You knew this was coming, didn’t you?
Part of why I have not written much about bitcoin is because I don’t want to grind my teeth flatter than they already are. There are many, many things about bitcoin that make me shake my head and wonder at the gullibility of the libertarian techno-elite. So many people, who think they are so smart about technology, actually appear to understand nothing about it; they’re engaged in wishful thinking and not much else.
There are so many things about bitcoin that are wrong; I’ll just tease one of them: the blockchain is append-only, which is sort of necessary for the how it works, but because there is no central brokerage, there’s no input validation process that prevents someone from just injecting their own garbage. From a security design perspective that is a “newb mistake” of the first water. It means that, if the blockchain weren’t so damn slow and irritating to use, it’d be a great free cloud syslog store. O brave new world, take my terabytes of junk! Naturally, since it’s not public data, I’d superencrypt it so nobody else would know what it was. I do believe someone has written a filesystem driver that sits atop blockchain, not that anyone wants a glacial-speed filesystem. What a stupid design. The stupidity is an unavoidable consequence of not having a central authority: nobody exists to say “this transaction is a bunch of encrypted garbage that doesn’t look like one of our things.” Besides, that just means that my superencrypted syslog blobs now have to get formatted to look like bitcoin blobs.
I lied, here’s another one: what happens to bitcoin if someone finds a flaw in SHA-256? Go on, think that one through. All the people who have bitcoin appear not to have.
You’d think that someone who was creating the next big currency would think about operational details like that. You’d think that someone who was creating the next big currency would think about security models. Nah. Bitcoin are worth a lot of money, though, so who cares?!
Slide from a presentation on “trusting trust” – explains Kernighan’s argument [source]
Let’s not go further down that path, because then this will turn into a posting on software security, system integrity, trust, and trustworthiness. If you’d like to get a feeling for some of that, go read my interview with Dr. Roger Schell [search] who started working on system integrity problems around the time I was getting toilet-trained. He’s spent his life building software systems that are designed to run on hardware provided by the KGB; it’s a mind-boggling problem. If you find that interesting, also go read Brian Kernighan’s Ken Thompson’s [wow that was an embarrassing brain-o!] Turing Award lecture on “trusting trust.” Now, I really will stop talking about that.
The idea that “they” are going to let bitcoin be the basis for a new economy that “they” don’t control is really funny. It’s actually funnier and stupider than the Texan gun nuts who think their personal small arms are going to let them defeat the US Imperial Military, when it turns on them with its jaws open and its teeth smoking with blood.
Via Caine, I learned of some more bitcoin silliness: the WND has come up with a hokey self-financing scheme involving bitcoin. [rww] It’s a special offer:
But today I want to emphasize why I am excited about our current effort to raise money around a giveaway of AML Bitcoin. Ever since I first heard about this company, I was sure it would become one of the leaders in cryptocurrencies because of two things – (1) the safety and security it offers because of its unique, patented anti-hacking technology; and (2) AML Bitcoin’s swaggering attitude that got the company’s big commercial debut on the Super Bowl banned by politically correct NBC and the NFL.
Patented anti-hacking technology?! Holy, uh, nevermind.
AML is another cryptocurrency. Not to put too fine a point on it, the value of these cryptocurrencies is – questionable. I’ll try to remember to explain how their value is established when I write my Capitalism 101 piece on Market Capitalization and Valuation. But, basically, you should think of it as one of those “fiat currencies” that goldbugs like to complain about, except instead of the Federal Reserve Bank pulling the valuation out of thin air, it’s some guy in a hotel room in Panama, sshing into a server farm in Iceland, pulling the valuation out of thin air.
A rough algorithm I use on any stock/issue-related promotion is that the degree to which the promotion tries to engender excitement and the likelihood the whole thing is a scam are directly related. The more excited the email about it is, the greater the chance that it’s all bullshit.
This week, AML Bitcoin, a company that purports to be creating an un-hackable digital currency that supposedly combats money laundering, manufactured a small outrage news cycle when it announced that the NFL and NBC rejected its Super Bowl advertisement for being “too political.” The ad, which was posted on YouTube, depicted a caricature version of North Korean leader Kim Jong Un screaming at underlings as they tried and failed to hack AML Bitcoin’s product.
But the ad wasn’t banned, according to NBC. “It wasn’t rejected because it was never reviewed because the company never made a buy,” an NBC spokesperson told BuzzFeed News. “We don’t review creative until a purchase is made.”
What does “un-hackable” even mean? Of course it’s hackable, because: system integrity. Look, the people who are going to run that AML stuff and the AML wallet are going to run it on an Intel processor, right? If they don’t know about the Intel Management Engine(IME) [wired], which is basically an in-the-processor backdoor into the entire system, they’re fools to talk about “un-hackable” – IME coincidentally looks like it was designed to be able to pull encryption keys out of memory when they’re unlocked in the wallet app. Of course, Intel swears that IME was just a mistake. Oddly, AMD made a remarkably similar mistake. So many coincidences! Quick, let’s blame the Chinese! Oh, wait, no, Intel’s American. Well, poop, that never happened.
To be fair, the North Koreans probably didn’t know about the IME backdoor; that was probably an important closely-held NSA toy. The Russians probably didn’t know about it, either – because if they did, they would have nudged Kaspersky over in that direction and served the NSA some humble pie as another expensive toy gets disclosed for public scrutiny.
It sounds a lot like the AML guys were trying to bootstrap their new currency with no assets. You can do that, if you’re really good at the capitalism and can convince them that your empty briefcase is worth $1 billion – but not if you’re such a small-time conman that you blink at paying for an ad. A real capitalist tool, like Donald Trump, would have pulled nine of his golf buddies together and told them, “look, this is yuge. If we each put in $1 million we can buy an ad in the bowl and we’ll get it back 100:1 when we float the currency.” Then, Don’s friends would have each put in $1 million and Don would have bought $9 million worth of ad time and they’d split the whole thing 10 ways. See how that works? You have to be good at capitalism 101 to pull off a con like starting a new currency; it’s basically like owning your own government.
Here’s a valuable bitcoin I am willing to sell you:
As you can see, they are 1 troy ounce of valuable .9999 copper and a thin layer of molecules of silver and gold.
I will sell these babies for 1/2 of the current cost of a bitcoin. I don’t care what that is, as long as bitcoins are more than $5.00, because those things cost me $2.50 apiece on Ebay. Being a basically honest person is a drag sometimes, I have to admit I did consider buying a briefcase-load of them and going up to Wall St to see if I could sell them to guys in suits for $5,000 apiece. (“These are the old bitcoins, from back when they actually minted them. See? They trade at the same price. You just scan the QR code into your wallet and it uploads it.”)
Maybe I should make some ‘bitcoin’ mokume gane.
In case you didn’t notice the apple I hid in the razor blade above, the “could stuff syslog into the blockchain” bit points to a potential denial of service attack against the entire bitcoin ecosystem. Would you like a fun summer project: announce that you are going to bloat the blockchain to the point where it is unusable in real-time, unless someone pays you with some useful cash really soon.
There are much worse things that can be done to bitcoin, and I believe the NSA has already done them. If any of you dear readers are using bitcoin to do anything illegal, you might want to spare some thought for how to make it look like your ex-roommate or deceased spouse was the one doing it. Because if you’ve used bitcoin for an illicit transaction, you painted a great big neon target on your back. The good news is that a) you’re small fry b) there are a lot of people with great big neon targets on their back, so you’re safe unless you try to run for political office or you piss off the establishment. If that fits you and you are not familiar with the term “parallel construction” let me know in the comments if I should do a posting about that.
There is a chance that the IME was not an NSA backdoor. It is possible that it was just utterly stupid engineering that some goober at Intel thought up, and blew into every CPU Intel has shipped since 2008. Codebros sometimes do stupid things like that, take a look at Java – a programming language originally conceived of as a weekend hack that Jim Gosling (admittedly a great programmer) threw together for elevator control system programming; then some marketing idiot said “we need an internet programming language” and someone told them to ask Jim, and … oops. Seriously, some of these codebro blunders are Napoleonic in their grandeur.
I know bitcoin uses ‘double SHA-256’ not just plain old SHA-256. But if there’s a flaw discovered in SHA-256, double SHA-256 may turn out to be worth less than a bucket of cold spit. Another possibility is that there may be some group theory trick someone comes up with that makes it easier, as happened with triple-DES in the early 90s: it turned out that triple-DES was only about 2.1-DES in terms of complexity once you understood some fancy group theory stuff. (And there are some really fun stories about how NSA taught Don Coppersmith at IBM how to make S-boxes that were better than the ones he was using; NSA apparently didn’t realize IBM was going to release the DES as a candidate standard, or they would have made it worse. I had a very entertaining chat about this with Dennis Branstad and Robert Morris Sr., once, and those old spooks thought the whole thing was “roll on the floor” funny.) Anyhow, the point is that: cryptosystems wear out. I am not sure it’s possible to do anything with bitcoin if SHA-256 needs to be replaced. Oh, boy would the value move on that day! (By the way, that’s another way of holding the whole system hostage. But I’m going to assume breaking SHA-256 is really hard.)
“You have to be good at capitalism 101 to pull off a con like starting a new currency; it’s basically like owning your own government.” – literally, look up the word “seigniorage” (I’m sure it’s derived from “seigneur” – French “lordship”)
See if I can post an image:
Reginald Selkirk – you can post the URL and if I like it I’ll copy it into the blog’s image library and edit your link.
Quality control, security, blah blah blah…
They also don’t seem to understand very much about money either, which would also seem to be a pre-requisite for designing a new currency…
[blink] [blink] Wha…? I don’t even… Why on earth would anybody do such a thing?
As I understand it, bitcon – sorry, bitcoin – is pretty much already unusable in real-time.
I know a couple of people who bought some bitcoin fairly early on in last year’s run-up… I told them to sell right around the time that my FB feed started filling up with people who wouldn’t know a hash function from a hash brown talking about what a brilliant idea it was. (Which was itself a couple of weeks before ads for bitcon – sorry, bitcoin – “investments” started displacing penis enlargement pill and Celebrity Pictures You Just Won’t Believe in those bottom-of-the-page ad streams.) I hope they took my advice…
Dunc@#3:
[blink] [blink] Wha…? I don’t even… Why on earth would anybody do such a thing?
Massively distributed reliable data storage, for free! What could possibly go wrong?
(That’s another attack vector: upload kid porn into it, now everyone who downloads the blockchain has a really interesting problem.)
For any system that accepts input that is not entirely internally-generated thou shalt:
1) validate thy inputs ruthlessly
2) expect spam and be prepared to deal with it (transaction rollback)
3) expect denial of service and be prepared to deal with it (resource consumption attack)
4) expect the unexpected
I don’t know why filesystems seem like a fun thing to run atop ${anything} but they are. Heck, in my wild youth I implemented NFS over email messages, so I could mount filesystems through someone’s firewall… Oh lordy the fun we have in IT security!
As I understand it, bitcon – sorry, bitcoin – is pretty much already unusable in real-time.
It’s definitely a mess. But as Trump has shown, any mess can be made messier if you whack it really hard with a board with a nail driven through it.
I don’t know if there are any bitcoin futures markets but I suppose a denial of service attack could be used to manipulate those. The downside is that it’d be pretty obvious who did it. Therefore, one would have to practice one’s Russian or North Korean, and wear some Russian pimp hacker clothes and everything, to make it convincing.
I hope they took my advice…
Me too!
I knew a guy who was in on bitcoin from the start. He made a couple million bucks and bought a nice house. Thanks, capitalism!
PS – I am the kind of person who does horrible things to computers simply because I enjoy the failure analysis. The thing is, I’m a good guy. I look at my clients’ systems and do all the evil thinks and then tell them “you need to take this and that and the other thing into account” and they run screaming from the room. I believe this is actually a valuable service – it’s like when you figure out what the molten copper would feel like as it drips into your shoe, and decide in advance to avoid it.
I like the bitcoins. The metal ones that is. I do not know why, I just like the design.
Never mind. It was just a random image of someone biting a coin.
Charly@#5:
I like the bitcoins. The metal ones that is. I do not know why, I just like the design.
Me too. I bought a dozen and carried them around in my bag for a year, hoping some TSA border guard would think he was getting over by confiscating them “for security reasons.” Instead, I wound up mostly giving them to people at security conferences. It is amazingly easy to make nerds happy.
I just checked on Ebay and the copper bitcoins are trending at $0.99. I’d offer you a few, except it’d cost more to ship them than they are worth.
Turns out Bitcoin is already essentially illegal to own in a lot of places:
https://amp.theguardian.com/technology/2018/mar/20/child-abuse-imagery-bitcoin-blockchain-illegal-content
Oops
I have just formulated something that may be a hithertofore unidentified secret law of reality:
For most fads, you can make more money making tshirts about the fad, than doing the fad itself.
I.e.: I suspect the guys in China who are making those copper bitcoins are making more money than if they invest in bitcoin, anymore.
Dauphni@#8:
Turns out Bitcoin is already essentially illegal to own in a lot of places:
Oh, dear. I guess someone else thought of it and did it.
Well, there’s always hacking tools, other people’s cryptokeys, and nuclear weapons secrets to upload. I always wondered why people bother with wikileaks when they can just upload all that stuff into the blockchain and (if blockchain works as advertised) now there is a global irrevocable unalterable anonymized copy.
Well, call me old-fashioned, but one of the operations I expect a file system to support is deletion…
Probably already been done: Bitcoin’s blockchain: Potentially a hazardous waste dump of child abuse, malware, etc
Me too. The design is pretty.
Speaking of which, I’d prefer if more coins had such nice designs. But instead we get all those ugly heads of some fucking monarchs.
By the way, Latvian 2€ coins have words “God, bless Latvia” written on them. I absolutely hate this.
Dunc@#11:
Well, call me old-fashioned, but one of the operations I expect a file system to support is deletion…
Well, the blockchain is a transactional ledger not a filesystem, so it naturally doesn’t support deletion.
But that’s OK! All our filesystem needs to do is maintain a top-level directory index, which is serialized. To “delete” a file you remove it from your copy of the index and upload the new index. The filesystem just has to find the newest index, and use that. (Aaaaand that’s a “log-based filesystem” such as Osterhout et al. were hyping in the late 1980s. We built one when I was at Digital and that was where I discovered the problem with append-optimized databases: garbage collection is hell)
But there’s no problem with uploading lots of copies of the index, after all – it’s someone else’s storage. (So, for that matter, you could just upload an index every 60 seconds and then the filesystem doesn’t have to search very hard to find the latest copy…)
See? My specialty is coming up with horrible things that can be caused to go wrong in complex systems. I’m a barrel of laughs on an airplane, which is why I usually keep my mouth shut and don’t say anything to anyone.
Ieva Skrebele@#12:
By the way, Latvian 2€ coins have words “God, bless Latvia” written on them. I absolutely hate this.
With a torch and a chisel it ought to be pretty easy to alter them to read “God-less Latvia”. If you had a small CNC machine you could just program it and let it run.
Edit: don’t actually do that. I don’t want any of The Commentariat getting stuck in oubliettes anywhere.
Speaking of which, I’d prefer if more coins had such nice designs.
In one of his books, Charles Stross hypothesizes an attack on a civilization by means of removing the value of their existing economic exchange system. That’s basically the kind of attack that nations used to occasionally attempt on eachothers’ currency by devaluing it through debasing, counterfeiting, or simply lying about it. If I recall correctly, that was a big conflict during the Napoleonic wars – both sides were trying to alter the value of eachother’s currencies. Where I am going with that: if someone had enough money and cared to import a few metric fucktonnes of those bitcoins, and distributed them to enough anarchist friends, they could simultaneously begin using them and assert that they were now legal tender. Oh, the fun. After all, that’s basically what governments do. But it helps to have an army, so that when someone asks “says you and what army?” you can point over your shoulder.
That sounds like a fun pastime.
So, does that mean that some fun things could go wrong with an airplane? Now I’m curious about what exactly could happen. Do you have any fun stories to keep me properly paranoid next time I board an airplane?
That would be hilarious. Unfortunately, that wouldn’t work. The words are written in Latvian—“Dievs, svētī Latviju.” There’s nothing fun that could be done with these words in Latvian version. They are written on the edges of the coin (see: http://eiro-monetas.weebly.com/uploads/2/4/7/0/24701887/7744589_orig.png ), so it would be possible to grind them off, but that’s about it.
I know a guy who uses a nail and a hammer to damage every Latvian euro coin that goes through his hands. Apparently, he hates these coins even more than I do.
Ieva Skrebele@#15:
Do you have any fun stories to keep me properly paranoid next time I board an airplane?
There’s a book by Charles Perrow called “normal accidents” – it’s a great read if you’re interested in failure of complex systems.
My favorite story in it is about the time that someone used the wrong screws to secure the frame around a commercial jetliner’s cockpit window. As they were coming in for a landing, the window blew out and the pilot was sucked partially out of his seat. The co-pilot landed the plane one-handed while hauling the pilot’s ankle. Perrow describes a bit of the investigation that happened after that one. You should also go find a story about the “Gimli Glider” and read that. Then board your next train to someplace with a big smile on your face.
The words are written in Latvian—“Dievs, svētī Latviju.”
Arrgh, I wasn’t thinking! Yeah. Well, a CNC milling machine could neatly remove the whole slogan and replace it with something better. Just incise the text. OH, hey, I know a guy who owns a 16 ton hydraulic press!
That sounds like a fun pastime.
I get paid a lot to do this. I’m really good at it, though. Yay, me.
I don’t find that interesting, but I’ll read Kernighan’s lecture. Co-author of my favourite non-physics textbook.
On looking around, are you sure you don’t mean Ken Thompson’s speech “Reflections on Trusting Trust“?
Looks worth reading anyway.
are you sure you don’t mean Ken Thompson’s speech “Reflections on Trusting Trust“?
You are correct. I brain-farted. That’s embarrassing as hell, too.
They’d still have to pay taxes in U.S. dollars. I’m not sure about U.S. statistics, but where I live barter exchanges are pretty common. Our government doesn’t care what people use for exchanging goods and services, because, at the end, taxes remain and they have to be paid in euros.
I just googled for it. This reminds me the story about the NASA Mars Climate Orbiter, which crashed because some engineers used metric units while others used the Imperial units.
I’ll check it out. This seems like the perfect book to read on a plane.
As for trains, I just googled for train accidents and found this list: https://en.wikipedia.org/wiki/List_of_rail_accidents_(2010%E2%80%93present) Holy crap! I had no clue that train accidents were so common.
Now this is tempting. I’d certainly love that!
Not to mention that as Bitcoin mining gets more expensive due to the basic way the system works, more and more of it is getting done by botnets. The time at which individuals could do much contribution is over.
(Also, didn’t somebody figure out a while back that you could essentially take over Bitcoin if you could get a group of people who owned between them a third of the blockchain, or something like that? The original creator had thought you’d need one person owning half, but it’s actually only a third; combine that with botnet or ‘professional’ mining, and it’s not impossible.)
I know someone who implemented telnet tunnelled through DNS so he could MUD past a firewall. (I may have mentioned that before.)
Back when I was in University, I took a Systems Design Engineering course on ‘Systems Reliability and Human Error’ where one of the things we had to do was write an essay comparing three different failures. I took events like the AT&T 1990 network crash, and an old ARPAnet-era routing problem where a dropped bit caused a sequence of three routing updates that played rock-paper-scissors with each other and ate all the bandwidth, and ran with the thesis that distributed system interactions were the cause of more failures now than single-point issues. They’re a lot harder to automate testing for, for one thing. And in a lot of cases the specification itself is the problem.
And I remember when the Gimli Glider happened. That was both quite a set of things that had to go wrong for it to happen in the first place, and an interesting set of things that had to go right for it to be as little of a disaster as it was.
For rail accidents… a friend of mine was in a train that got held up because it ran into a car. Nobody was hurt (the train barely noticed, and the guy in the car had already run off) but there still had to be an investigation. There’s still a fair bit of passenger rail traffic in Canada along the Quebec-Windsor corridor. I know I use it regularly, though more due to the lack of airport-grade security theatre than any worries about safety.
Unrelated to the current posting, but definitely something you’ve been interested in:
https://www.bloomberg.com/news/articles/2018-03-28/air-force-risks-losing-third-of-f-35s-if-upkeep-costs-aren-t-cut
I wonder how much effort the North Koreans are putting into using and/or manipulating Bitcoin. North Korea has long been accused of engaging in large scale counterfeiting of foreign currencies, so I would imagine they’d want to get in on the cryptocurrency fad.
In the first Season 3 episode of Rick and Morty, The Rickshank Rickdemption, Rick does that to the Galactic Federation.
What’s a bitcoin?
One eighth of a bytecoin?
timgueguen@#23:
I wonder how much effort the North Koreans are putting into using and/or manipulating Bitcoin. North Korea has long been accused of engaging in large scale counterfeiting of foreign currencies, so I would imagine they’d want to get in on the cryptocurrency fad.
I imagine everyone’s intelligence service is in on the fad.
ahcuah@#22:
Operating costs may force cutting 590 fighters, analysis finds
Half of support expenditures are spent on contractor support
Wow, headed right down the same trajectory as the F-22: too expensive to buy, too expensive to fly. So, to save costs, they started a whole new program. Thanks – now I have some “mind-boggling corruption” to read about with my breakfast.
Apologies for a late comment to this subject. I have been falling behind on my reading.
As a long-time lurker enjoying your content, I found your points on Bitcoin … confusing – as they don’t really match up with what (admittedly little) knowledge I have of of the subject. Attempting to address those points seems like a good opportunity for me to structure my thoughts and do a little additional research. Hopefully it might be educational for both of us.
A couple of disclaimers – English is not my native language, and I could need a bit more practice at writing long replies like this. Also I have not learned how to correctly manage formatting on FTB, so will be using simple quotations instead of the correct formatting of quotes. Aaand I see that even linebreaks are stripped, making it a rather long wall of text.
With that out of the way, let’s begin.
You write
“…the blockchain is append-only, which is sort of necessary for the how it works, but because there is no central brokerage, there’s no input validation process that prevents someone from just injecting their own garbage. From a security design perspective that is a “newb mistake” of the first water. It means that, if the blockchain weren’t so damn slow and irritating to use, it’d be a great free cloud syslog store. O brave new world, take my terabytes of junk!”
I agree, it is append-only. However, a key property / raison d’être of Bitcoin is to be a trustless and censor-resistant. Hence it must be decentralized, and having a “central brokerage” would not allow it to meet those goals. However, claiming that there is no input validation process seems to be at best misguided. A mining pool constructs a new block containing transactions. It could definitely include transactions that are invalid – but those transactions and the entire block would then need to be accepted by all the full nodes – and they would reject it. Some validation details can be seen here: https://en.bitcoin.it/wiki/Protocol_rules also a decent discussion here: https://www.reddit.com/r/Bitcoin/comments/4hv47u/transaction_validation_rules/
In effect, you could put up a node that accepted and propagated invalid blocks, but it would be rejected by other nodes, unless you could get a large enough number of nodes to accept your “protocol change”. This is basically what happened with Bitcoin Cash which forked off from Bitcoin, and allows larger blocks (Bitcoin blocks are limited to about 1.5 MB while BCH supports 8 MB blocks ).
So the garbage you can inject is limited. There are however ways to embed arbitrary data into transactions, as well as tooling to help you do so. The amount of data per transaction is limited – and in addition to being slow, it is not free to get your transaction into the blockchain. You pay in bitcoin, and the more traffic there is, the more you will have to pay to ensure that your transaction is included, or included in a timely manner. During intense activity in December of 2017, transaction costs skyrocketed to 34$ which would severly limit your terabytes of syslog on the blockchain (see https://arstechnica.com/tech-policy/2018/02/bitcoins-transaction-fee-crisis-is-over-for-now/ ). Also note that the total size of the bitcoin blockchain is on the order of 180GB in total for all transactions since 2009 till today.
Here https://fc18.ifca.ai/preproceedings/6.pdf is the research paper that looks in detail on how arbitrary data can be placed on the bitcoin blockchain, as well as their findings on data there, which includes a nude image of a young woman and many links to child pornography. It is an interesting point that many people have thought about – although I think some of the other blockchain projects are even more susceptible – such as Ethereum which has a much larger “repertoire” in the way of placing complex smart contracts on the chain. Others, such as Monero might be less susceptible due to both the use of encryption and less options for placing data.
“I lied, here’s another one: what happens to bitcoin if someone finds a flaw in SHA-256? Go on, think that one through. All the people who have bitcoin appear not to have.”
Can we rephrase this as “Cryptocurrencies will fail if the cryptography they are based on have critical flaws” ? Seems kind of akin to “water is wet” and “the sky is blue”. Also, the attack surface is larger than sha256. There is RIPEMD-160 and Elliptic Curve DSA on the curve secp256k1. Maybe more. Some good discussions on this can be found here: http://blog.ezyang.com/2011/06/the-cryptography-of-bitcoin/ and here: http://blog.ezyang.com/2011/06/bitcoin-is-not-decentralized/
My understanding is that if sha-256 is deemed to get closer to being insecure (like sha-1 has been shown to be https://www.schneier.com/blog/archives/2005/02/sha1_broken.html ), it will be possible to transition to sha-3. Not that it will be easy, but it will be possible.
Continuing on …
“You’d think that someone who was creating the next big currency would think about operational details like that. You’d think that someone who was creating the next big currency would think about security models. Nah. Bitcoin are worth a lot of money, though, so who cares?!”
Interestingly enough, since its launch in january 2009, bitcoin has been operational 24/7 and there has as far as I know to this date not been a single successful attack against the currency or any downtime. People have certainly lost money due to losing their private keys or due to malware, but I do not know of any successful attack against the bitcoin network / blockchain itself. And given the money involved, there is great incentive to attempt such attacks. Also – at its inception it was not worth hardly anything at all. While we are at it – did you read the whitepaper? It is only 7 pages: http://satoshinakamoto.me/bitcoin.pdf
“Raise your hand if you built your bitcoin wallet app from source after reviewing the source carefully and understanding everything that it’s doing. Because, if you didn’t, you’re probably running the special version of the wallet app that will wait until after a certain day, when you unlock it, and will transfer a few of your bitcoins to someone smarter than you.”
This is definitely a concern, and I think it would be hard to find many people who disagree with the currenct state of cryptocurrencies being a Wild West unregulated space with many adversarial entities and lots of different attack vectors to trip up the unsuspecting user. This is not very different from using other software, whether it comes from reputed vendors or is open source. Most of us do not and are incapable of performing this kind of verification. But in practice I have yet to hear of people having their cryptocurrency stolen from a reputable wallet retrieved safely from a reputable site. There has been some interesting discussions around this for example for the IOS wallet software for the Monero currency – the Android software being open source, can be compiled and installed as an application binary – you could compile it yourself and be fairly confident that it did what you expected. The IOS version however does not have this possibility, as it needs to go through the Apple verification process and they just did not find any way to unambiguously determine that the binary you installed from the App Store was indeed the unaltered version of the open source code available. Discussion here: https://www.reddit.com/r/Monero/comments/8c52yy/cakewallet_security_questions/ as well as here: https://www.reddit.com/r/Monero/comments/7uj0td/cake_wallet_open_source_here_it_is/
So I will contend that while your statement is basically true regarding individuals not having empirically verified all the software they use for this purpose, it is not something that is glossed over by the community. Au contraire, it is taken with the utmost seriousness. There is a reason why leading figures in the bitcoin community strongly advises people to use hardware wallets and cold storage (nonwithstanding the security issues you can think up regarding hardware wallets too). See for example https://www.youtube.com/watch?v=uYIVuZgN95M
“The idea that “they” are going to let bitcoin be the basis for a new economy that “they” don’t control is really funny. It’s actually funnier and stupider than the Texan gun nuts who think their personal small arms are going to let them defeat the US Imperial Military, when it turns on them with its jaws open and its teeth smoking with blood.”
I will concede that a lot of libertarians are somewhat … reality challenged, and they seem to have a special love for cryptocurrencies. But what is the idea behind bitcoin? In what context did it arise? What problem is it trying to solve?
Andreas states it somewhat succinctly here: https://www.youtube.com/watch?v=Cpj_P4Dp5kU
Frankly, given your mistrust in governments I would have expected you to have a more positive view of an attempt to create a currency that is not in the control of governments and that is uncensorable by the powers that be.
“AML is another cryptocurrency. Not to put too fine a point on it, the value of these cryptocurrencies is – questionable.”
I have not even heard about AML. And strongly agree regarding the – questionable valuation of most/all cryptocurrencies. My personal opinion is that almost every cryptocurrency is ultimately a worthless scam that is only riding on the hype. But Bitcoin and a few others seem to have a certain utility.
“But, basically, you should think of it as one of those “fiat currencies” that goldbugs like to complain about, except instead of the Federal Reserve Bank pulling the valuation out of thin air, it’s some guy in a hotel room in Panama, sshing into a server farm in Iceland, pulling the valuation out of thin air.”
I would say that the valuation is basically what people think it is. Which is not too far away from how a fiat currency works. Fundamental value? About the same as trading cards. A $100 dollar bill holds no value itself either – only through the certainty that I can turn around and spend it, gives it a value. And I can because the next person holds the same belief. Or you could say it is backed by the US Military Industrial Complex – but that would be a different rabbit hole. Ok moving on ..
“In case you didn’t notice the apple I hid in the razor blade above, the “could stuff syslog into the blockchain” bit points to a potential denial of service attack against the entire bitcoin ecosystem. Would you like a fun summer project: announce that you are going to bloat the blockchain to the point where it is unusable in real-time, unless someone pays you with some useful cash really soon.”
Again, this is not practically feasible with bitcoin as your throughput is limited to about 1.5MB block per 10 minutes. Yes you could spam the network with transactions – if you are willing to pay the growing fees to get your transactions into the blocks at the expense of others. Depending on the currency, some are more susceptible to this than others – with Electroneum being one that has experienced a LOT of spamming of transactions, since the fees are so low. The effect of this has mostly been to delay peoples transfer of ETN. So yes, DOS/DDOS is possible but difficult to pull off and costly against something like Bitcoin.
“If any of you dear readers are using bitcoin to do anything illegal, you might want to spare some thought for how to make it look like your ex-roommate or deceased spouse was the one doing it. Because if you’ve used bitcoin for an illicit transaction, you painted a great big neon target on your back.”
A lot of people did initially hold the erroneous belief that Bitcoin was indeed anonymous. At best it is pseudonymous, and the moment you pay bitcoin to someone, that someone also knows your address, and can look up and see all transactions putting bitcoin into or taking it out of your wallet. It is quite trivial to create a list of the richest bitcoin addresses for example: https://bitinfocharts.com/top-100-richest-bitcoin-addresses.html
And there are quite a few projects that have created tools to analyse transactions on the blockchain, certainly in use by law enforcement and intelligence agencies: https://www.deepdotweb.com/2018/01/02/using-bitcoin-transaction-analysis-deanonymizing-users-tor-hidden-services/
Bitcoin is at best pseudonymous (sp). Although it is not impossible to use it fairly anonymously, it would require you to obtain the bitcoin without leaving a trail. This can be done, but is quite hard for the average user.
There are however alternate curencies that specifically tackle the issue of being anonymous, by creative use of cryptography. I have already several times mentioned Monero, but there are a number of others as well.
bryanfeir writes: “Not to mention that as Bitcoin mining gets more expensive due to the basic way the system works, more and more of it is getting done by botnets. The time at which individuals could do much contribution is over.”
Well, yes and no. The basic way the system works is that there will be added one block to the blockchain on average every 10 minutes. This is managed by requiring the block contents + an increasing nonce value to create a sha-256 hash with enough leading zeroes. The number of leading zeroes required is the current “difficulty” and increases when the processing power available to calculate it increases (i.e. more computing power is added = block times go below 10 minutes = difficulty will be adjusted up to compensate and move block times back to around 10 minutes).
This also adds security – in that the amount of computing power needed to attack the network increases with the computing power used for the network. Assuming the cryptography is solid. And while the “time at which individuals could do much contribution is over” is somewhat true, it is quite wrong that more and more of it is getting done by botnets. Botnets utilize the available computing resources on end users and companies computers – which typically means CPU power. At what I could quickly determine, a Core i7-3930K might do 67 Mh/s. The current “gold standard” is the Bitmain Antminer S9 ASIC which does 14 000 Mh/s ( https://en.bitcoin.it/wiki/Mining_hardware_comparison )
So while bitcoin is not a prime target for botnets, there are other cryptocurrencies out there that do not so highly favor ASICs, and that can be mined on CPUs. The somewhat repetitive mention of Monero is one such currency, where there are no ASICs (partially because the code was recently changed in order to stop an emerging ASIC market). It can be mined somewhat profitably on generic CPUs – and is a prime candidate for botnets. It being anonymous also makes it far more difficult to trace the botnet earnings. But botnets for bitcoin mining? Highly doubtful.
I will end by saying that there has been entirely too much hype regarding both Bitcoin, altcoins and “blockchain”. Most of the altcoins and cryptocurrency tokens seem useless. Like the aptly named UET “Useless Ethereum Token” (yes, that is an actual cryptocurrency – https://coinmarketcap.com/currencies/useless-ethereum-token/ ) or Dentacoin that “aims at improving dental care worldwide and making it affordable through crowd power”. Cryptocurrency is unforgiving. There is no authority to appeal to, there are no “takebacks”. Well, except if you know Vitalik Buterin and can get him to hard fork to give you back your coins (see the DAO hack https://www.coindesk.com/understanding-dao-hack-journalists/ ). Where things like that can be done, it shows that the coin in question is pretty centralized. It would not work with Bitcoin.
Feel free to bash on Bitcoin, but let’s try to bash it for its actual weaknesses :)