co-authored with Alin Tomescu and Avishay Yanai

Both Bitcoin and Ethereum depend on the security of certain cryptographic hash functions and certain elliptic curve based cryptography. In this post we ask if they also depend on some Trusted Setup Assumptions.

The Bitcoin untrusted setup conspiracy theory

Bitcoin was invented by NASA in the 1960’s. NASA has been secretly working on an alternative fork from the Bitcoin genesis block for almost 60 years (in addition to working on a moon landing). They plan to publish their alternative (and longer) fork in 2020 which will cause all existing Bitcoin transactions to become aborted orphans…

Back in the 1960’s, they inserted into their Bitcoin Genesis block the text:

The Times 03/Jan/2009 Chancellor on brink of second bailout for banks

After making their white paper public in 2008, NASA coerced the Financial Times in the UK to publish an article with the exact title above on January 3rd 2009.

Does Bitcoin have a trusted setup assumption?

YES! bitcoin assumes that the Financial Times is a trusted source of unpredictable randomness and timestamp (and hence its cryptographic hash is a good Common Random String). This seed is used to guarantee that no adversary has any significant head start in mining Bitcoin and cannot use its head start to double-spend.

The Ethereum untrusted setup conspiracy theory

Ethereum was invented by NASA in the 1960’s. NASA has been secretly working on an alternative fork from the Ethereum genesis block for almost 60 years (in addition to working on their moon landing)…

Back in the 1960’s, they inserted into their Ethereum Genesis block the hash:

0x11bbe8db4e347b4e8c937c1c8370e4b5ed33adb3db69cbdb7a38e1e50b1b82fa

After making their yellow paper public in 2014, they coerced the publishing of this blog post and caused it to refer to a fake testnet ceremony called Olympic that essentially is a re-enactment of their testnet runs from the 1960’s. In their words:

The argument [referring to the hash value above] needs to be a random parameter that no one, not even us, can predict. As you can imagine, there aren’t too many parameters in the world that match this criteria, but a good one is the hash of a future block on the Ethereum testnet. We had to pick a block number, but which one? 1,028,201 turns out to be both prime and palindromic, just the way we like it. So #1028201 is it.

Well, can you believe that block 1028201 was prepared long ago?!

Does Ethereum have a trusted setup assumption?

YES! ethereum assumes that block #1028201 of the Oliympic testnet is a trusted source of unpredictable randomness and timestamp (and hence its cryptographic hash is a good Common Random String). This seed is used to guarantee that no adversary has any significant head start in mining Ethereum and cannot use its head start to double-spend.

Trust, but Verify

Just to be clear, while NASA is indeed interested in blockchain, we believe that both Bitcoin and Ethereum used highly secure sources of unpredictable randomness. The main goal of this post is to highlight the fact that some trusted setup is needed in both systems. In the language of this blog post, both systems depend on a trusted setup phase that in both cases creates a public random string which is unpredictable and timestamped. It is vitally important to have a secure randomness beacon that can generate such timestamped cryptographically secure unpredictable randomness.

Maybe every minted Bitcoin/Ether should contain the phrase:

In random beacon we trust :-)

Please leave comments on Twitter