This week’s newsletter summarizes several talks from the Bitcoin Edge Dev++ training sessions and Scaling Bitcoin conference held last week in Tel Aviv. Also included is our regular section on notable changes to popular Bitcoin infrastructure projects.

None this week.

The Scaling Bitcoin conference was preceded by the community-organized Bitcoin Edge Dev++ training sessions. Recordings of the sessions are expected to be made public in the near future, but transcripts typed by Bryan Bishop are available now. We suggest at least skimming all of the topics, but we found the following transcripts both novel and interesting:

● Bitcoin Core rebroadcasting logic by Amiti Uttarwar describes her work to eliminate a privacy leak in Bitcoin Core’s wallet. If the first send of a wallet transaction doesn’t result in reasonably fast confirmation, the wallet will rebroadcast the transaction in order to ensure it is relayed to miners. However, there’s no other case where a full node will rebroadcast a transaction it sent previously, so spy nodes can assume any node rebroadcasting a transaction is operated by the user who created that transaction. Worse, this behavior can be actively exploited by sending a tiny payment with a low fee to an address whose owner you want to identify and waiting for their wallet to rebroadcast the transaction. Uttarwar’s proposed solution is having the node treat all transactions the same, rebroadcasting any of them when a heuristic indicates they should’ve been mined recently but weren’t. This prevents spy nodes from being able to assume that the node which rebroadcast a transaction is operated by the creator of that transaction. The presentation concluded with an overview of some edge cases, an insight from Uttarwar’s experience developing for Bitcoin Core, and a short list of open questions for future research. See Bitcoin Core #16698 for the first of Uttarwar’s PRs implementing these mitigations.

● Blockchain design patterns: Layers and scaling approaches by Andrew Poelstra and David Vorick briefly describes a long list of existing and proposed technologies for making effective use of a space-limited block chain. Starting with existing features, they begin by comparing Bitcoin’s UTXO model to Ethereum’s balance model, finding that the spend-once nature of UTXOs greatly simplifies both security analysis and cache-based performance improvements. This effective caching is the basis of technologies such as bandwidth-reducing BIP152 compact blocks, latency-reducing FIBRE, and many CPU- and memory-reducing improvements within node software. Yet, Poelstra and Vorick note that the overall best way to reduce bandwidth, latency, CPU, and memory is to minimize the use of global state in the first place by looking for opportunities to use offchain protocols based on unbroadcast transactions, replacements of those unbroadcast transactions to allow state transitions, and hash locks to create dependencies between different transactions. Looking at proposed technology, the presenters explain how the bandwidth overhead for relaying transactions grows linearly in the current protocol as you increase the number of your peers; this can be made almost constant with the proposed erlay protocol, allowing you to have many more peers, which reduces the risk of network partitioning attacks. Moving on to describing various parts of the taproot proposal, they show how schnorr signatures make it possible to validate multiple signatures at once (batch validation) and combine several public keys and signatures into a single pubkey and signature (signature aggregation), reducing the costs of general block validation and the specific costs for multisig users. Schnorr also makes it possible to create adaptor signatures that can provide the benefits of both a signature and a hash lock at the same time and for only the cost of one. Finally, taproot can commit to a set of conditions without requiring any party to reveal those conditions unless they need them, which they might not if their protocol allows them to use schnorr multiparty signatures instead. Each of these techniques, individually or in combination, can help users keep more data offchain. The final part of their talk examines more speculative technology, such as improvements to LN using eltoo, the minimization of storage requirements using utreexo, client side validation which keeps almost all data offchain, Directed Acyclic Graph (DAG) based block chains that allow more frequent block production, confidential transactions that hide payment amounts, and sharding in both the form of federated block chains (available now) and other models that are more speculative.