
Prototype of clinical trials in an untrustworthy environment using blockchain - carbocation
https://www.nature.com/articles/s41467-019-08874-y
======
Canada
A blockchain isn't necessary because there's no double spending to prevent.
Just broadcasting signed assertions to a bunch of nodes who make all of the
data available to the public should be enough for everyone to know who claimed
what and when. Less like Bitcoin, more like Certificate Transparency.

~~~
jasode
_> A blockchain isn't necessary because there's no double spending to
prevent._

A "chaining of hashes of the previous blocks" has other uses than preventing
double spending of currency. It also acts as a "incrementing clock" of record-
keeping that's resistant to tampering.

E.g. The "blockchain" started by Surety[1][2] in 1995 in The New York Times
published hashes that depended on previous hashes. They could have published
hashes that were _independent_ of previous hashes but they didn't. It would
not provide the same anti-tampering guarantees.

(I'm only replying to your assertion about blockchain's "double spending" use
case in isolation and not commenting on whether the thread's article is a good
idea.)

[1] [https://www.vice.com/en_us/article/j5nzx4/what-was-the-
first...](https://www.vice.com/en_us/article/j5nzx4/what-was-the-first-
blockchain)

[2]
[https://news.ycombinator.com/item?id=17865168](https://news.ycombinator.com/item?id=17865168)

~~~
Canada
It seems like _any_ distributed system that involves any cryptography these
days is being called a blockchain. The Vice article is simply wrong. Yes, it's
a great idea to use a chain of hashed timestamps+data to prevent data from
being tampered with later. People have been doing this with logs for ages.

The NYT timestamp system doesn't meet the blockchain definition, at least so
long as the word has any real meaning. This point is often debated, but my
take is that without also featuring some kind of consensus mechanism to order
the writes in a specific manner, thus preventing double spending, then the
protocol shouldn't be described as a blockchain at all.

A timestamp service (as opposed to a blockchain) is good enough for the goals
described in the article. There's no need to enforce strict ordering of
transactions because there's no spending. It's just assertions of some fact at
some time. So all that's needed are a few reliable servers run by different
parties that will log the data. If one of them cheats, it is detectable.

Knowing who is behind the private keys signing the assertions is a far more
important problem in this kind of system, and blockchains don't help that one
bit.

~~~
jasode
_> It seems like any distributed system that involves any cryptography these
days is being called a blockchain. The Vice article is simply wrong. [...] The
NYT timestamp system doesn't meet the blockchain definition, at least so long
as the word has any real meaning. _

My point isn't that Surety is a "formal" blockchain by some rigorous
definition. (Obviously the VICE article is taking artistic liberties with the
word "blockchain" to retroactively label Surety's published hashes back in
1995.)

The purpose of citing them was only to highlight that _dependencies on past
hashes_ accomplishes a different tamper-proof guarantee than _your idea of
just broadcasting digitally signed assertions_.

 _> There's no need to enforce strict ordering of transactions because there's
no spending. It's just assertions of some fact at some time._

Putting extra cryptographic mechanisms around the notion of _" at some time"_
is the motivating reason for a chain of hashes. If Surety didn't chain their
hashes _and then publish the hash_ , that's _weaker_ than broadcasting
independent hashes.

 _> Knowing who is behind the private keys signing the assertions is a far
more important problem in this kind of system, and blockchains don't help that
one bit._

I think I see why you believe focusing on digitally signed assertions is
enough security. E.g. the web browser TLS/SSL https security works fine on
broadcast assertions with no "blockchain". That's true. It's "trust of a
identity hierarchy" rather than "trust of a timeline". The difference is that
when users log into "paypal.com" today to withdraw money, they don't care what
the private/public certificate authority keys were 3 years ago. However, the
users of the database of clinical results do care about _past history_.

~~~
Canada
I'm not disagreeing with any of that. All I'm saying is that a chain of hashes
is not a blockchain.

Also, we do care what paypal’s certificate was in the past. That’s why we have
CT to catch CAs that mess up. We just don’t need to use a blockchain for it to
work.

~~~
jasode
_> All I'm saying is that a chain of hashes is not a blockchain._

And to be clear, I wasn't claiming that "chain of hashes" was _equivalent_ to
a blockchain. (E.g. bitcoin-like blockchain.) Instead, I extracted _one
particular property_ of a blockchain -- the chain of dependent hashes -- to
contrast your proposed broadcast solution.

To add to the confusion, it turns out the authors may be implementing your
non-Bitcoin suggestion anyway. (See further down in my comment.)

 _> Also, we do care what paypal’s certificate was in the past._

I understand the nitpick but I mean that web browsers don't care what the
particular values were several years ago (especially anything before 2013
since CT didn't exist until then while SSL/TLS existed since 1995). They check
_existence_ in a CT log.

 _> Less like Bitcoin, more like Certificate Transparency._

It looks like the authors propose a architecture more similar to CT than
Bitcoin anyway. Excerpt from their proposal:

 _> We chose to give data storage control to the regulator, as opposed to
distributing data storage to nodes across participants in the network like in
Bitcoin applications. We preferred this design because the trial regulator is
the only party that can and must be trusted, since this party is the one
having final approval over success or rejection of the treatment. It is a
central authority that cannot be eliminated. We feel implementing distributed
storage to everyone in the network (such as that used for Bitcoin) does not
fit this regulatory context well, and is also impractical as all parties would
also have to locally store data pertinent to the clinical trial on their
machines. _

I believe this means the remaining issue is that you disagree with the authors
calling something "blockchain" that doesn't have a distributed consensus
mechanism to prevent double spending.

~~~
ska
relabeling everything "blockchain", especially things with lots of established
use before the existence of blockchains doesn't seem to have an real value
outside of marketing obfuscation, at least to me.

~~~
FreakLegion
Block chaining -- that specific wording, used in cryptography -- has been
around for almost 50 years and is widely known. It's not relabeling and it's
not going away.

------
notahacker
Can't imagine the idea of a "trustless" medical trial really taking off tbh.
Or indeed that the first resort of people trying to manipulate results of
medical trials to achieve a particular outcome is post hoc database
tampering...

~~~
rscho
> post hoc database tampering

You'd be very surprised, then. It has always been a mystery to me how people
plugged most holes in the data that I extract for them.

------
danghica
Why not a government regulated database?

~~~
JohnJamesRambo
Because centralized databases are prone to manipulation and censorship?

~~~
nosianu
So you also need to get rid of drug databases, PubMed, protein databases, etc.

This makes no sense. If your government is in such bad shape you have far
bigger problems than keeping track of drug trials.

"Blockchain" just stores the same stuff lots and lots of times in as many
places as possible. Extremely wasteful and expensive, with all the overhead of
doing that (and updating hat "database"), plus the consensus algorithm which
may or may not be reliable/crackable.

Is it a sign of the times, and maybe in some countries more than in others,
that there is a hype around mistrust? Trying to build a world where trust is
not necessary? I bet that won't work. I think you need to fix the trust issue
more directly, working around the trust requirement won't work. It just
creates huge complexity and even more points of failure. Especially since you
would have to go "all in": What's the point in taking just one thing into the
trust-free solution? All those things depend on one another, you would have to
do it with all or most of them to get the benefit you are looking for. It may
look manageable if you only look at one particular thing, but imagine
_everything_ had to be stored in such a way, the incredible effort required,
and the more distribution there is the harder it is to understand what's going
on.

You really think storing all kinds of data in as many places as possible and
then trusting an algorithm to sort it all out, the "truth", works better than
trust in a credible entity? _At scale_ (in more than one dimension)?

~~~
lixtra
> "Blockchain" just stores the same stuff lots and lots of times in as many
> places as possible. Extremely wasteful and expensive, with all the overhead
> of doing that (and updating hat "database"), plus the consensus algorithm
> which may or may not be reliable/crackable.

No. Blockchain doesn’t have to be wasteful. In general is enough to store the
hash of the data in the blockchain and the data itself somewhere where it can
be accessed. This prevents manipulation. If at least one trusted party has
access to the data it also would not just vanished. If you had an permissioned
blockchain signed by the top universities of the world it could be done for
very little money.

~~~
tastroder
There seems little upside between what this paper proposes and everybody just
sending all data to all stakeholders of figure 1. The blockchain itself does
not conserve confidentiality of placebo placements outside of this process and
"Regulatory agency" and "Data safety monitoring board" are presumably two
trusted parties that could, post hoc, compare their two databases and draw the
same conclusions.

Adding a semi-public blockchain seems like a neat little tidbit but it mostly
adds a formalization of the process (which would of course be a good thing)
and buzzword-worthiness, thus warranting the "wasteful" label.

> permissioned blockchain [...] for very little money Is that a solved problem
> yet?

------
randaouser
they mandate access through a web portal... this in itself is centralization.
One can simply tamper with the website. You need to distribute a client
software or use an open source dapp explorer type product to prevent data
manipulation en-route to the blockchain

------
Pneumaticat
We're actually trying to do something very similar at
[https://delph.us](https://delph.us).

We also have operational encryption, multi-researcher studies, and soon an
end-to-end encrypted chat system between researchers and participants using
Matrix.

~~~
carbocation
Why?

Your website seems to explain the current problems with clinical research, but
I didn't see an explanation of your solution. Can you share here?

