Deleting Information from a Distributed Ledger or Blockchain

Removing data from traditional systems can be easy, not so with blockchains.

Removing data from traditional systems can be easy, not so with blockchains.

When we talk about blockchains, often most celebrated feature is 'immutability' - that blockchains can't be changed once they have been created. Aside from this being only being about 95% true, there's a question of whether this is always really a good thing. 

For transactions there's no argument about whether permanence is essential to proper functioning, although for other applications it's not as clear. For example, companies around the world are exploring identity blockchains and in this context it may be a lot less true. Will companies like ShoCard, Onename and Cambridge Blockchain be able to overcome these concerns?

We have two principle concerns when it comes to deletion of records and identity. First, there's the concern that users will have false information about them listed online as this brings its own problems if it can't be properly corrected and the false records totally expunged. Second, and more importantly, there are clear regulations requiring that identity information being deleted under certain circumstances (e.g. EU Directive 95/46/EC provides 'the right to be forgotten' and the Protection of Freedom Act 2012 (UK) forces the deletion of DNA records after 6 months).

Clearly, in any Blockchain system, the absolute deletion of records of impossible. This is because blocks subsequent to the one containing the information will make reference backwards in the chain and alterations, including deletions, will result in a complete fork. 

There are some other options. First, if all data is encrypted when it's placed on a blockchain then the private keys can be deleted and, in theory, that should make the information totally inaccessible but, in reality, that's fraught with challenges (think about if the private key was ever recovered or if stronger brute force methods became available in 15 years).

Second, If only hashes were ever placed on a blockchain then the destruction of the full records will suffice although any system like this means data has to be transferred away from the blockchain; reducing its functionality. 

Third, a non-blockchain distributed ledger could implement a consensus algorithm that allows records to be properly deleted - through some type of 'delete X, authorised by Y' message.  Clearly, all records would have to be encrypted to stop full nodes just retaining copies after the 'delete' transactions has been received. that said, a simple majority voting algorithm could handle a 'delete' message - when nodes received the delete command they remove that record but keep a copy of the signature initially used to sign it to stop the transaction being sent again and accepted.

A Distributed Ledger like this would certainly lose functionality elsewhere but it would be within EU and UK law and would give reassurance to potential customers that where erroneous data about them was uploaded it could be properly removed without leaving residual suspicion.

Whatever happened to Swarm?

Swarm (or SwarmFund or SwarmCorp) was, and may still be, a startup, based in Silicon Valley, that seeks to use blockchains for crowdfunding. We’ve seen various different similar models and it’s a good idea that has yet to come to fruition anywhere. Certainly someone will crack it. 

Typically the model is that you either create a new crypto coin or use coloured bitcoins - the company offering equity can view the coins like traditional shares and/or promise crypto dividends or just allow them to appreciate as the value of the company grows. There are different models but they all employ the same leitmotif and Swarm seemed like a

What perked our interest here is that Swarm’s website is down and has been for a while - different links lead to different sites but as of the date of publishing both and were down, and their most recent archives were on 4/11/2015 and 17/10/2015 respectively. is linked from crunchbase and is from the company's twitter account, AngelList, and Bloomberg and then is linked from their dead subreddit.  If you’re only half as confused as we are then you’re doing well. 

Combine this with an article on Coindesk in April that the company was ‘pivoting’ makes me a little suspicious. The company's subreddit hasn’t been active for four months but their twitter account is up and was commenting on DevCon1, held just last week. All this is on top of the fact that the link on the Company's active Twitter now redirects to a page about swarmbots which appears to be a system for allowing people to offer and pay bounties on the messaging app Slack. 

Usually this wouldn’t be surprising but they have received about $1,000,000 from some serious investors and so it doesn’t make sense that they would just drop off the map like this without a statement or some controversy.

Joel Dietz, listed as a founder and CEO by Bloomberg, states on his Linkedin page that he is a ‘catalyser’ for Swarm and is the CEO of a stealth startup as of six months ago. Jef Cavens, listed by Bloomberg as a co-founder, says that he ended his work at Swarm in February 2015 and Ben Ingram, COO, simply lists it as ‘previous’. Announcements on the official bitcointalk thread ended September 26th. 

I don’t think anything critical can be drawn from what I’ve offered here but it is certainly interesting. Swarm was/is not a small company and it would be a shame to see them shuffle off this mortal coil like this. We also really liked their idea!

If anyone has any other information please get in touch.

Ripple, Ripple Labs and Open Source.

First, let’s be clear - Ripple is open source. In 2013 the whole code of the project was made available on were anyone can go online and create their own version of the Ripple network and begin to promote it. In that sense, Ripple is open source since the code is open to be viewed. 

However, that isn’t the whole story.

There are a small number of differences between what might be called a ‘hard’ open source project (e.g. Bitcoin) and a ‘soft’ open source project like Ripple.

The principle issue is this


  1. The idea of the source code of an open source project is all the code that controls the type of behaviour the project can engage in,
  2. Ripple Lab’s nodes exert high levels of control over the Ripple network and can dictate. in real time and without updates, the types of behaviour allowed,
  3. Although the source code of a standard node is open source the source code of Ripple Labs’ nodes are unknown. 


  1. Therefore, the network is not open source in the spirit of idea. 


The first point is null on a traditional software project since the code is the project. However, a network is different agents running different code and communicating with one another and the whole network constitutes the project. The stated goal of the Open Source Initiative is to use ‘transparency of process’ and when the software is a network their should be clear and transparent knowledge of what general process the network will go through or be allowed to go through. 


On the second point, many Network Validators are run by Ripple Labs at this time. Network validators transmit transactions to other peers but they also check to see if transactions are valid and can reject transaction on any terms they choose. Participants on the network choose a list of Network Validators they they trust and that list of these trusted validators is called their Unique Node List (UNL). Ripple Labs provide a default UNL for their open source clint and this UNL consists of ten Ripple Labs’ nodes and eight from other sources, some of them unclear. As Peter Todd sets out in his recent review of the available code, all users of the network have a strong financial and business incentive to only use that UNL since if they do not they strongly risk being isolated and undergoing a denial of service attack that would be remarkably costly for any business. 

In addition to this, Ripple Labs does not provide a universal list of Network Validators and their is no strong incentive in the network for individuals to start or maintain a Network Validator themselves. Ripple makes the case that users will wish to run nodes to support the network they rely on or to get quicker access although this model has been employed in Bitcoin with limited success. 

We could assume that Ripple Labs’ nodes run the standard network daemon that is open source and available online but why would we assume that? 

A point to make at the end - none of this means that Ripple is ‘bad’ or ‘untrustworthy’ or ‘closed’. Ripple Labs publishing their code was an honest response to the calls from the community (and likely from business) and should be taken in good faith. It makes sense for Ripple Labs to maintain the level of control they do and nobody should fault them for that - they have a lot of money ridding on this project and so do their backers. The cautious note is only this - don’t think of Ripple like you think of Ethereum or Bitcoin. Ripple is a commercial product built by a commercial and profit-making company that wishes to grow and develop itself based on its own creation and more power to them. But remember, with the Ripple UNL as the default and incentivised list, and with that list being predominantly Ripple Labs’ nodes controlled by Ripple Labs, and with no strong incentive to run nodes, Ripple Labs can encode their nodes to reject any transactions according to rules they see fit. Since we don’t know the code that controls those nodes, it could be argued that although the project is open source according to the letter of the law, it in not according to the spirit of the law.

BitLicense - a breakdown

Since June 24th when New York’s BitLicense was published in the state register, companies have had a 45 day grace period in which to either exclude New York residents from their services or comply with the legislation. As the deadline has drawn towards  Saturday the 8th of August we’ve seen companies split down this fault line. 

The New York BitLicense scheme is legislation designed to regulate any company dealing in any virtual currency that has consumers in the state and to protect residents of New York.

The requirements to attain a license have been set relatively high, with a $5000 non-refundable application fee and the application process being described as ‘Orwellian’ and taking in the order of 30 days to complete. 

Some companies have seen this as a necessary evil or an opportunity to show their credentials as trustworthy organisations. Bitstamp, Coinsetter and MonetaGo have all successfully applied for a license. 

Many others have responded by removing operations from New York and blocking residents. Bitfinex, Bitcoinpaygate, BitQuick, Coinfloor, Kraken, Paxful, Poloniex, and Shapeshift have all excluded either New Yorkers or Americans entirely. 

The companies pulling out of New York have cited a range of reasons and some none at all. The Bitcoin exchange Kraken objected both to the requirements placed on their business but they also protested the damage that could be done by the legislation not providing ‘on-ramps’ for start-ups. Paxful, a website for buying bitcoins, also cited the overly onerous cost to companies in attaining the license and went on to comment on how the legislation requires companies to get permission from regulations to introduce any new product.

While many major players have applied and received the license it’s unclear what benefit this will bring to customers in New York and as the city competes against London and other financial centres this may put Wall Street innovators at a disadvantage. The New York response should be compared against that of the UK’s Financial Conduct Authority who, in June of last year, established Project Innovate specifically designed to help small firms become authorised and have taken a hands-off approach to firms using virtual currencies.

Smart contracts and the end of the Prisoners' Dilemma

The Prisoners' Dilemma is a problem from Game Theory and Mathematics which, in its essence is about trust. 

Two people have just robbed a bank together - they're apprehended by the police a few days later and each is separately taken in for questioning where they are offered the chance to confess. 

They're both offered the same deal - testify that your friend was the one who robbed the bank and you're free to go OR stay silent and we're going to charge you with something, even if we can't charge you with the bank robbery. 

If each prisoners betrays the other then neither one is set free and both get punished; and if both keep their lips sealed then they both only get a minor punishment.  But if only one prisoner betrays the other then the prisoner who stayed silent takes all the blame and the other is declared innocent.

There's a debate on what the optimum solution is for each participant but it depends on the greater context of the prisoners and their relationship (will they rob banks together again, how bad is the betrayal, how good is the honesty) but as a thought experiment the parallels with business should be obvious, Even with strong contracts and good relationships there's often an incentive for one party to betray another and the incentive has to be managed - the prisoners' dilemma has never been confined entirely to the university campus and has been applied liberally. 

Smart contracts offer a technical solution to any digital version of the prisoners' dilemma - they don't just optimise the problem - they solve it. 

If the interactions are digital then Prisoner A and Prisoner B can write a contract before they rob this bank - the rules of the contract (written in computer code) are that if either party betrays the other, then the other party will automatically also betray the first as well. This removes any incentive for anyone to betray in the hope of doing so alone; because the contract is held across the network and not by either A nor B then both can be sure that the contract exists in the form that it was agreed on and the lack of trust is not just pushed up stream. No additional party is required to execute the contract because it executes as conditions are met (i.e. one party betrays) and the agreement cannot be repudiated in any form, and so can be trusted indefinitely. 

One way of looking at this conclusion is that wherever there is a Prisoners' Dilemma in business there might be an opportunity for smart contracts on a decentralised ledger. 

Santander InnoVentures Report

Spanish bank Santander operate an investment capital fund for new ventures in financial technology, called InnoVentures.  The fund has recently released a report on emerging financial technologies, written with management consultants Oliver Wyman and investment firm Anthemis.

The report identifies four areas of new technology likely to impact the financial world:

* The rise of the Internet of Things, the network of devices and objects able to communicate with one another.

* Creating value from data by smart data analysis.

* Embedding distributed ledger technology across all major operations.

* Reducing or eliminating search and other transaction costs for customers.

Written at a high level, the report does not require readers to have a technical background.  It is insightful and clear, and we recommend it to you.

The report is available from here:

"Bitcoin days destroyed" explained and a power law uncovered.

Bitcoin days destroyed is a measure of volume in the Bitcoin network (and works equally well for other decentralised currencies) and quite a good one at that. It's the solution to the problem of how bitcoins can be quickly moved between addresses and create the illusion of volume when the bitcoins stay with the same person or company all along. 

The thing that is being measured is the amount of time that the Bitcoins in a transaction have been at one address prior to that transaction.

For example, if 10BTC was at one address for 30 days and a transaction took place to move that 10BTC to another address then that transaction would have 300 bitcoin days destroyed. If the new owner of those 10 BTC then took them and  immediately split them across ten different wallets then 0 days would have been destroyed (but volume statistics would register a further 100 BTC volume). 

It's very useful for looking at blocks of transactions (which represent 10 minutes worth of all transactions on the network) because it allows you to sort out what blocks represent users moving the same bitcoins around a lot and what represents large transactions of bitcoins across the network and can be used to find hoarders offloading.

We looked at the data for 300 blocks and plotted volume against days destroyed. As you would expect they have a positive relationship but what's really interesting is the power law hidden in there


So what does this tell us? 

Firstly, since days destroyed is a function of volume (volume in a transaction times amount of days the bitcoins have been still) we can conclude that days static of bitcoin is spread evenly across large transactions and small transaction. Whether a transaction is big or small seems to have no bearing on whether the bitcoins have been static for many days or not. 

We can also conclude that there's no natural upper limit to the number of days destroyed in a block but that as volume increases then the likelihood of many days destroyed does too.

It's also clear that much of the moving of previously static bitcoins around the network is happening in a low proportion of the volume - which should leave us distrustful of any volume statistic. 

The next thing to investigate is whether the power function for their relationship has moved over time. This would give an insight into whether there's a shift in the network from person-to-person transactions to rapid transactions inside individuals wallets (something not conducive to economic growth).


UK Treasury’s Response To Their Call For Information.

Back in March of 2014 the UK Treasury sent out a call to academics, companies and individuals to give their opinions on the rise of digital currencies - the outcome of this has been hotly awaited. On the 18th a reply was delivered alongside the budget and is, against some expectations, a generally pleasing read. 

The key conclusions of the report are:

  • The UK government will seek to apply existing anti-money laundering law to digital currency exchanges,
  • There will be government support for a British Standards Institute (BSI) project to bring in best practise for digital currencies,
  • £10 million will be injected into research on digital currencies. 

We're yet to see exactly who will be targeted by the money laundering law changes but if it's a straight application of UK law then it will only be UK based exchanges that have to worry about this new position. We'll have to wait until June of this year to see what the Financial Action Task force make of all this.

The overall message of the report is praising of Bitcoin, digital currencies in general and the underlying technology. There is the predicable meddling from this with an opposed interest but the government has rightly ignored those clamorous voices. 

There was 1 proposal, from a payments infrastructure provider, that the government consider banning digital currencies, should it decide the risks outweigh the benefits.

If you look on the back page of the report there is only one payments infrastructure processor...

The government demonstrated a strong understanding of the technology, grasp the applications (potential and current) and clearly have an open mind to digital currencies. Micro-payments and micro-payrolls are discussed as is the so-called 51% attack - they seem to know what they're talking about - forgive this author's incredulous tone. 

There's understandable caution and emphasis on the illegal uses of digital currencies but that's understandable since it's the government after all. Also, they don't take the position that digital currencies are 'for' criminals but rather, that at the moment they're being used by criminals. Alongside this, there's the reassuringly normal observation that any serious money launderer would still just use cash. 

All-in-all this is is a positive report and we should hope that the good work is continued in the next parliament.

Gemini and the markets; a twin rise and fall.

Ten days ago today (23/01/2015) the somewhat notorious Winklevoss twins announced they were funding and founding a shiny new Bitcoin exchange with an extra edge; it would be based entirely in the state of New York and would be fully compliant with the necessary US legislation. The exchange (modestly named Gemini) will thus protect the deposits and the twins’ no-expense-spared approach to security will potentially stand them apart from a frontier crowd of other exchanges. 

    This came three days after Coinbase received $75 million from a round of funding including some impressive Venture Capitalists. Combined; there was a noticeable affect on the market but it wasn’t sustained (is it ever?) 

Screen Shot 2015-02-02 at 18.30.24.png

   Since then we have seen a now-familiar pattern of rapid movement and a rapid return. The markets jumped $25 in 24 hours and then rose another $50 before briefly breaking the $300 mark. This was all short lived and there remained questions over when Gemini would be released and in addition Coinbase suffered as the governments of New York and California both released statements asserting that Coinbase did not have regulatory approval yet. What goes up, must come down; and this is no more true as the market returned to $227 in just five days. 

    What question marks remain of Gemini? Mainly; there’s a big delay in the form of New York’s BitLicense - something yet to be granted by the Department of Financial Services and the twins have been clear that they will not open for trading without that approval. Although it is crucial that they do receive that license and have clearly poured money into their compliance team (poaching the head of Information Security from the hedge fund Bayswater) there is no guarantee of success and the details of the license are yet to be finalised.

    They’ll be more waves from the Winklevoss’s project in the coming future of course. We should all be on the look out for any announcements regarding their compliance status but there are a few other things;

  • The exchange is being built from scratch and as such we shall all wait in anticipation to see just how robust the code will be in the surge of users it will surly garner. Any downtime and we will see a triangle shaped drop in price with a quick return.
  • When a launch date is announced this may affect prices a little. Big delays after being licensed may cause a little disillusion to spread but it will likely be insignificant.
  • Details. We’re yet to see a fee structure, sign-up requirements and importantly whether non US citizens will be permitted to trade on this exchange.

“We’ve never sold a Bitcoin. We’re in it for the long haul.” - Cameron Winklesvoss 

Postscript. The those asking me to reference the 'Wilklevii' I will not put aside pedantry in seeking a funny word (a 'Winklevii' is a very funny word).  "Winklevoss"  is probably an anglicisation   of  "Winkelvoss" - a dutch surname which would pluralise to "Winkelvossen". We'll be having no more of these "Winklevii" shenanigans now I hope. 

How to short Bitcoin (using Bitfinex)

So you’re a bear? That’s not to say that your very mean on the Second Amendment; more that you think the price of Bitcoin will go down. How do you profit from this? Well, you need to short the market.

For those of you who don’t already know what shorting is, here goes;

1) Person A lends you 1BTC when the price is 400 USD

2) You sell that 1BTC to person B for 400 USD

3) The next day, the price falls to 390 USD. You buy 1BTC from person C for 390 USD

4) You pay person A that 1BTC that you purchased for 390 USD and you debt is cleared. You keep the 10 USD margin minus some interest on the loan (maybe 0.1% a day). 

Okay, so how do you do that? Well, connects those who are holding BTC with those who wish to borrow it. 

You’ll need a Bitfinex account with some funds in it. There are different ways to do this but it’s easiest to purchase BTC elsewhere and transfer them in. 

Then you need to go to ‘manage wallets’ and ensure that your funds are being kept in your ‘trading wallet’. 

From there go to ‘Margin Trade.’ Within ‘Margin Trade’  you’re looking to ‘Margin Sell’ which is the large red button to the right. The simplest way to to perform this operation is to select ‘Market’ as the order type from the drop down menu. This simply means that your order will be completed with the best possible price (limit allows you to set a price yourself). 

This margin sell with by transferred to your ‘Market Positions’. When you wish to take your profit or cut your losses then simply click ‘close’. On a short position the ‘claim’ button is of no use to you. 

I appreciate that this is very basic to most readers but it’s a good place to start. Any questions; please comment.

Automated Bitcoin Trading: A platform for innovation?

Automation is something that fascinates me, no more so than in its application to financial trading; I find the notion that (in theory) I could go to sleep and wake up the next morning richer, thanks to a piece of intelligent software trading on a foreign exchange, thrilling. My recent (and, arguably, obvious) discovery that  autonomous cryptocurrency trading is a thing, was therefore one of glee, and I rushed to discover what the implications of this were to conventional automated financial trading. 

It is of no surprise that the impact of cryptocurrency on trading is the same as its impact on currency in general: the removal of financial middlemen and institutions. For those wishing to trade using autonomous bots, this means that they can connect directly to crypto-exchanges, rather than bearing the costs of accessing expensive APIs (Application Programming Interfaces), or being forced to seek the backing of a traditional broker. For me this is exciting, because I believe that the more open a system is, the more it is open to innovation; this is a logical conclusion if we consider the positive impact of techniques such as crowdsourcing. And, although brokers may grumble at being circumvented (particularly if the popularity and use of cryptocurrency continues to rise), it is them who will ultimately benefit from the creation (and subsequent dissemination) of new trading techniques from the Internet `hive mind’. What may these new techniques be? Well, in the same way that taking a technical project open-source tends to open up fundamental practices to review, the introduction of `open-source’ trading, it likely to challenge traditional views, and introduce unconventional techniques. For example, there are typical beliefs about the limitations of trading bots, voiced in the very article I reference for this piece: `It’s difficult to program a computer to react to fundamental market conditions such as, say, rumours about the Chinese government taking a new stance on Bitcoin, or the latest Bitcoin-based black market trading site shutting down.' Is it? Why? Semantic approaches to Artificial Intelligence (AI) (which is what these two quoted pieces of information are; semantic data), are rapidly becoming a reality, and I believe that open environments, such as Bitcoin exchanges, are the best place to implement and test these approaches, and breed similar ideas and techniques.

It is also of no surprise that the arrival of cryptocurrency provided a money-making opportunity for those with existing algorithmic tools available, particularly those tools tuned to process of arbitrage. These bots fared especially well with the introduction of crypto-exchanges, not only because of the limited number of exchanges (making their task simple), but because one particular exchange, Mt. Gox, dominated the market, allowing for its coins to be bought cheap on this exchage, and sold for profit on smaller ones. As with most things, this `free ride' did not last long for these traders, with Mt. Gox ultimately paying for its size by being the target of a mass Bitcoin theft. This theft, it would appear, serves to show the negative impact of open exchanges, as it is speculated that the thieves themselves used bot strategies to carry out their theft. 

Beyond the use of arbitrage, successful due to its exploitation of a young currency, what other autonomous strategies suit the trading of cryptocurrencies more than trading in conventional currencies? It would appear that data-intensive strategies, or bots that utilise mathematical techniques predicated on the presence of vast corpuses of data, fare well once again due to the open nature of crypto-exchanges. For example,'s vast dataset of over 200 points, collected entirely over a 6-month period this year, has allowed very simple probabilistic algorithms to correctly predict the movement of price in similar markets. For me, this demonstrates more than ever that there is no magic formula to automated trading, as there is no magic formal to its parent discipline, AI. In reality, intelligence can be simulated with straight forward probability, backed by huge amounts of data. And open-exchanges are providing the opportunity for this.





Martin Chapman - 2014

Bitcoin: Funding the criminal enterprise?

One of the applications of Bitcoin is for payment of illegal transactions.   The purchase of illegal drugs, hacking or assassination services, for instance, have featured prominently in the uses of Bitcoin and other crypto-currencies.  Indeed, such illegal transactions may have motivated some of the developers of these currencies, and certainly motivated many of the early adopters of them.  There is no doubt that such applications have given these currencies a certain aura - either a prestigious mystique or an anti-social criminality, depending on your point of view. 

What feature or features of crypto-currencies lend them to such illegal uses?  Perhaps the key feature is anonymity of ownership.  At least in theory, one may own Bitcoin without anyone else knowing who owns them, or being able to trace their past or present ownership.  In this, Bitcoin is like holding national banknotes in cash under your mattress.  As soon as a national currently is deposited in a regulated bank, its connection to its owner is known and may be reported to relevant authorities.  In most Western jurisdictions, large deposits or transfers (eg, those over GBP 10,000 in the UK), are required by law to be reported to anti-money-laundering agencies.   Someone having large amounts of money and not wishing to have transactions reported needs to keep it under their bed (as this suspected criminal did [link]) or else deposit it in un-regulated "banks", for example, those run by criminal gangs such as the Chinese triads or the Sicilian Mafia.  Depositing money with unregulated banks run by criminal gangs, of course, brings its own risks, not to mention the low rates of interest such organizations usually offer. 

Another feature that may have attracted people engaged in illegal transactions to use crypto-currency is that these currencies are beyond the reach of national Governments.  Some governments, such as those of modern Italy, are notorious for imposing sudden taxes on bank deposits, sometimes, even retrospectively.   For that reason, many Italian residents maintain bank accounts abroad (often in Switzerland), and are careful not to leave large sums of money in their Italian bank accounts.  A currency outside any national jurisdiction may attract people keen not to hold money in a form readily subject to government taxes, or to fiat and confiscation.   Some of these people may generate their savings from engaging in criminal activities, but not necessarily all.  

Given this history for the uses of Bitcoin, we may wonder whether such currencies will ever attract legal applications in large numbers.  The widespread perception of illegality, even if a mis-perception, may deter legal citizens and companies from using Bitcoin.  We will explore legal applications and benefits in a future post. 

Peter M - 2014

Bitter to Bitter. The Stanford Research Paper.

Bitter to Better - How to make Bitcoin a better currency - Simon Barber, Xavier Boyen, Elaine Shi, and Ersin Uzun

One of the suggestions made in this authoritative paper from 2012 is designed to improve the Blockchain’s resilience to a 51% attack; specifically a History Revision Attack. 

I implore anyone interested to read the paper, or at least Section 4 which concerns possible attacks on the Blockchain and makes a suggestion to improve its resilience. For those who do not wish to read the paper this I will give a brief outline of a History Revision Attack. 

Firstly, the attacker will make some purchase with Bitcoins. They will make a Bitcoin transaction and a record of that transactions will be made in the Blockchain as it would for any normal transaction. Once that transaction has been completed and the attacker has received the goods they purchased then the attacker will reverse their spending. 

In order to reverse their spending and delete the record from the Blockchain, the attacker will release an alternative blockchain that has a higher level of total (summed) difficulty than the 'accurate' blockchain - the one that honest nodes are working on. Creating this alternate history is computationally very difficult but as the Bitter to Better paper correctly notes, if the attacker had about double the hashing power of all the honest nodes then they have a 1-2 year window in which they could feasibly create an entirely new blockchain that did not contain their transaction. This new blockchain would be accepted because it would have a greater total difficulty than the 'accurate' blockchain. 

The  authors propose a technical solution to this problem. 

With regard to people and conventional institutions, humans are suspicious of any record that contradicts thier own recollection of events (See Gaslighting if you’re interest in the damage that can be done by abusing this). Analogously to this, the authors suggest that all nodes keep a record of the transactions they have witnessed pass through the network and when there are two blockchains on the network and one has a greater difficulty than the other, each node will compare both blockchains against their own record of transactions and demand an increasingly high margin of difficulty for the blockchain that differs most from their own record. Younger verifiers will then look to their older peers for information on which blockchain is closer to their timestamped and offline records and there might be phase transition back to the ‘accurate’ Blockchain. 

However, this solution could create problems of its own. In a case where an attacker cannot muster the necessary hashing power in order to create an alternative history but is sufficently patient or able to impersonate ‘older’ verifiers they could perform an alternative attack. If the authors' suggestion was implemented then an attacker could create a blockchain which was shorter than the ‘accurate’ blockchain and it may not be properly rejected if they can use mature verifiers on the network.

An attacker could feasibly control a number of older verifiers which would either have been online for a great amount of time or could be made to look as if they have been verifying for a great amount of time. When a shorter (and fraudulent) blockchain is released onto the network, those fraudulent verifiers reject the ‘accurate’ blockchain and instead endorse the attack’s blockchain - since they are controlled by the attacker. Despite the fact that one blockchain has a great total difficulty, it may be rejected because it fails to reach the artificially created greater margin of required difficulty due to dishonest nodes controlled by the attacker.

This would give rise the possibility of another type of attack. An attack could have a shorter blockchain supersede a longer one by having control of at least 51% of the seasoned verifiers (or verifiers that appear seasoned). In this case, younger verifiers that are on the fence will 'flip' to the fraudulent and shorter blockchain instead of the longer and accurate one, based on the activity of their peers. They would demand an unreasonable margin of greater difficulty for the accurate blockchain based on the illegitimate endorsement of an 'easy' blockchain by dishonest verifiers.

In summary, the techniques proposed by Barber et al. to address the History Revision attacks identified are interesting, but they still seem to allow for a malicious and patient attacker to successfully insert fraudulent blockchains into the ecosystem.


Simon Barber, Xavier Boyen, Elaine Shi and Ersin Uzun [2012]:  Bitter to Better - How to make Bitcoin a Better Currency.  Financial Cryptography (FC 2012). Volume 7397 of Lecture Notes in Computer Science, pages 399-414. Springer, 2012.  Available from here.