SLIDE 1
Building On Bitcoin 3th of July 2018
dev@jonasschnelli.ch
PGP: CA1A2908DCE2F13074C62CDE1EB776BB03C7922D
Trust Privacy Security
Current state and the future of wallets Building On Bitcoin 3th of - - PowerPoint PPT Presentation
Current state and the future of wallets Building On Bitcoin 3th of - - PowerPoint PPT Presentation
Current state and the future of wallets Building On Bitcoin 3th of July 2018 dev@ jonasschnelli .ch PGP: CA1A2908DCE2F13074C62CDE1EB776BB03C7922D Privacy Security Trust Privacy Transaction / scripts privacy Security Trust No-trust
SLIDE 2
SLIDE 3
Trust Privacy Security
Transaction / scripts privacy Keystorage Cold-Storage No-trust required Chain-Validation Consensus
SLIDE 4
Trust Privacy Security ✓ ❌ ✓
No scripts sharing Full validation Consensus Missing cold storage
✓
SLIDE 5
Trust Privacy Security ❌ ❌
Scripts sharing Central validation
❌
No control over keys
❌
SLIDE 6
Trust Privacy Security✓ ❌ ❌
Scripts sharing Central validation Cold storage
SLIDE 7
Trust Privacy Security ❌
Scripts sharing
❌
Exposed keys BreadWallet Android Wallet
✓
SPV validation
SLIDE 8
Trust Privacy Security ❌
Scripts sharing
❌
Electrum
✓
SPV validation Missing cold storage
SLIDE 9
Centralized validation
SLIDE 10
Current state:
New/novice users tend to use centralised validation.
SLIDE 11
X Required validation device X Validation lead time X Bandwidth and CPU requirements
Current state:
New/novice users tend to use centralised validation.
SLIDE 12
Centralized validation in practice
- ~200GB+ disk space (large indexes)
- Heavy disk I/O through indexing
- Full validation „underneath“ (Bitcoin Core)
SLIDE 13
Downsides of centralized validation
X Fake transactions / transaction omission X No control over the consensus layer X Abandons privacy completely
SLIDE 14
Advantages of centralized validation
✓ Immediately ready to use ✓ Fast wallet recovery ✓ Very low bandwidth costs ✓ Can serve large amount of wallets
SLIDE 15
Centralized key-storage
SLIDE 16
X „Owns“ no Bitcoins X „Owns“ only the right to eventually access
and move Bitcoins
Centralized key-storage
✓ No security setup required
Users are often not aware!
SLIDE 17
SPV
SLIDE 18
SPV
Verify headers Can check some consensus rules Weak 0-conf handling
❌ ✓ ✓
Network „leeches“
❌
Rely on a „free service“
❌
Fee estimation is probably impossible
❌
Often rely on DNS seeds
❌
SLIDE 19
SPV
Acceptable Bandwidth consumption
✓
Acceptable amount of decentralization
✓
SLIDE 20
SPV privacy?
SLIDE 21
SPV
BIP37 - Bloom Filters
❌
Electrum SPV
❌
BIP158 - Compact Block Filters
✓
✓
Low bandwidth
✓
Can filter mempool
X
No privacy
X
Personal filtering (incentive model)
✓
Low bandwidth
✓
MITM protection through SSL
X
(No privacy)
X
Personal filtering (incentive model)
๏
„more“ bandwidth
✓
Privacy (?)
✓
Widely useful filter structures
✓
Committable through soft-fork
X
not (widely) deployed
X
no (useful) technique to filter mempool
privacy
SLIDE 22
SPV
Full block SPV
X
„high“ bandwidth costs
✓ Can „migrate" to full validation ✓ Privacy ✓ Reduced consensus checks
privacy
✓
SLIDE 23
SPV
understanding filtering
SPV BF BLOOM FILTER PEER WITH | NODE_BLOOM RELEVANT TRANSACTIONS (FALSE POSITIVES) Filters transactions for the client
BIP37 - Bloom Filters
SLIDE 24
SPV
understanding filtering
SPV BF BLOOM FILTER MEN IN THE MIDDLE PEER WITH | NODE_BLOOM
ISP, WIFI PROVIDER, STATE ACTORS
INTERNET TRAFFIC
BIP37 - Bloom Filters
RELEVANT TRANSACTIONS (FALSE POSITIVES) Filters transactions for the client
SLIDE 25
SPV
understanding filtering
SPV BF BLOCK FILTERS BLOCKS Client finds relevant Blocks NODE SUPPORTING BIP158
BIP158 - Client Side Filtering
SLIDE 26
SPV
understanding filtering BIP158 - Client Side Filtering
1 day = ~2.88MB 30 days = ~86.4 MB 7 days = ~20.16 MB 90 days = ~259.2 MB
144 blocks ~= 144MB — Filtersize: ~2%
SLIDE 27
SPV
understanding filtering FULL BLOCK / HYBRID
1 day = ~144MB 30 days = ~4.32 GB 7 days = ~1’008 MB 90 days = ~12.96 GB
144 blocks ~= 144MB
SLIDE 28
Decentralization Resource costs Centralized validation solutions Electrum (SPV) Core / full node SPV
SLIDE 29
The future of wallets
FUTURE OF WALLETS?
SLIDE 30
Trust Privacy Security
Transaction / scripts privacy Keystorage Cold-Storage No-trust required Chain-Validation Consensus / p2p
✓ ✓ ✓
SLIDE 31
Catching up a month of blocks (45min; consumer system) Acceptable CPU / memory rates once in-sync
SLIDE 32
Hybrid SPV
Sync and check headers Download relevant blocks (use BIP158) Use SPV Wallet is ready to use Download missing blocks Full-Validation Upgrade transactions once they are fully validated Throttled Throttled
SLIDE 33
Privacy and self- verification (no trust) is not an opt-in model
SLIDE 34
Keep users away from trusted third parties
SLIDE 35
UTXO set commitments
{ "height": 530075, "bestblock": "0000000000000000002fe10af166937d506ece7fad4381fda6cb86e9e1404be2", "transactions": 24567998, "txouts": 50460119, "bogosize": 3798659787, "hash_serialized_2": "090c1276fe42f98246840fabac42dfa0e8b89b428f81ab16d53d69ae669bec4b", "disk_size": 2921681465, "total_amount": 17125767.33401612 }
SLIDE 36
BIP174
Partially Signed Bitcoin Transaction Format (PSBT)
RAW TX PREV-INPUT PREV-INPUT REDEEM SCRIPT WITNESS SCRIPT BIP32 PATHS BIP32 PATHS PARTIAL SIGNATURES PARTIAL SIGNATURES
SLIDE 37
SLIDE 38
0.17
Fundrawtransaction ( Enforce WatchOnly ) Multiwallet Dynamic creation and loading of wallets PROXY BRIDGE
HTTPS TOR STRATUM (TCP/TLS)
( ScanTxOutSet )
PRUNED
NODE_NETWORK_LIMITED
SLIDE 39
SLIDE 40
Personal Electrum Server + =
Chris Belcher’s
SLIDE 41
SLIDE 42
WALLET OF THE FUTURE
MIXED HARDWARE SOFTWARE SOLUTION MULTIPLE FACTORS
(HARDWARE WALLET)
MULTISIG BY DEFAULT OWN VALIDATION
USE CPU & BANDWIDTH WHEN AVAILABLE
OWN FEE ESTIMATIONS PRIVACY FEATURES CoinJoins Broadcast obfuscation INTEGRATED L2
EASY TO USE
RELIABLE BACKUP SOLUTION
SLIDE 43
_jonasschnelli_
dev@jonasschnelli.ch
PGP: CA1A2908DCE2F13074C62CDE1EB776BB03C7922D
github.com/jonasschnelli