[Cryptography] blockchain and trustworthy computing

Peter Todd pete at petertodd.org
Mon Oct 12 21:28:36 EDT 2015


On Fri, Oct 09, 2015 at 03:52:55PM +0100, ianG wrote:
> >So what do you mean by "proper privat blockchain" - what specifically
> >does that blockchain do to achieve trust?
> 
> 
> I'm hypothetically envisaging a car with many CPUs in IoT form, each
> interfacing with their particular device (brakes, carburretion,
> entertainment, locks, etc) but also running a blockchain to handle
> computation.
> 
> (Maybe this is what 21c are trying to do, maybe not.  IBM are also
> toying in this IoT direction, as are others.)
> 
> Any signatory can put programs (smart contracts) into the car's
> blockchain to get run.  By 'proper' I mean it is certified by EPA or
> other agency, according to some procedure / requirements they
> design, like NIST or CC approvals.

So lets get some clarity: what _exactly_ is happening here?

"running a blockchain" is a tremendously ill-defined term.

> >How does the EPA know the computations were done accurately?
> 
> In the same way that the SPV knows that things were done accurately
> - it sends in its transactions, gets them back, is happy.  As to
> what is happening under the hood, for that it relies on various
> institutional defences (auto-manufacturer honesty, annual vehicle
> checks).  In this sense, trust.
> 
> Alternatively, the rules could say that each agency that is
> interested must also put its own full node into the chain.  Now it
> gets to verify directly.  This node would build on the tradition of
> the odometer.

Note how in addition to the problem of not being sure if the
computations are being done correctly, it's hard to be sure if the
sensor data is accurate.

A more clear model for all this stuff might be to first talk about how
we're going to be sure the original sensor data is being reported
correctly.

> >I define trustless computing simply to mean I prove to you I did some
> >computation accurately with undeniable math. The easiest way to do that
> >is for you to repeat the computation yourself - the way Bitcoin works.
> >
> >If we're going to make a meaningful distinction between that idea - what
> >cryptography does all the time - and "trustworthy computing" the only
> >concept that comes to mind is schemes that try to use non-cryptographic
> >techniques to get trust out of systems. (remember the definition of a
> >trusted component being something that can screw you over) TPM hardware
> >is one such example; the economic incentives in Bitcoin another
> >(possible) example. (albeit one apparently undermined by a lack of
> >verification!)
> 
> 
> Right, I see the distinction.  But the needs that both are trying to
> fulfill are more or less the same, albeit through different
> approaches.  Trustless or verifiable computing dominates trustworthy
> computing, in that it has at least one less component to trust.
> 
> So maybe my claim is more that Blockchain has eliminated the need
> for trustworthy computing by moving to verifiable computing?

I don't see any evidence the _blockchain_ has done any of this stuff. In
fact I'd expect it to be the opposite: "blockchain" tech, specifically
Bitcoin as an example, took pre-existing verifiable computing concepts
and applied them to a specific use-case.

> ps; this is all to skip aside from the criticism that the term
> 'trustless' suggests a perfect result, which we know as inadequate,
> even a dangerous assumption.

Depends on how you define things. If my goal is to trustlessly determine
if a given message was signed by someone in posession of a specific
private key corresponding to a specific public key, I can very easily
determine that without relying on any trust at all: verify the
signature! There's no need to faff about with blockchains there; other
use-cases can follow similar principles.

-- 
'peter'[:-1]@petertodd.org
00000000000000000fb879bde45bab81b48181b451b75c61c928cb5407bca569
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 650 bytes
Desc: Digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20151013/db9470c6/attachment.sig>


More information about the cryptography mailing list