[Cryptography] Keeping Malware from Using Security Hardware

Ray Dillinger bear at sonic.net
Mon Mar 17 12:55:37 EDT 2025 

On 3/17/25 02:57, iang wrote:
>
> If so, and please correct me if I'm misunderstanding, but I think 
> there is an intervening step:
>
>   4. The value X (of #1 and #3) is now /_in dispute_/.
>
> That's because there are two possible final outcomes, simply put as:
>
>   5.a Mallory is a crook and owes Alice X, and the transaction 3 is 
> confirmed.
>
>   5.b Mallory is a good guy, holds a valid contract for X, Alice has 
> done bad, and the transaction 3 is revoked.
>
> Both of those can be automatically validated by the blockchain in its 
> verification phase. What can't be automatically determined easily in 
> code is which of the two outcomes is the correct one.
>
True.  The whole thing is about dispute resolution, and that more or 
less assumes that both parties take their claim to some court or 
arbitrator whose authority they both accept.  For example:

Mallory advertises a device guaranteed to kill all potato bugs in the 
garden.

Alice pays X coins for the device.

Mallory sends her two blocks of wood with instructions "Place potato bug 
on block one. Press firmly in place with block two." This does not scale 
because it is not practical to apply it to all the potato bugs in the 
garden.

Alice claims she was cheated.  Mallory claims that his device does what 
he said it does.

They now have a dispute.  Without some way to access the identity of the 
disputants, it can be brought to dispute resolution if and only if both 
parties voluntarily cooperate to bring it there.

It does not matter if Alice now pays Mallory -X coins; even if the block 
chain allows such transactions, and the  transaction is confirmed and 
entered into the block chain, Mallory will simply never "spend" the 
negative txOut and Alice will then never have a resulting 
positive-valued txOut that recovers the value she was swindled of.  
Business-domain trust (parties can be held accountable to their business 
obligations) fails because of the absence of an arbitrating authority 
with cryptographic-domain trust (ie, the arbitrator must be a "Trent" - 
a party who can screw the others over by acting in bad faith).

> [The sad story of EOS and a dispute resolution mechanism baked into 
> the system...]  Politically it failed, as the blockchain world 
> preferred instant and unrevocable transactions - not your keys, not 
> your coins was the refrain. So the block producers changed the 
> constitution to remove the clause to refer disputes to arbitration. End.
>
Indeed.  I can't blame the community for refusal to trust a "Trent."  
Even though most of them are ignorant of the long history of attempted 
digital-cash schemes, the vast majority failed specifically because 
cryptographic-domain trust was part of the system, and for almost all 
the various values of "Trent," Trent did indeed act in bad faith and 
screw the users over.

My thought is that we don't want to create a new "Trent" because we 
don't want to set people up to get screwed, but we need a "Trent" of 
some kind because we need dispute resolution for business-domain trust.  
I don't have a better idea than the existing courts and legal 
authorities, who are closely monitored and have a long history of 
*SELDOM* acting in bad faith, *OFTEN* getting caught when they do, and 
*SOMETIMES* being meaningfully penalized (disgorgement, disbarment, 
firing, impeachment, jail time, etc) when they are found to have done 
so.  They are subject to oversight and consequences that are far from 
adequate, but still better than anything we can implement or enforce in 
a cryptographic protocol.

This idea will enrage most users of digital cash though; that's exactly 
the same "Trent" that they distrust in the first place. In many cases 
they still consider that particular "Trent" to have screwed them over by 
acting in bad faith in the 2008 financial kerfuffle when swindlers got 
bailouts but the victims didn't.

(Yes, I know the swindlers were required to pay it back. Yes I know they 
actually paid it back. Yes I know the government made a profit on it.  
But it was still a big damn smack in the face to see the same people 
who'd caused the problem allowed to keep their businesses and empowered 
rather than penalized by "Trent's" response.  That was unfair, and for a 
lot of people who lost homes and businesses, that still hurts.  And that 
hurt is at the foundation of the impulse to use something besides the 
institutions that those very same swindlers mostly still own. This is 
what leads to the cultural norm that ditched dispute resolution in EOS 
without any replacement or recourse.

I hate it, I just don't have a better idea.)

> In short (and this was the literal analysis of EOS, being a blockchain 
> for business) my claim is that you cannot do business unless you can 
> hold the counterparty to account for eg debts incurred unfairly. And 
> the test of that is - how do you take someone to dispute resolution?
>
> And technically, that means being able to halt transactions, pending 
> resolution. So I concur, lack of disputable transactions is a design 
> flaw, if you're intending the chain to do business.
>
> (And if not business, what use is it? Memes?)
>
Worse.  I would say the principal uses of Bitcoin (and the only use of 
most altcoins) are speculation and crime.

Bear

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20250317/765a6f9e/attachment.htm>

More information about the cryptography mailing list