Hello!
When I was creating a CTF for a conference, I’ve finally got to learn about how blockchain and smart contracts actually works in practice, and the whole concept is simply brilliant. A quick introduction for those unfamiliar with it would be in this summary, but just to summarize how I basically understand it, blockchain is simply a VM that runs code (smart contracts) a both the code, and result of every execution of it is calculated by a bunch of users (so, mining is basically running a VM) and appended into the blockchain based on some kind of consensus and proof of work. This means that you get a single source of truth and history of every execution of a smart contract that is decentralized and you can rely on it.
But, almost every use of blockchain or smart contracts I have seen has pretty large issues either in sustainability in the long term, or in cases where you simply need some form of an authority to prevent and punish misuse. While I’m not really that much familiar with every use of blockchain so far, I will first list what I’ve already thought about or seen, and the main issues that I think are a deal-breaker for choosing blockchain for that kind of tasks. It’s possible that some of the issues are wrong or have already been solved, so please correct me if I’m wrong - my knowledge of blockchain isn’t really that in-depth.
First and the most common use is the one you are probably most aware of - cryptocurrencies. If I ignore the biggest and most unfortunate issue of cryptocurrencies turning into an investment-only product, with hugely volatile and inflated price that is not backed by any kind of real value (sure, you can pay with BTC, but it’s slow, expensive and super volatile to be useful, so the only real use is to literally sell it to others for a profit - which also basically means you are scamming someone out of their money down the line), I see the following problems with using blockchain for currencies:
- Longevity - The ledger size is already getting massive, only after a few year. It’s not sustainable, and it will eventually be really hard to keep the whole ledger at a large enough number of places to not run into problems of integrity. It’s growing exponentionally, and is at around 500Gb after around 10 years.
- Gas cost - It’s getting harder and harder to mine and confirm new transactions, which increases the cost while also making less people able to mine new transactions without being at a loss. This will only get worse, and eventually lead to the 50% problem (if someone controls 50%+ of mining nodes, he can confirm fake transactions or do whatever he wants with the blockchain) being a real issue.
- Lack of moderation - This may be one of the more controversial issues, because it goes directly against the whole idea of cryptocurrencies, but is one of the biggest problems I see that are in the way of crypto being able to be considered for wider use. We live in a world where some people are dicks that are not afraid to steal and cheat, and something like a currency simply has to be moderatable. You need to be able to punish criminals, and take back what they have stolen. If someone doesn’t pay their debts and owns me money, the government should be able to just take the money if they have them. If someone uses an account for scamming and stealing, it should be possible to freeze it.
The last issue will eventually show in most of the other uses of blockchain as well, and while I have included it, I’m still not sure how I feel bout it. In an ideal world, you would not have to deal with something like this. I would also really like to have an option to do my transactions privately, without anyone being able to profile my behavior and data, but such a system would have to allow for some safeguards against missuse to be widely adoptable. (Which is an interresting off-topic question - would it be possible to create a system that is private, but also has the possibility for trusted authorities to freeze accounts and force transactions?) And the more that I think about it, the more I’m certain that I’d rather have a centralized system where you can punish criminals and scammers, than a system where lives of people are regularly ruined by someone stealing all of their savings unpunished. But it is a thin line - I only say that because I live in a country that is all-right and I can trust my government - for now. But I definitely agree that such a private unmoderated option should exist - but can’t be considered for widespread use, which I’ve heard some people say that “crypto will replace cash in a few years”. And this is why it never will, IMO. But this discussion shouldn’t be about whether this is a good opinion or not - but more about “what blockchain is a good tool for”.
Next one are NFTs. I will just quickly gloss over them, because they are even bigger scam than crypto is. Ever heard someone say “Someone has copied and minted my NFT?”. Well, it’s a shame that there isn’t some kind of centralized authority that could, you know, not allow them to do that.
Another use I’ve heard someone praise as “the future” was lending money. I’m not sure what were they talking about, but the whole point was that you can… Escrow an amount you are borrowing, and then borrow the same amount? It didn’t make any sense, so I guess I’m missing something, but then again - we have the same issues as above, while also it being just a bizare idea - why simply not use the amount you already have? The person tried to explain it to me, but it just feels gimmicky. And if you escrow a lesser amount, you then have the same problem with moderation as above - nothing can force you to return the money (unless it is already escrowed, but then, why??)
So far, every use of blockchain I have heard about would be better done in a centralized fashion, especially as far as longevity is concerned. The growing ledger size and increasing gas cost, along with the 50% problem simply makes most of these kind of uses too impractical to work on a larger scale.
But I really like the concept and idea of smart contracts, and I’m sure there has to be some kind of use that is not as “revolutionary” or large scale. I’m just having hard time coming up with any.
I have only one - voting, and maybe transparent randomization (i.e lottery). Smart contracts are an amazing way to collect votes transparently but privately, since you can be sure that no-one can cheat, if you set it up properly. It’s also something that doesn’t suffer from the longevity problem, because it’s more of a one-shot use of blockchain, rather than something ongoing - which also justifies the price.
(tl;dr feel free to start here:) Which is what I’m interested in - does any of you have similar ideas for use of smart contracts and blockchain, that would be practical in a daily live? Be it one-shot smart contracts for a small task, such as voting or random winner selection, maybe some kind of escrow. It doesn’t have to be a “society changing system”, or something revolutionary. A common small code snippets or apps that would solve the trust issue inherent to a centralized task is what I’m after - but have hard time coming up with.
And just a disclaimer - I don’t plan on building anything and am not fishing for the next blockchain thing, I barely even understand it. I would just like to incorporate blockchain into my programming repertoire as a tool, because the concept feels so clever, but is also misused or misunderstood due to hype, but it has to have it’s uses that are overshadowed by people jumping on the blockchain bandwagon without considering whether it’s really the best tool for the job.
But is has to be a good tool for some kind of problems, right? And I would like to start a discussion about what would that be, without it being affected by the hype and reputation surrounding blockchain. I feel like that would be an interesting though exercise, and I’m sure we can come up with some interesting little uses here and there, without it being gimmicky but actually the best tool for the job.
Thank you!
EDIT: And I’d like to add that I never got into the blockchain hype, and my opinion on how it’s used so far is mostly negative. If a product mentions blockchain, I usually just avoid it as a gimmick. But that’s why I’m genuinely interested in this discussion - I don’t judge a tool about how people misuse it.
Removed by mod
You don’t need many of the features you listed to make a blockchain. Its basic form is a Merkle tree. For which there are many practical uses, some of which predate Bitcoin, and which you’re probably familiar with.
Git is a blockchain. It’s one of the most important tools for free and open software, which in turn powers huge parts of internet and technology.
Most of the extra stuff (proof of work etc ) were added specifically for crypto.
Many people don’t consider Git to be a blockchain because it lacks more than just proof of work. No argument against merkle tree, but a blockchain is more than a merkle tree, otherwise it would just be called a merkle tree. Part of the issue is I don’t think there’s any real accepted definition for just a simple blockchain.
For example, you can absolutely undo a commit (it’s messy, yes). This is counter to how blockchain operates. Each commit does not rewrite every previous commit.
So git is sort of a precursor to blockchain. Distributed ledger, sure. Blockchain, no.
A blockchain is extremely difficult (virtually impossible) to intentionally tamper with. Git is not. Well, relatively speaking.
You can tamper all you want with a blockchain if you hold the only copy. You just replace it with an earlier state and evolve it into a different direction. Which also applies to git.
Blockchains and git repos are only tamper resistant when they’re distributed.
Blockchain is the generic idea of a distributed, tamper-resistant, independently verified ledger. Git is a practical implementation with specific goals. Merkle trees are the theoretical model. They all refer to the same concept.
You can tamper all you want with git even if you aren’t the only holder. You can make it to any other repos cant merge back in. If you waste a lot of time, you can make commits that will erase known work on other repos. You don’t need to replace it. You can just rewind. Blockchain requires each block to contain a hash of the previous. Git doesn’t really do this. It’d be extremely inefficient. Imagine every commit changes every previous commit.
Blockchains are more than merkle trees. Blockchains is a technology from 2008. Git is much older and again, this is obvious as Torvalds isn’t credited with the invention of blockchain.
Git is not tamper resistant.
Removed by mod
This right here is really the spirit of the post. Yes there’s many impractical applications. Much like there are many impractical applications for RDBMSs, but the tech has such a stank on it, it’s important to remember it’s just a tool that can be useful despite the hype cycle.
Blockchains don’t really have a “stank” on it. It’s just that it’s a technology in search of a problem. Not many issues have been answered with “a complicated linked list across the internet will fix this.” Blockchains are incredibly specific in implementation that you really need something that needs those things. Like someone else mentioned, audit logs actually benefit from the properties of blockchains. You can’t just delete a record without needing to then literally modify every single record before and after it. Blockchain offers security for transactions. It works for finance in the scope of cryptocurrency. But it’s missing many features of other currencies that are provided by central authorities. So it’s essentially incompatible with those other currency systems. Blockchains are great for tracking ownership of a digital thing within its own ecosystem. It sucks at tracking ownership of a thing that exists outside it’s ecosystem (digital or otherwise). This is put on full display with NFTs. Within the world of NFTs it’s easy to prove ownership. Outside that system, I can easily post copies of that digital item. Cryptocurrency is better in that it has no value/representation outside its own system.
So that’s why blockchain is a fairly old technology (relatively speaking) with very little real-world use outside crypto and NFT.
Sorry, I didn’t mean to be dismissive. I wholeheartedly agree with you. What I meant was that it’s a shame I, as an engineer in the year 2023, would have a hard time pitching a blockchain solution to a non-crypto problem to paying customers no matter how fitting the solution might be. I don’t think that’s very disputable. Now this attitude is entirely driven by the last decade of unsubstantiated crypto hype and associated bad faith actors. It has nothing to do with the technology as it is.
There is actually a system in the works called FedNow that banks here can sign up to be a part of to allow national money transfer between any two people. Probably a lot of banks aren’t taking part yet since it’s barely a couple weeks old, but it’s promising.
Removed by mod
The US can and does use SWIFT for international transfers. SWIFT doesn’t automatically make something instant. Nor does IBAN since that is just a code.
Standards are as you stated, just standards on defining how to record a transaction. It doesn’t define a system to process these transactions. It’s like a file format. You still need something to process/transfer that file. The EU (currently) relies on SEPA for instant transfers. And it requires both endpoints to use euros.
Instant transfers are not as simple as everyone thinks and most folks don’t actually know what is behind them or how they work. I am far from an expert but I’m just trying to point out it is sort of esoteric stuff and most people don’t even know if the transfer they’re performing is even actually instant or not.
Blockchain would also make it very difficult to have disputes where one must be forced to pay another. It assumes everyone is “equal” and one can’t forcefully take money from another. You can believe that’s great, but garnishment and repossession of funds is a thing that all countries will need to be able to do. That’s a fundamental break in how blockchain effectively works. It works against it.
Edit: I also just realized you’re not pro-blockchain for finance, but my points still stand for the concept in general.
Removed by mod
Again, US banks do. But SWIFT and IBAN are used almost exclusively for international transactions, EU included. It’s their whole purpose. SEPA exists alongside SWIFT and does not rely on SWIFT. It’s why is so much more restrictive and can only do euro to euro.
The US banks are standardized. That’s not the problem. It’s really control and cost. Like right now, FedNow still costs 4 cents per transaction which is expensive. ACH costs about half that. But it’s also controlled by NACHA instead of the government.
In any case, I’m about as far down this rabbit hole as I’d like to go. We at least agree on blockchains… “usefulness”.
Removed by mod
I am not on TikTok and it won’t play the whole video, so this does nothing. Its not a useful rebuttal. I’m fine if you want to cite your argument, but this is useless. Who goes around using TikTok as damn evidence. “Hey, look at this random stranger say something.”
Edit: transfers don’t generally fail unless there’s a lack of funds. And that isn’t the definition of standard anyway. Standards can be unreliable. And what is wrong with routing and account? Put together it contains much of the same info as an IBAN.
Removed by mod
I live in Europe and have some direct experience with how the banking system works (I was pentesting the system that shares transaction data between banks over their closed intranet), and I had no idea that US doesn’t have something like that. That’s interesting, that sounds like a lot of inconveniences.
A closed blockchain doesn’t need or use expensive hashing nor is expensive hashing required for a public blockchain.
Every rant about how blockchains are bad SQL databases is ignorant of the actual, novel uses of a decentralized blockchain and whatever system it uses as proof to find the current block’s validator.
Blockchains allow for the synchronization of many actors up to the agreement of the majority of actors. They eliminate a class of corruption. Which is at least those where the authority over a log of data uses that authority to alter the log outside the will of the majority of those who use said log.
You can make all the arguments you want about the usefulness of that ability, you can make arguments that the cost of adding that ability being too high vs the reward.
You vague argued that its complicated and it wont end banks so its pointless. Neither of which is much of an argument. Also, the blockchain replaces central banks, not member banks.
Is that worth doing? Likely not at the current state of the technology.
buying drugs and scamming people
oh, and throwing gasoline at an already burning planet
Stop using FIAT then.
Want to explain your rational?
Buying drugs, scamming people is the same use case of FIAT.
lol. lmao
It’s true lol.
Blockchains are only useful in cases where non-repudiability (the ability to prevent users from denying that an event happened) is more important than any other factor. And there are preciously few cases where this is the case, the vast majority being related to audit - tracking receipts, votes, certificates, or similar attestations in an environment where no single party can be trusted. Disclaimer, I’ve worked in the past in projects related to the aforementioned - fortunately all of them related to the field of audit.
Notabaly most of these use cases probably don’t benefit from a public ledger though, in the sense that anyone with enough stake / hardware could be a validator. Exposes you to way too much uncertainty about whether validators will screw you over with Maximal Extractable Value tomfoolery, edit: and is obviously slow and very expensive compared to PoA
Fair enough that! I’m surprised to see so few companies saving up their money and processing time, and just using a private distributed ledger among all parties (plus maybe an arbiter node or two). Probably because Ethereum is better supported commercially (guess why!)
You can run Ethereum in PoA mode though, or at least it used to be possible but I dunno whether they’ve kept the option around (probably?) I think the problem is that many people who set these systems up don’t even know that’s possible, or they’re distribution maximalists who balk at the idea of having a private blockchain where some “higher authority” (gasp!) says who can validate blocks and it’s not just based on how much ETH you have.
I mean, not even I knew that Ethereum could be run in an intranet via Proof of Authority, today I learned something new!
I’m an odd breed of (thankfully former) blockchain consultant in that I’ve got a healthy skepticism about the tech and don’t think that slapping a public blockchain on to everything will magically make it better, so I made my business by having a more in-depth understanding of the various options and what they’re really suitable for. I used to joke that my first advice was always “don’t”, and the second was “no seriously, don’t.”
And an important note is that… For decades we have had paper trails fairly locked down given enough incentive. The technology isn’t the problem with performing audits.
Blockchain? Oh, hah, no no… none of us were ever hyping up a tech we didn’t understand as the solution to literally any problem.
Say, have you heard about AI? It’s a revolutionary technology that’s the solution to any problem!
I mean, machine learning can theoretically approximate any computable function given enough time and resources…
I still find the ai program that infers your age based on your age pretty funny :p and it never really get’s it completely.
Git
Git is Blockchain and it’s pretty much the only use of the tech I actually see make sense. Most other uses add too much expense where we could just used a trusted ledger. I know people are all about zero trust but the cost benefit of Blockchain doesn’t pan out for almost anything. It’s not hard to develop cheaper ways to trust an actor, such as laws. Which is how we create trust today. When’s the last time your westernized bank stole money from you?
Git is not blockchain. Git is a distributed ledger. You can rewind a git commit if you know what you’re doing. If fit were a blockchain, removing the last commit would corrupt the entire chain. Every transaction is part of building that trust.
Your conclusion of uses of blockchain is spot on though. I also feel it’s extremely expensive and complicated when there are much cheaper and more efficient ways outside of it.
When did this become a thing where people started calling git a blockchain? Git is much older than blockchain. I don’t see anyone giving Torvalds credit for inventing blockchain. Because he didn’t. And git isn’t blockchain. It’s sort of useful as an illustration of how blockchain almost works, except it’s much more efficient because it doesn’t do all the things that blockchain requires.
Well, if you remove a commit in the chain it will disrupt the chain. It’s a DAG where the next commit requires the previous commit to be unchanged. So Git does use essentially a cryptographic chain.
The thing is we don’t care about guessing the next part of the chain, which is where the mining aspect of Blockchain comes into play. So Git does not include validation in it’s process. But if someone does modify something in Git I assure you all of the people who have cloned that repository are able to validate a change happened.
Nobody credits Linus with it because signing things was never a novel idea. The part where you’re mining the next hash is the interesting part of Blockchain that’s not in Git. And that’s also the wasteful silly part.
Not really. You can’t remove the last chain in a blockchain without effecting every single other block. Each block is modified every single time to include the hash of its child. Git is the other way. Each commit includes a hash of its parent. So you can always remove the last one and the branch would be none the wiser.
So git is the exact opposite direction in regards to hashing. It’s a chain, just not in the same way. That’s part of why blockchain transactions are so expensive and git commits are so cheap.
The only useful use case I’ve seen is for when you absolutely MUST be able to track historic data and ensure edits don’t destroy the original. Blockchain “solves” this by never allowing saved data to be edited.
The only place I’ve seen it actually being used properly for that was within Brazil’s medical vaccine tracking (ptbr article), which is what allowed them to confirm that Bolsonaro falsified his vaccination card. It doesn’t offer details on what kind of protocol it uses, but it could just be a “decentralized, distributed” database, for all intents and purposes.
Removed by mod
I think you are saying the same thing, but it’s less that history can’t be changed and more than all changes are collectively acknowledged. The Brazilian vaccine record shows why that can be a highly desirable attribute; it prevents a class of corruption while also automating the tasks that could have been corrupted.
Blockchains are “just” distributed databases with a guarantee about transaction ordering (doesn’t have to be totally ordered like regular literal chain-of-blocks but eg. some sort of DAG). Then on top of that you have your consensus-forming mechanism like PoW, PoS or PoA (Proof-of-Authority), most of which are designed to work in a network where you don’t trust the participants, except for PoA where nodes that eg. have a cert signed by a specific authority can do validation.
I could see PoA networks being useful for eg. banks, real estate related stuff, DNS (like @jet@hackertalks.com mentioned) etc. Anything where you’d be interested in having all parties agree on some order of transactions, and where validation is only done by trusted actors. DNS-like systems could maybe even be done with public validation, but PoW is out of the question because of the W part, and most PoS-like systems (well, PoW and PoS but still) have lots of problems with validators being incentivized to order transactions in a certain way (“Maximal Extractable Value” et al) that can actually be detrimental to the network (or even consensus) and to the users.
I’m not really super sold on the idea of public blockchain networks where anyone (well, anyone with the means, which is not a small barrier) can be a validator, they mostly seem a bit like a solution looking for a problem. I can easily envision blockchains becoming something like Linux in the sense that they could be used “in the background” in many contexts, but so that us plebs rarely actually have to deal with them (the majority of the Internet runs on some flavor of Linux, but most people don’t “consciously” use it apart from Android which does its damndes to pretend not to be Linux).
Removed by mod
Yeah my comment was all over the place, but I hope not too much to be totally worthless.
PoA doesn’t mean the validators can change history, at least unless the network is specifically designed for that – which most aren’t, although I’d argue there’s potential use cases for allowing to eg. “undo” transactions, like what your bank does if your credit card number gets stolen.
Re. partitionable chains, it’d be fun to think about how to manage transactions when some nodes are potentially light years away. We already have the “interplanetary file system” after all 😄
Removed by mod
Eventual consistency would be really eventual, heh.
And if the network is generally partitioned (or DAG-like I guess?), how do you handle eg. someone hopping on a (slower-than-light! I don’t believe in that FTL nonsense) ship and going from eg. Earth to live on Alpha Centauri? Do they have to bring a part of the DAG with them (or some sort of zk proof of it anyhow) in some form, so that it can be “transplanted” into the consensus on the other end when they arrive?
Removed by mod
And this is exactly what I meant when I said that this sort of interstellar networking stuff is super fun to think about 😄
Audit logs and Access control paper trails.
Security event logging has to be:
- Broadly accessible
- Write-protected
- offering some proof of completeness.
These three requirements are tricky and often conflicting. Block-chain might be an inefficient way to achieve these, but the glove does fit quite neatly.
Logistical paperwork
- Purchase Orders/Invoices and packing slips
- Waybills/Bills of lading and CMR’s
These kinds of documents require multiple stages of matching and approval by untrusted 3rd parties. There are dozens of ecosystems of interacting systems that support processing these documents, but most people still use paper. Paper is more reliable when you need to deliver a container full of diapers from Poland to North Sudan. It’s more reliable but incredibly prone to fraud and forgery. Having all of these approvals and transactions tracked on a blockchain and letting different systems interact with the same chain, would make it possible without each ERP having a rest API to each other ERP.
I fail to see what blockchain can provide in the realm of audit logging?
Fundamentally, you need to trust the systems which are logging events to log the correct events at the correct time. How does blockchain change this?
Yeah the problem isn’t the veracity of the logs, it’s providing a mechanism for third parties of proving that the sequence of events in your log hasn’t been tampered with after the fact
Any system which publishes the log to third parties as they are written would do that.
Yeah you’re not wrong, that would be more efficient. Again a blockchain is not an efficient way to do it. But it would be effective.
In practice audit logs are used by and for auditors. Non-technicals that need evidence that would hold up to argument. Yes you could send your logs to a third party. Now you have to prove that third parties trustworthiness twice a year to the standards of each legal entity you operate in. And lawyers are more expensive than blockchain devs haha :p
Having a private blockchain that you can share with several changing parties that can subscribe to it. Without having to update anything about your infrastructure is a benefit.
Even though I’ve lived through several iso 27001 certifications, I’m still walking on thin ice when I say that it would probably easier to explain the blockchain in practice than any other proof of completeness method. Because the public is more aware of it. On the other hand the public is also more skeptical of crypto so it could also backfire :p
How does a private blockchain work? It is my impression that the security of the block chain comes from the difficulty of mining a new block. This in turns depends on having many entities competing for mining the next block because they get some type of financial incentive.
Wouldn’t a private block chain just essentially be like git? In git I can easily rewrite the entire history of my “log” by just rehashing everything. It is just git rebase. For anybody to verify I had not done this, they would always need the newest commit/log entry. So until the time I choose to publish a log entry, I am free to rewrite it and everything after it. Which is exactly the same as if I didn’t use a blockchain.
It just seems like the blockchain solution depends on publishing log entries to a third party as they happen, but once you do that, the problem is already solved and you don’t need a blockchain.
But I might not properly understand how private blockchains work?
The security comes from consensus. Everyone needs to agree about what the truth is. The burden of proof is proportional to the number of peers that need to agree. Public chains require a lot of work to create consensus amongst hundreds of thousands of peers. Let’s say your chain consists of 12 companies all using the same chain to validate and verify each other’s transactions so they are ready for an audit.
Yes, it’s easier to have 12 peers conspire to manipulate the chain than to have 200 000 peers. But making 12 businesses conspire to cook the books is already several orders of magnitude more difficult than the checks and balances we have in place now.
So it is not really private to one business, but shared between a couple handfuls. The consensus of this group is then trusted.
In that case, to write a log entry I would have to publish the log into some mempool shared among the group as it is logged. At this point, each member can just store the log entry and then later verify it of asked. Again, it seems like the entire block chain part of this system is redundant and what is really providing utility is the idea of storing your logs with someone else as you create them so you cannot later claim something didn’t happen.
But just to understand the idea of private blockchains better. Would this be some kind of hardcore “code is law” arrangement where each Company is competing on hash power with all the others to prevent them from rewriting the logs to their advantage (and in the best case being able to rewrite the log to their advantage).
Or is there some a priori agreement on what a reasonable amount of hash power is, that you just hope one company doesn’t choose to outspent by a factor 100 the day they really need to rewrite the log?
I guess in that case it will be clear to everybody what has happened. But if you choose to act on this common sense version of events instead of the “truth of the blockchain consensus” you are, once again, undermining the entire idea of using a block chain.
It’s more about tampering with the audit log. “Company A provided their audit logs to prove their innocence.” Did they? Well. Maybe. How do we know it’s the full log. How do we know it wasn’t altered? Sure, the company can digitally sign it, but what does that prove?
Then sign and send the audit log in realtime to the authority which A provided their logs to. Same effect no blockchain.
You could also encrypt and publish it. But realistically there is always going to be some entity actually responsible for enacting the consequences for non-compliance and they are the only entity that really ever needs to check these logs.
I am not sure I understand what the incentives to “mine” this blockchain would be. Without a certain block difficulty, which requires many miners, it will be trivial to rewrite the entire chain.
Most auditing and insurance companies don’t have a webhook where you can arbitrarily send your logs to. They have humans with eyes and fingers holding risk management and law degrees called auditors. That you need to, with words and arguments,convince of your process integrity. And What happens if you switch insurer or certifier? You probably have to do a ton of IT work to change the format and destination of your logs. And how do prove that your process was not manipulated during the transition?
What you describe are digital notary services are a billion-dollar industry. All they do is be a trusted third party that records process integrity. IAM, change logs, RFCs, financial transactions, incident detection, and response are all sent in real time so you are ready for certification or M&A. Most small and mid-sized enterprises can’t afford that kind of service and are often locked out of certain certifications or insurances or take a huge price cut when acquired.
Something like pooling together resources to a provable immutable log trail isn’t unreasonable.
I’ve given it some though and wouldn’t the fact that the blockchain is public by design be a problem in regard to forward secrecy (I’m not sure I’m using the term right here, but I suppose you get the idea)? If your keys would leak, you are then stuck with a lot of private data leaked without any way how to pull them back.
Not every log needs that kind of security and a chain does not need to be public. You download blocks from peers and do your own accounting.
Nothing is preventing you from only giving access to your chain to a trusted circle of peers.
Something you could do is encrypt your logs and push them to a chain shared by a number of peers who do they same with their own keys. Now you have a pool of accountability buddies, because if someone tries to tamper with the logs, you all hang together.
If you’re doing some spooky stuff and need to prove a high degree of integrity is you could push encrypted logs to a chain. The auditor then can appoint several independent parties whose only job it is to continuously prove the integrity of your logs. After that is proven you can release your keys to the auditor who can inspect your logs knowing that they have been complete and untampered during the audit period.
Again I understand it’s not the most efficient system, but there are less efficient and less flexible systems out there in enterprise land haha
I’m not really well versed in how private blockchains work, but wouldn’t that mean that you also have to mine it yourself (or create your own private mining network), thus making the 50% problem a lot more prominent?
Let’s say a country mandates their Telecom sector to audit it’s transactions. The idea would be to share the network with several peers, your telecoms. In this case “mining” would be verifying the integrity if the chain and can be done by anyone of the peers. The government or auditing authority could also be a peer in the network and they are all capable of verifying the integrity of the chain through “mining”. You are right that it’s easier to have a small group of peers conspire to manipulate the chain. But it’s a lot harder for several telecoms to conspire than for one rogue CFO to cook the books.
In this application you’re not generating ‘valuable’ tokens in the sense bitcoin does it, but the value is the integrity of the chain. People value the proof that no one has redacted or injected any transactions.
The audit logging sounds interesting. If you combine it with some kind of encryption, then I can imagine it working pretty well. Aside from the logistical problems/gas cost, that is.
There is no incentive for adding the friction of gas or PoW for these types of systems.
The parties involved can have a shared log and private keys for signing entries. Party A provides a thing and Party B signs an entry that says they were provided with the thing. Party A can wait for that signed entry before releasing the goods, etc. The problem with block chain to track physical stuff is that that handoffs are not instantaneous, so there’s always lag between the real state of the world and what the log says. In practice, this may be a few seconds, and a human might wait for confirmation before physically granting access to a recipient.
To put it another way, the party that is signing is not incentivized to forge that they have received an object from someone else, as that is effectively the fulfillment of the obligation. They’re only going to sign an entry if they get the object.
Yeah it’s not ideal, but you only need to pay the gas cost when you need to prove integrity and that’s alot cheaper than having to constantly be in sync with the world.
The paradox is that it must solve money first. The original intended usecase is not only the best, but it is a prerequisite to higher order use cases.
Think of the money supply layers, “M0, M1, M2” and so on, and what they mean.
Smart contracts are an “M1-M2+” problem solver. But M0 still isn’t solved.
In other words, having stock markets or NFT housing chain of title will always fail if the money usecase upon which it stands is still fallible. Ethereum put the cart before the horse. Bitcoin or Bitcoin Cash, “dumb” M0 solutions, have to be widely useful for the rest to work.
Land deeds and property titles.
Maintaining a provable chain of ownership and legal transfer of land and property is required for mortgages, for title insurance, inheretance, etc.
A public, decentralized ledger of land/property transfers could revolutionize home ownership, lending, insurance, etc
Land ownership (in the US) already is public. What problem would this solve? What problems would it create? How would the solutions outweigh the problems?
deleted by creator
Blockchain suffers from the same problem. What happens when someone compromises the network by taking over 50% of the computing power then transfers all deeds to themselves? Or hacks or exploits a bug in the smart contract and does the same? Hopefully if that happens then you can appeal to some higher authority to get it fixed, but then what is the point of using the blockchain or smart contracts in the first place since you could get the same result under our current system without the computing overhead of blockchain.
Removed by mod
Removed by mod
How does a central government database not also solve those problems?
There’s only a few recorders who actually check title, called Torrens, when you record something in the US. 99% of them work under abstract where literally anyone can record anything as long as they pay the county recorder and meet the basic requirements like have a notary stamp.
There’s a good chance if you’re in the US that I could just record a deed giving me ownership of your house or apartment complex. I’d have to fraudulently sign your name as grantor, but the county isn’t going to stop me. You’ll have to stop me.
There’s a whole huge industry around recording and verifying deeds for sales to deal with that type of nonsense. First, they won’t want to get dismantled. Fidelity is huge for example. Sort of like how TurboTax inserts themselves between you and paying taxes. Fidelity inserts themselves between you buying and selling a house.
A verified Blockchain would essentially turn everything into torrens instead of abstract title. I think that’s a good thing and I’d rather pay the government to verify the transaction than done for profit company that’s going to review title as quickly and cheaply as possible.
Nevermind having to deal with a title insurance industry – like all insurance – that’s inherently be incentivised to reduce costs by not paying claims.
Removed by mod
One of the good things about using a blockchain system is that it forces you to set out and follow a set of programmatic, and thus at least minimally fair, rules for how the system is going to work. It means you are running on some kind of rule of law, and for it to work everyone involved has to be able to replicate the history of the system and agree that it is correct.
It seems a fairly natural fit for something like land, especially in the US, where we know for a fact that huge swathes of it were seized in the past from Native Americans, or revoked after being given to Black folks at the end of the civil war, or otherwise moved around by the government in suspiciously ad-hoc ways that we have later come to regret.
If you can design the entire system to grind to a halt if rights are not respected or someone tries to rewrite the rules on the basis of they have the guns, it could be a powerful force for the rule of law and the maintenance of a consensus reality.
Bro that’s complete fantasy nonsense… Somebody has to also enforce the ownership. You ideologic internet stuff means jack shit if someone else has the gun.
Either you trust your city / county to keep track of land ownership (in whatever technical way they would like) and to enforce it or you don’t. You can’t magically get it both ways with “blockchain”.
If you don’t have a system of law that even its designated enforcers are obliged to follow, you don’t have a legitimate government, you have a mafia.
The easier it is to make cases where a law is broken common knowledge, the easier it is to gather the political will to enforce the law. That mechanism is what obliges the enforcers to actually follow the law, and it can work more or less well depending on the structure of the society, the relative power of different groups of people, and the communication technologies in use. If the President guns someone down in broad daylight, they get thrown out more often if you have a reputable newspaper than if you don’t. An election is a convenient substitute for everyone trying to kill each other until we find out who is left.
Blockchains are one technology for establishing common knowledge among a group of participants. They’re not magic, they don’t even usually work particularly well. But they do offer techniques for binding the administrators of systems of rules to actually follow those rules, which have the potential to be applied more broadly.
How do you prove someone in the central government didn’t take a bribe and tamper with the records? What if you’re from a country where the central government is less than stable? How would you prove ownership if something were to happen to that database? How do you prove that someone is who they say they are? How do citizens and businesses access that database? Is there a standardized format for it? Does it use some proprietary software built by the lowest bidder?
Not saying that blockchain has all the answers or that it is the right tool in all cases, but these are some of the problems it is trying to solve.
If you live in such a shitty country, the records would probably not be respected anyway. Also a blockchain still has to allow new inputs from a trusted source. And that source could still make up a fake sale and give your land to someone else.
(And no, priavate wallets wouldn’t work to protect that transaction… because what if you lose your wallet?)
If the government is unstable what authority do you have to claim the land is yours. Land ownership is literally backed only by the government. Forced change of ownership must also be possible, therefore the same weaknesses would exist in Blockchain as elsewhere. Tracking property who’s ownership isn’t inherently authorized by the system itself is pointless. The rules will change. The government will never back a system that controls physical property unless they have the authority to change it. You can try to argue individual sovereignty, but that simply doesn’t exist. You only own the land as long as the government backs you up on that. If the government collapses, no Blockchain will convince a new government that they can’t take the land from you.
A central database would be just a list of all the land and who owns it.
Right now, the deed system is a bunch of deeds that say “remember when I got this land, on page 302 of book 75 in the county recorder’s office? Well now Jimantha owns it actually, since they bought it from me for ten dollars and a peppercorn.”. This is great for accountability: it lets you trace ownership history and provides a piece of evidence to substantiate every transfer, and so helps you answer inconvenient questions like “why should you own that house when it was my grandmother’s house and I want to own it?”. It also lets you roll transfers back if they are found to be fraudulent, and neatly captures how all current ownership is contingent on the theft of the whole place from any disposessed original inhabitants.
This is also basically how ownership works in many current blockchain systems: you select something you own based on the transaction that gave you ownership, and then you say who should own it now in a signed message.
But the blockchain systems verify signatures cryptographically, whereas the county recorder verifies the authority to transfer stuff on the “you think someone would just tell lies? On the Internet?” principle. And the centralized database doesn’t even keep the transfers around for review, it just has the database operator in charge of who owns any given thing at the moment.
Would you rather walk up to a grumpy person with a shotgun and demand that they move out while brandishing a printout of an SQLite database recently recovered after the ransomware attack at the county administrative building? Or with a deed with their spouse’s signature on it?
Then the problem is to make the deeds more machine-readable, and to get better at not putting in deeds from people who have no business writing to that part of the ledger, for which pieces of blockchain technology might be useful.
How does forced repossession of property work? You didn’t pay your bills. The only asset you have is the land. Court authorized giving it up in a lawsuit. I don’t know. Either way, there must be some way to enforced transfers without voluntarily relying on the person.
And who’s managing the keys? The land owner? What happens if they lose them? What happens if they die prior to transferring property?
Tying keys to natural people is indeed an unsolved problem.
The system can be designed to recognize more people than just the current owner as authorized to do a transfer. You could do the whole tax record tracking in the same system, to ensure that property can be seized for back taxes exactly when back taxes are owed.
Then it has the same weaknesses you pointed out in a centralized system, except it’s less efficient and uses more power…
Not all of the same weaknesses. If it’s just “let the judge move stuff around because they’re a judge”, then yeah. But if you implement any sort of security on it, you can say that the judge can only move stuff when also countersigned by the jury, who were demonstrably selected by a fair random draw, or something.
And even if you don’t do that you still have a great record of which judge exactly is stealing everyone’s stuff.
You can’t just wave a blockchain wand and get a government that works, but you can just wave a blockchain wand and get an accountable record of things.
A central database would be just a list of all the land and who owns it.
Says who? Why would it not be a list of who owned/owns that land and when they owned it?
Would you rather walk up to a grumpy person with a shotgun and demand that they move out while brandishing a printout of an SQLite database recently recovered after the ransomware attack at the county administrative building? Or with a deed with their spouse’s signature on it?
Yes, the document from the county administration would be much better, than some “magic” contract from the internet that may or may not be enforced by the county.
If the county isn’t actually using the system you try to present evidence from, of course it will not work.
If you have a list of who owned the land and when, and you have evidence to support each transfer, then you have a log-structured or relatively blockchain-like database.
Why would the county not use their own system? What are you even talking about? You seem to simultaneously make arguments for and against blockchains in the same sentence.
Yes, the document from the county administration would be much better, than some “magic” contract from the internet that may or may not be enforced by the county.
If the magic contract from the Internet is not actually likely to be enforced by the county, then the county is not actually using the magic Internet contract system. If the system were adopted by the county, then the official records from the system would be known to be enforceable.
I sound like I am for and against blockchain because I am. I don’t think you can stand up any existing blockchain system and start slapping government functions onto it and get a good result. People won’t understand it well enough or have sufficient resources to be true peers in the system, and if they did it wouldn’t scale very well.
But I do think that governmental systems can be improved by taking inspiration form blockchain technology and drawing on its underlying philosophical principles of accountability and consensus.
When NFTs were invented, people imagined them being used for things like titles/deeds. Instant transfer and verifiability would be a huge thing. especially in places that have real estate scams due to the slow/corrupt bureaucracy.
Removed by mod
Removed by mod
Removed by mod
Removed by mod
A good while back I read a paper, blog post…I read something somewhere a while back that laid out an interesting use case involving vehicular service records for fleet vehicles. And I know exactly about as much about blockchain then, as I do now, but I did spend some time in fleet logistics for a large scale service company with about 20+ field vans and at the time, the notion seemed compelling and interesting on the face of it.
After a very brief google, it seems the topic has been widely written about but nothing in depth compared to the piece I read all those years ago (which felt more like a full on white-paper). Looking around and will edit the comment if I find it so the people in the room who are smarter than I am can weigh in.
I don’t know much about the topic in depth, but I can tell you the greatest problem with using a blockchain for such record keeping: there is no way to ensure that the service that was recorded in the blockchain actually matches the service that was performed. And this is the same problem that every single record keeping system has, so it’s not unique, but simply because of this all the greater reliability of the blockchain is meaningless.
The only use that I’ve thought of over the years is event logging where you need a very high confidence that no one has tampered with the logs.
gitIts backing store is an (immutable) merkle tree, which is a chain of crypographically signed object (commits, trees and blob), aka a chain of block, aka a blockchain.
