Why auditing a cryptography system is particularly hard

Disclaimer: this is a blog, what is written here is only my opinion. And I do not have to only talk about Monero. Still, the post below is interesting not that much for Darkcoin, but for the state of crypto (whether it means cryptology or cryptocurrency)

What the very respected Andrew Poelstra, a.k.a. andytoshi, replied to a request from some Darkcoin holders to prove his claim that Darkcoin is broken.

While this would be the case in an academic setting, or even a non-adversarial one, it's definitely not the case for amateur cryptography.
The reasons haven't changed much from those written in the Cyphernomicon (2.4.19) over 20 years ago:

  • there is a massive amount of amateur crypto out there;
  • it is extremely hard to analyze in general;
  • few people are qualified to do so and their time is extremely limited.

Cryptography is assumed broken until shown to be secure. Never the other way around. This means formal proof, years of cryptanalysis by many experts, and years of field-testing.

Bitcoin adds a new twist to this: there is way more amateur crypto in the Bitcoin space than there ever was in the cypherpunk/sci.crypt/whatever communities. The result is a massive asymmetry: people promoting broken systems

  • are often paid to do so;
  • only have their own system to focus on;
  • aren't burdened by truth or honesty;
  • they don't have reputations that could be damaged by interacting with shifty projects (which often take criticism from experts as an invitation to put the experts' name on their website, sometimes even misinterpreting their words as promotion);
  • are able to change or obfuscate their project in subtle ways to evade specific criticism, rendering analysis moot without actually improving anything;
  • don't have massive demands on their time from legitimate projects.

There are very many people with all of these advantages. I have none. So I'm sorry that I'm not doing a detailed analysis of every iteration of Darkcoin for free. But this does not place any burden of proof on my shoulders.

Andrew Poelstra



Home Depot  www.mythdhr.com is the home improvement and building supply retailer that provides a number products and services to consumers.