Special Editions 3.28.18
Ep 22 | 3.28.18

Blockchains that bind us — CyberWire Special Edition


Dave Bittner: [00:00:03] The past several months have been all abuzz with excitement about cryptocurrencies and the blockchain. The price of Bitcoin took a rocket-ride toward the stars. It seems to have settled down for now. And stories were coming fast and furious about how the blockchain was going to transform and revolutionize... everything. I'm not too proud to admit that my understanding of cryptocurrencies and blockchain technology is incomplete at best. I've got a general understanding of what's going on and how it all works, but I can't help shaking this feeling that there are details I'm still fuzzy on. And I'm guessing I'm not alone there.

Dave Bittner: [00:00:36] Lucky for us, our CyberWire partners at the University of Maryland know a thing or two about this stuff, and are willing to take the time to help us understand. Jonathan Katz is a professor of computer science at the University of Maryland and director of the Maryland Cybersecurity Center. As we'll hear in this CyberWire Special Edition, he's been following blockchain technology and cryptocurrency from its humble beginnings. And he's our guide to understanding how it all works. Stay with us.

Dave Bittner: [00:01:10] Time to take a moment to thank our sponsor, Cylance. Are you looking for something beyond legacy security approaches? Of course you are. So you're probably interested in something that protects you at machine speed and that recognizes malware for what it is, no matter how the bad guys have tweaked the binaries or cloaked their malice in the appearance of innocence. Cylance knows malware by its DNA. Their solution scales easily and it protects your network with minimal updates, less burden on your system resources, and limited impact on your network and your users. Find out how Cylance is revolutionizing security with artificial intelligence and machine learning. It may be artificial intelligence, but it's real protection. Visit cylance.com to learn more about the next generation of anti-malware. Cylance: Artificial intelligence. Real threat prevention. And we thank Cylance for sponsoring our show.

Jonathan Katz: [00:02:11] So, Bitcoin actually was introduced in a white paper that was written by this pseudonymous person who went by the name of Satoshi Nakamoto. And interestingly enough, actually, it was a white paper sent to a cyberpunk or a crypto mailing list that I was on, so I have actually an archived copy of the original email from the person calling themselves Nakamoto with a link to their white paper saying, hey, here's this great idea, let me tell you all about it. And in fact, it's funny, because I can look back now at the archive again, and see the responses of people to this white paper. And, you know, people found it very interesting, and suggestive, and imaginative, but they were skeptical that it would ever take off. So, you can see that, even as early as 2008, people were, A) speculating about the demise of Bitcoin, and B) being proven wrong.

Dave Bittner: [00:02:56] (Laughs)

Jonathan Katz: [00:02:56] But it wasn't actually until a couple of years after that, that I think, you know, more than a handful of people were using it. And it wasn't until, even a few years after that, that it kind of really hit the mainstream. And, you know, I'm trying to think back myself, kind of when I first became conscious, or really aware of Bitcoin, and that was probably in about 2012, 2013. And that's when you really started to hear about people who actually owned Bitcoin. You would hear about people who were enthusiasts who were mining Bitcoin. And then a little bit after that, it started to hit the popular press.

Dave Bittner: [00:03:35] So, was the - this white paper - was it simultaneously describing blockchain and Bitcoin, sort of hand-in-hand?

Jonathan Katz: [00:03:43] Yeah, actually, it was. And I'm glad you brought that point forward, because I think one of the things that's important to understand, is that the original white paper really had two independent contributions, I would say. One of them was this idea of a blockchain, and a particular way to implement the blockchain that is sometimes called Nakamoto Consensus. And then what you can do on top of the blockchain, and suggesting or proposing the idea of a cryptocurrency on top of that blockchain, which is Bitcoin. So there were really two independent ideas there. And as you know, you know, the idea of cryptocurrency has taken on a life of its own, but the idea of blockchain has also taken on a life of its own. And there are many different applications you can imagine on top of a blockchain, besides only cryptocurrency.

Dave Bittner: [00:04:27] So, the software behind running this - you know, I'm trying to think of the transition from a white paper to an actual system that's up-and-running. What was that process like?

Jonathan Katz: [00:04:39] Yeah, so this is interesting, because the network of Bitcoin miners had to really bootstrap itself. When the white paper came out, there was only one miner, essentially, which was Nakamoto himself. And then I think it spread to a small circle of his friends, you know, under ten people at the time, who were doing Bitcoin mining. And then just, you know, friend-to-friend and word of mouth, and, you know, posts to these mailing lists like the one I talked about, slowly got more people to join. And then it just snowballed.

Jonathan Katz: [00:05:10] But it's really interesting to think about the time when there were only, you know, ten or twenty or thirty miners in the Bitcoin network. And number one, you know, the fact that you could have mined Bitcoin relatively easily. It would have been a lot more likely for you, as a miner, to get Bitcoin, than it is nowadays when it's essentially impossible for a private person, without investing a lot of money and hardware, to mine any Bitcoin. But also the utility is obviously much lower, because if only thirty people in the world are using Bitcoin, then those are the only thirty people you can spend your Bitcoins with.

Dave Bittner: [00:05:39] So, take us through that. I mean, at some point, people start exchanging real money for Bitcoin.

Jonathan Katz: [00:05:45] Yeah, so I think, originally, it was just for fun. I think friends would exchange Bitcoin among themselves. There's an early example - I don't remember from what year this is now - but there's an early example of people just using it for fun to buy pizza, at what with now, in retrospect, would be an exorbitantly high price...

Dave Bittner: [00:06:02] (Laughs).

Jonathan Katz: [00:06:02] ...Given how much the price of Bitcoin has increased over that decade. But, you know, like I said, people were using it for fun, and then it wasn't until - you know, I don't remember exactly - but maybe around 2014, when the first significantly large companies began accepting Bitcoin for payment over the Internet. But until then, really it was just this thing for fun, that people were hoping, maybe speculating, that it would take off, but really had no utility at that point, except for spending money among your friends. But then, once companies began to adopt it and once exchanges grew up around it, then it became possible to translate Bitcoin into, you know - I was going to say real currency, but, you know, who knows what real currency is these days - but anyway, you could exchange it for US dollars, at any rate.

Dave Bittner: [00:06:47] So, let's dig in some and explain how the blockchain works. If you were sitting around your, you know, your Thanksgiving Day table...

Jonathan Katz: [00:06:56] (Laughs).

Dave Bittner: [00:06:56] ...And a family member who's not a computer scientist said, "So, Jonathan, I'm hearing a lot about this blockchain thing," how would you explain it to them?

Jonathan Katz: [00:07:05] So, first of all, I want to make clear that the ideas or the problem that blockchain is solving are not new, and they go back actually to the 1970s. And let me just give a little bit of context - so, there's this classical problem called "consensus." And at a high level, the basic issue is that you have a network of computers - say three, five, ten computers - they're all maintaining copies of some data. And new data is constantly coming in - maybe to one of those computers or maybe to all those computers - but they want to make sure that, even as new data is getting added to the system, they all maintain a consistent copy.

Jonathan Katz: [00:07:41] So you could imagine, just as an example, right, your bank has data on all the money in all their accounts, and they wouldn't store it on just one computer, because then if that computer dies or gets broken or stolen, all that data is lost. So they're going to replicate that data among, you know, three machines, let's say. But they want to make sure that, at all points in time, all those machines have a consistent state, a consistent view, of all the money in everyone's account.

Jonathan Katz: [00:08:05] So, that's the question that people considered, beginning, really, with Leslie Lamport in the late 1970s, and showing some feasibility results, some impossibility results, actually, but quite interesting. And the research had kind of come to a natural stopping point around, you know, the late 1990s, I would say - maybe early 2000s, there were some further improvements getting practical consensus protocols. And the real revolution with blockchain is that it's a mechanism for achieving consensus.

Jonathan Katz: [00:08:36] And the big difference between blockchain and prior work is that prior work had always assumed that you had a network of computers that were being provisioned by some entity. So, you know, to go back to the bank example, you had these three computers, and they were all being managed by a bank, meaning that the bank could tell them exactly what software they should run. The bank could monitor them, and if any of them were behaving incorrectly, it could reboot them. And it was a closed system, so that the computers all knew they were talking only to each other and they wouldn't accept any connections from the outside. And the big difference with blockchain, the big conceptual leap, was that he designed it to be an open system - what's now called a permissionless blockchain - meaning that anybody could join, anyone around the world could join.

Jonathan Katz: [00:09:21] And classical consensus protocols completely fail in this case, because what would happen is that they would get overwhelmed by attackers, right? So if I have my network of three computers, but then I allow a hundred random people to join, well then if an attacker wants to attack my network, he'll just, you know, spin up a hundred different machines and join my network and completely overwhelm me.

Dave Bittner: [00:09:41] Right.

Jonathan Katz: [00:09:41] And so that was a problem that was really believed to be inherent, and so for that reason, all the classical work was in closed systems where you'd know exactly who the parties are in advance. But Nakamoto showed that by using these proofs-of-work, you could limit the effect that any attacker could have. So, in particular, you know, one of the problems that classical consensus protocols face is that, even if you have only one attacker, they can spin up a hundred virtual machines, or a hundred real machines, and join your network has a hundred different individuals.

Jonathan Katz: [00:10:12] And Nakamoto's insight, based on some prior work, was that if you require people, essentially, to do these proofs-of-work, then an attacker who only had, let's say one physical machine, could still try to spin up a hundred virtual machines on their physical machine, but the amount of work that they would be able to do is not going to be increasing. And so, even though they have a hundred virtual machines, the amount of work per virtual machine is now one one-hundredth of the amount of work that the physical computer can do.

Jonathan Katz: [00:10:42] And this was a way, essentially, to rate-limit the number of malicious parties that could join the network at any time. And what Nakamoto did was design this protocol that would be resilient as long as more than - as long as a majority of the computational power in the network were controlled by honest people.

Dave Bittner: [00:11:01] And so, has that held up?

Jonathan Katz: [00:11:03] Well, yeah, you know, to a large extent it has. There is some debate about what the exact threshold is - whether or not it can tolerate any minority of attackers controlling a minority of computational power, or whether you actually need the honest parties to control something like two-thirds or some other fraction of the computational power in the network. It depends a little bit about what assumptions you're making and various other things. But yeah, basically, it looks like it has worked. And there have been, since that time, some formal analyses of the blockchain - of the Nakamoto consensus protocol - showing, in fact, that it is secure against some fraction of adversarial behavior.

Dave Bittner: [00:11:44] And so, explain to me, I mean, is this truly open now? I mean, if I wanted to, could I go get the software, which I understand is open-source, yes? And just spin up my own computer and jump on in?

Jonathan Katz: [00:11:56] Yeah, absolutely. Absolutely. Anybody can join, and you can actually join as a miner - you can try to mine Bitcoin on your own - and/or you can join as just somebody who owns Bitcoin and spends Bitcoin and follows what's going on on the Bitcoin network, without actually doing any of the mining. But yeah, definitely it's still open. Anybody can join at any time.

Dave Bittner: [00:12:18] So, let's explain what the mining is. How does that work?

Jonathan Katz: [00:12:21] So, the mining was another ingenious aspect of Bitcoin. So this now, you get into the cryptocurrency layer on top of blockchain. And the basic idea was to incentivize people to maintain the consistency of the blockchain. So, remember, the goal of the blockchain is to make sure that everybody in the system has a consistent view of all the accounts, really - of who owns what coins, and how many coins there are in the system.

Jonathan Katz: [00:12:46] And as part of doing that, the nodes were required to check various calculations done by other nodes, and Nakamoto had the idea to incentivize people to do that by building into the sequence of checks and maintenance of the blockchain a process by which, in the course of doing that, you would get some payoff in terms of Bitcoin that you mine.

Jonathan Katz: [00:13:06] So, you know, basically, at a very high level, the idea is you run this massive amount of work - which I'm leaving unspecified now - but you do some massive amounts of work, in the process of which you're ensuring consistency of the blockchain. And after you do some certain amount of work, you get paid off by creating some new Bitcoin that belong to you.

Dave Bittner: [00:13:26] But that amount of work has increased over time, yes?

Jonathan Katz: [00:13:28] That's right. So, another aspect of Bitcoin is that the rate at which Bitcoin are created is held constant. And so, as the amount of computational power in the network grows - meaning, as the number of miners in the network grows - the computational effort needed to generate new Bitcoin increases. So, over time, as the network has expanded exponentially, the amount of time required to mine new Bitcoin has also increased exponentially.

Dave Bittner: [00:13:57] So, we've heard stories about how this means that Bitcoin is taking increasingly large amounts of electricity to mine new coins.

Jonathan Katz: [00:14:06] That's right, and I think people are worried about that, both in terms of how much longer it can continue to grow, and also in terms of the environmental impact of all of this. Because, essentially, all the work that's being done to mine Bitcoin has no external positive impact. It's only being used to A), ensure the consistency of the Bitcoin network, and B), to mine new Bitcoin.

Jonathan Katz: [00:14:28] And yeah, there are these reports now that the total amount of computational effort expended as part of the Bitcoin network is even exceeding that of certain countries. And so, I don't know how much longer that can continue. It will just be interesting to see. What I will say is that people are thinking about alternate mechanisms that might be used, besides these proofs of work, that might either involve other resources, like storage, or that might involve other mechanisms altogether, that wouldn't require this wasted computational effort on behalf of the entire network.

Dave Bittner: [00:14:57] So, Bitcoin is obviously the most well-known, sort of textbook example of cryptocurrency, but there are many other types. Can you take us through - what are some of the differences in what other types of cryptocurrency have been spun up?

Jonathan Katz: [00:15:11] Well, the first thing I would say is that you're exactly right - that there are literally hundreds of other cryptocurrencies that have sprung up. And essentially, anybody - anybody at all - can make their own cryptocurrency, and you can do it easily just by copying the Bitcoin protocol and giving it your own name, or changing some parameters of the protocol and then giving it your own name.

Jonathan Katz: [00:15:30] But of course, those are not really very interesting. What's interesting are the cryptocurrencies that differ in some particular way from Bitcoin. And let me just mention two of them that I think are particularly interesting, and that expand the scope of Bitcoin in two different directions.

Jonathan Katz: [00:15:44] So, one of those - another maybe well-known one - is called Ethereum. Ethereum is - it uses a similar blockchain substrate as Bitcoin does. But then what it layers on top of that is something that kind of goes beyond what Bitcoin offers. So, Bitcoin can be viewed, at the highest level, as a protocol that allows you to transfer value from one account to another, right? So I can send half a Bitcoin from me to you. And that's basically the only operation it supports.

Jonathan Katz: [00:16:13] Ethereum, on the other hand, is - allows you to implement a general-purpose computer. So, what that means, essentially, is that I can write some arbitrary program, and I can have it executing on the virtual computer that is Ethereum, that's composed of all these different miners running the Ethereum protocol.

Jonathan Katz: [00:16:33] And that gives rise to what people have heard of - these smart contracts, by which I mean that I can write a program that embeds in it a contract, that, for example, says, you know, if Party A does something, then I will pay them a dollar, or, you know, one Ether, and if Party B does something else, and if they do it first, maybe, then they get the Ether. And you can write these arbitrarily complex contracts that will then be executed on the Ethereum virtual machine. And they're kind of - they're called self-enforcing, because the point is that they get executed no matter what, and once you place them in the virtual machine - in the Ethereum virtual machine - they're going to get executed no matter what.

Jonathan Katz: [00:17:12] So basically, if I put a contract - let's just take a simple example. I can put a contract in there that says, you know, if you send me proof that, you know, you delivered some goods to my house, then automatically one Ether will be transferred to you. So now this contract is sitting there on the Ethereum blockchain, and then, at some later point in time, if you're able to send, you know, a digital contract to that contract - and then have it checked, of course, by the contract and by the people running the contract - then that Ether will be automatically transferred from me to you, and you don't have to worry, say, that I will renege and not pay you out.

Dave Bittner: [00:17:45] Hmm.

Jonathan Katz: [00:17:47] So that's one just, you know, fascinating example of how the richness of what can be supported was extended significantly from the original Bitcoin idea.

Dave Bittner: [00:17:55] Mm-hmm.

Jonathan Katz: [00:17:56] Another direction is to think about cryptocurrencies, but think about building privacy in. And there are a number of notable examples here. Two that come to mind are Zcash and Monero. And basically, the idea there is that Bitcoin is - even though we like to think of it as offering anonymity, because all the names of people are really just public keys, it actually is fully transparent. It's a log where every transaction is recorded and publicly available for people to view. So, it actually does not offer very good anonymity at all, and people have, for the last couple of years, been thinking about how you could add anonymity to the system and enable transfers of money without revealing who's transferring money to whom, and even potentially without revealing how much money is being transferred. And so those newer systems build anonymity in - again, on top of the Nakamoto consensus protocol, but allowing people to transfer money completely anonymously.

Dave Bittner: [00:18:49] So, in terms of what's going on cryptographically under the hood, you know, I hear stories about some of these cryptocurrency exchanges being cracked, or people getting their money stolen. Can you give us some background on that?

Jonathan Katz: [00:19:06] So this is also very interesting. I mean, one thing that I think needs to be pointed out here is that, for most of these - I think for most of these stories, and especially all the ones related to Bitcoin - these Bitcoin thefts that you're hearing about are actually not due to flaws or vulnerabilities in the underlying Bitcoin protocol itself. They're due just to standard security vulnerabilities at large.

Jonathan Katz: [00:19:28] So just as an example, you know, the way Bitcoin transfers work is that you have a cryptographic key, and ownership of a Bitcoin basically means that you know the associated key. And when you want to spend that Bitcoin, you use that key in a particular way to cause a transaction to occur. And you have to store that key somewhere. So, you can store it on your laptop, but then if you have malware on your machine, that malware can pick up a copy of that key and send it to an attacker. You can store it in the cloud, you can store it online, you can store it in one of these exchanges, for example. But then if those exchanges get hacked, the attacker gets access to all those keys, and that effectively gives it access to all the Bitcoin. It gives it the ability to spend all that Bitcoin.

Jonathan Katz: [00:20:10] So, really, again, it's had nothing to do with the underlying protocol, it just has to do with the fact that it's all digital now, number one. And the fact that there's no kind of way to reverse transactions the way that might happen if your bank were hacked into, right? The bank would have, you know, offline backups, perhaps, and be able to recover and have insurance to cover the event of that loss. But for Bitcoin, that simply doesn't exist. And so, if you lose your secret key, you lose your Bitcoin. There's no way to recover it, and that's it. And so really that's what's going on in all these examples.

Dave Bittner: [00:20:39] And so, we've seen examples of people - a market popping up for hardware wallets.

Jonathan Katz: [00:20:43] Yeah, that's right. So, because of the need to store these keys securely, and because of the difficulty of doing that on just, you know, your regular laptop, people have been selling these Bitcoin wallets that claim to make it, you know, easier to securely store your Bitcoin keys. And for a lot of users, that would actually make a lot of sense, because it does give them an easy way to manage their keys more securely than just storing them on their own local computer.

Dave Bittner: [00:21:11] Now, when some of these attacks have happened, I've heard of some of these networks as saying, we're going to fork the network now. What does that mean, and what's the implications of that?

Jonathan Katz: [00:21:22] So, at various points in time - in Bitcoin, but also in other cryptocurrencies - there's been some debate about the best way to, let's say, run the network. So, for Bitcoin, just as an example, there was some debate about whether or not to increase the maximum number of transactions that could be allowed at any given time. And there were some groups of people who wanted to increase it and some groups of people who didn't want to increase it. And ultimately, when they couldn't agree, one of the groups, or the group that wanted to change the protocol, essentially said, okay, you know, we're going to go ahead and change the protocol - everyone who wants to change the protocol, come along with us and, you know, update your protocol accordingly.

Jonathan Katz: [00:22:04] But people who didn't want a change are not going to change. And so what ends up happening is that you end up with two people - two groups of people, rather, who are both starting at the same point, right - the original Bitcoin network - but then forking off on to two paths, where one of them is going to continue running the original Bitcoin protocol, and the other one is going to run a new version, an updated version of the Bitcoin protocol. And those are going to be incompatible with each other.

Jonathan Katz: [00:22:26] So what that means is that - let's see, so let's say at time step zero, everyone is running the same protocol, and then at time step one, you have one group choosing to remain with the protocol, one group choosing to deviate. They can both look back at any prior Bitcoins that were mined prior to time zero and still use those in their network. But any coins mined from time period one on are only going to be usable on that particular side of the path that they took.

Jonathan Katz: [00:22:55] And so, basically, that's kind of bad from the point of view of the overall ecosystem, because, in the best case, right, it splits everybody in half. And now, rather than having, you know, a thousand people mining on Bitcoin, you have five hundred people mining on the left and five hundred people mining on the right, and it's better, obviously, when you have more people, you know, working on the same thing.

Dave Bittner: [00:23:12] But nevertheless, these forks have happened various times, and they can lead to some short-term instability and also, potentially, long-term decline. So I just saw that, in the last couple of months, actually, one of the Bitcoin forks basically died out. It lost interest over time, and then people decided just to kill it off and switch to the other fork of Bitcoin.

Dave Bittner: [00:23:35] Yeah, it seems like a symptom of, I guess, the decentralized nature of the whole thing, where you don't have a governing body who says, hey, you know, we're coming out with a 1.1 release now. People are sort of more in control of it. I guess, the group, all the users have have their say.

Jonathan Katz: [00:23:53] It's very interesting to think about this point, actually, because on the one hand, you're right - it's completely decentralized, and if all the users tomorrow decided - or even a fraction of the users tomorrow decided they wanted to change the protocol, they could go off on their own and just form their own group running their own protocol.

Jonathan Katz: [00:24:07] On the other hand, there is also a core group of Bitcoin developers, and they have a lot of influence, right? If a lot of them spoke out and said, hey, we think this is a great idea, we all agree unanimously that we want to change things - then they might actually be able to change parts of the protocol. But again, it would be up to the individual miners to agree, and to actually update their software and accept that change.

Dave Bittner: [00:24:27] So, are there - for lack of a better term, are there full-time staffers working on these protocols?

Jonathan Katz: [00:24:35] Well, I wouldn't say full-time. They have to get paid somehow, I suppose...

Dave Bittner: [00:24:38] Yeah.

Jonathan Katz: [00:24:38] ...But there are people who are definitely actively maintaining or thinking about maintaining the network, and who are actively thinking about what direction the network should go in. So, yeah, definitely. But again, it's also an open group, so it's not, you know, a cabal of people. It's an open group, but you can't just, you know, join instantaneously. You'd have to build up reputation, you'd have to get involved somehow at a low level, before rising through the ranks, as it were, until you were accepted by the community at large.

Dave Bittner: [00:25:07] Where do you see this headed? Obviously, we have a lot of enthusiasm. The price of Bitcoin skyrocketed at the end of last year. Seems to have settled down some but, you know, all of this enthusiasm and speculation over what is essentially sort of an imaginary thing - a virtual thing, at the very least. What's your outlook?

Jonathan Katz: [00:25:28] Well, I can tell you my opinion. Obviously, it's all speculation, and what I'll tell you is that I've kind of had this opinion for a while, and I've been consistently proved wrong the last five years.

Dave Bittner: [00:25:37] (Laughs)

Jonathan Katz: [00:25:37] But what I will say is that it seems to me, number one, you're exactly right that, to a large degree, the value of Bitcoin right now seems, number one, arbitrary, and number two, a lot higher than what its actual value is. If you think about what its actual value should be, clearly that should depend on how many people are using it and, more importantly, how many merchants are accepting it.

Jonathan Katz: [00:26:02] And given, you know, how difficult it would be right now for the average person to obtain Bitcoin and then spend it, I would say the actual adoption - the number of people using Bitcoin - is much, much lower than the US dollar. The number of transactions, the value of the transactions that are going on in Bitcoin right now is much lower than the total value of all Bitcoin out there. And so it seems to me that the price of Bitcoin is overinflated.

Jonathan Katz: [00:26:30] It's also not clear to me that Bitcoin will be the winning cryptocurrency. It does seem, you know, to me, that number one, the idea of Nakamoto consensus was a brilliant idea, and that I think will last. I think the idea of cryptocurrencies is a solid idea. I think there are applications for it. There is a real need for it. I see this all the time whenever I change money when I travel internationally, and I'm hit with these fees when I want to change money in both directions at the airport, coming and going. And there's really no reason for that. And so cryptocurrencies can really fill a great role in facilitating international transactions, just for one example. So I think there is a need that they can fill.

Jonathan Katz: [00:27:09] But it's not clear to me that Bitcoin will be the winning cryptocurrency, right? We've seen several times throughout history that the initial technology, number one, is not the best, and number two, is not always the winner. And so something may well come along that will displace Bitcoin, at which point I would think that Bitcoin would essentially become worthless, or perhaps maybe have very small value as a collector's item. And that's my guess, my best guess, for what will happen, is that cryptocurrencies will be around ten years from now, but the cryptocurrency of choice may not be Bitcoin itself.

Dave Bittner: [00:27:41] And what about the blockchain? I mean, we see lots of people crowing that there are going to be all sorts of uses for this. You know, it's going to revolutionize how we organize things and track things. What's your take on that?

Jonathan Katz: [00:27:54] Absolutely, there's a tremendous amount of hype, and I think a lot of the hype is unwarranted. I think that, like I said, the problem of consensus has been studied for forty years. And the problem of consensus has been solved, also for much of those forty years. So a lot of companies that are touting the fact that they have, let's say, a private blockchain - to me, a private blockchain is just a secure distributed database, which we've had for decades. So there's nothing new there, other than the term "blockchain."

Jonathan Katz: [00:28:23] The fact that companies are aware of these new techniques, maybe, for achieving consensus, is good - but I don't see how a lot of these private blockchains are going to really change anything. Now on the other hand, the idea of the public blockchain - where, as I said before, anybody can join and it's a completely open system, and it's also a transparent log that anybody can read and access - that does seem to have some good applications.

Jonathan Katz: [00:28:49] I think we're still waiting to see what the killer app will be, but I can imagine that for public records, for example, this would be very useful. You'd have a consistent public and append-only view of public documents, for example, which would give anybody the ability to look for public documents and search for documents at any time, which would give anybody the ability to add documents to this public view as they wanted, and which would prevent anybody from being able to modify things that were put there in the past. And I can imagine that that would be very useful. I'm not sure if there's a moneymaking opportunity there, though I'm sure I could be proved wrong, but it does seem like it would be very useful for a society to have that.

Jonathan Katz: [00:29:31] And I've seen, you know, I forget which country it was, but some country...

Dave Bittner: [00:29:33] I think Estonia is working on that.

Jonathan Katz: [00:29:36] ...Could be Estonia, but they were talking about putting real estate records...

Dave Bittner: [00:29:39] Oh.

Jonathan Katz: [00:29:39] ...Records of real estate transactions in a blockchain. Maybe it was Switzerland. And in any event, I can imagine that would be very useful, because that would provide a public database of real estate transactions that would be untamperable.

Dave Bittner: [00:29:53] All right. Well, I think we've covered a lot here. Is there any area that I've missed? Anything you feel like we should touch on that we haven't hit on?

Jonathan Katz: [00:30:01] I guess the only thing I would say is that it's great, for me, to see all the interest in blockchain and cryptocurrencies. I just, you know, unfortunately, that comes with a lot of this hype and a lot of over promotion, and there's a lot of companies jumping into the space. I think only very few of them really know what they're doing, and I think there's going to be some shakeout in the market at some point, when only, you know, the few people who actually have good ideas, have marketable ideas, and actually understand the underlying technology are going to remain. And the other people who kind of just jumped on the bandwagon are going to be, I think, eventually pushed out of the market.

Jonathan Katz: [00:30:39] But nevertheless, I think it is really exciting technology. There's a lot of cool cryptography involved, which I'm very happy to see and I think it's great to have the public be more aware of cryptography and computer security in general.

Dave Bittner: [00:30:50] And as someone who does understand this stuff, do you have any advice for folks who don't understand this? How to protect themselves, how to make sure that they don't get caught up in one of the scams or, you know, lose their money?

Jonathan Katz: [00:31:05] Yeah, well, I think the first thing I would say is that there's a lot of information available online. There's tons of blog posts, there's tons of videos. There's a book I can recommend on Bitcoin. It's a little bit outdated, because it came out several years ago, but it's still a pretty good introduction to the underlying protocol. And if you're interested in it at all, you know, at least read that, skim it, understand at a high level what's going on so you can make better judgments about the field.

Jonathan Katz: [00:31:30] And, you know, you talk about people jumping in and getting caught by scams, and I think immediately of all these ICOs, where, to me, it seems like these ICOs have just jumped on the bandwagon, and been able to convince people to put money in with no expectation of any return, and often times with no underlying business model even being present. And I think those are very dangerous, and I would, you know, be loathe even to lump those into the general world of blockchains and cryptocurrencies, even though they do fit in that space, because all they're doing is essentially using it in name only. It's like I talked about earlier, where anybody can spin up their own cryptocurrency, but it doesn't mean it's valuable. And so people, I think, have to be very careful about that, and invest in ICOs only to the extent they would invest in any other publicly-traded company.

Dave Bittner: [00:32:15] And I want to make the announcement that, at the end of this program, people will be able to buy the Katz-Bittner cryptocurrency...

Jonathan Katz: [00:32:21] (Laughs)

Dave Bittner: [00:32:23] ...It's going to be the hottest thing.

Jonathan Katz: [00:32:25] That's right. Get in at a hundred dollars now and it'll go up to a thousand dollars...

Dave Bittner: [00:32:28] Yes, that's guaranteed. It's a sure thing. What could possibly go wrong?

Jonathan Katz: [00:32:32] Exactly. (Laughs)

Dave Bittner: [00:32:32] Between you, with our expertise - and by "our expertise," I mean your expertise - what could possibly go wrong? Right?

Jonathan Katz: [00:32:39] (Laughs) That's right. That's right.

Dave Bittner: [00:32:41] (Laughs) All right, Jonathan. Well, I think we've got it covered. As always, thanks for taking the time.

Jonathan Katz: [00:32:47] Sure, this was really great. It was a lot of fun.

Dave Bittner: [00:32:51] And that's our CyberWire Special Edition, Looking at the Blockchain and Cryptocurrencies." Many thanks to Jonathan Katz from the University of Maryland for joining us.

Dave Bittner: [00:33:00] Thanks to our Special Edition sponsor, Cylance. To find out how they can help protect you, visit cylance.com.

Dave Bittner: [00:33:05] The CyberWire podcast is proudly produced in Maryland out of the startup studios of DataTribe, where they're co-building the next generation of cybersecurity teams and technology. The coordinating producer for this show was Jordan Kovacs. Our show is produced by Pratt Street Media, with editor John Petrik, social media editor Jennifer Eiben, technical editor Chris Russell, executive editor Peter Kilpe, and I'm Dave Bittner. Thanks for listening.