arvind-narayanan

I would like to introduce Arvind. He is a professor at Princeton. He has talked about this in a number of different forums.

Hi everyone. My name is Arvind. This is turning out to be one of the more unusual and interesting events that I have been to. Someone at my table called the first session a quasi-religious experience. Not sure whether that was a good thing or not. Joking aside, my favorite thing about this is that the position statements were available on the website. I found them fascinating. I recommended them to my grad students. I read all the position statements. My comments today are going to be influenced by them. There were lots of good ideas there. Lots of convergent themes.

Nobody likes a conference keynote. Think of this as a conversation starter, influenced by your position statements. I am going to share some of my excitement for why I think there is a unique opportunity for standardization in web and blockchain and vice versa. In particular, how it might be possible to marry the power of blockchain with the reach of the web. I want to see if there's a way to get that, to democratize blockchain. That's going to be the broad theme.

Before I get into that, I want to discuss a skeptical point. What's ready for standardization? Is it too soon? Is it too premature? I don't have an answer for that. The role here for me is to not give answers. I want to address a small component. From a computer science perspective, one question which we can ask is are bitcoin and other blockchains sound? Are they going to be around in 10 or 20 years? I think it's important to know the answer to that question to some degree of confidence. As an academic comp sci researcher, I can bring something to the table about this.

Research in bitcoin in particular has been vibrant in the academic community. This is a Google Scholar search for the number of papers mentioning bitcoin. Per year the number is in thousands. In 2013, it exploded. This does not mean that all of these are papers totally about bitcoin. I would estimate 100 per year that are really serious abit bitcoin, people analyzing the properties of the system.

Why am I talking about bitcoin not blockchain? There is relatively little of substance that you can say applies to all blockchain without being specific about one particular blockchain. Can we be successful about abstracting away specific properties about blockchains? There has been vibrant research in academia, to try to find unerlying problems in the system. What is the result of all of that? I would summarize it with three points. One is that, so far this is just my opinion and looking at all 3000 papers, well except Bryan... There have been no major unsolved problems found so far. There are various known concerns. The best known is selfish mining. Some of you may have heard about that. It's one of several other potential such problems, discovered by academics and others in the bitcoin research community.

One piece of good news is that even though there are problems that have come out of a theoretical analysis, it seems that bitcoin has been working much better in practice than it should be. People are getting wise to this. People are refining their theoretical models to better model and predicft an figure out why bitcoin is continuing to work in practice. This is something positive from the point of view of standardization. The underlying tech is ready. From a teaching perspective, myself and others at princeton did an online course on bitcoin, we had 35k students. We did a textbook. Many professors are seeing bitcoin as a good way to introduce crypto and comp sci ideas to undergraduates. I think these ideas are going to get a lot of traction. I think we're going to have a lot of resources to draw on.

I would offer one caveat, which is end-point security. What do I mean by this? People getting hteir servers hacked, losing bitcoin, companies going down because of securit y issues. This is different from bitcoin stability itself. Endpoint security so far has been pretty miserable. We all know this. Also, this came out yesterday, it's called the blockchain graveyard, it's from someone at Coinbase taking about a lot of different websites that have gone under because of security problems and ways that we can learn from that.

Human-crypto interaction is an unsolved problem. Not clear whether we will solve this for mainstream users to handle keys securely. Is it possible to abstract away those details from end-users, if we want to really democratize blockchains and marry it with the power and reach of the web.

Another caveat is the amount of research and the conclusions like bitcoin versus ethereum. Ethereum is a much newer system, not much research so far, but also compared to bitcoin there is some concern about the fundamental security of the system, both about underlying security and so on. Bitcoin has been remarkably successful at alinging this... with Ethereum there has been some concern about people's ability to reason about smart contracts and writing them in a secure way. As you might have heard there was the recent DAO problems. Cornell researchers have been pointing this out for a long time at this point. There is vibrant academic research in these communities. Ethereum research is going to be in a different place in a few years, but at this point I would say there are concerns about stability and security of the system.

Can standaridzation enable new apps? Sometimes we standardize document formats. That's really important, apps can then talk with each other, that's important. But sometimes standardization enables fundamentally new things. At the introduction of Cookies for the Web, it's coupled with browser functionality that is fairly trivial, sending a cookie to the server each time, but it fundamentally altered the character of the web. It made a lot of other apps possible. It had some negative effects as well though. We can exploit this in the blockchain world when combining it with the web. Could a little bit of browser functionality enable something totally new?

I am going to give an example of somewhere that I think this might be possible. It's to prove the point that something like this might be possible. I want you to imagine 5 to 10 years in the future. A user, through a web browser, or an IoT device that is web-enabled, and they are interacting with a service provider. They issue a command to do something on the blockchain. I will make that more concrete in a minute. It's an untrusted server. The client does not trust the server. This is a thin client, denoted by the stick figure here. In bitcoin, there are thin clients and so on, where the clients do not have much functionality, they want to rely on the servers but don't want to trust it. The server carries out the task. But in addition, it's enabled by the blockchain to say I've done that, and here's the proof. The notion of proof is one of the cool things that blockchain enables. This is something that we need to keep in mind during standardization. In this vision of the future, imagine the browser showing a green lock in the address bar, the user doesn't need ot know much else, it handles the verification of the proof and then the user is convinced that the command has been successfully completed on the blockchain. Imagine what kind of world this would enable. I read all of your position statements. There were many threads about contracts, not just smart contracts but legal contracts timestamping on the blockchain, provenance both for creative content but also IP and assets, lots of people excited about IoT like from IBM and BT and so on. Identity was another important thread here. Think about any of these applications. Think about renting an apartment, you are renting, you walk t othte landlord, the landlords computer connects to a backend server which is connected to the blockchain. You signed a blockchain transaction, and... who's phone is that? Your landlord timestamps that on the blockchain, it beams through bluetooth, your phone being a thin client not a node on the network would still be able to through your browser trust a web-based interface to convince you the user that the landlord has done this correctly and that the document you just signed was timestamped on the blockchain. You could imagine this for creative content too. If we enable this through blockchain, this enables the use of the blockchain with just anyone with just a browser, without interacting with the underlying crypto. What is the language for that? What are the set of things we want to express? When the server sends a proof back to the client, what does that mean? Is that a browser add-on? What is the user interface that the proof has been correctly verified? We have to figure out how to operationalize this. The power that this is going to unlock is going to be really tremendous. Today, with or without standards, I don't think we have anything like this that is possible.

As an aside, when I say proofs here, what do I mean? I want to show you a simple technical example of how these proofs work. The simplest possible proof is where the client says to the server to put a piece of data on the blockchain and the server sends back proof. Visually, this is what the blockchain looks like. You have seen merkle trees with pointers pointing to different blocks. So the data you write is going to be this node in the merkle tree over here. So what does it mean for a server to prove to you? This is what I mean by "efficient proofs". This is enabled by merkle trees. The server can only give you the pieces of data highlighted here. You don't have to care about most of the 70 gigs in the blockchain. You only have to care about a small logarithmic amount of data. This will allow thin clients to verify this by looking at hash pointers, looking for 6 confirmations in the blockchain, and then confirm that the data was written to the blockchain. The server does the work, you don't trust it, but you can be cryptographically convinced that it is acting correctly.

Another scenario is about identity where the client wants to ask a question to the server, prehaps a question about a friend, the user knows the handle, the server can provide an answer like a pubkey. What we can make possible is, here I am borrowing a grpahic from blockchainme. Imagine if a server could send a sum representation of this identity info back to the client and the client's trusted web interface could verify this information and the client could simply trust what they are seeing is reflecting what's on the blockchain. I think we should be able to enable this. Standardization should be able to bypass the messy process of human crypto verification, like users having to check signatures and so on and so forth.

Let me give you one more technical example of a slightly more complex proof. This is the sort of thing that you can imagine in a system like namecoin. The client could ask what is the IP address corresponding to a domain name? This is a blockchain based replacement for the centralized ICANN domain name system. The client asks for the IP for a domain, the server says here is a record that maps the domain to the IP. That domain name might have changed hands. The server has to prove an additional statement that there is no future record after this record that pertains to this dot bit domain name. This will not work with a simple merkle tree proof like I showed earlier. To enable broader applications, this serves a quesiton like, should we standardize the simple proofs, or should standardize a language for proofs similar to ethereum's system which is turing complete?

There was a proposal for fidicuiacry signatures, where the authors have put a lot of thought towards proofs. These questions should be addressed.

Let's take this a little bit further. Verifiers could be offline. Think about the typical IoT space. Think of a car that can be opened by a digital key. We can enable the following scenario. If you want to loan your car to a friend for a period of the day, in this hypothetical world you could have a USb-based car key, with a USB port where you could upload information related to signatures in the blockchain, and this car key could communicate by bluetooth to the car and be able to open it. The car queries the key and asks for some proofs, the key gives a proof to the car that the key is authorized to drive the car for a period of time. The car could verify this information including proof-of-work and so on.

I do want to present a caveat. If you are offline, then you are going into a weaker security model. Some people are uncomfortable with thin bitcoin clients, because of the weaker security properties. But my position is that the opportunity is enormous, and we should fix the security properties instead of moving away from these scenarios altogether. We can put this into every IoT device, not just cars but also toasters. What if we could do this without having to connect it, what about just only putting a thin client on to each device? I am sure most of you follow the Internet of Shit twitter account, which catalogs all the disasters related to putting internet access into toasters. If you don't know what this is, then you should go follow that twitter account, that's the most important takeaway from this talk. Many companies here are interested in marrying the blockchain with IoT and I am interested in hearing what they think is appropriate here.

I want to make a few more points. It does matter which blockchain we're talking about. Imagine a client telling the server to do something on the blockchain, and the server communicates back a proof. Even if it's the case that you can standardize this part here, this word proof here is going to be difficult to standardize across different ledgers. If you do that, you have only solved half the problem. One of the example where this goes into play is public vs private blockchain. Permit me for a moment to deconstruct private blockchains here. I am going to use private blockchain and permissioned ledgers as the same term here. What do private blockchain have in common and what do they have different to bitcoin blockchain? They still use an appended log with hash pointers and merkle trees. They threw away proof-of-work and nakamoto consensus which is the primary innovation of bitcoin, and they dispense with currency. So some of them use Byzantine consensus protocol work instead, like fault-tolerant praxos stuff. This is a different technical configuration. Most of the technical components in private blockchains go back decades in the computer science literature. People were putting roots of merkle trees in the newspaper, before people heard about blockchain. There was a company that puts the root hash as an advertisement in the newspaper, called guardtime. Most of these concepts have a pedigree going back for decades.

I want to point out a funny tweet. This explains why private blockchains have been so successful. Steve Wilson. "Blockchain is a stone soup for capital markets technology". All of the underlying actual technical components from private blockchains go back to the 80s and 90s in the computer science literature. Private blockchains don't use Nakamoto consensus. What the blockchain is going to be able to prove to you about its operations is going to be totally different for public and private blockchain. It's going to be completely different. The proofs are going to be fundamentally different. The standards are going to be probably incompatible. Some people have proposed interlinking different ledgers together. However, these ledgers have vastly different security properties. What happens to the security properties when we do this?

A note of caution, if you have heard me speaking on this topic before then you would have guessed that I woud go here. Seeking tech solutions to social problems. I want to read one quote from Angela Walsh, from one of the submissions, like I said I read all the submissions. "When messing with public property and finance records, you're messing with the records of private individuals. We need to keep this in mind how dangerous this can be." Standardization can act as a key check to prevent us from seeking technical solutions to social problems. This offers us an opportunity for introspection. Is this tech going to be applicable to everyone? What are the costs? Can we think about the potential harms of this tech? It also acts as a point of regulation. And finally, it imparts legibility. What I mean here is that standardization is while primarily a process of getting computers together, the process of documenting and specifying what we're doing, allows this tech to be legible to lawyers and regulators who want to come in and have a discussion about how we're using this tech in our world. These two days here are for technical discussion, but more broadly we should have an opportunity to think about blockchain in society.

Power of the blockchain + reahc of the web. A way to avoid human-crypto interaction. A way to keep clients thin and dumb. Which blockchain? It matters. Standardization process is a chance to stop and think about social problems & tech.