Author

Topic: Bitcoins hosted on Blockchain.info safe from government freezing of funds? (Read 4313 times)

newbie
Activity: 46
Merit: 0
Indeed, that's not scary and for now purely academic.

But keeping a close eye on it like you say won't hurt, hope you'll find it.
sr. member
Activity: 364
Merit: 250
I am Citizenfive.
[...]I ran across something regarding this the other day and lost the tab. If we're talking about the same thing, that is. A BCT user was discussing his GPU implementation where he was demonstrating that different sections of the secp256k1 curve (and presumably similar curves) were more susceptible to some form of brute-force weakening. Is this what you're talking about? This is in the back of my mind as an issue to keep a close eye on.
[...]

Some threads relating to this with a lot of discussion:

https://bitcointalksearch.org/topic/this-message-was-too-old-and-has-been-purged-421842
https://bitcointalksearch.org/topic/--433522
https://bitcointalksearch.org/topic/bitcoin-vulnerability-440205

Basically it appears to have boiled down to this:

For Evil-Knievel's demonstration to work, you need to use his pseudorandom number generator (PRNG): https://bitcointalksearch.org/topic/m.4746108

His PRNG only generates from a set of 2560000000 possible values: https://bitcointalksearch.org/topic/m.4809894

Meanwhile, there are 45231284858326638837332416019018714005014673546513634524455141852155 115792089237316195423570985008687907852837564279074904382605163141518161494337 possible Bitcoin keypairs.

The probably of his tool cracking a real public key, in the wild, is virtually zero. You are more likely to have a meteor land directly on your house, on the same day, four years in a row.

Evil-Knievel is insulting everyone's intelligence, wasting our time, and trying to con somebody out of 2 BTC.
https://bitcointalksearch.org/topic/m.4875893


Yeah, there was another thread a couple weeks ago with a different approach. All I can find now is Evil-Knievel's threads, which are not interesting at all. Thanks though, for trying to point me to it. Maybe I'll find what I'm talking about eventually. Smiley Whatever it was, I remember it being fairly insignificant -- like, sections that were 100x faster to brute force, potentially. That sounds bad, unless you consider how over-provisioned the keylength is, which was on purpose because crypto systems rarely break completely, but soft spots are nearly always found. 100x faster when 1x is many universes in length is not scary.
newbie
Activity: 46
Merit: 0
[...]I ran across something regarding this the other day and lost the tab. If we're talking about the same thing, that is. A BCT user was discussing his GPU implementation where he was demonstrating that different sections of the secp256k1 curve (and presumably similar curves) were more susceptible to some form of brute-force weakening. Is this what you're talking about? This is in the back of my mind as an issue to keep a close eye on.
[...]

Some threads relating to this with a lot of discussion:

https://bitcointalksearch.org/topic/this-message-was-too-old-and-has-been-purged-421842
https://bitcointalksearch.org/topic/--433522
https://bitcointalksearch.org/topic/bitcoin-vulnerability-440205

Basically it appears to have boiled down to this:

For Evil-Knievel's demonstration to work, you need to use his pseudorandom number generator (PRNG): https://bitcointalksearch.org/topic/m.4746108

His PRNG only generates from a set of 2560000000 possible values: https://bitcointalksearch.org/topic/m.4809894

Meanwhile, there are 45231284858326638837332416019018714005014673546513634524455141852155 115792089237316195423570985008687907852837564279074904382605163141518161494337 possible Bitcoin keypairs.

The probably of his tool cracking a real public key, in the wild, is virtually zero. You are more likely to have a meteor land directly on your house, on the same day, four years in a row.

Evil-Knievel is insulting everyone's intelligence, wasting our time, and trying to con somebody out of 2 BTC.
https://bitcointalksearch.org/topic/m.4875893
sr. member
Activity: 364
Merit: 250
I am Citizenfive.
BC.i knows the complete mapping of bitcoin addresses to accounts (and emails if provided).  With this information they technically have the capability to target specific users and replace their JS code at sign-on with new code that intercepts the private keys.  With the private keys in hand the coins could be diverted out of your control.

If you happen to not log in after such targeting begins and instead use an email backup of your wallet, then the only exposure is brute forcing the wallet encryption— though the encryption strengthening is not very strong, there are apparently GPU crackers that can test on the order of 1M keys per second, and most users are not capable of choosing keys which can withstand a strong attack (even— or especially— if they believe they are capable).


Can you elaborate or point me at a thread discussing this topic? I ran across something regarding this the other day and lost the tab. If we're talking about the same thing, that is. A BCT user was discussing his GPU implementation where he was demonstrating that different sections of the secp256k1 curve (and presumably similar curves) were more susceptible to some form of brute-force weakening. Is this what you're talking about? This is in the back of my mind as an issue to keep a close eye on.

Regarding BCi, that is why *if you're worried about this* you should use them as a watch-only service, as I do. (Though I'm more worried presently about exploits and other flaws, than government seizure, but I guess in a sense that is the same thing.)

EDIT: To elaborate, I just realized an additional implication of your reply. You propose the case where BCi is compromised (or coerced), but for the end user it would behave normally; even for a watch-only wallet, in your scenario, rather than spend the funds, your keys are swept (or the funds are spent to somewhere else than you'd intended).

What do you suppose the danger of that really is? I mean, I guess it is up there above "all internet goes down" in security issues for bitcoin spendability. I can't say that I'd be worried about this unless I had a very large sum of money or was a Snowden-sized target for personal reasons. Thank you for proposing the possibility, however. They certainly aren't decentralized; it's entirely *POSSIBLE* (again, that's a large place) that their servers could be mirrored and be hosted by a government and local users would be unable to tell. GoDaddy and their SSL certs, etc. etc...

In any case, I guess should you feel you may be exposed to such a threat, you should attempt to only make use of BCi for watching, and perform sends from a local client (using the best practices for that).

As an aside, a brainchild of mine uses cryptographic code obfuscation to probably prevent even this sort of attack vector, but it's far from ready. (It may never be; I have a lot of projects and have had no luck cloning myself  Grin)
staff
Activity: 4284
Merit: 8808
BC.i knows the complete mapping of bitcoin addresses to accounts (and emails if provided).  With this information they technically have the capability to target specific users and replace their JS code at sign-on with new code that intercepts the private keys.  With the private keys in hand the coins could be diverted out of your control.

If you happen to not log in after such targeting begins and instead use an email backup of your wallet, then the only exposure is brute forcing the wallet encryption— though the encryption strengthening is not very strong, there are apparently GPU crackers that can test on the order of 1M keys per second, and most users are not capable of choosing keys which can withstand a strong attack (even— or especially— if they believe they are capable).
sr. member
Activity: 364
Merit: 250
I am Citizenfive.
5flags, I don't know about that but I do know that they (blockchain.info) do NOT have access to your private keys. Anybody has the answer to 5flag's question?

Does blockchain.info know your private addresses? I think your whole wallet is encrypted client side. Although I've never looked into wallet encryption, I had assumed the whole thing was encrypted, not just your private keys.

FenixRd, so you're saying that with the private key, public key, and bitcoin address, I can revive my wallet with another client side bitcoin wallet program if my funds get frozen on blockchain.info due to pressure from law enforcement? This is because your bitcoin wallet is distributed on the bitcoin network and not on blockchain.info because that is just a website and not THE blockchain. Correct?

Thanks,
 Smiley

P.S.
I know and understand why funds have to be frozen, but, sheesh, at least leave a little for the guy to pay his sharks, I mean lawyers with!

5flags question and your response indicates a little confusion over terms. One thing that becomes clearer every day, is the importance of language in these matters. If we aren't working with clear and universally-agreed definitions in terms, we will go in circles and not be sure why, and disagree on things we may actually agree on, because of differing internal definitions.

Firstly, to reiterate and be very clear: BlockchainInfo is *not* THE blockchain. Much like a coinbase transaction has nothing to do with Coinbase.com save the clever name. (A coinbase is used in place of a TXIN for the source of the new bitcoin created for a miner's block reward, thus, a coinbase was the source of all coins, get it?) The blockchain is the network's distributed ledger, present in tens or hundreds of thousands of copies, on any server or PC running a full node. BlockchainInfo runs a very fast full node, to facilitate its services, but as far as the network is concerned, its opinion is no more relevant (regarding ownership of coins) than any other node -- which is to say, it verifies and relays properly-formed transactions within the rules of the network, no more, no less. It's service is a really nice web interface to automate things for users and make things graphical and pretty and intuitive. Nothing that is done on BlockchainInfo is something that cannot be done by an individual user, on a local machine, if desired.

The maroon bolded text, then: There are no private addresses. There is a private key, which I tend to write as privKey, and it can be displayed however you like, as long as you know how to interpret it. It's a really big number. That's it. Like you'd imagine, there are many ways to write a number. The "standard" ways are either as a hex string, or a Base58Check string, or a QR code containing the B58C string. I don't store my privKeys as any of these, especially not B58C. Hex strings can be anything, but nothing except cryptocurrencies use B58C, and I'm paranoid. If anyone stumbles across (or a trojan searches through) my stuff, they can't readily spot my keys, because they don't look like keys. I can carry a copy of the key to my life savings in my breast pocket and no one is the wiser (not that I generally do this either). But I digress. Anyway, BI does not have private addresses because they don't exist; and, all encryption of privKeys is meant to happen client-side, so theoretically nothing that can occur at BI HQ can compromise your privKeys. If you're really paranoid, though, as I am, you should store your privKeys creatively, and let BI be a watch-only wallet until you need to spend. Then it will ask you for the privKey for that address, and off you go.

Which brings me to the orange: I guess what you're thinking of as "frozen", from an end user perspective, is -- what would happen if LEOs coerced BI into "erasing" your BI account? As in, you went to log in, and no dice. Or, a message that said please contact your local DHS for processing, or something? I'm not entirely sure how much of that would even be possible -- BI has limited information (unless they are saving data that they claim not to be, which you should always assume, though I have no reason to doubt them; frankly, for all we know, the NSA or a similar agency is sponging data too, and it may be irrelevant that BI does not retain certain info itself). But, they do email a long recovery string when you sign up that can be used to uniquely ID an account, and therefore if your emails were compromised (obviously, deleting a webmail message probably doesn't ever equal "gone forever") that could be used to isolate an account. There would be other pretty easy ways too for most users, because those methods are kinda necessary (for 2FA and such) for a secure account against regular (illegal, vs. "legal") theft. Anyway, so it's probably possible for you to get forcibly locked out of your BI account. Or even a critical error to corrupt an account, maybe. Idk. Possible is a big realm.

To your questions, though, none of this matters if you and only you have your privKeys. Store them in multiple places and encoded or encrypted in a way that only you know. Or in plain hex, or in B58C. With Bitcoin, YOU have a massive amount of control over the security of your funds. It's not particularly difficult to make them so secure that the only way to lose them would be if you suffered a head blow and amnesia (and even that could be planned for, if you wanted). The privKey is the only thing that matters. If you have that, and a way (any way, whether a local QT client, or a new BI account with a burner email, or a secret napkin passed to your lawyer) to transmit it, your funds are yours, until they're someone else's.

-J
hero member
Activity: 630
Merit: 500
Funds (bitcoins) are not on blockchain.info!
Transactions are stored in bitcoin blockchain (bitcoin network). You can acces your bitcoins in the bitcoin blockchain as long as you have private key for your bitcoin address, and know how to use some other bitcoin client to import that key and make transactions.
full member
Activity: 168
Merit: 100
5flags, I don't know about that but I do know that they (blockchain.info) do NOT have access to your private keys. Anybody has the answer to 5flag's question?

FenixRd, so you're saying that with the private key, public key, and bitcoin address, I can revive my wallet with another client side bitcoin wallet program if my funds get frozen on blockchain.info due to pressure from law enforcement? This is because your bitcoin wallet is distributed on the bitcoin network and not on blockchain.info because that is just a website and not THE blockchain. Correct?

Thanks,
 Smiley

P.S.
I know and understand why funds have to be frozen, but, sheesh, at least leave a little for the guy to pay his sharks, I mean lawyers with!
full member
Activity: 224
Merit: 100
Professional anarchist
blockchain couldn't be seized like your hard drive but could it be frozen? could they stop you from moving funds to pay your lawyer, for example?
It can be frozen (website), but that's why you have to export the private key of your wallet, and keep it safe.  you can then import that key into Multibit wallet and have access to your bitcoins.

Does blockchain.info know your private addresses? I think your whole wallet is encrypted client side. Although I've never looked into wallet encryption, I had assumed the whole thing was encrypted, not just your private keys.
sr. member
Activity: 364
Merit: 250
I am Citizenfive.
blockchain couldn't be seized like your hard drive but could it be frozen? could they stop you from moving funds to pay your lawyer, for example?

Through any number if user errors it is POSSIBLE that one could lose funds, just as would be true if someone opened a nigh-impossible-to-crack safe using a scribbled combination found in the drawer. Likewise, if someone stole only the combination and left the safe, and you didn't have the combination anywhere else or in your head, even without stealing the funds you're SOL. So pay close attention to the phrasing of my answer.

Blockchain.info is merely an interface that interacts with the Bitcoin network. There is nothing for anyone to control or seize. It is like Google – a local  authority could censor it; the authority of the location of their servers could shut it down or perhaps compel them to turn over a copy of the server data; or they could get really tricky and shut down BlockchainInfo and put up a shadow of it, one which states that your money is gone when you check your address. Or censor it via a secret order with your ISP for only you, because folks would probably spot tampering on a public scale. None of that makes it true.

Any number of conspiracy scenarios don't matter, because BlockchainInfo is just an interface. It is not THE blockchain. It does not matter to the Bitcoin network what BlockchainInfo says. To Bitcoin, they are just another node. It must abide by the network rules, including if it is hacked or compromised.

For spendable addresses in your BlockchainInfo wallet, as long as a security flaw is not found and exploited, if they don't know your password, or the private key corresponding to the address in question, they can't move them. Similarly, as long as you aren't depending on access to a web wallet alone, it doesn't matter what happens to  BlockchainInfo. As long as you have a way to recover your private key (memorized, written somewhere secure, encoded backup in a shoe, QR tattoo, etc etc etc, any way that works for you) you can spend from anywhere. You can meet with the lawyer and write the privkey on a napkin in binary. It doesn't matter. All that is necessary is a copy of the privkey in a format that the prospective spender knows how to read, and that the spender know how to create a transaction using one of hundreds of tools (including  BlockchainInfo) and propagate that to the consensus network.
legendary
Activity: 3696
Merit: 1584
blockchain couldn't be seized like your hard drive but could it be frozen? could they stop you from moving funds to pay your lawyer, for example?

You need the private keys behind your bitcoin addresses to control coins sent to those addresses. Ownership of private keys determines ownership of bitcoins. Private keys are stored in the wallet file so if you have a recent backup of your bc.i wallet and know the password to decrypt that backup your coins cannot be seized. Now I believe you need to make a fresh backup each time you generate a new address in your bc.i wallet.

FYI if you are this concerned you really should switch to electrum or another desktop client. bc.i isn't very safe anyway because it serves encrypted copies of your wallet to anyone who has the wallet identifier.
hero member
Activity: 630
Merit: 500
blockchain couldn't be seized like your hard drive but could it be frozen? could they stop you from moving funds to pay your lawyer, for example?
It can be frozen (website), but that's why you have to export the private key of your wallet, and keep it safe.  you can then import that key into Multibit wallet and have access to your bitcoins.
full member
Activity: 168
Merit: 100
blockchain couldn't be seized like your hard drive but could it be frozen? could they stop you from moving funds to pay your lawyer, for example?
full member
Activity: 224
Merit: 100
Professional anarchist
Blockchain.info has no access to your funds, so no, law enforcement / tax thieves / other extortionists couldn't seize your funds by any legal channels. It's actually probably safer in that your computer can be seized - your blockchain wallet can't be. Just make sure any backups of your wallet are strongly encrypted.
legendary
Activity: 3696
Merit: 1584
They would need to decrypt your wallet file to get your funds. If you had a weak password they could crack it and then move the bitcoins to an address they control.
full member
Activity: 168
Merit: 100
Hi all,

OK, I know that bitcoins stored on your own hard drive unplugged from the internet is safe from government freezing of funds if your buddy has access to it while you are in jail. However, what if your bitcoin wallet is hosted online such as by blockchain.info? Can your funds be frozen? Especially if they know your payment address and public key?

I just read about that Mega dude's whole guilty and confiscated assets until proven innocent ordeal in New Zealand. They even confiscated his MOTHER'S ASSETS. If he didn't have anything stashed away, then he wouldn't have any money to pay the lawyers.

Thanks for the 411,
 Smiley
Jump to: