Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Computers are not personal anymore, secure computing is here. What I learned using blockchains since 2013.
This is not a whitepaper, you can relax, we are not selling you a token. This is not an academic document, we are not publishing our latest research findings nor the results of an exciting experiment. This is not a sales pitch, there's nothing to buy.
This is a manifesto, a declaration of intent, based on our analysis of the current state of computing, blockchain, cryptography, and information security and where these communities are today. Its goal is to showcase the amazing things that have been invented and built by geniuses in recent years, then try to make sense of it all, and outline a common vision for the future of computing.
These machines, designed solely to compute quickly and accurately are now required to do it securely, reliably, privately, and with constant connectivity. As a result, we have become accustomed to regularly seeing millions of individuals suffer data breaches, or businesses shut down by ransomware. Worst, keeping systems secure is getting more and more complex everyday as new security risks are identified, so the problem is only going to get bigger unless we do something.
In this article, I will argue that recent advancements in computer science, as well as society’s increased acceptance of technology create an opportunity to rethink our computing paradigm and address some of its flaws. We will study how a number of recent innovations demonstrate that it has become possible to address these problems. Finally, I will share my vision of what this future of computing is, and the steps necessary to get there.
I started work back in 2007, doing network security for an internet service provider. I then spent 10 years in enterprise information technology and was the chief information officer for a multinational company in the construction industry. My job there was to lead IT to build and run all facets of an information system for a modern business.
Computers, smartphones, wearables, and the internet of things are everywhere and run most of our lives. The foundations of their design, at a time when calculating, storing data, and processing data were significant challenges. Fifty years later, devices built on are tasked with enabling social life, tracking possessions, operating businesses, and governing our societies.
As, electronic and mechanical machines were fascinating. Understanding how they work, and how to build them was a never-ending source of fun. But the discovery of programming on graphing calculators in school made me understand what computers could do. The excitement of discovering machines that can be told what to do had a profound impact on me. After that point, I looked with pity at analog devices, like watching an old friend that didn’t keep up with the times. And I feel the same pity looking at computers today.
In 2018 I founded , a company that builds digital asset technology, and recently closed its seed funding round. Our goal is to promote the adoption of blockchain technology. Our incredible team has built platforms for banks, financial institutions, DeFi startups, and businesses in supply chain and energy. We animate a vibrant blockchain community in our home base, Bangkok. Our custody and tokenization products enable the financial services of the future, and we serve financial institutions in Southeast Asia.
Millions of people have realized that computers are broken. Many of them are younger people, who never lived without computing, and maybe because of that they can see better than others not only computing’s limitations but more importantly its potential. So, what is this vision of a world where computing is secure? The short version is that we could trust computers with much more. If we go back to the fundamental properties of secure systems, we can have a sense of what we’re missing today.
If computers enabled ubiquitous:
Integrity, records couldn’t be modified, and we would know that an email forwarded to us wasn’t altered in the process.
Confidentiality, files couldn’t simply be shared or copied, and factory owners wouldn’t take risks when subcontracting work.
Authenticity, we could verify digital claims of authorship, and we wouldn’t need to print, sign, and send paper documents.
Possession, assets would remain in control of their owner, and banks couldn’t unintentionally prevent us from moving it.
Utility, then files wouldn’t suddenly become useless when the software initially used to read and edit them stops to exist.
Using secure computers will be a vastly different experience from using computers of today. We all know too well that every time we open our laptop or smartphone, there is no guarantee that our data will still be there, or that our device will even function correctly. The anxiety that this creates, with so much of our lives depending on these machines, has a profound effect on everyone. What if instead, you had an absolute certainty that your applications would ‘just work’, and that your data was ‘just there’?
Informing ourselves would be vastly different too. Once every quote, every recording, every video can be securely attributed to its author, why would you continue to read news built by copying and editing information found elsewhere? Once people can anonymously prove their credentials and knowledge of a topic, who wouldn’t read the comments they leave on news articles? Imagine being able to see the statement of a government’s health minister debunked in the comments section by thousands of people that you know are relevant members of the health administration, while no one is revealing their identities.
The computing of tomorrow will give us security. Secure computing is not personal, it is an abstraction built upon traditional computers that continue to provide the raw horsepower. Secure computers are virtual machines, composed of thousands of interconnected nodes that all agree on a security policy, and economic incentives to enforce it, a.k.a. blockchains. Tomorrow, secure computing will be enabled by millions of blockchains, and trillions of tokens. There are large, complex, and largely unsolved computer science and engineering challenges ahead of us that will keep us busy for decades.
Technological revolutions have abstracted, and automated, the things we used to do before they came. We abstracted and automated the making of goods during the industrial revolution. Then, the digital revolution abstracted and automated the delivery of services. The current revolution is abstracting and automating the creation and operation of entities that produce goods and services. And instead of raising funds, these new entities can issue and distribute their own currencies, which become integral parts of their economic models.
Availability, the software would keep running no matter what, and oil pipelines wouldn’t have to be.
And while solving today’s problems is an exciting proposition on its own, it is likely that entirely new ways to use computing would emerge thanks to the security of tomorrow’s computers. The example of non-fungible tokens, digital representations of assets ownership such as art, is a great example of how quickly evolves as new tools become available. A part of society has now accepted, in, that ownership of a token representing something is equivalent to being the owner of that thing. Now imagine this concept extended to cover your possessions, your company’s assets, the state’s properties, all represented with tokens that can be transferred, traded, borrowed worldwide.
Another incredible glimpse of the future that we have today is the rise of decentralized autonomous organizations, from to now enabling. At their core is the idea that decision-making can and should be decentralized. The traditional pyramidal decision making, with many operational people making many low impact decisions and a few high-ranking people making a few high impact decisions, is flipped on its head. Decentralized autonomous organizations instead are demonstrating the viability of new models where many people collectively make many high-impact decisions, with the low impact decisions entirely automated and executed by a few trusted software, blockchain smart contracts. Instead of a bank’s executive team coming up with targets of how many loans should be given next year, smart contracts automatically grant loans to anyone who’s got sufficient collateral, and hundreds of people govern the interest rates and collateral requirements.
When it comes to privacy, we start to have a feel for what this enables as well. While by now everyone has heard of bitcoin and how it lets anyone across the world move money, fewer have understood that we can also move money privately. We can now on an open, decentralized network where the sender, receiver, and amount of a transaction are not disclosed. And while these applications will certainly create numerous headaches for regulators, continued improvements in cryptography promise. Soon™, you will be getting a loan given by software against your assets without ever disclosing to anyone the value of these assets, your intention to get a loan, or the fact that you got a loan.
While computing allows us to do, with an incredible speed, many of the things that humans do, secure computing allows us to do things that we humans can’t. For example, we can now. You might in the future be able to sell your car and get paid with just one tap on your smartphone. You didn’t sell it to anyone, but instead, a secure computer has bought it from you. This same secure computer will sell your car to someone else later. Even better, thousands of such computers will be competing to buy and sell cars for the lowest fees.
When we get there, work is likely going to be vastly different for the next generation. While the cost of creating companies is already negligible for most businesses, the time required to finance, hire, and structure their operations is not. We have now a demonstration of how smart contracts can enable all this. As creating companies, and operating them becomes automated by secure computers, they might become much more ephemeral. You can. In the future, you might wake up in the morning, read a report of the income you derived from various previous ventures you were associated with and tailored options of where to now allocate your one true resource: time. This might not be for everyone, and where steady flows of work exist, steady streams of income will as well.
As private computing is enabled by a new generation of computers, this will create the opportunity to rethink how personal data is managed. Imagine a future service like Apple Photos or Google Photos, but designed so that it does not need to own your data to process it. The future service will be able to recognize the faces of your friends on images, just like today, while you will retain ownership of your photos. And these types of applications of private computing are. Private data will not be owned by centralized services, like today by technical necessity and economic incentives, but by the end-user. And instead of files stored on your mobile phones, they will be stored on decentralized storage services, and processed by private computing services.
How we think about our assets, and investment will change dramatically too. In a world where investment is automated, the cost of investing will tend to zero. And while the concept of a, we still need to automate the ‘back-office’ of investment such as clearing, settlement, and custody. And with a cost of investing close to zero and a cost of trade close to zero, why would anyone want to keep money in fiat currencies? Payments will be quite different, as the buyer’s portfolio management software will likely not hold any cash but rather thousands of various financial instruments. These assets will be automatically selected, and just the right amount sold to receive local currency, transfer to the merchant, and the merchant himself will automatically invest this local currency into assets of their choosing. While government fiat currencies will likely continue to be used as a medium of exchange and unit of account, their utility as a store of value will continue to be challenged.And with secure computing enabling instant onboarding to services, there will be much less friction when moving from one goods and services provider to another. Are you fed up with Amazon after reading about how they mistreat their employees? If the effort of signing up for their competitor, entering all your details, and teaching your new online shopping service all your preferences to have meaningful recommendations seems insurmountable, consider the idea that this information will in the future belong to you, and you’ll be able to instantly sign-up to a competitor using your global identity. And the same would apply to financial services. Instead of the ‘Sign-up with Google’ and ‘Login with Facebook’ buttons that we see everywhere, you might be only using a self-sovereign identity that you issued yourself, or perhaps a, a ‘Login with my Passport’. Unhappy with the loan rates that your bank provides? Not a problem. Just link your assets, credit history, and identity to a new bank in a few seconds.
Blockchain, cryptography, cryptosystems, all these technologies are attracting a lot of attention and interest as people have come to realize that there is something very important going on. And while what we’re all building is important, it is not yet very impactful. Almost no-one uses a blockchain daily today. Even the most popular services have a limited feature set. The ecosystem overall offers a poor user experience. We need to acknowledge these issues first if we want to address them.
While we’ve got a long way ahead of us, we also have an amazing arsenal of tools built by the blockchain, cryptography, and computer science communities. If we go back to the fundamental security properties that we require, we can pretty much map them one to one to some of the recent information technology innovations.
Utility, we have created a machine which allows us to store and retrieve information anytime, anywhere using common standards, the internet. The information itself is increasingly standardized as well, and we have built ways to decouple the schema of information from its computer representation.
While individually, these security properties can be guaranteed, there is no consensus today on 1) how to enable all the properties of secure computers at the same time, and 2) the direction to take so that the secure computing capacity grows with demand for it. I believe that these two problems are the fundamental problems that we need to focus on right now, if we want secure computing to succeed.
Then introduces the following questions: What are the interfaces between these layers? What is the order of the different layers? I would like to propose the following model for discussion with the community.
Layer Name
Information Guarantees
Interfaces
Protocols / example
1
Integrity
State consensus
Past immutability
Changes authorization
Agree on state
Change state
Blockchain consensus
Ethereum PoS
2
Availability
Retrieval
Addition
Read information
Add information
Blockchain nodes
Ethereum RPC
3
Confidentiality
Access control
Hide information
Disclose information
Zero-knowledge proofs
Aztec Noir
4
Authenticity
Authorship
Attribution
Sign information
Verify signature
Blockchain wallets
Metamask
5
Possession
Ownership
Transferability
Own information
Transfer information
Token protocols
ERC20
And since the overall goal of this exercise is to enable the use of secure software on secure computers, there are computing properties that are required in addition to the security properties.
Layer Name
Computing Guarantees
Interfaces
Protocols / example
6
Computation
Computation execution
Store program
Execute program
Store results
Blockchain consensus
Ethereum PoS
7
Composition
Computation extensibility
Call results
Call program
Blockchain nodes
Ethereum RPC
8
Interaction
Exchange with user
Sequence calls
Select next call
2 phase commits
‘Transaction groups’?
9
Utility
Usefulness
Use computer
Use information
Recovery protocols
Metadata standards
If we want secure computers to scale, and become prevalent, we need our “PC revolution”. Personal computers suddenly allowed most people to use software in their daily lives. We need a revolution that’ll allow most people to use secure computers in their daily lives. And we have a huge advantage: almost everyone has a computer already. We should also acknowledge that there are still large unsolved problems.
I would like to propose three actionable tracks to get to secure computers. While this is a generational change, and it will take a while for secure computing to become prevalent, we need to get the ball rolling. For this, we could 1) build a proof of concept, 2) work on the long term problems, and 3) assemble a sustainable community.
We need to build a proof of concept secure computer. It must enable all security, and computing properties in the model that we have established. Its speed, or the user experience do not matter at this point. There are two goals for it. First is to demonstrate that secure applications can be built and used. Second is to learn along the way, refine the layered model proposed, and progress towards an accepted standard architecture for secure computers.
Second big problem, composition of computation and privacy of information are conflicting requirements. How do we allow one program to make use of another program in a computer where everything is private? If everyone is lending and borrowing privately, and the interest rate charged by the program is public, an observer could derive information about loans by carefully watching the interest rate evolve over time. Perhaps information will in the future not always be absolutely accurate, and we would sometimes accept the tradeoff of a decrease in accuracy to maintain a higher privacy.
Lastly, and this should be obvious by now, the amount of knowledge, education, effort, and capital needed to achieve these goals is enormous. And just like security is a team effort, secure computing must be open and transparent. No single organization can claim to drive secure computing as that would defeat its very purpose. For this reason, one of the very first steps we should take as a community is to assemble ourselves and get everyone to participate.
Cisco estimates that there are between 20 and 30 billion connected devices across the world today and that in 2023 there will be more than 5 billion internet users. Computers, smartphones, IoT devices, and ‘the cloud’ can be found anywhere on Earth, and even on its neighboring planets.
All these devices are built on the same fundamental design. Central processing units are given computation instructions, they retrieve the input data required for the computation, execute the computation, and then store the output data. This cycle is repeated billions of times each second, and this allows your smartphone to connect to the internet, a server to send you this article, and your screen to display its contents.
Subtle variations exist, for example in the way in which instructions are executed, or how data is accessed and stored, or on the number and arrangement of processing units. But it is important to understand that these 20 billion connected devices were all built for one purpose: process as quickly as possible any instructions they’re given on the data they’ve got.
Fundamental parts of computers' design are much older than some people realize. It is generally accepted that the modern computer architecture was created in the late 1970s with Intel’s 8000 series of microprocessors, and later the first IBM PC in 1981. We could even argue that computers still use the same architecture as the IBM Harvard Mark 1, released in 1944.
Performance, however, cannot be compared. An interesting metric is the dollar cost per GFLOPS or billions of floating-point operations per second, it measures the cost of a unit of performance as computer hardware evolves. Since 1984, when Bill Gates was first featured on the cover of TIME magazine, this cost has gone down from $46 million to 3 cents. That’s a staggering 99.9999999% reduction over 40 years. The success in processing as fast as possible any instructions on any data is undeniable.
The question is, should computing any instructions on any data still be the objective of tomorrow’s computers? Is it what we want of 20 billion devices that constantly exchange data and instructions with one another? We aren’t living in a world where personal computers sit on a desk at home with its floppy disks in a drawer anymore.
The geniuses who designed and built modern computers were living in a world that was different from ours. While Alan Turing and his bombe electromechanical computer were designed to defeat the Enigma machine and break its encryption, it is not until the late 70s that the modern concept of encryption using public-private key cryptosystem was born. While CPUs were being designed, and the first motherboards were built to architecture how computers would receive, store and process information, these primitives that are everywhere in security today didn’t exist. And it took another 20 years before encryption became widely used.
Today, there are several properties that we expect from a system to be considered secure. For example, the ‘CIA triad’. Confidentiality: being able to limit who has access to information. Integrity: that the original information remains complete and unaltered. Availability: being always able to retrieve information on time. These three are sometimes extended to include possession, authenticity, and utility. Possession: being able to tell who currently owns a piece of information. Authenticity: the ability to verify claims of authorship. Utility: remaining able to use a piece of information over time.
It is important to understand that computers, on their own, are unable to provide any of these six properties. To achieve any of them, we must carefully design, build and operate additional hardware and software systems that enable these fundamental security properties. In the 1970s, security was not a part of the specs sheet. A CPU must execute whatever instruction arrives on its pipeline. RAM must store whatever data shows up on the memory bus. Peripherals must deal with whatever data is given to them. Computers were built to be personal, and compute personal information.
The amount of effort, expertise, and capital required to build blockchain applications today is quite large. And while in bringing these costs down, in many ways what is being built is comparable to what IBM was building for NASA in the 60s. We now have t-shirts instead of dress shirts, and laptop stickers instead of pocket protectors. We still need dozens of highly skilled engineers to build and operate these new and exciting machines. dApps have replaced the room-sized computers of the sixties, even if they hold the same revolutionary importance.
Some figures can help put things in perspective. The Ethereum blockchain has roughly the processing power of a CPU clocking in at roughly 10 kHz (that’s a k for kilo). In 1971, was already an order of magnitude faster than this. Storing 1kB of data on Ethereum costs a whopping 50 USD today (again a k for kilo). This is comparable to the . Therefore, the Ethereum blockchain has basically the same performance as a 50 years old computer, but one with vastly superior security properties. One could argue that we’re comparing apples to oranges, and that’s true, we’re comparing the performance of computers that are limited by the size and number of transistors with the performance of secure computers with different bottlenecks. Still, we aren’t anywhere near being able to use secure computing everywhere, like we use computing today. And that’s a reality we need to acknowledge if we want to make progress.
10 kHz is a quick estimate based on a average opcode price of 500, a block gas limit of 15M on mainnet in July 2021, a block time of 15seconds. Equivalent to ~2,000 instructions/second. Or .
50 USD is based on executing opcodes each with a gas price of 28 and an Ethereum price of USD 2,600 as of writing.
Integrity, just like blockchain records can represent ownership they can also represent arbitrary data. And when coupled with distributed file systems, we can now enable guaranteed data integrity. A number of companies have been doing this, including . Yes this is a shameless plug.
Availability, secure computers have very high availability guarantees, by being widely distributed. While this , the Ethereum network is as of writing this article. In 2017 Joseph Lubin stated .
Confidentiality, we can perform computations while keeping the inputs and outputs private. This is done using fully homomorphic encryption and zero-knowledge-proofs, with companies like , and demonstrating how this can be used already today for securing AI, or sharing secret information.
Authenticity, we know how to build too. They can be used to securely make and prove claims of authorship of information, and the covid-19 crisis demonstrates how a global identity system could allow global , for example.
Possession, we can now maintain distributed records of ownership and guarantee the security of transfers as no central authority can modify someone else’s records. Blockchains have been doing this for years with both fungible and .
If we go back to the first question, how to enable the properties of secure computing all at the same time, a lot of work has been done in this area, and the architecture of a ‘proof of concept’ secure computer is reasonably simple. Broadly speaking, we can think of this architecture in terms of layers. A lower layer enables certain core functions, which become automatically available to the higher layers who themselves enable more complex functions, just like this was done , arguably the biggest ‘computer’ that exists. One approach I would like to propose when discussing the architecture of secure computers is to try and map the different layers of their architecture to the individual security properties required.
We need to solve the big problems and that requires an agreement on what they are. First big problem, we need our version of . The computing capacity growth has been enormous arguably for two reasons. We figured out early that transistor density was the factor with the highest impact on performance, and sold computers in a way where capacity grew along with demand as everyone bought CPUs, adding to the total capacity. For blockchains and secure computers, there’s no consensus today on how to bring a increase to their capacity, or even if it’s feasible. How do we grow blockchains’ capacity along with the demand for them?
Third big problem, the security of information and computation will only be guaranteed within secure computers. And we as humans can’t interact directly with integrated circuits (). We also have billions of non-secure computers around the world today. Just like a spectrum of information security will likely exist in the future, a spectrum of computation security will. Designing ways to interact with secure computers, while making the right trade-offs between usability and security will be a difficult task which will span from user interfaces and operating systems of the future, all the way to designing new silicon and hardware.
The complexity, and intricacies of building computer systems that provide information confidentiality, integrity, availability, possession, authenticity, and utility should not be underestimated. Enabling some basic confidentiality requires software that can provide encryption, hardware that can securely store private keys, systems that share identities and public keys, purpose-built applications, and people who understand how to securely use all of this. Because of this, less than 10 million people are using, meaning that 99.75% of the planet uses email without true confidentiality.
Security is not a common area of interest, and only really understood by a few technology experts. Despite the industry’s best efforts, we often see spectacular failures. Just 3 years ago, a vulnerability was found in in the world that was considered ‘catastrophic’ by experts; it allowed malicious software to steal information from other software running on the same computer. A more recent example occurred in Ireland where the Health Service’s information system was, things were so bad that some hospitals were forced to shut down all computer systems and cancel all outpatient visits.
And a month rarely passes without a major confidential data breach. In 2021, Facebook revealed that data of its users, including phone numbers, had leaked. That, and barely made the news. Many of us will also not remember the, where private records of 160 million people that included social security numbers, addresses, and other confidential information leaked because the company failed to follow its own security procedures.
For secure computers to succeed, we need to rethink how we operate them. Right now we expect users to create a wallet, secure a seed phrase, understand transactions, tokens, fees, learn how DeFi protocols are designed, and figure our the right dApp to use them. While this is the state of the art, and the dApps and their protocols are absolutely incredible, the reality is that very few people care enough to go through all these complex steps. The success of DeFi, NFTs and gaming on blockchains is a great indicator of the potential of the technology. But we're still expecting tech-savvy users, either with a background in software engineering, fintech or gaming.
Atato's goal is to make it easier to interact with blockchains. We let you use secure computers, give them inputs, receive outputs. Our products sits between the decentralized applications and the user. Already, we introduce several innovations to make this easier. One of them is that our custody solution lets you create wallets without dealing with private keys or seed phrases.
Using multi-party computation, we abstract the concept of private keys, and enable new wallet recovery scenarios. This allows businesses such as digital asset service providers, exchanges, brokers, and other financial institutions to onboard a large number of users, securely and at a low cost. Small businesses also use our solution to secure their crypto holdings.
We interact with blockchains today by making transactions, and our goal is to provide a simple, yet secure interface to use secure computers. Signing a transaction does not have to be a complex operation, and should be as easy making a call. As the vast majority of decentralized applications today are based on tokens like ERC20 and ERC721, these are the key features of our custody solution today. As the types of decentralized applications continues to evolve, our goal is to ensure that businesses have a secure access to them.
One might wonder how digital assets custody relates to using secure computers. Our view is that one's blockchain identity (his public/private keys) is equivalent to the 'user' of traditional computers. While we interact with a computer using a keyboard, mouse and display to send instructions, receive results, and interact with applications, we sign blockchain transactions to run dApps on blockchains.
Because computers are so enormously powerful, we rely on them more and more, and the importance of their security limitations is therefore ever increasing. Computer storage has become virtually unlimited for everyday purposes, as storage hardware prices continue to decrease, and the use of online storage services continues to grow.
In addition, the internet has also exploded in capacity and reach. Almost every corner of the planet is connected all the time, with speed sufficient to exchange large documents, place video calls and collaborate remotely. Communication capabilities can now be built into any device so that every tiny IoT chip has a remote access to vastly superior resources for computation and storage.
And computers are not only amazing at quickly processing vast amounts of data, which is useful when processing repetitive tasks that can be outlined in a precise program; they’re also getting increasingly good at pattern recognition, where instead of a precise program for repetitive tasks we can now teach a degree of artificial intelligence to computers and enable them to extract specific information from unstructured data.
And we entrust computers with much more than talking with colleagues and loved ones. These machines also keep track of our possessions today. Everyone’s bank balance is stored on a computer and has been for decades. Your insurance details, medical records, credit score, driver’s license records, tax payment history, the list goes on. Most of the things that you own, a computer owns for you.
As we have learned to live with the limitations of computers, it can be difficult to understand how these limitations affect us, and it is useful to pause and wonder about how we do things.
Last week, my sister wanted to make a bank transfer. She’s living in Europe, and banks there use the SEPA bank transfer network. She wanted to send money outside of Europe, and the receiving bank used another transfer network called SWIFT. She had trouble navigating her online banking menus and options and asked for my help. While she had the money on her account, we found out that her bank didn’t allow for online SWIFT transfers, but only the European SEPA. She had to call her bank’s call center, and it took a few calls before an agent capable of helping her was on the line. After she managed to make her transfer, she called me and was shaken by the realization that her money is not ‘hers’ as much as it is the property of her bank’s software and processes.
Just a few days ago, a colleague and I needed to sign documents sent by a customer. I was not at home or in the office, and neither was my colleague. The documents were urgent, and so we sent back an electronic signature of a PDF file. Our customer couldn’t accept electronic signatures, due to the nature of the documents and their internal policies. They had to wait a few days so that both my colleague and I had access to a printer, a messenger so that they could receive paper copies of what we submitted a few days before in a format that was arguably more secure. This time I wondered, why do some of us still have such distrust in computer files, and why should it be a problem that I have to deal with?
Secure computing is a team effort, built on open protocols. And this vision that we are outlining here is already shared by a number of communities, and startups. Web3 is a term that also encapsulates a number of shared key ideas. We should try to forget everything we know and expect about how computers and the internet operate. We need to rethink things from scratch, with a solid understanding of the security properties enabled by secure computing.
Perhaps the most important then is to start thinking about how we interact with hardware, software, services, and businesses not in terms of what they do well, but in terms of what they could do if they were powered by secure computers. The DeFi community is an amazing example of how fast the idea can spread, and what it enables. Starting a bank used to be a multi-year, multi-million dollars journey that involved hundreds of people. Secure computers enable anyone to build a bank and operate it with immense security. Instead of vaults, firewalls, security teams, audit teams and complex processes, we 'just' have a set of smart contracts that are running with extremely strong security guarantees.
Once we have a good understanding of what we're missing out on, then we can start to see the opportunities, and get to work. We must challenge everything we have come to accept as normal and demand integrity, availability, confidentiality, authenticity, possession and utility from the software we interact with. We're embarking on a journey that will lead to profound changes in how software is built, hardware is designed, and how businesses, services and our society operates. While we do not know what is in store for us, we should also remember the values that enabled this in the first place. Openness, transparency, integrity, and good governance.
Perhaps the most significant challenge will be to get the ball rolling. Each of the communities of information security, cryptocurrencies, blockchain, zero-knowledge proofs, multiparty computation, fully homomorphic encryption, crypto anarchists and cypherpunks have a reasonably clear vision of how they are advancing their agenda and information security. Getting at least parts of each community to join a broader movement to build secure computers will be a gradual process, one that will probably require compromises to individual visions.
You might contribute your knowledge, and provide feedback on the model we outlined here, point out things that do not sound right to you and help us outline a better vision for everyone. You might be part of one of the teams we spoke about here, or be a user of their products. If this article sounds interesting to you then spread the word, our goal is to assemble like minded people to get to work on building secure computers.
You might have access to people you think can help the secure compute community make progress. If you do, please get them engaged with this material and the community. Building secure computers will not be a one-company thing, just like no single company built the internet. We're going to need help with all the different layers of secure computers to make them a reality, and it's only by working together that we will make this vision a reality.
You might be looking to deploy capital, and make investments into startups who want to rethink the way computers are built and operated, in this case please keep an eye on the companies active in the community, and if you're unsure who's working on what then take some time to join us and learn more. We're going to need all the help we can get.
After 50 years, computer science is experiencing a paradigm shift. This shift will affect every facet of information technology; how we build products, what problems they solve, and how they integrate into our lives. Cryptography and blockchains are the driving forces tearing apart the notion of personal computers and inventing privacy-preserving, secured computing. The implications for individuals, families, businesses, and society are profound and not fully understood. An enormous amount of work lies ahead to create tomorrow’s computing. Companies like atato are building what will power tomorrow’s tech industry. Come and join us!
While large parts of our computers were invented in the 1970s, the good news is that researchers have of course been hard at work during that time, so that the number of tools at our disposal to make computing secure is huge.
Not only has science and research progressed, but the community has been building and using secure computers for a few years now.
Throughout the world, we now have this growing community collectively working to create tomorrow’s secure computers.
With so much effort, resources and time spent on cracking the problem of building secure computers, the speed at which the community makes progress will only continue to accelerate.
Since 2017, has worked with the , became , performed , and built for financial institutions across South-East Asia. In 2021, the company shifted to a product business and is bringing to market a digital assets and cryptocurrencies secure storage and custody solution after closing its seed round in March, with investments from , and angel investors. , a SaaS digital asset custody platform, is the first iteration on the company's broader vision: enabling the next 100 million blockchain users. We're who loves to build great products, and .
Our view is that blockchains, and secure computers, need operating systems. If I want to write some text on a computer, I'm not going to carefully craft instructions that will be sent to my CPU to read my keystrokes and store them on my hard-disk. Instead an abstraction layer exists between me, the user and the application. Similarly, the way we interact with blockchains today is very low level. We make transactions to call smart contracts and move tokens. This is kind of like typing an executable file name in DOS and then manually naming a document to save it to the A:\ drive (hello users).
is a modern digital assets custody platform where businesses can securely store and manage their cryptocurrencies using a web application, mobile application and APIs. We want to help businesses save time and money by creating a simple but yet powerful service for them to make deposits, withdrawals and use dApps.
In that sense, a custodian, or a wallet, operates a new type of user interface, or operating system with which one can use secure computers. This is what we are building at atato. Going back to the of secure computation, our area of focus is on the layers 8 (Interaction) and 9 (Utility), and we aim to provide a solution which allows everyone to make an effective, interactive use of the amazing properties enabled by the technologies powered the underlying layers. We want to enable a future with millions of zero-knowledge proof powered blockchains, and trillions of tokens.
If that sounds exciting to you, , we're going to need amazing people like you to make this vision a reality!
Because computers are so amazing, we now fully delegate key parts of operating our society to them. In the past few years, the internet has overtaken television as the preferred media for for example. And with social media, people can receive news that is tailored to their interests, communities and relevant to them, with the risk of creating echo chambers.
Businesses in general also rely heavily on computers and the internet, with between to of all business being conducted online nowadays. When it comes to payment, computers enable most transactions in mature markets, a trend only accelerated by the COVID-19 crisis. In Sweden and the Netherlands for example volume respectively.
But it is perhaps when it comes to news and entertainment that the impact of computers is the strongest, with online content consumption doubling in 2020 to an incredible. While a lot of that is no doubt attributable to global lockdowns, the distribution and consumption of content and entertainment now happens primarily online.
In 2021, we rarely use computers alone, and while we might be alone in front of our computer, today the internet enables. There is no need to remind anyone how important Zoom and other video calling services have become in our lives during the Covid-19 pandemic. We meet people, we exchange ideas, we stay in touch with loved ones, all using interconnected computers.
Increasingly, computers make decisions on their own. Computers decide which movie, music, or product to recommend to you. They decide whether your credit card will be accepted for this online purchase you’re trying to make. They decide how to operate our electrical grid, our water networks, our traffic lights. They can even decide. As we continue to entrust computers with decision-making, their lack of inherent security creates ever-increasing risks.
A few months ago, a friend called me and asked me for advice. He wanted to outsource the production of a machine part that his engineers had designed but not yet manufactured. As they were about to send the 3D drawing file to the supplier machining the part, he wondered: Could my supplier keep the file and produce parts for other factories as well? How can I ensure that my file is only used to produce parts for me? As he explained his problem to me, I thought about possible solutions such as. They require specific expertise, expensive software, and intensive training. And I wondered, why do we still accept that files can be copied freely when they have become so valuable?
The biggest 'secure computing' community is undeniably the community. Ethereum used to call itself "the world computer" and we're getting closer to this vision everyday. Think of Ethereum's mainnet as a particular secure computer. Polygon, Binance, and other layer2/sidechain solutions all can be thought of as Ethereum-compatible secure computers. The EVM is to secure computers what x86 is to CPUs. While ethereum itself does not have built-in confidentiality, a of and are on enabling it. And if you'd like to learn more about ethereum, check out your local and . Of course if you're in Bangkok, !
If you're in the US, consider joining the secure and in Washington. Consider also joining the fully homomorphic encryption run by . And for sure there are many more amazing communities in the same space with a shared vision. Feel free to edit this page on GitHub at and let everyone know you!
How can you contribute? The most important if you can is to contribute your time, and there are a number of things you can do it you're ready and willing to do this. Check-out of what we as a community should be working on right now.
First and most visible, we aren’t limited to telling computers what to do in the form of very detailed software instructions, now we can use machine learning to teach computers what to do, so that they solve problems with artificial intelligence. In 2013 already, 35% of amazon’s sales were. We also have invented new types of computing; we can not only tell computers what to do but also and have them respect it; we also know how to break down software in chunks that work in parallel to run simple software with or solve the.
The way we build software is vastly different too, and. Today, companies are paying their employee’s salaries to develop software that they then donate to the world. The software is free, and you buy the service to operate it instead. By some estimates, developed today contains hundreds of open-source software. On GitHub, the largest open-source community platform in the world, more than. The internet allows technology companies to be virtual, without offices, in an asynchronous way.
Lastly, the security arsenal that we have at our disposal is vastly different. As mathematics and computing power progressed, we can do things that would have seemed impossible 50 years ago. We can have guarantees that software will. We now have to. We can. We can create. More than 5 million people have a. A storm is brewing.
To me, Bitcoin is the first secure computer. A computer limited to just two features, one to create coins, and one to transfer coins. This virtual, secure computer has been operating since Jan 2009 and available for of the time elapsed since, with its last outage occuring in Mar 2013. As of writing this article 12,963 Bitcoin nodes are operating the network worldwide.
Ethereum then lifted Bitcoin’s limitation in the number of features. Instead of just being able to create and transfer coins, one can now write arbitrary secure computer software a.k.a. blockchain smart contracts. The network went live in July 2015 and will soon be as old as Bitcoin was when Ethereum launched. Its most successful apps are in finance as well, with lending, borrowing and more complex financial products enabled by its smart contract capabilities. As of writing this article the Ethereum secure computer is securing a total of USD 90 Billion invested in its and instances.
While these pioneering secure computers are huge successes in enabling some of our desired security properties (namely integrity, availability, authenticity, and possession) they do not on their own enable confidentiality and utility. Luckily, many to have been over the past few years and are a very active area of work.
In the past year alone, close to were submitted to arxiv.org referencing the core technologies used to build secure computers. are now including blockchain in their curriculum. Cryptocurrency is now online learning topics. The’s Turing Awards (the ‘’) went to researchers who directly advanced the field of secure computing in,,, and arguably.
When it comes to people, blockchain was on the podium of the according to LinkedIn. There of, and close to a million people claim to be working on and. ConsenSys, Ethereum’s leading development company, is working to get to and we are probably in the.
In the last 12 months, a total of were completed in blockchain and cryptocurrency with over USD 15 Billion invested. Another were completed in information security with over USD 27 Billion invested.