What do you think would be an actually good use of blockchain/smart contracts? What kind of problems (big or small) is it a good tool for?

Hello!

When I was creating a CTF for a conference, I’ve finally got to learn about how blockchain and smart contracts actually works in practice, and the whole concept is simply brilliant. A quick introduction for those unfamiliar with it would be in this summary, but just to summarize how I basically understand it, blockchain is simply a VM that runs code (smart contracts) a both the code, and result of every execution of it is calculated by a bunch of users (so, mining is basically running a VM) and appended into the blockchain based on some kind of consensus and proof of work. This means that you get a single source of truth and history of every execution of a smart contract that is decentralized and you can rely on it.

But, almost every use of blockchain or smart contracts I have seen has pretty large issues either in sustainability in the long term, or in cases where you simply need some form of an authority to prevent and punish misuse. While I’m not really that much familiar with every use of blockchain so far, I will first list what I’ve already thought about or seen, and the main issues that I think are a deal-breaker for choosing blockchain for that kind of tasks. It’s possible that some of the issues are wrong or have already been solved, so please correct me if I’m wrong - my knowledge of blockchain isn’t really that in-depth.

First and the most common use is the one you are probably most aware of - cryptocurrencies. If I ignore the biggest and most unfortunate issue of cryptocurrencies turning into an investment-only product, with hugely volatile and inflated price that is not backed by any kind of real value (sure, you can pay with BTC, but it’s slow, expensive and super volatile to be useful, so the only real use is to literally sell it to others for a profit - which also basically means you are scamming someone out of their money down the line), I see the following problems with using blockchain for currencies:

  • Longevity - The ledger size is already getting massive, only after a few year. It’s not sustainable, and it will eventually be really hard to keep the whole ledger at a large enough number of places to not run into problems of integrity. It’s growing exponentionally, and is at around 500Gb after around 10 years.
  • Gas cost - It’s getting harder and harder to mine and confirm new transactions, which increases the cost while also making less people able to mine new transactions without being at a loss. This will only get worse, and eventually lead to the 50% problem (if someone controls 50%+ of mining nodes, he can confirm fake transactions or do whatever he wants with the blockchain) being a real issue.
  • Lack of moderation - This may be one of the more controversial issues, because it goes directly against the whole idea of cryptocurrencies, but is one of the biggest problems I see that are in the way of crypto being able to be considered for wider use. We live in a world where some people are dicks that are not afraid to steal and cheat, and something like a currency simply has to be moderatable. You need to be able to punish criminals, and take back what they have stolen. If someone doesn’t pay their debts and owns me money, the government should be able to just take the money if they have them. If someone uses an account for scamming and stealing, it should be possible to freeze it.

The last issue will eventually show in most of the other uses of blockchain as well, and while I have included it, I’m still not sure how I feel bout it. In an ideal world, you would not have to deal with something like this. I would also really like to have an option to do my transactions privately, without anyone being able to profile my behavior and data, but such a system would have to allow for some safeguards against missuse to be widely adoptable. (Which is an interresting off-topic question - would it be possible to create a system that is private, but also has the possibility for trusted authorities to freeze accounts and force transactions?) And the more that I think about it, the more I’m certain that I’d rather have a centralized system where you can punish criminals and scammers, than a system where lives of people are regularly ruined by someone stealing all of their savings unpunished. But it is a thin line - I only say that because I live in a country that is all-right and I can trust my government - for now. But I definitely agree that such a private unmoderated option should exist - but can’t be considered for widespread use, which I’ve heard some people say that “crypto will replace cash in a few years”. And this is why it never will, IMO. But this discussion shouldn’t be about whether this is a good opinion or not - but more about “what blockchain is a good tool for”.

Next one are NFTs. I will just quickly gloss over them, because they are even bigger scam than crypto is. Ever heard someone say “Someone has copied and minted my NFT?”. Well, it’s a shame that there isn’t some kind of centralized authority that could, you know, not allow them to do that.

Another use I’ve heard someone praise as “the future” was lending money. I’m not sure what were they talking about, but the whole point was that you can… Escrow an amount you are borrowing, and then borrow the same amount? It didn’t make any sense, so I guess I’m missing something, but then again - we have the same issues as above, while also it being just a bizare idea - why simply not use the amount you already have? The person tried to explain it to me, but it just feels gimmicky. And if you escrow a lesser amount, you then have the same problem with moderation as above - nothing can force you to return the money (unless it is already escrowed, but then, why??)

So far, every use of blockchain I have heard about would be better done in a centralized fashion, especially as far as longevity is concerned. The growing ledger size and increasing gas cost, along with the 50% problem simply makes most of these kind of uses too impractical to work on a larger scale.

But I really like the concept and idea of smart contracts, and I’m sure there has to be some kind of use that is not as “revolutionary” or large scale. I’m just having hard time coming up with any.

I have only one - voting, and maybe transparent randomization (i.e lottery). Smart contracts are an amazing way to collect votes transparently but privately, since you can be sure that no-one can cheat, if you set it up properly. It’s also something that doesn’t suffer from the longevity problem, because it’s more of a one-shot use of blockchain, rather than something ongoing - which also justifies the price.

**(tl;dr feel free to start here:)**Which is what I’m interested in - does any of you have similar ideas for use of smart contracts and blockchain, that would be practical in a daily live? Be it one-shot smart contracts for a small task, such as voting or random winner selection, maybe some kind of escrow. It doesn’t have to be a “society changing system”, or something revolutionary. A common small code snippets or apps that would solve the trust issue inherent to a centralized task is what I’m after - but have hard time coming up with.

And just a disclaimer - I don’t plan on building anything and am not fishing for the next blockchain thing, I barely even understand it. I would just like to incorporate blockchain into my programming repertoire as a tool, because the concept feels so clever, but is also misused or misunderstood due to hype, but it has to have it’s uses that are overshadowed by people jumping on the blockchain bandwagon without considering whether it’s really the best tool for the job.

But is has to be a good tool for some kind of problems, right? And I would like to start a discussion about what would that be, without it being affected by the hype and reputation surrounding blockchain. I feel like that would be an interesting though exercise, and I’m sure we can come up with some interesting little uses here and there, without it being gimmicky but actually the best tool for the job.

Thank you!

EDIT: And I’d like to add that I never got into the blockchain hype, and my opinion on how it’s used so far is mostly negative. If a product mentions blockchain, I usually just avoid it as a gimmick. But that’s why I’m genuinely interested in this discussion - I don’t judge a tool about how people misuse it.

robinm,

git

Its backing store is an (immutable) merkle tree, which is a chain of crypographically signed object (commits, trees and blob), aka a chain of block, aka a blockchain.

hglman,

Blockchain gives a protocol that allows new data sources to join and leave without any coordination while also ensuring data consistency in the data added up to the will of the majority of validators. If, for example, the validators are people, the data sources are doctors and hospitals, and the data is medical history. You can have all your medical history collected together and only accessible to you.

hglman,

In a blockchain, the government is the majority of nodes. That’s who can revert fraudulent transactions. Ethereum already did this once.

OffByOneError,

When NFTs were invented, people imagined them being used for things like titles/deeds. Instant transfer and verifiability would be a huge thing. especially in places that have real estate scams due to the slow/corrupt bureaucracy.

computertoucher5000,

A good while back I read a paper, blog post…I read something somewhere a while back that laid out an interesting use case involving vehicular service records for fleet vehicles. And I know exactly about as much about blockchain then, as I do now, but I did spend some time in fleet logistics for a large scale service company with about 20+ field vans and at the time, the notion seemed compelling and interesting on the face of it.

After a very brief google, it seems the topic has been widely written about but nothing in depth compared to the piece I read all those years ago (which felt more like a full on white-paper). Looking around and will edit the comment if I find it so the people in the room who are smarter than I am can weigh in.

Noughmad,

I don’t know much about the topic in depth, but I can tell you the greatest problem with using a blockchain for such record keeping: there is no way to ensure that the service that was recorded in the blockchain actually matches the service that was performed. And this is the same problem that every single record keeping system has, so it’s not unique, but simply because of this all the greater reliability of the blockchain is meaningless.

armestam,

Git

Git is Blockchain and it’s pretty much the only use of the tech I actually see make sense. Most other uses add too much expense where we could just used a trusted ledger. I know people are all about zero trust but the cost benefit of Blockchain doesn’t pan out for almost anything. It’s not hard to develop cheaper ways to trust an actor, such as laws. Which is how we create trust today. When’s the last time your westernized bank stole money from you?

pjhenry1216,

Git is not blockchain. Git is a distributed ledger. You can rewind a git commit if you know what you're doing. If fit were a blockchain, removing the last commit would corrupt the entire chain. Every transaction is part of building that trust.

Your conclusion of uses of blockchain is spot on though. I also feel it's extremely expensive and complicated when there are much cheaper and more efficient ways outside of it.

When did this become a thing where people started calling git a blockchain? Git is much older than blockchain. I don't see anyone giving Torvalds credit for inventing blockchain. Because he didn't. And git isn't blockchain. It's sort of useful as an illustration of how blockchain almost works, except it's much more efficient because it doesn't do all the things that blockchain requires.

armestam,

Well, if you remove a commit in the chain it will disrupt the chain. It’s a DAG where the next commit requires the previous commit to be unchanged. So Git does use essentially a cryptographic chain.

The thing is we don’t care about guessing the next part of the chain, which is where the mining aspect of Blockchain comes into play. So Git does not include validation in it’s process. But if someone does modify something in Git I assure you all of the people who have cloned that repository are able to validate a change happened.

Nobody credits Linus with it because signing things was never a novel idea. The part where you’re mining the next hash is the interesting part of Blockchain that’s not in Git. And that’s also the wasteful silly part.

pjhenry1216,

Not really. You can't remove the last chain in a blockchain without effecting every single other block. Each block is modified every single time to include the hash of its child. Git is the other way. Each commit includes a hash of its parent. So you can always remove the last one and the branch would be none the wiser.

So git is the exact opposite direction in regards to hashing. It's a chain, just not in the same way. That's part of why blockchain transactions are so expensive and git commits are so cheap.

jmk1ng,
@jmk1ng@programming.dev avatar

Blockchain? Oh, hah, no no… none of us were ever hyping up a tech we didn’t understand as the solution to literally any problem.

Say, have you heard about AI? It’s a revolutionary technology that’s the solution to any problem!

Zyansheep,

I mean, machine learning can theoretically approximate any computable function given enough time and resources…

sotolf,
@sotolf@programming.dev avatar

I still find the ai program that infers your age based on your age pretty funny :p and it never really get’s it completely.

csolisr,

Blockchains are only useful in cases where non-repudiability (the ability to prevent users from denying that an event happened) is more important than any other factor. And there are preciously few cases where this is the case, the vast majority being related to audit - tracking receipts, votes, certificates, or similar attestations in an environment where no single party can be trusted. Disclaimer, I’ve worked in the past in projects related to the aforementioned - fortunately all of them related to the field of audit.

interolivary, (edited )
@interolivary@beehaw.org avatar

Notabaly most of these use cases probably don’t benefit from a public ledger though, in the sense that anyone with enough stake / hardware could be a validator. Exposes you to way too much uncertainty about whether validators will screw you over with Maximal Extractable Value tomfoolery, edit: and is obviously slow and very expensive compared to PoA

csolisr,

Fair enough that! I’m surprised to see so few companies saving up their money and processing time, and just using a private distributed ledger among all parties (plus maybe an arbiter node or two). Probably because Ethereum is better supported commercially (guess why!)

interolivary,
@interolivary@beehaw.org avatar

You can run Ethereum in PoA mode though, or at least it used to be possible but I dunno whether they’ve kept the option around (probably?) I think the problem is that many people who set these systems up don’t even know that’s possible, or they’re distribution maximalists who balk at the idea of having a private blockchain where some “higher authority” (gasp!) says who can validate blocks and it’s not just based on how much ETH you have.

csolisr,

I mean, not even I knew that Ethereum could be run in an intranet via Proof of Authority, today I learned something new!

interolivary,
@interolivary@beehaw.org avatar

I’m an odd breed of (thankfully former) blockchain consultant in that I’ve got a healthy skepticism about the tech and don’t think that slapping a public blockchain on to everything will magically make it better, so I made my business by having a more in-depth understanding of the various options and what they’re really suitable for. I used to joke that my first advice was always “don’t”, and the second was “no seriously, don’t.”

Umbrias,

And an important note is that… For decades we have had paper trails fairly locked down given enough incentive. The technology isn’t the problem with performing audits.

ICastFist,
@ICastFist@programming.dev avatar

The only useful use case I’ve seen is for when you absolutely MUST be able to track historic data and ensure edits don’t destroy the original. Blockchain “solves” this by never allowing saved data to be edited.

The only place I’ve seen it actually being used properly for that was within Brazil’s medical vaccine tracking (ptbr article), which is what allowed them to confirm that Bolsonaro falsified his vaccination card. It doesn’t offer details on what kind of protocol it uses, but it could just be a “decentralized, distributed” database, for all intents and purposes.

snowe,
@snowe@programming.dev avatar

We’ve had that for literally 40+ years though with CQRS, which is used in every banking system (it’s why your bank can show you every transaction that has happened on your account). It’s also used by airports and airlines. It’s incredibly common tech that doesn’t require a blockchain or decentralization.

hglman,

I think you are saying the same thing, but it’s less that history can’t be changed and more than all changes are collectively acknowledged. The Brazilian vaccine record shows why that can be a highly desirable attribute; it prevents a class of corruption while also automating the tasks that could have been corrupted.

arisunz,
@arisunz@lemmy.blahaj.zone avatar

buying drugs and scamming people

oh, and throwing gasoline at an already burning planet

gunnm,

Stop using FIAT then.

apd,

Want to explain your rational?

gunnm,

Buying drugs, scamming people is the same use case of FIAT.

arisunz,
@arisunz@lemmy.blahaj.zone avatar

lol. lmao

gunnm,

It’s true lol.

rezz,

The paradox is that it must solve money first. The original intended usecase is not only the best, but it is a prerequisite to higher order use cases.

Think of the money supply layers, “M0, M1, M2” and so on, and what they mean.

Smart contracts are an “M1-M2+” problem solver. But M0 still isn’t solved.

In other words, having stock markets or NFT housing chain of title will always fail if the money usecase upon which it stands is still fallible. Ethereum put the cart before the horse. Bitcoin or Bitcoin Cash, “dumb” M0 solutions, have to be widely useful for the rest to work.

MxM111,
@MxM111@kbin.social avatar

Maybe when we have AGIs making contracts with each other and current legal system just does not work for them?

pjhenry1216,

Blockchain isn't about subverting legal systems though. It doesn't exist outside of law.

MxM111,
@MxM111@kbin.social avatar

Maybe when we have AGIs making contracts with each other and current legal system just does not work for them?

nibblebit, (edited )
@nibblebit@programming.dev avatar

Audit logs and Access control paper trails.

Security event logging has to be:

  1. Broadly accessible
  2. Write-protected
  3. offering some proof of completeness.

These three requirements are tricky and often conflicting. Block-chain might be an inefficient way to achieve these, but the glove does fit quite neatly.

Logistical paperwork

  • Purchase Orders/Invoices and packing slips
  • Waybills/Bills of lading and CMR’s

These kinds of documents require multiple stages of matching and approval by untrusted 3rd parties. There are dozens of ecosystems of interacting systems that support processing these documents, but most people still use paper. Paper is more reliable when you need to deliver a container full of diapers from Poland to North Sudan. It’s more reliable but incredibly prone to fraud and forgery. Having all of these approvals and transactions tracked on a blockchain and letting different systems interact with the same chain, would make it possible without each ERP having a rest API to each other ERP.

Mikina,

The audit logging sounds interesting. If you combine it with some kind of encryption, then I can imagine it working pretty well. Aside from the logistical problems/gas cost, that is.

nibblebit,
@nibblebit@programming.dev avatar

Yeah it’s not ideal, but you only need to pay the gas cost when you need to prove integrity and that’s alot cheaper than having to constantly be in sync with the world.

atheken,

There is no incentive for adding the friction of gas or PoW for these types of systems.

The parties involved can have a shared log and private keys for signing entries. Party A provides a thing and Party B signs an entry that says they were provided with the thing. Party A can wait for that signed entry before releasing the goods, etc. The problem with block chain to track physical stuff is that that handoffs are not instantaneous, so there’s always lag between the real state of the world and what the log says. In practice, this may be a few seconds, and a human might wait for confirmation before physically granting access to a recipient.

To put it another way, the party that is signing is not incentivized to forge that they have received an object from someone else, as that is effectively the fulfillment of the obligation. They’re only going to sign an entry if they get the object.

MiddleKnight,

I fail to see what blockchain can provide in the realm of audit logging?

Fundamentally, you need to trust the systems which are logging events to log the correct events at the correct time. How does blockchain change this?

pjhenry1216,

It's more about tampering with the audit log. "Company A provided their audit logs to prove their innocence." Did they? Well. Maybe. How do we know it's the full log. How do we know it wasn't altered? Sure, the company can digitally sign it, but what does that prove?

MiddleKnight,

Then sign and send the audit log in realtime to the authority which A provided their logs to. Same effect no blockchain.

You could also encrypt and publish it. But realistically there is always going to be some entity actually responsible for enacting the consequences for non-compliance and they are the only entity that really ever needs to check these logs.

I am not sure I understand what the incentives to “mine” this blockchain would be. Without a certain block difficulty, which requires many miners, it will be trivial to rewrite the entire chain.

nibblebit,
@nibblebit@programming.dev avatar

Most auditing and insurance companies don’t have a webhook where you can arbitrarily send your logs to. They have humans with eyes and fingers holding risk management and law degrees called auditors. That you need to, with words and arguments,convince of your process integrity. And What happens if you switch insurer or certifier? You probably have to do a ton of IT work to change the format and destination of your logs. And how do you prove that your process was not manipulated during the transition?

What you describe are digital notary services and it’s billion-dollar industry. All they do is be a trusted third party that records process integrity. IAM, change logs, RFCs, financial transactions, incident detection, and response are all sent in real time so you are ready for certification or M&A. Most small and mid-sized enterprises can’t afford that kind of service and are often locked out of certain certifications or insurances or take a huge price cut when acquired.

Something like pooling together resources to a provable immutable log trail isn’t unreasonable.

nibblebit,
@nibblebit@programming.dev avatar

Yeah the problem isn’t the veracity of the logs, it’s providing a mechanism for third parties of proving that the sequence of events in your log hasn’t been tampered with after the fact

MiddleKnight,

Any system which publishes the log to third parties as they are written would do that.

nibblebit,
@nibblebit@programming.dev avatar

Yeah you’re not wrong, that would be more efficient. Again a blockchain is not an efficient way to do it. But it would be effective.

In practice audit logs are used by and for auditors. Non-technicals that need evidence that would hold up to argument. Yes you could send your logs to a third party. Now you have to prove that third parties trustworthiness twice a year to the standards of each legal entity you operate in. And lawyers are more expensive than blockchain devs haha :p

Having a private blockchain that you can share with several changing parties that can subscribe to it. Without having to update anything about your infrastructure is a benefit.

Even though I’ve lived through several iso 27001 certifications, I’m still walking on thin ice when I say that it would probably easier to explain the blockchain in practice than any other proof of completeness method. Because the public is more aware of it. On the other hand the public is also more skeptical of crypto so it could also backfire :p

MiddleKnight,

How does a private blockchain work? It is my impression that the security of the block chain comes from the difficulty of mining a new block. This in turns depends on having many entities competing for mining the next block because they get some type of financial incentive.

Wouldn’t a private block chain just essentially be like git? In git I can easily rewrite the entire history of my “log” by just rehashing everything. It is just git rebase. For anybody to verify I had not done this, they would always need the newest commit/log entry. So until the time I choose to publish a log entry, I am free to rewrite it and everything after it. Which is exactly the same as if I didn’t use a blockchain.

It just seems like the blockchain solution depends on publishing log entries to a third party as they happen, but once you do that, the problem is already solved and you don’t need a blockchain.

But I might not properly understand how private blockchains work?

nibblebit,
@nibblebit@programming.dev avatar

The security comes from consensus. Everyone needs to agree about what the truth is. The burden of proof is proportional to the number of peers that need to agree. Public chains require a lot of work to create consensus amongst hundreds of thousands of peers. Let’s say your chain consists of 12 companies all using the same chain to validate and verify each other’s transactions so they are ready for an audit.

Yes, it’s easier to have 12 peers conspire to manipulate the chain than to have 200 000 peers. But making 12 businesses conspire to cook the books is already several orders of magnitude more difficult than the checks and balances we have in place now.

MiddleKnight,

So it is not really private to one business, but shared between a couple handfuls. The consensus of this group is then trusted.

In that case, to write a log entry I would have to publish the log into some mempool shared among the group as it is logged. At this point, each member can just store the log entry and then later verify it of asked. Again, it seems like the entire block chain part of this system is redundant and what is really providing utility is the idea of storing your logs with someone else as you create them so you cannot later claim something didn’t happen.

But just to understand the idea of private blockchains better. Would this be some kind of hardcore “code is law” arrangement where each Company is competing on hash power with all the others to prevent them from rewriting the logs to their advantage (and in the best case being able to rewrite the log to their advantage).

Or is there some a priori agreement on what a reasonable amount of hash power is, that you just hope one company doesn’t choose to outspent by a factor 100 the day they really need to rewrite the log?

I guess in that case it will be clear to everybody what has happened. But if you choose to act on this common sense version of events instead of the “truth of the blockchain consensus” you are, once again, undermining the entire idea of using a block chain.

nibblebit,
@nibblebit@programming.dev avatar

I’m sure the hardcore variant would have its uses. But the goal isn’t necessarily to make fraud impossible, just evident. So probably more towards the latter option. And you are correct that you don’t need a blockchain to create a distributed database that enforces consensus. It’s just a neat tool you could use that scales pretty well, is relatively low maintenance(SWE hours not GPU hours), can adapt to a lot of cases, and is affordable for small and mid-sized companies. You could do the same by broadcasting your events to all your peers and having each peer save everyone’s events to compare notes later. But this would be a hassle to setup and keep consistent.

MiddleKnight,

You could do the same by broadcasting your events to all your peers and having each peer save everyone’s events.

But this is also a prerequisite to running a blockchain right? This is essentially the mempool. Then you have a layer on top which does more stuff (the actual blockchain part)

Surely implementing only the sending of log event is simpler than also adding all the hashing and consensus stuff(which in practice adds no real utility) on top?

nibblebit,
@nibblebit@programming.dev avatar

I mean you would need the hashing and consensus stuff to figure out exactly how the chain diverged. Just pooling the event would in theory be enough to prove that shenanigans were afoot then the ledgers don’t align, but that’s a bit too brittle to base a bi-annual evaluation on. You could close those up and setup some eventual-consistency across peers, sure but now you’re talking about a some complicated proprietary software. It’s also not clear how a system like that would scale.

There’s plenty of convenient self-hosted blockchain solutions out there already that can be used to accomplish this. And there are a ton of tools to do analysis and tracing on these chains. This makes it not unreasonable when compared to a dedicated solution.

MiddleKnight,

You are claiming that

  1. a blockchain would somehow make it easier to detect tampering or make stronger guarantees about the log integrity (I think you are being a bit vague here honestly)
  2. That a blockchain is easier to set up than my proposed alternative.

Regarding 1: If the other parties just store the log, you just compare what the company provided with what the peers have stored. Then you see EXACTLY what has changed. I still don’t understand what it is you claim a blockchain can do here that just having the peers store a copy of the logs cannot and how it is somehow less brittle.

Regarding 2: it can literally be as simple as serving the log from a webserver (with authentication if you only want the peers to be able to read it) and then have the peers scrape it periodically. Or send an email every night. Yes you need to provision infrastructure and integrate with your logging system. But that is the same for hosting a blockchain based system.

nibblebit,
@nibblebit@programming.dev avatar

Sorry, it was not my intention to be vague. I admit to not having a complete implementation in mind. My point is that linking each log as a block in a chain with hashes forces an order that is more difficult to tamper with than a timestamp or auto incremented integer id. You have to alter more data to inject or purge records from a chain than you would with a table of timestamped records. I admit I can’t make my case better than that.

As for the simplicity factor. I think your suggestion of serving logs to peers from a server like an RSS feed is a fine solution.

But I can setup a MultiChain instance In a few hours and start issuing tokens. I can send the same link out to my peers and auditors for them to connect and propagate the shared state. The community can shrink and grow without the members having to change anything. Now it’s mostly a hands off venture that scales relatively well. I’m an okay programmer but to coordinate an effort to build, test and verify a system to do the same with RSS feeds across multiple companies would take me months. Something like MultiChain or HyperLedger is comparatively turnkey.

I’m not here to say this is the best way to do it. I’m just saying there’s some merit to leveraging these technologies.

If you ask me, audit logs should just be posted to Twitter, the only true write-only database.

Mikina,

I’ve given it some though and wouldn’t the fact that the blockchain is public by design be a problem in regard to forward secrecy (I’m not sure I’m using the term right here, but I suppose you get the idea)? If your keys would leak, you are then stuck with a lot of private data leaked without any way how to pull them back.

nibblebit,
@nibblebit@programming.dev avatar

Not every log needs that kind of security and a chain does not need to be public. You download blocks from peers and do your own accounting.

Nothing is preventing you from only giving access to your chain to a trusted circle of peers.

Something you could do is encrypt your logs and push them to a chain shared by a number of peers who do they same with their own keys. Now you have a pool of accountability buddies, because if someone tries to tamper with the logs, you all hang together.

If you’re doing some spooky stuff and need to prove a high degree of integrity is you could push encrypted logs to a chain. The auditor then can appoint several independent parties whose only job it is to continuously prove the integrity of your logs. After that is proven you can release your keys to the auditor who can inspect your logs knowing that they have been complete and untampered during the audit period.

Again I understand it’s not the most efficient system, but there are less efficient and less flexible systems out there in enterprise land haha

Mikina,

I’m not really well versed in how private blockchains work, but wouldn’t that mean that you also have to mine it yourself (or create your own private mining network), thus making the 50% problem a lot more prominent?

nibblebit,
@nibblebit@programming.dev avatar

Let’s say a country mandates their Telecom sector to audit it’s transactions. The idea would be to share the network with several peers, your telecoms. In this case “mining” would be verifying the integrity if the chain and can be done by anyone of the peers. The government or auditing authority could also be a peer in the network and they are all capable of verifying the integrity of the chain through “mining”. You are right that it’s easier to have a small group of peers conspire to manipulate the chain. But it’s a lot harder for several telecoms to conspire than for one rogue CFO to cook the books.

In this application you’re not generating ‘valuable’ tokens in the sense bitcoin does it, but the value is the integrity of the chain. People value the proof that no one has redacted or injected any transactions.

imperator3733,

The only use that I’ve thought of over the years is event logging where you need a very high confidence that no one has tampered with the logs.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • random
  • uselessserver093
  • Food
  • aaaaaaacccccccce
  • [email protected]
  • test
  • CafeMeta
  • testmag
  • MUD
  • RhythmGameZone
  • RSS
  • dabs
  • Socialism
  • KbinCafe
  • TheResearchGuardian
  • oklahoma
  • feritale
  • SuperSentai
  • KamenRider
  • All magazines
    •