Satoshi Scoop Weekly, 2 May 2025

Crypto Insights

secp256k1lab: An Insecure Python Library That Makes Bitcoin Safer

Some Bitcoin developers have long believed in the need for a unified, reusable cryptographic BIP reference standard for secp256k1. Blockstream Research has released secp256k1lab — an intentionally insecure new Python library designed for prototyping, experimentation, and BIP specifications.

This library is NOT intended for production use (it lacks constant-time protections and is thus vulnerable to side-channel attacks). However, it fills a gap by providing a clean and consistent reference implementation of secp256k1 functionality, including BIP-340 style Schnorr signatures, ECDH, and low-level field/group operations. Its goal: to make future BIP authoring simpler and more secure by avoiding redundant, one-off implementations. For BIP authors, this means less custom code, fewer specification bugs, and a clearer path from prototype to proposal.

Block-Based Time-Based One-Time Passwords for Secure Passphrase Validation in Bitcoin Wallets

This article introduces a method for passphrase validation and Bitcoin software wallet access control using a block-based time-based one-time password (TOTP) system.

Unlike traditional TOTP systems, this method uses blockchain data — specifically Bitcoin block height and block hash — combined with securely stored cryptographic secrets to generate a 6-digit dynamic verification code with the following security properties:

• Two-Factor Protection: Combines device possession and blockchain-derived time-based data.

• Replay Resistance: Codes change with every block (~10-min cycle).

• Minimal Attack Surface: Passphrase never typed or copied.

• Hardware-Backed Secrets: Mobile app secret stored in non-exportable secure hardware.

Bitcoin Feature Matrix: Tracking Interoperability of Bitcoin Products/Services

You can use this page on Bitcoin Opentech to track interoperability among Bitcoin products and services.

Tracking Bitcoin Soft Fork Proposals in One Place

bitcoin.softforks.org aggregates various Bitcoin soft fork proposals, including components, implementation primitives, use cases, and users.

Ethereum Community Explores Replacing EVM with RISC-V — Spotlight on CKB-VM Experience

Vitalik recently proposed the idea of replacing the EVM with RISC-V on the Ethereum forum, citing the design of CKB-VM as a reference. This has sparked active discussion in both communities around RISC-V as a technical direction. As the conversation deepens, the original design decisions behind CKB-VM have resurfaced, drawing renewed interest and encouraging more developers to study its architecture and lessons.

CKB is the Layer 1 blockchain of the Nervos Network. Its smart contract model, called the Cell model, is inspired by Bitcoin’s UTXO system. It uses the RISC-V–based CKB-VM to enable efficient and multi-language smart contract execution. Find more details in:

• An Introduction to CKB VM

• A Blockchain VM Built on RISC-V (The Birth of CKB-VM Part 1)

• CKB-VM: Its Inspiration, Design, and Strengths (The Birth of CKB-VM, Part 2)

• How to Have Fun with CKB-VM (The Birth of CKB-VM, Part 3)

Integrating Taproot Assets into Ark

Ark Labs shared their proof-of-concept of integrating Taproot Assets into the off-chain batching layer of Ark. They introduced tVTXOs (tokenized Virtual Transaction Outputs) — virtual outputs that embed Taproot Asset commitments.

tVTXOs behave like regular VTXOs, spendable off-chain and pre-signable for unilateral exits, but with two additional features:

• Asset Commitments: Embedded in PkScript using Taproot’s internal key and TapTree structure.

• Transfer Proof Files: A cryptographically linked, deterministic chain of off-chain proofs tracking asset inclusion. These can be activated via on-chain metadata to exit the Taproot Asset ecosystem.

Erk: An Ark Protocol Upgrade Removing User Round Interactions

Erk is a novel variant of the Ark protocol that introduces refund transactions with rebindable signatures. This allows users to pre-sign outputs that the server can safely refresh without needing the user to be online for each round — addressing one of Ark’s limitations.

Another feature of Erk is “perpetual offline refresh” — users can bulk pre-sign future refreshes. With watchtowers monitoring the protocol, users can stay offline indefinitely while their funds remain safe.

Robosats: No-KYC Lightning P2P Trading

RoboSats is an open-source, no-KYC Lightning P2P exchange using LN Hodl invoices to minimize custodial requirements and trust. Operated via the Tor browser, it offers a simple and low-fee user experience.

Find more in their GitHub repo and user guide.

Advancements in Lightning Infrastructure

OpenSats highlights several key Lightning infrastructure advancements:

• Lightning Splicing: Allows dynamic channel capacity adjustment without downtime, simplifying liquidity management and reducing costs.

• Validating Lightning Signer (VLS): Shifts key storage and transaction validation to an external signer. Even if a node is compromised, the attacker can’t access or misuse private keys.

• BLAST (Big Lightning Automated Simulation Tool): Designed to provide a stable modeling and simulation framework of the Lightning Network for developers and node operators.

• Lampo: A modular, community-driven development toolkit and node implementation built on Lightning Dev Kit (LDK).

• Lnprototest: A Python-based testing library to help developers validate protocol adherence across different implementations.

Citrea Launches Clementine: A BitVM-Based Trust-Minimized 2-Way Peg Bridge

Rollup Citrea has deployed Clementine Bridge on Bitcoin testnet — the first fully BitVM-based bridge design on Bitcoin testnet. Clementine is Citrea’s trust-minimized, two-way peg solution powered by:

• Bitcoin and Citrea’s light client proofs

• Zero-knowledge proof verifier in BitVM

As long as one single verifier in the BitVM setup is honest, Clementine remains secure — a major improvement over existing approaches (e.g., open and closed federations). Paired with Citrea’s trustless light client, Clementine minimizes trust in Citrea’s bridge design and doesn’t require a soft fork.

Find more details in Clementine Whitepaper and Feature Overview.

Five Reasons RISC-V Is the Best Architecture for the BitVMX Proving System

Fairgate Labs, the main developers behind BitVMX, outlined five key reasons why RISC-V is the optimal choice for BitVMX:

• Open and Universal: RISC-V as a standard with no IP barriers

• Mature Tooling: A rich ecosystem of compilers and debuggers

• Opcode Simplicity

• High-Level Language Support

• Universal Verification

Top Reads on Blockchain and Beyond

Demand Outpaces Licensing: LuckyMiner Drives Home Mining Boom Amid Controversy

LuckyMiner, a Bitcoin mining startup based in Shenzhen, China, is gaining traction with its mini miners. Their products are clones of the open-source Bitaxe miners from the U.S. However, Bitaxe is licensed under CERN-OHL-S-2.0, which requires all modifications to be open-sourced—something LuckyMiner has not complied with.

According to this post, LuckyMiner's founder openly admitted to violating the license and claimed that while their LuckyMiner devices for retail customers don’t comply with the open-source terms, they also produce fully license-compliant Bitaxes for business clients, while simultaneously cloning mining equipment from Braiins.

Against Burning Quantum-Vulnerable Bitcoins

Jameson Lopp has previously argued in favor of burning bitcoin in vulnerable addresses, to prevent funds from being taken by those who win the quantum computing race.

Guillaume Girard from UTXO Management disagrees, offering these counterpoints:

• Property rights violation: Burning coins without the owner’s consent undermines the very principle of property rights. Forcing coins into unspendability erodes the core Bitcoin ethos of ownership and control.

• Ethical concerns: While burning these coins may prevent quantum theft, it also punishes users who lost wallets or don’t understand the quantum threat—offering no chance for recovery.

Instead of burning, he proposes more constructive steps:

• Hourglass: Mitigates the downsides of both “confiscatory” and “liquidation” approaches – by limiting the potential supply shock of a quantum event, without burning coins or flooding markets.

This solution, proposed by Hunter Beast, aims to be the “least damaging” option and is currently under review by developers. Additionally, Hunter Beast has already proposed BIP 360 to bring Post-Quantum Cryptography (PQC) to Bitcoin with a new address type.

Old Miners, New Heat: Mining-as-Heating Might Just Work

BitMEX reviewed the Heatbit Trio—a Bitcoin miner repurposed into a room heater redesigned with a quiet fan.

The reviewer found the Heatbit concept commercially appealing and believes the heating-mining hybrid space is worth watching. The rate of improvement in ASIC efficiencies will decline (partly due to the limits of Moore’s Law), such that ASICs can economically mine Bitcoin for much longer—possibly up to 10 years. With fewer new technical risks, production costs should also drop. When that happens, integrating mining with heating systems may become practical.

Open, Instant, Borderless Payments: Stablecoins and Their Future

This a16z report explores how stablecoins are poised to change the global payments landscape—and who stands to benefit most.

The report sees stablecoins the "WhatsApp moment for money," enabling international transfers nearly free and instant. It also stresses that only two types of stablecoins are considered trustworthy: fiat-backed or asset-backed. The so-called Strategy-Backed Synthetic Dollars (SBSDs) are NOT considered to be a reliable store of value or medium of exchange.