DCI will be collaborating with the Federal Reserve Bank of Boston to build a hypothetical digital currency. We are hiring a software engineer and there will also be opportunities for MIT UROPs and graduate researchers.
Read More
An article by Alyssa Hertig published on July 28th, 2020. coindesk.com
“The infrastructure propping up Bitcoin might become easier for anyone to spin up and run.
Lightning creator Tadge Dryja has been working on a new design for a lighter weight Bitcoin full node, about which he first wrote a paper in 2019. Last week, he and a team of coders released a first version of the Utreexo software as a part of MIT Digital Currency Initiative (DCI), putting the idea of lighter nodes into working code.
Full Bitcoin nodes act like financial security systems, validating Bitcoin blockchain transactions and protecting users from being tricked into thinking they received money that they didn’t. But they take up a lot of computing space and are quickly growing in size.
Since these nodes are the most “trustless” way of using Bitcoin, developers have long been trying to make them easier to use. It’s one of Bitcoin’s nerdy “holy grails.”
Read MoreDCI Research Scientist Tadge Dryja released the Utreexo Demonstration today through a Medium post.
“I’m excited to announce the release of the first demonstration of Utreexo. Utreexo is a new scalability technology for Bitcoin, which can make Bitcoin nodes smaller and faster while keeping the same security and privacy as full nodes.”
Read MoreThe Bank of England released a Central Bank Digital Currency (CBDC) Discussion Paper on March 12th, 2020. The DCI curated a response, led by Rob Ali, which explored topics in the paper (June 12th, 2020)
Read MoreMany DCI Team members presented at the Crypto Economics Security Conference: Unitize Online Event July 6-10th, 2020.
View their presentations here
Read More
DCI James Lovejoy and Gert-Jaap Glasbergen presented during this past weeks Crypto Economic Security Conference: Unitize Online Event July 6-10th, 2020. Their Proof-of-Work presentation combines Gert-Jaap’s work on Pool Detective and James’s work on 51% Attacks.
Read More
Gert-Jaap was interviewed by Bitcoin Magazine NL about the new security project “Pool Detective”. Listen to the full podcast to learn more. Podcast is in Dutch.
Read More
Director Neha, Software Developer Gert-Jaap, Phd student Daniel M. (Harvard) and recent MIT DCI MEng Graduate James discuss Proof-of-Work; and the Digital Currency Initiative’s recent projects around Proof-of-Work. Including Monitoring Pool Mining (Gert-Jaap), Double Spend Attacks (Daniel M. and Neha) and 51% Attacks (James).
Read More
Here is the first livestream in a new series from the Digital Currency Initiative. During this episode, meet some of our team and find out more about the DCI and what we do.
Read MoreAbstract:
Large scale cryptocurrencies require the participation of millions of participants and support economic activity of billions of dollars, which has led to new lines of work in binary Byzantine Agreement (BBA) and consensus. The new work aims to achieve communication-efficiency---given such a large n, not everyone can speak during the protocol. Several protocols have achieved consensus with communication-efficiency, even under an adaptive adversary, but they require additional strong assumptions---proof-of-work, memory-erasure, etc. All of these protocols use multicast: every honest replica multicasts messages to all other replicas. Under this model, we provide a new communication-efficient consensus protocol using Verifiable Delay Functions (VDFs) that is secure against adaptive adversaries and does not require the same strong assumptions present in other protocols.
A natural question is whether we can extend the synchronous protocols to the partially synchronous setting---in this work, we show that using multicast, we cannot. Furthermore, we cannot achieve always safe communication-efficient protocols (that maintain safety with probability 1) even in the synchronous setting against a static adversary when honest replicas only choose to multicast its messages. Considering these impossibility results, we describe a new communication-efficient BBA protocol in a modified partially synchronous network model which is secure against adaptive adversaries with high probability.
Quick Take
Bitcoin’s third-ever block halving is set to take place next month
But from a network perspective, what exactly happens?
The cryptocurrency world is abuzz with speculation about the potential impact of next month's bitcoin halving, when for the third time in the network's history, the reward for mining a block will be divided by two.
Much of the discussion revolves around what will happen to the price. But we'll have to wait until after the thing actually happens - around May 12 - to know that. In the meantime, let's explore a different question: What exactly changes under the hood during the halving?
Read MoreThe economic security of Bitcoin and other proof-of-work cryptocurrencies relies on how expensive it is to rewrite the blockchain. If a 51% attack were economically feasible, an attacker could send a transaction to a victim, launch the attack, and then double spend the same coins back to themselves. Satoshi Nakamoto assumed that this would not occur because a majority of miners would find it more lucrative to honestly follow the protocol than to attack the chain, the source of their own mining revenues.
Recent work has shown the cost of attack on a coin can vary widely. This cost depends on factors like the liquidity of hashrate, the impact on coin price, and the length of the required rewrite; under certain circumstances an attack could even be free. As of March 2020 for chains like Bitcoin, miners make large advance investments in mining equipment and are reluctant to rent any significant fraction of the chain’s hashpower, making the cost today likely quite high. Some coins, however, use proof-of-work algorithms for which there is enough new hashrate for rent to cost-effectively launch 51% attacks, and there have been double-spend attackson these coins observed in practice. Using hashrate markets like NiceHash, buyers and sellers can easily find each other. It is now commonly believed that low hashrate coins, coins that are not the largest in their proof-of-work algorithm class, and coins for which there is a liquid hashrate rental market are all susceptible to cheap 51% attacks and are insecure.
In a recent paper titled Double-Spend Counterattacks, we discuss a strategy to prevent 51% attacks in vulnerable proof-of-work based coins: the victim can counterattack. We show that the victim’s ability to rent hashrate and mine on the original chain, overtaking the attacker chain in the event of an attack, can deter the attack from happening at all in equilibrium. The results hold under the following assumptions: (1) the victim suffers a moderate reputational cost to losing that the attacker does not suffer (e.g. exchanges may suffer negative reputation cost if attacked while anonymous attackers do not), and (2) the net cost of attack increases over time (e.g. by coin value dropping or the cost of hashrate rising). While we had no evidence for double-spend counterattacks in the real world at the time we wrote the paper, we recently saw what we think are counterattacks on Bitcoin Gold…
Read MoreAbstract:
Exchanges are critical for providing liquidity and price transparency to markets, but electronic exchanges sometimes front run their users: because the exchange is in a privileged position, it can observe incoming orders and insert its own orders or alter execution to profit, if undetected, risk-free. There are cryptographic schemes to address front-running, but they either require an assumption of non-collusion or do not definitively prevent it, and none can provide the exchange with useful evidence of good behavior: a transcript the exchange can show to an offline entity, like a potential new customer or a regulator, to prove that it is not front running.
We present ClockWork, a practical exchange protocol which gives an exchange the ability to prove to a user that it did not front-run their order. In ClockWork, users commit to and encrypt orders inside a timelock puzzle. By assuming a lower bound on the time it takes to solve the puzzle, we ensure that no one, including the exchange, can submit new orders or selectively drop orders after the batch is fixed, and that users cannot repudiate committed orders. Users interacting with the exchange are convinced that the exchange did not front-run, and the protocol creates a transcript between the exchange and the users that serves as evidence orders were matched correctly and has attestations from users who agree they were not front-run. We implement ClockWork and show that despite using computationally expensive timelock puzzles, it provides reasonable performance for batch auctions . This is a useful tradeoff to provide a verifiably correct exchange.
Dan Cline worked with the DCI via the Co-op program from the University of Massachusetts Amherst. His mentors were Neha Narula and Tadge Dryja
Read MoreAbstract
The United States financial system can be restructured by giving universal direct access to credit risk-free central bank money. In the 10 years since the financial crisis, technological advancements and regulatory tools have laid the foundation for Central Bank Digital Currencies to emerge as this economic resolution. Our paper analyzes similar economic cases and contends that introducing Central Bank Digital Currencies (CBDCs) can improve financial stability without degrading credit availability in the long term. We illustrate this by focusing on similar market shifts, namely in the U.S. student loan market and the New Zealand agribusiness sector. Our analysis showcases that by introducing CBDCs, market participants can subsequently remove certain market subsidies that promote poor risk practices and improper pricing. This subsidy to financial institutions is both explicit in the form of FDIC deposit insurance and implicit in the stipulation of taxpayer funded bailouts that materialized in 2008. We calculate the effect of introducing CBDCs by focusing on historical market examples when similar fundamental market shifts happened. Our conclusion is that CBDCs may diminish credit availability, but this effect is ameliorated as financial stability improves in subsequent years. Accordingly, we recommend a roadmap for rolling out CBDCs in the least disruptive fashion.
Read More
For central bankers, the game changed last summer when Facebook unveiled its proposal for Libra. Many have responded by seriously exploringwhether and how they should issue their own digital money.
Arguably, though, the more fundamental change is more than a decade old. It was Bitcoin that first made it possible to transfer digital value without the need for an intermediary, a model that competes directly with the traditional financial system. The network’s resilience against attackers suggests there is another way of setting up the system.
Last weekend at the MIT Bitcoin Expo held on campus in Cambridge, Massachusetts, I sat down with experts familiar with central banking as well as cryptocurrency. We discussed the practical concerns central bankers should be considering as they begin to design their own digital money systems. One common theme: central bankers have plenty to learn from Bitcoin.
Read MoreMember Company: Boston Consulting Group (BCG)
Project Group: Healthcare Applications
Executive Summary
Over the past decade, significant breakthroughs in DNA sequencing have accelerated our capacity for genetic research and created new disciplines of precision medicine, promising a generation of novel therapies for previously incurable ailments. However, with an influx of vast amounts of genetic data, another challenge arose: the problem of data stewardship and governance. As of today, an individual who has their DNA analyzed through consumer-focused products like 23andMe or Ancestry.com, or through their personal healthcare provider has no promise of knowing where the genetic data goes or how it will be used. This historical lack of transparency has had cascading consequences across the industry- from disincentivizing participation in programs that would benefit from sharing genetic or health data, to driving a profound lack of genetic diversity in clinical trials. We believe that a blockchain tool, leveraging non-fungible tokens, can enable a degree of transparency and traceability to allow individuals to become informed stewards of their own genetic data. By doing so, we strive to build guardrails for privacy and security around the exchange of genetic data, thereby regaining the trust of participants, and encouraging our community to drive a thriving genetic data marketplace for the greater good of society.
Read More
Proponents say payments with a digital dollar would be faster and easier. Opponents say it would be costly and inefficient.
The nature of money is changing, and central banks around the world are debating whether they need to change with it.
As electronic payments take off and private cryptocurrencies such as bitcoin seek to gain traction, governments are exploring whether to issue digital versions of their national currencies that could be used as a universal form of payment in the way physical cash is today. These conversations gained urgency for some last year when Facebook Inc.announced plans to launch a cryptocurrency called libra, sparking concern that one of the world’s most powerful technology firms could become even more powerful by operating its own digital money.
So far, few countries have implemented a digital currency, though China reportedly is close and several countries have done or plan tests. Considering the dollar’s key role in global markets, should the U.S. commit to such a project?
Proponents say a digital dollar managed on a single network would facilitate faster, cheaper payments and protect the Fed’s ability to conduct monetary policy in a changing world. Opponents say Fed-controlled digital currency would be costlier and less efficient than many expect, and it would harm privacy by giving government the ability to track all dollar spending.
Neha Narula, the director of the Digital Currency Initiative at the Massachusetts Institute of Technology’s Media Lab, makes the case for digitizing the U.S. dollar. Lawrence H. White, a professor of economics at George Mason University and a senior fellow of the Cato Institute’s Center for Monetary and Financial Alternatives, argues against.
Read More
“Bitcoin gold, a relatively minor cryptocurrency that split off from the original bitcoin blockchain in late 2017, has suffered a so-called 51% attack resulting in over $72,000 worth of bitcoin gold tokens being double spent.
A 51% attack can occur when malicious cryptocurrency miners take control of tokens' blockchain and is the second time it's now happened to bitcoin gold which saw $18 million worth of bitcoin gold stolen in May 2018.
The price of bitcoin gold, which ranks as the 36th most valuable cryptocurrency according to CoinMarketCap data, jumped following reports of the attack, moving counterintuitively considering the seriousness of an attack of this type and suggesting the market for smaller tokens is still far from maturity…”
Read MoreAbstract
This work addresses the ongoing lack of legal clarity and inconsistent pronouncements regard- ing the regulatory status of cryptographic assets by introducing a novel series of classification approaches employing non-binary scoring systems. Novel taxonomies have been constructed based upon multi-level categorical and numerical discrimination methods following design science of information systems best practices. The aim is to provide greater explanatory insight with respect to the nuanced and complex ensemble of attributes which may be exhibited within this sui generis type of objects. The notions of Secu- rityness (S), Moneyness (M) and Commodityness (C) are proposed as candidate meta-characteristics for “TokenSpace”: a three-dimensional visual construction of subjective classification approaches towards a co- herent and customisable conceptual framework. TokenSpace can be used to make reasoned qualitative and / or quantitative comparisons of asset properties. TokenSpace has more in common with successful prior classification frameworks in other domains and greater development potential using axiomatic, empirical and qualitative approaches than the sorting, clustering, intuitive or na ̈ıve categorisation approaches pre- viously employed for cryptographic assets. TokenSpace provides a basis upon which real-time information feeds and predictive analytical tools may be developed in future.
Read MoreAbstract:
We design, implement, and evaluate a zero knowledge succinct non-interactive argument (SNARG) for Rank-1 Constraint Satisfaction (R1CS), a widely-deployed NP language undergoing standardization. Our SNARG has a transparent setup, is plausibly post-quantum secure, and uses lightweight cryptography. A proof attesting to the satisfiability of n constraints has size 𝑂(log2𝑛)O(log2n); it can be produced with 𝑂(𝑛log𝑛)O(nlogn) field operations and verified with O(n). At 128 bits of security, proofs are less than 250kB250kB even for several million constraints, more than 10×10× shorter than prior SNARGs with similar features.
A key ingredient of our construction is a new Interactive Oracle Proof (IOP) for solving a univariate analogue of the classical sumcheck problem [LFKN92], originally studied for multivariate polynomials. Our protocol verifies the sum of entries of a Reed–Solomon codeword over any subgroup of a field.
We also provide 𝚕𝚒𝚋𝚒𝚘𝚙libiop, a library for writing IOP-based arguments, in which a toolchain of transformations enables programmers to write new arguments by writing simple IOP sub-components. We have used this library to specify our construction and prior ones, and plan to open-source it.
Read More