Esther Shein | 22 January 2019
Bruce Schneier reconsiders the definition of trust in his keynote presentation from the recent Hyperledger Global Forum.
Blockchains have to be trusted in order for them to succeed, and public blockchains can cause problems you may not think about, according to Bruce Schneier, a fellow and lecturer at the Harvard Kennedy School, in his keynote address at December’s Hyperledger Global Forum on “Security, Trust and Blockchain.”
Schneier began his talk by citing a quote from Bitcoin’s anonymous developer, Satoshi Nakamoto, who said “We have proposed a system for electronic transaction without relying on trust.”
“That’s just not true,’’ Schneier said. “Bitcoin is not a system that doesn’t rely on trust.” It eliminates certain trust intermediaries, but you have to somehow trust Bitcoin, he noted. Generally speaking, the Bitcoin system changes the nature of trust.
Schneier called himself a big fan of “systems thinking,” which is what the issue boils down to, he said. This is something that is in too short supply in the tech world right now,’’ he maintained, and “we need a lot more of it.”
Trust relationships
Schneier’s talk focused on the data structures and protocols that make up a public blockchain. He called private blockchains “100 percent uninteresting,” explaining that they’re easy to create and secure, they don’t need any special properties, and they’ve been around for years.
Public blockchains are what’s new, he noted. They have three elements that make them work:
- The ledger, which is the record of what happened and in what order
- The consensus algorithm, which ensures all copies of the ledger are the same
- The token, which is the currency
All the pieces fit together as a single system, and whether they can achieve anything gets back to the issue of trust, he said.
When he reads some of the comments of blockchain enthusiasts, such as “in code we trust,” “in math we trust,” and “in crypto we trust,” Schneier believes they have “an unnaturally narrow definition of trust.”
Trust as a verification mechanism is true, but you cannot replace trust with verification, he stated. For example, Schneier recounted waking up in his hotel room and trusting that the keys worked, naturally trusting the people who prepared his breakfast, and trusting that all the people he encountered on his way to the forum would not attack him.
“Trust is essential to society,’’ he said. “Humans as a species, are very trusting.” And, he continued, “The fact that we don’t think about it most of the time is a measure that trust works.”
Trust architectures
Schneier cited the book, Blockchain and The New Architecture of Trust, by Kevin Werbach, in which the author outlines the following four different trust architectures:
- Peer-to-peer trust
- Leviathan trust, which is institutional and involves contracts
- Intermediary trust, like PayPal or credit cards that make a transaction work
- Distributed trust, which is what blockchain enables — an emergent trust in the system without any individuals in the system trusting each other
“Blockchain shifts trust in people and institutions to trust in technology,” Schneier said. This means having to trust the cryptography, the software, the computers, the network, and the people who are making all of this work, he said. Along the way there are a lot of single points of failure, and if a blockchain gets hacked or you forget your credentials, you lose your money.
It comes down to the question of who you would rather trust: a human legal system or the details of computer code? Schneier said that, in a lot of ways, trusting technology is a lot harder than trusting people. Institutional trust is still needed, he said, because you still need people to be responsible for these systems.
Bitcoin might theoretically be based on distributed trust, “but practically, that’s just not true.” You have to trust the wallets and the exchanges, and there’s not many of either, as well as the software and the operating systems and computers that everything the blockchain runs on, he said.
“If you think about the attacks on bitcoin, this is where they are – they don’t go against the math, they go against the computer science.” There is always a need for governance outside the system, and a need to override the rules and make changes when necessary, he stressed.
Blockchain systems will always have to exist with other more conventional systems and Bitcoin will always need to interoperate with the rest of the financial world, he said. “That interface, with its laws and norms, often requires breaking the trust architecture of the blockchain system.” This means you can’t have a Bitcoin system where transactions clear immediately work with a credit card system where transactions clear in three days, he said.
A key feature of trust is that if the transaction goes bad or if your credentials are stolen, you get your money back, Schneier said. At the same time, trust is expensive. The reason people don’t use Bitcoin is because they don’t trust it, not because of the cryptography or the protocols, he maintained.
Human element
“A currency that is volatile is not particularly trustworthy,’’ he said. “That’s the human way of looking at trust.” Ethereum is an interesting example of how trust is working. “The fact that we have hard forks means we still need trusted people. This trust is a lot more complicated than transaction verification.” People will choose Bitcoin and an exchange or wallet based on reputation, he said, whether it’s something they read or a recommendation from a friend.
He concluded his talk by noting that trust is much more social; a human thing.
“So truly understanding this requires systems thinking. I really want everybody who designs and implements blockchains to understand the systems they’re working in,” Schneier said, not just the technology aspect, but the social parts and how they work. He suggested people start by asking whether they need a public blockchain?
“I think the answer is almost certainly no, and by this I’m answering the security question, not the marketing question,’’ he said. “Blockchains likely don’t solve the security problems you think they solve,” and they cause other problems you don’t think about, like inefficiencies, especially scaling. Schneier said there are almost always simpler and better ways to achieve the same security properties.
He advised the audience to look at the trust architecture and whether the blockchain “will change it in any meaningful way or does it just shift it around to no real effect?” He also asked them to think about whether the blockchain replaces trust verification and what aspects of trust does it try to fix and fail?
“Does it strengthen existing trust relationships, or does it go against them? Are the trust intermediaries of the new architecture better or worse than the old arch? How can trust be abused in the new system?” he said. “Is it better or worse than the old system and, lastly, what would the same system look like if it didn’t use blockchain?”
In most cases, Schneier said, his guess is that people will choose solutions that don’t use public blockchains because of all the problems they bring. “I’m not saying that they’re useless,” he added, “but I have yet to find an example where the things they do are worth the problems they bring.”
Watch the entire presentation below:
Other session recordings can be found on the Hyperledger YouTube channel.