How Bitsquare would deal with a BU hard fork


#1

Unfortunately I need to waste my time to react on the menace called Bitcoin Unlimited.
So instead of being productive I have to write up here a statement and announcement how Bitsquare would deal with a potential hard fork scenario. Let me know to whom I can send the invoice for this ;-).

As many of you might have noticed on Twitter, Bitsquare is in clear opposition to BU and I personally consider it not only as a reckless and irresponsible behavior of an out-of-control power cartel but as a political attack on Bitcoin.

In the rather unlikely event that they really start a hard fork and the even more unlikely event that they would succeed to take over the Bitcoin network and destroy the current version I would either move the main currency to what will be the follower project of the current Bitcoin Core development branch or move to another Altcoin like Monero.
This personal position might explain why I react rather emotional and radical in regards to BU.
I experience it not only as a threat for Bitcoin but as a threat to the work I was spending my time the last 3 years.

Beside that personal statement I want to give a bit of background what a hard fork would mean for Bitsquare and how we would deal with it.

  • We use BitcoinJ as SPV wallet and unfortunately we have not only inherited a severe privacy issue with the broken bloom filters [1] but also another weakness which got more visible in the light of the current HF discussions [2].
    BitcoinJ follows blindly the longest PoW chain, even if that chain is breaking Bitcoin consensus rules. So a user could end up to be on the BU chain without having any control over that decision!
    I think it is mandatory to give the user full control which chain he wants to support. A consensus rule violation is nothing what we can delegate to a corrupt mining cartel.

  • Beside that problem there are risks with replay attacks. There have already been much written about that topic so I refer to the links below [3].

  • Even worse in Bitsquare we create a joint transaction of both traders (the deposit multisig tx gets inputs from both traders) so it might be that one input comes from the BU chain and the other from the BTC chain. Even if that deposit tx would not get confirmed on the BTC chains as the inputs of the consensus rule violating chain will be rejected it might get confirmed on the BU chain, leading to the risk that the user thinks it is safe to start the Fiat or Altcoin transfer, just to discover that he was on the wrong chain.

  • Bitsquare uses zero confirmation transactions in the preparation for a trade (funding tx to the wallet, offer fee payment tx). Only the deposit tx requires at least 1 confirmation. That has no security risks as if anyone would do a double-spend the deposit tx would become invalid so rendering the double spend pointless. The max. damage is loss of time and decreased user experience.
    Zero confirmation transactions would become more risky and create a serious usability issue in case of a HF. We cannot wait for 1 confirmation (or probably there will be required many more confirmations in such a scenario) at each preparation step. That would render the process very slow. Beside that it would require software changes.

Conclusion:
In case of a HF scenario trading on Bitsquare would become highly disrupted and risky.

What can we do against it?

Mid-term we want to get rid of BitcoinJ. But we need to get the SPV Bitcoin Core [4] first released and then the dev resources to change the whole wallet implementation.
There are other plans for fraud proofs [5], something what Satoshi initially envisioned for the SPV model but unfortunately never got implemented.
Hopefully that will be available soon, but we cannot count on that, specially as it would need to be implemented in BitcoinJ as well.

So what can we do short-term?

  • We can provide a white-list of trusted Bitcoin nodes to connect to where we are 100% sure that they are running as BTC nodes. Alternatively any user can run his own BTC node locally or remotely and connect only to that or use his own white-list.
    I am aware that providing a whit-list is a problematic strategy on its own, but so far I have not found a better one which is feasible from the technical effort and time horizon. Fraud proofs would be the best solution.

  • So the above might help us to solve the problem that a user has no control over which chain he uses.
    But there is still the problem that some users might prefer BU and point their client to BU nodes. We could split the network by using a different protocol version but if the users is lying about his preference for BU we don’t gain anything and a trader might end up in a mix of BU and BTC inputs for his deposit tx, leading to the above described usability degradation.

  • The replay attack problem is even harder to solve. As we cannot expect that BU will build in a working replay attack protection (even if they would intend to do it it is highly questionable if it would work - I doubt highly their competence).
    A certain time after the HF there will be likely solutions how to securely split one’s coins [6].

One thing is important to emphasize:

If the user does not do anything, no trading and not moving their BTC there is no risk! The fund are safe in the wallet, only when the user is doing a transaction he enters the stomp BU is preparing.

So what will be our strategy in the event of a HF?

  • First we will publish an alert message to the network (similar like we send out update messages). That message will tell the user to not use Bitsquare for trading and not transferring funds.
  • We likely will release a white-list of BTC nodes, that can be added by the user in the settings.
  • As soon there is either clear that BTC is the winning chain or there is a clear solution how to protect against replay attacks and how to make sure to follow the right chain and trade with a peer who follows the same chain we would send out another message to signal it is safe for trading again. That would probably comes with a new software release as well.
  • In the highly unlikely event that BU will be the winning chain, we will move over to either the new Bitcoin Core Coin or another Altcoin like Monero (though that will not be possible atm as there is no MultiSig support as well as other technical hurdles).
    So be assured Bitsquare will not run on BUgCoin!

There is no way that we can stop trading as even if we stop our seed nodes the users would connect to any of the previously connected peers if one is online.
Only first time users would not be able to connect to the network without the seed nodes. So the effect of that attempt would be very limited.
This proofs that we are already that censorship resistant that even I cannot stop it anymore, even in a case I really would like to.

References:
[1] https://bitsquare.io/blog/privacy-in-bitsquare/
[2] https://groups.google.com/forum/#!topic/bitcoinj/PmMN18xxCI0
[3] https://bitcoinmagazine.com/articles/beginners-guide-surviving-coin-split/
https://bitcoinmagazine.com/articles/how-light-clients-can-protect-themselves-coin-split/
https://bitcoinmagazine.com/articles/bitcoin-unlimited-miners-may-be-preparing-51-attack-bitcoin/
https://blog.greenaddress.it/2017/03/27/greenaddress-position-on-contentious-forks/
https://blog.bitgo.com/bitgos-approach-to-handling-a-hard-fork-71e572506d7d#.2b9r6ss3p
https://medium.com/@bitrated/bitrateds-position-on-network-splits-and-bitcoin-unlimited-4685c5c3f8e8
[4] https://github.com/bitcoin/bitcoin/pull/9483
[5] https://github.com/luke-jr/bips/blob/bip-sizefp/bip-sizefp.mediawiki
[6] http://docs.electrum.org/en/latest/hardfork.html


pinned globally #2

#3

Thank you Manfred for taking your time to clarify this :slight_smile:


#4

These words is what I’m missing from other parts of Bitcoin, specially some miners.


#5

If miners need to buy their hardware from Bitmain they are held in hostage… Bitmains ASIC monopoly is a huge threat to Bitcoin. I think we need to find a way to solve that. PoW change or something else in that direction…


#6

As long as I can split the tokens after a potential fork, I don’t mind the added volatility and security risks. I don’t have a dog in this fight really. I’ll be purchasing BTC-CAD mainly to fund the security deposit, escrow fees, and BTC-ETH conversion. This isn’t a political issue for me. I simply want to ensure that I’ll be able to exchange both tokens in the event of a fork. I already went through this once with the ETH-ETC controversy. Hopefully, BU will be a similar case and we will all recover quickly.

As my interests are largely with Ethereum, I wonder if the Bitsquare community would consider a transition to this platform in the (highly unlikely) event of a BU majority? This would appear to me to be the superior alternative given the liquidity of ETH, network transaction speeds / costs, development resources, and feature set with respect to smart contracts. I think this may well be mutually beneficial for the Ethereum and Bitsquare projects, as well as the larger crypto-ecosystem. Just suggesting this for your consideration / contingency planning as I’m a “true believer” in the value of both Bitsquare and Ethereum.


#7

I do not get what so many have against BU. Core is clearly a hostile takeover, they censor blogs, they brake contracts (eg the promise to lift the blocksize to 2MB together with SegWit), they stole the XTHIN blocks protocol and renamed it to compact blocks, they spread lots (!) of fud against BU. In comparison BU is just the logical consequence of what Satoshi just invented without the blocksize limit (biggest mistake he made).

Obviously emotion has taken over the discussion about facts. It would be good to cool down and turn back to facts. Btw a split would end up in a race about hash rate. Since BU would fork only in case of a majority hashrate and it would doubtless scale much better than core it will win the race. On top Core would need to patch all remaining core nodes with a modified difficulty because otherwise they would not be able to mine a single block anymore.


#8

For me BU seems like an effort towards centralization of bitcoin.
Maybe I’m wrong (if so please correct me), but BU is like giving control of Bitcoin exclusively to miners.


#9

nobody has exclusive control over Bitcoin. But since the miners control the blockchain they have the most direct influence. But they are not alone - Bitcoin (the blockchain) is part of an economic system with users, payment providers and merchants. Finally this economic system drives the value of Bitcoin. If miners switch to the wrong blockchain and leave the system behind they lose their investment. On the other side user, payment providers and merchants want to use the most secure and best scalable blockchain. Though everybody should be incentivised to stay on track with the right blockchain.

The argument that BU fosters miner centralization is very artificial. It is derived from the fact that BU favors onchain transactions. But a look into technology growth and Moore’s law shows that this argument fails and is very artificial. On top BU does not prevent using SegWit etc also with BU in the future.

On the other side Blockstream wants to remain stick with 1MB blocks every 10min forever. Even after SegWit and Schnorr that would require a second layer network which is indepenend from the underlying blockchain to scale. In the past Blockstream has shown a proven track record of breaking contracts and censoring forums. That should raise an alarm clock in everybodies mind to ask questions about Blockstream’s intentions.

From that perspective there is no right or wrong decision. It is more a question of which team can we trust to do the right thing in the future. I would break it down to who is most invested into Bitcoin …


#10

Well I guess Bitsquare should move to use it’s DAO tokens for trades as main currency in order to stay neutral. This would give them a value. I know this is the plan already, but in case of people getting too worked up about choosing sides, it can be made exclusive. This project can simply support the idea of cryptocurrenices and not any (however popular, or awesome, it is) in particular. There is really no telling in what state any crypto will be in few years, but the technology will very likely be used more. There might not even be a winning chain, they could coexist in harmony. We really should be prepared for anything.


#11

Been here doing this since a few dollars bought thousands of btc. From the look of the incompetency of BU and talk of an attack, there can be no support for such a group of ratchet idiots *IMHO.
Bitcoin Unlimited actually promises some more surprise outages.
I do not believe after the release of CLOSED source code anyone anywhere would take them seriously ever again.

An aside: I wish the trading engine on Bitsquare allowed for Alt logic so as to not make ONE currency the ruler of them all, but for some reason Dev found this to be best for the system. Long term not a great plan, but Manfred, all your hard work is appreciated. A redesign of some of the structure of the core client to allow logic for some other currency pairs could future proof the project. How much would that cost to develop @ManfredKarrer ? If it is priced well, maybe the community myself included will fund you in that refactoring.


#12

Bitcoin is the base currency because it has the best security, largest user base and best tool/code/feature support.
There is nothing principle wrong to use another altcoin as base currency, its is just a lot of work, and does not give advantages (beside to push that altcoin). The only ones where I would see advantage would be the privacy centric ones (Monero, ZCash,…). But there features are missing, they have a much smaller users base (network effects are harder) and they are newer and less battle tested.
Network effects is another important issue. It is hard to bootstrap and partitioning the community in smaller segments will hurt all in the end. I am not a BTC maximalist, I just see it pragmatic and I don’t see any convincing reason to put effort into such. Also there is so much else open on the dev front and so many interesting ideas, which are much more important (re privacy/decentrl.) than to change the base currency.


#13

thanks for the considered reply, it is more than appreciated. What I had envisioned was an “in addition too” bitcoin, more alt options as a trading pairs. Bitcoin remaining the default but a slow addition of extra features. There is a reason that cryptcy and now Poloniex get a HUGE amount of volume. I saw that as making the case for Bitsquare DAO much more interesting and financially rewarding while removing as much centralization from Crypto currency exchanges as possible.

I guess Bitsquare isn’t meant to meet that need since other goals need to be attained and prioritized. Atomic swaps, multi currency wallet (at least those similar to bitcoin as Trezor has done) is a pipe dream/fantasy for now. Keep up the good work.

Now back to figuring out how to kill BU. Why let it die gracefully while it puts billions at risk?


#14

Just warn people of your honest concerns about it. No need to do anything else :slight_smile:


#15

Today I received this from CoinCorner
It is the results from a customer poll.
I wonder what customers in other similar sites/services would have answered if asked.


#16

FYI :https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-April/013996.html
If you not have already read it please take the time. It sheds a lot of light on the situation.


#17

maybe DASH would be an alternative. It is based on Bitcoin and has all features needed for Bitsquare. On top the instant payment option would speed up trading. Maybe it would be an option to implement an abstraction layer which makes it possible to implement more alternative currencies more easily.
Anyways great work so far - however the the Bitcoin controversy turns out at the end.


#18

I am afraid and impressed by Dash. Impressed at the corporate culture (brass tacks and business focused I love), they pushed this thing to 100usd. Never would have imagined even if btc reached 40,000usd. That said I just think tainted pre-mined, accidental or on purpose, are a bit evil in this space (ripple being a good example). That makes for the possibility of t0o great a centralization. With that type of control force and coercion always end up raising their ugly heads. I think that’s why some in the community forked and made PIVX.

Don’t want Dash to be the base currency of Bisq, but riding from 3usd to 100 on Dash was nice none the less. I’m sure if Dash was one of the base currencies they would on-board untold amounts of users. They seem to have the marketing on lock.