Super opportunities you have to learn in a blockchain hackaton
I took part in a bitcoin blockchain hack to exploit the power of immutable timestamping. The aim was to produce business applications thanks to the eternal proof of the structure some data had in a certain moment in time. The teams investigated: process and quality certifications, track records for education and secure communication channels.
All three topics touch different businesses but the underlying fil rouge is that they require an accountable way to verify what happened in the past. Within the bitcoin blockchain this is enforced by the proofs of work: every transaction is validated with the solution of a cryptographic challenge. Once a transaction is processed the resolution of the challenge is recorded so that anyone can check it, these challenges are all concatenated within each other so that you can’t counterfeit one without counterfeiting all the past. The most similar structure used in the IT-industry are write-only hard disks employed in the banking systems to validate past exchange rates. The requirement is a safe and un-modifiable place where to store certified informations, the main advantage of the blockchain over write-only disks is that it’s not controlled, produced or hosted by a single entity and thus the trust you need in the system is much lower.
Let’s review three business cases! Each of those represents a large opportunity:
- process certification because there is still no high-end cloud and scalable industry standard for certified data, see crazy write-only disks for the banking industry;
- secure communications rely on public key authentication which is a hard a problem and it’s been exploited extensively in man-in-the-middle attacks, the blockchain can empower a tamper-proof public keys reputation system;
- education initiatives like open badges can be extended and reinforced for an easier on more open schooling.
Process certification. Most modern CRMs have encoded the processes that operators do while facing the clients. For many industries, energy, telco and healthcare to name a few, most of these processes are regulated, meaning that the companies must follow specific steps and certify specific properties as described by country laws or trade unions. Yearly inspections are the norm and the companies must provide proofs that their employees had followed exactly procedures as described in some files or that the state of their systems evolved in a particular chronological order. Failure to do so implies fees, removal of products from the market and loss of partners, in fact in 2015 there were an estimated 1.5M new ISO certifications and fees in the order of billion Euros for violations of regulations in EU. During the hackaton a plugin to connect Salesforce CRM with the blockchain was realized, this plugin is notarizing state changes in the database and file versions. In case of inspection it is immediate to retrieve which file versions were available on which days with a complete proof, moreover it is also possible to unravel the steps a process followed since the change in the database are compacted and their hash stored on the blockchain. The regulator inspection is then transformed from “collect all emails/unstructured communications/database backups of particular days and reconstruct the chronologic order of facts” to “extract the hashes of the process steps and validate their existence on the blockchain on given days”. From the company perspective the latter represents a huge time-saving approach and also an higher level quality standard. Hopefully in the near future you will hear more of this solution as we proceed to build an application with industry-strength and market it!
Secure communications. This project revolves around an effort Google made in early 2017 to make simpler and safer secure communications via their open source Key Transparency initiative. When a secure communication is to begin, the two parties must exchange their public encryption keys. The problem is that as of today users should verify themselves the authenticity of the public key. In general this approach is weak to man-in-the-middle espionage, were a third party exchanges keys on behalf of the original individuals and is then able to decrypt the communication. The original project is here https://github.com/google/keytransparency/ and it works with a powerful distributed architecture: anyone can install and run a node of Key Transparency, each node has a complete log of which user (email) declared to have which public key. App developers or anyone needing to check public keys can connect to the network and request the key validation. Proposing an evolution here was straightforward: augment the accountability of the keys by storing hashes of it on the blockchain, this would extend the blockchain security to each log of public keys. Eavesdropping is a practice used also in recent years by governments (won’t say here who and when, but you can look that up, pretty much anyone though), therefore that double security layer is definitely welcome.
On a second thought: public key authentication is something important enough to be rewarded, so this is possibly a beautiful use-case for a new Coin. Each transaction will represent a public key identification request, consensus must be reached by nodes to serve the request (eventually requests can be crypted to add that spicy proof of work thing going) and finally the coins are rewarded to the nodes providing the authenticity of the public key. This was out of the hackaton but hey, reviewing sheds light on cool ideas, #believe in the #process!
Education Track-record. Following the approach proposed at MIT to use blockchain to empower open badges the education team studied the impact of this system in the Italian education structure. The idea is based on certificate issuers, e.g. teachers giving marks or schools giving diplomas, to sign a structured package of data and store the hash on the blockchain. The decentralized nature of the education system, where every school has different locations, is a fertile ground to cultivate a distributed ledger. It comes natural to make each school responsible for a blockchain node. On top the team proposed smart contracts to automatically assign scholarships. This study was an interesting exercise of infrastructure dimensioning, it reminded me the exercises given during the interview process for joining Deiloitte back in the days: how many transactions do you need to store a year of education system? Italy has 66M inhabitants, say 20% is in the 6 to 24 years cluster and they get a mark/exam per month..and so on so forth. Conclusion is that that would require some 400.000 transaction per day. This highlights the importance of storing data in a compact and smart way, in fact saving singular events quickly scales out of feasibility (at least on public chains).
I will leave a final note on the high-level ingredients of the hackaton:
- OpenTimestamp, a protocol to get timestamps on the blockchain, we used the effective implementation by https://EternityWall.it
- Oraclize, a service certifying the packets exchanged in API communications provided by https://Oraclize.it
We worked with Salesforce CRM as industry application layer, Amazon Web Services Elastik Beanstalk (could be improved in a server-less fashion with lambda functions) for hosting the Java server with EternityWall timestamping library and finally the bitcoin blockchain as the reference blockchain. The hack was exquisitely hosted by BlockchainLab Milan, a large chapter of the Bitcoin community!