Inventors of Blockchain Explain Project's Humble Beginnings, Sound Warnings About Its Future
This article was originally published on Oct 29, 2019 in The Trusted Professional.
While blockchain now is associated with a wide variety of applications from cryptocurrency to supply chain management to smart contracts, Stuart Haber and W. Scott Stornetta, the system's two inventors, said its original purpose was to find a way to timestamp documents.
Speaking at the Foundation for Accounting Education's Digital Assets Conference on Oct. 29, Haber, the president of Stuart Haber Crypto, LLC, said it all began in 1989, when he and Stornetta were working at Bell Corp. Stornetta is now partner and chief scientist at Yugen Partners, LLC. While the internet hadn't quite taken off the way it eventually would, they knew that was the direction it was going, and so "we were very concerned about the authenticability, the verifiability, of all historical records, which was clear were all going online," he said.
At the time, the straightforward solution to this problem was what's called "Hash and Sign," which is trusting a single entity to maintain the integrity of the records, in the same way people trust the DMV to maintain their driver's license information or their bank to maintain their account information.
"Now trusting a single agent within a certain domain, though, was enormously unsatisfactory to Scott and me, because a single trusted entity, a single central entity, is also what security people call a single point of failure, one that can be hacked, one that can be bribed, one that can be corrupted," he said.
So then the question was: How do you create trust without a single central entity? The answer was the first blockchain. To explain to a lay audience what they did, he used the metaphor of fingerprinting. Every fingerprint is roughly the same size, meaning you can standardize the space allotted to them, but each is unique. What's more, while each fingerprint is unique, the fingerprint alone tells little to nothing about the actual person associated with it.
"You can't tell how tall I am, the color of my hair, or if I even have hair, or even any other fingers," he said.
Abstracting matters a little bit more, he said that every file was stamped with its own fingerprint. If someone had five identical copies of the exact same file, then each copy would have the same fingerprint. But if even one bit is different, then the fingerprint will be different too. In principle, this is the basis of blockchain.
He and Stornetta eventually spun this solution out into a company they called Surety, which timestamped digital documents in a manner that would be familiar to anyone working with blockchain today.
A request would come from a client to timestamp a group of files. They would group these files together into a single unit, which today would be called blocks. Each block of files would be assigned a single fingerprint that could be linked to every request within that block. More requests would come in. They would once again group these files into a single, second block with its own fingerprint.
"But notice this extra step: The second fingerprint in this structure I'm about to build, I might as well use the word 'chain,' the latest fingerprint of each step is the fingerprint of both the latest block and the previous [one]," he said.
Then, about once a week, they would take all of these blocks and assign all of them collectively a single fingerprint associated with that entire group of blocks. Because of the chaining, however, this is also linked to the entire history of all the requests that were sent to them.
Finally, they wanted to make this weekly single fingerprint widely witnessed and widely verifiable, which today would be analogous to the consensus between nodes that verifies the accuracy of the blockchain. Because the internet wasn't quite at the point where it could do this, he and Stornetta came upon a more analog solution.
"What we did was we took, once a week, a classified ad out in the Sunday New York Times ... containing that exact fingerprint in every edition of the Times that could be used to verify, as it is kept in libraries and basements all over the world," he said.
That same process is still being used to this day; Haber demonstrated it to his audience by showing them the latest classified ad in the New York Times.
"You can see, in here, is an ad. A number. Every bit of which depends on every single bit of every single timestamp registration request received by Surety since this was first deployed in 1995," he said.
Thirteen years later, Haber and Stornetta were surprised to see themselves cited in the white paper written by Satoshi Nakamoto (the almost-surely pseudonymous inventor of Bitcoin) explaining how a digital currency could work.
"As in any financial system, Satoshi needed a way to write down transactions, hopefully in a secure manner. So my promise to send you 17 bitcoin, ... you can't turn around and show that as a promise to send 170 bitcoin, and I can't show the same record to someone else that it was a promise to send 17 thousand thousands of a cent's worth of bitcoin. What did Satoshi use as the integrity mechanism for Bitcoin? He used the blockchain mechanism, the data structure, and use of digital fingerprinting exactly as I just described it to you," he said.
Since then, Haber has watched the growth of blockchain and cryptocurrencies with great interest, but also great concern. One of his chief concerns is the apparent confidence people have that blockchain can never be compromised. Bluntly, he said this was wrong.
"Spend enough time talking about blockchain stuff, you hear lots of claims about immutability. You say say to me, 'Stuart, say it ain't so,' but in fact it is not [completely immutable]," he said.
Blockchain, he said, relies on what's called "hash functions" in the cryptography world, which functionally allow the system to make unique identifiers for files; no two files will have the same one, if the hash function works. Blockchain has one, which is what allows for its functionality, but there are several others in wide use, such as the MD5 algorithm. This, he said, is the "most ubiquitously used hash function" in the world, noting that it's still used in the code of most cellphones and laptops as a digital fingerprinting measure. This, he said, is unfortunate because cryptographers like himself have known MD5 can be broken since the mid-'90s and have been urging companies to not use it ever since.
"That can be broken. There are plenty of pairs of files with the same MD5 fingerprint," he said.
While blockchain's hash function hasn't suffered the same massive attack as the MD5, said Haber, this does not mean it won't sometime in the future. He was disappointed to find that when Satoshi Nakamoto outlined how Bitcoin could work, there was no mention at all of ensuring the longevity of the algorithm, nor anything that accounted for an MD5-like event. While the current hash function is apparently secure, he said, "You should plan that the particular one you're using today might not be so good tomorrow."
"Very few people in the blockchain world are talking about algorithmic agility, as it's called, thinking about engineering things for hash function attacks to come," he said.
Stornetta also spoke at the end of the discussion, leading the audience in a practical hands-on exercise in building their own blockchain as a way to demonstrate how it works.