Short version:

Decentralized group of oracles publish PGP public keys, followed after a delay by the corresponding private keys. Bitcoiners can get some physical security by time locking keys needed to spend utxos by encrypting the spend keys to a PGP public key published by the oracle. In order to spend the funds, they must wait for the private key to be published. If a robber asks them to send funds, it is not possible to do so without waiting for the timeout or by some other method that is not attractive for the robber. …

Recent public comments about hardware wallet supply chain attacks have me re-thinking my setup. Here are precautions I follow when using ColdCard in a single-sig setup.

  1. Only buy ColdCard from the manufacturer, and verify the bag serial number with the device serial number.
  2. Do not trust ColdCard to derive the seed. I provide my own seed by picking 23 words at random and computing the checksum word with
  3. Do not trust ColdCard to derive the xpub. …

(For more on this topic, check out for hundreds of stories written by men dealing with chronic pain caused by their vasectomy.)

Your doctor will probably admit that chronic pain is a possible complication resulting from vasectomy, but most will say that it happens rarely, or even very rarely.

What exactly does very rarely mean?

Before you decide to have a vasectomy, stop and ask yourself what odds of chronic pain you are willing to sign up for. …

This is a rough draft in progress…

The Security Problem

In the future, block subsidy goes down. The hope is that fees will be high enough to make a 51% attack impractical and very expensive, but what if this does not happen? What if fees cannot buy enough security?

Bitcoin’s Credibility

Currently relying on inflation. Bitcoin cannot break the promise of 21 million maximum without destroying it’s credibility and value proposition. Demurrage seems like a cheat and much of the community would not go along. Questionable morality about imposing demurrage mid-flight.

Optional Security, for a price

What about an merge-mined side-chain that continues paying a block subsidy via inflation? The…

Two serious threats posed by miner centralization are censorship and selfish mining. Censorship diminishes the basic value proposition of Bitcoin as a way to control your own wealth. Selfish mining confers a competitive advantage to large miners, resulting in an undesired feedback loop of more pressure to centralize. Extreme versions of censorship and selfish mining can also be used to attack a chain, for example by mining empty blocks, or by forcing large reorgs.

Helper Blocks could be a way to reduce the threat posed by censorship and selfish mining by giving miners an additional incentive to publish solved blocks…

When miners create two Bitcoin blocks at the same height, what determines which sub-chain will come to dominate the other? Which sub-chain will be more economically important, used by more people, and have a higher price?

Usually the answer is Hashrate

Usually, the sub-chain that accumulates work fastest will become dominant, hashrate on the other chain will soon collapse, and no more blocks will be found. Nodes will quickly switch to the longer chain. The sub-chain will die.

The reason hashrate usually wins, is because usually the only important difference between the sub-chains is the hashrate, and generally speaking, people…

The Idea

Use Proof of Stake to influence which Bitcoin chain gets extended by Proof of Work in the following way. After each Proof of Work block, create a Proof of Stake block that commits to the Proof of Work block. The next Proof of Work block must satisfy a higher than normal difficulty target if it does not commit to this Proof of Stake block. As a result, mining in public takes place at a lower difficulty than mining secretly, and it is more difficult for large miners to censor transactions.

Proof of Work

Proof of Work has hardware…

A Physical Bitcoin Bearer Bond Design

Aaaaand it’s broken:

The design below is seriously flawed, since Alice always has the private keys — and once Bob spends the coins he reveals the preimage. This front-run attack plagues any lock that does not use an asymmetric key. ¯\_(ツ)_/¯


Opchip is an idea for a hardware device that enables transferring control of Bitcoin by exchanging a physical object.

Basic idea is to spend to a hash-locked output, and then transfer control of that output by giving someone a microchip that can reveal the preimage to the hash, and can prove that it has not previously…


Sealed Wallet is a hardware device that enables transferring control of Bitcoin by exchanging a physical object. It is a USB device that can do the following:

1. Generate a private key on the device
2. Sign transactions using the private key
3. Refuse to double-spend outputs
4. Prevent the private key from ever leaving the device
5. Show a list of transactions it has signed

How it’s used:

  • Alice has Sealed Wallet loaded with 100 mBTC and wishes to give 50 mBTC to Bob.
  • Alice plugs her Sealed Wallet into her phone and asks it to sign a transaction tx1 spending 50…

— — — — — — — — — — — — — — — — — — — — — —

For more stories about chronic pain resulting from vasectomy, check out

— — — — — — — — — — — — — — — — — — — — — —

Prior to my vasectomy, I was given a pamphlet that explained the risks of the procedure. I think the pamphlet does a poor job educating men and wanted to post my analysis of the statements made there. …

Ethan Scruples

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store