Newsletters: add 2018-07-10 #14
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,275 @@ | ||
| --- | ||
| title: 'Bitcoin Optech Newsletter #3' | ||
| permalink: /en/newsletters/2018/07/10/ | ||
| name: 2018-07-10-newsletter | ||
| type: newsletter | ||
| layout: page | ||
| lang: en | ||
| version: 1 | ||
| --- | ||
| This week's newsletter includes news and action items about minimum fees and | ||
| the upcoming Bitcoin Core release, a special feature on a Schnorr signature | ||
| proposal, and a write-up of the recent Building on Bitcoin conference in | ||
| Lisbon. | ||
|
|
||
| ## Action items | ||
|
|
||
| - Bitcoin Core minimum relay fee may be reduced in the next major | ||
| release. Ensure your software doesn't make unsafe assumptions about 1 | ||
| satoshi per vbyte being the lowest possible floor. See *News* section | ||
| below for more information. | ||
|
|
||
| - Ensure your software for calculating transaction size for dynamic fees | ||
| computes signature size accurately or, at least, uses a worst-case | ||
| assumption of Bitcoin signatures being 72 bytes. See *News* section | ||
| below for more information. | ||
|
|
||
| - As previous newsletters announced would happen, the Bitcoin alert | ||
| key was [released][alert released] along with a disclosure of | ||
| vulnerabilities affecting Bitcoin Core 0.12.0 and earlier. Altcoins | ||
| may be affected. If you have not yet checked your infrastructure for | ||
| affected services, it is advised to do so now. See [newsletter #1][] | ||
| for more details | ||
|
|
||
| [alert released]: https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2018-July/016189.html | ||
| [newsletter #1]: https://bitcoinops.org/en/newsletters/2018/06/26/ | ||
|
|
||
| ## Dashboard items | ||
|
|
||
| - **Transaction fees remain very low:** as of this writing, fee | ||
| estimates for confirmation 2 or more blocks in the future remain at | ||
| roughly the level of the default minimum relay fee in Bitcoin Core. | ||
| It's a good time to [consolidate inputs][]. | ||
|
|
||
| [consolidate inputs]: https://en.bitcoin.it/wiki/Techniques_to_reduce_transaction_fees#Consolidation | ||
|
|
||
| - **Block production recovery:** following last week's news about | ||
| flooding in China affecting miner operations, Bitcoin block production | ||
| seems to have recovered to the expected level of about one block every | ||
| 10 minutes. | ||
|
|
||
| ## Featured news: Schnorr signature proposed BIP | ||
|
|
||
| In a [post][schnorr post] to the bitcoin-dev mailing list, Pieter Wuille | ||
| submitted a [draft specification][schnorr draft] for a Schnorr-based | ||
| signature format. The goal of the specification is to hopefully get | ||
| everyone in agreement about what Schnorr signatures will look like on | ||
| Bitcoin before work begins on an actual soft fork, so the BIP does not | ||
| propose specific new opcodes, segwit witness flags, soft fork activation | ||
| method, or anything else necessary to make this change part of the | ||
| Bitcoin consensus rules. However, it is possible to say what this signature | ||
| format will provide if it becomes the form of Schnorr signature adopted by | ||
| Bitcoin. | ||
|
|
||
| [schnorr post]: https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2018-July/016203.html | ||
| [schnorr draft]: https://github.com/sipa/bips/blob/bip-schnorr/bip-schnorr.mediawiki | ||
|
|
||
| 1. Full compatibility with existing Bitcoin private keys and public | ||
| keys, meaning that existing HD wallets that upgrade won't need to | ||
| generate new recovery seeds. | ||
|
|
||
| 2. Roughly 10% smaller signatures, providing a slight increase to | ||
| block chain capacity as Schnorr is adopted. | ||
|
|
||
| 3. Batch verification of signatures providing a roughly 2x speedup | ||
| over individual verification for a block full of Schnorr | ||
| signatures. This mainly affects nodes initially syncing or | ||
| catching up after being offline. | ||
|
|
||
| 4. Full compression and significantly improved privacy for multisig use | ||
| cases, but with required interaction: an unlimited number of | ||
| participants can create a single 33-byte public key and 64-byte | ||
| signature from the combination of their individual public keys and | ||
| signatures, using secure multisig with the same efficiency of | ||
| single-sig and increasing their privacy by making multisig look like | ||
| single-sig. However, the scheme requires multistep interaction | ||
| between the wallets participating in the multisig, both for creating | ||
| the public key and the signature. | ||
|
|
||
| 5. Additional privacy-focused usecases. Examples include increased | ||
| privacy for Lightning Network (LN), more private atomic swaps (either | ||
| cross chain when both chains support Schnorr, or on the same chain as | ||
| part of a coin mixing protocol), and fully [private signing oracles][dlc] | ||
| (services that wait for something to happen in real life, like which | ||
| team wins the world cup, and then provide a signature committing to | ||
| that outcome, e.g. allowing Alice and Bob to settle a bet onchain or | ||
| in a LN channel). Many of these cases also improve efficiency | ||
| compared to alternatives that use current Bitcoin script. | ||
|
|
||
| [dlc]: https://adiabat.github.io/dlc.pdf | ||
|
|
||
| One thing of note not in the BIP proposal is a method for signature | ||
| aggregation between multiple inputs in the same transaction. This was a | ||
| desired feature that could allow consolidation transactions, coinjoins, | ||
| and other high-input transactions to be much more efficient than they | ||
| are now. But, as the author of the proposal notes, "With the emergence of | ||
| so many ideas for improvements to Bitcoin's script execution (MAST, | ||
| Taproot, Graftroot, new sighash modes, multisignature schemes, ...) | ||
| there is simply too much to do everything at once. Since aggregation | ||
| really interacts with all other things, it seems like the better choice | ||
| to pursue later." ([source][pwuille comment]) | ||
|
|
||
| [pwuille comment]: https://www.reddit.com/r/Bitcoin/comments/8wmj5b/pieter_wuille_submits_schnorr_signatures_bip/e1wwriq/ | ||
|
|
||
| ## News | ||
|
|
||
| - **[Discussion][min fee discussion] about minimum relay fee:** several | ||
| years ago when the Bitcoin price was a fraction of its current value | ||
| in USD terms, Bitcoin Core set the minimum relay fee to 1 satoshi per | ||
| byte (now vbyte). With the increase in prices and other network | ||
| changes, several developers discussed lowering the minimum relay fee. | ||
| Gregory Maxwell is planning to open a pull request to Bitcoin Core | ||
| that may roughly halve the value (although the exact amount has not | ||
| been determined yet). | ||
|
|
||
| This may be included in the next major version of Bitcoin Core. If | ||
| so, it'll mean that you may be able to create cheaper consolidation | ||
| transactions once the change has been well deployed. However, it | ||
| also means that if you don't upgrade any nodes you use for detecting | ||
| unconfirmed transactions, they may not see unconfirmed transactions | ||
| with low feerates unless you change the defaults. This could affect | ||
| the information you display to your users. Those nodes will still | ||
| see all confirmed transactions in valid blocks. | ||
|
|
||
| Note that to lower the minimum relay fee in Bitcoin Core below its | ||
| default, you need to change two settings. Shown below are the two | ||
| settings with their default values in Bitcoin Core 0.16.1; to lower | ||
| the values, change both of them to the same value, but be aware that | ||
| reducing them too far (perhaps to less than 1/10th the default) | ||
| exposes you to bandwidth-wasting attacks and reduces BIP152 compact | ||
| block efficiency for your node. | ||
|
|
||
| minrelaytxfee=0.00001000 | ||
| incrementalrelayfee=0.00001000 | ||
|
There was a problem hiding this comment. I think only |
||
|
|
||
| If your organization produces end-user software, you may wish to | ||
| ensure that it works with transactions and fee estimations set below | ||
| the value of 1 satoshi per byte. Please contact Optech if you need | ||
| more information about minimum relay fees. | ||
|
|
||
| [min fee discussion]: http://www.erisian.com.au/meetbot/bitcoin-core-dev/2018/bitcoin-core-dev.2018-07-05-19.22.log.html#l-24 | ||
|
|
||
| - **Unrelayable transactions:** At least two major services were | ||
| identified as creating transactions with feerates below the current | ||
| minimum due to a misunderstanding about the maximum size of a Bitcoin | ||
| signature, which is 72 bytes. Bitcoin signatures vary in size, with | ||
| half of all randomly-generated signatures being 72 bytes, slightly | ||
| less than half being 71 bytes, and the small remainder being 70 bytes | ||
| or smaller. | ||
|
|
||
| At a guess, the developers of some software looked at a | ||
| randomly-selected signature, saw that it was 71 bytes, and assumed | ||
| all signatures would be 71 bytes. However, when the software | ||
| generates a 72-byte signature, this makes the actual size of the | ||
| transaction one byte larger per signature than the estimated size, | ||
| causing the fees paid per byte to be slightly lower than expected. | ||
|
|
||
| This didn't cause significant problems when fee estimates were high, | ||
| but now that fee estimates are near the default minimum relay fee of | ||
| 1 satoshi per byte, any transactions created with a fee slightly | ||
| below that may not be relayed to miners and so remain unconfirmed | ||
| indefinitely. | ||
|
|
||
| It is recommended that organizations check their software to ensure | ||
| it, at the least, makes a worst-case assumption of signatures being | ||
| 72 bytes. | ||
|
|
||
| - **Upcoming Bitcoin Core 0.17 feature freeze:** next week developers | ||
| [plan][#12624] to stop merging new features for the next major | ||
| version of Bitcoin Core. The features already present will be further | ||
| tested and documented, translations will be updated, and other parts | ||
| of the release process followed. If your organization will be | ||
| depending on a feature in the next six months, now could be your last | ||
| chance to ensure it's part of 0.17. Features currently not yet merged | ||
| but likely to be added to Bitcoin Core 0.17.0 include: | ||
|
|
||
| - `scantxoutset` RPC that allows searching the unspent transaction | ||
| output set for addresses or scripts. Intended for use with | ||
| address sweeping, e.g. finding funds that you own and bringing | ||
| them into one of your current wallets. | ||
|
|
||
| - [BIP174][] Partially-Signed Bitcoin Transactions (PSBTs) support, | ||
| a protocol for exchanging information about Bitcoin transactions | ||
| between wallets to facilitate better interoperability between | ||
| multisig wallets, hot/cold wallets, coinjoins, and other | ||
| cooperating wallets. | ||
|
|
||
| - [Delayed transaction sending by network group][#13298], a proposal that is | ||
| hoped will make it harder for spy nodes to determine which client | ||
| first broadcast a transaction (indicating it may have been the | ||
| spender). | ||
|
|
||
| [#12624]: https://github.com/bitcoin/bitcoin/issues/12624 | ||
| [BIP174]: https://github.com/bitcoin/bips/blob/master/bip-0174.mediawiki | ||
| [#13298]: https://github.com/bitcoin/bitcoin/issues/13298 | ||
|
|
||
| - **Efficient reimplementation of Electrum Server:** in an announcement | ||
| to the bitcoin-dev mailing list this week was a claim that a | ||
| Rust-based reimplementation of Electrum server is much more efficient | ||
| than the Python version. Optech has not performed any testing on this | ||
| and can't confirm, but Electrum server is known to be used by several | ||
| Bitcoin businesses both internally and hosted on behalf of their | ||
| customers, so some readers of this newsletter may wish to investigate. | ||
|
|
||
| ## Building on Bitcoin | ||
|
|
||
| [**Building on Bitcoin**][bob website] was a Bitcoin technology conference that took | ||
| place in Lisbon last week. It was well attended by both Bitcoin protocol | ||
| developers and applications engineers. A [video][bob video] | ||
| is available, as are several [transcripts][bob transcripts] by Bitcoin | ||
| developer Bryan Bishop (kanzure). | ||
|
|
||
| [bob website]: https://building-on-bitcoin.com/ | ||
| [bob video]: https://www.youtube.com/watch?v=XORDEX-RrAI | ||
| [bob transcripts]: http://diyhpl.us/wiki/transcripts/building-on-bitcoin/2018/ | ||
|
|
||
| The following talks may be of particular interest to Bitcoin Optech | ||
| companies: | ||
|
|
||
| - [**Merchant adoption**][bitrefill video] - [Sergej Kotliar][sergej], CEO of | ||
| Bitrefill gave a personal account of the fee market spike at the end of last | ||
| year, important UX considerations for Bitcoin and Lightning payments, and | ||
| Bitrefill's experiences in integrating Lightning. This talk was | ||
| fascinating due to the real-world empirical data that Sergej shared and his | ||
| first-hand experience of fees, scaling, and Lightning. | ||
|
|
||
| [bitrefill video]: https://www.youtube.com/watch?v=Cpid31c6HZc&feature=youtu.be&t=8m49s | ||
| [sergej]: https://twitter.com/ziggamon | ||
|
|
||
| - [**Designing Lighning Wallets for the Bitcoin Users**][lightning ux video] - | ||
| [Patrícia Estevão][patricia] gave a talk about UX considerations when | ||
| extending Bitcoin wallets to support Lightning payments. An interesting | ||
| talk for any business that is beginning to integrate Lightning payments into | ||
| an existing Bitcoin product. | ||
|
|
||
| [lightning ux video]: https://www.youtube.com/watch?v=XORDEX-RrAI&feature=youtu.be&t=6042 | ||
| [patricia]: https://twitter.com/patestevao | ||
|
|
||
| - [**Blind Signatures in Sciptless Scripts**][blind signatures video] - | ||
| [Jonas Nick][jonas] spoke about using Schnorr signatures as the basis | ||
| of doing blind coinswaps (where a server cannot link coins) or exchanging | ||
| 'ecash tokens' on Bitcoin or Lightning, among other things. This talk | ||
| presents leading edge thinking about what's possible with scriptless | ||
| scripts and the ideas presented are quite a long way from being implementable | ||
| on Bitcoin. However, it is interesting to see some of the new applications | ||
| that will be unlocked by adopting Schnorr signatures into Bitcoin. | ||
|
|
||
| [blind signatures video]: https://www.youtube.com/watch?v=XORDEX-RrAI&feature=youtu.be&t=25479 | ||
| [jonas]: https://twitter.com/n1ckler | ||
|
|
||
| - [**LN story**][ln video] - [Fabrice Drouin][fabrice] presented a history | ||
| of the development of the Lightning Network. A lot of interesting background | ||
| for anyone planning to integrate and use Lightning payments. | ||
|
|
||
| [ln video]: https://www.youtube.com/watch?time_continue=2881&v=Cpid31c6HZc | ||
| [fabrice]: https://twitter.com/acinq_co | ||
|
|
||
| - [**CoinJoinXT ... and other techniques for deniable transfers**][coinjoin video] - | ||
| [Adam Gibson][adam] talked about CoinJoinXT, a method for improving privacy in | ||
| Bitcoin by mixing payments and breaking transaction graph analysis. Many wallets | ||
| are planning to implement some form of CoinJoin, so Bitcoin engineers should be at | ||
| least familiar with the high-level concepts. | ||
|
|
||
| [coinjoin video]: https://www.youtube.com/watch?v=XORDEX-RrAI&feature=youtu.be&t=23359 | ||
| [adam]: https://twitter.com/waxwing__ | ||
|
|
||
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Non-blocking, but it may be worth noting that this functionality creates huge fee incentives for exchanges et al to start batching withdrawals.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah nevermind - this isn't actually the case (as you mention below) because we're still unable to aggregate a signature across inputs within a txn.