This week’s newsletter describes the blockchain analysis bug affecting BTCD and LND last week, summarizes the discussion about a functionality change planned for Bitcoin Core linked to the replace-by-feedescribes the research on the validity rollups with Bitcoin, shares a report on a vulnerability in the BIP project for MuSig2, examines a proposal aimed at reducing the minimum size of an unconfirmed transaction that Bitcoin Core will relay, and establishes a link to an update of the BIP324 proposal for a version 2 of the Bitcoin encrypted transport protocol. Also included are our regular sections with summaries of changes to services and client software, announcements of new versions and release candidates, and support descriptions for popular Bitcoin infrastructure projects.
- Block analysis bug affecting BTCD and LND : October 9, 2009 utilisateur has created a transaction en utilisant taproot with a timoin containing nearly a million signatures. The consensus rules for Taproot do not impose any direct limit on the size of the data in the thermometer. This was a design element discussed during the development of Taproot (see the Newsletter #65). Shortly after the confirmation of large transactions, users began to report that the implementation of the BTCD full node and that of the Lightning LND network did not provide the most recent block data available for Bitcoin Core full nodes. For BTCD nodes, this meant that transactions that had been recently confirmed were reported as still unconfirmed. For LND, this meant that new channels that were recently ready for use were not reported as being fully open. A developer of BTCD and LND has corrected the problem in the BTCD code, which LND uses as a library, and has quickly published new versions for LND (as mentioned in the newsletter of the last week) and [BTCD]. All BTCD and LND users must perform an update. As long as a user has not updated its software, it will suffer from the lack of confirmation problems described above and may also be vulnerable to multiple attacks. Some of these attacks require access to significant hacking power (which makes them costly and impractical). Other attacks, particularly those against LND users, require the attacker to take the risk of losing part of his funds in a channel, which is also, hopefully, sufficiently dissuasive. Again, we recommend to update and, in addition, we suggest to anyone using a Bitcoin wallet to subscribe to the security notices of the development team of this wallet. Following the above disclosures, Loki Verloren has posted on the Bitcoin-Dev diffusion list to propose that direct limits be added to the size of Taproot’s temoins. Greg Sanders has fait remarquer that adding limits would not only increase the complexity of the code, but could also lead to people losing their money if they have already received bitcoins from a script that requires a large amount of time to dispense them.
- Option de remplacement de transaction : as indicated in the Newsletters #205 et #208Bitcoin Core has merged support for a configuration option
mempoolfullrbfwhich uses by default the existing behavior of Bitcoin Core which does not allow the RBF replacements of transactions containing the signal BIP125. However, if a user defines this new option on the trueThe node will accept and relax replacements for transactions that do not contain the BIP125 signal, provided that the replacement transactions comply with all other Bitcoin Core rules for this situation. Dario Sneidermanis at suggested on the Bitcoin-Dev distribution list that this new option could create problems for services that currently accept unconfirmed transactions as final. Although this has been possible for years, users can use non-Bitcoin Core software (or edited versions of Bitcoin Core) that allow transactions to be replaced. full1 not indicated, nothing proves that these logiciels are widely used. Sneidermanis thinks that an easily accessible option in Bitcoin Core could change this by allowing enough users and miners to activate the full RBF and make the unsignaled replacement reliable. A more reliable unsignaled replacement would also render effective the attempts of flight of services that accept unconfirmed transactions as definitive, which would force these services to modify their behavior. In addition to the description of the problem and the detailed description of the way in which the services choose to accept unconfirmed transactions, Sneidermanis also proposed an alternative approach: to remove the configuration option from the next version of Bitcoin Core, but also to add the code that will activate by default the full RBF at a later time. Anthony Towns has published plusieurs options à prendre en considération et a ouvert une pull request which implies a slightly modified version of the Sneidermanis proposal. If it is merged and published in its current state, the Towns PR will activate by default the full RBF as of May 1, 2023. Users who are opposed to the full RBF will still be able to prevent their nodes from participating by defining the option.
- Recherche sur les rollups de validité. : John Light a posté on the Bitcoin-Dev diffusion list a link to a detailed search report qu’il a préparé sur les validity rollups – a type of sidechain whose status is compactly stored on the main chain. A user of the side-chain can use the status stored on the main chain to test the amount of bitcoins on the side-chain. sidechain he controls. By submitting a transaction on the main exchange with a proof of validation, they can withdraw the bitcoins they hold from the sidechain even if the operators or the miners of the side chain try to stop the retraction. Light’s research describes in depth the validity rollupsexamine how their implementation could be added to Bitcoin, and study the various problems related to their implementation.
- Validité de la sécurité de MuSig2 : Jonas Nick a signalé on the Bitcoin-Dev diffusion list a vulnerability that he and several other people have discovered in the algorithm. MuSig2 tel que documenté dans un BIP project. In short, the protocol is vulnerable if an attacker knows a user’s public key, a modification of that public key for which the user will sign (as with BIP32 extended pubkeys) and can manipulate the version of the key for which the user signs. Jonas Nick believes that the vulnerability “should only apply in relatively rare cases” and encourages anyone using (or planning to use MuSig2 soon) to ask him questions, as well as his co-users. The BIP project for MuSig2 should be updated soon to address this issue.
- Minimum size of relayable transactions : Greg Sanders a posté on the Bitcoin-Dev diffusion list a request for Bitcoin Core to be able to implement an added measure to make vulnerability exploitation more difficult. CVE-2017-12842. Cette vulnérabilité permet à un attaquant qui peut obtenir une transaction de 64 octets spécialement conçue pour être confirmée dans un bloc, de faire croire à des clients légers qu’une ou plusieurs transactions arbitraires différentes ont été confirmées. For example, Bob an innocent user of the SPV portefeuille (Simplified Payment Verification)could state that it had received a payment of one million BTC with dozens of confirmations even if no such payment had ever been confirmed. When the vulnerability was only known privately by a few developers, a limit was added to Bitcoin Core to prevent the ratio of any transaction of less than 85 octets (without counting the tmoins), which is close to the smallest size that can be created with the help of standard transaction models. This would force an attacker to mine his transaction through a non-Bitcoin Core-based software. Later, the consensus cleanup soft fork proposal has suggested to definitively solve the problem by preventing all transactions under 65 bytes from being included in the new blocks. Sanders suggests lowering the transaction reporting policy limit from 85 bytes to the 65 bytes limit suggested in the consensus draft, which may allow for additional experimentation and use without changing the current risk profile. Sanders has opened a pull request to make this change. See also the Newsletter#99 for an earlier discussion related to this proposal for change.
- Mise à jour BIP324 : Dhruv M a posté on the Bitcoin-Dev dissemination list a summary of several updates of the BIP324 proposal for a protocole de transport P2P crypto version 2. This includes a rewriting of the BIP project and the publication of a variety of resources to help the examiners to evaluate the proposal, including an excellent guide to code amendments through several references. As described in the section motivation of the BIP exchange, a native cryptographic transport protocol for Bitcoin nodes can improve privacy when transactions are announced, prevent counterfeiting of connections (or at least make it easier to detect counterfeiting), and also make it easier to censor P2P connections and eclipse attacks easier to detect.
Changes in client services and logistics
In this monthly item, we bring forward interesting updates on Bitcoin wallets and services.
- btcd v0.23.2 published : btcd v0.23.2 (and v0.23.1) ajoute addr v2 and additional support for the PSBT, taproot, et MuSig2 as well as other improvements and corrections.
- ZEBEDEE annonce des bibliothèques de canaux hébergés : Dans un récent blog articleZEBEDEE has announced an open source wallet (Open Bitcoin Wallet), a Core Lightning plugin (Poncho), a Lightning client (Cliché), as well as a Lightning library (Immortan) which focus on the support of the [canaux hébergés].
- Lancement de Cashu avec le support de Lightning : The electronic currency software Cashu is launched as a demonstration carrier with a Lightning receiver support.
- Lancement de l’explorateur d’adresses Spiral : Spiral est un explorateur open source public address explorer that uses cryptography to ensure the confidentiality of users searching for information about an address.
- BitGo announces support for Lightning : Dans un blog articleBitGo describes its Lightning security service which collects funds for its clients’ accounts and maintains the liquidity of payment channels.
- Lancement du projet ZeroSync : The project ZeroSync use Utreexo and STARK preuves to synchronize a Bitcoin node, as it occurs in the initial blockchain download (IBD).
Mises à jour et Release candidate
New versions and release candidates for the main Bitcoin infrastructure projects. Please consider moving to the new versions or helping to test the release candidates.
- Bitcoin Core 24.0 RC2 is a release candidate for the next version of the most widely used full node implementation in the network. A test guide is available.
- LND 0.15.3-beta is a minor version that fixes several bugs.
Main changes in the code and documentation.
Notable developments this week in Bitcoin Core, Core Lightning, Eclair, LDK, LND, libsecp256k1, Hardware Wallet Interface (HWI), Rust Bitcoin, BTCPay Server, BDK, Bitcoin Improvement Proposals (BIPs), et Lightning BOLTs.
- Bitcoin Core #23549 ajoute le RPC
scanblockswhich identifies the relevant blocks in a given plateau for a provided set of descripteurs. This RPC is available only on nodes that maintain a compact block filter (
- Bitcoin Core #25412 ajoute un nouveau point de termination REST
/deploymentinfowhich contains information about soft fork deployments, similar to the existing RPC.
- LND #6956 allows you to set the minimum channel reserve applied to payments received from a channel partner. A node will not accept a payment from its channel partner if it decreases the amount of partner funds in the channel beyond the reserve, which is 1% by default with LND. This ensures that the partner must pay at least the amount of the reserve as a penalty if it does not meet its commitments. The approval of this PR allows the amount of the reserve to be reduced or increased.
- LND #7004 updates the version of the BTCD library used by LND, correcting the security vulnerability previously described in this information bulletin.
- LDK #1625 begins to follow the information concerning the liquidity of the distant channels through which the local node has tried to purchase the payments. The local node stores information on the size of the payments that have been successfully acquired by the distant node or that have been withdrawn due to an apparent insufficiency of funds. This information, adjusted for age, is used as an input for the probabilistic search for a pathway, see the Newsletter #163).
Notes de bas de page
- Transaction replacement was included in the first version of Bitcoin and has been the subject of much discussion over the years. During this period, several terms used to describe some of its aspects have changed, leading to potential confusion. The biggest source of confusion was the term “complete RBF”, which was used for two different concepts:
- The complete replacement of any of the following partie d’une transactionas opposed to the simple addition of additional inputs and outputs. During a period when the activation of the RBF was controversial and before the idea of RBF opt-in, a suggestion was to authorize the replacement of a transaction to be replaced only if the replacement included all the results plus the additional receipts and drawings used to pay the fees and collect the currency. The obligation to keep the original drawings ensured that the replacement would always pay the same amount of money to the initial recipient. This idea, later called First Seen Safe (FSS) RBF, was a type of replacement. partiel. In comparison, full replacement at that time meant that the replacement could completely change everything that concerned the original transaction (provided that it was always in conflict with the original transaction by at least one of the same entries). C’est cet usage de full which is used in the title of BIP125, “Opt-in Full Replace-by-Fee Signaling”.
- Le remplacement complet de n’importe quelle transaction is different from the replacement only of transactions that accept to allow replacement via a BIP125 signal. The RBF Opt-in was proposed as a compromise between those who did not want to authorize the RBF and those who thought it was necessary or unavoidable. However, to date, only a minority of transactions opt for RBF, which can be considered as a partial adoption of the RBF method. In comparison, the adoption complète of RBF can be enabled by allowing any unconfirmed transaction to be replaced. It is this use of completeness that is currently discussed in the configuration option
mempoolfullrbfof Bitcoin Core.