4 posts tagged with "ethereum"

In Part 1 of this post, I discussed a particular example - that of decentralised Uber to decipher if a decentralised Uber makes sense, or in general is decentralistion always better?

In this post, we will explore some the theoretical basis of the argument.

Braess's Paradox​

Braess's paradox (often cited as Braess' paradox) is a proposed explanation for the situation where an alteration to a road network to improve traffic flow actually has the reverse effect and impedes traffic through it.

You can find the complete explaination of this example here. I will just suffice to say that the total commute time from Start to End is lower if there is no link from A to B vs when there is. It would be better if a rule is laid down that only a certain number of people are allowed in the road A to B. Keeping it open to independent choices of everyone produces an outcome which is sub-optimal to everyone

Decentralisation is not a value in itself​

I recently came across a very interesting tweet by Simona Pop of Bounties Network.

There is no inherent value in decentralization. What decentralisation enables is of value for some people or in some contexts. Does it make people more efficient? Can theynow do things which government or regulators didn't want them to? Does it give them more control of their lives? These are the questions which actually matter.

Democracy vs Dictatorship​

In context of nations, the tradeoff between democracy and dictatorship is very similar to that between decentralization and centralization.

Though nations have much broader and varied goal, compared to organizations. For example, companies have a clear metric of creating more shareholder value.

What are the metrics on which decentralised organizations should be judged? Is it the value accrued to network participants?

How much value can be assigned to network participants not getting censoured - which is one the key benefits of decentralised orgs.

Countries' metric can be GDP, GINI coefficient or the happiness level ( Bhutan actually uses this metric)

Historically, Decentralisation always emerged as a response to restrictions in centralised systems​

Here's a great post which talks about the rise of decentralization in context of mp3 file sharing. The author points that decentralization always arises in response to the law when a certain use of centralized technology is denied.

A quote from the above post which sums this beautifully

Ask yourself, what can some people not do on centralized systems which they should be able to do? If you look closely, you might be able to spot informal strategies people are using today to get around the rules, and these could help inform what to formalize into a protocol.

What do people really want?​

I think the key question is - What do people really want? Are they OK with sacrificing some privacy and freedom for better user experience and less effort.

If we try to reason with organization of states, most states have high level of centralization. US, China, Russia are some examples which come to mind. Direct democracies in comparison have been few and has only worked for fewer states.

Other advantage of centralization is that it concentrates power on the top layers. These people want to increase their power - leading to more alliances, subjugation or attacks - ultimately leading for the organizations to be more powerful.

Similar dynamics can be seen in corporate orgnizations. The profit motive actually helps them become bigger and concentrate more power. This drive is lacking in decentralised organizations.

Urusula Le Guinn in her book The Dispossesed portrays this beautifully. The book talks about a society born out of anarchism, an extreme form of decentralization. These people establish a society from ground up in a new planet. What was interesting was that even in this anarchist society points of centralization emerged. For example, people were given names by a centralised computer systems. Important people controlled means of production and media. The book is a great portrayal of the dichotomy between centralization and decentralization.

The emergence of miner centralization, high level of control by developers, etc. point to this phenomenon in current crypto ecosytem. It emerges primarily for better coordination and efficiency.

This begs the question:

Isn't the inherent tendency for people to strive for power a deterrent against decentralization? And what has fundamentally changed in the last few years which would tilt the balance towards decentralization?

One of the biggest hurdle in crypto reaching to mass audience is the importance of private key management and how the loss of private key can lead you to losing your crypto wealth.

Private Key Management​

Why is private key management tough?​

Cyber security is mentally taxing. Though physical security is also mentally taxing, that’s why we have locks, frisking, etc , but we have learned to accept them and they are part of our day to day lives.

• Fingerprint based office entry solutions
• Frisking by guards before entering
• Security guards in apartments

We are just not used to threat in cyber realm and don’t want the pain to secure it. This is at odds with the current practice of increasing amount of value and wealth in cyber domain. Most of us spend large number of waking hours in the cyber space - working on laptops, talking on mobile, chatting, etc. Large part of our wealth currently is secured in banks/funds which we interact digitally using websites/apps. With the increasing adoption of crypto, we will now also be responsible for securing our wealth. Hence, learning about cyber security is fundamental for the times to come.

Also, as engineers and product designers we should strive to make this shift in need for cyber-security frictionless, so that more and more people can transition to this new paradigm.

Projects​

Some projects which are working in the same space:

• Gnosis Safe
• WalletConnect - It’s an open-source project that enables desktop Dapps to interact with mobile Wallets.
• Shamir's Secret - Sharded private keys with friends which enables authentication only when n-out of-m keys are available

Alternative Mechanisms​

• Project at ETHBerlin - Using private key enabled Govt ID (Estonia Govt ID) for login?
• Proposal by Alex van de Sande - Login with ENS subdomains - Code
• Tenzorum - Key Management protocol for decentralised web

Identity/Biometric based mechanisms​

What are the issues with tying private keys with Identity?

• Based on Identity contracts
• Biometric based using fuzzy extractor - Biometric based methods though suffer from privacy issues (biometrics can be extracted from public sources) and also are more amenable to rubber hose attack (using coercion to obtain biometrics)
• Using Iris scan to generate private key

Software Wallets​

• MyCrypto - Web and Desktop based wallet App
• TrustWallet
• Edge - Android/iOS based wallet
• Parity Signer - Still unreleased (Sept 11, 2018). App last updated on July 2017 | Github Repo - In active development

Hardware wallets​

• Paper wallets
• Crypto Steel
• Trezor/Ledger Nano
• Ethercards - Physical Ether gift cards

Can U2F keys be used as crypto private key hardware wallets? What are the security issues involved?

Instructive Videos​

• Login, Identity and Wallets session at Berlin - July'18

• Universal Login for Ethereum by Alex van de Sande - May'18

• Dapp UX and Adoption - Council of Berlin

• Represents learning from different teams on UX adoption

• Summary - Keep it simple. Relevant. Give value before asking for email etc.

• Nik Page on Experience Design for Crypto adoption

• Very similar to Internet in 1990s (only 2.7 mn people on Internet)

• Current dApp designs primarily for dev/geeks. Scares away normal people

• Users can't be expected to secure private keys/ mnemonic phases when they are going on with their lives. All these complexities need to be abstracted aways

• Design for experience and emotion - important if crypto is to get mass adoption

• Building UX @Status - Early lessons from the field

Working Groups​

• Identity Foundation working groups
• UX Ring at Fellowship of Ethereum Magicians

Instructive Blogs and Posts​

• Understanding decentralised identity - Sept'18
• Twitter post by @CharlieShrem on crypto mass adoption

Many people come to me ask about how they should proceed to become a developer in the blockchain space. I thought it would be a good idea to put down my thoughts in a post so that I can easily refer people to this.

As many of you may be aware, blockchain and cryptocurrencies are the craze these days and everybody wants to understand what they are all about. IMO, the current interest is overhyped. Blockchain is not the solution to every problem we are facing today. But to discard them as just another hype would be a mistake. At the least, it warrants a careful examination of how they can change the world.

To me, blockchain represents a fundamental way in which we think about cooperation and trust in society and are a foundational technology. Maybe it will not have any significant impact in the short term (1-2 yrs), but it will significantly alter the tech landscape in medium to long-term (5-10 yrs).

So, if you are really interested in this space, think for the long-term

Now let's get to the question of how can one start to learn about this space and become a "blockchain developer". I am assuming that you already are a developer/ have capability to code but in some other domain. Maybe you are an Android dev or a react dev or work on any of the other myriad technologies out there.

The beauty about this space is that most of the exciting development in blockchain space happens in open source. If you want today, you can look into the source code of bitcoin and figure out how it exactly works. Of course, you need to be able to understand the source code written by other people, which is not trivial.

Github repos for popular projects

Bitcoin Ethereum HyperLedger

Also, the blockchain and crypto community is very open and most of the discussions happen over Github issues, telegram groups, Reddit or mailing lists.

To get started, you have to get a broad understanding of what is blockchain, how its different from traditional technology, what is consensus, etc. You need not understand all this in great detail, but you should have a hang of it. In my opinion, starting with Bitcoin and Ethereum are the best way to learn about all this. For the first 15-20 days, just leave everything else and try to understand how does bitcoin and Ethereum work and what are the various concepts involved. Don't get into coding yet, as that is the simpler part and would be easier once you have the basic concepts sorted.

The best resource for learning these concepts is http://www.bitcoin.cc/

It has lots of explanatory videos and articles. It is more focused on bitcoin but does a good job of explaining the basics.

Once you are done with this, head on to Ethereum Github and digest its white paper

This repo also has a lot of good resources on blockchain aggregated in a single place.

Now, to become a developer you need to understand that there are primarily 2 types of blockchain networks.

**1. Permissioned networks

2. Permissionless networks**

In permissionless networks, anybody can go ahead and start a node and start mining blocks and participate in the network. Good examples of such networks are Ethereum and Bitcoin

In permissioned networks, only those people who are authorised can run a node which contributes to the network. Such networks are more suited for business use cases, where a business or different parties involved in a business run nodes for the network.

The important thing to note here is that the identities of these nodes are known and everybody in the network knows who is running a particular node. This makes the job of achieving a consensus much easier. If you want to run permissioned networks, HyperLedger is a good project to follow.

From a developer perspective, there are few opportunities in this space:

1. Build permissioned networks for businesses

Many businesses are trying to understand how they can use blockchain in their use cases. For example, a car manufacturing company may want to use blockchain for their supply chain. Such business use cases, mostly need a permissioned network as the nodes who will operate in the network are mostly known.

Hyperledger Fabric is a good protocol to develop permissioned networks. To get started, go through its documentation. Its decently well explained and should give you a good foundation to start with.

2. Build decentralised protocols

A lot of research goes into the different type of protocols which are used by the blockchain. Things like which consensus mechanism should be used, what should be the tradeoffs between scalability and trustlessness and how the incentives for different players should be aligned.

These are the sort of things which core developers of Bitcoin and Ethereum worry about. For getting involved in such work, you need to have strong CS and Math chops. You can start getting involved with building protocols by contributing to the Bitcoin or Ethereum project and build your way from there.

3. Build dApps on existing protocol

The third kind of thing which you can do is to focus on building dApps and smart contracts. dApps are Decentralised Applications which run on existing protocol. Ethereum is the easiest way to get started on this. Ethereum uses a language called Solidity which is similar to Javascript and any frontend developer can easily try to start dabbling in it. Solidity also has a great documentation which can help you get started.

This is also the domain of ICOs. Most Ethereum based ICOs need a smart contract which encodes the logic of their platform. So developers can get projects developing smart contracts for clients who want to do ICOs.

Apart from Ethereum, there are many new protocols which have come up like Stellar, EOS, etc. Each protocol has made its own set of trade-offs which makes it suitable for particular projects. But I would suggest if you are just starting in this field, start with Ethereum - as it has the highest number of devs working on it and most simple queries you may have can easily be solved by searching on Google or StackOverflow.

Dedicated StackExchange for Ethereum Dedicated StackExchange for Bitcoin

While trying to learn about blockchain, keep in mind that development for decentralised web (blockchains, etc.) is very different from the standard centralised development which most developers are used to. So, in the early days, you may have to break your head trying to get an intuition for how it works. But don't get disappointed and lose hope.

Blockchain community is very open and helpful and if you are stuck in some place, just ask. Post it on relevant forums on Reddit, telegram, StackOverflow etc. and I am sure somebody will help you.

All the best in your learning journey! Give a shout out to me on twitter if you need any help.

Recently I have been attending a few conferences and meetups focusing on blockchain and its application. While its good that this technology is getting attention in India, I really believe that we need to do a better job at understanding this technology. Many times I come across propositions which intend to apply blockchain to something which doesn't really need blockchain. While part of this may be fuelled by the recent ICO craze, but mostly its lack of effort on our part to get into the depth and really understand what this technology entails.

Blockchain on the face of it is needed to prevent the problem of double spending in a trustless environment. Only when there are multiple parties involved and there is a problem of trust between them, does applying blockchain based solutions help.

Some points to keep in mind before applying blockchain to any system:

1. Blockchain is not needed for "immutability"

The use of blockchain as an immutable ledger is so well advertised that people think that just the use case of creating an immutable database is enough to justify using a blockchain.

But "immutability" is a nuanced concept which we will see below.

Designing atabases which are immutable by design is an age old concept. More commonly known as append-only databases, there have been many attempts to create such databases. Google's Big Query, RethinkDB and CouchDB created databases which were append only by design but they had to allow for garbage collection/updation as such databases blowup in size quickly. Datomic is an existing database which is append only by design. This allows for auditing how and where changes were made.

Here is a good discussion on immutable databases and a discussion on where such databases can be used.

The thing to keep in mind is that these append-only databases are not immutable if the admin can be an attack vector. As these databases are at the end of the day stored in hard drive of a central server, it can always be edited.

Content addressable datastores like IPFS can be used securely store data as in that case a file is addressed by a unique hash. If the data stored in the file is changed in any way, then it will no longer have the same hash. The only issue is that these hashes need to be stored in a secure way in a database and this introduces a vulnerability.

If you use blockchain, it gives you protection from the admin being an attack vector, as there is no single copy of the database which can be edited. The database is present in distributed nodes and the truth is determined by the consensus mechanism like Proof-of-Work, Proof-of-Stake, etc. and not based on what is written in a single node.

Thus, "immutability" is not a singleton concept but a spectrum. Depending upon what your attack models are and the level of data protection and trustlessness you need, there can be different solutions which serve the purpose, and are more efficient.

2. Its very hard to make blockchain work with the "Wet World"

Wet world here is referring to the physical/offline world. Things which are not digital are tough to be represented on blockchain in a non-repudiable manner. Blockchain operates in the world of bits, while the physical world is made of atoms.

Blockchain doesn't know about what is happening in the world. For example, there is no information on the blockchain if a particular team won a game or not. For this information to be available to the blockchain, there needs to be a service which pushes this data on the blockchain. Such services are called Oracles. Having trustworthy Oracles which pushes correct data on the blockchain is a non-trivial problem. According to Nick Szabo, trusted third parties are security loopholes.

Tracking items in supply chain on blockchain also faces this bottleneck. Since, the items which are transported in a suppychain are physical/"wet" accurately identifying them on blockchain is challenging. Generally such items are tagged with digital ID like RFID, barcode, etc. But it is easy to tamper with such digital IDs externally applied on an object. Unless the object itself has a digital signature (like diamond fingerprint, explained in more detail below), any external ID which is applied on an object can be tampered with or copied.

In a use case which we recently built, we wanted to track a crate of mangoes across different part of supply chain. We can do this by attaching a bar code to each crate, and tracking that barcode in blockchain. The problem is that, this barcode can easily be copied and attached to another crate. If there are no other checks and balances, this system will fail given that participants have enough incentive to fool the system.

There are some projects like Slock.it which use locks on physical objects e.g bicycle to make them operable using smart contracts. Though how secure these locks are which can be operated digitally is an area of examination. If there is enough incentive, can't that lock itself be removed? Then there will be no way to track these assets on blockchain.

On the other hand, in cases where the object itself has a digital fingerprint, this problem doesn't exist. For example, in case of diamond, shining a laser light on it in a particular way produces a diffraction pattern which is unique signature of a diamond. This unique pattern can be hashed and tracked on blockchain.

Diamond Refraction Pattern

3.You don't need blockchain for tokenization

Recently I met a gentleman who was suggesting how blockchain will change the face of small businesses in India. Now, a Pizza shop can issue a Pizza Token(PT) and ask to be paid in them. His regular customers can buy the tokens and pay him in PT whenever they order pizza from him.

On the face of it, it sounds like a genuine use case. But when we dig deeper, it soon becomes clear that there is no need of a blockchain here. Even today Ola issues Ola money which is nothing but a token which can be used only in Ola platform. The company running the service (Ola) can issue tokens for fiat, which can be redeemed by token holders in the platform. In the process, some discount is given to users for using Ola Money.

Since, we are trusting the service provider, there is no need of blockchain here. This of course leads to issues where the service provider can arbitrarily change the number of tokens needed for a service, or there being no external market for Ola money tokens (at least no formal markets)

Of course, one advantage of tokens is that you can realise your revenue before actually providing the service - but since there is no external market for such tokens, there is no speculation and trading activity which happens in case of crypto tokens.

4. In many cases, centralised services work just fine

You don't need decentralization for everything. If you trust a service provider, there is no need for decentralization. Only when there are multiple parties involved, who don't trust each other, there can be a case of decentralised applications.

Decentralised networks also have their own problems. Decentralised networks are more resilient as they don't have a single point of failure. But they suffer from effects like Braess's Paradox Braess's paradox demonstrates how adding a new high-speed road in a road network can lead to more congestion, than without the new road. So, in some cases a central planning, which has view of the complete system, may make more sense than decentralised systems which don't have any global optimization function.

Scientists have also shown how decentralised power grids can also suffer from similar problems.

5. Centralised services will always have better speed and efficiency

If speed and efficiency are your main concern, blockchain based solutions may not be the ideal choice.

Visa averages around 2,000 tps, with a peak capacity of perhaps 50,000 tps Google currently processes 65,000 queries per second. By design, it is very difficult to achieve such rates for distributed networks

On the other hand, Bitcoin is limited to 3-7 transactions per second and Ethereum to 7-15 tx per second.

Here's a graph of transactions taking place in the Ethereum network

So, around 700K transation are made on Ethereum everyday, which comes down to 8.1 transactions per second. At its peak, Ethereum network had processed ~1.3 mn tx per day, which is around 15 tx per second

Although there are efforts to scale these system for processing more number of transactions, they will never achieve the speed of centralised systems.

Ethereum is focussing on sharding to achieve high TPS while Lightning Network is bitcoins bet to scale the number of transactions processed by creating off chain channels.

Proof of stake protocols can achieve higher number of transactions per second as they don't involve miners but only validators. Ethereum's POS protocol Casper for example will have an expected time of 4s per block in starting.

If we assume that number of tx per block is same as current, which is 150 tx/block, then the throughput with casper would be 37.5 tx per second. This is much better than current state, but still leaves much to be desired.

Since, by design any blockchain based system would involve coordination cost between different nodes, which need to be sure that only authentic transactions are being processed by the network, they would be slower than a single server processing all the transactions. The benefit such network though provides is that of trust between nodes, which is absent in a centralised system.

Only in those systems where the benefits due to increase in trust outweighs the loss in speed and efficiency, do blockchain makes sense.

Thanks Nilesh for reviewing the initial draft of this post.