The Bitcoin Optech newsletter provides readers with a top-level summary of the most important technical news happening in Bitcoin, along with resources that help them learn more. To help our readers stay up-to-date with Bitcoin, we’re republishing the latest issue of this newsletter below. Remember to subscribe to receive this content straight to your inbox.

This week’s newsletter celebrates the lock-in of the taproot soft fork, describes a draft BIP for improving transaction privacy by varying the fields used to implement anti fee sniping, and features an article about the challenges of combining transaction replacement with payment batching. Also included are our regular sections with announcements of new software releases and release candidates, plus notable changes to popular Bitcoin infrastructure software.

News

• Taproot locked in: the taproot soft fork and related changes specified in BIPs 340, 341, and 342 were locked in by signaling miners last weekend. Taproot will be safe to use after block 709,632, which is expected in early or mid November. The delay gives time for users to upgrade their nodes to a release (such as Bitcoin Core 0.21.1 or later) that will enforce taproot’s rules, ensuring that funds received to taproot scripts after block 709,632 are safe even if there’s a problem with miners.Developers are encouraged to start implementing taproot so they can be ready to take advantage of greater efficiency, privacy, and fungibility as soon as the activation is complete.Readers celebrating the lock-in of taproot may also wish to read a short thread about taproot’s origins and history by developer Pieter Wuille.

• BIP proposed for wallets to set nSequence by default on taproot transactions: Chris Belcher posted a draft BIP to the Bitcoin-Dev mailing list suggesting an alternative way wallets can implement anti fee sniping. The alternative method would enhance the privacy and fungibility of transactions made by single-sig users, multisignature users, and users of certain contract protocols such as taproot-enabled LN or advanced coinswaps.Anti fee sniping is a technique some wallets implement to discourage miners from trying to steal fees from each other in a way that would reduce the amount of proof of work expended on securing Bitcoin and limit users’ ability to rely on confirmation scores. All wallets that implement anti fee sniping today use nLockTime height locks, but it’s also possible to implement the same protection using BIP68 nSequence height locks. This wouldn’t be any more effective at preventing fee sniping, but it would provide a good reason for regular wallets to set their nSequence values to the same values that are required for transactions in certain multisignature-based contract protocols, such as ideas for coinswaps and taproot-enabled LN. This helps make regular wallet transactions look like contract protocol transactions and vice versa.Belcher’s proposal suggests wallets randomly choose between using either nLockTime or nSequence with 50% probability when both options are available. Overall, if the proposal is implemented, it will allow users of regular single-sig transactions or uncomplicated multisignatures to join together with users of contract protocols to mutually improve each others’ privacy and fungibility.

Field Report: Using RBF and Additive Batching

by CardCoins

“Additive batching” is a scheme in which additional outputs are added to unconfirmed transactions in the mempool. This field report outlines efforts CardCoins has taken in introducing a reorg- and DoS-safe implementation of such a scheme in its customer payout workflow.

Replace By Fee (RBF, BIP125) and batching are two important tools for any enterprises directly interacting with Bitcoin’s mempool. Fees go up, fees go down, but the business must always fight for fee efficiency.

Each tool, while powerful, has its own complexities and nuances. For example, batching customer withdrawals may save on fees for the enterprise, but will likely make child pays for parent (CPFP) uneconomical for a customer who wishes to speed up the transaction. Similarly, RBF is useful for an enterprise who takes a fee-underbidding strategy (their initial transaction broadcast starts at a low fee, and is slowly bid upwards), but it exposes their customers to potential confusion as their withdrawal transaction updates in their wallet. It would also be messy for the customer to spend from this transaction while it remains unconfirmed, as the enterprise will have to pay for this child spend when attempting to replace the parent. Even worse, the enterprise may have a withdrawal pinned by another service which received the customer’s withdrawal.

When combining these two tools, a service provider unlocks new functionality but is similarly exposed to novel forms of complexity. In the base case, combining RBF and a single, static batch carries a simple combination of the complexities that RBF and batching carry discretely. However, when you combine RBF and “additive batching,” emergent edge cases and dangerous failure scenarios present themselves.

In additive RBF batching, the service provider introduces new outputs (and confirmed inputs) to a transaction in the mempool to incorporate new customer withdrawals into an unconfirmed transaction. This enables the service provider to give users the experience of an instantaneous withdrawal while still retaining much of the fee savings from doing large batches of customer withdrawals at once. As each customer requests a withdrawal, an output is added to the transaction in the mempool. This transaction continues to be updated until it confirms or reaches some other local optimum.

There are many strategies to this type of additive RBF batching. At CardCoins we took a safety-first approach to our implementation (with the help of Matthew Zipkin), the details of which we described in a blog post, RBF Batching at CardCoins: Diving into the Mempool’s Dark Reorg Forest.

Releases and release candidates

New releases and release candidates for popular Bitcoin infrastructure projects. Please consider upgrading to new releases or helping to test release candidates.

• Rust Bitcoin 0.26.2 is the project’s latest minor release. Compared to the previous major version, it contains several API improvements and bug fixes. See the changelog for details.

• Rust-Lightning 0.0.98 is a minor release containing several improvements and bug fixes.

• LND 0.13.0-beta.rc5 is a release candidate that adds support for using a pruned Bitcoin full node, allows receiving and sending payments using Atomic MultiPath (AMP), and increases its PSBT capabilities, among other improvements and bug fixes.

Notable code and documentation changes

Notable changes this week in Bitcoin Core, C-Lightning, Eclair, LND, Rust-Lightning, libsecp256k1, Hardware Wallet Interface (HWI), Rust Bitcoin, BTCPay Server, Bitcoin Improvement Proposals (BIPs), and Lightning BOLTs.

• Bitcoin Core GUI #4 adds initial support for using Hardware Wallet Interface (HWI) external signers via the GUI. Once this feature is finalized, users will be able to use their HWI-compatible hardware wallets directly from the Bitcoin Core GUI.

• Bitcoin Core #21573 updates the version of libsecp256k1 included in Bitcoin Core. The most notable change is the use of the optimized modular inverse code described in Newsletters #136 and #146. Performance evaluations posted to the PR found it accelerated old block verification by about 10%.

• C-Lightning #4591 adds support for parsing bech32m addresses. C-Lightning will now permit a peer that has negotiated the feature option_shutdown_anysegwit to specify any v1+ native segwit address as a closing or withdrawal destination.

Find the original post here.

Please subscribe to the Bitcoin Optech newsletter directly to receive this content straight to your inbox every month.

The Bitcoin Optech newsletter provides readers with a top-level summary of the most important technical news happening in Bitcoin, along with resources that help them learn more. To help our readers stay up-to-date with Bitcoin, we’re republishing the latest issue of this newsletter below. Remember to subscribe to receive this content straight to your inbox.

This week’s newsletter provides updates on the previously proposed transaction relay reliability workshop and CVE-2021-31876. Also included are our regular sections describing updates to services and client software, new releases and release candidates, and notable changes to popular Bitcoin infrastructure software.

News

• Relay reliability workshop scheduled: as mentioned in Newsletter #146, Antoine Riard will be hosting IRC-based meetings to discuss how to make unconfirmed transaction relay more reliable for contract protocols such as LN, coinswaps, and DLCs. The schedule is:

Jun 15th, 19:00–20:30 UTC: guidelines about L2 protocols onchain security design; coordination of cross-layer security disclosures; full-RBF proposal

June 22nd (same time): generic layer two fee bumping primitive (such as package relay)

June 29th (same time): reserved for additional discussion

• CVE-2021-31876 BIP125 implementation discrepancy follow up: after the publication of last week’s newsletter, there was additional discussion about the discrepancy between BIP125 opt-in Replace-by-Fee (RBF) and Bitcoin Core’s implementation. Olaoluwa Osuntokun confirmed that the btcd full node implements BIP125 as specified, meaning it does allow child transactions to be replaced based on inherited signaling. Ruben Somsen noted that a hypothetical variation of spacechains, a type of one-way pegged sidechain, would be affected by the problem. On the other hand, Antoine “Darosior” Poinsot mentioned that the Revault vault architecture wouldn’t be affected.

Changes to services and client software

In this monthly feature, we highlight interesting updates to Bitcoin wallets and services.

• Blockchain.com supports segwit: v4.49.1 of Blockchain.com’s wallet adds the ability to create a wallet with native segwit send and receive support.

• Sparrow 1.4.0 released: Sparrow 1.4.0 adds the ability to create a child pays for parent (CPFP) transaction from the transaction list screen, user-defined fee amounts during coin selection, and various other improvements.

• Electrum 4.1.0 enhances Lightning features: Electrum 4.1.0 adds trampoline payments, multipath payments, channel backups, and other Lightning features. Additionally, this version of Electrum supports bech32m.

• BlueWallet v6.1.0 released: BlueWallet’s v6.1.0 release adds Tor support, SLIP39 support, and functionality for using PSBTs with HD watch-only wallets.

Releases and release candidates

New releases and release candidates for popular Bitcoin infrastructure projects. Please consider upgrading to new releases or helping to test release candidates.

• LND 0.13.0-beta.rc2 is a release candidate that adds support for using a pruned Bitcoin full node, allows receiving and sending payments using Atomic MultiPath (AMP), and increases its PSBT capabilities, among other improvements and bug fixes.

Notable code and documentation changes

Notable changes this week in Bitcoin Core, C-Lightning, Eclair, LND, Rust-Lightning, libsecp256k1, Hardware Wallet Interface (HWI), Rust Bitcoin, BTCPay Server, Bitcoin Improvement Proposals (BIPs), and Lightning BOLTs.

• Bitcoin Core #21462 adds tooling for attesting to outputs of Guix builds and verifying these attestations against those of others. After this change, Windows and macOS code signing remain the only missing piece before Guix builds reach feature-parity with Gitian builds.

• Bitcoin Core GUI #280 prevents displaying invalid Bitcoin addresses in an error dialog, eliminating the ability to display an arbitrary message in an official-looking dialog. A simple “invalid address” error is now displayed instead. (See the PR for illustrative before and after screenshots.)

• Bitcoin Core #21359 updates the fundrawtransaction, send and walletcreatefundedpsbt RPCs with a new include_unsafe parameter that can be used to spend unconfirmed UTXOs created by other users in the transaction. This allows fee bumping a transaction using CPFP and was added for that reason by a developer working on implementing anchor outputs in the Eclair LN node. The option should only be used when necessary, as unconfirmed transactions created by other users can be replaced, which may prevent any child transactions from being confirmed.

• LND #5291 improves the way LND ensures that PSBTs for funding transactions only spend segwit UTXOs. LN requires segwit UTXOs in order to prevent txid malleability from making refund transactions unspendable. LND previously checked this by looking for the WitnessUtxo field in the PSBT, but this field is technically optional for segwit UTXOs and so some PSBT creators don’t provide it. The updated code will use the provided value if present or, if it’s not present, scan the UTXO set for the necessary information.

• LND #5274 limits the maximum amount of funds the node reserves to allow CPFP fee bumping for anchor outputs to ten times the per-channel amount. For nodes with large numbers of channels, this limits their capital requirements. If they need to close more than 10 channels, they can use the funds received from closing one channel to close the next channel in a domino effect.

• LND #5256 allows reading the wallet passphrase from a file. This is mainly meant for container-based setups where the passphrase is already stored in a file, so using that file directly doesn’t create any additional security problems.

• LND #5253 adds support for Atomic Multipath Payment (AMP) invoices across high-level LND RPC commands such as SendPayment, AddInvoice, and SubscribeInvoice. AMP invoices are currently an LND-only feature and only accept HTLCs that have the AMP feature bits set as well as an AMP payload. This extends prior work that enabled use of AMP by providing manually specfied payment parameters to the SendPayment RPC.

• Libsecp256k1 #850 adds a secp256k1_ec_pubkey_cmp method that compares two public keys and returns which one of them sorts earlier than the other (or returns that they’re equal). This was proposed for use with BIP67 key sorting, in particular as used with the sortedmulti output script descriptor.

Find the original post here.

Please subscribe to the Bitcoin Optech newsletter directly to receive this content straight to your inbox every month.