[Cryptography] hash/sign material for distro of IoT params

[ianG]

On 31/12/2014 03:53 am, grarpamp wrote:
> I'd consider models of hashing and signing distributed materials
> as a serious and necessary applied crypto conversation.

One of the things that is going on in the bitcoin 2.0 world is that some 
of the groups are wrestling with how to distribute different 
instruments.  As we know, Natoshi Sakamoto hit upon an elegant 
simplification by eliminating the semantics of his issue, by the trick 
of only having one.  This simplification breaks down as soon as you want 
more than one issue, more than one chain, more than one semantics.  As 
soon as you want choice in anything, more or less.

One way to distribute information about something like an issuance of 
value is what I call the Ricardian Contract [0].  This is a contractual 
document that has a few smart fields slipped in, and carries its own 
PKI.  When cleartext signed to fix it, it can then be canonically hashed 
to form the identifier for the unit of issuance.

Now, if you look at things like blockchains, there is an emerging 
pattern that many people want to run their own, and different ones.  But 
the basic pattern is the same, in that the description of any given 
blockchain remains largely in the same format, with some different 
parameters [1].  If one imagines a commercial service running a chain 
for some particular purpose -- call it coffeechain for low value fast 
retail -- then we could also include some static contractual 
information.  Something like an open combination of params and legal 
text could be useful to describe coffeechain.

The same pattern might be observed with IoT devices that can be accessed 
from anywhere.  We need to access the public key of the device, we need 
examine the params, and we need to be able to examine the service 
conditions.

Why is this interesting?  Because if we are in a world of millions of 
these things, we also need some strong identifiers, and ways to go from 
the identifier to the description without fail, and ways to go from the 
description to the identifier without fail.

We also need a world in which anyone can play.  We don't want a world 
where in order to run a chain or put up a new device, we have to get the 
permission of someone else, or get enslaved to some facade security 
model which incumbents lock up and stop from migrating in OODA time.

Using an open document and taking the message digest of it for service 
as the identifier for that document/device achieves some of those goals, 
at least on paper.


> Not
> least of why because many of the people on these lists have no
> idea how to actually do such things, let alone well.

Indeed.  And my knowledge of IoT devices is rather popularist.  So, does 
a device have these characteristics?  Does it have some params that need 
exploring?  Does it have a service agreement?  A need to publish keys, 
control info, etc?

Could we benefit from having an architecture that settles on one 
identifier across the IoT space, and uses (eg) a DHT to find the 
document for it?

I don't know.  It seems analogous enough to ask, what would a 
cryptographically secure data infrastructure be for small cheap devices 
on the net?



iang

[0] http://iang.org/papers/ricardian_contract.html
[1] for Bitcoin this is hardcoded into the source, there are 4 different 
fixed blockchains with minor variations.  From eg, altCoins and 
sidechains, it is pretty clear that this hardcoding isn't going to last. 
 
https://duckduckgo.com/l/?kh=-1&uddg=http%3A%2F%2Fwww.blockstream.com%2Fsidechains.pdf