Introducing TxTenna: Decentralizing the Last Mile in Bitcoin
We are excited to announce the forthcoming release of the TxTenna app, a collaboration between Samourai Wallet and goTenna. To appreciate the significance of this release, it helps to understand what is at stake in decentralizing the communication layer. IMMUTABILITY, SECURITY & RESILIENCE Decentralized, trustless, public ledgers (like bitcoin and other blockchains) are powerful to […]
We are excited to announce the forthcoming release of the TxTenna app, a collaboration between Samourai Wallet and goTenna. To appreciate the significance of this release, it helps to understand what is at stake in decentralizing the communication layer.
IMMUTABILITY, SECURITY & RESILIENCE
Decentralized, trustless, public ledgers (like bitcoin and other blockchains) are powerful to the extent they are resilient. Since it launched in 2009, bitcoin has operated with 99.992266446 percent uptime. It has been continuously available for users to record new transactions or validate previous ones, and has remained immutable during that time.
Bitcoin’s public ledger records transactions. If account A transfers 0.1 bitcoin to account B, it goes on the ledger. After about an hour or so, there is no way for A, B, or anyone else to remove that transaction from the ledger. The ledger becomes “immutable”, and the transactions on it are part of a public blockchain forever. The blockchain is replicated on thousands of machines worldwide, and continuously reverified every time a new system joins the network and computes the state of transactions at that time.
Maintaining a decentralized, immutable ledger of transactions is not easy, especially in the face of threats up to and including sovereign-level attacks. A centralized entity like Visa, for instance, has huge teams of engineers to design and protect the computer systems that keep track of their customers’ credit card purchases. The bitcoin protocol on the other hand is implemented by multiple open-source software projects, and developed by a community of mostly unaffiliated developers. All over the world, bitcoin users deploy this software using different levels of system security to keep their computers safe.
If we expect people to rely on bitcoin or any other decentralized financial system, we must make sure the local communications networks are as resilient as possible.”
If a hacker were to get past Visa’s security systems they could in theory erase or change transactions. To date there have been no widely-known database hacks at Visa itself. If the company’s databases were to be compromised, the only party who would likely know (besides the hackers) would be Visa itself. Visa would have a very strong incentive to keep the news confidential, quietly correct the entries, and write off any losses.
In the case of bitcoin, all settled transactions are visible and malicious changes — often referred to simply as “double spends” — would be immediately visible to everyone in the world.
Another difference: credit card charges are reversible, bitcoin transactions are immutable. Visa cardholders can petition the company or appeal to the legal system to reverse a charge on their credit card bill. This is a customer-protection feature that most credit cards offer, but it makes the system as a whole vulnerable payment fraud, and damages its overall resilience.
Bitcoin defines an “attack” as any attempt to compromise the central function of a public ledger, which is the immutable public record of settled transactions. It makes no difference how wealthy, well-connected, or powerful a disputant may be — once the exchange is recorded on the blockchain’s public ledger, it is permanent. This is why people say bitcoin is resilient even to attacks by nation-states.
UPTIME
From an uptime standpoint, another remarkably resilient system is BitTorrent. This network is used for file sharing and downloading, and although its users routinely run afoul of intellectual property laws (occasionally incurring fines and other penalties), the system as a whole has operated without interruption since 2001.
Despite 17 years of uptime overall, however, BitTorrent has suffered from local attacks against its users. Hollywood studios and their proxies have continuously attacked BitTorrent, using court orders enforced by internet service providers (ISPs) to block the websites hosting BitTorrent trackers. ISPs with media properties have also attempted to make the BitTorrent protocol unusable by throttling (reducing) users’ internet speeds when they torrent. These attacks do not cripple the system globally, but they do affect users in the specific areas where these blocks or throttling are effective.
CENTRALIZATION AND ITS DISCONTENTS
It is clear from a global perspective that bitcoin has been a remarkable success. The bitcoin network has over 10,000 nodes worldwide. Its consensus protocol incentivizes decentralization, ensuring the network is robust against a wide range of threats.
But for users within localized areas, highly centralized communication networks remain a potential point of failure and a vector for attacks. Just as BitTorrent users have had their sites blocked or their speeds throttled, bitcoin users could come under similar attack. If a country outlawed bitcoin and forbade its citizens from using it, local ISPs could block network nodes locally (even if the global system continues to function).
ISPs can monitor the activity of their users and pass that information to governments and private firms, who might use it to harass identified bitcoin users. This is not as far-fetched as it may seem; there are documented cases of private law firms targeting BitTorrent users on the basis of information provided by ISPs, seeking “settlement fees” for alleged copyright violations.
A similar dynamic is already starting to play out in the world of bitcoin. The IRS has requested information from Coinbase, the centralized bitcoin exchange, and we know from Edward Snowden’s leaks that the NSA uses data from ISPs to collect information about bitcoin users.
Bitcoin users with access to only compromised ISPs face more esoteric threats. JW Weatherman describes these threats in his excellent treatise “Bitcoin Threat Model”:
2.4.4. An attacker could deceive a Bitcoin node into thinking a transaction did or did not get confirmed.
2.4.5 An attacker could deceive a Bitcoin partial node (SPV client) into thinking a transaction did or did not get confirmed by the Bitcoin network.
Alternate ISP connections reduce both threats. If information comes from different ISPs, it is more likely a user can detect if one ISP is providing false information about transactions. Mechanisms that make it difficult for attackers to target specific users can also help in a similar way. If many users are attacked simultaneously, it is more likely someone will notice false transactions and alert others.
If we expect people to rely on bitcoin or any other decentralized financial system, we must make sure the local communications networks (mobile carriers, wired ISPs and the internet hubs that route traffic between cities and countries, etc.) are as resilient as possible. More resilient communication networks are those that include many alternatives and can include less common channels like satellites, pager networks, amateur radio repeaters and private microwave connections.
Currently the bitcoin peer-to-peer network relies heavily on ISPs for internet connectivity. A few large corporations run these services; many of them are regional or national monopolies. These companies have a track record of putting commercial interests before net neutrality, as they did in 2007/2008 for example, when Comcast secretly throttled BitTorrent traffic.
These systems are centralized, making them fragile during natural and manmade disasters. Two months after Hurricane Maria hit Puerto Rico in 2017, 50 percent of the island’s cell sites remained out of service. A major earthquake would likely cause significant disruption to the communication infrastructure of any large city, such as what happened during the Indian Ocean Earthquake and Tsunami of 2004.
If disasters such as these were to damage cell phone towers and switching stations, mobile and local internet would no longer function, and blockchain transactions could not be confirmed. This would cripple any economy that relies on existing cryptocurrencies, as merchants would be unable to detect if the funds had already been spent (double-spend attack). This problem is even more pronounced in cases of manmade disasters, where infrastructure destruction is likely to be even more extensive and prolonged.
WHAT IF WE DECENTRALIZED THE COMMUNICATION LAYER?
Using bitcoin or other decentralized public ledger payment systems to provide direct financial aid may have advantages in these situations, but if these payment systems rely on a functioning centralized communication network their applicability will be limited. It is clear that the communication layer itself must become more resilient. This is no small task.
Last year Blockstream took the first step to decentralize the bitcoin network by starting satellite-based transaction broadcasts. This helps decentralize transaction verification but does not answer the question of how users can get their transactions to the bitcoin network in the first place. Nick Szabo and Elaine Ou proposed transmitting transactions using shortwave radio to route around censorship, however this project is still in the prototype phase and it is not currently a consumer-friendly solution.
We at goTenna have been working on our own contributions to solving this problem. Late last year we began talks with the team at Samourai Wallet about including goTenna in their MuleTools initiative. The Samourai Wallet team are leaders in building advanced mobile bitcoin wallets. Inspired by Blockstream’s satellite, their open-source MuleTools initiative encourages more alternative transaction broadcast methods.
We suggested using the free goTenna SDK to build an app for broadcasting offline bitcoin transactions via goTenna Mesh devices. Today we are pleased to announce that the Samourai team took our suggestion, and went well beyond our expectations! The result is the TxTenna app.
A transaction using the TxTenna app works as follows: Using the Samourai Wallet app the user creates a standard bitcoin transaction and signs it. This is possible while offline and without wifi or mobile access.The Samourai Wallet app then passes the offline transaction to the TxTenna App and TxTenna broadcasts it to nearby mesh nodes via a paired goTenna mesh device. Other goTenna devices in the area relay the transaction until an internet connected goTenna node also running TxTenna receives it and forwards it to the Bitcoin network.
There are many advantages to this system. The goTenna Mesh is simple, affordable, secure, and produces a remarkably resilient mesh network. Simulations show fewer than 25 randomly placed nodes in a 3 x 3 mile area are enough to create a well connected goTenna network. Other mobile mesh technologies require hundred of nodes to achieve similar coverage. (You can read more about this in our whitepaper on range and connectivity.)
Together with the Samourai team, we are enabling an alternative physical communication layer for bitcoin. The result will be a more resilient, censorship resistant and decentralized network. Make sure to follow Samourai and goTenna for updates and information about how to download TxTenna later this year.
We are excited to announce the forthcoming release of the TxTenna app, a collaboration between Samourai Wallet and goTenna. To appreciate the significance of this release, it helps to understand what is at stake in decentralizing the communication layer.
IMMUTABILITY, SECURITY & RESILIENCE
Decentralized, trustless, public ledgers (like bitcoin and other blockchains) are powerful to the extent they are resilient. Since it launched in 2009, bitcoin has operated with 99.992266446 percent uptime. It has been continuously available for users to record new transactions or validate previous ones.
Bitcoin’s public ledger records transactions. If account A transfers 0.1 bitcoin to account B, it goes on the ledger. After about an hour or so, there is no way for A, B, or anyone else to remove that transaction from the ledger. The ledger becomes “immutable”, and the transactions on it are part of a public blockchain forever. The blockchain is replicated on thousands of machines worldwide, and continuously reverified every time a new system joins the network and computes the state of transactions at that time.
Maintaining a decentralized, immutable ledger of transactions is not easy, especially in the face of threats up to and including sovereign-level attacks. A centralized entity like Visa, for instance, has huge teams of engineers to design and protect the computer systems that keep track of their customers’ credit card purchases. The bitcoin protocol on the other hand is implemented by multiple open-source software projects, and developed by a community of mostly unaffiliated developers. All over the world, bitcoin users deploy this software using different levels of system security to keep their computers safe.
If we expect people to rely on bitcoin or any other decentralized financial system, we must make sure the local communications networks are as resilient as possible.”
If a hacker were to get past Visa’s security systems they could in theory erase or change transactions. To date there have been no widely-known database hacks at Visa itself, but if the company’s databases were to be compromised, the only party who would likely know (besides the hackers) would be Visa itself. Visa would have a very strong incentive to keep the news confidential, quietly correct the entries, and write off any losses.
In the case of bitcoin, all settled transactions are visible and malicious changes — often referred to simply as “double spends” — would be immediately visible to everyone in the world, should they occur.
Another difference: credit card charges are reversible, bitcoin transactions are immutable. Visa cardholders can petition the company or appeal to the legal system to reverse a charge on their credit card bill. This is a customer-protection feature that most credit cards offer, but it makes the system as a whole vulnerable payment fraud, and damages its overall resilience.
Bitcoin defines an “attack” as any attempt to compromise the central function of a public ledger, which is the immutable public record of settled transactions. It makes no difference how wealthy, well-connected, or powerful a disputant may be — once the exchange is recorded on the blockchain’s public ledger, it is permanent. This is why people say bitcoin is resilient even to attacks by nation-states.
UPTIME
From an uptime standpoint, another remarkably resilient system is BitTorrent. This network is used for file sharing and downloading, and although its users routinely run afoul of intellectual property laws (occasionally incurring fines and other penalties), the system as a whole has operated without interruption since 2001.
But despite 17 years of uptime overall, BitTorrent has suffered from local attacks against its users. Hollywood studios and their proxies have continuously attacked BitTorrent, using court orders enforced by internet service providers (ISPs) to block the websites hosting BitTorrent trackers. ISPs with media properties have also attempted to make the BitTorrent protocol unusable by throttling (reducing) users’ internet speeds when they torrent. These attacks do not cripple the system globally, but they do affect users in the specific areas where these blocks or throttling are effective.
CENTRALIZATION AND ITS DISCONTENTS
It is clear from a global perspective that bitcoin has been a remarkable success. The bitcoin network has over 10,000 nodes worldwide. Its consensus protocol incentivizes decentralization, ensuring the network is robust against a wide range of threats.
But for users within localized areas, highly centralized communication networks remain a potential point of failure and a vector for attacks. Just as BitTorrent users have had their sites blocked or their speeds throttled, bitcoin users could come under similar attack. If a country outlawed bitcoin and forbade its citizens from using it, local ISPs could block network nodes locally (even if the global system continues to function).
ISPs can monitor the activity of their users and pass that information to governments and private firms, who might use it to harass identified bitcoin users. This is not as far-fetched as it may seem; there are documented cases of private law firms targeting BitTorrent users on the basis of information provided by ISPs, seeking “settlement fees” for alleged copyright violations.
A similar dynamic is already starting to play out in the world of bitcoin. The IRS has requested information from Coinbase, the centralized bitcoin exchange, and we know from Edward Snowden’s leaks that the NSA uses data from ISPs to collect information about bitcoin users.
Bitcoin users with access to only compromised ISPs face more esoteric threats. JW Weatherman describes some of these in his excellent treatise “Bitcoin Threat Model”:
2.4.4. An attacker could deceive a Bitcoin node into thinking a transaction did or did not get confirmed.
2.4.5 An attacker could deceive a Bitcoin partial node (SPV client) into thinking a transaction did or did not get confirmed by the Bitcoin network.
Alternate ISP connections reduce both threats. If information comes from different ISPs, it is more likely a user can detect whether one ISP is providing false information about transactions. Mechanisms that make it difficult for attackers to target specific users can also help in a similar way. If many users are attacked simultaneously, it’s more likely someone will notice false transactions and alert others.
If we expect people to rely on bitcoin or any other decentralized financial system, we must make sure the local communications networks (mobile carriers, wired ISPs and the internet hubs that route traffic between cities and countries, etc.) are as resilient as possible. More resilient communications networks are those with many alternatives, and can include less common channels like satellites, pager networks, amateur radio repeaters and private microwave connections.
Currently the bitcoin peer-to-peer network relies heavily on ISPs for internet connectivity. A few large corporations run these services, many of which are regional or national monopolies. These companies have a track record of putting commercial interests above net neutrality, as they did in 2007/2008 for example, when Comcast secretly throttled BitTorrent traffic.
These systems are centralized, making them fragile during natural and manmade disasters. Two months after Hurricane Maria hit Puerto Rico in 2017, 50 percent of the island’s cell sites remained out of service. A major earthquake would likely cause significant disruption to the communication infrastructure of any large city, as happened during the Indian Ocean Earthquake and Tsunami of 2004.
If disasters such as these were to damage cell phone towers and switching stations, mobile and local internet would no longer function, and blockchain transactions could not be confirmed. This would cripple any economy that relies on existing cryptocurrencies, as merchants would be unable to detect if the funds had already been spent (double-spend attack). This problem is even more pronounced in cases of manmade disasters, where infrastructure destruction is likely to be even more extensive and prolonged.
WHAT IF WE DECENTRALIZED THE COMMUNICATION LAYER?
Using bitcoin or other decentralized public ledger payment systems to provide direct financial aid may have advantages in these situations, but if these payment systems rely on a functioning centralized communication network their applicability will be limited. It is clear that the communication layer itself must become more resilient. This is no small task.
Last year Blockstream took the first step to decentralize the bitcoin network by starting satellite-based transaction broadcasts. This helps decentralize transaction verification but does not answer the question of how users can get their transactions to the bitcoin network in the first place. Nick Szabo and Elaine Ou proposed transmitting transactions using shortwave radio to route around censorship, however this project is still in the prototype phase and it is not currently a consumer-friendly solution.
At goTenna we have been working on our own contributions to solving this problem. Late last year we began talks with the team at Samourai Wallet about including goTenna in their MuleTools initiative. The Samourai Wallet team are leaders in building advanced mobile bitcoin wallets. Inspired by Blockstream’s satellite, their open-source MuleTools initiative encourages more alternative transaction broadcast methods.
We suggested using the free goTenna SDK to build an app for broadcasting offline bitcoin transactions via goTenna Mesh devices. Today we are pleased to announce that the Samourai team took our suggestion, and went well beyond our expectations! The result is the TxTenna app.
A transaction using the TxTenna app works as follows: Using the Samourai Wallet app the user creates a standard bitcoin transaction and signs it. This is possible while offline and without wifi or mobile access.The Samourai Wallet app then passes the offline transaction to the TxTenna App and TxTenna broadcasts it to nearby mesh nodes via a paired goTenna mesh device. Other goTenna devices in the area relay the transaction until an internet connected goTenna node also running TxTenna receives it and forwards it to the Bitcoin network.
There are many advantages to this system. The goTenna Mesh is simple, affordable, secure, and produces a remarkably resilient mesh network. Simulations show fewer than 25 randomly placed nodes in a 3 x 3 mile area are enough to create a well connected goTenna network. Other mobile mesh technologies require hundred of nodes to achieve similar coverage. (You can read more about this in our whitepaper on range and connectivity.)
Together with the Samourai team, we are enabling an alternative physical communication layer for bitcoin. The result will be a more resilient, censorship-resistant and decentralized network. Make sure to follow Samourai and goTenna for updates and information about how to download TxTenna later this year.
Comments