Controversy Around Profitability of AltCoin Investment

There is a considerable controversy around whether investing in a balanced basket of cryptocoins is a good idea.

Two serious sources show that this sort of investment enjoys steady growth without a lot of downturns, cf. DLT10 Index and a recent detailed study which concentrates on a shorter period with excellent returns since Jan 2016.

A rebuttal paper is now published by Coindesk: over a period of a few years, bitcoin is claimed to outperform altcoins.

Oligarchy vs. Innovation

I would like to insist on the moral aspect of investment and what it means for the jobs in the technology sector.

By investing in medium-sized altcoins, we make blockchain better and bring a lot of innovation to the market:

  • smart contracts with Ethereum,
  • ring signatures with Monero,
  • zero-knowledge proofs with Zerochash,
  • monetary policy innovation with Bitshares,
  • etc..

37492118 - big black fish swallowing plenty of colorful fish of different sizes and colors. business or political concept of monopolistic company or union absorbed small companies. career concept of careerist who does not consider interests of his colleagues

By investing in bitcoin alone, we promote stagnation and poor technology which is barely trying to get better.

Bitcoin is the “Microsoft of cryptocurrency”, cf. interview by Dr Courtois in Nature, it has a toxic culture, it is now controlled by China, and it is simply sad that bitcoin will at times outperform its competitors.





Extended Deadline – Blockchain Research Competition – Blockchain Student Paper Competition – Cash Prizes, Job Openings

We encourage students and young researchers to submit their paper or their thesis work to our research competition.


winnerSubmissions are extended until 31 October.

Cash prizes will be awarded and winners will be invited to present their work at an international blockchain conference.

More details here and here and here and here is the submission link (some older announcements).

JOB OPENINGS: several companies (mostly from UK)  have contacted me: they would like to interview a selection of submitters for job and internships.

How Many 1024-bit Primes Have Backdoors?

So how did the NSA backdoored the Internet or did they???

New ground-breaking paper shows that DSA and DH mod P keys with 1024 bits are vulnerable to practical backdoors which can be exploited to break our secure communications.

Few highlights:

  • For such trapdoored primes the DL problem can be solved in 2 months by an academic cluster.
  • The work is quite technical and improves on Crypto’92 paper by Gordon.
  • New result is a lot stronger than recent work by Wong and Dorey-Chang-Fong-Essex where the number was not prime, which are also very common problems on the Internet.
  • There is no known detection method for such trapdoor primes, or not yet.
    • So if this sort of backdoor exists today, it is likely to remain hidden for yet some time.
    • However researchers have also found a handful of primes used on the Internet and which are backdoored in a trivial and detectable way.
  • There is a strong suspicion that many of currently used primes on the Internet are of dubious origin. We have lots of “opaque standardized” prime numbers used in many security standards.
    • For example 37% of the Alexa top 1M web sites use primes which are hardcoded in Apache and nobody knows if they are not trapdoored.
    • Similarly in May 2015, 56% of HTTPS handshakes have used a restricted set of primes which are controversial and many could be bugged.
  • The only plausible defense at this moment is provably random nothing-up-my-sleeve primes such as defined in TLS 1.3. and some other security standards.
  • It is also important to see that these problems concern primarily users and systems which do not apply latest NSA/NIST and other security recommendations (unhappily most people don’t).



This is a SPECTACULAR reversal for the recommendation given by Bruce Schneier in Sep 2013 after being given the privilege of examining the bulk of unpublished Snowden files:

  • “Prefer conventional discrete-log-based systems over elliptic-curve systems; the latter have constants that the NSA influences when they can”, see here.

The impact is also MUCH LARGER than with ECCs: a much larger part of the Internet communications is encrypted using “conventional discrete-log-based systems” than with ECCs (their share is about 10%).


UCL InfoSec Visit at Bletchley Park – 2 Oct 2016




Home Work

After a bombe demonstration by a WW2 veteran Ruth Bourne and BP bombe experts,
students have been asked to further study at home how Enigma was broken, see our hand-out.
More details can be found in our teaching materials “Enigma and Block Ciphers – 100 years of cryptanalysis with non-commutative combinations of permutations” which slides are studied in UCL COMPGA18/COMPM068 course Cryptanalysis.





Changing the Past of Ethereum – Not an Ordinary Divorce

Tomorrow 20 July Ethereum are going to invalidate more than 50M$ worth of Ethereum stolen by some rogue hacker group.
Congratulations to our community for this brave decision!

Support for this decision must be shown by all honest citizens of crypto space by upgrading ASAP geth.exe and mist wallets to the new version, for example now, and voting FOR THE FORK and against the illicit gains.


This will NOT be the end of the story, as people who do NOT agree will be operating their own fork of Ethereum. There is a lot of sympathy out there for this sort of organized hacker groups which exhibit a high level of skills and ability. So we will have TWO Ethereum blockchains: the normal official Ethereum blockchain and a darker less well supported version of it. We expect that starting from tomorrow both chains will operate. Or the old chain will operate for some time until it possibly declines [or not]. 


    1. Discarding the obsolete Ethereum clients not yet upgraded, will there be enough peers to support the second peer network which does not support the fork?
    2. Will some bitcoin exchange also list the “other” Ethereum coins???? Will the market share of Ethereum be divided in two separate market capitalizations? Will the supporters of dark forces actually succeed to steal some business from Ethereum???


A Messy Divorce

EDITED and ADDED 24-27 July 2016.

YES! We have the dark/old/orphaned/illegitimate Ethereum coins trading. Poloniex has started listing them under the name of ETC = Ethereum Classic. Also Bitfinex lists them.

  • On 24 July we had 1 ETC = 0.065 ETH. At this moment  the bounty was no longer worth 50M$ and it became 3M$ and it was quickly decreasing, it went down -85% in 24h.
  • On 26 July however the illegitimate Ethereum went up by 400% in ETH value. By 3PM UK time it raised to 0.23 ETH. The ETC trading volume on Poloniex has exceeded the ETH volume [and any other coin daily volume].
  • On 27 July the price of ETH has oscillated around 0.18 ETH which is remarkably close to the percentage of ETH holder who opposed the fork.

It is very difficult to explain what is going on here. Few points:

  • Initially, most of ETC are not those which belong to some hackers. Most holders of ETH also automatically have ETC and they will also be selling them in panic, possibly.
  • It is easy to see that most people who have these assets would NOT for some time realize that they have them, and they do not realize that they can sell them making some unexpected extra money and still keep their ETH. Most holders of ETH simply have not heard about a separate asset ETC that they now have and can sell it.
  • We expect increased criminal activity overall in ETH blockchain in the coming days, why, because in order to sell these assets as their price goes down rapidly, people have to unlock their wallets, dig out their private keys from cold storage, or type in passwords etc. Now these are the same private keys as in the main ETH blockchain, already more valuable, so just having lots of people trying to sell whatever is left of their ETC will be a juicy time period for hackers to steal these private keys and withdraw money from both sides.
  • Also replay attacks against ordinary ETH users are possible, cf. here.
  • ETC is an illegitimate clone of Ethereum which has essentially stolen some 20% of their market share from Ethereum developers and all people who work hard on FinTech applications of Ethereum. It is a sophisticated form of theft or free-riding which now went far beyond just stealing 50M$ from the DAO owners.
  • The question of who is buying these coins [90M$ volume in 24h] is a mystery.
  • ETC has at moments become very interesting for miners, as initially most miners deserted it and some could earn more. ETC is also at risk of 51% attack by miners in ETH community. Now in a space of hours the hash rate of ETC has increased so much that the risk is no longer taken seriously [which is rather a bet that miners are probably too good, or too naive, or not well organized enough to do such an ugly thing].
  • This shows that ETC exists because some wealthy miners and other important people support it. Many people were shocked to learn that Vitalik partly supports the fork, promises to tolerate it, and even gave some advice to the team which will support this fork from now on.

Remarks/Related: This older blog post by Dr. Courtois regarding a crypto currency divorce/splitting into two is cited, cf. pages 49 and 84, in a report by the British government Chief Scientific Adviser, Sir Mark Walport, “Distributed Ledger Technology: beyond block chain, here, 19 jan 2016.

Bitcoin Block Reward Halving

In a few minutes, cf. countdown, the amount of bitcoins attributed to each block mined will be divided by 2 in one single step. A rare event which happens once approximately every 4 years.


This is an artificial shock which is tolerated by the bitcoin community in the name of misplaced ideology that whatever was decided by Satoshi Nakamoto is brilliant and should not be changed.
However programming a sudden jump in a monetary policy of a crypto currency is a terrible engineering blunder and simply a very bad thing to have.


Does It Matter?

In the short term it will probably have positive effects:

  • The supply of freshly mined bitcoins will halve. If the demand for these bitcoins remains constant, the price of bitcoin should increase (!!!).
  • The unreasonable miner subsidy for each bitcoin transaction = the amount of money spent by miners to mine [frequently at a loss] in order to support bitcoin will decrease. Less “madness” means, well healthier bitcoin!

On Miner Subsidy

Bitctoin has this peculiar property that miners mine at a massive scale to support a relatively small payment network, compared to more traditional [centralized] payment systems.
Why did we call this madness???

They have never been in a human history a financial system in which each new transaction would require such incredibly large subsidy per transaction, imagine that I sent 10$ do someone using bitcoin. In order to make this transaction work miners have spent a few dollars mining. This is the cost for one single transaction to be included in the blockchain. This depending on its size in Kbytes, the current price of bitcoin, and block reward [to be divided by two now].

This is paid by newly created coins, or as some people have claimed by “debasement” of the currency. More coins means less value potentially for current coin holders. In fact NOT necessarily: the currency do actually appreciate because the bitcoin economy grows.

We could call this seigniorage cash flow or seigniorage income which pays for the network to function. The problem however is that it is quite expensive. It is a very unusual way to pay for a payment network to function here by mining, more or less for profit, or maybe rather at a loss. Seigniorage income is not a pure income without a cost, or income does not equal profits or net income after all expenses deduced. In fact the usual definition of seigniorage is the amount which is the difference between the money face value and the cost of its production. Here this difference is frequently negative [which is not totally unusual, for example many metallic coins are manufactured at a loss by central banks, they cost more to manufacture than the face value]. However someone must pay the bill, there are here questions of altruism, [positive] externalities and hidden subsidies in the crypto currency economy.

Long Term Effects?

Eventually the effect of this is probably a decline of bitcoin in the medium and long term. Why?

  • A system with such incredibly large subsidies as explained above poses serious questions about their sustainability.
  • Many other properties of bitcoin are SELF DEFEATING: they are toxic to bitcoin and its adoption.
  • For example volatility implied by sudden shocks such as current block halving, while the halving could be much more gradual, see Section 13 of this paper.
  • Lack of serious protections against 51% attacks and simply bad engineering is THE primary reason why bitcoin is slow. It is because of the risk [real or perceived] that people have to wait for many confirmations to accept payments in bitcoin. Bitcoin is not quite yet the Internet of Money, it is the “Horse Carriage of money”  [said in the interview by Dr. Courtois for the Financial Times in 2014]. 
  • Decline in miner income means that miners will be tempted to increase the fees to restore the profitability of mining operations. Increased fees means that people will prefer to use another crypto currency because of lower fees.
  • The hash rate is expected to be divided by 2 overnight. Smaller hash rate means 51% attacks will be undeniably easier to execute and confidence in bitcoin could drop. It would be a good moment for bitcoin competitors to get some serious traction.

Hash Rate and 51% Attacks

An interesting question is: Will bitcoin hash rate be divided by two tomorrow?? This would be natural if miners were rational and miner profitability tended to some sort of equilibrium.

We are holding our breath. It can followed in real time here.

In the past the author of this blog has predicted that the hash rate of Dogecoin will be divided by 2 overnight, and this is exactly what happened, in fact it happened in the space of hours, actually it has happened MORE THAN ONCE, and exactly as predicted, in April 2014 and later, see Section 11.4 in this paper and here and here is a video.

BTW. The exact rule is NOT that it will be exactly divided by 2, but it has been a good approximation in the past.

To Decline or Not To Decline

Bitcoin and many other crypto currencies have been genetically programmed to self-destruct. This is undeniable, see this paper.

This “programmed” decline on bitcoin could be very slow and take 10-20 years.

But it could be also very fast, just because miners who are wealthy people with a lot of power influence, will simply decide to mine another crypto currency which is more reasonable [less “anomalous“] or more technologically advanced than bitcoin or simply faster, e.g. Ethereum.

On Strength of Bitcoin

However again, bitcoin is a DOMINANT crypto currency, and as such it will have a tendency to avoid the decline or not to decline. Bitcoin is the Microsoft of cryptocurrency. It enjoys a position of a natural monopoly with lots of positive externalities. A comfortable position which also makes bitcoin does not need to be particularly good at their business, just “good enough” [Antonopoulos LA bitocin meetup]. Some level of madness, or inability to reform/change/improve will not erode its dominant position. Other people need to work very hard to bring innovations and improvements to market, bitcoin doesn’t need to(!). It can cynically adopt them later when they mature.

For a longer discussion of the questions whether bitcoin is exempt from the “programmed decline” which is in the DNA of bitcoin, yet potentially the “dominant position effect” is yet stronger, we refer to Section 12 of our older paper.


DAO – Record Breaking Theft Worth 5OM$

Some 50 millions of dollars have been stolen from DAO token holders (including myself). The DAO is by the way, claimed to be closing [Tual]. Closing or not, it remains a smart contract which should allow DAO holders to get some of their initial ethers back.

Now can the thief spend his Ethers without being caught (for now locked until 14 July)? Or will community agree to simply invalidate these tokens (hard fork or/and a decision by 51% of ETH miners)?


A person claiming to be the thief himself have made a public statement explaining that [after consulting a law firm] given the DAO official rules, the money is rightfully theirs. The thief claims that the DAO was intentionally designed to allow this sort of action. Moreover he threatens legal action against Ethereum programmers or DAO curators, if they decided to invalidate his tokens. Lawyers don’t really agree: “code vulnerability doesn’t equal consent”, and “criminal laws may have been broken”.  

Now the thief [apparently a group of people] decided to oppose any such fork by another method: they announced that they will basically PAY the ETH miners to oppose the fork. They have lots of ETH to do so. It looks like some highly skilled gangsters are trying to see if it is possible to corrupt ETH community from the within and with cash. Will they succeed?







Comparison of R&D Expenses in Different Countries

octopusglobeWe have heard about the CIA/NSA Uber Apple/Google/Facebook, food industry, rampant imperialism which emanates from a handful of countries… and how these forces corrupt politicians and business circles in many other countries.

Well actually in many cases it is self-inflicted misery. In many cases it is politicians and business people who run these countries do not want them to have a future.

For example it is interesting to compare how much different countries spend on R&D, this in percentage of GDP. In many countries, they spend such a tiny portion of their own money on giving themselves a future, so that they compromise their future. It is clearly NOT true that they have no money. Politicians are not just corrupted, they ask to be corrupted and they send their children to live abroad. Some countries want to be miserable. Tomorrow, in the best case they will be slaves working for people from other countries, or simply unemployed and under-developed.

Here are some figures selected from world bank stats on the GDP percentage different countries spent on R&D [public+private combined].

  • Mongolia 0.2% Pakistan 0.3%
  • Belarus, Bulgaria 0.70% Ukraine,Greece 0.8%
  • Poland, Turkey 0.9% [slides about Polish cryptography]
  • Brazil, Russia 1.1%
  • Portugal 1.4%
  • Canada, UK 1.6%, and UK gets lots from the EU
  • Czech Rep. 1.9% China 2.0%
  • Australia, France, Belgium, Estonia 2.3%
  • Austria 2.7% Germany 2.80%
  • Sweden 3.2% Japan 3.4% Finland 3.6%
  • Korea 3.8% Israel 4.1%


Is Computer Security a Pseudo Science?

A major paper trying to explain why security experts have so frequently failed. secure_insecure


Cormac Herley: The Unfalsifiability of Security Claims paper /slides.

It starts with a great classic, Karl Popper philosophy of science which would be the basis to say “security” is some sort of pseudo-science. We read that “there is no empirical test that allows us to label an arbitrary system (or technique) secure”.


I thought the same for the last 20 years, but in fact, well, possibly there is one.

As long as MONEY is stored in computer systems in terms of private keys [e.g. bitcoins] it is that either these bitcoins will be stolen OR the system is secure or secure enough [for short or medium term]. This combined with reputation of vendors, developers and scientists could win us the repeated game: achieve secure systems.

One problem however is that reputation of these people is at all times low due to the Snowden scandal. We are today more relucant to trust experts and vendors.

Here come bets, crypto challenges and prediction markets. It is one thing to claim that something is secure, another thing is to bet money on it. The problem maybe is that until now experts and developers had no incentive to get it right or to be right. Many have been corrupted or manipulated to give wrong security advice. Bad security advice and misplaced priorities has in my opinion been the primary activity for decades, in bitcoin, linux, mainstream crypto community, etc.

Bad News?

Going back to the paper the author also claims that “errors accumulate” and that we can be even “blind to danger”… Interesting.

  • Yes, most people who use bitcoins, ignore blissfully what is secp256k1. Even experts do not know how dangerous it is to use this curve.
  • Waiting for the next security scandal. As I was writing these words, some 50M$ have been stolen from DAO token holders.