And so the time has come. Let the Nordic authoring dominance proceed!
For months, Luke de Wolf, co-founder and head of programming for BTCHEL, labored over precisely how his view of Bitcoin security was different.
And next week, June 15, the book is out. Defending Bitcoin: Industrial-Grade Cybersecurity for the Monetary Grid is bound to be one of the most noteworthy Bitcoin books of the year.
It’s a serious, deeply considered security investigation of Bitcoin. Coming from an industrial control system point of view, Luke lays out a framework for thinking about threats and then spends ten ridiculously well-researched and balanced chapters investigating everything from quantum to arbitrary data, mining centralization, key management and physical security.
I caught up with Luke and asked him a bunch of questions I hoped nobody had asked him before. Here’s a lightly edited transcript of our interview.
JB: What was the most surprising thing you learned or discovered during the process of writing and researching the book?
LW: I really had to get up to speed with a lot of low-level technical aspects of Bitcoin.
I went back and reread Mastering Bitcoin [by Andreas Antonopoulos], but that was a bit hard to follow. I then read Grokking Bitcoin and Bitcoin Development Philosophy by Kalle Rosenbaum. (Those would be my top picks for someone to understand the technical side of Bitcoin, although Grokking could use an update to reflect the latest protocol changes…)
I even took the Saving Satoshi challenge put on by Chaincode, which forced me to dust off my programming skills and do real Python coding. I learned a lot through the process, and I made it all the way to the end, with the invite to the BOSS challenge as my reward. Time commitments, not the least of which being this book, prevented me from taking the process further, but the experience was interesting and enlightening.
I would say that the area I learned the most was in Bitcoin Script, where I had a rough understanding from Twitter discourse but hadn’t really gotten my hands dirty before.
“After writing the book, I feel confident that I understand the whole area a lot more, and I can speak more confidently about controversial scripting changes.”
JB: How did the idea for the book come to you? I wanna recall JK Rowling describing how the story of Harry Potter just suddenly flooded her mind, fully formed and all at once. Did you have a similar revelation with Defending Bitcoin, or was, perhaps, the constant arguing with people on Twitter last year involved in coaching it out of you?
LW: This was an “aha” moment. I had been arguing about BIP-110 with a few prominent people, but one conversation with Stephan Livera specifically sparked the whole idea for Defending Bitcoin. I realized that I had been advocating against arbitrary data because of the same principles that govern critical infrastructure security, and everything basically fell into place. I knew exactly what kind of book I wanted to write, immediately.
I knew I would need to build a base of vocabulary and introduce both Bitcoin and cybersecurity, and from there talk about the threats to Bitcoin and the ways to defend against those threats. I reordered two chapters and changed the contents of one after building the initial outline. That was two weeks after the initial idea.
JB: What have you changed your mind about in writing the book?
LW: I changed my mind about BIP-110.
Not about the content of the change: I remain adamant that BIP-110 would be a positive thing for Bitcoin. I assert throughout Defending Bitcoin that the tradeoff to security is convenience, or, put more plainly, that every decision has tradeoffs.
I find the technical restrictions demanded by BIP-110 to be extremely reasonable. Developers have to operate within a slightly more restrictive environment, temporarily. I don’t find that outcome to be unacceptable.
My opposition came through writing the chapter on Governance issues, which you might think, initially, would just entrench my view that something is rotten in Bitcoin Core, and something needs to be done at all costs. It’s the last part that I realized I don’t agree with.
“The chaos of a fork scenario is something we can’t predict.”
I wrote a book about risk management. I realized that I couldn’t simultaneously advocate for risk reduction in every other area of Bitcoin and advocate for a fork that doesn’t have overwhelming node consensus. I had to be honest with myself and give up a position that I had been holding for months. But, I think, if you read the book you’ll see why I came to the conclusion I did.
That’s not to say that I wouldn’t be happy if BIP-110 were to activate. Currently, I just don’t see it activating smoothly. Without node consensus, miners effectively get to choose the outcome, and I don’t see a path to sufficient hashrate for the fork. Again, the node consensus is the issue.
If 90%+ of nodes supported BIP-110, it would be hard for miners to justify not signaling for the fork. As it stands, the numbers are quite a bit lower. It’s not about the merits of BIP-110. I just think they’re fighting a losing battle, and, from a risk reduction perspective, I can’t support it.
JB: Do you have a favorite phrase or sentence from the book?
LW: There’s always something you can do.
It was important for me to emphasize that everything relating to security comes down to individual choices. No matter the area of Bitcoin we’re talking about, there’s always something one person can do. I repeat that line like a mantra. I hope it’s what every reader remembers.
JB: What was the writing process like? A little here or there amid life, or chapters written in long, intensive writing sessions?
LW: I had the outline extremely early on. Apart from some minor refinements, this book existed in my head six months ago. The process was all about going from outline to first draft, then polishing the drafts, iteratively. My notes folder has 10 revision cycles, and each one I focused on different areas, including making everything more consistent.
Full disclosure: I used AI to keep me organized. I would ask it to check if I was describing some concept inconsistently, or to make sure that each chapter included the same sorts of structural elements. Even though I planned these things out myself, inconsistencies crept in. It was also an invaluable fact checker, keeping me honest whenever I made claims that wouldn’t hold up under scrutiny. I never used AI to actually do any writing. It was all me. But I probably would either have produced a less coherent book or done it more slowly without AI assistance.
In any case, this consumed my life for six months. I obsessed over it, and worked hard to make sure every detail was correct. I’m proud of the end result.
Through going on podcasts and discussing Defending Bitcoin with others, I realize that maybe I could have emphasized a certain point better, or that I missed something I really should include later. But I’m confident that the book, as it is, gives anyone who reads it the tools to be more confident about Bitcoin security, and about the outlook for Bitcoin in general.
Defending Bitcoin: Industrial-Grade Cybersecurity for the Monetary Grid is out June 15, and you can find early copies at BTC Prague this week.