Regulating Bitcoin

Ross Anderson has a new paper on cryptocurrency exchanges. From his blog:

Bitcoin Redux explains what's going wrong in the world of cryptocurrencies. The bitcoin exchanges are developing into a shadow banking system, which do not give their customers actual bitcoin but rather display a "balance" and allow them to transact with others. However if Alice sends Bob a bitcoin, and they're both customers of the same exchange, it just adjusts their balances rather than doing anything on the blockchain. This is an e-money service, according to European law, but is the law enforced? Not where it matters. We've been looking at the details.

The paper.

Posted on June 5, 2018 at 6:32 AM • 42 Comments

Comments

FrankJune 5, 2018 7:38 AM

It would not be secure for exchanges to move bitcoin around when customers buy and sell from their accounts. This would involve private keys being in constant danger of being exposed. Also, bitcoin is less secure when there are multiple transactions per private/public key pair. In addition, the trading system would become much more complicated to program with private/public keys needed for every type of coin. The banking approach is the only practical way.

SalvoJune 5, 2018 7:53 AM

@Frak: So you are saying that blockchain is useless?

Anyway, mining is wasting so much power for computing, that it has become an environmental problem, and it's not sustainable.

TatütataJune 5, 2018 7:56 AM

I find it interesting that technologists discuss topics pertaining to law and economics.

Many years ago I was briefly concerned with the question of determining the exact point in time funds are reputed to have passed from the payer to the payee. A payment I made to a German public authority was considered to have been made exactly one day past the deadline. This caused a number of legal problems that required much effort to rectify.

What happened was that the receiving bank sat all of three working days (straddling a weekend) on an electronic funds transfer before crediting the payee's account, even though my own account had been immediately debited by the originating bank, who signalled this to that bank in a payment batch the very same day.

I was quite shocked, and researched the subject. I found quite a body of literature (Doctoral Dissertations) analysing the theory of banking transactions. I was particularly interested in treatises pertaining to credit card transactions, as that option had been available to me, and it seemed to me strange that one means of payment was treated much less generously than another, even though it was a far more secure one. It appears that there are several competing theories surrounding credit card payments as to which party holds the bag during the transaction at each point in time.

I expect that legal scholars have begun to study these questions surrounding bitcoins, and they have indeed, although the catch is still meagre. There is a 228 page book from 2017 called "Cryptocoin Schulden" (Crypto Coin Debts), I expect many more will be written.

As to my own problem, I learned that three days was indeed the maximum delay for executing a bank transfer under the previous provisions of the German Civil Code (§675 BGB). I guess that these were conceived in the 30s or 50s, and banks just abused this facility to shave their pennies of interest, even as the transfers technology evolved from carting paper slips through clearing houses, to couriers carrying 7 or 9-track tapes in the wee hours of the night in Frankfurt/Main, to online transfers...

The EU has mandated about 10 years ago that all transfers within the SEPA (Single European Payment Area) should be completed overnight, despite the resistance of commercial banks. Whoever said that Brussels is no good? I'm looking at you, Nigel.

Returning to the paper, suggesting that central banks ought to get into the cryptocurrency business, and issue their own guaranteed devices ("I promise to pay the bearer on demand the sum of £20"), is an interesting idea, but how are the sacred interests of commercial banks protected in the long run? (And the corollary, can the consumer be liberated from them?) And would the involvement of central banks lead to an extension of the financial panopticon?

Bauke Jan DoumaJune 5, 2018 8:21 AM

@Winter
"Technology is Law and Law is Technology."

And everything is politics.

echoJune 5, 2018 8:37 AM

@Tatütata

Beware protocols which are littered with "should" and "must" especially within the English legal system. Neither are anything you can depend on especially when deviated from due to "exceptional" circumstances, or financial reasons due to "public interest".

wallyJune 5, 2018 8:53 AM

Tatütata - see the same thing in US all the time. Funds just 'disappear' for several days even though this is all EFT.

WinterJune 5, 2018 8:55 AM

@Bauke Jan Douma
"And everything is politics."

Except for reality. But many cannot understand that reality stays and bites you, even if you close your eyes.

ThothJune 5, 2018 9:28 AM

@all, Clive Robinson

I respect Ross Anderson for his fantastic work he has done in the past but the path splits when it comes to topic on Cryptocurrency.

I am not a fan of it and I don't own Cryptocurrency funds but I do help my customers who are trying to protect their funds ranging from small companies to exchanges which I am not at the liberty to reveal them due to contracts.

The problem here is the usual "Armchair Cryptography" problem where they do not stick their hands and get themselves dirty like us security engineers who see the actual picture on the ground, touch the mechanics and components and understand the hours of hard work and sleepless nights we have spent together with the people on the ground working hard to make exchanges more transparent and more accountable.

I don't see the rigidness that are required for a proper scientific paper and in my opinion is more like a personal rant than a scientific paper.

If this is the work of some new publisher, it can be taken as a sign of lack of experience .

But for someone so esteemed to publish a paper than leans closer to an opinion piece, this is rather odd.

I sometimes wonder the work and effort we Security Engineers on the ground have committed into our projects and end of the day it goes unrecognized as usual :) .

ThothJune 5, 2018 9:46 AM

@all, Clive Robinson

The only usable part is the "TaintChain" portion. Other than that is purely opinions.

Sigh ......

TRXJune 5, 2018 9:47 AM

> the receiving bank sat all of three working days ... before crediting the payee's account

I had a bank that sat on a deposit for almost exactly 72 hours. I'd deposited my payroll check, then swung by the Post Office to mail a bunch of bills. Most of which came back as "insufficient funds."

I had to take off work and go down to the bank to deal with it. Per the contract I'd signed many years ago (15 years later, they still had it on file...), yes, they could do that. Which was my "learning experience" for the faint, tiny print on the back of "sign right here..."

My new bank not only doesn't have that policy, I have it in writing that all deposits will be posted within one hour. My copy of that document is in my fire safe.

echoJune 5, 2018 10:43 AM

@Thoth

I spent several hours today discussing issues with a discrimination advocate (who played a role in a recent successful court case which I best not comment about). On of the things they acknowledged is people (i.e. none specialists without an interest in affairs on the ground and also specialists with their own ego to protect) tend to tune explanations out. There is research on this area which suggests this is a basic psychological issue too. Engineers (and other specialisms) are not noted for communication skills nor do they control the ebb and flow of media output which reaches the masses.

I'm not capable of offering a solution but would suggest people consider the assistance of other specialities like book editors and alternative advocates to help shape and pace the narrative and make sure it reaches the right ears. Not everyone can be a go-to expert like Bruce nor have the time or talent to write books as he does but other people may have the capacity for this and something might come of discussion so it may be worth a try.

MajorJune 5, 2018 12:14 PM

It makes me sad when smart people like Ross come down on the side of Big Brother.

By design, bitcoin cannot be stolen. As James said, whoever has the private key owns the bitcoin. An exchange can take on greater responsibility, but that is the exchange, not bitcoin.

After we have finished using "taint analysis" to wrap up any kind of economic freedom, BB will have many great uses for that idea. Alice once read Mao's little red book. So all of her children, her friends, her employers and employees are "tainted". I smiled at a girl on the taint list now I am tainted, my property is tainted, and my computer is tainted.

FIFO and poison distinctions will be important in creating the elaborated documentation and schedules necessary for transportation to the appropriate camps, and work farms, and ecological disposal centers. Is tattooing too old school and obvious? I mean, it's BEEN DONE.

Maybe somebody on the list could help out with biometrics. Already in progress? Super.

Oh, I'm exaggerating. Conspiracy theory. (We will know for sure when it is too late.)

AnuraJune 5, 2018 1:17 PM

@Major

If you think Bitcoin can't be stolen, then you are redefining the meaning of stolen specifically so that you can say Bitcoin can't be stolen. In reality, it's stolen quite often.

Bitcoin is a terrible idea, but interesting. Any economic system that relies on artificial scarcity is just bizarre, IMO.

JamesJune 5, 2018 1:36 PM

@Anura : Everything can be stolen if you are not being careful. Cash can be stolen, credit card numbers can be stolen, your bank account can be drained, etc. One of the idea behind bitcoin is that you don't need a stupid bank to tell you what and when to do with your money, or a stupid government to eat away your savings by inflation. Of course, there is still a long way to go ...

1984June 5, 2018 1:46 PM

@James

I think you need a visit to the wellness centre my friend banks are not the enemy they help us and protect our investments so we don't have too freedom is good and government is our best friend.

When you trade bitcoin your basically using babies brains or blood diamonds as currency this is bad and drug trafficking is bad but we like blockchain so fedcoin will be the solution

echoJune 5, 2018 1:49 PM

Crypocurrencies seem a bit stupid. Using all this hardware and energy to do nothing furiously strikes me as a bizarre obsession. Can't they create a distributed secure transaction system without burning up all these cycles?

AnuraJune 5, 2018 2:08 PM

@James

Everything can be stolen if you are not being careful.

I don't think I indicated otherwise. My point was that bitcoin doesn't offer special protections against theft; practically, banks and credit cards are much more secure because you aren't liable for fraud.

or a stupid government to eat away your savings by inflation.

I don't know why so many people see deflation as a good thing. Why should your money sitting around doing absolutely nothing grow in value over time? Inflation is theft from the savers by the public at large, and deflation is theft from the public at large by the savers. I have to say, the people sitting on heaps of cash probably need it less than the public at large. Besides, as we still maintain artificial scarcity of money, so real interest rates are generally positive - savers end up earning money by doing nothing anyway.

You are probably better burying cash in the backyard then buying bitcoin, just because the transaction costs will consume your money far faster than inflation. Plus, your backyard is probably more secure than your computer.

AnuraJune 5, 2018 2:14 PM

@echo

The point of cryptocurrency is that it gives two parties the ability to verify funds without trusting each other or a third party. If you have the trusted third party, it's relatively simple to create a secure payment system and you don't need the blockchain.

TheInformedOneJune 5, 2018 2:17 PM

A few questions: what happens when someone breaks the crypto? Could a $trillion dollars be stolen? Could entire exchanges be collapsed? Could it do more damage than setting off aerial E.M.P's over major population centers? Don't put it beyond human greed to find a way......

AnuraJune 5, 2018 2:26 PM

@TheInformedOne

Your public key is not made public until you send, just a hash of your public key, which provides some protection - if you haven't sent money, there is not going to be a practical attack to steal your money outside of cracking into your system.

If it did happen, Bitcoin users would essentially need to create a new protocol with new encryption, and give people the ability to migrate over. You'd probably want that plan implemented before the crypto is cracked, or else your currency will become worthless as people run towards the next currency.

echoJune 5, 2018 2:51 PM

@Anura

Oh. So all this energy is expended because can't stop lying? It still seems like a silly idea.

AnuraJune 5, 2018 3:06 PM

@echo

It makes more sense when you realize that bitcoin is primarily used by criminals for things like ransomware and drug deals. I mean, who even trusts their meth supplier to begin with?

MajorJune 5, 2018 4:41 PM

@anura

You seem to have a cartoonish knowledge of cryptocurrencies. Narayanan and Bonneau have a good book.

Sure bitcoin isn't perfect. I wouldn't put money I needed in it. It's an alternative in a world of people saying "I known next to nothing about X. It doesn't benefit me so we should make it illegal."

Zephyr4 June 5, 2018 4:41 PM

I like the secure ledger/contract etc. but don’t seen the coin (or, in the final analysis, the money) part. Seems like making virtual rulers and measuring sticks that can be exchanged for real, useful things, like labor, food, clothes, housing, transportation, etc. and so on so luddite. Do we really need to carry measuring sticks around all the time ? It’s the ratio of good A to good B that defines a real exchange. In the ratio, the unit drops out, no measuring stick is apparent ultimately. Everything inflates/deflates all the time relative to other things, as the acceptable ratio of the items adjusts to real requirements. So coin is nothing but a bookeeping mechanism. But if I have a big pile of measuring sticks I am rich !

AnuraJune 5, 2018 4:55 PM

@Major

If you have a response to anything I said, then respond. You made a statement that Bitcoin can't be stolen and you didn't back it up in the least. Put your money where your mouth is and defend your assertions; don't just resort to name calling. Frankly, I don't think you have displayed any knowledge about cryptocurrency.

MajorJune 5, 2018 5:05 PM

@Anura,

I have no interest in arguing with you over information that is readily available.

I have responded as I wished. Not liking it is your right.

John SmithJune 5, 2018 7:27 PM

from Anura:
"...bitcoin is primarily used by criminals..."

Evidence? I don't mean to be impolite, but you did write:

"...Put your money where your mouth is and defend your assertions..."

BobJune 5, 2018 7:41 PM

@Thoth

"But for someone so esteemed to publish a paper than leans closer to an opinion piece, this is rather odd." And destructive.

The conclusion I take from the paper:

1: "Technologists also assumed that bitcoin mixing made coins derived from innocent and stolen inputs innocuous, whereas the legal effect of attempts to conceal the source of funds is to taint the entire output."

And not to oppose the legal effect is not to oppose the idea of "guilty until proven innocent" it necessitates.

2: "Regulators should prohibit exchanges from buying and selling cryptocurrencies that are explicitly designed to evade money-laundering and terrorist financing controls."

Go ahead, prohibit cash too. Currency is more than any other thing power, put the totality of currency in the control of the state and pray for totalitarianism not to come.

3: "In the longer term, settling the legal status of digital currencies should be used as an opportunity to move operators from the proof-of-work systems that now emit more CO2 than Ireland, to alternative systems that do not do as much environmental damage, by means of a carbon tax."

I can give credit to the motion, but it ought to be questioned. First, if there is a good alternative to proof-of-work is an open question in the cryptocurrency community. Second, if proof-of-work is bad or actually good for the environment is an open question too. Some argue that it creates a foreseeable spike in demand that helps the development and adoption of technologies for clean energy.

65535June 5, 2018 7:44 PM

@ Tatütata

“I learned that three days was indeed the maximum delay for executing a bank transfer under the previous provisions of the German Civil Code (§675 BGB).”

I understand. The Float or the time it takes to deposit money in transit produce a small profit for the entity transferring the money and can cause a slight increase in the theoretical money supply and profits for the transferor. I look at the “float” as another legal confidence game [con-game] to skim money from the little guy with tiny legal print banking contracts. The skimmed amount is small of each of us little people but it builds up as many thousands of transactions occur.

[the age old float scam]

“In economics, float is duplicate money present in the banking system during the time between a deposit being made in the recipient's account and the money being deducted from the sender's account. It can be used as investable asset, but makes up the smallest part of the money supply.”-Wikipedia

https://en.wikipedia.org/wiki/Float_(money_supply)

But, no mention of the interest earned on the float by banks.

@ TRX

“I had a bank that sat on a deposit for almost exactly 72 hours. I'd deposited my payroll check, then swung by the Post Office to mail a bunch of bills. Most of which came back as "insufficient funds." I had… go down to the bank to deal with it. Per the contract I'd signed many years ago (15 years later, they still had it on file...), yes, they could do that. Which was my "learning experience" for the faint, tiny print on the back of "sign right here..." My new bank not only doesn't have that policy”

I know what you went through. I had exactly the same thing happen to me and my account had a deposit pending but still bounced checks with a nasty fee for each overdraft. I switched banks and made sure the “float” scam was much less of a problem. The float scam is still in the USA banking system but more regulated.

@ Thoth

“I am not a fan of it and I don't own Cryptocurrency funds but I do help my customers who are trying to protect their funds ranging from small companies to exchanges…“

And

“I sometimes wonder the work and effort we Security Engineers on the ground have committed into our projects and end of the day it goes unrecognized as usual :) .”

I hear you on that last point and I agree.

Next to Bitcoin:

I don’t use Bitcoin either and am still trying to see the advantage of it. As I understand the concept the blockchain makes up the accounting ledger and is used to keep track of Bitcoins and eliminate the “Central Bank” which sounds good.

The Central Banks around the world control the theoretical amount of money via the “fraction reserve” system used in common banks. Bitcoin sounds like a good idea and keeps the Federal Reserve out of our lives and possibly could eliminate hyper-inflation such a Germany experienced before World War Two [the German banks simply held a few percentage of actual capital in reserve and lent out the other 99 percent to anybody and even printed bills based on that system].

The Bitcoin seem to prevent this over lending by its traceable ledger so the currency cannot cause hyperinflation. That sound economically good but what about Bitcoin inflation of the value of goods as the 21 million limit of Bitcoins is reached? Would not this cause Bitcoins to go through the roof and purchasing production based on USD to cost a lot more? Is this a bubble in and of itself?

“The bitcoin protocol specifies that the reward for adding a block will be halved every 210,000 blocks (approximately every four years). Eventually, the reward will decrease to zero, and the limit of 21 million bitcoins will be reached c. 2140; the record keeping will then be rewarded by transaction fees solely…In other words, bitcoin's inventor Nakamoto set a monetary policy based on artificial scarcity at bitcoin's inception that there would only ever be 21 million bitcoins in total.”-Wikipedia

https://en.wikipedia.org/wiki/Bitcoin#Supply

or

https://en.wikipedia.org/wiki/Bitcoin

So Bitcoin is based upon artificial scarcity which is probably not the best model in the world. There could be many ways of abusing that "scarcity" factor.

Then the question of how to trace actual transaction seems to be explained but never works in actual practice. The Mt. Gox. Collapse showed that flaws in the crypto system design allowed for diversion of Bitcoin which was thought to be impossible at inception. I believe the bankruptcy of Mt. Gox is still ongoing partially due to the hyperinflation of Bitcoin. So much for traceable distributed “ledgers” and wallet addresses. I doubt Mt. Gox will be the last exchange failure.

https://en.wikipedia.org/wiki/Mt._Gox

Because of forks, softforks, Altcoins, mixers and so on I don’t see why fractional reserve banking of Bitcoins will not happen… cough Mt.Gox. Further, Bitcoins can be use for any transaction it seems Bitcoins are used for illegal activities on balance. I don’t see the actual method of transaction auditing, anti-money laundering and outright fraud built into Bitcoin as suggested [That is just a guess on my part].

Now, a poster has indicated the NSA may not only have used and abused Bitcoin but maybe helped invent Bitcoin.

Isaac Kudryashov on the Intercepts article on Bitcoin

https://www.schneier.com/blog/archives/2018/03/friday_squid_bl_617.html#c6772914

I don’t want to derail this tread but if the NSA is tracking Bitcoin users one would have second thoughts about using Bitcoin and ending up on some TLA’s list of trouble makers. If the above is true and the NSA is involved would not regulation hurt the NSA and probably putting regulator persons on the NSA’s black list?

AnuraJune 5, 2018 7:56 PM

@John Smith

I'll admit it may be an exaggeration. However, it's too hard to track for certain what it is used for, and numbers vary wildly. What we do know is that most Bitcoin transactions are simply for the purchase and sale of bitcoins (currency exchange) - unfortunately, these are hard to weed out. One paper showed 44%, but it's SSRN and I can't currently download from them for some reason to read the methodology and see how they separated sales from exchanges.

So of transactions that are not simply currency exchanges what are they being used for? While there are some legitimate services, it's a hell of a lot easier to use regular money for most people for most situations. To pay with Bitcoin, there is high risk due to currency fluctuation and you have to accept the potential loss. Given that you have to practically go looking for things that allow Bitcoin payments, you have to ask who puts in that kind of effort. Well, people who really really value privacy, and people buying things you can't pay for in cash. The latter is mostly illegal activity.

Based on that, I'll stand by my estimate of a majority of bitcoins are being used for criminal activity.

ThothJune 5, 2018 9:12 PM

@all, Clive Robinson

A Closer Inspection On Cryptocurrency & Exchanges
========================================

Before we get into the core regarding Cryptocurrency, we have to look at our current fiat currency we use. It is a paper currency that was already existing in China before the Yuan dynasty and was spread to the West via the Silk Road.

When the paper currency was first introduced to the West from China, it was met with skepticism as most people were using currencies in precious metals in the form of coins with contents of gold and silver as it's base value or via barter trading.

Banks were also an odd thing in the ancient world in the West but the Chinese were quick to put national banking system in place before the Yuan dynasty where paper money was introduced to the West. The Chinese mints and banks were part of a central imperial organisation and the sealed with the seal of the Imperial court before issuing the minted currencies.

For thousands of years, paper currencies have existed in the world and we were not very good with paper currencies and banking systems only until the recent few centuries. Forgeries were common place and it took us millenias to get used to the idea of central banks where we deposit our cash and get paper notes in the forms of IOUs thus the birth of paper money. In short, paper money did not appear on the world scene that smoothly.

We fast forward to the 1950s where we have the advent of electronics and the 1970s where we have computers and the 1990s where we had the Internet and now we have electronic fund transfer. We were also pretty new to the idea that money was "simply a number" in the bank account crediting or debiting us.

Have we mastered electronic banking ? The answer is a firm and absolute NO. We still have the old problems of authentication and what not and I won't go into deeper details because most of us here know the horrors of online banking and with the 2010s, the advent of mobile banking made the horrors of online banking .... like a child's play.

Mobile banking gets worse and rarely gets better. The latest Mobile Banking news have recently reported that you could even open a legit bank account using simply a mobile device [1]. This was previously unthinkable and an actual human must be around in person at the bank to create a bank account but this assumption now holds false.

Cryptocurrency already existed for sometime but became famous due to Bitcoin. We are still in a knee-jerk reaction phase which is the same where changes in funds handling technology occurred since ancient times due to the need to actually wrap our minds around these new technologies.

Due to most of the banking infrastructure since ancient times were built around a centralized authority, Bitcoin et. al. provided a whole new architecture where centralization is weaker. There are some that argue that whoever controls the Bitcoin codes controls the centralization and this is partially correct but the fact is there are already many forks off Bitcoin and many other Cryptocurrency that have capabilities of inter-changing values like modern exchange rates which brings more variety and decentralization thus the argument that "whoever controls the code controls Bitcoin" is actually false on a closer inspection.

The value of Bitcoin Cash and other derivatives of Bitcoin forks are shown to be picking up steam and have an increasing bigger community.

Bitcoin was first created as part of a Cypherpunk movement and rather advanced and ahead of it's time as we will see in the later sections below.

The original idea was each user has their own Bitcoin Core client that has the ability to communicate with the network to transfer and receive funds as well as to mine transactions as a means of incentivising the usage of the network and keep nodes up and running because Bitcoin is essentially a Peer-to-Peer decentralized system and nodes have to be kept running to ensure payment transactions get verified on the Blockchain.

The assumption of a node per user or a small amount of nodes per user was soon broken due to development of specialized ASICs chips for batch SHA256 computation and lowering cost of mining rigs due to the production of mining rigs in China. China and Russia now holds most of the mining capabilities in the world due to the ability for both country to mass produce these mining rigs at a very low cost.

As a first-generation Cryptocurrency, Bitcoin made many mistakes and soon, these mistakes were corrected in later generations of Cryptocurrencies like IOTA [2] and many others where the concept of mining was simply removed.

The result of Bitcoin being labelled as environmentally unfriendly was due to Bitcoin as the first generation Cryptocurrency and hence, it made a lot of mistakes along it's development. Other type of Cryptocurrencies of the later generations made use of Proof-of-Work and other types of Proofs which are more environmentally friendly and also harder for breaking the assumption used in the Proofs which leads to mining farms that we see today which is a reason why it is not environmentally friendly and also resulting in a weakended security assumption of the 51% rule where anyone holding 51% of the computing power can manipulate the Blockchain.

Monero and many other other Cryptocurrencies have used different types of Proofs and even use multiple proofs to make it much harder to mine and to make pooling mining rigs a difficult task [3].

IOTA is one of the first few Cryptocurrency to have removed the use of mining from their technology and the removal of mining made it more environmentally friendly as the energy consumption is reduced by a huge amount. IOTA instead requires a transaction that is being submitted to the network to at least proof the transaction of at least previous two transactions at the leaf of the "Tangle" network as part of it's requirements in the transaction message that is being submitted to the network and the next transaction that would be appended to the network to proof at least two previous transactions as a way to prevent issues like double-spend. Due to no incentive in mining as there is no such thing as mining in IOTA and there are no mining fees, one would not be able to deploy a mining rig and every transaction simply proof a few previous transaction as it's own form of entry into the network.

The current complains against Cryptocurrency have been played out of proportion as most arguments are actually flaws in earlier generation Cryptocurrencies like Bitcoin and this negative conception has been super-imposed onto all existing Cryptocurrency and demonized.

Cryptocurrency might have been a Cypherpunk movement in it's early days but as it grew, it has developed it's own standards like the BIP [4] for Bitcoin and the EIP [5] for Ethereum. These are the RFCs and ISOs of Cryptocurrencies and the style of writing in these BIPs and EIPs are very close to that of the RFCs we use for the Internet are are pretty well organized.

This shows that a bunch of enthusiast working on a same project can actually create formal procedures and organize themselves together in an efficient manner just like how W3C and so on which were once made up of a bunch of technologists became mainstream and organized after a while.

Cryptocurrencies that come after Bitcoin and follows part or whole of the Bitcoin system
utilizes a layered and systematic approach in their system to ensure that each component in the Bitcoin-like system have a purpose and does it well.

The components of a Bitcoin-like system can be roughly split into the following sub-systems:
- A network protocol to communicate transactional and administrative messages and discovery of peers on the network.
- A wallet program for the execution of the SECP256K1 digital signature with the Key Management and Key Generation portion.
- A Key Recovery system that converts Mnemonic Codes into master seeds that are then used to generate SECP256K1 keypairs in a deterministic fashion
- A smart contract module to handle contractual transactional messages.
- A mining module to handle mining of transactions

Each of the above sub-system has it's own duties to execute and the well thought out design of Cryptocurrencies derived from Bitcoin or emulating parts of Bitcoin have almost the same setup in general.

A transactional message contains transactional information and communicate the spending of funds not in a "Spend X funds" manner we see in modern centralized banking but in a more contractual manner which says "Spend X funds if you proof you are owner of X funds".

In a contractual manner where a proof of ownership of funds is used in the Bitcoin-like style. For those who are used to centralized banking messages (like myself, when we switch to handling Bitcoin-like transactional messages, you will hear us cursing and swearing in the beginning because of different approaches. Our preconceived notions was to expect a direct transaction message directing funds from payer to payee but the Bitcoin-like approach is much more elegant as it attempts to address issues of pseudo-nonymity pretty well.

In Bitcoin-like transactional message style using embedded contractual messages rather than direct payer to payee funds transfer, you transfer funds to a cryptographic hash of the payee's public key. The reason to transfer funds to the cryptographic hash of the payee's public key is due to the fact that a cryptographic hash is suppose to be a one-way function which makes reversing the hash a difficult problem and thus it obfuscates the recipient(s). When the recipient(s) wants to spend their funds they received, they would provide their actual public key as part of the transactional message by indicating that a particular fund they wish to spend with a hashed public key can be derived deterministically to their actual public key and this makes them the rightful owner of the funds they want to spend when they create a transaction to pay to another future recipient.

In an idealistic scenario, after the public key has been revealed in plain when spending the funds, the public key and private key would have to be destroyed and a new keypair would be rotated into place while providing a new payment address derived from the same master seed but in practice, most people simply use the same keypair and thus break the pseudo-nonymity security assumptions that was previous proposed as part of the original Bitcoin specifications.

Ethereum brought with it advanced contract-based payments and also the ability to mint your own Cryptocurrency tokens via the ERC20 standards.

One of the gripes of Bitcoin is the inability to blacklist funds and hard forks and soft forks in the Bitcoin Blockchain has been used in the past to implement blacklists. Due to the flexibility of the ERC20 contracts, a blacklist function can be coded into the contractual codes prior to the launch of the ERC20 Cryptocurrency tokens and a network wide blacklist can be easily enforced.

Complex contracts requiring quorum of multiple digital signatures can also be implemented as a sort of voting to create a consensus on usage of funds.

The Ethereum Virtual Machine used to run contract codes are not fully bullet-proof and have been shown on a few occassions to be buggy but the innovation brought by flexible electronic assets management is undeniable and revolutionary.

The above are just a few innovations that the Cryptocurrency world have brought to us which is lacking in centralized traditional banking and funds transfer technology which have a stalled development since the early 2000s.

The traditional banking and financial sector are heavily lacking in such innovations and are currently integrating concepts from Bitcoin and other Cryptocurrencies into their own arsenal in an effort to bring fresh innovation to a stale industry.

CITI [6], Nasdaq [6], Standard Chartered [7], DBS Bank [7] and many other traditional banking industries as well as MasterCard [8], VISA [9], AMEX [10], JCB [11] and other payment industry players have also joint in the pitch to use Blockchain technologies in their products to make themselves more relevant.

The final part discusses on the internal workings of Cryptocurrency Exchanges.

Trading on Cryptocurrency platforms require stringent Know-Your-Customer (KYC) procedures and some have resorted to using social media accounts with selfie images, passport scans and so on to identify their customers in an attempt to conduct a thorough KYC process and to meet the same rigours of banking despite not being regulate at the current moment.

The images and data sent to the Cryptocurrency platforms are know to be encrypted using various schemes ranging from password based encryption of customer data to full-disk encryption. I have introduced the concept of using HSMs (which is not a new concept by itself) to encrypt data to my customers which they are receptive of this idea and have already been implementing the use of HSMs to protect customer data in Cryptocurrency Exchange platforms and have educated my customers on the importance of strong Key Management, encryption and security procedures.

The operation of trading executed on a Cryptocurrency Trading platform is usually a soft debit or credit for a fix amount of time (usually 1 working day) before an actual commit to the Blockchain(s) are done via actual transactional changes. The reason Cryptocurrency trading platforms do not instantly committing changes of transactions onto the Blockchain(s) are due to the fact that transactions maybe reversed on the customer's own accord later during the day and this allows the customer the chance to revert their positions on the Exchanges if their positions are not met. A reversal of position is simply a number change on the database in the Exchange and does not affect the actual holding of the funds the customer holds on hand as the transactional messages have not been issued to the Blockchain(s) and thus allows flexibility of transaction.

The second reason that an Exchange delays the committing of traded funds on their exchanges is to allow audits of the movement of funds. Dubious funds being moved can be instantly frozen and rejected without the risk of committing transactions onto Blockchain networks which becomes permanent transactions that are irreversible.

This reduces the risks of fraudulent trades and erroneous trades that can occur on Cryptocurrency trading platforms.

Last but not least, processing traded funds in exchanges are best executed in batches where it is much more efficient and less time consuming to be attending to multiple trading quotations than to every single trade at the moment the quotation is created.

Cryptocurrency exchanges have their own protocols (think of a sort of SWIFT for Cryptocurrency exchanges) to communicate amongst themselves to effect cross-platform trades in scenarios where customers are interested in trading across multiple platforms or Cryptocurrency Exchanges may trade funds amongst themselves same as real world Stock Exchanges where funds can be traded between Exchanges on customer demands.

These trades are usually done on soft debit and credit via adjusting figures on Exchange databases and would only take effect on the Blockchain usually at the end of the day or after a few days with the same reasons mentioned above.

Cryptocurrency Exchanges have quickly evolved during their short existences since 2009 to become fully organized and structured and have made huge strides in improvement to strengthen the security and safety of their platforms and customers.

This is written using the point of view of a Security Engineer that works for an IT Security company that does on-the-ground services that includes offering IT Security related consultation advices and real world implementations of Cryptocurrency Security Solutions for customers requiring protection of their Crypto-assets and Cryptocurrency Exchanges.

References:
1.) https://www.idemia.com/news/societe-generale-and-idemia-revolutionize-remote-account-opening-2018-06-01
2.) https://steemit.com/iota/@imarkett/how-iota-works
3.) https://www.ethnews.com/monero-team-mulls-changing-pow-algorithm-to-preempt-asic-miners
4.) https://github.com/bitcoin/bips
5.) https://github.com/ethereum/EIPs
6.) https://www.citigroup.com/citi/news/2017/170522a.htm
7.) https://www.ccn.com/standard-chartered-dbs-work-on-blockchain-tech-for-trade-finance/
8.) http://fortune.com/2017/10/20/mastercard-blockchain-bitcoin/
9.) https://bravenewcoin.com/news/visas-blockchain-efforts-continue/
10.) http://about.americanexpress.com/news/pr/2017/blockchain-enabled-cross-border-b-to-b-payments.aspx
11.) https://siliconangle.com/blog/2018/01/11/jcb-opens-research-connecting-multiple-blockchains-ease-congestion/

MajorJune 5, 2018 9:39 PM

@anura

So your argument that most bitcoin use is criminal is simply that you cannot think of other reasons for people to use it? Proof by failure of imagination?

People who lack access to a relatively stable currency in their homeland use it. It is used during banking crises. It is used as a political statement by people who protest fiat currency. It is used as an investment. It lets you buy a wide range of things with a higher level of privacy than credit/debit, but lower privacy than cash. It simplifies escrow for purchase security. It is used as a hoard or backup cache of money. The blockchain is the basis of a whole new kind of application. etc. etc.

JamesJune 6, 2018 2:33 AM

@anura

My point was that bitcoin doesn't offer special protections against theft

Actually, if you guard your private keys (preferably in your memory), it does

banks and credit cards are much more secure

Until they are not. Remember Greece not so long ago ? You have money in your account, good for you, but you can only take out EUR60 or so, the rest you can only look at it. In France you can't withdraw more then EUR1000 in cash, and so on.

Plus, your backyard is probably more secure than your computer

True. This takes us back to inflation. If i would have buried a bag of cash 20 years ago, i couldn't do today what i could do back then with that money. I'm not trying to say bitcoin fixes that, btw. If i would have buried a bar of gold, it would have exactly the same value, with small variations.

bitcoin is primarily used by criminals for things like ransomware and drug deals

I agree, except for the "primarily". Cash is also used by criminals, so are the banks (yes, the banks). About 90% of the US currency has traces of cocaine, and i'm sure not only the US currency. Criminals use other stuff too, basically everything that has a legit use, can also have a criminal use. So what ? For now, let's face it, bitcoin can't be banned, can't be seized (if you guard it) and can't be regulated. Having something to hide (and most sane people do) does not make you a criminal.

@TheInformedOne

what happens when someone breaks the crypto?

Then we would all be in deep s*it. "Crypto" is not only used by "Cryptocurrencies" ...

Could it do more damage than setting off aerial E.M.P's over major population centers

An EMP woud f*ck up the banks / payment networks too. In fact Bitcoin would be more resilient to that, because of it's distributed nature. But anyway would be back to cash / gold / etc.

AlejandroJune 6, 2018 6:09 AM

Alice and Bob sure have had a lot of problems over the years.

Meanwhile, in the end, cryptocoin is nothing more than a payment method, like check or MO. Not money. Indeed, it would likely be safer, cheaper and more anonymous to pay someone with a liquor store MO than BC.

echoJune 6, 2018 8:34 AM

A fake diamond necklace is worth more than gold in a transactional economy.

ThothJune 6, 2018 6:58 PM

Bitcoins and credit cards are about the same thing when it comes to security but I would say overall Bitcoin is much safer.

If you give someone who doesn't know how to use a tool properly, they would surely mess things up and this is the same regardless if credit cards or Bitcoins. They would be spilling their card PINs and being phished and scammed via online card purchases and have their PIN intercepted and chip data read from hidden readers and for Bitcoin, they would accidentally spill their private keys.

I have been dealing with cards and cryptocurrencies for customers ranging from financial sectors to cryptocurrency companies and why cryptocurrency wins is due to the current usage of hardware wallets. Card companies used to have Secure PINpads for card reading but now they dont do it anymore for home online banking due to multiple reasons and thus cryptocurrencies would take the win for more secure funds usage via hardware wallets when properly done.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.