Heart-not-so-bleed!

Executive overview

Cyphertite was not vulnerable to the Heartbleed attack.

Management overview

Disclaimer: These findings are true for the Cyphertite service ONLY. We are not making any statement about other people’s results and/or attack surface.

We did not receive an advance warning of the Heartbleed vulnerability. As soon as the news broke the Cyphertite team shut down all services and began investigating its exposure. We quickly established that the website was not at all vulnerable to Heartbleed (it uses OpenSSL 1.0.0f) but we used a vulnerable version of OpenSSL on the service itself (OpenSSL 1.0.1c). The service was patched and brought back online with 3 hours of the Heartbleed announcement, however, at that time, we did not know the extent of Cyphertite’s exposure.

Continue reading

2014 Summer Internships: hacking on Bitcoin with Go

We are pleased to announce our 2014 summer internship program at Conformal Systems. A short summary of the program is as follows:
hacking Bitcoin with Go

  • 2 full-time intern positions are available for the summer of 2014.
  • Interns will be expected to work on remote.
  • Interns can be from any country or timezone, but timezone may be a factor in intern selection due to synchronization issues.
  • Interns will be expected to speak and write in English at a conversant but not fluent level.
  • Interns will work on open source Bitcoin-related projects the entire summer.
  • Interns will be expected to develop exclusively in the Go programming language.
  • Interns are expected to have the “Minimum Recommended Skillset” from the code contribution guidelines for the btcd suite.
  • Interns can either (A) work on projects assigned by Conformal Systems staff or (B) “bring your own project” (BYOP) which we approve as part of the internship.
  • The internships are open to anyone currently attending undergraduate or graduate school, or anyone of similar age. Broadly speaking, we consider anyone age 15 and up to be eligible.
  • Pay will be roughly a “graduate student” level, approximately USD 2,000 (pre-tax) per month.

Continue reading

Transaction Malleability: No Shortcuts Allowed

The past couple days have been a roller coaster of events for the bitcoin world. First, MtGox suspended bitcoin withdrawals for a bitcoin “design issue that has been largely ignored”. Attackers took note of this and begin running malicious nodes to increase the frequency of the attack. To handle the network attacks, other big exchanges like Bitstamp temporarily suspended bitcoin withdrawals as well, while some businesses remain unaffected and continue operations as normal.

So, what have we learned?

Continue reading

Coinvoice begins processing payments from BTC to USD

Coinvoice has added the ability for merchants to have their customers pay in BTC and receive a USD payout, similar to other BTC payment processors.  This means that Coinvoice merchants can bill their customers in BTC and receive USD or bill in USD and receive BTC.  Our goal is to provide the most flexible set of payment options for merchants so they can focus on making sales rather than converting between BTC and USD.

Coinvoice BTC invoice step 1

Continue reading

Redecentralization: building a robust cryptocurrency developer network

As it was originally proposed by Satoshi Nakamoto, Bitcoin was conceived of as a peer-to-peer system that was fundamentally decentralized.  Many past and current discussions about the future of Bitcoin acknowledge that too much centralization is a threat to the Bitcoin network.  To some extent this process of avoiding centralization has been successful, but in several key areas it has not been very successful and it is in need of redecentralization.  The most pressing case for redecentralization in Bitcoin (and cryptocurrencies more generally) is the current development community:

  • the number of developers who have experience developing cryptocurrencies is very low, I would estimate there are less than 100 such developers
  • the majority of the developers are located in the US and other “Western” nations
  • the developer incentive structure with successful cryptocurrencies creates conflicts of interest

In what follows, I propose solutions to these issues cited above.  Since we develop our own full-node Bitcoin implementation, btcd, the criticism of the developer community status quo that follows applies not only to other developers, but also our developers who work on btcd.

Continue reading

Deslugging in Go with pprof: btcd

As btcd nears completion we decided to have at least one round of deslugging because we were much slower then bitcoind during chain download. Let me clarify that term for the ones that don’t know what that means. Deslugging is the art of measuring (or profiling) run times of individual functions, determining which ones are slugs and which ones could be optimized. Armed with that data one attacks said functions to see if there are some less then optimal algorithms. Surprisingly enough, this is often the case. An industry truism is “measuring is knowing” and attacking functions based on gut feeling often does not yield satisfying results. As always with these exercises, some things work and some don’t. Throughout this blog I’d like to walk our readers through some optimizations that succeeded, and one, objectively, failed attempt.

Continue reading

btcwallet and btcgui: Wallet handling for btcd

Today Conformal is announcing alpha releases of btcwallet and btcgui, the wallet components of btcd, written in Go. We announced in a recent blog post that btcd, our full node Bitcoin implementation, was ready for public testing. We also announced that wallet functionality was being implemented separately and would be coming in the near future. Although our wallet daemon and GUI interface are not yet ready for production use, we feel they have progressed to the point where early adopters can begin testing their functionality on the Bitcoin Testnet network.

Our btcd blog post briefly discussed why wallet functionality is not a part of btcd. It highlighted various reasons why we believe separating wallet handling from blockchain handling improves on the integrated wallet design used by bitcoind and bitcoin-qt. This post will continue on that topic, further exploring the details of why a multiprocess wallet design was chosen, how such a design is beneficial to the Bitcoin community as a whole, and the implementation details this design.
Continue reading

btcd: Not your mom’s Bitcoin daemon

We are pleased to announce that btcd, our full-node bitcoind alternative written in Go, is finally ready for public testing!

The installation instructions and source code can be found on github at:

https://github.com/conformal/btcd

A Brief History

Back in May, we first announced our plans to release btcd. A week later we released our first core package from btcd, btcwire, and announced our plans to continue releasing the component packages of btcd in a staggered fashion.

Over the next month, we released btcjson, btcdb, and btcscript. Then in mid-July we released btcchain at which time we announced btcd was next. At that point, btcd had most of the core bits and we figured we’d be releasing it within a few weeks. Well, as you have no doubt noticed, it is now 10 weeks later…
Continue reading

Coinvoice: Invoice in USD, receive BTC

Coinvoice logo

I am excited to announce Coinvoice, a new Bitcoin payment processing service that allows businesses to invoice for goods and services worldwide in U.S. Dollars (USD) and get paid in Bitcoins (BTC). Coinvoice makes it easy for any merchant to receive BTC without them or their customers having to worry about the infrastructure necessary to conduct and process these transactions. So long as the merchant’s customers can pay in USD via wire transfer, certified check or money order, Coinvoice will pay out to the merchant in BTC.

The idea for Coinvoice arose out of a handful of conversations I had regarding Bitcoins and receiving payment for invoices using cryptocurrencies more generally. I had remarked to one of my associates that “it would be great to take payment for invoices in BTC”, but I acknowledged that it was a serious pain point to dictate to all of your customers “now you need to go get BTC to pay me”. Then I went on to suggest I would be willing to give a discount on the invoice amount if they paid in BTC, and the seed for Coinvoice was sowed.

settle payments in BTC

settle payments in BTC

Beyond making a business out of the scenario I described above, Coinvoice is meant to fulfill a vital need in the Bitcoin economy: putting BTC in the hands of business owners with less friction. Enabling businesses to more easily access BTC is overall a positive thing for the Bitcoin economy, and it will have positive secondary effects, e.g. more customers for sites that accept direct BTC payments. More generically, Coinvoice is meant to enable payment settlement from USD to BTC, whereas most existing payment processing services are built to facilitate settlement from BTC to USD or solely in BTC.

Our target audience with Coinvoice is pretty much any business that wants to have customers pay in USD and ultimately receive BTC as payment for goods and services. A few examples of the kinds of businesses I’m talking about are:

  • IT contractor that invoices for their work at the end of each month
  • Chinese manufacturer that sells goods in the US
  • Vanuatu IBC that licenses intellectual property in the US

Coinvoice is meant to be used in a “traditional” business setting where invoices are issued and paid a number of days afterwards.

We are looking forward to enabling businesses to settle payments in BTC and helping grow the larger Bitcoin ecosystem. Coinvoice provides you with a safe, private, reliable and secure way for your business to receive BTC.

btcchain: The bitcoin chain package from btcd

As all of you following our blog are aware, we have previously released several bitcoin-related packages (btcwire, btcjson, btcutil, btcdb, btcec, and btcscript) on our way towards the full release of btcd.

We are happy to announce our next package from btcd. The package is named btcchain and it implements the bitcoin block handling and chain selection rules. The code can be reviewed on github here:

https://github.com/conformal/btcchain

Overall Package Design

The bitcoin block handling and chain selection rules are an integral, and quite likely the most important, part of bitcoin. Unfortunately, at the time of this writing, these rules are also largely undocumented and had to be ascertained from the bitcoind source code. At its core, bitcoin is a distributed consensus of which blocks are valid and which ones will comprise the main block chain (public ledger) that ultimately determines accepted transactions, so it is extremely important that fully validating nodes agree on all rules.
Continue reading