The main Piece of news regarding Libra is, in my opinion, Steve Sprague’s analysis of the Libra blockchain.
Steven Sprague, one of the leading proponents of the “trust computing” technology, recently has made public an article titled “Libra and Calibra Security, A White Paper by Rivetz Corp.”
On this14-page document he dissects Libra’s technical papers, focusing on Security. Also, in an article published by coindesk.com, the author summarises his findings. In it, he stated his belief that “the company left out the foundational components of user security”. This article tries to summarise the white paper document.
Steve states that to ensure consumer protections it is necessary to guarantee “provable user intent, global compliance and privacy for the ‘Internet of Money.’ ”
“The first principle must be to ensure the user is the owner of the private key and always remains in control of its use. […]”
“The second principle is that the user must be able to prove they intended and consented to a transaction.”
“The third principle is to minimize the risks created by the supply chain. In order to maximize user protections, wherever possible, private keys should be stored and used in a manner which minimizes the impacts of security subsystem failures.”
He recalls that the blockchain technology may help to solve these problems, but its Achilles heel is that the user is responsible for protecting its private keys and transaction instructions, making a private key one of the most valuable pieces of data on the internet.
He also says that “The optimal approach is to pre-validate the cybersecurity controls and compliance before a transaction is committed to the chain.”. But the Libra white paper does not specify the techniques to address consumer protection and regulatory compliance.
Libra has established three core goals:
• It is built on a secure, scalable and reliable blockchain.
• It is backed by a reserve of assets designed to give it intrinsic value.
• It is governed by the independent Libra Association tasked with evolving the ecosystem.
The project is missing a fourth, critical goal;
• It is decentralized and operated by keys and instructions anchored in trustworthy computing with strong consumer protections, controls and privacy.”
Mr Sprague is surprised by the lack of redundancy for the storage of the private key, as he believes consumer would need multiple redundancies such as those developed by his company for Telefonica using a method that combines cryptography with various embedded hardware elements.
Finally, he thinks that decentralised technologies, together with trustworthy computing, are the answer for a safe “internet money”.
The principles of decentralised operation must be preserved to protect the consumer’s privacy and freedom. Consumers must own their private keys to allow free choice. Global custodial solutions are required to assure users never lose control of their keys.
In the white paper, he develops the guidelines for a solution, consisting of three elements:
Secure User Instructions
In order to move value securely from one address to another one, it is required a secure instruction, consisting of the following elements:
1.- What you see is what you sign: To ensure that what is being signed is what the user wishes to sign.
Provable Human Consent: Secure pin or biometrics to ensure the user is involved in the secure instruction.
Protection of Private Keys and Transaction Signing: There must exist a mechanism to protect the private key.
Provable compliance: A proof of all the process through a hash of the completed controls should be included and recorded on the chain.
Attestation of the device that Created the instruction: To ensure that the device creating the instruction is operating as it should be and is not compromised.
The Second Hash: The creation of a second hash that guarantees the intent and compliance of all the elements of the transaction.
2.- The User is In Control
The centre of the money should be the owner of the private key. Blockchain processes and infrastructure should not hold the power to “alter transactions, freeze accounts or change balances”.
3.- Transactions with Compliance vs Platforms with Compliance
The “internet money” should be prepared to shift from centrally delivered permissions to decentralised provable transactions from day one. As stated earlier, the process to validate compliance can be part of the blockchain.
Decentralised Provable Compliance
A system that ensures the integrity of the device: Once this is has been pre-established, the private key can be used to authorise a transaction.
The advantage of executing policy controls within the consumer’s device is that privacy is built-in. The evaluation and the request for verification take place from within a secure enclave on a device that is isolated from view by any third party.
Multiple roots of trust
Multiple roots of trust take advantage of the existing embedded hardware present in mobile devices. A “Carrier Level Immutable Protection (CLIP), developed by Rivetz, makes use of SIM’s and the Trusted Execution Environment of the device to protect private keys.
Never Lose the Keys
The system must be designed to allow the recovery of the keys of lost or stolen devices using the same mechanisms to secure policies to keys. Multiple recovery keys can be used to recover the private key. These recovery keys could be sent to a set of other user’s devices to make sure the private key can never be lost. Also, custody and escrow services could supply physically separated locations for portions of the user’s private key.
The Business Model for Decentralised Security
It is based on the concept that compliance and controls will be verified before the execution of the transaction. These controls will be supplied by service providers participating in the validating process, which will be paid a fee on a per-transaction basis. This process can be implemented using an auxiliary token, separating the digital currency from the compliance controls, therefore offering additional privacy (as the case of the token developed by Rivetz). This allows the transition from a permissioned blockchain with central controls, to a permissions process using a decentralised model.