Interview with Jesse Buonanno on Blockchain
Interviewer: Cameron Boozarjomehri
Welcome to the third installment of the Knowledge-Driven Podcast. In this series, Software Systems Engineer Cameron Boozarjomehri interviews technical leaders at MITRE who have made knowledge sharing and collaboration an integral part of their practice.
Jesse Buonanno, a Cyber Security Engineer at MITRE, focuses on cyber operations. Jesse spends his spare time learning about blockchain and cryptocurrencies. While learning about Ethereum, he became heavily involved with CryptoKitties.co, building out their community engagement platforms, first as a volunteer, and then officially as a community manager. This work grew into exploring how smart contracts can enable cybersecurity capabilities.
Click below to listen to podcast:
Cameron: | My name is Cameron Boozarjomehri. I’m here with Jesse Buonanno. He’s a cybersecurity engineer, and today we’ll be discussing cryptocurrency and blockchain. |
Jesse: | All right, happy to be here. |
Cameron: | Yeah, so why don’t we start with a little background on you. Jesse, what’s your journey been through academia or since you started at MITRE? |
Jesse: | Sure, so I graduated from RIT with my BS/MS in Computer Security. I did two internships here at MITRE, and then I came on full time about a year and a half ago. Before that, not much cryptocurrency work. Only been doing cryptocurrency for the past, I guess, year now. |
Cameron: | When it comes to cryptocurrency, because of the different blockchains, you need different wallets to accommodate the actual transaction and movement of those coins either into cold storage or into warm storage, or however you want to do it. |
Cameron: | And when I refer to these, when I say cold storage, that means sort of like it might be a USB drive. That’s not powered. Or warm storage is like a separate machine that might be air gapped. But in this case, when it comes to a multicurrency wallet that you’re creating, how does this differ from things like, I believe it’s called Coinomi, or the different online wallets that tried to tackle the same problem of holding lots of different cryptocurrencies. |
Jesse: | The way that those wallets operate is they have a remote node that you as the user connect to and then push all of your transactions through the remote note that they control. Now, as you might imagine for government work, we don’t exactly want to rely on a third party to determine whether or not we can broadcast a transaction. So the purpose for us is we need to sync the entire blockchain and operate as a full node for each one of the cryptocurrencies that we want to support in order to 100% guarantee that the transaction that we’re doing is not interrupted on the network. |
Cameron: | When you’re dealing with these different blockchains…so I understand some of them are public like Ethereum, some of them are privacy preserving or private like Monero or Zcash. So in those cases, is there a lot of technical effort that goes into differentiating between one versus the other or do they all seem to operate on a similar enough protocol that, I guess, is a translator of sorts? |
Jesse: | Right. So that’s kind of where a lot of technical debt comes into play. So, yes, you can reuse a lot of the code for the forks of Bitcoin. So, for instance, the code that works for Bitcoin, with a few minor tweaks, is going to be able to work for Light Coin. It’s going to be able to work for Bitcoin Cash and any other Bitcoin-related forks, even like Doge Coin for instance. But when we get to separate blockchains that are…they were born entirely out of the concept and not straight-forked from Bitcoin such as Ethereum Monero…. For those you need to hopefully leverage an existing library. If there’s no existing libraries, then you’d have to follow whatever the white paper states is how they are doing things and then code it up yourself. |
Cameron: | And so just to give a little more context: When you mentioned forking, so the original project, Bitcoin, that spawned all of this interest that we’ve heard of cryptocurrency, and a lot of other coins, they took the exact repo and forked it to create a new blockchain that they would tweak certain attributes of to make it move faster. But then, as I mentioned before, the Zcash, Monero, these other ones, they are fundamentally different technologies in terms of how they manage information on the ledger. And so you’re saying because they are not just forks, the underlying technology is different enough that you really need to make a conscious effort to accommodate that difference. |
Jesse: | That is correct. So we are leveraging existing libraries that make what are called RPC calls, or remote procedure calls, in this case, to the Bitcoin daemon that’s running on the system. Now because forks of bitcoin will use more or less the same exact commands and take the same exact parameters, but once you start getting into other projects, they have their own scheme entirely. So, it’s not exactly a one-to-one copy/paste of code. |
Cameron: | And is your solution … Maybe calling it ad hoc might be a little reductive. But is the implementation, does it accommodate, say, if I want to … Like there’s a new cryptocurrency that shows up out of nowhere and we want to add that to the wallet. Do I have to go out of my way to implement some sort of RPC integration to include that? Or is it just a bunch of different, like I guess you call them, verticals or silos of different blockchain technologies all living together in the same place? |
Jesse: | Yeah, so unfortunately, yes. You’re going to have to make whatever accommodations are different from that coin. Assuming that it’s not forked from a known existing and supported coin. So for instance, if there was a fork of Ethereum, you may be able to leverage a lot of the existing work that you already did for Ethereum on the forked version of Ethereum. But yeah, one of the challenges is having to deal with all of these different silos, as you will, of cryptocurrencies and especially because there’s so many of them. Really determining the sponsor’s need for what they’re seeing in the field and prioritizing those has been kind of what we’re at the forefront of. |
Cameron: | From just your passion, I can tell you you’re very excited about crypto technologies in general. Beyond just cryptocurrency, do you see any other projects at play that you think are going to be important in the near future? Maybe not just in terms of currency itself, but in terms of how we interact with blockchain technology? |
Jesse: | Yeah, so another project that I’ve been keeping my eye on is something called Siacoin. And the purpose of Siacoin is to act as a decentralized storage. So think of Amazon’s S3, except there is a game theory and monetary incentive for there to be renters on the network. So people who go and request storage from hosts, and that is done through smart contracts so that everyone can trust each other, and you store pieces of encrypted data on each one of these hosts. And then you, since you own the private keys, can now be the only one to fetch those pieces of data and then put the file back together. |
Cameron: | Right, now, you mentioned smart contracts, which play a big role on the blockchain. I was wondering if you could quickly elaborate on kind of what a smart contract is and how it governs behavior on the blockchain. |
Jesse: | Sure. So you can think of a smart contract as code that exists at a location on the blockchain. Now if you want to execute a function in that smart contract, you have to pay a fee associated with it. The function itself might require some additional funding. It depends on the cryptocurrency they’re using. This is most commonly found in Ethereum, with Ethereum smart contracts. And then you can execute whatever that function does. So that function, it may perform, I don’t know, it might generate a key of some sort. It might manipulate some other data on the blockchain and it really depends on the purpose of the smart contract function. |
Cameron: | You mentioned something interesting about Siacoin, which was the game theory aspect. So I was wondering if you could kind of elaborate on that a little more. |
Jesse: | Right. So in the example of Siacoin, hosts have the ability to set whatever prices that they want. So they can set prices based on storage. They can set prices based on bandwidth. Maybe if you’re in Australia, you can have more expensive prices. And so it’s all financially incentivized such that it’s a free market and the renter is getting the best price. |
Cameron: | To be clear this, is setting prices for resources in terms of the in-system currency, which is the Siacoin. |
Jesse: | That is correct. |
Cameron: | You are literally paying to execute behaviors or run processes or get power with the Siacoin as opposed to how I feel most people think of coin, which is they literally think of the coin being exchanged for a monetary commodity. |
Jesse: | Exactly, and this is another one of the reasons why I like Siacoin so much it. It fits the definition of what we would call a utility token. So the token is just for a medium of exchange for a commodity. In this case, it would be the commodity of storage. And it doesn’t matter what the price exactly Siacoin is trading at that day, because the underlying Siacoin price that these hosts will be setting, will fluctuate based on the actual like USD price of Siacoin. So you could say the price of storage itself will be $2 per terabyte no matter what, even with the fluctuations in the actual Siacoin price. |
Cameron: | I think that something that people just really don’t know about the cryptocurrencies is that the real benefit is creating utility tokens where the platform itself facilitates as opposed to thinking of traditional models where if I want AWS to do something for me, I would be paying cash, and it might be a little harder for them to keep track of how does this cash translate into tangible benefits for the end consumer. |
Jesse: | Exactly. And not to mention I guess, I think it was sometime last year we had AWS outages with GitHub and Netflix and everyone going down. So I think it’s important from a just network health perspective to decentralize some of these surfaces more. |
Cameron: | Something else I wanted to talk about, and sorry to out you on your personal hobbies, but so when it comes to cryptocurrency, all currencies operate on the idea of fungibility—the idea that any coin is worth as much as any other coin. But they’re non-fungible commodity is such as CryptoKitties that exists on the blockchain. And I was wondering if you could tell us a little more about what those are and kind of how they bring a different spin to how digital assets can live on the blockchain. |
Cameron: | Why Cam is laughing a little bit is because for a short period of time, I was the community moderator for CryptoKitties, which is a token-based cat collectible game. And, yeah, so CryptoKitties are essentially… each token cannot be broken down. Where with Bitcoin, you can send fractions of a Bitcoin, whereas with CryptoKitties, each token is in itself unique. And that token is then tied to assets, in this case, your CryptoKitty and a specific genome. So if we think of maybe your cat has some fangs, they might have extra poofy ears or a poofy tail. It might be what they call fancy cats, which if all your genomes meet a certain criteria, your cat could turn into superman, or they released an NBA one with Steph Curry. |
Jesse: | Having the ability to have these tokens that you can’t split down, and they have unique value is starting to come into play specifically in the collectible space. |
Cameron: | And then to elaborate those little descriptors as I understood are called cattributes because, as software engineers, we can never take any excuse not to add a pun. But as part of the cattribute, you have the ability to breed CryptoKitties. Basically, you take two CryptoKitties, pay a certain amount of Ethereum, and it produces a new CryptoKitty with an assortment of the cattributes that are randomly chosen from both parents. |
Jesse: | Yes. And so that kind of gets into how they are playing this out as a game and in addition to just being a collectible thing. So they have a specific smart contract called the breed function or the breeding function. And you can call the smart contract when you supply two of your kitties and some ethereum as you were saying. And that smart contract actually calls another smart contract called the mixed genes function. And they purposely did not release the source code to this. So there were some people in the community that went ahead and reverse-engineered the Ethereum byte code to try and figure out what was going on there because there is some randomness and also some skill when it comes to picking the perfect two pair of kitties with the cattributes in order to make these exceedingly rare cats. Some of which if you read the headlines, have sold for tens of thousands to over hundreds of thousands of dollars. |
Cameron: | And then there’s still questions about the generation of cats. So as I understand the Gen zero cats where the cats that were released as part of the initial round of sale. |
Jesse: | Yeah, so the Gen zero cats themselves, think of them like new tokens being minted into existence by like the FED. So there was something called the kitty clock timer where every, I think it was 15 minutes, a new Gen zero would be minted and they just stopped being minted last February, or last November, excuse me. And then before that, the initial release, that’s something called founder cats, which were cats that they basically put up as like, hey, if you want to support us, we don’t really know how successful or not successful this was going to be. You can buy this cat and then 100% of the proceeds are just going to go into our pocket instead of being split between different avenues. |
Cameron: | On the one side, it definitely sounds like an ingenious way to get funding to keep this project going. On the other, I thought it was an interesting case study in when you see how the cats are being treated after Gen zero, like Gen Zero cats are auction for fairly high values and I couldn’t understand why other than … Is there something about the cattributes that makes them more appealing or do maybe Gen two or three cats with a similar cattributes are equally likely to go for a high price? |
Jesse: | Gen Zeros, new traits will be released through Gen Zero. So the first time you’re going to see a new trait that isn’t coming from two previously bred cats is going to be from a Gen Zero. In addition to that, they … And this is all tied specifically to the tokens, you can find this in the smart contract itself, which is interesting. |
Jesse: | They have certain breeding speeds, so a Gen Zero will be what’s called snappy, which it can breed, let’s just say once every, I think it’s like five minutes or so and then every time it breeds after that with a higher generation, the breeding speed will then slowly decrease over time. So Gen Zeros, if you have like an unread Gen Zero with a somewhat rare trade in it, that’s going to go for more than a bread out Gen Zero that’s a little slower. |
Cameron: | These cats live on the Ethereum blockchain. And I think one of the most interesting things to me about the CryptoKitties is the fact that they show you that digital assets can first of all live on the blockchain, but also it can be managed and shared throughout the blockchain. |
Jesse: | I would just like to clarify one thing. So it’s interesting in that the cattributes live on the blockchain. The breeding speed lives on the blockchain. The token itself is on the blockchain. But the asset, the digital asset, the kitty that you actually see rendered on your browser does not yet. They are looking to transfer that to IPFS, which is the interplanetary file system where people can effectively host assets in or objects in a decentralized way for free. Kind of like what Siacoin’s doing, but Siacoin introduces the whole, hey, I’m going to host this if you pay me. IPFS is kind of like, hey I’ll do it ‘cause I like to contribute to the network. |
Cameron: | And there’s a whole separate conversation going on there about decentralized storage and how it plays in here. But I think you actually just touched on one of the things I was hoping to get to, which is even though you own this cat, like you basically own all of the code that makes up this cat. The way the cat actually looks is still owned by the founding company. And so if someone else came along and purchased that company, they could then change how the cats’ cattributes actually rendered. |
Cameron: | Specifically, like you would want, I believe there’s one attribute that’s like derpy eyes or something. So you’d expect derpy eyes to always look derpy. But the style of the cat, the thing that might have attracted you in the first place, may change as a new owner came in and decided, well, now we want the castle look like this. And then suddenly maybe even the derpy eyes don’t look derpy or as derpy to attract the core fan base. |
Jesse: | There’s two things I’d like to say on that. The first is that they kind of recognize that and an interesting avenue that they’re coming down from a legal perspective with the non-fungible tokens is being able to give you or whoever owns the private keys that hold the actual crypto assets, the entire IP rights to said asset, which is something that they’re pushing down. It’s completely new from a legal perspective. |
Jesse: | The second thing I want to talk about is that because this is all public on the blockchain, there could be some community member for instance that pulls down all of the assets that are related to cryptocurrencies or CryptoKitties, stands up their own website and that interacts with the blockchain and then distributes the cattributes in the same way that was previously done on the main CryptoKitties.Co website. |
Cameron: | I think this has been a great conversation. I know we’re running out of time, so I was wondering if you had any closing advice for anyone who’s interested in learning more about cryptocurrency or how blockchain technologies are going to be playing a bigger role in the future or in our work here at MITRE. |
Jesse: | For me, honestly like CryptoKitties was a great place to start because it was fun. It was kind of like a game and the way that I was introduced to Ethereum smart contracts and interacting with them. Another great resource for Ethereum smart contracts would be CryptoZombies where it’s a step-by-step tutorial of you building your own Zombie game and deploying smart contracts that have your zombies attack and interface with them. |
Jesse: | As blockchain as a whole, I think that reading from a more technical perspective, you want to read Satoshi’s whitepaper. It is a great overview of the whole concept, and then Mastering Bitcoin would be the next, where it gets very granular in what’s actually happening at the protocol level at each of the different silos that go on within what makes up a blockchain. |
Cameron: | And to be clear, this Satoshi white paper, you’re referring to the person who is credited with creating the Bitcoin technology. And Mastering Bitcoin, is that a book? |
Jesse: | Yes. So Mastering Bitcoin is a book. It’s available on Safari Books, and it’s also interesting enough available on GitHub because the that this book came about was that it actually started as a GitHub project. And people would make merger quests about changing little things here and there. So it’s open sourced on GitHub and can also be found through Safari. |
Cameron: | All right. Thank you. I think that’s been absolutely insightful conversation about blockchain and your work with multicurrency wallets, and I really appreciate your time, Jesse. |
Jesse: | Thanks for having me, Cam. |
© 2019 The MITRE Corporation. All rights reserved. Approved for public release. Distribution unlimited. Case number 19-0988
MITRE’s mission-driven team is dedicated to solving problems for a safer world. Learn more about MITRE.
See also:
Interview with Dr. Michael Balazs on Generation AI Nexus
Interview with Dr. Sanith Wijesinghe on Agile Connected Government
Is This a Wolf? Understanding Bias in Machine Learning
A Spin Around the Blockchain—Exploring Future Government Applications