A few weeks ago, at CC Forum in London, Bobby Lee asked me to review his new product called Ballet. In effect, it’s a paper wallet printed on a piece of metal. Like many others, Bobby has fundamentally misunderstood the nature of Bitcoin. In the white paper, I wrote that:
a new key pair should be used for each transaction to keep them from being linked to a common owner.
Bobby was very enthusiastic about his product, which is a good thing whenever you’re developing something, but it’s also important to understand the system and the market you’re developing for. In the 1990s, a company called Mondex released a form of cryptocurrency based on prepaid smart cards. Unlike the Ballet system Bobby has released, the Mondex system was quite secure. It allowed amounts to be transferred on and off the card, and protected keys very well. Having analysed both physical and IT security systems for several decades, I can estimate the cost of counterfeiting and of taking a key and reapplying the protective coating. The cost at bulk would be between two and four US dollars for each card. As such, cards could be issued where the private keys have been extracted. It would allow an attacker to sell the card knowing that at a future time, they would be able to recoup any “investment” where on average each card they give out returns more than four dollars. But, the cost of the card makes it infeasible that it will be used for anything under $20. More importantly, it results in the user having to entrust the company developing the product with never saving the keys.
A FATF Report from the ’90s {[1]; at 15–16} noted that a couple of variations of electronic cash had emerged. Such where illustratively dubbed net-around money and walk-around money. Net-around money involves personal computers (and smart phones), and is designed to be used primarily with connection to online purchases. DigiCash’s digital coins (eCash) represented an early example of net-around money. Walk-around money is a system principally designed to be utilised in face-to-face trades. Mondex cards are an example of walk-around money [1].
Ballet acts in a form that tries to be both and satisfies neither use case.
Money laundering
I’m starting to come to the belief that individuals seeking to create such products are actively engaged in creating solutions for the purpose and market of money laundering. In effect, it would be the only market for such a product. But, the product fails for the same market, too. The product is neither secure, nor does it present a valid use of Bitcoin; importantly, to be used, individuals will need to record all of the payments to the card. In theory, any removal of funds from the card will be associated with the destruction of the card. But the reality is that the key can be extracted for as little as two US dollars. After such an extraction, the key can be given to another party through the card — where they don’t have adequate control of the key.
The type of system is already covered under anti-money laundering (AML) rules. The introduction of Mondex in the 1990s presented a much more secure version of such a system, one that allowed users to put and take money on and off an individual card non-destructively, which led to the introduction of laws covering the use of such products 20 years ago.
I seek to try and believe that people are not doing such things maliciously and that they’re doing them out of ignorance. Either way, the mere development of such a product demonstrates a fundamental misunderstanding and incomprehension as to the nature of Bitcoin.
Bitcoin for Micropayments and Use
Bitcoin is designed to be an electronic cash system. It uses digital coins that are based on a template, which is saved on each transaction to the blockchain. The privacy section of the white paper specifies the use of multiple keys. In fact, a key should not be used more than once. Although the same may not be the case in the real world, the number of users per key should be minimised. Bitcoin, then, is designed to be used on-chain. The entire security proposition of Bitcoin stems from the ability to transfer to keys that you control. The system designed by Bobby, Ballet, is one that leads to plausible deniability for every criminal in the system. It enables people to deny theft at each level of an exchange. The product has below-zero security, and is not even worth the metal it’s on when used in exchange to 3rd parties. The only reason for such a product lies in being an expensive paper wallet. As such, it still doesn’t justify the cost. If heated or treated with high levels of UV, the product degrades and the keys are lost.
Unfortunately, many people have misunderstood the nature of Bitcoin in believing it to be some sort of digital gold. Such belief is misplaced. Bitcoin can act as the foundation layer for many systems, but natively, it is not designed to be digital gold. Importantly, the concept of any large address being treated as an account can be used to demonstrate a fundamental misunderstanding and the sheer ignorance as to the nature of Bitcoin.
My recommendation is not to use the product if the cost of the product is more than two US cents and even then to ensure that any amounts stored on it never exceed $0.50. Beyond such levels, it becomes insecure at any use. Even at such levels in quantity, it becomes vulnerable.
Primarily, I recommend against such products, as they are designed to mislead people as to the nature of Bitcoin. Users receiving such a product may be falsely informed and misled into believing that Bitcoin would be a digital-account system rather than a system of electronic coins. It would teach people that an individual key should be protected in the manner of PGP. But doing so is contrary to the nature of Bitcoin. In Bitcoin, a new key pair should be used for each transaction. Importantly, no coin should ever be bigger than 100 units, that is, 100 bitcoin. Individuals holding large amounts in such a manner are failing to understand Bitcoin and the coin-based nature of the product. Unfortunately, even people who have acted for me in the past have fallen for the same misunderstanding, but I am doing my utmost to correct the error.
References
[1] See TOWARD ELECTRONIC MONEY, at 3. For example, in the 1990s, two companies developed a hybrid system designed to allow electronic cash to be moved from a smart card to the hard drive of a computer and vice versa.
See also FATF SECRETARIATE, FATF-VIII MONEY LAUNDERING TYPOLOGIES EXERCISE PUBLIC REPORT, Feb 5, 1997, at 15.
See also U.S. DEP’T OF THE TREASURY, TOWARD ELECTRONIC MONEY AND BANKING: THE ROLE OF GOVERNMENT 5 (Sep 19, 1996).
See generally Symposium, The Electronic Future of Cash, 46 AM. U. L. REV. 961–1335 (1997).
[2] Sarah J. Hughes, A Call for International Legal Standards for Emerging Retail Electronic Payment Systems, 15 ANN. REV. BANK. L. p. 213, 197, 207 (1996).