2021 Q3 Blockchain Commons Report
Q3, 2021 saw Blockchain Commons projects that spanned the spectrum from our first security review through continued reference releases, new translations, and the expansion of our specification work into standards and laws.
Our major work included:
- Released Security Review for SSKR
- Released Seed Tool 1.1 and 1.2
- Released Minor QR Tool Updates
- Updated Bitcoin Standup Scripts
- Released Gordian Server 1.0.0
- Finished Portuguese & Spanish Translations of Learning Bitcoin
- Released New SSKR Docs
Looking to the Future:
- Supported the Standardization of DIDs
- Initiated Discussion of Principal Authority
- Testified in Wyoming & Elsewhere
Looking to the Future:
- Began Investigations of Ethereum
- Finalized Our Second Intern Program
Some of our most important work at Blockchain Commons is on specifications that improve the interoperability and resilience of cryptocurrency wallets. Our reference libraries allow developers to incorporate those specifications into their own code.
SSKR Security Review. However, there’s one more thing required before our libraries can be used in production releases: security reviews. Our vision is that third-party developers using our libraries will work with us to contract a security review from a third-party. They can take advantage of all the libraries already reviewed, and then they can increase that selection with a review of their own. Our sustaining sponsor, Bitmark, began that process this quarter by arranging a security review for our bc-shamir and bc-sskr libraries through Radically Open Security (ROS).
The folks at ROS tested our software and noted potential security problems. We then worked with them to close all issues that we felt were a priority. Because Blockchain Commons is dedicated to transparency, we have published the review and our response, which includes a listing of issues that we resolved, as well as those we did not (and why). Thanks to this review, we feel that the
bc-sskr libraries are the first of our reference libraries ready for production deployment.
Project Nayuki Port. We also released a minor new utility library, a port of the Project Nayuki QR library into Swift as QRCodeGenerator. We’d discovered that Apple’s native iOS QR generation is inefficient for QR codes where individual segments require different optimization. Nayuki does the right thing, by individually optimizing each segment, so we ported it over as a replacement for the native Apple libraries, for use in our own code and by other developers.
Our reference apps provide exemplar use of our specifications (and libraries).
Seed Tool Updates. The release of Seed Tool was one of our big events in Q2. In Q3 we’ve continued that work through two notable upgrades, releasing 1.1 in July, 1.2 in August, and 1.2.1 in September. Some of the biggest updates included arbitrary key derivation, preset SSKR schemes, and developer functions that make it easier to test out QR & UR-based requests and responses. We also added our first Ethereum support, through the ability to derive Ethereum private keys and addresses from your stored seeds. Our updated Seed Tool Manual describes all of the latest functionality.
QRTool Updates. Seed Tool wasn’t the only reference app to get attention; QRTool also received some minor updates in July, though those largely took the form of minor bug fixes. Updating QR Tool to use the Project Nayuki library port will be our next big update for QR Tool, sometime in the future.
Other utilities make it easier to use Bitcoin and other blockchain and crypto-technology.
Bitcoin Standup Updates. Bitcoin Standup was one of Blockchain Commons’ first releases. It automates the installation of a secure Bitcoin Core setup on a Debian Linux device or virtual machine . However, Bitcoin Core is always changing, requiring occasional updates. Our newest version of Bitcoin Standup, 0.8.0, updates the scripts to work well with Bitcoin Core 22.0 (which made some changes to its code signing).
However, Bitcoin Standup 0.8.0 does more than that. We’ve always imagined Standup as an engine that can install a wide variety of cryptocurrency and blockchain applications, and the new version of Standup offers the opportunity for the first such addition: cypherpunkpay, an easy and accessible server for receiving Bitcoin payments. This addition, though just a starting point, was one of the Human Rights Foundation (HRF) projects initiated by our 2021 interns, to offer cyryptocurrency support for activists.
Gordian Server Officially Released. Our Gordian Server project took Bitcoin Standup as a jumping-off point and offered the same ability to easily install Bitcoin Core on the more accessible macOS UI. Like Bitcoin Standup it’s intended as the heart of a self-sovereign setup, where you can control both your wallet and your server. We released Gordian Server in some preliminary versions in 2020, but we’ve now polished it to improve its stability and ease of use, and have released it as the Feature-Complete 1.0.0. Like our newest Standup release, this version of Gordian Server has also been updated to work correctly with Bitcoin Core 22.0.
One of Blockchain Commons’ goals has always been to improve the developmental understanding of Bitcoin. We also extend that goal to our own releases by working to make our specifications as accessible as possible.
Learning Bitcoin Translations. Our popular Learning Bitcoin from the Command Line course has brought numerous developers into the industry. We’re thus thrilled to offer complete translations in Portuguese and Spanish. This enormous amount of work was the product of a number of volunteers, some of whom were also working with us as interns, which means that the HRF should again be thanked for their support. We hope that these translations will help bring Bitcoin development to the Spanish- and Portuguese-speaking world, which seems particularly important given El Salvador’s recent move to Bitcoin as a currency. (Learning Bitcoin also enjoyed quite a few minor edits as a result of the translations, as well as updates to include i2p and some recent revisions, resulting in our release of version 2.1; we’ve also got plans for 3.0.)
New SSKR Docs. Shamir’s Secret Sharing is a critical element of #SmartCustody in today’s digital-assets world, which is why our SSKR library received our first security review. We’ve also been expanding our docs to talk more about how and why to use secret sharing (and why not to). Our newest SSKR docs include Designing SSKR Share Scenarios, which discusses many models for sharing (including all of the default scenarios now found in SeedTool), and SSKR Dangers, which talks about why we ultimately prefer multisigs to secret-sharing.
Building to Specifications & Laws
Specifications and supportive references are the first steps in bringing new ideas to the industry. To reach their fullest potential, those ideas eventually have to become something more …
DID Standardization. The DID specification, which is currently a 1.0 candidate recommendation for an international standard, is our next big technical step forward for self-sovereign identity. Unfortunately, big centralized companies such as Apple and Google have taken notice and unsurprisingly raised complaints. We’ve offered some support with language and with championing the hard work already done, though the heavy lifting continues to be done by the editors, including Drummond Reed, Manu Sporny, Amy Guy, and Markus Sabadello.
Principal Authority. Many specifications and standards need legal support to reach their fullest potential. Our work in Wyoming has resulted in the state legislature arriving at a legal definition of digital identity that centers on the concept of principal authority. This quarter, we released a paper on how principal authority defines self-sovereign identity, and what the next steps are. (We also presented the paper and testified about it to the Wyoming legislature.)
eResidency & Other Testimony. Overall, we’ve been thrilled to be working with Wyoming, creating some of the first and best laws for supporting blockchains, cryptocurrency, digital identity, and digital companies. In a recent presentation, we urged them to leverage the infrastructure they’ve created into an eResidency program that can extend these benefits to companies worldwide. In other testimony for Wyoming, North Dakota, Texas, and the Netherlands we have provided support new laws for DAOs, updates to GDPR regulations and have advised how to avoid vendor lock-in and future-proof technology.
Other Future Expansions
Finally, we’re also looking to the future in other ways.
Ethereum Expansion. As noted, we’ve expanded Gordian Seed Tool to support Ethereum key derivations. We’ve also been experimenting with selling some self-sovereign-identity NFTs to raise funds for Blockchain Commons. Generally, this all demonstrates our goal of bringing many of our philosophies, architectures, and models to the Ethereum blockchain. In particular, we believe that #SmartCustody, and especially SSKR, could help Ethereum, which has a lot of its own challenges for responsible key management, such as the lack of true multisig. If you’d like to support our expansion into Ethereum, please become a sponsor and let us know why you did (or watch for upcoming NFT auctions!).
Second Intern Program. Finally, we’ve just completed our second summer’s intern program, and we’re thrilled to have another batch of interns who we helped to introduce to the world of blockchain development and who in turn helped us push forward projects such as our Learning Bitcoin translations and revisions. They also: produced a secure development setup guide and a pseudonymity guide that offered more support for activists and HRF; developed a mori-cli program for leaving behind your digital assets; worked on creating a stable version of Esplora; and more. Some of our 2021 interns have already gone on to other paid work in the field; we’re looking forward to seeing what they create next!
Thank you, as always, for your interest in Blockchain Commons and the improvement of the entire blockchain field. If you like what we’re doing, we again encourage you to become a Github sponsor so that we can continue forward with our work of making the industry independent, private, interoperable, and resilient!