Blocking and Tackling: Why the Blockchain Matters for National Security

The blockchain is often cited, mistakenly, as a panacea for many ills facing society. This confusion is understandable, stemming as it does from the extraordinary growth experienced in the crypto-asset industry, which seems to morph and change direction as fast as people can study its effects.

Read More

Stop Answering Security Questions

Security questions decrease account protection. Here's why:

I just signed up for a new Verizon DSL service. Upon signup, I was asked to create a password with certain properties — capitalize, numbers, special characters, between 8-20 characters, etc. and the choice of security question.

These were the security question options:

  1. What was your favorite place to visit as a child?

  2. Where did you and your spouse first meet?

  3. What was the first live concert you attended?

  4. What is the first name of your best friend?

  5. What was the first name of your first roommate?

  6. What is the name of a memorable place?

  7. What was your favorite restaurant in college?

Let's put ourselves in the mindset of someone trying to gain access to my Verizon account. Black beanie with a striped shirt... check.

Questions 1 through 7 are easily solved by searching for my Facebook account. The task is easier if I were born after 1995 — whereby Facebook has a treasure trove of my personally-identifiable-information (PII). A great deal of PII is publicly available, but there is a simple countermeasure for when it is not: we can make a fake Facebook account with photos of a hot lady/dude in order to gain access to the target.

Friend requests from strangers with attractive photos should not be trusted. They just want to steal our PII.

If security answers can be found on Google, then they are not very secure.

This is precisely how Bitinstant was hacked for a large amount of money in 2013.

You can protect yourself by not answering security questions. Use a password manager (like keypass or onepass) to generate a new password. Then use that string of random characters as the answer to the security question.

ex. What was your first pet’s name? HqD36e4L2qkRBo
(which can make for some fun customer support interactions)

If you aren't using a password manager to generate complicated passwords, then just assume that your accounts are already compromised.

Web developers: Please stop using security questions in your applications. They make your user accounts less secure. Look at 2FA/MFA/XFA alternatives.

Edit 9/24/19: Check out HighSide

 

A short post on internet civilizations

Going into 2016, here is my thesis on the macro matters affecting the Bitcoin experiment:

Bitcoin is an amazing attempt to create an internet-based civilization. It was formed as a republic but has devolved into a state of democracy. 

The Bitcoin society focuses primarily on monetary policy (ie. issuing a currency) but it has a lot of the typical symptoms of a civilization. It involves people engaging in commerce -- with policies, enforcement, and property. It has figureheads, castes, enterprise, voting, a writing system, specialization of labor, taxation, and looming debates of public policy and social issues.

I classify Bitcoin as being initialized as a republic but having devolved to democracy (like so many republics before it).

Some background on why I think the hypothesis is valid:

The story of republic->democracy->oligarchy is not new in the history of human civilizations. It is a pattern spoken about by such greats as Plato himself, albeit with older terminology. A well-read statesmen more recently described the concept of civilizations requiring repetitive turnover to reset after the inevitable transition to oligarchy:

The tree of liberty must be refreshed from time to time with the blood of patriots and tyrants
— Thomas Jefferson 1787

Mr. Jefferson even paid homage to the Christian bible in the longer version of that quote. He paraphrased; that God forbids man from a lack of revolution.

Perhaps some Bitcoiners would agree that Bitcoin society is on the verge of schism with such discussions as the blocksize debate. It is certainly one of the more polarizing contentious issues. I would even venture to say that the debate is before officials as a matter of public outcry requiring legislative action at present.

There are still many other unresolved matters of civil unrest: fungibility, privacy, identity, mining centralization, and 51% attack to name a few. Often times the Bitcoin law (or protocol) requires unanimous agreement with the dooming possibility of a rouge nation if all parties do not compromise.

I could go on writing and probably should elaborate on why I equate tx fees to a tax, the scripting language to a written language, mining pools to the bureaucracy, developers to the legislative branch, and mining clients to law enforcement. But this is supposed to be a short post.

Conclusion and predictions:

The problem is that Bitcoin is the cutting edge and I am a concerned citizen. Fortunately I'm not yet worried about bandits or other civilizations pillaging my land because I would venture to say that Bitcoin is the first true civilization on the internet. I say this due to its robust design with thoughtful separation of powers, currency, and other civil infrastructure -- to which I see no rivals.

It was initially setup with rules, founding principles, and the separate powers (users, miners, developers) having relatively effective checks and balances against each other. Those checks and balances have failed in that mining centralization and corporate interests have allowed an oligarchy to develop. The oligarchy naturally has special interests and we can expect to see the decisions about policies like the blocksize debate factoring in those special interests. It should be self-evident that those special interests go against the wishes and best interests of the general public, to which the checks and balances were initially designed to protect. My preferred "One CPU one vote" de jure has been undermined by centralized mining and corporate interest de facto.

I see two possible outcomes: revolution or the furtherance of the oligarchy. Unfortunately there is traditionally a lot of resources held by an oligarchy which tends to try to preserve itself for as long as possible -- resulting in a possibly lengthy period of public suffering.

Now this is all a bit silly. We're talking about magic internet money and it's unlikely that the tech-savvy Bitcoin public will suffer real-world destruction due to the bitnocrats. But as blockchains begin to replace the infrastructure of the traditional offline civilizations - should we be paying more attention to how this all plays out? 

Maybe it's not too crazy to get a 3D printed toga for the quadcopter races. You can find me on the soap box at the forum. What a time to be an internet pleb waiting for a triumph!

 

 

Bitcoin is not Randian gold

It's frustrated when people say that Bitcoin has bad macro-economic design or that the rules are set in stone. The design is experimental and the rules are consensus-based; so it is silly to make such binary right or wrong analyses.

Bitcoin is incredibly hard to describe. Its subsystems are complex and we often generalize for the sake of audience understanding. Subsystem details may contradict the precision of the generalization. Additionally, people with strong political beliefs often describe it with agenda-charged jargon, leading to a cloudy vernacular.

Here are some of those buzzphrases; (perhaps with more context we wouldn't hear that they denote poor macro-economic design.)

"Bitcoin is scarce and deflationary"
Some people will say that Bitcoin is deflationary. That due to occasional lost private keys its supply is finite and deflationary.

Contrarily, Bitcoin is inflationary until the year ~2140. New coins are released akin to the Keynesian monetary supply of the USA. It is similar to gold in that there is a fixed and predictable supply, but those rules are subject to change if there is consensus.

Currently Bitcoin is inflationary at a rate of 9% per annum.

"Bitcoin is anonymous"
Through most methods of bitcoin private-key creation, Bitcoin is indeed anonymous by definition of anonymity. The part that is often left out is that the anonymity decays in practice. Transactions are often broadcasted by a participant's IP, route to an identified user's wallet account where they are converted to USD, and drawn to a KYC'd person's bank account.

That is far from anonymous, or if anonymity was a spectrum: we could say that's like writing an anonymous book with a picture of the author on the cover.

"There will only ever be 21 million bitcoin in existence"
This is wrong in at least four ways, and yet I still say it often. 

  1. The real number is closer to 20,999,949.9997 because the 50 genesis block coins cannot be spent, and it is more like a limit - as in, approaches 21MM.
  2. Fractional banking can functionally permit an increase of money supply without an increase in the underlying "cash".
  3. The sentence could be lengthened to "There will only ever be 21 million bitcoin in existence... provided that the consensus dictates adherence to the initiating ruleset or robots don't enslave humanity and abolish Bitcoin."
  4. Whole Bitcoins units (as we typically refer to them) are divisible up to 8 decimal places, giving us something like 2.1 quadrillion actual units. 

All that being said, 21MM is close enough and serves for the purposes of understanding how the system works in most explanations.

There are a growing number of Bitcoin myths (https://en.bitcoin.it/wiki/Myths), which illustrates a larger problem. Hard stances on what Bitcoin is or isn't shows that there is a lack of understanding in the consensus mechanism. Consensus is one of its many under-appreciated facets.

Bitcoin is a fluid, adaptive, and self-correcting system. It has several stake-holders with varying interests. All of whom need to agree in order for Bitcoin to press onward. This makes it very difficult to go against what is in the general interest and also makes it very likely that Bitcoin will continue to adapt in the interest of its entire user base. Bitcoin, like many things, cannot work as a Zipf distribution where something like 1% of the users control it. It would collapse in short order if the ruleset did not serve general interests. Subsequently, it would reset with an improved ruleset which invalidates whatever Zipfian rules caused the collapse.

Hopefully all of the new alt-coins will serve as a research testbed for us to discover and eventually implement the ideal incentive macro economics of Bitcoin (among other things). 2140 is only 125 years away.

Quantum Cryptography and Bitcoin

Quantum computing is an entire field of study unto itself. I barely have a student's understanding of how it works, let alone how it impacts cryptology, and further -- that of Bitcoin.

In essence, here is what I have ascertained in my research (please feel free to correct me):

Bitcoin is secured in part by difficult to solve math problems*. To illustrate one of these math problems, we can envision two boats separated by 1000 miles of ocean. One of the boats is manned by pirates and it badly wants to catch the second boat which is manned by engineers. Both boats have a maximum speed of 30 mph on still water, but the ocean's current moves against them at 29.99 mph. Sometimes the pirates improve their engine, or throw someone overboard (thereby reducing their frictional coefficient) and gain some speed; but the engineer's boat has a good looking glass and can keep pace with any speed improvements that the pirates make.

One day the pirate's captain makes a deal with Cthulu and Davy Jones to obtain a quantum engine - which is really just a ghostly second engine (bear with me, the pirates only have one engine slot.) It is way better than one engine even though it occupies the same amount of space because it uses some magic called superposition - which is just ghost-speak for having two things occupy the same space. So because of this magic, the pirates can have their normal engine and a ghost engine at the same time.

The engineers are clever, and they saw this coming all along -- so they have a super-singular elliptic curve isogenous engine bartered from a passing submarine for a Ballmer of rum.

The moral being that the hypothetical pirate boat may gain some spooky magic engine, but the engineers build spooky magic engines for breakfast.

Silly stories aside, quantum computing is certainly a concern for systems secured by cryptography -- but there are many solutions to the proposed threats. On top of this, the block chain is naturally a revision control system -- and given catastrophic failure, it could be patched and rolled back.

There are a large number of people who would likely disagree with me that these solutions are not 100% sound proof, but I stipulate that they are closer to 99.99% than not.

Check out these white papers to see that awesome super-singular elliptic curve isogenous engine in action:

Towards Quantum-Resistant Cryptosystems from Supersingular Elliptic Curve Isogenies by De Feo, Jao, and Plˆut

Machine Level Software Optimization of Cryptographic Protocols by Dieter Fishbein

 

*To give an idea as to the scale of hashes it would take to produce a sha256 collision in Bitcoin:(2^256/9460800000000000000000)/13800000000 (Bitcoin hashing algorithm digest space, divided by the bitcoin hash rate for one year, divided by the age of the universe)

It would take 886894459681353320486815658331188003935001243 times the age of the universe to create a sha-256 collision with the current Bitcoin hash rate. 

Heading into winter, save money on heat with Bitcoin

@Shoutout to cryptocoinsnews.com giving me my first byline and picked up piece :D - https://www.cryptocoinsnews.com/mine-bitcoin-save-money-heating/

Here in NY, heat is a big thing in the winter. It can get bitterly cold, and heating costs add up. Let's do some back of the envelope math to see if we can save money on heating those NY apartments. In a typically NY apartment we're talking 500-1500 sq/ft of living space. So for the purposes of this demonstration, let's use 1000 sq/ft as the magic number. Given that New York is a pretty cold climate, we're going to need about 4,000,000 BTUs per month of heat to keep that apartment warm. Here are the current rates for the common energy sources:

Electricty - $.20/kWh Oil - $3.60/gal Natural Gas -  $15/MCF

This gives us a very approximate cost per million BTU as follows:

Electricity - $60 Oil - $34.60 Natural Gas - $18.75

Which shows natural gas as the clear winner for heating our apartment at approximate cost of  $75/month during the coldest months. But what if electricity is our only option? (There have been several times where I have rented and the only available heating source was electricity. )

In that case it's a clear home run for the next contender: the bitcoin ASIC.

Bitfury ASIC

I won't go into too much detail, but essential it's a machine capable of producing bitcoins for the cost of electricity. The initial purchasing price of the device is also a factor.

From my own personal experience, it takes a gen I 100gh/s Avalon miner (600-1000w PSU) to heat that 1000 sq/ft apartment. It uses 14.4kWh of electricity per day - giving us a monthly cost of ~$86.4. This is without using optimization like thermostats to keep a consistent temperature. My method was to adjust the openness of my window.

Surely $86.4 can't compare to the $60 cost of electricity alone? Surely. But that's not all. The ASIC producing 100gh/s would have bestowed upon us some BTC during that month period. At the current price ($380) we're talking $15/month. It starts to get interesting.

On top of which, that gen 1 100gh/s ASIC is somewhat outdated. We can find used Avalons  on ebay that output 200gh/s for the same amount of electricity or less.  On top of this, there are or shortly will be chips on the market capable of 1W/Gh - which would offset the cost of heating entirely and then some (beating oil and natural gas.)

I believe we're now in the territory of ASIC heat being more efficient than traditional electric heating elements from a cost/btu standpoint. Play this out for a few years and we see the cloud moving to our baseboard heaters.

If you pay for your heat in NY - it probably pays to buy some ASICs. The value of bitcoin will go up or down, the hashrate similarly, but so does oil / gas. Right now it makes sense to heat with ASICs.

Bitcoin: after the beginning...

In my last post on this subject, I wrote about Bitcoin being the beginning of an extreme shift in culture. I anticipate that the shift could take 10-20 years to be realized, but there’s a lot of work that can be done to shorten it to 3 years.

The shift I imagine can primarily be described as decentralized voting, trustless identity/finance pairing, transparent government/public corporations/non-profits, DAOs, granularly controlled privacy for those who want it, and an overall reduction in crime, bureaucracy, and oppression. Additionally, the standard of living, especially in the developing work, will be dramatically much higher.

People in sub-saharan Africa and Latam (where reduction in poverty is vital) will have access to financial services, communication, organization and self-governance. There will be methods for the developed world to efficiently and effectively donate to causes where it is badly needed. Causes like mesh networks to facilitate communication, and food / clean water so that time can be spent on social infrastructure. Funding can go directly to those causes without being pilfered, and results can be more easily monitored for efficacy.

Percentage_of_poverty_in_the_world,_Mexico_colour_coded_corrected
Percentage_of_poverty_in_the_world,_Mexico_colour_coded_corrected

The first feature I was excited about with Bitcoin was its use as currency, value transfer, and value storage. For those who bank branchlessly - this technology alone is life changing. But decentralized ledger systems give us much more than that.

Decentralized voting is huge. Decentralized storage of information, identity, communication, law, business, and much more are all possible and real in the near future.

What most excites me is the ability to quantize the analog world we live in. By decentralizing these metrics in a publicly stored system, we can do some very cool data analysis. We can see if the aid given to Burundi can be categorized by source and destination. We can then see what works and what doesn’t.

Recently a representative from a global charity (one of the largest, with over $4.2bn in contributions in 2013) came to our office. He told us that one of the major issues in giving financial aid is that when it doesn’t go to the matron of the household - funds get spent by the males on alcohol and drugs. It is difficult to keep the men from stealing the funding, so the charities don't give financial aid to those households. If the money can be given directly to the women of the household, there is an overwhelming probability that she will make her family escape from the relative poverty.

There are many clear applications for where Bitcoin - and the more important underlying technology - can greatly benefit the world. Most of the applications we have considered closely parallel systems with which we are already familiar. The financial aid problem could potentially be solved with Bitcoin wallets for the women in need of financial aid. That’s not to presume that it’s a silver bullet, but it would create a very big difference in solving the problem. This example closely parallels some of the financial aid systems we currently use, but the distribution chain length and cost would be dramatically reduced. It is a more efficient version of what we already have. In many cases, efficiency to the point of being effective where it otherwise wouldn’t work. Reducing the distribution chain by 20 points of contact - to get to a family in need - is what it takes to be worthwhile.

As far as the example with Burundi of A/B testing methods of aid, there is not much like that available to us. Most people have almost no experience crowd-auditing what works because there simply is not enough high-quality data. This may be bordering on the spooky for most people, but that’s because we’ve been conditioned. Our conditioning has told us that centralized organizations control the information, our privacy is under attack and not theirs. We now have the tool to flip that scenario. We can responsibly shine more light on the structural inefficiencies of the world, the corruption, violence, poverty, and attempts at sweeping this stuff under the rug. At the same time we can reduce the need for reductions in personal privacies.

I’m hoping we can work together on this, I guarantee that if you’re reading this -- you can help.

How Many Eyes Are on the Books?

Echoing the sentiment of Ryan Straus (Ridell Williams); the overarching issue at the forefront of Bitcoinland is that Bitcoiners place a lot of trust in individuals and organizations. That’s not to say placing trust in people and institutions is always a bad thing, but that trust needs to come with safeguards. The recent events at Mt. Gox are an articulate illustration of those challenges. For years, Mt. Gox was a mainstay of Bitcoin. Gox allowed many people to get involved in digital currency with ease and relative security. We can thank Gox for much of the early adoption and infrastructure of the community. Ultimately the trust was betrayed. We saw technical glitches, a lack of communication, and wild levels of volatility.

Most of this could have been prevented with solid tech, transparency, and outreach. Still, I subscribe to the idea that Mt. Gox has given us a great gift. We can learn from their shortcomings and reference their successes for the next level of Bitcoin infrastructure.

Having developed software for a while, my greatest lessons draws from moments of failure. There have been amazing tools developed purely from breakdowns in software. These tools help us prevent, detect, resolve, and communicate about technical issues which naturally and inevitably evolve. I believe 2014 is a year where we can build some of those tools for Bitcoin.

The tools the community most needs to focus on are:

Triple-entry accounting: While this term is somewhat vague, I envision it as a method for reconciling a company’s books. In essence, you could assign a Bitcoin address as the holder of funds for the traditional double-entry accounting verticals. Operating expenses, accounts receivable, salary, investments, etc. could have dedicated Bitcoin addresses for the inflow and outflow of funds. This would make it much easier to visualize funds flow both internally and from the perspective of an outside auditor.

Ledger transparency: This piggybacks off of the idea of triple-entry accounting. I half-jokingly tweeted that managers of the future will be able to crowdsource peer-review of their records. For many organizations, like non-profits and publicly traded companies, stakeholders want transparency but the presentation methods are fairly analog. The idea is to digitize all of an organization’s fund flows, and make it available on something like the blockchain - so that people who know the correspondent Bitcoin addresses could verify that financial statements are accurate.

The implications of this are far-reaching, and an understanding of how it would play out practically are to be determined. Many people would prefer to invest or donate to an organization where the financial representations were accurate. The existence of ledger transparency is inevitable simply due to the competitive advantage. The upside for the organization is increased efficiency and reduced cost for auditing, as well as a lower risk of financial inaccuracy. People want to know “How many eyes are on the books?” The answer could soon be “Everyone’s.”

Full-Reserve Bitcoin Banking: We have the technology to prevent fractional reserve of our assets. This is the cutting edge of Bitcoin security. It’s shiny, it works, and not enough people / organizations are using it. Existence and placement of assets can be cryptographically proven and movement can be restricted with extremely granular configurations (multi-sig.)

Insurance: When all else fails, there is insurance. A Bitcoin depository institution could have an extremely secure system of storage. Risk could then be calculated and deposits insured.

Modularization: In the financial industry, there is a great deal of modularization. It is imprudent to have a single entity act as a depository institution, clearinghouse, order-matching exchange, and auditor all at once. These tasks can be separated for increased efficiency, reduced risk, and greater scope-precision. This is important for three reasons:

  1. It is easier for business operators to build smaller-scope products.
  2. When one of those competing products fails, the entire system doesn’t halt - it is swiftly replaced.
  3. Maintenance of a module does not require system-wide downtime.

Granted, the financial community has had several hundred years to evolve to the point of efficient compartmentalization. Fortunately for Bitcoin, most of the work has been done and we simply have to parallel many of the models that exist. We can even step it up a notch with transparency and decentralization of trust.

It is important that we remember the spectrum of what we like in principle and what is possible today, this week, this year, etc. It is going to take some time to revolutionize finance with the power of cryptography. We are still waiting for sweeping changes to happen overnight. It’s been 5 years, and we’ve resigned to working on what is practically achievable in experience-based timeframes. The items discussed above are our goals for 2014. Our focus is on the option of transparency, importance of choice, and the obsoletion of coercive trust.

(1) “If I own several pounds of gold, I may not want to keep all of it in my home.” (2) CoinApex.com has taken initiative to implement TE accounting for one of their companies as a proof of concept. Research is ongoing and results will be shared by year-end.

Syndicated from http://hub.playerauctions.com/alex_waters-bitcoin-eyes-on-the-books - on March 7th, 2014