Thursday, April 26, 2018

Cryptographers On Blockchains

David Gerard's April 21st blog post is a real linkfest. Below the fold, commentary on four of the links.

Radia Perlman is a cryptographer, an ACM Fellow, and was a Distinguished Engineer with me at Sun Microsystems. Last June I pointed to Blockchain: Hype or Hope?, her skeptical take on blockchain technologies. At the recent RSA conference, a bevy of even more prominent cryptographers were equally skeptical:
[Ron] Rivest's peers on the panel added to the critique. He was joined on stage by Adi Shamir, Borman professor of computer science at The Weizmann Institute in Israel; public-key cryptography pioneer Whitfield Diffie currently the cryptographer and security expert at Cryptomathic; Paul Kocher, a security researcher and consultant; and Moxie Marlinspike, the founder of Signal.
Here's an example from Ron Rivest:
Blockchain is often viewed as security pixie dust," said Ron Rivest, ... The message is "any application you have can be made better and more secure with blockchain." Rivest said the technology has interesting properties - decentralized, public access and immutable - but it fails on scale, throughput and latency.
Rivest is certainly right about throughput. One example that should debunk claims that blockchains can scale comes from last December. The Ethereum blockchain struggled under the load of a simple game:
Ethereum has historically made bold claims that it is able to handle unlimited decentralized applications — to the extent to potentially rival the internet. However, this network disruption has brought caution to accepting that claim. ... The Crypto-Kittie app has shown itself to have the power to place all network processing into congestion.
How many users did it take to cripple the network? It was far fewer than non-blockchain apps can handle with ease:
Citing data from DappRadar, Greylock community lead Chris McCann reports that CryptoKitties has fewer than 1,000 daily active users. Granted, interest has sharply declined over the past few months, but he estimates that even at its peak the DApp likely only had about 14,000 daily users. Neopets, a game to which CryptoKitties is often compared, once had as many as 35 million users.
The MIT Media Lab's Defending Internet Freedom through Decentralization study demonstrated how small the user populations of distributed applications were when compared to popular centralized ones:
Facebook has 1.37*109 daily users, so it is about 22,800 times bigger than Diaspora.
Cryptowall ransom payments
Another case in which the hype around cryptocurrencies exceeds reality is their use for ransomware payments. On the Economic Significance of Ransomware Campaigns: A Bitcoin Transactions Perspective by Mauro Conti, Ankit Gangwal and Sushmita Ru who:
analyzed the economic impact (ransoms extorted in Bitcoin) of all the recent ransomware: (i) that used Bitcoin as at least one mode of ransom payment, and (ii) for which at least one Bitcoin address is publicly known.
The income from ransomware turns out to be significant, but much less than the hype would lead one to believe:
By far the most profitable form of ransomware turns out to be CryptoWall, which began infecting Windows computers in November 2013. It encrypted the files using the RSA-2048 encryption algorithm and then demanded a payment of up to $1,400 to release them.
Between its release and December 2015, Bitcoin addresses associated with this malware received $2.2 million in Bitcoin payments and a further $2.3 million in higher-value transactions, which Conti and co suspect may also be ransom payments.
Finally, Gerard links to Jemima Kelly's We ran away with your bitcoins!! LOL, JK in the ICOmedy series:
Yesterday, the website and Telegram channel of a hitherto unknown crypto token called Savedroid suddenly went down.

Nobody was quite sure whether this was an elaborate marketing ploy, the site had been hacked, or investors had fallen prey to the kind of exit scam that has tarnished the reputation of an otherwise totally credible and legit industry: that of the initial coin offering (ICO), in which money is raised in return for absolutely nothingdigital tokens and kitties.

All that was left on Savedroid's website yesterday was this South Park meme (screenshot by Bloomberg):
Apparently, unlike many ICOs, Savedroid wasn't an exit scam:
It turns out that it WAS just a joke, though. A video message from Hankir was posted on the site today to explain, along with the following message:
AND IT'S NOT GONE. Savedroid was here, is here, and will be here.
Loooooool. I'm literally ROFLing.

But wait! This was not meant to be funny, it seems. This was actually a very serious message about how higher standards are needed in the ICO industry.
SaveDroid expected return
Instead, its just the regular kind of ICO scam:
For further proof of Savedroid's credentials, just look at this chart from their web site showing the expected return from the SVD token (which reminds us of another fun chart from the non-crypto world):
Savedroid is based in Germany; maybe the German regulators are a little behind the US ones in addressing ICO scams.


David. said...

In Blockchain insiders tell us why we don't need blockchain Jemima Kelly reports on a hearing of the British Parliament's Treasury Select Committee about blockchain technology. The MPs evidently got to hear some real gems, for example from:

"Chris Taylor, chief operating officer at Everledger, a company that is trying to use the blockchain to track (and miraculously “protect”) diamonds and other assets. Here's an excerpt from his contribution:

'It's the same as any system - it's garbage in, garbage out. So you've got to make sure that the participants that you're allowing to contribute to the network are trustworthy.'

He said it, not us. A blockchain is the same as any system. If you feed garbage into it, it will feed garbage back out to you. And if you accidentally feed garbage into it, you can't change it, because immutability!"

Wasn't the point supposed to be that blockchains eliminated the need for trust?

David. said...

Izabella Kaminska and Martin Walker's written testimony to the British Parliament's Treasury Select Committee's Digital Currencies Inquiry is comprehensive and well worth reading.

David. said...

On Dave Farber's IP list, John Levine nails it:

"People who understand databases realize that blockchains only work as long as there are incentives to keep a sufficient number of non-colluding miners active, preventing collusion is probably impossible, and that scaling blockchains up to handle an interesting transaction rate is very hard, but that no-government money is really interesting.

People who understand economics and particularly economic history understand why central banks manage their currencies, thin markets like the ones for cryptocurrencies are easy to corrupt, and a payment system nees a way to undo bogus payments, but that free permanent database ledger is really interesting.

Not surprisingly, the most enthusiastic bitcoin and blockchain proponents are the ones who understand neither databases nor economics."

David. said...

HODL-ing isn't as easy as you might think:

"Behind the guards, the blast doors and down corridors of reinforced concrete, sit the encrypted computer servers -- connected to nothing -- that hold keys to a vast digital fortune.
Their bet is that Bitcoin is here to stay, and so is its biggest scourge, theft.
retrieving Bitcoin from the vault takes about two days. The company verifies a client’s identity and authenticates the request before manually signing the transactions with private keys from multiple vault locations. Approval from three separate vaults is required for any transactions to be authorized."

So much for BTC as a medium for transactions!

David. said...

David Gerard's From Sia: an incendiary post on the state of cryptocurrency mining in 2018 ends:

"If you first assume every detail of cryptocurrency is just ridiculously corrupt, you’ll be more correct than not."

He's talking about David Vorick's must-read The State of Cryptocurrency Mining:

"The biggest takeaway from all of this is that mining is for big players. The more money you spend, the more of an advantage you have, and there’s not an easy way to change that equation. At least with traditional Nakamoto style consensus, a large entity that produces and controls most of the hashrate seems to be more or less the outcome, and at the very best you get into a situation where there are 2 or 3 major players that are all on similar footing. But I don’t think at any point in the next few decades will we see a situation where many manufacturing companies are all producing relatively competitive miners. Manufacturing just inherently leads to centralization, and it happens across many different vectors."

This is what I've been saying since 2014.

David. said...

"By the end of this year, Bitcoin may account for a whopping half of a percent of the world’s total energy demand. It doesn’t sound like much, but that is roughly equivalent to the energy needs of Austria, a country of nearly nine million people. This sobering prediction was made by financial economist Alex de Vries and published on Wednesday in Joule, marking the first time that the energy consumption of Bitcoin has been quantified in a peer-reviewed journal." reports Daniel Oberhaus in Nobody Knows Exactly How Much Energy Bitcoin Is Using