While debate remains over the origin and implications of the rising transaction fees on the bitcoin network last week, the sudden increase in network use appears to be creating pressures for industry businesses.
To date, this has mostly manifested in public calls to action by industry CEOs who have taken to blog posts to detail concerns over the current state of the network. Though there’s disagreement on finer points, those wishing to send a bitcoin transaction today are paying higher fees[1], or else waiting longer to have transactions confirm.
In the midst of this development, bitcoin wallet provider Blockchain[2] has released data that indicates its users are issuing more complaints related to service disruptions, providing a window into how bitcoin’s larger consumer-facing businesses are being affected by the network developments.
Blockchain CEO Peter Smith indicated in a Medium[3] post today that the startup is seeing “new records” for support tickets related to “unconfirmed transactions”, however, it did not go into further detail.
Data provided by Blockchain to CoinDesk indicates that support tickets in this category rose 110% from January to February, a figure that dwarfed a 14% increase observed from December to January.
Blockchain co-founder Nic Cary said:
“In the first week of March, we’ve set a company-wide record in issue management. We’ve had nearly as many cases this past week as we did the entire month of [February].”
Cary went on to state that support tickets are being resolved on average in just over two hours, but that this is putting added pressure on the company’s staff and users.
“Many of the of the voices opining on the state of the network and scaling debate do not serve end users and so they don’t really know how frustrating it’s getting for regular folks trying to make transactions,” Cary said.
Larger debate
Still, just how much pressure this is putting on startup business models, and how much of a concern this should be for developers, remains a contentious topic.
Blockchain’s figures come at a time when industry leaders are beginning to speak out on the issue following a private industry meeting from 26th to 28th February[4] in which the topic of how best to scale the bitcoin network was discussed.
Conversation about the event was minimal until a controversial post by Coinbase’s Armstrong on Friday in which he criticized[5] Bitcoin Core developers, calling the team overly ideological and immature. He further advocated for a proposal called Bitcoin Classic[6] that would increase the capacity of transactions the bitcoin network would be able to process in each data block to 2MB, up from 1MB today.
Such comments set off a firestorm of criticism on social media, inspiring blog posts by developers such as Oleg Andreev, who argued[7] that as the blockchain system with the biggest network effect, bitcoin does not need to rush to add users.
Rather, Andreev argued advances from other blockchain-based systems will simply be added to bitcoin, meaning users are unlikely to adopt another system despite added fees and longer wait times for confirmations.
He suggests that the network’s security and integrity should be paramount, and that they should not be risked on short-term gains.
Network pressure subsides
Against this background, data from 21 Inc indicates that the average fee needed for a 30-minute transaction confirmation was in decline on Monday.
Last Thursday, users needed to pay 60 satoshis per byte for a transaction confirmation time of roughly 30 minutes, a figure that was up slightly from than the 50 satoshis per byte observed at press time.
Data also indicates[8] that the number of blocks that are near capacity or filled to capacity is subsiding after spiking last week.
Adding further fuel to the debate are allegations that network activity contributing to last week’s transaction surge should be viewed as “demand”, and that a capacity increase is needed to accommodate users who are being denied service.
For example, some observers believe that individuals or entities may be colluding to drive up[9] the number of transactions on the network to sway the ongoing technical debates.
However, Blockchain’s data provides evidence that bitcoin’s users are experiencing issues regardless of the root cause.
Cary concluded:
“Most of these users are not worried about the politics behind technical changes, they depend on bitcoin to be functional and reliable.”
The invitation-only Satoshi Roundtable conference is set to convene for the second year in a row, this time at an undisclosed location in North America.
To be held from 26th to 28th February, the event[1] follows the inaugural edition of Satoshi Roundtable, which garnered criticism[2] at the time of announcement for an alleged lack of transparency and air of secrecy. Though it eventually opened its doors to limited media presence, this year’s event, by contrast, will be closed to the public.
Among the 60 attendees will be representatives from the mining and development sectors of the bitcoin industry, including MegaBigPower CEO Dave Carlson, KnC Miner CEO Sam Cole and developers representing both of the major scaling initiatives, Bitcoin Core[3] and Bitcoin Classic[4].
In interview, organizer and Bitcoin Foundation[5] executive director Bruce Fenton indicated that the event is to include “TED Talk”-like presentations, longer keynotes and speeches by individuals outside the bitcoin and blockchain community.
Notably, given the participants, Fenton said that the long-standing question of how the bitcoin network should be scaled[6] to increase transaction capacity would also be discussed by event participants.
Fenton said:
“The event was planned long before the most recent developments in [the] bitcoin discussion, but given the timing and attendees, block size will be an important agenda item.”
The attendee list also includes bitcoin startup CEOs such as BTCC[7]‘s Bobby Lee and Align Commerce[8]‘s Marwan Forzley, as well as representatives from Bain Capital Ventures and Fidelity Labs.
Following a months-long debate on how best to scale the bitcoin network to accommodate a greater number of transactions, bitcoin mining firms are voicing their support for a newly introduced proposal called Bitcoin Classic.
Though a new entrant to the debate, Bitcoin Classic[1] so far has the support of bitcoin developers including former Bitcoin Core maintainer Gavin Andresen[2], Bloq CEO Jeff Garzik and Ledger Journal[3] editor Peter Rizun, among others. If adopted, Bitcoin Classic would increase the size of blocks on the bitcoin blockchain to 2MB, up from 1MB today.
The proposal has created controversy in the industry for running counter to the recommendations of the Bitcoin Core developers, the network’s main development team, which has introduced a road map[4] that advocates for a change that would not directly increase block size, but boost transaction capacity[5] four-fold.
However, bitcoin mining firms believe that the solution to the scaling debate must come in the form of a direct increase to the network’s block size limit, and that Bitcoin Classic offers a more immediate solution to the perception problem that bitcoin as a whole is not doing enough to accommodate new users.
To date, miners including BitFury[6], Bitmain[7] and Genesis Mining[8] are among seven groups that the Bitcoin Classic initiative has said have pledged support to the project.
At The North American Bitcoin Conference (TNABC) this week, all three groups were vocal in their enthusiasm, putting forth the argument that Bitcoin Classic is the fastest way to achieve a solution that moves the open-source project forward.
Speaking on a panel session, BitFury CIO Alex Petrov explained:
“Right now, the Bitcoin Core team is slowly introducing a solution, and it’s a really complicated solution, and it’s been a half a year and they are still in tests. Bitcoin Classic is a fast answer.”
Elsewhere on the panel, FinalHash CTO Marshall Long, Genesis Mining CEO Marco Streng and Bitmain’s Yoshi Gato spoke positively about the proposal, while underscoring that they believe the industry is in need of a solution that prioritizes speed.
“The transition with Bitcoin Classic can happen in a few weeks,” Gato said.
Despite the consensus among the day’s panelists, however, some Chinese miners have suggested that their support for Bitcoin Classic may be wavering[9], with major mining firms in China putting forth an uncertain stance on which proposal they favor.
Notably, developers like Andresen[10] have voiced support for both proposals, suggesting others may be willing to align with whichever concept gains traction in the market, thus helping the network scale.
‘Straightforward’ solution
In his statements, Long perhaps best spoke to Bitcoin Classic’s merits, calling the proposal the “most direct” from a technology standpoint.
The panelists indicated their belief that the Bitcoin Classic proposal only intends to increase increase the block size, and that additional changes will not be included as part of the proposal despite confusion it would also aim to change[11] bitcoin’s mining algorythm
“We’re supporting Bitcoin Classic because we feel it solves the current problem,” Streng told the audience. “Bitcoin Classic is a proposal for increasing the block size without changing the rest.”
Still, some in the community are worried about the message such an action would send to the Bitcoin Core team and its developers.
For example, Blockstream CEO Austin Hill, whose company funds the work of many of Core’s more notable developers, has argued[12] that Bitcoin Classic sends a message that the efforts and reasoned recommendations of developers are under-appreciated.
Dangerous upgrade
But while straightforward in its rule changes, Bitcoin Classic differs from the road map put forward by Bitcoin Core in that it would require a hard fork of the bitcoin blockchain, meaning that it would enact a change that makes the latest edition of the software incompatible with older versions.
“Core is saying, well the miners might do it, the service providers might do it, but not the merchants or other entities. That’s their argument, saying we have to be sure that everyone wants it,” Streng continued.
Gato noted that there is a potential danger that a certain segment of the community will continue running Bitcoin Core, thus creating a situation where there are two versions of the bitcoin blockchain, each with transaction histories that couldn’t be reconciled.
“I think the perception of Bitcoin Classic is that because it’s a hard fork change, the existing system will branch into two separate blockchains,” he said.
Petrov also argued that, despite the risk, time was of the essence in dealing with the problem given that blocks on the bitcoin blockchain are becoming increasingly full.
Calling it a “question of survival” for the project, Petrov added:
“If the Bitcoin Core team doesn’t deliver [a solution] in time, we should force the process and that’s why we’re supporting classic. It’s not the best way, it’s painful, but we should do it.”
Overcoming obstacles
Still, Long voiced his opinion that the bitcoin community needs to come together to solve the human challenge involved in a hard fork given that, as more businesses and consumers seek to use the blockchain, it’s likely future increases will be needed.
The opinion is similar to one originally voiced by Garzik at Scaling Bitcoin Hong Kong, at which the community’s developers considered a number of solutions and theories on how blockchains can and could be designed.
“One benefit that I think everyone agrees on is that if we do [a hard fork] gracefully, it proves that we can actually do something that form the outside is hard, not from a technological level, but a communication level,” Long said.
Petrov acknowledged that “a lot” of work would need to be done to increase the community’s awareness about the change, but that this was preferable to waiting on a solution.
Petrov concluded:
“It will be not easy to implement, but we can do it one month. This is why we are supporting Bitcoin Classic.”
Issued by developer Peter Todd, the statement does much to sum up the state of debate in the bitcoin community, the loose term for the sprawling network of users, miners, node operators, global investors, hobbyists and CEOs who have an interest in the future of bitcoin, an open-source software project responsible for managing $5.7bn in value[1].
While prone to controversy, the bitcoin community is in the midst of one of its biggest debates yet, one compounded by a high-profile article[2] that, while presenting a compelling character portrait of a prominent community member, has lead to a wave of coverage that has colored public perception on a highly complex and divisive issue.
Depending on which media outlet you prefer, bitcoin is either “failing[3]“, in the process of “breaking up[4]” or has “failed[5]” already
However, the headlines draw not from any actual observation about the network’s performance, but on mounting disagreement over what bitcoin was intended to be, how it was performing against this ideal and the steps the industry can take to achieve a unified path forward.
The problem is that not everyone in the industry sees the bitcoin network in the same terms.
Indeed, attempts to characterize the argument often lead to a series of extended qualifications. Though widely known as the “block size debate[6]“, there is by no means agreement in the bitcoin community that bitcoin needs to change the size of the network’s data blocks in order to achieve a more scalable platform.
There have even emerged solutions to the debate that do not involve changing the block size at all. Far from fringe opinions, such an idea has been put forward by members of Bitcoin Core, the bitcoin network’s everyday development team.
In the wake of what is the latest popular mischaracterization of events in the industry, community members are increasingly taking to blogs to discuss the state of the network and their views on the path ahead.
Without near universal approval of how the network should operate, bitcoin risks dividing into separate networks with divergent transaction histories. In turn, this would undermine the overall value of the network and affect compatibility between users.
As a sign of the divide, BitGo[7] co-founder CTO Ben Davenport in a recent Medium[8] post even went so far as to extrapolate how the bitcoin network could deal with two competing blockchains used by different parts of the community and with different prices for bitcoin on those ledgers.
In an attempt to add clarity for those following the debate, we’ve compiled a list of the many questions the community is now seeking to inform and answer.
Has bitcoin failed?
Perhaps the most contentious claim issued by ex-bitcoin developer Mike Hearn, the immediate answer to this question is no. Transactions continue to be processed on the bitcoin network and at press time, 148 1MB blocks of transaction data had been processed by bitcoin’s distributed mining ecosystem over the last 24 hours[9].
The idea that the media response to the incident betrayed a lack of knowledge about the technology was widely acknowledged, most directly by interested venture capitalists.
Adam Draper, CEO of the startup accelerator Boost VC, for example, noted that bitcoin’s current issues could be viewed as a product of its success. Since it was founded, Boost has invested in more than 50 industry firms, including Fold, Mirror and Zapchain.
If the bitcoin network needs the capacity to handle more transactions, Draper reasoned, it’s proof that the experimental transactions protocol is growing, not dying.
“Most of Mike [Hearn]’s problems stem from there being excess demand of the network, not too little, which in the world of startups and technology, I would summarize as, ‘champagne problems.’ The network has too many people who want to transact on it, and it cannot keep up on the demand so it doesn’t clear 100% of transactions perfectly. This is what happens with new technology, and this is what drives innovation.”
Draper also pointed to the growing institutional interest in the technology as a sign it is becoming better understood. “Bitcoin has been pronounced dead 89 times, I don’t think this will be the last time people believe it is the end,” he continued.
Elsewhere, Union Square Ventures partner Fred Wilson[11] penned a blog post[12] in which he defended the network as one that still features a “number of well-funded companies” and that has attracted “significant venture capital interest”.
“The competition between these various companies and their visions has played a part in the stalemate,” he wrote, noting that while the debate is heated, most of its participants are aligned to see the network succeed.
He added:
“These companies have a lot to gain or lose if Bitcoin survives or fails. So I expect that there will be some rationality, brought on by capitalist behavior, that will emerge or maybe is already emerging.”
What is bitcoin’s big vision?
Given the number of stakeholders in the bitcoin network, there also remains a variety of opinions on how the technology should be developed.
“In my simple mind I liken it to this. Should bitcoin be gold or should bitcoin be Visa?” Wilson wrote.
Here again, the differing interests in bitcoin are divided.
Many startups, for example, built their companies (and raised money) on the idea that bitcoin would be a free platform for financial services, despite the fact that sending data on the network has always had an implicit cost.
Of course, the question of cost isn’t whether bitcoin should be free or not, securing a transaction against the bitcoin blockchain costs a fee regardless. At issue is which stakeholders should pay for this fee.
In his post for Medium[13], Valery Vavilov, CEO of bitcoin mining giant BitFury argues that bitcoin users who want to have their transactions noted in the blockchain need to reimburse miners for the computing power they expend to perform this action.
“The blockchain is secured with an enormous amount of computing power, and transaction fees are an important incentive to keep contributing that power,” Vavilov wrote.
Still, he argued other technical solutions could cut costs for consumers by reducing their need to post payments to the blockchain.
“Just like with instant payments, expensive on-chain bitcoin transactions do not mean that one cannot use bitcoin for cheap value transfer. Overlay networks, such as Lightning and sidechains, can successfully deal with this challenge,” Vavilov said.
This idea is in itself contentious as there remains disagreement as to whether a significant part of the network’s value proposition derives from the idea users interact with the blockchain directly, not a third party as in traditional payment systems.
As noted by independent blogger Beautyon wrote recently[14], how this cost is paid and how high it is set will have ramifications.
“If however it costs a dollar to spend a dollar, no one will use bitcoin to send a dollar. They will use it to send $100 because that is still cheaper than Western Union,” the post argued.
How centralized should bitcoin be?
Though this has emerged as a debated point, for a sizeable amount of bitcoin users, a key part of the network’s value proposition is that it is decentralized.
By spreading out transaction verification across a number of unknown miners, they argue that users are free from the censorship of platforms like Visa or MasterCard, which can now arbitrarily deny service.
As such, those who are in favor of decentralization, generally want to see all aspects of the network maintain low barriers to entry.
This development is perhaps most pronounced in the mining sector where an industrial arms race to assemble computing power has resulted in a relatively small number of participants in this process, at least compared to the network’s early days when anyone with a home computer could mine bitcoins.
A representative of the industrial miners, Vavilov argued that bitcoin is not “a fancy replacement for PayPal or Visa”, contending that its decentralized qualities provide “permissionless entry for users and developers”, key components, he believes, to its goal of becoming an open platform.
He added that, regardless of the number of miners, most bitcoin nodes, which are responsible for maintaining complete copies of bitcoin’s transaction ledger, remain outside of the control of major miners.
The subject of the number of the balance between miners and nodes on the network was also discussed in a post by Brian Armstrong, CEO of bitcoin services firm Coinbase.
Armstrong wrote that he does not have “dire concerns[15]” about the centralization of mining, as this could be offset by the number of nodes.
However, here he noted the size of the blockchain nodes hold would expand if the block size is increased, increasing the cost burden on those running nodes.
“So the block size doubled and the number of full nodes fell by 6%. Can we use this as a proxy for what will happen if we raise the block size more? Maybe,” Armstrong wrote.
He went on to provide a “rough” analysis for how a size increase might affect this aspect of the network.
Do scaling solutions need a block size change?
Another question with a relatively straightforward answer, members of the Bitcoin Core development team are openly advocating that more transaction capacity be added without immediately altering the size of data blocks on the blockchain.
“What is proposed is a soft-fork that increases bitcoin’s scalability and capacity by reorganizing data in blocks to handle the signatures separately, and in doing so takes them outside the scope of the current block size limit,” Blockstream’s Greg Maxwell wrote last December.
As opposed to a hard fork, which would create two incompatible versions of the software, a soft fork would allow bitcoin users to continue using older software versions until they upgrade.
As explained by BitGo’s Davenport, the view of Segregated Witness proponents is that a soft fork of the network would be safer than a hard fork, which could split the network into two divergent blockchains.
He wrote:
“The Bitcoin Core team believes doing a hard fork at the present time is needlessly risky, and is instead pursuing SegWit via a soft fork for a similar sized potential gain in throughput.”
Developer Peter Todd has explained that he favors a soft fork as it would add rules to the protocol, rather than removing them. In addition, he notes that “modern bitcoin”, a term used to describe the more mature network, has “never done an intentional hard fork”.
“[When a hard fork starts], the blocks from miners adopting the fork are considered invalid by the those who haven’t adopted, because the blocks violate existing rules. So the non-adopting miners build on each others blocks, creating two separate chains,” he wrote.
Elsewhere, he sought to dismiss criticisms that soft forks are dangerous, needlessly complex and undemocratic.
One of the major problems about Segregated Witness, however, may be the lack of communication and its inability to solve the political problem of “fixing the block size issue”.
Developer Peter Todd called this one of the more interesting aspects of the discussion, noting the views of Bitcoin Core’s Jeff Garzik
“His view is we must do a hard fork to show it’s possible. But, why do you want to show it’s possible? Because we’re going to do another. There’s no clear criteria at what point do you stop scaling the limits,” Todd told CoinDesk.
Is a soft fork the best solution?
But while Todd calls soft forks “one of the best tools” that developers have to upgrade the protocol, even this view has attracted its share of detractors.
One effort that has sprung up amidst the wake of Hearn’s post is Bitcoin Classic, which seeks an immediate hard fork that would increase the capacity of the network to 2MB.
The development effort has already received nods of approval from prominent industry firms including mining outlets like BitFury and KnCMiner and consumer services like Coinbase and Circle.
Further, Bitcoin Not Bombs author Chris Pacia has put forth a notable technical criticism to this view.
“I believe that conventional wisdom is wrong,” he wrote in a piece that argued soft forks have not always gone off without difficulty.
How should bitcoin be governed?
Still, there remains the belief that bitcoin’s issue aren’t technical but social.
Pacia suggested that a soft fork would be a governance issue given that “just a few developers and mining pool operators” would effectively be able to determine how the protocol is changed.
But hard forks are not without a governing component.
Davenport along with BitPay CEO Stephen Pair[18] have said they believe that the choice is ultimately up to the miners, who must devote computing power to a fork in bitcoin blockchain. However, Davenport noted that it’s not clear who miners should listen to as they make their decision.
“How are they meant to make such a decision? Should they listen to the developers? to people on Reddit? To the big companies?” Davenport asked.
For his part, Vavilov rejected the idea that bitcoin users should all run nodes, and therefore, all be able to vote on the network’s course of action.
“The pipe dream of some in the Bitcoin community is to govern the system by having ordinary users vote for changes by adopting the corresponding full node software. This approach is not only impractical, it is also not desirable,” he wrote.
Much of the debate, however, seems to be a byproduct of the lack of a central decision-maker in the debate.
As evidenced at Scaling Bitcoin, decisions proved complex given that miners wanted to follow the recommendations of the development community, while developers sought to avoid pulling the trigger for fear of the repercussions of being labeled as the entity that could enact decisions on the network.
Still, there are signs this concern has been widely interpreted as a sign that Bitcoin Core lacks leadership.
The idea that a change in core development governance would be forthcoming was put forward by Fred Wilson.
“I personally believe we will see a fork accepted by the mining community at some point this year. And that will come with a new set of core developers and some governance about how decisions are made among that core developer team,” he wrote.
Even Todd, a member of Bitcoin Core by association, acknowledged that bitcoin’s developers would need to treat the ongoing debate as a learning experience, adding:
“I get the impression that a lot of this stems from very poor communication between bitcoin core and the rest of the community.”
A new service, CoinTape, is offering bitcoin users an answer to the common question: what is the optimum transaction fee?
Using network data from the past three hours, the service[1] lets users compare the current waiting times associated with various fee tiers, calculated in satoshis per byte.
It claims to predict delays with 90% confidence.
The default fee used by many bitcoin wallets is 10 satoshis (0.0000001) per byte. However, according to CoinTape, paying 20 satoshis (0.0000002 BTC) per byte will get you the fastest and cheapest transaction on the network.
For the average-sized bitcoin transaction, 645 bytes, this equates to a fee of 129 bits (0.000129 BTC) (note that this is calculated on a transaction’s size, not its dollar value).
The most popular fee ratio CoinTape lists, 41–50 satoshis per byte, used in more than 30,000 transactions today alone, is double this.
Network competition
As the number of bitcoin transactions rise[2], competition for space in each block is heating up. Miners prioritise transactions with the highest fees, working down the list until the block reaches its limit, 750,000 bytes[3].
Transactions that don’t make the cut remain in the miner’s ‘memory pool’, a kind of bitcoin limbo. They may be included in future blocks depending on their priority[4] or fee.
Currently, you can opt out of the fee altogether. However, there has been debate as to whether this should be raised, with a recent pull request[5] to make a 10,000 satoshi minimum to reduce spam on the network.
CoinTape indicates that avoiding a fee is more likely to result in delays to your payment. It could take up to six blocks, or around one hour (blocks are created roughly every 10 minutes).
Bitcoin core developer Jeff Garzik has proposed increasing bitcoin’s block size limit to 2MB.
Blocks – which are created every 10 minutes – currently hold only 1MB of transactions each. However, if the bitcoin network is to scale competitively it will need to exceed the three to seven transactions per second it currently supports.
With the 1MB limit looking to be reached within the next few months, Garzik says his proposal, BIP 102[1], is an emergency ‘fallback’ if consensus among bitcoin’s stakeholders is not reached.
“If we can find a more complete solution, yes, by all means, let’s throw BIP 102 in the trash,” the developer told Reddit[2].
While some think the limited space for transactions in each block will create a market for fees, others have warned[6] doing nothing could disrupt the robustness of – and people’s trust in – bitcoin. No clear cut resolution has been reached.
The delayed implementation of a bitcoin core update by a small number of the network’s miners resulted in the addition of invalid transaction blocks to the bitcoin blockchain this weekend.
The result was a fork in the network that created two versions of the bitcoin blockchain, which continued for six blocks on 4th July. An additional three invalid blocks were added to the blockchain in a repeat of the issue the following day.
As a result, core developers issued a warning[1] on Bitcoin.org requesting that wallet providers place increased scrutiny on incoming transactions due to the risk that funds could be double spent as a result of the discrepancy between chains.
The post, which is still live on the website, is advising these entities wait an additional 30 transactions before confirming transactions as valid.
Root of the problem
At the heart of the issue is arguably the decentralized nature of the bitcoin blockchain and the degree of control over which its participants have in how they contribute to the verification of transactions on the digital currency’s distributed ledger.
This ability for users to have some control over how they interact with the network, for example, results in miners being able to neglect software changes and for the network to carry on even if they do.
As a precaution, core developers have taken to waiting for a majority of the miners to implement changes. In this case, BIP66[2] – a bitcoin soft fork designed to make the network less dependent on OpenSSL’s signature parsing – stated that certain transaction blocks created without this update would be considered invalid once the majority – 950 out of 1,000 blocks – were mined with the latest version.
In theory, the risk of an issue was low, with only 5% of the network running the outdated version of BIP66. However, in practice, three pools running light versions of software elements were able to process six consecutive blocks that should have been invalid, creating two versions of the bitcoin blockchain, the longest of which was operating on an older software.
In this case, certain mining pools were SPV mining[3], meaning that they were not validating the full version of the bitcoin blockchain. In turn, these invalid blocks were being considered valid by bitcoin wallet providers and block explorers running SPV versions of software as opposed to full nodes with the entire history of the ledger.
Fabio Federici, CEO of blockchain intelligence provider Coinalytics, explained to CoinDesk:
“SPV clients were claiming they would follow the BIP66 rules, but they were not actually enforcing them. A big part of the mining network is not running on full nodes, which would validate every transaction.”
Though initiated by F2Pool, should the other mining pools have been running a full node to process the entirety of the bitcoin blockchain, invalid blocks should have been more quickly detected.
Common consensus
Though not unusual with software updates, the situation was noteworthy as the invalid block was subsequently built upon by the larger mining network.
Peter Gray, founder of bitcoin developer API Coinkite, noted that issues with software updates are common, resulting from the continual upgrades being made to the payment network.
“I think it’s useful to remind people that forks happen every week on bitcoin. Typically only a single block gets orphaned in a typical week, and it’s not a bug or attack or anything; just the way bitcoin works,” Gray said.
Mining firms that solved invalid blocks lost income as a result of the need to correct the issue, with Bitcoin.org estimating that $50,000 in revenue was effectively withheld from F2Pool, AntPool and BTC Nuggets, the three mining pools[4] that effectively created and briefly propagated the invalid chain.
Rewards were ultimately never paid as the 25 BTC winnings per block was sent to a bitcoin wallet that invalidated the blocks after syncing with the valid chain.
After effects
In its warning, Bitcoin.org, said customers whose bitcoin transactions were confirmed before midnight (UTC) on 6th July have not been affected by the glitch, though transactions carried out after this time are believed to have “significantly less reliable” confirmation scores.
Bitcoin.org explained[5] the confirmation of invalid blocks[6] is due to software clients not upgrading to Bitcoin Core 0.9.5 or later and warned that lightweight wallets using SPV and web wallets were particularly vulnerable to the bug.
Warning the issue remained unresolved, Bitcoin.org urged users to “wait 30 more confirmations” than usual before accepting a transaction as valid. It also recommended that miners switch to a pool that validates transaction blocks using a full node and that individual miners use Bitcoin Core 0.10.2.
As for larger takeaways, those who provided comment suggested the event should be used as a reminder of the need for key bitcoin network participants to run full nodes.
“The key takeaway is the distribution of full nodes versus SPV nodes. Everyone should run a full node, and maybe it doesn’t make sense economically or there are other benefits of an SPV client, but that comes with the risk,” Federici continued.
UPDATE (14th March 16:18 GMT): Additional comment added from Chainalysis CEO Michael Grønager.
Compliance startup Chainalysis was forced to defend itself today after allegations its surveillance tactics had disrupted services and threatened the privacy of bitcoin users.
The Swiss company, headed by ex-Kraken[1] COO Michael Grønager and former Mycelium[2] engineer Jan Møller, created over 250 ‘false’ bitcoin nodes to harvest information on the whereabouts of transactions. The firm claims these nodes have now been shut down[3].
Three Bitcoin Core developers, Wladimir van der Laan, Peter Todd and Gregory Maxwell, say Chainalysis’ actions amount to a so-called Sybil attack[4] on the bitcoin network, something CEO Grønager denies.
The attack, named after dissociative identity disorder sufferer Shirley Ardell Mason[5], occurs when an individual creates multiple fake identities to gain influence in a peer-to-peer network.
As van der Laan told CoinDesk:
“Non-functional nodes are injected in the network, in this case to syphon off information. They claim to be full nodes, but do not store blocks nor provide them when requested. This leaves other nodes that connect to them waiting, and that can cause slowdowns.”
Grønager, by contrast, described the incident as an “unintended partial Sybil attack” as it affected relatively few and was “carefully tailored” not to cause harm to the core bitcoin network.
SPV clients affected
Grønager says his company created the fake nodes, first flagged by Bitcoin Talk user[6] ‘Evil-Knievel’, to gather location data for a blog post about bitcoin transfers between countries.
Speaking to CoinDesk, he maintained Chainalysis had no malicious intentions to disrupt the network’s SPV (simplified payment verification) clients, the ‘lightweight’ bitcoin nodes that don’t carry a full copy of the blockchain but rather rely on other trusted nodes for accurate network data.
He added:
“To collect that kind of information [country data] with reasonable accuracy you need to listen on more than a few nodes. Apparently there is a weakness in some SPV clients so they ended up connecting only to our IPs … if this has caused problems for SPV clients we apologise and would seek to fix this as soon as possible.”
One SPV-based service that was affected by Chainalysis’ fake nodes was the decentralised bitcoin wallet Breadwallet[7].
As the app has no centralised server, each Breadwallet user connects to the blockchain directly. Hence, when a user’s wallet came across one of Chainalysis’ “misbehaving” nodes, it was prevented from syncing with the rest of the network.
“Since these nodes aggressively broadcast the other nodes behaving the same way, the user might get in a position where they would connect to a non-syncing node nearly every time,” Breadwallet developer Aaron Voisine explained. Unlike full nodes, which use Bitcoin Core, SPV clients often lack protective measures in node selection, such as clustering by IP address range.
He added that while he doesn’t believe the node behaviour was malicious, it was certainly “rude”.
Other wallets have been less forgiving. Mycelium – where Møller still works as a consultant – penned a lengthy Reddit post[8] on the subject that distanced the pro-anonymity project from Møller’s new business venture.
The company has joined other node operators[9] to block nodes in Chainalysis’ IP range from connecting with its own. Meanwhile, Breadwallet has pushed an update to avoid all nodes that display nonstandard behaviour.
Legality questioned
According to data tool BitNodes[10] at press time, there are currently 6,489 bitcoin nodes distributed across the planet.
Unlike miners, which reward their owners with freshly-minted coins, bitcoin nodes are not financially incentivised, but are run for the health of the network itself.
The more ‘full’ nodes there are to store and relay bitcoin transactions, the fewer points of failure there are, and the more stable the network becomes.
Critics say[11] the actions of Chainalysis threatened this stability, and could even amount to illegal activity – “exceeding unauthorised access” – under anti-hacking laws, including the US’ Computer Fraud and Abuse Act (CFAA), though this hasn’t been confirmed.
Speaking to CoinDesk, Core developer Peter Todd expressed his concerns about the legality of Sybil attacks, which he said have the potential to impact all of bitcoin’s users.
He added:
“It’d be ironic if a service ostensibly intending to help with regulatory compliance did so by violating laws against disrupting and hacking networks.”
Indeed, besides SPV clients, false nodes can make it harder for bitcoin’s 6,489 full nodes to sync up, find blocks and transmit transaction data, though fellow developer van der Laan denied hearing any reports of this for the Chainalysis nodes.
Besides blocking the offending nodes, users on Reddit are also encouraging others[12] to voice concerns about Chainalysis’ “malicious” use of its IP subnet on its hosting provider’s abuse page.
Chainalysis denies any malicious behaviour – “the accusations got a little out of hand,” Grønager said – and rather points to its technology being used to help law enforcement, for example in tracking and locating stolen funds.
He told CoinDesk:
“Funnily, following the Reddit post we have received a ton of emails from people with stolen bitcoins and requests for finding them – so yes, there is indeed a need [for this kind of service] and yes, we have received a lot of positive feedback from potential customers.”
Anonymity vs compliance
The crux of the debate between Chainalysis and its critics centres around bitcoin’s use: should it seek to serve financial institutions operating in heavily regulated environments, or those wishing to transact in privacy?
Chainalysis sides with the regulators. In providing what it calls ‘automated transaction reporting’, the company says it is helping bitcoin companies conform to existing money transfer regulations, including the travel rule[15].
This, Grønager said, will help bitcoin businesses get bank accounts and promote the currency’s use among mainstream financial institutions.
He added:
“If you as a MSB (money services business) are offering automated transactions you are obliged to have suitable automated transaction monitoring. That is not to be confused with monitoring the entire bitcoin network, but transfers between you and your client, may that be fiat or may that be bitcoin. We are providing tools for facilitating exactly that.”
However, others are questioning the reliability of these tools and the IP data they collect.
By finding the IP address of the first node that introduces a new transaction in the network, it is possible to guess its country using GeoIP. However, although there can be a weak correlation, receiving a transaction from a particular node does not mean that the individual running it was its creator, generally speaking.
For example, it could come from Tor, an Electrum[16] server or a service like Blockchain’s pushtx[17].
“Their service cannot provide any guarantees, and many services have tried this before. What is new is how rudely they disrupt the network,” said Wladimir, who stressed that this kind of analysis is, at best, a very unexact science.
Additionally, Todd cited past unconfirmed reports of inaccurate data leading to a user being arrested by police in 2013 after his IP address was falsely linked[18] to criminal activity via blockchain sleuthing.
The IP debate
Due to this weak correlation, companies like Blockchain[19] see no problem in sharing bitcoin’s IP data, which is public in the sense that it can be accessed by anyone on the network.
In a prepared statement, a spokesperson from the company said:
“Blockchain.info engages in this kind of passive behaviour and publishes the data on its block explorer website under the ‘Relayed by IP’ field. Along with this field, Blockchain notes that the IP address indicated is not equivalent to the origin of a bitcoin transaction.”
They added: “In short, Blockchain.info nodes are passive in nature, only record publicly available data, and confirm to the standard behaviour of nodes on the network.”
Grønager is keen to differentiate between Chainalysis’ service, which allows API customers to determine if a transaction originates from a ‘safe’ partner, from those who publicly share data about IPs that have run the bitcoin client.
“Chainalysis does not and will never share IP addresses or enable customers to buy such information, and we consider it highly problematic and unethical to engage in or facilitate that,” he said, adding:
“[Deanonymizing all transactions] could be an interesting exercise for investigation purposes, but probably hard to monetise for compliance. Further, if you try to follow stolen funds by IP you find that the thieves are using Tor anyway, so the main value you gain is the country of origin – hence our coming blogpost.”
All IP data that passes into the bitcoin network can be masked by anonymising services such as Tor and CoinJoin[20], which advocates argue can help protect the identities of users, and may prevent future Sybil attacks.
“This is also a reminder to always use tor with Bitcoin 100% of the time (and to use a full node if you can), as that reduces the incentives to pull this kind of stunt,” Maxwell said in the original Bitcoin Talk post[21].
Todd agrees:
“Tor definitely helps as it makes it clear that you can’t determine where a transaction originally came from, removing some of the incentive to perform these attacks. We also need to implement better protections against nodes that aren’t contributing back to the network – like Chainalysis’s nodes – from using up network capacity like proof-of-storage.”
As long as Bitcoin continutes to provide relatively poor privacy, people will continue to try to create services that take advantage of this, he added.
If nothing else, the events of the past 24 hours hammer home that fact that bitcoin operates on ‘user-selectable privacy’ – by default it is no more secret than a google search from a home internet connection.
Whether this should be used to bring the protocol up to regulator’s standards or be changed to protect user identities, is still up for debate.
Adam Ludwin co-founded Chain.com, a bitcoin developer platform. Prior to Chain, Adam was a venture investor in companies including Vine, Slack, Kik, and Paperless Post. In this post he addresses the distinction between privacy and anonymity in bitcoin.
Bitcoin is often described as a way to transact anonymously. But just how anonymous is it?
First off, it is useful to draw a basic distinction between anonymity and privacy in the context of financial transactions. We will call a transaction “anonymous” if no one knows who you are. We will call a transaction “private” if what you purchased, and for what amount, are unknown.
Let’s draw a simple matrix and locate different kinds of financial transactions within it:
Cash or barter are the most intrinsically private and anonymous means of transacting.
In the opposite corner are transactions which are neither anonymous nor private. This includes, say, campaign contributions over a certain amount. We may also include in this quadrant credit card transactions: although not public knowledge like a campaign contribution, your identity is nevertheless connected to every purchase you make, and this information is available to the merchant, credit card network, issuing bank, and — if subpoenaed — law enforcement.
Certain financial transactions are private but not anonymous; for example, the donor wall at the local art museum, which identifies the names of donors but not the amounts donated.
Bitcoin, by contrast, is anonymous but not private: identities are nowhere recorded in the bitcoin protocol itself, but every transaction performed with bitcoin is visible on the distributed electronic public ledger known as the block chain.
The anonymity provided by bitcoin is at once a point of attraction and a challenge for financial regulation. As the pace of adoption of the currency grows and as it comes under scrutiny by the legal and financial systems, particularly with regard to compliance with applicable anti-money laundering (AML) statutes and know-your-customer (KYC) controls, its true level of anonymity will become an increasingly closely studied subject.
For many users of bitcoin, who access the currency through one of the popular online wallet or exchange services, their participation at the outset entails linking their personal identity to their bitcoin holdings. Bitcoin for these users is effectively no more anonymous than a bank account, although this loss of anonymity takes place at the point of entry into the currency and is not a feature of the bitcoin protocol itself.
For those who wish to take advantage of bitcoin’s intrinsic anonymity, they must find an alternative entry point, such as acquiring bitcoin in a private transaction, as compensation for goods or services rendered, or as a reward for mining. Subsequent bitcoin transactions can then be anonymous, since real-world identities are not recorded on the block chain ledger: the only identifying information recorded there are the bitcoin addresses, whose corresponding private keys are held by the owners as proof of ownership.
Maintaining one’s anonymity from this point forward, however, is in no way guaranteed: even supposing one manages to acquire bitcoins without giving up personal information, one’s real-world identity can still be discovered in the course of transacting bitcoin within the network. Let’s look at how this can happen.
Broadly speaking, deanonymization techniques pursue one of two complementary approaches, having to do with the public nature of the transaction ledger and with the possibility of exposing the IP addresses of the computers originating the transactions.
Anonymity and the transaction ledger
There is no upper limit to the number of addresses a bitcoin holder can control. All one’s bitcoins can be stored in a single address, or they can be dispersed into dozens or even thousands of addresses. Meanwhile, good practice recommends (though does not enforce) that every address be used only once: any amount left over in change from a transaction should not be kept in the old address but moved to a new one. This proliferation of addresses designedly obscures which ones are controlled by a single individual at a single point in time, and makes it difficult to track the flow of funds controlled by that individual over time.
It is possible, however, to leverage the perfect transparency of the transaction ledger to reveal spending patterns in the block chain that allow bitcoin addresses to be bundled by user. This is the domain of transaction graph analysis.
Transaction graph analysis
Transaction graph analysis applies a few tricks and some educated guesswork to link the approximately 57 million transactions taking place between 62 million addresses to a subset of the unique holders of bitcoin. It then allows transactional relationships between these bitcoin holders to be mapped.
One basic technique in transaction graph analysis involves transactions with more than one input address. By definition these inputs are controlled by the same person — and if either address appears elsewhere in the block chain then the associated transactions can also be linked to the same person.
A second technique takes advantage of the “good practice” mentioned above: if exactly one of the output addresses in a transaction has never appeared in the block chain before, then it is a good bet that the new address is the change address.
A third technique looks at the numerical precision of the amounts involved in a transaction. For example, in a transaction generating two outputs corresponding to two new bitcoin addresses, where one of the outputs is, say, 3 BTC and the other is 2.12791 BTC, then it is a very good bet that the first number corresponds to the recipient and the second number to the change. What is the chance, after all, that the change should happen to end up in such a neat figure? The address originating the transaction can thus be linked to the change address with a high degree of confidence. The same analysis can be repeated after converting to major currencies such as USD to find “whole numbers” that might otherwise be hidden in bitcoin-denominated transactions and that enable sender to be distinguished from receiver.
Address deanonymization using these methods can be thwarted by sending bitcoins through so-called mixers or tumblers, which take a set of bitcoins and returns another set of the same value (minus a processing fee) with different addresses and transaction histories, thus effectively “laundering” the coins. But these services come with serious caveats. Users must hand over control of their bitcoins and trust the service to return them. Transaction graph analysis can identify use of a mixing service and flag the user as potentially suspicious. Mixers do not work well for very large sums, unless others with similarly large sums happen to be mixing their bitcoins at the same time. Some mixing services do not work as advertised and can be reverse-engineered[1]. Services that operate legally must keep detailed records of how the coins were mixed, which could later be hacked or subpoenaed. And the new bitcoins received might themselves be tainted by illegal activity.
Seeding the transaction graph
Transaction graph analysis by itself only reveals the imprint of individual agency in the block chain; it does not reveal any real-world identities. For this it is necessary to refer to information not contained in the block chain.
A great deal of information linking bitcoin addresses to their identities is available publicly. Businesses accepting bitcoin may place a QR code near a cash register or on a website. Others may announce their bitcoin address through services such as blockchain.info[2], which identifies the owners of thousands of addresses. Thousands more addresses can be harvested from public email forums when individuals include personal bitcoin addresses in signature lines to posts. This partial knowledge of identities can be combined with the transaction graph to deanonymize a swath of the transaction ledger.
Retroactive geolocation is one potential consequence of this deanonymization. Suppose a café accepts bitcoin and uses a fixed address for their over-the-counter transactions. If you are a patron of that establishment, and your bitcoin addresses become associated with your identity, then someone can easily call forth from the block chain a partial record of your personal whereabouts over time.
Conversely, suppose someone wanted to link your identity to your bitcoin address, and you happen to mention that you visited the same café for lunch that day. Someone can look up the address used by the café, find the subset of transactions on that address taking place over the lunch hour, and filter the results by price to exclude transactions involving just a hot drink. Perhaps a bit more information on what you had for lunch, and a look at the café’s menu, and the chances of making a successful match are high.
Perfect knowledge of the transaction ledger also means that any additional information discovered at a later date can be retroactively applied, allowing further pieces of the identity puzzle to be dropped into place at any time. A single disclosure of identity, even years in the future, and every transaction on that address and those connected to it is compromised.
IP address anonymity
A complementary source of potentially deanonymizing information is available to every computer that participates in the decentralized transaction network by hosting a bitcoin node. This information is the set of IP addresses of the computers that announce new bitcoin transactions.
At the time of writing there are around 6,500 nodes accepting inbound connections from other nodes, and perhaps ten times that number which don’t accept requests for connections. The former maintain connections to several dozen peers on average, while the latter typically have eight peers. Both kinds of nodes generate transactions. Transaction propagation through the node network begins with the computer that first broadcasts the event to its peers, which then forward the event to their peers in an information cascade that usually reaches every node in the network within a few seconds.
The simple observation which can be exploited is that, provided one can find a way to connect to a majority of nodes, perhaps by controlling a coordinated sub-network of nodes spread over many devices, the very first node to relay a transaction is on average the originator of that transaction. The risk increases if multiple transactions are relayed from the same IP address. While a small random delay is baked into the transaction propagation protocol to help preserve the anonymity of the original sender, with the proper techniques enough signal is available through the noise to make a positive identification in many cases[3]. And while use of a TOR router offers some measure of protection against IP address discovery, it exposes the user to other potential attacks[4].
An example of this kind of IP address deanonymization made public is blockchain.info, which discloses the IP address of the first node to report a transaction to its servers. The information is only as reliable as the web site’s node connectivity: with a declared 800–900 connected nodes at the time of writing, it is probably not enough to reliably pinpoint the originating IP in all cases.
So…
How anonymous is bitcoin today? Average users should be aware that it is certainly less anonymous than cash. Meanwhile, dedicated users willing to go through extraordinary lengths can find ways to acquire and use bitcoin anonymously, but the open nature of the transaction ledger and other unknowns leave open the possibility that identities and activities once considered perfectly secure may be revealed at some point down the road.
What about the future? As bitcoin adoption continues to increase, it is not out of the question that a technology arms race could arise between anonymizers and deanonymizers: on the one hand, increasingly sophisticated data mining schemes will be developed, possibly combining transaction graph analysis with IP address discovery, to trace the movement of funds in the block chain between individuals and across borders. On the other, improved techniques will be devised to better conceal individual identity and activity.
Here there are many unknowns. Will the core bitcoin code be modified to further protect anonymity or to facilitate regulation? Will bitcoin mixing services become pervasive and secure? Will transaction graph analysis reach a degree of sophistication where most user activities can be easily traced? Will an alternative digital currency or side chain arise which tilts the balance for or against anonymity? All we can say with certainty is that bitcoin is still in its infancy and that existing thinking and tools in the area of anonymity are still primitive. We have seen only the opening moves; the endgame has yet to be played.
This backgrounder was originally published by Coin Center[5], a non-profit research and advocacy center focused on the public policy issues facing cryptocurrency technologies such as bitcoin. More of their plain-language backgrounders can be found here[6].
In just a few days, bitcoin will have been in development for five years.
For those of us who watched it grow from a humble Windows-only desktop application to today’s global infrastructure, bitcoin’s technology is simultaneously astonishing and frustrating. We marvel at how far it’s come, and yet are impatient with how far it still has to go.
Most media stories reviewing bitcoin’s 2014 focus exclusively on the price[1]. So, instead, let’s take a look at what we achieved as a community this year, and take a look ahead at where things might go in 2015.
Nailing the basics
Bitcoin 0.1 was a prototype designed to show Satoshi’s new algorithm could work. It didn’t have any security features, there wasn’t any convenient way to back up your wallet and, even though preventing double spends was fundamental to what bitcoin did, the app wouldn’t actually tell you if a double spend had occurred.
A lot of the time since has been spent on making the basics of being your own bank easy and safe. An attack on the peer-to-peer network in February prompted wallet developers to upgrade their support for showing double spends in their user interfaces.
Mainstream wallets significantly reduced the quantity of random numbers they need – although this change may seem obscure, such wallets are easier to back up, safer and tend to give users better privacy.
This year also saw massive progress on one of the most pressing issues facing bitcoin technology: security. Seeds planted in previous years started to bear fruit.
SatoshiLabs successfully launched the ambitious Trezor project, bringing better-than-banking-grade security to bitcoiners who are willing to buy the keyring-attachable device[2]. Wider support from more wallet apps should arrive in 2015.
Bitpay[3]’s Copay project developed a multisig wallet[4] for desktop, web and mobile that supports money controlled by social groups, like a board of directors, or parties in a dispute mediated transaction.
And a new wallet simply called Bitcoin Authenticator[5] entered developer testing; it provides decentralised two-factor authentication between desktops/laptops and Android smartphones.
Reinforcing the core
One theme I’ve talked about constantly in the last 18 months was the lack of resources being put into development of Bitcoin Core, and shared infrastructure more generally. Luckily the community rallied around, and in 2014 things got significantly better.
The foundation is funding Sergio Damien Lerner[9] to do security audits, Saïvann Carignan to continue his independent development of bitcoin.org and Addy Yeow to run a network metrics service. And most of the remaining core developers who weren’t already working on bitcoin full time joined Blockstream[10], a company that raised $21 million from investors with an explicit mandate to focus on building the ecosystem and infrastructure.
At the start of 2014, our problem was that we were running a multi-billion dollar financial infrastructure on top of software that had fewer full time developers than Google’s April Fool jokes. The Foundation was (very reasonably) splitting its effort between development and defending bitcoin in Washington. At the end of 2014, there are now dedicated groups lobbying for us all around the world, and all the people who worked on the protocol and software in previous years can keep doing so.
Our challenge now is using our newfound resources wisely. Most Silicon Valley companies have product managers: people who tell the developers what to do and (in theory) ensure they focus on the real needs of real users instead of things that are fun to implement. Bitcoin doesn’t have anything like that – so we’ll have to make sure we stay focused on mainstream success ourselves.
Getting ready for a great 2015
Bitcoin is a long-term project, so the theme of plans being laid years in advance is common. What might we see next year? Here are a few things already in development that I’m hoping to see in the next 12 months (though I can offer no guarantees):
New cross-platform and decentralised wallets • Bitcoin Authenticator with Android-based two-factor authentication • MultiBit HD, the followup to the popular MultiBit Classic. A new UI, wallet words, Trezor support and fully deterministic.
A better core protocol: more scalable and with the annoying malleability quirks finally removed.
StrawPay, a new ‘hub and spoke’ method of routing micropayments that builds on the payment channel implementation work done in 2013 by myself and Matt Corallo. Payment channel networks provide a way to rapidly route tiny micropayments around in a fast and secure way that is off the blockchain, but still uses the bitcoin protocol.
… and finally, of course, the launch of my own project for the last eight months: Lighthouse[11], an open-source app for all-or-nothing bitcoin crowdfunding.
Ultimately, people will buy bitcoins for the useful things they can do. If the last five years were about putting the basics in place, let’s make the next five about solving real problems for the person on the street.
Disclaimer:The views expressed in this article are those of the author and do not necessarily represent the views of, and should not be attributed to, CoinDesk.
