Ever since The DAO was exploited people have begun questioning whether “Code is Law” is a practical philosophy. Today I want to challenge the notion that “Key is Law” or “Key is Identity”.
Everyone knows that if someone gets ahold of your private key, your funds will be gone without recourse. This means that property rights are defined by the ability of a person to maintain a secret.
Impossible to Secure Secrets
Maintaining secrets is practically impossible for the vast majority of the population. The only solution that has been reliable is to use multiple signatures from keys stored on different devices.
Normal people are not capable of, or do not want to be responsible for, securing secrets. It is too much stress. One wrong move and you are either locked out forever or your funds are compromised.
Securing Life, Liberty, and Property
My mission has been to find free market solutions for securing life, liberty and property. In this case, we need more robust solutions for securing cryptographic property.
Property is an abstract concept. It is the idea that something belongs to an individual, a social convention that facilitates trade and trust.
Private keys are an identity verification system. They provide strong evidence that a particular individual made a particular statement. But this evidence depends upon a secret being maintained. Not just any secret, a secret so long and complex that people cannot easily remember it. A secret so long that it impacts usability.
A system that replaces real identity with imperfect evidence is fundamentally broken. It will not get people justice. People will not feel secure. A better solution is needed.
Identity vs Evidence of Identity
Blockchains create a public record that tracks who owns what. Private keys are used to sign transactions so that everyone can validate all property transfers and eliminate any disputes over who owns what.
The problem is that private keys are not an identity. They are mere evidence. Disputes can still arise when two people both have access to the same private key.
It is tempting to say that Keys are identity, but this would be mistaking the map for the reality. This stance does not map to peoples intuitive sense of justice. It is an engineering cop-out designed to evade the hard problem of governance and dispute resolution.
Governance Occurs Anyway
We have seen with The DAO, Bitcoin, and Steem hard forks that in the event of a bug, exploit, or theft that the community can and will take action to get justice.
I have long been an advocate that ignoring a problem doesn’t make it go away. If you don’t provide a governance structure then an informal one will be created. If you are unable to achieve a workable governance model then progress will stall and people will leave.
Social Identity
On a social network we have a new kind of proof, social proof. We know who people are and generally know when someone was hacked.
Unlike money, posts and votes made by an attacker are often clearly out-of-character for someone. This makes it very obvious to everyone in the social network that an injustice has occurred.
Social Costs
When an account posting key is compromised everyone loses. All of a sudden someone’s feed can get filled with ads, their hard earned steem power (aka reputation) can be abused. They can vote up garbage, vote down good stuff, or simply flood the network causing congestion for other users.
New Solutions are Needed
The rules of Bitcoin and other crypto-currencies do not apply the same way to a social networking blockchain. It is a different market with different requirements. Here are some of the things that the network should be able to reach consensus on without requiring a hard fork.
- account theft and return to original owner
- posting authority theft and temporary censoring
Account Owner Theft
An account can only be stolen when the owner key changes. In many cases it is easy for the public to identify the real owner and in 99.9% of cases, accounts are not bought and sold. In fact, it is in the blockchains best interest to prevent accounts from being bought and sold and thereby enforcing the vesting period.
The following proposal assumes that account owners can “opt-out”. An account that opts out will assume full responsibility for the protection of the owner key. In other words, those who opt-out have no grounds to ask for a hard fork or other intervention in the event they are hacked.
For everyone else who prefers the security of the community we have a new proposed solution.
- for N days after every owner key change a dispute may be raised
- if a dispute is raised, witnesses can vote on whether or not to override the owner authority.
- to prevent abuse, raising a dispute costs a lot (say $1000).
- after N days no dispute may be raised and witnesses have no power to change owner authority.
- the account holder can specify how many days review can last.
- by specifying an infinite review period, witnesses can be used as a last-resort password recovery system.
Account Posting Theft
It is not reasonable to expect that posting keys will not be stolen, especially because they are often kept live and cached within a web browser. The entire network needs a means to silence spam spewing from compromised posting authorities.
We suggest that any account can temporarily disable the posting and voting of another account until that account logs in with their active or owner key. This is a kind of identity challenge that will prevent hackers from abusing the platform.
To prevent abuse and to compensate the individual for proving they have the active key, the challenger will have to transfer about $10 worth of STEEM to Steem Power in the challenged account. Accounts can be limited to one challenge per day to prevent excessive harassment.
Friends and Family Multi-Sig
The last level of security for an account is for people to add their friends and family as multi-sig co-signers on their owner authority. In this event an attacker would have to compromise the active keys of the majority of someones family before they could compromise their identity.
In fact, a properly functioning and secure blockchain would have every account “owned” by a group of other accounts. The larger the group and the more the account holder trusts the group, the more secure the identity.
Social Media is the key to Blockchain Security
Having a social platform is the best and easiest way to get all of your friends and family online and available to secure your account. Imagine Facebook friends on steroids. Your most trusted friends and family become the source of your identity and their collective word (active key) secures your identity and account.
Conclusion
Steemit is still a young platform, but it is building the foundation for a much more robust and secure financial platform than can be provided by private keys or primitive multi-sig alone.