To repeat an earlier comment, this scheme encourages a centralization of trust into a private key managed by processor manufacturers. You might say that by integrating SGX mechanisms into your security model, you create a set of 'feudal lords' [1] who can wield their power over you.<p>A manufacturer may 'legitimately' establish an enclave in your most trusted hardware which you may not audit or even measure. And if that security model becomes commonplace, for example when only allowing Widevine DRM inside SGX, you eventually cannot use your self-chosen hardware, but will have to pick a feudal lord from a limited set of 'ecosystem choices'.<p>[1] <a href="https://www.schneier.com/blog/archives/2013/06/more_on_feudal.html" rel="nofollow">https://www.schneier.com/blog/archives/2013/06/more_on_feuda...</a>
> "Nobody actually transacts in cryptocurrency," Goldbard says. "So making something that people can actually use is our first goal. And then we want to find additional ways that people can implement it over time. But initially all we want is to make it so people can actually complete transactions."<p>Amen. Too few projects have this focus.
Using Stellar’s Federated Byzantine Agreement as a basis for consensus is a solid foundation.<p>David Mazières’ paper[0] displays strong insights and proofs into the structure of byzantine systems with open membership.<p>[0]: <a href="https://www.stellar.org/papers/stellar-consensus-protocol.pdf" rel="nofollow">https://www.stellar.org/papers/stellar-consensus-protocol.pd...</a><p>I wonder where the code for MobileCoin is, or when it will get open-sourced.
All GitHub yields currently is this clearly non-affiliated project: <a href="https://github.com/mobilecoind/mobilecoin" rel="nofollow">https://github.com/mobilecoind/mobilecoin</a>.
This coin uses Stellar, which is not a decentralized consensus like Bitcoin, but rather federated. It's not really surprising that it has performance advantages.<p>Also not sure how I feel trusting the fate of a cryptocurrency to the strength of Intel's SGX.
> "9. Bob's MobileCoin node sends Bob's client a message, which can then calculate the private key that corresponds to the generated one-time public key."<p>>" 10. Bob has now successfully received a payment."<p>If I'm reading this correctly, Bob's client (e.g. mobile app) must be in contact with the node for his address to receive the payment. This is pretty different from what I think will be Mobilecoin's closest competitors (at least from a UX standpoint), Venmo, Google Wallet, etc.<p>DDOSing Bob's mobile device or otherwise preventing access to the node would, at least temporarily, prevent the transaction from going through. Are the funds in purgatory during that period? If that client never gets in contact with the node, does the transaction ever get reversed, allowing the sender to regain control of the funds?<p>There are probably a host of other repercussions I haven't thought through yet. The idea of a cryptocoin as easy to use as Venmo/Signal is definitely intriguing.
1) Both Kin and MobileCoin have moved to Stellar as their back end this week. I haven't paid Stellar much attention before. Anyone have any good links that explains Stellar and/or discusses the technical pros/cons? Trying to avoid any shill/pump or baseless FUD.<p>2) Am I correct that if any vulnerability were found in the SGX, an attacker would gain access to the encrypted private keys that are stored on a server node and would just need to brute force the PIN?
The title here says "A new Cryptocurrency from Moxie Marlinspike."<p>But the article describes his involvement as "Marlinspike has been working on as a technical advisor."<p>Those two descriptions sound different.
I think this is going in the right direction. You take a bunch of tamper-proof hardware devices from different manufacturers and then model attack costs to compromise them as part of a proof-of-stake scheme. Now you can build consensus algorithms on top of them that are highly secure and scalable compared to anything that exists today.<p>I'm not convinced that Stellar consensus here is the right algorithm for doing this, but I think SGX is promising technology that has been somewhat overlooked in the blockchain space (not by everyone.) SGX has a lot of potential. You can use SGX as a way to expand the consensus rules of any blockchain by using it as a blackbox obfuscation construct. Everything and more that Vitalik wrote in his article about Indistinguishability Obfuscation is possible with SGX today.<p>Want to create a specialized oracle that only signs certain transaction formats, even on untrusted hosts? Yep - use SGX. Now you can have agents that run in a cluster that will only move assets between blockchains based on a user's prior agreements, allowing for more complex cross-blockchain smart contracts to be written in high-level languages. What about having a nice way to do transaction commitments to scale any blockchain without having GB zero-knowledge proofs? SGX again. It could be used for privacy preserving protocols... It could be used for solving data availability problems in sharding / decentralized storage systems. The list goes on.<p>Some of the biggest trust problems are solvable with this technology - but like others have already said - you still have to trust the hardware manufacturer. In this case, my thoughts are that you already have to trust the hardware manufacturer anyway (nobody is going to inspect every chip with an electron microscope...) My bet is that a non-trivial portion of full nodes today are already running chips with backdoors like the Intel Management Engine anyway...<p>The point here is that you can't fully remove trust from any system without introducing vast inefficiencies, but you can at least formalize the risks in a system and design so that a compromise is too expensive to be worthwhile, and for me I think that's where the potential lies with this tech. Cryptoeconomic systems based on tamper-proof hardware where individually a component may be compromised, but where it is simply infeasible to compromise each and every device. You build a network out of these components and you have yourself the first on-chain scalable blockchain bound by physical hardware encumberments instead of computational difficulty.
Here is a year old paper from Imperial College and Cornell where they implemented trustless transactions using Intel SGX.<p><a href="https://www.cs.cornell.edu/people/egs/papers/teechan.pdf" rel="nofollow">https://www.cs.cornell.edu/people/egs/papers/teechan.pdf</a>
I feel like the real appeal of Bitcoin is the decentralized aspect. I am not totally intrigued at the idea of having a controlled system, even if it offers complete privacy and faster transaction speed.
Would someone close to this project be able to explain why the node operator wouldn't have direct access to user's keys in the event of an SGX exploit? The whitepaper only briefly delves into transaction privacy protections, but not key management.
Wow. MM is really going all-in on for Software Guard Extensions (secure enclave) on the server.<p>What does HN say? Do we trust Intel (motivation and implementation) that much?
I'm probably going to pay this a lot more attention now than I would have purely because I find Moxie really quite impressive all the way up to his patient, reasoned interactions with people around here.
MobileCoin is backed by XLM/Stellar, which is not decentralized, and so I feel I should note here that I signed up during Stripe's giveaway of Stellar Lumens years ago - and I did indeed get my wallet credited.<p><a href="https://stripe.com/blog/stellar" rel="nofollow">https://stripe.com/blog/stellar</a><p>I was given 6000 XLM and I left it in their official wallet for years. On May 12th, 2017 I wrote them an email asking why my wallet, now converted to some newer official wallet, was empty. I did not receive a reply for 2 months, at which point I followed up and received a reply within a day, which was:<p><i>"I have investigated your account and it looks like an account merge operation occurred some time ago merging your lumens with another account. If you did not commit this action, it could be possible that someone was able to obtain your account information.<p>You can see the merge operation here:
<a href="https://horizon.stellar.org/accounts/GD2CPSK2E3TUNC2N5NGGQJQYOHJNFW42YZ55MPQKPQ5BGI2ZPD72G3H3/operations" rel="nofollow">https://horizon.stellar.org/accounts/GD2CPSK2E3TUNC2N5NGGQJQ...</a><p>Unfortunately there is nothing we can do to retrieve your lumens at this point.<p>Apologies we cannot be of further help."</i><p>I have pretty damn good security of my various accounts using hardware 2FA and such, and I also transact in cryptocurrency and have wallets with far more fiat value in them than 6000 XLM had at the time ($120-150 USD if I recall), with absolutely no issue - and I hadn't even logged into their official wallet. The developers were 100% quick to blame this merge on me. I replied with a flat: "I highly doubt you are correct that it is my fault" email and it went back and forth with them asking the basic "well, did you get spearphished somehow" as if anyone even knew what XLM were or cared.<p>The process dragged on for a month while I bothered people in their Slack channel since email communication dropped out and they finally came back with:<p><i>"Our team has investigated and checked for multiple different types of issues and have not found anything on our end that shows any type of security compromise in our system.<p>Unfortunately this means at this moment I do not have a concrete answer to how your account was compromised. I’ll follow up again to check if there is anything on your end they would recommend you do."</i><p>I investigated on my own and found a number of accounts who were "hacked" and sent XLM coins to the wallet that I had merged with, all that just kind of sat there, indicating a software error on their end of a bunch of accounts that were randomly emptied. I provided all documentation to their team and spent a solid 15-20 hours doing so.<p>Their response to all of this bug bounty-type work?<p><i>"They have identified one potential issue in the past that affected only a small number of accounts, possibly yours. This bug was fixed once discovered back in 2014, but users who may have been vulnerable to the bug were still impacted during the upgrade process to the new network even after it was resolved.<p>Although we think this was the cause of what happened, we cannot be 100% sure if this was what impacted your account considering you had a strong password and none of your other accounts were compromised."</i><p>And:<p><i>"Although we cannot recover you original lumens from your account, we’d like to award you 3000 lumens as part of our Bug Bounty Program because you have helped us in identifying a possible issue that happened in the past."</i><p>So they basically gave me half the XLM back instead of the full amount despite it being entirely their fault and them having no idea how to investigate while I exposed a serious flaw in how XLM were assigned and paid to their wallets, all while blaming me the entire time and with atrociously slow customer response times.<p>Forgive me if I'm not the biggest XLM/Stellar Lumens fan; their team is both terrible at support and suggests that at least their frontline investigators are technically incompetent since they couldn't figure out the merge situation before I did with simple API poking around and enumerating.
Isn't SGX not so secure ? [1]<p>Specifically this claim<p>"In a semi-synchronous attack, we extract 96% of an RSA private key from a single trace. We extract the full RSA private key in an automated attack from 11 traces within 5 minutes."<p>[1] <a href="https://www.schneier.com/blog/archives/2017/03/using_intels_sg.html" rel="nofollow">https://www.schneier.com/blog/archives/2017/03/using_intels_...</a>
Stellar is run by a set of trusted third parties, which makes it permissioned. If it gains any sort of traction, it will undoubtedly come under the control of any number of governments, thus negating the "peer-to-peer" part of cryptocurrency, and making usage conditioned on approval from some set of intermediaries.
A bit ironic that MobileCoin is targeting x86_64 and SGX seeing that the vast majority of mobile devices run ARM. I wonder how easy this would be to port to the ARM trustzone?
> The currency is designed to utilize an Intel processor component known as Software Guard Extensions, or a "secure enclave."<p>Binding yourself to an implementation like this seems like mega big centralization. There's several decentralized coins that could solve some of these same problems.
Surely I'm reading this wrong. Does the whole thing depend on users trusting that the nodes run the correct software, which uses these "enclaves" to hide private data from itself?
Wow, what an impressive move.<p>I don't trust Moxie ever since he argued that Signal will not be a decentralized network due to the technological complexity (just BS as Matrix, XMPP and other have shown). While I suspected that he had other plans in mind, I didn't see that coming.<p>Using your wide spread chat app to deploy a global payment system. Just wow. If he will pull that off, Elon Musk gets competition for the title 'Innovator of the Century'.
Great to see more cryptocurrency adopting Stellar's Consensus Protocol. Decentralisation and scalability without the environmental impact of proof of work.
An no word about price volatility? Even if btc were scalable it is unusable for commerce. Pegging to fiat should be #1 goal of a new blockchain that wants to solve problem. All others arejust sophisticated gambling platforms.
The Request Network may beat them to it, in terms of making crypto accessible, since it aims to provide a paypal-like, currency agnostic portal for payments. But I still like the project, and will follow it closely.
While yet another cryptocurrency doesn't sound so good, I think Moxie has at least proven himself enough with Signal (in terms of being pragmatic about usability while trying to get the maximum amount of security and privacy for users) that this sounds promising.<p>I'm also happy to see a currency with Byzantine agreement without proof-of-work being explored. While this may not satisfy the extreme threat model of Bitcoin etc., I'm not really convinced that this is even needed at all. (Not to mention that Bitcoin has failed as a currency anyway.)
I have a few questions: (1) When can we start using this? (2) How will you acquire the currency?<p>I think #2 is the pain point, and I didn't see this addressed in the whitepaper. Most people talk about Bitcoin's transaction speeds, but Litecoin works incredibly well for doing transactions. The difficulty for a normal person is acquiring it. You need something like GDAX.
> Visa currently processes about 3,674 transactions per second<p>weird I assumed it was more. It's still 300M a day or 100bn/yr but still.
Stupidly bad design - storing other people's private keys in a protected memory region. This is as good as entrusting a safe with your money to a thief, thinking that the guy will be unable to open it.<p>Marlinspike, yet again, flops face down with his credibility as a crypto researcher.<p>Remember his his angry letter about silent key renegotiation hole in Facebook messenger
With Moxie, I have to wonder what the endgame is for this?<p>After reading this, currency doesn't seem to jive with his persona:<p><a href="https://moxie.org/stories/money-machine/" rel="nofollow">https://moxie.org/stories/money-machine/</a>
I'm not sure using Stellar is wise as the majority is owned by a small group of people, much smaller than Bitcoin, which creates conflict of interest and not future SEC proof.<p>on a side rant: So...many...coins...I too have something called BrowserCoin.com but still haven't figured out what problems to solve. Too many people just go implement a pseudo-academic blockchain tech with fancy dials without vetting the problem....<i>virtually zero adoption</i> other than from pumpers and owner...that is something I'd like to avoid altogether, for once some cryptocurrency based business that delivers and benefits people who don't need to expensive rigs to mine or jack resources (browser based blockchains etc).
<a href="https://us.teamblind.com/article/ama-round-2-i-manage-a-multi-million-crypto-portfolio-vQBqRpmR" rel="nofollow">https://us.teamblind.com/article/ama-round-2-i-manage-a-mult...</a>
I think this post about managing a multi-million crypto portfolio can really relate. I think it still is difficult for the average person to understand, but this is a really great discussion going on.
Anyone have any links to read more about SGX? What's stopping someone from intercepting everything going down their and just doing the operations on their own while watching?