Tag Archives: Michael del Castillo

“Identity” on the Blockchain?

For the past few years, cryptocurrency and blockchain enthusiasts have been touting a variety of use cases for these technologies, suggesting that they will disrupt/revolutionize pretty much everything [2]. It’s a floor wax and a desert topping!

With time, we are sifting through these use cases, discovering which ones are more realistic.

The most successful uses to date are, unfortunately, extralegal commerce and cybercrime.  Other areas that appear promising are supply chains  and other business to business cases. In also seems likely that private blockchains may well disrupt FINTECH, and eliminate hundreds of thousands of jobs.

What haven’t panned out yet are the benefits for regular folks and the imagined benefits for the world’s poorest.

It is readily apparent that blockchain-based technology isn’t necessarily the right way to do community currencies and similar projects.  Cryptocurrency has made surprisingly little inroads into “the remittance problem”. For that matter, cryptocurrency has made little inroads for real world commerce, mainly because it solves problems that consumers don’t actually care about. (Most people don’t care about the innards of their digital payment systems.)

This month the ID2020 project summit gives reason to think that blockchain is also not a particularly useful technology for “identity”.

ID2020 is an international group dedicated to helping people who lack formal identity papers. This is a significant problem for refugees and others, and it’s quite reasonable to try to create portable digital documentation.


I’m rather baffled by why this is called an ”identity’ problem, which it is mostly an “official recognition” problem.

Michael del Castillo comments in Coindesk, “Identity without the Blockchain? Skepticism Grows for Once-Hot Use Case”. Essentially, the ID2020 people aren’t convinced that blockchain technology is the solution, or at least, the only solution.

I don’t know exactly what their thinking is, but I suspect that a key point is that credentials are all about trust, and in fact, trust in third parties. The importance of credentials aren’t that you can prove that you are who you say you are, but that you can prove to someone that a mutually trusted party says you are who you say you are.

“Trustless” blockchain systems offer little to help provide these proofs. Decentralized blockchains are certainly cheap and easy ways to reliably pass around such certificates, but they don’t address the hard part, which is creating them in the first place.

Identity problems of rich people

There is a second “identity” use case for blockchains, and that is portable and flexible digital identities, i.e,, control of personal information on line. The idea is to make it possible for people to access digital services without having all their information linked. This is truly an important challenge, though, again, I wouldn’t call it a problem of “digital identity” per se, it’s more of an information control problem.

This use case is lumped with the passport issues  above because the same technology could, in principle, solve both. If we had a good way to exchange verifiable cryptographically shielded certificates, we could use them to, say, access services without a universal ID number.

As del Castillo says,

In theory, those users would own their own identities, as opposed to Facebook, Google, the government, or any number of organizations, all of whom want to keep a record of – and profit from – that data.

This is an interesting statement of the problem and perceived solution.

He lumps all organizations, private, public, and “other”, which glosses over important differences, which is intellectually and politically dubious.

The Drivers License folks keep a record of you because they need to certify your qualifications to drive. Doctors keep medical records for obvious reasons. And so on. There are many reasons why organizations keep your history.

On the other hand, advertising companies like Google and Facebook, keep information on you to make money by “selling” you. So do numerous other companies.

Solving this problem is difficult, and not only because there is a lot of money begin made, and the powers-that-be don’t want to be disrupted, thank you very much.

The technical problems are actually quite difficult. Figuring out what sort of information needs to be exchanged and developing secure ways to present just what you need to and no more is very difficult. Furthermore, this process involves—wait for it—trust. No matter how clever the credential scheme, the credentials have to come from somewhere in the first place, and have to be accepted where you need them.

Blockchain technology is a good way to pass around cryptographically shielded credentials. But, again, it doesn’t help the process of obtaining credentials in the first place. If you can create a good system for digital credentials, a blockchain will certainly be one of the places you use it. But the blockchain alone doesn’t solve the problem.

I’ll add one more pedantic point. Some of the enthusiasm for blockchains is actually based on the extreme usefulness of public key cryptography, which will definitely, for sure, be the critical piece in these digital systems. But you can use PKI with lots of different architectures, “centralized” and “decentralized”, and with many different business models. Just because cryptographic signatures address a use case, it isn’t necessarily true that blockchains are relevant.

  1. Michael del Castillo, Identity without the Blockchain? Skepticism Grows for Once-Hot Use Case. Coindesk.June 22 2017, http://www.coindesk.com/identity-without-blockchain-skepticism-grows-hot-use-case/
  2. Don Tapscott and Alex Tapscott, Blockchain Revolution: How the Technology Behind Bitcoin is Changing Money, Business, and the World, New York, Portfolio/Penguin, 2016.


Cryptocurrency Thursday

Chicago Blockchain Center Opens

In cryptocurrency land, amid the continuing news for flash crashes, criminal cases, and inaction on crucial technical issues, Coindesk reports that, “New Chicago Blockchain Center Launches With Government Backing”.

This sounds interesting. I wish I could find out more about it.

As with much of Illinois and Chicago government, the CBC is far from transparent. What is it for?

The announcement and launch are heavy on promotion and light on substance. It looks like there are major financial firms (including the Chicago Mercantile Exchange) and VCs. hanging out with tech startups. So, a business incubator focused on blockchain technology.

The “government backing” appears to be moonlighting by Jennifer O’Rourke, the State of Illinois’ “blockchain business liaison”, which I didn’t know we had. What else is involved in the “partnership” isn’t clear. The state and city governments are said to be looking at blockchain applications for public business, as well as trying to grok regulatory issues.

This center seems mostly harmless, though one wonders where the public money is coming from and what the state hopes to gain.

And, by the way, I notice that there is no academic participation at all in this partnership. There are quite a few world-class researchers at Illinois universities who would love to participate in such a center. It’s a shame to be missing out on this opportunity. (Call me.)

  1. Michael del Castillo, New Chicago Blockchain Center Launches With Government Backing Coindesk.June 8 2017, http://www.coindesk.com/new-chicago-blockchain-center-launches-with-government-backing/


Cryptocurrency Thursday

Hyperlegder: IBM’s Serious Blockchain Project

The use of blockchain technology for business applications has become the flavor of the month, drawing interest from many important institutions, including the Federal Reserve. Throughout 2016 there was a stream of announcements of development projects, some of which involved the largest banks and companies in the world.

One project with some very serious juice is Hyperledger, which is hosted by the Linux foundation and led by IBM—both of whom know a thing or two about software.

IBM is a dominant contributor and user of Linux, and the Hyperledger group is patterned after the successful experience with the operating system. The code is open source, and the goal is to create a ubiquitous backbone and API upon which many parties can construct their own apps.

Hyperledger aims to provide a generic way to use blockchains and “smart contracts” in business. This will require quite a bit of engineering, including development of standard APIs, robust implementations, and, in the case of executable contracts, programming languages and debuggers. The Hyperledger project is exploring and testing several candidate designs. The IBM entry is “Fabric”, a fancy term that says everything you need ot know about their ambition to connect everything.

One of the good things about the project (especially Fabric) is the effort to create a “neutral” API that can be implemented with alternative blockchains inside it. This design makes it possible for a business to create their code in a way that will work with many other businesses, even if some use different underlying products, and even if technology changes (which it will).

“Fabric” also aspires to deliver solid software with real “smart contracts”. The software includes industrial grade end-to-end security, cryptographic infrastructure, and sophisticaed support for executing business logic (AKA, “smart contracts”), such as “containers” to execute code.

Now, readers of this blog should know by now that I am not a huge fan of smart contracts, and have pointed out the deep difficulty of creating this technology.

However, in the case of IBM, there is reason for optimism. First, so called “smart contracts” are not essentially different from technologies that IBM has been supporting for many years inside their database systems and business networks. Second, the IBM actually knows what they are doing, and isn’t making unrealistic promises.

As an indication of the state of the work, Michael del Castillo reports on a recent software demo that tried out a simple app running on hundreds of nodes around the world.

The “marbles” demo is a fully working application that uses the IBM implementation of Fabric to create and pass around small records. This is not unlike many business to business systems by IBM, except where there might be a conventional database, this demo uses a blockchain running on dozens of independent nodes. The logic for creating and transferring the records (“marbles”) is implemented by a form of “smart contract”, executed by the notes of the blockchain. The idea here is to demonstrate all the pieces, including cryptography and the distributed consensus processes of the blockchain.

The recent demo was done at moderately large scale, running live using 100 nodes situated around the globe. A dozen of more representatives of the foundation fiddled around, creating and transferring “marbles”, and watching other transactions. Eventually, the group was unleashed to “try to break it”.

Del Castillo reports that the demo went well, with only one obvious glitch, and the system recovered gracefully from the problem. The participants seemed suitably impressed. If nothing else, the software worked as advertised.

When I saw these reports, I thought it was kind of trivial. Perhaps I have done enough demonstrations of distributed software in my life to be unimpressed by the trivial task represented by “marbles”. Sure, getting the user app working nicely isn’t easy, and getting anything running on nodes at multiple sites is hard. But this is IBM, so they know how to do these things.

So what were these people so excited about? I think the users were excited because they are interested in the innards, with the fact that the promised decentralized, cryptography-heavy, protocols worked, and worked at a big enough scale to be interesting. Plus, the fact that nothing interesting happened is the interesting thing that was supposed to happen. The dog didn’t bark.

Overall, this is a significant milestone for he project.

But there is a long way to go, and lots of questions I wonder about. A few transactions over 100 nodes is no where need the scale needed. Trivial “marbles” is hardly an example of the diversity and difficulty of creating, validating, and testing “smart contracts”. With IBM’s track record, I won’t be surprised if they get this all to work pretty well.

Furthermore, this implementation was all written by IBM (I think). The real test of the Fabric concept will come when several different implementations “just work” all together at the same time. That will be interesting to see.

Finally, it is worth pointing out the significant difference between this kind of business to business, access controlled blockchain, and the open, power-to-the-people vision of, say, Provnance.org or Ouishare.  Even though “Fabric” is open source, it is not clear whether it will be suitable for these “public” use cases that cannot pay for all the great IBM infrastructure to run it.  We’ll have to see.


Cryptocurrency Thursday

“Charity DAO”: Improving Trust By Eliminating Trust

The folks who brought you The DAO have a new cunning plan—“Charity DAO”. You remember The DAO—the decentralized autonomous investment fund that attracted over $100M in investments, negligently lost half of that to thieves, and shattered Ethereum as it collapsed.  Yes, those same guys are now going to “fix” charitable giving.

Their analysis of the problem is that we could increase the amount of money given to charities if we could improve “trust” in the charities. They identify widespread concerns about “accountability, management and fundraising” in public charities.

The solution, they say, is a decentralized organization that uses Ethereum “smart” contracts to track the funding. (My own view is that this is a case of a hammer maker seeking nails to drive.)

As in the first DAO disaster, the organization is basically a mechanism for channeling funding via the Ethereum blockchain. Proposals (requests for funding) are submitted, and when selected, the executable contracts automatically disburse the money according to specified targets. All records are on the public blockchain, and untouched by human hands.

Wow! So many logical holes! Do I have the energy to cover them all?

First of all, at the deepest level, the notion that the cure for a lack of trust is to take up a peer-to-peer model, where we know almost nothing about the other participants is, well, astonishing. Not only sending money off to the internet, but sending to…well a robot “contract”.

Wouldn’t it make more sense to organize locally, working with people face-to-face where you live?  This would not only improve trust, it would create a more connected and vibrant community.

Second, the elephant in the room simply has to be the crash of the first DAO, which was due to “trusting” the software, and eliminating human judgment. Obviously, this has to be changed, right?

Yes. This time, the “decentralized” robot system has human “Curators”, “a set of trusted curators”, who will check and approve proposals. Just like every other charity. Good idea. We trust that the curators know what they are doing and behave honestly.

The problem of trust is fixed!

Obviously not.

Who are the curators? Well, that’s a mystery. They are not identified.   Even more troubling, the description of the charity indicates that they will cooperate with a group call “Giveth”, who presumably help vet the proposals and give direction to the charity.

Who is Giveth? What are they up to? We have no idea.  I can feel the trust welling up in me already.

Most charities are mission driven organizations. They develop expertise solving certain problems, and request support to carry out the mission. This is critical—we don’t want to donate money to people with good intentions, we want to donate money to solve problems.

Charity DAO has no stated mission (other than demonstrating with the technology). Anyone in the world can request funding, for any purpose. That’s very democratic, but seems open to abuse. Presumably, we can trust “the Curators” and “Giveth” will filter out the questionable cases.

I’m also concerned about the notion that, once started, the robot contracts funnel the money to the “charity”, with little way to know what they are actually doing. Some contracts may have milestones or checkpoints that have to be met, but how is that to be confirmed? Some human(s) will have to be trusted to confirm performance. How will this work? How trustworthy will this be?

We have to assume and trust that the mysterious curators will make sure that everything is fine.

I might also point out that charities are highly regulated legal entities. I’m pretty sure that “Charity DAO” hasn’t registered everywhere, probably not anywhere. For one thing, these mysterious “curators” and the organization “Giveth” would need to disclose who the people are, and who is responsible.

Is it legal to even operate this organization? Possibly not. (They don’t eve  know themselves.)  Would it be legal for a legitimate charity to raise money through them? Maybe, though it would be a huge reputational risk for the charity. If I give through this system, can I claim the gift for taxes? Who knows? I’d bet not.

Speaking for myself, I’m not interested in funneling my own donations through an unaccountable, opaque, and technically iffy system.

The long and the short of it is that Charity DAO is tackling the problem of “trust” by creating a “trustless” system, the problem of “accountability” with an anonymous peer-to-peer system, and “transparency” with a strangely opaque system.

As I said of the original DAO, “this will end badly”.


Cryptocurrency Thursday

Cryptocurrencies: A Favorite Technology Of Criminals

Cryptocurrencies in the Nakamotoan vein have always be attractive for extralegal transactions, for tax evasion, sale of contraband, digital extortion or other purposes. Economically, it is the equivalent of a “bag of twenties out in the alley”, and seems deliberately designed as an economic weapon.

Many apologists have tried to claim that the legitimate (for certain values of “legitimate”) use cases are increasing, and that it is unfair to focus so much on a few bad apples. “‘Sin’ Activities No Longer Drive Bitcoin Economy, Researchers Find“, reports Pete Rizzo.

Unfortunately, the picture is not really so rosy, because cryptocurrency continues to be primarily used for extralegal purposes, as age old rackets exploit the speed and efficiency of twenty first century technology. This is readily seen in any sample of headlines.

Bitcoin Has a New Top Dark Market” reports Michael del Castillo. Years after the demise of Silk Road, dozens of dark markets have sprung up to serve your need for drugs, guns, murder for hire, and services. Bitcoin itself has become the bridge between hidden transactions and the legitimate commercial world, i.e., as the laundry. (This function is the basis for some of the claims to increased “legitimacy”: these transactions are classified as “clean”.)

Demand for Zcash Mining Grows as Blockchain Launch Approaches” says Jacob Donnelly. The original Bitcoin concept prominently promised “transparency” as a crucial feature. This has turned out to be a drawback for the many dark transactions on the Internet, so new protocols such as zcash are coming out which are designed to be entirely opaque.   Let’s be very clear here:  these systems have little purpose other than cloaking transactions, mainly to avoid surveillance by authorities. Nothing good can come from this technology.

Cryptocurrency has found favor in some ancient criminal artforms, bringing them up to the minute. Bitcoin has become a favorite tool of for digital extortionists, allowing them to fully automate their racket. “Bitcoin is Not the Root Cause of Ransomware” reports Peter Van Valkenburgh, but it does fit perfectly into the MO that it might have been deisnged for this purpose.

As a computer scientists I am more than a little embarrassed by how automation has made it so easy for anyone to execute what is basically a mindless racket, over and over, whisking away the proceeds via the internet.  Sigh. Beautiful engineering, for such a low purpose.

Cryptocurrency technology can also be employed in pyramid schemes and similar scams. Some cryptocurrencies are widely believed to be essentially nothing other than pyramid sales schemes, dressed up in fancy terminology.

London Police Investigate OneCoin Cryptocurrency Scheme” reports Stan Higgins.  In this case, the scam, if any, would be in the story surrounding the technology, and the associated sales programs. The Onecoin scheme is no different from any of hundreds of other multilevel marketing schemes, except they use cryptocurrency as a sort of window dressing, and, of course, to efficiently whisk away the profits. Sigh.

Having reinvented the universally abandoned Gold Standard, and made the world safe for money launderers, cryptocurrency is now invigorating age old crimes and scams with new, highly efficient technology.

This is certainly “disruptive”, though no points are awarded for “innovation”.

How is this a good thing?


Cryptocurrency Thursday