Blog > Economics

Open Source

By Craig Wright | 24 Jan 2020 | Bitcoin & Blockchain Tech

The real need for open-source software has been hijacked by a political agenda. I did not create Bitcoin as open-source software because I believed that software should be free. Rather, as one of the most highly qualified security professionals at the time, I understood the basic rules of cryptography lay in open algorithms. As a result, I created Bitcoin in a way that it would be secure.

Beginning with Auguste Kerckhoffs in 1883, a principal of open analysis has been formed in the cryptographic analysis of protocols and the maintenance of secrets. Kerckhoffs’ law is that a well-designed cryptographic system should be constructed so that only the key needs to be secret. There should be no secrecy in the algorithm. The alternative lies in proprietary software or what is otherwise known as security by obscurity. In general terms, it is snake oil. Without public review, vulnerabilities in the security of software products allow attackers to subvert and compromise the system.

Unfortunately, many with agendas have subverted the need for open-source software and claimed that it was related to free software. There is a major difference between software that is free and software that is open source. Open source refers to the ability to analyse source code and ensure the integrity of the system in recent years. Those with political agendas have engaged in the truly Orwellian attempt to subvert the nature of such a system in an attack on copyright and property rights in general.

If an author decides to release software freely, that is, as freeware, doing so remains his or her right. But, it is essential that security software can be analysed and vulnerabilities found quickly. In the past, I worked for several organisations, including antivirus organisations, that would employ me or contract me to reverse-engineer both packers and malicious code. Source code itself cannot be fully hidden. So in not releasing code, you slow down yet do not deter the analysis of the system vulnerabilities. In so doing, you asymmetrically incentivise the attacker. The honest analysis of code works best when the code is openly available.

When code is released as part of a proprietary system, without access to the source code, the result is a system that is fragile. It requires more secrets to be kept. Bitcoin is an open protocol. To be analysed and for people to build on top of it, the primary system requires openness. Openness does not make it non-commercial. Rather, it allows commercial organisations to build.

Kerckhoffs’ principal does not specify open-source software because it came about before the implementation of software at all. Rather, it requires that algorithms are public and can be analysed. Having said so, in order to make security independent of the secrecy of keys, we need to allow peer review. Cryptography is hard. Bitcoin itself is hard. And nearly every cryptographic system that has ever been created is insecure and has a vulnerability. To solve the dilemma, we require the cryptographic community to analyse systems and find vulnerabilities. Without easy access to review code, we only find those who are incentivised to maliciously attack the code. Removing source code does not stop such individuals and organisations, it only makes it more difficult for the honest analyst. The fewer secrets a system has, the more secure it can be.

Bitcoin is not designed to deliver free software, it is designed to be an open protocol that any organisation can build upon and create commercial applications on top of. Its design required the use of open-source software. Bitcoin is anything but anti-capitalist. It works with law, and it doesn’t enable the anti-government, anarchist view of a collapsed society.