Understanding Zerocoin

This article was first published on the Veil blog.

In this article, we’ll describe the Zerocoin protocol—one of the beautiful technologies underlying the strong anonymity you’ll find in the Veil currency.

History of Zerocoin

The Zerocoin protocol was conceived in 2013 by John Hopkins researcher Matthew D. Green1, as an extension of Bitcoin, providing for optional anonymity in the Bitcoin network. We say “optional” anonymity since the Zerocoin model involves converting public bitcoins to anonymous zerocoins, and back.

So the first concept to understand is that in Zerocoin networks, there are two types of tokens (coins)—public tokens, known as basecoins, and anonymous tokens, known as zerocoins. (Misunderstanding of this concept is a common source of confusion in networks such as PIVX, where one finds “PIV” and “zPIV” coins.)

In Veil, the on-chain coins are called Basecoin Veil, and the anonymous coins are called Zerocoin Veil. Since the Veil wallet automatically converts basecoins to zerocoins, however, the general use of “Veil” is meant to imply the anonymous coin.

(You’ll notice that for Basecoin Veil, we used the term “on-chain”, rather than “public”, since in the Veil network, Basecoin transactions are also anonymized using “RingCT” technology, but explanation of that will be saved for another post.)

The logic behind Zerocoin

Imagine we’re considering how to design an extension to the bitcoin network that would allow us to convert bitcoins to zerocoins, and then be able to spend them later anonymously.

In order that the bitcoin monetary supply remains auditable, the creation of zerocoins can’t be anonymous, i.e. when we bring a zerocoin into existence, through a process known as minting, we necessarily have to take a bitcoin out of circulation, in a process known as burning, and since bitcoin is a public token, its removal (burning) also has to be public.

Therefore, if I minted 1.73458 zerocoins—something we’ll later see isn’t technically possible, but for the moment we’ll ignore that—by burning 1.73458 bitcoins, and if the world can know, since bitcoin is public, that I owned those 1.73458 bitcoins, then the world will also know that I now control 1.73458 zerocoins.

So the challenge in a network like this is:

If my creation of zerocoins is public, how can I later spend those zerocoins anonymously?

Fixed denominations

The above example already presents the very first challenge. If I created such a precise amount of zerocoins in the past, like 1.73458, then when that precise amount of zerocoins gets spent in the future, it wouldn’t be very hard to assume that the spend came from me. Why? Because there simply won’t be very many other zerocoin address “outputs” out there holding precisely 1.73458 coins.

Considering this problem, Green may have thought, “What if zerocoins only existed in fixed denominations, like cash bills or casino chips? If there only existed denominations of, say, 1 zerocoin, 10 zerocoin, 100 zerocoin, and 1,000 zerocoin, then maybe I could design a system in which, if you spend a 10 zerocoin, the network won’t know which of all the 10 zerocoins you spent.”

This idea of fixed denominations was ultimately implemented in the Zerocoin protocol, and made to work through the concepts of accumulators and zero-knowledge proofs.


In Zerocoin networks, an “accumulator” exists for each denomination supported by the network. So if the Bitcoin network supported denominations of, say, 10, 100 and 1,000 zerocoin, it would have three accumulators.

Conceptually, most people think of accumulators as “buckets”, holding all the coins of a particular denomination. But in reality, as we’ll see later, an accumulator is actually a single number, that cryptographically embeds knowledge of the existence of each outstanding zerocoin in that particular denomination.

As you might imagine, the particular choice of denominations in a Zerocoin network has to be carefully considered, and the trade-off is between convenience and anonymity.

To understand this, consider that when I spend a 10 zerocoin token, its traceability back to me—i.e. back to my minting of a 10 zerocoin token—is a function of the total number of 10 zerocoins that exist. If there’s only five 10 zerocoins in existence, and I spend one of them, it might not take much sleuthing to figure out it was me. On the other hand, if there are five million 10 zerocoins in circulation, the problem becomes much more difficult, if not impossible.

For this reason, a network that only has six denominations would likely provide greater anonymity than one that has a hundred different denominations (all other things being equal). For the Veil network, there will exist four denominations, and hence, four “accumulators”: 10, 1000, 1000 and 10000 Zerocoin Veil.

Zero-knowledge proofs

Zero-knowledge proofs2, to most mortals, are akin to black magic. We won’t get close to the math behind them, but here’s what a zero-knowledge proof is in practice:

A ZK proof is a method by which one party can prove to another that a given statement is true, without conveying any additional information apart from the fact that the statement is indeed true.

Mind blowing, I know. Don’t get scared!

How the Zerocoin protocol works

With all that as background, we can now proceed to explain how the Zerocoin protocol works in practice.

Let’s start by walking through the process of what happens when you mint zerocoin by burning basecoin—something that happens automatically in the Veil wallet.

Burning & Minting

Say you received an incoming payment of 10.73458 Basecoin Veil. Looking at that number, your wallet would know that it can convert 10 of those to a single 10 Zerocoin Veil token. (The remaining 0.73458 Basecoin Veil would stay as Basecoin Veil in your wallet.)

To create your new 10 Zerocoin Veil token, your wallet creates a unique serial number, that we’ll call “S”, and a random number, that we’ll call “V”. Your wallet then performs what’s known as a “one-way” cryptographic calculation known as the Pedersen Commitment, that takes V and S, and computes a number called, “C”:

C = comm(S,V)

This formula simply means that “comm” is a mathematical function—the Pedersen Commitment—that takes S and V as inputs, and produces the number C as an output. It’s “one-way” in the sense that S and V can’t be back-calculated from C.

Having computed C, our wallet now “burns” 10 Basecoin Veil—taking them out of circulation—in a blockchain-recorded transaction in which the value “C” is publicly recorded.

The “10 Zerocoin Veil” network accumulator number is then updated cryptographically to embed knowledge of the newly introduced “C” value.

By burning 10 Basecoin Veil in this way, we have also “minted” a brand new 10 Zerocoin Veil token, that is associated with the recorded number “C”, which is linked to me, and to the unique serial number, S, which at this point is only known to my wallet!

Before moving on, let’s review where we are:

  • We have burned 10 Basecoin Veil in a blockchain transaction that minted the creation of a 10 Zerocoin Veil token, recorded with the number, C.

  • Since the burned Basecoin Veil is public (or for Veil, more precisely “on-chain”), the number C is publicly visible.

  • Only our wallet knows the random number, V, used along with S, in the calculation of C.

  • Only our wallet knows the serial number, S, which is the unique identifier of our particular 10 Zerocoin Veil token, among all the tokens.

Spending anonymously

Now comes the interesting part: How do we later spend those 10 Zerocoin Veil anonymously? To do that requires that the spend can’t be linked back to the mint. Let’s look at how that’s done.

When I’m ready to spend my 10 Zerocoin Veil, my wallet calculates two zero-knowledge proofs, the first of which can be used independently, and the second which can only be used in tandem with the first.

In the first ZK proof, I mathematically prove that the coin I want to spend (the 10 Zerocoin Veil) exists in the 10 Zerocoin Veil accumulator, without revealing which coin that is. Mathematically, I have to prove that the value “C” I wrote to the blockchain during my mint exists in the accumulator, without revealing the particular value of “C” I’m proving—since that would point directly back to me!

To do this, I compute the Pedersen Commitment function using C and another random value, R, that I choose and is only known to me, to produce the output Y.

Y = comm(C,R)

(The inclusion of a random number R is critical, because if I just computed comm(C) to produce Y, then by computing comm(C) on all the recorded C’s in the blockchain, you could easily figure out which C I’m proving!)

When I provide the value Y to the network, the network can validate my proof using Y and the current accumulator number to confirm that, yes, I do control a particular coin in the accumulator, but without knowing which one, i.e. the network doesn’t know which “C” I used in the computation of Y.

Then, I publicly reveal the unique serial number, S, corresponding to my particular 10 Zerocoin Veil, and provide a second ZK proof demonstrating that I know some random value V, that, in turn, proves I control the still-unrevealed “C” used in the first proof.

That’s a mouthful, but is why the second proof is only meaningful in tandem with the first.

So in summary:

  • Proof 1 proves that I control one of the coins in the accumulator, corresponding to the minting recorded with C on the blockchain, but without revealing which C that is.

  • Proof 2 allows me to reveal the unique serial number, S, corresponding to my particular coin, without revealing which burn and mint transaction, C, it corresponds to.

Or said another way:

Zero-knowledge proofs have allowed me to prove that I control a specific token among all the 10 Zerocoin Veil tokens, without any connection to the specific blockchain transaction that created that coin.

At this point, my spend transaction will be recorded on the blockchain:

  • The transaction will publicly record my unique serial value, S, so that that coin can’t be double spent in the future.

  • 10 fresh Basecoin Veil will be put into circulation and delivered to the destination address of my transaction, and my 10 Zerocoin Veil can not be re-spent due to the public recording of its unique serial number, S.

And so, through the use of zero-knowledge proofs, I have spent my 10 Zerocoin Veil anonymously!


In this article, we’ve described the Zerocoin protocol—one of the beautiful technologies underlying the strong anonymity you’ll find in the Veil currency3.


  1. See https://en.wikipedia.org/wiki/Zerocoin_protocol 
  2. See https://www.hindawi.com/journals/tswj/2014/560484/ 
  3. Thanks to Veil developer Random.zebra for helping me wrap my head around the concepts like zero-knowledge proofs described in this document, and to Veil team members for editing feedback. 

The morality of Proof-of-Work

Previously, my German cloud-hosting provider disallowed cryptocurrency mining, given that mining is a process that consumes 100% of a computer’s CPU capacity, and their virtual servers (VCPUs) share a common pool of computing resources.

Recently, however, they announced the availability of virtual servers with dedicated resources (dVCPUs), and so I emailed them asking whether, on those servers, mining is acceptable. I expected a positive response, since mining is acceptable at other dVCPU providers, but they responded that their policies on crypto mining would remain unchanged, given that:

We do actually care about our environment.

I had three immediate reactions to this, which I sent them by email:

  1. You, as an organization, are making a judgement that one use of energy is morally acceptable, while another is not. I lived in Germany for many years, and that seems contrary to the cultural value I understood, that moral judgements should be left to the individual.

  2. There is a valid argument to be made that the benefits to humanity of a censorship-proof form of money justifies the energy required to provide for that censorship resistance. More energy efficient mechanisms have been proposed (PoS, etc.), but nobody can say with absolute certainty whether they will ultimate prove to be equally secure. The global market, however, continually casts its vote, and for the moment, it trusts Proof-of-Work.

  3. You are a private organization, and I respect your right to implement any policy you want. So don’t interpret the above as any kind of insistence that you change.

I’d like to ask you, the reader, for your opinion. Should hosting providers disallow crypto mining, on the moral arguments around justified use of energy?

Introducing WhyPIVX.com

Today I’m happy to announce the launch of a new website, and my team’s first contribution to the PIVX project — WhyPIVX.com. This article explains why we created it.

PIVX needs a website addressing the first-time visitor

I recently sent a friend who’s new to crypto to the PIVX website, where he was met with the following message, front-and-center:

NEW MANDATORY WALLET UPDATE Must update wallet now.

We all know how important first impressions are, and his was that perhaps the project is experiencing some kind of crisis. Within the home-page rotating slider, other messages he could have been met with include:

  • “Zerocoin+PIV. Privacy meets Proof of Stake.” — He would have no idea what any of that means.

  • “Built on Bitcoin Core. First Proof of Stake currency to use 0.10.x Bitcoin core at launch. Now updated to 0.15.x” — He would have been completely confused by that.

  • “Incognito. PIVX is the first truly anonymous PoS crypto-currency by utilizing Zerocoin Protocol as our Transaction Protocol” — He’d know what incognito means, but would have no idea about any of the rest.

  • “60 second block time. Already very fast, PIVX transactions using SwiftX are near instant with ZERO confirmation wait time required.” — He wouldn’t know what “block time” means.

The most important visitor to the PIVX website is the one who knows little about PIVX. Why? Because they are a potential new customer—if we can convert them. I don’t think we have are optimizing our chances of converting them with the current messaging.

To that end, the highest priorities of the website should be to:

  1. Communicate what PIVX is, in terms that assume as little technical (and acronym) familiarity as possible.

  2. Motivate them choose PIVX.

  3. Provide them with calls to actions which anticipate what they’ll want to do next.

My goal with WhyPIVX.com was to create the website I believe should be the first point of contact between a potential new customer, and the PIVX project.

Build credibility

The second reason for building the site was to try to create credibility for my team within the PIVX project, since there’s a couple of projects we’d like to pursue:

  1. First, we’d like to build a desktop wallet for the masses. Not only would it be the best wallet in all of crypto, it would incentivize, especially new users, to choose PIVX.

  2. Second, we’d like to build a PIVX website that improves on the current information architecture, copywriting and design, as well as improving technical infrastructure.

Since I can’t present the professional work of my team without compromising my privacy, I wanted to actually build something that could serve as a taste of the quality we’re capable of producing.

Introducing WhyPIVX.com

With that as background, let’s talk about the WhyPIVX.com website. The following were our goals:

  • We wanted tight and concise content, that communicates what PIVX is, as well as the tent-post aspects that collectively make PIVX unique among crypto currencies, in terms likely to be understood by as broad an audience as possible.

  • We want it to be initially text based, and particularly mobile friendly, so that the initial experience will be as fast as possible, and accessible on all devices.

All in all, we’re quite happy with the way it turned out. Technically, it’s built with Jekyll, a static site generator, and uses pretty much plain-vanilla HTML, CSS, JavaScript and SVG graphics.

Check it out today:


We hope the PIVX project likes, adopts and promotes the site!

PIVX and the importance of privacy

Costly compromises in privacy always start innocently

Some years ago, the government of the country in which I reside passed a law requiring residents to declare their financial accounts located in foreign countries. Ostensibly, the purpose of this law was to support a new “wealth tax”—a small tax levied on one’s worldwide assets.

Although the wealth tax was economically trivial, failure to accurately report on such accounts would result in draconian fines, as well as potential criminal proceedings. Residents were assured by the government that their knowledge of these accounts would not be used for other purposes, but the imbalance between benefit of purpose and consequence of non-compliance felt ominous.

Later, as a resident with financial activities in other countries, I was subjected to a tax audit, which concluded in the revenue service making a claim against me that was contrary to international law, and the only way I could defend myself would be through appeal to international court. Not only would that path be expensive and complex, but if I chose to pursue it, the law required first paying the claimed amount, and then trying to have it returned through a reversal in court.

The revenue service pointed out that I shouldn’t bother even trying to argue that I don’t have the funds to pay, because they have access to the information I’d previously reported regarding foreign accounts.

Costly compromises in privacy always start innocently.

Governments love cryptocurrency

Having knowledge of a resident’s foreign financial accounts is useful to governments, but it’s not, in their perspective, ideal—because they don’t yet have systems in place to monitor the activities of these accounts, and information exchange between western countries is not yet complete.

For those reasons, governments still have to rely on their residents to accurately update their records periodically. Where I live, these records have to be updated annually, and reported changes of balance can be investigated.

While your first instinct might be that governments would fear a situation in which its residents begin shifting wealth from traditional financial institutions into crypto currency, they actually love the idea. Why? Because if they know the addresses on which you hold crypto wealth, they can perfectly monitor incoming and outgoing movements themselves on the blockchain.

And for that very reason, the country where I reside is discussing new laws requiring its residents to declare all addresses on which they hold crypto currency. And failure to provide those addresses, on an ongoing and complete basis, is subject to the same draconian fees and potential criminal proceedings as those covering the current foreign accounts reporting requirements.

PIVX and privacy

The fundamental currency of the PIVX network is the PIV, which is as transparent on its blockchain as bitcoin. The PIVX project, however, was born out of the importance of privacy, and implemented something called the “zerocoin protocol” that allows PIVX users to convert their publicly traceable PIV to and from a currency called zPIV, within their PIVX wallets.

The zPIV holdings of a PIVX user are anonymous. They are not associated with any addresses on a blockchain, and therefore can’t be viewed or monitored. Nobody other than the PIVX user themselves have visibility into their zPIV holdings.

And with this week’s release of PIVX version 3.1, the project further promoted privacy, by incentivizing users to convert their holdings to zPIV, as those anonymously held funds now earn an attractive rate of (anonymous) interest—upwards of 6% per year!

This capability has tremendous benefit for someone like myself. Specifically, if I hold wealth in zPIV, I can—without perjuring myself and becoming a criminal—refuse to provide any government with blockchain access to monitor that wealth—on the basis that it’s not technically possible. That is pretty profound.

Today, the community of people in the developed world directly affected by loss of privacy may be relatively small. But the world is changing, societies continue to cede privacy in the name of other values such as security, and the unexpected consequences of these sacrifices usually become apparent only once its too late.

For that reason, I’m thankful for projects like PIVX that work to provide individuals with the tools and technologies that support self-sovereignty and individual freedom.

Introduction to zPIV and zPIV staking in PIVX 3.1

One of the most exciting new features in PIVX 3.1 is the ability to privately stake zPIV, in addition to PIV. The term used by the project for zPIV staking is zPoS—which means “zPIV Proof of Stake”.

For existing PIVX users upgrading to 3.1 (currently at “build version”, perhaps the most common question will be, “How do I switch to zPIV staking?” This article attempt to answer that. We’ll begin with a refresher of some basics, though, and then get to earning rewards through staking!

Is zPIV a “coin” that’s different than PIV?

PIV is the coin/token/currency of the PIVX network. zPIV is also a token supported by the network, and in that regard, we’ll use the term “coin” in this article. Technically, it’s a “state” of the PIV coin, but since that can be a little hard to imagine, the PIVX project encourages people to think of zPIV conceptually as “casino chips”, i.e. something anonymous you switch into and out of from PIV, on a one-to-one basis.

(And for an essay on why that privacy capability is important, have a read of this.)

Can I transact in zPIV?

Absolutely, that’s the whole point — you can send and receive zPIV anonymously! Keep in mind, though, that although you may send someone zPIV, the recipient always receives and equivalent amount of PIV, not zPIV. On the blockchain, these received PIV appear as if they were just created. They have no history, and no information about the sender is revealed.

For me personally, I like to think of my PIV holdings as my PIVX “Checking Account”, and my zPIV holdings as my PIVX “Private Savings Account”.

What exactly is staking?

In a “Proof of Stake” network like PIVX, transaction blocks produced by the network are validated by the wallets of everyday users like you and I. For that reason, your staking wallet needs to be continually running, and connected to the internet!

When the network needs a new block validated, it randomly chooses a wallet for the job, and then awards some PIV to that wallet for its work. That’s how you earn PIV through staking! This is more energy efficient, and results in wider distribution, than miners in a “Proof of Work” network like Bitcoin.

Is staking safe, if I have to leave my wallet open?

Leaving your wallet open for staking is safe, as long as you have enabled “wallet encryption”. When your wallet is encrypted, any attempt to initiate a transaction will require the encryption password.

To unlock your wallet for staking, do “Settings” → “Unlock Wallet…” and before entering your wallet password, enable the “For anonymization and staking only” setting.

Why should I stake zPIV instead of PIV?

There are two main reasons:

  • Privacy — Like casino tokens, zPIV coins are completely anonymous, due to the “zerocoin protocol” on which they are based. Staking zPIV coins is likewise anonymous.

  • Higher earnings — While PIV staking remains an option, zPIV staking results in higher rewards, as 3 PIVs are awarded to zPIV stakers per validated block, as opposed to 2 for PIV stakers.

How much can I earn?

Staking wallets are chosen for block validation and rewards randomly, but weighted by the amount of coins being staked, and the time during which they have been staking. This incentivizes people to stake more, and stake consistently.

In general, though, it’s estimated that over the course of year, zPIV stakers will earn roughly 6.5%, while PIV stakers will earn 5.0%.

Can I stake both?

Yes! While staking is enabled in your wallet, both your PIV and zPIV balances will be earning rewards.

If I’m staking zPIV, do I receive zPIV as a reward?

Yes, the rewards are paid anonymously in zPIV.

How do I convert my PIV to zPIV

To stake zPIV, you need to convert your exiting PIV.

  • Manually — You can convert your current balance of PIV to zPIV manually by doing clicking the “Mint Zerocoin” button within the “Privacy” tab.

  • Automatically — You can make sure future received PIV are converted automatically to zPIV by enabling this setting. This includes both PIV sent to you by others, and PIV you earn through staking. If you wish to always retain a balance of some PIV, you can set the percentage you want automatically converted.

If you’ve currently been staking PIV, you might have configured the old wallet to disable zPIV creation with the enableautomint=0 setting in the pivx.conf file. If you’ve done that, don’t forget to remove that line and restart the wallet!

What is the option for the “preferred denominations” about?

Unlike PIV, which can exist as very small fractions, like 0.054, zPIV coins can only exist in certain whole denominations, like 1, 5, 10, etc. In the PIVX wallet settings, you can specify the smallest denomination you want to hold in your wallet, and this setting will influence the staking rewards you receive.

A larger denomination has a slightly higher probability of being chosen for a staking reward than a smaller denomination. However, once an “input” has been chosen for a staking reward, it doesn’t become available again for 220 blocks. The reward amount is fixed, however, regardless of the staking size. So even a 1 zPIV input, if chosen, would receive the same reward as a 5k zPIV input.

Imagine you held 5,000 PIV, and were thinking through your options for this setting. If you chose “5000” (and ignoring that there are some fees involved in the conversion process), you’d end up with one 5k input available for staking. That input would have the highest possible probability of being selected, but once selected, you’d have to wait 220 blocks to be eligible again.

If you set the auto mint denomination to 1k, then you’d have five available inputs for staking, each of which would have a slightly lower probability of selection than a single 5k input. However, when one of your inputs gets selected for reward, you still have four available for reward while the original one is waiting 220 blocks for its availability again.

I can’t find any analysis that has been done to determine the optimal strategy. In my case, I’m going to set the denomination amount to 1,000 and see what happens. I may play around with the setting from month to month, to try to determine how it affects the rewards.

For most people, though, the “Any” option should be just fine. In any case, this setting isn’t anything to stress about. 🙂

Go download 3.1 and get started!

And with that, we bring this article to a close. Be sure to download PIVX 3.1 now, and get to earning rewards through zPIV staking today! And if you have any questions, there’s a friendly team waiting for you in the #support channel of the PIVX Discord.

An introduction to PIVX and a proposal to help its user experience

In this article, I’m going to introduce the PIVX coin, along with its associated network, and propose some ideas for helping it become a leading cryptocurrency.

The history of PIVX

As readers will know, Bitcoin has some privacy deficiencies. For example, when you make a transfer, you expose the full balance of BTC held on the source address(es) used in the transaction.

DASH forked from Bitcoin, in order to (among other reasons) introduce the masternode-facilitated PrivateSend feature, which, in mixing transactions, provides some level of privacy through obfuscation.

Concern remained among some, however, that obfuscation can’t protect your privacy if someone with the resources of a nation state wants to determine who’s behind a transaction. To address this, PIVX forked from DASH with the goal of providing for deeper anonymity.

At the time of this writing, the project is within days of releasing version 3.1 of PIVX, and achieving both the goals of providing anonymous privacy, as well as providing the incentive for people to use those facilities.

The PIV and zPIV coins

The original coin of the PIVX network is called PIV. Transacting with PIV is similarly public to Bitcoin and DASH (without PrivateSend), in that all PIV transactions can be explored and traced on its blockchain.

The PIVX project innovated in the creation of a second coin supported by the network, called zPIV, which, existing in discrete denominations like casino chips, is truly anonymous.1

Using the project’s wallet, one can privately convert PIV into zPIV, and transacting in zPIV is completely anonymous for the sender—meaning that while the blockchain reveals that a certain number of PIV arrived at a public PIVX address, no information about the sender is revealed. (And if the recipient of those PIV then converts them to zPIV, their forward-going history will also remain private.)

The incentive to be private

With the forthcoming version 3.1 release of the PIVX wallet, network users will be incentivized to maintain their PIV holdings in the private zPIV format. For those who leave their wallets open, any zPIV balance can be “staked”, and earn PIV rewards.

What does this mean? PIVX uses a consensus algorithm called “Proof-of-Stake”. Unlike the Bitcoin “Proof-of-Work” network, in which miners validate new transaction blocks, in the PIVX network, “staking wallets” are randomly chosen to validate new transaction blocks, every 60 seconds. A given wallet’s chances of being selected for validation of a given block, and earning a reward, are increased as a function of the number of coins it holds, and the time over which it’s been staking those coins.

For each block that is validated, the network creates five new coins. If the validating wallet is staking zPIV, then it will receive three PIV, and a randomly selected masternode will receive two. If the validating wallet is staking PIV, then it will receive two PIV, and the selected masternode will receive three.

(There is a possibility of a sixth coin being created and awarded to the PIVX Treasury, which we’ll get to in a minute.)

So with the release of version 3.1 of the wallet, PIV holders will be incentivized to convert to zPIV, and through staking of those zPIV, participate in securing the network and earn rewards. I’ve been staking PIV for a while, and have earned close to 5% interest—considerably better than a USD savings account—and this should only improve with the release of version 3.1.

The tendency among people, especially in the US, is to give up their privacy under the idea they have nothing to hide. Trying to mass educate is a lost cause. But incentivizing people to be truly private, without having to convince them of the need for that, is a beautiful artifact of the zPIV staking system.

The PIVX Treasury

PIVX has a governance system in which anyone can make a proposal, and if accepted by vote of the masternode operators, the proposal can get funded. If an accepted proposal exists on the network, and is not fully funded, then a sixth coin will be created during each block validation, and transferred to the PIVX Treasury. This will happen until the Treasury holds enough PIV to fund all accepted proposals.

What does this facilitate in practice? When visiting the PIVX Discord, you’ll find support staff who are paid to help users with their questions. You’ll notice ongoing marketing activities that are funded through the Treasury. The developers themselves are paid for proposals to maintain and extend the system.

The PIVX Treasury system represents an elegant, decentralized, democratic method of funding the long-term maintenance and advancement of the platform.

The PIVX economy

Each time a PIVX transaction block is validated, up to six new PIV are created. In this way, PIVX is inflationary. Each time a PIVX transaction occurs, however, the transaction fees are burned (destroyed). In this way, PIVX is deflationary.

Whether the network is in aggregate inflationary or deflationary depends on the networks transaction volume, but we can see that by design the network isn’t ever inflationary—which is a good thing economically.

Where are we, and what’s the problem?

Considering the capability of privacy and anonymity, the ability for anyone to help secure the network and earn interest, the governance system and treasury, the sound economic model and the vibrant community, I’m optimistic that PIVX has the ingredients necessary to establish itself as a leading store of value and medium of exchange.

The current market cap of DASH is $2.8 billion, while the market cap of PIVX is $211 million. Just moving closer to DASH would represent a major return for PIVX investors today.

Not only are there structural reasons to make this happen—i.e. I know of no other cryptocurrency that offers what PIVX offers—there’s also a large economic incentives.

In my view, getting from where the project is today, to where it needs to be, fundamentally depends on positioning PIVX for the coming wave of new entrants to the crypto markets. These are people without much knowledge, and possibly not much interest, in how cryptocurrencies and blockchains work. But they are very interested in the benefits that crypto offers to them.

So what are the problems? In my opinion, the following needs to happen, in order of importance:

  1. Engagement and interaction — PIVX needs to deliver an amazing user experience in the wallet for the forthcoming wave of new users, and in this regard, it needs to expose interaction concepts in familiar terms those particular users will understand, and be comfortable with, if not excited about, engaging with. In particular, and fundamentally, the wallet needs to address the confusion those new users will likely have in understanding the differences between PIV and zPIV. I’ll expand on this in the next section.

  2. Positioning and information — This pertains to the PIVX website. The current website, in my opinion, overemphasizes the technology, e.g. “Zerocoin + PIVX = Privacy Meets Proof of Stake” (unintelligible without a lot of work), “Built on Bitcoin” (confusing), “60 Second Blocktime” (unintelligible without a lot of work), and its styling is consistent with that technology focus. I believe the coming wave of new users should be greeted by a friendly website that, in a friction-free way, explains the benefit of PIVX to them, in terms they can understand, and unequivocally motivates and helps them to get hold of, and use PIV. Of course, the technology details should be discoverable, but only for those motivated to look for them. I think the Stellar project do a good of this. Finally, the current website seems to be built on WordPress, using the popular DIVI theme. For a project of this importance, and given the various purposes it will eventually serve should the currency become mainstream, I would suggest building it on the developer-friendly CraftCMS.

  3. Branding — The current PIVX logo is typeset in capital letters. Perhaps that was chosen since it’s an acronym for Private Instant Verified Transactions. I believe a friendly, warmer, more engaging feeling would be transmitted to new users if the letters were set in lower-case, i.e. pivx. That feels cute, and sticky to me, and could look beautiful with a well-designed text treatment. Secondly, I think it would be great if the project’s logo could somehow transmit the dual-coin nature of the network, in order to help users become accustomed to this core concept.

The wallet experience

The first solution that comes to mind, to provide the experience that anticipates the context, background and needs of the wave of future PIVX customers (and benefits the current ones as well), is to introduce the metaphor of two “accounts”, presented in familiar terms, like “PIV Current Account” and “zPIV Private Savings Account”. With a simple distinction like this, we can communicate the potential for earning “interest” without having to introduce complex concepts like “staking”, and communicate that interacting with that account is the “private” part of the overall system.

This is just a starting point. There will be lots of challenges to address, including:

  • The wallet should include an on-boarding experience for first-timers, helping them understand how thing work, and where to purchase PIVX if they don’t have some.

  • It should address the potential confusion users may have with the concept that an account can have multiple addresses, and nail the UX around that.

  • The wallet needs to communicate that it has to be open to earn interest. As part of that, the wallet needs to communicate that it needs to be encrypted to make earning interest something that is safe.

  • To reinforce the the above, the wallet needs to clearly indicate when the Private Savings Account is earning interest (and not with an indicator that the “wallet is staking”.)

  • The wallet needs to communicate that earned interest is a statistical event, and, while we can report an average rate they can expect, emphasize that it will fluctuate.

  • We can build on the dual accounts metaphor, emphasizing that mobile wallets are extensions of the PIV Current Account. (Color differentiation between the accounts could help with this.)

  • Anticipating that people may want to store their wealth in zPIV, we’d want to ensure a means of hiding their balance (since the wallet will always be open.)

  • The wallet needs a UI hierarchy that only exposes advanced concepts like masternodes to those specifically searching for them.

  • Lots, lots more.

How can I help?

I’m associated with a world-class group of product designers, developers, and copy-writers, that is capable of delivering on the above points 1 and 2. Most of our work is for customers in the Bay Area, and our costs are consistent with that environment.

We could definitely contribute 100x in terms of the critical wallet user experience, and associated website, from where the project is today. (And based on my experience with many Qt wallet, it would be the best crypto wallet in existence.)

If the PIVX community believe that what I’ve outlined above could help establish PIVX as a leading cryptocurrency, and believe the investment would be worthwhile, then we would make the effort to submit a proposal for funding as part of PIVX Treasury activities.

  1. The nitty-gritty of zPIV can be found here

How to calculate mining profitability

In this article, I’m going to walk through an example of how to calculate mining profitability.1 It’s important to make this calculation when considering the rental of hashpower. In this example, I’ll be looking at the Haven Protocol coin, $XHV.

Calculating our breakeven cost

Platforms that rent hashpower usually specify the price in BTC per unit-of-hashpower per day, where unit-of-hashpower is whatever makes sense for the particular coin. In the case of $XHV, which uses the cryptonight-heavy algorithm, the hashpower unit is KH/s, or kilohash per second.

So what we want to determine is the breakeven cost of mining in units of BTC per KH per day.

We start with the data available at our pool. Almost all pools operate the same user interface software, so you’ll nearly always see a screen like the following, regardless of the coin you’re mining.

Now let’s make our calculation, assuming all variables stay constant over a period of a day (which they won’t, but we’ll get to that later). Remember, what we’re trying to calculate is the revenue in BTC per KH/s per day.

  1. Blocks per day — Our pool estimates finding a block every 11 minutes. There are 1,440 minutes in a day, so our pool should find 1440/11 = 131 blocks per day .

  2. Blocks per hashpower — Our pool has a total hash rate of 872.4 KH/s, which means our pool will be finding 131 blocks/872.4 KH/s = 0.1502 blocks per day per KH/s.

  3. Reward per block — The Haven network is currently rewarding 32.6 $XHV per found block.

  4. Earned coins per day — For each KH/s of hashpower, we’ll therefore be earning 0.1502 blocks/day * 32.6 XHV/block = 4.90 XHV/day. (You can double-check this number using the pool’s calculator, but it’s good to understand how it’s determined.)

  5. Revenue per day — For each KH/s of hash power, we’ll therefore be earning 4.9 XHV/day * 0.00007329 BTC/XHV = 0.000359 BTC/day

And there we have it, our breakeven hash power cost for mining $XHV on this pool is 0.000359 BTC/day.

Should we rent hashpower?

With that figure in hand, let’s go see if it makes sense to rent hashpower to mine this coin. At one site, here are the rigs which are currently available for mining the Cryptonote-Heavy algorithm:

As we can see, the lowest cost per KH/day is 0.00049 BTC which is above our breakeven cost. Therefore, it would not be profitable to mine this coin.

So the only case in which it’d make sense to rent hashpower to mine this coin, under these conditions, would be if we couldn’t outright purchase the coin elsewhere, and we expected the price to appreciate.

What can change?

Let’s imagine you’ve made your analysis, the rental cost is below your breakeven point, and you’ve booked a day of hashpower. What can change?

  • Your pool’s net hash rate can change as other miners enter and leave. An increase in hashpower should result in more blocks being found by your pool per day. Likewise, a decrease in hashpower should result in fewer. In the former, you’ll be receiving a lower percentage of a higher number, and in the latter you’ll be receiving a higher percentage of a lower number, and hopefully the result would be net-neutral for you.

  • My understanding is that proof-of-work networks dynamically adjust the mining difficulty in order to keep the average block discovery time constant. That’s how we can pretty accurately predict when the last bitcoin will be mined, as its average block time should remain 10 minutes. In the Discord chats, some claimed to have heard of coins that change block times. If that’s the case, then such a change during your rental period could affect the breakeven cost.

  • The market value of the coin could change as well, which, everything else remaining equal, would either raise or lower your breakeven cost.

  • Finally, the value of the denominating currency bitcoin could change.

So the breakeven calculation is an initial condition that could change during the term of your rental, and so the difference between what you’re paying and your breakeven represents a margin of sensitivity to those changes.


As you’ll have noticed from my previous articles, I’m transitioning from the world of traditional investing, to the world of crypto investing, and in the process am doing a lot of hands-on learning to make sure I understand the ins and outs of this space.

Through this blog, and for the benefit of new entrants to this space, I hope to write articles that simplify some of the complex topics that I’ve struggled with, including details that many others have glossed over or left out entirely.

I hope you’ve enjoyed this one about mining profitability, and if you have any questions or feedback, don’t hesitate to leave a comment below or email me through the contact form.

  1. Shout out to Haven Discord user @tomfer and legendary miner @notsofast for their help with this article. 

Beginner’s guide to setting up and operating a masternode

In a previous article, I discussed three options for earning passive income in the crypto space, one of which was the running of a masternode.

When I first got into crypto, running a masternode seemed like something beyond my level of expertise. What I eventually discovered, though, was that the problem wasn’t my level of expertise; instead, it was knowledge assumptions made by tutorial authors, and the glossing over of important concepts and details.

In this article, I’m going to explain the basic concepts, and walk the reader through the detailed setup of a masternode, such that he or she will hopefully be able to do the same with minimal assistance.

In short, this is the article I wish I’d had, when getting started!

Fundamental concepts

A masternode provides services to its blockchain network. For example, PIVX masternodes facilitate transactions that are private. Operators of masternodes are required to stake, or lock-up, a specific number of coins. As compensation, masternode operators receive periodic rewards.

Since a masternode is an operational component, and therefore needs to be available at all times, it’s usually best to run a masternode on a virtual private server, or “VPS”.

Since storing your coins on an internet-connected server wouldn’t be a good idea, masternoding allows you to store your locked-up coins offline on your local machine, in the project’s wallet.

Overview of the process

Following is a high-level overview of the procedure for setting up a masternode:

  1. Setup a VPS — Create a VPS, and install the blockchain project’s node software.
  2. Setup a local wallet — Download and install the project’s wallet on your local computer.
  3. Send some coins to yourself — Transfer the project’s minimum required coins into the local wallet. In the case of PIVX, that’s 10,000 coins. Within the local wallet, create a new receive address, and send the required number of coins to that address. By sending precisely this number of coins to a new address in the local wallet, it will recognize the availability of those coins for masternoding.
  4. Generate a private key — Within the local wallet, generate a masternode private key.
  5. Tell the local wallet about the server — Add your masternode private key, along with some other data, to your local masternode configuration file.
  6. Tell the server about the local wallet — Add some information, including your masternode private key, to the server’s configuration file.
  7. Restart everything — Restart the server software and local wallet, and enable the masternode.

Conceptually, that’s it! We’ll now walk through the detailed process of setting up a PIVX masternode. Once you’ve done this for one project, it’s almost trivial to do it for any other.

Before moving on, here’s a couple additional points to mention:

  • While masternoding, your staked coins will be locked up in your local wallet, unavailable for spending.
  • If your project supports staking, like PIVX does, any surplus coins in your local wallet can still be used for staking. (That would require your local wallet to be permanently online, however.)
  • You can support multiple masternodes with a single local wallet, by following the same procedure outlined here, but on a new receive address, and a new VPS.

Setup a VPS

To run a masternode, you need a VPS with at least 1GB of memory, which means you can select the $5/month option at a provider like DigitalOcean.

Two important points when setting up your server:

  1. Be sure to choose Ubuntu as the OS, so we can connect it to ServerPilot.
  2. Be sure to include your SSH key in the process of creating the server, so you can later login as root without a password. (For my masternodes, I just use the root user.)
  3. Be sure to enable automatic backups. This adds about 20% to the server cost, but is worth it.

Connect the VPS to ServerPilot

ServerPilot is a great service, which connects to all your VPSs, and maintains them with security updates and patches for free, allowing people like me, with little system administration skills, to operate servers. (Beyond security updates, you can use ServerPilot to setup and mangage WordPress and PHP sites, and the paid version gets you SSL, graphs and other features.)

Although ServerPilot promotes their integration with DigitalOcean, they actually can manage any Ubuntu server, such that if you choose another VPS provider, as long as you install Ubuntu, you can have ServerPilot manage it.

When connecting a new server at ServerPilot, you’ll see the following screen. If you added your SSH key to your DigitalOcean server, then by default root password login will be disabled, so you’ll need to check that box.

Submitting the form, you’ll then see a screen containing some unix commands:

Copy the complete contents of the unix commands to your local computer’s clipboard, and then paste them into your VPS, after logging in as root:

ssh [email protected]<vps_ip_address>

After pasting in your ServerPilot commands, you’ll soon see the ServerPilot website screen come to life with an indication that your server has successfully phoned home, and you’ll watch as ServerPilot completes its setup.

BTW, if you decide to use ServerPilot, and like this article, consider signing up with my referral link, and I’ll get a small credit on my account there.

Install a local SFTP client

For local editing of the remove VPS files, we’ll want to use a local SFTP client. On my Mac, I use Transmit. Be sure to create and test a connection to your VPS, logging in as root.

Install and setup the local wallet

Download and install your project’s local wallet software, which, as a general curiosity, is usually based on the “Qt” framework. Launch it and do the following:

  • Allow it to fully synchronize with the network.

  • Encrypt your wallet by going to the menu Settings → Encrypt Wallet

  • In the wallet options area of the settings, enable the “Show Masternode Tab” and “Coin Control”:

  • Be sure to backup your wallet file with the menu File → Backup Wallet.... Remember that most Qt wallets are not hierarchically deterministic, so you’ll need to create a new backup whenever you create a new receive address.

  • Finally, be sure that your wallet has, at least, slightly more than the minimum required coins for your masternode, e.g. 10,001 for PIVX (which requires 10,000).

Setup the masternode

Now we get to the fun part! I’m going to walk you through the process of setting up a PIVX masternode. Although the terminology may slightly differ in other projects, the approach should be nearly identical.

Step 1: Generate a new receive address

In the local wallet, enter the “Receive” tab and create a new receive address by entering any label you like, and clicking the “Request Payment” button.

On the next screen, click the “Copy Address” button, to copy your new address to your clipboard.

Step 2: Send coins to yourself

In the local wallet, enter the “Send” tab, and paste your receive address into the “Pay to” field. If you copied and pasted it correctly, the label you previously created will appear in the label field.

Step 3: Generate your private key, transaction hash and index

In this step, you’re going to generate three pieces of data you’ll need related to your new masternode. For all of these, you’ll need to be in the local wallet’s “Debug Console” which you can get to from the menu, Tools → Debug Console

First, generate your masternode private key, with this command:

masternode genkey

…after which you should see a long string appear, which is your private key:

Note down the private key, as you’ll need it later.

Next, generate the transaction hash and index that serve as proof of the transfer of coins you made to yourself:

masternode outputs

You’ll then see something like this:

Note down the transaction hash and the index, as you’ll need them in the next step.

Step 4: Update your local masternode configuration file

We’re now going to enter some information into our local masternode configuration file, that will allow our wallet and the server software to recognize each other.

To open the masternode configuration file for editing, access the menu Tools → Open Masternode Configuration File. In that file, you’ll want to add a single line (for each masternode you run), in the following format, with all fields separated by a space:

<mn_name> <vps_ip>:<port> <private_key> <trans_hash> <index>


  • mn_name — is any name you want.
  • vps_ip — is the IP address of your VPS.
  • port — is the port on which your masternode will communicate with others. This will be project specific; for PIVX it’s 51472.
  • private_key — is the masternode private key you generated earlier.
  • trans_hash — is the transaction hash you generated earlier.
  • index — is the transaction index you generated earlier.

For PIVX, my masternode configuration file might have a line like this:

mn1 123.456.789.012:51472 Lkj23lkj438s9d78sdf879sd0980fsdf0s98sad9a87dadsa9ds Dfg98d7f9d7f9g79d7gd97gdfs09d8f0s8df6d876sd87fs8s8df8df8g0d8s08d 0

Before moving on to the next step, be sure to also do the following:

  • Quit and restart your local wallet.
  • Unlock your local wallet with the menu item Settings → Unlock Wallet...

Step 5: Install the project node software on your VPS

We’re now going to download the project’s node software to our VPS. After logging in as root, make sure you’re in your home directory:

cd ~

Now we need to download the software. You’ll want to find the URL to the x86_64 linux version, for the latest release of the project’s software. You can find that by visiting the project’s GitHub repository, and navigating into the “Releases” area.

Once you have the URL, use the unix wget utility to download it. The command will look something like this:

wget https://github.com/project/releases/download/project-x86_64-linux-gnu.tar.gz

When the download finishes, unpack it with a command like this:

tar -zxvf project-x86_64-linux-gnu.tar.gz

Step 6: Understanding the project’s software

Before moving on, let’s quickly overview some relevant bits and pieces of what you just downloaded. Once you’ve unpacked and run your project’s node software—and don’t worry, I know we haven’t run it yet!—we’ll be working with the following directories, utilities and files:

  • Executables directory — This is where the project’s application software resides. For the current version of PIVX, it’s:


  • Server daemon — Located in the executables directory, this is the actual server application, and almost always end in ‘d’, since it’s known as a daemon. For PIVX, it’s:


  • Command-line interface — We’ll use this application to interact with the daemon, e.g. telling it to shut down, or asking for its status:


  • Data directory — This is where the software’s configuration files and local data are stored. For PIVX, it’s:


  • Project configuration file — Located in the data directory, this is the file that contains the configuration for the application software. For PIVX, it’s:


There are many other files in the data directory, but for masternoding according to this procedure, we won’t be interacting with them.

Step 7: Configuring the server software

We’ll now configure the server software.

Since we haven’t yet run the software, we’ll start it, so that it will create its data directory:


This should fail, since the data directory wasn’t present, and therefore no configuration file would have been found. If it doesn’t, you can quit the server software with ctrl d

We’ll now use our local SFTP clientTransmit, in my case) to connect to the server, and open the project configuration file for editing:


What goes in the configuration file might vary slightly from project to project, but here’s the PIVX contents (with some placeholders):


Here’s what you need to know:

  • rpcuser — This can be any random string, e.g. pivxmasternode
  • rpcpassword — This can be any random string, e.g. ju83FRT98Iuh64
  • masternodeaddr — Your VPS IP address is followed (after a colon) with your project’s port. This is the port on which your masternode will communicate with other members of the network.
  • masternodeprivkey — This is the masternode private key you generated earlier. It allows authentication between your local wallet and your masternode software.

Once you’ve finished editing your configuration file, save and close it.

Step 8: Start your masternode

We’ll now start the masternode on both the VPS, as well as our local wallet.

  • On the VPS, we start the daemon software:


  • In the local wallet, in the Masternodes tab, right-click on your masternode entry, and choose Start Alias.

Step 9: Check the masternode status

After step 8, you should allow some time, perhaps 20 minutes or so, for everything to sync and settle, after which you can check the status of things both on the server and the local wallet.

On the server, we’ll interact with the command-line utility:

~/pivx-3.0.6/bin/pivx-cli masternode status

If things are OK, we’ll see Masternode successfully started:

In the local wallet, in the Masternodes tab, we should see our masternode with a status of Enabled:

If everything looks good, congratulations, you’re now running a masternode!

  • You can now close your local wallet, as it doesn’t need to remain open.
  • Depending on the project, you should soon start to see rewards flowing into your local wallet. (For PIVX, it can take four or five days.)

Miscellaneous topics

Before concluding the article, here’s a couple of miscellaneous topics you should be aware of.

Remember, your coins are locked

If you click the “Coin Control” button in the “Send” tab of your local wallet, you’ll see that your masternode coins are locked, and will remain that way while your masternode is operational.

Unlocking your coins

If you want access to your coins again, you’ll need to do the following:

  • Stop the masternode software on the VPS:

~/pivx-3.0.6/bin/pivx-cli stop

  • In your local wallet, edit your masternode configuration file, removing the line you entered in step 4.
  • Restart your local wallet, at which point your coins will be available for spending.

Monitoring your masternode

I run several masternodes, and have created a Keyboard Maestro macro on my Mac that runs each 30 minutes, checking that my masternodes report correct status, and checking that they are running on the correct chain. (Chain checking is more relevant to new projects, that don’t have strong networks, and frequently fork.)

If you happen to run Keyboard Maestro, you can download my macros here. You’ll need to edit the server variable with the IP of your VPS.

If you don’t run Keyboard Maestro, and want to setup something yourself, here is the basic logic:

  • Query the server’s masternode status, and grep for the success string.

ssh [email protected]<server> "~/pivx-3.0.6/bin/pivx-cli masternode status"

  • Grab the current HTML from the PIVX block explorer:

curl http://www.presstab.pw/phpexplorer/PIVX/block.php

  • Grep to extract the hash of the latest block, using this regex:

Block\ Height:</th><td>([^<]+)<([^B]+)Block\ Hash:</th><td>([^<]+)

The latest hash will be found in \1 and the hash of the latest block will be found in \3.

  • Grab the hash of the latest block from my masternode.

ssh [email protected]<server> "~/pivx-3.0.6/bin/pivx-cli getblockhash <latest_block>"

  • Compare the two hashes. If they are different, then our masternode is off-chain, and needs to be re-synchronized, which involves stopping the server, deleting some files, and restarting. (My Keyboard Maestro macro handles that task as well.)

To re-sync, between stopping and starting the node software, here’s the command for deleting the files. (Thanks to moocowmoo of the Dash project for dramatically shortening the command I previously used):

ssh [email protected]<server> "cd ~/.pivx ; mv wallet{.dat,.k} ; rm -rf *.dat *.log blocks chainstate ; mv wallet{.k,.dat} ;"

Finally, if you ever need to confirm the version you’re running:

~/pivx-3.0.6/bin/pivx-cli --version


If this is your first time setting up a masternode, you’ll probably run into some hiccups. (Hopefully less than I did, with the available of this article!). If you need help, here’s two recommendations:

  • You can feel free to contact me, either by posting a comment on this article (which might help others), or emailing me through the contact form.
  • Most projects have a Discord online chat, with a #support channel in which you can ask questions. The PIVX project have paid personnel working in theirs, which have proven tremendously helpful in my experience.


As you’ll have noticed from my previous articles, I’m transitioning from the world of traditional investing, to the world of crypto investing, and in the process am doing a lot of hands-on learning to make sure I understand the ins and outs of this space.

Through this blog, and for the benefit of new entrants to this space, I hope to write articles that simplify some of the complex topics that I’ve struggled with, including details that many others have glossed over or left out entirely.

I hope you’ve enjoyed this one about operating a masternode, and if you have any questions or feedback, don’t hesitate to leave a comment below or email me through the contact form.

Learning about cryptocurrency mining

As a long-term investor in crypto, I want to deeply understand as many aspects of the space as possible. Having started to follow traders and miners like @notsofast, I decided that mining was one such area.

While I’m definitely not someone who’d likely be able to setup a “mining rig”, I did manage to do some mining, and wanted to document what I learned. Also, since there was so much digging around involved in actually getting started, I wanted to pull together the details into the article I wish I’d had available.

So in this post, I’m going to talk about my experience with cloud-based CPU mining, and my experience with cloud-based rental of mining rigs. But first, let’s introduce a couple of key concepts.


For starters, mining is a computational activity in which you calculate hashes in an effort to validate blocks of transactions on the chain of whatever coin you’re trying to mine. The calculation of a hash is performed according to a particular cryptographic hashing algorithm, of which there are several. In the case of bitcoin, the algorithm is called SHA-256.

A hashing algorithm takes any size input, and produces a fixed-length output, from which the input can not be determined. That’s why hashing algorithms are referred to as one-way functions. The process of mining, at least in bitcoin (I haven’t checked if it’s precisely the same for others), involves calculating the hash of a block of transactions, the hash of the block header, hashing those together and looking at the output for something called a “nonce”, which verifies that we’ve found a block.

The miner then broadcasts those hashes to the network, which can verify their work and assign them the reward.


Whether I’m using my laptop computer or a full-bore rig to mine, I only get a reward when I find a block. And that can take a long time. For that reason, mining pools were formed, that aggregate the hashing power of multiple contributors. Whenever the pool discovers a block, the rewards are distributed pro-rata to the pool contributors.

From what I can tell, most mining nowadays is done in pools.


Bitcoin was originally mineable with CPUs on desktop and laptop computers. People later discovered that GPUs (graphics processors) are much better at computing hashes, at which point it became economically uninteresting to mine with CPUs. Finally, task-specific processors called ASICS were produced, which are optimized for the computation of hashes.

There seems to be an order of magnitude in capability between these technologies, with hash power discussed in units of KH/s, MH/s and GH/s, respectively.

As you can imagine, there’s also a cost difference between these technologies. Getting up and running with a GPU “rig” is more expensive than mining on your laptop, and only those willing to make a major investing in mining are using ASICS.

Interestingly, some projects, like Ravencoin, wish to preserve a broader community of miners—i.e. less consolidation of hash power—and design their hashing algorithms to be ASIC-resistant.

Cloud-based CPU mining

Given that I can’t setup a mining rig, my first option for experimenting with mining was to deploy cloud servers (VPSs) at places like DigitalOcean and Scaleway (which even I can do in a few clicks), and then hopefully find some Unix-based CPU mining software.

Fortunately, some Unix-based CPU mining software does exist, and is even designed to allow you to mine a variety of coins, using a variety of hashing algorithms. It’s called cpuminer-multi.

Below are the CLI commands I pieced together to get the software installed and running. This assumes you’ve created a server running Ubuntu 16.04 (the default OS at DigitalOcean, and offered by almost all cloud-server providers) and are logged in as root (and be sure to answer “Y” to any prompts):

Here’s the first command (not sure what it’s doing):

apt-get update

Now we make sure the git version control software is installed:

apt-get install git

Now we install a bunch of stuff that’s going to let us build the cpuminer software on our server:

apt-get install automake autoconf pkg-config libcurl4-openssl-dev libjansson-dev libssl-dev libgmp-dev make g++

Now we download the cpuminer software:

git clone https://github.com/tpruvot/cpuminer-multi

Now we switch into the cpuminer directory:

cd cpuminer-multi

…and we build the software:


We’re going to launch the cpuminer software inside a screen manager (called “tmux”) so that we can then close our login session if we want:


Finally, it’s time to issue the command to start our miner! As you’ll see, we’re going to be passing in some information (parameters), including the pool where we’re going to mine and how we’ll be identified there.

To mine Ravencoin, I created an account at the Suprnova pool, then created a “worker”, specifying an arbitrary worker name and password. Also, in your Suprnova account, you have to specify a payout address where you want your earnings sent.

So here’s the format of the command you issue inside tmux to start mining Ravencoin at Suprnova:

./cpuminer -a x16r -o stratum+tcp://rvn.suprnova.cc:6666 -u <user_name>.<worker_name> -p <worker_password>

You can see that the algorithm we’re going to be using is Ravencoin’s “x16r”, which is an algorithm that rotates between 16 algorithms, in an effort to be ASIC-resistant.

There are other pools that don’t require creating an account at all. You simply pass your receiving address in the miner launch command, like this:

./cpuminer -a x16r -o stratum+tcp://ravenminer.com:3636 -u <your_Ravencoin_address>

Couple of things before moving on:

  • To escape from tmux, type control-b followed by d. Don’t worry, though, your miner is still running, but it’s safe now to logout of the server if you like. To kill the miner, run top, which will show your miner process at the top, quit out of top with q, and then kill your miner with kill <miner_process_id>.

  • I understand that at Suprnova, you should create a different “worker” for each machine that’s going to be mining in your account. At the pools where you don’t create an account, however, you can mine with multiple machines on the same receive address.

  • Finally, the pools and crypto projects could really help noobs like me by specifying the whole command to start mining. Some just say things “Stratum on port 3636”, and assume you know the rest.

How were the results?

In a word, awful, but that was expected. Using a 16-core “optimized” droplet at DigitalOcean ($320/month or $0.476/hr), I was able to generate 850 KH/s (kilohash per second). Interestingly, with a Scaleway 8-core “bare metal” server ($20/month), I was only able to generate about 65 KH/s. I’m not sure why there’s a 10x difference, given a doubling of cores, but I wasn’t bothered to look into that.

Economically, at DigitalOcean, I was getting about 2.65 H/s/$ (hash per second per dollar), while Scaleway was about 3.25 H/s/$. So one would do slightly better to deploy 13 servers at Scaleway, but, of course, that adds some overhead. (And, as we’ll see below, this is a moot issue anyway.)

Using the DigitalOcean machine, I was mining about 1.74 Ravencoin per hour. With a server cost of $0.476/h, that means I was paying about $0.27 for each Ravencoin.

At the same time, in the #trading channel in Ravencoin’s Discord chat, OTC trades were happening at about 500 Satoshis, or about $0.06 per coin—i.e. 4.5 times cheaper than I was paying through mining. (And those 500 Satoshies represented a 500% price increase with respect to the previous 48 hours, given the news that Overstock had invested in the project!)

So clearly, I’d be better off buying Ravencoin, than mining it. (I noted that almost everybody in the #mining channel were using GPU rigs, and getting MH/s performance.)

The conclusion here is that CPU mining generally makes little economical sense, but it is a convenient way to actually try out and learn about mining.

Before leaving the topic of cloud CPU mining, it should be noted that most cloud-server providers prohibit mining, since most VPSs (virtual private servers) use shared infrastructure, such that your miner software’s consumption of 100% of the CPU, 100% of the time, unfairly impacts other VPS users. At DigitalOcean, for example, they only allow mining on their “optimized” droplets, which use dedicated CPUs, and at Scaleway, you can only mine on the bare metal servers.

(Some providers actually offer GPU cloud-servers. I didn’t experiment with those as their costs are upwards of $1,000 per month, and don’t seem to be available on a per-hour basis. I was actually prepared to try one, but I couldn’t find an answer to the question of whether the software would auto-detect and use the GPU. Since its name is “cpuminer”, my guess was “no”, and I didn’t want to drop $1,000 to find out.)

Renting real mining rigs

The next stop on my mining journey was NiceHash.com which offers a marketplace where you can actually rent time on someone else’s mining rig.

At NiceHash, after setting up an account and depositing some bitcoin, you create one or more pool configurations where you want to mine. For this experiment, I chose the IPBC coin that I’d seen @notsofast mention he liked.

Next, you access the “marketplace” under the “For buyers” menu. This screen seemed to be an order-book of offers to rent hash power.

The documentation recommendeds that beginners create “Fixed” offers, as compared to “Standard”, since there’s only two variables under your control—hash power limit, and total cost.

(After entering those two variables, the order window updates with an estimation of how long your mining will last. I think the maximum time allowed is a few days.)

I set the hash power to 0.2 MH/s, and the amount of BTC I wanted to spend on the experiment, and clicked “Place Order”. On my first attempt, the system responded that there were no matching offers. Adjusting the values slightly, though, my offer was accepted and a graph appeared immediately, showing the state of my mining!

I then switched over to the IPBC pool’s website, did a lookup on my IPBC address, and saw that, sure enough, I was contributing about 200 KH/s of mining hash power to the pool! And then I waited.

Each time the pool found an IPBC block, the website would report a proportional payment to me—based on the number of “work shares” I’d contributed—and those payments soon appeared in the IPBC wallet that was running on my Mac.

How were the results?

Better than with CPU mining, for sure, but still not economically interesting. Using NiceHash, I was paying about $0.60 per IPBC coin, while they were selling on the Livecoin exchange for about $0.40.

According to some users on reddit, the people who profit from using services like NiceHash are those who closely monitor the short-term windows when the rental cost movements lag the price movements of coins. (Perhaps that explains why maximum rental duration is specified in units of days, instead of, say, months or years.)

Renting can also make sense for people who want to speculatively mine a brand new coin that’s not listed on an exchange.

Update: After writing this article, I posted another article about how to calculate the breakeven cost of mining a coin, so that you can determine whether or not it’s economically worthwhile to mine with rented hashpower.


I’m really happy to have spent the time and effort to actually do some cryptocurrency mining. In the process, I learned about how mining actually works, I learned about the role of hashing algorithms, and I learned about the economic realities of cloud-based CPU mining, and GPU rental mining.

Hopefully, getting my hands dirty in the trenches will help me to become a better long-term investor in this space. That’s my objective, in any case.

Next stop on the journey, staking and masternodes. Stay tuned!

Usability in the crypto world (or my experience as an ICO participant)

Today, for the very first time, I decided to participate in an ICO. Taylor is an app that promises to help normal people, as well as seasoned traders, profit from crypto trading, through automation. Looks like a very interesting project, about which several in the community I respect are excited, so I decided to dip my toes into the world of ICO investing.

To participate in the Taylor ICO, you have to:

  1. Register.
  2. Inform them of the Ethereum address from which you will purchase your TAY tokens.
  3. Verify your identity through their KYC/AML process.

For the uninitiated, the above step 2 could be the first roadblock. You see, most ICO tokens actually live on the Ethereum network, as an Ethereum-compatible token created according to the “ERC20” standard. So to receive your ERC20 token (“TAY” in this case), you need an Ethereum wallet that provides a user interface to manage ERC20 tokens.

My two wallets, a Nano S hardware wallet and the Exodus desktop wallet for Mac, didn’t seem to support manually adding ERC20 tokens. I did find one, though, “Edge” for iOS, which does.

OK, using Edge, I need to add the TAY token to its Ethereum wallet. To do that, you need some information:

  1. The token name
  2. The token symbol
  3. The token’s “contract address” on the Ethereum network
  4. The number of decimal places (for whatever reason)

Unfortunately, the Taylor people didn’t expect folks on the website to need this information. Fortunately, they did expect that people on Twitter would.

So, after adding the TAY coin to the Ethereum wallet in Edge, I’m ready to purchase some TAY (YAY!). But just above the QR code that you scan to send off some Ether, there’s this ominous warning:


This is where some significant knowledge and technical assumptions are being made (you need to understand what gas price is, and have the ability to manage it), and a very narrow gate is being put up for your everyday Ethereum user. The “gas price” relates to the fee that is going to be added to your transaction to incentivize Ethereum miners to process the transaction. It’s also something 99% of all Ethereum users don’t think about when sending transactions.

Fortunately, my Edge wallet has a “Change Mining Fee” action item, in which we find three options: High, Standard and Low.

Well, I tried all three, and all three transactions were rejected with a “ran out of gas” error. Ran. Out. Of. Gas. WTF?

Fortunately, again, the Edge wallet also provides a “Set Custom Mining Fee” button, and so I set off to create a new transactions with the price bumped up close to the warned limit of 50 Gwei (whatever a Gwei is).

So here’s what the Set Custom Mining Fee screen looks like:


See any problem here? THERE ARE NO UNITS DISPLAYED!

Well, since the good people at Taylor said not to exceed a price of 50 “Gwei”, I’m assuming that Gwei must be the standard unit, and so I type in “40” (just to be on the safe side) as the Gas Price, and fire off my transaction.

Waiting a few minutes, I go to Etherscan, to check on the status of my transaction, and see that it’s expected to be processed…

“In a very long time…” Sigh.

And on that same transaction status screen, I see that the fee I set on the transaction was 0.00000004 Gwei, or about $0.000001. So as it turns out, the price unit in Edge is “Wei”, and a “Gwei” is 109 Weis—that’s nine zeros!—which means that instead of typing “40” into Edge, I should have typed the very-error-prone number, “40000000000”.

Heavy, heavy sigh.

OK. So I configure another transaction—the fifth of the day!—carefully typing in all those zeros, and sent it off. I then waited a while, checked the transaction, and see this error:

“There is an earlier pending transaction in the network, that must process first before this one.”


So before my correctly configured transaction can process, my near-zero-fee transaction has to process first, which is expected to complete in…that’s right, “A Very Long Time”.

Head off to Google. “Can I cancel an Ethereum transaction?”

Turns out you can not. What you can do though, is re-broadcast a new transaction using the same “nonce” (whatever that is), with a higher fee. The miners will see both, and pickup the higher-fee transaction, discarding the other.

So that’s a solution, but unfortunately the Edge wallet doesn’t provide the UI necessary to modify the “nonce” of a transaction.

I could ask Taylor to whitelist a new Ethereum address, so I could start over from a new wallet. But the problem there is that eventually these two pending transactions will/might get processed from an address perhaps no longer associated to me. And if I do nothing, by the time these transactions process, the ICO might be over.

So I guess I’m screwed. But here’s the point of all this…

If you’re reading this, and actually understand what happened, chances are you’re (a) more technically involved in this space than me, and (b) snickering because this is something that’d never happen to you.

But here’s the thing. you probably are more technically involved than me. But, I know enough to have developed a Ruby-based software application that does my trading over APIs, which makes me more technically involved than 99{ad274ad889bc1e297d0fa7a0471c34c41541cb748ff9f79b10160b1d4544149a} of the mainstream out there who we need involved in this space if this industry is going to grow and prosper.

And for that to happen, things like empathy, usability and user experience design have to become priorities of those early creators in this space, such as wallet makers like Edge (who, to be honest, have created an overall really nice UI/UX), builders of applications, as well organizations running ICOs.

If you agree with that, then help sound the trumpet for usability whenever you can!

(By the way, if you’ve done your diligence, are interested in the Smart Taylor ICO and feel some sympathy for me 🙂 you might signup using my referral link.)


The CEO of Taylor contacted me, and let me know that with MyCrypto or MyEtherWallet, I could access the Edge wallet (using its seed), and then create an offline transaction with the same nonce, and broadcast it. The details are documented here. I used MyCrypto to try it, and it worked!