
Darpa Contract Awarded to Verify Blockchain-Based Integrity Monitoring System - m545
http://guardti.me/2ciE3wp
======
zmanian
Guardtime is set of tooling around a FIPS 140 timestamping appliance. Systems
on the network submit hashes of their logs to the time stamping. Assuming the
appliance remains secure, you can go back in the event of compromise and prove
that your logs are unaltered up to a certain point.

It's amazing that they seem to have built a $50 -$100 million dollar business
here.

~~~
nxzero
>> "Assuming the appliance remains secure"

Makes me wonder what mathematics would prove this, or if it's assumed to be
out of scope, and if so, what else is out of scope too.

~~~
stelfer
I'm pretty sure the Guardtime product is a Merkle tree of timestamps. I'm also
pretty sure whatever protocol they use to maintain it would _not_ be
immediately recognized as a "blockchain" protocol. Of course the protocol can
be modeled and checked. The question is why does anyone think that this
activity can apply to "blockchains" in general. But, welcome to the world of
industrial research funding.

~~~
ristoalas
(I work for Guardtime; I’m happy to answer any questions.) Some online
resources might not make it very clear, but the KSI blockchain is indeed a
blockchain; for example, new blocks are released periodically (1 block per
second on average), and the new blocks contain hashes of the previous blocks,
among other things. Then, blocks get distributed around so that users can
verify their data against these blocks, etc.

~~~
stelfer
Most people associate "blockchains" with a protocol by which the "blocks" are
inserted. Usually these things revolve around proof-of-work, proof-of-stake,
proof-of-space, fairness criteria, etc. I think everyone gets that the
Guardtime product is hashtree. From a formal verification perspective, the
critical behavior is probably in the protocol, and most likely not the
implementation of the datastructure or database.

~~~
ristoalas
One way to look at it is that KSI is a proof of stake blockchain where the
stakeholders are (mostly) fixed. Often people would call that a private
blockchain (or a consortium blockchain), to use the terminology from the
following article:

[https://blog.ethereum.org/2015/08/07/on-public-and-
private-b...](https://blog.ethereum.org/2015/08/07/on-public-and-private-
blockchains/)

~~~
unboxed_type
Thanks for that clarification! It is a great pleasure to talk with an
knowledgeable person like you.

------
tel
It's cool that Galois got this contract. They're a very nice Haskell shop out
of Seattle responsible for projects like Copilot and Cryptol.

~~~
jvoorhis
Out of Portland, actually.

~~~
tel
Yep, sorry about that!

------
woah
As far as I can tell from the article, they are using the same kind of
technology which prevents people from falsifying their account balance on
Bitcoin to prevent intruders from covering their tracks in a secure computer
system.

~~~
tveita
Specifically, it's a Merkle tree. From what I can tell they're not using
anything else relating to "blockchains".

~~~
sasas
The signature for your data that has been signed is a chain of hashes which is
used to calculate back to the merkle root.

Wikipedia defintion of blockchain[1]

> A blockchain consists of blocks that hold batches of valid transactions.
> Each block includes the hash of the prior block in the blockchain, linking
> the two. The linked blocks form a chain

[1]
[https://en.wikipedia.org/wiki/Blockchain_(database)](https://en.wikipedia.org/wiki/Blockchain_\(database\))

~~~
vertex-four
The very next paragraph describes blockchain databases as peer-to-peer
protocols with some form of scoring algorithm to decide which blocks are part
of the chain.

~~~
bfuller
This has now been answered by someone from the team

------
robinduckett
I worked as a contractor for guardtime, and they're a great company, it looks
like they are continuing to do great work in this area.

------
unboxed_type
For those who are interested in an underpinnings of KSI:
[https://eprint.iacr.org/2014/321.pdf](https://eprint.iacr.org/2014/321.pdf)

------
Gabrielfair
They keep using the word 'block chain'. Is that the same idea as the bitcoin
blockchain?

~~~
TD-Linux
No. The point of the Bitcoin blockchain is to provide ordering of transactions
without a centralized timestamping service. This is a centralized timestamping
service.

~~~
ristoalas
(I work for Guardtime.) KSI verification is meant to be decentralised; that
is, no single (centralised) entity should have the ability to, for example,
create fake timestamps. You can deploy KSI in various ways, so there can be,
for example, one entity who controls access to the blockchain (but for example
they still cannot fake any evidence).

~~~
TD-Linux
Right, it appears you can have multiple physical tamper-protected boxes that
agree with each other, which makes it federated, but not decentralized.

~~~
ristoalas
I tend to subscribe to the definitions laid out in the following article:

[https://blog.ethereum.org/2015/08/07/on-public-and-
private-b...](https://blog.ethereum.org/2015/08/07/on-public-and-private-
blockchains/)

------
nxzero
With something as important as blockchain verification, you would think DARPA
would stop investing in private intellectual property.

~~~
notyourwork
Why is blockchain 'important' to Darpa? Because you are rooting for bitcoin or
for some other non-specific to you reason?

edit: Updated question to be more clear of intention

~~~
nxzero
The blockchain is critical current & future technology, it's future is
independent of Bitcoin's future.

Bitcoin is the first implementation of a blockchain system, but it's a
technology, not Bitcoin.

All major log systems will be based on it; governments, banks, military,
voting systems, etc.

Highly suggest reading the Wikipedia entry on Blockchain to learn more and
think about how you might use it too:
[https://en.m.wikipedia.org/wiki/Blockchain_(database)](https://en.m.wikipedia.org/wiki/Blockchain_\(database\))

~~~
losteverything
I'm a blockchain blockhead. Any more suggested reading?

Really basic like a) how will my debit card debit my money buying DD coffee?

If I create another book can I "get blockchain" (so to speak) to protect my
work? Thus, I will need to make the right choice to be covered under a
blockchain or not?

At 50000 ft I get the significance I think. I just cant even come close to
explaining it.

~~~
edraferi
I recommend "Mastering Bitcoin" by Andreas M. Antonopoulos. It provides great
detail on how the Bitcoin network actually works, including the cryptography
you need. Work through that and you'll know how blockchain payments work and
have a good idea of how the technology can be applied to other areas.

It's available from O'Reily:
[http://shop.oreilly.com/product/0636920032281.do](http://shop.oreilly.com/product/0636920032281.do)

------
lutusp
Quote: "Galois is a leader in formal verification, a technique that goes
beyond testing and evaluation to provide mathematical assurances that a system
works only as intended in all cases."

Wait -- _mathematical assurances that a system works only as intended in all
cases_? That's not possible. It pretends that the Turing Halting problem[1] is
soluble.

Not that this claim is at all uncommon. I regularly see similar claims about
software validation, by people who either do not know, or who don't want to
acknowledge, that this problem cannot be solved in the general case.

1\.
[https://en.wikipedia.org/wiki/Halting_problem](https://en.wikipedia.org/wiki/Halting_problem)
: "Alan Turing proved in 1936 that a general algorithm to solve the halting
problem for all possible program-input pairs cannot exist."

~~~
ajamesm
Real computers are finite state machines, not Turing machines.

~~~
bmm6o
Correct but not relevant. No formal verification technique takes advantage of
the fact that the computer has "only" 8 GB or RAM and 1 TB of disk space as
its tape (~ 2^2^43 states).

