Topic: What if the devs are ordered by a US judge to include a government backdoor? (Read 3037 times)

1. Bitcoiners would find an alternative wallet without backdooring
2. The official bitcoin wallet is open source, so one could remove the backdoor

the thing is that walking in the front door each time they'd like to check is just to expensive.
plus some people have guns

I'm just saying.
feel free to get adventage of whatever tools you find useful to find it, but trust me, if I had an actual incentive and a proper access, I bet I can beat them all, starting from the most expensive ones. it's just a matter of time
people indeed is a harder part, though as I said, ppl ale subjective to different illusions that you can use in a source code.
especially those ppl who don't care, because they have such a great tools

You are a guy in a tinfoil hat. Again.

Thanks to code analysis tools (and there are many powerful, free & extremely expensive commercial ones) plus git, such a mistake can be easily spotted.
Remember that you don't review whole code at once (large). You just review latest changes (small).

There are many smart (and i even dare to say: genius) people looking for backdoors in the Bitcoin code , so that wouldn't be very smart to add backdoors, even if you are a genius yourself.

The government doesn't need a backdoor. They can walk in the front door, ie, the open transaction ledger. Also, if a particular actor wanted to influence the course of any open-source project, he could simply join the project and contribute code (assuming some degree of subtlety in crafting pull requests, of course). The beauty of the process is that harmful contributions are weeded out, and if the worst-case scenario comes to pass, the project can be forked with a new lead developer.

call me a guy with a tinfoil hat again, but as a guy who spent a big part of his life coding C, I dare to say that it is fairly easy to sneak into such a big source code a backdoor, i.e. in a form of some exploitable stack overflow.

if the attacker is smart, it is as simple as changing one innocent character, at some place in the code he's made, to hide the actual purpose though still suggesting just a mistake.
like putting "," instead of ".", "O" instead "0" or "l" where you needed "1"... I've wrote so much code in C that I could think of tons of expressions that would actually work completely different than one thinks they do at the first sight.

this is especially dangerous when they have just included a few tens of pull requests, so no sane person is really going to go carefully through all of them.

corrupting binaries would be the most stupid way to go, since this one can be actually found quite easily, thanks to bitcoin's fine gitian building solution.

While I agree with you on his paper, please keep that separate from his blog post, which directly addresses $subject.

not sure this guy understand bitcoin, eg I skim read his paper
http://www.weis2013.econinfosec.org/papers/KrollDaveyFeltenWEIS2013.pdf

as he appears to completely miss the re-target function of bit coin to make it easier to mine if hash leaves,

he also fails to make connection that specialization by asic miners does not equal distribution increase, in fact, quite the opposite ,eg now we are seeing usb miners, and one person noted that almost any heat producing need could also be mining.

more complex computer chips has been coupled with more uptake.

This is very relevant to this thread:

  Open-source Governance in Bitcoin
  https://freedom-to-tinker.com/blog/felten/open-source-governance-in-bitcoin/

Not so sure you need to be US citizen, extradition is the favored tool theses days, even by other means, eg Assange.

Also I think that various protocols, and programs have been ordered modified by Judges, though mainly in patent suits, though this prism thing is perhaps a more pertinent example. If a program was somehow effect on national security I think Judges may order the programer change it, or face contempt. Sorta like journalist who elect to not give up their sources. They don't get to go, oh well I'm not a journalist any more, or working for this paper/story. I disagree with all of this by the way, but never underestimate how flexible the law is against the individual in the hands of the Government.

what if they get to git, to not compare this code, mod git just for BTC, in some update, that would trick you as you had being relying on git to find the difference.

i don't get this why does it need to be signed, just copy the cod, take out signing requirement bit and release....what am I missing

It has happened to the JAP project (http://en.wikipedia.org/wiki/Java_Anon_Proxy)


AFAIK they handled the situation by putting in the code, openly labeling it as what it is, and when asked about it they just said "we can't talk about that..." and everybody knew what was going on.
It pretty much killed the project, though, which was about to be overtaken by tor at the time anyway (at least from my point of view).

Regarding bitcoin, I don't think it would take more than an hour to be the topic of discussion on IRC if Gavin did actually commit something like that. Let alone release it.
And, as he already said, our developer community is spread over several countries/continents so it's extremely hard to put them all under legal pressure simultaneously.

Maybe it would be nice to better track / display who reviewed what code. I know you can count the ACKs in the github discussions, but maybe it would put some minds at rest if there was a website listing commits/tags/builds along with green badges representing valid signatures from the core devs.

Exactly. Or just use a truecrypt hidden container so they think they've retrieved your wallet but just have it empty.

This right here is 100% on point. Why bother with the hassle of installing a backdoor on the code when they can simply arrest you threaten you and your spouse with 20 years in prison and tell you if you surrender your coins they will let your wife off and knock your sentence down to 10-15. That doesn't work? Ok you're now declared an enemy combatant(who needs justification, that's why we have the patriot act), no legal rights, and deported to guantanamo. Oh Guantanamo is finally closed? You think that means you get a break? Nope, now you get to go rot in some hell hole jail set up in one of our "allied" (ie colony) third world nations. Enjoy rotting in prison in Turkmenistan.

Rubber hose is useless if they cannot prove that the data is there.

http://en.wikipedia.org/wiki/Plausible_deniability
http://www.truecrypt.org/
http://www.truecrypt.org/docs/?s=plausible-deniability

Well, you could easily append stuff to the merkle root I guess... The problem is that the coinbase transaction is unknown to the miner itself and that is the one and nearly only one that matters to miners.

You could make them "break" at a certain point of time though for example.

An interesting concept would be an ASIC that spends e.g. 1 BTC for each block it produces from a known address to the ASIC developers and that gets distributed for free. One that address runs dry (hacked or simply enough blocks mined), the ASICs stop working. It is in the best interest of miners then to transfer some BTC to this address again to pay for their ASICs that way. It's not 100% possible right now (as the ASIC would need to know about a new unspent output in that address) but it might be a possibility at least maybe in the future.

By the way:
What about a guide/script to do the following:
Get a vanilla LTS Linux distro (e.g. Ubuntu)
Install something like Jenkins or buildbot
Install gitian
Configure Jenkins or buildbot to build every commit in the bitcoin github repo via gitian
Provide a way to sign and publish the output of these builds

I would love to help verify builds for various platforms but setting all these things up is a bit much to ask and surely has already been done by some people. If there is a guide (or even better: a simple commented shellscript that already installs all required dependencies etc. from a vanilla installation/liveDVD) somewhere then I'd be happy to donate my CPU time + HDD space towards this. I don't really want to "donate" hours of my time though to make gitian, buildbot and whatever you use for signing this (maybe Bitcoin and/or Bitmessage private keys? ) run if there could be already a standard platform for doing so.

TL;DR: Give me a shellscript that "just works"(TM) with a specific liveDVD of some Linux distro that builds Bitcoin binaries and I would love to verify signatures.

If the hardware just does hashing then you can't really have a backdoor.  You tell the hardware what header you want it to hash and what nonce range to use.

A miner that is more complex and builds up its own blocks would be different.

Rubber Hose!

If your wallet is protected by a 64 character alphanumeric pass phrase, they will use a $5 wrench to extract it from you.

Folks are asking the wrong questions.  The more interesting questions are:

If it were so ordered, how might it be done?

If it were done, how could it be kept hidden to stop it being circumvented?  (given that the point of bitcoin is that people are supposed to be a validating node.. right?)

What would they really want, anyway?  A copy of transactions? (like the public block chain? oh wait..)  Map addresses to people?  (That's what the FinCEN MSB/etc stuff is for)


Backdoors like registering private keys or even public addresses would never work (too many alternative clients, a huge can of worms - people would remember Clipper quickly)

Backdooring miners is academic - all they're doing is gathering signature transactions into a blockchain.  You need to private keys (see above) to take somebody's BTC.  They can't tamper with the blockchain, it would be rejected by the rest of the network.  The block chain is to provide consensus of which version of transaction is the right one, it doesn't make actual transactions.


No, its far easier and more practical to raid your home at first light, seize everything you have, and present you with alternatives so horrible that you'll cave.  A bit of shock and awe goes a long way to keep people in line.

There's no gain for "the government" to backdoor the bitcoin code when there's far more effective tactics.  Be more worried about the highly effective, low tech attacks.  Its hard to spend your bitcoins if you're in prison.