Sending Messages to the Future: Timechain Cryptocurrency Security
Elías Snær Einarsson and Matthew Roberts , two coders who presently focus largely on cryptocurrency, have entered the security business with a splash, presenting a system called Timechain which aims to eliminate one of the biggest problems for exchanges: private keys having to exist in the same place as the funds being exchanged.
Disclosure: the author is nothing of a cryptographer. Please make any corrections in the comments.
Roberts is the inventor of Uptrenda , a “significantly more practical and secure” altcoin exchange system. Einarsson is the developer of RedArc , a Reddit archiving system written in Javascript. Before anything else, it should be noted that these two take a considerably relaxed approach for programmers focusing on security. This is refreshing, as many would say that security should never be an off-putting subject. It should be an inviting one. In any case, in their new post outlining Timechain, the developers outline a few situations which are true-to-life and then proceed to illustrate how their solution will solve the problems mentioned. Here is an example:
But what about withdrawals? You need to be able to sign transactions to move coins from your service so you also have to keep a key around on your server. What happens to the key if the server gets hacked? You say you don’t store all your customer’s money in the “hot wallet” but I’m pretty sure people are still going to be pissed if only 10% of their money is lost.
How Timechain Works
In essence, Timechain “sends a message to the future.” It builds on an existing concept called “time-lock encryption ,” which essentially means continual hashing of an input until the designated time that the “time-lock” expires. This works in situations where you know how long something needs to be time-locked. However, in their paper, the duo ask:
What if you want to be able to provide a secure time-locking service to other people so they can encrypt sensitive information to be made available at a future date?
They then describe the method by which Timechain achieves this goal, of allowing the time-lock hashing to be used at a later date. Essentially, it breaks up the time period, of which they use a year as an arbitrary example, into X-minute blocks, where X is an arbitrary number. In their example, they say five. Thus, the time-lock can be broken down into hundreds, thousands, millions of pieces which are hashed separately, and can be accessed at later times, wherein public keys can be generated on the fly.
All of this could have been achieved in a pre-Bitcoin world, of course, but they underscore a specific reason this is all the more applicable now with the existence of cryptocurrencies: incentive to do all that hashing just mentioned. Now, a large organization might have the resources at its disposal to implement a solution like this without decentralizing it. It would be less beneficial in such a setting, as other solutions can be implemented for less effort when a lot of resources are concentrated into few hands. Whether they would be as effective is a matter of theoretical discussion at this point. What Timechain does is take a few old ideas an roll them into a modern use which integrates well with block chain technology.
The last part of their paper focuses on the core, envisioned usage of the Timechain: a decentralized autonomous corporation. CCN.com has written about DACs before, and you may remember an article about the Decentralized Anonymous State, which is essentially a new world in our hearts. The Timechain DAC is more concrete than that.
The timechain DAC adapts the basic idea behind the timechain but adds financial incentive so that participants not only want to decrypt the timechain but that doing so simultaneously forces individuals to release the RSA private key of the current link plus the IV to the next key.
The core goal is to create better security. Roberts and Einarsson believe that they can utilize time-lock encryption to much greater advantage than presently being done, though they do credit Peter Todd and Gwern Branwen with having done considerable work in this area already.
What do you think? Is this exciting and interesting and of the utmost importance, or are there other problems in cryptocurrency which need solving?
