26/11/19 A state-owned quantum computer could break blockchains in as little as three years
A commercially viable quantum computer is still probably a decade away but the first rudimentary, state-owned device capable of breaking common public key encryption algorithms like RSA and elliptic curve cryptography could be with us much sooner. Such a device would undoubtedly be clunky and challenging to apply to real-world problems, but not impossible given sufficient resources. And there’s a huge incentive for winning this race: whichever state manages to crack public key encryption will be “master of the world”, according to Andersen Cheng, CEO of London-based cryptography firm Post Quantum.
Among the early targets for decryption, after sensitive government documents, password caches and financial communications, will likely be bitcoin and other cryptocurrencies. That’s because the security of blockchains like bitcoin and ethereum depends on an Elliptic Curve Digital Signature Algorithm (ECDSA). The public key generated using ECSDA is used with a hashing algorithm to create the public address for sending and receiving the coin, while the corresponding private key is employed to sign digital transactions to verify that the originator of the transaction is genuine.
Blockchain pioneers like Ethereum’s Vitalik Buterin previously downplayed the quantum threat, while others stated that the hashing function was sufficient to make transactions quantum-safe, but this is only part of the picture, said Cheng. The problem does not lie with the hashing algorithm or people stealing your private key from your cryptocurrency wallet, he said, rather it’s the weakness of the signature scheme which could allow a quantum computer operator to spoof the user by forging their signature.
“Once people know your ciphertext they can start playing with it, then they can replicate your private key they can start signing transactions pretending they are you,” said Cheng. “Trust is destroyed and that would be the end of cryptocurrencies”.
It would not be impossible, given sufficient resources, to rewrite a blockchain using quantum-safe algorithms, but Cheng said he wasn’t aware of any such scheme currenlty operational. In any case, many cryptocurrencies have more pressing security issues, including the ability of staff within exchanges and other intermediaries to copy keys.
“You can have your secure pipe and rewrite your protocol, but you still need the other bells and whistles to have an end-to-end secure flow from the wallet to the custodian to the recipient,” Cheng said.
“And also the custodians have an insider threat problem, regardless of whether it’s quantum or not, because a lot of them are not huge operations, they have a lot of manual processing within the custodian company itself, and a lot of people can see all the keys in the clear.”
As for which government will be the first to build a usable device capable of cracking common asymmetric cryptography algorithms, the jury’s out. China’s Alibaba announced a $15 billion R&D programme in 2017 and Tencent is also known to be heavily invested. Meanwhile, the US is active in the private sector but less so in the public. The UK is also a quantum heavyweight, but Cheng bemoaned this country’s failure to support its innovators. Whoever achieves it first – and it could be within as little as three years according to Cheng – don’t expect to learn about it in the news.
“All of a sudden, if I can crack the transmission between the US and UK governments or between an investment bank and its client, I can always make my billions. So it’s in my interest to keep quiet.”
16/09/2019 ICOs are not dead, but they’re certainly changing says Diacle
Initial coin offerings (ICOs) revolutionised the way that software projects, particularly decentralised projects with an internal currency, could raise funds. No more did developers have to go cap in hand to venture capitalists, losing some control of their project in return for much-needed cash. Instead they could list their cryptotoken on an exchange and whoever wanted to buy it could; and for a few heady years millions of people did.
Sadly but inevitably, though, along with the easy money came the scammers and the chancers, and when the crypto tide went out in 2018, many projects were revealed to have been swimming naked. Following a few high-profile losses regulators also began to take an interest in what had hitherto been a Wild West free-for-all and more than a few projects found themselves on the wrong side of the law. As a result there are far fewer ICOs these days. Blockchain research company Inwara estimates a 72 per cent drop in the number ICO launches between Q2 2018 and Q1 2019.
So is this innovative fundraising mechanism dead? Not a bit of it says Adam Vaziri, CEO of Diacle, a London-based blockchain consultancy that advises projects and investors on legal issues; but it is certainly changing.
One development is the IEO, or Initial Exchange Offering. This is where a cryptocurrency exchange administers the fundraising effort on behalf of a project (and takes a cut, naturally).
“ICOs are alive and kicking they are just finding traction now as IEOs where the exchange takes on some of the due diligence risks and ensures there is immediate liquidity for the asset,” Vaziri explained. The exchange will also help with the marketing efforts and take care of some of the compliance burdens.
Another change is the arrival of Security Token Offerings (STOs). Security tokens are representations of an asset such as a share, a bond or a right of ownership that are stored on a blockchain as a ‘digital twin’. They may also be a regulated digital asset that’s created directly on the blockchain (see the Santander story below). Security tokens bring the world of cryptocurrencies closer to that of regular investors.
“Legally speaking the token is typically categorised as a unit in a collective investment scheme, in other words, a fund, or a derivative contract or a trust instrument,” said Vaziri.
Since, security tokens are programmable smart contracts, compliance can be hardcoded in. Another advantage is that they can be traded at anytime from anywhere in the world.
Nevertheless, IEOs and security tokens are in their infancy and software projects and investors still face many challenges with regard to trust, risk and regulations. Diacle, which recently received funding from investment platform BnkToTheFuture, has helped with the legal aspects of a number of cryptocurrency launches, and Vaziri said there are number of gotchas to watch out for. For investors AML/KYC (Anti Money-Laundering/Know Your Customer) rules and suitability tests are a sticking point, he said. Meanwhile startups need to be properly prepared for all the steps in a launch.
“For projects it is the expense and resources involved in preparing a prospectus, having it approved by a regulator and dealing with various brokers to distribute their investment opportunity,” he explained. “Capital formation for startups is still wrought with barriers and localised regulations. Today startups are global and their supporters are too, but access to those early opportunities is not easy.”
Vaziri continued: “The ICO invented globalised crowdfunding, but it will take an industry working together to be able to offer the same for security tokens at the same scale.”
Until then, with the days of easy money seemingly over, projects need to focus on the basics.
“Anyone looking to raise funds needs to think of how credible they are, the timing of the product, the conditions in the market, their most feasible investor profile. Traction is key too. A lot of startups don’t execute as well as they imagine – so a background of delivering results is critical for inspiring supporters.”
13/09/2019 Santander unveils $20 million bond that lives on the Ethereum blockchain
The Santander Banking Group has long been a keen experimenter with blockchain technologies, seeing the potential to automate many of the processes required to verify and guarantee financial transactions.
In 2018 it launched a blockchain-based foreign exchange service for international money transfers, including an app called One Pay FX, and now it has announced a bond that runs entirely on the Ethereum public blockchain.
The $20 million one-year bond, which will only exist on the blockchain, is a fixed income security that pays 1.89 per cent per quarter. So far it is an internal affair: Banco Santander issued the bond, it was tokenised by Santander Securities Services which is in charge of the cryptographic keys, and Santander Corporate and Investment Banking (CIB) acted as a dealer. However, the bank is hailing the new bond as a “milestone” because of its end-to-end nature. No part of its management, including the payouts, takes place outside of the blockchain, and the bond is ‘permissioned’, despite being on a public blockchain.
“Thanks to this automation, the one-year maturity bond has reduced the number of intermediaries required in the process, making the transaction faster, more efficient and simpler,” Santander says in a press release.
Santander CIB is now looking “to engage with our most innovative clients” to move the project into production.
The project was developed in part by London-based Nivuara, a fintech startup that has been working on blockchain-based solutions for issuing of bonds, derivatives, and equities. Earlier this year Nivuara attracted funding from a group led by the London Stock Exchange Group which included Santander.
Next page: Agoric’s interoparable blockchains; Zilliqa’s smart contracts; Berners-Lee’s Solid is missing a trick; Bluzelle takes aim at Redis; Microsoft’s blockchain-based decentralised identity system; Facebook and PayPal announce blockchain investments; Facebook and PayPal announce further investments; JP Morgan bets on blockchain