Cryptography is the art of creating mathematical assurances for who can do what with data, including but not limited to encryption of messages such that only the key-holder can read it. Cryptography lives at an intersection of math and computer science. This subreddit covers the theory and practice of modern and *strong* cryptography, and it is a technical subreddit focused on the algorithms and implementations of cryptography.
Anyone else interested in bitcoin? I implemented a large chunk of its technology in C. Includes base58 and base32 encoding, an implementation of the elliptic curve encryption algorithm, node intercommunication, and some other things. Take a look and let me know what you think.
[Serious] Need help to recover potentially thousands of bitcoin
Hi all, I won't give too many details for obvious reasons. I have in my possession an encrypted hard drive from a relative which has been untouched since 2013. This person invited me to buy some bitcoin in 2011, invested at least 1000€ in bitcoin (possiblity more) and was setting up a business related to bitcoin back in 2013. He then passed away and we now have his hard drives but they're all encrypted. He was very security savvy (his passwords were in his head with a minimum of 25 characters sometimes) so brute forcing is not an option. We asked some very knowledgeable people who said we should give up for the time being because current CPU power would not be able to crack anything in the next coming years (we even talked to companies which only purpose is to have high end CPUs). There is nothing written from his belongings that would point in the direction of a password, but he had a purple usb key which was also a fingerprint reader so I'm guessing he used it for 2FA. Knowing him very well, he was extremely obsessed with security (he had a dedicated router working as a firewall on top of his router modem at home), so I would expect the worse in this case. The hard drive was an internal hybrid disc from a Sony Vaio. Did anyone else go through a similar situation? Any creative ideas? Or are we SOL? I was just listening to the reply all podcast and they were talking about a bitcoin hunter so I just thought of asking here for ideas. Thanks
I’ve been into BTC since 2014, never had any doubt it would be the future of money. I have decent knowledge of computer science, but I’m definitely not an expert. A very intelligent guy I know who knows a lot more about computers than I do recently told me he think quantum computers will destroy bitcoin in 5-10 years. Does anyone who knows a lot about this wanna chime in with some DD?
Ultimate glossary of crypto currency terms, acronyms and abbreviations
A common sentiment is brewing online; a shared desire for the internet that might have been. After decades of corporate encroachment, you don't need to be a power user to realize that something has gone very wrong. In the early days of the internet, the future was bright. In that future, when you sent an instant message, it traveled directly to the recipient. When you needed to pay a friend, you announced a transfer of value to their public key. When an app was missing a feature you wanted, you opened up the source code and implemented it. When you took a picture on your phone, it was immediately encrypted and backed up to storage that you controlled. In that future, people would laugh at the idea of having to authenticate themselves to some corporation before doing these things. What did we get instead? Rather than a network of human-sized communities, we have a handful of enormous commons, each controlled by a faceless corporate entity. Hey user, want to send a message? You can, but we'll store a copy of it indefinitely, unencrypted, for our preference-learning algorithms to pore over; how else could we slap targeted ads on every piece of content you see? Want to pay a friend? You can—in our Monopoly money. Want a new feature? Submit a request to our Support Center and we'll totally maybe think about it. Want to backup a photo? You can—inside our walled garden, which only we (and the NSA, of course) can access. Just be careful what you share, because merely locking you out of your account and deleting all your data is far from the worst thing we could do. You rationalize this: "MEGACORP would never do such a thing; it would be bad for business." But we all know, at some level, that this state of affairs, this inversion of power, is not merely "unfortunate" or "suboptimal" – No. It is degrading. Even if MEGACORP were purely benevolent, it is degrading that we must ask its permission to talk to our friends; that we must rely on it to safeguard our treasured memories; that our digital lives are completely beholden to those who seek only to extract value from us. At the root of this issue is the centralization of data. MEGACORP can surveil you—because your emails and video chats flow through their servers. And MEGACORP can control you—because they hold your data hostage. But centralization is a solution to a technical problem: How can we make the user's data accessible from anywhere in the world, on any device? For a long time, no alternative solution to this problem was forthcoming. Today, thanks to a confluence of established techniques and recent innovations, we have solved the accessibility problem without resorting to centralization. Hashing, encryption, and erasure encoding got us most of the way, but one barrier remained: incentives. How do you incentivize an anonymous stranger to store your data? Earlier protocols like BitTorrent worked around this limitation by relying on altruism, tit-for-tat requirements, or "points" – in other words, nothing you could pay your electric bill with. Finally, in 2009, a solution appeared: Bitcoin. Not long after, Sia was born. Cryptography has unleashed the latent power of the internet by enabling interactions between mutually-distrustful parties. Sia harnesses this power to turn the cloud storage market into a proper marketplace, where buyers and sellers can transact directly, with no intermediaries, anywhere in the world. No more silos or walled gardens: your data is encrypted, so it can't be spied on, and it's stored on many servers, so no single entity can hold it hostage. Thanks to projects like Sia, the internet is being re-decentralized. Sia began its life as a startup, which means it has always been subjected to two competing forces: the ideals of its founders, and the profit motive inherent to all businesses. Its founders have taken great pains to never compromise on the former, but this often threatened the company's financial viability. With the establishment of the Sia Foundation, this tension is resolved. The Foundation, freed of the obligation to generate profit, is a pure embodiment of the ideals from which Sia originally sprung. The goals and responsibilities of the Foundation are numerous: to maintain core Sia protocols and consensus code; to support developers building on top of Sia and its protocols; to promote Sia and facilitate partnerships in other spheres and communities; to ensure that users can easily acquire and safely store siacoins; to develop network scalability solutions; to implement hardforks and lead the community through them; and much more. In a broader sense, its mission is to commoditize data storage, making it cheap, ubiquitous, and accessible to all, without compromising privacy or performance. Sia is a perfect example of how we can achieve better living through cryptography. We now begin a new chapter in Sia's history. May our stewardship lead it into a bright future.
Today, we are proposing the creation of the Sia Foundation: a new non-profit entity that builds and supports distributed cloud storage infrastructure, with a specific focus on the Sia storage platform. What follows is an informal overview of the Sia Foundation, covering two major topics: how the Foundation will be funded, and what its funds will be used for.
The Sia Foundation will be structured as a non-profit entity incorporated in the United States, likely a 501(c)(3) organization or similar. The actions of the Foundation will be constrained by its charter, which formalizes the specific obligations and overall mission outlined in this document. The charter will be updated on an annual basis to reflect the current goals of the Sia community. The organization will be operated by a board of directors, initially comprising Luke Champine as President and Eddie Wang as Chairman. Luke Champine will be leaving his position at Nebulous to work at the Foundation full-time, and will seek to divest his shares of Nebulous stock along with other potential conflicts of interest. Neither Luke nor Eddie personally own any siafunds or significant quantities of siacoin.
The primary source of funding for the Foundation will come from a new block subsidy. Following a hardfork, 30 KS per block will be allocated to the "Foundation Fund," continuing in perpetuity. The existing 30 KS per block miner reward is not affected. Additionally, one year's worth of block subsidies (approximately 1.57 GS) will be allocated to the Fund immediately upon activation of the hardfork. As detailed below, the Foundation will provably burn any coins that it cannot meaningfully spend. As such, the 30 KS subsidy should be viewed as a maximum. This allows the Foundation to grow alongside Sia without requiring additional hardforks. The Foundation will not be funded to any degree by the possession or sale of siafunds. Siafunds were originally introduced as a means of incentivizing growth, and we still believe in their effectiveness: a siafund holder wants to increase the amount of storage on Sia as much as possible. While the Foundation obviously wants Sia to succeed, its driving force should be its charter. Deriving significant revenue from siafunds would jeopardize the Foundation's impartiality and focus. Ultimately, we want the Foundation to act in the best interests of Sia, not in growing its own budget.
The Foundation inherits a great number of responsibilities from Nebulous. Each quarter, the Foundation will publish the progress it has made over the past quarter, and list the responsibilities it intends to prioritize over the coming quarter. This will be accompanied by a financial report, detailing each area of expenditure over the past quarter, and forecasting expenditures for the coming quarter. Below, we summarize some of the myriad responsibilities towards which the Foundation is expected to allocate its resources.
Maintain and enhance core Sia software
Arguably, this is the most important responsibility of the Foundation. At the heart of Sia is its consensus algorithm: regardless of other differences, all Sia software must agree upon the content and rules of the blockchain. It is therefore crucial that the algorithm be stewarded by an entity that is accountable to the community, transparent in its decision-making, and has no profit motive or other conflicts of interest. Accordingly, Sia’s consensus functionality will no longer be directly maintained by Nebulous. Instead, the Foundation will release and maintain an implementation of a "minimal Sia full node," comprising the Sia consensus algorithm and P2P networking code. The source code will be available in a public repository, and signed binaries will be published for each release. Other parties may use this code to provide alternative full node software. For example, Nebulous may extend the minimal full node with wallet, renter, and host functionality. The source code of any such implementation may be submitted to the Foundation for review. If the code passes review, the Foundation will provide "endorsement signatures" for the commit hash used and for binaries compiled internally by the Foundation. Specifically, these signatures assert that the Foundation believes the software contains no consensus-breaking changes or other modifications to imported Foundation code. Endorsement signatures and Foundation-compiled binaries may be displayed and distributed by the receiving party, along with an appropriate disclaimer. A minimal full node is not terribly useful on its own; the wallet, renter, host, and other extensions are what make Sia a proper developer platform. Currently, the only implementations of these extensions are maintained by Nebulous. The Foundation will contract Nebulous to ensure that these extensions continue to receive updates and enhancements. Later on, the Foundation intends to develop its own implementations of these extensions and others. As with the minimal node software, these extensions will be open source and available in public repositories for use by any Sia node software. With the consensus code now managed by the Foundation, the task of implementing and orchestrating hardforks becomes its responsibility as well. When the Foundation determines that a hardfork is necessary (whether through internal discussion or via community petition), a formal proposal will be drafted and submitted for public review, during which arguments for and against the proposal may be submitted to a public repository. During this time, the hardfork code will be implemented, either by Foundation employees or by external contributors working closely with the Foundation. Once the implementation is finished, final arguments will be heard. The Foundation board will then vote whether to accept or reject the proposal, and announce their decision along with appropriate justification. Assuming the proposal was accepted, the Foundation will announce the block height at which the hardfork will activate, and will subsequently release source code and signed binaries that incorporate the hardfork code. Regardless of the Foundation's decision, it is the community that ultimately determines whether a fork is accepted or rejected – nothing can change that. Foundation node software will never automatically update, so all forks must be explicitly adopted by users. Furthermore, the Foundation will provide replay and wipeout protection for its hard forks, protecting other chains from unintended or malicious reorgs. Similarly, the Foundation will ensure that any file contracts formed prior to a fork activation will continue to be honored on both chains until they expire. Finally, the Foundation also intends to pursue scalability solutions for the Sia blockchain. In particular, work has already begun on an implementation of Utreexo, which will greatly reduce the space requirements of fully-validating nodes (allowing a full node to be run on a smartphone) while increasing throughput and decreasing initial sync time. A hardfork implementing Utreexo will be submitted to the community as per the process detailed above. As this is the most important responsibility of the Foundation, it will receive a significant portion of the Foundation’s budget, primarily in the form of developer salaries and contracting agreements.
Support community services
We intend to allocate 25% of the Foundation Fund towards the community. This allocation will be held and disbursed in the form of siacoins, and will pay for grants, bounties, hackathons, and other community-driven endeavours. Any community-run service, such as a Skynet portal, explorer or web wallet, may apply to have its costs covered by the Foundation. Upon approval, the Foundation will reimburse expenses incurred by the service, subject to the exact terms agreed to. The intent of these grants is not to provide a source of income, but rather to make such services "break even" for their operators, so that members of the community can enrich the Sia ecosystem without worrying about the impact on their own finances.
Ensure easy acquisition and storage of siacoins
Most users will acquire their siacoins via an exchange. The Foundation will provide support to Sia-compatible exchanges, and pursue relevant integrations at its discretion, such as Coinbase's new Rosetta standard. The Foundation may also release DEX software that enables trading cryptocurrencies without the need for a third party. (The Foundation itself will never operate as a money transmitter.) Increasingly, users are storing their cryptocurrency on hardware wallets. The Foundation will maintain the existing Ledger Nano S integration, and pursue further integrations at its discretion. Of course, all hardware wallets must be paired with software running on a computer or smartphone, so the Foundation will also develop and/or maintain client-side wallet software, including both full-node wallets and "lite" wallets. Community-operated wallet services, i.e. web wallets, may be funded via grants. Like core software maintenance, this responsibility will be funded in the form of developer salaries and contracting agreements.
Protect the ecosystem
When it comes to cryptocurrency security, patching software vulnerabilities is table stakes; there are significant legal and social threats that we must be mindful of as well. As such, the Foundation will earmark a portion of its fund to defend the community from legal action. The Foundation will also safeguard the network from 51% attacks and other threats to network security by implementing softforks and/or hardforks where necessary. The Foundation also intends to assist in the development of a new FOSS software license, and to solicit legal memos on various Sia-related matters, such as hosting in the United States and the EU. In a broader sense, the establishment of the Foundation makes the ecosystem more robust by transferring core development to a more neutral entity. Thanks to its funding structure, the Foundation will be immune to various forms of pressure that for-profit companies are susceptible to.
Drive adoption of Sia
Although the overriding goal of the Foundation is to make Sia the best platform it can be, all that work will be in vain if no one uses the platform. There are a number of ways the Foundation can promote Sia and get it into the hands of potential users and developers. In-person conferences are understandably far less popular now, but the Foundation can sponsor and/or participate in virtual conferences. (In-person conferences may be held in the future, permitting circumstances.) Similarly, the Foundation will provide prizes for hackathons, which may be organized by community members, Nebulous, or the Foundation itself. Lastly, partnerships with other companies in the cryptocurrency space—or the cloud storage space—are a great way to increase awareness of Sia. To handle these responsibilities, one of the early priorities of the Foundation will be to hire a marketing director.
The Foundation Fund will be controlled by a multisig address. Each member of the Foundation's board will control one of the signing keys, with the signature threshold to be determined once the final composition of the board is known. (This threshold may also be increased or decreased if the number of board members changes.) Additionally, one timelocked signing key will be controlled by David Vorick. This key will act as a “dead man’s switch,” to be used in the event of an emergency that prevents Foundation board members from reaching the signature threshold. The timelock ensures that this key cannot be used unless the Foundation fails to sign a transaction for several months. On the 1st of each month, the Foundation will use its keys to transfer all siacoins in the Fund to two new addresses. The first address will be controlled by a high-security hot wallet, and will receive approximately one month's worth of Foundation expenditures. The second address, receiving the remaining siacoins, will be a modified version of the source address: specifically, it will increase the timelock on David Vorick's signing key by one month. Any other changes to the set of signing keys, such as the arrival or departure of board members, will be incorporated into this address as well. The Foundation Fund is allocated in SC, but many of the Foundation's expenditures must be paid in USD or other fiat currency. Accordingly, the Foundation will convert, at its discretion, a portion of its monthly withdrawals to fiat currency. We expect this conversion to be primarily facilitated by private "OTC" sales to accredited investors. The Foundation currently has no plans to speculate in cryptocurrency or other assets. Finally, it is important that the Foundation adds value to the Sia platform well in excess of the inflation introduced by the block subsidy. For this reason, the Foundation intends to provably burn, on a quarterly basis, any coins that it cannot allocate towards any justifiable expense. In other words, coins will be burned whenever doing so provides greater value to the platform than any other use. Furthermore, the Foundation will cap its SC treasury at 5% of the total supply, and will cap its USD treasury at 4 years’ worth of predicted expenses. Addendum: Hardfork Timeline We would like to see this proposal finalized and accepted by the community no later than September 30th. A new version of siad, implementing the hardfork, will be released no later than October 15th. The hardfork will activate at block 293220, which is expected to occur around 12pm EST on January 1st, 2021.
Addendum: Inflation specifics The total supply of siacoins as of January 1st, 2021 will be approximately 45.243 GS. The initial subsidy of 1.57 GS thus increases the supply by 3.47%, and the total annual inflation in 2021 will be at most 10.4% (if zero coins are burned). In 2022, total annual inflation will be at most 6.28%, and will steadily decrease in subsequent years.
We see the establishment of the Foundation as an important step in the maturation of the Sia project. It provides the ecosystem with a sustainable source of funding that can be exclusively directed towards achieving Sia's ambitious goals. Compared to other projects with far deeper pockets, Sia has always punched above its weight; once we're on equal footing, there's no telling what we'll be able to achieve. Nevertheless, we do not propose this change lightly, and have taken pains to ensure that the Foundation will act in accordance with the ideals that this community shares. It will operate transparently, keep inflation to a minimum, and respect the user's fundamental role in decentralized systems. We hope that everyone in the community will consider this proposal carefully, and look forward to a productive discussion.
Cryptocurrencies are going to loose their value instantly somewhen in the next two decades.
Hi folks. So I just stumbled upon this subreddit and I hope this doesnt break the "no repetition" rule. So Im a computer science student and do some stuff concerning quantum computing. Some of you can probably guess what comes next, for those who dont I'll give a very brief explanation how that is related to bitcoin and so on. Im sure you all know the value of e.g. Bitcoins comes from the time it take to "mine" them. The reason for that being so relatively time-intensive is that current computers arent actually very good for these kind of computation. Thats a whole different matter with quantum computers though. Unfortunately the kind of computations which are required to mine Bitcoins are exactely the kind which comes incredibly easy for this the kind of technology. The times it takes even shrinks exponantially with the amount available quantum bits. While veing able to solve stuff better in new ways we werent able to before seems gemerally like a good think that means pretty bad news for everything concerning encryption, which means crypto currencies too. This would result in all emcryption becoming essentially worthless. Some is safely encrypted now a days because without the corresponding key a modern encryption would take literally millenia to brute force with normal computers. Quantum computers would make that a matter of days or even hours. Same goes for Bitcoins making them unreliable and unsafe, not to mention that the inflation would be unimaginable and be probably enough to destroy the whole concept on itself. Also recent successfull experimental setups have made it pretty clear that quantum computers with the expected capabilities Im describing here really are to be expected in the next 10-20 years. Now I'd be interested in how aware the whole bitcoin community is on that matter and what the generel attitude about that is. (also sorry for any bad english)
Recovering private key of change address from Bitcoin Core
Hello, I am trying to help my mostly Bitcoin-ignorant friend with the following problem: A long time ago, he mined some BTC using Bitcoin Core client with unecrypted wallet.dat. Some years later, he added encryption to his client and sent some BTC to someone else ("transaction X"). Then he forgot the password of his wallet.dat. He had backed up the original (unencrypted) wallet.dat file so I managed to extract private key of his mining address from it and send his funds safely elsewhere. However, during "transaction X", around 0.7 BTC ended on a new "change address". I cannot access the private key of this "change address" because it was generated after the wallet was encrypted and he forgot the password. Or is there a way to find this private key, e.g. are the change addresses PKs in Bitcoin Core generated using some non-random derivation algorithm? I have access to both versions of the wallet.dat file (original unecrypted and later encrypted before "Transaction X") EDIT: Thanks everyone. The wallet was old (non HD) type so the change address' private key is probably lost forever, unless my friend remembers his password.
Stakenet (XSN) - A DEX with interchain capabilities (BTC-ETH), Huge Potential [Full Writeup]
Preface Full disclosure here; I am heavily invested in this. I have picked up some real gems from here and was only in the position to buy so much of this because of you guys so I thought it was time to give back. I only invest in Utility Coins. These are coins that actually DO something, and provide new/build upon the crypto infrastructure to work towards the end goal that Bitcoin itself set out to achieve(financial independence from the fiat banking system). This way, I avoid 99% of the scams in crypto that are functionless vapourware, and if you only invest in things that have strong fundamentals in the long term you are much more likely to make money. Introduction
Stakenet is a Lightning Network-ready open-source platform for decentralized applications with its native cryptocurrency – XSN. It is powered by a Proof of Stake blockchain with trustless cold staking and Masternodes. Its use case is to provide a highly secure cross-chain infrastructure for these decentralized applications, where individuals can easily operate with any blockchain simply by using Stakenet and its native currency XSN.
Ok... but what does it actually do and solve? The moonshot here is the DEX (Decentralised Exchange) that they are building. This is a lightning-network DEX with interchain capabilities. That means you could trade BTC directly for ETH; securely, instantly, cheaply and privately. Right now, most crypto is traded to and from Centralised Exchanges like Binance. To buy and sell on these exchanges, you have to send your crypto wallets on that exchange. That means the exchanges have your private keys, and they have control over your funds. When you use a centralised exchange, you are no longer in control of your assets, and depend on the trustworthiness of middlemen. We have in the past of course seen infamous exit scams by centralised exchanges like Mt. Gox. The alternative? Decentralised Exchanges. DEX's have no central authority and most importantly, your private keys(your crypto) never leavesYOUR possession and are never in anyone else's possession. So you can trade peer-to-peer without any of the drawbacks of Centralised Exchanges. The problem is that this technology has not been perfected yet, and the DEX's that we have available to us now are not providing cheap, private, quick trading on a decentralised medium because of their technological inadequacies. Take Uniswap for example. This DEX accounts for over 60% of all DEX volume and facilitates trading of ERC-20 tokens, over the Ethereum blockchain. The problem? Because of the huge amount of transaction that are occurring over the Ethereum network, this has lead to congestion(too many transaction for the network to handle at one time) so the fees have increased dramatically. Another big problem? It's only for Ethereum. You cant for example, Buy LINK with BTC. You must use ETH. The solution? Layer 2 protocols. These are layers built ON TOP of existing blockchains, that are designed to solve the transaction and scaling difficulties that crypto as a whole is facing today(and ultimately stopping mass adoption) The developers at Stakenet have seen the big picture, and have decided to implement the lightning network(a layer 2 protocol) into its DEX from the ground up. This will facilitate the functionalities of a DEX without any of the drawbacks of the CEX's and the DEX's we have today. Heres someone much more qualified than me, Andreas Antonopoulos, to explain this https://streamable.com/kzpimj 'Once we have efficient, well designed DEX's on layer 2, there wont even be any DEX's on layer 1' Progress The Stakenet team were the first to envision this grand solution and have been working on it since its conception in June 2019. They have been making steady progress ever since and right now, the DEX is in an open beta stage where rigorous testing is constant by themselves and the public. For a project of this scale, stress testing is paramount. If the product were to launch with any bugs/errors that would result in the loss of a users funds, this would obviously be very damaging to Stakenet's reputation. So I believe that the developers conservative approach is wise. As of now the only pairs tradeable on the DEX are XSN/BTC and LTC/BTC. The DEX has only just launched as a public beta and is not in its full public release stage yet. As development moves forward more lightning network and atomic swap compatible coins will be added to the DEX, and of course, the team are hard at work on Raiden Integration - this will allow ETH and tokens on the Ethereum blockchain to be traded on the DEX between separate blockchains(instantly, cheaply, privately) This is where Stakenet enters top 50 territory on CMC if successful and is the true value here. Raiden Integration is well underway is being tested in a closed public group on Linux. The full public DEX with Raiden Integration is expected to release by the end of the year. Given the state of development so far and the rate of progress, this seems realistic. Tokenomics 2.6 Metrics overview (from whitepaper)
Ticker: XSN. Currency type: Coin.
Consensus: Minting Proof of Stake, Trustless Proof of Stake.
XSN is slightly inflationary, much like ETH as this is necessary for the economy to be adopted and work in the long term. There is however a deflationary mechanism in place - all trading fees on the DEX get converted to XSN and 10% of these fees are burned. This puts constant buying pressure on XSN and acts as a deflationary mechanism. XSN has inherent value because it makes up the infrastructure that the DEX will run off and as such Masternode operators and Stakers will see the fee's from the DEX. Conclusion We can clearly see that a layer 2 DEX is the future of crypto currency trading. It will facilitate secure, cheap, instant and private trading across all coins with lightning capabilities, thus solving the scaling and transaction issues that are holding back crypto today. I dont need to tell you the implications of this, and what it means for crypto as a whole. If Stakenet can launch a layer 2 DEX with Raiden Integration, It will become the primary DEX in terms of volume. Stakenet DEX will most likely be the first layer 2 DEX(first mover advantage) and its blockchain is the infrastructure that will host this DEX and subsequently receive it's trading fee's. It is not difficult to envision a time in the next year when Stakenet DEX is functional and hosting hundreds of millions of dollars worth of trading every single day. At $30 million market cap, I cant see any other potential investment right now with this much potential upside. This post has merely served as in introduction and a heads up for this project, there is MUCH more to cover like vortex liquidity, masternodes, TOR integration... for now, here is some additional reading. Resources
Hi Monero community! Two months ago I posted a CCS for continuing my research on Monero Atomic Swaps. That research is now complete and I'm happy to present my results. This post will be a summary of my research, but you can also find the whitepaper that describes the full protocol and all the details here.
Shiny BTC/XMR Atomic Swap Protocol!
We found it! With the help of the MRL, my colleagues, and the community, we created the first (to our knowledge) protocol to atomically swap bitcoin and monero. And this resulting protocol is implementable today - no more obscure crypto!
Why now? What changed?
When I started studying Monero for a Bitcoin/Monero atomic swap three and a half years ago, most of the swap protocols where based on 'Hash Time Locked Contract' (HTLC), something that we all know as non-existent on Monero. So the goal at the beginning of the project was to create an atomic swap where all the logic (timeouts, possible sequences of operation, secret disclosures, etc) is managed on the other chain: the Bitcoin chain. The second difficulty with Monero and Bitcoin is their respective underlying cryptographic parameters: they don't share the same elliptic curve, they don't share the same signing algorithm; they have nothing in common! This makes the pair a bad candidate for other types of atomic swap that don't (solely) rely on HTLC. In November 2018 we came up with a draft protocol that respects the above constraints. Thus, the protocol requires a specific type of zero-knowledge proof to be trustless: a hash pre-image zero-knowledge proof. This type of zkp is not wildly used in practice, if at all. Thus the protocol works in theory, but with some obscure crypto, making the protocol a bad candidate for an implementation. In early 2020, after presenting the draft protocol at 36C3 in December 2019, I discovered, by reference from Sarang Noether (MRL), Andrew Poelstra's idea of doing a discrete logarithm equality across group zero-knowledge proof of knowledge (MRL-0010), meaning that we can prove some relations between elements in two different groups (two curves to simplify) and the paper by LLoyd Fournier on One-Time Verifiably Encrypted Signatures allowing secret disclosure with ECDSA. With these two new (to me) cryptographic primitives, we were able to replace the previous zero-knowledge proof with a combination of the latter, making the protocol complete and practically feasible.
How it works
As a broad overview (and simplified) the protocol work as follow:
The monero are locked in an address generated by both participants
At the beginning, neither of the participants have the full control over the address; they both have half of the private key only
With the cross group discrete logarithm equality zkp, both participants prove to each other that the address on the Bitcoin chain is related to the address on the Monero chain
By means of Bitcoin scripts and ECDSA one-time verifiably encrypted signatures, one participant reveals to the other her partial private key by taking the bitcoin, allowing the other to take control over the monero
If the swap succeeds, A reveals to B, and if the swap is cancelled, B reveals to A. (We have a third scenario explained in the paper to force reaction and avoid deadlock.)
The obvious next step would be to have a working implementation on mainnet, but a ready-to-use implementation that is also robust and safe-to-use requires a lot of engineering work. Furthermore, even though the cryptography is not too obscure, most of it still also lacks an implementation. I'll post soon, if the community wants it, a CCS proposal to get my team and I to work on implementing this protocol, step by step, with the end goal of creating a working client/daemon for swapping Bitcoin and Monero. It would be very exciting to build that!
Thanks to the MRL and its researchers for their help, the CCS team, and the community for its support! I hope I fulfilled the community's expectations for my my first CCS - all feedback is appreciated.
Summary: Everyone knows that when you give your assets to someone else, they always keep them safe. If this is true for individuals, it is certainly true for businesses. Custodians always tell the truth and manage funds properly. They won't have any interest in taking the assets as an exchange operator would. Auditors tell the truth and can't be misled. That's because organizations that are regulated are incapable of lying and don't make mistakes. First, some background. Here is a summary of how custodians make us more secure: Previously, we might give Alice our crypto assets to hold. There were risks:
Alice might take the assets and disappear.
Alice might spend the assets and pretend that she still has them (fractional model).
Alice might store the assets insecurely and they'll get stolen.
Alice might give the assets to someone else by mistake or by force.
Alice might lose access to the assets.
But "no worries", Alice has a custodian named Bob. Bob is dressed in a nice suit. He knows some politicians. And he drives a Porsche. "So you have nothing to worry about!". And look at all the benefits we get:
Alice can't take the assets and disappear (unless she asks Bob or never gives them to Bob).
Alice can't spend the assets and pretend that she still has them. (Unless she didn't give them to Bob or asks him for them.)
Alice can't store the assets insecurely so they get stolen. (After all - she doesn't have any control over the withdrawal process from any of Bob's systems, right?)
Alice can't give the assets to someone else by mistake or by force. (Bob will stop her, right Bob?)
Alice can't lose access to the funds. (She'll always be present, sane, and remember all secrets, right?)
See - all problems are solved! All we have to worry about now is:
Bob might take the assets and disappear.
Bob might spend the assets and pretend that he still has them (fractional model).
Bob might store the assets insecurely and they'll get stolen.
Bob might give the assets to someone else by mistake or by force.
Bob might lose access to the assets.
It's pretty simple. Before we had to trust Alice. Now we only have to trust Alice, Bob, and all the ways in which they communicate. Just think of how much more secure we are! "On top of that", Bob assures us, "we're using a special wallet structure". Bob shows Alice a diagram. "We've broken the balance up and store it in lots of smaller wallets. That way", he assures her, "a thief can't take it all at once". And he points to a historic case where a large sum was taken "because it was stored in a single wallet... how stupid". "Very early on, we used to have all the crypto in one wallet", he said, "and then one Christmas a hacker came and took it all. We call him the Grinch. Now we individually wrap each crypto and stick it under a binary search tree. The Grinch has never been back since." "As well", Bob continues, "even if someone were to get in, we've got insurance. It covers all thefts and even coercion, collusion, and misplaced keys - only subject to the policy terms and conditions." And with that, he pulls out a phone-book sized contract and slams it on the desk with a thud. "Yep", he continues, "we're paying top dollar for one of the best policies in the country!" "Can I read it?' Alice asks. "Sure," Bob says, "just as soon as our legal team is done with it. They're almost through the first chapter." He pauses, then continues. "And can you believe that sales guy Mike? He has the same year Porsche as me. I mean, what are the odds?" "Do you use multi-sig?", Alice asks. "Absolutely!" Bob replies. "All our engineers are fully trained in multi-sig. Whenever we want to set up a new wallet, we generate 2 separate keys in an air-gapped process and store them in this proprietary system here. Look, it even requires the biometric signature from one of our team members to initiate any withdrawal." He demonstrates by pressing his thumb into the display. "We use a third-party cloud validation API to match the thumbprint and authorize each withdrawal. The keys are also backed up daily to an off-site third-party." "Wow that's really impressive," Alice says, "but what if we need access for a withdrawal outside of office hours?" "Well that's no issue", Bob says, "just send us an email, call, or text message and we always have someone on staff to help out. Just another part of our strong commitment to all our customers!" "What about Proof of Reserve?", Alice asks. "Of course", Bob replies, "though rather than publish any blockchain addresses or signed transaction, for privacy we just do a SHA256 refactoring of the inverse hash modulus for each UTXO nonce and combine the smart contract coefficient consensus in our hyperledger lightning node. But it's really simple to use." He pushes a button and a large green checkmark appears on a screen. "See - the algorithm ran through and reserves are proven." "Wow", Alice says, "you really know your stuff! And that is easy to use! What about fiat balances?" "Yeah, we have an auditor too", Bob replies, "Been using him for a long time so we have quite a strong relationship going! We have special books we give him every year and he's very efficient! Checks the fiat, crypto, and everything all at once!" "We used to have a nice offline multi-sig setup we've been using without issue for the past 5 years, but I think we'll move all our funds over to your facility," Alice says. "Awesome", Bob replies, "Thanks so much! This is perfect timing too - my Porsche got a dent on it this morning. We have the paperwork right over here." "Great!", Alice replies. And with that, Alice gets out her pen and Bob gets the contract. "Don't worry", he says, "you can take your crypto-assets back anytime you like - just subject to our cancellation policy. Our annual management fees are also super low and we don't adjust them often". How many holes have to exist for your funds to get stolen? Just one. Why are we taking a powerful offline multi-sig setup, widely used globally in hundreds of different/lacking regulatory environments with 0 breaches to date, and circumventing it by a demonstrably weak third party layer? And paying a great expense to do so? If you go through the list of breaches in the past 2 years to highly credible organizations, you go through the list of major corporate frauds (only the ones we know about), you go through the list of all the times platforms have lost funds, you go through the list of times and ways that people have lost their crypto from identity theft, hot wallet exploits, extortion, etc... and then you go through this custodian with a fine-tooth comb and truly believe they have value to add far beyond what you could, sticking your funds in a wallet (or set of wallets) they control exclusively is the absolute worst possible way to take advantage of that security. The best way to add security for crypto-assets is to make a stronger multi-sig. With one custodian, what you are doing is giving them your cryptocurrency and hoping they're honest, competent, and flawlessly secure. It's no different than storing it on a really secure exchange. Maybe the insurance will cover you. Didn't work for Bitpay in 2015. Didn't work for Yapizon in 2017. Insurance has never paid a claim in the entire history of cryptocurrency. But maybe you'll get lucky. Maybe your exact scenario will buck the trend and be what they're willing to cover. After the large deductible and hopefully without a long and expensive court battle. And you want to advertise this increase in risk, the lapse of judgement, an accident waiting to happen, as though it's some kind of benefit to customers ("Free institutional-grade storage for your digital assets.")? And then some people are writing to the OSC that custodians should be mandatory for all funds on every exchange platform? That this somehow will make Canadians as a whole more secure or better protected compared with standard air-gapped multi-sig? On what planet? Most of the problems in Canada stemmed from one thing - a lack of transparency. If Canadians had known what a joke Quadriga was - it wouldn't have grown to lose $400m from hard-working Canadians from coast to coast to coast. And Gerald Cotten would be in jail, not wherever he is now (at best, rotting peacefully). EZ-BTC and mister Dave Smilie would have been a tiny little scam to his friends, not a multi-million dollar fraud. Einstein would have got their act together or been shut down BEFORE losing millions and millions more in people's funds generously donated to criminals. MapleChange wouldn't have even been a thing. And maybe we'd know a little more about CoinTradeNewNote - like how much was lost in there. Almost all of the major losses with cryptocurrency exchanges involve deception with unbacked funds. So it's great to see transparency reports from BitBuy and ShakePay where someone independently verified the backing. The only thing we don't have is:
ANY CERTAINTY BALANCES WEREN'T EXCLUDED. Quadriga's largest account was $70m. 80% of funds are in 20% of accounts (Pareto principle). All it takes is excluding a few really large accounts - and nobody's the wiser. A fractional platform can easily pass any audit this way.
ANY VISIBILITY WHATSOEVER INTO THE CUSTODIANS. BitBuy put out their report before moving all the funds to their custodian and ShakePay apparently can't even tell us who the custodian is. That's pretty important considering that basically all of the funds are now stored there.
ANY IDEA ABOUT THE OTHER EXCHANGES. In order for this to be effective, it has to be the norm. It needs to be "unusual" not to know. If obscurity is the norm, then it's super easy for people like Gerald Cotten and Dave Smilie to blend right in.
It's not complicated to validate cryptocurrency assets. They need to exist, they need to be spendable, and they need to cover the total balances. There are plenty of credible people and firms across the country that have the capacity to reasonably perform this validation. Having more frequent checks by different, independent, parties who publish transparent reports is far more valuable than an annual check by a single "more credible/official" party who does the exact same basic checks and may or may not publish anything. Here's an example set of requirements that could be mandated:
First report within 1 month of launching, another within 3 months, and further reports at minimum every 6 months thereafter.
No auditor can be repeated within a 12 month period.
All reports must be public, identifying the auditor and the full methodology used.
All auditors must be independent of the firm being audited with no conflict of interest.
Reports must include the percentage of each asset backed, and how it's backed.
The auditor publishes a hash list, which lists a hash of each customer's information and balances that were included. Hash is one-way encryption so privacy is fully preserved. Every customer can use this to have 100% confidence they were included.
If we want more extensive requirements on audits, these should scale upward based on the total assets at risk on the platform, and whether the platform has loaned their assets out.
There are ways to structure audits such that neither crypto assets nor customer information are ever put at risk, and both can still be properly validated and publicly verifiable. There are also ways to structure audits such that they are completely reasonable for small platforms and don't inhibit innovation in any way. By making the process as reasonable as possible, we can completely eliminate any reason/excuse that an honest platform would have for not being audited. That is arguable far more important than any incremental improvement we might get from mandating "the best of the best" accountants. Right now we have nothing mandated and tons of Canadians using offshore exchanges with no oversight whatsoever. Transparency does not prove crypto assets are safe. CoinTradeNewNote, Flexcoin ($600k), and Canadian Bitcoins ($100k) are examples where crypto-assets were breached from platforms in Canada. All of them were online wallets and used no multi-sig as far as any records show. This is consistent with what we see globally - air-gapped multi-sig wallets have an impeccable record, while other schemes tend to suffer breach after breach. We don't actually know how much CoinTrader lost because there was no visibility. Rather than publishing details of what happened, the co-founder of CoinTrader silently moved on to found another platform - the "most trusted way to buy and sell crypto" - a site that has no information whatsoever (that I could find) on the storage practices and a FAQ advising that “[t]rading cryptocurrency is completely safe” and that having your own wallet is “entirely up to you! You can certainly keep cryptocurrency, or fiat, or both, on the app.” Doesn't sound like much was learned here, which is really sad to see. It's not that complicated or unreasonable to set up a proper hardware wallet. Multi-sig can be learned in a single course. Something the equivalent complexity of a driver's license test could prevent all the cold storage exploits we've seen to date - even globally. Platform operators have a key advantage in detecting and preventing fraud - they know their customers far better than any custodian ever would. The best job that custodians can do is to find high integrity individuals and train them to form even better wallet signatories. Rather than mandating that all platforms expose themselves to arbitrary third party risks, regulations should center around ensuring that all signatories are background-checked, properly trained, and using proper procedures. We also need to make sure that signatories are empowered with rights and responsibilities to reject and report fraud. They need to know that they can safely challenge and delay a transaction - even if it turns out they made a mistake. We need to have an environment where mistakes are brought to the surface and dealt with. Not one where firms and people feel the need to hide what happened. In addition to a knowledge-based test, an auditor can privately interview each signatory to make sure they're not in coercive situations, and we should make sure they can freely and anonymously report any issues without threat of retaliation. A proper multi-sig has each signature held by a separate person and is governed by policies and mutual decisions instead of a hierarchy. It includes at least one redundant signature. For best results, 3of4, 3of5, 3of6, 4of5, 4of6, 4of7, 5of6, or 5of7. History has demonstrated over and over again the risk of hot wallets even to highly credible organizations. Nonetheless, many platforms have hot wallets for convenience. While such losses are generally compensated by platforms without issue (for example Poloniex, Bitstamp, Bitfinex, Gatecoin, Coincheck, Bithumb, Zaif, CoinBene, Binance, Bitrue, Bitpoint, Upbit, VinDAX, and now KuCoin), the public tends to focus more on cases that didn't end well. Regardless of what systems are employed, there is always some level of risk. For that reason, most members of the public would prefer to see third party insurance. Rather than trying to convince third party profit-seekers to provide comprehensive insurance and then relying on an expensive and slow legal system to enforce against whatever legal loopholes they manage to find each and every time something goes wrong, insurance could be run through multiple exchange operators and regulators, with the shared interest of having a reputable industry, keeping costs down, and taking care of Canadians. For example, a 4 of 7 multi-sig insurance fund held between 5 independent exchange operators and 2 regulatory bodies. All Canadian exchanges could pay premiums at a set rate based on their needed coverage, with a higher price paid for hot wallet coverage (anything not an air-gapped multi-sig cold wallet). Such a model would be much cheaper to manage, offer better coverage, and be much more reliable to payout when needed. The kind of coverage you could have under this model is unheard of. You could even create something like the CDIC to protect Canadians who get their trading accounts hacked if they can sufficiently prove the loss is legitimate. In cases of fraud, gross negligence, or insolvency, the fund can be used to pay affected users directly (utilizing the last transparent balance report in the worst case), something which private insurance would never touch. While it's recommended to have official policies for coverage, a model where members vote would fully cover edge cases. (Could be similar to the Supreme Court where justices vote based on case law.) Such a model could fully protect all Canadians across all platforms. You can have a fiat coverage governed by legal agreements, and crypto-asset coverage governed by both multi-sig and legal agreements. It could be practical, affordable, and inclusive. Now, we are at a crossroads. We can happily give up our freedom, our innovation, and our money. We can pay hefty expenses to auditors, lawyers, and regulators year after year (and make no mistake - this cost will grow to many millions or even billions as the industry grows - and it will be borne by all Canadians on every platform because platforms are not going to eat up these costs at a loss). We can make it nearly impossible for any new platform to enter the marketplace, forcing Canadians to use the same stagnant platforms year after year. We can centralize and consolidate the entire industry into 2 or 3 big players and have everyone else fail (possibly to heavy losses of users of those platforms). And when a flawed security model doesn't work and gets breached, we can make it even more complicated with even more people in suits making big money doing the job that blockchain was supposed to do in the first place. We can build a system which is so intertwined and dependent on big government, traditional finance, and central bankers that it's future depends entirely on that of the fiat system, of fractional banking, and of government bail-outs. If we choose this path, as history has shown us over and over again, we can not go back, save for revolution. Our children and grandchildren will still be paying the consequences of what we decided today. Or, we can find solutions that work. We can maintain an open and innovative environment while making the adjustments we need to make to fully protect Canadian investors and cryptocurrency users, giving easy and affordable access to cryptocurrency for all Canadians on the platform of their choice, and creating an environment in which entrepreneurs and problem solvers can bring those solutions forward easily. None of the above precludes innovation in any way, or adds any unreasonable cost - and these three policies would demonstrably eliminate or resolve all 109 historic cases as studied here - that's every single case researched so far going back to 2011. It includes every loss that was studied so far not just in Canada but globally as well. Unfortunately, finding answers is the least challenging part. Far more challenging is to get platform operators and regulators to agree on anything. My last post got no response whatsoever, and while the OSC has told me they're happy for industry feedback, I believe my opinion alone is fairly meaningless. This takes the whole community working together to solve. So please let me know your thoughts. Please take the time to upvote and share this with people. Please - let's get this solved and not leave it up to other people to do. Facts/background/sources (skip if you like):
The inspiration for the paragraph about splitting wallets was an actual quote from a Canadian company providing custodial services in response to the OSC consultation paper: "We believe that it will be in the in best interests of investors to prohibit pooled crypto assets or ‘floats’. Most Platforms pool assets, citing reasons of practicality and expense. The recent hack of the world’s largest Platform – Binance – demonstrates the vulnerability of participants’ assets when such concessions are made. In this instance, the Platform’s entire hot wallet of Bitcoins, worth over $40 million, was stolen, facilitated in part by the pooling of client crypto assets." "the maintenance of participants (and Platform) crypto assets across multiple wallets distributes the related risk and responsibility of security - reducing the amount of insurance coverage required and making insurance coverage more readily obtainable". For the record, their reply also said nothing whatsoever about multi-sig or offline storage.
In addition to the fact that the $40m hack represented only one "hot wallet" of Binance, and they actually had the vast majority of assets in other wallets (including mostly cold wallets), multiple real cases have clearly demonstrated that risk is still present with multiple wallets. Bitfinex, VinDAX, Bithumb, Altsbit, BitPoint, Cryptopia, and just recently KuCoin all had multiple wallets breached all at the same time, and may represent a significantly larger impact on customers than the Binance breach which was fully covered by Binance. To represent that simply having multiple separate wallets under the same security scheme is a comprehensive way to reduce risk is just not true.
Private insurance has historically never covered a single loss in the cryptocurrency space (at least, not one that I was able to find), and there are notable cases where massive losses were not covered by insurance. Bitpay in 2015 and Yapizon in 2017 both had insurance policies that didn't pay out during the breach, even after a lengthly court process. The same insurance that ShakePay is presently using (and announced to much fanfare) was describe by their CEO himself as covering “physical theft of the media where the private keys are held,” which is something that has never historically happened. As was said with regard to the same policy in 2018 - “I don’t find it surprising that Lloyd’s is in this space,” said Johnson, adding that to his mind the challenge for everybody is figuring out how to structure these policies so that they are actually protective. “You can create an insurance policy that protects no one – you know there are so many caveats to the policy that it’s not super protective.”
The most profitable policy for a private insurance company is one with the most expensive premiums that they never have to pay a claim on. They have no inherent incentive to take care of people who lost funds. It's "cheaper" to take the reputational hit and fight the claim in court. The more money at stake, the more the insurance provider is incentivized to avoid payout. They're not going to insure the assets unless they have reasonable certainty to make a profit by doing so, and they're not going to pay out a massive sum unless it's legally forced. Private insurance is always structured to be maximally profitable to the insurance provider.
The circumvention of multi-sig was a key factor in the massive Bitfinex hack of over $60m of bitcoin, which today still sits being slowly used and is worth over $3b. While Bitfinex used a qualified custodian Bitgo, which was and still is active and one of the industry leaders of custodians, and they set up 2 of 3 multi-sig wallets, the entire system was routed through Bitfinex, such that Bitfinex customers could initiate the withdrawals in a "hot" fashion. This feature was also a hit with the hacker. The multi-sig was fully circumvented.
Bitpay in 2015 was another example of a breach that stole 5,000 bitcoins. This happened not through the exploit of any system in Bitpay, but because the CEO of a company they worked with got their computer hacked and the hackers were able to request multiple bitcoin purchases, which Bitpay honoured because they came from the customer's computer legitimately. Impersonation is a very common tactic used by fraudsters, and methods get more extreme all the time.
A notable case in Canada was the Canadian Bitcoins exploit. Funds were stored on a server in a Rogers Data Center, and the attendee was successfully convinced to reboot the server "in safe mode" with a simple phone call, thus bypassing the extensive security and enabling the theft.
The very nature of custodians circumvents multi-sig. This is because custodians are not just having to secure the assets against some sort of physical breach but against any form of social engineering, modification of orders, fraudulent withdrawal attempts, etc... If the security practices of signatories in a multi-sig arrangement are such that the breach risk of one signatory is 1 in 100, the requirement of 3 independent signatures makes the risk of theft 1 in 1,000,000. Since hackers tend to exploit the weakest link, a comparable custodian has to make the entry and exit points of their platform 10,000 times more secure than one of those signatories to provide equivalent protection. And if the signatories beef up their security by only 10x, the risk is now 1 in 1,000,000,000. The custodian has to be 1,000,000 times more secure. The larger and more complex a system is, the more potential vulnerabilities exist in it, and the fewer people can understand how the system works when performing upgrades. Even if a system is completely secure today, one has to also consider how that system might evolve over time or work with different members.
By contrast, offline multi-signature solutions have an extremely solid record, and in the entire history of cryptocurrency exchange incidents which I've studied (listed here), there has only been one incident (796 exchange in 2015) involving an offline multi-signature wallet. It happened because the customer's bitcoin address was modified by hackers, and the amount that was stolen ($230k) was immediately covered by the exchange operators. Basically, the platform operators were tricked into sending a legitimate withdrawal request to the wrong address because hackers exploited their platform to change that address. Such an issue would not be prevented in any way by the use of a custodian, as that custodian has no oversight whatsoever to the exchange platform. It's practical for all exchange operators to test large withdrawal transactions as a general policy, regardless of what model is used, and general best practice is to diagnose and fix such an exploit as soon as it occurs.
False promises on the backing of funds played a huge role in the downfall of Quadriga, and it's been exposed over and over again (MyCoin, PlusToken, Bitsane, Bitmarket, EZBTC, IDAX). Even today, customers have extremely limited certainty on whether their funds in exchanges are actually being backed or how they're being backed. While this issue is not unique to cryptocurrency exchanges, the complexity of the technology and the lack of any regulation or standards makes problems more widespread, and there is no "central bank" to come to the rescue as in the 2008 financial crisis or during the great depression when "9,000 banks failed".
In addition to fraudulent operations, the industry is full of cases where operators have suffered breaches and not reported them. Most recently, Einstein was the largest case in Canada, where ongoing breaches and fraud were perpetrated against the platform for multiple years and nobody found out until the platform collapsed completely. While fraud and breaches suck to deal with, they suck even more when not dealt with. Lack of visibility played a role in the largest downfalls of Mt. Gox, Cryptsy, and Bitgrail. In some cases, platforms are alleged to have suffered a hack and keep operating without admitting it at all, such as CoinBene.
It surprises some to learn that a cryptographic solution has already existed since 2013, and gained widespread support in 2014 after Mt. Gox. Proof of Reserves is a full cryptographic proof that allows any customer using an exchange to have complete certainty that their crypto-assets are fully backed by the platform in real-time. This is accomplished by proving that assets exist on the blockchain, are spendable, and fully cover customer deposits. It does not prove safety of assets or backing of fiat assets.
If we didn't care about privacy at all, a platform could publish their wallet addresses, sign a partial transaction, and put the full list of customer information and balances out publicly. Customers can each check that they are on the list, that the balances are accurate, that the total adds up, and that it's backed and spendable on the blockchain. Platforms who exclude any customer take a risk because that customer can easily check and see they were excluded. So together with all customers checking, this forms a full proof of backing of all crypto assets.
However, obviously customers care about their private information being published. Therefore, a hash of the information can be provided instead. Hash is one-way encryption. The hash allows the customer to validate inclusion (by hashing their own known information), while anyone looking at the list of hashes cannot determine the private information of any other user. All other parts of the scheme remain fully intact. A model like this is in use on the exchange CoinFloor in the UK.
A Merkle tree can provide even greater privacy. Instead of a list of balances, the balances are arranged into a binary tree. A customer starts from their node, and works their way to the top of the tree. For example, they know they have 5 BTC, they plus 1 other customer hold 7 BTC, they plus 2-3 other customers hold 17 BTC, etc... until they reach the root where all the BTC are represented. Thus, there is no way to find the balances of other individual customers aside from one unidentified customer in this case.
Proposals such as this had the backing of leaders in the community including Nic Carter, Greg Maxwell, and Zak Wilcox. Substantial and significant effort started back in 2013, with massive popularity in 2014. But what became of that effort? Very little. Exchange operators continue to refuse to give visibility. Despite the fact this information can often be obtained through trivial blockchain analysis, no Canadian platform has ever provided any wallet addresses publicly. As described by the CEO of Newton "For us to implement some kind of realtime Proof of Reserves solution, which I'm not opposed to, it would have to ... Preserve our users' privacy, as well as our own. Some kind of zero-knowledge proof". Kraken describes here in more detail why they haven't implemented such a scheme. According to professor Eli Ben-Sasson, when he spoke with exchanges, none were interested in implementing Proof of Reserves.
And yet, Kraken's places their reasoning on a page called "Proof of Reserves". More recently, both BitBuy and ShakePay have released reports titled "Proof of Reserves and Security Audit". Both reports contain disclaimers against being audits. Both reports trust the customer list provided by the platform, leaving the open possibility that multiple large accounts could have been excluded from the process. Proof of Reserves is a blockchain validation where customers see the wallets on the blockchain. The report from Kraken is 5 years old, but they leave it described as though it was just done a few weeks ago. And look at what they expect customers to do for validation. When firms represent something being "Proof of Reserve" when it's not, this is like a farmer growing fruit with pesticides and selling it in a farmers market as organic produce - except that these are people's hard-earned life savings at risk here. Platforms are misrepresenting the level of visibility in place and deceiving the public by their misuse of this term. They haven't proven anything.
Fraud isn't a problem that is unique to cryptocurrency. Fraud happens all the time. Enron, WorldCom, Nortel, Bear Stearns, Wells Fargo, Moser Baer, Wirecard, Bre-X, and Nicola are just some of the cases where frauds became large enough to become a big deal (and there are so many countless others). These all happened on 100% reversible assets despite regulations being in place. In many of these cases, the problems happened due to the over-complexity of the financial instruments. For example, Enron had "complex financial statements [which] were confusing to shareholders and analysts", creating "off-balance-sheet vehicles, complex financing structures, and deals so bewildering that few people could understand them". In cryptocurrency, we are often combining complex financial products with complex technologies and verification processes. We are naïve if we think problems like this won't happen. It is awkward and uncomfortable for many people to admit that they don't know how something works. If we want "money of the people" to work, the solutions have to be simple enough that "the people" can understand them, not so confusing that financial professionals and technology experts struggle to use or understand them.
For those who question the extent to which an organization can fool their way into a security consultancy role, HB Gary should be a great example to look at. Prior to trying to out anonymous, HB Gary was being actively hired by multiple US government agencies and others in the private sector (with glowing testimonials). The published articles and hosted professional security conferences. One should also look at this list of data breaches from the past 2 years. Many of them are large corporations, government entities, and technology companies. These are the ones we know about. Undoubtedly, there are many more that we do not know about. If HB Gary hadn't been "outted" by anonymous, would we have known they were insecure? If the same breach had happened outside of the public spotlight, would it even have been reported? Or would HB Gary have just deleted the Twitter posts, brought their site back up, done a couple patches, and kept on operating as though nothing had happened?
In the case of Quadriga, the facts are clear. Despite past experience with platforms such as MapleChange in Canada and others around the world, no guidance or even the most basic of a framework was put in place by regulators. By not clarifying any sort of legal framework, regulators enabled a situation where a platform could be run by former criminal Mike Dhanini/Omar Patryn, and where funds could be held fully unchecked by one person. At the same time, the lack of regulation deterred legitimate entities from running competing platforms and Quadriga was granted a money services business license for multiple years of operation, which gave the firm the appearance of legitimacy. Regulators did little to protect Canadians despite Quadriga failing to file taxes from 2016 onward. The entire administrative team had resigned and this was public knowledge. Many people had suspicions of what was going on, including Ryan Mueller, who forwarded complaints to the authorities. These were ignored, giving Gerald Cotten the opportunity to escape without justice.
There are multiple issues with the SOC II model including the prohibitive cost (you have to find a third party accounting firm and the prices are not even listed publicly on any sites), the requirement of operating for a year (impossible for new platforms), and lack of any public visibility (SOC II are private reports that aren't shared outside the people in suits).
Securities frameworks are expensive. Sarbanes-Oxley is estimated to cost $5.1 million USD/yr for the average Fortune 500 company in the United States. Since "Fortune 500" represents the top 500 companies, that means well over $2.55 billion USD (~$3.4 billion CAD) is going to people in suits. Isn't the problem of trust and verification the exact problem that the blockchain is supposed to solve?
To use Quadriga as justification for why custodians or SOC II or other advanced schemes are needed for platforms is rather silly, when any framework or visibility at all, or even the most basic of storage policies, would have prevented the whole thing. It's just an embarrassment.
We are now seeing regulators take strong action. CoinSquare in Canada with multi-million dollar fines. BitMex from the US, criminal charges and arrests. OkEx, with full disregard of withdrawals and no communication. Who's next?
We have a unique window today where we can solve these problems, and not permanently destroy innovation with unreasonable expectations, but we need to act quickly. This is a unique historic time that will never come again.
2975 points: deleted's comment in hentAI: Detecting and removing censors with Deep Learning and Image Segmentation
2772 points: I_DONT_LIE_MUCH's comment in 20GB leak of Intel data: whole Git repositories, dev tools, backdoor mentions in source code
2485 points: api's comment in Stripe Workers Who Relocate Get $20,000 Bonus and a Pay Cut - Stripe Inc. plans to make a one-time payment of $20,000 to employees who opt to move out of San Francisco, New York or Seattle, but also cut their base salary by as much as 10%
2464 points: iloveparagon's comment in Google engineer breaks down the problems he uses when doing technical interviews. Lots of advice on algorithms and programming.
2384 points: why_not_both_bot's comment in During lockdown my wife has been suffering mentally from pressure to stay at her desk 100% of the time otherwise after a few minutes her laptop locks and she is recorded as inactive. I wrote this small app to help her escape her desk by periodically moving the cursor. Hopefully it can help others.
2293 points: ThatInternetGuy's comment in Iranian Maintainer refuses to merge code from Israeli Developer. Cites Iranian regulations.
2268 points: xequae's comment in I'm a software engineer going blind, how should I prepare?
2228 points: turniphat's comment in AWS forked my project and launched it as its own service
2149 points: Rami-Slicer's comment in 20GB leak of Intel data: whole Git repositories, dev tools, backdoor mentions in source code
I built a decentralized legal-binding smart contract system. I need peer reviewers and whitepaper proof readers. Help greatly appreciated!
I posted this on /cryptotechnology . It attracted quite a bit of upvotes but not many potential contributors. Someone mentioned I should try this sub. I read the rules and it seems to fit within them. Hope this kind of post is alright here... EDIT: My mother language is french (I'm from Montreal/Canada). Please excuse any blatant grammatical errors. TLDR: I built a decentralized legal-binding smart contract system. I need peer reviewers and whitepaper proof readers. If you're interested, send me an email to discuss: [email protected] . Thanks in advance! Hi guys, For the last few years, I've been working on a decentralized legal-binding contract system. Basically, I created a PoW blockchain software that can receive a hash as an address, and another hash as a bucket, in each transaction. The address hash is used to tell a specific entity (application/contract/company/person, etc) that uses the blockchain that this transaction might be addressed to them. The bucket hash simply tells the nodes which hashtree of files they need to download in order to execute that contract. The buckets are shared within the network of nodes. Someone could, for example, write a contract with a series of nodes in order to host their data for them. Buckets can hold any kind of data, and can be of any size... including encrypted data. The blockchain's blocks are chained together using a mining system similar to bitcoin (hashcash algorithm). Each block contains transactions. The requested difficulty increases when the amount of transactions in a block increases, linearly. Then, when a block is mined properly, another smaller mining effort is requested to link the block to the network's head block. To replace a block, you need to create another block with more transactions than the amount that were transacted in and after the mined block. I expect current payment processors to begin accepting transactions and mine them for their customers and make money with fees, in parallel. Using such a mechanism, miners will need to have a lot of bandwidth available in order to keep downloading the blocks of other miners, just like the current payment processors. The contracts is code written in our custom programming language. Their code is pushed using a transaction, and hosted in buckets. Like you can see, the contract's data are off-chain, only its bucket hash is on-chain. The contract can be used to listen to events that occurs on the blockchain, in any buckets hosted by nodes or on any website that can be crawled and parsed in the contract. There is also an identity system and a vouching system...which enable the creation of soft-money (promise of future payment in hard money (our cryptocurrency) if a series of events arrive). The contracts can also be compiled to a legal-binding framework and be potentially be used in court. The contracts currently compile to english and french only. I also built a browser that contains a 3D viewport, using OpenGL. The browser contains a domain name system (DNS) in form of contracts. Anyone can buy a new domain by creating a transaction with a bucket that contains code to reserve a specific name. When a user request a domain name, it discovers the bucket that is attached to the domain, download that bucket and executes its scripts... which renders in the 3D viewport. When people interact with an application, the application can create contracts on behalf of the user and send them to the blockchain via a transaction. This enables normal users (non-developers) to interact with others using legal contracts, by using a GUI software. The hard money (cryptocurrency) is all pre-mined and will be sold to entities (people/company) that want to use the network. The hard money can be re-sold using the contract proposition system, for payment in cash or a bank transfer. The fiat funds will go to my company in order to create services that use this specific network of contracts. The goal is to use the funds to make the network grow and increase its demand in hard money. For now, we plan to create: A logistic and transportation company A delivery company A company that buy and sell real estate options A company that manage real estate A software development company A world-wide fiat money transfer company A payment processor company We chose these niche because our team has a lot of experience in these areas: we currently run companies in these fields. These niche also generate a lot of revenue and expenses, making the value of exchanges high. We expect this to drive volume in contracts, soft-money and hard-money exchanges. We also plan to use the funds to create a venture capital fund that invests in startups that wants to create contracts on our network to execute a specific service in a specific niche. I'm about to release the software open source very soon and begin executing our commercial activities on the network. Before launching, I'd like to open a discussion with the community regarding the details of how this software works and how it is explained in the whitepaper. If you'd like to read the whitepaper and open a discussion with me regarding how things work, please send me an email at [email protected] . If you have any comment, please comment below and Ill try to answer every question. Please note that before peer-reviewing the software and the whitepaper, I'd like to keep the specific details of the software private, but can discuss the general details. A release date will be given once my work has been peer reviewed. Thanks all in advance! P.S: This project is not a competition to bitcoin. My goal with this project is to enable companies to write contracts together, easily follow events that are executed in their contracts, understand what to expect from their partnership and what they need to give in order to receive their share of deals... and sell their contracts that they no longer need to other community members. Bitcoin already has a network of people that uses it. It has its own value. In fact, I plan to create contracts on our network to exchange value from our network for bitcoin and vice-versa. Same for any commodity and currency that currently exits in this world.
Google reportedly attains 'quantum supremacy': The quantum computer's processor allowed a calculation to be performed in just over 3 minutes. That calculation would take 10,000 years on IBM's Summit, the world's most powerful commercial computer
SHA-3-encryption technology of the future . Over time, cyberattacks increase significantly as the cost of computer processing power decreases. By 2020, this will make the current digital signature less secure than it is today. For this reason, the algorithm selection will be an important decision. Blockchain encryption prevents sensitive information from getting into the wrong hands, and being misused or forged. Riot Blockchain's CEO John O'Rourke explains how this encryption works. In Bitcoin, private keys produce a public key via an Elliptical Curve Digital Signature Algorithm, or ECDSA. A private key that is an input for that algorithm will always produce its corresponding public key. However, the public key can never be reverse-engineered to produce its corresponding private key due to the one-sided nature of this algorithm. Decryption Algorithm. Because this is symmetric encryption, the decryption algorithm is simply the encryption algorithm in reverse. # Decrypt message cc_decrypt(encrypted, "this is my key") ##  "Bitcoin Spinoff: My Encryption Algorithm" Limitations. As you can already tell, the algorithm does not compress any information (so there is zero ... Google Encourages Industry To Use Bitcoin's Sha-256 Encryption. Google Encourages Industry to Use Bitcoin's SHA-256 Encryption Google is encouraging businesses and security practitioners to utilize cryptographic hashes like SHA-256, a Secure Hash Algorithm which serves as the basis of the Bitcoin networks proof of work (PoW) algorithm.
How To Encrypt Bitcoin Core Wallet BTC Encrypt wallet at Bicoin Core FAROOQ AHMED SOFT TECH
Learn the properties of hashing algorithms, which algorithms are used in Bitcoin, and how hashes help secure cryptocurrency networks. There are plenty of uses and questions about sha 256 algorithm explanation and sha256 encryption are explained in many video but I am sure that this gonna make clear your every bit of doubts ... bitcoin private key algorithm a bitcoin private key create a bitcoin key what does a bitcoin key look like what is a bitcoin key what is a bitcoin key pair a bitcoin address public key public key ... Bitcoin uses SHA-256. In cryptography there is a 20-30 year lifecycle for an algorithm before it gets exceeded by new technologies and developments in mathematics. Both the signing and hashing ... What cryptographic hash functions are and what properties are desired of them. More free lessons at: http://www.khanacademy.org/video?v=0WiTaBI82Mc Video by ...