Why I can't sleep soundly with blockchain, being the cypherpunk

Sergey Matveev stargrave at stargrave.org
Tue Aug 29 22:36:54 PDT 2017


Greetings, fellow cypherpunks!

There is so much hype about blockchain technologies! Everyone is
fascinated about it, dream about wonderful bright cryptofuture, and
stops talking with me, when hears that I do not find blockchain either
interesting or useful.

Why I do not like blockchains? Actually *if they would work*, from
cryptographic point of view, then I have nothing against! Distributed
trusted databases, timestamps and consensus making are great things to
deal with. But unfortunately I see that at least Bitcoin (the biggest
blockchain in use) has already failed without human-initiated
regulations[0]. It failed from *cryptographic* point of view.

I am cypherpunk and I am very interested and excited about cryptography
subjects. Why? Because all of that is based on math and assumptions
about practical impossibility of reverting many functions (you know,
some kind of "2^100 of operations are required for ..."). It is valuable
because you do not have to trust and rely on people *at all*. Well,
except for cryptographers and similar scientists. People are the problem
#1 in all security questions. They can be bribed, all of them have their
price. They are error-prone, not reliable, lie and misbehave easily. I
can not sleep soundly, knowing that I depend on some human. Cryptography
world gives unbelievable possibility to eliminate them!

If I can easily remember relatively long passphrase (100-120 characters
in practice) as a key to proven strong authenticated encryption
algorithm, then I am confident that my data is safe. I can use
eavesdropped links and virtually any potentially vulnerable storage when
cryptography is applied correctly. While noone ever know if quantum
computers powerful (big) enough will be built, RSA/ElGamal/ECC stay
pretty safe too. I really love the fact of security risks estimation
possibility, based on current technology state and progress. People can
fail you anytime -- only *hope* will keep you calm.

Are you afraid of algorithms breaking possibility? Even one of the first
encryption algorithm used in computer era -- DES, is still useful and
secure enough in 3DES composition. If you are still frightened, then
learn from soviets: their GOST 28147-89 block cipher[1], created in
1970s, still has more than 2^200 security margin. Who the hell knows
what "key meshing"[2] means? But that block cipher has that kind of
thing, making it immune to Sweet32 attack, appeared dozens of years
after. Do not overestimate value of performance, by sacrificing its
security -- perfect advice for sleeping well for years.

But what about blockchains? Citing Ethereum's "problems" wiki page[3]:

    While a cryptographer is used to assumptions of the form "this
    algorithm is guaranteed to be unbreakable provided that these
    underlying math problems remain hard", the world of cryptoeconomics
    must contend with fuzzy empirical factors such as the difficulty of
    collusion attacks, the relative quantity of altruistic,
    profit-seeking and anti-altruistic parties, the level of
    concentration of different kinds of resources, and in some cases
    even sociocultural circumstances.

Everything is right here. Anyway you *will* depend on people, society,
its behaviour and huge quantity of empirical factors and assumptions. It
is not cypherpunk's reliable and risks-predictable world -- it has
nothing in common. Replacing the need to trust the human, with the need
to trust the algorithm and technology -- that *is* the exact reason why
I am interested in crypto. Requiring and depending on society again --
that is the exact reason why I standing aside from blockchains. They do
not offer any guarantees[4], but likelihoods, lottery.

Cypherpunk must rely and depend on people as little as he can. Remember
cypherpunk's manifesto[5] -- spread as little unnecessary information as
possible, because people *will* find ways how to harm you with it. And
blockchains are broadcasting permanent storages, where most of them
(with Zcash[6] exception for example) give you neither privacy nor
anonymity for your personal (private) transactions.

[0] https://en.wikipedia.org/wiki/Ghash.io#51.25_attack_controversy
[1] http://gost.cypherpunks.ru/en2814789.html
[2] http://gost.cypherpunks.ru/enMeshing.html
[3] https://github.com/ethereum/wiki/wiki/Problems
[4] https://tonyarcieri.com/on-the-dangers-of-a-blockchain-monoculture
[5] https://www.activism.net/cypherpunk/manifesto.html
[6] https://en.wikipedia.org/wiki/Zcash

-- 
Sergey Matveev (http://www.stargrave.org/)
OpenPGP: CF60 E89A 5923 1E76 E263  6422 AE1A 8109 E498 57EF


More information about the cypherpunks mailing list