Character Assassins for Hire: The Story Behind the ASICBoost & Extension Blocks Scandal
Bitcoin has a problem; the demand for Bitcoin far outweighs the bandwidth of transaction throughput that the network can sustain. The Bitcoin “highway” is constrained at 1MB per block, or one single analogous lane, which permits a “speed limit” of between 3.3 to 7 transactions per second. For comparison, VISA verifies transactions at a rate of 2000 per second, which makes Bitcoin look like a very congested highway. It is primarily infighting over the best scaling solution while maintaining Bitcoin’s network security mid-flight where the debate is held in political stalemate.
Before April, there had been just two primary proposals under way: Bitcoin Unlimited, which defers to the free market to determine optimal block sizes, and Bitcoin Core’s Segregated Witness (SegWit), an optimization and code cleanup by which block sizes would increase to 1.6MB. Large miners like AntPool/Bitmain are heavily in favor of large blocks, and miners ultimately have the final say over which code of law is enforced.
Because of the different incentives and subsequent power struggle between the miners enforcing the code of law and the developers writing the code of law, the scaling debate has become a battleground that has been littered with the corpses of the reputations of high-profile contenders. As this two-year-long stalemate continues to carry on without a clear path forward, the ecosystem grows bloodier, with both sides, Core and miners, carrying out smear campaigns.
To end the bloodshed, a third scaling proposal was published on 3 April 2017. Extension Blocks is a proposal drafted and submitted for review by Christopher Jeffrey of Purse.io, Joseph Poon of the Lightning Network, Fedor Indutny of PayPal, and Stephen Pair of Bitpay. It was meant to act as a middle ground for the war-torn community, addressing the concerns of both sides. The proposal does not explicitly define the block size but, according to Jeffrey, “the extension block will allow for a total [size] that is 2MB in the average case (that is the ‘soft limit’) and a hard limit of 6MB. So, that 2MB would be upgradeable to 6MB via soft forks. The better thing is since people have to use the new witness program version for it to grant new space, not only do the miners get to choose whether to ‘increase’ the block size, but users and wallets get to choose too.” He later added, “I’m not set on the 2MB/6MB thing totally yet, but that’s the direction I’m heading.”
When asked about the genesis of the Extension Blocks idea, Jeffrey shared:
“It started with me Joseph and Andrew in the conference room, all upset that Bitcoin was literally tearing itself apart. Joseph quickly whiteboarded up extension blocks and how they would work with the resolution output being a pushdata, right as he was about to leave. After he left, I kept looking at the whiteboard, and I realized that I could implement that. It would work. So I started writing code that night. I started speccing something up, and me and Joseph sat in that conference room for the next few days working on it. The idea was started March 16, and I wrote up code that weekend. We spent the next week in the same room speccing it out. Then we went to China to see if this compromise would even work if the miners even like it.”
On 22 March, Jeffrey published the first commitment in the then private GitHub repository.
But what ensued though was anything but peace.
The Bcoin/Purse.io Scandal
It is the day of April Fool’s, and a joke was rolled out by Wang Chun, owner of F2Pool, the third largest mining pool by hash rate. A source confirmed that blocks mined that day signaled every single proposal in existence, including proposals that had not been activated yet; proposals like Extension Blocks.
The tweet implied that Bitmain, the largest ASIC manufacturer and arguably one of the most powerful companies in Bitcoin, had invested capital in Bcoin, whose developer is Purse.io’s CTO, Christopher Jeffrey.
On 3 April, the developers of the Extension Blocks proposal released the premature specifications and code in response to the stirrup of public interest.
On 4 April, Luke Jr., a Bitcoin Core developer, wrote a review of the Extension Blocks proposal to the Bitcoin Developers mailing list, criticizing that the proposal, “…offers no actual benefits beyond BIP 141 or hard forks, so [it] seems irrational to consider at face value. In fact, it fits much better the inaccurate criticisms made by SegWit detractors against BIP 141.”
On 5 April, Gregory Maxwell, Bitcoin Core developer and CTO of Blockstream, sent out the ASICBoost email, publicizing the vulnerability which took many by surprise. It then initiated the conspiratorial discussion about Purse.io having been bribed by Bitmain, who was discovered to have been using covert ASICBoost to simultaneously block SegWit and gain an alleged 30 percent efficiency advantage over its competitors. In the email Maxwell wrote,
“A month ago I was explaining the attack on Bitcoin’s SHA2 hashcash which is exploited by ASICBOOST and the various steps which could be used to block it in the network if it became a problem.
While most discussion of ASICBOOST has focused on the overt method of implementing it, there also exists a covert method for using it.
Had there been awareness of exploitation of this attack and effort would have been made to avoid incompatibility—simply to separate concerns. But the best methods of implementing the covert attack are simply incompatible with virtually any method of extending Bitcoin’s transaction capabilities; with the notable exception of extension blocks.”
On the same email thread on 5 April, Joseph Poon wrote:
“Claims like these merit serious attention. If you can provide any kind of proof or documentation of this (doesn’t need to be conclusive, just something), I will provide my word and promise publicly here and now that I will personally see to it that a commitment which solves this (albeit possibly using a slightly different format to make it compatible) is added into the Extension Blocks spec. If there is evidence, my support, and authorship of the Extension Block specification is contingent upon resolving this issue.”
On 6 April, the ASICBoost vulnerability was patched in the Extension Blocks GitHub repository.
Following Maxwell’s email, the storm that had been brewing over the heads of the Extension Blocks developers broke overhead on Twitter in full force.
Luke Jr. ended further reviews supporting Extension Blocks, because, he argued, it was not formally submitted through the Bitcoin Improvement Proposal (BIP) process.
That same day, Joseph Poon was accused by Gregory Maxwell for “pretending that he wasn’t complicit in all this stuff.”
Maxwell responded by clarifying:
“That said, two days ago you participated in a highly unusual announcement of a protocol change that—rather than being sent for community review in any plausible venue for that purpose—was announced as a done deal in embargoed media announcements. This proposed protocol change seemed custom tailored to preserve covert boosting, and incorporated direct support for Lightning—and the leading competing theory was that a large miner opposed SegWit specifically because they wanted to block Lightning. Moreover, I have heard reports I consider reliable that this work was funded by the miner in question.
I thought it was useful for people to understand the context behind that glib remark: Including the point that I do not know for a fact that you are complicit in anything, but I consider your recent actions to be highly concerning.”
The report Maxwell was referring to is Samson Mow’s tweet, a claim that BTCManager had investigated but found no grounds for its basis. Samson Mow posted a follow-up tweet to clarify his earlier claim.
BTCManager reached out to Samson Mow, but Mow provided no comments. As of 12 April, Samson Mow was appointed CSO of Blockstream.
BTCManager reached out to Purse.io for comment about Mow’s claim.
Purse: “We didn’t take money, we weren’t offered money.”
When asked about their investors, Purse’s CEO, Andrew Lee, explained:
“Bobby was our very first angel investor, and we would not be here without him. He knows the whole story of how Bcoin developed and how the proposal evolved. Bobby and Roger have a similar percentage of Purse shares and influence. Neither has a board seat (JJ, James Wo, and myself).”
Accusations without evidence are serious offenses, as they do reputational damage and, done effectively, commit character/company assassination. BTCManager reached out to Gregory Maxwell, but Maxwell provided no response.
The Bcoin/Purse scandal was curious on several fronts. First was the timing of the ASICBoost email that garnered much media attention. ASICBoost was an optimization first filed for patent by Timo Hanke and Sergio Damien on 19 November, 2014. Bitmain then filed a similar patent in China on 28 November, 2015. The white paper by Dr. Timo Hanke was published on 31 March, 2016. The original discussion about AntMiners being equipped with ASICBoost was started nine months before the date of this article, by a user under the alias ‘GandalfBitcoin.’
The timing of Maxwell’s public release of the ASICBoost exploit immediately following the Extension Blocks thread seemed contrived, especially due to his stated bias toward the authors of the proposal.
Furthermore, a bribe of $300,000 to take on a reputational risk for any one of the organizations each of the Extension Blocks authors represents seems like hardly a worthwhile reward.
What the developers of the Extension Blocks proposal did was perverse in the sense that they did not follow protocol when submitting the proposal for review. It was in the same perverse nature that Bcoin was born, as a technically sound alternative to the single Bitcoin codebase to which all other BIPs reference. It was in this same ethos—that anyone can write code and contribute to Bitcoin and that no one entity can control it—that Bitcoin itself was born and designed as the decentralized network it is today.