Proposed Wiki: Attacks on crypto security schemes

in #crypto8 years ago (edited)

Cracker!

Cryptocurrency is now the driving force behind cryptographic security research. Much of that knowledge is inside a collection of interested minds, usually working in the field. They will publish papers, but it can be tricky to find and digest the right ones from the vast paper stack.

Want to know what weaknesses have been discovered in Ethereum's EVM, smart contract constructions; Bitcoin node code; proof of stake 1.0, 2.0, 3.0; BigChainDB's use of clustered RethinkDB; Permissioned ledgers supported by certificate authority based key trees, etc, etc? Me too!

Aggregating this information into a nice structured and thoroughly referenced wiki article has not been done, as far as I am aware. Such a (forgive me...) centralised knowledge base would enable speedy due diligence and help direct research into the dark forgotten corners of the science.

Sort:  

I think these kinds of cryptographically decentralized social networking experiments such as steemit, qora, masknetwork, are really important for the pursuit of group development of high profile concepts like security exploits, which are very controversial and may be sabotaged or censored.

Some cryptocurrencies have known vulnerabilities now which simply have not been plugged yet, and so people are unsure whether to talk about them. The end result is sometimes that they are forgotten and never fixed !! If they were openly discussed they could be openly fixed, with the understanding that all software has vulnerabilities and simply needs repair. Widespread use of the exploit leads to widespread notice of it and hopefully somebody with the wherewithal to aid in the plugging the problem notices and steps in.

Some kind of reliable "reputation" is needed to back a distributed wiki similar to these distributed social networks, so that posts from reputative sources can maintain strength in the wiki page, and be supported by those who want to read these things, without controversy resulting in loss of information.

However, my fears of conflict and sabotage may be unfounded. I imagine there are wikis out there that simply need a "known vulnerabilities" page to be incubated.