In short, my name is Sergio Demian Lerner. I’m a Cryptofan, Independent Security Researcher, and Bitcoin specialist since 2011.
I bought a copy of Applied Cryptography in 1990 and by 1994 I was working on information security, doing intrusion detection, cryptanalysis (yes, really cool code-breaking stuff) and security hardening the Linux kernel, in order to protect the networks of a branch of Argentina’s government (*) . Afterward I worked as security consultant for Core Security (the company), designing and programming high-performance cryptographic servers. I later became entrepreneur and co-founded Pentatek/ATI-Medical, a high-tech neurological equipment manufacturer in Latam, employing about 15 people, during more than 10 years. By 2010 I was finishing my graduate thesis on peer-to-peer poker and researching and discussing anonymous payment systems in the cryptography mailing list, in order to combine a p2p currency with my p2p mental poker protocol. But even if I should have read Satoshi’s post back in 2009, I don’t remember having read about Bitcoin during 2010, so I kept working on p2p poker, and I founded a short-lived company Certimix to try to monetize a p2p card game library.
It was not until late 2011, when I first read the Bitcoin paper and I rushed to analyze the source code. I got fascinated for its simplicity. But also I found many areas to look for improvements, both in the economic, cryptographic and protocol related areas. By the beginning of 2012 I was part of the Bitcoin community and I was working late hours to strengthen the security of the Bitcoin Core implementation analyzing the code and responsible disclosing more than 8 vulnerabilities you should be happily never heard of, because they were fixed promptly. Still it was all done without any monetary profit.
But, no visionary I was: I had many doubts about the technology and I lost every chance I had to buy “cheap” Bitcoin in the early years. In my first conference talks about Bitcoin I was very skeptic, to say the least, as you can see in my 2012 talk about Bitcoin scaling (the morale of my talk: Bitcoin is not private and does not scale). By 2012 I had contributed to the cryptocurrency community by creating a new cryptocurrency system, MavePay, based on Guy Fawkes signatures (but out of ignorance I re-invented the signature system, only better) and also I had contributed with many other minor improvements. However, as Bitcoin maximalist I was, I never turned theoretical papers into actual lasting cryptocurrency projects, as alt-coins, pre-mines and pre-sales were bad words.
But by 2013, I was starting to believe in Bitcoin and I became tempted to buy BTC for the first time. So I started analyzing the blockchain from a new perspective: not trying to break it, but trying to understand the market. I realized that whoever created Bitcoin surely kept mining for at least one year, which led me to the simple (but at that time unproven) conclusion that Satoshi had mined about 1M coins. This idea (again!) made me feel insecure, so I didn’t buy any BTC (ever). When I published my thoughts in one bitcointalk forums, people started yelling at me with anger: on one side, for the part of the community that worshiped Satoshi, it was a heretic idea. It didn’t fit well with the “disinterested genius” meme (although, further discoveries that Satoshi had not touched the fortune would make this meme even stronger). On the other side, cypherpunks thought my claims were heretic because I was “attacking” the “man’s” privacy. The truth was that that I was provoked in the forums to find hard evidence of my lightly claims, so I went to look for it, even if I had no initial intention to dig into any private matters. Well, it turned out the evidence was hiding at plain sight in the immutable blockchain. So sooner or later, if not me, other people would find the same pattern. That event radically changed my life. My blog, which at that time had no more than a few visits a day, collected 35K visits in the first week. I became “popular”, on that tiny Bitcoin community of the time. The news spread fast, and Bitcoin price increased 10% during that time. I cannot attest that the price surge was due to this new information coming to light, but I guess it was. A new meme was created: The trust of the initial fathers of Bitcoin in the technology was so profound that they hadn’t sold more than 0.0001% of their coins, even after flashes of incredible appreciation. But behind all this noise and sudden fame, I was working on two cool projects: the Appecoin cryptocurrency (2012), the first anonymous coin that attempted to be perfect binding, instead of perfect hiding, and QixCoin, the first Turing complete cryptocurrency to support my p2p gaming platform. Yes, and all this was one year before Ethereum and Monero were even conceived. By pure chance Wences Casares, the founder of Xapo, was in Argentina at the time. Wences invited me to his offices in Buenos Aires, and after a really enthusiastic talk he convinced me to go to the 2013 Bitcoin conference, in San Jose. So I went, and my life changed, again. But not because I became wealthier (I still didn’t own a single bitcoin), but because I was so happy to see real faces (not just plain code) and to belong to a community for the first time, the Bitcoin community. But nobody wanted to hear anything about a Turing-complete smart-contract platform, maybe only Timo Hanke did show interest. And the only guy who was interested in hearing about Appecoin seemed to be very shady to me. So both projects, even having working prototypes, were almost frozen in 2013.
In order to further develop my p2p poker project, I imagined and coded the first state channel system, where poker games could be played off-chain and on-chain programs were used only for arbitration. Because I was more an entrepreneur than a cypherpunk, I patented state channels in 2014 (“METHOD AND APPARATUS FOR EXECUTING A MULTI-PARTY PROTOCOL WITH TIME-OUTS”). It took me one year more to realize that the beauty of Bitcoin and decentralized technologies lies on their openness, so I dropped the patent.
Afterward I started auditing, and reporting vulnerabilities in many cryptocurrency projects. I just lost the count, because I don’t make reports public, as other companies do. But I remember auditing some of the first interesting projects in the ecosystem, such as CoPay, BitcoinJ, BitsOfProof, Bitshares, Counterparty, Lamassu, Ethereum and Monero. Because there auditing work was increasing every month, I co-founded the company Coinspect with Juliano Rizzo (one of guys that found the CRIME TLS vulnerability and then some time ago he broke the Signal desktop client). Coinspect later was chosen by zCash to audit the initial codebase and its forks. Cosinpect was also chosen by Grin. But in 2013 I was hired by the Bitcoin Foundation to perform regular security audits on Bitcoin Core. During those years I proposed more than 50 design improvements in the cryptocurrency field such as AppeCoin, MAVEPAY (a precursor of Joseph Bonneau’s FawkesCoin), P2PTradeX (the precursor of Blockstream’s sidechains and the second proposed atomic swap method), LIMIO, the Tick method (a precursor of Emin Gün Sirer’s Covenants), the OP_PUSHSIG opcode (a precursor of Segwit), PAMBA, MinCen, MemoHash (a precursor of Dan Boneh’s Ballon Hashing, and later used as a component of Ethereum’s Ethash mining function), The Collision POW (a precursor of zCash EquiHash), the “ECDSA” attack ( a precursor Patrick McCorry’s of “Smart Contract Bribing Miner” attacks, and mentioned in Judmaye‘s SoK paper as one of the first bribing attacks documented) and BlockPad. I also proposed the first proof system for public file replication, and later applied it in a smart-contract platform to reward full nodes having a copy of the blockchain without TTP (cited by Cecchetti, Fisch & Miers). Also I found the O(N^2) hashing vulnerability on Bitcoin, and later the OP_IF and Rock-and-ROLL efficiency problems, and the first signature malleability attack. I also designed the CoVar scheme for improve the fee market (a precursor of Basu, Easley, O’Hara, and Gun Sirer fee market scheme)
In mid 2013 I designed and prototyped the Firmcoin, an Bitcoin micro-controlled banknote for off-line payments (a precursor of the OpenDime). To prevent rogue hardware attacks I created the first anti-covert channel ECDSA signature scheme, which was later analyzed and found secure by Pieter Wuille (nowadays a similar technique is used by the Jade hardware wallet), Also I wrote a whitepaper about the DagCoin cryptocurrency (cited here), DagCoin was the precursor of Byteball and IOTA coins, and I hope it also inspired Avalanche consensus. Later I designed the DECOR+ protocol as a proposal to scale Bitcoin to a 5-second block interval. The protocol was later applied to NimbleCoin, a new innovative cryptocurrency that I designed, and that was coded by Oscar Guindzberg. But due to my still persistent Bitcoin maximalism, was never launched. In 2014 I co-founded IdentivaSecurity, the company behind the PassKey, a new authentication token that failed to gain any market traction, but was an interesting experience anyway. Out of the necessity to satisfy the demand of software developers that understand Bitcoin, I co-founded Coinfabrik with Pablo Yabo and Sebastian Wain. Coinfabrik now employs more than 40 engineers and has became a leading cryptocurrency software factory. I collaborated with Timo Hanke in creating ASICBoost, a technology for building more efficient mining ASICs, which became a novelistic story that had a happy end. Apart from that, I discover the second still most promising Bitcoin ASIC optimization technique: using approximate adders. This technique was later rediscovered and published by scientist from the University of Illinois. Also I helped with the foundation of WayniLoans, a Latam-focused peer-to-peer lending platform.
In 2015 I co-founded RSK Labs and we raised money to develop the first Bitcoin sidechain which was originally called Rootstock and later renamed RSK. I was the designer of RSK, and I wrote its whitepaper . RSK implemented the first cross-chain communication system based on cross-chain SPV-proofs (see Zamyatin et al.). After a year in beta, RSK was finally launched in 2017. This is really the most ambitious project that I have taken part. It has the vision to turn financial inclusion into reality, to improve the quality of life of so many people excluded from the society, by means of decentralized technologies, and basing its settlement layer in the Bitcoin network. For RSK, I created more than 60 RSKIPs (RSK Improvement Proposals), some very good ideas (and some are just failed attempts). One of the most extensive work I did since 2016 is about Contract Storage Rent (RSKIP7, RSKIP17, RSKIP21, RSKIP27, RSKIP52, and finally RSKIP61). I took me 6 proposals to get one right. Also I researched on parallel transaction execution with RSKIP03, RSKIP04 and finally RSKIP144.
During 2016-2017 I researched into new blockchain scaling solutions, from a different unchartered perspective, producing innovations such as Ephemeral Data, default data, and signature chaining with the LTCP protocol (now RSKIP53). Both protocols, and some more, were presented in Off the Chain workshop, under the new name of Shrinking-Chain Scaling, along with a paper written with some co-researchers from RSK. The Default data technique was later re-invented by John Adler as the Postdata field to support higher scalability of Optimistic Roll-ups.
Also I created the first Bitcoin drivechain BIP in order to increase the capabilities of Bitcoin (the currency) using sidechains without increasing Bitcoin block size. A new improved proposal has been recently presented at Building on Bitcoin 2018 conference. At the beginning of 2017, with Diego Gutierrez Zaldivar, we attempted to unify the Bitcoin community with the Segwit2Mb hard-fork BIP, before Bitcoin broke apart by the block-size debate. The proposal was dismissed by Bitcoin core developers. Suddenly, during Consensus 2017, a different proposal, named Segwit2x took some ideas from ours, but having different supporters and deployment schedule. That project didn’t end well, and Bitcoin Cash was created. During 2017 and 2018 I worked on new blockchain scaling techniques, and created an innovative framework called Shrinking-chain Scaling. I presented for the first time the (strange) idea of double-signing a transaction. Two years later the same bold idea was used by MIT team to create zk-SHARKS. And I have yet more stories to tell… but in another time.
In 2019 I created the site satoshiblocks.info to graphically show the dataset used for researching the mining of early Bitcoin blocks.
One of my latest design improvements for RSK was the Unitrie, an optimized Authenticated Randomized Patricia Trie suited for blockchain state storage, which was successfully merged into RSK on a programmed network upgrade in 2019. The Unitrie has been ported to RIF Consensus Node and Hyper-ledger BESU and it compares favorably against the standard Ethereum trie, reaching much higher scalability.
- I created Syncchains, a new type of sidechain that is protected by design to double-spends attacks to its two-way-peg, and also performs peg-ins and peg-outs in a few confirmation blocks.
- I designed the Flyover system, a trustless fast bridge system that will actívate in RSK in the Iris network upgrade.
- I created a new consensus system that could be soft-forked into Bitcoin called Nakamore that enables much greater network decentralization. Nakamore is the first consensus system that can be soft-forked in Bitcoin to enable interplanetary mining.
- I co-designed the Powpeg two-way-peg bridge, that the RSK sidechain implemented in December, 2020.
- I designed the minpeg security layer for the BTC-RSK bridge. This layers extends the current two-way-peg to allow miners to dynamically participate in the security of the peg, where each miner’s participation weight depends on its hashrate.
- I designed an extension to merge-mining called Inclusive Fork-aware Merge-mining (IFMM) to enable sidechains to capture 100% of Bitcoin hashrate security. This is the key RSKIP.
When I speak in public, I try to give a different talk each time I have the opportunity, in order to force me research more and more. A talk I really liked is the one about Proof of Unique Blockchain Storage in Devcon3 (video here).
I’m always open to collaboration to push projects forward, so if you want help me in any of these endeavors, please write to me!
Other talks I gave (the newer the better)
- Satoshi Nakamoto (in Spanish), 2013, EkoParty Conference.
- RSK initial presentation (in Spanish). 2015, laBitConf Mexico.
- RSK Sidechain, 2016, at MIT Bitcoin Expo.
- RSK, 2016, for Epicenter .
- RSK, 2016, Liberty Entrepreneurs Podcast.
- RSK, 2016, Marketing video :).
- LTCP, 2017, at MIT Bitcoin Expo.
- RSK, 2017, for DCG.
- Proof of Unique Blockchain Storage, 2017, Devcon3.
- RSK Security & Usability Improvements, for Zeppelin.
- RSK, Filmed Radio program, 2017, NoSoySatoshi
- Shrinking-Chain Scaling, Master Workshop: off the chain, Berlin, 2018
- Drivechains, at Building on Bitcoin 2018, Lisbon.
- Scaling Bitcoin to a Billion users, Consensus 2019, NY.
I discovered and responsible reported these Bitcoin-Related vulnerabilities:
- Lack of orphan tx limit prior v0.5.3
- CVE-2012-3789: Multiple DoS Vulnerabilties in Satoshi client
- CVE-2012-4683: Targeted DoS by CPU exhaustion using alerts
- CVE-2012-4684: Network-wide DoS using malleable signatures in alerts
- CVE-2013-2272: Remote discovery of node’s wallet addresses
- CVE-2013-2292: A transaction that takes at least 3 minutes to verify
- CVE-2013-2293: Continuous hard disk seek
- CVE-2013-4627 security holes.
- security vulnerability in BouncyCastle ECDSA (BJB-22)
- Brumley/Tuveri attack to SatoshiDice
- BitsOfProof client vulnerabilities
- Bitmessage v1.0: completely broken crypto
I dream of a future with an ecosystem of crypto-currencies, some purely decentralized and others government-backed. I plan to take an active role in creating the future of decentralized digital cash.
I hope you enjoy redesigning Bitcoin as I do.
This section is a relic from the time people used to donate Bitcoins. I don’t receive donations anymore. However if you like my work and want to encourage me in researching further you can donate to this address: 17mcFB7Xyymd9hxp2bgNPz1ruWsdoPoCnZ
2013-04-13: I’m very happy to announce that today I received 1 BTC from an anonymous donor! Thank you!
(*) It very sad that today, 25 years later, the government site doesn’t even serve a valid security certificate!