https://paywally.pages.dev

It’s a standalone web app, no KYC, that implements a lightning paywall: you need to pay 21 sats to unlock the hidden content.

How it works:

• The app fetches a 19 sats invoice from bordalix@coinos.io
• Then it creates a melt quote with this invoice
• In return the app gets amount = 19 and fee_reserve = 2 sats
• It then creates a mint quote of 21 sats (19 + 2)
• In return the app gets a payment request (aka ln invoice)
• It shows this invoice to the user in qrcode and text
• It pools the mint every 5 seconds waiting for the invoice to be paid
• When paid, it mints the proofs
• Use these proofs to pay for the original invoice
• Receives a change of 2 sats and sends it to me via Nostr

It’s not perfect, the reader can sheat by inspecting the code and:

• Change the value to pay to 3 sats
• Change bordalix@coinos.io to his own lnurl
• Access the content in the code (is obfuscated, but is there)

Try it to get access to the code repo.

On mainnet, when Alice wants to send to Bob, she has 2 options:

1. Sign transaction and broadcast it (Bob will find it on mempool)
2. Sign transaction and send it to Bob (Bob can broadcast it immediately or later)

Let’s call it Send and Send Async respectively.

In Ark there are also 2 options for Alice (assuming Alice already has a VTXO).

Send:

• Alice asks the ASP to pay Bob
• ASP waits for other payment intentions
• ASP prepares a new round tx with a new VTXO belonging to Bob and shows it to Alice
• Alice signs a forfeit tx using a round tx output as input (making it atomic)
• Alice needs to be online during the round
• ASP liquidity is required immediately

Send Async (or Out-Of-Round):

• Alice prepares a redeem tx (spends Alice’s VTXO into a Bob’s VTXO)
• Alice ask the ASP to co-sign the redeem tx
• Alice sends the redeem tx to Bob (it doesn’t matter how)
• Bob can use this redeem tx to join a round now or later (up until Alice’s VTXO validity)
• Alice doesn’t need to be online during the round
• ASP liquidity is required later (only when Bob joins the round)
• Up until joining the round, Bob is trusting Alice + ASP don’t collude to double spend him

For a more detailed explanation, check Payments and Out-of-Round Payments on arkdev.info

Related: Ark explainer

I believe there’s a huge gap between the ease of use of Wallet of Satoshi and the self-custody of Phoenix. To minimize this gap, I created a new web app, a wallet that has the self-custody of Phoenix and is easy to use as WoS.

Helm is a Liquid wallet that uses Boltz submarine swaps to disguise itself as a Lightning wallet that even your grandma can use.

But it has a cost.

All transactions must go on the Liquid chain and also Boltz must earn something for the service they provide, so there are fees to be paid:

• The minimum cost for sending a payment is around 200 sats;
• The average cost for sending or receiving a payment is around 400 sats plus 0.1% of the amount;
• Transactions between Helm wallets don’t pay Boltz fees but can take up to 1 minute to complete;
• Amounts are limited between 1.000 and 25.000.000 sats.

You can try it (testnet if you want) on https://helm-wallet.pages.dev/

Code is available at https://github.com/bordalix/helm-wallet/

The web app is completely independent, no server required. You can clone it, build it and run it from your own computer. Everything runs on the browser.

Critics and suggestions are welcome.

Landing page

• Buy gift card (includes VISA)
• Capture Lightning (LN) invoice
• Call Boltz and make LBTC => LN swap
• User pays LBTC with Marina wallet

Try it yourself: Liquid TBC

Motivation:

• Because I can 😉
• To show the possibilities of integrating Liquid with the Lightning Network
• Now there’s code in plain javascript that anyone can read and adapt for their own needs

Key features of Nostr:

• Decentralized: Nostr does not have a central server or authority. Instead, it relies on a network of relays that store and distribute messages. This makes it difficult to censor or shut down the network.
• User-empowered: Users have complete control over their own data and can choose which relays they trust. They can also self-host their own relays to ensure that their data is not subject to third-party control.
• Censorship-resistant: Nostr’s decentralized nature makes it very difficult to censor messages. Even if some relays are censored, there will always be other relays that are available to store and distribute messages.
• Open protocol: Nostr is an open protocol, which means that anyone can build applications on top of it. This has led to the development of a variety of Nostr clients, each with its own unique features.

Besides social networking, Nostr has other potential use cases, including:

• News feeds and RSS feeds: Nostr could be used to create a decentralized and censorship-resistant alternative to traditional news feeds and RSS feeds.
• Microblogging and status updates: Nostr could be used to create a decentralized and censorship-resistant alternative to microblogging platforms like Twitter.
• File sharing and distributed file storage: Nostr could be used to create a decentralized and censorship-resistant alternative to file-sharing platforms like Dropbox and Google Drive.
• Secure messaging and encrypted communication: Nostr could be used to create a decentralized and censorship-resistant alternative to secure messaging platforms like Signal and WhatsApp.
• Identity management and self-sovereign identity: Nostr could be used to create a decentralized and censorship-resistant alternative to traditional identity management systems.
• Decentralized applications (dApps): Nostr could be used to build a wide variety of decentralized applications (dApps).

A few examples of dApps built on top of Nostr:

• Social Networking
  • Damus: A popular iOS Nostr client with a focus on privacy and security
  • Primal - Lightning fast web client for Nostr
  • NostrChat: A simple and user-friendly Nostr chat client
• File Sharing
  • Nostrfiles: A decentralized file storage platform built on Nostr
  • Nostr storage: A decentralized cloud storage solution built on Nostr
• Messaging
  • Blowlater: A private messaging client built on Nostr
  • 0xChat: A telegram-like Nostr client for iOS and Android
• Other
  • NostrNet: A decentralized event calendar built on Nostr
  • Nostr Market: Create your own decentralized market
  • Joinstr: Coinjoin implementation using Nostr
  • Formstr: A usable alternative to google forms
  • Hostr: Decentralized web hosting solution on Nostr
  • w3.do: URL shortener
  • Stremr: Sharing music
• Made by me
  • Chesstr: A chessboard powered by Nostr
  • NIP05 crawler: Find all users on a nip05 provider
  • Nostr Backup: Fetch and backup your events
  • Nostr Restore: Restore your nostr backup
  • Nostr Broadcast: Fetch and broadcast your events
  • Nostr Markets: Find all Nostr markets

These are just a few examples of the many potential use cases for Nostr, you can read an exhaustive list on awesome-nostr

As the protocol matures and more creative minds get involved, we can expect to see even more innovative and groundbreaking ways to use Nostr in the future

By using different Sighash types, users have control over which parts of a transaction are mutable and which are immutable when they sign it. This flexibility allows for various use cases, such as creating conditional transactions or enabling partial signatures for multi-signature transactions.

Sighash types, such as SIGHASH_ALL, SIGHASH_NONE, SIGHASH_SINGLE, and others, define different signing schemes. These schemes specify which parts of a transaction are committed to, preventing tampering while still allowing different transaction formats.

Each signature has two flags appended at the end:

SIGHASH, which outputs were committed to this signature:

• ALL (0x01) = all outputs
• NONE (0x02) = none output
• SINGLE (0x03) = only the output with same index as this input.

ANYONECANPAY, which inputs were committed to this signature:

• False (0x00) = all inputs
• True (0x80) = only this input

Using both flags in conjunction we get 6 possibilities:

SIGHASH_DEFAULT:

BIP-341 (Taproot) introduces a new flag, SIGHASH_DEFAULT (0x00), that works like SIGHASH_ALL but spares one byte on the signature (64 instead of 65 bytes).

26,959,535,291,011,309,493,156,476,344,723,991,336,010,898,738,574,164,086,137,773,096,960

Maybe in its hexadecimal format?

0x00000000FFFF0000000000000000000000000000000000000000000000000000

Yes, it’s the maximum target hash.

But what thus it means, and why this “weird” value?

Bitcoin’s protocol wants blocks mined every 10 minutes (on average), but the number of miners doing it varies along the time. The protocol adjusts to this hash power variation by increasing or decreasing the difficulty to mine a block.

This adjustment is made every 2016 blocks (~2 weeks), by multiplying the current difficulty with the ratio of expected time / actual time it took to mine the previous 2016 blocks.

For example, if the last 2016 took 18144 minutes (instead of 20160), the ratio would be 1.1 and the new difficulty would be 1.1 times the previous difficulty:

new difficulty = difficulty * ( 20160 / 18144)

To reflect difficulty in the process of mining, a new value is calculated from the difficulty value (the target hash) and block headers must be equal or below this target hash. Since block headers are found by trial and error, the lower the target hash, the harder it is to find a valid block header.

The target hash is calculated and written to the block header:

target hash = maximum target hash / difficulty

So, we now reached the maximum target, a Bitcoin constant with the value of 0x00000000FFFF0000000000000000000000000000000000000000000000000000

Now, why 0x00000000FFFF00…00? Why not 0xFF…FF?

If you are Satoshi, and you are about to launch the genesis block, you have two things to consider:

1. What will be the difficulty of block 0? Well, logic says it should be the easiest block of all, so it should have the minimum value possible, 1.

2. How to make sure that my computer will take about 10 minutes to mine the next blocks? After all, you are pretty sure you will be alone doing this for a while.

If you put a maximum target of 0xFF..FF, and difficulty at 1, using the above formula, you’ll have a target hash of 0xFF..FF, which means that EVERY block will be a valid block, which means that your computer will generate thousands of blocks in a few seconds.

The difficulty adjustment would kick in every 2016 blocks, but since the difficulty adjustment it’s limited to a variation by a factor of 4 (4 > ratio > 0.25), it would take some time adjusting and we would end up with thousands of empty blocks.

To prevent this, you’ll need to calculate the hash power of your computer and then define the maximum target in order to have it mining blocks every 10 minutes on average.

And it seems 0x00000000FFFF00…00 was the number.

A password?! That's it?
Yep, that's it.

What do you mean with "send to a password"?
It means those bitcoins now belong to the owner of that password.

What if someone finds my password?
Then he will be able to spend your bitcoins.

How hard will it be to try all possible passwords to check if they have bitcoins?
Really hard, it would take hundreds of thousands of years to do it. There are a lot of different possible passwords available. If you choose your password at random - and don’t use your birthday - you're safe.

How many different possible passwords are there?
Almost 2^256, or in numbers you understand, 115,792,089,237,316,195,423,570,985,008,687,907,852,837,564,279,074,904,382,605,163,141,518,161,494,336. That's higher than the number of atoms in the perceived universe.

But wait, you told me that to get some bitcoins, I had to pay someone for him to send his bitcoins to my password. So, he must know my password, right?
No, absolutely not. Bitcoin uses mathematics to transform your password (also known as a private key) into a public key. These two keys are related, but totally different. It's really easy to get a public key from a private key. But it's impossible to guess a private key from his public key. So what you do is ask that guy to send his bitcoin to your public key, instead of your private key, thus keeping it secret.

Send to the public key?! But if it's public, everyone will know about it! How are my bitcoins secured then?
Because you asked that guy to send the bitcoins not to the public key itself, but to a script.

A script? What is that?
Imagine your public key as a word. One can say "These bitcoins now belong to these public key X". But with Bitcoin script, we can build sentences. So, instead, we can say "These bitcoins now belong to who proofs to own the private key where its public key is the same as this public key X". That sentence in bold is what we call the unlocking script.

Sentences instead of words? That sounds interesting.
Yes, it is. There are different sentences in use nowadays in Bitcoin, but I will explain this to you when you're 11. For the meantime, let's stay with the basics: a) you need a password, or as you now know, a pair of keys (public and private), b) you pay someone to send his bitcoins to your public key, and c) you don't need to show him the private key. Only the script and your public key are recorded, in what is called a transaction.

So a transaction happens when some bitcoins change ownership?
Exactly. A transaction has two parts: inputs and outputs. Input are all the bitcoins entering the transaction. These bitcoins will change ownership. Remember, the owner has to prove he owns these bitcoins, by satisfying the unlocking script. The output defines the new ownership of the bitcoins referenced in the input.

We can have more than one input and more than one output? Why?
Imagine you have 2 private keys, each "owning" 5 bitcoins. You want to buy something that costs 7 bitcoins. You create a transaction with those 2 private keys on the input, which gives you 10 bitcoins in total. On the output, you define that 7 will belong to the public key of the seller, and 3 to your public key again (it's your change).

But now everyone can see that my bitcoins belong to this public key. Is that ok?
If you use the same public key for every bitcoin you receive, people will know that they belong to the same person. So you should generate a new pair of keys for every bitcoin you receive. Even the public key for your change should be different.

A new password for every bitcoin I receive? That's a nightmare!
No it isn't, if you use a Bitcoin wallet to manage all your passwords.

A wallet? What's that?
You know what a browser is, right?

Yeah, it allows me to access the World Wide Web.
Exactly, and a Bitcoin wallet it's just like a browser, but to access the Bitcoin network.

So, my bitcoins are stored in that wallet?
Not your bitcoins, your passwords. Your bitcoins are registered on the network as belonging to your passwords, so you just need to take care of your passwords.

So, if I lose my wallet, and so my passwords, I lose my bitcoins?
Yeah. That's why it is so important to backup your passwords.

But with a new password for every time someone sends me bitcoins, there are always new passwords being generated. How can I backup something that's always changing?
Because in Bitcoin there's a concept of a super master password. If you backup that, you'll be able to access all your used (and future) passwords. This super master password is called a seed phrase.

Future passwords? Really?
That's the beauty of Elliptic Curve Cryptography. But I will explain that to you when you're 12.

What if my wallet app disappears? Like if the company which made the app go bankrupt?
You just install another wallet and add the seed phrase to it. The new wallet will then be able to know all your passwords, and will be able to scan the network and find your bitcoins there.

But where do wallets see this? Where is that information recorded?
In a database, or how we call it, a ledger.

A database? What's that?
It's a place where information is stored. You know that Google spreadsheet where I keep your school grades? The one I share with you and your mother? That's a database. Imagine that there's a Google spreadsheet where every transaction is recorded. Imagine that anyone in the world could read that Google spreadsheet. Anyone, with no restrictions. But no one could edit it.

Yeah, like tweeting the public link of the spreadsheet.
Exactly, everyone could read all the sheets from the spreadsheet and verify all transactions.

Verify all transactions?
Yeah, all transactions must be registered in this spreadsheet and can be validated. And you should validate all transactions, to be sure you don't have a fake spreadsheet. You want to be sure the transaction changing ownership of the bitcoins to you is there. Before sending the money. For this to work the spreadsheet must be non editable.

That's ok, no one can edit the spreadsheet, they only have read access.
Except of course, for the owner of the spreadsheet. The one who sent the link initially. He can do whatever he wants with it.

The owner? I forgot about him. But, in that case, we have to trust him to be honest?
No, we don't. Bitcoin solved the problem by not having an owner, and by distributing the ledger. There is not one, but more than 100.000 copies of the ledger distributed around the world. These copies run in computers we call nodes.

So nodes maintain copies of the ledger around the world?
Yes, and they validate transactions.

How do they know they have the correct spreadsheet?
Because all transactions are valid, and no one can change what's written there.

No one can write to it? How come?
I didn't say no one can write to it, I said no one can change what's written there. Pay attention please.

Hu? What's the difference?
Well, you cannot change what's written there, but you can add information there. Like with your school grades spreadsheet. Do you know how your school grade spreadsheet has several sheets?

Yes, one for each school period.
Exactly. After I enter your grades, I don't need to change them. They will not change. And in the next period, I just add a new sheet to the spreadsheet with the new grades. Without touching the previous sheets.

So, you can never change anything, but you can always add information on top?
Clever boy.

Why is that important?
Because after a transaction is stored in a new sheet, it cannot be changed. Imagine the guy you pay for your bitcoins afterwards changes the transaction to another public key. You no longer control/own those bitcoins, and you lost your money. It's of paramount importance the immutability of the spreadsheet.

So, will my transaction appear in a new sheet in this spreadsheet?
Yes, sooner or later.

Sooner or later? How come?
Well, someone needs to write the new sheet, right? But who? To solve this, Bitcoin runs a lottery every 10 minutes. Whoever wins it gains the right to add a new sheet to the spreadsheet. So, your transaction will only appear after this lottery finishes. And even then, it may not see it in the new sheet. If there are a lot of transactions waiting to be included in a sheet, you will have to wait.

Why aren't all new transactions in the new sheet?
Because sheets have a limit in size. If there are too many transactions to be included, a selection must be made. The winner of the lottery is free to choose which transactions he wants to include in the new sheet. You know, we should start calling these sheets blocks, that's their real names.

Can't we bribe the lottery winner?
Bribery? What do they teach you in school nowadays?

...
Actually, we can, and it's quite easy. When you define a transaction, you can define your output inferior to your input. This way, you are telling the lottery winner he can keep the difference. Of course, lottery winners will choose those transactions with a higher difference.

How are new bitcoins generated?
In this 10 minute lottery. The winner also gains some bitcoins as a prize, and this it's the only way new bitcoins are born.

So, every 10 minutes some bitcoins are born?
Yes. It’s called the block subsidy, and these new bitcoins belong to the lottery winner. When Bitcoin started, the block subsidy was 50 bitcoins. Every 210.000 blocks (more or less 4 years) this block subsidy is cut in half. Nowadays the block subsidy is 6.25 bitcoins, and in 2024 it will be cut to 3.125 bitcoins.

So, how many bitcoins will ever be generated?
Almost 21 millions.

That’s it? 21 millions?
Yes, 21 millions in round numbers, no more no less.

And why 21 million?
Nobody knows. Satoshi Nakamoto, the guy who invented this, decided it. It was easy to get any other number. If for instance he wanted to be 42 millions, all was needed was to start with a block subsidy of 100 bitcoins instead of 50. Or if he wanted it to be 16 millions, just halved the block subsidy every 160.000 blocks instead of 210.000. The truth is, nobody really knows.

Can’t we ask him?
Nopes. He disappeared shortly after announcing Bitcoin.

Double spend is when a set of coins is spent in more than one transaction. This can happen for various reasons, but one of the reasons is fraud attempts.

Bitcoin Cash accepts 0-conf payments, which I consider insecure by default. But I would like to have some data to support this, so I went looking.

Since someone developed a website for detecting double spends on the Bitcoin Cash network, I decided to scrape it and get some numbers from it. The site in question is:

https://doublespend.cash/

Numbers

• Date of first transaction, 2018-02-13 11:34:44 +0000
• Date of last transaction, 2018-08-22 06:31:53 +0100
• Period, 189 days
• Number of attempts, 387
• Successful double spends, 109 (28%)

Files

Feel free to clone the GitHub repo and use it at your own will.

• scrape.rb, a ruby script, scrapes the website and writes to a json file
• output.json, file with all transactions in JSON format
• stats.rb, parses the output.json file and delivers some stats