies. We know what they are capable of, thanks to the leaks of Edward Snowden. The combined powers of the NSA, CIA and the UK’s GCHQ are capable of pulling off such a massive takeover of Wikileaks. We know the NSA works with other US intelligence agencies, we know that the NSA works with GCHQ.
We know about Tempora, we know about JTRIG, we know about PRISM, we know about HAVOK. We know that websites can be altered on the fly, we know that real-time voice profiling is trivial for these agencies. We know that censorship is happening.
https://usnewsghost.wordpress.com/2014/07/15/new-july-14-edward-snowden-nsa-leaks-gchq-attacks-and-censors-internet-nsa-leaks-recent/ http://www.independent.co.uk/life-style/gadgets-and-tech/gchqs-favourite-memes-and-sexual-slang-reveals-a-shared-culture-with-trolls-and-hackers-9608065.html https://en.wikipedia.org/wiki/Tempora https://en.wikipedia.org/wiki/PRISM_(surveillance_program)
The NSA has a remit to be 10 years ahead of the curve. We have commercial products that can be purchased off the shelf today that can easily manipulate audio and video. Just imagine what the NSA and the military are capable of.
Real time facial manipulation: https://www.youtube.com/watch?v=ohmajJTcpNk Signs of editing: https://www.youtube.com/watch?v=2O9t_TEE1aw. Both Julian Assange and John Pilger are not filmed together at any time during the interview. There is also no establishing shot. It is also claimed that Assange’s audio is spliced and edited. No recent events mentioned by Assange, only Pilger. Unfortunately, this interview is not sufficient proof of life.
What the NSA can’t do, is that they cannot break PGP encryption. This has been expressed by Glenn Greenwald who was one of the journalists that Edward Snowden leaked to. He commented that he knows how secure PGP is because the NSA keep moaning about not being able to crack it in their documents he is reading. This is another reason why a signed PGP message can be the only true proof that WL isn’t compromised. Mathematics cannot lie, people can and do. A compromised WL can’t sign a message without the private key. Edward Snowden revealed that in 2013 the NSA were capable of 3 trillion password attempts per second. As it is now almost 2017, that number will likely be multiple times higher (anywhere between 9 to 15 trillion attempts per second would be my guess based on Moore’s law).
https://en.wikipedia.org/wiki/Joint_Threat_Research_Intelligence_Group https://en.wikipedia.org/wiki/Tempora https://en.wikipedia.org/wiki/PRISM_(surveillance_program) https://www.schneier.com/gchq-catalog/ https://en.wikipedia.org/wiki/Government_Communications_Headquarters
[WikiLeaks down on October 17th] The alleged raid on the Embassy supposedly took place on the 17th just after 1am GMT. On Monday the 17th of October 2016 WikiLeaks website was reported down (http://www.isitdownrightnow.com/wikileaks.org.html expand the comments) https://postimg.org/image/6t68fe4kj/. The internet was alive with reports of mass censorship around this time. This all coincides with when the alleged WikiLeaks takeover occurred. It also coincides with John Kerry being in the UK.
[Christine Assange audio only radio interview] Julian's family had their identities changed quite a few years ago after receiving death threats. It is odd that his mother has now revealed herself to a news agency. If you do a YouTube search for Christine Assange (her original name), you'll find all the videos are older than 3 years. She's in hiding, not openly talking on radio shows (https://en.wikipedia.org/wiki/Julian_Assange scroll down to the personal life section).
[WikiLeaks bitcoin account was emptied on the 18th of November] Interestingly it was after the bitcoin account was emptied that the encoded message in the blockchain was left. Why would WikiLeaks go to all that trouble when they could just sign a message with their PGP key? Is it because bitcoin accounts can be cracked and the PGP keys can’t?
[Mass censorship] Facebook is censoring this event (https://www.facebook.com/events/309760466089922/). It has been advertised for weeks now any only a handful of people are attending. Recently Wikileaks was live on FB. 50% of the viewers (roughly 2.5k) were commenting #PoL, #Whereisassange, RIP etc. The live event was only a prerecorded video being played in loop. Once it concluded, the whole Live event along with all the comments including the comments asking for PoL and PGP signed message were deleted. It was as if it never took place. When Julian’s DMS had supposedly been activated, I saw posts in threads being deleted within minutes. Supposedly with encryption keys, but it all happened too fast for anyone to collate. I took PDF printouts of the pages and then later noticed that posts and entire links were taken down. I have PDF's of pages that now no longer exist. I've been following this since mid-October and seen the censorship first hand. I know many people here on reddit witnessed the same (please comment with your experiences).
[WikiLeaks reposting old stuff] There are many examples of this already mentioned in the timelines. One for example is the Palantir Technologies report. Palantir Technologies prepared a report on how to destroy WikiLeaks that was leaked in 2011. The proposal was submitted to Bank of America through its outside law firm, Hunton & Williams. Palantir later apologised for their involvement. But WikiLeaks has recently regurgitated it as if it was new. There are many examples of this. I have watched as WikiLeaks have increasingly destroyed their credibility.
submitted by neonnexus to conspiracy [link] [comments]

JavaScript vs Python for Server-Side Encryption Processing

I have a cryptographic process to program, using both SHA and ECC functions. Furthermore, I need to generate Bitcoin public/private key pairs.
My restrictions: I have some working knowledge of both JavaScript and Python. I want to run almost all the cryptography server side.
Application details: First, the server receives a message from Alice, along with Alice's public key.
Server decrypt Alices method. Third, publish an output, to an ordered list, on a web page, and to a blockchain.
Fourth, a few rounds of cryptograpy functions (textbook ECC, and SHA).
Finally, send textbook ECC message back to Alice.
I also need to generate Bitcoin and ECC keys.
Can someone steer me towards Python and/or JavaScript libraries to do those things?
Thanks a lot!
Ed
submitted by EdK_crypto to cryptography [link] [comments]

Please Stop the ICO Reviews!

I'm sorry for this view of mine and that is exactly why I wasn't paying any attention to the ICO Reviews up until now. But sadly I just watched the AuthPaper one and I must say stop it just stop reviewing these things or at least try to do it differently (more on this at the end). This is the TL;DR version I guess. But I will try to argue this. All I'm writing is at the top of my head so I didn't check out all the data/stats and so on. But for I don't make my money reviewing complicated stuff like ICO's/Blockchains please take that with a grain of salt.
My criticism is obviously two fold the first part is that I don't like blockchain technology and I inherently don't trust it. The second part is more general why I think David Pakman should not review them at all, or not in the current format. So let's start with the latter

David Pakman should not review ICO/Blockchain/Cryptocurrencys

This will obviously be an ad hominem attack, but I hope a fair one. The first big issue with david reviewing ICO's for me is the most obvious. Cryptocurrencys try to solve so much it might not be possible for any single person to have expertise on all of those topics just to mention a few david commented on
These in itself are very complicated industries or topics and require either insight into the topic at hand and additionally insight into the industry these Cryptocurrencys are build around.

Cocos-BCX
For the COCOS-BCX one for instance it is highly questionable that the game industry itself will use COCOS-BCX. One might say but COCOS-2D is used by a lot of game developers. And obviously that is correct and to me that seems the whole Idea of BCX basically enabling easy gamedev inclusion of ItemStores in OpenSource games. Which is totally reasonable, but why does BCX need to be a Blockchain based cryptocurrency. Basically enabling an Ingame Trading API and a store connected to it solves the same Issue, but that would not produce the same publicity and probably not the same investment. More to this point later. One might answer but this wouldn't allow the gamedevs to verify that an item is the "same" or that these items are limited and scarce. This is not entirely true and has very serious downsides. It is in itself a topic that needs to be talked about. There are serious economic/philosophical/psychological arguments with the whole concept of selling these items. I would really like an in-depth analysis on that topic. And to make a rather unfair comparison in an ICO Review of NRA-GunCoin the moral issues with such a concept would be delved into. So to make the point I'm trying to make clear. For a good indepth review of Cocos-BCX we would need to know how many games are build using Cocos-2d, we would need to know if blockchain would really relate to game funding. We would need actual arguments for or against turning digital data into assets. We would need information on other solutions that might already be out there and why they don't deliver the same without the blockchain. So in davids review I'm missing a fucking review. He's not making these point at all or just in one sentence. This is not a critical review. I could find out all this data in like 30mins of google research. Maybe I'm wrong but it seems David just read their advertisement and that's it turning him into a bad salesman.
AuthPaper
The AuthPaper one is again really interesting I give you that but there are so much issues with it. First we have verified data transfer already. There is actually no issue at all. Nearly every data transfer in the internet is done using checksums and a lot of them are using cryptographic methods already. I know that there are issues with for instance emails I get that but why is AuthPaper really solving that better than a different or new email-protocol. Who in fact really has the problem of data transfer AuthPaper tries to solve. Is there another solution out there? Why don't we connect BitTorrent to a payment system for instance? What are the security concerns of sharing data encrypted to the world. I mean yes cryptography is supposed to be secure today but in 20years nobody can really guarantee that the data is still safe. Maybe that will be decrypted on a homebox. Or there is an error in the cryptographic algorithm that will release the whole data to the world. If you can't delete the data what happens with copyright claims or child pornography, I mean stuff like this happened already and obviously this might make it illegal to take part in AuthPaper. I took me like 5min to think about these issues. Should I really believe that David did a fair review that is supposed to tell me more about AuthPaper than their advertiser pitch? In a sense the only thing I can take out of this is there is no review here. No review it's just a repeat.
I'm not going into the rest of the ICO reviews. But I think there are legitimate points for every review that have to be made if you really review an ICO.
So to conclude why David should not review these ICO's:

General points to blockchain technology

Okay with criticizing David and his show out of they way. Some explanation might in order why I'm critical of blockchain technology as a whole. I think this is not needed but it is firstly an interesting topic that the david pakman show should definitely delve into more by far more but also for people reading this it might also give more insight why I am overly critical of david in this post.
Cryptocurrencys are inefficient
I think to everybody this is clear, the Proof-of-Work concept using mined hashes must be comparable to the worth of the transaction, and it must compete with the general market for CPU/GPU/ASIC power. This roughly means that it must be more or as valuable1 for a miner to mine than it is for the overall market to use these resources for other deeds. This is a huge issue. And right now it works because of different prices for electricity. Or because miners expect rising value of the mined assets or just for fun. But just picture this given a CPU based hash the whole IT industry will compete and has to compete with cryptocurrencys because of the Proof-of-Work concept over limited resources. Basically Cryptocurrencys based on mining will create as much work as needed for their system. This seems to be a total inverse of economics because it is supposed to be an extremely inefficient solution. Just compare BitCoin to normal Credit Card Money transfer or paypal. Yes one could argue that BitCoin has properties like anonymity or transparency but is it really the correct/best way to reach these goals by accepting forced inefficiency? Don't we have the obligation to stop BitCoin trading for instance because it results in a massive use of real valuable resources.
Cryptocurrencys are not "always" democratic / transparent / anonymous
Again to argue this in general is difficult and might not hit the mark an all Cryptocurrencys. And it is not entirely true. But I just want to make the point that the transparency of a given system is based on the user base. This assumes a democratic nature of the user base meaning everybody has some kind of equality in the process. This is highly controversial as BitCoin miners in China at certain time points had nearly seized over 50% of the mining. So the democratic nature can just be verified at the current moment. And it does rely on (1) very heavily. This results in a loss of transparency because by nature the whole system is anonymous. So we might not even know if BitCoin is democratic/transparent right now because we can't for sure know if all participants share some kind of equality. Secondly all these attributes rely on the algorithm used and the cryptography. Meaning the whole system is broken if one of those parts is broken. This means that the whole system might be worthless tomorrow because there is an effective attack on SHA-2.
And thirdly the anonymity in BitCoin is rather weak. Yes BitCoin is anonymous but there is no deniability built into the system. There is a reason for BitCoin laundering after all. This might not be true for all cryptocurrencys but it is for a lot of them. And this exposes a huge load of meta data to everybody in the world.
Cryptocurrencys can't forget
This I think might also be solved or is solved already. But while this is often hailed as good it is inherently bad or at least poses risks. Cryptographic algorithms might be broken with newer Hardware. Data might be illegal or just owning them might be prosecuted as a sever crime maybe without even knowing what the data is. This stuff happened already.
Cryptocurrencys don't really solve anything new
This is very important to me. And I might be totally wrong about this. But do they really solve a problem that can't be solved otherwise in a similar manner. I don't think so. And one might say I have the burden of proof. But I think I don't as it is very hard for me to prove that basically every cryptocurrency is solveable by other means. But If you are of this opinion please really try to bend your head around this. Because I know some of these things will be complicated to solve or rely on governmental intervention. And I must say arguing where does the money to do this come from or this is just not as interesting to people as a cryptocurrency are valid arguments for sure. But then they also need to account for the downsides of cryptocurrencys. And saying this needs to be transparent or anonymous is an interesting proposition overall, that again might be solved differently too. In a sense BitCoin for instance solved the issue of anonymous paying for illegal stuff (yeah i know this might be a bit to hard) because it created a lawless arbiter of trust. This does not mean that a bank didn't do the same think thousands years ago. It just means that BitCoin is able to do this on a much bigger scale and for nearly everybody instead of for really really rich people. And it is questionable if we should even have such a thing.

Cryptocurrencys are ponzi schemes or like MLM's
This is probably really hard to argue in general and I'm not fluent in economics. But Cryptocurrencys basically create worth out of nothing this needn't mean that they are a ponzi scheme, but it means that they can just be worth as much as the problem they solve is worth. And they might stop to solve that problem at any point because of the above.
But don't you have to invest in cryptocurrencys before taking part. Isn't your return from your investment deeply tied to the ability of the cryptocurrency to gain new investements. Aren't the profits generated by Cryptocurrencys shared pretty unequal. And aren't cryptocurrencies and blockchain pitched in the media right now as the new cyber the best solution for back pain you have ever heard of, it helps you loose 200 pounds in one week (I mean win 200). Just looking at the spread of cryptocurrency is like looking at ponzi schemes and MLM's. And they revenue or investment they gather from even huge companys and investors is ludicrous. While this maybe means that they are really that good I don't see an argument made that would in anyway justify such claims. Apart from it's working already.
Conclusion
So Cryptocurrencies are new and interesting. But they are also really dangerous and risky. To asses their credibility and verify their integrity one needs a lot of knowledge and for most of us it just means trusting some kind of scientific authority and the community. While a lot of what they do is already done by lame old solutions by companies that I would rather invest into. Maybe not the same amount of return right now but at least there is an authority I can sue for false claims, they work within a legal framework that my government can regulate and they are by far more effective.

A better way to review these things

I think it is pretty obvious in which direction I am heading. If you really want to review these things. Put time and effort into them, be critical. Do an analysis after the ICO taking place. And in general do your research on the differences of algorithms and cryptographic methods used (even if its boring). For me these reviews feel like pseudoscience and I hope I'm not alone. But maybe I'm lucky and I just got this thing horribly wrong and David or people on this reddit can explain to me what I totally missed.

BTW: if you complain that I didn't even put one source in here, you are right but this does not mean that there aren't sources for it. And most important it does not even mean that it is hard to find those sources.
submitted by SirCaddigan to thedavidpakmanshow [link] [comments]

How bloXroute Achieves Its Performance

How bloXroute Achieves Its Performance

How bloXroute Achieves Its Performance

By Eleni Steinman, Strategy & Operations Manager (Original post here)

In our last blog post we talked about the importance of neutrality in building a system that solves the scalability bottleneck. In this post, we will discuss how the bloXroute Blockchain Distribution Network (BDN) scales blockchains to 1000s of transactions per second (TPS) — and we’re just getting started.

How are blocks currently propagated?

Blockchain nodes connect to peer nodes — who are often geographically dispersed around the world — to create a peer-to-peer (P2P) network. (Read our post by Soumya, Co-founder and CTO, on how peer nodes connect here). When a new block is mined, the winning node sends the block to its peers, who wait until they receive the entire block, validate that block and then sends the block on to their peers, until the block is propagated throughout the entire P2P network.
Slow block propagation has been an issue for many years. In late 2013 / early 2014, the Fast Relay Network (FRN) was introduced to mitigate this problem. The FRN was a volunteer service operated for many years for the benefit of the miner community, until its support was abruptly stopped, and later replaced by FIBRE. The Falcon Network is another relay service run by Cornell University and offers several enhancements over FRN such as faster block propagation.

Source: http://bitcoinstats.com/network/propagation/
While these relay networks have provided some performance benefits, they are not enough to remove the scalability bottleneck. This is because they were not built with the goal of scalability in mind (albeit FIBRE is specifically optimized for small blocks).
The scalability problem is a networking problem and requires a solution specifically designed to solve it. As a refresher (read our CEO and Co-founder, Uri Klarman’s post here for a more in depth explanation), sending larger blocks takes proportionally longer to send (e.g. 10x larger block takes 10x longer to send) and increases the probability of a fork by roughly the same proportion. At 100x larger blocks (only 300 TPS in bitcoin), the block propagation time becomes so long that it exceeds the 10 minutes interval between blocks and the blockchain breaks. This is why no blockchain can do full 300MB blocks every 10 seconds.

The bloXroute BDN

The bloXroute BDN is an enhancement to the Falcon Network. This new broadcast primitive that is able to capture the efficiencies of a single source node data transmission to send data faster while preserving the decentralized nature of blockchains (read more about how we do this here). We employ three elegant, yet powerful techniques to achieve this performance: transaction caching, cut-through routing, and an optimized dynamic scale topology.
Transaction caching: bloXroute reduces network redundancy through the use of transaction caching. Since transactions are already known when it’s time to send out the block (as an unconfirmed transaction stored in the mempool, rather than send a block with “raw” transactions, the BDN sends just a few bytes representing the transaction. It does this by indexing the transactions, and then utilizing the indexes when transmitting blocks.
The transaction propagation process is as follows:

https://preview.redd.it/rsn6uk4dlam21.png?width=1430&format=png&auto=webp&s=4036a2351410295d70fd79f6a6a69122a5c883a4
When a miner builds and then sends its block to the Gateway, the Gateway replaces each transaction with a 4-byte internal ID. This technique allows bloXroute to effectively compress the block size by more than 100x (given that the average raw transaction is approximately 500 bytes, the index size is 4 bytes and the Gateway has a full mapping of the transactions that exist in the block) and in turn, propagate blocks over 100x faster (or 100x larger blocks at the same speed). If a transaction in a block has no internal ID, it is not replaced in the block.
Next, the block is encrypted and propagated throughout the BDN (relay servers). Once the block is received by the Gateways on the other end, the originating Gateway sends the encryption key, the block is decrypted by the receiving Gateways and reconstructed using their internal index tables.

https://preview.redd.it/ykfu6ejglam21.png?width=1297&format=png&auto=webp&s=66c369bcd8079cacbc6a8382000a01bc6e614e2a
Xthin blocks, Graphene and Compact blocks are similar techniques that compact blocks by replacing each transaction with its 6 bytes hash (not the usual 32 bytes SHA-256 hash). In our previous post, Uri, Co-Founder and CEO, explains the limitations of these solutions when the volume of transactions increases as keeping mempool in sync becomes harder, and collisions become frequent. Conversely, the bloXroute BDN does not suffer from the same desynchronization as the relay servers have a clear picture of all the data.
Cut-through Routing: Without a relay network, each hop in the block propagation checks the validity of the block it is receiving before sending that block on. A node will transmit blocks to its peer only when the block is fully received and validated. The bloXroute BDN does not wait until the entire block is received before it sends the block to a peer node but rather immediately streams each packet of data as it is received through a well-provisioned dedicated network infrastructure. This technique, known as cut through routing, allows bloXroute to broadcast data 10–100x quicker. Only once the blocks are received by the node through the Gateway are they validated.
Optimized topology: Another advantage of the BDN is its optimized topology. New Bitcoin nodes can find initial network peers by querying a set of hard-coded DNS servers. The DNS servers provide joining nodes with their initial peer list to connect to and from there, new bitcoin nodes can crawl through the network. The result, is a web of random connections where data is not propagated throughout the network in the most optimal route.
https://preview.redd.it/rfpk81ljlam21.png?width=800&format=png&auto=webp&s=5b6cd1189fc503a0f54a0a49e33c03d829431bf5
Conversely, bloXroute has strategically placed servers around the world to send data as efficiently as possible to the geographically dispersed set of nodes that comprises the various blockchain networks.
Furthermore, the BDN Control Plane will dynamically select the optimal relay peer based on network latencies and load. In most cases, the Control Plane will connect the Gateway to the closest relay server in terms of latency (ping distance).
This optimized topology allows the BDN to propagate data to the entire network more efficiently than a P2P network. Again, because bloXroute is provably neutral, it is able to take advantage of this efficiency without impacting the decentralized nature of blockchains.

Conclusion

bloXroute is able to achieve 1000s TPS using internal IDs, cut-through routing and an optimized topology. These techniques can provide scale that far surpasses the current needs of any single blockchain and are compatible with all blockchains as they run underneath the consensus layer.
— — —
We’re always looking for good people!
If you’re equally excited to solve the scalability bottleneck for all blockchains, consider joining our team! We are always looking for passionate partners to help us on this important journey. Check out our available positions to work with us in our Chicago offices.
Learn more
submitted by brooke_bloXroute to bloXrouteLabs [link] [comments]

Affine cipher - Tool to encrypt your mnemonic seed with paper and pencil

If anyone is familiar with modular arithmetic and finding inverses then an Affine cipher is a simple paper and pencil way to encrypt your seed before putting it in a safe.
Affine ciphers: https://en.wikipedia.org/wiki/Affine_cipher
Some videos on modular arithmetic and finding inverses:
https://www.youtube.com/watch?v=Eg6CTCu8iio
https://www.youtube.com/watch?v=shaQZg8bqUM
BIP39: https://github.com/bitcoin/bips/blob/mastebip-0039/bip-0039-wordlists.md
With BIP39 indexed from 0 to 2047 we can use Affine ciphers the following ways:
To encrypt the word we would use:
E(word) = a*word + b mod 2048
a and b are the key. It is necessary that gcd(a,2048) = 1 and that b is an integer
To decrypt the word we need to find the inverse of a (say a') and use:
D(word') = a'(word' - b) mod 2048
To give a simple example use a = 1 and b = 3 using the word atom which is indexed at 114
E(atom) = 114 + 3 mod 2048 = 117 mod 2048 = attitude
In this case a' = 1 so,
D(attitude) = 117 - 3 mod 2048 = 114 mod 2048 = atom
Non-trivial example use a = 13 and b = 18
E(atom) = 13*114 + 18 mod 2048 = 1500 mod 2048 = rocket
In this case a' = 1733 so,
D(rocket) = 1733(1500 - 18) mod 2048 = 114 mod 2048 = atom
Hope this helps!
submitted by SirMacLaren to Bitcoin [link] [comments]

Bitcoin mining with Roblox

Could it be possible that, with clientside scripts running in the game, that the double SHA-1 decryption algorithm could run on each players native client, and have the results posted to a serverwide blockchain readable textfile, which would then be uploaded to the blockchain to earn bitcoins?
submitted by moathon to roblox [link] [comments]

An exhaustive look at private keys for the uninitiated.

I wrote this explanation of private keys several months ago for folks in /BitcoinBeginners, but I thought some of the new people here might get some benefit out of it. There is no TL;DR. Sorry for the length! Any corrections or clarifications are welcome and appreciated!
A private key is just a really big number--that's it. If someone discovers the number you've chosen to use as your private key, they will be able to access any bitcoins assigned to that number. This may seem disconcerting at first. After all, if someone were to just happen to guess your number, they would have access to all your bitcoins, right? But many types of security come down to knowing or possessing something that is difficult to guess or reproduce. For example, a Master brand combination padlock with a 3 number combination on a dial with 0-36 has around 50,653 possible combinations (373 ). A typical pin-tumbler lock today has 5 pins with each pin having only about 10 different height levels meaning that there are only 100,000 (105 ) effective combinations for an average house key. Even a credit card number is only 15 characters long with 10 digits per character. That means there are only 1015 possible combinations of credit card numbers which is equivalent to about 1 quadrillion (there is some added security by combining that number with an expiration date and 3-digit security code, but I'm ignoring that for now). The point is, we're accustomed to using much smaller pools of possible combinations to protect many parts of our lives today.
By comparison, a private key for Bitcoin begins as a 256-bit number or a number that is 256 characters long with 2 digits per character (a bit in the binary number system that computers understand is either 1 or 0), which is 2256. That's huge. How huge? Remember that 1015 was equal to a quadrillion? A 256-bit private key used for Bitcoin can be any number between 0 and 115 quattuorvigintillion 792 trevigintillion 89 duovigintillion 237 unvigintillion 316 vigintillion 195 novemdecillion 423 octodecillion 570 septendecillion 985 sexdecillion 8 quindecillion 687 quattuordecillion 907 tredecillion 852 duodecillion 837 undecillion 564 decillion 279 nonillion 74 octillion 904 septillion 382 sextillion 605 quintillion 163 quadrillion 141 trillion 518 billion 161 million 494 thousand 336.
In reality (because of some of the fancy math we do to that 256-bit number to make it a bit more useable create the public key pair value which we will use as the address), some of the available addresses will overlap, so the actual pool of available addresses is more like 2160, but we're still talking about a gigantic number of possible addresses. To give you some context on the sheer scale of 2160, the number of grains of sand on the Earth is estimated at about 266. The number of stars in the universe is estimated at about 276. There are approximately 296 atoms in a cubic meter of water, and the number of atoms in the sun is estimated at 2190. Need a visual comparison? This graph shows the number of available Bitcoin addresses compared to the width of the universe in Zeptometers (one Zeptometer is one quintillionth of a meter) and the age of the universe in Yoctoseconds (one Yoctosecond is one sextrillionth of a second). So your private key with its 2160 possible combinations should be pretty safely hidden. Even a computer that could execute 1013 instructions per second would take around 5 trillion years to guess your private key.
Since most humans can't keep a number in the quatturovigintillion's in their head, there are a number of tricks we can use to make it easier to manage. One thing we can do is to reduce the number of characters we have to remember, and the way to do that is to change the numerical base we use. Computers represent numbers in binary (also called base 2) which means every digit in the number is either a 0 or 1. To represent a private key in base 2, we have to use 256 places. To represent the same number in the base 10 we most commonly use, where each digit can be 0-9, we would only need 77 places. So, the higher the base, the smaller the resulting string. Base 16 (also known as hexadecimal) uses 0-9 and A-F for a total of 16 different possibilities for each digit. This reduces the number of places needed to represent the number to 64. There are many other bases that use different characters to represent more and more of the number, but the most common numerical base to use for Bitcoin addresses is Base 58 (actually, it's a special version of Base 58 called Base58Check which only uses characters that are not easily confused visually like 0 and O, and includes a 32-bit checksum appended to the payload, and has an extra step to preserve leading zero bytes). The result is a string of letters and numbers that is usually about 51 characters long.
Of course, if you don't want to waste time trying to memorize a string of 51 characters, most of us trust our Bitcoin wallet applications to write that number to a file and to keep track of it for us. But anytime you write down your key, you make it vulnerable to being discovered, especially if the thing you write it on is connected to the Internet. This is why it is smart to encrypt the file containing your private key. And this is where some people get confused: The passphrase for your private key, in this example, is only for locally decrypting a file on your computer or device that stores your private key. It is not for using or accessing the private key itself. You cannot passphrase-protect the ability to use your private key to prevent an unauthorized person from using your private key, you can only take steps to hide what that key actually is.
Another way you can hide your private key to make it easier to transport on paper is by using an encryption process developed specifically for Bitcoin addresses known as BIP38 (BIP stands for Bitcoin Improvement Proposal). BIP38 allows you to create a new address which looks similar to a Bitcoin private key, but will not function as one directly. Instead, you will need to decrypt the BIP38 address using a program that understands how to decrypt BIP38 using the passphrase that encrypted the address. This is a handy process because you can carry a BIP38 protected address around on a piece of paper, and as long as you remember the passphrase, your bitcoins should remain safe even if the paper is stolen or lost. Again, this doesn't protect someone from using your private key if they discover it in some other way, but it will conceal your private key when you write it down to make it more difficult to discover.
Now, you may have heard in some cases that a passphrase is a private key. This may be confusing, but this is just referring to another way to keep track of this very large number. There are mathmatical formulas that can take data of any length and by passing it through the formula they create a number with the same number of bits every time. These formulas are called hashing algorithms. One such hashing algorithm is called SHA-256 which can take data of any length and produce a 256-bit number from it. You could give it a single word that's 6 letters long, or give it a text file with all the collected works of William Shakespeare in it and each one would produce a unique 256-bit number. And because of the properties of the formula, as long as you feed it the same data that you did originally it will always produce the same number as a result (called a hash). So, when someone tells you that their passphrase is their private key, they mean that they have fed their passphrase through a hashing algorithm to produce a 256-bit number from which they can use as their private key. This process is also known as a brain wallet. While this may seem clever you're essentially pitting your memory capacity against a cracker with a computer, and the odds are the computer will win. Please avoid using brain wallets if you have the choice.
If your private key is ever exposed or if it can ever be calculated using a hashing algorithm, that is all someone needs to take any bitcoins contained in that address, so take good care of it!
edit: just clarifying a couple of points
edit2: updated the name of the number between which private keys can be used, and clarifying that the math is applied to the public key which is what introduces the potential for collisions
edit3: clarifying what Base58Check differs from Base58
submitted by spectyr to Bitcoin [link] [comments]

Why demanding proof that WikiLeaks is not compromised is necessary

UPDATE (11/01/2017 - UK Date Format): Julian Assange is alive and still in the Embassy. He confirms WikiLeaks has not been compromised. Julian took questions from the Reddit AmA but answered them via live, current and interactive video. He did this very intentionally, and by so doing, was true to his word. Watch a recording of the live event here:
https://www.youtube.com/watch?v=rC2EjKYMCeg
Why demanding proof that WikiLeaks is not compromised is necessary: https://www.facebook.com/events/309760466089922/ (PoL Event @ Ecuadorian Embassy London 17th December 2016) – If you live in the UK please come and let’s get REAL PoL. Please circulate.
1) Still no PGP (GPG) signed short message from WikiLeaks.
2) RiseUp’s warning canary may be dead (RiseUp is believed to host WL Twitter email account)
3) Julian’s internet hasn’t been restored as promised
4) The pre-commitment file hashes released in October do not match the released insurance files
5) Julian’s Swedish defense lawyer Per Samuelson was denied access during case questioning. No one actually saw Julian through the whole process.
Additional points: - UK disregard for international law
Various timelines, some with minor errors:
https://www.reddit.com/WikileaksTimeline/wiki/index
https://www.reddit.com/WhereIsAssange/comments/5dmr57/timeline_of_events_regarding_julian_assange_and/
https://regated.com/2016/11/julian-assange-missing/
[Still no PGP (GPG) signed short message from WikiLeaks]
Watch this https://youtu.be/GSIDS_lvRv4 video for a simple and good explanation of public/private key cryptography. Here https://riseup.net/en/canary is an example of how a legitimate cryptographically capable organisation uses PGP to sign a message and prove authenticity. WikiLeaks has this setup too. Why do they not use it and prove they are not compromised?
WikiLeaks could easily do this. They have their private key. The public has WikiLeaks public key. Even if Julian isn’t in possession of the key, WL most certainly is, no excuse for WL not to prove themselves. This has been heavily requested of WikiLeaks. I’d like to hear from the individuals who claim that their requests were removed (please leave comments). Of all the red flags, not posting a PGP signed message is by far the most damming.
If we are to believe that the person in the audio recording at the FCM 2016 is Julian Assange, then what he says about the keys is missing the point. If he himself is not in possession of the key, then WikiLeaks will be. If WikiLeaks use the key to prove themselves, then we know they are not compromised. By extension, we will also be assured that Julian is safe as an uncompromised WikiLeaks would be in a position to confirm his safety and be believed. This audio file includes everything that he says regarding PGP keys: http://picosong.com/UyVw/ (I am not convinced this is Julian).
[RiseUp’s warning canary may be dead (RiseUp is believed to host WL Twitter email account)]
RiseUp is an activist ISP providing secure services to activists. Its mission is to support liberatory social change via fighting social control and mass surveillance through distribution of secure tools (https://en.wikipedia.org/wiki/Riseup).
RiseUp use a warrant canary as a means to protect their users in case RiseUp are ever issued with a NSL or gag order etc (https://riseup.net/en/canary). This is renewed quarterly, assuming no warrant has been issued. However, this is now considerably overdue so the assumption is that the canary is dead, and just like the canaries used in coal mines, everyone should get the hell out of there when it dies. https://theintercept.com/2016/11/29/something-happened-to-activist-email-provider-riseup-but-it-hasnt-been-compromised/. I would be grateful if someone could provide a source for the WikiLeaks twitter email account being hosted by RiseUp.
[Julian’s internet hasn’t been restored as promised]
https://twitter.com/wikileaks/status/787889195507417088 https://twitter.com/wikileaks/status/788099178832420865
On the 26th of September 2016 Secretary of State John Kerry visited Colombia. WikiLeaks reported that inside sources had confirmed that John Kerry also met with Ecuadorean President Rafael Correa in Ecuador to personally ask Ecuador to stop Assange from publishing documents about Clinton. This was initially fervently denied in the press only later to be confirmed by the Ecuadorian Embassy who admitted cutting off Julian’s internet due to pressure from the US. Ecuador wanted to appear impartial.
Both John Kerry and US intelligence agencies knew perfectly well that cutting off Julian's internet would have no impact on the release of the leaked emails that were damaging to Hillary's campaign.
The cutting off of Julian's internet access was not for the purpose of preventing the leaks of the Podesta and Hillary emails. Unless intelligence agencies are truly inept, they knew that media organisations already have the entire leaked email database and a schedule for release, they also knew WikiLeaks staff would continue to leak regardless of Julian's ability to communicate.
Now it is long after the election and Ecuador have still not restored Julian’s internet. Ecuador have no grounds to continue to restrict Julian’s internet. It does nothing apart from increase tensions and raise suspicion.
Ecuador have always been supportive of Julian. However, after John Kerry applied pressure on Ecuador, that whole dynamic changed. Ecuador cut Julian's Internet. He then essentially threatened Ecuador, the UK and John Kerry by submitting those pre-commitment file hashes on Twitter. Since then we have only seen hostility towards Julian from all three parties. Ecuador didn't restore his internet and didn't let his lawyer interview him and no one actually saw him. The U.K. Denied him access to Gavin's funeral and denied him access to medical treatment. The UK also continually disregard the UN. The dynamic now is totally different. He has no political friends. It seems that both the UK and Ecuador are now working against Julian and Wikileaks. An environment where a collaborated siege would be feasible.
Finally, many have speculated about mobile signals being blocked at the Embassy. I can confirm that there is 4G signal right outside the Embassy door. I was there, with my phone, and tested it. There is no reason to think Julian cannot use a MiFi device (or similar) connected to a cellular network.
[The pre-commitment file hashes released in October do not match the released insurance files]
Here are the October tweets with the file hashes:
https://twitter.com/wikileaks/status/787777344740163584 https://twitter.com/wikileaks/status/787781046519693316 https://twitter.com/wikileaks/status/787781519951720449
These 3 pre-commitment Twitter posts are SHA-256 file hashes. SHA-256 file hashes are 64 characters long. They are not encryption keys for insurance files. They simply are a mathematical formula for verifying that later released files are genuine and have not been altered.
These hashes were released because Julian felt threatened and in increased danger. They specifically targeted the UK FCO, Ecuador and John Kerry. All of whom are key players in his current predicament.
On November 7th, WikiLeaks released 3 new insurance files. These files names match the names given in the pre-commitment hash tweets:
2016-11-07_WL-Insurance_EC.aes256
2016-11-07_WL-Insurance_UK.aes256
2016-11-07_WL-Insurance_US.aes256
EC = Ecuador, UK = UK FCO, US = John Kerry. Soon after these files were released, the 3 files hashes were compared to the 3 hashes posted on the 16th of October. They did not match. When this was brought to WikiLeaks attention, WikiLeaks released the following statement in a tweet:
https://twitter.com/wikileaks/status/798997378552299521
“NOTE: When we release pre-commitment hashes they are for decrypted files (obviously). Mr. Assange appreciates the concern.”
This firstly proved that the hashes and the insurance files were related (a fact that was already clear). Secondly, it was a lie, as it implied historical use of pre-commitment hashes in this manner. Thirdly, the (obviously) comment was also a deception and an insult to supporters. It was not obvious to anyone, not even to our crypto guys in /cryptography/, on the contrary, they thought it highly suspicious.
Additionally, what they suggest would be absolutely pointless. Pointless as a threat, as the UK, Ecuador and John Kerry would have no practical way of identifying the documents to confirm the threat.
There's absolutely no scenario where an uncompromised WikiLeaks would either post bad file hashes or altered insurance files.
[Julian’s Swedish defense lawyer Per Samuelson was denied access during case questioning]
This is highly unusual and very suspicious. Also, Jennifer Robinson was not in the room with Assange. https://www.youtube.com/watch?v=MYR0Pw9LfUQ&feature=youtu.be&t=9m55s and neither was the chief prosecutor http://www.bbc.co.uk/news/world-europe-37972528 “Swedish chief prosecutor Ingrid Isgren will not speak to Mr Assange directly”.
[UK disregard for international law]
The UK threat is very real. Back in August 2012 the UK was poised to break international law citing the Diplomatic and Consular Premises Act of 1987 as a basis for entering the Embassy and arresting Assange (http://www.bbc.co.uk/news/world-19259623). It all became very public, very quickly and fortunately never happened (http://www.telegraph.co.uk/news/worldnews/southamerica/ecuado9488996/Ecuadors-president-raiding-embassy-to-snatch-Julian-Assange-suicidal.html). I expressed my concern at the time that the UK shouldn’t have even been contemplating such action, let alone threatening it in writing to Ecuador.
More recently, the UK disregarded the UN ruling that Julian Assange was being arbitrarily detained (https://www.theguardian.com/media/2016/feb/04/julian-assange-wikileaks-arrest-friday-un-investigation). The UK appealed, and then finally lost their appeal in November (https://www.rt.com/news/368746-un-ruling-free-assange/). Julian has also been refused to leave the Embassy with a police escort for medical treatment as well as denied to attend Gavin MacFadyen’s funeral. The UK’s behaviour is appalling and clearly has no respect for international law. The reported raid on the Embassy during the latter part of October seems more plausible when taken in the context of past behavior.
This is the Britain I now live in: http://www.independent.co.uk/life-style/gadgets-and-tech/news/investigatory-powers-bill-act-snoopers-charter-browsing-history-what-does-it-mean-a7436251.html. I never used to be ashamed to be British.
[Combined capabilities of intelligence agencies]
We know much about the combined powers of the intelligence agencies. We know what they are capable of, thanks to the leaks of Edward Snowden. The combined powers of the NSA, CIA and the UK’s GCHQ are capable of pulling off such a massive takeover of Wikileaks. We know the NSA works with other US intelligence agencies, we know that the NSA works with GCHQ.
We know about Tempora, we know about JTRIG, we know about PRISM, we know about HAVOK. We know that websites can be altered on the fly, we know that real-time voice profiling is trivial for these agencies. We know that censorship is happening.
https://usnewsghost.wordpress.com/2014/07/15/new-july-14-edward-snowden-nsa-leaks-gchq-attacks-and-censors-internet-nsa-leaks-recent/ http://www.independent.co.uk/life-style/gadgets-and-tech/gchqs-favourite-memes-and-sexual-slang-reveals-a-shared-culture-with-trolls-and-hackers-9608065.html https://en.wikipedia.org/wiki/Tempora https://en.wikipedia.org/wiki/PRISM_(surveillance_program)
The NSA has a remit to be 10 years ahead of the curve. We have commercial products that can be purchased off the shelf today that can easily manipulate audio and video. Just imagine what the NSA and the military are capable of.
Real time facial manipulation: https://www.youtube.com/watch?v=ohmajJTcpNk Signs of editing: https://www.youtube.com/watch?v=2O9t_TEE1aw. Both Julian Assange and John Pilger are not filmed together at any time during the interview. There is also no establishing shot. It is also claimed that Assange’s audio is spliced and edited. No recent events mentioned by Assange, only Pilger. Unfortunately, this interview is not sufficient proof of life.
What the NSA can’t do, is that they cannot break PGP encryption. This has been expressed by Glenn Greenwald who was one of the journalists that Edward Snowden leaked to. He commented that he knows how secure PGP is because the NSA keep moaning about not being able to crack it in their documents he is reading. This is another reason why a signed PGP message can be the only true proof that WL isn’t compromised. Mathematics cannot lie, people can and do. A compromised WL can’t sign a message without the private key.
Edward Snowden revealed that in 2013 the NSA were capable of 3 trillion password attempts per second. As it is now almost 2017, that number will likely be multiple times higher (anywhere between 9 to 15 trillion attempts per second would be my guess based on Moore’s law).
https://en.wikipedia.org/wiki/Joint_Threat_Research_Intelligence_Group https://en.wikipedia.org/wiki/Tempora https://en.wikipedia.org/wiki/PRISM_(surveillance_program) https://www.schneier.com/gchq-catalog/ https://en.wikipedia.org/wiki/Government_Communications_Headquarters
[WikiLeaks down on October 17th]
The alleged raid on the Embassy supposedly took place on the 17th just after 1am GMT. On Monday the 17th of October 2016 WikiLeaks website was reported down (http://www.isitdownrightnow.com/wikileaks.org.html expand the comments) https://postimg.org/image/6t68fe4kj/. The internet was alive with reports of mass censorship around this time. This all coincides with when the alleged WikiLeaks takeover occurred. It also coincides with John Kerry being in the UK.
[Christine Assange audio only radio interview]
Julian's family had their identities changed quite a few years ago after receiving death threats. It is odd that his mother has now revealed herself to a news agency. If you do a YouTube search for Christine Assange (her original name), you'll find all the videos are older than 3 years. She's in hiding, not openly talking on radio shows (https://en.wikipedia.org/wiki/Julian_Assange scroll down to the personal life section).
[WikiLeaks bitcoin account was emptied on the 18th of November] Interestingly it was after the bitcoin account was emptied that the encoded message in the blockchain was left. Why would WikiLeaks go to all that trouble when they could just sign a message with their PGP key? Is it because bitcoin accounts can be cracked and the PGP keys can’t?
[Mass censorship]
Facebook is censoring this event (https://www.facebook.com/events/309760466089922/). It has been advertised for weeks now any only a handful of people are attending. Recently Wikileaks was live on FB. 50% of the viewers (roughly 2.5k) were commenting #PoL, #Whereisassange, RIP etc. The live event was only a prerecorded video being played in loop. Once it concluded, the whole Live event along with all the comments including the comments asking for PoL and PGP signed message were deleted. It was as if it never took place.
When Julian’s DMS had supposedly been activated, I saw posts in threads being deleted within minutes. Supposedly with encryption keys, but it all happened too fast for anyone to collate. I took PDF printouts of the pages and then later noticed that posts and entire links were taken down. I have PDF's of pages that now no longer exist. I've been following this since mid-October and seen the censorship first hand. I know many people here on reddit witnessed the same (please comment with your experiences).
[WikiLeaks reposting old stuff]
There are many examples of this already mentioned in the timelines. One for example is the Palantir Technologies report. Palantir Technologies prepared a report on how to destroy WikiLeaks that was leaked in 2011. The proposal was submitted to Bank of America through its outside law firm, Hunton & Williams. Palantir later apologised for their involvement. But WikiLeaks has recently regurgitated it as if it was new. There are many examples of this. I have watched as WikiLeaks have increasingly destroyed their credibility.
submitted by neonnexus to WhereIsAssange [link] [comments]

xvultx4llltx7w2d.onion is 18 months online today

TLDR; The site that has been running nice and quietly on TOR for 18 months. We thought today is a good day to make the url public outside of our group of amigos.
PGP: 3DB6 FF02 6EBA 6AFF 63AF 2B6E DCE5 3FA2 EC58 63D8 Bitcoin: 18FNZPvYeWUNLmnS6bQyJSVXYPJ87cssMM TOR: http://xvultx4llltx7w2d.onion

Vultronix encrypted social network.

Abstract: Since time began, social interaction has always been private to those within the same vicinity. Today, however, much data is sent encrypted to a third party, gets decrypted on arrival and then stored among mountains of un-encrypted data, stored for financial gain creating giant honeypots. These giant honeypots of un-encrypted data are just too irresistible to those who have the power to request access.
We propose a solution to these centralized honeypots by enforcing client side encryption in such a way that the server has no access to the encrypted content, we believe this can be achieved via a mix of key hashing, PGP, AES and Onion routing. We acknowledge the current JavaScript anonymity problem and see a future where secure hardware will encrypt/decrypt the data for the user. We propose the below as a simple POC for inspiration of future development, open for all to copy, enhance and most importantly, to scrutinize.
1. What is the example? A truly client side TOR based encrypted centralized social network. Allowing users to interact anonymously online without the ability of the host to spy on the user. Trust with the host is established via signed open source Javascript. Everything is delivered directly from the host via TOR without any use of CDNs.
2. Centralized over decentralized? The greatest problem available to implementing encryption to the masses is user experience. We developed Vultronix to allow the user to interact with others securely via a familiar feeling platform. More experienced users can download the code and setup their own .onion domain, further removing the risk of a centralized authority.
3. Registration The user is required to fill in 3 fields. For familiarity we've named them the following - Email address, Password and Words list. The user is not required to enter their actual email but is encouraged to generate a string with a lot of entropy; it is acknowledged that the less experienced user will probably make up an email address, both the password and words field should be as random as possible. The entropy of these 3 fields is on what the user's encryption depends.
Note: as the system is not decentralized, the logins are only available to brute force attack by the host or if/when the database is compromised and dumped online. To achieve the best security a password tool should be used with 3 very random strings. A more user friendly solution is to make up a very random but easy to remember email address via a random mnemonic seed generator similar to BIP39, a difficult password the user can remember and a short word list.
Given a user selects the following log in details which, let's assume, were created by a BIP39 generator. + email: [email protected] + password: liquid sketch husband + Word list: shove proof dismiss gauge
The above contains 12 completely random words.
The browser will concatenate these to [email protected] sketch husbandshove proof dismiss gauge This value would then be hashed, creating the following hash. 90bc6ba57145e2116ea10d136ec49061e9a15c5694b171ba1e5753ab02e141e4
This hash is hashed forward 5001 times, on the 2000th hash the sha-256 becomes a sha-512 hash in the following fashion. SHA512(2000th hash + 2000th hash) and is stored momentarily as the "loginHash" variable. The loop continues on with all further loops taking a different path that can't be reached by hashing forward the login hash. The 3000th hash is saved as the "passphrase" variable The 4000th hash is saved as the "encryptionKey" variable and the 5001st hash ends up being Hashed again for good measure. loginHash = SHA512(loginHash + 5001st hash);
At the same time during registration the user's browser will generate a 4096 PGP key pair. The PGP password is the "passphrase" variable. Both the passphrase and the encryptionKey never reach the server. The PGP pub/priv keys are both AES encrypted with the encryptionKey as the password and sent to the server.
Note: The PGP public key is never sent to the server unencrypted as we don't want someone with access to the Database to be able to analyze who is friends with who.
Also generated at sign up is a UUID, this is AES encrypted as well.
Sent to the server on sign up is the following. + encrypted: PGP public key - AES encrypted string. + encrypted: PGP private key - AES encrypted string. + encrypted: UUID - AES encrypted string + loginHash: SHA-512 hash.
Upon signing in, the user fills out his profile. This data (including any images uploaded) is encrypted client side by the user, the user encrypts a copy to himself using his own PGP public key, which is currently decrypted in his browser session, then encrypts this again with his AES encryption key.
4. Login A user will login with the same credentials used at sign up, the loginHash will reach the server and the server will find a match and send back the user's encrypted credentials. The user's client will decrypt these with his "passphrase" and "encryptionKey", neither of which have ever been sent to the server.
Note: If a MITM intercepts a user loginHash over the wire, the MITM will be able to retrieve the encrypted data from the server, but will never be able to decrypt it, and won't have any further access to the user's data.
Once the user decrypts his credentials data, he'll have access to his UUID, the client will then request from the server an encrypted friends list object, the client will decrypt this and populate client side his friends list. This will contain the public PGP key of each of his friends along with a friendship key unique to each friendship as well as a generated shared password unique to each friendship. The client will also send requests to the server to look for feed updates, inbox messages, new friend requests and accepted friend requests etc.
5. Friend requests To keep friendships private, a user must send another user a friend request token. Since everything in the Database is encrypted , it isn't possible for a user to simply look up a friend. Via the friend request page the user will fill out a short message and press a button. The user is presented with a SHA-256 hash that will expire after 2 weeks. The user simply needs to pass this hash onto his friend via other means of contact, the friend then enters the hash into the friend request page, the friend will then see a thumbnail of the user (or whatever logo the user has chosen for his profile picture) followed by the short message the receiving friend should recognise, e.g. "Hey Alice it's Bob, please accept my friend request", Alice accepts the friend request and they're now friends, Alice won't have access to Bob's profile page until Bob next logs in.
Behind the scenes, the following happens: Bob's message is concatenated to a generated UUID This string is hashed many times like the loginHash An object is created containing Bob's following encrypted data: + PGP Pub Key + friendshipUUID unique to this friendship + sendersFriendshipUUID + acceptersFriendshipUUID + Bob's Name + Bob's thumbnail (all images are converted to base64 strings in the browser then encrypted/decrypted client side) + Request message etc.
This encrypted data is sent to the server, the friendship token is equivalent to the final login hash that a user generates on login. Bob doesn't, however, send Alice this final hashed token, he sends her an earlier version of a hash. Alice will enter this hash, her browser will roll it forward creating the decryption key and eventually the friendship token that resides on the server, her client will send this to the server, the server will respond with the encrypted data. Only she can decrypt the data as only she has the earlier hash of the friend request token.
She decrypts Bob's friendship data, adds it to her FriendsList data, encrypts the latest copy and sends it through to the server for safe keeping. Alice's client will now create an encrypted accepted friendrequest object submitting it to the server. Alice will then use Bob's PGP key and their new friendship password they share to double encrypt her profile to Bob.
When Bob logs in next (or if currently online via web sockets) he will receive the accepted friendrequest token. Bob's client will then do what Alice's did and update his friends list etc and send a copy of his profile through to Alice. Bob and Alice will now see each other's new status updates, album updates etc.
Note: A new friend can never see old status updates, this should be considered a feature.
6. Chat and instant messages Users can see when other users are online and chat via web sockets, they can also send offline messages via their inbox. These messages are double encrypted. If Bob sends Alice a message, the following happens: Bob's client will encrypt the message using Alice's PGP public key and a copy using his own PGP public key, he'll then encrypt both using their shared friendship password and place 2 entries into the database. If Alice is online the server will push up her messages instantly via web sockets, if not, she'll see the message the next time she logs in, she'll notice this as the inbox icon will be red to signify unread messages.
Note: If a user has Vultronix open in another tab, he'll hear a sound when a new message is received as well as a keyboard sound when his friend is typing.
7. Group invites Groups allow shared users to associate online in private without having any access to who other members of the group are, users can also send private encrypted messages to other users of a group in full privacy. Anyone can create a group. On group creation the group's admin client will generate a random password, the admin can give the group a logo and message etc. The admin can then create a group invite token and the recipient of the token can sign up to the group in the same way that a user would accept/decline a friendship request. Once a user is a member of a group, he too can invite friends. All of these people will share an AES encryption key which they'll get via decryption of the encrypted invite request. Each user will be able to download a shared membership list of the group, which will not be able to identify any users. This list will contain user PGP keys that are used when a member sends another member of the group a private 1 - 1 message.
TLDR; Everyone in the group can start threads, comment in threads, invite new friends etc, no one outside of the group will even know of the group's existence, the group's description, name, members list etc. All of it is encrypted and private. No member will know that other members have privately messaged each other. No member will be able to find another member's profile. However, if they wish to be friends, they can private message a friendship request token. Members can have their own groups and private message friend request tokens through to members to join other private groups.
8. Status updates When a user creates a new status message, the user's friends will see the message appear in their feed either in real time if they're online, or the next time they login. When a user fills in the status box, the user can optionally add a photo or youtube video link (caution: external services could be used to track you) and then press save. After the user saves the status the following happens:
The status is encrypted and saved to the server. To reduce client computation time as well as server storage, only one copy of the status is saved to the server. The client will encrypt and upload a new encrypted message for each of his friends, this message will simply hold a AES decryption key and a status ID, the friend's client will then request this status and decrypt it. All of the user's friends can comment on the status, only the user will be able to click through to their profiles. It's impossible for user's friends to be able to interact with each other outside of their shared friend's status comment box.
9. Shops Private encrypted shops would be easily implemented via the following: The shop owner would setup shops in a similar way to setting up a group, inviting customers to his private shop with tokens. He could send these tokens to his friends in his friends list or new people he meets in a private members group via private message. This would allow the shop owner to sell to only people he trusts, e.g. his grandmother or aunt etc. The shop owner would have complete privacy. The shop owner would keep control of all his bitcoin private keys. He would enter a list of bitcoin addresses, then add items to his shop. Upon adding an item, the client would submit an encrypted copy of the item to the server for each customer of his store. Customers would browse his store and see an item, the item would have a bitcoin address to pay to. The customer would enter a message, be it his email address for a digital order or a postal address for a physical order. He would then pay to the bitcoin address and hit submit. The shop owner would see a page with orders and see the email address and manually check the bitcoin address has funds.
This would allow sellers and buyers online to have great protection, providing they're buying/selling from people they trust. If the server is hacked and database stolen, no one will have access to any bitcoin as no private keys would ever be on the server and everything is encrypted, so no one would know what shops even exist, unless they have a personal invite to that store.
This kind of private store could be very useful for people living under oppressive regimes. If, for example, someone wants to learn about Capitalism and would like to buy Capitalist literature but they live in a censored Communist state, they could access via TOR and order anonymously without ever having to worry about the site being hacked and their government going through the data and heavily punishing them, possibly with death. They would be at risk though of the literature being confiscated in the mail so they'd be better off to order a digital copy and have it emailed or, perhaps, the seller could simply copy and paste the text into a private message to the seller.
The possibilities would be endless for the above, we have not implemented this though as we're not sure of the legality. If someone decided to sell something illegal and law enforcement wanted information on the buyeseller, we would never be able to retrieve it from the database. If, however, they managed to become a member of a store, they could perhaps tell us a UUID that might represent the store and we could delete the shop at their request, but not much else. For this reason we're not going down this path, it is however fascinating to think of.
We'd predict that OpenBazaar would one day offer the ability of hidden stores, not just the ability to route via TOR. For any OB users we've added a OpenBazaar field to the member profile info page.
The goal of this project is to show that client side end to end encryption is possible for intermediate users and not that difficult to implement. We hope this inspires people to build something similar and better or, perhaps, fork the code and fix some bugs etc.
We appreciate your time, if you enjoyed this or atleast appreciate our effort, our bitcoin address is below. Bitcoin: 18FNZPvYeWUNLmnS6bQyJSVXYPJ87cssMM
PS: The code will be uploaded to a public Github profile this week.
http://xvultx4llltx7w2d.onion Latest version: Content hash: 1aa450c4a4bef1ddee92d6572f81aa14baad959402563064f0ff81e6f42b69d9 lib.js hash: 8704461878818f5f00f18c61789e03c1b90bfc07bc21a15301ce876e7f71829c
submitted by Vultronix to onions [link] [comments]

Crack, decrypt Hash with Hashess (Windows 7/8/8.1/10 ... Freebitco in Script Next Roll Prediction SHA 256 Decrypt ... how to decrypt a hash password DECRYPT SHA256 ETHERCRASH.IO PREDICT!

Free decryption hash! Service provides services for the decoding md5 , sha-1, mysql, wordpress and other hashes free of charge on this page.. Decoding takes some service resources, so can the time delay with your order. For more rapid and priority order status may flow in the order of decoding a paid theme. Crypter un mot en md5, ou décrypter un md5 en le comparant à notre base de données de 15,183,605,161 hashs uniques gratuitement. Md5 (Message Digest 5) is a cryptographic function that allows you to make a 128-bits (32 caracters) "hash" from any string taken as input, no matter the length (up to 2^64 bits).This function is irreversible, you can't obtain the plaintext only from the hash. The only way to decrypt your hash is to compare it with a database using our online decrypter. SHA-256 is a member of the SHA-2 cryptographic hash functions designed by the NSA. SHA stands for Secure Hash Algorithm. Cryptographic hash functions are mathematical operations run on digital data; by comparing the computed "hash" (the output from execution of the algorithm) to a known and expected hash value, a person can determine the data's integrity. Supports: LM, NTLM, md2, md4, md5, md5(md5_hex), md5-half, sha1, sha224, sha256, sha384, sha512, ripeMD160, whirlpool, MySQL 4.1+ (sha1(sha1_bin)), QubesV3.1BackupDefaults Download CrackStation's Wordlist How CrackStation Works. CrackStation uses massive pre-computed lookup tables to crack password hashes. These tables store a mapping between the hash of a password, and the correct password ...

[index] [30025] [26604] [559] [20681] [46891] [33689] [26489] [732] [31557] [44086]

"HOW to Decrypt PASSWORDS(encrypted in functions like MD5 ...

How to quickly verify MD5, SHA1 and SHA2 (256, 384, 512) Checksum in Windows using Command Prompt - Duration: 2:11. 2013Electronics&Computers 41,984 views How to Encrypt/Decrypt Your Passwords on Kali Linux - HashCode ... How sha256 algorithm works sha 256 bitcoin sha 256 blockchain sha2 in hindi - Duration: 10:28. Geeks Prix 5,840 views. 10 ... 2017 woking hacked bitsler Roll decrypter win alot of bitcoins ... (I make for example with super power now 1 Bitcoin!) 6. I will pause this video until i make 1 bitcoiN!! 7. So u see i make ... Tool for Pentester/Ethical Hacker: Crack Hash (MD5 - SHA-1 - SHA-256) with Hashess (Bruteforce based on Dictionary file. !!use Hashess for illegal is prohibi... Hi 100% Legit tool that find server seed of Freebitcoin dice site you can win unlimited bitcoins.With our tool you will be able to know all future rolls and ...

#