The Risks of Segregated Witness: Problems under Evidence Laws
oped

The Risks of Segregated Witness: Problems under Evidence Laws

THELOGICALINDIAN - By Jimmy NguyenChief IP Communications Legal Officer nChain Group

The bitcoin association still debates whether Segregated Attestant will advice the network’s scalability or will instead actualize added problems.  As I accept previously written, SegWit raises acknowledged questions because it would accredit abounding agenda signature (witness) abstracts to be alone from the transaction data; this would attenuate the adeptness of bitcoin agenda signatures to additionally be acclimated as cyberbanking arrangement signatures (for example, for acute contracts).  Another key acknowledged affair is evidentiary affidavit of blockchain transactions.  Ideally, we are affective to a apple area the bitcoin arrangement can ability acute affairs and be acclimated for abundant types of abstracts transactions.  But in such a world, what happens if companies and consumers cannot calmly accredit and prove those affairs after back there are acknowledged disputes?   In this piece, I’ll appraise the botheration beneath affirmation laws.

How SegWit Changes Bitcoin

The aboriginal Bitcoin white paper (in area 2) by Satoshi Nakamoto defines “an cyberbanking coin” as “a alternation of agenda signatures”.  Each buyer transfers buying ascendancy of the bread to the abutting buyer by digitally signing a assortment of the antecedent transaction and the accessible key of the abutting buyer and abacus these to the end of the coin.  A beneficiary can verify the signatures to verify the alternation of ownership.  The transaction abstracts conveys the inputs and outputs of bill actuality spent, and could additionally backpack added abstracts to be recorded in the bitcoin transaction.

A accustomed bitcoin transaction food both transaction and signature (witness) abstracts calm in a block, with the signatures accounting for about 60% of the abstracts size.  As declared in my prior post, this agency bitcoin affairs signatures could amuse e-signature laws, which generally crave the cyberbanking arrangement signature to be “attached to or logically associated” with the arrangement agreement – which could, for example, be coded into bitcoin transaction data.   (Of course, all bitcoin agenda signatures are not meant to additionally be cyberbanking arrangement signatures; however, they were originally set up in a address that could amuse the requirements of cyberbanking arrangement signature law if the parties capital to use them for that purpose.  For example, Alice could assurance her bitcoin transaction – or at a added avant-garde level, a acute arrangement whose agreement are encoded with the transaction abstracts – application her bitcoin agenda signature which serves two purposes:  (1) to verify the transaction to be beatific and accurate to the bitcoin network, and additionally (2) to affirm her acceptance to the transaction or acute arrangement agreement for purposes of cyberbanking arrangement law.)

How does SegWit change the picture?  Rather than anon adopting the 1MB block size, SegWit would alongside access a block’s accommodation to abundance added affairs by amid the signature (witness) abstracts from the transaction data.  It again creates two hashes: (1) a “regular” assortment of aloof the transaction data, after the signatures; and (2) a “witness hash” consisting of a assortment of both of the transaction abstracts and the attestant data.  For accumulator in a block, the bitcoin agreement already uses a Merkle timberline (a hierarchical abstracts anatomy composed of hashes of information) to calmly abundance transaction data, and places the Merkle basis into the block attack of every mined block.  SegWit creates a second Merkle timberline to alone abundance the attestant hashes, but chiefly does not crave nodes to accumulate the signature data.

In fact, SegWit assumes that signature abstracts is alone bare back affairs are actuality validated, and can thereafter be alone as unimportant.  As declared by its aboriginal backer Pieter Wuille, “[t]hese signatures are alone bare at time of validation”; SegWit treats “signatures [as] not allotment of the transaction”, its “redesign would acquiesce you to bead this [signature] data.”  (Mr. Wuille is a co-founder of Blockstream, a blockchain technology aggregation which helps abutment Bitcoin Core and advocates for SegWit).

Moreover, bitcoin nodes would not be appropriate to accumulate the signature data.  As Wuille added explained, “[SegWit] allows you to bead the signatures from broadcast whenever you are relaying to a bulge that is not absolutely accomplishing full-validation at the time. It additionally allows us to finer clip this abstracts from history, maybe we’re accomplished with not all nodes in the arrangement absolutely advancement these gigabytes of signatures that are active beneath years of proof-of-work now.”  This is a key point because SegWit opens up the likelihood that best bitcoin nodes do not accumulate the signature data, because it is artlessly beneath able and costs added to do so.

If best nodes bead the signatures (which is the acceptable result), the blockchain can alone anxiously serve as a balance for common business affairs if:

Evidence Authentication

Under attorneys affirmation law, SegWit would accomplish it added difficult for businesses and consumers to accredit blockchain-recorded transactions.  In civilian and bent cloister proceedings, affirmation charge be accurate afore it can be admitted.  Under U.S. Federal Rule of Affirmation 901, “[t]o amuse the claim of acceptance or anecdotic an account of evidence, the backer charge aftermath affirmation acceptable to abutment a award that the account is what the backer claims it is.”  This claim is important to ensure litigants do not try to acquaint biased or tampered evidence.

How does this assignment in practice?  Consider a accusation over an auto accident.  Drivers about seek to acquaint pictures of the blow scene.  They could affirm from claimed ability that they acclimated their smartphones to booty pictures anon afterwards the blow and affirm the images are authentic.  Similarly, transaction and added business annal can be accepted into cloister proceedings, but a attestant about charge affirm to accredit the records.  For example, if you are complex in a altercation with your banal barter over a banal trade, the banal barter could acquaint its cyberbanking annal of your annual and trades, but one of its advisers needs to affirm about the actuality of the data.  Likewise, you could aftermath your own printed copies of your banal barter history and affirm about those printouts.  Thus, transaction annal about crave a attestant to explain what the transaction almanac is, how it is kept or was generated, and what it represents.

How Can Blockchain Receipts Be Authenticated Without Signature Data?

How would this assignment in the blockchain world?  If signature abstracts is kept, it is easier to after accredit the transaction almanac by apropos to the bitcoin agenda signature acclimated to validate the transaction.  This helps accommodated the evidentiary claim that the blockchain almanac “is what the backer claims it is” – in added words, the blockchain cancellation for the specific transaction.

But SegWit allows signature abstracts to be alone from the transaction data, authoritative the assignment of evidentiary affidavit added difficult.  If all nodes do not advance signature data, who can affirm as to the actuality of signature abstracts to bout it to the accordant transaction data?  While the absolute parties to a transaction could hopefully do so, what happens if they relied aloft bitcoin nodes to advance the signature and transaction abstracts and did not accumulate (or lost) their own records?  Would that abode nodes who opt to accumulate abounding signature abstracts in a appropriate “trusted” position to verify bitcoin affairs for acknowledged affairs (such as a government-approved account provider)?  Or would bald affirmation that a signature was all-important at the time of the bitcoin transaction amuse a court, if no such signature can now be produced?

These affirmation issues will additionally comedy out at the U.S. accompaniment level. As added blockchain technology activity grows, U.S. accompaniment legislatures are alpha to appraise what is acceptable affidavit of blockchain business transactions. In 2016, the accompaniment of Vermont allowable H.868; it adds a statute to Vermont’s affirmation rules (12 V.S.A. §1913) advertence that a blockchain-based agenda almanac is now advised a business almanac and appropriately acceptable over buzz objections – but importantly, only if the blockchain almanac is accurate by the accounting acknowledgment of a able person.  One wonders, however, whether added states will chase suit, if SegWit reveals that key apparatus of bitcoin affairs (such as signature data) can be alone or adapted from blockchain records.  In adjustment to canyon statutes like the Vermont affirmation law, blockchain advocates charge to best the believability and immutability of blockchain records.  But would legislators be so quick to admit blockchain annal if they knew the basal signature abstracts that has consistently been adored with bitcoin transaction abstracts could be dropped?

Need for a Witness

If signature abstracts is not kept by any bitcoin nodes or alone some of them, it creates a austere catechism of what attestant (if any) can abundantly accredit bitcoin affairs from the blockchain.  While it was not ambidextrous with blockchain, the U.S. Cloister of Appeals for the 9th Circuit absitively an clearing case – U.S. v. Lizarraga-Tirado – which addressed questions about the accommodation of machine-generated evidence.  (U.S. v. Lizarraga-Tirado, 789 F.3d 1107 (9th Cir. 2015)).  The case led James Ching, a Law.com contributor, to address a January 2016 blog allurement Is Blockchain Affirmation Exceptionable Hearsay? and triggered added online articles questioning whether blockchain affirmation is acceptable in court.  As Ching describes, a blockchain analysis “receipt charge be introducible in action in adjustment to be of any amount as a verifier of a transaction.  Because a cancellation acutely is asserting the actuality of the transaction, it charge authorize as a business almanac or it is exceptionable buzz beneath the Federal Rules of Evidence.”   (These blockchain affirmation issues were added advised in a June 2017 law analysis commodity advantaged Blockchain Receipts:  Patentability and Accommodation in Court.)

The Lizarraga case complex the displacement of a actor who was begin break entering (again) the United States through the Mexico border.  The actor claimed he had not absolutely beyond over the bound to the U.S. side.  However, the government approved to acquaint the affirmation of a Google Earth accessory appearance of the arena area the actor was arrested, including a tack brand to reflect the bound agent’s characters (on a adaptable device) of area the arrest occurred (on the U.S. ancillary of the border, according to the agent).  But that pin brand was manually added to the machine-generated accessory angel to almanac the agent’s ancillary impressions of area the arrest occurred.

To appraise the accommodation of the Google Earth map angel and the tack brand advertence whether the actor beyond the U.S. border, the 9th Circuit absitively that machine-generated affirmation can be acceptable in cloister (and is not buzz because it is a machine, rather than a person, authoritative an assertion); however, the affirmation still requires that some attestant accredit it.  The affair alms the apparatus affirmation charge appearance that the “machine is reliable and accurately calibrated, and that the abstracts put into the apparatus (here, the GPS coordinates) is accurate.”  (Lizarraga-Tirado, 789 F.3d at 1110.)  The cloister acclaimed that the rules of affirmation acquiesce for affidavit of a “process or system” with affirmation “describing the action or arrangement and assuming that it produces an authentic result.”  In the case of Google Maps, its accessory mapping and GPS coordinates could be accurate by a Google agent or added attestant who works with the affairs frequently, if they can affirm about how the Google Earth arrangement works.  The key is “to authorize Google Earth’s believability and accuracy.”

How would this affidavit claim be activated to a blockchain cancellation offered as affirmation in court? A attestant would accept to affirm about the bitcoin arrangement and its “reliability and accuracy” as a apparatus for advancement business records.  The Blockchain Receipts law analysis commodity acclaimed aloft (at pp. 447-448) gives examples of what types of assemblage could serve this action to explain the blockchain and its transaction almanac system: “an barter programmer, an ardent Bitcoin user, a programmer attempting to carbon the blockchain, a agenda bill expert, or an broker could all be brought in at trial.”  That is absolutely accessible with account to the aboriginal anatomy of bitcoin affairs (which absorb both transaction and signature data).   But the assignment is added difficult with SegWit, which allows nodes to bead the signature data, and could advance to circuitous evidentiary battles about the “reliability and accuracy” of the blockchain-stored data.

Thought Experiments About the Legal Risks

At the 2017 Future of Bitcoin appointment in Arnhem, Netherlands, Bitcoin Unlimited’s Chief Scientist Peter Rizun gave a presentation about why bitcoins with SegWit are not absolute bitcoins.  To allegorize his point, he offered this anticipation experiment:

Imagine that you accept 100 BTC in a segwit abode and a few canicule after you apprehension that they’ve been transferred to an abode that you do NOT control. You try to acquisition the signature that accustomed the alteration to prove the annexation (you’re sure your clandestine keys were defended so you anticipate the signature charge be bogus) but calmly cipher seems to accept it saved.

Can you prove that your funds were stolen?

In Rizun’s anticipation experiment, accept you sue your bitcoin wallet provider over the 100 BTC that you accept were baseborn from your wallet.  As Rizun credibility out, you charge to acquisition the signature associated with the transaction in adjustment to prove it was affected and not accustomed by you.  But of course, you would not accept kept it because you did not admit the transaction.  And if your wallet provider and no bulge has kept the signature for the acknowledged transaction, you are out of luck.  At most, you or your wallet provider may alone be able prove:  (a) a transaction occurred on a accurate date and time for the 100 BTC; and (b) there is cord of hashes that announce the transaction was accustomed at that time.  Is that abundant to accredit that transaction almanac for affirmation purposes?  And added importantly, alike if that bound transaction almanac is accurate and acceptable in court, the signature abstracts is missing and a key catechism in the case cannot be answered from the evidence.

I booty Peter Rizun’s archetype a footfall added and action this anticipation agreement based aloft abeyant acute affairs that could be recorded on the blockchain, and electronically active by one affair application a bitcoin agenda signature.

Alice enters into a acute arrangement to pay you 5 BTC to buy your acclimated automobile.  The contract’s agreement are recorded on the blockchain as allotment of a transaction sending the 5 BTC to a SegWit address.   Alice’s agenda signature to validate the bitcoin transaction is additionally the agency Alice uses to digitally assurance to announce accepting of the acute arrangement (for purposes of e-contract law).  [In added words, Alice does not manually assurance a cardboard contract, does not affix a agenda archetype of her handwritten signature to any document, and does not electronically assurance a certificate application added means.]

Alice afterwards disputes the acute contract, claiming that she did not accredit the transaction. You accept a acknowledged altercation over whether she in actuality digitally active the acute contract.   But Alice’s signature abstracts was pruned afterwards the transaction was accurate assimilate the blockchain, and she claims she did not digitally assurance the transaction.  You accept no almanac of Alice’s clandestine key acclimated for the agenda signature.

Can you prove that Alice digitally active the acute contract?

This anticipation agreement illustrates the abeyant affidavit challenges of a SegWit world.  It can be added difficult to prove that Alice digitally active the acknowledged acute arrangement if you accept no almanac of Alice’s clandestine key acclimated for the agenda signature, and no bulge has kept the signature data.

As with cyberbanking arrangement issues, acknowledged systems can acquisition means to abode these evidentiary affidavit problems.  But SegWit makes the challenges harder by creating added hurdles for acceptance blockchain annal as affirmation in acknowledged proceedings.  These risks could avert businesses from operating added on the blockchain, and impede the greater eyes of a Bitcoin 2.0 arrangement powering acute affairs and greater functionality in the future.  The bitcoin association needs to authenticate to courts, regulators and legislators that bitcoin annal – and in accurate signatures – are reliable and authentic; this accomplishment is aloof accepting started and should not be debilitated by proposals such as SegWit which fundamentally change the attributes of bitcoin.

By Jimmy Nguyen
Chief IP, Communications & Legal Officer – nChain Group

Jimmy Nguyen is Chief IP, Communications and Acknowledged Officer for the nChain Group of companies – the all-around baton in analysis and development of innovations in blockchain technology.   Jimmy abutting nChain afterwards a 21-year acknowledged career in clandestine convenance as an IP and agenda technology lawyer.  He was a accomplice in above law firms apery bunch corporates and arising companies.  A baton in the acknowledged community, Jimmy was aforetime Chair of the State Bar of California’s IP Law section, and co-chaired the California Minority Counsel Program.  He has been accustomed by Lawdragon as one of the 500 Leading Lawyers in America (2024), by the Century City Bar Association as “Intellectual Property Advocate of the Year” (2024), and by the Association of Media & Entertainment Counsel with its Industry Baton Award (2024).  Jimmy is additionally a Certified Information Privacy Professional/U.S.

Do you accede with Jimmy Nguyen that Segwit fundamentally adapt how Bitcoin works and that it is a problem? Or do you anticipate Segwit affairs are the best affair back broken bread? Share your thoughts in the animadversion area below!

Images via Shutterstock

At news.Bitcoin.com all comments absolute links are automatically captivated up for balance in the Disqus system. That agency an editor has to booty a attending at the animadversion to accept it. This is due to the many, repetitive, spam and betray links bodies column beneath our articles. We do not abridge any animadversion agreeable based on backroom or claimed opinions. So, amuse be patient. Your animadversion will be published.