nChain’s Key Generating Software Is Not Open Source

0
1103

nChain, the Jimmy Nguyen and Craig Wright blockchain scaling company that focuses entirely on Bitcoin Cash, is not open source. This, despite creating key generating software that is crucial for security.

nChain’s SDK, dubbed “Nakasendo” has a Github repository that is completely devoid of source code. There is a file that says “source code” but inside curious users will only find the same license and readme file available separately on the Nakasendo repository.

While it is not unusual for developers to open a near empty repository in order to act as a holding page for when the real work begins, it is the license already included that disqualifies nChain from being open source.

Bitcoin Cash, of course, is a fork of Bitcoin which is entirely open source. But the new key generating software that Craig Wright recently patented, is separate from the Bitcoin Cash. While it is, allegedly, designed to work with Blockchain technologies like Bitcoin and Bitcoin Cash, it presumably (we can only presume because the actual source code is unavailable) is new software.

While most “open source” software uses the MIT Open Source License, or one of the other prefab licenses that work just as well but have slightly different rules, nChain decided to write their own license called the “Open Bitcoin Cash License”.

That license includes condition and limitation “f” which says in bold

“Blockchain/Platform Limitation. The licenses granted in sections 2(A) & 2(B) extend only to the Software or derivative works (such as applications using the Software) that you create that operate on the Bitcoin Cash (“BCH”) blockchain.”

The “2(A)” and “2(B)” licenses are the only rights granted in the paper.

Craig Wright, who is best known for failing to prove he is Satoshi Nakamoto, has also been issuing patents in relation to the cryptocurrency technologies he claims to have developed. In response, Vitalik Buetrin, the creator of Ethereum, asked on Twitter if the patent could be challenged and claimed it was no different than the “public master key-based deterministic wallets” that have been around since 2013.

Reading through the patent, it does seem somewhat similar. Seemingly, what makes it different is that it generates the second private key for a node by using parts of another node’s public key and its own first private key.

However, I am unsure if that concept has been used in other technology previously.

CoinJournal reported earlier this year that one of Craig Wright’s academic papers was copied almost entirely from a previously published paper by a different entity, i.e. it was allegedly plagiarized.

Regardless of the actual technological legitimacy of the patent, neither the “Open Bitcoin Cash License” nor nChain’s potential technology can be considered “open source”

According to Opensource.org, whose definition is derived from “The Debian Free Software Guidelines (DFSG)” open source software must follow a few principals.

First, the software “must not discriminate against any person or group of persons.” While this is seemingly meant to head off racist, sexist or other bigoted directives, it does not specify that. By the letter of the law, the “Open Bitcoin Cash License” does discriminate against a group. That group includes every supporter of blockchain technology that is not developing for Bitcoin Cash.

While that is a bit of a stretch, other terms of the open source definition spell it out more clearly.

Number six prohibits the restriction of industry “The license must not restrict anyone from making use of the program in a specific field of endeavor. For example, it may not restrict the program from being used in a business, or from being used for genetic research.”

Number eight prohibits tying the technology to a specific product “The rights attached to the program must not depend on the program’s being part of a particular software distribution.”

Number nine prohibits the restriction of other software “The license must not place restrictions on other software that is distributed along with the licensed software.”

Arguably, the “Open Bitcoin Cash License” breaks all of these qualifications. But it is rule ten that unequivocally defines the “Open Bitcoin Cash License” as anything but open source. It states in very simple terms that the software must be technology-neutral. “No provision of the license may be predicated on any individual technology or style of interface.” The Open Bitcoin Cash License requires users to use it on the Bitcoin Cash Blockchain.

While nothing about nChain’s license is illegal, they are free to make their software closed source, the naming of their license is misleading. The “Open” part has an implication that the software and license is open, but it is restricted to people who use the technology that nChain promotes and does not reach the standard of open source.

Furthermore, that the source code is not publicly available is problematic due to the nature of the software’s function. Judging by Wright’s patent filing, the software has to do with generating public and private keys. Without the source code being available for review (never mind its license restrictions) it is impossible for users to be sure that their keys are being generated in a safe and private way.

Even worse, the repository only includes an .exe file, and does not include a portable version that launches without being installed. This makes it easier for malicious software to be executed, run and hidden in user’s computers.

While there is no direct evidence that is happening (and it seems unlikely considering it would destroy what is left of nChain’s reputation) its the first point that is more significant. Without the source code, users cannot verify that their keys are being generated in a safe way. They have to trust nChain to run software on their computer responsibly. And they have to trust that the software generates the keys in a safe and private way, with scant evidence that is the case.

This isn’t just a complaint about nChain not following what many people think are the fundamentals of cryptocurrency development. The fact is, companies, even well funded and technologically competent ones, make mistakes all of the time. Without even access to look at the code (much less republish it), no one can tell if their key generating software is secure or even unique.

Also, as has been pointed out by redditors and other online commentators, what “Bitcoin Cash” is, is hard to define. You have proponent Roger Ver claiming that Bitcoin Cash is bitcoin full stop. You have the potential for more hard forks in the future. If it does fork, as it forked off of bitcoin, who will decide which chain is the “true” bitcoin cash? We know by Bitcoin Cash proponents claim that it is the real bitcoin, that they don’t consider hashing power or the longest chain to be the determining factor. So what is? nChain’s opinion?

It is not clear what nChain plans to do to people who violate their license. Presumably, if the person refused to stop, they would pursue legal action. That is the fundamental function of licenses in the end, to make a legal framework and enable legal action.

We have reached out to nChain multiple times through email and twitter and have not received a response. Because of that, it is not clear if they consider their license to be open source or not. A recent job posting on their site says they create “open source and proprietary technology.”

We do know one thing. The man who claims to be Satoshi Nakamoto is now developing in a closed-source environment.

While I disagree with using Satoshi’s vision as a means for debate, when you are talking about the man who claims to be Satoshi, it is a bit more relevant.

I can’t imagine Satoshi Nakamoto would ever restrict his technology to those who agree with him. The entire concept goes against the power of open source. Satoshi made mistakes when developing the Bitcoin code. Many of those mistakes were fixed by other developers working collaboratively with him in an open source environment. Had Satoshi demanded that every developer working on the code work on it only in the way he specified, it is almost certain that Bitcoin and cryptocurrencies, in general, would not be where they are today.

The “Open Bitcoin Cash License” is not open source or “open” at all. It is an abomination and an affront on the crypto-revolution.