Monthly Archives: February 2011

Virtual currency

Thanks to my new job, the rate of Stubborn Mule posts has declined somewhat over the last few weeks (to say nothing of Mule Bites podcasts!). Still, my commute has allowed me to catch up on my podcast listening and a particularly interesting one was the recent Security Now episode about the “virtual currency” Bitcoin. Here is how Bitcoin is described on their website:

Bitcoin is a peer-to-peer digital currency. Peer-to-peer (P2P) means that there is no central authority to issue new money or keep track of transactions. Instead, these tasks are managed collectively by the nodes of the network.

Given that e-commerce is already widespread on the internet, what exactly is new about this idea of a virtual currency? The key to this question is understanding the difference between money in the form of “currency” (notes and coins) and money in the form of balances in your bank account. Currency is essentially anonymous. If I hand you a $10 note, we don’t need anyone to facilitate the transaction and you can take that $10 and spend it with no further reference to me or anyone other else. To move $10 from my bank account to yours is quite different. Before we could even start, we both had to provide extensive identification to our respective banks to open bank accounts. Then, you would have to provide me with enough account information for me to instruct my bank to transfer money from my account to yours. Both banks would retain records of the transfer for a long period of time and, if the transaction was rather bigger than $10, the chances are that there may even be requirements for our banks to notify a government agency in case we were engaged in money laundering. Even if I paid you using a credit card, the information exchange would be much the same.

The Bitcoin virtual currency aims to mimic some of the essential characteristics of currency while allowing transactions to be conducted online. To do so, it makes very creative use of a powerful encryption technology known as “public key cryptography”.

Public key encryption involves encrypting data in a rather unusual way: one key is used to encode the data and a different key is used to decode the data. This is in contrast to “symmetric key encryption” in which the same key is used for both encoding and decoding data. To appreciate the difference, consider a less electronic scenario. I want to exchange messages with you using a locked box and ensure no-one else can open it. If we already have identical keys to the one padlock there is no problem. I simply pop my message in the box, pop on the padlock and post it to you. When you receive the box, you can use your key to open the box, read the message, reply and pop the same padlock on the box before sending it back. But what do we do if we don’t both have keys to the one padlock? There is a tricky solution. I put the message in the box, secure it with my padlock and send it to you. Once you get it, although you cannot open my lock, you add your own padlock to the box and return it to me. Once I get it back, I unlock my own lock and send the box back. You can then open your lock and read my message. While in transit, no-one can open the box. It’s certainly an elaborate protocol and, of course, I’m ignoring crowbars and the like, but it gives a rough analogy* for how public key encryption works.

When it comes to data encryption, both users will create a “key pair”. One key they keep to themselves (this is known as the “private key”) and one key they can share with the world (the “public key”). I can then let you (and indeed the whole world) know what my public key is. When I want to send you a message, I encrypt it using your public key and send it to you. The only way to decode it is using your private key, which only you have. Even though everyone can find out what your public key is, only you can decode the message. When you want to send a message back to me, you encode it using my public key. So, anyone who knows my public key can send me a message for my eyes only. As a side benefit, public key encryption can also provide authentication. If you send me a message encrypted using my public key, I would ideally like to confirm that it really came from you not someone else (after all, everyone knows my public key). To deal with this, you can also send a copy of the same message encoded using your private key. Once I have decoded your message with my private key, I can also decode the second message using your public key. If the two messages are the same, I know that whoever sent me the encoded message also had access to your private key, so I can be reasonably sure it was you. In practice, authentication works a little bit differently to this, using a “hash” of the original message (otherwise anyone could decode the secret message using your public key). This authentication process is known as “digital signing”.

All of that may seem like a bit of a diversion, but public key cryptography is at the heart of the Bitcoin idea. Essentially, a Bitcoin is a blob of data and if I want to give you one of my Bitcoins, I add your public key to the blob and then sign it using my private key. This means that anyone who has access to my public key (i.e. the whole world) can confirm that I intended to pass the coin onto you. As a result, Bitcoins have their entire transaction history embedded in them! To decide who “owns” a Bitcoin, we just need to look at the last public key in the transaction chain. Whoever owns that key, owns the Bitcoin.

“How is that anonymous?” I hear you ask. Since “keys” are just strings of data themselves, there is no reason you have to advertise the fact that, say “6ab54765f65” is your public key. While the whole world can see that the owner of “6ab54765f65” owns a number of Bitcoins, that does not mean that anyone has to know your secret identity.

The other important feature of Bitcoins is that there is no centralised coordinator of the Bitcoin records. There is no bank keeping the records. The Bitcoin algorithm is public and information about Bitcoin transaction histories is shared across a peer-to-peer network which allows anyone to independently verify Bitcoin transactions.

It’s a fascinating idea and I don’t know if it will take off. It is only in beta, but there are a number of websites that have begun accepting Bitcoins for payment, as well as sites which will trade Bitcoins for “real” money. I will be watching with interest.

* It really is quite rough, only showing that a secure exchange without key exchanges is possible. Other features, such as authentication and the key asymmetry (either key can lock and then the other key unlocks) are not captured.

Mobile coverage

A friend and regular Stubborn Mule reader drew my attention to an article in the Sydney Morning Herald this week about the Australian telco Telstra. Much of the recent commentary has focused on the implications of the national broadband network (NBN) for Telstra. While the NBN certainly gets a mention here too, for me the most striking paragraph deals with the extraordinary success Telstra has been having of late in the mobile phone market:

In the December half, the group added 420,000 bundled customers — customers on bundled deals tend to be “stickier” and stay with a telco longer than those who sign on for only one service — and it added 139,000 retail fixed broadband customers. Most importantly, it added 919,000 mobile phone customers: that’s the biggest mobile phone customer growth Telstra has produced for more [sic] a decade.

Gaining almost 1 million new customers in six months is quite an achievement in a country with a population of around 22 million. My own experience may shed some anecdotal light on Telstra’s success. I switched from Virgin mobile to Telstra late last year. The main reason was network quality. Virgin use the Optus network which I found extremely unreliable, even in central parts of Sydney. Sitting in a café in Glebe with no signal and seeing the person next to me with four bars on a Telstra phone had become too much. Customer service did not come into the decision: as far as I can tell, all the providers are equally atrocious on that score. So that just left price. When I first signed up with Virgin a couple of years earlier, Telstra may have had the superior network, but charged a hefty premium for it. But since then their prices have become far more competitive, which made the decision to switch very easy. I know a number of other people who have switched for exactly the same reason.

Even so, 1 million new customers is an impressive result for such a short period of time. This prompted my source to do some further research. According to a Wikipedia article about mobile phone penetration, in 2006 Australia’s population of 20.8 million owned 19 million mobile phones*. By 2007, that figure had grown to 21.3 million while the population was up to 21.2 million and so there was more than one phone for every man woman and child in the country. I have no doubt that the number of mobile phones has continued to grow faster than the population since then.

But despite over 100% mobile phone penetration, Australia is far from being the country most in love with mobile phones. The chart below uses the Wikipedia statistics to show the top 20 countries and the statistics are intriguing and not a little mysterious.

Top 20 Countries by Mobile Phone Penetration

Montenegro is clearly in the lead with almost two phones per capita. There is a bit of a drop down to Saudi Arabia with a penetration rate of 170%. On 151%, Hong Kong comes in third and leads a closely packed group all close to the 150% mark. Continuing down the list, penetration rates fall gradually down to Chile at 113% which means that Australia does not even make it into the top 20. In fact, even New Zealand ranks higher in 23rd place, while Australia is only in 31st place.

Of course, differences in timing of both the phone and population figures mean that the Wikipedia article will not be very accurate, but the overall picture remains impressive for someone like myself who is old enough to remember a time before mobile phones. And if anyone has any theories why Montenegro has so many mobile phones, please share your theory in the comments below!

* Unfortunately the Wikipedia article cites no source for the 19 million figure. Population statistics are sourced from the Australian Bureau of Statistics.