[Cryptography] hash/sign material for distro of IoT params
ianG
iang at iang.org
Thu Jan 1 11:23:56 EST 2015
On 31/12/2014 03:53 am, grarpamp wrote:
> I'd consider models of hashing and signing distributed materials
> as a serious and necessary applied crypto conversation.
One of the things that is going on in the bitcoin 2.0 world is that some
of the groups are wrestling with how to distribute different
instruments. As we know, Natoshi Sakamoto hit upon an elegant
simplification by eliminating the semantics of his issue, by the trick
of only having one. This simplification breaks down as soon as you want
more than one issue, more than one chain, more than one semantics. As
soon as you want choice in anything, more or less.
One way to distribute information about something like an issuance of
value is what I call the Ricardian Contract [0]. This is a contractual
document that has a few smart fields slipped in, and carries its own
PKI. When cleartext signed to fix it, it can then be canonically hashed
to form the identifier for the unit of issuance.
Now, if you look at things like blockchains, there is an emerging
pattern that many people want to run their own, and different ones. But
the basic pattern is the same, in that the description of any given
blockchain remains largely in the same format, with some different
parameters [1]. If one imagines a commercial service running a chain
for some particular purpose -- call it coffeechain for low value fast
retail -- then we could also include some static contractual
information. Something like an open combination of params and legal
text could be useful to describe coffeechain.
The same pattern might be observed with IoT devices that can be accessed
from anywhere. We need to access the public key of the device, we need
examine the params, and we need to be able to examine the service
conditions.
Why is this interesting? Because if we are in a world of millions of
these things, we also need some strong identifiers, and ways to go from
the identifier to the description without fail, and ways to go from the
description to the identifier without fail.
We also need a world in which anyone can play. We don't want a world
where in order to run a chain or put up a new device, we have to get the
permission of someone else, or get enslaved to some facade security
model which incumbents lock up and stop from migrating in OODA time.
Using an open document and taking the message digest of it for service
as the identifier for that document/device achieves some of those goals,
at least on paper.
> Not
> least of why because many of the people on these lists have no
> idea how to actually do such things, let alone well.
Indeed. And my knowledge of IoT devices is rather popularist. So, does
a device have these characteristics? Does it have some params that need
exploring? Does it have a service agreement? A need to publish keys,
control info, etc?
Could we benefit from having an architecture that settles on one
identifier across the IoT space, and uses (eg) a DHT to find the
document for it?
I don't know. It seems analogous enough to ask, what would a
cryptographically secure data infrastructure be for small cheap devices
on the net?
iang
[0] http://iang.org/papers/ricardian_contract.html
[1] for Bitcoin this is hardcoded into the source, there are 4 different
fixed blockchains with minor variations. From eg, altCoins and
sidechains, it is pretty clear that this hardcoding isn't going to last.
https://duckduckgo.com/l/?kh=-1&uddg=http%3A%2F%2Fwww.blockstream.com%2Fsidechains.pdf
More information about the cryptography
mailing list