Questions for Grams regarding Security and Anonymity of Helix and Helix Light

I've been looking at Grams Helix and Grams Helix Light. A lot of what they say here on the sub, on their website and in response to previously filed issues just doesn't sit well from an infosec or crypto development perspective.

See related thread:

I've looked at Grams, and like at least 2 other researchers who have posted here i've found that unmasking the bitcoin trail through the site is trivial, finding user inbound addresses on Grams Light is trivial, that some answers in this sub contradict what takes place and that the very marketing pitch of what Grams Light does contradicts secure practice, and more. Unlike the last two guys who posted issues here and then got railroaded in response - i'm going to let Grams answer questions and go on the record before I post issues or send them to grams first.

I was going to do this next week, but it kicked off today because of Grams' response to a pretty simple question in this thread

Note that i'll publish a complete detailed breakdown of the issues (research still ongoing) but in the interim i'll kick this process off by asking Grams and their admins questions here in the open.

Questions for /u/gramsadmin :

Extra question that you don't have to answer, but it would be interesting:

That is about it - you should be able to answer those questions without "compromising your security". For anybody else reading: transparency and openness are essential in the design of secure systems. If you system cannot stand up to scrutiny and peer review of it's design then it is not secure

It is generally accepted as a first rule in crypto design circles that obfuscation = insecurity and vulnerability. The only way to securely architect a system is to do it in the open:

Schneier - "Open source and security":

In the cryptography world, we consider open source necessary for good security; we have for decades. Public security is always more secure than proprietary security. It's true for cryptographic algorithms, security protocols, and security source code. Cryptography has been espousing open source ideals for decades, although we call it "using public algorithms and protocols." The idea is simple: cryptography is hard to do right, and the only way to know if something was done right is to be able to examine it. This is vital in cryptography, because security has nothing to do with functionality. You can have two algorithms, one secure and the other insecure, and they both can work perfectly. > They can encrypt and decrypt, they can be efficient and have a pretty user interface, they can never crash. The only way to tell good cryptography from bad cryptography is to have it examined. Even worse, it doesn't do any good to have a bunch of random people examine the code; the only way to tell good cryptography from bad cryptography is to have it examined by experts.

Phil Zimmerman - "Beware of Snake Oil":

you don't have to trust my word on the cryptographic integrity of PGP, because source code is available to facilitate peer review.

Whitfield Diffie (inventor of public key crypto) - "Risky Business: keeping security a secret":

A secret that cannot be readily changed should be regarded as a vulnerability.


Comments


[11 Points] gramsadmin:

I am sick of people like you accusing me of things for no reason.

If you don't like my service, don't use it.

You can even tell everyone else not to use it.

There will still be tons of satisfied customers that use it every day. You know why?

Why aren't you asking these questions to bitcoinfog and bitblender? Do you work for them?

The reason you aren't asking them is because I have the best service and I am around here helping users day in and day out. Other tumbler services don't answer user's questions on here, or at all sometimes. I am always around here because I give good support. Just another reason users love my service. But if I have to keep answering accusations every week like this I might rethink hanging out here so often.

As far as

It is generally accepted as a first rule in crypto design circles that obfuscation = insecurity and vulnerability. The only way to securely architect a system is to do it in the open

I am not in the crypto design business. I am not creating a secure algorithm. I am running a business that removes the link on the blockchain between 2 bitcoin addresses.

How I do it is not for you to know.

Would you like to know where my servers are too?

Yes there is ways to figure out where a helix light transaction came from ... Only if you know they used helix light and they didn't use any of the anonymizing features. Even then it is just unsubstantial evidence at best. All anyone would have to do is ask "Is it it possible that someone else not related to the end address sent a transaction around the same amount 20 min before and this end address is not from a helix light?" The answer is always yes.

If I gave you a list of 100 bitcoin address and ask you to find the source they came from. With you not knowing if they came from helix, helix light, helix light with anonymizing features, bitcoinfog, bitblender, or no tumbler at all. There is no way you would know what to look for and could not find the source. That is what LE would be dealing with if they seized a market or were monitoring market addresses.

I will not respond to anymore of these types of post

GramsAdmin


[5 Points] 0xb44d:

To demonstrate the lack of security and privacy with Helix i'll be picking a day at random over the next 10 days and publishing every Helix transaction that took place on that day (outbound address, Helix intermediary address, inbound address).

If anybody thinks this is a bit over-the-top, please let me know and i'll try to find another way to demonstrate this without compromising users (who are, in any case, currently already compromised).

My problem is that /u/gramsadmin has a history of being antagonistic towards security researchers (including in this thread) and I don't want him wriggling out of problems in the same way he did with the last two reported issues (where he fixed issues, but then denied there were any issues - despite announcing that he had fixed them. No idea how that works, but many users here bought it up)


[2 Points] pinkpanther227:

I highly doubt grams' service is secure. I remember an incident that happened early in his career that makes me question whether he has any knowledge about infosec.


[1 Points] mix0mix:

Try MixMyCrypto instead