As reported by Bloomberg, Omicron has stressed grocery stores’ food supply chains in two ways. First, the increased virulence of omicron over previous covid strains has led food distributors such as SpartanNash Co. to see a tripling of workers out due to sickness when compared with just a few months ago. The shortage of available labor has also made it difficult for such companies to continue operating at the same capacity. Second, renewed fears of the virus have led many consumers to purchase more food during grocery trips, thus straining demand at the same time as supply is crunched.
2. GameStop Stock Soars 30% After-Hours on Rumored NFT Plans
Gamestop’s stock soared over 30% in after-hours trading today on reported news that it is building an NFT marketplace that will focus on gaming NFTs which represent in-game assets such as avatar outfits and weapons. The company has apparently already hired more than 20 people to work in the new division and is creating partnerships with two crypto companies to co-invest in blockchain games and other NFT technology. Find more info on Yahoo Finance and the Wall Street Journal.
3. Chinese National Pleads Guilty to Stealing U.S. Trade Secrets
Xiang Haitao, a Chinese national who was employed by Monsanto and a subsidiary from 2008 to 2017, pleaded guilty today in U.S. federal court to the charge of conspiracy to commit economic espionage for the benefit of the Chinese government. Xiang was found in possession of copies of a proprietary prediction algorithm used by Monsanto. He now faces a maximum penalty of 15 years in prison. Read the full story on Reuters.
6 Ways to Find New Crypto Projects Before They Go Mainstream
Solana price chart showing the price explosion from just over $2 on January 4, 2021 to over $250 in late 2021
The exponential price curves of many cryptocurrency projects mean that investing in projects even a little earlier can result in a disproportionately larger payoff, but how can you discover new crypto projects when they are still pre-mainstream? In this article, I’ll share 6 strategies to source these early-stage prospects.
1. Follow Crypto Early Adopters on Twitter
The only way to find the earliest of early projects is to hear someone talking about them. Unfortunately, very few people know about such an early stage project (by definition of being so early stage). This means the person talking about that project will most likely be either a founder of the project, an early engineer working on building the project, or someone in the social circles of the project founders or engineers who happens to be a very early adopter of new things.
Fortunately, online communities make it easier to find such people than it used to be.
Twitter is the social media platform of choice for many software developers, startup founders, investors, and technology early adopters. Curate a list of such people who are deeply into the crypto space and follow them. Pay attention to any new crypto projects they mention. You can start with my Twitter list of over 500 crypto early adopters.
Do note that this is not a list of amazing investors or unbiased individuals, so always perform your own due diligence on a crypto project after someone mentions it on Twitter. This list merely represents the “pulse” of the cryptocurrency ecosystem with a wide variety of individuals who are deeply nerdy about crypto and have a history of being very very early in the adoption curve of crypto projects.
2. Use Coinmarketcap Rankings
Coinmarketcap is a fantastic tool for discovering new cryptocurrencies and tokens, and although it won’t necessarily be able to help you find projects quite as early as Twitter, it can still help you discover projects that are quite early stage. In addition, Coinmarketcap is a more predictable research tool than just waiting for someone on Twitter to mention a new token, dapp, or blockchain.
The key to doing good research on Coinmarketcap is to use filters and ranking criteria. For example, in the screenshot below, I have filtered for only tokens issued on the “Solana” blockchain and then ranked from smallest to largest market cap.
Coinmarketcap token listings, filtered to only tokens issued on Solana and ranked from smallest to largest marketcap
Filtering by market cap is a pretty good way to find crypto projects that are still mostly unrecognized. However, the vast majority of these tokens will be either junk or outright scams, so do extremely careful due diligence on such young projects (this warning really applies to new projects no matter where you source them).
3. Go to the Last Page of Coingecko
Coingecko is a competitor of Coinmarketcap, but they don’t list exactly the same tokens so it’s useful to check both. The user interface of Coingecko isn’t quite as refined as that of Coinmarketcap, but I’ve found that a useful way to find new projects is to scroll to the bottom of the list of 100 tokens shown on the first page. At the bottom of that list, there is a selector to go to the next, previous, or last page (as shown in the screenshot below). Click on the last page button (number 123 as of the time the screenshot below was taken). That will take you to very new listings, many of which probably don’t even have available price or markcap data shown. These are your potential gems (or duds) to explore.
Coingecko screenshot
4. Use DappRadar Rankings
DappRadar is a site that provides ranked lists of crypto dapps (decentralized applications) rather than tokens as Coinmarketcap and Coingecko do. However, many dapps have one or more tokens that can be used with them (e.g the Uniswap dapp has the UNI token).
DappRadar allows you to filter dapps by what blockchain they are on and to rank them by the number of dapp users or the total transaction volume of transactions interacting with each dapp over a 24-hour, 7-day, or 30-day window.
One way to use this tool to identify promising crypto projects is to rank projects in terms of number of users over a 30 day period and then investigating dapps that have enough users to show some traction (e.g. at least 100) but not so many as to signal larger adoption has already taken place (e.g. less than 50k monthly users). Within this subset of dapps, you’ll want to look for dapps where the number of users is relatively steady and/or growing rather than super spiky with most days having few users (see the chart below from a real crypto project for an example of “spiky” user interaction that indicates a lack of sustainable adoption).
Dapp adoption chart that doesn’t seem particularly promising for the long term
5. Monitor Early Adopter Discord Servers
Discord can be a good place to hear discussions about up-and-coming new crypto projects. The key is to join the right Discord servers. Below, I’ve put together a starter list of servers with invites to each
Cardano fans server invite (make sure to check out the “folder-servers” section which links to other discord servers of certain projects building on Cardano)
The point of joining e.g. the Solana discord is not to invest in Solana, but to catch discussions or mentions of still-young projects being built on Solana (and similarly for Avalanche, Polkadot, etc).
6. Monitor Crypto Reddit
Like Discord, Reddit can be a useful source of information if you can plug into the right communities. I’ve provided a starter list of crypto subreddits below.
Note that Reddit has significantly less barrier to participation when compared with Twitter or Discord so there are often correspondingly more scammers and bots that you’ll need to filter out to find true investment gems.
Each venture capital (VC) fund has its own particular strategy for selecting startups to invest in. Some VC funds only invest in startups within a particular industry vertical. Some only invest in startups which have founders that fit a certain experience or demographic profile (e.g. founders who have already successfully exited a previous startup or founders who are female). Many VC funds also specialize in startups of a particular maturity, such as startups that have already raised at least $10 million or startups which have raised less than $5 million so far.
A “first check” venture capital fund is an investment fund that invests in very young startups which have not yet received any other outside investment. In other words, the VC fund’s investment money will be the “first check” to be deposited by any investor into the startup’s bank account.
This type of first check funding is also called seed funding.
Since each fundraising event is a hurdle that many companies never past, there is much more demand from early-stage startups and founders for first check venture capital funding than for later funding, yet the risk for first check investors is also significantly higher than for later VC investors.
For the ambitious founder, this often means finding that critical first check investor can be difficult. For the ambitious fund manager, this often means there is a significant opportunity for above-average performance if you can develop a system for predicting success of very early-stage startups within a particular niche. This is particularly the case now as evidenced by the fact that from 2006 to 2018, the total percentage of institutional VC funding going towards first checks dropped from 19.7% to only 9%, meaning the relative competition for first check investors is less than half of what it was roughly a decade ago.
What is the Dollar Amount of a First Check Investment?
The amount of a first check investment varies significantly from one VC firm to the next and from one startup to the next. On the low end, VCs such as Great North Labs invest as little as $10k while other first check VC funds write multi-million dollar checks. Most typically, however, first checks from VC funds tend to be in the range of $25k to $300k.
When Does a C-Corporation Have to File its First Tax Return?
If you formed a C corporation in the United States, then your corporation will need to file an annual federal tax return. However, whereas an individual person or even an LLC must generally file their federal tax return for each calendar year, a C corporation has the option to use a tax year that doesn’t correspond to the calendar year. So how do you know when a C corporation has to file its first tax return?
A newly formed C corporation may choose as its tax year any period of 12 consecutive months that ends on the last day of a month, and the corporation must file its first federal tax return for that tax year by the 15th day of the fourth month following the end of that tax year.
Importantly though, the first tax year is often shorter than a full year since the company’s first tax year effectively begins on the day the company was incorporated (which is probably not the first day of a month) rather than the start of the chosen 12 month period, and the first tax year ends the first time the chosen ending month comes around.
For example, if you form a new C corporation on July 10 and choose a tax year that ends in August, then your first tax year would be one month and 21 days, ending August 31st of that same calendar year. The corporation’s federal tax return would then be due December 15 of that calendar year.
As a second example, suppose you form a new C corporation on September 20 and elect a tax year that ends in August. Then the corporation’s first tax year would be 11 months and 10 days long, ending on August 31st of the next calendar year, and the corporation’s first federal tax return would be due December 15 (also of that next calendar year after the company’s incorporation).
Corporate Tax Year Exceptions
In certain situations such as if a corporation is a consulting, accounting, or other company that primarily sells the services provided by employee-owners, then the corporation may have to use the calendar year as its tax year (see IRS publication 538 for details if you think you might fall into this category).
State Corporate Income Tax Returns
The situation for state tax returns is unfortunately more complicated than it is for federal tax returns. Firstly, different states have different deadlines, with some allowing for a choice of tax year that respects your federal choice of tax year and others not. Secondly, some states treat corporations differently depending on whether the corporation has a physical presence (e.g. a rented office, an employee, etc) in the state or if the corporation is only incorporated in the state. Finally, different states sometimes use different terminology for taxes and tax returns that are similar to income tax returns.
For example, Delaware imposes an “income tax” and a requirement to file an “income tax return” only on corporations that have a real presence in the state, and that return must be filed according to the same deadline as the federal tax return. However, Delaware also imposes a “franchise tax” on all corporations incorporated in Delaware, whether or not those companies have any actual presence in the state, and that tax must be paid along with a filed “annual report” by a different deadline which does not depend upon a corporation’s federal tax year.
The corporate filing deadlines for five of the most common states for incorporation are summarized in the table below.
State
Filing Deadline
Additional Info
Delaware
March 1 (for Franchise Taxes & Annual Report)
Same as federal deadline (for corporate income tax & corporate income tax return)
Note: Delaware’s corporate income tax only applies to corporations with a real presence in the state, whereas its franchise tax applies also to all corporations incorporated in the state.
Note: Washington’s “business & occupation” tax is actually a “gross receipts” tax and is levied against the entire revenue of a corporation rather than just its net income
Florida
The later of:
1. For tax years ending June 30, the 1st day of the 4th month following the close of the tax year, or for all any other tax year, the 1st day of the 5th month following the close of the tax year.
and
2. The 15th day following the federal due date (without extension)
The purpose of a digital signature is to give the receiver of a digital message reason to believe that the message was authored by the person claiming to have sent the message. In addition, digital signatures can be used to provide provable non-repudiation — that is, a digital signature makes it statistically impossible for the author of a signature to simultaneously claim that they didn’t author the message attached to the signature and that the author’s private key is not known by anyone but the author.
To produce and use a digital signature, you need a digital signature scheme.
Definition of a Digital Signature Scheme
Diagram showing the three algorithms that together constitute a digital signature scheme
A digital signature scheme consists of three algorithms:
A key generation algorithm (“G”). This is a probabilistic algorithm (a probabilistic function) that selects a private key uniformly at random from a set of possible private keys and then returns both the selected private key and the unique public key which corresponds to the selected private key.
A signing algorithm (“S”). This is a probabilistic algorithm which takes as input a message (i.e. a binary string) and a private key, and which produces as output a signature.
A signature verification algorithm (“V”). This is a deterministic function that takes as input a message, a public key, and a signature, and which returns either ‘true’ or ‘false’. V outputs ‘true’ if the signature was produced by inputting to S (i) the message passed to V and (ii) the private key corresponding to the public key passed to V. Otherwsie, V outputs ‘false’. (In simpler terms, the algorithm V either accepts or rejects a signature’s claim that the owner of the specified public key actually authored the message.)
In practice, for purpose of dealing with variable length messages, digital signature algorithms typically deal with the hash of a message rather than with a message directly. Because of this, there is some nonzero probability that two messages hash to the same message digest, and therefore there is a nonzero probability that the signature verification algorithm will return a false positive.
Complete Example: The Digital Signature Algorithm (DSA)
The Digital Signature Algorithm (DSA) is a standardized digital signature scheme. There are variations of DSA that use different parameters, but for simplicity, we will only consider a single version.
DSA relies on several parameters that are shared by all users of the system:
H is the cryptographic hash function SHA-256
L = 3072 is the public key length (in bits)
N = 256
q is an arbitrary N-bit prime number
p is an arbitrary L-bit prime number such that p-1 is a multiple of q
h is an arbitrary integer from the range {2, … , p-2}. Commonly h=2 is used.
g = h(p-1)/qmod p. In the rare case that g = 1, choose a new value for h and try again.
The parameters (H, q, p, g) characterize the version of DSA used and can be shared by everyone.
Key generation algorithm
Each user of the system must use the following key generation algorithm to obtain a private key and a public key:
Choose an integer x randomly from {1, … , q-1}
Compute y = gx mod p
x is the private key of the user, and y is the public key of the user. Each user can perform this algorithm on their own and then share their public key with all other users of the system while keeping the private key private.
Signing algorithm
Given a message m (represented in binary and interpreted as a number), it can be signed by the user with private key x as follows:
Choose an integer k randomly from {1, … , q-1}
Compute r = (gk mod p) mod q. In the unlikely case that r = 0, start again with a different random k.
Compute the message hash d = H(m)
Compute j, such that (kj) mod q = 1. j is called the modular inverse of k.
Compute the message hash d = H(m)
Compute s = ( j(d + xr)) mod q. In the unlikely case that s = 0, start again with a different random k.
The digital signature is the pair (r, s)
Importantly, it is computationally infeasible to create a fake signature without access to x, the private key of the message’s author.
Signature verification algorithm
Anyone can verify that a signature (r, s) is valid for a message m as follows:
Verify that 0 < r < q and 0 < s < q
Compute w, such that (ws) mod q = 1 (i.e. compute the modular inverse of s)
Compute u1 = (H(m) • w) mod q
Compute u2 = (wr) mod q
Compute v = ( gu1 yu2 mod p) mod q
Return ‘true’ (indicating that the signature is valid) if and only if r = v
For more details on the properties of DSA and the different versions of it, you can check out the original patent by an NSA employee or the official, standardized algorithm adopted by the U.S. government, FIPS 186-4.
For those of you interested in crypto, Ethereum uses a modified version of DSA called the Elliptic Curve Digital Signature Algorithm (or ECDSA). The math used by ECDSA is a bit more advanced than the math for standard DSA, but the strength of the security of ECDSA is better by an impressive margin.
Why Cybersecurity is an Evergreen Investment Opportunity
Sometimes I talk with an investor who has the opinion that consumers’ increasing complacence around their online privacy and security means that cybersecurity is an industry with relatively muted upside compared with other areas of tech. However, the primary customers of the cybersecurity industry are businesses, not individuals, and the number of high-profile cyber incidents in 2021 has been noteworthy (e.g. the Colonial Pipeline ransomware attack, the log4j vulnerability, and a $600 million theft from the crypto platform “Poly Network”, to name just a few). This motivates the question: is cybersecurity a good investment?
Legal compliance, brand image, and theft prevention motivate almost every medium and large company to purchase cybersecurity services. Every technology advancement results in more complex systems that generate a need for even more advanced cybersecurity tools, which means cybersecurity is a good long-term investment.
Consider the situation from first principles. Cybersecurity is security for software systems. Software systems are built using modular design. Every module in a software system has the potential to compromise the entire system’s security if the module is itself insecure or if it is incorporated into the system via an insecure attachment method. That means that a software system’s potential to have a security flaw might scale roughly linearly with the size of the system’s codebase. However, that is the smaller problem. The larger problem is that every module or composite piece of software has the potential to interact with other modules or pieces of software, even if the two aren’t really intended to be used together. The number of interactions between pairs of modules grows polynomially with the number of modules, and the number of joint interactions among arbitrary sets of modules grows exponentially with the number of modules. In non-math terms, this essentially means the number of ways a security flaw can be introduced into a software system grows even faster than the size of the system itself.
The essential conclusion of this reasoning is that as long as we have continuing technology innovation, there will be a need for more innovative cybersecurity services that grows at least as quickly. And as long as we have capitalist markets, that dynamic will translate into an opportunity to profitably invest in the future of cybersecurity.
