On the 21st of last month, Bitcoin Core developer Bryan Bishop made a tweet predicting that I was considering an alert key that was entrusted to several developers before the departure of Satoshi Nakamoto in early July.
At the beginning of July, Bryan Bishop posted the long-lost secret on the bitcoin-dev mailing list and set off a hot discussion among members of the Bitcoin community. Of course, this string of characters is not well discussed, developers are more concerned about the security issues behind the key.
1. Designed to protect the network, but it is a security risk
The so-called alarm key is actually the switch that activates the "alarm system" in the Bitcoin protocol; the holder can send a security alarm to all the running nodes in the network, which plays a certain important information reminder. However, contrary to the original intention of Sakamoto, this security alarm has become a security risk in the network.
We learned from the article published by achow101 on Github that the alarm system supports multiple messages to be continuously pushed, and the information sent at the same time is displayed in the GUI interface and saved in the Map library of the memory. However, there is no limit to the size of the Map library. Once the key falls into the hands of a malicious person, he can send a massive alarm message to the node to initiate a DoS attack.
Not only that, but attackers can also use this feature to send fake or irrelevant messages, causing unnecessary panic and trouble in the community. In fact, this kind of thing happened. In 2016, the version update reminder information released by the Litecoin network, which also has an alarm system, was pushed to the client of all the nodes of its cottage currency Feathercoin for some reason. Inside. Although the incident did not have much impact on Feathercoin, Bitshop believes that it is possible to send an alert message in a blockchain based on the same alarm system, which “sounds dangerous”.
2. Bitcoin has already ruled out hidden dangers, and lazy people will suffer
Bitcoin developers who have long recognized these problems have turned off the alert reminder function when the Bitcoin Core 0.12.1 release was released on April 15, 2016; and in the subsequent 0.13.0 version of the online version The relevant code is completely removed.
In March of the same year, developers went one step further and hardcoded the ultimate alert in Bitcoin Core 0.14.0 and set it to be unreachable by other messages; this ensures that all non-upgraded nodes can see it. The alarm system has been destroyed" reminder.
But after everything is ready, Bitcoin Core does not disclose the key to the alert system as promised. Because some nodes have not yet been upgraded to the new version of the client, there is still the risk of being attacked; and the security issue of the large-capacity bitcoin "Altcoin" that emerged earlier is equally worrying.
Specifically, these digital currencies that almost completely reference the bitcoin source code, if the alarm system is not removed, do not change the alert key (public key), are too lazy to send the final reminder message; then once the key is released, anyone can Start the alert systems of these networks and launch a DoS attack on them.
3. Reject the back pot and officially announce the key
Faced with this situation, one of the Core members, Greg Maxwell, replied that they would take the time to search for other cryptocurrencies that are still using the alert system and urge them to remove the code. According to a recent survey by Pavol Rusnak, chief technology officer of SatoshiLabs, there is currently a copy of the Fargocoin (current market value ranking 1471) in the Github code base.
The potential risk of the project is running low, and the bitcoin client that supports the 0.12 version is also close to disappearing, while the proportion of users currently staying in the older version of the client is less than 3%. To this end, Bishop believes that the Bitcoin alert system has been "completely retired", and now the announcement of the key is basically no problem, it is also a good thing for network security.
But in addition to cybersecurity issues, the disclosure of this key is more of a relief for Core developers; because they no longer have to explain to people who require adjustments to transaction costs and mining difficulty, etc. It does not modify the function of the network rules; it is not considered to be the primary suspect when the network has an alarm system attack.