8.2 C
New York
Wednesday, August 10, 2022
HomeCryptoCurrencyBitcoin is more secure thanks to this hidden benefit of Taproot

Bitcoin is more secure thanks to this hidden benefit of Taproot

Since last November 14, Bitcoin (BTC) has Taproot. This is an update that gives advantages to the network, mainly related to privacy. But Taproot also offers other benefits that are not so well known, such as the one presented below.

There is a potential attack vector related to the payment of fees in Bitcoin (the commissions miners receive for validating transactions).

In summary, the way fees are paid in SegWit transactions (addresses that start with “bc1”) and P2SH (addresses starting with 3), it does not exist a rate size explicitly specified by a metadata field. On the contrary, the fee is inferred from the transaction data.

Explains Trezor, a firm specialized in manufacturing hardware wallets for Bitcoin, that this adds a vulnerability in the network. An attacker could trick a user into spending an abnormally high amount of BTC in fees during a transaction . Worst of all, this would happen without the user noticing what is happening … until it is too late to cancel the operation.

The attack is imperceptible to the Bitcoin user

Trezor gives the following example, with a victim who has two Segwit-P2SH UTXOs. One of 15 BTC and another of 20 BTC. UTXO is defined as unspent outbound transactions . Represents bitcoins that were returned as unspent funds at a Bitcoin address. This amount, reflected in a UTXO is the difference in balance between an entry and the exit spent.

In the example, there is the fact that a malware asks a user to confirm a transaction with the “entry 1” as 15 BTC and the “entry 2” as 5.00000001 BTC, with the outputs that the user chooses.

The user, when confirming the transaction, will spend 20 BTC plus a fee of 0.00000001 BTC. There, the malware generates an error and prompts the user to reconfirm the transaction.

When it does, it will confirm a transaction with the “entry 1” as 0.00000001 BTC and the “input 2” as 20 BTC, with the same outputs as before.

In the view of the victim, the transaction would be identical. Thus, it will confirm that you have spent 20 BTC plus a fee of 0.00000001 BTC.

But, the malware will use the signature of the ‘entry 1’ of the first transaction and the signature of the “entry 2” of the second transaction, to create a transaction that spends 15 BTC of the “entry 1” and 20 BTC of the “entry 2”.

As a consequence of all This action, the victim in the example will end up paying a transaction fee of more than 15 BTC .

Taproot’s solution: specified fee size

With Taproot this no longer happens, because the metadata field is added which causes an explicitly specified rate size to exist.

With Taproot, all amounts of input are explicitly included in the signed data, which is not the case . This protects users who could use a wallet with an unreliable rate algorithm, since if an attacker tries to lie to the wallet about the input amounts, the wallet will generate a signature that will not be accepted by the network.

Trezor, a company specialized in manufacturing hardware wallets for Bitcoin.

It is worth clarifying that this vulnerability —if Taproot is not used— can be prevented by the purse itself. Some require the above transaction to verify the actual UTXO balance. This prevents an attacker from claiming that the balance is lower than it actually is.

«As you know, the difference between the input and output amounts is considered as the transaction fee on the Bitcoin network “, explains Trezor and reiterates that this could mean (with wallets that do not carry out this verification) that” the user pays a significantly higher fee without knowing it. “

The importance of adopting Taproot

For this and other benefits of Taproot are palpable for all Bitcoin users, it is important that the entire ecosystem is updated to support this BIP . This includes wallets, exchanges, custodial services, nodes, etc.

Bitcoin is more secure thanks to this hidden benefit of Taproot
Almost two weeks after the activation of Taproot , 44% of the nodes have not yet updated their software to support this improvement proposal. Source: luke.dashjr.org.

Because Taproot was activated by a soft-fork, its implementation is not mandatory. Those who do not update their software can continue to be compatible with the Bitcoin network, but they do not enjoy the benefits of Taproot.

At the time of writing this article, important players such as Binance, Bitfinex, Coinbase, Gemini, Kraken, Strike, Blockchain.com, Exodus and Coinomi , still do not provide support for Taproot.

CryptoNews has reported that in the opinion of some, it could take up to five years for Taproot addresses to be compatible with most Bitcoin services. This, taking into account that the adoption of SegWit took four years to exceed 80%.

Meanwhile, those who operate between Taproot addresses already enjoy the benefits with more private transactions , where it is no longer revealed whether, for example, it is a multi-signature transaction.

Follow World Weekly News on

Sandra Loyd
Sandra Loyd
Sandra is the Reporter working for World Weekly News. She loves to learn about the latest news from all around the world and share it with our readers.

Leave a Reply

Must Read