2015-07-25

Fighting Bitcoin theft - law enforcement block explorer

Recently I had a chat about what would be some good features for a block explorer to have. One thing I don't really see implemented too well is a tool for helping fight the theft of bitcoins. The idea isn't anything new really - I discussed something similar back in 2013 - a block explorer focused on tracking officially reported thefts of coins and providing a tools for exchanges to cross-reference their inputs with the database. Here is how it could work...

The stolen coin tracker


The tracker would essentially be a block explorer focused on tracking coin taint - nothing ground breaking there. However, if you pair that with allowing law enforcement from around the world submit exactly which coins they want tracked, it can become a quality tool for figuring out whether some coins are "tainted" or not.

However, the taint shouldn't be permanent. If the stolen coins are recovered, or they end up very diluted in a legitimate place of business, the outputs might need to be whitelisted as "clean" to stop the tracking. This way, the coins could go back into circulation without triggering any more flags in the future. This whitelisting process should also be carried out on request of the law enforcement.

The reason why we would focus on law enforcement is to limit the amount of false claims of thefts. If someone really lost their coins, rather than only claim to have lost them, they wouldn't mind filing a report and being liable in case they lied. Similarly, when tainted inputs are reported but they are deemed too diluted by whoever is responsible for the local AML enforcement, they would be the ones responsible for that decision.

Knowing which outputs to track, the rest is trivial - follow the coins each time they are spent, keep a track of how the taint might be diluted down the line and record everything for later reference.

Who is going to use this?


Any company that is required to follow AML regulations, like any Bitcoin exchange, would want to start using the service to make sure they are not liable down the line. The exchanges would either want to ask the tracker about every deposit they receive to check its taint, or if they are very privacy conscientious, they might just want to poll for any recent movements of tainted coins and do the cross-referencing themselves.

Any transaction that contains tainted coins could be reported to the authorities, or there could be a threshold of the minimal taint for reporting (say, above 10%). Depending on the regulations, the coins would either need to be frozen by the exchange, or if the taint is small, the authorities could whitelist the transaction on the tracker.

The implications


As with many things Bitcoin, the solution is not clearly good or bad. On the positives, this can discourage people from stealing bitcoins as they would have much harder time spending or converting them (who knew infinitely traceable currency can be so hard on criminals?). As for the negatives:

  • We would be dealing with many jurisdictions with different laws, making the blacklisting and whitelisting process complicated
  • This idea may lead to the Bitcoin redlists, where all coins would be considered tainted unless they were whitelisted - clearly not a desirable path for Bitcoin to be heading
  • The tracker would only be useful if a lot of international Bitcoin exchanges would choose to use it. Having a few big exchanges ignore it completely would just mean everyone with tainted coins would just visit them instead circumventing the tool
  • This tool would negatively impact Bitcoin fungibility, which makes the system less desirable overall
  • A lot of independent vendors and casual users accepting bitcoins wouldn't be able to effectively report all suspicious activities, possibly forcing them to switch over to using big payment processors instead, going against the Bitcoin idea of being one's own bank

Conclusions


All in all, do the benefits outweigh the drawbacks? Possibly. Then again, if someone that understands Bitcoin won't create a tool like this and run it responsibly, we might end up with someone from outside that doesn't know how the Bitcoin ecosystem work come in and force something worse upon us...

2015-07-13

Who stands to benefit from a spam attack on the Bitcoin network?

As discussed earlier, the Bitcoin network has recently been flooded with a lot of spam transactions. While at least some of this was an honest stress test, it brought more attention to the fact that the Bitcoin network can be pushed to its limits with relatively low cost by anyone. While the network should be resilient against zero fee transaction spam attack, putting some money and effort into the attack can make it seem like a lot of honest transactions with relative ease.

Now, since we know how the Bitcoin network could be destabilized, let us ponder who might benefit from such actions.

DISCLAIMER: while I will be mentioning a lot of specific examples of peoples and projects that might benefit from such an attack, please treat them only as illustrative examples. I have no evidence of their involvement in the attacks, nor do I believe any of them would employ such a strategy.

The usuals


Since we're talking about an attack on Bitcoin, lets get the usuals out of the way - governments, big banks, PayPal, etc. wanting to bring Bitcoin down since it challenges "the old ways". There isn't much new to add to these speculations or motivations, so might as well skip this part of the debate for expediency's sake.

The direct competitors


Bitcoin has been copied so many times people lose count. There is never a shortage of copycoins out there. Since Bitcoin has a throughput issue of handling a lot of transactions, you can easily see someone creating an altcoin with higher block sizes and faster blocks to sell itself as the solution to Bitcoin. More ambitiously, you can look at coins that have added some improvements to the protocol to combat spam, like Litecoin for example. Sustain a spam attack on the Bitcoin network long enough to sell your story of being the savior of cryptocurrencies and you might just be able to push up the price of your coin high enough to turn a profit.

The speculators


Just like you can speculate on the price of altcoin alternatives going up, you can also try speculating on the price of Bitcoin being affected by the spam. Alternatively, you could try to cause something similar to "trade engine lag" on the Bitcoin network and try to game some exchanges while other traders would have trouble moving their coins onto the exchange to cash in.

The solution evangelists


Even if we don't look at the altcoin space, we can see a lot of people with an agenda of where the Bitcoin code should move towards. Whether they are doing it for profit or for personal satisfaction, there is a potential for those evangelist of their own solutions to attack the network and push their code onto others.

Below are some examples (again, only illustrative examples, read the disclaimer) of potential solution evangelists.

Sidechains is an interesting concept of how to move a lot of transactions off the Bitcoin blockchain while still having a currency tightly tied into the Bitcoin itself. As (to the best of my knowledge) sidechains are still impossible to fully implement into the Bitcoin network without a soft fork, using the spam attack as an opportunity to push for a fork would be beneficial to them and enable sidechains to come to the Bitcoin network.

The debate over Bitcoin block size increase has been a hot topic for a few months now. The topic has been pushed most notably by Gavin Andresen, with some people even speculating on "gavincoin" becoming a reality (read more here). More so than Sidechains, the concept is not possible without a hard fork to the Bitcoin protocol, thus pushing the block size increase amid the spam attack would make the core developers more urged to consider going through with the fork to solve the issue.

Finally, something that doesn't require a hard fork - transaction filtering. This approach relies on being able to identify which Bitcoin transactions are spam and which are legitimate use cases and prevent the spam from propagating through the network. If enough nodes in the network would stop spam transactions, the network as a whole could develop herd immunity against spam. However, the same mechanism could be used to deny some Bitcoin businesses' transactions from reaching the miners. Such transaction censorship has been tried to pass unnoticed in the past by Luke-Jr, and could possibly be tried again along with more honest spam filtering.

The off-chain alternatives


Since moving transaction on the chain can be a problem, some people might propose solutions based on transactions being processed off-chain instead. Examples of such alternatives would include the Lightning Network, Ripple, Open Transactions or shared wallet providers such as Coinbase. If the off-chain solution can deliver bitcoins to people faster than the real network and some people don't know or don't care how they receive the coins, they might appear as a legitimate replacement for sending real Bitcoin transactions to some people. This might be also the case when Bitcoin transactions are too pricey to be included in the blockchain.

Crypto 2.0s eliminating competition


There are a lot of Crypto 2.0s out there. A good deal of them rely on the Bitcoin network to function - Colored Coins, Omni or Counterparty for example. There are also some emergent platforms that offer services tied to the Bitcoin blockchain, such as Factom. If the transactions for those networks can't make it into the Bitcoin blockchain, the network itself performs worse and suffers as a result. Their alternatives on the other hand stand to benefit from people potentially switching over. Ripple could benefit if Omni is not performing well, Ethereum stands to benefit from Counterparty being slow, etc. While being on the Bitcoin blockchain has been a selling point for a lot of companies, it can turn into a detriment if the Bitcoin network is overloaded.

Extra: bribing the miners for their compliance


As a side-note, it might be interesting to consider how some parties might want to even further push their agenda onto the network by essentially bribing the miners for their compliance.

Say, if someone wanted to eliminate some "spammy" transactions from the Bitcoin network, whether it's SatoshiDice's dust transactions or perhaps Omni transactions. They could easily set up an anonymous website claiming they will pay every miner X amount of bits for every block they create that complies with their spam filter. As long as they offer more than the miners stand to earn from the transaction fees, there is a benefit to them complying. With the excuse of excess spam, the miners can't be entirely held accountable for some transactions not making it into the block. Since the miners can be paid directly to their coinbase address, everything is transparent and nobody needs to agree to collude.

Conclusions


A stress test of the Bitcoin network can be all about preparing for the higher transaction volumes that are to come in the future, but it can also be a way for some people and organizations to further their agenda. While it might be still really early for such high-level politics to surface around Bitcoin, who knows what the future might hold?

2015-07-09

Fighting Bitcoin spam with Bitcoin Days Destroyed

As many of you might've noticed, the Bitcoin network has recently been flooded with a lot of spam transactions. While the problem is nothing new, essentially a plain old DOS attack, the Bitcoin network doesn't appear to have much in a ways of contingency attack if the attack is sustained. I would like to propose a possible solution to at least mitigate the attack somewhat using Bitcoin Days Destroyed.

For those of you who might not be familiar with the concept, Bitcoin Days Destroyed is an interesting metric for transactions. For every input, you multiply the coin age (when the transaction was included in a block) by the amount of coins being spent. You add up all of the results for the whole transaction Nd you get your BDDs. So, spending 1BTC a day after it was received gives you 1BDD. A week after it was received - 7BDD. 0.1BTC after a year has 36.5BDD and so on.

Now, if the order transactions are priorities for inclusion in a block was dependent on their BDDs as well as fees and size, it could limit the effectiveness of the spam attack - since the spammer relies on sending a lot of transactions often, unless they have a lot of coins, their transactions will have a very low BDD score. Standard users should have higher scores by default, provided they don't cycle their coins all the time.

Of course, this method only works if the mining pools would follow the rules. Seeing how many pools still mine blocks that aren't full gives one little hope the situation will be resolved quickly.

Side note - this solution isn't all that new either. I did write it down broad strokes in my master thesis (pages 42-43) back in 2011-2012 ;).

2015-07-07

Cryptos - the anti-euro

In the light of recent banking problems in Greece, it might be interesting to revisit the ideas behind the Euro and how they hold up in the world of cryptocurrencies. While some might view Bitcoin as a possible solution to the problem, other take a more sober look and realize that we aren't dealing with a currency crisis as much as a banking crisis.

Benefits of Euro


There are many benefits to multiple countries using the same currency as opposed to everyone having their own. The currency itself can be more stable and reliable, there is an ease of money flow between the countries and the countries themselves become more interconnected in trade and therefore less likely to go to war.

All of these make sense if you consider both the longer history of Europe and how things operated around the turn of the millennium when Euro was introduced and adopted. Trading between different countries and currencies was an extra step adding complexity and delay considering how slow the banks can move.

Benefits of Crypto


Now, if we jump ahead by a decade and a bit to the present state of affairs. On one hand we have the euro debt crisis, but also the modern technologies like Bitcoin and Crypto 2.0s.

If we look at Bitcoin, it can be compared to Euro in some ways. It is a singular currency that was designed to possibly replace the national currencies of multiple countries. Understandably, Bitcoin is more similar to gold than Euro when it comes to how it is issued (mining versus central bank issuance), but that's not what we're focusing on today.

Now, if we look at an efficient Crypto 2.0 system, it can be compared to what we had before the Euro - multiple entities issuing their own currencies and being able to trade between them. Everyone is responsible for how well their own currency performs and the value of their currency reflects that.

What are the benefits of Crypto 2.0 over how things used to work? Since the system is open and all trades happen in real time, the flow of money is greatly improved. Even if we don't use a single currency to settle, we can go to the open market, perform atomic swaps between as many currencies as we need to perform the trade. The buyers are not bound by the currency the sellers accept and vice versa - everyone can hold and accept one currency, while being able to spend it with anyone else easily. In other words, we achieve one of the goals of Euro, facilitating easy international trade, without the need for a single currency.

Conclusions


While adopting a Crypto 2.0 system instead of Euro might not achieve all of the goals of Euro (such as strengthening the currency on a global scene or unifying the monetary policies of multiple countries), it creates an alternative to the Eurozone solution. It might be an approach worth considering if Greece abandons Euro, or perhaps as a way to connect multiple countries in some other region.

If we wish to have a singular currency, let it be Bitcoin, but if we can't have that - lets at least have an efficient way to trade between everything else.