Paradigm Shift? Digital Currency 16 - There Can Be Only One
Necessity IS the Mother of Invention.
Twenty years ago, LDS were handed "the keys" (no pun intended) to the kingdom, and feebly fumbled them away.
To make matters worse, the genesis of our transactional idea was from...
LDS staff who had come up with and promoted the CA architecture for internal digital signature purposes.
With over 100,000 computing devices and a multitude of heterogenous systems, to avoid the overhead of...
logging in and out of each system, LDS was in need of an single logon credential for their intranet.
Thinking outside the box and ahead of the curve, their illuminating initial work was taken to the next level.
It was a shame that, to my knowledge, those brilliant staff members who languished under the LDS politboro...
never got to implement the single logon credential system nor the proposed CA authority.
Three little BIG things
Today, public key cryptography, public key infrastructure, certificate authorities and all cryptographic systems...
must still satisfy the following requirements which were outlined in that presentation at LDS twenty years ago:
All cryptographic systems must satisfy three requirements to be acceptable for general use in a automated information application or system:
1. the encryption and decryption transformations must be efficient with many different key algorithms and key sizes;
2. the encryption software or hardware must be easy to use;
3. the security of the cryptographic system must depend only on the secrecy of the keys and not the secrecy of the encryption or decryption transformations.
There Can Be Only One
To be successful, BitCoin and other decentralized digital currency business models must provision the following:
1. Item 1 above, in a scalable and efficient manner
2. operational service levels
3. oversight and compliance.
Why? So far, despite many a public/private sector security breech...
secure email, legal documents, escrow transactions and electronic payments have been handled somewhat adequately by a multitude of CA providers and secure SSL.
In the case of digital currency, "somewhat adequately" isn't going to be the metric of choice.
A central problem with the use of public-key cryptography is the confidence or proof that a particular public key is authentic...
in that it is correct and belongs to the person or entity claimed, and has not been tampered with or replaced by a malicious third party.
The usual approach to this problem is to use a public-key infrastructure, in which one or more third parties – known as certificate authorities – certify ownership of key pairs.
IMO, therein lies the problem, more than one third party, worse yet, a whole community of users chipping away at...
inefficient encryption transforms to provide (already proven inadequate, read Mt. Gox) security and earn cash prizes???
With a multitude of third parties, or a decentralized communal effort, there are far too many...
chefs in the kitchen, potential fingers in the soup, and an exposure to security vulnerability too enormous to sufficiently mitigate.
Despite its noble intent, in nature, the communal model for digital currency cannot sufficiently mitigate the inherent security risks nor provide efficient scalability.
This may sound draconian, but this is a case where you need a centralized trusted authority that has the mandate and can provide the necessary security, service levels, oversight and compliance.
There should be reticence to place trust and full faith in any system that involves more than ONE centralized CA lacking: breadth to accommodate scope and scale, vested mandate and authority.
The Bottom Line: Due to the scope and scale of the problem at hand and their decentralized nature current digital currency business models...
cannot provision a robust and reliable solution without suffering substantial/complete margin erosion and/or systemic failure.
Post Script
20 years ago, had LDS adopted the proposal, would they have been able to pull it off?
Absolutely, as LDS had the centralized and distributed infrastructure, network, bricks & mortar presence, and quasi governmental swagger.
FYI, to date, other than the long forgotten proposal of twenty years ago recanted in this 16 part missive...
No fully satisfactory solution to the "public key authentication problem" has been found.
Repeat and rinse, there can be only one.
Anyone with backing, old mainframes, a boatload of servers, a far flung network, brains and above all... the ability to use them...
wishing to start up a trusted 3rd party CA for any of the purposes outlined in this series...
(certified email, legal documents, escrow transactions, electronic payments or digital currency)...
or if your organisation lacks proficiency in server consolidation, desktop and distributed systems management or...
you just need a visionary CTO or CIO, feel free to reach out.
Paradigm Shift? Digital Currency - Index
Twenty years ago, LDS were handed "the keys" (no pun intended) to the kingdom, and feebly fumbled them away.
To make matters worse, the genesis of our transactional idea was from...
LDS staff who had come up with and promoted the CA architecture for internal digital signature purposes.
With over 100,000 computing devices and a multitude of heterogenous systems, to avoid the overhead of...
logging in and out of each system, LDS was in need of an single logon credential for their intranet.
Thinking outside the box and ahead of the curve, their illuminating initial work was taken to the next level.
It was a shame that, to my knowledge, those brilliant staff members who languished under the LDS politboro...
never got to implement the single logon credential system nor the proposed CA authority.
Three little BIG things
Today, public key cryptography, public key infrastructure, certificate authorities and all cryptographic systems...
must still satisfy the following requirements which were outlined in that presentation at LDS twenty years ago:
All cryptographic systems must satisfy three requirements to be acceptable for general use in a automated information application or system:
1. the encryption and decryption transformations must be efficient with many different key algorithms and key sizes;
2. the encryption software or hardware must be easy to use;
3. the security of the cryptographic system must depend only on the secrecy of the keys and not the secrecy of the encryption or decryption transformations.
There Can Be Only One
To be successful, BitCoin and other decentralized digital currency business models must provision the following:
1. Item 1 above, in a scalable and efficient manner
2. operational service levels
3. oversight and compliance.
Why? So far, despite many a public/private sector security breech...
secure email, legal documents, escrow transactions and electronic payments have been handled somewhat adequately by a multitude of CA providers and secure SSL.
In the case of digital currency, "somewhat adequately" isn't going to be the metric of choice.
A central problem with the use of public-key cryptography is the confidence or proof that a particular public key is authentic...
in that it is correct and belongs to the person or entity claimed, and has not been tampered with or replaced by a malicious third party.
The usual approach to this problem is to use a public-key infrastructure, in which one or more third parties – known as certificate authorities – certify ownership of key pairs.
IMO, therein lies the problem, more than one third party, worse yet, a whole community of users chipping away at...
inefficient encryption transforms to provide (already proven inadequate, read Mt. Gox) security and earn cash prizes???
With a multitude of third parties, or a decentralized communal effort, there are far too many...
chefs in the kitchen, potential fingers in the soup, and an exposure to security vulnerability too enormous to sufficiently mitigate.
Despite its noble intent, in nature, the communal model for digital currency cannot sufficiently mitigate the inherent security risks nor provide efficient scalability.
This may sound draconian, but this is a case where you need a centralized trusted authority that has the mandate and can provide the necessary security, service levels, oversight and compliance.
There should be reticence to place trust and full faith in any system that involves more than ONE centralized CA lacking: breadth to accommodate scope and scale, vested mandate and authority.
The Bottom Line: Due to the scope and scale of the problem at hand and their decentralized nature current digital currency business models...
cannot provision a robust and reliable solution without suffering substantial/complete margin erosion and/or systemic failure.
Post Script
20 years ago, had LDS adopted the proposal, would they have been able to pull it off?
Absolutely, as LDS had the centralized and distributed infrastructure, network, bricks & mortar presence, and quasi governmental swagger.
FYI, to date, other than the long forgotten proposal of twenty years ago recanted in this 16 part missive...
No fully satisfactory solution to the "public key authentication problem" has been found.
Repeat and rinse, there can be only one.
Anyone with backing, old mainframes, a boatload of servers, a far flung network, brains and above all... the ability to use them...
wishing to start up a trusted 3rd party CA for any of the purposes outlined in this series...
(certified email, legal documents, escrow transactions, electronic payments or digital currency)...
or if your organisation lacks proficiency in server consolidation, desktop and distributed systems management or...
you just need a visionary CTO or CIO, feel free to reach out.
Paradigm Shift? Digital Currency - Index
Comments