Tag: cryptography

NFTs – Are they just a balloon?

In an economy, the standard categorization of assets is divisible and non-divisible. We could categorize all FIAT currencies, gold, land, etc., into divisible assets – everything we could divide into smaller chunks. On the other hand, a non-divisible asset is an asset that we can not divide legally – for example; we can not cut a piece from a painting and sell only it. The same is true for apartments, buildings, collectibles, etc. A unique number or id usually identifies both types of assets, but assets of non-divisible kinds sometimes could only have one copy.

We can see many parallels if we return to the crypto world and translate between the previous paragraph and the different tokens offered by the various crypto exchanges. In crypto, we call all divisible tokens “fungible”. Examples of such tokens are bitcoins, etheriums, and any other cryptocurrency. To verify transactions over the set of these tokens, we use the nature of how blockchain networks work. Every transaction is cryptographically signed, and one transaction keeps the metadata for the tokens transfer between two or more wallets. Usually, in this metadata, we store the unique id of the divisible token (when we split the token, we typically generate a new id/number for every part of the split).

You can see how financial people distinguish the fungible and non-fungible tokens/assets on the diagram. The non-fungible is usually a unique piece of art or collectible

The programming logic used to implement the described set of features is called a smart contract, and it could be described as a daemon program (for people who are not aware of the terminology, this is a service program running in the background), which operations could be stored into the ledger storage and are cryptographically signed. So essentially, when we transfer tokens, we call this program and its API.

Let’s return to NFTs now. Essentially, NFT means non-fungible token and is a non-divisible asset by its logic. Every NFT has a unique ID similar to the standard tokens and could be transferred between owners. There is a slight difference that we can not divide them, and currently, the protocol does not support multiple owners of the same NFT. Additionally, unlike standard tokens, NFTs could be emitted only by manual intervention but not auto-generated by the protocol itself as rewards.

A more profound analysis of the described behavior could give us the insights that NFS was designed to replace the standard legal contract by enabling the parties to upload their deal’s metadata into the blockchain. And thus to probably avoid the use of notary or at least to digitalize their work.

But how does this transfer to digital arts and collectibles? Usually, digital art is a digital file in some format (most of the time, we speak about images, but this could be a whole game model into a video game, for example). And copying a digital file is one of the basic operations we are taught when using computers. And here comes the help from cryptography – we could easily calculate a hash of the file, generate a random id for it, and sign them from the issuer name. This way, an artist could upload their file multiple times and offer a unique NFT for every file copy.

In conclusion – NFTs’ way of working is quite promising. With some will coming from governments around the World, it could easily automize and speed up the performance of different legal frameworks. Additionally, it would increase the visibility and clarity of how they work. At the same time – unfortunately, the way use it, aka selling pictures of cats and game models, is a little bit speculative. Unfortunately, it inherits some of the disadvantages of traditional fungible tokens, especially the problem with the emission of new assets into the network.

How cryptocurrencies can help small communities?

One of the things I like the most about the cryptocurrencies model is that it gives an alternative. An alternative to the standard financial model, where you have a centralized certification authority and issuer, which issues new coins, banknotes, or whatever is the name of the payment object for the payment system. One big problem with that system is that it leads to centralization and naturally converts the places with issuer rights (aka central banks) into cosmopolitan districts. The traditional banking system gives them much more economic power than the smaller and more rural communities.

In comparison with cryptocurrencies, everyone can open a bank. We even can choose whether to have a distributed or centralized issuing model. In Bitcoin, for example, the issuing model is a distributed one, and this choice regularly leads to significant fluctuations in the exchange rates with the standard fiat-based currencies. Additionally, there is a cap on the number of Bitcoins, which can be issued, and this way, there is no realistic option for fighting inflation or even speculations. Having that in mind, I think we could agree that the Bitcoin model is far from ideal and could only play a digital alternative for gold, which automatically means that Bitcoin is not a currency in the traditional sense.

On the diagram, you can see a standard blockchain architecture, where the ledger is distributed, leading to distributed transaction signing and verification

Let’s analyze what will happen with the other model of a centralized issuer and no cap for issuing new coins. Still, it is essential to note that the transaction verification will remain distributed, such as in Bitcoin, but we will centralize only the issuing part. For sure, the model will need a legal way to inject itself into the standard fiat financial model and play nicely with it. At the same time, if we want to increase the local communities’ economic power, we shall need a solid local legal government-based entity doing the coin generation. And such a legal entity is the local area municipality.

Such an idea will effectively transform every municipality into a local central bank issuing new coins based on the economic stats for the metropolitan area governed by it. Additionally, at the moment, all the taxes are sent to the centralized bank. Once per year, the government decides how to distribute these taxes to all different city areas’ budgets. As an alternative, with the proposed model, we could choose to receive 30% of our income in the local municipality cryptocurrency and even pay our taxes on this 30% to the local municipality-based bank. Furthermore, the municipality could use this money to plan its budget.

In conclusion, cryptocurrencies can give us quite interesting financial alternatives. For sure, the exchange rates system between the different local municipality-based currencies will be an exciting problem to solve. However, we should keep in mind that we are already solving this problem globally, and we could take inspiration from how it is already solved. Some smaller cities and towns already tried issuing their cryptocurrencies. But, without the local taxes part, such endeavors are not economically viable and will not lead to any mass scale change.

Must companies be afraid of internal cyber attacks?

One of the biggest cybersecurity threats for companies is internal attacks. To function correctly, companies need trust. You could have the best access control level system in the World, but this will not help you if your system administrator is compromised. Yes, multi-factor authentication and secret key split algorithms can help you mitigate part of these threats. However, they are not widely used. Most SMEs do not have the resources and knowledge to implement a proper access control system and thus are pretty vulnerable to inside attacks.

On the diagram, you can see the different use cases companies can use cryptography. Modern access control frameworks use cryptography heavily to ensure access to data is more restricted than ever. 

Following are some of the internal security attack vectors through which attackers can gain access to information;

  • Information leakage: One of the most common and frequently used methods by cyber attackers is a simple leakage of information. Or, in other words, industrial espionage. Many employees could use this approach to avenge themselves.
  • Illegal activities: A company must be aware of any illegal activities going in their system. Some organization members could use this approach to frame the company or use it as a proxy when hacking.
  • Downloading malicious internet content: Most of the time, employees do not intentionally download malicious content; however, this happens. In both cases, a proper access control mechanism will mitigate or at least reduce the damage.
  • Social engineering: One of the most common ways for attackers to gain access to a network is by exploiting the trusting nature of the company’s employees. An information awareness course could quickly mitigate this attack. 
  • Malicious cyberattacks: Technically proficient employees can use their system access to open back doors into computer systems or leave programs on the network to steal information and wreak havoc. The best protection against this sort of attack is monitoring employees closely and being alert for disgruntled employees who might abuse their positions. In addition, experts advise immediately canceling network access and passwords when employees leave the company to avoid remote access to the network in the future.

In conclusion, unfortunately, because of the enormous rift in the trust between employees and employers, internal attacks can become the new trend. Companies must be aware of that and do their best to implement proper access control systems. Access to resources must be given appropriately and audited for every organization member, no matter whether CEO or a utility person.