Idelto

Cryptocurrency news website

technical

Exploring Drivechain, A Miner-Secured Bitcoin Sidechain

by

YouTube Video

Listen To This Episode:

  • Apple
  • Spotify
  • Google
  • Libsyn
  • Overcast

In this episode of “The Van Wirdum Sjorsnado,” hosts Aaron van Wirdum and Sjors Provoost are once again joined by Ruben Somsen. The trio discussed Drivechain, a sidechain project spearheaded by Paul Sztorc.

Sidechains are alternative blockchains, on which coins are pegged to bitcoin. This should make the sidechain coins interchangeable with bitcoin and therefore carry an equal value. In a way, sidechains let users “move” bitcoin across blockchains, where they are subject to different protocol rules, allowing for greater transaction capacity, more privacy and other benefits.

Van Wirdum, Provoost and Somsen explained that Drivechain consists of two main innovations. The first is blind-merged mining, which lets bitcoin miners secure Drivechain with their existing hash power, but without necessarily needing to validate everything that happens on the sidechain. The second is hash rate escrows, which lets miners “move” coins from the Bitcoin blockchain to the sidechain and back.

The hosts also discussed some of the benefits as well as the complications with Drivechain, most notably the security implications of letting miners control the pegging-out process. They considered the arguments as to why this process is incentive compatible (in other words: secure) — or why it might not be.

The post Exploring Drivechain, A Miner-Secured Bitcoin Sidechain appeared first on Bitcoin Magazine.

Bitcoin Core 0.21.0 Released: What’s New

by

Today marks the official release of Bitcoin Core 0.21.0, the 21st major release of Bitcoin’s original software client launched by Satoshi Nakamoto about 12 years ago. 

Overseen by Bitcoin Core lead maintainer Wladimir van der Laan, this latest major release was developed by well over a hundred contributors in a span of about six months. The result of over 600 merged pull requests, Bitcoin Core 0.21.0 is one of the biggest Bitcoin Core releases in recent years, introducing various new features as well as privacy and performance improvements, while taking a big step towards the Schnorr/Taproot protocol upgrade.

Below are some of the more notable changes.

Descriptor Wallets

When coins are sent to a Bitcoin address, what actually happens under the hood is that they are “locked up” in an unspent transaction output (UTXO), to only be “unlocked” (spent) in a later transaction if the conditions hidden in the UTXO are met. A typical condition is the inclusion of a valid signature corresponding to a specific public key. But conditions can for example also consist of the inclusion of a secret code, the lapse of a timelock or a combination of signatures (multisig).

Until now, Bitcoin Core was designed to manage the UTXOs in its wallet around their corresponding private keys — even though private keys are just one of several potential conditions for spending coins. Bitcoin Core 0.21.0 instead introduces “descriptor wallets.” Descriptor wallets let users categorize their UTXOs based on the types of conditions that are required to spend them. (For example: one wallet for UTXOs that just require a valid signature, and one wallet for multisig UTXOs.)

Descriptor wallets are especially useful for application developers who design software on top of Bitcoin Core. A particular application can now easily be designed to utilize only a specific type of UTXO, like multisig UTXOs, and ignore any non-multisig UTXOs.

Regular users may also notice a difference now that descriptor wallets are implemented. Perhaps most notably, no default wallet will be created when a new Bitcoin Core node is started up. Instead, a new wallet is only created when a user specifically chooses to do so, allowing them to create only the specifically desired type of wallet. Descriptor wallets also better support Watch Only wallets: wallets that keep track of certain UTXOs even though the node doesn’t have the private keys needed to spend them.

Bitcoin Core users that upgrade to Bitcoin Core 0.21.0 will still be able to use their legacy wallet for now. (Legacy wallets will eventually be deprecated, meaning users will need to migrate their legacy wallet to a descriptor wallet, but this won’t be strictly necessary until a future Bitcoin Core release.)

Serving Compact Block Filters Over The Peer-To-Peer Network

“Light clients” are Bitcoin wallets and applications that don’t download and validate the entire Bitcoin blockchain, but instead only download and validate parts of blocks and transactions that concern them specifically. This is not optimally secure, but is much less resource intensive.

One popular way to do this is with Bloom Filters. In short, Bloom Filters are a cryptographic trick to request relevant data from more or less random peer nodes on the network. Unfortunately, however, it has become clear over the years that Bloom Filters are rather privacy-unfriendly: they essentially reveal all of the user’s addresses to the (more or less random) peer node, which could of course be operated by a privacy-invading snoop.

A newer and much more privacy-preserving alternative to the Bloom Filter solution is called “compact client-side block filtering” (BIP 157/158). Compact client-side block filtering essentially turns the Bloom Filter trick on its head. Instead of light wallets creating filters to send to full nodes, full nodes create filters for each block and send these to light clients on request. Light clients then use these filters to figure out if transactions relevant to them may have been included in a block. If so, the light wallet will fetch the whole block and pick any relevant transaction data out of it. (There will be some false positives; blocks that won’t have relevant transaction data in them even though the filter suggested they might.)

Existing Bitcoin Core releases could already create the filters locally, and make them available through a remote procedure call (RPC) for applications running on top of the node (like wallets). Bitcoin Core 0.21.0 now also includes the option to make these filters available over Bitcoin’s peer-to-peer network on request. This makes it possible to now operate standalone light clients that use bloom filters.

Fewer Rebroadcast Attempts

Besides Bloom Filters, snoops can also break the privacy of Bitcoin users through network analysis. If they can figure out from which node a particular transaction originated, that node’s Bitcoin address(es) can be tied to its IP address, which can in turn be associated with a real-world identity.

Until now, when Bitcoin Core nodes broadcasted a transaction to the Bitcoin network, they’d try to re-broadcast the transaction every fifteen minutes, until the transaction was included in a block. This meant that if these Bitcoin Core nodes were connected to a snooping peer, it would be obvious for the snoop that the Bitcoin Core node trying to re-broadcast a certain transaction every 15 minutes was also the node where that transaction originated.

Bitcoin Core 0.21.0 greatly diminishes the frequency with which it tries to re-broadcast transactions: only once every 12 to 36 hours. Having to re-broadcast less frequently makes it much more likely that the transaction has been confirmed since the initial broadcast, so the node is less likely to have to re-broadcast at all.

In future Bitcoin Core releases, this privacy leak will be fixed entirely. A Bitcoin Core node will then only re-broadcast transactions that should have been confirmed based on its own mempool and fee calculations. Furthermore, it will re-broadcast other transactions as well, not just its own.

Tor V3 Support

Due to a recent upgrade to the privacy-preserving Tor protocol, new V3 (version 3) Tor-addresses are longer than the V2 (version 2) addresses that came before them. V2 addresses are still in use, but will be deprecated in about a year from now.

Deprecation of V2 addresses would have posed a problem for Bitcoin Core users who want to use Bitcoin over the privacy network. Bitcoin Core nodes find peers by sharing with each other Tor addresses of known Tor-using Bitcoin nodes. They shared this through the same message they use to share other nodes’ regular IP addresses. While Tor V2 addresses could be “hidden” in the regular IP address format (IPV6), Tor V3 addresses are too long for that; in other words, the current messages are too limited to be compatible with the Tor upgrade.

Bitcoin Core 0.21.0 therefore introduces a new format to share IP/Tor addresses with peers. These messages can be big enough to share the Tor V3 addresses.

Schnorr/Taproot Code and Signet/Regtest Deployment

Schnorr/Taproot is poised to be Bitcoin’s first protocol upgrade since Segregated Witness (SegWit) in August 2017. Having been in development for well over two years, the Schnorr signature algorithm is considered an all-round improvement over Bitcoin’s current ECDSA signature algorithm. In combination with Taproot — a clever trick to hide various conditions to spend coins in a cryptographic hash tree — the upgrade promises to offer more smart contract flexibility in a scalable and privacy-preserving manner.

The Schnorr/Taproot code is now included in Bitcoin Core 0.21.0. Barring unexpected developments, this means it will not be subject to any more change, which for example means that application developers could start designing software around the upgrade. In addition, Schnorr/Taproot is now available on Signet (a newer and more reliable variant of testnet, used by developers to test new Bitcoin software) and potentially also on Regtests (additional local testnet variants).

Schnorr/Taproot will not, however, be available on Bitcoin’s mainnet just yet. For this, the upgrade will first need to activate, which requires activation logic that isn’t yet included in this Bitcoin Core release. Activation logic is expected to be included in a minor Bitcoin Core release, possibly somewhere in the next months.

Other…

On top of the changes above, Bitcoin Core 0.21.0 includes various bug fixes and performance improvements that won’t be as apparent for regular users. The Bitcoin Core wallet will for example switch from using the Berkeley DB to the SQLite database, which is better suited as an application data file and offers several guarantees in regards of compatibility, support and testing. Of interest is also that Bitcoin Core 0.21.0 includes a transaction request overhaul: the new message protocol that Bitcoin nodes use to learn about new transactions is better tested, better specified and easier to maintain and review.

For a more extensive list of upgrades, also see the Bitcoin Core 0.21.0 release notes, or see this blog post by Bitcoin Core contributor Andrew Chow for a more extensive explanation of descriptor wallets (as well as legacy wallets) and SQLite (as well as Berkeley DB).

Thanks to John Newbery for information and feedback.

The post Bitcoin Core 0.21.0 Released: What’s New appeared first on Bitcoin Magazine.

The Future Of Bitcoin Upgrades: Off-Chain Contract Execution

by

Taproot is currently the most likely next upgrade for Bitcoin. It is one of a few upgrades that are currently being worked on that users and developers would hope to eventually see activated on the network. 

All of these upgrades share a general theme that will likely be the theme of many future upgrades as well. This theme is making contracts unicast, or more simply put, moving contract logic off-chain, and leaving it up to the user, instead of the network, to validate and enforce their contract. Moving to a more unicast system will make Bitcoin much more private and scalable while still keeping Bitcoin’s more important properties intact.

These types of upgrades and systems are perfect for Bitcoin. Bitcoin is simply a monetary network, not a computation network. Being a monetary network, its primary function should be to validate that its monetary system is being correctly enforced. In Bitcoin terms, checking that users correctly signed the transaction and that they did not violate the monetary policy should be the primary function of the system, and anything more should be moved to higher layers and only done between the users that are using Bitcoin for more than financial settlement.

MuSig And Unicast Contracts

MuSig is one of the best understood applications of moving contract logic to be unicast. MuSig allows users to make a multisig output look like a standard user’s single sig output. This is done by having users construct keys and signatures off-chain and having them do some cryptographic operations that result in a single public key and signature. This is a huge improvement compared to a normal multisig, where the users need to broadcast all of their public keys and signatures. By doing a normal multisig, the users offload their contract validation to the network, requiring it to validate and store it indefinitely. Instead, with a MuSig, the users do the enforcement themselves by constructing signatures between themselves resulting in a single final signature that can only be valid if the correct amount of parties were honest, thus only requiring the network to validate and store a single signature.

Moving contract logic to be done in a unicast manner makes Bitcoin more private. Today, most contracts have their spending logic explicitly in the transaction’s output scripts. This means that an outside observer is able to see what the user’s exact spending conditions are. Having the user reveal their exact spending conditions not only harms the individual user but also affects the rest of the users on the network. By revealing all available spending paths, a user not only outs themselves as using them, but also reveals that they are not using other spending conditions. This seems obvious but has important implications. Because a user is revealing that they do not have certain spending conditions, it excludes them from sharing an anonymity set from users that use the other spending conditions. This means that the other users will not have our user in their anonymity set, giving them a smaller crowd to hide among. If the user moved their contract enforcement off-chain, then the user could make their transactions and outputs look the same as a standard user’s and thus share an anonymity set with a larger set of users, helping themselves as well as the other users.

Not only does making contract execution unicast make Bitcoin more private, it also makes it more scalable. Moving validation and execution logic off-chain, to be done by the individual users in the contract, ensures that they no longer need to broadcast their entire contract to the entire network. By doing so, the network will then no longer need to do the actual verification of what could be a complex contract and instead only do the minimal verification, likely being only a single signature check. Since the contract is no longer being broadcast to the network, the network will not be storing the required data for this contract either. Because of Bitcoin’s block weight limit, reducing the data needed for any transaction is a boon for the network as it will directly increase transaction throughput, allowing more to be done with the same amount of resources.

Tradeoffs

Removing the need to verify and store contract data can have significant impacts on how users use Bitcoin. With any Bitcoin transaction, the user will need to pay a miner fee to be included in a block. This miner fee is directly correlated to the resources needed to verify and store the transaction. Knowing this, we can conclude that users are disincentivized to use complex scripts and spending conditions. This can have bad implications — for example, a user who is trying to enhance their security by using something like multisig to distribute their keys is now being punished by the network for doing so by having them pay higher fees. Any improvements that can be made to this should be prescient to Bitcoin users and developers.

Using unicast-like contracts includes some other tradeoffs as well. Because the user is no longer offloading their contract validation and execution to the network, they will instead be required to do this themselves, or rather, the software they are using will be. This generally means that the user will need to send and store more data between their counterparties. Doing so requires more complex software and protocols for the user. It can make backups more critical and harder to do; if the user loses this data, their counterparty may be able to violate their contract or, at the very least, the user might not be able to execute their contract without their counterparty’s cooperation. However, these are well understood problems and clever solutions are being proposed to make loss of data safer and to even create ways to hide from a counterparty that there was a loss of data.

In conclusion, today, Bitcoin contracts primarily exist as a broadcast system, requiring the network to validate and store everyone’s contract execution logic. Upgrades that are likely coming to Bitcoin are able to give us an outlook that moves contracts to instead be enforced between individual users, since Bitcoin is a monetary network first and should primarily enforce its monetary properties. Things like Taproot, Lightning, DLCs and PTLCs all exemplify this perfectly and show that Bitcoiners are building the ecosystem to enhance Bitcoin’s privacy and scalability.

This is a guest post by Ben Carman. Opinions expressed are entirely their own and do not necessarily reflect those of BTC Inc or Bitcoin Magazine.

The post The Future Of Bitcoin Upgrades: Off-Chain Contract Execution appeared first on Bitcoin Magazine.

Bitcoin’s 2020 In Tech

by

Seemingly undisturbed by 2020’s craziness, and largely unfazed by bitcoin’s wild price swings that concluded with new all-time highs in December, Bitcoin’s technical community continues to plow ahead. Bitcoin’s software and the many projects around it were gradually improved throughout the year, as software was optimized, bugs fixed and privacy leaks patched. The bulk of this work, as vital as much of it is, doesn’t attract headlines.

Yet, a bird’s-eye view on Bitcoin’s tech development over the span of a year helps highlight new milestones in Bitcoin’s ongoing technological march forward. In 2020, too, the consistently growing Bitcoin development community introduced a number of useful new features, several particularly important upgrades and some especially notable improvements.

As this volatile year is drawing to a close, these were some of Bitcoin’s most notable technical developments over the past 12 months…

New Privacy Tools With PayJoin And CoinSwap

On Bitcoin’s privacy front, the PayJoin and CoinSwap projects this year represented two promising advancements.

PayJoin, also known as Pay to Endpoint (P2EP), is a trick that lets recipients of a transaction partake in the transaction through a CoinJoin, to basically send funds to themselves while also receiving the actual payment from the real sender. If a snoop, conducting blockchain analysis, were to assume that all coins sent in a transaction belonged to the same person — as they normally would — they’d be wrong. This already benefits the privacy of both sender and receiver, as the snoop would confuse (past) coin ownership between them. Moreover, if enough people use PayJoin, it could render this important heuristic for blockchain analysis useless altogether, in turn benefiting even the privacy of those who didn’t make PayJoin transactions themselves.

Although demo versions of the PayJoin tool had already been implemented for online gambling game Bustabit and the coin mixing software JoinMarket in late 2018, and Samourai Wallet in 2019 released its own — more limited — version under the Cohoots umbrella (with slightly different privacy tradeoffs), PayJoin was this year implemented in several popular Bitcoin projects. This notably included the widely used payment processing software BTCPay in April, allowing BTCPay users to accept PayJoin transactions from compatible wallets. The privacy-focused Wasabi Wallet was the first wallet to offer this compatibility later that same month, while JoinMarket (September), Blue Wallet (October) and Sparrow Wallet (November) followed later in the year.

Meanwhile, Bitcoin developer Chris Belcher set out to realize an implementation of CoinSwap, a privacy technique first proposed in 2013 by Bitcoin Core contributor Gregory Maxwell. CoinSwap leverages Atomic Swaps (the trick that also underpins the Lightning Network) to let users exchange coins without needing to trust one another. Each user would end up with coins that can’t be linked to their own transaction history.

Belcher, one of the world’s foremost experts in Bitcoin privacy, in May published a detailed outline of how the CoinSwap protocol could be implemented to ensure maximum privacy. The proposal would make CoinSwap transactions indistinguishable from other transactions, use splitting techniques to obscure amounts, route payments to frustrate snooping participants and more. A few months later, in June, The Human Rights Foundation announced that its first Bitcoin development grant would go to Belcher and his efforts to realize the project.

Having worked on his implementation for most of the year, Belcher in December announced a “big day for bitcoin privacy and fungibility”: he’d made the first-ever successful CoinSwap transaction on Bitcoin’s test network (testnet).

The Lightning Network Became More Robust With Watchtowers (And More)

The Lightning Network, Bitcoin’s Layer 2 protocol for faster, cheaper and more private payments, continued to improve across the board in 2020. With Lightning implementations LND, Eclair, C-Lightning and — since July — Electrum rolling out a number of new software releases, and a growing number of projects building on top of the protocol, Lightning development was more active than ever. Among the more notable developments, Watchtowers resolved one of the Lightning Network’s remaining weaknesses, resulting in a more robust protocol.

One of the Lightning Network’s tradeoffs is that users need to keep an eye on their payment channels to ensure that payment channel partners aren’t trying to cheat by broadcasting old channel states to claim more funds than attributed to them. Lightning users can step in if a channel partner attempts to cheat, but this does require monitoring of the Bitcoin blockchain, which casual users might not do very regularly.

To decrease the risk that an attempt at cheating is missed, the Lightning protocol allows channel monitoring to be outsourced to impartial observers called Watchtowers. Adding to the first Watchtower software introduced by LND by late 2019, February of this year saw the alpha release of the dedicated Watchtower implementation Eye of Satoshi. Shortly after, the proposed Watchtower protocol specification was updated, while C-Lightning rolled out support for Eye of Satoshi in May. Version 1 of Eye of Satoshi followed in July.

Other notable Lightning developments in 2020 include the continued work on anchor outputs to ensure users can claim funds from a channel unilaterally even when on-chain fees have gone up more than expected since the last payment channel update, Multipath payments which let users make Lightning payments in smaller chunks, the Lightning Network-native messaging application Juggernaut, channel management tool Faraday, the Lightning Loop beta release, but also some newly discovered weaknesses as well as (proposed) solutions, and a lot more more.

After Miniscript, Bitcoin Programming Was Made Easier With Minsc

The code embedded in Bitcoin transactions that specifies what conditions must be met to spend the coins in a next transaction is written in a programming language specifically designed for Bitcoin, called Script. Script can be tricky to work with, however: in programmers jargon, Script is hard to “reason about.” This means that, especially as it becomes a bit more complex, it can be difficult to understand what a piece of script actually allows: a transaction may unintentionally include code that allows the coins to be spent under different conditions than originally intended. This is one reason why many Bitcoin software applications, like wallets, refrain from utilizing Script’s full potential.

Over the past years, (former) Blockstream researchers Andrew Poelstra, Pieter Wuille and Sanket Kanjalkar designed a “stripped down” version of Script, called Miniscript. Miniscript is a selection of “tools” from the “Script toolkit” that are carefully selected to enable practically anything that can be done with Script, but it’s easier to use and easier to verify by programmers. So, while a line of Miniscript is still a valid line of Script, it essentially avoids human error by preventing unexpected, perhaps unintended, outcomes of the code; Miniscript is easier to reason about. In November of this year, Head of Research and Development at Rugged Bytes Dmitry Petukhov published a formal specification of Miniscript.

To make creating Bitcoin transactions even easier, Wuille had also designed a “policy language” for Miniscript, a programming language of its own that could compile (convert) into Miniscript, and thus Script. Building on Wuille’s work, Bitcoin developer Nadav Ivgi this year developed another new programming language called Minsc. First announced in July, and followed up with a major upgrade in November, Minsc is still a work in progress, but is set to greatly simplify the creation of Bitcoin transactions. This could help unlock a range of promising features that take full advantage of Bitcoin’s versatility, like interoperable CoinJoin wallets, smart contract solutions, Layer 2 protocols and more.

Smart Contracts Became Smarter With DLCs

Whenever smart contracts depend on external data — data that doesn’t live on the blockchain — they rely on an external source for that data referred to as an “oracle.” If two users want to bet on the outcome of a sports match, for example, the oracle would have to use the result of the match to settle the bet in favor of whoever made the correct prediction (at least in case of a dispute).

A very basic sports betting setup could consist of a two-of-three multisignature (multisig) address where both players and the oracle all hold one key each, and the oracle is informed of the details of the bet. After the match, the two players could cooperate to send the funds from the multisig to the winner without the oracle’s key. But if the loser refuses to cooperate, the oracle can use its third key to cooperate with the winner to send them the funds from the multisig. This system works, but has two main downsides. One, both players need to trust the oracle not to collude with their opponent. And two, the oracle needs to be informed of the bet and perhaps play an active part in the settlement process: this means players have no privacy from the oracle, while the setup doesn’t scale very well if more than a few players want to bet.

A better solution was in 2017 proposed by MIT Media Lab’s Digital Currency Initiative researcher Thaddeus Dryja: discreet log contracts (DLCs). DLCs use a clever mathematical trick where the oracle publishes a cryptographic signature that corresponds with the outcome of an event. In the example above, the oracle would publish one signature if the first team wins, and a different signature if the other team wins. The trick: the smart contract is designed to let the winning player use the published signature to claim the funds.

In a DLC, the oracle’s involvement with the smart contract is minimized to the publication of a signature; this could, in the sports betting example for instance, be done by an existing news service, as part of its regular broadcast. This also means that the oracle doesn’t need to be informed about the details of the bet, and in fact doesn’t even need to know there was a bet at all. Meanwhile, any number of people can use the signatures to settle their bets with no further involvement from the oracle, greatly benefiting scalability. And while oracle could in theory still collude with someone and broadcast the wrong result, such dishonest behavior would be obvious to anyone and tarnish the oracle’s reputation going forward.

In January of this year, CEO Chris Stewart announced that his company Suredbits, in collaboration with Crypto Garage, had begun work on a specification for DLCs. In February, Suredbits engineer Nadav Kohen followed up with the first working code. And by September, Suredbits and Crypto Garage had developed their software to the point where it could be used: Stewart and Bitcoin developer Nicolas Dorier engaged in Bitcoin’s first-ever DLC to bet on the outcome of the U.S. presidential election. Stewart, who’d bet on Biden, claimed his winnings in December.

Holding Is Getting Safer With Bitcoin Vaults

The long list of exchange hacks and other bitcoin heists are testament to the fact that securely storing private keys continues to be a challenge, especially where many coins are at stake.

But more secure solutions to store coins are in development. Bitcoin vaults — a concept dating back to 2016 — are a type of smart contract that secure coins so that it takes several confirmed transactions and a time delay to really spend them. This gives potential victims the opportunity to revert a heist before it is too late.

2020 saw the release of two types of vault prototypes.

The first vault prototype was announced by Bitcoin Core contributor Bryan Bishop in April. In short, Bishop’s design is based on a pre-signed (and not-yet-broadcast) transaction that spends (some of) the coins from the vault to a user’s regular (“hot”) wallet with a time-lock delay, while an alternative spending option without a timelock can redirect the coins to an alternative address; perhaps a new and even more secure vault. Importantly, the private key used to sign the pre-signed transactions is deleted when the vault is created, so an attacker could only ever steal the pre-signed transaction itself.

The setup makes it exceedingly difficult for an attacker to claim the coins. Even if the pre-signed transaction is stolen, the thief could merely spend the coins to the hot wallet, and if the victim doesn’t trust the security of his hot wallet he can use the baked-in time delay to move the coins to the extra-secure address instead. (To prevent the thief from stealing the coins by simply compromising the hot wallet and waiting patiently until the vault user sends his coins there, Bishop’s design only lets users withdraw from the vault in small chunks at the time.)

A little later in April, Bitcoin developer Antoine Poinsot announced an alternative Vault demo which he designed with Chainsmiths CEO Kevin Loaec, called Revault. Revault resembles Bishop’s Vaults in some ways, like its use of pre-signed transactions, but is specifically designed for multi-user setups, using a multisig address. Revault lets a predetermined subset of a group of users spend coins from the vault to a hot wallet, also with a time-delay. Any vault participant can use this time-delay to return the funds to the vault if they disagree with the spend, however, or they can redirect the funds to an alternative extra secure address if they don’t trust what’s going on at all.

In addition, Revault requires that upon withdrawing from the vault, when the time-lock kicks in, users immediately create a transaction from the hot wallet, which also requires a server to co-sign. The server is programmed to sign any transaction, but never a conflicting transaction, so if an attacker compromised (both the vault and) the hot wallet, they would have to try and claim the coins before anyone else and before the time-lock expires. This should make it obvious if the hot wallet is compromised, alarming the group of Revault users, and allowing them to redirect the funds before time-lock expiry.

Taproot Is Now Good To Go, As Activation Is Under Consideration

Taproot is set to be the first Bitcoin protocol upgrade since Segregated Witness activated in August 2017. First proposed by Bitcoin Core contributor Gregory Maxwell in January 2018, Taproot lets users “hide” smart contracts in regular-looking Bitcoin transactions: complex multisig construction could be indistinguishable from a simple payment.

The Taproot upgrade would also include the Schnorr Signature algorithm. Many cryptographers consider the Schnorr signature scheme to be the best in the field, as its mathematical properties offer a strong level of correctness, it doesn’t suffer from malleability and is relatively fast to verify. Schnorr’s “linear math” would also allow for a range of new possibilities, like more compact types of multisig solutions, nifty smart contract setups and, of course, Taproot itself.

After continued development throughout 2020, Taproot’s code was merged into the Bitcoin Core codebase in October, and will be part of Bitcoin Core 0.21.0, which is set to be released any day now, with release candidates currently available. Bitcoin Core 0.21.0 will not include activation logic for Taproot, however. This will likely be included in an upcoming minor Bitcoin Core release (probably Bitcoin Core 0.21.1).

The activation logic has itself been a topic of discussion throughout much of 2020, however, with a range of potential activation mechanisms under consideration. Most of these would initially leverage hash power coordination, to eventually reach a deadline where the upgrade activates even without hash power support. But as an October poll published by Bitcoin Core contributor AJ Towns made clear, not all Bitcoin Core contributors agree that the deadline should be pre-programmed, or how far out the deadline should be (as well as some other minor disagreements).

But regardless of which activation mechanism is ultimately chosen, it seems increasingly likely that Taproot can be activated smoothly through hash power coordination. In November, major mining pool Poolin launched an initiative encouraging other mining pools to voice their opinion on Taproot and Taproot activation. The response so far is very favorable of Taproot, with over 90 percent of total hash power in support, and no mining pools opposing the proposed upgrade.

For an even more extensive and detailed summary of Bitcoin’s 2020 tech developments, also see the Bitcoin Optech 2020 Year-in-Review Special.

The post Bitcoin’s 2020 In Tech appeared first on Bitcoin Magazine.

Interview: Developing Bitcoin With John Newbery

by

YouTube Video

Listen To This Episode:

  • Apple
  • Spotify
  • Google
  • Libsyn
  • Overcast

In this very special episode of the “Bitcoin Magazine Podcast,” Christian Keroles sat down with Bitcoin Core contributor John Newbery to discuss Newbery’s new Bitcoin development initiative, Brink.dev.

Brink is striving to become a 501(c)(3) nonprofit in the United States enabling Americans to donate to Bitcoin development in a tax-advantaged way. Brink will be writing grants to Bitcoin projects as well as training promising Bitcoin developers in its fellowship program.

Keroles then turned the conversation to the bigger picture of Bitcoin development. Newbery discussed the difference in developing Bitcoin in a bear market versus a bull market, what the Bitcoin development process looks like and how a distributed group of stakeholders can make sure that developers are working on the most important things in the protocol.

Lastly, Keroles and Newbery discussed Taproot and how it demonstrates that the Bitcoin community has improved its coordination. They also discussed the concept of ossification in the Bitcoin protocol and how developers think about Bitcoin’s code.

Additional topics discussed included:

  • Launching Brink with Mike Schmitt
  • Bitcoin Optech
  • Becoming a 501(c)(3) nonprofit
  • How the donation landscape is changing for Bitcoin development
  • Comparing and contrasting development in a bull vs. bear market
  • Gloria Zhao
  • Bitcoin and ossification
  • Reflecting on the taproot process

The post Interview: Developing Bitcoin With John Newbery appeared first on Bitcoin Magazine.