Skip to content

Instantly share code, notes, and snippets.

@Sjors
Last active Sep 20, 2021
Embed
What would you like to do?
Bitcoin Explained episode 9 transcript
Aaron:
We're going to discuss libsecp256k1.
Sjors:
K one. And thank you.
Aaron:
Why are we going to discuss it? We are going to discuss it because PIP free 40 support was merged into lip SAC P 2 56 K one this week. What was merged? Shut up. Okay. Yeah. So snore. Exactly. Thank you for actually making it clear, making it clear for our, this is her. Oh, I misunderstood. I misunderstood your question. Yeah. Snore was added. Yes. So lip sec, P 56 K one is a library. That's right. And we're going to explain what this library actually is or why it exists or what it does. And the reason we're going to explain that is because I actually didn't know that much about it. I sort of, it's one of these things for me that I heard about, and I kind of know what it is, but I never really got into it to any sort of serious extent. Okay. Libraries, first of all, let's start with libraries. Libraries. There's a thing called software libraries. Yes. And I'll just let you explain what a software libraries, first of all. So for any programmer that's listening, this is probably going to be very, very newish for you, but for people like me, this is actually kind of interesting
Sjors:
Way to describe it. A library is, is it's a reusable piece of software. So if, for example, open SSL. So library, we'll talk about it is a piece of software that lets you do all sorts of cryptographic operations from creating random numbers, to signing stuff with like every curve under the, under the sun. But it's not an actual program. It doesn't really do anything by itself, but other programs can use a library to do whatever they want without having to rewrite that stuff.
Aaron:
Or I assume you can take part of library, not necessarily the whole library, but get a specific
Sjors:
You can, you, you take the entire library, but you use a subset of it. Yes.
Aaron:
Yeah. So Bitcoin was at some point in the past, relying on open SSL
Sjors:
Until actually very recently, a few months ago. Yeah. But for less and less and less stuff. So in the beginning, openness is always used for all the things in particular. The reason it was needed is because Satoshi picked a cryptographic curve the sec P 2 56 K one curve because it was pretty and open a cell had support for it. So he did not have to write all this descriptive graphic functionality, which of course you never want to do yourself. It's, it's very dangerous to write your own cryptographic stuff. And this is also a reason why he didn't use Schnorr because there was no library for, it was, there were other reasons, but this was a big, this was a reason, right. For practical reason.
Aaron:
So just to be clear, when you say Bitcoin core Satoshi used this library to open SSL library, like how does a bit, how does a software program actually use library?
Sjors:
You just Google on stack overflow. How do you, how do you use open SSL? And then you just look at the examples and
Aaron:
Let me rephrase the question. Let me re rephrase your question. Where is the library or the library
Sjors:
Is included in the software package when you downloaded. Right?
Aaron:
So in this case, the
Sjors:
File contains some of the big Encore specific stuff, and then whole bunch of libraries. And that's what makes it so big or like 20, 20 megabytes.
Aaron:
So when you download Bitcoin core, the software between your twenties, the newest one, I guess then you actually download well in this case, not open SSL anymore, but for Bitcoin 19, you actually had downloaded the whole open SSL library. Yeah.
Sjors:
And openness,
Aaron:
And then it's hosted on your computer from that point on it just, you have the library on your computer, on your own computer. Right? Okay.
Sjors:
There is two ways to go about that. You can have a library sitting on your computer already and then software can say, let me just see if I can find that library and I'll use that. Then your download gets smaller. But the problem is that libraries change. And so you don't want to be surprised by what's on the computer, especially with cryptographic stuff. Right? And even if you included in the download, you can be surprised by what happens to the library because somebody else is maintaining that library. If you're not paying attention to what the other person is doing, they might break something.
Aaron:
Right. So in the case of let's stick to Bitcoin 19 between quarter 19,
Sjors:
Maybe take an older one. Cause I th I think it was in core 0.8 or something, or
Aaron:
Let's take a bit from core. I don't know where you're going with this, but let's take that one. Yep. So someone else is maintaining this library. Yep. Bitcoin core developers are maintaining Bitcoin. Yep. They write something in the code. They use some part of the library. You download the library from that, from the Bitcoin core code, they part of the libraries used. And then the big core developers may not have noticed some changed some change that happened in the library. And all of the sudden the stuff that they want a B Corp to do, isn't actually doing what they want to be bit to do because the library wasn't doing what they thought it would do because someone else was maintaining the library. Is that, is that a correct summary?
Sjors:
And, and to, to clarify what specifically happened here.
Aaron:
So you picked it, you picked Bitcoin core aids because there was a specific example. He wants to code
Sjors:
Be wrong about the number because Bitcoin core eight had a different problem. But sort of around that time, there was another bug in open SSL that I believe was unrelated to the problem that happened. But they basically had to upgrade open SSL because the old version was simply not safe, but unbeknownst to the core devs, there was another change in open SSL when they upgraded. And in particular, this was about when you see a signature, do you consider it valid or not? And the original version of open SSL was pretty relaxed. So it would accept signatures as valid, even if they did not meet the exact spec or there wouldn't be signed by somebody else. So it wasn't about stealing funds, but it was just, you could be a little bit sloppy about, you know, maybe you add a bite to the signature or maybe not. Right? So the notation could be a bit sloppy and the new version was picky. Now, if you use Bitcoin software to create a transaction, that was not a problem because any Bitcoin transaction was signed very strictly according to the protocol. But if you are now validating these transactions, if you use old software and you would see a sloppy version that was made with some other piece of software, the old software will be fine. The new software would say it's invalid. So all of a sudden you have an accidental, soft fork. Right.
Aaron:
And that's what actually happens.
Sjors:
Well, yes,
Aaron:
[inaudible]
Sjors:
Correct. VIP 66 was introduced because people became aware of this problem. At least some of the developers became aware of this problem. So they knew there was like an accidental software time bomb, basically code. And so they proposed BIP 66 is saying, oh, by the way, we should be more strict about these, what the signatures look like without saying, oh, by the way, does a bug and open SSL. So we better do this now.
Aaron:
Oh, it was like a secret bug fix of a problem with openness Excel. I don't think I knew that. Okay.
Sjors:
Well, yeah. I mean, openness to sell essentially improve itself by becoming more strict, but that made it a consensus change because what's consensus code. It's also whatever your libraries are doing. Yep. So basically open a cell, introduced a soft fork, but without saying, oh, you know, there's no deployment date in the open assault date just randomly happen.
Aaron:
Right. So that's it. So that's a great example of why it dependency because that's the official term is a problem. Exactly. This is a good example of that. And there have been more problems with openness. L I think
Sjors:
The cell is famous word vulnerabilities, and you know, the main, I think big reason behind that is that these libraries are used by everyone for decades, but they're only maintained by like one guy in Germany and who doesn't get funded. Right. Just like girl, I think is another famous example of that. It's like a library that, that downloads files girl it's used everywhere. It's probably used in a space shuttle, but that's just one guy and maintains it and nobody's helping. Right. And it's not good when the entire internet realizing it. And then in case of open SSL, there there've been plenty of books and it's very easy to make mistakes with cryptographic code, you know? Yeah. You forget. And it's written in C, so you forget a semi-colon. Oops. Right now you're skipping a line. So one of the books that was called Heartbleed
Aaron:
Yeah, that was recent couple of years ago. Yeah. A couple of years
Sjors:
Ago, I think it was a missing colon or like it literally just a one character mistake that the fact that it allowed you to log into any computer on the, on the internet affected everything. Right. That's the sort of severity and something like that in Bitcoin, of course, you know, could mean, oh, now we have a problem. Everybody can just steal all the money. So eventually, but at the same time, Peter Voda was working on a library
Aaron:
For a four hour American and English listeners. That's Peter viewly or however they want to pronounce it. Yeah. Or seatbelt
Sjors:
Or sipper
Aaron:
Hit either go on. He was on
Sjors:
A library. So a piece of software that was specifically designed to create and verify Bitcoin signatures and his original motivation was just to do it faster than open SSL. Okay.
Aaron:
So it wasn't the security motivation. It was just an performance improvement. Motivation. Yeah.
Sjors:
Well he thinks in a, he thinks he's in a podcast he did with Jane code. So if you Google that or it might be in the show notes, basically he wanted to make it, I think about four times faster and he could try and modify the openness of cell code itself. But apparently it's like such a nightmare to change any of that code. And also the openness cell code is very generic. It has to support all different kinds of photography. So it's more difficult if you want to change anything, you have to be very abstract in all the things you do. Right. So just, just like when you write a law, like you can't just say, John, can't go to the supermarket, you have to say something like, well, anybody over the, you know, 20 centimeters in size can not go to a supermarket. So it was very difficult to write these abstract documents. So he basically wrote a from scratch specifically for that curve. And it was added to Bitcoin core, I think, pretty early, but just to verify signatures and then later on also to create signatures and that coincided with the security vulnerability. So it was a good, but I don't think it was a cause of it. It was sort of around the same time. It was like, okay, we've we've had this near miss, like good have had a serious problem. Let's not use open SSL for that critical stuff anymore. Yeah.
Aaron:
And so then the goal was to get rid of that dip dependent was now I forgot the word dependency and writes a whole new cryptographic software library for Bitcoin. Right. It
Sjors:
Just a, the
Aaron:
Curve, just a just elliptic curve, just the thing that's used for signatures and yeah.
Sjors:
There's other cryptographic code individual core code base, for example, shot 2 56 is in there and a few other curves. And I think those were originally also from openness. So those things are a little bit less scary. Like you can implement Chateau 56 in a day if you're bored in any program.
Aaron:
Does it still use libraries for or what's that rewritten
Sjors:
Shut 2 56 as far as I know is directly in the code though. It's just, it's just copy paste it from somewhere and then improved.
Aaron:
Right. Got it. Okay. So lipstick 2 56 [inaudible]
Sjors:
Thank
Aaron:
You. That was to grab with, so it was Memphis and performance improvements. Then it was pivoted to actually be a new library for Bitcoin or at least sort of Bitcoin specific library to get rid of this dependency. You mentioned this before, but isn't that also a risk like that rolling your own crypto or
Sjors:
So the fact that this thing was like, this was reviewed by a lot of people, a lot of good cryptographers before adding it. And I think it was also compared against open SSL in terms of like using the same tests. But, but yeah, at some point, I mean, at some point you have to take that risk because the other one is like, just waiting for open SSL to explore
Aaron:
[inaudible]. So it can't really go wrong with that.
Sjors:
Well, you know, you don't want to have proof of owner, but I, a lot of very smart people looked at it, probably the same people who would also look at open SSL. So, so that's good, but you don't want to make a habit of this. And in fact, you know, they, they, they, they, you make constantly make very small tweaks to that library to make it a little bit faster, but it's, you know, you want to be very careful with that.
Aaron:
Right. Okay. So that's the library, Bitcoin has its own library. Now it's issues pay any other programs,
Sjors:
Remind it's turtles all the way down. Right. Because open SSL is also just written by people. Sure. So everything is an implementation at some point. Sure, sure. Okay. So your question,
Aaron:
I guess my first question would be, is this library use by anything other than Bitcoin? Yes.
Sjors:
So this library is a, I just heard it on a podcast with metallic. It's also used by Ethereum. So, and a whole bunch of other cryptocurrencies, basically any cryptocurrencies that uses the CIC P 2 56 K one elliptic curve, which is just as a nice mathematical object,
Aaron:
Right? Mostly cryptocurrencies only cryptocurrency. So it's pretty cryptocurrency specific, at least
Sjors:
Not aware of any non cryptocurrency project that uses it. It could write it, just the library that allows you to sign stuff, sign messages, and verify the signature on a message. So you could write a encrypted chat application that uses this curve if you want it to. But I don't know. I guess the encrypted chat applications out there might have their own curve that they use for their thing. I don't know what signal it uses, but they could.
Aaron:
Yeah. Okay. So that's lipstick. I keep having to pronounce this,
Sjors:
Splice it in the audio later.
Aaron:
I'll just, I'll just call it lipstick. Is there anything else that's called lipstick though. It's confused. People. Lipstick P okay. So lipstick P is that everything we need to know about liquid lipstick? P? I think so. Yeah. Okay. So BIP free 40 was merged, which is snore. Exactly. This has been in development for a long time as well, I think for years. Right? Correct. So this is also a new implementation of, so this is the first time snore has been included in any library, because you just mentioned that I dunno
Sjors:
The library, but at least at the time when Bitcoin was created, there was no library for Schnorr or at least it wasn't an open SSL, which is like a widely tested library. You wouldn't just want to randomly download, oh, look, somebody implemented Schnorr right. So what happened is, you know, the, the, I think Satoshi was aware of Schnorr, but there was a patent on it. So, and there was no implementation. So it was kind of both of these things. Cause I think the patent was actually expired in 2008
Aaron:
Or something. Yeah. Yeah. But, but
Sjors:
Either way, you know, you don't just want to write this stuff from scratch. And if you, if you try to develop a world changing thing, you don't want to then spend three years just, just implementing the cryptography, given how long it takes to really do this. So, but actually snore is simpler. And I think we may have explained this in an earlier episode,
Aaron:
But simpler than
Sjors:
Then ECDC. So then the,
Aaron:
And because w which is the elliptic curve algorithm that best concurrency currently uses, right.
Sjors:
In which the ellipse ECPI library implements. Yes. But the thing is you have the same elliptic curve, but then in order to make a signature, you have to do slightly different calculations with it. So that also means that the change for Schnorr is not as complicated as say, the initial version of lipstick P was the initial version of lipstick. We had to implement the curve, all the operations you can do on a curve like addition and multiplication, and then implement the signature algorithm of ECDC. But in order to do sure, you just need to do the signature algorithm, for sure. You don't have to do all the math, the basic foundational math. Right. So it's not a huge change. It's not like adding a whole new curve to it. It would be much more difficult to add, say a different elliptic curve or even a completely different kind of curve than it is to change just from, from ECDS age-ish nor is it a different way of signing. Okay. A simpler way of saying,
Aaron:
So this was implemented again by Peter [inaudible] assume what I know or at right.
Sjors:
That was written by him. I think he also wrote most of the implementation, but there's, you know, a lot of there's a lot of people on top of that.
Aaron:
Sure. And that was merged this week. So what does that mean exactly? What, where does this get us?
Sjors:
Right. So what that means is they're there now is an updated version of this library, but nobody's using that library yet. And another change is that Bitcoin core was changed. I think a few days ago to you to include that new version of the library to include it, not to actually use it in any way.
Aaron:
So the first major release of Bitcoin core, when you download that, you'll download the library. That includes snore.
Sjors:
Exactly. Because the usual process is stuff gets merged into the master branch and get up and every six months or so we say, okay, let's stop at this point and release whatever is in there. And so next time that'll, that'll include the shore coat. Yeah. It'll be in there. It might not do anything. It might have a few tests that try it. If you don't run the test, you're not going to run it.
Aaron:
Yeah. Between the next big core is not going to use snore yet. Is your prediction here? Is that your that's your bold prediction?
Sjors:
It would be extremely reckless if it did, but there are bots that use it. Right. Certain big cash coin uses Schnorr I believe. Oh yeah. I think so. But the, the actual spec for Schnorr was changed a little bit. So I don't know if they're going to change along with it or not. Right.
Aaron:
So anyways, it's going to be included in the library. Next time you download it, you're downloading this, but it doesn't actually do anything probably or not anything too important. Right. But that would be the next step then, like, I want to, I want to excite our audience. We're getting somewhere. Right. Is that what, that's the plan? Right.
Sjors:
So the idea here of course, is to have Schnorr as part of taproot. So the entire Tapper thing, there are already pull requests that describe what it's supposed to do that, you know, not completely finished, but pretty far along. So maybe they'll go in the next version. So not in the upcoming one to the next one. What I would imagine happens is that it gets added not to not remain it, probably not even to test net, but to this new thing called seek net, which is a whole new type of way to do Testnet, which we can do another episode about. But basically it'll, it'll go in and some innocent ways. So maybe they're just tests for it, you know, test to test for everything tablet related. And then anybody who knows how to compile code can just flip a switch and try it on their own machine. But it won't be on main net or probably not even on Testnet. And then maybe the next version, you know, this stuff takes time. And then even, even though it's in
Aaron:
The season of exciting our audience, well,
Sjors:
Your
Aaron:
Got a pump, it's got a pump, this pump, this coin shores
Sjors:
Time preference. This stuff takes a long, long time, but basically you, you add all the code in it and then you make so, so everything is in there, but you don't activate it yet. And then the next time you decide on activation mechanisms and even those mechanisms might take awhile. It's just, that's the thing.
Aaron:
It's a whole debate on its own, which we did an episode about, right? Yes. If I'm not misremembering. Okay. So that's what a library is. That's for the lip sec, P two fifth, 2, 5, 6 K one library specifically. Now you also know what snore is. Well, actually we didn't even get into what snore is, but we get there. We do that in a previous episode. Sure.
Sjors:
Go for it. It's
Aaron:
Simpler. Snore actually shows.
Sjors:
So what happened is there was this patent on this very simple system called snore by a person called Schnur. And it was very nice. It was a good way to make elect electronic signatures, but it was a patent on it. So people came up with a way to convolute the design. It could more complicated such that it would no longer fall under the patent. So when the lawyer said, okay, this looks obscure enough. So they were just adding numbers to it and subtracting things, just, just making it more complicated. Yeah. And then it didn't violate the patent. And so they shipped it. Yeah. But now we ended up with this horrible thing that is basically proof of lawyer convoluted mess. And now that the patent is expired, we just go right back to the original design, which is much better. And mainly it's better because you can, you can add signatures much more easily. And adding signatures is very nice because
Aaron:
You can perform math on it.
Sjors:
Yeah. You could perform math on the original one, but you'd have to have, you'd be able to publish papers just on the ability to add two numbers. Right.
Aaron:
So, yeah. So for, for the layman listener, you know, performing math on, it just means you can do cool mathematical tricks, like add numbers to both the signature or both the public, the key and the private key. And then it still adds up and still works. Or you can add signatures sort of like old dive capitals,
Sjors:
Which in the end translates to more privacy and less block space usage. So.
Participant #1:
Life permit. This is defend. Wishers NATO. That's right. Hello. Sure. Welcome back. Thank you. You confirmed your status as Bitcoin Core elite developer this week. Absolutely. Thanks to me, there has never been a more amazing way to send Bitcoin. This is absolutely groundbreaking. It changed everything. It changed nothing. Okay. Typically, this is not what the episode's gonna be about. The episode's gonna be about Lipstick P 256K, one library. That's right. But I want to know about this game changing technology that you just build and implement it. What is it? What does it do? Okay. So how did it change the world short. So there are many ways to send Bitcoin, but one of them is you download the Bitcoin Core software, and then it gives you a really nice graphical interface. You click at Mosi buttons and poof. So good. So far, so good. So far, so good. But there's also a command line way to do it. And especially if you need to do anything advanced, like using it with a hardware wallet, you'll have to use the command line. And it turns out the command line doesn't do exactly what I wanted to do. And so then you just make a pull request to change it. What did you want to do exactly that it didn't do well. In this case. Originally, I wanted to add PSP support to partially defined Bitcoin resection, exactly which we discussed in the first episode. I wanted to add that to the standard way of sending. But the problem is these this command line stuff is used by a lot of automated systems. So a lot of Bitcoin exchanges, they might be running Bitcoin core, and they might be relying or Bitcoin ATMs. They might be relying on these methods, which means if you change them, you have to be very, very careful not to suddenly break like a million Bitcoin ATMs. Right. Any change to the existing method we'll run into that type of problem, you can usually add stuff, but then it becomes super ugly because you just add another argument and another argument. And so it just becomes tedious to use. So ultimately, I decided to just create a new sent method. So now there's like, five different ways to send from the command line. Right. But there was a couple that were really designed from the beginning just to send coins to somebody else. And there was a couple designed for PSP specifically, but those are very inconvenient to use. If you just want to send something and click OK on a hardware device. Right. So this one is future proof. It should be able to send coins very quickly. But if you want to then expand Bitcoin core to work with hardware wallets, it's like a one line change, so that it also works for that just kind of why I built it. So it was a prerequisite of the one of the many, many, many prerequisites to having easy to use hardware wallet support, right? Yeah. You've got a bunch of work on hardware Waller integration for Bacon Core, haven't you? A little bit. Yeah. I think the bulk is still Andrew Chanel, you been completely rewritten the wallet. I like to test this stuff and review it, but I. Yeah, I'm using the library. The Hwi library that he wrote, which is basically just a collection of drivers from all the different hardware wallets. It's all the different hardware wallets. They usually have some Python code, but that also supports all their shit coins. And we basically just took the essential parts of the code with just Bitcoin support and just shove it into one little project that you can download. Right. So. Yeah. And this the ultimate Send RPG. What was it called? Rpc? Yeah. The ultimate Sent RPC is the name. I think it's going to be marked experimental because there'll probably be plenty of bike shedding of what the exact interface should look like. Right. But it's a small step towards hardware wallet integration. Another one of 100 small steps. Yes. Great. Thank you. Sure. I was a bit surprised that I got Merch as quickly as I did, so we should we be worried? No. Okay. We're going to discuss Lip Sack P to our live name 256K One. Thank you. Why are we gonna discuss it? We are gonna discuss it because Pip 340 support was merged into Lip Stack to 56K one did week. What was Merced? Sure. Was that it? Yes. Okay. So exactly. Thank you. Frankly, making it clear for our visitor. Oh, I misunderstand misunderstood your question. Yeah. Not was added. Yes. Lipstick P 256K One is a library. That's right. And we're gonna explain what this library actually is or why it exists or what it does. And the reason we're gonna explain that is because I actually didn't know that much about it. Sort of. It's one of these things for me that I heard about, and I kind of know what it is, but I never really got into it to any sort of serious extent. Okay. Libraries. First of all, let's start with libraries to libraries. There's a thing called software libraries. Yes. And I'll just let you explain what the software libraries. First of all. So for any programmer that's listening is probably going to be very, very nervous for you. But for people like me, this is actually kind of interesting. The easiest way to describe it to libraries. It's a reusable piece of software. So, for example, open SSL the library will talk about. It is a pizza software that lets you do all sorts of cryptographic operations, from creating random numbers to signing stuff with, like, every curve under the under the sun. But it's not an actual program. It doesn't really do anything by itself. But other programs can use a library to do whatever they want without having to rewrite that stuff. Or I assume you can take a part of library, not necessarily the whole library, but in specific, you take the entire library, but you use a subset of it. Exactly. Yes. Yeah. So Bitcoin was at some point in the past relying on Open SSL until actually very recently, a few months ago, but for less and less and less stuff. In the beginning, Opens is always used for all the things. In particular. The reason it was needed is because Satoshi picked a cryptographic curve, the SAP 256K one curve because it was pretty and open a cell had support for it, so he did not have to write. All this is cryptographic functionality, which, of course, you never want to do yourself. It's very dangerous to write your own cryptographic stuff. And this is also a reason why he didn't use Snore because there was no library for it. There were other reasons, but this is as a reason for a practical reason. So just to be clear, when you say basic core that use this library, the Open SSL library. Like, how does a software program actually use library? You just Google on Stack overview how to use Open SSL. And then you just look at the examples. Let me request let me rephrase the question, where is the library? The library is included in the software package when you downloaded. Right. So in this binary file contains some of the big on core specific stuff, and then a whole bunch of libraries, and that's what makes it so big or like 20 megabytes. Right. So when you download Bitcoin Core, the software between 20 is the news one, I guess then you actually download. Well, in this case not open SSL anymore, but you for Bitcoin 19. You actually downloaded the whole Open SSL library. Yeah, that's correct. And open it. And then it has that on your computer. From that point on, it just you have the library on your computer on your own computer right now. Okay. There's two ways to go about that. You can have a library sitting on your computer already, and then software can say, let me just see if I can find that library and I'll use that. Then you download get smaller. But the problem is that libraries change. And so you don't want to be surprised by what's on the computer, especially with cryptographic stuff. Right. And even if you include them to download, you can be surprised by what happens to the library because somebody else is maintaining that library. If you're not paying attention to what the other person's doing, they might break something very bad. Right. So in the case of let's stick to Bitcoin 19, Bitcoin core 19. Well, in this case, maybe take an older one because I think it was bit more 0.8 or something. Let's take Bison Core. I don't know where you're going with this, but let's take that one. So someone else is maintaining this library. Bitcoin core developers are maintaining Bitcoin. They write something in the code they use some part of library you download library from the from the Bitcoin core code, stay part of library is used. And then the bio core developers may not have noticed some some change that happened in the library, and all of a sudden, the stuff that they wanted a bit core to do isn't actually doing what they wanted a bit core to do because the library was doing what they thought they would do because someone else was maintaining the library. Is that correct? Summary? Yeah, that's right. And to clear for what specifically happened here, you picked Bitcoin Core eight because there was a specific example you wanted to code. I might be wrong with the number because Bitcoin core has a different problem, but sort of around that time, there was another bug in Open SSL that I believe was unrelated to the problem that happened. But they basically had to upgrade Open SSL because the old version was simply not safe, but unbeknownst to the cord, as there was another change in Open SSL when they upgraded. And in particular, this was about when you see a signature. Do you consider it valid or not? And the original version of Open SSL was pretty relaxed. So it would accept signatures as valid even if they did not meet the exact spec. Now they wouldn't be signed by somebody else. So it wasn't about stealing funds. But it was just you could be a little bit sloppy about maybe you add a bit to the signature or maybe not. Right. So the notation could be a bit sloppy. And the new version was very picky. Now, if you use Bitcoin software to create a transaction, that was not a problem because any Bitcoin transaction was signed very strictly according to the protocol. But if you are now validating these transactions, if you use old software and you would see a sloppy version that was made with some other piece of software, the old software would be fine. The new software would say it's Invalid. So all of a sudden you have a accidental software, right. And that's what actually happens. Well, yes, it is what we're talking about here, correct. Vip 66 was introduced because people became aware of this problem. At least some of the developers became aware of this problem. So they knew there was an accidental software time bomb, basically the code. And so they propose BIP 66 are saying, oh, by the way, we should be more strict about what these signatures look like without saying, oh, by the way, does a bug and Open SSL. So we better do this now. Oh, it was like a secret bug fix of a problem with Open SSL. I don't think I knew that. Okay. Well, yeah. I mean, Open SSL essentially improved itself by becoming more strict, but that made it a consensus change, right. What's consensus code? It's also whatever your libraries are doing. Right. So basically open a cell introduce a software but without saying, oh, there's no deployment date in the Open solidate just randomly happened. Right. So that's a great example of why a dependency, because the official term is a problem. Exactly. This is a good example that and there have been more problems with open SSL, I think. I mean, open SSL is famous for vulnerabilities. And, you know, the main, I think big reason behind that is that these libraries are used by everyone for decades, but they're only maintained by one guy in Germany who doesn't get funded. Right. Just like Girl, I think, is another famous example of that. It's like a library that downloads files, curl. It's used everywhere. It's obvious in the space shuttle, but there's just one guy and maintains it and nobody's helping. Right. And it's not good when the entire Internet relies in it. And then in case of open SSL, they have ever been plenty of Bucks. And it's very easy to make mistakes with cryptographic coat on you you get and it's written in C. So you forget a semicolon Oops right now you're skipping a line. So one of the bugs that was called hard lead. Yeah. That was it fairly recent couple years ago. Yeah. A couple of years ago. I think it was a missing colon or literally just one character mistake. Yeah. It allows you to log in to any computer on the the Internet affected every time. Right. That's a sort of severity and something like that in Bitcoin. Of course, you could mean now we have a problem. Everybody can just steal all the money. So eventually. Well, at the same time, Pete Ada was working on a library for our American and English listeners. That's Peter Bule or however, they want to pronounce it or Spa or Sip. He's the river on. He was working on a library. So a piece of software that was specifically designed to create and verify Bitcoin signatures. And his original motivation was just to do it faster than open SSL. Okay. And it wasn't the security motivation. It was just a performance improvement motivationally. He explains this in a podcast he did with Chain code. So if you Google that, it might be in the show notes. Basically, he wanted to make it, I think about four times faster, and he could try and modify the OpenSSL code itself. But apparently it's like such a nightmare to change any of that code. And also the open call code is very generic. It has to support all different kinds of photography, so it's more difficult if you want to change anything, you have to be very abstract in all the things you do, right? Just like when you write a law, you can't just say, John can't go to the supermarket. You have to say something like, well, anybody over the, you know, 20 CM in size cannot go to a supermarket. So it's very difficult to write these abstract documents. So he basically wrote it from scratch specifically for that curve. And it was added to Bitcoin core, I think, pretty early, but just to verify signatures and then later on, also to create signatures. And that coincided with the security vulnerability. It was good, but I don't think it was the cause of it. It was sort of around the same time. Is that right? We've had this near miss. I could have had a serious problem. Let's not use Open SSL for that critical stuff anymore. Yeah. And so then the goal was to get rid of that. I dependent forgot the words of dependency dependency. Exactly. And write a whole new cryptographic software library for Bitcoin. Right. It's the curve, just a lift curve, just a thing that used for signatures because there's other cryptographic code in the Bitcoin core code base. For example, Shot to 56 is in there and a few other curves. And I think those were originally also from OpenSSL. Those things are a little bit less scary. Like you can implement Shot 56 in a day. If you board in any programming language, does it still use libraries for ago or was that rewritten so Shot 56, as far as I know, is directly in the code. So it's just copy, paste it from somewhere and then improved. Right. Got it. Okay. So lip sack to 56, is that right? It's 256K one. Thank you. That was to get rid. It was meant as a performance improvement. Then it was pivoted to actually be a new library for Bitcoin or at least sort of Bitcoin specific library to get rid of this dependency. You mentioned this before, but isn't that also a risk like that rolling your own crypto. So absolutely. So the fact that this thing was like this was reviewed by a lot of people, a lot of good photographers before adding it. And I think it was also compared against open SSL in terms of using the same tests. But yeah, at some point at some point you have to take that risk because the other one is waiting for Open SSL to explode. Toss it was Peter, so I can't really go wrong with that. Well, you know, I don't want to have proof of air, but a lot of very smart people looked at it. Probably the same people who would also look at Open SSL. So that's good. But you don't want to make a habit of this. And in fact, they do constantly make very small tweaks to that library to make it a little bit faster. But you want to be very careful with that, right. Okay. So that's the library Bitcoin has its own library. Now. It says use pay any other programs, but keep in mind it's turtles all the way down. Right. Because Open SSL is also just written by people. Sure. So everything is an implementation at some point. Sure. Sure. Okay. So your question, I guess my first question would be, is this library used by anything other than Bitcoin. Yes. So this library is I just heard it on a podcast with italic. It's also used by Ethereum and a whole bunch of other cryptocurrencies. Basically, any cryptocurrencies that uses the SP 256K one Elliptic curve, which is just a nice mathematical object, right. Mostly cryptocurrencies to only cryptocurrencies. It's pretty cryptocurrency specific, at least. Yeah. I'm not aware of any non cryptocurrency project that use it. It could. It's just a library that allows you to sign stuff, sign messages, and verify the signature on a message. So you could write an encrypted chat application that uses this curve if you wanted to. But I don't know. I guess the encrypted chat applications out there might have their own curve that they use for their thing. I don't know what signal uses, but they could. Yeah. Okay. So that's Lisa. I keep having to pronounce this. Yeah, I slice it in the audio later. I'll just call Lisa. Is there anything else that's called Lips that confused people Lipsia? Okay. So Lips P is that type of thing we need to know about Lips? I think so. Yeah. Okay. So BIP 340 was merged, which is Snore. Exactly. This has been in development for a long time as well. I think for years. Right. Correct. So this is also a new implementation. Oh, sorry. This is the first time Snore has been included in any library because you just mentioned that. I don't know. It wasn't any library, but at least at the time when Bitcoin was created, there was no library for a Snore, or at least it wasn't an open SSL, which is like a Whitely tested library. You wouldn't just want to randomly download. Oh, look, somebody implemented nor. Right. So what happened is I think Satoshi was aware of Shore, but there was a patent on it, and there was no implementation. So it was kind of both of these things because I think the patent was actually expired into the thing. It just lapsed or something. Yeah. But either way, you don't just want to write the stuff from scratch. And if you're trying to develop a world changing thing, you don't want to then spend three years just implementing the cryptography, given how long it takes to really do this. But actually, Snore is simpler. And I think we may have explained this in an earlier episode, but you mean simpler than Ed, say the because which is that Elliptic curve algorithm that this concurrency currently uses in which the Ellipse Free library implements. But the thing is, you have the same Elliptic curve, but then in order to make a signature, you have to do slightly different calculations with it. So that also means that the change for score is not as complicated as, say the initial version of Lips. It was the initial version of Lipstick. We had to implement the curve. All the operations you can do in a curve like addition and multiplication, and then implement the signature algorithm of ECD. But in order to do short, you just need to do the signature algorithm for Snore. You don't have to do all the math basic foundational math. So it's not a huge change. It's not like adding a whole new curve to it. It would be much more difficult to add, say, a different Elliptic curve or even a completely different kind of curve than it is to change just from ECDSA to Snore. Is it a different way of signing, in effect, a simpler way of signing. So it was implemented again by Peter Valli. Assume what I know or write. The spec was written by him. I think he also wrote most of the implementation, but there's there's others, a lot of people on top of that. Sure. And it was merged this week. So what does that mean? Exactly where does this get us? Right. So what that means is the now is an updated version of this library, but nobody is using that library yet. And another change is that Bitcoin Core has changed, I think a few days ago to include that new version of the library, right? To include it, not to actually use it in any way. So the first major release of Bitcoin Core when you download that, you'll download the library that include Snore, exactly. Because the usual process is stuff gets merged into the master branch and get up. And every six months or so we say, okay, let's stop at this point and release whatever is in there. And so next time that'll include the Snore code. Yeah, it'll be in there. It might not do anything. It might have a few tests that try it, right? You don't run the test, you're not going to run it. Yeah. The next Pay Core release is not going to use, nor yet is your prediction here? That's your bold prediction. I would say it would be extremely reckless if it did. But there are bots that use it. Right. Certain Vicash Coin uses Snore, I believe. Oh, yeah, I think so. But the actual spec for Snore was changed a little bit, so I don't know if they're going to change along with it or not. Not a huge change. So anyway, it's going to be included in a library. Next time you download that, you're downloading this, but it doesn't actually do anything. Probably or not anything too important. Right. But that would be a next step. Then, like, I want to excite our audience. We're getting somewhere, right? Yeah. That's the plan. Right. So the idea here, of course, is to have Snore as part of tap root. So the entire taper thing, there are already pull requests that describe what it's supposed to do that are not completely finished, but pretty far along. So maybe they'll go in the next version. So not in the upcoming one to the next one. What I would imagine happens is that it gets added, not domain. Net. Probably not even to test. Net, but to this new thing called Signet, which is a whole new type of way to do test. Net, which we can do another episode about. But basically it'll go in some innocent way. So maybe there's test for it, you know, to test for everything Tepera related. And then anybody who knows how to compile code can just flip a switch and try it on their own machine. But it won't be on my. Net, or probably not even on test. Net. And then maybe next version, you know, this stuff takes time. And then even though it's interest, it is not exciting our audience. Well, I got a pump. I got to pump this coin. So I'm pumping load time preference. This stuff takes a long, long time. But basically you add all the code in it and then you make so everything is in there. But you don't activate it yet. And then the next time you decide on activation mechanisms, and even those mechanisms might take a while. That's the whole debate on its own, which we did an episode about, right? Yes. If I'm not misremembering. Okay. So that's what a library is. That's what the Lips AC P. 2256k. One library specifically. Now you also know what story is. Well, actually, we didn't even get into what Snore is, but we get did we do that in the second free go for it. It's simple. What Snore actually shows. So what happened is I was this patent on this very simple system called Snore by a person called Snore, and it was very nice. It was a good way to make electronic signatures, but it was a patent on it. So people came up with a way to convolute the design, make it more complicated, such that it would no longer fall under the patent. So when the lawyer said, okay, this looks obscure enough. So they were just adding numbers to it and subtracting things, just making it more complicated. And then it didn't violate the patent. And so they shipped it. But now we ended up with this horrible thing that is basically proof of lawyer convoluted mess. And now that the patents expired, we just go right back to the original design, which is much better. And mainly it's better because you can add signatures much more easily. And adding signatures is very nice because you could perform math on it. Yeah, you could perform math on the original one, but you'd be able to publish papers just on the ability to add two numbers. Right? Yeah. So for the layman listener performing math on it just means you can do cool mathematical tricks, like add numbers to both the signature or both the publicly key and the private key, and then it still adds up and still works. Or you can add signatures or, like all those companies, which in the end translates to more Privacy and less block space usage. So it's all good. Nice. And that's included in the lipstick. This is the last time I'm going to pronounce is lipstick. P. 256k One library. And that means we're getting to ready to pump into the Bulls. Warming up. Yours. Is that right? I'm sure it is. Okay, then I think this was the episode, wasn't it? Yeah. Thank you for listening to the Ven. Weirdo. Shores. Nato There you go.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment