Technology Security

To encrypt or not? Bitcoin Class with Satoshi looks at the whys and the hows

YouTube video

For cypherpunks, the default goal is to “encrypt everything”—but that’s not how we need to do it. In this latest episode of “Bitcoin Class with Satoshi,” Dr. Craig S. Wright and sCrypt’s Xiaohui Liu talk about the right ways to keep information secure and private, without creating a network where no one knows what’s going on.

Bitcoin has many capabilities most people haven’t even thought of yet, and nor do they understand it. Most of all, erroneous expressions like “cryptocurrency” and “secured by encryption” have skewed its direction, with many developers chasing goals that are either ineffective or potentially harmful.

Dr. Wright admits he’s “used these terms in a loose manner” in the past himself, since they’re so commonly accepted in the blockchain space. Although there are some shared methodologies and some of the terms are similar, he’s “shying away from that now” so as not to mislead anyone.

The big question is what information a network needs to encrypt, and what information it doesn’t — which is this episode’s main theme. Users need to keep some information they transmit confidential, but those running the network (in Bitcoin’s case, for example: admins and mining nodes) also need to know what’s going on.

“What’s going on” refers to basic network functionality. You need to know if there’s a threat to the network, say if someone’s attempting man-in-the-middle attacks or there’s some other malicious actor trying to sabotage it. Dr. Wright gives the example of “AH mode” on some VPNs, which send some traffic in plain sight so administrators can monitor it and maintain data integrity.

If you try to fully encrypt all traffic between nodes, as some in BTC and Ethereum are doing, you get a network where no one ever really knows what’s going on.

“How do you tell if someone’s doing an exfiltration of your company data, when everything’s encrypted?” he asks. You have big holes throughout your entire network; a system where you have no idea what you’re sending back and forwards.

The whole point of the blockchain is that it’s public, you can always monitor it, you can always seize and freeze it, he says. People may complain that the government can still monitor communications—but the real problem is thieves and malware writers; the government can subpoena your information anytime they need it anyway.

Even if you encrypt all traffic between nodes to avoid law enforcement, couldn’t law enforcement set up their own node if it’s an open, permissionless network anyway? The mission to hide traffic itself becomes pointless.

No, that doesn’t mean everyone has to see everything

This doesn’t mean absolutely all information that passes through the Bitcoin network is available for all to see. After all, corporate and even regular users need to keep some details confidential. This ties in with topics discussed over the preceding weeks: users can transmit information securely and privately, knowing it can only be shared between themselves. Network-essential information concerning the ledger itself (not to mention legal necessities) such as timestamps, transaction data, etc. are transmitted in plain text.

It’s impossible to perform a man-in-the-middle attack on networks when admins can see what’s going on. And as also discussed in previous episodes, there are many methodologies users can utilize to authenticate each other’s identities; generate keys using methodologies where parties can be offline or not even in direct communication with each other, while still guaranteeing everything is valid. An attacker can’t attack something if he doesn’t even know it’s there.

“We can build all this into clients and applications,” Dr. Wright says. He imagines a future where even basic wallets have real-world identity verification (also secured by extrinsic information like Web of Trust), collate information using external devices such as smart cards or Yubikeys to enhance security, and send the transaction securely—without encryption.

The old saying “just because you can, doesn’t mean you should” rings true here, and it often takes a deeper understanding of how Bitcoin works (and what it’s for) to be able to know what you should do. These video classes with Satoshi himself continue to be a valuable source of information for anyone who wants that deeper understanding.

To watch previous episodes of the Theory of Bitcoin and Bitcoin Class with Satoshi, check out the Theory of Bitcoin YouTube channel here and the Bitcoin Class with Satoshi YouTube channel here.

New to blockchain? Check out CoinGeek’s Blockchain for Beginners section, the ultimate resource guide to learn more about blockchain technology.