Segwit2x Removes Opt-in Replay Protection

0

Jeff Garzik, lead developer of the segwit2x client, removed opt-in replay protection just days after it was merged.

The reason appears to be potential security concerns on how it may affect Lightning Network payments. Peter Todd, a bitcoin developer, stated “2X’s replay protection creates a potential security vulnerability for some 2X users.”

He doesn’t detail the vulnerability, with David Harding, a bitcoin.org site contributor and a seemingly strong support of 1x, stating:

“Alice’s software dosen’t know about the consensus-blacklisted address, so it doesn’t barf when Mallory makes an in-channel payment to Alice that refunds the remainder to the blacklisted address. When Alice goes to close the channel, she can’t because of the blacklist, so Mallory is able to claim the CLTV/CSV/nLocktime refund.”

Segwit2x implemented opt-in replay protection by requiring token payments to an address that would have its private key publicly revealed. An address which wouldn’t be mined by segwit2x miners.

It appears in circumstances where the software is coded in such a way it doesn’t know of that opt-in replay protection address, then funds may be lost.

Segwit2x developers, therefore, have reverted the change, which is now being called a rushed merger under public pressure from mainly 1x supporters to provide replay protection.

Segwit2x aims to upgrade the network, with the New York Agreement signed with intention to keep bitcoin’s community in one chain.

As such, they are resisting full replay protection as it would make current infrastructure, such as wallets, incompatible, requiring considerable more work from the ecosystem than without replay protection.

The lack of it, however, allows transactions to be “replayed” on both chains. That is, if you spend BC1, then you are also revealing the private key to BC2.

A manual method to prevent that is by splitting the coins, sending them to a BC1 address and a BC2 address after the fork. Something which now might be the only option.

As might be expected, 2x supporters welcomed the reversion while 1x supporters called it “sneaky.” However, objectively, as far as the skills test is concerned, it’s a win of sorts for 1x.

That gives a score of 1 to 2x for camouflaging nodes and 1 to 1x for pressuring them to rush opt-in replay protection to such extent they had to revert it a few days later.

The two developing teams, therefore, are currently balanced. But there are four more weeks of this, so we’ll have to wait and see what the final score ends up being in November.

 

Leave a Reply

Be the First to Comment!

Notify of
100000
wpDiscuz