Redactable Bitcoin

Update: I made some redactions corrections.

Bitcoin people frequently criticize banks for claiming to build blockchains while discarding proof-of-work, so here comes Accenture with their own version of a blockchain. It keeps Bitcoin’s proof-of-work, and adds a master key.

(More specifically, it takes Bitcoin’s exact protocol but replaces the double-SHA256 hash with a chameleon hash inside a SHA256 hash. A chameleon hash is a hash function that contains a trapdoor.)


I suspect that Accenture’s Financial Services group does not know what it is actually getting here. Their whitepaper begins by asserting that Bitcoin’s blockchain contains illegal porn that needs to be redacted. Good grief.

Then they spend two pages talking about the DAO.

The problem isn’t the redactability – sure, maybe Accenture’s Group Exec wants to scrub those bookings at the no-tell hotel from his credit card statement. I can sympathize with that. The problem is that Accenture misrepresents what a blockchain even is.

Accenture employees might be clueless, but their academic co-authors cannot possibly be ignorant of the fact that an application that runs on a blockchain (the DAO) is separate from the blockchain itself (Ethereum). And, having modified Bitcoin Core, they know full well that porn cannot be stored on Bitcoin’s blockchain.

Look, it’s fine if people want to make grandiose claims about how blockchains will revolutionize the universe. It’s good for business around here. But now you guys are just making shit up to exploit the technological ignorance of banks. This is exactly how industries start getting regulated. Cut it out.

Bitcoin and child porn:
Yes, Bitcoin’s blockchain contains transactions that have encoded URLs of child porn sites. So does this web page. In fact, this is an encoded URL, right here: “1HJCcziSCEkUcDq5aRC68vxVdx6enWUrvf” (the link goes to a transaction in the Bitcoin blockchain explorer, not a porn site). If you know where to find this data on the blockchain, AND you know the algorithm for decoding the data, AND you actively take the time to decrypt it, AND you paste the decrypted URL into your web browser, then yes, I suppose you can get child porn from Bitcoin’s blockchain. You’ll have a hard time blaming Bitcoin for this one though.

See Also:
G. Ateniese, et al. Redactable Blockchain — or — Rewriting History in Bitcoin and Friends. Cryptology ePrint Archive: Report 2016/757
When a Blockchain isn’t a Blockchain –Bloomberg

5 thoughts on “Redactable Bitcoin

  1. does anyone understand blockchain?

    Just scan your way through some of the vapourware on the hack ether camp to get a thorough insight to the extent of ignorance… apart from the dearth of lotto/casino concepts there are some real gems. That said I’m increasingly beginning to question the value of crypto as a replacement for fiat currency.. Bitcoin is currently consuming the energy of a small western country… and is incredibly slow for all that power. It’s too easy to lose a wallet or access too a wallet and thus it makes a poor choice for storing value. Even if you have it backed up password and passphrase recoverable with brilliant hints that won’t help your heirs when your dead… ‘ So how do you stop all bitcoins ending up in the grave or rather, When will that happen? . bit like that other creepy one… when will Facebook become Deathbook?

    But Crypto (i.e ethereum) will likely survive, as a token payment mechanism for applications, software maintenance, and paying a large number of distributed workers it fulfils a need that exists as a consequence of the internet. An opportunity no less to encourage exploitation of vulnerable workers.

    As for the advent of the blockchain I feel it’s a bit like the advent of the wheel, not much use until someone invents the axle and another tames the horse.

    but you’re right.. wouldn’t it be nice if one could make money by backing rather than exploiting losers.

  2. What a great time it is to be a fin-tech engineer. Everything is immediately amazing and the laws of physics are actively trying to help you succeed.

    But of course lay people don’t actually spend their time trying to invert chameleon hash functions. Lay people use computers for 10 things, 7 of which involve collecting vast amounts of pornographic data and hiding them into fairly obvious folders like “Work Stuff”, inside of which contains another folder called “More Work Stuff”.

    Also, I’m reading this paper and their implementation of `SerializeHash` allocates uint1024, that doesn’t seem right? Does your hash function really require more entropy than all the electrons in the universe?

Leave a Reply