On the 21st of last month, Bitcoin Core developer Bryan Bishop tweeted that he was considering unveiling the alert key that was entrusted to several developers before the departure of Satoshi Nakamoto in early July.
As promised, at the beginning of July, Bryan Bishop posted the longtime secret on the bitcoin-dev mailing list and set off a hot discussion among members of the Bitcoin community. Of course, this string of characters does not warrant much discussion, developers are more concerned about the security issues behind the key.
Designed to protect the network, but it is a security risk
The so-called alarm key is actually a switch that activates the “alarm system” in the Bitcoin protocol. The holder can send a security alarm to all the running nodes in the network, which provides reminders about important information. However, contrary to the original intention of Nakamoto, this security alarm has become a security risk in the network.
From the article published by achow101 on Github, the alarm system supports multiple messages to be continuously pushed, and the information sent at the same time is displayed on the GUI interface and saved to the Map library. However, there is no limit to the size of the Map library. Once, the key falls into the hands of a malicious person, he can send a massive alarm message to the node to initiate a DoS attack.
Not only that, attackers can also use this feature to send fake or irrelevant messages, causing unnecessary panic and trouble in the community. In fact, this has occured before. In 2016, Litecoin, which also has an alarm system, had a newly updated version of its alert reminder function, but it was pushed to the client of all the nodes of its cottage currency Feathercoin for unknown reasons. Although the incident did not have much impact on Feathercoin, Bitshop believes that it is possible to send an alert message in a blockchain based on the same alarm system, which “sounds dangerous”.
Bitcoin has already ruled out hidden dangers, lazy people will suffer
Bitcoin developers who have long recognized these problems have turned off the alert reminder function when the Bitcoin Core 0.12.1 release was unveiled on 15 April, 2016. In the subsequent 0.13.0 version, the relevant code was completely removed.
In March of the same year, developers went a step further and hardcoded the ultimate alert in Bitcoin Core 0.14.0, and made it unreachable from other messages; this ensures that operators with non-upgraded nodes can see the alert that says, “alarm system has been corrupted”.
But, after everything was ready, Bitcoin Core did not disclose the key to the alert system as promised. Due to the fact that some nodes had yet to upgrade to the new version of the client, there was still the risk of being attacked; and the security issue of the large-capacity bitcoin “Altcoin” that emerged earlier is equally worrying.
Specifically, for these digital currencies that almost completely utilise the bitcoin source code; if the alarm system is not removed, or users do not change the alert key (public key), and they are too lazy to send the final reminder message; then once the key is released, anyone can start the alert systems of these networks and launch a DoS attack on them.
Reject being the scapegoat and officially announce the key
Faced with this situation, one of the Core members, Greg Maxwell, replied that they would take the time to search for other cryptocurrencies that are still using the alert system and urge them to remove the code. According to a recent survey by Pavol Rusnak, the chief technology officer of SatoshiLabs, there is currently a copy of the Fargocoin (current market value ranking 1471) in the Github code base.
The potential risk of the project is low, and the Bitcoin client that supports the 0.12 version is also close to disappearing, while the proportion of users currently staying in the older version of the client is less than 3%. To this end, Bishop believes that the Bitcoin alert system has been “completely retired”, and now the announcement of the key brings no repercussions, and it is also good for network security.
In addition to cybersecurity issues, the disclosure of this key is also a relief for Core developers, because they no longer have to explain to people who require adjustments to transaction costs, mining difficulties and more. It does not modify the function of the network rules; it is not considered to be the primary suspect when the network has an alarm system attack.