Bitcoin Capitalist Opens Bounty For New Block Cipher

An anonymous reader writes: Bitcoin capitalist Mircea Popescu has opened a contest to find a new block cipher and is offering a 10 Bitcoin reward for a winning submission. The eccentric Popescu was previously featured on Slashdot for saving OpenBSD from their electric bill in their time of need.

What?

[OverlordQ]

Can somebody translate that blog post to English from 'Self-aggrandizing twatspeak' for me? /fp

Re:What?

Person who makes money off the backs of drug dealers and pedophiles seeks more efficient proof-of-work theorem for bitcoin miners.

Re:What?

[OverlordQ]

So rich guy trying to get richer. K.

Re:What?

[twistedcubic]

The first sentence is a clear description. You may not know what a block cipher is, but the word "cipher" should suggest encryption to you. It's not cool to pretend you don't understand.

Re:What?

[PopeRatzo]

Understand perfectly what a block cipher is, it's his twatspeek that makes it confusing.

He got off to a bad start with, "Bitcoin capitalist..."

People have some funny notions about what "capitalism" means.

Re:What?

Agreed 'That we will consider proposals from barbarians as well as citizens'

Da fauq dude...

Re: What?

[WarJolt]

All you need to know if that there is no way for all the machines on the bitcoin network to know when one event happens before another. This is important for financial transactions. The block cipher is a proof of work function which takes some effort to compute. Since this takes a predictable amount of time to compute it can be used to establish a sense of global time and order events. It doesn't always work right away, but eventually if someone tries to double spend a bitcoin one transaction will win out. This establish the trust necessary for bitcoin to work.

The problem is bitcoin can potentially be manipulated if you get a little bit less than 1/2 of the total network computational capacity.

I have been looking at the proof of work functions that are memory hard proof of work functions because they are more expensive financially to compute. There are tons of ASICs computing those hashes right now used in bitcoin which are far cheaper than any PC, but memory in an ASIC is always expensive. You get less of an advantage.

I think momentum proof of work function has potential, but I haven't seen any crypto-currencies use it yet. Let me know if you find one.

There definitely is a potential for safer currencies than bitcoin

Re:What?

[Frosty+Piss]

Can somebody translate that blog post to English from 'Self-aggrandizing twatspeak' for me? /fp

Can somebody translate OverlordQ's "twatspeak" into English for me?

Re:What?

I don't think he want is for proof of work. More likely to keep seekrits from the gubmint.

Re: What?

There definitely is a potential for safer currencies than bitcoin

Sure, but this asshat pretends he is the messiah of bitcoin that came up with the idea of doing something different. You have already demonstrated that is not true by means of your identification of memory hard work, and there are a number of altcoins which have been around for years now that are using different strategies as well. I'm really not sure how this was picked up for the front page, unless the new overlords are taking "pay-to-publish" submissions now

Re:What?

[oldmac31310]

When a vagina talks it is twatspeak, or so I surmise. Not a compound word I recall Eric Blair (bit)coining. Hope that helps.

Re:What?

[rtb61]

Not quite accurate. Pretend rich guy is trying to stay pretend rich by rebuilding the pretend value of what makes him pretend rich. All marketing, reward is in pretend currency which will prove problematic but the pretend rich guy can hardly offer a reward in a real currency, kinda brings down the illusion of their pretend wealth, if they acknowledge the pretend currency will attract competitors. Like all ponzi schemes, they eventually inevitably implode and with them the pretend wealth.

Re: What?

[c]

I'm really not sure how this was picked up for the front page, unless the new overlords are taking "pay-to-publish" submissions now

It has "Bitcoin" in the title. Of course it got picked up.

Don't you know the rules?

Every day, there's gotta be at least one Forbes submission make it up, one hackaday, one from whatever site itwbennett is pushing these days (I don't click those links), and one Bitcoin story.

It's like clockwork. Things are a little shaken up with week what with all the changes happening around here, but they'll get their groove back soon enough.

Re:What?

[tnk1]

It's not pretend rich if people actually accept his pretend currency for actual goods and services.

Make no mistake, the people at the top of the Ponzi pyramid have a shit load of very real money at the end of it. It's just that it usually gets taken away by the government when they're hauled off to jail before they can escape with it.

Re: What?

It is pretend rich if you can't liquidate without tanking your commodity. If you had a ten thousand dollars of manure you could probably move that to dollars by selling it as fertilizer. If you haf ten million dollars of it, good luck finding a buyer without tanking the market.

Like that except with a non-thing without the inherent value of shit.

Re:What?

[vel-ex-tech]

Well that escalated quickly! Would you please elaborate? What do big banks have do to with this one?

I mean, they've been interested in developing a blockchain of their own, but that seemed like a stretch. Are you saying they're crowd sourcing their effort?

Re: What?

[Orgasmatron]

This story appears to have nothing to do with the block hash function. He wants a block cipher that takes 64kb keys.

Re: What?

[TheRealMindChild]

Found the litecoin enthusiast

Re: What?

Get a PoW that can be effectively solved on common hardware, and you'll be at the mercy of botnets.

Re: What?

Wouldn't it be trivial to create a memory intensive cipher? Couldn't you just require the intermediate steps to operate on numbers with billions of digits?

Re: What?

[Jack+Griffin]

If you had a ten thousand dollars of manure you could probably move that to dollars by selling it as fertilizer. If you haf ten million dollars of it, good luck finding a buyer without tanking the market.

You're not comparing the same thing. If you liquidate the same proportion of *ANY* market, it will have the same effect. If Apple tired to liquidate it's entire stock holding you don't think it too would tank?

Re: What?

[Jack+Griffin]

It has "Bitcoin" in the title. Of course it got picked up.

Don't you know the rules?

Every day, there's gotta be at least one Forbes submission make it up, one hackaday, one from whatever site itwbennett is pushing these days (I don't click those links), and one Bitcoin story.

It's like clockwork. Things are a little shaken up with week what with all the changes happening around here, but they'll get their groove back soon enough.

Don't forget 3D printing and Drones. How will we ever survive without another story about 3D printing?
Imagine if someone bought a 3D printed drone using Bitcoin? Would the universe end?

Re: What?

The Ethereum proof of work algorithm is memory intensive and supposed to be ASIC unfriendly (see https://github.com/ethereum/wiki/wiki/Mining ). There are some other interesting properties of Ethereum such as smart contracts and shorter block times.

Re:What?

[bytesex]

- He wants a block cipher that works on 1 kByte blocks (and on 4, 16, 64 kByte blocks, which is implicated by the first requirement). Current block ciphers do 16 bytes at a time, so they imply the 1 kByte requirement.
- He says current block ciphers suck. Why? It doesn't really become clear from the discussion, which seems to be between two people who have heard a little bit about cryptography, and are trying to outdo each other in what little knowledge they have.

In reality, a block cipher is perfectly transferable to a stream cipher, and the 32 byte key space and 16 byte block size is not something that is going to be broken any time soon. So, I'm not getting the motivation. At all.

Re:What?

[bytesex]

Just thinking out loud: *maybe* what he means is that current 'disk'-like encryption mechanisms suck (like XTS, which they don't have to do, but which in practice they do). Or maybe he wants a proper encryption scheme, based on asymmetric cryptography (so that I can properly package a file just for you), which can be done (PKCS#1, ECIES, etc) - but there you basically package a symmetric key under a single stroke of asymmetric encryption, and follow up with the symmetric ecryption of the payload itself, which admittedly feels like a bit of a hack (mixing up crypto means you may be more vulnerable).

Re:What?

[bytesex]

Wait. 'Uses a 64 kbyte key' - is he mad? Does he realize the trouble he will have to go through when he has to transport over a network, or do a key agreement on, keys of that size?

Re:What?

Sure.

Some idiot with too much money and limited knowledge of crytography has decided for no-good-reason that all current block ciphers "suck". This despite the fact that we now live in an era with very strong block ciphers that have withstood a large amount of public scrutiny from an ever widening amount of researchers trained in crypt-analysis.

Block ciphers, as you might guess encrypt a single block at a time. His main criteria seems to be block length. Currently most block ciphers are around 128 bits. The idiot wants (for some strange reason) a block cipher that has extremely large block sizes of 1024, 4096, 16384, and 65536 bytes.

Oh, and he's willing to part with 10 whole bitcoins for your effort! (A few grand) Whoopee!

Re: What?

[c]

Well, now, 3D printing is only scheduled as a weekly guaranteed submission. You're being thrown off by the intersection between 3D printing and guns, which is a slam dunk for the front page.

Drones are a bit more sporadic; I haven't quite figured out the cycle. It's not daily, but it's more frequent than weekly.

Re:What?

[Khyber]

"Make no mistake, the people at the top of the Ponzi pyramid have a shit load of very real money at the end of it."

Uhh, excuse me, but pretty much every country on the planet has fiat currency, which means it's not real fucking money, at all.

Re: What?

Who the hell cares if he DID destroy the market?
Fact is, he now has 10 million dollars and killed a market.
Seems like rich to me. And powerful.

You don't need to get it all at once, you could circle around every reseller (of which there are quite a few now), progressively taking it out.
Build up hype to morons when the value is tanking to build it back up.
This is pyramid 101.

Re: What?

[hackwrench]

Funny, I keep thinking that fiat currencies are the purest form of money that exists because it responds better to relative economic changes between regions. Haven't yet experienced anything to disabuse me of that notion. I'm starting a blog covering various ideas trotted out by bleakonomic believers and why they make no sense to me. Got quite a few books on the subject in preparation, though.

Re:What?

And did you read past line one, to his list of "requirements"? One of which includes "don't use basic computer operations because they SUX0R instead use something like this geometry thing I came up with when I was super-stoned, which by the way I have absolutely no conception of how to demonstrate is even as effective as usual methods, let alone prove that it doesn't have a fatal obvious flaw".

I mean we all had stoned conversations like those transcripts when we were 21, but we woke up the next morning and realized we were just shooting shit. We didn't make a blog post and offer a bounty and act like we were gonna change the fucking world.

Re:What?

[tnk1]

Don't cross the streams here. The question of whether fiat money is real or not is really sort of a tangent against the actual point.

Fiat money might be based on something other than gold bars in a bank vault, but you can use it for buying and selling almost everything and it is legal tender. That's close enough to "real" for this discussion. In that sense, it is a lot more "real" than Bitcoin, which is really the issue here, although there's no need to suggest that Bitcoin is "pretend", but it is definitely of *limited* utility.

Someone who uses Bitcoin to get themselves dollars, for instance, has become "actual rich" if he can get away with keeping it. Whether Bitcoin is "pretend currency" or not is actually not even the point here, but it certainly makes the Ponzi comparison much more apt.

That guy looks and sounds like a pompous ass

[Jailbrekr]

I get it, sometimes you need to put on a personae to stand out in the crowd, but that guy just comes off as some vain arrogant twat with more funds than sense. So who precisely is he, and why does anyone care?

Re:That guy looks and sounds like a pompous ass

[Archangel+Michael]

People who view others simply by personality traits are missing out. Yeah, so the guy talks like an arrogant twat, is he wrong?

You see, your attacking him on something completely irrelevant, simply because it is easier than to actually discuss the merits of what he was saying.

Keep in mind, he may be brilliant or he may be a complete loon, I am not judging either here, just your rebuttal, which amounts to "Big Fat Ugly ... do not like", which actually makes you exactly who hate the most, an arrogant twat. ;)

Re:That guy looks and sounds like a pompous ass

[JoeMerchant]

Whoever he is: $4000 doesn't sound like much of a prize to me.

Re:That guy looks and sounds like a pompous ass

People who view others simply by personality traits are

... every single person ever. And comments on a newsmedia site would be willfully ignorant to pretend like such considerations are pointless.

Re:That guy looks and sounds like a pompous ass

[chill]

Hey, we can't all be Steve Jobs, Elon Musk, Larry Ellison or John McAfee!

Re:That guy looks and sounds like a pompous ass

Oh, look, a guy using the name "Archangel" is defending an arrogant twat. Why am I not surprised by this....

Re:That guy looks and sounds like a pompous ass

he's just some random narcissist/megalomaniac who got lucky as an early adopter, runs a shady "unregistered corporation" and hides behind unenforceable legalese in his "corporate" governance docs to deny personal liability when the illegal sites he runs eventually turn any meaningful profit and garners the attention of taxing authorities. He also routinely claims to have singlehandedly saved bitcoin from imploding on itself by creating markets... that nobody actually uses. Now that he's effectively been shown to have been completely irrelevant in any measureable way in the bitcoin world, he's trying to create something new so he can claim to be its inventor...even though he has made no attempt to do anything himself on the matter (because he has very little in the way of actual coding skill, despite his claims to the contrary).

Oh, and saying any of this to his face will make him turn purple and scream and cry like a little girl (can't find the video offhand, but nobody like him in his home town and there is a video of him getting reamed by an older gentleman for being a little prick to everyone around him in some town hall meeting, and the twat just starts crying. It's painful to watch, really) - or, instead of crying, depending on which side of the manic/depressive bed he woke up on, he may just ignore the objector and insult them on multi-page rants about how the little people should stop talking so the betters can speak...something along those lines, I know I've seen "betters" bandied around a lot in places he tries to insert himself into, although I've seen very little of him recently since he's slipped down far enough into obscurity because the relevant people have learned to ignore him like the funny cousin nobody wants to invite to the family reunion. (And not funny "ha-ha", funny as in "hide the alcohol, he might have snorted his meds again, and someone predial the police, this may get ugly".) Sycophants hope he just pisses himself enough to want to pay even more for buying his "friends", in addition to the hookers he regularly trots out.

Re:That guy looks and sounds like a pompous ass

[Infiniti2000]

Yeah, so the guy talks like an arrogant twat, is he wrong?

Yes, goddamn it, he's wrong to talk like an arrogant twat. Is his proposal or desire wrong? I don't think enough of us give a shit enough to listen to his arrogant twatness to find out. The analogy to big, fat, ugly is not a good one.

Re:That guy looks and sounds like a pompous ass

parent here - I forgot to mention, the "anonymous" submitter is no doubt himself. He's just that vain, and nobody else would bother trying to promote his site. He must be starting to get really lonely by now.

Re:That guy looks and sounds like a pompous ass

[Archangel+Michael]

Really? Every single person makes judgements by personality traits alone (or at least primarily?)

I certainly don't. Such considerations aren't just pointless, they are wrong. Considering how politics is going, you can see the skillful liar and charmer scamming millions of people because he had a "better personality" than a better man, who wasn't quite as charming. So we miss out on someone who might be a good person in favor of a charming sociopath. All because of "personality".

How is that working out?

Re:That guy looks and sounds like a pompous ass

[Archangel+Michael]

Talking like an "arrogant twat" is subjective criticism. As such has no merits on anything useful. To me, you talk like a "arrogant twat", which makes you wrong. See how easy that was to dismiss you?

Re:That guy looks and sounds like a pompous ass

[Infiniti2000]

This isn't about right or wrong. There's no logical fallacy here. This is simply about whether or not we even want to hear what he has to say, based on how he's saying it. You can choose on your own.

Re:That guy looks and sounds like a pompous ass

[oldmac31310]

Politics going...? Sorry, but it is long gone. Personal integrity in politics is the exception, not the rule. But you know that.

Re:That guy looks and sounds like a pompous ass

[amorsen]

Also, he awards bonus points for proofs of hardness. No one has managed to prove hardness for any existing block cipher. Block ciphers are simply ways to jumble the plaintext up in a reversible fashion. They are not based on difficult mathematical problems.

Proving hardness is something you do for asymmetrical ciphers, but asymmetrical ciphers are way too slow to be useful for actual messages.

Re:That guy looks and sounds like a pompous ass

Probably why it gets bonus points. Proving hardness would be a first and a substantial plus.

Re:That guy looks and sounds like a pompous ass

[JoeMerchant]

And, in my opinion, worthy of a 4000 BTC prize, not 4000 USD.

Re:That guy looks and sounds like a pompous ass

The difference between your opinion an his opinion being that his opinion is worth money.

Re:That guy looks and sounds like a pompous ass

[w9ofa]

Can you produce the link to said video? It would increase your credibility here.

Re:That guy looks and sounds like a pompous ass

You reek of envy. Because you lack the knowledge and intelligence to address what his proposal, you instead proceed to insult his persona. Smart.

Re:That guy looks and sounds like a pompous ass

I've never been paid for someone else's opinion before, that must be a neat trick.

I have been paid for my own work, though. Not the same thing.

Re:That guy looks and sounds like a pompous ass

I think I know what (s)he is talking about - it's similar to this one https://vimeo.com/7125141 , and involves MP breaking down in the face of confrontation. Not necessarily crying per se, but he acts like a kid who has been told he can't go out and play until he eats his broccoli. Might even be the same event, but this video was put out by MP and is edited to make MP look good, at least in his own eyes.

Re:That guy looks and sounds like a pompous ass

[Archangel+Michael]

You can listen to sweet lies, or you can listen to cold hard truth. I know people would rather listen to lies told sweetly than someone speaking truth.

I've started saying "Am I wrong" when people dismiss what I say, because of how I say it, not because of the content of my message. "You're mean" "Am I wrong?" "well no ... but .... "

Done.

"Mircea"

He sounds Romainian.

Re:"Mircea"

[PopeRatzo]

He sounds Romainian.

Or Icebergian.

Re:"Mircea"

Apparently he's a Romanian who self exiled to Argentina for the purposes of his Bitcoin ventures.

alt-coins

[avandesande]

Aren't there tens or hundreds of alt coins that have been doing exactly this?

Re:alt-coins

[JcMorin]

Most of them use the same cypher with a few change. You can fork Bitcoin or Litecoin, change a single number such as the time between each block or block reward and you just created your own alt-coin. But very few on few really worked on something different.

Re:alt-coins

there's proof of stake, proof of work, and a combination;
there's work that requires extensive RAM and/or asic-difficult problems (memorycoin, cpucoin, protoshares, etc.)
so the concept of trying different methods to prevent consolidation by asic manufacturers has been around for a while now; but the early bird gets the worm, so they say.

Strange set of requirements

I don't really see why a 64 kB key is a useful feature for a block cipher. 256 bits has sufficient entropy to render any brute force attack, and even severe weakening (e.g. sq root effort attacks) utterly infeasible.

Are large block sizes really that necessary? I can see why a 4 kB block size might be useful for block storage, but there are method of chaining smaller block ciphers so as to effect a larger block size. So why would a native 64 kB block size be desirable? Use of chaining or counter techniques should prevent details of large scale structures from bleeding into the ciphertext.

Re:Strange set of requirements

[slew]

I don't really see why a 64 kB key is a useful feature for a block cipher. 256 bits has sufficient entropy to render any brute force attack, and even severe weakening (e.g. sq root effort attacks) utterly infeasible.
Are large block sizes really that necessary? I can see why a 4 kB block size might be useful for block storage, but there are method of chaining smaller block ciphers so as to effect a larger block size. So why would a native 64 kB block size be desirable? Use of chaining or counter techniques should prevent details of large scale structures from bleeding into the ciphertext.

This is likely not for *encryption*.

First, you need to understand how proof of work functions are currently constructed. The most popular ones today are based off of HashCash in that they use hashes because block ciphers aren't really big enough to create usable hard functions and scalable work functions, (e.g., AES is only 128-bit).

IF (big-IF), there were a secure large block cipher, you could use a different construction for proof of work. For example, you could put the block data you want to protect as the key and attempt find some input data that created your reward address + some variable amount of random crap to scale the work function. Of course, that's probably not very secure as you might want some additional precomputation protection similar to how message authentication codes are made out of block ciphers (CMAC), but hopefully this simple example illustrates the point.

Typical design mechanisms used to make block ciphers wider will necessarily make them deeper (e.g., to get good bit diffusion, you need to have lots of rounds of a typical cipher construction) and thus not very practical for actual encryption. Simple mechanism to encrypt larger blocks (like CBC or counter-mode), offer some amount of diffusion, but in such a structured way which has certain vulnerabilities and even their security often require nonces (which don't work well in a proof of work application).

Anyhow, it would be a bunch of work for 10 BTC. Hardly worth anyone's time, given this bozo is gonna take all the credit, you probably don't even get fame nor fortune...

Re:Strange set of requirements

How do you know how much entropy is in the 256 bits?

Re: Strange set of requirements

There are 256 bits of entropy in a 256 bit key. If you think yours has less, take the output of a hardware random number generator, xor it with 256 bits determined by rolling dice, and use that as your key.

That's a reward?

[U2xhc2hkb3QgU3Vja3M]

Bitcoin capitalist Mircea Popescu has opened a contest to find a new block cipher and is offering a 10 Bitcoin reward for a winning submission.

Wow, TEN whole Bitcoins for improving how it works? Why not offer 30 million Dogecoins, at least you wouldn't look so cheap.

Re:That's a reward?

That isn't a reward. Get paid for 3 days of work, but only if you are very lucky, else you get paid nothing.

Why do we need a new block cipher?

[jonwil]

What is wrong with existing block ciphers like AES?
AES has been in widespread use for over a decade and to the best of my knowledge, there is still no practical attack on it (unless someone has built a working quantum computer and not told anyone about it). Its totally free of patents and IP issues. Its been implemented in a huge variety of hardware and software (including the Intel CPU that I am using to make this posting).

Even the NSA trusts AES enough to certify it for use protecting top secret information.

Re:Why do we need a new block cipher?

Nothing. The guy is just a fool who believes that bigger block size is better.

He's a very obvious sufferer of the Dunning Kruger effect

IAD recommend not using P-256, SHA-256 and others

[MegOnWheels]

This might be worth a read before selecting transformations. CNSA-Suite-and-Quantum-Computing-FAQ.pdf

Grammar

'Electricity bill', not 'electric bill', unless we're talking about a toucan with some sort of powered prosthesis.