In this episode of Bitcoin, Explained, hosts Aaron van Wirdum and Sjors Provoost discuss a recent bug in the btcd Bitcoin implementation that affected a large part of the Lightning network, as it disconnected lnd Lightning nodes from the Bitcoin blockchain.   In the episode, Aaron and Sjors explain that a developer going by the name Burak on Twitter created a 998-of-999 multisig transaction by leveraging Taproot. Although this was a valid transaction, btcd and lnd nodes rejected it, and therefore rejected the block that included the transaction and all blocks that came after it.   Specifically, Sjors explains, btcd rejected the transaction because it has a maximum limit on how much witness data a Segwit transaction can include. Although other Bitcoin implementations do enforce this limit on Segwit version 0 transactions, Segwit version 1 (that is, Taproot) transactions have no such limit.   Still, it is a bit unclear why this bug in btcd seemingly also affected many lnd Lightning nodes which use Bitcoin Core rather than btcd to validate blocks. In the second half of the episode, Sjors speculates how the two may be connected.   Finally, Aaron and Sjors explain how the Lightning Network is affected when Lightning nodes reject the Bitcoin blockchain.   Lower your time preference and lock-in your BITCOIN 2023 conference tickets today! Use the code BMLIVE for a 10% Discount!  https://b.tc/conference/2023 Use promocode: BMLIVE for 10% off everything in our store! https://store.bitcoinmagazine.com/

In this episode of Bitcoin, Explained, hosts Aaron van Wirdum and Sjors Provoost discuss the upcoming Bitcoin Core major release, Bitcoin Core 24.0. The Bitcoin Core project produces a new major release of its software roughly every six months. The 24th major release is currently in its release candidate phase, which means that it is being tested and could technically be released any day now (though this phase will probably last a few more weeks). In the episode, Aaron and Sjors discuss seven of the most notable changes included in Bitcoin Core 24.0.   This includes a change to how nodes download blocks when they sync with the network. While previous Bitcoin Core versions already started by downloading only block headers to make sure that the blocks they download have sufficient proof of work on them, Bitcoin Core 24.0 nodes will initially not store these block headers in order to prevent a certain type of resource exhaustion attack. Aaron and Sjors explain that this should eventually also allow for the removal of any checkpoints in the Bitcoin Core codebase.   They go on to explain that Bitcoin Core 24.0 also includes an added option for users to apply full replace-by-fee (RBF) logic. Where Bitcoin Core nodes so far would apply the “first seen” rule, which meant that conflicting transactions wouldn’t be accepted in the node's memory pool (mempool) and forwarded to peers, Bitcoin Core 24.0 users can choose to make their nodes accept and forward conflicting transactions if they include a higher fee than (the) earlier transaction(s) they conflict with.   Further upgrades discussed by Aaron and Sjors include a tool to migrate legacy wallets to descriptor wallets, initial miniscript support, default use of RBF when creating transactions, an improved UTXO selection algorithm which randomizes change output amounts for extra privacy, and a new “send all” function to spend a particular (set of) UTXO(s) in full.   Lower your time preference and lock-in your BITCOIN 2023 conference tickets today! Use the code BMLIVE for a 10% Discount!  https://b.tc/conference/2023 Use promocode: BMLIVE for 10% off everything in our store! https://store.bitcoinmagazine.com/

In this episode of Bitcoin, Explained, hosts Aaron van Wirdum and Sjors Provoost discuss Hierarchical Deterministic (HD) Wallets, mnemonic codes, and — especially — the new SeedQR format which allows users to store their mnemonic codes as QR codes. Aaron and Sjors start the episode by recapping what HD Wallets (also known as private key seeds) are, and why they are preferred over regular private key backups. Next, they briefly explain why mnemonic codes (also known as seed phrases) are a popular solution for encoding and storing private key seeds. The Bitcoin, Explained hosts then go on to discuss SeedQR. SeedQR is a new format that allows Bitcoin users to encode and store their mnemonic code as a QR code. This means that mnemonic codes can be stored in a computer-readable format; any compatible device (like a hardware wallet with a camera) should be able to scan the QR code, and import all associated private keys. This could be useful for backups. but it could also be used so that wallets (including hardware wallets, but also mobile or desktop wallets) no longer have to store private keys at all. The QR code could be scanned when the wallet is used to send a transaction, after which the private keys could be forgotten by the device altogether. (SeedSigner is an open source, do-it-yourself hardware wallet that does exactly this.) Finally, Sjors goes over some of the intricacies of formatting a seed phrase to fit in a compact QR code, and some of the efficiency gains SeedQR uses to accomplish this.   Lower your time preference and lock-in your BITCOIN 2023 conference tickets today! Use the code BMLIVE for a 10% Discount!  https://b.tc/conference/2023 Use promocode: BMLIVE for 10% off everything in our store! https://store.bitcoinmagazine.com/ #BitcoinExplained #BitcoinPrice #BitcoinCore #BitcoinMagazine #journalism  #bitcoinnews

In this episode of Bitcoin, Explained, hosts Aaron van Wirdum and Sjors Provoost discuss the Bitcoin Core development process, and more specifically, the different roles that are involved in this process. At the start of the episode, Aaron and Sjors explain what Bitcoin Core is, both in a practical sense as well as in a more definitional sense, and they touch on some slightly different ideas about this as well. Aaron and Sjors then go on to explain the roles of three distinct types of Bitcoin Core contributors: “regular” Bitcoin Core contributors, Bitcoin Core maintainers, and the Bitcoin Core lead maintainer. Since there are no barriers to entry, anyone can become a Bitcoin Core contributor, Aaron and Sjors point out: anyone can start contributing to the Bitcoin Core project by offering code, review of code, or perhaps other types of contributions like text translations. Bitcoin Core maintainers, then, are Bitcoin Core contributors who can merge new code into the Bitcoin Core codebase. Aaron and Sjors explain what this means exactly, and how someone can become a Bitcoin maintainer. Finally, Aaron and Sjors go over some of the typical tasks of the Bitcoin Core lead maintainer, which includes managing the release process, adding and removing (other) Bitcoin Core maintainers to the project, and updating the bitcoincore.org website. They also discuss which of these tasks are in fact still done by the Bitcoin Core lead maintainer, however, and which tasks have over the years become more distributed. Lower your time preference and lock-in your BITCOIN 2023 conference tickets today! Use the code BMLIVE for a 10% Discount!  https://b.tc/conference/2023 Use promocode: BMLIVE for 10% off everything in our store! https://store.bitcoinmagazine.com/

In this episode of Bitcoin, Explained, hosts Aaron van Wirdum and Sjors Provoost go back to basics. They explain one of the most fundamental building blocks in all of Bitcoin: hash functions. To start the episode off, Aaron and Sjors explain that hash functions are a type of mathematical one-way functions. That means that they can easily convert one piece of data into another piece of data, a hash, but anyone who knows only this hash can not convert it back to the original data. Additionally, a hash is supposed to be unique: no two (different) pieces of data should result in the same hash. If either of these things is no longer true, a hash function is considered to be broken. Then, Aaron and Sjors go on to explain in a little bit more detail how hash functions actually work. They discuss some aspects of the history and evolution of different hash functions, they mention some hash functions that have indeed been broken over time, and they pinpoint which hash functions are used in Bitcoin. Finally, Aaron and Sjors explain how hash functions are used in Bitcoin, exactly. This includes almost every aspect of the Bitcoin system, they point out, ranging from transactions (in multiple ways) and blocks, to addresses and the proof of work mechanism, as well as in relatively new upgrades like Taproot, and hash functions are even used to create some randomness needed to establish connections on the peer-to-peer network.

In this episode of Bitcoin, Explained, hosts Aaron van Wirdum and Sjors Provoost discuss OP_RETURN and what some have called the “OP_RETURN wars”. More specifically, they discuss a blog post by BitMEX research titled: “The OP_Return Wars of 2014 – Dapps Vs Bitcoin Transactions”. Aaron and Sjors start off by explaining that OP_RETURN is an op code (a piece of code for Bitcoin transactions) that will render invalid any transaction that includes it in an input. This means that outputs that include OP_RETURN are unspendeable, which in turn means that Bitcoin nodes can safely remove such UTXOs from their UTXO set, which safes on storage. Early in Bitcoin’s years, people started using Bitcoin for more than just transactions. As one example given by Sjors, someone uploaded the entire Bitcoin white paper onto the blockchain. The BitMEX blog meanwhile explains that Layer Two protocols like Counterparty were rolling out decentralized applications on the blockchain. This type of non-transaction data was initially embedded in multisig transactions, but this meant that all Bitcoin nodes had to download, process and store this data forever, which comes at a cost. To mitigate this problem, Aaron and Sjors explain, Bitcoin developers in 2014 agreed to let nodes process and forward transactions with OP_RETURN outputs. These transactions would be better for uploading data, since their outputs can be removed form the UTXO set. The “OP_RETURN wars” refer to a debate between Bitcoin developers and (most notably) Counterparty developers over the maximum size of such transactions. Sjors explains why the maximum of 40 bytes was initially choses, why this was later increased to 80 bytes, and how these considerations have changed over time. BitMEX’ blog post: https://blog.bitmex.com/dapps-or-only-bitcoin-transactions-the-2014-debate/ Sjors’ book mentioned in the episode: https://www.btcwip.com/ Evan Kaloudis tells P & Q what hyperbitcoinization means to him. Lower your time preference and lock-in your BITCOIN 2023 conference tickets today! Use the code BMLIVE for a 10% Discount!  https://b.tc/conference/2023 Use promocode: BMLIVE for 10% off everything in our store! https://store.bitcoinmagazine.com/ #bitcoin #bitcoinmagazine #hyperbitcoinization #money #whatismoney #whatisbitcoin #crypto #cryptocurrencies #globalmarkets

In this episode of Bitcoin, Explained, hosts Aaron van Wirdum and Sjors Provoost discuss reusing Bitcoin addresses. More specifically, they explain why reusing Bitcoin addresses is a bad idea. Reusing Bitcoin addresses is a bad idea for roughly three reasons. The first two of these are that it harms privacy and impedes on the censorship resistance of Bitcoin. In the episode, Aaron and Sjors go over a couple examples of how such a loss of privacy and censorship resistance can negatively affect Bitcoin users. The third reason that reusing Bitcoin addresses is a bad idea, is that it opens up the possibility of some niche attacks. In certain cases, attackers could extract private keys from signatures after coins are first spent from an address — though this does require that a wallet implemented the signing algorithm wrongly in the first place. There are also some scenarios where quantum computers could in the future extract private keys from signatures if addresses are reused. Another type of niche attack is a timing sidechannel attack, such as the recently disclosed Hertzbleed Attack. Sjors explains that attackers can potentially derive a private key from a wallet by closely monitoring how the computer that hosts the wallet behaves when signing a transaction. This attack is more plausible if addresses are reused. Address reuse wiki: https://en.bitcoin.it/wiki/Address_reuse#Security Hertzbleed attack: https://www.hertzbleed.com/

In this episode of Bitcoin, Explained, hosts Aaron van Wirdum and Sjors Provoost discuss a recent blog post by James Lopp titled, “Has Bitcoin Ever Hard Forked”?   Hard forks are generally defined as Bitcoin protocol upgrades that remove or loosen rules, making these types of upgrades backwards-incompatible. Aaron and Sjors explain, however, that Lopp in his blog post argues that this definition isn’t very precise and suggests the term should only apply if the rule change was actually utilized. In addition, hard forks can be categorized into explicit hard forks, where the rule change was an intentional hard fork, and implicit hard forks, where the rule change wasn’t originally intended to be a hard fork at all but turned out to be one anyways. In the second half of the podcast, Aaron and Sjors break down the seven hard forks in Bitcoin’s history that Lopp was able to find, of which five were never utilized (and should therefore arguably not be considered hard forks at all), one was explicit, and one was implicit. Finally, Aaron and Sjors briefly discuss (a) future hard fork(s) that need(s) to happen, and what kind of philosophy around deploying hard forks might make sense for Bitcoin. Jameson Lopp’s blog post: https://blog.lopp.net/has-bitcoin-ever-hard-forked/

In this episode of Bitcoin, Explained, hosts Aaron van Wirdum and Sjors Provoost welcome Ruben Somsen back on the show to talk about a recent proposal of his called “Silent Payments”.   Silent Payments resemble earlier ideas like Stealth Addresses and Reusable Payment Codes, in that they allow users to publish a static “address”, while this is not the actual Bitcoin address they will be paid on. Instead, senders of a transaction can use this static address to generate new Bitcoin addresses for the recipient, for which the recipient — and only the recipient — can in turn generate the corresponding private keys.   Like Stealth Addresses and Reusable Payment Codes, the benefit of Silent Payments is that addresses can be posted publicly without harming users’ privacy; snoops cannot link the publicly posted address to the actual Bitcoin addresses that the recipient is paid on. Meanwhile, unlike Stealth Addresses and Reusable Payment Codes, Silent Payments do not require any additional blockchain data— though this does come at a computational cost for the recipient.   The podcast episode details all this in roughly two parts. In the first half of the episode, Ruben, Aaron and Sjors break down how Silent Payments work, and in the second half of the episode they discuss how Silent Payments compare to Stealth Addresses and Reusable Payment Codes, as well as some potential implementation issues.

In this episode of Bitcoin, Explained, hosts Aaron van Wirdum and Sjors Provoost discuss URSFs, which stands for either User Rejected Soft Forks or User Resisted Soft Forks, depending on who you ask. URSFs are a recently introduced tool in Bitcoin’s upgrade mechanism toolkit. In the first part of the episode, Aaron and Sjors explain that URSFs are best considered the mirror equivalent of UASFs (User Activated Soft Forks) with mandated signaling. Where UASFs will towards the end of a soft fork activation window reject blocks that don’t signal readiness for a soft fork, URSFs will reject blocks that do signal. If both UASF and URSF clients are deployed, they would in principle create a split in the blockchain. In the second part of the episode, the duo outlines the various soft fork upgrade mechanisms, ranging from MASFs (Miner Activated Soft Forks), flag day activated UASFs and mandated signaling UASFs. Aaron then explains why he believes mandated signaling UASFs are his preferred method of deploying soft forks, and why he thinks URSFs should in the future be offered as an added option for users who prefer to reject the soft fork. Finally, Sjors lays out the “rough consensus” guidelines as used in context of the Internet Engineering Taskforce (IETF), and how this applies to Bitcoin upgrades.