crypto

Technological failure of the silk road system

Silk Road servers stored all messages in the clear forever.

The government placed malware on Tor exit nodes, located the Silk Road servers, raided servers, game over.

Private messages should have been end to end encrypted, existing in the clear only on the computers of the sender and recipient, and should have been deniable, except for messages containing money, where the sender needed to be able to prove that the recipient account had received a message with a particular hash, and thus able to prove that the recipient account received a message with particular content including payment.

Silk road servers should have performed a zero knowledge password login with each account, and for each account authenticated but not signed transient public keys for signing and encryption. Private messages from account to account should have been encrypted with these transient keys. Shortly after each login, transient public keys from previous logins should have been erased, as should any private messages.

Though messages should be deniable, sender should be able to prove he sent money, with or without revealing the content of the message containing the money.

13 comments Technological failure of the silk road system

Mike in Boston says:

That the government placed malware on Tor exit nodes for the purposes of locating the Silk Road servers is certainly appealing as a parsimonious hypothesis. Do you have any other reason to assert it as fact?

Considering that SR was on the Tor network, why do exit nodes matter at all? You don’t need to exit.

[…] Jim on how the G-men hacked TOR. […]

zhai2nan2 says:

>Though messages should be deniable, sender should be able to prove he sent money, with or without revealing the content of the message containing the money.

That sounds like a difficult requirement. I am not immediately seeing how Bitcoin could do that.

Perhaps if you did human-to-human messages with OTR or something like it, you could have “deniability.”

But if the messages have “deniability,” and the Bitcoin wallets are anonymized, an unscrupulous vendor could receive Bitcoins for a month, then skedaddle.

The thing about Bitcoin is that the basic form is a ledger, but with enough layers of anonymity, it’s practically impossible to connect the ledger to a meatspace person.

If there are any cryptologists willing to explain why I am making a newbie mistake, I am all ears.

jim says:

Silk Road has massive phishing problem, so needed zero knowledge passphrase proof (ZKPP) to obtain passphrase authenticated key agreement with a server (for which the acronym is PAKE, not PAKA as one might expect)

To maintain an Ebay like reputation system, payments from account to account had to be visible to the server, so that feedback could come from people and only from people who made payments. It managed this by associating a bitcoin account with every silk road account.

Messages between accounts were in the clear – which was bad.

Only a message containing payment that has been revealed by the payer should be undeniable by the payee.

But if the messages have “deniability,” and the Bitcoin wallets are anonymized, an unscrupulous vendor could receive Bitcoins for a month, then skedaddle.

The feedback information associated with an account is his reputational capital, which he loses if he skedaddles. Maybe you should be cautious about buying from someone with only a month of reputational capital.

[…] Jim and NBS both have interesting things to say about technical aspects of these […]

Red says:

So that’s the end of Tor.

jim says:

Not necessarily. All technical problems that they report taking advantage of appear fixable, and, as Outside In reports, the project continues.

Oops, it seems the project does not continue.

anonymous says:

From the court documents, the whizz-bang technology stuff was not the weak point that brought down SR, it was careless, sloppy mistakes by the owner.

Red says:

The feds lie to the courts all the time to protect their sources and tech. You’re not getting the real story from the court docs.

nonce says:

I don’t want every site to provide me with their own rolled crypto, so until its on the browser and until browsers aren’t security nightmares, the only option is PGP encrypting in a separate window then pasting the contents in the site. Which is not feasible for the vast majority of users. Even power users overwhelmingly don’t even use PGP.

[…] Private messages should have been end to end encrypted, existing in the clear only on the computers … […]

[…] I said earlier, without providing evidence or explanation, the big flaw was that the server kept the messages in the clear.  A recent news report has […]

Leave a Reply

Your email address will not be published. Required fields are marked *