The Chaincode Podcast

We catch up with 0xB10C about monitoring pools and tracing code execution in nodes. Our topics: - What he's been up to since the residency (1:05) - Monitoring the mempool (2:52) - Mempool Observer - Monitoring Mining pools (4:27) - MiningPool Observer - Mining pools not mining P2TR at Taproot activation (5:24) - Why monitor the network? (8:20) - Template discrepancies between pools and monitor (9:25) - User-space Statically Defined Tracing (USDT) (11:07) - Tracing Readme - Using tracepoints to simulate coin selection (13:36) - Why are tracepoints in production code? (14:38) - Using tracepoints for P2P monitoring (17:05) - Using tracepoints to review PRs (22:00) - Benchmarking Erlay with USDT (22:42) Other resources: - TransactionFee.info Thanks to Emily Kee for the sound engineering.

Gloria Zhao sits down with us to discuss her package relay proposal and what it is like as a relative newcomer to propose a big change. - What's package relay? (1:04) - Mailing List: Package Relay Proposal - Why do people care about package relay? (3:12) - What are these "contracting protocols" package relay matters for? (5:03) - Pinning attacks (6:28) - Why do you work on package relay? (6:55) - What's special about the mempool? (10:18) - How do you approach the security considerations? (12:07) - Synthesizing information for the ones coming after you (15:27) - What's next for package relay? (17:50) - Bridging protocol development with L2 (20:55) Additional resources: - Mailing List: Package Mempool Accept and Package RBF - Brink Podcast: Ep1 Mempool Policy - Censorship and DoS Attacks: An intro to Mempool Policy - Transaction Relay Policy for L2 Developers - Mempool Garden Thanks to Emily Kee for the sound engineering.

Martin Zumsande joins us to tell us about the address spam in the summer of 2021 and his interests in AddrRelay and Bitcoin Core development. We discuss with Martin: - His background (1:38) - Getting interested in Bitcoin (2:45) - How to approach P2P (3:55) - The network is changing (7:30) - What's the purpose of the Address Manager (AddrMan)? (9:33)Peering differences to LN nodes (11:00) - Ethan Heilman's talk on Network Partitioning Attacks (12:10) - Addrman and eclipse attacks (12:27) - AddrRelay and the role of node addresses (12:55)Getting connected to the network (13:37) - Self-announcements (14:25) - Address spam in summer 2021 and peer distribution (15:05) - Correction: The peer would not get addresses-divided-by-peers addresses, but 2×addresses-divided-by-peers addresses as the addresses get forwarded to two peers each. (18:00) - Estimating the Node Degree of Public Peers and Detecting Sybil Peers Based on Address Messages in the Bitcoin P2P Network by Matthias Grundmann (19:30) - Simulating the network (20:15) - Requesting addresses from peers (21:45) - Walking through first connection of a node (25:25)Coinscope paper (27:10) - Being a Bitcoin Core contributor (27:50) Thanks to Emily Kee for the sound engineering.

Postdoc Researcher Sergei joins Murch and Jonas to talk about channel balance probing in Lightning, privacy concerns in general, and the importance of researcher-developer collaboration. We discuss: - Sergei's background (1:50) - Sergei's homepage with links to all prior research - Lightning basics (2:50) - Why LN payments fail (3:40) - Why privacy is important (5:30) - Privacy potential of Lightning vs L1 Bitcoin (6:40) - How probing works (8:40) - Why is balance discovery bad? (11:30) - Persistent identities in Lightning (13:00) - Multi-vector security model and trade-offs (17:45) - "Twitter for your bank account" meme (20:20) - The danger of overestimating Bitcoin's privacy (21:00) - Lightning integrations and walled gardens (22:00) - Lightning Service Providers and LN's centralized topology (23:05) - LNBIG booth in El Salvador (25:30) - Potential oligopoly of large nodes (27:15) - Probing parallel channels (28:30) - Analysis and Probing of Parallel Channels paper - Combining probing with jamming (33:00) - The limit on in-flight payments (36:00) - StackExchange answer about transaction size limit - Bad and good probing (41:20) - Countermeasures and reputation (44:00)Overview of anti-jamming measures - Hub-and-spoke terminology and aviation analogy (49:00) - Doing research in Bitcoin and Lightning (53:10) - Why Bitcoin is unique (55:10) - Researcher-developer collaboration (58:00) Related research: - On the Difficulty... -- the first paper about LN balance probing - An Empirical Analysis paper about three LN attack vectors including probing - Counting Down Thunder paper about timing attacks - Congestion Attacks paper about jamming - Cross-layer Deanonymization paper about linking L1 and L2 - Flood & Loot paper about malicious fee negotiation strategies - Hijacking Routes paper about adversarial fee undercutting Thanks to Justin for the sound engineering.

Postdoc Researcher Clara joins Murch to discuss their block building research. They cover their proposal, which outlines suggested improvements to the current Bitcoin Core block building algorithm using candidate sets. Murch and Clara discuss: - Building a valid block 101 (5:45) - The current getblocktemplate algorithm (11:35) - Child pays for parent (13:40) - Is there something better? (15:45) - How easy would it be to guess the next block? (27:25) - Do we have a better idea than initially mining an empty block? (29:25) - Empty blocks and SegWit (33:45) - How to improve on the candidate set algorithm e.g., linear programming (35:00) - Why should Bitcoin Core have better block building? (37:00) - How to compare different block building techniques (38:55) Thanks to Caralie for the sound engineering.

Sanket describes to Murch his work on Miniscript. We explore uses for Miniscript, learn about intersections with PSBTs, Output Descriptors, and Taproot, and suss out the difference between Miniscript and Miniscript Policy. Note: This episode was recorded in the context of travel for Bitcoin 2021. We apologize for the less polished than usual audio quality due to the different equipment and recording environment. We discuss: - What's Miniscript? (1:54) - Partially Signed Bitcoin Transactions (PSBTs) (5:13) - Analyzing PSBTs with Miniscript (7:22) - How do Output Descriptors relate to Miniscript (10:16) - Implementations of Miniscript (13:36) - Semantic analysis of Scripts (14:54) - Non-malleability of miniscript (22:47) - Miniscript Policy (25:15) - Rediscovering HTLCs (29:41) - Miniscript uses (33:11) - Removing script limitations with Taproot (34:42) - Generic signing (35:53) - Future work (37:34) - The role of policy (40:24) Related links: - Miniscript website - Rust Miniscript - Miniscript C++ implementation - Gramtropy - ##miniscript on Libera Chat Thanks to Caralie for the sound engineering, and thanks to Matthew Zipkin for assistance with squashing reverb artifacts.

P2P experts Pieter and Amiti chat about the P2P network. In this episode they cover: - AddrRelay high-level goals and constraints (1:15) - Very different than the goals of blocks and transactions - Marginal fee rate (4:35) - Should we consider different transport layers? (5:40) - FIBRE Episode with Matt Corallo (7:40) - The introduction of Addrman in 2012, PR #787 (8:55) - What existed before AddrMan and the evolution of DoS resistance. - Eclipse Attack paper (14:55) - Sybil attack - Addrman and eclipse attacks wiki page - Anchors connections - PR #17428 - Connection exhaustion issue (19:50) - Erlay (paper, BIP) (20:55) - AddrRelay (23:15) - Limiting addr black holes - PR #21528 - Rate limiting on address gossip in 22.0 - Leaky bucket rate limiter (27:00) - Address Spam (29:20) - Estimating the Node Degree of Public Peers and Detecting Sybil Peers Based on Address Messages in the Bitcoin P2P Network by Matthias Grundmann (31:35) - Coinscope paper (31:45) - TxProbe (32:00) - Separate network stack (37:20) - Fingerprint attacks (37:15) - ASMAP (39:00) Thanks to Caralie for the sound engineering.

Amiti returns to the Chaincode office to discuss all things p2p. We discuss: Why Amiti works on P2P (1:50) A framework for p2p design (4:25) How do we systemize Bitcoin Core knowledge? (6:20) Searchable #bitcoin-core IRC logs (8:35) Forward compatibility and upgradability (15:00) Partition resisitence (16:10) Eclipse Attacks (17:00) Altnet (20:40) Messages sent across the wire (20:55) AddrRelay and AddrMan (24:35) Bootstrapping, DNS seeds and address announcements (25:25) DoS issues (27:35) Address Manager (29:00) New table and tried table (30:00) The Bitcoin network “dance” (31:25) Transaction download on Bitcoin's p2p network comic (32:25) Addresses and proof of work (32:45) Inbound and outbound connections (34:00) Block relay only connections and full connections (35:35) Thanks to Caralie for the sound engineering.

In this Chaincode Decoded segment we talk about the fundamental role of Bitcoin's blockchain and some of its peculiarities. We discuss: Purpose of the blockchain (0:40) Mining is a lottery, not a race (1:57) Why doesn't the same miner always win? (5:12) What happens if two blocks are found at the same height? (6:12) The longest reorgs (9:11) How does the blockchain work? (12:18) - Headers-first synchronization and Ultraprune: Episode 1 with Pieter Wuille - Episode 5: The UTXO set Why does Bitcoin converge on one chain? (15:20) - Selfish mining paper: Majority is not Enough: Bitcoin Mining is Vulnerable Will we always find a new block? (18:04) - Entropy sources in the block header Mining pools have disjoint hashing spaces (19:30) - Correction: mining pools do not have a separate pay-out address for each participant, but give out a unique coinbase transaction stub for each. - Eschaton block Thanks to Caralie for the sound engineering.

In Episode 13, we sit down again with Matt Corallo and discuss his work on the Lightning Development Kit (LDK). In this conversation we cover: - Starting Rust-Lightning (1:20) - Language bindings challenges (4:09) - FFI (5:32) - Interoperability of Lightning (7:10) - Zero-value invoices (7:35) - Keysend/push payments/spontaneous payments (8:20) - What is the LDK stack? (9:29) - Anchor Outputs (10:41) - Child pays for parent (CPFP) (11:02) - Who tracks the onchain state when using LND? (12:30) - LDK tracks the channel commitment transaction, how is that done? (13:45) - Compact block filters - Contrasting multiple implementations working from a spec in Lighting vs. no spec with one dominant reference implementation in Bitcoin (14:58) - The Lightning Spec - What's the state of the Lightning Network? Have we moved beyond #reckless? (18:49) - Denial of Service (DoS) vulnerabilities - Channel Jamming (22:00) - Eltoo and the punishment dynamic (22:45) - Will the network trend to trusted relationships and lend itself to KYC? (24:50) - FATF updates its guidance on Virtual Asset Service Provider (VASP) (26:50) - Where LDK goes from here? (29:55) Thanks to Caralie for the sound engineering.

The Chaincode Decoded segment returns and we jump into the deep end of the mempool. Child Pays for Parent (CPFP) (2:15) How miner evaluate fee rates (4:34) Why is it hard to estimate fee rates? (6:03) How do exchanges estimate fees? (8:00) Will the mempool empty again? (9:23) Miner/pools and the need for a high fee environment (11:04) Replace by Fee (RBF) (14:05) - BIP 125 Mempool eviction and the problems it can cause (19:04) Anchor Outputs (20:50) Package Relay (21:06) Ways to use the blockspace more efficiently (22:15) - blockchain.com implements Segwit Thanks to Caralie for the sound engineering.

This revisits a segment we call Chaincode Decoded. In this episode, we'll learn how to say Bech32 and also what it and Bech32m are. Enjoy! Correction: The characters removed from the set are 1 B I O (2:20) Why do we need Bech32? (0:57) What is the distinction between Bech32 and native SegWit? (3:20) Why does Taproot need a new address format? (4:13) Bech32 length extension mutation weakness (11:20) - mailing list post Bech32m (12:25) - BIP350 Further resources: Pieter Wuille: New Address Type for SegWit Addresses (presentation) Sipa demo Bech32 adoption (Some of) the math behind Bech32 addresses Thanks to Caralie for the sound engineering.

In part 2 of this sit down with Carl Dong, Murch and Jonas cover the delicate work of modularizing the Bitcoin consensus engine. In this conversation, we cover: - Carl's De-globalize ChainstateManager PR (2:25) - Async Block Processing PR - Deglobalize class of chainstate manager (g_chainman) (3:40) - AssumeUTXO - global variables and main (5:25) - scripted diff (9:35) - 0.8 upgrade consensus failure (11:25) - Jorge Timon's libconsensus project (13:10) - current libbitcoinconsensus only does script verification (13:25) - the case for multiple implementations (14:40) - ABI (15:10) Thanks as always to Matthew Zipkin for the sound engineering.

In part 1 of this sit down with Carl Dong, Murch and Jonas get into the weeds of all things build system. Stay tuned for the second half of this conversation when Carl describes his recent adventures isolating the libconsensus engine. In this conversation, we cover: - GUIX (2:25) - talk at 2019 Breaking Bitcoin about reproducible builds - Gitian builds (4:15) - Fake time (4:50) - Timestamps and reproducibility of packages (6:33) - reproducible-builds.org (6:57) - SOURCE_DATE_EPOCH - Toolchains (14:40) - Windows Builds and reproducibility (15:20) - GCC libtool pointer confusion - NSIS (20:25) - Using Debian as an example (22:56) - User choice in their security model (28:15) - Making the process accessible (31:20) - Mac OS X Toolchain & SDK and cross-compiling (33:30) Thanks as always to Matthew Zipkin for the sound engineering.

After a long hiatus, we return to talk with new Chaincode member Murch and get his take on enterprise wallets and UTXO management. In this conversation, we cover: - Enterprise UTXO management (3:35) - The impact of the 2017 hype cycle (4:30) - The importance of UTXO set minimization (5:30) - The fee market today (6:44) - Batching Transactions (9:15) - Payment Batching - Consolidations (11:05) - Consolidation of 4 Million UTXOs at Xapo - Change splitting (14:10) - Replace By Fee (16:04) - RBF in the wild - Fee bumping - SegWit (21:10) - How enterprises estimate fees (25:00) - Omnibus wallets (28:05) - Off-chain sending (31:50) - Taproot (33:57) Other resources: - Bitcoin Optech Field Report: How segwit and batching could have saved half a billion dollars in fees Thanks as always to Matthew Zipkin for the sound engineering.

In Episode 7, we chat with Nadav Kohen of Suredbits and discuss payment points as an alternative to HTLCs on the Lightning Network. In this conversation we cover: Payment points (1:55) - Blog post part 1 - HTLCs (2:00) Timelocks (4:16) HTLC drawbacks (5:38) - Payment decorrelation - Wormhole attack presented in Anonymous Multi-Hop Locks for Blockchain Scalability and Interoperability (6:35) Point time lock contracts (PTLCs) (9:50) - Adaptor signatures on Schnorr Proof of payment (13:25) Invoiceless transactions (15:05) Hashes, pre-images, and HTLC mechanics (16:35) Onion analogy (18:55) PTLC mechanics (19:30) Why don't we use PTLCs today? (22:15) Lightning in Scriptless Scripts posting by Andrew Poelstra March 2017 Improving proof of payment (26:10) Stuckless payments (30:46) Spam on Lightning (35:46) Selling Signatures and Schnorr signatures off the main chain (36:55) Contingent payments (39:20) Escrow contracts (41:28) Atomic multiparty setup and payment renegotiation (46:02) ETA of payment points (48:02) Thanks as always to Matthew Zipkin for the sound engineering.

In Episode 6, we sit down with Matt Corallo and discuss his work on compact blocks and the FIBRE network. In this conversation we cover: Selfish mining (2:03) - Majority is not Enough: Bitcoin Mining is Vulnerable - Optimal Selfish Mining Strategies in Bitcoin Ethereum's larger pools making superlinear profits (5:10) Defining selfish mining (9:52) Compact blocks (12:37) - FAQ - BIP152 - Reference implementation FIBRE (20:28) Forward error correction (24:14) - Shamir secret sharing Difference between TCP and UDP (29:21) Thanks as always to Matthew Zipkin for the sound engineering.

This is our first Chaincode Decoded Podcast. In this new podcast format, we'll dive into the details of a concept we've talked about on previous shows. No guests, no news, just Jonas and John talking about Bitcoin. A podcast by Bitcoin nerds for Bitcoin nerds. In the first episode, we talk about the UTXO set. We'd love to know what you think! Ultraprune - episode 1 (1:20) Assume UTXO - episode 4 (1:28) The cache layer (8:02) Dbcache parameter (9:48) - John talks about latency comparisons on a human scale. (Note: He incorrectly says that 1 second for RAM access equates to "months or years" for disk access. Actually 4 minutes for RAM access equates to 1-9 months for disk access.) Different ideas on how to keep track of the UTXO set (11:29) - utreexo (13:48) What's the future of the size of the UTXO set? (13:54) UTXO consolidation (15:02) UTXO selection (16:48) Murch's thesis on coin selection Branch and bound H/T to Amiti for the idea of the format. Thanks as always to Matthew Zipkin for the sound engineering.

Next in the studio, we caught James O'Beirne, who until recently was a co-worker of ours at Chaincode. We talked to James about his experience at the Chaincode residency, his most recent project Assume UTXO (GitHub issue, proposal, talk) and how he champions and effects change in Bitcoin Core. Discussed in this episode: - 2018 residency (2:42) - Choosing what to work on (5:40) - Fork detection framework (6:55) - Initial block download (IBD) (8:10) - What a node does during IBD 1110 - DNS seeds (11:30) - UTXO set (12:30) - Parallelized signature validation (14:20) - Assume valid (14:40) - Different than checkpoints (17:30) - Updating assume valid value in the code (0.19, 0.18) (19:00) - Assume UTXO (21:20) - Platform and memory considerations (27:15) - Criticisms (27:55) - Championing a big change in Bitcoin Core (32:20) If you like this, find more shows at podcast.chaincode.com. Thank you to Matthew Zipkin for sound engineering.

For our third episode, we talked to Jeremy Rubin about his recent CHECKTEMPLATEVERIFY proposal. During our discussion, we touch on the history of covenant proposals, vaults, payment pools, CTV's synergies with Taproot and more. Notes: What is CHECKTEMPLATEVERIFY (CTV)? (4:30) What is a covenant? (5:25) - CoinCovenants using SCIP signatures, an amusingly bad idea (2013) (7:15) - Bitcoin Covenants AKA MES16 paper (2016) (8:15) - Talk at Stanford Blockchain Conference (2017) (9:20) Why covenants? (11:43) Utxos.org Vaults (12:10) - Annuity type vaults (13:40) Payment pools (18:00) Synergies with Taproot (22:11) SIGHASH_NOINPUT/ SIGHASH_ANYPREVOUT (24:31) CTV and lightning channels (26:30) Congestion control (32:04) CreateNewBlock() (33:09) If you like this, find more shows at podcast.chaincode.com. Thank you to Matthew Zipkin for sound engineering.

For our second episode, we pick up where we left off with Pieter Wuille in episode 1. If you missed that one, you should go back and listen to it first. Pieter has been a Bitcoin protocol developer and contributor to Bitcoin Core since 2011. In that time, he's authored or contributed to some of the most important developments, including segwit, bech32, libsecp, HD wallets, schnorr and taproot, and many others. We talked to Pieter about his thoughts on the lessons learned from the March 2013 Consensus Fork as well as libsecp and Pieter's thoughts about Bitcoin in 2020. Discussed in this episode: Lessons learned from the 0.8 consensus failure (1:00) BIP66 - Strict DER signatures (3:13) Satoshi's usage of OpenSSL (3:47) OpenSSL and DER encoding (5:35) libsecp256k1 (12:12) Hal Finney's post on the special properties of the secp256k1 (12:50) Peter Dettman and Bouncy Castle (16:58) Imagining P2SH from the beginning (26:20) If you like this, find more shows at podcast.chaincode.com. Thank you to Matthew Zipkin for sound engineering.

For our first episode, we talked to Bitcoin Core contributor Pieter Wuille. Pieter has been a Bitcoin protocol developer and contributor to Bitcoin Core since 2011. In that time, he's authored or contributed to some of the most important developments, including segwit, bech32, libsecp, HD wallets, schnorr and taproot, and many others. We talked to Pieter about his thoughts on some of those influential PRs, including headers-first syncing and ultraprune, and hear about the motivation for those changes and how he thinks about them now. This is a two-parter and in the next episode, we'll hear about libsecp and Pieter's thoughts about Bitcoin in 2020. Discussed in this episode: Headers-first syncing (3:30) Tracking peer state and finding good peers (13:00) How Bitcoin Core development culture has changed in the last 9 years (18:11) Bitcoin test evolution (19:00) Ultraprune (21:55) March 2013 Consensus Fork (26:50): - March 2013 Chain Fork Post-Mortem - Analyzing the 2013 Bitcoin fork If you like this, find more shows at podcast.chaincode.com. Thank you to Matthew Zipkin for sound engineering.