Bitslog

In short, my name is Sergio Demian Lerner. I’m a Cryptofan, Independent Security Researcher, and Bitcoin specialist since 2011.

My Story

I bought a copy of Applied Cryptography in 1990 and by 1994 I was working on information security, doing intrusion detection, cryptanalysis (yes, really cool code-breaking stuff) and security hardening the Linux kernel, in order to protect the networks of a branch of Argentina’s government (*) . Afterward I worked as security consultant for Core Security (the company), designing and programming high-performance cryptographic servers. I later became entrepreneur and co-founded Pentatek/ATI-Medical, a high-tech neurological equipment manufacturer in Latam, employing about 15 people, during more than 10 years. By 2010 I was finishing my graduate thesis on peer-to-peer poker and researching and discussing anonymous payment systems in the cryptography mailing list, in order to combine a p2p currency with my p2p mental poker protocol. But even if I should have read Satoshi’s post back in 2009, I don’t remember having read about Bitcoin during 2010,  so I kept working on p2p poker, and I founded a short-lived company Certimix to try to monetize a cryptogtaphic library for privacy-preserving p2p cards games.

It was not until late 2011, when I first read the Bitcoin paper and I rushed to analyze the source code.  I got fascinated for its simplicity. But also I found many areas to look for improvements, both in the economic, cryptographic and protocol related areas. By the beginning of 2012  I was part of the Bitcoin community. With my cibersecurity background, I worked late hours triying to break the Bitcoin code, and by doing so strengthen the security of the Bitcoin Core implementation. I responsibly disclosed more than 8 vulnerabilities you should be happily never heard of, because they were fixed promptly. Still I did it for fun and passion, without any monetary reward.

But, no visionary I was: I had many doubts about the technology and I lost every chance I had to buy “cheap” Bitcoin in the early years. In my first conference talks about Bitcoin I was very skeptic, to say the least, as you can see in my 2012 talk about Bitcoin scaling (the morale of my talk: Bitcoin is not private and does not scale). Nevertheless, I started believing that Bitcoin, with minor upgrades, could become more private and scalable. Towards scaling Bitcoin, in 2012 I contributed by creating a new more scalable cryptocurrency system , MavePay, based on Guy Fawkes signatures (but out of ignorance I re-invented the signature system, only better) and many other minor improvements. However, by the end of 2013 I was already a Bitcoin monetary maximalist, so I never turned theoretical papers into actual lasting cryptocurrency projects, as alt-coins, pre-mines and pre-sales were bad words in the Bitcoin circles.

In 2013, I was tempted to buy BTC for the first time (but I didn’t). So I started analyzing the blockchain from a new perspective: not trying to break it, but trying to understand the market. I assumed that whoever created Bitcoin surely kept mining for at least one year, which led me to the simple (but at that time unproven) conclusion that Satoshi had mined about 1M coins. When I published my thoughts in one bitcointalk forums, people started yelling at me with anger:  on one side, for the part of the community that worshiped Satoshi, it was a heretic idea. It didn’t fit in the “disinterested genius” narrative (although,  further discoveries that Satoshi had not touched the fortune would make this meme even stronger). On the other side, cypherpunks thought my claims were heretic because I was revealing private information about Satoshi. The truth was that that I was provoked in the forums to find hard evidence of my lightly claims, so took the challenge and went to look for it. I had no intention to dig into any private matters and I used only public information. Well, it turned out the evidence was hiding at plain sight in the immutable blockchain. So sooner or later, if not me, other people would find the same pattern. That event radically changed my life. My blog, which at that time had no more than a few visits a day, collected 35K visits in the first week. I became “popular”, on that tiny Bitcoin community of the time. The news about Satoshi holdings spread fast, and Bitcoin price jumped 10% just after the article was published. I don’t know if the price surge was due to this new information coming to light, but I guess it was. A new meme was created: Satoshi trusted Bitcoin so much that he hadn’t spent almost nothing of his stash: 99.999% of Satoshi’s coins remain untouched. But behind all this noise and sudden fame, I was working on two cool projects: Appecoin and Quixcoin.

The Appecoin cryptocurrency (2012) was the first attempt to create an anonymous coin that was perfect binding, instead of perfect hiding. I spend several months working on this project, without finding good mathematical foundations. This was years before Monero was launched.

The QixCoin platform was the first Turing-complete cryptocurrency. It had smart-contracts as powerful as Ethereum, one year before Ethereum was conceived. I used Qixcoin to implement my p2p card gaming platform.

In 2013, Wences Casares, the founder of Xapo, visited Argentina. Because we shared a fascination with Bitcoin’s origin, he invited me to his offices in Buenos Aires, and after a really enthusiastic talk he convinced me to go to the 2013 Bitcoin conference, in San Jose. So I went, and my life changed, again. But not because I became wealthier (I still didn’t own a single sat), but because I was so happy to see the real faces of bitcoin core devs (not just code). I felt a sense of belonging to a community for the first time, the Bitcoin community.

During the San Jose conference I pitched Appecoin and my Turing-complete smart-contract platform as much as I could. But nobody was interested. Only Timo Hanke was. And the only guy who was interested in hearing about Appecoin seemed to be very shady to me. So both projects, even having working prototypes, were frozen in 2013.

In order to further develop my p2p poker project, I imagined and coded the first state channel system, where poker games could be played off-chain and on-chain programs were used only for arbitration. Because I was more an entrepreneur than a cypherpunk, I patented state channels in 2014 (“METHOD AND APPARATUS FOR EXECUTING A MULTI-PARTY PROTOCOL WITH TIME-OUTS”). It took me one year more to realize that the beauty of Bitcoin and decentralized technologies lies on their openness, so I dropped the patent.

Afterward I started auditing, and reporting vulnerabilities in many cryptocurrency projects. I just lost the count on how many, because I didn’t published or saved the reports, but only sent them to the develompement teams. But I remember auditing some of the first interesting projects in the ecosystem, such as CoPay, BitcoinJ, BitsOfProof (RIP the friendly Tamás Blummer), Bitshares, Counterparty, Lamassu, Ethereum and Monero. Because the auditing work kept increasing every month, I co-founded the company Coinspect with Juliano Rizzo (one of guys that found the CRIME TLS vulnerability and then some time ago he broke the Signal desktop client). Coinspect later was chosen by zCash to audit the initial codebase and its forks, and by Ledger, to audit their wallet firmwares. Cosinpect was also chosen by Grin to audit their cryptocurrency.

During those years I proposed more than 50 design improvements in the cryptocurrency field such as AppeCoin, MAVEPAY (a precursor of Joseph Bonneau’s  FawkesCoin), P2PTradeX (the precursor of Blockstream’s sidechains and the first validating bridge, also the second proposed atomic swap method), LIMIO, the Tick method (a precursor of Emin Gün Sirer’s Covenants), the OP_PUSHSIG opcode (a precursor of Segwit), PAMBA, MinCen, MemoHash (a precursor of Dan Boneh’s Ballon Hashing, and later used as a component of Ethereum’s Ethash mining function), The Collision POW (a precursor of zCash EquiHash), the “ECDSA” attack ( a precursor Patrick McCorry’s of “Smart Contract Bribing Miner” attacks, and mentioned in Judmaye‘s SoK paper as one of the first bribing attacks documented) and BlockPad. I also proposed the first proof system for public file replication, and later applied it in a smart-contract platform to reward full nodes having a copy of the blockchain without TTP (cited by Cecchetti, Fisch & Miers). Also I found the O(N^2) hashing vulnerability on Bitcoin, and later the OP_IF and Rock-and-ROLL efficiency problems, and the first signature malleability attack. These discovery of these vulnerabilities were huge drivers to the segwit soft-fork, which attempted to solve them. I also designed the CoVar scheme for improve the fee market (a precursor of Basu, Easley, O’Hara, and Gun Sirer fee market scheme)

In mid 2013 I designed and prototyped the Firmcoin, an Bitcoin micro-controlled banknote for off-line payments (a precursor of the OpenDime). To prevent rogue hardware attacks I created the first anti-covert channel ECDSA signature scheme, which was later analyzed and found secure by Pieter Wuille (nowadays a similar technique is used by the Jade hardware wallet), Also I wrote a whitepaper about the DagCoin cryptocurrency (cited here), DagCoin was the precursor of Byteball and IOTA coins, and I hope it also inspired Avalanche consensus. Later I designed the DECOR+ protocol as a proposal to scale Bitcoin to a 5-second block interval. The protocol was later applied to NimbleCoin, a new innovative cryptocurrency that I designed, and that was coded by Oscar Guindzberg. But due to my still persistent Bitcoin maximalism, was never launched.

In 2014 I was hired by the Bitcoin Foundation to perform regular security audits on Bitcoin Core code. I also co-founded IdentivaSecurity, the company behind the PassKey, a new authentication token for secure signing into websites. The device failed to gain any market traction, but was an interesting experience anyway (it’s funny that Google uses that same name for their new authentication method). Out of the necessity to satisfy the demand of cryptocurrency software development I co-founded Coinfabrik with Pablo Yabo and Sebastian Wain. Coinfabrik used to employ more than 40 engineers and has became a leading cryptocurrency software factory. The company is still very active but I have no relation with them nowadays.

During 2014 I collaborated with Timo Hanke in creating ASICBoost, a technology for building more efficient mining ASICs, which became a novelistic story that had a happy end. Apart from that, I discover the second still most promising Bitcoin ASIC optimization technique: using approximate adders. This technique was later rediscovered and published by scientist from the University of Illinois. Also I helped with the foundation of WayniLoans, a Latam-focused peer-to-peer lending platform at that time.

In 2015 I co-founded RSK Labs and we raised money to develop the first Bitcoin sidechain. It was was originally called Rootstoc, later renamed RSK and then back to Rootstock as people kept using the original name. I designed Rootstock, including its merge-mining subsystem and its bridge with Bitcoin, and I wrote its whitepaper. Rootstock implemented the first cross-chain communication system based on cross-chain SPV-proofs (see Zamyatin et al.). After a year in testnet, Rootstock was finally launched in 2017.  This is really the most ambitious project that I have taken part. It has the vision to turn financial inclusion into reality, to improve the quality of life of so many people excluded from the society, by means of decentralized technologies, and basing its settlement layer in the Bitcoin network.

For Rootstock, I created more than 60 RSKIPs (Rootstock Improvement Proposals), some were good ideas, but not all. Some were accepted by the Rootstock community but most were rejected. One of the most extensive work I did since 2016 is about Contract Storage Rent (RSKIP7, RSKIP17, RSKIP21, RSKIP27, RSKIP52, and finally RSKIP61). I took me 6 proposals to get one right. Also I researched on parallel transaction execution with RSKIP03, RSKIP04 and finally RSKIP144.

During 2016-2017 I researched into new blockchain scaling solutions, from a different unchartered perspective, producing innovations such as Ephemeral Data, default data, and signature chaining with the LTCP protocol (now RSKIP53). Ephemeral data was a method to guarantee data availability at low cost, similar to Ethereum Blobs, but introduced many years before Ethereum Rollups ever existed. I presented these protocols in the Off the Chain workshop, under the new name of Shrinking-Chain Scaling, along with a paper written with some co-researchers from Rootstock Labs. The Default data technique was later re-invented by John Adler as the Postdata field to support higher scalability of Optimistic Roll-ups.

Also I created the first Bitcoin drivechain BIP in order to increase the capabilities of Bitcoin (the currency) using sidechains without increasing Bitcoin block size. I presented a new improved proposal at Building on Bitcoin 2018 conference.

At the beginning of 2017, together with Diego Gutierrez Zaldivar, we attempted to unite the Bitcoin community with the Segwit2Mb hard-fork BIP, before Bitcoin broke apart by the block-size wars. The proposal was dismissed by Bitcoin developers. However, during Consensus 2017, the Segwit2x proposal was introduced. This was different proposal that only took some ideas from ours, but because it had a similar name, and equal scaling properties, it has been wrongly attributedto to us. Segwit2x had a different, much more aggressive deployment schedule. Segwit2x didn’t end well, and Bitcoin Cash was created by Segwit2x suppoerters.

During 2017 and 2018 I also presented for the first time the (strange) idea of double-signing a transaction. Two years later the same bold idea was used by MIT team to create zk-SHARKS.

In 2019 I created the site satoshiblocks.info to graphically show the dataset used for researching the mining of early Bitcoin blocks.

One of my latest design improvements for Rootstock was the Unitrie, an optimized Authenticated Randomized Patricia Trie suited for blockchain state storage, which was successfully merged into Rootstock on a programmed network upgrade in 2019. The Unitrie has been ported to RIF Consensus Node and Hyper-ledger BESU and it compares favorably against the standard Ethereum trie, reaching much higher scalability.

In 2020..

• I created Syncchains, a new type of sidechain that is protected by design to double-spends attacks to its two-way-peg, and also performs peg-ins and peg-outs in a few confirmation blocks.
• I designed the Flyover system, a trustless fast bridge system that will actívate in RSK in the Iris network upgrade.
• I created a new consensus system that could be soft-forked into Bitcoin called Nakamore that enables much greater network decentralization. Nakamore is the first consensus system that can be soft-forked in Bitcoin to enable interplanetary mining.
• I co-designed the Powpeg two-way-peg bridge, that the RSK sidechain implemented in December, 2020.
• I designed the minpeg security layer for the BTC-RSK bridge. This layers extends the current two-way-peg to allow miners to dynamically participate in the security of the peg, where each miner’s participation weight depends on its hashrate.
• I designed an extension to merge-mining called Inclusive Fork-aware Merge-mining (IFMM) to enable sidechains to capture 100% of Bitcoin hashrate security. This is the key RSKIP.

If you want to hear more from me, I periodically tweet at @SDLerner and blog at bitslog.com.

When I speak in public, I try to give a different talk each time I have the opportunity, in order to force me research more and more. A talk I really liked is the one about Proof of Unique Blockchain Storage in Devcon3 (video here).

I’m always open to collaboration to push projects forward, so if you want help me in any of these endeavors, please write to me!

Other talks I gave (the newer the better)

• Satoshi Nakamoto (in Spanish), 2013, EkoParty Conference.
• RSK initial presentation (in Spanish). 2015, laBitConf Mexico.
• RSK Sidechain, 2016, at MIT Bitcoin Expo.
• RSK, 2016, for Epicenter .
• RSK, 2016, Liberty Entrepreneurs Podcast.
• RSK, 2016, Marketing video :).
• LTCP, 2017, at MIT Bitcoin Expo.
• RSK, 2017, for DCG.
• Proof of Unique Blockchain Storage, 2017, Devcon3.
• RSK Security & Usability Improvements, for Zeppelin.
• RSK, Filmed Radio program, 2017, NoSoySatoshi
• Shrinking-Chain Scaling, Master Workshop: off the chain, Berlin, 2018
• Drivechains, at Building on Bitcoin 2018, Lisbon.
• Scaling Bitcoin to a Billion users, Consensus 2019, NY.

I discovered and responsible reported these Bitcoin-Related vulnerabilities:

• Lack of orphan tx limit prior v0.5.3
• CVE-2012-3789: Multiple DoS Vulnerabilties in Satoshi client
• CVE-2012-4683: Targeted DoS by CPU exhaustion using alerts
• CVE-2012-4684: Network-wide DoS using malleable signatures in alerts
• CVE-2013-2272: Remote discovery of node’s wallet addresses
• CVE-2013-2292: A transaction that takes at least 3 minutes to verify
• CVE-2013-2293: Continuous hard disk seek
• CVE-2013-4627 security holes.
• security vulnerability in BouncyCastle ECDSA (BJB-22)
• Brumley/Tuveri attack to SatoshiDice
• BitsOfProof client vulnerabilities
• Bitmessage v1.0: completely broken crypto