Monthly archives of “February 2016

comment 1

The miners dilemma – Bitcoin sabotage can be profitable

black diceImagine a small village of a 100 people.

One day,  a sorcerer shows up,  and grants all the villagers magical 1000-sided dice, which are purely random and can only be thrown at a fixed rate of 1 throw per second (no faster & no slower).

Over the next year, at noon of every day, the sorcerer will announce a random number between 1 and 1000, and the first villager to throw that number on their magical dice will earn $100, just by raising than hands and announcing it to the wizard.

The villagers play along, and the since the dice are purely random, each villager can expect to win $100 every 100 days.

But if they pooled their dice together they could create interesting scenarios. For example, a group of 10 ‘pooled’ villagers, could expect to win once every 10 days, and the winnings of $100 could be equally divided between them. To these villagers $10 every 10 days is a better deal than $100 every 100 days.

Eventually the village ends up with 2 pools of 50 villagers each. The pools expect to win once every other day, and the winnings would be $2 dollars per villager. So effectively, they’re winning $2 every 2 days.

So far so good.

The Crooked Pool attacks

crooksHowever, one of these pools (called the crooked pool), starts to act all dick-dastardly. They send 25 of their members to infiltrate the other ‘honest’ pool. These infiltrators will roll their dice, but never claim announce their winnings to the sorcerer, even if they roll the magical number. Essentially these infiltrators become dead-weight on the honest pool, rolling dice choosing to never win. The remaining 25 members in the crooked pool will continue rolling and trying to win.

At first this seems illogical, why would a pool intentionally give up half it’s resources to sabotage another? How could discarding winnings actually benefit anyone? Does it even profit the crooks?

Yes it does:

  • The crooked pool now has 25 villagers rolling dice;
  • The honest pool has 75 villagers, but only 50 of them are effectively trying to win
  • Don’t forget, the crooked pool has 25 members in the honest pool, and hence is entitled to 1/3rd of their winnings.
  • Which means the original 50 villagers in the honest pool, only get 2/3rd of their winnings.
  • With only 75 villagers effectively throwing the dice, the crooked pool now has both it’s original 25 members and a 1/3rd share of the remaining 50.
  • The maths is only a ‘bit’ complicated, but the result is the crooked pool increases its chances of winning from 50% to 56%.

Amazing right?! Even though the 25 infiltrators are essentially wasting their throws, they can actually profit from the activity.

This isn’t just a thought experiment either, this is a problem known in bitcoin as the miners delimma, analogous to famous prisoner dilemma thought in game theory. Bitcoin mining works almost exactly like this scenario, it is a purely random function similar to dice throwing, whose odds of success can only be increased if you ramp up the hashing power, or in this case, adding villagers to a pool.

comment 0

Apple vs. FBI: Everything you need to know

broken-fenceA judge in the US has ordered Apple to provide ‘technical assistance’ to FBI, in creating what some (but not all) cybersecurity experts call a backdoor. In the few years I’ve written about these issues, I’ve never seen anything as hotly debated as this one, across the folks from digital security to foreign policy all coming down on both sides of the debate.

On one hand it seems a bit snarky of the FBI to use this one particular case, that looks to have the highest possible chance of success to set precedent, but on the other hand it seems mighty nasty of Apple to refuse to comply with a court order, to crack into a terrorist phone.

So here’s some facts of the case.

The phone in question belonged to Syed Rizwan Farook, a shooter in the San Bernadino shooting, which caused the deaths of 14 people. America has numerous mass shootings, but this one involved two Muslims aligned to ISIS–and hence more easily labeled terrorism, without the need for adjectives like ‘domestic’.

As I blogged about last week, self-radicalized terrorist don’t get funding from headquarters, and without that glorious ISIS-oil money, all these guys could afford for was an iPhone 5C, an entry-level phone with hardware identical to that of the iPhone 5, a phone launched waaaayy back in 2012 (you’ll remember that as the year Manchester United last won the Premier League). As an older phone, the security architecture of the 5C lagged behind the current generation iPhones, all of which have a secure enclave, but make no mistake, it’s still pretty secure.

By pretty secure, I mean that the phone has all of its contents encrypted, and un-readable to anyone without the encryption key. The key is derived from both the user passcode, and a randomly generated hardware key that is unique to the specific iPhone. It is generally understood that Apple doesn’t keep track of the hardware key, and therefore unable to provide it, as you might expect the hardware will also never give up it’s key under any circumstance. Without the hardware key, the encrypted  data is unreadable, even with the passcode. Which explains why the FBI can’t suck the data out of the device for decryption on a more powerful computer, or load the data into 1000’s of iPhones for parallel cracking.

comment 0

Court rules Hacking Team documents still confidential

internet censorshipUnder the current hype of the FBI ordering Apple to ‘install backdoors’ on their iPhones, a bit of interesting news seems to have slid under the radar.

A court in Singapore ruled that e-mails from the Hacking Team breach, published by the hacker Phineas Fisher via a torrent download, and available freely on Wikileaks–were still confidential in nature.

The news hits close to home, after all, I’ve written a 2,000 word article on it back in July, and have been harping on the issue over the past weeks, even going on BFM radio for an interview.

So was I using confidential information in my tech evangelism?!

Well, probably not, but this does raise some interesting questions.

Here’s the facts of the case.

comments 2

Forcing journalist to reveal sources will be bad–for the government!

Our spanking new, hand-picked Attorney-General is proposing life imprisonment for journalist who refuse to reveal their sources.

And surprisingly, my favorite Member of Parliament,Dato Azalina Othman, has supported the move, saying it was ‘high-time’ Malaysian did something. Fortunately, some calmer more rationale heads, like Dato Paul Low have criticized the A-G for his short-sighted stupidity.

Putting aside the fact that anonymity of sources is a core component of Press freedom, it’s easy to extrapolate how harsher punishment for journalists who keep their sources anonymous will back-fire spectacularly for the Government.

If sources know that Journalist will be pressured to reveal their identities, most sources will stop speaking journalist, thereby stemming the leakages from the government, and keeping the status quo.Or so the theory goes…

comment 0

Being Terrified: The price of terrorism

Next week, I’ll be on BFM for an interview about spyware, which will be my last Hail Mary play to get a conversation started about the use of surveillance software by the Government. If a radio interview on a popular station won’t do it, nothing on my blog will possibly be able to anyway 🙂

In any case, this post is a pre-emptive response to a slightly controversial idea that I cover (very briefly) in the interview, and hopefully it can be articulated better here than in a radio segment. To be honest, I haven’t fully thought this through, but I believe it at least some some aspects of truth that deserve further attention.

The Idea comes in 3 parts:

  1. Terrorism has changed dramatically with ISIS (or Daesh)
  2. Our conventional approach to surveillance will be ineffective against this new threat
  3. Our surveillance-based response to the new threat may end up hurting us more than ISIS ever could

Let’s go through them one at a time