SegWit2X and the Case for Strong Replay Protection (And Why It’s Controversial)

BTC1replay.jpg

Come November, the remaining signatories of the “New York Agreement” (NYA) plan to deploy the “SegWit2X” hard fork to double Bitcoin’s block weight limit, allowing for up to 8 megabytes of block space. Since not everyone supports this hard fork, this could well “split” the Bitcoin network into two incompatible blockchains and currencies, not unlike Bitcoin and Bitcoin Cash (Bcash) did two months ago.

But this NYA hard fork is controversial and not only because it lacks consensus. It’s also controversial because of design choices made by the development team behind BTC1, the software client associated with the New York Agreement. Perhaps most importantly, this development team, led by Bloq CEO Jeff Garzik, has so far refused to implement replay protection, a measure that Bcash did take. Partly for this reason, at least one NYA signatory — Wayniloans — has backed out of the agreement.

So what is replay protection, why should BTC1 implement it … and why doesn’t it?

What Is Replay Protection? (And What Are Replay Attacks?)

Bitcoin could see another “split” by November. (It’s arguably more accurate to consider the “splitting” nodes and miners as an entirely new cryptocurrency with a new blockchain and token — not an actual split of Bitcoin itself.) For the purpose of this article, we’ll refer to the blockchain and currency that follows the current Bitcoin protocol as “Legacy Bitcoin” and “BTC.” The blockchain and currency that follows the New York Agreement hard fork is referred to as “SegWit2X” and “B2X.”

If this split happens, the two blockchains will be identical. All past transactions and (therefore) “balances” are copied from the Legacy Bitcoin blockchain onto the SegWit2X blockchain. Everyone who owns BTC will own a corresponding amount of B2X.

Without replay protection, new transactions will be equally valid on both chains as well. This means that these transactions can be copied or “replayed,” from one chain to the other — in other words, for them to happen on both. This is called a “replay attack.”

So, let’s say Alice holds BTC at the time of split, which means she also owns B2X after the split. Then, after the split, she wants to send BTC to Bob. So, she creates a transaction that spends BTC from one of her Legacy Bitcoin addresses to one of Bob’s Legacy Bitcoin addresses. She then transmits this transaction over the Legacy Bitcoin network for a Legacy Bitcoin miner to pick it up and include in a Legacy Bitcoin block. The payment is confirmed; all is good.

But this very same transaction is perfectly valid on the SegWit2X blockchain. Anyone — including Bob — can take Alice’s Legacy Bitcoin transaction and also transmit it over the SegWit2X network for a miner to include in a SegWit2X block. (This can even happen by accident quite easily.) If this payment is also confirmed, Alice has inadvertently sent Bob not only BTC but also an equal amount of B2X.

And, of course, all of this is true in reverse as well. If Alice sends B2X to Bob, she might accidentally send him BTC as well. A lack of replay protection, therefore, is a problem for users of both chains. No one wants to accidentally send any money — not even if it was “free money.”

Technically, there are ways to “split” coins on both chains to ensure they can only be spent on one chain. This would, for example, require newly mined coins to be mixed into a transaction. Tiime-locks can also offer solutions. But this takes effort and is not easy, especially for average users — not to mention that many average users may not even know what’s going on in the first place.

To avoid this kind of hassle, at least one side of the split could add a protocol rule to ensure that new transactions are valid on one chain but not the other. This is called replay protection.

Why Should BTC1 Implement Replay Protection? (And Why Not Bitcoin Core?)

In case of a split, at least one side must implement replay protection. But many — Bitcoin Core developers and others — believe there’s only one viable option. It’s the splitting party — in this case BTC1 — that should do it.

There are several arguments for this.

First of all, it makes the most sense for BTC1 to implement replay protection because that requires the least effort. BTC1 is a new client that’s already implementing new protocol rules anyway, and it’s not very widely deployed yet. It would be relatively easy for BTC1 to include replay protection.

Meanwhile, it would not be sufficient for Bitcoin Core to implement replay protection on its own. While it is dominant, and even considered by some to be the protocol-defining reference implementation, Bitcoin Core is not the only Bitcoin implementation on the network. Bitcoin Knots, Bcoin, Libbitcoin and other alternative clients would all have to implement replay protection, too. (And that’s not even taking non-full node clients into account.)

But even more importantly, the reality of the current situation is that all deployed Bitcoin nodes do not have replay protection implemented. And logically, they can’t: Some of these nodes even predate the New York Agreement. So even if Bitcoin Core and other implementations were to implement replay protection in new releases of their software, it wouldn’t suffice. All users must then also update to this new version within about two months: a very short period of time for a network-wide upgrade.

If only some of the nodes on the network upgrade to these new releases, Bitcoin could actually split in three: Legacy Bitcoin, SegWit2X and “Replay Protected Bitcoin.” Needless to say, this three-way split would probably make the problem worse — not better.

Lastly, there is a bit of a philosophical argument. Anyone who wants to adopt new protocol rules, so the argument goes, has the responsibility to split off as safely as possible. This responsibility should not fall on those who want to keep using the existing protocol: They should be free to keep using the  protocol as-is.

Many developers — including RSK founder Sergio Lerner who drafted the SegWit2Mb proposal on which SegWit2X is based — have argued that BTC1 should implement replay protection. In fact, many developers think that any hard fork, even a hard fork that appears entirely uncontroversial, should implement replay protection.

But so far, the BTC1 development team will only consider optional replay protection.

What’s Wrong With Optional Replay Protection?

Implementing optional replay protection, as proposed by former Bitcoin developer Gavin Andresen, for example, is currently on the table for BTC1.

In short, this type of optional replay protection would make certain specially crafted (“OP_RETURN”) Legacy Bitcoin transactions invalid on the SegWit2X chain. Anyone who’d want to split their coins could spend their BTC with such a transaction. These transactions should then confirm on the Legacy Bitcoin blockchain but not on the SegWit2X chain. This effectively splits the coins into different addresses (“outputs”) on both chains.

Such optional replay protection is probably better than nothing at all, but it’s still not a definitive solution.

One problem is that the Legacy Bitcoin blockchain would have to include all these OP_RETURN transactions. This would probably result in more transactions on the network and would require extra data for each transaction. All this data must be transmitted, verified and (at least temporarily) stored by all Legacy Bitcoin nodes. It presents a burden to the Legacy Bitcoin network.

But more importantly, it would probably still not be very easy to utilize this option. It might suffice for professional users — exchanges, wallet providers and other service providers — as well as tech-savvy individual users. But these are generally also the types of users that would be able to split their coins even without replay protection. Average users, if they are even aware of what’s going on, would probably find it much more difficult to utilize optional replay protection.

Optional replay protection, therefore, offers help to those who need it least and does little for those who need it most.

Does the NYA Preclude Replay Protection?

While it’s unclear what was (or is) discussed behind closed doors, the New York Agreement seems to be a very minimal agreement. Published on May 23, 2017, it really only consists of two concrete points:

  • Activate Segregated Witness at an 80 percent threshold, signaling at bit 4, and

  • Activate a 2 MB hard fork within six months.

With the first point completed through BIP91, the only remaining point is a hard fork to 2 megabytes before November 23. (This assumes that this hard fork wasn’t completed with the creation of Bitcoin Cash which is supported by a number of NYA signatories.)

Notably, a lot of details are not filled in. For example, the agreement does not even state that signatories must specifically run the BTC1 software: Any software implementation that implements a hard fork to 2 megabytes might do. This could even include a software implementation that implements replay protection. And, of course, nothing in the NYA stops BTC1 from implementing replay protection; some signatories may have even expected it.

Why Won’t BTC1 Implement Replay Protection?

There are really several reasons why BTC1 — both stated and speculated — might not want to add replay protection.

The first reason is that replay protection would require simplified payment verification (SPV) wallets and some other thin clients to upgrade in order to send and receive transactions on SegWit2X. Replay protection would, therefore, in the words of BTC1 developer Jeff Garzik, “break” SPV wallets; they wouldn’t be compatible with SegWit2X until upgraded.

This framing and choice of words is disputed. If SegWit2X were to implement replay protection (and if SPV wallets don’t upgrade), these wallets could still send and receive transactions on Legacy Bitcoin perfectly fine. On top of that, they wouldn’t accidentally spend B2X when they don’t mean to.

Meanwhile, if the SegWit2X chain does not implement replay protection (and if SPV-wallets don’t upgrade), users may not be sure if their wallet is receiving or sending BTC transactions or B2X transactions or both. They also may not be sure if the balance in their wallet is a BTC balance or a B2X balance or both. And if hash power moves from one chain to another over time, these wallets could even switch from displaying BTC balances to B2X balances or the other way round without users knowing. (This problem could be solved, to some extent, through another workaround, but this is not yet implemented in either.)

Indeed, not implementing replay protection on SegWit2X could arguably “break” SPV wallets much worse.

The only (plausible) scenario where implementing replay protection would perhaps not break SPV wallets much worse is if there is no Legacy Bitcoin to speak of. Indeed, the New York Agreement very specifically intends to “upgrade” Bitcoin, rather than split off into a new coin as Bcash did. And based on miner signaling and statements of intent by several big Bitcoin companies, some NYA signatories claim that Legacy Bitcoin will not be able to survive at all.

Implementing replay protection is, therefore, sometimes considered an admission that SegWit2X will split off from (Legacy) Bitcoin into something new and will not be considered the upgraded version of Bitcoin.

But the assumption that Legacy Bitcoin won’t be able survive is a big one. In reality, miner signaling is effectively meaningless, while Bitcoin Core — the dominant Bitcoin implementation — will not adopt the hard fork. There is also a significant list of companies that have not stated that they support the hard fork, including two top-10 mining pools. Similarly, it’s not clear if many (individual) users will support SegWit2X either. The implementation of wipe-out protection (another safety measure) also suggests that even BTC1 developers aren’t so sure that there will only be one chain.

And perhaps even more importantly, it’s not clear that replay protection would affect any of this. If miners, developers, companies and users are to consider SegWit2X an upgrade of Bitcoin, they will probably do so with or without replay protection.

This is why it has also been suggested that BTC1 is rejecting replay protection for the specific purpose of being as disruptive as possible. If the Legacy Bitcoin chain is effectively made unusable, SegWit2X might stand the best chance of being recognized as “Bitcoin.”

For more information and debate on replay protection, also see the the relevant threads on the SegWit2X mailing list.

The post SegWit2X and the Case for Strong Replay Protection (And Why It’s Controversial) appeared first on Bitcoin Magazine.

Continue reading…

 

Uncertainty Dominates as China Continues to Clamp Down on Cryptocurrencies

Uncertainty Dominates as China Clamps Down on Cryptocurrency

China is clamping down on cryptocurrency, that much is clear. But while the developing story dominates headlines, a notable trend is the lack of official information. Chinese officials seem to systematically decline requests for comments, local sources are willing to provide information on condition of anonymity only, while leaked documents remain unverified.

Despite this lack of clarity, here’s what’s known so far.

Effects on Trading

The most important thing we know for sure is that Chinese bitcoin exchanges will be closing down, or at least exiting China.

BTCC — the oldest bitcoin exchange in the world — was the first exchange to announce they’d be closing shop within the Asian country, by the end of this month. The exchange cited guidelines published by the Chinese central bank (the People’s Bank of China; PBOC), which initially appeared to only affect ICOs, as its reason for closing down.

Other exchanges quickly followed BTCC’s lead. ViaBTC and Yunbi both announced that they’d be ceasing operations by the end of this month. Huobi and OKCoin, the two other major Chinese exchanges, announced they would be shutting down too, though not until the end of October. And BitKan, a big over-the-counter (OTC) trading service rather than an order-book exchange, announced it would be shutting down as well.

While the cited guidelines initially did not seem to concern bitcoin, it is likely that Chinese officials have made it clear through separate channels that they do apply to the cryptocurrency. Bloomberg (among others) reports that exchange operators decided to close down after in-person meetings with PBOC officials, and the Wall Street Journal reports — based on anonymous sources — that the PBOC has prepared a set of “draft instructions” that would ban cryptocurrency trading altogether. These draft instructions have also been leaked (translation) but have so far not been verified for authenticity.

The content of the leaked documents is also consistent with warnings issued by a Chinese quasi-regulatory body — the National Internet Finance Association of China (NIFA) — regarding cryptocurrency trading, published shortly before exchanges announced that they would be shutting down.

According to the NIFA, Bitcoin exchanges lack “legal basis” to operate in the country. Additionally, NIFA official Li Lihui told a technology conference in Shanghai on Friday that a goal of China’s monetary regulation is to ensure that “the source and destination of every piece of money can be tracked.”

The Status of Bitcoin

As far as official statements go, Bitcoin itself is not banned in China. Owning, using, and — most importantly — mining bitcoin should technically not be affected by the published guidelines.

However, more unverified reports (translation) consistent with reporting from the Wall Street Journal, claim that Bitcoin itself will be blocked by the so-called “great firewall of China.” Specifically, seed addresses, which help to bootstrap any new Bitcoin node, and Bitcoin blocks, necessary to construct the blockchain, would be filtered from internet traffic into China, using deep packet inspection.

Additionally, major foreign Bitcoin exchanges like Coinbase, Bitfinex and LocalBitcoins would be added to the list of banned domains, which already includes sites like Google and Facebook. And even private trading of cryptocurrency arranged through chat-apps like Telegram and WeChat, for example, could fall under scrutiny, according to the Wall Street Journal.

This much stricter stance on Bitcoin, beyond just exchanges but also concerning Bitcoin itself, seem consistent with comments from PBOC Counselor Sheng Songcheng, as reported by local news sources like Shanghai Securities News. Songcheng was quoted to have said that Bitcoin poses a challenge to China, mentioning money laundering and its potential to curb the nation’s economic policy.

Furthermore, very recent reports indicate that cryptocurrency exchange operators are currently not allowed to leave Beijing. Local news outlet BJ News writes:

“[According to] a number of informed sources, the current special currency trading platform executives and so on are not allowed to leave Beijing, [in order] to cooperate with the investigation. In accordance with regulatory requirements, the trading platform shareholders, the actual controller, executives, financial executives [must] fully cooperate with the relevant work in the clean-up period in Beijing.” (Rough translation.)

What This Means…

Trading bitcoin via dedicated exchange platforms in China is off the table for now — that is clear.

But it’s not yet clear how successful a full Chinese Bitcoin blockade could be. It would technically only require a single Bitcoin block of a maximum of four megabytes to make it into China about once every 10 minutes, potentially even through satellite, for the entire country to be able to access the blockchain. As such, banning individual Chinese citizens from owning and using bitcoin might prove difficult, even if exchange platforms close down.

Perhaps an even more important question is what will happen to Bitcoin mining: It’s likely that most of Bitcoin’s hash power is currently situated in the Asian country. While miners should able to connect to the rest of the world, according to ViaBTC CEO Haipo Yang, it’s unclear if this connection will be allowed for much longer. If Chinese authorities indeed intend to ban Bitcoin from the country entirely, Bitcoin mining operations — both mining pools and hash power data centers — will be easy targets to shut down.

On the other hand, this is not the first time that fears of China “banning Bitcoin” have been raised. In the past, such concerns have simply been a prelude to stricter regulations by local authorities.

It has been suggested by Bitmain CEO Jihan Wu, perhaps a bit optimistically, that exchanges will simply require a new license to continue operation. Similarly, it’s been speculated that the PBOC may introduce a national digital currency as a sort of gateway to cryptocurrency: This would allow the central bank to better track the flow of funds in and out of bitcoin in order to counter money laundering and capital flight.

Then again, it could make more sense to introduce such a national digital currency as a substitute for Bitcoin, once Bitcoin is effectively banned, as suggested by ZeroHedge.

For now, uncertainty prevails.

The post Uncertainty Dominates as China Continues to Clamp Down on Cryptocurrencies appeared first on Bitcoin Magazine.

Continue reading…

 

Bitcoin Core 0.15.0 Is Released: Here’s What’s New

Bitcoin Core 0.15.0 Released: Here’s What’s New

Today marks the official release of Bitcoin Core 0.15.0, the fifteenth generation of Bitcoin’s original software client launched by Satoshi Nakamoto almost nine years ago. Overseen by Bitcoin Core lead maintainer Wladimir van der Laan, this latest major release was developed by nearly 100 contributors over a six-month period, with major contributions through Chaincode Labs, Blockstream and MIT’s Digital Currency Initiative.

Bitcoin Core 0.15.0 offers significant performance and usability improvements over previous versions of the software implementation. It also introduces several new features to better deal with the current status of the network.

These are some of the more notable changes.

Chainstate Database Restructure

One of the biggest changes compared to previous versions of the software involves how the state of Bitcoin’s blockchain is stored. This “chainstate” or “UTXO-set” is saved in a dedicated database, whereas previously it had been categorized per transaction. If one transaction sent bitcoins to several outputs (“addresses”), these different outputs were stored as a single database entry, referring to that one transaction.

With Bitcoin Core 0.15.0, these outputs are instead stored in a single database entry each. If a single transaction sends bitcoins to different outputs, every output is stored separately. While this method does claim more disc space, it requires less computational resources if one of these outputs is spent later on.

The most concrete benefit of this new data structure is that initial sync-time for new nodes is decreased by about 40 percent. It also introduces simpler code, reduces memory usage  and more. Additionally, it fixes a bug that could theoretically crash Bitcoin Core nodes, controversially revealed at last weekend’s Breaking Bitcoin conference in Paris.

Improved Fee Estimation

As Bitcoin blocks have been filling up over the last year or two, not all transactions fit in the first block that is mined. Instead, miners typically prioritize the transactions that include the most fees. If a user wants to have his transaction confirmed quickly, he should include a high enough fee. If he’s not in a rush, a lower fee should suffice.

However, the Bitcoin network deals with inherent unpredictability in terms of the speed at which blocks are found or the number of transactions that is being transmitted at any time. This makes it hard to include the right transaction fee.

Bitcoin Core 0.15.0 lowers this fee uncertainty: The newest version of the software includes significantly better fee estimation algorithms. This is mostly because the software takes more data into account when making the estimations, such as the fees included in older confirmed transactions, as well as fees in unconfirmed transactions — the fees that proved insufficient.

Additionally, users can enjoy more flexibility. For one, Bitcoin Core 0.15.0 for the first time allows users to include fees that could take their transactions up to a week to confirm. And, also newly introduced, users can choose to accept more or less risk that their transaction could be delayed due to a sudden influx of transactions.

Replace-by-fee in User Interface

Even with improved fee estimation, it is possible that users will still need to wait longer than they want for their transactions to confirm, perhaps because there is a sudden rush of transactions on the network, or maybe because a user changed his mind and prefers to have a transaction confirm faster than originally paid for, or for other reasons.

For these cases, some wallets let users add a “replace-by-fee” tag to their transactions. With such a tag, nodes and miners on the network know that the sender may want to replace that transaction with a newer transaction that includes a higher fee. This effectively allows users to bump the transaction in line to have it confirmed faster.

Bitcoin Core nodes have supported replace-by-fee for well over a year now: They already replace “replace-by-fee” tagged transactions if the new transaction includes more fees. But it was never easy to utilize for Bitcoin Core wallet users themselves.

Until now.

The Bitcoin Core 0.15.0 wallet introduces a replace-by-fee toggle in its user interface. This lets users include the appropriate tag, allowing them to easily increase the fees on their transactions later on.

Multi-wallet Support (Client and RPC Only)

Bitcoin Core 0.15.0 lets users create several wallets for the first time. These wallets all have their own separate Bitcoin addresses, private keys and, therefore, funds. Users can utilize the different wallets for different purposes; for example, one wallet can be used for personal day-to-day purchases, another for business-related transactions, and a third just for trading.

Using several wallets can offer a number of benefits. For instance, it makes accounting easier and more convenient. Additionally, users can more easily benefit from increased privacy as the different wallets cannot be linked to each other by blockchain analysis. It’s also possible to use different wallets for specific applications and more.

For now, multi-wallet support is not yet available for regular wallet users; only advanced users who operate from the command line or through connected applications can utilize the feature.

Other Improvements

Apart from the above mentioned notable changes, Bitcoin Core 0.15.0 includes a number of additional performance improvements, as most new major Bitcoin Core releases do. Concretely, these changes speed up how quickly blocks are downloaded from the network, they let nodes start up faster, and up-to-date nodes will be able to validate new blocks more quickly, in turn benefiting network-propagation time.

Finally, it’s worth mentioning that Bitcoin Core 0.15.0 will disconnect from BTC1 peers on the network. This means that the Bitcoin network will experience less disruption if the SegWit2x hard fork splits the network, as both types of nodes will more easily find compatible peers. While this change has gotten some media attention,c this hange shouldn’t really be noticeable.

Thanks to Chaincode Labs developer John Newbery for feedback and suggestions. For more details on what’s new in Bitcoin Core 0.15.0, see the release notes, or watch Bitcoin Core contributor Gregory Maxwell’s “deep dive” presentation at the San Francisco Bitcoin developers meetup.

The post Bitcoin Core 0.15.0 Is Released: Here’s What’s New appeared first on Bitcoin Magazine.

Continue reading…

 

NO2X: Breaking Bitcoin Shows No Love for the SegWit2x Hard Fork in Paris

no 2x breaking bitcoin

“There’s no such thing as a safe hard fork,” Electrum lead developer Thomas Voegtlin corrected an audience member at the Breaking Bitcoin conference in Paris last weekend. “I would recommend to have replay protection, of course,” he added.

Community support for SegWit2x, the Bitcoin scaling proposal spearheaded by Barry Silbert’s Digital Currency Group, was virtually absent in Paris. Whenever the “2x” part of the New York Agreement was discussed in the French capital, speakers and visitors overwhelmingly considered it a risk to defend against — not a proposal to help succeed.

Electrum users, for example, will not blindly follow hash power in case of a chain-split, Voegtlin explained throughout his talk; instead, they’ll be able to choose which side of such a split they want to be on. And importantly, the lightweight wallet will implement security measures to prevent users from accidentally spending funds on both chains: “replay protection” that seems unlikely to be implemented on a protocol level if SegWit2x does fork off.

“We are ready,” Voegtlin said. “If [SegWit2x] doesn’t include replay protection, the fork detection we have in Electrum will be useful.”

Breaking Bitcoin

Inspired by the successful Scaling Bitcoin conference format, the French Bitcoin community hosted the first edition of Breaking Bitcoin two blocks from the Eiffel Tower last weekend. Bitcoin developers, academics and other technical-minded Bitcoiners gathered for a diverse program, but with the common denominator being Bitcoin’s security.

“For the past two years, the Bitcoin community has been obsessing with scale and scalability,” Kevin Loaec, managing director at Chainsmiths and co-organizer of the event, told Bitcoin Magazine. “But I’m not so worried about scale, I’m worried about mining centralization, a lack of privacy and fungibility … these kinds of things. As an industry we need to recognize there are more challenges than just scalability; hopefully this conference reflects that.”

Whereas the first Scaling Bitcoin conference two years ago was a very specific reaction to a looming block size limit increase hard fork — then put forth by Bitcoin XT — this wasn’t necessarily the motivation behind Breaking Bitcoin. Yet, once again, a controversial hard fork is looming on the horizon. This time imbedded in the BTC1 implementation developed by Bloq co-founder Jeff Garzik, the New York Agreement’s SegWit2x is scheduled to increase Bitcoin’s “base block size limit” to two megabytes by November — an incompatible protocol change that could split the Bitcoin network in two.

And it did not take much to recognize how unpopular the proposal was in Paris. Perhaps most vividly, Italian Bitcoin startup ChainSide led a protest campaign by distributing NO2X stickers; the Twitter hashtag was proudly added as a piece of flair to the by now well-known Make Bitcoin Great Again and UASF hats. And voices critical of the project — like Voegtlin and his call for replay protection — could consistently count on rounds of applause. From a technical perspective, the proposal is often considered — quite frankly — to be reckless.

“Unfortunately, SegWit2x […] was designed to effectively be as disruptive to the minority chain,” MyRig engineer and BIP91 author James Hilliard said on stage during the miner panel.

SegWit2x: The Arguments

Arguments against the 2x hard fork are diverse.

Perhaps its biggest problem, SegWit2x currently lacks basic safety measures to prevent unsuspecting users from losing funds. This includes, most importantly, the aforementioned replay protection, but a new address format would be similarly helpful.

Additionally, the three-month lead time for this specific hard fork is considered extremely short — assuming the goal is to prevent a chain-split in the first place. “If you ask any of the developers, they will typically want to see 18 months or two years lead time, for something with as wide an impact on all the software and hardware out there as a hard fork,” Blockstream co-founder and Hashcash inventor Dr. Adam Back noted during a Q&A session.

And if the chain does split into different networks and currencies — one following the current Bitcoin protocol and one adopting the hard fork — the question becomes which of the two gets to use the name “Bitcoin.” So far, proponents of the SegWit2x hard fork have shown no willingness to pick a new name.

This branding issue, Bitcoin Core contributor and Ciphrex co-founder Eric Lombrozo pointed out, provides yet another point of controversy.

“My personal opinion is that whomever is proposing the change, the onus is on them to demonstrate widespread support,” Lombrozo said during his talk on protocol changes. “The people that want to keep status quo don’t need to show anything. It’s the people who want to change the stuff that actually need to demonstrate there is widespread support.”

And for now, not everyone is convinced that SegWit2x does indeed have this level of support — or anything close to it. While several large mining pools, as well as a significant number of companies, have signed on to the New York Agreement, this agreement was itself drafted without any feedback from Bitcoin’s technical community nor — even more important — a reliable gauge of user sentiment.

And while some Bitcoin companies claim to represent their customers, this is — once again — not taken for granted by everyone.

“One debate I want to draw attention to,” venture capitalist Alyse Killeen pointed out, “is the debate whether businesses speak for their users. I think this is probably a debate you would only see now in this space because it’s pretty well established that businesses outside of this space do not speak for users, but it’s a debate we still have in our community. Of course they don’t.”

NO2X

If Breaking Bitcoin in Paris can be considered at all representative of SegWit2x’s community support — which, it should be noted, is not necessarily the case — the proposal will face an uphill battle to be widely accepted in November.

Indeed, some signatories of the agreement are not so sure about the hard fork anymore: Bitwala and F2Pool have publicly backed out of the agreement. And, during a mining panel in Paris, Bitfury CIO Alex Petrov ever so slightly opened the door to potentially withdrawing support as well, if both the original and the 2x chain manage to survive.

In fact, it’s not just that contentious hard forks are considered a threat to be defended against by Bitcoin’s technical community. It goes beyond that.

In the words of Bitcoin developer Jimmy Song, at the conclusion of his opening talk of the event:

“What doesn’t kill Bitcoin makes it stronger. And conferences like this prove that we’re getting better at this. We’re getting immunized to all these hard forks, and it’s creating a better Bitcoin as a result, and that’s a very good thing. We’re securing against a lot of these attacks, and figuring out ways to mitigate these threats.”

Image courtesy of Federico Tenga

The post NO2X: Breaking Bitcoin Shows No Love for the SegWit2x Hard Fork in Paris appeared first on Bitcoin Magazine.

Continue reading…

 

GreenAddress Is Now the First Mobile Wallet to Offer SegWit Transactions

GreenAddress and Segwit

GreenAddress (and its reimplementation GreenBits), the Bitcoin wallet that was acquired by blockchain infrastructure company Blockstream earlier this year, is the first mobile wallet to offer Segregated Witness (SegWit) transactions. This means that GreenAddress users are among the first to benefit from lower fees and faster transaction times enabled by the long-awaited protocol upgrade.

“The Bitcoin network is currently not being spammed, so transactions with low fees are getting confirmed — however, with SegWit the required fees are even lower; they’re almost cut in half,” GreenAddress developer Lawrence Nahum told Bitcoin Magazine.

Once upgraded, all new addresses generated by the GreenAddress wallet will be SegWit addresses (though wrapped in a P2SH address, so they still look the same as before). Receiving payments on these addresses does not differ from typical addresses in any way, nor does spending bitoins from different addresses. But when users spend the bitcoins from the SegWit addresses later on, the protocol upgrade is utilized. This outgoing transaction that requires lower fees will be included in a block more quickly.

GreenAddress is not the first wallet to enable SegWit: hardware wallets Ledger and Trezor introduced the new feature last week. But in both cases, of course, using the new feature requires owning such hardware devices. GreenAddress, on the other hand, is available to anyone with a smartphone or a computer; if the fees on competing wallets are too high, users can easily switch to GreenAddress.

“We are now the first mobile wallet to implement the solution, but I feel the ecosystem, unlike with previous soft fork upgrades, is moving really fast,” Nahum said. “Hardware wallets are leading, Armory also has support, Bitcoin Core will have it in the 0.15.1 release, and I’m sure the others will move fast as they have strong incentives: In GreenAddress transaction fees are pretty much halved.”

Interestingly, the malleability fix that Segregated Witness provides will be utilized by GreenAddress as well. Due to malleability — the ability to change the appearance of unconfirmed transactions — spending bitcoins from unconfirmed transactions could fail due to meddling of third parties. While this will not lead to a loss of funds, it could make for a bad user experience, which is why it wasn’t available to most users. With the malleability fix, this issue will now be resolved, and GreenAddress users can re-spend unconfirmed bitcoin balances straight away.

Over the years, GreenAddress has made a name itself by pioneering new features enabled by Bitcoin protocol upgrades. The wallet was, for example, the first to offer opt-in replace-by-fee, which allows users to bump the fee of an outgoing transaction. It was also among the first wallets to offer modern multisig addresses, the first wallet to include fee estimation instead of static fees, the first mobile wallet to support hardware wallets, and more.

The post GreenAddress Is Now the First Mobile Wallet to Offer SegWit Transactions appeared first on Bitcoin Magazine.

Continue reading…

 

Breaking Bitcoin: Paris is Set to Host a New Technical Bitcoin Conference

Breaking Bitcoin: Paris is Set to Host a New Technical Bitcoin Conference

A brand new technical conference is hitting the Bitcoin space this week.

Loosely inspired by the well-known Scaling Bitcoin workshops, the French Bitcoin community will host the Breaking Bitcoin conference in Paris, on September 9 and 10. The conference has an explicit focus on security and is targeted at an audience with an understanding of the technical aspects of Bitcoin.

“All of the talks and panels will have different angles that all tie in to this theme,” co-organizer Elizabeth Stark told Bitcoin Magazine.

The Breaking Bitcoin conference was born out of discussions on the CryptoFR Slack,a discussion platform for the growing developer community in France. A group of volunteers, including French Bitcoin community member Pierre Lorcery, Chainsmiths managing director Kevin Loaec and Ledger CTO Nicolas Bacca, as well as Caifornia-based Lightning Labs CEO Elizabeth Stark, decided to organize the technical event.

“The idea was simple,” said Stark, who has previously been involved with organizing Scaling Bitcoin workshops. “We made a weekend out of the types of talks we see at developer meetups around the world and invited some of our favorite speakers to Paris.”

Breaking Bitcoin’s focus on Bitcoin’s security in unique in the space. Where Scaling Bitcoin mostly focuses on how to improve the technology in a number of ways, including scalability, fungibility, privacy, and more, Breaking Bitcoin instead highlights all the different ways in which Bitcoin can be attacked and how these attacks can be defended against.

“Talks will range from social and political attack vectors, to spam attacks, to layer 2 security, to hardware attacks, to secure and usable applications,” Stark said. “This is, as far as I know, the first ever technical conference focused solely on Bitcoin security. The goal of the event is to have a true community-driven, cypherpunk conference, and our hope is that we’ve delivered on this.”

Speakers and panelists in Paris include Bitcoin Core contributors Eric Lombrozo and Peter Todd, Libbitcoin developers Amir Taaki and Eric Voskuil, Lightning Network developers Dr. Christian Decker and Laolu Osuntokun, BitGo engineer Jameson Lopp, Electrum developer Thomas Voegtlin, Venture Capitalist Alyse Killeen, and many more.

Tickets start at €100 (~$120), with room for up to 300 attendees.

The post Breaking Bitcoin: Paris is Set to Host a New Technical Bitcoin Conference appeared first on Bitcoin Magazine.

Continue reading…

 

One Week Into SegWit, Hardware Wallets Lead the Pack in Slow-But-Sure Roll Out

segwitwallets.jpg

After a years-long development process and even more debate and political struggle, Segregated Witness finally activated on the Bitcoin network last week. The protocol upgrade introduced a number of benefits which can enable more advanced second-layer protocols. It also offers a block size limit increase for wallets that utilize the new feature, meaning users can enjoy lower fees and faster confirmation times.

One week in, Segregated Witness has been implemented in several wallets, though overall adoption is off to a bit of a slow start. While many wallets and services indicated prior to the activation that they would be ready for the upgrade, many are taking a bit of a conservative approach when it comes to main-net release, while others have since faced unrelated difficulties that demanded their attention.

So far, hardware wallets are among the first to have jumped on the new opportunity. Both Trezor and Ledger have fully implemented and enabled Segregated Witness. This is not very surprising: Hardware wallets stand to benefit from SegWit more than most wallets, as it helps to significantly speedup the signing process.

“But we mostly implemented Segregated Witness to help the network first,” Ledger CTO Nicolas Bacca told Bitcoin Magazine. “The more Segregated Witness transactions are used, the more space there is for everybody. In a way we’re also doing our part to disarm the 2x part of the SegWit2x hard fork.”

Another hardware wallet provider, Digital Bitbox, also implemented Segregated Witness in its firmware, cofounder and Bitcoin Core contributor Jonas Schnelli told Bitcoin Magazine, but it still requires a compatible desktop app to utilize the feature. This is a work in progress.

Full node wallets like Bitcoin Core are also in the process of implementing Segregated Witness. But Bitcoin Core developers decided to not include the feature straight away in order to avoid edge-case attacks that become harder to execute as time passes. Bitcoin Core will instead release a new version of the software, 0.15.1; this could take another month or two before it’s available.

As for regular wallets, it seems that Blockstream’s GreenAddress could well be the first to offer the feature.

“It’s days away,” GreenAddress developer Lawrence Nahum told Bitcoin Magazine. “We were ready a while back; however, during testing we found that fees were a bit higher in one of our wallets. That’s because some software libraries available now weren’t available when we implemented SegWit. At this point it’s mostly a matter of more testing.”

Most other wallets are also in various stages of implementing the feature, but for various reasons haven’t gotten to the point of release quite yet. In some cases, like BitGo and BTC.com, this had to do with the prioritization of integrating Bitcoin Cash into their service; the new cryptocurrency launched unexpectedly only a couple of weeks ago. Similarly, Mycelium told Bitcoin Magazine it has been implementing new features which diverted some time and attention away from SegWit.

Other popular wallets, including Bitcoin Wallet (also known as Schildbach’s Bitcoin Wallet), Breadwallet, Electrum, mSIGNA, as well as webwallet Xapo confirmed that they are implementing SegWit, and all told Bitcoin Magazine that they expect this should be available soon — though none gave a specific timeframe for it.

The post One Week Into SegWit, Hardware Wallets Lead the Pack in Slow-But-Sure Roll Out appeared first on Bitcoin Magazine.

Continue reading…

 

Miners Are Leaving Money on the Table to Mine Bitcoin Cash: This Could Explain Why

Miners Are Leaving Money on the Table to Mine Bitcoin Cash: This Could Explain Why

The Bitcoin Cash (Bcash or BCH) mining saga continues.

Last week, Bitcoin Magazine reported how — assuming all miners would act in their short-term self-interest — Bcash could potentially have its blockchain freeze in its tracks. Then, last weekend, the Bcash mining saga further developed, as some miners periodically triggered an emergency difficulty adjustment, leading to extreme swings in hash power, unreliable block times and increased inflation.

Now, the situation has taken yet another turn.

Bitcoin Cash is currently less profitable to mine than Bitcoin (BTC). And according (translation) to at least one mining pool operator, BTC.TOP’s Jiang Zhuo’er, this is intentional. Some miners, including Zhou’er, seem to be coordinating to keep the Bitcoin Cash difficulty where it is now, relative to Bitcoin and relative to the price of the two coins. In other words, Bcash miners are keeping Bcash a little less profitable to mine than Bitcoin, on purpose.

As we explained in our first article on this topic, miners that are driven by short-term financial incentives should all switch to the chain that is most profitable to mine (regardless of what other miners do). Yet, Bcash is still being mined despite being less profitable — and at a relatively regular pace. Blocks aren’t found too fast or too slow, inflation is not out of bounds, and the situation seems relatively stable.

In short, miners are collectively leaving money on the table to ensure that Bcash is usable.

The big question, therefore, is why.

The simple explanation would be that the Bcash miners expect the BCH exchange rate to increase significantly in the future and are therefore willing to “take one for the team” right now. (Keep in mind that even if miners believe in Bcash’s long-term potential, they would individually still be better off mining BTC and selling their proceeds for BCH — but someone needs to be mining Bcash for that to even be possible.)

Alternatively, miners could be invested in Bcash enough to want to keep it — and thus their investment — alive. Or maybe someone else is similarly invested is subsidizing the miners.

It could also be a matter of honor or pride.

Or perhaps there is a bigger picture.

The Bitmain Factor

Two of the biggest Bcash miners are ViaBTC and, indeed, BTC.TOP. But the vast majority of Bcash hash power is mining anonymously to two BCH addresses. This hash power must therefore belong to one or two mystery miners, or maybe one or two mystery pools.

Meanwhile, there is quite a bit of circumstantial evidence to suggest that Bitmain is involved with Bcash to some degree.

First and foremost, Bitcoin Cash was the realization of the “UAHF,” a plan first proposed by Bitmain. And while the mining hardware manufacturer has publicly distanced itself from the project to some extent since, it did not rule out the possibility of supporting Bcash later on. Indeed, two of Bitmain’s pools, Antpool and BTC.com, have mined BCH since.

Meanwhile, Amaury Séchet, lead developer of Bitcoin ABC (the first software implementation that implemented this UAHF) received funding from the Bitmain-sponsored Bitcoin Development Grant. Similarly, Juan Garavaglia, CEO of early Bitcoin Cash infrastructure development company Bitprim, is or was the authorized Bitmain distributor for the U.S. and Canada. And while any connection between BTC.TOP and Bitmain has so far been denied, ViaBTC did at least receive investment from the mining giant. And of course, Bitmain co-CEO Jihan Wu established himself as a big proponent of Bcash, both online and offline.

Furthermore, Bitmain might be one of the parties that could benefit the most from Bitcoin Cash, if the coin proves successful in the longer term. As opposed to Bitcoin, Bcash is still fully compatible with covert use of the patented AsicBoost technology that Bitmain admitted to having implemented in its chips, while Bitcoin ABC has no plans to counter this. And as Blockstream CSO Samson Mow argued, by producing their own coin, Bitmain can perhaps to some extent guarantee future hardware sales, even if Bitcoin were to ever, for example, adopt a proof-of-work algorithm change.

All this, and of course the fact that Bitmain is a world-leading producer of hash power,  suggests that the company is in a good position be responsible for one or both mystery miners. Or that someone associated with the company is.

While this theory is speculative and parts of it are officially denied, it would mean that Bitmain — or someone associated with Bitmain — is almost single handedly propping up Bcash. As a result, the coin is currently relatively functional. But barring more durable solutions, Bcash’s future might just depend on Bitmain’s willingness and ability to keep it that way.

Thanks to Johnathan Corgan for his feedback.

The post Miners Are Leaving Money on the Table to Mine Bitcoin Cash: This Could Explain Why appeared first on Bitcoin Magazine.

Continue reading…

 

Miners Are Milking Bcash’s Difficulty Adjustments (and Why This Is a Problem)

Miners Are Milking Bcash’s Difficulty Adjustments (and Why This Is a Problem)

Bitcoin Cash (Bcash or BCH) has been more profitable to mine than Bitcoin (BTC) on multiple occasions over the past week or two. This is creating a new dynamic within Bitcoin’s ecosystem — one which is not really beneficial for either coin.

In Bitcoin Magazine‘s previous article on this topic, we explained why Bcash mining should normally not affect Bitcoin too much, aside from the incidental higher fees and slower confirmations. We also explained why this dynamic could, in the meantime, ruin Bcash, as it should freeze that blockchain in its tracks.

We also noted that Bcash has a built-in emergency solution to mitigate the risk, which could get its blockchain moving again. But this solution does assume either that some miners are choosing to act against their own short-term interest at certain times for the benefit of all miners — or that miners are coordinating for their mutual benefit, on some level.

Now, several days later, it appears that this is what’s happening. Some miners are either acting against their short-term interests for specific periods of time — or they are coordinating to trigger the emergency solution.

The good news for Bcash is that this means its blockchain is still in motion for now, at least on most days. But at the same time, the dynamic generated by the emergency solution is benefiting its miners overall, more than anyone else — and it’s even calling into question the long-term viability of Bitcoin Cash itself.

The Emergency Difficulty Adjustment

First, a brief recap of Bitcoin mining and Bcash’s built-in emergency solution.

Mining profitability is determined by the value of the block reward (newly mined coins plus transaction fees) and the “difficulty” to mine a block. If the value of the block rewards are higher and the difficulty is lower, miners make more money.

The difficulty on both Bitcoin and Bcash self-adjusts each time 2016 blocks are mined. If it takes longer than two weeks to mine these 2016 blocks, difficulty adjusts downward so it becomes easier to mine. If it takes less than two weeks, the difficulty adjusts upward so it becomes harder.

Bcash really needs its difficulty to be low enough to match the value of its block rewards in relation to Bitcoin. So, if Bcash’s block reward is worth 15 percent of Bitcoin’s block reward, Bcash’s difficulty must also be 15 percent of Bitcoin’s difficulty, or lower. Otherwise, Bitcoin will be more profitable to mine, and miners will really have no reason ever to return to Bcash, leaving the Bcash blockchain frozen in its tracks.

The big problem is that, as long as Bcash’s block rewards do not exceed Bitcoin’s block rewards, this is bound to happen sooner or later. At some point, Bcash difficulty will exceed what its block reward will be worth, at which point all miners should leave.

To mitigate this problem, Bcash implemented a feature called the “emergency difficulty adjustment” (EDA). If in a space of at least twelve hours, fewer than six blocks are mined, the difficulty adjusts downwards by 20 percent for the next block. If miners coordinate or time this well, this can bring difficulty down by about 75 percent within a day.

The Problems

While triggering the EDA is preferable over a blockchain frozen in its tracks forever, it does present new problems.

Once difficulty is low enough, profit-maximizing miners are incentivized to jump on Bcash mining, producing an enormous number of blocks before difficulty adjusts within a day or two. Then, once the difficulty adjusts upward by a lot, and all these miners will switch back to Bitcoin — until some miners trigger Bcash’s EDA again, potentially after 12 hours or so, and all miners hop back on Bcash, creating a sort of stop-and-go cycle, on repeat.

In our previous article, we noted that this stop-and-go cycle is not ideal for users. But we didn’t go into specifics about what problems those would be, exactly. And there are a number of them…

First of all, this stop-and-go cycle actually causes a disturbance for Bitcoin users as well. Each time miners hop on Bcash, hash power leaves the Bitcoin network, which means that Bitcoin blocks are mined more slowly. As a result, Bitcoin’s transaction fees and confirmation times go up. And the fact that miners are intentionally gaming the system like this, suggests that the situation could drag on for a while: potentially weeks or months, and maybe even longer depending on how Bcash develops.

Meanwhile, this cycle makes Bitcoin Cash confirmation times very unreliable. On some days, transactions confirm very quickly, as blocks are found about every minute. On other days, there are (almost) no new blocks at all for at least 12 hours, and transactions take incredibly long to confirm, by comparison.

Arguably, an even bigger problem is that because of this dynamic, Bcash mining rewards — new coins — enter the system much more quickly: currently about four times faster than they are supposed to. As a result, Bcash’s inflation rate is relatively high. While Bitcoin’s current yearly inflation rate sits at about 4 percent, Bcash’s yearly inflation rate is on pace to be closer to 16 percent. This favors miners who earn these coins — at the cost of coin-holders.

What’s more, because of this same dynamic, Bcash’s next block halving will arrive much faster as well, possibly around mid 2018 instead of mid 2020. And if nothing changes, there could even be another halving by early 2019: the block reward could fall to 3.125 BCH in just a little over a year from now.

These halvings is where Bcash’s real problems could begin.

As perhaps its central value proposition compared to Bitcoin, Bcash wants to keep its transaction fees extremely low; even as low as zero. Therefore, it is not clear that fees will make up for the loss in rewards; it seems especially unlikely that these losses will be made up within a year, if ever. So unless the market price of BCH, compared to BTC, increases by a lot, and fast, the value of Bcash’s block reward could dwindle significantly.

Now, keep in mind that for miners to mine Bcash at all, its difficulty must be even lower than its block reward, compared to Bitcoin, and that if that is the case, all profit-maximizing miners are expected to pile on.

That means that all these miners will be able to mine the 2016 blocks even faster when they do all pile on Bcash. Instead of two days, it could take them even one day. Or less. Which would, of course, mean that the next block halving will be reached even faster. This would in turn means that the block rewards would be even less valuable, difficulty would needs to be even lower for miners to hop on, and miners would be able to mine the 2016 blocks even faster next time. Maybe even in half a day.

Bcash’s EDA could lead to vicious downward spiral, which would significantly decrease Bcash’s security against 51% attacks. It would also make it easier for miners hostile to Bcash to frustrate the system in other ways; for example, they could prevent emergency adjustments from kicking in. Moreover, Bcash could reach the point where its block rewards aren’t even worth the time and effort for miners to switch between chains, and Bcash freezes in its tracks, after all.

Bitcoin Cash will need to fix this problem somehow, and by now developers are indeed discussing the issue. Either that, or the coin must become more valuable than Bitcoin to mitigate the problem altogether — fast.

Thanks to Johnathan Corgan for feedback.

The post Miners Are Milking Bcash’s Difficulty Adjustments (and Why This Is a Problem) appeared first on Bitcoin Magazine.

Continue reading…

 

Segregated Witness Activates on Bitcoin: This is What to Expect

segwit acti.jpg

The Segregated Witness (SegWit) soft fork has activated on the Bitcoin network.

As of block height 481,824, found at 1:57 UTC by BTCC, all SegWit ready nodes started enforcing the new SegWit consensus rules. As Bitcoin’s biggest protocol upgrade to date, this introduces a whole new data structure, which changes the appearance of Bitcoin blocks for upgraded nodes — though non-upgraded nodes should continue to function as normal.

More concretely, SegWit activation means that Bitcoin’s block size limit is replaced by a block “weight” limit, which allows for blocks to increase to up to 4 megabytes in size. Additionally, and perhaps more importantly, SegWit transactions won’t suffer from the “malleability bug,” which in turn enables advanced second-layer protocols like the Lightning Network, atomic swaps, MAST, and more.

Here’s what to expect for the next couple of hours, days, weeks, months and beyond…

The Block Size Limit Becomes a Block Weight Limit

Depending on the types of transactions included, Bitcoin blocks can now be up to 4 megabytes big — though 2 megabytes is a more realistic maximum.

However, this doesn’t mean that all blocks will immediately bump to 2 megabytes in size today. For a transaction to utilize the added space, it must be sent from a SegWit address (or more accurately, a Segwit “output”) — not just to a SegWit address.

At the time of activation, of course, no bitcoins were locked up in SegWit addresses whatsoever. That wasn’t possible up till now. So at the very least, bitcoins must be spent once to a SegWit address. Only when they’re spent again will they benefit from the extra space.

Additionally, wallets and other applications need to be ready to accept SegWit transactions. Some wallets, like GreenAddress, may offer this option on day one, or shortly thereafter. “We had this in testnet on by default for a very long time now,” GreenAddress developer Lawrence Nahum told Bitcoin Magazine. “We’ll make it’s available almost immediately after activation; we just want to make sure activation is smooth before we enable it.”

Similarly, large Bitcoin service providers could start accepting SegWit transactions right away, though some may need more time to prepare. BitGo, a Bitcoin infrastructure provider for major exchanges like Bitstamp, Kraken and OKCoin, expects to be SegWit-ready relatively soon as well.

BitGo engineer Jameson Lopp told Bitcoin Magazine:

“We’ve not set an actual date, though we certainly want to deploy it as soon as possible. I expect general availability sometime next week.”

Some other wallets and services, however, may take a little longer; how long will differ from wallet to wallet.

Lightning and More

Arguably even more highly anticipated than an increased block size, second-layer technologies like the Lightning Network or, further out, Merkelized Abstract Syntax Trees (MAST), will be more easily built on top of Bitcoin, thanks to Segregated Witness,

Most of this technology is still a work in progress, and it could take several more months before regular users are expected to use it. That said, it is likely that there will be experimentation on Bitcoin’s mainnet rather soon, according to Lightning Labs CEO and cofounder, Elizabeth Stark.

“Today we released version 0.3 alpha of our Lightning Network Daemon software, which is the last major release before our mainnet beta release,” said Stark to Bitcoin Magazine. “We’re not giving any exact predictions, but our goal is to get it up and running as soon as it’s thoroughly tested and stable. We may also see some test mainnet transactions by developers once SegWit activates.”

And even when the Lightning Network is functional and in use, it will take a little longer to roll out more advanced features that utilize the Lightning Network or similar protocols. These include atomic swaps, which allows for the instant and (near) costless exchange of cryptocurrencies over different blockchains, like bitcoin and litecoin. And Stark said a larger development ecosystem is growing around the technology as well.

“We’re seeing app development on the Lightning Network taking off, which we’re very excited about. Once the mainnet releases are out, we expect there to be a bunch of apps working on the Lightning Network out of the box,” she added.

Further, more nuanced benefits of SegWit, such as faster transaction signing by hardware wallets, will be available within a matter of days.

The Risks

At this point in time, SegWit activation does still present some risks for users.

The first risk applies to all soft forks, and depends on miners actually enforcing the new rules. If some don’t, non-upgraded nodes as well as many light clients in particular could accept invalid transactions and blocks, at least until the network corrects that through a blockchain reorganization (“reorg”). In the past, soft forks caused some (minimal) network disruption, but the risks do seem limited this time around.

“I suspect that the reorg risk is relatively low for full nodes with SegWit. The only prior case like this was that validationless mining chain-split two years ago, but that didn’t affect full nodes,” Blockchain consultant Peter Todd told Bitcoin Magzine. “And fortunately Bitcoin Core includes a lot of improvements to speed that older and alternative implementations don’t have, so there’s a good chance basically all miners are running Bitcoin Core with only small modifications to non-consensus code, if any.”

Additionally, the first couple of hours after activation could open a small window for advanced types of miner attacks, which resemble (or are) 51% attacks. If large amounts of bitcoin are sent to SegWit addresses after activation, miners could theoretically still “roll back” the blockchain to a point in time before activation to re-build it from there. Since SegWit outputs are not secure before activation, such a rollback could allow miners to steal these funds.

Luckily, like any other 51% attack, the costs to perform this attack increase for every block that is found after activation, to the point where the attack becomes infeasible within a couple of hours. That said, it is probably wise not to send huge amounts of bitcoin to SegWit addresses straight away, and instead to wait at least a couple of hours or maybe days.

Lastly, Todd pointed out that some (untested) services may fail shortly after SegWit activation, as they have likely only integrated SegWit support partially. “For example, remote procedure calls could request SegWit transactions, while at the same time rejecting these transactions because they didn’t expect to get them.” These kinds of issues should be easy to fix, however.

Also read Bitcoin Magazine’s cover story for the month: The Long Road to SegWit: How Bitcoin’s Biggest Protocol Upgrade Became Reality

/articles/long-road-segwit-how-bitcoins-biggest-protocol-upgrade-became-reality/

.

The post Segregated Witness Activates on Bitcoin: This is What to Expect appeared first on Bitcoin Magazine.

Continue reading…