The Creator of Signal Has a Plan to Fix Cryptocurrency

In the early bitcoin years, proponents promised that you would soon be able to pay for anything and everything with cryptocurrency. Order pizza! Buy Etsy trinkets! Use a bitcoin ATM! While PayPal had existed for more than a decade, frictionless, social payment platforms like Venmo were just first taking off, and cryptocurrency seemed like a legitimate way for digital transactions to evolve.

It didn't happen. Cryptocurrency remains confusing and challenging for the average person to acquire and manage, much less sell. And the protocols that underlie bitcoin and other mainstream cryptocurrencies like ethereum suffer significant scalability and transaction bottleneck issues. Visa currently processes about 3,674 transactions per second; the best bitcoin network might be able to process seven per second.

But now the creator of the dead simple end-to-end encrypted messaging app Signal, Moxie Marlinspike, is on a mission to overcome those limitations, and to create a streamlined digital currency that's private, easy-to-use, and allows for quick transactions from any device. And while it may feel like the last thing the world needs is yet another cryptocurrency, Marlinspike's track record with Signal—and the organization behind it, Open Whisper Systems—makes this a project worth watching.

Coin Toss

The currency Marlinspike has been working on as technical advisor for the last four months, alongside technologist Joshua Goldbard, is MobileCoin. The two based it on the open-source Stellar Consensus Protocols platform, an alternative payment network that underlies systems like an inter-bank payment network run by IBM in the South Pacific, and the low-fee international money transfer service Tempo in Europe.

'Usability is the biggest challenge with cryptocurrency today.'

Signal Creator Moxie Marlinspike

The Stellar blockchain is also generally regarded as being faster and more efficient than its predecessors; On Wednesday, the mobile messaging service Kik announced that it will move its Kin cryptocurrency platform from Ethereum to Stellar. "We've been using Ethereum to date, and to be honest I call it the dial-up era of blockchain," CEO Ted Livingston said.

MobileCoin wants to leverage an extensive architecture to add simplicity to real privacy protections and resilience against attacks. The ultimate goal: To make MobileCoin as intuitive as any other payment system.

That vision mirrors the animating purpose of Signal, which was developed to make robust end-to-end encrypted communication as easy and straightforward as less secure options, a simple experience that belies the complex cryptographic communication protocols that enable it.

"I think usability is the biggest challenge with cryptocurrency today," says Marlinspike. "The innovations I want to see are ones that make cryptocurrency deployable in normal environments, without sacrificing the properties that distinguish cryptocurrency from existing payment mechanisms."

Usability efforts for older generation cryptocurrency protocols, like bitcoin, have largely been left to services like Coinbase, which centralize everything from currency exchange to your wallet, key management, and processing transactions. These platforms make actually using cryptocurrency more realistic for the average person, but they also consolidate mechanisms that are meant to be kept separate in the private and decentralized concept of cryptocurrency. They generally detail extensive privacy and security protections, but they do require users to trust both their intentions and implementation.

By contrast, the idea of MobileCoin is to build a system that hides everything from everyone, leaving fewer (or theoretically no) opportunities for abuse.

On the Node

Ideally, there would be a way to fix the structural problems of existing cryptocurrencies, rather than creating another new offering. But Marlinspike and Goldbard concluded that the only way to orient a cryptocurrency around user needs was to start from scratch, and architect everything with that "target user experience" in mind.

To that end, MobileCoin delegates all the complicated and processing-intensive work of participating in a blockchain ledger and validating transactions to nodes—servers with constant connectivity that store and work on a fully updated copy of a currency's blockchain. The nodes can then provide software services to users, like apps that seamlessly integrate easy and quick MobileCoin transactions. The nodes also handle key management for users, so the public—and particularly the private—numeric sequences that encrypt each person's transactions are stored and used by the node. But crucially MobileCoin is designed so the node operators can never directly access users' private keys.

'If you can't look at the ledger, how can you cheat it?'

Joshua Goldbard, MobileCoin

This is where the special features of MobileCoin come in. The currency is designed to utilize an Intel processor component known as Software Guard Extensions, or a "secure enclave." SGX is a sequestered portion of a processor that runs code like any other, but the software inside it can't be accessed or changed by a device's broader operating system. Computers can still check that an enclave is running the right software to validate it before connecting, but neither MobileCoin users nor node administrators can decrypt and view the enclave.

For MobileCoin, the enclaves in all of the nodes of the network hide the currency's indelible ledger from view. Users' private keys are stored and shielded in the enclave, too.

"If you put the cryptocurrency inside of the secure enclave, then people can run the nodes without seeing what's happening inside them," Goldbard says. "If you can't look at the ledger, how can you cheat it?"

Marlinspike first experimented with SGX for Signal as a workaround so users can find people they know on Signal through their address books without exposing all of that data.

Secure enclaves create some technical challenges, because they have limited processing capacity. But MobileCoin is designed with efficiency in mind. The system does as much data processing as possible outside the enclave, and only uses SGX for sensitive computing that needs to be shielded. And not needing to trust the nodes—because sensitive data isn't exposed on them—means that more can happen off of a user's device without sacrificing privacy, making transactions quick and easy on mobile devices.

"MobileCoin is designed to be deployable in normal resource-constrained environments like mobile devices, and to deliver a simple user experience along with privacy and security," Marlinspike says. "The design gives you the benefits of server assistance without the downsides of having to trust a server to act appropriately and not be hacked.

The platform has other protections layered with SGX as well. Even if someone compromised a MobileCoin enclave and could view the transaction ledger, one-time addresses and special one-time signatures for each transaction would still prevent an attacker from being able to trace and link events. And a privacy bonus of the Stellar Consensus Protocol is that the nodes don't need to store a full transaction history in the blockchain; they can discard most data after each payment is completed. These components make MobileCoin more resistant to surveillance, whether it's coming from a government or a criminal who wants to track and extort users.

Getting Practical

There are lots of potential applications for MobileCoin, but Goldbard and Marlinspike envision it first as an integration in chat apps like Signal or WhatsApp. Here's how it would work in practice: To start using MobileCoin, you would generate a public and private key, and a recovery PIN. Then you would set up your account with an app that incorporates MobileCoin. The app would validate the software running in its service's node, establish an encrypted communication channel to the enclave, and then send your keys and the short, easy-to-remember recovery PIN that you'll use to access your MobileCoin—like a smartphone lock passcode.

To send MobileCoin to your friend Brian within a service that both of you use, your app would look up his public key, generate a one-time key and signature to use for the transaction, and send the transaction to the app's MobileCoin node. The node would sync and validate the transaction, update the ledger, and check the one-time key and signature to prevent spoofed double-spending. At this point Brian's MobileCoin node would take over, receiving and validating the transaction and communicating with Brian's app to generate the one-time private key that will allow Brian to receive the payment. And then Brian gets a notification that you paid him. The messaging app (or whatever service you're both using) doubles as a wallet for each of you.

It's a complicated process to wade through. The point of MobileCoin, though, is that you and Brian don't have to worry about any of it. The complicated parts all take place in the background.

The MobileCoin site, where developers looking to adopt the cryptocurrency will ultimately be able to access the software development kit, currently houses a white paper describing how MobileCoin works in more detail. But Goldbard says that the currency is still six months to a year from release, while he and Marlinspike refine the platform to eliminate potential problems, like the possibility that secure enclaves can inadvertently leak data.

That means there are still plenty of questions to be answered, including one big one: whether MobileCoin will be able to cut through all the noise and hype of the cryptocurrency community to actually be adopted by mainstream apps that could put it in everyone's hands. Currencies, after all, need a critical mass of people to not just be able to use them, but to agree on their worth.

And though speculation has driven bitcoin to all-time-high valuations, most cryptocurrencies don't end up capturing much value, languishing instead in far-flung corners of the internet. Here again, though, MobileCoin's creators hope to emulate Signal. End-to-end encryption was once a fringe feature; then WhatsApp gave it to a billion people at once using the Signal Protocol.

"Nobody actually transacts in cryptocurrency," Goldbard says. "So making something that people can actually use is our first goal. And then we want to find additional ways that people can implement it over time. But initially all we want is to make it so people can actually complete transactions."

If it works, the project will give hope to people who once believed cryptocurrency could truly replace cash in modern society—even if you're only buying a pizza.

Previous Post
Next Post