from Hacker News

The Flaw that May Bring Down Bitcoin or Change it Forever

by thetabyte on 4/30/13, 10:32 PM with 61 comments

  • by frisco on 5/1/13, 2:10 AM

    There's already a proposal floating around on the dev list to introduce a new address type, P2SH^2, which would allow the relevant data fields currently being used to stuff the info discussed in the article to become hashes. This would have the effect that if you wanted to stuff arbitrary data, you'd be limited to finding hash collisions. See the thread here: http://sourceforge.net/mailarchive/message.php?msg_id=307056...

    I've been lurking on the bitcoin-dev list for a while to observe how they handle issues just like this. I'm confident that these problems will be transient.

  • by AnthonyMouse on 5/1/13, 5:45 AM

    The flaw in all of this is that you're embedding 20 bytes in the blockchain. In order to do that, you have to choose an encoding method. In order to get the embedded data back out, you have to convey the encoding method and which block is encoded with it to the recipient. Which is totally pointless because if you can convey that to the recipient then you might as well just use the same communications method to convey the original message. The only plausible reason not to would be if the law prohibits the message but not the information about how to construct the message from the blockchain (and even that is not guaranteed). Even then all you would accomplish is to cause the government to pass a new law that prohibits you from telling anyone that a prohibited link is encoded in the block in the same way that you're currently prohibited from telling anyone the link itself.

    The real problem here is not that child pornographers would actually use bitcoin to distribute links, it's that assholes who want to damage bitcoin would put contraband in the blockchain in order to cause legal trouble for innocent users.

    But I think that's a broader problem than just bitcoin. You can encode anything into anything. Take anything anyone else has posted and xor it with something you want to encode. The output will resemble garbage rather than either input. But now you can post the "garbage" and instructions on what to xor it with to allow anyone to recover your encoded message, and the poster of the other message becomes an unwilling participant in your encoding scheme. It clearly makes no sense to punish distributors of the original message just because the encoded message is contraband. Which doesn't mean there won't be laws that will punish it anyway, but that is the fight that needs to be won -- to not allow stupid laws that would punish innocent people.

  • by moxie on 5/1/13, 4:39 AM

    Travis Goodspeed and Dan Kaminksy demonstrated this in 2011 by embedding a tribute to the late Len Sassaman in the blockchain: http://pastebin.com/raw.php?i=BUB3dygQ

  • by tyre on 5/1/13, 2:37 AM

    This will neither bring bitcoin down or change it forever.

    Any information contained in those bytes is just that: information. What can you say in 20 bytes that can have permanent, material damage to human beings?

    A wonderfully sensationalist title, but really nothing to back it up.

  • by TheEskimo on 5/1/13, 7:23 AM

    I believe that there is an even more important practical issue.

    What if someone manages to embed something very much like the EICER string[0] in it? How many people do you think would use the bitcoin client on windows if their AV automatically deleted the blockchain as it downloaded in a misguided attempt to protect them?

    Of course, first we have to know if this is possible at all. Does anyone know if there's either a) 20 bytes with a very high AV detection rate or b) some way to embed more than 20 bytes in a row in the block chain?

    [0]: http://en.wikipedia.org/wiki/EICAR_test_file

  • by siculars on 5/1/13, 6:31 AM

    Of all the things threatening bitcoin this is by far the least worrisome. What if people start writing links to censored/illegal content on circulating dollar bills? Nothing, that's what.

  • by eurleif on 5/1/13, 5:12 AM

    Kind of like how somewhere, within the digits of pi, there's all sorts of criminal data. http://everything2.com/title/Converting+Pi+to+binary%253A+Do...

  • by rockyleal on 5/1/13, 2:28 AM

    I think there is a lot of sensationalism in the way this issue has been aproached. To inject data into the blockchain in this way is comparable (although not identical) to writing the same 'evil urls' in a dollar bill with a pen, and then passing it around.

    It is a problem that exists in a different layer than the currency, even if it is to some degree 'passed on' through the currency. Likewise, the solution (imho) lies in a different layer: detect a cp link in the blockchain? Great, take down the link, problem solved.

    Just as it is not the fault of TCP/IP, or its 'downfall', that it is able to transmit 'evil data', it is not Bitcoin's fault what vandals sometimes write on it.

  • by dasil003 on 5/1/13, 6:50 AM

    How is this any different than a government declaring bitcoin illegal for whatever legal reasoning they can come up with?

    It's not practical to shut down everyone with a bitcoin database any more than it's practical to raid every server with wikileaks data. If they're going to declare this nuclear war on bitcoin it's not going to be on the basis of some piece of data which by the point it's in the blockchain is out of the bag anyway.

  • by tlrobinson on 5/1/13, 5:15 AM

    This brings up some interesting questions. One could also XOR some illegal data with the text of the US Constitution, then claim that the Constitution "contains" that data, you just need to XOR it with this particular key.

    Obviously that's absurd, but where do you draw the line? You need specialized software and the 32 byte transaction ID in order to extract the data.

    What other permanent public records could be manipulated like this?

  • by andr3w321 on 5/1/13, 9:12 AM

    Can someone post the command to create these messages or at least tell me what portion of the transaction this is being stored under? I am curious. My chain is a bit out of date, but I was able to generate the messages http://pastebin.com/wdpF4L4k

    ~/.bitcoin/blocks $ ls | xargs strings -n 20 | tee ~/Downloads/hiddenblockchain.txt

    https://en.bitcoin.it/wiki/Original_Bitcoin_client/API_Calls...

    Are they just sending coins to an invalid address (their string)?

  • by Xcelerate on 5/1/13, 2:28 AM

    I would think the solution to this problem is to somehow prove to the blockchain that the address was indeed produced by the SHA256 RIPEMD160 process. I would think mathematically there is some way to do this without revealing what it was you hashed.

    I mean, you can verify that you are who you say you are simply by using your private key to sign a message; I would think a comparable process would work for this.

    EDIT: Facepalm; you're hashing the public key. You don't need to hide that. See my comment below.

  • by LAMike on 5/1/13, 3:48 AM

    What's the worst thing you can transmit with 20 bytes? A link to a website? A couple of the 7 words? A "yo mama" joke? C'mon this is a BS linkbait article

  • by ck2 on 5/1/13, 3:48 AM

    I guess they should have disallowed vowels eh?

    Has spam appeared yet? Because you know that is next.

  • by scottmcleod on 5/1/13, 3:16 AM

    Title seems irrelevant. My prediction is we will see coins dedicated to just this purpose.

  • by drivebyacct2 on 5/1/13, 6:37 AM

    Am I wrong in thinking that this is some sort of "freedom of speech" and that it isn't necessarily wholly different than Bitcoin's sense of "hands off, let it be, decentralization, no one can control/stifle/limit/etc"?