Kafka Streams Topology Testing: Mocked Streams 3.3 is out.

Trust in Blockchain and Smart Contracts

Trust issues are the reason why we have Bitcoin, why we have Ethereum. In statements it is: "We don't trust the government, because it is printing money out of thin air." or "We want to cut out the middle-man and decentralize the infrastructure.". While proof-of-work eliminates the required trust into a single entity, the need of trust in any other layer remains. If we need to trust somebody or a company, due to the lack of transparency or literacy, to run Bitcoin or Ethereum, then the whole discussion about true decentralization is pointless.

This is a piece on trust, so let’s start this with the status quo of trust in a centralized (silos) architecture of the internet. In a centralized scenario, one has to trust the centralized entity. Looking back on the last ten years of security breaches and privacy scandals, we can clearly summarize, that either people (users) don’t care enough about data privacy and security to stop trusting centralized entities or they have no viable alternative. It is this lack of clear alternatives that has allowed centralized infrastructure providers to exploit trust, the effect of which is often opaque to those exploited.

Big companies have sold hundred of millions of user data to hundreds of companies. The biggest effect of user data monetization has been to energize even more companies to bait you for your clicks, likes, poll responses, IQ tests, real-time location and much more, exploiting that data for avaricious ends. The masses happily ever after use and abuse their little pocket casino, it’s a lost cause.

So why should the masses care about decentralized contracts?

Do we need Trust-less?

In a decentralized ecosystem, trust, or the absence of it, is central. Entities in the system don’t need to trust other entities. Statements like: “We don’t trust the government, because it is printing money out of thin air.” or “We want to cut out the middle-man and decentralize the infrastructure.”, are pointing towards lacking trust into a centralized entity. The first statement caused Bitcoin. The second statement is the motivation of Ethereum. Now consider the following statement: If we need to trust somebody or a company (due to the lack of transparency or literacy) to run Bitcoin (e.g. exchanges, custodians) or Ethereum (e.g. contract developers or Infura and MetaMask), then the whole discussion about true decentralization is pointless.

Is Everybody On Drugs?

DAO hackers gonna hack, DAO hippies and missionaries keep on preaching of a post-privacy or privacy-conserving world in smart contracts. Don’t get me wrong, I love this techno-utopianism vibe. The religious connotation is inspiring. A clever nash equilibrium based on proof-of-work (or other approaches) allows eliminating the trust into a central party. This works great on the consensus layer (consensus about forming blocks, the source of truth). But the need for trusting in protocols in other layers, such as contracts, wallets, and external providers still remains. The essential topic of trust, the reason this all started, has fallen short in the space.

Clients

On the foundational layer, we have node clients, the software that runs on decentralized blockchain nodes. Clients are open source, and users could potentially verify if they agree with the consensus rules. The client propagates the blockchain state and enforces these rules. The CVE-2018–17144 bug, that was unintentionally merged in 2016 into Bitcoin core, allowed miners to crash any single node that they’re connected to. But even worse, it allowed the miner to create new bitcoins at will, exceeding the 21 million hard cap limit that is currently in place, read the full disclosure.

Another more recent bug was found just a couple of day before the Constantinople release of Ethereum. The smart contract auditing firm ChainSecurity discovered the flaw in Ethereum Improvement (EIP) 1283 that would let attackers steal funds from users and make it “cheaper to do certain things on-chain, especially things that are currently ‘excessively’ expensive.”. Geth and Parity quickly released new versions reverting the future-fork on a particular block & encouraging updating to that version to prevent a chain split.

Data Providers

The second layer could be seen as blockchain data providers, such as node operators and APIs to blockchain data. A very central, and very trusted entity in the Ethereum space, is Infura. Infura is used as a backend for any MetaMask wallet. It’s the single-point-of-failure. Here, it shows the power of the default. As an Infura or wallet provider, you don’t only have tremendous access to contextual data of your users, but you’re also shaping how people understand and integrate this new technology into their workflows and lives.

Smart Contracts

The third layer, smart contracts. I remember people saying contracts are immutable and unstoppable. Let me set something straight, Ethereum contracts are Turing complete, that means there will be bugs (such as the one exploited in the DAO hack) and intentional backdoors. We cannot even say with certainty, who owns the contract. Who has the power to upgrade functionality, stop functionality, mint and burn tokens? To understand what are the rules defined in the contract, a computer program, one has to be able to read contract code written in Solidity or some other language.

Wallets and Exchanges

The fourth layer, decentralized wallets and exchanges. The assets and functionality supported by wallets determine what exists. If a wallet supports ERC20, but not ERC721, then the latter does simply not exist for the user. In the case of exchanges, they have power over what chain is behind the brand “Bitcoin” or “Ethereum”. Further, listing or de-listing of blockchains and coins corresponds to let live or die for 99% of the users.

For better user experience, users trust the service, letting exchanges hold custody of their funds. History showed that exchanges get hacked, loose liquidity and steal the user’s money. As Andreas, the Bitcoin Jesus, likes to say “Not your key? Not your Bitcoin.”. He advises people to store their cryptocurrency on their own wallets, see 2018, record-breaking year for exchange hacks. And that’s not all, wallets and exchanges have tremendous contextual data (Know-Your-Customer) of the users and can profile user liquidity, link funds from bank wire transfer to trades to potential dark-net transactions. Selling user data has always been a profitable business it seems.

Measuring Decentralization

For shedding light on how decentralized the wealth of a network is, we at TokenAnalyst wrote an article, Who invests in ICOs?, on the level of centralization inherent in holders of ICO tokens. Another related piece is Classifying Ethereum users using blockchain data.

Balaji S. Srinivasan, CTO of Coinbase, wrote an interesting article on Quantifying Decentralization and proposes the Nakamoto coefficient as a simple measure to quantify decentralization, incorporating a distribution of wealth over a population, or distribution of commits among the developers. Based on this measure, Bitcoin might be “more decentralized” than Ethereum. However, more decentralization, based on the distribution of ownership in the community, does not imply that people don’t need to trust the system, with all its sub-systems and layers above.

Trust and Transparency

The goal of this post is to increase awareness of the layers of trust still involved. We would like to see trust and transparency as central as decentralization in discussions and conferences to come. Further, instead of preaching tech-utopianism (true decentralization), let’s be real and educate users about what’s possible, what’s not and what information & power asymmetries exist, to enable them to make the right (trustworthy) choice.


One or two mails a month about the latest technology I'm hacking on.