Concepts, Paradigms and Certification Body
The definition of the Trustless Computing Paradigms will be the main binding document for the establishment of the Trustless Computing Certification Body, sole goal of this Association.
Key Paradigms are:
“All software, hardware and organization processes critically-involved in the lifecycle and supply chain – including CPU, hosting room management, fabrication, and standard setting – will uniquely be subject to:
- (A) complete public inspectability in their source HW & SW designs, without NDA;
- (B) extreme security-review relative to complexity by highly proficient and ethical hackers;
- (C) includes only software, from the operating system upwards which is Free and Open Source. Strongly minimizes the inclusion of non-Free and Open Source Software, including updatable and non-updatable firmware. Makes extensive reuse of existing Free/Open Source Software components – through extreme stripping down, hardening and re-writing. It strongly aims at realising the computing device with the least amount of non-free software and firmware in security-critical hardware components;
- (D) extremely resilient oversight of human processes – based on offline in-person citizen-witness or citizen-jury processes – to enable key recovery services, extreme protection against insider attacks, and legitimate lawful access procedures with safeguards against privacy abuse that exceed the current state-of-the-art solutions;
- (E) extremely citizen-accountable and technically-proficient standard setting and certification processes.”
For more details, reder to the latest current versions of the Trustless Computing Paradigms, as detailed in the latest version of the 10-pager Summary Whitepaper: A Case for Trustless Computing (pdf) and the a longer 50+ pages Whitepaper: A Case for Trustless Computing (late draft pdf).
Key Concepts are:
- (a) IT Security is not a product – nor a process or service – but the by-product of the intrinsic resilience, accountability and proficiency of all organizational processes that are critically-involved in the entire life-cycle and supply-chain.
- (b) The current state-of-the-art high-assurance IT paradigms epitomized by Trusted Computing would be replaced by the model of Trustless Computing, where zero trust is assumed in any person, organization or technology involved in the offering of a given IT service (or system), except in self-guaranteeing transparent and accountable organizational processes that underlie its operation, lifecycle and certification governance, whose quality can be assessed by moderately educated and informed citizens.
- (c) The trustworthiness of critical computing systems can be reduced to that of the accountability and competency of any and all organizational processes critically involved in its entire lifecycle and operation; and, in turn, that
- (d) Key to assessing and improving the effectiveness of critical societal organizations is to rely on the trustworthiness in the computing systems used in its governance and operations, and their reframing in essence as permanently-constituent socio-technical organizational processes.
- (f) Uniquely, all and every software, hardware and processes that are critically involved in the IT service provisioning or lifecycle – from CPU design to fabrication, to hosting room access to standard setting – are subject to extreme verification relative to complexity, or to extremely resilient socio-technical oversight, based on offline citizen-witness or citizen-jury processes.
Key Aims are:
- (a) For critical computing systems, it aims at actual and perceived levels that are today not merely beyond current roadmaps, but overwhelmingly deemed inconceivable or, when rarely deemed conceivable, universally believed to be uneconomical or irreconcilable with the needs of state security.
- (b) Validate novel governance and engineering paradigms that could prove foundational to sufficiently increase the trustworthiness and accountability of short and medium-term advanced AI systems in critical societal sectors, that many scientist believe is an inevitable and the most important historical will inequivocally be the arguably the primary shapers of the future of humanity.
By “trustless computing”, we mean computing without the need or assumption of unverified trust in anything or anyone, except in the intrinsic resistance of the organizational processes critically involved, as recognizable by moderately informed and educated citizens. By “radically-unprecedented” IT security, we mean resistant to sustained attacks of tens of millions of euros to the life-cycle or supply-chain, subvertive and economic, by actors with very low liability and high plausible deniability.