[Cryptography] blockchain and trustworthy computing
ianG
iang at iang.org
Mon Oct 5 12:16:23 EDT 2015
On 2/10/2015 05:55 am, Peter Todd wrote:
> On Wed, Sep 30, 2015 at 11:22:10PM -0400, ianG wrote:
>> Thought experiment.
>>
>> The blockchain [0] provides a way to do verifiable computing [1].
>>
>> Popularly under the tag of "smart contracts" these little scripts
>> can be executed on every node, and the ability of the nodes to come
>> together and find consensus on the state or results provides a way
>> to not only compute, but also know that we have verifiably computed.
>>
>> Verifiable computing was a long treasured goal - but proved elusive
>> outside an academically restricted set of assumptions.
>>
>>
>>
>> If we have verifiable computing finally in the blockchain - a thesis
>> - does this mean we now have a trustworthy computing platform?
>
> I really strongly disagree about the direction of what you're talking
> about.
I'm not pushing for a BIP to upturn mainnet, rather I'm thinking about
the world of private blockchains run for local or specific purposes.
I.e., the invention of the blockchain, not the one that runs BTC.
Is that still disagreeable?
> I'd define trustworthy computing as being able to trust that a
> computation was done correctly without you checking it yourself. This
> implies that SPV clients are taking advantage of trustworthy computing
> because they trust miners; full nodes are not doing that because they
> verify the blockchain themselves.
Right, something like that. To extend my (somewhat challenged) analogy
of the VW problem, a blockchain can be a private permissioned one that
is running inside the car, on all the distributed brain chips. EPA is
one of the signatories that can access, so it dials in and loads up a
program (e.g., smart contract) and does some computations.
In this sense, the EPA is an SPV client user. It's relying that the car
has a proper private blockchain on it, but once past that hurdle, it's
free to run trustworthy programs on there.
(See other post to Natanael that destroys my argument...)
> In the Bitcoin world I think it's fair to say that most experts are very
> concerned about the high, and increasing, % of users who use SPV clients
> rather than run full nodes. While it's hard to predict exactly when this
> threshold is reached, at some point too few people will be actually
> verifying the blockchain to sufficiently strongly incentivise miners to
> follow the rules. For instance, at some point miners can great bitcoins
> out of thin air to increase their profits.
Yep - big problem with mainnet. Fundamental problem here is that energy
enjoys economies of scale. If all you are doing is converting energy
into zeroes, then next door to a Chinese powerplant is the best deal
going. If anyone's read the novel Accelerando, there are better
alternatives coming, for now we're stuck with China.
But that's another debate - I'm specifically looking at other
blockchains, used for private or multiple purposes.
> Instead there has been work done on going the other direction: using
> better math to make verifying the blockchain cheaper and more practical.
> But again, this isn't an example of trustworthy computing! It's standard
> trustless computing, made more efficient by clever math.
What is the difference between trustless computing and trustworthy
computing?
Have we even defined the terms to wide consensus satisfaction? I'd be
surprised if so, we haven't even got a good consensus on trust, how can
we negate- or -worth something we don't have shared understanding of?
iang
More information about the cryptography
mailing list