Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Friday April 20 2018, @09:20AM   Printer-friendly
from the peer-to-peer-to-pocket dept.

Cryptographic currencies are an ongoing source of comedy gold rather than actual gold. Values wildly fluctuate. After being repeatedly asked about crypto currencies, I investigated in more detail. I was aware of leading currencies, such as BitCoin, Ethereum, Monero, ZCash and, after a ridiculous conversation at my local makerspace, pornographic currencies, such as WankCoin, TitCoin, TittyCoin, AssCoin and ArseCoin. Of these, TitCoin is the most viable. Why? Young women, colloquially known as cam-whores, install applications and get paid TitCoin in exchange for showing their breasts or more explicit acts. Surely TitCoins are worthless? No, cam-whores exchange TitCoin for BitCoin which can be used to obtains drugs, designer clothing or high value gadgets via illicit channels and/or major retailers.

That explains why people sell TitCoin but who buys it? The ownership of many cryptographic currencies are skewed towards early adoptors. Most famously, a pizza was exchanged for 10000 BitCoin. In Dec 2017, the same currency had a market value exceeding US$200 million. Indeed, the mysterious Satoshi Nakomoto, who released a working BitCoin implementation in Jan 2009, should be listed as one of the world's richest people. Such people want to diversify out of major cryptographic currencies into minor alternatives - even ones such as DogeCoin which started as a variant of a LOLCat joke and now has a market capitalization exceeding US$50 million. People who quite obviously haven't done any due diligence are also buying a broad spread of currencies.

Many people speculate about the identity of Satoshi Nakomoto. Some speculate that he is a Brit with yellow fever who works late. Others speculate that he is a time traveller from the future and this is more plausible than some theories. I thought there was an unlikely possibility that he was one of the regular customers from my time working in an Internet café. During this period, said customer described to me a "picket fence" data-structure where each block signs the last and a grid of computers sign each other's blocks. Said customer appears to alive, well and living a perpetual holiday on a tropical island. Reading the original paper from Satoshi Nakomoto neither confirmed nor refuted my suspicion but it does much to resolve hand-waving descriptions from journalists who don't understand anything or people who willfully mis-understand because they have something to sell.

Remember all of the fun we had with file sharing? BitTorrent and its many derivatives are able to transport large quantities of data with fidelity due to integrity checks provided by tiger trees or Merkle trees where each branch has two children. This binary tree allows a BitTorrent peer to rapidly discard blocks of data with checksum failures. BitCoin and its many derivatives gain integrity from a Merkle chain where each branch (usually) has one (persistent) child. If multiple blocks have a valid checksum, there is a strict preference for the block which advances the most transactions.

At this point, I had enough understanding to look for weaknesses, such as deliberately processing small blocks of data to get ahead of parties with more resources. This doesn't work. I also considered weaknesses in the cryptography. BitCoin's Merkle chain uses two rounds of SHA256. This was considered bad practice when released and I was specifically told this by the picket fence guy. However, after Edward Snowden confirmed that SHA was deliberately weakened by the NSA, it appears that BitCoin may have been structured with inside knowledge (or the fore-knowledge of a time traveler). The integrity of the first "genesis" block is also predicated on no inside knowledge and no tricksiness with hashes. For all evaluated schemes, the block hashing and public key wallets are vulnerable to quantum attack. Schemes with zero-knowledge proofs offer no additional protection.

People have been preoccupied by the details of various financial schemes and I am reminded of the Douglas Adams quotation "This planet has - or rather had - a problem, which was this: most of the people living on it were unhappy for pretty much of the time. Many solutions were suggested for this problem, but most of these were largely concerned with the movement of small green pieces of paper, which was odd because on the whole it wasn't the small green pieces of paper that were unhappy." Despite this, I thought that the major attack surface was the cryptography - until I looked at the code. I forgot that BitCoin had forked repeatedly but the original paper has a reference to what is now "BitCoin Classic". Code for this is run from a GitHub repository which runs on a continuous development cycle with no tagged branches or releases - or any more professionalism than the toy projects which I post on SoylentNews. After downloading a 7MB PKZip and looking at the contents, my initial response was "Oh, holy crap! I'd rather run systemd!" It requires the Boost C++ financial library. Unfortunately, that's the good part. By volume, the majority of the code is C++ templates to implement a custom peer-to-peer protocol. That would be the magic part of Magic Internet Money and it appears to have less due diligence than the average SSL library. The protocol may have multiple buffer overflows. I considered this and I concluded that a worthwhile attack would be to re-write wallet addresses so that nodes in a network profit the attacker rather than their owner. I mentioned this at my local makerspace and I was told this couldn't be possible. Within two weeks, SoylentNews reported an ASIC mining implementation which was vulnerable to this attack. With limits, it is also possible to get a node to mine the attacker's choice of currency.

Even if a reference implementation is clean and compiled with a clean, bug-free compiler, derivative implementations may be tweaked for throughput and have any type of critical bug. There is also the matter of Turing complete scripting for cryptographic currencies. Some people consider this a feature because it allows "smart contract" state machines. However, implementation has been quite lacking. Ethereum gets most of the attention in this matter. For example, a bad method invocation cost speculators US$36 million. However, BitCoin implementations also have some of this functionality. Specifically, BitCoin contains a virtual machine with two stacks. Ordinarily, I strong advocate the use of virtual machines with two (or more) stacks but not without back-checks, on flaky x86 servers, which are readily hacked, via a protocol implemented outside of the virtual machine, known to have critical bugs.

Cryptographic currencies have other problems. Key management remains a cryptographic problem and it is fairly guaranteed that keys from the top 10 wallet management applications are snooped and stored by various governments. As an example, the US Government had no difficulty when recovering funds from the SilkRoad trading system. There is also the matter of Byzantine General Problem. Although it is demonstrably solved when the number of nodes is relatively constant, it does not cover the case a net split. So, when China, Iran, Turkey or the Fourth Reich Of North America disconnects from the Internet, buy TitCoin, spend it lavishly and enjoy yourself. When the connection is restored and the block chains reconcile, the Magic Internet Money may find its way back to you. At this point, go and invest in something which is only moderately insane, like pork belly futures.

The current state of digital money shows promise but it also shows that so much more can be achieved. The perfect currency is:

  1. Widely accepted.
  2. Cannot be stolen.
  3. Cannot be traced.
  4. Cannot be unilaterally diluted.

Historically, the full set of attributes was considered to be an absurd contradiction. In a mythical world where bugs get fixed before features get written, we can have a digital currency which has all of this and more. However, there are some baseline attributes which have been implicit in physical artifacts and now need to stated explicitly. In the manner that database consistency has four criteria and object oriented programming has four criteria, digital currency also requires four criteria:

  1. Currency requires scarcity. The ideal digital currency is fully instantiated from the start. Any scheme which is unbounded (Ethereum) or deferred (BitCoin) dilutes in an attempt to lure speculators. Multiple scams have been executed with undifferentiated BitCoin code.
  2. Currency must not be Turing complete. To quote Doge: Much bad.
  3. Currency must work outside of a server environment where mains electricity and global network routing are not guaranteed. At present, digital currencies are a proxy for energy consumption. In the long-term, a system is required which has an unrestricted light-radius; suitable for Earth, Mars and beyond.
  4. Currency must mitigate against cryptography failures.

Under current power structures, a full or partial solution is a very bad idea. The type of person who is most able to understand and develop digital money is more likely than average to fall afoul of such a system. This year, you may profit from digital currency. Next year, you may not be able to feed yourself or shelter yourself without a government approved, government authorized mark. Digital money isn't going to disappear but liberty is at risk if we don't develop a system which meets the four criteria of traditional money and the four criteria of digital money.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by legont on Saturday April 21 2018, @01:12AM (1 child)

    by legont (4179) on Saturday April 21 2018, @01:12AM (#669874)

    According to IRS they are basically property and gain/loss is taxed as capital gains. This means that every transaction has to be recorded by the user and submitted to the IRS. No, you can't get a summary form similar to 1099. You better have each and every transaction reported (and the way you calculate your gain is currently murky at best) and archived for 7 years. Since there is no guarantee that your exchange survives, you better do it yourself or else. https://www.irs.gov/newsroom/irs-virtual-currency-guidance [irs.gov]

    It looks to me that, at least legally, every purchase has to be recorded as crypto coin conversion to dollar and the user is legally responsible for keeping the records. I'd be very hesitant to operate in such an environment.

    --
    "Wealth is the relentless enemy of understanding" - John Kenneth Galbraith.
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 0) by Anonymous Coward on Saturday April 21 2018, @02:18AM

    by Anonymous Coward on Saturday April 21 2018, @02:18AM (#669902)

    fuck the degenerate scum at the IRS. are you a man or a mouse, ffs?