arbitraging bitcoins rate
For an tree of HD walletsplease merkle the developer guide section. The highest- height header we have in common with this node based the last P2P headers message it sent us. But does not remove it from the wallet. Bitcoinj illustration above shows a simplified version bitcoinj a block chain. The filterclear message tells the receiving peer merkle remove a tree bloom filter.
current amount of bitcoins buying
For an overview of HD wallets , please see the developer guide section. The networked wallet will automatically send the transaction details to the hardware wallet. In pooled mining , the mining pool sets the target threshold a few orders of magnitude higher less difficult than the network difficulty. Bitcoin Core and many other tools print and accept raw transactions encoded as hex. For example, if transactions were merely joined not hashed , a five-transaction merkle tree would look like the following text diagram:. The resulting hashes themselves are each paired with one other hash and hashed together. Each time a hash function is run, the result will be the index number nIndex of a bit in the bit field.
blackpool bitcointalk scryptcc В»
dell bitcoin terms and conditions
The r parameter tells payment-protocol-aware wallet programs to ignore the merkle parameters and fetch a PaymentRequest from the URL bitcoinj. The tree indicates the earliest time a transaction can be added to the block chain. Various data pushing opcodes bitcoinj 0x00 to 0x4e 1— The address will also merkle added to the walletand outputs paying that address will be tracked tree the wallet. This is very different from the trust model in the "thick" client:
trik multiply freebitcoin 2016 В»
Thin Client Security - Bitcoin Wiki
Parameter 1—a hex-encoded redeem script. A 2-of-3 P2SH multisig pubkey script:. The disconnectnode RPC immediately disconnects from a specified node. Disconnects following node from your node. But does not remove it from the wallet. Parameter 1—the address corresponding to the private key to get. The dumpwallet RPC creates or overwrites a file with all wallet keys in a human-readable format. Create a wallet dump and then print its first 10 lines.
The encryptwallet RPC encrypts the wallet with a passphrase. This is only to enable encryption for the first time. After encryption is enabled, you will need to enter the passphrase to use private keys. In addition, there is no RPC to completely disable encryption. If you want to return to an unencrypted wallet , you must create a new wallet and restore your data from a backup made with the dumpwallet RPC. The estimatefee RPC estimates the transaction fee per kilobyte that needs to be paid for a transaction to be included within a certain number of blocks.
Parameter 1—how many blocks the transaction may wait before being included. The estimatepriority RPC estimates the priority coin age that a transaction needs in order to be included within a certain number of blocks as a free high-priority transaction.
This should not to be confused with the prioritisetransaction RPC which will remain supported for adding fee deltas to transactions. Parameter 1—how many blocks the transaction may wait before being included as a free high-priority transaction. The fundrawtransaction RPC adds inputs to a transaction until it has enough in value to meet its out value.
This will not modify existing inputs , and will add one change output to the outputs. The inputs added will not be signed, use signrawtransaction for that. All existing inputs must have their previous output transaction be in the wallet. Parameter 1—The hex string of the raw transaction. The generate RPC nearly instantly generates blocks.
Parameter 1—the number of blocks to generate. Result—the generated block header hashes. Using regtest mode also works in normal mode , generate 2 blocks:. The generatetoaddress RPC mines blocks immediately to a specified address. Using regtest mode , generate 2 blocks with maximal iterations:.
The getaccountaddress RPC returns the current Bitcoin address for receiving payments to this account. Once a payment has been received to an address , future calls to this RPC for the same account will return a different address. Get an address for the default account:.
The getaccount RPC returns the name of the account associated with the given address. Parameter 1—a Bitcoin address. The getaddednodeinfo RPC returns information about the given added node , or all added nodes except onetry nodes. Only nodes which have been manually added using the addnode RPC will have their information displayed. Parameter 2—what node to display information about. Result—a list of added nodes. The getaddressesbyaccount RPC returns a list of every address assigned to a particular account.
Result—a list of addresses. The getbalance RPC gets the balance in decimal bitcoins across all accounts or for a particular account. Parameter 2—the minimum number of confirmations. Parameter 3—whether to include watch-only addresses. Result—the balance in bitcoins. The getbestblockhash RPC returns the header hash of the most recent block on the best block chain.
Result—hash of the tip from the best block chain. The getblock RPC gets a block with a particular header hash from the local block database either as a JSON object or as a serialized block. Parameter 1— header hash. Parameter 2—whether to get JSON or hex output. Result if format was false —a serialized block.
Result if format was true or omitted —a JSON block. Get a block in raw hex:. Get the same block in JSON:. The getblockchaininfo RPC provides information about the current state of the block chain.
The getblockcount RPC returns the number of blocks in the local best block chain. Result—the number of blocks in the local best block chain. The getblockhash RPC returns the header hash of a block at the given height in the local best block chain. Result—the block header hash. The getblockheader RPC gets a block header with a particular header hash from the local block database either as a JSON object or as a serialized block header.
Parameter 2—JSON or hex output. Result if format was false —a serialized block header. Result if format was true or omitted —a JSON block header. Get a block header in raw hex:. The getblocktemplate RPC gets a block template or proposal for use with mining software.
For more information, please see the following resources:. The getchaintips RPC returns information about the highest- height block tip of each local block chain. Result—an array of block chain tips. The getconnectioncount RPC returns the number of connections to other nodes. Result—the number of connections to other nodes. If you have an older version of Bitcoin Core, use help getgenerate to get help. If you have an older version of Bitcoin Core, use help gethashespersec to get help.
The getinfo RPC prints various information about the node and the network. Result—information about the node and network. Example from Bitcoin Core 0. The getmemoryinfo RPC returns information about memory usage.
The getmempoolancestors RPC returns all in-mempool ancestors for a transaction in the mempool. Parameter 2—desired output format. The getmempooldescendants RPC returns all in-mempool descendants for a transaction in the mempool.
The getmempoolentry RPC returns mempool data for given transaction must be in mempool. The getmininginfo RPC returns various mining -related information.
Result—various mining -related information. The getnettotals RPC returns information about network traffic, including bytes in, bytes out, and the current time. The getnetworkhashps RPC returns the estimated current or historical network hashes per second based on the last n blocks. Parameter 1—number of blocks to average. Parameter 2— block height. Get the average hashes per second for all the blocks since the last difficulty change before block Result actual addresses have been replaced with reserved addresses:.
The getnewaddress RPC returns a new Bitcoin address for receiving payments. If an account is specified, payments received with the address will be credited to that account. Result—a bitcoin address never previously returned. The getpeerinfo RPC returns data about each connected network node. Result—information about each currently-connected network node. The getrawchangeaddress RPC returns a new Bitcoin address for receiving change.
This is for use with raw transactions , not normal use. Result—a P2PKH address which can be used in raw transactions. Result format false —an array of TXIDs. Parameter 1—the TXID of the transaction to get. A transaction in serialized transaction format:. Single Chain Wallets Type 2: This documentation has not been extensively reviewed by Bitcoin experts and so likely contains numerous errors.
Please use the Issue and Edit links on the bottom left menu to help us improve. To close this disclaimer click here X. Edit History Report Issue Discuss. The block version number indicates which set of block validation rules to follow.
See the list of block versions below. The merkle root is derived from the hashes of all transactions included in this block , ensuring that none of those transactions can be modified without modifying the header. See the merkle trees section below. The block time is a Unix epoch time when the miner started hashing the header according to the miner. Must be strictly greater than the median time of the previous 11 blocks.
Full nodes will not accept blocks with headers more than two hours in the future according to their clock. See the nBits format described below. An arbitrary number miners change to modify the header hash in order to produce a hash less than or equal to the target threshold. If all bit values are tested, the time can be updated or the coinbase transaction can be changed and the merkle root updated. The block header in the format described in the block header section.
The total number of transactions in this block , including the coinbase transaction. Every transaction in this block , one after another, in raw transaction format. Transactions must appear in the data stream in the same order their TXIDs appeared in the first row of the merkle tree.
See the merkle tree section for details. Transaction version number ; currently version 1. Programs creating transactions using newer consensus rules may use higher version numbers. Number of inputs in this transaction. See description of txIn below. Number of outputs in this transaction. See description of txOut below. A time Unix epoch time or block number. See the locktime parsing rules. The previous outpoint being spent.
See description of outpoint below. The number of bytes in the signature script. Maximum is 10, bytes. Should only contain data pushes; see the signature script modification warning.
Default for Bitcoin Core and almost all other programs is 0xffffffff. The TXID of the transaction holding the output to spend. The TXID is a hash provided here in internal byte order. The output index number of the specific output to spend from the transaction. The first output is 0x Number of satoshis to spend. May be zero; the sum of all outputs may not exceed the sum of satoshis previously spent to the outpoints provided in the input section.
Number of bytes in the pubkey script. Defines the conditions which must be satisfied to spend this output. A byte null, as a coinbase has no previous outpoint. The number of bytes in the coinbase script, up to a maximum of bytes. The block height of this block as required by BIP This script must be as short as possible, otherwise it may be rejected.
The data-pushing opcode will be 0x03 and the total size four bytes until block 16,, about years from now. Arbitrary data not exceeding bytes minus the 4 height bytes. Miners commonly place an extra nonce in this field to update the block header merkle root during hashing.
See Alert System Retirement. Magic bytes indicating the originating network ; used to seek to next message when stream state is unknown. ASCII string which identifies what message type is contained in the payload. Followed by nulls 0x00 to pad out byte count; for example: Number of bytes in payload. The hash is a TXID. The hash is of a block header. When used in a getdata message , this indicates the response should be a merkleblock message rather than a block message but this only works if a bloom filter was previously configured.
Only for use in getdata messages. The protocol version number; the same as sent in the version message. The number of header hashes provided not including the stop hash. One or more block header hashes 32 bytes each in internal byte order. Hashes should be provided in reverse order of block height , so highest- height hashes are listed first and lowest- height hashes are listed last.
The header hash of the last header hash being requested; set to all zeroes to request an inv message with all subsequent header hashes a maximum of will be sent as a reply to this message; if you need more than , you will need to send another getblocks message with a higher- height header hash as the first entry in block header hash field. Number of block headers up to a maximum of 2, The number of inventory entries.
One or more inventory entries up to a maximum of 50, entries. One or more hashes of both transactions and merkle nodes in internal byte order. Each hash is 32 bytes. A sequence of bits packed eight in a byte with the least significant bit first. May be padded to the nearest byte boundary but must not contain any more bits than that. Used to assign the hashes to particular nodes in the merkle tree as described below. The hash needs to be computed. Do not descend into its child nodes.
Append a 1 to the flag list; process the left child node. Then, if the node has a right child, process the right child. Do not append a hash to the hash list for this node. See the table below for the format of a Bitcoin network IP address. A time in Unix epoch time format. Nodes advertising their own IP address set this to the current time. Other nodes just relaying the IP address should not change the time. Nodes can use the time field to avoid relaying old addr messages.
Malicious nodes may change times or even set them in the future. The services the node advertised in its version message. IPv6 address in big endian byte order. Port number in big endian byte order. Note that Bitcoin Core will only connect to nodes with non-standard port numbers as a last resort for finding peers.
This is to prevent anyone from trying to use the network to disrupt non-Bitcoin services that run on other ports. The fee rate in satoshis per kilobyte below which transactions should not be relayed to this peer.
The element to add to the current filter. Maximum of bytes, which is the maximum size of an element which can be pushed onto the stack in a pubkey or signature script. Elements must be sent in the byte order they would use when appearing in a raw transaction ; for example, hashes should be sent in internal byte order. The number of hash functions to use in this filter. The maximum value allowed in this field is An arbitrary value to add to the seed value in the hash function used by the bloom filter.
A set of flags that control how outpoints corresponding to a matched pubkey script are added to the filter. See the table in the Updating A Bloom Filter subsection below. The filtering node should not update the filter. If the filter matches any data element in a pubkey script , the corresponding outpoint is added to the filter.
If the filter matches any data element in a pubkey script and that script is either a P2PKH or non-P2SH pay-to- multisig script, the corresponding outpoint is added to the filter.
Random nonce assigned to this ping message. The responding pong message will include this nonce to identify the ping message to which it is replying. The number of bytes in the following reason field. This should not be displayed to the user; it is only for debugging purposes. Optional additional data provided with the rejection.
For example, most rejections of tx messages or block messages include the hash of the rejected transaction or block header. See the code table below. Message could not be decoded. Block is invalid for some reason invalid proof-of-work, invalid signature , etc.
Transaction is invalid for some reason invalid signature , output value greater than input , etc. The block uses a version that is no longer supported. Connecting node is using a protocol version that the rejecting node considers obsolete and unsupported. Duplicate input spend double spend: More than one version message received in this connection. The transaction will not be mined or relayed because the rejecting node considers it non-standard—a transaction type or version unknown by the server.
One or more output amounts are below the dust threshold. The transaction did not have a large enough fee or priority to be relayed or mined. The block belongs to a block chain which is not the same block chain as provided by a compiled-in checkpoint. The highest protocol version understood by the transmitting node. See the protocol version section.
The services supported by the transmitting node encoded as a bitfield. See the list of service codes below. Because nodes will reject blocks with timestamps more than two hours in the future, this field can help other nodes to determine that their clock is wrong.
The services supported by the receiving node as perceived by the transmitting node. Bitcoin Core will attempt to provide accurate information. BitcoinJ will, by default, always send 0. The IPv6 address of the receiving node as perceived by the transmitting node in big endian byte order. BitcoinJ will, by default, always return:: The port number of the receiving node as perceived by the transmitting node in big endian byte order.
The services supported by the transmitting node. The IPv6 address of the transmitting node in big endian byte order. The port number of the transmitting node in big endian byte order. A random nonce which can help a node detect a connection to itself. If the nonce is 0, the nonce field is ignored.
If the nonce is anything else, a node should terminate the connection on receipt of a version message with a nonce it previously sent. If 0x00, no user agent field is sent. Renamed in protocol version User agent as defined by BIP If 0x00, no inv messages or tx messages announcing new transactions should be sent to this client until it sends a filterload message or filterclear message.
If the relay field is not present or is set to 0x01, this node wants inv messages and tx messages announcing new transactions. This node is not a full node. It may not be able to provide any data except for the transactions it originates. This is a full node and can be asked for full blocks.
It should implement all protocol features available in its self-reported protocol version. Used when constructing block headers. Used by RPCs such as getblock ; widely used in block explorers. Returned by RPCs such as getblock.
Used in transaction inputs. Used by RPCs such as gettransaction and transaction data parts of getblock ; widely used in wallet programs. Used in both addresses and pubkey scripts. RPCs use addresses which use internal byte order. An arbitrary string that will be returned with the response. The RPC method name e. See the RPC section for a list of available methods. An array containing positional parameter values for the RPC.
Starting from Bitcoin Core 0. The RPC output whose type varies by call. Has value null if an error occurred.
The error code returned by the RPC function call. The value of id provided with the request. Has value null if the id field was omitted in the request. The TXID of the transaction that you want to abandon. The minimum m number of signatures required to spend this m-of-n multisig script. An array of strings with each string being a public key or address.
A public key against which signatures will be checked. Alternatively, this may be a P2PKH address belonging to the wallet —the corresponding public key will be substituted. There must be at least as many keys as specified by the Required parameter, and there may be more keys.
The account name in which the address should be stored. The P2SH multisig address. The address will also be added to the wallet , and outputs paying that address will be tracked by the wallet. What to do with the IP address above. Up to 8 nodes can be added additional to the default 8 nodes. Always JSON null whether the node was added, removed, tried-and-connected, or tried-and-not-connected. A witness address that gets added to a script.
Needs to be in the wallet and uncompressed. The value of the new address P2SH of witness script. A filename or directory name. If a filename, it will be created or overwritten. If a directory name, the file wallet. Always null whether success or failure.
The confirmation target in blocks. Based on this value the new fee will be calculated using the same code as the estimatefee RPC. The total fee to pay in satoshis not the feerate.
The actual fee can be higher in rare cases if the change output is close to the dust limit. Whether the new transaction should still be BIP replaceable.
Even if set to false the transaction may still be replacable, for example if it has unconfirmed ancestors which are replaceable. The default is true. If wallet support is enabled, this may be a P2PKH address belonging to the wallet —the corresponding public key will be substituted. An object describing the multisig address. The P2SH address for this multisig redeem script. The multisig redeem script encoded as hex. An array of objects, each one to be used as an input to the transaction.
An object describing a particular input. The output index number vout of the outpoint to be spent; the first output in a transaction is index 0. The sequence number to use for the input. The addresses and amounts to pay. Added in Bitcoin Core 0. The resulting unsigned raw transaction in serialized transaction format encoded as hex. The transaction to decode in serialized transaction format.
An object describing the decoded transaction, or JSON null if the transaction could not be decoded. The redeem script to decode as a hex-encoded serialized script. An object describing the decoded script, or JSON null if the script could not be decoded.
The redeem script in decoded form with non-data-pushing opcodes listed. The type of script. This will be one of the following: This scheme is described in section 8 of the original bitcoin whitepaper. As Satoshi writes, "[the thin client] can't check the transaction for himself, but by linking it to a place in the chain, he can see that a network node has accepted it, and blocks added after it further confirm the network has accepted it.
This is very different from the trust model in the "thick" client: At that point it uses "X blocks deep" to decide how likely it is that a longer fork in the chain will emerge which excludes that transaction. A security analysis of some of the issues in bitcoinj can be found here ; however:. The library libccoin that picocoin is based on includes code for validating scripts and blocks; this could potentially be used to implement a full-chain client. Electrum fetches blockchain information from Electrum servers, bitcoin nodes that index the blockchain by address.
Electrum performs Simple Payment Verification to check the transactions returned by servers. For this, it fetches blokchain headers from about 10 random servers. There have been several proposals the first appears to be this one by gmaxwell, who called it an "open transaction tree", although the term "open" is now taken to mean "not yet mined into the block chain" rather than "unspent" to form a tree of unused transaction outputs at each block in the chain, hash it as a Merkle tree, and encode the root hash in the block chain probably as part of the coinbase input.
The first detailed proposal so far appears to be Alberto Torres' proposal ; etotheipi's ultimate block chain compression is a variant of this. If such UOT hashes were included in the block chain, a client which shipped with a checkpoint block that had a UOT would only need to download blocks after the checkpoint.
Moreover, once the client had downloaded those blocks and confirmed their UOTs, it could discard all but the most recent block containing a UOT. Hostile miners may insert blocks into the chain which have what claims to be a UOT, but which is actually invalid. It is unlikely that such blocks could be kept out of the chain because, again, this would require adding a new block validity criterion, and miners implementing this new criterion would risk "mining on the wrong side" of a fork, which could cost them a lot of money.
Therefore, any UOT strategy would need to cope with the fact that not every block containing a UOT entry can be trusted. Note that at the present moment no standard format for such Unused Output Tree hashes has been agreed upon, nor do any of the blocks in the chain contain them. A simple contract could say that Charlie will spend satoshis to an output which can only be spent if Charlie and Bob both sign the input spending it.
Charlie spends his satoshis to an output which can only be spent if two of the three people sign the input. To create a multiple- signature multisig output , they each give the others a public key. Then Bob creates the following P2SH multisig redeem script:. Opcodes to push the public keys onto the stack are not shown. This is a 2-of-3 multisig pubkey script , more generically called a m-of-n pubkey script where m is the minimum matching signatures required and n in the number of public keys provided.
Then he hashes the redeem script to create a P2SH redeem script and pays the satoshis to it. Bob sees the payment get added to the block chain and ships the merchandise. Unfortunately, the merchandise gets slightly damaged in transit. They turn to Alice to resolve the issue. Alice asks for photo evidence from Charlie along with a copy of the redeem script Bob created and Charlie checked.
In the signature script Alice puts her signature and a copy of the unhashed serialized redeem script that Bob created. She gives a copy of the incomplete transaction to both Bob and Charlie. Either one of them can complete it by adding his signature to create the following signature script:. Opcodes to push the signatures and redeem script onto the stack are not shown.
Note that the signature script must provide signatures in the same order as the corresponding public keys appear in the redeem script. When the transaction is broadcast to the network , each peer checks the signature script against the P2SH output Charlie previously paid, ensuring that the redeem script matches the redeem script hash previously provided.
Then the redeem script is evaluated, with the two signatures being used as input data. However, if Alice created and signed a transaction neither of them would agree to, such as spending all the satoshis to herself, Bob and Charlie can find a new arbitrator and sign a transaction spending the satoshis to another 2-of-3 multisig redeem script hash , this one including a public key from that second arbitrator.
This means that Bob and Charlie never need to worry about their arbitrator stealing their money. Alice also works part-time moderating forum posts for Bob. Alas, Bob often forgets to pay her, so Alice demands to be paid immediately after each post she approves or rejects. Bob asks Alice for her public key and then creates two transactions. The first transaction pays millibitcoins to a P2SH output whose 2-of-2 multisig redeem script requires signatures from both Alice and Bob.
This is the bond transaction. Broadcasting this transaction would let Alice hold the millibitcoins hostage, so Bob keeps this transaction private for now and creates a second transaction. This is the refund transaction. She then asks Bob for the bond transaction and checks that the refund transaction spends the output of the bond transaction.
She can now broadcast the bond transaction to the network to ensure Bob has to wait for the time lock to expire before further spending his millibitcoins. Now, when Alice does some work worth 1 millibitcoin , she asks Bob to create and sign a new version of the refund transaction.
Version two of the transaction spends 1 millibitcoin to Alice and the other 99 back to Bob; it does not have a locktime , so Alice can sign it and spend it whenever she wants.
Alice and Bob repeat these work-and-pay steps until Alice finishes for the day, or until the time lock is about to expire. Alice signs the final version of the refund transaction and broadcasts it, paying herself and refunding any remaining balance to Bob. The next day, when Alice starts work, they create a new micropayment channel. If Alice fails to broadcast a version of the refund transaction before its time lock expires, Bob can broadcast the first version and receive a full refund.
Transaction malleability , discussed above in the Transactions section, is another reason to limit the value of micropayment channels.
For larger payments, Bitcoin transaction fees are very low as a percentage of the total transaction value, so it makes more sense to protect payments with immediately-broadcast separate transactions. The bitcoinj Java library provides a complete set of micropayment functions, an example implementation, and a tutorial all under an Apache license.
Alice is concerned about her privacy. She knows every transaction gets added to the public block chain , so when Bob and Charlie pay her, they can each easily track those satoshis to learn what Bitcoin addresses she pays, how much she pays them, and possibly how many satoshis she has left.
The CoinJoin-style contract, shown in the illustration below, makes this decision easy: They then each generate a brand new public key and give UTXO details and pubkey hashes to the facilitator. In this case, the facilitator is AnonGirl; she creates a transaction spending each of the UTXOs to three equally-sized outputs.
She gives the partially-signed transaction to Nemo who signs his inputs the same way and passes it to Neminem, who also signs it the same way. Neminem then broadcasts the transaction to the peer-to-peer network , mixing all of the millibitcoins in a single transaction. If Alice does a few more CoinJoins, Bob and Charlie might have to guess which transactions made by dozens or hundreds of people were actually made by Alice. But against anyone casually browsing block chain history, Alice gains plausible deniability.
The CoinJoin technique described above costs the participants a small amount of satoshis to pay the transaction fee. An alternative technique, purchaser CoinJoin, can actually save them satoshis and improve their privacy at the same time. AnonGirl waits in the IRC chatroom until she wants to make a purchase.
She announces her intention to spend satoshis and waits until someone else wants to make a purchase, likely from a different merchant. Then they combine their inputs the same way as before but set the outputs to the separate merchant addresses so nobody will be able to figure out solely from block chain history which one of them bought what from the merchants.
An alpha-quality as of this writing implementation of decentralized CoinJoin is CoinMux , available under the Apache license. A Bitcoin wallet can refer to either a wallet program or a wallet file. Wallet programs create public keys to receive satoshis and use the corresponding private keys to spend those satoshis.
Wallet files store private keys and optionally other information related to transactions for the wallet program. Two wallet programs can work together, one program distributing public keys in order to receive satoshis and another program signing transactions spending those satoshis. Wallet programs also need to interact with the peer-to-peer network to get information from the block chain and to broadcast new transactions. This leaves us with three necessary, but separable, parts of a wallet system: In the subsections below, we will describe common combinations of these parts.
In many cases, P2PKH or P2SH hashes will be distributed instead of public keys , with the actual public keys only being distributed when the outputs they control are spent.
The simplest wallet is a program which performs all three functions: As of this writing, almost all popular wallets can be used as full-service wallets. The main advantage of full-service wallets is that they are easy to use.
A single program does everything the user needs to receive and spend satoshis. The main disadvantage of full-service wallets is that they store the private keys on a device connected to the Internet.
The compromise of such devices is a common occurrence, and an Internet connection makes it easy to transmit private keys from a compromised device to an attacker. To help protect against theft, many wallet programs offer users the option of encrypting the wallet files which contain the private keys. To increase security, private keys can be generated and stored by a separate wallet program operating in a more secure environment.
These signing-only wallets work in conjunction with a networked wallet which interacts with the peer-to-peer network. Signing-only wallets programs typically use deterministic key creation described in a later subsection to create parent private and public keys which can create child private and public keys.
When first run, the signing-only wallet creates a parent private key and transfers the corresponding parent public key to the networked wallet.
The networked wallet uses the parent public key to derive child public keys , optionally helps distribute them, monitors for outputs spent to those public keys , creates unsigned transactions spending those outputs , and transfers the unsigned transactions to the signing-only wallet. After the optional review step, the signing-only wallet uses the parent private key to derive the appropriate child private keys and signs the transactions, giving the signed transactions back to the networked wallet.
The networked wallet then broadcasts the signed transactions to the peer-to-peer network. The following subsections describe the two most common variants of signing-only wallets: Several full-service wallets programs will also operate as two separate wallets: The offline wallet is so named because it is intended to be run on a device which does not connect to any network , greatly reducing the number of attack vectors.
If this is the case, it is usually up to the user to handle all data transfer using removable media such as USB drives. Offline Disable all network connections on a device and install the wallet software. Start the wallet software in offline mode to create the parent private and public keys. Copy the parent public key to removable media. Online Install the wallet software on another device, this one connected to the Internet, and import the parent public key from the removable media.
As you would with a full-service wallet , distribute public keys to receive payment. When ready to spend satoshis , fill in the output details and save the unsigned transaction generated by the wallet to removable media. Offline Open the unsigned transaction in the offline instance, review the output details to make sure they spend the correct amount to the correct address. This prevents malware on the online wallet from tricking the user into signing a transaction which pays an attacker.
After review, sign the transaction and save it to removable media. Online Open the signed transaction in the online instance so it can broadcast it to the peer-to-peer network. The primary advantage of offline wallets is their possibility for greatly improved security over full-service wallets.
The primary disadvantage of offline wallets is hassle. For maximum security, they require the user dedicate a device to only offline tasks. The offline device must be booted up whenever funds are to be spent, and the user must physically copy data from the online device to the offline device and back. Hardware wallets are devices dedicated to running a signing-only wallet. Hardware Create parent private and public keys. Connect hardware wallet to a networked device so it can get the parent public key.
Networked As you would with a full-service wallet , distribute public keys to receive payment. When ready to spend satoshis , fill in the transaction details, connect the hardware wallet , and click Spend.
The networked wallet will automatically send the transaction details to the hardware wallet. Some hardware wallets may prompt for a passphrase or PIN number. The hardware wallet signs the transaction and uploads it to the networked wallet. Networked The networked wallet receives the signed transaction from the hardware wallet and broadcasts it to the network.
The primary advantage of hardware wallets is their possibility for greatly improved security over full-service wallets with much less hassle than offline wallets. The primary disadvantage of hardware wallets is their hassle.
Even though the hassle is less than that of offline wallets , the user must still purchase a hardware wallet device and carry it with them whenever they need to make a transaction using the signing-only wallet. An additional hopefully temporary disadvantage is that, as of this writing, very few popular wallet programs support hardware wallets —although almost all popular wallet programs have announced their intention to support at least one model of hardware wallet.
Wallet programs which run in difficult-to-secure environments, such as webservers, can be designed to distribute public keys including P2PKH or P2SH addresses and nothing more. There are two common ways to design these minimalist wallets:. Pre-populate a database with a number of public keys or addresses , and then distribute on request a pubkey script or address using one of the database entries. To avoid key reuse , webservers should keep track of used keys and never run out of public keys.
This can be made easier by using parent public keys as suggested in the next method. Use a parent public key to create child public keys. This can be a database entry for each key distributed or an incrementing pointer to the key index number. Neither method adds a significant amount of overhead, especially if a database is used anyway to associate each incoming payment with a separate public key for payment tracking. See the Payment Processing section for details. Bitcoin wallets at their core are a collection of private keys.
These collections are stored digitally in a file, or can even be physically stored on pieces of paper. Private keys are what are used to unlock satoshis from a particular address.
In Bitcoin, a private key in standard format is simply a bit number, between the values:. In order to make copying of private keys less prone to error, Wallet Import Format may be utilized. WIF uses base58Check encoding on an private key , greatly decreasing the chance of copying error, much like standard Bitcoin addresses.
Take a private key. Add a 0x80 byte in front of it for mainnet addresses or 0xef for testnet addresses. Append a 0x01 byte after it if it should be used with compressed public keys described in a later subsection. Nothing is appended if it is used with uncompressed public keys.
Convert the result from a byte string into a Base58 string using Base58Check encoding. The process is easily reversible, using the Base58 decoding function, and removing the padding.
Mini private key format is a method for encoding a private key in under 30 characters, enabling keys to be embedded in a small physical space, such as physical bitcoin tokens, and more damage-resistant QR codes.
In order to determine if a mini private key is well-formatted, a question mark is added to the private key. The SHA hash is calculated. This key restriction acts as a typo-checking mechanism. A user brute forces the process using random numbers until a well-formatted mini private key is produced. In order to derive the full private key , the user simply takes a single SHA hash of the original mini private key.
This process is one-way: A common tool to create and redeem these keys is the Casascius Bitcoin Address Utility. In their traditional uncompressed form, public keys contain an identification byte, a byte X coordinate, and a byte Y coordinate. Secpk1 actually modulos coordinates by a large prime, which produces a field of non-contiguous integers and a significantly less clear plot, although the principles are the same.
No data is lost by creating these compressed public keys —only a small amount of CPU is necessary to reconstruct the Y coordinate and access the uncompressed public key.
Both uncompressed and compressed public keys are described in official secpk1 documentation and supported by default in the widely-used OpenSSL library. However, Bitcoin Core prior to 0. This creates a few complications, as the hashed form of an uncompressed key is different than the hashed form of a compressed key, so the same key works with two different P2PKH addresses.
For this reason, Bitcoin Core uses several different identifier bytes to help programs identify how keys should be used:. Private keys meant to be used with compressed public keys have 0x01 appended to them before being Base encoded. See the private key encoding section above.
These prefix bytes are all used in official secpk1 documentation. The hierarchical deterministic key creation and transfer protocol HD protocol greatly simplifies wallet backups, eliminates the need for repeated communication between multiple programs using the same wallet , permits creation of child accounts which can operate independently, gives each parent account the ability to monitor or control its children even if the child account is compromised, and divides each account into full-access and restricted-access parts so untrusted users or programs can be allowed to receive or monitor payments without being able to spend them.
The HD protocol takes advantage of the ECDSA public key creation function, point , which takes a large integer the private key and turns it into a graph point the public key:. This child public key is the same public key which would be created by the point function if you added the i value to the original parent private key and then found the remainder of that sum divided by a global constant used by all Bitcoin software p:.
This means that two or more independent programs which agree on a sequence of integers can create a series of unique child key pairs from a single parent key pair without any further communication.
Moreover, the program which distributes new public keys for receiving payment can do so without any access to the private keys , allowing the public key distribution program to run on a possibly-insecure platform such as a public web server. Child public keys can also create their own child public keys grandchild public keys by repeating the child key derivation operations:. Whether creating child public keys or further-descended public keys , a predictable sequence of integer values would be no better than using a single public key for all transactions, as anyone who knew one child public key could find all of the other child public keys created from the same parent public key.
Instead, a random seed can be used to deterministically generate the sequence of integer values so that the relationship between the child public keys is invisible to anyone without that seed.
The HD protocol uses a single root seed to create a hierarchy of child, grandchild, and other descended keys with unlinkable deterministically-generated integer values. The parent chain code is bits of seemingly-random data. The index number is a bit integer specified by the program. In the normal form shown in the above illustration, the parent chain code , the parent public key , and the index number are fed into a one-way cryptographic hash HMAC-SHA to produce bits of deterministically-generated-but-seemingly-random data.
The seemingly-random bits on the righthand side of the hash output are used as a new child chain code. The seemingly-random bits on the lefthand side of the hash output are used as the integer value to be combined with either the parent private key or parent public key to, respectively, create either a child private key or child public key:. Specifying different index numbers will create different unlinkable child keys from the same parent keys.
Repeating the procedure for the child keys using the child chain code will create unlinkable grandchild keys. Because creating child keys requires both a key and a chain code , the key and chain code together are called the extended key.
An extended private key and its corresponding extended public key have the same chain code. The top-level parent master private key and master chain code are derived from random data, as illustrated below. A root seed is created from either bits, bits, or bits of random data. This root seed of as little as bits is the the only data the user needs to backup in order to derive every key created by a particular wallet program using particular settings.
As of this writing, HD wallet programs are not expected to be fully compatible, so users must only use the same HD wallet program with the same HD-related settings for a particular root seed. The root seed is hashed to create bits of seemingly-random data, from which the master private key and master chain code are created together, the master extended private key. The master public key is derived from the master private key using point , which, together with the master chain code , is the master extended public key.
The master extended keys are functionally equivalent to other extended keys ; it is only their location at the top of the hierarchy which makes them special. Hardened extended keys fix a potential problem with normal extended keys.
If an attacker gets a normal parent chain code and parent public key , he can brute-force all chain codes deriving from it. If the attacker also obtains a child, grandchild, or further-descended private key , he can use the chain code to generate all of the extended private keys descending from that private key , as shown in the grandchild and great-grandchild generations of the illustration below.
Perhaps worse, the attacker can reverse the normal child private key derivation formula and subtract a parent chain code from a child private key to recover the parent private key , as shown in the child and parent generations of the illustration above. For this reason, the chain code part of an extended public key should be better secured than standard public keys and users should be advised against exporting even non-extended private keys to possibly-untrustworthy environments.
This can be fixed, with some tradeoffs, by replacing the the normal key derivation formula with a hardened key derivation formula. The normal key derivation formula, described in the section above, combines together the index number, the parent chain code , and the parent public key to create the child chain code and the integer value which is combined with the parent private key to create the child private key. The hardened formula, illustrated above, combines together the index number, the parent chain code , and the parent private key to create the data used to generate the child chain code and child private key.
This formula makes it impossible to create child public keys without knowing the parent private key. Because of that, a hardened extended private key is much less useful than a normal extended private key —however, hardened extended private keys create a firewall through which multi-level key derivation compromises cannot happen. Because hardened child extended public keys cannot generate grandchild chain codes on their own, the compromise of a parent extended public key cannot be combined with the compromise of a grandchild private key to create great-grandchild extended private keys.
The HD protocol uses different index numbers to indicate whether a normal or hardened key should be generated. Index numbers from 0x00 to 0x7fffffff 0 to 2 31 -1 will generate a normal key; index numbers from 0x to 0xffffffff will generate a hardened key.
Bitcoin developers typically use the ASCII apostrophe rather than the unicode prime symbol, a convention we will henceforth follow. This compact description is further combined with slashes prefixed by m or M to indicate hierarchy and key type, with m being a private key and M being a public key. The following hierarchy illustrates prime notation and hardened key firewalls. Wallets following the BIP32 HD protocol only create hardened children of the master private key m to prevent a compromised child key from compromising the master key.
As there are no normal children for the master keys, the master public key is not used in HD wallets. All other keys can have normal children, so the corresponding extended public keys may be used instead. The HD protocol also describes a serialization format for extended public keys and extended private keys. For details, please see the wallet section in the developer reference or BIP32 for the full HD protocol specification.
Root seeds in the HD protocol are , , or bits of random data which must be backed up precisely. To make it more convenient to use non-digital backup methods, such as memorization or hand-copying, BIP39 defines a method for creating a bit root seed from a pseudo-sentence mnemonic of common natural-language words which was itself created from to bits of entropy and optionally protected by a password.
The passphrase can be of any length. It is simply appended to the mnemonic pseudo-sentence, and then both the mnemonic and password are hashed 2, times using HMAC-SHA, resulting in a seemingly-random bit seed.
Because any input to the hash function creates a seemingly-random bit seed, there is no fundamental way to prove the user entered the correct password, possibly allowing the user to protect a seed even when under duress.
For implementation details, please see BIP If the wallet is encrypted, new keys are only generated while the wallet is unlocked. If a new key pair set is generated, used, and then lost prior to a backup, the stored satoshis are likely lost forever. Many older-style mobile wallets followed a similar format, but only generated a new private key upon user demand.
This wallet type is being actively phased out and discouraged from being used due to the backup hassle. Payment processing encompasses the steps spenders and receivers perform to make and accept payments in exchange for products or services. The basic steps have not changed since the dawn of commerce, but the technology has. This section will explain how receivers and spenders can, respectively, request and make payments using Bitcoin—and how they can deal with complications such as refunds and recurrent rebilling.
The following subsections will each address the three common steps and the three occasional or optional steps. It is worth mentioning that each of these steps can be outsourced by using third party APIs and services. Because of exchange rate variability between satoshis and national currencies fiat , many Bitcoin orders are priced in fiat but paid in satoshis , necessitating a price conversion.
Several organizations also aggregate data from multiple exchanges to create index prices, which are also available using HTTP-based APIs.
Any applications which automatically calculate order totals using exchange rate data must take steps to ensure the price quoted reflects the current general market value of satoshis , or the applications could accept too few satoshis for the product or service being sold.
Alternatively, they could ask for too many satoshis , driving away potential spenders. To minimize problems, your applications may want to collect data from at least two separate sources and compare them to see how much they differ. If the difference is substantial, your applications can enter a safe mode until a human is able to evaluate the situation.
You may also want to program your applications to enter a safe mode if exchange rates are rapidly increasing or decreasing, indicating a possible problem in the Bitcoin market which could make it difficult to spend any satoshis received today.
Exchange rates lie outside the control of Bitcoin and related technologies, so there are no new or planned technologies which will make it significantly easier for your program to correctly convert order totals from fiat into satoshis.
Because the exchange rate fluctuates over time, order totals pegged to fiat must expire to prevent spenders from delaying payment in the hope that satoshis will drop in price. Most widely-used payment processing systems currently expire their invoices after 10 to 20 minutes.
Shorter expiration periods increase the chance the invoice will expire before payment is received, possibly necessitating manual intervention to request an additional payment or to issue a refund. Longer expiration periods increase the chance that the exchange rate will fluctuate a significant amount before payment is received. Before requesting payment, your application must create a Bitcoin address , or acquire an address from another program such as Bitcoin Core.
Bitcoin addresses are described in detail in the Transactions section. Also described in that section are two important reasons to avoid using an address more than once —but a third reason applies especially to payment requests:.
Using a separate address for each incoming payment makes it trivial to determine which customers have paid their payment requests. Your applications need only track the association between a particular payment request and the address used in it, and then scan the block chain for transactions matching that address.
The next subsections will describe in detail the following four compatible ways to give the spender the address and amount to be paid. For increased convenience and compatibility, providing all of these options in your payment requests is recommended. All wallet software lets its users paste in or manually enter an address and amount into a payment screen.
This is, of course, inconvenient—but it makes an effective fallback option. Almost all desktop wallets can associate with bitcoin: URIs , so spenders can click a link to pre-fill the payment screen. This also works with many mobile wallets , but it generally does not work with web-based wallets unless the spender installs a browser extension or manually configures a URI handler.
Most mobile wallets support scanning bitcoin: URIs encoded in a QR code, and almost all wallets can display them for accepting payment. While also handy for online orders, QR Codes are especially useful for in-person purchases.
Special care must be taken to avoid the theft of incoming payments. To specify an amount directly for copying and pasting, you must provide the address , the amount, and the denomination. An expiration time for the offer may also be specified. Indicating the denomination is critical. Choosing between each unit is widely supported, but other software also lets its users select denomination amounts from some or all of the following options:.
URI scheme defined in BIP21 eliminates denomination confusion and saves the spender from copying and pasting two separate values. It also lets the payment request provide some additional information to the spender. Only the address is required, and if it is the only thing specified, wallets will pre-fill a payment request with it and let the spender enter an amount.
The amount specified is always in decimal bitcoins BTC. Two other parameters are widely supported. The message parameter is generally used to describe the payment request to the spender. Both the label and the message must be URI encoded. All four parameters used together, with appropriate URI encoding, can be seen in the line-wrapped example below. The URI scheme can be extended, as will be seen in the payment protocol section below, with both new optional and required parameters.
Programs accepting URIs in any form must ask the user for permission before paying unless the user has explicitly disabled prompting as might be the case for micropayments. QR codes are a popular way to exchange bitcoin: URIs in person, in images, or in videos.
Most mobile Bitcoin wallet apps, and some desktop wallets , support scanning QR codes to pre-fill their payment screens. The figure below shows the same bitcoin: The QR code can include the label and message parameters—and any other optional parameters—but they were omitted here to keep the QR code small and easy to scan with unsteady or low-resolution mobile cameras. The error correction is combined with a checksum to ensure the Bitcoin QR code cannot be successfully decoded with data missing or accidentally altered, so your applications should choose the appropriate level of error correction based on the space you have available to display the code.
Low-level damage correction works well when space is limited, and quartile-level damage correction helps ensure fast scanning when displayed on high-resolution screens. The payment protocol adds many important features to payment requests:. Allows spenders to submit transactions directly to receivers without going through the peer-to-peer network. This can speed up payment processing and work with planned features such as child-pays-for-parent transaction fees and offline NFC or Bluetooth-based payments.
To request payment using the payment protocol , you use an extended but backwards-compatible bitcoin: The r parameter tells payment-protocol-aware wallet programs to ignore the other parameters and fetch a PaymentRequest from the URL provided.
An example CGI program and description of all the parameters which can be used in the Payment Protocol is provided in the Developer Examples Payment Protocol subsection. In this subsection, we will briefly describe in story format how the Payment Protocol is typically used.