After a review of documentation for the Libra protocol and its planned ecosystem, Steven Sprague believes Facebook left out key security components.
Gone are the days of manual encryption as MIT researchers create a way to automatically generate security algorithms.
Cryptography advances are converging to help developers bring blockchain uses to their core decentralizing principles, writes Michael J. Casey.
As Apple unveils its new cryptographic framework, experts weigh in on its relevance to the cryptocurrency industry.
Yannick Sierra, security engineering and architecture manager for Apple, opened up the cryptography session at the 2019 Apple Worldwide Developers Conference and presented the CryptoKit with these words:
Welcome to the bitcoin session! (Laughter in the room). Kidding — welcome to Cryptography and Your Apps session!
This opening quote ended up being the only reference to cryptocurrencies or blockchain throughout the entire presentation of CryptoKit — Apple’s new framework for app developers designed to simplify building security-enhancing cryptographic functionality. Sierra’s joke was likely in recognition of how eagerly the crypto community anticipated the event, as well as the launch of the new toolkit in general.
Despite the heightened expectations that many cryptocurrency enthusiasts harbored, the presentation itself was hardly a ringing announcement of Apple’s newfound openness to blockchain. It turned out to be what it was always meant to be: a hands-on rundown of the new developer tool — with use cases, implementation tips and chunks of code on the slides. Still, what can the crypto industry make of this new release, and does it have anything to do with Apple’s stance on cryptocurrencies?
In the electrified air of the allegedly unfolding blockchain arms race between the world’s major tech powerhouses, cryptocurrency aficionados are hanging on every word these companies say that could be interpreted as endorsement of blockchain technology and its applications. With the 2019 Worldwide Developers Conference underway, vigilant inhabitants of crypto Twitter spotted an unannounced addition to SF Symbols, Apple’s native icon set. Among 1,500 configurable symbols, developers can now leverage four different versions of the bitcoin icon:
Just noticed that Apple’s new icon set (SF Symbols), includes bitcoin. pic.twitter.com/Og8dWp2C85
— Brandon (@brandnanthny) June 4, 2019
Needless to say, the move has been interpreted as an instance of mainstream validation, which followed a similar symbol-ic step by Microsoft. And then, crypto media went abuzz over yet another promising development, as it became known that Apple is poised to present a set of cryptographic developer tools.
For a wishful eye, there was little doubt that all the recent tidbits were pieces of the same puzzle: The company is ready to embrace crypto! After years of contentious relationships, marked by two occasions of Coinbase being dropped from App Store and an effective ban on mining on Apple devices, even small steps were seen as welcomed news.
Bullish comments on CryptoKit’s significance for the cryptocurrency space began to surface. Alejandro Machado, co-founder of Open Money Initiative, told The Block that cryptocurrency developers will capitalize on the new feature that CryptoKit offers: the capacity to leverage iPhone’s secure enclave — a hardware pocket disconnected from the processor — to reach the level of security comparable to that of hardware wallets. TrustWallet founder Viktor Radchenko concurred in a widely circulated tweet:
Apple announced CryptoKit for iOS 13, only a few steps away before you can turn your phone into a hardware wallet.https://t.co/21wPSBz0K3
— Viktor Radchenko (@vikmeup) June 4, 2019
Forbes’ Billy Bambrough summarized the enthusiastic vibe by calling CryptoKit’s rollout “Apple’s first carefully measured steps into bitcoin and crypto.”
“Duct tape solution”
As it happens, not everyone was immediately ready to hop on the bandwagon. Blockchain developer Ronald Mannak countered the growing bullish sentiment with a series of tweets, deconstructing what CryptoKit is and what it is not. Mannak argued that the new tool is about cryptography, not cryptocurrency, and as such, it has nothing to do with Apple’s stance on crypto and blockchain.
With some improved functionality, CryptoKit is good news for developers but not “the game changer” for the broader crypto space, as compatibility of its affordances with Ethereum and other blockchains remains limited.
Blockchain video blogger Ivan Liljeqvist (Ivan on Tech) projected the same narrative when he spent the first few minutes of his recent stream dwelling on the difference between “cryptography” and “cryptocurrency” and suggesting that “hodlers” should not get overly excited about everything that has “crypto” in it.
He contended that CryptoKit doesn’t look like “how most cryptocurrencies are laid out today,” and it is “not designed for crypto, not having crypto use cases in mind,” citing potential issues with key retrieval and backup from the secure enclave. However, he admitted that one could still build a cryptocurrency on CryptoKit, although it would require a “duct tape solution.”
The basics of what we have
Which of these two perspectives better reflects reality? To answer this question, having a cold-eyed look at CryptoKit and the context of its emergence wouldn’t go amiss.
Apple CryptoKit is a framework that comes with the iOS 13 update. It is built on top of CoreCrypto — Apple’s native cryptographic library. Previously, iOS developers who wished to implement cryptographic operations had to rely on the library called Common Crypto, written in the language Objective-C. As much of the software development on iOS these days occurs in a different language, Swift, this discrepancy proved inconvenient: Unable to use the library directly in Swift, programmers had to spend time on writing wrapper frameworks to make use of it.
CryptoKit, written in Swift, takes care of the issue. It will allow a hassle-free implementation of cryptographic operations such as using public-key cryptography to create and evaluate digital signatures, perform key exchange and use generated symmetric keys to authenticate and encrypt messages. As per Apple’s documentation, the new framework “automatically handles tasks that make your app more secure.”
At the “Cryptography and Your Apps” session, Apple engineers presented major types of prospective use cases: protecting data on a device, protecting credentials and keys, sharing data across devices and users, securing network connections, and verifying remote parties. Sounds like a great privacy-enhancing tool for smartphone users — but where are cryptocurrencies in this picture?
For one, there is potential room for wallet functionality, as many blockchain experts already observed. Sergey Bolshedvorsky, senior iOS developer with Voxpopme, explained:
“The new framework will provide easy-to-use and efficient options for hashing, key generation, key exchange and encryption for developers. All these operations are essential for building cryptocurrency wallets. […] CryptoKit allows to store private keys in the secure enclave which will hugely increase the protection of these keys and allow for secure public-key cryptography. Current documentation suggests that developers will not have direct access to private keys, therefore these are going to be securely protected and stored on a device.”
At the same time, Bolshedvorsky admits, the tool is not perfectly cut out for cryptocurrency-related applications beyond wallets, yet offers a wide array of uses beyond crypto:
“The current implementation of CryptoKit does not support secp2561k1 curve used by Ethereum and other blockchains, therefore it has a limited applicability for cryptocurrency applications at the moment. Support for these algorithms can be added in future updates, but it is not clear when it will happen. CryptoKit brings easy-to-use cryptography to all applications and it does not limit itself to crypto-related applications.”
Founder and CEO of Zerocracy, the creator of cryptocurrency zold, echoes this idea but points to some of CryptoKit’s less obvious implications for the crypto space. Yegor Bugayenko said:
“Despite the expected market reaction that connected CryptoKit with blockchain and bitcoin, it has nothing to do specifically with those cryptocurrencies. CryptoKit will simplify data encryption and decryption operations, which are used in many other areas, including backups, secure emailing and messages, password generation, and many others. However, natively implemented data encryption algorithms will definitely boost the development of mobile nodes for new lightweight and non-PoW cryptocurrencies, providing millions of iPhone and iPad users with mobile access to microtransactions in the future.”
Overall, blockchain experts outside of the developer community view CryptoKit’s arrival as welcomed news. While some consider it a manifestation of Apple’s long-anticipated turn toward crypto, others celebrate increased data security and privacy that the new tool is expected to bring about.
Dave Hodgson, director and co-founder of NEM Ventures, the venture capital and investments arm of the NEM blockchain ecosystem, believes that CryptoKit will add to the momentum of mainstream adoption:
“The latest move by Apple is further evidence that blockchain is gaining more mainstream adoption, and it follows a similar release by Samsung and other key players in the space. CryptoKit will allow developers to focus on building a greater user experience without having to divert resources to highly technical areas. An analogy would be GPS on smart phones – allowing Uber to focus on its Consumer app. If you couple CryptoKit with the Apple Sign In announcement, several interesting use cases present themselves and we hope to see other vendors offering similar tools for Android and Windows in due time.”
Matt Branton, chief technology officer of a stablecoin project called Neutral, is largely on board with this optimistic view:
“The increasing interest in blockchain technology and cryptocurrencies among large enterprises signals wider mainstream adoption, in which traditional and emerging industries will continue to overlap. Apple’s plans to unveil the new tool, CryptoKit, which will feature in iOS 13, reveals a promising mission from a traditional tech giant to support growing consumer demand for higher security standards through cryptography. This trend of consumers striving for higher security standards has extended to the digital asset realm, with more and more market participants demanding higher levels of stability and reliability.”
Mateusz Tilewski, co-founder and CTO of blockchain network company Concordium Group, prefers to think of the new cryptographic developer package as a response to the need for higher-quality cryptography in consumer-oriented apps:
“The majority of hacks can be attributed to faulty cryptography design and implementations, so access to quality crypto-utilities is directly correlated to the security of an app. As one of the biggest companies in the world, it is no surprise to see Apple implement proven and stable standards in their kit.”
Overall, while the community’s initial enthusiasm with regard to CryptoKit may be somewhat overblown, in the long run, however, it should further the cryptocurrency movement’s strategic objectives. Although its capacity right now to usher a tidal wave of mobile hard wallets remains controversial, it is upon the developers to test whether it could be an efficient way to move forward. In addition, wider implementation of cryptographic data security solutions means not just better data protection for consumers, but also potential collateral systemic benefits for crypto, including but not limited to the potential rise of mobile-based cryptocurrency nodes.
The tech giant is eyeing making its apps more cryptographically secure at the behest of developers.
During a session scheduled for Wednesday at the ongoing event, titled “Cryptography and your Apps,” Apple will unveil a new tool dubbed “CryptoKit,” which will debut as an update in iOS 13.
CryptoKit will focus primarily on developers, allowing them to build in more security functionality for apps with better support.
“System frameworks encrypt both data at rest and data in transit in a transparent way for you. This functionality is available by simply setting an attribute. However you may want to do more to protect your users’ data,” the event description reads. It continues:
“CryptoKit is a new Swift framework that makes it easier and safer than ever to perform cryptographic operations, whether you simply need to compute a hash or are implementing a more advanced authentication protocol.”
The ongoing WWDC comes as social media users keep an increasing eye out for any hint Apple is changing its somewhat hands-off approach to the cryptocurrency industry itself.
Last month, meanwhile, cryptocurrency wallet Spend integrated Apple Pay functionality, allowing users to fund contactless mobile payments with any one of around 20 cryptocurrencies.
A de minimis tax exemption in the new crypto legislation would let crypto gains under $600 occur without being reported to the IRS.
The recently reintroduced Token Taxonomy Act (TTA) will create a de minimis tax exemption for crypto transactions under $600, according to the executive director of Coin Center, Jerry Brito, at Consensus 2019 on May 13.
The de minimis tax exemption stipulates that if a crypto owner experiences a capital gain up to $600 of crypto, then that owner is not required to report the gain to the Internal Revenue Service (IRS), the United States’ tax authority.
Brito notes that this situation parallels how small gains on foreign currencies were treated prior to a de minimis proviso that was introduced in the 1990s by Congress. Before then, if someone purchased foreign currency to take a short vacation in another country, any capital gains experienced over the course of holding that currency would technically have to be reported.
Brito added that one could technically be obligated to report capital gains when using cryptocurrencies to purchase simple things like a laptop, plane tickets, or even in writing a smart contract, which requires the expenditure of a small amount of ether (ETH) or other so-enabled cryptocurrencies. Legally, Brito noted, regulatory authorities could choose to require reporting these small expenditures.
As previously reported by Cointelegraph, the TTA, if passed, would also exclude cryptocurrency from classification as a security. The TTA would also delimit the jurisdiction of the Commodity Futures Trading Commission (CFTC) and the Federal Trade Commission (FTC), as well as provide regulatory certainty for the compliance and enforcement of crypto statutes.
Crypto securities company Curv has bought insurance from Munich Re, covering as much as $50 million in customer losses due to malicious activity.
This new insurance is designed to cover any cases in which a bad actor was able to gain access to either Curv or the customer’s shares, both of which would be needed in order to sign off on an illicit transaction. As is stated in the press release:
“Even in an extreme scenario where both networks’ shares were somehow simultaneously compromised and a transaction were initiated outside of the corporate policy, Curv’s insurance would kick in to cover the loss*.”
One notable feature of Curv’s crypto wallets is that they do not use private keys, which is a common means for a user to access their encrypted data. Adrian Bednarek, a senior security analyst at Independent Security Evaluators (ISE), recently discovered that a so-called “blockchain bandit” was stealing Ethereum (ETH) by exploiting users with weak private keys, which Bednarek describes as both “your user ID and your password at the same time.”
In contrast, Curv uses multi-party computation (MPC) protocols that reportedly do not rely on just one username/password combo (private key) for accessing secure data. Curv also provides one omni-purpose wallet rather than separate cold or hot wallets.
As recently reported by Cointelegraph, major American cryptocurrency exchange Coinbase recently disclosed its hot wallet insurance coverage, which can cover up to $255 million in the case of loss due to malicious activity.
Filecoin owner Protocol Labs is collaborating with the Ethereum Foundation to develop a Verifiable Delay Function.
VDFs are a relatively new cryptographic primitive that can protect systems relying on the generation of (pseudo) random values from manipulation strategies or attack.
Examples of everyday use cases include picking a lottery winner on the blockchain, as VDFs could help stop miners from intervening with a block hash to win the jackpot. Dan Boneh, one of the researchers who introduced the concept in a paper last June, explained that VDFs are a way to “slow things down verifiably.”
Protocol Labs says additional research is required to make them more robust, as it is still possible for malicious actors with custom hardware to break the security of the protocols that depend on VDFs. The team explained:
“This is an investment towards building publicly-verifiable randomness and VDFs as novel tools in the arsenals of cryptographers and decentralization projects.”
The blog post added that a successful outcome would be a big development in applied cryptography and distributed systems, noting that its use would apply beyond blockchain.
Protocol Labs and the Ethereum Foundation are planning to evaluate and co-fund grants to research the feasibility of developing optimized hardware for running a VDF. The blog post notes that this aims to help eliminate the “knowable uncertainty around the length of the verifiable delay based on the speed and quality of the hardware being used to generate it.”
A new website has been created to mark the partnership, and both organizations say they are open to hearing from academic institutions and manufacturers who want to get involved. A competition to research the fastest VDF construction is also in the pipeline.
In February, the Ethereum Foundation had denied that it was planning to spend $15 million on the development of VDFs for use in its transition to a proof-of-stake network. The amount of money to be spent in the development of VDFs with this new partnership is not disclosed.
WISeKey has launched a new blockchain-powered digital identity solution to protect Internet of Things devices and their data.
Switzerland-based blockchain and cybersecurity firm WISeKey has launched a new blockchain-powered digital identity solution to protect Internet of Things (IoT) devices and their data. The news was announced in a WISeKey press release on March 29.
WISeKey focuses on secure authentication and identification solutions for people and smart objects by implementing a cryptographic tool called Root of Trust (RoT). WISeKey IoT claims to have an install base of over 1.5 billion secure microchips across “virtually all IoT sectors” — from connected carts and smart cities to drones and crypto tokens. RoT, the press release claims, is currently embedded in 4 billion devices globally.
The new solution, dubbed SensorsID, will be issued under the WISeKey RoT and serve as a so-called strong digital identity solution that combines a blockchain platform with dual-factor authentication measures to better protect smart device identities and their data transactions.
SensorsID is a new device-focused identity solution that supplements WISeKey’s already existing solutions for personal and mobile digital identity — dubbed CertifyID and WISeID respectively. All three aim to enable strong authentication, digital signature and encryption.
The press release outlines that the SensorsID BlockChain can be operated at a local and national level between trusted parties.
WISeKey proposes that the combination of blockchain, IoT and robust security solutions can boost productivity across diverse industrial and consumer applications, as for example:
“An intelligent car with a system processing authenticated data for each of the vehicle components, being able to detect if/when different parts will require service and to digitally sign all the logs required to prove that service was provided. This platform can be used in […] smart homes with connected appliances, and provid[e] critical communication between devices.”
WISeKey further outlines how its range of digital ID solutions and chips are designed to feature secure storage, cryptographic calculations and digital signatures for executing sensitive calculations, and to prevent device data — such as power consumption patterns or electromagnetic emissions — from being leaked to third-parties.
As recently reported, WISeKey opened a Blockchain Center of Excellence in Geneva this February, as part of a new partnership with the Blockchain Research Institute. The latter plans to open similar centers — each focused on assisting blockchain startups to expedite the technology’s adoption in the public and private sectors — across five continents.
WISekey also recently announced the opening of its Global Blockchain Center in Malaysia as part of a partnership with a subsidiary of Malaysian tech investment holding Censof.
Author of the “Crypto Anarchist Manifesto” has passed away at 67.
Timothy C. May, co-founder of the cypherpunk activist movement and author of “The Crypto Anarchist Manifesto” has passed away at the age of 67.
That information was first shared on Dec. 15 by alleged cypherpunk member Lucky Green via Facebook. According to Green, May had most likely died of natural causes earlier last week at his home in Corralitos, California, although autopsy results are still pending.
May is known as the author of “The Crypto Anarchist Manifesto” — published in 1988 — in which he predicted some elements of currently existing decentralized cryptocurrencies. However, the cypherpunk ideologist was not happy with where virtual currencies and blockchain were headed, as per his latest interviews.
Libertarianism, work at Intel and the “BlackNet” concept
May was born in 1951 in San Diego. He exhibited libertarian tendencies from the early age: May reportedly joined a gun club at age 12 and was inspired by Ayn Rand’s “Atlas Shrugged” in his junior year in high school.
“It just spoke to me,” he allegedly said in an unpublished interview with Reason, filmed in 2017. “I read it nonstop for three days, and to the disdain of my teachers in school, I would write articles about the Anti-Trust Act and the evils of the Sherman Act.”
After graduating from the University of California Santa Barbara with a physics degree, May got a job as an electronics engineer at Intel in 1974. While working there, he studied the functions of memory chips — some of his crucial findings in that area were documented in a 1979 paper. In 1986, he retired at the age of 34 due to a significant rise in his stock options.
In 1987, May was introduced to economist and entrepreneur Phil Salin, who was establishing the American Information Exchange (AMiX), an online marketplace at the time for trading information. While May saw “a strong libertarian of the Hayek sort,” in Salin and essentially “shared the same views,” he disliked his idea of an e-commerce platform that would reduce transaction costs and facilitate cross-border trade for people “selling meaningless stuff like surfboard recommendations.” Instead, May envisioned a whistleblowing-like platform where someone can “exfiltrate bomber plans for that B-1 Bomber.” He later finalized that concept as “BlackNet,” where “nation-states, export laws, patent laws, national security considerations and the like [are considered] relics of the pre-cyberspace era.”
The BlackNet required a non-governmental digital currency to run. “I admitted to Phil the big problem was untraceable payments,” May told Reason. “They can be tracked when they send their Visa information.” Soon, he discovered an 1985 article written by cryptographer David Chaum titled “Security Without Identification: Transaction Systems to Make Big Brother Obsolete.” In it, Chaum described a digital currency system that used cryptography to conceal the buyer’s identity. It lead May to study public-key cryptography, a system that allowed strangers to exchange secret messages first described by Whitfield Diffie and Martin Hellman in 1976. Soon, May became convinced that public-key cryptography, combined with networked computing, could “break apart social power structures.”
“The Crypto Anarchist Manifesto” and the rise of the Cypherpunks movement
In September 1988, May wrote “The Crypto Anarchist Manifesto” essay, which was loosely based on Karl Marx’s “The Communist Manifesto.” He reportedly wrote the 497-word piece in “an hour and a half.”
“The State will of course try to slow or halt the spread of this [cryptography-based] technology, citing national security concerns, use of the technology by drug dealers and tax evaders, and fears of societal disintegration,” the paper read.
However, May also noticed in the Manifesto that “many of these concerns will be valid,” since “crypto anarchy will allow national secrets to be trade freely and will allow illicit and stolen materials to be traded.”
In September 1992, May co-founded an online mailing list called “Cypherpunks” with his friends Eric Hughes and Hugh Daniel. In a cover story published in 1993, Wired magazine described it as “a gathering of those who share a predilection for codes, a passion for privacy, and the gumption to do something about it.” In his Facebook eulogy post, Lucky Green called Cypherpunks “perhaps the single most effective pro-cryptography grassroots organization in history.”
By 1997, the mailing list reportedly averaged “30 messages daily with about 2,000 subscribers.” Their contributors included WikiLeaks founder Julian Assange, who penned his first posts in 1995 under the nickname “Proff.” Later, in 2016, Assange published a book on the grassroots movement titled “Cypherpunks: Freedom and the Future of the Internet.”
The Cypherpunks list disbanded soon after the 9/11 attack as “a lot of people got cold feet about talking about this stuff.”
May and the contemporary crypto industry: “Satoshi would barf”
May’s ideas were remembered in 2008, when Satoshi Nakamoto began making waves on the internet with Bitcoin’s original white paper. Interestingly, the anonymous creator of the cryptocurrency was reportedly in communication with the cypherpunk community prior to publishing the white paper and even communicated his ideas to them in an email thread.
The concept of Bitcoin soon attracted a new generation of techno-libertarians who self-identify as crypto-anarchists. Indeed, as Cointelegraph reported earlier this year, many consider that the cypherpunk movement deserves as much credit as Satoshi Nakamoto for laying down the foundational development of cryptography.
However, May was not particularly keen on cryptocurrencies in their latest stage — and, especially, the hype around them. In November 2018, when a Reason editor contacted May and requested an interview, the Cypherpunks co-founder told him that he was done with the press and was “feeling burned out on the space.”
Prior to that, in October 2018, May penned a lengthy piece, which was then edited into an interview — apparently, his last one.
In it, he largely criticized the concept of compliance, saying that “attempts to be ‘regulatory-friendly’ will likely kill the main uses for cryptocurrencies, which are NOT just ‘another form of PayPal or Visa.’”
Moreover, May mentioned that many blockchain use cases and distributed ledgers “are not even new inventions, just variants of databases with backups”, while also arguing that “the idea that corporations want public visibility into contracts, materials purchases, shipping dates […] is naive”.
He also argued that cryptocurrency in its current form “is too complicated”:
“[…] coins, forks, sharding, off-chain networks, DAGs, proof-of-work vs. proof-of-stake, the average person cannot plausibly follow all of this. What use cases, really? […] The most compelling cases I hear about are when someone transfers money to a party that has been blocked by PayPal, Visa (etc), or banks and wire transfers. The rest is hype, evangelizing, HODL, get-rich lambo garbage.”
Finally, May criticized the industry for having “a sheer number” of conferences and crypto exchanges “that have draconian rules about KYC [Know Your Customer], AML [Anti-Money Laundering], passports, freezes on accounts and laws about reporting ‘suspicious activity’ to the local secret police.”
“I think Satoshi would barf,” he eventually argued.