What is the right and fair way to stop Mike Hearn?

[coinrevo]

bitcoin is a voting system. Here are the two sections of the bitcoin paper where the word vote appears. Its clear now in how far the scheme is limited: there is no obvious mechanism to achieve consensus on new rules.

The proof-of-work also solves the problem of determining representation in majority decision making. If the majority were based on one-IP-address-one-vote, it could be subverted by anyone able to allocate many IPs. Proof-of-work is essentially one-CPU-one-vote. The majority decision is represented by the longest chain, which has the greatest proof-of-work effort invested in it.

They vote with their CPU power, expressing their acceptance of valid blocks by working on extending them and rejecting invalid blocks by refusing to work on them. Any needed rules and incentives can be enforced with this consensus mechanism

[1714759030]

1714759030

[1714759030]

1714759030

[1714759030]

1714759030

[1714759030]

1714759030

[justusranvier]

This is the same complaint I have about ideas of pegging non-blockchain assets to the blockchain. I don't see how it really works.

What you can do is use the blockchain to store tamperproof metadata about non-blockchain assets.

Actually doing something useful with that metadata is an out of scope problem as far as the blockchain is concerned.

[waxwing]

bitcoin is a voting system. Here are the two sections of the bitcoin paper where the word vote appears. Its also clear now in how far the scheme is limited: there is no mechanism to achieve consensus on new rules.

The proof-of-work also solves the problem of determining representation in majority decision making. If the majority were based on one-IP-address-one-vote, it could be subverted by anyone able to allocate many IPs. Proof-of-work is essentially one-CPU-one-vote. The majority decision is represented by the longest chain, which has the greatest proof-of-work effort invested in it.

They vote with their CPU power, expressing their acceptance of valid blocks by working on extending them and rejecting invalid blocks by refusing to work on them. Any needed rules and incentives can be enforced with this consensus mechanism

Crucially, it is a voting system for units of work. Not a voting system for people. I expressed myself poorly; I wasn't saying a voting system is impossible, I was saying a voting system tied to human identities is (or may be) impossible.
If Satoshi had been able to write "one user one vote", in that passage, you can be sure he would have preferred it!

[waxwing]

This is the same complaint I have about ideas of pegging non-blockchain assets to the blockchain. I don't see how it really works.

What you can do is use the blockchain to store tamperproof metadata about non-blockchain assets.

Actually doing something useful with that metadata is an out of scope problem as far as the blockchain is concerned.

For sure. I wasn't claiming it's useless to tie information to it, only that the claims some people make on the basis of that are excessive.

[Mike Hearn]

Phew, I'm glad some people get it

Remember, this is NOT a "upload your passport" even though that's the most obvious way to imagine what I said. This is "upload a zero knowledge proof of passport" (ZKPOP) which is radically different.

The concept of ZKP is very strange and unintuitive so I can see why some people are getting confused. It lets you do something that intuitively should be impossible - it lets you convince someone you know something, without telling them what it is you know.

In this case the fact that the remote client (wallet) is being persuaded of is that you know a valid e-passport that hashes to a particular value. It's anonymous because you can't reverse a hash. You can convince the wallet of this without actually revealing your passport data.

Alternatively, you can choose to reveal a subset of it, like country. I didn't mention this in the talk because I ran out of time, but you can choose to convince wallets that you have a UK passport, German passport, etc. Then the wallet can pick a bunch of random peers and try to get a good diversity of countries. Now this is hard to beat, even if a bad government forges lots of their own passports they can't easily mount a sybil attack!

And just to be super 100% clear, such a feature would always be optional. If a node chose not to present a ZKPOP then it would just get dumped into the "other" bucket, and using it would be no different to how things work today. You don't get the upgrade to anti-sybil protection but it wouldn't be any worse than now. It has to be optional because we're talking about a protocol extension. For it to become "mandatory" would require users to all choose to run wallet apps that required the new feature, but wallet apps are a competitive market and they're all open source. If you didn't want to request this data you would never have to.

[justusranvier]

For sure. I wasn't claiming it's useless to tie information to it, only that the claims some people make on the basis of that are excessive.

I'd be a lot more excited about the claims of the people you're talking about if I say any indication at all that said people actually understood the problem space.

Turning metatdata in a blockchain into something that has relevant effects in the real world means delving into fields outside of just coding.

[waxwing]

Mike; it's a bit like ssl. We can say that https is an optional extension to http so that people who want to do their shopping online without trusting in root certificates don't have to use it. But in practice, there's an industry standard and it rapidly becomes impossible to go outside that standard. So even though everything is optional, an initial push from some influential people can have a dramatic long term effect. How far are we away from a system where the only people who can buy things online with Bitcoin are those with a sanctioned (e.g. non Iranian) passport? ZKP doesn't help there.

[waxwing]

If a node chose not to present a ZKPOP then it would just get dumped into the "other" bucket, and using it would be no different to how things work today. You don't get the upgrade to anti-sybil protection but it wouldn't be any worse than now. It has to be optional because we're talking about a protocol extension. For it to become "mandatory" would require users to all choose to run wallet apps that required the new feature, but wallet apps are a competitive market and they're all open source. If you didn't want to request this data you would never have to.

How much anti-sybil is this really? If I understand you right, the root trust here is in government CAs. I'm not sure I would trust them more than corporations to keep keys safe. Probably a lot less, actually.

[tvbcof]

I started writing a response to the trolling and self-congratulatory garbage that followed after this part of your post, then thought better of it. Actions speak louder than words, don't they?

You'd be wise to calm down and think a little harder about what I wrote there.

Since it looks like you are bummin' around, Mike, lemme second that.  I saw Todd's original statement as being more self-deprecating than anything.  Many people probably did not, but who gives a fuck?

Relatedly, if we are playing 'spot the NSA' for merriment and diversion, I'd be more inclined to finger Todd than Hearn for reasons associated with the original comment.  As it happens, I kind of doubt that anyone active here is intimately involve with state sponsored intelligence efforts.  I write off the differences I have with the philosophical constructs of Hearn (in particular) as being mostly honest differences in opinion about what is 'good for the world' and what is an actual plausible 'threat' (as opposed to being some paranoid conspiracy theory.)

[NanoAkron]

In this case the fact that the remote client (wallet) is being persuaded of is that you know a valid e-passport that hashes to a particular value. It's anonymous because you can't reverse a hash. You can convince the wallet of this without actually revealing your passport data.

Which hashing algorithm would you choose? Because even now people have questions about this particular aspect of security.

And the rest of your answer still does nothing to address concerns over 'region locking' of bitcoin nodes - what if we just decided that today, nobody from Zimbabwe can access the blockchain?

[Mike Hearn]

How far are we away from a system where the only people who can buy things online with Bitcoin are those with a sanctioned (e.g. non Iranian) passport? ZKP doesn't help there.

what if we just decided that today, nobody from Zimbabwe can access the blockchain?

That's backwards: I suggested nodes convince users, not users convince nodes. Besides, Iranian nodes and users can already be identified by IP address, can't they? So it could already happen today.

I get that people want to think through every possibility, but this one doesn't seem to bear much relation to what I've been thinking about.

How much anti-sybil is this really? If I understand you right, the root trust here is in government CAs. I'm not sure I would trust them more than corporations to keep keys safe. Probably a lot less, actually.

So we should trust keys issued by waxwing instead?

There are large organised crime gangs that stand to make millions by subverting the passport infrastructure (think about gangs getting illegal immigrants through the border). The stakes are already very high, so at least the incentives to get it right are there. It wouldn't surprise me if some (smaller) governments do screw it up, but if so, I've never heard of it.

[waxwing]

And the rest of your answer still does nothing to address concerns over 'region locking' of bitcoin nodes - what if we just decided that today, nobody from Zimbabwe can access the blockchain?

? He clearly stated it would be optional. (And he doesn't need to, because since this isn't changing the core protocol, it has to be optional) The concern is more like "nobody from Zimbabwe can use X wallet/buy from this company/etc." The blockchain will always be open.

[acoindr]

After thinking this through I believe it's a very, very clever idea.

Let's recap the problem: we want to identify the "good guys" in our network but without centralized authority. This is especially useful for lightweight/SPV clients to trust a transaction has occurred before confirmations.

...

Allow me to make a slight correction which may or may not impact your thesis:  The idea is not to identify a 'good guy'.  It's more to identify a 'same guy'.

I don't follow. Do you mean 'same guy' for a Sybil attack, or same guy that identified his node? You do understand it's an anonymous proof in the latter case?

Again, it's simpler than that, it's just a hand wave saying "hey, I do have (exclusive) access to a random, unique piece of paper". It doesn't qualify you as being okay.

No that alone doesn't, but one machine seeing thousands of such unique pieces of paper can draw a reasonable conclusion about that fact.

turns out producing pieces of paper / objects that have the property of not being copy-able is extremely hard. ...

Exactly, hence the value in using them to conclude distributed source of ownership.

The main substance of your argument is that optional identity verification is acceptable ...

No, not exactly. The passport verification doesn't submit identity. What is optional is the choice to add some sort of extra data to your node to allow others to make some determination about it, which can be helpful to them. This can be done by regular users in two suggested ways: passport verification, and proof of sacrifice which incurs a small cost. Additionally, high profile non-anonymous nodes (e.g. MgGox) can also be used in helping clients try to identify the authentic network. Using these three things together appears to me to provide great benefit with no apparent downside. That's the substance of my argument.

[waxwing]

How far are we away from a system where the only people who can buy things online with Bitcoin are those with a sanctioned (e.g. non Iranian) passport? ZKP doesn't help there.

what if we just decided that today, nobody from Zimbabwe can access the blockchain?

That's backwards: I suggested nodes convince users, not users convince nodes. Besides, Iranian nodes and users can already be identified by IP address, can't they? So it could already happen today.

Re: IP address - curious line of reasoning; if IP address attests to location (obviously it doesn't reliably), then why argue for government IDs to do that? And if we don't use government ID for that, only to remove sybil, then we're back at the passports-can-be-forged or rented problem.

But nodes v. users: good point. I had stupidly actually forgotten that. But it doesn't change the fundamental argument, right, because we still wonder if Iranians can set up nodes etc. - the core question is whether government sanctioned id is what should be used to decide trust level.

How much anti-sybil is this really? If I understand you right, the root trust here is in government CAs. I'm not sure I would trust them more than corporations to keep keys safe. Probably a lot less, actually.

So we should trust keys issued by waxwing instead?

The question to me is whether any centralised PKI can ever make sense. I still have a vivid memory of first having the idea of certificate authorities explained to me and being just bewildered that anyone could imagine that was a good idea. But then, I am not a very practical person I guess...

There are large organised crime gangs that stand to make millions by subverting the passport infrastructure (think about gangs getting illegal immigrants through the border). The stakes are already very high,

I couldn't agree more. Isn't this a big part of the problem!?

so at least the incentives to get it right are there. It wouldn't surprise me if some (smaller) governments do screw it up, but if so, I've never heard of it.

Really? Only small governments have failed to prevent passport forging? Not sure about that..

[justusranvier]

The question to me is whether any centralised PKI can ever make sense. I still have a vivid memory of first having the idea of certificate authorities explained to me and being just bewildered that anyone could imagine that was a good idea. But then, I am not a very practical person I guess...

By the way, there's a way to fix PKI, but you can't put cryptographers in charge of building it. They've got a three decade track history of user interface failure (sorry, but it's true).

Hand the problem over to the game designers instead, the people who have a track record of building software that people actually enjoy using: http://bitcoinism.blogspot.com/2013/09/building-pgp-web-of-trust-that-people.html

[NanoAkron]

No, not exactly. The passport verification doesn't submit identity. What is optional is the choice to add some sort of extra data to your node to allow others to make some determination about it, which can be helpful to them. This can be done by regular users in two suggested ways: passport verification, and proof of sacrifice which incurs a small cost. Additionally, high profile non-anonymous nodes (e.g. MgGox) can also be used in helping clients try to identify the authentic network. Using these three things together appears to me to provide great benefit with no apparent downside. That's the substance of my argument.

I like the concepts of 'proof of burn' and using non-anonymous nodes for route mapping far more than using a centrally-issued token to tag a node.

One concept I've been toying with (but don't know how to implement) would be a 'proof-of-connectivity' relying on timestamps and the times to relay blocks locally in order to generate a zero-trust map of inter-node connections…might need some additions to the block header to record hashed chains of local timestamps vs. the median network timestamp to build up the record of all the nodes through which a block has passed.

[waxwing]

The question to me is whether any centralised PKI can ever make sense. I still have a vivid memory of first having the idea of certificate authorities explained to me and being just bewildered that anyone could imagine that was a good idea. But then, I am not a very practical person I guess...

By the way, there's a way to fix PKI, but you can't put cryptographers in charge of building it. They've got a three decade track history of user interface failure (sorry, but it's true).

Hand the problem over to the game designers instead, the people who have a track record of building software that people actually enjoy using: http://bitcoinism.blogspot.com/2013/09/building-pgp-web-of-trust-that-people.html

Very interesting read. The concept of "functional identity" (OK I just made that up but it seems to fit) seems absolutely spot on. I'm going to think more about that.

However, I seem to be in a minority of one when I say that I don't believe the problem is a failure of pgp is a failure to create good UI. I have always thought the real brake on adoption is in a lack of motivation by users to take responsibility or control. That's the ultimate cause, while the proximate cause is a lack of network effect (no one around them uses it, because no one was motivated to start, or tried it and didn't like it, because of the responsibility problem). Same proximate cause can be seen in the fact that very few people even use Linux v Windows/Mac, although the UI is great nowadays. It's 90% just because other people don't.

Meanwhile bitcoin and similar can move a lot of these goalposts. It could be the killer app for PGP. Look at kryptokit for example. No UI problems there from what I can see.

[acoindr]

I like the concepts of 'proof of burn' and using non-anonymous nodes for route mapping far more than using a centrally-issued token to tag a node. ...

There are something like 200 countries in world. I wouldn't call that centrally issued. As Mike points out wallets can probably also poll different countries. I understand the scariness the scheme has, and that it may not be perfect. That's why I suggest using it in conjunction with other trust schemes. Using multiple schemes together strengthens protection against fraud.  

[justusranvier]

However, I seem to be in a minority of one when I say that I don't believe the problem is a failure of pgp is a failure to create good UI. I have always thought the real brake on adoption is in a lack of motivation by users to take responsibility or control.

No no no - that's where it always goes wrong.

Users are the customers of personal encryption software. If nobody uses PE software it's because the designers of said software failed to understand meet the needs of their (potential) customers.

There is no such thing as defective customers, only defective products.

[waxwing]

However, I seem to be in a minority of one when I say that I don't believe the problem is a failure of pgp is a failure to create good UI. I have always thought the real brake on adoption is in a lack of motivation by users to take responsibility or control.

No no no - that's where it always goes wrong.

Users are the customers of personal encryption software. If nobody uses PE software it's because the designers of said software failed to understand meet the needs of their (potential) customers.

There is no such thing as defective customers, only defective products.

Like I said, a minority of one
Well, that's the right way to look at things if you're in a business, trying to sell something. But PGP was never about that. So in a way I'm saying there's no problem - people didn't use PGP because they didn't want it, basically.
Let's say 1% of the population wants the privacy benefits of encryption, but 99% don't care. You can argue that we should try to make it really easy to use so that maybe 10% come on board, so that actual privacy of some sort is achieved. Then, sure, you can try to improve the UI, why not? I'm not arguing against it, just saying it isn't the essential issue.
People say ssl was great because it managed to create a UI where the user didn't have to do anything. I'm saying - that isn't about UI, it's about how much control the user has. You can't make an invisible, do-nothing version of PGP because the keys have to be kept safe by the user, it's built in to the architecture.

Meanwhile, Bitcoin+a surveilled internet might make people want to use PGP. Seems like the jury's out.