The Chaincode Podcast

Rusty drops by to tell us about why privacy and robustness should be prioritized in Lightning. We discuss: LN symmetry (04:39) Do we want LN Symmetry to be symmetrical? (05:12) Listen to the conversation with instagibbs Peer to peer protocol (13:30) CTV (16:54) Pushing privacy and robustness to the front of the line (20:33) The dynamics of developing a spec with commercially associated implementations (22:19) Expecting new implementations (26:22) Privacy revisited (27:02) What broke when fee rate spiked? (31:21)

Elle Mouton and Oliver Gugger join us to talk with us about the Simple Taproot Channel proposal. We cover: Simple Taproot Channels Overview (1:29) What’s the state of the spec? (3:06) Changes to the scripts in Taproot Channels (4:31) Refresher on CPFP carve-out and Anchor Outputs (8:19) Why Anchor Outputs need to use script path spends (10:24) Other goals of Simple Taproot Channels (15:52) Why do PTLCs need Taproot funding outputs? (16:44) Potential updates for the gossip protocol: Gossip 1.5 or Gossip 2.0 (18:13) PTLCs (25:22) Iterative approach or big push (27:19) Recoverability of channel funds (33:06)

Alekos Filini and Daniela Brozzoni visit the podcast to discuss the Bitcoin Development Kit (BDK). Hang out with them on the BDK Discord. We cover: How BDK started (00:48) Why is it named BDK and not the Magical Bitcoin Library? (2:10) The first users of BDK (3:30) Rust HWI (4:20) Built around descriptors (7:15) The ideal use case of BDK (7:30) Pain points (9:05) Why do devs keep building wallets from scratch? (10:05) Greenwallet (13:03) If you have a working wallet, should you switch to BDK? (16:25) HWI complaints (see Python) (17:41) BDK 1.0 release features (22:31) Sync Planning module

Tadge Dryja chats with us about writing the Lightning Network paper and working in the Bitcoin space. We discussed: Could blocks be bigger? (0:59) Paper: On the instability of Bitcoin without the block reward (9:49) Serving billions with Lightning (10:40) The state of the debate when writing the Lightning Network White Paper (13:35) Would Lightning be possible without Segwit? (17:20) Looking in from outside on a project you started (18:54) Trimmed HTLCs: Sending 1 sat vs 100,000 sats (22:02) Limitations of the Lightning network (25:31) Do high fees break lightning? (28:24) LN-Symmetry (Eltoo) (31:50) SIGHASH_ANYPREVOUT (33:20) Why are soft forks so hard? (34:15) What’s your wish list (hardfork wishlist wiki, softfork wishilist wiki) for protocol changes? (36:18) coinpools Bitcoin needs to become more usable (37:54) Tadge's thoughts on Education (44:17) MAS.S62: Cryptocurrency Engineering and Design Dynamics of working on Bitcoin (47:16)

Andrew Chow joins us to discuss Bitcoin Core wallet development, PSBT, Output Descriptors, and HWI. We cover: - Why do we need a wallet in Bitcoin Core? (0:58) - Refactoring the Wallet codebase to build Output Descriptors (5:59)Should we rewrite the wallet? (10:30) - Changes to Coin Selection (11:35) - Wallet interoperability (17:10) - Hardware Wallet Integration (HWI) (18:20) - Partially Signed Bitcoin Transactions (PSBT) (19:01) - Becoming Maintainer (22:06) - Tracking the UTXO pool (23:43) - Main components of the Bitcoin Core Wallet (26:00) - Who uses Bitcoin Core Wallet? (27:02)   - Survey Results - What’s the future of the GUI? (29:21)   - Bitcoin Core GUI  - Bitcoin Core GUI-QML - Switch to Descriptor-based wallets (32:52)

Greg Sanders joins us to discuss ANYPREVOUT, ephemeral anchors and LN symmetry (a.k.a. ELTOO). We chat about: - Package relay (2:07) - Pinning attacks (3:14)   - BIP125   - T-Bast’s pinning attack summary - Mempool policy (4:56) - Stuffing the mempool - 2017 (5:20) - Rewrite mempool or make the problem simpler (07:57) - Package relay RBF A.K.A. V3 (8:38) - Reducing the standard transaction size to 65 bytes PR (14:25) - March to LN symmetry (19:07) - Daric: A Storage Efficient Payment Channel With Penalization Mechanism - Two-party eltoo w/ punishment by AJ Towns - BIP118 - SIGHASH_ANYPREVOUT (26:17)   - SIGHASH_NOINPUT - Softfork and activation history (28:11) - Ephemeral anchors (32:18)   - op_2 email by Luke - Is ANYPREVOUT useful outside of LN symmetry? (43:27)

Sergi Delgado joins us to discuss Watchtowers, his prior work in Bitcoin and Lightning privacy, Python vs. Rust and the impact of Eltoo. We cover: - Sergi’s prior research - Mapping Network Topology Research (02:46)   - TxProbe paper  - Andrew Miller  - Coinscope  - Episode on Address Relay with Martin (04:28)  - Block-only connections PR by Suhas (07:32) - An Empirical Analysis of Privacy in the Lightning Network (09:18)   - Lightning white paper, 2016 (09:48)   - Security and Privacy of Lightning Network Payments with Uncertain Channel Balances (13:38)   - Episode with Sergei on Probing   - Channel Jamming paper (13:50)   - Episode with Clara and Sergei - Should we pay for failed payments? (14:19)   - HTLC withholding vs. HTLC hodling (15:48)   - Is Lightning flawed when it comes to privacy? (16:32) - Watchtowers (17:44)   - Python PoC (21:49)   - ZmnSCPxj’s writing watchtowers   - Building on LDK (24:20)   - Transition to rust (24:45) - Altruistic towers vs professional services (30:21) - More privacy considerations in Lightning (34:11) - Monitoring and reacting paradigm (44:04) - Storage and Eltoo (50:06) - Professional tower revenue models - subscription vs. bounties (53:00)

We continue the conversation with Pieter Wuille and Tim Ruffing and Nesting, ROAST, Half-Aggregation, Adaptor Signatures, atomic swaps and more. If you have not tuned into the first part of this conversation, we recommend listening to that one first. We cover: - Nesting (00:49) - ROAST (12:09) - Cross-input Signature Aggregation (18:49) - Half-aggregation (34:32)   - Half-Aggregation of BIP 340 Signatures and BIP340 - Adaptor signatures and atomic swaps (39:32) Further resources: Stephan Livera Podcast #400 Jonas Nick and Tim Ruffing - Half Signature Aggregation

Pieter Wuille and Tim Ruffing treat us to a conversation about Schnorr, multi-signatures, MuSig, and more. We covered a lot so this is part one of a two part conversation. We discussed: - When to roll your own cryptography (01:31) - Schnorr Signatures (09:01)   - Why is Schnorr preferable to ECDSA? (10:55) - Schnorr efficiency improvements (15:52) - Multisigs (23:16) - MuSig (25:07)   - Yannick Seurin   - Rogue key attack or key cancellation attack (31:00)   - Bellare-Neven (32:12) - Interactive versus non-interactive protocols (35:30) - FROST (42:42)

Clara and Sergei stop by to chat about their recent proposal on mitigating jamming attacks in the Lightning Network. We talk unconditional fees, local reputation, the impact on decentralization and UX, and the state of Lightning in general. We discuss: - What is jamming and why is it free? (03:43) - How our jamming project started (06:44) - Prior work on jamming (08:00) - The desired properties of a solution (09:57) - Reputation (12:47) - Centralization concerns (14:17) - Unconditional fees (19:25) - How are unconditional fees delivered? (23:31) - UX implications (24:45) - Moving research results towards implementation (27:15) - Effects on balance probing (29:21) - Lightning as a messaging network (30:46) - Effects on watchtowers (32:57) - Reviews and feedback so far (34:17) - Future research ideas (34:55) - Privacy-preserving reputation (37:33) Additional resources: - Spamming the Lightning Network - Preventing Channel Jamming - Bitcoin Optech: Channel jamming attacks - The impacts of channel jamming - Bitcoin problems: Channel balance probing