The article minus links.
Despite the fact that the website
www.cryptobang.com is no longer on the web we have strong intentions for this information to spread further across the internet. Knowledge must be available to everyone. Neither NSA, nor CIA, nor any government must influence the information flow.
We sincerely hope and believe that the information will not just vanish from this website. We would like to extend our invitation to an open dialogue.
http://web.archive.org/web/20141106091836/http://www.cryptobang.com/2014/10/05/what-nsa-created-cryptonote-for/A few months have gone by since Edward Snowden started telling the world about the National Security Agency’s mass surveillance of global communications. A mass hysteria that ensued in the wake of his revelations had brought a justified wrath by users on such high-tech giants as Facebook and Apple. There is a point of view that cryptocurrency Bitcoin, which has experienced sudden growth in terms of usage and value, is a project run by the US National Security Agency. It’s hard to believe but apparently NSA possesses groundbreaking capabilities in terms of obtaining any kind of information in any point in time. So the idea may not seem as farfetched as it sounds.
Given its alleged use in drug trafficking, money laundering, terrorist financing and other anti-social activities, a number of countries across the world strongly suggest against using or relying on the decentralized money. But where the underlying idea of cryptocurrencies comes from and who’s the true inventor of blockchain based coins? The first efforts at ecash algorithms started as far back as 1998 and not without funding from the US government. Also, Tor (software for enabling online anonymity) is a product of collaboration by NSA and DARPA intended initially for protecting government communications. It was sometime later that NSA begun tapping into traffic to and from the directory servers used by Tor to scoop up the IP addresses of people who visited it. Some experts suggest that Bitcoin was intended to be the same kind of Trojan horse that Tor had turned out to be. The two of them would have made a perfect combination of eavesdropping tools. But since the collapse of Silk Road (online market operated as a Tor hidden service) where Bitcoin has become the preferred payment method for much of the online underground, the ensuing arrests of its users became a clear evidence of blockchain analysis being a perfect tool for identifying Bitcoin wallet holders.
Some renowned cybercrime experts began to suspect the existence of backdoors in Bitcoin as far as 2012. For instance, Dorit Ron and Adi Shamir published their famous paper ‘Quantitative analysis of the full bitcoin transaction graph’ in 2012 causing quite a turmoil in the Bitcoin community. If we look at the charts from
https://blockchain.info/ focusing on the time frame within which the paper got published we will see a rapid increase in number of transactions with transaction volume remaining unchanged i.e. the average size of a transaction became smaller. This can only indicate one thing; the users carrying out transactions with substantial amounts of bitcoins for questionable purposes became disillusioned with the currency and moved on to more sophisticated schemes that would allow them to avoid government agencies oversight. Meanwhile tech-savvy community members set about making new anonymous cryptocurrencies like AnonCoin or ZeroCash along with mixing services (sharedcoin and coinjoin).
Obviously NSA was able to grasp the repercussions of losing control over the digital currencies. To tighten grip over illicit financial flows they had to come up with an alternative to discredited Bitcoin. That is when CryptoNote enters the picture.
CryptoNote technology employs an extremely sophisticated cryptology that boggles the minds of everyone but the brightest scientist like Adam Back and Greg Maxwell. The founders of CN prefer to keep their names secret and that constitutes another mystery. Don’t they want recognition for their achievement? Or maybe they simply are not allowed to name themselves. After all, all the top notch cryptographers, to whom CN team could easily be attributed to, are either on the NSA watch list or have graduated from their IA programs.
Perhaps the name of the CN whitepaper author was supposed to tell us something. Nicolas van Saberhagen is a rare name that is hardly ever mentioned anywhere on the Internet. An attentive reader could pick out letters NSA in the name but that as well could be mere wishful thinking.
Having been completely mystified with CryptoNote and its first implementation Bytecoin, me and a few of my fellow researchers looked at the technical aspects of the CN technology and were able to identify a number of puzzling clues.
To begin with, a renowned cryptographer and mathematician Daniel J. Bernstein in his observation of elliptic curve, which is the core concept of the CN technology, states that signature generation algorithm should use a deterministic random (
http://ed25519.cr.yp.to/ ). This method eliminates the dependency on random generation derived from external events. Also external libraries become unnecessary. But for some inexplicable reason, CryptoNote employs the same elliptic curve and matches it with nondeterministic random through the random_scalar function. random_scalar is used for signature generation within the code whereby the random function becomes linked with external libraries which in turn leads to possible vulnerabilities.
(
http://ed25519.cr.yp.to/) Bernstein writes: “Foolproof session keys. Signatures are generated deterministically; key generation consumes new randomness but new signatures do not. This is not only a speed feature but also a security feature, directly relevant to the recent collapse of the Sony PlayStation 3 security system.” — The abovementioned clearly states the necessity of deterministic random; however CryptoNote opted in a potentially unsound scheme.
It’s been reported that one of the most frequently used randomization libraries Dual_EC_DRBG was implanted with a backdoor. This particular insight was provided by Edward Snowden. But whether there are more libraries with NSA implanted vulnerabilities remains unknown.
It is likely that CN developers deliberately neglected the Bernstein’s rationale in order to make the backdoor possible. By inferring malice aforethought on the CN developer’s part we may as well call them crooks. The vulnerability is exploited by allowing to whoever has the knowledge to recover users’ private keys thereby de-anonymizing them through ring signature and key image compromisation. Since the core user base of anonymous cryptocurrencies is likely to be individuals or entities aiming to hide, launder or transfer illicit funds, the abovementioned vulnerability may provide NSA with a tool to uncover their identities. According to some indisputable evidence, at least one CryptoNote based currency had been in circulation on deeb web before certain events made it go public. CryptoNote reappeared on Clearnet some time before Snowden’s shocking revelations got published in The Guardian newspaper. Exactly what use CryptoNote had been put to on deep web is not that hard to guess. Since NSA is able to tap into its network, the illicit transactions made with CN based currencies yielded all the necessary information on the parties involved.
According to Snowden’s disclosures, NSA has been purposely implanting backdoors in cryptographic protocols in order to gain access to users’ private data: link
We have also found one confounding detail about Keccak.
NIST (National Institute of Standards and Technology) has selected Keccak as the winner of the SHA-3 hash function competition: link
NIST is a long-standing partner of NSA and the chances are that Keccak has intentionally been made defective. Experts suggest that Keccak based systems are susceptible to NSA attacks: link
CryptoNote has adopted a significant part of its cryptography from Keccak. Moreover, every single candidate in SHA-3 hash function competition who made it to the final round (link) had been used as building blocks of CryptoNote hash function. What made us wonder is that Keccak was the last on that list. Now if you look at this chronologically, CryptoNote was officially announced in july 2012 and the competition winner became known in october of the same year which makes us assume that CN (or whoever controls it) somehow knew the results before they were even announced. And that may be seen as clear indication of NSA involvement in CN project.
The NSA goal, from a February 2012 document, as confirmed by Snowden, released on November 22, 2013, is to extract all data on “anyone, anytime, anywhere” by influencing (corrupting) the “global encryption market. – link
1996 NSA report surfaced, ‘predicting’ a crypto-cyber unit eerily close to Bitcoin (link) However, upon closer inspection it turns out that the crypto-cyber unit described by NSA is more akin to CryptoNote than Bitcoin. Section 2.3 (3 Untraceable Electronic Payments) outlines the necessity of using blind signatures in order to achieve anonymity. But this feature wasn’t implemented in Bitcoin. The CryptoNote technology, on the other hand, presupposes the use of ring signatures which are analogue of blind signatures in p2p currencies.
Besides, initially itcoin was supposed to maintain the egalitarian principle where 1 CPU = 1 Vote. As the user base grew it became obvious that Bitcoin could be mined with GPUs and ASICs that are capable of substantially higher hash power. Subsequent wide-scale proliferation of ASICs rendered NSA incapable of controlling the vast network of Bitcoin. CryptoNote, as opposed to Bitcoin, doesn’t give an edge to GPU mining therefore NSA can be in control of the network at any time. Moreover, NSA is capable of crashing any CN coin’s network at almost negligible cost.
We spent quite some time recovering all these pieces of data. Having weaved together enough technical proofs arguing in favor of NSA theory of CN origination we leave it up to you to make sense out of it. Meanwhile lets turn to more trivial things. For starters, there are scores of CN based coins but what purpose do they serve since there is hardly any service that accommodates them apart from exchanges? It’s very likely that these coins are being used on deep web chiefly for purchases of illegal articles. Another option would be money laundering and sponsoring of illicit activities. Bytecoin in that respect is the most likely candidate. It is by far the oldest CN based coin with proven track record of deep web exposure. Since CN coins are easily converted in fiat they can be put to any use imaginable, starting with financing the US-supported insurgency groups scattered across the world or even legalizing profits from international drug trade. One way or another, deep web is routinely monitored by NSA and it has been proved by multiple backdoors in Tor.
Whatever the case with CryptoNote, the Heartbleed bug that caused the disruption in the Tor network for several days along with loss of users private keys should not be forgotten. The possible involvement of NSA in creation of CN and collaboration with its developers leaves the door open for all sorts of security vulnerabilities. So if you are a CN user, be vigilant and keep track of your transactions, however secured and anonymous they are, because you never know who might be watching.
