The Course Ahead
At inception, Bitcoin Gold was focused on providing a cryptocurrency in the Bitcoin model, but which was more decentralized for miners. Today, our focus is on making BTG a more trustless and useful cryptocurrency for everyone, and that change in focus is evident in our current development roadmap.
While we’ve always been broadly pro-crypto and believed in collaboration, the push to improve usability and usefulness entails a push towards interoperability. This means adapting so that BTG can be used with the best smart contract protocols; it means pooling security from bigger chains and offering it to smaller chains; it means making BTG, and BTG’s value, accessible throughout the smart-contract ecosystem, leveraging their security models as well as their technical capabilities: it means creating more value for everyone.
The development items on our current roadmap fall into four general areas:
Interoperability: things which grant or enhance the ability for BTG to interact bidirectionally with other blockchains and blockchain ecosystems, like Polkadot and Ethereum. Work on the bridge to Phala Network is already underway.
Applications: things which can be done after that interoperability is established. These hint at what’s possible, but need to wait until Interoperability comes to life. One notable item here: we plan to gradually shift from our traditional Board-based governance structure to a modern DAO-based model, which we expect to bring new people into the governance process and to help decentralize management of the chain and the project.
Infrastructure: these are core items in the BTG tech stack which need updates and refreshers. These are already underway, and some are very near completion, like new version(s) of our explorers, and a very-updated version of ElectrumG.
Lightning Network: establishing a robust and effective LN as a layer-2 solution is still very much on our development agenda, although current transaction volumes and fees don’t necessitate a solution at the moment. We want to build up the infrastructure and, most importantly, the user tool set, for an effective and easy-to-use LN before it becomes a critical need to alleviate transaction fee concerns and allow people to continue to make micropayments.
Here are all the things we’re currently doing or planning to do:
Interoperability
BTG-Polkadot Bridge: we’re building a lightweight BTG-Polkadot Bridge based on a Phala Bridge solution, built in partnership with Phala Network. This will enable cross-chain transactions between BTG and Phala, and leads to BTG gaining access to advanced blockchain functions like smart contracts, DeFi protocols, on-chain governance, and eventually connect to external blockchains like Ethereum.
Bridged ERC20/Wrapped Token: we’re creating a trustless wrapped token (like WBTC) through the cross-chain bridge, and making it accessible in the Polkadot and Ethereum DeFi ecosystems. This depends on the BTG-Polkadot Bridge.
Smart Contract Integration: we’ll connect BTG to smart-contract-enabled blockchains on Polkadot and / or Ethereum, allowing wide use cases to be developed for BTG. This depends on the Bridged ERC20/Wrapped Token.
Confidential Smart Contracts: integrating with Phala Network’s Confidential Smart Contracts to provide on-chain confidentiality. This depends on the BTG-Polkadot Bridge.
Applications
BTG for DEX: we’ll work to establish BTG trading pairs on a well-known DEX (e.g. Uniswap) and bootstrap liquidity, making BTG more accessible and attracting more liquidity around the world. This depends on the Bridged ERC20/Wrapped Token.
BTG for Lending: we’ll list BTG as a lending asset on well-known lending platforms (e.g. Aave) and bootstrap liquidity. This will empower investors and miners to better plan and utilize their BTG income. This depends on the Bridged ERC20/Wrapped Token.
DAO On-chain Governance: we’ll build a DAO structure as a smart contract to replace the current governance model. This will take time, but the intent is to fully move the Endowment and any future project income to the DAO for budget management. We also hope for this to open governance to the community to participate in development, decision making, and spending actions. This depends on Smart Contract Integration.
Infrastructure
CCBN: we’re committed to fully Implementing CCBN – first as an add-on script, and later as part of core consensus code, deployed first to testnet and then to mainnet. CCBN is a decentralized approach to thwart secret mining attacks by notarizing blocks to independent blockchains, providing a way to resolve chain splits in favor of honest mining, which will greatly enhance on-chain security.
ElectrumG 4.0: it’s time to upgrade to the upstream Electrum 4.0 client and the latest ElectrumX Server with improved security, performance, and more features, including: PSBT support, payment server, native Android support.
Bitcoin Gold Core v21: continuing to follow upstream updates brings in value bugfixes and security improvements, and also introduces new features including schnorr signatures and taproot.
Refreshed Explorer: we’re deploying a new blockchain explorer (Blockbook and / or Bitcore v8) for improved stability, appearance, and usability.
Lightning Network
LN Client: we’ll deploy a stable BTG version of a mature lightning client to testnet and then mainnet (lnd, c-lightning, and/or eclair.) Even if fees don’t demand an LN infrastructure, a Lightning Network can still deliver greater efficiency on transactions.
ElectrumG Lightning Network Integration: after deploying new Lightning Network clients, we can enable Lighting Network within ElectrumG and connect it the Bitcoin Gold Lightning Network for near-instant transactions. This depends on both ElectrumG 4.0 and the LN Client.
BTCPay Integration of BTG Lightning Network: BTCPay, the best decentralized payment gateway, already supports BTG, so extending BTCPay to support BTG LN is next. This depends on the LN Client.
We’re thrilled to announce BTG Core wallet v0.17.3!
This important release increases the safety of the BTG blockchain against deep-chain reversions by introducing rolling checkpoint finalization.
You can download the latest release here:
Typical users can shut down the app, install the new version, and restart the app without issue, but it’s always best to backup everything, especially wallet.dat files, first. The v0.17.3 release notes are here.
Version v0.17.3 is a direct drop-in replacement for v0.17.1 or v0.17.2, but before upgrading from an older version like v0.15.2, exchanges, services, and anyone who writes code against the API should should check the full release notes for v0.17.1 as some APIs are deprecated and there are changes to way the config file is read.
Notable Changes
Rolling Checkpoint Finalization
A finalized block is one which the system considers non-replaceable. If a node receives a sudden chain of blocks which is a “fork” of the blockchain going back further than the last finalized block, the fork will be rejected. This makes long attack forks impossible.
Every time a new block comes in, the node will check if a previous block is newly eligible to be finalized. To ensure normal chain function and prevent potential problems, blocks aren’t eligible until some time passes (see the release notes for full details.) This acts like a traditional bitcoin checkpoint, but over time the finalized block rolls forward, hence the name. The important part is that deep reorganizations become impossible.
Most transactions – over 60% – will be in a finalized block when they have just 10 confirmations, but under some rare conditions, it may take 20 confirmations or more. (In 99.92% of the past 100,000 blocks, finalization would have happened by the 19th confirmation.)
RPC Changes
The new RPC call getfinalizedblockhash will report the blockhash of the most recent finalized block so that developers can code new behavior around this security information.
Looking forward as always,
The Bitcoin Gold Organization
Join the discussion and comment on this post at forum.btgofficial.org
CRITICAL MESSAGE FROM BTG TEAM TO ALL POOLS, EXCHANGES, WALLETS, SERVICES, AND COMMUNITY RUNNING NODES
Please immediately upgrade your BTG Core full nodes to version 0.17.2, published July 2, 2020.
UPDATE: if you did not upgrade prior to July 10 at 14:00 UTC, you will also want to perform the command:
invalidateblock 00000000635620f22ba8694aea532d51619f8cd060f4e42e85db3cb3a5d1c29c
HOW TO UPGRADE:
1. You can use the pre-compiled binaries on Github, https://github.com/BTCGPU/BTCGPU/releases/tag/v0.17.2, or use the DOWNLOADS link you see above. Simply shut down your node, install the latest version, and start back up.
2. Manually upgrade from the latest code on the BTCGPU Github v0.17.2 tag (on 0.17 / master branch); full release notes here. If you are still at v0.15.2 and haven’t upgraded to 0.17, we have a backport version v0.15.3 tag (on 0.15 branch) including the same changes so you can keep your current configuration files.
(Note: there were potentially breaking changes in the configuration file between v0.15 and v0.17*)
You can run this command in the console or bgold-cli to ensure you are immediately on the honest chain:
invalidateblock 00000000635620f22ba8694aea532d51619f8cd060f4e42e85db3cb3a5d1c29c
Note: a strong majority of the honest mining pools have already upgraded their code a week ago, and continue to mine on the honest chain.
The BTG Explorer at https://explorer.btgofficial.org/ is on the honest chain. You can compare your most recent blockhash with the explorer to ensure you are on the honest chain.
To ask your node for the latest blockhash, give it the command:
getbestblockhash
And compare it to the latest block on the BTG Explorer at https://explorer.btgofficial.org/
====== EMERGENCY INFORMATION ======
We have just seen an extremely long attack chain of over 1300 blocks on July 10, 2020, against the BTG network which have been mined since July 1, 2020.
We detected this illicit activity early on and sent alerts to pools and exchanges to protect them; many closed their wallets over a week ago. We also supplied them with BTG version 0.17.2, which included a checkpoint at block 640650, hash 000000059ec8884fa4fbbdbe46c09cfb4ecba281dfa2351a05084e817c1200ae from July 2 at 2am UTC, mined by MiningPoolHub, a known honest block.
With this block checkpointed, the attacker’s chain could not take over, but this information was not public, and the attacker continued to mine. The attacker mined their secret chain for nearly 10 days, renting power from NiceHash to do so. Today, on July 10, the attacker released over 1300 blocks.
Because those attacking blocks are anchored at a block mined on July 1st (before the checkpoint), the honest pools and exchanges who are running the updated code automatically rejected the attacker’s chain.
It’s time for everyone else to upgrade their nodes to make sure they stay on the honest chain and to push your node onto the honest chain by using the simple command:
invalidateblock 00000000635620f22ba8694aea532d51619f8cd060f4e42e85db3cb3a5d1c29c
If you use the Bitcoin Gold GUI, you can enter this command in the Debug Console. If you use the command line daemon, simply give this command to bgold-cli:
bgold-cli invalidateblock 00000000635620f22ba8694aea532d51619f8cd060f4e42e85db3cb3a5d1c29c
This tells your node that the attacker’s version of the block at height 640650 invalid, and your node will immediately switch back to the honest version of the chain (perhaps after a short recalculation delay.)
The majority of honest pool hashpower continues to mine on the honest chain.
Questions can be addressed to the BTG team:
https://discord.gg/HmVUU6S
=====================
Attack chain details:
The attacking chain includes this block at height 640650:
00000000635620f22ba8694aea532d51619f8cd060f4e42e85db3cb3a5d1c29c
The honest block checkpointed in version 0.17.2 at height 640650:
000000059ec8884fa4fbbdbe46c09cfb4ecba281dfa2351a05084e817c1200ae
The attacker’s mining coinbase address was:
GcxCUDhfB7RwfScd96J24mKYPounRbVUq2
Their common ancestor, valid on both chains, is block 640568, hash 00000001ca8ac90d83f6f5da01ac96b7a017702a040953b93cda2e52b07385cd, https://explorer.btgofficial.org/insight/block/00000001ca8ac90d83f6f5da01ac96b7a017702a040953b93cda2e52b07385cd
The honest chained mined publicly, mining this block 640569 on July 1st:
The attacker mined secretly and withheld their block 640569 until July 10th, even though it was mined July 1st:
https://explorer.btgofficial.org/insight/block/000000047bd388dd484d9fdadece6b71aa13fa987bd2a283b68b9a2968465eac
If you have previously updated to BTG Core 0.17.2, you will still be on the honest chain, along with the major mining pools and exchanges.
If you have not yet updated and cannot update at this time, run the invalidateblock command as noted above to discard the attacker’s chain and put your node on the honest chain.
Want to comment? Join the Discourse here!
_____________________________________________
*These changes are aligned with the changes in Bitcoin Core v0.16 and v0.17 and include deprecated RPC commands which are now disabled by default, as well as the introduction of “sections” for testnet and regtest. If you must use deprecated RPCs that are now disabled, you can re-enable them in your config file with the appropriate deprecatedrpc flags. Commands that are not in a section for [test] or [regtest] will only apply to mainnet; see ReleaseNotes. If you use no deprecated commands and use your config file only for mainnet, there should be no breaking changes.
We’re thrilled to announce BTG Core wallet v0.17.1!
This major update to our Full Node wallet includes substantial new features for BTG and numerous bug fixes.
You can download the latest release by clicking below:
Typical users can shut down their node, install the new version, and start their upgraded node without issue, but it’s always best to backup everything, especially wallet.dat files, first.
As promised, BTG strives to stay in-sync with Bitcoin Core’s developing features. BTG Core v0.17.1 parallels features of Bitcoin Core v0.17.1; developers and engineers can expect to see the same changes they already experienced upgrading Bitcoin Core from version 15 to versions 16/17.
IMPORTANT: Do not use v0.17.1 for in-place node upgrades in production environments without first testing and modifying! This version makes important changes to some APIs and the conf file (see release notes). Also, if you run a full transaction index (most individuals don’t choose to do this), the txindex db will be migrated, which can take many hours before the node is usable again.
Notable Changes
Compact Blocks
The most immediately important feature: Compact Blocks are fully implemented on BTG for the first time. This enhancement is critical to support Light Wallet protocols like Neutrino, which enable Lightning wallet and mobile wallet apps to work directly with the BTG network without having to download and store the whole blockchain.
Wallet Enhancements
The wallet and user interfaces now fully support Segwit addresses and full native Segwit support is enabled. All new wallets are HD-wallets (hierarchical deterministic – until now, users still had the option of making a new wallet that was not HD.)
PSBT Support
Bitcoin’s PSBT interchange format is introduced for BTG in this version, though it is not yet supported in the GUI. PSBT allows for transaction creation and signing to be coordinated among multiple parties (for hardware wallets, multisig systems, CoinJoin, etc.)
For Developers and Engineers
With this version, the RPC changes and new ‘label’ API you may know from Bitcoin Core versions 16 and 17 are now in place for your BTG nodes. Developers need to be aware that the deprecated ‘getinfo’ API is now retired in favor of more specific calls (see this about the API change) and pool operators need to be aware of the impact to stratum implementation (see this GitHub example for a guide. )
Summing Up
While this new version is not a hard fork and is not a required update (your current nodes will continue to work just fine), it will be a recommended upgrade for all users because of the many improvements. This updated version of the BTG Core Wallet delivers bug fixes, enhances performance, and delivers critical features that enable many new technologies that have been held back until now.
Looking forward as always,
The Bitcoin Gold Organization
Developers and interested parties can see the work on projects like neutrino, lnd, and other projects on the BTG project’s GitHub.
Join the discussion and comment on this post at forum.btgofficial.org
UPDATE: we’ve added an external live balance site, as described in this post.
BTG Endowment Transparency
Live Source Code: https://github.com/h4x3rotab/btg-transparent
About the Bitcoin Gold Endowment
Since the day they were first mined, the Endowment’s wallets have been public on the BTG blockchain, but rumors and misinformation persist. This post explains the Endowment mining process in detail and lists all of the wallets.
In 2017, the Bitcoin Gold project duplicated (forked) the Bitcoin blockchain as a fair way to distribute 16 million coins, and then launched with an 8000-block mining period to create a 100,000 BTG Endowment to support the future of the project.
As of early August, 2018, about 20,000 BTG have been spent from the Endowment and about 80,000 BTG remain.
This Endowment is currently the only source of funding for the Bitcoin Gold project; after the formation of the Endowment on the day of launch, 100% of all mining rewards and fees have gone directly to the miners – exactly as described in our original Bitcoin Gold Whitepaper / Roadmap. and detailed in our earlier Endowment post.
The funds we’ve spent from the Endowment align as described in the Roadmap – salaries and payments for infrastructure, developers, support staff, travel to promotional events… we have not spent any funds paying Exchanges to list BTG. Our developers are currently focused on bringing Lightning Network fully to life on BTG, and are working on Atomic Swaps, Smart Contracts, and more!
The whole team is working hard to be Good Stewards of the Endowment so that it can support this project for months and years to come, despite the temporary bear market in cryptos.
Building for the future,
The Bitcoin Gold Organization
#1CPU1VOTE
Note that there is no “new information” in this post– it is a summary of information that has been publicly available since launch in 2017, either in the public open-source code on GitHub, or on the BTG blockchain itself.
Recap of how BTG started
Fork and Launch:
Fork at BTC Block 491406
After Bitcoin block 491406 was mined on 2017-10-24 01:17:35 UTC, there were about 16.5 million Bitcoin in existence. At that point, the entire Bitcoin blockchain was duplicated (forked) to establish the starting point of the ledger for BTG – so BTG blocks 0 through 491406 are identical to those same-numbered Bitcoin blocks (with the addresses converted to BTG format to avoid confusion.)
This new ledger of BTG had the same number of coins in it – 16.5 million – each of which was in the control of the same owner as the original Bitcoin (because those people hold the private keys).
BTG Network Launch
On November 12th at 08:34:01, the BTG network was launched and mining began with BTG block 491407, the first block mined as BTG, on 2017-11-12 12:34:01 UTC.
There was no mining and no coins were created between 2017-10-24 and 2017-11-12.
The mining reward from the first 8,000 BTG blocks formed the Endowment. At a block reward of 12.5 BTG per block, 8000 blocks yields 100,000 BTG, as specified in the original Bitcoin Gold Whitepaper / Roadmap.
Of those 100,000 BTG, 40,000 were immediately accessible and 60,000 were time-locked for up to 36 months. For safety, security, and control, those 100,000 BTG were mined into 152 different wallets, and all of these wallets are 4/6 multi-sig. (This means there are six private keys for each wallet, and at least four of the six private keys must sign a transaction to move any funds. Each of the six co-founders of the project holds one of these keys.)
If you’re good with code, you can confirm what’s written above by looking at the open-source code in our GitHub: 60% of the funds being time-locked for up to three years can be seen here. Enforcement of the official multisig wallet list is in the consensus rules seen here. If you’re not good with code, you can read still understand full mining process below, along with a full list of all the Endowment wallets. We include links to the blockchain explorer to make it easy to confirm on-chain.
After the mining of the 100,000 BTG of the Endowment, the total number of BTG rose from 16.5 million to 16.6 million. The Endowment was only 0.6% of the coin supply at the time. (Max future coin supply is 21 million, so the Endowment was 0.476% of the maximum coin supply.)
Endowment Mining Specifics
First 3200 blocks (40,000 BTG)
These were mined into four wallets, “round robin” style:
491407 -> Address 1
491408 -> Address 2
491409 -> Address 3
491410 -> Address 4
491411 -> Address 1
491412 -> Address 2
491413 -> Address 3
491414 -> Address 4
491415 -> Address 1…
… and so on for 3200 blocks. At 800 blocks per wallet, these wallets accumulated 800 * 12.5 = 10,000 BTG each. The wallet addresses are listed below, and are also visible when looking at those block numbers in any BTG blockchain explorer.
The next 4800 blocks (60,000 BTG)
The remaining blocks were divided into roughly 36 segments to unlock monthly over the course of three years. (Dividing 4800 into 36 would actually be 133.33 blocks per segment; instead, 36 segments of 133 blocks were created and a 37th segment with the remaining 12 blocks.)
Each segment was mined round-robin into four wallet addresses, much like the earlier blocks.
Example:
494607 -> Address 5
494608 -> Address 6
494609 -> Address 7
494610 -> Address 8
494611 -> Address 5
494612 -> Address 6
494613 -> Address 7
494614 -> Address 8
494615 -> Address 5…
During the first 132 blocks of the segment, each address received 33 block rewards of 12.5 BTG, so each received 412.5 BTG. Then, for the 133rd block, the first address received an additional 12.5, bringing the total to 425 BTG in the first wallet.
The total BTG for the segment is 425 + 412.5 + 412.5 + 412.5 = 1,662.5 BTG.
After these 133 blocks were done, mining advanced to the next segment, which did the same procedure into four new wallet addresses which were time-locked for an additional month.
Again, all the addresses in question are 4/6 multi-sig and require four signatures to withdraw funds, in addition to the time locks.
Complete List of Endowment Wallets
As of early August, 2018, about 20,000 BTG from the 100,000 BTG Endowment have been spent, and 80,000 BTG remain in the originally mined wallets. Nearly 60% of the current funds remain time-locked.
The complete list of Endowment mining blocks and their wallets follows below, broken into segments as described above. The first column shows the first block mined for each wallet; the second shows for how many months that wallet was locked.
Links go directly to the noted wallet address or block in the official BTG explorer, but these can be verified in any BTG block explorer or full node.
(Spent figures as of early August, 2018)
Join the discussion at forum.btgofficial.org
As you may be aware, Bitcoin Gold has a Responsible Disclosure policy listed on the website, which is basically a (bug) bounty program for reporting security vulnerabilities in our stable software versions or infrastructure.
It allows people to safely report an issue to us, and if they follow the rules set out in the Responsible Disclosure policy, we will not take any legal action against them in regard to the report (hacking is still illegal).
The Report
Through the end of March, we received only false reports of “non-existing” issues, which we rejected. However, we recently received the first report which our SYSOPS and CERT team could accept. Although the security issue was very minor, we acted on it directly.
It was a DLL vulnerability that affects Bitcoin and all coins that use Bitcoin’s installer methods (including BTG.) We used the fix in our recent Network Upgrade and shared it for the rest of the community’s benefit.
Timeline:
| Date | |
|---|---|
| 27 March | Initial Report by Kushal Arvind Shah from Fortinet’s FortiGuard Labs |
| 28 March | Initial assessment from SYSOPS/CERT |
| 28 March | Started incident team with SYSOPS, CERT, Board and lead developer |
| 01 April | Classified the issue as LOW on usability and MEDIUM on impact |
| 02 April | Cause of issue identified and started work on fix |
| 11 April | Sent reward from the RD program to the Reporter |
| 27 April | Committed the code into master branch |
| 29 April | Added the code onto initial builds |
| 24 May | Reported the official fix of the issue |
| 04 Jun | Received confirmation from Reporter that the issue was resolved |
You might have noticed there was a sizable time span between the report and the fix. That is correct: it takes time to build a fix, especially if the issue stems from a third party module and your entire build process is wrapped around it. It took a long time to test, build, and test again before we could implement the fix as a replacement for our current build process.
The Fix
The specific issue addressed by the bug was as follows: Bitcoin Gold uses the NSIS Installer module, which basically wraps our code into a nice install package for people. Our code uses the v2.46 NSIS installer module, the same as in the Bitcoin source. This outdated code had a bug in LoadLibrary: by default, it looks in the current directory of the process and into the Folder of the Executable. This is bad (especially in common use case when users execute our installer from the downloads folder) because an attacker is able to drop a DLL into the Folder of the Executable and give themselves high privileges. To try it out, just place a fake shfolder.dll (which brings up a message box in its DllMain) in the same directory as an NSIS installer and run the installer to see the message box appear. This bug has recently been found in many products and is called ‘.DLL sideloading’ or ‘.DLL hijacking’. Only Windows 7 and very old builds of Windows 8 are vulnerable. An updated Windows 8.1 or any Windows 10 system is not vulnerable.
Although the fix may appear easy (just install the new version 3.03 NSIS installer module!), it is, unfortunately, not that simple. With deterministic builds, we have to make sure the installer matches our code, which involves a lot of trial and error. Also, with our upcoming Upgrade hardfork and another update in the code, all updates needed to be added into the latest releases (as they are mandatory upgrades.)
Our developers did the careful work necessary to implement the new module into the existing build process before our next release. Any developer that is interested in how we resolved the issue can find our fix on our GitHub repo code commit, Switch to NSIS 3.03 (borrowed some code from TOR project).
The (low) Risk
To be clear, your system had to be compromised in advance for the attacker to have used this vulnerability. The installer software was not compromised, nor was our code modified or hacked. An attacker had to download a malicious .DLL file and put it in the same folder where you downloaded and run the installer. The Bitcoin Gold code, daemon and cli are not affected, nor is any Linux or Windows system (8/10) that is up-to-date. Even if you are running Windows 7, it’s unlikely that an attacker would have been able to download a malicious .DLL file into the right folder at the same moment as you launched the installer. And users would only install a (new) version once on their system.
Our recommendation: remove any and all previously downloaded installers and only use the latest version from our website or Git repository.
Because this fix was implemented well before our recent Network Upgrade on July 3rd, everyone who downloaded our software or code in preparation for the Upgrade was safe from this vulnerability.
It’s important to note that this issue is not specific to Bitcoin Gold: it can affect any coin that uses Bitcoin’s code as a basis. Some repositories, including Bitcoin itself, are currently vulnerable to this issue.
To ensure awareness of the issues and the fix, we submitted our work to the Bitcoin code repository in this Pull Request: Switch to NSIS 3.03 to avoid DLL hijacking.
Credits
The BTG team would like to thank the original Reporter (Shah from FortiGuard Labs), the TOR Project (where helpful code was sourced), and we’d like to call out the efforts of our SYSOPS and DEV teams, who managed the issue and the resolution for us. We’re happy to be able to contribute back to the Bitcoin project and provide a fix which can potentially be used by multiple projects which rely on the Bitcoin codebase.
Supporting the ecosystem,
The Bitcoin Gold Organization
#1CPU1VOTE
]]>
The BTG blockchain has been performing wonderfully since the successful Network Upgrade last week. If you’re using our ElectrumG wallet, make sure you update to the latest version, published last week:
ElectrumG 3.2.1 is a stable release and is fully compatible with the recently Upgraded Bitcoin Gold Network.
What is ElectrumG?
ElectrumG is our version of the popular Electrum Bitcoin Wallet, modified for BTG. It’s is a full-featured wallet that’s easy to use for beginners but provides many advanced features – including invoices, multisig wallets, cold storage, and a rich set of functionality for advanced users and developers.
Most importantly, ElectrumG is very quick to load and very lightweight, consuming a lot less disk space than a full node wallet.
How’s it so Lightweight?
Unlike a “full node” wallet, ElectrumG on your computer doesn’t validate every BTG transaction and maintain a full copy of the BTG blockchain, so it doesn’t need hundreds of gigabytes of space on your computer. Instead, it relies on lightweight block headers and uses SPV (Simplified Payment Verification, as described in the Bitcoin Whitepaper) to verify payments. Like any SPV wallet, ElectrumG relies on ElectrumX servers for some functions, such as receiving new block headers, or broadcasting new payments after they are signed – but the private keys used to sign those transactions never leave your computer. You remain in complete control of your private keys.
Production vs Beta
The current production version, ElectrumG 3.2.1, was released just before the Network Upgrade hardfork. The wallet and back-end ElectrumX servers were upgraded to remain functional after the fork. This version does not include support for hardware wallets, which will be added in an upcoming Beta. (Hardware wallet support was initially planned for the 3.2.1 release, but needed to be delayed in favor of rolling out support for the Network Upgrade.)
Free and Open Source!
ElectrumG will continue to be free and open-source, with ongoing development and support provided by the Bitcoin Gold Organization. (See the full source code on GitHub.)
The Bitcoin Gold Organization also hosts and maintains a globally distributed set of ElectrumX servers, which were upgraded for the Network Upgrade.
We’d like to thank Spesmilo (Electrum) and Kyuupichan (ElectrumX) for their hard work on the Electrum projects over the years, as well everyone else in the Open Source Community that has contributed to the creation and growth of projects like these.
We’ll continue to work hard to provide the kind of software users want, the services developers need, and to continue expanding and supporting the Bitcoin Gold Ecosystem.
Working hard and making progress,
The Bitcoin Gold Organization
#1CPU1VOTE
Where do I get it?
Please report Issues on GitHub or the Forum.
Feature List
Beyond a pleasant interface, ElectrumG provides users with a full suite of functions:
- seed recovery phrases, a secure system which is more user-friendly than hexadecimal codes
- wallet encryption
- multi-signature wallets, for cases where control of funds needs to be distributed
- easy import of Bitcoin address or private keys
- cold storage – the ability to create and sign raw transactions offline and then broadcast
- invoicing functionality
In the near future, ElectrumG will also include:
- hardware wallet connectivity, so you can use ElectrumG while keeping your private keys on a hardware wallet like Trezor, Ledger, or KeepKey
For developers, ElectrumG provides:
- a powerful command line interface
- ability to use cold storage with the command line
- a GUI Python console
- an ElectrumG daemon for scripted uses, such the ability to accept BTG on a website with signed payment requests
Our current mining algorithm, Equihash, is used by many different coins without any personalization. It was originally developed by Zcash and based on the parameter set <200,9>. We are going to upgrade to Equihash with a the parameter set <144,5>, with some customization. We’ll call it “Equihash-BTG,” for now. This will keep our blockchain ASIC-resistant and add an immediate measure of safety from 51% attacks.
About Equihash
Equihash, which was first developed and used by Zcash, was designed from the outset to be an “ASIC-resistant” Proof of Work algorithm. The developers set out to accomplish this by making it a memory-hard algorithm. (See the Biryukov and Khovratovich paper on Equihash.) What does this mean, how does it make mining ASIC-resistant?
A memory-hard algorithm is one which requires a lot of memory to be able to run. It simply won’t work on hardware that doesn’t have enough memory.
When making an ASIC – an Application-Specific Integrated Circuit – adding memory is very expensive, and the more memory you need, the more expensive it gets. With a high enough memory requirement, building a “single-chip solver” on an ASIC becomes so expensive that you could not hope to earn enough in mining to pay for the ASIC. It’s impossible to profit.
Equihash was engineered to make that to happen – it can be configured to need a lot of memory as a minimum requirement to run, and it needs several times that much to run efficiently. (If you use half the ideal amount of memory, it can be 1000 times slower.)
Exactly how much memory is required? That depends on a couple of parameters.
The current Equihash: <200,9>
Equihash is the name for the general algorithm, but the exact implementation depends on two parameters, < n, k >. Today’s common Equihash coins run on Equihash <200,9>, so n = 200 and k = 9. This setup is currently used interchangeably by Bitcoin Gold, Zcash, Zencash, and many other Equihash-based cryptos.
This <200,9> version of Equihash requires a minimum of 50 MB of memory but can run much faster with 144 MB of memory. This was not the most demanding (most memory-hard) version of Equihash considered at the time, but it appeared to be “good enough.” These memory requirements were previously sufficient to prevent building an ASIC, based on the comparison of ASIC cost to coin value a year or two ago. Since then, Zcash – which was worth $30 in Feb of 2017 – has grown to be worth over $250, and now there are multiple coins that can be mined with the same Equihash. Meanwhile, the cost of transistors in an ASIC has gone down.
With these changes, it became possible to build an ASIC that can work with just enough memory to profitably mine the current Equihash coins – and this is precisely what has come to pass. But this doesn’t mean that Equihash is defeated – just that Equihash <200,9>.
Equihash-BTG: <144,5>
We’ll be adopting different parameters, <144,5>, for Equihash-BTG. Although these numbers are smaller than <200,9>, it means the algorithm actually requires dramatically more memory to run – so much more that we believe ASICs will be impossibly unprofitable for quite some time. The <144,5> parameters require a minimum of 700 MB to run and use about 2.5 GB to run efficiently (that’s 17 times larger!) This should be too expensive to produce with an ASIC right now, while most graphics cards used by our miners already have that much memory or more.
We’ve seen the innards of the Z9 Equihash miner, and we’re no longer concerned that it might be able to mine Equihash-BTG effectively. We’ve tested the new algorithm with typical graphics cards and have confirmed that they can run the new algorithm with as little as 3GB of RAM (although it can be a bit tricky under Windows if trying to mine while still using the computer.)
The sheer amount of memory required for Equihash-BTG pretty much forces the use of DRAM, which calls for a dramatically different design than a single-chip solver for regular Equihash. Even if a specialty miner is developed for Equihash-BTG in the future, it will not have as dramatic an advantage over a GPU as the specialty Equihash <200,9> miners. This significantly decreases the threat ASICs can pose to our network. While we know that this parameter change is not a permanent fix – this one change won’t stop ASICs forever – we know it will solve the ASIC-resistance problem for now, and gives us time to consider other alternatives for the longer term, if necessary.
The new parameters in Equihash-BTG also provide a few other advantages over <200,9>, which you can read about in our more detailed Forum post about Equihash-BTG.
Enhanced Safety
The new algorithm doesn’t just protect us from ASIC miners – it moves us into a different “pool” of hashpower, which also gives us a measure of safety against the kind of 51% attacks against Exchanges that happened over three or four days this past May.
Why does the new algorithm make us safer? It has to do with the size of the pool of hashpower available as Equihash. The total supply of power is large because it’s currently used interchangeably by multiple coins, and some of those coins produce new coins quite liberally – they generate a lot of miner rewards, which attracts a lot of hashpower, making the total pool very big. Though the share of power available for rental may be a small fraction of the total power for all coins, it can be a large share compared to individual coins, such as Bitcoin Gold. When the power available to rent on demand is larger than the power mining our coin, our chain is potentially at risk of attack (if someone has the financial means to rent all of that hashpower while simultaneously having the resources to make an enormous double-spend attempt against an exchange.)
Because Equihash-BTG is different from the existing pool of regular Equihash power, we’ll effectively be in a separate pool of power. This means BTG will dominate the hashrate on this new PoW algorithm, which is “personalized” to BTG, adding a layer of incompatibility versus other coins that will be moving to the <144,5> parameter set, such as BTCZ (we’ve been collaborating with many other coin teams in the space.)
Timing and Future Updates
While we’re very close to being able to provide Release Candidate versions of all the software to the public, we still aren’t ready to commit to a specific fork date. We’ll begin releasing detailed information about progress with the code and timing to all of our partners in the coming days to assist them in preparations. Because this kind of Network Upgrade will be enacted via Hard Fork, we need to be sure our partners are prepared. (A Hard Fork does not mean there will be a new coin – it just means that the prior software won’t be compatible, so the Upgrade is not optional.) Our ecosystem includes dozens of partners, including mining pools, miners, the makers of mining software, blockchain explorers, wallet hardware and software providers, third-party merchant services, and over fifty exchanges! We’re doing our utmost to ensure that everyone in our community has the opportunity to prepare so that nobody is left behind when the time of the Upgrade comes.
Working towards a better future,
The Bitcoin Gold Organization
#1CPU1VOTE
References:
- Biryukov and Khovratovich paper: Equihash: Asymmetric Proof-of-Work Based on the Generalized Birthday Problem
- Blog Post: A Response to the ASIC Threat
- Forum Post: Our “New” Equihash: Equihash-BTG
- Blog Post: Responding to Attacks
Additional reference for 3rd-party miner developers:
]]>New PoW Algorithm
One important change goes a long way to address both of these issues: a change in our Proof of Work algorithm. We’ll be moving our mining algorithm to a different version of Equihash that we’re calling Equihash-BTG, for now. You can read more detail about it on our Forum.
Most of the necessary components for the Network Upgrade have been coded, but need more thorough testing. We are still working on improving the mining software so that as many people as possible are free to mine as soon as the Network Upgrade happens. Until the mining software was ready, we weren’t able to thoroughly test the new components on a testnet. We’re now making good progress and expect to be able to establish a firmer timeline for the Upgrade shortly, which we intend to share in another update three days from now.
Testing and Go-Live Preparations
Please note that we will be providing at least seven days’ notice before the Network Upgrade, and perhaps more, depending on what we hear from our critical ecosystem partners. We want this upgrade up and running as soon as possible, but it doesn’t do any good if we upgrade the software before the wallets, mining pools, exchanges, and others are ready. It’s imperative that any of our partners who haven’t yet done so reach out to us to ensure we have the best methods to contact them with further information. (You can reach out to us via support email, or any of our social media channels.) We’ll also be posting detailed information on our Forum and in GitHub.
Attention to Security and Community
We’re also working hard on many fronts to improve security, both now and in the future. We’ve developed monitoring systems for our blockchain and our mining network, and have established channels to rapidly communicate risks to Exchanges. We plan to expand these tools and make them available to others. We’re also cooperating closely with other coin development teams to share what we’ve learned, and to work together to improve the safety of the crypto space. The recent Double Spend attacks using ZenCash remind us that we’re not out of the woods, yet.
We’ve said before that attacks on part of the ecosystem are attacks on us all. It’s also true that if we all work together, we can fight back against these attacks. We can report that the crypto community is coming together and will be supporting each other as we work to get through these difficult times as quickly as possible.
Earnestly yours,
The Bitcoin Gold Organization
Linked References:
- https://btgofficial.org/a-response-to-the-asic-threat
- https://btgofficial.org/responding-to-attacks
- https://forum.btgofficial.org/t/our-new-equihash-equihash-btg/1512
- https://forum.btgofficial.org/t/action-items-to-prevent-future-attacks/1447
- https://blog.zencash.com/zencash-statement-on-double-spend-attack
We want you to know what’s going on, what we’re doing, and what’s going to happen next.
Background
As anyone watching our Twitter or Forum posts was aware, there have been recent “51% Attacks” done using the Bitcoin Gold blockchain over a span of about three and a half days in May to attack Exchanges with something called a “Double Spend.”
This is not due to some flaw in blockchain technology; any blockchain – even Bitcoin – can theoretically be attacked by a malicious actor who can control more hashing (computing) power than all the honest miners. Of course, the biggest risk is to a smaller network in the shadow of a bigger one. Bitcoin has an order of magnitude more hashpower than some other coins mined with the same SHA256 algorithm, like Bitcoin Cash and Digibyte, so Bitcoin is relatively safe. Likewise, Zcash has an order of magnitude more hashpower than other coins mined with Equihash, like Bitcoin Gold, ZenCash, and Komodo, so Zcash is relatively safe.
So, why target us, and not another Equihash-based coin? Frankly, it’s likely because we are on more large Exchanges, with significant liquidity and fairly deep order books – these are necessary for an attacker to be able to profit from such an attack. And, as news reports show, we’re neither the first nor the last coin to be attacked this May.
Risks
Ordinary users aren’t at risk, funds held as BTG aren’t at risk, and any trades with known partners aren’t a risk, either. The only real danger is to anyone who unknowingly trades directly with the attackers for very large sums on an automated system. In other words, Exchanges.
The power to perform such an attack is expensive – the attackers need to control a huge wave of mining power. So mounting an attack is costly and, if it fails, will lose money. Attempting such attacks to steal $100 or $1000 can’t be profitable, but attacks for much larger dollar values will tempt criminals to attack Exchanges, and so they did. You can read more about how a Double-Spend attack works here.
While this problem isn’t unique to Bitcoin Gold and doesn’t represent a flaw, we consider our Exchanges to be critical partners in our Ecosystem, so in a theoretical sense, attacks on Exchanges are attacks on us all. And even when the attacker fails to steal BTC or some other currency from an Exchange after their double-spend, their 51% attack causes a “reorganization” on the blockchain, which is disruptive to honest users and steals mining revenue from honest miners… this means they literally are an attack on us all.
We can see how many attacks were made, but we can’t tell how many were fully successful against the Exchanges, nor can we be certain which Exchanges were attacked.
Response
To help them protect themselves, we’re monitoring the situation carefully in a variety of ways to rapidly alert the Exchanges when we can tell an attack is in progress. (The last known attempt was on May 19th.) This is why many Exchanges dramatically increased their confirmation requirements, or else closed their deposit wallets entirely. Of course, we need to be in close contact to be able to alert them promptly – any Exchange that has not yet joined our emergency communications channels should reach out to the team immediately!
Most of you also know that we were already planning a major upgrade soon, near the end of June. This was to change our Proof of Work algorithm so that BTG could not be mined on upcoming ASIC hardware – we expect ASIC hardware to ship from Bitmain around then, potentially delivering a huge wave of mining power, and we don’t want that to impact our existing miners.
This algorithm change has a second effect. Right now, we share our Proof of Work algorithm (Equihash) with many other coins, so collectively, the pool of Equihash power out there is much bigger than our individual network’s hashpower. But when we change our Proof of Work, we’ll be on a different algo which doesn’t have such a large amount of power out there which some entity could try to control. This means our blockchain will become dramatically safer from a 51% attack immediately when we fork to the new network… and which is why we’ve moved up the date to be As Soon As Possible.
Network Upgrade with new Proof of Work
We’ve been working at an incredible pace the past days to put the plan and pieces together, and we expect to upgrade our mainnet approximately seven days after the necessary software is up and running on our testnet. This upgrade will require some software updates on the part of Exchanges, Wallets, Pools, Explorers… While it would be better to give all our partners more than seven days to test and deploy to avoid disruption, these attacks have already forced disruption on us all, so we feel it’s best to get the upgrade completed as soon as we possibly can.
We’ll provide another update with a progress report on the testnet status within another three days, or sooner if it’s ready; we aim to be able to give a firm date for the actual mainnet upgrade at that time.
The Community considers these attacks on Exchanges to be attacks on us all, but we and our Community are resilient and remain dedicated to decentralized solutions.
We’re encouraged by and grateful for the responses and support we’ve been receiving from our Community, as well as the communities of other coin developers we’ve been in touch with, the developers of mining software, and even academics and industry researchers who work in hardware – it’s heartwarming to receive encouragement and advice from so many of you, and we deeply appreciate it. Thank you, all. We know that many are looking to us to lead the way, and it’s our intention to serve as an example to other projects in the community that are dealing with these sorts of malicious attacks from centralized mining power. In the end, decentralization is the answer.
We’ll continue working hard to get this out as soon as we can.
Sincerely,
The Bitcoin Gold Organization