Re: [CFRG] Bitcoin delenda est. Was: Escalation: time commitment to fix *production* security bugs for BLS RFC v4?

Daniel Franke <> Mon, 26 April 2021 17:54 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 574193A2AC8 for <>; Mon, 26 Apr 2021 10:54:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id ry-EvTEbclao for <>; Mon, 26 Apr 2021 10:54:25 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:4864:20::62a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id A926A3A2AC9 for <>; Mon, 26 Apr 2021 10:54:25 -0700 (PDT)
Received: by with SMTP id h20so29358779plr.4 for <>; Mon, 26 Apr 2021 10:54:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Sved1EC+sHI7uVG57vTyfrllp412Hc4S70ub0AuTI+0=; b=Rw+s0i75mYh7duiKS+qIRFgsBakXcIW6r/ZG0ZZQmZCXxWbl0ZkWwpLIJW3PWvk0O8 CdqWsJjxpmSRpQjW2b28AFG6OMbY7qdyqS2a8UqNaTJ2JtQ2VfPheH3dT2tVpsHPy86G 5f/Dy4MLH6PyXdsP7CUsaXb9JJyIUXbBuSVhvw4fg5j+XyFQ9OTUnZ/tpnxYNPsRhBCL IoWlB5AROud/qPgbWuoJKTt2y1UWq9/E1PpSrr2aWrVyUDno7e8m3mao7BZgbGJaq3oh cdSTpRtoQF794w+8MYL5Za0BXWgrcPTXKxXAoSrbu3MlwqTDnIzDohNcwVpWbrih1nxj +FyA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Sved1EC+sHI7uVG57vTyfrllp412Hc4S70ub0AuTI+0=; b=HVynsrTrhvE5hmTDVa/Sf/rLlZEk0kwhX3eKPYk1WnzA7rvwIfHH1kMRqEqKE8u5ku WBDfiE2nldIGevIREzUt+3A9TFanEs8fcoCwEy2CcASuABHrY6WekcIx01vgMn9y3MdC dR7pTVk8aS3TQ6JPoM+YUcfyi2jAEYeFw7dgqS12iXUAINVamElepoR9p8ZHUIbC8Kzf 45DNUbFlTPhhUmUoqham43yWJSbn/lmRwMpeiCOiKzw4oHyPd3C26VU0wqNOBC/uAkP0 pe3500qXHZ64EReQOFkwEbnZowWVfj/7nBK/qXaVGZ99k7syjeFm11bJQSyDRMtbYws2 LFog==
X-Gm-Message-State: AOAM530Jc+Vkvgc/zmQ2bTIdoJfMU9KSRe+Pe2eaRF5+XnUGNYgqfoYC 23yOXrnIamcdNWNm2vmr2+pMScBDv1QFdRjdWxXgpE9BQzA=
X-Google-Smtp-Source: ABdhPJyz6PuoVlfbWp3zFSWHUDjpFoxLG0bBb0awvyHhbaX6ggQPXd9aTTS57bVHULPrALp05J8sVCt0LY9mxid8jVo=
X-Received: by 2002:a17:90a:150e:: with SMTP id l14mr285699pja.208.1619459664210; Mon, 26 Apr 2021 10:54:24 -0700 (PDT)
MIME-Version: 1.0
References: <> <20210423195504.d6f74x4jsdrzagcc@muon> <> <> <> <>
In-Reply-To: <>
From: Daniel Franke <>
Date: Mon, 26 Apr 2021 13:54:12 -0400
Message-ID: <>
To: Phillip Hallam-Baker <>
Cc: "Salz, Rich" <>, "" <>
Content-Type: multipart/alternative; boundary="000000000000036c9705c0e3d6ae"
Archived-At: <>
Subject: Re: [CFRG] Bitcoin delenda est. Was: Escalation: time commitment to fix *production* security bugs for BLS RFC v4?
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 26 Apr 2021 17:54:30 -0000

On Mon, Apr 26, 2021 at 1:29 PM Phillip Hallam-Baker <>

> As a human being living on a planet threatened by environmental damage
> from CO2 emissions, I am strongly opposed to any IETF work to support any
> form of purported 'cryptocurrency' that relies on any form of 'proof of
> work' or 'proof of waste'.
> The electricity requirements of cryptocurrencies have been larger than
> that of entire countries. This is an experiment that it is time to stop.
> I am entirely serious in this position.
> Besides the environmental issues, there is the fact that the
> crypto-currency community has consistently failed to establish any
> effective means of preventing the endemic frauds in their systems.
> Fraudulent exchanges regularly steal money from their customers.
> Applications developed by individuals with minimal expertise are used for
> transfers of vast quantities of fictional cash with no effective oversight
> and this results in further frauds.
> The cryptocurrency community has a long history of misrepresenting the
> engagement of parties with established reputations as endorsing their
> 'product'. And this presents real risk to the IETF when the least
> objectionable use of the product in question is to evade currency controls.
> Cryptocurrency became popular as a means of paying for illegal drugs and
> has since become the enabler for ransomware.
> The cryptocurrency world has no shortage of people who will trash anyone
> criticizing their activities as 'stupid', 'uninformed', 'need to do some
> research'. Fine, let them sort their own messes out.
> IETF should take no action that risks a headline 'IETF endorses
> cryptocurrency'. If the ransomware, child abuse and Ponzi scheme industries
> have a problem as a result of a bad technology decision, we should not lift
> a finger to save them.
> The only conversations I want to have on cryptocurrencies is with
> government regulators looking for ways to regulate these criminal
> facilitation enterprises out of existence as they previously did with
> eGold, Gold Age and BTC's very long line of predecessors which like BTC
> were entirely different but completely the same.

 I share your alarm at the economic waste and environmental harm inherent
in proof-of-work-based cryptocurrency. (I do not share your other
objections, and see great promise in permissioned and proof-of-stake-based
blockchains). But what does this have to do with the instant draft? We're
not specifying a proof-of-work function. We're specifying a pairing-based
signature scheme — something with myriad applications beyond
cryptocurrency. Your argument reminds me of demands that we compromise, or
not build, end-to-end encryption schemes because they will be useful to
terrorists. The IETF has categorically rejected those arguments. Why should
we accept yours?