Bitcoin Forum
July 05, 2022, 12:11:27 AM *
News: Latest Bitcoin Core release: 23.0 [Torrent]
 
  Home Help Search Login Register More  
  Show Posts
Pages: [1] 2 »
1  Bitcoin / Press / [2021-01-12] The Era of Government-Friendly Bitcoin Miners Is Here on: January 18, 2021, 09:40:14 PM
Two North American mining companies are launching a pool that pledges "to only process transactions that comply with American laws."

Does anyone think there is actually a market for this -- mining pools that ignore Bitcoin's fee incentives and only process "clean" transactions?

Some excerpts from the Vice article:

Quote
Two of the largest Bitcoin mining companies in North America, Marathon Patent Inc. and DMG Blockchain Solutions Inc., recently joined forces to create the Digital Currency Miners of North America (DCMNA) nonprofit trade group, the first North American mining pool with a legal entity. Together, they're pledging to only process transactions that comply with American laws.

Quote
Although there’s no clear connection between custodial rules and the Bitcoin mining industry, DCMNA isn’t taking any chances. The DCMNA is pioneering a technique it calls “clean mining,” meaning it selects which transactions to process based on wallet information instead of the most lucrative fee options. In other words, they're promising to only mine transactions that the government approves of, even if it means revenue takes a hit.

“We can tell regulators our mining pools are not doing business with child traffickers, terrorists, or miners in Iran,” Okamoto said. “We’ll lose about 0.35% of our potential business. We think that’s a small price to pay for being able to say we are the good guys, according to the U.S. Treasury... if I point my business toward Chinese pools, they might be doing business with those bad actors.”

Combined, DCMNA's two current members claim to make up almost 8 percent of the entire Bitcoin network’s hashrate. That's nothing to sniff at, and they're looking to swell their ranks with more miners willing to only process U.S. government-friendly transactions.
2  Bitcoin / Legal / Cryptocurrencies Face Greater Oversight Under Gensler-Led SEC on: January 18, 2021, 09:28:37 PM
President-elect Biden is expected to nominate Gary Gensler -- ex-banker and former CFTC chair -- to oversee the SEC later this month. What does that mean for us?

Apparently, it's being speculated that there will be a regulatory crackdown on exchanges. Gensler is known for pushing for investor protections and he has expressed the opinion in the past that exchanges like Coinbase should be regulated by the CFTC or SEC, rather than by the patchwork of state regulators currently overseeing them.

Is the crypto wild west finally coming to an end? Undecided

Some excerpts from Bloomberg:

Quote
Gary Gensler’s expected nomination to lead the U.S. Securities and Exchange Commission is seen ushering in an era of greater federal oversight of the $1 trillion cryptocurrency market.

Gensler, who most recently taught about cryptocurrencies and their underlying technologies at the Massachusetts Institute of Technology, previously chaired the Commodity Futures Trading Commission and was a partner at Goldman Sachs Group Inc. He is known for pushing back at banks and corporations in search of greater investor protections.

In talks and editorials over the last several years, he’s advocated for a nationwide way to register and monitor cryptocurrency exchanges, instead of leaving oversight to the states. That could have implications for online exchanges like Coinbase Global Inc., which is planning to go public.

The SEC going after Ripple may just be the beginning. It could be a year filled with lawsuits against token issuers:

Quote
He has also long railed against illegal offerings of securities, which the SEC has been actively pursuing. In December, the agency filed a lawsuit against Ripple Labs Inc. for issuing more than $1 billion in unregistered tokens XRP. In a 2019 keynote at Harvard Law School, Gensler said “I don’t think the SEC is going to leave many ICOs off the hook.”

In his 2019 Congressional testimony, Gensler appeared to favor projects like Facebook-led Diem, which used to be called Libra -- an effort to create a cryptocurrency for payments. But he did suggest that the effort may need to have banking regulations applied to it.

“Gary is extremely dialed-in on the crypto markets and understands them extremely well,” said Nic Carter, co-founder of researcher Coin Metrics. “If his stated views are any indication of his priorities as commissioner, I would expect the SEC to continue with or even accelerate its agenda of discouraging unregulated securities issuance in the form of tokens.”
3  Bitcoin / Legal / Class-action lawsuits filed against 11 Bitcoin/cryptocurrency companies on: April 04, 2020, 08:13:01 PM
The same litigation firm behind the Bitfinex market manipulation lawsuit and the Kleiman suit against Craig Wright is at it again.

They just named Binance, BitMEX, Block.One (EOS), TRON, Civic, and several others in lawsuits filed in the Southern District of New York:

Quote
They all allege that the token issuers took advantage of the market’s lack of understanding and awareness of how cryptocurrencies worked. And they sold these illegal securities to US citizens.

The suits assert that the companies pitched their tokens as utilities, which did not need to be registered as securities. Many of the companies compared their tokens to Bitcoin and Ether (the native token of Ethereum), which do not need to be registered as securities. It wasn’t apparent to the investors that these tokens needed to be registered with the SEC, the lawsuits claim.

I always knew lawsuits like this were coming for token issuers. I'm a little surprised to see BitMEX lumped in with the others for offering derivative markets.
4  Economy / Exchanges / Where is Binance located? Not Malta. on: February 21, 2020, 07:06:22 PM
Malta's financial regulator published a statement today stating they don't regulate Binance. They have not issued Binance the required license to operate in Malta, and are now assessing whether Binance is violating the Virtual Financial Assets Act:

Quote
Following a report in a section of the media referring to Binance as a “Malta-based cryptocurrency” company, the Malta Financial Services Authority (MFSA) reiterates that Binance is not authorised by the MFSA to operate in the crypto currency sphere and is therefore not subject to regulatory oversight by the MFSA. The Authority is however assessing if Binance has any activities in Malta which may not fall within the realm of regulatory oversight. Admission of virtual financial assets to trading and/or for offering virtual financial assets to the public in and from Malta requires an MFSA licence in terms of the Virtual Financial Assets Act (CAP 590) of 2018.

This comes as a shock since Malta was widely believed to be the location of Binance's headquarters.

Changpeng Zhao responded:

Quote
“There is a mix of truth, FUD & misconception. Binance.com is not headquartered or operated in Malta. This is old news & has always been the case, hence there is quite a bit of FUD turning this into a breaking story. The community’s comments show that understanding.”

Does anyone have any idea where they operate from, or where they hold any sort of legal registration?

Even the shady Seychelles exchanges can usually produce a registration number with a regulatory body. Binance seems to think they can dodge any and all regulatory oversight by spreading their infrastructure and personnel across multiple borders. That's an interesting position, legally.
5  Bitcoin / Hardware wallets / Ledger Nano X vs. Nano S on: January 14, 2020, 11:39:44 PM
I'm planning to purchase a Ledger to play around with. The only upgrades on the Nano X seem to be capacity (for running more altcoin apps on the same device) and Bluetooth capability. Is that correct?

$59 for the Nano S sounds more reasonable given the lack of new functionality on the Nano X. Are there any other considerations to make?
6  Economy / Exchanges / Poloniex revives unverified accounts on: December 21, 2019, 07:47:27 PM
This is a reversal from the norm: An exchange that previously mandated KYC is now allowing unverified accounts again.

Unverified Poloniex accounts can now withdraw up to $10,000 per day. Only an email address is required. I guess that's the payoff for moving to the Seychelles.

Quote
Our Level 1 account tier allows customers to access unlimited trading, unlimited deposits, and $10,000 per day in withdrawals simply by entering their email address and password and verifying their email.

PSA: Poloniex's taking money from its customers to cover its loss
7  Bitcoin / Press / [2019-10-18] Bitcoin Has Failed But Global Stablecoins a Threat, Say BIS and G7 on: October 18, 2019, 07:12:02 PM
The G7 and Bank for International Settlements took a jab at Bitcoin in their latest report, saying it has "so far failed to provide a reliable and attractive means of payment or store of value."

They seem much more concerned about oversight of stablecoins. The report seems like another nail in Libra's coffin.

Bitcoin and other early cryptocurrencies have failed as an “attractive means of payment or store of value,” says a new report from the G7 and Bank of International Settlements (BIS).

However, the October report, argues that widely adopted asset-pegged cryptocurrencies, or stablecoins, such as Libra are a growing threat to monetary policy, financial stability and competition.

Widely adopted stablecoins, dubbed “global stablecoins” in the report, have the potential to reach an international audience and have “significant adverse effects” on the current economic system, it argues.

Meanwhile, “[first generation cryptocurrencies like bitcoin] have suffered from highly volatile prices, limits to scalability, complicated user interfaces and issues in governance and regulation, among other challenges. Thus, cryptoassets have served more as a highly speculative asset class for certain investors and those engaged in illicit activities rather than as a means to make payments.”

Stablecoin taxonomy – defined as a money equivalent, contractual or property claim, or right against an issuer for an asset – will remain a preeminent legal question for the time being, the report continues. The effects of stablecoins on incumbent money systems such as wire transfers have yet to be fully understood as well.

While stablecoins may offer faster, cheaper and more inclusive payments, they can “only be realized if significant risks are addressed.”

In a footnote, the G7 report says the Swiss Financial Market Supervisory Authority’s (FINMA) handling of the Libra Association, which falls under the regulator’s purview in Geneva, agrees with the G7’s stablecoin recommendations.
8  Economy / Services / Avatar and Personal Text available for rent on: October 09, 2019, 04:18:09 AM
I'm looking to rent my avatar and personal text space. I can also include the "website" space on my profile page.

Terms:
  • Bitcoin payments only
  • Upfront payment or escrow preferred
  • Any agreement reached can be terminated by either party at any time

Please PM me with any offers.
9  Economy / Exchanges / Edge Wallet Partners With Bity to Offer Non-KYC Fiat Exchanges on: October 03, 2019, 07:01:36 AM
This seems like a great option for European bitcoiners. No yanks allowed, unfortunately.

Edge (formerly Airbitz) just started offering the ability to buy or sell up to 5,000 Swiss francs worth of bitcoins per day without KYC. The only condition is access to the SEPA system.

Quote
“Bity has a long experience which dates back to 2014 in providing bitcoin exchange services in the Swiss regulated environment,” Bity CEO Alexis Roussel told Bitcoin Magazine. “Swiss law allows for small amounts to be exchanged without mandatory KYC, by providing ownership proof on the receiving address. At Bity, we believe access to KYC-less exchanges, in small amounts, is key to the upcoming mass-adoption.”

In Edge’s efforts to strike a privacy balance, Puey told Bitcoin Magazine that transactions are “private in the sense that Bity can see the public address and may be able to do blockchain analysis afterwards. Other than that, they don’t see any sensitive personal information like a driver’s license, a passport, address or social security number.

It's not anonymous since each exchange is linked to a bank account, but it's pretty cool that people can do this without any documents at all. Anyone tried it?

Source: Edge Wallet Partners With Bity to Offer Non-KYC Fiat Exchanges
10  Economy / Service Discussion / BitPay -- KYC is here! on: August 06, 2019, 09:43:57 PM
I made a BitPay merchant payment just now. Before I could reach the invoice, the following prompt popped up:



As I had feared, KYC is coming to BitPay. I'm not sure if this is a direct response to the FATF travel rule or not, but it's certainly possible. It looks like they're getting ready for full compliance.

Most payments won't trigger KYC yet. For now, these are the thresholds:

Quote
We are introducing a new identity verification flow for purchasers requesting refunds of $1,000 or more*1, for people receiving BitPay payouts, or for purchasers paying $3,000*1 or more to BitPay merchants (or loading via a BitPay prepaid product).

1 These thresholds for high-value verified payments, refunds, and payouts are subject to change, and we will announce any changes to BitPay Dashboard users.

When national laws are passed to incorporate the FATF travel rule, we might see that $3,000 threshold lowered to $1,000. I also wonder if they'll be aggregating multiple purchases together over time to trigger the threshold. If that happens, no more using the BitPay wallet to buy Amazon gift cards. Off to Bitrefill in that case.
11  Bitcoin / Press / [2019-07-11] Trump apparently knows what Bitcoin is, and he doesn’t like it on: July 12, 2019, 01:54:39 AM
Trump is tweeting about Bitcoin -- and Facebook's Libra -- and apparently isn't a fan of either one. About 1.5 hours ago, he published this series of tweets:

Quote
I am not a fan of Bitcoin and other Cryptocurrencies, which are not money, and whose value is highly volatile and based on thin air. Unregulated Crypto Assets can facilitate unlawful behavior, including drug trade and other illegal activity....

....Similarly, Facebook Libra’s “virtual currency” will have little standing or dependability. If Facebook and other companies want to become a bank, they must seek a new Banking Charter and become subject to all Banking Regulations, just like other Banks, both National...

...and International. We have only one real currency in the USA, and it is stronger than ever, both dependable and reliable. It is by far the most dominant currency anywhere in the World, and it will always stay that way. It is called the United States Dollar!

Link to tweet: https://twitter.com/realDonaldTrump/status/1149472282584072192
Link to story from The Verge: https://www.theverge.com/2019/7/11/20691188/president-donald-trump-bitcoin-cryptocurrency-facebook-libra

The whole Libra thing is beginning to feel like a Trojan horse. Congress immediately used it as a pretense for cryptocurrency regulation. Now Trump is signalling that he might support a clampdown as well.
12  Bitcoin / Press / [2019-06-11] Crypto Exchanges Are Facing Their Biggest Regulatory Hurdle Yet on: June 13, 2019, 09:59:38 PM
The FATF is planning to publish guidelines for cryptocurrency oversight on June 21st. This is notable because the G20 has affirmed its intention to enforce these guidelines in their own countries. The guidelines will apparently require exchanges to move beyond customer KYC and begin collecting information about the recipients of withdrawn funds.

Countries that don't comply by forcing these rules upon exchanges can be blacklisted by the FATF, essentially turning them into banking pariahs.

Bloomberg reports:

Quote
On June 21, the Financial Action Task Force -- a multi-government effort that develops recommendations for combating money laundering and financing of terrorism that’s followed by about 200 countries including the U.S. -- will publish a note to clarify how participating nations should oversee virtual assets, FATF spokeswoman Alexandra Wijmenga-Daniel said in an email. The new rules will apply to businesses working with tokens and cryptocurrencies, such as exchanges and custodians and crypto hedge funds.

Much depends on how the rules -- long governing traditional bank wire transfers -- will be interpreted and applied by country-specific regulators, but they are “one of the biggest threats to crypto today,” Eric Turner, director of research at crypto researcher Messari Inc., said in an email. “Their recommendation could have a much larger impact than the SEC or any other regulator has had to date.”

Quote
The guidelines will require companies ranging from exchanges Coinbase Inc. and Kraken to asset manager Fidelity Investments to collect information about customers initiating transactions of over $1,000 or 1,000 euros, as well as details about the recipients of the funds, and to send that data to the recipient’s service provider along with each transaction.

While that may sound simple, compliance will be costly and technically difficult, said John Roth, chief compliance and ethics officer at Seattle-based exchange Bittrex, which has about $58 million in daily-trading volume. After all, wallet addresses on digital ledgers supporting cryptocurrencies are largely anonymous, so an exchange currently has no way of knowing who the recipient of the funds is.

“It’s either going to require a complete and fundamental restructuring of blockchain technology, or it’s going to require a global parallel system to be sort of constructed among the 200 or so exchanges in the world,” Roth said. “You can imagine difficulties in trying to build something like that.”

A handful of U.S. exchanges are discussing how to set up such a system, said Mary Beth Buchanan, general counsel at San Francisco-based Kraken, which does about $195 million in daily volume.

Quote
Just how soon these consequences start to hit home will depend on the individual agencies. Groups like the Financial Industry Regulatory Authority (FINRA) are expected to start to vigorously enforce the rules. Financial Crimes Enforcement Network (FinCEN) recently issued interpretive guidance that looks similar to those being considered by FATF. Some state agencies could follow suit, raising the risk that non-compliant businesses will lose money-transmitter licenses.

If a country doesn’t comply with FATF rules and is placed on its blacklist, “it can essentially lose access to the global financial system,” said Jesse Spiro, head of policy at crypto investigative firm Chainalysis Inc.

Link to the full article
13  Economy / Service Discussion / Reputable service selling gas cards for Bitcoin? on: December 26, 2018, 10:45:53 AM
Are there any reputable sites that sell gas station gift cards for BTC? Things like Shell or ExxonMobil gift cards. I don't see anything listed on eGifter or Gyft and I'm trying to avoid P2P trading due to the fraud risk.

Any ideas? Thanks!
14  Bitcoin / Press / [2018-12-19] Bitcoin Payment Processor OpenNode Gets $1.25M From Investors on: December 20, 2018, 09:05:26 AM
It's nice to see some new competition emerging to contend with Bitpay. They seem to have solid heads on their shoulders. Segwit-supporting, Lightning-integrated, and they plan to stay Bitcoin-only. The investor is Tim Draper, who I also think is pretty visionary.

Some excerpts from the article:

Quote
Bitcoin Payment Processor OpenNode Gets $1.25M From Investors

Bitcoin payment processor OpenNode has announced a seed investment round of $1.25 million with venture capitalist Tim Draper and early-stage investment firm Draper Associates.

Quote
"We were very selective with whom we chose to bring on as our investor. We are very excited to have Draper Associates on board because they share in our long-term vision of hyperbitcoinization. We plan on staying as a bitcoin-only payments platform, and Tim gets that."

For OpenNode, the growth has been steady and healthy despite the downturn in the market. According to Almeida, the continuous development of infrastructure from protocol developers would see the company grow even further.

"By 2019, we plan to be the leading bitcoin payments platform. Also, more importantly, we aim to push microtransactions onto gaming/streaming/content platform and create payment models never before possible."

OpenNode was founded in April 2018 as a payment processor that facilitates bitcoin payments for individuals and businesses. The processor supports bitcoin protocol implementations like SegWit and the Lightning Network, offering instant settlement of transactions with low fees.

Perhaps, one of the standout features of OpenNode is its integration with the Lightning Network, which has seen much integration from blockchain startups, since Lightning Labs launched the first beta release in March 2018.

Full article here.

Draper said on Twitter, "Finally!! Now you will be able to use bitcoin to buy Starbucks, Amazon.com, Teslas, houses, etc. Fast transactions!" Interesting...
15  Bitcoin / Press / [2018-12-12] Ranks of Crypto Users Swelled in 2018 Even as Bitcoin Tumbled on: December 14, 2018, 08:00:48 AM
In spite of the recent crash, some metrics from this year are looking pretty good. Amidst all the negativity about price, I was pleasantly surprised to discover this study which found that people are still rapidly joining the cryptocurrency space:

Quote
Ranks of Crypto Users Swelled in 2018 Even as Bitcoin Tumbled

It turns out that cryptocurrency enthusiasts were committed well beyond the HODL rallying call that urged them to hold on during this year’s digital-asset market collapse.

The number of verified users of cryptocurrencies almost doubled in the first three quarters of the year even as the market bellwether Bitcoin tumbled almost 80 percent, according to a study from the Cambridge Centre for Alternative Finance. Users climbed from 18 million to 35 million this year.

Users of Crypto Double Amidst Market Downturn

The figures may provide a silver lining. If user numbers continue to increase even in a deep market downturn, that could signal that an eventual recovery could be coming -- a crucial finding at a time when some critics predict that the value of cryptocurrencies will go down to zero.

Most users are likely still speculators and long-term investors. Due to the market volatility, cryptocurrencies are barely used in commerce.

"Conforming with popular narratives, survey data indicates that the majority of users – both established as well as new entrants – are individuals and not business clients," authors of the study said. "Individuals can be hobbyists, retail investors, consumers, or users seeking a better investment or payment alternative."

The number of crypto accounts increased as well, the study found. A single user can hold multiple accounts.

"Growth rates were at their highest in 2017, and the number of new user accounts as well as ID-verified users continued to rapidly grow in 2018 as well," the study said.

Source: https://www.bloomberg.com/news/articles/2018-12-12/ranks-of-crypto-users-swelled-in-2018-even-as-bitcoin-tumbled
16  Economy / Service Discussion / Bitpay and RBF on: April 09, 2018, 06:40:26 PM
Has anyone ever tried bumping their fee with RBF after paying a Bitpay invoice?

I imagine the transaction would be confirmed with a different hash than the one I paid the invoice with, so it might be a problem. I'm wondering for future reference because I just got caught in a lull with no blocks found for 30 minutes. I'm probably going to be delayed a few more blocks because of it. I just had to cheap out on fees, didn't I? Smiley
17  Economy / Service Discussion / Amazon GC no longer available through Gyft - Alternatives? on: April 06, 2018, 04:22:40 PM
Last night, I went to buy some Amazon gift cards with BTC on Gyft. They weren't available. I figured it was a temporary thing, an API issue or something, because that's happened before. But I emailed them about it and they responded, "Amazon is no longer available through Gyft." Undecided

Are there any similar alternatives? I really liked having a corporate reseller because you could always trust that their cards weren't fraudulent.

With P2P or things like Purse, fraud is really common, so I'm looking for a reputable reseller like Gyft.
18  Bitcoin / Press / [2018-03-20] Breaking the Ledger Security Model on: March 20, 2018, 07:42:22 PM
A security researcher just released a report detailing a set of attacks that exploit a vulnerability in Ledger hardware wallets.

He details multiple modes of attack -- including remote attacks, or ones that require physical access either before or after setup of the recovery seed. For example, supply chain attacks, where a dishonest vendor can modify the device before you physically receive it.

Personally, I've been skeptical of some of the bold assurances made by Ledger regarding key security. The author notes:

Quote
I chose to publish this report in lieu of receiving a bounty from Ledger, mainly because Eric Larchevêque, Ledger’s CEO, made some comments on Reddit which were fraught with technical inaccuracy. As a result of this I became concerned that this vulnerability would not be properly explained to customers.

Quote
Physical access before setup of the seed

Also known as a “supply chain attack”, this is the focus of this article. It does not require malware on the target computer, nor does it require the user to confirm any transactions. Despite claims otherwise, I have demonstrated this attack on a real Ledger Nano S. Furthermore, I sent the source code to Ledger a few months ago, so they could reproduce it.

As you can tell from the video above, it is trivial to perform a supply chain attack that modifies the generated recovery seed. Since all private keys are derived from the recovery seed, the attacker could steal any funds loaded onto the device.

Quote
Physical access after setup

This is commonly known as an “Evil Maid attack”. This attack would allow you to extract the PIN, recovery seed and any BIP-39 passphrases used, provided the device is used at least once after you attack it.

As before, this does not require malware on the computer, nor does it require the user to confirm any transactions. It simply requires an attacker to install a custom MCU firmware that can exfiltrate the private keys without the user’s knowledge, next time they use it.

Quote
Malware (with a hint of social engineering)

This attack would require the user to update the MCU firmware on an infected computer. This could be achieved by displaying an error message that asks the user to reconnect the device with the left button held down (to enter the MCU bootloader). Then the malware can update the MCU with malicious code, allowing the malware to take control of the trusted display and confirmation buttons on the device.

This attack becomes incredibly lucrative if used when a legitimate firmware update is released, as was the case two weeks ago.

He proceeds in some detail and outlines very simple versions of the attacks. I highly recommend reading the full article. But here are some more background tidbits:

Quote
While the software on the SE can be attested to, the MCU is a non-secure chip and (as we show below) its firmware can be replaced by an attacker.

And herein lies the problem: to achieve Ledger’s security guarantees, the chain of trust must be anchored in the SE. This means that the SE needs to verify the firmware on the MCU.

Quote
While I will focus on software tampering in this article, it’s important to note that, in the absence of a software vulnerability, you could still compromise the device by tampering with hardware.

It is incredibly important to note that, for these devices to be secure at all, you must completely verify the physical hardware.

Since neither the packaging nor the actual device are tamper-evident, it is trivial for an attacker to modify the device. I cannot repeat this enough: if you do not verify the physical hardware, it is game over.

You should also verify the hardware whenever someone could have had unauthorized access to it, otherwise you are vulnerable to Evil Maid attacks.

Ledger provides instructions to do this, but I will note two issues with them.

1) The pictures are of varying quality. Ledger needs to provide high resolution images that display every component clearly.

2) The reverse of the device is not displayed at all! It is essential that you verify the back of the device, especially since this is where the JTAG header (a debugging interface) for the MCU resides.

Even if these two issues are resolved, I would question how expensive it is to have one of the MCUs with additional flash memory, but identical pinout, to be re-labelled as an STM32F042K6.

Nevertheless, while it is important to touch on this topic, hardware tampering is not required for the attack I will describe in this article.

Quote
If we can modify the user interface, we can change the recovery seed that is generated during the onboarding process. This is quite easy since the user interface is open source and Ledger allows you (by design!) to install a modified UX application.

Under normal circumstances, the device would display a warning that the “User interface is not genuine”, which would be a red flag for any attentive user.

But recall that I promised that I would explain how controlling the display can backdoor the key generation? The reason this attack works is that we can simply hide the non-genuine UX warning.

For this demonstration, we’re not going to do anything sophisticated that a real attacker would do, such as generating a random-looking, yet entirely predictable, recovery seed.

We’re going to do something much more obvious.

If you’re well-versed in C, you’ll note that I’m replacing a syscall to the random number generator with a function call that sets all the entropy to zero. As you can see in the video at the start, it generates a recovery seed where the first 23 words are abandon (the last word is different because it is a checksum).

Since the private keys are derived from the recovery seed, if you control the recovery seed, you control all the Bitcoin addresses generated by the device.

If we put it all together, we get the following attack which I think is really neat.



Of course, since the SE believes the MCU is running genuine firmware, attestation still succeeds. And, as I mentioned earlier, no hardware tampering was required, which defeats Ledger’s security integrity verification.

Since the attacker controls the trusted display and hardware buttons, it is astonishingly difficult to detect and remove a well-written exploit from the device.

Quote
The problem with an architectural vulnerability like this is that it is challenging to fix without changing the architecture.

Ledger has employed multiple mitigations to try and prevent an attacker from exploiting this vulnerability.

First of all, the MCU firmware has been optimized and rearranged. Specifically, the firmware calls into functions in the bootloader instead of duplicating the functions. While this prevents this particular mode of attack, it’s important to be aware that there are other, more “creative” methods of attack that I know of, and probably some that I don’t know of.

Secondly, the SE now times the MCU when it asks it to send the flash contents. This is designed to prevent the use of compression algorithms. It is also supposed to prevent code being supplied by the computer over USB. I’m not sure how well it succeeds in doing the latter, due to the fact that the code can be kept in RAM.

However, it’s of note that the SE runs at up to 28 MHz yet the “adversary” (the MCU) runs at up to 80 MHz! This throws into question whether a slower chip can accurately time a faster chip to prevent it from doing extra things, especially given the slow UART communication.

Ledger refused to send me a release candidate, so I haven’t had an opportunity to verify how well these mitigations resolve the issue. But these raise an important question.

Is it truly possible to use a combination of timing and “difficult to compress” firmware to achieve security in this model?

Building secure systems using this model seems like an incredibly exciting research proposition and I think it’s interesting to see companies like Ledger pushing the envelope on this.

Read the full article here: https://saleemrashid.com/2018/03/20/breaking-ledger-security-model/
19  Bitcoin / Development & Technical Discussion / Quantum computing and Bitcoin's use of ECDSA on: March 13, 2018, 08:49:30 PM
I came across an interesting article by nopara73 (who works on HiddenWallet and TumbleBit stuff). He discusses when quantum computing will break elliptic curves:

Quote
Quote
The elliptic curve signature scheme used by Bitcoin is much more at risk, and could be completely broken by a quantum computer as early as 2027, by the most optimistic estimates.
The paper estimates the breakthrough to 2027 with a completely different method. I tend to think 2022–23 are the right numbers...

Quote
For Bulletproofs, what matters is the Shor RSA2048 line, which is predicted to be broken in 2022–23.

He concludes that since we don't expose Bitcoin public keys when transacting (only hashes of public keys), that our bitcoins are safe. That is:
Quote
Thus, as long as you don’t expose your public key, you don’t need to worry about quantum computers and the only way to expose your public key is to make a Bitcoin transaction. If you don’t reuse addresses you are quantum safe.

So, I have two questions.

1) Aside from the specific case of Pay-to-IP in earlier versions, is the above correct?
2) What is the general plan when ECDSA is broken? Hard fork to a new signature algorithm? Simply never reuse addresses?
20  Bitcoin / Development & Technical Discussion / Estimating Segwit transaction fees on: February 07, 2018, 11:57:44 PM
What do people use to estimate bech32 transaction fees? Electrum's fee estimation, as expected, drastically overpays. I also haven't wrapped my head around satoshis/bytes vs. satoshis/vbytes and how to figure out how much transaction size is allocated to witness data.

Usually I set very low fees since confirmation time isn't an issue. Recently, I needed to send some urgent transactions. I basically just eyeballed the Core next-block fee in satoshi/byte and reduced it by 25% to be on the safe side. Electrum told me the fee was low and to expect 25 blocks before confirmation.

But they were confirmed in the next block and I suspect I overpaid. Any ideas?
Pages: [1] 2 »
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!