Toggle light / dark theme

The cryptocurrency Bitcoin is limited by its astronomical electricity consumption and outsized carbon footprint. A nearly zero-energy alternative sounds too good to be true, but as School of Computer and Communication Sciences (IC) Professor Rachid Guerraoui explains, it all comes down to our understanding of what makes transactions secure.

To explain why the system developed in his Distributed Computing Lab (DCL) represents a paradigm shift in how we think about cryptocurrencies—and about digital trust in general—Professor Rachid Guerraoui uses a legal metaphor: all players in this new system are “innocent until proven guilty.”

This is in contrast to the traditional Bitcoin model first described in 2008 by Satoshi Nakamoto, which relies on solving a difficult problem called “consensus” to guarantee the security of transactions. In this model, everyone in a distributed system must agree on the validity of all transactions to prevent malicious players from cheating—for example, by spending the same digital tokens twice (double-spending). In order to prove their honesty and achieve consensus, players must execute complex—and energy-intensive—computing tasks that are then verified by the other players.

Other companies are even closer than Google, and it’s about more than just cracking cryptocurrency. Mike has the details in this breaking report…

Rural communities are often built on agriculture and livestock. That means they’re also dependent upon a strong irrigation system – a potential weakness as the global water crisis grows. To more efficiently manage and coordinate the use of a scarce water supply in agricultural communities, a team from the Polytechnic University of Madrid proposed a blockchain-based automatic water control system.

“We investigated how blockchain technologies can be used to solve the problem of user competition for scarce resources in communities,” said Borja Bordel, the project’s lead investigator. “We particularize the problem to the irrigation communities, where independent users must trust a system that automates a fair and trustworthy distribution of the available water resources, according to an individual quota set by the community and the consumption forecasts of its users.”

Rules are paramount for the proposed system and must be established upfront by the community of users. In a prosumer environment, users establish regulations for their individual and community water quotas. Those regulations are then taken by a transformation engine and are built, compiled, and deployed. A simple infrastructure of common valves and pumps are complemented by interactive electronic devices and allow a SmartContract to oversee decision-making and control algorithms, as well as the state of the water sources.

SHA-256 is a one way hashing algorithm. Cracking it would have tectonic implications for consumers, business and all aspects of government including the military.

It’s not the purpose of this post to explain encryption, AES or SHA-256, but here is a brief description of SHA-256. Normally, I place reference links in-line or at the end of a post. But let’s get this out of the way up front:

One day after Treadwell Stanton DuPont claimed that a secret project cracked SHA-256 more than one year ago, they back-tracked. Rescinding the original claim, they announced that an equipment flaw caused them to incorrectly conclude that they had algorithmically cracked SHA-256.

All sectors can still sleep quietly tonight,” said CEO Mike Wallace. “Preliminary results in this cryptanalytic research led us to believe we were successful, but this flaw finally proved otherwise.

Yeah, sure! Why not sell me that bridge in Brooklyn while you backtrack?

The new claim makes no sense at all—a retraction of an earlier claim about a discovery by a crack team of research scientists (pun intended). The clues offered in the original claim, which was issued just one day earlier, cast suspicion on the retraction. Something fishy is going on here. Who pressured DuPont into making the retraction—and for what purpose? Something smells rotten in Denmark!

Let’s deconstruct this mess by reviewing the basic facts:

  • Wall Street, financial services firm claims they have solved a de facto contest in math & logic
  • They cracked the code a year ago, yet— incredibly—kept it secret until this week
  • A day later (with no outside review or challenge),* they admit the year-old crack was flawed

Waitacottenpickensec, Mr. DuPont!! The flaw (an ‘equipment issue’) was discovered a year after the equipment was configured and used—but just one day after you finally decided to disclose their past discovery? Poppycock!

I am not given to conspiracy theories (a faked moon landing, suppressing perpetual motion technology, autism & vaccinations, etc)—But I recognize government pressure when I see it! Someone with guns and persuasion convinced DuPont to rescind the claim and offer a silly experimental error.

Consider the fallout, if SHA-256 were to suddenly lose public confidence…

  • A broken SHA-256 would wreak havoc on an entrenched market. SHA-256 is a foundational element in the encryption used by consumers & business
  • But for government, disclosing a crack to a ubiquitous standard that they previously discovered (or designed) would destroy a covert surveillance mechanism—because the market would move quickly to replace the compromised methodology.

I understand why DuPont would boast of an impressive technical feat. Cracking AES, SSL or SHA-256 has become an international contest with bragging rights. But, I cannot imagine a reason to wait one year before disclosing the achievement. This, alone, does not create a conundrum. Perhaps DuPont was truly concerned that it would undermine trust in everyday communications, financial transactions and identity/access verification…

But retracting the claim immediately after disclosing it makes no sense at all. There is only one rational explanation. The original claim undermines the interests of some entity that has the power or influence to demand a retraction. It’s difficult to look at this any other way.

What about the everyday business of TS DuPont?

If the purpose of the original announcement was to generate press for DuPont’s financial services, then they have succeeded. An old axiom says that any press is good press. In this case, I don’t think so! Despite the potential for increased name recognition (Who knew that any DuPont was into brokerage & financial services?) I am not likely to think positively of TS DuPont for my investment needs.


* The cryptographic community could not challenge DuPont’s original claim, because it was not accompanied by any explanation of tools, experimental technique or mathematical methodology. Recognizing that SHA-256 is baked into the global infrastructure banking, of commerce and communications, their opaque announcement was designed to protect the economy. Thank you, Mr. DuPont, for being so noble!


Philip Raymond co-chairs CRYPSA, hosts the Bitcoin Event and is keynote speaker at Cryptocurrency Conferences. He is a top writer at Quora.

The Electric Coin Company (ECC) says it discovered a new way to scale blockchains with “recursive proof composition,” a proof to verify the entirety of a blockchain in one function. For the ECC and zcash, the new project, Halo, may hold the key to privacy at scale.

A privacy coin based on zero-knowledge proofs, referred to as zk-SNARKs, zcash’s current underlying protocol relies on “trusted setups.” These mathematical parameters were used twice in zcash’s short history: upon its launch in 2016 and first large protocol change, Sapling, in 2018.

Zcash masks transations through zk-SNARKs but the creation of initial parameters remains an issue. By not destroying a transaction’s mathematical foundation – the trusted setup – the holder can produce forged zcash.

Bitcoin and cryptocurrency adoption has failed to live up to expectations over recent years and fears around scams, fraud, and theft have not helped.

The bitcoin price, after its epic 2017 bull run, slumped last year– though has rebounded in 2019, climbing back above $10,000 per bitcoin.

Now, researchers have warned a staggering four out of the first five results returned when asking Google for a “bitcoin qr generator” led to scam websites–potentially furthering negative public perception around bitcoin and cryptocurrency.

After what has been a summer of “crippling ransomware attacks,” there has now been some respite courtesy of the city of New Bedford, Massachusetts, which has proven that the playing field can be levelled. The city was hit back in July, with its data held hostage, ransomed for more than $5 million in bitcoin. But as the attackers waited for their payment, the city’s law enforcement agencies and technology teams had other ideas.

No types of organisations are immune from these types of attacks these days,” Mayor Jon Mitchell told reporters. The city government, he said, had been taking steps to strengthen our defences—but any network is only one keyword click away from an attack. Thankfully, he acknowledged, “the attack could have been much worse.” It hit on the July 4 holiday when many systems were shut down.

“The attack was a variant of the RYUK virus,” Mitchell confirmed. “The victim needs to make a ransom payment to acquire the decryption key from the attacker.” The attack did not affect all systems or disrupt all services, and on the return to work on July 5, the city kept systems turned off as they isolated the attack.

Bitcoin’s blockchain has been hijacked by a new strain of the Glupteba malware that uses the network to resist attacks, cyber security researchers have warned.

The malware uses the bitcoin blockchain to update, meaning it can continue running even if a device’s antivirus software blocks its connection to servers run by the hackers, security intelligence blog Trend Micro reported this week.

The Glupteba malware, first discovered in December 2018, is distributed through advertising designed to spread viruses through script and can steal an infected devices’ browsing history, website cookies, and account names and passwords with this particular variant found to be targeting file-sharing websites.

The blockchain is public, yet a Bitcoin wallet can be created anonymously. So are Bitcoin transactions anonymous? Not at all…

Each transaction into and out of a wallet is a bread crumb. Following the trail is trivial. Every day, an army of armchair sleuths help the FBI. That’s how Silk Road was brought down.

The problem is that some of that money eventually interacts with the real world (a dentist is paid, a package shipped or a candy is purchased at a gas station). Even if the real-world transaction is 4 hops before or after hitting the “anonymous” wallet, it creates a forensic focal point. Next comes a tax man, an ex-spouse or a goon.

The first article linked below addresses the state of tumblers (aka “mixers”). They anonymize an open network by obfuscating the trail of bread crumbs.

Mixers/tumblers aren’t the only way to add a layer of privacy to Bitcoin transactions. The Lightning Network spec includes an optional 17-hop onion routing (just like TOR’s 4 step onion routing). I have not yet seen the feature expressed in wallets or services, but if implemented, it will be even more private and trustworthy than a mixer, because there is no middle party to trust (by you) or squeeze (by investigators). It has the potential to makes any crypto Bitcoin even more anonymous than cash.

Certain cryptocurrencies (not Bitcoin) have anonymity baked in by design. Monero, ZCash and Dash are privacy tokens that use very different approaches to eliminate the bread crumbs. Monero appears to have one distinct advantage: Like the TOR network, it is trustless. But there are benefits to each approach.


Philip Raymond co-chairs CRYPSA, hosts the Bitcoin Event and is keynote speaker at Cryptocurrency Conferences. He is a top writer at Quora.

Bitcoin and cryptocurrency prices are well known to be closely tied to media and general public interest –-though that could be changing.

The bitcoin price has been climbing so far this year, rising some 200% since January, though has recently plateaued at around $10,000 per bitcoin after peaking at more than $12,000 in June.

Now, it appears Google searches for bitcoin and BTC, the name used by traders for the bitcoin digital token, could be being manipulated–-possibly in order to move the bitcoin price.