Current state and the future of wallets Building On Bitcoin 3th of - PowerPoint PPT Presentation

Current state and the future of wallets Building On Bitcoin 3th of July 2018 dev@ jonasschnelli .ch 
 PGP: CA1A2908DCE2F13074C62CDE1EB776BB03C7922D

Privacy Security Trust

Privacy Transaction / scripts privacy Security Trust No-trust required Keystorage Chain-Validation Cold-Storage Consensus

Privacy ✓ No scripts sharing Security Trust ✓ ✓ ❌ Full validation Missing cold storage Consensus

Privacy ❌ Scripts sharing Security Trust ❌ ❌ ❌ No control over keys Central validation

Privacy ❌ Scripts sharing Security ✓ Trust ❌ Cold storage Central validation

BreadWallet Privacy ❌ Scripts sharing Android Wallet Security Trust ✓ ❌ SPV validation Exposed keys

Electrum Privacy ❌ Scripts sharing Security Trust ✓ ❌ SPV validation Missing cold storage

Centralized validation

Current state: New/novice users tend to use centralised validation.

Current state: New/novice users tend to use centralised validation. X Required validation device X Validation lead time X Bandwidth and CPU requirements

Centralized validation in practice • ~200GB+ disk space (large indexes) • Heavy disk I/O through indexing • Full validation „underneath“ (Bitcoin Core)

Downsides of centralized validation X Fake transactions / transaction omission X No control over the consensus layer X Abandons privacy completely

Advantages of centralized validation ✓ Immediately ready to use ✓ Fast wallet recovery ✓ Very low bandwidth costs ✓ Can serve large amount of wallets

Centralized key-storage

Centralized key-storage ✓ No security setup required X „Owns“ no Bitcoins X „Owns“ only the right to eventually access and move Bitcoins Users are often not aware !

SPV

SPV ❌ ✓ ✓ Can check some Verify headers Weak 0-conf handling consensus rules ❌ ❌ ❌ Fee estimation is Network „ leeches“ Rely on a „ free service “ probably impossible ❌ Often rely on DNS seeds

SPV ✓ ✓ Acceptable Bandwidth Acceptable amount of consumption decentralization

SPV privacy?

SPV privacy ✓ ❌ ❌ BIP158 - Compact BIP37 - Bloom Filters Electrum SPV Block Filters Low bandwidth „more“ bandwidth ๏ Low bandwidth ✓ ✓ MITM protection Privacy (?) Can filter mempool ✓ ✓ ✓ through SSL Widely useful filter No privacy ✓ X (No privacy) structures Personal filtering 
 X X Personal filtering 
 Committable through (incentive model) X ✓ (incentive model) soft-fork not (widely) deployed X no (useful) technique X to filter mempool

SPV privacy ✓ Full block SPV „high“ bandwidth costs X ✓ Can „migrate" to full validation ✓ Privacy ✓ Reduced consensus checks

SPV understanding filtering BIP37 - Bloom Filters PEER WITH BLOOM FILTER | NODE_BLOOM SPV Filters transactions BF for the client RELEVANT TRANSACTIONS (FALSE POSITIVES)

SPV understanding filtering BIP37 - Bloom Filters PEER WITH BLOOM FILTER | NODE_BLOOM INTERNET TRAFFIC SPV BF Filters transactions for the client MEN IN THE MIDDLE ISP, WIFI PROVIDER, STATE ACTORS RELEVANT TRANSACTIONS (FALSE POSITIVES)

SPV understanding filtering BIP158 - Client Side Filtering BLOCK FILTERS NODE SUPPORTING BIP158 SPV Client finds relevant BF Blocks BLOCKS

SPV understanding filtering BIP158 - Client Side Filtering 144 blocks ~= 144MB — Filtersize: ~2% 1 day = ~2.88MB 
 7 days = ~20.16 MB 
 30 days = ~86.4 MB 90 days = ~259.2 MB

SPV understanding filtering FULL BLOCK / HYBRID 144 blocks ~= 144MB 1 day = ~144MB 
 7 days = ~1’008 MB 
 30 days = ~4.32 GB 90 days = ~12.96 GB

Resource costs Core / full node SPV Electrum (SPV) Centralized validation solutions Decentralization

FUTURE OF WALLETS? The future of wallets

Privacy ✓ Transaction / scripts privacy ✓ Security ✓ Trust Keystorage No-trust required Cold-Storage Chain-Validation Consensus / p2p

Catching up a month of blocks ( 45min; consumer system) Acceptable CPU / memory rates once in-sync

Hybrid SPV Download relevant blocks 
 Use SPV 
 Sync and check headers (use BIP158) Wallet is ready to use Upgrade transactions once Download missing blocks Full- Validation they are fully validated Throttled Throttled

Privacy and self- verification (no trust) 
 is not an opt-in model

Keep users away from trusted third parties

UTXO set commitments { "height": 530075, "bestblock": " 0000000000000000002fe10af166937d506ece7fad4381fda6cb86e9e1404be2 ", "transactions": 24567998, "txouts": 50460119, "bogosize": 3798659787, "hash_serialized_2": " 090c1276fe42f98246840fabac42dfa0e8b89b428f81ab16d53d69ae669bec4b ", "disk_size": 2921681465, "total_amount": 17125767.33401612 }

BIP 174 P artially S igned B itcoin T ransaction Format 
 (PSBT) BIP32 PATHS PREV -INPUT PARTIAL SIGNATURES RAW TX PREV -INPUT PARTIAL SIGNATURES REDEEM SCRIPT BIP32 PATHS WITNESS SCRIPT

0.17 PRUNED Fundrawtransaction ( Enforce WatchOnly ) Multiwallet Dynamic creation and 
 PROXY BRIDGE ( Scan TxOutSet ) loading of wallets HTTPS TOR STRATUM (TCP/TLS) NODE_NETWORK_LIMITED

+ = Chris Belcher’s Personal Electrum Server

OWN FEE ESTIMATIONS OWN VALIDATION 
 USE CPU & BANDWIDTH MULTIPLE FACTORS 
 WHEN AVAILABLE (HARDWARE WALLET) 
 PRIVACY FEATURES 
 MULTISIG BY DEFAULT CoinJoins 
 Broadcast obfuscation WALLET OF THE FUTURE INTEGRATED L2 MIXED HARDWARE 
 SOFTWARE SOLUTION EASY TO USE RELIABLE BACKUP SOLUTION

Thanks, Q&A ? dev@ jonasschnelli .ch 
 PGP: CA1A2908DCE2F13074C62CDE1EB776BB03C7922D _jonasschnelli_ github.com /jonasschnelli