Login

Redecentralize

We’ve had enough of digital monopolies and surveillance capitalism. We want an alternative world that works for everyone, just like the original intention of the web and net.

We seek a world of open platforms and protocols with real choices of applications and services for people. We care about privacy, transparency and autonomy. Our tools and organisations should fundamentally be accountable and resilient.

Home

Parent
Paul Frazee [LibreList] Re: [redecentralize] Thoughts on decentralization and deperimeterization 2014-09-04 12:45:35 (5 years 5 mons 21 days 00:42:00 ago)
Bitcoin – it's a bit tiring. Sure it does solve these things in some
way.  It has to.

It's just a well-known example.


Got one question here: this seems to replicate data.  Does it protect
against malicious updates too?

It creates a verifiable log only -- the content of the messages is an application concern. We're looking at CRDTs to deal with convergence, but the systemic model for security is the reputation system.


So if I wanted to build applications like that one on scuttlebutt...
possible?  How would I make sure the wallet is always correct?

It is possible. Trust is the hard part in all of this. Once you have trust, then book-keeping is eventual consistency.


After you've distributed identities, you need to distribute data-structures as well,

This would be the easy part.

Exactly. Identity is the unsolved problem for decentralization.

What you can do with SSB is publish and delete edges between the logs. This is basically like signing a certfile in PGP -- you're establishing a relationship between the nodes. One kind of edge would be verification. Another might be a warning flag. That's how you build the reputation system.



On Thu, Sep 4, 2014 at 8:45 AM, Jörg F. Wittenberger <Joerg.Wittenberger@softeyes.net> wrote:
Am 03.09.2014 01:25, schrieb Paul Frazee:
> For some interesting reading, I'll refer you to Dominic's project,
> https://github.com/dominictarr/secure-scuttlebutt.
>
>

Got one question here: this seems to replicate data.  Does it protect
against malicious updates too?

To illustrate: I'm currently working on some simple payment system. (I
picked "payment system" because that's something everyone understands
without explanation of the app's purpose; however it's only an
application which requires the features to be demonstrated.)

It works like this:

* Every "wallet" is a (sqlite) database holding a balance table of two
columns: amount and currency. (Together with some user interface.)
* Users can create orders (documents) to transfer some amount to some
other wallet. The receiver can either accept or reject.

(There is more, like maintaining nick names for wallets.  But those are
irrelevant at this point.)

The important point: the wallet must make sure that it no order exceeds
the senders balance and no receiver can accept the same order twice.
(The total the currency must not change.)

Having a eventually consistent database is not enough here: we can't
trust the peer to store a correct value.

Our solution is rather simple.  Each wallet is replicated (tolerating
byzantine faults) at several notaries.

For a small world (like 5-20 peers) this could be *all* peers, to
simplify the situation for the time being.  Now members of the group can
readily use it.  Any attempt to cheat does not work.

However: This can not transfer money beyond the boundaries of the
group.  (An incoming order would be signed by many notaries.  To no
effect: the group would only trust those notaries in the receivers set
and reject the order if the intersection of senders and receivers
notaries is too small.)

For a larger world byzantine replication does not work, because it comes
at quadratic communication cost.  Instead we would create "virtual
banks": groups of individuals each running a peer and *contracted* (as
in "having signed a legal contract") to keep it mostly online and
prevent fraud.  Such a group could be used as an intermediary between
wallets running at too disjoint groups.


So if I wanted to build applications like that one on scuttlebutt...
possible?  How would I make sure the wallet is always correct?


Best

/Jörg

: