Rusty drops by to tell us about why privacy and robustness should be prioritized in Lightning.
We discuss:
LN symmetry (04:39)
Peer to peer protocol (13:30)
CTV (16:54)
Pushing privacy and robustness to the front of the line (20:33)
The dynamics of developing a spec with commercially associated implementations (22:19)
Expecting new implementations (26:22)
Privacy revisited (27:02)
What broke when fee rate spiked? (31:21)
Elle Mouton and Oliver Gugger join us to talk with us about the Simple Taproot Channel proposal.
We cover:
Alekos Filini and Daniela Brozzoni visit the podcast to discuss the Bitcoin Development Kit (BDK). Hang out with them on the BDK Discord.
We cover:
How BDK started (00:48)
Why is it named BDK and not the Magical Bitcoin Library? (2:10)
The first users of BDK (3:30)
Rust HWI (4:20)
Built around descriptors (7:15)
The ideal use case of BDK (7:30)
Pain points (9:05)
Why do devs keep building wallets from scratch? (10:05)
Greenwallet (13:03)
If you have a working wallet, should you switch to BDK? (16:25)
HWI complaints (see Python) (17:41)
BDK 1.0 release features (22:31)
Tadge Dryja chats with us about writing the Lightning Network paper and working in the Bitcoin space.
We discussed:
Andrew Chow joins us to discuss Bitcoin Core wallet development, PSBT, Output Descriptors, and HWI.
We cover:
- Why do we need a wallet in Bitcoin Core? (0:58)
- Refactoring the Wallet codebase to build Output Descriptors (5:59)Should we rewrite the wallet? (10:30)
- Changes to Coin Selection (11:35)
- Wallet interoperability (17:10)
- Hardware Wallet Integration (HWI) (18:20)
- Partially Signed Bitcoin Transactions (PSBT) (19:01)
- Becoming Maintainer (22:06)
- Tracking the UTXO pool (23:43)
- Main components of the Bitcoin Core Wallet (26:00)
- Who uses Bitcoin Core Wallet? (27:02)
- What’s the future of the GUI? (29:21)
- Bitcoin Core GUI
- Bitcoin Core GUI-QML
- Switch to Descriptor-based wallets (32:52)
Greg Sanders joins us to discuss ANYPREVOUT, ephemeral anchors and LN symmetry (a.k.a. ELTOO).
We chat about:
- Package relay (2:07)
- Pinning attacks (3:14)
- BIP125
- T-Bast’s pinning attack summary
- Mempool policy (4:56)
- Stuffing the mempool - 2017 (5:20)
- Rewrite mempool or make the problem simpler (07:57)
- Package relay RBF A.K.A. V3 (8:38)
- Reducing the standard transaction size to 65 bytes PR (14:25)
- March to LN symmetry (19:07)
- Daric: A Storage Efficient Payment Channel With Penalization Mechanism
- Two-party eltoo w/ punishment by AJ Towns
- BIP118 - SIGHASH_ANYPREVOUT (26:17)
- Softfork and activation history (28:11)
- Ephemeral anchors (32:18)
- op_2 email by Luke
- Is ANYPREVOUT useful outside of LN symmetry? (43:27)
Sergi Delgado joins us to discuss Watchtowers, his prior work in Bitcoin and Lightning privacy, Python vs. Rust and the impact of Eltoo.
We cover:
- Sergi’s prior research
- Mapping Network Topology Research (02:46)
- TxProbe paper
- Andrew Miller
- Coinscope
- Episode on Address Relay with Martin (04:28)
- Block-only connections PR by Suhas (07:32)
- An Empirical Analysis of Privacy in the Lightning Network (09:18)
- Lightning white paper, 2016 (09:48)
- Security and Privacy of Lightning Network Payments with Uncertain Channel Balances (13:38)
- Episode with Sergei on Probing
- Channel Jamming paper (13:50)
- Episode with Clara and Sergei
- Should we pay for failed payments? (14:19)
- HTLC withholding vs. HTLC hodling (15:48)
- Is Lightning flawed when it comes to privacy? (16:32)
- Watchtowers (17:44)
- Python PoC (21:49)
- ZmnSCPxj’s writing watchtowers
- Building on LDK (24:20)
- Transition to rust (24:45)
- Altruistic towers vs professional services (30:21)
- More privacy considerations in Lightning (34:11)
- Monitoring and reacting paradigm (44:04)
- Storage and Eltoo (50:06)
- Professional tower revenue models - subscription vs. bounties (53:00)
We continue the conversation with Pieter Wuille and Tim Ruffing and Nesting, ROAST, Half-Aggregation, Adaptor Signatures, atomic swaps and more.
If you have not tuned into the first part of this conversation, we recommend listening to that one first.
We cover:
- Nesting (00:49)
- ROAST (12:09)
- Cross-input Signature Aggregation (18:49)
- Half-aggregation (34:32)
- Half-Aggregation of BIP 340 Signatures and BIP340
- Adaptor signatures and atomic swaps (39:32)
Further resources:
Pieter Wuille and Tim Ruffing treat us to a conversation about Schnorr, multi-signatures, MuSig, and more. We covered a lot so this is part one of a two part conversation.
We discussed:
- When to roll your own cryptography (01:31)
- Schnorr Signatures (09:01)
- Why is Schnorr preferable to ECDSA? (10:55)
- Schnorr efficiency improvements (15:52)
- Multisigs (23:16)
- MuSig (25:07)
- Rogue key attack or key cancellation attack (31:00)
- Bellare-Neven (32:12)
- Interactive versus non-interactive protocols (35:30)
- FROST (42:42)
Clara and Sergei stop by to chat about their recent proposal on mitigating jamming attacks in the Lightning Network. We talk unconditional fees, local reputation, the impact on decentralization and UX, and the state of Lightning in general.
We discuss:
- What is jamming and why is it free? (03:43)
- How our jamming project started (06:44)
- Prior work on jamming (08:00)
- The desired properties of a solution (09:57)
- Reputation (12:47)
- Centralization concerns (14:17)
- Unconditional fees (19:25)
- How are unconditional fees delivered? (23:31)
- UX implications (24:45)
- Moving research results towards implementation (27:15)
- Effects on balance probing (29:21)
- Lightning as a messaging network (30:46)
- Effects on watchtowers (32:57)
- Reviews and feedback so far (34:17)
- Future research ideas (34:55)
- Privacy-preserving reputation (37:33)
Additional resources:
- Spamming the Lightning Network
- Bitcoin Optech: Channel jamming attacks
Josibake joins us to talk about his work on the Bitcoin Core wallet, bitcoin data and onboarding to bitcoin development.
We discussed:
- Analyzing historical transaction data (1:25)
- Creating a publicly available dataset (4:12)
- What could it be used for? (7:30)
- Bitcoin Core wallet (9:00)
- Why have a wallet in Bitcoin Core? (10:00)
- Separation of GUI from wallet (12:35)
- Only use one input type when building transaction (13:40)
- PR #24584 in Bitcoin Core
- How is working on the wallet? (17:15)
- Cross-input signature aggregation (19:48)
- Catching up on history (20:40)
- Writing the BIP with Hackspec (22:05)
- Thoughts on shipping cross-input signature aggregation separately (22:50)
- Onboarding to Bitcoin development (28:35)
- Running the seminar with friends (29:55)
- Giving back to open source (31:20)
Our topics:
- Lightning Dev Kit (1:04)
- Zeroconf Channels (2:22)
- Rapid Gossip Sync (3:46)
- How does LDK pick priorities? (8:55)
- LDK Lite (10:12)
- Will LSPs be needed forever? (12:25)
- Validated Lightning Signer (15:20)
- A Lightning Node's Problem with Hats
- FROST and ROAST (23:00)
- Recovering a FROST wallet (24:00)
- Taproot adoption (26:18)
- Future of the Lightning Network (30:48)
- Stratum V2 (34:25)
- OFAC and mining (37:57)
- Other benefits over Stratum (39:59)
Thanks to Gurwinder Sahota for the sound engineering.
We catch up with 0xB10C about monitoring pools and tracing code execution in nodes.
Our topics:
- What he's been up to since the residency (1:05)
- Monitoring the mempool (2:52)
- Monitoring Mining pools (4:27)
- Mining pools not mining P2TR at Taproot activation (5:24)
- Why monitor the network? (8:20)
- Template discrepancies between pools and monitor (9:25)
- User-space Statically Defined Tracing (USDT) (11:07)
- Using tracepoints to simulate coin selection (13:36)
- Why are tracepoints in production code? (14:38)
- Using tracepoints for P2P monitoring (17:05)
- Using tracepoints to review PRs (22:00)
- Benchmarking Erlay with USDT (22:42)
Thanks to Emily Kee for the sound engineering.
Gloria Zhao sits down with us to discuss her package relay proposal and what it is like as a relative newcomer to propose a big change.
- What's package relay? (1:04)
- Mailing List: Package Relay Proposal
- Why do people care about package relay? (3:12)
- What are these "contracting protocols" package relay matters for? (5:03)
- Pinning attacks (6:28)
- Why do you work on package relay? (6:55)
- What's special about the mempool? (10:18)
- How do you approach the security considerations? (12:07)
- Synthesizing information for the ones coming after you (15:27)
- What's next for package relay? (17:50)
- Bridging protocol development with L2 (20:55)
Additional resources:
- Mailing List: Package Mempool Accept and Package RBF
- Brink Podcast: Ep1 Mempool Policy
- Censorship and DoS Attacks: An intro to Mempool Policy
- Transaction Relay Policy for L2 Developers
Thanks to Emily Kee for the sound engineering.
Martin Zumsande joins us to tell us about the address spam in the summer of 2021 and his interests in AddrRelay and Bitcoin Core development.
We discuss with Martin:
- His background (1:38)
- Getting interested in Bitcoin (2:45)
- How to approach P2P (3:55)
- The network is changing (7:30)
- What's the purpose of the Address Manager (AddrMan)? (9:33)Peering differences to LN nodes (11:00)
- Ethan Heilman's talk on Network Partitioning Attacks (12:10)
- Addrman and eclipse attacks (12:27)
- AddrRelay and the role of node addresses (12:55)Getting connected to the network (13:37)
- Self-announcements (14:25)
- Address spam in summer 2021 and peer distribution (15:05)
- Correction: The peer would not get addresses-divided-by-peers addresses, but 2×addresses-divided-by-peers addresses as the addresses get forwarded to two peers each. (18:00)
- Estimating the Node Degree of Public Peers and Detecting Sybil Peers Based on Address Messages in the Bitcoin P2P Network by Matthias Grundmann (19:30)
- Simulating the network (20:15)
- Requesting addresses from peers (21:45)
- Walking through first connection of a node (25:25)Coinscope paper (27:10)
- Being a Bitcoin Core contributor (27:50)
Thanks to Emily Kee for the sound engineering.
Postdoc Researcher Sergei joins Murch and Jonas to talk about channel balance probing in Lightning, privacy concerns in general, and the importance of researcher-developer collaboration.
We discuss:
- Sergei's background (1:50)
- Sergei's homepage with links to all prior research
- Lightning basics (2:50)
- Why LN payments fail (3:40)
- Why privacy is important (5:30)
- Privacy potential of Lightning vs L1 Bitcoin (6:40)
- How probing works (8:40)
- Why is balance discovery bad? (11:30)
- Persistent identities in Lightning (13:00)
- Multi-vector security model and trade-offs (17:45)
- "Twitter for your bank account" meme (20:20)
- The danger of overestimating Bitcoin's privacy (21:00)
- Lightning integrations and walled gardens (22:00)
- Lightning Service Providers and LN's centralized topology (23:05)
- LNBIG booth in El Salvador (25:30)
- Potential oligopoly of large nodes (27:15)
- Probing parallel channels (28:30)
- Analysis and Probing of Parallel Channels paper
- Combining probing with jamming (33:00)
- The limit on in-flight payments (36:00)
- StackExchange answer about transaction size limit
- Bad and good probing (41:20)
- Countermeasures and reputation (44:00)Overview of anti-jamming measures
- Hub-and-spoke terminology and aviation analogy (49:00)
- Doing research in Bitcoin and Lightning (53:10)
- Why Bitcoin is unique (55:10)
- Researcher-developer collaboration (58:00)
Related research:
- On the Difficulty... -- the first paper about LN balance probing
- An Empirical Analysis paper about three LN attack vectors including probing
- Counting Down Thunder paper about timing attacks
- Congestion Attacks paper about jamming
- Cross-layer Deanonymization paper about linking L1 and L2
- Flood & Loot paper about malicious fee negotiation strategies
- Hijacking Routes paper about adversarial fee undercutting
Thanks to Justin for the sound engineering.
Postdoc Researcher Clara joins Murch to discuss their block building research. They cover their proposal, which outlines suggested improvements to the current Bitcoin Core block building algorithm using candidate sets.
Murch and Clara discuss:
- Building a valid block 101 (5:45)
- The current getblocktemplate algorithm (11:35)
- Child pays for parent (13:40)
- Is there something better? (15:45)
- How easy would it be to guess the next block? (27:25)
- Do we have a better idea than initially mining an empty block? (29:25)
- Empty blocks and SegWit (33:45)
- How to improve on the candidate set algorithm e.g., linear programming (35:00)
- Why should Bitcoin Core have better block building? (37:00)
- How to compare different block building techniques (38:55)
Thanks to Caralie for the sound engineering.
Sanket describes to Murch his work on Miniscript. We explore uses for Miniscript, learn about intersections with PSBTs, Output Descriptors, and Taproot, and suss out the difference between Miniscript and Miniscript Policy.
Note: This episode was recorded in the context of travel for Bitcoin 2021. We apologize for the less polished than usual audio quality due to the different equipment and recording environment.
We discuss:
- What's Miniscript? (1:54)
- Partially Signed Bitcoin Transactions (PSBTs) (5:13)
- Analyzing PSBTs with Miniscript (7:22)
- How do Output Descriptors relate to Miniscript (10:16)
- Implementations of Miniscript (13:36)
- Semantic analysis of Scripts (14:54)
- Non-malleability of miniscript (22:47)
- Miniscript Policy (25:15)
- Rediscovering HTLCs (29:41)
- Miniscript uses (33:11)
- Removing script limitations with Taproot (34:42)
- Generic signing (35:53)
- Future work (37:34)
- The role of policy (40:24)
Related links:
- Miniscript C++ implementation
- ##miniscript on Libera Chat
Thanks to Caralie for the sound engineering, and thanks to Matthew Zipkin for assistance with squashing reverb artifacts.
P2P experts Pieter and Amiti chat about the P2P network.
In this episode they cover:
- AddrRelay high-level goals and constraints (1:15)
- Very different than the goals of blocks and transactions
- Marginal fee rate (4:35)
- Should we consider different transport layers? (5:40)
- FIBRE Episode with Matt Corallo (7:40)
- The introduction of Addrman in 2012, PR #787 (8:55)
- What existed before AddrMan and the evolution of DoS resistance.
- Eclipse Attack paper (14:55)
- Sybil attack
- Addrman and eclipse attacks wiki page
- Anchors connections - PR #17428
- Connection exhaustion issue (19:50)
- AddrRelay (23:15)
- Limiting addr black holes - PR #21528
- Rate limiting on address gossip in 22.0
- Leaky bucket rate limiter (27:00)
- Address Spam (29:20)
- Estimating the Node Degree of Public Peers and Detecting Sybil Peers Based on Address Messages in the Bitcoin P2P Network by Matthias Grundmann (31:35)
- Coinscope paper (31:45)
- TxProbe (32:00)
- Separate network stack (37:20)
- Fingerprint attacks (37:15)
- ASMAP (39:00)
Thanks to Caralie for the sound engineering.
Amiti returns to the Chaincode office to discuss all things p2p.
We discuss:
Thanks to Caralie for the sound engineering.
