News
Jameson Lopp: the lack of a single point of control – the basis of Bitcoin security
The veteran cryptocurrency industry and technical director of start-up Casa Jameson Lopp responded to criticism of the developers of Bitcoin Core, who are reproached periodically for taking control of the Bitcoin network, telling how the whole process really works.
In particular, in his extensive blog entry on Medium, Lopp explains how decisions are made and that the key point in the entire work of the developers is to reach a consensus on whether or not this or that code will be added to the GitHub repository.
It's time to put another endless debate to rest. https://t.co/1Uqbu9wzB5
– Jameson Lopp (@lopp) December 15, 2018
According to him, despite the fact that some Bitcoin Core developers do have so-called maintenance accounts, with which they can contribute code to the main branch of development, these accounts are of a more technical and service nature. Their owners are selected for a specific time and have a unique PGP key with which they can confirm the changes made.
To date, there are five such trusted PGP keys:
71A3B16735405025D447E8F274810B012346C9A6
133EAC179436F14A5CF1B794860FEB804E669320
32EE5C4C3FA15CCADB46ABE529D4BCB6416F53EC
B8B3F1C0E58C15DB6A81D30C3648A882F4316B9B
CA03882CB1FC067B5D3ACFE4D300116E1C875A3D
Their owners are Vladimir van der Laan, Peter Velle , Jonas Shnelli , Marco Falke and Samuel Dobson.
In theory, an attacker, however, can still use his administrative privileges to inject a code into the repository without the consent of the owner of the operational account, using the Pull Request function for this purpose. Such an attacker may, for example, be an employee of GitHub.
For this reason, Bitcoin Core has an extensive integration system, including verification of trusted PGP keys.
"Despite the fact that these keys are tied to known persons, it is still unsafe to assume that it will always be like this – the key may be compromised, and we will not know about it until its owner informs others maintenance account holders, ”writes Jameson Lopp.
A code that was verified using a PGP key may be subjected to additional auditing. For example, any other developer can perform so-called verify-commits on his computer.
“If the script is completed successfully, it tells us that every line of code that has undergone changes has gone through the Bitcoin Core development process and has been signed by one of the owners of the operational key ,” says Lopp.
Nevertheless, he also admits that even this method does not guarantee complete security, although it serves as a very powerful barrier to intruders. For this reason, the last line of defense for Bitcoin Core, as for any other opensource project, says Lopp, is constant vigilance – the more developers check the code, the fewer opportunities remain that the malicious code will fall into the repository.
The development process of Bitcoin Core also includes a special package of comprehensive testing, which is subjected to each request for the inclusion of code. It is complemented by a more extensive testing process performed every night. Available to every developer, the code can be openly tested by cloning the GitHub repository. Code coverage can, for example, be seen on the Marco Falk page .
Such extensive testing, says Jameson Lopp, means a higher likelihood that the resulting code will function properly and play a big role in building consensus.
Moreover, when it comes to major changes to the code, developers can resort to another method – testing testing. To this end, they deliberately crack the code to make sure the test fails.
Gregory Maxwell, for example, spoke about this in the summer of 2017 during the presentation of the release of Bitcoin Core 0.15 :
“Test is testing software. But what is a test test? This is software. To test the test, you need to hack the software. "
Jameson Lopp admits that all this can be difficult for ordinary users to understand, but stresses that a key aspect of Bitcoin security is that if there was one control point, then there would be one point of failure that could be attacked by those who bitcoin is a threat.
“Ultimately, the network is controlled by all node operators, ensuring compliance with the rules with which they agreed. This security model is the foundation of Bitcoin collegial management, ”Lopp concluded.
Recall that the last major release of Bitcoin Core under version 0.17.0 took place in early October of this year.
Subscribe to the BlockchainJournal channel on YouTube !
BlockchainJournal.news