📙 Just Bitcoin Things — Issue No. 63

📰News

Prominent Bitcoin developer Pieter Wuille recently announced a project, called Miniscript, which aims to make writing Bitcoin smart contracts easier. Bitcoin smart contracts are typically written in a language called "Bitcoin Script." It's a relatively low level language, and it has arcane, stack based semantics. Miniscript is a slightly higher level language with more traditional composition via functions. It can be compiled to Bitcoin Script. Smart contracts on Bitcoin are limited to placing encumbrances on coins, that is, to rules on who can spend which coins, and when they can do it. They can't store arbitrary state, nor are they Turing complete. Miniscript doesn't change this. What it does do is make it much easier to write, analyze, and verify these spending rules, such as multi-signature schemes and timelocks. Link.

Another interesting project getting attention in the Bitcoin ecosystem is called Utreexo. It's being developed by Tadge Dryja, a researcher at MIT. The proposed system uses a "hash based accumulator" to store commitments to unspent transaction outputs (UTXOs) on the blockchain, rather than the UTXOs themselves. A hashed based accumulator is a data structure similar to a Merkel tree. It allows large quantities of data to be represented by a single crytpographic hash. Each element in the tree is a hash of the elements below it, such that the root of the tree "rolls up" all the data into one commitment. If Bitcoin nodes can store UTXOs in a hashed based accumulator, then those nodes wouldn't have to keep the UTXO data around locally. Instead, nodes would only have to store UTXOs for their user's wallets, and provide proofs to the network at the time of spending that these UTXOs were present in the accumulator. Link.

In one final piece of news from the Bitcoin ecosystem, Rusty Russell announced this week that he has discovered security vulnerabilities in several popular Lighting implementations. Rusty is a software engineer from Australia who works on the Lightning Network specification. While the exact nature of the vulnerabilities has not yet been made public, they seem to be fixed in the latest versions of the software. Rusty recommends users upgrade immediately. While this announcement is concerning, it's also not too surprising. Despite the hype, Lightning is still an extremely nascent technology. The fact several clients were affected seems to imply this vulnerability stems from a weakness, or an ambiguity, in the spec itself. Sussing out these kinds of subtle issues takes time, and it's exactly why Lightning should still be considered experimental. Link.

As an engineer who loves to learn about new technology, the Bitcoin ecosystem can sometimes feel boring. Don't get me wrong, I love Bitcoin and want to see it succeed. Day to day, though, it often feels like there's not much going on, especially compared to other ecosystems.

Here's the thing: that's not actually bad. Bitcoin, the network, exists to engender Bitcoin the asset. Bitcoin, the asset, is completely focused on being the best money it can be. That means Bitcoin needs to be as robust, secure, decentralized, and censorship resistant as possible. Such requirements do not lend themselves to nonchalant experimentation, needless complexity, or to a "move fast a break things" attitude. For what it's trying to accomplish, Bitcoin should move judiciously.

That said, a conservative engineering approach doesn't mean there aren't interesting things going on. Lots of smart people are working on lots of deeply technical problems. Those problems are often low level, and require careful research and development. Better developer tools, like Miniscript, novel scaling solutions, like Utreexo, and the long, slow process of hardening a protocol like Lightning— all of these are examples of unsexy work. This kind of work won't make splashy headlines, but it's critical to Bitcoin's advancement. Don't mistake prudence for a lack of progress!

📊Statistics

94,504. The number of Bitcoin moved in a single transaction in a block mined on Friday. That BTC is worth more than $1 Billion at the time of this writing, and represents more than half a percent of all Bitcoin currently in circulation. Wow. Link.

☝️Follow Up

Last week I wrote about how Dharma is pivoting to build its product on top of Compound, and discussed how Compound is accruing network effects in the decentralized lending ecosystem. Though I did point out some of the systemic risks that come with such network effects, I was mostly positive about Compound itself. This week, Ameen Soleimani published a deep dive analysis of Compound's smart contracts, finding that the administrator keys have an alarming amount of power, up to and including being able to seize user funds. While Compound says they plan to change this, it's worth noting that the current implementation has some major compromises towards centralization. One open question: do users actually care? Link.