DEV Community: David Adeyemi

Output Descriptors in Bitcoin, What are they and why do we need them

David Adeyemi — Thu, 28 Mar 2024 14:57:24 +0000

Today we make another attempt to demystify a concept you'll come across when working with Bitcoin wallets, Output Descriptors, also known as Wallet Descriptors. Before we go into defining output descriptors, Let's talk about some concepts that will not only help you understand descriptors but also how the need for them arose.

HIERARCHICAL DETERMINISTIC(HD) WALLETS, DERIVATION PATHS

HD wallets utilize a singular seed to generate a continuous sequence of child keys. This key is known as the root seed. The child keys generated can be used to create multiple child addresses/child wallets linked together in a hierarchical manner i.e. parent key creates a child key. The child key creates it's own child key, a grandchild of the initial Parent key, etc. Each key can also have siblings, creating a tree-like hierarchy. Keys created can be encoded as an address where Bitcoin can be sent to and locked. Wallets that use Mnemonic keys operate on this principle.

While the root key/ root seed serves as the starting point from which all other child keys that hold funds can be generated, it is not the only information required to successfully back up/transfer a Bitcoin wallet/address. It is also important to know the Derivation Path of each key that holds funds in a wallet.

The derivation Path lets your Bitcoin node know the route that was taken when this key was generated. For instance, a seed can have 4 child keys, each child key having 3 child keys. The derivation path of the second grandchild key of the 3rd child key would be written as [2/1]. Key numbering indexes start from 0. keys can have much longer derivation paths, with a key having a derivation path of [1/0/1/4]. Without knowing the derivation Path of your keys, it is possible to lose some coins that are locked in certain paths. Your wallet software would have to result to randomly choosing derivation Paths and eventually giving up after continuous scanning.

Output Descriptors

Ouput Descriptors, As the name implies are actually precise Descriptors of Output scripts. They help to describe how Bitcoin addresses are derived/encoded from certain inputs Depending on the type of address that was created. By reading a descriptor, you can know the type of input that was used to generate an address, the type of address, and it's derivation Path. Output Descriptors provide a human-readable, or rather "Engineer readable" format for reading this info.

Descriptors are visible as fields in several commands such as listunspent and getaddressinfo

Structure of an Output Descriptor

We will examine the structure of an Output Descriptor gotten from calling Bitcoin core's getaddressinfo RPC on a specific address:

$ bitcoin-cli getaddressinfo ms7ruzvL4atCu77n47dStMb3of6iScS8kZ { "address": "ms7ruzvL4atCu77n47dStMb3of6iScS8kZ", "scriptPubKey": "76a9147f437379bcc66c40745edc1891ea6b3830e1975d88ac", "ismine": true, "solvable": true, "desc": "pkh([d6043800/0'/0'/18']03efdee34c0009fd175f3b20b5e5a5517fd5d16746f2e635b44617adafeaebc388)#4ahsl9pk", "iswatchonly": false, "isscript": false, "iswitness": false, "pubkey": "03efdee34c0009fd175f3b20b5e5a5517fd5d16746f2e635b44617adafeaebc388", "iscompressed": true, "ischange": false, "timestamp": 1592335136, "hdkeypath": "m/0'/0'/18'", "hdseedid": "fdea8e2630f00d29a9d6ff2af7bf5b358d061078", "hdmasterfingerprint": "d6043800", "labels": [ "" ] }

The descriptor field is contained above in the desc field. The value of the desc field above is "pkh([d6043800/0'/0'/18']03efdee34c0009fd175f3b20b5e5a5517fd5d16746f2e635b44617adafeaebc388)#4ahsl9pk". Let's look at the breakdown of a descriptor below:

function([derivation-path]key)#checksum

Function: The function is used to create an address from that key. The type of function used determines the type of address that would be created. A legacy P2PKH address would use the pkh function. A P2WSH SegWit address would use wsh and a P2WPKH address would use wpkh.
Derivation Path: This describe what part of an HD wallet is being exported. In this case it's a seed with the fingerprint d6043800 and then the 18th child of the 0th child of the 0th child (0'/0'/18') of that seed. There may also be a further derivation after the key: function([derivation-path]key/more-derivation)#checksum
NB: It's worth noting here that if you ever get a derivation path without a fingerprint, you can make it up. It's just that if there's an existing one, you should match it. This is because if you ever go back to the device that created the fingerprint, you'll need to have the same one.
Key: This refers to the key or set of keys that the descriptor function encodes. Depending on the type of address being created and it's requirement, This could be something traditional like an
extended private key, extended public key or it could just be a public key for an address as in this case, it could be a set of addresses for a multi-signature, or it could be something else. This is the core data: the function explains what to do with it.
Checksum: Descriptors are meant to be human transferrable. This checksum makes sure you got it right, especially in the case where it is being transferred by hand.

CONCLUSION

We have briefly examined what descriptors are and how they fit into the mechanism of HD wallets. Descriptors provide a readable way to describe output scripts. Also they assist HD wallets in recovering wallet keys by providing adequate information about the output script in it's Data.

Block Construction in Bitcoin: How it works

David Adeyemi — Fri, 16 Feb 2024 14:06:25 +0000

Let's talk about how blocks are constructed on the Bitcoin network. In Bitcoin, Blocks serve as a Data structure where valid transactions(Basically confirmed exchange of bitcoin between addresses). These Blocks are "Chained" together using a set of Cryptographic principles that make each block more inseparable from it's direct Subsequent block.

Transactions are added to blocks by miners who compete to solve a Mathematical problem. The miner who is able to solve this Problem earns a reward for solving that problem, firstly from the block reward which is the reward for mining a new block and secondly from the accumulated transaction fees in that block

WHAT MAKES A VALID BLOCK?

When selecting transactions to form a block, Miners select blocks in a way that would result in them having maximum profit. This would mean that transactions with the Highest transaction fees are given priority and transactions with the lowest fees linger and are sometimes never confirmed. These blocks however, have to abide by the Bitcoin Network's consensus rules. Some of the factors considered when constructing a block include:

1. TRANSACTIONS SHOULD NOT EXCEED THE A RECOMMENDED COMBINED WEIGHT OF 4 MILLION.

Transaction Weight is a unit of measurement adopted in Bitoin to measure the amount of space occupied by a single transaction, with the single smallest unit of measurement being referred to as a Weight Unit. Weight units typically have a 4:1 ratio when converting to bytes i.e. 4 weight units = 1 byte. However, this is only the case when dealing with Legacy transactions. Legacy transactions as the name suggests, are the first version of transactions used in Bitcoin and are normal transactions that do not offer any extra features. When dealing with other types of transactions such as Multisig transactions. Weight units to bytes have a 1:1 ratio which means, 1 weight unit = 1 bytes. This means that multisig transactions weigh less, and as such occupy less space.

2.TRANSACTIONS IN A BLOCK MUST NOT OCCUR TWICE

This is perhaps the golden and most obvious rule when including transactions in a block. The same transaction occurring twice would mean that Bitcoin has been double-spent i.e. The same value of currency has been present in a transfer twice. This would annul Bitcoin's validity as a means of exchanging value

3.PARENT TRANSACTIONS MUST APPEAR BEFORE CHILD TRANSACTIONS

The terms Parent and Child transactions came to be in Bitcoin as a result of a Fee bumping Method known as Child Pays For Parent (CPFP). This Method is useful in helping to confirm transactions that were broadcast with a low fee and as such are not likely to be confirmed due to their low incentive for miners.
Child Pays For Parent (CPFP) can be explained as follows with a simple analogy; I'm shopping on AliExpress and I buy cheap s from a smartwatch from a particular vendor, one that has a free shipping tag attached. This item would normally take a while to deliver because well, it's free and as such wouldn't take priority. I now buy a really expensive item say, A gaming rig that has paid delivery. I then contacted the seller of the item and instructed him to ship my cheap necklace to my second order, the one with paid delivery which would be delivered in normal time. This is a typical example of what happens in Child Pays For Parent (CPFP), where a second transaction is broadcasted referencing one of the inputs of the previously broadcasted transactions with a low fee. This would incentivize the miner to confirm the transaction with a low fee that would have otherwise been left hanging in order the confirm the transaction with a high fee

CONCLUSION

Block construction is an integral step in the working flow of the Bitcoin network and as such, Will likely not require you to write custom code as most mining software have already implemented this. However, hopefully this article helps you understand how the selection process occurred, the factors considered and the reason(s) behind it's mode of operation

Building Secure Bitcoin Applications with JavaScript Libraries; Dependency Management

David Adeyemi — Fri, 02 Feb 2024 08:49:12 +0000

Bitcoin, the pioneering cryptocurrency, is a decentralized and open-source digital currency that fundamentally reshapes traditional notions of finance. At its core, Bitcoin operates without a central authority, relying on a distributed network of nodes to validate and record transactions securely. It's development ecosystem is no different, also decentralized in it's management structure. As such, there are a handful of versions of the technology being built with various technologies and programming languages. JavaScript, the powerhouse of the Web, is one of them.

Libraries built-in JavaScript are usually uploaded on the NPM registry as packages, a centralized repository that hosts and manages JavaScript packages and modules. This registry is open source, and as such anyone can create and upload a JavaScript Package. This leaves little room for regulation against malware/ faulty code being bundled/disguised as a harmless package and uploaded onto the registry for public use. An example of such a case would be the recent event-stream incident, where malware was listed as a dependency to another popular npm package, event-stream. In Developing Bitcoin applications, It is very important to verify the suitability and authenticity of the dependency to ensure that the core security principles upon which the technology hinges, some of which include decentralization and privacy are not jeopardized by these packages or their dependencies

Dependency Management Practices

These are some steps one can take toward effective dependency management in building Bitcoin applications. We look at them in this section. Some of the them include:

1. Inspect Package Documentation/ Code

A quick browse through the package documentation can give you a general idea of the idea behind the package implementation and some of it's core features as well as it's dependencies. This is strongly encouraged in the community as it promotes the spirit of open source collaboration

2. Avoid using random, unpopular packages when necessary.

Simply put, a package with few regular users/downloads, has fewer sets of eyes on it, and less community adoption. And as such the likelihood of a malicious user sneaking malicious code into said package is higher. While this is not a determining factor in ascertaining the safety of a package, it is one of the factors to consider.

3. Audit Packages Regularly:

Auditing Packages is one step that can be taken toward detecting vulnerabilities in the packages used in your Bitcoin application. Audits are an inbuilt feature in npm, which can be triggered using npm audit. This scans all the packages listed in your entire package.json file and lists out the potential breaking changes, and vulnerabilities in your dependencies that may be a threat to your user's security. audit can be further supplemented with a fix command, triggered by adding a fix prefix to npm audit like so; npm audit fix.

4. Using a .npmrc file

Adding this file to the root of your project folder can help limit the access of third-party packages.

5. Using vulnerability scanners

Using Vulnerability scanners such as Synk can help detect vulnerabilities in your dependencies. Synk offers free support for individual projects and can be setup by installing Synk globally on your computer using the command npm install -g synk and triggered using the test command i.e sync test from your project folder

CONCLUSION

In the realm of Software engineering, It would be erroneous to say that your system, software or application is completely secure. With that said, The above practice, procedures do not completely guarantee you complete security against bad/malicious dependency packages. However, If applied properly they could help prevent a myraid of security problems and protect your user's funds/data

DEV Community: David Adeyemi

Output Descriptors in Bitcoin, What are they and why do we need them

HIERARCHICAL DETERMINISTIC(HD) WALLETS, DERIVATION PATHS

Output Descriptors

Structure of an Output Descriptor

CONCLUSION

Related Links

Block Construction in Bitcoin: How it works

WHAT MAKES A VALID BLOCK?

1. TRANSACTIONS SHOULD NOT EXCEED THE A RECOMMENDED COMBINED WEIGHT OF 4 MILLION.

2.TRANSACTIONS IN A BLOCK MUST NOT OCCUR TWICE

3.PARENT TRANSACTIONS MUST APPEAR BEFORE CHILD TRANSACTIONS

CONCLUSION

Building Secure Bitcoin Applications with JavaScript Libraries; Dependency Management

Dependency Management Practices

1. Inspect Package Documentation/ Code

2. Avoid using random, unpopular packages when necessary.

3. Audit Packages Regularly:

4. Using a .npmrc file

5. Using vulnerability scanners

CONCLUSION