We’re excited to share that AJ Towns is joining the Digital Currency Initiative to lead our Bitcoin Software and Security Effort (please find his announcement below). This four-year research and development program is designed to continue to harden the Bitcoin network and steward the industry’s commitment to funding open source software. The effort will include contributing to Bitcoin Core development as well as longer-term research, such as investigations into the stability of rewards and software to provide strong robustness and correctness guarantees. It will also include attracting talent in network and operating system security, compilers, programming languages, testing, and more to join the effort.
Read MoreDigital Currency Initiative at the MIT Media Lab Launches New Bitcoin Software and Security Effort with Industry Leaders
Thanks to millions of open source developer hours over the past 12 years, and a burgeoning and supportive ecosystem, Bitcoin is no longer an obscure cryptographic toy. It is now an open-source financial network that secures on the order of $1T of value.
As the use of Bitcoin grows, and as it becomes more deeply embedded into our societies, the security of the network must grow and strengthen alongside it. Yet, as a common good, there is no one single Bitcoin protector or guardian to take on this formidable task. By design, there is no central command. And while this presents significant logistical challenges, it is also the distinguishing feature perhaps most unique to Bitcoin: no central point of failure. Bitcoin's nearly-uninterrupted operation over the years is a testament to the power of decentralization…
“Despite the focus on operating in adversarial environments, cryptocurrencies have suffered a litany of security and privacy problems. Sometimes, these issues are resolved without much fanfare following a disclosure by the individual who found the hole. In other cases, they result in costly losses due to theft, exploits, unauthorized coin creation, and destruction. These experiences provide regular fodder for outrageous news headlines. In this article, we focus on the disclosure process itself, which presents unique challenges compared to other software projects.15 To illustrate, we examine some recent disclosures and discuss difficulties that have arisen…”
Read More
One of our goals at the Digital Currency Initiative is to harden the security of cryptocurrency networks. Most users of cryptocurrency take the actual network protocol and all of its implementation — mining, pools, validation, messaging, and more — for granted, and aren’t necessarily aware of all the ways these mechanisms might be attacked or fail. For example, though mining pools are a huge part of Bitcoin’s network security, there isn’t any available public monitoring to make sure that mining pools are well-behaved. There isn’t even a standard way to look at what pool operators are doing or infrastructure to keep tabs on pool operators.
Read More
DCI James Lovejoy and Gert-Jaap Glasbergen presented during this past weeks Crypto Economic Security Conference: Unitize Online Event July 6-10th, 2020. Their Proof-of-Work presentation combines Gert-Jaap’s work on Pool Detective and James’s work on 51% Attacks.
Read MoreThe economic security of Bitcoin and other proof-of-work cryptocurrencies relies on how expensive it is to rewrite the blockchain. If a 51% attack were economically feasible, an attacker could send a transaction to a victim, launch the attack, and then double spend the same coins back to themselves. Satoshi Nakamoto assumed that this would not occur because a majority of miners would find it more lucrative to honestly follow the protocol than to attack the chain, the source of their own mining revenues.
Recent work has shown the cost of attack on a coin can vary widely. This cost depends on factors like the liquidity of hashrate, the impact on coin price, and the length of the required rewrite; under certain circumstances an attack could even be free. As of March 2020 for chains like Bitcoin, miners make large advance investments in mining equipment and are reluctant to rent any significant fraction of the chain’s hashpower, making the cost today likely quite high. Some coins, however, use proof-of-work algorithms for which there is enough new hashrate for rent to cost-effectively launch 51% attacks, and there have been double-spend attackson these coins observed in practice. Using hashrate markets like NiceHash, buyers and sellers can easily find each other. It is now commonly believed that low hashrate coins, coins that are not the largest in their proof-of-work algorithm class, and coins for which there is a liquid hashrate rental market are all susceptible to cheap 51% attacks and are insecure.
In a recent paper titled Double-Spend Counterattacks, we discuss a strategy to prevent 51% attacks in vulnerable proof-of-work based coins: the victim can counterattack. We show that the victim’s ability to rent hashrate and mine on the original chain, overtaking the attacker chain in the event of an attack, can deter the attack from happening at all in equilibrium. The results hold under the following assumptions: (1) the victim suffers a moderate reputational cost to losing that the attacker does not suffer (e.g. exchanges may suffer negative reputation cost if attacked while anonymous attackers do not), and (2) the net cost of attack increases over time (e.g. by coin value dropping or the cost of hashrate rising). While we had no evidence for double-spend counterattacks in the real world at the time we wrote the paper, we recently saw what we think are counterattacks on Bitcoin Gold…
Read More
“Bitcoin gold, a relatively minor cryptocurrency that split off from the original bitcoin blockchain in late 2017, has suffered a so-called 51% attack resulting in over $72,000 worth of bitcoin gold tokens being double spent.
A 51% attack can occur when malicious cryptocurrency miners take control of tokens' blockchain and is the second time it's now happened to bitcoin gold which saw $18 million worth of bitcoin gold stolen in May 2018.
The price of bitcoin gold, which ranks as the 36th most valuable cryptocurrency according to CoinMarketCap data, jumped following reports of the attack, moving counterintuitively considering the seriousness of an attack of this type and suggesting the market for smaller tokens is still far from maturity…”
Read More“In recent years, there has been a growing interest in using internet and mobile technology to increase access to the voting process. At the same time, computer security experts caution that paper ballots are the only secure means of voting.
Now, MIT researchers are raising another concern: They say they have uncovered security vulnerabilities in a mobile voting application that was used during the 2018 midterm elections in West Virginia. Their security analysis of the application, called Voatz, pinpoints a number of weaknesses, including the opportunity for hackers to alter, stop, or expose how an individual user has voted. Additionally, the researchers found that Voatz’s use of a third-party vendor for voter identification and verification poses potential privacy issues for users.”
Read More
While I was in Boston, I sat down with Neha Narula, the Director at MIT’s Digital Currency Initiative. We discuss bugs in Bitcoin, Proof of Work being too risky and whether Bitcoin developers are ethical.
Read MoreBy Ethan Heilman (Boston Uni), Neha Narula (MIT Media Lab), Garrett Tanzer (Harvard), James Lovejoy (MIT Media Lab), Michael Colavita (Harvard), Madars Virza (MIT Media Lab), and Tadge Dryja (MIT Media Lab)
We present attacks on the cryptography formerly used in the IOTA blockchain, including under certain conditions the ability to forge signatures. We developed practical attacks on IOTA’s cryptographic hash function Curl-P-27, allowing us to quickly generate short colliding messages. These collisions work even for messages of the same length. Exploiting these weaknesses in Curl-P-27, we broke the EU-CMA security of the former IOTA Signature Scheme (ISS). Finally, we show that in a chosen-message setting we could forge signatures and multi-signatures of valid spending transactions (called bundles in IOTA).
Read MoreOn March 1 of last year, Ariel Gabizon was tidying up a presentation he was preparing to deliver the following day at a financial cryptography conference on the Caribbean island of Curaçao when he spotted a seemingly small mathematical mistake that could, he realized, jeopardize billions of dollars in capital.
Read the full article here
Read MoreYou may not have heard of Vertcoin, a crypto project designed to curtail concentration in mining power in the interests of broad-based participation. But if you care about security, decentralization and open access for cryptocurrencies, then the questions raised by a recent breach of its blockchain will matter to you.
Read MoreDCI Bitcoin Core developer Cory Fields shares his experience disclosing a critical Bitcoin Cash vulnerability.
Read More