Symposium on Post-Bitcoin Cryptocurrencies

I am at the Symposium on Post-Bitcoin Cryptocurrencies in Vienna and will try to liveblog the talks in follow-ups to this post.

The introduction was by Bernhard Haslhofer of AIT, who maintains the graphsense.info toolkit and runs the Titanium project on bitcoin forensics jointly with Rainer Boehme of Innsbruck. Rainer then presented an economic analysis arguing that criminal transactions were pretty well the only logical app for bitcoin as it’s permissionless and trustless; if you have access to the courts then there are better ways of doing things. However in the post-bitcoin world of ICOs and smart contracts, it’s not just the anti-money-laundering agencies who need to understand cryptocurrency but the securities regulators and the tax collectors. Yet there is a real policy tension. Governments hype blockchains; Austria uses them to auction sovereign bonds. Yet the only way in for the citizen is through the swamp. How can the swamp be drained?

3 thoughts on “Symposium on Post-Bitcoin Cryptocurrencies

  1. Sarah Meiklejohn wrote the seminal paper on blockchain forensics six years ago; she interacted manually with 20-25 addresses on Silk Road, from which ground truth her clustering algorithms were able to identify about 200,000 more Silk Road addresses. The same happened with Mt. Gox. Her techniques were then commercialised by Quantabytes, Elliptic and Chainalysis, and used in the indictment of the Silk Road operator Ross Ulbricht. She has recently been working on privacy-enhanced cryptocurrencies such as zcash. Zcash adds a shielded pool within which transactions are cryptographically masked; but the amounts paid into and out of the pool are visible and tied to the pseudonyms that sent or received them. Shoe found that only 15% of transactions use the pool, so the anonymity set size isn’t in general large enough. Deposits and withdrawals almost mirror each other; it seems that people use the pool as a laundromat rather than somewhere to store value. The main trick is to match value in with value out. There are also custom heuristics based on the behaviour of both miners and founders which further shrink the anonymity set. Her detailed analysis is here. In questions, she noted that the only way to interact with the pool at present is a command-line interface, which would intimidate most users.

    Malte Möser has been studying the anonymity of Monero, which uses one-time (‘stealth’) addresses, hidden value and obfuscated payment flows. Hidden values prevent the kind of attack Sarah just described, and payments are obfuscated by using ring signatures to prove that you own one of N coins you point to on the blockchain. However using it carelessly can undermine anonymity; for example if you point to a genuine coin 2 days old and to random coins that are 3 months and 2 years old, then an analyst can conclude that the recent coin was probably the one you actually spent. This enabled him to de-anonymise 80% of transactions up till April 2017; since then Monero has been working on fixing this, but timing attacks still work. There have been several Monero forks, and they also undermine privacy; so do sudden volume changes such as the late 2016 spike when AlphaBay started accepting Monero. And it’s hard to patch a broken system; bitcoin maybe wasn’t the best place to start.

    Michael Fröwis has been investigating how bitcoin forensic techniques go across to ethereum. In bitcoin the key is the graph of transactions; address graphs are less useful and tracking entities requires clustering techniques. Ethereum is much more like a bank accounts and balances, so the address graph is key. Accounts can be controlled externally or by code; the latter are used for all sorts of apps. There are about 200,000 token systems currently deployed on the ethereum blockchain, so it’s easy enough to use; the 600 most-used tokens have a market cap of €28bn which is more than the underlying ethereum platform. The complexity for transaction tracing is that you need to look at all the token systems to see if Alice is transacting with Bob; the ether flows alone give a quite incomplete picture. Identifying the purpose of token systems automatically is a research challenge; from a technical perspective it’s a bit like malware classification. In conclusion, privacy was not a primary design goal of ethereum, which defaults to one account per person; but while tracking ether flows is easy, the token systems built out of ether are different, and we lack the tools to do anything useful. At present ethereum isn’t the money launderers’ first choice, but there’s enough other criminality there (from Ponzi schemes to ICOs) that regulators, law enforcement and researchers should pay attention. In questions, he remarked that if token developers implement the ERC20 standard properly then payments can be tracked, but some don’t and others might not do it right whether by accident or design.

  2. Daniel Arce is a game theorist who works on terrorism, and wonders whether any of the lessons might go across to crypto-criminality. When the US database of stolen travel documents was augmented by an Interpol one (MIND/FIND) to which 40 countries contributed, the number of hits increased from 298 to 1249; although not designed for terrorism, only 0.29% of the hits would have to be terrorists to justify the entire MIND/FIND budget. The second key point is that the Financial Activities Task Force (FATF) is the key player in terrorist financing and anti-money-laundering; we should enforce its fourth CTF requirement (prompt reporting of suspicious transactions) and its seventh (identifying payers). FATF is a network of institutions involved in peer review of compliance.

    Paulina Jo Pesch is an IT lawyer at Karlsruhe. In the classic view of cryptocurrency there are no gatekeepers; anyone can create accounts and everyone verifies transactions. An initial legal analysis of this is that public blockchain data are often personal, as people are identifiable using available side information; there are many deficits, ranging from lack of transparency, lack of identifiable and responsible controllers, no chance of rectification or erasure, and the failure to minimise data. We also need a legal basis for the use of blockchain analytics in criminal investigations; is it enough to rely on general clauses in criminal legal codes? Your mileage may vary. She discussed some possible problems with investigating ransomware and with the latest AML directive, EU 2018/843. Transaction blacklisting is one approach that could be compatible with human rights.

    I was last, talking about the regulatory issues raised by our paper Bitcoin Redux and the recommendations we made in it.

  3. I thought I might add a note on a discussion over coffee afterwards with various researchers from Germany and Austria. One expressed some surprise that, despite my long history of lobbying against controls on cryptography, I should be arguing for controls on cryptocurrency. The simple answer is that I’m not arguing for controls on crypto; that’s the wrong place in the stack for regulators to intervene. Crypto is used to hold all sorts of products and services together; in Ron Rivest’s neat analogy, it’s like duct tape. I am not arguing that we should stop people developing crypto software and using it to support peer-to-peer payments, like bitcoin seven years ago.

    What I am arguing for is controls on crooked banks. I have spent even longer investigating frauds against bank customers, in many of which the bank is either negligent or even tacitly collusive. If someone sets up a banking business then they should not get away with defrauding their customers or helping others to do so, regardless of whether their business involves cryptography (as all retail bank operations now do) – or even whether some of the the currencies and other assets in which it deals are cryptocurrencies or tokens based on them. History has taught us over many years that banks often go bad; the temptations are just so great. That’s why we need to regulate them. Allowing a shadow banking system to arise in the form of a network of bitcoin exchanges providing unregulated payments services based on off-chain payments, and promoting unlicensed securities and futures businesses through ICOs and ethereum-based smart contracts, is reckless. This should be clear to anyone with even a passing knowledge of both banking and cryptography. It’s a shame that our bank regulators are shying away from enforcing the laws they are paid to enforce out of the fear of being accused of being technophobic. The role of academics and other knowledgeable commentators is to explain what’s going on and thus law the groundwork for regulators to do what’s needed once the political will is there. It’s a pity that it will probably take a crash in which a lot of people get hurt before that happens.

Leave a Reply to Ross Anderson Cancel reply

Your email address will not be published.