Cryptocurrency Risk Management

For the first time, I faced the issue of blockchain after the speech of Herman Oskarovich Gref given by him at the Davos forum in 2014. I was asked there what a bitcoin was, but I had never been involved in it, and therefore I couldn’t answer this question. I even felt annoyed: I wondered how it could be that Herman Oskarovich Gref knew, and I didn’t? Especially since we spoke for a length of time about technologies in 2010-2011 (he wanted to buy CyberPlat, but we hadn’t managed to reach agreement on this matter), and I understand the depth of his knowledge of digital technologies very well.

I have been continuously engaging in computers since 1983 and I get deeply into the material. But he is actually a humanist, and his understanding of IT could hardly be deeper. For example, just take his idea to train the Sberbank’s employees to use the mathematical tool of artificial intelligence?! I got some acquaintance with the artificial intelligence in 1988-1989 and perfectly know that, at first, it is necessary to study the mathematical analysis, linear algebra, probability theory, mathematical statistics, modeling methods, algorithmic methods, etc. … and only then to work with elements of artificial intelligence! Not every excellent student with strong technical education will take this, much less the humanist: it’s like to train a sailor revolutionist to understand the differences in impressionists’ methods of painting.

However, I’ve started to study what a bitcoin is, and have come to a disappointing conclusion. Why disappointing? The majority joyfully say to us: “All go there, all earn money there!” But unlike the majority, I know,

What a risk management is

I’ll try to explain this concept in layman's terms as much as possible. Let’s take, for example, insurance business. How are insurance premiums related to the risk of car theft calculated? Insurers examine the theft statistics of a certain car brand for last year. Suppose 3% of cars have been stolen. They offer a rate of 4% and know that if they insure 100 cars, then three cars will be stolen, and the premium for the fourth one will remain to then, so they all will make money for a car. It is the essence of risk assessment - to know risk exposure as accurately as possible. And if, after receiving the good premiums, you try “to persuade” car thieves not to steal the cars any more, this will be risk management.

As to the banking business, risk assessment is usually represented in the form of interest rates. When a potential borrower comes to a bank, bankers calculate his/her risks: the values for the country risk, legal risk, industry risk, owner’s risk, technology development risk, etc. All this form a final interest rate for a loan – for example, 12.5% per annum. The client is explained why the rate is as such, but not, for example, 10% or 15%.

The same approach can be used to assess the risks associated with new technologies. When financiers and/or IT specialists professionally “launch” the new area of business, they surely create risk management of such area: some kind of a book where the table of contents is a list of risks, and each section gives a description of such risk, its limits and mitigation methods.

Let's see how similar situations were solved earlier. For example, bankers involved lawyers to manage credit risks, developed long loan agreements, and then came to conclusion that they need such credit risks to be secured. The current lending practice is far from what was at the first stage! Banks as institutions have been existing for only 400-500 years, and, during these 500 years, such tools as legal support of loan agreements, security, guarantee, pledge options, etc. have been created.

There are settlement risks. In order to overcome this, the enterprises engaged in estimation are licensed. Not everyone could estimate risks in a massive way, except for entities continuously monitored by the Central Bank. Once checks had been invented, the legal framework was developed over the course of time. The same situation is with letters of credit and escrow accounts.

The history of credit and settlement risk management shows that it is quite possible to resolve issues related to risk management of a blockchain, bitcoin and various cryptocurrencies. As usual, the solution has three stages: identification of risks, description of risks (threat model), and activities aimed to develop risk mitigation measures.

What our current position in risk management of cryptocurrencies

First of all, for now, Russia and the world in whole poorly understand the origin of this technology and goals of its creators. Natalya Kasperskaya started to tell a little about the American origin of bitcoin, but most of people in general do not understand who has created it and for what. What were the design specifications, if we obtained such result? Why have creators chosen these technological principles from a huge variety of options?

The trouble of illiterate assessment of an impact this technology has on life often consists in the maximal estimates resulting from the fact that such illiterate appraiser even has no idea of what he/she reasons about. There is one assessment: all our life will globally change because the blockchain has come. Also there is another one: don't get involved in this because cryptocurrency is an organized fraud. Just think how this gap is large. It is not even a situation when you come into a dark room and you don't know an elephant or a cat is there. It is a situation when you aren't sure whether you are in the room or not.

What areas do the cryptocurrency risks belong to?

That’s why, when I began to study cryptocurrencies, I started with examining the list of risks. I’ve found out not only that there are a lot of them, but also that they belong to three wide and different areas: IT risks, economic risks, and legal risks. It is almost impossible to find one do-all specialist being an expert in all these areas at once. There are maximum ten experts in the country, and hardly any of them serves for the public sector.

Therefore, before being engaged in cryptocurrency, it is necessary to make the list of all possible risks and to divide them into the profession-oriented risk groups. Each group will be examined by a relevant expert. The group of legal risks shall be assessed by a lawyer, economic risks – by an economist, and so on. It is because when the economist starts to reason about IT risks, this is not going to end in anything good. It is the most important problem of all digital currencies: people talks past each other and no one thinks about what is necessary for all who want to be engaged in it, no one tried to gather, create an entity consisting of profession-oriented departments dealing with a risk within their competence.

The first conclusion is that the main problem is analysis of blockchain technologies or, better said, distributed ledger technologies, which requires detailed competence in different areas.

What are these areas?

At first, it is general electronics, or understanding of how in general computers work. It is necessary to understand why it is based on a binary numeral system (zero and one), but not on, theoretically speaking, system with twos or threes.

Further, the modern electronics is very important, a.k.a. electronics of the so-called "closed" areas, first of all - military electronics that uses special algorithms. From the beginning, the technologies couldn’t be considered as purely peaceful. If the human invents something, usually this invention is primarily used for killing all rivals. When the mankind managed to smash atom, at first almost 300 thousand people were killed in Hiroshima and Nagasaki. I think that the monkey has taken a stick for the first time not to put down a fruit from a tree, but to give a thump on the head of other monkey.

The same is for electronics – be sure, everything that we see in a peaceful area of application was at first used for military purposes. For example, cellular communication is the field basic communication network developed in the middle of the 20th century for military purposes. A part of this technology was declassified and it became available to ordinary subscribers. The Internet initially was called ARPANET and connected several hundreds of US military institutions and entities between each other. It was declassified and transferred for open use – now we send each other e-mails, reads news and different websites.

So, in order to analyze the distributed register technologies, basic knowledge of two types of electronics is a required minimum.

Let’s get on legal framework. One needs to know the legal framework and public law – how cryptocurrencies, money, settlements are regulated by the state, as well as the private (trade) law, i.e. how two persons with equal rights (entity or individual) can exchange them.

And, of course, macroeconomics shall be known.

Try to imagine how many people are rather good in all these areas? Personally I feel blessed to have these three degrees: in electronics (Moscow Institute of Electronic Engineering), in finances (Financial Academy) and in laws ¹ (law department of MSU).

And the top level problem is not even in finding multi-discipline experts. The problem is in finding such multi-discipline officials because they have to regulate processes at the state level, in the field of public law taking into account macroeconomic interests and relying on knowledge of electronics.

Let’s start with analyzing macroeconomic risks

The first risk is a lack of top managers’ literacy. Example. A speaker holding a rather important post spoke at one field-specific conference and said that the blockchain and bitcoin is absolutely different things which required different approaches. Actually, the bitcoin is created based on the blockchain technology. And what is interesting, nobody has objected, rebelled against this or shushed …

Another risk is underestimation of future damage resulting from emergence of new threats associated with development of technologies used for criminal purposes. The following example shows the extent to which we don't fully understand the future risks. About five years ago they all shouted: “The client-bank system will change the life, people will send payment orders to the bank from their homes via cell phones, and everything will be OK”. Nobody has warned us about hackers who crack accounts, log into the system instead of clients and make unauthorized transfers. Nassim Nicholas Taleb describes this in his book called ‘Antifragile’: “people always speak about the height of mountains proceeding from the highest mountain they have ever seen. But it doesn't mean that they won't find the mountain being higher.” Nobody estimates correctly and competently the probability of risk that these cryptocurrencies, God forbid, will be stolen. Recently I’ve come across information that 10% of money raised during ICO is stolen by hackers. And it is just the beginning. The percent of stolen money will grow because hackers quickly improve their skills.

Another example. The USA is a highly developed country that creates cybernetic weapons to protect their interests. In order to manage these weapons, CIA has developed an isolated top secret network not physically connected to the Internet. Only think! These weapons were stolen from this secret network! The reasonable question: if hackers could hack the isolated CIA top secret network in the high-tech USA, couldn’t they hack the Central Bank? After all, cryptocurrencies even do not have a single registrar!

This situation is very illustrative and shows what happens if to underestimate the technology risks that nobody knows. Lev Termen, a Russian inventor, invented the espionage system called Zlatoust in his time. During 10 years, this system worked for Russia against Americans ² .

One day the American ambassador visited Artek to meet pioneers, and they presented him with an eagle shaped wood cutout. “Beautiful eagle, - the ambassador thought. - I will hang it on the wall in my office as it is the symbol of America. And after all, it is purely wooden, no wires are seen, no electric supply is connected, - it can't hold any spying devices inside!” The eagle hung in his office during 10 years. And when it became known exactly that there was a spying device somewhere in his office, and everything was disassembled, they decided to look inside the eagle too. They dissemble it and found some wires. It turned out that if to transmit a certain radio waver on this device, the wires serve as the voice modulator adding a sound wave to a basic radio wave. Somewhere else this modulated wave is taken off the air which provides an opportunity to hear what is told in the office.

Nobody knew about this technology during the first ten years of its existence and usage. Could you imagine how many technologies not known to us exist now, and they work! It would be great if one day they disclose these technologies and allow us to use them. For example, you think that you have bought a mobile phone, and it is yours. But Natalya Kasperskaya, speaks without any disguise ³: A smartphone is not yours. You receive it to treat yourselves. In fact, this device belongs to other people to whom we give big and warm regards”. Therefore, we don't understand risks of new secret technologies at all, just because they are secret. But they say - take and use it as you like. 10 years have not passed yet, and generally speaking not any considerable time has passed.

The next macroeconomic risk is a risk of taking an authoritative, but wrong decision.

In 1996, the monsters of economy - Microsoft, IBM, Visa, Mastercard - have gathered and decided to develop a uniform solution for electronic transactions. They have developed the solution called SET (Secure Electronic Transaction). Visa says: Ok, we will adopt this solution. But IT competent people have understood at once that it is a very heavy, inconvenient solution and nobody will go, figuratively speaking, to a bakery by BELAZ. Those who are not familiar with IT (and at that moment it was, in particular, Alfa-Bank) have turned around and purchased SET at the price of about one million dollars ⁴. After one year they understood that it was a wrong decision to use BELAZ to get to the bakery and Visa suddenly pulled out of this coalition, and IBM said - sorry, we were wrong …

The situation looked like all had taken the decision, someone had paid for it, and then the others had said - oh, it would not be so. Following that, Alfa-Bank had a prolonged conflict with Visa. To bring an end to this situation, Alfa-Bank received a seat in a certain supervisory board as consolation.

What is important in this story is that even the very skilled people can take wrong decisions. Who has proved to us that bitcoin is the correct decision when several thousands of cryptocurrencies exist at the market? And the bitcoin haven’t held the controlling stake in them any more!

All these are macroeconomic risks to be assessed by the Central Bank, Ministry of Economic Development, Ministry of Industry and Trade and other government authorities.

One more macroeconomic risk is declaration of the technology to be licensed or prohibited for usage and storage. This has already happened with drugs, weapon, and alcohol during the validity period of the prohibition law. At some point of time, I was wondering what currency was the best. I typed “the best currency” in Yandex search bar ... and you know what it proposed to me? As the first link? “The best currency is cartridges. One cartridge - one life.”

It is true for places of war conflicts. Our special forces soldiers who were in the war in Chechnya understand this too. Where there is no law, the gun is the best currency. But once the law has appeared – free access to guns is prohibited. There is a list of things which free circulation is prohibited in the civilized world: drugs, weapon, rockets, certain chemicals … There are the situations when some things remain legal for a long time, and then suddenly becomes illegal. One has only to think about the story of Bayer Company: they started with legal production and sale of cocaine. They even sold nasal drops with cocaine. The People’s Commissar of Healthcare, Nikolay Semashko, prescribed them to members of the Council of People's Commissars. Bayer succeeded in business, and then legal sales of cocaine were prohibited. After that they started to produce heroin ⁵ until it was prohibited too.

In the area of money circulation which the state monitors very carefully, the situation when something legal becomes illegal is quite possible. It is obvious that, in some countries, the cryptocurrency will be declared legal, and in others not. In some countries it has been already prohibited. And even if we have the Telegram channel with advertisements for sale of apartments, cars and even titanic fields for bitcoins and other cryptocurrencies, the question of legal execution of such transactions remains open. How to recognize that the transaction has taken place and the funds has been transferred from the buyer to the seller? This poses purely legal risks – declaration of the transaction to be illegal, unlawful, invalid or even worse - fraudulent.

Not so long ago the WannaCry ransomware hit hard all over the world and led to real human losses because the virus encrypted the computers responsible for life support of people in the British clinics. But where does it come from? The first decoders proposed cancellation of this code upon payment via SMS. And when this channel of payment to rampers was blocked, hackers have ceased their attacks with these viruses and sopped to use this tool. It can be said that WannaCry is based on existence of anonymous cryptocurrencies: if bitcoin didn’t exist, there wouldn't be any economic sense to start an attack with ransomware. Therefore, if the mankind wants to protect itself against the ransomware, then the anonymous cryptocurrencies shall be cancelled. Only think how many electronic devices, from smartphones to ventilation systems, can be infected with such viruses! And if, God forbid, someone threats the whole world with such viruses, the question of cryptocurrency prohibition will rise at the same moment. And such decisions are taken by people who obtain benefits from making politically favorable populist decisions.

One more macroeconomic risk is an - alternative monetary circulation not controlled by the state. The Chairman of the Central Bank of Russian Federation, Elvira Nabiullina, and the Deputy Minister of Finance, Alexey Moiseyev, have already told about this: none reputable state won't allow any uncontrolled currency circulation in its territory. The state doesn’t pay attention to this until the volume of such circulation increases above the some limit. Then the situation will change.

Uncertainty of taxes associated with cryptocurrencies and capital gains. Just tomorrow the state can impose any taxes on cryptocurrency, and such risk shall be foreseen too.

Criminal risks

There are many such risks.

Any crypto currency is at risk of being used for non-compliance with anti-money laundering and anti-terrorist financing legislation (AML/ATF).

Another risk is anti-state social engineering. What is it? Let's say people receive an anonymous email, calling: "Come to Bolotnaya Square at a certain time and you will get 1/10 of bitcoin". How many people will come? One can gather a very large crowd. And let's imagine - these people come and receive a new message: "Now, go over the bridge and walk to the Red Square". Or to the Manezh Square. Anyone who has this technology in his hands can manipulate a large number of greedy and stupid people remotely.

The third risk - use of inconsistency with current legislation for fraudulent purposes. For example, Smart contracts, which are the basis for everything, are not described in the Civil Code at all. The electronic digital signature is described, it is called the 'equivalent of a handwritten signature' there. But no one knows what is a Smart contract as a matter of law, and if you come to court with it, the court has no legislative base, let alone practice, according to which it is necessary to take a judicial decision. You have exchanged crypto currencies, yes, but there is no judicial support for this decision by definition. What is this risk equal to? It is necessary to evaluate, weigh the risks. Because they can invent such rules of the game that your investments in crypto currency will instantly depreciate.

One more risk: theft or publicity of commercially valuable information and trade secrets or personal data. Here lies the problem of all blockchain technology. Everyone knows about all transactions at once. You know the personal data of everyone. This directly contradicts "On Personal Data" law.

The risk of theft we have discussed a little above - the very 10%. For now. As Mr. Moiseyev said: "We can not provide absolute reliability of transactions due to the fact that if for some reason 50% + 1 of crypto currency validators say that there was a transaction, but in fact there was not, we will not have any opportunity to dispose of it". And if these validators are also anonymous, the risk increases significantly.

The risk of finding prohibited information in the crypto currency network. Any crypto currency validator is the custodian of the entire archive of data at once. Since the vast majority of validators are not professionals in the field of creating and monitoring cryptographic software, they can not even understand that there can be something unauthorized inside the archive. At the same time Researchers from the universities of Aachen and Frankfurt found out that in addition to financial information about 1,600 other files were kept in bitcoin network. Among the detected files seven violate copyrights: they contain extracts from different whitepapers, a private RSA key, a secret software key and a key to cracking the DVD copy protection. Also, the bitcoin blockchain stores wedding photos and a photo of people with their online pseudonyms. Among the files there were copies of US diplomatic cables, the leakage of which occurred through WikiLeaks in 2010, and the news about the demonstration in Hong Kong in 2014, some files in the bitcoin blockchain contain illegal information and 274 links to similar resources, 142 of which lead to Dark web services ⁶ .

Very simple conclusions follow from the existence of this fact:

There is a method unknown to the general public to archive extraneous files.
Thus, viruses and other malicious software can be placed in the archive (if they are not already there).
And if there is a method of placing extraneous files in the archive, unknown to the general public, then it is logical to assume that there is also a method unknown to the general public to read these extraneous files from the archive, including viruses and malicious software.
It is also logical to assume that there is a method of self-extracting and self-installation of such extraneous viruses and malicious software on the user's computer, unknown to the general public, exploiting the hidden capabilities of cryptocurrency mining software or their operating systems.

The risk of cryptocurrency containerization. The risk of cryptocurrency containerization. Thus, the archive of the cryptocurrency is a cryptocontainer. Having received it, the user can only know the information written on the "container wall", its name and content is visible to the public. In some types of blockchains, user cannot know what is inside else the cryptocurrency archive of cryptocontainer due to encryption (if we understand encryption as a crypto transformation), and also due to the fact that he does not know the algorithm for searching and identifying "added" information (he does not know what and where to look for), that is, steganography. And inside can be anything: instructions on terrorism or top secret information. Or malicious code.

For example, an unlimited circle of people can write to the public blockchain, access control is not performed and there is absolutely no chance that the validator will not receive forbidden information or virus will come. And there are no certified or at least trusted means to check what is in the archive-cryptocontainer precisely. In addition, many cryptocurrencies provide developers with an open API for developing their tokens based on the “main currency”. Developers have every opportunity to add illegal content to the cryptocontainer and hardly anyone controls it besides the developers themselves.

Was there a precedent in history for the realization of risks in an “unverified container”? Yes there was. In the XIII century, Khan Khubilai launched relatively “high-speed” caravans along the Silk Road. Who objected then to this new, clearly revolutionary technology for the delivery of goods? Everyone was in favor and very happy. Just then no one understood that the plague virus, which is natural in Mongolia, did not have time to kill caravans in the Gobi Desert, and these very caravans, due to increased speed, became carriers of the plague in Europe and China. The price of risk then amounted to the death of half of the population of Europe and two-thirds of the population of China.

What kind of “infection” can now be in these cryptocurrency cryptocontainers, we do not know. It is very easy to put malicious software there that steals information or infects critical information infrastructure. What is the amount of critical infrastructure stop, we now understand?

Technological risks

Where did the blockchain technology come from? Nobody talks about it. After all, the distributed ledger technology has been known not only for the last five years, when it became widely popular, but for 35-40 years. And it was generally used for automated troop command and control systems, primarily for the exchange of tactical information. Imagine that you have 50 combat units that are fighting. And some unit - for example, a helicopter that took off in the air, detected something important, received information. This information must be transferred to all units and the command, so that each of them has a full face of the battlefield. Either directly or in ordered chain. The transaction is considered to be complete only when this information reaches every authorized addressee. Not from the moment when everyone got to know, but namely when he gave a response that he had received. If you have 50 addressees the data transfer is fast enough. But as soon as there is a thousand of them, the problems begin ... I could not get through to this one, the connection is lost with that one ... And the blockchain is originally designed for many thousands of validation nodes. Therefore, the speed of this technology is a maximum of 7 transactions per second. What does it mean in comparison? Here in CyberPlat® the regular "rate of fire" is 100 transactions per second, the peak - 500. In Sberbank, I assume, the regular is about 400, the peak - 1,500 transactions per second. How many blockchains do you need for this? When German Gref talks about the benefits of a blockchain, I immediately begin to estimate - how many of them he will need?

The risk of non-compliance with assigned tasks. Are 7 transactions per second enough? This is about 220 million transactions per year. And we have a population of 140 million! It means that each of us can make less than TWO transactions per year! And if you need three, then you should wait another year for the third transaction. If you need, for example, 300 transactions, then I'm sorry, you will not last to see them completed. Therefore, the introduction of this technology in large communities is impossible in principle. The bankers are interested in supporting large communities. When IBM assembled its first hundred of commercial computers, one was purchased by the Pentagon, one - by meteorologists, and the remaining 98 - by banks.

There was one case when a group of developers, when they heard that the speed of 7 transactions per second was too little, assembled thousand computers in one room, connected them with optics and achieved 200-300 transactions per second. But the ledger distribution, if the whole ledger is in the same room, becomes negligible. Because if you want to distribute this ledger around the globe, it is necessary to use the entire communication system: copper, air, and so on. A distributed, truly distributed network does not have such performance. 7 transactions per second are acceptable for armed forces. But the bankers will not be satisfied with such speed. This technology was not originally created for this and does not fit the current form of the financial market.

Step by step we approach the main issue. The risk of non-transparent creation. Who wrote the technical specification for the creation of this software? Who agreed its development? Who created the structural algorithm? Who accepted the code into service? Who conducted debugging?

Image: Хакер.ru

Natalya Kaspersky was the first to publicly state that there was no such person as Satoshi Nakamoto, and there is a group of American cryptologists behind the blockchain. We already know that the distributed ledger technology was initially used in the ACS by the troops a long time ago, and that's why nothing was written about it in scientific and popular science magazines. And now we learn that someone is already using this technology somewhere. It is obvious that they know what to do. And where are the people who know such things? It is clear - in the Pentagon.

Now let's try to remember where bitcoin was used for the first time? There is such anonymous network as Tor, and there was an online store called Silk Road, which sold drugs. The Tor network exists for anonymous donations, but strangely enough, it is known who is the main donor. This is the US Federal Bureau of Investigation. Well, it's clear that it's impossible to hack this network, because you need to hack successively five servers ... if, of course, all these five servers are not yours. And if they are yours, all five, you read all this correspondence and make decisions: we will put these in jail - to provide statistics, we do not arrest those, instead we take notice of who will take the bait, these are let alone - they pay us. Some people say this is how the Tor network has been created - by certain people for certain people.

Malicious tongues say about the Silk Road online store that when the FBI catches someone with drugs it hands over some amount to the state, and the rest, confiscated, sells under the counter, and where is the most convenient store for selling the confiscated property under the counter? Online store is a very convenient tool for this. If you also know that in the United States all FBI agents are officially discharged from liability for drug operations under the pretext of "they have to do this in order to infiltrate criminal organisations", the picture in general becomes complete. It immediately becomes clear who and how controls this market. But, after making several turnovers of "drugs / weapons - bitcoin", these people began to dump the crypto currency or change it to apartments, cars, titanium deposits and so on. Since these people have a lot of journalists in their arsenal, it was not difficult to inflate the history around it.

A direct consequence of all of the above is the risk of accidental loss.

Access to a wallet with a cryptocurrency can be lost as a result of a password loss, a failure on the data carrier, or the loss of the data carrier itself.

Because of the way cryptocurrencies function and the blockchain technology underlying it, user passwords are not stored anywhere other than their memory or personal records. There is no appropriate business process by which you can change passwords in person, verify the identity of the owner and return the rights to these cryptocurrencies or other crypto assets.

According to the New York Times, about 20% of the 18.5 million bitcoins existing in the world are in wallets that were blocked for some reason or whose passwords were irretrievably lost. The total value of currency that cannot be used is estimated at $ 140 billion.⁷

Summing up the results. Before entering somewhere, let's think - how do we get out? And if it turns out that it was money laundering on a particularly large scale, then in fact you are an accomplice in the laundering of operations with drugs and weapons.

What must be done

It is necessary to do risk management. We describe the risk and its maximum value, form the so-called threat strategy, determine the degree of the threat and define how it should be counteracted.

As you know, the most effective fighters against terrorists are terrorists themselves - that is, counter-terrorists. They know how to carry out a terrorist attack, and they easily guess how they can be neutralized. Any good armor manufacturer knows perfectly well how the shell works, otherwise he will not be able to produce armor. Why, when the bandits impose their protection, do they call it insurance? Because it's all a single whole.

Not so long ago, the theory of state as a stationary bandit appeared, for which they almost gave the Nobel Prize to an economist who had developed it. Putting the entire theory in one phrase - "who has the biggest stick, he is the chief in the area". It is the same with crypto currencies. To deal with macroeconomics, one must go to the biggest crooks in macroeconomics - the Central Bank, the Government. To deal with crime, you have to go ... well, you understand. Only when it becomes profitable and interesting for them, they will begin to manage this process.

My deepest conviction is that the real America - the one we know - began with the establishment of Murder Incorporated in the 1920s. When the largest mafia clans gathered and decided that it is possible to kill a person only with the permission of the leaders of all mafia clans. Then the uncontrolled crime ended, and they condemned, with their own internal court, whom they could kill and whom they could not. From that moment the country became civilized. Before that cowboys shot at sheriffs, and sheriffs at cowboys, and they differed from each other only by the presence or absence of a badge. But from the moment when legal proceedings appeared in the illegal space, from that moment civilization began in the USA. Any risk should be considered by professional risk managers. But who they are ... we will not write, but we will understand.

Therefore, to determine the risks of crypto currencies and create crypto currency risk management all risks must be divided into groups, and each group of risks should be studied by those who understand them.

For example, IT risks should be entrusted to the Ministry of Communications and the Academy of Sciences.
Economic risks – to the Central Bank, the Ministry of Economic Development, the Ministry of Finance.
Criminal risks - to the Ministry of Justice, the Ministry of Internal Affairs, Prosecutor's Office, secret service.

And only after gathering professional opinions of all groups together one can make a consolidated fundamental decision.

Disaster tolerance and survivability

The probability theory teaches us that the two-fold redundancy of the information infrastructure in peacetime, for example on civil aircraft or in processing systems, is quite sufficient, and the three-fold is somewhat excessive. This parameter is called disaster tolerance. But in combat aircraft and ACS of troops, for example, it is necessary to provide 4-7-fold redundancy of critical information infrastructure. For the simple reason that during the use of this device for combat purposes the enemy takes actions to destroy it. Therefore, with deliberate destruction of 2-3-4 levels of combat information infrastructure, the aircraft or control system must still perform its combat missions. That's why, the level of redundacy is four to sevenfold. And this is called survivability. This term is used in the design and testing of weapons. You can hear the phrase "ship survivability", "tank survivability", "aircraft survivability". But there is no such word combination for peaceful systems. Because this level of survivability is not needed in peacetime. We do not need for a peaceful passenger aircraft a seven-fold level of redundancy of on-board electronics. We also do not need seven-fold level of redundancy for peaceful processing systems. Unless, of course, we set ourselves the tasks of financing terrorism, reconnaissance networks behind enemy lines or carrying out wittingly illegal acts such as the sale of drugs.

In blockchain each "miner" ideally duplicates the entire network. This is some kind of super-mega-survivability. Even with the destruction of 99% of the backup blockchain does not cease to function. But is it possible in peacetime to lose 99% of the backup infrastructure? Of course not. Then what is the purpose of paying for such a clearly superfluous resource?

For mega-survivability of crypto currencies we have to pay with extra work of the processors of all participants, and what is most important - with the time of transaction. The very superfluous mega-survivability is the reason for low productivity and high cost of using crypto currency.

Former PayPal CEO William H. Harris writes: “It takes about an hour for a bitcoin transaction to be confirmed, and the bitcoin system is limited to five transactions per second. MasterCard can process 38,000 per second. Transferring $100 from one person to another costs about $6 using a cryptocurrency exchange, and well less than $1 using an electronic check…… it takes as much electricity to create a single bitcoin — a process called “mining” — as it does to power an average American household for two years. If bitcoin were used for a large portion of the world’s commerce (which won’t happen), it would consume a very large portion of the world’s electricity, diverting scarce power from useful purposes.” ⁸

For the peaceful use of blockchain it is enough to reduce the number of verification nodes up to 10, maximum up to 20. And if you pass these verification functions to the players responsible for risk management of this crypto currency, then everything will fall into its place. We will receive a payment infrastructure that is extremely reliable in terms of disaster tolerance (and even survivability), where the verifiers are the ministries and departments authorized by the state. The risks of using such a crypto currency will be minimal.

Thus, the most rational development of distributed ledger technology for the creation of crypto currencies is the creation of a crypto currency with a very limited number of verifires-registrars, the number of which, composition and responsibilities (primarily to reduce risks of use) will be determined by the Government. They will necessarily include the Ministry of Communications, the Academy of Sciences, the Central Bank, the Ministry of Economic Development, the Ministry of Finance, the Ministry of Justice, the Ministry of Internal Affairs, the Prosecutor's Office, secret service.

All other users will use this registry and will not keep the "archives" of other people's transactions.

April 11, 2018

PS

As a result of reflection and discussion of distributed ledger systems for system of troop command and control we managed to understand that they have a very limited number of not only redundant nodes, but even subscribers. Firstly, the unit, roughly speaking, fighting in the Murmansk region does not need tactical data for the Caucasus. Secondly, when a single combat unit is captured, the enemy must not gain access to a large amount of secret data. What is most interesting, special forces have the same picture. When a single special forces operative is captured, local counterintelligence should not receive much information about the sabotage network. Thus, the number of redundant nodes even in the most risky zones does not exceed 10.

That is, empirical data gives us the opportunity to conclude that more than 10-fold redundance is not necessary anywhere and for anyone in any circumstances. For no user in the world. Closed interval from 1 to 10. There is no such risk in the world requiring more than 10-fold backup.

Then who needs crypto currencies with a multi-thousand-fold redundancy of the entire ledger?

After longtime thinking we were able to identify only one type of organizations that need to know everything about everyone. No, of course, there are also journalists, but high-level cryptography with elements of the technologies of automatic systems of troop command and control is "not their style". It is clear that for secret services, if they are the organizers of the implementation of crypto currency, such a tool is convenient. Everyone gives himself the whole amount of private data, believing that the system is anonymous, and does not want to think that any cryptosoft created by secret services just should have the "backdoor" ⁹.

This is common work of the secret service, they are paid for it. But why do users need it? Even if they have such a great love for the secret service of their country, they can probably find a less expensive and complex method of transferring information to them. If we are talking about the secret service of another country, one can get into a very delicate situation, simply described by the Criminal Code. As the poet wrote “It’s where they eat you without salt, They seal you in an envelope, Address at random, send you where the sun don’t shine” (Vladimir Vysotsky ‘Dorozhnaya Istoriya’, translation by Alex Tolkachev). And if a housewife can prove her solid ignorance of the foundations of the theory of reliability, as part of the theory of probability, then any IT guy who must have attended the lectures on the theory of probability, and even passed the exams, of which there is a documented evidence, it will not be easy to get out. The reason that "everyone does it" may not work, because epistemology - the science of knowledge, which is part of philosophy, directly tells us that "the majority opinion is not a criterion of truth"

May 03, 2018

Last version 31.03.2021