How to Recover Your Coins Lost due to ViaCoin Multisig Bug

In November 2017, users have lost 300 M$ in Ethereum due to a bug in Parity wallet multisig features.

At this moment the history repeats with ViaCoin: There is a serious bug in Windows ViaCoin 2.8.3. wallet found here and available since April 2017. As a world premiere, here is the solution!

How to Recover Coins Lost

This software has been used since April 2017, the bug is now in the wild and potentially anyone using Vialectrum under windows and sending to a multisig address will lose money.

HOWEVER the coins can be recovered. For this one needs to follow the following steps:

  1. Build the dev version from sources (tried and worked under Ubuntu 16) as explained here.
    • Notes: make sure that Python3.4 or later not Python or Python 2.7.3. is used, together with git, pip3 and all the suitable packages such as setuptoools, are installed. For example “pip3 install –upgrade pip setuptools”. However it is normal that Python 2.7.3. is still present and it should not be removed. Now running “python3 — version” should produce sth like Python 3.4 or later. If  stuck with Python 3.2. in spite of reinstall, see general instructions for upgrading Python and try to uninstall and reinstall Python 3 while keeping Python 2 in place (apt-get remove vs apt-get install).
    • If problem with aes.h or similar files are reported missing, try things such as install OpenSSL or libssl through either “sudo apt-get install libsssl-dev” or “sudo apt-get install openssl”, no harm.
  2. Then run the dev gui by typing “./vialectrum”.
  3. Then create a new multisig wallet, for example 2 out of 4 with any mix of xpub, recovery seeds or xpriv exported from faulty Windows wallets.
  4. From this wallet one should be able to spend the coins lost. Just send them anywhere!
  5. This solution was tested and works.

The main developer romanoRNR has promised to release new corrected Windows distribution within days.




Bitcoin Crazy Ride Hits Wall Street

It is a big success for bitcoin and coincides with an incredible price rally where bitcoin has accomplished in 2017. In first days of 2017, bitcoin was worth 1000$. 5 months later in May it was at 2000$, 3 months later in August it was at 4000$, and after another 3 months in November it was at 8000$. Then it has accelerated and doubled in 2 weeks reaching the whereabouts of 16,000 $ now. We see that bitcoin price has grown way faster than exponentially! At the end bitcoin+competitors are now worth more than Facebook.

Now beware bitcoiners. The evil empire will now strike back. This is precisely the whole point of the futures market. Previously most investors would either buy bitcoins, or abstain (and maybe regret that they didn’t buy bitcoins). Now more traders than ever will trade both ways: many traders will now be able to short bitcoin and profit when the price goes down!!!

Overall many commentators say that the existence of bitcoin futures markets will rather not decrease but BUT increase bitcoin’s volatility making it maybe a weapon of financial mass destruction (Buffet). These comments are particularly visionary for bitcoin. If in traditional markets you already have the cyber security question, these questions are more likely to bite in bitcoin. There are huge risks bitcoin collapsing very badly due to a bug or a backdoor or a large cyber attack on P2P network, software and hardware ecosystem, deposits kept on exchanges, or on miner pools. In bitcoin, some catastrophic events is what is bound to happen, or is very likely, just listen to John McAffee. The show must go on.


XYZ and Saving an Extremely Rare Enigma Machine

Public donations are sought by Pilsudski Institute in London.

The most prominent host of the institute is an extremely rare WW2 Enigma machine. This machine was made in France during WW2 to assist Polish code breakers in their daily code-breaking tasks [done in close collaboration with Bletchley Park, UK]. Only two such machines exist, see here for more details.




This unique collaboration of the intelligence services of France(X), Britain(Y) and Poland(Z), was one of the most significant but also most secret success stories which have made WW2 Victory possible. A new book by Dermot Turing “X,Y&Z, the real story of how Enigma was broken” will be published in 2018. It will reveal new facts based on recently declassified French WW2 archives.


Storm is Brewing Over Bitcoin Future

If you read recent media reports about future of bitcoin, you wonder what is going on.
For sure it is NOT clear which software or which blockchain we will be calling the “true” or “real” bitcoin in the future.

Here is a selection of citations, all very recent, and all about the fork expected to happen on approximately 16 November 2017 (updated: no longer happening, was postponed now):

  • Many people and companies have withdrawn their support for SegWit2x bitcoin and the so called New York agreement is not widely accepted.
  • Bitcoin developers claim that Bitcoin SegWit2x will be just another altcoin:
    • they “don’t think Segwit2x will succeed in its attempt to become the main bitcoin blockchain” see here.
  • Horror stories are told (as we read here):
    • SegWit proponents have  refused “to enact replay protection”
    • “the loss of funds for many users on the network will literally be unavoidable”
    • this is claimed due to “accidental replay spending, replay attacks and sudden and widespread incompatibility between various software and services”.
  • Forbes says that bitcoin is at the edge of destruction.

We have known since for so many years. Self-inflicted misery, turf wars between developer and stake holder fractions, etc. Forbes reports about what is going on in the social and developer media: “a toxic stew of name-calling, trolling, bullying, blocking and threats”. The community has “hard forked”, this  “politically and ideologically” and  “by censorship“.

I will now offer an independent “conspiracy theory style” explanation while this [yet another] battle of industry standards is fought so bitterly. The point is that on this planet, crypto standards ARE expected to bugged/insecure, work against the cautious advice from academics, or/and serve special interests. The question is about ending the sordid monopoly of current bitcoin developers on dictating dodgy crypto standards to govern blockchain technology at large. Until now bitcoin have been held hostage by particular highly controversial cryptography solutions as ECDSA+SHA256+secp256k1. What went wrong on bitcoin crypto front so far? Almost everything:

  • These things are contorversial wrt best practices in crypto engineering and are not universally accepted: no one outside bitcoin community uses this strange crypto suite. Not a single bank card, not a single TLS transaction on the Internet, not a single ID card, electronic passport, etc etc.
  • The reputation of secp26k1 is very bad, it should never by used by anyone. Is it not recommended by NSA, NIST, SEC, Microsoft, BSI, NATO etc. Not a safe curve etc…
  • We need to recall that ECDSA signatures has become popular only because in the old times, Schnorr has patented his signature scheme, which patent has however expired in 2008.
  • SHA256 is also a problem: the security of SHA256 has never been seriously evaluated in academic crypto research [100 times more effort was spent studying SHA1] and therefore we should expect some nasty surprises here as well.
  • We have seen that bitcoin developers have been actively suppressing better crypto alternatives and people who promote crypto upgrades.
  • In contrast – unlike current bitcoin crypto –  Schnorr signatures are provably secure AND do not suffer from malleability problems and are also secure against repeated random attacks.
  • Segregated witness allows to make blockchain more compact with lower fees AND will also make future crypto upgrades safer and easier with script versions and soft forks. It will also make blockchain validation easier/faster.


Few days after this was written, on 9 nov, the date of the bitcoin fork has been postponed. Within 24 hours the market price of BT2X on HitBTC has fallen from levels above 1000 USD and have reached and stabilized at levels below 200 USD.


UCL InfoSec Visit at Bletchley Park – Friday 29 Sept 2017

Our trip took place 29 Sept 2017.  Some 32 UCL students participated.


Students have explored the past in order to find role models for the future.






Due to large numbers, we have split into two groups for a guided Bletchley Park tour, and also had assisted at two bombe demonstrations.






Home Work:

Students have been asked to further study at home how Enigma was broken, see back side of our hand-out.

More details can be found in our teaching materials “Enigma and Block Ciphers – 100 years of cryptanalysis with non-commutative combinations of permutations” which slides are studied in UCL COMPGA18/COMPM068 course Cryptanalysis. After our trip many students have asked to do GA18, and unhappily we have run out of space [the course is currently oversubscribed]. z

Acknowledgments: I would like to thank prof. Angela Sasse for financial and moral support for this event, and also for organizing previous events.

ICOs – The Good and the Ugly

In the recent crazy wave of ICOs we hear every day that investors should be warned and there are lots of scams or that it is unlikely that ICOs can deliver.
So the question is how do you tell apart a “good ICO” from a bad one?
It is a difficult question, but let us look at some examples.

Some ICOs possibly need NOT to be advertised and do not seek excessive publicity.

  • For example a French Internet domain trading/auction company DomRaider which is a well established business which already employs 33 people full time including 10 blockchain developers, has sold more than 75% of their DRT coins BEFORE the ICO started, in the pre-sale. Without making too much noise, for expert investors only. The public sale has now started also yesterday, and TV commercials are also planned, but there aren’t too many coins left.
  • Another currently ongoing ICO Enigma Catalyst, has allocated pre-sale investors less coins that they have asked for, and informed them by email that they should not sent more money than they are allowed to. And investor could only buy tokens during few hours. Now it is too late to buy any.

The common pattern in these ICOs is that they are not too aggressive trying to sell as many coins as possible.

Here Comes the Dubious ICO

In contrast, several ICOs were advertised widely and many of these, honestly, look dubious.
First we should ignore all ICOs announcements received by email we have not asked for. 99.9% will be  scams. Then there are those which seem to attract unreasonable amounts against all logic.

For example EOS have employed an aggressive sale technique: the sale expires today! Recently they behaved more honestly than before and now they put “Period 76” in big letters. Previously it was different. It was advertised widely and had some good press coverage and they raised nearly 200 million of USD in a few days. For a long time their communication looked like, well they are deliberately trying to abuse the naive investors. Every day their website looked at at this is a unique opportunity to buy tokens which is going to end soon; with a clock ticking…


Then EOS got assassinated in one Financial Times blog for “a remarkable feat of salesmanship” – selling tokens which simply do NOT offer anything:  they do not even confer the investors “any rights, uses, […] functionalities or features” w.r.t. the EOS software platform under development, and it is not clear what actually they offer [some sort of access rights for the platform?]. Now I am not sure have many investors have actually heard about this FT report. What really surprises me that even today EOS is raising MORE than 1 million dollars per day from investors. Are investors blind and deaf and not reading the press, or is EOS so valuable and people who buy them surely know what they are doing?


Declaration of conflict of interest:
The author of this post holds some of crypto coins cited here. He has also been approached by DomRaider in order to become their advisor.


Bitcoin Network Recovery – $40 Billion Of Self-Inflicted Damage

After 1 month of acute crisis the bitcoin network is finally operating more or less normally. Imagine that you went to a station in rush hour and it took you 1 month to get home due tube or rail network jamming. This is exactly what happened to bitcoin in the last 2-3 months, and which is shown on this graph:










This is simply network saturation due to increasing demand and activity, rather than spamming as reported by some.

For example on 8 May 2017 I have created a sample transaction for about 600 USD, not a small amount, and using a standard Android app with default settings. This transaction tool exactly 1 month to be approved by the bitcoin network. The graph shows that millions of other transactions have known a similar sort and a lot of bitcoin users have seen their transactions delayed (for days and weeks). Moreover, on some days even forgot about this transaction which he knew about on previous day.  This means that maybe the backlog was higher than the curve above shows as clearly does not or did not record the bitcoin transactions accurately.

So it SEEMS that bitcoin has recovered?

This comes at INCREDIBLY high cost. During same last 3 months period the bitcoin dominance went down from 80% down to 40%. This is like losing 40 Billion dollars of business revenue at today’s prices!!! Bitcoin has lost half of its business in less than 3 months!

All this is of course self-inflicted damage because the reforms which were already in “final testing stage” (!) 1 year earlier are not quite yet implemented.


Post-Quantum RSA

A very detailed study showing that RSA can be re-engineered in order to remain practical, yet it will no longer be broken by a quantum computer. The essence of the proposal is a multiple-prime RSA with great many 4096-bit primes and with 1 Terabyte public key. A significant potential weakness [for which however there is no attack so far] is the use of small public exponent e=3.


Bitcoin Network Saturation

Almost exactly 3 years after this, bitcoin network went down to less than 50% dominance, and has nearly lost its capacity to process payments normally.

Bitcoin in Crisis

This can be seen on the following graph for the last 12 months. The curve does not go down to zero anymore. It can no longer keep with the demand of blockchain space to store newly created transactions. If the curve sometimes went down to zero, maybe transactions would eventually be approved. However, the last time the curve was lower than 10,000 was 2 May 2017. As a result there is a permanent huge backlog of payments which are simply no longer executed in any reasonable way. This looks like a permanently saturated network.


One year ago the norm would be to have just a few thousands of unconfirmed transactions waiting for being mined. Knowing that one block  adds some 1000-2000 transactions in 10 minutes, this would mean that you wait for maybe 1 hour for an ordinary transaction to be mined, and that one could reasonably expect it to be mined sooner or later.

Now the situation became MUCH worse: the number of unconfirmed transactions has skyrocketed to 100,000 [later 170,000]. At the same time we still have a strict 1Mb limit on block size because the bitcoin network inability to deliver any sort of sensible reform or upgrade. This means that many users of bitcoin need to wait for DAYS and even WEEKS before their transaction is approved.

Some detailed statistics on waiting time vs.  fee: see Fig. 8 on page 13 of this paper written by a UCL researchers Pappalardo et al. Here is a real-life tool which shows how big are the fees used in unconfirmed transactions for the last 24 hours. And here is an example of a transaction not mined for many days from 8 May and even erased/forgotten by (it was seen on 8 May, it was reported as inexistent/unknown on 22 May, and on 25 May it was claimed to be a recent transaction dated 22 May). In fact something like 20% of bitcoin transactions are NOT mined for 30 days or more, cf. again UCL paper. It is also clear that do NOT report these figures accurately, as it is able to forget a transaction and provides inaccurate timestamps. Therefore the actual figures could be higher.

As the demand cannot be met, fees paid to miners went to the moon as shown on the graph below.

Bitcoin has become a network where economic activity is taxed and a lot of small transaction will not happen at all. Now it is not true that the relative cost of processing compared to the transaction volume has increased, it went down to 0.5%, see this graph. It is rather correct to say that the network can now only handle larger payments for the super wealthy and large transactions are executed, cf. Fig. 7 in UCL paper.


Alternatives are to put an exorbitant fee for your transaction to be mined ASAP (within 10 minutes),  or to replace your transaction and increase the fee – many apps do not allow this and people see their bitcoins stuck in a limbo for days and possibly forever. For ordinary users this means losing their bitcoins – in practice – for example most ordinary users of many mobile apps will not know how to recover their bitcoins from a backup of their private keys and app developers typically do not explain how to do it.


The Challengers

If bitcoin loses in dominance who are the winners? This curve shows that each time in recent 4 years, bitcoin dominance is eroded, clearly, this has coincided more or less with an appreciation of one single currency. First it was Ripple, then Ethereum, and very recently both at the same time [and few other].