On Saturday (15 December 2018), Jameson Lopp, the Chief Technology Officer (CTO) at Casa, explained via a post on his Medium Blog who controls Bitcoin Core, or more specifically “who controls the ability to merge code changes into Bitcoin Core’s GitHub repository.”
What Is Bitcoin Core?
Before we proceed, please note that term “Bitcoin Core” is not being used in this article as a synonym for the cryptocurrency with the ticker BTC
Bitcoin Core is Bitcoin’s reference implementation and the most popular implementation (“96% of reachable Bitcoin nodes are running some version of Bitcoin Core”). It was originally released as “Bitcoin 0.1” by Satoshi Nakamoto on 9 January 2009, but renamed to “Bitcoin Core” in 2014 with the release of version 0.9.0. It is open source software that implements a full Bitcoin node (a collection of which forms the Bitcoin network) and a Bitcoin wallet.
The first thing that Jameson points out is that Bitcoin Core is just “a focal point for development of the Bitcoin protocol rather than a point of command and control”, as he explains below:
“If it ceased to exist for any reason, a new focal point would emerge — the technical communications platform upon which it’s based (currently the GitHub repository) is a matter of convenience rather than one of definition / project integrity.”
Who Are the GitHub Maintainers for Bitcoin Core?
Before naming the five people who maintain the Bitcoin Core Github repository, i.e. the people who have the PGP keys needed for signing a merge commit, he explains that being a “maintainer” is “more of a janitorial function than a position of power.”
The five trusted PGP keys are
71A3B16735405025D447E8F274810B012346C9A6
133EAC179436F14A5CF1B794860FEB804E669320
32EE5C4C3FA15CCADB46ABE529D4BCB6416F53EC
B8B3F1C0E58C15DB6A81D30C3648A882F4316B9B
CA03882CB1FC067B5D3ACFE4D300116E1C875A3D
and these are assigned respectively to the following individuals:
Wladimir J. van der Laan ([email protected])
Pieter Wuille ([email protected])
Jonas Schnelli ([email protected])
Marco Falke ([email protected])
Samuel Dobson ([email protected])
([email protected])
Note that although theoretically it is possible for a GitHub employee to “use their administrative privileges to inject code into the repository without consent from the maintainers”, it is highly unlikely that such a person “would also be able to compromise the PGP key of a Bitcoin Core maintainer.”
Jameson also points out that these PGP keys “are not a proof of identity” since they could “potentially fall into the hands of other people.” That’s why there is script called “verify-commits” that “any developer can run on their machine” to verify that “every line of code that has been changed” since “commit 82bcf405 in December 2015” has “passed through the Bitcoin Core development process and been ‘signed off’ by someone with a maintainer key.”
Multiple Layers of Security of Bitcoin Core
Finally, in this excellent blog post, Jameson says that since we cannot allow Bitcoin Core’s code integrity to “rely solely upon a handful of cryptographic keys,” there are several other layers of security:
- pull request security;
- release security; and
- extensive test code for checking code coverage
Featured Image Credit: Photo via Pexels.com
