Cryptographic Code Obfuscation: Decentralized Autonomous Organizations Are About to Take a Huge Leap Forward

There have been a number of very interesting developments in cryptography over the past few years. Despite Satoshi’s blockchain, perhaps the first major breakthrough after blind proofs and zero-knowledge proofs is: Fully homomorphic encryptionThis is a technology that allows you to upload data in an encrypted format to a server, and the server can perform calculations on that data without knowing anything about it, and send back all the results. In 2013, we saw the beginning. Simple computational integrity and privacy (SCIP) is a toolkit developed by Eli ben Sasson in Israel that allows you to cryptographically prove that performing a calculation yielded a certain output. On the more mundane side, it now looks like this: sponge functionThis is an innovation that greatly simplifies traditional complex hash functions, stream ciphers, and pseudorandom number generators into a beautiful single structure. But more recently, there has been another major development in the crypto scene, and its applications could potentially be very far-reaching both in the cryptocurrency space and in software as a whole. Obfuscation.

The idea behind obfuscation is an old one, and cryptographers have been trying to crack the problem for years. The question behind obfuscation is: Is it possible to somehow encrypt a program and write another program that does the same thing? That program is completely opaque, so there’s no way to understand what’s going on inside. The most obvious use case is proprietary software. If you have a program that incorporates advanced algorithms and you want to allow users to use the program with specific inputs without having to reverse engineer the algorithm, the only way to do such a thing is: Obfuscate your code. Proprietary software is unpopular among the technical community for obvious reasons, so the idea hasn’t met with much enthusiasm, and every time a company tries to implement an obfuscation scheme it’s quickly broken. Facts make the problem even worse. . Five years ago, researchers put perhaps the final nail in the coffin. It is a mathematical proof, using arguments vaguely similar to those used to demonstrate the impossibility of the Halting Problem, that it is a general-purpose obfuscation tool that turns any program into a program. A “black box” is not possible.

But at the same time, the crypto community took a different path. Realizing that the “black box” ideal of perfect obfuscation would never be achieved, researchers instead set out to aim for a weaker goal: indistinguishable obfuscation. The definition of non-identifiable obfuscator is: Suppose we are given two programs A and B that compute the same function, and an effective indiscernible obfuscator O computes two new programs X=O(A) and Y=O(B). Suppose X and Y are given there. There is no (computationally feasible) way to determine which of X and Y originates from A and which from B. In theory, this is the best anyone can do. If there is a better obfuscator P, then if we pass A and P(A) through the indistinguishable obfuscator O, there is no way to distinguish between O(A) and O(P(A)). That means an additional step is required. Adding P cannot hide information about the internal workings of the program that is not present in O. Creating such obfuscation devices is a problem that many cryptographers have been grappling with over the past five years.And in 2013, UCLA cryptologist Amit Sahai, homomorphic encryption pioneer Craig Gentry, and several other researchers figured out how to do it.

Do dedistinguishing obfuscation tools actually hide personal data in programs? To find out the answer, consider the following: Let’s say your secret password is bobalot_13048 and her SHA256 in your password starts with her 00b9bbe6345de82f. Now we will create two programs. A he just outputs 00b9bbe6345de82f, but B actually he stores bobalot_13048 internally and when executed he calculates the SHA256 (bobalot_13048) and returns the first hex digit of the output. According to indistinguishability, O(A) and O(B) are indistinguishable. If there was some way to extract bobalot_13048 from B, it would be possible to extract bobalot_13048 from A. This essentially means that you can break SHA256 (or by extension, any hash function). The standard assumption is that this is not possible, so the obfuscator should also make it impossible to reveal bobalot_13048 from B. Therefore, we can be fairly confident that Sahai’s obfuscator actually obfuscates.

So what’s the point?

In many ways, code obfuscation is one of the holy grails of cryptography. To understand why, consider how easy it is to implement almost any other primitive. Do you need public key encryption? Use any symmetric key encryption scheme and build a decryptor that incorporates your private key. Obfuscate it and publish it on the web. You have now obtained the public key. Do you need a signature scheme? Public key cryptography provides that as a simple result. Do you need fully homomorphic encryption? Obfuscate the program by building a program that takes two numbers as input, decrypts them, adds the results, and encrypts them. Do the same for multiplication, send both programs to the server, and the server will replace the adder and multiplier with your code and perform the calculation.

But apart from that, obfuscation is powerful in another important way, especially in the field of cryptocurrencies and cryptography. decentralized autonomous organization: Private data can now be included in publicly executed contracts.on top of second generation blockchains like EthereumIt becomes possible to run so-called “autonomous agents” (or “decentralized autonomous organizations” if the agents primarily function as voting systems between human actors). Its code runs entirely on the blockchain and has permissions. Maintain currency balances and send transactions within the Ethereum system. For example, suppose a contract with a nonprofit organization includes currency balances and a rule that the funds can be withdrawn or spent if 67% of the organization’s members agree on the amount and destination.

Unlike Bitcoin’s vaguely similar multisig feature, the rules are very flexible, such as allowing withdrawals of up to 1% per day with just 33% consent, or turning an organization into a commercial company whose shares can be traded. Shareholders can be acquired automatically. receive dividends. Until now, such contracts have been considered to be fundamentally restricted. They only have an impact within the Ethereum network, and possibly other systems that are intentionally configured to listen to the Ethereum network. However, obfuscation opens up new possibilities.

Let’s consider the simplest case. An obfuscated Ethereum contract contains a private key to an address in the Bitcoin network that can be used to sign a Bitcoin transaction if the conditions of the contract are met. So as long as the Ethereum blockchain exists, Ethereum can effectively be used as a kind of controller for the money that exists within Bitcoin. But it gets more interesting from there. Now let’s say you want a decentralized organization to be able to manage your bank accounts. Using an obfuscated contract, you can have the contract hold the login details for your bank account’s website, have the contract run the entire HTTPS session with the bank, and log in before approving a specific transfer. . It requires a user to act as an intermediary to send packets between the bank and the contract, but this is a completely trustless role similar to that of an Internet service provider, and can be easily performed by anyone and rewarded for the task. You can even receive. . Autonomous agents can also have social networking accounts, accounts on virtual private servers, and can perform even more intensive calculations than can be done on a blockchain, as well as most things that can be done by regular humans or their own servers. You can do everything.

I’m looking forward to

So we can see that in the coming years, decentralized autonomous organizations could become much more powerful than they are today. But what will be the result? Developed countries are expected to significantly reduce the cost of starting new businesses, organizations, and partnerships, and gain the tools to build institutions that are less corruptible. Organizations are often bound by rules that are really little more than gentlemen’s agreements, and once some of the organization’s members gain a certain amount of power, they gain the ability to bend any interpretation in their favor.

Until now, the only partial solution has been to codify certain rules into contracts or laws. Although this solution has advantages, it also has disadvantages. This is because the laws are numerous and very complex to navigate without the help of (often very expensive) laws. Professional. With DAO, you also have another option. It’s about creating an organization whose organizational terms are 100% clear and embedded in mathematical code. Of course, there are many things whose definitions are too vague to be defined mathematically. In such cases, some arbitrator is still needed, but their role is reduced to a limited commodity-like role, bound by contract, rather than potentially having full control over everything. Masu.

But things will be even more dramatic in developing countries. Developed countries have access to sometimes semi-corrupt legal systems, but other than that, the main problem is simply that the legal system is too heavily skewed toward lawyers, outdated, bureaucratic, and inefficient. Developing countries, on the other hand, are plagued by legal systems that are, at best, thoroughly corrupt and, at worst, actively complicit in the plundering of their subjects. There, almost all business is done by gentleman’s agreement, and there are opportunities for people to betray each other at every step. The mathematically encoded organizational conventions that a DAO can have are not just an alternative. These could potentially be the first legal systems that actually exist to help people. Arbitrators, like the organization itself, can develop their reputations online. Ultimately, voting on the blockchain will probably be the forerunner. bit congress, could even form the basis of a new experimental government. If Africa can make the leap from word-of-mouth communication to mobile phones, why not move directly from tribal legal systems with local government intervention to DAOs?

Of course, many would be concerned that it is dangerous to have money moved around by an organization that cannot be controlled, as there is considerable potential for criminal activity by this type of power. But he has two simple objections to this. First, it is impossible to shut down these decentralized autonomous organizations, but it is certainly very easy to monitor and track every step of the way. It will be possible to detect when any of these entities make a transaction, making it easy to see what their balances and relationships are, and if voting is done on the blockchain. makes it possible to collect a lot of information about its organizational structure. . Like Bitcoin, DAOs are too transparent to be practical for many in the underground world.Directed by Finsen Jennifer Shasky Calvery said recently, “Cash is probably still the medium of choice for money laundering.” Second, at the end of the day, DAOs can’t do anything that regular organizations can’t do. They are simply a set of voting rules for a group of humans or other human-controlled agents to manage ownership of digital assets. Even if a DAO cannot be shut down, its members may still operate as if they were running a regular, old-fashioned organization offline.

Whatever the likely applications of this new technology will be, one thing is becoming increasingly certain. It’s that cryptography and decentralized consensus are about to make the world a lot more interesting.

Related Article


Leave a Comment