The Long-term Decay and Re-birth of Innovation in Security and Privacy?
The Long-term Decay and Re-birth of Innovation in Security and Privacy?
A digital world short on true security innovation?
We live in a digital world which is almost completely imperfect.
Why were Intel and Microsoft so successful in the growth of the PC? Because they built on legacy, and make sure that all their software and systems were compatible with the previous versions. But if the legacy is flawed, we are building on foundations of sand, and this is one of the main reasons that our digital world is imperfect.
The methods we use for our Internet security are often still based on the one where we connected to a local network, and in a world where clouds were just white and fluffy. The methods we use for our public services are still based on the days of paper form filling. And the ways of our government and legal systems are still based on a time before the invention of the automobile. We have scaled our old world into a digital space, and it is now riddled with holes.
We still use the methods, systems and protocols that we used in the 1980s, and have just tried to wrap privacy and security around them. Our industry leaders often see little benefits in changing this world, as they have invested their funds in running an old digital world. Our industry has thus failed to move through audit/compliance regimes, and while they aimed to encourage best practice, they have actually suppressed innovation. And the carrot hasn’t worked, and now our digital world needs large sticks in order for it to change it and truly respect privacy. The EU GDPR regulation is the best example of a large stick being waved at an industry that refuses to change its ways.
Old and flawed models
It is an old and flawed model. We thus protect files and not data elements. We have skeleton keys and unique keys. We protect services and not their parameters. We protect our systems and care little about other systems. We respect the rights of administrators over the rights of an individual. Overall we protect systems and not people. We have a machine level view of the Internet, and it is one that has been built for machines, and not for people.
Our governments and public sector, too, have no little interest in changing their ways. They have build up ways of doing things for centuries, and their form-filling ways prove them with power. There existing implementation of a digital world, is just the same old way, but done with an Internet connection. Those nations who truly embrace this new world, built on privacy and truly trusted systems, will be the ones who will succeed, and those who do not truly transform at scale, will be lost along the way.
This is the digital world that we have created, and where we have stifled innovation within privacy for benefit of our compatibility with a 1980s view of the world.
In this article, I will outline how our blockchain world is driven by the pursuit of perfection, and legacy issues mean little to those driving it. With zcash we have seen truly innovative solutions for privacy, but to them, they don’t want to sit back, as even slight flaws on a perfect privacy model are not good enough. For zcash, what is in the past is old, and what is new is the right way, and so we see this with the release of a better version of zk-snarks.
The same old methods and tools
In years in the future we will look back on our current time as the time we rebuild the Internet. We relied on large companies such as Microsoft for our security through the 1980s, 1990s, 2000s, 2010s, but nothing really moved. Microsoft Office, for example, has had little in the way on in-built security for its documents, email and in the way it operates. We have had over 40 years of the same old methods created with the same old tools, and build on the same old protocols. The whole industry has lacked any real innovation in privacy, as the status quo isn’t a bad thing for many large companies.
So as academia has pushed new methods in privacy, our industry has slow to pick them up. We still hash passwords, we still rely on tunnels for security and fail to encrypt data at its core, we still fail to map the rights of access to data and still only see file level security, and so on.
Audit/compliance schemes have often done little for the adoption of strong privacy methods, and has often stifled them. The EU GDPR directive hoped, too, to sweep radical changes in the way that privacy was addressed, but the industry has just stopped doing some things, and pushed out consent forms to its users.
True privacy innovation
But in the blockchain space, the legacy of the cyberpunks of the 1990s lives on, and where there are many companies are who are looking to plug ever single chink of light that they see shining through the dams they are building. A single photon getting through is not good enough for them.
With the original prototype — Bitcoin — the industry advances were built on true innovation. The attention to detail is like nothing we have seen in our digital world before. Now we have sailed through smart contracts and have DAG (Directed acyclic graph) methods defined as a shining example of how complex systems can be created.
As many large companies fail to innovate in any meaningful way and sit back on the way they have done things for years, and fix the problems that they have caused by not innovating, the Blockchain community keeps striving for perfection. And so for Ethereum this is pushing forward with Sharding and Casper in order to address the scale-up problem.
Build a better car while its still moving
But it was the privacy issues which were at the core of the crypto punks belief and, after the stalled start of Bitcoin with its pseudo-ID, the community wants to build a world which truly anonymises its transactions, and thus respects the rights of individuals to privacy.
In a strive for privacy preservation, the cryptocurrency Monero adopted a Multi-layered Linkable Spontaneous Anonymous Group signature. This method hides the transaction amount and the identity of the payer and recipient [paper]. It is now known as RingCT (Ring Confidential Transactions), and was rolled-out in January 2017 and mandatory for all transactions from September 2017. No auditor or regulation forced them to do this, but it was just part of their pursuit of perfection.
Now one of the shining lights within innovation in privacy — zcash — takes another step forward with a hard fork (28 October 2018) which will enable the roll-out of their next great innovation: Sapling. It will be Zcash version 2.0.0, and will herald a new age of privacy, in a world which stumbles on using the methods created in the 1980s. The upgrade, too, will support of RPCs (remote procedure calls), and where we build systems which can be truly distributed.
The strive for 100% perfection
The hard fork is required as the storage requirements for any privacy transactions drops. But the major change to update its zk-snarks (zero-knowledge, Succinct, Non-Interactive Argument of Knowledge) cryptography, in order to improve anonymity the transactions and in processing. For zcash, the strive for perfection in privacy is followed to the nth degree, and where they will not trust their infrastructure until their existing blockchain is stopped and moved to a new infrastructure — this they define as a Crypto Ceremony.
Why, oh why, do we still keep giving away our data? Every time we submit our password to an online system we are revealing sensitive information. Why should a company ask every single time for your postcode or telephone number? Why can’t I have my own identity and reveal it as I want, and not to actually give away so much?
Zero-knowledge proofs have been known from the 1980s, and academia knows it is the best way to go, but our digital-focused industry has cared little about them, as no-one has “forced” them to change their data gathering mentality. Our industry then just fixes a problem with a patch and moves on. The password hashing problem has been “solved” by making it a bit slower to hash … and that is like fixing CO2 emissions by just reducing the speed limit.
So, if you are interested, here is a brief introduction to zk-snarks:
And here are a couple of examples of the techniques:
- Zero-knowledge proof (zkSnark — Hidden Homomorphic). ZKP. Outlines zero-knowledge proof.
- Zero-knowledge proof (zkSnark — Blind evaluation problem). ZKP. Outlines zero-knowledge proof.
Conclusions
The Microsoft Office package that we currently use is not that much different from the one that we used in the days of Word 6.0 and Outlook 1.0. Can you find the security controls built into your packages? No, we rely on the operating system to deal with this, and that those operating systems were designed in a time when we didn’t even connect to a network.
Privacy innovation has been poor over the decades, because our industry often doesn’t want it. It likes to peek on what you are doing, and do share your data with others. It cares little about you having any control over your data, and must be forced to get your involvement. The security of our systems have been designed with corporates in mind, and with the rights of privacy for our citizens.
Digital worlds have been built to mimic our office environments, in order that users could understand their operation. Folders were like the folders we used in the filing cabinets, and files were the bits of paper that we put in them. Our forms were things that we filled in, and they just ported themselves into an online world. The digital world we have built is basically just a physical office, projected into a digital world. This is an old and flawed world. Every time you save a file, or put a file in a folder, or complete an online form, or save to your file system with read, write and execute rights, is just mimicking what we did in the 1980s, and where little has changed.
And so we have evolved with little care of the 1980s worlds:
- Bitcoin was Blockchain 1.0, and where we managed to break away from siloed data and a trust infrastructure that was flawed (1980s PKI).
- Smart contracts was Blockchain 2.0, and brought a way for parties to negotiate and implement actions which were codified, and thus short-circuited a legal system where those in the power have the power.
- DAG was Blockchain 3.0, and where, after we had shown new models of e-Commerce, we address the problem of integrating IoT devices in a trusted way.
And so we are now getting there in building the most perfect digital machine ever and where the old legacy is hard forks, and:
“Your old road is rapidly aging. Please get out of the new one If you can’t lend your hand, For the times they are a-changin’ (Bob Dylan).
If you want to know more, we have a Blockchain Meetup on 17 October 2018 here, and, if you can’t make it to beautiful Edinburgh, you can join the live feed. Please be part of the debate, no matter what your viewpoint is, as the world we build, will be the world that our kids will be able to inherit. If it is flawed, as this Internet is, they will have to fix the problems that we have caused.
Get Best Software Deals Directly In Your Inbox
