Trust issues

I’ve been called “paranoid” too many times to count, with varying degrees of endearment attached. I’ve been told by friends, acquaintances, and strangers alike that I have some serious “trust issues.” Someday, I’d like someone (without an ulterior motive, of course) to explain what’s wrong with that. I always half-joke with these people and tell them it’s not me who has the issue, it’s them, because trust is inherently a weakness, and I choose simply not to expose myself to it.

Trust fall photo by klndonnelly on Flickr

I’m fond of saying that I don’t trust anyone but… the truth, the uncomfortable truth, is that I do sometimes. It would be more accurate for me to say that I trust as few individuals as possible, and only as much as I absolutely must, with the things I absolutely must. That’s a real mouthful though, so I just say I don’t trust anybody, and it’s good enough for most people to roll their eyes at me, write me off as some weirdo, and move on.

Why, though, does it make me weird? Why is it abnormal to have “difficulty” (if you can call it that) trusting others? Propensity to trust is a trait highly desired by dishonest people and psychopaths in their victims, and it seems obvious why. If I default to trusting people I don’t know, it is only a matter of time before a scam artist comes along and ruins my day. Why am I expected to open that surface of attack? Why does the world expect me to trust people randomly,Β especially complete strangers who have every incentive to betray me?

Let’s look at what trust really is. Trust is an unenforceable contract in which the trusting party exposes an attack surface usually in order to gain something: convenience, perhaps, or companionship, from the trusted party. In return, the trusted party promises not to attack. Wait; that’s it? Seriously? I would understand if we lived in J. K. Rowling’s world of Fidelius Charms and Unbreakable Vows, but we don’t; there is no such thing as a safe secret, and promises can and will be broken (just have a look at your average politician).

Of course that’s a clearly biased description as someone who has problems with the entire concept of trust, but I can’t see it any other way. As a software developer, part of my job is to think constantly of how someone may try to compromise my product, and mitigate those attack vectors. If I am not thinking of that and someone does something evil, certainly they are to blame but it’s still my responsibility; the (hopefully) metaphorical blood is still on my hands. It’s my job to make those attacks impossible.

Part of the goal of the cryptographic consensus technology which powers our platform is to minimise the amount of trust we need in order to work together, and I think that’s beautiful to be honest. “Trust issues” are nothing to be ashamed of in my opinion; they’re the natural conclusion of logical thought. So please take note: if we’re friends and it seems like I don’t trust you, it’s not because I think you’re untrustworthy; it’s because I don’t believe in creating unnecessary security holes. Please don’t be hurt. I still love you. πŸ‹

Is our Eternal September coming?

Are Steemians a different breed of human?

In a way I think we are. Some of the best conversations of my life have been with Steemians. I think that is because there is a gathering of like minds here. I don’t mean that we agree on everything; we definitely don’t. Instead, I’m referring to the fact that most of us seem to be thinkers. We aren’t content to simply consume the world around us; we want to question it too; change it, interact.

There’s a reason for this, I think. Especially in these early days, it takes something special to be a Steemian. Most people I have told about Steem balk at the concept right away (“sounds like a scam”), and those who are initially receptive seem to lose interest after finding out they would need to use several exchanges to “get any real money out of it.” (Hah!)

Even some people who stick around for a while find that it’s too much to take and leave. Either they can’t handle the price dropping (see ya!), or they can’t handle the drama, or feel that something about the platform is “unfair.” The result is that the remainder of us tend to have similar views and tendencies, at least about Steem and crypto in general: you will pry it from our cold, dead hands. And I think, in a broad sort of way, there is just something special about Steemians.

So, I am left to wonder… are we a different breed here? Has this platform naturally selected for intelligent, strong-willed individuals? Is that why I find so many of the people I meet here to be the most interesting humans I’ve ever met?

By Foundry on Pixabay. CC-0.

I’m enjoying it while it lasts.

If my theory is correct, all the Steemians on the platform right now are so cool becauseΒ only cool people are left. Only those that came here and remain here today have been selected and repeatedly re-selected through all sorts of trials and tribulations; through market drops, chain freezes, and other sorts of metaphorical obstacle courses they face simply by being early adopters. Well then; to me, the eventual widespread popularity of a more user-friendly Steem is a double-edged sword. Eventually, the influx of “normal” people will begin, and the days of Steem being a cute little village of nerds will end.

All of this has happened before, and it will all happen again. In 1993, it happened on Usenet, when America Online decided to open the floodgates by granting every single AOL user access to the newsgroup platform. Now, Usenet denizens were used to this sort of invasion; it happened every September, after all, when the new batch of first-year university students were introduced to this new exciting thing and had absolutely no idea how to conduct themselves. Eventually they’d either figure things out, or they’d decide it wasn’t for them and log off, never to be seen again.

But this time, it was different. This time, September never ended. They called it the Eternal September. The “old guard” were completely overrun by the newcomers who, by sheer force of numbers, completely redefined the culture of the place. From the eyes of the early adopters, Usenet was never the same again.

I believe that we must accept our fate.

I will still do what I can to make Steem more welcoming to the less curious; the less technically inclined. I will do what I can to make it safer for people who don’t understand cryptography. I will do these things because I am certain that it is the right thing to do. Decentralisation should not be a privilege reserved for nerds.

But… it sure is nice to be here right now, isn’t it?Β πŸ‹

Dusting off the old blog: time for a change.

Hey everyone. I’m @lemony-cricket, and that’s the last time I’m going to start a post like that. Probably. Unless I feel like it.

Time to change things up a bit

I’ve been getting in my own way of writing here. I love to write! I always have. So why, why have I let it become such a chore? I think it’s just because I am so obsessive. I won’t use the term OCD as I believe it should be reserved either for kickass Steemian curation projects, or for those with a serious and expert diagnosis of a debilitating mental condition, which I don’t believe I have. The truth is: I am just way too worried about what I’m writing.

I’m not going to completely change my style. What I am going to stop doing though, is worrying so much about following some imaginary rules I made up for myself. No longer will I worry so much about:

  • Putting my name at the start of every article.
  • Having a picture directly after the opening statement.
  • Bolding the first thought of each new paragraph.
  • Getting the headers just right and trying desperately to avoid line breaks inside of them.
  • Obsessing over where to put my horizontal rules.

  • Making sure there’s always a nice little ending with a lemon emoji.
  • Reading the “finished” post over and over again for 2 hours obsessively to make sure it’s the best it can possibly be.
  • Obsessing over visual arrangement, only to have it not make a difference on other frontends and my WordPress blog.
  • Including every possible example in a list of imaginary rules I made up for my posts which I am now abandoning.

New priorities

Most of you probably know by now that I am a software developer, and maybe you also know that I love it so much I do it at home too. I’ve been focusing a bit more on that lately than engagement on the Steem blockchain, but I see no reason why the two can’t coexist. I just have to make my priorities clear:

I can’t be spending four to five hours on every post when I have code to write.

And as much as I love you all and this platform, and as active as I may be in chats, I can’t be going thirty-three days without a single post on my main blog and still call myself a Steemian… and I want to call myself a Steemian. I am more proud to be a Steemian than I have ever been proud to be anything.

I will still make those awesome, perfectly-formatted posts that I’m so proud of sometimes… particularly when I decide to pick up the second part of my cryptography series. But for now… it’s time to bite the bullet, check over this post exactly once for obvious errors… and post.

Sorry, no lemon emoji this time. It’s for my own good.



The trouble with view counters

Hi and hello! @lemony-cricket here and… I know some people miss the view counters on Steemit. I’ve even seen people blame their absence for a lack of engagement, and I understand that mindset. View counters, after all, are a feature everyone has loved since the dawn of the Internet. Too bad they don’t work. Let’s talk about that.

Image by Wesha at Wikimedia Commons. CC-BY-SA 3.0 Unported.

It seems like such a simple concept

It’s not so hard, is it? Just add one to the counter every time someone loads your page. It’s infuriating how the people at Steemit Inc can’t seem to figure out such a simple thing, right? Well, although it might be frustrating, there really is no simple solution to the problem. But in order to get you to believe that, I’ll have to convince you that a problem exists in the first place.

I had a friend here once (and I hope he’s still around, somewhere) who was pretty devastated when the view counters went away on Steemit. Before they were removed, they were something he’d mention at least every other week. He was so proud that his view count was so high. Then all of a sudden, the views started dropping off. He began to get frustrated.

I wanted to help him feel better. So, I thought I might write a program to increase his views. Here’s what my program would do:

  1. Start up a browser and navigate directly to his latest post.
  2. Wait for the page to load.
  3. Repeat.

I didn’t do it

And I’m glad I didn’t. I don’t think people should be lied to just to keep them happy… which is why I’m okay with the view counters being gone. There’s simply no way around it; the view counter is a lie. There’s simply no way to make them work honestly; they are information-theoretically impossible.

But what if we require there to be an actual human reading the post?

Well, how are you checking this? Are you planning to give a quiz? Will you use some form of natural language processing to generate the quiz automatically, or will the author have to make up the questions itself? Do you expect the reader to voluntarily submit to this quiz? Do you expect the average reader’s reading comprehension to afford it a passing score? Be prepared for a lot of false negatives.

No, that’s silly and you’re being facetious. Just only count each computer once.

What’s a computer? Yes, that was a serious question. There are several ways to attempt to uniquely identify a computer or a computer user, none of which actually work. Take for example:

  • IP addresses, which can be easily spoofed using Tor.
  • MAC addresses, which can also be easily spoofed.
  • A browser cookie, which can easily be cleared.

Even if there were a magical computer ID mechanism which actually worked, there is another problem. What if I was showing your article on a screen in front of 1,000 different viewers? Under your rules, they’d all be counted as one. That’s not fair, is it? Do we install eye tracking capabilities on every computer? How can we be sure the equipment is not malfunctioning? Are people really reading or are they just looking? How do we tell if they’ve absorbed the information? Do we install mind reading devices on all humans at birth? Is this the plot of a Black Mirror episode? (No, seriously, is it? I don’t watch television.)

And what about other frontends? Steemit is just one gateway to the Steem blockchain. Even if we can get them all to cooperate, how are all of the different frontends supposed to synchronise their view counters? Do we make every reader everywhere sign and broadcast a blockchain transaction saying they read the post? Who is going to force them to do this? Bandwidth (or your Resource Credits supply, after HF20) is limited, after all. Or, if they’ve got a lot of bandwidth available, who is going to force themΒ not to falsify these transactions for every post on the blockchain?

What about users that aren’t logged in? Will you force them to log in like on Quora? (Ew.) What happens when I make a Steemit mirror site and just scrape and republish all the content for “free” with no such requirement?

There’s a lesson here somewhere

This is a very common type of problem. Our struggle to verify the individuality of each reader is something computer security experts deal with every day in distributed networks all over the world. Systems which rely on individuality of anonymous or pseudonymous users are inherently vulnerable to something called a Sybil attack. It’s named after a woman with a famously documented case of multiple personality disorder.

Put simply, a Sybil attack is when you take advantage of anonymity in order to pretend you are multiple people when you are really only one person. Think of it as digital ballot stuffing. There have been attacks like this against several distributed systems, including the Tor network in 2014.

The good news is that we have ways to combat Sybil attacks… and guess what? We’re using one right now! Blockchain technology is designed from the ground up to resist exactly this type of attack (as well as others). In fact, we’ve already got something kind of like a view counter on this platform; even if it’s not perfect. Even if it’s possible to get around the human requirement, the system puts mathematical limitations on its abuse.

This view-counter replacement is built into our blockchain. Users on Steem have a direct quantitative measure of the net objective economic value they have invested into the platform. It’s called stake, it’s measured in VESTS or SP, and it defines their maximum rate of influence over time. For this reason, you can count on any rational user to use that influence somewhat sparingly, on posts and people they actually read and like. Sure, it’s not exactly a view counter as much as it is an acknowledgement of value… but it’s the best thing we’ve got.

It’s called an “upvote,” and you can get one from me today by typing out your thoughts below.Β πŸ‹

It feels good to finish

Hello friends! I’m @lemony-cricket, and if you chuckled at the title, you’re exactly my kind of person. If you rolled your eyes at the thought of someone turning such an innocent phrase into something to chuckle about, you’re also my kind of person so, there’s that.

If this doesn’t count as fair use, I honestly quit the Universe.

I’m trying that “blogging” thing.

I’m doing a bit more of a “personal” blog post today than I usually do; one that actually resembles more of a blog entry than an article. I’m not gonna be educating anyone on anything or prattling on about my anti-authoritarian views today. Nope; today’s post is about me.

I’ve been on Steem for a long time now. The better part of a year. It’s hard for me to grasp the reality of how much time has passed. It may also be hard for others to guess how much I love Steem and the people here, when they see me not posting or interacting onchain for whole weeks at a time. For people who don’t talk to me in other places, you may find it surprising that I still consider myself an active Steemian, but I do.

The truth is though, I have a problem. Actually I have several, but while it would probably be healthy for me to acknowledge and seek treatment for my anxiety and possible other “issues,” that’s never going to happen. The problem I’m talking about is mental, but it’s not an illness. It’s just a flaw.

I am a serial “starter.”

Since I discovered Steem, I have had a ridiculous number of (what my mind has perceived to be) “brilliant” ideas for things built on top of it. I have spent entire days drawing them out on paper, diagramming them, mind-mapping them, writing code for them, talking excitedly about them with friends… starting them. What I have consistently failed to do is finish.

It’s not just Steem, and it’s not just development. My entire life is and has been like this. It’s one new initiative after another with me… I want to learn an instrument. I want to speak every language in the world. I want to write a book. I want to teach a class. I want to make a video game; not one of those cheesy game-jam entries but a real, playable masterpiece with a story, art, a score, and amazing game mechanics… all of which I want to do myself (hey, the Touhou guy does it; I should have no problem doing it too). The list goes on… and on… and on.

I live with the chronic existential dread that I will never accomplish all of my goals, which is honestly (and unfortunately) a completely rational fear. In fact, it’s irrational to hope that I can ever accomplish even a significant minorityΒ of everything I’ve ever set out to do. I just don’t have enough free time left in my life. I spend too much of it working, socialising, eating, and fulfilling other “real world” responsibilities, all of which refuse to yield to my grandiose fantasies of being some kind of rockstar polymath.

But I can’t take it. I can’t accept reality. Instead I keep hopping back and forth between new and old ideas, planning them out and starting work then getting overwhelmed, scrapping them, and finding something else to do. I’m stuck in a loop. I don’t think it’s healthy. I want to do something about it… and I know that means letting go of some ideas. I just can’t though. I can’t look myself in the face and say… “I will never do this.” It won’t “compute.” I’m in denial and I know it. So, I’ve decided to handle things a different way.

I’ve decided to start finishing.

I’m going to start tuning out my other ideas from my life. From now on, when I have a new (or old) idea while I’m in the middle of something else, I will write it down and then I will ignore it, until I have finished something. Then, I’ve earned the right to obsess over yet another project. Until then, though… well, I’ve got to stop writing cheques my free time and work ethic can’t cash.

It starts with this post. This post is something I had an idea to do just earlier, while I was working on something else at work. I made a mental note of it and decided to come back to it when I had finished work for the day.

I finished that, and now I’ve finished this,Β and it feels good.Β 

It feels good… to finish.Β πŸ‹

Intellectual property just doesn’t work anymore

Hey everyone; @lemony-cricket here, and intellectual property is possibly one of the hardest pre-Information-age concepts to kill. But it’s dying, as we speak… and that’s a good thing.

Adapted from image by Bo Peterson. CC-BY-SA 3.0

The title is a lie.

What do you mean “Anymore?” Intellectual property never worked. It was never a thing, at all. It was a silly idea that gained traction by accident due to a lack of technological advancement at the time.

“Copyright” as we know it first arrived in the form of the English Parliament’s Licensing of the Press Act 1662, which came about when people decided something needed to be done about “unlicensed copies” of books made possible by the printing press. For the first time in history, it had become possible to separate two concepts which had never been separated before: data and media. Writing had existed in several forms for thousands of years, and yet up until that point nobody had really thought about the concept of owning information. It wasn’t necessary; owning theΒ medium was enough, because copying the data to a new medium was a difficult problem. In order to copy a book, for example,Β  you’d have to sit down and write out the whole thing. Ain’t nobody got time for that.

Unfortunately, the damage had been done by years and years of authors owning what was often the sole copy their books, which meant that they had effective ownership of the content as well. Of course, they collectively decided theyΒ liked things that way, thank-you-very-much. So, in the typical reactionary fashion in which governments of the world operate, this new legal concept of “copyright” was legislated into existence: that no author, having written a book and released it into the world, shall suffer the pain of having its work copied without its consent.

Bloody horrible idea, that one.

It was the wrong way to handle the problem. Instead of allowing a business model to change; to adapt to new technological advances, the government chose to prop up an artificial concept by rule of law. If this sounds familiar, well, that’s because governments do this all the time. They didn’t stop, either. Provided below, for the reader’s enjoyment, is a particularly disgraceful educational video from the early 90s:

Don’t do it; we know you can, but please don’t. Pretty please? You see, back then, software companies (who had obviously grown comfortable with copyright law’s expansion into software) were experiencing one of the first general failures of the intellectual property concept. The prolific spread of writable media as well as the explosive adoption of home computers should have meant the end of copyright forever. Unfortunately, that’s not exactly how it worked out.

Instead, they propped it up again.

Software producers invented new ways to attempt to enforce their copyright. Some included a quiz that could only be answered by examining the game’s packaging or manual. If you couldn’t look up the correct information, it meant you didn’t have the manual for the game, so you obviously didn’t buy it. Don’t lose the manual, I guess.

Other approaches became common too. Everyone old enough to remember pre-Steam gaming remembers the old “licence key” approach to digital restrictions management (DRM). The disc came with a key, generated by a “proprietary” algorithm, which the game could check to see if it was legitimate. Of course, software pirates were always one step ahead; it was never long before these keys were leaked or a key generator utility was released.

In 1998, the United States infamously brought us the Digital Millenium Copyright Act, which is the most widely-known law to criminalise the “breaking of digital locks.” While it is true that there are some (very narrow) exceptions, they are temporary and at the whim of the Librarian of Congress. That’s probably the most ridiculously bureaucratic thing I’ve ever heard. Plus it never worked anyway. Nothing changed. Scene crackers still patched games and wrote keygens. Enforcement of the DMCA and similar laws worldwide has been, largely, a colossal failure.

We can do better than this.

The sense of pride and ownership that an artist, writer, coder, or musician feels as it looks upon a completed work will probably never go away, and for good reason. It is one thing to say something is your work and that people should not use it without your permission. It is even fine to encourage a community to boycott, downvote, or otherwise discourage unauthorised use of your work. It’s a completely different thing, however, to expect the state to act as an enforcer on your behalf. That is already gone for the little guys and has been for some time;Β  pretty soon it will be gone for the big guys too.

Intellectual property law does not work, because governments are slowly but surely losing the power to control the dissemination of information. It will only continue to get worse for those stuck in their ways, as information technology grows more and more decentralised.Β  Artists, musicians, writers, and content producers in general should not, andΒ can not, continue to rely upon a centralised government entity to protect them from copyright infringement.

Instead of propping up outdated business models which fall apart under information-theoretic attack, we should focus on creating new business models that actually work without relying on the ownership of data, like Steem and Patreon. On both of these platforms, creators are paid for their content as they produce it, and as they acquire a following they gather more and more consistent support.

A brighter future is ahead.

In the long term, society will come together to support a continuous stream of content from their favourite creators. They won’t pay for “rights” to the finished content; they’ll actually be paying the artist to work. Once content creators start to be paid a fair rate for their effort, they may start to loosen their grip on the insistence that they legally own exclusive use of their content.

Change is coming whether we like it or not. Government is rapidly losing the battle against the freedom of information, as it should be. Information will only flow more freely tomorrow than it will today. It doesn’t do us any good to keep trying to prop up a concept so unnatural, so information-theoretically unsound, as intellectual property. Instead, we should focus on creating new, sustainable models for rewarding our society’s content creators… and I think Steem is a really great start.Β πŸ‹

I’m tired of the “Ponzi” meme

Hello readers; I’m @lemony-cricket and I was just waiting for everyone else to stop posting. I’m still here, and I will be until the witnesses turn out the lights; I promise.

Charles Ponzi, the original conman himself source. Public domain.

People really hate cryptocurrency.

Since the very early days of Bitcoin, there have been those who seek to destroy it or at least relish in its failure. There are a wide variety of reasons for this; some of them I can think of are:

  • Envy. “I didn’t get rich off this, so why should these people?”
  • Schadenfreude. “These guys are losing so much money it’s hilarious.”
  • Ethics. “Crypto is making millionaires out of the worst people in the world.”
  • Vindication. “I knew it was going to crash eventually. Was only a matter of time.”
  • Speculation. “I have an open short position; I hope Bitcoin crashes to zero.”
  • Environmentalism. “Bitcoin is a huge waste of natural resources.”
  • Conflict of interest. “Cryptocurrency threatens my business or other interests.”
  • Skepticism. “There is no value in Bitcoin. It is a ponzi scheme.”

I am mildly sympathetic to some of these, particularly the environmental, conflict of interest, and ethical concerns. I don’t mean to say that I hold these views myself; it’s just that I believe they are valid points and, to some degree, I believe they deserve more credit than they are given by the community.

There are many valid arguments against cryptocurrency, but the “ponzi” bogeyman is an absolutely invalid one that keeps coming back. I’m going to focus on that one today.

Semantics aside, it just doesn’t fit.

I could take the easy way out and cite the literal definition of a Ponzi scheme. As Wikipedia tells us:

A Ponzi scheme […] is a form of fraud in which a purported businessman lures investors and pays profits to earlier investors using funds obtained from newer investors.

Very few cryptocurrencies fit this definition. There are exceptions, most notably Bitconnect and certain Ethereum smart contracts, but these could hardly be called currencies in the first place; they are centrally-issued and “token” fits better (though the lines are very easily blurred between the two).

But what people really mean when they say that cryptocurrency is a Ponzi scheme is that it hasΒ no intrinsic value; that it serves as a wealth redistribution mechanism which favours those who bought in at lower prices… oh, and we usually have to assume that that last part is a bad thing for the sake of this argument.

Consensus is valuable.

I feel that anyone who denies this is either ignorant, closed-minded, or being dishonest on purpose; for sake of one of the motives listed above, perhaps, or some other ulterior motive I didn’t think to list. The reason I feel this way is simple: not valuable to you does not mean not valuable at all. Value is subjective… and there is a real value in consensus technology.

Regardless of whether Bitcoin rewards early adopters (it does), or whether this is justified (it is), the fact that all those miners are working to secure the network makes Bitcoin the most secure medium of consensus in history, and in exchange for this creation of value, the network pays the miners in newly minted coins. Even if the value of Bitcoin itself drops to zero, that innovation is not going away. Consensus technology has been let out of Pandora’s box, and it will always have a place in the world at any price or level of legitimacy.

To those who stick to their “Ponzi” guns for the greater good: I understand that the societal impacts of cryptocurrency may be unfavourable in some ways. There can be no avoiding these issues. The ecological impact is probably non-negligible (though I have yet to read any credible study on Bitcoin’s carbon footprint). There are a lot of people with questionable morals who are a lot richer now than perhaps they should be, and if Bitcoin continues to rise in value, they’ll get even richer.

The existence and use of cryptocurrency definitely threatens certain aspects of our way of life, but I don’t think that gives people licence to be dishonest. The fact is: you aren’t going to miraculously save humanity from crypto by lying to people. Instead, we should focus on how we can use consensus technology to better the world… because it’s not going away anytime soon.Β πŸ‹

Introduction to Cryptography I: Encryption (Pt. 4 – Block Ciphers/Modes of Operation)

Hi everyone. @lemony-cricket here. Let’s learn about block ciphers and modes of operation! We’re nearing the end of our introduction to encryption, but don’t be sad! I’m really excited to get into digital signatures and hashes and everything else cryptography has to offer!

Rocket graphic extracted from this CC0 image from OpenClipart-Vectors on Pixabay.


It’s been almost a month since the last installment of Introduction to Cryptography. Unfortunately, nobody actually completed the activity last time, which gives us not a lot to talk about in this retrospective section! An honourable mention goes to @procrastilearner, who contributed a good question to which I thoroughly enjoyed responding.

Last time we learned about stream ciphers. That was our first introduction to the marvelous world of modern encryption. That stuff is actually in our web servers and browsers making ’em tick! Neat, eh?

Stream ciphers are simple and convenient. They tend to have extremely fast hardware implementations. They don’t require padding (we’ll define that later). They have one mode of operation; they generate a keystream, which is then used as if it were a one-time pad. For better or for worse, that’s all they can do.

Block ciphers and their modes of operation

the most versatile form of symmetic-key encryption

Block ciphers, on the other hand, are a bit more powerful, but a bit more complicated as well. For example, in most modes, block ciphers operate directly upon the plaintext rather than generating a keystream. They also require proper paddingd1 at the end of the plaintext unless it exactly matches up with the block size.

It’s also not enough to know which cipher you’re using; you also need to choose a mode of operationd2. These modes of operation are public and widely standardised and work with any block cipher available. Let’s take a look at some of these modes.

Electronic codebook (ECB)

By WhiteTimberwolf on Wikimedia Commons. Public domain.

The diagram above illustrates the electronic codebook, or ECB, mode of operation. It’s called “electronic codebook” because it is actually a really large substitution cipher, like the Caesar shift. The differences are that it’s more of a “scramble” than a “shift,” and it has a much, much larger alphabet, with each possible permutationd3 of the block size representing a different “letter.”

In this most basic mode of operation, the same key is used to encrypt every block of plaintext. That means that if any of the blocks are exactly the same, those blocks in the ciphertext will also be exactly the same. Now, if you’re starting to get a bad vibe about this, good. You’re learning!

It’s true that ECB has some severe flaws, and for this reason, it is almost never used except as an example of how block ciphers work, since it’s really the most bare-bones mode available. You might already have an idea about what the flaws are, but we’ll save that discussion for later.

Cipher block chaining (CBC)

By WhiteTimberwolf on Wikimedia Commons. Public domain.

No, not “blockchaining.” Actually, there is a slight similarity here! Blockchains are so-called because each new block includes a mathematically indisputable link to the previous block. Similarly, while encrypting in CBC mode, we combine the ciphertext from the previous block with the plaintext of the current block before the encryption operation, using a bitwise exclusive-or (XOR) operation.

CBC thereby solves the problem with ECB since each block depends not only on the key, but also on the previous ciphertext. This effectively breaks the ability to observe patterns in the ciphertext and serves to increase a desirable property we call diffusiond4.

But what’s that “initialisation vectord5” all about? Well, since there is no previous ciphertext to combine with the plaintext for the first block, a random value must be used instead. The random part is actually pretty important; the IV doesn’t have to stay secret, but it cannot be predictable or else it opens the door for certain attacks.

An interesting quirk of CBC is that even though the IV doesn’t have to stay secret, it’s actually not even necessary to tell the decrypting party what it is. All you have to do is pad the first block with arbitrary, disposable data before you encrypt it… then just throw it away on the other side. This works because the subsequent blocks rely only upon the ciphertext, not the plaintext. So, decrypting with the wrong IV will result in the first block being mangled, but every block after it will be fine! This trick is actually widely accepted and used in at least one prominent encryption standard, TLS 1.1, where it was deployed to fix a prior vulnerability.

Counter (CTR)

By WhiteTimberwolf on Wikimedia Commons. Public domain.

The counter mode takes a different approach. Instead of taking the plaintext as input like the other modes we’ve seen so far, it splits the input between a nonce and a counter. The counter is incremented with each block number, but the nonce stays the same for the entire session and should never be used again with the same key. Once the output is generated, it’s combined with the plaintext with a XOR operation…

Hey! Haven’t we seen this before?! Yes! One of the coolest things about cryptography is that since most of the algorithms are built around similar principles and have similar properties, they can often be safely used to construct substitutes for one another. An algorithm built for use as a stream cipher is often perfectly suitable for use as a CSPRNGd6. As @procrastilearner found out in my reply to his question, we can even use a hashing algorithm to generate a secure (if rather slow) stream cipher. It’s not unheard of for certain implementations to re-use existing primitivesd7 in these sorts of ways, especially in embedded systemsd8 where there may be extremely restrictive space and/or memory constraints.

Counter mode is a way to turn a block cipher into a stream cipher. There are other modes like this too, like cipher feedback (CFB) and output feedback (OFB), and others which do more advanced things, but I think we’ve reached a sufficiently advanced point and this is an introduction to cryptography series, after all.

Interactive exercise

Below are two images; the one on the right is an encrypted version of the one on the left.

My continuous undying thanks to @saywha, who made this monster for me!

Woah! That doesn’t seem right. Take your best guess at what went wrong here and explain how you came to that conclusion. 100% upvotes await all thoughful answers!


From my personal knowledge and experience unless otherwise noted.

  1. padding: extra data which must be used to “fill up” the last block when using a mode of operation which operates directly upon blocks of plaintext.
  2. mode of operation: the combination of inputs, outputs, and intermediate steps used with a block cipher to allow it to operate on data sets larger than the block size.
  3. permutation: a distinct arrangement of a set of items. For example, the following sequence contains all permutations of the first three positive integers: [123, 132, 213, 231, 312, 321]
  4. diffusion: a desirable property of cryptography which states that any single change to the plaintext should affect all bits of the ciphertext with equal probability. ECB has poor diffusion because changes to the plaintext affect only the current block.
  5. initialisation vector: a nonce, specifically one used as (or which modifies) the input to the initial block.
  6. CSPRNG: In cryptography, there is often a need to generate “random-looking” numbers in a deterministic (and therefore reproducible) fashion. An algorithm used for this purpose is called a CSPRNG: cryptographically secure pseudorandom number generator.
  7. primitives: “well-established, low-level cryptographic algorithms that are frequently used to build cryptographic protocols for computer security systems. These routines include, but are not limited to, one-way hash functions and encryption functions.” source
  8. embedded systems: computer systems which exist as part of an appliance or other purpose-built hardware. The computer inside your car is an embedded system, for instance, and so is the one inside your microwave.



Additional thoughts

If you enjoy my work, please leave a comment. Even if you don’t feel like doing the activity (which I may stop doing soon or at least not every time), don’t hesitate to add something else to the discussion. Is there something I could have explained better? Got a question you think is dumb? Ask it! (It isn’t. This stuff is hard.)

You’ll get an upvote from me, my undying appreciation, and y’know… someday when I am rich and famous, I’ll remember you as I shoo away the onslaught of elephants. πŸ‹

Introduction to Cryptography I: Encryption (Salsa20 Stream Cipher)

Hello there! @lemony-cricket here. Last week in Encryption Pt. 2, we learned what stream ciphers _were_. This time, we’re going to take a closer look at a specific algorithm called Salsa20 in order to understand how the keystream is generated from the key.

Rocket graphic extracted from this CC0 image from OpenClipart-Vectors on Pixabay.


Unfortunately, participation was down last week. Thank you to @eonwarped for participating in the interactive activity! I’m not sure if the message was particularly malicious, but hey, Bob sure is really freakin’ confused right now.

In an attempt to increase participation, this post will be the last in the series published on a Monday. From now on, I will be trying to post these on Friday or Saturday.

Also, it has come to my attention that my fancy lettering for newly-defined terms isn’t showing up on some devices (particularly mobile phones with terrible Unicode support). That’s unfortunate… so I’ll be switching to bold italics, which are not nearly as fun. But enough about the series, let’s talk about the crypto!

The Salsa20 quarter-round

“rounds?” you mean like in boxing?

At the heart of many cryptographic algorithms lies the concept of the roundd1. A round is like an algorithm within the algorithm; a sub-routine which is run many times to arrive at a final result. Salsa20’s round function is actually itself made up of four quarter-rounds; the diagram to the right is a visualisation of the Salsa20 quarter-round function.

Huh? What are all those symbols? Well, there are three main operations in play. The orange crossed square represents addition modulod2 231. The blue crossed circle represents the bitwised3 exclusive-OR (XOR) operation (we learned the definition of XOR in the previous installment. Finally, the orange boxes with the <<< symbol inside indicate a leftward circular shiftd4 of the specified number of bits (either 7, 9, 13, or 18 as shown in the diagram, from top to bottom).

The lines represent input and output.. The quarter-round function operates on four 32-bit values at a time; A, B, C, and D. These inputs are taken from the cipher's current stated5.

Salsa20's internal state

hopefully, this will all start to make some sense soon.

The quarter-rounds need data to operate on. That data is the current state of the cipher. For Salsa20, the state is a 4x4 grid of 32-bit values. Every time a quarter-round is executed, the existing data is overwritten with the newly generated output data. By now you're probably wondering... where is my key in all of this? We're about to find out.

expa key0 key1 key2
key3 nd 3 nonce0 nonce1
position0 position1 2-by key4
key5 key6 key7 te k

To the left is a representation of the initial state of the ChaCha20 cipher. The subscript numbers indicate the N+1th 32 bits of that value. For example, "key0" indicates the first 32 bits of the key. The parameters used for the four quarter-rounds alternates from one round to another.

Specifically, there are two possible distributions of the quarter-rounds:


A | D | C | B
  |   |   |  
B | A | D | C
  |   |   |  
C | B | A | D
  |   |   |  
D | C | B | A

For odd-numbered rounds (including the first one, since the round numbering starts at 1), the four quarter-rounds each manipulate one of the state's columns.


 A B C D
- - - - -
 D A B C
- - - - -
 C D A B
- - - - -
 B C D A

For even-numbered rounds, the above ordering is used instead, with the rows being manipulated rather than the columns.

Generating the keystream

tying it all together

Salsa20's keystream is generated 512 bits at a time. These 512-bit segments are called blocks. In Salsa20, each block starts out as the initial state shown above, then 20 rounds are performed on that state. The initial state has three variable parameters: a 256-bit key, a 64-bit nonced6, and a 64-bit position counter (always starts at zero with the first block, and counts upward with each block).

After the initial state is built from the key and nonce, 20 rounds are run, one after another, on the state. At the end, what you have left in the state after those 20 rounds is 512 bits of your keystream.

Interactive exercise

You should have paper and something to write with for this portion.

Let's run through a single round of a modified version of Salsa20. The rules of our modified version are as follows:

  • All 32-bit values are 4-bit values instead
  • Addition is modulo 24 instead of 232
  • All circular shift operations are removed.
  • All rounds are "odd-numbered."

The first person(s) to respond may use the following initial state. If you get here and someone else has already participated, you should use their output instead of this one, and reply directly to their comment. Let's have some fun with this!

1000 1101 1011 1011
0011 1110 0101 1001
0110 1010 0100 1111
0011 1101 1010 0100

Make sure to ask questions if you get stuck! πŸ‹


From my personal knowledge and experience unless otherwise noted.

  1. round: a subroutine within a cryptographic algorithm which is repeated over and over, or a single iteration of this subroutine.
  2. modulo: the remainder after a division by the specified divisor. Used to create numerical systems that "wrap around." For example, 1 + 1 modulo 2 is 0.
  3. bitwise: describes an operation which operates on individual bits of a binary value.
  4. circular shift: a bitwise operation which shifts each bit in the specified direction, except for the last bit on that end, which is moved to the other side.
  5. state: a body of data which persists between rounds of a cryptographic function.
  6. nonce: a number meant to be used along with a key, but only once. The nonce should never be re-used with the same key again.


Introduction to Cryptography I: Encryption (Pt. 2 – One-Time Pads and Stream Cipher Intro)

Hey everyone! I’m @lemony-cricket. In the inaugural installment of Introduction to Cryptography, we laid down some of the basic building blocks of understanding encryption. We learned about encryption and decryption, plaintext and ciphertext, and what a key is. In this installment, we’ll be learning about one-time pads and a little bit about modern stream ciphers.

Rocket graphic extracted from this CC0 image from OpenClipart-Vectors on Pixabay.


First, before we begin, I’d like to extend gratitude to @bachuslib, @svemirac, @insaneworks, @warpedpoetic, @kex, and @enjar for their participation in the interactive portion last time. Full marks, all of you! All participants successfully encrypted a message using the Caesar shift algorithm and received an encrypted reply from me using the same key.

But how did I know your key if you didn’t tell me? The answer may be obvious to some of you at this point, but if you’re still wondering…

The Caesar cipher has an extremely small π•œπ•–π•ͺ𝕀𝕑𝕒𝕔𝕖d1. This means it is incredibly weak when faced with a simple 𝕓𝕣𝕦π•₯𝕖-𝕗𝕠𝕣𝕔𝕖 𝕒π•₯π•₯π•’π•”π•œd2. Since there are only 26 letters in the English alphabet, I only had to try to decrypt your message 26 times, one for each possible offset. Once I got something that made sense, I knew I had found the “secret” key.

But that’s cheating!

Not really. In matters of cryptography and security, nothing is cheating. Besides, it made for a very nice introduction to extremely basic 𝕔𝕣π•ͺ𝕑π•₯π•’π•Ÿπ•’π•π•ͺπ•€π•šπ•€d3, the “cat” from which cryptography’s “mouse” is perpetually running.

For every good person out there who needs cryptographic protection, there is a bad person trying to defeat it. For every bad person using cryptography for evil, there is a good person trying to catch them. In this way, cryptography and cryptanalysis go hand-in-hand to bring balance to a chaotic world. This is just the way that things are.

The one-time pad

unbreakable but cumbersome security

One way to ensure that your data is safe is to use a one-time pad. We’ll find out what that means in a moment. First, let’s assume Alice and Bob are two friends who are currently together in a safe location, away from prying eyes. Bob is going on a trip soon, and Alice wants to be able to send him a secret message while he is away.

The first thing they will do is generate the key. With a one-time pad, the key has to be very large; at least as large as the message you wish to send! Alice and Bob decide that the message will be small; no longer than 2 or 3 words. They decide that 20 letters will be enough. They use RANDOM.ORG to generate 20 numbers from 0 to 25…

20	21	11	7	14
10	4	4	22	22
17	9	7	25	22
14	0	15	12	1

Each keeps a copy of the numbers and they part ways. A week later, Alice writes her message to Bob:


Alice encrypts each letter of this message using the rules of the Caesar shift we learned before, but with a catch: every letter uses a different shift value, taken in order from the one-time pad (from left to right):

I -=20=-> C
M -=21=-> H
I -=11=-> T
S -=07=-> Z
S -=14=-> G
Y -=10=-> I
O -=04=-> S
U -=04=-> Y


When Bob receives the message, he can just perform the decryptions with the same keys in the same order, and he will get the original message back.

One-time pads are an example of π•šπ•Ÿπ•—π• π•£π•žπ•’π•₯π•šπ• π•Ÿ-π•₯𝕙𝕖𝕠𝕣𝕖π•₯π•šπ•” π•€π•–π•”π•¦π•£π•šπ•₯π•ͺd4. This means that they are proven to be uncrackable, as without having the key, you actually have no information whatsoever about the plaintextr1. I am using spaces in these exercises for readability, but in a real-world application, we would be encrypting the spaces too, and they’d get lost in the jumble.

So this is great, right? It’s a start. There are a few problems with one-time pads:

  • The key must be at least as long as the plaintext.
  • Once a part of the key is used, it should never be re-used again. This would expose the key to a reused key attackr2.
  • The key(s) must be generated in full and, once depleted, there is no way to generate more except to meet up again.

Introducing stream ciphers

they’re like an (almost) infinite one-time-pad

A stream cipher is an extension of the one-time pad concept. The main logic of a stream cipher is focused upon generating a never-ending stream of π•‘π•€π•–π•¦π••π• π•£π•’π•Ÿπ••π• π•žd5 data called the π•œπ•–π•ͺ𝕀π•₯π•£π•–π•’π•žd6. This keystream then acts as a one-time pad which is much easier to store and transmit, since it is generated from a much smaller key using a publicly-known algorithm.

In the above example, we used a modified Caesar shift algorithm with each letter consuming a separate key from the keystream. In practice, most modern stream cipher implementations operate on individual bits of data and use the π•–π•©π•”π•π•¦π•€π•šπ•§π•– 𝕆ℝd7 (XOR) operation for this purpose, as it is fast, universally available, and the decryption operation is actually the same as for encryption! (We will discuss this all in more detail in the next installment.)

Well, it can’t be all good news. There has to be a catch.

There is, sort of. Since the keystream must be 𝕕𝕖π•₯π•–π•£π•žπ•šπ•Ÿπ•šπ•€π•₯π•šπ•”d8, it cannot possibly be truly random. Therefore, there is a risk some weakness could be discovered in the algorithm which could lead to a practical attack on the cipher. In addition, with the decrease in key size, the keyspace is also decreased, making brute-force and other attacks marginally easier. In general, though, the benefits (which are tangible and tested) outweigh the disadvantages by far (which are theoretical and unlikely).

Next time, we’ll be taking a closer look at a specific stream cipher in order to understand how the keystream is generated. We’ll also look at some more complicated attacks.

Interactive exercise

You should have paper and something to write with for this portion.

Your name is Evelyn, and you’ve been trying to get between Alice and Bob for a while now. You’ve followed Bob to his destination and snuck into his hotel room while he’s out running an errand.

You see a note on the desk. You can’t believe your eyes; Bob has left his notes out on the table. Alice always was the more careful one.

20	21	11	7	14
10	4	4	22	22
17	9	7	25	22
14	0	15	12	1

What’s more, Bob has carelessly written his copy of the key in pencil. This is it! The moment you’ve been waiting for.

Hurry! Before Bob gets back! Change the key so that the message written reflects a malicious message. Then, leave the new key in the comment section below. You can go for the obvious choice, or get a bit creative. The choice is yours! πŸ‹


From my personal knowledge and experience unless otherwise noted.

  1. keyspace: this is the number of total possible keys that exist. If you have a 256-bit key, and all possible values are valid, then there are 2256 possible keys.
  2. brute-force attack: the attempt to try every single possible key (to search the entire keyspace) to find the valid key. While trivial for small keyspaces such as that of the Caesar shift, it quickly becomes impractical and at some point even almost certainly impossible.
  3. cryptanalysis: the science of attempting to break cryptographic systems, especially encryption.
  4. information-theoretic security:

    a cryptosystem whose security derives purely from information theory. In other words, it cannot be broken even if the adversary had unlimited computing power.r3

  5. pseudorandom: describes a collection of apparently random data which is actually generated by an algorithm in a deterministic manner.
  6. keystream: a continuous, (apparently) randomised stream of data which can be combined in some way (usually XOR) with the plaintext (to encrypt) or ciphertext (to decrypt).
  7. exclusive OR: a bitwise logic operator which returns true (1) if and only if exactly one of the inputs is true (1). For example, the result of XORing 1100 with 1010 is 0110. We’ll see more about this in the next installment.
  8. deterministic: describes an algorithm and an outcome which is repeatable in all cases if the same exact input is provided to the system.