MatRiCT: A quantum-safe and privacy-preserving blockchain protocol

Researchers from CSIRO’s Data61 and the Monash Blockchain Technology Centre have developed the world’s most efficient blockchain protocol that is both secure against quantum computers and protects the privacy of its users and their transactions.

MatRiCT

The technology can be applied beyond cryptocurrencies, such as digital health, banking, finance and government services, as well as services which may require accountability to prevent illegal use.

The protocol — a set of rules governing how a blockchain network operates — is called MatRiCT.

Cryptocurrencies vulnerable to attacks by quantum computers

The cryptocurrency market is currently valued at more than $325 billion, with an average of approximately $50 billion traded daily over the past year.

However, blockchain-based cryptocurrencies like Bitcoin and Ethereum are vulnerable to attacks by quantum computers, which are capable of performing complex calculations and processing substantial amounts of data to break blockchains, in significantly faster times than current computers.

“Quantum computing can compromise the signatures or keys used to authenticate transactions, as well as the integrity of blockchains themselves,” said Dr Muhammed Esgin, lead researcher at Monash University and Data61’s Distributed Systems Security Group. “Once this occurs, the underlying cryptocurrency could be altered, leading to theft, double spend or forgery, and users’ privacy may be jeopardised.

“Existing cryptocurrencies tend to either be quantum-safe or privacy-preserving, but for the first time our new protocol achieves both in a practical and deployable way.”

The MatRiCT protocol is based on hard lattice problems, which are quantum secure, and introduces three new key features: the shortest quantum-secure ring signature scheme to date, which authenticates activity and transactions using only the signature; a zero-knowledge proof method, which hides sensitive transaction information; and an auditability function, which could help prevent illegal cryptocurrency use.

Blockchain challenged by speed and energy consumption

Speed and energy consumption are significant challenges presented by blockchain technologies which can lead to inefficiencies and increased costs.

“The protocol is designed to address the inefficiencies in previous blockchain protocols such as complex authentication procedures, thereby speeding up calculation efficiencies and using less energy to resolve, leading to significant cost savings,” said Dr Ron Steinfeld, associate professor, co-author of the research and a quantum-safe cryptography expert at Monash University.

“Our new protocol is significantly faster and more efficient, as the identity signatures and proof required when conducting transactions are the shortest to date, thereby requiring less data communication, speeding up the transaction processing time, and reducing the amount of energy required to complete transactions.”

“Hcash will be incorporating the protocol into its own systems, transforming its existing cryptocurrency, HyperCash, into one that is both quantum safe and privacy protecting,” said Dr Joseph Liu, associate professor, Director of Monash Blockchain Technology Centre and HCash Chief Scientist.

New AI algorithm to detect cryptocurrency miners as they steal power

Computer scientists have developed a new artificial intelligence (AI) system that may be able to identify malicious codes that hijack supercomputers to mine for cryptocurrency such as Bitcoin and Monero.

detect cryptocurrency miners

“Based on recent computer break-ins in Europe and elsewhere, this type of software watchdog will soon be crucial to prevent cryptocurrency miners from hacking into high-performance computing facilities and stealing precious computing resources,” said Gopinath Chennupati, a researcher at Los Alamos National Laboratory and co-author of a new paper in the journal IEEE Access.

“Our deep learning artificial intelligence model is designed to detect the abusive use of supercomputers specifically for the purpose of cryptocurrency mining.”

Detect cryptocurrency miners

Legitimate cryptocurrency miners often assemble enormous computer arrays dedicated to digging up the digital cash. Less savory miners have found they can strike it rich by hijacking supercomputers, provided they can keep their efforts hidden.

The new AI system is designed to catch them in the act by comparing programs based on graphs, which are like fingerprints for software.

All programs can be represented by graphs that consist of nodes linked by lines, loops, or jumps. Much as human criminals can be caught by comparing the whorls and arcs on their fingertips to records in a fingerprint database, the new AI system compares the contours in a program’s flow-control graph to a catalog of graphs for programs that are allowed to run on a given computer.

Instead of finding a match to a known criminal program, however, the system checks to determine whether a graph is among those that identify programs that are supposed to be running on the system.

How reliable is it?

The researchers tested their system by comparing a known, benign code to an abusive, Bitcoin mining code. They found that their system identified the illicit mining operation much quicker and more reliably than conventional, non-AI analyses.

Because the approach relies on graph comparisons, it cannot be fooled by common techniques that illicit cryptocurrency miners use to disguise their codes, such as including obfuscating variables and comments intended to make the codes look like legitimate programming.

While this graph-based approach may not offer a completely foolproof solution for all scenarios, it significantly expands the set of effective approaches for cyberdetectives to use in their ongoing efforts to stifle cybercriminals.

Based on recent computer break-ins, such software watchdogs will soon be crucial to prevent cryptocurrency miners from hacking into high-performance computing facilities and stealing precious computing resources.

Cryptocurrency crime losses more than double to $4.5 billion in 2019

Cryptocurrency users, exchanges and investors suffered $4.5 billion in crypto-related losses resulting from thefts, hacks, and fraud, a CipherTrace report reveals.

cryptocurrency crime losses

Cryptocurrency crime losses

The lion’s share of those losses stem from the staggering growth of Ponzi schemes, exit scams, and misappropriation of funds crimes, the value of which rose 533 percent year over year.

Also, traditional financial services have become increasingly infused with crypto assets. For instance, results of an extensive analysis of the blockchain found almost all U.S. banks harbor illicit virtual asset related money service businesses (MSBs), including cryptocurrency exchanges.

Of additional concern for banks, 66 percent of dark market vendors sell stolen financial products and compromised accounts for cryptocurrency. And virtually all (97 percent) of ransomware attacks use bitcoin as the payment rail.

“Our research revealed some surprising trends in 2019,” said David Jevans, CEO of CipherTrace. “First, there was a dramatic shift away from outright thefts and exchange hacks and toward Ponzi schemes, exit scams, and other con games.

“Second, like them or not, banks have a lot more virtual assets lurking in their accounts and payment networks than most in the industry had previously thought. Banks need new capabilities to ferret out illicit MSBs, terrorist financing, and other major sources of risk.”

The report also provides an overview of regulatory moves throughout the world. This includes a comprehensive chart of anti-money laundering (AML) regulations by country, an update on the respective blockchain-related enforcement authority of the SEC, FinCEN, and the CFTC, and detailed reports on major regulatory and eCrime developments in various countries.

Trends in theft, fraud, hacks and misappropriation of funds

Cryptocriminals had a banner year in 2019. Total cryptocurrency crime increased 160 percent from 2018. However, as the report suggests, if 2019 had a Person of the Year, it would have been The Malicious Insider.

The culprits behind most of the losses were fraudsters operating inside everything from seemingly legitimate blockchain projects that were actually exit scams to crypto Ponzi and pyramid schemes. Ultimately, all that $4.5B worth of illicit cryptocurrency needs to be laundered.

Crypto-asset blind spots expose banks to risk

The typical top 10 U.S. bank unknowingly facilitates approximately $2 billion in illicit cryptocurrency transactions each year. Stealth MSBs using accounts and payment networks expose financial institutions to significant AML and counter terrorism financing (CTF) compliance risk.

Further research revealed banks paid record AML fines globally in 2019—more than $6.2 billion. This number could increase in 2020 as crypto-related money laundering and sanction evasion enforcement ramps up.

“As crypto-assets become increasingly entangled in traditional financial services, AML and CTF compliance risks are on the rise,” said Stephen Ryan, COO of CipherTrace.

“Virtual assets are now pervasive in bank accounts and payment networks, and banks must find ways to deal with the risks. Effectively mitigating cryptocurrency risks requires equipping compliance officers with the best tools and intelligence to gain visibility into this new asset class.”

Darknet markets

The report also outlined a multi-year research project into darknet markets and other illicit vendors, which revealed that of dark market vendors:

  • 40 percent hawked compromised bank account or credit card credentials for as little as 1 percent of face value
  • 24 percent offered compromised payment services accounts
  • 2 percent sold stolen cryptocurrency private keys

These findings further highlighted the issues banks and financial institutions face with regards to payment fraud and virtual asset laundering risks.

The research also showed that bitcoin is the payment of choice for cyber extortionists. During the last year, they demanded BTC as payment in 97 percent of ransomware attacks. All of this extorted bitcoin will need to be laundered before criminals can use the funds.

cryptocurrency crime losses

2020 will be a year of intense regulatory changes

The research team identified varying levels of maturity and sophistication in AML/CTF regimes around the globe. For instance, AMLD5 went into effect across the European Union early January regulating crypto-fiat exchanges for the first time in most EU countries.

Additionally, CipherTrace described urgency among its customers and industry players around pending FATF Travel Rule legislation.

Exchanges and financial institutions in the G20 have less than six months to find a solution for dealing with this major compliance conundrum—how to comply with the requirement to share sender and receiver information before executing cryptocurrency transactions, while protecting confidentiality.

In the US, financial institutions including virtual asset service providers (VASPs) have been reminded by FinCEN that they must meet their funds Travel Rule obligations under the BSA or face enforcement actions.

This alleged Bitcoin scam looked a lot like a pyramid scheme

This alleged Bitcoin scam looked a lot like a pyramid scheme

The world of cryptocurrency has no shortage of imaginary investment products. Fake coins. Fake blockchain services. Fake cryptocurrency exchanges. Now five men behind a company called BitClub Network are accused of a $722 million scam that allegedly preyed on victims who thought they were investing in a pool of bitcoin mining equipment.

Federal prosecutors call the case a “high-tech” plot in the “complex world of cryptocurrency.” But it has all the hallmarks of a classic pyramid scheme, albeit with a crypto-centric conceit. Investors were invited to send BitClub Network cash, which would allow the company to buy mining equipment—machines that produce bitcoin through a process called hashing. When those machines were turned on, all would (in theory) enjoy the spoils. The company also allegedly gave rewards to existing investors in exchange for recruiting others to join. According to the complaint, the scheme began in April 2014 and continued until earlier this month.

Matthew Brent Goettsche, Jobadiah Sinclair Weeks, and Silviu Catalin Balaci are accused of conspiracy to commit wire fraud and conspiracy to offer and sell unregistered securities. A fourth defendant, Joseph Frank Abel, faces only the latter charge. Another unnamed defendant remains at large. Balaci’s name was redacted from one public version of the indictment, but appeared on another.

The scheme appears to have started as a relatively modest scam and spiraled dramatically in ambition. Internal messages between the conspirators give the impression of growing glee at the ease of taking advantage of investors, referring to “building this whole model on the backs of idiots.” The men allegedly described their victims as “dumb” investors and “sheep.”

“They were not wrong,” Emin Gun Sirer, the CEO of blockchain startup Ava Labs, quipped on Twitter.

In October 2014, a few months after BitClub Network was founded, Goettsche allegedly posted about the need to “fak[e] it for the first 30 days while we get going,” instructing a co-conspirator to do some “magic” on the company’s revenue numbers. They allegedly agreed on a method of cooking the numbers that would include inconsistencies to make sure they appeared real. The tricks swiftly became more daring. Later, Goettsche allegedly suggested the company “bump up the daily mining earnings starting today by 60%.”

2019 experienced massive spate of crypto crimes, $4.4 billion to date

With only seven months left for nations to pass laws and virtual asset service providers (VASPs) to comply with the guidelines, the majority of cryptocurrency exchanges are not equipped to handle basic KYC, let alone comply with the stringent new funds Travel Rule included in the updated Financial Action Task Force (FATF) guidance, according to CipherTrace. Inadequate KYC The research results revealed that the lion’s share — more than two-thirds — of exchanges do not … More

The post 2019 experienced massive spate of crypto crimes, $4.4 billion to date appeared first on Help Net Security.