Hacker News new | past | comments | ask | show | jobs | submit login
Do you need a blockchain? (iacr.org)
195 points by kkleindev on Feb 6, 2018 | hide | past | web | favorite | 183 comments



It seems to me the key here is "Can you use an always online trusted third party?"

I think generally, a TTP is going to be more efficient than a system without a TTP. "Trust" at its essence is a shortcut. Without it you have to create a general enforcement mechanism which is going to cost something. E.g., the cost of incenting miners. You can slice it difference ways, but in the end you need the distributed network of nodes to exist and the people who control them to be invested in the continued existence and integrity of the system.

I say "generally" for a reason, because I think it's certainly possible that there are cases where the cost of the third-party is too high or the third-party may not be reliable enough, etc. But generally, it seems to me that blockchain is an inherently inefficient mechanism.

On top of that, the only effective use so far has been to create an investment bubble. Once enough money has been lost on that I think there's a good chance blockchain will get a black eye which will cause people to steer clear even if they may have a use case that's a good fit.


Of course, the trusted third party can also be decentralized and spread among multiple trusted parties (some of which could even turn out to be adversarial, as long as you use some Byzantine consensus algorithms). I think that weakens the case for full trustlessness further, since most real world applications require some level of trust anyway - but it would still not make you dependent on a single trusted entity.


The fact that no digital currency until Bitcoin really caught on seems to suggest "full trustlessness" is pretty important, at least for the digital currency use-case.


Just saying, you can do lots of stuff without a trusted third party and with no blockchain, just public-key encryption. [0] Anyway, the flowchart in the paper says it all.

[0]: https://en.wikipedia.org/wiki/Garbled_circuit


I don't think most people will know if blockchain is used in an underlying technology. If Company XYZ comes out with product A, I think most people will say, "Does it fulfill my needs? Sure, I'll use it". Unless XYZ touts blockchain, most people will eat their sausage without knowing where it comes from.

Hmmm, which gives me an idea. Gluten free, Paleo Blockchain.



This is all true at the moment. Heavy research is going into making blockchains more scalable and energy efficient within the Ethereum ecosystem. If fruitful, these improvements will address the concern you have about efficiency.


I _think_ I'm aware of some of these things you're referring to (raiden network, etc), but I wonder if you could list some of this research ... I'm trying to keep up with the latest developments.


Yeah I'm guessing he's referring to Raiden network, and the planned move to Proof of Stake.


Sorry. Took off after I wrote this. Here's a good discussion that reveals the the debate/thinking going on around scalability. https://ethresear.ch/t/future-compatibility-for-sharding/386


And scalability, and stateless transactions.


We are at -70% from the ATH. At what point does it stop being a bubble?


For me, the answer to this is that it stops being a bubble once I see a compelling (to me) analysis of the link between the price and some underlying utility. I've heard one compelling (to me) use case for bitcoin - removing big banks from large long-distance cash transfers - but I strongly doubt there is enough value in that to support the current price.

Another meta-metric I'm watching is for mainstream media and word of mouth to lose interest, ie. once this no longer comes up at all get-togethers with friends and family, it will seem a lot less bubbly to me.


Assuming we talking only about "removing big banks from large long-distance cash transfers" which is also one of the few sane possibilities for crypto that I would want. I suspect that if it will ever work then in the fully regulated marked (e.g. we are transferring from regulated country to regulated) then the recipient will have to pay capital gain tax for cashing out on his side. This kinda defeats the whole purpose of the system.

The more I think and read about crypto and blockchain the less practical applications I see.


Why would you pay capital gains tax on a money transfer?


I think because the implication is that the way the transfer actually happens is: 1. Buy BTC in the right amount in origin country, 2. Transfer it to another BTC address, 3. Sell BTC in the right amount in the destination country. I believe most countries will consider the sale in step #3 a capital gain.


> removing big banks from large long-distance cash transfers

In practice, you need an account with a "big bank" to buy bitcoin. The recipient also has to have enough technical literacy and resources to safely convert the bitcoin into spendable money, sometimes at a significant markup. The buying power of the funds are also subject to wild fluctuations for as long as it takes the recipient to convert to usable money. Bitcoin is just not practical for this kind of thing.


I tend to agree - this is just the most compelling use case I've heard, despite not being all that compelling.


I'll give you another use case. Cryptocurrencies are essentially programmable money. You can't write a computer program with a bank account atm but you can with bitcoin.

You can have your auto-driving car to go fill up it's tank or pay someone to service it.You can write a computer program that hires a developer to improve it or a million other things.


> You can't write a computer program with a bank account atm but you can with bitcoin.

Is that true? Surely there is at least one bank with an API? I don't see any fundamental reason there wouldn't or couldn't be. But maybe you're right that this sort of thing just isn't in the DNA of banks, while it's totally up the alley of the blockchain enthusiast programmer community. Still, I wonder: if this were to become a common and important thing, couldn't banks fairly easily add it to the services they offer?


It's pure speculation. "Bubble" means "something that is overvalued according to fundamental analysis"; once the market or asset stabilises one can argue that the bubble burst and it hit its natural valuation.

The problem with crypto in general is that it's such a different type of market that the models for figuring out its valuation are wildly speculative at best.

In other words: all I can offer about it not being a bubble anymore is a soft maybe :)


Probably when it either recovers to ATH or close to it or goes bust completely.

A crash does not necessarily indicates a bubble a crash without recovery does.


This is a reasonable paper discussing an obivous question given just how much hype is surrounding this technology.

To me "true blockchain technology" in the bitcoin sense of the design is open, permission-less and only has a few real applications. The others: Private, permissioned are really just variations of a central database which is replicated multiple places.


>To me "true blockchain technology" in the bitcoin sense of the design is open, permission-less and only has a few real applications.

Beyond cryptocurrencies? Go on, I'm all ears. I'm always amazed by how often I hear that claim (on HN and elsewhere) and yet nobody seems in a rush to be specific about it.

The only other use case for blockchains I'm aware of that makes sense to me is some sort of IP protection scheme (mentioned in the article too). If you make a discovery you can write down "$me has discovered this and that", hash it and put it into the blockchain. Later you can use it to prove that you actually had that information at that date without needing any trusted peer or institution.

But even then it only works if the chain can't be attacked you still need the currency aspect to motivate miners (or shareholders in a PoW scheme) to protect the chain.


As someone in the finance industry, a very beneficial use would be book of records / security holdings, which is currently such a precarious stack of crazy, with a massive barrier to entry. And it is making inroads but slowly given inertia and glacial pace of change (where the industry is most people sharing CSVs). The same thing for property transactions, insurance policies, etc etc etc.

"But that's just a write-only distributed database....with a layer of asymmetric cryptography". Yeah...

It is aggravating when some in the industry try to champion everything as a silver bullet, but it is just as flawed when many instantly veer to being anti-that thing just because.

As an aside, proof-of- schemes are not necessary in many/most alternative blockchain scenarios. The egregious inefficiency of platforms like Bitcoin is not relevant for most other uses.


> As someone in the finance industry, a very beneficial use would be book of records / security holdings, which is > currently such a precarious stack of crazy, with a massive barrier to entry

For some that entry barrier might be a feature :-)


>"But that's just a write-only distributed database....with a layer of asymmetric cryptography". Yeah...

Glad we got that out of the way.

>It is aggravating when some in the industry try to champion everything as a silver bullet, but it is just as flawed when many instantly veer to being anti-that thing just because.

I disagree, it's not "just because". We're not talking about whether or not Rust or your Javascript framework du jour has a future. We're talking about a highly speculative bubble where people are dumping millions because they believe that the technology has a future. If Rust fails I'll have one more useless programming skill and a few codebases to rewrite. If cryptocurrencies collapse people are going to lose their homes.

The whole "blockchain tech is here to stay" argument plays into that. I've heard some close friends use it to justify their investments in cryptocurrencies. Surely if everything is going to run on blockchains 10 years from now then surely at least one of the cryptocurrencies in my portfolio is going to be worth a ton then, right?

Maybe let me rephrase my question in an other way: if somebody had asked you 10 years ago to solve the problem you're describing, what would you have replied? "I'm sorry I don't think that technology exists" or "you need some kind of write-only distributed database with a layer of asymmetric cryptography"?

So no, it's not just me being a contrarian naysayer, there are real consequences to all this bullshit and pixie dust surrounding cryptocurrencies. I mean look at the replies for this joke tweet somebody linked elsewhere in the thread: https://twitter.com/MalwareTechBlog/status/93264913325659750...

Note the number of defensive tweets claiming the author doesn't know what they're talking about and how the blockchain is actually great:

>Maybe learn how the technology works before pretending to be a snarky expert. This doesn't make you look smart.

>very funny, but blockchain has some interesting use cases that might make some cros domain and cross org stuff better.

>No one will need/want Blockchain is today's version of no one will need more than 640k RAM.

>Blockchain has applications far beyond just coining it.

>That’s a pretty short sighted way of thinking. Block chain based voting is a really good idea.

Because apparently block chain voting is something that exists.

I like this one too:

> give me an actual current non hypothetical real world use case.

Reply:

> I'd be more inclined to answer this publicly if I were not actively working on a related project that I am not at liberty to discuss openly

I could go and and on and on. I've gone through pages of this and the only actual use case I see mentioned is:

>Might be useful for monitoring chain of custody for secure documents. Not that that’s a huge use case.

Which I assume is related to the use case I mentioned in my previous comment.

In my experience these types of replies are common on every public discussion of anything criticizing bitcoins or cryptocurrencies.

So yeah, I don't think the bullshit is on my side, and neither is the burden of proof.


With respect, it's difficult to follow what you are really saying. A few notes:

* Block chain voting does exist; here's an example of it actively distributing real funds to real projects: https://www.dashcentral.org/budget

* The fact that cryptocurrency prices are volatile does not allow one to draw any kind of inference that either blockchain-based solutions or cryptocurrencies have no future. Was the .com bubble proof that Internet was a waste of time?

* I give a solid use case I'm currently exploring in a comment further down the thread; there are plenty of people out there smarter than I am, so if I have a real use case you can be sure some of those smarter people will come up with something equally valid

* Finally, why are you trying to hard to prove a negative, and what makes you think you are able to foresee the future of a technology better than all the other immensely skilled technologists out there? You can't. Wait a couple years and if you're right you'll get to smirk at all the early adopters. If you're wrong, good luck with the job hunt. If that seems like a rational set of trade-offs to you, all the best.


The discussion about whether or not blockchain technology is useful has literally nothing to do with cryptocurrency bubbles. Further, I gave specific examples, and you reply with a joke tweet (which, as an aside, no one has any duty or obligation wasting their time replying to, and is the sort of thing that yields an insular bubble of groupthink) and then more hand waving.

Neat.

The rest of us are just busy building solutions as the industry evolves.


I'm also in the finance industry. I'll give a concrete example of where I see blockchain technologies helping in my space, regulatory reporting of OTC derivatives transactions:

1. Regulators need to accept transaction reports, volume is in the hundreds of millions/reports/day so they don't have the technical competency to accept reports themselves

2. 3rd parties ("trade repositories") currently provide this infrastructure but regulators are learning that aggregating data across multiple trade repositories with different implementations is very difficult (particularly where dual-sided reporting across different trade repositories occur!); financial institutions are also ending up having to pay far more than cost to comply with regulations because the trade repositories are profit-driven enterprises

3. A private blockchain (e.g. Quorum and/or maybe Hyperledger's PoEL) solves these problems cleanly:

a. regulators have confidence that market participants are playing by the rules and not manipulating (or submitting) reports after the fact. For those who don't know, there's a lot of incentive to 'fix missing reports' -- consider e.g. Merrill Lynch being fined 34.5m GBP for not reporting just 2 years worth of transactions [1]; how would a 'distributed database' give regulators confidence when that kind of 'incentive money' is involved in retro-fitting reports?

b. market participants are happy because their highly confidential reporting data can delivered to regulators via simple access controls (even after the fact!) and infrastructure costs are fairly split across market participants in proportion to volume, and the industry effectively "self-regulates" itself (rather than trusting 3rd parties), which is generally an attribute of preferred solutions in the finance industry

[1] https://www.fca.org.uk/news/press-releases/fca-fines-merrill...


>The discussion about whether or not blockchain technology is useful has literally nothing to do with cryptocurrency bubbles.

You really think people would be talking about "blockchains" if bitcoins wasn't worth thousands of dollars? Is there currently any notable application of this technology beyond cryptocurrencies?

>Further, I gave specific examples

That you immediately dismissed yourself as "just a write-only distributed database....with a layer of asymmetric cryptography".

>you reply with a joke tweet (which, as an aside, no one has any duty or obligation wasting their time replying to

It's true, but they did reply nonetheless, wouldn't have hurt to actually come up with a decent argument while they were at it.

Still, it's really a common pattern in bitcoin discussions in my experience (just say that the author doesn't know what they're talking about without coming with any counterargument). You can find plenty of examples in the comments of this very much non-joke article: https://medium.com/@thedrbits/why-i-also-find-iota-deeply-al...

I could probably come up with other examples but I don't have any duty or obligation to waste my time doing that so...

> then more hand waving.

Who's waving hands at whom in this scenario?

>The rest of us are just busy building solutions as the industry evolves.

Godspeed. I don't have any problem with that. I just wish the discussion around these technologies revolved more around technical arguments than ambiguous terminology.


> You really think people would be talking about "blockchains" if bitcoins wasn't worth thousands of dollars? Is there currently any notable application of this technology beyond cryptocurrencies?

Academic cryptographers and computer scientists specializing in Byzantine fault-tolerant distributed systems have been working on blockchain technology for several years now - since one Bitcoin was worth merely hundreds of dollars.

To put this gently: you're being very snarky and combative in this thread, but you do not appear to be familiar with the basic academic literature and engineering that has gone into very legitimate blockchain technology research. Obviously there has been an influx of uninformed, trend-following funding recently, but it's a serious mistake to conflate those parties with the totality of work in the field. In fact, I gave two specific examples in a reply to another of your comments.


People have been talking about blockchains for many years (and in the financial space there are massive orgs all working together on concrete implementations. Change takes time). The fevered anti-blockchain pitch, on the other hand, has picked up in lockstep with the cryptocurrency hype. If you can't separate them that's a failing.

It's a bit like the Baader-Meinhof phenomenon, with people who woke up to cryptocurrency hype thinking that everyone became aware simultaneous with them.

That you immediately dismissed yourself as "just a write-only distributed database....with a layer of asymmetric cryptography".

That is the literal definition of a blockchain. In these sorts of arguments people are so desperate to shoot down "Bitcoin" that we end up with a No True Scotsman situation where everyone completely loses sight of the technology.


> The discussion about whether or not blockchain technology is useful has literally nothing to do with cryptocurrency bubbles.

These seem very closely related at this point. A cryptocurrency bubble seems to be the primary use of blockchain tech so far, and the eye-popping amount of money seemingly involved appears to be the primary driver of interest in the technology.

You can hardly think about one without the other. E.g., suppose you had a great use for blockchain -- say, your book of record/holdings -- along with a great plan to develop and roll a system based on it that had nothing to do with cryptocurrencies.

You'd still have to account for what you plan to do if (when) enough money has been lost on cryptocurrencies that blockchain becomes a dirty word that will kill your system if it because associated with it. Beyond any technical differences, your non-blockchain competitors won't have to convince potential participants that their system's architecture isn't actually some tricky way to rip them off.


> Beyond cryptocurrencies? Go on, I'm all ears. I'm always amazed by how often I hear that claim (on HN and elsewhere) and yet nobody seems in a rush to be specific about it.

A Byzantine fault-tolerant, distributed NTP protocol that does not rely on a trusted third party. That is a concrete, legitimate use case for a blockchain that meaningfully improves through a trustless, permissionless and decentralized system. For example, this could augment Google's RoughTime NTP protocol.[1]

More abstractly, blockchains resolve many hard problems in cryptographic protocols that would otherwise require trusted third parties. There has been nontrivial academic attention for this particular possibility, including support from DARPA and the NSF.[2]

Now you have heard someone making this claim and being specific about it on HN.

________________

1. https://www.imperialviolet.org/2016/09/19/roughtime.html

2. https://eprint.iacr.org/2017/935.pdf


Are you specifically talking about recording times onto a new blockchain, or do you mean something like a timestamp based on block IDs?


Recording signed time attestations onto a blockchain, establishing BFT consensus of the current time, using the blockchain consesus as an authoritative source for the current time.


That would be a very interesting alternative to the current NTP infrastructure.


Use cases for blockchain technology include claims management (medical, auto, life, etc), fraud prevention, supply chains, provider and healthcare data. Four use cases, given in a bit more detail below, and that's just what my company (although not my department) is working on:

https://www.blogs.conduent.com/2017/12/05/the-possibilities-...

https://www.blogs.conduent.com/2018/01/29/how-blockchain-cou...


I have a need to store a series of verifiable messages in a decentralized way across many actors who I cannot trust. Say like a distributed, less-active subreddit. I would accept any BFT-like consensus mechanism library that's not a blockchain, but I can't really find any, so I might turn to a blockchain. If there were an embeddable, decentralized/distributed database (performance not a requirement) that handles adversarial users, I'd use that. Suggestions welcome because I don't know everything that's out there (preferably C/C++ or Rust or anything I can statically link).


I hope you enjoy paying a few dollars for every message and wait for at least 10 minutes before your message makes its way into a block.

Or you could use PGP.


Huh? I'm not using the bitcoin chain. I'm just embedding something like tendermint in my desktop app I'm distributing. Why does that cost money and why does it take 10 minutes? Also, I don't understand how PGP helps with things like storage or distribution.


Email is decentralized (well, it can be, these days most people use one of the big providers but it's still compatible with 3rd party servers). IRC is also sort-of decentralized and works through a federation of servers.

And I wasn't talking about bitcoin specifically either, I'm just doubtful that you could have:

- A completely untrusted distributed "blockchain" style DB - Which would be fast and scale well enough to enable instant-messaging-style applications - While being almost completely free to use

Currently Bitcoin can process a few thousand transactions per block, every 10 minutes. In 2015 reddit averaged about 2 million comments every day: https://redditblog.com/2015/12/31/reddit-in-2015/

Of course you may say that you don't want to create reddit, just a small chat with friends but it doesn't matter: your blockchain is only as secure as its worth so if you want trust-less security your only solution is to plug yourself on an existing blockchain OMNI-style. Then if you want your messages to end up on the chain you need to pay more than the competition.


Your suggestion to the commenter of PGP, then email doesn't really make sense given their reported use case.

The cryptographic components of PGP which allow for signed messages in the email setting are the same components that would allow for signed messages on a blockchain. But a blockchain protocol can natively support key exchange, symmetric encryption and digital signatures; PGP only natively supports asymmetric encryption and digital signatures.

Further, while email is originally a decentralized protocol, it does not mirror all messages from all email addresses to every other email address across every mail server on the internet. If you were to take PGP, bolt it onto a modified email protocol that requires all mail servers to hold copies of all mail, you'd end up with something substantially the same as a blockchain. You can question the commenter's purpose in wanting all of this, but according to their stated use case, a blockchain actually sounds fairly reasonable from a technical perspective.

Finally, the commenter said that performance concerns were not an issue. But for the sake of correction: they also mentioned Tendermint specifically Tendermint is capable of scaling to high thousands and low tens of thousands of transactions per second.

I'm not sure why you keep talking about Bitcoin when the commenter specifically said they weren't using Bitcoin. That makes half of your comment not applicable to what they're talking about.


You're thinking of the oldest of the old: bitcoin. Modern (sometimes called 3rd gen) cryptos are able to do instant, secure transactions with no fees.

A project I'm particularly fond of, having tried it out, is called nano[0]. The whitepaper gets pretty vague at times but is overall an interesting read that I recommend.

Full disclosure: I'm slightly biased in that I do have under 50€ of it that I bought to experiment with.

[0] https://nano.org/en/faq


How is this permission-less if in order to participate in mining you need to spend thousands of dollars nowadays?


If you start a new blockchain then you probably don't need as hard proof-of-work problems as there is now in bitcoin.

One thing that the article is missing to discuss is that for a blockchain to truly work there needs to be a reward system for the nodes to participate in the network (basically to cover the cost of this crazy expensive infrastructure). Ie. a cryptocurrency that can be mined.


This.

I always thought that any blockchain could only work if there was a reward system (otherwise you're dealing with trusted parties and thus no blockchain in the strict sense is needed), and thus it never made any sense to me to see people implementing blockchains everywhere.

News: "Company X is using blockchains internally."

Me: "Does that mean Company X have created a token that can be mined by its own computers, in a crazy internal competition that will waste thousands in energy consumption and hardware?"


Cryptocurrencies don't necessarily have to be mined. Some newer ones have systems that aren't computationally intensive; they do that by effectively inverting the system of responsibility: they work by saying "if you hold our token, you have a vested interest in the integrity of the chain, therefore we trust you to validate transactions for the network" where "validate" means "vote on whether a transaction is legitimate".

It's fairly interesting and still under research but on some smaller cryptocurrencies it seems to be working. Google "proof of stake" for more.

edit: for a single organization that might not be very useful, as you already have one big central entity that you trust (the organization itself) but it is potentially an additional layer of security that can be tailored to the organization's needs.


> in order to participate in mining you need to spend thousands of dollars nowadays?

Because that has nothing to do with being permissionless?


It depends on how do you define "permission". "Of course, you can join our club, it's free to join for everyone. Oh, small detail, the entry ticket is 100K$"


A few problems with that analogy:

1) Mining isn't required to use the network

2) You don't have to pay any specific "club" to start mining. You need to be able to generate hashes efficiently, how you do that is up to you

3) It's still unrelated to what "permissionless" means in this case

"Permissionless Blockchains allow anyone to participate. The transactions are validated and processed by votes / consensus. A vote does not depend on having a prior identity of any kind within the ledger and no pre-existing trust is assumed between participating nodes."


> 1) Mining isn't required to use the network

I define participate as "be able to mine and use the network". You can't do both for free anymore with Bitcoin.

> 2) You don't have to pay any specific "club" to start mining. You need to be able to generate hashes efficiently, how you do that is up to you

Sorry, but it sounds like "In order to learn how to fly you just have to flap your hands more efficiently, how you do that is up to you"

> 3) It's still unrelated to what "permissionless" means in this case

From your definition "Permissionless Blockchains allow anyone to participate". Okay, you can sort of participate in tsunami by jumping in the sea, but do you really do?


> You can't do both for free anymore with Bitcoin

You never could. Mining has always had a cost and by design the cost increases to match the block rewards

I'm bored of this argument. You're arguing against a different definition to me and I'm not sure what your point is - that mining is expensive?


I'm saying that "permission-less", in my view, should be defined as "an average person can use network and participate in mining", which is not the case with Bitcoin anymore.


The "average person" doesn't have access to a computer or stable internet connectivity, if we're arguing for what the average person should be able to do/access we have a lot more basic problems to discuss before we get to decentralised virtual networks.

That aside, technically anyone with a computing device can contribute to most networks.


Compare your example with: "You can't join our club."


Realistically, there are no clubs you can't join if have enough money


It's permission-less because you participate as a node in the network without anyone granting you permission to do so.

You don't have to spend thousands to be a bitcoin miner. You can use any old computer. Making a profit is a different story. Still, resources can be pooled together to buy a competitive mining rig for a few grand.

Even then, a few thousand dollars is realistically not a large entry fee for anything. Wiring your house for Internet access would cost around that much if it wasn't subsidized.


You don't need to mine to make Bitcoin transactions. By "permissionless" people tend to mean that you can send money to and from another user of the system regardless of the legality and without a payment processor to intervene and forbid it.


That is not the meaning here. Here it means that new nodes can join the network without being permissioned by an authority.


Do you need cryptographically signed, P2P distributed SQL statements that define order by referencing a hash of the previous statement block.


*And distributed consensus algorithm resistant to sybil attacks.

That is presuming a blockchain needs something like proof of work to enforce them being append-only. One might argue semantics and claim that a blockchain only needs to be a 'chain of blocks' but I think most people expect some form of distributed consensus when something is called a 'blockchain'.


Unfortunately, a pile of tech companies decided to start selling "blockchain" to banks which doesn't contain any distributed consensus system at all, never mind a Sybil-resistant one. As a result, people in the finance world and people surrounding that particular subset of the tech industry have a very warped idea of what a blockchain is.

Under the definition often used in finance, all modern Linux machines are powered by blockchain, because journald uses hash-linked entries to provide evidence when log entries are manipulated.


To be fair the term "blockchain" is too broad and generic to give it a very specific definition. I think that's a big reason for the hype, like "cloud computing". It's so vague that nobody really knows what it's about, if you actually decide to get technical you lose 95% of the audience as soon as you utter the words "cryptographic hash" or "public key cryptography". So you can just make any bold claims without going into details and still be sort of right. I can say something like "blockchain technology is going to be big for avocado cultivators to be able to audit production year after year". Does it make any sense? Who knows. But it keeps people going.

And it's probably true too. Blockchain technology is here to stay. Cryptographic hashes, public key cryptography, merkle trees, hashcash, peer-to-peer networks, all that is here to stay. Of course, all that existed before the Blockchain, in the same way that servers existed before the "Cloud" but it doesn't matter, it's all about that sweet branding.


As a really quick hint, if somebody pushes blockchains as a solution for anything but cryptocurrency and managing cryptocurrency based on the state of other cryptocurrency, or a solution for Zooko's Triangle, they're selling a lie.

EDIT: the reason for this is that if the chain ever needs to touch something that isn't entirely stored within the chain - for example, the number of avocados picked on a certain day - it needs a trusted oracle to tell it that. If you have a trusted oracle, you can trust that oracle to host a bog-standard SQL database and avoid this whole mess, unless your boss is breathing down your neck about using "blockchain" so your company can look cool and hip to its investors/clients.


What about a registry of land ownership?

That could be tracked fully on a blockchain with the added advantage of no longer needing to trust some centralized office to 1) correctly track ownership and 2) properly store their records.

A similar idea exists for tracking ownership of domain names.

There are other cases where you trust the oracle but want some form of non-equivocation. A nice example is a notary. In that case, just an SQL database doesn't suffice. Sometimes, something like a pgp-signed statement could work for that.

If you want some more resilience against the claim 'that was signed with a fake key' you could mandate all signatures be published on an actual block-chain. This time-stamps them so you can see whether they happened before a key compromise, and allows the requirement that the counter-party audits the blockchain to ensure that no signatures are published that they did not know of. This audit would mean that signatures published with a compromised key would quickly be detected.

This way, the records of the notary are publicaly checkable. You now only need to trust the notary at the time of publishing their signature on the blockchain (with some extra time to ensure they can't claim to not have audited yet).


Public records does seem like a reasonable use case. Birth, death, marriage, ownership etc. Not sure it's a lot better than what we have now but it might be cheaper. (Or the reverse.)


With public records, a big question is whether you need some form of distributed Sybil resistant consensus.


> What about a registry of land ownership?

Towards what purpose? So that a court can look at it and decide who owns the land? In which case the court can run a SQL database for significantly cheaper than a secure proof-of-work system.

The notary idea is a good one, except that it's not actually a problem that needs solving in most countries with a semi-functioning democracy. If you want to timestamp something relatively important, you post it in your city/county/country's newspaper of record. In the UK, for example, that'd be The London/Edinburgh/Belfast Gazette. Various entities maintain copies of these, in case you're worried that the Government decided to edit their copy of the record.


Consider title insurance [1]. The current system of land registry in the U.S. is so disjointed that you need insurance against the registry making mistakes. This might be solved by making a centralized database, but then we are depending on the technical capabilities and security of the court system. Just because we trust the court to make correct decisions does not mean we trust the court to keep that data correctly and publicly available.

Besides, a system like this could allow for land transfers that are recorded only in the blockchain, without need of an intermediary.

A harder objection would be complicated deeds. For example, a deed that grants a piece of land but requires that, when it is sold, the proceeds go to some charity. For cases like that, you'd require a signature by a trusted third party (an oracle). We are now trusting that oracle only to make the right decision when the signature is requested. Moreover, it is now public data that there is a complex deed behind this transaction. Thus it is no longer possible that upon sale, the deed has been forgotten and then later it turns up wreaks retroactive havoc.

Another issue would be 'property loss'. People lose their crypto keys all the time, what happens when people lose the 'key' to their land?

[1] https://en.wikipedia.org/wiki/Title_insurance


I won't claim to be an expert on this, but isn't that the whole point of multiple / decentralized oracles?


Perhaps, I assumed that a lot of the "me too" blockchain investigations happening at large corporations never intend to use distributed consensus, they expect the blocks to be signed by trusted sources.



Here is an accessibility one:

http://shouldiuseacarousel.com/


Honestly expected a page that just said "No"



This paper is similar to an idea I'm working on finalizing from a conceptual point of view.

I call of "Proof of Help" (as opposed to Work or Stake). To summarize, the idea is that in a market for tutoring, people can tutor each other, however there would be some sort of way to confirm that tutoring actually took place.

From there, you may receive help in exchange for the quantity of time you've helped others, represented by the Help that you have accumulated by helping. Unlike Bitcoin, this Help can never be converted for fiat and is only useful for receiving tutoring.

Unlike Bitcoin, this wouldn't be decentralized though. It would effectively be a public ledger run by ideally a nonprofit. I think blockchain is a good use for this. Mainly because the quantities of Help should not be able to be manipulated by the centralized authority. Their role here is simply to confirm identities and serve as a sort of access control to the blockchain itself (e.g. They can ban people, but not change how much Help someone has).


How do you prevent people from gaming the system?

Alice and Bob vouch that they each tutored each other for a week straight, despite just leaving a Skype connection open facing a blank wall. Now they've got fifty Tutorbucks each, whereas I had to tutor a dozen college freshmen for a month to get the same amount.


This is where centralization would come into play -- all sessions are recorded and publicly available. The situation you pose could occur, but could also be quickly identified, resulting in the banning of both Alice and Bob.

Such a deterrent would hopefully prevent people from attempting to game the system.

The point of recording and publishing the sessions, by the way, is to prevent repeated tutoring sessions surrounding the same question or content, ideally.


Once you add any centralization, the rest of the blockchain becomes pointless. If you rely on one database/oracle/trusted service, you might as well let them do all the rest of the work and scrap all the chain building, as it would be more efficient.


How do you guarantee that the data in question is not changed without blockchain?


You can't, but that is irrelevant if the centralized service is required. You can point at the blockchain data all you like, but if the centralized service that you rely on chooses to ignore the blockchain data, you're out of luck. Hence, you either need no centralized points, or just ditch the blockchain and put all your faith in the central resource. If it is trustworthy, great, everything has become much more efficient. If it isn't, you're screwed, regardless of whether or not there's a blockchain.


A centralized blockchain does not guarantee that at all. In fact, it's probably impossible to guarantee this for any kind of centralized service. In order to be able to trust centralized ledgers, clients need to keep a local copy (or a local history of hashes) so that they can detect manipulation (regardless of whether you're using a blockchain or something else to store your data).


This sounds more like lectures and less like tutoring sessions. And I think a lot of people might be uncomfortable with having their tutoring sessions publicly viewable - what if I need help preparing for interviews, and my tutoring sessions make me look like I'm not a capable software developer? It would be kind of embarrassing if a potential employer could look up videos of me asking someone to explain big-O complexity of various sort algorithms, or of a potential math teacher who needs help remembering basic algebra.


You make good points, though I have to add that though it is "public", you couldn't actually identify the people involved in a particular tutoring session from just the video. This would be something the central authority would take care of. So tutoring is generally done via text and visuals, with no audio or video of either participant in the session.

As for your situation, in that case the hypothetical system I proposed wouldn't make sense. In the case you're describing now, it would make more sense for your to simply give your Help to the person who assisted you in exchange for their assistance. This is in contrast to the "system" giving you Help for simply helping someone else (i.e. the person receiving help doesn't have to give you their Help).


> you couldn't actually identify the people involved in a particular tutoring session from just the video

I guess it depends on what you're recording, but even if you don't save the audio, or the camera recordings, information can still leak. Am I sharing my screen with my tutor? Great; my browser bookmark bar is visible, and possibly my URL history if I start typing something in. Oh, look - my Gmail tab shows my entire full name. My anonymity is blown before the second frame of the video loads.

> In the case you're describing now, it would make more sense for your to simply give your Help to the person who assisted you in exchange for their assistance.

I guess I don't understand the system. I thought that if I tutor Thomas in some basic mathematics, I earn 20 Tutorbucks. I can then spend those 20 Tutorbucks by paying Jenny to help me understand how Spring's authentication system works. It doesn't really make sense to do tutor exchanges - what am I going to ask Thomas for help with?

In any case, it seems like the answer to the submission's question in your case is a resounding no. There's nothing a blockchain brings to the table.


I see the confusion.

1. Anonymity isn't a goal, persay. Everything you're talking about, in terms of "public incompetence" is true immediately once you post anything online. It's only a matter of time. Personally I'd argue that people who are actively seeking tutoring would be more sought after, but that's another story. Not to mention most of the things you're mentioning could be accounted for during implementation.

2. In your example, if you tutor Thomas in basic math, you would receive 20 Tutorbucks in exchange for said knowledge to be available to everyone, hence the exchange being public (furthermore, a third party would have to spend their Tutorbucks to actually view said session, perhaps). If, you wanted Jenny then to help you with Spring's authentication you could then give her the 20 Tutorbucks as opposed to the system giving it to you, and then it could be private, though that's not how I originally conceived it.

As for the submission question -- how do you guarantee to all participants that data isn't changed without blockchain?


> Everything you're talking about, in terms of "public incompetence" is true immediately once you post anything online.

Not true. A potential employer doesn't know what I'm googling for, and they have no way to tie "throwaway37745XXQQXX" on StackOverflow back to me.

> As for the submission question -- how do you guarantee to all participants that data isn't changed without blockchain?

There are other ways to ensure that the data is authentic. Thomas and I could both sign the resulting video or other data with private keys. I'm not entirely sure how else proof-of-help would work, anyway - how does me tutoring Thomas or Jenny tutoring me append to the blockchain? It's all based on what we claim occurred.

I think your idea is good - publicly available tutoring, with social elements - minus the blockchain.


Maybe something like a bitcoin faucet, with people getting say 1 "help" a day might work.


Isn't that still gameable? It just means that those unfairly abusing the system are rewarded as much as the people providing the most help.


Reading my comment again I explained rather poorly. I was thinking each user would have an income of 1 help token a day, which they could then use as a reward to those who help them, and the helper could then use the points they earned as a bounty to encourage others to help them in turn. Maybe something between Yahoo Answers and Steem?

Hopefully if the tokens had a somewhat stable value, it would be somewhat difficult to convince people to give you the token versus being able to generate them easily.

So say those dozen freshman have 100 tokens saved up, and give you 5 a day for a week of tutoring, you wind up with 420 and can then reward someone later for a somewhat proportional amount of help. But if I just pool my tokens together with someone else, we only generate 14 tokens over the week.


> if the tokens had a somewhat stable value

If the tokens have any value outside the system, the whole thing grinds to a halt, as people start HODLing them like idiots, and people stop getting paid to actually do anything. The tokens having a dollar value would probably be the thing to kill this otherwise wholesome idea.


You don't need a blockchain. You need PHP and a SQL database.


A semantic note -- under canonical definitions, "proof of help" is a bad name for your idea. Proof of work/stake means they're using work, or stake, to secure the blockchain; it's the answer to the question "Which blockchain do we trust?" The chain with the most work in it, or the most stake in it.

Here, your "help" is the object you want to have on the blockchain that is trustlessly secure. The analogous object in bitcoin is money.


One question I would like to see discussion on is about the process of capturing value by the builder of a blockchain.

Web 1.0 was about selling stuff. Web 2.0 was about hoarding data and using it to sell stuff. If blockchains are Web 3.0, what's the model?

Bitcoin was released free and the designer got nothing beyond the initial stake, which only works for coins. Ethereum is run by a foundation.

Say I want to launch a blockchain startup and really hit the sweet spot according to this paper, how do I build a business on it?


1. ICO. 2. Run away. 3. PROFIT.


Find somebody else that already has the possible use case for blockchain and sell the basic tech and support to ensure all their relevant operations systems interface with the blockchain. The same basic business model used by various companies that were building e-commerce platforms in the nineties and have been winning massive contracts using "cloud" in their presentation more than their competitors ever since, often without any server space or software IP of their own. Works better if there actually is a real sweet spot for those client(s) to share data with blockchains, but even using the word as a buzzword enough might seal the deal.

This model isn't as exciting as "disrupting X with blockchain" but it's certainly possible to build a profitable business with it.


The original idea of blockchain was at least partially to prevent a central entity from centralizing the value of bitcoin and capturing its value. What you're describing is the antithesis of what Satoshi intended.

Now, I'm well aware that technology isn't inherently ideological. So you could hypothetically come up with a way to hack it to make it do what you want to do. And a lot of people are trying to do this, i.e. the SegWit folks, but the way they're doing this is by breaking the fundamental decentralization of blockchain to make it more federated/centralized. It's a perversion of Satoshi's vision, but it's not unethical or technically invalid.

But the question I have is, why? A business is inherently about taking money from disparate sources and putting it in a central location: your business' bank account. You might be able to do this with blockchain, but it's working against the decentralized, untrusted model, not with it. A datomic-style log handles the ledger aspects of blockchain with a fraction of the technical complexity, and you don't need the untrusted aspects of blockchain if you're running a centralized business (ostensibly, you trust yourself). If you succeed in using blockchain to run a centralized business, it's despite the model, not because of it.

There's one exception, which is that the underregulated nature of the current blockchain industries and the hype around blockchain open up some opportunities (i.e. this is why the SegWit folks can make money off this). But that's more about checking the "blockchain" keyword off in your marketing/legal materials than about the actual benefits of the technology (i.e. ICOs--the only benefit blockchain actually gives is that it allows you to skirt financial regulation, which has nothing to do with the technical benefits of the technology). And as regulations are put in place and hype fades, a lot of these opportunities will dry up: most are temporary and the ones that aren't are extremely difficult technically.

Blockchain IS a revolution, but it's not a revolution that can be easily coopted by rent-seekers (and make no mistake, that is what you're proposing). The rent-seekers will eventually break it (they always do) but then it will be just another financial instrument, and unless you have an in-depth technical AND social understanding of the technology (like the SegWit folks) you're unlikely to be one of the rent-seekers who benefits from this. There are a lot of lower-hanging fruit out there to build a business on.


No objection to the term "rent-seeking", that's just another term for "business". :-) The trick is to add economic value beyond the rent being collected and then capture a portion of that value in the form of rent. Rent-seeking is used in a negative context when it implies capturing rent _without_ adding value.

"You can't add value just by forking Bitcoin" may be what you are trying to say here, and I agree. I'm trying to think past that to what value could be added to the blockchain to justify collecting rent while preserving the decentralized trustless nature of the vision.


> Rent-seeking is used in a negative context when it implies capturing rent _without_ adding value.

Yes, that's exactly what I mean. And I'll explicitly say that SegWit is run by rent-seekers. Yes, they do add value in the sense that they allow bitcoin to scale, but they do so by making it federated: at which point they're an immature, lower-value implementation of the traditional banking system. If you're okay with federation, just use traditional finance. If you're not okay with federation, then you aren't okay with SegWit. In neither case does SegWit add value.

> I'm trying to think past that to what value could be added to the blockchain to justify collecting rent while preserving the decentralized trustless nature of the vision.

But why though? If your goals are to centralize money in your pocket, using a decentralized structure and keeping it decentralized is like using a screwdriver to catch butterflies. It's the wrong tool for the job. It's using a decentralized, untrusted structure to achieve a centralized, trusted goal.

All the existing models I know of for making money off developing a blockchain involve some form of centralization. Either centralized mining (premining, ICOs) or breaking decentralization entirely (SegWit, Ripple).


> All the existing models I know of for making money off developing a blockchain involve some form of centralization. Either centralized mining (premining, ICOs) or breaking decentralization entirely (SegWit, Ripple).

Nano (née Raiblocks) uses a block lattice where each transaction from an account (accounts are first class citizens here) is appended onto a previous one, and only when accounts interact is there consensus required. Nano uses a combination of PoS and PoW (called Delegated Proof of Stake) to secure its chain. While in theory this is less distributed than blockchain (nodes elect delegates who actually perform the updates), in reality Bitcoin already is a network centralized around mining pools, so IMO dPoS openly acknowledges the centralization that already exists.


> But why though?

Because that's generally what really drives adoption, investors willing to fund innovation that adds value.

> All the existing models I know of for making money off developing a blockchain involve some form of centralization.

Lets be creative! Build a 'siphon' into the blockchain to capture small bits of each transaction and re-sell that to generate income? Or treat it as a traditional open source project and position yourself as the best implementation because you designed it.

There are also different types of centralization that don't necessarily involve interfering with the blockchain. You can decentralize the ledger but centralize the transaction entry. Or centralize the reporting (anyone can make entries but only the authority can verify them, subject to auditing).


I'll add to my previous response to this post:

Bitcoin users fall into basically two camps:

1. Users who want to ride the hype to make money (be it through speculation or through a centralized service).

2. Users who want untrusted decentralization as an ideological benefit.

If you're in the first camp, you have no reason to care about decentralization. And frankly, if you're in this camp, you're more likely to be taken by one of the more knowledgeable users in this camp who is running a scam of some sort than to make money yourself. The traditional banking system might be better for you. Not because you're not welcome, but because untrusted decentralization doesn't fit your goals.

If you're in the second camp, you have little reason to want adoption beyond a certain point. Obviously adoption increases value and utility of your coins, but it also pushes regulation (i.e. recent Chinese policy changes) and centralization (like SegWit). Large-scale adoption has not been a good thing for ideological proponents of Bitcoin.

It sounds like you're in the first camp, and you're not going to understand why the ideas you're posing don't work until you understand the second camp. Bitcoin was created for the goals of the second camp and if those goals aren't your goals, using it is probably counterproductive.


> Because that's generally what really drives adoption, investors willing to fund innovation that adds value.

I mean, why use blockchain for this when there are appropriate centralized, trusted tools for solving centralized trusted problems.

> Build a 'siphon' into the blockchain to capture small bits of each transaction and re-sell that to generate income?

That's a centralized siphon (and why would anyone pay you to use this blockchain?).

> There are also different types of centralization that don't necessarily involve interfering with the blockchain. You can decentralize the ledger but centralize the transaction entry. Or centralize the reporting (anyone can make entries but only the authority can verify them, subject to auditing).

Verification is definitely a key part of blockchain--if you don't have decentralized verification you have a datomic-style log with a decentralized cache. If you centralize that I'd say you don't have a decentralized blockchain any more (this is basically Ripple, or if you're talking about non-coin type logs, git changelogs with signed commits where you only accept commits from entities you trust).


I don't see it. Waiting forever for transactions, paying a high fee to exchanges for what should be a few milliseconds of code to run - how is this not rent-seeking? How is bitcoin not already centralized?


Exchanges don't typically run/implement their own blockchains, which is what my post and the parent were talking about.

Most exchanges are 100% centralized, I agree. But it's entirely possible to buy/sell/trade Bitcoins without ever interacting with an exchange, so I'm not sure that means Bitcoin is centralized.


Its an interesting question that hasn't really been studied, I think. If a decentralized system is centralized in practice, is there any value to it being decentralized?

The crypto market always stuck me as being designed the way a student is taught how markets work in college. Exchanges all the way down.

Any finance professional will tell you that only a tiny fraction of stock market trades are actually on an exchange, the vast majority are filled privately between a successive layers of a broker's clients and only the ownership change is sent to the authority.


What percent of transactions do we suppose are done privately? Compare with the percentage of normal financial/investment options are exercised privately. At a guess, almost the entirety of Bitcoin trades are exchange-based. I'm suspecting that ordinary finances win this round.


I don't think we have a ton of evidence either way, but:

1. Private exercise of of investment options usually occurs within the context of brokerages, hedge funds, and companies exercising their own stocks, no? For the first two, they have to be large enough to have lots of clients, and the last one is limited to one stock. I'd see the brokerages/hedge funds as a form of federation so that it doesn't make sense to distinguish it from exchanges on the centralization/decentralization spectrum, and stuff internal to a company doesn't really occur on the open market in the same way so I'm not sure it's relevant at all.

2. Percentage of trades isn't the only metric: ease of trades is also relevant. I could find a Bitcoiner on Craigslist and give him cash at a coffee shop for coins. Doing this with most traditional financial instruments would be difficult if not simply illegal. Coins for cash at a coffee shop isn't probably the most common use case, but it's certainly easy and possible, and that's relevant.


The coffee shop scenario: What's to keep him from handing over a thumb drive with random numbers on it? How do you register coins? Asking as a newbie.

And given the stratospheric price on bitcoins, what's the chances of anybody wanting to transfer such amounts without some kind of audit trail/registration?


It's a coffee shop because coffee shops typically have WiFi. :) He doesn't hand over a physical object at all: you just show him the cash, then have him transfer the Bitcoins to your account, and wait for the transaction to post/verify in your wallet program (reversing even a single verification block would have an astronomical computational cost, so you don't have to wait for 6 verifications even though that's the cryptographically sound way to do it). Then you hand over the cash.

Bitcoins are highly divisible, so you can purchase $1 worth of Bitcoin if you want. Probably that's not worth it to make it worth anyone's time, but lots of people are willing to show up to a coffee shop to sell amounts of Bitcoin >$200. So the astromical cost of Bitcoin isn't really relevant to how much you can buy/sell in a single transaction.

I am not a lawyer, but my understanding is that transfers <$10K don't require an audit trail legally. That said, if you don't want an audit trail, Bitcoin's public ledger makes it not the best choice. There are lots of reasons you might avoid buying from exchanges that aren't about leaving an audit trail (for example: simply to screw over the exchanges for political/social reasons).


This is a general problem with decentralized alternative platforms. There is no way for the creator to really profit massively out of their project.

But there could still be economic incentives. For example, if GNU Taler succeeds as a payment system and manages to replace Visa, that could mean less fees for both customers and merchants which would be incentive enough for the merchants and customers to adopt the system.

Basically you cannot think in terms of traditional business models. You need to think of it as a free software project that might potentially be a massive cost saving for enough people to adopt it.


I think its quite rare for a product to find widespread adoption because it reduces costs for the users unless a portion of the reduced cost can be captured by the entity building the product.

The way this reads now, the only products built on blockchains will be industry consortiums trying to "cut out the middlemen", which they will then use to limit competition by excluding new entrants.


The definition of "trusted" is the foundation of the conclusions of this article (and of the snarky "no" pages that are so popular), and it really deserves a long and detailed exposition of its own.

You may trust those third parties, but as always you also want the facility to easily verify (because your trust can be undermined by a single employee, a single malfunction, a single hack, and so on). When you add the notion of verification the whole evaluation flips.


Any justification or argumentation below the "NO" would be very welcome. I did download the article though, if that was the takeaway behind the website idea.


I'll give one. It comes with the disclaimer that every time I've brought this up, I've been told I don't "get" blockchain.

I want a national voting system with distributed ledgers in every state, and to add to that, every state has a copy of every other states voting records by virtue of having to validate the transactions. There's obviously lots of particulars around this, such as what to do with absentee ballots that are mailed in. This is a hypothetical use, at least in my mind.

Another one, more for the finance industry. A few years back, I paid my rent with a moneygram. A few weeks later, I got a phone call from the rental office telling me that moneygram rejected the payment and that I needed to call moneygram. Upon calling them, they said that they had record of me buying the moneygram (or whatever the hell it actually is), but that their system didn't have a record and there wasn't much they could do beyond give me a refund. How in the actual hell does a payments company have a problem like that? As a developer, I'm left to wonder if this was caused by some errant production release that wiped records, or a developer who ran a script from a well-known runbook that wiped out critical data (read: Amazon S3), or maybe even fraud somewhere in the pipeline. Why don't they have this data distributed and backed up in offline systems? If the government is willing to throw the book at financial fraud crimes (Unless you are Jamie Dimon), then there aught to be some kind of mandate that we have a verified ledger of electronic financial activities. The even scarier thing, to me, is that I thought they would have been doing that already...

Those are a few potential uses from my perspective.


Voting comes up a lot as a use for blockchain, but I've never been convinced that a regular public database wouldn't be better - generally the government has to be trusted in some way, and gets to say who can and can't vote, so blockchain's main benefits (trustless+permissionless) aren't needed.

Payments is definitely something blockchain can do better in some cases


Verifiability by an individual voter - given their receipt (hash) they would be able to verify that their vote (transaction) was in the chain that produced the final tally.

I am in general a blockchain skeptic - I think in most cases, there’s just enough trust to just use a centralized database - but voting seems like a good usecase for blockchain, as it provides voters with a receipt and it’s designed for auditing provenance.


> Verifiability by an individual voter

This is, in fact, undesirable. If verifiability is possible by an individual someone can ask you (under thread of violence) to verify that you did or did not vote a certain way. It's especially undesirable if verification can be performed a long time after the vote is completed because laws and social mores can change turning a previously innocent vote into a black mark.


My linked comment(1) should be a way to verify that a vote was recorded as cast while at the polling place, and to provide a receipt to allow later checking that nothing was tampered with that doesn’t reveal ballot choices. This would stop anyone except the government itself from getting proof of how someone voted, and if the latter situation arises you have bigger problems, but burning your receipt is easy.

There are probably even better methods to further protect both anonymity and verifiability. I don’t know if the group at (2) is still active, but the graphic presented there looks like a good setup—-though I think they are after vote-from-home, while my linked comment still makes use of polling places.

(1) https://news.ycombinator.com/item?id=14921442

(2) https://followmyvote.com/cryptographically-secure-voting/


It would be just as easy to verify in a public database


I don't think verifiability is the same. Yes, assuming the public database has some unique ID per vote, one could go in and verify their own vote was in the tally, and we could also verify that the final tally is the sum of everything in the public database. But what about someone who claims their vote was eliminated after voting occurred? There's no way to verify that either way. That kind of tampering, though, would not be possible using a blockchain, where the chain is constructed as the vote happens.


Part of the point of voting machinery is to make it impossible for the government to see which way a specific person voted. (Excepting a totally unanimous vote, I suppose.)

But I figure we could tag each vote with a unique hash that's generated by, and known only to, the voter.

Then, when all votes are cast, the database can be made public, including the hashes. Then each voter can check that their vote has been registered correctly, without the government knowing who voted what way.

This wouldn't be good enough, though. We want to make it impossible to confirm to anyone else which way you voted, even if you want to, in order to prevent vote-selling.

> But what about someone who claims their vote was eliminated after voting occurred? There's no way to verify that either way.

You mean someone who cast a vote but then doesn't see it turn up on the public voting database? I imagine we could solve that with crypto. In my model: when you vote, you are given a cryptographically-signed proof-of-vote that is tied to your unique hash.

> would not be possible using a blockchain

Unless I'm missing something (which is entirely possible), I've shown that blockchain isn't the only solution.


If I understand your scheme, tampering is still possible, we can just detect that it happened. The major difference with a blockchain-based voting solution is that after-the-fact tampering is not possible; you can't arbitrarily remove votes from the chain. And if we try to modify your scheme so that we start cryptographically ensuring that votes are included in the final tally, it's going to start looking a lot like a blockchain.

Let me reiterate: I am a blockchain skeptic. I think that, for the most part, it's a solution looking for a problem, and there's enough trust in most interactions that it's not worth the trouble. I just think voting is one of the rare instances where it does make sense.


> If I understand your scheme, tampering is still possible, we can just detect that it happened

True, the voter can prove that tampering happened, as the signature receipt they are given is specific to their voting choice (as well as to their secret hash).

How would a blockchain fare against a 51% attack? What secret/proof does the voter have that an imposter doesn't have? Is each person issued a 'votecoin'? How could we maintain voter anonymity?


To your questions, I don't know. I would think we would try to avoid 51% attacks by construction because the blockchain would not be easily accessible by non-voting machines. Voting currently doesn't do much to prevent imposters, so I wouldn't even try to addres that. It's also possible that voters would not even receive a transactions receipt (votecoin). They may not even be aware blockchain is going on behind the scenes: they may just see a normal voting machine at their precinct, beep-boop the screen and go home. The value would be in being able to audit the entire vote chain, which we currently don't do. Currently we spot-check the paper ballots against machine output for auditing. Re-doing the whole thing is a recount, and rare.

My complaint about bitcoin itself is that rather than creating a virtual currency, we really created a virtual commodity; that is, it's the closest we've come to creating a virtual item that has the properties of scarcity and non-transferability of physical items. I think that's bad for a currency, but good for auditing votes.


> I would think we would try to avoid 51% attacks by construction because the blockchain would not be easily accessible by non-voting machines.

So we're trusting the voting machines? Doesn't that defeat the point? Surely they should be able to run on public networks while honouring Kerckhoffs's principle: A cryptosystem should be secure even if everything about the system, except the key, is public knowledge.

That's the whole mission here, no?

> they may just see a normal voting machine at their precinct, beep-boop the screen and go home. The value would be in being able to audit the entire vote chain, which we currently don't do.

But if there's no 'voter identity' in the system at all, what's stopping a malicious government from just synthesising the whole blockchain?


> So we're trusting the voting machines?

Maybe. I'm not married to much - I'm just defending that voting is one of the rare cases where I think blockchain has value. We currently trust the voting machines, so even if we do it with the voting machines, it's still an improvement on what we're currently doing.

> But if there's no 'voter identity' in the system at all, what's stopping a malicious government from just synthesising the whole blockchain?

Not much! So we either have to allow individuals voters to get a receipt and verify their votes (which can introduce problems), or we have to print paper receipts which are kept on site. Yes, those can be printed out as a bad actor synthesizes a new blockchain, but paper ballots can be faked, too.

To me, the mission is creating an easily auditable voting record, which we do not have now.


> We currently trust the voting machines

Indeed, and that's a huge mistake. Should have stuck with paper ballot. The high-tech solution isn't always better. In this case, it seems pretty clear that it's far worse. The Diebold voting machines, for instance, have been shown to be a joke.

I like Scheneier's idea that perhaps machines could have some value as supplemental machinery to a paper ballot https://www.schneier.com/cgi-bin/mt/mt-search.cgi?search=vot...

> I'm just defending that voting is one of the rare cases where I think blockchain has value

> the mission is creating an easily auditable voting record

I don't see any link between these two. I'm not convinced there'd be any value in a blockchain.

> paper ballots can be faked, too

But it's far harder to do so at scale than with voting machines, particularly if the voting machines are poorly implemented, which they invariably are.


> generally the government has to be trusted in some way

There's an enormous difference between trusting the government to _count_ the votes correctly and trusting the government to _record_ the votes correctly, and I think this is actually the point. How do you enable voting _without_ trusting the government?

If you have a public database then you can sign votes into it, but how do you ensure that the government won't simply delete votes it doesn't like? Pretty soon you get to the idea that each vote should be incremental to all the votes before it, so no one can manipulate the previous votes... and you get a blockchain.

A blockchain would allow you to separate the act of voting from the tallying of votes, which would be an enormous improvement over the current 'check everyone's eligibility at the door and don't mention how many people you turned away'.


Have the primary key be a number or hash and publish the whole database, so you can count the number of votes yourself, or verify your vote, but cannot reverse any single vote back to a person without knowing their voter number. Whether we structure this as a Merkle tree or a flat CSV is irrelevant.

Of course, in neither data format do you have any way of actually authenticating the other votes, by design. Maybe the vote in the block before yours was a dead person, or never existed at all, how would you know? (this is what the crypto world calls a "sybil attack") Whoops, looks like we're back to trusting a centralized authority (the government, who issues the voter tokens). So why do we need millions of computers hashing away, again?

Fundamentally, one of the design features of voting is that it's un-verifiable, i.e. you can say you're voting Bush and go into the booth and vote Gore, and nobody can prove otherwise. Otherwise you could have personal threats against you (boss/spouse/etc) and if you have a ticket that can be verified to show you voted Gore then you could suffer personal harm. Verifiability to the public is actually an bug in the system here - it should be verifiable to the government and no one else. The best systems produce a paper token that is retained at the voting site. You can then validate the number of tokens against the voting rolls/etc, but the "evidence" stays in the possession of the government (who we've already agreed must be trusted anyway since they're the ones maintaining voter rolls/issuing tokens and ballots/checking IDs/etc).

I forget what the name of the theorem is, that says identifiers like domain names or onion names can either be unique/authentic, intelligible, or decentralized, pick any two. Well, you can also say that ballots can either be publically verifiable, trustless, or private, pick any two (where "guaranteed one-per-person" is a form of trust). Blockchain doesn't escape this, it is just a different format for the data (Merkle tree vs flat CSV).


> Of course, in neither data format do you have any way of actually authenticating the other votes, by design. Maybe the vote in the block before yours was a dead person, or never existed at all, how would you know?

In many European countries we do have that, as we carry our national ID cards[0] that have their own private key for signing documents and authenticating. Signing a vote securely isn't a problem but then the problem comes on how you sign it and keep it anonymous simultaneously. Also of course we trust that the state doesn't keep the private keys somehow when creating new cards.

[0] https://en.wikipedia.org/wiki/National_identity_cards_in_the...


Same problem though, the fact that the "token" is pre-issued vs election-specific doesn't change anything.

If you are worried that the government is going to change the vote tally, should you not also be worried that the government will generate fake keys to vote in the election, or simply add rows with fake signatures? You need to verify that those rows are authentic, and that's not possible while maintaining a private ballot. The only defense is to have someone who can say "I.C. Wiener is not a real person", whether that's the government or the public.

Private-ballot voting only works with the government as an "oracle". The government is the defense against sybil attacks (multiple voting, etc). You can have other systems if you are willing to let people see how each other voted, but private-ballot voting is pretty ingrained at this point.

--- theory stuff:

A trivial solution to the problems that blockchain approaches is "majority-wins". You take a vote and whatever the most participants agree is the "true" history wins (eg electing a master node in a distributed system). But how do you prevent one attacker from pretending to be a lot of people (aka a sybil attack)?

What blockchain provides is a solution for sybil attacks - participants are individually financially incentivized to burn the maximum amount of power they can, and an attacker must burn more than the rest of them combined to succeed.

As a general statement, "private" blockchains make little sense in that context, since you've removed the Red Queen's Race that provides the sybil-resistance. Most people are better off just using a database, since they really have no need of sybil-resistance anyway. The participants are trusted (f.ex when electing a master node in a distributed system), or can agree to trust some oracle (the party who runs the server). A regular database works fine for these cases.

Without the cryptocurrency attached, what you really have is Merkle trees, not a blockchain. I love Merkle trees, I use them all the time in my filesystem (ZFS). But the "shape" of the data on disk does not provide any particular benefits in terms of consensus-resolution. For things like voting, distributing the vote tabulations as a flat CSV would be just as effective as distributing them as a Merkle tree.


> Maybe the vote in the block before yours was a dead person, or never existed at all, how would you know? Whoops, looks like we're back to trusting a centralized authority (the government, who issues the voter tokens).

That's what I mean by the difference between counting votes and recording votes. All the dead people throughout history could record a vote, but that's doesn't mean they all have to count in terms of who gets elected.

All you would need is a private key given to you by the government that is associated with your identity that you use to sign your vote. Then the government can only count the votes by the identities it trusts.


It doesn't matter whether the data format in this case is a Merkle tree or a flat CSV file. OK, we add an extra column in the CSV, now we have "secretvoterid, vote, signature", still no need for blockchain.

Also, you are still fundamentally trusting a centralized authority - the government who issues the keys, and the same government you were worried about fudging the vote count. Maybe the government is adding people who don't exist (sybil attack), and the "signatures" on some of those votes are just random noise, how do you know? So your scheme gains you nothing.

At the end of the day, the only trustless scheme for voting is being able to tie votes back to names so that illegitimate votes can be challenged by the public. Any other scheme requires you to trust the government to count votes fairly, or issue keys/voter tokens fairly (we can call these a "ballot"). Blockchain doesn't change this, and if we want to get rid of the secret ballot we don't need Blockchain to do so.


Wouldn't a public ledger of votes break the secrecy of the ballot?


Blockchains can be designed to allow confirmation of something already known without revealing it to parties that only have access to the blockchain.


"We want you to vote for X or else Y" or "Prove you didn't vote for X or else Y" attacks are possible as long as verification is possible. This seems like a huge drawback of blockchain voting.

Edit: Example - people vote against unpopular candidate Paul. Paul then stages a coup and takes control of government. He then asks you to provide a receipt that you voted for him on the blockchain or all your property is confiscated by the state.


Honest question, why would Paul need to do that if he took control of the government?

I mean, "I can't" is an honest answer here, since its unrecoverable and many people won't care enough to try to verify their votes.


> Honest question, why would Paul need to do that if he took control of the government?

He might want to to punish enemies or reward supporters; “control of government” id, in practice, not infinite power, and people often use such a position to, first and foremost, secure the position.

> I mean, "I can't" is an honest answer

Which is a reason Paul might want to let it be known that some form of accountability will be asked in advance. (Which he also might due to push the actual vote results; if it is projected to be close, expecting a cost for voting the “wrong” way if one candidate wins will likely shift some votes.)


No more than a public blockchain would


Electronic voting is hard enough as it is, I sure hope people wait a long time before trying to use a fairly fragile system such as distributed ledgers for it. There are so many more subtle issues that could emerge and threaten the legitimacy of the election process (which is just as dangerous as actually manipulating the election).

Despite being so simple, the paper ballot is quite hard to improve upon without making mistakes. Moreover, a democracy should probably have the requirement that the voting process is transparent and understandable for all citizens.

The first attempts at electronic voting (if at all) should probably be made in countries like Estonia where all citizens have e-ID cards with cryptographic key pairs you can use for some oldschool cryptographic voting schemes.


Lack one question: "Is your software/infrastructure in dire need of refactoring/upgrade but management isn't willing to pay for it"


"Is your software/infrastructure in dire need"

If you need to convince management to pay for it, then it's not yours.



No


I might be a bit grumpy, but I'm getting really sick of these type of pages. There's no information, just a smart-arse "NO". It doesn't help anyone and it's so overdone I don't think it's funny anymore.


Note for future comment readers as confused as me:

The post now points to the PDF of a 7-page paper which goes into some detail.

Apparently, the original link led to a snarky "No", which isn't at all as flippant as what the paper states.


>The post now points to the PDF of a 7-page paper which goes into some detail.

Thank you for the note, I missed the "original" link.

Surely the "No" is more than a bit snarky, but it is not like the paper in itself contain that much of meaningful "news" or "ground-breaking" considerations, the conclusion (like it seems to me is happening very often on similar papers, i.e. a not-conclusion) is:

"We conclude that depending on the application scenario, there are indeed valid use cases for each, permissionless and permissioned blockchains, and centralized databases that need to be determined carefully."

It is not a "No", but it is a "it depends" that is not providing much more than the "No".


Can somebody post the original link in a comment?


The link was http://doyouneedablockchain.com/

The PDF is linked in the footer.


It's not just a static bit of text, theres a decision tree you can traverse by answering some questions. They don't all lead to "NO" - my second attempt at random clicking took me to an answer like "probably"


I'll be honest, as I saw the big "NO", I thought "not another one of these" and closed the tab.

Perhaps seemingly showing a result before I've answered questions is an anti-pattern.


Actually I followed the questionnaire with rather bland requirements of a very vanilla distributed data-driven application and it said "Perhaps".


Honestly, if you are even wondering, then the answer is a clear "no". It's good to have people repeating this.


I prefer this one.

How to decide if blockchain is right for your project?

https://twitter.com/MalwareTechBlog/status/93264913325659750...


mods: I think it is a deeply embarrassing indicator of the state of our industry that a balanced, well-referenced, academically framed discussion of the tradeoffs of a buzz-laden technology should be allowed to be flagged like this.

At the least, replace the site with a link to the PDF. It seems the average user here is incapable of reading as far as the second link on the page.

> The choice between a permissionless, permissioned or centralized database is not trivial. While this question has been discussed before [15], to the best of our knowledge, we provide in this article the first structured methodology to decide which technological solution is the most appropriate depending on which application scenario


Sorry but this is a bit dumb. If you say YES to this question: "Can you use an always online trusted third party?" Regardless of your other answers, it always says NO as a result.

Can someone give me an example of an always online trusted third party, and also let me know that how can you see into the future so that this third party keeps its guarantees throughout life?

Edit: flagging this post as it seems like a troll attempt to me


It's little surprise to find someone billing themselves as a 'distributed systems engineer' disliking a tool that helps regular people choose simple designs where appropriate.

From the perspective of a regular user, many "always only trusted third parties" exist - in the western world, for all intents and purposes, they include their utility suppliers, banks, telephone companies, email providers, and chat services.

This site is perfect for someone like my sister who is constantly forwarding blockchain-related junk to me, because her (non technical) job brought her to a few conferences about such things. Yet she doesn't understand the design tradeoffs of such an approach, she only sees the buzz.


Hey, this is relative to your needs obviously. An always online trusted third party could be the arxiv server for papers. Or a consortiuum of industry players that don't trust each other and set up a foundation that runs a central database. Or a central bank. Really depends on the problem domain.

And yes, I have talked to people who have proposed to use block chain for storing papers. So while it might be obvious to you that blockchain is not a solution for that, it's still a good paper that lays out in detail what a blackchain does and doesn't do.

https://eprint.iacr.org/2017/375.pdf


>Can someone give me an example of an always online trusted third party, and also let me know that how can you see into the future so that this third party keeps its guarantees throughout life?

This question reduces to, “Can someone give me an example of a third party I’ll trust?”

In general, it is correct to say that if you can trust a third party, you do not need a blockchain. “Always online” can refer to a variey of tiers of certainty. For example, it can mean infrastructure built on AWS or GCP, which is probably safe for the foreseeable future, excepting societal collapse or financial catastrophe. On the other hand, it sounds like you’re interpreting this literally (or at least, far more strongly), such that you require near epistemological certainty that a third party is both trusted and always available (more simply, will never be Byzantine).

The authors are not wrong to discourage use of a blockchain if you can trust a third party, because trusting a third party is simply easier. In the abstract, trusted third parties alleviate the requirement for decentralization and permissionlessness, but different parties have different (and nuanced) risk and trust models. Whether or not you should trust a third party is a function of the value of your data and the perceived resources and incentives of the vendor.

Circling back to your comment - your question is ill-posed, because your implicit requirements for a trust guarantee are likely to be significantly higher than others. For example, I backup my data to Backblaze B2 and Google GCP. Neither of them are “always online” in the literal sense, nor decentralized, so I’m trusting them in particular. Theoretically, backing up my data to a blockchain would be better for thermodynamic trust guarantees based on a distributed, mathematically hard, economically incentivized proof of work. But I don’t need that.

Trust and availability are not binary concepts. Furthermore, you should assess a third party’s trustworthiness and availability based on the value of your own data, not just their capabilities and resources.


>"Can you use an always online trusted third party?"

Real life example at the moment IOTA is working like that, there is one coordinator that works as trusted party (in my honest opinion they will never be able to shut it, but let's wait and see), another example is byteballs another DAG implementation works with 12 witnesses (at the moment controlled by a single physical entity, but in the future can be distributed)


I get the joke „do you really need a blockchain?“ and sure there is a lot of „AirBnB on a Blockchain“ types out there that do not offer a real advantage over a centralized solution.

But why not embrace all the money (and talent) flowing into this space through the hype and let natural selection run its course to leave us with some great tech that really leverages blockchain technology?


Great technology solves the right problem. Throwing resources at something usually results in improvements but it still doesn’t mean that it’s solving a problem many people have or that it’s competitive with alternatives which are inherently easier.

eInk might be a good example: despite a lot of interest and investment, it’s still a niche product despite having made big advances from where it was in the 90s because competing technologies had fewer hard challenges.


A less condescending version of this that actually explained why you do or don't need a blockchain would be nice.


just scroll to the bottom of the page then https://eprint.iacr.org/2017/375.pdf


I think the point of this is to be a little condescending? If it was a verbose definition of 'why' it would be 'yet-another-blockchain-article' no one would read.


Obviously, Betteridge's law of headlines applies here.


I was about to comment exactly that.


In other words: do you want to see your stock triple in a week?


True


do you need online payments? Blockchain is nice.


The system you are building needs to be decentralized and censorship-resistant? yes, then you need a blockchain.


This is bullshit. Plain bullshit. Tor is decentralized and censorship resistant. I am not 100% whether Kademlia networks are censorship resistant but I think so.


> I am not 100% whether Kademlia networks are censorship resistant but I think so.

Seconded. I'm almost certain they are, or at least, they're pretty damn hard to stop.


There are many decentralized and censorship-resistant protocols. Those qualities do not require a blockchain...


And blockchain can be quasi-centralized as well as get censored by those who pool majority of resources.


Excellent points. Thank you!

Yes, a blockchain is just a graph data structure. centralization and censorship resistance are only due to how the data structure is used not to there being a data structure.

It's actually pretty similar to saying - Need to drink milk? Use a splay tree.


There's an informative flowchart on p. 3 of the linked PDF that describes the logic of this site. Your question is basically covered by "are there multiple writers?" since that implies decentralization, which also implies censorship resistance. Further censorship resistance is implied by the "private permissioned blockchain" choice, which is recommended when public verifiability is not required.


IPFS also offers a decentralised and censorship-resistant database. (Kinda).

It's just not persistent the way Bitcoin's blockchain is.


Censorship resistant? As long as the censor allows bitcoin/ethereum node connections at ISP level, yes. So no, not resistant.


Do you need an internet? Ok, let's have a look at this diagram:

Do you want to have social life? ---- Yes: you don't need internet ---- No: you need permissionless internet

Clearly, you don't need an internet. It lacks coherence and autonomous smart contract decentralization cloud computing chainblocks. Case closed.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: