Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Friday April 20 2018, @09:20AM   Printer-friendly
from the peer-to-peer-to-pocket dept.

Cryptographic currencies are an ongoing source of comedy gold rather than actual gold. Values wildly fluctuate. After being repeatedly asked about crypto currencies, I investigated in more detail. I was aware of leading currencies, such as BitCoin, Ethereum, Monero, ZCash and, after a ridiculous conversation at my local makerspace, pornographic currencies, such as WankCoin, TitCoin, TittyCoin, AssCoin and ArseCoin. Of these, TitCoin is the most viable. Why? Young women, colloquially known as cam-whores, install applications and get paid TitCoin in exchange for showing their breasts or more explicit acts. Surely TitCoins are worthless? No, cam-whores exchange TitCoin for BitCoin which can be used to obtains drugs, designer clothing or high value gadgets via illicit channels and/or major retailers.

That explains why people sell TitCoin but who buys it? The ownership of many cryptographic currencies are skewed towards early adoptors. Most famously, a pizza was exchanged for 10000 BitCoin. In Dec 2017, the same currency had a market value exceeding US$200 million. Indeed, the mysterious Satoshi Nakomoto, who released a working BitCoin implementation in Jan 2009, should be listed as one of the world's richest people. Such people want to diversify out of major cryptographic currencies into minor alternatives - even ones such as DogeCoin which started as a variant of a LOLCat joke and now has a market capitalization exceeding US$50 million. People who quite obviously haven't done any due diligence are also buying a broad spread of currencies.

Many people speculate about the identity of Satoshi Nakomoto. Some speculate that he is a Brit with yellow fever who works late. Others speculate that he is a time traveller from the future and this is more plausible than some theories. I thought there was an unlikely possibility that he was one of the regular customers from my time working in an Internet café. During this period, said customer described to me a "picket fence" data-structure where each block signs the last and a grid of computers sign each other's blocks. Said customer appears to alive, well and living a perpetual holiday on a tropical island. Reading the original paper from Satoshi Nakomoto neither confirmed nor refuted my suspicion but it does much to resolve hand-waving descriptions from journalists who don't understand anything or people who willfully mis-understand because they have something to sell.

Remember all of the fun we had with file sharing? BitTorrent and its many derivatives are able to transport large quantities of data with fidelity due to integrity checks provided by tiger trees or Merkle trees where each branch has two children. This binary tree allows a BitTorrent peer to rapidly discard blocks of data with checksum failures. BitCoin and its many derivatives gain integrity from a Merkle chain where each branch (usually) has one (persistent) child. If multiple blocks have a valid checksum, there is a strict preference for the block which advances the most transactions.

At this point, I had enough understanding to look for weaknesses, such as deliberately processing small blocks of data to get ahead of parties with more resources. This doesn't work. I also considered weaknesses in the cryptography. BitCoin's Merkle chain uses two rounds of SHA256. This was considered bad practice when released and I was specifically told this by the picket fence guy. However, after Edward Snowden confirmed that SHA was deliberately weakened by the NSA, it appears that BitCoin may have been structured with inside knowledge (or the fore-knowledge of a time traveler). The integrity of the first "genesis" block is also predicated on no inside knowledge and no tricksiness with hashes. For all evaluated schemes, the block hashing and public key wallets are vulnerable to quantum attack. Schemes with zero-knowledge proofs offer no additional protection.

People have been preoccupied by the details of various financial schemes and I am reminded of the Douglas Adams quotation "This planet has - or rather had - a problem, which was this: most of the people living on it were unhappy for pretty much of the time. Many solutions were suggested for this problem, but most of these were largely concerned with the movement of small green pieces of paper, which was odd because on the whole it wasn't the small green pieces of paper that were unhappy." Despite this, I thought that the major attack surface was the cryptography - until I looked at the code. I forgot that BitCoin had forked repeatedly but the original paper has a reference to what is now "BitCoin Classic". Code for this is run from a GitHub repository which runs on a continuous development cycle with no tagged branches or releases - or any more professionalism than the toy projects which I post on SoylentNews. After downloading a 7MB PKZip and looking at the contents, my initial response was "Oh, holy crap! I'd rather run systemd!" It requires the Boost C++ financial library. Unfortunately, that's the good part. By volume, the majority of the code is C++ templates to implement a custom peer-to-peer protocol. That would be the magic part of Magic Internet Money and it appears to have less due diligence than the average SSL library. The protocol may have multiple buffer overflows. I considered this and I concluded that a worthwhile attack would be to re-write wallet addresses so that nodes in a network profit the attacker rather than their owner. I mentioned this at my local makerspace and I was told this couldn't be possible. Within two weeks, SoylentNews reported an ASIC mining implementation which was vulnerable to this attack. With limits, it is also possible to get a node to mine the attacker's choice of currency.

Even if a reference implementation is clean and compiled with a clean, bug-free compiler, derivative implementations may be tweaked for throughput and have any type of critical bug. There is also the matter of Turing complete scripting for cryptographic currencies. Some people consider this a feature because it allows "smart contract" state machines. However, implementation has been quite lacking. Ethereum gets most of the attention in this matter. For example, a bad method invocation cost speculators US$36 million. However, BitCoin implementations also have some of this functionality. Specifically, BitCoin contains a virtual machine with two stacks. Ordinarily, I strong advocate the use of virtual machines with two (or more) stacks but not without back-checks, on flaky x86 servers, which are readily hacked, via a protocol implemented outside of the virtual machine, known to have critical bugs.

Cryptographic currencies have other problems. Key management remains a cryptographic problem and it is fairly guaranteed that keys from the top 10 wallet management applications are snooped and stored by various governments. As an example, the US Government had no difficulty when recovering funds from the SilkRoad trading system. There is also the matter of Byzantine General Problem. Although it is demonstrably solved when the number of nodes is relatively constant, it does not cover the case a net split. So, when China, Iran, Turkey or the Fourth Reich Of North America disconnects from the Internet, buy TitCoin, spend it lavishly and enjoy yourself. When the connection is restored and the block chains reconcile, the Magic Internet Money may find its way back to you. At this point, go and invest in something which is only moderately insane, like pork belly futures.

The current state of digital money shows promise but it also shows that so much more can be achieved. The perfect currency is:

  1. Widely accepted.
  2. Cannot be stolen.
  3. Cannot be traced.
  4. Cannot be unilaterally diluted.

Historically, the full set of attributes was considered to be an absurd contradiction. In a mythical world where bugs get fixed before features get written, we can have a digital currency which has all of this and more. However, there are some baseline attributes which have been implicit in physical artifacts and now need to stated explicitly. In the manner that database consistency has four criteria and object oriented programming has four criteria, digital currency also requires four criteria:

  1. Currency requires scarcity. The ideal digital currency is fully instantiated from the start. Any scheme which is unbounded (Ethereum) or deferred (BitCoin) dilutes in an attempt to lure speculators. Multiple scams have been executed with undifferentiated BitCoin code.
  2. Currency must not be Turing complete. To quote Doge: Much bad.
  3. Currency must work outside of a server environment where mains electricity and global network routing are not guaranteed. At present, digital currencies are a proxy for energy consumption. In the long-term, a system is required which has an unrestricted light-radius; suitable for Earth, Mars and beyond.
  4. Currency must mitigate against cryptography failures.

Under current power structures, a full or partial solution is a very bad idea. The type of person who is most able to understand and develop digital money is more likely than average to fall afoul of such a system. This year, you may profit from digital currency. Next year, you may not be able to feed yourself or shelter yourself without a government approved, government authorized mark. Digital money isn't going to disappear but liberty is at risk if we don't develop a system which meets the four criteria of traditional money and the four criteria of digital money.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by Snow on Friday April 20 2018, @07:07PM (1 child)

    by Snow (1601) on Friday April 20 2018, @07:07PM (#669767) Journal

    It stores value...

    Say you are an apple farmer. You work really hard for a year and at the end of the year, you have a stockpile of 1 million apples. What good is that? They will quickly rot and storing a million apples requires a very large space. So, instead you trade those apples for currency that you can easily store and redeem at a later date for a good or a service. So, you can redeem something that has value in exchange for currency, and then exchange that currency back into something that has value.

    The store of value isn't a property of the currency itself, but rather a social construct that you can exchange this token/coin/seashell/whatever for a good or service.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 2) by JoeMerchant on Friday April 20 2018, @08:05PM

    by JoeMerchant (3937) on Friday April 20 2018, @08:05PM (#669789)

    Right, O.K. - so one might say that the U.S. dollar has a "store of value" in the 0.85 to 0.95 per year range (depending on the year) whereas the Mexican Peso often has a store of value closer to the 0.1 per year range, and your apples are closer to 0.005 store of value if stored as whole apples for a year, but perhaps that increases to 1.0 or even 1.1 for the first 5 years, if they are converted to cider, bottled and appropriately warehoused.

    I've been holding Visa stock for the past 5 years, and our current social construct that has been experiencing CAGR of 20%+ over that time, while Facebook stock grew with 37% CAGR during the same 5 years (but isn't so pretty over the past 30 days...) volatility, growth, etc. Most major currencies devalue consistently over time, conservative (low volatility) investments seem to grow at a rate roughly counter to that devaluation of the currency (meaning: they don't devalue with the currency, but rather hold steady in terms of real world value, which is kind of sad seeing how much those companies strive for growth, and yet their total value barely outpaces inflation's erosion.)

    --
    🌻🌻 [google.com]