Authorization

The social layer is ironically key to Bitcoins security

A funny thing happened in the second half of 2018. At some moment, all the people active in crypto looked around and realized there werent very many of us. The friends wed convinced during the last holiday season were no longer speaking to us. They had stopped checking their Coinbase accounts. The tide had gone out from the beach. Tokens and blockchains were supposed to change the world; how come nobody was using them?
In most cases, still, nobody is using them. In this respect, many crypto projects have succeeded admirably. Cryptocurrencys appeal is understood by many as freedom from human fallibility. There is no central banker, playing politics with the money supply. There is no lawyer, overseeing the contract. Sometimes it feels like crypto developers adopted the defense mechanism of the skunk. Its working: they are succeeding at keeping people away.
Some now acknowledge the need for human users, the so-called social layer, of Bitcoin and other crypto networks. That human component is still regarded as its weakest link. Im writing to propose that cryptos human component is its strongest link. For the builders of crypto networks, how to attract the right users is a question that should come before how to defend against attackers (aka, the wrong users). Contrary to what you might hear on Twitter, when evaluating a crypto network, the demographics and ideologies of its users do matter. They are the ultimate line of defense, and the ultimate decision-maker on direction and narrative.

What Ethereum got right


Since the collapse of The DAO, no one in crypto should be allowed to say code is law with a straight face. The DAO was a decentralized venture fund that boldly claimed pure governance through code, then imploded when someone found a loophole. Ethereum, a crypto protocol on which The DAO was built, erased this fiasco with a hard fork, walking back the ledger of transactions to the moment before disaster struck. Dissenters from this social-layer intervention kept going on Ethereums original, unforked protocol, calling it Ethereum Classic. To so-called Bitcoin maximalists, the DAO fork is emblematic of Ethereums trust-dependency, and therefore its weakness.
Theres irony, then, in maximalists current enthusiasm for narrativesdescribing Bitcoins social-layer resiliency. The story goes: in the event of a security failure, Bitcoins community of developers, investors, miners and users are an ultimate layer of defense. We, Bitcoins community, have the option to fork the protocolto port our investment of time, capital and computing power onto a new version of Bitcoin. Its our collective commitment to a trust-minimized monetary system that makes Bitcoin strong. (Disclosure: I hold bitcoin and ether.)
Even this narrative implies trustin the people who make up that crowd. Historically, Bitcoin Core developers, who maintain the Bitcoin networks dominant client software, have also exerted influence, shaping Bitcoins road map and the story of its use cases. Ethereums flavor of minimal trust is different, having a public-facing leadership group whose word is widely imbibed. In either model, the social layer abides. When they forked away The DAO, Ethereums leaders had to convince a community to come along.
You cant believe in the wisdom of the crowd and discount its ability to see through an illegitimate power grab, orchestrated from the outside. When people criticize Ethereum or Bitcoin, they are really criticizing this crowd, accusing it of a propensity to fall for false narratives.

How do you protect Bitcoins codebase?


In September, Bitcoin Core developers patched and discloseda vulnerability that would have enabled an attacker to crash the Bitcoin network. That vulnerability originated in March, 2017, with Bitcoin Core 0.14. It sat there for 18 months until it was discovered.
Theres no doubt Bitcoin Core attracts some of the best and brightest developers in the world, but they are fallible and, importantly, some of them are pseudonymous. Could a state actor, working pseudonymously, produce code good enough to be accepted into Bitcoins protocol? Could he or she slip in another vulnerability, undetected, for later exploitation? The answer is undoubtedly yes, it is possible, and it would be naive to believe otherwise. (I doubt Bitcoin Core developers themselves are so naive.)
Why is it that no government has yet attempted to take down Bitcoin by exploiting such a weakness? Could it be that governments and other powerful potential attackers are, if not friendly, at least tolerant towards Bitcoins continued growth? Theres a strong narrative in Bitcoin culture of crypto persisting against hostility. Is that narrative even real?

The social layer is key to crypto success


Some arguethat sexism and racism dont matter to Bitcoin. They do. Bitcoins hodlers should think carefully about the books we recommend and the words we write and speak. If your social layer is full of assholes, your network is vulnerable. Not all hacks are technical. Societies can be hacked, too, with bad or unsecure ideas. (There are more and more numerous examples of this, outside of crypto.)
Not all white papers are as elegant as Satoshi Nakamotos Bitcoin white paper. Many run over 50 pages, dedicating lengthy sections to imagining various potential attacks and how the networks internal crypto-economic system of incentives and penalties would render them bootless. They remind me of the vast digital fortresses my eight-year-old son constructs in Minecraft, bristling with trap doors and turrets.
I love my son (and his Minecraft creations), but the question both he and crypto developers may be forgetting to ask is, why would anyone want to enter this forbidding fortresslet alone attack it? Who will enter, bearing talents, ETH or gold? Focusing on the user isnt yak shaving, when the user is the ultimate security defense. Im not suggesting security should be an afterthought, but perhaps a network should be built to bring people in, rather than shut them out.
The author thanks Tadge Dryja and Emin Gun Sirer, who provided feedback that helped hone some of the ideas in this article.
See also:
Leave a comment
News
  • Latest
  • Read
  • Commented
Calendar Content
«     2019    »
 1234
567891011
12131415161718
19202122232425
262728293031