Subject Index

Each entry links to the section where the concept is defined or receives its primary treatment (listed first), followed by other sections that develop it.

0-9

• 21 million cap · §15.1
• 51% attack · §14.8.2, §25.4, §36.1, §38.8
• 64-byte transaction vulnerability · §35.3, §12.8.2

A

• abelian group · §1.3, §3.5
• activation game (enforcing fraction) · §34.4
• adaptor signature · §29.6
• anyone-can-spend output · §28.3
• Ark protocol · §32.2
• ASIC mining hardware · §14.10
• AssumeUTXO · §21.3, §37.4
• AssumeValid · §21.2, §37.4
• avalanche effect · §6.2

B

• baby-step giant-step algorithm · §4.5
• Base58Check · §9.4, §9.9
• batch verification · §8.9, §29.1.2
• Bech32 · §9.7
• Bech32m · §9.8.1
• bilateral fork · §26.3
• binary operation · §1.1
• BIP-143 sighash · §28.7
• BIP-157 / BIP-158 · §19.3, §19.4
• BIP-340 · §8.4, §29.1
• BIP-37 Bloom filtering · §18.2, §18.7
• BIP-8 activation · §16.3.3, §33.4
• BIP-9 version bits · §16.3.2, §13.2.1, §33.4
• BIP process · §33.2
• birthday bound · §9.1.1, §6.7
• Bitcoin Cash · §27.3
• Bitcoin Gold · §27.5
• Bitcoin SV · §27.4
• Bitcoin Unlimited · §27.2.3
• Bitcoin XT · §27.2.1
• bits field (compact target) · §13.2.5
• BitTorrent precedent · §34.3
• blind merged mining · §31.8
• block · §13.1
• block hash · §13.2.2
• block header · §13.2
• block height · §13.7
• block propagation · §13.9
• block size debate · §27.1, §33.7.1
• block subsidy · §15.2, §10.10, §38.1
• block validation rules · §13.5
• block weight · §13.4.2, §10.8.1, §28.4
• block withholding · §36.5.2
• Bloom filter · §18.1
• BOLT specifications · §24.5
• breach remedy transaction · §23.4
• Bézout's identity · §2.4

C

• CBDC · §40.9
• censorship resistance · §25.6, §36.5.1
• chain reorganization · §36.2, §26.7
• chain split · §16.7.1
• chainwork (most-work rule) · §26.6, §14.6, §37.3
• channel factory · §32.4
• checkpoint · §37.2
• chord-and-tangent method · §3.3
• claims from within the community · §25.7
• client diversity · §33.9
• client-side validation · §22.1
• CLTV delta · §24.1
• coexistence model (monetary) · §40.9
• cofactor · §4.4, §5.5
• coinbase maturity · §15.6
• coinbase transaction · §10.10, §13.6
• collision resistance · §6.1, §12.4
• commitment transaction · §23.4
• compact block filter · §19.3
• compact block relay · §13.9
• compressed public key · §9.2.1, §5.7
• confirmation security · §17.6, §13.7, §37.1
• congruence · §2.1
• consensus rule · §16.1
• consensus, three senses of · §33.3
• contentious fork · §26.9
• control block (Taproot) · §29.3
• cooperative close · §23.5
• coordination game · §26.4, §33.6, §40.3
• coset · §1.5
• covenant · §30.1
• cryptographic accumulator · §21.5
• cryptographic hash function · §6.1
• CVE-2012-2459 · §12.8.1, §35.4
• cyclic group · §1.4, §4.4

D

• data availability problem · §20.6
• DER encoding · §7.9
• difficulty · §14.3
• difficulty adjustment · §14.4, §15.4
• difficulty death spiral · §26.8, §27.9
• digital signature · §7.1
• discrete logarithm · §1.6
• discrete logarithm problem · §1.6, §4.5
• discriminant · §3.1
• domain separation · §6.7
• double-and-add algorithm · §3.6
• double SHA-256 (HASH256) · §6.3
• double-spend attack · §14.8.1, §17.6, §36.1
• drivechain · §31.8
• dust threshold · §16.1

E

• eCash fork (2026, drivechain exit) · §31.8
• ECDSA · §7.2
• eclipse attack · §17.5.2, §36.4
• Electrum protocol · §20.2
• elliptic curve · §3.1, §4.1
• elliptic curve discrete logarithm problem (ECDLP) · §4.5, §5.9
• elliptic curve group law · §3.5
• eltoo / LN-Symmetry · §32.5, §24.7
• emergency difficulty adjustment · §27.3.1
• energy consumption · §14.9, §25.5
• Euler's totient function · §2.6
• executable specification · §33.9
• extended Euclidean algorithm · §2.4
• extra nonce · §13.2.6

F

• fair launch · §15.3, §14.7
• false positive rate · §18.1, §19.5
• federated peg · §31.2
• fee market · §38.4, §10.8
• fee sniping · §38.6
• Fermat's little theorem · §2.5
• Fiat-Shamir transform · §8.3
• field · §2.3
• filter header · §19.4
• finality (probabilistic) · §26.7, §37.8
• flag day activation · §16.3.1
• fork · §26.1
• fork choice rule · §26.6
• fraud proof · §17.7, §20.6, §25.1
• funding transaction · §23.2

G

• generator (of a group) · §1.4, §2.6
• generator point G · §5.4, §4.4
• genesis block · §13.6
• GLV endomorphism · §5.8
• Golomb-coded set (GCS) · §19.2
• Golomb-Rice coding · §19.2
• gossip protocol (Lightning) · §24.4
• Great Consensus Cleanup · §35.1
• group · §1.2
• Grover's algorithm · §39.4

H

• halving · §15.2, §38.1
• hard fork · §16.2, §26.3, §27.3
• HASH160 · §6.4, §9.3
• hashrate · §14.6
• hashrate escrow · §31.8
• Hasse's theorem · §4.3
• header chain · §17.2
• headers-first sync · §21.1
• HTLC · §23.6, §24.1
• hyperbitcoinization · §40.5

I

• initial block download (IBD) · §21.1
• invoice (BOLT 11) · §24.3

K

• key aggregation · §8.8
• Koblitz-type curve · §5.1, §4.6

L

• Lagrange's theorem · §1.5, §4.4
• Lamport signature · §39.6, §39.10
• light client · §20.1, §17.2
• Lightning Network · §24.1, §23.2
• Liquid Network · §31.2.1
• LN-Penalty · §23.4
• locktime · §10.2.2, §11.7
• low-s rule · §7.8

M

• MAST · §29.3, §12.9.2, §8.10
• median time past (MTP) · §13.2.4, §15.5
• mempool · §13.9
• merged mining · §38.7.4, §31.8
• Merkle mountain range · §12.9.1
• Merkle proof · §12.3, §12.4, §17.3
• Merkle root · §12.2, §13.2.3
• Merkle tree · §12.1
• minimum chain work · §37.3
• ML-DSA (Dilithium) · §39.6, §39.8
• modular arithmetic · §2.1
• Mosca's inequality · §39.5
• multi-hop payment · §24.1
• multi-path payment · §24.4
• multiplicative inverse · §2.3, §2.4
• multisignature · §11.8.3
• MurmurHash3 · §18.5
• MuSig · §8.8
• MuSig2 · §29.5, §8.8

N

• Nakamoto double-spend formula · §14.8.1, §17.6, §36.1
• natural fork · §26.2
• Neutrino · §19.7, §20.1
• New York Agreement · §27.7
• nonce (block header) · §13.2.6
• nonce reuse attack · §7.7
• nonce (signature) · §7.7

O

• onion routing · §24.2
• OP_CAT · §30.3
• OP_CHECKLOCKTIMEVERIFY · §11.7
• OP_CHECKSEQUENCEVERIFY · §11.7
• OP_CHECKSIG · §11.5.2
• OP_CHECKSIGADD · §29.4
• OP_CHECKSIGFROMSTACK · §30.5.3
• OP_CHECKTEMPLATEVERIFY (CTV) · §30.2
• OP_RETURN · §11.9
• OP_SUCCESS · §16.8.2
• OP_TXHASH · §30.5.2
• OP_VAULT · §30.4
• order of a group · §1.4
• order of an element · §1.4, §4.4
• Ordinals and inscriptions · §33.7.3, §38.9
• orphan block · §13.8
• ossification · §33.3, §33.8
• outpoint · §10.3.1

P

• P2PKH · §9.5, §10.5.1, §11.8.1
• P2QRH (BIP-360) · §39.7
• P2SH · §9.6, §10.5.2, §11.8.2
• P2TR · §9.8, §10.5.4
• P2WPKH · §9.7.2, §10.5.3
• pathfinding (Lightning) · §24.4
• payment channel · §23.2
• payment preimage · §23.6
• pay-to-contract · §22.2
• point addition · §3.3, §4.2
• point at infinity · §3.2, §4.1
• point doubling · §3.4
• policy rule (standardness) · §16.1, §16.6
• Pollard's rho algorithm · §4.5
• post-quantum cryptography · §39.6
• preimage resistance · §6.1
• prime field · §2.3
• primitive root · §2.6
• private key · §5.7, §9.1
• proof of work · §14.1
• pruning · §21.4
• public key · §5.7, §9.2

Q

• quantum threat model · §39.1, §25.3

R

• random oracle model · §6.6
• recursive covenant · §30.6
• repeated squaring · §2.5
• replay protection · §26.5, §27.3
• REST architectural constraints · §34.2
• revocation key · §23.4
• RFC 6979 (deterministic nonce) · §7.7
• RGB protocol · §22.3
• ring · §2.2
• RIPEMD-160 · §6.4
• rogue key attack · §8.8
• RSK (Rootstock) · §31.2.2

S

• satoshi (unit) · §10.4
• scalar multiplication · §3.6
• scaling verification (device tiers) · §34.1, §34.5
• Schelling point · §26.4, §33.6
• Schnorr identification protocol · §8.2
• Schnorr signature · §8.5, §29.1
• script execution · §11.1
• scriptPubKey · §10.4
• scriptSig · §10.3
• script versioning · §28.3, §16.8.1
• secp256k1 · §5.2
• security budget · §38.2, §15.3, §25.5
• SegWit · §10.6, §16.4.2, §28.1
• SegWit2x · §27.7
• selfish mining · §36.3, §14.8.3
• sequence number · §10.3.2
• SHA-256 · §6.2
• Shor's algorithm · §39.3
• sidechain · §31.1
• SIGHASH_ANYPREVOUT · §30.5.1, §32.5
• SIGHASH_FORKID · §27.3
• sighash type · §10.7
• signature malleability · §7.8, §28.1
• single-use seal · §22.2
• SipHash · §19.3
• SLH-DSA (SPHINCS+) · §39.6
• soft fork · §16.2, §26.3, §28.6
• specification problem · §33.9, §13.10
• Speedy Trial · §16.3.4, §33.4
• Sphinx onion packet · §24.2
• SPV mining (validationless) · §17.10
• SPV peg · §31.3
• SPV (simplified payment verification) · §17.2, §12.7
• Stacks · §31.5
• stale block · §13.8, §26.2
• statechain · §32.3
• subgroup · §1.5, §4.4
• SwiftSync · §21.5

T

• tagged hash · §6.7, §8.4
• tail emission · §38.7.3
• Taproot · §16.4.3, §29.2
• Taproot output (tweaked key) · §8.10, §29.2
• Tapscript · §11.11, §29.4
• target · §14.3, §13.2.5
• timewarp attack · §35.2
• transaction · §10.2
• transaction fee · §10.8
• transaction malleability · §28.1, §7.8
• trust-drift ladder · §34.5
• two-way peg · §31.1
• txid · §10.6.2

U

• UASF · §16.3.3, §33.4, §27.7
• unforgeability · §7.1
• Utreexo · §21.5
• UTXO · §10.1

V

• validation function (predicate) · §13.10, §13.5
• validation pipeline · §13.10
• validity rollup · §31.4
• vault · §30.4, §30.2.1
• virtual size (vbyte) · §10.8.1
• vTXO · §32.2

W

• watchtower · §23.7
• Weierstrass equation · §3.1
• WIF (wallet import format) · §9.9
• witness · §10.6
• witness commitment · §12.6, §28.5
• witness discount · §28.4
• witness program · §10.5.3, §11.10, §28.3
• wtxid · §10.6.2, §28.2

X

• x-only public key · §8.4, §29.1.1

Z

• zero-knowledge proof · §8.2