For full details see this:
29-pager TRUSTLESS Business Case and Conceptual Business Plan (PDF)
A 1-PAGER BUSINESS CASE
Post R&D Go-to-market Cost/Profit Analysis: The Initial UVST 4-6M€ R&D project will produce a production-ready socio-technical prototype, as well as a post-R&D Consortium with willing R&D participants, bound by set-in-advance terms. After such project, the Consortium plans to engage with various kind of entities to (seed/angel or large co-marketing global partners, possibly by turning itself into a startup) finance the following go-to-market costs. Here is a simple cost/profit analysis, also include in the business plan above.
Market Need: No current end-user device, datacenter/hosting-room solution or end-to-end solution, on the civilian or military market today, provides meaningful and independently verified protection fromlow-cost semi-automatic continuous undetected exploitation, by a large number of actors, through a large number of continuously discovered, or unpublicized, but highly plausible, critical vulnerabilities. Some of these vulnerabilities affect even the best solutions aimed at highest assurance: (1) hw and sw complexity that is way beyond the ability to properly verify; (2) the non-verifiability and/or inadequate levels of verification (physical hardware design, fabrication and firmware) through the life cycle of at least some of its potentially critical hardware components, especially at the CPU, GPU, co-processor level. Shamir and Schneier, among the top 5 security experts in the world, state clearly that at this stage we should be assuming all mainstream processors are or may very well be compromised in undetectable ways. The US Defense Science Board had great doubts about the security of the overall hardware supply chain, even for high-security devices for (most or all) US Dept of Defense 6 million users. Back in 2005, it stated that “trust cannot be added to integrated circuits after fabrication”. See the 2013 US Defense Science Board reports on Cloud and end-to-end security and on Cyber-threats. US Defense Science Board acknowledged in a 2013 Cloud Cybersecurity report (p.56) “client hardware security is just as essential for cloud computing as is the security of servers“.
Target Markets: Substantial market opportunities have been identified for the following sector:(A) High-worth and mission-critical individuals and groups within private, public and state security entity;
- (B) as a white-label solution, for international banks and bank associations for their high-premium clients, including ultra-private e-banking, one time passwords and more;
- (C) as while-label, IaaS or PaaS server-side-only solutions for the highest security and privacy requirements in state security, financial, military and other sectors;
- (D) (later phase) as white-label low-cost wide-market consumer ultra-privacy+entertainment deployment (1-300K+ units), through a telco, mobile operator, and/or broadcaster, with the optional CivicDongle, in partnership with local content partners; (E) (later phase) as a cheap and relatively-small form-factor hardware platform without a touch screen for mission-critical Internet-of-things applications.
Barriers to Market Entry: Need to achieve ultra-high and truly end-to-end, fully-verifiable and extensively-verified levels of privacy, that can compete with trust levels based on claims based on brand names with a track record. Needs economies of scale, because: (A) a user’s utility will grow substantially as a reasonable number of users with whom he wants to communicate ultra-privately own a CivicPod, or can be easily induced to do so (via low cost and/or mandatory use) (B) performance and security of Tor network for metadata privacy depends on the number of estimated trusted nodes and their performance . Substantial additional features are needed to justify the inconvenience of carrying an additional mobile device.
Go-to-market Strategy: B2B solution for white-label and custom deployment to enable banks, banks associations, telco and/or another premium very high-worth individuals and institutional customers. As initial adoption drives cost per unit down, a consumer version – without dedicated business peripherals, but with CivicDongle and its entertainment features – would be released for mass-market adoption.