More Money, More Problems: The Bitcoin Virtual Currency and the Legal Problems that Face It
2012 | 3 Case W. Res. J.L. Tech. & Internet 427
—————————————————-
CommitCoin: Carbon Dating Commitments with Bitcoin
2012 | Jeremy Clark, Aleksander Essex
In the standard definition of a commitment scheme, the sender commits to a message and immediately sends the commitment to the recipient interested in it. However the sender may not always know at the time of commitment who will become interested in it. Further, when the interested party does emerge, it could be critical to establish when the commitment was made. Employing a proof of work protocol at commitment time will later allow anyone to “carbon date” when the commitment was made, approximately, without trusting any external parties. We present CommitCoin, an instantiation of this approach that harnesses the existing computational power of the Bitcoin peer-to-peer network; a network used to mint and trade digital cash.
—————————————————-
Bits and Bets: Information, Price Volatility, and Demand for Bitcoin
2012 | Martis Buchholz, Jess Delaney, and Joseph Warren Jeff Parker
Australian Transaction Reports and Analysis Centre (AUSTRAC)’s 2012 typologies report is the sixth in an annual series of reports produced by the agency.
The 2012 report includes 21 real-life case studies illustrating how legitimate services offered by Australian businesses have been exploited for criminal purposes. By highlighting these past examples of criminal activity, the report educates Australian businesses about their money laundering and terrorism financing risks and helps them recognise and mivtigate these risks.
—————————————————-
Bitter to Better — How to Make Bitcoin a Better Currency
2012 | Simon Barber, Xavier Boyen, Elaine Shi, Ersin Uzun
Bitcoin is a distributed digital currency which has attracted a substantial number of users. We perform an in-depth investigation to understand what made Bitcoin so successful, while decades of research on cryptographic e-cash has not lead to a large-scale deployment. We ask also how Bitcoin could become a good candidate for a long-lived stable currency. In doing so, we identify several issues and attacks of Bitcoin, and propose suitable techniques to address them.
—————————————————-
AUSTRAC – Typologies and Case Studies Report 2012
2012 | AUSTRAC
Australian Transaction Reports and Analysis Centre (AUSTRAC)’s 2012 typologies report is the sixth in an annual series of reports produced by the agency.
The 2012 report includes 21 real-life case studies illustrating how legitimate services offered by Australian businesses have been exploited for criminal purposes. By highlighting these past examples of criminal activity, the report educates Australian businesses about their money laundering and terrorism financing risks and helps them recognise and mivtigate these risks.
—————————————————-
Virtual money laundering: the case of Bitcoin and the Linden dollar
December 2012 | Robert Stokes
This paper presents an analysis of the money laundering risks of two virtual currencies, the Linden dollar, the in-world currency of the interactive online environment Second Life, and Bitcoin, an experimental virtual currency that allows for the transfer of value through peer-to-peer software. The paper will demonstrate that although these virtual currencies have money laundering utility, they are currently unsuitable for laundering on a large scale. The paper also considers whether either of these virtual currencies fall under the scope of the Money Laundering Regulations 2007 and draws on similarities with online gambling to suggest a method of incorporating the Linden dollar and Bitcoin within the anti-money laundering framework.
—————————————————-
An Analysis of the Bitcoin Electronic Cash System
December 2012 | Danielle Drainville, University of Waterloo
In a world that relies heavily on technology, privacy is sought by many. Privacy, among other things, is especially desired when making an online payment. This motivates the use of electronic cash, a form of electronic payment system based on the paper cash system used daily. The most successful and widely used of these services is Bitcoin – a decentralized peer-to-peer electronic cash system. This paper provides a broad introduction to Bitcoin, while analyzing its construction and investigating some of its perks and flaws. It can be seen that, when compared to paper cash and electronic cash, Bitcoin is in a class of its own.
—————————————————-
Homomorphic Payment Addresses and the Pay-to-Contract Protocol
December 2012 | Ilja Gerhardt, Timo Hanke
We propose an electronic payment protocol for typical customer-merchant relations which does not require a trusted (signed) payment descriptor to be sent from the merchant to the customer. Instead, the destination “account” number for the payment is solely created on the customer side. This eliminates the need for any encrypted or authenticated communication in the protocol and is secure even if the merchant’s online infrastructure is compromised. Moreover, the payment transaction itself serves as a timestamped receipt for the customer. It proves what has been paid for and who received the funds, again without relying on any merchant signatures. In particular, funds and receipt are exchanged in a single atomic action. The asymmetric nature of the customer-merchant relation is crucial.
The protocol is specifically designed with bitcoin in mind as the underlying payment system. Thereby, it has the useful benefit that all transactions are public. However, the only essential requirement on the payment system is that “accounts” are arbitrary user-created keypairs of a cryptosystem whose keypairs enjoy a homomorphic property. All ElGamal-type cryptosystems have this feature. For use with bitcoin we propose the design of a deterministic bitcoin wallet whose addresses can be indexed by clear text strings.
—————————————————-
“Economics of Bitcoin: is Bitcoin an alternative to fiat currencies and gold?”
November 2012 | Peter Šurda
This paper presents an economic analysis of Bitcoin from a libertarian point of view. The theoretical part analyses the applicability of the Austrian School of Economics at Bitcoin. Of particular interest are the evolution of money, competition among media of exchange, and the concept of money supply. The empirical part analyses the following variables: price, price volatility, liquidity, visibility and velocity. I come to the conclusion that theoretically, Bitcoin can be closer to the Austrian ideal of money than either fiat money or gold, and it is possible that it will evolve into that position. The results of the empirical analysis are consistent with Bitcoin being a medium of exchange.
—————————————————-
Virtual Currency Schemes October 2012
October 2012 | ECB
This paper aims to provide some clarity on virtual currencies and tries to address the issue in a structured approach.
—————————————————-
Double-Spending Fast Payments in Bitcoin
October 2012 | Ghassan O. Karame, Elli Androulaki, Srdjan Capkun
Bitcoin is a decentralized payment system that relies on Proof-of-Work (PoW) to verify payments. Nowadays, Bitcoin is increasingly used in a number of fast payment scenarios, where the time between the exchange of currency and goods is short (in the order of few seconds). While the Bitcoin payment verification scheme is designed to prevent double-spending, our results show that the system requires tens of minutes to verify a transaction and is therefore inappropriate for fast payments. An example of this use of Bitcoin was recently reported in the media: Bitcoins were used as a form of \emph{fast} payment in a local fast-food restaurant. Until now, the security of fast Bitcoin payments has not been studied. In this paper, we analyze the security of using Bitcoin for fast payments. We show that, unless appropriate detection techniques are integrated in the current Bitcoin implementation, double-spending attacks on fast payments succeed with overwhelming probability and can be mounted at low cost. We further show that the measures recommended by Bitcoin developers for the use of Bitcoin in fast payments are not always effective in detecting double-spending; we show that if those recommendations are integrated in future Bitcoin implementations, double-spending attacks on Bitcoin will still be possible. Finally, we propose and implement a modification to the existing Bitcoin implementation that ensures the detection of double-spending attacks against fast payments.
—————————————————-
Bitcoin – The Political ‘Virtual’ of an Intangible Material Currency
August 2012 | Mark A. Jansen, Utrecht University
This paper concerns the open source software project Bitcoin. Bitcoin is often described as virtual cash and this paper asks what the term ‘virtual’ signifies when applied to ‘cash’ and in turn what ‘virtual cash’ says about Bitcoin. Bitcoin is related to the 1990s activist movement of libertarian cryptographers known as ‘cypherpunks’ and to the cyber-libertarian political philosophy, demonstrating the historical intertwining of cryptography and politics. Cypherpunks argued that privacy is a prerequisite for an open society and that cryptography and anonymous transaction systems were needed as assurance. Bitcoin is the latest effort by cryptographers to create digital tokens similar to cash, where Bitcoin’s designer Nakamoto argues that with Bitcoin users no longer have to trust a third party, traditionally the bank. Bitcoin does not fulfill this promise as trust remains to be established, albeit in a different manner. Power is not destroyed, but transferred from banks to Bitcoin’s protocol. The paper concludes that ‘virtual’ refers to Bitcoin’s model of how cash appears to function in everyday exchange, allowing user privacy. Bitcoin does not model another aspect of cash, namely that it is a credential referring to debt. Bitcoin discontinues the concept of debt.
—————————————————-
Case study of the Miner Botnet
June 2012 | Daniel Plohmann, Elmar Gerhards-Padilla – Cyber Defense Research Group; Published in: Cyber Conflict (CYCON), 2012 4th International Conference on
Malware and botnets are one of the most serious threats to today’s Internet security. In this paper, we characterise the so-called &Miner Botnet”. It received major media attention after massive distributed denial of service attacks against a wide range of German and Russian websites, mainly during August and September 2011. We use our insights on this botnet to outline current botnet-related money-making concepts and to show that multiple activities of this botnet are actually centred on the virtual anonymised currency Bitcoin, thus justifying the name. Furthermore, we provide a binary-level analysis of the malware’s design and components to illustrate the modularity of the previously mentioned concepts. We give an overview of the structure of the command-and-control protocol as well as of the botnet’s architecture. Both centralised as well as distributed infrastructure aspects realised through peer-to-peer are present to run the botnet, the latter for increasing its resiliency. Finally, we provide the results of our ongoing tracking efforts that started in September 2011, focusing on the development of the botnet’s size and geographic distribution. In addition we point out the challenge that is generally connected with size measurements of botnets due to the reachability of individual nodes and the persistence of IP addresses over time.
—————————————————-
Design and security analysis of Bitcoin infrastructure using application deployed on Google Apps Engine
June 2012 | Piotr Piasecki “ThePiachu”
Bitcoin is an innovative concept of a decentralised, peer-to-peer virtual currency. Its functions are autonomous from any centralised influence. This report discusses the various security features and vulnerabilities of Bitcoin, as well as various applications relating to it. It provides the wide view of the most notable parts of the Bitcoin ecosystem – ranging from the cryptographic algorithms underlying the Bitcoin Protocol, through applications allowing one to trade Bitcoins for traditional money, and ending up with a look on the behaviour of Bitcoin users.
In order to gain the necessary expertise, a prolonged study of Bitcoin was undertaken, so as to be able to design independent Bitcoin applications running on Google App Engine. Such an undertaking allowed one to better understand all the inner workings of Bitcoin.
—————————————————-
Bitcoin Clients
June 2012 | Rostislav Skudnov, Turku University of Applied Sciences
Bitcoin is a new decentralized electronic currency which gained popularity in the last two years. The usage of Bitcoin is facilitated by software commonly called Bitcoin clients. This thesis provides an overview of Bitcoin and cryptography behind it, discusses different types of Bitcoin clients and researches additional features implemented by them. It also analyzes further enhancements that can be made to clients and the Bitcoin protocol.
Bitcoin clients are grouped into types and analyzed from a usability and security perspective. Security is very important for Bitcoin clients as they are used to manipulate money, and poor security leads to direct loss of money. Various threats are evaluated, including malware infestations, theft of files, hostile takeover of servers and hardware failures. Security implications of additional features and future enhancements are also assessed.
Various client types rely on significantly different security assumptions. While some clients are immune to hostile takeover of servers, for other clients this results in theft of money. None of the current clients is able to resist malware effectively. Additional features usually increase either security or usability, though some features improve both.
The current choice of Bitcoin clients and their feature set is much richer than that one year ago. New versions with more features are released very often. One of the future enhancements, multi-signature transactions, significantly increases security as it protects the money even if a client is totally compromised.
—————————————————-
Two Bitcoins at the Price of One? Double-Spending Attacks on Fast Payments in Bitcoin
May 2012 | Ghassan O. Karame, Elli Androulaki, Srdjan Capkun
Bitcoin is a decentralized payment system that is based on Proof-of-Work. Bitcoin is currently gaining popularity as a digital currency; several businesses are starting to accept Bitcoin transactions. An example case of the growing use of Bitcoin was recently reported in the media; here, Bitcoins were used as a form of fast payment in a local fast-food restaurant. In this paper, we analyze the security of using Bitcoin for fast payments, where the time between the exchange of currency and goods is short (i.e., in the order of few seconds). We focus on double- spending attacks on fast payments and demonstrate that these attacks can be mounted at low cost on currently deployed versions of Bitcoin. We further show that the measures recommended by Bitcoin developers for the use of Bitcoin in fast transactions are not always effective in resisting double-spending; we show that if those recommendations are integrated in future Bitcoin implementations, double-spending attacks on Bitcoin will still be possible. Finally, we leverage on our findings and propose a lightweight countermeasure that enables the detection of double-spending attacks in fast transactions.
—————————————————-
Is Bitcoin Money? Bitcoin and Alternate Theories of Money
April 2012 | Sonal Mittal, Harvard University
In 2009, a curious new virtual currency called Bitcoin made its first appearance on the Internet. While it remains a “niche” currency relative to other major denominations like the U.S. dollar, Bitcoin has experienced significant growth since its inception. The total number of Bitcoins in circulation is about 12.5 million, with a recent market price of about $500 each. Today, Bitcoin’s total market capitalization is about $6 billion, and in the past it has been as high as $13 billion. The average number of Bitcoin transactions per day has averaged over 60,000 since January 2014, reflecting between $20 million and $100 million worth of transactions per day. The numbers show that in the five years since its first appearance, Bitcoin has grown tremendously in popular knowledge and usage. Although it is clear that Bitcoin can be used to purchase goods and services, and can be given an explicit dollar value, questions remain about the economic and legal status of Bitcoin and other virtual currencies that have emerged in its wake. Members of the Bitcoin developer and user community believe “Bitcoin is an innovative payment network and new kind of money.” Others, like the U.S. Internal Revenue Service, take the position that Bitcoin is a type of commodity or property. Whether Bitcoin is a new form of virtual money or simply an electronic commodity requires an investigation into what constitutes money, and an assessment of whether Bitcoin comfortably fits into the parameters of what we consider to be money. This paper finds that, at this stage in its development, Bitcoin is not money and more closely resembles a commodity or property.
This paper begins by giving a brief overview of Bitcoin and how it operates. It then describes two major theories of money — the conventional and constitutional theories — that differ in their accounts of how money emerges within a society or political grouping. The paper assesses how well Bitcoin fits under each theory by assessing Bitcoin’s economic properties and implementation. It then turns to the impact of the Bitcoin on the two theories of money, finding it likely does not support the conventional creation story of money and instead lends credence to the constitutional theory.
—————————————————-
Implementation, evaluation and detection of a doublespend-attack on Bitcoin
April 2012 | Matthias Herrmann, ETH Zürich, Department of Computer Science
Bitcoin is a peer-to-peer payment scheme with a monetary volume of over 40 million USD and estimated 60’000 users worldwide, including several businesses like Drupal, Bitbrew, rasselzoo.ch or Meze grill.
In this master thesis, we evaluate the potential of doublespend-attacks on Bitcoin. We analyse the Bitcoin system, in particular the doublespendprotection procedure, and identify a weakness in certain usage scenarios.
The doublespend-protection procedure works by forming consensus about transactions every 10 minutes, which means that the expected confirmation time for a transaction is 5 minutes. This time frame is acceptable for online shops like rasselzoo.ch, and in such a usage scenario, the procedure provides sufficient protection from doublespend-attacks. However, for a restaurant like Meze grill or for a vending machine, this time frame is too big. In such a usage scenario, the procedure does not protect the user from doublespend-attacks. Businesses with this usage scenario, mostly brick and mortar businesses, are at risk of being the victim of a doublespend-attack.
We implement a doublespend-attack that functions in this usage scenario. We evaluate the attack by performing measurements with varying parameter settings to determine how they influence the attack. Since the attack is probabilistic, we are especially interested in the success probability, and how it is influenced by different attacker- and victim-configurations. Based on our measurements, we name security parameters and determine thresholds for them.
Furthermore, we investigate the detectability of the attack, especially from the perspective of the victim. We measure the influence the attack parameter settings have on detectability. Even though the current Bitcoin client software does not detect doublespend-attacks, detection can be implemented, and thus we try to find a parameter setting which renders the attack undetectable from the perspective of the victim.
Finally, we implement such a detection-mechanism. The mechanism informs the user whether a doublespend-attack was detected or not within 10 seconds, which is a huge improvement. Businesses operating in the previously vulnerable usage scenario can most likely accept such a time frame, thus this mechanism greatly reduces the risk for those businesses. However, the mechanism only detects attacks on a limited set nodes, which consists of the nodes that are able to detect the attack.
The mechanism also increases the number of nodes that are able to detect the doublespend-attack. If sufficiently many nodes are updated, this mechanism renders the attack detectable for all nodes in the network.
This thesis is based on the Bitcoin software version number 50000, but it was tested in the live Bitcoin network, with the newest version number at the time of this writing being 60000.
—————————————————-
Nerdy Money: Bitcoin, the Private Digital Currency, and the Case Against Its Regulation
March 2012 | Nikolei Kaplanov, Temple Law Review
This Comment explores the lawfulness of using bitcoin, a privately-issued currency transacted on a peer-to-peer network, and the ability of the federal government to bar transactions between two willing parties. While there are no cases yet challenging the ability of parties in the United States to make transactions using bitcoins, there are policymakers who have denounced the use of bitcoin. This has led to the question of whether the federal government has the ability under current federal law to prohibit the use of bitcoins between willing parties. This Comment will show that the federal government has no basis to stop bitcoin users who engage in traditional consumer purchases and transfers. This Comment further argues that the federal government should refrain from passing any laws or regulations limiting the use of bitcoins. Should any claim arise, this Comment argues that there is a perfectly acceptable model with which to analogize bitcoin use: community currencies.
—————————————————-
The Dark Side of Cyber Finance
March 2012 | Christopher Bronk, Cody Monk, John Villasenor
Digital technology has created a new playing field for illicit financial transactions. Governments and industry will have to be as fast-moving and adaptable as the criminals and terrorists to meet the threat.
—————————————————-
Can We Afford Integrity by Proof-of-Work? Scenarios Inspired by the Bitcoin Currency
February 2012 | Jörg Becker, Dominic Breuker, Tobias Heide, Justus Holler, Hans Peter Rauer, Rainer Böhme
Proof-of-Work (PoW), a well-known principle to ration resource access in client-server relations, is about to experience a renaissance as a mechanism to protect the integrity of a global state in distributed transaction systems under decentralized control. Most prominently, the Bitcoin cryptographic currency protocol leverages PoW to 1) prevent double spending and 2) establish scarcity, two essential properties of any electronic currency. This paper asks the important question whether this approach is generally viable. Citing actual data, it provides a first cut of an answer by estimating the resource requirements, in terms of operating cost and ecological footprint, of a suitably dimensioned PoW infrastructure and comparing them to three attack scenarios. The analysis is inspired by Bitcoin, but generalizes to potential successors, which fix Bitcoin’s technical and economic teething troubles discussed in the literature.
—————————————————-
Quasi-Commodity Money (Original version of the later ‘Synthetic Commodity Money’)
January 2012 | George Selgin, University of Georgia
—————————————————-
