On June 8th and 9th, Amsterdam was the venue for Breaking Bitcoin, one of the must-see events related to Bitcoin.
Among the most interesting speakers, we surely find Greg Sanders and Jonas Nick from Blockstream, Justin Camarena from Bitrefill, Matt Corallo from Chaincode Labs and many others.
To take the floor during yesterday’s session, there was also developer Jimmy Song who talked about the Neutrino wallet and the fact that it does not use the so-called simplified payment verification (SPV). This standard, included in bip37, would in fact have limitations in terms of privacy.
“For the light client, even if you create a very good superset of your transactions, the server still knows something about what transactions or addresses you might be interested in. So that’s a privacy leak. The light client can also get fooled by the server by a transaction omission attack. They can give you proofs of inclusion but they can also just lie to you and tell you the transaction wasn’t included, and you have no way to know unless you’re checking against different servers- you only need one honest server, but it leaves you vulnerable to an isolation attack. There’s a further problem- CVE-2017-12842 which is essentially what you can do is you can fake another transaction within one of the nodes at the bottom of the Merkle tree. It turns out that this is more expensive than creating a legitimate proof-of-work and that’s an even better way to fool an SPV client.”
One of the most discussed topics was Lightning Network and Joost Jager of Lightning Lab explained:
“Together with my colleagues I am building LDN. It’s one of the implementations of lightning. In routing, there’s the sender of the payment, the intermediate routing nodes that forward payments, and a receiver. I would like to scope this down to looking at security just from the perspective of the sender.”
— SimoMace [ Jan/3 🔑] (@SimoMace) June 9, 2019
Among the sponsors ok Breaking Bitcoin of Amsterdam, noteworthy was the presence of the Poseidon Group, one of the backers of the RGB project.
Also worthy of note was the speech by Stepan Snigirev, who spoke about the future of hardware wallets.
“We are making a secure hardware platform for developers so that they can build their own hardware wallets. Today I want to talk about certain challenges for hardware wallets, what we’re missing, and how we can get better.”
According to Snigirev, in fact:
“It would be nice if hardware wallets had support for coinjoin, lightning, custom scripts and sidechains. Right now, you can’t do coinjoins with hardware wallets. Lightning is awesome but tricky. With coinjoin, the trick is that we have a bunch of inputs and a bunch of outputs. After the last talk, you’re probably all already experts in coinjoin. The crucial thing about coinjoin is that they have external inputs. In hardware wallets, a naive implementation of coinjoin will allow coinjoins to steal your coins. I will be focusing on lightning and coinjoin for now.”
Breaking Bitcoin is certainly one of the most anticipated events of the year and attracts some of the most important developers in the Bitcoin Core world. The speeches were mostly technical and related to applications and Lightning Network, particularly with regard to the security of everything that revolves around Bitcoin and possible attack vectors.