This is the second part of my Decentralization topic, started with http://igorartamonov.com/2019/02/on-decentralization-part-i/, based on my presentation about a role of decentralization for a public blockchain.
In my previous article I’ve written about factors that could possible affect decentralization of a public blockchain. And if you start applying them to existing blockchains, it becomes clear that most of blockchains are guilty of one or two of such factors.
It’s much easier to sell centralization disguised as decentralization, and is very profitable. It seems that nobody cares about decentralization anymore. Maybe decentralization doesn’t even matter?
What is the problem?
What is the problem with centralization? It’s obvious that a Central Point is a Point of Failure, but what kind of failure in this case?
Any central point can be used to get some advantage. Control of a public blockchain is a power, which governments, big corporations and criminals want to control. Humans are weak point, they are especially exposed if they are part of that central point. Not necessary to destroy, but force them to do what powerful actor wants.
Most people think it’s impossible to force any changes, “because it’s Open Source”. Unfortunately not every problem is easy to notice, otherwise we wouldn’t have software bugs. Some backdoors can intentionally be planted in a code and pass all verifications, only authors would know how to use them. There are many examples of that.
Take a look at NSA Bullrun program, revealed by Edward Snowden. NSA has been actively working on inserting vulnerabilities into commercial encryption systems. One of the planted vulnerabilities was a backdoor added to random number generator Dual_EC_DRBG.
For example it was integrated into Juniper Networks, which is one of the leading companies producing networking hardware and software. On one day, without any practical reason, they have integrated Dual_EC, and at the same time they made few changes (“unintentional bugs”) to different places of their code. Altogether it allowed a hidden user to login into system and decrypt and copy traffic coming through the system.
Even better example was demonstrated by BEA-1 encryption algorithm, which is literally a “Backdoored Encryption Algorithm, version 1”. This academic research shows that it’s possible to make a backdoor in a public algorithm. BEA-1 algorithm is compliant with security requirements, such as FIPS-140, passing all verification, and not noticeable even to an experienced cryptographer. It still has a backdoor known to authors, which allows to decrypt (break) a message just on a laptop.
So it’s definitely possible to change open source code to make it working in a way end-users don’t know.
Is blockchain already affected?
I’m not worried about cryptography backdoor actually, I think that the most expected backdoor would be a political one, a way to influence development, ecosystem, define which businesses are accepted and which are not, which addresses are free to participate, and which are censored. We have already seen such discussions about governance proposing that special people should have advanced rights to interfere with general consensus rules, and that autonomous networks are somehow bad. Seed is growing unfortunately.
Many blockchain projects has violated a lot of laws or SEC rules, some are used mostly for illegal gambling, others have done other not-very-legal things. A government has all rights to prosecute people in charge (i.e. foundation/leaders) or use that to force them to cooperate. We wouldn’t know if latter has happened already, and we didn’t see former either.
Some people don’t trust ZCash because of “Trusted Setup”. They think that during that operation some agencies got a “master key” to see all transaction, and it’s almost impossible to prove opposite. I hope Zcash will figure out how to resolve that.
I think Bitcoin is hard to attack at this moment, it has a working software and main protocol, it less depend on core progress currently. Most important, it has suspicious community which opposes changes and asks tough questions. There are too many different forces/groups makes it ineffective to target just one.
Ethereum has many points that can be used as a point of failure. Code is still immature to continue operating network as is, it needs many improvements, team needs to solve scalability problems and so on. I.e you can’t remove foundation, leaders, official structures and code, all of it are critical elements and many of them can be captured. They already have a track record of being pro-centralized, they are perfect target.
For the most of other blockchains you don’t need to use any force at all, you just call CEO and make an agreement. Business is business.
Except Dogecoin maybe, because there is no one in charge now. Much unstoppable.
Is decentralization really important?
Most people would say that decentralization is overvalued, nobody needs real decentralization. Most companies would say that they are using blockchain just for non critical (and fully legal) stuff, and there is no reason to expect anyone would attack blockchain to get advantage over them. That is the state of things.
But I want to remind that Internet was created as a communication network to survive nuclear war. Literally.
Internet was made by DARPA — Defense Advanced Research Projects Agency or US Department of Defense.
TCP/IP is also known as “DoD Four-Layer Model”, where DoD is Department of Defense.
Take a look at Memorandum on Distributed Communications by Paul Baran, a research about how to build a network with maximal survivability, and which proposed packed switching (which is basis of modern internet). It’s famous document, everyone uses picture from it when talks about decentralization. Though most of them are probably never looked into the document itself. The document contains “enemy” or “weapon” almost on every page.
Initial funding for Tor’s development had come from the federal government of the United States, initially through the Office of Naval Research and DARPA as well.
Most of modern internet was build by defense organizations, designed for extreme conditions like surviving a nuclear war. Why is that?
The reason is that you can’t build a global communication layer that would have a way to be controlled by someone. US, UK, China, Russia, and others would like to control all communications. Everyone would want to control it.
We had other communications networks before Internet, like telephone. And actually many people never believed in Internet, because traditional networks worked perfectly for almost all of the tasks, and were cheap compared to extremely expensive Internet. But it was replaced by Internet.
Some would argue that some parts of Internet are pretty centralized, for example businesses around DNS and TLS certificates. But I would call it layer 2, like Lightning Network to Bitcoin. Layer 1, as a protocol itself, can work only in absence of any entity with control over it.
If a blockchain allows any control of it, it will not be accepted globally. But it can work as something limited geographically or by boundaries of a particular business (Facebook Coin has a right to live, same as their 10.0.0.0/8 network).
To be global everyone should have same rights, same level of control, or in other words, it must be controlled by no one, be an autonomous network.
If you can build such communication network, it will serve everyone equally, in case of any conditions, in extreme case of war, or in more expected case of posting stories to some kind of new instagram-on-blockchain.
- On Decentralization. Part I
- New Discovery Around Juniper Backdoor Raises More Questions About the Company
- Proposal for a Backdoored AES-like Block Cipher
- Memorandum on Distributed Communications by Paul Baran