My Position on UCL Strike

A large number of UCL academics have yesterday started a strike lasting up to 4 weeks. These people are sacrificing their salary [UCL will cut their pay down] and there is a strong support for the strike. The strike is organised on the premises that our employer, UCL, are cutting down their pension contributions or ending guaranteed income schemes and replacing by those which are more like investments, without guaranteed returns. How interesting.

So why I am not on strike?

I definitely do not support UCL cutting down their contributions, and do I do not think that UCL management are our friends and have good intentions.

However I am against this strike on ideological grounds.

I do NOT support our pension schemes at all. It is quite naive to believe that generous pensions are our friend. I believe that employers and governments should spend money on creating new positions for senior people rather than on pensions. Offering employees generous pension benefits is nice isn’t it? Or is it about trying to get rid of them? I believe that most current pension systems are perverse, stupid and need reform. They are about ejecting people from social and economic niches or positions which they occupy, under the pretext that they are old. We are offered some income or compensation, if we retire. Is it a gift, a bribe or a trap? Retirement is not necessarily a good thing: people who retire early seem to live shorter lives. I am against pensions which redistribute money. I think that  we need to give older people more than just money: dignity, freedom, power, and capacity to be active contributors to the economy and the society.

How to Recover Your Coins Lost due to ViaCoin Multisig Bug

In November 2017, users have lost 300 M$ in Ethereum due to a bug in Parity wallet multisig features.

At this moment the history repeats with ViaCoin: There is a serious bug in Windows ViaCoin 2.8.3. wallet found here and available since April 2017. As a world premiere, here is the solution!

How to Recover Coins Lost

This software has been used since April 2017, the bug is now in the wild and potentially anyone using Vialectrum under windows and sending to a multisig address will lose money.

HOWEVER the coins can be recovered. For this one needs to follow the following steps:

  1. Build the dev version from sources (tried and worked under Ubuntu 16) as explained here.
    • Notes: make sure that Python3.4 or later not Python or Python 2.7.3. is used, together with git, pip3 and all the suitable packages such as setuptoools, are installed. For example “pip3 install –upgrade pip setuptools”. However it is normal that Python 2.7.3. is still present and it should not be removed. Now running “python3 — version” should produce sth like Python 3.4 or later. If  stuck with Python 3.2. in spite of reinstall, see general instructions for upgrading Python and try to uninstall and reinstall Python 3 while keeping Python 2 in place (apt-get remove vs apt-get install).
    • If problem with aes.h or similar files are reported missing, try things such as install OpenSSL or libssl through either “sudo apt-get install libsssl-dev” or “sudo apt-get install openssl”, no harm.
  2. Then run the dev gui by typing “./vialectrum”.
  3. Then create a new multisig wallet, for example 2 out of 4 with any mix of xpub, recovery seeds or xpriv exported from faulty Windows wallets.
  4. From this wallet one should be able to spend the coins lost. Just send them anywhere!
  5. This solution was tested and works.

The main developer romanoRNR has promised to release new corrected Windows distribution within days.

 

 

 

Bitcoin Crazy Ride Hits Wall Street

It is a big success for bitcoin and coincides with an incredible price rally where bitcoin has accomplished in 2017. In first days of 2017, bitcoin was worth 1000$. 5 months later in May it was at 2000$, 3 months later in August it was at 4000$, and after another 3 months in November it was at 8000$. Then it has accelerated and doubled in 2 weeks reaching the whereabouts of 16,000 $ now. We see that bitcoin price has grown way faster than exponentially! At the end bitcoin+competitors are now worth more than Facebook.

Now beware bitcoiners. The evil empire will now strike back. This is precisely the whole point of the futures market. Previously most investors would either buy bitcoins, or abstain (and maybe regret that they didn’t buy bitcoins). Now more traders than ever will trade both ways: many traders will now be able to short bitcoin and profit when the price goes down!!!

Overall many commentators say that the existence of bitcoin futures markets will rather not decrease but BUT increase bitcoin’s volatility making it maybe a weapon of financial mass destruction (Buffet). These comments are particularly visionary for bitcoin. If in traditional markets you already have the cyber security question, these questions are more likely to bite in bitcoin. There are huge risks bitcoin collapsing very badly due to a bug or a backdoor or a large cyber attack on P2P network, software and hardware ecosystem, deposits kept on exchanges, or on miner pools. In bitcoin, some catastrophic events is what is bound to happen, or is very likely, just listen to John McAffee. The show must go on.

 

XYZ and Saving an Extremely Rare Enigma Machine

Public donations are sought by Pilsudski Institute in London.

The most prominent host of the institute is an extremely rare WW2 Enigma machine. This machine was made in France during WW2 to assist Polish code breakers in their daily code-breaking tasks [done in close collaboration with Bletchley Park, UK]. Only two such machines exist, see here for more details.

 

 

 

This unique collaboration of the intelligence services of France(X), Britain(Y) and Poland(Z), was one of the most significant but also most secret success stories which have made WW2 Victory possible. A new book by Dermot Turing “X,Y&Z, the real story of how Enigma was broken” will be published in 2018. It will reveal new facts based on recently declassified French WW2 archives.

 

Storm is Brewing Over Bitcoin Future

If you read recent media reports about future of bitcoin, you wonder what is going on.
For sure it is NOT clear which software or which blockchain we will be calling the “true” or “real” bitcoin in the future.

Here is a selection of citations, all very recent, and all about the fork expected to happen on approximately 16 November 2017 (updated: no longer happening, was postponed now):

  • Many people and companies have withdrawn their support for SegWit2x bitcoin and the so called New York agreement is not widely accepted.
  • Bitcoin developers claim that Bitcoin SegWit2x will be just another altcoin:
    • they “don’t think Segwit2x will succeed in its attempt to become the main bitcoin blockchain” see here.
  • Horror stories are told (as we read here):
    • SegWit proponents have  refused “to enact replay protection”
    • “the loss of funds for many users on the network will literally be unavoidable”
    • this is claimed due to “accidental replay spending, replay attacks and sudden and widespread incompatibility between various software and services”.
  • Forbes says that bitcoin is at the edge of destruction.


We have known since for so many years. Self-inflicted misery, turf wars between developer and stake holder fractions, etc. Forbes reports about what is going on in the social and developer media: “a toxic stew of name-calling, trolling, bullying, blocking and threats”. The community has “hard forked”, this  “politically and ideologically” and  “by censorship“.

NOTE:
I will now offer an independent “conspiracy theory style” explanation while this [yet another] battle of industry standards is fought so bitterly. The point is that on this planet, crypto standards ARE expected to bugged/insecure, work against the cautious advice from academics, or/and serve special interests. The question is about ending the sordid monopoly of current bitcoin developers on dictating dodgy crypto standards to govern blockchain technology at large. Until now bitcoin have been held hostage by particular highly controversial cryptography solutions as ECDSA+SHA256+secp256k1. What went wrong on bitcoin crypto front so far? Almost everything:

  • These things are contorversial wrt best practices in crypto engineering and are not universally accepted: no one outside bitcoin community uses this strange crypto suite. Not a single bank card, not a single TLS transaction on the Internet, not a single ID card, electronic passport, etc etc.
  • The reputation of secp26k1 is very bad, it should never by used by anyone. Is it not recommended by NSA, NIST, SEC, Microsoft, BSI, NATO etc. Not a safe curve etc…
  • We need to recall that ECDSA signatures has become popular only because in the old times, Schnorr has patented his signature scheme, which patent has however expired in 2008.
  • SHA256 is also a problem: the security of SHA256 has never been seriously evaluated in academic crypto research [100 times more effort was spent studying SHA1] and therefore we should expect some nasty surprises here as well.
  • We have seen that bitcoin developers have been actively suppressing better crypto alternatives and people who promote crypto upgrades.
  • In contrast – unlike current bitcoin crypto –  Schnorr signatures are provably secure AND do not suffer from malleability problems and are also secure against repeated random attacks.
  • Segregated witness allows to make blockchain more compact with lower fees AND will also make future crypto upgrades safer and easier with script versions and soft forks. It will also make blockchain validation easier/faster.

UPDATES:

Few days after this was written, on 9 nov, the date of the bitcoin fork has been postponed. Within 24 hours the market price of BT2X on HitBTC has fallen from levels above 1000 USD and have reached and stabilized at levels below 200 USD.

 

UCL InfoSec Visit at Bletchley Park – Friday 29 Sept 2017

Our trip took place 29 Sept 2017.  Some 32 UCL students participated.

20161002_122243

Students have explored the past in order to find role models for the future.

 

 

 

 

 

Due to large numbers, we have split into two groups for a guided Bletchley Park tour, and also had assisted at two bombe demonstrations.

 

 

 

 

 

Home Work:

Students have been asked to further study at home how Enigma was broken, see back side of our hand-out.

More details can be found in our teaching materials “Enigma and Block Ciphers – 100 years of cryptanalysis with non-commutative combinations of permutations” which slides are studied in UCL COMPGA18/COMPM068 course Cryptanalysis. After our trip many students have asked to do GA18, and unhappily we have run out of space [the course is currently oversubscribed]. z

Acknowledgments: I would like to thank prof. Angela Sasse for financial and moral support for this event, and also for organizing previous events.

ICOs – The Good and the Ugly

In the recent crazy wave of ICOs we hear every day that investors should be warned and there are lots of scams or that it is unlikely that ICOs can deliver.
So the question is how do you tell apart a “good ICO” from a bad one?
It is a difficult question, but let us look at some examples.

Some ICOs possibly need NOT to be advertised and do not seek excessive publicity.

  • For example a French Internet domain trading/auction company DomRaider which is a well established business which already employs 33 people full time including 10 blockchain developers, has sold more than 75% of their DRT coins BEFORE the ICO started, in the pre-sale. Without making too much noise, for expert investors only. The public sale has now started also yesterday, and TV commercials are also planned, but there aren’t too many coins left.
  • Another currently ongoing ICO Enigma Catalyst, has allocated pre-sale investors less coins that they have asked for, and informed them by email that they should not sent more money than they are allowed to. And investor could only buy tokens during few hours. Now it is too late to buy any.

The common pattern in these ICOs is that they are not too aggressive trying to sell as many coins as possible.

Here Comes the Dubious ICO

In contrast, several ICOs were advertised widely and many of these, honestly, look dubious.
First we should ignore all ICOs announcements received by email we have not asked for. 99.9% will be  scams. Then there are those which seem to attract unreasonable amounts against all logic.

For example EOS have employed an aggressive sale technique: the sale expires today! Recently they behaved more honestly than before and now they put “Period 76” in big letters. Previously it was different. It was advertised widely and had some good press coverage and they raised nearly 200 million of USD in a few days. For a long time their communication looked like, well they are deliberately trying to abuse the naive investors. Every day their website looked at at this is a unique opportunity to buy tokens which is going to end soon; with a clock ticking…

 

Then EOS got assassinated in one Financial Times blog for “a remarkable feat of salesmanship” – selling tokens which simply do NOT offer anything:  they do not even confer the investors “any rights, uses, […] functionalities or features” w.r.t. the EOS software platform under development, and it is not clear what actually they offer [some sort of access rights for the platform?]. Now I am not sure have many investors have actually heard about this FT report. What really surprises me that even today EOS is raising MORE than 1 million dollars per day from investors. Are investors blind and deaf and not reading the press, or is EOS so valuable and people who buy them surely know what they are doing?

 

Declaration of conflict of interest:
The author of this post holds some of crypto coins cited here. He has also been approached by DomRaider in order to become their advisor.

 

Bitcoin Network Recovery – $40 Billion Of Self-Inflicted Damage

After 1 month of acute crisis the bitcoin network is finally operating more or less normally. Imagine that you went to a station in rush hour and it took you 1 month to get home due tube or rail network jamming. This is exactly what happened to bitcoin in the last 2-3 months, and which is shown on this graph:

 

 

 

 

 

 

 

 

 

This is simply network saturation due to increasing demand and activity, rather than spamming as reported by some.

For example on 8 May 2017 I have created a sample transaction for about 600 USD, not a small amount, and using a standard Android app with default settings. This transaction tool exactly 1 month to be approved by the bitcoin network. The graph shows that millions of other transactions have known a similar sort and a lot of bitcoin users have seen their transactions delayed (for days and weeks). Moreover, on some days blockchain.info even forgot about this transaction which he knew about on previous day.  This means that maybe the backlog was higher than the curve above shows as clearly blockchain.info does not or did not record the bitcoin transactions accurately.

So it SEEMS that bitcoin has recovered?

This comes at INCREDIBLY high cost. During same last 3 months period the bitcoin dominance went down from 80% down to 40%. This is like losing 40 Billion dollars of business revenue at today’s prices!!! Bitcoin has lost half of its business in less than 3 months!

All this is of course self-inflicted damage because the reforms which were already in “final testing stage” (!) 1 year earlier are not quite yet implemented.

 

Post-Quantum RSA

A very detailed study showing that RSA can be re-engineered in order to remain practical, yet it will no longer be broken by a quantum computer. The essence of the proposal is a multiple-prime RSA with great many 4096-bit primes and with 1 Terabyte public key. A significant potential weakness [for which however there is no attack so far] is the use of small public exponent e=3.