Saturday, 9 April 2016

No Honour Among Thieves (or Assassins)

The use of blockchain technology has increasingly focussed on uses other than cryptocurrencies.  One challenge being addressed is how do you deal with someone who you don't know, may never have met, and yet with whom you wish to exchange cryptocurrency for goods and services, especially as the transaction is ostensibly anonymous on both sides.  Well, the answer, many feel, is in the form of Smart Contracts, which can be supported by the blockchain itself.

However, as with so much in technology, smart contracts have a darker side.  A paper that popped up this week gives a very good summary and analysis of various scenarios in which smart contracts could be used between criminals.  The scenarios include everything up to an including hiring an assassin: how can you be sure that the assassin will do the job if you pay him or vice versa how can the assassin be sure of being paid if he kills the poor victim.

The paper, entitled "The Ring of Gyges: Investigating the Future of Criminal Smart Contracts" explores some ideas I had never thought of, but which are quite fascinating.  The types of criminal contract demonstrated in the paper are:

  1. Leakage / sale of secret documents;
  2. Theft of private keys; and
  3. “Calling-card” crimes, a broad class of physical world crimes (murder, arson, etc.)
The smart contracts devised are notable as they address threats to the criminals in the above scenarios.  Specifically:

  1. One has to recognise that the blockchain can be trusted for integrity but not privacy ie all transactions are by definition visible although conducted between pseudonymous parties 
  2. There is no honour among criminals and either party might deviate from an agreed protocol or even terminate the transaction prematurely
  3. One party could collude with miners who have undue influence over the blockchain and thus change the recorded outcome of the transaction (a side effect of the 51% problem which is a known weakness of the blockchain)
The suggested smart contracts are trialled using the Ethereum platform.  However, the contract are defined use zero knowledge proofs, but the researchers make the point that the opcode would require only minor alteration for this to be a very efficient implementation of their smart contract.

The trial smart contracts work and would appear to allow criminals to operate with complete impunity.

This paper shows that many technologies can be misused by criminals.  However, the potential of smart contracts for legitimate use are only just being realised.  The subtext of what the researchers are saying is that you cannot ban smart contracts as a technology but you must recognise that criminals will use this as a means of obfuscating their activities and thus making it yet more difficult for law enforcement to detect and prosecute, even when some of the crimes are the most appalling imaginable.

It's a timely reminder that technology advances rapidly, we cannot stop it, we cannot arbitrarily ban it but we must somehow cope with the criminal repercussions of it being out there.