Tag: technology

IRS Hoping to Deanonymize Monero and ZCash Privacy Coins to Prevent Cybercrime

The Criminal Investigation Division (CID) of the Internal Revenue Service (IRS) is actively hiring private contractors to study and analyze privacy coins, as there has quite been a lot of fraudulent activities revolving around their usage. 

Monero — a Popular Choice for Fraud

While the world has undergone coronavirus cybercriminals have been hard at work conducting their habitual illicit operations with the help of privacy coins.

Monero (XMR) and Zcash (ZEC) are quite an attractive option for cyber scammers, as they offer more anonymity and privacy than Bitcoin. The IRS is hoping to eventually deanonymize these privacy coins in order to put a halt to cyber fraud.

Why is Monero in Cybercrime?

XMR currently stands at the top of the list, for the most private cryptocurrencies on the market. Monero transactions operate on blockchain technology and are harder to trace, due in part to its ring signature and stealth addresses. Also, since Monero’s ledger is easy-to-access and is public, it is a popular choice that cybercriminals choose in order to carry out their illicit activities.

Zcash a Close Second

Another privacy coin that IRS is hoping to further investigate is Monero’s counter rival, Zcash. ZEC operates by using an anonymity tool called Zero-Knowledge-Proof, which allows users to transact with each other without revealing their true addresses to anyone.

In other words, this makes it hard for the receiver to trace and figure out the identity of the sender, and vice-versa. Because of its end-to-end-encryption property, Zcash users can remain anonymous despite conducting numerous online transactions.

Privacy Coins and Cybercrime

Privacy coins, such as Monero and Zcash, are common cryptocurrencies used in cybercriminal rings. In contrast, Bitcoin, which offers no anonymity, is less attractive to cyber scammers.

Depending on the privacy coin, anonymity levels differ. This type of cryptocurrency is attractive to cybercriminals, because it obfuscates the transacted amount, wallet addresses, the identities of both sender and receiver; it is also hard to trace the transaction trail.

Because of the anonymity offered by privacy coins, fraudulent activities such as tax evasion and money laundering are common with Monero and Zcash.

How the IRS Hopes to End CyberCrime

Based on the Request for Information (RFI) posted by the IRS Criminal Investigation program, private contractors working for them have developed software used to detect suspicious online transactions.

Illicit activities reported by various law enforcement agencies in the past will be gathered and analyzed in detail to prevent future cases of phishing and fraudulent behavior.

US law enforcers are also looking to come up with more innovative technological strategies to trace privacy coins, layer 2 off-chain protocol networks, and side chains. 

Image source: Shutterstock

Common Blockchain Misconceptions – Part 2 of 3

THOUGHTS OF THE WEEK

Standard Kepler CEO David Tang recently authored a few articles on the subject of blockchain and cryptocurrency misconceptions. Last week in part 1 we had a look at the first 4 of a total of 8, and this week we will continue by taking a slightly deeper look at misconceptions 5 and 6.

5. “Use of blockchain increases system security”: I don’t know the origin of this misconception, but we often hear our clients saying that they want to improve their system’s security by “putting everything” on a Blockchain. They fail to realize that blockchain does not equate absolute security. In fact, only some blockchains are secure, a lot of blockchains are not.

Before we discuss whether using blockchain improves system security, we need to know how blockchain secures itself and its limitations in doing so. Blockchain secures your data in two ways: Firstly, it maintains data integrity by making sure that the data recorded on it can neither be altered nor removed. Secondly, it secures the ownership of your account with public/private key cryptography. This means that your account is secure as long as your private key isn’t exposed (normal password protection is significantly easier to crack compared to public/private key cryptography).

In the case of smart contracts, the above characteristics of blockchain makes it possible to achieve security on a new level: a program deployed on blockchain cannot be altered or removed, meaning that hackers cannot change your program code or make it misbehave. But there are also limitations. For example, if the deployed code has bugs then blockchain won’t allow you to fix these bugs as the program code cannot be changed once launched. Also, the public/private key encryption adds an element of user unfriendliness to your system, since users cannot choose their private key and the keys can be long and hard to memorise. Back to the question, can blockchain helps improving your system security? The answer is that it depends.

If you just want to secure the data integrity: Yes, blockchain can help. Putting your data on a public blockchain can make your data largely immutable.

If you want to make your program secure: Usually no, sometimes yes. Yes if your program is coded flawlessly; No if your program is not flawless, and most programs are far from perfect and do contain bugs.

If you want to hide your data from hackers: No, there are better ways to hide your data securely. Putting the data on a blockchain without lowering the data usability is impossible.

If you want to give your users the ability to store their encrypted data securely, and make sure that only they can decrypt their own data: Yes, you can do this with blockchain, but make sure you really need this level of security and that you are willing to make the relevant sacrifices in usability to users.

6. “Use of blockchain protects user privacy”: Well, using Bitcoin can protect your privacy, and so can many other cryptocurrencies. But here lies a very common misconception that start-ups, VCs and a lot of laymen (non-laymen as well) have been reiterating. Blockchain protects privacy because it can verify a transaction without needing your personal information. However, it does not protect your privacy by preventing other parties from misusing your information without your permission. Consider the following example from a project:

“A user installs an application that uses our platform for preserving her privacy. As the user signs up for the first time, a new shared (user, service) identity is generated and sent, along with the associated permissions, to the blockchain in a Taccess transaction. Data collected on the phone (e.g., sensor data such as location) is encrypted using a shared encryption key and sent to the blockchain in a Tdata transaction, which subsequently routes it to an off-blockchain key-value store, while retaining only a pointer to the data on the public ledger (the pointer is the SHA-256 hash of the data). Both the service and the user can now query the data using a Tdata transaction with the pointer (key) associated to it. The blockchain then verifies that the digital signature belongs to either the user or the service. For the service, its permissions to access the data are checked as well. Finally, the user can change the permissions granted to a service at any time by issuing a Taccess transaction with a new set of permissions, including revoking access to previously stored data. Developing a web-based (or mobile) dashboard that allows an overview of one’s data and the ability to change permissions is fairly trivial and is similar to developing centralized-wallets, such as Coinbase for Bitcoin.”

What projects such as this one suggest is that all user data is uploaded and stored on a blockchain platform, and that services (apps) can only access this data with user permission. Most importantly, you can revoke the permission at any time. Does this not sound like Facebook login? Apps can only access your data with your consent, and you can revoke this permission at any time. So, can these apps “steal” your data? Yes! And all they have to do is to create a copy.

This most obvious point of failure of the above proposal. The data you generate in the app can only be uploaded to blockchain by the app itself, so the app can steal it in the middle of the upload, or it can even outright prevent the data from being uploaded. The only way to make it work is through something like TouchID: your fingerprint is collected by your iPhone, and the app cannot touch the data, it can only ask iPhone to check whether your fingerprint is correct. The data from the point of being collected, to being processed and stored is in a closed loop. This is how Apple protects your privacy from everyone except themselves.

In short, cryptocurrencies can protect privacy because they don’t need your private information to verify transactions, nor do they require authorities that own your personal information to verify transactions. Blockchain can encrypt your data and store it securely and prevent anyone from using it, but it cannot protect your data from being misused.

************

Disclaimer

The views and opinions expressed in this article are those of Standard Kepler and do not necessarily reflect the view of Blockchain.News 

How Do Hackers Use Excel Files to Compromise Your Computers?

Following the article titled “Beware of Excel Files in Email Attachment, Says Symantec”, some of our readers are curious about how hackers use excel files to compromise user’s computers. Below is a simple tutorial for you.

We do not recommend users to open excel (especially excel files among other office format files) from an unknown source. Hacker can gain full control of your computer, including the accessibility of all files, screenshots, your web camera and all information typed by your keyboard.

How hackers do it?

Answer: Visual Basic Application (VBA) in excel

After you enable the “developer” feature in Microsoft Excel, you can click into “Visual Basic” to code anything on it.

Hacker first injects VBA codes to excel so that every time the excel is opened (P.S. We are not going to provide the codes), the victim’s computer will initiate a connection towards the hacker’s machine (so he needs to inject an IP address to the code). Then the hacker attaches the excel with a fancy email subject to victims.

When the victim opens the excel file and “CLICK ENABLE CONTENT”,  his computer will be compromised.

Exclusive: Blockchain Trilemma Solved? Secrets Revealed by Turing Award Winner's Algorand

Blockchain trilemma was initially expressed by Vitalik Buterin, founder of Ethereum, which is claimed to be unfeasible in achieving scalability, decentralization, and security simultaneously in a blockchain.

There are numerous blockchain project teams attempting to address the blockchain trilemma, and the Turing Award-winning team Algorand is one promising candidate. We have the pleasure to speak with Jing Chen, Chief Scientist of Algorand, on how Algorand attempts to solve the blockchain trilemma with its Byzantine agreement. She also explains why Algorand is non-forkable and the restrictions on Algorand’s adversary model!

1. Blockchain trilemma has been a headache for project teams in the public blockchain. How Algorand can solve the blockchain trilemma?

The alleged “trilemma” says that among three important properties – decentralization, scalability and security, a public blockchain can hope to achieve just two of them, at most. This is not a mathematically-proven impossibility. Rather, it is used to emphasize the difficulty of achieving all three simultaneously. We believe it’s important for a public chain to achieve all three, and the Algorand blockchain does just that.

Decentralization

Decentralization is made possible by Algorand’s permissionless, pure proof-of-stake consensus protocol. A user does not need permission to join the system or participate in the consensus, so no central control is present at the entry phase. A participating user’s voting power in the consensus protocol is directly proportional to their number of tokens, and having multiple users accumulate their tokens to one account does not increase their joint voting power at all. This eliminates the need to form “mining pools”. Moreover, the cost for a user to run a node in the system is very low, and a user doesn’t need specialized hardware in order to participate. This makes the system friendly to “small” users and helps with decentralization.

Scalability

The key to scalability lies in Algorand’s Byzantine agreement. Its safety does not rely on preset lower-bounds on how fast blocks should be generated (e.g., 10 minutes, 5 minutes, etc). Blocks can be generated as fast as messages can be propagated in the network. In typical cases, only one voting step is needed before a block can be certified, and it only takes a few seconds to generate a block. No computational resources are wasted solving cryptographic puzzles, making the system cost-efficient. For every block, only a small committee is selected to vote, and the size of the committee stays almost unchanged as the number of users and nodes grow in the system, making the system scalable to any number of users. What’s more, Algorand’s novel cryptographic self-selection technique ensures that no direct communication is needed among the selected committee members themselves, reducing the system’s communication cost and making it scalable to global crossing-continent networks. Cryptographic self-selection is also a key technology for the security of Algorand’s blockchain, as discussed below.

Security

Indeed, Algorand’s Byzantine agreement is designed based on first principles rather than heuristics, and its security is proved via rigorous mathematical analysis. Cryptographic self-selection ensures that no one knows who is selected to vote for a block until after a selected user sends out his voting message. Thus an attacker doesn’t know who to target beforehand. After seeing a user’s voting message, an attacker realizes that this user is selected. However, even if the attacker can corrupt this user at this point, it’s too late because their voting message is already propagated to the network. The voting committee is re-selected every step, and corrupting selected users doesn’t make the attacker better off in the future than corrupting un-selected users.

Moreover, forward security (also referred to as forwarding secrecy) is important in a system that lasts for a long time and generates blocks continuously one after another. An attacker may try to corrupt users who were in charge of voting for an earlier block, “go back in time” and have these users generate a different block in that same round, thus creating a fork. Ephemeral keys are used in Algorand blockchain against such attacks and ensure forward security. Each voting message in the protocol is signed using a voting key that is deleted after its job is done, thus the name “ephemeral”. With this method, even in the future, if an attacker manages to corrupt all users that were in the system in an earlier round, they do not have their voting keys to generate any block that is different from the existing ones.

It’s worth pointing out that, achieving security without requiring liveness is trivial and meaningless —users simply do not generate any blocks and the system is perfectly secure. The Algorand blockchain achieves both security and liveness against a very powerful adversary. We’ll get to the adversary model in a later question.

2. It is said that Algorand’s blockchain is non-forkable. Can you elaborate on how it happens?

In Algorand’s consensus protocol, when selecting committee members for generating a block in a given round, the selection rules and parameters are designed in such a way that, if one block has accumulated enough votes from committee members, then no other block for the same round will accumulate enough votes. This is true even when the attacker was the one who proposed the blocks, even when the attacker managed to partition the network —splitting users into several disconnected groups and fully controlling the communication among them. In such cases, after a block has been generated (that is, gotten enough votes from proper committee members), honest users may not immediately realize this fact. However, the messages that they have seen tell them that this particular block “may have” gotten enough votes and that they should not vote on any other block. Therefore, no two blocks from the same round will both accumulate enough votes. This holds true even when the network is partitioned for an indefinite amount of time and no one knows when it will be resolved. Nonetheless, Algorand’s blockchain doesn’t fork and users’ balances remain secure.

Again, both safety and liveness are needed for a blockchain. Algorand’s Byzantine agreement not only doesn’t fork, it also guarantees liveness when the network is not partitioned and recovers liveness after a network partition is resolved.

3. What are the restrictions on Algorand’s adversary model? 

The Algorand blockchain is secure against a very powerful adversary, who can corrupt any specific user they choose, fully control the behavior of that corrupted user, and perfectly coordinate the behavior of all corrupted users. For example, malicious behavior includes but is not limited to – signing contradicting voting messages, double-spending, sending their messages only to specific users at specific times, inaction, etc. It is required that an adversary does not control more than 1/3 of the total stakes participating in the consensus protocol.

4. In Algorand, bad actors will not be punished as there is math to show that wrongdoing is not costly to the system. Can you elaborate on the math?

As mentioned earlier, Algorand’s consensus protocol is secure against an adversary who controls no more than 1/3 of the total stakes. The core techniques have been discussed in earlier questions (e.g., #1 and #2).

5. Transaction per second (TPS) is often used to measure the scalability of the public blockchain. What are the technological breakthroughs for Algorand to achieve high TPS?

Algorand’s scalability is made possible by a combination of cryptographic techniques and its efficient Byzantine agreement. See #1 for more details.

Part 2 of the interview is coming up, stay tuned!

Exclusive: How to Ensure Random Numbers in Public Blockchain?

Following Part 1 of our interview, Jing Chen of Algorand further teaches our readers on how to ensure the randomness of a number in public blockchain! She also evaluates the existing Proof-of-Stake (POS) protocols: Delegated VS Bonded VS Pure POS!

Regarding the white paper “Digital Signatures for Consensus” published on March 9, 2019, it states that the signature equation contains a random value r. How do you ensure a random number is really random in the public blockchain?

Randomness is used to select committee members for block generation in Algorand’s pure proof-of-stake consensus protocol. This is done through Verifiable Random Functions (VRF).

The seed of the VRF is generated by block proposers and may depend on the state of the blockchain thus far. The adversary cannot predict the randomness before seeing the block proposer’s message, thus cannot pre-strategize based on it. The randomness used in the protocol is updated every round, and seeing the randomness for the current round does not help an adversary predict the randomness used in future rounds. Similar schemes can be used to generate randomness for other purposes, including digital signatures.

What are the problems of delegated proof-of-stake (DPOS) and bonded proof-of-stake?

While delegated and bonded proof-of-stake approaches are more environmentally conscious – as they do not require the large computation power as found in a proof-of-work system in order to mine a block – they are still centralized by design.

In delegated proof-of-stake, a fixed number of selected entities, or delegates, are selected to generate blocks. Delegates are voted into power by the users of the network, who each get a number of votes proportional to the number of tokens they own on the network (i.e., their stake). However, once delegates are selected, they remain in position for a long time, which inherently makes the system more centralized. Further, there is no guarantee that all delegates will remain honest. And even if their honesty was certain, because their identities are known, they become obvious targets for attackers.

In bonded proof-of-stake, a user’s voting power is proportional to the number of tokens he is willing to “lock-up” —that is, put aside without touching for a long time. If he is caught taking malicious actions within the system, then these tokens may be confiscated. This inherently puts “small” users at a disadvantage, as they may need their tokens frequently and can’t afford to lock a large amount up for a long time. Users with a large total stake, on the other hand, are often more willing to do so, causing the voting power in the system to skew disproportionately towards them.

In comparison, Algorand’s Pure Proof-of-Stake (PPoS) approach randomly selects users in charge of block generation. The randomized selection happens not only per block but actually along every step of the Byzantine agreement per block. Every user may be chosen to propose and vote on blocks. The selection probability is directly proportional to a user’s total stake rather than the stake he is willing to lock up. The protocol does not ask a user to lock up any stake in order to participate, neither does it confiscate a user’s stake.

Why Dutch auction is adopted to determine the token price of Algorand?

The Algorand Foundation is responsible for the distribution of Algos—the native token of the Algorand platform. Algos will initially enter circulation through a sequence of Dutch auctions due to three main benefits they specifically provide – fairness, transparency, and convenience.

A Dutch auction lets the market determines the fair price of tokens rather than having the price set by any specific entity. Also, in a Dutch auction, the token price is the same for all participants who have won any amount of tokens, treating participants fairly.

A Dutch auction is convenient for the users to participate in online. Indeed, during such an auction a user does not need to remain online the entire time. They can make a bid and then move offline, and even return online to make another bid later on.

Finally, auctions are conducted on the Algorand blockchain for transparency. All bids are placed on the blockchain, so everybody can verify that the auction has been conducted properly.

Knowing that most of the dApps in public blockchains related to gaming, how Algorand can attract blockchain developers from existing leaders such as EOS and Tron?

Algorand’s technology stands out in decentralization, scalability, and security. We are committed to building a truly permissionless and decentralized public blockchain; a vision shared by many blockchain developers. The Algorand blockchain offers and will continue to offer many unique features where true technology plays. I invite readers to look at our blog posts on Algorand’s roadmap.

For example, as the Algorand blockchain doesn’t fork, it provides immediate transaction finality. After seeing a newly generated block containing a specific transaction, a user doesn’t need to wait for several other blocks to be generated following it before he can safely rely on that transaction. This is critical for time-sensitive applications, as there is no need to make a tradeoff between having a short confirmation time for transactions and risking certain transactions disappearing from the chain.

Bangladesh Sends Graduates Abroad for Blockchain Training with IT Fund

In an effort to increase the level of expertise in the field of distributed ledger technology, the government of Bangladesh has expressed its intentions to send 100 new graduates for blockchain training in Japan and India according to the report by Bangladesh’s English-language newspaper The Daily Star on Aug. 4. The country also plans to explore artificial intelligence machine learning and cybersecurity as well.

In addition to this effort, the authorities also plan to send 200 graduates of computer science and electrical and electronics engineering to gain professional knowledge in the future trends of information technology, seeing that the world IT space is fast changing.

There is a full description of what the program entails on the official website of the Bangladesh Hi-Tech Park Authority, where prospective candidates can apply. Based on a report it is expected that in order to qualify, the prospective candidates (who must below the age of 32) are to take an exam with the Information and Communication Technology (ICT) Division.

The program will be fully funded by a governmental fund that has been created in association with an Indian line of credit in order to establish 12 district ICT and hi-tech parks. The funding of the project, which was reported to have been launched in for implementation in July 2017, and will last until June 2020 is worth Worth 17.96 billion Bangladeshi takas (approximately $208 million USD).

It could be seen that institutions of higher learning have started placing more priority on education and programs in the field of distributed ledger technology around the world. Countries like Canada have also been making waves in this field as we could see that the Canada-based University of British Columbia announced a blockchain and distributed ledger technology training program for Masters and PhD students in June.

Images via Shutterstock

Ethereum Network Planned Hard Fork Delayed Due to Late Acceptance of EIPS

The blockchain infrastructure company running the core of the Ethereum network has delayed the planned hard fork launch until September 6th.  

During the dev meeting, Pooja Ranjan, founder of Etherworld presented meeting notes which suggested that, in accordance with the Parity core developer, Wei Tang, there is bound to be a two-week delay before any proceeding in selecting the block numbers with regards to the Istanbul fork.  

Wei expressed concerns over gas issues which would require immediate resolving prior to launching or implementing the mainnet hardfork, as it could result in complications in changing the course once the fork occurs. This could result in the delay past September 6, Wei argued.   

Not to mention, Buterin of Ethereum has previously highlighted that the Ethereum blockchain itself is reaching full capacity.  

Buterin stated: 

Scalability is a big bottleneck because the Ethereum blockchain is almost full. If you’re a bigger organization, the calculus is that if we join, it will not only be fuller, but we will be competing with everyone for transaction space” 

Image via Shutterstock

Brazil Records the First Blockchain-Based Birth Certificate

The first birth certificate recorded on the blockchain was issued in Brazil to Álvaro de MedeirosMendonça.  

  

As reported by Cointelegraph Brazil, Álvaro was one of the first children to have their birth certificate recorded with blockchain technology without the need for a centralized registry office.  

  

Growth Tech, a tech company, in partnership with IBM, invited Álvaro’s parents to the hospital to participate in the project. It was reported that the process of registering his newborn child only took less than five minutes when blockchain technology was used on Growth Tech’s Notary Ledgers platform, which also provides virtual notary services.  

  

IBM’s blockchain leader in Latin America, Carlos Rischioto mentioned that the child registration method takes three stages. The first is the “Live Birth Statement” recorded by the hospital. Second, the parents create a digital identity on the platform and lastly; the information is sent to the notary office, making the certificate official. He also stated that the platform would allow the birth registration office to be more efficient and transparent.   

Image via Shutterstock

Blockchain Devices Market to Grow by $1.285 Billion by 2024

Recent research by MarketsandMarkets shows a CAGR of 42.5% for blockchain devices market by 2024. The study was filtered through their report, “Blockchain Devices Market by Type (Blockchain Smartphones, Crypto Hardware Wallets, Crypto ATMs, POS Devices, & Others), Connectivity (Wired & Wireless), Application (Personal & Corporate), and Geography – Global Forecast to 2024.”

The research also showed an indication that the motivating factors for the market growth was the increased adoption of blockchain technology in sectors such as retail and supply chain management, venture capital funding development and growing market capitalization for cryptocurrencies and initial coin offerings. However, the report highlighted the absence of clear regulations and awareness of compliance will limit the market from further growth.

With regards to the device, the blockchain-based wireless connectivity for data transfer such as smartphones, crypto hardware wallets, and point-of-sale devices will denote the highest growth point in the duration of the forecast period. These will be accompanied by blockchain gateways and pre-configured devices adopted in banking, government, automotive, telecommunication as well as other industries.

Source: MarketsandMarkets

Geographically, the report pointed out that North America will lead in the global market of the blockchain devices market, to quote,

North America dominates the global market as the region is an early adopter of blockchain devices. […] Moreover, several blockchain devices vendors are based in this region, thereby contributing to the growth of the blockchain devices market in North America.”

Image via Shutterstock

Turkish Government Announces Plans for National Blockchain Infrastructure

The Ministry of Industry and Technology of the Turkish Government announced its plan for a national blockchain infrastructure used in public administration on Sept. 18 in Ankara.   

Strategy 2023, a presentation set out by the Turkish Ministry of Industry and Technology, pointed out blockchain and distributed ledger technology as priorities for the coming year. The definition of blockchain technology outlined in Strategy 2023 states:  

“Blockchain, which became popular with virtual currencies like Bitcoin, delivers a distributed communication infrastructure to provide trust between parties on transactions without the need for a central authority. This feature enables many different use cases that address transparency and reliability issues, from smart contracts to supply chains. Because it removes any intermediaries, blockchain technology builds new business models that will shape the future.”  

In a survey outlined by Startup Genome, blockchain was marked as one of the fastest-growing technology trends, reaching a 101.5% increase in early-stage startup funding globally.   

The Ministry of Industry and Technology also aims to work with Turkish regulators to create a regulatory sandbox for relevant blockchain applications.  

An economic roadmap released by the government of Turkey in July 2019, outlined the plan for a central bank-issued digital currency.   

Image via Shutterstock 

Exit mobile version