Mitt Romney, the US presidential candidate, reminds us that corporations are people. Whether or not his supporters agree with the conclusions drawn from that assertion, there is certainly much truth in the statement. After all, isn’t a corporation a group of people working together under certain rules? When a corporation owns property, it actually means that there is a legal contract that states that the property can only be used for certain purposes under the control of the people who are currently on the board of directors. This designation itself can be modified by certain groups of shareholders. If a corporation does something, it means that the board of directors has agreed to do so. If a corporation hires employees, it means that the employees agree to provide services to the corporation’s customers under certain rules, especially regarding payment. The fact that corporations have limited liability means that certain people are granted additional privileges to act with less fear of legal prosecution by the government. They are a group of people who have more rights than the average person acting alone, but they are ultimately people nonetheless. After all, they are just people and contracts.
But here comes a very interesting question: do we really need people? On the one hand, the answer is yes. In some post-singularity future, machines will be able to survive on their own, but in the near future, some kind of human behavior will be needed to interact with the physical world. On the other hand, over the past 200 years, the answer has increasingly become no. The Industrial Revolution allowed us to replace human labor with machines on a large scale for the first time, and now we have sophisticated digitalized factories and robotic arms that can produce complex products like cars on their own. But this is only automating the lower levels. It eliminates the need for general laborers and replaces them with a small number of specialists who maintain the robots, while the management of the company remains intact. The question is whether we can approach the problem from the other direction. Can we instead remove management from the equation, even if we still need humans to perform certain specialized tasks?
Most companies have some kind of mission statement. Often it’s about making money for shareholders. Other times, there are moral imperatives surrounding the specific products they make, and other goals, like helping the community, that are at least theoretically thrown into the mix. Right now, that mission statement exists only as long as the board of directors and ultimately the shareholders interpret it. But what if, with the power of modern information technology, we could encode that mission statement into code? That is, create an inviolable contract to generate revenue, pay people to perform certain functions, and find the hardware to run it. All of this without the need for human direction from the top down.
As Daniel Larmier of Let’s Talk Bitcoin said: pointed out In his exploration of this concept, Bitcoin itself can be thought of as a very early prototype of exactly that. Bitcoin has 21 million shares, owned by people who can be considered shareholders of Bitcoin. It has employees, and it has a protocol for paying them: roughly every 10 minutes, it pays one employee at random 25 BTC. It even has its own marketing department made up of shareholders. But it is also very limited. It knows almost nothing about the world outside of its current time, has no way to change any aspect of its functioning other than through difficulty, and is, in fact, do Anything in itself; it simply exists and allows the world to perceive it. The question is: can we do better?
calculate
The first challenge is obvious. How does such a company actually make decisions? It is easy to write code that takes inputs from a predictable environment and computes the desired behavior. But who runs the code? If the code exists only as a computer program on a particular machine, what prevents the owner of that machine from shutting it down entirely, or even modifying the code to send all the money to himself? There is only one effective solution to this problem: distributed computing.
However, the kind of distributed computing we are looking at here is not the same as the distributed computing of projects like SETI@home and Folding@home. In these cases, there is still a central server that collects data from distributed nodes and sends requests. This is where the kind of distributed computing we see in Bitcoin comes in: a set of rules that decentralize and self-verify their own computation. In Bitcoin, this is achieved by simple majority voting. If a majority of the network power does not help compute the blockchain, the block is discarded and the block reward is not earned. The theory is that no single attacker can have enough computing power to subvert this mechanism, so the only viable strategy is to essentially “go with the flow” and honestly act, supporting the network and earning the block reward. So can we simply apply this mechanism to distributed computation? That is, ask every computer in the network to evaluate a program, and then reward only the answers that match the majority vote? The answer, unfortunately, is no. Bitcoin is a special case. Because Bitcoin is simple. Bitcoin is just a currency, it does not own any property or personal data. Virtual corporations, on the other hand, are likely to store the private keys of their Bitcoin wallets. This data must be available in its entirety. no oneBitcoin transactions are not available to everyone in that way. But of course, the private keys must still be available. So what we need is a system that signs transactions and even generates Bitcoin addresses, which can be computed in a decentralized manner. Fortunately, Bitcoin allows us to do exactly that.
The first solution that comes to mind is multi-signature addresses. Given 1,000 computers that are supposedly capable of supporting the enterprise, each generates a private key and creates 501-of-1000 multi-signature addresses between them. To spend funds, all you have to do is construct a transaction with the signatures of the 501 nodes and broadcast it to the blockchain. The problem here is obvious: the transactions are too large. Each signature takes up about 70 bytes, so 501 of them would create a 35KB transaction, which is basically very hard for bitcoind to accept on the network. We refuse transactions with scripts larger than 10,000 bytes.. Second, this solution is specific to Bitcoin. If a company wants to store personal data for non-financial purposes, a multi-signature script is useless. Multi-signature addresses work because there is a Bitcoin network that evaluates them and places transactions on the blockchain based on whether the evaluation is successful. For personal data, a similar solution would basically require a decentralized authority that stores the data and only releases it if 501 of the 1000 required signatures are received for the request. That means we are right back where we started.
However, there is still hope for another solution. The common name given to this by cryptographers is “secure multiparty computation”. In secure multiparty computation, the input to the program (or, more precisely, the input to the simulated “circuit”, since secure multiparty computation cannot handle “if” statements and conditional loops) is partitioned using the following algorithm.Shamir’s Secret SharingAnd a piece of information is given to each participant. With Shamir’s secret sharing, all data is split into N pieces, of which K is sufficient, but K-1 is not sufficient, to recover the original data. When running the algorithm, K and N are chosen. 2/3, 5/10, and 501/1000 are all possible. Then, the circuit is evaluated on the pieces of data in a distributed manner, so that at the end of the computation, everyone has a piece of the computation result, but at no point during the computation, no individual can see anything about what is happening. Finally, the pieces are put together and the result is displayed. The runtime of the algorithm is O(n3), which means that the number of computational steps it takes to evaluate the computation is roughly proportional to the cube of the number of participants. With 10 nodes, it takes 1000 computational steps, and with 1000 nodes, it takes 1 billion steps. A simple 1 billion step loop written in C++ takes about 20 seconds to run on my laptop, and can run on a server in a fraction of a second. So 1000 nodes is pretty much the limit of practicality in terms of computation.
As a result, secure multi-party computation can be used to generate Bitcoin addresses and sign transactions. For address generation, the protocol is simple.
- Each person generates a random number using their personal key.
- Each person computes a public key corresponding to their private key.
- Everyone makes their public key public, and Shamir’s secret sharing algorithm is used to compute a public key that can be reconstructed from 501 of the 1,000 public keys revealed.
- An address is generated from that public key.
Because it is a public key Can add and subtract Even multiplying and even dividing by integers, surprisingly, this algorithm works exactly as expected. If everyone creates a 501-of-1000 private key in the same way, then that private key can spend money sent to the address generated by applying the 501-of-1000 algorithm to that public key. This works because Shamir’s Secret Sharing is actually just an algebraic formula. That is, it only uses addition, subtraction, multiplication, and division, and it is easy to compute this formula “on top of” the public key, just like an address. As a result, it doesn’t matter whether the private key to public key conversion is done before or after the algebra. Transaction signing can be done in a similar way, but the process is somewhat more complicated.
The benefits of secure multiparty computation extend beyond Bitcoin. It can easily be used to run artificial intelligence algorithms that businesses rely on to operate. So-called “machine learning,” the general name for a set of algorithms that detect patterns in real-world data and allow computers to model them without human intervention, is used extensively in areas such as spam filters and self-driving cars, and is “algebraic” and can be implemented in secure multiparty computation as well. In fact, any computation is possible if the computation is broken down into circuits for the individual bits of input. There are naturally some limits to the complexity that can be achieved. Converting complex algorithms into circuits often introduces additional complexity, and as described above, Shamir’s secret sharing can be expensive in its own right. Therefore, it should only be used to implement the “core” of an algorithm. More complex, high-level thinking tasks are best handled by outside contractors.
Are you excited about this topic? Stay tuned for parts 2, 3, and 4: How decentralized enterprises interact with the outside world, how simple secure multi-party computation circuits work at a mathematical level, and two examples of how these decentralized enterprises can make a difference in the real world.
See also:
http://letstalkbitcoin.com/is-bitcoin-overpaying-for-false-security/
http://bitcoinmagazine.com/7119/bootstrapping-an-autonomous-decentralized-corporation-part-2-interacting-with-the-world/
http://bitcoinmagazine.com/7235/bootstrapping-a-decentralized-autonomous-corporation-part-3-identity-corp/