Transcript: Dan Larimer on Security and Deterministic Code #fomgl

On January 31st, The Government Blockchain Association organized a summit called The Future of Money, Governance, and the Law. At this event, government leaders from around the world discussed their 2020 plans focusing on blockchain technology and cryptocurrency. Among Tim Draper and blockchain’s inventor Scott Stornetta, Dan Larimer was a keynote speaker. As always, his keynote was stuffed with insights, analogies, and examples.

Here’s a fully searchable transcript of his keynote and Q&A, enriched with a table of contents:

Questions and Answers:

(Bryant Nielson)

So, in continuing with our overall theme of today, we started this morning with a keynote by Scott Stornetta, literally in my mind to the man who created blockchain. Our next speaker is Dan Larimer. Now Dan is one of the leading innovators, engineers, and thought leaders in the blockchain space.

He is the co-founder of an array of successful blockchain companies. Most notably the decentralized exchange BitShares, the social media network SteemIt, and Block.one, publisher of the EOSIO protocol. All providing industry and enterprise-grade blockchain solutions, utilizing the widely adopted Delegated Proof-of-Stake consensus mechanism which he invented.

He is recognized as an industry pioneer and Dan is one of the high-profile figures in the blockchain arena. At Block.one, he is the head architect behind the EOSIO software, which is engineered to run highly scalable blockchain applications. He is an alum of Virginia Tech, where he currently serves as a guest lecturer and curriculum advisor. Ladies and gentlemen, let’s welcome Dan from Block.one.

Hello everyone. It’s really great to be here today. I normally don’t like to stand behind a podium but they don’t have one of those wireless mics, so we’ll see what I can do.

Blockchain seems to be the hot topic of the day and it’s a topic that I think has a lot of different meanings, a lot of different interpretations of what it is, what it’s good for, what its limitations are.

What I hope to leave you with today is the idea that blockchain is a universal technology. That it fundamentally changes every aspect of every business that we do. I’m going to show you how the existing infrastructure that we rely on, is fundamentally broken and why we need blockchain.

Security is fundamentally broken

For the past 25 years, we’ve been designing systems with servers. Security has been an afterthought.

We add passwords and then we add SSL to prevent people from getting the passwords as we communicate with the server;
Then we find out that people hack servers, and they get the passwords out of the database.
So, we start hashing the passwords, we store on the database, but that’s still not good enough.
So, now we have to rotate our passwords all the time so that by the time someone brute-forces the stolen password database, our passwords have changed.

We keep layering on hack after hack after hack, trying to solve the security problem, that’s broken at the very start.

So let’s think about how systems are designed today.

When you have a server, we make the assumption the server is secure and we built in a web application. The web application is usually divided into two pieces.

You’ve got the application logic, whether that’s your PHP or node JS or your Java.
And then you’ve got your database, whether it’s your Oracle, your SQL or whatnot.

And the application server is talking to the database and it’s logging in with a password. All the changes to the database are being made through the password of the application server.

Then the user talks to the application server, presents credentials to the application server, the application talks to the database, checking “do these things match?”, and if so, it makes all the changes.

There’s no traceability anywhere in the system. At any time the admin can modify the database, and even if the admin is trusted, what about the application logic then? What code is running there? Is it reproducible?

We have these massive systems. They’re taking inputs from all these users, and we have no way of reproducing and verify that it’s legitimate, which creates huge security issues for businesses everywhere. Billions of dollars are being spent trying to lock things down and it’s just not working.

Blockchain brings value, even if it’s completely private

Blockchain is the solution to that. But there’s a problem that a lot of people believe that blockchains are not scalable enough, they’re too difficult to use or that they’re limited in the application.

I want to dispel some of the myths about where blockchain can be used and where it can’t be used because I believe that if you have a multi-user website or service, whether it’s private or external, that it needs to be built on a blockchain and it needs to eliminate passwords and replace it with hardware base keys. That’s the future.

We don’t need to be looking at:

Can blockchain be applied here?
Can it be applied there?

All you have to do is ask yourself:

Do you have a database?
Do you have more than one user?

And then, you need a blockchain.

So, a lot of people, focus on blockchains only being valuable for businesses and parties that don’t trust each other. But what I’m saying here today is that a blockchain can be valuable even if it’s only run by a single company. And even if it’s completely private within that company, it’s still providing value.

Blockchain is not just a system for tokens. It’s just not just the governance system with all these communities. It can be incredibly useful just inside your business.

Analogy: The Hacked Exchange

I’m going to step back out and talk about the analogy of one of the ways that I was hacked when I was dealing with an exchange.

One morning, late at night, I get an email and in that email, it says that my password has been requested to be reset.

I’m like, “that’s odd. I didn’t request that”.

The next thing I know, I’m getting an email that my password has been successfully reset.

“Uh oh, this isn’t good”.

Then, about 30 seconds later, I get another email saying that a request has been made to withdraw all my Bitcoin from the exchange.

Oh, uh, because 30 seconds later I get emailed, “Oh, thank you. Successfully authorize your Bitcoin has been withdrawn”.

I just lost, you know, I think about $80,000 worth of Bitcoin I had on this exchange. And asked, “how could this happen?”.

At first, I thought, maybe it was my email account that was hacked. I log on to Google and Google says, no unknown IP addresses or locations have logged into your email. So how exactly did my email get hacked? Or how did my funds from the exchange gets stolen?

Well, it turned out that the exchange itself was hacked and that rather than hacking my email, they were sniffing on the outgoing email from the exchange. So, when the exchange generated the email to send it to me, they got the code right out in the send it right back in. And when they send me the SMS text message, they pulled it right out of the exchange database, fed it back in, and my tokens were lost.

Now, fortunately, this exchange recognized that they were to blame because my email was secured by multifactor authentication, and they realized that they had been compromised.

Authorizing Users and Their Actions

This is the exact same problem that every single business has when they try to authenticate their users. When you’re trying to authenticate your users, you want to know, that they’re the ones that are authorizing things, right?

Imagine Twitter as an example. You’re an executive that’s using Twitter and all of a sudden a tweet goes out and that tweet does something that moves the markets, potentially illegal.

If you’re a publicly-traded company, you’re not allowed to say certain things.

Who’s the blame? Did the user publish it? Did someone inside Twitter, manipulate the database? Did a hacker come in and change the records?

This is the problem we have when we rely on password-based authentication or even when we use multifactor authentication, whether it’s SMS or Authy, or Google authenticator, all those tools we have today.

And the problem is we don’t have an immutable traceable audit log of signed, authenticated messages from each user.

Every system we have in society can be modeled after a sheet of paper system, where people are making signed statements. Do this, do this. Given a set of signed statements and the order in which they were received and processed, combined with deterministic business logic, we can reach consensus. We can, we can know what’s supposed to happen, what’s not supposed to happen.

The power of blockchain is really combining consensus, deterministic execution, and signed messages that can be independently verified. It’s those technologies coming together that provide the security that we’re looking for:

That security exists whether it’s a blockchain run by a single company, or whether it’s a decentralized network shared by many companies.
That security exists, whether it’s all private or whether you commit publicly to the hashes of your data.

So, if you have a blockchain and you’re logging every single message from every single user, and you’re signing those messages, now you can prove to anyone who said what and when.

Now you can agree on the outcome that’s supposed to happen.

Achieving Deterministic Results without Blockchain

So what if you wanted to achieve some of these things without blockchain?

Because that’s the argument that a lot of people make is that we don’t need blockchain.

“I can do all that with a regular database.” “I know you can use a YubiKey to log into my Google account, isn’t that secure?”

And the answer is, all of the existing technologies there are authenticated the connection to the application server. They’re not providing an audit trail that anyone can come afterward and verify that you did indeed authorize it.

It’s like showing your ID to enter the club. He says, “Yes, you are allowed in”. Now you can go in and do things, but no one can prove what happened after the fact.

So it’s like you show up to a bank, and the bank teller verifies your identity. You say, “Hey, I’d like to transfer some money from one account to the next”. The bank teller enters it on the computer, transfers the money.

Where is the record that they actually verified your identity?

Now it gets worse than that. Cause the bank teller doesn’t actually just transfer the money. The bank teller turns around and talks to a system. Now, if this would be the database, they say, “Hey database, update the balance from this balance to this balance.”

Even if you logged everything and have it in a database, it’s just tracking the reads and writes. It’s not tracking the intent of the users in the system. And that’s a really big gap.

Blockchain is about Deterministic Code

So, if you’re trying to build a system without a blockchain and you want to have traceability and auditability, you need to have deterministic code.

Deterministic code is incredibly difficult to write.

This is the thing that blockchain developers are experts in, but the typical developers building your web application is not an expert in writing deterministic code. And it’s really, really easy to get it wrong.

So the purpose of deterministic code is that if you’re given the same inputs, you get the same outputs.

If your code is not deterministic, then you can get two different interpretations of the world. One database says, this is my balance, and over here my balance is something else.

Sometimes even a single bit of difference can compound, over many, many actions to be very different states, particularly if you’re dealing with financial systems, exchanges and so forth.

So, writing deterministic code is actually the heart of consensus.

Consensus is two parts:

Agree on the order in which things came in and …
then agree on the rules that we’re going to apply to that to derive the state.

For example:

In some cases, it’s what your balance is
In other cases, it’s what you said on social media, when you said it, how many points you are and whatnot.
It might be an auction, who got the bid in first?
Or it might be your school and your grades, or certifications,
… your identity.

All these different things are derived calculations based on the sequence in which people submitted their data.

So deterministic code is critical.

But if you try to write deterministic code in existing frameworks, if you’re going to use React, or Node JS, or Java, and the developer allows their code to touch anything, a memory address, a random number, anything that’s not coming from the database itself and you’ve just introduced non-determinism.

Prove to yourself that you’re doing it right

You can’t reproduce the calculations based on the user inputs to derive the database state in a way that you can:

Trace and prove to an auditor,
prove to yourself that your business is doing what it said it would do

That’s what this is all about really: we’ve got businesses, we say we’re going to do things a certain way and now we need to be able to prove to ourselves that we are indeed doing them that way.

And then when billions of dollars go missing, we know exactly how and why they went missing.

When there’s a bug and something doesn’t go down right, you want to know why. You want to be able to reproduce it. And if you’ve lost track of who said what and when, you can’t come out and fix it after the fact. The database is just wrong, and now you’ve got a real mess on your hands.

Achieving Deterministic Code without a Blockchain

It might be possible to have really talented developers implement a really secure database solution that:

salts all your passwords right,
encrypts all your connections right,
makes your business logic deterministic,
logs all the user inputs …

… does everything that a blockchain does, but it’s not a blockchain.

It’s going to be very costly to build your applications that way.

So what we’re doing at Block.one with EOSIO is we’re creating software that makes it really easy for anyone to build web applications on top of a database that’s highly performant, that runs in a deterministic manner and produces an audit trail. Where every user action is signed by a private key.

This is a future where passwords are eliminated and that makes things even easier for end-users.

If you’re dealing with passwords, you’re doing it wrong

So if you’re dealing with passwords, it’s already a problem. You’re already doing it wrong.

And we’ve been doing passwords from the very beginning, from the very first web services.

So it’s not a question of “is blockchain applicable in my industry?”.

If you have a database and you have multiple users, a blockchain is 100% necessary and it’s not a question is “can blockchain scale?”.

Blockchains have to scale, because trying to reproduce the benefits of what blockchain provides without doing a blockchain is a lot of work.

It’s like asking your developers to just roll your own password management system, just roll your own second-factor authentication, roll your own cryptography.

You don’t do that because it’s, it’s a lot of extra work and it’s incredibly error-prone.

What we’re doing is we’re taking blockchain and we’re making it fast.

We’re making it easy to develop for so that you can get all the benefits of traceability, auditability, ease of use, decentralization if you want it, without having to roll it all yourself and try to secure your systems.

Move to a blockchain, you’ll be in trouble if you don’t

So this is a very fundamental technology and if you’re not investigating how you’re going to move your system to the blockchain, it’s going to be a big problem when it becomes best practices.

It’s my opinion that eventually:

failing to move your systems on a blockchain is like putting passwords directly in your database without salting it;
like hosting a bank without SSL.

It potentially is negligence in the future, once the technology is there. And I know the technology is just about there because with EOSIO we’re processing tens of thousands of writes a second, of user actions supporting large databases. We’re getting the development environments in place.

So, it’s not too long before you’ll be able to build and deploy web applications, mobile applications that use a blockchain application or database server on the back-end faster and cheaper than you can do it with today’s existing technology.

So, that’s where I think the technology is going. That’s why I think blockchain is critical for every business that cares about the integrity of its business model, accountability for its actions.

Blockchain allows Businesses to Communicate more Effectively

And there’s another element to blockchains; it actually allows your business to communicate more effectively with other businesses. Because if your business publishes the hash of its blockchain, it can now prove things to other businesses. It’s what we call an inner blockchain communication.

When I can prove that a transaction was signed by my business and then you can use it in your business.

Something as simple as wanting to verify that someone’s got a degree:

Today you go to a web portal and the college has to mail a copy of your transcript in a sealed envelope to your employer;
But with the blockchain, I could just prove that I have a degree because I’ve got a transaction. I can just submit that and they can verify independently.

So …

… blockchain is fundamental and it can be used to transform our voting systems, our money, our accounting systems, our HR systems;
… every database that we use today can benefit from the blockchain and it will benefit from the blockchain.

And it has benefits even if it’s completely private, run by a single individual, or multiple parties within a company or across multiple companies or in a completely open and decentralized manner. Blockchain still has benefits.

So with that, I like to open the floor for any questions that anyone has about where they think blockchain can’t be used or, or if they have any questions about what I’m saying with respect to its universal application.

Questions and Answers.

Blockchain for Electronic Healthcare Records

I just wondered whether or not you’ve approached any of the EHR vendors, the Electronic Healthcare Records vendors, to talk through the benefits of what you’re proposing here.

Health records, classified documents; these are all things that have a certain permission structure associated with it. And what blockchains do is they allow you to authenticate users and verify signatures.

I have not directly approached that, but this question is a very common question. I started with bit shares, creating a decentralized exchange, and then I went to social media. If you can do those two things, you can do pretty much anything.

But what I realized is there was a lot of work to have to create a whole new blockchain to do social media after creating one blockchain for doing an exchange, which is why we created EOSIO, so that it’s a lot easier for the next person, whether they’re doing healthcare, to quickly adopt the technology without having to be an expert in creating the blockchain technology.

So I think that’s a wonderful application and it’s actually an application where a private blockchain makes a lot of sense:

You don’t want the health records to be public, but …
you DO want a record of everyone who accesses them and …
you want to make sure that they are authorized and the ability to retract it.

And those are all things that can be tracked on a blockchain.

Blockchain at Universities

My name is Ryan Cooper. I work at Boise State University. I run the blockchain association club there and I just had a question. Is your company willing to work with colleges to assist with use case solutions?

Yeah, we’re working with Virginia tech and some students there to create various solutions for blockchains for everything from combining the token model to create local currencies on campus, to using those currencies to prioritizing scheduling and classes. For tracking football tickets and be able to sell and transfer tickets.

There’s a lot of things you can do at universities and Block.one does work with Virginia Tech and potentially other universities to see these types of things created. But once again, a university has multiple users, it has a database, lots of databases. Everything from class schedules to grades to attendance records. All those things are perfect things to integrate into the blockchain.

Public Blockchains are Broadcasting like Radio Stations

Just for the benefit of the audience, could you talk a little bit about your upcoming voice product and the advantages it has over a centralized social network?

Sure. So, Voice is a social media platform 2.0. The idea is to put the content on the blockchain to have real identities so that everyone knows it’s real. Everyone knows who said what.

But also so there can be an incentive model, uh, to incentivize good content contribution.

Everyone knows, uh, that these are real likes and to secure the account.

The example I gave earlier: if you’re an executive of a public traded company and all of a sudden your Twitter account says “funding secured”, did you actually say that or did you not?

These are all things that would be solved on Voice, which rewards users for contributing content that is liked by other people. And that is a huge benefit of blockchain. And if it can be used for social media, it can be used for HR, it can be used for medical records.

And it’s also demonstrating that:

blockchain is ready for prime time;
we can handle a large user-bases on blockchains and …
pretty soon that inter-blockchain communication really allows scaling and cooperation between different companies with their own blockchains.

Having everything on a public record helps them for example in case of censorship. That’s huge because a single website might have to take it down. If it’s on a blockchain, everyone still knows you said it.

A blockchain is a kind of like a radio station in that way. It’s broadcasting on the air. Everyone can be recording it. And if you can authenticate what everyone’s saying that “Yes, someone really did say that on the air”, then everyone can reach consensus, because they’ll have a copy. They all know the order and they can all authenticate who said what. And then once it’s been broadcast, there are no take-backs.

And the role of consensus algorithms, whether it’s Proof-of-Work or Delegated Proof-of-Stake is basically a DJ who gets to go on the air and broadcast the messages.

If you’re a private company, well, you get to decide. But if you’re a decentralized system, then you can use voting to decide or maybe who pays the highest fee to decide.

Fundamentally, there’s a broadcast channel, you’re broadcasting to the world, and when the whole world can receive the broadcast, know the order that it was broadcast in and verify who said what because they’re using public-key cryptography, it’s really powerful.

Second Layer Solutions and Enterprise Adoption

Kirsten Pomales Langenbrunner: So I was curious as to what your thoughts on are on second layer solutions that are interoperable with multiple blockchains, opposed to everyone building their own blockchain. What role do you think second layer solutions have in creating more adoption and specifically enterprise?

Sure. All right. A second layer, let’s define the layers.

You’ve got a blockchain and the blockchain is, I guess, considered the first layer. And on that layer, you’ve got a record of all the transactions that are going on. And the idea is if that layer can’t scale, you try to do it at a layer above it.

Well, the layer above it is another blockchain in my view. In theory, every user in this room could have their own blockchain.

Imagine if every time you said something to anyone, it was logged in your own personal blockchain and you were signing to it and everyone could verify that you said this, then, then it’s just a matter of each person understanding where their blockchain is relative to everyone else. And so now you got to blockchain who is the first layer? Who is the second layer?

Then there are applications that try to deal with the private keys. This is your client, and it’s basically your voice, because your keys and what you’re signing is actually critically important, because you can be deceived into signing something that you didn’t mean to sign, right? “Sign this paper and, and you’re signing a hash.”

You need to have a tool in your toolkit to show you the contract that you’re signing, and it makes sure that you are agreeing to what you think you’re agreeing to. And that’s another layer.

But what I see too often happen is people say, well, the second layer is I’m going to use a regular database and traditional systems where blockchain doesn’t scale. I think that’s actually a step in the wrong direction. It’s saying, “well, blockchain can’t do this, so therefore we’re going to use the other thing. We’re going to call it another layer” and so forth.

So without getting into particular details about what’s at each layer, I think this layered approach is only really relevant if you’ve got a view of one blockchain to rule them all, whether it’s EOS or Ethereum or Bitcoin and everything else has to be a layer on top of that.

But if you have a view that each and every one of us and every single company can have one or multiple blockchains, and they’re all talking to each other, then there are no layers.

Everything is blockchain and key management, and then deterministic in (?) state from once we’ve established the global order of who said what and when, as well as agreed upon, what code we’re going to use to interpret it?

All kinds of things are possible. We don’t need to rely on traditional databases to make up for blockchains aren’t fast enough.

Ironically, when we’re developing Voice, we ran into a problem where PostgreSQL, the database we were mirroring the state of the blockchain into, it’s actually the bottleneck, not the blockchain itself.

And that’s because the databases – I got to read something, to do some calculations, putting that back and forth – is actually very, very slow on traditional databases.

When you can take the application logic and the database, and put it in the same process, in a smart contract, that’s a stored procedure on steroids.

It allows you to have very fast, read, do-some-logic, write, systems in an atomic fashion, that you can’t do with a regular database. Regular databases scale very well for lots of parallel reads, but they’re still bottlenecked for any writes where you’ve got lock contention. But that’s where you have multiple blockchains and there is no layers.

Government’s Role in Blockchain Adoption

The subject is a future of money, governance, and law. I was just wondering from the perspective of how you run Block.one: what role can the government have to facilitate further innovation, adoption, and incentivization of this technology?

So I think blockchain is fundamental and it could really transform integrity in our society.

If we can bring integrity to our financial system, to the banking system:

we shouldn’t have banks going bankrupt;
we shouldn’t have segregated funds where Trillions of dollars disappear;
we shouldn’t have the Pentagon telling us “Oh, we lost $2 trillion. Don’t know where that went.”

These types of situations, where we expect accountability, like voting. With blockchain, it’s possible to have a voting system that’s secure at the information level and doesn’t depend upon a particular voting machine or a particular app.

You should be able to write your own client to cast your own vote and to count the votes and still have your voting privacy. That’s all possible from the blockchain. Those are all things that are relevant to the government.

Don’t Regulate Blockchain Technology

I think it’s really critical that people understand that there’s nothing special about blockchain from a regulatory perspective. It’s just another application slash database technology put into one.

And those applications can be highly regulated applications, like an exchange, or very unregulated things like maybe your book club, wants to track who’s doing what.

The technology itself does not need to be regulated.

If there were to be any regulations that could be helpful:

it might be mandating blockchain adoption;
it might be requiring the use of hardware keys;
it might be requiring provably fair elections.

Those are things that I think the government could do. But limiting blockchain or treating blockchain-based tokens differently than non-blockchain based tokens, I think, is really blurring the lines as well, causing a lot of confusion.

We don’t need a BitLicense that’s treating these things separate from any other security out there. Something is either a security or it’s not, it doesn’t matter what database you’re using to track. It doesn’t matter that it’s more secure.

Blockchains have allowed things to become so much more efficient, that it’s been a lot easier to create things that you can trust. They have value.

You could create Bitcoin on SQL and a server somewhere, but it’ll have no value.

The same thing built on a blockchain has tremendous value. But if you try to do Bitcoin on a server and actually even back it by real gold, those types of things get shut down and treated differently even though fundamentally it’s just technology.

It’s just a tool. The regulations don’t need to account for that other than best practices, like SSL and so forth.

Thank you.

I’m not the right holder of the video. I re-published it for the purpose of studying and transcribing it, as the original is not embeddable. If GBA or Block.one publishes a video, I’ll embed that one.