Blockchain

From MgmtWiki
Revision as of 11:39, 22 January 2022 by Tom (talk | contribs) (Context)

Jump to: navigation, search

Full Title or Meme

Blockchain will solve all Identifier Trust problems, provided you have the energy of a small sun available to power it.

Context

The technology for Block Chain itself has been around for at least 20 years. These simple chains allowed non-revocable commitments by creating a series of blocks that included a collection of all of the block hashes received since the last update plus the hash of that last update. The has of the current block update is calculated and published in a public place plus being added to the next update in sequence. Thus each entry onto the block chain cannot be changed as so is immutable. This feature is required to block repudiation of an action. For example if the block records the transfer of coins from one entity to another, the chain will prevent the original owner of the coin from transferring that same coin later to another entity. Thus the problem of double spending of the same coin is blocked.

That’s all in theory, of course. As John Kenneth Galbraith put it, “A constant in the history of money is that every remedy is reliably a new source of abuse.”

One comprehensive early report on the use of Blockchain and Distributed Ledger Technology in Identity and Access Management was published from a Kantara discussion group.[1]

It is not at all clear where the single word term "Blockchain" was used. The first use found in the Bitcoin archives of the two word Block Chain was a conversation between Hal Finney & Satoshi on 2008-11-09 where Hal writes:

it is mentioned that if a broadcast transaction does not reach all nodes, it is OK, as it will get into the block chain before long.

Simple Chains

Block chains were first commercialized by Bellcore which published the hash of each day's update in the New York Times.[2] (This appears to be the first public ledger. Although township records could be considered as holding that honor.) An academic paper was published by Haber and Stornetta in 1991. [3] Surety. LLC is a continuation of that service that was still available in 2018. In this instantiation, block chain got its Non-Repudiation from the immutability of the hash published in the New York Times which became publicly available the very next day in nearly every library in the United States. This method was based on a centralized steward as are most current Decentralized ID methods. The Bellcore implemented solution was an immutable chain of blocks, but did not call itself a block chain.

Proof of Work

The point of proof of work is to randomize the choice for the source node for the next block in the chain. This will allow trust to be established for the case where less that 50% of the node are colluding to subvert the chain. Thus is created the trust, or non-repudiation of contents of the block chain.

  • The first successful block chain with distributed ledger was created by the pseudonymous S. Nakamoto[4] which resulted in the highly popular Anonymous money known as Bitcoin.
  • Mark Russinovich did an interesting calculation that showed that this pow scheme was, in May of 2018, consuming as much power as the entire country of Denmark.[5]
  • Other estimates put the energy requirements at the level of all electricity generated today will be needed for bitcoin in a few years.[6]
  • Bitcoin Mining Company Buys Entire Coal Power Plant The company is burning through 600,000 tons of coal per year. 2021-09-27

Proof of Stake

In the attempt to overcome the cost of the "Proof of Work" source of trust, new methods are proposed to select the source of the next approved block of the chain. Some sort of randomization is required to ensure that a minority of the participant cannot overcome the trust, or non-reputability of the chain.

Problems

  • The current problem that many architects are trying to solve with block chaining relate to the concentration of user information in a small number of very large companies.
  • There are some efforts to reduce the power consumption. If those work, it looks like the solution will just be some other trust framework, but with a different name. For example the proposal of Hardjono et al.[7] goes to a Resilient system like the internet, which is, of necessity, single rooted even though nearly all components can work independently for a time, just as the internet itself functions today.
  • There has been no significant uptake of block chaining with distributed ledger in real world businesses other than money laundering.[8][9]
  • The Risks of Cryptocurrencies[10] have been well documented at least since Peter Neumann listed some of them in June 2018. But the hope and hype continue to inflate their value, albeit with wild swings in value. Neumann's conclusion was to quote "the philosopher WOPR in the movie WarGames, 'The only winning move is not to play.'"
  • Consider the once-soaring value of Bitcoin: the ideological enclave of cryptocurrency evangelists. In Forbes, Jason Bloomberg wrote that “most of the noise around both blockchain and crypto is little more than the community talking to itself - a massive ‘echo chamber.’ ” We like to imagine ourselves as cannily seeing through such echo chambers - the self-reinforcing intellectual snow globes of people who get all their information from one another, who imagine that all the world works like their particular corner of it.[11] A similar "echo chamber" is building the case for Decentralized IDs where dissident options are shouted down. Only the communicant members of their religion have a voice. This was made clear on 2019-02-10 when the W3C called their uses cases "out of touch with reality".
  • What's Blockchain Actually Good for, Anyway? For Now, Not Much. Not long ago, blockchain technology was touted as a way to track tuna, bypass banks, and preserve property records. Reality has proved a much tougher challenge.
  • Forget erasure: why blockchain is really incompatible with GDPR by Elizabeth M. Renieris (2019-09-24)
  • All data on a Blockchain is public. Some solutions that try to minimize the data on the Blockchain are described below, but none of them addresses the problem of linkage. While technically a real-world user could have as many Pseudonyms as desired, it is not practical for a variety of reasons to expect that normal users could handle more than a few. Such as one for social, one for business, one for medical data, and so on. With each of these Pseudonyms the use from one website to another can be mapped and these maps can be matched to real-world users.

Anarchy

Perhaps the biggest threat from blockchains is that it will succeed at removing all societal functions from control by government. If Blockchain meets its own goals, there will be no limits on what people can do, and so no limit to their excesses. Society will just collapse. Some attempt so limit the damage of blockchain follow.

Solutions

Most of the solutions rely either on permissions for participants in the block chain process, which implies some source of trust to select the participants, or some less costly source of randomness in selecting the next node to "win" in the contest to submit the next block.[12] Most of these solutions derive from the Byzantine Generals' Problem which is a cryptographic solution to making decisions when there is a lack of trust among the deciders.[13]

Side Chains

  • A variety of additions to the Block Chain repertoire include a variety of simple chains (see above) rooted every so often in a "Proof-of-xxx" scheme have been proposed.
  • The Sidetree Protocol: Scalable DPKI for Decentralized Identity on the DIF web site.
  • Microsoft Launches Decentralized Identity Tool on Bitcoin Blockchain[14] which gets better performance at less cost with a technique which is derived from sidechains[15]. A test registration is available at this site.

Alogrand

One of the earlier solutions was Alogrand developed at MIT.

Simplest Solutions

The InterPlanetary File System IPFS can be sufficiently secure block chain for some purposes like Self-Sovereign Identity where the Did:orb method is constructed entirely using IPFS and Certificate Transparency.

Steward

Since all data stored on any Blockchain is public, other methods, like side chain or other trusted sources of control of user data need to exist. The Sovrin Foundation created the role of Steward which would not be numerous which would store only public user data, like keys. This role would enable User Agents would store private data. These agents could be hosted on user smart phones or on proxy servers under user control. See the worked out example of Phone as Health Care Credential as one possible implementation of an agent that supports Self-issued Identifiers.

Use Cases

  • The first commercial blockchain produce form Bellcore in the late 1990's failed as a publicly verifiable proof chain.
  • The Bitcoin phenomenon is still showing (2019) signs that it has legs and will continue as a source of hiding wealth. It is less successful as a method of exchange of value except for extortion. The US Treasury has ruledthat any transaction for more that $3000 with a financial institution must be reported to FInCEN.
  • The Ethereum concept of smart contracts has show some value and continues (2019) as a support mechanism for a variety of start up enterprises.
  • The Distributed Identity concept has moved from community group to standards work group in the W3C, which should indicate that a standard will soon be issued. If you look at that web page you will see some of the challenges they face getting adoptions.
  • The idea of blockchain itself is sound, the question is where the anarchy of Distributed Ledger Technology Is the best solution. Several centralized ledger solutions from Central Banks, and others shows that other solution may win in the end.[16]

Threat Analysis

ASC X9 produced a comprehensive Blockchain Risk Assessment Framework (2021) This is from the financial services industry standards arm, so it focuses on the use in value transfer and smart contracts rather than identifiers.
This technical report (TR) provides a framework for the performance of operational risk assessments on blockchain systems and applications within a distributed network. Operational risks include information technology (IT) and information security (IS) areas. IT includes interoperability, resiliency, accessibility, and software maintenance. IS includes data integrity, confidentiality, authentication, authorization, and accountability (logging capability). This report features some aspects of application risks including data accuracy, version control, backwards compatibility, and other usability functions.
  • Report focuses on a Permissioned Blockchain system, one in which some control and governance, established by agreement of the parties participating in the system, exists to determine who or what is allowed to read, write, or in other ways manage, operate, or govern the system. Some blockchain systems are public and considered ‘permissionless’ such that anyone with the requisite hardware, software, and skill can participate in all or most activities of the network. These types of systems may introduce additional risks beyond the scope of this report.

The report makes it clear that it is not an Assessment Criteria That can be used by auditors to evaluate an implementation, but it does create an informal questionnaire that can be used by architects and developers to create secure implementations. Some of the points raised are written to support existing infrastructure in the financial industry, and so are not really well aligned with the Anarchy implicit in the W3C did core spec. The following are the questionnaire headings from section 5.3 on Trust and Resilience:

  1. Cryptographic algorithms - only approved algorithms may be used
  2. Public key infrastructures - the report assumes and existing PKI that would be in place, for example for HTTPS
  3. Resilience, data persistence, and continuity of operations - these are bankers that are responsible for availability of the system
  4. Identity management - this is a bit short and encompasses all entities from end users to smart contracts.

Adoptions and Guidence

  • BLOCKCHAIN TECHNOLOGY FOR GOVERNMENT 2018-04
    This document presents an introduction to blockchain technology with a specific focus on the core technologies, platforms, and applications that may be beneficial to MITRE's government sponsors. The document is intended to introduce MITRE and its sponsor to blockchain technology, and establish a base of knowledge upon which to further explore MITRE sponsor blockchain use cases and research. An introduction to blockchain and its critical components including cryptography, consensus, and distributed ledgers is provided. Public and permissioned blockchains are compared, and a framework is provided that outlines when it is beneficial to use blockchain solutions. Use cases applicable to MITRE sponsors such as healthcare, identity, supply chain, and the Internet of Things (IoT) are considered. A survey of leading permissioned blockchains such as Ethereum and Tendermint is presented, and important emerging features such as private transactions and state channels that strengthen enterprise blockchains are discussed. While public blockchains provide the most security as they are designed to operate in a trust-less environment, government users will be most interested in a permissioned blockchain.

References

  1. Thomas Hardjono and Eve Maler, Report from the Blockchain and Smart Contracts Discussion Group to the Kantara Initiative. (2017-06-05) Kantara https://kantarainitiative.org/download/6828
  2. BELLCORE SPINS OFF NEW COMPANY TO OFFER DIGITAL NOTARY (TM)(SM) SERVICE http://seclists.org/interesting-people/1994/Mar/100
  3. Stuart Haber +1, How To Time-Stamp a Digital Document Journal of Cryptography (1991 data rec'd 1990-08-19) https://www.math.columbia.edu/~bayer/papers/Timestamp_BHS93.pdf
  4. S. Nakamoto. Bitcoin: A peer-to-peer electronic cash. The proponents of bitcoin had a radical agenda, which was to disintermediate incumbents and remove those entities that have responsibility for creating trust, such as financial services firms and central banks. system. https://bitcoin.org/bitcoin.pdf, 2008.
  5. Mark Russinovich Microsoft Build (2018-05-06) https://channel9.msdn.com/Events/Build/2018/BRK2507
  6. Adam Rodgers, The Hard Math Behind Bitcoin's Global Warming Problem. (2017-12-17) Wired https://www.wired.com/story/bitcoin-global-warming/
  7. Thos Hardjono, +2 Towards a Design Philosophy for Inter-operable Blockchain Systems MIT May 16, 2018 [1]
  8. Andrew Orlowski, Blockchain study finds 0.00% success rate and vendors don't call back when asked for evidence. (2018-11-30) The Register https://www.theregister.co.uk/2018/11/30/blockchain_study_finds_0_per_cent_success_rate/
  9. Nathaniel Popper, Bitcoin Has Lost Steam. But Criminals Still Love It. (2020-01-28) New York Times https://www.nytimes.com/2020/01/28/technology/bitcoin-black-market.html?auth=login-email&login=email
  10. Peter B Neumann, The Risks of Cryptocurrencies (2018-06) CACM Vol 61 No. 6 p. 20ff
  11. Sasha Chapin, Small Worlds (2018-12-16) New York Times Magazine p. 13-15
  12. Zubin Koticha, Proof of Stake and the History of Distributed Consensus: Part 1, Nakamoto Consensus, Byzantine Fault Tolerance, Hybrid Consensus, Thunderella. (2018-09-04) Thunder https://medium.com/thunderofficial/proof-of-stake-and-the-history-of-distributed-consensus-part-1-nakamoto-consensus-byzantine-176e0156316e
  13. Lamport, L.; Shostak, R.; Pease, M., The Byzantine Generals Problem. (1982) ACM Transactions on Programming Languages and Systems. 4 (3): 387-389. doi:10.1145/357172.357176
  14. Leigh Cue, Microsoft Launches Decentralized Identity Tool on Bitcoin Blockchain (2019-05-13) Coindesk https://www.coindesk.com/microsoft-launches-decentralized-identity-tool-on-bitcoin-blockchain
  15. Daniel Buchner, Toward scalable decentralized identifier systems . Microsoft Blog (2019-05-13) https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Toward-scalable-decentralized-identifier-systems/ba-p/560168
  16. Reuters, Explainer: Central Bank Digital Currencies: Moving Towards Reality? New York Times (2020-01-24) https://www.nytimes.com/reuters/2020/01/24/business/24reuters-cenbank-digital-currencies-explainer.html

Other Materials

  • On an hysterical note there is no evidence that that the block chain of memory management was ever concatenated into the single word blockchain before Santoshi's document, but the use of the term "Free Block Chain" is in common use in computer operating system designs almost from the beginning. For example see this Memory Management Reference.
  • Blockchain Privacy describes some of the positive moves taken to improve the Privacy features of blockchain.
  • Federal Blockchain News on linked in.