What Do We Stand for In Security Engineering and The Question of Improving Bitcoin

What do we stand for? The answer is quite simple: threats and attacks needs to be anticipated and protections must be built pro-actively, in advance before something bad happens and it is maybe too late. The golden standard in information security is: “it’s always better to assume the worst” because “when the unexpected happens, you’ll be glad you did”, this following the well-known information security engineering and applied cryptography guru Bruce Schneier.

secure_insecure

Recently I have publicly said that in my opinion  “Bitcoin has a toxic culture of people avoiding talking about its problems.” and even though my exact words were distorted, I have also kind of accused the Bitcoin foundation of not acting responsibly, which would be to make more space for cryptographers and security engineers and in general be more careful about security.

This post has provoked 150 comments in just one day. Some people say: This subreddit is notorious for […] attacking anyone and everyone who is not pumping bitcoin. In fact, maybe not so bad, it seems to show all sorts of opinions.

Jeff Garzik, one of the core developers most people trust and respect, a brilliant devoted contributor, have responded: “On the contrary, we document our problems openly”: https://en.bitcoin.it/wiki/Weaknesses

Not untrue, however the better is the enemy of the good [Voltaire 1772].  This wiki does not contain anything like a  detailed informed expert discussion on bitcoin attacks. On the contrary, it is over-simplistic and is likely to mislead rather than inform the reader in order to ignore some important threats and attacks on bitcoin, here is why.

Can Bitcoin be Reformed?

I remember that I have personally asked Jeff Garzik about the bitcoin elliptic curve during some bitcoin event. It was on the last floor of a certain London Canary Wharf skyscraper. I remember that I was very careful to state my question very clearly: “Would they change the Bitcoin elliptic curve PREVENTIVELY, before a problem is found by cryptography researchers?”.
The answer was no, not unless something bad happens!

This is exactly what me and many other people are talking about, lack of pro-active security. Wait and see.

Recently another bitcoin core developer Peter Todd has become frustrated with some of his friends in Bitcoin development community and have said that: “it might take a disaster to get the consensus to fix it” (his concerns were different I think, mainly 51% threat and the current excessive centralization of bitcoin).

Can Bitcoin Cryptography be Broken?

For sure it will be broken, it is just a matter of time. Either SHA256 or secp256k1 will be broken. It is foolish to believe that standard modern cryptography is secure, and moreover bitcoin cryptography is very clearly sub-standard and very peculiar.
Now will bitcoin cryptography be broken like next year? Probably not. It is now possible to bet on this question with bitcoins in total anonymity . It is a game, I do not personally think it will be broken so quickly.

2 Comments

  1. Pingback: Controversy Around Bitcoin Elliptic Curve | Financial Cryptography, Bitcoin, Crypto Currencies, Cryptanalysis

Leave a Reply to Edward DeLeon Hickman Cancel reply

Your email address will not be published.