Profile picture
Peter Todd @peterktodd
, 7 tweets, 2 min read Read on Twitter
The latest hoopla about the Bitcoin blockchain potentially containing small amounts of "illegal data", is a good opportunity for early career security researcher to write a tool to insert and retrieve arbitrary data from certificate transparency logs.

Easy w/ @letsencrypt
Most obvious way to do it is via the DNS name; more clever would be to encode data in the pubkey. Might be other fields as well that you can use.
If the relevant CT log authorities are crazy enough to delete the data (specifically, make it not available to the public), it immediately destroys the entire auditability of CT.

For CT this is actually an easily avoidable problem: they could have used a merklized k:v index.
W/ that design, you can selectively delete and only destroy the auditability of the CT chain for *some* domain names.
Other fun illegal data targets:

Tor consensus,
Git repository (can add hidden data to commits - how @opentimestamps works!),
Mailing lists (steganographically encode, so replies that quote your email are also "contaminated"),
PGP key servers/@KeybaseIO,
trusted setup ceremonies?
Even more:

Free media like photos, music, etc. that's likely to get Incorporated into other works (not a novel problem!),
Scientific observations (e.g. inject encoded noise into a radio astronomy telescope),
Public safety related radio (e.g. encoded noise on airline frequencies)
...and for bored billionaires: encode messages into stock market price movements. 😁

Or if you're Jewish, the weather - according to council member Trayon White. :/
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Peter Todd
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

More from @peterktodd see all

Profile picture
Message I got from Zooko re: their efforts to recover the missing Zcash trusted setup ceremony transcript.

Given there is a chance at a market moving hundreds of millions of dollars screw up, I don't want to be in possession of any insider info. So I'm making this transparent.
I'm disappointed that they have chosen to delay investigating this for months in an effort to release Sapling first rather than just being upfront about it.

github.com/zcash/mpc/issu…
Something a friend just sent me seconds ago: "Thanks for telling me early so I could move all my coins"

They're joking of course, but quite seriously this kind of insider trading thing is exactly why I don't want to be in possession of any insider info on this.r
Read 8 tweets
Profile picture
There's been some claims made recently that a compromise of the Zcash trusted setup can't compromise privacy.

I checked with one of the cryptographers working on zk-SNARKs, and these claims are false.

A compromised MPC absolutely can wreck privacy; Zooko needs to correct this.
The problem is that the final public parameters can be constructed in such a way that they do not protect privacy. Doing this correctly is the responsibility of the MPC coordinator; the Zcash daemon is unable to verify that the parameters are correctly constructed.
I raised this issue months ago and nothing was done. In fact, as of writing it's not possible to verify the MPC correctly generated public parameters as the necessary files are missing; a GitHub issue for this problem has been open for six months: github.com/zcash/mpc/issu…
Read 5 tweets
Profile picture
I hate dealing with infosec Twitter sometimes... I criticised calling Doom on a Bitfi that had been physically dismantled w/ circuit probes "hacking" - while carefully noting Bitfi did have issues.

What happens? Apparently one of them contacted a client of mine to bad mouth me.
Why is opening a device and playing Doom on it just a dumb stunt?

If you can open a device w/o the user noticing, you can also replace the hardware. And in particular, you can add a MITM *inside the device itself* between any secure element and the UI.
MITM the UI/UX and the security chip can't help you much: you might think you're authorizing a $10 payment to Alice, but the chip thinks you're trying to send $10,000 to Mallory.

Defeating this kind of attack requires tamper protection of *all* the hardware, not just one chip.
Read 11 tweets

Related threads

Profile picture
⚡1/44 THEY SAID IT WOULD FAIL ⚡

#Bitcoin's software has been running for 10 years…

That’s:
⚡87.6K hrs
⚡3.6K days
⚡370m TXs

To mark history, we’re launching our first interactive feature: #BitcoinAt10. The story of bitcoin, told by its builders: ow.ly/9d3a30nfAuG
2/44 #BITCOIN’S 7 MOST ICONIC MEMES

Magic Internet Money Wizard? Rollercoaster guy?

Take the red pill to explore CoinDesk’s list of the decade's best bitcoin #memes. (Or don't. Honey badger don't care...)

READ: ow.ly/Rs8e30nfu2g #BitcoinAt10
3/44 THE BEST #BITCOIN SLANG

Don’t let the bearwhale get you. HODL to ride out the Flippening...

Can't make sense of the sentence? We list the 12 best #crypto words of the decade. Think of it as yourr #hyperbitcoinization guide.

READ: ow.ly/uXHr30nfukc #BitcoinAt10
Read 44 tweets
Profile picture
0/ On a day that marked the 10th anniversary of the #Bitcoin #blockchain, the #crypto ecosystem has been ripe with updates and releases.

Below, I've pieced together a 15-part thread filled with developments from the past day or two. Hope it proves helpful!
1/⌛️ #Mimblewimble-based privacy #cryptocurrency BEAM (@BEAMprivacy) is scheduled to launch on mainnet today at 14:00 GMT!

The wait is over! Find out all about the release in the following announcement. medium.com/beam-mw/beam-t…
2/ 🗣️ @NEOErikZhang (Co-Founder & Core Developer, @NEO_Blockchain) shared that NEO's developers are on the verge of completing a slew of improvements re its dBFT consensus algorithm.

A release before next month's #NEOdevcon2019, perhaps?
Read 17 tweets
Profile picture
0/ Another doozy of a thread for you!

The past ~24hrs saw a great many #blockchain projects share development updates and partnership news. Amid this, the #crypto space was ripe with discussion on several topics.

On what, exactly? Well that's for you to find out 😉
1/ 🇺🇸 @AugurProject [ $REP ] - yeah, that #Ethereum-powered decentralized prediction market everyone wrote off post-#mainnet as quickly as @Novogratz revises a #bitcoin price forecast (😘) - well the #USmidterms have seemingly awoken punters from far and wide. Those numbers!
2/ 🔎 @adam3us's leading #bitcoin and #blockchain technology firm @Blockstream announced its new block explorer, blockstream.info.

Now, users can search and view specific data published in real-time to the Bitcoin #blockchain, Bitcoin #testnet and Liquid #sidechain. Neat!
Read 30 tweets
Profile picture
#Bitcoin is bigger than all the companies that try to capitalise on its #blockchain #technology.

#Bitcoin + #IoT + #DeepLearning will transform the global political & financial system without permission.

#blockchain #LightningNetwork #fintech #blockchain #disruptiveinnovation
#Decentralisation will take time.

#Bitcoin is decentralised although still attached to a centralised world.

⚠️ This is the alpha.
⚠️ #LightningNetwork is the beta.
If you want to change society you need to change the social paradigm, or offer an incentive greater than money to discourage greed. #bitcoin #LightningNetwork ⚡️
Read 10 tweets
Profile picture
What coin is better and would be bigger than bitcoin in the next 2 years . The thread starts here . Please retweet and the first post and follow to show appreciation
#Bitcoin #Ethereum #Litecoin
1. While the information presented in these tweets has been researched and is thought to be reasonable and accurate, any cryptocurrency investment is speculative in nature
2. No information, forward looking statements, or estimations presented herein represent any final determination on investment performance
I do not guarantee any rate of return or investment timeline based on the information presented herein.
Read 74 tweets
Profile picture
THREAD: Ready to get mindblown by #Bitcoin #CORE implementations and progress?

Volunteers around the world gather and cumulate tons of hours from the best minds on this planet about the topic. This is a gift, an invention made to humanity.
Forget about 2nd layer, it's already and way too mainstream as I recently stated.

Yet, welcome now to the "in between layers": "The new layer can be seen as a channel factory"

bitcoinmagazine.com/articles/new-s…
Now Smart contracts.

You tought #Bitcoin was dumb? First and foremost, you were wrong because $BTC has smart contracts *since the inception*: multisign and lately get timelocks (led to LN).

If you didn't know that, admit you're never really been interested in Bitcoin or lured?
Read 35 tweets

Trending hashtags

#ethics #dApps #Inclusive #ThePatriotTimes #BancorX #LightningNetwork #Bitcoin #conscience #AI #cryptotwitter #Darknet #startups #mainnet #eth #flippening #testnet #Bezant #PIVX #bitcoin #UFC232 #Mimblewimble #Assange #ven #RICOs #economy

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member and get exclusive features!

Premium member ($3.00/month or $30.00/year)

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!