Bitcoin's strategy for more security. Bitcoin Tech Talk Issue #191
There are many ways to become more vulnerable to attack. You can download malware, move to a seedy neighborhood, post your social security number to a forum or leave cash in a shoebox in your closet. There’s really only one way to become less vulnerable and that’s to reduce your attack surface. This means reducing or eliminating things that are known to be easily attacked.
Software such as Bitcoin Core take security seriously and that means reducing the attack surface of the software itself. Bitcoin Core 0.20 is out and it demonstrates well this principle of eliminating potential vulnerabilities.
The “reject” network message from BIP61 has been completely removed as well as the OpenSSL dependency. BIP70, the payment protocol which was pushed hard by BitPay for a long time, but which they finally gave up on. BIP37 is also being deprecated (though not completely yet) with the idea that these are features that were introduced but unused and put a needless maintenance and security burden on the project. Eliminating such things is good security practice and should give observers more confidence in how Bitcoin goes about things.
Another feature that’s gotten a lot of press is the ASN bucketing feature, which reduces a particular form of attack called Erebus. This makes it harder for someone to isolate your node by making peer selection a lot more diverse. This is a theoretical attack, but one that Bitcoin nevertheless is guarding against.
One feature that looks interesting to me is the option to dump the entire UTXO set using the RPC, which bodes well for some sort of fast syncing feature at some point in the future. Spinning up new nodes from a trusted node using a known and trusted UTXO set should be a lot faster.
Overall, I love the cleanup of unused/bad features and the focus on security. This is in large contrast to projects like Ethereum which patch things only after the vulnerabilities are exploited. This is a security disaster waiting to happen and doesn’t bode well for its long-term health.
Bitcoin
Trezor has a controversial update to its firmware based on a security vulnerability as explained here. The vulnerability has to do with getting the Trezor device to sign two different transactions, using the signatures to create a third transaction which pays a crazy fee. The only way it could get exploited is if the attacker also can mine at least one block. The reason for the controversy is that the firmware no longer will sign inputs based on partially-signed-bitcoin transactions (PSBTs). Among other things, using Trezor with BTCPay server, Wasabi or anything using the Hardware Wallet Interface (HWI) from Bitcon Core will no longer work.
Schnorr BIP is making more progress as the modifications from last year have been merged in. The commitment has been changed for the signature. There are additional things that need to happen in order for this soft fork to activate on the network and my optimistic prediction that this would activate this year doesn’t look great anymore.
Europol has a report about Wasabi wallet, specifically their coinjoin service. Essentially, the report admits that such coinjoins are very effective and hard to “demix”. I can’t think of a better endorsement for coinjoins than law enforcement saying that it’s effective.
Jameson Lopp has written a well thought out piece on private key management. Essentially, the advice is to control your own keys in a robust way and use good security practices like 2FA and not installing random stuff on your computer. The advice is a must for anyone getting into Bitcoin and following such practices will help such people not lose their Bitcoin.
Lightning
Gleb Naumenko and Antoine Riard have written on time-dilation attacks on the Lightning Network. These are a class of attacks based on controlling the access to the blockchain of a particular node by delaying the delivery of blocks to the node. This is generally difficult and in the post and paper this is called “eclipsing” a node. Once a node is eclipsed, however, it becomes reasonable to execute time-dilation attacks, essentially cheating the victim LN node by not letting it know it’s being cheated through delaying the delivery of blocks. The attack is mitigated somewhat as eclipsing a Bitcoin Core node is pretty difficult, though not impossible.
Economics, Engineering, Etc.
Rusty Russell has written on exchanges being enemies of Bitcoin. His analysis is spot on. Many crypto exchanges are not helping the Bitcoin ecosystem whatsoever and many are encouraging regulation so their businesses can be protected against competitors. They also make it much easier to buy altcoins than Bitcoins despite the obvious consumer preference for the latter.
Leo Zhang has written an amazing article on the economics of Bitcoin miners. The article points out three different cycles that miners have to deal with. That of Bitcoin’s halving schedule (4-year cycle), the climate cycle (yearly, affects electricity prices) and the hardware upgrade cycle (new generations of ASICs). It turns out that even ancient Antminer S9’s are useful for certain miners who can get really cheap electricity. He also predicts better quality equipment as the hardware cycles are getting longer and the current equipment needs to last 3-4 years instead of the typical 2 years as had been in the past.
Sylvain Saurel reports on GBTC activity, specifically that they’re adding a lot of Bitcoin to their position this year. This could be some form of arbitrage on their 20%+ premium, but regardless, there’s a lot of Bitcoin going straight into the trust. The fact that this amount is greater than the amount of Bitcoin being mined is a great sign for future demand.
Coinbase is selling Bitcoin chain analysis services to the US government. This company continues to antagonize Bitcoin users and though it would be sweet justice for them to suffer financially for it, so far, they seem to be doing very well. Unfortunately, their database of users is very large and they have a large part of the Bitcoin transaction graph pretty well de-anonymized which they’ll use for certain as part of their sales package. The only thing I can say is that if you don’t want your data to end up with the US government, don’t use Coinbase.
Bloomberg has written an interestingly framed piece on Bitcoin’s expected price at the end of the year. They essentially argue that they can’t think of a reason why Bitcoin won’t go to $20,000. This is a far cry from the comparisons to tulips of yesteryear and bodes well for mainstream adoption in the next few years.
Podcasts, Etc
My show this week was on light wallets and I finished reading through Adam Back’s Hashcash paper. I did two shows with Tone, one on Galaxy’s response to Goldman’s Bitcoin report, and another on faketoshi’s Dog ate my homework defense. Finally, I did an interview with ECOS on everything about Bitcoin, especially about the future of Bitcoin in Africa.
You can support this newsletter by buying or gifting my books!
Fiat delenda est