video: https://www.youtube.com/watch?v=YBQh_WHyPAs
Welcome today to Blockchain Commons' Silicon Salon. Thank you all for joining this event to puzzle out how to find out a future in semiconductors for cryptocurrency and other cryptography applications. Thank you for joining us.
This is a collaborative session. We have a collaborative note capability, in particular Bryan Bishop will be using his famous ability for notetaking. If you missed the links, ask in the zoom chat and we can send them again.
So first off, who am I? My name is Christopher Allen on twitter and github and other places as @ChristopherA. I first started working in this industry in the very end of the 80s when this was all brand new. In particular, I was involved with freeing up the patent license for RSAref which was used by early startups in the internet space like RedHat, PGP and others. I was deeply involved in that. In the early 90s, I ended up taking over the SSL reference project from Netscape. We published SSLref 3.0 and later I ended up becoming editor and co-author of TLS v1.0. I've been doing this for a long time. One of my significant clients back then was DigiCash so you could say that I've been doing digital currencies for 30 years. In the 00's, I was CTO at Certicom which is where elliptic curves were invented. I had a side hobby as an adjunct professor at an MBA program. In the 10's, I was at Blackphone which was an early startup that was trying to do a more secure more private Android phone. I also started Rebooting Web of Trust and coined the term self-sovereign identity and its 10 principles. I was also a principal architect at Blockstream. More recently I coauthored the W3C DID standard, and today I am principal architect at Blockchain Commons.
Whta is BCC? Our goal is to bring together blockchain and web3 stakeholders to work together and build interoperable infrastructure. We want to focus on decentralized solutions where everyone wins. We're a neutral party not-for-profit. Our larger mission is to enable people to control their own digital destiny.
The problem we're trying to solve is this one. You've seen this cartoon for a while now. There are all these dependencies and all this technical debt that we keep piling up on other stuff, and then there's one key fragile portion at the bottom being maintained by someone somewhere. We saw this with OpenSSL heartbleed and we've seen this in other situations in the past. It is also a security threat when supply chain and other things are not financially supported, and that one little bit needs a little fix and it sometimes doesn't happen.
We work with web3 and blockchain stakeholders to work with communities and assess needs and requirements and problems. From that, we will collaboratively engineer interoperable specifications which I've been doing for 30 years. Together, we want to evangelize these solutions to the ecosystem and we want to support all of our different partners with reference code, test suites so that they can develop and make available their own implementations.
I've done this before- FIDO, DID, verifiable credentials, TLS, RSAref. Airgap URs, QRs, and a number of other things that you will find on the BCC github.
Who are you? Well, we have a lot of different people here, like silicon designers like Supranational, Tropic Square, Crossbar, all involved in designing semiconductors. We have hardware wallet manufacturers including Proxy and Foundation Devices, who take those chips and implement cryptography applications with them. We have a number of people in the community involved in other aspects of the ecosystem like Bitmark with NFTs, Unchained Capital with collaborative custody. We have a variety of advocacy orgs that support us like Human Rights Foundation, and a number of people here who are cryptographers and cryptographic engineers.
Our problem. Leveraging secrets held on silicon chips is really important as a Root of Trust method. We have learned this over the past few decades that this is one of the best ways to protect our security is to have this root of trust. Unfortunately the existing chips don't support modern cryptography, and a lot of standards orgs are rejecting the needs of the cryptocurrency industry but I would also argue a lot of the newer cryptography. The capital and lead times for chips is really high. It takes years to develop things. Very large upfront costs. Within that, there's very inefficient IP licensing, it creates a lot of friction not only for developers but ultimately the whole ecosystem in trying to get solutions to our problems.
A lot of this is due to current financial incentives really failing to create a robust secure infrastructure, and this is at all levels not just the hardware but wallets and the network stack that we need for all of our stuff to function. In addition, there's something I call the NASCAR problem. This particular screenshot is from Sparrow Wallet. This is the long list of the different cryptographic wallets both software and hardware that it supports and all the variants for it. And this is just the beginning. There's a lot of startups that should be in this list or new capabilities that ought to be in this list and aren't; not for lack of trying. This is the NASCAR problem and we've seen it before. Two decades ago, you might remember openID login screens which was this user-centric promise that unfortunately lead to too many choices. We see Google OpenID here and a lot of other icons from Yahoo, AOL and other ones. It just got larger and larger. Another problem was that the big openID providers were able to subvert the protocol due to weak interoperability standards. You could do half of OpenID and not the other half. That combined with the market power of Google, Facebook and Apple meant that they dominated this space and today you still see now 3 buttons for these kinds of social logins. Maybe two buttons. Apple has recently returned with their own login only because you can't ship your app in the appstore with a federated login unless you also support theirs, which is using their market dominance to put their NASCAR logo on all these logins.
I don't want to repeat this pattern. It's going to cause a lot of problems down the line. So what is our answer? Well, follow what we have done before to collaborate together, evangelize our solutions, engineer our solutions, and then provide long-term support. We want to define use cases and requirements. We want to identify essential features for new cryptography, in particular for silicon logic but also prioritize them. We want to create an ecosystem roadmap to support continued investment. Many of you are trying to go out and get capital for your new solutions, and being able to tell a better ecosystem story and how big this opportunity is would be useful for us all. We want everything to be interoperable and future-proof which serves the whole ecosystem. We have done this several times before, and sometimes things get centralized, so let's remove privileged points in the ecosystem and limit the ability to subvert the shared protocols which is something that BCC is trying to achieve in all of its work.
The process today includes multiple presentations on silicon hardware from the chip designer perspective but also from a vendor using these chips that perspective. We will then go into 6 open topics and have a facilitated discussion about those topics. It will be everything from what kind of cryptography is most important to you. What are the pain points you have? etc. We will do that after the presentations. Then we will decide on next steps for collaboration like another salon or do we want to focus on one particular area etc. This will be another 2.5 hours of work, we hope to finish everything by noon PST or 3pm EST today.
So now some rules. We really want everyone to be able to use the information that we're collecting today, but we really want people to be able to speak freely. Neither the identity or the affiliation of the speakers should be revealed. Please don't take a quote from someone and say Simon said such and such in Silicon Salon unless you directly ask him in advance. If you ask, they might say yes. But please don't take anything out of context. We're going to be recording the presentations that are being done today for youtube, but we will not be sharing the Q&A of those presentations nor will we be sharing the discussions that we have afterwards. We do have recording on right now but that's to help us to produce an anonymized summary that we will be making soon. The summary will be including quotes but not names and affiliations. There will also be an opportunity in the next day or so to review it and have something removed if you maybe said a little too much there then we can remove those types of things. The collaborative document that I shared earlier is where we're taking a lot of those notes. Feel free if you have concerns or questions to clean it up there.