On Bitcoin, Part 2:
Centralised Trust drives Centralisation
Trust is a difficult topic, and involved in almost everything we do. Trust between human beings is what keeps our society together, but doesn’t scale. So as the next best thing we have to trust in organisations and functions, starting with the split of power into legislative, executive and judicative that has evolved over centuries as a way to put checks and balances in place to prevent abuse.
In our digital world, the perhaps most important executive function for our trust is held by so-called Certificate Authorities (CAs), although their initial name, Trust Centres, might be more descriptive to what they do. CAs are the single points of failure for management of digital keys, and consequently security on the internet.
They decide whether your device trusts another computer or service. Whenever your device wants to know whether a connection is secure, or whether it can trust some data or service online, it looks for the signature of a Certificate Authority it has been programmed to trust — usually by the vendor of your computer, software or browser.
That brings with it a lot of challenges which are described also in more detail in Game of Keys: Too Much Information About Certificate Authorities. The short summary is:
Any CA is a single point of failure for all your security.
The high cost of CAs drives a consolidation that already reached a point where more than 50% of the web now depends on a single CA. So a single organisation, in a single country, funded by several of the largest internet companies as a kind of “sponsored public utility” has become a single point of failure for much of our security.
There are many people, even renowned security experts, who say this “works well enough.” And it has been very successful. But it has also been very good at increasing concentration of control in the hands of a few. Because of the costs involved there is a strong motivation to optimise for scale, which primarily benefits the largest players.
The result is a natural oligopoly which is then also well positioned to leverage its position into other use cases, such as document signatures. As of today, virtually all governments have signed the power of digital signatures over to this oligopoly. It’s a return to our medieval roots, where people had to go to the church for documents and contracts, because monks could read, write and act as root of trust.
For a digital society that is not following the power structures of medieval feudalism, we require decentralised key management based, starting with the basic application of allowing people to sign for themselves, which requires them to take control and ownership of their own digital identity.
Who watches the watchmen?
But true ownership requires independence from intermediaries. The next best thing would be to have functioning competition between a sufficiently large number of intermediaries, so that people can easily choose and switch between them.
Today, we have neither.
As it turns out it is very hard to establish a system of intermediaries that has sufficient competition. Larger intermediaries seem to be more efficient, and easier to control. Also, it is far easier to know them. When there are many competing intermediaries it gets much harder to find out which of them are trustworthy — and which are not.
This is not a new problem, and one for which we have come up with best practices. One such system are notaries. They are widely accepted intermediaries offering a couple of services, such as identifying people who come before the notary and authenticate the execution of certain documents. That system may scale well locally with fewer transactions and participants, but often performs poorly when going international at scale.
Becoming a notary is a process regulated by the government that is expensive and time consuming. The government is the ultimate intermediary responsible setting up regulations to warrant that notaries are trustworthy. Usually this is done by an ancient kind of “Proof of Stake” system, overseen by local professional associations. Consequently, being caught violating the trust placed in them, notaries stand to lose their investment into reputation, profession and livelihood.
As long as there is strong local oversight, this system has worked fairly well for communities inside a single country. But internationally, oversight and audit of the involved processes and different participants gets much harder. That’s why we added another layer of attestation, the so called apostille, which is a “super attestation” by the government that the notary in question is real and in good standing.
So you need to visit not one, but two offices, and pay additional fees. The result is a lot of paper that is systematically prone to fraud because it is near impossible to directly verify the attestations made in other countries for their apostilles and notarisations.
This system is currently fully analog, cumbersome, expensive, slow, and fragile. And simply adding a digital layer of electronic apostilles does not necessarily solve the underlying inefficencies. Whenever electronic apostilles are managed by central trust providers on behalf of governments, we are adding one layer of complexity.
These legacy approaches were the best we had until Bitcoin, and the follow-on innovation around distributed ledgers as a technology. There are many interesting blockchains, and fascinating ideas in this whole domain, but it’s Bitcoin that has ultimately settled into its role over the past 18 months.
Bitcoin is rapidly becoming the de facto global settlement layer — the ultimate reference for whether something happened, in this way, at this time. In other words: It is the intermediary of last resort of which anyone can run a full node to verify all and any data at any point in time without needing to ask for permission, and without needing to trust any organisation, government or person. It is global, immortal, incorruptible and indominable.
That makes it truly unique, and invaluable.
It also happens to be Open Source, and community driven.
Normally, if you wanted to create and maintain such an infrastructure for all of humankind, it would be exorbitantly expensive, not to mention fraught with challenges until it could deliver a similar value. But Bitcoin already exists, largely built itself, and delivers this function almost for free, as a collateral benefit of its other function.
But what about the capacity limits?
Bitcoin is well known for its comparatively small transaction throughput: It writes roughly 1 megabyte per 10 minutes. That’s an approximate 3.3 to 7 transactions per seconds. Not a lot for an expected 10 billion people. Which is why several technologies have been built on top of Bitcoin to provide scalability and security for any number of applications.
Lightning is the most well known one, and allows for a global, efficient, instantaneous payment network that is expected to handle a minimum of 1 million transactions per second. For comparison, Visa does around 1,700 transactions per seconds on average. Projects like RGB work to build scalable smart contracts at low cost on top of Lightning.
But there is also merged mining, which is basically using the Proof of Work calculation of Bitcoin to secure another chain that can have wildly different properties, it could even be a private or corporate chain. There are several chains that have been using this successfully.
The latest addition to this is æternity with its recent Hyperchains hard fork, which enables it to switch to a consensus model secured by Bitcoins Proof of Work. æternity is based on Erlang, partially written by some of the inventors of Erlang itself. In combination with a couple of other design decisions this gives it a couple of very interesting properties that will need to be reviewed in a separate article to explain why æternity is being highlighted in this context.
For the purpose of this article the above should make clear that Bitcoin is already workable as a trust anchor for any number of use cases, with any number of users or transactions, all of which inherit the security of Bitcoin itself as part of their operation.
Bitcoin can in fact secure each and any use case on our planet. In doing so, it can eliminate a lot of intermediaries, Certificate Authorities included.
The basis for that to happen is re-usable proof of identity, something that Microsoft has recently rolled out with its ION Network announcement. Designed in the Decentralised Identity Foundation, ION allows users of Microsoft ActiveDirectory in Azure to create decentralised identifiers based on the recently published W3C Decentralized Identifiers (DIDs) v1.0 standard. Microsoft built this system such that these verifiable credentials are being secured by Bitcoin.
All the building blocks are basically ready to be deployed. Anyone in the software freedom community could take them and build truly decentralised systems, like the superhero.com decentralised social network that æternity is working on.
Bitcoin is the perfect basis for this not despite its limitations, but because of them.
While the developers of Bitcoin are working to improve security, scalability, privacy and some capabilities, they are doing so very carefully because there is so much at stake. Bitcoin basically does one thing only, but it does that one thing very well. This principle of good technical design has proven itself over time.
Adding more function to it would bloat it unnecessarily, would always come at a cost to security, and it would very likely make the ledger grow much faster. By adding only one block of 1 megabyte each 10 minutes, Bitcoin ensures that anyone in the world can run a full node to verify the entire network — even in places where internet connectivity might not yet be great. All you need are a Raspberry Pi and a hard disk. And if you’re not technical, Umbrel has you covered.
In other words: Anyone can become their own intermediary, run a full node, verify the entire ledger, and establish their own trust into the rest of the world — as thousands of people across the world are doing already. There are very few things in the world that are equally democratic and transparent.
This is the second article in a series of six, exploring my personal take on Bitcoin, including its relevance, technical properties, environmental impact, social relevance and significance for software freedom. Articles will be published every couple of days. Here is a list of what has been published so far:
- On Bitcoin, Part 1: Can Software Freedom succeed without Bitcoin?
- On Bitcoin, Part 2: Centralised Trust drives Centralisation (this article)
- On Bitcoin, Part 3: Money, banks, and other financial intermediaries
- On Bitcoin, Part 4: New Opportunities
- On Bitcoin, Part 5: The boiling oceans
- On Bitcoin, Part 6: The (mood) swings
- On Bitcoin, Wrapping Up: Where next?
Links to follow-on articles will be added here as the series progresses.
Follow me to be notified when the next one comes out.