Even though this case is similar to the previous one, I would like to single it out as it is presented in a different wrapper.
Say we make unique and expensive goods, such as watches, wines, or cars. We want our to be absolutely sure they are buying something made by us, so we link our wine bottle to a supported by and put a QR code on it. Now, every step of the way (from manufacturer, to carrier, to , to customer) is confirmed by a separate transaction and the customer can track their bottle online.
However, this system is vulnerable to a very simple threat: a dishonest seller can make a copy of a real bottle with a , fill it with wine of lower quality, and either steal your expensive wine or sell it to someone who does not care about . Why is it so easy? That’s right! Because…
A bottle is a physical object, and as such can be faked, unlike a digital signature.
Let’s take university diploma authenticity as an example. In this case, we need to verify the genuineness of the statement (“Peter graduated from the university”), rather than a physical object. To make sure the diploma is authentic and the date of issue is accurate, we need to check a digital signature and a time stamp.
Digital signatures are great, some even call the asymmetric cryptography they are based on ‘the greatest invention of the 20th century’. But let’s not confuse it with . Indeed, digital signatures existed and served us well before was around. Be careful! Today, digital signatures are often sold as . Perhaps a digital signature is all you really need and does not really suit your requirements.
Timestamping is closer to . In fact, itself is the most reliable timestamping method. You don’t need to invent anything: just put a hash of your data into .
Is it a good idea to put a hash of student diploma digitally signed by several professors on ? Yes. However, it is important not to screw this system up by using centralized verification through a website or an app, which will be a single point of failure.
When it comes to using for voting, we need to be clear about what problem we want to solve.
Forgery of vote/voter authentication: To tackle this problem, we need digital signature rather than . The main issue here is a private key: where to get it from and how to it. I won’t explain why any system in which a key is generated anywhere other than on the end user’s device is broken by design. However, on top of this, it is also important to have open source and properly audited key generating software, third-party hardware (smartphone being the simplest option), and a user who can handle a private key.
While a system developer can address the first two issues, the third is much more difficult. may actually help us learn how to deal with keys. Indeed, losing a password to your social media account or your vote is one thing, but losing a key to your own money is another story.
Yet again, it is oracle that links a public key to a particular person if we need it for the voting process.
Publicly visible vote counting: It would be safe to assume that, say, smart contracts are perfect for this issue, as they allow everybody to see how many votes any particular candidate received. However, in this case the level of openness may be too much, as we can see how each and every person votes, and thus can influence them. Although the system may be built in such a way that every vote is only visible to the person who cast it, there is another more complicated challenge: as long as voters are technically able to bring evidence of their voting choice, they could still be put under pressure.
UPD: Colleagues assure me that there is a solution: incoercible encryption.
And here, once again, we need oracles to check whether there have been any extra votes from nonexistent voters.
5. Proof of authorship
Let’s say Artist A wants to use to register that a certain painting is his. He takes a photo of it, puts the photo hash in , and then uploads the photo to a blog. Now, if Artist B claims that the painting belongs to him, Artist A can easily prove his authorship by showing the photo and hash.
There are two potential issues in this case:
- First, Artist B can say he did not know about blockchain and thus could not use it to register his authorship. Therefore, this procedure can only work if it becomes common practice.
- Second, Artist B could break into Artist A’s studio, take a photo of the painting, and place the hash in blockchain before Artist A.
The reason is that…
is not IoT!
Yet, in general, this use case makes sense. However, it does not require anything other than ’s .
Note: I am talking about proof of authorship only, as the concept of intellectual property is nonsense in my opinion: .
6. Land registry
Another proposed case is linking -based to land ownership. There are at least two issues with this.
Enforcer actions: While a bottle/watch/car can be handed over peer-to-peer (P2P), land ownership and transfer must be registered by a regulatory authority, which can always physically visit your land and enforce its will. What will happen to a record if the regulatory authority insists that you should transfer your land? The first option: record still specifies you as a land owner, which is not true anymore; the second option: the regulatory authority can make its own record and thus rewrite yours, which means that doesn’t work. This is a critical point since is also promoted as a tool protecting you against the fraudulent activities of both the regulatory authorities and any individual officials.
Centralized development and support: Now, who is going to develop such a system and support nodes? If the regulatory authority itself or its counterparty is to do the job, then such a system won’t be decentralized. A decentralized protocol plus centralized development equals a centralized protocol.
Besides, each time somebody offers you , ask yourself:
Can we use a distributed database instead?
If the answer is ‘Yes’, why go for at all? Indeed, is slower and more resource-intensive. Plus, specialists in database development and integration are much less expensive and easier to find, their work product is easier to check, and system support is simpler too.
Given all these challenges, I believe a distributed database to be a much better choice for land registry today, even though it definitely needs to become more reliable and open (see ‘ as a Trigger’ section).
Indeed, it looks like this particular use case has already become a reality. Bitfury recently announced the launch of and is set to do the same in Ukraine and Moldova. Strangely enough, I could not find any technical details of this case, meaning that for some reason Bitfury is in no rush to boast of it.
7. Interbank transfers
This case is a good one according to the scheme from ‘Do you need ?’ It involves a number of parties that do not trust each other, without any trusted third party being engaged. Although can be used here, banks are unlikely to make their mutual payments publicly visible. Therefore, we would offer a private where only banks themselves can input data, support nodes, and verify the transactions of all other parties.
In terms of functionality, does this system differ from a distributed database with access control? Yes, it does, but only when it comes to a disagreement between the parties. Here, the question is: will banks agree to a consensus offered by the system or will they appeal to a court? If banks can choose the second option (i.e. they have never signed an agreement to unconditionally accept all decisions offered by the system) then this system makes no sense.
Plus, this entire case will be nonsensical if regulatory bodies prohibit or restrict the use of such systems or instruct the courts to refuse system data.
8. Token for token’s sake
Yes, that’s right! I’m actually writing about ICO in the year 2019. To prove its continued relevance, let me just point out that .
What I mean by ‘ for ’s sake’ is that some startups issue and say they entitle you to a share in their companies/ profits/ split-fee options. The problem is:
is not IoT!
Unlike venture capital investors or regulatory bodies, won’t hold a startup accountable or responsible to their investors. A promise in the form of a alone does not oblige a company’s founders to do anything — something we saw many times during the ICO boom (remember Lambos?). In this respect, an ICO is more similar to crowd funding than an IPO.
Although pro decentralized institutions and against regulatory control, I must admit there are almost no such systems in this field yet, which means you must either go for existing tools or trust company founders.
Now, let me describe some promising use cases.
Blockchain as a trigger
Oddly enough, even non-working cases may be useful. Say a corporation uses a long-outdated process/system. Instead of opting for a normal and obvious solution, management decides to invest in hype (/big data/AI/IoT) to gain a lead.
That’s when a savvy yet responsible can offer a proper system design, marketing it as . Depending on the situation, can either give certain advantages or be not the case at all living on slick presentation slides only.
Hint: If you are offered the chance to use , make sure it is actually . However, even if it is not, it could still be a sensible offer.
Money
is perfect for handling money, primarily because it was created exactly for this purpose. records and verifies statements like ‘Party A owned X amount; Party A transferred X amount to Party B; Party B owns X amount’ as all previous similar statements were recorded within the same .
In the second part of the series of his posts on titled Simon Morris says that the original objective of decentralization is to break the rules, as those who observe those rules will try to stop you.
meets this requirement perfectly, as it breaks the old rule according to which only the government issues money, defines issuing procedures, and decides which transaction is valid and which is not.
More importantly, I think performs a specific role: the transfer of value that existed long before the technology in an easy to understand manner (see ). At the same time, the majority of startups have to explain from the very beginning which task they solve and why — something which is nonsensical even for traditional startups that usually look for , test hypotheses, and try to stay in sync with the market, i.e. solve existing problems, rather than invent new ones.
At any rate, is the only working application so far. That is why, at the beginning of my article, I questioned the relevance of the term ‘ use’.
Note: I do not include cases in which is not used by end users, but rather by another that is, in turn, used by decentralized exchanges where of the third are listed. Who knows, the industry may actually manage to pull itself out of the swamp this way.
Smart contracts
Let’s be honest: nobody really knows what smart contracts are and what they are for, as is still in its infancy. is truly ahead of the curve. By the time decentralized came into play, people already knew and were used to e-money; by the time we got decentralized smart contracts running on , we were still struggling to handle hard-copy contracts, while centralized smart contracts are simply non-existent yet. We can try and jump two steps at once, but to do so we need time and a viable concept.
Personally, I believe that smart contracts will find their niche. That’s why I am working in the field already. However, this is my personal belief, which has not been neither confirmed nor refuted yet.
Video
I presented the ideas described above in conference. By the way, ETHDenver was great!
More examples
The examples above are only the ones I could remember and summarize. I might have forgotten or simply haven’t heard of some cases. So, I will be grateful if you give more examples in the comments below. Maybe I will continue this article.
This article was created by , a security team specialized in static code analysis, decompilation and secure development.
Feel free to use , our smart contract security tool for Solidity language, and . We are also available for .
Published at Fri, 22 Feb 2019 15:11:20 +0000
![Bitcoin [btc] shorts: $30 million in shorts closed on bitfinex; exchange records 20% drop](https://ohiobitcoin.com/storage/2019/04/Screen-Shot-2019-04-08-at-6.30.45-PM.png "Bitcoin [btc] shorts: $30 million in shorts closed on bitfinex; exchange records 20% drop")