April 24, 2014

avatar

New research: Better wallet security for Bitcoin

[UPDATE (April 3, 2014): We've found an error in our paper. In the threshold signature scheme that we used, there are restrictions on the threshold value. In particular if the key is shared over a degree t polynomial, then 2t+1 players (not t+1) are required to to construct a signature. We thought that this could be reduced to t+1, but our technique was flawed. We are exploring various modifications, and we will post further details when we have an update.]

The Bitcoin ecosystem has been plagued by thefts and losses that have affected both businesses and individuals. The security of a Bitcoin wallet rests entirely on the security of its associated private keys which can digitally sign transactions to irreversibly spend the coins in the wallet. In a new paper, we show how to use the cryptographic technique of threshold signatures to increase the security of both corporate and individual wallets.

Perhaps Bitcoin’s toughest security challenge is protecting Internet-connected wallets from insider threats. Such hot wallets cannot be kept in highly secure, offline cold storage. One good way for businesses to mitigate this vulnerability is to have hot wallets jointly controlled by multiple parties. This way, no party can independently steal corporate funds. In our paper, we show how to achieve joint control of wallets using threshold signatures.
[Read more...]

avatar

Reflecting on Sunshine Week

Last Wednesday evening, I attended the D.C. Open Government Summit: Street View, which took place at the National Press Club in conjunction with Sunshine Week. The Summit was sponsored by the D.C. Open Government Coalition, a non-profit that “seeks to enhance the public’s access to government information and ensure the transparency of government operations of the District of Columbia.” The Summit successfully focused on two main ideas – using government information to innovate and using government information to inform. I left the Summit encouraged by the enthusiasm for innovation and transparency in the attendees and among some District of Columbia government leaders, but also discouraged because there was a consensus that Washington, DC is still far behind cities such as New York, Kansas City, and Boston in using technology for innovation in government and there is not a vision or financial commitment from the Mayor’s office to facilitate government-wide progress.
[Read more...]

avatar

Algorithms can be more accountable than people

At an academic meeting recently, I was surprised to hear some social scientists accept as obviously correct the claim that involving “algorithms” in decision-making, instead of sticking with good old-fashioned human decision-making, necessarily reduces accountability and increases the risk of bias. I tend to believe the opposite, that making processes algorithmic improves our ability to understand why they give the results they do. Let me explain why.
[Read more...]

avatar

Why Dorian Nakamoto Probably Isn’t Satoshi

When Newsweek published its cover story last week claiming to have identified the creator of Bitcoin, I tweeted that I was reserving judgment on their claim, pending more evidence. At this point it looks like they don’t have more evidence to show us—and that Newsweek is probably wrong.
[Read more...]

avatar

FOIA: When the Exemptions Swallow the Rule

I’ve been researching and writing over the last few years on privately ordered—what the government calls “non-regulatory”—approaches to online IP enforcement. The gist of this approach is that members of trade groups representing different types of online intermediaries (broadband providers, payment processors, ad networks, online pharmacies) agree in private contracts or less formal “voluntary best practices” documents to sanction or cut services to alleged IP infringers. I put quotes around “non-regulatory” not only because that’s the government’s word, but because the descriptor masks the fact that the government, at the behest of corporate rights owners, leans heavily on targeted intermediaries to negotiate and accept these agreements, all the while holding the threat of regulation over their heads. It has proven to be a very effective strategy. Many of the website blocking provisions in SOPA, which so memorably went down in flames of public outrage, have subsequently been implemented through these agreements, which belong to a broad category of regulatory practices that governance scholars call soft law.
[Read more...]

avatar

9 Problems of Government Hacking: Why IT-Systems Deserve Constitutional Protection

Governments around the world are increasingly hacking into IT-systems. But for every apparent benefit, government hacking creates deeper problems. Time to unpack 9 of them, and to discuss one unique perspective: in response to a proposed hacking law in 2008, the German Constitutional Court created a new human right protecting the ‘confidentiality and integrity of IT-systems’. The rest of the world should follow suit, and outlaw government hacking until its deep problems are addressed. [Read more...]

avatar

“E agora José?” The current status of Marco Civil da Internet

I hope non-Brazilian readers will forgive me, but I could not find a better expression to summarize the current situation of the Brazilian Marco Civil da Internet. “E agora, José?” The expression can be translated into English as “What now, José?”, and is quite popular in Brazil, having its origin in a famous poem by Carlos Drummond de Andrade (1902-1987). Although it might carry different meanings, this expression is mainly used in hard times, when people are challenged by a situation in which desirable or ideal solutions just seem impossible. When puzzled by a conundrum, one might say: “E agora, José?”.

Here I will try to explain why I do think that the Marco Civil is facing such a situation. [Read more...]

avatar

Are User Identification Networks the Future of Commercial Bitcoin Transactions?

With 12.3 million bitcoins mined to date, the total value of bitcoins has reached $9.975 billion US dollars. While this may pale in comparison to the $1.23 trillion US dollars in circulation, the use of bitcoins in commerce is gaining traction.  With this traction the potential exists to link users’ identities with their public bitcoin wallet addresses and commercial transaction histories.

Earlier this year Overstock.com announced that it would begin accepting bitcoins as payment for consumer purchases. The company’s announcement makes Overstock.com the first major US online retailer to accept bitcoins, albeit via a third-party payment processor. Prior to this announcement, a patchwork of smaller online vendors and brick-and-mortar stores had already begun accepting bitcoins. Using bitcoins, individuals are now able to order food for delivery, engage in online dating , and purchase everything from babyfood to videogame consoles.

As bitcoins enter the stream of commerce, we should all consider the privacy implications associated with the use of bitcoins in commercial transactions.   [Read more...]

avatar

Understanding Bitcoin’s transaction malleability problem

In recent days, several Bitcoin exchanges have suspended certain kinds of payments due to “transaction malleability” issues. There has been a lot of talk about why this happened, and some finger-pointing. In this post, I will try to unpack what “transaction malleability” is and why it has proven to be a problem for some companies.
[Read more...]