Topic: Live Blog - Security Panel Bitcoin 2013 (Read 1920 times)

All of the panelists were plenty bright enough to the various sides to the issue.

Taint/tarnish is a really compelling mechanism to address the theft issue.  I strongly feel that it is a siren's song though and was surprised at how strongly most of the panelists embraced the idea.

One of them mentioned the issue of centralization aspect of tarnishing authority (as a problem.)  With enough engineering and complexity, I suspect that that could be distributed, but that is only one small issue to me.

A bigger issue is determining what, exactly, constitutes a theft.  It's not so easy.  If I gave someone else coins and felt like being a dick, what's to stop me from claiming they were stolen?  Who's going to fund the investigative efforts to track down the legitimacy of the millions of 'thefts' both real and invented?

Secondly, many legitimate thefts go undetected for a fair period of time.  Are we really going to place the burden of constantly checking balances in order for thefts to be discovered within some window or whatever?

Then there is what I am sure will turn into a very real attack vector (state level) in using the taint system as a chock-point for other projects.  Does a coin become 'tainted' because a citizen of Iran person touched it?  I'll bet it will.

Very sticky issues, and I am pretty confident that this way lie dragons.  I'm sure it has been discussed ad-nausium, and the panelist's reaction to the question will spur another round.

(By way of being constructive, I'll pump my idea of Bitcoin migrating to a 'reserve' role where the holders are on balance well prepared to take care of their holdings and thus reduce theft to a tolerable level.)

no it wasn't.  Kaminsky's been wrong before and he'll be wrong again.

his argument was based on the same one when Deepbit got close to 50% (or perhaps even over).  somehow the pools are incentivized to attack Bitcoin is what he thinks.

this has been proven wrong.  pools are invested in Bitcoin.  if they attack the source of their own income they would destroy themselves.  plus the fact that a pool is composed of individual miners who collectively want Bitcoin to survive and would defect the moment they realize their pool is conducting such an attack.

Eleuthria is a good example of a self aware pool operator who voluntarily prevents his pool from getting too close to 50%.  he doesn't even want to go near there b/c he doesn't want all the hysterical skeptics to tout an attack he realizes is impractical.

i agree.  and so does Alan Reiner.

I also.  It was a somewhat jaw-dropping statement and one of the most interesting things I saw at the conference.

I cannot imagine such a change of this magnitude in this timeframe on the basis of a theoretical weakness (i.e., non-exploited semi-monopolization of hashing hardware.)  I can think of a number of hypothesis, but won't outline them until I can find the most appropriate thread (stumbled here via a Google search.)

My best case scenario is that Kaminiski simply felt that nobody in core dev has put the appropriate effort into conceptualizing how such a shift might be engineered (were it necessary) and was hoping to light a fire under their asses.

You will just have to see it for yourself.  I'm not sure what I missed, he seemed a little vague on it, but that could have been my lack of understanding.

parts of it are here and here.   It will probably appear here too some time later.

Also - the foundation will release the official videos, eventually.

Will

There was video taken.

Does anyone know if there was video taken at this panel?

Thank you very much for doing this for us who couldn't attend.

I'm also very curious about Dan being worked up over POW and his prediction. Care to elaborate on what he said?

I find this quite disconcerting. As a layman, I had thought the proof of work was the basis of the whole "shebang"  -- technical term there.

Peter - talked to people who do nuke launch codes.

Question 5:  Securing $1 Million in bitcoins, that is east.  Building high walls is easy.  Discuss.

Dan - Alice pay Bob money, does Gary get to decide is that okay?
Victor - To reduce risk, dissociate information.  ( I think he is talking about splitting keys)

Question 6:  Gmaxwell asking.  Talking about grandma.  She should bitcoins in a bitcoin bank.  A million grandmas doing the same thing creates systemic risk.  Individual security misaligned with the systemic risk.

Bennett - Bitcoin allows everyone to agree the don't trust each other.
Alan - we have the tools we need.  Just need to use them correctly.  Needs to be implemented.

Panel concludes!!!

Question 3:  Re:  Stolen coins, (guy confused about taint?)

Dan - If you can prove, you can sue.
Bennett - Taint vs tarnish

Question 4:  Best practices, wallets etc., thefts are from hosted wallets.  We need codified best practices for hot wallets for developers to implement.
Ira from Coinapult is asking.

Peter: go for it  

Dan, Peter - Random number generation is in a sorry state.  Big issue.

Question time:
First question - not so much a question.

Question 2: 51% attack, doable.  Wafer capacity is huge.  How to we deal with that.  Hard fork?  What do you guys think about that? 

Peter - can anyone from NSA who is here comment?  Protocol changes happen by miners.  Next though:  PUMP OUT THE ASICS!!  we need 1000 fold the hasing power.
Alan - its getting better by the day
Peter - nation state attack is big risk.
Dan - He gives 0% change the proof of work will remain unchanged, prediction: will not survive the year.  Not sure what the coming proof of work fuctions will look like.  Shared mining (whats that called).  Life or death of BTC on mining being truly distributed.  Must changed.  He is being very emphatic on this.

Dan - Wallets and bank accounts, we naturally spread risk.  No one in cryptography

Victor - as an industry, we need to define more standards.

Peter - one of the goals of launching the foundation was certifications.

Alan - insured storage is key, but the insurance companies need metrics by which to judge security protocols. essential for people to feel safe storing 'life changing' quantities of bitcoins

Bennett - this is very strange to be on a panel talking about who bitcoin needs to be more like banks.

Dan - Thought bitcoin was not going to scale, has changed his mind in the short term.  Long term its doomed, just like everything else in life.  Give Miami and a cat 5 hurricane as an example.  people still live there he points out.

Dan - Wallet security must be addressed, but we can't be to onerous about it.  Dan, getting very animated again about regulatory possibilities.  You can't have your account frozen or seized.  That is fundamental to its value.

Bennett - People will make fragile systems, and other people will use them.

Peter - Dan, have you lost coins?

Dan - I've never lost coins

Peter - I've lost coins.

Dan - are more lost to theft or more lost to accident?

Peter - I know someone who's lost 50,000 coins, they are in this room.

Alan - people forgetting the pass phrases, very very common, unfortunately.

Alan - convenience vs security.  Most people favor convenience. 

Victor - importance of multi-signature transactions.

Alan - Yes.  Working on it.  Attack surface of private key that have never touched the internet is an order of magnitude smaller that for ones that have.  Must find ways to eliminate single points of failure (with respect to wallet security)

Peter - loss and theft are two concerns, but there is often a tradeoff between the two.  Going to talk about coinlabs security.  Paper security in a safe.  Dual entry bank safe.  Quantum random number generator.  Tamper evident seals on envelopes.  We have a hard time with a large codebase, so we wrote our own small program.

Victor - Big bitcoin threat - incremental insecurity and fraud risk, preventing adoption.  Talking about stolen art.

Peter - Talking about premium for virgin, unspent, freshly mined coins.  0% taint from any perspective.

Victor - Our anonymity, which us bitcoiners like is tenuous

Peter - regulatory threats prevent issues updates to bitcoin that enhance anonymity?

Dan - bitcoin is "to big to regulate", exchanges and miners regulatory choke points.  EVERY choke point will see pressure applied, there is no other place to apply it

(yes, please help me blog)

90 percent of U.S. bills carry traces of cocaine

http://edition.cnn.com/2009/HEALTH/08/14/cocaine.traces.money/

Will

Dan - free to create new identities with bitcoin.  Not too anonymous but VERY deniable.  Mixing services, but tracking stolen coins is still easy.  Taint %

Alan - blacklisting is centralized by its nature. one bitcoin is not one bitcoin if blacklisting is prevalent.

Peter - Some coins are worth more than others right now

Alan - You would have know about them being stolen for them to have a lower value

Dan - "Fools gold"

Peter - you could accidentally end up with stolen coins

Victor - talking about blacklisting stolen things (coins)

Dan - taint "just is", he is getting philosophical about ownership.  Talking about lojack for cars.  Cell phone theft.  Taggons in explosive.  De-anonymization of stolen items.  Almost no stolen bitcoins have been spent.  EVERYONE is hording.  Dan is very excited and animated and its awesome.