Oleg Andreev

Software designer and crypto-anarchy historian. Building Tonkeeper.

abouttwittertelegramton apps group

How to use group chats in Telegram

Sometimes you need to summon 3+ people in a group chat for a discussion. I’ve been using Telegram since it’s launch in 2013 and since then I have accumulated over 600 group chats. Most of those were added while working on Tonkeeper in the past 2.5 years. When people use group chats incorrectly, we all suffer from the consequences.

Here’s how to use group chats:

  1. Make everyone an admin. This will allow others invite more people, change picture and settings later without bothering you.
  1. While making everyone an admin, do not check “remain anonymous”. The person won’t be able to untick it themselves ¯\_(ツ)_/¯.
  1. Immediately turn off “history hidden from new members”. This will bite you when more people are coming in and miss out on important bits of information. In my practice keeping history secret was useful in grand total of three group chats in the past 2 years.

This advice works for 99% of family- and work-related chats. Of course, if you are starting a large community, or discuss something extra-sensistive, you’d pay extra attention to the settings and tune them to your situation.

PS. I wish Telegram added a quick toggle for that behavior somewhere on the chat setup screen.

 No comments   2 mo   telegram   ux

Blockchain business is like Formula One

Building apps on a blockchain is very much like the top-tier racing sport, F1. And it’s not about speed, performance or running in circles.

You see, F1 is a technical sport between some of the best engineers on the planet, and the smartest one wins the trophies. In F1, like in real life, there is a stack of technical regulations saying what you can and cannot do. If you break the regulations — you are disqualified. If you meet the regulations — try hard to reach the fourth, third, or maybe even a second place.

But in order to win your job is to find the gap — the one where the regulations mean one thing, but actually say a different one. That’s where the true geniuses figure out extra power and downforce to be added to otherwise excellent engineering expected from everyone in the paddock.

Blockchains and Fintech are somewhat like this. You don’t want to break the regulations, but you also don’t want to make a complicit product — blockchain part adds more overhead and instability to whatever traditional piece of software you are doing. Blockchain products are used in the middle area: where people need to break away from corrupt status quo imposed by old order, achieve personal freedom and take personal responsibility. All while using it wisely and not get disqualified.

In F1 only the top of the top need to find the gap. In blockchain everyone has to play this game to stay afloat. Airdrops instead of ICOs. NFTs instead of securities. Self-custody apps instead of banks. Zero-knowledge protocols over cloud computing.

You don’t disrupt the world head-on. You work around the obstacles by building a better way.

 1 comment   2 mo   blockchain

Component vs Interconnect language

Insightful quotes from an article by Marcel Weiher on Mojo, a new language designed by Chris Lattner (the author of LLVM and Swift).

To those who don’t know: Mojo is a fun new language that extends Python with features usually reserved for “systems programming”: static type system, algebraic types and memory ownership. The language is so fun, the file extension is the fire emoji, literally: filename.🔥.

So here is the quote:

The scripted component pattern itself is a (common) solution to the problem, first identified in the 70s that programming-in-the-large is not the same as programming-in-the-small, that module implementation languages are not necessarily suitable as module interconnection languages.
The reason [Swift’s and ObjC’s made a] mistake is that it turns out that the connection language is actually the more general one, the component language is a specialisation of the connection language.
With this realisation, Mojo’s approach of making the connection language the base language make sense.

 1 comment   2023  


Bitcoin is dead again, economies are in recession, wars are everywhere. It’s once again the time to build decentralized systems!


For the past 8 years I’ve been extensively studying cryptography, Bitcoin, politics of crypto-anarchy and cypherpunk culture. The very first day when I discovered Bitcoin I understood that the world is irreversibly moving towards decentralized finance based on asymmetric security offered by powerful cryptographic protocols.

As a product designer, I decided to help bridge the UI/UX culture with the most hardcore cipherpunk culture. I built the first iOS library for Bitcoin that at some point powered half of the wallets on AppStore. My Bitcoin FAQ was recurring in the Bitcoin Magazine. I’ve written a number of popular articles on crypto-anarchy and Bitcoin.

I began studying cryptography by designing my own blind signature scheme aimed at improving security of crypto-wallets while not compromising ergonomics and privacy. Together with amazing Cathie Yun and Henry de Valence I’ve built zero-knowledge library Bulletproofs. Then on top of it — a novel blockchain format for confidential smart contracts ZkVM based on our prior work on TxVM with Dan Robinson and others at Chain.

TON born and reborn

While I was busy with ZkVM, folks at Telegram invented yet another blockchain, TON (then — “Telegram Open Network”). They tried to do an ICO, but were threatened by SEC and abandoned the project.

But TON did not die. The coins were dumped into mining contracts on the testnet (sidenote: oh, the irony — people mining coins on the proof-of-stake blockchain), from where the early community of developers and investors continued tinkering with the thing. This was somewhat similar to Bitcoin where we all had to decipher Bitcoin all by ourselves after its founder left the project without leaving much guidance.

In 2021 TON testnet was renamed into mainnet, its coins got listed on a couple of exchanges and the activity around the network began to grow. That’s when I learned (to my surprise) that TON is no longer an abandonware and began work on Tonkeeper.

It’s all about scaling

TON is an attempt to resolve two conflicting requirements: provide a flexible development environment on the blockchain to allow any sort of apps to be programmed, while making sure they also become horizontally scalable.

Bitcoin and Ethereum make two opposing choices here. Bitcoin (and LN) work fine at scale, but focus on virtually one use-case — securing your savings. Ethereum offers a simple yet powerful development environment, but it does not scale for the intended use-cases.

The idea of TON is to solve both of these issues and roll out decentralized markets at a massive scale.

TON is weird

Any engineer worth their salt would recognize that there must be some tradeoff if you attempt to solve both problems. The tradeoff that TON makes is employing one of the weirdest execution models in the entire computer industry. TON’s model has elements of Smalltalk’s OOP, Erlang’s distributed processes, hostility of web services and unforgiveness of smart contract and consensus systems.

In the name of scalability, TON makes many hard decisions.

For instance, your smart contract has to pay rent for its storage. When it runs out of money — it is frozen, and when it runs out of money more, its entire state is completely forgotten. This is somewhat dangerous because the contract may later be reset and all its external messages could be replayed.

Another example: contracts cannot read each other’s state. Of course, we can only send one-way messages, but we can do some good-old client-server request-response exchange, right? Not really. Those requests and responses are taking many seconds, you cannot afford any locks or mutexes (due to denial-of-service exploits), and yours or someone else’s state may change in-between these communications. Your only option is to carefully design mostly unidirectional graphs of transactions where you tell, don’t ask as Smalltalk programmers taught us.

One more shocking idea: in TON there are no allocations and no arrays. Your only array is the blockchain itself. The reason again is the goal of infinite scalability. The network shards the blockchain, you place your data all over the place so it’s not creating a bottlneck anywhere. If you have a multi-user contract, you should store per-user data in some sort of tokens — independent smart-contracts held by individual users. The endgame is to have O(1)-ish complexity of all the pieces, which is good, but sometimes feels like you are designing a real-time aviation software (which is also good).

Crossing the chasm

I think TON is an exciting technology. All its shortcomings are not rooted in the architecture, but in the lack of tooling and infrastructure. It is too low-level: it is a platform for building a platform for decentralized apps. Or maybe for a platform for a platform for a platform. The exciting bit is that we are starting to discover missing concepts and abstractions and can improve the design of the apps and programming languages.

This summer I kickstarted work on a new language for TON: Tact language. It is aimed at bringing order into highly asynchronous nature of smart contracts and make it easy to write secure multi-contract apps.

Later in this year I’ve attended a couple of TON-themed meetups in Prague and Dubai, where together with fellow developers we brainstormed a conceptual framework for TON contracts.

This is an exciting start of a long journey.

 3 comments   2022  

Apple lies about App Store

Apple has published a brochure Building a Trusted Ecosystem for Millions of Apps where they argue that the App Store is an important middleman that delivers safety to billions of people and that if people are allowed to load apps from random sources, bad things™ would happen.

I respect many people at Apple who work real hard to push for better design and better technology. I also respect Apple as a commercial enterprise that knows how to make money that funds all that design and technology with scale and consistency.

However, we should call propaganda for what it is. The App Store is not the important middleman that provides safety for the users. It is the design of the gadget itself that protects the owner and their data from malicious or malfunctioning code. Of course, there are spots of imperfection, but the App Store provides only a superficial and incomplete substitute for a solid technical solution within the design of the hardware and the software.

The principle

I’ll get to the boring commentary of the points made by the brochure below, but before I’d like to remind you all of a principle formulated in 2010 by Ivan Krstić who still works on core security at Apple: “security driven by user intent”. At WWDC 2010, Apple announced sandbox technology being brought from iPhone to the Mac. Ivan made an insightful presentation that explained the philosophy behind this:

  • computers contain data of our entire lives,
  • apps can be written by anyone and deployed over the internet,
  • apps should not have access to all of user data by default,
  • access to data should be driven by user intent so that the user always knows who has access to that data.

The most impressive example of applying this principle was “Open File” dialog in OS X Lion. Before sandboxing, the app would have access to the entire disk. When you want to open a file, the app would use a system framework within its address space to draw an “Open File” dialog to let user select a specific file. Within a sandbox, the app has only its own containerized folder (just like on every iPhone), plus a list of permissions granted to it by the kernel. The “Open File” dialog is no longer rendered by the app, but instead the system draws its own Finder window over the rectangle placeholder left by the app. What user sees is the same familiar experience, but what happens behind the scenes is exactly what matches user’s intent: system-like dialog sees all files because the system has access to all these files, but only the selected one is granted to the app. Same works for drag-and-drop: when a file is dropped to the app, system grants access to that exact file.

The same principle works on the iPhone: when an app wants to select a file or a picture, it is the system dialog that appears and only the selected items are granted to the app. Same goes for the contacts in the address book. And since WWDC 2021, there is even a location button that helps avoiding clunky Allow/Deny dialogs that annoy people and are not directly tied to intent and specific action. I’m eager to see this implemented for the camera and mic, so we can just press on/off buttons instead of being prompted whether we allow an app to spy on us indefinitely.

Ephemeral MAC addresses, private relay, one-time email addresses are all the technologies, not policies, that improve your security by minimizing leakage of private information.

As you have already noticed, this works for all apps, no matter who developed and signed them: Apple, App Store or independent developers. It is the job of the operating system and hardware to keep your data safe and make sure apps do not interfere which each other. App Store is a nice service where you can find and easily buy/install applications, compared to the wild web, but it is not and never be an effective guardian: only the operating system can do that job, 24/7 without any human supervision.

Boring commentary

We built the App Store to give developers from around the globe a place to build innovative apps that can reach a growing and thriving global community of over a billion users.

That is true: ease of use of App Store is what helps users spend money on apps, which is a great incentive for developers to build more and better.

Given the sheer scale of the App Store platform, ensuring iPhone security and safety was of critical importance to us from the start. Security researchers agree that iPhone is the safest, most secure mobile device, which allows our users to trust their devices with their most sensitive data.

That is also true: if everyone is keeping everything in their computers and installing millions of applications on them, it is quite important to make computers secure at the core.

We built industry-leading security protections into the device, and we created the App Store, a trusted place where users can safely discover and download apps. On the App Store, apps come from known developers who have agreed to follow our guidelines, and are securely distributed to users free from interference from third parties. We review every single app and each app update to evaluate whether they meet our high standards. This process, which we are constantly working to improve, is designed to protect our users by keeping malware, cybercriminals, and scammers out of the App Store.

Notice how device security is placed on par with App Store policies. At their scale App Store is at best a “last resort” measure on top of the actual security provided by the device itself. There are and always will be people circumventing human-operated policies. Heck, Facebook app is still shipping, as far as I know.

Apps designed for children must follow strict guidelines around data collection and security designed to keep children safe, and must be tightly integrated with iOS parental control features.

This paragraph fails to convince me why all adults must have crippled devices because that way kids are safer. Parents can turn on “kids mode” for their kids and not turn it on for themselves.

Apple reviews all apps and updates on the App Store to intercept those that could harm users. This includes apps that contain inappropriate content. [...]

Inappropriate content is another mind trick from a category “think of the children”. Inappropriate content has nothing to do with the security of your data and the number one application that contains all the inappropriate content in the world is a web browser that ships front and center with every computer.

A study found that devices that run on Android had 15 times more infections from malicious software than iPhone, with a key reason being that Android apps “can be downloaded from just about anywhere,” while everyday iPhone users can only download apps from one source: the App Store.

No, sorry. Android is not a single architecture, it’s a piece of software that gets installed on random array of hardware. Most of shipping Android phones are generally cheap and less secure than iPhones.

That principle guides the high privacy standards we build into our products: we collect only the personal data strictly necessary to deliver a product or service, we put the user in control by asking them for permission before apps can access sensitive data, and we provide clear indications when apps access certain sensitive features like the microphone, camera, and the user’s location.

The access to data is managed by the system through (mostly) clever use of the principle “security driven by user intent” that I described above. It is actually a security hole to rely on some people with policies to manage data that’s flowing right in front of you on a computer that you have to trust anyway.

Today, it is extremely rare for any user to encounter malware on iPhone.

Yes, but not because of the App Store. See above.

Because of the large size of the iPhone user base and the sensitive data stored on their phones – photos, location data, health and financial information – allowing sideloading would spur a flood of new investment into attacks on the platform.

We have to compare this risk with the risks present on the web: if a bad app could ask you to give it access to some photos, the same could be done by a website.

On a Mac there is an optional notarization service that lets users have confidence that the app is from a developer known to Apple. So if, say, they permit the photo editing application access to the entire photo library and then later it is discovered that the app goes rogue, Apple would be able to hold the developer by the balls in the legal realm. But that does not mean the developer cannot distribute the app directly to their users without anyone at App Store vetting it upfront.

A sideloaded game bypasses parental controls.

The entire page 5 is telling a story how hardware is not capable (actually, it is) of enforcing parental controls. The hardest part is filtering the web traffic, and that’s certainly not the App Store’s job. Also, if App Store was optional, there is no problem in having a switch on a phone “only allow apps from 6+ category on the App Store” and a passcode.

Apple defending App Store on the grounds of kids’ safety sounds very patronizing: there is only one adult in the whole Apple universe, and all of you are children incapable of thinking for yourselves.

At the park, the copy-cat filter app John had sideloaded threatens to delete all of his photos unless he pays up.

I think Apple should work on a native Bitcoin wallet built into the Keychain, so John has a more convenient way to pay up a ransom. Currently, if your phone lets an app to encrypt/delete all its data, it is very annoying to register on Bitcoin exchange, file paperwork, set up a wallet, read the whitepaper and learn how to back up your private keys. A decent built-in solution for ransomware would be most welcome in this dangerous world. After all, we are all used to pay ransom for PCR tests to move around, and that’s marginally more convenient than ransomware.

John unknowingly downloads a pirated app from a third-party app store.

There is this thing called TLS and Certificate Transparency on the web designed for specifically this scenario. It is a federated (not centralized) system, and pretty much free of charge with little censorship risks (except in Kazakhstan).

A sideloaded app violates John’s privacy.

What the app actually does that cannot be controlled by the hardware is always going to be learned the hard way: after enough damage is done. One way to prevent and limit the damage is to have developers known. And this is achieved by having notarization and TLS-like trust chains, not via a centralized distribution channel, that cannot learn about the app’s malicious behaviour during a 2-day review.

In addition to the protections provided by App Review, we design our devices’ hardware and software to provide a last line of defense in case a harmful app is downloaded on the device.

The best defense relies on a combination of all layers – robust App Review to help prevent the installation of malicious apps, and robust platform protections to limit the damage malicious apps can inflict.

That is quite a statement. In the end of the brochure Apple claims that it is the App Store that’s doing all the heavylifting, and the security architecture is simply the last line of defense. I don’t remember when any of the infosec people I know would be praising Apple’s distribution system: it was always the top-notch technical solutions that provide robust, easy to understand security model: from the CPU architecture, to Secure Enclave, to filesystem encryption, containerization and sandbox, fine-grained permissions system up to intent-driven UI security.

The end result is that security experts agree iPhone is the safest, most secure mobile device. Apple’s many layers of security provide users with an unparalleled level of protection from malicious software, giving users peace of mind.

This closing paragraph is entirely true, but Apple is dishonestly making you think it’s their policing that keeps you safe, not the clever engineering and design.

2021   apple   bullshit   design   security

Command line for complex GUIs

TL;DR: make complex UIs driven by a domain-specific command-line language, which itself has interactive controls built into the flow of the commands.

Am I a crazy linuxperson who prefers to sit in front of a terminal all day? Nope.

Some fifteen years ago I was lucky to witness Autocad’s interface that’s pretty much all GUI, but that was having this little terminal with its own command language where you could draw things with precision. “Move 1 cm left, draw 2 cm forward”. You type some commands with precise numbers in a comfortably large textfield, and you see the results immediately. Mistyped something? Undo and tweak the command. You get the same WYSIWYG feedback, but without tinkering with mouse over millions of tiny textfields, dropdowns, panels and palettes.

Some seventeen years ago I was lucky to learn Wolfram Mathematica. That was quite different: a primarily text-based interface, but supercharged to be interactive, structured, with rich formatting and interactivity. This is how a command-line within a GUI should feel like.

I used Photoshop years before that day and then years after. And I still wish that maybe someday someone would make a graphics editor like Autocad was doing for ages, but making it even more interactive and responsive, akin to Mathematica’s notebook language.

When to use command line?

Command line may be intimidating for some simple, isolated and possibly rarely performed tasks. But when amount of compound complexity shoots through the roof, the right click menus and millions of tiny windows and modal dialogue panels just don’t scale.

When you need to do X, then Y, then Z and customize each action with 5 parameters out of 55, and then try the same with various tweaks here and there, you really want a streamlined interface. And only a text-like flow is going to deliver that.

Pros of a command-line driven UI:

  1. Precision: just type “thickness 0.33” and it’ll be 0.33 in an instance. In Photoshop today you have to either quickly drag a slider somewhere, which is not precise, but quick. Or hunt for a teeny-tiny textbox, then click it, then enter numbers. Awful!
  2. Composition: if you need to express “same brush thickness as half the margin between these two things” you can do just that, instead of manually calculating and typing two-three numbers in various spots several times over, as you try different combinations. Just re-run the same command with one number tweaked each time.
  3. Collaboration: you can copy-paste actions and edit them like a regular source code, without wasting time navigating through windows and buttons or pressing quite invisible hotkeys after some video tutorial.
  4. Editable history: if your whole document is driven by the command line, you can simply store the whole document as a giant list of commands. So you can go back and rewrite/refactor it to your liking. Things can get much more powerful, for free: you don’t have to do advanced tinkering with the commands unless you really want to.

There are, of course, some problems, but we can use computers to solve computer problems:

Discoverability: how do i learn the syntax of all the commands?

First, if you have a language aimed at composability, your command set would probably be a fraction of the number of menus and windows that you already have. E. g. you won’t be having three different ways to apply color adjustment, if you have a line that describes the adjustment, and another line that attaches it to a group of layers.

Second, no one prevents you from finding command in-place as you type and showing placeholder bubbles and documentation, or even interactive controls, in-place. Have you ever typed formulas in Excel? Same thing, and you can make it arbitrarily smart, with fuzzy text matching and contextual interactive UI elements, like they do in programming IDEs such as IntelliJ IDEA or Xcode.

Third, you can still have good-old menus and dialogues to fill in the commands. But have you noticed the Mac’s “search commands” field in every Help menu? That’s a tiny command line that lets you find a command by typing words. Take a hint!

Programming is hard, I’m a visual person!

It is absolutely possible to make this sort of interface progressively accessible. Draw things with your mouse or click some commonly used toolbar buttons: the UI will fill in the generated commands. You can ignore them, or you can go and tweak the numbers.

Example: draw a rectangle on a screen. The UI will show the rectangle and the command “rect x:1, y:2, w:301, h:499”. Wanna round numbers? Just click them and edit, right from keyboard. Wanna two of those? Copy-paste, add 100 to the y-coordinate. And see the result instantly. Easy and natural! Once you try it (provided feedback is instant and autocomplete is smart), you will never go back.

Do I have to type all bezier curve parameters like a robot?

Of course not! Imagine an object “curve from 0 to 1”. It is the same thing that we use for color adjustment or a shadow profile. Just let it be a type. And then you can render it within the command line, like a floating 2D object that you can interact with. And if you really have to, switch it into all-text mode with all nasty curve parameters shown as-is.

How do we move forward?

  1. Think of your process as a domain-specific program, with nouns (objects) and verbs (actions).
  2. Make a file format out of that language.
  3. Drive the UI by the language.
  4. Make super-charged autocomplete. See the leading IDEs for example.
  5. Embed UI into the language. Color picker for a color, sliders for numerical values, 2D controls for 2D objects etc.
  6. Programming text editors is no fun, especially if the text has custom floating interactive controls all over it. So we really have to create a reusable toolkit for working with text-intermixed-with-controls. That’s a pain well worth capitalizing on, and/or amortizing across many products.
  7. Make a great product for graphics/video/animation/3D/rocket science that boosts productivity 20x.
  8. Profit.
2020   autocad   cli   photoshop   ui

Symmetrical and asymmetrical power

Symmetrical power is defined by the risk being proportional to the potential gain. This automatically translates into “the bigger guy wins”.

Example 1: security of the physical gold, which is easily confiscated by the state and is now largely held by central banks.

Example 2: second amendment in US. Militia formed by armed citizens is going to lose against same-sized army professionally organized by the state.

Asymmetrical power is defined by the risk being significantly lower than the potential gain.

Example 3: state-organized army. The generals and politicians bear virtually zero risk, while reaping all the gains.

Example 4: Bitcoin. It is significantly cheaper for individuals to protect their bitcoins against large-scale confiscation, than to perform such attack.

It is easy to see that asymmetrical munitions will always win over symmetrical munitions.

There is an interesting difference between the armies and Bitcoin, though. Armies are asymmetrically powerful in the hands of their leaders at the large socialized expense: maintaining loyalty of the citizens who have to pay ever-growing taxes. Costs of running Bitcoin are measurable and adjusted by the market, without the use of coercion, voluntarily supported by the expanding entirety of the Bitcoin users (who pay for the inflation and fees).

Success of the army means expansion of the empire and further concentration of the power in the hands of the state. Success of Bitcoin means that wealth spreads further instead of being confiscated and concentrated, diminishing relative coercive power of every individual.

We can now formulate the crypto-anarchy conjecture:

  1. The traditional political process is application of symmetric power and will not scale down empires.
  2. Second amendment and militia are also symmetrically powerful and will not protect people from empires.
  3. Empire’s asymmetrical power towards its population expands until it destroys the economy it feeds on.
  4. Bitcoin being asymmetrically secure is better than any other known tool in protecting individual’s wealth.
  5. Dynamic of the (4) vs (3) means that Bitcoin may cause the state run out of money before the economy is destroyed.
2019   bitcoin

The renaissance of cryptography

This is a declaration of a new era.

Cryptography was almost exclusively a military technology for centuries. When in 1990s millions of personal computers connected to the internet, cryptography graduated from a munition to an industrial tool to secure credit card payments over a global, open and hostile environment.

For the next 20 years cryptographic research and engineering was very vibrant, but culminating in a loud confirmation by Edward Snowden that the resulting products were not good enough. SSL, PGP and other protocols turned out to be insecure, their implementations were buggy and hard maintain, all cryptographic primitives are broken and/or easy to misuse (MD5, RC4, RSA). High-level protocols were full of design and engineering mistakes and full of misunderstandings. The whole discipline had a culture of abstinence-only cryptography and, as a result, poor engineering standards mixed with academic hubris and sabotage by the governments. 20 years of real-world cryptography produced a few useful artifacts and a lot of mess.

Then, three things started to happen:

First, personal computers and the internet reached very deep into lives of almost everyone. Individuals now store their entire life in affordable pocket computers, businesses run all their operations over the internet, governments routinely participate in cyberwars. The importance of securing information shifted from “good to have” to “actively desirable”. Apple, the most valuable corporation on Earth, is selling billions of computers with _security_ and _privacy_ as a one of their main selling points.

Second, Bitcoin and blockchains happened. Things envisioned by Nick Szabo, Hal Finney, Wei Dai, Tim May and other cypherpunks back in 1990s finally started to materialize. The internet discovered a whole new continent: with “wild west” anarchy, “gold rushes”, and massive real and fictional opportunities. On that continent the excellence in cryptography is no longer simply desirable, but becomes vitally important: the unauthorized access to data now equates to the immediate loss of unbounded amount of highly liquid assets.

Finally, a new generation of software engineers has grown up, who have an enormous enthusiasm to fix mistakes of the past and bring cryptographic engineering to a new level: with clean designs, excellent documentation, record-breaking performance, safety and usability, and, most importantly, strong ethics.

Today we have robust cryptographic building blocks that are not only safer and faster, but also designed to be composable and extensible to build on top of them with confidence: such as Keccak, AES-SIV and Ristretto.

We have better programming languages (Rust, Go, Swift) where engineering can be done with clarity, safety and ease. Pure Rust libraries such as Miscreant and Dalek set a new bar for all cryptography engineers.

For the first time ever, the ambitious ideas of zero-knowledge proofs that were stuck in academic papers for many years are finally implemented for the blockchain applications: Zcash, Confidential Transactions, Monero and Bulletproofs.

We are living in a renaissance era of cryptography: we have fantastic tools, amazing people and strong demand for high-quality cryptographic products with direct financial incentives. We are now at a lift-off point: we have a strong foundation to build upon with confidence. Now is the best time ever to learn and work with cryptography. Expect truly transformative technologies come out of this mix in the coming years.

2018   cryptography

How Bill Gates managed to be wrong in every sentence about Bitcoin

Bill Gates on Reddit AMA:

The main feature of crypto currencies is their anonymity. I don’t think this is a good thing. The Governments ability to find money laundering and tax evasion and terrorist funding is a good thing. Right now crypto currencies are used for buying fentanyl and other drugs so it is a rare technology that has caused deaths in a fairly direct way. I think the speculative wave around ICOs and crypto currencies is super risky for those who go long.

Lets nitpick line by line.

The main feature of crypto currencies is their anonymity.

Wrong. Bitcoin is pretty hard to use anonymously while virtually no one uses altcoins designed to be more anonymous. Anonymity is a feature, but not the main one. The main feature is sovereignty.

I don’t think this is a good thing.

Wrong. The anonymity (and sovereignty) that Bitcoin gives to each individual holder is very good, because it’s virtually the only tool that protects the individual against all-powerful police states all around the world.

The Governments ability to find money laundering and tax evasion and terrorist funding is a good thing.

Wrong. The governments’ ability to do things rests on large-scale extortion. Governments themselves run giant money scams, extract nominal fees from banks that launder money, fund terrorists around the world and finance unimaginable range of guns and other sadistic devices such as prisons, public schools and DMVs.

Right now crypto currencies are used for buying fentanyl and other drugs so it is a rare technology that has caused deaths in a fairly direct way.

Non sequitur. USD cash is used for buying all sorts of drugs too. Also, USD is involved in financing the largest military-industrial complex in the entire world for the last several decades, that has caused deaths in a fairly direct way at a scale which makes the entire cryptocurrency activity a joke. Even more direct is government messing with substances to actually hurt people.

At the same time, the correct monetary policy of Bitcoin (restricted supply and immutable rules) and a resulting 7x/yr average appreciation over the past 9 years is a huge motivating factor for saving both money and health so one can enjoy a rich and fulfilling life in the long run. People who realize it not only try to stay away from illegal transactions, but also avoid the harming legal ones (e. g. quit smoking).

I think the speculative wave around ICOs and crypto currencies is super risky for those who go long.

Wrong. It is actually, more risky to get involved in the speculative wave of ICOs and try to time the market, not for those who go long on Bitcoin.

2018   bitcoin

What is blockchain

Blockchain is a data structure for proving that certain events happened in a specific order.

Blockchain consists of a chain of timestamped blocks of events. Events are often called transactions.

Why timestamps? To not only order events relatively, but also pin them to the real time as it’s way more useful and in some cases necessary to make plain ordering work (e.g in Bitcoin to readjust difficulty).

Why chains? To cryptographically link past events to the current events, preserving their order under the latest timestamp.

Why blocks? Because it is relatively expensive to timestamp an event, so almost every blockchain protocol groups multiple events in a single block that gets timestamped.

Why timestamps are expensive? It takes time to reach an agreement in a distributed system. The more distributed and less well-connected the system is, the longer it takes.

What blockchain is not

Blockchain is not a “shared” or any other kind of database, blockchain is only a proof. Blockchain is typically used as a mechanism to update one’s database. The illusion of a shared database is created by multiple computers updating their databases using the same blockchain, and arriving to the same contents. Usually only a specific slice of such databases is replicated (for instance, in Bitcoin it is the set of all unspent coins), while the rest of the data is more user-specific or even private (account names, transaction annotations etc).

Blockchain is not a product in itself. Blockchain is a cryptographic proof and as such works only within specific assumptions. For instance, Bitcoin proves that a certain amount has changed hands under assumption that it is prohibitively expensive to double-spend (or reverse) that transfer and that the network is well-connected in order to detect such attempts early. Likewise, commercial/federated blockchain network assumes that the operators protect their infrastructure well from abuse and do not fork the chain. Blockchain is only a component in a larger integrated system.

Blockchain is not a transport mechanism. Transport mechanisms are necessary for delivery and replication of blockchains. Blockchain is not where “money flows”, it’s a place where money already moved and we have a proof of it.

Blockchain is not a “distributed system” in a traditional sense. Most distributed systems distribute load. Blockchains distribute vulnerability. For example, Bittorrent network and distributed/sharded databases distribute traffic and processing costs so that any single node does not have to service all requests. In a blockchain network nodes replicate and verify the same information in order to minimize vulnerability to any single node or entity.

On blockchain scalability

Traditional distributed systems are designed to scale the computational throughput, blockchains are designed to scale social interactions. Bitcoin nodes re-verify all same data and miners burn unforgivable amounts of electricity, but in return people in random jurisdictions can transact directly without numerous intermediaries and associated trust issues. As a result, the measurable costs in terms of money and time are significantly lowered and immeasurable _business opportunities_ are unlocked when more transactions become cost-effective at all.

Powerful abstractions

Modern programming languages allow building sophisticated modular systems, where everything is in the right place and feels good. Enthusiastic engineers invent more and more powerful abstractions so we can build our software with ease and confidence.

However, there is a caveat. Power of abstractions is often considered by one factor only: the formal one, that qualifies how much things are “normalized” and “decomplected”. I would argue that there are a few other, no less important factors. For instance, mental overhead and convenience. When formalism is pushed to the limit, the usability of the framework usually goes to nil.

The key to success is, as usual, 80/20. If you keep your formalism at 80% towards Absolute Perfection, you have a chance of keeping the whopping 80% of usability and other nice properties. Think of this as Perl in reverse: Perl pushes convenience well over 80%, making programs hard to analyze formally. Watch for all factors, but stay humble, so radical improvements in one direction do not destroy all the others.

2017   design

Why Bitcoin is called Bitcoin

99% of ideas around Bitcoin existed long before 2008. There was a proof-of-work money, there was a bit gold idea and there was paper on distributed property titles. Not to mention all the necessary cryptography that existed for decades.

The missing link was a simple idea: instead of tracking individual proof-of-work coins of bit gold inside some distributed property title registry, lets turn the problem inside out and put the registry inside a single coin. This way, the registry will track fractions of that coin, and the coin will be made perpetually scarce and identifiable due to never-ending amount of proof-of-work piling up on top of it.

Since it’s going to be just one coin of bit gold, it’s only fair to call it bitcoin.

2017   bitcoin

Bitcoin is like...

Bitcoin is like physical cash: it is not reversible and you are responsible for handling it. If you lose your wallet, you lose your money. You can give bitcoins to someone to hold them for you, but it will be like with any bank: you have to trust them that they won’t run away with your money.

Bitcoin is unlike physical cash: you can store as much as you want and it will not take any space. You can send it over the wire to anyone. It is impossible to counterfeit. You can’t give it in one second: to actually guarantee that transaction has happened, you have to wait 10-15 minutes for the cryptographic proof to be produced by the network.

Bitcoin is like gold: it cannot be produced at will, there is a limited amount of it and this amount is scattered in spacetime continuum (mostly time). To get some bitcoins someone should give them to you, or you should *mine* them. Like gold, Bitcoin is shiny: it attracts people with its beautiful engineering, built-in contract programming language, wise incentives, and libertarian promise of freedom from coercion.

Bitcoin is unlike gold: supply of Bitcoin is completely fixed via scheduled mining (only so much bitcoins are created per hour). You have a guarantee that no one will suddenly find a mountain of bitgold or mine it on asteroids. Unlike gold, Bitcoin difficulty is adjusted to the mining efforts to keep the schedule fixed. You may dig up all the gold in one day, but it will never be possible with Bitcoin no matter how fast computers will ever become. Growing mining efforts can only bend schedule slightly (network adjusts difficulty to producing 6 blocks per hour, but if network constantly grows it may produce 7-8 blocks per hour).

Bitcoin is like a bank: there are computers, databases and transactions. Databases store the entire history of all incoming and outgoing payments: who send how much to whom. Everything is digital. There are no vaults with gold or personal deposit boxes, only bookkeeping in a single “ledger”.

Bitcoin is unlike a bank: everyone can verify that their database contains the same ledger data as everyone else’s. There is no manager in charge of updating the ledger and making sure it is not tampered with. Any person may have as many accounts as they like and all accounts are anonymous (unless one reveals his identity himself). Ledger does not store names, only balances and account numbers. There is no possibility of a “fractional reserve” when bank loans out more money than it actually has. In fact, there are no debts on bitcoin ledger: either you have money on your address and it is fully yours, or you don’t and you can’t use it at all. Also, Bitcoin allows to lock money with “contracts”: cryptographic puzzles designed to spread the decision making between several people or across time.

Bitcoin is like Monopoly money: coins are abstract tokens that are not claims to any value. People value them because they choose to play the game. In fact, the same is true for gold or any other money.

Bitcoin is unlike Monopoly money: there is a limited supply of tokens and no one can counterfeit them. This makes them a good candidate for a universally recognized collectible like gold or silver coins.

Bitcoin is like a battery: if you have excess energy that would otherwise be wasted, you could turn it into mining. The resulting bitcoins can travel in any other place of the planet with a speed of light. If you build a giant hydro dam that cannot be fully utilized for several years, mining provides an immediate income that partly offsets development costs. Some people believe Bitcoin could help accelerate transition to renewable energy sources this way.

Bitcoin is unlike a battery: Bitcoin does not give energy back, it only sucks it in. Also, it is not profitable to deploy machinery in various places in the world and switch it on and off, as cost of electricity fluctuates: it would be a fun arbitrage, but mining equipment depreciates too quickly to let it stay idle.

Bitcoin is like Git: in Git (a distributed version control system) all your changes are organized in a chain protected by cryptographic hashes. If you trust the latest hash, you can get all the previous information (or any part of it) from any source and still verify that it is what you expect. Similarly, in Bitcoin, all transactions are organized in a chain (*the blockchain*) and once validated, no matter where they are stored, you can always trust any piece of blockchain by checking a chain of hashes that link to a hash you already trust. This naturally enables distributed storage and easy integrity checks.

Bitcoin is unlike Git in a way that everyone strives to work on a single branch. In Git everyone may have several branches and fork and merge them all day long. In Bitcoin one cannot “merge” forks. The blockchain is a actually a tree of transaction histories, but there is always one biggest branch (which has the value) and some accidental mini-branches (no more than one-two blocks long) that have no value at all. In Git content matters more than branches, in Bitcoin consensus matters more than content.

Bitcoin is like Bittorrent: the network is fully decentralized, there is no single “mint” or “bank”. The blockchain is like a single file on bittorrent: cryptographically authenticated and shared across many computers. Every participant, including miners are acting on equal grounds. If one part of the network becomes disrupted, transactions can flow through other parts. Even if the entire network goes down, information about transactions is still stored on many thousands of independent computers and no one’s money is lost. When people connect with each other again, they can continue sending transactions like nothing happened. Both Bitcoin and Bittorrent can survive a nuclear war because information does not become radioactive and can be safely replicated.

Bitcoin is unlike Bittorrent: instead of many independent “files”, there is one file that always grows: the blockchain. Also, the most important participants: miners are actually getting rewarded for their work with real money.

Bitcoin is like freedom of speech: every transaction is a short public message that can be pronounced no matter where or how. If some miners hear it, they will add it in the blockchain and that message will be forever in the history. Everyone will see it and no one will be able to erase it.

Bitcoin is unlike freedom of speech: saying something comes with a cost. Transaction moves coins that you must have to start with. So not every moron is allowed to shout, but only those who had a merit to acquire some coins in the first place. Also, miners may reject transaction if it’s spammy or does not contain enough fees. So no one provides anyone with freedom as “in beer”, but everyone tries to cooperate on a voluntary basis.

Bitcoin is like a social contract: it is a pure cultural phenomenon. It works as money as long as people treat it as such and have guts to hold it and respect its rules. Technology is needed only insomuch to provide necessary plumbing for that contract.

Bitcoin is unlike a social contract: it is not the kind of a contract that they teach at schools. It’s not flexible, and it’s not imposed by any ruler. It’s a set of rules that everyone chooses to play by, therefore adding weight to the existing consensus.

Bitcoin is like magic internet money: it simply is.

2017   bitcoin   git   money

Bitcoin is a Tesla

Bitcoin compared to traditional financial assets is the same as Tesla compared to gasoline cars. Both Bitcoin and Tesla are sustainable, require less maintenance and eliminate bullshit on a planetary scale.

Recently Elon Musk showed a new truck and a new roadster. Both are the same thing: a battery, couple of motors and a few wheels. Both are very fast, efficient and both not only beat the shit out of every competitor in their categories, but also reshape the whole industry by removing a lot of unnecessary parts and making old problems irrelevant.

Take, for example, a Tesla Semi:

  1. There is no transmission, no cylinders, no oil, no radiators, no shaft.
  2. Nothing explodes near your crotch 3000 times per minute. Instead, your car is powered by a sustainable solar energy: during the day charging stations accumulate the sunlight non-stop and during the night fill the car’s battery.
  3. There are brakes, but you never have to change them because you’d brake via motors most of the time, and guess what — they will return energy back to the battery.
  4. Four small motors are directly connected to four wheels. Not only the motors are the same as the motors in sedans (gaining from economy of scale), but they also provide independent torque to each wheel, giving better traction and better safety.
  5. A convoy of three trucks beats the rail: it’s not just more cost-efficient per kilometer, but you can deliver your load directly from door to door, without extra stations and re-loading your cargo from a train to a truck. You can now imagine how the entire problem of moving goods by land is going to be solved in a much more efficient manner.

Tesla Roadster is the same story, but applied to supercars. It beats all performance records, but because there is less moving parts, there is more space in the trunk, you can seat 2 more passengers and you can make 1000 km on a single charge. Oh, and it costs 5 to 10 times cheaper than all supercars that it outperforms. In other words, your non-toy everyday car can be a supercar. Even their SUV outperforms a Lamborghini.

How does it apply to Bitcoin? Bitcoin is also like a highly efficient battery with very little moving parts.

  1. Bitcoin is a very efficient battery: your stored value is impossible to siphon away via inflation and very hard to confiscate directly.
  2. Bitcoin is a very cheap battery: your stored value does not need maintenance or annual fees. It just sits where you put it and does not occupy any space.
  3. Since everyone can save money, there will be no need for consumer credits with their invasive personal records that leak all the time.
  4. The need for specialized insurance will be reduced to very low-probability issues. When you have more savings, you can afford higher deductible for your car insurance and pay less monthly, which helps saving money even better.
  5. Personal computers enable such a high level of security, there is no need to punish merchants with costs of fraud: payments can be settled much faster and without the need for payers to provide tons of personal information that is eventually leaked too.
  6. As money appreciates rather than depreciates, people will be more careful at spending it: the demand shifts towards higher-quality, longer-living products. You know, like Teslas.
  7. There will be less VC bullshit like “99% startups fail, so we’ll spread funds thin among 1000 startups”. The money will not grow on trees anymore. Most startups will start with their own savings and will provide actual value to actual consumers, because people are not going to part with their bitcoins that easily. Instead of trying to satisfy 3 rich investment “partners” (who just want to resell their stock to the bigger fool) and share your business with them, you will have 100% of your own business and will have to satisfy thousands of diverse customers who do not have any hidden agenda.
  8. People will work less and smarter: everyone wants to earn sound money, but having real savings, everyone can afford more time for personal growth and family. Like working 30 hours a week instead of 60. And with less stress and a higher self esteem. People can make families at a younger age, with less health issues. Kids will grow with more active parents that allocate more attention to them.
  9. Finally, Bitcoin works without kings and politicians: as a result, nothing will explode near yours or anyone’s crotch, just like in a Tesla. Who would spend money that can only be earned, not stolen or inflated, on purely destructive activity? Governments won’t be able to maintain huge armies and be at constant war all over the world: they’d have to start knocking on everyone’s door for extra cash.

Just like Tesla changes the paradigm of transportation, Bitcoin changes the paradigm of finance and security: many existing problems and solutions simply become irrelevant.

 1 comment   2017   bitcoin   tesla

How to buy Bitcoin

You can only buy Bitcoin once in your life. You are going to make your homework and buy some coins with the intent to hold them for at least several years. They will (probably) eventually increase in value, so buying more some time after would not make a difference to your balance.

Unlike popular ponzi schemes, such as social security, pension funds and modern stock market, there are no dividends: you cannot earn more bitcoin by holding bitcoin. You can only sell, in which case you can get something useful back, but you would have to give your bitcoins to other people. The amount of bitcoins you have will only decrease.

People who understand that are rushing to buy as much as possible to have a better starting position. Because when you go from zero bitcoins to some bitcoins, that’s all you are going to ever have. This also explains all the insane level of attacks on Bitcoin in 2017: big money comes in and has only one chance to buy as much as possible, hence all the drama attempting to slow down the price while Coinbase signs up one million accounts per month.

There are three caveats, though.

First: most people would learn about bitcoin when its price has just increased rapidly and has a large amount of short-term speculation in it. They will buy at $1000 in 2013 only to witness the price sliding down to $250 in 2015.

Second: you have a lot of personal responsibility with Bitcoin. You can lose it in million different ways if you are not careful — hackers can steal it from you, your wallet provider can defraud you, you can “invest” in some “crypto currency” etc.

Third: an attempt to create a new kind of money is not a matter of technology, but a purely cultural phenomenon. Any money has value because many people are simply willing to hold it in their pockets. Technology is only there to provide plumbing for the shared hallucination, but does not actually induce it. If you do not believe in that cultural shift or do not support it, by all means you should not buy Bitcoin.

2017   bitcoin

Money does not circulate

All the money ever does is “sits”. It never “moves”. Switching ownership is instant, so “sitting” takes 100% of money’s activity. If your money burns a hole in your pocket, it is not because “money must move”, it is because you have shitty money. A better money does not burn the pocket and sits calmly without losing its value waiting for a good opportunity to be spent on a worthy thing in the future. Money is the insurance against uncertainty.

Most people do not understand that because they hardly have any money: instead they have wages, fees and debt — they only see a shadow of money moving from their paycheck directly into their rent and groceries. And for the most part, it is because paper money loses its value all the time and does not permit savings.

If you do not belive me, here is a quote from Murray Rothbard published in 1963, What Has Government Done to Our Money?:

Economists err if they believe something is wrong when money is not in constant, active “circulation.” Money is only useful for exchange value, true, but it is not only useful at the actual moment of exchange. This truth has been often overlooked. Money is just as useful when lying “idle” in somebody’s cash balance, even in a miser’s “hoard.” (At what point does a man’s cash balance become a faintly disreputable “hoard,” or the prudent man a miser? It is impossible to fix any definite criterion: generally, the charge of “hoarding” means that A is keeping more cash than B thinks is appropriate for A.) For that money is being held now in wait for possible future exchange — it supplies to its owner, right now, the usefulness of permitting exchanges at any time — present or future — the owner might desire.

It should be remembered that all gold must be owned by someone, and therefore that all gold must be held in people’s cash balances. If there are 3,000 tons of gold in the society, all 3,000 tons must be owned and held, at any one time, in the cash balances of individual people. The total sum of cash balances is always identical with the total supply of money in the society. Thus, ironically, if it were not for the uncertainty of the real world, there could be no monetary system at all! In a certain world, no one would be willing to hold cash, so the demand for money in society would fall infinitely, prices would skyrocket without end, and any monetary system would break down. Instead of the existence of cash balances being an annoying and troublesome factor, interfering with monetary exchange, it is absolutely necessary to any monetary economy.

It is misleading, furthermore, to say that money “circulates.” Like all metaphors taken from the physical sciences, it connotes some sort of mechanical process, independent of human will, which moves at a certain speed of flow, or “velocity.” Actually, money does not “circulate”; it is, from time, to time, transferred from one person’s cash balance to another’s. The existence of money, once again, depends upon people’s willingness to hold cash balances.

2017   money

About me

I am into UI design, software architecture, information security and crypto-anarchy.



  • Building Tonkeeper: powerful wallet app for TON (2021-today).
  • Author of ZkVM: blockchain with confidential smart contracts (2019-2020).
  • Author of Gitbox, a 5-star version control app for OS X.
  • Author of CoreBitcoin, a Bitcoin toolkit for Objective-C and Swift (2013-2015).
  • Author of BTCRuby, a Bitcoin toolkit for Ruby (2014-2015).
  • Designer and developer of Mycelium iOS wallet (2014).
  • Co-designer and developer of FunGolf GPS, currently TAG Heuer Golf, the best assistant app for golfers (2012-2014).
  • Initial designer and developer of VK video service (2007–2008).



  • Barcelona, Spain

Assets is the new cryptographic primitive

Computer science and applied cryptography in particular, has a hierarchy of building blocks, where higher-order blocks are composed of lower-order blocks.

Roughly, the hierarchy looks like this:

  1. Charge and current in electric circuits
  2. Bits
  3. Bytes & words
  4. Data structures
  5. Permutations: block ciphers, hash functions
  6. Self-authenticated data structures (e. g. hash-trees)
  7. Symmetric encryption and authentication
  8. Public key cryptography: digital signatures, shared secrets, asymmetric encryption.
  9. Certificates and chains of trust (e. g. X.509, PGP web of trust)
  10. Timestamped append-only logs (e. g. Certificate Transparency)

Blockchain protocols are made of these building blocks in order to offer a new kind of a building block: the digital asset.

Digital assets simplify and expand some schemes that struggle with lower-level primitives such as digital signatures and certificates.

In money: digital assets are bearer instruments that can be exchanged between parties that do not trust each other, while signatures only facilitate point-to-point exchange between trusting parties.

In supply chains: digital assets represent certificates of acceptance enabling end-to-end security for each participant in the supply chain, automating provenance and improving security of payments. E. g. a payment can be locked by condition that a particular set of certificates are produced, instead of deferring it to a third party escrow, increasing the surface of vulnerability.

In consumer payments: digital assets are used to represent not only payment instruments (cash, rewards, loyalty points), but also receipts and sometimes products themselves (tickets and prepaid cards).

In things: digital assets represent access tokens to devices running tamper-resistant computers that can be efficiently delegated, used as a collateral, bought and sold. E. g. lockboxes, vending machines and cars.

What about smart contracts? Aren’t those the next higher-order primitive? Not quite. Smart contracts use formal language to describe context-specific policy, so their impact depends on that context. Smart contracts inside a public key infrastructure (e. g. certificates) enable more sophisticated signing rules, but only within limitations and assumptions of such infrastructure. Smart contracts that control digital assets take advantage of their bearer instrument nature secured by entire blockchain network that acts as very slow and very secure computer. Smart contracts are important, but play a supportive role in systems built on top of digital assets.

Whenever you wonder how could a blockchain protocol help with a given problem, reframe the question in terms of digital assets. If there is something that can be defined as a digitally transferrable thing and benefit from automation and improved security of such transfers, then you have a reason to consider blockchain as part of your design. If not, then blockchain is probably not what you need: it would be either irrelevant (e. g. health records on blockchain) or grossly inefficient (e. g. arbitrary computation environment).

Originally published on March 28, 2017