Why “Trustless” Computing?

Short version

Trustworthy technologies, like commercial airplanes, and trustworthy institutions, like mature democracies, are possible because in an average modern society most humans are good and can be expected to behave in the general interest, but also because we acknowledge and actively mitigate the fact that any one person or small group may act maliciously, when under exceptional internal drives or external pressures.

Hence an approach of uncompromising trustlessness in any and all person or institutions - and the design of mechanism to assess their trustworthiness and mitigate their ability to make damage - is crucial to mitigate the risk that they may cause great damage.

Since “the security of any system is in that of its weakest link”, that trustless approach should categorically include all persons, from a passenger wanting to blow up a plane in terrorist rage to a president of the Federal Aviation Administration bribes to corrupt certifications - from an elected leader wanting to stay in power indefinitely to a group of citizens ignited via conspiracy theories that are seditiously planning to overthrow democracy.

Long version

For millennia, a blind unverified trust, or faith, in a given description of God, a King or a Scripture was not only good but required if you did not want to burn on a stick, especially if you were a woman. The whole of power, societal stability and oppression of the widest majority rested on that.

While such thinking has been surpassed, we have remnants of that in our vocabulary such as in the term “trustless”. While it is correctly in dictionaries in its primary meaning as “untrusting” and distrustful”, it is also used to signify “not worthy of trust”: a clear residue of a time when a person that did not have (blind) faith where not to be trusted.

In its primary current meaning, “trustless” means “untrusting” and “distrustful”, i.e. doing away with the assumption of unverified trust in anything and anyone. Such a concept is at the root of the invention of democracy and why it works, by making so that properly-conducted democratic elections appear trustworthy to most people, even though there would be huge economic and political interests to corrupt them. It is also the heart of our greatest engineering safety successes - such as commercial aviation to nuclear weapons safety controls - by informing its certification and oversight mechanism.

In its secondary historical meaning, “trustless” signifies for “not worthy of trust” or “untrustworthy”. It is a negative connotation that derives from the concept “faithless”, engrained deep in our western culture through the Christian concept of faith, whereby blind uncritical faith in scriptures is not only a good and right thing to do but something that if challenged may even get you burned on a stick - like so many Christian reformers, man and women, learned through history.

With the advent of scientific method and democracy, we learned how a general trustlessness followed by a critical assessment of trustworthiness is an essential for advancing scientific progress, building trustworthy technologies and sustaining trustworthy institutions.

For centuries, our democratic institutions rest on the assumption that elected leader may want to stay in power forever, and that one or few persons counting the votes may decide or be induced to collude to false an election, or a few citizens may want seditiously meet in person and online to plan the overthrow of democracy.

For decades, in nuclear and commercial airliners safety centrally rests on the assumption that any persons, entity or organisation may act in ways that could jeopardize the safety, be it a passenger, an engineer, the owner of the airliner or the chairman of the Federal Aviation Administration.

Yet, in the IT space we still have remnants of the millennia when blind faith of authority dominated, that is the case in IT security where the dominant IT security paradigms are based on a number of mechanisms to limit the risk that components and processes may contain malicious or accidental vulnerabilities, but not all, like the Trusted Computing.

“Trustless Computing” approach and the Trustless Computing Certification Body stand in opposition to Trusted Computing™ – the dominant security paradigm for the most secure IT systems of the last few decades - as brought forward by some of the largest IT companies via the Trusted Computing Group and its certification body, the Global Platform. Such security paradigm is based on the fallacious assumption that there are a subset of critical components in a secure IT system that is trusted “a priori” because such group states so, according to highly partial and obscure certifications which do not enable an end-user, or experts he trusts, to assess the basis of such claims.

Does belief in the importance of trustlessness imply a belief that humans are by nature mean? On the contrary, the application of the principle of trustlessness could not suffice to ensure trustworthy technologies and trustworthy institutions unless the overwhelming majority of people can be expected to act in ethical and general interest, unless they are under unforeseen exceptional internal drives or external pressures.