Blockstack is neat for us because it aims to be a complete infrastructure what are the main functions? name creation, transfer, &c name lookup -> public key + storage location user sign-in (load private key into app) storage (signed, maybe encrypted, maybe "multi-player") what are they naming, and why? mostly naming human users, not e.g. services like cnn.com why are they so focused on naming? name -> location of user's data, so we can interact name -> key, for end-to-end data security since storage system is open, not trusted names help users understand/control who they're interacting with they claim naming is hard, summarized by "Zooko's triangle": 1. unique (i.e. clear what it means; who owns it; Zooko says "secure") 2. human-readable 3. decentralized any two is easy; all three is hard how to implement each pair of properties? unique + human-readable : e.g. Verisign unique + decentralized : big random numbers, pub keys human-readable + decentralized : e.g. "mom" in my contacts list why is all three hard? can we add the missing property to any of our three schemes? no, all seem to be immediate dead ends summary of how Blockstack gets all three? Bitcoin produces an ordered chain of blocks Blockstack embeds name-claiming records in Bitcoin blocks if my record claiming "rtm" is first in Bitcoin chain, I own it unique? human-readable? decentralized? is this kind of name space good for decentralized apps? i.e. is it really a good idea to overcome Zooko's triangle? is unique (== global) valuable? names aren't likely to be very meaningful if chosen from global pool e.g. robert_morris_1779 -- is that me? or someone else? a single name pool is already painful at the scale of xxx@mit.edu human-readable + unique may be slippery "google.id" not as meaningful as it may seem despite appearances, no reason to believe it's Google since ownership is given to first to ask shouldn't we tie names to real-world identities? what are all the entities in Blockstack? MAYBE DON'T LAY ALL THIS OUT client, browser, blockstack.js Blockstack Browser (meant to run on client machine) Bitcoin's block-chain Blockstack servers read Bitcoin chain interpret Blockstack naming records to update DB serve naming RPCs from clients name -> pub key + zone hash Atlas servers (immutable) zone records complete replication, flooding zone record indicates who my Gaia service is Gaia servers file name -> file content backed by Amazon S3, Dropbox, &c Gaia makes them all look the same user's profile contains user's public key, per-app public keys user can have lots of other files, containing app data S3, Dropbox, &c store signed, encrypted files NAME CREATION how does one register a Blockstack name? what are all the steps? what's in the Bitcoin transaction? name properties who owns the name? what does the name mean? what is it useful to use it for? why the payment? after all there's no real cost. what if a client tries to register a name that's already taken? what if two clients try to register same name at same time? is it possible for an attacker to change a name->key binding? is it possible for Blockstack to change a name->key binding? NAME LOOKUP AND FILE READS what happens when you call getFile("todo", { username: "rtm.id" })? how does the client know where to fetch the file from? how does the client check that it got the right content? does the client check that it got the right name->key binding? how? does Blockstack encrypt multi-player data? would that be straightforward? USER SIGN-IN when I first run an app, why does Blockstack ask me whether it's OK? what does the app learn from Blockstack? does the app learn my private key? who *does* know my private key? why can't random apps I run get it? what are the 12 words about? why do I have to remember them? when are they used? what/where are the private keys 12 words (everything derived from this) bitcoin wallet key (owns the name) is this the same as the pub key hash mentioned in the transaction? and that signs the zone file? transit private key -- transient just for app/BlockstackBrowser communication app private key deterministically from 12 words and app name creates Gaia credentials maybe signs/encrypts Gaia data what if I forget my 12 words? what if I think someone may have stolen my 12 words? what if I lose a device? if I change my 12 words (private key) am I still the same person? can I use my existing Gaia files? XXX I don't know. and will others view them as valid (signature)? if I sell my Blockstack ID to someone else does that break any assumptions others might have had about the meaning of the name? each app has its own key, can't see other apps' data good? bad? what's the Blockstack Browser? is it trusted? does it know my private key? yes -- but meant to have my own private BB on my machine https://github.com/blockstack/blockstack-core/blob/master/docs/faq_technical.md "Your private key resides within your locally-running Blockstack Browser. It never leaves your computer." seems to be accessible in browser.blockstack.org origin's localStorage: https://forum.blockstack.org/t/obtaining-identity-keys-from-the-browser/4663/4 WIDER DISCUSSION relation to Bitcoin why use bitcoin at all? what problems does Bitcoin solve for Blockstack? could Blockstack do without Bitcoin? e.g. Blockstack servers broadcast name creation among themselves? why not store everything in Bitcoin (get rid of atlas, zones, even gaia)? what entities are we trusting, and for what? inherent properties; possible attacks; accidental bugs; intentional implementation flaws Gaia+S3 -- liveness; freshness, since data is mutable but we sign and encrypt, so storage is reasonably safe Bitcoin -- a powerful attacker can change history how might that affect names? is it bad? can Blockstack clients or servers detect this? can they do anything to defend themselves? Blockstack servers -- not much trust if clients check against Bitcoin; total trust otherwise Blockstack node code, if we run it locally if we audit the code, maybe this is OK if we don't audit their code, not worth much blockstack.js library in our browsers -- and local Blockstack Browser again, we must audit, or trust blindly is it OK that we have to trust Blockstack's blockstack.js? is it OK that we have to trust S3 &c to preserve our data? CONCLUSION does Blockstack deliver on our hopes for decentralization? what are some opportunities for improvement? no fork consistency for data -- e.g. stale signed versions new browser / new device is awkward (the 12 words) what if one of my devices is stolen different apps can't communication via Gaia tension with least privilege not clear how a real Gaia would work out, e.g. payment listing files indices notification / inbox replication, maybe cross-provider, keep in sync seems like you have to run a heavy-weight full Blockstack node in order to avoid having to trust core.blockstack.org