Deepening Blockchain Governance Toolkit with Two-Factor Authentication 2FA

tyntec_screencast

Datarella demoed a new PoC for off-chain governance with our friends from tyntec at the TADSummit in Lisbon, Portugal this week. Using tyntec’s 2FA service we were able to demonstrate a proof of concept for using strong authenication to secure an Ethereum transaction. This is one elementary piece of the puzzle for creating robust governance structures for the blockchain.

What’s blocking the blockchain from going mainstream? Datarella and tyntec at TADSummit Lisbon 2018

One of the main issues holding back adoption of blockchain-based applications is that we’re still at a pretty basic level when it comes to governance.  Much ink has been spilled over the parity multisig wallet bug and the hack of the DAO. The exact causes of those incidents are beyond the scope of this article but both have to do with complexity and with finality.

One of the major selling points of Ethereum it utilizes the solidity programming language, which is Turing complete. This is both a blessing and a curse. It’s a blessing because this makes it technically possible to build very complex smart contracts which are capable of doing just about anything – that’s a big part of the promise of blockchain. The curse part of the equation is the fact that these complex programs may have unforseen bugs which end up irrevocably committing transactions on a large scale to public blockchains.  This is where finality comes into play. Once approved Ethereum transactions are subject to increasing probabilistic finality. 

In layman’s terms this means that there are no chargebacks, no refunds, no do overs and no room for error. The combination of complexity and probabilistic finality means that if we want to build blockchain applications that are ready for mass adoption we will need significantly improved safeguards and governance before transactions are committed to the blockchain.

In order to be useful, systems that transfer value have to exhibit some kind of finality. When you use a credit card to purchase a latte at your local store the money is transferred on a centralized ledger maintained by visa or mastercard. The money stays transferred unless there is a dispute. If you discover fraudulent charges on your card you just call your bank and prove your identity.  They roll back the charges on your account and an insurer takes care of the damage done. In other words, in the credit card system, finality is limited but sufficient and flexible. In the blockchain world what you commit to the chain remains on the chain. If you loose your private key or a bug in some complex code allows an unintended value transfer, it’s game over.

We can’t change the finality of blockchain and in most public cases we don’t want to. What would be nice is if we could put additonal controls on what the holder of a private key can do. This is useful as a component of our developing blockchain governance toolkit in a number of situations.

Some example use cases:

  • Resetting access to a wallet
  • Restricting malicous transaction attempts
  • Enabling multiparty quorum transactions without relying on complex on-chain multisig wallets
  • Off-chain voting mechanisms

Take a look at the video of the demo above. What we’ve implemented is a smart contract which requires a one time password provided by the tyntec 2FA API in addition to the private key before any transaction can be finalized on-chain. This opens the door to all sorts of governace options which we’re working on for our product RAAY and as part of the Codelegit arbitration libraries which we provide to the Blockchain Arbitration Forum.

We’d like to thank the awesome team of tyntec for their continuing collaboration on this. We’re really looking forward to the role such tech can play in moving blockchain-based governance procedures forward.

Blockchain Project in Humanitarian Supply Chain – Datarella and UK Gov. DFID

We at Datarella are very proud to announce that we will work with the British Government Department for International Development (DFID) to develop a pilot project on the topic of “Blockchain in Humanitarian Supply Chains“!

The project is supported by the DFID innovation and future technologies programme, Frontier Technology Livestreaming. They source ways of improving how DFID works across the world using new technologies from DFID staff. Naturally, blockchain is one of those technologies, and supply chain operations is a very applicable area for this technology for three main reasons:

1. Transparency – Humanitarian supply chains could benefit from having the right tools to achieve increased transparency in a secure manner. More transparency could also facilitate collaboration across organisations.

2. Efficiency – If the operatives working at organisations in DFID and similar organisations (e.g. USAID, the UN World Food Programme, etc.) could rely more on the quality of data, they could focus on other matters. This could contribute to decreased “shrinkage” and thus improved efficiency as more goods are delivered to those in need.

3. Collaboration – Having a shared database of goods, shipments and importantly accountability, where many can write and read, but not change the history, is an ideal setup for collaboration. This could enable the creation of standards for data models and improved service to both those funding (mostly tax payers) and those on the receiving end.

With these prerequisites in mind, we are looking forward to the coming phases and sprints of the pilot where we will implement a live blockchain solution, hopefully of great use to many people, especially those in need of immediate and unconditional aid.

The project consists of building a blockchain-based system to track a shipment of plastic sheeting shelter kits (try to say that ten times in a row) from an offshore warehouse, by multiple logistics service providers to a country where they are needed. There they have to be cleared through customs, meaning that a consignee will need to assume responsibility for the shipment. This will also be tracked using a smart contract. Thereafter, a so-called implementing partner will start transporting and deploying the kits within the country.

If you have experience or are interested in learning more about this project and blockchain in humanitarian supply chains, feel free to @ @mountbranch or @datarella on twitter! Also, here’s a link to a Medium post by FTL themselves about the initial phase of the project!

Tokenisation Of German Real Estate Fund – The First RAAY OS Application

Blockchain is a foundational technology, an underlying technology layer for applications built on top of it, allowing them to share a joint database and a ledger. It provides realtime access to an immutable and consistent data set. Based on our experiences launching the Building Blocks project on behalf of the United Nation’s World Food Programme (WFP) in May 2017, we launched its RAAY project in early 2018. 

RAAY’s goal is to become a new operating system for banking. Since the finance industry hasn’t changed much during the last decades, and financial crises followed by new stern regulatory frameworks have made banking even harder, banks are faced with a multitude of challenges, from a degenerated trust to inflexible and overcharged IT infrastructures and processes. For the RAAY team, blockchain provides the ideal basis for renewing trust and making IT more efficient for banking. Therefore, RAAY has been working on a new operating system to enable players of the finance industry with a blockchain-based technology layer to build lean, efficient, trust-less applications on top of it.

RAAY is partnering with a German bank to create a blockchain-based token representing the ownership of a German real estate fund. The token is part of an immutable, trust-less and decentralised system built specifically for the new RAAY operating system for banking. The token and the auxiliary system achieves an improved model for ownership of real estate by applying blockchain technology, secure and scalable identification solutions and tried-and-tested account management software. 

The token is characterised by a smart contract defining key functionality (transfers, rights, etc.) and listing properties (ownership, price, fund information, etc.). The token smart contract is linked to another smart contract which manages the different tokens and allows users to interact with various tokens in a simple way. Ownership of a token is proven by the possession of a private key. The corresponding public key is publicly listed in the smart contract. Building on the immutability and security of blockchain technology allows any token holder to prove ownership to anyone, in real-time, without doubt. 

The auxiliary system contains three main components: 

  • Identification, 
  • Application for Tokens and 
  • Fund-Connection. 

The Identification takes place according to applicable KYC-regulations with the addition of the creation of a blockchain identity, in effect a public-private key pair. The secret private key is much like a password and can be either downloaded to a secure offline-storage by the client or can be stored in a so-called cold wallet managed by a future RAAY-bank entity. If investment amounts exceed a certain limit, tokens are stored in a multi-signature wallet for additional security. 

The Application for Tokens is a protocol for converting any type of funds (fiat or cryptocurrency) into tangible asset tokens. It requires an account with a depository bank for fiat currencies. 

The Fund-Connection is the direct correspondence between existing tokens and shares of the fund in question. This ensures the validity of each claim that a token holder may have, on any ownership/access to dividends from the fund. 

This is the first step in RAAY’s strategy to create the new operating system for banking. It is a needed use case that will be operational and reduce costs for the fund deploying it. By going stepwise from one application area to another, RAAY will build a modular and configurable OS for banking that removes inefficiencies regardless whether the partner is a fund, a bank or a fintech-company.