IN THE EARLY bitcoin years, proponents promised that you would soon be able to pay for anything and everything with cryptocurrency. Order pizza! Buy Etsy trinkets! Use a bitcoin ATM! While PayPal had existed for more than a decade, frictionless, social payment platforms like Venmo were just first taking off, and cryptocurrency seemed like a legitimate way for digital transactions to evolve.
It didn’t happen. Cryptocurrency remains confusing and challenging for the average person to acquire and manage, much less sell. And the protocols that underlie bitcoin and other mainstream cryptocurrencies like ethereum suffer significant scalability and transaction bottleneck issues. Visa currently processes about 3,674 transactions per second; the best bitcoin network might be able to process seven per second.
But now the creator of the dead simple end-to-end encrypted messaging app Signal, Moxie Marlinspike, is on a mission to overcome those limitations, and to create a streamlined digital currency that’s private, easy-to-use, and allows for quick transactions from any device. And while it may feel like the last thing the world needs is yet another cryptocurrency, Marlinspike’s track record with Signal—and the organization behind it, Open Whisper Systems—makes this a project worth watching.
The currency Marlinspike has been working on as technical advisor for the last four months, alongside technologist Joshua Goldbard, is MobileCoin. The two based it on the open-source Stellar Consensus Protocols platform, an alternative payment network that underlies systems like an inter-bank payment network run by IBM in the South Pacific, and the low-fee international money transfer service Tempoin Europe.
The Stellar blockchain is also generally regarded as being faster and more efficient than its predecessors; On Wednesday, the mobile messaging service Kik announced that it will move its Kin cryptocurrency platform from Ethereum to Stellar. “We’ve been using Ethereum to date, and to be honest I call it the dial-up era of blockchain,” CEO Ted Livingston said.
MobileCoin wants to leverage an extensive architecture to add simplicity to real privacy protections and resilience against attacks. The ultimate goal: To make MobileCoin as intuitive as any other payment system.
That vision mirrors the animating purpose of Signal, which was developed to make robust end-to-end encrypted communication as easy and straightforward as less secure options, a simple experience that belies the complex cryptographic communication protocols that enable it.
“I think usability is the biggest challenge with cryptocurrency today,” says Marlinspike. “The innovations I want to see are ones that make cryptocurrency deployable in normal environments, without sacrificing the properties that distinguish cryptocurrency from existing payment mechanisms.”
By contrast, the idea of MobileCoin is to build a system that hides everything from everyone, leaving fewer (or theoretically no) opportunities for abuse.
On the Node
Ideally, there would be a way to fix the structural problems of existing cryptocurrencies, rather than creating another new offering. But Marlinspike and Goldbard concluded that the only way to orient a cryptocurrency around user needs was to start from scratch, and architect everything with that “target user experience” in mind.
To that end, MobileCoin delegates all the complicated and processing-intensive work of participating in a blockchain ledger and validating transactions to nodes—servers with constant connectivity that store and work on a fully updated copy of a currency’s blockchain. The nodes can then provide software services to users, like apps that seamlessly integrate easy and quick MobileCoin transactions. The nodes also handle key management for users, so the public—and particularly the private—numeric sequences that encrypt each person’s transactions are stored and used by the node. But crucially MobileCoin is designed so the node operators can never directly access users’ private keys.
‘If you can’t look at the ledger, how can you cheat it?’\
JOSHUA GOLDBARD, MOBILECOIN
This is where the special features of MobileCoin come in. The currency is designed to utilize an Intel processor component known as Software Guard Extensions, or a “secure enclave.” SGX is a sequestered portion of a processor that runs code like any other, but the software inside it can’t be accessed or changed by a device’s broader operating system. Computers can still check that an enclave is running the right software to validate it before connecting, but neither MobileCoin users nor node administrators can decrypt and view the enclave.
“If you put the cryptocurrency inside of the secure enclave, then people can run the nodes without seeing what’s happening inside them,” Goldbard says. “If you can’t look at the ledger, how can you cheat it?”
Marlinspike first experimented with SGX for Signal as a workaround so users can find people they know on Signal through their address books without exposing all of that data.
“MobileCoin is designed to be deployable in normal resource-constrained environments like mobile devices, and to deliver a simple user experience along with privacy and security,” Marlinspike says. “The design gives you the benefits of server assistance without the downsides of having to trust a server to act appropriately and not be hacked.
The platform has other protections layered with SGX as well. Even if someone compromised a MobileCoin enclave and could view the transaction ledger, one-time addresses and special one-time signatures for each transaction would still prevent an attacker from being able to trace and link events. And a privacy bonus of the Stellar Consensus Protocol is that the nodes don’t need to store a full transaction history in the blockchain; they can discard most data after each payment is completed. These components make MobileCoin more resistant to surveillance, whether it’s coming from a government or a criminal who wants to track and extort users.
There are lots of potential applications for MobileCoin, but Goldbard and Marlinspike envision it first as an integration in chat apps like Signal or WhatsApp. Here’s how it would work in practice: To start using MobileCoin, you would generate a public and private key, and a recovery PIN. Then you would set up your account with an app that incorporates MobileCoin. The app would validate the software running in its service’s node, establish an encrypted communication channel to the enclave, and then send your keys and the short, easy-to-remember recovery PIN that you’ll use to access your MobileCoin—like a smartphone lock passcode.
To send MobileCoin to your friend Brian within a service that both of you use, your app would look up his public key, generate a one-time key and signature to use for the transaction, and send the transaction to the app’s MobileCoin node. The node would sync and validate the transaction, update the ledger, and check the one-time key and signature to prevent spoofed double-spending. At this point Brian’s MobileCoin node would take over, receiving and validating the transaction and communicating with Brian’s app to generate the one-time private key that will allow Brian to receive the payment. And then Brian gets a notification that you paid him. The messaging app (or whatever service you’re both using) doubles as a wallet for each of you.
It’s a complicated process to wade through. The point of MobileCoin, though, is that you and Brian don’t have to worry about any of it. The complicated parts all take place in the background.
The MobileCoin site, where developers looking to adopt the cryptocurrency will ultimately be able to access the software development kit, currently houses a white paper describing how MobileCoin works in more detail. But Goldbard says that the currency is still six months to a year from release, while he and Marlinspike refine the platform to eliminate potential problems, like the possibility that secure enclaves can inadvertently leak data.