Reuben Somsen and Kanzure are emerging as candidates for new BIP editors.
https://groups.google.com/g/bitcoindev/c/cuMZ77KEQAA/m/vUd1mh9kAgAJ
For a fifth year running, regular Bitcoin Core contributors received a survey to surface priorities and ensure that people feel that they can contribute effectively. Below is a summary of the results.
https://adamjonas.com/bitcoin/coredev/retro/coredev-2023-retro/
Credit: Adam Jonas
A California man who lost $100,000 in a 2021 SIM-swapping attack is suing the unknown holder of a cryptocurrency wallet that harbors his stolen funds. The case is thought to be the first in which a federal court has recognized the use of information included in a bitcoin transaction — such as a link to a civil claim filed in federal court — as reasonably likely to provide notice of the lawsuit to the defendant. Experts say the development could make it easier for victims of crypto heists to recover stolen funds through the courts without having to wait years for law enforcement to take notice or help.
https://krebsonsecurity.com/2024/01/heres-some-bitcoin-oh-and-youve-been-served/
https://mempool.space/address/bc1qjp79ak6fxm4h7j0tsrwqx2n2k4tcqqveqxrvgm
Spaces is a naming protocol that leverages the existing infrastructure and security of Bitcoin1 without requiring a new blockchain or any modifications to Bitcoin itself. “Spaces” serve as community identifiers that are distributed through an auction process built using existing Bitcoin scripting capabilities. Proceeds generated through auctions are irrevocably burned. Within each Space, users can create “Subspaces,” which serve as trustless individual identities, operating with a high degree of autonomy primarily off-chain but can also submit transactions directly on-chain. Spaces is designed to be verifiable by end-users in a trustless manner without requiring a full node.
https://github.com/spacesprotocol
An example of how to use OP_CAT
based transaction introspection to implement a very basic vault.
https://delvingbitcoin.org/t/basic-vault-prototype-using-op-cat/576
]]>This BIP describes a new set of arithmetic opcodes (OP_ADD64, OP_SUB64, OP_MUL64, OP_DIV64, OP_NEG64, OP_LESSTHAN64, OP_LESSTHANOREQUAL64, OP_GREATERTHAN64, OP_GREATERTHANOREQUAL64) that allows 64 bit signed integer math in the bitcoin protocol.
This BIP also describes a set of conversion opcodes (OP_SCRIPTNUMTOLE64, OP_LE64TOSCRIPTNUM, OP_LE32TOLE64) to convert existing bitcoin protocol numbers (CScriptNum) into 4 and 7 byte little endian representations.
https://github.com/bitcoin/bips/pull/1538
https://github.com/bitcoin/bitcoin/pull/29221
https://delvingbitcoin.org/t/64-bit-arithmetic-soft-fork/397
Credit: Andrew Poelstra, Sanket Kanjalkar, Chris Stewart
Btcd used the signed transaction version in both the BIP 68 5 and BIP 112 1 logic without a prior cast to uint32. As consequence, transactions with negative versions are incorrectly treated as not enforcing the BIP 68 rules or incorrectly rejected for use of OP_CHECKSEQUENCEVERIFY (BIP 112).
https://github.com/bitcoin-s/bitcoin-s/pull/5346
Credit: dergoegge
https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2024-January/022289.html
Credit: ajtowns
Credit: KeithM
Recent work adding coinjoin & payjoin support to SeedSigner holds lessons about bitcoin wallet UI/UX.
https://github.com/chainwayxyz
This project illustrates how the engineering efforts going into ZK rollups on other blockchains like Ethereum can apply with BitVM to produce a rollup system on Bitcoin.
]]>Cluster mempool is a proposal to associate each unconfirmed transaction in a mempool with related transactions, creating a cluster. Each cluster contains feerate-sorted chunks consisting of one or more transactions. If we limit a cluster’s size, we also limit how much needs to be recomputed in response to new transactions being added to the mempool, allowing algorithmic decisions affecting the entire mempool to complete fast enough to use them in P2P network code.
https://bitcoinops.org/en/topics/cluster-mempool/
https://github.com/bitcoin/bitcoin/issues/27677
https://bitcoinops.org/en/podcast/2023/12/07/
https://delvingbitcoin.org/t/cluster-mempool-definitions-theory/202
Credit: Pieter Wuille, Suhas Daftuar
Measuring improvements in performance over the last year for various node implementations
https://blog.lopp.net/2023-bitcoin-node-performance-tests/
Credit: Lopp
The Lightning Network (LN) is a second layer solution built on top of Bitcoin, aimed to solve Bitcoin’s long transaction waiting times and high transaction fees. Empirical and theoretical studies show that the LN is tending towards the hub and spoke network topology. In this topology most of the nodes, the spokes, open a single channel to one of the few well-connected nodes, the hubs. This topology is known to be prone to failures, attacks, and privacy issues. In this work we introduce the May- poles protocol in which most nodes open two channels instead of one. We show that this protocol benefits the network significantly by enhancing its stability, privacy, and resilience to attacks. We also examine the economic incentives of nodes to take part in Maypoles.
https://eprint.iacr.org/2023/1964.pdf
Credit: Clara Shikhelman
New btc + L-BTC + USDt + LN swaps wallet from JAN3.
tldr: It’s Muun but on Liquid.
Adam Back: https://twitter.com/adam3us/status/1739030646515794222
Design tradeoffs prioritize global adoption in a high fee environment.
Basics:
Discussion points:
Basics:
Discussion points:
Informational links:
A novel approach to forming consensus without changing bitcoin core. By adding another program to invalidate blocks and form a mempool; 51% of miners can upgrade consensus rules by adding a module/monitor(softfork rule).
https://x.com/Truthcoin/status/1743073625328992679?s=20
Credit: Paul Sztorc
]]>https://lists.linuxfoundation.org/pipermail/bitcoin-core-dev/2023-December/000131.html
Credit: Bitcoin Core Team
Credit: Coincenter
Coincenter’s legal argument to why the Bank Secrecy Act is unconstitutional. This is a potential legal strategy to stop the regulatory onslaught against cryptocurrency developers. We talked about FINCEN’s rule making proposal last time, this could potentially be a legal strategy to make regulators be enforcers of the law, not writers and enforcers of the law.
https://nostr.com/note1cu575mfy2xdakh9aklhghhn8vmluwkh79anrh09vmexgw5m3tyrq2edm2z
https://github.com/bitcoin-core/secp256k1/pull/1446
Credit: Tim Ruffing, theStack
Widely available versions of GCC and Clang beat our field asm on -O2. In particular, GCC 10.5.0, which is Bitcoin Core’s current compiler for official x86_64 builds, produces code that is > 20% faster for fe_mul and > 10% faster for signature verification (see #726).
https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2023-November/022134.html
Credit: Bryan Bishop
Our current mailing list host, Linux Foundation, has indicated for years that they have wanted to stop hosting mailing lists, which would mean the bitcoin-dev mailing list would need to move somewhere else. We temporarily avoided that, but recently LF has informed a moderator that they will cease hosting any mailing lists later this year.
In this email, we will go over some of the history, options, and invite discussion ahead of the cutoff. We have some ideas but want to solicit feedback and proposals.
The Aadhaar project is an effort to create a database of detailed information, including biometric data, about Indians administered by the central government. Certain conveniences are conditional on having an aadhaar id and there is pressure to make critical functions like transacting in rupees and voting conditional as well.
https://github.com/4de67a207019fd4d855ef0a188b4519c/Durabit#durabit
https://robinlinus.com/bitstream.pdf
https://www.techspot.com/news/101140-upcoming-intel-amd-arm-cpus-risk-new-side.html
]]>https://lists.linuxfoundation.org/pipermail/lightning-dev/2023-October/004122.html
https://bitcoinops.org/en/newsletters/2023/10/25/
https://bitcoinmagazine.com/technical/postmortem-on-the-lightning-replacement-cycling-attack
Credit: Antoine Riard
It’s possible to use transaction replacement to remove one or more inputs of a multi-input transaction from node mempools. To take a simple example, one that differs slightly from Riard’s original description, Mallory broadcasts a transaction with two inputs, which spend outputs A and B. She then replaces that transaction with an alternative single-input version that only spends output B. After that replacement, input A—and any data included in it—has been removed from any node mempools that processed the replacement.
https://bitcoinmagazine.com/legal/fincen-proposes-insane-special-measures
Credit: Michael Matulef, Shinobi
FinCEN is issuing a notice of proposed rulemaking (NPRM), pursuant to section 311 of the USA PATRIOT Act, that proposes requiring domestic financial institutions and domestic financial agencies to implement certain recordkeeping and reporting requirements relating to transactions involving convertible virtual currency (CVC) mixing.
https://github.com/bitcoin/bitcoin/pull/27596
This changeset finishes the first phase of the assumeutxo project. It makes UTXO snapshots loadable via RPC (loadtxoutset) and adds assumeutxo parameters to chainparams. It contains all the remaining changes necessary to both use an assumedvalid snapshot chainstate and do a full validation sync in the background.
https://github.com/jamesob/assumeutxo-docs/tree/2019-04-proposal/proposal
https://bitcoinops.org/en/newsletters/2023/10/11/
Credit: James Obeirne
https://blog.mutinywallet.com/fixing-payment-reliability/
After a few months of testing, we’ve improved reliability +600% and can now hit most of our probing targets with 1,000,000 sats 95% of the time. Find out more about how we solved this problem on Lightning.
Credit: Mutiny Wallet Team
]]>Credit: Robin Linus
This is a protocol that pairs of users can deploy to condition payments on arbitrary computations with a small on-chain footprint. The method uses a challenge-response scheme to arbitrate disputes and reveal transcript fragments, like MATT. At this time, computations must be expressible as a small NAND circuit. However, the scheme can be deployed today without a soft fork.
Credit: @SteveSimple
This is a method for fitting a price model to UTXO output values to infer an exchange rate exclusively from blockchain data.
https://github.com/bitcoin/bitcoin/pull/28331
Credit: sipa
With this change, peers can negotiate up to the BIP324 P2P protocol, which provides message confidentiality and integrity.
https://lists.linuxfoundation.org/pipermail/lightning-dev/2023-September/004092.html
Credit: John Law
This post explains how APO and CTV can be combined with the technique of tunable penalties in order to achieve impressive scaling for the lightning network.
https://lists.linuxfoundation.org/pipermail/lightning-dev/2023-September/004114.html
Credit: Gijs van Dam
Prior work showed that LN is susceptible to the Balance Discovery Attack that allows for individual channel balances to be revealed, threatening users’ privacy. In this work we introduce Payment Splitting and Switching (PSS), a way of splitting up payments in LN at intermediary hops along the payment path. PSS drastically reduces the information an attacker can obtain through a BDA. Using real-world data in an LN simulator we demonstrate that the information gain for the attacker drops up to 62% when PSS is deployed.
https://arxiv.org/abs/2309.06847v1
Credit: Maryam Bahrani, S. Matthew Weinberg
This paper presents a selfish mining algorithm that does not produce a known statistical footprint.
]]>Vitalik got sim swapped, don’t use SMS based 2FA!
https://twitter.com/lopp/status/1701595754673078743
https://cointelegraph.com/news/vitalik-buterin-reveals-x-account-hack-was-caused-by-sim-swap-attack
After our Script workshop last month I thought it would be worthwhile to propose a “skinny” soft for to add 64bit math in the Script interpreter. Very much WIP.
https://github.com/Christewart/bips/tree/2023-09-11-64bit-arith
https://github.com/Christewart/bitcoin/commits/64bit-arith
Credit: Chris Stewart
Lighnting labs getting close to shipping 0.17.0 that contains the ability to create taproot channels!
https://github.com/lightningnetwork/lnd/blob/master/docs/release-notes/release-notes-0.17.0.md
This release marks the first release that includes the new musig2-based taproot channel type. As new protocol feature hasn’t yet been finalized, users must enable taproot channels with a new flag: –protocol.simple-taproot-chans. Once enabled, user MUST use the explicit channel type to request the taproot channel type (pending support by the remote peer). For lncli openchannel, –channel_type=taproot should be used.
https://github.com/lightningnetwork/lnd/pull/7904
Credit: Lightning Labs
Previously discussed at Socratic Seminar 41.
Tor’s PoW defense is a dynamic and reactive mechanism, remaining dormant under normal use conditions to ensure a seamless user experience, but when an onion service is under stress, the mechanism will prompt incoming client connections to perform a number of successively more complex operations.
https://blog.torproject.org/introducing-proof-of-work-defense-for-onion-services/
https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2023-August/021868.html
Credit: Dan Gould
This proposes a method for negotiating a payjoin without the receiver needing to operate an web server. Instead users rely on untrusted relays.
https://github.com/JohnLaw2/ln-factory-optimized
Credit: John Law
This construction provides channel factories with some attractive properties, deployable today: (1) shorter safe HTLC timeouts for payments across several hops and (2) HTLC resolution without closing the channel factory.
]]>Join us tomorrow night to talk about Script here at 6:30PM!
https://twitter.com/bergealex4/status/1674454861096660998
https://www.meetup.com/chibitdevs/events/295035330/
Very similar to the Trust Wallet vuln discussed at May chibitdevs.
On Libbitcoin Explorer 3.x versions, bx seed uses the Mersenne Twister pseudorandom number generator (PRNG) initialized with 32 bits of system time.
The main theft occurred around 12 July 2023, although initial exploitation likely began at a smaller scale in May 2023.
Credit: David Harding
The Fireblocks cryptography research team has uncovered BitForge – a series of zero-day vulnerabilities in some of the most widely adopted implementations of multi-party computation (MPC) protocols, including GG-18, GG-20, and Lindell17.
The exploit originates from Lindell17 implementations deviating from the specification of the academic paper and ignoring or mishandling aborts in case of failed signatures. Assuming privileged access on the part of the attacker, the vulnerability can be exploited to exfiltrate the key after approximately 200 signature requests. The vulnerability has been proven to be practical and validated on popular open source libraries and some real-world systems.
https://www.fireblocks.com/blog/lindell17-abort-vulnerability-technical-report
The vulnerability originates with parties not checking to see if the attacker’s Paillier modulus, denoted N, has small factors or that it is a biprime. If exploited, the vulnerability allows a threat actor interacting with the signatories in the MPC protocol to steal their secret shards and ultimately obtain the master secret key. The severity of the vulnerability depends on the implementation parameters, so different parameter choices give rise to different attacks with varying degrees of effort/resources required to extract the full key. Some implementations are vulnerable to key extraction in 16 signatures, while others could require as many as 1 billion signatures.
https://www.fireblocks.com/blog/gg18-and-gg20-paillier-key-vulnerability-technical-report
Credit: Fireblocks, ZenGo, Coinbase
At the end of June we got together in NYC for the annual specification meeting.
https://lists.linuxfoundation.org/pipermail/lightning-dev/2023-July/004014.html
Credit: Carla Kirk-Cohen, Michael Levin, Roasbeef
https://blog.bitmex.com/drivechains/
https://achimwarner.medium.com/thoughts-on-drivechain-ii-how-bad-is-mev-75da73969cef
Credit: BitMEX Research, Achim Warner
On the 30th of July, 2023, multiple Curve.Fi liquidity pools were exploited as a result of a latent vulnerability in the Vyper compiler, specifically in versions 0.2.15, 0.2.16, and 0.3.0. While bug was identified and patched by the v0.3.1 release, the impact to protocols using the vulnerable compilers was not realized at the time and they were not explicitly notified. The vulnerability itself was an improperly implemented re-entrancy guard that could be bypassed under certain conditions which we will delve into in this report.
https://hackmd.io/@vyperlang/HJUgNMhs2
A total of ~$73.5M worth of cryptos on #Ethereum were stolen in the #Curve Reentrancy exploit. So far, ~73% of them (~$52.3M) have been returned.
https://twitter.com/PeckShieldAlert/status/1688404426825117697
https://www.nassiben.com/video-based-crypta
Demonstration of using video footage of the power indicator light on a smart card reader to extract secrets.
https://arxiv.org/pdf/2308.01074.pdf
Demo of a method to extract keystrokes using an instrumented smartphone (via mic) or over a video call. The techniques achieve 95% and 93% accuracy, respectively.
https://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt
A very interesting technique which uses the side effects of loading shared libraries to get RCE via SSH agent forwarding.
]]>https://bitcoinops.org/en/topics/version-3-transaction-relay/
Version 3 transaction relay is a proposal to allow transactions to opt-in to a modified set of transaction relay policies designed to prevent pinning attacks. Combined with package relay, these policies help enable the use of dynamic feerates with LN onchain transactions.
https://github.com/bitcoin/bitcoin/issues/27463
Credit: glowzow
https://acinq.co/blog/securing-a-100M-lightning-node
After years of R&D on how to secure our Lightning node, we have settled on a combination of AWS Nitro Enclaves (an Isolated Compute Environment) and Ledger Nano (a signing device with a trusted display). This setup offers what we believe is the best trade-off between security, flexibility, performance, and operational complexity for running a professional Lightning node.
https://acinq.co/blog/phoenix-splicing-update
TL; DR: Splicing changes the game. Phoenix now manages a single dynamic channel, no more 1% fee on inbound liquidity, better predictability and control, trustless swaps. The new fee schedule is detailed here.
https://walletscrutiny.com/methodology/?tests-we-run/all/
The WalletScrutiny team is a small, non-profit collection of privacy and security-focused engineers helping everyone from bitcoin newcomers to full-fledged cypherpunks make informed decisions about how they store and send their bitcoin. So it’s only fitting to be as transparent about ourselves as we encourage wallet developers to be.
https://lightning.engineering/posts/2023-06-28-channel-normal-op/
Credit: Elle Mouton
This post will walk through the different operations of a Lightning channel by following a long-running example with plenty of explanatory diagrams. First, we explore how Hash Time Locked Contracts (HTLCs) are added to a channel and how channel peers commit to a new state including these HTLCs. Next, we discuss how a channel’s normal flow is re-established after a disconnection. And finally, we finish with how a cooperative channel closure happens.
https://eprint.iacr.org/2023/841.pdf
Credit: Dylan Rowe, Joachim Breitner, and Nadia Heninger
This paper describes a cryptanalytic attack that allows for secret key recovery when observing ECDSA signatures that use a certain kind of structured nonce. Using the standard deterministic nonce construction avoids this attack.
]]>https://github.com/bitcoin/bitcoin/releases/tag/v25.0
https://github.com/bitcoin/bitcoin/issues/27677
Credit: sdaftuar, sipa
In the current bitcoin core logic, selecting transactions for inclusion in a block and choosing transactions to evict from an over-large mempool are handled independently and can conflict with each other. This proposal involves imposing a structure on the mempool to use for both operations and better harmonize them.
https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2023-May/021694.html
Credit: Burak Keceli
A proposal for coordinated UTXO management.
https://www.mail-archive.com/bitcoin-dev@lists.linuxfoundation.org/msg12595.html
Credit: Salvatore Ingala
Merklize All The Things (MATT) introduced a smart contracting method based on a propose-challenge protocol. This post explores how to build a vault with one of the proposed opcodes, and makes the opcodes a bit more familiar. The vault is not an instance of the general smart contracting scheme, but rather a simple, direct, ad-hoc implementation.
https://support.ledger.com/hc/en-us/articles/11132311094813-Ledger-s-open-source-roadmap
Ledger announced an opaque key sharding backup scheme tied to user IRL identities. This was a miscalculation and the company was dragged by most all of the Bitcoin universe. As a result, Ledger has decided to publish all of the source code they legally can, as well as a white paper for the key sharding scheme.
Ledger has cancelled the release of new firmware with support for the key-sharding scheme.