This developer is working to improve bitcoin's build system in a bid to stop 'rampant' phishing attacks

The open-source nature of Bitcoin presents a unique problem: end-users could be downloading the wrong software that doesn’t reflect the actual source code. That's that issue that has spurred developer Carl Dong to work to improve bitcoin's build system in an effort to deter malicious phishing attacks.

"You want to know that the software that you're running actually corresponds to the code," said Dong, Bitcoin developer at Chaincode Lab, in a conversation with The Block. "Because if it doesn't, that defeats the entire purpose of open source, of Bitcoin."

"We've seen phishing attacks everywhere. It's just a rampant problem," he added.

To mitigate this problem, the network introduced Gitian Building in 2016 to standardize the build environment and enable reproducible builds. In other words, whenever Bitcoin releases a new update, all developers and maintainers can run the Gitian Building process and end up with identical files on their computers. They can then compare the output with each other and make sure that none of their computers are hacked. 

"This is much better compared to just one person building because that one person can just insert something malicious with nobody knowing," Dong explained.

However, reproducible builds do not completely eliminate the possibility of malicious attacks, Dong said, since developers use a suite of tools that they download blindly from a server. 

According to Dong, the current standardized environment of the Bitcoin build system depends heavily and somewhat blindly on Ubuntu, a desktop Linux operating system. As a result, even though the builds are reproducible, third-party risks still exist.

"The way we construct this environment is by downloading unauditable and opaque binaries from Ubuntu," Dong said. "If somebody attacks Ubantu's infrastructure or works at Ubantu, they could possibly inject vulnerabilities into these binaries that we're downloading and then poison all of the Bitcoin Core."

"It can be reproducible, but it can be reproducibly malicious," he added.

Dong's project aims to address this vulnerability by making the builds not only reproducible but also bootstrappable, meaning that developers can build a compiler using smaller tools rather than blindly downloading it from a third party. 

While the current trusted binary seed is too large to be auditable, Dong's proposed change would cut down its size from over 200 megabytes to around 500 bytes. With the drastic reduction in size, developers can then easily dissect the binary seed and reproduce the build. There would be a "tree of dependencies" for every piece of software, he said, and it would always know how to rebuild one piece of software from everything else.

"We can track all of this down to a very, very small binary seed that we can use to bootstrap something more powerful and get to a point where we have a proper C and C++ compilers. We can then work calmly up from there," he said. "We don't have to trust binaries. We can look at the source code of everything in the tree of dependencies to make sure that nobody has been injecting vulnerabilities."

"I think there's quite a big difference between running Bitcoin and running other pieces of software," Dong said. 

Regular software has a privacy informational security aspect to it, he said, but Bitcoin handles digital money and faces a whole different class of attacks. This makes it especially important for the Bitcoin build system to maintain a high level of security. 

Dong plans to develop a pull request for Linux, Windows, and macOS. With the Linux part already merged, he is currently working on the Windows and macOS parts of the project. He expects to complete the whole project in the next year.