Corrections: Redactable Bitcoin

This is a follow-up to an earlier post about Accenture’s creation of a Redactable Bitcoin.

Bitcoin Porn:

Jeff Garzik points out that porn can be embedded in any medium, whether it’s smoke signals or semaphore. So it’s not fair to say that porn can’t exist on the Bitcoin blockchain. Granted, the “porn” will look like nothing more than a series of transactions, unless you know how to decode and interpret it.

Accenture and the Mutable Blockchain:

Previously I said that Accenture’s redactable Bitcoin uses proof-of-work, an assumption made based on the specs of an earlier prototype. Accenture’s Media Relations rep contacted me to say that their new prototype still uses Bitcoin core, but without the mining. Also, in response to my characterization of their thing as a horribly inefficient Excel spreadsheet, he says:

“That small addition [of a master key] is actually likely to make DLT [distributed ledger technology] more efficient (enabling pruning, compression, potentially reducing the number corrective transactions by half).”

So not only did Accenture solve Bitcoin’s immutability problem, they also solved the blockchain-is-too-damn-long problem. And because the nodes receive updates from a “designated authority”, they also solved the network broadcast problem.

headdesk_zpsbc878650

Don’t ever take a fence down until you know the reason why it was put up. –G.K. Chesterton

Bitcoin is one of the most secure pieces of financial infrastructure in existence. It’s not missing a master key simply because Satoshi somehow overlooked that feature. Bitcoin is missing a master key because it was entirely designed to avoid a master key!

Decentralization is a substitute for a designated authority. See, blockchains doesn’t store information, nodes do. The raw transaction blocks that make up a “blockchain” are mainly used to relay information to others. Nodes themselves maintain an unspent-transaction-output (UTXO) database to validate new blocks and transactions1. After processing each new block into the UTXO database, nodes can prune or archive their local blockchains to save disk space.

Bitcoin works because every node enforces identical rules, and decentralization prevents them from colluding to break the rules. Bitcoin miners could mine invalid blocks with all the hashpower in China; it won’t matter as long as nodes commit to ignoring invalid blocks.

Bitcoin users ascribe value to bitcoin with the expectation that nodes continue to enforce predetermined rules. The minute that Bitcoin nodes allow exceptions to the rules via master key, the price of Bitcoin will fall to zero2.

I make fun of R3 Consortium for pretending to do blockchain while actually producing data standards, but they did get one thing right. If you want to create a decentralized clearing and settlement system, the first thing you gotta do is get everyone to agree to the same rules.

1. Bitcoin uses double-entry bookkeeping, where every transaction has a corresponding debit and credit. The unspent transaction outputs represent remaining credits.

2. It’s comparable to the value of a fiat currency where the central bank takes too many liberties with its monetary policy. People lose confidence in the government’s ability to keep its promises, and thus devalue the currency.

H&R Blockchain!

The tax code is a set of rules. Well, actually it’s multiple overlapping iterative sets of rules. This is horribly complicated for humans to understand, but computers are great at dealing with rules.

Computers can already interpret the tax code: Tax preparation software is simply a translation of the tax code into a program that asks questions and prints out a tax return according to the rules.

Tax returns are not just generated by computers; they’re also read by computers. The IRS uses a computer review system to automatically process returns and issue adjustment notices. Human eyeballs almost never audit any returns.

Sanity-preserving people gave up on understanding the tax code years ago. All that’s left is a set of rules applied by computers, and enforced by computers. Time to put it all on the blockchain.

07865f9f44faaacbb325dce25014f143

(There are obvious privacy-related reasons why no one would want their tax returns on the blockchain, but I hope that someone creates an H&R Blockchain just to use that name.)

Redactable Bitcoin

Bitcoin people frequently criticize banks for claiming to build blockchains while discarding proof-of-work, so here comes Accenture with their own version of a blockchain. It keeps Bitcoin’s proof-of-work, and adds a master key.

(More specifically, it takes Bitcoin’s exact protocol but replaces the double-SHA256 hash with a chameleon hash inside a SHA256 hash. A chameleon hash is a hash function that contains a trapdoor.)

etch-a-sketch-classic

I suspect that Accenture’s Financial Services group does not know what it is actually getting here. Their whitepaper begins by asserting that Bitcoin’s blockchain contains illegal porn that needs to be redacted. Good grief.

Then they spend two pages talking about the DAO.

The problem isn’t the redactability – sure, maybe Accenture’s Group Exec wants to scrub those bookings at the no-tell hotel from his credit card statement. I can sympathize with that. The problem is that Accenture misrepresents what a blockchain even is.

Accenture employees might be clueless, but their academic co-authors cannot possibly be ignorant of the fact that an application that runs on a blockchain (the DAO) is separate from the blockchain itself (Ethereum). And, having modified Bitcoin Core, they know full well that porn cannot be stored on Bitcoin’s blockchain.

Look, it’s fine if people want to make grandiose claims about how blockchains will revolutionize the universe. It’s good for business around here. But now you guys are just making shit up to exploit the technological ignorance of banks. This is exactly how industries start getting regulated. Cut it out.

Bitcoin and child porn:
Yes, Bitcoin’s blockchain contains transactions that have encoded URLs of child porn sites. So does this web page. In fact, this is an encoded URL, right here: “1HJCcziSCEkUcDq5aRC68vxVdx6enWUrvf” (the link goes to a transaction in the Bitcoin blockchain explorer, not a porn site). If you know where to find this data on the blockchain, AND you know the algorithm for decoding the data, AND you actively take the time to decrypt it, AND you paste the decrypted URL into your web browser, then yes, I suppose you can get child porn from Bitcoin’s blockchain. You’ll have a hard time blaming Bitcoin for this one though.

See Also:
G. Ateniese, et al. Redactable Blockchain — or — Rewriting History in Bitcoin and Friends. Cryptology ePrint Archive: Report 2016/757
When a Blockchain isn’t a Blockchain –Bloomberg

How Blockchains will save Billions in Clearing and Settlement Costs

Blockchain technology could save financial institutions $15-20 billion in clearing and settlement costs by 2022. Exciting stuff. I keep seeing these big numbers thrown around, but not a whole lot to back them up. Where did these calculations come from? How do you even measure such things when the industry definition of “blockchain” changes every other day??

The Financial Times frequently references an Oliver Wyman report that says:

Our analysis suggests that distributed ledger technology could reduce banks’ infrastructure costs attributable to cross-border payments, securities trading and regulatory compliance by between $15-20 billion per annum by 2022.

That’s the end of the analysis. Is finance one of those industries where no one is required to show their work? I suspect the $15-20 number is somehow derived from an in-house publication from 2014 that estimates total clearing and settlement costs at $65-80 billion. Somehow, blockchain technology will reduce these costs by 25-30%.

Oliver Wyman isn’t the only one who thinks so! Accenture claims that blockchains could save investment banks $16 billion in clearing and settlement, citing a website from Quartz that cites a report from Autonomous Research:

screen-shot-2016-09-20-at-9-54-59-pm

Autonomous Research created their estimates by taking a poll of 150 investors and industry participants.

So blockchains will save billions in clearing and settlement costs because a bunch of people made a jellybean guess. It’s like a prediction market, because banks are also placing bets based on their predictions. Too bad there’s no way to bet on how much money blockchains won’t save.

Note:
I think people are right about blockchains reducing clearing and settlement costs. The cost savings just won’t be realized by investment banks.

National Security Threats of the Internet of Things

googlecar

The Department of Justice has formed a threat analysis team to study potential security challenges posed by all our internet-connected things.

I can tell you their results without spending a single taxpayer cent.

They’ll find threats. Terrible, horrifying, existential threats.

The threats will cause human suffering the likes of which the world has never seen before. Researchers will have computer models that calculate the certainty of an IoT holocaust. An interplanetary IoT apocalypse. They’ll tell tales that’ll straighten your pubes.

When it’s your job in life to study how dangerous a thing is, the conclusion is always that it’s SEVERELY DANGEROUS. Anything less looks negligent. It doesn’t matter whether that thing is vaccines, 3-ounce shampoo bottles, or antibacterial hand soaps – declare that they’ll lead to the death of us all. That’s how you create job security.

The government will totally be on board with the strategy. Fear-mongering is how political leaders maintain fealty (see also: Trump). A terrified population is a docile population.

When people are scared, they need something done that will make them feel safer. The government will go above and beyond in meeting that need with an elaborate choreography of security theater.

They’ll form a 3-letter agency. They’ll design mandatory duck-and-cover drills. Offer tax credits for basement bomb shelters. Test the air raid sirens once a week.

Also, there will be MASS SURVEILLANCE. The solution always includes MASS SURVEILLANCE.

When we were worried about homosexuals, the FBI tracked the clientele of gay bars. When we worried about meth labs, the DoJ started tracking Sudafed. When we worried about terrorists, we gave the government free reign to read all our emails.

When it comes to internet-connected things, we’ll begin by monitoring the passengers and routes of self-driving cars. Was there any question about whether this would happen in the first place? Head of DoJ National Security Division John Carlin has pointed out that the July truck attack in France is an example of how automated driving systems could present a security threat if remotely hijacked.

Once Mr. Carlin realizes that the attack truck was not, in fact, a self-driving car, but a 2012 Renault Midlum with a disturbed driver, we’ll stop worrying about self-driving cars. Instead, we’ll focus on dealing with disturbed drivers.

JUST KIDDING. We’ll pass legislation to track ALL the cars. Roadworthy vehicles will require transponders. Surveillance radars will monitor their movements. If a car displays suspicious driving activity, we’ll deploy a fleet of battle tanks to circle the wagons.

Then we’ll move on to other connected objects. Toilets! Pacemakers! Sex toys! Toasters! Could any of these things be hacked and turned into a weapon of mass destruction? I don’t know, but the government will wiretap all the things to find out!

Or we could just, you know, refrain from connecting all our things. But that wouldn’t be a good use of tax dollars at all.

advisorysystem2