https://tests.bitcoin.it/w/api.php?action=feedcontributions&user=Pancyrus&feedformat=atomBitcoin Wiki - User contributions [en]2024-03-28T09:47:06ZUser contributionsMediaWiki 1.30.0https://tests.bitcoin.it/w/index.php?title=BIP_0021&diff=70050BIP 00212024-02-13T04:46:37Z<p>Pancyrus: Fixed currency formatting issues.</p>
<hr />
<div>{{bip}}<br />
{{BipMoved|bip-0021.mediawiki}}<br />
<br />
<pre><br />
BIP: 21<br />
Layer: Applications<br />
Title: URI Scheme<br />
Author: Nils Schneider <nils.schneider@gmail.com><br />
Matt Corallo <bip21@bluematt.me><br />
Comments-Summary: No comments yet.<br />
Comments-URI: https://github.com/bitcoin/bips/wiki/Comments:BIP-0021<br />
Status: Final<br />
Type: Standards Track<br />
Created: 2012-01-29<br />
</pre><br />
<br />
This BIP is a modification of an earlier [[bip-0020.mediawiki|BIP 0020]] by Luke Dashjr. BIP 0020 was based off an earlier document by Nils Schneider. The alternative payment amounts in BIP 0020 have been removed.<br />
<br />
==Abstract==<br />
This BIP proposes a URI scheme for making Bitcoin payments.<br />
<br />
==Motivation==<br />
The purpose of this URI scheme is to enable users to easily make payments by simply clicking links on webpages or scanning QR Codes.<br />
<br />
==Specification==<br />
<br />
=== General rules for handling (important!) ===<br />
<br />
Bitcoin clients MUST NOT act on URIs without getting the user's authorization.<br />
They SHOULD require the user to manually approve each payment individually, though in some cases they MAY allow the user to automatically make this decision.<br />
<br />
=== Operating system integration ===<br />
Graphical bitcoin clients SHOULD register themselves as the handler for the "bitcoin:" URI scheme by default, if no other handler is already registered. If there is already a registered handler, they MAY prompt the user to change it once when they first run the client.<br />
<br />
=== General Format ===<br />
<br />
Bitcoin URIs follow the general format for URIs as set forth in RFC 3986. The path component consists of a bitcoin address, and the query component provides additional payment options.<br />
<br />
Elements of the query component may contain characters outside the valid range. These must first be encoded according to UTF-8, and then each octet of the corresponding UTF-8 sequence must be percent-encoded as described in RFC 3986.<br />
<br />
=== ABNF grammar ===<br />
<br />
(See also [[#Simpler syntax|a simpler representation of syntax]])<br />
<br />
bitcoinurn = "bitcoin:" bitcoinaddress [ "?" bitcoinparams ]<br />
bitcoinaddress = *base58<br />
bitcoinparams = bitcoinparam [ "&" bitcoinparams ]<br />
bitcoinparam = [ amountparam / labelparam / messageparam / otherparam / reqparam ]<br />
amountparam = "amount=" *digit [ "." *digit ]<br />
labelparam = "label=" *qchar<br />
messageparam = "message=" *qchar<br />
otherparam = qchar *qchar [ "=" *qchar ]<br />
reqparam = "req-" qchar *qchar [ "=" *qchar ]<br />
<br />
Here, "qchar" corresponds to valid characters of an RFC 3986 URI query component, excluding the "=" and "&" characters, which this BIP takes as separators.<br />
<br />
The scheme component ("bitcoin:") is case-insensitive, and implementations must accept any combination of uppercase and lowercase letters. The rest of the URI is case-sensitive, including the query parameter keys.<br />
<br />
=== Query Keys ===<br />
<br />
*label: Label for that address (e.g. name of receiver)<br />
*address: bitcoin address<br />
*message: message that describes the transaction to the user ([[#Examples|see examples below]])<br />
*(others): optional, for future extensions<br />
<br />
==== Transfer amount ====<br />
<br />
If an amount is provided, it MUST be specified in decimal BTC.<br />
All amounts MUST contain no commas and use a period (.) as the separating character to separate whole numbers and decimal fractions.<br />
I.e. amount=50.00 or amount=50 is treated as BTC&nbsp;50, and amount=50,000.00 is invalid.<br />
<br />
Bitcoin clients MAY display the amount in any format that is not intended to deceive the user.<br />
They SHOULD choose a format that is foremost least confusing, and only after that most reasonable given the amount requested.<br />
For example, so long as the majority of users work in BTC units, values should always be displayed in BTC by default, even if mBTC or TBC would otherwise be a more logical interpretation of the amount.<br />
== Rationale ==<br />
<br />
===Payment identifiers, not person identifiers===<br />
Current best practices are that a unique address should be used for every transaction.<br />
Therefore, a URI scheme should not represent an exchange of personal information, but a one-time payment.<br />
<br />
===Accessibility (URI scheme name)===<br />
Should someone from the outside happen to see such a URI, the URI scheme name already gives a description.<br />
A quick search should then do the rest to help them find the resources needed to make their payment.<br />
Other proposed names sound much more cryptic; the chance that someone googles that out of curiosity are much slimmer.<br />
Also, very likely, what he will find are mostly technical specifications - not the best introduction to bitcoin.<br />
<br />
==Forward compatibility==<br />
Variables which are prefixed with a req- are considered required. If a client does not implement any variables which are prefixed with req-, it MUST consider the entire URI invalid. Any other variables which are not implemented, but which are not prefixed with a req-, can be safely ignored.<br />
<br />
==Backward compatibility==<br />
As this BIP is written, several clients already implement a bitcoin: URI scheme similar to this one, however usually without the additional "req-" prefix requirement. Thus, it is recommended that additional variables prefixed with req- not be used in a mission-critical way until a grace period of 6 months from the finalization of this BIP has passed in order to allow client developers to release new versions, and users of old clients to upgrade.<br />
<br />
== Appendix ==<br />
<br />
=== Simpler syntax ===<br />
<br />
This section is non-normative and does not cover all possible syntax.<br />
Please see the BNF grammar above for the normative syntax.<br />
<br />
[foo] means optional, &lt;bar&gt; are placeholders<br />
<br />
<nowiki>bitcoin:<address>[?amount=<amount>][?label=<label>][?message=<message>]</nowiki><br />
<br />
=== Examples ===<br />
<br />
Just the address:<br />
bitcoin:175tWpb8K1S7NmH4Zx6rewF9WQrcZv245W<br />
<br />
Address with name:<br />
bitcoin:175tWpb8K1S7NmH4Zx6rewF9WQrcZv245W?label=Luke-Jr<br />
<br />
Request BTC&nbsp;20.30 to "Luke-Jr":<br />
bitcoin:175tWpb8K1S7NmH4Zx6rewF9WQrcZv245W?amount=20.3&label=Luke-Jr<br />
<br />
Request BTC&nbsp;50 with message:<br />
bitcoin:175tWpb8K1S7NmH4Zx6rewF9WQrcZv245W?amount=50&label=Luke-Jr&message=Donation%20for%20project%20xyz<br />
<br />
Some future version that has variables which are (currently) not understood and required and thus invalid:<br />
bitcoin:175tWpb8K1S7NmH4Zx6rewF9WQrcZv245W?req-somethingyoudontunderstand=50&req-somethingelseyoudontget=999<br />
<br />
Some future version that has variables which are (currently) not understood but not required and thus valid:<br />
bitcoin:175tWpb8K1S7NmH4Zx6rewF9WQrcZv245W?somethingyoudontunderstand=50&somethingelseyoudontget=999<br />
<br />
Characters must be URI encoded properly.<br />
<br />
== Reference Implementations ==<br />
=== Bitcoin clients ===<br />
* Bitcoin-Qt supports the old version of Bitcoin URIs (ie without the req- prefix), with Windows and KDE integration as of commit 70f55355e29c8e45b607e782c5d76609d23cc858.<br />
<br />
=== Libraries ===<br />
* Javascript - https://github.com/bitcoinjs/bip21<br />
* Java - https://github.com/SandroMachado/BitcoinPaymentURI<br />
* Swift - https://github.com/SandroMachado/BitcoinPaymentURISwift</div>Pancyrushttps://tests.bitcoin.it/w/index.php?title=Seed_phrase&diff=69797Seed phrase2023-07-27T17:28:55Z<p>Pancyrus: /* Paper and pencil backup */ grammar</p>
<hr />
<div>{{sample}}<br />
<br />
A '''seed phrase''', '''seed recovery phrase''' or '''backup seed phrase''' is a list of words which [[Storing bitcoins|store]] all the information needed to recover Bitcoin funds [[Transaction|on-chain]]. Wallet software will typically generate a seed phrase and instruct the user to write it down on paper. If the user's computer breaks or their hard drive becomes corrupted, they can download the same wallet software again and use the paper backup to get their bitcoins back.<br />
<br />
Anybody else who discovers the phrase can steal the bitcoins, so it must be kept safe like jewels or cash. For example, it must not be typed into any website.<br />
<br />
Seed phrases are an excellent way of backing up and [[storing bitcoins]], so they are used by almost all well-regarded wallets.<ref>[https://bitcoin.org/en/choose-your-wallet Bitcoin.org: Choose your wallet]</ref><br />
<br />
Seed phrases can only back up funds on the [[block chain]]. They cannot store funds involved in [[off-chain transactions]] such as [[Lightning Network]] or [[Blinded bearer certificates]]. Although these technologies are in their infancy as of 2019 so its possible in future seed phrases could be used to backup them.<br />
<br />
== BIP39 and its flaws ==<br />
<br />
[[BIP_0039|BIP39]] is the most common standard used for seed phrases. One notable example is [[Electrum|Electrum wallet]], which is using its own standard, and for good reasons. BIP39 has some flaws, known in the technical community but not known much wider. They are described [https://electrum.readthedocs.io/en/latest/seedphrase.html#motivation here on this electrum doc page]. Most seriously, BIP39 flaws mean it is not true to say that backing up a BIP39 seed phrase and name of wallet software is the only thing a user needs to do to keep their money safe. BIP39 works this way because its designers wanted their hardware wallet to also support [[altcoin]]s. [https://walletsrecovery.org/ walletsrecovery.org] is an attempt at helping with this issue, but ideally there will be a better solution in the future.<br />
<br />
<br />
== Example ==<br />
<br />
An example of a non-BIP39 seed phrase is:<br />
<br />
hotel obvious agent lecture gadget evil jealous keen fragile before damp clarify<br />
<br />
The word order is important.<br />
<br />
[[File:Seed phrase.jpg|300px|thumb|none|alt=An example seed phrase written on paper|Example seed phrase on paper.]]<br />
<br />
== Explanation ==<br />
<br />
A simplified explanation of how seed phrases work is that the wallet software has a list of words taken from a dictionary, with each word assigned to a number. The seed phrase can be converted to a number which is used as the seed integer to a [[Deterministic wallet|deterministic wallet]] that generates all the [[Private key|key pairs]] used in the wallet.<br />
<br />
The English-language wordlist for the BIP39 standard has 2048 words, so if the phrase contained only 12 random words, the number of possible combinations would be 2048^12 = 2^132 and the phrase would have 132 bits of security. However, some of the data in a BIP39 phrase is not random,<ref>[https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki#Generating_the_mnemonic BIP39: Generating the mnemonic]</ref> so the actual security of a 12-word BIP39 seed phrase is only 128 bits. This is approximately the same strength as all Bitcoin private keys, so most experts consider it to be sufficiently secure.<ref>[https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki#Security BIP32: Security]</ref><br />
<br />
It is not safe to invent your own seed phrase because humans are bad at generating randomness. The best way is to allow the wallet software to generate a phrase which you write down.<br />
<br />
As seed phrases use natural language words, they have excellent error correction. Words written in bad handwriting can often still be read. If one or two letters are missing or unreadable the word can often still be deduced. The [[#Word_Lists|word list]] that the seed phrase words are drawn from is carefully chosen so that the first four letters of each word are enough to uniquely identify it. This compares well with writing down a raw [[private key]] where a single letter being unreadable or incorrect can make the private key useless (depending on the serialization format).<br />
<br />
== Two-factor seed phrases ==<br />
<br />
Seed phrases, like all backups, can store any amount of bitcoins. It's a concerning idea to possibly have enough money to purchase the entire building just sitting on a sheet of paper without any protection. For this reason many wallets make it possible to encrypt a seed phrase with a password.<br />
<br />
The password can be used to create a two-factor seed phrase where both ''"something you have"'' plus ''"something you know"'' is required to unlock the bitcoins.<br />
<br />
This works by the wallet creating a seed phrase and asking the user for a password. Then both the seed phrase and extra word are required to recover the wallet. Electrum and some other wallets call the passphrase a '''"seed extension"''', '''"extension word"''' or '''"13th/25th word"'''. The BIP39 standard defines a way of passphrase-protecting a seed phrase. A similar scheme is also used in the Electrum standard. If a passphrase is not present, an empty string "" is used instead.<br />
<br />
'''Warning''': Forgetting this password will result in the bitcoin wallet and any contained money being lost. Do not overestimate your ability to remember passphrases especially when you may not use it very often.<br />
<br />
'''Warning''': The seed phrase password should not be confused with the password used to encrypt the wallet file on disk. This is probably why many wallets call it an extension word instead of a password.<br />
<br />
== Storing seed phrases for the long term == <br />
<br />
Most people write down phrases on paper but they can be stored in many other ways such as [[Brainwallet|memorizing]], engraving or stamping on metal, writing in the margins of a book, chiselling into a stone tablet or any other creative and inventive way.<br />
<br />
In the past many people have accidentally lost bitcoins because of failed backups, mistyped letters, forgotten hard drives, or corrupted SSD devices. It's also important to protect the seed from accidental loss.<br />
<br />
It could be a good idea to write some words of explanation on the same paper as the seed phrase. If storing for the long term you may forget what a phrase is how it should be treated. A sample explanation that can be adapted is:<br />
<br />
<blockquote>These twelve words have control over BITCOINS. Keep this paper safe and secret like cash or jewellery. The bitcoin information on this paper is encrypted with a passphrase. It is part of a multi-signature wallet and was made by Electrum bitcoin wallet software on 2019-01-01.</blockquote><br />
<br />
==== Paper and pencil backup ====<br />
<br />
Through bitter experience it has been found that one of the most practical storage media is '''pencil and paper'''. The private keys of a bitcoin wallet are encoded into [[seed phrase|random words from a dictionary]] which can be written down. If your hard drive crashes, you can find the paper with the [[seed phrase]] and restore the entire wallet. As [[seed phrase]]s use natural language words, they have good error correction. Words written in bad handwriting can often still be read. If one or two letters are missing the word can often still be deduced. The [[Seed_phrase#Word_Lists|word list]] that the seed phrase words are drawn from is carefully chosen so that the first four letters of each word are enough to uniquely identify it.<br />
<br />
For storing on paper writing with pencil is much better than pen.<ref>[http://www.joethorn.net/blog/2011/12/07/pencil-does-not-fade Pencil Does Not Fade]<br />
</ref><ref>[https://www.quora.com/How-do-I-maintain-a-paper-notebook-that-can-remain-for-years How do I maintain a paper notebook that can remain for years?]<br />
</ref><br />
Paper should be acid-free or archival paper, and stored in the dark avoiding extremes of heat and moisture.<ref>[https://www.loc.gov/preservation/care/deterioratebrochure.html Essential facts about preservation of Paper]<br />
</ref><ref>[https://www.quora.com/If-I-write-with-a-pencil-on-my-notebook-will-the-writing-last-for-a-long-time-say-50-years-or-will-it-just-fade-away-gradually Writing in a notebook with pencil]<br />
</ref><ref>[http://copar.org/bulletin14.htm CoPAR: Creating records that will last]</ref><br />
<br />
==== Metal backup ====<br />
<br />
Seed phrases can also be [https://blog.lopp.net/metal-bitcoin-seed-storage-stress-test--part-ii-/ stamped or engraved into metal] which is significantly more durable than paper. Metal backups are recommended if the threat model involves fire, water, extremes of temperature or physical stress.<br />
<br />
==== Methods that are not recommended ====<br />
<br />
Some methods that are not recommended are: storing in a file on a computer (including online), or storing online.<br />
<br />
Some people get the idea to split up their phrases, like storing 6 words in one location and the other 6 words in another location. This is a bad idea and should not be done, because if one set of 6 words is discovered then it becomes far easier to brute-force the rest of the phrase. Storing bitcoins in multiple locations like this should be done with [[multi-signature]] wallets instead.<br />
<br />
The [[Shamir Secret Sharing]] algorithm is sometimes promoted as a way to divide control of bitcoins, but in practice there are many pitfalls and trade-offs that make it not worth it.<ref>[https://blog.keys.casa/shamirs-secret-sharing-security-shortcomings/ Shamir's Secret Sharing Shortcomings] by Jameson Lopp, Casa blog, 2020</ref> <!-- See the main article: [[Shamir Secret Snakeoil]] (the other one redirects here, no need to have 2 wikilinks with different captions going to the same article --><br />
<br />
Another bad idea is to add random decoy words that are somehow meaningful to you and later remove them to be left with only the 12-word phrase. The phrase words come from a known dictionary (see next section), so anybody can use that dictionary to weed out the decoy words.<br />
<br />
It's possible but risky to memorize ([[Brainwallet]]s) seed phrases. This should probably only be done in situations that really need it, such as crossing a hostile border where one expects to be searched.<br />
<br />
== Word lists ==<br />
<br />
Generally, a seed phrase only works with the same wallet software that created it. If storing for a long period of time it's a good idea to write the name of the wallet too.<br />
<br />
The BIP39 English word list has each word being uniquely identified by the first four letters, which can be useful when space to write them is scarce.<br />
<br />
* [https://github.com/bitcoin/bips/blob/master/bip-0039/bip-0039-wordlists.md BIP39 wordlists]<br />
* [https://github.com/spesmilo/electrum/blob/1.9.8/lib/mnemonic.py Electrum old-style wordlist]<br />
* [https://github.com/spesmilo/electrum/blob/master/electrum/wordlist/english.txt Electrum new-style wordlist]<br />
<br />
== Alternative name "mnemonic phrase" ==<br />
<br />
Seed phrases are sometimes called ''mnemonic phrases'', especially in older literature. This is a bad name because the word "mnemonic" implies that the phrase should be memorized. It is less misleading to call them seed phrases.<br />
<br />
== The power of backups ==<br />
<br />
An especially interesting aspect in the power of paper backups is allowing your money to be two places at once. At the London Inside Bitcoin conference, the keynote speaker showed 25 paper backups they were carrying&mdash;all password-protected. With that, one can carry $100,000 which can instantly be moved to a phone or transferred yet with total security. If it's stolen, then there is no risk because it is backed up elsewhere. That is powerful.<ref>https://www.reddit.com/r/Bitcoin/comments/2hmnru/poll_do_you_use_paper_wallets_why_why_not_what/</ref><br />
<br />
== See also ==<br />
<br />
* [https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki BIP39 seed phrase standard]<br />
* [[Deterministic wallet]]<br />
* [[Storing bitcoins]]<br />
* [[Brainwallet]]<br />
* [https://github.com/6102bitcoin/6102bitcoin/blob/main/content/faq-bitcoin-seed.md FAQ regarding bitcoin seeds]<br />
* [https://web.archive.org/web/20210214135049/https://www.hodlalert.com/2020/12/21/generating-cryptographically-secure-random-numbers-with-coins-and-a-cup/ Generating Bitcoin Seed Phrases With Coins and A Cup]<br />
<br />
==References==<br />
<references /><br />
<br />
<br />
[[Category:Technical]]</div>Pancyrushttps://tests.bitcoin.it/w/index.php?title=Seed_phrase&diff=69796Seed phrase2023-07-27T17:06:50Z<p>Pancyrus: grammar</p>
<hr />
<div>{{sample}}<br />
<br />
A '''seed phrase''', '''seed recovery phrase''' or '''backup seed phrase''' is a list of words which [[Storing bitcoins|store]] all the information needed to recover Bitcoin funds [[Transaction|on-chain]]. Wallet software will typically generate a seed phrase and instruct the user to write it down on paper. If the user's computer breaks or their hard drive becomes corrupted, they can download the same wallet software again and use the paper backup to get their bitcoins back.<br />
<br />
Anybody else who discovers the phrase can steal the bitcoins, so it must be kept safe like jewels or cash. For example, it must not be typed into any website.<br />
<br />
Seed phrases are an excellent way of backing up and [[storing bitcoins]], so they are used by almost all well-regarded wallets.<ref>[https://bitcoin.org/en/choose-your-wallet Bitcoin.org: Choose your wallet]</ref><br />
<br />
Seed phrases can only back up funds on the [[block chain]]. They cannot store funds involved in [[off-chain transactions]] such as [[Lightning Network]] or [[Blinded bearer certificates]]. Although these technologies are in their infancy as of 2019 so its possible in future seed phrases could be used to backup them.<br />
<br />
== BIP39 and its flaws ==<br />
<br />
[[BIP_0039|BIP39]] is the most common standard used for seed phrases. One notable example is [[Electrum|Electrum wallet]], which is using its own standard, and for good reasons. BIP39 has some flaws, known in the technical community but not known much wider. They are described [https://electrum.readthedocs.io/en/latest/seedphrase.html#motivation here on this electrum doc page]. Most seriously, BIP39 flaws mean it is not true to say that backing up a BIP39 seed phrase and name of wallet software is the only thing a user needs to do to keep their money safe. BIP39 works this way because its designers wanted their hardware wallet to also support [[altcoin]]s. [https://walletsrecovery.org/ walletsrecovery.org] is an attempt at helping with this issue, but ideally there will be a better solution in the future.<br />
<br />
<br />
== Example ==<br />
<br />
An example of a non-BIP39 seed phrase is:<br />
<br />
hotel obvious agent lecture gadget evil jealous keen fragile before damp clarify<br />
<br />
The word order is important.<br />
<br />
[[File:Seed phrase.jpg|300px|thumb|none|alt=An example seed phrase written on paper|Example seed phrase on paper.]]<br />
<br />
== Explanation ==<br />
<br />
A simplified explanation of how seed phrases work is that the wallet software has a list of words taken from a dictionary, with each word assigned to a number. The seed phrase can be converted to a number which is used as the seed integer to a [[Deterministic wallet|deterministic wallet]] that generates all the [[Private key|key pairs]] used in the wallet.<br />
<br />
The English-language wordlist for the BIP39 standard has 2048 words, so if the phrase contained only 12 random words, the number of possible combinations would be 2048^12 = 2^132 and the phrase would have 132 bits of security. However, some of the data in a BIP39 phrase is not random,<ref>[https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki#Generating_the_mnemonic BIP39: Generating the mnemonic]</ref> so the actual security of a 12-word BIP39 seed phrase is only 128 bits. This is approximately the same strength as all Bitcoin private keys, so most experts consider it to be sufficiently secure.<ref>[https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki#Security BIP32: Security]</ref><br />
<br />
It is not safe to invent your own seed phrase because humans are bad at generating randomness. The best way is to allow the wallet software to generate a phrase which you write down.<br />
<br />
As seed phrases use natural language words, they have excellent error correction. Words written in bad handwriting can often still be read. If one or two letters are missing or unreadable the word can often still be deduced. The [[#Word_Lists|word list]] that the seed phrase words are drawn from is carefully chosen so that the first four letters of each word are enough to uniquely identify it. This compares well with writing down a raw [[private key]] where a single letter being unreadable or incorrect can make the private key useless (depending on the serialization format).<br />
<br />
== Two-factor seed phrases ==<br />
<br />
Seed phrases, like all backups, can store any amount of bitcoins. It's a concerning idea to possibly have enough money to purchase the entire building just sitting on a sheet of paper without any protection. For this reason many wallets make it possible to encrypt a seed phrase with a password.<br />
<br />
The password can be used to create a two-factor seed phrase where both ''"something you have"'' plus ''"something you know"'' is required to unlock the bitcoins.<br />
<br />
This works by the wallet creating a seed phrase and asking the user for a password. Then both the seed phrase and extra word are required to recover the wallet. Electrum and some other wallets call the passphrase a '''"seed extension"''', '''"extension word"''' or '''"13th/25th word"'''. The BIP39 standard defines a way of passphrase-protecting a seed phrase. A similar scheme is also used in the Electrum standard. If a passphrase is not present, an empty string "" is used instead.<br />
<br />
'''Warning''': Forgetting this password will result in the bitcoin wallet and any contained money being lost. Do not overestimate your ability to remember passphrases especially when you may not use it very often.<br />
<br />
'''Warning''': The seed phrase password should not be confused with the password used to encrypt the wallet file on disk. This is probably why many wallets call it an extension word instead of a password.<br />
<br />
== Storing seed phrases for the long term == <br />
<br />
Most people write down phrases on paper but they can be stored in many other ways such as [[Brainwallet|memorizing]], engraving or stamping on metal, writing in the margins of a book, chiselling into a stone tablet or any other creative and inventive way.<br />
<br />
In the past many people have accidentally lost bitcoins because of failed backups, mistyped letters, forgotten hard drives, or corrupted SSD devices. It's also important to protect the seed from accidental loss.<br />
<br />
It could be a good idea to write some words of explanation on the same paper as the seed phrase. If storing for the long term you may forget what a phrase is how it should be treated. A sample explanation that can be adapted is:<br />
<br />
<blockquote>These twelve words have control over BITCOINS. Keep this paper safe and secret like cash or jewellery. The bitcoin information on this paper is encrypted with a passphrase. It is part of a multi-signature wallet and was made by Electrum bitcoin wallet software on 2019-01-01.</blockquote><br />
<br />
==== Paper and pencil backup ====<br />
<br />
Through bitter experience it has been found that one of the most practical storage mediums is '''pencil and paper'''. The private keys of a bitcoin wallet are encoded into [[seed phrase|random words from a dictionary]] which can be written down. If your hard drive crashes, you can find the paper with the [[seed phrase]] and restore the entire wallet. As [[seed phrase]]s use natural language words, they have good error correction. Words written in bad handwriting can often still be read. If one or two letters are missing the word can often still be deduced. The [[Seed_phrase#Word_Lists|word list]] that the seed phrase words are drawn from is carefully chosen so that the first four letters of each word are enough to uniquely identify it.<br />
<br />
For storing on paper writing with pencil is much better than pen.<ref>[http://www.joethorn.net/blog/2011/12/07/pencil-does-not-fade Pencil Does Not Fade]<br />
</ref><ref>[https://www.quora.com/How-do-I-maintain-a-paper-notebook-that-can-remain-for-years How do I maintain a paper notebook that can remain for years?]<br />
</ref><br />
Paper should be acid-free or archival paper, and stored in the dark avoiding extremes of heat and moisture.<ref>[https://www.loc.gov/preservation/care/deterioratebrochure.html Essential facts about preservation of Paper]<br />
</ref><ref>[https://www.quora.com/If-I-write-with-a-pencil-on-my-notebook-will-the-writing-last-for-a-long-time-say-50-years-or-will-it-just-fade-away-gradually Writing in a notebook with pencil]<br />
</ref><ref>[http://copar.org/bulletin14.htm CoPAR: Creating records that will last]</ref><br />
<br />
==== Metal backup ====<br />
<br />
Seed phrases can also be [https://blog.lopp.net/metal-bitcoin-seed-storage-stress-test--part-ii-/ stamped or engraved into metal] which is significantly more durable than paper. Metal backups are recommended if the threat model involves fire, water, extremes of temperature or physical stress.<br />
<br />
==== Methods that are not recommended ====<br />
<br />
Some methods that are not recommended are: storing in a file on a computer (including online), or storing online.<br />
<br />
Some people get the idea to split up their phrases, like storing 6 words in one location and the other 6 words in another location. This is a bad idea and should not be done, because if one set of 6 words is discovered then it becomes far easier to brute-force the rest of the phrase. Storing bitcoins in multiple locations like this should be done with [[multi-signature]] wallets instead.<br />
<br />
The [[Shamir Secret Sharing]] algorithm is sometimes promoted as a way to divide control of bitcoins, but in practice there are many pitfalls and trade-offs that make it not worth it.<ref>[https://blog.keys.casa/shamirs-secret-sharing-security-shortcomings/ Shamir's Secret Sharing Shortcomings] by Jameson Lopp, Casa blog, 2020</ref> <!-- See the main article: [[Shamir Secret Snakeoil]] (the other one redirects here, no need to have 2 wikilinks with different captions going to the same article --><br />
<br />
Another bad idea is to add random decoy words that are somehow meaningful to you and later remove them to be left with only the 12-word phrase. The phrase words come from a known dictionary (see next section), so anybody can use that dictionary to weed out the decoy words.<br />
<br />
It's possible but risky to memorize ([[Brainwallet]]s) seed phrases. This should probably only be done in situations that really need it, such as crossing a hostile border where one expects to be searched.<br />
<br />
== Word lists ==<br />
<br />
Generally, a seed phrase only works with the same wallet software that created it. If storing for a long period of time it's a good idea to write the name of the wallet too.<br />
<br />
The BIP39 English word list has each word being uniquely identified by the first four letters, which can be useful when space to write them is scarce.<br />
<br />
* [https://github.com/bitcoin/bips/blob/master/bip-0039/bip-0039-wordlists.md BIP39 wordlists]<br />
* [https://github.com/spesmilo/electrum/blob/1.9.8/lib/mnemonic.py Electrum old-style wordlist]<br />
* [https://github.com/spesmilo/electrum/blob/master/electrum/wordlist/english.txt Electrum new-style wordlist]<br />
<br />
== Alternative name "mnemonic phrase" ==<br />
<br />
Seed phrases are sometimes called ''mnemonic phrases'', especially in older literature. This is a bad name because the word "mnemonic" implies that the phrase should be memorized. It is less misleading to call them seed phrases.<br />
<br />
== The power of backups ==<br />
<br />
An especially interesting aspect in the power of paper backups is allowing your money to be two places at once. At the London Inside Bitcoin conference, the keynote speaker showed 25 paper backups they were carrying&mdash;all password-protected. With that, one can carry $100,000 which can instantly be moved to a phone or transferred yet with total security. If it's stolen, then there is no risk because it is backed up elsewhere. That is powerful.<ref>https://www.reddit.com/r/Bitcoin/comments/2hmnru/poll_do_you_use_paper_wallets_why_why_not_what/</ref><br />
<br />
== See also ==<br />
<br />
* [https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki BIP39 seed phrase standard]<br />
* [[Deterministic wallet]]<br />
* [[Storing bitcoins]]<br />
* [[Brainwallet]]<br />
* [https://github.com/6102bitcoin/6102bitcoin/blob/main/content/faq-bitcoin-seed.md FAQ regarding bitcoin seeds]<br />
* [https://web.archive.org/web/20210214135049/https://www.hodlalert.com/2020/12/21/generating-cryptographically-secure-random-numbers-with-coins-and-a-cup/ Generating Bitcoin Seed Phrases With Coins and A Cup]<br />
<br />
==References==<br />
<references /><br />
<br />
<br />
[[Category:Technical]]</div>Pancyrushttps://tests.bitcoin.it/w/index.php?title=Deterministic_wallet&diff=69795Deterministic wallet2023-07-27T17:04:01Z<p>Pancyrus: </p>
<hr />
<div>A deterministic wallet is a system of deriving keys from a single starting point known as a seed. The seed allows a user to easily back up and restore a wallet without needing any other information and can in some cases allow the creation of public addresses without the knowledge of the private key. Seeds are typically serialized into human-readable words in a [[seed phrase]]. The [[BIP 0032]] standard for hierarchical deterministic wallets is used by all good wallets as of 2019.<br />
<br />
== Benefits ==<br />
<br />
Early clients such as the [[Satoshi client]] generate a buffer of fresh random private keys to be used as receiving and [[change|change addresses]] in the future. This has the effect of invalidating backups after a short period when the keypool buffer (typically 100 addresses) is exhausted. Deterministic wallets can generate an unlimited number of addresses on the fly and as such don't suffer from this issue. As the addresses are generated in a known fashion rather than randomly some clients can be used on multiple devices without the risk of losing funds. Users can conveniently create a single backup of the seed in a human readable format that will last the life of the wallet, without the worry of this backup becoming stale. <br />
<br />
=== Master public key ===<br />
<br />
Certain types of deterministic wallet (BIP0032, Armory, [[Coinkite]] and [https://coinb.in/#newHDaddress Coinb.in] ) additionally allow for the complete separation of private and public key creation for greater security and convenience. In this model a server can be set up to only know the Master Public Key (MPK) of a particular deterministic wallet. This allows the server to create as many public keys as is necessary for receiving funds, but a compromise of the MPK will not allow an attacker to spend from the wallet. They can alternatively be used in [[Electrum]] and [[Armory]] to enable completely offline storage and spending, where an offline computer knows the private key and an online one knows only the MPK. Transactions spending coins are ferried between the two computers via USB storage which avoids exposing the offline computer to a network-based attack.<br />
<br />
Deterministic wallets implemented by hardware wallets ([[TREZOR]]) keep the generated private keys offline and do not expose them to the computer even when spending coins.<br />
<br />
==Types==<br />
<br />
===Type 1: Deterministic wallet===<br />
A type 1 deterministic wallet is a simple method of generating addresses from a known starting string, as such it does not allow advanced features such as a Master Public Key. To generate a private key take SHA256(string + ''n''), where ''n'' is an ASCII-coded number that starts from 1 and increments as additional keys are needed. <br />
<br />
This type of wallet can be created by Casascius Bitcoin Address Utility.<br />
<br />
===Type 2: Hierarchical deterministic wallet===<br />
This wallet type is described in [[BIP 0032]] and is fully implemented in [[TREZOR]], [[Electrum]] and [[CarbonWallet]]. The seed is a random 128-bit value presented to the user as a 12-word seed phrase using common English words. The seed is used after 100,000 rounds of SHA256 to slow down attacks against weak user-chosen strings.<ref>https://bitcointalk.org/index.php?topic=330672.msg3547258#msg3547258</ref><br />
<br />
The initial description and workings of this wallet type is credited to Gregory Maxwell.<ref>https://bitcointalk.org/index.php?topic=19137.msg239768#msg239768</ref><br />
<br />
===Armory deterministic wallet===<br />
[[Armory]] has its own Type-2 deterministic wallet format based on a "root key" and a "chain code". Earlier versions of Armory required backing up both the "root key" and "chaincode", while newer versions start deriving the chaincode from the private key in a non-reversible way. These newer Armory wallets (0.89+) only require the single, 256-bit root key. This older format is intended to be phased out in favour of the standard BIP0032 format.<ref>https://bitcointalk.org/index.php?topic=351099.msg3770818#msg3770818</ref><br />
<br />
== References ==<br />
<references /><br />
<br />
== See also ==<br />
<br />
* [[Seed phrase]]<br />
* [[BIP 0032]]<br />
* [[Deterministic wallet tools]]<br />
<br />
[[Category:Technical]]<br />
[[Category:Wallets| ]]</div>Pancyrushttps://tests.bitcoin.it/w/index.php?title=Multi-signature&diff=68817Multi-signature2021-07-20T00:46:45Z<p>Pancyrus: /* Multi-signature application examples */ Fixed some grammatical issues.</p>
<hr />
<div>Multi-signature (multisig) refers to requiring multiple keys to authorize a Bitcoin [[transaction]], rather than a single signature from one key. It has a number of applications.<br />
<br />
* Dividing up responsibility for possession of bitcoins among multiple people.<br />
* Avoiding a single-point of failure, making it substantially more difficult for the wallet to be compromised.<br />
* <var>m</var>-of-<var>n</var> backup where loss of a single seed doesn't lead to loss of the wallet.<br />
<br />
== Use as a joint account ==<br />
<br />
Standard transactions on the Bitcoin network could be called "single-signature transactions" because transfers require only one signature — from the owner of the private key associated with the Bitcoin address. However, the Bitcoin network supports much more complicated transactions that require the signatures of multiple people before the funds can be transferred. These are often referred to as <var>m</var>-of-<var>n</var> transactions. The idea is that Bitcoins become "encumbered" by providing addresses of multiple parties, thus requiring cooperation of those parties in order to do anything with them. These parties can be people, institutions or programmed scripts.<br />
<br />
== Use for increasing security ==<br />
<br />
The private keys needed to spend from a wallet can be spread across multiple machines, eliminating any one of those machines as a single point of failure, with the rationale that malware and hackers are unlikely to infect all of them. The higher the number of keys required to spend the funds (i.e., the higher <var>m</var> is in <var>m</var>-of-<var>n</var>), the more difficult it would be for an attacker to successfully steal your funds, however the more cumbersome actually using that wallet becomes. <br />
<br />
The multisig wallet can be of the <var>m</var>-of-<var>n</var> type where any m private keys out of a possible n are required to move the money. For example a 2-of-3 multisig wallet might have your private keys spread across a desktop, laptop, and smartphone, any two of which are required to move the money, but the compromise of any one key cannot result in theft.<br />
<br />
This can be used in conjunction with hardware wallets. By requiring that keys from multiple hardware wallets sign transactions, it can vastly reduce the likelihood that a malicious party that handled your hardware wallet could steal your funds, because in order for it to do that, the malicious party would have to compromise multiple hardware wallets. If each hardware wallet you use in a multisig wallet is made by a different company, it would be incredibly difficult for them to secretly conspire on an attack.<br />
<br />
== Use as a backup ==<br />
<br />
Storing multiple keys to an <var>m</var>-of-<var>n</var> wallet in different locations can serve as a backup. For example, in a 2-of-3 multisig wallet, the loss of one key does not result in loss of the wallet, since the other two keys can be used to recover the funds. The redundancy of the backup is the difference <var>n</var> minus <var>m</var>, so for example a 3-of-5 multisig wallet (with no additional seed backups) has a redundancy of 2, meaning that the loss of any 2 keys can still be recovered from.<br />
<br />
== Multi-signature application examples ==<br />
<br />
{{See also|Storing bitcoins#Multi-signature wallets|Storing bitcoins § Multi-signature wallets}}<br />
<br />
* '''1-of-2''': Husband and wife petty cash joint account &mdash; the signature of either spouse is sufficient to spend the funds.<br />
<br />
* '''2-of-2''': Husband and wife savings account &mdash; both signatures are required to spend the funds, preventing one spouse from spending the money without the approval of the other.<br />
<br />
* '''2-of-3''': Parents’ savings account for child &mdash; the kid can spend the money with the approval of either parent, and money cannot be taken away from the child unless both parents agree.<br />
<br />
* '''2-of-2''': Two-factor authentication wallet &mdash; one private key is on your primary computer, the other on your smartphone — the funds cannot be spent without a signature from both devices. Thus, an attacker must gain access to both devices in order to steal your funds (much more difficult than one device).<br />
<br />
* '''3-of-5''': Low-trust donation address &mdash; five trusted people from a project each hold a private key. Three people are required to actually spend the money but anybody can donate to the project's address. Reduces the risk of embezzlement, hacking/malware, or loss due to a single person losing interest in the project. Which private key was used in the final signature is visible on the blockchain which aids accountability.<br />
<br />
* '''2-of-3''': Buyer-seller with trustless escrow &mdash; buyer commits money into a 2-of-3 address with the seller and a third-party arbitrator. If transaction goes smoothly, then both buyer and seller sign the transaction to forward the money to the seller. If something goes wrong, they can sign a transaction to refund the buyer. If they cannot agree, they both appeal to the third-party who will arbitrate and provide a second signature to the party that it deems deserves it. The arbitrator cannot steal the money as they have only one key.<br />
<br />
* '''2-of-3''': A board of three directors maintaining funds for their organization &mdash; those funds cannot be spent unless any two of those directors agrees. Bigger multi-signature transactions are possible for bigger organizations, such as 3-of-5, 5-of-9, etc.<br />
<br />
* '''2-of-3''': Improved [[hot wallet]] security for businesses &mdash; a bitcoin business such as an exchange holds one private key online and one private key as paper backup. A separate bitcoin security firm holds the third key online and will only sign transactions after checking certain conditions (blacklists, whitelists, not more than X withdrawn per time period, two-factor authentication, comply with regulatory environment, etc). If the bitcoin business or the security firm's hot wallets individually get hacked, the bitcoins cannot be stolen. If the bitcoin security firm disappears, the business can use the paper backup to access coins.<br />
<br />
* '''2-of-3''': Decentralized [[cold storage]] vault &mdash; one of the keys is held in your home, the second in a bank safe deposit box, and copies of the third key are distributed to a close friend, a relative, and stored in the office. The home vault is not vulnerable to raiding or burglary because spending the money requires a visit to either the friend, relative, bank, or office. Losing the safe deposit box also doesn't result in loss.<br />
<br />
* '''2-of-2''': Smart [[contract]]s building block such as TumbleBit, CoinSwap and [[Lightning Network]].<br />
<br />
* '''1 ''or'' 3-of-4''': Distributed backup &mdash; the primary owner can use the wallet at will, but if that owner loses their private keys, they can recover with the help of 3 of the other 4 trusted friends/organizations. One key could be kept in a security deposit box at a bank, the other 3 could be distributed to friends. In the case of death of the owner, the security deposit box can be willed to one of the trusted friends or someone who can get the help of the trusted friends. More [https://bitcoin.stackexchange.com/questions/89589/is-it-possible-to-do-a-3-of-5-or-1-multi-sig-for-backup-purposes/89590?noredirect=1#comment102505_89590 complex] multisig wallets can be created if desired.<br />
<br />
==History of multi-signature==<br />
<br />
Multi-signature has been used for thousands of years to protect the security of crypts holding the most precious relics of saints. The superior of a monastery would give monks only partial keys for gaining access to the precious relics. Thus, no single monk could gain access to and possibly steal the relics.<ref>[https://www.youtube.com/watch?v=YcmWQe29zro#t=10m27s Monks at Mt. Athos continue to use "hard" "multisignature" security today.]</ref><br />
<br />
==Multi-signature wallets==<br />
<br />
A number of wallets have implemented multisig:<ref>https://www.reddit.com/r/Bitcoin/comments/4eabpi/multisig_wallets_review_coinkite_alternatives_and/</ref> <br />
<br />
* [[Armory]]<br />
* [[CarbonWallet]]<br />
* [[Copay]]<br />
* [[Bitgo]]<br />
* [[Blocktrail]]<br />
* [[GreenAddress]]<br />
* [https://keys.casa Casa]<br />
* [[Electrum]] ([http://docs.electrum.org/en/latest/multisig.html See tutorial.])<br />
* [[Xapo]]<br />
* [[Coinkite]]<br />
* Coinb.in ''(See the warnings about [[Javascript cryptography]].)''<br />
<br />
===Creating a multi-signature address with Bitcoin-Qt===<br />
<br />
A 2-of-3 multisig address can be created by following these steps:<ref>https://bitcoin.stackexchange.com/a/10593/4334</ref><br />
<br />
<ol><li>Gather (or generate) 3 bitcoin addresses, on whichever machines will be participating, using getnewaddress or getaccountaddress RPC commands (or copy and paste from the GUI).</li><br />
<li>Get their public keys using the <code>validateaddress</code> [[API_reference_%28JSON-RPC%29|RPC]] command 3 times.</li><br />
<li>Then create a 2-of-3 multisig address using addmultisigaddress; e.g.,<br />
<pre>bitcoind addmultisigaddress 2 '["044322868cb17d64dcc22185ae2d4493111d73244c3668f8ac79ecc79c0ba8d30a6756d0fa20157 709af3281cc721c7f53321a8cabda29b77900b7e4fe0174b114","..second pubkey..","..third pubkey.."]'</pre><br />
<code>addmultisigaddress</code> returns the multi-signature address. Be a little careful, the public keys are raw hexadecimal and don't contain checksums like bitcoin addresses do. You can then send funds into that 2-of-3 transaction using the normal sendtoaddress/sendmany RPC commands, or the GUI (or anything that's been updated to recognize multisig addresses).<ref>https://bitcointalk.org/index.php?topic=82213.msg906833#msg906833</ref><br />
</li></ol><br />
<br />
Gavin Andresen has an example of using multisig with bitcoin-qt [[raw transactions]]: https://gist.github.com/gavinandresen/3966071<br />
<br />
== Notable examples in practice ==<br />
<br />
* The cold storage wallet of the [[Bitfinex]] exchange is a single 3-of-6 multisig address <code>3D2oetdNuZUqQHPJmcMDDHYoqkyNVsFk9r</code> which as of December 2017 contains '''BTC&nbsp;141 177''' ($1.5 billion). Presumably the keys are kept very safe by Bitfinex's operators.<br />
<br />
==References==<br />
<references /><br />
<br />
* [https://bitcoinmagazine.com/11108/multisig-future-bitcoin/ How To Create A Bitcoin Multisig Wallet]<br />
* [https://bitcointalk.org/index.php?topic=507297.msg5594085 Discussion of multi-sig on Bitcoin talk]</div>Pancyrushttps://tests.bitcoin.it/w/index.php?title=Multi-signature&diff=68816Multi-signature2021-07-20T00:34:01Z<p>Pancyrus: /* Multi-signature application examples */ Fixed some grammatical issues.</p>
<hr />
<div>Multi-signature (multisig) refers to requiring multiple keys to authorize a Bitcoin [[transaction]], rather than a single signature from one key. It has a number of applications.<br />
<br />
* Dividing up responsibility for possession of bitcoins among multiple people.<br />
* Avoiding a single-point of failure, making it substantially more difficult for the wallet to be compromised.<br />
* <var>m</var>-of-<var>n</var> backup where loss of a single seed doesn't lead to loss of the wallet.<br />
<br />
== Use as a joint account ==<br />
<br />
Standard transactions on the Bitcoin network could be called "single-signature transactions" because transfers require only one signature — from the owner of the private key associated with the Bitcoin address. However, the Bitcoin network supports much more complicated transactions that require the signatures of multiple people before the funds can be transferred. These are often referred to as <var>m</var>-of-<var>n</var> transactions. The idea is that Bitcoins become "encumbered" by providing addresses of multiple parties, thus requiring cooperation of those parties in order to do anything with them. These parties can be people, institutions or programmed scripts.<br />
<br />
== Use for increasing security ==<br />
<br />
The private keys needed to spend from a wallet can be spread across multiple machines, eliminating any one of those machines as a single point of failure, with the rationale that malware and hackers are unlikely to infect all of them. The higher the number of keys required to spend the funds (i.e., the higher <var>m</var> is in <var>m</var>-of-<var>n</var>), the more difficult it would be for an attacker to successfully steal your funds, however the more cumbersome actually using that wallet becomes. <br />
<br />
The multisig wallet can be of the <var>m</var>-of-<var>n</var> type where any m private keys out of a possible n are required to move the money. For example a 2-of-3 multisig wallet might have your private keys spread across a desktop, laptop, and smartphone, any two of which are required to move the money, but the compromise of any one key cannot result in theft.<br />
<br />
This can be used in conjunction with hardware wallets. By requiring that keys from multiple hardware wallets sign transactions, it can vastly reduce the likelihood that a malicious party that handled your hardware wallet could steal your funds, because in order for it to do that, the malicious party would have to compromise multiple hardware wallets. If each hardware wallet you use in a multisig wallet is made by a different company, it would be incredibly difficult for them to secretly conspire on an attack.<br />
<br />
== Use as a backup ==<br />
<br />
Storing multiple keys to an <var>m</var>-of-<var>n</var> wallet in different locations can serve as a backup. For example, in a 2-of-3 multisig wallet, the loss of one key does not result in loss of the wallet, since the other two keys can be used to recover the funds. The redundancy of the backup is the difference <var>n</var> minus <var>m</var>, so for example a 3-of-5 multisig wallet (with no additional seed backups) has a redundancy of 2, meaning that the loss of any 2 keys can still be recovered from.<br />
<br />
== Multi-signature application examples ==<br />
<br />
{{See also|Storing bitcoins#Multi-signature wallets|Storing bitcoins § Multi-signature wallets}}<br />
<br />
* '''1-of-2''': Husband and wife petty cash joint account &mdash; the signature of either spouse is sufficient to spend the funds.<br />
<br />
* '''2-of-2''': Husband and wife savings account &mdash; both signatures are required to spend the funds, preventing one spouse from spending the money without the approval of the other.<br />
<br />
* '''2-of-3''': Parents’ savings account for child &mdash; the kid can spend the money with the approval of either parent, and money cannot be taken away from the child unless both parents agree.<br />
<br />
* '''2-of-2''': Two-factor authentication wallet &mdash; one private key is on your primary computer, the other on your smartphone — the funds cannot be spent without a signature from both devices. Thus, an attacker must gain access to both devices in order to steal your funds (much more difficult than one device).<br />
<br />
* '''3-of-5''': Low-trust donation address &mdash; five trusted people from a project each hold a private key. Three people are required to actually spend the money but anybody can donate to the project's address. Reduces the risk of embezzlement, hacking/malware, or loss due to a single person losing interest in the project. Which private key was used in the final signature is visible on the blockchain which aids accountability.<br />
<br />
* '''2-of-3''': Buyer-seller with trustless escrow &mdash; buyer commits money into a 2-of-3 address with the seller and a third-party arbitrator. If transaction goes smoothly, then both buyer and seller sign the transaction to forward the money to the seller. If something goes wrong, they can sign a transaction to refund the buyer. If they cannot agree, they both appeal to the third-party who will arbitrate and provide a second signature to the party that it deems deserves it. The arbitrator cannot steal the money as they have only one key.<br />
<br />
* '''2-of-3''': A board of three directors maintaining funds for their organization &mdash; those funds cannot be spent unless any two of those directors agrees. Bigger multi-signature transactions are possible for bigger organizations, such as 3-of-5, 5-of-9, etc.<br />
<br />
* '''2-of-3''': Improved [[hot wallet]] security for businesses &mdash; a bitcoin business such as an exchange holds one private key online and one private key as paper backup. A separate bitcoin security firm holds the third key online and will only sign transactions after checking certain conditions (blacklists, whitelists, not more than X withdrawn per time period, two-factor authentication, comply with regulatory environment, etc). If the bitcoin business or the security firm's hot wallets individually get hacked, the bitcoins cannot be stolen. If the bitcoin security firm disappears the business can use the paper backup to access coins.<br />
<br />
* '''2-of-3''': Decentralized [[cold storage]] vault &mdash; one of the keys is held in your own home, the second in a bank safe deposit box and copies of the third key are distributed to a close friend, a relative and stored in the office. The home vault is not vulnerable to raiding or burglary because spending the money requires a visit to either the friend, bank, or office. Losing the safe deposit box also doesn't result in loss.<br />
<br />
* '''2-of-2''': Smart [[contract]]s building block such as tumblebit, coinswap and [[Lightning Network]].<br />
<br />
* '''1 ''or'' 3-of-4''': Distributed backup &mdash; the primary owner can use the wallet at will, but if that owner loses their private keys, they can recover with the help of 3 of the other 4 trusted friends/organizations. One key could be kept in a security deposit box at a bank, the other 3 could be distribute to friends. In the case of death of the owner, the security deposit box can be willed to one of the trusted friends or someone who can get the help of the trusted friends. More [https://bitcoin.stackexchange.com/questions/89589/is-it-possible-to-do-a-3-of-5-or-1-multi-sig-for-backup-purposes/89590?noredirect=1#comment102505_89590 complex] multisig wallets can be created if desired.<br />
<br />
==History of multi-signature==<br />
<br />
Multi-signature has been used for thousands of years to protect the security of crypts holding the most precious relics of saints. The superior of a monastery would give monks only partial keys for gaining access to the precious relics. Thus, no single monk could gain access to and possibly steal the relics.<ref>[https://www.youtube.com/watch?v=YcmWQe29zro#t=10m27s Monks at Mt. Athos continue to use "hard" "multisignature" security today.]</ref><br />
<br />
==Multi-signature wallets==<br />
<br />
A number of wallets have implemented multisig:<ref>https://www.reddit.com/r/Bitcoin/comments/4eabpi/multisig_wallets_review_coinkite_alternatives_and/</ref> <br />
<br />
* [[Armory]]<br />
* [[CarbonWallet]]<br />
* [[Copay]]<br />
* [[Bitgo]]<br />
* [[Blocktrail]]<br />
* [[GreenAddress]]<br />
* [https://keys.casa Casa]<br />
* [[Electrum]] ([http://docs.electrum.org/en/latest/multisig.html See tutorial.])<br />
* [[Xapo]]<br />
* [[Coinkite]]<br />
* Coinb.in ''(See the warnings about [[Javascript cryptography]].)''<br />
<br />
===Creating a multi-signature address with Bitcoin-Qt===<br />
<br />
A 2-of-3 multisig address can be created by following these steps:<ref>https://bitcoin.stackexchange.com/a/10593/4334</ref><br />
<br />
<ol><li>Gather (or generate) 3 bitcoin addresses, on whichever machines will be participating, using getnewaddress or getaccountaddress RPC commands (or copy and paste from the GUI).</li><br />
<li>Get their public keys using the <code>validateaddress</code> [[API_reference_%28JSON-RPC%29|RPC]] command 3 times.</li><br />
<li>Then create a 2-of-3 multisig address using addmultisigaddress; e.g.,<br />
<pre>bitcoind addmultisigaddress 2 '["044322868cb17d64dcc22185ae2d4493111d73244c3668f8ac79ecc79c0ba8d30a6756d0fa20157 709af3281cc721c7f53321a8cabda29b77900b7e4fe0174b114","..second pubkey..","..third pubkey.."]'</pre><br />
<code>addmultisigaddress</code> returns the multi-signature address. Be a little careful, the public keys are raw hexadecimal and don't contain checksums like bitcoin addresses do. You can then send funds into that 2-of-3 transaction using the normal sendtoaddress/sendmany RPC commands, or the GUI (or anything that's been updated to recognize multisig addresses).<ref>https://bitcointalk.org/index.php?topic=82213.msg906833#msg906833</ref><br />
</li></ol><br />
<br />
Gavin Andresen has an example of using multisig with bitcoin-qt [[raw transactions]]: https://gist.github.com/gavinandresen/3966071<br />
<br />
== Notable examples in practice ==<br />
<br />
* The cold storage wallet of the [[Bitfinex]] exchange is a single 3-of-6 multisig address <code>3D2oetdNuZUqQHPJmcMDDHYoqkyNVsFk9r</code> which as of December 2017 contains '''BTC&nbsp;141 177''' ($1.5 billion). Presumably the keys are kept very safe by Bitfinex's operators.<br />
<br />
==References==<br />
<references /><br />
<br />
* [https://bitcoinmagazine.com/11108/multisig-future-bitcoin/ How To Create A Bitcoin Multisig Wallet]<br />
* [https://bitcointalk.org/index.php?topic=507297.msg5594085 Discussion of multi-sig on Bitcoin talk]</div>Pancyrushttps://tests.bitcoin.it/w/index.php?title=Multi-signature&diff=68815Multi-signature2021-07-20T00:27:10Z<p>Pancyrus: Fixed many formatting issues.</p>
<hr />
<div>Multi-signature (multisig) refers to requiring multiple keys to authorize a Bitcoin [[transaction]], rather than a single signature from one key. It has a number of applications.<br />
<br />
* Dividing up responsibility for possession of bitcoins among multiple people.<br />
* Avoiding a single-point of failure, making it substantially more difficult for the wallet to be compromised.<br />
* <var>m</var>-of-<var>n</var> backup where loss of a single seed doesn't lead to loss of the wallet.<br />
<br />
== Use as a joint account ==<br />
<br />
Standard transactions on the Bitcoin network could be called "single-signature transactions" because transfers require only one signature — from the owner of the private key associated with the Bitcoin address. However, the Bitcoin network supports much more complicated transactions that require the signatures of multiple people before the funds can be transferred. These are often referred to as <var>m</var>-of-<var>n</var> transactions. The idea is that Bitcoins become "encumbered" by providing addresses of multiple parties, thus requiring cooperation of those parties in order to do anything with them. These parties can be people, institutions or programmed scripts.<br />
<br />
== Use for increasing security ==<br />
<br />
The private keys needed to spend from a wallet can be spread across multiple machines, eliminating any one of those machines as a single point of failure, with the rationale that malware and hackers are unlikely to infect all of them. The higher the number of keys required to spend the funds (i.e., the higher <var>m</var> is in <var>m</var>-of-<var>n</var>), the more difficult it would be for an attacker to successfully steal your funds, however the more cumbersome actually using that wallet becomes. <br />
<br />
The multisig wallet can be of the <var>m</var>-of-<var>n</var> type where any m private keys out of a possible n are required to move the money. For example a 2-of-3 multisig wallet might have your private keys spread across a desktop, laptop, and smartphone, any two of which are required to move the money, but the compromise of any one key cannot result in theft.<br />
<br />
This can be used in conjunction with hardware wallets. By requiring that keys from multiple hardware wallets sign transactions, it can vastly reduce the likelihood that a malicious party that handled your hardware wallet could steal your funds, because in order for it to do that, the malicious party would have to compromise multiple hardware wallets. If each hardware wallet you use in a multisig wallet is made by a different company, it would be incredibly difficult for them to secretly conspire on an attack.<br />
<br />
== Use as a backup ==<br />
<br />
Storing multiple keys to an <var>m</var>-of-<var>n</var> wallet in different locations can serve as a backup. For example, in a 2-of-3 multisig wallet, the loss of one key does not result in loss of the wallet, since the other two keys can be used to recover the funds. The redundancy of the backup is the difference <var>n</var> minus <var>m</var>, so for example a 3-of-5 multisig wallet (with no additional seed backups) has a redundancy of 2, meaning that the loss of any 2 keys can still be recovered from.<br />
<br />
== Multi-signature application examples ==<br />
<br />
{{See also|Storing bitcoins#Multi-signature wallets|Storing bitcoins § Multi-signature wallets}}<br />
<br />
* '''1-of-2''': Husband and wife petty cash joint account &mdash; the signature of either spouse is sufficient to spend the funds.<br />
<br />
* '''2-of-2''': Husband and wife savings account &mdash; both signatures are required to spend the funds, preventing one spouse from spending the money without the approval of the other.<br />
<br />
* '''2-of-3''': Parents’ savings account for child &mdash; the kid can spend the money with the approval of either parent, and money cannot be taken away from the child unless both parents agree.<br />
<br />
* '''2-of-2''': Two-factor authentication wallet &mdash; one private key is on your primary computer, the other on your smartphone — the funds cannot be spent without a signature from both devices. Thus, an attacker must gain access to both devices in order to steal your funds (much more difficult than one device).<br />
<br />
* '''3-of-5''': Low-trust donation address &mdash; five trusted people from a project each hold a private key. Three people are required to actually spend the money but anybody can donate to the project's address. Reduces the risk of embezzlement, hacking/malware or loss due to a single person losing interest in the project. Which private key was used in the final signature is visible on the blockchain which aids accountability.<br />
<br />
* '''2-of-3''': Buyer-seller with trustless escrow &mdash; buyer commits money into a 2-of-3 address with the seller and a third-party arbitrator. If transaction goes smoothly, then both buyer and seller sign the transaction to forward the money to the seller. If something goes wrong, they can sign a transaction to refund the buyer. If they cannot agree, they both appeal to the third-party who will arbitrate and provide a second signature to the party that it deems deserves it. The arbitrator cannot steal the money as they have only one key.<br />
<br />
* '''2-of-3''': A board of three directors maintaining funds for their organization &mdash; those funds cannot be spent unless any two of those directors agrees. Bigger multi-signature transactions are possible for bigger organizations, such as 3-of-5, 5-of-9, etc.<br />
<br />
* '''2-of-3''': Improved [[hot wallet]] security for businesses &mdash; a bitcoin business such as an exchange holds one private key online and one private key as paper backup. A separate bitcoin security firm holds the third key online and will only sign transactions after checking certain conditions (blacklists, whitelists, not more than X withdrawn per time period, two-factor authentication, comply with regulatory environment, etc). If the bitcoin business or the security firm's hot wallets individually get hacked, the bitcoins cannot be stolen. If the bitcoin security firm disappears the business can use the paper backup to access coins.<br />
<br />
* '''2-of-3''': Decentralized [[cold storage]] vault &mdash; one of the keys is held in your own home, the second in a bank safe deposit box and copies of the third key are distributed to a close friend, a relative and stored in the office. The home vault is not vulnerable to raiding or burglary because spending the money requires a visit to either the friend, bank or office. Losing the safe deposit box also doesn't result in loss.<br />
<br />
* '''2-of-2''': Smart [[contract]]s building block such as tumblebit, coinswap and [[Lightning Network]].<br />
<br />
* '''1 ''or'' 3-of-4''': Distributed backup &mdash; the primary owner can use the wallet at will, but if that owner loses their private keys, they can recover with the help of 3 of the other 4 trusted friends/organizations. One key could be kept in a security deposit box at a bank, the other 3 could be distribute to friends. In the case of death of the owner, the security deposit box can be willed to one of the trusted friends or someone who can get the help of the trusted friends. More [https://bitcoin.stackexchange.com/questions/89589/is-it-possible-to-do-a-3-of-5-or-1-multi-sig-for-backup-purposes/89590?noredirect=1#comment102505_89590 complex] multisig wallets can be created if desired.<br />
<br />
==History of multi-signature==<br />
<br />
Multi-signature has been used for thousands of years to protect the security of crypts holding the most precious relics of saints. The superior of a monastery would give monks only partial keys for gaining access to the precious relics. Thus, no single monk could gain access to and possibly steal the relics.<ref>[https://www.youtube.com/watch?v=YcmWQe29zro#t=10m27s Monks at Mt. Athos continue to use "hard" "multisignature" security today.]</ref><br />
<br />
==Multi-signature wallets==<br />
<br />
A number of wallets have implemented multisig:<ref>https://www.reddit.com/r/Bitcoin/comments/4eabpi/multisig_wallets_review_coinkite_alternatives_and/</ref> <br />
<br />
* [[Armory]]<br />
* [[CarbonWallet]]<br />
* [[Copay]]<br />
* [[Bitgo]]<br />
* [[Blocktrail]]<br />
* [[GreenAddress]]<br />
* [https://keys.casa Casa]<br />
* [[Electrum]] ([http://docs.electrum.org/en/latest/multisig.html See tutorial.])<br />
* [[Xapo]]<br />
* [[Coinkite]]<br />
* Coinb.in ''(See the warnings about [[Javascript cryptography]].)''<br />
<br />
===Creating a multi-signature address with Bitcoin-Qt===<br />
<br />
A 2-of-3 multisig address can be created by following these steps:<ref>https://bitcoin.stackexchange.com/a/10593/4334</ref><br />
<br />
<ol><li>Gather (or generate) 3 bitcoin addresses, on whichever machines will be participating, using getnewaddress or getaccountaddress RPC commands (or copy and paste from the GUI).</li><br />
<li>Get their public keys using the <code>validateaddress</code> [[API_reference_%28JSON-RPC%29|RPC]] command 3 times.</li><br />
<li>Then create a 2-of-3 multisig address using addmultisigaddress; e.g.,<br />
<pre>bitcoind addmultisigaddress 2 '["044322868cb17d64dcc22185ae2d4493111d73244c3668f8ac79ecc79c0ba8d30a6756d0fa20157 709af3281cc721c7f53321a8cabda29b77900b7e4fe0174b114","..second pubkey..","..third pubkey.."]'</pre><br />
<code>addmultisigaddress</code> returns the multi-signature address. Be a little careful, the public keys are raw hexadecimal and don't contain checksums like bitcoin addresses do. You can then send funds into that 2-of-3 transaction using the normal sendtoaddress/sendmany RPC commands, or the GUI (or anything that's been updated to recognize multisig addresses).<ref>https://bitcointalk.org/index.php?topic=82213.msg906833#msg906833</ref><br />
</li></ol><br />
<br />
Gavin Andresen has an example of using multisig with bitcoin-qt [[raw transactions]]: https://gist.github.com/gavinandresen/3966071<br />
<br />
== Notable examples in practice ==<br />
<br />
* The cold storage wallet of the [[Bitfinex]] exchange is a single 3-of-6 multisig address <code>3D2oetdNuZUqQHPJmcMDDHYoqkyNVsFk9r</code> which as of December 2017 contains '''BTC&nbsp;141 177''' ($1.5 billion). Presumably the keys are kept very safe by Bitfinex's operators.<br />
<br />
==References==<br />
<references /><br />
<br />
* [https://bitcoinmagazine.com/11108/multisig-future-bitcoin/ How To Create A Bitcoin Multisig Wallet]<br />
* [https://bitcointalk.org/index.php?topic=507297.msg5594085 Discussion of multi-sig on Bitcoin talk]</div>Pancyrushttps://tests.bitcoin.it/w/index.php?title=Raw_transactions&diff=68813Raw transactions2021-07-20T00:21:05Z<p>Pancyrus: Pancyrus moved page Raw Transactions to Raw transactions: It's not a proper noun, so it should be in sentence case.</p>
<hr />
<div>== Overview ==<br />
<br />
The "raw transaction API" was introduced with [[Bitcoind# History of official bitcoind (and predecessor) releases | Bitcoin-Qt/bitcoind version 0.7]]. It gives developers or very sophisticated end-users low-level access to transaction creation and broadcast.<br />
<br />
== JSON-RPC API ==<br />
=== listunspent [minconf=1] [maxconf=999999] ===<br />
Returns an array of unspent transaction outputs in the wallet that have between minconf and maxconf (inclusive) confirmations. Each output is a 5-element object with keys: txid, output, scriptPubKey, amount, confirmations. txid is the hexadecimal transaction id, output is which output of that transaction, scriptPubKey is the hexadecimal-encoded CScript for that output, amount is the value of that output and confirmations is the transaction's depth in the chain.<br />
=== lockunspent unlock? [{"txid":txid,"vout":n},...] ===<br />
Temporarily lock (unlock=false) or unlock (unlock=true) specified transaction outputs. A locked transaction output will not be chosen by automatic coin selection, when spending bitcoins. Locks are stored in memory only. Nodes start with zero locked outputs, and the locked output list is always cleared (by virtue of process exit) when a node stops or fails.<br />
<br />
=== listlockunspent ===<br />
List all temporarily locked transaction outputs.<br />
=== createrawtransaction [{"txid":txid,"vout":n},...] {address:amount,...} ===<br />
Create a transaction spending given inputs (array of objects containing transaction outputs to spend), sending to given address(es). Returns the hex-encoded transaction in a string. Note that the transaction's inputs are not signed, and it is not stored in the wallet or transmitted to the network.<br />
<br />
Also note that NO transaction validity checks are done; it is easy to create invalid transactions or transactions that will not be relayed/mined by the network because they contain insufficient fees.<br />
=== decoderawtransaction <hex string> ===<br />
Returns JSON object with information about a serialized, hex-encoded transaction.<br />
=== getrawtransaction <txid> [verbose=0] ===<br />
If verbose=0, returns serialized, hex-encoded data for transaction txid. If verbose is non-zero, returns a JSON Object containing information about the transaction. Returns an error if <txid> is unknown.<br />
=== signrawtransaction <hex string> [{"txid":txid,"vout":n,"scriptPubKey":hex},...] [<privatekey1>,...] [sighash="ALL"] ===<br />
Sign as many inputs as possible for raw transaction (serialized, hex-encoded). The first argument may be several variations of the same transaction concatenated together; signatures from all of them will be combined together, along with signatures for keys in the local wallet. The optional second argument is an array of parent transaction outputs, so you can create a chain of raw transactions that depend on each other before sending them to the network. Third optional argument is an array of base58-encoded private keys that, if given, will be the only keys used to sign the transaction. The fourth optional argument is a string that specifies how the [[OP CHECKSIG|signature hash]] is computed, and can be "ALL", "NONE", "SINGLE", "ALL|ANYONECANPAY", "NONE|ANYONECANPAY", or "SINGLE|ANYONECANPAY".<br />
Returns json object with keys:<br />
* hex : raw transaction with signature(s) (hex-encoded string)<br />
* complete : 1 if rawtx is completely signed, 0 if signatures are missing.<br />
If no private keys are given and the wallet is locked, requires that the wallet be unlocked with walletpassphrase first.<br />
<br />
=== sendrawtransaction <hex string> ===<br />
Submits raw transaction (serialized, hex-encoded) to local node and network. Returns transaction id, or an error if the transaction is invalid for any reason.<br />
<br />
== Motivating use cases ==<br />
=== Multisignature transactions ===<br />
Funds are sitting in one or more multisignature transaction outputs, and it is time to gather signatures and spend them.<br />
<br />
Assumption: you know the multisignature outputs' {txid, outputNumber, amount}.<br />
<br />
* Create a raw transaction to spend, using createrawtransaction.<br />
* Use signrawtransaction to add your signatures (after unlocking the wallet, if necessary).<br />
* Give the transaction to the other person(s) to sign.<br />
* You or they submit the transaction to the network using sendrawtransaction.<br />
'''You must be careful to include an appropriate transaction fee''', or the sendrawtransaction method is likely to fail (either immediately or, worse, the transaction will never confirm).<br />
=== Debugging/testing ===<br />
These lower-level routines will be useful for debugging and testing; listunspent gives a detailed list of the state of the wallet, and sendrawtx might be used to test double-spend-handling.<br />
<br />
=== Input selection control ===<br />
You want fine-grained control over exactly what coins in the wallet are spent.<br />
<br />
* Get a list of not-yet-spent outputs with listunspent<br />
* Create a transaction using createrawtransaction<br />
* Apply signatures using signrawtransaction<br />
* Submit it using sendrawtransaction<br />
Note that you are responsible for preventing accidental double-spends.<br />
<br />
=== Control over payment of fees and/or transaction re-transmission ===<br />
You want to specify, on a per-transaction basis, how much to pay in fees. Or you want to implement your own policy for how often transactions that are not immediately included in blocks are re-broadcast to the network.<br />
<br />
* Maintain a list of not-yet-spent, confirmed outputs with listunspent (refreshed every time a new block is found, using the -blocknotify feature).<br />
* Create a transaction with exactly the amount of fees you wish with createrawtransaction<br />
* Apply signatures using signrawtransaction<br />
* Submit it with sendrawtransaction<br />
* Re-submit it periodicially with sendrawtransaction if it does not get into a block.<br />
<br />
== Other, non-obvious use cases ==<br />
=== Re-broadcast a transaction ===<br />
If you want to re-broadcast a transaction right away, you can use the getrawtransaction and sendrawtransaction API calls to do that. As a bash shell-script one-liner it would be:<br />
* sendrawtransaction $(getrawtransaction $TXID)<br />
(note that Bitcoin-Qt/bitcoind automatically re-transmit wallet transactions periodically until they are accepted into a block).<br />
<br />
=== Validate a transaction without broadcasting it ===<br />
If you have a raw transaction and want to make sure all of its signatures are correct, you can use the signrawtransaction API call. Pass in the hex-encoded raw transaction, any inputs that bitcoind doesn't yet know about, and an empty array of private keys to use to sign the transaction. Passing an empty array of private keys will prevent signrawtransaction from doing any signing; if it returns "complete":1 then all of the existing signatures are valid and there are no signatures missing.<br />
<br />
==See Also==<br />
<br />
* [[Coin analogy]]<br />
* [[Original_Bitcoin_client/API_calls_list|API calls list]]<br />
* https://people.xiph.org/~greg/signdemo.txt example of signing offline<BR><br />
* https://people.xiph.org/~greg/escrowexample.txt example for escrow<BR><br />
* https://gist.github.com/3966071 example for offline multisig (not supported as of 0.7.1)<BR><br />
<br />
[[Category:Technical]]<br />
[[Category:Developer]]</div>Pancyrushttps://tests.bitcoin.it/w/index.php?title=Raw_Transactions&diff=68814Raw Transactions2021-07-20T00:21:05Z<p>Pancyrus: Pancyrus moved page Raw Transactions to Raw transactions: It's not a proper noun, so it should be in sentence case.</p>
<hr />
<div>#REDIRECT [[Raw transactions]]</div>Pancyrushttps://tests.bitcoin.it/w/index.php?title=Deterministic_wallet&diff=68812Deterministic wallet2021-07-19T23:52:21Z<p>Pancyrus: Moved the references to a references section and formatted them appropriately.</p>
<hr />
<div>A deterministic wallet is a system of deriving keys from a single starting point known as a seed. The seed allows a user to easily back up and restore a wallet without needing any other information and can in some cases allow the creation of public addresses without the knowledge of the private key. Seeds are typically serialized into human-readable words in a [[seed phrase]]. The [[BIP 0032]] standard for hierarchical deterministic wallets is used by all good wallets as of 2019.<br />
<br />
== Benefits ==<br />
<br />
Early clients such as the [[Satoshi client]] generate a buffer of fresh random private keys to be used as receiving and [[change|change addresses]] in the future. This has the effect of invalidating backups after a short period when the keypool buffer (typically 100 addresses) is exhausted. Deterministic wallets can generate an unlimited number of addresses on the fly and as such don't suffer from this issue. As the addresses are generated in a known fashion rather than randomly some clients can be used on multiple devices without the risk of losing funds. Users can conveniently create a single backup of the seed in a human readable format that will last the life of the wallet, without the worry of this backup becoming stale. <br />
<br />
=== Master public key ===<br />
<br />
Certain types of deterministic wallet (BIP0032, Armory, [[Coinkite]] and [https://coinb.in/#newHDaddress Coinb.in] ) additionally allow for the complete separation of private and public key creation for greater security and convenience. In this model a server can be set up to only know the Master Public Key (MPK) of a particular deterministic wallet. This allows the server to create as many public keys as is necessary for receiving funds, but a compromise of the MPK will not allow an attacker to spend from the wallet. They can alternatively be used in [[Electrum]] and [[Armory]] to enable completely offline storage and spending, where an offline computer knows the private key and an online one knows only the MPK. Transactions spending coins are ferried between the two computers via USB storage which avoids exposing the offline computer to a network-based attack.<br />
<br />
Deterministic wallets implemented by hardware wallets ([[TREZOR]]) keep the generated private keys offline and do not expose them to the computer even when spending coins.<br />
<br />
==Types==<br />
<br />
===Type 1: Deterministic wallet===<br />
A type 1 deterministic wallet is a simple method of generating addresses from a known starting string, as such it does not allow advanced features such as a Master Public Key. To generate a private key take SHA256(string + ''n''), where ''n'' is an ASCII-coded number that starts from 1 and increments as additional keys are needed. <br />
<br />
This type of wallet can be created by Casascius Bitcoin Address Utility.<br />
<br />
===Type 2: Hierarchical deterministic wallet===<br />
This wallet type is described in [[BIP 0032]] and is fully implemented in [[TREZOR]], [[Electrum]] and [[CarbonWallet]]. The seed is a random 128-bit value presented to the user as a 12-word seed phrase using common English words. The seed is used after 100,000 rounds of SHA256 to slow down attacks against weak user-chosen strings.<ref>https://bitcointalk.org/index.php?topic=330672.msg3547258#msg3547258</ref><br />
<br />
The initial description and workings of this wallet type is credited to Gregory Maxwell.<ref>https://bitcointalk.org/index.php?topic=19137.msg239768#msg239768</ref><br />
<br />
===Armory deterministic wallet===<br />
[[Armory]] has its own Type-2 deterministic wallet format based on a "root key" and a "chain code". Earlier versions of Armory required backing up both the "root key" and "chaincode", while newer versions start deriving the chaincode from the private key in a non-reversible way. These newer Armory wallets (0.89+) only require the single, 256-bit root key. This older format is intended to be phased out in favor of the standard BIP0032 format.<ref>https://bitcointalk.org/index.php?topic=351099.msg3770818#msg3770818</ref><br />
<br />
== References ==<br />
<references /><br />
<br />
== See also ==<br />
<br />
* [[Seed phrase]]<br />
* [[BIP 0032]]<br />
* [[Deterministic wallet tools]]<br />
<br />
[[Category:Technical]]<br />
[[Category:Wallets| ]]</div>Pancyrushttps://tests.bitcoin.it/w/index.php?title=Deterministic_wallet&diff=68811Deterministic wallet2021-07-19T23:49:10Z<p>Pancyrus: Fixed some formatting and grammatical issues.</p>
<hr />
<div>A deterministic wallet is a system of deriving keys from a single starting point known as a seed. The seed allows a user to easily back up and restore a wallet without needing any other information and can in some cases allow the creation of public addresses without the knowledge of the private key. Seeds are typically serialized into human-readable words in a [[seed phrase]]. The [[BIP 0032]] standard for hierarchical deterministic wallets is used by all good wallets as of 2019.<br />
<br />
== Benefits ==<br />
<br />
Early clients such as the [[Satoshi client]] generate a buffer of fresh random private keys to be used as receiving and [[change|change addresses]] in the future. This has the effect of invalidating backups after a short period when the keypool buffer (typically 100 addresses) is exhausted. Deterministic wallets can generate an unlimited number of addresses on the fly and as such don't suffer from this issue. As the addresses are generated in a known fashion rather than randomly some clients can be used on multiple devices without the risk of losing funds. Users can conveniently create a single backup of the seed in a human readable format that will last the life of the wallet, without the worry of this backup becoming stale. <br />
<br />
=== Master public key ===<br />
<br />
Certain types of deterministic wallet (BIP0032, Armory, [[Coinkite]] and [https://coinb.in/#newHDaddress Coinb.in] ) additionally allow for the complete separation of private and public key creation for greater security and convenience. In this model a server can be set up to only know the Master Public Key (MPK) of a particular deterministic wallet. This allows the server to create as many public keys as is necessary for receiving funds, but a compromise of the MPK will not allow an attacker to spend from the wallet. They can alternatively be used in [[Electrum]] and [[Armory]] to enable completely offline storage and spending, where an offline computer knows the private key and an online one knows only the MPK. Transactions spending coins are ferried between the two computers via USB storage which avoids exposing the offline computer to a network-based attack.<br />
<br />
Deterministic wallets implemented by hardware wallets ([[TREZOR]]) keep the generated private keys offline and do not expose them to the computer even when spending coins.<br />
<br />
==Types==<br />
<br />
===Type 1: Deterministic wallet===<br />
A type 1 deterministic wallet is a simple method of generating addresses from a known starting string, as such it does not allow advanced features such as a Master Public Key. To generate a private key take SHA256(string + ''n''), where ''n'' is an ASCII-coded number that starts from 1 and increments as additional keys are needed. <br />
<br />
This type of wallet can be created by Casascius Bitcoin Address Utility.<br />
<br />
===Type 2: Hierarchical deterministic wallet===<br />
This wallet type is described in [[BIP 0032]] and is fully implemented in [[TREZOR]], [[Electrum]] and [[CarbonWallet]]. The seed is a random 128-bit value presented to the user as a 12-word seed phrase using common English words. The seed is used after 100,000 rounds of SHA256 to slow down attacks against weak user-chosen strings. [https://bitcointalk.org/index.php?topic=330672.msg3547258#msg3547258]<br />
<br />
The initial description and workings of this wallet type is credited to Gregory Maxwell. [https://bitcointalk.org/index.php?topic=19137.msg239768#msg239768]<br />
<br />
===Armory deterministic wallet===<br />
[[Armory]] has its own Type-2 deterministic wallet format based on a "root key" and a "chain code". Earlier versions of Armory required backing up both the "root key" and "chaincode", while newer versions start deriving the chaincode from the private key in a non-reversible way. These newer Armory wallets (0.89+) only require the single, 256-bit root key. This older format is intended to be phased out in favor of the standard BIP0032 format. [https://bitcointalk.org/index.php?topic=351099.msg3770818#msg3770818]<br />
<br />
== See also ==<br />
<br />
* [[Seed phrase]]<br />
* [[BIP 0032]]<br />
* [[Deterministic wallet tools]]<br />
<br />
[[Category:Technical]]<br />
[[Category:Wallets| ]]</div>Pancyrushttps://tests.bitcoin.it/w/index.php?title=Testnet&diff=68810Testnet2021-07-19T23:40:46Z<p>Pancyrus: Fixed some formatting issues.</p>
<hr />
<div>The '''testnet''' is an alternative Bitcoin [[block chain]] to be used for testing. Testnet coins are separate and distinct from actual bitcoins, and are never supposed to have any value. This allows application developers or bitcoin testers to experiment, without having to use real bitcoins or worrying about breaking the main bitcoin chain.<br />
<br />
Run <code>bitcoin-qt</code> or <code>bitcoind</code> with the <code>-testnet</code> flag to use the testnet (or put <code>testnet=1</code> in the <code>bitcoin.conf</code> file).<br />
<br />
There have been three generations of testnet. Testnet2 was just the first testnet reset with a different genesis block, because people were starting to trade testnet coins for real money. '''Testnet3''' is the current test network. It was introduced with the 0.7 release, introduced a third genesis block, a new rule to avoid the "difficulty was too high, is now too low, and transactions take too long to verify" problem, and contains blocks with edge-case transactions designed to test implementation compatibility. On 21 December 2015, SegNet was deployed to test the Wuille's Segregated Witness proposal.<br />
<br />
==Differences==<br />
* Default Bitcoin network protocol listen port is 18333 (instead of 8333)<br />
* Default RPC connection port is 18332 (instead of 8332)<br />
* Bootstrapping uses different DNS seeds.<br />
* A different value of <code>ADDRESSVERSION</code> field ensures no testnet Bitcoin addresses will work on the production network. (<code>0x6F</code> rather than <code>0x00</code>)<br />
* The protocol message header bytes are <code>0x0B110907</code> (instead of <code>0xF9BEB4D9</code>) <br />
* Minimum [[difficulty]] of 1.0 on testnet is equal to difficulty of 0.5 on mainnet. This means that the mainnet-equivalent of any testnet difficulty is half the testnet difficulty. In addition, if no block has been found in 20 minutes, the difficulty automatically resets back to the minimum for a single block, after which it returns to its previous value.<br />
* A new genesis block<br />
* The <code>IsStandard()</code> check is disabled so that non-standard transactions can be experimented with.<br />
<br />
==Genesis Block==<br />
<br />
Testnet uses a different genesis block to the main network. You can find it [https://mempool.space/testnet/block/000000000933ea01ad0ee984209779baaec3ced90fa3f408719526f8d77f4943 here].<br />
The testnet was [https://github.com/gavinandresen/bitcoin-git/commit/feeb761ba07af74a7cd78b8c8f7c2a961fd9ea1c reset with a new genesis block] for the 0.7 Bitcoin release.<br />
<br />
==Size==<br />
Testnet receives less transactions than the main block chain and is typically much smaller in size. As of January 2018, the size of the data on disk was 14&nbsp;GB containing data for about 6 years worth of testnet activity. Downloading this data required about 12&nbsp;GB of network activity peaking at 2&nbsp;MB/s rate of transfer.<br />
<br />
==External links==<br />
<br />
* [https://bitcointalk.org/?topic=4483.0 Testnet in a box forum topic]<br />
* [https://sourceforge.net/projects/bitcoin/files/Bitcoin/testnet-in-a-box/ Testnet-In-A-Box self-contained testnet]<br />
* [https://github.com/freewil/bitcoin-testnet-box Forked/Updated testnet-box]<br />
<br />
===Wallets===<br />
<br />
Online testnet wallets to help you test your application.<br />
<br />
* [http://testnetwallet.com/ TestnetWallet.com]<br />
* [https://CoPay.io/ CoPay.io] wallet supports TestNet accounts<br />
<br />
===Faucets===<br />
<br />
Once you're done with your test coins, it is a nice gesture to send them back to the faucets, so they become available to other developers.<br />
* [http://tbtc.bitaps.com bitaps.com Testnet Faucet + double spend test tool]<br />
* [http://bitcoinfaucet.uo1.net/ UO1 Testnet Faucet]<br />
* [https://play.google.com/store/apps/details?id=com.mycelium.testnetwallet Mycelium Testnet Wallet for Android with integrated Testnet "faucet" function (Local Trader)]<br />
* [https://testnet-faucet.mempool.co mempool.co testnet3 Faucet]<br />
* [http://kuttler.eu/bitcoin/btc/faucet/ nkuttler's Bitcoin Testnet Faucet]<br />
<br />
Offline (2018-09-06):<br />
<br />
* [http://tpfaucet.appspot.com/ TP's TestNet Faucet]<br />
* [https://testnet.manu.backend.hamburg/faucet flyingkiwi's TestNet Faucet]<br />
<br />
Offline (2016-08-07):<br />
<br />
* [http://faucet.luis.im/ luis.im Mojocoin Testnet3 Faucet]<br />
* [https://accounts.blockcypher.com/testnet-faucet BlockCypher Testnet Faucet], also provided as a [http://dev.blockcypher.com/#faucets Testnet faucet API] for test automation<br />
<br />
===Block explorers===<br />
* [https://mempool.space/testnet Bitcoin Testnet on mempool.space]<br />
* [http://tbtc.bitaps.com/ Bitcoin Testnet Explorer on bitaps.com]<br />
* [https://www.biteasy.com/testnet/blocks Biteasy.com Testnet Blockexplorer]<br />
* [http://testnet.blockchain.info Blockchain.info Testnet Explorer]<br />
* [https://test-insight.bitpay.com/ Bitcoin Testnet on insight.bitpay.com]<br />
* [https://www.blocktrail.com/tBTC BlockTrail Testnet Explorer, Testnet API and Testnet Faucet]<br />
* [https://live.blockcypher.com/btc-testnet/ BlockCypher Testnet Explorer]<br />
[[Category:Technical]]<br />
[[Category:Developer]]<br />
<br />
{{Bitcoin Core documentation}}</div>Pancyrushttps://tests.bitcoin.it/w/index.php?title=Testnet&diff=68809Testnet2021-07-19T23:39:37Z<p>Pancyrus: Fixed some formatting and grammatical issues.</p>
<hr />
<div>The '''testnet''' is an alternative Bitcoin [[block chain]] to be used for testing. Testnet coins are separate and distinct from actual bitcoins, and are never supposed to have any value. This allows application developers or bitcoin testers to experiment, without having to use real bitcoins or worrying about breaking the main bitcoin chain.<br />
<br />
Run bitcoin-qt or bitcoind with the -testnet flag to use the testnet (or put testnet=1 in the bitcoin.conf file).<br />
<br />
There have been three generations of testnet. Testnet2 was just the first testnet reset with a different genesis block, because people were starting to trade testnet coins for real money. '''Testnet3''' is the current test network. It was introduced with the 0.7 release, introduced a third genesis block, a new rule to avoid the "difficulty was too high, is now too low, and transactions take too long to verify" problem, and contains blocks with edge-case transactions designed to test implementation compatibility. On 21 December 2015, SegNet was deployed to test the Wuille's Segregated Witness proposal.<br />
<br />
==Differences==<br />
* Default Bitcoin network protocol listen port is 18333 (instead of 8333)<br />
* Default RPC connection port is 18332 (instead of 8332)<br />
* Bootstrapping uses different DNS seeds.<br />
* A different value of <code>ADDRESSVERSION</code> field ensures no testnet Bitcoin addresses will work on the production network. (<code>0x6F</code> rather than <code>0x00</code>)<br />
* The protocol message header bytes are <code>0x0B110907</code> (instead of <code>0xF9BEB4D9</code>) <br />
* Minimum [[difficulty]] of 1.0 on testnet is equal to difficulty of 0.5 on mainnet. This means that the mainnet-equivalent of any testnet difficulty is half the testnet difficulty. In addition, if no block has been found in 20 minutes, the difficulty automatically resets back to the minimum for a single block, after which it returns to its previous value.<br />
* A new genesis block<br />
* The <code>IsStandard()</code> check is disabled so that non-standard transactions can be experimented with.<br />
<br />
==Genesis Block==<br />
<br />
Testnet uses a different genesis block to the main network. You can find it [https://mempool.space/testnet/block/000000000933ea01ad0ee984209779baaec3ced90fa3f408719526f8d77f4943 here].<br />
The testnet was [https://github.com/gavinandresen/bitcoin-git/commit/feeb761ba07af74a7cd78b8c8f7c2a961fd9ea1c reset with a new genesis block] for the 0.7 Bitcoin release.<br />
<br />
==Size==<br />
Testnet receives less transactions than the main block chain and is typically much smaller in size. As of January 2018, the size of the data on disk was 14&nbsp;GB containing data for about 6 years worth of testnet activity. Downloading this data required about 12&nbsp;GB of network activity peaking at 2&nbsp;MB/s rate of transfer.<br />
<br />
==External links==<br />
<br />
* [https://bitcointalk.org/?topic=4483.0 Testnet in a box forum topic]<br />
* [https://sourceforge.net/projects/bitcoin/files/Bitcoin/testnet-in-a-box/ Testnet-In-A-Box self-contained testnet]<br />
* [https://github.com/freewil/bitcoin-testnet-box Forked/Updated testnet-box]<br />
<br />
===Wallets===<br />
<br />
Online testnet wallets to help you test your application.<br />
<br />
* [http://testnetwallet.com/ TestnetWallet.com]<br />
* [https://CoPay.io/ CoPay.io] wallet supports TestNet accounts<br />
<br />
===Faucets===<br />
<br />
Once you're done with your test coins, it is a nice gesture to send them back to the faucets, so they become available to other developers.<br />
* [http://tbtc.bitaps.com bitaps.com Testnet Faucet + double spend test tool]<br />
* [http://bitcoinfaucet.uo1.net/ UO1 Testnet Faucet]<br />
* [https://play.google.com/store/apps/details?id=com.mycelium.testnetwallet Mycelium Testnet Wallet for Android with integrated Testnet "faucet" function (Local Trader)]<br />
* [https://testnet-faucet.mempool.co mempool.co testnet3 Faucet]<br />
* [http://kuttler.eu/bitcoin/btc/faucet/ nkuttler's Bitcoin Testnet Faucet]<br />
<br />
Offline (2018-09-06):<br />
<br />
* [http://tpfaucet.appspot.com/ TP's TestNet Faucet]<br />
* [https://testnet.manu.backend.hamburg/faucet flyingkiwi's TestNet Faucet]<br />
<br />
Offline (2016-08-07):<br />
<br />
* [http://faucet.luis.im/ luis.im Mojocoin Testnet3 Faucet]<br />
* [https://accounts.blockcypher.com/testnet-faucet BlockCypher Testnet Faucet], also provided as a [http://dev.blockcypher.com/#faucets Testnet faucet API] for test automation<br />
<br />
===Block explorers===<br />
* [https://mempool.space/testnet Bitcoin Testnet on mempool.space]<br />
* [http://tbtc.bitaps.com/ Bitcoin Testnet Explorer on bitaps.com]<br />
* [https://www.biteasy.com/testnet/blocks Biteasy.com Testnet Blockexplorer]<br />
* [http://testnet.blockchain.info Blockchain.info Testnet Explorer]<br />
* [https://test-insight.bitpay.com/ Bitcoin Testnet on insight.bitpay.com]<br />
* [https://www.blocktrail.com/tBTC BlockTrail Testnet Explorer, Testnet API and Testnet Faucet]<br />
* [https://live.blockcypher.com/btc-testnet/ BlockCypher Testnet Explorer]<br />
[[Category:Technical]]<br />
[[Category:Developer]]<br />
<br />
{{Bitcoin Core documentation}}</div>Pancyrushttps://tests.bitcoin.it/w/index.php?title=Wallet_import_format&diff=68808Wallet import format2021-07-19T23:26:23Z<p>Pancyrus: Fixed some formatting issues.</p>
<hr />
<div>{{sample}}<br />
A '''wallet import format''' ('''WIF''', also known as a '''wallet export format''') is a way of encoding a private ECDSA key so as to make it easier to copy.<br />
<br />
A testing suite is available for encoding and decoding of WIF at:<br />
<br />
http://gobittest.appspot.com/PrivateKey<br />
<br />
==Private key to WIF==<br />
1. Take a private key.<br />
0C28FCA386C7A227600B2FE50B7CAE{{taggant private key}}11EC86D3BF1FBE471BE89827E19D72AA1D<br />
2. Add a <code>0x80</code> byte in front of it for mainnet addresses or <code>0xef</code> for testnet addresses. Also add a <code>0x01</code> byte at the end if the private key will correspond to a compressed public key.<br />
800C28FCA386C7A227600B2FE50B7C{{taggant private key}}AE11EC86D3BF1FBE471BE89827E19D72AA1D<br />
3. Perform SHA-256 hash on the extended key.<br />
8147786C4D15106333BF278D71DADAF1079EF2D2440A4DDE37D747DED5403592<br />
4. Perform SHA-256 hash on result of SHA-256 hash.<br />
507A5B8DFED0FC6FE8801743720CEDEC06AA5C6FCA72B07C49964492FB98A714<br />
5. Take the first 4 bytes of the second SHA-256 hash; this is the checksum.<br />
507A5B8D<br />
6. Add the 4 checksum bytes from point 5 at the end of the extended key from point 2.<br />
800C28FCA386C7A227600B2FE50B7CAE11EC8{{taggant private key}}6D3BF1FBE471BE89827E19D72AA1D507A5B8D<br />
7. Convert the result from a byte string into a base58 string using [[Base58Check encoding]]. This is the wallet import format (WIF).<br />
5HueCGU8rMjxEXxiPuD5BDk{{taggant private key}}u4MkFqeZyd4dZ1jvhTVqvbTLvyTJ<br />
<br />
==WIF to private key==<br />
1. Take a wallet import format (WIF) string.<br />
5HueCGU8rMjxEXxiPuD5BDk{{taggant private key}}u4MkFqeZyd4dZ1jvhTVqvbTLvyTJ<br />
2. Convert it to a byte string using [[Base58Check encoding]].<br />
800C28FCA386C7A227600B2FE50B7CAE11EC{{taggant private key}}86D3BF1FBE471BE89827E19D72AA1D507A5B8D<br />
3. Drop the last 4 checksum bytes from the byte string.<br />
800C28FCA386C7A227600B2FE50B7CAE11EC86D3BF1FBE471BE89827E19D72AA1D<br />
4. Drop the first byte (it should be <code>0x80</code>). If the private key corresponded to a compressed public key, also drop the last byte (it should be <code>0x01</code>). If it corresponded to a compressed public key, the WIF string will have started with K or L instead of 5 (or c instead of 9 on testnet). This is the private key.<br />
0C28FCA386C7A227600B2FE50B7CAE1{{taggant private key}}1EC86D3BF1FBE471BE89827E19D72AA1D<br />
==WIF checksum checking==<br />
1. Take the wallet import format (WIF) string.<br />
5HueCGU8rMjxEXxiPuD5BD{{taggant private key}}ku4MkFqeZyd4dZ1jvhTVqvbTLvyTJ<br />
2. Convert it to a byte string using [[Base58Check encoding]].<br />
800C28FCA386C7A227600B2FE50B7CAE11E{{taggant private key}}C86D3BF1FBE471BE89827E19D72AA1D507A5B8D<br />
3. Drop the last 4 checksum bytes from the byte string.<br />
800C28FCA386C7A227600B2FE50B7CAE11EC86D3BF1FBE471BE89827E19D72AA1D<br />
4. Perform SHA-256 hash on the shortened string.<br />
8147786C4D15106333BF278D71DADAF1079EF2D2440A4DDE37D747DED5403592<br />
5. Perform SHA-256 hash on result of SHA-256 hash.<br />
507A5B8DFED0FC6FE8801743720CEDEC06AA5C6FCA72B07C49964492FB98A714<br />
6. Take the first 4 bytes of the second SHA-256 hash; this is the checksum.<br />
507A5B8D<br />
7. Make sure it is the same as the last 4 bytes from point 2.<br />
507A5B8D<br />
8. If they are, and the byte string from point 2 starts with <code>0x80</code> (<code>0xef</code> for testnet addresses), then there is no error.<br />
<br />
{{Stub}}<br />
{{Bitcoin Core documentation}}</div>Pancyrushttps://tests.bitcoin.it/w/index.php?title=Seed_phrase&diff=68573Seed phrase2021-03-21T05:50:34Z<p>Pancyrus: Fixed some formatting and grammatical issues.</p>
<hr />
<div>A '''seed phrase''', '''seed recovery phrase''' or '''backup seed phrase''' is a list of words which [[Storing bitcoins|store]] all the information needed to recover Bitcoin funds [[Transaction|on-chain]]. Wallet software will typically generate a seed phrase and instruct the user to write it down on paper. If the user's computer breaks or their hard drive becomes corrupted, they can download the same wallet software again and use the paper backup to get their bitcoins back.<br />
<br />
Anybody else who discovers the phrase can steal the bitcoins, so it must be kept safe like jewels or cash. For example, it must not be typed into any website.<br />
<br />
Seed phrases are an excellent way of backing up and [[storing bitcoins]], so they are used by almost all well-regarded wallets.<ref>[https://bitcoin.org/en/choose-your-wallet Bitcoin.org: Choose your wallet]</ref><br />
<br />
Seed phrases can only backups funds on the [[block chain]]. They cannot store funds involved in [[off-chain transactions]] such as [[Lightning Network]] or [[Blinded bearer certificates]]. Although these technologies are in their infancy as of 2019 so its possible in future seed phrases could be used to backup them.<br />
<br />
== BIP39 and its flaws ==<br />
<br />
[[BIP_0039|BIP39]] is the most common standard used for seed phrases. One notable example is [[Electrum|Electrum wallet]], which is using its own standard, and for good reasons. BIP39 has some flaws, known in the technical community but not known much wider. They are described [https://electrum.readthedocs.io/en/latest/seedphrase.html#motivation here on this electrum doc page]. Most seriously, BIP39 flaws mean it is not true to say that backing up a BIP39 seed phrase and name of wallet software is the only thing a user needs to do to keep their money safe. BIP39 works this way because its designers wanted their hardware wallet to also support [[altcoin]]s. [https://walletsrecovery.org/ walletsrecovery.org] is an attempt at helping with this issue, but ideally there will be a better solution in the future.<br />
<br />
<br />
== Example ==<br />
<br />
An example of a non-BIP39 seed phrase is:<br />
<br />
witch collapse practice feed shame open despair creek road again ice least<br />
<br />
The word order is important.<br />
<br />
[[File:Mnemonic-seed-still-life.jpg|300px|thumb|none|alt=An example seed phrase written on paper|Example seed phrase on paper.]]<br />
<br />
== Explanation ==<br />
<br />
A simplified explanation of how seed phrases work is that the wallet software has a list of words taken from a dictionary, with each word assigned to a number. The seed phrase can be converted to a number which is used as the seed integer to a [[Deterministic wallet|deterministic wallet]] that generates all the [[Private key|key pairs]] used in the wallet.<br />
<br />
The English-language wordlist for the BIP39 standard has 2048 words, so if the phrase contained only 12 random words, the number of possible combinations would be 2048^12 = 2^132 and the phrase would have 132 bits of security. However, some of the data in a BIP39 phrase is not random,<ref>[https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki#Generating_the_mnemonic BIP39: Generating the mnemonic]</ref> so the actual security of a 12-word BIP39 seed phrase is only 128 bits. This is approximately the same strength as all Bitcoin private keys, so most experts consider it to be sufficiently secure.<ref>[https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki#Security BIP32: Security]</ref><br />
<br />
It is not safe to invent your own seed phrase because humans are bad at generating randomness. The best way is to allow the wallet software to generate a phrase which you write down.<br />
<br />
As seed phrases use natural language words, they have excellent error correction. Words written in bad handwriting can often still be read. If one or two letters are missing or unreadable the word can often still be deduced. The [[#Word_Lists|word list]] that the seed phrase words are drawn from is carefully chosen so that the first four letters of each word are enough to uniquely identify it. This compares well with writing down a raw [[private key]] where a single letter being unreadable or incorrect can make the private key useless (depending on the serialization format).<br />
<br />
== Two-factor seed phrases ==<br />
<br />
Seed phrases, like all backups, can store any amount of bitcoins. It's a concerning idea to possibly have enough money to purchase the entire building just sitting on a sheet of paper without any protection. For this reason many wallets make it possible to encrypt a seed phrase with a password.<br />
<br />
The password can be used to create a two-factor seed phrase where both ''"something you have"'' plus ''"something you know"'' is required to unlock the bitcoins.<br />
<br />
This works by the wallet creating a seed phrase and asking the user for a password. Then both the seed phrase and extra word are required to recover the wallet. Electrum and some other wallets call the passphrase a '''"seed extension"''', '''"extension word"''' or '''"13th/25th word"'''. The BIP39 standard defines a way of passphrase-protecting a seed phrase. A similar scheme is also used in the Electrum standard. If a passphrase is not present, an empty string "" is used instead.<br />
<br />
'''Warning''': Forgetting this password will result in the bitcoin wallet and any contained money being lost. Do not overestimate your ability to remember passphrases especially when you may not use it very often.<br />
<br />
'''Warning''': The seed phrase password should not be confused with the password used to encrypt the wallet file on disk. This is probably why many wallets call it an extension word instead of a password.<br />
<br />
== Storing seed phrases for the long term == <br />
<br />
Most people write down phrases on paper but they can be stored in many other ways such as [[Brainwallet|memorizing]], engraving or stamping on metal, writing in the margins of a book, chiselling into a stone tablet or any other creative and inventive way.<br />
<br />
In the past many people have accidentally lost bitcoins because of failed backups, mistyped letters, forgotten hard drives, or corrupted SSD devices. It's also important to protect the seed from accidental loss.<br />
<br />
It could be a good idea to write some words of explanation on the same paper as the seed phrase. If storing for the long term you may forget what a phrase is how it should be treated. A sample explanation that can be adapted is:<br />
<br />
<blockquote>These twelve words have control over BITCOINS. Keep this paper safe and secret like cash or jewellery. The bitcoin information on this paper is encrypted with a passphrase. It is part of a multi-signature wallet and was made by Electrum bitcoin wallet software on 2019-01-01.</blockquote><br />
<br />
==== Paper and pencil backup ====<br />
<br />
Through bitter experience it has been found that one of the most practical storage mediums is '''pencil and paper'''. The private keys of a bitcoin wallet are encoded into [[seed phrase|random words from a dictionary]] which can be written down. If your hard drive crashes, you can find the paper with the [[seed phrase]] and restore the entire wallet. As [[seed phrase]]s use natural language words, they have good error correction. Words written in bad handwriting can often still be read. If one or two letters are missing the word can often still be deduced. The [[Seed_phrase#Word_Lists|word list]] that the seed phrase words are drawn from is carefully chosen so that the first four letters of each word are enough to uniquely identify it.<br />
<br />
For storing on paper writing with pencil is much better than pen<br />
<ref>[http://www.joethorn.net/blog/2011/12/07/pencil-does-not-fade Pencil Does Not Fade]<br />
</ref><ref>[https://www.quora.com/How-do-I-maintain-a-paper-notebook-that-can-remain-for-years How do I maintain a paper notebook that can remain for years?]<br />
</ref>.<br />
Paper should be acid-free or archival paper, and stored in the dark avoiding extremes of heat and moisture<br />
<ref>[https://www.loc.gov/preservation/care/deterioratebrochure.html Essential facts about preservation of Paper]<br />
</ref><ref>[https://www.quora.com/If-I-write-with-a-pencil-on-my-notebook-will-the-writing-last-for-a-long-time-say-50-years-or-will-it-just-fade-away-gradually Writing in a notebook with pencil]<br />
</ref><ref>[http://copar.org/bulletin14.htm CoPAR: Creating records that will last]</ref>.<br />
<br />
==== Metal backup ====<br />
<br />
Seed phrases can also be [https://blog.lopp.net/metal-bitcoin-seed-storage-stress-test--part-ii-/ stamped or engraved into metal] which is significantly more durable than paper. Metal backups are recommended if the threat model involves fire, water, extremes of temperature or physical stress.<br />
<br />
==== Methods that are not recommended ====<br />
<br />
Some methods that are not recommended are: storing in a file on a computer (including online), or storing online.<br />
<br />
Some people get the idea to split up their phrases, like storing 6 words in one location and the other 6 words in another location. This is a bad idea and should not be done, because if one set of 6 words is discovered then it becomes far easier to brute-force the rest of the phrase. Storing bitcoins in multiple locations like this should be done with [[multi-signature]] wallets instead.<br />
<br />
The [[Shamir Secret Sharing]] algorithm is sometimes promoted as a way to divide control of bitcoins, but in practice there are many pitfalls and trade-offs that make it not worth it. <!-- See the main article: [[Shamir Secret Snakeoil]] (the other one redirects here, no need to have 2 wikilinks with different captions going to the same article --><br />
<br />
Another bad idea is to add random decoy words that are somehow meaningful to you and later remove them to be left with only the 12-word phrase. The phrase words come from a known dictionary (see next section), so anybody can use that dictionary to weed out the decoy words.<br />
<br />
It's possible but risky to memorize ([[Brainwallet]]s) seed phrases. This should probably only be done in situations that really need it, such as crossing a hostile border where one expects to be searched.<br />
<br />
== Word lists ==<br />
<br />
Generally, a seed phrase only works with the same wallet software that created it. If storing for a long period of time it's a good idea to write the name of the wallet too.<br />
<br />
The BIP39 English word list has each word being uniquely identified by the first four letters, which can be useful when space to write them is scarce.<br />
<br />
* [https://github.com/bitcoin/bips/blob/master/bip-0039/bip-0039-wordlists.md BIP39 wordlists]<br />
* [https://github.com/spesmilo/electrum/blob/1.9.8/lib/mnemonic.py Electrum old-style wordlist]<br />
* [https://github.com/spesmilo/electrum/blob/master/electrum/wordlist/english.txt Electrum new-style wordlist]<br />
<br />
== Alternative name "mnemonic phrase" ==<br />
<br />
Seed phrases are sometimes called ''mnemonic phrases'', especially in older literature. This is a bad name because the word "mnemonic" implies that the phrase should be memorized. It is less misleading to call them seed phrases.<br />
<br />
== The power of backups ==<br />
<br />
An especially interesting aspect in the power of paper backups is allowing your money to be two places at once. At the London Inside Bitcoin conference, the keynote speaker showed 25 paper backups they were carrying&mdash;all password-protected. With that, one can carry $100,000 which can instantly be moved to a phone or transferred yet with total security. If it's stolen, then there is no risk because it is backed up elsewhere. That is powerful.<ref>https://www.reddit.com/r/Bitcoin/comments/2hmnru/poll_do_you_use_paper_wallets_why_why_not_what/</ref><br />
<br />
== See also ==<br />
<br />
* [https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki BIP39 seed phrase standard]<br />
* [[Deterministic wallet]]<br />
* [[Storing bitcoins]]<br />
* [[Brainwallet]]<br />
* [https://github.com/6102bitcoin/FAQ/blob/master/seed.md FAQ regarding bitcoin seeds]<br />
* [https://www.hodlalert.com/2020/12/21/generating-cryptographically-secure-random-numbers-with-coins-and-a-cup/ Generating Bitcoin Seed Phrases With Coins and A Cup]<br />
<br />
==References==<br />
<references /><br />
<br />
<br />
[[Category:Technical]]</div>Pancyrushttps://tests.bitcoin.it/w/index.php?title=Electrum&diff=68572Electrum2021-03-21T05:49:12Z<p>Pancyrus: Cleaned up some formatting issues.</p>
<hr />
<div>[[Image:Electrum_logo.png|400px]][[Image:Capture-Electrum.png|right|600px|Screenshot of Electrum with its Qt GUI]]<br />
<br />
[https://electrum.org Electrum] is a lightweight Bitcoin client, based on a client-server protocol. <br />
It was released on 5 November 2011.<br />
<br />
== Main features ==<br />
* Encrypted wallet: the file that contains bitcoin [[private keys]] is protected with a password, and never leaves the user's computer.<br />
* Deterministic key generation: If you lose your wallet file, you can recover it from its [[seed phrase|seed]]. You are protected from your own mistakes. (Note that Electrum's seed phrase is not according to the BIP39 standard.) <br />
* Instant on: by default the client does not download the blockchain, it requests that information from a server. No delays, always up-to-date.<br />
* Transactions are signed locally: Your private keys are not shared with the server. You do not have to trust the server with your money.<br />
* [[Cold storage]]: Keeping private keys offline is supported. Has a watch-only mode for online use.<br />
* [[Multi-signature]]: Dividing the power to spend coins between multiple wallets is supported.<br />
* [[Hardware wallet]] integration: Many leading hardware wallets can interface with Electrum, including [[Coldcard]], [[Trezor]] and [[Ledger]].<br />
* Redundancy: You are not tied to a particular server, and the server does not need to know you. One server going down doesn't cause user downtimes.<br />
* No single point of failure: The server code is open source, anyone can run a server. Private keys can be exported and imported into other wallets.<br />
* Firewall friendly: The client does not need to open a port, it simply polls the server for updates.<br />
* Free software: MIT License. Anyone can audit the code.<br />
* Written in Python. The code is short, and easy to review.<br />
* Add-ons: third-party plugins are supported.<br />
* Support for Bitcoin URIs, signed URIs and Bitcoin aliases<br />
<br />
__TOC__<br />
<br />
==Documentation==<br />
<br />
Documentation is hosted on http://docs.electrum.org/.<br />
<br />
It includes tutorials for the multi-signature, cold storage and hardware wallet features.<br />
<br />
==History==<br />
<br />
Electrum was announced 5 November 2011.<ref>[http://bitcointalk.org/index.php?topic=50936.0 Electrum - a new thin client]</ref><br />
<br />
== Server software ==<br />
<br />
The server code is open source, anyone can run a server. There are several implementations.<br />
<br />
Public Electrum servers run by strangers can easily spy on Electrum users. For this reason many people run their own server. For maximum [[Full node#Why should you use a full node wallet|trustlessness, privacy and security]]; users should point Electrum to their own servers.<br />
<br />
=== bwt ===<br />
<br />
'''bwt''' is a lightweight and performant HD wallet indexer backed by a bitcoin full node that [https://github.com/shesek/bwt#electrum-plugin can also be installed as an Electrum plugin].<br />
<br />
=== ElectrumX ===<br />
<br />
ElectrumX is the latest iteration of general purpose Electrum servers. Written in Python, it tries to be as efficient as possible to keep synchronization times low. ElectrumX is able to serve thousands of clients at once, it is suited to be an always-on server that contributes to bitcoin. Make sure that the version of ElectrumX you download supports Bitcoin. As of May 2020 some versions of ElectrumX only support [[altcoin]]s.<br />
<br />
GitHub: https://github.com/spesmilo/electrumx<br />
<br />
<!-- seems less relevant now... not sure<br />
Interview with author: https://btcmanager.com/nobody-has-setup-an-electrum-server-for-over-a-year/ archive: https://archive.is/lUnfa --><br />
<br />
=== Electrum Personal Server ===<br />
<br />
Electrum Personal Server has a different approach to a normal server. It is intended to be used by a single person only. Instead of creating a database of every transaction and address ever used on the bitcoin blockchain, Electrum Personal Server only tracks the user's own wallets. This allows it to be much more efficient with resources, it does not need any extra data files and is compatible with [[Bitcoin Core]]'s pruning feature.<br />
<br />
Electrum Personal Server is probably the best way to combine Electrum's feature-richness (hardware wallet integration, multi-signature, [[seed phrase]], etc) with a [[full node]]'s strong security and privacy.<br />
<br />
GitHub: https://github.com/chris-belcher/electrum-personal-server<br />
<br />
==See also==<br />
<br />
* [[Thin Client Security]]<br />
* [[Hardware wallet]]<br />
* [[Seed phrase]]<br />
* [[Multi-signature]]<br />
* [[Cold storage]]<br />
<br />
==External Links==<br />
<br />
* [http://electrum.org/ Electrum] project website<br />
* [https://github.com/spesmilo/electrum/ Electrum] project source<br />
<br />
==References==<br />
<references /><br />
<br />
[[Category:Clients]]<br />
[[Category:Open Source]]</div>Pancyrushttps://tests.bitcoin.it/w/index.php?title=Electrum&diff=68571Electrum2021-03-21T05:45:22Z<p>Pancyrus: Standardized dates to RFC 2822.</p>
<hr />
<div>[[Image:Electrum_logo.png|400px]][[Image:Capture-Electrum.png|right|600px|screenshot of Electrum with its Qt gui]]<br />
<br />
[https://electrum.org Electrum] is a lightweight Bitcoin client, based on a client-server protocol. <br />
It was released on 5 November 2011.<br />
<br />
== Main features ==<br />
* Encrypted wallet: the file that contains bitcoin [[private keys]] is protected with a password, and never leaves the user's computer.<br />
* Deterministic key generation: If you lose your wallet file, you can recover it from its [[seed phrase|seed]]. You are protected from your own mistakes. (Note that Electrum's seed phrase is not according to the BIP39 standard.) <br />
* Instant on: by default the client does not download the blockchain, it requests that information from a server. No delays, always up-to-date.<br />
* Transactions are signed locally: Your private keys are not shared with the server. You do not have to trust the server with your money.<br />
* [[Cold storage]]: Keeping private keys offline is supported. Has a watch-only mode for online use.<br />
* [[Multisignature]]: Dividing the power to spend coins between multiple wallets is supported.<br />
* [[Hardware wallet]] integration: Many leading hardware wallets can interface with Electrum, including [[Coldcard]], [[Trezor]] and [[Ledger]].<br />
* Redundancy: You are not tied to a particular server, and the server does not need to know you. One server going down doesn't cause user downtimes.<br />
* No single point of failure: The server code is open source, anyone can run a server. Private keys can be exported and imported into other wallets.<br />
* Firewall friendly: The client does not need to open a port, it simply polls the server for updates.<br />
* Free software: MIT License. Anyone can audit the code.<br />
* Written in Python. The code is short, and easy to review.<br />
* Add-ons: third-party plugins are supported.<br />
* Support for Bitcoin URIs, signed URIs and Bitcoin aliases<br />
<br />
__TOC__<br />
<br />
==Documentation==<br />
<br />
Documentation is hosted on http://docs.electrum.org/<br />
<br />
It includes tutorials for the multisignature, cold storage and hardware wallet features.<br />
<br />
==History==<br />
<br />
Electrum was announced 5 November 2011<ref>[http://bitcointalk.org/index.php?topic=50936.0 Electrum - a new thin client]</ref>.<br />
<br />
== Server software ==<br />
<br />
The server code is open source, anyone can run a server. There are several implementations.<br />
<br />
Public Electrum servers run by strangers can easily spy on Electrum users. For this reason many people run their own server. For maximum [[Full node#Why should you use a full node wallet|trustlessness, privacy and security]]; users should point Electrum to their own servers.<br />
<br />
=== bwt ===<br />
<br />
'''bwt''' is a lightweight and performant HD wallet indexer backed by a bitcoin full node that [https://github.com/shesek/bwt#electrum-plugin can also be installed as an Electrum plugin].<br />
<br />
=== ElectrumX ===<br />
<br />
ElectrumX is the latest iteration of general purpose Electrum servers. Written in python, it tries to be as efficient as possible to keep synchronization times low. ElectrumX is able to serve thousands of clients at once, it is suited to be an always-on server that contributes to bitcoin. Make sure that the version of ElectrumX you download supports Bitcoin. As of May 2020 some versions of ElectrumX only support [[altcoin]]s.<br />
<br />
GitHub: https://github.com/spesmilo/electrumx<br />
<br />
<!-- seems less relevant now... not sure<br />
Interview with author: https://btcmanager.com/nobody-has-setup-an-electrum-server-for-over-a-year/ archive: https://archive.is/lUnfa --><br />
<br />
=== Electrum Personal Server ===<br />
<br />
Electrum Personal Server has a different approach to a normal server. It is intended to be used by a single person only. Instead of creating a database of every transaction and address ever used on the bitcoin blockchain, Electrum Personal Server only tracks the user's own wallets. This allows it to be much more efficient with resources, it does not need any extra data files and is compatible with [[Bitcoin Core]]'s pruning feature.<br />
<br />
Electrum Personal Server is probably the best way to combine Electrum's feature-richness (hardware wallet integration, multisignature, [[seed phrase]], etc) with a [[full node]]'s strong security and privacy.<br />
<br />
GitHub: https://github.com/chris-belcher/electrum-personal-server<br />
<br />
==See Also==<br />
<br />
* [[Thin Client Security]]<br />
* [[Hardware wallet]]<br />
* [[Seed phrase]]<br />
* [[Multisignature]]<br />
* [[Cold storage]]<br />
<br />
==External Links==<br />
<br />
* [http://electrum.org/ Electrum] project website<br />
* [https://github.com/spesmilo/electrum/ Electrum] project source<br />
<br />
==References==<br />
<references /><br />
<br />
[[Category:Clients]]<br />
[[Category:Open Source]]</div>Pancyrushttps://tests.bitcoin.it/w/index.php?title=Multi-signature&diff=68570Multi-signature2021-03-21T05:43:06Z<p>Pancyrus: /* Notable examples in practice */ Currency codes precede amounts in English.</p>
<hr />
<div>Multi-signature (multisig) refers to requiring multiple keys to authorize a Bitcoin [[transaction]], rather than a single signature from one key. It has a number of applications.<br />
<br />
* Dividing up responsibility for possession of bitcoins among multiple people.<br />
* Avoiding a single-point of failure, making it substantially more difficult for the wallet to be compromised.<br />
* ''m''-of-''n'' backup where loss of a single seed doesn't lead to loss of the wallet.<br />
<br />
== Use as a joint account ==<br />
<br />
Standard transactions on the Bitcoin network could be called “single-signature transactions,” because transfers require only one signature — from the owner of the private key associated with the Bitcoin address. However, the Bitcoin network supports much more complicated transactions that require the signatures of multiple people before the funds can be transferred. These are often referred to as ''m''-of-''n'' transactions. The idea is that Bitcoins become “encumbered” by providing addresses of multiple parties, thus requiring cooperation of those parties in order to do anything with them. These parties can be people, institutions or programmed scripts.<br />
<br />
== Use for increasing security ==<br />
<br />
The private keys needed to spend from a wallet can be spread across multiple machines, eliminating any one of those machines as a single point of failure, with the rationale that malware and hackers are unlikely to infect all of them. The higher the number of keys required to spend the funds (ie the higher ''m'' is in ''m''-of-''n''), the more difficult it would be for an attacker to successfully steal your funds, however the more cumbersome actually using that wallet becomes. <br />
<br />
The multisig wallet can be of the ''m''-of-''n'' type where any m private keys out of a possible n are required to move the money. For example a 2-of-3 multisig wallet might have your private keys spread across a desktop, laptop, and smartphone, any two of which are required to move the money, but the compromise of any one key cannot result in theft.<br />
<br />
This can be used in conjunction with hardware wallets. By requiring that keys from multiple hardware wallets sign transactions, it can vastly reduce the likelihood that a malicious party that handled your hardware wallet could steal your funds, because in order for it to do that, the malicious party would have to compromise multiple hardware wallets. If each hardware wallet you use in a multisig wallet is made by a different company, it would be incredibly difficult for them to secretly conspire on an attack.<br />
<br />
== Use as a backup ==<br />
<br />
Storing multiple keys to an ''m''-of-''n'' wallet in different locations can serve as a backup. For example, in a 2-of-3 multisig wallet, the loss of one key does not result in loss of the wallet, since the other two keys can be used to recover the funds. The redundancy of the backup is the difference ''n'' minus ''m'', so for example a 3-of-5 multisig wallet (with no additional seed backups) has a redundancy of 2, meaning that the loss of any 2 keys can still be recovered from.<br />
<br />
== Multi-signature application examples ==<br />
<br />
* 1-of-2: Husband and wife petty cash joint account — the signature of either spouse is sufficient to spend the funds.<br />
<br />
* 2-of-2: Husband and wife savings account — both signatures are required to spend the funds, preventing one spouse from spending the money without the approval of the other<br />
<br />
* 2-of-3: Parents’ savings account for child — the kid can spend the money with the approval of either parent, and money cannot be taken away from the child unless both parents agree<br />
<br />
* 2-of-2: Two-factor authentication wallet - One private key is on your primary computer, the other on your smartphone — the funds cannot be spent without a signature from both devices. Thus, an attacker must gain access to both devices in order to steal your funds (much more difficult than one device)<br />
<br />
* 3-of-5: Low-trust donation address - five trusted people from a project each hold a private key. Three people are required to actually spend the money but anybody can donate to the project's address. Reduces the risk of embezzlement, hacking/malware or loss due to a single person losing interest in the project. Which private key was used in the final signature is visible on the blockchain which aids accountability.<br />
<br />
* 2-of-3: Buyer-seller with trustless escrow - buyer commits money into a 2-of-3 address with the seller and a third-party arbitrator. If transaction goes smoothly, then both buyer and seller sign the transaction to forward the money to the seller. If something goes wrong, they can sign a transaction to refund the buyer. If they cannot agree, they both appeal to the third-party who will arbitrate and provide a second signature to the party that it deems deserves it. The arbitrator cannot steal the money as they have only one key.<br />
<br />
* 2-of-3: A board of three directors maintaining funds for their organization — those funds cannot be spent unless any two of those directors agrees. Bigger multi-signature transactions are possible for bigger organizations, such as 3-of-5, 5-of-9, etc.<br />
<br />
* 2-of-3: Improved [[hot wallet]] security for businesses - A bitcoin business such as an exchange holds one private key online and one private key as paper backup. A separate bitcoin security firm holds the third key online and will only sign transactions after checking certain conditions (blacklists, whitelists, not more than X withdrawn per time period, two-factor authentication, comply with regulatory environment, etc). If the bitcoin business or the security firm's hot wallets individually get hacked, the bitcoins cannot be stolen. If the bitcoin security firm disappears the business can use the paper backup to access coins.<br />
<br />
* 2-of-3: Decentralized [[cold storage]] vault - One of the keys is held in your own home, the second in a bank safe deposit box and copies of the third key are distributed to a close friend, a relative and stored in the office. The home vault is not vulnerable to raiding or burglary because spending the money requires a visit to either the friend, bank or office. Losing the safe deposit box also doesn't result in loss.<br />
<br />
* 2-of-2: Smart [[contract]]s building block such as tumblebit, coinswap and [[Lightning Network]].<br />
<br />
* 1 OR 3-of-4: Distributed Backup - The primary owner can use the wallet at will, but if that owner loses their private keys, they can recover with the help of 3 of the other 4 trusted friends/organizations. One key could be kept in a security deposit box at a bank, the other 3 could be distribute to friends. In the case of death of the owner, the security deposit box can be willed to one of the trusted friends or someone who can get the help of the trusted friends. More [https://bitcoin.stackexchange.com/questions/89589/is-it-possible-to-do-a-3-of-5-or-1-multi-sig-for-backup-purposes/89590?noredirect=1#comment102505_89590 complex] multisig wallets can be created if desired.<br />
<br />
See also: [[Storing_bitcoins#Multi-signature_wallets]]<br />
<br />
==History of multi-signature==<br />
<br />
Multi-signature has been used for thousands of years to protect the security of crypts holding the most precious relics of saints. The superior of a monastery would give monks only partial keys for gaining access to the precious relics. Thus, no single monk could gain access to and possibly steal the relics.<ref>[https://www.youtube.com/watch?v=YcmWQe29zro#t=10m27s Monks at Mt. Athos continue to use "hard" "multisignature" security today.]</ref><br />
<br />
==Multi-signature wallets==<br />
<br />
A number of wallets have implemented multisig:<ref>https://www.reddit.com/r/Bitcoin/comments/4eabpi/multisig_wallets_review_coinkite_alternatives_and/</ref> <br />
<br />
* [[Armory]]<br />
* [[CarbonWallet]]<br />
* [[Copay]]<br />
* [[Bitgo]]<br />
* [[Blocktrail]]<br />
* [[GreenAddress]]<br />
* [https://keys.casa Casa]<br />
* [[Electrum]] - [http://docs.electrum.org/en/latest/multisig.html See tutorial].<br />
* [[Xapo]]<br />
* [[Coinkite]]<br />
* Coinb.in - (''See the warnings about [[Javascript cryptography]]'')<br />
<br />
===Creating a multi-signature address with Bitcoin-Qt===<br />
<br />
A 2of3 multisig address can be created by following these steps:<ref>https://bitcoin.stackexchange.com/a/10593/4334</ref><br />
<br />
<blockquote><ol><li>Gather (or generate) 3 bitcoin addresses, on whichever machines will be participating, using getnewaddress or getaccountaddress RPC commands (or copy and paste from the GUI).</li><br />
<li>Get their public keys using the <tt>validateaddress</tt> [[API_reference_%28JSON-RPC%29|RPC]] command 3 times.</li><br />
<li>Then create a 2-of-3 multisig address using addmultisigaddress; e.g.<blockquote><code>bitcoind addmultisigaddress 2 '["044322868cb17d64dcc22185ae2d4493111d73244c3668f8ac79ecc79c0ba8d30a6756d0fa20157 709af3281cc721c7f53321a8cabda29b77900b7e4fe0174b114","..second pubkey..","..third pubkey.."]'</code></blockquote></li></ol><tt>addmultisigaddress</tt> returns the multi-signature address. Be a little careful, the public keys are raw hexadecimal and don't contain checksums like bitcoin addresses do. You can then send funds into that 2-of-3 transaction using the normal sendtoaddress/sendmany RPC commands, or the GUI (or anything that's been updated to recognize multisig addresses).<ref>https://bitcointalk.org/index.php?topic=82213.msg906833#msg906833</ref></blockquote><br />
<br />
Gavin Andresen has an example of using multisig with bitcoin-qt [[Raw Transactions]]: https://gist.github.com/gavinandresen/3966071<br />
<br />
== Notable examples in practice ==<br />
<br />
* The cold storage wallet of the [[Bitfinex]] exchange is a single 3-of-6 multisig address <code>3D2oetdNuZUqQHPJmcMDDHYoqkyNVsFk9r</code> which as of December 2017 contains '''BTC&nbsp;141 177''' ($1.5 billion). Presumably the keys are kept very safe by Bitfinex's operators.<br />
<br />
==References==<br />
<references /><br />
<br />
* [https://bitcoinmagazine.com/11108/multisig-future-bitcoin/ How To Create A Bitcoin Multisig Wallet]<br />
* [https://bitcointalk.org/index.php?topic=507297.msg5594085 Discussion of multi-sig on Bitcoin talk]</div>Pancyrushttps://tests.bitcoin.it/w/index.php?title=Multi-signature&diff=68569Multi-signature2021-03-21T05:40:42Z<p>Pancyrus: Formatted the "m-of-n" as mathematical variables.</p>
<hr />
<div>Multi-signature (multisig) refers to requiring multiple keys to authorize a Bitcoin [[transaction]], rather than a single signature from one key. It has a number of applications.<br />
<br />
* Dividing up responsibility for possession of bitcoins among multiple people.<br />
* Avoiding a single-point of failure, making it substantially more difficult for the wallet to be compromised.<br />
* ''m''-of-''n'' backup where loss of a single seed doesn't lead to loss of the wallet.<br />
<br />
== Use as a joint account ==<br />
<br />
Standard transactions on the Bitcoin network could be called “single-signature transactions,” because transfers require only one signature — from the owner of the private key associated with the Bitcoin address. However, the Bitcoin network supports much more complicated transactions that require the signatures of multiple people before the funds can be transferred. These are often referred to as ''m''-of-''n'' transactions. The idea is that Bitcoins become “encumbered” by providing addresses of multiple parties, thus requiring cooperation of those parties in order to do anything with them. These parties can be people, institutions or programmed scripts.<br />
<br />
== Use for increasing security ==<br />
<br />
The private keys needed to spend from a wallet can be spread across multiple machines, eliminating any one of those machines as a single point of failure, with the rationale that malware and hackers are unlikely to infect all of them. The higher the number of keys required to spend the funds (ie the higher ''m'' is in ''m''-of-''n''), the more difficult it would be for an attacker to successfully steal your funds, however the more cumbersome actually using that wallet becomes. <br />
<br />
The multisig wallet can be of the ''m''-of-''n'' type where any m private keys out of a possible n are required to move the money. For example a 2-of-3 multisig wallet might have your private keys spread across a desktop, laptop, and smartphone, any two of which are required to move the money, but the compromise of any one key cannot result in theft.<br />
<br />
This can be used in conjunction with hardware wallets. By requiring that keys from multiple hardware wallets sign transactions, it can vastly reduce the likelihood that a malicious party that handled your hardware wallet could steal your funds, because in order for it to do that, the malicious party would have to compromise multiple hardware wallets. If each hardware wallet you use in a multisig wallet is made by a different company, it would be incredibly difficult for them to secretly conspire on an attack.<br />
<br />
== Use as a backup ==<br />
<br />
Storing multiple keys to an ''m''-of-''n'' wallet in different locations can serve as a backup. For example, in a 2-of-3 multisig wallet, the loss of one key does not result in loss of the wallet, since the other two keys can be used to recover the funds. The redundancy of the backup is the difference ''n'' minus ''m'', so for example a 3-of-5 multisig wallet (with no additional seed backups) has a redundancy of 2, meaning that the loss of any 2 keys can still be recovered from.<br />
<br />
== Multi-signature application examples ==<br />
<br />
* 1-of-2: Husband and wife petty cash joint account — the signature of either spouse is sufficient to spend the funds.<br />
<br />
* 2-of-2: Husband and wife savings account — both signatures are required to spend the funds, preventing one spouse from spending the money without the approval of the other<br />
<br />
* 2-of-3: Parents’ savings account for child — the kid can spend the money with the approval of either parent, and money cannot be taken away from the child unless both parents agree<br />
<br />
* 2-of-2: Two-factor authentication wallet - One private key is on your primary computer, the other on your smartphone — the funds cannot be spent without a signature from both devices. Thus, an attacker must gain access to both devices in order to steal your funds (much more difficult than one device)<br />
<br />
* 3-of-5: Low-trust donation address - five trusted people from a project each hold a private key. Three people are required to actually spend the money but anybody can donate to the project's address. Reduces the risk of embezzlement, hacking/malware or loss due to a single person losing interest in the project. Which private key was used in the final signature is visible on the blockchain which aids accountability.<br />
<br />
* 2-of-3: Buyer-seller with trustless escrow - buyer commits money into a 2-of-3 address with the seller and a third-party arbitrator. If transaction goes smoothly, then both buyer and seller sign the transaction to forward the money to the seller. If something goes wrong, they can sign a transaction to refund the buyer. If they cannot agree, they both appeal to the third-party who will arbitrate and provide a second signature to the party that it deems deserves it. The arbitrator cannot steal the money as they have only one key.<br />
<br />
* 2-of-3: A board of three directors maintaining funds for their organization — those funds cannot be spent unless any two of those directors agrees. Bigger multi-signature transactions are possible for bigger organizations, such as 3-of-5, 5-of-9, etc.<br />
<br />
* 2-of-3: Improved [[hot wallet]] security for businesses - A bitcoin business such as an exchange holds one private key online and one private key as paper backup. A separate bitcoin security firm holds the third key online and will only sign transactions after checking certain conditions (blacklists, whitelists, not more than X withdrawn per time period, two-factor authentication, comply with regulatory environment, etc). If the bitcoin business or the security firm's hot wallets individually get hacked, the bitcoins cannot be stolen. If the bitcoin security firm disappears the business can use the paper backup to access coins.<br />
<br />
* 2-of-3: Decentralized [[cold storage]] vault - One of the keys is held in your own home, the second in a bank safe deposit box and copies of the third key are distributed to a close friend, a relative and stored in the office. The home vault is not vulnerable to raiding or burglary because spending the money requires a visit to either the friend, bank or office. Losing the safe deposit box also doesn't result in loss.<br />
<br />
* 2-of-2: Smart [[contract]]s building block such as tumblebit, coinswap and [[Lightning Network]].<br />
<br />
* 1 OR 3-of-4: Distributed Backup - The primary owner can use the wallet at will, but if that owner loses their private keys, they can recover with the help of 3 of the other 4 trusted friends/organizations. One key could be kept in a security deposit box at a bank, the other 3 could be distribute to friends. In the case of death of the owner, the security deposit box can be willed to one of the trusted friends or someone who can get the help of the trusted friends. More [https://bitcoin.stackexchange.com/questions/89589/is-it-possible-to-do-a-3-of-5-or-1-multi-sig-for-backup-purposes/89590?noredirect=1#comment102505_89590 complex] multisig wallets can be created if desired.<br />
<br />
See also: [[Storing_bitcoins#Multi-signature_wallets]]<br />
<br />
==History of multi-signature==<br />
<br />
Multi-signature has been used for thousands of years to protect the security of crypts holding the most precious relics of saints. The superior of a monastery would give monks only partial keys for gaining access to the precious relics. Thus, no single monk could gain access to and possibly steal the relics.<ref>[https://www.youtube.com/watch?v=YcmWQe29zro#t=10m27s Monks at Mt. Athos continue to use "hard" "multisignature" security today.]</ref><br />
<br />
==Multi-signature wallets==<br />
<br />
A number of wallets have implemented multisig:<ref>https://www.reddit.com/r/Bitcoin/comments/4eabpi/multisig_wallets_review_coinkite_alternatives_and/</ref> <br />
<br />
* [[Armory]]<br />
* [[CarbonWallet]]<br />
* [[Copay]]<br />
* [[Bitgo]]<br />
* [[Blocktrail]]<br />
* [[GreenAddress]]<br />
* [https://keys.casa Casa]<br />
* [[Electrum]] - [http://docs.electrum.org/en/latest/multisig.html See tutorial].<br />
* [[Xapo]]<br />
* [[Coinkite]]<br />
* Coinb.in - (''See the warnings about [[Javascript cryptography]]'')<br />
<br />
===Creating a multi-signature address with Bitcoin-Qt===<br />
<br />
A 2of3 multisig address can be created by following these steps:<ref>https://bitcoin.stackexchange.com/a/10593/4334</ref><br />
<br />
<blockquote><ol><li>Gather (or generate) 3 bitcoin addresses, on whichever machines will be participating, using getnewaddress or getaccountaddress RPC commands (or copy and paste from the GUI).</li><br />
<li>Get their public keys using the <tt>validateaddress</tt> [[API_reference_%28JSON-RPC%29|RPC]] command 3 times.</li><br />
<li>Then create a 2-of-3 multisig address using addmultisigaddress; e.g.<blockquote><code>bitcoind addmultisigaddress 2 '["044322868cb17d64dcc22185ae2d4493111d73244c3668f8ac79ecc79c0ba8d30a6756d0fa20157 709af3281cc721c7f53321a8cabda29b77900b7e4fe0174b114","..second pubkey..","..third pubkey.."]'</code></blockquote></li></ol><tt>addmultisigaddress</tt> returns the multi-signature address. Be a little careful, the public keys are raw hexadecimal and don't contain checksums like bitcoin addresses do. You can then send funds into that 2-of-3 transaction using the normal sendtoaddress/sendmany RPC commands, or the GUI (or anything that's been updated to recognize multisig addresses).<ref>https://bitcointalk.org/index.php?topic=82213.msg906833#msg906833</ref></blockquote><br />
<br />
Gavin Andresen has an example of using multisig with bitcoin-qt [[Raw Transactions]]: https://gist.github.com/gavinandresen/3966071<br />
<br />
== Notable examples in practice ==<br />
<br />
* The cold storage wallet of the [[Bitfinex]] exchange is a single 3-of-6 multisig address <code>3D2oetdNuZUqQHPJmcMDDHYoqkyNVsFk9r</code> which as of December 2017 contains '''141 177 btc''' ($1.5 billion). Presumably the keys are kept very safe by Bitfinex's operators. <br />
<br />
==References==<br />
<references /><br />
<br />
* [https://bitcoinmagazine.com/11108/multisig-future-bitcoin/ How To Create A Bitcoin Multisig Wallet]<br />
* [https://bitcointalk.org/index.php?topic=507297.msg5594085 Discussion of multi-sig on Bitcoin talk]</div>Pancyrushttps://tests.bitcoin.it/w/index.php?title=Multi-signature&diff=68568Multi-signature2021-03-21T05:37:15Z<p>Pancyrus: Formatted as per wiki conventions.</p>
<hr />
<div>Multi-signature (multisig) refers to requiring multiple keys to authorize a Bitcoin [[transaction]], rather than a single signature from one key. It has a number of applications.<br />
<br />
* Dividing up responsibility for possession of bitcoins among multiple people.<br />
* Avoiding a single-point of failure, making it substantially more difficult for the wallet to be compromised.<br />
* M-of-N backup where loss of a single seed doesn't lead to loss of the wallet.<br />
<br />
== Use as a joint account ==<br />
<br />
Standard transactions on the Bitcoin network could be called “single-signature transactions,” because transfers require only one signature — from the owner of the private key associated with the Bitcoin address. However, the Bitcoin network supports much more complicated transactions that require the signatures of multiple people before the funds can be transferred. These are often referred to as M-of-N transactions. The idea is that Bitcoins become “encumbered” by providing addresses of multiple parties, thus requiring cooperation of those parties in order to do anything with them. These parties can be people, institutions or programmed scripts.<br />
<br />
== Use for increasing security ==<br />
<br />
The private keys needed to spend from a wallet can be spread across multiple machines, eliminating any one of those machines as a single point of failure, with the rationale that malware and hackers are unlikely to infect all of them. The higher the number of keys required to spend the funds (ie the higher M is in M-of-N), the more difficult it would be for an attacker to successfully steal your funds, however the more cumbersome actually using that wallet becomes. <br />
<br />
The multisig wallet can be of the m-of-n type where any m private keys out of a possible n are required to move the money. For example a 2-of-3 multisig wallet might have your private keys spread across a desktop, laptop, and smartphone, any two of which are required to move the money, but the compromise of any one key cannot result in theft.<br />
<br />
This can be used in conjunction with hardware wallets. By requiring that keys from multiple hardware wallets sign transactions, it can vastly reduce the likelihood that a malicious party that handled your hardware wallet could steal your funds, because in order for it to do that, the malicious party would have to compromise multiple hardware wallets. If each hardware wallet you use in a multisig wallet is made by a different company, it would be incredibly difficult for them to secretly conspire on an attack.<br />
<br />
== Use as a backup ==<br />
<br />
Storing multiple keys to an M-of-N wallet in different locations can serve as a backup. For example, in a 2-of-3 multisig wallet, the loss of one key does not result in loss of the wallet, since the other two keys can be used to recover the funds. The redundancy of the backup is the difference N minus M, so for example a 3-of-5 multisig wallet (with no additional seed backups) has a redundancy of 2, meaning that the loss of any 2 keys can still be recovered from.<br />
<br />
== Multi-signature application examples ==<br />
<br />
* 1-of-2: Husband and wife petty cash joint account — the signature of either spouse is sufficient to spend the funds.<br />
<br />
* 2-of-2: Husband and wife savings account — both signatures are required to spend the funds, preventing one spouse from spending the money without the approval of the other<br />
<br />
* 2-of-3: Parents’ savings account for child — the kid can spend the money with the approval of either parent, and money cannot be taken away from the child unless both parents agree<br />
<br />
* 2-of-2: Two-factor authentication wallet - One private key is on your primary computer, the other on your smartphone — the funds cannot be spent without a signature from both devices. Thus, an attacker must gain access to both devices in order to steal your funds (much more difficult than one device)<br />
<br />
* 3-of-5: Low-trust donation address - five trusted people from a project each hold a private key. Three people are required to actually spend the money but anybody can donate to the project's address. Reduces the risk of embezzlement, hacking/malware or loss due to a single person losing interest in the project. Which private key was used in the final signature is visible on the blockchain which aids accountability.<br />
<br />
* 2-of-3: Buyer-seller with trustless escrow - buyer commits money into a 2-of-3 address with the seller and a third-party arbitrator. If transaction goes smoothly, then both buyer and seller sign the transaction to forward the money to the seller. If something goes wrong, they can sign a transaction to refund the buyer. If they cannot agree, they both appeal to the third-party who will arbitrate and provide a second signature to the party that it deems deserves it. The arbitrator cannot steal the money as they have only one key.<br />
<br />
* 2-of-3: A board of three directors maintaining funds for their organization — those funds cannot be spent unless any two of those directors agrees. Bigger multi-signature transactions are possible for bigger organizations, such as 3-of-5, 5-of-9, etc.<br />
<br />
* 2-of-3: Improved [[hot wallet]] security for businesses - A bitcoin business such as an exchange holds one private key online and one private key as paper backup. A separate bitcoin security firm holds the third key online and will only sign transactions after checking certain conditions (blacklists, whitelists, not more than X withdrawn per time period, two-factor authentication, comply with regulatory environment, etc). If the bitcoin business or the security firm's hot wallets individually get hacked, the bitcoins cannot be stolen. If the bitcoin security firm disappears the business can use the paper backup to access coins.<br />
<br />
* 2-of-3: Decentralized [[cold storage]] vault - One of the keys is held in your own home, the second in a bank safe deposit box and copies of the third key are distributed to a close friend, a relative and stored in the office. The home vault is not vulnerable to raiding or burglary because spending the money requires a visit to either the friend, bank or office. Losing the safe deposit box also doesn't result in loss.<br />
<br />
* 2-of-2: Smart [[contract]]s building block such as tumblebit, coinswap and [[Lightning Network]].<br />
<br />
* 1 OR 3-of-4: Distributed Backup - The primary owner can use the wallet at will, but if that owner loses their private keys, they can recover with the help of 3 of the other 4 trusted friends/organizations. One key could be kept in a security deposit box at a bank, the other 3 could be distribute to friends. In the case of death of the owner, the security deposit box can be willed to one of the trusted friends or someone who can get the help of the trusted friends. More [https://bitcoin.stackexchange.com/questions/89589/is-it-possible-to-do-a-3-of-5-or-1-multi-sig-for-backup-purposes/89590?noredirect=1#comment102505_89590 complex] multisig wallets can be created if desired.<br />
<br />
See also: [[Storing_bitcoins#Multi-signature_wallets]]<br />
<br />
==History of multi-signature==<br />
<br />
Multi-signature has been used for thousands of years to protect the security of crypts holding the most precious relics of saints. The superior of a monastery would give monks only partial keys for gaining access to the precious relics. Thus, no single monk could gain access to and possibly steal the relics.<ref>[https://www.youtube.com/watch?v=YcmWQe29zro#t=10m27s Monks at Mt. Athos continue to use "hard" "multisignature" security today.]</ref><br />
<br />
==Multi-signature wallets==<br />
<br />
A number of wallets have implemented multisig:<ref>https://www.reddit.com/r/Bitcoin/comments/4eabpi/multisig_wallets_review_coinkite_alternatives_and/</ref> <br />
<br />
* [[Armory]]<br />
* [[CarbonWallet]]<br />
* [[Copay]]<br />
* [[Bitgo]]<br />
* [[Blocktrail]]<br />
* [[GreenAddress]]<br />
* [https://keys.casa Casa]<br />
* [[Electrum]] - [http://docs.electrum.org/en/latest/multisig.html See tutorial].<br />
* [[Xapo]]<br />
* [[Coinkite]]<br />
* Coinb.in - (''See the warnings about [[Javascript cryptography]]'')<br />
<br />
===Creating a multi-signature address with Bitcoin-Qt===<br />
<br />
A 2of3 multisig address can be created by following these steps:<ref>https://bitcoin.stackexchange.com/a/10593/4334</ref><br />
<br />
<blockquote><ol><li>Gather (or generate) 3 bitcoin addresses, on whichever machines will be participating, using getnewaddress or getaccountaddress RPC commands (or copy and paste from the GUI).</li><br />
<li>Get their public keys using the <tt>validateaddress</tt> [[API_reference_%28JSON-RPC%29|RPC]] command 3 times.</li><br />
<li>Then create a 2-of-3 multisig address using addmultisigaddress; e.g.<blockquote><code>bitcoind addmultisigaddress 2 '["044322868cb17d64dcc22185ae2d4493111d73244c3668f8ac79ecc79c0ba8d30a6756d0fa20157 709af3281cc721c7f53321a8cabda29b77900b7e4fe0174b114","..second pubkey..","..third pubkey.."]'</code></blockquote></li></ol><tt>addmultisigaddress</tt> returns the multi-signature address. Be a little careful, the public keys are raw hexadecimal and don't contain checksums like bitcoin addresses do. You can then send funds into that 2-of-3 transaction using the normal sendtoaddress/sendmany RPC commands, or the GUI (or anything that's been updated to recognize multisig addresses).<ref>https://bitcointalk.org/index.php?topic=82213.msg906833#msg906833</ref></blockquote><br />
<br />
Gavin Andresen has an example of using multisig with bitcoin-qt [[Raw Transactions]]: https://gist.github.com/gavinandresen/3966071<br />
<br />
== Notable examples in practice ==<br />
<br />
* The cold storage wallet of the [[Bitfinex]] exchange is a single 3-of-6 multisig address <code>3D2oetdNuZUqQHPJmcMDDHYoqkyNVsFk9r</code> which as of December 2017 contains '''141 177 btc''' ($1.5 billion). Presumably the keys are kept very safe by Bitfinex's operators. <br />
<br />
==References==<br />
<references /><br />
<br />
* [https://bitcoinmagazine.com/11108/multisig-future-bitcoin/ How To Create A Bitcoin Multisig Wallet]<br />
* [https://bitcointalk.org/index.php?topic=507297.msg5594085 Discussion of multi-sig on Bitcoin talk]</div>Pancyrushttps://tests.bitcoin.it/w/index.php?title=Multi-signature&diff=68567Multi-signature2021-03-21T05:36:07Z<p>Pancyrus: Changed instances of the term to match the article title.</p>
<hr />
<div>Multi-signature (multisig) refers to requiring multiple keys to authorize a Bitcoin [[transaction]], rather than a single signature from one key. It has a number of applications.<br />
<br />
* Dividing up responsibility for possession of bitcoins among multiple people.<br />
* Avoiding a single-point of failure, making it substantially more difficult for the wallet to be compromised.<br />
* M-of-N backup where loss of a single seed doesn't lead to loss of the wallet.<br />
<br />
== Use as a joint account ==<br />
<br />
Standard transactions on the Bitcoin network could be called “single-signature transactions,” because transfers require only one signature — from the owner of the private key associated with the Bitcoin address. However, the Bitcoin network supports much more complicated transactions that require the signatures of multiple people before the funds can be transferred. These are often referred to as M-of-N transactions. The idea is that Bitcoins become “encumbered” by providing addresses of multiple parties, thus requiring cooperation of those parties in order to do anything with them. These parties can be people, institutions or programmed scripts.<br />
<br />
== Use for increasing security ==<br />
<br />
The private keys needed to spend from a wallet can be spread across multiple machines, eliminating any one of those machines as a single point of failure, with the rationale that malware and hackers are unlikely to infect all of them. The higher the number of keys required to spend the funds (ie the higher M is in M-of-N), the more difficult it would be for an attacker to successfully steal your funds, however the more cumbersome actually using that wallet becomes. <br />
<br />
The multisig wallet can be of the m-of-n type where any m private keys out of a possible n are required to move the money. For example a 2-of-3 multisig wallet might have your private keys spread across a desktop, laptop, and smartphone, any two of which are required to move the money, but the compromise of any one key cannot result in theft.<br />
<br />
This can be used in conjunction with hardware wallets. By requiring that keys from multiple hardware wallets sign transactions, it can vastly reduce the likelihood that a malicious party that handled your hardware wallet could steal your funds, because in order for it to do that, the malicious party would have to compromise multiple hardware wallets. If each hardware wallet you use in a multisig wallet is made by a different company, it would be incredibly difficult for them to secretly conspire on an attack.<br />
<br />
== Use as a backup ==<br />
<br />
Storing multiple keys to an M-of-N wallet in different locations can serve as a backup. For example, in a 2-of-3 multisig wallet, the loss of one key does not result in loss of the wallet, since the other two keys can be used to recover the funds. The redundancy of the backup is the difference N minus M, so for example a 3-of-5 multisig wallet (with no additional seed backups) has a redundancy of 2, meaning that the loss of any 2 keys can still be recovered from.<br />
<br />
== Multi-signature Application Examples ==<br />
<br />
* 1-of-2: Husband and wife petty cash joint account — the signature of either spouse is sufficient to spend the funds.<br />
<br />
* 2-of-2: Husband and wife savings account — both signatures are required to spend the funds, preventing one spouse from spending the money without the approval of the other<br />
<br />
* 2-of-3: Parents’ savings account for child — the kid can spend the money with the approval of either parent, and money cannot be taken away from the child unless both parents agree<br />
<br />
* 2-of-2: Two-factor authentication wallet - One private key is on your primary computer, the other on your smartphone — the funds cannot be spent without a signature from both devices. Thus, an attacker must gain access to both devices in order to steal your funds (much more difficult than one device)<br />
<br />
* 3-of-5: Low-trust donation address - five trusted people from a project each hold a private key. Three people are required to actually spend the money but anybody can donate to the project's address. Reduces the risk of embezzlement, hacking/malware or loss due to a single person losing interest in the project. Which private key was used in the final signature is visible on the blockchain which aids accountability.<br />
<br />
* 2-of-3: Buyer-seller with trustless escrow - buyer commits money into a 2-of-3 address with the seller and a third-party arbitrator. If transaction goes smoothly, then both buyer and seller sign the transaction to forward the money to the seller. If something goes wrong, they can sign a transaction to refund the buyer. If they cannot agree, they both appeal to the third-party who will arbitrate and provide a second signature to the party that it deems deserves it. The arbitrator cannot steal the money as they have only one key.<br />
<br />
* 2-of-3: A board of three directors maintaining funds for their organization — those funds cannot be spent unless any two of those directors agrees. Bigger multi-signature transactions are possible for bigger organizations, such as 3-of-5, 5-of-9, etc.<br />
<br />
* 2-of-3: Improved [[hot wallet]] security for businesses - A bitcoin business such as an exchange holds one private key online and one private key as paper backup. A separate bitcoin security firm holds the third key online and will only sign transactions after checking certain conditions (blacklists, whitelists, not more than X withdrawn per time period, two-factor authentication, comply with regulatory environment, etc). If the bitcoin business or the security firm's hot wallets individually get hacked, the bitcoins cannot be stolen. If the bitcoin security firm disappears the business can use the paper backup to access coins.<br />
<br />
* 2-of-3: Decentralized [[cold storage]] vault - One of the keys is held in your own home, the second in a bank safe deposit box and copies of the third key are distributed to a close friend, a relative and stored in the office. The home vault is not vulnerable to raiding or burglary because spending the money requires a visit to either the friend, bank or office. Losing the safe deposit box also doesn't result in loss.<br />
<br />
* 2-of-2: Smart [[contract]]s building block such as tumblebit, coinswap and [[Lightning Network]].<br />
<br />
* 1 OR 3-of-4: Distributed Backup - The primary owner can use the wallet at will, but if that owner loses their private keys, they can recover with the help of 3 of the other 4 trusted friends/organizations. One key could be kept in a security deposit box at a bank, the other 3 could be distribute to friends. In the case of death of the owner, the security deposit box can be willed to one of the trusted friends or someone who can get the help of the trusted friends. More [https://bitcoin.stackexchange.com/questions/89589/is-it-possible-to-do-a-3-of-5-or-1-multi-sig-for-backup-purposes/89590?noredirect=1#comment102505_89590 complex] multisig wallets can be created if desired.<br />
<br />
See also: [[Storing_bitcoins#Multi-signature_wallets]]<br />
<br />
==History of Multi-signature==<br />
<br />
Multi-signature has been used for thousands of years to protect the security of crypts holding the most precious relics of saints. The superior of a monastery would give monks only partial keys for gaining access to the precious relics. Thus, no single monk could gain access to and possibly steal the relics.<ref>[https://www.youtube.com/watch?v=YcmWQe29zro#t=10m27s Monks at Mt. Athos continue to use "hard" "multisignature" security today.]</ref><br />
<br />
==Multi-signature Wallets==<br />
<br />
A number of wallets have implemented multisig:<ref>https://www.reddit.com/r/Bitcoin/comments/4eabpi/multisig_wallets_review_coinkite_alternatives_and/</ref> <br />
<br />
* [[Armory]]<br />
* [[CarbonWallet]]<br />
* [[Copay]]<br />
* [[Bitgo]]<br />
* [[Blocktrail]]<br />
* [[GreenAddress]]<br />
* [https://keys.casa Casa]<br />
* [[Electrum]] - [http://docs.electrum.org/en/latest/multisig.html See tutorial].<br />
* [[Xapo]]<br />
* [[Coinkite]]<br />
* Coinb.in - (''See the warnings about [[Javascript cryptography]]'')<br />
<br />
===Creating a Multi-signature Address with Bitcoin-Qt===<br />
<br />
A 2of3 multisig address can be created by following these steps:<ref>https://bitcoin.stackexchange.com/a/10593/4334</ref><br />
<br />
<blockquote><ol><li>Gather (or generate) 3 bitcoin addresses, on whichever machines will be participating, using getnewaddress or getaccountaddress RPC commands (or copy and paste from the GUI).</li><br />
<li>Get their public keys using the <tt>validateaddress</tt> [[API_reference_%28JSON-RPC%29|RPC]] command 3 times.</li><br />
<li>Then create a 2-of-3 multisig address using addmultisigaddress; e.g.<blockquote><code>bitcoind addmultisigaddress 2 '["044322868cb17d64dcc22185ae2d4493111d73244c3668f8ac79ecc79c0ba8d30a6756d0fa20157 709af3281cc721c7f53321a8cabda29b77900b7e4fe0174b114","..second pubkey..","..third pubkey.."]'</code></blockquote></li></ol><tt>addmultisigaddress</tt> returns the multi-signature address. Be a little careful, the public keys are raw hexadecimal and don't contain checksums like bitcoin addresses do. You can then send funds into that 2-of-3 transaction using the normal sendtoaddress/sendmany RPC commands, or the GUI (or anything that's been updated to recognize multisig addresses).<ref>https://bitcointalk.org/index.php?topic=82213.msg906833#msg906833</ref></blockquote><br />
<br />
Gavin Andresen has an example of using multisig with bitcoin-qt [[Raw Transactions]]: https://gist.github.com/gavinandresen/3966071<br />
<br />
== Notable examples in practice ==<br />
<br />
* The cold storage wallet of the [[Bitfinex]] exchange is a single 3-of-6 multisig address <code>3D2oetdNuZUqQHPJmcMDDHYoqkyNVsFk9r</code> which as of December 2017 contains '''141 177 btc''' ($1.5 billion). Presumably the keys are kept very safe by Bitfinex's operators. <br />
<br />
==References==<br />
<references /><br />
<br />
* [https://bitcoinmagazine.com/11108/multisig-future-bitcoin/ How To Create A Bitcoin Multisig Wallet]<br />
* [https://bitcointalk.org/index.php?topic=507297.msg5594085 Discussion of multi-sig on Bitcoin talk]</div>Pancyrushttps://tests.bitcoin.it/w/index.php?title=Storing_bitcoins&diff=68566Storing bitcoins2021-03-21T05:35:14Z<p>Pancyrus: Properly hyphenated compound words.</p>
<hr />
<div>''This page is a discussion of the different ways of storing bitcoins, whether for [[Bitcoin as an investment|investment purposes]] or as a [[Bitcoin as a medium of exchange|medium of exchange]].''<br />
<br />
As bitcoin is a digital asset, it can be very un-intuitive to store safely. Historically many people have lost their coins but with proper understanding the risks can be eliminated. If your bitcoins do end up lost or stolen then there's almost certainly nothing that can be done to get them back.<br />
<br />
'''tl;dr''' The best way to store bitcoin is to either use a [[hardware wallet]], a [[Multi-signature|multi-signature wallet]] or a [[Cold storage|cold storage wallet]]. Have your wallet create a [[seed phrase]], write it down on paper and store it in a safe place (or several safe places, as backups). Ideally the wallet should be backed by your own [[full node]].<br />
<br />
== Introduction ==<br />
<br />
Storage of bitcoin can be broken down in a few independent goals:<br />
<br />
* Protection against accidental loss<br />
* Verification that the bitcoins are genuine<br />
* Privacy and protection against spying<br />
* Protection against theft<br />
* Easy access for spending or moving bitcoins<br />
<br />
The art and science of storing bitcoins is about keeping your private keys safe, yet remaining easily available to you when you want to make a transaction. It also requires verifying that you received real bitcoins, and stopping an adversary from spying on you.<br />
<br />
[[File:Mnemonic-seed-still-life.jpg|300px|thumb|alt=An example seed phrase written on paper|Example seed phrase on paper.]]<br />
<br />
=== Protection from accidental loss ===<br />
<br />
In the past many people have accidentally lost bitcoins because of failed backups, mistyped letters, forgotten hard drives, corrupted SSD devices, or numerous other slip ups. <br />
<br />
The key to protecting yourself from data loss of any kind is to have redundant backups so that if one is lost or destroyed, you still have others you can use when you need them. All good wallet software asks their users to write down the [[seed phrase|seed recovery phrase]] of the wallet as a backup, so that if your primary wallet is lost or damaged, you can use the seed recovery phrase to restore access to your coins. If you have more than one backup location, they should be in places where various disasters won't affect both of your backups. For example, its much better to store two backups in a home safe and in a safe deposit box (as long as your seed is protected by a passphrase) than to store two backups in your bedroom and one in your garage. <br />
<br />
Also important is regularly verifying that your backup still exists and is in good condition. This can be as simple as ensuring your backups are still where you put them a couple times a year.<br />
<br />
The best practices for backing up a seed is to store the seed using '''pencil and paper''' or '''metal seed phrase backup''' and storing in multiple secure locations. See [[Seed_phrase#Storing_Seed_Phrases_for_the_Long_Term]] for details.<br />
<br />
=== Verification and privacy ===<br />
<br />
Storing a [[seed phrase]] only stores [[Private key|private keys]], but it cannot tell you if or how many bitcoins you have actually received. For that you need wallet software.<br />
<br />
If you received cash banknotes or gold coins as payment, you wouldn't accept them without inspecting them and verifying that they are genuine. The same is true with bitcoin. Wallet software can automatically verify that a payment has been made and when that payment has been completed (by being mined into a number of blocks). The most secure kind of wallet is one which independently verifies ''all'' the rules of bitcoin, known as a [[full node]]. When receiving large volumes, it is essential to use wallet software that connects to a full node you run yourself. If bitcoin is digital gold, then a full node is your own personal digital goldsmith who checks that received bitcoin payments are actually real. [[Lightweight node|Lightweight wallets]] have a number of security downsides because they don't check all of bitcoin's rules, and so should only be used for receiving smaller amounts or when you trust the sender. See the article about [[full node|full nodes]].<br />
<br />
Your wallet software will also need to learn the history and balance of its wallet. For a lightweight wallet this usually involves querying a third-party server which leads to a privacy problem as that server can spy on you by seeing your entire balance, all your transactions and usually linking it with your IP address. Using a full node avoids this problem because the software connects directly to the bitcoin p2p network and downloads the entire [[blockchain]], so any adversary will find it much harder to obtain information. See also: [[Anonymity]]<br />
<br />
So for verification and privacy, a good storage solution should be backed by a [[full node]] under your own control for use when receiving payments. The full node wallet on an online computer can be a watch-only wallet. This means that it can detect transaction involving addresses belonging to the user and can display transaction information about them, but still does not have the ability to actually spend the bitcoins.<br />
<br />
=== Protection from theft ===<br />
<br />
Possession of bitcoins comes from your ability to keep the private keys under your exclusive control. In bitcoin, keys are money. Any malware or hackers who learn what your private keys are can create a valid bitcoin transaction sending your coins to themselves, stealing your bitcoins. The average person's computer is usually vulnerable to malware, so that must be taken into account when deciding on storage solutions. <br />
<br />
Anybody else who discovers a wallet's [[seed phrase]] can steal all the bitcoins if the seed isn't also protected by a secret passphrase. Even when using a passphrase, a seed should be kept safe and secret like jewels or cash. For example, no part of a seed should ever be typed into any website, and no one should store a seed on an internet-connected computer unless they are an advanced user who has researched what they're doing.<br />
<br />
[[Seed phrase]]s can store any amount of bitcoins. It doesn't seem secure to possibly have enough money to purchase the entire building just sitting on a sheet of paper without any protection. For this reason many wallets make it possible to encrypt a seed phrase with a passphrase. See [[Seed phrase#Two-Factor_Seed_Phrases]]<br />
<br />
=== Easy access ===<br />
<br />
Some users may not need to actually move their bitcoins very often, especially if they [[Bitcoin as an investment|own bitcoin as an investment]]. Other users will want to be able to quickly and easily move their coins. A solution for storing bitcoins should take into account how convenient it is to spend from depending on the user's needs.<br />
<br />
=== Summary ===<br />
<br />
In summary: bitcoin wallets should be backed up by writing down their [[seed phrase]], this phrase must be kept safe and secret, and when sending or receiving transactions the wallet software should obtain information about the bitcoin network from your own [[full node]].<br />
<br />
== Types of wallets ==<br />
<br />
=== Hardware wallets ===<br />
<br />
''Main article: [[Hardware wallet]]''<br />
<br />
[[Hardware wallet]]s are special purpose security-hardened devices for storing Bitcoins on a peripheral that is trusted to generate wallet keys and sign transactions.<br />
<br />
A [[hardware wallet]] holds the seed in its internal storage and is typically designed to be resistant to both physical and digital attacks. The device signs the transactions internally and only transmits the signed transactions to the computer, never communicating any secret data to the devices it connects to. The separation of the private keys from the vulnerable environment allows the user to spend bitcoins without running any risk even when using an untrustworthy computer. Hardware wallets are relatively user-friendly and are one of the best ways to store bitcoins.<br />
<br />
Some downsides are that hardware wallets are recognizable physical objects which could be discovered and which give away that you probably own bitcoins. This is worth considering when for example crossing borders. They also cost more than software wallets. Still, physical access to a hardware wallet does not mean that the keys are easily compromised, even though it does make it easier to compromise the hardware wallet. The groups that have created the most popular hardware wallets have gone to great lengths to harden the devices to physical threats and, though not impossible, only technically skilled people with specialized equipment have been able to get access to the private keys without the owner's consent. However, physically-powerful people such as armed border guards upon seeing the hardware wallet could force you to type in the PIN number to unlock the device and steal the bitcoins.<br />
<br />
=== Multi-signature wallets ===<br />
<br />
''Main article: [[Multi-signature]]''<br />
<br />
A multi-signature wallet is one where multiple private keys are required to move the bitcoins instead of a single key. Such a wallet can be used for requiring agreement among multiple people to spend, can eliminate a single point of failure, and can be used as form of backup, among other applications.<br />
<br />
These private keys can be spread across multiple machines in various locations with the rationale that malware and hackers are unlikely to infect all of them. The multisig wallet can be of the m-of-n type where any m private keys out of a possible n are required to move the money. For example a 2-of-3 multisig wallet might have your private keys spread across a desktop, laptop, and smartphone, any two of which are required to move the money, but the compromise or total loss of any one key does not result in loss of money, even if that key has no backups.<br />
<br />
Multi-signature wallets have the advantage of being cheaper than hardware wallets since they are implemented in software and can be downloaded for free, and can be nearly as convenient since all keys are online and the wallet user interfaces are typically easy to use. <br />
<br />
Hardware and multi-signature wallets can be combined by having a multi-signature wallet with the private keys held on hardware wallets; after all a single hardware wallet is still a single point of failure. Cold storage and multi-signature can also be combined, by having the multi-signature wallet with the private keys held in cold storage to avoid them being kept online.<br />
<br />
=== Cold storage wallets ===<br />
<br />
''Main article: [[Cold storage]]''<br />
<br />
A cold wallet generates and stores private wallet keys offline on a clean, newly-installed [https://en.wikipedia.org/wiki/Air_gap_(networking) air-gapped] computer. Payments are received online with a watch-only wallet. Unsigned transactions are generated online, transferred offline for signing, and the signed transaction is transferred online to be broadcast to the Bitcoin network.<br />
<br />
This allows funds to be managed offline in [[Cold storage]]. Used correctly a cold wallet is protected against online threats, such as viruses and hackers. Cold wallets are similar to hardware wallets, except that a general purpose computing device is used instead of a special purpose peripheral. The downside is that the transferring of transactions to and fro can be fiddly and unweilding, and less practical for carrying around like a hardware wallet.<br />
<br />
=== Hot wallets ===<br />
<br />
''Main article: [[Hot wallet]]''<br />
<br />
A hot wallet refers to keeping single-signature wallets with private keys kept on an online computer or mobile phone. Most bitcoin wallet software out there is a hot wallet. The bitcoins are easy to spend but are maximally vulnerable to malware or hackers. Hot wallets may be appropriate for small amounts and day-to-day spending.<br />
<br />
A user might have a ''spending account'' hot wallet for day-to-day convenient spending with the majority of their funds on a ''savings account'' which is stored with much more security (cold storage / hardware wallet / multi-signature).<br />
<br />
== Bad wallet ideas ==<br />
<br />
=== Custodial wallets ===<br />
<br />
Custodial wallets are where an exchange, broker or other third party holds your bitcoins in trust.<br />
<br />
The number one rule to storing bitcoin is this: if you don’t hold the private keys, you don’t actually own the assets. There are many historical examples of loss due to custodial wallets: Bitcoinica, Silk Road, Bitfloor, [[Collapse of Mt. Gox|MTGOX]], Sheep Marketplace, BTC-e, Bitstamp, Bitfinex, Bithumb, Cryptsy, Bter, Mintpal and many more<ref>https://bitcointalk.org/index.php?topic=576337</ref><br />
<br />
==== "Isn't it just like keeping your money in a bank?" ====<br />
<br />
''The following is a quote of waxwing on reddit<ref>https://www.reddit.com/r/Bitcoin/comments/5py495/brian_armstrong_controlling_your_own_wealth_as_a/dcve9xx/?context=3</ref>:''<br />
<br />
:There are trade offs with everything, but trusting Coinbase with your Bitcoin is ''not'' the same as trusting a bank with your dollars:<br />
<br />
:Suppose 5 people are needed to access the funds, within Coinbase, e.g. the CEO, the tech lead engineer and 3 other senior employees. Suppose one day they wake up and decide to be evil and move all the Bitcoin to some private account of theirs, and perhaps make up a story in the press about how they've been "hacked". You have a serious problem, as you might find there is a protracted legal battle (see MtGox), but you can't actually retrieve the funds unless in some way the company is re-stocked with Bitcoin, or perhaps an equivalent in fiat.<br />
<br />
:If on the other hand you controlled the funds with a majority of keys in a multisig i.e. you own both of the two needed keys of a 2-of-3 multisig, then it would always effectively be your bitcoin, even though the third key may belong to a trusted third party custodian. But this also comes with the responsibility that if you get hacked, you lose all your funds. That is why it's prudent, in a 2-of-3 multisig where you have the two needed keys, to have them in separate systems/locations. If one of them fails, you can go to the custodian to supply the third key and transfer your funds again to safety. But the custodian alone, cannot touch your funds just by virtue of having the third key.<br />
<br />
:Now, if your bank gets hacked similarly - 5 key operatives in the bank decide to swipe your money and pretend it was external hackers - SWIFT transfers are made to accounts in Russia and China. Here it will always ultimately be at the discretion of legal agencies whether you "actually" still have the money that is stolen. Because dollars are not real, they can be created at a whim<ref>https://en.wikipedia.org/wiki/Fractional-reserve_banking</ref>, and while reversing international transfers is not ''quite'' so simple, very often that reversal can be achieved (e.g. recent SWIFT hack at bangladesh<ref>https://www.wired.com/2016/05/insane-81m-bangladesh-bank-heist-heres-know/</ref><ref>https://en.wikipedia.org/wiki/Bangladesh_Bank_robbery</ref> bank; $1 billion stolen, all but $80 million "recovered" (just means wire transfers reversed)). Added to that consider that fiat money is insured, so even when transfers can't be reversed, the money can be "recovered". If too many banks get hacked all at once the Federal Reserve and the government together can make up some "fund" that magically reassigns balances any time they like, with sufficient political will (that's essentially what was happening in 2008 TARP etc).<br />
<br />
:So far no insurance company has ever paid out on a Bitcoin company's claim. Worth considering also.<br />
<br />
:You might say, since it's risky both ways, why not trust Coinbase? Aren't they more competent in security than me?<br />
<br />
:Almost certainly, but this argument has two massive holes in it: (1) because they ''concentrate'' funds they are a massive target for hackers, while you are not - at all. (2) they are a ''trusted third party'' so the situation is strictly worse - not only do you have to trust their security skills, but you also have to trust them not to steal (modulo multisig, as mentioned above) (edited to add: as well as literal stealing, there is things like political confiscation, don't forget).<br />
<br />
=== Web wallets ===<br />
<br />
Web wallets have all the downsides of custodial wallets (no direct possession, private keys are held by a third party) along with all the downsides of hot wallets (exposed private keys), as well as all the downsides of lightweight wallets (not verifying bitcoin's rules, someone could send you a billion bitcoins and under certain conditions the dumb web wallet would happily accept it)<br />
<br />
Someone who needs the easy access of a web wallet should download a lightweight wallet like [[Electrum]].<br />
<br />
Main article: [[Browser-based wallet]]<br />
<br />
=== Paper wallets ===<br />
<br />
So-called [[paper wallets]] are an obsolete and unsafe method of storing bitcoin which should not be recommended to beginners. They simply store a single private/public keypair on paper. They promote [[address reuse]] and require unwieldy and complicated live OS system boots to be safe, they risk theft by printers, and typically rely on [[Javascript cryptography]].<br />
<br />
Paper wallets also do not provide any method of displaying to the user when money has arrived. There's no practical way to use a [[full node]] wallet. Users are typically driven to use third-party blockchain explorers which can lie to them and spy on them.<br />
<br />
A much better way to accomplish what paper wallets do is to use [[seed phrase]]s instead.<br />
<br />
Main article: [[Paper wallets]]<br />
<br />
=== Cloud storage ===<br />
<br />
This means storing your encrypted (or not) wallet file on a cloud storage solution such as Dropbox, or emailing them to yourself on gmail. This very similar to trusting a custodial wallet service, and is not recommended for the same reasons<ref>https://www.reddit.com/r/Bitcoin/comments/8i6via/28_btc_stolen_10_btc_reward_please_help/</ref>. You might say you use encryption for two-factor authentication, but uploading the wallet to the cloud reduces this to one-factor. Furthermore, there are a variety of ways in which 2FA can be compromised, in particular SMS-based 2FA, such as via a SIM-Swap.<br />
<br />
=== Removable media ===<br />
<br />
This refers to storing wallet files on removable media like SSD or hard drives.<br />
<br />
Refer to the warnings from these two links:<br />
<br />
* https://www.reddit.com/r/Bitcoin/comments/6nj0eb/reminder_beware_of_data_rot_always_make_paper/<br />
* https://tedjonesweb.blogspot.co.uk/2017/08/do-not-use-flash-memory-ssd-drives.html<br />
<br />
Those articles recommend using GPG for encryption or a printer, instead a better solution is [[seed phrase]]s.<br />
<br />
=== "Physical" Bitcoins === <br />
<br />
Physical Coins and other mechanism with a pre-manufactured key or seed are not a good way to store bitcoins because they keys are already potentially compromised by whoever created the key. You should not consider bitcoin yours if its stored on a key created by someone else. It only becomes yours when you transfer the bitcoin to a key that you own and exclusively control.<br />
<br />
== Other ideas ==<br />
<br />
=== Time-locked wallets ===<br />
<br />
An interesting unconventional solution. The idea is to use [[Timelock|time-lock contracts]] to create a wallet which cannot be spent from until a certain date. One possible use-case might be by a gambling addict who locks up money for paying bills for a month, after a month has passed and their time-lock wallet is opened they use that money for paying bills instead of gambling. This is the equivalent proposal towards compulsive shoppers to freeze their credit card in a block of ice, so when they feel the urge to immediately buy something they see on the TV, they will need to wait for the block to melt until they can retrieve the credit card to be able to place the order. This hopefully gives them the time to cool off, and reconsider an otherwise meaningless purchase.<br />
<br />
Time lock wallets don't exist yet except for simple [https://coinb.in/#newTimeLocked javascript pages] which rely on [[Javascript cryptography]] and are therefore not safe.<br />
<br />
=== Consulting ===<br />
<br />
If you intend to store a very large amount of bitcoins, for example in a business, you should consider paying for security consulting.<br />
<br />
== The 5 dollar wrench attack ==<br />
<br />
[[File:Security.png|400px|none|alt=xkcd comic on the 5 dollar wrench attack.]]<br />
<br />
It's sometimes said that all this security is worthless because the $5 wrench attack can be used.<br />
<br />
There are multiple ways that can be utilized to beat this attack: by hiding, by defending yourself, by not letting others know your Bitcoin wealth or holdings, or by implementing security procedures which would prevent you from being able to surrender funds in such an attack, thereby reducing the appeal for an attacker to perform such an attack in the first place.<br />
<br />
Stored bitcoins are not secured by [[seed phrase]]s, [[hardware wallet]]s, [[multi-signature]], passwords, hash functions or anything like that; they are secured by ''people''.<br />
<br />
Technology is never the root of system security. Technology is a tool to help people secure what they value. Security requires people to act. A server cannot be secured by a firewall if there is no lock on the door to the server room, and a lock cannot secure the server room without a guard to monitor the door, and a guard cannot secure the door without risk of personal harm.<ref>[https://github.com/libbitcoin/libbitcoin/wiki/Risk-Sharing-Principle Libbitcoin wiki Risk Sharing Principle]</ref>.<br />
<br />
Bitcoin is no different. The technology discussed on this page is only a tool to tip the scales in the defender's favour. Following from this principle, the way to beat the $5 wrench attack is to bear arms. Either your own, or employ guards, or use a safety deposit box, or rely on the police forces and army; or whatever may be appropriate and proportionate in your situation. If someone physically overpowers you then no technology on Earth can save your bitcoins. You can't be your own bank without bank-level security.<br />
<br />
See Also: [https://twitter.com/i/moments/942083114385281024 Guns + Bitcoin Hardware Wallets]<br />
<br />
See Also: [https://www.youtube.com/watch?v=H16Zus3GAVA Advice by a former police officer about physical security in bitcoin]<br />
<br />
== See also ==<br />
<br />
* [[Links to Storage Methods]]<br />
<br />
== Further reading ==<br />
<br />
* [https://github.com/BlockchainCommons/SmartCustodyWhitePapers/blob/master/%23SmartCustody-_Simple_Self-Custody_Cold_Storage_Scenario.md SmartCustody: Simple Self-Custody Cold Storage Scenario]<br />
<br />
* https://bitzuma.com/posts/a-gentle-introduction-to-bitcoin-cold-storage/<br />
<br />
* https://medium.com/@lopp/thoughts-on-secure-storage-of-bitcoins-and-other-crypto-assets-210cadabb53d<br />
<br />
* https://medium.com/@michaelflaxman/how-should-i-store-my-bitcoin-43874ac208e4<br />
<br />
* Two-factor authentication on custodial wallets doesn't work as well as you might think https://medium.com/@CodyBrown/how-to-lose-8k-worth-of-bitcoin-in-15-minutes-with-verizon-and-coinbase-com-ba75fb8d0bac<br />
<br />
* This is why you shouldn’t use SMS for two-factor authentication https://www.theverge.com/2017/9/18/16328172/sms-two-factor-authentication-hack-password-bitcoin Hacking 2FA based on SMS is easy.<br />
<br />
* [[Backup and Storage Methods]]<br />
<br />
==References==<br />
<references /><br />
<br />
[[Category:Security]]<br />
[[Category:Wallets| ]]</div>Pancyrushttps://tests.bitcoin.it/w/index.php?title=Multisignature&diff=68565Multisignature2021-03-21T05:31:52Z<p>Pancyrus: Pancyrus moved page Multisignature to Multi-signature: Proper way to write compound words.</p>
<hr />
<div>#REDIRECT [[Multi-signature]]</div>Pancyrushttps://tests.bitcoin.it/w/index.php?title=Multi-signature&diff=68564Multi-signature2021-03-21T05:31:51Z<p>Pancyrus: Pancyrus moved page Multisignature to Multi-signature: Proper way to write compound words.</p>
<hr />
<div>Multisignature (multisig) refers to requiring multiple keys to authorize a Bitcoin [[transaction]], rather than a single signature from one key. It has a number of applications.<br />
<br />
* Dividing up responsibility for possession of bitcoins among multiple people.<br />
* Avoiding a single-point of failure, making it substantially more difficult for the wallet to be compromised.<br />
* M-of-N backup where loss of a single seed doesn't lead to loss of the wallet.<br />
<br />
== Use as a joint account ==<br />
<br />
Standard transactions on the Bitcoin network could be called “single-signature transactions,” because transfers require only one signature — from the owner of the private key associated with the Bitcoin address. However, the Bitcoin network supports much more complicated transactions that require the signatures of multiple people before the funds can be transferred. These are often referred to as M-of-N transactions. The idea is that Bitcoins become “encumbered” by providing addresses of multiple parties, thus requiring cooperation of those parties in order to do anything with them. These parties can be people, institutions or programmed scripts.<br />
<br />
== Use for increasing security ==<br />
<br />
The private keys needed to spend from a wallet can be spread across multiple machines, eliminating any one of those machines as a single point of failure, with the rationale that malware and hackers are unlikely to infect all of them. The higher the number of keys required to spend the funds (ie the higher M is in M-of-N), the more difficult it would be for an attacker to successfully steal your funds, however the more cumbersome actually using that wallet becomes. <br />
<br />
The multisig wallet can be of the m-of-n type where any m private keys out of a possible n are required to move the money. For example a 2-of-3 multisig wallet might have your private keys spread across a desktop, laptop, and smartphone, any two of which are required to move the money, but the compromise of any one key cannot result in theft.<br />
<br />
This can be used in conjunction with hardware wallets. By requiring that keys from multiple hardware wallets sign transactions, it can vastly reduce the likelihood that a malicious party that handled your hardware wallet could steal your funds, because in order for it to do that, the malicious party would have to compromise multiple hardware wallets. If each hardware wallet you use in a multisig wallet is made by a different company, it would be incredibly difficult for them to secretly conspire on an attack.<br />
<br />
== Use as a backup ==<br />
<br />
Storing multiple keys to an M-of-N wallet in different locations can serve as a backup. For example, in a 2-of-3 multisig wallet, the loss of one key does not result in loss of the wallet, since the other two keys can be used to recover the funds. The redundancy of the backup is the difference N minus M, so for example a 3-of-5 multisig wallet (with no additional seed backups) has a redundancy of 2, meaning that the loss of any 2 keys can still be recovered from.<br />
<br />
== Multisignature Application Examples ==<br />
<br />
* 1-of-2: Husband and wife petty cash joint account — the signature of either spouse is sufficient to spend the funds.<br />
<br />
* 2-of-2: Husband and wife savings account — both signatures are required to spend the funds, preventing one spouse from spending the money without the approval of the other<br />
<br />
* 2-of-3: Parents’ savings account for child — the kid can spend the money with the approval of either parent, and money cannot be taken away from the child unless both parents agree<br />
<br />
* 2-of-2: Two-factor authentication wallet - One private key is on your primary computer, the other on your smartphone — the funds cannot be spent without a signature from both devices. Thus, an attacker must gain access to both devices in order to steal your funds (much more difficult than one device)<br />
<br />
* 3-of-5: Low-trust donation address - five trusted people from a project each hold a private key. Three people are required to actually spend the money but anybody can donate to the project's address. Reduces the risk of embezzlement, hacking/malware or loss due to a single person losing interest in the project. Which private key was used in the final signature is visible on the blockchain which aids accountability.<br />
<br />
* 2-of-3: Buyer-seller with trustless escrow - buyer commits money into a 2-of-3 address with the seller and a third-party arbitrator. If transaction goes smoothly, then both buyer and seller sign the transaction to forward the money to the seller. If something goes wrong, they can sign a transaction to refund the buyer. If they cannot agree, they both appeal to the third-party who will arbitrate and provide a second signature to the party that it deems deserves it. The arbitrator cannot steal the money as they have only one key.<br />
<br />
* 2-of-3: A board of three directors maintaining funds for their organization — those funds cannot be spent unless any two of those directors agrees. Bigger multi-signature transactions are possible for bigger organizations, such as 3-of-5, 5-of-9, etc.<br />
<br />
* 2-of-3: Improved [[hot wallet]] security for businesses - A bitcoin business such as an exchange holds one private key online and one private key as paper backup. A separate bitcoin security firm holds the third key online and will only sign transactions after checking certain conditions (blacklists, whitelists, not more than X withdrawn per time period, two-factor authentication, comply with regulatory environment, etc). If the bitcoin business or the security firm's hot wallets individually get hacked, the bitcoins cannot be stolen. If the bitcoin security firm disappears the business can use the paper backup to access coins.<br />
<br />
* 2-of-3: Decentralized [[cold storage]] vault - One of the keys is held in your own home, the second in a bank safe deposit box and copies of the third key are distributed to a close friend, a relative and stored in the office. The home vault is not vulnerable to raiding or burglary because spending the money requires a visit to either the friend, bank or office. Losing the safe deposit box also doesn't result in loss.<br />
<br />
* 2-of-2: Smart [[contract]]s building block such as tumblebit, coinswap and [[Lightning Network]].<br />
<br />
* 1 OR 3-of-4: Distributed Backup - The primary owner can use the wallet at will, but if that owner loses their private keys, they can recover with the help of 3 of the other 4 trusted friends/organizations. One key could be kept in a security deposit box at a bank, the other 3 could be distribute to friends. In the case of death of the owner, the security deposit box can be willed to one of the trusted friends or someone who can get the help of the trusted friends. More [https://bitcoin.stackexchange.com/questions/89589/is-it-possible-to-do-a-3-of-5-or-1-multi-sig-for-backup-purposes/89590?noredirect=1#comment102505_89590 complex] multisig wallets can be created if desired.<br />
<br />
See also: [[Storing_bitcoins#Multisignature_wallets]]<br />
<br />
==History of Multisignature==<br />
<br />
Multisignature has been used for thousands of years to protect the security of crypts holding the most precious relics of saints. The superior of a monastery would give monks only partial keys for gaining access to the precious relics. Thus, no single monk could gain access to and possibly steal the relics.<ref>[https://www.youtube.com/watch?v=YcmWQe29zro#t=10m27s Monks at Mt. Athos continue to use "hard" "multisignature" security today.]</ref><br />
<br />
==Multisignature Wallets==<br />
<br />
A number of wallets have implemented multisig:<ref>https://www.reddit.com/r/Bitcoin/comments/4eabpi/multisig_wallets_review_coinkite_alternatives_and/</ref> <br />
<br />
* [[Armory]]<br />
* [[CarbonWallet]]<br />
* [[Copay]]<br />
* [[Bitgo]]<br />
* [[Blocktrail]]<br />
* [[GreenAddress]]<br />
* [https://keys.casa Casa]<br />
* [[Electrum]] - [http://docs.electrum.org/en/latest/multisig.html See tutorial].<br />
* [[Xapo]]<br />
* [[Coinkite]]<br />
* Coinb.in - (''See the warnings about [[Javascript cryptography]]'')<br />
<br />
===Creating a Multisignature Address with Bitcoin-Qt===<br />
<br />
A 2of3 multisig address can be created by following these steps:<ref>https://bitcoin.stackexchange.com/a/10593/4334</ref><br />
<br />
<blockquote><ol><li>Gather (or generate) 3 bitcoin addresses, on whichever machines will be participating, using getnewaddress or getaccountaddress RPC commands (or copy and paste from the GUI).</li><br />
<li>Get their public keys using the <tt>validateaddress</tt> [[API_reference_%28JSON-RPC%29|RPC]] command 3 times.</li><br />
<li>Then create a 2-of-3 multisig address using addmultisigaddress; e.g.<blockquote><code>bitcoind addmultisigaddress 2 '["044322868cb17d64dcc22185ae2d4493111d73244c3668f8ac79ecc79c0ba8d30a6756d0fa20157 709af3281cc721c7f53321a8cabda29b77900b7e4fe0174b114","..second pubkey..","..third pubkey.."]'</code></blockquote></li></ol><tt>addmultisigaddress</tt> returns the multisignature address. Be a little careful, the public keys are raw hexadecimal and don't contain checksums like bitcoin addresses do. You can then send funds into that 2-of-3 transaction using the normal sendtoaddress/sendmany RPC commands, or the GUI (or anything that's been updated to recognize multisig addresses).<ref>https://bitcointalk.org/index.php?topic=82213.msg906833#msg906833</ref></blockquote><br />
<br />
Gavin Andresen has an example of using multisig with bitcoin-qt [[Raw Transactions]]: https://gist.github.com/gavinandresen/3966071<br />
<br />
== Notable examples in practice ==<br />
<br />
* The cold storage wallet of the [[Bitfinex]] exchange is a single 3-of-6 multisig address <code>3D2oetdNuZUqQHPJmcMDDHYoqkyNVsFk9r</code> which as of December 2017 contains '''141 177 btc''' ($1.5 billion). Presumably the keys are kept very safe by Bitfinex's operators. <br />
<br />
==References==<br />
<references /><br />
<br />
* [https://bitcoinmagazine.com/11108/multisig-future-bitcoin/ How To Create A Bitcoin Multisig Wallet]<br />
* [https://bitcointalk.org/index.php?topic=507297.msg5594085 Discussion of multi-sig on Bitcoin talk]</div>Pancyrushttps://tests.bitcoin.it/w/index.php?title=Seed_phrase&diff=68563Seed phrase2021-03-21T05:19:33Z<p>Pancyrus: Cleaned up some jargon and fixed some spellings.</p>
<hr />
<div>A '''seed phrase''', '''seed recovery phrase''' or '''backup seed phrase''' is a list of words which [[Storing bitcoins|store]] all the information needed to recover Bitcoin funds [[Transaction|on-chain]]. Wallet software will typically generate a seed phrase and instruct the user to write it down on paper. If the user's computer breaks or their hard drive becomes corrupted, they can download the same wallet software again and use the paper backup to get their bitcoins back.<br />
<br />
Anybody else who discovers the phrase can steal the bitcoins, so it must be kept safe like jewels or cash. For example, it must not be typed into any website.<br />
<br />
Seed phrases are an excellent way of backing up and [[storing bitcoins]], so they are used by almost all well-regarded wallets.<ref>[https://bitcoin.org/en/choose-your-wallet Bitcoin.org: Choose your wallet]</ref><br />
<br />
Seed phrases can only backups funds on the [[block chain]]. They cannot store funds involved in [[off-chain transactions]] such as [[Lightning Network]] or [[Blinded bearer certificates]]. Although these technologies are in their infancy as of 2019 so its possible in future seed phrases could be used to backup them.<br />
<br />
== BIP39 and its flaws ==<br />
<br />
[[BIP_0039|BIP39]] is the most common standard used for seed phrases. One notable example is [[Electrum|Electrum wallet]], which is using its own standard, and for good reasons. BIP39 has some flaws, known in the technical community but not known much wider. They are described [https://electrum.readthedocs.io/en/latest/seedphrase.html#motivation here on this electrum doc page]. Most seriously, BIP39 flaws mean it is not true to say that backing up a BIP39 seed phrase and name of wallet software is the only thing a user needs to do to keep their money safe. BIP39 works this way because its designers wanted their hardware wallet to also support [[altcoin]]s. [https://walletsrecovery.org/ walletsrecovery.org] is an attempt at helping with this issue, but ideally there will be a better solution in the future.<br />
<br />
<br />
== Example ==<br />
<br />
An example of a non-BIP39 seed phrase is:<br />
<br />
witch collapse practice feed shame open despair creek road again ice least<br />
<br />
The word order is important.<br />
<br />
[[File:Mnemonic-seed-still-life.jpg|300px|thumb|none|alt=An example seed phrase written on paper|Example seed phrase on paper.]]<br />
<br />
== Explanation ==<br />
<br />
A simplified explanation of how seed phrases work is that the wallet software has a list of words taken from a dictionary, with each word assigned to a number. The seed phrase can be converted to a number which is used as the seed integer to a [[Deterministic wallet|deterministic wallet]] that generates all the [[Private key|key pairs]] used in the wallet.<br />
<br />
The English-language wordlist for the BIP39 standard has 2048 words, so if the phrase contained only 12 random words, the number of possible combinations would be 2048^12 = 2^132 and the phrase would have 132 bits of security. However, some of the data in a BIP39 phrase is not random,<ref>[https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki#Generating_the_mnemonic BIP39: Generating the mnemonic]</ref> so the actual security of a 12-word BIP39 seed phrase is only 128 bits. This is approximately the same strength as all Bitcoin private keys, so most experts consider it to be sufficiently secure.<ref>[https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki#Security BIP32: Security]</ref><br />
<br />
It is not safe to invent your own seed phrase because humans are bad at generating randomness. The best way is to allow the wallet software to generate a phrase which you write down.<br />
<br />
As seed phrases use natural language words, they have excellent error correction. Words written in bad handwriting can often still be read. If one or two letters are missing or unreadable the word can often still be deduced. The [[#Word_Lists|word list]] that the seed phrase words are drawn from is carefully chosen so that the first four letters of each word are enough to uniquely identify it. This compares well with writing down a raw [[private key]] where a single letter being unreadable or incorrect can make the private key useless (depending on the serialization format).<br />
<br />
== Two-Factor Seed Phrases ==<br />
<br />
Seed phrases, like all backups, can store any amount of bitcoins. It's a concerning idea to possibly have enough money to purchase the entire building just sitting on a sheet of paper without any protection. For this reason many wallets make it possible to encrypt a seed phrase with a password.<br />
<br />
The password can be used to create a two-factor seed phrase where both ''"something you have"'' plus ''"something you know"'' is required to unlock the bitcoins.<br />
<br />
This works by the wallet creating a seed phrase and asking the user for a password. Then both the seed phrase and extra word are required to recover the wallet. Electrum and some other wallets call the passphrase a '''"seed extension"''', '''"extension word"''' or '''"13th/25th word"'''. The BIP39 standard defines a way of passphrase-protecting a seed phrase. A similar scheme is also used in the Electrum standard. If a passphrase is not present, an empty string "" is used instead.<br />
<br />
'''Warning''': Forgetting this password will result in the bitcoin wallet and any contained money being lost. Do not overestimate your ability to remember passphrases especially when you may not use it very often.<br />
<br />
'''Warning''': The seed phrase password should not be confused with the password used to encrypt the wallet file on disk. This is probably why many wallets call it an extension word instead of a password.<br />
<br />
== Storing Seed Phrases for the Long Term == <br />
<br />
Most people write down phrases on paper but they can be stored in many other ways such as [[Brainwallet|memorizing]], engraving or stamping on metal, writing in the margins of a book, chiselling into a stone tablet or any other creative and inventive way.<br />
<br />
In the past many people have accidentally lost bitcoins because of failed backups, mistyped letters, forgotten hard drives, or corrupted SSD devices. It's also important to protect the seed from accidental loss.<br />
<br />
It could be a good idea to write some words of explanation on the same paper as the seed phrase. If storing for the long term you may forget what a phrase is how it should be treated. A sample explanation that can be adapted is:<br />
<br />
<blockquote>These twelve words have control over BITCOINS. Keep this paper safe and secret, like cash or jewellery. The bitcoin information on this paper is encrypted with a passphrase. It is part of a multi-signature wallet and was made by Electrum bitcoin wallet software on 1/1/2019.</blockquote><br />
<br />
==== Paper and Pencil Backup ====<br />
<br />
Through bitter experience it has been found that one of the most practical storage mediums is '''pencil and paper'''. The private keys of a bitcoin wallet are encoded into [[seed phrase|random words from a dictionary]] which can be written down. If your hard drive crashes, you can find the paper with the [[seed phrase]] and restore the entire wallet. As [[seed phrase]]s use natural language words, they have good error correction. Words written in bad handwriting can often still be read. If one or two letters are missing the word can often still be deduced. The [[Seed_phrase#Word_Lists|word list]] that the seed phrase words are drawn from is carefully chosen so that the first four letters of each word are enough to uniquely identify it.<br />
<br />
For storing on paper writing with pencil is much better than pen<br />
<ref>[http://www.joethorn.net/blog/2011/12/07/pencil-does-not-fade Pencil Does Not Fade]<br />
</ref><ref>[https://www.quora.com/How-do-I-maintain-a-paper-notebook-that-can-remain-for-years How do I maintain a paper notebook that can remain for years?]<br />
</ref>.<br />
Paper should be acid-free or archival paper, and stored in the dark avoiding extremes of heat and moisture<br />
<ref>[https://www.loc.gov/preservation/care/deterioratebrochure.html Essential facts about preservation of Paper]<br />
</ref><ref>[https://www.quora.com/If-I-write-with-a-pencil-on-my-notebook-will-the-writing-last-for-a-long-time-say-50-years-or-will-it-just-fade-away-gradually Writing in a notebook with pencil]<br />
</ref><ref>[http://copar.org/bulletin14.htm CoPAR: Creating records that will last]</ref>.<br />
<br />
==== Metal Backup ====<br />
<br />
Seed phrases can also be [https://blog.lopp.net/metal-bitcoin-seed-storage-stress-test--part-ii-/ stamped or engraved into metal] which is significantly more durable than paper. Metal backups are recommended if the threat model involves fire, water, extremes of temperature or physical stress.<br />
<br />
==== Methods that are not recommended ====<br />
<br />
Some methods that are not recommended are: storing in a file on a computer (including online), or storing online.<br />
<br />
Some people get the idea to split up their phrases, like storing 6 words in one location and the other 6 words in another location. This is a bad idea and should not be done, because if one set of 6 words is discovered then it becomes far easier to brute-force the rest of the phrase. Storing bitcoins in multiple locations like this should be done with [[multisignature]] wallets instead.<br />
<br />
The [[Shamir Secret Sharing]] algorithm is sometimes promoted as a way to divide control of bitcoins, but in practice there are many pitfalls and trade-offs that make it not worth it. <!-- See the main article: [[Shamir Secret Snakeoil]] (the other one redirects here, no need to have 2 wikilinks with different captions going to the same article --><br />
<br />
Another bad idea is to add random decoy words that are somehow meaningful to you, and later remove them to be left only with the 12 word phrase. The phrase words come from a known dictionary (see next section), so anybody can use that dictionary to weed out the decoy words.<br />
<br />
It's possible but risky to memorize ([[Brainwallet]]s) seed phrases. This should probably only be done in situations that really need it, such as crossing a hostile border where one expects to be searched.<br />
<br />
== Word Lists ==<br />
<br />
Generally a seed phrase only works with the same wallet software that created it. If storing for a long period of time it's a good idea to write the name of the wallet too.<br />
<br />
The BIP39 English word list has each word being uniquely identified by the first four letters, which can be useful when space to write them is scarce.<br />
<br />
* [https://github.com/bitcoin/bips/blob/master/bip-0039/bip-0039-wordlists.md BIP39 wordlists]<br />
* [https://github.com/spesmilo/electrum/blob/1.9.8/lib/mnemonic.py Electrum old-style wordlist]<br />
* [https://github.com/spesmilo/electrum/blob/master/electrum/wordlist/english.txt Electrum new-style wordlist]<br />
<br />
== Alternative name "Mnemonic Phrase" ==<br />
<br />
Seed phrases are sometimes called "mnemonic phrases" especially in older literature. This is a bad name because the word mnemonic implies that the phrase should be memorized. It is less misleading to call them seed phrases.<br />
<br />
== The power of backups ==<br />
<br />
An especially interesting aspect in the power of paper backups is allowing your money to be two places at once. At the London Inside Bitcoin conference the keynote speaker showed 25 paper backups they were carrying -- all password-protected. With that one can carry $100,000 which can instantly be moved to a phone or transferred yet with total security. If it's stolen then there is no risk because it is backed up elsewhere. That is powerful.<ref>https://www.reddit.com/r/Bitcoin/comments/2hmnru/poll_do_you_use_paper_wallets_why_why_not_what/</ref><br />
<br />
== See Also ==<br />
<br />
* [https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki BIP39 seed phrase standard]<br />
* [[Deterministic wallet]]<br />
* [[Storing bitcoins]]<br />
* [[Brainwallet]]<br />
* [https://github.com/6102bitcoin/FAQ/blob/master/seed.md FAQ regarding bitcoin seeds]<br />
* [https://www.hodlalert.com/2020/12/21/generating-cryptographically-secure-random-numbers-with-coins-and-a-cup/ Generating Bitcoin Seed Phrases With Coins and A Cup]<br />
<br />
==References==<br />
<references /><br />
<br />
<br />
[[Category:Technical]]</div>Pancyrushttps://tests.bitcoin.it/w/index.php?title=Off-chain_transactions&diff=68561Off-chain transactions2021-03-21T05:17:10Z<p>Pancyrus: Pancyrus moved page Off-Chain Transactions to Off-chain transactions: Not a proper noun, so it shouldn't be in capital-case.</p>
<hr />
<div>An off-chain transaction is the movement of value outside of the [[block chain]]. While an [[Transactions|on-chain transaction]] - usually referred to as simply 'a transaction' - modifies the blockchain and depends on the blockchain to determine its validity an off-chain transaction relies on other methods to record and validate the transaction. Like on-chain transactions all parties must agree to accept the particular method by which the transaction occurs, the question then being, how can those parties be convinced that the movement of value has actually happened, will not be reversed, and can be exchanged in the future for something of value?<br />
<br />
With an on-chain transaction those questions are answered by the parties faith in the Bitcoin system as a whole. For instance a transaction (after some number of [[Confirmation|confirmations]]) can only be reversed if a majority of hashing power agrees to reverse the transaction. The parties to the transaction are trusting that the majority of hashing power in existence is controlled by "honest" parties who will not attempt to reverse the transaction.<br />
<br />
== Rationale ==<br />
<br />
On-chain transactions have disadvantages that make them unsuitable for some applications:<br />
<br />
=== Speed ===<br />
<br />
On-chain transactions take some time to accumulate enough [[Confirmation|confirmations]] to ensure that they can-not be reversed; accepting a transaction without any confirmations is potentially risky. Confirmations take time and the time they take to accumulate is random. Off-chain transaction systems can record that a transaction has happened immediately, and, subject to the guarantees of the system itself, immediately guarantee it won't be reversed.<br />
<br />
=== Privacy/Anonymity ===<br />
<br />
All on-chain transactions are recorded publicly on the block chain; Bitcoin transactions are not inherently [[Anonymity|anonymous]]. It may be possible for a third-party to use the block chain transaction data to determine the source and/or destination of a transaction if they can gather enough information linking addresses to identities. Because off-chain transactions do not happen on the block chain they need not be public. Using cryptographic techniques such as [http://en.wikipedia.org/wiki/Blind_signature chaum tokens] it can be made impossible for even the operators of the system itself to determine who participated in a transaction.<br />
<br />
=== Cost/Scalability ===<br />
<br />
Miners usually charge [[Transaction fees|fees]] to confirm a transaction. While currently the demand for transactions is sufficiently low that fees are relatively small, and transactions can often be confirmed for free, for many applications even paying a few cents per transaction is unaffordable.<ref>[https://bitcointalk.org/index.php?topic=156334.0 How to send Bitcoins with LOW TX FEE (Not No TX Fee)]</ref> In addition Bitcoin currently has a limit of 7 transactions per second, the [[blocksize limit]]. This limit is related to the [[Scalability|scalability]] of the system as a whole, and one option to achieve higher transaction volumes is to keep the blocksize limit as is and use off-chain transactions for lower-value transactions; with higher volumes fees for transactions done on-chain will rise due to supply and demand.<br />
<br />
== Methods ==<br />
<br />
=== Payment Channels ===<br />
<br />
The most promising by far method of building a off-chain transaction system is [[Lightning Network]]. It is a proposed implementation of [[Hashed Timelock Contracts]] (HTLCs) with bi-directional [[payment channels]] which allows payments to be securely routed across multiple peer-to-peer payment channels. This allows the formation of a network where any peer on the network can pay any other peer even if they don't directly have a channel open between each other. Very little third-party trust is required.<br />
<br />
Main article: [[Lightning Network]]<br />
<br />
=== Sidechains ===<br />
<br />
Another potential technology for off-chain transaction is [[sidechain]]s, which is where bitcoins are moved onto another blockchain which can support transactions with different properties to bitcoin's blockchain.<br />
<br />
=== Credit-Based Solutions ===<br />
<br />
The most simple example of an off-chain transaction is perhaps two friends who agree on a debt between them. The "transaction" happens by the act of agreeing that the debt exists, and the validity of it is based solely on the trust that one friend has in the other. Further transactions can be agreed upon, possibly in exchange for something of value such one friend buying the other a meal. Multiple mutually trusting parties can participate, creating a network of value owed from one to the other. As an example the [http://en.wikipedia.org/wiki/Ripple_monetary_system Ripple monetary system] takes this concept, and adds to it an automated ledger to record all the mutual debts between participating parties. However actually acting upon those debts is still a matter of trust between the parties; the system only records debts and can-not by itself cause Bitcoins or some other object of value to change hands. In theory, the use of multi-signature techniques offers the promise of secure Off-Chain transactions <ref>[http://www.bincoin.com/cryptocubic.pdf A CryptoCubic Protocol for Hacker-Proof Off-Chain Bitcoin Transactions]</ref>. However, the practical applications of such "CryptoCubic" approaches have yet to be confirmed.<br />
<br />
==== Trusted Third Parties ====<br />
<br />
If the sender and recipient do not trust each other, or would simply prefer someone else record and guarantee the transaction, they can use a [http://en.wikipedia.org/wiki/Trusted_third_party trusted third party] to record and guarantee the transaction. The vast majority of conventional banking and electronic payment systems work this way. For instance in the PayPal system, PayPal is trusted to keep an accurate record of all transactions, including within the PayPal system, as well as transactions that move funds to and from PayPal. Within Bitcoin [[Redeemable_code|redeemable code]] systems exist where a third party, such as Mt. Gox, records codes issued and promise to redeem them for either new codes, balances within the system, or Bitcoins via on-chain transactions. In addition [[E-Wallet]] services such as [[Easywallet.org]] often allow users to transfer funds between addresses within the system without creating an on-chain transaction.<br />
<br />
The difficulty with third-parties is achieving that trust. Outside of Bitcoin PayPal has been criticized<ref>[http://en.wikipedia.org/wiki/PayPal#Criticism PayPal - Criticism]</ref> for arbitrarily freezing accounts. Within Bitcoin multiple E-Wallet services such as [[MyBitcoin]] and [[Instawallet]] have failed due to hacks as well as technical mistakes resulting in the loss of some or all funds held on behalf of their customers.<br />
<br />
==== Auditing ====<br />
<br />
In addition to hacks, currently no trusted third party payment systems in Bitcoin provide any way for users to determine if the services actually hold the Bitcoins they claim to hold. Conventionally banks and payment processors are [http://en.wikipedia.org/wiki/Financial_audit audited] regularly by third-parties - because Bitcoin is based on cryptography auditing can be done in a cryptographically provable way.<br />
<br />
Gregory Maxwell has proposed<ref>private communication on IRC (gmaxwell: do you have a writeup somewhere?)</ref> to use [[merkle-sum trees]] of accounts to audit funds held by third parties. Each account with the service is assigned a number, such as a SHA256 digest, and those digests are formed into a merkle tree. Additionally for every node in the tree the sum of the account balances on both leaves is computed, and that sum becomes part of the data hashed by the parent node. The tip of the tree is then the sum of all balances for all accounts.<br />
<br />
The service proves they control the Bitcoins they claim to by signing statements with the private keys capable of spending transaction outputs present on the blockchain, and in addition regularly sign statements attesting what is the current tip of the account merkle-sum tree.<br />
<br />
Clients check that their account is included in that tree by regularly demanding proof, in the form of a merkle path, that their account leads to the claimed tip. Any discrepancy is evidence of fraud on by the service, or at least poor record-keeping.<br />
<br />
==== Proving Fraud ====<br />
<br />
If the communication protocol between client and service is designed correctly fraud by the service can be proven to others. For instance if the service cryptographically signs all communications an inconsistency between the claimed merkle-tip of the accounts held by the service and the merkle-path from a particular account to that tip can be proven by providing the signed tip, and the signed merkle-path. This fraud proof can be self-authenticating, and thus anyone who comes in possession of such a proof can broadcast it to their peers. With appropriate software all participating clients of the service can be informed of any fraud immediately taking "advantage of the nature of information being easy to spread but hard to stifle" - a core concept underlying the security of Bitcoin itself.<ref>[http://sourceforge.net/mailarchive/message.php?msg_id=30482839 Satoshi]</ref><br />
<br />
===Hardware-Based===<br />
<br />
* [https://opendime.com OpenDime]<br />
* [https://tangem.com Tangem SmartNotes]<br />
<br />
== References ==<br />
<br />
<references/><br />
<br />
[[Category:Technical]]<br />
[[Category:Scalability]]<br />
[[Category:Privacy]]</div>Pancyrushttps://tests.bitcoin.it/w/index.php?title=Off-Chain_Transactions&diff=68562Off-Chain Transactions2021-03-21T05:17:10Z<p>Pancyrus: Pancyrus moved page Off-Chain Transactions to Off-chain transactions: Not a proper noun, so it shouldn't be in capital-case.</p>
<hr />
<div>#REDIRECT [[Off-chain transactions]]</div>Pancyrushttps://tests.bitcoin.it/w/index.php?title=Change&diff=68560Change2021-03-21T04:39:51Z<p>Pancyrus: Cleaned up some unnecessary abbreviations and some grammatical errors.</p>
<hr />
<div>When the output of a transaction is used as the input of another transaction, it must be spent in its entirety. Sometimes the coin value of the output is higher than what the user wishes to pay. In this case, the client generates a new Bitcoin address, and sends the difference back to this address. This is known as [[change]].<br />
<br />
Say you want to buy a candy bar ($1) from a store. You open your wallet (fiat wallet) and inside there is a single $20 bill. What is the minimum amount you can pay? It isn't $1; you can't rip up 1/20th of the bill and give it to the cashier. You need to pay $20 and since you only owe $1, the cashier gives you back $19. Now in fiat, nobody except the central bank can make new bills so bills are in fixed denominations and thus your fiat transaction may look something like the following.<br />
<br />
* Inputs: <br />
** $20 bill<br />
<br />
* Outputs: <br />
** $1 bill to cashier<br />
** $10 bill to you<br />
** $5 bill to you<br />
** $1 bill to you<br />
** $1 bill to you<br />
** $1 bill to you<br />
** $1 bill to you<br />
<br />
We do it everyday so it becomes instinctive but if you break it down that is what is happening. Now lets imagine for a second that some system existed which allowed the cashier (or anyone) to securely destroy any authentic fiat money (bills) and print replacements in arbitrary amounts (not just $10s and $20s but $18.94537208 if you wanted to), while preventing double spending, counterfeiting, and ensuring that at all times the amount of money created is exactly the same as the amount of money destroyed. In that case your transaction may look like this:<br />
<br />
* Inputs: <br />
** $20 bill - destroyed<br />
* Outputs: <br />
** $1 newly created bill to cashier<br />
** $19 newly created bill to you<br />
<br />
That is exactly how bitcoin works. Except instead of bills we call the elements inputs and outputs. When you "spend" bitcoins (create a transaction) you must use the entire value of an unspent output (of a prior transaction) and make it the input for a new transaction. Your wallet hides this somewhat by continually looking for unspent outputs and adding up their total value. So when your wallet says you have BTC 130 it simply means the sum of all your unspent outputs total BTC 130. Just like a fiat wallet the value comes from one or more discrete bills/outputs. <br />
<br />
Take the case of the transaction [http://blockchain.info/tx/0a1c0b1ec0ac55a45b1555202daf2e08419648096f5bcc4267898d420dffef87 0a1c0b1ec0ac55a45b1555202daf2e08419648096f5bcc4267898d420dffef87], a BTC 10.89 previously unspent output was spent by the client. BTC 10 was the payment amount, and BTC 0.89 was the amount of change returned. The client can't spend just BTC 10.00 out of a BTC 10.89 payment anymore than a person can spend $1 out of a $20 bill. The entire BTC 10.89 unspent output became the input of this new transaction and in the process produced are two new unspent outputs which have a combined value of BTC 10.89. The BTC 10.89 is now "spent" and effectively destroyed because the network will prevent it from ever being spent again. Those unspent outputs can now become inputs for future transactions.<br />
<br />
In this transaction, the fee is 0 but if there was a transaction fee paid it would be the difference between the inputs and the outputs. (i.e. BTC 10.89 input and a BTC 10.88 output = BTC 0.01 fee).<br />
<br />
The wallet file contains the private keys for change addresses, and they can receive and send coins normally. However, the GUI in the default client does not display them in the address book, therefore a recommendation is to backup <code>wallet.dat</code> every 50 transactions.<br />
<br />
==See Also==<br />
<br />
* [[Coin analogy]]<br />
<br />
[[Category:Technical]]<br />
[[Category:Vocabulary]]</div>Pancyrushttps://tests.bitcoin.it/w/index.php?title=Change&diff=68559Change2021-03-21T04:35:06Z<p>Pancyrus: Removed double spaces after sentences.</p>
<hr />
<div>When the output of a transaction is used as the input of another transaction, it must be spent in its entirety. Sometimes the coin value of the output is higher than what the user wishes to pay. In this case, the client generates a new Bitcoin address, and sends the difference back to this address. This is known as [[change]].<br />
<br />
Say you want to buy a candy bar ($1) from a store. You open your wallet (fiat wallet) and inside there is a single $20 bill. What is the min amount you can pay? It isn't $1; you can't rip up 1/20th of the bill and give it to the cashier. You need to pay $20 and since you only owe $1, the cashier gives you back $19. Now in fiat nobody except the central bank can make new bills so bills are in fixed denominations and thus your fiat transaction may look something like the following.<br />
<br />
* Inputs: <br />
** $20 bill<br />
<br />
* Outputs: <br />
** $1 bill to cashier<br />
** $10 bill to you<br />
** $5 bill to you<br />
** $1 bill to you<br />
** $1 bill to you<br />
** $1 bill to you<br />
** $1 bill to you<br />
<br />
We do it everyday so it becomes instinctive but if you break it down that is what is happening. Now lets imagine for a second that some system existed which allowed the cashier (or anyone) to securely destroy any authentic fiat money (bills) and print replacements in arbitrary amounts (not just $10s and $20s but $18.94537208 if you wanted to), while preventing double spending, counterfeiting, and ensuring that at all times the amount of money created is exactly the same as the amount of money destroyed. In that case your transaction may look like this:<br />
<br />
* Inputs: <br />
** $20 bill - destroyed<br />
* Outputs: <br />
** $1 newly created bill to cashier<br />
** $19 newly created bill to you<br />
<br />
That is exactly how bitcoin works. Except instead of bills we call the elements inputs and outputs. When you "spend" bitcoins (create a transaction) you must use the entire value of an unspent output (of a prior transaction) and make it the input for a new transaction. Your wallet hides this somewhat by continually looking for unspent outputs and adding up their total value. So when your wallet says you have BTC 130 it simply means the sum of all your unspent outputs total BTC 130. Just like a fiat wallet the value comes from one or more discrete bills/outputs. <br />
<br />
Take the case of the transaction [http://blockchain.info/tx/0a1c0b1ec0ac55a45b1555202daf2e08419648096f5bcc4267898d420dffef87 0a1c0b1ec0ac55a45b1555202daf2e08419648096f5bcc4267898d420dffef87], a BTC 10.89 previously unspent output was spent by the client. BTC 10 was the payment amount, and BTC 0.89 was the amount of change returned. The client can't spend just BTC 10.00 out of a BTC 10.89 payment anymore than a person can spend $1 out of a $20 bill. The entire BTC 10.89 unspent output became the input of this new transaction and in the process produced are two new unspent outputs which have a combined value of BTC 10.89. The BTC 10.89 is now "spent" and effectively destroyed because the network will prevent it from ever being spent again. Those unspent outputs can now become inputs for future transactions.<br />
<br />
In this transaction, the fee is 0 but if there was a transaction fee paid it would be the difference between the inputs and the outputs. (i.e. BTC 10.89 input and a BTC 10.88 output = BTC 0.01 fee).<br />
<br />
The wallet file contains the private keys for change addresses, and they can receive and send coins normally. However, the GUI in the default client does not display them in the address book, therefore a recommendation is to backup <code>wallet.dat</code> every 50 transactions.<br />
<br />
==See Also==<br />
<br />
* [[Coin analogy]]<br />
<br />
[[Category:Technical]]<br />
[[Category:Vocabulary]]</div>Pancyrushttps://tests.bitcoin.it/w/index.php?title=Change&diff=68558Change2021-03-21T04:33:57Z<p>Pancyrus: Made the formatting easier to read for the file name.</p>
<hr />
<div>When the output of a transaction is used as the input of another transaction, it must be spent in its entirety. Sometimes the coin value of the output is higher than what the user wishes to pay. In this case, the client generates a new Bitcoin address, and sends the difference back to this address. This is known as [[change]].<br />
<br />
Say you want to buy a candy bar ($1) from a store. You open your wallet (fiat wallet) and inside there is a single $20 bill. What is the min amount you can pay? It isn't $1; you can't rip up 1/20th of the bill and give it to the cashier. You need to pay $20 and since you only owe $1, the cashier gives you back $19. Now in fiat nobody except the central bank can make new bills so bills are in fixed denominations and thus your fiat transaction may look something like the following.<br />
<br />
* Inputs: <br />
** $20 bill<br />
<br />
* Outputs: <br />
** $1 bill to cashier<br />
** $10 bill to you<br />
** $5 bill to you<br />
** $1 bill to you<br />
** $1 bill to you<br />
** $1 bill to you<br />
** $1 bill to you<br />
<br />
We do it everyday so it becomes instinctive but if you break it down that is what is happening. Now lets imagine for a second that some system existed which allowed the cashier (or anyone) to securely destroy any authentic fiat money (bills) and print replacements in arbitrary amounts (not just $10s and $20s but $18.94537208 if you wanted to), while preventing double spending, counterfeiting, and ensuring that at all times the amount of money created is exactly the same as the amount of money destroyed. In that case your transaction may look like this:<br />
<br />
* Inputs: <br />
** $20 bill - destroyed<br />
* Outputs: <br />
** $1 newly created bill to cashier<br />
** $19 newly created bill to you<br />
<br />
That is exactly how bitcoin works. Except instead of bills we call the elements inputs and outputs. When you "spend" bitcoins (create a transaction) you must use the entire value of an unspent output (of a prior transaction) and make it the input for a new transaction. Your wallet hides this somewhat by continually looking for unspent outputs and adding up their total value. So when your wallet says you have BTC 130 it simply means the sum of all your unspent outputs total BTC 130. Just like a fiat wallet the value comes from one or more discrete bills/outputs. <br />
<br />
Take the case of the transaction [http://blockchain.info/tx/0a1c0b1ec0ac55a45b1555202daf2e08419648096f5bcc4267898d420dffef87 0a1c0b1ec0ac55a45b1555202daf2e08419648096f5bcc4267898d420dffef87], a BTC 10.89 previously unspent output was spent by the client. BTC 10 was the payment amount, and BTC 0.89 was the amount of change returned. The client can't spend just BTC 10.00 out of a BTC 10.89 payment anymore than a person can spend $1 out of a $20 bill. The entire BTC 10.89 unspent output became the input of this new transaction and in the process produced are two new unspent outputs which have a combined value of BTC 10.89. The BTC 10.89 is now "spent" and effectively destroyed because the network will prevent it from ever being spent again. Those unspent outputs can now become inputs for future transactions. <br />
<br />
In this transaction, the fee is 0 but if there was a transaction fee paid it would be the difference between the inputs and the outputs. (i.e. BTC 10.89 input and a BTC 10.88 output = BTC 0.01 fee).<br />
<br />
The wallet file contains the private keys for change addresses, and they can receive and send coins normally. However, the GUI in the default client does not display them in the address book, therefore a recommendation is to backup <code>wallet.dat</code> every 50 transactions.<br />
<br />
==See Also==<br />
<br />
* [[Coin analogy]]<br />
<br />
[[Category:Technical]]<br />
[[Category:Vocabulary]]</div>Pancyrushttps://tests.bitcoin.it/w/index.php?title=Change&diff=68557Change2021-03-21T04:30:56Z<p>Pancyrus: Currency codes and symbols precede the quantity in English.</p>
<hr />
<div>When the output of a transaction is used as the input of another transaction, it must be spent in its entirety. Sometimes the coin value of the output is higher than what the user wishes to pay. In this case, the client generates a new Bitcoin address, and sends the difference back to this address. This is known as [[change]].<br />
<br />
Say you want to buy a candy bar ($1) from a store. You open your wallet (fiat wallet) and inside there is a single $20 bill. What is the min amount you can pay? It isn't $1; you can't rip up 1/20th of the bill and give it to the cashier. You need to pay $20 and since you only owe $1, the cashier gives you back $19. Now in fiat nobody except the central bank can make new bills so bills are in fixed denominations and thus your fiat transaction may look something like the following.<br />
<br />
* Inputs: <br />
** $20 bill<br />
<br />
* Outputs: <br />
** $1 bill to cashier<br />
** $10 bill to you<br />
** $5 bill to you<br />
** $1 bill to you<br />
** $1 bill to you<br />
** $1 bill to you<br />
** $1 bill to you<br />
<br />
We do it everyday so it becomes instinctive but if you break it down that is what is happening. Now lets imagine for a second that some system existed which allowed the cashier (or anyone) to securely destroy any authentic fiat money (bills) and print replacements in arbitrary amounts (not just $10s and $20s but $18.94537208 if you wanted to), while preventing double spending, counterfeiting, and ensuring that at all times the amount of money created is exactly the same as the amount of money destroyed. In that case your transaction may look like this:<br />
<br />
* Inputs: <br />
** $20 bill - destroyed<br />
* Outputs: <br />
** $1 newly created bill to cashier<br />
** $19 newly created bill to you<br />
<br />
That is exactly how bitcoin works. Except instead of bills we call the elements inputs and outputs. When you "spend" bitcoins (create a transaction) you must use the entire value of an unspent output (of a prior transaction) and make it the input for a new transaction. Your wallet hides this somewhat by continually looking for unspent outputs and adding up their total value. So when your wallet says you have BTC 130 it simply means the sum of all your unspent outputs total BTC 130. Just like a fiat wallet the value comes from one or more discrete bills/outputs. <br />
<br />
Take the case of the transaction [http://blockchain.info/tx/0a1c0b1ec0ac55a45b1555202daf2e08419648096f5bcc4267898d420dffef87 0a1c0b1ec0ac55a45b1555202daf2e08419648096f5bcc4267898d420dffef87], a BTC 10.89 previously unspent output was spent by the client. BTC 10 was the payment amount, and BTC 0.89 was the amount of change returned. The client can't spend just BTC 10.00 out of a BTC 10.89 payment anymore than a person can spend $1 out of a $20 bill. The entire BTC 10.89 unspent output became the input of this new transaction and in the process produced are two new unspent outputs which have a combined value of BTC 10.89. The BTC 10.89 is now "spent" and effectively destroyed because the network will prevent it from ever being spent again. Those unspent outputs can now become inputs for future transactions. <br />
<br />
In this transaction, the fee is 0 but if there was a tx fee paid it would be the difference between the inputs and the outputs. (i.e. BTC 10.89 input and a BTC 10.88 output = BTC 0.01 fee).<br />
<br />
The wallet file contains the private keys for change addresses, and they can receive and send coins normally. However, the GUI in the default client does not display them in the address book, therefore a recommendation is to backup wallet.dat every 50 transactions.<br />
<br />
==See Also==<br />
<br />
* [[Coin analogy]]<br />
<br />
[[Category:Technical]]<br />
[[Category:Vocabulary]]</div>Pancyrushttps://tests.bitcoin.it/w/index.php?title=Bitcoin&diff=68556Bitcoin2021-03-21T01:00:08Z<p>Pancyrus: Addressed some spelling issues.</p>
<hr />
<div>'''Bitcoin''' is a decentralized [[digital currency]] created by an unknown person or group of people under the name [[Satoshi Nakamoto]] and released as open-source software in 2009. It does not rely on a central server to process transactions or store funds. There are a maximum of 2,099,999,997,690,000 bitcoin elements (called satoshis, the unit has been named in collective homage to the original creator), which are currently most commonly measured in units of 100,000,000 known as BTC. There will only ever be 21 million bitcoin (BTC) to ever be created.<br />
<br />
{{As of|January 2018}}, it is the most widely used alternative currency,<ref name="Quantitative Analysis of the Full Bitcoin Transaction Graph">{{cite web|title=Quantitative Analysis of the Full Bitcoin Transaction Graph|url=https://eprint.iacr.org/2012/584.pdf|publisher=Cryptology ePrint Archive|accessdate=18 October 2012|author=Ron Dorit|coauthors=Adi Shamir|page=17|quote=The Bitcoin system is the best known and most widely used alternative payment scheme,...}}</ref><ref name="Cryptocurrency Market Capitalization">{{Cite web|title=Coinmarketcap.com|url=https://coinmarketcap.com/}}</ref> now with the total market cap around 250 billion US dollars.<ref>{{cite web|title=Market Capitalization|url=https://coinmarketcap.com/currencies/bitcoin/|publisher= [[Coinmarketcap.com]] |accessdate=10 January 2018}}</ref><br />
<br />
Bitcoin has no central issuer; instead, the peer-to-peer network regulates bitcoins, transactions and issuance according to consensus in network software. These transactions are verified by network nodes through the use of cryptography and recorded in a public distributed ledger called a blockchain.<br />
<br />
Bitcoins are issued to various nodes that verify transactions through computing power;<br />
it is established that there will be a limited and scheduled release of no more than BTC 21 million worth of coins, which will be fully issued by the year 2140. <br />
<br />
Bitcoins are created as a reward for a process known as mining. They can be exchanged for other currencies, products, and services. As of February 2015, over 100,000 merchants and vendors accepted bitcoins as payment. Research produced by the University of Cambridge estimates that in 2017, there were 2.9 to 5.8 million unique users using a cryptocurrency wallet, most of them using Bitcoin.<br />
<br />
Internationally, bitcoins can be exchanged and managed through various websites and [[software]] along with physical banknotes and coins.<ref>{{Cite web|title=Physical Bitcoins by Casascius|url=https://www.casascius.com/|publisher=Casascius Coins|accessdate=29 September 2012}}</ref><ref>{{Cite web|title=Bitbills|url=http://www.bitbills.com/|publisher=Bitbills|accessdate=29 September 2012}}</ref><br />
<br />
==History==<br />
{{main|History}}<br />
<br />
A cryptographic system for untraceable payments was first described by David Chaum in 1982.<ref>[http://blog.koehntopp.de/uploads/Chaum.BlindSigForPayment.1982.PDF David Chaum, Blind signatures for untraceable payments], Advances in Cryptology - Crypto '82, Springer-Verlag (1983), 199–203.</ref> In 1990 Chaum extended this system to create the first cryptographic anonymous electronic cash system.,<ref>{{cite journal|journal=Lecture Notes in Computer Science|last1=Chaum|first1=David|last2=Fiat|first2=Amos|last3=Naor|first3=Moni|title=Untraceable Electronic Cash|url=http://blog.koehntopp.de/uploads/chaum_fiat_naor_ecash.pdf}}</ref> which became known as ecash.<br />
<ref>{{cite web|url=https://www.wired.com/wired/archive/2.12/emoney.html|publisher=Wired|title=E-Money (That's What I Want)|date=1994–2012|author=Steven Levy}}</ref> In 1998 [[Wei Dai]] published a description of an anonymous, distributed electronic cash system which he called "b-money".<ref>{{cite web|title=B-Money|url=http://www.weidai.com/bmoney.txt|author=Wei Dai|year=1998}}</ref> Around the same time, Nick Szabo created ''bit gold''.<ref>{{cite web|url=https://spectrum.ieee.org/computing/software/bitcoin-the-cryptoanarchists-answer-to-cash/0|title=Bitcoin: The Cryptoanarchists’ Answer to Cash|publisher=IEEE Spectrum|quote=Around the same time, Nick Szabo, a computer scientist who now blogs about law and the history of money, was one of the first to imagine a new digital currency from the ground up. Although many consider his scheme, which he calls “bit gold,” to be a precursor to Bitcoin}}</ref><ref name="bitgold">{{cite web|title=Bit gold|url=https://unenumerated.blogspot.co.uk/2005/12/bit-gold.html|author=Nick Szabo|quote=My proposal for bit gold is based on computing a string of bits from a string of challenge bits, using functions called variously "client puzzle function," "proof of work function," or "secure benchmark function.". The resulting string of bits is the proof of work.... The last-created string of bit gold provides the challenge bits for the next-created string.}}</ref> Like Bitcoin, ''Bit gold'' was a currency system where users would compete to solve a [[proof of work]] function, with solutions being cryptographically chained together and published via a distributed property title registry. A variant of ''Bit gold'', called ''Reusable Proofs of Work'', was implemented by Hal Finney.<ref name="bitgold"/><br />
<br />
In 2008, Satoshi Nakamoto published a [[Bitcoin_white_paper|paper]]<ref name="whitepaper">{{cite web<br />
|last= Nakamoto<br />
|first= Satoshi<br />
|title= Bitcoin: A Peer-to-Peer Electronic Cash System<br />
|url= http://www.cs.kent.edu/~JAVED/class-P2P12F/papers-2012/PAPER2012-p2p-bitcoin-satoshinakamoto.pdf<br />
|accessdate = 14 December 2010<br />
|date= 24 May 2009<br />
|postscript=<br />
}}</ref><ref>{{cite web<br />
|url= https://article.gmane.org/gmane.comp.encryption.general/12588/<br />
|title= Bitcoin P2P e-cash paper<br />
}}</ref> on The Cryptography Mailing list at metzdowd.com<ref>[https://www.mail-archive.com/search?l=cryptography@metzdowd.com&q=from:%22Satoshi+Nakamoto%22 Satoshi's posts to Cryptography mailing list]</ref> describing the Bitcoin protocol.<br />
<br />
The Bitcoin network came into existence on 3 January 2009 with the release of the first Bitcoin client, [[wxBitcoin]], and the issuance of the first bitcoins.<ref>{{cite web |title=Block 0 – Bitcoin Block Explorer |url=https://blockexplorer.com/block/000000000019d6689c085ae165831e934ff763ae46a2a6c172b3f1b60a8ce26f }}</ref><ref>{{cite web |url=https://www.mail-archive.com/cryptography@metzdowd.com/msg10142.html |title=Bitcoin v0.1 released}}</ref><ref>{{cite web |url=https://sourceforge.net/news/?group_id=244765 |title=SourceForge.net: Bitcoin}}</ref><br />
A year after, the initial exchange rates for Bitcoin were set by individuals on the bitcointalk forums.{{Citation needed|date=October 2012}} The most significant transaction involved a BTC 10,000 pizza.<ref>{{cite web|title=The Rise and Fall of Bitcoin|url=https://www.wired.com/magazine/2011/11/mf_bitcoin/|publisher=Wired|accessdate=13 October 2012}}</ref><br />
Today, the majority of bitcoin exchanges occur on the [[Bitstamp]] bitcoin exchange.<ref>{{cite web | title = Exchange volume distribution | work = by market | publisher = [[Bitcoin Charts]] | date = 15 April 2014 | url = https://bitcoincharts.com/charts/volumepie/ | accessdate = 15 April 2014 }}</ref><br />
<br />
In 2011, Wikileaks,<ref>{{cite news<br />
|last= Greenberg<br />
|first= Andy<br />
|url= http://blogs.forbes.com/andygreenberg/2011/06/14/wikileaks-asks-for-anonymous-bitcoin-donations/<br />
|title= WikiLeaks Asks For Anonymous Bitcoin Donations – Andy Greenberg – The Firewall – Forbes<br />
|publisher= Blogs.forbes.com<br />
|date= 14 June 2011<br />
|accessdate = 22 June 2011<br />
}}</ref> [[Freenet]],<ref>{{cite web<br />
|url= https://freenetproject.org/donate.html<br />
|title= /donate<br />
|publisher= The Freenet Project<br />
|date=<br />
|accessdate = 22 June 2011<br />
}}</ref> Singularity Institute,<ref>[http://singinst.org/donate/ SIAI donation page]</ref> Internet Archive,<ref>[https://www.archive.org/donate/index.php Internet Archive donation page]</ref> Free Software Foundation<ref>[https://my.fsf.org/donate/other/ Other ways to donate]</ref> and others, began [[Receiving_donations_with_bitcoin|to accept donations in bitcoins]]. The Electronic Frontier Foundation did so for a while but has since stopped, citing concerns about a lack of legal precedent about new currency systems, and because they "generally don't endorse any type of product or service".<ref>{{cite web<br />
|url= https://www.eff.org/deeplinks/2011/06/eff-and-bitcoin<br />
|title= EFF and Bitcoin &#124; Electronic Frontier Foundation<br />
|publisher= Eff.org<br />
|date= 14 June 2011<br />
|accessdate = 22 June 2011<br />
}}</ref> Some small businesses had started to adopt Bitcoin. LaCie, a public company, accepts bitcoins for its Wuala service.<ref>{{Cite web|url=http://www.wuala.com/en/bitcoin |title=Secure Online Storage – Backup. Sync. Share. Access Everywhere |publisher=Wuala |date= |accessdate = 24 January 2012}}</ref><br />
<br />
In 2012, BitPay reports of having over 1000 merchants accepting bitcoins under its payment processing service.<ref>{{cite web|title=BitPay Signs 1,000 Merchants to Accept Bitcoin Payments|url=http://www.americanbanker.com/issues/177_176/bitpay-signs-1000-merchants-to-accept-bitcoin-payments-1052538-1.html|publisher=American Banker|accessdate=12 October 2012}}</ref><br />
<br />
==Administration==<br />
Bitcoin is administered through a decentralized peer-to-peer network.<ref name="whitepaper"/> Cryptographic technologies and the peer-to-peer network of computing power enables users to make and verify irreversible, instant online bitcoin payments, without an obligation to trust and use centralized banking institutions and authorities. Dispute resolution services are not made directly available. Instead it is left to the users to verify and trust the parties they are sending money to through their choice of methods. <br />
<br />
Bitcoins are issued according to rules agreed to by the majority of the computing power within the Bitcoin network. The core rules describing the predictable issuance of bitcoins to its verifying servers, a voluntary and competitive transaction fee system and the hard limit of no more than BTC 21 million issued in total.<ref name="whitepaper"/><br />
<br />
Bitcoin does not require a central bank, State,<ref>{{cite web<br />
|url= https://spectrum.ieee.org/computing/software/bitcoin-the-cryptoanarchists-answer-to-cash/3<br />
|title= Bitcoin: The Cryptoanarchists' Answer to Cash<br />
|publisher= IEEE.org<br />
|date= June 2012<br />
|accessdate = 5 June 2012<br />
}}</ref> or incorporated backers.<br />
<br />
==Services==<br />
{{main|Wallet}}<br />
<br />
Bitcoins are sent and received through software and websites called wallets. They send and confirm transactions to the network through Bitcoin addresses, the identifiers for users' Bitcoin wallets within the network.<ref name="whitepaper"/><br />
<br />
===Bitcoin addresses===<br />
{{main|Address}}<br />
<br />
Payments are made to Bitcoin "addresses": human-readable strings of numbers and letters around 33 characters in length, always beginning with the digit 1 or 3, as in the example of ''31uEbMgunupShBVTewXjtqbBv5MndwfXhb''.<br />
<br />
Users obtain new Bitcoin addresses from their Bitcoin software. Creating a new address can be a completely offline process and require no communication with the Bitcoin network. Web services often generate a new Bitcoin address for every user, allowing them to have their custom deposit addresses.{{dubious}}<br />
<br />
===Transaction fees===<br />
{{main|Transaction fees}}<br />
Transaction fees may be included with any transfer of bitcoins. While it's technically possible to send a transaction with zero fee, {{as of|2017|lc=on}} it's highly unlikely that one of these transactions confirms in a realistic amount of time, causing most nodes on the network to drop it. For transactions which consume or produce many outputs (and therefore have a large data size), higher transaction fees are usually expected.<br />
<br />
===Confirmations===<br />
{{main|Confirmation}}<br />
<br />
The network's software confirms a transaction when it records it in a block. Further blocks of transactions confirm it even further. After six confirmations/blocks, a transaction is confirmed beyond reasonable doubt.<br />
<br />
The network must store the whole transaction history inside the blockchain, which grows constantly as new records are added and never removed. Nakamoto conceived that as the database became larger, users would desire applications for Bitcoin that didn't store the entire database on their computer. To enable this, the blockchain uses a [[merkle tree]] to organize the transaction records in such a way that client software can locally delete portions of its own database it knows it will never need, such as earlier transaction records of bitcoins that have changed ownership multiple times.<br />
<br />
==Economics==<br />
<br />
===Initial distribution===<br />
<br />
Bitcoin has no centralized issuing authority.<ref name="ars-06-08-11"><br />
{{Cite news<br />
|first= Thomas<br />
|last= Lowenthal<br />
|title= Bitcoin: inside the encrypted, peer-to-peer digital currency<br />
|newspaper= Ars Technica<br />
|date= 8 June 2011<br />
|url= https://arstechnica.com/tech-policy/news/2011/06/bitcoin-inside-the-encrypted-peer-to-peer-currency.ars<br />
}}</ref><ref>{{cite news<br />
|author= Sponsored by<br />
|url= http://www.economist.com/blogs/babbage/2011/06/virtual-currency<br />
|title= Virtual currency: Bits and bob<br />
|publisher= The Economist<br />
|date=<br />
|accessdate = 22 June 2011<br />
}}</ref><ref>{{cite web<br />
|last= Geere<br />
|first= Duncan<br />
|url= https://www.wired.co.uk/news/archive/2011-05/16/bitcoin-p2p-currency<br />
|title= Peer-to-peer currency Bitcoin sidesteps financial institutions (Wired UK)<br />
|publisher= Wired.co.uk<br />
|date=<br />
|accessdate = 22 June 2011<br />
}}</ref> The network is programmed to increase the money supply as a geometric series until the total number of bitcoins reaches 21 million.<ref name="Quantitative Analysis of the Full Bitcoin Transaction Graph"/> {{As of|2012|10}} slightly over 10 million of the total BTC 21 million had been created; the current total number created is available online.<ref>{{cite web<br />
|title= Total Number of Bitcoins in Existence<br />
|url= https://blockexplorer.com/q/totalbc<br />
|work= Bitcoin Block Explorer<br />
|accessdate = 3 October 2012<br />
}}</ref> By 2013 half of the total supply will have been generated, and by 2017, three-quarters will have been generated. To ensure sufficient granularity of the [[money supply]], clients can divide each BTC unit down to eight decimal places (a total of 2.1&nbsp;×&nbsp;10<sup>15</sup> or 2.1 quadrillion units).<ref name="lwn">{{Cite news<br />
|author= Nathan Willis<br />
|date= 10 November 2010<br />
|title= Bitcoin: Virtual money created by CPU cycles<br />
|publisher= LWN.net<br />
|url= https://lwn.net/Articles/414452/<br />
}}</ref><br />
<br />
The network {{As of|2012|lc=on}} required over one million times more work for confirming a block and receiving an award (BTC 25 {{As of|2012|2|lc=on}}) than when the first blocks were confirmed.<br />
The difficulty is automatically adjusted every 2016 blocks based on the time taken to find the previous 2016 blocks such that one block is created roughly every 10 minutes.<br />
<br />
Those who chose to put computational and electrical resources toward mining early on had a greater chance at receiving awards for block generations. This served to make available enough processing power to process blocks. Indeed, without miners there are no transactions and the bitcoin economy comes to a halt.<br />
<br />
===Exchange rate===<br />
Prices fluctuate relative to goods and services more than more widely accepted currencies;<br />
the price of a bitcoin is not static.<br />
<br />
In August 2012, 1 bitcoin traded at around US$10.00. Taking into account the total number of bitcoins mined, the monetary base of the Bitcoin network stands at over USD 110 million.<ref>[http://www.bitcoinwatch.com/ http://www.bitcoinwatch.com/] Bitcoin statistics</ref><br />
<br />
== Anonymity ==<!--Please keep as starting template--><br />
{{main|Anonymity & Security}}<br />
<br />
=== Transactions ===<br />
<br />
While using bitcoins is an excellent way to make your purchases, donations, and p2p payments without losing money through inflated transaction fees, transactions are never truly anonymous. Buying bitcoin you pass identification, Bitcoin transactions are stored publicly and permanently on the network, which means anyone can see the balance and transactions of any Bitcoin address. Bitcoin activities are recorded and available publicly via the [[blockchain]], a comprehensive database which keeps a record of Bitcoin transactions.<br />
<br />
=== Buying/selling bitcoins ===<br />
<br />
All exchange companies require the user to scan ID documents, and large transactions must be reported to the proper governmental authority.<br />
<br />
This means that a third party with an interest in tracking your activities can use your visible balance and ID information as a basis from which to track your future transactions or to study previous activity. In short, you have compromised your [[security]] and [[privacy]].<br />
<br />
In addition to conventional exchanges there are also peer-to-peer exchanges. Peer to peer exchanges will often not collect KYC and identity information directly from users, instead they let the users handle KYC amongst themselves. These can often be a better alternative for those looking to purchase bitcoins quickly and without KYC delay.<br />
<br />
=== Mixing services ===<br />
<br />
[http://anonymity.co.in/mixing_services.html Mixing services] are used to avoid compromising of privacy and security. Mixing services provide to periodically exchange your bitcoins for different ones which cannot be associated with the original owner.<br />
<br />
== Security ==<!--Please keep as starting template--><br />
{{seealso|Weaknesses}}<br />
<br />
In the history of Bitcoin, there have been a few [[incidents]], caused by problematic as well as malicious transactions. In the worst such incident, and the only one of its type, a person was able to pretend that he had a practically infinite supply of bitcoins, for almost 9 hours.<br />
<br />
Bitcoin relies, among other things, on [https://en.wikipedia.org/wiki/Public-key_cryptography public key cryptography] and thus may be vulnerable to [https://en.wikipedia.org/wiki/Elliptic_curve_cryptography#Quantum_computing_attacks quantum computing attacks] if and when practical quantum computers can be constructed.<br />
<br />
If multiple different software packages, whose usage becomes widespread on the Bitcoin network, disagree on the protocol and the rules for transactions, this could potentially cause a fork in the block chain with each faction of users being able to accept only their own version of the history of transactions. This could influence the price of bitcoins.<br />
<br />
A global, organized campaign against the currency or the software could also influence the demand for bitcoins, and thus the exchange price.<br />
<br />
==Bitcoin mining==<br />
{{main|Mining}}<br />
<br />
Bitcoin mining nodes are responsible for managing the Bitcoin network.<br />
<br />
Bitcoins are awarded to Bitcoin nodes known as "miners" for the solution to a difficult [[proof-of-work]] problem which confirms transactions and prevents double-spending. This incentive, as the Nakamoto white paper describes it, encourages "nodes to support the network, and provides a way to initially distribute coins into circulation, since no central authority issues them."<ref name="whitepaper" /><br />
<br />
Nakamoto compared the generation of new coins by expending CPU time and electricity to gold miners expending resources to add gold to circulation.<ref name="whitepaper"/><br />
<br />
[[File:Cryptocurrency Mining Farm.jpg|right|350px|thumb|Iceland is a good location for [[mining]] bitcoins because of the natural cold temperature.]]<br />
<br />
===Node operation===<br />
<br />
The node software for the Bitcoin network is based on peer-to-peer networking, digital signatures and cryptographic proof to make and verify transactions. Nodes broadcast transactions to the network, which records them in a public record of all transactions called the ''blockchain'' after validating them with a [[proof-of-work|proof-of-work system]].<br />
<br />
Satoshi Nakamoto designed the first Bitcoin node and mining software<ref name="processors">{{Cite news<br />
|last= Davis<br />
|first= Joshua<br />
|title= The Crypto-Currency<br />
|url= https://www.wired.com/magazine/2011/11/mf_bitcoin/all<br />
|accessdate = 11 November 2011<br />
|newspaper= Wired Magazine<br />
|date= 10 November 2011<br />
}}</ref> and developed the majority of the first implementation, Bitcoind, from 2007 to mid-2010.<ref name="code_start">{{cite web<br />
|url= https://bitcointalk.org/index.php?topic=13.msg46#msg46<br />
|title= Questions about Bitcoin<br />
|publisher= Bitcoin forum<br />
|date= 10 December 2009<br />
}}</ref><br />
<br />
Node implementations include core software such as Bitcoind/Bitcoin-Qt, [[libbitcoin]], [[cbitcoin]]<ref>{{Cite web|title=cbitcoin|url=https://github.com/MatthewLM/cbitcoin|accessdate=3 October 2012}}</ref> and [[BitCoinJ|bitcoinj]].<ref>{{cite web<br />
|url= https://news.slashdot.org/story/11/03/23/0210207/Google-Engineer-Releases-Open-Source-Bitcoin-Client<br />
|title= Google Engineer Releases Open Source Bitcoin Client<br />
|author= angry tapir, timothy<br />
|date= 23 March 2011<br />
|publisher= Slashdot<br />
|accessdate = 18 May 2011<br />
}}</ref><ref>{{cite web<br />
|url= http://www.javaworld.com/javaworld/jw-01-2012/120110-bitcoin-for-beginners-3.html?page=1<br />
|title= Bitcoin for beginners: The BitcoinJ API<br />
|author= Dirk Merkel<br />
|date= 10 January 2012<br />
|publisher= JavaWorld<br />
|accessdate = 3 August 2012<br />
}}</ref><br />
<br />
Every node in the Bitcoin network collects all the unacknowledged transactions it knows of in a file called a ''block'', which also contains a reference to the previous valid block known to that node. It then appends a [[nonce]] value to this previous block and computes the SHA-256 cryptographic hash of the block and the appended nonce value. The node repeats this process until it adds a nonce that allows for the generation of a hash with a value lower than a specified ''target''. Because computers cannot practically reverse the hash function, finding such a nonce is hard and requires on average a predictable amount of repetitious trial and error. This is where the ''[[proof-of-work]]'' concept comes in to play. When a node finds such a solution, it announces it to the rest of the network. Peers receiving the new solved block validate it by computing the hash and checking that it really starts with the given number of zero bits (i.e., that the hash is within the target). Then they accept it and add it to the chain.<br />
<br />
===Mining rewards===<br />
In addition to receiving the pending transactions confirmed in the block, a generating node adds a ''generate'' transaction, which awards new bitcoins to the operator of the node that generated the block. The system sets the payout of this generated transaction according to its defined inflation schedule. The miner that generates a block also receives the fees that users have paid as an incentive to give particular transactions priority for faster confirmation.<ref>[https://www.bitcoinmining.com Bitcoin Mining]</ref><br />
<br />
The network never creates more than a BTC 50 reward per block and this amount will decrease over time towards zero, such that no more than BTC 21 million will ever exist.<ref name="lwn" /> As this payout decreases, the incentive for users to run block-generating nodes is intended to change to earning [[#Transaction fees|transaction fees]].<br />
<br />
===Mining pools===<br />
{{main|Pooled mining}}<br />
<br />
Bitcoin users often pool computational effort to increase the stability of the collected fees and subsidy they receive.<ref name="We Use Coins Mining">{{cite web|title=About Bitcoin Mining|url=https://www.weusecoins.com/en/mining-guide/|publisher=We Use Coins|accessdate=27 May 2015}}</ref><br />
<br />
===Mining difficulty===<br />
{{main|Difficulty}}<br />
<br />
In order to throttle the creation of blocks, the difficulty of generating new blocks is adjusted over time. If mining output increases or decreases, the difficulty increases or decreases accordingly.<br />
<br />
The adjustment is done by changing the threshold that a hash is required to be less than. A lower threshold means fewer possible hashes can be accepted, and thus a higher degree of difficulty. The target rate of block generation is one block every 10 minutes, or 2016 blocks every two weeks. Bitcoin changes the difficulty of finding a valid block every 2016 blocks, using the difficulty that would have been most likely to cause the prior 2016 blocks to have taken two weeks to generate, according to the timestamps on the blocks. Technically, this is done by modelling the generation of bitcoins as Poisson process. All nodes perform and enforce the same difficulty calculation.<br />
<br />
Difficulty is intended as an automatic stabilizer allowing mining for bitcoins to remain profitable in the long run for the most efficient miners, independently of the fluctuations in demand of the bitcoin in relation to other currencies.<br />
<br />
===Mining hardware===<br />
{{main|Mining Hardware Comparison}}<br />
<br />
Bitcoins used to be mined through Intel/AMD CPUs. {{As of | 2012}}, mining has gradually moved to [[GPU]] and [[FPGA]] hardware.<ref name="bitcoinmag-butterfly" /> [[Application-specific integrated circuit|ASIC]]-based hardware for bitcoin mining has been announced by several manufacturers who intend to ship products from late 2012 to early 2013.<ref name="bitcoinmag-butterfly">{{Cite web|title=Bitpay Breaks Daily Volume Record with Butterfly ASIC mining release|url=http://bitcoinmagazine.net/bitpay-breaks-daily-volume-record-with-butterfly-asic-mining-release/|publisher=Bitcoin Magazine}}</ref><br />
<br />
==Concerns==<br />
<br />
===As an investment===<br />
{{main|Bitcoin as an investment}}<br />
<br />
Bitcoin describes itself as an experimental digital currency. Reuben Grinberg has noted that Bitcoin's supporters have argued that bitcoins are neither securities nor investments because they fail to meet the criteria for either category.<ref name="grinberg">{{cite web | url=http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1817857 | title=Bitcoin: An Innovative Alternative Digital Currency | publisher=SSRN | date=9 December 2011 | accessdate=4 December 2012 | author=Grinberg, Reuben}}</ref> Although it is a virtual currency, some people see it as an investment<ref name="cnbc">{{cite web | url=http://www.cnbc.com/id/45030812/The_Pros_And_Cons_Of_Biting_on_Bitcoins | title=The Pros And Cons Of Biting on Bitcoins | publisher=CNBC | date=23 November 2011 | accessdate=4 December 2012 | author=Gustke, Constance}}</ref> or accuse it of being a form of investment fraud known as a Ponzi scheme.<ref>{{cite web |url=https://www.theregister.co.uk/2011/06/08/bitcoin_under_attack/ |title=US senators draw a bead on Bitcoin |last1=Chirgwin |first1=Richard |date=8 June 2011 |publisher=The Register |accessdate=14 November 2012}}</ref><ref>{{cite web |url=http://uk.reuters.com/article/2012/04/01/uk-traders-bitcoin-idUKBRE8300JL20120401 |title=Bitcoin, the City traders' anarchic new toy |last1=O'Leary |first1=Naomi |date=2 April 2012 |publisher=Reuters |accessdate=14 November 2012}}</ref> A report by the European Central Bank, using the U.S. Securities and Exchange Commission's definition of a Ponzi scheme, found that the use of bitcoins shares some characteristics with Ponzi schemes, but also has characteristics of its own which contradict several common aspects of Ponzi schemes.<ref name="ecbreport">{{cite web | url=http://www.ecb.europa.eu/pub/pdf/other/virtualcurrencyschemes201210en.pdf | title=Virtual Currency Schemes | publisher=European Central Bank | date=October 2012 | accessdate=4 December 2012}}</ref><br />
<br />
===Privacy===<br />
Because transactions are broadcast to the entire network, they are inherently public. Unlike regular banking,<ref>{{cite web<br />
|url= https://spectrum.ieee.org/computing/software/bitcoin-the-cryptoanarchists-answer-to-cash/0<br />
|title= Bitcoin: The Cryptoanarchists' Answer to Cash<br />
|publisher= IEEE.org<br />
|date= June 2012<br />
|accessdate = 5 June 2012<br />
}}</ref> which preserves customer privacy by keeping transaction records private, loose transactional privacy is accomplished in Bitcoin by using many unique addresses for every wallet while at the same time publishing all transactions. As an example, if Alice sends BTC 123.45 to Bob, the network creates a public record that allows anyone to see that 123.45 has been sent from one address to another. However, unless Alice or Bob make their ownership of these addresses known, it is difficult for anyone else to connect the transaction with them. However, if someone connects an address to a user at any point they could follow back a series of transactions as each participant likely knows who paid them and may disclose that information on request or under duress.<br />
<br />
It can be difficult to associate Bitcoin identities with real-life identities.<ref name="An Analysis of Anonymity in the Bitcoin System">Fergal Reid and Martin Harrigan (24 July 2011). [https://anonymity-in-bitcoin.blogspot.com/2011/07/bitcoin-is-not-anonymous.html An Analysis of Anonymity in the Bitcoin System]. An Analysis of Anonymity in the Bitcoin System.</ref> This property makes Bitcoin transactions attractive to sellers of illegal products.<ref name="Forbes">Andy Greenberg (20 April 2011). [http://www.forbes.com/forbes/2011/0509/technology-psilocybin-bitcoins-gavin-andresen-crypto-currency.html Crypto Currency]. Forbes Magazine.</ref><ref>{{cite web<br />
|last= Madrigal<br />
|first= Alexis<br />
|title= Libertarian Dream? A Site Where You Buy Drugs With Digital Dollars<br />
|publisher= The Atlantic Monthly<br />
|date= 1 June 2011<br />
|url= https://www.theatlantic.com/technology/archive/2011/06/libertarian-dream-a-site-where-you-buy-drugs-with-digital-dollars/239776/<br />
|accessdate = 5 June 2011<br />
}}</ref><br />
<br />
===Illicit use===<br />
<br />
====Cracking====<br />
The cracking organization "LulzSec" accepted donations in bitcoins, having said that the group "needs Bitcoin donations to continue their hacking efforts".<ref name="CNET">{{cite web<br />
|last= Reisinger<br />
|first= Don<br />
|url= https://news.cnet.com/8301-13506_3-20070268-17/senators-target-bitcoin-currency-citing-drug-sales/<br />
|title= Senators target Bitcoin currency, citing drug sales &#124; The Digital Home – CNET News<br />
|publisher= News.cnet.com<br />
|date= 9 June 2011<br />
|accessdate = 22 June 2011<br />
}}</ref><ref>{{cite news<br />
|last= Olson<br />
|first= Parmy<br />
|url= http://blogs.forbes.com/parmyolson/2011/06/06/lulzsec-hackers-posts-sony-dev-source-code-get-7k-donation/<br />
|title= LulzSec Hackers Post Sony Dev. Source Code, Get $7K Donation – Parmy Olson – Disruptors – Forbes<br />
|publisher= Blogs.forbes.com<br />
|date= 6 June 2011<br />
|accessdate = 22 June 2011<br />
}}</ref><br />
<br />
====Silk Road====<br />
[[Silk Road]] is an anonymous black market that uses only the bitcoin.<ref name="npr-06-12-11"><br />
{{Cite news<br />
|url= https://www.npr.org/2011/06/12/137138008/silk-road-not-your-fathers-amazon-com<br />
|date= 12 June 2011<br />
|newspaper= NPR<br />
|title= Silk Road: Not Your Father's Amazon.com<br />
|author= Staff<br />
}}</ref> <br />
<br />
In a 2011 letter to Attorney General Eric Holder and the Drug Enforcement Administration, senators Charles Schumer of New York and Joe Manchin of West Virginia called for an investigation into Silk Road and the bitcoin.<ref name="npr-06-12-11"/><br />
Schumer described the use of bitcoins at Silk Road as a form of money laundering.<ref name="ars-06-08-11"/><br />
<br />
====Botnet mining====<br />
In June 2011, Symantec warned about the possibility of botnets engaging in covert "mining" of bitcoins,<ref>{{Cite web|author=Updated: 17 June 2011 | Translations available: 日本語 |url=http://www.symantec.com/connect/blogs/bitcoin-botnet-mining |title=Bitcoin Botnet Mining &#124; Symantec Connect Community |publisher=Symantec.com |date=17 June 2011 |accessdate = 24 January 2012}}</ref><ref>{{Cite web|url=http://www.zdnet.com/blog/security/researchers-find-malware-rigged-with-bitcoin-miner/8934 |title=Researchers find malware rigged with Bitcoin miner |publisher=ZDNet |date=29 June 2011 |accessdate = 24 January 2012}}</ref> consuming computing cycles, using extra electricity and possibly increasing the temperature of the computer (not associated with [http://snowafter.com Snow Day Calculator]). Later that month, the Australian Broadcasting Corporation caught an employee using the company's servers to generate bitcoins without permission.<ref>{{Cite web|url=http://thenextweb.com/au/2011/06/23/abc-employee-caught-mining-for-bitcoins-on-company-servers/ |title=ABC employee caught mining for Bitcoins on company servers |publisher=The Next Web |date=23 June 2011 |accessdate = 24 January 2012}}</ref> Some malware also uses the parallel processing capabilities of the GPUs built into many modern-day video cards.<ref>{{Cite news |url=https://www.theregister.co.uk/2011/08/16/gpu_bitcoin_brute_forcing/ |title=Malware mints virtual currency using victim's GPU |date=16 August 2011<!-- 20:00 GMT -->|first=Dan |last=Goodin }}</ref> In mid August 2011, bitcoin miner botnets were found;<ref>{{Cite web|url=http://www.infosecurity-magazine.com/view/20211/researcher-discovers-distributed-bitcoin-cracking-trojan-malware/ |title=Infosecurity – Researcher discovers distributed bitcoin cracking trojan malware |publisher=Infosecurity-magazine.com |date=19 August 2011 |accessdate = 24 January 2012}}</ref> trojans infecting Mac OS X have also been uncovered.<ref>{{Cite web|url=http://www.techworld.com.au/article/405849/mac_os_x_trojan_steals_processing_power_produce_bitcoins |title=Mac OS X Trojan steals processing power to produce Bitcoins – sophos, security, malware, Intego – Vulnerabilities – Security |publisher=Techworld |date=1 November 2011 |accessdate = 24 January 2012}}</ref><br />
<br />
===Theft and fraud===<br />
On 19 June 2011, a security breach of the Mt.Gox (an acronym for ''M''agic: ''T''he ''G''athering ''O''nline E''x''change, its original purpose) bitcoin exchange caused the price of a bitcoin to briefly drop to US$0.01 on the Mt.Gox exchange (though it remained unaffected on other exchanges) after a hacker allegedly used credentials from a Mt.Gox auditor's compromised computer to illegally transfer a large number of bitcoins to him- or herself and sell them all, creating a massive "ask" order at any price. Within minutes the price rebounded to over $15 before Mt.Gox shut down their exchange and cancelled all trades that happened during the hacking period.<ref>[https://mtgox.com/press_release_20110630.html Clarification of Mt Gox Compromised Accounts and Major Bitcoin Sell-Off]</ref><ref>[https://www.youtube.com/watch?v=T1X6qQt9ONg YouTube. Bitcoin Report]</ref> The exchange rate of bitcoins quickly returned to near pre-crash values.<ref name="mick">Jason Mick, 19 June 2011, [http://www.dailytech.com/Inside+the+MegaHack+of+Bitcoin+the+Full+Story/article21942.htm Inside the Mega-Hack of Bitcoin: the Full Story], DailyTech</ref><ref>Timothy B. Lee, 19 June 2011, [https://arstechnica.com/tech-policy/news/2011/06/bitcoin-price-plummets-on-compromised-exchange.ars Bitcoin prices plummet on hacked exchange], Ars Technica</ref><ref>Mark Karpeles, 20 June 2011, [https://support.mtgox.com/entries/20208066-huge-bitcoin-sell-off-due-to-a-compromised-account-rollback Huge Bitcoin sell off due to a compromised account – rollback], Mt.Gox Support</ref><ref name="register1">{{Cite news<br />
|title= Bitcoin collapses on malicious trade – Mt Gox scrambling to raise the Titanic<br />
|url= https://www.theregister.co.uk/2011/06/19/bitcoin_values_collapse_again/<br />
|date= 19 June 2011<br />
|author= Chirgwin, Richard<br />
|publisher= The Register<br />
}}</ref> Accounts with the equivalent of more than USD 8,750,000 were affected.<ref name="mick" /><br />
<br />
In July 2011, The operator of Bitomat, the third largest bitcoin exchange, announced that he lost access to his wallet.dat file with about 17,000 bitcoins (roughly equivalent to USD 220,000 at that time). He announced that he would sell the service for the missing amount, aiming to use funds from the sale to refund his customers.<ref>[http://siliconangle.com/blog/2011/08/01/third-largest-bitcoin-exchange-bitomat-lost-their-wallet-over-17000-bitcoins-missing/ Third Largest Bitcoin Exchange Bitomat Lost Their Wallet, Over 17,000 Bitcoins Missing]. SiliconAngle</ref><br />
<br />
In August 2011, MyBitcoin, one of the popular Bitcoin transaction processors, declared that it was hacked, which resulted in it being shut down with paying 49% on customer deposits leaving more than 78,000 BitCoins (roughly equivalent to USD 800,000 at that time) unaccounted for.<ref>[http://betabeat.com/2011/08/mybitcoin-spokesman-finally-comes-forward-what-did-you-think-we-did-after-the-hack-we-got-shitfaced/ MyBitcoin Spokesman Finally Comes Forward: “What Did You Think We Did After the Hack? We Got Shitfaced”]. BetaBeat</ref><ref>[http://betabeat.com/2011/08/search-for-owners-of-mybitcoin-loses-steam/ Search for Owners of MyBitcoin Loses Steam]. BetaBeat</ref><br />
<br />
In early August 2012, a lawsuit was filed in San Francisco court against Bitcoinica, claiming about USD 460,000 from the company. Bitcoinica was hacked twice in 2012, which led to allegations of neglecting the safety of customers' money and cheating them out of withdrawal requests.<ref>[https://arstechnica.com/tech-policy/2012/08/bitcoinica-users-sue-for-460k-in-lost-bitcoins/ Bitcoinica users sue for $460k in lost Bitcoins]. Arstechnica</ref><ref>[https://spectrum.ieee.org/tech-talk/computing/networks/first-bitcoin-lawsuit-filed-in-san-francisco First Bitcoin Lawsuit Filed In San Francisco]. IEEE Spectrum</ref><br />
<br />
In late August 2012, Bitcoin Savings and Trust was shut down by the owner, allegedly leaving around $5.6 million in debts; this led to allegations of the operation being a Ponzi scheme.<ref>{{Cite web|title=Bitcoin ponzi scheme – investors lose $5 million USD in online hedge fund|url=https://rt.com/usa/news/investors-currency-digital-fund-868/|publisher=RT}}</ref><ref>{{Cite web|last=Jeffries|first=Adrianne|title=Suspected multi-million dollar Bitcoin pyramid scheme shuts down, investors revolt|url=http://www.theverge.com/2012/8/27/3271637/bitcoin-savings-trust-pyramid-scheme-shuts-down|publisher=The Verge}}</ref><ref>{{Cite web|last=Mick|first=Jason|title="Pirateat40" Makes Off $5.6M USD in Bitcoin From Pyramid Scheme|url=http://www.dailytech.com/Pirateat40+Makes+Off+56M+USD+in+BitCoins+From+Pyramid+Scheme/article25538.htm|publisher=DailyTech}}</ref><ref>[https://pandodaily.com/2012/08/31/bitcoin-how-a-virtual-currency-became-real-with-a-5-6m-fraud/ Bitcoin: How a Virtual Currency Became Real with a $5.6M Fraud]. PandoDaily</ref> In September 2012, it was reported that U.S. Securities and Exchange Commission has started an investigation on the case.<ref>[http://blogs.telegraph.co.uk/technology/willardfoxton2/100007836/bitcoin-pirate-scandal-sec-steps-in-amid-allegations-that-the-whole-thing-was-a-ponzi-scheme/ Bitcoin 'Pirate' scandal: SEC steps in amid allegations that the whole thing was a Ponzi scheme ]. The Telegraph</ref><br />
<br />
In September 2012, Bitfloor bitcoin exchange also reported being hacked, with 24,000 bitcoins (roughly equivalent to USD 250,000) stolen. As a result, Bitfloor suspended operations.<ref>[http://www.bbc.co.uk/news/technology-19486695 Bitcoin theft causes Bitfloor exchange to go offline]. BBC</ref><ref>[http://www.theverge.com/2012/9/5/3293375/bitfloor-bitcoin-exchange-suspended-theft Bitcoin exchange BitFloor suspends operations after $250,000 theft bitcoin exchange BitFloor suspends operations after $250,000 theft]. The Verge</ref> The same month, Bitfloor resumed operations, with its founder saying that he reported the theft to FBI, and that he is planning to repay the victims, though the time frame for such repayment is unclear.<ref>[http://www.pcworld.com/article/2010586/bitcoin-exchange-back-online-after-hack.html?tk=rel_news Bitcoin exchange back online after hack]. PCWorld</ref><br />
<br />
===Taxation===<br />
In September 2012, the Intra-European Organization of Tax Administrations (IOTA), in Tbilisi, Georgia, held a workshop titled "Auditing Individuals and Legal Entities in the Use of e-Money". The workshop was attended by representatives from 23 countries.<ref name="Bitcoin Tax issues Oct 2012">{{cite journal | title=2012 TNT 209-4 NEWS ANALYSIS: VIRTUAL CURRENCY: A NEW WORRY FOR TAX ADMINISTRATORS? (Release Date: OCTOBER 17, 2012) (Doc 2012-21516) | author=Stewart, David D. and Soong Johnston, Stephanie D. | journal=Tax Notes Today | date=29 October 2012 | volume=2012 TNT 209-4 | issue=2012 TNT 209-4}}</ref> Jerry Taylor, IOTA's technical taxation expert, said, "There's an awful lot happening on the Internet environment which is fascinating at the moment and introducing new challenges for auditors when it comes to virtual currency."<ref name="Bitcoin Tax issues Oct 2012">{{cite journal | title=2012 TNT 209-4 NEWS ANALYSIS: VIRTUAL CURRENCY: A NEW WORRY FOR TAX ADMINISTRATORS? (Release Date: OCTOBER 17, 2012) (Doc 2012-21516) | author=Stewart, David D. and Soong Johnston, Stephanie D. | journal=Tax Notes Today | date=29 October 2012 | volume=2012 TNT 209-4 | issue=2012 TNT 209-4}}</ref> Bitcoin was mentioned during the workshop.<ref name="Bitcoin Tax issues Oct 2012">{{cite journal | title=2012 TNT 209-4 NEWS ANALYSIS: VIRTUAL CURRENCY: A NEW WORRY FOR TAX ADMINISTRATORS? (Release Date: OCTOBER 17, 2012) (Doc 2012-21516) | author=Stewart, David D. and Soong Johnston, Stephanie D. | journal=Tax Notes Today | date=29 October 2012 | volume=2012 TNT 209-4 | issue=2012 TNT 209-4}}</ref><br />
<br />
Matthew Elias, founder of the [[Cryptocurrency Legal Advocacy Group]] (CLAG) published "Staying Between the Lines: A Survey of U.S. Income Taxation and its Ramifications on Cryptocurrencies", which discusses "the taxability of cryptocurrencies such as Bitcoin".<ref name="Bitcoin Tax issues Oct 2012">{{cite journal | title=2012 TNT 209-4 NEWS ANALYSIS: VIRTUAL CURRENCY: A NEW WORRY FOR TAX ADMINISTRATORS? (Release Date: OCTOBER 17, 2012) (Doc 2012-21516) | author=Stewart, David D. and Soong Johnston, Stephanie D. | journal=Tax Notes Today | date=29 October 2012 | volume=2012 TNT 209-4 | issue=2012 TNT 209-4}}</ref> CLAG "stressed the importance for taxpayers to determine on their own whether taxes are due on a Bitcoin-related transaction based on whether one has "experienced a realization event."<ref name="Bitcoin Tax issues Oct 2012">{{cite journal | title=2012 TNT 209-4 NEWS ANALYSIS: VIRTUAL CURRENCY: A NEW WORRY FOR TAX ADMINISTRATORS? (Release Date: OCTOBER 17, 2012) (Doc 2012-21516) | author=Stewart, David D. and Soong Johnston, Stephanie D. | journal=Tax Notes Today | date=29 October 2012 | volume=2012 TNT 209-4 | issue=2012 TNT 209-4}}</ref> Such examples are "when a taxpayer has provided a service in exchange for Bitcoins, a realization event has probably occurred, and any gain or loss would likely be calculated using fair market values for the service provided."<ref name="Bitcoin Tax issues Oct 2012">{{cite journal | title=2012 TNT 209-4 NEWS ANALYSIS: VIRTUAL CURRENCY: A NEW WORRY FOR TAX ADMINISTRATORS? (Release Date: OCTOBER 17, 2012) (Doc 2012-21516) | author=Stewart, David D. and Soong Johnston, Stephanie D. | journal=Tax Notes Today | date=29 October 2012 | volume=2012 TNT 209-4 | issue=2012 TNT 209-4}}</ref><br />
<br />
[[Peter Vessenes]], [[Bitcoin Foundation|Bitcoin Foundation's]] executive director, said, since the foundation is trying to pay for everything in bitcoins, including salaries, "How do we W-2 someone for their Bitcoins? Do we mark-to-market every time a transfer happens? Payroll companies cringe."<ref name="BitCoin Tax issues Oct 2012">{{cite journal | title=2012 TNT 209-4 NEWS ANALYSIS: VIRTUAL CURRENCY: A NEW WORRY FOR TAX ADMINISTRATORS? (Release Date: OCTOBER 17, 2012) (Doc 2012-21516) | author=Stewart, David D. and Soong Johnston, Stephanie D. | journal=Tax Notes Today | date=29 October 2012 | volume=2012 TNT 209-4 | issue=2012 TNT 209-4}}</ref> The Bitcoin Foundation hopes "to push for solid guidance about its legal and tax treatment." [[Patrick Murck]], legal counsel for the Bitcoin Foundation, said he would like "to help regulators understand the technology better so they can make better decisions."<ref name="BitCoin Tax issues Oct 2012">{{cite journal | title=2012 TNT 209-4 NEWS ANALYSIS: VIRTUAL CURRENCY: A NEW WORRY FOR TAX ADMINISTRATORS? (Release Date: OCTOBER 17, 2012) (Doc 2012-21516) | author=Stewart, David D. and Soong Johnston, Stephanie D. | journal=Tax Notes Today | date=29 October 2012 | volume=2012 TNT 209-4 | issue=2012 TNT 209-4}}</ref> Murck said, "Bitcoin has the potential to become much more than a niche currency, but it needs the guidance and understanding of regulators." and "The full potential of Bitcoin could be realized through clearer guidelines and a better understanding by financial and tax regulators." and "Part of making that happen is to talk to regulators, the IRS, and tax professionals and helping them understand that Bitcoin is not this nefarious thing, it's just software, it's a community, and there's nothing inherently nefarious about either of those things."<ref name="BitCoin Tax issues Oct 2012">{{cite journal | title=2012 TNT 209-4 NEWS ANALYSIS: VIRTUAL CURRENCY: A NEW WORRY FOR TAX ADMINISTRATORS? (Release Date: OCTOBER 17, 2012) (Doc 2012-21516) | author=Stewart, David D. and Soong Johnston, Stephanie D. | journal=Tax Notes Today | date=29 October 2012 | volume=2012 TNT 209-4 | issue=2012 TNT 209-4}}</ref><br />
<br />
==See Also==<br />
* [[Introduction]]<br />
* [[Getting started]]<br />
* [[Using_Bitcoin|Detailed tutorial]]<br />
* [[FAQ]]<br />
* [https://www.weusecoins.com What Is Bitcoin?]<br />
* [https://www.bitcoinmining.com What Is Bitcoin Mining?]<br />
<br />
==References==<br />
<references /><br />
<br />
[[Category:Digital currencies]]<br />
{{wp}}{{p-move}}{{good}}<br />
[[es:Bitcoin]][[de:Bitcoin]]</div>Pancyrushttps://tests.bitcoin.it/w/index.php?title=Bitcoin&diff=68555Bitcoin2021-03-21T00:57:32Z<p>Pancyrus: Removed comma splices and cleaned up some other grammatical issues.</p>
<hr />
<div>'''Bitcoin''' is a decentralized [[digital currency]] created by an unknown person or group of people under the name [[Satoshi Nakamoto]] and released as open-source software in 2009. It does not rely on a central server to process transactions or store funds. There are a maximum of 2,099,999,997,690,000 bitcoin elements (called satoshis, the unit has been named in collective homage to the original creator), which are currently most commonly measured in units of 100,000,000 known as BTC. There will only ever be 21 million bitcoin (BTC) to ever be created.<br />
<br />
{{As of|January 2018}}, it is the most widely used alternative currency,<ref name="Quantitative Analysis of the Full Bitcoin Transaction Graph">{{cite web|title=Quantitative Analysis of the Full Bitcoin Transaction Graph|url=https://eprint.iacr.org/2012/584.pdf|publisher=Cryptology ePrint Archive|accessdate=18 October 2012|author=Ron Dorit|coauthors=Adi Shamir|page=17|quote=The Bitcoin system is the best known and most widely used alternative payment scheme,...}}</ref><ref name="Cryptocurrency Market Capitalization">{{Cite web|title=Coinmarketcap.com|url=https://coinmarketcap.com/}}</ref> now with the total market cap around 250 billion US dollars.<ref>{{cite web|title=Market Capitalization|url=https://coinmarketcap.com/currencies/bitcoin/|publisher= [[Coinmarketcap.com]] |accessdate=10 January 2018}}</ref><br />
<br />
Bitcoin has no central issuer; instead, the peer-to-peer network regulates bitcoins, transactions and issuance according to consensus in network software. These transactions are verified by network nodes through the use of cryptography and recorded in a public distributed ledger called a blockchain.<br />
<br />
Bitcoins are issued to various nodes that verify transactions through computing power;<br />
it is established that there will be a limited and scheduled release of no more than BTC 21 million worth of coins, which will be fully issued by the year 2140. <br />
<br />
Bitcoins are created as a reward for a process known as mining. They can be exchanged for other currencies, products, and services. As of February 2015, over 100,000 merchants and vendors accepted bitcoins as payment. Research produced by the University of Cambridge estimates that in 2017, there were 2.9 to 5.8 million unique users using a cryptocurrency wallet, most of them using Bitcoin.<br />
<br />
Internationally, bitcoins can be exchanged and managed through various websites and [[software]] along with physical banknotes and coins.<ref>{{Cite web|title=Physical Bitcoins by Casascius|url=https://www.casascius.com/|publisher=Casascius Coins|accessdate=29 September 2012}}</ref><ref>{{Cite web|title=Bitbills|url=http://www.bitbills.com/|publisher=Bitbills|accessdate=29 September 2012}}</ref><br />
<br />
==History==<br />
{{main|History}}<br />
<br />
A cryptographic system for untraceable payments was first described by David Chaum in 1982.<ref>[http://blog.koehntopp.de/uploads/Chaum.BlindSigForPayment.1982.PDF David Chaum, Blind signatures for untraceable payments], Advances in Cryptology - Crypto '82, Springer-Verlag (1983), 199–203.</ref> In 1990 Chaum extended this system to create the first cryptographic anonymous electronic cash system.,<ref>{{cite journal|journal=Lecture Notes in Computer Science|last1=Chaum|first1=David|last2=Fiat|first2=Amos|last3=Naor|first3=Moni|title=Untraceable Electronic Cash|url=http://blog.koehntopp.de/uploads/chaum_fiat_naor_ecash.pdf}}</ref> which became known as ecash.<br />
<ref>{{cite web|url=https://www.wired.com/wired/archive/2.12/emoney.html|publisher=Wired|title=E-Money (That's What I Want)|date=1994–2012|author=Steven Levy}}</ref> In 1998 [[Wei Dai]] published a description of an anonymous, distributed electronic cash system which he called "b-money".<ref>{{cite web|title=B-Money|url=http://www.weidai.com/bmoney.txt|author=Wei Dai|year=1998}}</ref> Around the same time, Nick Szabo created ''bit gold''.<ref>{{cite web|url=https://spectrum.ieee.org/computing/software/bitcoin-the-cryptoanarchists-answer-to-cash/0|title=Bitcoin: The Cryptoanarchists’ Answer to Cash|publisher=IEEE Spectrum|quote=Around the same time, Nick Szabo, a computer scientist who now blogs about law and the history of money, was one of the first to imagine a new digital currency from the ground up. Although many consider his scheme, which he calls “bit gold,” to be a precursor to Bitcoin}}</ref><ref name="bitgold">{{cite web|title=Bit gold|url=https://unenumerated.blogspot.co.uk/2005/12/bit-gold.html|author=Nick Szabo|quote=My proposal for bit gold is based on computing a string of bits from a string of challenge bits, using functions called variously "client puzzle function," "proof of work function," or "secure benchmark function.". The resulting string of bits is the proof of work.... The last-created string of bit gold provides the challenge bits for the next-created string.}}</ref> Like Bitcoin, ''Bit gold'' was a currency system where users would compete to solve a [[proof of work]] function, with solutions being cryptographically chained together and published via a distributed property title registry. A variant of ''Bit gold'', called ''Reusable Proofs of Work'', was implemented by Hal Finney.<ref name="bitgold"/><br />
<br />
In 2008, Satoshi Nakamoto published a [[Bitcoin_white_paper|paper]]<ref name="whitepaper">{{cite web<br />
|last= Nakamoto<br />
|first= Satoshi<br />
|title= Bitcoin: A Peer-to-Peer Electronic Cash System<br />
|url= http://www.cs.kent.edu/~JAVED/class-P2P12F/papers-2012/PAPER2012-p2p-bitcoin-satoshinakamoto.pdf<br />
|accessdate = 14 December 2010<br />
|date= 24 May 2009<br />
|postscript=<br />
}}</ref><ref>{{cite web<br />
|url= https://article.gmane.org/gmane.comp.encryption.general/12588/<br />
|title= Bitcoin P2P e-cash paper<br />
}}</ref> on The Cryptography Mailing list at metzdowd.com<ref>[https://www.mail-archive.com/search?l=cryptography@metzdowd.com&q=from:%22Satoshi+Nakamoto%22 Satoshi's posts to Cryptography mailing list]</ref> describing the Bitcoin protocol.<br />
<br />
The Bitcoin network came into existence on 3 January 2009 with the release of the first Bitcoin client, [[wxBitcoin]], and the issuance of the first bitcoins.<ref>{{cite web |title=Block 0 – Bitcoin Block Explorer |url=https://blockexplorer.com/block/000000000019d6689c085ae165831e934ff763ae46a2a6c172b3f1b60a8ce26f }}</ref><ref>{{cite web |url=https://www.mail-archive.com/cryptography@metzdowd.com/msg10142.html |title=Bitcoin v0.1 released}}</ref><ref>{{cite web |url=https://sourceforge.net/news/?group_id=244765 |title=SourceForge.net: Bitcoin}}</ref><br />
A year after, the initial exchange rates for Bitcoin were set by individuals on the bitcointalk forums.{{Citation needed|date=October 2012}} The most significant transaction involved a BTC 10,000 pizza.<ref>{{cite web|title=The Rise and Fall of Bitcoin|url=https://www.wired.com/magazine/2011/11/mf_bitcoin/|publisher=Wired|accessdate=13 October 2012}}</ref><br />
Today, the majority of bitcoin exchanges occur on the [[Bitstamp]] bitcoin exchange.<ref>{{cite web | title = Exchange volume distribution | work = by market | publisher = [[Bitcoin Charts]] | date = 15 April 2014 | url = https://bitcoincharts.com/charts/volumepie/ | accessdate = 15 April 2014 }}</ref><br />
<br />
In 2011, Wikileaks,<ref>{{cite news<br />
|last= Greenberg<br />
|first= Andy<br />
|url= http://blogs.forbes.com/andygreenberg/2011/06/14/wikileaks-asks-for-anonymous-bitcoin-donations/<br />
|title= WikiLeaks Asks For Anonymous Bitcoin Donations – Andy Greenberg – The Firewall – Forbes<br />
|publisher= Blogs.forbes.com<br />
|date= 14 June 2011<br />
|accessdate = 22 June 2011<br />
}}</ref> [[Freenet]],<ref>{{cite web<br />
|url= https://freenetproject.org/donate.html<br />
|title= /donate<br />
|publisher= The Freenet Project<br />
|date=<br />
|accessdate = 22 June 2011<br />
}}</ref> Singularity Institute,<ref>[http://singinst.org/donate/ SIAI donation page]</ref> Internet Archive,<ref>[https://www.archive.org/donate/index.php Internet Archive donation page]</ref> Free Software Foundation<ref>[https://my.fsf.org/donate/other/ Other ways to donate]</ref> and others, began [[Receiving_donations_with_bitcoin|to accept donations in bitcoins]]. The Electronic Frontier Foundation did so for a while but has since stopped, citing concerns about a lack of legal precedent about new currency systems, and because they "generally don't endorse any type of product or service".<ref>{{cite web<br />
|url= https://www.eff.org/deeplinks/2011/06/eff-and-bitcoin<br />
|title= EFF and Bitcoin &#124; Electronic Frontier Foundation<br />
|publisher= Eff.org<br />
|date= 14 June 2011<br />
|accessdate = 22 June 2011<br />
}}</ref> Some small businesses had started to adopt Bitcoin. LaCie, a public company, accepts bitcoins for its Wuala service.<ref>{{Cite web|url=http://www.wuala.com/en/bitcoin |title=Secure Online Storage – Backup. Sync. Share. Access Everywhere |publisher=Wuala |date= |accessdate = 24 January 2012}}</ref><br />
<br />
In 2012, BitPay reports of having over 1000 merchants accepting bitcoins under its payment processing service.<ref>{{cite web|title=BitPay Signs 1,000 Merchants to Accept Bitcoin Payments|url=http://www.americanbanker.com/issues/177_176/bitpay-signs-1000-merchants-to-accept-bitcoin-payments-1052538-1.html|publisher=American Banker|accessdate=12 October 2012}}</ref><br />
<br />
==Administration==<br />
Bitcoin is administered through a decentralized peer-to-peer network.<ref name="whitepaper"/> Cryptographic technologies and the peer-to-peer network of computing power enables users to make and verify irreversible, instant online bitcoin payments, without an obligation to trust and use centralized banking institutions and authorities. Dispute resolution services are not made directly available. Instead it is left to the users to verify and trust the parties they are sending money to through their choice of methods. <br />
<br />
Bitcoins are issued according to rules agreed to by the majority of the computing power within the Bitcoin network. The core rules describing the predictable issuance of bitcoins to its verifying servers, a voluntary and competitive transaction fee system and the hard limit of no more than BTC 21 million issued in total.<ref name="whitepaper"/><br />
<br />
Bitcoin does not require a central bank, State,<ref>{{cite web<br />
|url= https://spectrum.ieee.org/computing/software/bitcoin-the-cryptoanarchists-answer-to-cash/3<br />
|title= Bitcoin: The Cryptoanarchists' Answer to Cash<br />
|publisher= IEEE.org<br />
|date= June 2012<br />
|accessdate = 5 June 2012<br />
}}</ref> or incorporated backers.<br />
<br />
==Services==<br />
{{main|Wallet}}<br />
<br />
Bitcoins are sent and received through software and websites called wallets. They send and confirm transactions to the network through Bitcoin addresses, the identifiers for users' Bitcoin wallets within the network.<ref name="whitepaper"/><br />
<br />
===Bitcoin addresses===<br />
{{main|Address}}<br />
<br />
Payments are made to Bitcoin "addresses": human-readable strings of numbers and letters around 33 characters in length, always beginning with the digit 1 or 3, as in the example of ''31uEbMgunupShBVTewXjtqbBv5MndwfXhb''.<br />
<br />
Users obtain new Bitcoin addresses from their Bitcoin software. Creating a new address can be a completely offline process and require no communication with the Bitcoin network. Web services often generate a new Bitcoin address for every user, allowing them to have their custom deposit addresses.{{dubious}}<br />
<br />
===Transaction fees===<br />
{{main|Transaction fees}}<br />
Transaction fees may be included with any transfer of bitcoins. While it's technically possible to send a transaction with zero fee, {{as of|2017|lc=on}} it's highly unlikely that one of these transactions confirms in a realistic amount of time, causing most nodes on the network to drop it. For transactions which consume or produce many outputs (and therefore have a large data size), higher transaction fees are usually expected.<br />
<br />
===Confirmations===<br />
{{main|Confirmation}}<br />
<br />
The network's software confirms a transaction when it records it in a block. Further blocks of transactions confirm it even further. After six confirmations/blocks, a transaction is confirmed beyond reasonable doubt.<br />
<br />
The network must store the whole transaction history inside the blockchain, which grows constantly as new records are added and never removed. Nakamoto conceived that as the database became larger, users would desire applications for Bitcoin that didn't store the entire database on their computer. To enable this, the blockchain uses a [[merkle tree]] to organize the transaction records in such a way that client software can locally delete portions of its own database it knows it will never need, such as earlier transaction records of bitcoins that have changed ownership multiple times.<br />
<br />
==Economics==<br />
<br />
===Initial distribution===<br />
<br />
Bitcoin has no centralized issuing authority.<ref name="ars-06-08-11"><br />
{{Cite news<br />
|first= Thomas<br />
|last= Lowenthal<br />
|title= Bitcoin: inside the encrypted, peer-to-peer digital currency<br />
|newspaper= Ars Technica<br />
|date= 8 June 2011<br />
|url= https://arstechnica.com/tech-policy/news/2011/06/bitcoin-inside-the-encrypted-peer-to-peer-currency.ars<br />
}}</ref><ref>{{cite news<br />
|author= Sponsored by<br />
|url= http://www.economist.com/blogs/babbage/2011/06/virtual-currency<br />
|title= Virtual currency: Bits and bob<br />
|publisher= The Economist<br />
|date=<br />
|accessdate = 22 June 2011<br />
}}</ref><ref>{{cite web<br />
|last= Geere<br />
|first= Duncan<br />
|url= https://www.wired.co.uk/news/archive/2011-05/16/bitcoin-p2p-currency<br />
|title= Peer-to-peer currency Bitcoin sidesteps financial institutions (Wired UK)<br />
|publisher= Wired.co.uk<br />
|date=<br />
|accessdate = 22 June 2011<br />
}}</ref> The network is programmed to increase the money supply as a geometric series until the total number of bitcoins reaches 21 million.<ref name="Quantitative Analysis of the Full Bitcoin Transaction Graph"/> {{As of|2012|10}} slightly over 10 million of the total BTC 21 million had been created; the current total number created is available online.<ref>{{cite web<br />
|title= Total Number of Bitcoins in Existence<br />
|url= https://blockexplorer.com/q/totalbc<br />
|work= Bitcoin Block Explorer<br />
|accessdate = 3 October 2012<br />
}}</ref> By 2013 half of the total supply will have been generated, and by 2017, three-quarters will have been generated. To ensure sufficient granularity of the [[money supply]], clients can divide each BTC unit down to eight decimal places (a total of 2.1&nbsp;×&nbsp;10<sup>15</sup> or 2.1 quadrillion units).<ref name="lwn">{{Cite news<br />
|author= Nathan Willis<br />
|date= 10 November 2010<br />
|title= Bitcoin: Virtual money created by CPU cycles<br />
|publisher= LWN.net<br />
|url= https://lwn.net/Articles/414452/<br />
}}</ref><br />
<br />
The network {{As of|2012|lc=on}} required over one million times more work for confirming a block and receiving an award (BTC 25 {{As of|2012|2|lc=on}}) than when the first blocks were confirmed.<br />
The difficulty is automatically adjusted every 2016 blocks based on the time taken to find the previous 2016 blocks such that one block is created roughly every 10 minutes.<br />
<br />
Those who chose to put computational and electrical resources toward mining early on had a greater chance at receiving awards for block generations. This served to make available enough processing power to process blocks. Indeed, without miners there are no transactions and the bitcoin economy comes to a halt.<br />
<br />
===Exchange rate===<br />
Prices fluctuate relative to goods and services more than more widely accepted currencies;<br />
the price of a bitcoin is not static.<br />
<br />
In August 2012, 1 bitcoin traded at around US$10.00. Taking into account the total number of bitcoins mined, the monetary base of the Bitcoin network stands at over USD 110 million.<ref>[http://www.bitcoinwatch.com/ http://www.bitcoinwatch.com/] Bitcoin statistics</ref><br />
<br />
== Anonymity ==<!--Please keep as starting template--><br />
{{main|Anonymity & Security}}<br />
<br />
=== Transactions ===<br />
<br />
While using bitcoins is an excellent way to make your purchases, donations, and p2p payments without losing money through inflated transaction fees, transactions are never truly anonymous. Buying bitcoin you pass identification, Bitcoin transactions are stored publicly and permanently on the network, which means anyone can see the balance and transactions of any Bitcoin address. Bitcoin activities are recorded and available publicly via the [[blockchain]], a comprehensive database which keeps a record of Bitcoin transactions.<br />
<br />
=== Buying/selling bitcoins ===<br />
<br />
All exchange companies require the user to scan ID documents, and large transactions must be reported to the proper governmental authority.<br />
<br />
This means that a third party with an interest in tracking your activities can use your visible balance and ID information as a basis from which to track your future transactions or to study previous activity. In short, you have compromised your [[security]] and [[privacy]].<br />
<br />
In addition to conventional exchanges there are also peer-to-peer exchanges. Peer to peer exchanges will often not collect KYC and identity information directly from users, instead they let the users handle KYC amongst themselves. These can often be a better alternative for those looking to purchase bitcoins quickly and without KYC delay.<br />
<br />
=== Mixing services ===<br />
<br />
[http://anonymity.co.in/mixing_services.html Mixing services] are used to avoid compromising of privacy and security. Mixing services provide to periodically exchange your bitcoins for different ones which cannot be associated with the original owner.<br />
<br />
== Security ==<!--Please keep as starting template--><br />
{{seealso|Weaknesses}}<br />
<br />
In the history of Bitcoin, there have been a few [[incidents]], caused by problematic as well as malicious transactions. In the worst such incident, and the only one of its type, a person was able to pretend that he had a practically infinite supply of bitcoins, for almost 9 hours.<br />
<br />
Bitcoin relies, among other things, on [https://en.wikipedia.org/wiki/Public-key_cryptography public key cryptography] and thus may be vulnerable to [https://en.wikipedia.org/wiki/Elliptic_curve_cryptography#Quantum_computing_attacks quantum computing attacks] if and when practical quantum computers can be constructed.<br />
<br />
If multiple different software packages, whose usage becomes widespread on the Bitcoin network, disagree on the protocol and the rules for transactions, this could potentially cause a fork in the block chain with each faction of users being able to accept only their own version of the history of transactions. This could influence the price of bitcoins.<br />
<br />
A global, organized campaign against the currency or the software could also influence the demand for bitcoins, and thus the exchange price.<br />
<br />
==Bitcoin mining==<br />
{{main|Mining}}<br />
<br />
Bitcoin mining nodes are responsible for managing the Bitcoin network.<br />
<br />
Bitcoins are awarded to Bitcoin nodes known as "miners" for the solution to a difficult [[proof-of-work]] problem which confirms transactions and prevents double-spending. This incentive, as the Nakamoto white paper describes it, encourages "nodes to support the network, and provides a way to initially distribute coins into circulation, since no central authority issues them."<ref name="whitepaper" /><br />
<br />
Nakamoto compared the generation of new coins by expending CPU time and electricity to gold miners expending resources to add gold to circulation.<ref name="whitepaper"/><br />
<br />
[[File:Cryptocurrency Mining Farm.jpg|right|350px|thumb|Iceland is a good location for [[mining]] bitcoins because of the natural cold temperature.]]<br />
<br />
===Node operation===<br />
<br />
The node software for the Bitcoin network is based on peer-to-peer networking, digital signatures and cryptographic proof to make and verify transactions. Nodes broadcast transactions to the network, which records them in a public record of all transactions called the ''blockchain'' after validating them with a [[proof-of-work|proof-of-work system]].<br />
<br />
Satoshi Nakamoto designed the first Bitcoin node and mining software<ref name="processors">{{Cite news<br />
|last= Davis<br />
|first= Joshua<br />
|title= The Crypto-Currency<br />
|url= https://www.wired.com/magazine/2011/11/mf_bitcoin/all<br />
|accessdate = 11 November 2011<br />
|newspaper= Wired Magazine<br />
|date= 10 November 2011<br />
}}</ref> and developed the majority of the first implementation, Bitcoind, from 2007 to mid-2010.<ref name="code_start">{{cite web<br />
|url= https://bitcointalk.org/index.php?topic=13.msg46#msg46<br />
|title= Questions about Bitcoin<br />
|publisher= Bitcoin forum<br />
|date= 10 December 2009<br />
}}</ref><br />
<br />
Node implementations include core software such as Bitcoind/Bitcoin-Qt, [[libbitcoin]], [[cbitcoin]]<ref>{{Cite web|title=cbitcoin|url=https://github.com/MatthewLM/cbitcoin|accessdate=3 October 2012}}</ref> and [[BitCoinJ|bitcoinj]].<ref>{{cite web<br />
|url= https://news.slashdot.org/story/11/03/23/0210207/Google-Engineer-Releases-Open-Source-Bitcoin-Client<br />
|title= Google Engineer Releases Open Source Bitcoin Client<br />
|author= angry tapir, timothy<br />
|date= 23 March 2011<br />
|publisher= Slashdot<br />
|accessdate = 18 May 2011<br />
}}</ref><ref>{{cite web<br />
|url= http://www.javaworld.com/javaworld/jw-01-2012/120110-bitcoin-for-beginners-3.html?page=1<br />
|title= Bitcoin for beginners: The BitcoinJ API<br />
|author= Dirk Merkel<br />
|date= 10 January 2012<br />
|publisher= JavaWorld<br />
|accessdate = 3 August 2012<br />
}}</ref><br />
<br />
Every node in the Bitcoin network collects all the unacknowledged transactions it knows of in a file called a ''block'', which also contains a reference to the previous valid block known to that node. It then appends a [[nonce]] value to this previous block and computes the SHA-256 cryptographic hash of the block and the appended nonce value. The node repeats this process until it adds a nonce that allows for the generation of a hash with a value lower than a specified ''target''. Because computers cannot practically reverse the hash function, finding such a nonce is hard and requires on average a predictable amount of repetitious trial and error. This is where the ''[[proof-of-work]]'' concept comes in to play. When a node finds such a solution, it announces it to the rest of the network. Peers receiving the new solved block validate it by computing the hash and checking that it really starts with the given number of zero bits (i.e., that the hash is within the target). Then they accept it and add it to the chain.<br />
<br />
===Mining rewards===<br />
In addition to receiving the pending transactions confirmed in the block, a generating node adds a ''generate'' transaction, which awards new bitcoins to the operator of the node that generated the block. The system sets the payout of this generated transaction according to its defined inflation schedule. The miner that generates a block also receives the fees that users have paid as an incentive to give particular transactions priority for faster confirmation.<ref>[https://www.bitcoinmining.com Bitcoin Mining]</ref><br />
<br />
The network never creates more than a BTC 50 reward per block and this amount will decrease over time towards zero, such that no more than BTC 21 million will ever exist.<ref name="lwn" /> As this payout decreases, the incentive for users to run block-generating nodes is intended to change to earning [[#Transaction fees|transaction fees]].<br />
<br />
===Mining pools===<br />
{{main|Pooled mining}}<br />
<br />
Bitcoin users often pool computational effort to increase the stability of the collected fees and subsidy they receive.<ref name="We Use Coins Mining">{{cite web|title=About Bitcoin Mining|url=https://www.weusecoins.com/en/mining-guide/|publisher=We Use Coins|accessdate=27 May 2015}}</ref><br />
<br />
===Mining difficulty===<br />
{{main|Difficulty}}<br />
<br />
In order to throttle the creation of blocks, the difficulty of generating new blocks is adjusted over time. If mining output increases or decreases, the difficulty increases or decreases accordingly.<br />
<br />
The adjustment is done by changing the threshold that a hash is required to be less than. A lower threshold means fewer possible hashes can be accepted, and thus a higher degree of difficulty. The target rate of block generation is one block every 10 minutes, or 2016 blocks every two weeks. Bitcoin changes the difficulty of finding a valid block every 2016 blocks, using the difficulty that would have been most likely to cause the prior 2016 blocks to have taken two weeks to generate, according to the timestamps on the blocks. Technically, this is done by modeling the generation of bitcoins as Poisson process. All nodes perform and enforce the same difficulty calculation.<br />
<br />
Difficulty is intended as an automatic stabilizer allowing mining for bitcoins to remain profitable in the long run for the most efficient miners, independently of the fluctuations in demand of the bitcoin in relation to other currencies.<br />
<br />
===Mining hardware===<br />
{{main|Mining Hardware Comparison}}<br />
<br />
Bitcoins used to be mined through Intel/AMD CPUs. {{As of | 2012}}, mining has gradually moved to [[GPU]] and [[FPGA]] hardware.<ref name="bitcoinmag-butterfly" /> [[Application-specific integrated circuit|ASIC]]-based hardware for bitcoin mining has been announced by several manufacturers who intend to ship products from late 2012 to early 2013.<ref name="bitcoinmag-butterfly">{{Cite web|title=Bitpay Breaks Daily Volume Record with Butterfly ASIC mining release|url=http://bitcoinmagazine.net/bitpay-breaks-daily-volume-record-with-butterfly-asic-mining-release/|publisher=Bitcoin Magazine}}</ref><br />
<br />
==Concerns==<br />
<br />
===As an investment===<br />
{{main|Bitcoin as an investment}}<br />
<br />
Bitcoin describes itself as an experimental digital currency. Reuben Grinberg has noted that Bitcoin's supporters have argued that bitcoins are neither securities nor investments because they fail to meet the criteria for either category.<ref name="grinberg">{{cite web | url=http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1817857 | title=Bitcoin: An Innovative Alternative Digital Currency | publisher=SSRN | date=9 December 2011 | accessdate=4 December 2012 | author=Grinberg, Reuben}}</ref> Although it is a virtual currency, some people see it as an investment<ref name="cnbc">{{cite web | url=http://www.cnbc.com/id/45030812/The_Pros_And_Cons_Of_Biting_on_Bitcoins | title=The Pros And Cons Of Biting on Bitcoins | publisher=CNBC | date=23 November 2011 | accessdate=4 December 2012 | author=Gustke, Constance}}</ref> or accuse it of being a form of investment fraud known as a Ponzi scheme.<ref>{{cite web |url=https://www.theregister.co.uk/2011/06/08/bitcoin_under_attack/ |title=US senators draw a bead on Bitcoin |last1=Chirgwin |first1=Richard |date=8 June 2011 |publisher=The Register |accessdate=14 November 2012}}</ref><ref>{{cite web |url=http://uk.reuters.com/article/2012/04/01/uk-traders-bitcoin-idUKBRE8300JL20120401 |title=Bitcoin, the City traders' anarchic new toy |last1=O'Leary |first1=Naomi |date=2 April 2012 |publisher=Reuters |accessdate=14 November 2012}}</ref> A report by the European Central Bank, using the U.S. Securities and Exchange Commission's definition of a Ponzi scheme, found that the use of bitcoins shares some characteristics with Ponzi schemes, but also has characteristics of its own which contradict several common aspects of Ponzi schemes.<ref name="ecbreport">{{cite web | url=http://www.ecb.europa.eu/pub/pdf/other/virtualcurrencyschemes201210en.pdf | title=Virtual Currency Schemes | publisher=European Central Bank | date=October 2012 | accessdate=4 December 2012}}</ref><br />
<br />
===Privacy===<br />
Because transactions are broadcast to the entire network, they are inherently public. Unlike regular banking,<ref>{{cite web<br />
|url= https://spectrum.ieee.org/computing/software/bitcoin-the-cryptoanarchists-answer-to-cash/0<br />
|title= Bitcoin: The Cryptoanarchists' Answer to Cash<br />
|publisher= IEEE.org<br />
|date= June 2012<br />
|accessdate = 5 June 2012<br />
}}</ref> which preserves customer privacy by keeping transaction records private, loose transactional privacy is accomplished in Bitcoin by using many unique addresses for every wallet while at the same time publishing all transactions. As an example, if Alice sends BTC 123.45 to Bob, the network creates a public record that allows anyone to see that 123.45 has been sent from one address to another. However, unless Alice or Bob make their ownership of these addresses known, it is difficult for anyone else to connect the transaction with them. However, if someone connects an address to a user at any point they could follow back a series of transactions as each participant likely knows who paid them and may disclose that information on request or under duress.<br />
<br />
It can be difficult to associate Bitcoin identities with real-life identities.<ref name="An Analysis of Anonymity in the Bitcoin System">Fergal Reid and Martin Harrigan (24 July 2011). [https://anonymity-in-bitcoin.blogspot.com/2011/07/bitcoin-is-not-anonymous.html An Analysis of Anonymity in the Bitcoin System]. An Analysis of Anonymity in the Bitcoin System.</ref> This property makes Bitcoin transactions attractive to sellers of illegal products.<ref name="Forbes">Andy Greenberg (20 April 2011). [http://www.forbes.com/forbes/2011/0509/technology-psilocybin-bitcoins-gavin-andresen-crypto-currency.html Crypto Currency]. Forbes Magazine.</ref><ref>{{cite web<br />
|last= Madrigal<br />
|first= Alexis<br />
|title= Libertarian Dream? A Site Where You Buy Drugs With Digital Dollars<br />
|publisher= The Atlantic Monthly<br />
|date= 1 June 2011<br />
|url= https://www.theatlantic.com/technology/archive/2011/06/libertarian-dream-a-site-where-you-buy-drugs-with-digital-dollars/239776/<br />
|accessdate = 5 June 2011<br />
}}</ref><br />
<br />
===Illicit use===<br />
<br />
====Cracking====<br />
The cracking organization "LulzSec" accepted donations in bitcoins, having said that the group "needs Bitcoin donations to continue their hacking efforts".<ref name="CNET">{{cite web<br />
|last= Reisinger<br />
|first= Don<br />
|url= https://news.cnet.com/8301-13506_3-20070268-17/senators-target-bitcoin-currency-citing-drug-sales/<br />
|title= Senators target Bitcoin currency, citing drug sales &#124; The Digital Home – CNET News<br />
|publisher= News.cnet.com<br />
|date= 9 June 2011<br />
|accessdate = 22 June 2011<br />
}}</ref><ref>{{cite news<br />
|last= Olson<br />
|first= Parmy<br />
|url= http://blogs.forbes.com/parmyolson/2011/06/06/lulzsec-hackers-posts-sony-dev-source-code-get-7k-donation/<br />
|title= LulzSec Hackers Post Sony Dev. Source Code, Get $7K Donation – Parmy Olson – Disruptors – Forbes<br />
|publisher= Blogs.forbes.com<br />
|date= 6 June 2011<br />
|accessdate = 22 June 2011<br />
}}</ref><br />
<br />
====Silk Road====<br />
[[Silk Road]] is an anonymous black market that uses only the bitcoin.<ref name="npr-06-12-11"><br />
{{Cite news<br />
|url= https://www.npr.org/2011/06/12/137138008/silk-road-not-your-fathers-amazon-com<br />
|date= 12 June 2011<br />
|newspaper= NPR<br />
|title= Silk Road: Not Your Father's Amazon.com<br />
|author= Staff<br />
}}</ref> <br />
<br />
In a 2011 letter to Attorney General Eric Holder and the Drug Enforcement Administration, senators Charles Schumer of New York and Joe Manchin of West Virginia called for an investigation into Silk Road and the bitcoin.<ref name="npr-06-12-11"/><br />
Schumer described the use of bitcoins at Silk Road as a form of money laundering.<ref name="ars-06-08-11"/><br />
<br />
====Botnet mining====<br />
In June 2011, Symantec warned about the possibility of botnets engaging in covert "mining" of bitcoins,<ref>{{Cite web|author=Updated: 17 June 2011 | Translations available: 日本語 |url=http://www.symantec.com/connect/blogs/bitcoin-botnet-mining |title=Bitcoin Botnet Mining &#124; Symantec Connect Community |publisher=Symantec.com |date=17 June 2011 |accessdate = 24 January 2012}}</ref><ref>{{Cite web|url=http://www.zdnet.com/blog/security/researchers-find-malware-rigged-with-bitcoin-miner/8934 |title=Researchers find malware rigged with Bitcoin miner |publisher=ZDNet |date=29 June 2011 |accessdate = 24 January 2012}}</ref> consuming computing cycles, using extra electricity and possibly increasing the temperature of the computer (not associated with [http://snowafter.com Snow Day Calculator]). Later that month, the Australian Broadcasting Corporation caught an employee using the company's servers to generate bitcoins without permission.<ref>{{Cite web|url=http://thenextweb.com/au/2011/06/23/abc-employee-caught-mining-for-bitcoins-on-company-servers/ |title=ABC employee caught mining for Bitcoins on company servers |publisher=The Next Web |date=23 June 2011 |accessdate = 24 January 2012}}</ref> Some malware also uses the parallel processing capabilities of the GPUs built into many modern-day video cards.<ref>{{Cite news |url=https://www.theregister.co.uk/2011/08/16/gpu_bitcoin_brute_forcing/ |title=Malware mints virtual currency using victim's GPU |date=16 August 2011<!-- 20:00 GMT -->|first=Dan |last=Goodin }}</ref> In mid August 2011, bitcoin miner botnets were found;<ref>{{Cite web|url=http://www.infosecurity-magazine.com/view/20211/researcher-discovers-distributed-bitcoin-cracking-trojan-malware/ |title=Infosecurity – Researcher discovers distributed bitcoin cracking trojan malware |publisher=Infosecurity-magazine.com |date=19 August 2011 |accessdate = 24 January 2012}}</ref> trojans infecting Mac OS X have also been uncovered.<ref>{{Cite web|url=http://www.techworld.com.au/article/405849/mac_os_x_trojan_steals_processing_power_produce_bitcoins |title=Mac OS X Trojan steals processing power to produce Bitcoins – sophos, security, malware, Intego – Vulnerabilities – Security |publisher=Techworld |date=1 November 2011 |accessdate = 24 January 2012}}</ref><br />
<br />
===Theft and fraud===<br />
On 19 June 2011, a security breach of the Mt.Gox (an acronym for ''M''agic: ''T''he ''G''athering ''O''nline E''x''change, its original purpose) bitcoin exchange caused the price of a bitcoin to briefly drop to US$0.01 on the Mt.Gox exchange (though it remained unaffected on other exchanges) after a hacker allegedly used credentials from a Mt.Gox auditor's compromised computer to illegally transfer a large number of bitcoins to him- or herself and sell them all, creating a massive "ask" order at any price. Within minutes the price rebounded to over $15 before Mt.Gox shut down their exchange and canceled all trades that happened during the hacking period.<ref>[https://mtgox.com/press_release_20110630.html Clarification of Mt Gox Compromised Accounts and Major Bitcoin Sell-Off]</ref><ref>[https://www.youtube.com/watch?v=T1X6qQt9ONg YouTube. Bitcoin Report]</ref> The exchange rate of bitcoins quickly returned to near pre-crash values.<ref name="mick">Jason Mick, 19 June 2011, [http://www.dailytech.com/Inside+the+MegaHack+of+Bitcoin+the+Full+Story/article21942.htm Inside the Mega-Hack of Bitcoin: the Full Story], DailyTech</ref><ref>Timothy B. Lee, 19 June 2011, [https://arstechnica.com/tech-policy/news/2011/06/bitcoin-price-plummets-on-compromised-exchange.ars Bitcoin prices plummet on hacked exchange], Ars Technica</ref><ref>Mark Karpeles, 20 June 2011, [https://support.mtgox.com/entries/20208066-huge-bitcoin-sell-off-due-to-a-compromised-account-rollback Huge Bitcoin sell off due to a compromised account – rollback], Mt.Gox Support</ref><ref name="register1">{{Cite news<br />
|title= Bitcoin collapses on malicious trade – Mt Gox scrambling to raise the Titanic<br />
|url= https://www.theregister.co.uk/2011/06/19/bitcoin_values_collapse_again/<br />
|date= 19 June 2011<br />
|author= Chirgwin, Richard<br />
|publisher= The Register<br />
}}</ref> Accounts with the equivalent of more than USD 8,750,000 were affected.<ref name="mick" /><br />
<br />
In July 2011, The operator of Bitomat, the third largest bitcoin exchange, announced that he lost access to his wallet.dat file with about 17,000 bitcoins (roughly equivalent to USD 220,000 at that time). He announced that he would sell the service for the missing amount, aiming to use funds from the sale to refund his customers.<ref>[http://siliconangle.com/blog/2011/08/01/third-largest-bitcoin-exchange-bitomat-lost-their-wallet-over-17000-bitcoins-missing/ Third Largest Bitcoin Exchange Bitomat Lost Their Wallet, Over 17,000 Bitcoins Missing]. SiliconAngle</ref><br />
<br />
In August 2011, MyBitcoin, one of the popular Bitcoin transaction processors, declared that it was hacked, which resulted in it being shut down with paying 49% on customer deposits leaving more than 78,000 BitCoins (roughly equivalent to USD 800,000 at that time) unaccounted for.<ref>[http://betabeat.com/2011/08/mybitcoin-spokesman-finally-comes-forward-what-did-you-think-we-did-after-the-hack-we-got-shitfaced/ MyBitcoin Spokesman Finally Comes Forward: “What Did You Think We Did After the Hack? We Got Shitfaced”]. BetaBeat</ref><ref>[http://betabeat.com/2011/08/search-for-owners-of-mybitcoin-loses-steam/ Search for Owners of MyBitcoin Loses Steam]. BetaBeat</ref><br />
<br />
In early August 2012, a lawsuit was filed in San Francisco court against Bitcoinica, claiming about USD 460,000 from the company. Bitcoinica was hacked twice in 2012, which led to allegations of neglecting the safety of customers' money and cheating them out of withdrawal requests.<ref>[https://arstechnica.com/tech-policy/2012/08/bitcoinica-users-sue-for-460k-in-lost-bitcoins/ Bitcoinica users sue for $460k in lost Bitcoins]. Arstechnica</ref><ref>[https://spectrum.ieee.org/tech-talk/computing/networks/first-bitcoin-lawsuit-filed-in-san-francisco First Bitcoin Lawsuit Filed In San Francisco]. IEEE Spectrum</ref><br />
<br />
In late August 2012, Bitcoin Savings and Trust was shut down by the owner, allegedly leaving around $5.6 million in debts; this led to allegations of the operation being a Ponzi scheme.<ref>{{Cite web|title=Bitcoin ponzi scheme – investors lose $5 million USD in online hedge fund|url=https://rt.com/usa/news/investors-currency-digital-fund-868/|publisher=RT}}</ref><ref>{{Cite web|last=Jeffries|first=Adrianne|title=Suspected multi-million dollar Bitcoin pyramid scheme shuts down, investors revolt|url=http://www.theverge.com/2012/8/27/3271637/bitcoin-savings-trust-pyramid-scheme-shuts-down|publisher=The Verge}}</ref><ref>{{Cite web|last=Mick|first=Jason|title="Pirateat40" Makes Off $5.6M USD in Bitcoin From Pyramid Scheme|url=http://www.dailytech.com/Pirateat40+Makes+Off+56M+USD+in+BitCoins+From+Pyramid+Scheme/article25538.htm|publisher=DailyTech}}</ref><ref>[https://pandodaily.com/2012/08/31/bitcoin-how-a-virtual-currency-became-real-with-a-5-6m-fraud/ Bitcoin: How a Virtual Currency Became Real with a $5.6M Fraud]. PandoDaily</ref> In September 2012, it was reported that U.S. Securities and Exchange Commission has started an investigation on the case.<ref>[http://blogs.telegraph.co.uk/technology/willardfoxton2/100007836/bitcoin-pirate-scandal-sec-steps-in-amid-allegations-that-the-whole-thing-was-a-ponzi-scheme/ Bitcoin 'Pirate' scandal: SEC steps in amid allegations that the whole thing was a Ponzi scheme ]. The Telegraph</ref><br />
<br />
In September 2012, Bitfloor bitcoin exchange also reported being hacked, with 24,000 bitcoins (roughly equivalent to USD 250,000) stolen. As a result, Bitfloor suspended operations.<ref>[http://www.bbc.co.uk/news/technology-19486695 Bitcoin theft causes Bitfloor exchange to go offline]. BBC</ref><ref>[http://www.theverge.com/2012/9/5/3293375/bitfloor-bitcoin-exchange-suspended-theft Bitcoin exchange BitFloor suspends operations after $250,000 theft bitcoin exchange BitFloor suspends operations after $250,000 theft]. The Verge</ref> The same month, Bitfloor resumed operations, with its founder saying that he reported the theft to FBI, and that he is planning to repay the victims, though the time frame for such repayment is unclear.<ref>[http://www.pcworld.com/article/2010586/bitcoin-exchange-back-online-after-hack.html?tk=rel_news Bitcoin exchange back online after hack]. PCWorld</ref><br />
<br />
===Taxation===<br />
In September 2012, the Intra-European Organization of Tax Administrations (IOTA), in Tbilisi, Georgia, held a workshop titled "Auditing Individuals and Legal Entities in the Use of e-Money". The workshop was attended by representatives from 23 countries.<ref name="Bitcoin Tax issues Oct 2012">{{cite journal | title=2012 TNT 209-4 NEWS ANALYSIS: VIRTUAL CURRENCY: A NEW WORRY FOR TAX ADMINISTRATORS? (Release Date: OCTOBER 17, 2012) (Doc 2012-21516) | author=Stewart, David D. and Soong Johnston, Stephanie D. | journal=Tax Notes Today | date=29 October 2012 | volume=2012 TNT 209-4 | issue=2012 TNT 209-4}}</ref> Jerry Taylor, IOTA's technical taxation expert, said, "There's an awful lot happening on the Internet environment which is fascinating at the moment and introducing new challenges for auditors when it comes to virtual currency."<ref name="Bitcoin Tax issues Oct 2012">{{cite journal | title=2012 TNT 209-4 NEWS ANALYSIS: VIRTUAL CURRENCY: A NEW WORRY FOR TAX ADMINISTRATORS? (Release Date: OCTOBER 17, 2012) (Doc 2012-21516) | author=Stewart, David D. and Soong Johnston, Stephanie D. | journal=Tax Notes Today | date=29 October 2012 | volume=2012 TNT 209-4 | issue=2012 TNT 209-4}}</ref> Bitcoin was mentioned during the workshop.<ref name="Bitcoin Tax issues Oct 2012">{{cite journal | title=2012 TNT 209-4 NEWS ANALYSIS: VIRTUAL CURRENCY: A NEW WORRY FOR TAX ADMINISTRATORS? (Release Date: OCTOBER 17, 2012) (Doc 2012-21516) | author=Stewart, David D. and Soong Johnston, Stephanie D. | journal=Tax Notes Today | date=29 October 2012 | volume=2012 TNT 209-4 | issue=2012 TNT 209-4}}</ref><br />
<br />
Matthew Elias, founder of the [[Cryptocurrency Legal Advocacy Group]] (CLAG) published "Staying Between the Lines: A Survey of U.S. Income Taxation and its Ramifications on Cryptocurrencies", which discusses "the taxability of cryptocurrencies such as Bitcoin".<ref name="Bitcoin Tax issues Oct 2012">{{cite journal | title=2012 TNT 209-4 NEWS ANALYSIS: VIRTUAL CURRENCY: A NEW WORRY FOR TAX ADMINISTRATORS? (Release Date: OCTOBER 17, 2012) (Doc 2012-21516) | author=Stewart, David D. and Soong Johnston, Stephanie D. | journal=Tax Notes Today | date=29 October 2012 | volume=2012 TNT 209-4 | issue=2012 TNT 209-4}}</ref> CLAG "stressed the importance for taxpayers to determine on their own whether taxes are due on a Bitcoin-related transaction based on whether one has "experienced a realization event."<ref name="Bitcoin Tax issues Oct 2012">{{cite journal | title=2012 TNT 209-4 NEWS ANALYSIS: VIRTUAL CURRENCY: A NEW WORRY FOR TAX ADMINISTRATORS? (Release Date: OCTOBER 17, 2012) (Doc 2012-21516) | author=Stewart, David D. and Soong Johnston, Stephanie D. | journal=Tax Notes Today | date=29 October 2012 | volume=2012 TNT 209-4 | issue=2012 TNT 209-4}}</ref> Such examples are "when a taxpayer has provided a service in exchange for Bitcoins, a realization event has probably occurred, and any gain or loss would likely be calculated using fair market values for the service provided."<ref name="Bitcoin Tax issues Oct 2012">{{cite journal | title=2012 TNT 209-4 NEWS ANALYSIS: VIRTUAL CURRENCY: A NEW WORRY FOR TAX ADMINISTRATORS? (Release Date: OCTOBER 17, 2012) (Doc 2012-21516) | author=Stewart, David D. and Soong Johnston, Stephanie D. | journal=Tax Notes Today | date=29 October 2012 | volume=2012 TNT 209-4 | issue=2012 TNT 209-4}}</ref><br />
<br />
[[Peter Vessenes]], [[Bitcoin Foundation|Bitcoin Foundation's]] executive director, said, since the foundation is trying to pay for everything in bitcoins, including salaries, "How do we W-2 someone for their Bitcoins? Do we mark-to-market every time a transfer happens? Payroll companies cringe."<ref name="BitCoin Tax issues Oct 2012">{{cite journal | title=2012 TNT 209-4 NEWS ANALYSIS: VIRTUAL CURRENCY: A NEW WORRY FOR TAX ADMINISTRATORS? (Release Date: OCTOBER 17, 2012) (Doc 2012-21516) | author=Stewart, David D. and Soong Johnston, Stephanie D. | journal=Tax Notes Today | date=29 October 2012 | volume=2012 TNT 209-4 | issue=2012 TNT 209-4}}</ref> The Bitcoin Foundation hopes "to push for solid guidance about its legal and tax treatment." [[Patrick Murck]], legal counsel for the Bitcoin Foundation, said he would like "to help regulators understand the technology better so they can make better decisions."<ref name="BitCoin Tax issues Oct 2012">{{cite journal | title=2012 TNT 209-4 NEWS ANALYSIS: VIRTUAL CURRENCY: A NEW WORRY FOR TAX ADMINISTRATORS? (Release Date: OCTOBER 17, 2012) (Doc 2012-21516) | author=Stewart, David D. and Soong Johnston, Stephanie D. | journal=Tax Notes Today | date=29 October 2012 | volume=2012 TNT 209-4 | issue=2012 TNT 209-4}}</ref> Murck said, "Bitcoin has the potential to become much more than a niche currency, but it needs the guidance and understanding of regulators." and "The full potential of Bitcoin could be realized through clearer guidelines and a better understanding by financial and tax regulators." and "Part of making that happen is to talk to regulators, the IRS, and tax professionals and helping them understand that Bitcoin is not this nefarious thing, it's just software, it's a community, and there's nothing inherently nefarious about either of those things."<ref name="BitCoin Tax issues Oct 2012">{{cite journal | title=2012 TNT 209-4 NEWS ANALYSIS: VIRTUAL CURRENCY: A NEW WORRY FOR TAX ADMINISTRATORS? (Release Date: OCTOBER 17, 2012) (Doc 2012-21516) | author=Stewart, David D. and Soong Johnston, Stephanie D. | journal=Tax Notes Today | date=29 October 2012 | volume=2012 TNT 209-4 | issue=2012 TNT 209-4}}</ref><br />
<br />
==See Also==<br />
* [[Introduction]]<br />
* [[Getting started]]<br />
* [[Using_Bitcoin|Detailed tutorial]]<br />
* [[FAQ]]<br />
* [https://www.weusecoins.com What Is Bitcoin?]<br />
* [https://www.bitcoinmining.com What Is Bitcoin Mining?]<br />
<br />
==References==<br />
<references /><br />
<br />
[[Category:Digital currencies]]<br />
{{wp}}{{p-move}}{{good}}<br />
[[es:Bitcoin]][[de:Bitcoin]]</div>Pancyrushttps://tests.bitcoin.it/w/index.php?title=Bitcoin&diff=68554Bitcoin2021-03-21T00:43:33Z<p>Pancyrus: Standardized the date format to RFC 2822.</p>
<hr />
<div>'''Bitcoin''' is a decentralized [[digital currency]] created by an unknown person or group of people under the name [[Satoshi Nakamoto]] and released as open-source software in 2009. It does not rely on a central server to process transactions or store funds. There are a maximum of 2,099,999,997,690,000 bitcoin elements (called satoshis, the unit has been named in collective homage to the original creator), which are currently most commonly measured in units of 100,000,000 known as BTC. There will only ever be 21 million bitcoin (BTC) to ever be created.<br />
<br />
{{As of|January 2018}}, it is the most widely used alternative currency,<ref name="Quantitative Analysis of the Full Bitcoin Transaction Graph">{{cite web|title=Quantitative Analysis of the Full Bitcoin Transaction Graph|url=https://eprint.iacr.org/2012/584.pdf|publisher=Cryptology ePrint Archive|accessdate=18 October 2012|author=Ron Dorit|coauthors=Adi Shamir|page=17|quote=The Bitcoin system is the best known and most widely used alternative payment scheme,...}}</ref><ref name="Cryptocurrency Market Capitalization">{{Cite web|title=Coinmarketcap.com|url=https://coinmarketcap.com/}}</ref> now with the total market cap around 250 billion US dollars.<ref>{{cite web|title=Market Capitalization|url=https://coinmarketcap.com/currencies/bitcoin/|publisher= [[Coinmarketcap.com]] |accessdate=10 January 2018}}</ref><br />
<br />
Bitcoin has no central issuer; instead, the peer-to-peer network regulates bitcoins, transactions and issuance according to consensus in network software. These transactions are verified by network nodes through the use of cryptography and recorded in a public distributed ledger called a blockchain.<br />
<br />
Bitcoins are issued to various nodes that verify transactions through computing power;<br />
it is established that there will be a limited and scheduled release of no more than BTC 21 million worth of coins, which will be fully issued by the year 2140. <br />
<br />
Bitcoins are created as a reward for a process known as mining. They can be exchanged for other currencies, products, and services. As of February 2015, over 100,000 merchants and vendors accepted bitcoins as payment. Research produced by the University of Cambridge estimates that in 2017, there were 2.9 to 5.8 million unique users using a cryptocurrency wallet, most of them using Bitcoin.<br />
<br />
Internationally, bitcoins can be exchanged and managed through various websites and [[software]] along with physical banknotes and coins.<ref>{{Cite web|title=Physical Bitcoins by Casascius|url=https://www.casascius.com/|publisher=Casascius Coins|accessdate=29 September 2012}}</ref><ref>{{Cite web|title=Bitbills|url=http://www.bitbills.com/|publisher=Bitbills|accessdate=29 September 2012}}</ref><br />
<br />
==History==<br />
{{main|History}}<br />
<br />
A cryptographic system for untraceable payments was first described by David Chaum in 1982.<ref>[http://blog.koehntopp.de/uploads/Chaum.BlindSigForPayment.1982.PDF David Chaum, Blind signatures for untraceable payments], Advances in Cryptology - Crypto '82, Springer-Verlag (1983), 199–203.</ref> In 1990 Chaum extended this system to create the first cryptographic anonymous electronic cash system.,<ref>{{cite journal|journal=Lecture Notes in Computer Science|last1=Chaum|first1=David|last2=Fiat|first2=Amos|last3=Naor|first3=Moni|title=Untraceable Electronic Cash|url=http://blog.koehntopp.de/uploads/chaum_fiat_naor_ecash.pdf}}</ref> which became known as ecash.<br />
<ref>{{cite web|url=https://www.wired.com/wired/archive/2.12/emoney.html|publisher=Wired|title=E-Money (That's What I Want)|date=1994–2012|author=Steven Levy}}</ref> In 1998 [[Wei Dai]] published a description of an anonymous, distributed electronic cash system which he called "b-money".<ref>{{cite web|title=B-Money|url=http://www.weidai.com/bmoney.txt|author=Wei Dai|year=1998}}</ref> Around the same time, Nick Szabo created ''bit gold''.<ref>{{cite web|url=https://spectrum.ieee.org/computing/software/bitcoin-the-cryptoanarchists-answer-to-cash/0|title=Bitcoin: The Cryptoanarchists’ Answer to Cash|publisher=IEEE Spectrum|quote=Around the same time, Nick Szabo, a computer scientist who now blogs about law and the history of money, was one of the first to imagine a new digital currency from the ground up. Although many consider his scheme, which he calls “bit gold,” to be a precursor to Bitcoin}}</ref><ref name="bitgold">{{cite web|title=Bit gold|url=https://unenumerated.blogspot.co.uk/2005/12/bit-gold.html|author=Nick Szabo|quote=My proposal for bit gold is based on computing a string of bits from a string of challenge bits, using functions called variously "client puzzle function," "proof of work function," or "secure benchmark function.". The resulting string of bits is the proof of work.... The last-created string of bit gold provides the challenge bits for the next-created string.}}</ref> Like Bitcoin, ''Bit gold'' was a currency system where users would compete to solve a [[proof of work]] function, with solutions being cryptographically chained together and published via a distributed property title registry. A variant of ''Bit gold'', called ''Reusable Proofs of Work'', was implemented by Hal Finney.<ref name="bitgold"/><br />
<br />
In 2008, Satoshi Nakamoto published a [[Bitcoin_white_paper|paper]]<ref name="whitepaper">{{cite web<br />
|last= Nakamoto<br />
|first= Satoshi<br />
|title= Bitcoin: A Peer-to-Peer Electronic Cash System<br />
|url= http://www.cs.kent.edu/~JAVED/class-P2P12F/papers-2012/PAPER2012-p2p-bitcoin-satoshinakamoto.pdf<br />
|accessdate = 14 December 2010<br />
|date= 24 May 2009<br />
|postscript=<br />
}}</ref><ref>{{cite web<br />
|url= https://article.gmane.org/gmane.comp.encryption.general/12588/<br />
|title= Bitcoin P2P e-cash paper<br />
}}</ref> on The Cryptography Mailing list at metzdowd.com<ref>[https://www.mail-archive.com/search?l=cryptography@metzdowd.com&q=from:%22Satoshi+Nakamoto%22 Satoshi's posts to Cryptography mailing list]</ref> describing the Bitcoin protocol.<br />
<br />
The Bitcoin network came into existence on 3 January 2009 with the release of the first Bitcoin client, [[wxBitcoin]], and the issuance of the first bitcoins.<ref>{{cite web |title=Block 0 – Bitcoin Block Explorer |url=https://blockexplorer.com/block/000000000019d6689c085ae165831e934ff763ae46a2a6c172b3f1b60a8ce26f }}</ref><ref>{{cite web |url=https://www.mail-archive.com/cryptography@metzdowd.com/msg10142.html |title=Bitcoin v0.1 released}}</ref><ref>{{cite web |url=https://sourceforge.net/news/?group_id=244765 |title=SourceForge.net: Bitcoin}}</ref><br />
A year after, the initial exchange rates for Bitcoin were set by individuals on the bitcointalk forums.{{Citation needed|date=October 2012}} The most significant transaction involved a BTC 10,000 pizza.<ref>{{cite web|title=The Rise and Fall of Bitcoin|url=https://www.wired.com/magazine/2011/11/mf_bitcoin/|publisher=Wired|accessdate=13 October 2012}}</ref><br />
Today, the majority of bitcoin exchanges occur on the [[Bitstamp]] bitcoin exchange.<ref>{{cite web | title = Exchange volume distribution | work = by market | publisher = [[Bitcoin Charts]] | date = 15 April 2014 | url = https://bitcoincharts.com/charts/volumepie/ | accessdate = 15 April 2014 }}</ref><br />
<br />
In 2011, Wikileaks,<ref>{{cite news<br />
|last= Greenberg<br />
|first= Andy<br />
|url= http://blogs.forbes.com/andygreenberg/2011/06/14/wikileaks-asks-for-anonymous-bitcoin-donations/<br />
|title= WikiLeaks Asks For Anonymous Bitcoin Donations – Andy Greenberg – The Firewall – Forbes<br />
|publisher= Blogs.forbes.com<br />
|date= 14 June 2011<br />
|accessdate = 22 June 2011<br />
}}</ref> [[Freenet]],<ref>{{cite web<br />
|url= https://freenetproject.org/donate.html<br />
|title= /donate<br />
|publisher= The Freenet Project<br />
|date=<br />
|accessdate = 22 June 2011<br />
}}</ref> Singularity Institute,<ref>[http://singinst.org/donate/ SIAI donation page]</ref> Internet Archive,<ref>[https://www.archive.org/donate/index.php Internet Archive donation page]</ref> Free Software Foundation<ref>[https://my.fsf.org/donate/other/ Other ways to donate]</ref> and others, began [[Receiving_donations_with_bitcoin|to accept donations in bitcoins]]. The Electronic Frontier Foundation did so for a while but has since stopped, citing concerns about a lack of legal precedent about new currency systems, and because they "generally don't endorse any type of product or service."<ref>{{cite web<br />
|url= https://www.eff.org/deeplinks/2011/06/eff-and-bitcoin<br />
|title= EFF and Bitcoin &#124; Electronic Frontier Foundation<br />
|publisher= Eff.org<br />
|date= 14 June 2011<br />
|accessdate = 22 June 2011<br />
}}</ref> Some small businesses had started to adopt Bitcoin. LaCie, a public company, accepts bitcoins for its Wuala service.<ref>{{Cite web|url=http://www.wuala.com/en/bitcoin |title=Secure Online Storage – Backup. Sync. Share. Access Everywhere |publisher=Wuala |date= |accessdate = 24 January 2012}}</ref><br />
<br />
In 2012, BitPay reports of having over 1000 merchants accepting bitcoins under its payment processing service.<ref>{{cite web|title=BitPay Signs 1,000 Merchants to Accept Bitcoin Payments|url=http://www.americanbanker.com/issues/177_176/bitpay-signs-1000-merchants-to-accept-bitcoin-payments-1052538-1.html|publisher=American Banker|accessdate=12 October 2012}}</ref><br />
<br />
==Administration==<br />
Bitcoin is administered through a decentralized peer-to-peer network.<ref name="whitepaper"/> Cryptographic technologies and the peer-to-peer network of computing power enables users to make and verify irreversible, instant online bitcoin payments, without an obligation to trust and use centralized banking institutions and authorities. Dispute resolution services are not made directly available. Instead it is left to the users to verify and trust the parties they are sending money to through their choice of methods. <br />
<br />
Bitcoins are issued according to rules agreed to by the majority of the computing power within the Bitcoin network. The core rules describing the predictable issuance of bitcoins to its verifying servers, a voluntary and competitive transaction fee system and the hard limit of no more than BTC 21 million issued in total.<ref name="whitepaper"/><br />
<br />
Bitcoin does not require a central bank, State,<ref>{{cite web<br />
|url= https://spectrum.ieee.org/computing/software/bitcoin-the-cryptoanarchists-answer-to-cash/3<br />
|title= Bitcoin: The Cryptoanarchists' Answer to Cash<br />
|publisher= IEEE.org<br />
|date= June 2012<br />
|accessdate = 5 June 2012<br />
}}</ref> or incorporated backers.<br />
<br />
==Services==<br />
{{main|Wallet}}<br />
<br />
Bitcoins are sent and received through software and websites called wallets. They send and confirm transactions to the network through Bitcoin addresses, the identifiers for users' Bitcoin wallets within the network.<ref name="whitepaper"/><br />
<br />
===Bitcoin addresses===<br />
{{main|Address}}<br />
<br />
Payments are made to Bitcoin "addresses": human-readable strings of numbers and letters around 33 characters in length, always beginning with the digit 1 or 3, as in the example of ''31uEbMgunupShBVTewXjtqbBv5MndwfXhb''.<br />
<br />
Users obtain new Bitcoin addresses from their Bitcoin software. Creating a new address can be a completely offline process and require no communication with the Bitcoin network. Web services often generate a new Bitcoin address for every user, allowing them to have their custom deposit addresses.{{dubious}}<br />
<br />
===Transaction fees===<br />
{{main|Transaction fees}}<br />
Transaction fees may be included with any transfer of bitcoins. While it's technically possible to send a transaction with zero fee, {{as of|2017|lc=on}} it's highly unlikely that one of these transactions confirms in a realistic amount of time, causing most nodes on the network to drop it. For transactions which consume or produce many outputs (and therefore have a large data size), higher transaction fees are usually expected.<br />
<br />
===Confirmations===<br />
{{main|Confirmation}}<br />
<br />
The network's software confirms a transaction when it records it in a block. Further blocks of transactions confirm it even further. After six confirmations/blocks, a transaction is confirmed beyond reasonable doubt.<br />
<br />
The network must store the whole transaction history inside the blockchain, which grows constantly as new records are added and never removed. Nakamoto conceived that as the database became larger, users would desire applications for Bitcoin that didn't store the entire database on their computer. To enable this, the blockchain uses a [[merkle tree]] to organize the transaction records in such a way that client software can locally delete portions of its own database it knows it will never need, such as earlier transaction records of bitcoins that have changed ownership multiple times.<br />
<br />
==Economics==<br />
<br />
===Initial distribution===<br />
<br />
Bitcoin has no centralized issuing authority.<ref name="ars-06-08-11"><br />
{{Cite news<br />
|first= Thomas<br />
|last= Lowenthal<br />
|title= Bitcoin: inside the encrypted, peer-to-peer digital currency<br />
|newspaper= Ars Technica<br />
|date= 8 June 2011<br />
|url= https://arstechnica.com/tech-policy/news/2011/06/bitcoin-inside-the-encrypted-peer-to-peer-currency.ars<br />
}}</ref><ref>{{cite news<br />
|author= Sponsored by<br />
|url= http://www.economist.com/blogs/babbage/2011/06/virtual-currency<br />
|title= Virtual currency: Bits and bob<br />
|publisher= The Economist<br />
|date=<br />
|accessdate = 22 June 2011<br />
}}</ref><ref>{{cite web<br />
|last= Geere<br />
|first= Duncan<br />
|url= https://www.wired.co.uk/news/archive/2011-05/16/bitcoin-p2p-currency<br />
|title= Peer-to-peer currency Bitcoin sidesteps financial institutions (Wired UK)<br />
|publisher= Wired.co.uk<br />
|date=<br />
|accessdate = 22 June 2011<br />
}}</ref> The network is programmed to increase the money supply as a geometric series until the total number of bitcoins reaches 21 million.<ref name="Quantitative Analysis of the Full Bitcoin Transaction Graph"/> {{As of|2012|10}} slightly over 10 million of the total BTC 21 million had been created; the current total number created is available online.<ref>{{cite web<br />
|title= Total Number of Bitcoins in Existence<br />
|url= https://blockexplorer.com/q/totalbc<br />
|work= Bitcoin Block Explorer<br />
|accessdate = 3 October 2012<br />
}}</ref> By 2013 half of the total supply will have been generated, and by 2017, three-quarters will have been generated. To ensure sufficient granularity of the [[money supply]], clients can divide each BTC unit down to eight decimal places (a total of 2.1&nbsp;×&nbsp;10<sup>15</sup> or 2.1 quadrillion units).<ref name="lwn">{{Cite news<br />
|author= Nathan Willis<br />
|date= 10 November 2010<br />
|title= Bitcoin: Virtual money created by CPU cycles<br />
|publisher= LWN.net<br />
|url= https://lwn.net/Articles/414452/<br />
}}</ref><br />
<br />
The network {{As of|2012|lc=on}} required over one million times more work for confirming a block and receiving an award (BTC 25 {{As of|2012|2|lc=on}}) than when the first blocks were confirmed.<br />
The difficulty is automatically adjusted every 2016 blocks based on the time taken to find the previous 2016 blocks such that one block is created roughly every 10 minutes.<br />
<br />
Those who chose to put computational and electrical resources toward mining early on had a greater chance at receiving awards for block generations. This served to make available enough processing power to process blocks. Indeed, without miners there are no transactions and the bitcoin economy comes to a halt.<br />
<br />
===Exchange rate===<br />
Prices fluctuate relative to goods and services more than more widely accepted currencies;<br />
the price of a bitcoin is not static.<br />
<br />
In August 2012, 1 bitcoin traded at around US$10.00. Taking into account the total number of bitcoins mined, the monetary base of the Bitcoin network stands at over USD 110 million.<ref>[http://www.bitcoinwatch.com/ http://www.bitcoinwatch.com/] Bitcoin statistics</ref><br />
<br />
== Anonymity ==<!--Please keep as starting template--><br />
{{main|Anonymity & Security}}<br />
<br />
=== Transactions ===<br />
<br />
While using bitcoins is an excellent way to make your purchases, donations, and p2p payments, without losing money through inflated transaction fees, transactions are never truly anonymous. Buying bitcoin you pass identification, Bitcoin transactions are stored publicly and permanently on the network, which means anyone can see the balance and transactions of any Bitcoin address. Bitcoin activities are recorded and available publicly via the [[blockchain]], a comprehensive database which keeps a record of Bitcoin transactions.<br />
<br />
=== Buying/selling bitcoins ===<br />
<br />
All exchange companies require the user to scan ID documents, and large transactions must be reported to the proper governmental authority.<br />
<br />
This means that a third party with an interest in tracking your activities can use your visible balance and ID information as a basis from which to track your future transactions or to study previous activity. In short, you have compromised your [[security]] and [[privacy]].<br />
<br />
In addition to conventional exchanges there are also peer-to-peer exchanges. Peer to peer exchanges will often not collect KYC and identity information directly from users, instead they let the users handle KYC amongst themselves. These can often be a better alternative for those looking to purchase bitcoins quickly and without KYC delay.<br />
<br />
=== Mixing services ===<br />
<br />
[http://anonymity.co.in/mixing_services.html Mixing services] are used to avoid compromising of privacy and security. Mixing services provide to periodically exchange your bitcoins for different ones which cannot be associated with the original owner.<br />
<br />
== Security ==<!--Please keep as starting template--><br />
{{seealso|Weaknesses}}<br />
<br />
In the history of Bitcoin, there have been a few [[incidents]], caused by problematic as well as malicious transactions. In the worst such incident, and the only one of its type, a person was able to pretend that he had a practically infinite supply of bitcoins, for almost 9 hours.<br />
<br />
Bitcoin relies, among other things, on [https://en.wikipedia.org/wiki/Public-key_cryptography public key cryptography] and thus may be vulnerable to [https://en.wikipedia.org/wiki/Elliptic_curve_cryptography#Quantum_computing_attacks quantum computing attacks] if and when practical quantum computers can be constructed.<br />
<br />
If multiple different software packages, whose usage becomes widespread on the Bitcoin network, disagree on the protocol and the rules for transactions, this could potentially cause a fork in the block chain, with each faction of users being able to accept only their own version of the history of transactions. This could influence the price of bitcoins.<br />
<br />
A global, organized campaign against the currency or the software could also influence the demand for bitcoins, and thus the exchange price.<br />
<br />
==Bitcoin mining==<br />
{{main|Mining}}<br />
<br />
Bitcoin mining nodes are responsible for managing the Bitcoin network.<br />
<br />
Bitcoins are awarded to Bitcoin nodes known as "miners" for the solution to a difficult [[proof-of-work]] problem which confirms transactions and prevents double-spending. This incentive, as the Nakamoto white paper describes it, encourages "nodes to support the network, and provides a way to initially distribute coins into circulation, since no central authority issues them."<ref name="whitepaper" /><br />
<br />
Nakamoto compared the generation of new coins by expending CPU time and electricity to gold miners expending resources to add gold to circulation.<ref name="whitepaper"/><br />
<br />
[[File:Cryptocurrency Mining Farm.jpg|right|350px|thumb|Iceland is a good location for [[mining]] bitcoins because of the natural cold temperature.]]<br />
<br />
===Node operation===<br />
<br />
The node software for the Bitcoin network is based on peer-to-peer networking, digital signatures and cryptographic proof to make and verify transactions. Nodes broadcast transactions to the network, which records them in a public record of all transactions, called the ''blockchain'', after validating them with a [[proof-of-work|proof-of-work system]].<br />
<br />
Satoshi Nakamoto designed the first Bitcoin node and mining software<ref name="processors">{{Cite news<br />
|last= Davis<br />
|first= Joshua<br />
|title= The Crypto-Currency<br />
|url= https://www.wired.com/magazine/2011/11/mf_bitcoin/all<br />
|accessdate = 11 November 2011<br />
|newspaper= Wired Magazine<br />
|date= 10 November 2011<br />
}}</ref> and developed the majority of the first implementation, Bitcoind, from 2007 to mid-2010.<ref name="code_start">{{cite web<br />
|url= https://bitcointalk.org/index.php?topic=13.msg46#msg46<br />
|title= Questions about Bitcoin<br />
|publisher= Bitcoin forum<br />
|date= 10 December 2009<br />
}}</ref><br />
<br />
Node implementations include core software such as Bitcoind/Bitcoin-Qt, [[libbitcoin]], [[cbitcoin]]<ref>{{Cite web|title=cbitcoin|url=https://github.com/MatthewLM/cbitcoin|accessdate=3 October 2012}}</ref> and [[BitCoinJ|bitcoinj]].<ref>{{cite web<br />
|url= https://news.slashdot.org/story/11/03/23/0210207/Google-Engineer-Releases-Open-Source-Bitcoin-Client<br />
|title= Google Engineer Releases Open Source Bitcoin Client<br />
|author= angry tapir, timothy<br />
|date= 23 March 2011<br />
|publisher= Slashdot<br />
|accessdate = 18 May 2011<br />
}}</ref><ref>{{cite web<br />
|url= http://www.javaworld.com/javaworld/jw-01-2012/120110-bitcoin-for-beginners-3.html?page=1<br />
|title= Bitcoin for beginners: The BitcoinJ API<br />
|author= Dirk Merkel<br />
|date= 10 January 2012<br />
|publisher= JavaWorld<br />
|accessdate = 3 August 2012<br />
}}</ref><br />
<br />
Every node in the Bitcoin network collects all the unacknowledged transactions it knows of in a file called a ''block'', which also contains a reference to the previous valid block known to that node. It then appends a [[nonce]] value to this previous block and computes the SHA-256 cryptographic hash of the block and the appended nonce value. The node repeats this process until it adds a nonce that allows for the generation of a hash with a value lower than a specified ''target''. Because computers cannot practically reverse the hash function, finding such a nonce is hard and requires on average a predictable amount of repetitious trial and error. This is where the ''[[proof-of-work]]'' concept comes in to play. When a node finds such a solution, it announces it to the rest of the network. Peers receiving the new solved block validate it by computing the hash and checking that it really starts with the given number of zero bits (i.e., that the hash is within the target). Then they accept it and add it to the chain.<br />
<br />
===Mining rewards===<br />
In addition to receiving the pending transactions confirmed in the block, a generating node adds a ''generate'' transaction, which awards new bitcoins to the operator of the node that generated the block. The system sets the payout of this generated transaction according to its defined inflation schedule. The miner that generates a block also receives the fees that users have paid as an incentive to give particular transactions priority for faster confirmation.<ref>[https://www.bitcoinmining.com Bitcoin Mining]</ref><br />
<br />
The network never creates more than a BTC 50 reward per block and this amount will decrease over time towards zero, such that no more than BTC 21 million will ever exist.<ref name="lwn" /> As this payout decreases, the incentive for users to run block-generating nodes is intended to change to earning [[#Transaction fees|transaction fees]].<br />
<br />
===Mining pools===<br />
{{main|Pooled mining}}<br />
<br />
Bitcoin users often pool computational effort to increase the stability of the collected fees and subsidy they receive.<ref name="We Use Coins Mining">{{cite web|title=About Bitcoin Mining|url=https://www.weusecoins.com/en/mining-guide/|publisher=We Use Coins|accessdate=27 May 2015}}</ref><br />
<br />
===Mining difficulty===<br />
{{main|Difficulty}}<br />
<br />
In order to throttle the creation of blocks, the difficulty of generating new blocks is adjusted over time. If mining output increases or decreases, the difficulty increases or decreases accordingly.<br />
<br />
The adjustment is done by changing the threshold that a hash is required to be less than. A lower threshold means fewer possible hashes can be accepted, and thus a higher degree of difficulty. The target rate of block generation is one block every 10 minutes, or 2016 blocks every two weeks. Bitcoin changes the difficulty of finding a valid block every 2016 blocks, using the difficulty that would have been most likely to cause the prior 2016 blocks to have taken two weeks to generate, according to the timestamps on the blocks. Technically, this is done by modeling the generation of bitcoins as Poisson process. All nodes perform and enforce the same difficulty calculation.<br />
<br />
Difficulty is intended as an automatic stabilizer allowing mining for bitcoins to remain profitable in the long run for the most efficient miners, independently of the fluctuations in demand of the bitcoin in relation to other currencies.<br />
<br />
===Mining hardware===<br />
{{main|Mining Hardware Comparison}}<br />
<br />
Bitcoins used to be mined through Intel/AMD CPUs. {{As of | 2012}}, mining has gradually moved to [[GPU]] and [[FPGA]] hardware.<ref name="bitcoinmag-butterfly" /> [[Application-specific integrated circuit|ASIC]]-based hardware for bitcoin mining has been announced by several manufacturers who intend to ship products from late 2012 to early 2013.<ref name="bitcoinmag-butterfly">{{Cite web|title=Bitpay Breaks Daily Volume Record with Butterfly ASIC mining release|url=http://bitcoinmagazine.net/bitpay-breaks-daily-volume-record-with-butterfly-asic-mining-release/|publisher=Bitcoin Magazine}}</ref><br />
<br />
==Concerns==<br />
<br />
===As an investment===<br />
{{main|Bitcoin as an investment}}<br />
<br />
Bitcoin describes itself as an experimental digital currency. Reuben Grinberg has noted that Bitcoin's supporters have argued that bitcoins are neither securities nor investments because they fail to meet the criteria for either category.<ref name="grinberg">{{cite web | url=http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1817857 | title=Bitcoin: An Innovative Alternative Digital Currency | publisher=SSRN | date=9 December 2011 | accessdate=4 December 2012 | author=Grinberg, Reuben}}</ref> Although it is a virtual currency, some people see it as an investment<ref name="cnbc">{{cite web | url=http://www.cnbc.com/id/45030812/The_Pros_And_Cons_Of_Biting_on_Bitcoins | title=The Pros And Cons Of Biting on Bitcoins | publisher=CNBC | date=23 November 2011 | accessdate=4 December 2012 | author=Gustke, Constance}}</ref> or accuse it of being a form of investment fraud known as a Ponzi scheme.<ref>{{cite web |url=https://www.theregister.co.uk/2011/06/08/bitcoin_under_attack/ |title=US senators draw a bead on Bitcoin |last1=Chirgwin |first1=Richard |date=8 June 2011 |publisher=The Register |accessdate=14 November 2012}}</ref><ref>{{cite web |url=http://uk.reuters.com/article/2012/04/01/uk-traders-bitcoin-idUKBRE8300JL20120401 |title=Bitcoin, the City traders' anarchic new toy |last1=O'Leary |first1=Naomi |date=2 April 2012 |publisher=Reuters |accessdate=14 November 2012}}</ref> A report by the European Central Bank, using the U.S. Securities and Exchange Commission's definition of a Ponzi scheme, found that the use of bitcoins shares some characteristics with Ponzi schemes, but also has characteristics of its own which contradict several common aspects of Ponzi schemes.<ref name="ecbreport">{{cite web | url=http://www.ecb.europa.eu/pub/pdf/other/virtualcurrencyschemes201210en.pdf | title=Virtual Currency Schemes | publisher=European Central Bank | date=October 2012 | accessdate=4 December 2012}}</ref><br />
<br />
===Privacy===<br />
Because transactions are broadcast to the entire network, they are inherently public. Unlike regular banking,<ref>{{cite web<br />
|url= https://spectrum.ieee.org/computing/software/bitcoin-the-cryptoanarchists-answer-to-cash/0<br />
|title= Bitcoin: The Cryptoanarchists' Answer to Cash<br />
|publisher= IEEE.org<br />
|date= June 2012<br />
|accessdate = 5 June 2012<br />
}}</ref> which preserves customer privacy by keeping transaction records private, loose transactional privacy is accomplished in Bitcoin by using many unique addresses for every wallet, while at the same time publishing all transactions. As an example, if Alice sends BTC 123.45 to Bob, the network creates a public record that allows anyone to see that 123.45 has been sent from one address to another. However, unless Alice or Bob make their ownership of these addresses known, it is difficult for anyone else to connect the transaction with them. However, if someone connects an address to a user at any point they could follow back a series of transactions as each participant likely knows who paid them and may disclose that information on request or under duress.<br />
<br />
It can be difficult to associate Bitcoin identities with real-life identities.<ref name="An Analysis of Anonymity in the Bitcoin System">Fergal Reid and Martin Harrigan (24 July 2011). [https://anonymity-in-bitcoin.blogspot.com/2011/07/bitcoin-is-not-anonymous.html An Analysis of Anonymity in the Bitcoin System]. An Analysis of Anonymity in the Bitcoin System.</ref> This property makes Bitcoin transactions attractive to sellers of illegal products.<ref name="Forbes">Andy Greenberg (20 April 2011). [http://www.forbes.com/forbes/2011/0509/technology-psilocybin-bitcoins-gavin-andresen-crypto-currency.html Crypto Currency]. Forbes Magazine.</ref><ref>{{cite web<br />
|last= Madrigal<br />
|first= Alexis<br />
|title= Libertarian Dream? A Site Where You Buy Drugs With Digital Dollars<br />
|publisher= The Atlantic Monthly<br />
|date= 1 June 2011<br />
|url= https://www.theatlantic.com/technology/archive/2011/06/libertarian-dream-a-site-where-you-buy-drugs-with-digital-dollars/239776/<br />
|accessdate = 5 June 2011<br />
}}</ref><br />
<br />
===Illicit use===<br />
<br />
====Cracking====<br />
The cracking organization "LulzSec" accepted donations in bitcoins, having said that the group "needs Bitcoin donations to continue their hacking efforts".<ref name="CNET">{{cite web<br />
|last= Reisinger<br />
|first= Don<br />
|url= https://news.cnet.com/8301-13506_3-20070268-17/senators-target-bitcoin-currency-citing-drug-sales/<br />
|title= Senators target Bitcoin currency, citing drug sales &#124; The Digital Home – CNET News<br />
|publisher= News.cnet.com<br />
|date= 9 June 2011<br />
|accessdate = 22 June 2011<br />
}}</ref><ref>{{cite news<br />
|last= Olson<br />
|first= Parmy<br />
|url= http://blogs.forbes.com/parmyolson/2011/06/06/lulzsec-hackers-posts-sony-dev-source-code-get-7k-donation/<br />
|title= LulzSec Hackers Post Sony Dev. Source Code, Get $7K Donation – Parmy Olson – Disruptors – Forbes<br />
|publisher= Blogs.forbes.com<br />
|date= 6 June 2011<br />
|accessdate = 22 June 2011<br />
}}</ref><br />
<br />
====Silk Road====<br />
[[Silk Road]] is an anonymous black market that uses only the bitcoin.<ref name="npr-06-12-11"><br />
{{Cite news<br />
|url= https://www.npr.org/2011/06/12/137138008/silk-road-not-your-fathers-amazon-com<br />
|date= 12 June 2011<br />
|newspaper= NPR<br />
|title= Silk Road: Not Your Father's Amazon.com<br />
|author= Staff<br />
}}</ref> <br />
<br />
In a 2011 letter to Attorney General Eric Holder and the Drug Enforcement Administration, senators Charles Schumer of New York and Joe Manchin of West Virginia called for an investigation into Silk Road and the bitcoin.<ref name="npr-06-12-11"/><br />
Schumer described the use of bitcoins at Silk Road as a form of money laundering.<ref name="ars-06-08-11"/><br />
<br />
====Botnet mining====<br />
In June 2011, Symantec warned about the possibility of botnets engaging in covert "mining" of bitcoins,<ref>{{Cite web|author=Updated: 17 June 2011 | Translations available: 日本語 |url=http://www.symantec.com/connect/blogs/bitcoin-botnet-mining |title=Bitcoin Botnet Mining &#124; Symantec Connect Community |publisher=Symantec.com |date=17 June 2011 |accessdate = 24 January 2012}}</ref><ref>{{Cite web|url=http://www.zdnet.com/blog/security/researchers-find-malware-rigged-with-bitcoin-miner/8934 |title=Researchers find malware rigged with Bitcoin miner |publisher=ZDNet |date=29 June 2011 |accessdate = 24 January 2012}}</ref> consuming computing cycles, using extra electricity and possibly increasing the temperature of the computer (not associated with [http://snowafter.com Snow Day Calculator]). Later that month, the Australian Broadcasting Corporation caught an employee using the company's servers to generate bitcoins without permission.<ref>{{Cite web|url=http://thenextweb.com/au/2011/06/23/abc-employee-caught-mining-for-bitcoins-on-company-servers/ |title=ABC employee caught mining for Bitcoins on company servers |publisher=The Next Web |date=23 June 2011 |accessdate = 24 January 2012}}</ref> Some malware also uses the parallel processing capabilities of the GPUs built into many modern-day video cards.<ref>{{Cite news |url=https://www.theregister.co.uk/2011/08/16/gpu_bitcoin_brute_forcing/ |title=Malware mints virtual currency using victim's GPU |date=16 August 2011<!-- 20:00 GMT -->|first=Dan |last=Goodin }}</ref> In mid August 2011, bitcoin miner botnets were found;<ref>{{Cite web|url=http://www.infosecurity-magazine.com/view/20211/researcher-discovers-distributed-bitcoin-cracking-trojan-malware/ |title=Infosecurity – Researcher discovers distributed bitcoin cracking trojan malware |publisher=Infosecurity-magazine.com |date=19 August 2011 |accessdate = 24 January 2012}}</ref> trojans infecting Mac OS X have also been uncovered.<ref>{{Cite web|url=http://www.techworld.com.au/article/405849/mac_os_x_trojan_steals_processing_power_produce_bitcoins |title=Mac OS X Trojan steals processing power to produce Bitcoins – sophos, security, malware, Intego – Vulnerabilities – Security |publisher=Techworld |date=1 November 2011 |accessdate = 24 January 2012}}</ref><br />
<br />
===Theft and fraud===<br />
On 19 June 2011, a security breach of the Mt.Gox (an acronym for ''M''agic: ''T''he ''G''athering ''O''nline E''x''change, its original purpose) bitcoin exchange caused the price of a bitcoin to briefly drop to US$0.01 on the Mt.Gox exchange (though it remained unaffected on other exchanges) after a hacker allegedly used credentials from a Mt.Gox auditor's compromised computer to illegally transfer a large number of bitcoins to him- or herself and sell them all, creating a massive "ask" order at any price. Within minutes the price rebounded to over $15 before Mt.Gox shut down their exchange and canceled all trades that happened during the hacking period.<ref>[https://mtgox.com/press_release_20110630.html Clarification of Mt Gox Compromised Accounts and Major Bitcoin Sell-Off]</ref><ref>[https://www.youtube.com/watch?v=T1X6qQt9ONg YouTube. Bitcoin Report]</ref> The exchange rate of bitcoins quickly returned to near pre-crash values.<ref name="mick">Jason Mick, 19 June 2011, [http://www.dailytech.com/Inside+the+MegaHack+of+Bitcoin+the+Full+Story/article21942.htm Inside the Mega-Hack of Bitcoin: the Full Story], DailyTech</ref><ref>Timothy B. Lee, 19 June 2011, [https://arstechnica.com/tech-policy/news/2011/06/bitcoin-price-plummets-on-compromised-exchange.ars Bitcoin prices plummet on hacked exchange], Ars Technica</ref><ref>Mark Karpeles, 20 June 2011, [https://support.mtgox.com/entries/20208066-huge-bitcoin-sell-off-due-to-a-compromised-account-rollback Huge Bitcoin sell off due to a compromised account – rollback], Mt.Gox Support</ref><ref name="register1">{{Cite news<br />
|title= Bitcoin collapses on malicious trade – Mt Gox scrambling to raise the Titanic<br />
|url= https://www.theregister.co.uk/2011/06/19/bitcoin_values_collapse_again/<br />
|date= 19 June 2011<br />
|author= Chirgwin, Richard<br />
|publisher= The Register<br />
}}</ref> Accounts with the equivalent of more than USD 8,750,000 were affected.<ref name="mick" /><br />
<br />
In July 2011, The operator of Bitomat, the third largest bitcoin exchange, announced that he lost access to his wallet.dat file with about 17,000 bitcoins (roughly equivalent to USD 220,000 at that time). He announced that he would sell the service for the missing amount, aiming to use funds from the sale to refund his customers.<ref>[http://siliconangle.com/blog/2011/08/01/third-largest-bitcoin-exchange-bitomat-lost-their-wallet-over-17000-bitcoins-missing/ Third Largest Bitcoin Exchange Bitomat Lost Their Wallet, Over 17,000 Bitcoins Missing]. SiliconAngle</ref><br />
<br />
In August 2011, MyBitcoin, one of popular Bitcoin transaction processors, declared that it was hacked, which resulted in it being shut down, with paying 49% on customer deposits, leaving more than 78,000 BitCoins (roughly equivalent to USD 800,000 at that time) unaccounted for.<ref>[http://betabeat.com/2011/08/mybitcoin-spokesman-finally-comes-forward-what-did-you-think-we-did-after-the-hack-we-got-shitfaced/ MyBitcoin Spokesman Finally Comes Forward: “What Did You Think We Did After the Hack? We Got Shitfaced”]. BetaBeat</ref><ref>[http://betabeat.com/2011/08/search-for-owners-of-mybitcoin-loses-steam/ Search for Owners of MyBitcoin Loses Steam]. BetaBeat</ref><br />
<br />
In early August 2012, a lawsuit was filed in San Francisco court against Bitcoinica, claiming about USD 460,000 from the company. Bitcoinica was hacked twice in 2012, which led to allegations of neglecting the safety of customers' money and cheating them out of withdrawal requests.<ref>[https://arstechnica.com/tech-policy/2012/08/bitcoinica-users-sue-for-460k-in-lost-bitcoins/ Bitcoinica users sue for $460k in lost Bitcoins]. Arstechnica</ref><ref>[https://spectrum.ieee.org/tech-talk/computing/networks/first-bitcoin-lawsuit-filed-in-san-francisco First Bitcoin Lawsuit Filed In San Francisco]. IEEE Spectrum</ref><br />
<br />
In late August 2012, Bitcoin Savings and Trust was shut down by the owner, allegedly leaving around $5.6 million in debts; this led to allegations of the operation being a Ponzi scheme.<ref>{{Cite web|title=Bitcoin ponzi scheme – investors lose $5 million USD in online hedge fund|url=https://rt.com/usa/news/investors-currency-digital-fund-868/|publisher=RT}}</ref><ref>{{Cite web|last=Jeffries|first=Adrianne|title=Suspected multi-million dollar Bitcoin pyramid scheme shuts down, investors revolt|url=http://www.theverge.com/2012/8/27/3271637/bitcoin-savings-trust-pyramid-scheme-shuts-down|publisher=The Verge}}</ref><ref>{{Cite web|last=Mick|first=Jason|title="Pirateat40" Makes Off $5.6M USD in Bitcoin From Pyramid Scheme|url=http://www.dailytech.com/Pirateat40+Makes+Off+56M+USD+in+BitCoins+From+Pyramid+Scheme/article25538.htm|publisher=DailyTech}}</ref><ref>[https://pandodaily.com/2012/08/31/bitcoin-how-a-virtual-currency-became-real-with-a-5-6m-fraud/ Bitcoin: How a Virtual Currency Became Real with a $5.6M Fraud]. PandoDaily</ref> In September 2012, it was reported that U.S. Securities and Exchange Commission has started an investigation on the case.<ref>[http://blogs.telegraph.co.uk/technology/willardfoxton2/100007836/bitcoin-pirate-scandal-sec-steps-in-amid-allegations-that-the-whole-thing-was-a-ponzi-scheme/ Bitcoin 'Pirate' scandal: SEC steps in amid allegations that the whole thing was a Ponzi scheme ]. The Telegraph</ref><br />
<br />
In September 2012, Bitfloor bitcoin exchange also reported being hacked, with 24,000 bitcoins (roughly equivalent to USD 250,000) stolen. As a result, Bitfloor suspended operations.<ref>[http://www.bbc.co.uk/news/technology-19486695 Bitcoin theft causes Bitfloor exchange to go offline]. BBC</ref><ref>[http://www.theverge.com/2012/9/5/3293375/bitfloor-bitcoin-exchange-suspended-theft Bitcoin exchange BitFloor suspends operations after $250,000 theft bitcoin exchange BitFloor suspends operations after $250,000 theft]. The Verge</ref> The same month, Bitfloor resumed operations, with its founder saying that he reported the theft to FBI, and that he is planning to repay the victims, though the time frame for such repayment is unclear.<ref>[http://www.pcworld.com/article/2010586/bitcoin-exchange-back-online-after-hack.html?tk=rel_news Bitcoin exchange back online after hack]. PCWorld</ref><br />
<br />
===Taxation===<br />
In September 2012, the Intra-European Organization of Tax Administrations (IOTA), in Tbilisi, Georgia, held a workshop titled "Auditing Individuals and Legal Entities in the Use of e-Money." The workshop was attended by representatives from 23 countries.<ref name="Bitcoin Tax issues Oct 2012">{{cite journal | title=2012 TNT 209-4 NEWS ANALYSIS: VIRTUAL CURRENCY: A NEW WORRY FOR TAX ADMINISTRATORS?. (Release Date: OCTOBER 17, 2012) (Doc 2012-21516) | author=Stewart, David D. and Soong Johnston, Stephanie D. | journal=Tax Notes Today | date=29 October 2012 | volume=2012 TNT 209-4 | issue=2012 TNT 209-4}}</ref> Jerry Taylor, IOTA's technical taxation expert, said, "There's an awful lot happening on the Internet environment which is fascinating at the moment and introducing new challenges for auditors when it comes to virtual currency."<ref name="Bitcoin Tax issues Oct 2012">{{cite journal | title=2012 TNT 209-4 NEWS ANALYSIS: VIRTUAL CURRENCY: A NEW WORRY FOR TAX ADMINISTRATORS?. (Release Date: OCTOBER 17, 2012) (Doc 2012-21516) | author=Stewart, David D. and Soong Johnston, Stephanie D. | journal=Tax Notes Today | date=29 October 2012 | volume=2012 TNT 209-4 | issue=2012 TNT 209-4}}</ref> Bitcoin was mentioned during the workshop.<ref name="Bitcoin Tax issues Oct 2012">{{cite journal | title=2012 TNT 209-4 NEWS ANALYSIS: VIRTUAL CURRENCY: A NEW WORRY FOR TAX ADMINISTRATORS?. (Release Date: OCTOBER 17, 2012) (Doc 2012-21516) | author=Stewart, David D. and Soong Johnston, Stephanie D. | journal=Tax Notes Today | date=29 October 2012 | volume=2012 TNT 209-4 | issue=2012 TNT 209-4}}</ref> <br />
<br />
Matthew Elias, founder of the [[Cryptocurrency Legal Advocacy Group]] (CLAG) published "Staying Between the Lines: A Survey of U.S. Income Taxation and its Ramifications on Cryptocurrencies", which discusses "the taxability of cryptocurrencies such as Bitcoin."<ref name="Bitcoin Tax issues Oct 2012">{{cite journal | title=2012 TNT 209-4 NEWS ANALYSIS: VIRTUAL CURRENCY: A NEW WORRY FOR TAX ADMINISTRATORS?. (Release Date: OCTOBER 17, 2012) (Doc 2012-21516) | author=Stewart, David D. and Soong Johnston, Stephanie D. | journal=Tax Notes Today | date=29 October 2012 | volume=2012 TNT 209-4 | issue=2012 TNT 209-4}}</ref> CLAG "stressed the importance for taxpayers to determine on their own whether taxes are due on a Bitcoin-related transaction based on whether one has "experienced a realization event."<ref name="Bitcoin Tax issues Oct 2012">{{cite journal | title=2012 TNT 209-4 NEWS ANALYSIS: VIRTUAL CURRENCY: A NEW WORRY FOR TAX ADMINISTRATORS?. (Release Date: OCTOBER 17, 2012) (Doc 2012-21516) | author=Stewart, David D. and Soong Johnston, Stephanie D. | journal=Tax Notes Today | date=29 October 2012 | volume=2012 TNT 209-4 | issue=2012 TNT 209-4}}</ref> Such examples are "when a taxpayer has provided a service in exchange for Bitcoins, a realization event has probably occurred, and any gain or loss would likely be calculated using fair market values for the service provided."<ref name="Bitcoin Tax issues Oct 2012">{{cite journal | title=2012 TNT 209-4 NEWS ANALYSIS: VIRTUAL CURRENCY: A NEW WORRY FOR TAX ADMINISTRATORS?. (Release Date: OCTOBER 17, 2012) (Doc 2012-21516) | author=Stewart, David D. and Soong Johnston, Stephanie D. | journal=Tax Notes Today | date=29 October 2012 | volume=2012 TNT 209-4 | issue=2012 TNT 209-4}}</ref><br />
<br />
[[Peter Vessenes]], [[Bitcoin Foundation|Bitcoin Foundation's]] executive director, said, since the foundation is trying to pay for everything in bitcoins, including salaries, "How do we W-2 someone for their Bitcoins? Do we mark-to-market every time a transfer happens? Payroll companies cringe."<ref name="BitCoin Tax issues Oct 2012">{{cite journal | title=2012 TNT 209-4 NEWS ANALYSIS: VIRTUAL CURRENCY: A NEW WORRY FOR TAX ADMINISTRATORS?. (Release Date: OCTOBER 17, 2012) (Doc 2012-21516) | author=Stewart, David D. and Soong Johnston, Stephanie D. | journal=Tax Notes Today | date=29 October 2012 | volume=2012 TNT 209-4 | issue=2012 TNT 209-4}}</ref> The Bitcoin Foundation hopes "to push for solid guidance about its legal and tax treatment." [[Patrick Murck]], legal counsel for the Bitcoin Foundation, said he would like "to help regulators understand the technology better so they can make better decisions."<ref name="BitCoin Tax issues Oct 2012">{{cite journal | title=2012 TNT 209-4 NEWS ANALYSIS: VIRTUAL CURRENCY: A NEW WORRY FOR TAX ADMINISTRATORS?. (Release Date: OCTOBER 17, 2012) (Doc 2012-21516) | author=Stewart, David D. and Soong Johnston, Stephanie D. | journal=Tax Notes Today | date=29 October 2012 | volume=2012 TNT 209-4 | issue=2012 TNT 209-4}}</ref> Murck said, "Bitcoin has the potential to become much more than a niche currency, but it needs the guidance and understanding of regulators." and "The full potential of Bitcoin could be realized through clearer guidelines and a better understanding by financial and tax regulators." and "Part of making that happen is to talk to regulators, the IRS, and tax professionals and helping them understand that Bitcoin is not this nefarious thing, it's just software, it's a community, and there's nothing inherently nefarious about either of those things."<ref name="BitCoin Tax issues Oct 2012">{{cite journal | title=2012 TNT 209-4 NEWS ANALYSIS: VIRTUAL CURRENCY: A NEW WORRY FOR TAX ADMINISTRATORS?. (Release Date: OCTOBER 17, 2012) (Doc 2012-21516) | author=Stewart, David D. and Soong Johnston, Stephanie D. | journal=Tax Notes Today | date=29 October 2012 | volume=2012 TNT 209-4 | issue=2012 TNT 209-4}}</ref><br />
<br />
==See Also==<br />
* [[Introduction]]<br />
* [[Getting started]]<br />
* [[Using_Bitcoin|Detailed tutorial]]<br />
* [[FAQ]]<br />
* [https://www.weusecoins.com What Is Bitcoin?]<br />
* [https://www.bitcoinmining.com What Is Bitcoin Mining?]<br />
<br />
==References==<br />
<references /><br />
<br />
[[Category:Digital currencies]]<br />
{{wp}}{{p-move}}{{good}}<br />
[[es:Bitcoin]][[de:Bitcoin]]</div>Pancyrushttps://tests.bitcoin.it/w/index.php?title=Bitcoin&diff=68553Bitcoin2021-03-21T00:27:15Z<p>Pancyrus: "Bitcoin" (capitalized) is the technology, while "bitcoin" (lowercased) is the currency.</p>
<hr />
<div>'''Bitcoin''' is a decentralized [[digital currency]] created by an unknown person or group of people under the name [[Satoshi Nakamoto]] and released as open-source software in 2009. It does not rely on a central server to process transactions or store funds. There are a maximum of 2,099,999,997,690,000 bitcoin elements (called satoshis, the unit has been named in collective homage to the original creator), which are currently most commonly measured in units of 100,000,000 known as BTC. There will only ever be 21 million bitcoin (BTC) to ever be created.<br />
<br />
{{As of|January 2018}}, it is the most widely used alternative currency,<ref name="Quantitative Analysis of the Full Bitcoin Transaction Graph">{{cite web|title=Quantitative Analysis of the Full Bitcoin Transaction Graph|url=https://eprint.iacr.org/2012/584.pdf|publisher=Cryptology ePrint Archive|accessdate=18 October 2012|author=Ron Dorit|coauthors=Adi Shamir|page=17|quote=The Bitcoin system is the best known and most widely used alternative payment scheme,...}}</ref><ref name="Cryptocurrency Market Capitalization">{{Cite web|title=Coinmarketcap.com|url=https://coinmarketcap.com/}}</ref> now with the total market cap around 250 billion US dollars.<ref>{{cite web|title=Market Capitalization|url=https://coinmarketcap.com/currencies/bitcoin/|publisher= [[Coinmarketcap.com]] |accessdate=10 January 2018}}</ref><br />
<br />
Bitcoin has no central issuer; instead, the peer-to-peer network regulates bitcoins, transactions and issuance according to consensus in network software. These transactions are verified by network nodes through the use of cryptography and recorded in a public distributed ledger called a blockchain.<br />
<br />
Bitcoins are issued to various nodes that verify transactions through computing power;<br />
it is established that there will be a limited and scheduled release of no more than BTC 21 million worth of coins, which will be fully issued by the year 2140. <br />
<br />
Bitcoins are created as a reward for a process known as mining. They can be exchanged for other currencies, products, and services. As of February 2015, over 100,000 merchants and vendors accepted bitcoins as payment. Research produced by the University of Cambridge estimates that in 2017, there were 2.9 to 5.8 million unique users using a cryptocurrency wallet, most of them using Bitcoin.<br />
<br />
Internationally, bitcoins can be exchanged and managed through various websites and [[software]] along with physical banknotes and coins.<ref>{{Cite web|title=Physical Bitcoins by Casascius|url=https://www.casascius.com/|publisher=Casascius Coins|accessdate=29 September 2012}}</ref><ref>{{Cite web|title=Bitbills|url=http://www.bitbills.com/|publisher=Bitbills|accessdate=29 September 2012}}</ref><br />
<br />
==History==<br />
{{main|History}}<br />
<br />
A cryptographic system for untraceable payments was first described by David Chaum in 1982.<ref>[http://blog.koehntopp.de/uploads/Chaum.BlindSigForPayment.1982.PDF David Chaum, Blind signatures for untraceable payments], Advances in Cryptology - Crypto '82, Springer-Verlag (1983), 199–203.</ref> In 1990 Chaum extended this system to create the first cryptographic anonymous electronic cash system.,<ref>{{cite journal|journal=Lecture Notes in Computer Science|last1=Chaum|first1=David|last2=Fiat|first2=Amos|last3=Naor|first3=Moni|title=Untraceable Electronic Cash|url=http://blog.koehntopp.de/uploads/chaum_fiat_naor_ecash.pdf}}</ref> which became known as ecash.<br />
<ref>{{cite web|url=https://www.wired.com/wired/archive/2.12/emoney.html|publisher=Wired|title=E-Money (That's What I Want)|date=1994–2012|author=Steven Levy}}</ref> In 1998 [[Wei Dai]] published a description of an anonymous, distributed electronic cash system which he called "b-money".<ref>{{cite web|title=B-Money|url=http://www.weidai.com/bmoney.txt|author=Wei Dai|year=1998}}</ref> Around the same time, Nick Szabo created ''bit gold''.<ref>{{cite web|url=https://spectrum.ieee.org/computing/software/bitcoin-the-cryptoanarchists-answer-to-cash/0|title=Bitcoin: The Cryptoanarchists’ Answer to Cash|publisher=IEEE Spectrum|quote=Around the same time, Nick Szabo, a computer scientist who now blogs about law and the history of money, was one of the first to imagine a new digital currency from the ground up. Although many consider his scheme, which he calls “bit gold,” to be a precursor to Bitcoin}}</ref><ref name="bitgold">{{cite web|title=Bit gold|url=https://unenumerated.blogspot.co.uk/2005/12/bit-gold.html|author=Nick Szabo|quote=My proposal for bit gold is based on computing a string of bits from a string of challenge bits, using functions called variously "client puzzle function," "proof of work function," or "secure benchmark function.". The resulting string of bits is the proof of work.... The last-created string of bit gold provides the challenge bits for the next-created string.}}</ref> Like Bitcoin, ''Bit gold'' was a currency system where users would compete to solve a [[proof of work]] function, with solutions being cryptographically chained together and published via a distributed property title registry. A variant of ''Bit gold'', called ''Reusable Proofs of Work'', was implemented by Hal Finney.<ref name="bitgold"/><br />
<br />
In 2008, Satoshi Nakamoto published a [[Bitcoin_white_paper|paper]]<ref name="whitepaper">{{cite web<br />
|last= Nakamoto<br />
|first= Satoshi<br />
|title= Bitcoin: A Peer-to-Peer Electronic Cash System<br />
|url= http://www.cs.kent.edu/~JAVED/class-P2P12F/papers-2012/PAPER2012-p2p-bitcoin-satoshinakamoto.pdf<br />
|accessdate = 14 December 2010<br />
|date= 24 May 2009<br />
|postscript=<br />
}}</ref><ref>{{cite web<br />
|url= https://article.gmane.org/gmane.comp.encryption.general/12588/<br />
|title= Bitcoin P2P e-cash paper<br />
}}</ref> on The Cryptography Mailing list at metzdowd.com<ref>[https://www.mail-archive.com/search?l=cryptography@metzdowd.com&q=from:%22Satoshi+Nakamoto%22 Satoshi's posts to Cryptography mailing list]</ref> describing the Bitcoin protocol.<br />
<br />
The Bitcoin network came into existence on 3 January 2009 with the release of the first Bitcoin client, [[wxBitcoin]], and the issuance of the first bitcoins.<ref>{{cite web |title=Block 0 – Bitcoin Block Explorer |url=https://blockexplorer.com/block/000000000019d6689c085ae165831e934ff763ae46a2a6c172b3f1b60a8ce26f }}</ref><ref>{{cite web |url=https://www.mail-archive.com/cryptography@metzdowd.com/msg10142.html |title=Bitcoin v0.1 released}}</ref><ref>{{cite web |url=https://sourceforge.net/news/?group_id=244765 |title=SourceForge.net: Bitcoin}}</ref><br />
A year after, the initial exchange rates for Bitcoin were set by individuals on the bitcointalk forums.{{Citation needed|date=October 2012}} The most significant transaction involved a BTC 10,000 pizza.<ref>{{cite web|title=The Rise and Fall of Bitcoin|url=https://www.wired.com/magazine/2011/11/mf_bitcoin/|publisher=Wired|accessdate=13 October 2012}}</ref><br />
Today, the majority of bitcoin exchanges occur on the [[Bitstamp]] bitcoin exchange.<ref>{{cite web | title = Exchange volume distribution | work = by market | publisher = [[Bitcoin Charts]] | date = April 15, 2014 | url = https://bitcoincharts.com/charts/volumepie/ | accessdate = 2014-04-15 }}</ref><br />
<br />
In 2011, Wikileaks,<ref>{{cite news<br />
|last= Greenberg<br />
|first= Andy<br />
|url= http://blogs.forbes.com/andygreenberg/2011/06/14/wikileaks-asks-for-anonymous-bitcoin-donations/<br />
|title= WikiLeaks Asks For Anonymous Bitcoin Donations – Andy Greenberg – The Firewall – Forbes<br />
|publisher= Blogs.forbes.com<br />
|date= 2011-06-14<br />
|accessdate = 2011-06-22<br />
}}</ref> [[Freenet]],<ref>{{cite web<br />
|url= https://freenetproject.org/donate.html<br />
|title= /donate<br />
|publisher= The Freenet Project<br />
|date=<br />
|accessdate = 2011-06-22<br />
}}</ref> Singularity Institute,<ref>[http://singinst.org/donate/ SIAI donation page]</ref> Internet Archive,<ref>[https://www.archive.org/donate/index.php Internet Archive donation page]</ref> Free Software Foundation<ref>[https://my.fsf.org/donate/other/ Other ways to donate]</ref> and others, began [[Receiving_donations_with_bitcoin|to accept donations in bitcoins]]. The Electronic Frontier Foundation did so for a while but has since stopped, citing concerns about a lack of legal precedent about new currency systems, and because they "generally don't endorse any type of product or service."<ref>{{cite web<br />
|url= https://www.eff.org/deeplinks/2011/06/eff-and-bitcoin<br />
|title= EFF and Bitcoin &#124; Electronic Frontier Foundation<br />
|publisher= Eff.org<br />
|date= 2011-06-14<br />
|accessdate = 2011-06-22<br />
}}</ref> Some small businesses had started to adopt Bitcoin. LaCie, a public company, accepts bitcoins for its Wuala service.<ref>{{Cite web|url=http://www.wuala.com/en/bitcoin |title=Secure Online Storage – Backup. Sync. Share. Access Everywhere |publisher=Wuala |date= |accessdate = 2012-01-24}}</ref><br />
<br />
In 2012, BitPay reports of having over 1000 merchants accepting bitcoins under its payment processing service.<ref>{{cite web|title=BitPay Signs 1,000 Merchants to Accept Bitcoin Payments|url=http://www.americanbanker.com/issues/177_176/bitpay-signs-1000-merchants-to-accept-bitcoin-payments-1052538-1.html|publisher=American Banker|accessdate=12 October 2012}}</ref><br />
<br />
==Administration==<br />
Bitcoin is administered through a decentralized peer-to-peer network.<ref name="whitepaper"/> Cryptographic technologies and the peer-to-peer network of computing power enables users to make and verify irreversible, instant online bitcoin payments, without an obligation to trust and use centralized banking institutions and authorities. Dispute resolution services are not made directly available. Instead it is left to the users to verify and trust the parties they are sending money to through their choice of methods. <br />
<br />
Bitcoins are issued according to rules agreed to by the majority of the computing power within the Bitcoin network. The core rules describing the predictable issuance of bitcoins to its verifying servers, a voluntary and competitive transaction fee system and the hard limit of no more than BTC 21 million issued in total.<ref name="whitepaper"/><br />
<br />
Bitcoin does not require a central bank, State,<ref>{{cite web<br />
|url= https://spectrum.ieee.org/computing/software/bitcoin-the-cryptoanarchists-answer-to-cash/3<br />
|title= Bitcoin: The Cryptoanarchists' Answer to Cash<br />
|publisher= IEEE.org<br />
|date= June 2012<br />
|accessdate = 2012-06-05<br />
}}</ref> or incorporated backers.<br />
<br />
==Services==<br />
{{main|Wallet}}<br />
<br />
Bitcoins are sent and received through software and websites called wallets. They send and confirm transactions to the network through Bitcoin addresses, the identifiers for users' Bitcoin wallets within the network.<ref name="whitepaper"/><br />
<br />
===Bitcoin addresses===<br />
{{main|Address}}<br />
<br />
Payments are made to Bitcoin "addresses": human-readable strings of numbers and letters around 33 characters in length, always beginning with the digit 1 or 3, as in the example of ''31uEbMgunupShBVTewXjtqbBv5MndwfXhb''.<br />
<br />
Users obtain new Bitcoin addresses from their Bitcoin software. Creating a new address can be a completely offline process and require no communication with the Bitcoin network. Web services often generate a new Bitcoin address for every user, allowing them to have their custom deposit addresses.{{dubious}}<br />
<br />
===Transaction fees===<br />
{{main|Transaction fees}}<br />
Transaction fees may be included with any transfer of bitcoins. While it's technically possible to send a transaction with zero fee, {{as of|2017|lc=on}} it's highly unlikely that one of these transactions confirms in a realistic amount of time, causing most nodes on the network to drop it. For transactions which consume or produce many outputs (and therefore have a large data size), higher transaction fees are usually expected.<br />
<br />
===Confirmations===<br />
{{main|Confirmation}}<br />
<br />
The network's software confirms a transaction when it records it in a block. Further blocks of transactions confirm it even further. After six confirmations/blocks, a transaction is confirmed beyond reasonable doubt.<br />
<br />
The network must store the whole transaction history inside the blockchain, which grows constantly as new records are added and never removed. Nakamoto conceived that as the database became larger, users would desire applications for Bitcoin that didn't store the entire database on their computer. To enable this, the blockchain uses a [[merkle tree]] to organize the transaction records in such a way that client software can locally delete portions of its own database it knows it will never need, such as earlier transaction records of bitcoins that have changed ownership multiple times.<br />
<br />
==Economics==<br />
<br />
===Initial distribution===<br />
<br />
Bitcoin has no centralized issuing authority.<ref name="ars-06-08-11"><br />
{{Cite news<br />
|first= Thomas<br />
|last= Lowenthal<br />
|title= Bitcoin: inside the encrypted, peer-to-peer digital currency<br />
|newspaper= Ars Technica<br />
|date= 8 June 2011<br />
|url= https://arstechnica.com/tech-policy/news/2011/06/bitcoin-inside-the-encrypted-peer-to-peer-currency.ars<br />
}}</ref><ref>{{cite news<br />
|author= Sponsored by<br />
|url= http://www.economist.com/blogs/babbage/2011/06/virtual-currency<br />
|title= Virtual currency: Bits and bob<br />
|publisher= The Economist<br />
|date=<br />
|accessdate = 2011-06-22<br />
}}</ref><ref>{{cite web<br />
|last= Geere<br />
|first= Duncan<br />
|url= https://www.wired.co.uk/news/archive/2011-05/16/bitcoin-p2p-currency<br />
|title= Peer-to-peer currency Bitcoin sidesteps financial institutions (Wired UK)<br />
|publisher= Wired.co.uk<br />
|date=<br />
|accessdate = 2011-06-22<br />
}}</ref> The network is programmed to increase the money supply as a geometric series until the total number of bitcoins reaches 21 million.<ref name="Quantitative Analysis of the Full Bitcoin Transaction Graph"/> {{As of|2012|10}} slightly over 10 million of the total BTC 21 million had been created; the current total number created is available online.<ref>{{cite web<br />
|title= Total Number of Bitcoins in Existence<br />
|url= https://blockexplorer.com/q/totalbc<br />
|work= Bitcoin Block Explorer<br />
|accessdate = 2012-10-03<br />
}}</ref> By 2013 half of the total supply will have been generated, and by 2017, three-quarters will have been generated. To ensure sufficient granularity of the [[money supply]], clients can divide each BTC unit down to eight decimal places (a total of 2.1&nbsp;×&nbsp;10<sup>15</sup> or 2.1 quadrillion units).<ref name="lwn">{{Cite news<br />
|author= Nathan Willis<br />
|date= 2010-11-10<br />
|title= Bitcoin: Virtual money created by CPU cycles<br />
|publisher= LWN.net<br />
|url= https://lwn.net/Articles/414452/<br />
}}</ref><br />
<br />
The network {{As of|2012|lc=on}} required over one million times more work for confirming a block and receiving an award (BTC 25 {{As of|2012|2|lc=on}}) than when the first blocks were confirmed.<br />
The difficulty is automatically adjusted every 2016 blocks based on the time taken to find the previous 2016 blocks such that one block is created roughly every 10 minutes.<br />
<br />
Those who chose to put computational and electrical resources toward mining early on had a greater chance at receiving awards for block generations. This served to make available enough processing power to process blocks. Indeed, without miners there are no transactions and the bitcoin economy comes to a halt.<br />
<br />
===Exchange rate===<br />
Prices fluctuate relative to goods and services more than more widely accepted currencies;<br />
the price of a bitcoin is not static.<br />
<br />
In August 2012, 1 bitcoin traded at around US$10.00. Taking into account the total number of bitcoins mined, the monetary base of the Bitcoin network stands at over USD 110 million.<ref>[http://www.bitcoinwatch.com/ http://www.bitcoinwatch.com/] Bitcoin statistics</ref><br />
<br />
== Anonymity ==<!--Please keep as starting template--><br />
{{main|Anonymity & Security}}<br />
<br />
=== Transactions ===<br />
<br />
While using bitcoins is an excellent way to make your purchases, donations, and p2p payments, without losing money through inflated transaction fees, transactions are never truly anonymous. Buying bitcoin you pass identification, Bitcoin transactions are stored publicly and permanently on the network, which means anyone can see the balance and transactions of any Bitcoin address. Bitcoin activities are recorded and available publicly via the [[blockchain]], a comprehensive database which keeps a record of Bitcoin transactions.<br />
<br />
=== Buying/selling bitcoins ===<br />
<br />
All exchange companies require the user to scan ID documents, and large transactions must be reported to the proper governmental authority.<br />
<br />
This means that a third party with an interest in tracking your activities can use your visible balance and ID information as a basis from which to track your future transactions or to study previous activity. In short, you have compromised your [[security]] and [[privacy]].<br />
<br />
In addition to conventional exchanges there are also peer-to-peer exchanges. Peer to peer exchanges will often not collect KYC and identity information directly from users, instead they let the users handle KYC amongst themselves. These can often be a better alternative for those looking to purchase bitcoins quickly and without KYC delay.<br />
<br />
=== Mixing services ===<br />
<br />
[http://anonymity.co.in/mixing_services.html Mixing services] are used to avoid compromising of privacy and security. Mixing services provide to periodically exchange your bitcoins for different ones which cannot be associated with the original owner.<br />
<br />
== Security ==<!--Please keep as starting template--><br />
{{seealso|Weaknesses}}<br />
<br />
In the history of Bitcoin, there have been a few [[incidents]], caused by problematic as well as malicious transactions. In the worst such incident, and the only one of its type, a person was able to pretend that he had a practically infinite supply of bitcoins, for almost 9 hours.<br />
<br />
Bitcoin relies, among other things, on [https://en.wikipedia.org/wiki/Public-key_cryptography public key cryptography] and thus may be vulnerable to [https://en.wikipedia.org/wiki/Elliptic_curve_cryptography#Quantum_computing_attacks quantum computing attacks] if and when practical quantum computers can be constructed.<br />
<br />
If multiple different software packages, whose usage becomes widespread on the Bitcoin network, disagree on the protocol and the rules for transactions, this could potentially cause a fork in the block chain, with each faction of users being able to accept only their own version of the history of transactions. This could influence the price of bitcoins.<br />
<br />
A global, organized campaign against the currency or the software could also influence the demand for bitcoins, and thus the exchange price.<br />
<br />
==Bitcoin mining==<br />
{{main|Mining}}<br />
<br />
Bitcoin mining nodes are responsible for managing the Bitcoin network.<br />
<br />
Bitcoins are awarded to Bitcoin nodes known as "miners" for the solution to a difficult [[proof-of-work]] problem which confirms transactions and prevents double-spending. This incentive, as the Nakamoto white paper describes it, encourages "nodes to support the network, and provides a way to initially distribute coins into circulation, since no central authority issues them."<ref name="whitepaper" /><br />
<br />
Nakamoto compared the generation of new coins by expending CPU time and electricity to gold miners expending resources to add gold to circulation.<ref name="whitepaper"/><br />
<br />
[[File:Cryptocurrency Mining Farm.jpg|right|350px|thumb|Iceland is a good location for [[mining]] bitcoins because of the natural cold temperature.]]<br />
<br />
===Node operation===<br />
<br />
The node software for the Bitcoin network is based on peer-to-peer networking, digital signatures and cryptographic proof to make and verify transactions. Nodes broadcast transactions to the network, which records them in a public record of all transactions, called the ''blockchain'', after validating them with a [[proof-of-work|proof-of-work system]].<br />
<br />
Satoshi Nakamoto designed the first Bitcoin node and mining software<ref name="processors">{{Cite news<br />
|last= Davis<br />
|first= Joshua<br />
|title= The Crypto-Currency<br />
|url= https://www.wired.com/magazine/2011/11/mf_bitcoin/all<br />
|accessdate = 11 November 2011<br />
|newspaper= Wired Magazine<br />
|date= 10 November 2011<br />
}}</ref> and developed the majority of the first implementation, Bitcoind, from 2007 to mid-2010.<ref name="code_start">{{cite web<br />
|url= https://bitcointalk.org/index.php?topic=13.msg46#msg46<br />
|title= Questions about Bitcoin<br />
|publisher= Bitcoin forum<br />
|date= 2009-12-10<br />
}}</ref><br />
<br />
Node implementations include core software such as Bitcoind/Bitcoin-Qt, [[libbitcoin]], [[cbitcoin]]<ref>{{Cite web|title=cbitcoin|url=https://github.com/MatthewLM/cbitcoin|accessdate=3 October 2012}}</ref> and [[BitCoinJ|bitcoinj]].<ref>{{cite web<br />
|url= https://news.slashdot.org/story/11/03/23/0210207/Google-Engineer-Releases-Open-Source-Bitcoin-Client<br />
|title= Google Engineer Releases Open Source Bitcoin Client<br />
|author= angry tapir, timothy<br />
|date= 23 March 2011<br />
|publisher= Slashdot<br />
|accessdate = 2011-05-18<br />
}}</ref><ref>{{cite web<br />
|url= http://www.javaworld.com/javaworld/jw-01-2012/120110-bitcoin-for-beginners-3.html?page=1<br />
|title= Bitcoin for beginners: The BitcoinJ API<br />
|author= Dirk Merkel<br />
|date= 10 January 2012<br />
|publisher= JavaWorld<br />
|accessdate = 2012-08-03<br />
}}</ref><br />
<br />
Every node in the Bitcoin network collects all the unacknowledged transactions it knows of in a file called a ''block'', which also contains a reference to the previous valid block known to that node. It then appends a [[nonce]] value to this previous block and computes the SHA-256 cryptographic hash of the block and the appended nonce value. The node repeats this process until it adds a nonce that allows for the generation of a hash with a value lower than a specified ''target''. Because computers cannot practically reverse the hash function, finding such a nonce is hard and requires on average a predictable amount of repetitious trial and error. This is where the ''[[proof-of-work]]'' concept comes in to play. When a node finds such a solution, it announces it to the rest of the network. Peers receiving the new solved block validate it by computing the hash and checking that it really starts with the given number of zero bits (i.e., that the hash is within the target). Then they accept it and add it to the chain.<br />
<br />
===Mining rewards===<br />
In addition to receiving the pending transactions confirmed in the block, a generating node adds a ''generate'' transaction, which awards new bitcoins to the operator of the node that generated the block. The system sets the payout of this generated transaction according to its defined inflation schedule. The miner that generates a block also receives the fees that users have paid as an incentive to give particular transactions priority for faster confirmation.<ref>[https://www.bitcoinmining.com Bitcoin Mining]</ref><br />
<br />
The network never creates more than a BTC 50 reward per block and this amount will decrease over time towards zero, such that no more than BTC 21 million will ever exist.<ref name="lwn" /> As this payout decreases, the incentive for users to run block-generating nodes is intended to change to earning [[#Transaction fees|transaction fees]].<br />
<br />
===Mining pools===<br />
{{main|Pooled mining}}<br />
<br />
Bitcoin users often pool computational effort to increase the stability of the collected fees and subsidy they receive.<ref name="We Use Coins Mining">{{cite web|title=About Bitcoin Mining|url=https://www.weusecoins.com/en/mining-guide/|publisher=We Use Coins|accessdate=27 May 2015}}</ref><br />
<br />
===Mining difficulty===<br />
{{main|Difficulty}}<br />
<br />
In order to throttle the creation of blocks, the difficulty of generating new blocks is adjusted over time. If mining output increases or decreases, the difficulty increases or decreases accordingly.<br />
<br />
The adjustment is done by changing the threshold that a hash is required to be less than. A lower threshold means fewer possible hashes can be accepted, and thus a higher degree of difficulty. The target rate of block generation is one block every 10 minutes, or 2016 blocks every two weeks. Bitcoin changes the difficulty of finding a valid block every 2016 blocks, using the difficulty that would have been most likely to cause the prior 2016 blocks to have taken two weeks to generate, according to the timestamps on the blocks. Technically, this is done by modeling the generation of bitcoins as Poisson process. All nodes perform and enforce the same difficulty calculation.<br />
<br />
Difficulty is intended as an automatic stabilizer allowing mining for bitcoins to remain profitable in the long run for the most efficient miners, independently of the fluctuations in demand of the bitcoin in relation to other currencies.<br />
<br />
===Mining hardware===<br />
{{main|Mining Hardware Comparison}}<br />
<br />
Bitcoins used to be mined through Intel/AMD CPUs. {{As of | 2012}}, mining has gradually moved to [[GPU]] and [[FPGA]] hardware.<ref name="bitcoinmag-butterfly" /> [[Application-specific integrated circuit|ASIC]]-based hardware for bitcoin mining has been announced by several manufacturers who intend to ship products from late 2012 to early 2013.<ref name="bitcoinmag-butterfly">{{Cite web|title=Bitpay Breaks Daily Volume Record with Butterfly ASIC mining release|url=http://bitcoinmagazine.net/bitpay-breaks-daily-volume-record-with-butterfly-asic-mining-release/|publisher=Bitcoin Magazine}}</ref><br />
<br />
==Concerns==<br />
<br />
===As an investment===<br />
{{main|Bitcoin as an investment}}<br />
<br />
Bitcoin describes itself as an experimental digital currency. Reuben Grinberg has noted that Bitcoin's supporters have argued that bitcoins are neither securities nor investments because they fail to meet the criteria for either category.<ref name="grinberg">{{cite web | url=http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1817857 | title=Bitcoin: An Innovative Alternative Digital Currency | publisher=SSRN | date=9 December 2011 | accessdate=4 December 2012 | author=Grinberg, Reuben}}</ref> Although it is a virtual currency, some people see it as an investment<ref name="cnbc">{{cite web | url=http://www.cnbc.com/id/45030812/The_Pros_And_Cons_Of_Biting_on_Bitcoins | title=The Pros And Cons Of Biting on Bitcoins | publisher=CNBC | date=23 November 2011 | accessdate=4 December 2012 | author=Gustke, Constance}}</ref> or accuse it of being a form of investment fraud known as a Ponzi scheme.<ref>{{cite web |url=https://www.theregister.co.uk/2011/06/08/bitcoin_under_attack/ |title=US senators draw a bead on Bitcoin |last1=Chirgwin |first1=Richard |date=8 June 2011 |publisher=The Register |accessdate=14 November 2012}}</ref><ref>{{cite web |url=http://uk.reuters.com/article/2012/04/01/uk-traders-bitcoin-idUKBRE8300JL20120401 |title=Bitcoin, the City traders' anarchic new toy |last1=O'Leary |first1=Naomi |date=2 April 2012 |publisher=Reuters |accessdate=14 November 2012}}</ref> A report by the European Central Bank, using the U.S. Securities and Exchange Commission's definition of a Ponzi scheme, found that the use of bitcoins shares some characteristics with Ponzi schemes, but also has characteristics of its own which contradict several common aspects of Ponzi schemes.<ref name="ecbreport">{{cite web | url=http://www.ecb.europa.eu/pub/pdf/other/virtualcurrencyschemes201210en.pdf | title=Virtual Currency Schemes | publisher=European Central Bank | date=October 2012 | accessdate=4 December 2012}}</ref><br />
<br />
===Privacy===<br />
Because transactions are broadcast to the entire network, they are inherently public. Unlike regular banking,<ref>{{cite web<br />
|url= https://spectrum.ieee.org/computing/software/bitcoin-the-cryptoanarchists-answer-to-cash/0<br />
|title= Bitcoin: The Cryptoanarchists' Answer to Cash<br />
|publisher= IEEE.org<br />
|date= June 2012<br />
|accessdate = 2012-06-05<br />
}}</ref> which preserves customer privacy by keeping transaction records private, loose transactional privacy is accomplished in Bitcoin by using many unique addresses for every wallet, while at the same time publishing all transactions. As an example, if Alice sends BTC 123.45 to Bob, the network creates a public record that allows anyone to see that 123.45 has been sent from one address to another. However, unless Alice or Bob make their ownership of these addresses known, it is difficult for anyone else to connect the transaction with them. However, if someone connects an address to a user at any point they could follow back a series of transactions as each participant likely knows who paid them and may disclose that information on request or under duress.<br />
<br />
It can be difficult to associate Bitcoin identities with real-life identities.<ref name="An Analysis of Anonymity in the Bitcoin System">Fergal Reid and Martin Harrigan (24 July 2011). [https://anonymity-in-bitcoin.blogspot.com/2011/07/bitcoin-is-not-anonymous.html An Analysis of Anonymity in the Bitcoin System]. An Analysis of Anonymity in the Bitcoin System.</ref> This property makes Bitcoin transactions attractive to sellers of illegal products.<ref name="Forbes">Andy Greenberg (20 April 2011). [http://www.forbes.com/forbes/2011/0509/technology-psilocybin-bitcoins-gavin-andresen-crypto-currency.html Crypto Currency]. Forbes Magazine.</ref><ref>{{cite web<br />
|last= Madrigal<br />
|first= Alexis<br />
|title= Libertarian Dream? A Site Where You Buy Drugs With Digital Dollars<br />
|publisher= The Atlantic Monthly<br />
|date= 2011-06-01<br />
|url= https://www.theatlantic.com/technology/archive/2011/06/libertarian-dream-a-site-where-you-buy-drugs-with-digital-dollars/239776/<br />
|accessdate = 2011-06-05<br />
}}</ref><br />
<br />
===Illicit use===<br />
<br />
====Cracking====<br />
The cracking organization "LulzSec" accepted donations in bitcoins, having said that the group "needs Bitcoin donations to continue their hacking efforts".<ref name="CNET">{{cite web<br />
|last= Reisinger<br />
|first= Don<br />
|url= https://news.cnet.com/8301-13506_3-20070268-17/senators-target-bitcoin-currency-citing-drug-sales/<br />
|title= Senators target Bitcoin currency, citing drug sales &#124; The Digital Home – CNET News<br />
|publisher= News.cnet.com<br />
|date= 2011-06-09<br />
|accessdate = 2011-06-22<br />
}}</ref><ref>{{cite news<br />
|last= Olson<br />
|first= Parmy<br />
|url= http://blogs.forbes.com/parmyolson/2011/06/06/lulzsec-hackers-posts-sony-dev-source-code-get-7k-donation/<br />
|title= LulzSec Hackers Post Sony Dev. Source Code, Get $7K Donation – Parmy Olson – Disruptors – Forbes<br />
|publisher= Blogs.forbes.com<br />
|date= 6 June 2011<br />
|accessdate = 2011-06-22<br />
}}</ref><br />
<br />
====Silk Road====<br />
[[Silk Road]] is an anonymous black market that uses only the bitcoin.<ref name="npr-06-12-11"><br />
{{Cite news<br />
|url= https://www.npr.org/2011/06/12/137138008/silk-road-not-your-fathers-amazon-com<br />
|date= 12 June 2011<br />
|newspaper= NPR<br />
|title= Silk Road: Not Your Father's Amazon.com<br />
|author= Staff<br />
}}</ref> <br />
<br />
In a 2011 letter to Attorney General Eric Holder and the Drug Enforcement Administration, senators Charles Schumer of New York and Joe Manchin of West Virginia called for an investigation into Silk Road and the bitcoin.<ref name="npr-06-12-11"/><br />
Schumer described the use of bitcoins at Silk Road as a form of money laundering.<ref name="ars-06-08-11"/><br />
<br />
====Botnet mining====<br />
In June 2011, Symantec warned about the possibility of botnets engaging in covert "mining" of bitcoins,<ref>{{Cite web|author=Updated: 17 June 2011 | Translations available: 日本語 |url=http://www.symantec.com/connect/blogs/bitcoin-botnet-mining |title=Bitcoin Botnet Mining &#124; Symantec Connect Community |publisher=Symantec.com |date=2011-06-17 |accessdate = 2012-01-24}}</ref><ref>{{Cite web|url=http://www.zdnet.com/blog/security/researchers-find-malware-rigged-with-bitcoin-miner/8934 |title=Researchers find malware rigged with Bitcoin miner |publisher=ZDNet |date=2011-06-29 |accessdate = 2012-01-24}}</ref> consuming computing cycles, using extra electricity and possibly increasing the temperature of the computer (not associated with [http://snowafter.com Snow Day Calculator]). Later that month, the Australian Broadcasting Corporation caught an employee using the company's servers to generate bitcoins without permission.<ref>{{Cite web|url=http://thenextweb.com/au/2011/06/23/abc-employee-caught-mining-for-bitcoins-on-company-servers/ |title=ABC employee caught mining for Bitcoins on company servers |publisher=The Next Web |date=2011-06-23 |accessdate = 2012-01-24}}</ref> Some malware also uses the parallel processing capabilities of the GPUs built into many modern-day video cards.<ref>{{Cite news |url=https://www.theregister.co.uk/2011/08/16/gpu_bitcoin_brute_forcing/ |title=Malware mints virtual currency using victim's GPU |date=16 August 2011<!-- 20:00 GMT -->|first=Dan |last=Goodin }}</ref> In mid August 2011, bitcoin miner botnets were found;<ref>{{Cite web|url=http://www.infosecurity-magazine.com/view/20211/researcher-discovers-distributed-bitcoin-cracking-trojan-malware/ |title=Infosecurity – Researcher discovers distributed bitcoin cracking trojan malware |publisher=Infosecurity-magazine.com |date=2011-08-19 |accessdate = 2012-01-24}}</ref> trojans infecting Mac OS X have also been uncovered.<ref>{{Cite web|url=http://www.techworld.com.au/article/405849/mac_os_x_trojan_steals_processing_power_produce_bitcoins |title=Mac OS X Trojan steals processing power to produce Bitcoins – sophos, security, malware, Intego – Vulnerabilities – Security |publisher=Techworld |date=2011-11-01 |accessdate = 2012-01-24}}</ref><br />
<br />
===Theft and fraud===<br />
On 19 June 2011, a security breach of the Mt.Gox (an acronym for ''M''agic: ''T''he ''G''athering ''O''nline E''x''change, its original purpose) bitcoin exchange caused the price of a bitcoin to briefly drop to US$0.01 on the Mt.Gox exchange (though it remained unaffected on other exchanges) after a hacker allegedly used credentials from a Mt.Gox auditor's compromised computer to illegally transfer a large number of bitcoins to him- or herself and sell them all, creating a massive "ask" order at any price. Within minutes the price rebounded to over $15 before Mt.Gox shut down their exchange and canceled all trades that happened during the hacking period.<ref>[https://mtgox.com/press_release_20110630.html Clarification of Mt Gox Compromised Accounts and Major Bitcoin Sell-Off]</ref><ref>[https://www.youtube.com/watch?v=T1X6qQt9ONg YouTube. Bitcoin Report]</ref> The exchange rate of bitcoins quickly returned to near pre-crash values.<ref name="mick">Jason Mick, 19 June 2011, [http://www.dailytech.com/Inside+the+MegaHack+of+Bitcoin+the+Full+Story/article21942.htm Inside the Mega-Hack of Bitcoin: the Full Story], DailyTech</ref><ref>Timothy B. Lee, 19 June 2011, [https://arstechnica.com/tech-policy/news/2011/06/bitcoin-price-plummets-on-compromised-exchange.ars Bitcoin prices plummet on hacked exchange], Ars Technica</ref><ref>Mark Karpeles, 20 June 2011, [https://support.mtgox.com/entries/20208066-huge-bitcoin-sell-off-due-to-a-compromised-account-rollback Huge Bitcoin sell off due to a compromised account – rollback], Mt.Gox Support</ref><ref name="register1">{{Cite news<br />
|title= Bitcoin collapses on malicious trade – Mt Gox scrambling to raise the Titanic<br />
|url= https://www.theregister.co.uk/2011/06/19/bitcoin_values_collapse_again/<br />
|date= 2011-06-19<br />
|author= Chirgwin, Richard<br />
|publisher= The Register<br />
}}</ref> Accounts with the equivalent of more than USD 8,750,000 were affected.<ref name="mick" /><br />
<br />
In July 2011, The operator of Bitomat, the third largest bitcoin exchange, announced that he lost access to his wallet.dat file with about 17,000 bitcoins (roughly equivalent to USD 220,000 at that time). He announced that he would sell the service for the missing amount, aiming to use funds from the sale to refund his customers.<ref>[http://siliconangle.com/blog/2011/08/01/third-largest-bitcoin-exchange-bitomat-lost-their-wallet-over-17000-bitcoins-missing/ Third Largest Bitcoin Exchange Bitomat Lost Their Wallet, Over 17,000 Bitcoins Missing]. SiliconAngle</ref><br />
<br />
In August 2011, MyBitcoin, one of popular Bitcoin transaction processors, declared that it was hacked, which resulted in it being shut down, with paying 49% on customer deposits, leaving more than 78,000 BitCoins (roughly equivalent to USD 800,000 at that time) unaccounted for.<ref>[http://betabeat.com/2011/08/mybitcoin-spokesman-finally-comes-forward-what-did-you-think-we-did-after-the-hack-we-got-shitfaced/ MyBitcoin Spokesman Finally Comes Forward: “What Did You Think We Did After the Hack? We Got Shitfaced”]. BetaBeat</ref><ref>[http://betabeat.com/2011/08/search-for-owners-of-mybitcoin-loses-steam/ Search for Owners of MyBitcoin Loses Steam]. BetaBeat</ref><br />
<br />
In early August 2012, a lawsuit was filed in San Francisco court against Bitcoinica, claiming about USD 460,000 from the company. Bitcoinica was hacked twice in 2012, which led to allegations of neglecting the safety of customers' money and cheating them out of withdrawal requests.<ref>[https://arstechnica.com/tech-policy/2012/08/bitcoinica-users-sue-for-460k-in-lost-bitcoins/ Bitcoinica users sue for $460k in lost Bitcoins]. Arstechnica</ref><ref>[https://spectrum.ieee.org/tech-talk/computing/networks/first-bitcoin-lawsuit-filed-in-san-francisco First Bitcoin Lawsuit Filed In San Francisco]. IEEE Spectrum</ref><br />
<br />
In late August 2012, Bitcoin Savings and Trust was shut down by the owner, allegedly leaving around $5.6 million in debts; this led to allegations of the operation being a Ponzi scheme.<ref>{{Cite web|title=Bitcoin ponzi scheme – investors lose $5 million USD in online hedge fund|url=https://rt.com/usa/news/investors-currency-digital-fund-868/|publisher=RT}}</ref><ref>{{Cite web|last=Jeffries|first=Adrianne|title=Suspected multi-million dollar Bitcoin pyramid scheme shuts down, investors revolt|url=http://www.theverge.com/2012/8/27/3271637/bitcoin-savings-trust-pyramid-scheme-shuts-down|publisher=The Verge}}</ref><ref>{{Cite web|last=Mick|first=Jason|title="Pirateat40" Makes Off $5.6M USD in Bitcoin From Pyramid Scheme|url=http://www.dailytech.com/Pirateat40+Makes+Off+56M+USD+in+BitCoins+From+Pyramid+Scheme/article25538.htm|publisher=DailyTech}}</ref><ref>[https://pandodaily.com/2012/08/31/bitcoin-how-a-virtual-currency-became-real-with-a-5-6m-fraud/ Bitcoin: How a Virtual Currency Became Real with a $5.6M Fraud]. PandoDaily</ref> In September 2012, it was reported that U.S. Securities and Exchange Commission has started an investigation on the case.<ref>[http://blogs.telegraph.co.uk/technology/willardfoxton2/100007836/bitcoin-pirate-scandal-sec-steps-in-amid-allegations-that-the-whole-thing-was-a-ponzi-scheme/ Bitcoin 'Pirate' scandal: SEC steps in amid allegations that the whole thing was a Ponzi scheme ]. The Telegraph</ref><br />
<br />
In September 2012, Bitfloor bitcoin exchange also reported being hacked, with 24,000 bitcoins (roughly equivalent to USD 250,000) stolen. As a result, Bitfloor suspended operations.<ref>[http://www.bbc.co.uk/news/technology-19486695 Bitcoin theft causes Bitfloor exchange to go offline]. BBC</ref><ref>[http://www.theverge.com/2012/9/5/3293375/bitfloor-bitcoin-exchange-suspended-theft Bitcoin exchange BitFloor suspends operations after $250,000 theft bitcoin exchange BitFloor suspends operations after $250,000 theft]. The Verge</ref> The same month, Bitfloor resumed operations, with its founder saying that he reported the theft to FBI, and that he is planning to repay the victims, though the time frame for such repayment is unclear.<ref>[http://www.pcworld.com/article/2010586/bitcoin-exchange-back-online-after-hack.html?tk=rel_news Bitcoin exchange back online after hack]. PCWorld</ref><br />
<br />
===Taxation===<br />
In September 2012, the Intra-European Organization of Tax Administrations (IOTA), in Tbilisi, Georgia, held a workshop titled "Auditing Individuals and Legal Entities in the Use of e-Money." The workshop was attended by representatives from 23 countries.<ref name="Bitcoin Tax issues Oct 2012">{{cite journal | title=2012 TNT 209-4 NEWS ANALYSIS: VIRTUAL CURRENCY: A NEW WORRY FOR TAX ADMINISTRATORS?. (Release Date: OCTOBER 17, 2012) (Doc 2012-21516) | author=Stewart, David D. and Soong Johnston, Stephanie D. | journal=Tax Notes Today | year=2012 | month=October 29 | volume=2012 TNT 209-4 | issue=2012 TNT 209-4}}</ref> Jerry Taylor, IOTA's technical taxation expert, said, "There's an awful lot happening on the Internet environment which is fascinating at the moment and introducing new challenges for auditors when it comes to virtual currency."<ref name="Bitcoin Tax issues Oct 2012">{{cite journal | title=2012 TNT 209-4 NEWS ANALYSIS: VIRTUAL CURRENCY: A NEW WORRY FOR TAX ADMINISTRATORS?. (Release Date: OCTOBER 17, 2012) (Doc 2012-21516) | author=Stewart, David D. and Soong Johnston, Stephanie D. | journal=Tax Notes Today | year=2012 | month=October 29 | volume=2012 TNT 209-4 | issue=2012 TNT 209-4}}</ref> Bitcoin was mentioned during the workshop.<ref name="Bitcoin Tax issues Oct 2012">{{cite journal | title=2012 TNT 209-4 NEWS ANALYSIS: VIRTUAL CURRENCY: A NEW WORRY FOR TAX ADMINISTRATORS?. (Release Date: OCTOBER 17, 2012) (Doc 2012-21516) | author=Stewart, David D. and Soong Johnston, Stephanie D. | journal=Tax Notes Today | year=2012 | month=October 29 | volume=2012 TNT 209-4 | issue=2012 TNT 209-4}}</ref> <br />
<br />
Matthew Elias, founder of the [[Cryptocurrency Legal Advocacy Group]] (CLAG) published "Staying Between the Lines: A Survey of U.S. Income Taxation and its Ramifications on Cryptocurrencies", which discusses "the taxability of cryptocurrencies such as Bitcoin."<ref name="Bitcoin Tax issues Oct 2012">{{cite journal | title=2012 TNT 209-4 NEWS ANALYSIS: VIRTUAL CURRENCY: A NEW WORRY FOR TAX ADMINISTRATORS?. (Release Date: OCTOBER 17, 2012) (Doc 2012-21516) | author=Stewart, David D. and Soong Johnston, Stephanie D. | journal=Tax Notes Today | year=2012 | month=October 29 | volume=2012 TNT 209-4 | issue=2012 TNT 209-4}}</ref> CLAG "stressed the importance for taxpayers to determine on their own whether taxes are due on a Bitcoin-related transaction based on whether one has "experienced a realization event."<ref name="Bitcoin Tax issues Oct 2012">{{cite journal | title=2012 TNT 209-4 NEWS ANALYSIS: VIRTUAL CURRENCY: A NEW WORRY FOR TAX ADMINISTRATORS?. (Release Date: OCTOBER 17, 2012) (Doc 2012-21516) | author=Stewart, David D. and Soong Johnston, Stephanie D. | journal=Tax Notes Today | year=2012 | month=October 29 | volume=2012 TNT 209-4 | issue=2012 TNT 209-4}}</ref> Such examples are "when a taxpayer has provided a service in exchange for Bitcoins, a realization event has probably occurred, and any gain or loss would likely be calculated using fair market values for the service provided."<ref name="Bitcoin Tax issues Oct 2012">{{cite journal | title=2012 TNT 209-4 NEWS ANALYSIS: VIRTUAL CURRENCY: A NEW WORRY FOR TAX ADMINISTRATORS?. (Release Date: OCTOBER 17, 2012) (Doc 2012-21516) | author=Stewart, David D. and Soong Johnston, Stephanie D. | journal=Tax Notes Today | year=2012 | month=October 29 | volume=2012 TNT 209-4 | issue=2012 TNT 209-4}}</ref><br />
<br />
[[Peter Vessenes]], [[Bitcoin Foundation|Bitcoin Foundation's]] executive director, said, since the foundation is trying to pay for everything in bitcoins, including salaries, "How do we W-2 someone for their Bitcoins? Do we mark-to-market every time a transfer happens? Payroll companies cringe."<ref name="BitCoin Tax issues Oct 2012">{{cite journal | title=2012 TNT 209-4 NEWS ANALYSIS: VIRTUAL CURRENCY: A NEW WORRY FOR TAX ADMINISTRATORS?. (Release Date: OCTOBER 17, 2012) (Doc 2012-21516) | author=Stewart, David D. and Soong Johnston, Stephanie D. | journal=Tax Notes Today | year=2012 | month=October 29 | volume=2012 TNT 209-4 | issue=2012 TNT 209-4}}</ref> The Bitcoin Foundation hopes "to push for solid guidance about its legal and tax treatment." [[Patrick Murck]], legal counsel for the Bitcoin Foundation, said he would like "to help regulators understand the technology better so they can make better decisions."<ref name="BitCoin Tax issues Oct 2012">{{cite journal | title=2012 TNT 209-4 NEWS ANALYSIS: VIRTUAL CURRENCY: A NEW WORRY FOR TAX ADMINISTRATORS?. (Release Date: OCTOBER 17, 2012) (Doc 2012-21516) | author=Stewart, David D. and Soong Johnston, Stephanie D. | journal=Tax Notes Today | year=2012 | month=October 29 | volume=2012 TNT 209-4 | issue=2012 TNT 209-4}}</ref> Murck said, "Bitcoin has the potential to become much more than a niche currency, but it needs the guidance and understanding of regulators." and "The full potential of Bitcoin could be realized through clearer guidelines and a better understanding by financial and tax regulators." and "Part of making that happen is to talk to regulators, the IRS, and tax professionals and helping them understand that Bitcoin is not this nefarious thing, it's just software, it's a community, and there's nothing inherently nefarious about either of those things."<ref name="BitCoin Tax issues Oct 2012">{{cite journal | title=2012 TNT 209-4 NEWS ANALYSIS: VIRTUAL CURRENCY: A NEW WORRY FOR TAX ADMINISTRATORS?. (Release Date: OCTOBER 17, 2012) (Doc 2012-21516) | author=Stewart, David D. and Soong Johnston, Stephanie D. | journal=Tax Notes Today | year=2012 | month=October 29 | volume=2012 TNT 209-4 | issue=2012 TNT 209-4}}</ref><br />
<br />
==See Also==<br />
* [[Introduction]]<br />
* [[Getting started]]<br />
* [[Using_Bitcoin|Detailed tutorial]]<br />
* [[FAQ]]<br />
* [https://www.weusecoins.com What Is Bitcoin?]<br />
* [https://www.bitcoinmining.com What Is Bitcoin Mining?]<br />
<br />
==References==<br />
<references /><br />
<br />
[[Category:Digital currencies]]<br />
{{wp}}{{p-move}}{{good}}<br />
[[es:Bitcoin]][[de:Bitcoin]]</div>Pancyrushttps://tests.bitcoin.it/w/index.php?title=Bitcoin&diff=68552Bitcoin2021-03-20T23:43:27Z<p>Pancyrus: Currency symbols and codes precede the quantities in English. Also, when used as the units of account, currency names should be lowercased.</p>
<hr />
<div>'''Bitcoin''' is a decentralized [[digital currency]] created by an unknown person or group of people under the name [[Satoshi Nakamoto]] and released as open-source software in 2009. It does not rely on a central server to process transactions or store funds. There are a maximum of 2,099,999,997,690,000 bitcoin elements (called satoshis, the unit has been named in collective homage to the original creator), which are currently most commonly measured in units of 100,000,000 known as BTC. There will only ever be 21 million bitcoin (BTC) to ever be created.<br />
<br />
{{As of|January 2018}}, it is the most widely used alternative currency,<ref name="Quantitative Analysis of the Full Bitcoin Transaction Graph">{{cite web|title=Quantitative Analysis of the Full Bitcoin Transaction Graph|url=https://eprint.iacr.org/2012/584.pdf|publisher=Cryptology ePrint Archive|accessdate=18 October 2012|author=Ron Dorit|coauthors=Adi Shamir|page=17|quote=The Bitcoin system is the best known and most widely used alternative payment scheme,...}}</ref><ref name="Cryptocurrency Market Capitalization">{{Cite web|title=Coinmarketcap.com|url=https://coinmarketcap.com/}}</ref> now with the total market cap around 250 billion US dollars.<ref>{{cite web|title=Market Capitalization|url=https://coinmarketcap.com/currencies/bitcoin/|publisher= [[Coinmarketcap.com]] |accessdate=10 January 2018}}</ref><br />
<br />
Bitcoin has no central issuer; instead, the peer-to-peer network regulates Bitcoins, transactions and issuance according to consensus in network software. These transactions are verified by network nodes through the use of cryptography and recorded in a public distributed ledger called a blockchain.<br />
<br />
Bitcoins are issued to various nodes that verify transactions through computing power;<br />
it is established that there will be a limited and scheduled release of no more than BTC 21 million worth of coins, which will be fully issued by the year 2140. <br />
<br />
Bitcoins are created as a reward for a process known as mining. They can be exchanged for other currencies, products, and services. As of February 2015, over 100,000 merchants and vendors accepted Bitcoin as payment. Research produced by the University of Cambridge estimates that in 2017, there were 2.9 to 5.8 million unique users using a cryptocurrency wallet, most of them using Bitcoin.<br />
<br />
Internationally, Bitcoins can be exchanged and managed through various websites and [[software]] along with physical banknotes and coins.<ref>{{Cite web|title=Physical Bitcoins by Casascius|url=https://www.casascius.com/|publisher=Casascius Coins|accessdate=29 September 2012}}</ref><ref>{{Cite web|title=Bitbills|url=http://www.bitbills.com/|publisher=Bitbills|accessdate=29 September 2012}}</ref><br />
<br />
==History==<br />
{{main|History}}<br />
<br />
A cryptographic system for untraceable payments was first described by David Chaum in 1982.<ref>[http://blog.koehntopp.de/uploads/Chaum.BlindSigForPayment.1982.PDF David Chaum, Blind signatures for untraceable payments], Advances in Cryptology - Crypto '82, Springer-Verlag (1983), 199–203.</ref> In 1990 Chaum extended this system to create the first cryptographic anonymous electronic cash system.,<ref>{{cite journal|journal=Lecture Notes in Computer Science|last1=Chaum|first1=David|last2=Fiat|first2=Amos|last3=Naor|first3=Moni|title=Untraceable Electronic Cash|url=http://blog.koehntopp.de/uploads/chaum_fiat_naor_ecash.pdf}}</ref> which became known as ecash.<br />
<ref>{{cite web|url=https://www.wired.com/wired/archive/2.12/emoney.html|publisher=Wired|title=E-Money (That's What I Want)|date=1994–2012|author=Steven Levy}}</ref> In 1998 [[Wei Dai]] published a description of an anonymous, distributed electronic cash system which he called "b-money".<ref>{{cite web|title=B-Money|url=http://www.weidai.com/bmoney.txt|author=Wei Dai|year=1998}}</ref> Around the same time, Nick Szabo created ''bit gold''.<ref>{{cite web|url=https://spectrum.ieee.org/computing/software/bitcoin-the-cryptoanarchists-answer-to-cash/0|title=Bitcoin: The Cryptoanarchists’ Answer to Cash|publisher=IEEE Spectrum|quote=Around the same time, Nick Szabo, a computer scientist who now blogs about law and the history of money, was one of the first to imagine a new digital currency from the ground up. Although many consider his scheme, which he calls “bit gold,” to be a precursor to Bitcoin}}</ref><ref name="bitgold">{{cite web|title=Bit gold|url=https://unenumerated.blogspot.co.uk/2005/12/bit-gold.html|author=Nick Szabo|quote=My proposal for bit gold is based on computing a string of bits from a string of challenge bits, using functions called variously "client puzzle function," "proof of work function," or "secure benchmark function.". The resulting string of bits is the proof of work.... The last-created string of bit gold provides the challenge bits for the next-created string.}}</ref> Like Bitcoin, ''Bit gold'' was a currency system where users would compete to solve a [[proof of work]] function, with solutions being cryptographically chained together and published via a distributed property title registry. A variant of ''Bit gold'', called ''Reusable Proofs of Work'', was implemented by Hal Finney.<ref name="bitgold"/><br />
<br />
In 2008, Satoshi Nakamoto published a [[Bitcoin_white_paper|paper]]<ref name="whitepaper">{{cite web<br />
|last= Nakamoto<br />
|first= Satoshi<br />
|title= Bitcoin: A Peer-to-Peer Electronic Cash System<br />
|url= http://www.cs.kent.edu/~JAVED/class-P2P12F/papers-2012/PAPER2012-p2p-bitcoin-satoshinakamoto.pdf<br />
|accessdate = 14 December 2010<br />
|date= 24 May 2009<br />
|postscript=<br />
}}</ref><ref>{{cite web<br />
|url= https://article.gmane.org/gmane.comp.encryption.general/12588/<br />
|title= Bitcoin P2P e-cash paper<br />
}}</ref> on The Cryptography Mailing list at metzdowd.com<ref>[https://www.mail-archive.com/search?l=cryptography@metzdowd.com&q=from:%22Satoshi+Nakamoto%22 Satoshi's posts to Cryptography mailing list]</ref> describing the Bitcoin protocol.<br />
<br />
The Bitcoin network came into existence on 3 January 2009 with the release of the first Bitcoin client, [[wxBitcoin]], and the issuance of the first Bitcoins.<ref>{{cite web |title=Block 0 – Bitcoin Block Explorer |url=https://blockexplorer.com/block/000000000019d6689c085ae165831e934ff763ae46a2a6c172b3f1b60a8ce26f }}</ref><ref>{{cite web |url=https://www.mail-archive.com/cryptography@metzdowd.com/msg10142.html |title=Bitcoin v0.1 released}}</ref><ref>{{cite web |url=https://sourceforge.net/news/?group_id=244765 |title=SourceForge.net: Bitcoin}}</ref><br />
A year after, the initial exchange rates for Bitcoin were set by individuals on the bitcointalk forums.{{Citation needed|date=October 2012}} The most significant transaction involved a BTC 10,000 pizza.<ref>{{cite web|title=The Rise and Fall of Bitcoin|url=https://www.wired.com/magazine/2011/11/mf_bitcoin/|publisher=Wired|accessdate=13 October 2012}}</ref><br />
Today, the majority of Bitcoin exchanges occur on the [[Bitstamp]] Bitcoin exchange.<ref>{{cite web | title = Exchange volume distribution | work = by market | publisher = [[Bitcoin Charts]] | date = April 15, 2014 | url = https://bitcoincharts.com/charts/volumepie/ | accessdate = 2014-04-15 }}</ref><br />
<br />
In 2011, Wikileaks,<ref>{{cite news<br />
|last= Greenberg<br />
|first= Andy<br />
|url= http://blogs.forbes.com/andygreenberg/2011/06/14/wikileaks-asks-for-anonymous-bitcoin-donations/<br />
|title= WikiLeaks Asks For Anonymous Bitcoin Donations – Andy Greenberg – The Firewall – Forbes<br />
|publisher= Blogs.forbes.com<br />
|date= 2011-06-14<br />
|accessdate = 2011-06-22<br />
}}</ref> [[Freenet]],<ref>{{cite web<br />
|url= https://freenetproject.org/donate.html<br />
|title= /donate<br />
|publisher= The Freenet Project<br />
|date=<br />
|accessdate = 2011-06-22<br />
}}</ref> Singularity Institute,<ref>[http://singinst.org/donate/ SIAI donation page]</ref> Internet Archive,<ref>[https://www.archive.org/donate/index.php Internet Archive donation page]</ref> Free Software Foundation<ref>[https://my.fsf.org/donate/other/ Other ways to donate]</ref> and others, began [[Receiving_donations_with_bitcoin|to accept donations in Bitcoin]]. The Electronic Frontier Foundation did so for a while but has since stopped, citing concerns about a lack of legal precedent about new currency systems, and because they "generally don't endorse any type of product or service."<ref>{{cite web<br />
|url= https://www.eff.org/deeplinks/2011/06/eff-and-bitcoin<br />
|title= EFF and Bitcoin &#124; Electronic Frontier Foundation<br />
|publisher= Eff.org<br />
|date= 2011-06-14<br />
|accessdate = 2011-06-22<br />
}}</ref> Some small businesses had started to adopt Bitcoin. LaCie, a public company, accepts Bitcoin for its Wuala service.<ref>{{Cite web|url=http://www.wuala.com/en/bitcoin |title=Secure Online Storage – Backup. Sync. Share. Access Everywhere |publisher=Wuala |date= |accessdate = 2012-01-24}}</ref><br />
<br />
In 2012, BitPay reports of having over 1000 merchants accepting Bitcoin under its payment processing service.<ref>{{cite web|title=BitPay Signs 1,000 Merchants to Accept Bitcoin Payments|url=http://www.americanbanker.com/issues/177_176/bitpay-signs-1000-merchants-to-accept-bitcoin-payments-1052538-1.html|publisher=American Banker|accessdate=12 October 2012}}</ref><br />
<br />
==Administration==<br />
Bitcoin is administered through a decentralized peer-to-peer network.<ref name="whitepaper"/> Cryptographic technologies and the peer-to-peer network of computing power enables users to make and verify irreversible, instant online Bitcoin payments, without an obligation to trust and use centralized banking institutions and authorities. Dispute resolution services are not made directly available. Instead it is left to the users to verify and trust the parties they are sending money to through their choice of methods. <br />
<br />
Bitcoins are issued according to rules agreed to by the majority of the computing power within the Bitcoin network. The core rules describing the predictable issuance of Bitcoins to its verifying servers, a voluntary and competitive transaction fee system and the hard limit of no more than BTC 21 million issued in total.<ref name="whitepaper"/><br />
<br />
Bitcoin does not require a central bank, State,<ref>{{cite web<br />
|url= https://spectrum.ieee.org/computing/software/bitcoin-the-cryptoanarchists-answer-to-cash/3<br />
|title= Bitcoin: The Cryptoanarchists' Answer to Cash<br />
|publisher= IEEE.org<br />
|date= June 2012<br />
|accessdate = 2012-06-05<br />
}}</ref> or incorporated backers.<br />
<br />
==Services==<br />
{{main|Wallet}}<br />
<br />
Bitcoins are sent and received through software and websites called wallets. They send and confirm transactions to the network through Bitcoin addresses, the identifiers for users' Bitcoin wallets within the network.<ref name="whitepaper"/><br />
<br />
===Bitcoin addresses===<br />
{{main|Address}}<br />
<br />
Payments are made to Bitcoin "addresses": human-readable strings of numbers and letters around 33 characters in length, always beginning with the digit 1 or 3, as in the example of ''31uEbMgunupShBVTewXjtqbBv5MndwfXhb''.<br />
<br />
Users obtain new Bitcoin addresses from their Bitcoin software. Creating a new address can be a completely offline process and require no communication with the Bitcoin network. Web services often generate a new Bitcoin address for every user, allowing them to have their custom deposit addresses.{{dubious}}<br />
<br />
===Transaction fees===<br />
{{main|Transaction fees}}<br />
Transaction fees may be included with any transfer of Bitcoins. While it's technically possible to send a transaction with zero fee, {{as of|2017|lc=on}} it's highly unlikely that one of these transactions confirms in a realistic amount of time, causing most nodes on the network to drop it. For transactions which consume or produce many outputs (and therefore have a large data size), higher transaction fees are usually expected.<br />
<br />
===Confirmations===<br />
{{main|Confirmation}}<br />
<br />
The network's software confirms a transaction when it records it in a block. Further blocks of transactions confirm it even further. After six confirmations/blocks, a transaction is confirmed beyond reasonable doubt.<br />
<br />
The network must store the whole transaction history inside the blockchain, which grows constantly as new records are added and never removed. Nakamoto conceived that as the database became larger, users would desire applications for Bitcoin that didn't store the entire database on their computer. To enable this, the blockchain uses a [[merkle tree]] to organize the transaction records in such a way that client software can locally delete portions of its own database it knows it will never need, such as earlier transaction records of Bitcoins that have changed ownership multiple times.<br />
<br />
==Economics==<br />
<br />
===Initial distribution===<br />
<br />
Bitcoin has no centralized issuing authority.<ref name="ars-06-08-11"><br />
{{Cite news<br />
|first= Thomas<br />
|last= Lowenthal<br />
|title= Bitcoin: inside the encrypted, peer-to-peer digital currency<br />
|newspaper= Ars Technica<br />
|date= 8 June 2011<br />
|url= https://arstechnica.com/tech-policy/news/2011/06/bitcoin-inside-the-encrypted-peer-to-peer-currency.ars<br />
}}</ref><ref>{{cite news<br />
|author= Sponsored by<br />
|url= http://www.economist.com/blogs/babbage/2011/06/virtual-currency<br />
|title= Virtual currency: Bits and bob<br />
|publisher= The Economist<br />
|date=<br />
|accessdate = 2011-06-22<br />
}}</ref><ref>{{cite web<br />
|last= Geere<br />
|first= Duncan<br />
|url= https://www.wired.co.uk/news/archive/2011-05/16/bitcoin-p2p-currency<br />
|title= Peer-to-peer currency Bitcoin sidesteps financial institutions (Wired UK)<br />
|publisher= Wired.co.uk<br />
|date=<br />
|accessdate = 2011-06-22<br />
}}</ref> The network is programmed to increase the money supply as a geometric series until the total number of Bitcoins reaches BTC 21 million.<ref name="Quantitative Analysis of the Full Bitcoin Transaction Graph"/> {{As of|2012|10}} slightly over 10 million of the total BTC 21 million had been created; the current total number created is available online.<ref>{{cite web<br />
|title= Total Number of Bitcoins in Existence<br />
|url= https://blockexplorer.com/q/totalbc<br />
|work= Bitcoin Block Explorer<br />
|accessdate = 2012-10-03<br />
}}</ref> By 2013 half of the total supply will have been generated, and by 2017, three-quarters will have been generated. To ensure sufficient granularity of the [[money supply]], clients can divide each BTC unit down to eight decimal places (a total of 2.1&nbsp;×&nbsp;10<sup>15</sup> or 2.1 quadrillion units).<ref name="lwn">{{Cite news<br />
|author= Nathan Willis<br />
|date= 2010-11-10<br />
|title= Bitcoin: Virtual money created by CPU cycles<br />
|publisher= LWN.net<br />
|url= https://lwn.net/Articles/414452/<br />
}}</ref><br />
<br />
The network {{As of|2012|lc=on}} required over one million times more work for confirming a block and receiving an award (BTC 25 {{As of|2012|2|lc=on}}) than when the first blocks were confirmed.<br />
The difficulty is automatically adjusted every 2016 blocks based on the time taken to find the previous 2016 blocks such that one block is created roughly every 10 minutes.<br />
<br />
Those who chose to put computational and electrical resources toward mining early on had a greater chance at receiving awards for block generations. This served to make available enough processing power to process blocks. Indeed, without miners there are no transactions and the Bitcoin economy comes to a halt.<br />
<br />
===Exchange rate===<br />
Prices fluctuate relative to goods and services more than more widely accepted currencies;<br />
the price of a Bitcoin is not static.<br />
<br />
In August 2012, 1 bitcoin traded at around US$10.00. Taking into account the total number of Bitcoins mined, the monetary base of the Bitcoin network stands at over USD 110 million.<ref>[http://www.bitcoinwatch.com/ http://www.bitcoinwatch.com/] Bitcoin statistics</ref><br />
<br />
== Anonymity ==<!--Please keep as starting template--><br />
{{main|Anonymity & Security}}<br />
<br />
=== Transactions ===<br />
<br />
While using Bitcoins is an excellent way to make your purchases, donations, and p2p payments, without losing money through inflated transaction fees, transactions are never truly anonymous. Buying Bitcoin you pass identification, Bitcoin transactions are stored publicly and permanently on the network, which means anyone can see the balance and transactions of any Bitcoin address. Bitcoin activities are recorded and available publicly via the [[blockchain]], a comprehensive database which keeps a record of Bitcoin transactions.<br />
<br />
=== Buying/selling Bitcoins ===<br />
<br />
All exchange companies require the user to scan ID documents, and large transactions must be reported to the proper governmental authority.<br />
<br />
This means that a third party with an interest in tracking your activities can use your visible balance and ID information as a basis from which to track your future transactions or to study previous activity. In short, you have compromised your [[security]] and [[privacy]].<br />
<br />
In addition to conventional exchanges there are also peer-to-peer exchanges. Peer to peer exchanges will often not collect KYC and identity information directly from users, instead they let the users handle KYC amongst themselves. These can often be a better alternative for those looking to purchase Bitcoin quickly and without KYC delay.<br />
<br />
=== Mixing services ===<br />
<br />
[http://anonymity.co.in/mixing_services.html Mixing services] are used to avoid compromising of privacy and security. Mixing services provide to periodically exchange your Bitcoin for different ones which cannot be associated with the original owner.<br />
<br />
== Security ==<!--Please keep as starting template--><br />
{{seealso|Weaknesses}}<br />
<br />
In the history of Bitcoin, there have been a few [[incidents]], caused by problematic as well as malicious transactions. In the worst such incident, and the only one of its type, a person was able to pretend that he had a practically infinite supply of Bitcoins, for almost 9 hours.<br />
<br />
Bitcoin relies, among other things, on [https://en.wikipedia.org/wiki/Public-key_cryptography public key cryptography] and thus may be vulnerable to [https://en.wikipedia.org/wiki/Elliptic_curve_cryptography#Quantum_computing_attacks quantum computing attacks] if and when practical quantum computers can be constructed.<br />
<br />
If multiple different software packages, whose usage becomes widespread on the Bitcoin network, disagree on the protocol and the rules for transactions, this could potentially cause a fork in the block chain, with each faction of users being able to accept only their own version of the history of transactions. This could influence the price of Bitcoins.<br />
<br />
A global, organized campaign against the currency or the software could also influence the demand for Bitcoins, and thus the exchange price.<br />
<br />
==Bitcoin mining==<br />
{{main|Mining}}<br />
<br />
Bitcoin mining nodes are responsible for managing the Bitcoin network.<br />
<br />
Bitcoins are awarded to Bitcoin nodes known as "miners" for the solution to a difficult [[proof-of-work]] problem which confirms transactions and prevents double-spending. This incentive, as the Nakamoto white paper describes it, encourages "nodes to support the network, and provides a way to initially distribute coins into circulation, since no central authority issues them."<ref name="whitepaper" /><br />
<br />
Nakamoto compared the generation of new coins by expending CPU time and electricity to gold miners expending resources to add gold to circulation.<ref name="whitepaper"/><br />
<br />
[[File:Cryptocurrency Mining Farm.jpg|right|350px|thumb|Iceland is a good location for [[mining]] Bitcoin because of the natural cold temperature.]]<br />
<br />
===Node operation===<br />
<br />
The node software for the Bitcoin network is based on peer-to-peer networking, digital signatures and cryptographic proof to make and verify transactions. Nodes broadcast transactions to the network, which records them in a public record of all transactions, called the ''blockchain'', after validating them with a [[proof-of-work|proof-of-work system]].<br />
<br />
Satoshi Nakamoto designed the first Bitcoin node and mining software<ref name="processors">{{Cite news<br />
|last= Davis<br />
|first= Joshua<br />
|title= The Crypto-Currency<br />
|url= https://www.wired.com/magazine/2011/11/mf_bitcoin/all<br />
|accessdate = 11 November 2011<br />
|newspaper= Wired Magazine<br />
|date= 10 November 2011<br />
}}</ref> and developed the majority of the first implementation, Bitcoind, from 2007 to mid-2010.<ref name="code_start">{{cite web<br />
|url= https://bitcointalk.org/index.php?topic=13.msg46#msg46<br />
|title= Questions about Bitcoin<br />
|publisher= Bitcoin forum<br />
|date= 2009-12-10<br />
}}</ref><br />
<br />
Node implementations include core software such as Bitcoind/Bitcoin-Qt, [[libbitcoin]], [[cbitcoin]]<ref>{{Cite web|title=cbitcoin|url=https://github.com/MatthewLM/cbitcoin|accessdate=3 October 2012}}</ref> and [[BitCoinJ|bitcoinj]].<ref>{{cite web<br />
|url= https://news.slashdot.org/story/11/03/23/0210207/Google-Engineer-Releases-Open-Source-Bitcoin-Client<br />
|title= Google Engineer Releases Open Source Bitcoin Client<br />
|author= angry tapir, timothy<br />
|date= 23 March 2011<br />
|publisher= Slashdot<br />
|accessdate = 2011-05-18<br />
}}</ref><ref>{{cite web<br />
|url= http://www.javaworld.com/javaworld/jw-01-2012/120110-bitcoin-for-beginners-3.html?page=1<br />
|title= Bitcoin for beginners: The BitcoinJ API<br />
|author= Dirk Merkel<br />
|date= 10 January 2012<br />
|publisher= JavaWorld<br />
|accessdate = 2012-08-03<br />
}}</ref><br />
<br />
Every node in the Bitcoin network collects all the unacknowledged transactions it knows of in a file called a ''block'', which also contains a reference to the previous valid block known to that node. It then appends a [[nonce]] value to this previous block and computes the SHA-256 cryptographic hash of the block and the appended nonce value. The node repeats this process until it adds a nonce that allows for the generation of a hash with a value lower than a specified ''target''. Because computers cannot practically reverse the hash function, finding such a nonce is hard and requires on average a predictable amount of repetitious trial and error. This is where the ''[[proof-of-work]]'' concept comes in to play. When a node finds such a solution, it announces it to the rest of the network. Peers receiving the new solved block validate it by computing the hash and checking that it really starts with the given number of zero bits (i.e., that the hash is within the target). Then they accept it and add it to the chain.<br />
<br />
===Mining rewards===<br />
In addition to receiving the pending transactions confirmed in the block, a generating node adds a ''generate'' transaction, which awards new Bitcoins to the operator of the node that generated the block. The system sets the payout of this generated transaction according to its defined inflation schedule. The miner that generates a block also receives the fees that users have paid as an incentive to give particular transactions priority for faster confirmation.<ref>[https://www.bitcoinmining.com Bitcoin Mining]</ref><br />
<br />
The network never creates more than a BTC 50 reward per block and this amount will decrease over time towards zero, such that no more than BTC 21 million will ever exist.<ref name="lwn" /> As this payout decreases, the incentive for users to run block-generating nodes is intended to change to earning [[#Transaction fees|transaction fees]].<br />
<br />
===Mining pools===<br />
{{main|Pooled mining}}<br />
<br />
Bitcoin users often pool computational effort to increase the stability of the collected fees and subsidy they receive.<ref name="We Use Coins Mining">{{cite web|title=About Bitcoin Mining|url=https://www.weusecoins.com/en/mining-guide/|publisher=We Use Coins|accessdate=27 May 2015}}</ref><br />
<br />
===Mining difficulty===<br />
{{main|Difficulty}}<br />
<br />
In order to throttle the creation of blocks, the difficulty of generating new blocks is adjusted over time. If mining output increases or decreases, the difficulty increases or decreases accordingly.<br />
<br />
The adjustment is done by changing the threshold that a hash is required to be less than. A lower threshold means fewer possible hashes can be accepted, and thus a higher degree of difficulty. The target rate of block generation is one block every 10 minutes, or 2016 blocks every two weeks. Bitcoin changes the difficulty of finding a valid block every 2016 blocks, using the difficulty that would have been most likely to cause the prior 2016 blocks to have taken two weeks to generate, according to the timestamps on the blocks. Technically, this is done by modeling the generation of Bitcoins as Poisson process. All nodes perform and enforce the same difficulty calculation.<br />
<br />
Difficulty is intended as an automatic stabilizer allowing mining for Bitcoins to remain profitable in the long run for the most efficient miners, independently of the fluctuations in demand of Bitcoin in relation to other currencies.<br />
<br />
===Mining hardware===<br />
{{main|Mining Hardware Comparison}}<br />
<br />
Bitcoins used to be mined through Intel/AMD CPUs. {{As of | 2012}}, mining has gradually moved to [[GPU]] and [[FPGA]] hardware.<ref name="bitcoinmag-butterfly" /> [[Application-specific integrated circuit|ASIC]]-based hardware for Bitcoin mining has been announced by several manufacturers who intend to ship products from late 2012 to early 2013.<ref name="bitcoinmag-butterfly">{{Cite web|title=Bitpay Breaks Daily Volume Record with Butterfly ASIC mining release|url=http://bitcoinmagazine.net/bitpay-breaks-daily-volume-record-with-butterfly-asic-mining-release/|publisher=Bitcoin Magazine}}</ref><br />
<br />
==Concerns==<br />
<br />
===As an investment===<br />
{{main|Bitcoin as an investment}}<br />
<br />
Bitcoin describes itself as an experimental digital currency. Reuben Grinberg has noted that Bitcoin's supporters have argued that Bitcoin is neither a security or an investment because it fails to meet the criteria for either category.<ref name="grinberg">{{cite web | url=http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1817857 | title=Bitcoin: An Innovative Alternative Digital Currency | publisher=SSRN | date=9 December 2011 | accessdate=4 December 2012 | author=Grinberg, Reuben}}</ref> Although it is a virtual currency, some people see it as an investment<ref name="cnbc">{{cite web | url=http://www.cnbc.com/id/45030812/The_Pros_And_Cons_Of_Biting_on_Bitcoins | title=The Pros And Cons Of Biting on Bitcoins | publisher=CNBC | date=23 November 2011 | accessdate=4 December 2012 | author=Gustke, Constance}}</ref> or accuse it of being a form of investment fraud known as a Ponzi scheme.<ref>{{cite web |url=https://www.theregister.co.uk/2011/06/08/bitcoin_under_attack/ |title=US senators draw a bead on Bitcoin |last1=Chirgwin |first1=Richard |date=8 June 2011 |publisher=The Register |accessdate=14 November 2012}}</ref><ref>{{cite web |url=http://uk.reuters.com/article/2012/04/01/uk-traders-bitcoin-idUKBRE8300JL20120401 |title=Bitcoin, the City traders' anarchic new toy |last1=O'Leary |first1=Naomi |date=2 April 2012 |publisher=Reuters |accessdate=14 November 2012}}</ref> A report by the European Central Bank, using the U.S. Securities and Exchange Commission's definition of a Ponzi scheme, found that the use of Bitcoins shares some characteristics with Ponzi schemes, but also has characteristics of its own which contradict several common aspects of Ponzi schemes.<ref name="ecbreport">{{cite web | url=http://www.ecb.europa.eu/pub/pdf/other/virtualcurrencyschemes201210en.pdf | title=Virtual Currency Schemes | publisher=European Central Bank | date=October 2012 | accessdate=4 December 2012}}</ref><br />
<br />
===Privacy===<br />
Because transactions are broadcast to the entire network, they are inherently public. Unlike regular banking,<ref>{{cite web<br />
|url= https://spectrum.ieee.org/computing/software/bitcoin-the-cryptoanarchists-answer-to-cash/0<br />
|title= Bitcoin: The Cryptoanarchists' Answer to Cash<br />
|publisher= IEEE.org<br />
|date= June 2012<br />
|accessdate = 2012-06-05<br />
}}</ref> which preserves customer privacy by keeping transaction records private, loose transactional privacy is accomplished in Bitcoin by using many unique addresses for every wallet, while at the same time publishing all transactions. As an example, if Alice sends BTC 123.45 to Bob, the network creates a public record that allows anyone to see that 123.45 has been sent from one address to another. However, unless Alice or Bob make their ownership of these addresses known, it is difficult for anyone else to connect the transaction with them. However, if someone connects an address to a user at any point they could follow back a series of transactions as each participant likely knows who paid them and may disclose that information on request or under duress.<br />
<br />
It can be difficult to associate Bitcoin identities with real-life identities.<ref name="An Analysis of Anonymity in the Bitcoin System">Fergal Reid and Martin Harrigan (24 July 2011). [https://anonymity-in-bitcoin.blogspot.com/2011/07/bitcoin-is-not-anonymous.html An Analysis of Anonymity in the Bitcoin System]. An Analysis of Anonymity in the Bitcoin System.</ref> This property makes Bitcoin transactions attractive to sellers of illegal products.<ref name="Forbes">Andy Greenberg (20 April 2011). [http://www.forbes.com/forbes/2011/0509/technology-psilocybin-bitcoins-gavin-andresen-crypto-currency.html Crypto Currency]. Forbes Magazine.</ref><ref>{{cite web<br />
|last= Madrigal<br />
|first= Alexis<br />
|title= Libertarian Dream? A Site Where You Buy Drugs With Digital Dollars<br />
|publisher= The Atlantic Monthly<br />
|date= 2011-06-01<br />
|url= https://www.theatlantic.com/technology/archive/2011/06/libertarian-dream-a-site-where-you-buy-drugs-with-digital-dollars/239776/<br />
|accessdate = 2011-06-05<br />
}}</ref><br />
<br />
===Illicit use===<br />
<br />
====Cracking====<br />
The cracking organization "LulzSec" accepted donations in Bitcoin, having said that the group "needs Bitcoin donations to continue their hacking efforts".<ref name="CNET">{{cite web<br />
|last= Reisinger<br />
|first= Don<br />
|url= https://news.cnet.com/8301-13506_3-20070268-17/senators-target-bitcoin-currency-citing-drug-sales/<br />
|title= Senators target Bitcoin currency, citing drug sales &#124; The Digital Home – CNET News<br />
|publisher= News.cnet.com<br />
|date= 2011-06-09<br />
|accessdate = 2011-06-22<br />
}}</ref><ref>{{cite news<br />
|last= Olson<br />
|first= Parmy<br />
|url= http://blogs.forbes.com/parmyolson/2011/06/06/lulzsec-hackers-posts-sony-dev-source-code-get-7k-donation/<br />
|title= LulzSec Hackers Post Sony Dev. Source Code, Get $7K Donation – Parmy Olson – Disruptors – Forbes<br />
|publisher= Blogs.forbes.com<br />
|date= 6 June 2011<br />
|accessdate = 2011-06-22<br />
}}</ref><br />
<br />
====Silk Road====<br />
[[Silk Road]] is an anonymous black market that uses only the Bitcoin.<ref name="npr-06-12-11"><br />
{{Cite news<br />
|url= https://www.npr.org/2011/06/12/137138008/silk-road-not-your-fathers-amazon-com<br />
|date= 12 June 2011<br />
|newspaper= NPR<br />
|title= Silk Road: Not Your Father's Amazon.com<br />
|author= Staff<br />
}}</ref> <br />
<br />
In a 2011 letter to Attorney General Eric Holder and the Drug Enforcement Administration, senators Charles Schumer of New York and Joe Manchin of West Virginia called for an investigation into Silk Road and the Bitcoin.<ref name="npr-06-12-11"/><br />
Schumer described the use of Bitcoins at Silk Road as a form of money laundering.<ref name="ars-06-08-11"/><br />
<br />
====Botnet mining====<br />
In June 2011, Symantec warned about the possibility of botnets engaging in covert "mining" of Bitcoins,<ref>{{Cite web|author=Updated: 17 June 2011 | Translations available: 日本語 |url=http://www.symantec.com/connect/blogs/bitcoin-botnet-mining |title=Bitcoin Botnet Mining &#124; Symantec Connect Community |publisher=Symantec.com |date=2011-06-17 |accessdate = 2012-01-24}}</ref><ref>{{Cite web|url=http://www.zdnet.com/blog/security/researchers-find-malware-rigged-with-bitcoin-miner/8934 |title=Researchers find malware rigged with Bitcoin miner |publisher=ZDNet |date=2011-06-29 |accessdate = 2012-01-24}}</ref> consuming computing cycles, using extra electricity and possibly increasing the temperature of the computer (not associated with [http://snowafter.com Snow Day Calculator]). Later that month, the Australian Broadcasting Corporation caught an employee using the company's servers to generate Bitcoins without permission.<ref>{{Cite web|url=http://thenextweb.com/au/2011/06/23/abc-employee-caught-mining-for-bitcoins-on-company-servers/ |title=ABC employee caught mining for Bitcoins on company servers |publisher=The Next Web |date=2011-06-23 |accessdate = 2012-01-24}}</ref> Some malware also uses the parallel processing capabilities of the GPUs built into many modern-day video cards.<ref>{{Cite news |url=https://www.theregister.co.uk/2011/08/16/gpu_bitcoin_brute_forcing/ |title=Malware mints virtual currency using victim's GPU |date=16 August 2011<!-- 20:00 GMT -->|first=Dan |last=Goodin }}</ref> In mid August 2011, Bitcoin miner botnets were found;<ref>{{Cite web|url=http://www.infosecurity-magazine.com/view/20211/researcher-discovers-distributed-bitcoin-cracking-trojan-malware/ |title=Infosecurity – Researcher discovers distributed bitcoin cracking trojan malware |publisher=Infosecurity-magazine.com |date=2011-08-19 |accessdate = 2012-01-24}}</ref> trojans infecting Mac OS X have also been uncovered.<ref>{{Cite web|url=http://www.techworld.com.au/article/405849/mac_os_x_trojan_steals_processing_power_produce_bitcoins |title=Mac OS X Trojan steals processing power to produce Bitcoins – sophos, security, malware, Intego – Vulnerabilities – Security |publisher=Techworld |date=2011-11-01 |accessdate = 2012-01-24}}</ref><br />
<br />
===Theft and fraud===<br />
On 19 June 2011, a security breach of the Mt.Gox (an acronym for ''M''agic: ''T''he ''G''athering ''O''nline E''x''change, its original purpose) Bitcoin Exchange caused the price of a Bitcoin to briefly drop to US$0.01 on the Mt.Gox exchange (though it remained unaffected on other exchanges) after a hacker allegedly used credentials from a Mt.Gox auditor's compromised computer to illegally transfer a large number of Bitcoins to him- or herself and sell them all, creating a massive "ask" order at any price. Within minutes the price rebounded to over $15 before Mt.Gox shut down their exchange and canceled all trades that happened during the hacking period.<ref>[https://mtgox.com/press_release_20110630.html Clarification of Mt Gox Compromised Accounts and Major Bitcoin Sell-Off]</ref><ref>[https://www.youtube.com/watch?v=T1X6qQt9ONg YouTube. Bitcoin Report]</ref> The exchange rate of Bitcoins quickly returned to near pre-crash values.<ref name="mick">Jason Mick, 19 June 2011, [http://www.dailytech.com/Inside+the+MegaHack+of+Bitcoin+the+Full+Story/article21942.htm Inside the Mega-Hack of Bitcoin: the Full Story], DailyTech</ref><ref>Timothy B. Lee, 19 June 2011, [https://arstechnica.com/tech-policy/news/2011/06/bitcoin-price-plummets-on-compromised-exchange.ars Bitcoin prices plummet on hacked exchange], Ars Technica</ref><ref>Mark Karpeles, 20 June 2011, [https://support.mtgox.com/entries/20208066-huge-bitcoin-sell-off-due-to-a-compromised-account-rollback Huge Bitcoin sell off due to a compromised account – rollback], Mt.Gox Support</ref><ref name="register1">{{Cite news<br />
|title= Bitcoin collapses on malicious trade – Mt Gox scrambling to raise the Titanic<br />
|url= https://www.theregister.co.uk/2011/06/19/bitcoin_values_collapse_again/<br />
|date= 2011-06-19<br />
|author= Chirgwin, Richard<br />
|publisher= The Register<br />
}}</ref> Accounts with the equivalent of more than USD 8,750,000 were affected.<ref name="mick" /><br />
<br />
In July 2011, The operator of Bitomat, the third largest Bitcoin exchange, announced that he lost access to his wallet.dat file with about 17,000 bitcoins (roughly equivalent to USD 220,000 at that time). He announced that he would sell the service for the missing amount, aiming to use funds from the sale to refund his customers.<ref>[http://siliconangle.com/blog/2011/08/01/third-largest-bitcoin-exchange-bitomat-lost-their-wallet-over-17000-bitcoins-missing/ Third Largest Bitcoin Exchange Bitomat Lost Their Wallet, Over 17,000 Bitcoins Missing]. SiliconAngle</ref><br />
<br />
In August 2011, MyBitcoin, one of popular Bitcoin transaction processors, declared that it was hacked, which resulted in it being shut down, with paying 49% on customer deposits, leaving more than 78,000 BitCoins (roughly equivalent to USD 800,000 at that time) unaccounted for.<ref>[http://betabeat.com/2011/08/mybitcoin-spokesman-finally-comes-forward-what-did-you-think-we-did-after-the-hack-we-got-shitfaced/ MyBitcoin Spokesman Finally Comes Forward: “What Did You Think We Did After the Hack? We Got Shitfaced”]. BetaBeat</ref><ref>[http://betabeat.com/2011/08/search-for-owners-of-mybitcoin-loses-steam/ Search for Owners of MyBitcoin Loses Steam]. BetaBeat</ref><br />
<br />
In early August 2012, a lawsuit was filed in San Francisco court against Bitcoinica, claiming about USD 460,000 from the company. Bitcoinica was hacked twice in 2012, which led to allegations of neglecting the safety of customers' money and cheating them out of withdrawal requests.<ref>[https://arstechnica.com/tech-policy/2012/08/bitcoinica-users-sue-for-460k-in-lost-bitcoins/ Bitcoinica users sue for $460k in lost Bitcoins]. Arstechnica</ref><ref>[https://spectrum.ieee.org/tech-talk/computing/networks/first-bitcoin-lawsuit-filed-in-san-francisco First Bitcoin Lawsuit Filed In San Francisco]. IEEE Spectrum</ref><br />
<br />
In late August 2012, Bitcoin Savings and Trust was shut down by the owner, allegedly leaving around $5.6 million in debts; this led to allegations of the operation being a Ponzi scheme.<ref>{{Cite web|title=Bitcoin ponzi scheme – investors lose $5 million USD in online hedge fund|url=https://rt.com/usa/news/investors-currency-digital-fund-868/|publisher=RT}}</ref><ref>{{Cite web|last=Jeffries|first=Adrianne|title=Suspected multi-million dollar Bitcoin pyramid scheme shuts down, investors revolt|url=http://www.theverge.com/2012/8/27/3271637/bitcoin-savings-trust-pyramid-scheme-shuts-down|publisher=The Verge}}</ref><ref>{{Cite web|last=Mick|first=Jason|title="Pirateat40" Makes Off $5.6M USD in Bitcoin From Pyramid Scheme|url=http://www.dailytech.com/Pirateat40+Makes+Off+56M+USD+in+BitCoins+From+Pyramid+Scheme/article25538.htm|publisher=DailyTech}}</ref><ref>[https://pandodaily.com/2012/08/31/bitcoin-how-a-virtual-currency-became-real-with-a-5-6m-fraud/ Bitcoin: How a Virtual Currency Became Real with a $5.6M Fraud]. PandoDaily</ref> In September 2012, it was reported that U.S. Securities and Exchange Commission has started an investigation on the case.<ref>[http://blogs.telegraph.co.uk/technology/willardfoxton2/100007836/bitcoin-pirate-scandal-sec-steps-in-amid-allegations-that-the-whole-thing-was-a-ponzi-scheme/ Bitcoin 'Pirate' scandal: SEC steps in amid allegations that the whole thing was a Ponzi scheme ]. The Telegraph</ref><br />
<br />
In September 2012, Bitfloor Bitcoin exchange also reported being hacked, with 24,000 bitcoins (roughly equivalent to USD 250,000) stolen. As a result, Bitfloor suspended operations.<ref>[http://www.bbc.co.uk/news/technology-19486695 Bitcoin theft causes Bitfloor exchange to go offline]. BBC</ref><ref>[http://www.theverge.com/2012/9/5/3293375/bitfloor-bitcoin-exchange-suspended-theft Bitcoin exchange BitFloor suspends operations after $250,000 theft Bitcoin exchange BitFloor suspends operations after $250,000 theft]. The Verge</ref> The same month, Bitfloor resumed operations, with its founder saying that he reported the theft to FBI, and that he is planning to repay the victims, though the time frame for such repayment is unclear.<ref>[http://www.pcworld.com/article/2010586/bitcoin-exchange-back-online-after-hack.html?tk=rel_news Bitcoin exchange back online after hack]. PCWorld</ref><br />
<br />
===Taxation===<br />
In September 2012, the Intra-European Organization of Tax Administrations (IOTA), in Tbilisi, Georgia, held a workshop titled "Auditing Individuals and Legal Entities in the Use of e-Money." The workshop was attended by representatives from 23 countries.<ref name="Bitcoin Tax issues Oct 2012">{{cite journal | title=2012 TNT 209-4 NEWS ANALYSIS: VIRTUAL CURRENCY: A NEW WORRY FOR TAX ADMINISTRATORS?. (Release Date: OCTOBER 17, 2012) (Doc 2012-21516) | author=Stewart, David D. and Soong Johnston, Stephanie D. | journal=Tax Notes Today | year=2012 | month=October 29 | volume=2012 TNT 209-4 | issue=2012 TNT 209-4}}</ref> Jerry Taylor, IOTA's technical taxation expert, said, "There's an awful lot happening on the Internet environment which is fascinating at the moment and introducing new challenges for auditors when it comes to virtual currency."<ref name="Bitcoin Tax issues Oct 2012">{{cite journal | title=2012 TNT 209-4 NEWS ANALYSIS: VIRTUAL CURRENCY: A NEW WORRY FOR TAX ADMINISTRATORS?. (Release Date: OCTOBER 17, 2012) (Doc 2012-21516) | author=Stewart, David D. and Soong Johnston, Stephanie D. | journal=Tax Notes Today | year=2012 | month=October 29 | volume=2012 TNT 209-4 | issue=2012 TNT 209-4}}</ref> Bitcoin was mentioned during the workshop.<ref name="Bitcoin Tax issues Oct 2012">{{cite journal | title=2012 TNT 209-4 NEWS ANALYSIS: VIRTUAL CURRENCY: A NEW WORRY FOR TAX ADMINISTRATORS?. (Release Date: OCTOBER 17, 2012) (Doc 2012-21516) | author=Stewart, David D. and Soong Johnston, Stephanie D. | journal=Tax Notes Today | year=2012 | month=October 29 | volume=2012 TNT 209-4 | issue=2012 TNT 209-4}}</ref> <br />
<br />
Matthew Elias, founder of the [[Cryptocurrency Legal Advocacy Group]] (CLAG) published "Staying Between the Lines: A Survey of U.S. Income Taxation and its Ramifications on Cryptocurrencies", which discusses "the taxability of cryptocurrencies such as Bitcoin."<ref name="Bitcoin Tax issues Oct 2012">{{cite journal | title=2012 TNT 209-4 NEWS ANALYSIS: VIRTUAL CURRENCY: A NEW WORRY FOR TAX ADMINISTRATORS?. (Release Date: OCTOBER 17, 2012) (Doc 2012-21516) | author=Stewart, David D. and Soong Johnston, Stephanie D. | journal=Tax Notes Today | year=2012 | month=October 29 | volume=2012 TNT 209-4 | issue=2012 TNT 209-4}}</ref> CLAG "stressed the importance for taxpayers to determine on their own whether taxes are due on a Bitcoin-related transaction based on whether one has "experienced a realization event."<ref name="Bitcoin Tax issues Oct 2012">{{cite journal | title=2012 TNT 209-4 NEWS ANALYSIS: VIRTUAL CURRENCY: A NEW WORRY FOR TAX ADMINISTRATORS?. (Release Date: OCTOBER 17, 2012) (Doc 2012-21516) | author=Stewart, David D. and Soong Johnston, Stephanie D. | journal=Tax Notes Today | year=2012 | month=October 29 | volume=2012 TNT 209-4 | issue=2012 TNT 209-4}}</ref> Such examples are "when a taxpayer has provided a service in exchange for Bitcoins, a realization event has probably occurred, and any gain or loss would likely be calculated using fair market values for the service provided."<ref name="Bitcoin Tax issues Oct 2012">{{cite journal | title=2012 TNT 209-4 NEWS ANALYSIS: VIRTUAL CURRENCY: A NEW WORRY FOR TAX ADMINISTRATORS?. (Release Date: OCTOBER 17, 2012) (Doc 2012-21516) | author=Stewart, David D. and Soong Johnston, Stephanie D. | journal=Tax Notes Today | year=2012 | month=October 29 | volume=2012 TNT 209-4 | issue=2012 TNT 209-4}}</ref><br />
<br />
[[Peter Vessenes]], [[Bitcoin Foundation|Bitcoin Foundation's]] executive director, said, since the foundation is trying to pay for everything in Bitcoin, including salaries, "How do we W-2 someone for their Bitcoins? Do we mark-to-market every time a transfer happens? Payroll companies cringe."<ref name="BitCoin Tax issues Oct 2012">{{cite journal | title=2012 TNT 209-4 NEWS ANALYSIS: VIRTUAL CURRENCY: A NEW WORRY FOR TAX ADMINISTRATORS?. (Release Date: OCTOBER 17, 2012) (Doc 2012-21516) | author=Stewart, David D. and Soong Johnston, Stephanie D. | journal=Tax Notes Today | year=2012 | month=October 29 | volume=2012 TNT 209-4 | issue=2012 TNT 209-4}}</ref> The Bitcoin Foundation hopes "to push for solid guidance about its legal and tax treatment." [[Patrick Murck]], legal counsel for the Bitcoin Foundation, said he would like "to help regulators understand the technology better so they can make better decisions."<ref name="BitCoin Tax issues Oct 2012">{{cite journal | title=2012 TNT 209-4 NEWS ANALYSIS: VIRTUAL CURRENCY: A NEW WORRY FOR TAX ADMINISTRATORS?. (Release Date: OCTOBER 17, 2012) (Doc 2012-21516) | author=Stewart, David D. and Soong Johnston, Stephanie D. | journal=Tax Notes Today | year=2012 | month=October 29 | volume=2012 TNT 209-4 | issue=2012 TNT 209-4}}</ref> Murck said, "Bitcoin has the potential to become much more than a niche currency, but it needs the guidance and understanding of regulators." and "The full potential of Bitcoin could be realized through clearer guidelines and a better understanding by financial and tax regulators." and "Part of making that happen is to talk to regulators, the IRS, and tax professionals and helping them understand that Bitcoin is not this nefarious thing, it's just software, it's a community, and there's nothing inherently nefarious about either of those things."<ref name="BitCoin Tax issues Oct 2012">{{cite journal | title=2012 TNT 209-4 NEWS ANALYSIS: VIRTUAL CURRENCY: A NEW WORRY FOR TAX ADMINISTRATORS?. (Release Date: OCTOBER 17, 2012) (Doc 2012-21516) | author=Stewart, David D. and Soong Johnston, Stephanie D. | journal=Tax Notes Today | year=2012 | month=October 29 | volume=2012 TNT 209-4 | issue=2012 TNT 209-4}}</ref><br />
<br />
==See Also==<br />
* [[Introduction]]<br />
* [[Getting started]]<br />
* [[Using_Bitcoin|Detailed tutorial]]<br />
* [[FAQ]]<br />
* [https://www.weusecoins.com What Is Bitcoin?]<br />
* [https://www.bitcoinmining.com What Is Bitcoin Mining?]<br />
<br />
==References==<br />
<references /><br />
<br />
[[Category:Digital currencies]]<br />
{{wp}}{{p-move}}{{good}}<br />
[[es:Bitcoin]][[de:Bitcoin]]</div>Pancyrus