Changing the Past of Ethereum – Not an Ordinary Divorce

Tomorrow 20 July Ethereum are going to invalidate more than 50M$ worth of Ethereum stolen by some rogue hacker group.
6773434_s
Congratulations to our community for this brave decision!

Support for this decision must be shown by all honest citizens of crypto space by upgrading ASAP geth.exe and mist wallets to the new version, for example now, and voting FOR THE FORK and against the illicit gains.

Remarks

This will NOT be the end of the story, as people who do NOT agree will be operating their own fork of Ethereum. There is a lot of sympathy out there for this sort of organized hacker groups which exhibit a high level of skills and ability. So we will have TWO Ethereum blockchains: the normal official Ethereum blockchain and a darker less well supported version of it. We expect that starting from tomorrow both chains will operate. Or the old chain will operate for some time until it possibly declines [or not]. 

Questions:

    1. Discarding the obsolete Ethereum clients not yet upgraded, will there be enough peers to support the second peer network which does not support the fork?
    2. Will some bitcoin exchange also list the “other” Ethereum coins???? Will the market share of Ethereum be divided in two separate market capitalizations? Will the supporters of dark forces actually succeed to steal some business from Ethereum???

 

A Messy Divorce

EDITED and ADDED 24-27 July 2016.

YES! We have the dark/old/orphaned/illegitimate Ethereum coins trading. Poloniex has started listing them under the name of ETC = Ethereum Classic. Also Bitfinex lists them.

  • On 24 July we had 1 ETC = 0.065 ETH. At this moment  the bounty was no longer worth 50M$ and it became 3M$ and it was quickly decreasing, it went down -85% in 24h.
  • On 26 July however the illegitimate Ethereum went up by 400% in ETH value. By 3PM UK time it raised to 0.23 ETH. The ETC trading volume on Poloniex has exceeded the ETH volume [and any other coin daily volume].
  • On 27 July the price of ETH has oscillated around 0.18 ETH which is remarkably close to the percentage of ETH holder who opposed the fork.

It is very difficult to explain what is going on here. Few points:

  • Initially, most of ETC are not those which belong to some hackers. Most holders of ETH also automatically have ETC and they will also be selling them in panic, possibly.
  • It is easy to see that most people who have these assets would NOT for some time realize that they have them, and they do not realize that they can sell them making some unexpected extra money and still keep their ETH. Most holders of ETH simply have not heard about a separate asset ETC that they now have and can sell it.
  • We expect increased criminal activity overall in ETH blockchain in the coming days, why, because in order to sell these assets as their price goes down rapidly, people have to unlock their wallets, dig out their private keys from cold storage, or type in passwords etc. Now these are the same private keys as in the main ETH blockchain, already more valuable, so just having lots of people trying to sell whatever is left of their ETC will be a juicy time period for hackers to steal these private keys and withdraw money from both sides.
  • Also replay attacks against ordinary ETH users are possible, cf. here.
  • ETC is an illegitimate clone of Ethereum which has essentially stolen some 20% of their market share from Ethereum developers and all people who work hard on FinTech applications of Ethereum. It is a sophisticated form of theft or free-riding which now went far beyond just stealing 50M$ from the DAO owners.
  • The question of who is buying these coins [90M$ volume in 24h] is a mystery.
  • ETC has at moments become very interesting for miners, as initially most miners deserted it and some could earn more. ETC is also at risk of 51% attack by miners in ETH community. Now in a space of hours the hash rate of ETC has increased so much that the risk is no longer taken seriously [which is rather a bet that miners are probably too good, or too naive, or not well organized enough to do such an ugly thing].
  • This shows that ETC exists because some wealthy miners and other important people support it. Many people were shocked to learn that Vitalik partly supports the fork, promises to tolerate it, and even gave some advice to the team which will support this fork from now on.

Remarks/Related: This older blog post by Dr. Courtois regarding a crypto currency divorce/splitting into two is cited, cf. pages 49 and 84, in a report by the British government Chief Scientific Adviser, Sir Mark Walport, “Distributed Ledger Technology: beyond block chain, here, 19 jan 2016.

Bitcoin Block Reward Halving

In a few minutes, cf. countdown, the amount of bitcoins attributed to each block mined will be divided by 2 in one single step. A rare event which happens once approximately every 4 years.

shootst

This is an artificial shock which is tolerated by the bitcoin community in the name of misplaced ideology that whatever was decided by Satoshi Nakamoto is brilliant and should not be changed.
However programming a sudden jump in a monetary policy of a crypto currency is a terrible engineering blunder and simply a very bad thing to have.

 

Does It Matter?

In the short term it will probably have positive effects:

  • The supply of freshly mined bitcoins will halve. If the demand for these bitcoins remains constant, the price of bitcoin should increase (!!!).
  • The unreasonable miner subsidy for each bitcoin transaction = the amount of money spent by miners to mine [frequently at a loss] in order to support bitcoin will decrease. Less “madness” means, well healthier bitcoin!

On Miner Subsidy

Bitctoin has this peculiar property that miners mine at a massive scale to support a relatively small payment network, compared to more traditional [centralized] payment systems.
Why did we call this madness???

They have never been in a human history a financial system in which each new transaction would require such incredibly large subsidy per transaction, imagine that I sent 10$ do someone using bitcoin. In order to make this transaction work miners have spent a few dollars mining. This is the cost for one single transaction to be included in the blockchain. This depending on its size in Kbytes, the current price of bitcoin, and block reward [to be divided by two now].

This is paid by newly created coins, or as some people have claimed by “debasement” of the currency. More coins means less value potentially for current coin holders. In fact NOT necessarily: the currency do actually appreciate because the bitcoin economy grows.

We could call this seigniorage cash flow or seigniorage income which pays for the network to function. The problem however is that it is quite expensive. It is a very unusual way to pay for a payment network to function here by mining, more or less for profit, or maybe rather at a loss. Seigniorage income is not a pure income without a cost, or income does not equal profits or net income after all expenses deduced. In fact the usual definition of seigniorage is the amount which is the difference between the money face value and the cost of its production. Here this difference is frequently negative [which is not totally unusual, for example many metallic coins are manufactured at a loss by central banks, they cost more to manufacture than the face value]. However someone must pay the bill, there are here questions of altruism, [positive] externalities and hidden subsidies in the crypto currency economy.

Long Term Effects?

Eventually the effect of this is probably a decline of bitcoin in the medium and long term. Why?

  • A system with such incredibly large subsidies as explained above poses serious questions about their sustainability.
  • Many other properties of bitcoin are SELF DEFEATING: they are toxic to bitcoin and its adoption.
  • For example volatility implied by sudden shocks such as current block halving, while the halving could be much more gradual, see Section 13 of this paper.
  • Lack of serious protections against 51% attacks and simply bad engineering is THE primary reason why bitcoin is slow. It is because of the risk [real or perceived] that people have to wait for many confirmations to accept payments in bitcoin. Bitcoin is not quite yet the Internet of Money, it is the “Horse Carriage of money”  [said in the interview by Dr. Courtois for the Financial Times in 2014]. 
  • Decline in miner income means that miners will be tempted to increase the fees to restore the profitability of mining operations. Increased fees means that people will prefer to use another crypto currency because of lower fees.
  • The hash rate is expected to be divided by 2 overnight. Smaller hash rate means 51% attacks will be undeniably easier to execute and confidence in bitcoin could drop. It would be a good moment for bitcoin competitors to get some serious traction.

Hash Rate and 51% Attacks

An interesting question is: Will bitcoin hash rate be divided by two tomorrow?? This would be natural if miners were rational and miner profitability tended to some sort of equilibrium.

We are holding our breath. It can followed in real time here.

In the past the author of this blog has predicted that the hash rate of Dogecoin will be divided by 2 overnight, and this is exactly what happened, in fact it happened in the space of hours, actually it has happened MORE THAN ONCE, and exactly as predicted, in April 2014 and later, see Section 11.4 in this paper and here and here is a video.

BTW. The exact rule is NOT that it will be exactly divided by 2, but it has been a good approximation in the past.

To Decline or Not To Decline

Bitcoin and many other crypto currencies have been genetically programmed to self-destruct. This is undeniable, see this paper.

This “programmed” decline on bitcoin could be very slow and take 10-20 years.

But it could be also very fast, just because miners who are wealthy people with a lot of power influence, will simply decide to mine another crypto currency which is more reasonable [less “anomalous“] or more technologically advanced than bitcoin or simply faster, e.g. Ethereum.

On Strength of Bitcoin

However again, bitcoin is a DOMINANT crypto currency, and as such it will have a tendency to avoid the decline or not to decline. Bitcoin is the Microsoft of cryptocurrency. It enjoys a position of a natural monopoly with lots of positive externalities. A comfortable position which also makes bitcoin does not need to be particularly good at their business, just “good enough” [Antonopoulos LA bitocin meetup]. Some level of madness, or inability to reform/change/improve will not erode its dominant position. Other people need to work very hard to bring innovations and improvements to market, bitcoin doesn’t need to(!). It can cynically adopt them later when they mature.

For a longer discussion of the questions whether bitcoin is exempt from the “programmed decline” which is in the DNA of bitcoin, yet potentially the “dominant position effect” is yet stronger, we refer to Section 12 of our older paper.

 

DAO – Record Breaking Theft Worth 5OM$

Some 50 millions of dollars have been stolen from DAO token holders (including myself). The DAO is by the way, claimed to be closing [Tual]. Closing or not, it remains a smart contract which should allow DAO holders to get some of their initial ethers back.

Now can the thief spend his Ethers without being caught (for now locked until 14 July)? Or will community agree to simply invalidate these tokens (hard fork or/and a decision by 51% of ETH miners)?

wolf43

A person claiming to be the thief himself have made a public statement explaining that [after consulting a law firm] given the DAO official rules, the money is rightfully theirs. The thief claims that the DAO was intentionally designed to allow this sort of action. Moreover he threatens legal action against Ethereum programmers or DAO curators, if they decided to invalidate his tokens. Lawyers don’t really agree: “code vulnerability doesn’t equal consent”, and “criminal laws may have been broken”.  

Now the thief [apparently a group of people] decided to oppose any such fork by another method: they announced that they will basically PAY the ETH miners to oppose the fork. They have lots of ETH to do so. It looks like some highly skilled gangsters are trying to see if it is possible to corrupt ETH community from the within and with cash. Will they succeed?

 

 

 

 

 

 

Comparison of R&D Expenses in Different Countries

octopusglobeWe have heard about the CIA/NSA Uber Apple/Google/Facebook, food industry, rampant imperialism which emanates from a handful of countries… and how these forces corrupt politicians and business circles in many other countries.

Well actually in many cases it is self-inflicted misery. In many cases it is politicians and business people who run these countries do not want them to have a future.

For example it is interesting to compare how much different countries spend on R&D, this in percentage of GDP. In many countries, they spend such a tiny portion of their own money on giving themselves a future, so that they compromise their future. It is clearly NOT true that they have no money. Politicians are not just corrupted, they ask to be corrupted and they send their children to live abroad. Some countries want to be miserable. Tomorrow, in the best case they will be slaves working for people from other countries, or simply unemployed and under-developed.

Here are some figures selected from world bank stats on the GDP percentage different countries spent on R&D [public+private combined].

  • Mongolia 0.2% Pakistan 0.3%
  • Belarus, Bulgaria 0.70% Ukraine,Greece 0.8%
  • Poland, Turkey 0.9% [slides about Polish cryptography]
  • Brazil, Russia 1.1%
  • Portugal 1.4%
  • Canada, UK 1.6%, and UK gets lots from the EU
  • Czech Rep. 1.9% China 2.0%
  • Australia, France, Belgium, Estonia 2.3%
  • Austria 2.7% Germany 2.80%
  • Sweden 3.2% Japan 3.4% Finland 3.6%
  • Korea 3.8% Israel 4.1%

 

Is Computer Security a Pseudo Science?

A major paper trying to explain why security experts have so frequently failed. secure_insecure

 

Cormac Herley: The Unfalsifiability of Security Claims paper /slides.

It starts with a great classic, Karl Popper philosophy of science which would be the basis to say “security” is some sort of pseudo-science. We read that “there is no empirical test that allows us to label an arbitrary system (or technique) secure”.

Really?

I thought the same for the last 20 years, but in fact, well, possibly there is one.

As long as MONEY is stored in computer systems in terms of private keys [e.g. bitcoins] it is that either these bitcoins will be stolen OR the system is secure or secure enough [for short or medium term]. This combined with reputation of vendors, developers and scientists could win us the repeated game: achieve secure systems.

One problem however is that reputation of these people is at all times low due to the Snowden scandal. We are today more relucant to trust experts and vendors.

Here come bets, crypto challenges and prediction markets. It is one thing to claim that something is secure, another thing is to bet money on it. The problem maybe is that until now experts and developers had no incentive to get it right or to be right. Many have been corrupted or manipulated to give wrong security advice. Bad security advice and misplaced priorities has in my opinion been the primary activity for decades, in bitcoin, linux, mainstream crypto community, etc.

Bad News?

Going back to the paper the author also claims that “errors accumulate” and that we can be even “blind to danger”… Interesting.

  • Yes, most people who use bitcoins, ignore blissfully what is secp256k1. Even experts do not know how dangerous it is to use this curve.
  • Waiting for the next security scandal. As I was writing these words, some 50M$ have been stolen from DAO token holders.

Researchers in Cryptography vs. Big Brother

For decades the dominant paradigm in crypto and security research would be:

  • to claim that security vulnerabilities occur accidentally, ignoring major questions such as why there are so many of them and why the “bad scenarios” repeat so many times,
  • concentrate security research on topics of secondary importance, or those which have no importance whatsoever and sometimes making serious topics an absolute taboo,
  • propaganda of type: open source is secure, insecure is secure (good example), etc. and lot of other unbelievably stupid statements on which it is not allowed to disagree.

In general my nearly 20 years of experience in this sector have been appalling and I deplore the low level of ethics in this research community, toxic concentration of power and money and all the forms of scientific bias caused by that.

This is now changing after the Snowden revelations.

wolf43

A major paper on the topic of subversion of random number generators has been published. RNGs are really THE place where cryptographic protections could be and were subverted, a lot more easily than elsewhere. In contrast it is very hard to subvert a symmetric cipher or a hash function.

Some citations:
“The study of subversion of cryptographic systems — how to undetectably and securely subvert them, and how to defend against subversion — is a central one”.

This paper concentrates a lot of attention to the question of immunization: how to a backdoor-ed RNG can be used securely or rendered inoffensive: for example due to post-processing or by having an auxiliary input.

 

Press Release: Student Thesis/Paper Blockchain Security Research Competition 2016

DEADLINE EXTENDED 15 OCT 2016.

============================

We have created a fund for research prizes for beginning researchers in bitcoin and blockchain security and financial cryptography.

money-tree-wallpaper-money-tree-clipart1-245x168

 

 

 

 

 

In 2016 we are going to award prizes for student thesis and student paper work. Here is our press release.
Submissions will be accepted until 15 Oct 2016, cf. here, and we have a committee of senior academics which will judge the submissions. Winners will be invited to present their work at a bitcoin conference (TBA).

Confirmed sponsors are Blockchain.com, Clearmatics, Finyear, Tramonex, and a number of individual UCL bitcoin seminar donators.

Contact email: blockchainresearchprize@bettercrypto.com

Record Breaking DAO Token Sale

In the last 2 weeks it was possible to buy DAO tokens, a major new form of distributed business constructed to run on ETH blockchain. Until Friday 12 May 2016 some 50 M$ were invested. Then the price of these tokens has started raising [following the pre-determined rule] for the last 2 weeks of token pre-sale. This has resulted in an unprecedented spike in investment: just during this week-end investors have invested another 57 M$. It has captured more than 13% of all ETH in existence and counting.

The DAO is claimed to be created by an anonymous or leader-less entity. bpcomp_Ninja2This seems to be just a pure publicity stunt and a lame attempt to avoid any legal responsibility for the people who has created it and run it (cf. DAO Curators here). This DAO is simply another blatant attempt to create a new form of social organization which can circumvent stock markets, investment banks, venture capital firms, etc. Congratulations for the people behind it for their courage. If by any chance they go to prison, for example due to US securities laws, we will send them oranges. We have set up a special “blockchain oranges fund” to support blockchain geeks while in prison. Please donate here.

Values

The DAO has announced that they subscribe to the following values:

  • Transparency
  • Democracy
  • Decentralization
  • Voluntary participation
  • Non-exclusion
  • Privacy and the right to anonymity
  • Non-aggression

Furthermore they say that they will not seek profits through means contradictory to these stated values or to the categorical imperative.

Updates

DAO has raised 162 M$ total.
Then it has apparently been another opportunity for criminals to steal 50M of dollars in Ethers.
It is not clear what happens next.

UCL Code Breaking Competition Winners Announced

On the V-Day and the 71st anniversary of defeating the Nazi Germany, we should remember how much the victory is owed to code breakers at Bletchley Park and elsewhere.

2016 UCL Code Breaking Competition (part of GA18).

On this day it is my pleasure to announce the winners of the 2016 UCL Code Breaking competition.

The winners are:

  • Joint 1st prize: Iason Papapanagiotakis-Bousy. Grade 89/100.
    Has obtained the title of Password Cracking and Cryptanalysis Champion.
  • Joint 1st prize: Chris Jeonghyuk Park. Grade 88/100.
    Has obtained the title of Blockchain Data Mining Champion.
  • 2nd prize: Patrick Hough. Grade obtained 76/100.
    Has obtained the title of Blockchain Key Recovery Champion.
  • 3rd Prize: Lim Min. Grade obtained 73/100.
    Has obtained the title of Best Female/Minority Code Breaker.
  • Distiction: Ilyas Azeem.
  • Distiction: Markus Schlegel.
  • Distiction: Ellery Smith.
  • Distiction: Weixiu Tan.

The first four students are also awarded a cash prize worth 1 BTC each, which will be converted to partial sponsorship for attending a summer school in Corfu, or/and other research expenses.

We also have merit-range grades (below 69): Huanyu Ma, Wei Shao, Yuruo Zhang.

winner

 

 

 

 

 

 

About UCL Code Breaking Competition

The Cryptanalysis (COMPGA18/COMPM068) module in UCL’s MSc Information Security provides students with the foundational knowledge to analyse cryptographic systems. In 2016, it was taught by Nicolas T. Courtois, Jonathan Bootle, Christophe Petit and Mary Maller. Some course slides, tutorials and labs we use in GA18 can be found here.

To give students a more realistic (and enjoyable) experience there is no written exam for this module; instead the students are evaluated based on [individual] programming projects and a [group] code breaking competition. UCL has a strong tradition of experimental research and we have been running many student competitions and hacking events in the past. In March 2013 a team directed by Dr Courtois won the UK University Cipher Challenge 2013 award, held as part of the UK Cyber Security Challenge.

Evolution-Photo-by-Johanna-Pung1-450x180

This year the competition has been about recovering private keys in real-life systems. It has involved the study of random number generators, software reverse-engineering, password cracking, elliptic curve cryptography, hash functions, exploration of large datasets, programming and experimentation, optimization, visualization and statistics, and complex key recovery attacks based on algebraic exploitation of various types of special events. We also have developed passive and active side channel attacks with cache type of leakage, aiming at recovering private keys and with a variety of implementations. In the past years, we have allowed participants from other London universities. For further information, contact Dr Nicolas Courtois

About the Prize Winners:

 gemmb vasm davm davm

  • Iason Papapanagiotakis-Bousy (left) is a UCL M.Sc. InfoSec student from Greece.
    During the competition he has broken hundreds of thousands of real-life passwords including some 200 passwords which have never been discovered before. He has done remarkable work on algebraic cryptanalysis on Simon block cipher, which work has been submitted for publication and will be published in proceedings of SECRYPT 2016 conference this summer. He was also a member of UCL team in the international CTF (Capture The Flag) hacking competition. He has excellent skills in scientific data analysis and modeling and has greatly contributed to our blockchain high-speed data mining effort.
  • Chris Jeonghyuk Park is a UCL M.Sc. InfoSec student from South Korea. He was also a member of the same UCL team in CTF, and also a prolific password cracker able to recover countless passwords which no one has found before. He is an experienced Linux/C software developer. Furthermore, he also has distinguished himself in blockchain data mining. His expertise is problem solving, algorithms, network & system security. He recently has studied and did a presentation about Ethereum mining internals. This month he is starting an internship at a FinTech/blockchain company in central London.
  • Patrick Hough is a UCL Maths student (cf. here). His primary interest is analytic number theory, and he has been in the recent months working with Prof. Andrew Granville on (recently) very  famous questions of biases in prime numbers. He has been one of the very best first year students at UCL faculty of mathematical and physical sciences in 2013.
  • Lim Min (right) is a visiting UCL Maths student from Singapore. She is a born problem-solver and enjoys applying mathematics to real-life questions. During our lectures and tutorials, she distinguished herself by her questions and her natural grasp for understanding how various events affect the feasibility and success rate of cryptanalytic attacks.

Sponsors

Special thanks to our gold sponsors which are sponsoring our group trip to Greece or/and our research expenses prize fund: ClearmaticsTramonex, FinyearBlockchain.com.

clearmatics_logo_BW_250Tramonex0
finyear_logobc3