tlsnotary - cryptographic proof of fiat transfer for p2p exchanges

[waxwing]

The latest alpha release of the tlsnotary software has just been updated by dansmith and can be found at https://github.com/themighty1/tlsnotary/releases.

A few points about the current state:
We have been able to build binaries for MacOS, and indeed run tlsnotary, but there are some technical problems. We'll keep you updated on that. (Edit: Mac OS is now available - ignore the 'Tor Browser' branding; it is not a Tor Browser; we just reused parts of their build process).

The binaries are built using gitian and should therefore be reproducible. See the folder data/gitian for details.

For those running typical Ubuntu installs (and possibly other Linux distros), you may find that there are problems if your version of tshark is 1.6.7 (as it is by default in some cases, even if you do sudo apt-get install tshark). You should upgrade to tshark 1.10. Ask here if that proves difficult.

To test the basic functionality, run in 'self-test mode'. This will start both an auditor and an auditee running on your machine. Pay attention to the instructions in the status bar. Press 'Record' to audit a single page (Edit: button is now 'Audit this page'). You can do this multiple times to get multiple pages audited. At the end, press 'Stop', which will complete the audit by sending the evidence to the 'auditor' (in this case, yourself).

For real time support, you will usually find us hanging out on #bitsquare.io (temporary change of name) on freenode.
Or ask here if you prefer.

[1714025819]

1714025819

[1714025819]

1714025819

[oakpacific]

New update, now supporting custmoized IRC server/channel used for auditing information exchange, download with git clone https://github.com/themighty1/tlsnotary

[oakpacific]

We are actively looking for testers! Please, if you want to join, and help creating a future where people can trade and use bitcoins without being subjected to the whim of the banks, come to talk to us on #bitsquare.io on freenode, or ask here.

[kolinko]

hi everyone, oakpacific told me to drop by and talk about distributed oracles.

We just published this whitepaper a few hours ago
http://github.com/orisi/wiki/wiki/Orisi-White-Paper
and we'll have an implementation ready of it tomorrow.

The idea behind Orisi is that there can be a set of independent oracles locking the funds until some external condition occurs. So it's something similar to what you guys need to have done.

Perhaps you can get some cool things out of our whitepaper, or even fork our solution and just attach your verdict module?
Feel free to ask me any questions, although I'll be going to bed any moment now (Europe, midnight, long day)

[waxwing]

see below

[waxwing]

Commentary/update (refer to (EDIT: paper is now at https://github.com/tlsnotary/tlsnotary/blob/master/data/documentation/TLSNotary.pdf?raw=true) for technical details):

So the last few weeks have been focused on patching what was, although practically very implausible, a theoretically important weakness in the design that we had been working on. That's why I killed the earlier doc and video links.

You can see a reference to it in the discussion on the thread back in February - does the fact that the client doesn't check the server mac during the (very brief) audit connection matter? Basically, yes it does - TLS provides authentication, and that mac check is the cornerstone of the authentication. It might be crazily difficult, but in principle someone might be able to alter the traffic in a malicious way.

So this hole has been patched (credit to dansmith for the main idea to solve it), and as described in the abstract of the document in the previous post, we have now fully reinstated the TLS security model, modulo a reduction in the entropy of the secret.

How is it done? The client (the auditee) makes a request to the server using the tlsnotary special sauce negotiated premaster secret, but at that point doesn't know the server mac secret/key. When the server sends the response back, the client effectively hits 'pause' and doesn't decrypt this traffic. The client/auditee sends a hash of the traffic (i.e. a commitment) to the auditor, who only then sends to the client/auditee the required secret data to reconstruct the server mac secret. At this point the client has the entire master secret for the session and can safely decrypt. They could even render it in the browser safely, although for other reasons we set it up so the client only looks at the raw html of what's being audited (just that one page).

All this shenanigans does not impact the user experience really (or at least, not more than it did before) - the user just sees a page reload taking a few seconds extra (and there are info messages in the status bar telling them what's going on in the mean time).

Some extra modifications have been done, importantly RSA encryption of the peer to peer messaging has been implemented.

As it stands, everything is badly in need of more eyes on it. I am much happier (see underlined above) and I have tested all this stuff to death, but the usefulness of that is limited beyond a certain point.

If anyone has questions about where to find stuff, please ask me.

[waxwing]

Introductory video for tlsnotary: https://www.youtube.com/watch?v=kKdEhuiXYz4&list=PLnSCooZY6_w9j5tQ8jAeZtrl9l4NnL48G&index=3 (EDIT: updated link, new Intro video - also algorithm video in the same playlist)

(re-shared after some updates and checks).

[oakpacific]

The newest location for downloading https://github.com/tlsnotary/tlsnotary.

THe software now is near feature-complete, but in order to test its compatibility with the large number of banks out there, we need testers! Please, if you want to help freeing Bitcoin from the harassment of the banks, come and talk to us.

E-mail: tlsnotarygroup-at-gmail.com

Freenode IRC: #bitsquare.io

[yakov]

I've just read this entire thread. It looks great.

Is this project still going?

[waxwing]

Hi yakov,
Yeah, it's still going

We'd like people to try it out, as it's basically a finished product now (famous last words )

Ideally if we could get a good group of people (we don't need hundreds or thousands, just 'some' is fine) that could give it a try, then we could iron out any bugs and also get good feedback on what proportion of websites it works OK with (from extensive automated testing, it works with the vast majority of https pages, but certain dynamic features in some websites might stop it working in the way you want).

Installing it is very easy nowadays compared to what it was. Just have Firefox, have Python, and it should run out of the box.

I've tried to put tons of explanatory information in the README on the main page: https://github.com/tlsnotary/tlsnotary . So anybody new to the project, start reading there.

Thanks.

[hgt]

I hope I'll be forgiven if this is a question that has already been answered:

What if the "auditor" is an undercover cop and you're in a jurisdiction where this is illegal (surely everywhere once they find out about it)? Since the auditor can see your bank statement then he can see your account name and number and thus identify you. Is there provision for obfuscating that information?

[marcus_of_augustus]

... and you're in a jurisdiction where this is illegal (surely everywhere once they find out about it)?

Why would this be so? Surely they could not make it illegal to secure your own end of a data connection in which ever way you see fit?

It doesn't penetrate the corresponding party's system and it abides by the established secure connection protocol offered.

[hgt]

... and you're in a jurisdiction where this is illegal (surely everywhere once they find out about it)?

Why would this be so?

Because they make the rules and they will change them to prohibit whatever they don't like. Witness the fact that we have statutes prohibiting "money laundering" and "structuring" - legal concepts that were invented in the last twenty years.

Even if they didn't act immediately, the banks would amend their TOS to disallow it, until the government caught up (but they're almost the same thing).

It's absolutely certain.

The only way to avoid such an outcome for the individual client is to prevent his real-world identification by the auditor. The client has to remain pseudonymous. If you have to trust the auditor then what have you accomplished with all the rest of the trustless technology?

[oakpacific]

... and you're in a jurisdiction where this is illegal (surely everywhere once they find out about it)?

Why would this be so?

Because they make the rules and they will change them to prohibit whatever they don't like. Witness the fact that we have statutes prohibiting "money laundering" and "structuring" - legal concepts that were invented in the last twenty years.

Even if they didn't act immediately, the banks would amend their TOS to disallow it, until the government caught up (but they're almost the same thing).

It's absolutely certain.

The only way to avoid such an outcome for the individual client is to prevent his real-world identification by the auditor. The client has to remain pseudonymous. If you have to trust the auditor then what have you accomplished with all the rest of the trustless technology?

Hello hgt, at this moment, what you have to rely on, is the good-old rep/rating system, much like, you know, how they did in online black markets to counter Sybil attack.

We do expand serious effort to come up with something that can allow an auditee to have only the part of his statement that is strictly necessary (i.e., the amount and the destination account) to be verified by the auditor to be authenticated(which we call the "dark mode" in a tongue-in-cheek way), in the end we prove it's somehow theoretically not impossible, but is rather tricky would require quite a lot of developmental effort. Also note that the 'dark mode' still can't protect the identity of the seller, which is inevitable as the auditor has to make sure the money goes to the right account.

The good news is that I believe we are definitely not on the radar of the agencies, if we ever become so popular to draw their attention , we will certainly invest much more effort into the anonymity protection.

Thank you for your question!

[hgt]

Hi Oakpacific! Thanks very much for your thoughtul response.

Ratings will mitigate the problem of bad actors in the same way that ratings mitigate centralized monetary exchanges and markets.

Consider the late Sheep market as a perfect example of the latter.

An evil operator will patiently build reputation while fulfilling his role faithfully, all the while getting bigger and bigger, and then one day take everything and wipe his clients out.

In the case of an evil auditor (whether private or state) and auditees that are de-anonymized to him, he will patiently collect real-life identities until a huge database is amassed. Then one day there are sudden and co-ordinated mass arrests.

"Under the radar" is a silly idea. You think LE isn't already monitoring a big site such as this?

[waxwing]

I hope I'll be forgiven if this is a question that has already been answered:

What if the "auditor" is an undercover cop and you're in a jurisdiction where this is illegal (surely everywhere once they find out about it)? Since the auditor can see your bank statement then he can see your account name and number and thus identify you. Is there provision for obfuscating that information?

Another thing to reflect on: I (like millions of people around the world) have had occasion in the past to *print* my bank statement - including the account name and number and the balance, and monthly transactions, and present it to a local bureaucratic office to "prove" my savings/income. This was done without my bank's permission.

Is tlsnotary really so different to that, in terms of privacy and permission? It *is* different in one very important sense - it's *actual* proof, not pretend proof!

[hgt]

Hi Waxwing! Yes, your comparison is very reasonable.

But we're not discussing a reasonable adversary, but one who uses armed force to gain economic advantage and who adjusts the rules to suit its goals.

tlsnotary will be construed as something like wire-tapping and conspiracy to commit fraud (after all, the bank, who is one party to the communication, has not consented to the use of tlsnotary). I'm not calling it that; I'm saying that they'll apply some such label. And if the statutes as they stand are not sufficient then they'll change them to make their case stick.

But if they can't identify the participants because they remain pseudonymous then the statutes are moot.

[waxwing]

hgt,
Yes I fully understand what you're saying. I did want to start from the most important basis though - that it's not different from existing audit mechanisms in terms of privacy and permission.

I share the same perspective as you that, given the Bank Secrecy Act, 'structuring' and so on, we live in a world where if those in power decide that they don't want something, it can be declared illegal at any time  - because terrorism, because child porn, whatever, and logic be damned.

But I'm not sure the risk that you highlighted is the most important one to focus on. It's true that having an auditor not know any transaction details is preferable, but we are talking about manual audits here because we cannot automate the interpretation of bank transaction pages for all banks, which means that at the very minimum the auditor *must* know the account number and bank, IF an audit takes place. So currently the situation is : your counterparty *always* knows your bank identity (account number), your auditor knows it only if there is an audit, which will of course be all the rarer because it's impossible to fake the result.

It is very likely that an auditor will need to have significant community reputation to operate. There's nothing intrinsic in this software deciding how auditors get setup - there could be thousands, there could be just one. I personally like the design of having a large pool which gets chosen from in an unpredictable way to minimise collusion/bad actor risk, but this is a matter of considerable debate in groups like TLSNotary, bitsquare, openbazaar etc.

An automated auditor - running on an 'oracle' - is a nice concept, which we've already played around with. But (a) not sure the technology is really ready for it and (b) it would need perfectly predictable parsing of transaction records. Could work with one fixed fiat payment method perhaps (assuming you can set up an oracle!)

[hgt]

Thanks for the clarification.

[dexX7]

This is jaw-dropping!

I successfully self-tested myself on a few websites and I'm especially amazed, because the whole process (or the part that I saw until now) was straight forward and without unexpected behavior or any other obstacles.