Trustless Computing Paradigms (v.3.2)
The following Trustless Computing Paradigms are being evolved by the Trustless Computing Consortium and selected speaker of the Free and Safe in Cyberspace globsal event series, as binding high-level certification requirements required by to-be-established Trustless Computing Certification Body.
A complaint Trustless Computing IT service will be one where, uniquely, all software, hardware and human processes critically-involved in the entire lifecycle and supply chain will verifiably be:
- extreme security-review relative to complexity by highly-proficient and ethical hackers; via extreme compartmentation, minimization of features and performance, and initial development from existing open high-assurance IT at all stacks levels; and via strong minimization of non-free/open-source software;
- subject to extreme transparency, accountability and resiliency in the oversight of human processes, including critical hardware fabrication and server-room access management; via exclusive use of ultra-high assurance oversight equipment, and offline citizen-witness and citizen-jury oversight processes.
- subject to continuous certification via standard setting and certification bodies that are extremely comprehensive, thorough, user-accountable, independent, international representative, primarily non-governmental, and technically-proficient in the specific domain, especially in the area of autonomous systems.
- includes only highly-redundant hardware and/or software cryptosystems, whose protocols, algorithms and implementations are open, long-standing, extensively-verified and endorsed, and with significant and temporally scalable post-quantum resistance levels.
- includes only open innovations with clear and low long-term royalties that ensure low cost and prevention of undue intellectual property right holders’ pressures, lock-ins, patent vetoes.
- subject to public inspectability of HW and SW source designs without NDA, except where full public inspectability would clearly enable malevolent actors to escape legitimate cyber-investigation.
- extremely reliable means of compliance to legitimate lawful access requests, with safeguards against privacy abuse that can be reasonably ascertained to be substantially higher that any existing lawful or widely practiced alternatives.For much more details, including on the safeguards for offline lawful access processes, please refer to the Trustless Computing Certification Body page, and links to the Manifesto of Trustless Computing and the Proposal for a Trustless Comptuing Certification Body
However, for exemplificatory purposes, such voluntary lawful access compliance would be offered:
- Only through extremely technically-effective, citizen-accountable and transparent safeguards, whose effectiveness is primarily reliant on highly-resilient offline citizen-jury-liked socio-technical processes, that manage on-site physical access to all critically involved hosting facilities for any reason by anyone. These processes will implement safeguards substantially in excess of those of the citizen-jury in the US judicial systems – already well honed to resist extremely determined attempt to compromise the integrity of the jury in billion dollars class actions – and will be directly managed by the Trustless Computing Certification Body. These jurors would be assisted by legal and technical experts nominated by such Body, and undergo deep vetting, screening and training, and rotate every few months. The role of this citizen-jury applies the IT trustworthiness concepts of secret sharing, threshold cryptography and trusted third party to in-person offline processes, without the added risks involved with the introduction of additional complex technologies and socio-technical processes.
- Only if both the provider and the hosting facility are located in nations where legislation or known practices, do NOT make it illegal – except with less than negligible consequences – to withhold access to warrant-based or state-security-based government requests if a majority of such “citizen jury” (and their counterpart in a western democratic state) concludes that adequate proof of legal authority from a suitable military or civilian court. (The legality of such provisions have been verified in Italy and Germany, and under revision in US). When and if laws are changed so as to render such process illegal, then the (certified) provider must immediately give notice and choice to each user to either (a) agree to transfer such services to other nation where it is legal, including to another (certified) service provider; or (b) turn off the service and recoup all their data.)
Definitions: “Critical” refers to hardware, software or human processes against whose possible vulnerabilities one can not be protected, to ultra-high assurance, by using proven OS, chip and/or CPU level isolation/compartmentation techniques. This includes access for whatever reason to any server-side facilities or hosting rooms containing user-sensitive data.