The Ten Commandments of Bitcoin

Regular people and banks rejoice! I have summarized the mentality of all bitcoin users! Or it could just be false consensus bias. Either way, the detail is astounding.


All bitcoin users.

Everywhere on Earth


  1. Trust no one and verify the lack of malware on everything
  2. Never trust a zero-confirmation transaction.
  3. Only use a truly random number generator for private key generation
  4. Protect your private keys and passwords to unlock private keys
  5. Remain completely anonymous and private. Never reveal your used addresses, identity, or balance.
  6. Do not constrain the resources of the network
  7. Do not fork the blockchain
  8. Do not premine
  9. Help develop the bitcoin ecosystem
  10. Do not use bitcoin at all because it is unsafe
  1. Trust no one and verify the lack of malware on everything.  – In bitcoin, the philosophy is that everyone, including the federal government, is corrupted or will become corrupted and is out to steal your money. The only language we can all trust is the math of hash functions and digital signatures and our goddess sepk256k1. Trust in anyone or anything created by someone other than you assumes that the person is not out to get you and is completely invulnerable to attacks themselves.
  2. Never trust a zero-confirmation transaction. – There is a chance that the transaction can be in some miners’ mempools and not in others. There is a chance that your transaction could be invalidated from transaction malleability. Even when the transaction is included into the blockchain, the chance that it can be reversed due to a blockchain fork is never zero, even past six confirmations (unless the block is hard-coded into the client)
  3. Only use a truly random number generator for private key generation – with an HD wallet, if one gets ahold of the seed[s], then they can spend all of your money. If one gets hold of one private key and a master public key on a non-hardened branch, they can spend all the money in the other private keys. With a bunch of random disconnected private keys, it is much harder to steal your money.
  4. Protect your private keys and passwords to unlock private keys – Private keys control money.
  5. Remain completely anonymous and private. Never reveal your used addresses, identity, or balance. – If you reveal this information, you could be extorted for all your money over the phone and receive death threats like Hal Finney. Or more likely, your friends will treat you differently and your relationships will center on money. His friend Satoshi was wise and disappeared, not having his bitcoins interact with all the vulnerable Earthlings.Further, if you are a criminal and your money is identified on the blockchain, have fun trying to spend it. It is now “dirty money”. In bitcoin, the cleanest money is newly minted bitcoins with no transaction history.
  6. Do not constrain the resources of the network – each node only has limited resources, and by consuming those resources excessively, you increase the barrier-to-entry for full nodes and destroy the decentralized nature of the network.
  7. Do not fork the blockchain – The blockchain is on earth, not in a box with a cat. There can only be one history. Arguing over what version of history is valid decreases faith in the history recording system.
  8. Do not premine – Remember everyone saying that bitcoin was a Ponzi scheme? It isn’t, but only because it is decentralized. The more you premine, the more coins are “owned” by one entity. This brings your coin closer to a Ponzi scheme.
  9. Help develop the bitcoin ecosystem – There is no direct monetary incentive to develop bitcoin or applications on top of bitcoin. There are only indirect monetary incentives in that by making bitcoin more useful, the demand and value of all bitcoins will increase. Imagine if by sending a bitcoin transaction somewhere, you could teleport there instantly! Then everyone would be buying bitcoin.
Warning: The following instructions are jargon-heavy. If you do not care for technical details, you may skip to the end. 
  1. Trust no one and verify the lack of malware on everything
    1. Download the entire blockchain to ensure that bitcoins are indeed registered to your addresses. Do not use a bitcoin API or SPV wallet.
    2. Travel in person to at least half of all 6000 bitcoin nodes simultaneously to make sure their blockchain is the same as yours to ensure that there is no Sibyl attack occurring at your endpoint of the network.
    3. Don’t give anyone your private keys or believe promises that others will give you coins from their private keys (Coinbase, Bitpay, donation button, mixing services, non-Lighthouse bitcoin crowd funding services) Always accept payments on your own server where you control all private keys.
    4. Don’t give or let anyone generate a private key for you. Generate them all yourself offline with a perfect random number generator.
    5. Don’t let anyone generate a payment address for you because they can always swap out your address for theirs.
    6. Do not give anyone a password-encrypted private key and then give them the password to decrypt it later UNLESS you know it is client-side only and verify the source code is not sending your key every time you load the website. (e.g. the web interfaces of BitGo and Coinbase Multisig vault, My wallet, Passpack, OneID, LastPass)
    7. Don’t use your private keys with any software you did not read the source code for and compile yourself
    8. Don’t trust any compiler or assembler without seeing the individual punchcards they came from.
    9. Don’t put private keys on any silicon you didn’t inspect the die of. This includes but is not limited to: Intel processors, RAM, SSDs, hard drive controllers, chips that contain motherboard BIOSs, keyboards, mice and hardware wallets. If you cannot inspect the silicon die, then compute all hashes and ECDSA signatures on a combination of paper, pencil and an abacus.
    10. Before signing a transaction, always inspect the voltage levels in RAM to make sure that the monitor firmware is not lying to you about what you are signing
    11. Do not participate in a centralized mining pool. Only use decentralized mining pools like P2Pool, and repeat the above commandments for P2Pool since it has its own blockchain and software
    12. Do not trade bitcoin by trading private keys. Always generate new private keys for each transaction.
    13. Only engage in atomic trades (trades that cannot be divided, like trades in video games with trade windows where goods are exchanged simultaneously). Handing over a payment, good, or service non-atomically is asking to be cheated unless there is a contract guaranteed to close the trade.
  2. Never trust a zero-confirmation transaction. Never trust a transaction unless it has infinite confirmations because someone can always outrun the main blockchain in a proof-of-work system.
  3. Only use a truly random number generator for private key generation and generate private keys of infinite length and addresses of infinite length. Otherwise, someone might generate the same private key or address.
  4. Protect your private keys and passwords to decrypt private keys
    1. Scatter bitcoins amongst many private keys stemming directly from the random number generator to limit damage if any of the keys were stolen
    2. Always generate new private keys and addresses for each transaction. Never use the same address to spend more than once or receive more than once.
    3. Never destroy any private keys to protect against commandment violators who send or refund funds to a used address
    4. Never spend your bitcoins because this will reveal the ECDSA public key. Do not use ECDSA signatures to spend bitcoins. Only use Lamport signatures to prevent key compromise in the event of a non-deterministic Turing machine such as a quantum computer
    5. Do not let anyone measure the power usage of your hardware wallet because they can deduce a private key from the power usage of the processor as it executes instructions for ECDSA multiplications (this is called a side channel attack) They can even use differential power analysis.
    6. Do not allow attacker code on one CPU core to observe the cache misses of another CPU core while signing
    7. Do not allow any overclocking or anything that can compromise signing hardware faults
    8. Always use an air gapped, cold storage computer as a signing agent to prevent against network-based zero-day exploits like POODLE and Heartbleed and those found in Stuxnet
    9. Always sign transactions with threshold signatures to prevent reconstruction of a private key
    10. Always create new private keys with nothing less than a key ceremony with signatories from the organization, one lawyer, a notary, two video camera operators and armed guards
    11. Do not use Trusted Platform Modules (TPM) or hardware security modules (HSM) because this implies that you want to spend your coins and violate commandment 4.4
    12. Encrypt the private key with a truly random key that is infinitely long and use infinite rounds of infinite block length AES and bcrypt or one-time-pads with infinite stream length to make sure brute force attacks are never successful. Make sure all passwords go through at least 1000000000000099999 rounds of PBKDF2
    13. Fragment the encrypted secret into an infinite number pieces scattered across the universe to prevent physical theft
    14. Keep infinite redundant copies of all shards scattered across the multiverse on different kinds of physical media to fight degradation. This includes but is not limited to: NAND flash storage, paper, brain neurons, DNA, propagating gamma waves, and planet alignments
    15. After one brute-force attempt, all private key shards shall transfer their value to another set of private key shards and self-destruct
  5. Remain completely anonymous and private. Never reveal your used addresses, identity, or balance.
    1. Broadcast a single transaction from all bitcoin nodes everywhere simultaneously to prevent your physical location from being known
    2. Broadcast multiple transactions at unpredictable time intervals to prevent them from being grouped in time.
    3. Do not transmit large amounts of bitcoin. Transfer medium amounts to avoid being noticed.
    4. Always communicate payment addresses in person, exchange payment addresses over PGP, use stealth addresses (Diffie-Helman) to generate payment addresses after exchanging PGP keys or stealth addresses in person with three different kinds of ID.  Alternatively, generate payment addresses after providing the master public key under a unique hardened hierarchical deterministic wallet branch.
    5. Always use CoinJoin with all inputs and being the same size and all outputs being the same size in every transaction
    6. Do not use SPV wallets. Even with bloom filters they still are not private.
    7. Do not query for your address balances through bitcoin APIs unless no one else can see the server logs and the server has a full node on it.
    8. Do not reuse addresses. An address is considered “used” if you have shown it to anyone at all regardless of whether they paid. If you show someone an address, they don’t pay, then you later have someone else pay you at this address, now there is a third party “observer” that knows you have money.
    9. Place the change output of your transaction in a random place each time. Do not make it the last output each time.
    10. Do not transfer “round numbers” with few significant figures such as 10.00 USD or 0.1 BTC because it will be obvious how much money was really transferred
    11. Do not merge old outputs into one transaction. “merge avoidance”
    12. Do not use P2SH multi-sig addresses (that start with a 3) at all because they reveal that access control is being used.
      1. Do not pay with only a P2PKH addresses (addresses that start with a 1) or P2SH addresses (addresses that start with a 3)  and then have a change output because now it is obvious which output is the change output. If you have both address types as output, have both address types as input.
      2. Do not use obscure multi-sig schemes such as 1-of-1 and 2-of-7
    13. Do not deposit bitcoin into an exchange like Mt Gox and then request that all your fiat money be wired to Panama
    14. Do not provide a shipping address for any goods you pay for in Bitcoin
    15. Do not purchase Bitcoin from anywhere that requests your identity like BTCJam or Coinbase. In fact, do not purchase Bitcoin at all. Only mine it and broadcast blocks from everywhere at once.
    16. Do not purchase bitcoin miners. Shovel dirt from your backyard and purify the silicon to make the ASICs yourself. Use completely off-grid electricity so that the power grid does not see your energy usage. Go to another planet and only broadcast coinbase transactions from there (through Earth proxies) so that the Earth satellites in orbit don’t detect ASIC heat dissipation from your house.
    17. Do not broadcast any info about your transaction at all. Only broadcast that your transaction happened and disclose everything else with a zero-knowldge proof.
  6. Do not constrain the resources of the network
    1. Do not “bloat the blockchain”
    2. Do not establish TCP connections to hundreds or thousands of nodes.
    3. Do not raise the difficulty and then suddenly remove all the hashpower
  7. Do not fork the blockchain (e.g. with a Sybil attack, 51% attack, or network isolation)
  8. Do not premine unless you have a way of distributing all coins to all users simultaneously in a “fair” way. It better be more ideal than the Auroracoin airdrop. Maybe distribute encrypted binaries like Steam does pre-release date.
  9. Help develop the bitcoin ecosystem, from core to application layer.
    1. Do not trade testnet1 coins for real money and force the creation of testnet2 and testnet3
    2. Read every whitepaper everywhere and evaluate all new ideas for their contribution to the above commandments
    3. Do not centralize anything you create so that you may leverage fees (e.g. non-Lighthouse bitcoin crowd funding websites that charge fees higher than Kickstarter)
  10. Do not use bitcoin at all because it is only “very hard” to brute-force collide any kind of signature and find collisions for any block nonce. It is also possible that all of the electrons in the miner computers are in the improbable portions of their wavefunction and computing SHA256 incorrectly. It is not impossible.

If you do not develop the bitcoin ecosystem by 1) providing opinions, 2) writing source code, or 3) directly mining yourself, then you are not participating in the direct democracy that bitcoin aims to be and are submitting to the government that is the miners, Gavin Andresen, and the rest of the core developers/academics. And you said you didn’t want a Federal Reserve.

Alternatively, you can make some compromises on the above commandments and profit enormously because you remove some of the pain associated with following the ten commandments of bitcoin. Such businesses include, Coinbase and BitGo.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s