In their paper, Making Bitcoin Legal Ross Anderson, Ilia Shumailov, and Mansor Ahmed discuss a new technique for tracking stolen bitcoin. Here, I discuss some highlights from their paper and some implications for the Steem block chain.
Introduction
This week, renowned computer security expert, Bruce Schneier, linked from his own blog post, Tracing Stolen Bitcoin, to an interesting paper. The paper is Making Bitcoin Legal, by Ross Anderson, Ilia Shumailov and Mansoor Ahmed from the Cambridge University Computer Laboratory. He also links to Ross Anderson's blog post with the same title as Schneier's. That, in turn, links to this Youtube video that you may enjoy:
In the paper, blog post, and video, the authors describe the current state of the art on tracing stolen bitcoin, describe some problems with existing methods, and they propose a new method -- based on 19th century English law -- that looks to be a substantial improvement over existing techniques. They also announce the upcoming release of open source software that will implement their proposal.
In the following sections of this blog post, I will discuss the state of the art, as conveyed in the paper, I will then move on to describing the authors' proposal, and finally, I will imagine how the same concept could be applied in the Steem ecosystem.
Section 1: The state of the art
Image source: pixabay.com, License: CC0, Public Domain
Image source: pixabay.com, License: CC0, Public DomainAccording to these authors, the state of the art on tracing stolen bitcoin (taint tracking) is to use either poison or haircut.
With poison, the algorithm follows the tainted coins, and adds "taint" to transactions in which they are used. Thus, if 3 tainted bitcoins are used in a transaction with 7 "clean" ones, the tainted ones are considered to poison the whole batch, and all 10 become tainted. An obvious problem with this would seem to be that the number of tainted coins is constantly expanding, even if the number of thefts is not.
In contrast, with haircut, a transaction involving 3 tainted bitcoins and 7 clean ones smears the taint around, and results in 10 bitcoins that are each 30% tainted. This doesn't suffer from the same defect as poison, but it has the problem that the taint gets distributed widely very quickly.
The authors found an 1816 precedent from English law, "Clayton's case", where a judge had to solve the problem of sorting out good and bad transactions after a bank failure. The judge ruled that the transactions had to be dealt with in a "first in first out" (FIFO) ordering. FIFO is something that computer scientists are very familiar with, so the authors decided to apply the algorithm to bitcoin and see what happened.
Section 2: The new contribution - FIFO
Image source: pixabay.com, License: CC0, Public Domain
Image source: pixabay.com, License: CC0, Public DomainThe really interesting is that the authors found that the FIFO algorithm offered much more precision for taint tracking. For example,
The 2012 theft of 46,653 bitcoin from Linode tainted 2,694,051 addresses, or almost 5% of the total, using the haircut algorithm, while with FIFO, it’s 371,544 or just over 0.67%
and
Overall, most bitcoin accounts have zero taint using FIFO, while less than 24% escape taint if we use a haircut approach.
According to the paper, this tracking method is even resistant to attempts at anonymization via coin mixing.
What this all shows is that tracking stolen bitcoin actually is feasible, at least in principle. This, in turn, could have sweeping legal implications, which I suggest that you read in the paper. For my purposes here, it means that the victim of a bitcoin theft could now track their bitcoins to a regulated entity, such as an exchange, and hold that party liable in the courts for trafficking in stolen bitcoin.
The authors go on to introduce the concept of a taintchain, their open source software that publicly lists the tainted coins on the bitcoin block chain. They further note that due to the wide variety of jurisdictions, it would actually be necessary to maintain numerous taint chain instances - each implementing the rules of a particular country or jurisdiction.
What I got to wondering is, how could this concept be applied to Steem?
Section 3: Applying taintchain logic to Steem
Image source: pixabay.com, License: CC0, Public Domain
Image source: pixabay.com, License: CC0, Public DomainWhen I signed up for steemit, I linked from my Facebook account to my steemit introduction post. This validated me as the owner of my account. This validation demonstrates that pretty much all of my current holdings are untainted. What if I went on a 6 month hiatus, and someone - say @badguy666 - managed to power everything down and send it to himself.
After 6 months, it would be too late for me to recover my keys, but if the FIFO taint tracking method were adopted, I'd still be able to use the legal system to track and recover my missing Steem. To take a simplistic example, suppose that @badguy666 has 100 untainted Steem in his wallet when he receives my 10 stolen Steem. Under this convention, for the first 100 Steem that he spends after receiving my tainted Steem, his transactions are considered clean. For the next 10 Steem, however, all transactions are using tainted Steem.
According to Anderson et al., it is a long standing principle of law that, "Nobody can give what isn’t theirs" (Nemo Dat Quod Non Habet). So under this convention, those tainted transactions would be considered to be illegitimate. Eventually, when the tokens reach an exchange, I would be able to sue to get my 10 Steem returned to me (sorry @blocktrades ; -). Of course, this would mean that exchanges would stop accepting tainted coins, which would also mean that everyone would need to keep track of taint in order to avoid being left as a bag-holder with a wallet-full of unspendable Steem.
A really interesting part of this is that it can even be applied, retroactively, to funds that were stolen some time ago.
Conclusion
I'll be honest, I'm not entirely sure how much I like this capability. The ability to recover stolen bitcoin would be nice, but it comes at the cost that neither Bitcoin nor Steem nor any other block chain where this is possible is fungible, and I'm sure that I haven't thought through anywhere near all of the implications. Regardless, it's now too late to put the genie back in the lamp, so people are probably going to have to figure out how to harness the good aspects and minimize the bad ones.
I will close by quoting the closing paragraph from Anderson et al.
In short, we might be able to turn a rather dangerous system into a much safer one – simply by taking some information that is already public (the block chain) and publishing it in a more accessible format (the taint chain). Is that not remarkable?
Thank you for your time and attention.
Sign up for your own Steem account with this invitation from busy.org - https://busy.org/i/@remlaps.
As a general rule, I up-vote comments that demonstrate "proof of reading".
Steve Palmer is an IT professional with three decades of professional experience in data communications and information systems. He holds a bachelor's degree in mathematics, a master's degree in computer science, and a master's degree in information systems and technology management. He has been awarded 3 US patents.
Steve is a co-founder of the Steemit's Best Classical Music Facebook page, and the @classical-music steemit curation account.
| Follow: @classical-music | Follow: @classical-radio | Classical Music discord invitation: https://discord.gg/ppVmmgt |  Classical Music Logo by ivan.atman |
While it is an interesting concept, I'm not sure if would be a good idea.
It would have to centralise again the idea of what constitutes a good or bad transaction. Sure, in some 'obvious' cases, that would be easy to define. But the devil is always in the grey area in between.
I'm not sure this would have been possible in the case of fiat money (to attach a taint to known serial numbers), in not sure if would be desirable either in crypto. Sure, it is horrible to be robbed, but is the cure worse?
Somehow, the entire crypto ecosystem must be made more user friendly to people that in general have 'password123' as for key into their digital kingdom. In not sure that taking away responsibility for your own security and safety is the way though.
Sorry, a bit of a unstructured comment, not enough sleep last night.
Thanks for the feedback! I also have mixed feelings about it. It actually wouldn't have to centralize the decisions about taint, because there could be competing taint chains, and people/courts/arbitrators could choose which ones they'd recognize, but it still seems like it runs sort-of counter to the overall cryptocurrency ethos.
I do think it's a very insightful mix of law and computer science, though. Technology is always a cat and mouse game, so I guess this isn't the last word on the topic, even if it does see widespread adoption.
Oh, in that case I guess these traint chains is a slightly more elegant solution than what has happened with ETC/ETH and more recently with NEM.
But I wonder if the sheer greed of people in general would cause them to just ignore the taint chains anyway without some structural enforcement. If you find money on the street, most people tend to pocket it. If they were told it was off questionable history, I'm not convinced the result would be that much different....
Coincidentally, I came across this video during lunch today. Near the end, they talk about some inventions of theirs that will supposedly make bitcoin cash fungible.
No idea how that would work, but I'm interested to see if they deliver.
Interesting stuff, but it's like everything in the crypto space at the moment, all promises! By the way, isn't Craig Wright the guy that claimed to be Satoshi?
Yeah, he is. I wrote about those claims almost a year ago, here, and I've been following the nChain blog - where I found that video - since shortly after that article. It actually looks to me like nChain is attempting to implement a vision that Wright started hinting at in public statements from as far back as 2015, before all the Satoshi drama.
And yeah, you're definitely right that the crypto space is saturated with vaporware. Results take a long time to deliver.
Thanks, that was an interesting read. It seems like you have a similar idea to me for the Satoshi question. For me, it seems parallel to the mathematian Nicholas Bourbaki.
Anyway, all the drama aside, it does seem like this guy has some interesting ideas. Maybe something for me to look further into.
Hi! Great. Glad i found it on steem. Upvoted and resteemed. Thank you for your contribution.
nice information sir great post thanxxx
I trying to prepare some statistics about Steemit here:
https://steemit.com/steemit/@jooyande7/steemit-daily-statistics-31-march-2018
You can follow my daily reports about Steemit. :)
Leaving comments asking for votes, follows, or other self promotional messages could be seen as spam.
Your Reputation Could be a Tasty Snack with the Wrong Comment!
Thank You! ⚜