Workshop Summary Scaling Bitcoin V Tokyo 2018

Content originally published by BitcoinOptech on newsletter #16.


The fifth Scaling Bitcoin conference was held Saturday and Sunday in Tokyo, Japan. In the sections below, we provide brief overviews to some of the talks we think might be most interesting to this newsletter’s readers, but we also recommend watching the complete set of videos provided by the workshop organizers or reading the transcripts provided by Bryan Bishop.

Mast and Schnorr Signatures
Bitcoin’s development effort for the past few years has been focused on a few key concepts, privacy, scalability and efficiency. One of the first improvements was Segregated witness which is ushering in the rest, Lightning Network followed but was an effort in a different direction as it took transactions off-chain rather than optimizing the on-chain process. Some of the upcoming technologies aimed at optimizing this process are Schnorr Signatures and Merkelized Abstract Syntax Trees or MAST for short.
Bustapay: a practical sender/receiver coinjoin protocol

One of the main features intended for Bitcoin in the future is a native support for multisig payments and coinjoins, they are currently supported by the Blockchain but not in a native way and as such they do not have as much efficiency and privacy as desired. This is going to be the main focus of the next major update in Bitcoin, changing the signature scheme to Schnorr Signatures.

As a simplified alternative to Pay-to-Endpoint (P2EP - Pay-to-Endpoint), developer Ryan Havar proposed a BIP for a new coinjoins protocol that does not need changes to the current Bitcoin consensus and provides a simple, practical way to make coinjoin transactions that are indistinguishable from normal ones.

A BIP proposal for 'cancellable' transactions

Alejandro Ranchal Pedrosa and Tucci-Piergiovanni proposed a new BIP to extend OP_CSV1 and/or OP_CLTV2 to allow and interpret negative values.

The discussion that followed concluded that the BIP would be breaking a fundamental rule which is that valid transactions remain valid. This could lead to loss of funds when several transactions are made invalid.

Bitcoin Encrypted Communication (BIP151) Overhaul

On of the pros of Bitcoin since its birth is that it’s a public ledger, anyone is allowed to send and receive payments and data on the Blockchain. However, Bitcoin’s network does not provide a way of encrypting communication between nodes, which allows manipulation of data, mass surveillance and analysis of its users.

Although encrypted communication is currently a possibility with VPNs, TOR or other mechanisms, it is not easy for the average user to setup such a connection. There is BIP draft called BIP151 that aims to add encrypted communication to Bitcoin’s network and which currently seems implemented only by Armory.

Jonas Schnelli presented an overhauled version for BIP 151 with some major changes:

Extending BIP 174 for HTLCs

We’ve talked about BIP 174 before, this time we’re bringing a quick update and that is HTLC support.

HTLC stands for Hashed TimeLock Contracts, they are a type of payments that uses hashes and time locks to require the receiver to generate a cryptographic proof (preimage) that they did receive the payment, otherwise the payment is forfeited and sent back to the sender.

Alex Bosworth proposed adding HTLC support to PSBTs by adding an extra input.

Pay to EndPoint

When Bitcoin was created privacy was not in mind, Bitcoin is a public blockchain and it was created that way. Addresses, balances and transactions are public for anyone to search and track, while that provides transparency, it also lacks privacy.

As a result this lack of privacy can be used by blockchain analysis tools. They work on the principle that in most transactions with more than one input, all of these input addresses belong to the same entity, which can be traced back to its source IP.

This allows companies and governments to track an entity from one address and accurately guess its transactions and holdings in other addresses.

A group at Blockstream recently worked on a new type of transaction aiming at invalidating this principle, Pay to End Point aims at allowing both the sender and the receiver to sign inputs in the transaction, ensuring enough of these transactions exist on the blockchain will invalidate this principle and boost privacy for all Bitcoin users.

BLS Library

A library has been released for BLS signature aggregation using a construction based on Musig. Musig is a scheme for non-interactive signature aggregation built on the Bellare-Nevan multisignature scheme which makes it possible to create just one public key from multiple public keys.

BLS signatures can be aggregated non-interactively although it makes the process slightly slower. They also have the same aggregation features with Schnorr signatures such as a resulting signature of constant size, reduced data size for easy validation and transmission on networks and high security.

This release is the first draft but is fully functional however it’s not yet reviewed for security.

An other known BLS library can also be found here