Ben Laurie on BitCoin - Boing Boing

Dandelion++: Lightweight Cryptocurrency Networking with Formal Anonymity Guarantees

Date: 2018-05-28
Author(s): Giulia Fanti, Shaileshh Bojja Venkatakrishnan, Surya Bakshi, Bradley Denby, Shruti Bhargava, Andrew Miller, Pramod Viswanath

Link to Paper

Recent work has demonstrated significant anonymity vulnerabilities in Bitcoin's networking stack. In particular, the current mechanism for broadcasting Bitcoin transactions allows third-party observers to link transactions to the IP addresses that originated them. This lays the groundwork for low-cost, large-scale deanonymization attacks. In this work, we present Dandelion++, a first-principles defense against large-scale deanonymization attacks with near-optimal information-theoretic guarantees. Dandelion++ builds upon a recent proposal called Dandelion that exhibited similar goals. However, in this paper, we highlight simplifying assumptions made in Dandelion, and show how they can lead to serious deanonymization attacks when violated. In contrast, Dandelion++ defends against stronger adversaries that are allowed to disobey protocol. Dandelion++ is lightweight, scalable, and completely interoperable with the existing Bitcoin network. We evaluate it through experiments on Bitcoin's mainnet (i.e., the live Bitcoin network) to demonstrate its interoperability and low broadcast latency overhead.

[1] [n. d.]. AWS Regions and Endpoints. ([n. d.]).
[2] [n. d.]. Bitcoin Core integration/staging tree. ([n. d.]).
[3] [n. d.]. Chainalysis. ([n. d.]).
[4] [n. d.]. The Kovri I2P Router Project. ([n. d.]).
[5] [n. d.]. Monero. ([n. d.]).
[6] 2015. Bitcoin Core Commit 5400ef6. (2015).
[7] 2016. reddit/monero. (2016).
[8] Elli Androulaki, Ghassan O Karame, Marc Roeschlin, Tobias Scherer, and Srdjan Capkun. 2013. Evaluating user privacy in bitcoin. In International Conference on Financial Cryptography and Data Security. Springer, 34–51.
[9] Maria Apostolaki, Aviv Zohar, and Laurent Vanbever. 2016. Hijacking Bitcoin: Large-scale Network Attacks on Cryptocurrencies. arXiv preprint arXiv:1605.07524 (2016).
[10] Krishna B Athreya and Peter E Ney. 2004. Branching processes. Courier Corporation.
[11] Alex Biryukov, Dmitry Khovratovich, and Ivan Pustogarov. 2014. Deanonymisation of clients in Bitcoin P2P network. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security. ACM, 15–29.
[12] Alex Biryukov and Ivan Pustogarov. 2015. Bitcoin over Tor isn’t a good idea. In Symposium on Security and Privacy. IEEE, 122–134.
[13] John Bohannon. 2016. Why criminals can’t hide behind Bitcoin. Science (2016).
[14] Shaileshh Bojja Venkatakrishnan, Giulia Fanti, and Pramod Viswanath. 2017. Dandelion: Redesigning the Bitcoin Network for Anonymity. POMACS 1, 1 (2017), 22.
[15] D. Chaum. 1988. The dining cryptographers problem: Unconditional sender and recipient untraceability. Journal of cryptology 1, 1 (1988).
[16] Ramnath K Chellappa and Raymond G Sin. 2005. Personalization versus privacy: An empirical examination of the online consumer’s dilemma. Information technology and management 6, 2 (2005), 181–202.
[17] H. Corrigan-Gibbs and B. Ford. 2010. Dissent: accountable anonymous group messaging. In CCS. ACM.
[18] George Danezis, Claudia Diaz, Emilia Käsper, and Carmela Troncoso. 2009. The wisdom of Crowds: attacks and optimal constructions. In European Symposium on Research in Computer Security. Springer, 406–423.
[19] George Danezis, Claudia Diaz, Carmela Troncoso, and Ben Laurie. 2010. Drac: An Architecture for Anonymous Low-Volume Communications.. In Privacy Enhancing Technologies, Vol. 6205. Springer, 202–219.
[20] R. Dingledine, N. Mathewson, and P. Syverson. 2004. Tor: The second-generation onion router. Technical Report. DTIC Document.
[21] G. Fanti, P. Kairouz, S. Oh, and P. Viswanath. 2015. Spy vs. Spy: Rumor Source Obfuscation. In SIGMETRICS Perform. Eval. Rev., Vol. 43. 271–284. Issue 1.
[22] Giulia Fanti and Pramod Viswanath. 2017. Anonymity Properties of the Bitcoin P2P Network. arXiv preprint arXiv:1703.08761 (2017).
[23] M.J. Freedman and R. Morris. 2002. Tarzan: A peer-to-peer anonymizing network layer. In Proc. CCS. ACM.
[24] Sam Frizell. 2015. Bitcoins Are Easier To Track Than You Think. Time (January 2015).
[25] Adam Efe Gencer and Emin Gün Sirer. 2017. State of the Bitcoin Network. Hacking Distributed, (February 2017).
[26] S. Goel, M. Robson, M. Polte, and E. Sirer. 2003. Herbivore: A scalable and efficient protocol for anonymous communication. Technical Report.
[27] P. Golle and A. Juels. 2004. Dining cryptographers revisited. In Advances in Cryptology-Eurocrypt 2004.
[28] Ethan Heilman, Leen Alshenibr, Foteini Baldimtsi, Alessandra Scafuro, and Sharon Goldberg. 2016. TumbleBit: An untrusted Bitcoin-compatible anonymous payment hub. Technical Report. Cryptology ePrint Archive, Report 2016/575.
[29] TE Jedusor. 2016. Mimblewimble. (2016).
[30] Philip Koshy. 2013. CoinSeer: A Telescope Into Bitcoin. Ph.D. Dissertation. The Pennsylvania State University.
[31] Philip Koshy, Diana Koshy, and Patrick McDaniel. 2014. An analysis of anonymity in bitcoin using p2p network traffic. In International Conference on Financial Cryptography and Data Security. Springer, 469–485.
[32] Greg Maxwell. 2013. CoinJoin: Bitcoin privacy for the real world. In Post on Bitcoin Forum.
[33] Dave McMillen. 2017. Mirai IoT Botnet: Mining for Bitcoins? SecurityIntelligence (April 2017).
[34] Sarah Meiklejohn, Marjori Pomarole, Grant Jordan, Kirill Levchenko, Damon McCoy, Geoffrey M Voelker, and Stefan Savage. 2013. A fistful of bitcoins: characterizing payments among men with no names. In Proceedings of the 2013 conference on Internet measurement conference. ACM, 127–140.
[35] Marc Mezard and Andrea Montanari. 2009. Information, physics, and computation. Oxford University Press.
[36] Andrew Miller, James Litton, Andrew Pachulski, Neal Gupta, Dave Levin, Neil Spring, and Bobby Bhattacharjee. 2015. Discovering Bitcoin’s public topology and influential nodes. (2015).
[37] Prateek Mittal, Matthew Wright, and Nikita Borisov. 2013. Pisces: Anonymous communication using social networks. In NDSS. ACM.
[38] Satoshi Nakamoto. 2008. Bitcoin: A peer-to-peer electronic cash system. (2008).
[39] Micha Ober, Stefan Katzenbeisser, and Kay Hamacher. 2013. Structure and anonymity of the bitcoin transaction graph. Future internet 5, 2 (2013), 237–250.
[40] Larry L Peterson and Bruce S Davie. 2007. Computer networks: a systems approach. Elsevier.
[41] P. C. Pinto, P. Thiran, and M. Vetterli. 2012. Locating the source of diffusion in large-scale networks. Physical review letters 109, 6 (2012), 068702.
[42] Fergal Reid and Martin Harrigan. 2013. An analysis of anonymity in the bitcoin system. In Security and privacy in social networks. Springer, 197–223.
[43] Michael K Reiter and Aviel D Rubin. 1998. Crowds: Anonymity for web transactions. ACM Transactions on Information and System Security (TISSEC) 1, 1 (1998), 66–92.
[44] Dorit Ron and Adi Shamir. 2013. Quantitative analysis of the full bitcoin transaction graph. In International Conference on Financial Cryptography and Data Security. Springer, 6–24.
[45] Tim Ruffing, Pedro Moreno-Sanchez, and Aniket Kate. 2014. CoinShuffle: Practical decentralized coin mixing for Bitcoin. In European Symposium on Research in Computer Security. Springer, 345–364.
[46] Eli Ben Sasson, Alessandro Chiesa, Christina Garman, Matthew Green, Ian Miers, Eran Tromer, and Madars Virza. 2014. Zerocash: Decentralized anonymous payments from bitcoin. In Symposium on Security and Privacy. IEEE, 459–474.
[47] Alexander Schrijver. 2002. Combinatorial optimization: polyhedra and efficiency. Vol. 24. Springer Science & Business Media.
[48] Rob Sherwood, Bobby Bhattacharjee, and Aravind Srinivasan. 2005. P5: A protocol for scalable anonymous communication. Journal of Computer Security 13, 6 (2005), 839–876.
[49] Jelle van den Hooff, David Lazar, Matei Zaharia, and Nickolai Zeldovich. [n. d.]. Scalable Private Messaging Resistant to Traffic Analysis. ([n. d.]).
[50] Zhaoxu Wang, Wenxiang Dong, Wenyi Zhang, and Chee Wei Tan. 2014. Rumor source detection with multiple observations: Fundamental limits and algorithms. In ACM SIGMETRICS Performance Evaluation Review, Vol. 42. ACM, 1–13.
[51] David Isaac Wolinsky, Henry Corrigan-Gibbs, Bryan Ford, and Aaron Johnson. 2012. Dissent in Numbers: Making Strong Anonymity Scale.. In OSDI. 179–182.
[52] M. Zamani, J. Saia, M. Movahedi, and J. Khoury. 2013. Towards provably-secure scalable anonymous broadcast. In USENIX FOCI.
[53] Bassam Zantout and Ramzi Haraty. 2011. I2P data communication system. In Proceedings of ICN. Citeseer, 401–409.
[54] Kai Zhu and Lei Ying. 2014. A robust information source estimator with sparse observations. Computational Social Networks 1, 1 (2014), 3.
submitted by dj-gutz to myrXiv [link] [comments]

Bitcoin reports by banks

I am compiling a list of publicly available Bitcoin reports done by banks. Did I miss any?
Central banks
Commercial banks
submitted by bobthesponge1 to Bitcoin [link] [comments]

Bobtail: A Proof-of-Work Target that Minimizes Blockchain Mining Variance

Date: 2017-10-19
Author(s): George Bissias, Brian Neil Levine

Link to Paper

Blockchain systems are designed to produce blocks at a constant average rate. The most popular systems currently employ a Proof of Work (PoW) algorithm as a means of creating these blocks. Bitcoin produces, on average, one block every 10 minutes. An unfortunate limitation of all deployed PoW blockchain systems is that the time between blocks has high variance. For example, 5% of the time, Bitcoin's inter-block time is at least 40 minutes. This variance impedes the consistent flow of validated transactions through the system. We propose an alternative process for PoW-based block discovery that results in an inter-block time with significantly lower variance. Our algorithm, called Bobtail, generalizes the current algorithm by comparing the mean of the k lowest order statistics to a target. We show that the variance of inter-block times decreases as k increases. If our approach were applied to Bitcoin, about 80% of blocks would be found within 7 to 12 minutes, and nearly every block would be found within 5 to 18 minutes; the average inter-block time would remain at 10 minutes. Further, we show that low-variance mining significantly thwarts doublespend and selfish mining attacks. For Bitcoin and Ethereum currently (k=1), an attacker with 40% of the mining power will succeed with 30% probability when the merchant sets up an embargo of 8 blocks; however, when k>=20, the probability of success falls to less than 1%. Similarly, for Bitcoin and Ethereum currently, a selfish miner with 40% of the mining power will claim about 66% of blocks; however, when k>=5, the same miner will find that selfish mining is less successful than honest mining. The cost of our approach is a larger block header.

[1] Bitcoin cash.
[2] Litecoin.
[3] Ethash., Aug 3 2017.
[4] Martin Abadi, Mike Burrows, Mark Manasse, and Ted Wobber. Moderately hard, memory-bound functions. ACM Trans. Internet Technol., 5(2):299–327, May 2005.
[5] Tuomas Aura, Pekka Nikander, and Jussipekka Leiwo. Dos-resistant authentication with client puzzles. In Revised Papers from the 8th International Workshop on Security Protocols, pages 170–177, 2001.
[6] Adam Back. Hashcash - Amortizable Publicly Auditable CostFunctions, 2002.
[7] Iddo Bentov, Ariel Gabizon, and Alex Mizrahi. Cryptocurrencies without proof of work. In International Conference on Financial Cryptography and Data Security, pages 142–157. Springer, 2016.
[8] Iddo Bentov, Charles Lee, Alex Mizrahi, and Meni Rosenfeld. Proof of Activity: Extending Bitcoin’s Proof of Work via Proof of Stake [Extended Abstract] y. ACM SIGMETRICS Performance Evaluation Review, 42(3):34–37, 2014.
[9] Bobtails.
[10] Xavier Boyen, Christopher Carr, and Thomas Haines. BlockchainFree Cryptocurrencies: A Framework for Truly Decentralised Fast Transactions. Cryptology ePrint Archive, Report 2016/871, Sept 2016.
[11] George Casella and Roger L. Berger. Statistical inference. Brooks Cole, Pacific Grove, CA, 2002.
[12] Liqun Chen and Wenbo Mao. An auditable metering scheme for web advertisement applications. Information Security, pages 475–485, 2001.
[13] F. Coelho. An (Almost) Constant-Effort Solution- Verification Proofof-Work Protocol Based on Merkle Trees. In Progress in Cryptology – AFRICACRYPT, pages 80–93, June 2008.
[14] Drew Dean and Adam Stubblefield. Using client puzzles to protect tls. In Proceedings of the 10th Conference on USENIX Security Symposium - Volume 10, SSYM’01, Berkeley, CA, USA, 2001. USENIX Association.
[15] J. Douceur. The Sybil Attack. In Proc. Intl Wkshp on Peer-to-Peer Systems (IPTPS), March 2002.
[16] Cynthia Dwork and Moni Naor. Pricing via processing or combatting junk mail. In In 12th Annual International Cryptology Conference, pages 139–147, 1992.
[17] Ethereum Homestead Documentation.
[18] Ittay Eyal, Adem Efe Gencer, Emin Gun Sirer, and Robbert Van Renesse. Bitcoin-ng: A scalable blockchain protocol. In 13th USENIX Symposium on Networked Systems Design and Implementation (NSDI 16), pages 45–59, Santa Clara, CA, 2016. USENIX Association.
[19] Ittay Eyal and Emin Gün Sirer. Majority is not enough: Bitcoin mining is vulnerable. In International conference on financial cryptography and data security, pages 436–454. Springer, 2014.
[20] M. Franklin and D. Malkhi. Auditable metering with ligthweigth security. In Proc. Financial Cryptography, pages 151–160, 1997.
[21] Arthur Gervais, Ghassan O. Karame, Karl Wust, Vasileios Glykantzis, Hubert Ritzdorf, and Srdjan Capkun. On the Security and Performance of Proof of Work Blockchains., 2016.
[22] Bogdan Groza and Bogdan Warinschi. Cryptographic puzzles and dos resilience, revisited. Des. Codes Cryptography, 73(1):177–207, October 2014.
[23] Markus Jakobsson and Ari Juels. Proofs of Work and Bread Pudding Protocols. In Proc. Conference on Secure Information Networks: Communications and Multimedia Security, pages 258–272, 1999.
[24] A. Juels and J. Brainard. Client puzzles: A cryptographic countermeasure against connection depletion attacks. In Proc. Networks and Distributed Security Systems, pages 151–165, 1999.
[25] Ben Laurie and Richard Clayton. “Proof-of-work" proves not to work; version 0.2. In Proc. Workshop on Economics and Information Security, 2004.
[26] Andrew Miller, Ari Juels, Elaine Shi, Bryan Parno, and Jonathan Katz. Permacoin: Repurposing bitcoin work for data preservation. In Proc. IEEE Security and Privacy, pages 475–490, 2014.
[27] Satoshi Nakamoto. Bitcoin: A Peer-to-Peer Electronic Cash System, May 2009.
[28] A. Pinar Ozisik and Brian Neil Levine. An Explanation of Nakamoto’s Analysis of Double-spend Attacks. Technical Report arXiv:1701.03977, University of Massachusetts, Amherst, MA, January 2017.
[29] Ayelet Sapirshtein, Yonatan Sompolinsky, and Aviv Zohar. Optimal Selfish Mining Strategies in Bitcoin., July 2015.
[30] XiaoFeng Wang and Michael K. Reiter. Defending against denial-ofservice attacks with puzzle auctions. In Proceedings of the 2003 IEEE Symposium on Security and Privacy, SP ’03, pages 78–, Washington, DC, USA, 2003. IEEE Computer Society
submitted by dj-gutz to myrXiv [link] [comments]

So who is he?

Leah Goodman's choice is so ridiculous it doesn't really merit speaking about any further. So I won't bother doing that. She seems to be the victim of her own ambition and mis-placed trust in someone grossly incapable of evaluating the background of someone like Satoshi.
The forum where the work was chosen to be released is a fairly insular group. You can crawl the archive and look at the backgrounds of every one of them. Many will look convincing, for either technical or ideological reasons (often both.) After researching them further they seem to largely weed themselves out for one reason or another.
Perhaps the most compelling candidate is Nick Szabo. Nick, by all accounts, seems to have the mental ability and ample and incredibly specific domain knowledge required to conceive Bitcoin. If you had to find a foremost expert on the economic and applied network theory required to invent Bitcoin you really need look no further. He has 100% covered the problem-space. On his home page he directly references linked timestamping. This is essentially a description of the blockchain well-before the blockchain came into existence. The only problem with him is I can't find any C++ code he's ever written. I can only find pseudo-code from some of his papers. I consider it likely that he is at least an unconscious collaborator.
Michael Reiter and Dahlia Malkhi are both linked from Nick's site. They are the authors of this remarkably relevant work. The thing I don't like about them is they're extremely seasoned academics. They've authored almost 100 papers between them both. Satoshi noted he was more comfortable with code than writing papers.
You may be tempted to consider Adam Back. He's British as Satoshi's writing style seems to be. He also invented Hashcash which Bitcoin makes use of. The big problem I have with him is he seems to only code in C and its style is nothing close to Satoshi's work.
You may also be tempted to choose perhaps Hal Finney. He was, after all, the recipient of the first Bitcoin transaction. I also don't like Hal due to his code. That comes out wrong but the issue is Hal's code is both C and it is very tightly regimented. A drill sergeant would openly commend him in front of the other rank and file. Also Hal seemed to be genuinely confused over details (or lack thereof) in the paper.
Then you might start thinking about guys like Ben Laurie, or Richard Clayton, or even Zooko Wilcox-O'Hearn. But I really think you'd be barking up the wrong tree so I won't even bother to link.
Then there is the guy I personally like. For one, AFAICT, he seems to be the only one in that crew to even write much C++ -- any that's public anyway. And if you look at it two immediate things stand out. One, is this library contains all the precise cryptographic constructs necessary to build Bitcoin and a deep familiarity with nearly all of them would be required to do so. The SHA256 implementation in the original source code is directly lifted from this library. The second is how stylistically similar they are. There are subtle differences like whitespace between symbols in for loops, case of comments, etc. but if you take a step back it looks much more similar than not. Even down to the file naming convention and project layout. Oh and they both primarily target Windows environments. He also basically described Bitcoin in a concise text file authored over 10 years previous to Bitcoin. He may not have figured out all of the details at that point in time but he's obviously exactly describing what we now know as Bitcoin.
I may be wrong but based on all of the evidence available to me this seems like the most likely situation.
TL;DR I think it's kind of obvious who he is. The code is the best clue (and an amazing gift.)
submitted by xjkd8wlaoos5kamZ to Bitcoin [link] [comments]

Bitcoin reports by banks [Update #1]

I am compiling a list of publicly available Bitcoin reports done by banks. Did I miss any?
Central banks
Commercial banks
submitted by bobthesponge1 to Bitcoin [link] [comments]

Open_transactions / Monetas. The solution to problem of trusted systems that bitcoin runs into.

Even though I've gone to the dark side (there will be a fun post of that in le future) I still have great love and obsession with freeing the common man from the evils of modern banking.
So for any of you who don't know I am a big advocate of the bitcoin, but I'm also an even bigger advocate for Open_transactions. It's an open source suite of market tools based upon Ricardian smart contacts which offers true anonymity and a fix to bitcoins troubles with trusting entities (ie mt.gox debacle)
It's already done, but a commercial version will be out around Q3 and Q4. It's being marketed to businesses for speedy transaction time and to Africans since they seem to have a flair for alt.currencies (like cellular minutes). Also any country that doesn't like the petrodollar (everyone else) will probably use it.
So here's the lowdown
Read the illustrated explanation and watch this video
Basically an anonymous, encrypted, secure set of tools for an entire digital marketplace with reciepts based on smart contracts.
Open-Transactions: P
A financial crypto and digital cash software library. The software's author likens it to "PGP for money". Open Transactions (a centralized transaction system) is complementary to Bitcoin in that it provides some features that Bitcoin cannot, such as untraceable anonymous (versus pseudonymous) transactions, no latency (instant finality of settlement / no risk of double spending) and more. Featuring: *Untraceable Digital Cash (real blinded tokens) *Anyone An Issuer (Ricardian-style Contracts) *Bearer-only, Fully-Anonymous (when used cash-only) *Pseudonymous User Accounts (user account == PGP key) *No Account History (asset account == the last receipt) *Many Financial Instruments (cheques, cash, vouchers, invoices...) *Basket Currencies (10 "baskets" == 5 gold, 3 silver) *Markets with Trades (stop, fill-or-kill, limit orders...) *Payment Plans
-- Many financial instruments are supported: Users can write cheques, purchase cashier's cheques ('vouchers'), and withdraw in untraceable digital cash. The software uses Chaumian-style, blinded tokens courtesy of the Lucre library by Ben Laurie.
-- It's like PGP FOR MONEY. The idea is to have many cash algorithms, not just Lucre. I'd like to add Chaum's version, Brands' version, etc. So that, just like PGP, the software should support as many of the top algorithms as possible, and make it easy to swap them out when necessary.
-- User accounts are pseudonymous. A user account is a public key. (This is like PKTP.) You can open as many user accounts as you want. Full anonymity is possible only for 'cash-only' transactions (where users only perform token exchanges), whereas pseudonymity means that transactions can be linked to the key that signed them. (While the real life identity of the owner is hidden, continuity of reputation becomes possible when using pseudonyms.)
-- ANY USER CAN ISSUE new digital currencies and digital asset types, by uploading the new currency contract to the server. (This functionality is comparable to Ricardo, the transaction server by IanG.)
-- No Account History. Client and server are able to conduct transactions, and agree on current holdings, via signed receipts, without the need to store any transaction history (beyond the last receipt itself.) See Bill St. Clair's excellent Truledger ( for another example of this concept.
-- The server cannot forge your signature, and thus cannot change your balance without your signed permission, (since it can't falsify any receipt.) The server is likewise on the hook with the issuer, for the same reason. This is because the receipt IS the account, and because the server cannot sign the receipt until you have signed it first--and the server cannot forge your signature.
-- Open Transactions also features MARKETS. Any two asset types can be traded against each other. The markets are full-featured and include LIMIT ORDERS, STOP ORDERS, FILL-or-KILL orders, DAY orders (date ranges), and stop limits.
-- Open Transactions also supports BASKET CURRENCIES. Users can define their own, and the server handles the process of exchanging in and out of basket accounts. Baskets are treated by the software like any other asset type, (you can open accounts, transfer funds, withdraw cash, write cheques, and even trade basket currencies on markets.)
-- Open Transactions also supports PAYMENT PLANS. Users can sign contracts with each other, and the server will carry out the terms and implement the payment plan. (A future goal is to issue new asset types based on revenue from payment plans--so they can also be traded on markets.)
-- CONTRACTS, in general, are very important to Open Transactions; they are the building block of the entire library. Open Transactions uses a Ricardian-style contract, and all the various instruments, data files, and messages resemble PGP-signed XML files. All objects serialize to a string.
-- SMART CONTRACTS are now supported (scriptable clauses). These make it possible for users to write their own financial instruments, without having to change the OT code itself. To read more about this concept, see Nick Szabo:
-- The philosophy of the software is based around the SEPARATION OF POWERS (issuers and transaction servers being separate entities -- See Loom for another example of this.) as well as the DISTRIBUTION OF RISK. For example, assets of a single type can be distributed across many many servers, AND a certain asset type can also be distributed across multiple issuers (via basket currencies.)
-- Future (possible or planned) instruments include: Interest-bearing bonds, dividend-paying stocks, real bills, and collateralized debt obligations. These features aren't available yet, but they are easy to add given the existing OT infrastructure.
-- All communications are secured with OpenSSL. All messages are also signed and encrypted. All transactions require signatures from relevant parties including the server.
-- Open Transactions is free software (GNU), written in C++, object-oriented, and includes a high-level API in Java, Ruby, Python, C, D, C++, Obj-C, C#, Lisp, Perl, PHP, and Tcl. (Also supporting JRuby, Jython, Groovy, and any other language available on the JVM.)
-- The software is fully cross-platform: Linux, Mac OS X, FreeBSD, Android, and Windows are supported with makefiles, project files, and instructions.
-- The library is transfer-protocol neutral as well as storage neutral, and could be utilized across a variety of different transfer protocols and storage systems. The current test server and client use the ZeroMQ library for messages, and a storage abstraction is employed to make it easy for you to swap in any storage method you need. (Filesystem by default, but you can store anywhere.)
submitted by soapjackal to Anarcho_Capitalism [link] [comments]

[Table] IAmA: I was a professional password cracker who taught government agents who's now working on a secure distributed communications & computation platform with bitcoin instead of upvotes. AMA!

Verified? (This bot cannot verify AMAs just yet)
Date: 2014-05-03
Link to submission (Has self-text)
Questions Answers
a more serious question, what is password cracking like? Bruteforcing hashes, looking through source code for vulnerabilities, doing advanced maths or something fourth? First I'd try to figure out if the software was merely using access denial or encryption. With access denial, the data isn't encrypted, but the software won't show you the data without the password. For purposes of criminal forensics, you're not allowed to change the data in any way for it to be admissible in court, but getting access to the file before you have a password can often be helpful. To figure that out, I'd just look at the file in a hex editor; if I could read it, it wasn't encrypted. The next easy step is to scan the program for cryptographic constants; these are things like s-boxes or tables of rotation constants or such that tell me what crypto functions, if any, are being used. For example, if I see 637c777b anywhere, I know it's probably using AES. If I see 77073096, that's a CRC32. If I see 67452301, it's using MD5. After that I'd use a debugger and a program like IDA Pro to start at the point where you type the password and figure out what the program does with it. This is what often took the most time and was the most tedious. Early versions of MS Access, for instance, just XORed the password with a fixed constant; anyone could break those passwords immediately. The toughest one that I was able to break was the encryption on WinZip; it was much better than most stuff I ran into, but still weak enough that I could break it. That was the one I enjoyed the most, like an extra-challenging Sudoku or something.
The hash function wasn't cryptographically strong, so I was able to run a lot of it backwards and get a enough constraints on the input to skip most possibilities. What is this process called if I wanted to learn about it in an academic setting? Cryptanalysis.
WinZip; it was much better than most stuff I ran into Is it any better than 7Zip? My attack was on the old encryption method. WinZip has since upgraded to AES, like 7-Zip. The only way to attack an archive made by a recent version of either of these is with a dictionary attack, trying every password.
What was the biggest password you ever cracked? Nowadays, most software companies use strong crypto, so the difficulty of cracking the password increases exponentially with the length. Back in the late 90s, it was mostly "roll your own", so the strength depended a lot more on the software than the password chosen.
That said, the password I was most pleased with was a 60-character randomly chosen password on a WinZip file using the ciphertext-only attack that later got published.
Was the content worth the effort? What was the content? The content was irrelevant to me; the fact that I had broken the encryption so thoroughly on such an important file format was the exciting bit. When it was in beta, the FBI started sending us files with suspected child porn for us to open. Thankfully I never had to look at any of it---that was someone else's job---but it felt good to know that I was able to help with that. Once we integrated it into the toolkit, of course, the FBI would just use our software themselves.
Now, though, I think that it's more important that people be taught what is right and have freedom---even if such drimes still exist---than to have a society in which every activity is so policed that crime is impossible. I think we should make it hard for the government to do such enormous, sweeping surveillance as we've discovered they've been doing.
If there's sufficient evidence to suspect someone of a crime, the government has plenty of resources to target that individual, and no software will prevent them getting the information they want. Splicious, if it is funded, will help in preventing surveilllance at national scales.
It's funny how no one seems to be responding to the thing you're actually talking about... it seems to me you're raising awareness about splicious. Can you say more about that? EDIT: I need to make clear that it doesn't fully exist yet! We need money to continue to make it real.
As I wrote above, it's a platform for encouraging the creation and curation of content. The idea is to reward both those who create content and those who share it. You may have seen that picture of handing out Facebook likes to 3rd world kids; merely "liking" something or upvoting it doesn't actually help somebody make a living. So all likes/upvotes have real money behind them in this system. The originator of content gets 90% of each upvote, while the remaining 10% is distributed down the chain of resharers to the donator.
We want artists and musicians to use it, but also scientists, authors, and journalists. We think the journalists will be particularly interested both because of the potential to get supported directly in the wake of digital media, but also because of the security features we intend to implement, like perfect forward secrecy.
We hope scientists will like it, because big academic publishers like Elsevier charge tens of millions of dollars for bundled access to their journals and have something like a 36% profit margin. The scientists write and review the articles and edit the journals for free; Elsevier turns around and charges them for the privilege. Splicious would allow people to set up electronic journals quickly, while contributions go directly to the authors and the editors.
Could you inbox me my password if you wanted or felt the need? That would require getting Reddit's collection of password hashes. It would take some effort, but probably a lot more than would be worth my while.
Well, it used to be easier. Wow! Yeah, hopefully they learned something after that. :P.
Could you be a very rich man if you used your powers for evil? I could have in the 90s. I think the FBI are a lot better at dealing with crime on the internet now than they were then.
Hi, I'm a math/CS undergraduate and find this stuff fascinating. However, I haven't a clue how to get started. Any reccomendations on how to get into password cracking and hacking? As to your specific topics, the days of easy password cracking are largely over: any software worth spending money on will use strong crypto. The best one can usually do is a dictionary attack distributed over many computers.
Awesome! What is your ed background? When I got the job I was getting my undergrad degree in physics. I went on to get a MSc and have just finished my PhD.
How much were you taught on the job vs what you had learned through self study? All of the math I learned in school or from Schneier's Applied Cryptography. I taught myself the rudiments of programming as a kid and all my electives at university were computer science classes. I learned to read assembly code on the job.
What would you say is the most lucrative area of infosec (both for black and white hats)? If you want to make enormous amounts of money, you start a company and get bought out or have a successful IPO. That's very risky, though; if you want stable good money in infosec, go join Google's security team: I did and loved it!
Are you employed now by Google? No, I left last year to start working on splicious. I'd like to keep doing so, but we need funding!
Whats this splicious you keep referring to? It's a distributed secure communications and computation platform. It has features to encourage the creation and curation of new content, but is intended to be a general purpose secure distributed computation platform.
The computation framework is based on pi calculus; I've written a paper with Greg Meredith and Sophia Drossopolou showing that we can use Caires' sspatial/behavioral types as a security policy language and let the compiler check that the implementation fits the policy. (TL; DR: We can prove that we don't have security flaws of various kinds.)
Are you Hackers or War Games fan? I loved it when you nuked Las Vegas. Suitably biblical ending to the place, don't you think?
Have you ever hacked people? Not without their permission.
That sounds a bit weird. Hahahaha. It's not much weirder than tattooing: Link to
Of course they still had to get the hashes somewhere, but there are some pretty powerful tools in the public domain these days, who knows what is behind the curtains in the federal side of the house...(proposed quantum computing password cracking for instance) People simply don't have the ability to remember passwords that are strong enough to resist the password crackers. If your service has the option to use two-factor authentication, use it; when attackers steal gmail accounts, the first thing they do is turn it on, because it makes it virtually impossible for the owner to get it back. If your service doesn't have 2-factor auth, use a long passphrase. Here's some math: if you just use lowercase letters and have a 16-character password, there are around 1022 passwords to try. If you start using numbers, too, there are around 1024, so a hundred times harder. But if instead you double the length of the password, there are around 1044, which is a sextillion times harder. Quantum computation is certainly interesting to the NSA, but the technology isn't up to code cracking yet; scientists are just at the edge of beating the error bound necessary for quantum computations with more than a handful of qubits. Link to
How could a regular person like me learn the basics of this? What did you mean by "this"? Reverse engineering, password cracking, or secure distributed communications?
All of it and where should one start? I've done custom rainbow salt sables and attempted wpa2 attacks for fun and cracking hashes using Cain and Able. For reverse engineering, is the place to be. Get a copy of OllyDBG and IDA Pro; there is an older version available for free. Here's a reasonable intro to some of the techniques: Link to
Actual question how good is router security with passwords for example can you or have you hacked a router (guessing default passwords don't count)? I haven't ever tried breaking router passwords; I have my own router, so I don't need to use anyone else's.
Are you the guy that made this video: Link to ? Yep. In addition to the content creation and curation stuff, there's also a notion of controlling who gets access to personal information. In the video, I drew how Alice can prevent Bob from knowing her name or address while still proving that she's 21.
But we need money to make it real.
Are you in fundraising mode? Are you doing crowd funding? Do you have a site? Yes, we're doing crowd funding. The site is linked in the description.
How is there such a huge disconnect between you and I? I send hours on the computer and can't do shit with it other than reddit and excel spreadsheets. How do you get into it? Is it a lot of reading? How does it work? I think you become good at doing what you spend time on, and you tend to spend time on things that you like doing. I learned this stuff because it made me happy. I get a thrill out of this sort of thing, so I keep coming back.
That said, with enough hard work, you can become good enough at something that it's no longer a drag: playing piano for the first few years sucks. Who wants to sit there plunking out "Mary had a little lamb"? But once you have the skill to actually read music and play it, then you're free to explore all your musical tastes. After you've played a lot of the music you love, you get a feeling for chord changes and what sounds good to you, so you can improvise your own music.
It's the same way with math and programming: there's some hard stuff at the start, but once you become good enough at it, you can start behaving like an artist and do your own thing.
The equivalent of learning "Mary had a little lamb" is introductory programming sites like KhanAcademy or codeacademy or or a bazillion others.
What do you think of the new NSA, using the Patriot Act? I think the Patriot Act traded an enormous amount of liberty for what turned out to be virtually no increase in security.
Is that the same platform that this ex-Googler was talking about in this video Link to Yes, that's Vlad Patryshev. He was one of the guys who made Orkut. He was actually really excited about splicious and said, "I've been waiting for this since FidoNet."
Thanks. I'll look into all that. Lol, well that's a different story, a lucky one too. So you had no knowledge or experience with programming and they just hired you? What degree were you going to go after if you went to collee? Oh yeah, did you end up going to college after all or you just stuck with the job and learned from them? I had plenty of programming experience, but no crypto experience. I couldn't decide for a while between computer science and physics. Eventually I compromised and got a degree in applied physics; basically, all my electives were CS. I finished my bachelor's degree, then lost the job when the dot com bubble burst, went to New Zealand and got a MSc in CS, then started a PhD but ran out of money, went to work for Google's security team and started working on the PhD part time. I worked there for six years, then quit to work on splicious. I just finished the thesis and will defend later this year.
I might be late to the party, but what do you think of the XKCD password comic? This is the method I'm currently using with the help of Make Me A Passwords generator. It's spot on. When given the option, use long phrases rather than gibberish. LastPass can manage your online passwords by generating very long gibberish but only require you to use something memorable.
You actually suggest LastPass over KeePass(X)? I was using LastPass as an example of the genre, like how the southern US refers to any carbonated soft drink as "coke". I haven't made an extensive study of the offerings.
Are you Jesus? 'cause you look a lot like him. I was babysitting with another guy for a group of moms once, and when one of the moms dropped off her young kid---maybe four or five years old---he got really big-eyed and nervous. I thought he was afraid of the beard and hair: sometimes people would cross to the other side of the street when they saw me coming. So I invited him in, showed him the toys, and we all played and had a good time.
When his mom came to pick him up, he ran over and said, "Jesus is fun!"
Hey Mike, my understanding is that you've built a distributed platform and also adding on bitcoin support so that every post you make on splicious could potentially generate revenue. i would say that it's a new take on an alternate virtual economy and want to try as soon as they allow public use. are you planning to add some kind of reputation system to it? say, if i want to look for something a'la craig's list style rather than post my poetry? We've been thinking about reputation systems, but don't have any firm plans. Part of the problem with reputation systems online is that people do "pump & dump", using their reputation to steal something. If anyone has ideas or references about fighting this, please PM me.
Was most of your work just using parallelism brute forcing, or did you look for vulnerabilities in encryption standards. Also what is your opinion on the vulnerabilities of dual eliptic curve cryptography? Nearly all of my work was cryptanalysis of the relatively weak cryptography that was prevalent in the late '90s. We started turning to parallelism when MS Word improved its crypto to the 40-bit stuff that was the limit for software you could export.
The vulnerability in the PRNG for dual ECC was clearly inserted by the NSA and weakened everyone's crypto, even the US military and government's. I'm surprised that there's not more outcry from the other government organizations.
Last pass gotta remember that one. The o e thing I'm worried about though is my email is under yahoo and I've heard they are famous with being hacked because of crappy protection programs or leaks even is this true? Looks like Yahoo has 2-factor auth available. If you turn it on, then even if crackers do figure out your password, they won't be able to log in with it because they don't have your phone. That's the single best thing you can do.
Can you explain this like you would to someone who's never heard of hacking? There's no password you can remember that would stand up to modern cracking software. If you use a long passphrase, you might stand a chance. 2-factor auth is the only way to stay safe.
Can you tell me how to turn it on in a pm please. I'll just put it here, since everyone ought to know this: Link to
What's your computelaptop specs? I had a Macbook Pro, like most of Google security team, and got myself another when I left. It has all the benefits of unix with really nice hardware and good suport.
What makes one password cracker different than another? Edit: Wonderful beard. Generally it's how well they take advantage of the parallelism in the GPU. And thanks!
Do you feel That bitcoin as a currency will make it even with all of the theft and ease at which people are being hacked and having coins stolen. I have no particular attachment to bitcoin as a currency. Ben Laurie, for example, has some excellent points about how to keep bitcoin secure, you either have to trust the software authors or spend half of all computing power for the rest of eternity. If you're going to trust people, there are much more efficient ways to mint money. Link to
For our purposes, bitcoin provides a fairly simple micropayments service; any other distributed currency would probably work just as well.
We also don't store the wallets ourselves; we use
I feel the success will be based on micro payments. IE reading a Wall Street journal article for a .05 or .10 fee and not having to buy the whole newspaper or article. Just my 2 cents.. Exactly. A journalist would write an article and share it with WSJ. WSJ would reshare it, and readers could support the journalist by contributing a mBTC. WSJ would get a cut and the journalist would get the lion's share.
So how hard would it to be to break a password of say"iFuCkInGHate2001!!" If crackers get hold of the file with the password hashes, nearly all passwords will be cracked, even quite long ones like yours. A similar password (18 printable chars) that has been hashed once with SHA with no salt would take less than an hour to crack on a single PC. Adding salt makes it harder to build tables where you can just look up the password instantly, but no slower to just brute force.
People REALLY need to use 2-factor auth to be secure.
So what can a person like me who doesn't know much on how to make a password more secure, except making it super long and complex to do to " feel safer" of not getting hacked. First, choose reputable services like GMail, where they take security very seriously. A cracker who can't get to the database of password hashes is forced to attempt to log in repeatedly, which can be detected and throttled to a safe rate.
Second, use 2-factor auth if it's available.
Third, use something like LastPass that generates a long random password for each site and stores it encrypted under a single password that you remember. You never type that password into anything online.
I bet your computer is awesome It's a Macbook Pro.
Last updated: 2014-05-09 00:53 UTC
This post was generated by a robot! Send all complaints to epsy.
submitted by tabledresser to tabled [link] [comments]


was talking about Bitcoin. I had asked Ben to write in the past, but things never quite worked out, so it seemed natural that I try an interview instead, which did allow me to ask Ben about some things that I was curious about. Rik: I read your Wikipedia page and learned that you’ve been working for Google for years. But you are also a Visiting Fellow at Cambridge University’s Computer ... Ben Laurie is a software engineer, protocol designer and cryptographer.He is a founding director of The Apache Software Foundation, a core team member of OpenSSL, a member of the Shmoo Group, a director of the Open Rights Group, Director of Security at The Bunker Secure Hosting, Trustee and Founder-member of FreeBMD, Visiting Fellow at Cambridge University's Computer Laboratory, a committer at ... Ben Laurie on BitCoin Cory Doctorow 2:40 pm Sun May 5, 2013 I wrote yesterday about Dan Kaminsky's excellent thoughts on BitCoin, and wished aloud for comparable work from Ben Laurie. The conspiracy theory economics of Bitcoin; The DAO: the steadfast iron will of unstoppable code ; Tag:ben laurie. What ordinary people think a “blockchain” is — and the weasel term “Blockchain Technology” by: David Gerard; In: Uncategorised; On Apr 29,2019; Comments: 0 ; Tags: ben laurie, blockchain, certificate transparency, uber; Ordinary people project all manner of things onto ... Ben Laurie is a respected cryptographer (he maintains OpenSSL and is in charge of security research for Google) and he's skeptical of BitCoin, a virtual, cryptography-based currency that has ...

[index] [18221] [18420] [4660] [33004] [5782] [28594] [22036] [23380] [22238] [9162]


Jim Rickards: economic freeze is here, get gold, silver if you can and get ready - Duration: 25:41. Kitco NEWS 706,655 views ben laurie Videos; Playlists; Channels; Discussion; About; Home Trending History Get YouTube Premium Get YouTube TV Best of YouTube Music Sports Gaming ... Please help me spread the crypto message by supporting my Bitcoin Ben meetups by joining my Patreon group. BITCOIN BEN TEXAS MEETUP TICKETS! SEE YOU GUYS THERE!! Please help me spread the crypto message by supporting my Bitcoin Ben meetups by joining my Patreon group. ... Pastor Greg Laurie Recommended for you. 50:07. How The Economic Machine Works by Ray ... Ben Laurie uploaded and posted 5 years ago Add a message to your video. 8:33. Summer Spearfishing Bay Of Islands 2015 - Duration: 8 minutes, 33 seconds. Ben Laurie. 5 years ago; 2,527 views ; Been ...