Archive for the ‘crypto’ Category

Silk Road 2.0 goes down

Saturday, November 8th, 2014

“This hidden site has been seized”

We are going to need a heavily decentralized solution, so that if a relatively small number of nodes get shut down or taken over by law enforcement, the network continues to function correctly, and, because no single node is central, no single node has traffic patterns that make it stand out.

The Tor hidden site system will always fail if a hidden site generates too much traffic for too long. We need a non Tor solution for publishing and curating reputations and performing transactions.

Bitcoin failure

Sunday, June 15th, 2014

For bitcoin to work politically, authority over the currency needs to be distributed over a large group of peers. If power is concentrated at a single point, the state can dominate that point, whoever controls that point can steal other people’s currency and do a variety of bad things.

Bitcoin was designed so that “voting” depended on computing power and network connection. Initially, almost everyone who had a client was a miner, there were a huge number of miners, everyone who used bitcoin had roughly equal influence because they contributed roughly equal computing power to the block chain.

Today, bitcoin is controlled by by a single miner., which was a predictable consequence of bitcoin’s scaling problems.

What we need is a crypto currency which is controlled by the top one hundred or so owners of the currency that are well connected to the net and have adequate computing power, with influence over the currency proportional to the amount of currency that they own, rather than the number of cycles that they burn.

In principle it should be possible to do this using bilinear maps, but the details are a bit tricky, because we have to make sure that manageable number of votes reflects an infinitely divisible currency whose ownership changes continually. So the shares (private and public keys in groups with a bilinear map) have to be reissued frequently, while ownership of the infinitely divisible currency is given value by the fact that if you own a lot of it, you get shares proportional to the amount you own. Since shareholders are people who own a lot of currency, they have an incentive to not misbehave, to continue to reissue shares according to currency ownership and validate transactions according to the rules, since to do otherwise would destroy the value of the currency that they own.

The number of shares remains manageably small, however many people use the currency and however many transactions take place. The shares underlie the value of the currency – and absolutely nothing underlies the value of the shares. Of course we still have other scaling problems, to which I have not figured out a solution except in alarmingly vague outline.

Lessons from the silk road.

Wednesday, October 16th, 2013

As I said earlier, without providing evidence or explanation, the big flaw was that the server kept the messages in the clear.  A recent news report has confirmed this from official sources: (more…)

The underground economy continues

Saturday, October 5th, 2013

I, and others, have been assuming that the takedown of Silk Road represents competent action by the NSA.

Outside In, however, points out the interesting coincidence that the takedown of Silk Road follows, rather than precedes, the appearance of competition to Silk Road.

Atlantis, however, appears to have skedaddled with its user’s money, thus this looks like a successful shutdown of the online black market, hence likely to be primarily state action.

So, contrary to the headline, the underground economy does not continue.

Technological failure of the silk road system

Friday, October 4th, 2013

Silk Road servers stored all messages in the clear forever.

The government placed malware on Tor exit nodes, located the Silk Road servers, raided servers, game over.

Private messages should have been end to end encrypted, existing in the clear only on the computers of the sender and recipient, and should have been deniable, except for messages containing money, where the sender needed to be able to prove that the recipient account had received a message with a particular hash, and thus able to prove that the recipient account received a message with particular content including payment. (more…)

Cryptography standards

Friday, October 4th, 2013

If everyone was to do their own thing in cryptography, that would be very bad.

But committees are less intelligent than their individual members and are prone to evil and madness.  IEEE 802.11 was stupid. If NIST was not stupid, it was because evil was calling the shots behind the scenes, overruling the stupid.

Linux was a success because Linus is unelected president of linux for life.

Let us follow Jon Callas as unelected president for life of symmetric cryptography, Daniel Bernstein as God King of asymmetric cryptography.

Moving away from NIST

Friday, October 4th, 2013

Jon Callas, a leading cryptographer, is issuing a new version of Silent Circle, which by default uses only non NIST cryptography.

It was necessary to change the curves, since the NIST curves are probably backdoored. It was arguably not necessary to change the symmetric encryption and the hash, since they are unlikely to be backdoored. Nonetheless, he replaced AES with Twofish, and SHA with Skein-MAC.

absolutely, this is an emotional response. It’s protest. Intellectually, I believe that AES and SHA2 are not compromised. Emotionally, I am angry and I want to distance myself from even the suggestion that I am standing with the NSA. As Coderman and Iang put it, I want to *signal* my fury. I am so pissed off about this stuff that I don’t *care* about baby and bathwater, wheat and chaff, or whatever else. I also want to signal reassurance to the people who use my system that yes, I actually give a damn about this issue.

By moving away from anything NIST has touched he deprives the NSA of leverage to insert backdoors, contributing to the general good, from which his company, and thus himself also benefits. By opposing the NSA, he gives his company credibility that they will not secretly play footsy with the NSA behind closed doors, reassuring his customers and contributing to the particular good of his company and himself.

NIST curves backdoored

Tuesday, September 10th, 2013

Gregory Maxwell on the Tor-talk list has found that NIST approved curves, which is to say NSA approved curves, were not generated by the claimed procedure, which is a very strong indication that if you use NIST curves in your cryptography, NSA can read your encrypted data.

So don’t use anything NIST approved. (more…)


Sunday, September 8th, 2013

Cryptography needs random numbers, numbers unpredictable to an adversary. Computers are built to be as non random as possible, so this is a problem.  Intel created an instruction, RDRAND, that supposedly creates a random number on each read.

This instruction appears to be backdoored by the NSA. (more…)

How not to be spied on

Saturday, September 7th, 2013

It looks as though the major NSA tricks are:

  • Taking over routers using tricks similar to those botnet operators use to take over individual computers.
  • Twisting the arms of major corporations to backdoor their products and share information, for example Skype.
  • Encouraging the adoption of flawed cryptography with hidden backdoors through its standards arm, NIST.
  • Taking over individual computers using tricks similar to those of botnet operators. However they do not take over most people’s computers, since doing so indiscriminately on a large scale would get them caught and people would adopt methods to protect their computers, as against botnet operators.

Supposing this to be so, the software published by Guardian is likely to be fairly spy resistant, among them Ostel, a secure skype replacement. (more…)