Published on: 2019-12-10T06:36:20+00:00
Pieter, in a detailed analysis, has examined the detection abilities of Bech32, a type of address format used in cryptocurrencies. He found that the only deviation from the expected failure to detect errors occurs when a 'q' is inserted or deleted right before a final 'p'. This specific issue can be resolved by changing one constant in Bech32 without affecting its ability to detect other types of errors.To address this insertion weakness, Pieter suggests making several changes. Firstly, he recommends adding an erratum section to BIP173, which is the Bitcoin Improvement Proposal for Bech32 addresses, to document the issue and its analysis. This would help raise awareness and provide guidance on how to handle this weakness.Secondly, Pieter proposes amending SegWit addresses, which are a type of address format used in Bitcoin, to restrict them to only length 20 or 32. By doing so, the addresses will become fixed-length strings and will be unaffected by the insertion issue. This change would enhance the security and reliability of SegWit addresses.In addition, Pieter suggests defining a variant of Bech32 with the modified constant. This would allow non-BIP173 uses of Bech32 to choose a version that is not impacted by this particular class of errors. It provides flexibility for those who are concerned about the insertion weakness but still want to use Bech32 for their applications.Furthermore, Pieter highlights the importance of defining two variants of checksum for readers of Bech32-based formats. Both variants should be supported to ensure compatibility. The current Bech32 checksum should be flagged or signaled with a deprecation warning if detected, and at some point in the future, support for the current checksum should be dropped. These measures would help transition smoothly to the modified Bech32 variant.Lastly, Pieter suggests that using the modified Bech32 variant should only be implemented if there is a need for non-32-byte witness programs for a particular non-zero SegWit version. This ensures that the modified variant is used appropriately and only when necessary.Pieter believes that implementing these changes will have minimal impact on production systems, as many wallets already do not accept unknown witness versions in outputs. He also mentions that it gives us probably years to adapt to the updated address scheme. Overall, these proposed steps aim to address the insertion weakness issue in BIP173 and SegWit addresses, enhancing the security and reliability of Bech32-based formats.
Updated on: 2023-08-02T01:42:19.625908+00:00