I feel the IPFS blog post gave me a glimpse of how blockchain can be cool. In certain cases, the need for decentralization is so strong that it makes sense to build a blockchain system for it (or other secure P2P network thingy).
For example, authentication/identity using blockchain technology seems interesting to me.
The only two known usage of blockchain that actually seem to offer a clear advantage over some other strategy (running the thing centralized, not having coordination at all, etc) are A) solving double spend (a la Bitcoin) B) solving zooko’s triangle (a la Namecoin, or the clone you mentioned from ipfs).
Identity on blockchain beyond resolving zooko’s triangle (I.e. stably mapping pseudonyms to pubkeys) typically does not offer an advantage over (partially) centralized identity providers. E.g. putting anything related to government ID on a blockchain is pointless because you might as well have the ID issuer run a central or federated service.
If you want to trust a conglomerate of folks who have a vested interest in keeping you small and poor to solve your problems, then there is no advantage. If you do not, then the advantage is exactly that it is not centralised.
Why are you so convinced that cryptocurrency solves the "outside forces much larger and more powerful than me have influence over the system" problem? It exchanged a solution to some problems for a new set of problems to be solved.
I can rephrase it: why do you think it impossible for vastly resourceful entities to acquire so much power they can control the decentralized system - in a softer way, probably but still.
Imagine a world tmr where bitcoin is everywhere. You ll have mining conglomerates in the cheapest electricity providers working as cartels to help each other and protect their interests (so can envision centralizing a blacklist of addresses they dislike, coordination on software version etc), de facto cartels of whales (like todays "billionaires" people describe as a collaborative force), and large lenders who concentrate capital and therefore still can buy out whatever they want (today called banks).
How do you think the blockchain solve any of that?
It's easy. Copy-paste the blockchain and start over with a fork. When the system delegitimizes itself, a debt jubilee lies around the corner. This stuff is just glue now - a cheap way of making a financial system.
What keeps people small and poor is the insistence that people should save in monetary terms.
It's not rocket science. When you keep your wealth in monetary terms, you don't get to have it in physical terms. Money represents how much real wealth you could have if you spent it. It's deferred consumption. There is no real wealth in something that didn't happen.
Because the trust is distributed. One single person can't cause the entire system to break down or steal all them money. With blockchain coins, the incentives are aligned. The weird thing that happened with BTC that I don't think Satoshi could forsee is that the more valuable it got, the less usable it got. This is one of the unsolved issues: how to create decentralized consensus very very quickly that can't also be attacked via a PoW that is too easy.
I don't trust the collective anonymous users of Bitcoin more than I trust my bank and the court system though.
If someone hacks into my account, my bank will likely reimburse me for any losses. There are controls in place to stop them from stealing it al. If someone just transferred it to their own account, I could use the courts to get it back. If I use a credit card to pay a scam, I can do a charge-back.
With cryptocurrencies, it's just "bye money". They're not going to fork for you. There's no logic to stop people in Russia transferring my entire account. It's too hard to find criminals to get any relief. It's just your fault for using cryptocurrencies and not having 100% perfect security.
Not to mention, the chance of my bank stealing all my money is nil. They'd be sued and arrested, and the FDIC would reimburse me anyway.
> There are controls in place to stop them from stealing it al. If someone just transferred it to their own account, I could use the courts to get it back.
What if it's taken thorough wrongful civil forfeiture? Will you be able to afford to navigate the courts to get your assets back after they've been seized?
Not always, but wrongful civil forfeiture is just one of many possible ways to steal. In other cases using the court system will be possible. With bitcoin, it is never possible.
So if you think the risk of permanently losing your assets via legal channels is, let's say, 99-to-1 compared to the risk of losing your assets to cryptocurrency attacks, then wouldn't it make sense to hold 99% of your assets in the bank and 1% in cryptocurrencies?
Cryptocurrencies don't have to replace all existing financial instruments to be a useful hedge. They can just be one tool of many to diversify your risk profile.
Especially consider that for people living outside the developed world, the risk of having your assets stolen through legal channels is going to be much higher.
If you think it is indeed 99-to-1, then perhaps. My perception of the trustworthiness of most crypto projects is certainly much lower (see the endless parade of crypto horror stories on https://www.reddit.com/r/SorryForYourLoss/), so personally I would think the odds of a crypto project going under or just simply losing my wallet keys is way higher than the chance my bank or my government will steal my money or my stocks or whatever. Then again, I do live in western Europe so YMMV if you live in Venezuela or someplace like that.
Many/most people don't worry about having large amounts of cash stolen, whether by authorities or criminals precisely because they trust the banking system to keep track of their money.
> One single person can't cause the entire system to break down or steal all them money.
Funny - I have never seen someone in the traditional financing system do that and not get caught. Closest things were ponzi schemes like Madoff (and he did get caught)
I have, however, heard of dozens of exactly this incident happening with cryptocoin exchanges (wallets, services, the most general term for all combined slipped my mind)
Do you know of any lines of research that are out to prove mathematically that it is impossible to have these desirable characteristics simultaneously? I.e. any improvement in consensus efficiency necessarily gives up some amount of decentralization, appropriately defined.
This is the sort of thing that really needs to be questioned.
1. How much security do we need for this transaction?
2. For this block of transactions?
3. Can we have varying levels of security?
What we are ultimately trying to know is, is it profitable to double spend? If the answer is yes, then no one should be transacting, and anything they do transact is a gamble. If the answer is no, there's much less risk, and the farther the answer is no, the safer the transaction.
But we likely don't need as much security as we do now. In fact, it's very easy to handle at a user level.
A. Put the transaction on the blockchain.
B. Wait for additional blocks.
C. If your transaction is huge, wait for more additional blocks. Wait a week, a month. This is an important transaction. When the blockchain has not reverted for such a long time, finally do the transaction in the real world.
If you are transacting with yourself, you don't need any security at all. If you are transacting with a bar and the bar knows you, much like a tab, you don't need much security. If you are transacting with an anonymous person, you want high security.
So security is currently handled on a blockchain by blockchain basis, where it should be a transaction by transaction basis. What if you can't wait a month? Then you should put heavy fees on that transaction and it should be put in with other higher fee transactions.
4. How does security change with transaction size? Does it make sense to have limits?
5. How does security change with total transaction block size? Does it make sense to have limits?
6. When the coin price goes up, how does that change these factors?
7. When the mining reward in coins drops, how does that affect security?
8. When Bitcoin, in 100 years, moves to 100% transaction fee system, what happens to security? What would the transactions fees look like?
9. In 50 years when the block reward has been halved 5 times, either the price of Bitcoin moves to $1 million, or the security drops. Is that okay?
Bitcoin (and it's successors) are a decentralized solution to the double spend problem. If "decentralized" is a requirement, then a cryptocurrency can be an excellent solution. Other known solutions (like "just trust everyone") don't scale well (an understatement!).
If "decentralized" is not a requirement then there are other solutions to the double-spend problem.
If you’re fine with all the downsides of trusting you bank, the bank’s central bank and currency issued, the bank’s government, etc then that obviously makes Bitcoin less appealing for you. Remaining upside includes reduced friction for things like international settlement. Don’t tell me that international settlement is easy with traditional banks - I am a financial system power user and it is not.
I think this is an accurate assessment but I think authentication and account management should be seen as separate from 'identity'. Authentication can be useful without being associated with a real-world identity; for example, it can be useful for spam-prevention as an alternative to signups with captcha. You could theoretically log into multiple services which you don't trust by signing messages using your private key without revealing your passphrase to any of those services.
Authentication using the blockchain makes a great AI-resistant alternative to signups with captcha. The same account could be used by multiple independent services and this removes the need for a signup process altogether. It also removes the need for password management since you can use a single account/passphrase to log into various services without revealing your passphrase to any of these services; you can simply sign a message to prove to any service that you control an account (and know the passphrase) without actually revealing the passphrase to any of the third party services.
> The same account could be used by multiple independent services and this removes the need for a signup process altogether.
This is only marginally better than SSO with Google/Apple/Facebook/whatever. It dodges the "Google closed my account" problem, which is a meaningful improvement. But I'm not fully certain why you need the public key to be part of a blockchain for this to work. Couldn't you just publish your public key identity on any number of considerably less wasteful systems? As far as I can tell, the only advantage here is the mapping between the name "UncleMeat" and my public key would be able to be reused across services... but in so many cases I don't want my identity to be consistent across services.
- Resistant to centralized censorship (as you pointed out)
- It allows you to use the same passphrase for all services without compromising security since your passphrase never needs to leave your own machine; it is never sent over the wire. You just send signatures to different services.
- The cost associated with purchasing tokens needed to initialize an account on the blockchain would serve as a spam prevention mechanism; an alternative to SIM cards which most centralized services rely on today as a cost barrier to limit the creation of spam accounts.
- Superior integration potential between different services/systems provided by different companies/groups since they can all refer to the exact same account on the same blockchain and provide new ways to unify data between the different services.
> Resistant to centralized censorship (as you pointed out)
I'd wager that most people don't care about this much, though it is real. Still, this can be achieved with signature-based authentication that doesn't require the tremendous waste of BTC. Just... tell the service your public key and sign a message when you sign up. Your key pair doesn't need to be associated with some distributed system for that to work. This has been around for decades and not exactly caught on.
> It allows you to use the same passphrase for all services without compromising security since your passphrase never needs to leave your own machine; it is never sent over the wire. You just send signatures to different services.
This is true for all signature-based authentication, which does not necessitate a blockchain.
> The cost associated with purchasing tokens needed to initialize an account on the blockchain would serve as a spam prevention mechanism; an alternative to SIM cards which most centralized services rely on today to limit the creation of spam accounts.
This sounds like an anti-feature to me. Especially since it'd be foolish for a service to only support authentication via a blockchain. Imagine telling my grandmother that she needed to buy some btc in order to sign up for the service that hosted my wedding photos.
>> This sounds like an anti-feature to me. Especially since it'd be foolish for a service to only support authentication via a blockchain. Imagine telling my grandmother that she needed to buy some btc in order to sign up for the service that hosted my wedding photos.
This is different because your grandma would have to buy the tokens once and signup once and she will have access not only to the 'wedding photo service' but a large number of other services. It's more like paying a small amount of money to get access to an ecosystem of services. Like how people pay money to buy an iPhone and this gives them access to the Apple App Store and all the apps therein.
There will also be network effects associated with the blockchain price going up with adoption. People who signed up early to the right blockchains will have priority access to certain software ecosystems and exclusive services which are only accessible to the richest among them (for example).
> People who signed up early to the right blockchains will have priority access to certain software ecosystems and exclusive services which are only accessible to the richest among them (for example).
This seems even more like an anti-feature TBH. Imagine not being allowed to use the future equivalent of basic services because you were not "early enough". Sorry grandma, no wedding photos for you because you didn't buy these specific three coins out of the thousands started every month.
> People who signed up early to the right blockchains will have priority access to certain software ecosystems and exclusive services which are only accessible to the richest among them (for example).
I cannot possibly imagine a world where services will choose to only permit authentication via some expensive blockchain such that they deny themselves access to markets outside of the global rich.
And telling my grandma "don't worry, the coins you don't understand will go up in price" is not going to help.
This is the core question: why is signature-based authentication using public keys associated with BTC wallets superior to signature-based authentication using public keys not associated with BTC wallets? As far as I can tell, the only benefit here is that now my identity on my photo sharing service can be linked to my identity on my wine rating service. Why do I want that?
The benefit is that many third-party services and many users don't want to have to trust a centralized auth provider. The blockchain provides redundancy and security guarantees which don't require trusting company employees. Not to mention the financial incentives which are associated with being an early adopter of a blockchain project and the network effects which come from that.
I'm convinced that decentralized communities will eventually corrupt and destroy all centralized services and agencies by manipulating their employees and members... Because they can. People will always find a way to create new problems to make themselves necessary. In these political games, decentralized anonymous communities have the upper hand. Unlike centralized projects, you can't corrupt decentralized projects. What can be corrupted, will be corrupted.
To understand why it's the future, you need to look at the big picture. You're assuming that centralized auth providers are secure and trustworthy. This is not going to be true in the future. Trust in institutions and organizations has been eroding and will continue to erode.
OK let’s try again. What precisely is the difference between signature based auth that uses a key pair associated with a wallet and a key pair that the user submits the public key for when they sign up? Why would the latter be vulnerable to additional insider threats?
“Services will make more money because blockchains are trendy” isn’t a meaningful difference.
> - The cost associated with purchasing tokens needed to initialize an account on the blockchain would serve as a spam prevention mechanism; an alternative to SIM cards which most centralized services rely on today as a cost barrier to limit the creation of spam accounts.
Doesn't seem like that to me. If I get banned I can just move my cash to another account and start again, and assuming multiple services does this I can amortize the cost over all of them.
The rest seems to me like something mTLS could solve better.
As the saying goes: not your keys not your wallet. This is the fundamental issue with the anonymity. You can prove you have access, but you cannot prove it belongs to you. The centralized/decentralized conversation often doesn't touch this aspect. When it comes to ownership, at some level, there needs to be a central power to enforce it as ownership is in itself a vague concept.
Ah, so then possession becomes ten-tenths of the law. I'm not sure this is a system that we want. A system that allows for every day trading (buying something at a store) that requires a second piece of equipment to verify your identity that, if someone steals, there is no means of recourse. Sure, multiple wallets, something something, but this just sounds like a nightmare of record keeping where you offload a single point of failure to somewhere else (password manager to remember all your wallets).
You could store that second piece of equipment on your person, like an ultraviolet invisible ink qr code tattoo on your right hand or your forehead since no one can see it except under a black light.
This post is talking about what is essentially a signing setup. If your private key is stolen in such a setup, the person who steals the key becomes you.
Yes but it also makes it a LOT less likely that your passphrase would be compromised because it is never sent to any service over the wire; with blockchain signatures, your passphrase never needs to leave your own machine. So the service providers you log into never have any opportunity to even see your passphrase; they only see your signatures which proves that you know the passphrase. You could use a different program for signing login messages so that you don't even need to insert your passphrase inside third party UIs. You'd use one trusted program of your choice to handle logins for all the different services; just copy paste the signature into the different services.
There are some stateful blockchains which allow changing the passphrase but of course there is no 'forgot my password' feature; a malicious actor who manages to steal your passphrase could potentially use it to change your passphrase and lock you out of your account but at least you don't have to live in doubt if you suspect that your passphrase was compromised.
The idea behind the blockchain auth approach is that you would only need one passphrase for all services but you would have to secure it carefully since losing it would cause you to be locked out of all services associated with that account.
If someone does steal your identity in this way, there's no way of getting it back. You can't appeal to any authority, because there's no authority to appeal to in a decentralised system. You literally have to start again and create a new identity.
So you're gambling bigger: less likely to have your identity stolen, but complete loss of everything to do with that identity, with no recourse, if it is stolen.
It can't be much worse than relatives claiming you as dead so they can have your house, and then every government system denies you any service because you're "dead"
For example, authentication/identity using blockchain technology seems interesting to me.
[1] https://blog.ipfs.io/decentralizing-the-internet-s-root/