Security is hard! Bitcoin Tech Talk Issue #185

Security is hard. Like really hard. This is because security is asymmetric. That is, the one doing the defending has to secure against all possible attacks while the one attacking only needs to find one vulnerability. It’s for this reason that any decent security engineer seems to normal people as an obsessively paranoid person. It’s because anyone that’s done anything in security knows that we’re all 1 vulnerability away from some really bad stuff.

Of course, security has to at a minimum, guard against known attacks, especially ones that have been performed before and are simple to execute. One such attack is what’s called the $5 wrench attack and Jameson Lopp has written an excellent article on how to protect against that one aspect. Not surprisingly, it looks like overkill to a non-paranoid person. He advocates strong privacy protections in real life and online. He also suggests really good physical security, including your home and on your person. Lastly, he advocates for strong digital security using collaborative custody.

These may seem like they’re going a bit overboard, but they’re not. Security really is that hard and it only takes one slip up in any of these arenas for an attacker to get your Bitcoins.

Bitcoin

Anonymous developer ZmnSCPxj has published an article on a really interesting form of CoinJoin using Adapter Signatures. This extends the ideas from Adam Gibson, which is a two-way CoinSwap. A CoinSwap is two different transactions with the same amount which swaps the history of the respective coins. This can be done trustlessly (aka atomic swap) with Adapter Signatures as they reveal enough information for the other side to create the second part of the swap without any cooperation. Zman has extended that protocol to mix with lots more people in a similarly trustless way. Note that Adapter signatures require Schnorr, so it would be something that can be implemented only after a Taproot soft fork.

Liquid continues to get traction, with almost 2000 BTC locked in the sidechain. Yuri de Gaia has an excellent explainer of all things Liquid, including its federation structure, confidential transactions, confidential assets and its faster speed. While 2000 BTC isn’t very much (a tad over a basis point of the total BTC supply), the potential to equalize prices across exchanges is enormous. As we get ready for the halving, I expect more BTC to go onto Liquid as a way to avoid transaction fees that will inevitably come in the next bull run.

Sideshift.ai has published a primer on integrating P2EP (PayJoin). This is a nice privacy boost and doesn’t require much more than configuring BTCPay. The technical explanation is also nice as the actual protocol negotiation to get the transaction signed by both sides does require some coordination.

Vlad Costea explains why Bitcoin is more secure and faster than altcoins. As he explains, “fast” altcoins are fast because they’re not secure, either due to a very low hash rate or because it’s using something like Proof of Stake. Neither are secure like Bitcoin is and to get the same level of security, it would take far longer to get the confirmations necessary.

Lightning

There’s an extensive discussion going on in the bitcoin-dev mailing list about Lightning and RBF Pinning. Essentially, there’s an unlikely to be exploited vulnerability via the “Replace-By-Fee” carve-out which allows either party to use Child-Pays-For-Parent. The RBF-carveout, or CPFP transaction can be used in conjunction with a miner to potentially steal some funds. The discussion is ongoing and is pretty long and goes very deep into the incentives for the parties involved. This is an excellent example of how deeply developers need to think about the consequences of every single type of transaction.

Economics, Engineering, Etc

One of the most oft-trotted out claims by altcoiners is that Tether is somehow pumping Bitcoin price artificially. A new study by a couple of UC Berkley professors puts that claim in doubt. Their conclusion is that the market tends to go to stable coins during times of high volatility, essentially making them safe-haven assets.

Dan Boneh has published a new version of a graduate textbook in cryptography. Any aspiring Bitcoin programmer should take a good look at material like this as the pitfalls in cryptography are many. It’s not for the faint of heart as it has a lot of mathematical notation, but if you want to build a secure system, knowledge in this arena is a must.

Citizen Bitcoin has published A Declaration of Monetary Independence. It’s an excellent take on what makes Bitcoin so valuable in the “Money Printer Go Brrrrr” times. Something like this will capture the public imagination in the next 18 months.

Remember the $25M hack of dForce last week? It turns out that the hacker returned all of the funds. This isn’t necessarily a white hat hacker being benevolent, however. It looks like the hackers (or smart contract lawyers, depending on your point of view), didn’t cover up their tracks very well and leaked some information. The returning of the funds looks like a way to get leniency from the law.

CryptoWatch has come out with a s2f model indicator. You can now track the stock-to-flow model in real-time! This is probably the most interesting economics question to be answered in the next 18 months as s2f predicts a BTC price of $100,000 somewhere in that span. Will it be disproved or not? You can now keep watch.

Another week, another possible exit scam. This time, it’s a Chinese EOS wallet which may have locked up as much as $52M worth of EOS. Much of that money has apparently been transferred to Huobi, presumabliy to be liquidated.

ICOs don’t pay like they used to. Consensys laid off even more people. This last round cut another 10%. The company still has lots of money, though, and will live a zombie existence for as long as the collective ICO money lasts.

Podcasts, Etc

I had an interesting debate with Erik Voorhees at the Blockdown conference. I also did my talk “How Bitcoin Changes Incentives”. My show last week was on money and meaning. And finally, I did a readthrough of Wei Dai’s b-money paper. I also did a show with Tone Vays on some of the issues with DeFi.

Fiat delenda est.