Name: Socratic Seminar

Topic: Grokking Bitcoin by Kalle Rosenbaum

Location: London BitDevs (online)

Date: April 22nd 2020

The conversation has been anonymized to protect the identity of the participants.

Discussion of Hopin video conferencing software

We tested this a few weeks back for a German meetup and it was pretty nice. It was reliable and it worked. Of course it is not open source and Jitsi could be much better. We were quite happy with the experience. We are looking to do the Value of Bitcoin conference on this platform. It is a little more robust than what we have seen with Jitsi. The Lightning hackathon was good.

Why don’t you just use Jitsi? Fair question. I am seriously considering it and I watching to see how it goes with Berlin. Berlin are doing a bunch of events using Jitsi and they have set up their own server. There are a few performance issues and they did have a few connection problems last time they were livestreaming. Performance wise it is not going to be the level of Zoom or Hangouts.

I think this is a terrible idea. Why not just use the simple option that is proven and works for everyone. I have never had a problem with Zoom, it is one click and it works. I don’t understand why you added five steps. It didn’t recognize Mozilla for whatever reason. I am using a Mac, it didn’t work on Linux. I think you should make it as simple as possible. It was a headache. It took me fifteen minutes to get to this stage.

The benefit of this is you can do networking while other things are happening. You can also have different rooms. It is actually like a physical conference but online. You can have two presentations happening concurrently and you choose which one to watch. Or you can leave the presentations and go to the networking corner and chat in the networking corner. This sounds cool for a monster conference but perhaps isn’t suited for a Socratic, we’ll see.

It is my first time so perhaps that’s why I had these problems. I can imagine that there would be a lot of people who won’t bother. The more friction you add the less people are going to join.

It is probably overkill for what we are doing here. But when you have the stage on and different sessions and then you as a participant you can create your own session and talk about hardware wallet specifics. It gets quite dynamic, it is replacing a physical face to face conference. Maybe you can join for the Value of Bitcoin conference. Then you see when you have different streams. You have the Stephan Livera session and someone talking there. I think it is a new experience.

Some people complained about having to set up an email. There is friction. But at least the business model of Hopin is that there are enough advantages for the bigger events once you’ve gone through that friction. Kalle is going to do a presentation next week. So the most important thing next week is that we have a good video and there will be less interaction.

I also had some problems with Hopin but now it works.

I have set up a IRC channel so people can ask questions on the ##ldnbitcoindevs IRC channel. If we use this next week your presentation is going to be on the stage rather than a session. There is no interaction. You will just be doing a presentation. People were able to ask questions on the chat, IRC and Twitter. You have to do the stage to be able to livestream. Moritz is providing the software so we’ll give Moritz 30 seconds to talk about Crypto Advance who are effectively sponsoring the event today.

Crypto Advance

Crypto Advance is a project Stepan Snigirev and me started me a little more than year ago. We already at a meetup in London where he was talking about hardware hacks. We are working on Project Specter. Specter is a multisignature desktop wallet which is working with Trezor, Ledger, Keepkey and Coldcard. We set out because we needed a better multisig hardware solution. We started last year. On the business side we are negotiating our first contracts with two potential clients. We are providing Bitcoin enterprises with hardware. We want to see that enterprises are not relying on custodians but they are able to manage their own private keys. It is your keys, your coins for enterprise. There are two different things. Specter is open source for the hodler, for the community and then we have an enterprise solution where we provide hardware and firmware so they can manage their own keys and we are not having this trend towards more and more custodians.

Socratic Seminars

Socratic Seminars started in New York. It is generally not filmed but due to the current situation we have to do it via video conferencing. They allow for discussion, questions, challenges on various content. There is normally an agenda that the organizers at BitDevs NYC draft. It has been spreading round the world. There are now Socratics and BitDevs in New York, San Francisco, LA, Berlin. Stephan Livera has done one in Sydney recently. It is really cool. The main point of Socratics is the participation. So please participate, questions, if you don’t understand something say. If there is no participation and no interactivity it is just a normal presentation. We’ll do introductions.

Bitcoin technical books

So Bitcoin technical books. Which ones we’ve read, which ones we would recommend, which ones were useful for us in our learning journeys, which books we would recommend to other people depending on where they are. Maybe a developer coming to Bitcoin, which book would they recommend? Or a newbie you want to encourage to get them more interested in Bitcoin?

I read quite a few books on Bitcoin. One of my favorites is Bitcoin Money by the Bitcoin Rabbi. I recommend that book to children and grown ups as a first quick read actually.

There is a German translation here.

Programming Bitcoin (Jimmy Song) was really good. I really recommend that. It is a deep dive into how everything works.

That is just cryptography? Less code, more cryptography.

Less the actual code of Bitcoin but more how the system actually works.

Do you recommend reading that before Mastering Bitcoin or afterwards?

I think afterwards but I’m not sure.

There is a lot of code in Programming Bitcoin. It is a book for coders. It is very hands on with exercises in Python. You more or less build a Bitcoin library from scratch. I really recommend it. My wife did that book. She started with Grokking Bitcoin and then she took on Programming Bitcoin. That is a very nice way to go if you are a developer. Mastering Bitcoin (Andreas Antonopoulos) I think that is great too. It might seem a little dated today but the content is mostly still accurate. Things have evolved a bit since then. I enjoyed Mastering Bitcoin a lot. It helped me very much when it came out in 2014 or so. Either you start with Mastering Bitcoin and then Programming Bitcoin. Or you start out with Grokking Bitcoin and then Programming Bitcoin.

I started with Mastering Bitcoin when Mastering Bitcoin came out. Grokking Bitcoin was really cool to go back and do the exercises. See what holes I had in my existing knowledge. That’s a different journey to someone who comes in now with a bunch of books that weren’t available to me three, four years ago. And also of various levels of being technical. Kalle’s book is amazing as a stepping stone to doing some technical stuff. It has command line stuff at the back. So once you have worked your way through it and there’s cool diagrams of rabbits etc it gives you a little nudge to doing some command line stuff and setting up a node at the back. I think it is a really good stepping stone for someone who is technically curious but hasn’t perhaps been a developer in their careers.

Foreword by David Harding

The first part of the book was David Harding’s intro. For anyone who doesn’t know David Harding, he works on Bitcoin Optech and is one of the best writers in Bitcoin. I think Kalle in some of the podcasts he did last year talked about how pleased he was that David Harding did that foreword.

I always looked up to David. He is a very nice person and a great writer. I thought he would be a perfect fit for the foreword. I didn’t know him personally. I reached out to him and he seemed to like the book. He agreed to write the foreword for me. I am very pleased with and proud of. If you hadn’t read it I can read out loud the last paragraph of his foreword.

You can buy the book on Manning. It is open source so you can see all the text on GitHub.

I also want to add that if you look at the book on the GitHub you won’t see the images. You won’t see any diagrams. I recommend that you go to my build. You can view the content which is identical to the print book. It is not as typed as beautifully as it is in the book. I’ll read out from David Harding’s foreword, the last paragraph.

“Bitcoin needs books like Grokking Bitcoin, but it also needs an active group of users who read those books and come to understand the technical principles on which Bitcoin is built. During these early days of what I hope will be the long history of Bitcoin, users are often asked to evaluate proposed changes to the system - changes that may affect the security and privacy of their bitcoins. Those who have read this book will understand how the system prevents cheating and will be able to help ensure that future changes preserve that essential feature and its many benefits.”

I think he captures very well that users are the ones who are responsible for the security for the system. The more people who understand the technical ideas of Bitcoin the more people will be able to shout out against bad ideas or praise good ideas.

What is the point of Bitcoin technical education?

There’s kind of two aspects to it. There is wanting to have informed Bitcoin users and informed full node operators and then also, both can be achieved in the same book, encourage the next generation of developers either working on projects like Bitcoin Core or working for Bitcoin companies. Training the next generation of Bitcoin developers.

I am trying to learn and I really want to have a good understanding to use these tools properly. I’m trying to understand where you draw this line. If you are going to be honest and you want to evaluate these things properly you have to spend all your life to get to the point where you understand what is happening. How many people can really go through Bitcoin Core and really understand what is happening? Be really confident that what I am running on my computer is ok. Even when you understand that there are other dependencies and things. Where do you draw the line and how realistic is this? I think it is unrealistic to have that expectation of people.

I feel your pain. My goal is to understand all aspects of Bitcoin at least at a high level. I have been trying to do that for three and a half years. I feel like I am at the beginning. It is a massive beast. There are so many different disciplines in it which also makes it hard to find an introductory book for everyone. Some people are interested in this stuff as a currency and some people are interested in it for black markets. Some people are interested in the technical side, others are interested in overthrowing the banks.

My point is that in the same way there is plumbing. It is a fairly complex thing. Plumbing is very important. This expectation of people trying to become highly technical and understand what is happening. Shift that to plumbing and that is absurd. You only have some very specific people who get really good at plumbing and they become plumbers. All the other people trust these people. This is crazy because by design you can’t apply the same logic to Bitcoin. I think it is unrealistic to expect a lot of people to do that.

I agree with that. It is totally unrealistic that everyone should understand the code and even understand the basic principles of Bitcoin. But Bitcoin is the first currency where there is the possibility to understand it fully. I am pretty sure that far more people understand Bitcoin on the more fundamental level than there are people understanding fiat money at a fundamental level. I’m not saying that everyone should be able to read and verify the code. But everyone could find some level that they can verify. Maybe they can verify the ideas or maybe they know people they trust who can verify for them. We are shifting trust in the right direction here. Moving the verifiability out to the people. Of course not everyone will be able to know every detail.

As with every complex system the division of labor means that I cannot become an expert in everything that I use. It is totally unrealistic to expect. What makes me trust the airplane when I get onto the airplane is that I trust that there are a lot of smart engineers and also I trust there are regulators that check everything. Also I see that there is a track record and very few people die in catastrophes. Maybe a hundred of people while a billion people fly every year. Maybe Bitcoin has to accumulate this track record and people will understand that there are many smart people working on this so they trust their technical expertise. And also ten, twenty, thirty years in and no Bitcoins have been stolen or confiscated. Only this track record can make regular people trust this system. We just have to accumulate this time.

For me it was a problem at the beginning to orientate myself in the space because I am a business guy. I always worked with technical people so I have a feeling how to listen different technical people. There is a human aspect. If you go out and meet different people you get a feeling about things. I have to listen to technical people, condense this and take a decision. If you think about the big block and small block discussion you don’t need to be a technical person to understand block propagation and stuff like this. It was obvious at some point that the big blockers don’t know what they are talking about and the other argument makes a lot more sense even for a non-technical person like me.

I think it is a fair challenge. There are a couple of things I would push back with. With that model that you outline we should just trust a small group of core developers to push any updates. Everyone running full nodes and running software we just fully trust the people who know what they are doing. There is no aspect of them needing to convince us why they are doing certain things. If someone makes a change to the plumbing they don’t need to convince the national population that the change made to the plumbing infrastructure is the right one. They just do it. In your model with the plumbing the core developers do whatever they want, they merge whatever they want. There is no interaction or persuasion with the rest of the node operators in terms what changes they are making to software. That would be the first point. The second point is we are presumably on a very long journey here. We are only ten years in. If Bitcoin is going to be a success it is going to be around for decades. Then anybody who gets the bug now, it is still very very early. If kids are reading the Bitcoin Rabbi’s book they could be learning software development, do an IT degree at university, be programming for ten years and contribute to Bitcoin later on down the line.

How many people even compile Bitcoin Core? How many people even verify when they download it? Just understanding that alone you need to spend a few years to understand why that is really important. To some degree that is exactly what is happening. Everyone is trusting the Bitcoin Core developers. There are a lot of people who say “These are the smart guys.” At one point you disconnect yourself from the smart guys. That’s how I view it and I’m sure that is how most people view it. There is a handful who really get it and then you break from them. That is just the reality. I am not saying that is good or bad. I just think that is realistic.

You are not saying there shouldn’t be any middle ground. With Taproot coming and we had SegWit before there shouldn’t be this aspect of normal people running a full node trying to understand the changes?

I think there should be but it is really unrealistic to expect those people to understand what is happening and make the best decision. The voting is you have to run the software. But you are probably going to end up running the software for other changes rather than the real logical reasons.

Surely you can be convinced of the benefits of the SegWit or the benefits of Taproot without actually going through all the code and auditing it and ACKing it on the Bitcoin Core GitHub. Surely just by buying into the changes the people are working on that is better than nothing? It is not about being useful or being useless. There is a gradient or there are increments.

If some group of core developers collude to push a change that is harmful in some way there are magnitudes more people who are actually knowledgeable enough to vet these ideas and debunk them and blow the whistle. That will blow up on Twitter for example. I am pretty confident that even normies will be able to receive information at least that something is going on. If needed those people can try to understand what this is about. These things cannot go under the radar. It will be noticed by tech people. They will warn other people as long as not every single person with technical competence is in cahoots with each other. If there is one single technical person not in cahoots you will know about it.

If we are talking about non-developers or normies for them the very idea that Bitcoin is not static and it is still changing may not be obvious at all. If you asked people on the street even if they have heard about Bitcoin they think that some anonymous guy invents it ten years ago and it is some static thing that you can use or not. The fact that we have GitHub, pull requests, changes, forks and conflicts. This is totally non-obvious to people. Before convincing people that some changes can be good or bad, you would first have to explain to them that the code is changing.

I think it is pretty unlikely that somebody who invests so much time and effort into learning Bitcoin gets into the inner circle of people who can sign off on the code. That they would all at the same time turn around and become evil and then nobody noticing that in the greater Bitcoin population. That is very unlikely. You could actually make a game theoretical model what these people lose in terms of lifetime effort and it wouldn’t look very good.

I don’t think it was about a malicious actor, the point is that there is still a degree of trust which no one wants to admit. It’s like “Everything works just fine and we have perfect incentives aligned.” I don’t think that is reality.

You have trust in every system in your daily life. I agree but I don’t think it is a problem.

You must have some trust in something. You can’t verify everything. You can’t verify your entire computer, operating system, code. You have to have some level of trust. Of course it is better to have no trust but this is unrealistic. I think this is where the difference in degrees is very meaningful. It is not binary. There is some trust but it is much less trust than needed in many other systems. I think it is enough here.

We are discussing the possibility of malicious changes that are introduced into Bitcoin Core by core developers. How can we detect it and so on? Another question is that not every change can be even classified binary into malicious and non-malicious. It may be the case that somebody introduces a clever improvements or optimization which seems nice but introduces some additional risks. Some people think it is worth it and some people think it is not worth it. It is not even clear how to draw the line. I’m not following closely the Taproot discussion but I can imagine people think this is too risky because we introduce additional complexity into the system. Maybe they are right, we don’t know.

Chapter 4 - Wallets

The first chapter that I took was wallets. In light of the previous discussion surely people need to understand what their wallet software is doing at a high level and how they can keep their private keys safe? And whether they are able to generate addresses etc, which private keys they need to hold onto, which private keys sign off on which addresses. What is a Bitcoin wallet? If you have the book in front of you you can use the book. Otherwise explain at a high level what a Bitcoin wallet is.

A Bitcoin wallet is an app that interacts with the Bitcoin network, talks with it and tells you what is happening. It serves the function of keeping your keys safe.

Its function is it signs the transaction using the private key.

It is a technical system which allows me to sign the transaction. It is quite a fascinating feature for Bitcoin that it actually teaches cryptography, private keys, public keys and all this digital identity which comes with that. A huge benefit of Bitcoin is that 2 million hardware wallets were sold and 200-300,000 people use three or more hardware wallets. It is so unique that we have this huge incentive for people to really begin to dig into this. It is a little under-appreciated.

There are two kinds of wallets. There are the big fat wallets which keep a complete copy of the blockchain which enable you validate all incoming payments yourself. Then there are light wallets which kind of trust another party with a full node. That is an important distinction, how much trust is involved and at what level.

Even in a world where we are trusting the core developers and we have no idea what they are doing everyone needs to understand this chapter right?

How many people understand how computers work and they are using them? There is so much abstraction on top of it. Just go and ask someone about memory allocation. That is absurd if anyone here believes that people start learning computer science concepts because of their computer. That is not how things work. There are people who are on this call who is going to understand and no one else is going to understand. Five years from now they are going to press a button and they are not going to know there is cryptography or anything. I think it is absurd to think that. I could be wrong.

Don’t even need to know what a private key is?

Do you understand what is happening when you are pressing the key on the keyboard really? No. At some point when you are using computers or the internet that was the level you had to understand. There were no abstractions between you. I think it is obvious that is how we are going to use Bitcoin in a few years.

If you don’t understand what a private key why would you buy a hardware wallet? Why would you do that? Why would you bother buying full node hardware? Why would you bother buying a hardware wallet if you literally have no idea what is going on?

People tell them things are better and that is where it ends for them. That is how most people evaluate things. And to some degree everyone here is doing that also. There is a point where they do that.

To a certain degree I agree. Not everybody in the future will need to know what a private key is, what a public key is, how you are signing transactions. I hope in these early times most people know. Especially in the beginning it is important for newbies to make the distinction between custodial and non-custodial wallets. And explaining that there are no Bitcoin in your wallet there is just your keys. If you install a wallet you don’t see a private key. You don’t see a public key. You write down your seed phrase and that is how you send and receive. It should be this easy or even easier in future. People should trust in Bitcoin because it has been trusted for a long time. Not everybody needs to go into the details.

I don’t believe that for Bitcoin cold storage everybody have their own private keys. It is absurd to think that when you have 2 million hardware wallet users and 35 million people who are KYCed on crypto exchanges. I do see that people who need to protect a serious amount of money like life savings they will use a cross over where they have some things in a custodian and some things in their own cold storage and self custody. As long as we have technical people they will always keep their own private keys because they understand the risk much better. But nobody will go into how does my Trezor on a cryptography level. These are my 12 words, my recovery phrase, I really need to protect that. This is widespread I think in the next phase of adoption.

HD wallets (page 94)

What is a HD wallet?

HD wallets implement that nice seed phrase, either 12 or 24 words which you can write on a nice paper not online and save it. With this you can restore your private key and all your public keys connected and your addresses. I think from a security perspective, I don’t know what BIP it was but it was a quite important improvement and a factor in not as many Bitcoins being lost in future.

Why use a HD wallet? Why not just use a normal wallet?

For me, backups. You just write down those 24 words, you can even do it plaintext. In the first implementation of Bitcoin Core the private keys would just be randomly generated and those private keys would be saved. If you continued to use the wallet more would be generated but then people would find when they recover their wallet from backup that some private keys were lost. That was a very annoying feature. That’s what I really like about hierarchical deterministic wallets. You just write down the seed from a random number generator which gives you an unlimited amount of private keys. In practice I think it is 4 billion. You can also add different passes for different coins. If you inclined to altcoinery you can also put all your other crypto assets on the same seed. It is just 24 words so it is pretty much idiot proof to backup. I really like that feature about it.

You can generate a bunch of addresses and you just need to know that one mnemonic.

How much does someone need to know here? I think they need to know that it is safe to be giving out loads of addresses. I think they need to know that they need to keep the mnemonic safe. Perhaps they don’t need some of the more complicated things like deriving hardened private keys. You do have a warning in the book saying this is hard.

I pretty much agree that they need to know the 24 words safe. But maybe it is also interesting for them to understand that they won’t get any metadata back from that seed. They will see their transaction history but they won’t see what their transactions were for. If they have made notes in their app regarding those transactions. This is for pizza, this for a loan, they won’t get that data back. I think that is valuable information to know. More or less I think it stops at the 24 words, what you need to know there.

You need to know it is safe to give out a bunch of addresses. Ideally you would want to know the benefits of generating new addresses each time. Every time you start chipping at some of these questions you are going down this road. It is not as if there is an amount of knowledge where it is safe to operate as a Bitcoin user and you don’t need to go any further.

I think there are going to be people who build products who have these things incorporated. That is how people are going to end up using these things. You are going to end up with some good products hopefully. Maybe they are going to know their 24 words. You are just going to have wallets with good privacy features. They will be built in a way that you can’t reuse an address. How many people know how a car engine works? They understand there is gas, I press the button and I press the pedal.

To participate in this event I had to register on this website. I am seeing this for the first time in my life. When this login window popped up I was just searching for the button “Login with Google” and I click it. I don’t care what happens. I don’t know what Google does with this data. I don’t care. I just want to go and speak with you guys. I assume that as most apps are in this closed ecosystem. If you are an Apple user you login with Apple everywhere, if you are a Google user you login with Google. It is not in the user’s consciousness that it may be a situation where they lose something and no one can help them get access back to what is rightfully theirs. It may be uncomfortable for people to realize that these words are the only way to your wealth. If you lose them there is nowhere to go, no one will help you. You can show your documents but no one can restore it. This seems a roadblock to adoption because this thought is uncomfortable. We are seeing custodians develop and they take care of the users because users don’t want to think about it. It is too scary.

Your biometrics don’t change so if you lose your biometrics you are screwed.

There is already a company here in Israel called ZenGo who developed a scheme for biometrics instead of the seed which is cool I think.

You have to teach people about financial sovereignty. That they are their own bank now. They don’t have trust anyone. No one can screw things up for them but if they screw things up no one is going to help them. This is a new concept and it is very important to stress to newbies.

No one knows how money works and is using it. It will likely be the same for Bitcoin. In order to understand what is special about Bitcoin you need to understand what is wrong about money. I think it is also part of the book, what is wrong with money today. This is short but very important and good for students to know. The Bitcoin Standard (Saifedean Ammous), I think you have to read it carefully and not take it too seriously. There are good parts and bad parts.

I have heard a lot of people who said that The Bitcoin Standard was one of the reasons they got into Bitcoin. Saifedean’s understanding does have a ceiling. He doesn’t understand the technology at all. There are some entertainment snippets about modern art and things like this that are perhaps more entertaining than informative or educational.

More complex scripts

I am pretty sure in the next few years we will see solutions where people can forget their private keys and still get their money back. As you are aware we are probably getting Taproot this year or next year. This will allow pretty complex contracts to be formulated without taking a lot of block space. You could have contracts that do a dead man switch. If you haven’t moved your keys for two years they will be able to spent by another key that is held by a lawyer or a relation. There will be ways to get recourse for some transactions or a second or third way to get at your coins. It is possible now but it is very cumbersome and dangerous. If you can’t create the script that hashes to the value that is on the blockchain. With Miniscript and Taproot this is more possible. Once we get into a phase of mass adoption which we are hoping for in five or ten years then all these things will be there. It won’t be as terribly dangerous as it is right now.

I imagined myself writing these scripts and putting my money there. For amounts higher than some trivial pocket change it is too scary. One has to understand deeply what is happening. I have been in Bitcoin for a number of years and I still don’t understand very deeply how scripts get executed. It would be scary for me to write a Bitcoin script by hand and put my money there. If it is even more complex, if it is more full featured, then I think even people who would want to use it will go either to a custodian who will compile the script for them or a wallet with a visual interface will let me drag and drop keys here and there. Still in the background I will have to trust the wallet to compile the Bitcoin script correctly in the end.

Writing scripts is extremely hard even with Miniscript. I think there will emerge standard scripts that everybody uses. It is not going to be personal scripts for you. Everyone will just grab a standard script that everybody else uses. I don’t think many people will write scripts but they will be reviewed and battle tested for bigger and bigger amounts until everybody more or less trusts them to be correct.

You have online custodial wallets. Then you can have your own 5-of-7 multisig setup which is super advanced and really self sovereign about it. What Bitcoin adds here is the choice. You can choose what level of security you have, what level of trust you want to put into your money or the level of self sovereignty you want. It is a matter of choice here. It is the first time we have this choice to be able to secure our own digital money.

If you think of all the people who Google hires to make Chrome. These people need to know how to build a browser. At the very least we need Bitcoin companies with a tonne of developers who can build Bitcoin software. That is assuming normies don’t need to understand anything which I’m not convinced on. If they are going to use multisig they need to know what multisig is. Why would you pay a company like Casa to do multisig if you don’t know what multisig is? Why would you buy a hardware wallet? Just trusting someone to tell you what to do I don’t think that is the right approach. I think you have to dig a little deeper to ensure you are not being scammed.

Deriving hardened private keys (page 108)

What are hardened private keys?

If I remember correctly it is when you can’t derive backward keys.

If you have non-hardened keys you have a problem if you have exposed the master pubkey which is something that you would normally expose and a single private key people can derive from that information all the other private keys and steal all the funds in that wallet. This is a big issue. This is prevented, I’m not quite sure how this is achieved. Is there any advantage in using non-hardened derivation? This is an obsolete way or is there some advantage to it that would make you take that risk?

There is an advantage to using non-hardened derivation. The advantage there is you can put a node in the derivation tree on an insecure web server. The web server will be able to generate addresses for the web shop without needing any private key. They can generate new addresses, as many as it needs.

That is not an advantage of a non-hardened key? You can still do that with a hardened one? You derive a child and then you give the xpub of the child tree to the web server. You can do that same thing right?

If the xpub is derived via a hardened path you can still put that xpub on the web server. The keys underneath that xpub need to be non-hardened. The thing with a hardened key is that it needs parent private key in order to derive a hardened child key. In order to derive a non-hardened child key you only need the parent public key.

For your wallet it would always be a good idea if it was hardened. Then only the leaf would be non-hardened. But no advantage for a wallet only doing non-hardened?

Most wallets do hardened. You have the master key up here and then they do hardened derivation. For example 44/0/0/0 all those are hardened. Then below that you have a change branch and an external address branch. You have two branches, one for change addresses and one for external addresses. Those are non-hardened. Underneath each of those two you can generate an infinite sequence of addresses. Down to this level you are hardened and below that you are non-hardened.

Can we forget about software that doesn’t do hardened keys because it is going away? It doesn’t have any advantages.

Both have an advantage. If you have non-hardened you can give an insecure server the ability to generate more public keys. That’s the advantage. The disadvantage is that if they get the private key to the xpub above them then they can generate the private key for all the public keys in the tree.

Even if they get the private key from someone below them.

That’s really bad from a security perspective. We had non-hardened keys. Now we have hardened derivation paths and the leaves are non-hardened. And this is the state of the art. Is there any reason to keep software that can only do non-hardened key derivation. Or is that software going away because every implementation will do hardened on the top and then non-hardened below? This is the way it is going to be forever?

It is completely dependent on your situation. If you want to give a bunch of people the ability to generate their own public keys and you are less concerned about security you will have a completely different setup to if you are much more focused on security and you are not bothered about giving the ability to generate their own public keys.

With hardened you hand them whatever is on the thing three layers below and they can work on that?

One thing with HD wallets is you can have a tree of keys and you can create one hardened path down to this key. You put that on the web server so the web server can generate addresses. Suppose that someone gets one of those private keys then they can generate all the web server keys but they cannot generate anything above that xpub. You can have other nodes in this tree. You do a hardened derivation to a xpub here which represents over the counter sales or something like that. That account will not be affected by the hack over here. That is one of the major features with a hardened derivation. Even if one subtree is hacked it won’t affect the whole tree.

Is there any reason to maintain software that does not by default allow at least hardened derivation?

I would say no. You want to give the ability to do both and you want different sections of the tree hardened or unhardened. It doesn’t make much sense to only give you one of those two options. They both have upsides and downsides.

Does BTCPay Server do hardened or non-hardened derivation?

I set up a BTCPay Server myself and I just gave it one xpub and it derived addresses from it happily. You can give it any xpub and it will derive non-hardened addresses from it.

Chapter 11 (Bitcoin upgrades) and Taproot activation

There is a nice Andreas Antonopoulos analogy for soft forks and hard forks.

The analogy is a vegetarian restaurant serving vegan food. It is still compatible with vegetarian. If you starting delivering beef burgers to your customers that would be a hard fork because it is not compatible. It is not a subset of what you had before. It is an extension.

Half of your customer base would leave for another location.

The vegetarian restaurant could start serving meat in which case they would drive away all of their vegetarian customers. Or they could become vegan and all the vegetarians would stay because they are happy with the vegan. But it would also bring in vegan people. The analogy works because after a hard fork anyone running old software gets forked off. If the new software is more lax then they can create a block that kicks off anybody who is not running the new software.

Everyone has heard about Taproot. What do we know about how Taproot could be activated?

As far as I know there is nothing yet. There is not a plan for activation but I may be lagging in my knowledge here.

How was SegWit activated?

There was some miner signaling going on. The miners could signal via a flag that they are ok are running with it. If signaling reached some threshold, I think it was 95% I’m not sure, at a certain block height it would be activated.

There is a UASF cap that has appeared.

That would normally be the intention. If the miners are happy with it and they signal for it that’s great. But if the miners aren’t happy or refuse to signal either way this is where UASF becomes relevant.

I do remember miners were signaling below the threshold. That would have caused it to be retried in a year or two. In order to avoid that UASF was devised where users would point a gun at the miners and threaten them with rejecting their blocks if they didn’t do the SegWit upgrade. But I’m not sure what happened.

We didn’t reach 95\% organically. Miners refused, they plateaued at around 30\% or so. Something had to be done. It was a very complex discussion. A lot of different stakeholders had very strong opinions. The general thing that happened was the threat of losing mining income due to an invalid block caused the miners to obey the new rules and start signaling. The new rules being the user activated soft fork that threatened to drop blocks that didn’t signal after a certain block height.

I remember the discussion. That was the point where the ecosystem learned that the miners don’t have the ultimate power over stuff, it is the users, it is the node operators.

A lot of people working on Core were really against it. They were saying it is reckless and we shouldn’t do it.

There was consensus within the Core contributors that SegWit was the change that should be merged and run but there was disagreement over UASF.

For me it is still surprising even after three years that we have miners on one side with their commercial interests and real businesses built around that and on the other side we have Twitter people, regular users. The threat from this small group of people, maybe not small I don’t know how many participated, the threat from them was enough for miners to change their opinion. How is it even possible? Are there any realistic calculations on how many people participated in the movement? Is it a hundred, thousand, million I don’t know? How many nodes signaled? How is that enough to persuade the big real businesses with real ASIC farms and millions of dollars of investment to change their opinion?

I’ll try to answer. It is a very complex scenario. I think Andreas (Antonopoulos) talked years ago about there being different constituents. You’ve got the developers that merge code in. You’ve got the miners who are securing the network. You’ve got full node operators or economic users who are using full nodes for economic activity. You’ve got exchanges and people speculating on derivatives and the price of Bitcoin. It is not the case that you have to get all of these constituents to agree to a change. My understanding of what happened with SegWit is that the miners were given the opportunity to signal for SegWit which they didn’t do. It then moved to this next phase where users and developers forced this through. Even though miners disagreed with it. It wasn’t the case that you have to get everyone onboard to agree because there was either enough consensus amongst those different participants or a threat that the SegWit2x fork wouldn’t be successful. Even if the miners thought SegWit2x should happen if the reward for mining SegWit2x was going to be much lower than mining SegWit, even though if they disagreed with SegWit they couldn’t take that economic hit by maintaining their belief that SegWit2x was the right way to go. They couldn’t continue with their plan to mine SegWit2x and take a very large loss by doing so.

Wouldn’t it be correct to say that for the miners where there are two relatively well supported forks. This is a very bad scenario because it causes confusion and it causes the price of everything to drop. In order to avoid this scenario the miners were forced to join the UASF. For them the scenario of two forks is worse than one fork which they don’t like as much as the other one.

The bigger concern is losing money. If you are mining a less profitable chain you are losing money every block that you mine when you could be mining on the more profitable chain. Even though SegWit2x never came into being the threat of UASF and the various indicators that SegWit2x wasn’t going to be successful. Derivatives were showing that SegWit2x was going to be worth much less than the SegWit chain. You also had Bitcoin Cash a few weeks before that making things even more complicated.

Is it like people with halal food. The more restrictive thing, it is just a matter of time before everyone is going to have halal food. Is it the same thing? They wanted to make sure they could mine all the blockchains they could.

It is like Nassim Taleb’s intolerant minority argument where a small group of people refuse to move so everyone follows the intolerant minority. I don’t know if that applies in this case because you do want to be mining on the chain with the coin that is most expensive. You would have taken a massive loss by mining on that SegWit2x chain.

Why did the miners start supporting the SegWit soft fork?

They didn’t support it. They wanted SegWit2x. The majority of the miners and the exchanges wanted SegWit2x. To fork the chain and continue mining SegWit2x rather than just allowing SegWit to happen they would have taken a massive loss. There were also bugs in the SegWit2x implementation so it just wasn’t the right horse to back.

There are some good write ups on it. It did get heated though and there are still disagreements. There will most likely be some disagreements on how Taproot should be activated. Some people have different views on what happened during the SegWit2x saga and what should happen now in terms of a template for activation. Some people want to give the miners as much opportunity as possible to signal that they support Taproot and they want to activate it. Others think miners have shown themselves to be untrustworthy and we need to force things through as users.

We’ll wrap up. Thanks to the sponsors Crypto Advance. Thanks to Kalle for attending. We are looking forward to your presentation next week. If you want to try the networking on this software. Click on the networking on the left hand side and you can set up rooms with other people and speak to people in private conversations.