information_purchasing.asciidoc

Information purchasing: A research and development project which aims to provide a practical mechanism to securly purchase sensitive and valuable information using blockchain technology.

During this article we are going to address the following

• Overview

  • Distributed systems

  • Decentralized systems

  • Consensus mechanisms

  • Information systems

• Analysis

  • Tangible digital assets that DO require consensus

  • Intangible digital assets that DO require consensus

  • Intangible digital assets that do NOT require consensus

  • Tangible digital assets that do NOT require consensus

• Implementation

  • Symmetric cryptography

  • Asymmetric cryptography

  • Decentralized file sharing

    • IPFS

    • SWARM

  • Smart contracts

  • A Golang (Go) example

Overview

Distributed systems

Tim TODO

Decentralized systems

The attractiveness of blockchain applications within the context of processing and recording transactions are summed up by certain attributes that enhance value. The attributes include decentralisation and provenance. The decentralised nature of blockchain systems allow participants to exchange value from anywhere without the need for intermediaries and from a provenance standpoint, blockchain systems provide irrefutable auditable evidence that a transaction took place at a particular point in time (Umeh, 2016). These attributes offered by blockchain technologies are unprecedented and therefore when coupled with a fitting business model will ultimately result in both increased reliability and cost savings (Michelman, 2017).

The promise of blockchains are essentially more about what they can do in combination with other blockchains and systems. Whilst there is no doubt that Bitcoin has sparked enormous interest and engagement, the blockchain technologies which underpin crypocurrencies like Bitcoin are what will truly disrupt numerous industries in the near future (Bheemaiah, 2015, p.7). The potential disruption of blockchain technologies far exceed what has been realized to date. Put simply there are other applications for blockchain technologies which are far beyond cryptocurrencies (Atzei, N., Bartoletti, M. and Cimoli, T., 2017).

Blockchain technologies open a door to new thinking. Thinking which will result in possibilities which we are not even aware of presently. To assist in this thinking, it helps to refer to blockchain technology as an experimental protocol rather than a finished product. For example in 1974, Vint Cerf and Robert Kahn designed a revolutionary internet network protocol (TCP-IP), this core technology was largely unused for approximately 20 years but eventually went on to facilitate many of today’s systems including the creation of the World Wide Web (WWW) and electronic mail (Email) (Bheemaiah, 2005). Today’s blockchain technologies are following a similar path of evolution by providing a core protocol; an unprecedented value exchange mechanism (Bheemaiah, 2005, p.7).

Blockchain technologies can be used anywhere by anyone for anything, not just cryptocurrency. This gives rise to the idea of a global internet of economies which could, amongst many other things, transparently track working capital, provide risk free loans against physical assets as well as transform current ridgid and innefficient global supply chains (Sweetbridge, 2017). The ultimate role for blockchain technology is to facilitate self-excecuting smart contracts between decentralized autonymous entities (Umeh, 2016).

Consensus mechanisms

Tim TODO - explain PoW, PoS, finality and system wide consensus.

Summary points

Digital assets do not all require consensus.

Not all digital assets have tangible value.

Information systems

Tim TODO

Analysis

By the end of this article we will have filled in the blanks to the following diagram. The overall outcome of this article is to propose a mechanism to securely share digital information in conjunction with a blockchain implementation.

Tangible digital assets that DO require consensus

Bitcoin requires network wide consensus on its digital asset. The Bitcoin system holds 21M measures of a digital asset known as a "bitcoin". Other than what was provisioned by the design of the Bitcoin system, a user must not be able to create or spend a self made bitcoin. The security and integrity of the system is enforced by mathematics; it is practically infeasible to create or spend bitcoin which a user does not legitimately hold the rights to.

Intangible digital assets that DO require consensus

Consensus implies controlled supply within a distributed and/or decentralized system. An example of consensus in a distributed system is a mechanism that prevents a single person from purchasing amphetamine class drugs (found in over the counter pain killers) by simply visiting many different pharmacies in a single day. This mechanism could be a centralized computer database which accepts id and drug purchases from pharmacies which are distributed across the county. This system could also be a blockchain implementation. The blockchain implementation would be decentralized. For example instead of having a central database (as in the distributed pharmacy model) each of the pharmacies would have collaborative consensus about how much a single person is allowed to purchase, and when this limit has been reached. In the decentralized model each pharmacy would run the same software and would agree on what constitutes a purchase and what constitutes a purchase limit. Whether distributed (a central database with many pharmacies) or decentralized (no central database, just peer to peer software running at each pharmacy) the ultimate goal of consensus amongst pharmacies is to control supply.

A word on NON digital assets

Traditional books were printed, bound, packaged and shipped by publishers. These tasks were all very costly and the process of publishing played a part in the "copyright" licensing mechanism. A publisher, who held the rights to copy content, could invest in printing equipment and turn a profit whilst managing waste etc. In this system, a user was not supposed to be able to copy content outside of what the publishing system intended. This system was enforced by the law; a user caught copying content was fined or imprisoned.

Intangible digital assets that do NOT require consensus

An e-book can be duplicated digitally and sold online. The duplicating of an e-book is trivial and ca be performed automatically by software. The digital age has removed the costs associated with copying and shipping content. For example an e-book can be attached to an email and sent anywhere in the world for free; duplicating and shipping the product in seconds. As a result many authors in the digital age choose to openly license their digital assets (books). This allows the information which they are trying to share to be distributed as widely and as quickly as possible. Authors can quickly make a name for themselves and also return stipends as well as international speaking engagements and more. In this system a user can on-send the digital content and using open licensing protocols, such as creative commons, even modify and sell the content. This system is by and large enforced by attribution; whereby a user who copies or redistributes the original content ensures that the original work is appropriately credited (but not in any way that suggests the original creator endorses the duplicate content). There is no control over the supply of digital assets in a system which does not enforce consensus. The digital assets can be distributed as widely as possible and as long as the origins of the work are attributed, nobody is even remotely interested in who has access to the content or who was responsible for coping the content.

Tangible digital assets that do NOT require consensus

Any digital asset for sale which is not negatively affected by a lack in overall supply control qualifies for this category. This covers a very broad range of digital products which allow the seller to continually duplicate and sell content, for a profit, at little to no cost.

Tim TODO continue

Implementation

Workflow

DRAFT workflow (the workings will live in the Go R&D section below)

Alice part 1

Create a random code (generate a key using a standard crypto librarary) → RandCodeA

Create an md5 checksumm of RandCodeA → RandCodeAMd5

Create public private key pair → PubKeyA and PrivKeyA

Encrypt RandCodeAMd5 using PrivKeyA → EncryptedA

Call init function of smart contract which puts RandCodeAMd5, EncryptedA and PubKeyA into contract storage

Bob part 1

Create a random code (generate a key using a standard crypto librarary) → RandCodeB

Create an md5 checksumm of RandCodeB → RandCodeBMd5

Create public private key pair → PubKeyB and PrivKeyB

Encrypt RandCodeBMd5 using PrivKeyB → EncryptedB

Call init function of smart contract which puts RandCodeBMd5, EncryptedB and PubKeyB into contract storage

System part 1

Once RandCodeAMd5, RandCodeBMd5, EncryptedA, EncryptedB, PubKeyA and PubKeyB are stored in the contracts storage, run the verify init function

Call the verifyInit function which:

• decrypts EncryptedA (using PubKeyA) → DecryptedRandCodeAMd5

• decrypts EncryptedB (using PubKeyB) → DecryptedRandCodeBMd5

• asserts that DecryptedRandCodeAMd5 matches RandCodeAMd5 exactly

• asserts that DecryptedRandCodeBMd5 matches RandCodeBMd5 exactly

It can now be confirmed that each of the parties have the corresponding private keys which can be used to sign future content specific keys

Data integrity and data authenticity

The integrity and authenticity of the data can be proven through the use of checksums …​ Tim TODO

Decentralized file sharing

IPFS

Interplanetary File System (IPFS), seeks to replace the Hypertext Transfer Protocol (HTTP). IPFS is an MIT licensed, open source project on GitHub. IPFS is content based (cryptographic hashes of content are stored and then files are found via distributed hash tables). This is different to HTTP which is location based (centralised servers store content at a single IP address with specific file path and file name).

The following script will install both IPFS and CyberMiles tesntnet on Ubuntu 18.04 LTS

#!/bin/bash
# Please note this is an experimantal installation; for research and development
# This installation must only be carried out on a clean/fresh Ubuntu 18.04 LTS system (and is for research and development purposes only)

#Let's get started
#System preparation Ubuntu 18.04 LTS
cd ~
sudo apt-get -y update
sudo apt-get -y upgrade
sudo apt-get -y autoremove

#Installing Git
cd ~
sudo apt-get -y install git

#Installing Golang and the CyberMiles Travis TestNet
cd ~
bash < <(curl -s -S -L https://raw.githubusercontent.com/moovweb/gvm/master/binscripts/gvm-installer)
source $HOME/.gvm/scripts/gvm
sudo apt-get -y install binutils
sudo apt-get -y install bison
sudo apt-get -y install gcc
sudo apt-get -y install make
gvm install go1.9.2 -B
gvm use go1.9.2 --default
echo 'export GOPATH=~/.gvm/pkgsets/go1.9.2/global' >> ~/.bashrc
echo 'export GOBIN=$GOPATH/go/bin' >> ~/.bashrc
echo 'export PATH=$GOBIN:$PATH' >> ~/.bashrc
source ~/.bashrc
go get github.com/CyberMiles/travis
cd $GOPATH/src/github.com/CyberMiles/travis
git checkout master
make all

#Installing IPFS
cd ~
wget https://dist.ipfs.io/go-ipfs/v0.4.14/go-ipfs_v0.4.14_linux-amd64.tar.gz
tar -zxvf go-ipfs_v0.4.14_linux-amd64.tar.gz
cd go-ipfs
echo 'export PATH=~/go-ipfs:$PATH' >> ~/.bashrc
source ~/.bashrc
sudo ./install.sh
OUTPUT="$(ipfs init)"
echo $OUTPUT
SHORT_OUTPUT="$(echo -e "${OUTPUT}" | grep cat)"
eval "$(echo -e "${SHORT_OUTPUT}" | sed -e 's/^[[:space:]]*//')"
echo -e "\nPlease note, the details of this installation (including your private and peer keys etc.) are located in your ~/.ipfs/config file.\n"

Uploading a file to IPFS is easy. The following commands will create and upload a file which can then be retrieved on the IPFS network using your browser.

# Start the IPFS Daemon
ipfs daemon &
# Change to home
cd ~
# Create a new directory
mkdir test_ipfs
cd ~/test_ipfs
# Create a new file
echo "This is a new file" >> test_ipfs.txt
# Upload the file to IPFS
ipfs add -r test_ipfs.txt
# This will return a hash to the content
# OUTPUT: Added QmNZU5xtoEaHKiaJaDCWkTy3QB6pH6QdKHxZYCxLWmwk9R test_ipfs.txt
# The hash can now be located online using your web browser
#< https://ipfs.io/ipfs/QmNZU5xtoEaHKiaJaDCWkTy3QB6pH6QdKHxZYCxLWmwk9R >

SWARM

Swarm is part of the Ethereum network. Swarm allows for upload and disappear which means that any node can just upload content to the swarm and then is allowed to go offline. Swarm is collision free. For example two different blobs of data will never map to the same identifier. This is due to the fact that the Swarm address (bzzr://1234abcd…​xyz) is actually a cryptographic hash of the data. This being the case, we can say that Swarm is deterministic (meaning that the same content will always receive the same identifier, and if the content is changed in any way an entirely new address will be generated for the new content).

Swarm content access is centred around the notion of a manifest. A manifest file describes a document collection, e.g. a filesystem directory, an index of a database or even a virtual server.

What is a Swarm Hash

Swarm Hash (a.k.a. bzzhash) is a Merkle tree hash designed for the purpose of efficient storage and retrieval in content-addressed storage. As we just mentioned the location of the data is actually a URI which consists of a cryptographic hash of the data being stored.

Creating the Swarm Hash using C++

Smart contracts

Of course the above method of creating and sharing files online is without any security and access control. This is where the Decentralized Application (Smart Contract) framework comes in. The DAPP (single instances of smart contracts) would firstly be responsible for initiating contact between two parties. The initiating would include each of the parties signing the other parties random strings with the other parties public keys (to prove that each party holds a functioning private/public key pair for subsequent steps). The DAPP would then keep track of the IPFS hashes and take care of the pricing as well as the encrypting/decrypting of files (through the exchanging of keys via the DAPP). Essentially the Blockchain would keep the record of all transactions/interactions and the encrypted content would be stored using IPFS on distributed nodes.

Asymmetric cryptography

Asmmetric cryptography uses 2 keys one is kept private and one is released into the public. Data encrypted with the receiver’s public key can only be decrypted with the receiver’s private key (which of course they never share).

Whilst public private key pairs are useful for proving ownership of a private key (authentication), asymmetric cryptography is seldom used to encrypt and decrypt large amounts of data (big in size). Asymmetric cryptography is still useful to us here because we can firstly prove both parties authenticity and then proceed to encrypt a private symmetric key with the other parties public key (so that only they can reveal the private symmetric key, which will inturn be used to decrpyt the large data payload).

Symmetric cryptography

Symmetric cryptography requires a private key to both encrypt and decrypt the data. Getting encrypted data from point A to point B is easy (because it is encrypted and safe). But how do we safely get the private symmetric key to the other party? We use asmmetric cryptography whereby the other party sends us their public asymmetric key, we sign the symmetric private key with the other parties asymmetric public key so only they will ever reveal the private symmetric key (which decrypts the data payload).

Go R&D (relates to Draft workflow section above)

Setting up environment paths

source $HOME/.gvm/scripts/gvm
gvm use go1.9.2 --default
export GOPATH=~/.gvm/pkgsets/go1.9.2/global
export GOBIN=$GOPATH/go/bin
export PATH=$GOBIN:$PATH

Creating test directory

cd $GOPATH
cd src
mkdir tpmccallum
cd tpmccallum

Creating a go file and saving it as tpmccallum.go This section is testing out the crypto libraries available in Go. The following file creates a random string, creates a hash of the random string, creates private and public key pairs TODO encrypt hash using private key, decrypt hash using public key

package main

import (
    "crypto/md5"
    "encoding/base64"
    "crypto/rand"
    "crypto/rsa"
    "fmt"
)

func GenerateRandomBytes(n int) ([]byte, error) {
    b := make([]byte, n)
    _, err := rand.Read(b)
    if err != nil {
        return nil, err
    }

    return b, nil
}

func GenerateRandomString(s int) (string, error) {
    b, err := GenerateRandomBytes(s)
    return base64.URLEncoding.EncodeToString(b), err
}

func main() {
    fmt.Printf("%v\n", "Alice part 1")
    RandCodeA, err := GenerateRandomString(32)
    if err != nil {
        fmt.Printf("%v", "Unable to generate random string")
    }
    fmt.Printf("%v\n", "Alice is generating a random code called RandCodeA: ")
    fmt.Printf("%q\n", RandCodeA)
    fmt.Printf("%v\n", "The md5 checksum of RandCodeA is: ")
    //TODO save the checksum of a blank string to ensure that we are never working with blank strings due to failure of code
    fmt.Printf("%x\n", md5.Sum([]byte(RandCodeA)))
    fmt.Printf("%v\n", "Alice is generating a public and private key pair: ")
    reader := rand.Reader
    bitSize := 2048
    PrivKeyA, err := rsa.GenerateKey(reader, bitSize)
    PubKeyA := PrivKeyA.PublicKey
    fmt.Printf("%v\n", "Alice's private key is: ")
    fmt.Printf("%v\n", PrivKeyA)
    fmt.Printf("%v\n", "Alice's public key is: ")
    fmt.Printf("%v\n", PubKeyA)

}

Compile the file

cd $GOPATH/src/tpmccallum
go build

Executing the file

cd $GOPATH/src/tpmccallum
./tpmccallum

Output from the file (outputs of keys have been abbreviated to enhance readability)

$ ./tpmccallum
Alice part 1
Alice is generating a random code called RandCodeA:
"RwrLP3Kv7KPIi41Mi3KcI77RCjaOfLnGDNKdGyls-2A="
The md5 checksum of RandCodeA is:
bad942cb3d3734f8737eedfaab249cc8
Alice is generating a public and private key pair:
Alice's private key is:
...139921462853422839099352752011199873659860342046382361194381517211856555272951963890817202063266424288817644587670169793768080646871703449307417530935757442467245210181116347111018893611498448665585219465822802056629714148315250329854589002472263604254...
Alice's public key is:
...237873688083410108657836724547406422892835490125808682503879396906954086850172813351591878220086167169706461301999242750113988548135554918748878637662320797201506473360806887502061861597038909053862175756072784218643851144615281825378299711535650918823...

Misc

Discoverability

The implementation should focus on the smooth exchange of information between users. Perhaps even more importantly is discoverability. For example if a user can quickly and easily find and obtain information on the platform, they will have little to no reason to look elsewhere. An example of this would be a federated search mechanism capable of searching multiple disparate content sources with one query. An even better example of this would be providing push notification (providing new opportunities to purchase the latests information) based on previously entered search terms.

References

Atzei, N., Bartoletti, M. and Cimoli, T., 2017, April. A Survey of Attacks on Ethereum Smart Contracts (SoK). In International Conference on Principles of Security and Trust (pp. 164-186). Springer, Berlin, Heidelberg.

Bheemaiah, K., 2015. Why business schools need to teach about the blockchain.

Michelman, P. (2017). Seeing Beyond the Blockchain Hype. [online] MIT Sloan Management Review. Available at: http://sloanreview.mit.edu/article/seeing-beyond-the-blockchain-hype/ [Accessed 28 Jul. 2017].

Sweetbridge (2017). Sweetbridge SweetTalk #1: Vinay & Scott: A Liquid Economic OS of Supply Chain on Blockchain (BIG). [video] Available at: https://www.youtube.com/watch?v=dla42bY7k90 [Accessed 3 Oct. 2017].

Umeh, J., 2016. Blockchain Double Bubble or Double Trouble?. ITNOW, 58(1), pp.58-61.