Why you can’t have backdoored crypto that is secure

By Kurt Seifried, Chief Blockchain Officer, CSA

So as you have probably seen some parts of the US government are again making noise about end-to-end encryption.

We’ve seen this before (clipper chip, key escrow, etc., etc.). The new twist is that they appear to be trying a thin end of the wedge approach, banning end-to-end encryption in consumer applications (like Whatsapp, Signal and so on) but large corporations will be allowed to have end-to-end encryption to protect their systems. 

Let’s ignore the whole consumer vs. corporate argument for a minute (does the CSA qualify? Would we be allowed to have internally secure communications? What about small and medium businesses? What about people who are self-employed?). 

So in order to be effective against an attacker that steals your laptop or cell phone, the encryption system also needs to be effective against a nation-state that takes (e.g. at the border, legally) your laptop or cell phone. Is this a lawful matter with a warrant and judicial transparency? Or is this part of a widespread crackdown by a repressive regime on pro-democracy supporters? Security can either be controlled by the end-user(s) involved in some specific communication/data processing, or it can also be controlled by some third party (e.g., the data processing platform). If a third party is involved, then that third party can choose to reveal the data without consent or even knowledge in most cases of the end parties, due to a lawful warrant, or because they decided to monetize your data and sell it to advertisers. Once you lose technical control of your encryption and privacy you are at risk of a number of attacks, ranging from bribery and theft from the third party to that third party going bankrupt and your data assets being auctioned off to the highest bidder. 

This is why the CSA is actively exploring and engineering Blockchain solutions that involve end-to-end privacy and technical controls that are placed in the hands of the end-users, because anything less is just a data breach away from failure. 

You can read more about Blockchain in CSA’s uses cases research report here.

Interested in reading more about Blockchain from the Seifried Files? Continue the series here.

How Blockchain Might Save Us All

By Kurt Seifried, Chief Blockchain Officer, CSA

I’ve been seeing a lot of articles claiming that Blockchain will save us from hackers, and ransomware, and all sorts of other Cyber-Shenanigans. So… will Blockchain save us all? Yes, well . . . sort of, it’s complicated. Let’s start with a story:

The evolution of web bwosers

Web browsers. Through the 1990’s and 2000’s the web browser became a dominant piece of software. Through the late 2000’s the dominance of JavaScript became obvious, with high speed Internet it became possible to deliver multi megabyte web pages (currently cnn.com is 1.4 megabytes, YoutTube is 1.9 and even the “lean” front page of google.com is 0.45). But the performance of running JavaScript in the web browser… well let’s be honest. It was becoming awful. So awful in fact that it was beginning to impact Google, who wanted to deliver rich web pages and services using JavaScript, but… the experience was so slow and awful people were getting turned off of it. Now if you’re the scale of Google the solution is simple: you engineer and release a really fast web browser with a really fast JavaScript engine (V8).

This has two main effects:

  1. It gives people a choice of a fast web browser and…
  2. It shames all the other slow web browsers into improving, or being so bad that they get left behind. 

…and the evolution of Blockchain

I can’t help but feel that Blockchain is sort of having the same effect. For example backups. A critical component of information security is having backups. Without backups you can’t recover from an attack to a known good state very easily (even if the attacker didn’t delete records did he modify any? Do you have anything to compare to?). Blockchain solves the backup problem in two simple ways: everyone has a full copy of the data if they want, and the data itself has protections that will show if it was tampered or modified. Even better I can be reasonably certain I have ALL the data and that it is up to date (it’s 3am, do you know if your backups are up to date?).

When it comes to ransomware the biggest problem we see again and again is that the data that got encrypted is now effectively gone because nobody has a proper backup of it that can be recovered easily, if at all. Now to be clear I don’t think we should switch every data storage medium over to some Blockchain based version (I also don’t think Bitcoin is going to suddenly replace the world’s banking system), but I do think we should maybe ask “why can’t we have some of the benefits of Blockchain in our other data storage and processing systems?”

You can read more about Blockchain uses cases in CSA’s latest research report here.

Interested in reading more about Blockchain from the Seifried Files? Continue the series here.

Sidechains, beacon chains and why we shouldn’t give up on Blockchain performance quite yet

By Kurt Seifried, Chief Blockchain Officer, CSA

If you’ve been in IT you’ve probably learned one of the simple lessons:

Scaling out is hard and can be expensive, but scaling up is easy and even more expensive. In simple terms if you can scale out you can keep costs down, ideally at a linear growth rate (e.g. handling twice as much web traffic by simply buying a second server). Scaling up is often easier, you want code to run twice as fast, simply get a computer that has a much faster CPU (both capability and clock rate wise), but scaling up quickly hits boundaries (like what’s the fastest single system you can buy). What usually ends up happening is you try to identify as many spots as possible where you can turn serial operations into parallel operations, and do them not only on multiple systems, but at the same time. 

Scaling for Blockchain

Blockchains are no different. The majority of current Blockchain technologies are sold as decentralized and massively parallel, and they are. But while most current Blockchain technologies create multiple blocks at the same time, only one block is picked or “wins consensus” at which point all the other work is thrown out, and a new block is started on (so not very efficient). Bitcoin is an extreme example with each block taking about 10 minutes to create. So despite having millions of systems mining for a valid Bitcoin it can only do a total of 1 block every 10 minutes (worse, this is a chosen value for a variety of economic reasons, in other words an arbitrary limitation that probably won’t change much in the future). Even if you are mining large blocks to improve throughput this 10 minute creation time introduces a major amount of latency; payments that are processed on the main Bitcoin Blockchain take at least 10 minutes to clear and sometimes longer. Imagine trying to use a Bitcoin payment system at the supermarket and having to wait 10 or more minutes for the payment system to tell you if the payment went through or not before you can leave with your groceries. The technology and choices used by the Ethereum Blockchain are better, with blocks taking 10 to 19 seconds to create, but this is still a lot longer than most electronic payment systems take to process and approve a payment. 

Using Side Chains (or shared chains)

The obvious solution is to not only allow for more parallel block creation but to pick more than one winner. There are a number of names for the various strategies here but they are often referred to as side chains or shard chains, or more technology specific names like Ethereum’s “beacon chain” proposal. As you can see from the diagram below the beacon chain is a non trivial matter, if you want to understand it there are a number of good write ups on it.

Ethereum 2.0 overall architecture. Original diagram by Hsiao-Wei Wang.

So yet again we have a classic bad news/good news situation. The bad news is that the current Blockchain technology doesn’t scale very well, typically has high latencies, and low throughput. The good news is that the fundamental concept of Blockchain (an immutable distributed ledger technology with distributed consensus mechanisms) is good, and people are working on the scaling, latency and throughput, and more. 

Interested in reading more about Blockchain from the Seifried Files? Continue reading the blog posts in this series here.

On-Chain vs Off-Chain governance. What are the rules to Calvinball?

By Kurt Seifried, Chief Blockchain Officer, CSA

If you don’t know what Calvin and Hobbes is you can skip the next bit, but it is amusing. 

Calvinball is a game invented by Calvin and Hobbes. Calvinball has no rules; the players make up their own rules as they go along, making it so that no Calvinball game is like another.Rules cannot be used twice (except for the rule that rules cannot be used twice), and any plays made in one game may not be made again in any future games. The game may involve wickets, mallets, volleyballs, and additional sports-related equipment.

If you are familiar with Blockchain governance then the rules to Calvinball may sound eerily similar.

Anytime we build a complex system it will need to be governed by rules. This is especially true for any complex system that involves humans and may need to be modified in the future. In effect, you will not only need rules to govern the system, but rules to govern the rules governing the system. Do you require a 51% majority vote to make a change? How many voters have to participate for a decision to be valid? What defines a voter? What defines a vote? How long are votes held for, how are they announced, who is allowed to initiate a vote? 

This was the part where I started discussing on-chain vs. off-chain governance models and various technical aspects of them. But I realized it doesn’t matter that much, ultimately what it boils down to is a few core questions:

  1. Where are the rules defined?
  2. How are the rules changed?
  3. Who enforces the current rules?
  4. How do you create consensus?
  5. How do you handle disagreements?
  6. How do you build the incentives to support the above?

Whether or not this happens on chain or off chain we have one ultimate question: How do you build the incentives to support the above? Do you give the miners power? The holders of the tokens? The governance board for the Blockchain? 

In general when it comes to building consensus and handling disagreements the least worst solution we have found is democracy, people vote, feel heard, and hopefully both the winners and the losers accept the results and continue on with their lives. When people refuse to accept the results we have problems, for example a Blockchain with a significant and passionate group that is  opposed to a change may hard fork, effectively taking their ball and going elsewhere with it. Alternatively I have seen Blockchains attempt to create safety valves, for example allowing people who disagree with a change to close out their position and exit the market in an orderly manner, minimizing the chances of a hard fork. 

Because ultimately Blockchain and any complex system that relies upon network effects to create value must foster and encourage consensus between the participants or else it risks pushing people away, and it’s not like there aren’t hundreds of other Blockchain projects people can participate in.

Interested in reading more about Blockchain from the Seifried Files? Continue reading the blog posts in this series here.

Facebook Project Libra – the good, the bad, the ugly and why you should care

By Kurt Seifried, Chief Blockchain Officer, CSA

So you’ve probably heard by now that Facebook will be creating a crypto-currency called “Project Libra” and if you haven’t well, now you know.

So first let’s cover what is good about this. Facebook has announced Project Libra as a Stablecoin, its value will be pegged to a basket of stable “real world” currencies (I’m guessing something like a mix of USD, Euro and Yen), so speculation won’t really be a thing. Lessons from other stablecoin launches have clearly been learned by Facebook, this one will be using OpenSource technology, it will actually be “owned” by the “Libra Foundation” which is headquartered in Switzerland. We already have the typical mix of white papers talking about the Libra blockchain, the on-chain software that will be used to enforce the chain governance, rules, smart contracts and so on. As is typical there’s not an actual running production instance, just the test network, and the software hasn’t yet been formally audited or put through a formal verification process, but it will be. Essentially Facebook is using every signal possible to show this as a legitimate and trustworthy crypto-currency that can be used for payments.

To be honest the technology and governance structure looks fine, there’s nothing really new or significantly different which I think is a good thing, Project Libra is designed to provide a stablecoin that can be used as a payment system, something you don’t really need or want a lot of new surprises and excitement in.

So are there any real downsides to Project Libra? Probably the biggest one is that Facebook is pushing this forwards, despite setting up an association with a goal of 100 major participants (companies, banks, NGO’s, etc.) this project is still heavily tied to Facebook, and many people have a love-hate relationship with Facebook.

There’s nothing really ugly about Libra either, but one aspect I’m curious to see play out is how tradable digital assets sold via Libra will handle pricing discrimination. Many companies would rather sell digital assets (like in game skins) at a discount in developing countries as opposed to not selling anything at all. For digital assets that can be exchanged or traded in game this could present an arbitrage opportunity for end users and secondary markets may develop, and as we’ve seen companies often hate this, because secondary markets are often lucrative (and frustrating for users, opportunities for fraud abound).

But there is one thing that Facebook brings to the crypto-currency table that almost nobody else can (apart from maybe Linkedin or Google…) which is KYC.

KYC is Know Your Customer, it’s literally knowing who the account holder(s) are, their identity, location, address, which jurisdiction they are in and so on. This helps prevent things like identity theft and financial fraud, and also ties into the AML side of crypto-currency regulation. Anti-Money Laundering is exactly what it sounds like, and also ties into terrorist and other criminal funding activities.  

Facebook has arguably the world’s largest social graph, and the deepest knowledge of many people (many people essentially stream their entire life, and the lives of their families on Facebook). Facebook can easily verify who people are (and in many cases they already have via your phone number and so on) in a way that almost nobody else can. This combined with Facebook’s reach (they can simply add Libra capability to their website and mobile client and boom, hundreds of millions of people have access to it instantly) gives them a potential advantage no other crypto-currency has ever had.