Six Bitcoin developers and security researchers took the stage on day two of Baltic Honeybadger 2017 in Riga to discuss what kept them awake at night. Eric Lombrozo of Ciphrex, Adam Back at Blockstrea
Six Bitcoin developers and security researchers took the stage on day two of Baltic Honeybadger 2017 in Riga to discuss what kept them awake at night. Eric Lombrozo of Ciphrex, Adam Back at Blockstream, JoinMarket's Adam Gibson, consultant Peter Todd, Pavol Rusnak from SatoshiLabs, and Eric Voskuil of Libbitcoin tackled a question that revealed sharp divisions in how they viewed Bitcoin's future.
Spinoff coins dominated the conversation. These new altcoins emerge at specific block heights on the Bitcoin blockchain. Anyone holding Bitcoin at that moment receives access to the fork coin. Lombrozo called them "initial fork offerings," a play on the ICO frenzy flooding the market.
The mechanism sounds innocent. The consequences run deep. Holders end up with assets they cannot access safely, cannot access at all, or can only access by sacrificing privacy and triggering tax bills. "I'm a little bit concerned because it means there's all this supposed value that people have in their wallets that they don't really know how to access, can't access, can't access securely, have to sacrifice privacy to access, or deal with tax liabilities potentially," Lombrozo said.
He launched Chainsplit to solve part of the problem, helping traders move these fork coins without friction. But the deeper damage troubled him more. "It's basically a denial of service attack on developers," he said. Every new fork requires new code, new audits, new surface for bugs and vulnerabilities.
Adam Back focused on the immediate security threat. Fork coins force users to download unfamiliar software. "It's a window of vulnerability that's advertised in advance, so it's a time to be very careful about what you're downloading," Back said. "Unfortunately, that means there's a real risk that's attached to the forks. There are certainly people out there who have old coins that are not interested to collect these spin-offs for security and privacy reasons."
When Bitcoin Gold launched, attackers posted a malicious wallet on what appeared to be an official channel. More than $3 million in Bitcoin flowed from users who trusted the site.
Peter Todd pointed to a larger threat: critical infrastructure runs on software nobody verifies. He described Bitcoin exchanges and custodians using build processes that begin by downloading random packages with no authentication. "What worries me is people holding bitcoins for other people at exchanges and so forth where their entire build system is, for instance, a bunch of Docker containers, and for every Docker container, the build process starts with things like, Wget some random, unauthenticated website," Todd said. "Realistically, that's going to be a vulnerability."
His own work showed how this blindness compounds. During the ZCash trusted setup, he drove across Canada carrying a Faraday cage and multiple cameras to ensure his piece stayed secure. Yet the entire effort fell apart when he examined the ZCash build chain. Docker containers had pulled Alpine Linux and a Rust compiler that had been compiled days or hours before the build. Nobody knew what went into those tools. No deterministic builds. No verification.
"The reality is: All that went to waste because their build process for the Zcash software was trivially backdoorable," Todd said. "The whole thing was built off an Alpine Linux distribution and Rust compiler that were built earlier that month, in the case of the Rust compiler, the day before. And no one new exactly what went into that software. No deterministic builds, no nothing."
Beneath the fork mania sits a simpler problem: people misunderstand what Bitcoin is. Gibson identified the root: "I'm worried that people don't understand what Bitcoin is, and that's kind of the root of all of this, including all the forks. The developers, the people who work on the technology, are delivering what I think Bitcoin realistically is, but people want kind of unicorns and they want like kind of free transactions and a billion transactions a second. And that's, I think, where all this is coming from."
Todd traced scalability to a social problem. Bitcoin's design forces a choice between low costs and strong security. This tradeoff attracts attackers who demand cheaper transactions in exchange for weakening the system. "Bitcoin forces us to make these terrible tradeoffs between cost and security. I think, at the social level, that's a security problem because we keep getting attacks driven by people who just want transactions to be cheaper in exchange for the system to be less secure," he said.
Voskuil believed the gaps would close. Scalability and privacy problems had solutions. But the time horizon stretched longer than anyone hoped because developers and users operated from different assumptions about how Bitcoin worked. "What bothers me is there's a lot of misapprehension about how Bitcoin actually secures itself, which means how it works," Voskuil said.
Not everyone at the conference left worried. Lombrozo said he slept better than he had years ago, citing progress in private key management. His company Ciphrex rested on that foundation. "I'd say I'm sleeping pretty well now. A couple of years ago, maybe not so much."
Rusnak struck the same note from a different angle. SatoshiLabs had developed the Trezor hardware wallet to enable better sleep, and the strategy succeeded. His main frustration now: people requesting that Trezor support every new altcoin that appeared. "We came up with the hardware wallet idea exactly because we wanted to have good sleep at night, so I'm having a pretty good sleep since then," he said.
