A long-held bitcoin secret is about to come to light. It’s a private key the cryptocurrency’s creator entrusted to several bitcoin developers that activates the protocol’s so-called “alert system,” once used to flash a text warning to those running the software in case something happened that could impact the security of their funds.
If you didn’t know bitcoin had a warning system like this, that’s because it was retired in 2016 due to security concerns and frequent confusion about its use.
“The alert system was a frequent source of misunderstanding about the security model and ‘effective governance,'” well-known Bitcoin Core contributor Greg Maxwell wrote in a public email from September 2016.
In short, some in the bitcoin community thought it could be used to change that network rules that unite users, which isn’t really the case. For example, a BitcoinJ developer once wanted to use the key to control fees, while a Bloq staffer pressed for Bitcoin Core developers to use the key to change the network’s mining difficulty.
Plus, developers were worried that if the wrong person got ahold of the key, they could broadcast false messages or potentially cause panic.
As such, to some, the reveal – being undertaken by Bitcoin Core contributor Bryan Bishop – is a long time coming.
“Folks, it’s going to be an interesting show,” Bishop tweeted, followed by a string of tweets cryptographically proving he’s in possession of the secret key, without fully revealing it quite yet.
The reveal is the final step to destroying the system. After Bitcoin Core developers released new code in 2016 without the alert system, in January 2017, a “final alert message” was broadcast, which – by law of the code – made that message unable to be overridden by any other messages in the future.
Still, the private key needs to be displayed publicly so there’s no possibility of reputation attacks against those developers that hold it.
Bishop told he plans to release it soon, though he’s not sure about the exact date, adding:
“It’s time. I’m thinking about releasing the private key early July at Building on Bitcoin, though it’s not finalized yet.”
Still, it isn’t as easy as it sounds.
Revealing the key is potentially dangerous for any cryptocurrencies that used an older version of bitcoin’s code to create their cryptocurrency and have not disabled the alert key mechanism in their own code.
“If the copycats have not disabled the alert system, nor changed the alert key [public key], and if they have not sent what’s known as a final alert message, then once the [bitcoin] keys are released, anyone will be able to send alerts on those [other] networks,” Bishop told .
It’s happened before actually. Litecoin creator Charlie Lee recounted on Twitter just last week how the lesser-known Feathercoin protocol (which copied litecoin’s code) received litecoin’s alert about upgrading to the latest litecoin client.
And while that isn’t a particularly nefarious example, Bishop said, controlling what alert messages are sent on various networks “sounds dangerous.”
As such, in Maxwell’s 2016 email, he said he had spent and would continue spending some time searching through other cryptocurrency codebases. If they were found to contain the alert key code from bitcoin, he vowed to notify those projects to remove that code.
“At some point after that, I would then plan to disclose this private key in public, eliminating any further potential of reputation attacks and diminishing the risk of misunderstanding the key as some special trusted source of authority.”
On the Table
But, two years later, neither Maxwell – nor any other Bitcoin Core developer – has revealed the key.
“It’s something we have wanted to release for a few years. Nobody took any action, though,” Bishop said.
But by now, the projects susceptible to this vulnerability have had time to remove the code and upgrade. Although, some of those projects might not have developers anymore, even though users and still trading and using the cryptocurrencies, which could mean there’s been no update.
That said, Bishop’s giving these projects one last chance by sending messages on Twitter and through other channels.
Adding pressure that could prioritize the reveal, though, is that Bishop and others are worried about attacks on their reputation. For instance, if the private key was compromised and used to sign a message with bad intentions, it could be blamed on one of the Bitcoin Core developers who’s known to have the key.
“Nobody knows the full list of people that have access to the private key. A message could be signed by the private key, and the secrecy is a liability because some of the people who have the key are known in public to have the key,” Bishop said, pointing to the fact that those with the key that are unknown could blame people who are known to hold the key for nefarious messages.
Bishop recently used the alert key (without revealing it) to sign a simple text message that he then tweeted out, displaying how it could be used to trick users or cause confusion within the community.
Plus, he told , there are other long-standing vulnerabilities within the alert key setup that he plans to disclose when he reveals the key to the public.
As such, Bishop concluded:
“It would be better if the key was released.”