More block chain thoughts

I recently explained to my cousin why I’m skeptical about blockchain. She is in the technology side of the banking industry so her interest was more than casual. Below is basically what I told my cousin.

A blockchain is a ledger: An append-only file that stores records (i.e., blocks). The blockchain file is replicated across many nodes to build trust. In order to corrupt the file, an attacker must co-opt 50% plus one nodes. The more nodes involved, the greater the trust. I speculated that a highly trusted blockchain needs to be widely distributed because if at breakfast it become known that a $10B hedge fund ledger were distributed across only 10 nodes the money would be missing by dinner.

Second, because the blockchain file is distributed the information is shared. Sharing data increases the security perimeter that must be guarded. Thus there is a conflict between trust (increases with node count) and security/privacy (decreases with node count).

The last point, which is the most overlooked, is that blockchain does very little to protect against fraud. It protects the ledger by making it hard to tamper with. However, the ledger is internal data that is fairly easy to protect. But it does nothing to prevent an erroneous ledger entry from being inserted in the first place, as the millions of dollars of stolen bitcoins attest to. Therefore, the blockchain offers no help for the most vulnerable attack vectors.

In addition to these limitations, blockchain is also very inefficient, Consequently I have yet to be shown a use case (other that crytocurrency) for blockchain. Tell if I’m wrong in the comments.

I have an earlier and longer post on block chain.

 

Some thoughts on blockchain

While watching a hockey game, I saw this IBM commercial that touts how to use blockchain to track commodities such as tomatoes and diamonds. I also heard that your chances of getting VC funding increase dramatically if you use blockchain. It has been claimed that blockchain will revolutionize banking, real estate, and many other industries. But is blockchain really a game changer? How generally useful is blockchain.

 

Blockchain is a critical (maybe the critical) technology enabling bitcoin and other
cryptocurrencies.There are many places you can go to learn about blockchain but for this discussion we need to know three things.

 

First, blockchain is a ledger—an append-only record of transactions. In bitcoin, a ledger entry might be “Alice transfers 1.8 bitcoins to Bob.” However, entries can be anything such as an arrival scan for a package or an edit to a document.

 

Second, the ledger is constructed as a chain of blocks that are cryptographically connected. Each block has a hash value that contains the hash value of its predecessor block. This is the key to blockchain. Modifying a block changes its hash value and it will not match the value stored in the successor block. Therefore, in order to incorporate this modified block into an existing chain all successor blocks must also be modified.

Third, a blockchain is a public and distributed. Therefore, in addition to recomputing all the hashes for the modified blocks, the fraudster also has to convince 50% plus one of the blockchain servers to adopt its version of the blockchain.

 

There are other features about blockchain in general and bitcoin’s blockchain specifically that are necessary for bitcoin, such as “proof of work.” But those are attributes that are not necessary in all uses of blockchain.

 

The beauty of blockchain is that is creates trust in public ledger. This is critical to bitcoin because it is decentralized—there is no master server. However, if the ledger is not decentralized then the overhead of blockchain (which is significant) is hard to justify. Furthermore, if the ledger is not public (by desire or regulation), it should not be in a blockchain. There are abundant solutions for private ledgers—such as read-only, offline archives that are hacker-proof—that are much cheaper than blockchain.

 

It is important to note that bitcoin’s use of blockchain only prevents fraudulent modifications of the ledger. It does not prevent fraud. Other mechanisms are needed to regulate the creation of ledger entries.

 

IBM in its commercial illustrated three uses for blockchain. A tomato you can track from farm to pot to jar to table and “serve with confidence that it is safe.” The safety consequence is dubious because we use lot numbers to track food and drugs, yet recalls are common. Moreover, it is not a function of blockchain but of better record keeping.
The point (I think) they are making is that you can independently verify the public ledger.
Accepting the premise (tracking ensures the tomato is safe): is it worth the cost? Blockchain is not cheap. At time of this posting the bitcoin blockchain is almost 170GB (55GB growth in last year) and it is stored about 10,000 nodes. Of course the tomato blockchain need  have not have that many nodes. But there are more tomatoes than bitcoins. I suspect that tomatoes and all produce are extremely price sensitive so even small costs will be difficult to absorb. However, I cannot estimate the cost. So let’s consider if this is better than the current solution. Recently there was a recall on romaine lettuce. The CDC was able to pin-point the problem to lettuce “from the Yuma growing region w[as] harvested on April 16, 2018.” So the question becomes are we safer with many people independently verifying a public ledger or relying solely on the CDC?

 

The second example in IBM’s commercial, it is a diamond you can trust from “mine to finger and trust it never fell into the wrong hands.”There are fewer diamonds than tomatoes and they are less price-sensitive so the cost isn’t a problem. But it is not clear that anything is broken in the current diamond market. So I suspect any benefit from blockchain is minor. The last example is a package that is “tracked from port to port.” We already have this ability and it is doubtful shipping industries or customers are dissatisfied with the current solution. Now, the intent of this post is not to pick on IBM and its short commercial. Rather to show that much of the hype lacks depth and understanding.

 

Blockchain provides trust to a public, decentralized ledger. Much data is public (e.g., land deeds) but is not and should not be decentralized. I believe few database require a public, decentralized ledger. If the data is private or there is sufficient trust (e.g., the county registrar) the cost of blockchain is not justified. Of course, if VCs are throwing money at blockchain solutions or if it increases the visibility of your tea then use blockchain. However, if you are developing a solution to a problem and believe that form follows function, blockchain is probably not necessary.

Three words to map the earth

What3words is a fascinating technology for mapping the earth. Instead of a postal address (which is country-specific and too coarse) or latitude and longitude (which is too hard to remember), one can use a simple three-word phrase. For example, my office is gates.fears.value [*] It is also 35°46’17.8″N 78°40’25.1″W. The latter is more precise but cannot be remember or easily shared. Also, notice the difference in URL complexity. The former is 36 characters long (17 not counting the domain) and the latter is 65 (50).

Each three-word phase uniquely identifies a 9 square meter patch of the earth. The advantage over postal addresses is obvious–you can identify the door of your building to take a delivery or you can specify the where you are in a park.

It is a novel way to map the earth. Read the white paper.

[*] If “gates” is taken as for Bill Gates/Microsoft, my office location has the added advantage of being a sentence that might even be true.

Magic wormhole

Found an interesting tool/service to transfer files directly from one computer to another. There are many ways transfer files via a third party, such as dropbox, and there are ways to copy between computers, such as scp and sftp. The Magic Wormhole is another way. The sender registers with a server that it wishes to a send. It gets a human-readable (maybe pronounceable is a better term) code, such as “7-guitarist-revenge” (see video). Sender shares that with receiver. The server only brokers the identities of the sender and receiver. The data is transfer directly between computers.

 

Researchers can now send secret audio instructions undetectable to the human ear to Apple’s Siri, Amazon’s Alexa and Google’s Assistant.

Holy crap. I thought it was a bad idea to self-bug your home with Alexa. But it is worse than I ever thought. Researchers at UC Berkeley and Georgetown have shown that one can embed commands in music. That means just listening to music or a video while Alexa is in the room is a risk. Just don’t do it.