Why Bitcoin’s about to give up one of its closely guarded secrets


Roll up, roll up for the big reveal – the Bitcoin Core developers are finally set to unveil the not-as-secret-as-it-should-be private key that allows them to send messages to everyone on the entire Bitcoin network.

The long-delayed disclosure is the final nail in the coffin for Bitcoin’s alert system, an unwanted relic from its past that’s been undergoing a slow and careful send off for a couple of years now.

The drum roll was started by Bitcoin Core developer Bryon Bishop who recently tweeted that “It’s time to reveal the bitcoin alert keys”, before telling CoinDesk that he’s thinking of doing it at next week’s Building on Bitcoin conference.

The alert system was created by Satoshi Nakamoto, the software’s pseudonymous creator, to relay important information about Bitcoin to its users.

As the cryptocurrency grew it became clear that the way that access to the alert system was secured – by a shared secret – didn’t scale.

There was only one key, there was no way to identify somebody who used it, and anyone who had it could use it to send an alert – say a social engineering attack – to the entire Bitcoin network.

A 2016 article on bitcoin.org outlines this problem, and the other reasons behind the system’s retirement:

[the use of a shared key] has led to the Alert Key potentially falling into the hands of malicious actors who could use it to disrupt the network. Because there is only one Alert key, it is not possible to prevent former developers from sending an alert nor is it possible to identify who sent an Alert.

The potential for sabotage isn’t the only reason to retire the alert system. An entire ecosystem of software clients and news outlets has evolved since it was created, rendering it redundant.

In addition, the Alert system is primarily Bitcoin Core specific … Something specific for one software should not be imposed on the entire network.

The Alert system has also lost its usefulness. It is no longer necessary to use it to inform users about problematic network events as users can easily get their information from any major Bitcoin news outlet.

Surprisingly then, for a cryptocurrency famed for its bulletproof security, Bitcoin had fallen foul of one of computer security’s most basic tenets: the principle of least privilege.

Over time, as developers joined and left the Bitcoin Core project, the key was shared increasingly widely and each new person entrusted with the key represented another potential weakness.

One such individual was a software developer who worked for Mt. Gox at the time it lost half a billion dollars worth of customers’ cryptomoney, leading Bitcoin core developer Gregory Maxwell to conclude that “there is good reason to believe that the key has been compromised”.

There was another problem too: although some people were known to have the key, nobody knew the full list of people who had access to it.

Bitcoin Core developers worried that this uneven distribution of accountability might lead to unknown key owners using malicious alert system messages to undermine the reputations of the developers who were known to have it.

And that’s why it was decided that sharing the key would be the last act in destroying the alert system – if everyone has access to the key then there’s no exclusive club of key owners with reputations to protect.

Before that could happen though, the alert system had to be stripped from the Bitcoin Core software, which happened with the release of version 0.13.0 in August 2016, and a final message hard-coded into it, which occurred with the release of version 0.14.0 in March 2017.

That wasn’t the end of the alert system though.

A huge amount of cryptocurrency software seems to have been derived from older versions of Bitcoin Core and the alert system needed to be removed from as much of that derivative work as possible too, before the key could be made public safely.

That effort, rather than the kind of drama and intrigue that swirls around the identity of the currency’s creator, seems to be the reason why this terminal act has been delayed so long.