What is the function of LOCK(cs_main)?

Does LOCK(cs_main) pause and branach the program in order to do some necessary job before going on?

I’m trying to publish blocks reactively (as a selfish miner) upon receipt of inventory message from pfrom and react to it after *pfrom* catches up with the height of my secret block.

Following lines didn’t help/there was no reaction on selfish node’s side:
added following lines in main.cpp: after l. 3662

            pfrom->PushMessage("inv", pfrom->vPrivateInv);


OP_PICK should take the nth element from the back of the stack and take it on top:
for input
xn … x2 x1 x0
xn … x2 x1 x0 xn

I have used it in some scripts, but I’ve noticed some strange behaviour.

For instance, using the tool in:
an input script
1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3 3 3 3
and an output script
produces an error.
However 18 OP_PICK works. For 25 elements in the stack it should work in both cases.
The problem doesn’t seem to be the number 19. If I add one input
1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3 3 3 3 3
the scripts works fine.

I have tried looking at the source code, but in
around line 551 I find:

            case OP_OVER:
                // (x1 x2 -- x1 x2 x1)
                if (stack.size() < 2)
                    return set_error(serror, SCRIPT_ERR_INVALID_STACK_OPERATION);
                valtype vch = stacktop(-2);

            case OP_PICK:
            case OP_ROLL:
                // (xn ... x2 x1 x0 n - xn ... x2 x1 x0 xn)
                // (xn ... x2 x1 x0 n - ... x2 x1 x0 xn)
                if (stack.size() < 2)
                    return set_error(serror, SCRIPT_ERR_INVALID_STACK_OPERATION);
                int n = CScriptNum(stacktop(-1), fRequireMinimal).getint();

I’m not really sure how OP_PICK is implemented. Can anyone point me to the code for OP_PICK or explain the errors?

order of group of points of secp256k1

points on curve secp256k1 form a group E(Fp) over field Fp.

p = 2^256 – 2^32 – 2^9 – 2^8 – 2^7 – 2^6 – 2^4 – 1 is prime.

n is the order of group E,

Is n prime too?

Is E(Fp) a cyclic group?

Working over a finite field, the group of points E(Fp) is always either a cyclic group or the product of two cyclic groups.

How do I identify my IP address on bitnodes?

I have supposedly successfully setup a node using the Bitcoin core, but when I go to bitnodes to remotely see if the node is communicating with the network, bitnodes says i am unreachable. Bitcoin core disagrees. How can I find my node’s unique address? Using cmd to run a netstat query shows me an ipv4 address that is also unsearchable with a fluid port range (49800-49950).

Something tells me I know just barely enough about networking to be dangerous.

If port 8333 is closed, will a node relay transactions to its peers?

During a recent discussion, it was asserted that a node running Bitcoin Core behind a firewall with port 8333 closed would still relay blocks/transactions to peers. Unsolicited connections would be blocked due to the closed port, but the node itself would still relay blocks and transactions to any connected peers.

I’m looking for a good resource that settles the issue. Where can I find one?

Blockchain as a way to host truly free social website like reddit

Some time ago I started wondering: what if we create a new coin and use its Blockchain to store a website content?

Bitcoin is P2P, that way it is almost impossible to block bitcoin. Everything in the ledger is public and saved for eternity, would be good for some subreddits which were deleted recently.

What if the mining process would be just making backup of already existing specified social media websites?

Are there any similar projects, which could be used as a base?

Why is the block header 80 bytes, not 128 bytes (= two SHA-256 blocks)?

According to the Bitcoin Developer Reference, the block header is 80 bytes total:

4       version
32      previous block header hash
32      merkle root hash
4       time
4       nonce

As I understand it, the midstate (1st SHA block) contains 64 bytes of the block header (which fields in particular I do not know, but I do know it doesn’t contain the nonce), and the 2nd SHA block contains the rest, only 80-64 = 16 bytes. Does this mean the 2nd SHA block is padded with 64 – 16 = 48 bytes? If so, why not make the nonce field, for example, 48 – 4 = 42 bytes larger (i.e., 52 bytes instead of 4 bytes)?

That way, extranonce doesn’t have to be in the generation transaction, thereby speeding up hashing, no?

Bitcoin resistance against forged slow chain

I’m implementing a new protocol with a custom blockchain, and I’m trying to figure out what is the correct way to deal with the “slow chain” problem.

In the Bitcoin protocol, nodes constantly gossip the newest block and try to produce a block after it. However, it sometimes happens that concurrent branches emerge, and from time to time nodes have to perform a rollback, 2 or 3 blocks into the past.

As we know, block difficulty depends on the time differences between blocks. A malicious entity can easily forge a chain of arbitrarily many blocks by simply starting from the genesis block and producing blocks with consecutive timestamps differing by more than 10 minutes. This way the difficulty would never increase, and the chain can be produced cheaply.

Of course, as a result of this approach, timestamps in the forged chain would increase much faster than in the real chain. This would cause the forged chain to be discarded by nodes, as legal blocks must have timestamps less than or equal to current timestamp (plus/minus some tolerance).

But the problem is:

Alice controls a bitcoin node, and has 500,000 blocks in storage. Bob advertises that he has 600,000 blocks, but the last common ancestor has number 1000. Bob’s chain is a forged slow chain, but Alice does not know it. Alice wants to download Bob’s blocks and check if these are correct.

QUESTION: How can Alice detect that Bob’s chain is invalid before actually storing it?

Approach 1: A downloads all blocks after the last common ancestor with B, checks if everything is correct, and if all seems to be ok, reverts storage state by undoing block changes till reaching common ancestor, and then applying newly received blocks.

In our case, Alice would start downloading 599,000 blocks and eventually find out that the timestamp is too big. She would need to store the tentative chain in memory (possibly expensive) and check all the conditions. She would waste a lot of time, and every troll can trick her to do so.

Approach 2: A reverts the storage to the a common ancestor advertised by B, then tries to apply the blocks received from B as they come.

In our case, Alice reverts her storage back to block 1000, applies operations received from Bob, eventually discards a block with illegal timestamp, reverts back to common ancestor, and aplies the blocks she had before communicating with Bob. Again, time and resources wasted.

Approach 3: A can only revert a fixed, small number of blocks in the past. This way, B can do minimal damage, and forging a slow chain is very costly.

But in the case of a long-term network partition (split brain), the network parts would diverge and never achieve consensus on which chain is the longest. This situation would require manually removing records from storage.

Approach 4: A stores all the blocks ever observed, (including abandoned branches), and dynamically keeps track of which branch is the longest. This approach, while safe, requires a lot of storage space and is tricky to implement efficiently.

I’m leaning towards the third approach, but I’m wondering how is this being solved in various bitcoin clients.

I’ve seen that the core client stores only the longest chain and skips the orphaned blocks. The details of leveldb-based storage are described here:

What are the keys used in the blockchain levelDB (ie what are the key:value pairs)?

Thank you very much for your help.