DAO – Record Breaking Theft Worth 5OM$

Posted by on

Some 50 millions of dollars have been stolen from DAO token holders (including myself). The DAO is by the way, claimed to be closing [Tual]. Closing or not, it remains a smart contract which should allow DAO holders to get some of their initial ethers back.

Now can the thief spend his Ethers without being caught (for now locked until 14 July)? Or will community agree to simply invalidate these tokens (hard fork or/and a decision by 51% of ETH miners)?

wolf43

A person claiming to be the thief himself have made a public statement explaining that [after consulting a law firm] given the DAO official rules, the money is rightfully theirs. The thief claims that the DAO was intentionally designed to allow this sort of action. Moreover he threatens legal action against Ethereum programmers or DAO curators, if they decided to invalidate his tokens. Lawyers don’t really agree: “code vulnerability doesn’t equal consent”, and “criminal laws may have been broken”.  

Now the thief [apparently a group of people] decided to oppose any such fork by another method: they announced that they will basically PAY the ETH miners to oppose the fork. They have lots of ETH to do so. It looks like some highly skilled gangsters are trying to see if it is possible to corrupt ETH community from the within and with cash. Will they succeed?

 

 

 

 

 

 

Comparison of R&D Expenses in Different Countries

Posted by on

octopusglobeWe have heard about the CIA/NSA Uber Apple/Google/Facebook, food industry, rampant imperialism which emanates from a handful of countries… and how these forces corrupt politicians and business circles in many other countries.

Well actually in many cases it is self-inflicted misery. In many cases it is politicians and business people who run these countries do not want them to have a future.

For example it is interesting to compare how much different countries spend on R&D, this in percentage of GDP. In many countries, they spend such a tiny portion of their own money on giving themselves a future, so that they compromise their future. It is clearly NOT true that they have no money. Politicians are not just corrupted, they ask to be corrupted and they send their children to live abroad. Some countries want to be miserable. Tomorrow, in the best case they will be slaves working for people from other countries, or simply unemployed and under-developed.

Here are some figures selected from world bank stats on the GDP percentage different countries spent on R&D [public+private combined].

  • Mongolia 0.2% Pakistan 0.3%
  • Belarus, Bulgaria 0.70% Ukraine,Greece 0.8%
  • Poland, Turkey 0.9% [slides about Polish cryptography]
  • Brazil, Russia 1.1%
  • Portugal 1.4%
  • Canada, UK 1.6%, and UK gets lots from the EU
  • Czech Rep. 1.9% China 2.0%
  • Australia, France, Belgium, Estonia 2.3%
  • Austria 2.7% Germany 2.80%
  • Sweden 3.2% Japan 3.4% Finland 3.6%
  • Korea 3.8% Israel 4.1%

 

Is Computer Security a Pseudo Science?

Posted by on

A major paper trying to explain why security experts have so frequently failed. secure_insecure

 

Cormac Herley: The Unfalsifiability of Security Claims paper /slides.

It starts with a great classic, Karl Popper philosophy of science which would be the basis to say “security” is some sort of pseudo-science. We read that “there is no empirical test that allows us to label an arbitrary system (or technique) secure”.

Really?

I thought the same for the last 20 years, but in fact, well, possibly there is one.

As long as MONEY is stored in computer systems in terms of private keys [e.g. bitcoins] it is that either these bitcoins will be stolen OR the system is secure or secure enough [for short or medium term]. This combined with reputation of vendors, developers and scientists could win us the repeated game: achieve secure systems.

One problem however is that reputation of these people is at all times low due to the Snowden scandal. We are today more relucant to trust experts and vendors.

Here come bets, crypto challenges and prediction markets. It is one thing to claim that something is secure, another thing is to bet money on it. The problem maybe is that until now experts and developers had no incentive to get it right or to be right. Many have been corrupted or manipulated to give wrong security advice. Bad security advice and misplaced priorities has in my opinion been the primary activity for decades, in bitcoin, linux, mainstream crypto community, etc.

Bad News?

Going back to the paper the author also claims that “errors accumulate” and that we can be even “blind to danger”… Interesting.

  • Yes, most people who use bitcoins, ignore blissfully what is secp256k1. Even experts do not know how dangerous it is to use this curve.
  • Waiting for the next security scandal. As I was writing these words, some 50M$ have been stolen from DAO token holders.

Researchers in Cryptography vs. Big Brother

Posted by on

For decades the dominant paradigm in crypto and security research would be:

  • to claim that security vulnerabilities occur accidentally, ignoring major questions such as why there are so many of them and why the “bad scenarios” repeat so many times,
  • concentrate security research on topics of secondary importance, or those which have no importance whatsoever and sometimes making serious topics an absolute taboo,
  • propaganda of type: open source is secure, insecure is secure (good example), etc. and lot of other unbelievably stupid statements on which it is not allowed to disagree.

In general my nearly 20 years of experience in this sector have been appalling and I deplore the low level of ethics in this research community, toxic concentration of power and money and all the forms of scientific bias caused by that.

This is now changing after the Snowden revelations.

wolf43

A major paper on the topic of subversion of random number generators has been published. RNGs are really THE place where cryptographic protections could be and were subverted, a lot more easily than elsewhere. In contrast it is very hard to subvert a symmetric cipher or a hash function.

Some citations:
“The study of subversion of cryptographic systems — how to undetectably and securely subvert them, and how to defend against subversion — is a central one”.

This paper concentrates a lot of attention to the question of immunization: how to a backdoor-ed RNG can be used securely or rendered inoffensive: for example due to post-processing or by having an auxiliary input.

 

Record Breaking DAO Token Sale

Posted by on

In the last 2 weeks it was possible to buy DAO tokens, a major new form of distributed business constructed to run on ETH blockchain. Until Friday 12 May 2016 some 50 M$ were invested. Then the price of these tokens has started raising [following the pre-determined rule] for the last 2 weeks of token pre-sale. This has resulted in an unprecedented spike in investment: just during this week-end investors have invested another 57 M$. It has captured more than 13% of all ETH in existence and counting.

The DAO is claimed to be created by an anonymous or leader-less entity. bpcomp_Ninja2This seems to be just a pure publicity stunt and a lame attempt to avoid any legal responsibility for the people who has created it and run it (cf. DAO Curators here). This DAO is simply another blatant attempt to create a new form of social organization which can circumvent stock markets, investment banks, venture capital firms, etc. Congratulations for the people behind it for their courage. If by any chance they go to prison, for example due to US securities laws, we will send them oranges. We have set up a special “blockchain oranges fund” to support blockchain geeks while in prison. Please donate here.

Values

The DAO has announced that they subscribe to the following values:

  • Transparency
  • Democracy
  • Decentralization
  • Voluntary participation
  • Non-exclusion
  • Privacy and the right to anonymity
  • Non-aggression

Furthermore they say that they will not seek profits through means contradictory to these stated values or to the categorical imperative.

Updates

DAO has raised 162 M$ total.
Then it has apparently been another opportunity for criminals to steal 50M of dollars in Ethers.
It is not clear what happens next.

UCL Code Breaking Competition Winners Announced

Posted by on

On the V-Day and the 71st anniversary of defeating the Nazi Germany, we should remember how much the victory is owed to code breakers at Bletchley Park and elsewhere.

2016 UCL Code Breaking Competition (part of GA18).

On this day it is my pleasure to announce the winners of the 2016 UCL Code Breaking competition.

The winners are:

  • Joint 1st prize: Iason Papapanagiotakis-Bousy. Grade 89/100.
    Has obtained the title of Password Cracking and Cryptanalysis Champion.
  • Joint 1st prize: Chris Jeonghyuk Park. Grade 88/100.
    Has obtained the title of Blockchain Data Mining Champion.
  • 2nd prize: Patrick Hough. Grade obtained 76/100.
    Has obtained the title of Blockchain Key Recovery Champion.
  • 3rd Prize: Lim Min. Grade obtained 73/100.
    Has obtained the title of Best Female/Minority Code Breaker.
  • Distiction: Ilyas Azeem.
  • Distiction: Markus Schlegel.
  • Distiction: Ellery Smith.
  • Distiction: Weixiu Tan.

The first four students are also awarded a cash prize worth 1 BTC each, which will be converted to partial sponsorship for attending a summer school in Corfu, or/and other research expenses.

We also have merit-range grades (below 69): Huanyu Ma, Wei Shao, Yuruo Zhang.

winner

 

 

 

 

 

 

About UCL Code Breaking Competition

The Cryptanalysis (COMPGA18/COMPM068) module in UCL’s MSc Information Security provides students with the foundational knowledge to analyse cryptographic systems. In 2016, it was taught by Nicolas T. Courtois, Jonathan Bootle, Christophe Petit and Mary Maller. Some course slides, tutorials and labs we use in GA18 can be found here.

To give students a more realistic (and enjoyable) experience there is no written exam for this module; instead the students are evaluated based on [individual] programming projects and a [group] code breaking competition. UCL has a strong tradition of experimental research and we have been running many student competitions and hacking events in the past. In March 2013 a team directed by Dr Courtois won the UK University Cipher Challenge 2013 award, held as part of the UK Cyber Security Challenge.

Evolution-Photo-by-Johanna-Pung1-450x180

This year the competition has been about recovering private keys in real-life systems. It has involved the study of random number generators, software reverse-engineering, password cracking, elliptic curve cryptography, hash functions, exploration of large datasets, programming and experimentation, optimization, visualization and statistics, and complex key recovery attacks based on algebraic exploitation of various types of special events. We also have developed passive and active side channel attacks with cache type of leakage, aiming at recovering private keys and with a variety of implementations. In the past years, we have allowed participants from other London universities. For further information, contact Dr Nicolas Courtois

About the Prize Winners:

 gemmb vasm davm davm

  • Iason Papapanagiotakis-Bousy (left) is a UCL M.Sc. InfoSec student from Greece.
    During the competition he has broken hundreds of thousands of real-life passwords including some 200 passwords which have never been discovered before. He has done remarkable work on algebraic cryptanalysis on Simon block cipher, which work has been submitted for publication and will be published in proceedings of SECRYPT 2016 conference this summer. He was also a member of UCL team in the international CTF (Capture The Flag) hacking competition. He has excellent skills in scientific data analysis and modeling and has greatly contributed to our blockchain high-speed data mining effort.
  • Chris Jeonghyuk Park is a UCL M.Sc. InfoSec student from South Korea. He was also a member of the same UCL team in CTF, and also a prolific password cracker able to recover countless passwords which no one has found before. He is an experienced Linux/C software developer. Furthermore, he also has distinguished himself in blockchain data mining. His expertise is problem solving, algorithms, network & system security. He recently has studied and did a presentation about Ethereum mining internals. This month he is starting an internship at a FinTech/blockchain company in central London.
  • Patrick Hough is a UCL Maths student (cf. here). His primary interest is analytic number theory, and he has been in the recent months working with Prof. Andrew Granville on (recently) very  famous questions of biases in prime numbers. He has been one of the very best first year students at UCL faculty of mathematical and physical sciences in 2013.
  • Lim Min (right) is a visiting UCL Maths student from Singapore. She is a born problem-solver and enjoys applying mathematics to real-life questions. During our lectures and tutorials, she distinguished herself by her questions and her natural grasp for understanding how various events affect the feasibility and success rate of cryptanalytic attacks.

Sponsors

Special thanks to our gold sponsors which are sponsoring our group trip to Greece or/and our research expenses prize fund: ClearmaticsTramonex, FinyearBlockchain.com.

clearmatics_logo_BW_250Tramonex0
finyear_logobc3

A Short Human-Verifiable Proof that Craig Wright has Cheated the Press

Posted by on

Hours after his TV interview and his coming out in The Economist and elsewhere, I can confirm beyond reasonable doubt that Craig Wright (CW) has cheated us about his ability to sign messages with Satoshi’s private key.

Here is a short executive summary of facts guaranteed to be 100% exact.This is also a short and easy to check PROOF that Craig has lied and cheated.

detective-searching-investigates-searches-footprints-crime-scene-40878956

 

 

  1. Craig has claimed (cf. second black screen on hig blog post) that a certain file “Sartre” hashes to 479f9dff0155c045da78402177855fdb4f0f396dc0d2c24f7376dd56e2e68b05 but he omitted to publish the full content of this file in order to check that this is true.
  2. However this CANNOT be true as 479.. was discovered to be a hash of this bitcoin transaction and one cannot produce two messages which have the same SHA-256 hash.
  3. To show this we need to produce a raw transaction before signing, this is done by Ryan Castelucci here, he basically reconstructed the “Sartre” file which never was a citation from Sartre.
  4. In order for the reader to be convinced that this is 100% correct, please check that inside a this bitcoin transaction we have an input script 410411db93e1dcdb8a016b49840f8c53…. which also appears twice inside this online hash tool command which I have created and which contains the whole of modtx re-constructed by Ryan. Please run the command and check that it produces 479f9dff0155c045da78402177… in SHA-256 output section in the web tool. 

Overall CW did not have to sign anything because his message is not new and was previously signed in bitcoin blockchain.
This ends the proof that Craig Wright has cheated us.

Added later: Vitalik enumerates numerous lies by CW. In general CW is champion, here is his most recent lie.

Is Satoshi Nakamoto Back?

Posted by on

Today the Economist publishes a picture of Craig Wright, who decided to confirm and embrace the claim that he is the mysterious creator of bitcoin, Satoshi Nakamoto. The picture and the paper portrays a sad man who is badly struggling “to convince the world that he is indeed who he claims to be”. He also gave a TV interview broadcast today in which he says that he does not care what people think about him, that he wants to be alone, and he will never give any more TV interviews.

sam_shad200

 

 

 

 

The history of bitcoin until today was a history of obscure origins and a certain obscurantism. If obscure origins could eventually be dissipated, could something eventually be done about obscurantism? Yes. A little bit. It is not too late.

I will repeat my long standing proposal that source code of a computer system should not be anonymous and there should be some real person who should be held [legally] responsible for it. So no one will force Mr Wright to appear on TV but he might in the future be forced to explain himself on certain technical questions or appear in court for some strange reasons.
For example I would gladly ask whoever claims to be Satoshi AND current bitcoin core developers to stop their appalling practice of using a bizarre non-orthodox form of cryptography to protect billions of dollars of assets. Until today the bitcoin community have been so careless and irresposible about customer money as to mandate a crypto solution (secp256k1) which is NOT approved neither by the NSA nor any other major government, nor by a single academic researcher in cryptography I have ever met.

ADDED later:
It is now clear that Craig has cheated, elaborate fraud and an incredible show of contempt for the press and bitcoin community. More details. Two key personalities in bitcoin however have announced that they still believe that Craig was Satoshi (or that they saw some evidence of it, which is almost certainly totally untrue). Subsequently Craig Wright announced that he intends to break his word and that he is unwilling or unable to or that he will no longer try to provide any sort of a proof in order to convince anyone that he is Satoshi. (Remark: this paper provides an alibi or a plausible explanation for that: it claims that Craig changed his mind because of news about his UK arrest under terrorism act, and said that he prefers to be seen as a fraud then to be prevented from seeing his family.)   

ADDED even later: this same paper by Andrew O’Hagan sheds light on a key moment which happened just a few days before the story about Craig coming out Satoshi have hit the mainstream media [The Economist, TV interviews etc]. During one meeting, at the very moment when Craig Wright was about to be found out as fraudster, Craig has a sudden outburst of anger and asked the cryptography expert to “get the fuck out” of the room. It is for sure a lot easier to commit fraud and convince naive journalists in absence of an senior cryptography expert who has written and knows 1000 more than Craig on applied cryptography and specifically about this sort of questions of security of cryptographic keys in real-life systems.

REMARK: None of these proves that Craig is not Satoshi or that he is not 30% Satoshi [group work]. It just shows what kind of dark character Craig is and that it is not necessary to present any evidence whatsoever to convince the press and the media about a claim, you just need to write large cheque to a PR agency which will arrange for your claim to be very widely publicized and many will believe it.

Prime Numbers Conspiracy

Posted by on

The press is full of reports about a new discovery about prime numbers.

Consecutive prime numbers do NOT like to end by the same digit mod q.

For example the probability that the difference of two consecutive prime numbers close to x is divisible by 3 is different than 1/2 one might very naively expect. It is substantially smaller and equal approximately to:

.

Conspiracy?

The term of conspiracy was used in Quanta Magazine paper and by the UK Independent and many others. We stress that this bias though very substantial is now apparently satisfactorily explained by mathematicians.
Mathematicians remain nevertheless stunned and shocked by this discovery. One frequently cited  expert on this and many similar questions is the UCL Maths department professor Andrew Granville. He told the press that this discovery is simply crazy or simply very surprising.

Is this Relevant to Cryptography?

This is a huge bias in practice. It is certainly relevant for prime numbers used in cryptography, can be used to accelerate some algorithms etc. It can be explained in terms of correlations: prime numbers lying close to a certain number x are correlated. This is quite disturbing and is very hard to believe.

Note: In cryptography we have lots of unexplained “mystery” questions, see for example at nearly every page of this paper or the “Mystery Question” section inside this more recent paper.