Satoshi Scoop Weekly, 7 Mar 2025

Crypto Insights

New Direction in Bitcoin’s Post-Quantum Security: Favoring a More Conservative Solution

Bitcoin developer Hunter Beast introduced P2QRH (Pay to Quantum Resistant Hash), an output type, in the earlier proposal BIP 360. However, in a recent post, he indicated that BIP 360 is shifting to supporting algorithms like FALCON, which better facilitate signature aggregation, addressing challenges such as DDoS impact and multisig wallet management. He also emphasized the importance of NIST-certified algorithms for FIPS compliance. He proposed an interim solution called P2TRH (Pay to Taproot Hash), which enables Taproot key-path payments to mitigate quantum security risks.

Notably, this new approach is not a fully quantum-safe solution using post-quantum cryptography. Instead, it is a conservative interim measure: delaying key disclosure until the time of spending, potentially reducing the attack surface from indefinitely exposing elliptic curve public keys on-chain.

BIP 3: New Guidelines for Preparing and Submitting BIPs

BIP 3 Updated BIP Process introduces new guidelines for preparing and submitting BIPs, including updated workflows, BIP formatting, and preamble rules. This update has been merged and replaces the previous BIP 2.

Erlay Implementation in Bitcoin Core: Development Update

Erlay is an alternative transaction relay method between nodes in Bitcoin’s P2P network, designed to reduce bandwidth usage when propagating transaction data.

Bitcoin developer sr-gi summarized the progress of Erlay’s implementation in Bitcoin Core in this article, covering Erlay’s overview, the current implementation approach, thought process, and some open questions.

Dynamic Block Size, Hard Forks, and Sustainability: A Treatise on Bitcoin Block Space Economics

Jameson Lopp examines Bitcoin’s block size debate in this article, arguing that while the controversy has subsided over the past seven years, the discussion remains relevant. Key takeaways include:

• Simply asserting that the block size should never increase is "intellectually lazy".

• The core in the block size debate is whether Bitcoin should optimize for low cost of full system validation or low cost of transacting. Bitcoin has chosen the former, so future discussions should focus on maximizing Bitcoin’s user base without disrupting system balance and game theory.

• A dynamic block size adjustment algorithm could be explored, similar to the difficulty adjustment mechanism, where block size adapts over time based on block space usage and the fee market.

• Any block size adjustment proposal should include a long-term activation plan—hard fork activation should be gradual to allow most node operators sufficient time to upgrade, reducing the risk of contentious forks.

• To ensure a sustainable block space market, strategies such as increasing minimum transaction fees or adjusting block space allocation may be necessary—but without inflating the monetary supply.

nAuth: A Decentralized Two Party Authentication and Secure Transmittal Protocol

nAut (or nauth) is a decentralized authentication and document-sharing protocol. By leveraging Nostr’s unique properties, it enables two parties to securely verify identities and exchange documents without relying on a third party—trusted or not.

The motivation behind nAuth is the increasing distrust in intermediaries, which often intercept or reuse user data without consent, sometimes to train AI models or sell to advertisers.

nAuth allows either party to initiate authentication, which is especially useful when one party is device-constrained (e.g., lacks a camera) and unable to scan a QR code or receive an SMS-based authentication.

All Projects Created at Bitcoin++ Hackathon Floripa 2025

The developer-focused conference series Bitcoin++ recently held a hackathon in Florianópolis, Brazil. You can view the 26 projects developed during the event in the project gallery.

Bitkey Introduces Inheritance Feature: Designating Bitcoin Beneficiaries Without Sharing PINs or Seed Phrases

Bitkey has launched an inheritance feature that allows users to designate Bitcoin beneficiaries without risking exposure of PINs or seed phrases during their lifetime or relying on third-party intermediaries.

The feature includes a six-month security period, during which either the user or the designated beneficiary can cancel the inheritance process. After six months, Bitkey will forward the encrypted wrapping key and mobile key to the beneficiary. The beneficiary’s Bitkey app then decrypts the wrapping key using their private key, and subsequently the mobile key. This allows them to co-sign transactions using Bitkey’s servers and transfer the funds to their own Bitkey wallet.

Metamask to Support Solana and Bitcoin

In its announcement titled Reimagining Self-Custody, Metamask revealed plans to support Bitcoin in Q3 of this year, with native Solana support arriving in May.

Key Factors Driving Bitcoin Adoption in 2025

Bitcoin investment platform River has released a report analyzing the key drivers of Bitcoin adoption, Bitcoin protocol evolution, custodial trends, and shifting government policies. Key insights include:

• Network Health: The Bitcoin network has approximately 21,700 reachable nodes, with hash rate growing 55% in 2024 to 800 EH/s.

• A Unique Bull Market: Unlike previous cycles, the current market surge is not fueled by global money supply growth (yet) or individuals, but by ETFs and corporate buyers.

• Ownership Distribution (as of late 2024):

  • Individuals: 69.4%

  • Corporations: 4.4%

  • Funds & ETFs: 6.1%

  • Governments: 1.4%

• Lightning Network Growth: Transaction volume on Lightning increased by 266% in 2024, with fewer transactions overall but significantly higher value per transaction.

• Shifting Government Policies: More nations are recognizing Bitcoin’s role, with some considering it as a strategic reserve asset. Further pro-Bitcoin policies are expected.

The report concludes that Bitcoin adoption is currently at only 3% of its total potential, with institutional and national adoption expected to accelerate in the coming years.

Top Reads Beyond Blockchain

Beyond 51% Attacks: Precisely Characterizing Blockchain Achievable Resilience

For consensus protocols, what exactly constitutes the "attackers with majority network control"? Is it 51%, 33%, or the 99% claimed by the Dolev–Strong protocol? Decades-old research suggests that the exact threshold depends on the reliability of the communication network connecting validators. If the network reliably transmits messages among honest validators within a short timeframe (call this "synchronous"), it can achieve greater resilience than in cases where the network is vulnerable to partitioning or delays ("partially synchronous").

However, this paper argues that this explanation is incomplete—the final outcome also depends on client modeling details. The study first defines who exactly "clients" are—not just validators participating directly in consensus, but also other roles such as wallet operators or chain monitors. Moreover, their behavior significantly impacts consensus results: Are they "always on" or "sleepy", "silent" or "communicating"?

The research systematizes the models for consensus across four dimensions:

• Sleepy vs. always-on clients

• Silent vs. communicating clients

• Sleepy vs. always-on validators

• Synchrony vs. partial-synchrony

Based on this classification, the paper systematically describes the achievable safety and liveness resilience with matching possibilities and impossibilities for each of the sixteen models, leading to new protocol designs and impossibility theorems.

Full paper: Consensus Under Adversary Majority Done Right

The Risks of Expressive Smart Contracts: Lessons from the Latest Ethereum Hack

The Blockstream team highlights in this report that the new Bybit exploit in Ethereum smart contracts has reignited long-standing debates about the security trade-offs built into the Ethereum protocol. This incident has drawn attention to the limitations of the EVM—especially its reliance on complex, stateful smart contracts for securing multisig wallets.

The report examines:

• Systemic challenges in Ethereum’s design: Lack of native multisig, Highly expressive scripting environment, Global key-value store

• Critical weaknesses of Ethereum’s multisig model

• A Cautionary Note for expressive smart contracts

The key takeaway is that the more complex a scripting environment, the easier it is to introduce hidden security vulnerabilities. In contrast, Bitcoin's multisig solution is natively built into the protocol, significantly reducing the risk of severe failures due to coding errors. The report argues that as blockchain technology matures, security must be a design priority, not an afterthought.

GitHub Scam Investigation: Thousands of Mods and Cracks Stealing User Data

Despite GitHub’s anti-malware mechanisms, a significant number of malicious repositories persist. This article investigates the widespread distribution of malware on GitHub, disguised as game mods and cracked software, to steal user data. The stolen data—such as crypto wallet keys, bank account, and social media credentials—is then collected and processed on a Discord server, where hundreds of individuals sift through it for valuable information.

Key findings from the investigation include:

• Distribution method

  The author discovered a detailed tutorial explaining how to create and distribute hundreds of malicious GitHub repositories. These repositories masquerade as popular game mods or cracked versions of software like Adobe Photoshop (see image below). The malware aims to collect user logs, including cookies, passwords, IP addresses, and sensitive files.

• How it works

  A piece of malware called "Redox" runs unnoticed in the background, harvesting sensitive data and sending it to a Discord server. It also terminates certain applications (such as Telegram) to avoid detection and uploads files to anonymous file-sharing services like Anonfiles.

By writing a script, the author identified 1,115 repositories generated using the tutorial and compiled the data into this spreadsheet. Surprisingly, fewer than 10% of these repositories had open user complaints, with the rest appearing normal at first glance.