Author: mourouzis

Initial Coin Offering (ICO): Advices to Minimise Failure



Initial Coin Offering, or commonly known as ICO, is a form of crowdfunding or fund-raising activity based either on established cryptocurrencies such as Bitcoin (BTC) and Ether (ETH) or fiat currencies. Startups that are incorporating coins into their product’s design, are using ICO as a method for capital raising since it is easier and more efficient, bypassing in this way the rigorous, time-consuming and regulated processes required by venture capitalists and banks. An advantage of this method is that it allows a team to focus more on their product rather than marketing and pitching to investors, which usually takes a high percentage of time.


ICO campaigns extend over a period of a week or more, in which potential investors are allowed to purchase company’s coin (analogous to shares). During the campaign, investors buy the company’s coins and this purchase is executed as a form of smart-contract, that is equivalent to shares’ acquisition agreement. If the company does not raise the minimum funds required, the money should be returned to the backers, while if it is successful the money is transferred to the company for carrying on with product’s development. This is encoded and secured via a smart contract and the data should be publicly available for transparency.

As of May 2017, it is claimed that over than $380M have been invested into ICOs. It worths to mention that cryptocurrency ecosystem is experiencing a tremendous rise, with Bitcoin market capitalisation growing from $11B to $47B in one year. Many startups follow the ICO direction for fund raising by advertising mainly a whitepaper and a coin dependent on a small (initially) network of nodes running the underlying infrastructure of their Blockchain.

Below we summarise some key points that startups planning to go through ICO should pay some attention.


  1. Whitepaper: Aim to develop a whitepaper that is clear, consistent, of well-explained content and clearly explains the technical details of the product. Don’t leave room for disputing the underlying technology and make sure have the answers to the majority of the expected questions.
  2. Ensure that the incorporation of a coin into your product follows naturally. If you just plug in the idea of a coin in order to go through the ICO way, it is wiser to seek for traditional fund-raising ways.
  3. Ensure that your technology is correctly chosen and implementable, in terms of which Blockchain framework to select. Address all issues of scalability, fault-tolerance, security, efficiency, latency and transparency for your proposed architecture.
  4. Ensure that you are in a position to answer in fully requests regarding where the assets are going to be stored, if they are going to be secured and how they will be secured.

Community and Advisors’ feedback:

  1. Aim to receive sufficient feedback from experts within the community before you publish the whitepaper. Such feedback can be obtained by publishing posts and ideas in various channels/forums such as Reddit, Bitcoin Talk Forums, Bitcointalk or even social media such Facebook, Twitter and LinkedIn.
  2. Form an Advisory Board and bring in people from both Industry and Academia that have experience in Blockchain technologies and Cryptocurrencies. Ensure that this team can advise you on technical, business development and marketing/sales issues.
  3. Attend conferences and workshops such as Consensus, Blockchain Expo, Blockchain and Smart Contract in order to have direct access to experts’ opinions.

Legal Issues & Transparency:

  1. Be as transparent as possible with your intentions, stages, milestones and coins/funds allocation, especially for the founding team.
  2. Ensure that the legal framework is fully defined and leaves no room for disputing. Hire (or partner with) a lawyer if possible in order to make sure you don’t break the law.
  3. Use the funds in an efficient way and explain step-by-step how you plan to spend them for product development.
  4. Be open and transparent to community’s requests.
  5. Protect your investors. Keep investors’ terms very clear and ensure that there is a process in place for returning the funds to the investors in case the ICO is not successful. A de facto requirement has become the collection of all funds in a multi-signature escrow wallet with all the names/key-holders announced to the public. Some of this keys are held by people uninvolved in the project so that any conflicts of interest are minimised.
  6. Keep transparent the ICO framework as many investors are cautioned to be wary with ICOs as some of them might be fraudulent due to lack of regulation by financial authorities.

Professionalism and Planning:

  1. Define the vision/goals of your product/idea and clearly communicate it to the community and potential investors. Never overpromise, over-plan or oversell your idea.
  2. Meet the deadlines and milestones as listed in the initial project plan or whitepaper. This will show that you are trustworthy and you have seriously planned the project idea from the very beginning.
  3. Ensure that there is a market need for your product and that you really solve a real-world problem. Never create new or more problems.
  4. Ensure you understand technical, business development and marketing related details of your product.

* Dr Theodosis Mourouzis is a Program Director of MSc in Business Intelligence and Data Analytics at Cyprus International Institute of Management (CIIM), Research Fellow at UCL Centre of Blockchain Technologies (London,UK) and Advisor at BitJob (Tel Aviv, Israel).


Password Security: Insights derived by analysing publicly available datasets



Despite the deployment of several methods of user-authentication, e.g. keystroke analytics, biometrics , hardware tokens etc, a simple password-based scheme is still the primary means of authentication for many applications.

The strength of the passwords heavily depends on the users to select a strong enough password resistant against several attack models such as dictionary and brute-force attacks. Precisely for this reason, the industry has developed several password best practises to ensure passwords of sufficient quality by requesting from users to comply to certain rules such as selecting passwords of at least of length 8, mixing upper and lower case letters, including digits and special characters and avoiding words that could be found in dictionaries or personal information.

We have studied the distribution of passwords of four well-known datasets, MySpace (2006), phpBB (2009), RockYou(2010) and Xato(2015), released at different chronologically order in order to answer the questions: “Do users learn from past mistakes?” and “Do they move towards more secure password selections”?

Xato dataset represents a collection of passwords from the period 2000-2015 and it is used mainly for understanding the overall performance of the selection process. For the other three datasets we assume that they represent users selecting passwords at different chronological orders.

In our study, we assumed that password datasets released at different chronological order could encode the trend of users selecting passwords in this period. In order to examine if there is any progress in the selection process, we have computed the distances of the four datasets from a list of known bad passwords using the Levenshtein distance as  a metric.

Figure 1 shows that the mean of the distribution is increased which implies that there is some improvement in the selection of passwords shifting away from bad password selections.


Figure 1

During our research we have identified also some other very important facts:

  • Digits are not treated equally likely, with 0,1,2 being the most preferred digits in password selections. We have observed that the rest of digits are treated equally likely.
  • Same applies with special characters, with some characters such as @,#,.,space,!,*,- being the dominant one, while the others very rarely used.
  • In addition, we have seen that many users provide as passwords, their emails registered in other service providers. We have verified this for all datasets of our interest. We have comprised a big enough list of emails by just inspecting these four publicly available datasets.

More details about this research will be published very soon.

* This research was conducted by Dr Theodosis Mourouzis, Dr Kyriacos Pavlou and Dr Stylianos Kampakis.












Blockchain technology for Algorithmic Regulation And Compliance (BARAC) project receives funding from the UK Research Council


The Blockchain technology for Algorithmic Regulation And Compliance (BARAC) project, received a funding of 600,000 GBP from the UK Research Council, in order to investigate the feasibility of using Blockchain technology for automating regulation and compliance by producing a proof-of-concept platform and operating knowledge transfer by means of a bottom-up cross-disciplinary approach developed together with industry and regulators.

Blockchain is considered as a disruptive innovation for regulation and has attracted an increasing interest from the financial industry. This technology has potential to improve efficiency, augment security, simplify compliance and increase settlement speed, transparency and verifiability while preserving privacy and anonymity. Blockchain is widely used in areas such as smart contracts and it is considered to be applied to many other areas such as digital voting,  identity use cases and many others.

The Cyprus International Institute of Management (CIIM) and the Cyprus Securities and Exchange Commission (CySec) participate in the research consortium of BARAC project that consists of other well-known universities such as University College London (UCL), the UK Regulators (Bank of England, HM Treasury, Financial Conduct Authority), players from the Financial Industry (Barclays Bank, RBS, HSBC, R3 Consortium), players from the technology sector (British Telecom, ATS) and several law firms.

The role of CIIM would be to facilitate the transfer of knowledge of Blockchain technology to several stakeholders, as well as, working closely with the CySec in order to demonstrate that Blockchain technology can be used to acquire and record financial activity data and to securely retrieve them for regulation and compliance purposes. CIIM will participate to the project with a team consisting of Dr Theodosis Mourouzis, Dr George Theocharides and Dr Kyriacos Pavlou.

Possible Consequences of Brexit on the FinTech Industry

Financial Technology (FinTech) is an economic ecosystem or industry consisting of companies, mainly startups, that employ technology in an innovative way in order to improve the way that financial services operate, e.g. payments and transfers, auditing, contracts, policy enforcement, investments, insurance, wealth management and many others. The members of this ecosystem employ technology in an innovative and disruptive way, challenging directly traditional corporations that do not take full advantage of the emerging digital technologies.

FinTech is considered as one of the most promising industries and it is proven that it has the potential to lead to direct innovation and even to new paradigms such as applications of Blockchain technology, appeared first in the Bitcoin infrastructure for storage and process of transactions, in order to automate processes in financial services and improve upon the speed of payments and enhance the transparency of transactions (via Bitcoin public ledger). Such technology could lower the cost of many financial activities to near zero and especially for big banks that currently face high operating costs and complexities.



The opportunity for FinTech startups is massive by considering how pervasive financial services are and thus they can play a catalytic role in the transformation from an old-fashioned era where tasks are handled with paper money, human interaction and bulky computers to an automated way based entirely on digital interfaces. Financial services realised the added value and precisely for this reason they invested a lot in this sector.

Global investments in FinTech space increased more than twelvefold from $930M in 2008 to more that $12B in 2014 and it is projected to attract approximately $20B in funding by 2017, according to estimates of Statistica. A great example is the Bank of England that has invested in the development of a new digital currency – cryptocurrency, named RScoin, in order to investigate possibilities of adoption of a digital currency for faster payments and transparency issues regarding transactions.

The economic benefits from the FinTech industry are undoubtedly numerous. The catalytic impacts are the potentials to unleash a new era of innovation, creativity, competition, more efficiency, better customer experience, team-work and job creating opportunity. The improvements in current technologies provide us the ability to capture and process data in real-time leading to data insights and patterns that could be used in improving the decision making and business intelligence strategies of organizations.

Business benefit a lot from such technologies and especially small and medium sized enterprises (SMEs) that are crucial for economic growth. Additionally, such startups help governments to solve unemployment issues since they generate more job opportunities. Furthermore, not many resources are required in the initial stages and the only resources required are solid knowledge about technology tools, understanding the state-of-the-art in the technology space, software development skills, commitment and being in position to partner with people that share the same mentality and passion for creativity and innovation. At a later stage, there are many funding available plans provided by the EU that is investing a lot in technology and innovation.

At the moment, London is the highest funded city in the EU for the last 10 years and its mission was to develop this ecosystem for the benefits of EU and the world in general. It was invested about $1.5B in EU in this space, with London-based companies receiving approximately $540M. As a result of this investment, we had the rise of numerous startups in London that improved many domains, especially in payments and investment management, such as TransferWise and Nutmeg. In particular for UK, investment in British startups (including internal investments also) has soared almost 14-fold (c.f Figure 1) according to Accenture Plc. That proves that society and business have realized the added value from FinTech.



                                                                              Figure 1

London is considered as the Europe’s startup capital, like Silicon Valley for US, and many Europeans have moved to London in order to pursuit their entrepreneurial dream and join the FinTech ecosystem. As a result of this, London has attracted the best talents of Europe and it has a great pool of highly skilled people from different countries, working to boost up its economy.

However, the benefits are not only for the economy but also for the society and world in general, as in this way team working and multi-culture on which European Union was built on, lead to the promotion of peace and prosperity.

On the 24th of June 2016, on the referendum regarding “Should the UK remain a member of the European Union or leave the European Union”, the majority has voted for opting out. Undoubtedly, this opt-out might have negative consequences on the FinTech ecosystem from many perspectives and many prominent CEOs and entrepreneurs expressed their deep disappointment.

Just hours ahead of Brexit, entrepreneurs activated in FinTech stated that Britain just threw away the advantages it has built in the new industry by leaving the EU. Moreover, Daniel Dodelrlein, cofounder of AUKA, sated that a Brexit would be like shooting oneself in the foot for the FinTech ecosystem. Brett Meyers, CEO of CurrencyFair, considering also long-term geopolitical consequences, stated “It’s the kind of thing we might look back on in 10 years when Europe or the world is at war, and we wonder where it all went wrong … in one of those signs of the world pulling apart rather than coming together that triggers other more negative events”.

Taavet Hinrikus, CEO and co-founder of TransferWise, stated, “Today, London is the global FinTech capital – that’s at risk” and many executives in the space stated that a Brexit means firms might have to leave London and shift their operations in another EU country, more possibly in Frankfurt, Berlin, Dublin or Malta. For Cyprus, it seems a good opportunity to start thinking in investing in this space since the development of such ecosystem will attract funds that can lead to the improvement of our economy and contributing in solving our big issue of unemployment. Cyprus seems a really good place for developing such an ecosystem mainly due to its security, being a member of EU, political stability and high educational level.

According to the research firm William Garrity Associates, this divorce might be catastrophic for the FinTech industry, resulting in a loss of $5B in investment over the next five years. It seems that the promising story of London as a startup hub for EU might end unhappily. This uncertainty and complexity of the market might kill many startups mainly because of their limited resources to survive. The trade and regulatory benefits that have made London a hub for financial services would be threaten after the exit from the EU.

The idea of a Union is a direct benefit for startups since they can save financial resources and time by getting licensed in one EU nation and exporting their products across the Union in a relatively easier way – “passporting” rules.

An exit from EU might also affect the talent pool of London, making it harder and more expensive to attract since there might not be free movement of people in EU, which will be a massive issue for business. Currently, FinTech industry employs 61,000 people, 5% of the total financial services workforce and a very high percentage consists of Europeans not born in UK. At the moment UK is larger than rival tech-hubs in New York, as well as Singapore, Hong Kong and Australia combined. Thus, London will not benefit anymore in attracting talent if free movement within EU is not permitted in the future.

On the other side, supporters of Brexit, state that an exit from EU, will help the development and employment of more tech-friendly regulations tailored made on UK, avoiding European bureaucracy. However, this is just one factor – that even if it is true- there are many more arguments on the negative direction that indicate negative consequences on the industry – mainly the problem of talent pool.

Lastly but not least, the idea of EU is a union of countries that work collaboratively in promoting peace and setting up common frameworks for prosperity and development. Such opt-outs might lead to other geopolitical consequences in the future and might affect the world order and stability.

Reference Implementation for NSA ciphers

In July 2013, a team of researchers in NSA has published two families of ultra-lightweight block ciphers, called SIMON and Speck, which both comes in a variety of key and block sizes. The ciphers follow the ARX strategy where a simple round function is applied for a large number of rounds and this round function consists of very simple and light bitwise operations.

We have published a basic reference implementation of both SIMON and SPECK ciphers with block size 64 and key size 128. The basic reference implementation in C++ and the generator of equations for algebraic attacks can be found in the following link: