Today we are pleased to release our paper presenting a new ECDSA threshold signature scheme that is particularly well-suited for securing Bitcoin wallets. We teamed up with cryptographer Rosario Gennaro to build this scheme. Threshold signatures can be thought of as “stealth multi-signatures.” [Read more...]
At a technical level, the Bitcoin protocol is a clever solution to the consensus problem in computer science. The idea of consensus is very general — a number of participants together execute a computation to come to agreement about the state of the world, or a subset of it that they’re interested in.
Because of this generality, there are different methods for analyzing and proving things about such consensus protocols, coming from different areas of applied math and computer science. These methods use different languages and terminology and embody different assumptions and views. As a result, they’re not always consistent with each other. This is a recipe for confusion; often people disagree because they’ve implicitly assumed one world-view or another. In this post I’ll explain the two main sets of models that are used to analyze the security of consensus in Bitcoin.
Today, the vulnerable state of electronic communications security dominates headlines across the globe, while surveillance, money and power increasingly permeate the ‘cybersecurity’ policy arena. With the stakes so high, how should communications security be regulated? Deirdre Mulligan (UC Berkeley), Ashkan Soltani (independent, Washington Post), Ian Brown (Oxford) and Michel van Eeten (TU Delft) weighed in on this proposition at an expert panel on my doctoral project at the Amsterdam Information Influx conference. [Read more...]
CBS News and a host of other outlets have covered my new paper with Sharon Goldberg, Loopholes for Circumventing the Constitution: Warrantless Bulk Surveillance on Americans by Collecting Network Traffic Abroad. We’ll present the paper on July 18 at HotPETS [slides, pdf], right after a keynote by Bill Binney (the NSA whistleblower), and at TPRC in September. Meanwhile, the NSA has responded to our paper in a clever way that avoids addressing what our paper is actually about. [Read more...]
[This is a guest post by Wenley Tong, Sebastian Gold, Samuel Gichohi, Mihai Roman, and Jonathan Frankle, undergraduates in the Privacy Technologies seminar that I offered for the second time in Spring 2014. They did an excellent class project on the usability of email encryption.]
PGP and similar email encryption standards have existed since the early 1990s, yet even in the age of NSA surveillance and ubiquitous data-privacy concerns, we continue to send email in plain text. Researchers have attributed this apparent gaping hole in our security infrastructure to a deceivingly simple source: usability. Email encryption, although cryptographically straightforward, appears too complicated for laypeople to understand. In our project, we aimed to understand why this problem has eluded researchers for well over a decade and expand the design space of possible solutions to this and similar challenges at the intersection of security and usability.
Will Greenwald’s New Book Reveal How to Conduct Warrantless Bulk Surveillance on Americans from Abroad?
Tomorrow, Glenn Greenwald’s highly anticipated book ‘No Place to Hide’ goes on sale. Apart from personal accounts on working with whisteblower Edward Snowden in Hong Kong and elsewhere, Mr. Greenwald announced that he will reveal new surveillance operations by Western intelligence agencies. In the last weeks, Sharon Goldberg and I have been finishing a paper on Executive Order 12333 (“EO 12333”). We argue that EO 12333 creates legal loopholes for U.S. authorities to circumvent the U.S. Constitution and conduct largely unchecked and unrestrained bulk surveillance of American communications from abroad. In addition, we present several known and new technical means to exploit those legal loopholes. Today, we publish a summary of our new paper in this post.
We stress that we’re not in a position to suggest that U.S. authorities are actually structurally circumventing the Constitution using the international loophole we discuss in the paper. But, we’re wondering: will the gist of our analysis be part of Greenwald’s new revelations tomorrow? A first snippet of Greenwald’s new book in The Guardian, about hacking American routers destined for use overseas, seems to point in that direction. Here’s our summary. [Read more...]
Emin Gün Sirer has a fascinating post about how the use of NoSQL caused technical failures that led to the demise of Bitcoin exchanges Flexcoin and Poloniex. But these are only the latest in a long line of hacks of exchanges, other services, and individuals; a wide variety of bugs have been implicated. This suggests that there’s some underlying reason why Bitcoiners keep building systems that get exploited. In this post I’ll examine why.
A Belgian university recently banned all watches from exams due to the possibility of smartwatches being used to cheat. Similarly, some standardized tests in the U.S. like the GRE have banned all digital watches. These policies seems prudent, since today’s smartwatches could be used to smuggle in notes or even access websites during the test. However, their potential use for cheating goes much farther than that.
As part of my undergrad research at the University of Michigan, I’ve recently been focusing on the security and privacy implications of wearable devices, including how smartwatches might be used for cheating in an exam. Surprisingly, while there’s been interest in the security implications of wearable devices, the focus within the research community has been on how these devices might be attacked rather than on how these devices challenge existing social assumptions.
A recent UK observer with a packet sniffer noticed that his LG “smart” TV was sending all his viewing habits back to an LG server. This included filenames from an external USB disk. Add this atop observations that Samsung’s 2012-era “smart” TVs were riddled with security holes. (No word yet on the 2013 edition.)
What’s going on here? Mostly it’s just incompetence. Somebody thought it was a good idea to build these TVs with all these features and nobody ever said “maybe we need some security people on the design team to make sure we don’t have a problem”, much less “maybe all this data flowing from the TV to us constitutes a massive violation of our customers’ privacy that will land us in legal hot water.” The deep issue here is that it’s relatively easy to build something that works, but it’s significantly harder to build something that’s secure and respects privacy.
Joint post with Andrew Miller, University of Maryland.
Bitcoin is broken, claims a new paper by Cornell researchers Ittay Eyal and Emin Gun Sirer. No it isn’t, respond Bitcoiners. Yes it is, say the authors. Our own Ed Felten weighed in with a detailed analysis, refuting the paper’s claim that a coalition of “selfish miners” will grow in size until it controls the whole currency. But this has been disputed as well.
In other words, the jury is still out. But something has been lost in all the noise about the grandiose statements — on their way to getting to their strong claim, the authors make a weaker and much more defensible argument, namely that selfish miners can earn more than their fair share of mining revenue. [Read more...]