Storm is Brewing Over Bitcoin Future

If you read recent media reports about future of bitcoin, you wonder what is going on.
For sure it is NOT clear which software or which blockchain we will be calling the “true” or “real” bitcoin in the future.

Here is a selection of citations, all very recent, and all about the fork expected to happen on approximately 16 November 2017 (updated: no longer happening, was postponed now):

  • Many people and companies have withdrawn their support for SegWit2x bitcoin and the so called New York agreement is not widely accepted.
  • Bitcoin developers claim that Bitcoin SegWit2x will be just another altcoin:
    • they “don’t think Segwit2x will succeed in its attempt to become the main bitcoin blockchain” see here.
  • Horror stories are told (as we read here):
    • SegWit proponents have  refused “to enact replay protection”
    • “the loss of funds for many users on the network will literally be unavoidable”
    • this is claimed due to “accidental replay spending, replay attacks and sudden and widespread incompatibility between various software and services”.
  • Forbes says that bitcoin is at the edge of destruction.

We have known since for so many years. Self-inflicted misery, turf wars between developer and stake holder fractions, etc. Forbes reports about what is going on in the social and developer media: “a toxic stew of name-calling, trolling, bullying, blocking and threats”. The community has “hard forked”, this  “politically and ideologically” and  “by censorship“.

I will now offer an independent “conspiracy theory style” explanation while this [yet another] battle of industry standards is fought so bitterly. The point is that on this planet, crypto standards ARE expected to bugged/insecure, work against the cautious advice from academics, or/and serve special interests. The question is about ending the sordid monopoly of current bitcoin developers on dictating dodgy crypto standards to govern blockchain technology at large. Until now bitcoin have been held hostage by particular highly controversial cryptography solutions as ECDSA+SHA256+secp256k1. What went wrong on bitcoin crypto front so far? Almost everything:

  • These things are contorversial wrt best practices in crypto engineering and are not universally accepted: no one outside bitcoin community uses this strange crypto suite. Not a single bank card, not a single TLS transaction on the Internet, not a single ID card, electronic passport, etc etc.
  • The reputation of secp26k1 is very bad, it should never by used by anyone. Is it not recommended by NSA, NIST, SEC, Microsoft, BSI, NATO etc. Not a safe curve etc…
  • We need to recall that ECDSA signatures has become popular only because in the old times, Schnorr has patented his signature scheme, which patent has however expired in 2008.
  • SHA256 is also a problem: the security of SHA256 has never been seriously evaluated in academic crypto research [100 times more effort was spent studying SHA1] and therefore we should expect some nasty surprises here as well.
  • We have seen that bitcoin developers have been actively suppressing better crypto alternatives and people who promote crypto upgrades.
  • In contrast – unlike current bitcoin crypto –  Schnorr signatures are provably secure AND do not suffer from malleability problems and are also secure against repeated random attacks.
  • Segregated witness allows to make blockchain more compact with lower fees AND will also make future crypto upgrades safer and easier with script versions and soft forks. It will also make blockchain validation easier/faster.


Few days after this was written, on 9 nov, the date of the bitcoin fork has been postponed. Within 24 hours the market price of BT2X on HitBTC has fallen from levels above 1000 USD and have reached and stabilized at levels below 200 USD.


UCL InfoSec Visit at Bletchley Park – Friday 29 Sept 2017

Our trip took place 29 Sept 2017.  Some 32 UCL students participated.


Students have explored the past in order to find role models for the future.






Due to large numbers, we have split into two groups for a guided Bletchley Park tour, and also had assisted at two bombe demonstrations.






Home Work:

Students have been asked to further study at home how Enigma was broken, see back side of our hand-out.

More details can be found in our teaching materials “Enigma and Block Ciphers – 100 years of cryptanalysis with non-commutative combinations of permutations” which slides are studied in UCL COMPGA18/COMPM068 course Cryptanalysis. After our trip many students have asked to do GA18, and unhappily we have run out of space [the course is currently oversubscribed]. z

Acknowledgments: I would like to thank prof. Angela Sasse for financial and moral support for this event, and also for organizing previous events.

ICOs – The Good and the Ugly

In the recent crazy wave of ICOs we hear every day that investors should be warned and there are lots of scams or that it is unlikely that ICOs can deliver.
So the question is how do you tell apart a “good ICO” from a bad one?
It is a difficult question, but let us look at some examples.

Some ICOs possibly need NOT to be advertised and do not seek excessive publicity.

  • For example a French Internet domain trading/auction company DomRaider which is a well established business which already employs 33 people full time including 10 blockchain developers, has sold more than 75% of their DRT coins BEFORE the ICO started, in the pre-sale. Without making too much noise, for expert investors only. The public sale has now started also yesterday, and TV commercials are also planned, but there aren’t too many coins left.
  • Another currently ongoing ICO Enigma Catalyst, has allocated pre-sale investors less coins that they have asked for, and informed them by email that they should not sent more money than they are allowed to. And investor could only buy tokens during few hours. Now it is too late to buy any.

The common pattern in these ICOs is that they are not too aggressive trying to sell as many coins as possible.

Here Comes the Dubious ICO

In contrast, several ICOs were advertised widely and many of these, honestly, look dubious.
First we should ignore all ICOs announcements received by email we have not asked for. 99.9% will be  scams. Then there are those which seem to attract unreasonable amounts against all logic.

For example EOS have employed an aggressive sale technique: the sale expires today! Recently they behaved more honestly than before and now they put “Period 76” in big letters. Previously it was different. It was advertised widely and had some good press coverage and they raised nearly 200 million of USD in a few days. For a long time their communication looked like, well they are deliberately trying to abuse the naive investors. Every day their website looked at at this is a unique opportunity to buy tokens which is going to end soon; with a clock ticking…


Then EOS got assassinated in one Financial Times blog for “a remarkable feat of salesmanship” – selling tokens which simply do NOT offer anything:  they do not even confer the investors “any rights, uses, […] functionalities or features” w.r.t. the EOS software platform under development, and it is not clear what actually they offer [some sort of access rights for the platform?]. Now I am not sure have many investors have actually heard about this FT report. What really surprises me that even today EOS is raising MORE than 1 million dollars per day from investors. Are investors blind and deaf and not reading the press, or is EOS so valuable and people who buy them surely know what they are doing?


Declaration of conflict of interest:
The author of this post holds some of crypto coins cited here. He has also been approached by DomRaider in order to become their advisor.


Bitcoin Network Recovery – $40 Billion Of Self-Inflicted Damage

After 1 month of acute crisis the bitcoin network is finally operating more or less normally. Imagine that you went to a station in rush hour and it took you 1 month to get home due tube or rail network jamming. This is exactly what happened to bitcoin in the last 2-3 months, and which is shown on this graph:










This is simply network saturation due to increasing demand and activity, rather than spamming as reported by some.

For example on 8 May 2017 I have created a sample transaction for about 600 USD, not a small amount, and using a standard Android app with default settings. This transaction tool exactly 1 month to be approved by the bitcoin network. The graph shows that millions of other transactions have known a similar sort and a lot of bitcoin users have seen their transactions delayed (for days and weeks). Moreover, on some days even forgot about this transaction which he knew about on previous day.  This means that maybe the backlog was higher than the curve above shows as clearly does not or did not record the bitcoin transactions accurately.

So it SEEMS that bitcoin has recovered?

This comes at INCREDIBLY high cost. During same last 3 months period the bitcoin dominance went down from 80% down to 40%. This is like losing 40 Billion dollars of business revenue at today’s prices!!! Bitcoin has lost half of its business in less than 3 months!

All this is of course self-inflicted damage because the reforms which were already in “final testing stage” (!) 1 year earlier are not quite yet implemented.


Post-Quantum RSA

A very detailed study showing that RSA can be re-engineered in order to remain practical, yet it will no longer be broken by a quantum computer. The essence of the proposal is a multiple-prime RSA with great many 4096-bit primes and with 1 Terabyte public key. A significant potential weakness [for which however there is no attack so far] is the use of small public exponent e=3.


Bitcoin Network Saturation

Almost exactly 3 years after this, bitcoin network went down to less than 50% dominance, and has nearly lost its capacity to process payments normally.

Bitcoin in Crisis

This can be seen on the following graph for the last 12 months. The curve does not go down to zero anymore. It can no longer keep with the demand of blockchain space to store newly created transactions. If the curve sometimes went down to zero, maybe transactions would eventually be approved. However, the last time the curve was lower than 10,000 was 2 May 2017. As a result there is a permanent huge backlog of payments which are simply no longer executed in any reasonable way. This looks like a permanently saturated network.


One year ago the norm would be to have just a few thousands of unconfirmed transactions waiting for being mined. Knowing that one block  adds some 1000-2000 transactions in 10 minutes, this would mean that you wait for maybe 1 hour for an ordinary transaction to be mined, and that one could reasonably expect it to be mined sooner or later.

Now the situation became MUCH worse: the number of unconfirmed transactions has skyrocketed to 100,000 [later 170,000]. At the same time we still have a strict 1Mb limit on block size because the bitcoin network inability to deliver any sort of sensible reform or upgrade. This means that many users of bitcoin need to wait for DAYS and even WEEKS before their transaction is approved.

Some detailed statistics on waiting time vs.  fee: see Fig. 8 on page 13 of this paper written by a UCL researchers Pappalardo et al. Here is a real-life tool which shows how big are the fees used in unconfirmed transactions for the last 24 hours. And here is an example of a transaction not mined for many days from 8 May and even erased/forgotten by (it was seen on 8 May, it was reported as inexistent/unknown on 22 May, and on 25 May it was claimed to be a recent transaction dated 22 May). In fact something like 20% of bitcoin transactions are NOT mined for 30 days or more, cf. again UCL paper. It is also clear that do NOT report these figures accurately, as it is able to forget a transaction and provides inaccurate timestamps. Therefore the actual figures could be higher.

As the demand cannot be met, fees paid to miners went to the moon as shown on the graph below.

Bitcoin has become a network where economic activity is taxed and a lot of small transaction will not happen at all. Now it is not true that the relative cost of processing compared to the transaction volume has increased, it went down to 0.5%, see this graph. It is rather correct to say that the network can now only handle larger payments for the super wealthy and large transactions are executed, cf. Fig. 7 in UCL paper.


Alternatives are to put an exorbitant fee for your transaction to be mined ASAP (within 10 minutes),  or to replace your transaction and increase the fee – many apps do not allow this and people see their bitcoins stuck in a limbo for days and possibly forever. For ordinary users this means losing their bitcoins – in practice – for example most ordinary users of many mobile apps will not know how to recover their bitcoins from a backup of their private keys and app developers typically do not explain how to do it.


The Challengers

If bitcoin loses in dominance who are the winners? This curve shows that each time in recent 4 years, bitcoin dominance is eroded, clearly, this has coincided more or less with an appreciation of one single currency. First it was Ripple, then Ethereum, and very recently both at the same time [and few other].



Silvio Micali – A Genius Which Will Stay in the Bottle

Silvio Micali, one of the most brilliant computer scientists on this planet has just re-invented democracy or blockchains or finance or law order and public authority and few other things, with his ALGORAND system. And some other brilliant crypto innovators are also doing the same thing: see DFINITY.

Possibly this is what we really want, a distributed ledger system which is very hard to corrupt and acts for the benefit of the honest players rather than the bad ones. The anti-dote to our mafia economy and all the fake sponsored consensus run by the corrupted few, in media, science, politics, etc, which we see every day.


On the surface, Dr Micali has the tool which we all want: a weapon for the  oppressed, the under-represented, or just ordinary  honest players in the market, a major step forward towards building a truly civilized society, towards restoring the market economy and truly democratic finance which benefits everyone.  A space where people can live their digital economy lives without fear of being abused by fraudsters and criminals.

The system works by deterministic randomness which is quite hard to control for the attackers and which decides which entities will be able to vote on the future state of the ledger. It is designed to be extremely robust and stable. It is claimed to be secure in some quite strong adversarial settings, for example the attacker is allowed to corrupt the very person who will be [temporarily] in charge of deciding the next update of the ledger. And the system claims to resist this sort of attack. Micali his this nice metaphor: […the powerful attacker] “cannot call back the leader’s message no more than a powerful government can put back in the bottle a message virally spread by WikiLeaks”.

However in fact Micali is doing just this. He has just started to suppress the very brilliant ideas he has been building in the last few years. The process of suppressing these brilliant ideas have already began, and the person who runs the revolution and the counter-revolution is the same, Dr Micali himself. On the first page of their paper we read:

These technologies are the object of the following patent applications: US62/117,138 US62/120,916 US62/142,318 US62/218,817 US62/314,601 PCT/US2016/018300 US62/326,865 62/331,654 US62/333,340 US62/343,369 US62/344,667 US62/346,775 US62/351,011 US62/653,482 US62/352,195 US62/363,970 US62/369,447 US62/378,753 US62/383,299 US62/394,091 US62/400,361 US62/410,721

You bet that for the next 20 years we will be left with what we have: mafia-friendly systems such as bitcoin, hyper-centralized champions of excessively poor network neutrality, which are essentially privately controlled financial systems designed and working exclusively for the corrupt few. Why it is the systems such as bitcoin which are free and open source and good ones patented?

Shame on you Silvio Micali!


Interesting Parts in CIA Leaks

Schneier wrote:

  • 8,761 classified CIA documents […] 2012-2016 […]it sounds like this cache of documents wasn’t taken from the CIA and given to WikiLeaks for publication, but has been passed around the community for a while — and incidentally some part of the cache was passed to WikiLeaks. […]  extraordinary collection […] several hundred million lines of code, gives its possessor the entire hacking capacity of the CIA.[…]
  • […]there is absolutely nothing illegal in the contents of any of this stuff. It’s exactly what you’d expect the CIA to be doing in cyberspace[…]
  • […] these tools are a few years out of date

Danezis in UCL blog wrote:.

  • “If CIA implants, Command & Control and Listening Post software were classified, then CIA officers could be prosecuted or dismissed for violating rules that prohibit placing classified information onto the Internet. Consequently the CIA has secretly made most of its cyber spying/war code unclassified.”

Other observations which many sources reported:

  • Frankfurt is a major CIA outpost for hacking ops.
  • CIA is masquerading to make things look like cyberattacks come from Russia.