2021 Q2 Blockchain Commons Report

It was another busy quarter for Blockchain Commons, with a focus on work on our Gordian reference apps, which demonstrate our architectural models and specifications. However, we had numerous other releases as well, including a lot of documentation to let everyone know what we’re doing.

Our major work included:

Overviews

  • Releasing a video overview of our specifications and technologies;
  • Publishing our list of Gordian Principles;

Reference Apps

  • Releasing Gordian QR Tool and Seed Tool through the Apple App Store;
  • Debuting our Sweeptool command-line tool;
  • Experimenting with Timelocks for the next generation of #Smart Custody;

Coding Processes

  • Increasing our focus on the Rust programming language;
  • Working with a sponsor on our first security review;

New Docs

  • Publishing docs on our UR and SSKR specifications;
  • Kicking off two translations of Learning Bitcoin from the Command Line;

Other Priorities

  • Beginning work with our summer interns;
  • Continuing to testify for the Wyoming legislature;
  • Celebrating the fifth anniversary of self-sovereign identity; and
  • Talking about the future of the BTCR DID.
Read More

(Also see our previous Q1, 2021 report.)

Some Overviews

Blockchain Commons is getting big, so we produced some overviews of our work!

Video Overview. Over the last few years, Blockchain Commons has produced a number of specifications, including our fundamental work on Uniform Resources (URs), our other innovations such as Lifehashes and Object Identity Blocks, and our updates of sharding technology with SSKR. If you’re trying to get a handle on the technologies we’re using and the specifications that we’re creating with our Airgapped community, we invite you to take a look at our technology overview video, which runs through our core conceptual and specification work one element at a time.


The Gordian Principles. We’ve also begun publishing some descriptions of what the Gordian architecture means to us. It’s focused on four principals that we believe are crucial to digital-asset management: independence, privacy, resilience, and openness. They’re all about ensuring that you’re the controller of your digital assets. Besides writing a short overview, we’ve also begun adding descriptions to each of our reference apps, discussing how they embody those principles.

And, those reference apps were our biggest news for the quarter …

Reference App Work

Our reference apps show off how Blockchain Commons’ Gordian Principles work in real life. We made great progress on them this quarter.

Gordian Releases. Where we had three reference apps available for beta testing in Q1, in Q2 we advanced to having two available for release from Apple.

Gordian Seed Tool is the app previously known as Gordian Guardian. It allows for the management of your cryptographic seeds in a way that’s secure and resilient. You store your seeds in Seed Tool, ensuring that the data is encrypted and that it’s redundantly backed up to iCloud, and then you derive and export keys as they’re needed. As with all of the Gordian reference apps, this one demonstrates the usage of a number of Blockchain Common’s specifications, including SSKRs, UR, and even our new request/response airgap methodology that we just debuted this February.

Gordian QR Tool is a simpler tool that similarly allows for the storage of QR codes in a secure and resilient way. Thus, if you had a largely unused seed or key, you could export it as a QR and store it here. QR Tool can also be used to store other private information such as 2FA seeds or the brand-new Smart Health Cards. QR Tool recognizes many categories of QR codes, including the UR types that Blockchain Commons has defined, allowing easy categorization and sorting of your cryptographic data. Our QR Tool was slightly held back by inadequacies we found in Apple’s QR creation functions, which can produce overly large QRs. We’ve already begun work translating a better QR library into Swift and expect to integrate that into v1.1 of QR Tool in the future.

QR Tool and Seed Tool also offer the first demonstration of the interactions possible in a Gordian architecture. One of the most powerful examples involves Blockchain Commons’ SSKR specification. Seed Tools allows a user to not only shard a seed using SSKR, but also to encode those shares as QR codes. The encoded shares can then be given to friends and family who have QR Tool, ensuring the safe storage of all the shares required to restore your seed!

We have more reference app releases planned for the future. Gordian Cosigner remains available as a Testflight beta release, and is our reference app for demonstrating how to conduct airgapped signing. We are also beginning work on the Gordian Recovery app, which we announced last quarter; it’ll demonstrate methodologies for recovering assets held by third-party wallets.

Sweeptool Debut. Recovering funds held in a third-party HD wallet can be tricky since you don’t always know which addresses were actually used. We’ve also been attacking that problem with a command-line tool called sweeptool, which sweeps funds anywhere in the hierarchy defined by a descriptor. Sweeptool is the work of one of our intern graduates, and is already available as an alpha release.

Timelock Experiments. Our current architecture for #SmartCustody depends on multisigs to allow for the partitioning of keys and the creation of resilience. However, we’re already thinking about the next generation of #SmartCustody, which will allow the use of timelocks to recover funds in the case of the incapacitation of a principal. We did some deeper investigation into miniscript this quarter, which allows for easier integration of timelocks into Bitcoin addresses, and also mapped out some new architectures for progressively sweeping funds forward to keep ahead of timelocks. However, we discovered that at this point miniscript isn’t yet integrated with the descriptor-wallets that are another of the core elements of the Gordian architecture. This prevents integration with our Gordian apps.

We’ve published a preliminary paper on the usage of Timelocks, but it isn’t finalized yet because of these issues. Meanwhile, one of our interns has begun work on a Rust-based Timelock project called mori-cli. This work is all meant to ensure we’re ready when miniscript is added to Bitcoin Core, or when timelocks are integrated into descriptors in some other manner.

Coding Processes

Releasing apps is just one step of a larger coding process, which requires careful consideration of what languages (and libraries) to use and careful reviewing of their security.

Rust Focus. Sweeptool is written in Rust, which is an increasing focus at Blockchain Commons. We’ve also been using it for our musign-cli work and some of our torgap work and have touched upon it in Learning Bitcoin from the Command Line. We think that Rust is an important language for the future of Bitcoin development in large part because of its safety guarantee, including memory safety properties, which can resolve 70% of security problems. Our main barrier for wider use of Rust has been the fact that C and C++ are the main languages used by Bitcoin Core, iOS, and Android, but we’ve already seen the start of changes there, and hope to be able to integrate Rust even more fully in the future. The fact that the Rust-based Bitcoin Dev Kit is actually in advance of Bitcoin Core in some features is very encouraging.

Security Review. Bitmark, one of our Sustaining Sponsors, has hired Radically Open Security to conduct a security review of our SSKR libraries, bc-shamir and bc-sskr. This is crucial element in making Blockchain Commons’ specification work widely available, since it would be improper for us to review our own security code. As our first partners planning to use one of our libraries in a shipping project, as opposed to just our specifications, Bitmark is stepping up to the plate to fund the review of our core SSKR libraries. We expect this pattern to repeat with future partners and libraries in the future. It shows the power of our open libraries: future companies will be able to depend on our SSKR libraries thanks to Bitmark’s contribution, and then they’ll be able to make contributions of their own that will be much less than if they’d had to security review an entire suite of themselves.

New Docs

The blockchain infrastructure is empowered by users and developers who know how to use it properly. Teaching them is the goal of our documentation projects.

UR & SSKR Docs. The ultimate purpose of our reference applications is to demonstrate how our new specifications can be used in actual applications. Hand-in-hand with that, we’re also producing documentation that lays out in more detail how those specifications work. We’ve begun collecting many of those docs in the documents area of our crypto-commons repo. This quarter we added to our docs repo with several documents about our Sharded Secret Key Reconstruction system, including SSKR for Users and SSKR for Developers. We also released a series of articles on Uniform Resources (URs) intended to show developers how they’re constructed and used.

We are also planning further support for our interoperable specifications such as UR and SSKR at a virtual interoperable wallet specification workshop. We’re currently working on locking down a date.

Learning Bitcoin Translations. Our best-known tutorial at Blockchain Commons, is our Learning Bitcoin from the Command Line course, which we pushed to v2.0 last year and which has 1,700 stars and 100 watchers on Github. We’re thrilled that translations are now ongoing into both Portuguese and Spanish thanks to a half-dozen core volunteers. Some of Blockchain Commons’ own programmers and interns entered the blockchain industry thanks to this course, so we’re looking forward to these translations opening the doors even wider.

Other Priorities

Finally, we have a lot of more varied projects that all saw some progress.

Our Summer Interns Have Begun Work. Thanks to a grant from the Human Rights Foundation, we have a class of a dozen interns this summer. We’re engaging them with weekly calls to introduce them to crucial use cases and to let them talk with Bitcoin and Lightning experts from the industry and human-rights experts, most recently including John Callas from the EFF and Alex Gladstein from HRF.

Some of our human-rights-focused intern projects include a self-sovereign donation app, scripts to automate the setup of privacy and/or bitcoin services, documents on managing pseudonymity, and tracking of blockchain-based legislation.

Some of our more general intern projects include deployment of a full Esplora node for Blockchain Commons, the creation of scripts to make it easier for others to do so, documentation on bitcoin fee-estimation use cases, improvements to our Spotbit server including expansion of the Spotbit API and client app, and the aformentioned work on Mori and on Learning Bitcoin translations.

Our first completed intern ‘21 work is a short i2p chapter for Learning Bitcoin from the Command Line, talking about an alternative (or supplement) to traditional Tor privacy.

Wyoming Testimony. Christopher’s testimony has continued in Wyoming, talking about DAO and identity, to improve and extend both laws. The most recent testimony on May 28 continued to work through the ramifications of the definitions of principal authority for self-sovereign identity.


Self-Sovereign Identity. Speaking of which, it was the fifth anniversary of the concept of self-sovereign identity, which first suggested that we should control our identities on the internet, not be beholden to centralized agencies. Christopher wrote an article for Coindesk celebrating that anniversary, talking about how far we’ve come and reflecting on how things could be improved.

BTCR. Finally, we’ve also been talking about another of our blockchain projects that originated in Rebooting the Web of Trust: BTCR, a self-sovereign decentralized identifier that uses the Bitcoin blockchain. Recently Christopher and the other creators of BTCR talked with The Rubric about the past and future of the DID.

As you can see, we’ve got lots of ongoing work that continue to expand the ideas of responsible key management and self-determination on the internet. If you’d like to support our work at Blockchain Commons, so that we can continue to design new specifications, architectures, reference applications, and reference libraries to be used by the whole community, please become a sponsor. You can alternatively make a one-time bitcoin donation at our BTCPay.

Thanks to our sustaining sponsors Avanti Bank, Bitmark, Blockchainbird and Unchained Capital, and our new project sponsor Human Rights Foundation(@HRF), as well as our GitHub monthly sponsors, who include Flip Abignale (@flip-btcmag), Dario (@mytwocentimes), Foundation Devices (@Foundation-Devices), Adrian Gropper (@agropper), Eric Kuhn (@erickuhn19), Trent McConaghy (@trentmc), @modl21, Jesse Posner (@jesseposner), Protocol Labs (@protocol), Dan Trevino (@dantrevino), and Glenn Willen (@gwillen).

Christopher Allen, Executive Director, Blockchain Common