Consensus 2018 #NYC ..The #Blockchain has you

I am excited to be attending Consensus 2018 It’s my first #Blockchain conference.....very different from the usual....in my past life conferences....I had a edge over agenda de-coding curating and making the most off the topics trends and work-stream specific manifestation and articulation. 

In short every conference gave a renewal to the incremental skill dimensions....and what I could bring back to the workplace, in the capacity of forward looking projects...

....this time the Topic is Blockchain and a wide variety of topics surrounding Cryptocurrency, Cryptography, Consensus protocols , interoperability movement in the Smart Contract Space of solutions and platforms, use cases already developed and use cases in the making, industry specific Blockchain governance , Regulatory aspects around Blockchain and Crypto.

I’m definitely looking forward to the fireside chat where Don Tapscott will light the fire and am hoping he will delve a little into the paper that he wrote for the WeF where he described how the Tapscott foundation joined hands with several folks and consortium's are defining the governance avatars on the Blockchain. 

I also hope I get to meet Vitalik, Vlad, Prof Gun Sirer, Prof Ben Goertzel, Laura Shin & Erik Voorhees ....it will be all my heroes in one place....

I have curated my strategy to attend most of the Supply chain for blockchain sessions. My primary focus would be to hear how the blockchain can demonstrate tangible benefits to SupplyChain, Procurement, Distribution and Asset Management, Trade Compliance , Provenance, and then do a few tracks on my favorite topics surrounding consensus protocols upgrade , cryptography& next big steps in the areas of enterprise adoption of Blockchain and also the whole sustainability aspects of mining/crypto-economics protocols.

Some of the stand-out SupplyChain agenda items are highlighted in blue :

1) Decentralized Electric Infrastructure

2) Layer 2 Blockchain Innovations

3) From Crypto Fiat to RegTech: Government Use of Blockchain Technology

4) Real Property

5) The Race Towards Technology Interoperability

6) Decentralized Networks: Strategies and Innovations

7) Compliance and Enforcement Strategies

8) Innovations in Cryptography I and II

9) Ports and Shipping Hubs

10) The Integration of Machines into Contracts

11) Jurisdiction Shopping

12) Investment I and II

....there are more, but these are more Blockchain specific, the rest are CryptoCurrency, CryptoRegulation, CryptoTrading, CryptoConsensus and several Fireside Chat format discussions with a Opening and a Closing Keynote.

So #Consensus2018 hoping my thirst for #Blockchain and crypto know-how quadruples after this conference.

Thank you #Coinbase 🤘

The Bizzabo app allows us to connect, so if you live supplychain in the blockchain realm of things let’s catch up at the conference and exchange ideas.....

Last year's playback is here and this one specifically "From Capital Markets to Supply Chain https://youtu.be/M2GOVr_CFKA https://www.coindesk.com/events/consensus-2017/video/day1/

Smart Contract Security , everybody needs a escape hatch

I’m a huge fan of Prof Emin Gun Sirer and what best could it be.... when your favorite #blockchain host Haseeb Qureshi is on the opposite site interviewing Professor Sirer. ....the output is a manifest of great content and a dope of continuous learning.

Thank you software engineering daily’s Blockchain podcast for this wonderful subject covered in depth.

This blog has been inspired by the discussion.

Prof Sirer (Cornell University) runs the IC3 and has been very instrumental and vocal about the whole Smart Contract space focusing a lot on its security aspects follow his blogs here http://www.initc3.org/

This blog discusses about an important topic of discussion around “Smart Contract Security, in the days of our lives”

The cryptocurrency and the blockchain world is currently the wild Wild West ....and the wild Wild West attracts cowboys 🤓.

Info graphic courtesy = me

Background

We will understand what a smart contract is and the nuances around it’s security.

What is a Smart Contract?

A program that can programmatically manage money flows or asset flows which is triggered by an event Or a condition to invoke the Smart Contract.

Machines decide what next steps to take based on event conditions 

All conditions have to agree on same sequence of “actions” and further act on the execution and then self execute the next logical programmed steps.

It can also be defined as a series of state transitions based on executed commands and their result sets published based on a consensus to deem Finality.

Quote Prof Sirer 

“Bitcoin was not meant to handle complex smart contracts vs Ethereum which is turing complete and can handle complicated smart contracts.”

Unquote 

Each platform is meant to do what is expected off it, for example a Decentralized Distributed Database must be used to send triggers to a smart contract and not load the platform with data and attribution.

Likewise Bitcoin network was supposed to only solve a peer to peer money transfer smart contract in a trusted Decentralized model.

It doesn’t have to be over engineered to attribute it to drive complex self executing exit criteria.

What can these Smart Contracts solve?

- bring economic parity in money flows and money distribution 

- insurance and other condition driven business use cases like a simple example that Prof Seirer uses is an insurance payout ...where parties A and B pay into the insurance node and if A meets with a bad event “a trigger is invoked to the payout smart contract” No questions asked “the system pays out without the involvement of the intermediary.”

Why Risk with smart contracts? 

What to mitigate?

Since these Smart contracts hold money primarily, its the dart board for the hacker, people just want to break it and exit with the money, in most cases anonymity doesn’t even allow to track down the hacker.

Let’s understand what those security issues are, which when compromised leaks a contract financially from irreversible losses at most times, leading to the founders of the platform having to Hardfork the chain at times to recover or stop the draining of funds from these Smart Contracts.

Security Issues with Smart contracts

- the Smart Contract language is a New Domain and is not very well tested and quirky and hence the platforms nacensy makes it hard to believe that it can be bullet proof.

- Biggest Problem: 

Cannot be modified once they are deployed/issued...unless the developer has put some mechanisms that can shield attacks against potential bugs or loose end entry /hack points.

- Can only do what it’s programmed to do(Atleast for the way the protocol is defined today)

"Security is often always an afterthought, but because of the foundational basis of the technology, there needs to be a depth of defense and building controls in every layer of the application." Quoted from IBM’s article on how the Blockchain needs to be protected from compromise even though it’s Decentralized.

Understanding the DAO hack

In the DAO hack there was a address that was draining funds out of the Smart Contract and the owner of the contract did not have any kill or shut off or escape hatch sequence of contract transitions.

I won’t go too much into the DAO hack you can read professor Sirers blog on hacking distributed.

So....the contract developers need to do it right the first time to safeguard the contract with different armour or escape techniques.

What are some of these different techniques 

Multi-timed contacts

Create mutiple contacts, by this ...the payout happens only when all the contracts agree to the state transition.

Let’s say there is a payout defined on a multi timed smart contract based on consensus trigger from all contracts and If there is an exploit or attack to the implementation of contract 1, the other 2 contracts execute a state transition that will shut off payout sequences or operative sequences that are vulnerable to attacks

However if the same group of people develop all 3 parts there will still be vulnerabilities to hack the sequence.

Escape hatches

Core concept resonates around the fact that when you detect Byzantine behavior the smart contract goes into a escape hatch, just like a tortoise going back into its shell to prevent a predator attack 🦊.

And the only way to return back to a operative state is by the owners trigger function switch for the escape hatch that’s protected by techniques like unique key or Throttling

Throttling examples :

Balance drop beyond acceptable limits triggers alerts.

If desired correspondence between tokens outstanding and balance goes below acceptable norms , stop payout transactions and freeze the throttle of funds.

Several encryption techniques can be used to secure smart contracts. This will lead us to understand how can data encryption be handled on a blockchain, if privacy leakage can be stopped.

Escape hatches, zero knowledge proofs, homomorphic encryption, public key encryption and many more

Conclusion

We can discuss these in more detail in another blog, but to summarize this post, all I’d like to say is that if you are writing a smart contract that holds money, try to make it like a Level 1 software intellect (a typical Level 1 sofrmteare used in Aircrafts that can bring a flight down if compromised) its money at stake...

Follow me on Twitter @tridipchakra

Further references 

Software engineering daily podcast 

https://softwareengineeringdaily.com/2017/10/20/smart-contract-security-with-emin-gun-sirer/

Hacking Distributed (Dr Seirer) http://hackingdistributed.com/