April 2012

TCW eticketing

So how can you steal Bitcoins

mcw 2012

Hackers have once again broken into Bitcoina's on-line server and stolen $90,000 worth of Bitcoin, the last time in March the hackers got away with $225,000.

So how can you steal Bitcoins, why aren't they protected against theft and is it a valid proposition for the future? These are just some technical questions that are relatively easy to answer and to which there are adequate solutions.

However BitCoin has also engaged the attention of the FBI who this month have published a report https://cryptome.org/2012/05/fbi-bitcoin.pdf where clearly they see Bitcoin being adopted by parts of the community they would rather discourage such as money laundering, terrorism, child pornography and gambling to name a few. The FBI has since confirmed the report is valid although not officially released into the public domain. The document is however unclassified and doesn't really contain anything unknown to those in the field apart perhaps of the FBI's views on virtual currencies and in particular Bitcoin.

Virtual currencies are not new, e-Gold was an electronic currency backed by gold, I say was because the US government has effectively suspended its operations since its directors pleaded guilty to various charges relating to money laundering and operating an unlicensed money transfer business.

Apart from this unbacked virtual currencies also have to cope with the fluid value of the currency which in the case of Bitcoin has varied between a few cents and $40 per Bitcoin.

So we have technical issues, security issues, political issues and economic issues and perhaps there are more. Notice also this is the same for any virtual currency it's just that some of the particular issues will vary.

So first to the technical issues, Bitcoin is based on the asset transfer model, originally devised by David Chaum as Digicash in the 80's followed by David Everett with Mondex in the 90's and more recently by MintChip in Canada (2012). The idea is that value is represented by a document which is cryptographically secure. In all the cases cited here digital signatures using public key cryptography defines the asset. They do however differ in the way they work,

Digicash had single documents for each money denomination, pennies through to dollars, like coins in your pocket. Each document was signed by the Issuer (bank) using a blinded signature so that the merchant would know the document is authentic but not to who it belongs, i.e. an anonymous document. Nor would the recipient know if the bearer had already spent the value without checking with the issuer. To make a payment you combine the appropriate currency documents as a payment set.

Mondex worked to solve the double spend problem by invoking a protocol that used trusted integrated circuits held by the payer and payee. So the value transfer was between two secure chips (smart cards) where the protocol was designed to stop the double spend. The value in Mondex was fully fungible so the payer chip could create exactly the value required for the payment.

Bitcoin solves the double spend problem by using a network of participating nodes that are aware of all transactions in the system or more precisely are able to determine if a transaction would result in a double spend by a time sequenced chain of blocks representing all the transactions in the system. These blocks use hashes which can be used as proof of work following a scheme originally devised by Adam Back called Hashcash https://www.hashcash.org/papers/hashcash.pdf

In essence the work is to create a hash with a predetermined number of leading zeros by incrementing a nonce within the input data to the hash function. Creating such a hash is exponential while checking a hash is trivial. You can alter the work function by defining the required number of zeroes.

The particular advantage (disadvantage?) of Bitcoin is that you don't need to trust a central server as in the case of Digicash which was using the issuing bank to check for duplicates. Bitcoin is conceptually anonymous depending on the behaviour of the users because the identity of the user is not linked to the Bitcoin value document. (note this anonymity has been challenged but I suspect if you wanted to remain anonymous you could)

More difficult to accept is that the value of Bitcoin is better because it is not backed by any traditional currency as were both Digicash and Mondex. Whilst it may not be subject to inflationary pressures effectively causing devaluation Bitcoin suffers from the vagaries of the market which can result in swings of value of 100's of percent almost overnight. I would argue this makes it less stable than traditional currency.

The reputation ascribed to Bitcoin by the FBI is unfortunate, I'm sure its inventor Satoshi Nakomoto (believed to be a pseudonym because his identity like a Bitcoin is unknown) never intended to devise a virtual currency for criminal use. It is actually a pretty smart design and in my view suffers largely with difficulties of implementation such for example you can't have instant validated transactions, the network needs several minutes to validate the transaction chains. There also concerns with the ability of well resourced attackers (including botnets) to manipulate the chains or more likely create value.

And interestingly this is where we first came in, all the users of the system have a Bitcoin client which enables them to sign over their Bitcoin to a new owner. They do this by digitally signing a hash that is linked to past transactions and which includes the public key of the payee. So they need the document but more importantly they need the secret key necessary to sign the transaction for the payee. He in turn will submit this to the network to get confirmation there is no double spend (up to now - afterwards doesn't matter once the transaction is buried in the work chain).

At the current time there is no protection in the client for this secret key which is necessary for the Elliptic Curve Digital Signature Algorithm (ECDSA) used by Bitcoin. There are plans to start encrypting this but so far not adopted. You could argue this is not a fault in the core design but more an implementation issue. Today with the amount of malware wandering around and even the availability of Bitcoin stealing software you would think that the owners of Bitcoin might be a little more careful. Why wouldn't you store it in a secure crypto module? I can't think of any payment system of consequence that would allow the secret crypto keys for payment s to be unprotected on a PC.

Anyway these public attacks on stealing Bitcoin have taken advantage of this vulnerability of implementation and have got malware into the processors holding Bitcoin and secret keys to effectively steal the value. Because it's anonymous nobody knows how to identify the thief. This is not a difficult problem to fix so I hope the Bitcoin community addresses this issue sooner rather than later.

Just an interesting little postscript on Bitcoin, today a Bitcoin is valued somewhere between $4 and $5. So how do you make a payment of $7 and how about $2?

Bitcoin has a neat little solution for this, each transaction block allows for multiple inputs i.e. you can have multiple Bitcoins as the source of the transaction (which assumes you have them) but also the output of the transaction block allows for two outputs. One of these is the payment you are making to the third party but the other one is change that is paid back to yourself to remove the overspend. Now I also think that is pretty neat.

Dr David Everett, (Smartcard & Identity News)


Unable to open RSS Feed https://www.smartcard.co.uk/RSS/scnrss.xml with error SSL certificate problem: certificate has expired, exiting

Video Interviews

Tim Jones talks on the wealth of networks

Christophe Dolique of Gemplus talks about ·SIM

Dominique Brule of Philips Semiconductors talks about Near Field Communication