Trustless Computing Paradigms v.3.2
The following Trustless Computing Paradigms are being evolved by the Trustless Computing Consortium and selected speaker of the Free and Safe in Cyberspace globsal event series, as binding high-level certification requirements required by to-be-established Trustless Computing Certification Body.
A complaint Trustless Computing IT service will be one where, uniquely, all software, hardware and human processes critically-involved in the entire lifecycle and supply chain will verifiably be:
- extreme security-review relative to complexity by highly-proficient and ethical hackers; via extreme compartmentation, minimization of features and performance, and initial development from existing open high-assurance IT at all stacks levels; and via strong minimization of non-free/open-source software;
- subject to extreme transparency, accountability and resiliency in the oversight of human processes, including critical hardware fabrication and server-room access management; via exclusive use of ultra-high assurance oversight equipment, and offline citizen-witness and citizen-jury oversight processes.
- subject to continuous certification via standard setting and certification bodies that are extremely comprehensive, thorough, user-accountable, independent, international representative, primarily non-governmental, and technically-proficient in the specific domain, especially in the area of autonomous systems.
- includes only highly-redundant hardware and/or software cryptosystems, whose protocols, algorithms and implementations are open, long-standing, extensively-verified and endorsed, and with significant and temporally scalable post-quantum resistance levels.
- includes only open innovations with clear and low long-term royalties that ensure low cost and prevention of undue intellectual property right holders’ pressures, lock-ins, patent vetoes.
- subject to public inspectability of HW and SW source designs without NDA, except where full public inspectability would clearly enable malevolent actors to escape legitimate cyber-investigation.
- extremely reliable means of compliance to legitimate lawful access requests, with safeguards against privacy abuse that can be reasonably ascertained to be substantially higher that any existing lawful or widely practiced alternatives.For much more details, including on the safeguards for offline lawful access processes, please refer to the Trustless Computing Certification Body page, and links to the Manifesto of Trustless Computing and the Proposal for a Trustless Comptuing Certification Body
However, for exemplificatory purposes, such voluntary lawful access compliance would be offered:
- Only through extremely technically-effective, citizen-accountable and transparent safeguards, whose effectiveness is primarily reliant on highly-resilient offline citizen-jury-liked socio-technical processes, that manage on-site physical access to all critically involved hosting facilities for any reason by anyone. These processes will implement safeguards substantially in excess of those of the citizen-jury in the US judicial systems – already well honed to resist extremely determined attempt to compromise the integrity of the jury in billion dollars class actions – and will be directly managed by the Trustless Computing Certification Body. These jurors would be assisted by legal and technical experts nominated by such Body, and undergo deep vetting, screening and training, and rotate every few months. The role of this citizen-jury applies the IT trustworthiness concepts of secret sharing, threshold cryptography and trusted third party to in-person offline processes, without the added risks involved with the introduction of additional complex technologies and socio-technical processes.
- Only if both the provider and the hosting facility are located in nations where legislation or known practices, do NOT make it illegal – except with less than negligible consequences – to withhold access to warrant-based or state-security-based government requests if a majority of such “citizen jury” (and their counterpart in a western democratic state) concludes that adequate proof of legal authority from a suitable military or civilian court. (The legality of such provisions have been verified in Italy and Germany, and under revision in US). When and if laws are changed so as to render such process illegal, then the (certified) provider must immediately give notice and choice to each user to either (a) agree to transfer such services to other nation where it is legal, including to another (certified) service provider; or (b) turn off the service and recoup all their data.)
Definitions: “Critical” refers to hardware, software or human processes against whose possible vulnerabilities one can not be protected, to ultra-high assurance, by using proven OS, chip and/or CPU level isolation/compartmentation techniques. This includes access for whatever reason to any server-side facilities or hosting rooms containing user-sensitive data.
The Trustless Computing Scientific Breakthrough
The breakthrough targeted by Trustless Computing is the definition and validation of novel socio-technical systems paradigms – and related standards, certifications governance model, proof-of-concept and early uptake ecosystem – that enable any independent service provider to bring about and sustain levels of trustworthiness that radically exceed state-of the-art in critical computing systems, and levels of effectiveness, in critical societal organizational systems. Key intuitions are that (a) the trustworthiness of critical computing systems can be reduced to that of the accountability and competency of any and all organizational processes critically involved in its entire lifecycle and operation; and, in turn, that (b) key to assessing and improving the effectiveness of critical societal organizations is to rely on the trustworthiness in the computing systems used in its governance and operations, and their reframing in essence as permanently-constituent socio-technical organizational processes.
The current state-of-the-art high-assurance IT paradigms epitomized by Trusted Computing would be replaced by the model of Trustless Computing, where zero trust is assumed in any person, organization or technology involved in the offering of a given IT service (or system), except in self-guaranteeing transparent and accountable organizational processes that underlie its operation, lifecycle and certification governance, whose quality can be assessed by moderately educated and informed citizens.
For critical computing systems, it aims at actual and perceived levels that are today not merely beyond current roadmaps, but overwhelmingly deemed inconceivable or, when rarely deemed conceivable, universally believed to be uneconomical or irreconcilable with the needs of state security. Most crucially, it aims to validate novel governance and engineering paradigms that could prove foundational to sufficiently increase the trustworthiness and accountability of short and medium-term advanced AI systems in critical societal sectors, that many scientist believe is an inevitable and the most important historical will inequivocally be the arguably the primary shapers of the future of humanity.