Meet the Bitcoin Foundation’s Newest Core Security Auditor, Sergio Demian Lerner

Interview with Sergio Demian Lerner
Interview with Sergio Demian Lerner

Back in November, the Bitcoin Foundation announced that it would solely focus on Bitcoin core development. They also mentioned “two critical, long-standing, unmet needs,” which included “somebody dedicated to ongoing security review of changes to the core code,” said the announcement. “We (the Foundation) hope to announce a new hire to fill this role very soon.”

Now they have found the person for this position in the form of Sergio Demian Lerner. The official announcement reads:

“As Core Security Auditor, Sergio will be dedicated to the ongoing security review of changes to the core code. Sergio has been volunteering his time and expertise since March 2012 and over the last couple of years, he has found, reported, and helped fix several vulnerabilities in the core code. Sergio has been an independent security researcher and consultant since 2011 and will continue to work with his other clients in addition to his role at the foundation.”

Cointelegraph interviewed the Foundation’s newest security auditor to get his thoughts on everything from his experience, future plans, Bitcoin security, to the potential of cryptocurrencies in Latin America.

Cointelegraph: You have recently joined the Bitcoin Foundation. Could you tell us a little bit about your past experience with cryptocurrencies, and why you were chosen?

Sergio Demian Lerner: My past experience with cryptocurrencies is having learned a lot about them from the Bitcoin early visionaries and the core developers, up to the point where I started designing improvements and new cryptocoins. I'm also aware of all academic papers on the subject, since Chaumian blinded coins to Gün Sirer, Eyal and Miller's work. I have a background in computer security that began back in 1994, and I've dedicated a lot of time in the last two years to audit the Bitcoin source code periodically, so I think they trust me, and of course, I fully trust them. That is very important in the security field.

CT: What are your goals at the Bitcoin Foundation?

SDL: My goal has always been to help secure the Bitcoin Core (independent of any foundation). The Foundation understands this goal is critical, so they've decided to support my work. I'm very thankful to them because of this.

“[I]f you're building on top of the Bitcoin Core, you need to protect your investment by protecting the Core.”

Bitcoin Foundation

CT: Back in November the Bitcoin Foundation in the US shifted its focus primarily to Bitcoin core development. Do you agree that this should take priority over public relations and lobbying, for example?

SDL: Yes, I see this shift as very positive. The core development group needs support to face the challenges to come—scalability, security and extensibility. Also by having set aside politics, I foresee that more companies will want to contribute to the Foundation: If you're building on top of the Bitcoin Core, you need to protect your investment by protecting the Core.

CT: Could you tell us your vision for Nimblecoin, QixCoin, and FirmCoin?

SDL: These were basically concepts that were a bit before their time, so I waited. But now innovation is going at light speed, so I'm teaming up with people to make them happen.

NimbleCoin is a cryptocurrency with a five-seconds block interval, which allows instant payments without intermediaries. I designed it to test how short the interval could be and still have all the nice properties of decentralization, and to eventually propose this to be implemented in Bitcoin as a hard fork.

“I will try to achieve something that has never been tried: create a cryptocurrency that can be Bitcoin's best friend.”

As this seems to be very difficult in the short term, I will try to achieve something that has never been tried: create a cryptocurrency that can be Bitcoin's best friend. Basically this means creating an infrastructure to integrate NimbleCoin with Bitcoin in a hybrid wallet in such a way that you won't know that you're using NimbleCoin to make instant payments. The wallet will transparently convert Bitcoins to Nimbles, pay with Nimbles, and then convert them back to Bitcoins transparently.

Also Nimblecoin will be doing merge mining with Bitcoin to give Bitcoin miners the opportunity to increase their income in case the Bitcoin price stays below the Bitcoin mining profitability threshold. Last, the NimbleCoin has no pre-mining at all, which is something very rare [in] these times of easy appcoin founding. I want to stick to Satoshi's ideal for coin distribution.

QixCoin is a project that started before Bitcoin was created in 2009, when I was researching on peer-to-peer poker. This is a system to play the card game by parties around the globe without third parties (e.g., the online casino). I'm planning on building an ecosystem that anyone can participate in so the existent online casinos can join and create their own new business models over a distributed open platform, provided of course [that] they comply with the regulation that applies to them.

QixCoin is completely neutral and does not take part [in] gambling. It's pretty disruptive and we'll launch it during 2015. QixCoin was the first Turing-complete proof-of-concept cryptocurrency I developed in early 2013. I didn't foresee the crypto-financial applications of smart contracts though, as Vitalik did. But now that Ethereum has gone ahead of my proof-of-concept code, I'm planning to reimplement it on top of Ethereum, if Ethereum can provide the tools and VM kernel I need to run my applications. If not, then I may push the original QixCoin platform until the final product.

Firmcoin is a micro-controlled banknote. As far as I know, it is the only possible offline means of payment with Bitcoin that has a sound security model based on the economic incentives of hacking the device. Once Bitcoin goes mainstream, I foresee that a high fraction of the transactions will be carried offline, as they are cheaper and we still pay with cash in our everyday lives (at least we do in Argentina). Also I think that in the future, fiat money will be based on Firmcoins. It's just better than paper money. It's the only substantial evolution of paper money in 800 years.

“I expect we'll be using Bitcoin-loaded Firmcoins in every part of the world in two years.”

When you receive Firmcoins, you can transfer the funds instantaneously to your mobile wallet and reload them into the device at a later time, without the need to connect to the manufacturer and ask permission from someone. The only problem is manufacturing cost, because a secure Firmcoin costs about 8 USD to manufacture, and that's still too much for a disposable device. Nevertheless, you can subtract from the payment amount the cost of each Firmcoin physically handled, so it's not a big deal. Also, technology gets cheaper over time. I expect we'll be using Bitcoin-loaded Firmcoins in every part of the world in two years.

I'm an optimistic person.

CT: You also hold several patents for Bitcoin mining ASICs. Have these been implemented yet?

SDL: No. The mining industry is entering a plateau because of the current Bitcoin price, so I'm not fully sure if a company will tape-out a new chip because of a 20% improvement in efficiency. However, I don't see any obstacle for a company to license this patent-pending technology, if it is willing to do a new tape-out in a new node, because it's a win-win situation.

CT: As a developer, what are your biggest concerns with Bitcoin right now?

SDL: First of all, I'm a developer, but not really a Bitcoin Core developer. I'm a Core security auditor. I have contributed very few lines to the project and I want to highlight the work of those who spent a lot of time programming, testing and fixing things. I hope that in the future more and more of these programmers have formal engagements with the Bitcoin Core, through the Foundation or through the help of private companies.

Back to the question. My biggest concern as a security auditor is to make sure the new releases are not vulnerable to any kind of computer security threat. But I'm also concerned that good documentation regarding security incidents and security threats is kept, and that future design decisions take into account every possible security implication.

CT: There have been many stories about Argentina’s capital controls and subsequent Bitcoin boom. Andreas Antonopoulos, for example, stated that Argentina could very well be the first country to adopt Bitcoin as a national currency. Do you think this is a valid prediction?

SDL: In the near future no, not at all. And it would be too risky for a country to do this. Bitcoin is still coming out of an experimental stage. But even if such a thing happened (anything can happen in Argentina), the country has a good record of making the same mistakes over and over, cycling though all possible and opposed economic solutions to the unsolved economic problems. So the Bitcoin-peso would probably last a couple of years, until a new decree is promulgated restoring the previous regime. We're shortsighted.


Did you enjoy this article? You may also be interested in reading these ones: