Blockstack Summit 2015 Review, Part 1

I awoke on September 12, 2015 to the sound of Slack notifications going off just a few feet away from me. It was the morning of Blockstack Summit, and I was due to arrive at NYU for a sound check in less than two hours. I reached over and grabbed my phone to see who was pinging me and saw a message from Guy Lepage, UI/UX designer at blockchain authentication company and Blockstack sponsor Onename and one of the several people who helped me organize the Summit.

“I’m at the office, need anything?” read Guy’s message.

I shook off the early morning haze and opened Trello to see if there was anything on my checklist that still needed to be completed.

“Name tags! And some construction paper and stickers for workshop agenda planning,” I quickly wrote back. It’s the little things that most easily slip through the cracks. Luckily, almost all of the other important details were already taken care of, mostly by NYU; they would be providing the tables and chairs, A/V, and, most importantly, the food and beverages for the event so we would stay fully charged for the day’s activities.

Guy was picking up the event posters from Onename’s office, so we asked Jude Nelson, an engineer and PhD candidate from Princeton who works closely with Onename, to go to a Staples a few blocks away from NYU to pick up the last remaining items. Meanwhile, I took a quick shower, ate breakfast, then headed down to NYU for the sound check.

I arrived at NYU’s D’Agostino Hall around 8:30am and was greeted by a friendly security guard and one of the NYU staff who would be helping us with the food for the event. I entered the Hall and was met by Jude, who was on his way out the door to go to Staples, and Wayne Vaughan, whose blockchain timestamping company Tierion was a sponsor of Blockstack Summit. We exchanged pleasantries, then I headed to the stage to test all of the microphones.

Tap, tap. The sound echoed through the hall. Audio was ready to go!

The A/V guy, Nigel, came over to introduce himself and explained how the Skype call setup would work. Later in the afternoon we would have a Q&A session with several investors in blockchain startups, and Naval Ravikant, angel investor and founder of startup funding and recruitment platform AngelList, would be joining us via Skype. Nigel showed me how they already had a computer connected to a big screen TV next to the stage, with Skype already pulled up and ready to go. Could it really be that easy? We found out later that, with the exception of a short Internet connection glitch, it really would be that easy. Man, these NYU cats are good!

I thanked Nigel for his help then headed back to the foyer to take my spot at the registration table and take care of a few last minute housecleaning items on my laptop while I waited for people to arrive. I didn’t have to wait long, because people started pouring through the doors almost immediately after I got my computer booted up. There was a small line forming of people who were waiting to get checked in, including employees from the Summit’s other sponsors, Blockchain and itBit. Jude arrived with the name tags soon after, saving everyone from the awkward embarrassment of forgetting the names of people they had just been introduced to.

For the next half hour or so I pulled double-duty checking people in while simultaneously uploading all of the final lightning talk presentations that I had been emailed that morning to cloud storage so it would be accessible from NYU’s presentation computer. Helping to get people checked in was one of my favorite parts of the day, since I got to personally meet almost everyone who had registered for the event. Just based on attendees alone, I knew this event would be something special.

At around 9:30, I passed off the check-in list to Guy and went into the main hall to begin introductions. I welcomed everyone and thanked them for attending the first Blockstack Summit, then passed the mic around so everyone could introduce themselves. We had a diverse crowd in attendance – mostly developers, but also people from banking and finance (it was NYC, after all), real estate, health care, and consulting, all of whom were excited to learn about relevant applications of blockchain technology.

After introductions, I thanked all of the sponsors of the event, without whom the event would not have been possible. Sponsors included: Chain, a blockchain API company that had just announced a large financing round led by several noteworthy Wall St firms; itBit, an institutional bitcoin exchange and developers of the BankChain private blockchain platform; Blockchain, developers of the block explorer and web wallet; Onename; Bitseed, the Bitcoin full node project I co-founded; OB1, a company that contributes to OpenBazaar development; Chord, a stealth blockchain project that everyone was buzzing about but no one had heard of before (don’t ask me – I know nothing! *fingers crossed); and Tierion.

As “Gold” sponsors, representatives from itBit and Blockchain got a chance to share their current initiatives with the audience. itBit told the crowd about their BankChain platform and mentioned that they were hiring for developer positions, and Blockchain shared the good news that they were in the midst of upgrading their platform and that they, too, were hiring developers. (Side note – it brings a warm smile to my face to see so many jobs being created by Bitcoin, which is one of the biggest reasons why I am opposed to the NY Bitlicense that has already driven many promising startups out of the state. New Yorkers deserve better than this!)

Following the sponsor shoutouts, I invited event host and NYU Professor Lakshmi Subramanian to the stage to give a short speech. He provided context for the day’s discussions by telling the audience about how academics had been working for decades to solve many of the same problems as the decentralized application developers in the audience that day, and that these problems, such as scalability and sybil attacks, were nontrivial and still very much an active area of research and experimentation. This was a sobering message to hear, especially in light of the ongoing block size limit debate and the discussions taking place at the Scaling Bitcoin workshop in Montreal that same day. Lakshmi ended his opening speech on a high note, sharing his confidence that the discussions we would have throughout the day would lead to productive collaboration and problem solving efforts. With so many bright minds in the same room, it was hard not to feel like those decades-old problems could all be solved if we just tried hard enough.

After Lakshmi’s speech, there was a short break to get snacks and coffee before we headed back into the main hall for lightning talk presentations. The purpose of these presentations was to share projects that Blockstack community members were currently working on and introduce new ideas and insights that could be expanded on later during the workshop sessions. There were twelve presentations in total on the schedule, any one of which would have been a privilege to attend, let alone all of them in one day.

Muneeb Ali, co-founder at Onename and also a PhD candidate at Princeton, was the first to present. In his talk, entitled “Name registrations on the Bitcoin blockchain,” he shared insights based on over a year of data gathered during Onename’s experience building a blockchain ID registration system on the Namecoin blockchain. The presentation included shocking facts regarding the state of Namecoin security, including the revelation that the DiscusFish/F2Pool mining pool had consistently controlled over 50% of Namecoin’s hashing power – up to 75% at times! Muneeb used this data to emphasize the importance of building on the strongest blockchain with the biggest network effect, pointing out that if such a massive centralization of hashing power were to occur on Bitcoin, the front page of /r/bitcoin would be covered with warnings and Bitcoiners would put massive pressure on miners to leave whatever pool was responsible for the centralization.

Namecoin’s security vulnerabilities convinced Muneeb and his team at Onename to build on Bitcoin instead, which led to the development of Blockstore, a key-value store used to register blockchain IDs on the Bitcoin blockchain. Muneeb shared a few details about how Blockstore worked then ended his presentation with a surprise announcement: Onename was migrating the u/ namespace on Namecoin over to the Bitcoin blockchain at that very moment! He pointed to CoinSecrets, where everyone could see the “.id” name registration OP_RETURN transactions happening live. The audience burst into applause, and the news quickly traveled to Twitter before ending up on the front page of the Bitcoin subreddit. The announcement gave the room a big energy boost, setting the tone for the rest of the presentations that day.

Next up was Jude’s presentation, “Using the blockchain for devops.” There was a compatibility issue with his presentation which caused the slides to not show on the screen properly, but Jude did a great job of explaining how, by linking public keys to blockchain IDs, developers could securely communicate to VMs in the cloud.

One way the blockchain can be used for devops, Jude explained, would be to have a developer run a Blockstore node locally, and deploy another Blockstore node on their server. Given this setup, both the developer and the VM would use Blockstore to fetch each other’s public key from the blockchain to send signed/encrypted messages to one another with no risk of a man-in-the-middle attack. Similarly, a developer could use Blockstore for secure software or file distribution by first signing the data with the key linked to their blockchain ID, then having the recipient, who is also running their own Blockstore node, download the file and check the signature using the key linked to the developer’s blockchain ID. Jude’s presentation demonstrated the general applicability of the blockchain for solving key distribution problems and improving the usability of secure communications tools.

Kristov Atlas gave the third presentation of the day, sharing the results of the first Open Bitcoin Privacy Project wallet review. Before diving into the details of the review, he shared the reasons why privacy is important for the success of bitcoin. These reasons included enabling innovation by protecting participants, protecting fungibility by making bitcoin units interchangeable, meeting consumer expectations by having the same levels of privacy as other payment systems, and human safety such as in cases where a lack of privacy is a matter of life and death. Kristov then described OBPP’s criteria for rating the wallets which included the attack model they were using to assess each wallet as well as the countermeasures which wallets implemented, with a relative weighting of each criteria.

The reviews themselves had few surprises: Darkwallet was the “most private,” and Coinbase was the “least private.” It was the wallets in the middle of the list that surprised me. Earlier this year, I interviewed Airbitz CEO Paul Puey on my podcast, and he was very enthusiastic about his company’s support for privacy and decentralization. Even with this passion for privacy going into their product, Airbitz ended up at #6 out of 10 wallets on the list, trailing behind Darkwallet, Armory, Mycelium, Bitcoin Wallet, and Electrum (for what it’s worth, Paul responded to the review shortly after it was originally published and said they’d use the feedback to continue improving). All that having been said, even Darkwallet, at #1, got only a score of 54 out of 100, showing just how far Bitcoin wallets have to go before they meet the privacy standards set by OBPP.

After Kristov’s presentation, Wayne from Tierion gave a lightning talk about the Chainpoint protocol he co-invented with Shawn Wilkinson from Storj. Chainpoint is a protocol that lets you build a merkle tree out of a given dataset and then store the merkle root of the tree in a Bitcoin OP_RETURN. This allows the user to timestamp large amounts of data in the blockchain in a way that is far more scalable than timestamping each individual document. This protocol could be used for building large-scale auditing systems and registries, and could be appealing to banks, law firms, insurance companies, governments, hospitals, research labs, or anyone else that needs to timestamp large sets of records - no altcoin required!

Jay Feldis gave the fifth talk of the day, showing the audience the latest version of the Bitseed Bitcoin full node and explaining the importance of having a diverse set of full nodes in the network. He laid out Bitseed’s vision of a world where everyone has their own Bitseed node so that it’s easy to get accurate data from a local, trusted copy of the blockchain. As the Blockstack software itself matures, Bitseed will be looking to add it to the device so that Bitseed can compliment the decentralized applications that depend on Blockstack for backend infrastructure. For example, an application could have a lightweight front-end client that can run on the desktop or mobile and pair with a Bitseed that’s running the blockchain software and any other “heavier” backend server software that wouldn’t make sense to run on the client device. If Bitseed is successful (and we will be ;)) then the future of the Internet is going to be a whole lot more decentralized!

Greg Slepak from the okTurtles Foundation followed after Jay’s presentation with a lightning talk entitled, “Group Income: Voluntary Blockchain-Powered Basic Income.” In this presentation, Greg shared his ideas about why basic income is important and how it could be implemented as an opt-in system with blockchain technology. He called the mechanisms for implementing the basic income “group currency” and “group income,” with the former used to enable the latter.

The group currency concept seemed similar to a mutual credit currency, which is a currency issued as debt by someone when purchasing something at the point of sale and is expected to be redeemed by the issuer for a good or service of equal value in the future. Ripple was originally designed for this exact purpose, but it seems the group currency system Greg described in his presentation may require more features that Ripple does not have, such as automatic issuance of equal amounts of currency to all members of a group. In any case, it will be interesting to see if group currency succeeds where mutual credit currencies have failed (in total impact; there are a few small scale mutual credit currencies which have been successful in their own right).

Christopher Allen, co-author of the TLS 1.0 standard, gave the seventh talk of the day, which was entitled, “ A Registry for Creative Works, Instances & Derivatives.” In his presentation, Christopher told the audience about the problem with creative content attribution and how attribution can be lost as things are distributed digitally around the world. He showed screenshots of an application which was designed to solve this problem by first creating a hardened BIP32 public key branch on the blockchain, signing each instance of a creative work with a child key from this branch, then putting the hash and signature of each instance into the blockchain. By using BIP32, all instances would be cryptographically linked together because they would be on the same branch.

Open questions for me (which Christopher might have answered and I might have missed) include who is responsible for not only securing the keys to each branch, but also updating the branch with new instances of a creative work. Overall, Christopher seems to have found a novel and workable solution to a now decades old problem, which is to make it easier to find the creator of a creative work using the blockchain.

Denis Nazarov from Mine built on Christopher’s presentation in the following lightning talk, explaining how Mine is solving the creative work attribution problem. Mine’s solution, called a “Canonical Content Registry,” is similar to the solution Christopher presented in the previous talk. Each creative work is given a Canonical Content Identifier representing the canonical “idea” for a work, which then acts as a hook onto which all metadata and instances are attached. So first there would be a Canonical Content Identifier like “Mona Lisa,” and then all derivations of that work would be linked back to that canonical ID using the blockchain.

In Mine’s case, this linking is done using feature detection in Computer Vision, which takes two similar images and then links them to the Canonical Content Identifier if the computer determines they are derivations of the same content. Then, anyone who comes across a derivation can look it up its hash and be led back to the canonical ID to find all of the metadata that has been associated with the content. I see a lot of potential for collaboration here between Mine, Christopher Allen, and the Blockstack developer community to build the infrastructure for such a registry and am looking forward to any results that may emerge from such collaboration.

Up next was Chris Pacia’s lightning talk about OpenBazaar, a project that uses the blockchain for far more mundane activity than the previous presentations that day: peer-to-peer payments, the original use case of the blockchain. OpenBazaar is a decentralized marketplace platform built on Bitcoin and Bittorrent technology. The software uses blockchain IDs for user accounts, a DHT for store hosting and discovery, and bitcoin for payments. Chris explained how this model presented unique challenges, including sybil attacks on keywords that make it difficult for customers to find high quality listings, store availability when the merchant goes offline, and questions about how to create a decentralized system for exchanging reputation ratings.

One challenge notably absent from the presentation was how payments would scale in this system, especially given the hot topic of the block size debate (it’s almost like everyone in attendance at Blockstack Summit consciously or subconsiously blocked that topic out of their minds for the day – no one brought it up!) Based on comments from other OpenBazaar lead contributors, it seems the project is expecting a block size increase to (mostly) solve scalability concerns. Time will tell.

Following Chris’ presentation about OpenBazaar and the challenges of building a decentralized marketplace, I gave a lightning talk about ZeroNet, which was using the same tech stack but for a somewhat different purpose. ZeroNet is a totally peer-to-peer browser that does everything that BitTorrent’s Project Maelstrom is attempting to do, but all open source. Websites are distributed via BitTorrent, with updates secured by public key cryptography.

A ZeroNet website address looks like a bitcoin address by default, but can be linked to a blockchain ID so that the URL easier to read and share. People who visit a website download the torrent file, which is then loaded right in the ZeroNet browser. While the file is cached locally, it is also being seeded to other people who are trying to visit the same site. This way, popular website content downlaods faster rather slower. Revolutionary! Juan Benet was supposed to give a talk right after mine about IPFS, a project building infrastructure that could help supercharge ZeroNet, but unfortunately his flight from Europe was delayed so we had to skip that talk and go right to the last lightning talk of the day, Onename co-founder Ryan Shea’s talk about Blockchain Auth.

Blockchain Auth is a decentralized authentication system that uses public key cryptography to authenticate website and application user logins. The user can use an “anonymous” key if they don’t want the login linked to them, or they can provide their blockchain ID so that they have a consistent identity across different websites. There are several benefits here: this consistent identity is not controlled by a central authority, making it less likely that a user will be tracked across the websites that they sign up for with their blockchain ID; it is less likely that a user will lose their identity because their identity provider has shut down their service or closed the user’s account; and applications and websites no longer have to worry about securing passwords, instead just storing public keys or blockchain IDs that are used to authenticate a user during the login process.

Ryan explained that the way it worked was a simple challenge-response system. To login, the user would first provide the requesting party with their public key or blockchain ID. The requesting party would then create a time-sensitive challenge, sign it with their key, and send it back to the user. The user would check the signature using either the DKIM record or the requesting party’s blockchain ID, and if the signature is verified, then the user will sign the challenge and return it to the requesting party. If the requesting party is able to verify the signature against the user’s public key, then the user is granted access to their account. All of this is concealed behind a simple click of a button, similar to the single sign on systems used by large centralized services like Google, Facebook, and Twitter. The difference, again, is that this system is totally decentralized, using the blockchain for secure and reliable key distribution. Given the centrality of identity to virtually every application we use online, this system will no doubt become increasingly important as more people decide to take control of their identity and personal data online.

After Ryan’s talk was done, I took the stage again to offer my closing thoughts about how the lightning talks we just listened to would affect the conversations for the rest of the day. We were presented with insights, challenges, and opportunities by people who were working on real-world applications of the blockchain and related decentralized technologies. In the afternoon, we would have just a few short hours together to discuss these topics and walk away with new knowledge that would help us make breakthroughs in our projects back home. It was important that we make full use of this time, so later we would break into smaller groups for workshop discussions on the most pressing topics of the day. But first, lunch!

This concludes Part 1 of my Blockstack Summit review. Stay tuned for Part 2, wherein I share my perspective on the workshop sessions and Q&A panel.

Update: This review has been published on the Let’s Talk Bitcoin blog.