Review: Making Bitcoin Legal

in #bitcoin7 years ago (edited)

In their paper, Making Bitcoin Legal Ross Anderson, Ilia Shumailov, and Mansor Ahmed discuss a new technique for tracking stolen bitcoin. Here, I discuss some highlights from their paper and some implications for the Steem block chain.

Introduction

This week, renowned computer security expert, Bruce Schneier, linked from his own blog post, Tracing Stolen Bitcoin, to an interesting paper. The paper is Making Bitcoin Legal, by Ross Anderson, Ilia Shumailov and Mansoor Ahmed from the Cambridge University Computer Laboratory. He also links to Ross Anderson's blog post with the same title as Schneier's. That, in turn, links to this Youtube video that you may enjoy:

In the paper, blog post, and video, the authors describe the current state of the art on tracing stolen bitcoin, describe some problems with existing methods, and they propose a new method -- based on 19th century English law -- that looks to be a substantial improvement over existing techniques. They also announce the upcoming release of open source software that will implement their proposal.

In the following sections of this blog post, I will discuss the state of the art, as conveyed in the paper, I will then move on to describing the authors' proposal, and finally, I will imagine how the same concept could be applied in the Steem ecosystem.

Section 1: The state of the art

Image source: pixabay.com, License: CC0, Public Domain

According to these authors, the state of the art on tracing stolen bitcoin (taint tracking) is to use either poison or haircut.

With poison, the algorithm follows the tainted coins, and adds "taint" to transactions in which they are used. Thus, if 3 tainted bitcoins are used in a transaction with 7 "clean" ones, the tainted ones are considered to poison the whole batch, and all 10 become tainted. An obvious problem with this would seem to be that the number of tainted coins is constantly expanding, even if the number of thefts is not.

In contrast, with haircut, a transaction involving 3 tainted bitcoins and 7 clean ones smears the taint around, and results in 10 bitcoins that are each 30% tainted. This doesn't suffer from the same defect as poison, but it has the problem that the taint gets distributed widely very quickly.

The authors found an 1816 precedent from English law, "Clayton's case", where a judge had to solve the problem of sorting out good and bad transactions after a bank failure. The judge ruled that the transactions had to be dealt with in a "first in first out" (FIFO) ordering. FIFO is something that computer scientists are very familiar with, so the authors decided to apply the algorithm to bitcoin and see what happened.

Section 2: The new contribution - FIFO

Image source: pixabay.com, License: CC0, Public Domain

The really interesting is that the authors found that the FIFO algorithm offered much more precision for taint tracking. For example,

The 2012 theft of 46,653 bitcoin from Linode tainted 2,694,051 addresses, or almost 5% of the total, using the haircut algorithm, while with FIFO, it’s 371,544 or just over 0.67%

and

Overall, most bitcoin accounts have zero taint using FIFO, while less than 24% escape taint if we use a haircut approach.

According to the paper, this tracking method is even resistant to attempts at anonymization via coin mixing.

What this all shows is that tracking stolen bitcoin actually is feasible, at least in principle. This, in turn, could have sweeping legal implications, which I suggest that you read in the paper. For my purposes here, it means that the victim of a bitcoin theft could now track their bitcoins to a regulated entity, such as an exchange, and hold that party liable in the courts for trafficking in stolen bitcoin.

The authors go on to introduce the concept of a taintchain, their open source software that publicly lists the tainted coins on the bitcoin block chain. They further note that due to the wide variety of jurisdictions, it would actually be necessary to maintain numerous taint chain instances - each implementing the rules of a particular country or jurisdiction.

What I got to wondering is, how could this concept be applied to Steem?

Section 3: Applying taintchain logic to Steem

Image source: pixabay.com, License: CC0, Public Domain

When I signed up for steemit, I linked from my Facebook account to my steemit introduction post. This validated me as the owner of my account. This validation demonstrates that pretty much all of my current holdings are untainted. What if I went on a 6 month hiatus, and someone - say @badguy666 - managed to power everything down and send it to himself.

After 6 months, it would be too late for me to recover my keys, but if the FIFO taint tracking method were adopted, I'd still be able to use the legal system to track and recover my missing Steem. To take a simplistic example, suppose that @badguy666 has 100 untainted Steem in his wallet when he receives my 10 stolen Steem. Under this convention, for the first 100 Steem that he spends after receiving my tainted Steem, his transactions are considered clean. For the next 10 Steem, however, all transactions are using tainted Steem.

According to Anderson et al., it is a long standing principle of law that, "Nobody can give what isn’t theirs" (Nemo Dat Quod Non Habet). So under this convention, those tainted transactions would be considered to be illegitimate. Eventually, when the tokens reach an exchange, I would be able to sue to get my 10 Steem returned to me (sorry @blocktrades ; -). Of course, this would mean that exchanges would stop accepting tainted coins, which would also mean that everyone would need to keep track of taint in order to avoid being left as a bag-holder with a wallet-full of unspendable Steem.

A really interesting part of this is that it can even be applied, retroactively, to funds that were stolen some time ago.

Conclusion

I'll be honest, I'm not entirely sure how much I like this capability. The ability to recover stolen bitcoin would be nice, but it comes at the cost that neither Bitcoin nor Steem nor any other block chain where this is possible is fungible, and I'm sure that I haven't thought through anywhere near all of the implications. Regardless, it's now too late to put the genie back in the lamp, so people are probably going to have to figure out how to harness the good aspects and minimize the bad ones.

I will close by quoting the closing paragraph from Anderson et al.

In short, we might be able to turn a rather dangerous system into a much safer one – simply by taking some information that is already public (the block chain) and publishing it in a more accessible format (the taint chain). Is that not remarkable?

Thank you for your time and attention.

Sign up for your own Steem account with this invitation from busy.org - https://busy.org/i/@remlaps.

As a general rule, I up-vote comments that demonstrate "proof of reading".



Steve Palmer is an IT professional with three decades of professional experience in data communications and information systems. He holds a bachelor's degree in mathematics, a master's degree in computer science, and a master's degree in information systems and technology management. He has been awarded 3 US patents.

Steve is a co-founder of the Steemit's Best Classical Music Facebook page, and the @classical-music steemit curation account.
Follow: @classical-musicFollow: @classical-radioClassical Music discord invitation: https://discord.gg/ppVmmgt Classical Music Logo by ivan.atman

Sort:  

Coin Marketplace

STEEM 0.21
TRX 0.20
JST 0.034
BTC 90296.17
ETH 3085.37
USDT 1.00
SBD 2.95