Why you can’t have backdoored crypto that is secure

By Kurt Seifried, Chief Blockchain Officer, CSA

So as you have probably seen some parts of the US government are again making noise about end-to-end encryption.

We’ve seen this before (clipper chip, key escrow, etc., etc.). The new twist is that they appear to be trying a thin end of the wedge approach, banning end-to-end encryption in consumer applications (like Whatsapp, Signal and so on) but large corporations will be allowed to have end-to-end encryption to protect their systems. 

Let’s ignore the whole consumer vs. corporate argument for a minute (does the CSA qualify? Would we be allowed to have internally secure communications? What about small and medium businesses? What about people who are self-employed?). 

So in order to be effective against an attacker that steals your laptop or cell phone, the encryption system also needs to be effective against a nation-state that takes (e.g. at the border, legally) your laptop or cell phone. Is this a lawful matter with a warrant and judicial transparency? Or is this part of a widespread crackdown by a repressive regime on pro-democracy supporters? Security can either be controlled by the end-user(s) involved in some specific communication/data processing, or it can also be controlled by some third party (e.g., the data processing platform). If a third party is involved, then that third party can choose to reveal the data without consent or even knowledge in most cases of the end parties, due to a lawful warrant, or because they decided to monetize your data and sell it to advertisers. Once you lose technical control of your encryption and privacy you are at risk of a number of attacks, ranging from bribery and theft from the third party to that third party going bankrupt and your data assets being auctioned off to the highest bidder. 

This is why the CSA is actively exploring and engineering Blockchain solutions that involve end-to-end privacy and technical controls that are placed in the hands of the end-users, because anything less is just a data breach away from failure. 

You can read more about Blockchain in CSA’s uses cases research report here.

Interested in reading more about Blockchain from the Seifried Files? Continue the series here.

How Blockchain Might Save Us All

By Kurt Seifried, Chief Blockchain Officer, CSA

I’ve been seeing a lot of articles claiming that Blockchain will save us from hackers, and ransomware, and all sorts of other Cyber-Shenanigans. So… will Blockchain save us all? Yes, well . . . sort of, it’s complicated. Let’s start with a story:

The evolution of web bwosers

Web browsers. Through the 1990’s and 2000’s the web browser became a dominant piece of software. Through the late 2000’s the dominance of JavaScript became obvious, with high speed Internet it became possible to deliver multi megabyte web pages (currently cnn.com is 1.4 megabytes, YoutTube is 1.9 and even the “lean” front page of google.com is 0.45). But the performance of running JavaScript in the web browser… well let’s be honest. It was becoming awful. So awful in fact that it was beginning to impact Google, who wanted to deliver rich web pages and services using JavaScript, but… the experience was so slow and awful people were getting turned off of it. Now if you’re the scale of Google the solution is simple: you engineer and release a really fast web browser with a really fast JavaScript engine (V8).

This has two main effects:

  1. It gives people a choice of a fast web browser and…
  2. It shames all the other slow web browsers into improving, or being so bad that they get left behind. 

…and the evolution of Blockchain

I can’t help but feel that Blockchain is sort of having the same effect. For example backups. A critical component of information security is having backups. Without backups you can’t recover from an attack to a known good state very easily (even if the attacker didn’t delete records did he modify any? Do you have anything to compare to?). Blockchain solves the backup problem in two simple ways: everyone has a full copy of the data if they want, and the data itself has protections that will show if it was tampered or modified. Even better I can be reasonably certain I have ALL the data and that it is up to date (it’s 3am, do you know if your backups are up to date?).

When it comes to ransomware the biggest problem we see again and again is that the data that got encrypted is now effectively gone because nobody has a proper backup of it that can be recovered easily, if at all. Now to be clear I don’t think we should switch every data storage medium over to some Blockchain based version (I also don’t think Bitcoin is going to suddenly replace the world’s banking system), but I do think we should maybe ask “why can’t we have some of the benefits of Blockchain in our other data storage and processing systems?”

You can read more about Blockchain uses cases in CSA’s latest research report here.

Interested in reading more about Blockchain from the Seifried Files? Continue the series here.

Sidechains, beacon chains and why we shouldn’t give up on Blockchain performance quite yet

By Kurt Seifried, Chief Blockchain Officer, CSA

If you’ve been in IT you’ve probably learned one of the simple lessons:

Scaling out is hard and can be expensive, but scaling up is easy and even more expensive. In simple terms if you can scale out you can keep costs down, ideally at a linear growth rate (e.g. handling twice as much web traffic by simply buying a second server). Scaling up is often easier, you want code to run twice as fast, simply get a computer that has a much faster CPU (both capability and clock rate wise), but scaling up quickly hits boundaries (like what’s the fastest single system you can buy). What usually ends up happening is you try to identify as many spots as possible where you can turn serial operations into parallel operations, and do them not only on multiple systems, but at the same time. 

Scaling for Blockchain

Blockchains are no different. The majority of current Blockchain technologies are sold as decentralized and massively parallel, and they are. But while most current Blockchain technologies create multiple blocks at the same time, only one block is picked or “wins consensus” at which point all the other work is thrown out, and a new block is started on (so not very efficient). Bitcoin is an extreme example with each block taking about 10 minutes to create. So despite having millions of systems mining for a valid Bitcoin it can only do a total of 1 block every 10 minutes (worse, this is a chosen value for a variety of economic reasons, in other words an arbitrary limitation that probably won’t change much in the future). Even if you are mining large blocks to improve throughput this 10 minute creation time introduces a major amount of latency; payments that are processed on the main Bitcoin Blockchain take at least 10 minutes to clear and sometimes longer. Imagine trying to use a Bitcoin payment system at the supermarket and having to wait 10 or more minutes for the payment system to tell you if the payment went through or not before you can leave with your groceries. The technology and choices used by the Ethereum Blockchain are better, with blocks taking 10 to 19 seconds to create, but this is still a lot longer than most electronic payment systems take to process and approve a payment. 

Using Side Chains (or shared chains)

The obvious solution is to not only allow for more parallel block creation but to pick more than one winner. There are a number of names for the various strategies here but they are often referred to as side chains or shard chains, or more technology specific names like Ethereum’s “beacon chain” proposal. As you can see from the diagram below the beacon chain is a non trivial matter, if you want to understand it there are a number of good write ups on it.

Ethereum 2.0 overall architecture. Original diagram by Hsiao-Wei Wang.

So yet again we have a classic bad news/good news situation. The bad news is that the current Blockchain technology doesn’t scale very well, typically has high latencies, and low throughput. The good news is that the fundamental concept of Blockchain (an immutable distributed ledger technology with distributed consensus mechanisms) is good, and people are working on the scaling, latency and throughput, and more. 

Interested in reading more about Blockchain from the Seifried Files? Continue reading the blog posts in this series here.

Facebook Project Libra – the good, the bad, the ugly and why you should care

By Kurt Seifried, Chief Blockchain Officer, CSA

So you’ve probably heard by now that Facebook will be creating a crypto-currency called “Project Libra” and if you haven’t well, now you know.

So first let’s cover what is good about this. Facebook has announced Project Libra as a Stablecoin, its value will be pegged to a basket of stable “real world” currencies (I’m guessing something like a mix of USD, Euro and Yen), so speculation won’t really be a thing. Lessons from other stablecoin launches have clearly been learned by Facebook, this one will be using OpenSource technology, it will actually be “owned” by the “Libra Foundation” which is headquartered in Switzerland. We already have the typical mix of white papers talking about the Libra blockchain, the on-chain software that will be used to enforce the chain governance, rules, smart contracts and so on. As is typical there’s not an actual running production instance, just the test network, and the software hasn’t yet been formally audited or put through a formal verification process, but it will be. Essentially Facebook is using every signal possible to show this as a legitimate and trustworthy crypto-currency that can be used for payments.

To be honest the technology and governance structure looks fine, there’s nothing really new or significantly different which I think is a good thing, Project Libra is designed to provide a stablecoin that can be used as a payment system, something you don’t really need or want a lot of new surprises and excitement in.

So are there any real downsides to Project Libra? Probably the biggest one is that Facebook is pushing this forwards, despite setting up an association with a goal of 100 major participants (companies, banks, NGO’s, etc.) this project is still heavily tied to Facebook, and many people have a love-hate relationship with Facebook.

There’s nothing really ugly about Libra either, but one aspect I’m curious to see play out is how tradable digital assets sold via Libra will handle pricing discrimination. Many companies would rather sell digital assets (like in game skins) at a discount in developing countries as opposed to not selling anything at all. For digital assets that can be exchanged or traded in game this could present an arbitrage opportunity for end users and secondary markets may develop, and as we’ve seen companies often hate this, because secondary markets are often lucrative (and frustrating for users, opportunities for fraud abound).

But there is one thing that Facebook brings to the crypto-currency table that almost nobody else can (apart from maybe Linkedin or Google…) which is KYC.

KYC is Know Your Customer, it’s literally knowing who the account holder(s) are, their identity, location, address, which jurisdiction they are in and so on. This helps prevent things like identity theft and financial fraud, and also ties into the AML side of crypto-currency regulation. Anti-Money Laundering is exactly what it sounds like, and also ties into terrorist and other criminal funding activities.  

Facebook has arguably the world’s largest social graph, and the deepest knowledge of many people (many people essentially stream their entire life, and the lives of their families on Facebook). Facebook can easily verify who people are (and in many cases they already have via your phone number and so on) in a way that almost nobody else can. This combined with Facebook’s reach (they can simply add Libra capability to their website and mobile client and boom, hundreds of millions of people have access to it instantly) gives them a potential advantage no other crypto-currency has ever had.

Documentation of Distributed Ledger Technology and Blockchain Use

By Ashish Mehta, Co-chair, CSA Blockchain/Distributed Ledger Working Group

Beyond Cryptocurrency blockchain DLT use casesCSA’s newest white paper, Beyond Cryptocurrency: Nine Relevant Blockchain and Distributed Ledger Technology (DLT) Use Cases, aims to identify wider use cases for both technologies beyond just cryptocurrency, an area with which both technologies currently have the widest association.

In the process of outlining several use cases across discrete economic application sectors, we covered multiple industry verticals, as well as some use cases which cover multiple verticals simultaneously.

For the purpose of this document, we considered a use case as relevant when it provides potential for any of the following:

—disruption of existing business models or processes;
—strong benefits for an organization, such as financial, improvement in speed of transactions, auditability, etc.;
—large and widespread application; and
—concepts that can be applied in real-world scenarios.

From concept to production environment, we also identified six separate stages of maturity—concept, proof of concept, prototype, pilot, pilot production, and production—to get a better assessment of how much work has been done within the scope and how much more work remains to be done.

Some of the industry verticals which we identified are traditional industries, such as shipping, airline ticketing, insurance, banking, supply chain, and real estate, all of which are ripe for disruption from a technological point of view.

We also clearly identified the expected benefits from adoption of DLTs/blockchain in these use cases, type of DLT, use of private vs public blockchain, infrastructure provider-CSP and the type of services (IaaS, PaaS, SaaS). Identification of some other key features in the use case implementations such as Smart Contracts and Distributed Databases have also been outlined.

Future iterations of this document will provide updates on these use cases, depending on the level of progress seen over time. We hope this document will be a valuable reference to all key stakeholders in the blockchain/DLT ecosystem, as well as contribute to its maturity.

The success of the Beyond Cryptocurrency: Nine Relevant Blockchain and Distributed Ledger Technology Use Cases is the result of the dedicated professionals within the Blockchain/Distributed Ledger Working Group and would not have been possible without the expertise, focus, and collaboration of the following working group members:

  • Nadia Diakun
  • Raul Documet
  • Vishal Dubey
  • Akshay Hundia
  • Sabri Khemissa
  • Nishanth Kumar Pathi
  • Michael Roza

Download Beyond Cryptocurrency now.