A Useless Blockchain “Solution”

The Holberton trade school  in Silicon Valley (“a two-year higher-education program to become a full-stack software engineer”) plans to issue their certificates using the Bitcoin blockchain.  Basically, cryptographic signatures are used to issue a notarized statement of completion., which are posted to the Bitcoin blockchain.

It isn’t clear whether the cryptographic certificate actually solve any important problem, or just sounds sexy and innovative.

I’ll set aside the question of whether someone who knows the current “full stack”, “different types of applications and systems on different devices, operating systems and clouds, with a large variety of programming languages, tools and algorithms” is a qualified “software engineer” or not.  (Likely, not, in my own view.)

This blockchain certificate (pioneered earlier by the offshore University of Nicosia) seems to address the perceived problems of company HR offices, who must verify credentials presented by applicants. This approach might be cheaper for the issuing institution, as well, but seems to offer no particular value to honest students.

Gracy Caffyn comments that employers have reason to be concerned about false credentials, and the Internet makes it easy to create beautiful, artistic, fakes. However, most reputable institutions have mechanisms to quickly verify certificates, diplomas, and transcripts.  Whether the blockchain solution is better or even cheaper than other solutions is not obvious to me.

On a related front, Bitfury issued a white paper discussing “Public vs. Private Blockchains”.  ([Part 1] [Part 2])  The interesting point here is their discussion of “permissiveness”:  the public blockchain is writeable by everyone.  “Private” blockchains would use similar technology but the protocols would limit who can write to the blockchain.

The report itself tries to systematically lay out the differences between these technologies, ultimately concluding that they are largely compatible.  It is almost always possible to create a “private” protocol on top of or linked to the public blockchain, so this is not really an either/or proposition.

But the main thing here about the Bitfury paper is to think a bit about how much you want to trust the records on a blockchain that anyone can write to.  In the simplest form, the records are simply assertions that the blockchain protocol assures us have not been monkeyed with. The assertion itself could be true or false, and  since everything is unauthenticated, we have no way to know who actually made the assertion, from the blockchain itself.

The Holberton certificates are a perfect example of this point.    They are reported to use BitProof technology  , which generates a cryptographically sealed checksum for the certificate (this part is not new technology), and stores the checksum on the bitcoin blockchain. Anyone can read it there, but to decode it to prove that it is valid you need to find the full document, which has to be kept secure.

The fundamental record is an assertion that “School A issued certificate B to student C”. The checksum, after you unwind it, proves if you have an unmodified copy of the document in question, but you can’t recover the actual document from the blockchain alone.

First of all, this “trustless” system requires you to trust Bitproof.   Furthermore, this trust will surely be based on the cryptography that they used, not the use of the public blockchain to publish the checksum.  The blockchain does make it difficult for to fiddle with or erase one of the checksums –which does eliminate some (probably uncommon) frauds.

This chain of trust extends further.  Bitproof provides a database that proves that someone sealed this document.  To determine that a certificate was actually issued by the relevant body to the relevant person, you need to identify the parties. The cryptography helps, but you still need to authenticate the parties somehow, or the cryptography is just circular.  (I have a key proving to you that I have Bob’s key.  Who is Bob?  Am I really Bob?  Ditto for Holberton School.)

And, once authenticated, you still have to decide if you trust them.  A completely valid record can still be fraudulent if the actors are dishonest.

How does this process work without the blockchain?  Well, you issue a signed document that is published at a replicated database run by, say, the university itself.  The process is the same, except you jump directly to the question of whether you trust the institution and have a valid link to it; and at the same time, you have to validate the identity of the person claiming to be the graduate. The blockchain is irrelevant to this part of the work, indeed, it simply adds a tiny bit of useless extra work, talking to Bitproof and the blockchain to bootstrap the process.

The point here is that using the blockchain itself is adding very little to the process; the contribution of the blockchain (as opposed to cryptographic signatures) is relatively unimportant.  What matters is the reputation of the institution (which Holberton and Nicosia are striving to build by using trendy technology), and authenticate the identity of the graduate, which ultimately requires some kind of “trust”.

This “app” for the blockchain looks to me like more hype than hope.

Cryptocurrency Thursday

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s