Wednesday, 4 April 2018

Blockchains and the new mythology

For two years now, the drumbeat of Blockchain technology has gradually dominated one area of systems after another: in the public eye, Blockchains are somehow the universal solution to every problem.  This I find very odd: the core BlockChain concept is technically flawed (I don’t want to repeat prior blogs, so I’ll simply point out that four or five of my older postings were on technical problems with the model).  The model doesn’t even fit many of the imagined uses.  And in actual fact, we see few examples of real uses, other than to support cryptocurrencies that run some risk of evaporating from your wallet.  Yet this dream of using BlockChain technology for everything that really matters has somehow taken hold.

BlockChain has evolved into a mythology.

I remember a talk by Michael Brody, the CTO of Verizon around 1998 (back when it was still part of the GTE empire).  He focused on the psychological wish for magic silver bullets that can slay every technical barrier.  In companies struggling with technology challenges, it can be very appealing to wish for miracles (and all too easy to worry that the other guy will find it first and win market dominance by so doing).  At the time, the silver bullets were client server architectures, CORBA, Paxos.  But the underlying pattern was similar: an overwhelming desire to believe, coupled with eyes closed against the limitations.

We see this now for artificial intelligence, too: how many self-driving cars will have to run down bicyclists and swerve into ongoing traffic before people realize that putting a robot in charge of a car is simply an overreach? The technology isn’t ready yet.

And so too with BlockChain.  Yet when I attend talks on Digital Agriculture, or the future of medicine, or banking, somehow the very term seems to command authority (and to shut down any skepticism the audience might normally have expressed).  In the New York Times on April 3, an article talked about BlockChain in all of these and many other “uses”, quoting one gushing entrepreneur as saying that BlockChain is a revolutionary, disruptive and nearly universal technology for storage, communication, security and safety.  Oh, and he suggests we use it for online voting, to repel those Russian hackers.  Come again?  All this from an append-only log, running on anonymous servers, and prone to rollbacks?

It does seem true that a permissioned BlockChain (one running on specified servers, probably in the machine room of a bank, or sold as a turn-key product by a storage or cloud vendor) would be a great place to log transactions that you want to keep on record indefinitely.  Moreover, a permissioned  Blockchain won’t roll back unexpectedly.  But the expert quoted by the NY Times apparently wants all sorts of digital information logged into indelible records, and seemingly has the permissionless variety of BlockChains in mind (he would never trust any single bank or company to host the chain).

Beyond the privacy issues raised by having your life logged in a globally shared place, we get the oddity of using a type of log that by construction is capable of spontaneously erasing itself.  It could even be erased deliberately by the same Russian hackers out to tamper with the election you are trying to protect!

Setting the technical issues to the side, the psychology of this article speaks to Brody’s old story of using silver bullets to slay dragons.  Technology has become so complex that it certainly can feel like magic, and magical thinking is a natural fit.  Nobody wants their illusions punctured.  No technology is perfect, but even this plays into the story: if you point to a flaw, like the tendency of permissionless Blockchain to roll back, Blockchain fans just assert that version 2.0 will fix that.

The dialog reminds me of science fiction.  We start with a conceit: “dilithium crystals and antimatter  enable faster than light travel” (and every other technical miracle the script writers could dream up).  The physics wouldn’t bear up under close scrutiny, but we don’t look too closely.  And from this starting point, we boldly go where no one has gone before.

But one can easily understand the motivation of a science fiction script writer.   Where I’m left puzzled is with the motivations of all these self-proclaimed experts.  are they deliberately lying?

Quite a few must know better. Yet somehow, this chance to be the expert seems to drive rational computer scientists to make wild claims, while brushing obvious concerns to the side.  While the scam endures, these people are becoming millionaires.

I imagine that it must be fun to be able to sound off at fashionable cocktail parties, too.  “Am I concerned by the opioid crisis?  Well, of course.   But in my view, the entire problem could be solved by using Blockchain to log every transaction involving these habit forming drugs...”

Down the road reality will impose itself.  But I guess that by then, these experts will have long since cashed out, bought Napa vineyards, and moved on to speculate in some other illusory commodity.

4 comments:

  1. Blockhain has involved into a mythology, but there are also open questions. Are there no conditions under which a permissionless blockchain would work for currency? Yes BitCoin has cartels, but can it be theoretically proven that they would always exist? How does one attempt to answer these questions, what labs does one use to test solutions, etc. Have you thought about these things?

    ReplyDelete
  2. I've written fairly long postings on exactly your questions, so I'll avoid duplication -- you can find them easily here.

    Basically, there are no conditions under which an anonymous membership system with no limits on how many participants are active can ever solve consensus consensus, which is the mathematical name for a rollback-free log.

    So while it is a great idea to use a chain of records (perhaps encoded in a standard strong enough to represent legal agreements and banking records, derivatives, etc), and then to entwine those records using cryptographically strong cross-signatures, it is a terrible idea to them try and run the resulting chain on an anonymous infrastructure.

    Anonymity destroys the guarantees.

    With permissioned (non-anonymous) solutions, we can solve consensus. An example is the Paxos protocol, and a second example is the variant of Paxos implemented in my Derecho system. Then there are Byzantine fault-tolerant versions of consensus protocols (we may even do a BFT Derecho). These are mathematically sound.

    The BitCoin cartel question is interesting, but the question isn't "do they always exist" but rather "can they ever arise"? If they CAN arise, then a person trying to defend the system must assume that they DO arise. This is called an "adversarial" mindset.

    In effect, you are saying "Maybe it is ok to cross highways with blindfolds on, as long as you do it at 3am, not during rush-hour. I've done it, and never was hit by a car. My friend did it too." And yes, you made it across. But if this will be the main way that the children cross to get to elementary school, we would want to know that it is safe even during rush hour.

    Some things are better tested by using mathematics, not doing lab experiments. It is too easy to test your concept for children crossing the highway at 3am, when no cars are on the road, and to conclude "therefore, this is safe."

    With mathematics, we specify the properties desired, the assumptions we make, and we prove: "under these conditions, the following protocol can always, without fail, solve the problem." That's a very strong kind of guarantee.

    We have such guarantees for systems like Derecho and for protocols like Paxos. Blockchain systems can run on these infrastructures, but not anonymously. With anonymity, the guarantees are provably impossible to achieve.

    ReplyDelete
  3. >> With anonymity, the guarantees are provably impossible to achieve.

    Cool. Do you have a link to this proof?

    ReplyDelete
    Replies
    1. I can give you the whole proof in three lines, but I'll write it out in story-form, in a few lines more. I'll assume that you know how consensus is defined, but in case anyone out there is unfamiliar, the goal is for the members of some system to agree that the next action to take is b, for some binary value 0/1. This is a definition originally suggested by Leslie Lamport.

      So, assume that we have an anonymous BlockChain solution that works properly. We wish to use it to solve consensus.

      * Observation: in fact any stable block is a consensus solution: we simply use some policy for encoding b into the block. For example, every process in our anonymous system tries to publish a BlockChain record saying "b=x", each one using its own preferred x. We take the first such transaction in the first block on the chain, and use x.

      * Accordingly, assume that in Freedonia, people have decided to adopt this scheme, set up an anonymous BlockChain system, and in fact the chain now has K>>6 blocks. Through extensive laboratory experiments, nobody has ever seen or managed to provoke a rollback of length > 6. So with K>>6, everyone calms down, decides that no rollback will occur, adopts b=1 because the first transaction record has b=1. Maybe this decides their presidential election or something. Life moves on.

      * But in Elbonia, a strange new mathematical twist leads to the invention of a much faster way to do hashing. 1000x faster. Elbonian bankers quickly generate a blockchain of length K' > K. For example, if the normal chain has reached length 1000, the Elbonian one is up to 1005.

      * They publish it. It was an anonymous membership BlockChain, so Elbonia is free to be a part of it. Freedonia servers see the new longer chain and adopt it. And in the Elbonian version, b=0, not 1, in that first record.

      This violates the consensus property, which is that once a decision is reached every other process eventually reaches the same decision. Here, Freedonia originally decided b=1, but now has flipped to b=0.

      Conclusion? With an anonymous BlockChain, consensus is impossible.

      In contrast, we can create a solution to consensus that provably is correct, provided that we agree on the membership of the system ("it is a permissioned BlockChain"), and provided that the network connectivity satisfies a certain property formalized many years ago by Tushar Chandra and Sam Toueg. In effect, this is what Paxos does. And Derecho is an example of a system implementing this form of guarantee. It never rolls back a decision.

      Delete

This blog is inactive as of early in 2020. Comments have been disabled, and will be rejected as spam.

Note: only a member of this blog may post a comment.