I don't understand what the "privacy nightmare" is that the author describes:
> The credential itself is signed by the issuer, which makes it authentic and binds it its owner. In itself this does not appear to create a big privacy problem, compared to standard PKI certificates. However, one of the keynotes suggested that also uses, i.e. verifications, of credentials could be logged on the blockchain. That information could subsequently be used to make e.g. policy decisions on employability: which academic credentials lead to the best employment opportunities? This is a privacy nightmare.
And is the author suggesting simply checking credentials against a centralized authority:
> All you need is that each issuer keeps a list of all issued credentials in a local immutable record (using a simple hash-chain, for example) against which a verifier can check the status of a credential.
> verifications, of credentials could be logged on the blockchain
And how would that work anyway? He just finished saying that everything on the chain is public. You don't have to issue a transaction to read it, you can just read the public information off your local node.
>what would happen to all credentials once issued to some blockchain, if that blockchain ceases to operate? The raw blockchain data is of course still available and maintains its blockchain structure. Yet the integrity-preserving features of the blockchain disappear as soon as it is no longer actively used.
I'm not sure this is true. Info about the blockchain wouldn't evaporate instantly, it'd be easy to get the legit genesis block header and chain height, wouldn't it require a lot of "work" to produce a convincing counterfeit chain?
As with any transaction on a proof of work chain, the more work there is layered on top of the item in question, the more confidence you can have. Even if you don't know that someone's presenting you with a truncated chain, you can still see that their credential is at the end of it, and know that they could have cheaply faked it.
Proof of stake would require more human consensus but proof of work is measurably expensive to produce.
> As with any transaction on a proof of work chain,
Only active proof of work chains. Discontinued chains have no active, competitive consensus and may be arbitrarily rewritten by attackers since there is no competition at any historical point in the chain for a quick mining operation and there is no consensus about the head of the chain.
If there are additional credentials and signatures embedded in the chain (there need not be) then THESE are the trust tokens that have value after the chain is discontinued.
Blockchains only offer one thing: human consensus when humans are not necessarily inclined to reach it. That is what a PoW or PoS blockchain algorithm for cryptocurrency is trying to guarantee.
You can still measure the total amount of hashpower applied. Someone could add arbitrarily many blocks but you can calculate how much it cost for them to do it.
I'm struggling to pinpoint where you two are talking past each other. "Length" in the context of a blockchain refers quite specifically to the amount of actual work. So "easy" to make "long" chain, seems like a straightforward contradiction.
The amount of calculation necessary to add a block to the chain is not undoable by someone with modest resources.
What's difficult is doing it as quickly as Bitcoin miners with specialized hardware and big energy footprints.
You can make a new blockchain add got Bitcoin today on EC2 without overwhelming expense. Even 30 of them. No problem! It'd take too long to be practical for mining, but that's not the senario we are discussing
Would you beat other miners in? Absolutely not. But the scenario being discussed here is the historical value of blockchains once there is no mining pool racing on them.
And the answer both the article and I propose is: "It is almost none" compared to the other cryptographic tokens. Especially if the chain isn't receiving constant, small commits.
The competition works by increasing the difficulty. At any given time there's a maximum numerical value of the block hash; the lower it is, the more hashes you have to make before you find a valid one.
The difficulty can be checked after the fact, by simply checking the numerical values of hashes. If a hash is one in a trillion, you know it took about a trillion attempts on average to make it, and you can figure out the economic cost of doing that.
It would be easy to make a chain with lots of blocks of low difficulty. It would also be easy for anyone to see that it didn't cost much to make it.
yes that is interesting, it is the same as one copy of the database. you would have to find someone mirroring another copy and compare them.
if we live in a world where one-copy is fine most of the time, then this is a marginal improvement adding just a little redundancy between unknown parties.
some kid with the blockchain copy in their temp folder from years before will save the key pairs for humanity.
Im a "blockchain-for-x" skeptic, but I disagree with this article.
A timestamped, immutable blockchain would be useful for reviewing credentials from 3rd world countries where qualifications/experience/government certification are all able to be bought. It wouldn't solve fraud, but it would make it a lot harder to suddenly decide to fake a whole lot of credentials, and would make it more obvious that a particular organization is corrupt and therefore would incentivize not being corrupt.
The central question for whether blockchains are indicated for a particular use case continues to be "does this require immutability, regulation resistance, or cooperation across various regimes that don't trust each other".
An example of useful blockchain identity would be in refugee verification/processing:
- people in 3rd world countries scan a fingerprint and hash an encrypted version on the blockchain when young
- annually update information about themselves onto the blockchain including info about families
- 10 years down the line they have an excellent record of who they are, who their family is, what their situation is, and they become far more credible when it comes to identity verification that relying on documentation from a long-toppled government
I mean that if you can produce a fingerprint image corresponding to a blockchain hash and it matches your fingerprint 20 years later, and this is linked to 20 years worth of blockchain recorded credential information, I would find that very compelling evidence that you are who you say you are.
This idea of having 20 years of linked entries in an append-only distributed log is very powerful, and is the basis for the "idchains" system discussed here:
You're basically specifiying PKI, not anything to do with Blockchain.
If you truly want the timestamps to "lock in" the time of a transaction without trusting either party, a hash-commitment could be used, akin to https://opentimestamps.org/.
A blockchain seems like a very reasonable way to provide a distributed immutable log of actions that take place within a PKI infrastructure. It even adds the ability for 3rd party auditors to participate in the system in a real-time manner.
You might even extend it, so that instead of it being PKI with a blockchain transport, to something more akin to Kerberos with a blockchain transport -- every attempt, successful or not, to access a resource could be immutably logged, and access could be granted by the targeted resource only once the authorization message has been committed to the blockchain (and therefore approved by auditors)
Cert Transparency depends on our benevolent lord Google to maintain the integrity of the log. Using a blockchain pushes that trust model out such that it's distributed across multiple actors.
There's nothing wrong with CT -- it's a great step in the right direction. There's also nothing wrong with exploring distributed immutable logging.
A blockchain adds trustless governance rules and a verifiable audit trail to using just PKI alone. These are hugely valuable features of an identity management systems.
A blockchain could improve on this because it leaves some trail linking actions of individuals as well as authorities together.
For instance, you can make a timestamped scan of a university degree to prove it existed on some date. However, a blockchain would allow the university itself to sign the fact that it gave the person the degree at that time. It would also show how many degrees of that sort the university are giving out, so that if they start giving them to everyone that would be noticed. It would also show that the given person only got that 1 degree at that time, and it would be hard for them to then make up a bunch of other stuff. None of these are possible with simple timestamping.
"Developing" (or less euphemistically, "poor") is better because "3rd world" has specific cold-war related connotations that are less and less relevant as time goes on - eg, a poor former soviet bloc country wouldn't be "3rd world" as some people understand the term.
Sorry but that's absolutely horrific. Publishing that level of personal information, then realistically forcing people to do so to have any chance of emigrating to the first world?
Why do you care who they were 10 years ago, who their family is? Why do you think it's a good idea to make immutable, publicly available lists of targets?
The original article was based on fundamental misunderstandings of Blockcerts, but the follow-up Blockcerts community discussion (including the article's author) was productive:
One step closer to that "permanent record" our middle school teachers warned us about. Who is going to be the wanker who gets rich doing this to all the middle schoolers of the next generation I wonder. I am glad it's not me.
48 comments
[ 3.6 ms ] story [ 92.8 ms ] threadWhoever discovers a worthy use for a blockchain.
If not you probably don't need a blockchain.
> The credential itself is signed by the issuer, which makes it authentic and binds it its owner. In itself this does not appear to create a big privacy problem, compared to standard PKI certificates. However, one of the keynotes suggested that also uses, i.e. verifications, of credentials could be logged on the blockchain. That information could subsequently be used to make e.g. policy decisions on employability: which academic credentials lead to the best employment opportunities? This is a privacy nightmare.
And is the author suggesting simply checking credentials against a centralized authority:
> All you need is that each issuer keeps a list of all issued credentials in a local immutable record (using a simple hash-chain, for example) against which a verifier can check the status of a credential.
My comprehension of this article is low.
And how would that work anyway? He just finished saying that everything on the chain is public. You don't have to issue a transaction to read it, you can just read the public information off your local node.
I'm not sure this is true. Info about the blockchain wouldn't evaporate instantly, it'd be easy to get the legit genesis block header and chain height, wouldn't it require a lot of "work" to produce a convincing counterfeit chain?
The power of the "head" of the blockchain is the human consensus around it. It is otherwise unprivileged.
Proof of stake would require more human consensus but proof of work is measurably expensive to produce.
Only active proof of work chains. Discontinued chains have no active, competitive consensus and may be arbitrarily rewritten by attackers since there is no competition at any historical point in the chain for a quick mining operation and there is no consensus about the head of the chain.
If there are additional credentials and signatures embedded in the chain (there need not be) then THESE are the trust tokens that have value after the chain is discontinued.
Blockchains only offer one thing: human consensus when humans are not necessarily inclined to reach it. That is what a PoW or PoS blockchain algorithm for cryptocurrency is trying to guarantee.
It's the competition for time that makes the mining reliable right now.
What's difficult is doing it as quickly as Bitcoin miners with specialized hardware and big energy footprints.
You can make a new blockchain add got Bitcoin today on EC2 without overwhelming expense. Even 30 of them. No problem! It'd take too long to be practical for mining, but that's not the senario we are discussing
Would you beat other miners in? Absolutely not. But the scenario being discussed here is the historical value of blockchains once there is no mining pool racing on them.
And the answer both the article and I propose is: "It is almost none" compared to the other cryptographic tokens. Especially if the chain isn't receiving constant, small commits.
The difficulty can be checked after the fact, by simply checking the numerical values of hashes. If a hash is one in a trillion, you know it took about a trillion attempts on average to make it, and you can figure out the economic cost of doing that.
It would be easy to make a chain with lots of blocks of low difficulty. It would also be easy for anyone to see that it didn't cost much to make it.
if we live in a world where one-copy is fine most of the time, then this is a marginal improvement adding just a little redundancy between unknown parties.
some kid with the blockchain copy in their temp folder from years before will save the key pairs for humanity.
The idea of a blockchain is more than 20 years old, with the first popular implementation, Bitcoin, being 9 years old.
That's the same year the iPhone 3G came out. So if you want to argue "brand new" that's where you've got to start.
https://en.wikipedia.org/wiki/Blockchain
https://en.wikipedia.org/wiki/IPhone_3G
A timestamped, immutable blockchain would be useful for reviewing credentials from 3rd world countries where qualifications/experience/government certification are all able to be bought. It wouldn't solve fraud, but it would make it a lot harder to suddenly decide to fake a whole lot of credentials, and would make it more obvious that a particular organization is corrupt and therefore would incentivize not being corrupt.
The central question for whether blockchains are indicated for a particular use case continues to be "does this require immutability, regulation resistance, or cooperation across various regimes that don't trust each other".
An example of useful blockchain identity would be in refugee verification/processing: - people in 3rd world countries scan a fingerprint and hash an encrypted version on the blockchain when young - annually update information about themselves onto the blockchain including info about families - 10 years down the line they have an excellent record of who they are, who their family is, what their situation is, and they become far more credible when it comes to identity verification that relying on documentation from a long-toppled government
> annually update information about themselves onto the blockchain (how?)
What could possibly go wrong? Fingerprints alone should not be used as a key.
I mean that if you can produce a fingerprint image corresponding to a blockchain hash and it matches your fingerprint 20 years later, and this is linked to 20 years worth of blockchain recorded credential information, I would find that very compelling evidence that you are who you say you are.
https://www.youtube.com/watch?v=xZC98s4paYY
It controversially opts to use faces rather than fingerprints, but faces are easier for humans to verify, especially without special hardware.
I don't think the video describes a complete system, but the idea has merit and I wish it had been developed more.
If you truly want the timestamps to "lock in" the time of a transaction without trusting either party, a hash-commitment could be used, akin to https://opentimestamps.org/.
You might even extend it, so that instead of it being PKI with a blockchain transport, to something more akin to Kerberos with a blockchain transport -- every attempt, successful or not, to access a resource could be immutably logged, and access could be granted by the targeted resource only once the authorization message has been committed to the blockchain (and therefore approved by auditors)
There's nothing wrong with CT -- it's a great step in the right direction. There's also nothing wrong with exploring distributed immutable logging.
For instance, you can make a timestamped scan of a university degree to prove it existed on some date. However, a blockchain would allow the university itself to sign the fact that it gave the person the degree at that time. It would also show how many degrees of that sort the university are giving out, so that if they start giving them to everyone that would be noticed. It would also show that the given person only got that 1 degree at that time, and it would be hard for them to then make up a bunch of other stuff. None of these are possible with simple timestamping.
Why do you care who they were 10 years ago, who their family is? Why do you think it's a good idea to make immutable, publicly available lists of targets?
http://community.blockcerts.org/t/response-to-blockchain-blo...
“It’s interesting that he focuses on blockchain for identity management, which Blockcerts doesn’t even do.
However, DIDs, which can improve the ability of individuals to own/control their identity, will feature blockchain-based method specs.”
http://community.blockcerts.org/t/response-to-blockchain-blo...