Why is cryptocurrency open source? This paper from 1999 explains
The open source software debate has taken on a new life with cryptocurrency.
Cryptocurrency's roots go back further than bitcoin. In fact, bitcoin was just the first cryptocurrency to use the blockchain, rather than the first cryptocurrency ever.
Other early cryptocurrencies include now venerable names like World of Warcraft (WoW) gold, a digital currency designed for use as a store of value and a transfer medium in the gaming universe of World of Warcraft. It used a proof-of-work mining algorithm in which users would engage with the WoW ecosystem via their computer's graphical interface and complete various digital tasks to be rewarded with gold.
As the fiat currency value of WoW gold increased, it attracted more miners without any corresponding difficulty adjustment, eventually leading to substantial inflation and a collapsing economy.
Today's cryptocurrencies seem to have learned from the problems of the past. For example, bitcoin and many others will adjust mining difficulty to prevent massive inflation when mining power increases.
It's no surprise that almost everything cryptocurrency, from the coins to the exchanges to the wallets, are built on open-source software. This paper from 1999 might be more relevant than ever, especially with a few wallets and coins still being partly or entirely closed source.
As a cryptography and computer security expert, I have never understood the current fuss about the open source software movement. In the cryptography world, we consider open source necessary for good security; we have for decades... open source isn't just a business model; it's smart engineering practice. - Bruce Schneier, 1999
What does open source mean?
Open source simply means the software code is publicly available for anyone to read. In cryptocurrency, it's become something of an industry standard to publish the code on GitHub for reviewers to examine.
There are two main reasons for this:
- It helps assure users that a project is legitimate. People can check to make sure there are no backdoors or other suspicious discrepancies coded into the system, and it is easier to spot other red flags. For example, it was recently discovered that the Tron coin had plagiarised some of its code, leading some buyers to drop support for the project.
- Open source is safer. Open-source systems might get pored over by hundreds of experienced cryptographers for thousands of hours, leading to much quicker identification and fixing of bugs and errors. Plus, if a system depends on secrecy for security, then it's only secure as long as it remains secret. Open-source systems don't have that problem.
The downside of open source is that anyone can see, take and use the code. In many cases, the risk of plagiarism makes open source untenable. After all, why would you put effort into programming a system when anyone can come along later and simply steal your work to offer it at half price?
Cryptocurrencies don't really have this problem. A coin's value is derived from enough people agreeing on its worth. A simple imitation won't be worth too much.
What they said about open source in 1999
Many of the benefits of open source 20 years ago still hold true today.
"Security has nothing to do with functionality."
Most tests are focused on functionality rather than security, so beta testing of closed-source software will almost inevitably leave vulnerabilities unfixed. The only way to pick up security problems in software is to have enough experienced people go over its code in detail.
True to crypto form, this is becoming increasingly decentralised. Bug bounties, which reward cryptographers for identifying problems that need to be fixed, are common for coins, exchanges and wallets.
"If an algorithm is only secure if it remains secret..."
"If an algorithm is only secure if it remains secret, then it will only be secure until someone reverse-engineers and publishes the algorithms." Closed-source programming naturally has a lot more weaknesses than open-source programming.
This weakness takes the form of the people who wrote the code or who might otherwise be able to access it. Any one of them might be able to exploit or release it at any time, meaning the system is only secure as long as the people involved do their part.
With cryptocurrencies, where there might be billions of dollars on the line, this kind of vulnerability is naturally quite unacceptable.
"Anyone who creates his own security protocol is either a genius or a fool"
It will often make more sense to use and build on open-source cryptography rather than start from scratch.
"Open cryptography is not only better – it's cheaper, too. The same reasoning that leads smart companies to use published cryptography also leads them to use published security protocols: anyone who creates his own security protocol is either a genius or a fool. Since there are more of the latter than the former, using published protocols is just smarter."
If you're using a closed-source system in cryptocurrency, you should probably ask yourself why it's closed source and whether there's any clear reason for it.
Cryptocurrency projects using closed-source systems
Wherever a cryptocurrency-related project uses closed-source systems, it's usually called out quickly. Without a valid reason for it, it's probably a cause for concern.
IOTA closed source
One of the only top coins by market cap to include closed-source code is IOTA, whose security-oriented "coordinator" is designed to ward off potential threats until the network is big enough to defend itself.
Exodus wallet closed source
Exodus's founders explain this as a business decision. Its main features are a smooth user interface and a range of functions, but making this all open source might compromise its growth.
Jaxx closed source
In the case of Jaxx, its developers are constantly working on a way to strike a balance between open and closed source in order to limit replicability while ensuring maximum security. At the time of writing, everything except its UI code is open source.
This was done to limit the number of imitation wallets, malicious or otherwise.
The downside of open source
One of the main downsides of open source in cryptocurrency is the problem of imitators. Wallets and exchanges in particular will often have their code stolen and used to set up a phishing website or app. They might then use Google ads or SEO tricks to appear in Google search results.
Because they look exactly like the real thing, an unsuspecting visitor can easily be duped by the imitations. Closed-source systems don't prevent these imitators, but they do prevent easy duplication of sites and programs.
It's possible that partially closed-source systems, such as that used by Jaxx, will become more common in the future.