Category Archives: Ethereum

The Neverending Ethereum Disaster

This month Bitcoin almost split in two, pulling back from the brink at the last minute. Of course, there is no solution in sight for the dire scaling problems of Bitcoin, but who cares as long as the exchange rate keeps rising against the weakening US dollar?

Etherereum should be so lucky. After the DAO disaster in 2016, followed by several hard forks that rewrote history, you would think that sensible people would have headed for the hills. Of course that’s not happening.

This fall has seen yet another disaster. One of the most used wallets experienced a bug which led to the freeze of a large amount of Ethereum. I don’t really understand the bug itself, but somehow the coins were consigned to accounts that can no longer be managed. You can see your money, but no one can get it.

Just as baffling as the bug, there seems to be little urgency to fix it. It’s been a week now, and there seems to be little idea of what can be done, and shockingly little indication that anything will be done soon.

Stan Higgens writes in Coindesk that “Parity Floats Fix for $160 Million Ether Fund Freeze”, but the actual text indicates that there is no fix in sight except maybe a hard fork due in 2018 [2]. In other words, you are out of luck if you are wanting to use some of those millions of Ether any time soon.

The good ship Ethereum is like the Titanic, except when it sinks they roll back time and sail again—to sink all over again.

It is important to point out that these disasters in Ethereum are mostly not due to the core protocols and cryptography that define the distributed ledger itself. The DAO went down with all hands because of a bug in executable contract code, and the Parity Wallet ran aground due to the wallet code (related to executable contract code, I think), not the ledger itself.

The point is, security is an end-to-end thing <<link>>. People who talk about how invulnerable the core ledger is supposed to be are missing the point: Ethereum or any cryptocurrency is only as secure as the weakest link between two users. And there are a lot of links: wallets, APIs, servers, networks, mobile devices, and OS code, to name a few. And there are people in the chain, too, heaven help us.

At some point, you have to ask whether Ethereum is creating more problems than it is solving.


  1. Stan Higgins, Parity Floats Fix for $160 Million Ether Fund Freeze. Coindesk.November 13 2017, https://www.coindesk.com/parity-floats-fix-160-million-ether-fund-freeze/
  2. Parity Technologies, Parity Technologies Multi-Sig Wallet Issue Update, in Parity Technologies Blog. 2017. https://paritytech.io/blog/parity-technologies-multi-sig-wallet-issue-update.html

 

Cryptocurrency Thursday

 

Yet Another Blockchain Use Case: Sharia Compliant Transactions

Blockchain technology, like classical bookkeeping, is generally culturally and morally neutral. Smart contracts, a la Ethereum, are technical expressions of contract conditions, which can refer to pretty much any body of law or custom.

A new initiative is setting out to develop Sharia compliant contracts on top of Ethereum. The general idea appears to be to encode Islamic principles in the logic of the programs, to ensure that proper rules are followed. These rules are supposed to prohibit charging interest, gambling, and speculation, among other behavior.

The compliant contracts will presumably structure transactions and trades in ways that do not cross the line. Furthermore, the public nature of the contracts and the distributed ledger will make the compliance (or any slippage) visible to anyone—a significant motive for good behavior.

I’m no expert on these topics, but I gather that there are centuries of practice that defines ways to get business done without straying from Sharia. This framework will encode these practices in formal logic and executable code.

That’s pretty neat.

One advantage of using this kind of executable contract is that there are likely to be cases where a transaction needs to be very carefully structured to achieve the goal that might have been achieved by, say, an interest bearing loan, without violating Islamic principles. The digital technology will make it possible to create, validate, and execute even complicated transactions easily and quickly. There should be no performance penalty for complying with Islamic principles, even if there should be extra hoops to jump through behind the scenes.

Of course, there are some interesting challenges.

It’s one thing for programmers to create a logical framework, but its quite another thing to show that it truly, accurately, and completely complies with any given legal principles, Islamic or other. A significant part of this work will surely be careful review and documentation of the logical framework’s compliance. Just what needs to be proven about the logic of the contract, and just what kind of proofs would be adequate? That will be an interesting body of literature, indeed.

Overall, this could be a ground-breaking effort. To date, much of the work on smart contracts has been from a non-Islamic perspective (and sometimes without any legal framework at all). It will be interesting to see how the deep historical principles of Islam are expressed in this a-cultural medium, and it may inspire other religious and ethical frameworks. I am not aware of any other similar efforts.

(For one example, how about encoding the various Creative Commons licenses into standard smart contracts? Perhaps that has already been done.)


This project also makes me think.

I wonder if it will be possible to automatically translate between different executable contracts. Can I have a button to “make this ‘smart contract’ be Sharia compliant”?  Perhaps tools could have a high level specification of what is intended, and then options for creating concrete contracts within one or more legal frameworks.  That would be kind of cool.

One huge caution I would have for this project is to look carefully at the blockchain software and protocol. While any given executable contract might be Sharia compliant, if the transactions are executed and recorded on an open system, the other data there is almost certainly not Sharia compliant. The ethical records will be in the same data blocks with everything else: on-line gambling, speculative bets, interest payments, and so on. And the transactions will be processed by software that also processes all these other activities.

The question will be whether this approach is acceptable or not. Is it OK to handle, at least indirectly, all these other transactions?  Or should the software only be used for compliant transactions?

This concern could be mitigated by a private blockchain that only handles Sharia compliant transactions. (Perhaps Ripple might be a better match than Ethereum, since it already is designed after a Halawa network, and let’s you control who you trust.)

I would also urge that the consensus mechanism be examined carefully. Nakamotoan consensus depends on mining that has an incentive system that may or may not be consistent with Sharia. The Nakamoto block reward strongly resembles a lottery or slot machine, which seems problematic to me.

Ethereum may be moving to a proof-of-stake method, and there are other possibilities. These alternative ‘math problems’ might have significantly different ethical implications.


This project is quite interesting, and will bear watching as it develops. I’d like to see blockchain technology put to socially positive use.


  1. SettleMint, SettleMint to create Sharia compliant financial products for the Islamic Development Bank member countries. 2017. https://www.settlemint.com/project/2017/10/15/settlemint-to-create-sharia-compliant-financial-products-for-the-isdb-member-countries/
  2. Sujha Sundararajan, Islamic Development Bank to Research Sharia-Compliant Blockchain Products. Coindesk.October 20 2017, https://www.coindesk.com/islamic-development-bank-research-sharia-compliant-blockchain-products/
  3. Bernardo Vizcaino, Saudi Arabia’s IDB plans blockchain-based financial inclusion product, in Reuters – Fintech. 2017. https://www.reuters.com/article/us-islamic-finance-fintech/saudi-arabias-idb-plans-blockchain-based-financial-inclusion-product-idUSKBN1CP08W?il=0

 

Cryptocurrency Thursday

Ethereum Forks Yet Again

It seems to have gone OK…but it wasn’t pretty.

This month Ethereum is executing a perfectly normal software upgrade, which would be absolutely routine for any sensible software. But cryptocurrency software is not normal software, and Nakamotoan blockchains are essentially immune to reasonable engineering.

Ethereum’s new version isn’t forward compatible, so the old software will not work with the new. This is a pretty common occurrence in software land, but for a cryptocurrency it is a “hard fork”, which means that users who keep the old software are effectively using a different currency than the new one. If everyone goes along, its fine. If not, it can be traumatic and potentially catastrophic, as Etherheads should be well aware.

The tension is even higher because no one knows for sure what will happen. Evidently there hasn’t been an upswell of public endorsement for the new fork, leaving the result in question. Things are not helped by the fact that the switch over was triggered at a particular record, which will happen when it happens.

The upgrade seems to have gone smoothly, although there were critical bug fixes right up to the switch over. There doesn’t seem to be a major split in the network (at least not yet, phew!) but there is a lot of software that hasn’t picked up the last minute fixes yet–and a large fraction who may still be using the old, incompatible software. (And how many big bugs will come to light not that they are live?)

In short, no one even knows if the upgrade happened smoothly or not.  Sigh.

This would all be funny if it weren’t for the tens of millions of dollars (at current exchange rates) that could be at stake.


And by the way, Bitcoin, the patriarch of the troubled House of Nakamoto, is scheduled to have its own hard fork in November. The main goal is to address the scaling issues that Ethereum just addressed. Unfortunately, Bitcoin’s upgrade is “adversarial” to quote Bailey Reutzel. Uh, oh!

In the case of Bitcoin, there are tens of billions of dollars at stake (at current exchange rates). This is not even remotely funny.

Why do people put up with this stuff?

 

Cryptocurrency Thursday

Blockchain for Local Identity?

As soon as I declare that blockchain technology is unsuited for two use cases, Identity and local currency , Wolfie Zhao reports in Coindesk that the Swiss city of Zug is going to have a local ID service using a blockchain.

Oops. These use cases are still open, or at least not as dead as I said.

Of course, there is a difference between a local currency and a local ID service. The former needs to interact with conventional financial systems, the latter needs to interact with conventional ID systems. The press release indicates that digital IDs are not well developed in Switzerland, though I’m sure that digital banking works great.

Similarly, there is a difference between a global ID system, with secure digital passports for everyone including refugees and repressed populations, and a digital ID issued by a city. For that matter, the city is Swiss, which means it already has a well developed national ID system to build on.

So this isn’t quite the use cases I considered earlier.

What it is, is an intersection of them, a simpler problem and a well organized local government. Perhaps this is a favorable “corner” of the use cases, where blockchain will work well.


So far as I can tell, the rationale for this system is that Switzerland has a personal ID system (which I’m sure is quite rigorous and efficient), but digital versions of the IDs have not been successful. Blockchain technology is a way to securely associate a cryptokey with a particular ID. The blockchain is intended to make it possible for digital apps to quickly and cheaply confirm IDs.

Sure. This can work.

We’ll see how well it works. Is there enough need for this sort of crypto ID, and does it work well enough to be useful?   I don’t know, we’ll find out.


I note that blockchain is being used for a tiny part of the problem. As the press release makes clear, citizens must go to a city office to prove their identity and then are issues a digital key. This process is the hard part, and blockchain does nothing to support this service.

We want a single electronic identity – a kind of digital passport – for all possible applications. And we do not want this digital ID to be centralized at the city, but on the blockchain.” (Dolfi Müller, quoted in [2])

It is ironic to see the proponents of this system talk about how this is a “decentralized” solution. What they mean by that is that the part of the process where digital IDs are looked up is “decentralized”, particularly compared to previous systems that have attempted to implement the service with a database.

Essentially, the city doesn’t want to run a database with a secure public interface. Fair enough.

To a certain extent, they are also boasting about the local city’s initiative, too, though IDs issued by one city may have limited use elsewhere. Ethereum runs everywhere, but Zug IDs may not be trusted anywhere outside Zug.

I suspect, though, that Zug is issuing IDs based on Swiss national credentials. In that case, IDs issued in Zug are great throughout Switzerland. These are, of course, centralized IDs in that case.

Looking up IDs is a decentralized problem, but issuing IDs demands trust, and a web of trust between authorities. If every city in Switzerland issues its own crypto IDs, even using the same Federal ID, it will be chaos.


Finally, I have to say, “Ethereum? Really?”

I’m rather surprised that anyone would try to build a trusted system using the catastrophically messed up Ethereum technology. But they probably use Microsoft Windows, too. Massively clever cryptography running on wobbly, hackable software infrastructure.

Anyway, we’ll see how this works out.


  1. Stadtverwaltung Zug. Blockchain-Identität für alle Einwohner. 2017, http://www.stadtzug.ch/de/ueberzug/ueberzugrubrik/aktuelles/aktuellesinformationen/?action=showinfo&info_id=383355.
  2. Wolfie Zhao, Swiss City Announces Plan to Verify IDs Using Ethereum Coindesk.July 7 2017, http://www.coindesk.com/swiss-city-verify-id-ethereum/

 

Cryptocurrency Thursday

Coindesk’s Crypto “Consensus 2017”: Lot’s Of Talk, Not Much Consensus

Last month saw Coindesk’s “Consensus 2017”, one of, if not the biggest Cryptocurrency and blockchain conferences. Everyone who is anyone was there (well—not me). It’s all too much, I can’t even work through the Coindesk reports, let alone all the presentations, panels, and demos. (Coindesk’s summary recap is here.)

There was a lot of excitement, although I haven’t seen much new technology or actual businesses. The promised land is still just over the horizon, as it has been for several years.

Even the generally enthusiastic Coindesk recognized some of the excess, with headlines like . “Consensus 2017: Even Academics Can’t Keep Pace With Blockchain Change”. A report on the separate Ethereum-centric Ethereal Summit has the memorable headline, “’Spiritual Experience’: Hot, Wild Ethereum Summit is Sign of the Times” <<link>> Castor comments,

If there were a sign that blockchain may be overhyped, or that the industry is in the midst of a massive bubble, the Ethereal Summit may well have been it.

Quite.

The most significant news from the Consensus meeting itself was a somewhat opaque diplomatic communiqué from the Digital Currency Group, announcing a Bitcoin Scaling Agreement.

This is the latest step in the two plus year-long process that is attempting to deal with the perfectly routine engineering issue of adjusting a data structure to keep up with traffic. This issue has demonstrated the dysfunction of the so-called “consensus” governance of Bitcoin, and has nearly broken Bitcoin into multiple competing currencies.

So, “agreement” would be welcome.

Unfortunately, this grand announcement in fact announced that the same steps agreed to February 2016, which were never executed. This group has endorsed a plan that has been languishing for more than a year. (And there is no implementation in sight.)

As Coindesk reports, the underlying technical, business and political issues remain. The technical issue is pretty straightforward, but there are many people and companies using the protocol and network, and their interests conflict.

The decentralized decision-making process has been unable to find sufficient common ground to date, and has exposed deep divides in the “community”. The standard “consensus” process in such a case is for dissident factions to “fork” and do their own thing. That would mean two or more incompatible versions of Bitcoin, multiple protocols and virtual networks. This kind of fork works (sort of) for software, but isn’t a great model for what is supposed to be a universal shared resource.

So, things are not only “hot and wild”, but also on fire and adrift. (And QC will cause it all to fall down with a big thud within a couple of years.)

“It’s doomed, I tell you. Doomed!” 🙂


  1. Amy Castor,  Spiritual Experience’: Hot, Wild Ethereum Summit is Sign of the Times Coindesk.May 20 2017, http://www.coindesk.com/spiritual-experience-hot-wild-ethereum-summit-sign-times/
  2. Digital Currency Group. Bitcoin Scaling Agreement at Consensus 2017. 2017, https://medium.com/@DCGco/bitcoin-scaling-agreement-at-consensus-2017-133521fe9a77.
  3. Pete Rizzo and Alyssa Hertig Bitcoin’s New Scaling ‘Agreement’: The Reaction Coindesk.May 24 2017, http://www.coindesk.com/bitcoins-new-scaling-agreement-reaction/

 

Cryptocurrency Thursday

A Bad Idea Implemented with A Bad Idea

Let’s be clear. I find gambling to be boring and stupid myself, and I don’t admire gambling businesses that are built the weaknesses of people. Casino and other on-site gambling is a bad idea, but at least it gets people out in the world a little bit. Online gambling is a really, really bad idea, enabling people to feed their worst inclinations in the privacy of their own home.

You won’t b surprised that I’m not a big fan of the new initiative by an opaque company called Better Gaming, who are building an Ethereum Slot Machine: a slot machine that uses Ethereum smart contracts.

The innovation here is that this game is running entirely in a smart contract. No servers are required to operate the game, unlike existing online casinos.

Running “entirely in a smart contract” isn’t quite accurate: there is no server, but much of the logic runs on your local device.  However the logic of the gambling machine is implemented with smart contracts, which is the main point.

Readers of this blog know that I have a low opinion of “smart” contracts, Ethereum or otherwise. So, I’m especially excited to see this poorly designed technology used to implement the inherently bad idea of a slot machine. Not.

Obviously, the game itself isn’t innovative. They have gone to great trouble to replicated the behavior of these ubiquitous one-armed bandits. The “innovation” is to eliminate the server, in a fully decentralised and provably fair.” system.

For once, this Distributed App (Dapp) is actually solving a real problem: trusting your online gambling provider not to cheat is, well, a gamble. Gamblers can’t win, but they want to lose honestly.

The game’s logic has to be wholly processed within the smart contracts so that anyone who wants to can see that the game is playing by the rules and can’t cheat

Of course, they are also “solving” another problem, how to run an unregulated gaming operation, “off shore” from everywhere. Cryptocurrency is, if nothing else, a perfect digital “poker chip”, easy to move around, and not tracked by annoying tax agencies or vice squads. This slot machine isn’t taxed or regulated, and all the money goes…who know where it goes?

To give them their due, there are a couple of legitimate technical innovations in this product (at least according to their write up).

First of all, they made the user app asynchronous from the blockthain. It’s extremely important to give instant gratification to the lab rat gamer, and the blockchain has too much latency to always respond instantly. So they worked out protocols to mask the delay, presumably with caching on your local device. This is a significant achievement, and certainly caught Corin Faife’s attention in Coindesk. If this is successful, it may be a model to emulated by every Dapp.

A second technical feature is the random number generation (RNG). As Donald Knuth pointed out all those years ago, “Random numbers should not be generated with a method chosen at random.” [2] This group uses the blockchain with its pseudorandom hash in its random umber generation. I’m not sure what their method is, exactly, but this is a rather clever idea because the hashes are already very solid pseudorandom numbers.

 

Overall, this is yet another example of how bad ideas sometimes inspire brilliant software. This sounds like it will be a very solid implementation of a bad idea (a digital slot machines), and it will make excellent use of a bad idea (Distributed apps using Ethereum contracts), with some creative technical wrinkles. Sigh.

One sign that this is technology whose time has come: the Better Gaming  folks are already making legally licensed online games, and presumably making money.  Yet they believe it is worth building with this new tech, even though they are well aware that the powers-that-be will not easily approve it.  They should get credit for a gutsy technical gamble, and it shows just how promising this technology is.

it’s so new that we don’t expect regulators to fully grasp nor appreciate the implications overnight and there will need to be lots of discussion and negotiation before existing gaming jurisdictions license such activity.”


  1. Corin Faife, Watch This Ethereum Slot Machine Make Payouts in Real Time. Coindesk.April 21 2017, http://www.coindesk.com/watch-ethereum-slot-machine-video/
  2. Donald Knuth, The Art of Computer Programming: Vol. 2: Seminumerical algorithms (3 ed.). Boston, Addison-Wesley, 1997.
  3. Jez San, 1st Demonstration of real-time casino games built with Ethereum Smart Contracts, in Medium. 2017. https://medium.com/@aerobatic/1st-demonstration-of-real-time-casino-games-built-with-ethereum-smart-contracts-165ba72be02e

 

Cryptcurrency Thursday

More Bogosity From Matchpool

I looked at Matchpool earlier. Actually, it is fair to say that I scowled at this project, raising a number of questions and objections. My view is that they don’t understand what they are doing, and are offering a non-solution to a misstated problem.

I concluded

It is early days, so no one is really using this cunning app yet. We’ll have to see, but I’m not expecting it to work very well.

Evidently, this logically shaky project has had a rocky execution as a company as well.

Corin Faife describes “The ICO ‘Scandal’ That Wasn’t”, walking through a couple of news items that he explains aren’t as “scandalous” as some have said.

Much of the fuss seems to be the departure of one of the founders. On the way out the door, he complained about a less-than-completely-transparent transfer of funds, over $1 million worth, out of the ICO account.

Faife tells us that this was actually a transfer from Ethereum into Bitcoin, as a “currency hedge” against the volatility of Ethereum. This isn’t an implausible story, though one wonders whether this kind of volatility it is a great sign for a business that is built on Ethereum.

A second issue is that the transfer itself required three signatures (keys), which is intended to prevent simple theft. It turns out that the remaining founder has two keys (!), partly subverting this security mechanism. He found one other person, and they just did it.

Perhaps multisignature wallets are not quite the silver bullet that some think they are. Anyway, this seems at least a bit “scandalous” to me, that large amounts of cash are sloshing around with little effective accountability.

Faife comments that, if not actually scandalous, the departure of a founder from a brand new company is certainly a bad sign. He reports that the company claims that he left because he submitted code that was rejected and had to be rewritten. (His code was “fired”, so the code quit?)

The story doesn’t explain what kinds of “errors” were flagged, though it is said to be “smart contract code”, which is the stuff that brought down The DAO, and which is notoriously iffy  even when done well.

If this story is true, then it is kind of scandalous that such a poor coder was allowed anywhere near the code base in the first place. It also suggests that this founder probably doesn’t know as much as he believes he does about smart contracts.

Overall, I have to wonder if these people actually have any idea at all what they are doing. These are silly, rookie errors that suggest they really don’t deserve the confidence of investors or users. On top of their fundamental misunderstanding of the real world problems they aim to “fix”, they don’t seem to be able to run a software development project.

The article includes an unintentionally revealing “endorsement”, by project advisor Joe Shapira of Jdate,

I think that Matchpool will be a very beneficial venture for its founders and the investors in its currency.” (quote from Shapira)

Whoa! A dating service that is very beneficial to the founders and investors, but has nothing to say to the actual users? Is that really the right idea?  I don’t think so.

To the extent that this project is focused on investors and not on customers, it is absolutely guaranteed to fail. Assuming it even gets to release. At the rate they are going, I wouldn’t bet on it.


  1. Corin Faife, Matchpool: The ICO ‘Scandal’ That Wasn’t. Coindesk.April 15 2017, http://www.coindesk.com/the-matchpool-ico-scandal-is-all-smoke-and-no-fire/

 

Cryptocurrency Thursday