Are governments deliberately poisoning the cryptographic/cryptocurrency well?
Introduction
I will try to keep this brief. It is a complex subject and I will apologise in advance as it is not my area of scientific expertise so unlike medical sciences I am merely a fascinated layman.
I know we probably have at least a few people on here who will be well versed in the mathematics of cryptographic technique and I would be grateful for your input on this matter.
I was inspired to write this today by reading an article on Ars Techica. I would highly recommend reading it:
"NSA could put undetectable “trapdoors” in millions of crypto keys" - Ars Technica.
I think it raises some important questions about government activity that many of us may often wonder about, particularly within cryptocurrencies where we tend to be of a more libertarian (small government) mindset or even a fully anarchistic mindset.
That said, please take this post with the colloquial "pinch of salt". I don't want people to get too alarmed. I just think we need to think about such things and be vigilant.
I will apologise in advance for my stupidity and ignorance. There will also be kittens at the end as always.
The gist of the article
The article covers how researchers have devised a way to create backdoors in encryption methods (Diffie-Hellman in this case) that are virtually impossible to detect.
From what I understand a lot of encryption methods make use of very large prime numbers to carry out calculations which are prohibitively difficult (computationally) to solve.
The researchers were able to create primes with properties which made them easier to derive. As the article states:
" The researchers were able to break one of these weakened 1,024-bit primes in slightly more than two months using an academic computing cluster of 2,000 to 3,000 CPUs."
If researchers were able to do this it is a safe bet in my opinion that government agencies already know of this and have technology in place that allows them to do this much more rapidly and efficiently.
What takes the researchers 2 months may take hours or even minutes for the government with their computational resources.
Is the government putting out compromised primes already?
It is a really clever idea if you think about it.
It is the equivalent of one side in a war giving the other side equipment that allows them to evesdrop on what they are doing without them even realising it.
If you can compromise the communications of "the enemy" then you can potentially win the war before it even starts.
Poisoning the cryptographic well
Government agencies or private companies may be putting out a combination of compromised cryptography resources for us to use and integrate into our software.
This could take several forms by putting out the following types of resources:
1)Lists of compromised primes as described in the article.
2)Encryption methods/protocols that have a specific fatal flaw that is not readily apparent or publicly known they use an example known as Dual_EC_DRBG.
3)Random number generators/sources that are not fully random.
4)Other encryption resources, tools or software which may be backdoored to allow snooping by the right organisation.
The government would obviously not be open about doing this and some of these resources could be being put out covertly by companies acting as a "front" for the real source.
Is open source software a good place to hide exploits?
Further if I was the head of one of these agencies I would also be seeding this kind of material in open source software.
The open source movement is central to a lot of software development these days and there is kind of an attitude amongst the public at least that it is must be trustworthy.
It is developed by large groups of people but there is no centralised way of vetting who is actually working on the software or what their motivations are.
It could literally be anyone.
One would hope that with multiple people working on it any comporomises would be discovered and brought to light but who knows for sure?
If it was found it could just be called a flaw or a bug and patched. If not then I (as the government) would have a secret weapon that nobody else knew about.
Are we putting too much trust in the safety of open source?
Can we be sure that open source resources are clean and not being gamed by security agencies using these methods?
Cryptocurrencies and government agencies
This brings me to the issue of cryptocurrencies.
They are based on the whole in the principle of computationally expensive cryptography: -
Is it possible that something like bitcoin itself could have been compromised in this way?
One would hope that if it was, someone would have spotted it by now, - given all the very intelligent people who are constantly reviewing the code etc. but exploits are missed all the time.
You can never be sure to catch everything.
Was Satoshi a government agent?
My point is we don't know who Satoshi is or was. One of the theories was that he may have been a group within a security agency such as the NSA.
What if this was true and they had built in some almost invisble method that allowed them to manipulate the blockchain to their own ends?
- For example something that was so computationally expensive to the average user that they could never hope to break it or even consider it a problem but that could be broken easily with state resources.
You could get the very people who are against big government to buy into a new type of money/currency without even knowing that it was a government scheme.
I suppose the question would be to what ends?
My guess would be to have some means of manipulating global markets (assuming bitcoin got to a reserve currency type level).
It could certainly be considered a matter of national security and could also be used as an economic weapon against foreign powers at that stage.
Do we need to be paranoid of both people and resources?
Obviously the code is now open source but as I stated earlier we don't know exactly who has their hands in the open source code.
With government resources you could easily hire anyone you wanted to work on the code.
If money didn't work you could use your powers to compel people who might not even want to help you to get on board.
They are already spying on us all the time (as Snowden revealed) and could certainly find ways to apply pressure to people in order to get them to bend to their will.
With enough knowledge you could compromise anyone.
For all we know some of the most public developers in the bitcoin community who profess to be in favour of liberty may in fact be in the pockets of the very governments whose oppression they claim to be fighting.
I think we need to be aware that infiltration is an ancient human tactic and there may well be people that we think are on our side fighting for liberty who may be the metaphorical "snakes in the grass".
Paranoia is not necessarily a good thing but there is nothing wrong with vigilance and caution.
Does this have implications for other cyptocurrencies like Steem too?
I'm not sure - I will leave that to those who are more knowledgeable of specific cases to do this.
It is an interesting question though - could for example the DAO hacker have been a government agent who had infiltrated the ethereum community and was ordered to carry out the hack as a form of sabotage?
Perhaps the government/large corporations saw the momentum and public enthusiasm generated and decided to nip it in the bud.
It is certainly not something I consider to be beyond their ethics or their means.
Conclusions
As I said previously I don't mean to be alarmist. I think it is sensible to be cautious and vigilant of the possiblities.
Further like I said I am not a cryptographer. I am also not a programmer.
I am, however, aware that arrogance and extreme belief in one's own knowledge, abilities and expertise has been the downfall of many people throughout history.
Thinking you are smarter than everyone else and can't fail is an idea that inevitably leads to failure.
Just look at the recent example of the DAO. All the pronouncements and hubris that related to that now look like a joke.
It would be even more ironic if it was carried out by someone internally who was a government agent or someone whom they had compromised.
We need to be vigilant to all threats as a community. We must also work together to fight them.
The world is changing fast and it is unlikely that the old vested interests will let go of their power and control of us too easily.
Anyway please let me know what you think.
Am I getting the wrong end of the stick and being overly paranoid and alarmist despite my intentions?
As one of my old teacher used to say "a little knowledge is a dangerous thing". Perhaps that is the case here so I will apologise in advance if that is so.
Thank you for reading. I will apologise in advance for any typographical errors I may have missed.
The Obligatory Kitten Photo:
If you like my work and aren't already, please follow me and check out my blog (I mainly discuss photography but I do other topics too) - @thecryptofiend
Image Credits: All images are from my own personal Thinkstock account.
Some of my Previous Posts and Tutorials:
- Does your urine look like COCA COLA? - GO STRAIGHT TO HOSPITAL - Rhabdomyolysis
- Steemit4free - An idea for a library of free images for Steemit reuse
- Will AI and Robotics Create a New Form of Slavery? (Part 2 - Humans as Slaves of the AI)
- A Thousand Paper Cranes - the Insanity of War and My Trip to Hiroshima (with my personal travel photos)
- Will AI and Robotics Create a New Form of Slavery? (Part 1 - Humans as Masters)
I really think that it's sure possible considering government involvement in PGP and unix networx early on , just before the WWW was born etc but for the sake of blockchain prosperity and my belief in the concept and how much reactionary good it can do for our future world, especia;;y in maintaining the balance of the force along with all the other great growth intechnologies and discovering knowledge. It is very cool this whole crypto-wave of difference being implemented into our new society in allowing more solidarity to freedom and supportive to integrating like minded people on a scale to meet and balance with the crazy growth of exponential human ' progress'? Finding steemit community to me was agreat feeling of my mind agreeing with what future prospect of being involved with people and thinking with diversity means. Cheers for the story being great little kick of the memory banks that anything is possible. The governments must be freaking out I hope so ti awesome to have more tools to rattle the system. Crypto currency is at least making big differences and i hope it is here for pure longevity !! nice post fiend
Hihi, thanks for the cat photo :D I tried reading this, and understanding it but unfortunately I lost the clue around paragraph 3
I hope there are more super-smart guys at the 'good' side and that they feel the need to help us understand and explain and protect the ones like me online on steemit etc. Protecting with general guidelines on how to deal with privacy and cryptocurrency.
I mean everyone has their own field and mine is more artistic that understanding this 'stuff' :D
I don't have the background to comment on the technical details of cryptography and related security details. However, I haved learned enough from published accounts of the DAO exploit to believe that this particular "hack" had nothing to do with compromised private keys or weaknesses in the underlying blockchain security layer. The hacker was able to exploit a logical error in the "smart" contract in the DAO, and found a way to execute code in a way that sent him/her/them DAO tokens in strict accordance with the terms of the contract. Obviously, not the intent of the code designers and writers (unless it was an inside job), but the hacker was strictly "playing by the rules" of the system as it was manifested. The reaction of the Ethereum developers was, in effect, a bailout reminiscent of the fiat money "to big to fail" mentality. The whole fiasco might have been avoided if these design concepts had been perfected at a manageable scale and not allowed to grow into a $150 million experiment with other peoples money. The loses were averted for DAO token holders, but have been significant for the Ethereum stakeholders and developers, and this will continue into the future.
I think you missed the point of what I was talking about when I mentioned the DAO. I was talking about human infiltration of the community.
What if the reason he/she (the hacker) knew the code so well was because he/she was an insider and further it was at the behest of a government who felt that the DAO was getting too big?
That is the more important point in relation to this.
@thecryptofiend
If you ask me, i wouldn't be surprised in Satoshi Nakamoto is the US goverment itself. After the collapse they knew a new system had to be implemented. In 3 months, it popped. Coincidence they said. Well, maybe so.
Lets entertain the scenario that a goverment organisation introduced the blockchain technologies through bitcoin as beta version, a test drive. Now every single goverment slowly moves from FIAT to blockchain technologies. 5 miners in china "mysteriously" control 85% of all Bitcoins, while 95% don't have more than 10BTC. Sounds to me much like the current system considering how many millions where also seized left and right (with keys and all). Another "mystery".
If I was the goverment I would want something fixed. The blockchain is perfect. The blockchain is FOREVER. every record. every transaction. Many people think cryptos are liberating but they forget that once in the blockchain, always in the blockchain. If you get into a U.S blockchain then you are not getting out. That's like every statist's wet dream. Absolute control fo the masses.
Decentralised my ass. It is an illusion. It is absolute control for the fork master who doesn't care who to control specifically other than control the entire system where everyone falls under the same umbrella. Here is where I think most libertarians, anarchists and the like are massively naive. With fake passports, fake ID's, bugs in the servers you can still erase your identity. You can still slip through the cracks if you try hard enough. The blockchain is like Hotel California. You can join anytime you like but you can never leave.
I guess some where "hating" the "corrupted" system so much they jumbed into the next ship without second thought. No wonder most people in crypto are tinfoiled morons. I own crypto. I have been a fan since 2012 but never once did i let myself go that I was the smart while the system were the idiots. I knew that maybe I was walking into a trap. Still don't know where truth lies. I don't think we will ever find out.
__ i wouldn't be surprised in Satoshi Nakamoto is the US government itself.__
I would.
(see my remarks regarding government)
I know a guy who knows a guy who claims to have been involved in the creation of the first crypto-currencies.
Six degrees of separation and all that.
Definitely NOT government types.
I would disagree. There is no way of knowing for sure though.
I agree. I'd be incredibly surprised.
Thanks for a great response. I think it is entirely possible. I hope you are wrong though! My hope is that cryptocurrencies can change the established order it would be tragic not to mention ironic if it ended up that they were created by those same power structures that have always controlled us.
This assumes that it can be decrypted. Even in such a case, it's rate of growth makes it prohibitively expensive to do so on a meaningful scale. The government would never create something that could potentially destroy banks. They are owned by the banks, which someone like you would surely realize.
Prohibitively expensive as far as we know. Government agencies have resources we do not have. The US government black budget is huge.
I obviously can't speak to any proof of this nor against it.
What I can say is that there have been people/groups in power for thousands of years and they are ALWAYS scheming new ways to keep and get MORE power.
I would say this is far less paranoia and to think this was not possible would be more like being delusional.
Unfortunately there is VERY LITTLE that you can trust/count on or that is honorable going on in this world, especially anything on a big scale. A few individuals here and there, the rest is a huge power game.
Stay Vigilant!
Thanks I always stay vigilant:)
Great!
I will follow your continued vigilance!
Thanks. I hope I am vigilant enough:)
I hope so too, the world is full of danger!
Blessings on the way~*~
Exactly. Thank you:)
Yikes, well if that's not enough to kick my paranoia into high gear, I don't know what will!
I think it's only natural to be suspicious of governmental interference, especially since the crypto community attracts people with the types of philosophies that centralized governments routinely classify as "problematic." Libertarians, anarchists, voluntaryists - these are all trigger words for ending up on governmental shit lists, so if you do refer to yourself as one (or even if you simply frequent places that there are high concentrations of these words) you're going to attract the attention of your Friendly Neighborhood Surveillance Program to make sure you're not plotting to mix up some ANFO in your basement and take out the local Piggly Wiggly.
The problem is that none of us here are into that. We all just want to be left the hell alone for the most part. The more you struggle to claim your privacy, the more the government thinks you have something to hide, and the more they get invested in developing new technologies to circumvent any security measures you've developed to preserve that privacy.
That's why the idea that governments are considering the implementation of backdoors into crypto keys isn't just tinfoil-hat territory. You don't have to be David Icke and think that Queen Elizabeth is a reptilian invader to think your government has a vested interest in spying on you. It probably helps, though.
Lol yes! I think sadly privacy is dying and most of the kids these days don't even know what it is. There seems to be this idea that if you want privacy you must be doing something wrong which is insane.
Privacy is dying so fast it is beyond stunning. The most paranoid and careful privacy obsessed person today cannot achieve 1% of the privacy of a normal citizen of 100 years ago. And that is assuming that person is still living outside of the growing network of facial recognition.
I don't know if anyone else has noticed this issue but I'm not able to access the html version of my post right now or when I was writing it - that's why I couldn't use my normal formatting - anyone else having this issue?
Yes I tried posting this afternoon and I couldn't use (the raw html editor) to center my images.
Strange. I wonder if it is an update?
Yes unfortunately it is that way for everyone now since the update.
And of course as per their usual horrible PR and Customer Service said nothing about it nor provide any information/help whatsoever. hahahahahahahaha
Lucky for them almost everyone who actively uses Steemit is somewhat smart and tech savvy.
As do I!
I wish they would improve that though.
Yep it has been a problem for me since last night ...
Im just here for the kitten =). Really interesting ideas tho. Imho we all could be taking part in an massive experiment creating the basis of the cashless society. With shady alphabets exploiting our own greed to build and user test blockchain tech.
Thanks yes it possible. I hope not though.
Aw man, haters gonna hate, but these sneaky government types threaten all of us.
I don't think you're overly paranoid to consider these things and raise these questions.
I agree the problem is that governments now see their own citizens as enemies and potential threats. Unrestrained power and over reach is a big problem.
Why is it that the more of a threat a government is that more they fear others threatening them?
Perhaps it a function of fear. If you think you are always under threat you might become more aggressive.
Yeah, I suppose that happens to both sides...
For the truly paranoid among us (to a degree, I include myself in that description), you are likely to either enjoy or be terrified by this bit of crypto arcana still able to be dredged out of "The Wayback Machine."
I, unfortunately, am also one not deep enough into math or crypto to provide an informed analysis of Mr. Douglass' work that is archived there, but if you're reading this post and tracking the comments with interest, you are very likely to find "The CryptoMaverick's" book "SOME THOUGHTS ON "SECURE CODES" AND OTHER MUSINGS" of considerable interest.
The book is available online there in the archive, with the exception of a chapter that would have made it a violation of ITAR.
If I have time one day, I may do a post on this... Follow me, just in case I do? ;)
Thanks for the recommendation. OK I will follow you in case you do lol:)
Thanks for the vote of confidence! ;)
This is a really fascinating topic; I've been researching and working with crypto, specifically Vernam Ciphers a.k.a. One Time Pads, since first reading about them in a Scientific American article from May 1973.