Transcript of talk by Davide Carboni (all rights reserved)
Held the 17th of January during IOT Guildford meetup
Money. Lets talk about money first. Because a currency is probably more than a mere application of blockchains. I would venture to say that there is no cryptomoney without blockchain, but at the same time there is no blockchain without money and lets see why.
Often the news dub Bitcoin as “virtual money”. Virtual as opposed to real, but guess what? There will be some surprise. Lets go back to this picture. Only one of these money is backed by a tangible costly good. Guest which?
Now let’s have a look to banknotes like this one. (the 5£ note),
well it says “pay the bearer the sum of …”. What exactly does it mean? It means that if I go to a bank handing this note someone is going to pay me 5£? Well, you see. Money is complex to explain. But you’d rather say nah — it is simple, it means that the note is backed by an equivalent amount of gold worth 5£ and you can go to the Queen and claim that gold nugget … False!
Money doesn’t work this way since 1931 when the US decided the end of so called Gold standard. Since then the note is worth 5£ because the law says it is worth 5£.
Another question is: how huge projects like highways, railways, hospitals, airports, skyscrapers are funded? Who has the money? But that’s simple you would say — multibillionaire funds collects money from the savings of thousands and thousands of old ladies and invest them…. False too! The figures simply don’t match. The real truth is that money is created the very moment someone gets a loan and debit/credit pairing is created. The debt is the key. Money is backed by the honest drive of people willing to repay their debts. The new gold standard is you!! Who says that? Well, also the Bank of England.
How does it sound to you? Great? Miserable? The idea is that banks create money from the debt is blowing my mind. Honest people’s work is backing money, and creating money is a huge business, and bankers are the smartest playing this game. I would rather say this is a sort of liquid slavery. In theory the cash dispenser around the corner could print bank notes on demand. It wouldn’t change a bit. So what is the role of central banks? Well, they simply accelerate or decelerate the volume of money produced every day changing the interest rate. Rotating the knob of interest rate they can incentivize or de-incentivize the demand for new loans. But what happens when the interest rate is zero? Can the rate become negative? Would you lend to get less from your debtors? Well, probably not. Negative interest rate? Another mind-blowing thing.
In this case the central banks create money by means of the Quantitavive Easing … they literally print money from nothing. In some Banana Republic the government simply give money to family and friends, in a modern western country the central bank prints new money to buy public debt. It is always easy to lend money to states, they are voracious machines that burn money.
Now, think again to the picture above. Which is virtual? Which is real?
And then in the middle of subprime crisis, remember another example of money created on top of deteriorated credit, in 2008 an anonymous mad scientist invents a sort of digital money that can’t be counterfeit, can’t be devaluated, can’t be stopped at borders, can’t be controlled, can’t be confiscated … finally can’t be ignored. The Bitcoin. Here starts this journey.
Often people introduce Bitcoin as a killer application of another greater invention called the Blockchain. But in reality blockchains or ledgers are not an innovation per se. Ledgers have been out there since centuries. What makes Bitcoin unique is the threat model it faces. Imagine a ledger that nobody is in charge to maintain. Like a big excel table with all the transactions of all the participants. Assume now we are a community of two people and none of us is in charge to maintain this table.
First, we must agree on a protocol to maintain two identical copies. One may suggest to put the table on Google docs or alike, but in this case we would appoint Google in charge of ensuring the integrity. Instead, the Bitcoin protocol is able to do the same without the middleman.
The idea behind is that only one participant at a time can add a new block of data inside the table, and this new block must be of course consistent with the previous blocks, keep in mind we are talking of transactions. The magic behind this trick is a thing called “the proof of work”.
This was first introduced in another protocol invented to prevent mail bombing and called hashcash. In hashcash every mail message must exhibit a proof of work that is a cryptographic proof that before sending a message the sender has performed a number of hashing attempts to get an hash of the message with some characteristics, ie. starting with 4 zeroes.
The message body plus the message header plus a random nonce all hashed together must produce some hash lesser than a specified target. For a recipient to verify is a matter of milliseconds but for a sender to produce a message would take maybe few seconds. Nothing serious if you are a legit sender used to send few hundred messages a day, but it would be unaffordable if you are a spammer trying to send 500K messages a day.
The same concept is then adapted in Bitcoin to elect one participant every ten minutes to write a new block in the blockchain. This video shows an amazing animation of the concept. (start video)
The next block must be:
- Consistent with the previous one.
- Including valid transactions only.
- Having a nonce (random string) such that the hash of the [transactions + nonce] is lesser than a given target.
As a participant you can only arbitrary change the nonce and make more tries.
It is more or less like a lottery, and the protocol mandates that this game must be as difficult as getting a new block every ten minutes of frantic attempts. This is just an average time of course, as in a lottery you could win with first attempt or maybe never, but in average when the number of attempts is very large and the probability to get a block with a single attempt is very low, it will happen every ten minutes. And it works. If a third participant wants to join, the system will easily scale, with 3,4, … any number. The important point is that all must be working on the same copy of the whole excel table, … pardon, blockchain.
What if one decides to game the system changing one rule of the protocol or reverting a transaction? Well, either it will be alone and its copy will be just worthless, or some guys may decide to follow the new time line and this will be technically a fork.
An hard fork, if the two protocols will not be compatible, a soft fork if the change doesn’t prevent the old and the new to work together. In some respect, we may argue that all the hundreds of alternative coins out there are a sort of hard fork of the original Bitcoin protocol and its blockchain.
Let’s go back to the threat model: nobody is in charge to manage the ledger, nobody is required to authenticate when he wants to generate a wallet to store coins, all can read the ledger and all can try to write a new block. So it is un-permissioned, untrusted, anonymous, and all the participants are in theory willing to game the system. It would be a nightmare to ensure the integrity of data and the honesty of spending, yet it works. The blockchain like a superb artifact it emerges from the chaos.
It may be argued that running this proof of work network is expensive, and definitely it is a lot. But this is probably the subtlety of the whole approach. Burning energy to sustain the defense against the threat model. In other words, we could argue that Bitcoin is a machine which burns energy to produce security. It is a currency backed by energy! It is also evident that the proof of work is essentially useless for any other goal. It doesn’t compute anything worth, like prime numbers, is not spotting alien signals from outer space, neither is sequencing human genome.
Well some of you may propose some different PoW, but here I see a new conjecture is emerging: the PoW must be useless, otherwise you’ll be producing value for the blockchain security and value for something else at once, in other words you’ll be double spending your energy. This is a conjecture though, not a proof. But it is quite interesting, and I feel confident in supporting this.
Another aspect is the proliferation of Blockchains. In 2016 have been launched a lot of blockchains whatever it means. This is good because it means a lot of attention is there, but it is also bad because the hype is just hiding the real value. I’ve seen blockchains for almost everything: notary services, digital right management, tracking of good and services.
I’m not saying that these use cases does not deserve some blockchain related properties, but in so many cases people summon “the blockchain” where it is not needed. Here the diagram that shows a bit better when you DON’T need a blockchain.
Moreover, people tend to sell their own blockchain technologies without any mention to the underlying currency. If you want to code your own blockchain technology and not a mere distributed database, than you have to go with proof of work, or in alternative with the so called “proof of stake”. But in both cases you must design the blockchain and the coin altogether, otherwise the system is not sustainable. The coin is the incentive to participants to do the work needed to keep the ledger integrity over time. Unfortunately, Bitcoin has gained some bad reputation among institutional actors like banks, government and the like. Often people talk about blockchain without even mentioning Bitcoin. A young speaker in one of such blockchain workshop once said “If I say Bitcoin three times in a row is the end of the world!!!”. True story.
However, some interesting evolutions in how a blockchain can be used were proved in 2016. If you can store balances and transaction in the blockchain what about variables in a broader sense? And what about state variables of some program, and what about the entire state of a running program whose code is stored in the blockchain as well?
Well, what I have just described is the value proposition of Ethereum, a proof of work blockchain platform fuelled by a currency called ether and which comes with an environment to run what they call decentralized smart contract. The choice of naming them “smart contracts” ends up to be a bad choice. In fact, they are not smart neither contracts. They are rather processes whose code and state variables are stored in the blockchain and whose state changes according to the logic of their code. Changes are triggered by transactions, eventually changes of contract state are triggered by money.
They are not contract, nonetheless they can mimic contract behavior. They are unbreakable and unstoppable applications as their code is executed by all miners in the network, and that means thousands of computers are running the exact same code. A strong replication system with a redundancy factor of 100%. We often see parallel computing as a way to balance the load among many computers and make computation faster. This is not the objective here. In smart contracts we deploy the same instructions and the same variables in each node to make the computation unbreakable.
For instance, we can build a contract which manages a shared wallet and put some restrictions on how, when and who can spend the money, building the facto a decentralized autonomous organization, also called DAO.
Some of you have probably heard about the DAO hub. They collected the equivalent of $150M from ether holders and locked the sum inside the wallet of a big contract. But unfortunately, something went really wrong and someone, the unknown hacker, found a vulnerability. Not a vulnerability in the Ethereum blockchain, but rather a vulnerability in the contract code and he or she started siphoning ethers from it.
This has been a milestone in the history of blockchains because to deal with this issue the Ethereum foundation started a community campaign to convince miners to adopt a modified version of the software in order to remove from the blockchain the effect of the hack.
It is a milestone because it proved that with a sufficient support from the community, an influencing group of people can bring the blockchain to lose its most important value: the immutability.
However a small part of the miners decided not to adopt the so called hard fork, and decided to stand with the old rules and the old chain where the giant hack was performed. This small community defends the principle of blockchain integrity and immutability and they call themselves the true Ethereum or Ethereum Classic. Their coin is exchanged around 1.5$ whereas the main stream ether is at 10$ these days.
How can we bring IoT and BC together? First a quick question, what is IoT? The answer is not that easy though. I guess everyone would have a his own definition. Assume for sake of simplicity that IoT is the side effect of bringing Internet technologies to everyday objects. That’s probably an informal yet valid definition. I see two ways in which the two worlds can merge. One is to build a better idea of IoT, the other is to build a better idea of blockchain. From a IoT perspective we end up having many objects connected together, wired or wirelessly. That’s only the physical layer. Than we will probably want to orchestrate objects together to build some logic.
A first interesting point is about names. You probably know DNS and maybe you think DNS is decentralized, but it is not. There are a number of root server which play a key role in the network and there is an authority which governs how we give names to things in the Internet. By the way, no more root servers can be added for a limitation of the protocol.
Zooko, a renowned crypto hacker and entrepreneur, conjectures that a naming system cannot be at the same time memorable, decentralized and global. It is a conjecture though, not a proof. Some argued that the blockchain could be used to get Zooko,s triangle squared. One remarkable idea was shared by Aaron Swartz in his blog. Some time later Namecoin was developed, a full cryptocoin ledger forked from Bitcoin codebase but able to store key,values entries inside the blockchain. Perfect for storing DNS records. Today you can register for .bit names paying with Namecoins, however they are not recognized by normal browsers, you may need some plugin.
As I mentioned earlier, there are a number of layers in the ISO stack, now we can probably rethink some of them in terms of contracts. What if every object can have a wallet and a balance, and what if he can pay for what it needs and be paid for the service it offers. You would say that this can be achieved without the blockchain, true. However, existing payment systems require human in the loop. The Cryptocurrencies seem a promising playground for artificial agents to behave autonomously and interact through contracts.
Smart Contracts are not smart neither contracts, but whatever they are at least can boost interoperability and interoperability is in fact the main problem in developing IoT ecosystems with multiple vendors.
What if I build my app using Twitter API and suddenly Twitter decides to change them -> code is broken.
How can I build an ecosystem with many actors if every single change will break everything, like when someone takes down a service with DoS. This could be prevented by blockchain immutable apps. They never can be stopped.
What if the code maintainer decides to stop a code I rely upon? It is worth noting that the code running in the blockchain is visible to all nodes, if someone takes down a contract the contract itself can be re-launched again by other parties. It is like a github, but for running code and many replicas.
If Internet of things is the side effect of adding internet technologies to everyday objects, then it multiplies by many factors some already existing issues related to security. Having immutable code, deployed on a consensus based protocol without a single point of failure would allow to build more reliable applications, or at least we hope so.
Another point which relates blockchain and IoT is the concept of oracles. You have to imagine that code running in the blockchain is in reality running on every miner and the context of execution is the blockchain itself.
What happens if we need to import inside the scope of a smart contract the value of an external variable, like for instance, the temperature in central London?
Well, in a centralized ICT architecture you will write your code to connect to some API, get the value and use it in computation. This is not possible in smart contracts. Imagine all miners (and they can be thousands or even millions) connecting all together to the same endpoint to read a value. That’s simply impossible, or better, it doesn’t make sense at all.
So, injecting external data, what we usually call off chain data, into the blockchain computation is tricky. The state of the art solution is to implement an oracle.
This is not related at all to the database company. Here the oracle is an entity that can solve a dispute about a condition in a smart contract.
For instance if the logic is “unlock a payment if youtube views on vid > 10k” there is only one way to implement this: relying on an entity with a private key that all the parties consider trustworthy. This entity is the oracle and the logic becomes “unlock a payment if the selected oracle signs a transaction meaning views>10k”
You may immediately argue that we started in a ideal world where nobody is trusted and end up to trust the oracle. TRUE
Hence, there are many attempts to mitigate trust density around oracles.
The first is by means of a protocol with many oracles that vote on a given condition.
Example “does views > 10k evaluates true?” -> let 100 oracles vote.
This is interesting but seem complex. In all cases we would have a network of 100 nodes deciding for a state that will be accepted by the whole network of maybe millions of nodes. This approach is described by Orisi white paper.
The second approach is to use some trusted computing path. If you can prove that all your information is captured, processed and distributed under a trusted hardware you could in principle accept the verdict. This could rely on some technologies like Intel SGX for example. In this way the chip maker becomes the root of trust.
An approach similar is adopted by Oraclize.it, they use TLSNotary to prove that they use a TSL connection to gather data.
The third approach is using some de facto trusted element and rely on them. For instance would Amazon care about your “views > 10K” query? probably they don’t care at all and have no interest in gaming your oracle. The idea is that an oracle, which can be proven trustworthy using the Amazon APIs with Amazon as the root of trust, records encrypted SSL sessions in such a way that later if there is a dispute the logs can be decrypted and the dispute settled.