Why should I trust tokens launched under SNS?

finally!!! The community and investors have been waiting for the block data to be public for a year! Without block data being fully public, no consensus could be fully trusted

3 Likes

We must differentiate between the condition of trust and verifiability. All block chains require some degree of trust in the nodes (and the software they run) that produce the chain, even bitcoin. Usually this means we implicitly trust that more than 1/2 nodes are honest. This also applies to subnets in IC. Without this trust being the precondition, we can’t talk about verifiability.

Now on verifiability. Opening up block data is of course a simple (or should I say, naive) way to prove both data and execution are executed correctly (according to the code). But it is also complex, and out of reach to most end users, who still end up having to trust some 3rd party providers (like Infura). This is why IC invented chain key, which means it is enough to trust a message execution result by verifying a signature, putting the power of verification back in the hands of end users. Of course aforementioned pre-condition of trust still applies.

So a user can already verify a message call or certified asset really has not been tampered (because they trust 1/2 nodes of a subnet). But it is still quite far from being able to trust a canister, or a service running on IC. In addition to verifying canister’s code (module hash), we also need to pay attention to its upgrades, and configuration changes. I think this community project (also mentioned in this forum thread ) deserves more attention:

It offers a creative solution to the verifiability of canisters, tracking all upgrade histories and administrative changes. It is a great demonstration that the community can lead the innovation, instead of waiting for the foundation to deliver solutions.

I work for the foundation, and I don’t think there is an excuse not to make SNS as secure as possible. But on the other hand, publishing block data really isn’t something that’s going to benefit average users since they won’t be doing the verification. Verifying IC message calls only needs a public key. Verifying canister or services, well, now you got launch-trail.

I encourage everyone to take a look at launch-trail and see if it does solve most of the trust issues raised here, or if not, why not.

EDIT: with the above being said, I do agree that we should publish NNS block data, which is the root of trust of IC because of the automated governance.

14 Likes

My initial foray into the issuance of tokens was an Open Transactions server; one of the features I really liked about it was precisely the fact that it did not need a history of transactions; all it needed was the last “receipt” showing that both the sender and the receiver (and of course the “notary server(s)”) had signed agreeing that the transaction was valid and that the resulting balance it showed for their account given the amount the transaction was sending or receiving was correct.

A side effect though was that you in effect could not change anyone’s balance without their approval, including that sending them something would simply offer them the option to accept the incoming or not.

See Open Transactions Server: Asset/Bond/Commodity/Cryptocoin/Deed/Share/Stock Exch. and Open Transactions

-MarkM-