|
| 1 | +--- |
| 2 | +title: 'Bitcoin Optech Newsletter #4' |
| 3 | +permalink: /en/newsletters/2018/07/17/ |
| 4 | +name: 2018-07-17-newsletter |
| 5 | +type: newsletter |
| 6 | +layout: newsletter |
| 7 | +lang: en |
| 8 | +version: 1 |
| 9 | +--- |
| 10 | +This week's newsletter includes news and action items about a feature |
| 11 | +freeze for the next major version of Bitcoin Core, increasing |
| 12 | +transaction fees, a likely renaming of the proposed `SIGHASH_NOINPUT` |
| 13 | +flag, and several notable recent Bitcoin Core merges. |
| 14 | + |
| 15 | +## Action items |
| 16 | + |
| 17 | +- Last chance to advocate for any almost-ready new features to be |
| 18 | + included in Bitcoin Core 0.17, expected to be released in August or |
| 19 | + September. The feature-freeze date mentioned in [newsletter #3][] has |
| 20 | + been pushed back a week to July 23rd. |
| 21 | + |
| 22 | +## Dashboard items |
| 23 | + |
| 24 | +- **Transaction fees increasing:** for transactions targeting |
| 25 | + confirmation within 12 blocks or sooner, [recommended fees][] have risen |
| 26 | + up to 3x compared to this time next week. Nodes with default settings |
| 27 | + still have plenty of room in their mempools, so the trend could quickly |
| 28 | + reverse itself. It's recommended to be careful making cheap |
| 29 | + consolidation transactions until feerates drop again or unless you can |
| 30 | + wait potentially several weeks for the consolidation transaction to |
| 31 | + confirm. |
| 32 | + |
| 33 | +## News |
| 34 | + |
| 35 | +- **Coin selection groups discussion:** under discussion this week was |
| 36 | + Bitcoin Core PR [#12257][], which adds an option to the wallet that |
| 37 | + causes every output paid to the same address to be spent whenever any |
| 38 | + one of those outputs is spent. A motivation for this PR is to enhance |
| 39 | + privacy, as otherwise spending multiple outputs received to the same |
| 40 | + address in different transactions will create a privacy-reducing link |
| 41 | + between those transactions. But this option also automatically |
| 42 | + consolidates inputs which may be of special interest to Bitcoin |
| 43 | + businesses that frequently receive multiple payments to the same |
| 44 | + address. |
| 45 | + |
| 46 | +- **Continuing discussion about Schnorr signatures:** no faults have |
| 47 | + been identified with the proposed BIP [described][schnorr feature] in |
| 48 | + last week's newsletter, but two developers have proposed |
| 49 | + optimizations, [one][multiparty signatures] of which has run afoul of |
| 50 | + security considerations and [another one][rearrange schnorr] of which |
| 51 | + will likely not be added as its minor optimization comes at the |
| 52 | + tradeoff of removing different minor optimization. |
| 53 | + |
| 54 | +- **Naming of `SIGHASH_NOINPUT`:** [BIP118][] describes a new optional |
| 55 | + signature-hash (sighash) flag that doesn't identify which set of |
| 56 | + bitcoins it is spending. The main thing used to determine whether the |
| 57 | + spend is valid is whether the signature script (witness) fulfills all |
| 58 | + the conditions of the pubkey script (encumbrance). |
| 59 | + |
| 60 | + For example, in the [Eltoo][] smart contract protocol aimed augmenting |
| 61 | + Lightning Network (LN), Alice and Bob sign each change of balance in |
| 62 | + a payment channel with this new sighash flag so that, when they want |
| 63 | + to close the channel, either one of them can use the transaction |
| 64 | + with the final balance to spend from the transaction with the |
| 65 | + initial balance. |
| 66 | + |
| 67 | + However, naive use of this new sighash flag can cause unexpected |
| 68 | + loss of funds. For example, Alice receives some bitcoins to a |
| 69 | + particular address; she then spends those bitcoins to Bob using the |
| 70 | + new sighash flag. Later, Alice receives more bitcoins to the same |
| 71 | + address---Bob can now steal those bitcoins by reusing the same |
| 72 | + signature Alice used before. Note that this only affects people |
| 73 | + using the new sighash flag; it doesn't affect unrelated |
| 74 | + transactions. |
| 75 | + |
| 76 | + The [discussion][unsafe sighash] this week on the bitcoin-dev and |
| 77 | + lightning-dev mailing lists was about naming the sighash flag so |
| 78 | + that developers don't use it accidentally without realizing its |
| 79 | + dangers. A rough consensus seems to have formed around |
| 80 | + the name `SIGHASH_NOINPUT_UNSAFE`. |
| 81 | + |
| 82 | +## Notable Bitcoin Core merges |
| 83 | + |
| 84 | +- **[#13072][]:** The `createmultisig` RPC can now create P2SH-wrapped |
| 85 | + segwit and native segwit addresses. |
| 86 | + |
| 87 | +- **[#13543][]:** Support for the RISC-V CPU architecture added. |
| 88 | + |
| 89 | +- **[#13386][]:** New specialized SHA256 functions that take advantage |
| 90 | + of CPU extensions and knowledge of specific data inputs used by Bitcoin |
| 91 | + Core (such as the very common case where the input data is exactly 64 |
| 92 | + bytes, as used for every calculation in a Bitcoin merkle tree). This |
| 93 | + can provide up to a 9x speed-up over Bitcoin Core 0.16.x for cases |
| 94 | + where the new code applies and is supported by the user's CPU. The |
| 95 | + code mainly helps speed up validation of blocks, both historic blocks |
| 96 | + during initial sync and new blocks during normal operation. |
| 97 | + |
| 98 | +- **[#13452][]:** The `verifytxoutproof` RPC is no longer vulnerable to |
| 99 | + a particular [expensive attack][tx-as-internal-node] against SPV |
| 100 | + proofs publicly disclosed in early June. The attack was considered |
| 101 | + unlikely given that much cheaper attacks of roughly equal |
| 102 | + effectiveness are well known. See also merged PR [#13451][] that adds |
| 103 | + extra information that can be used to defeat the attack to the |
| 104 | + `getblock` RPC. None of this mitigates the attack for actual SPV |
| 105 | + clients. |
| 106 | + |
| 107 | +- **[#13580][]:** New `getzmqnotifications` RPC that "returns |
| 108 | + information about all active ZMQ notification endpoints. This is |
| 109 | + useful for software that layers on top of bitcoind." |
| 110 | + |
| 111 | +- **[#13096][]:** Increase the maximum size of transactions that will be |
| 112 | + relayed by default from 99,999 vbytes to 100,000 vbytes. |
| 113 | + |
| 114 | +[newsletter #3]: /en/newsletters/2018/07/10/ |
| 115 | +[recommended fees]: https://p2sh.info/dashboard/db/fee-estimation?orgId=1&from=now-7d&to=now&var-source=bitcoind |
| 116 | +[multiparty signatures]: https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2018-July/016215.html |
| 117 | +[rearrange schnorr]: https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2018-July/016211.html |
| 118 | +[BIP118]: https://github.com/bitcoin/bips/blob/master/bip-0118.mediawiki |
| 119 | +[eltoo]: https://blockstream.com/eltoo.pdf |
| 120 | +[unsafe sighash]: https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2018-July/016187.html |
| 121 | +[popular twitter thread]: https://twitter.com/orionwl/status/1014829318986436608 |
| 122 | +[schnorr feature]: en/newsletters/2018/07/10/#featured-news-schnorr-signature-proposed-bip |
| 123 | +[#12257]: https://github.com/bitcoin/bitcoin/pull/12257 |
| 124 | +[#13072]: https://github.com/bitcoin/bitcoin/pull/13072 |
| 125 | +[#13543]: https://github.com/bitcoin/bitcoin/pull/13543 |
| 126 | +[#13386]: https://github.com/bitcoin/bitcoin/pull/13386 |
| 127 | +[#13452]: https://github.com/bitcoin/bitcoin/pull/13452 |
| 128 | +[#13451]: https://github.com/bitcoin/bitcoin/pull/13451 |
| 129 | +[#13580]: https://github.com/bitcoin/bitcoin/pull/13580 |
| 130 | +[#13096]: https://github.com/bitcoin/bitcoin/pull/13072 |
| 131 | +[tx-as-internal-node]: https://bitslog.wordpress.com/2018/06/09/leaf-node-weakness-in-bitcoin-merkle-tree-design/ |
0 commit comments