[Cryptography] Keeping Malware from Using Security Hardware

Wed Mar 19 03:00:47 EDT 2025

> On Mar 18, 2025, at 9:08 AM, Chris Frey <cdfrey at foursquare.net> wrote:
> 
> On Mon, Mar 17, 2025 at 09:57:24AM +0000, iang via cryptography wrote:
>> In short (and this was the literal analysis of EOS, being a blockchain
>> for business) my claim is that you cannot do business unless you can
>> hold the counterparty to account for eg debts incurred unfairly. And
>> the test of that is - how do you take someone to dispute resolution?
>> 
>> And technically, that means being able to halt transactions, pending
>> resolution. So I concur, lack of disputable transactions is a design flaw,
>> if you're intending the chain to do business.
> 
> People, please. :-)
> 
> This has nothing to do with the payment system.  If I pay cash
> at the local variety store for a packet of crisps and they turn out
> to be moldy, I go back for a refund.  There is nothing in cash itself
> that enforces a refund, yet we get along just fine without it.
> 
> You take someone to dispute resolution with the evidence you have:
> the receipt, the packet of crisps, and your testimony of what happened.
> If cash was used, that's all.  If Bitcoin was used, you have the
> ledger transaction to show too.  What more do you need?

There certainly is something in cash itself that facilitates the processing of refunds: the fact that it is physical.  This has a lot of practical consequences.  For example:

Most cash transactions are small and happen face-to-face with (a representative of) the counterparty, usually at a brick-and-mortar establishment.  It is costly (and hence rare) for the counterparty to simply vanish.  (There is a reason that no one in their right mind mails cash.)

It is very hard to accidentally give cash to the wrong person or establishment.

Voluntary transactions can be easily distinguished from theft and coerced transactions like ransom payments, and because the perpetrator at some point has to come into physical proximity with the cash, it's risky.

Large quantities of cash occupy significant volumes and have significant mass, and this scales linearly with the amount of money involved.  Storing and moving large quantities of cash is a non-trivial undertaking.

None of these things are true of blockchain transactions.  There is no way to distinguish voluntary transactions from accidental transactions or coerced transactions.  There is a reason that ransomware is a booming industry, and that the ransoms are demanded in bitcoin and not physical cash.  You can literally do it essentially risk-free from the comfort of your own home.  A million bitcoins weighs the same and occupies the same space as a satoshi (essentially zero in both cases).  It is really easy to accidentally send bitcoins to the wrong address.  It is really easy to have your keys compromised remotely.  I could go on and on and on.

Cash leverages the laws of physics to provide a very long list of benefits that blockchains can't do at all.  It doesn't guarantee refunds, but it sure makes them a whole lot easier to ask for and hence a lot more likely to get.

rg