Lockstep

Mobile: +61 (0) 414 488 851
Email: swilson@lockstep.com.au

A brush with fame (not)

Wired thinks it has unmasked Bitcoin inventor Satoshi Nakamoto as an Australian security personality Craig Wright. Plenty of others beg to differ.

Curiously, I had an ugly argument with Wright and a handful of Bitcoin enthusiasts on Twitter in May 2015.

It started after I asked a simple question about why some people had started advocating blockchain for identity. I didn't get a straight answer, but instead copped a fair bit of abuse. Wright's Twitter account has since been deleted, so it's hard to reconstruct the thread (I'd love it if someone out there knows how to extract a more complete Twitter archive; I don't suppose anyone Storified the thread?).

Reproduced below is one side of the spat. I only have my own archived tweets from the time in question but you should get the gist. Wright could never stick to the point - what does blockchain have to offer identity management? Instead he took all inquiries as an attack. He's passionate about Bitcoin changing the world, and if I recall correctly, boasted of his own enormous wealth from Bitcoin mining (he's no crypto-anarchist, as is clear from his exhorbitant LinkedIn profile, one of the longest you'll ever see). Wright's arguments were all deflections; he even dredged up a PKI project from 17 years ago on which we worked together, where evidently he and I had some difference of opinion, something I honestly can't remember.

10/05/2015 3:32 Blockchain-for-identity proponents: Please set out the problem to be solved, analyse it, state your proposal, and argue its benefits.
11/05/2015 22:52 .@caelyxsec: "Bitcoin is just soft certs" @matthewsinclair < Classic!
11/05/2015 22:56 .@matthewsinclair @caelyxsec "Passport", "no central authority", "no walled gardens". Same old utopian slogans. Plus blockmagic.
11/05/2015 22:57 What does a Onelogin actually mean? It's a nickname. Who vouches for it? @matthewsinclair @caelyxsec
11/05/2015 23:09 .@matthewsinclair: @caelyxsec "what does having my Twitter & GitHub usernames signed into the blockchain actually mean?"; Not much.
15/05/2015 8:20 Seems to be a first-come-first-served nickname and self-certified details saved to the #blockchain. @paulmadsen @iglazer @TechPolicy
15/05/2015 8:24 .@Chris_Skinner "Repeat after me: Bitcoin Bad, Blockchain Good"; But good for what? Time stamped archive.
15/05/2015 9:27 .@craigvallis @paulmadsen @iglazer Very little! I don't see identity specialists advocating #blockchain for pressing identity problems
15/05/2015 10:28 RT @craigvallis: @Steve_Lockstep @paulmadsen @iglazer Heard the same from BitCoin specialists, without the coin blockchain is just a database
15/05/2015 10:31 .@craigvallis Clever contribution of #blockchain is to solve the double spend problem. But not a problem in identity @paulmadsen @iglazer
15/05/2015 21:26 .@Chris_Skinner Sure, I get Bitcoin for some payments, but I don't get #blockchain for anything else.
15/05/2015 22:15 .@Chris_Skinner Nope. Blockchain special properties relate to stopping double spend. I don't see the advantages for eg contract exchange
15/05/2015 22:21 1/2 - Thesis: #blockchain is a bit magical, so some guess it must have potential beyond payments - like identity. We need rigor here
15/05/2015 22:23 2/2 - I liken this to the way some are enamored with Quantum Mechanics to explain eg consciousness. Even magic has limits.
15/05/2015 23:16 Turns out BTC is hard to sustain even for payments. But for non-payments, is there any business model at all? https://t.co/69eHD9ssFi
15/05/2015 23:36 .@Dr_Craig_Wright Actually I always proposed community based PKI http://t.co/DagiIx74la (2003) http://t.co/o6aYQWvqMA (2008). Going strong
15/05/2015 23:40 .@Dr_Craig_Wright There's not much to attack. I still can't find a rigorous explanation of blockchain for identity.
16/05/2015 1:01 .@Dr_Craig_Wright So most people are just guessing that blockchain has potential for identity.
16/05/2015 1:09 .@Dr_Craig_Wright But maybe you can point me to one those many sources to explain the potential of blockchain or whatever for identity?
16/05/2015 1:23 .@BitcoinBelle Please explain what blockchain does that a digital signature chained to eg a bank does not? @Chris_Skinner @Dr_Craig_Wright
16/05/2015 1:27 @Dr_Craig_Wright @BitcoinBelle @Chris_Skinner Explanations please, not abuse.
16/05/2015 1:29 .@BitcoinBelle I get BTC for the unbanked. I do. But I don't get contracts or patents in that setting. @Chris_Skinner @Dr_Craig_Wright
16/05/2015 1:32 @BitcoinBelle Can you follow a thread? Or a line of logic?
16/05/2015 1:34 .@BitcoinBelle So once again, explain please how a timestamp plus tamper resistance is special? @Chris_Skinner @Dr_Craig_Wright
16/05/2015 1:42 1/4: @benmcginnes Proof of what? Someone unilaterally asserted something about themselves? @BitcoinBelle @Chris_Skinner @Dr_Craig_Wright
16/05/2015 1:43 2/4: "Proof" to what standard? That word implies accreditation somewhere. @benmcginnes @BitcoinBelle @Chris_Skinner @Dr_Craig_Wright
16/05/2015 1:44 3/4: Who relies on the proof? ie what's the detailed use case? @benmcginnes @BitcoinBelle @Chris_Skinner @Dr_Craig_Wright
16/05/2015 1:47 4/4: Why/how does interfacing to blockchain give better proof than a PK cert? @benmcginnes @BitcoinBelle @Chris_Skinner @Dr_Craig_Wright
16/05/2015 2:40 .@benmcginnes Math proof in identity is the easy bit. Proof of attributes and rel'ships matters more. @Chris_Skinner @Dr_Craig_Wright
16/05/2015 2:43 .@benmcginnes Oh please. That's why I'm asking people to compare 2 types: blockchain and PK certs. @Chris_Skinner @Dr_Craig_Wright
16/05/2015 2:46 .@Dr_Craig_Wright I mean accred in the broadest sense: a disinterested endorsement. Self asserted means 0 @benmcginnes @Chris_Skinner
16/05/2015 3:18 .@Dr_Craig_Wright Something I said in a PKI advisory 17 years seems to still be eating you Craig. What is it? @benmcginnes
16/05/2015 5:12 .@BitcoinBelle But. Why. Bother? What's better about blockchain, compared with putting your hysterics on Twitter? @el33th4xor
16/05/2015 5:16 So I asked for an explanation of #blockchain for identity. And all I get is hippy nonsense - it's not central, not fiat, not govt.
16/05/2015 8:35 @futureidentity It's certainly the case with Bitcoin that it's more about the people than the technology.
16/05/2015 10:26 @jonmatonis @futureidentity Thanks but sorry, what do you mean by user defined privacy?
16/05/2015 10:27 @jonmatonis @futureidentity Please explain deniability of ownership.
16/05/2015 11:06 .@jonmatonis Thanks. How is that realized with blockchain where all transactions are available for all to see? @futureidentity
16/05/2015 12:10 .@benmcginnes I don't need visuals. I need blockchain-for-identity pundits to set out the problem it solves. @jonmatonis @futureidentity
16/05/2015 19:52 Twitter: Where you can be sure to find all the answers to questions you never asked.
16/05/2015 19:57 .@adam3us But why #blockchain? It was designed to stop double spend. Cheaper ways to hold immutable attributes @jonmatonis @futureidentity
16/05/2015 20:04 RT @adam3us: .@Steve_Lockstep @jonmatonis @futureidentity Well indeed identity does not belong on chain. Payment protocol is offchain
16/05/2015 20:09 .@cdelargy Which id mgt action corresponds to spending? Is it each presentation of "I am Steve"? @adam3us @jonmatonis @futureidentity
16/05/2015 20:18 .@jonmatonis Which is to say identity is not the new form of currency? .@futureidentity
16/05/2015 20:21 .@adam3us Auxillary info meaning the attributes and most importantly who vouches for them? @cdelargy @jonmatonis @futureidentity
16/05/2015 22:00 RT @adam3us: .@Steve_Lockstep @cdelargy @jonmatonis @futureidentity Yes Blockchain hasn't bandwidth for finance app msgs with identity
16/05/2015 22:26 .@Beautyon_ Not at all. I've articulated how I see the main id problem to solve: http://t.co/LPXBHieawT I ask others do the same
16/05/2015 22:31 .@Beautyon_ I'm not anti Bitcoin. I'm pro rigor. Almost nobody weighing in articulates the IDAM problem blockchain supposedly fixes
16/05/2015 22:33 .@Beautyon_ I think I agree. Names per se are not as important as the more general "Here's an attribute about me you can rely on"
16/05/2015 22:36 .@Beautyon_ So I say we need IDAM system to imbue attributes with pedigree and present them so RPs r assured of pedigree and user control
16/05/2015 22:38 .@Beautyon_ If blockchain is involved in every attribute presentation, is bandwidth ok? And isn't the 10 minute reconciliation too long?
16/05/2015 22:40 .@Beautyon_ No, I frame identity as "what do I need to know about you to be able to deal with you?" in a context.
16/05/2015 22:47 .@Beautyon_ In the lingo of IDAM, the holder of the asset you want to access is the Relying Party. They rely on your credential or key.
16/05/2015 23:03 @Beautyon_ No I don't use GPG. Maybe I might still understand if someone offers an explanation.
16/05/2015 23:08 .@Beautyon_ Why the elitism? Why can't blockchain enthusiasts explain themselves to the unwashed? You're like Freemasons
16/05/2015 23:17 .@Beautyon_ 20 years in PKI. I think I got the basics. And an allergy to people who can't explain their craft in natural language.
17/05/2015 3:42 .@WulfKhan IDAM is complicated. Many facets. Many problems. Which are addressed by blockchain? I am not on about BTC. @Beautyon_
17/05/2015 4:22 .@Beautyon_ I advise organisations on non trivial authentication and privacy problems. DIY secrecy is not important in my world.
17/05/2015 4:35 User pseudonymity is a crude fragile measure. Privacy != secrecy. It's about what others do with info about you. https://t.co/VpiKWHTLBH

For what it's worth, in my wildest dreams I can't imagine the confusing, self-important Craig Wright being Nakamoto.

Posted in Blockchain, Security

The Economist's take on blockchain

An unpublished letter to the editor of The Economist.

November 1, 2015

Just as generalists mesmerized by quantum physics are prone to misapply it to broader but unrelated problems, some are making exorbitant claims for the potential of blockchain to change the world ("The trust machine", The Economist, October 31st). Yes, blockchain is extraordinarily clever but it was designed specifically to stop electronic cash from being double spent, without needing central oversight. As a general ledger, blockchain is unwieldy and expensive.

Trust online is all about provenance. How can I be sure a stranger’s claimed attributes, credentials and possessions are genuine? Proving a credit card number, employment status, or ownership of a block of land in a ‘democratic’ peer-to-peer mesh strikes some as utopian, but really it’s oxymoronic. The blockchain is an indelible record of claims, which still need to be vouched for before they are carved forever into mathematical stone.

Steve Wilson
Principal Analyst - Identity & Privacy, Constellation Research.

Posted in Security, Innovation, Blockchain, Trust