Bitcoin Optech #158: Why Wallets Should Wait Before Generating Taproot Addresses
This week’s newsletter discusses changes to services and client software and why wallets should wait before generating Taproot addresses.
The Bitcoin Optech newsletter provides readers with a top-level summary of the most important technical news happening in Bitcoin, along with resources that help them learn more. To help our readers stay up-to-date with Bitcoin, we're republishing the latest issue of this newsletter below. Remember to subscribe to receive this content straight to your inbox.
This week’s newsletter describes recent changes to services and client software, discusses why wallets should wait before generating taproot addresses, lists new software releases and release candidates, and summarizes notable changes to popular Bitcoin infrastructure software.
No significant news this week.
Changes to services and client software
In this monthly feature, we highlight interesting updates to Bitcoin wallets and services.
- Lightning-powered news site Stacker News launches: Open source news site Stacker News launched allowing LNURL authentication as well as voting and commenting using LN micropayments.
- Suredbits announces DLC wallet alpha release: Suredbits’ bitcoin-s software includes a GUI and allows the execution of Discreet Log Contracts (DLCs) on the Bitcoin blockchain using an oracle. The announcement concludes by mentioning they also plan to use schnorr signatures and Point Time Locked Contracts (PTLCs) to implement DLCs compatible with LN.
- Sparrow 1.4.3 supports P2TR: Sparrow’s 1.4.3 release supports single-sig P2TR wallets on signet and regtest. The release also supports sending to bech32m addresses for P2TR.
- Coldcard Firmware adds Seed XOR feature: Coldcard’s 4.1.0 Firmware supports Seed XOR, a way to split/combine BIP39 seeds in which each part can function as its own wallet. The combined, XOR’d, parts also function as a wallet. This allows for features like honeypot funds and plausibly deniability.
- BlueWallet integrates Lightning Dev Kit: BlueWallet announced a shift to a new Lightning implementation, now using Lightning Dev Kit (LDK).
Preparing for taproot #5: why are we waiting?
A weekly series about how developers and service providers can prepare for the upcoming activation of taproot at block height 709,632.
Earlier entries in this series saw us encouraging developers working on wallets and services to begin implementing taproot upgrades now so that they’re ready when taproot activates. But we’ve also warned against generating any addresses for P2TR before block 709,632 as this could cause your service or your users to lose money.
The reason not to generate addresses in advance is that any payment to a P2TR-style output can be spent by anyone prior to block 709,632. The money would be completely unsecured. But starting with that block, thousands of full nodes will begin enforcing the rules of BIP341 and BIP342 (and, by association, BIP340).
If it was guaranteed that there wouldn’t be a reorganization of the block chain, it would be safe to start generating addresses for P2TR as soon as the final pre-taproot block was seen (block 709,631). But there’s reason to be concerned about block chain reorgs—not just accidental reorgs but also those deliberately created to take money from early P2TR payments.
Imagine a large number of people all wanting to be one of the first to receive a P2TR payment. They naively send themselves some money as soon as they see block 709,631.1 Those payments will be secure in block 709,632, but they can be stolen by any miner who creates an alternative to block 709,631. If the value of the money sent to P2TR outputs is large enough, it could easily become more profitable to attempt to mine two blocks instead of just one (see our fee sniping topic for more details).
For this reason, we don’t recommend your software or service generate addresses for P2TR until you think the reorg risk has been effectively eliminated. We think waiting 144 blocks (approximately one day) after activation is a reasonably conservative margin that minimizes risk without significantly delaying you or your users from taking advantage of the benefits of taproot.
- 709,631: last block where anyone can spend money sent to a P2TR-style output
- 709,632: first block where P2TR outputs can only be spent if they satisfy the BIP341 and BIP342rules.
- 709,776: a reasonable block at which wallets can start giving their users bech32m receiving addresses for P2TR outputs
None of the above changes the advice given in the first part of this series to enable paying to bech32m addresses as soon as possible. If someone requests payment to an address for P2TR before you think it’s safe, that’s their risk to take.
Releases and release candidates
New releases and release candidates for popular Bitcoin infrastructure projects. Please consider upgrading to new releases or helping to test release candidates.
- LND 0.13.1-beta is a maintenance release with minor improvements and bug fixes for features introduced in 0.13.0-beta.
- Rust-Lightning 0.0.99 is a release with a few API and configuration changes. See its release notesfor details.
- Eclair 0.6.1 is a new release with performance improvements, a few new features, and several bug fixes. In addition to its release notes, see the descriptions of Eclair #1871 and #1846 in the notable changes section below.
Notable code and documentation changes
Notable changes this week in Bitcoin Core, C-Lightning, Eclair, LND, Rust-Lightning, libsecp256k1, Hardware Wallet Interface (HWI), Rust Bitcoin, BTCPay Server, Bitcoin Improvement Proposals (BIPs), and Lightning BOLTs.
- Bitcoin Core #22112 changes the assumed port for I2P addresses to be 0 instead of 8333 (which is the default for IPv4 and IPv6 addresses), and prevents connections to I2P addresses with ports other than 0. The SAM v3.1 specification (which is supported by Bitcoin Core), does not include the concept of ports. This restriction may be lifted if Bitcoin Core is updated to support SAM v3.2, which does include the concept of ports.
- C-Lightning #4611 updates the plugin-provided keysend RPC to add a routehintsparameter which allows providing information for routing payments to unannounced channels.
- C-Lightning #4646 makes two changes in preparation for removing old behavior. The first change assumes nodes support the TLV-style encoding added in 2019 (see Newsletter #55). Only nodes that explicitly indicate they don’t support TLV encoding will be treated differently. The second change makes payment secrets required (see Newsletter #75 for previous discussion and Newsletter #126 for when LND began requiring it).
- C-Lightning #4614 updates the listchannels RPC with a new optional destinationparameter that can be used to only return channels that lead to the requested node.
- Eclair #1871 changes its SQLite settings to increase by 5x the number of HTLCs it can process per second and also increase its robustness against data loss. Referenced in the PR is a blog postby Joost Jager comparing HTLC throughput in various node software.
- Eclair #1846 adds opt-in support for using an upfront shutdown script—an address the node specifies when negotiating a new channel that the remote peer agrees will be the only address it’ll allow to be used in a later mutual close of the channel. See also Newsletter #76 describing LND’s implementation of this feature.
- Rust-Lightning #975 makes the base payment forwarding fee configurable with a default value of 1 satoshi (the market rate as of July 2021). LN routing nodes can charge two fees to route a payment, a fixed base fee or a percentage of the amount routed; many nodes use both. Previously, Rust-Lightning set the base fee to the estimated fee required to settle the HTLC on-chain, which was much higher than 1 sat.
- BTCPay Server #2462 makes it easier to use BTCPay to track payments made from a separate wallet, such as the case where the operator of an instance wants to pay a refund using their own personal wallet.
- Users who want to receive a P2TR payment in the first taproot block should generate an address they don’t share with anyone and then create a transaction to that address with nLockTime set to 709,631. That transaction can be broadcast as soon as block 709,631 has been received. The nLockTime will ensure the transaction can’t be included into any block before 709,632, where taproot rules are enforced. Messing about with new script types and custom locktimes can be dangerous if you don’t know what you’re doing, so please take care.
Find the original post here.
Please subscribe to the Bitcoin Optech newsletter directly to receive this content straight to your inbox every month.
The views and opinions expressed herein are the views and opinions of the author and do not necessarily reflect those of Nasdaq, Inc.