EOS Drama Continues As Heated Exchange With Block Producer Emerges

Avi Rosten

The ongoing drama surrounding the EOS platform’s controversial consensus mechanism took another interesting turn today - as a screenshot apparently showing a conversation with an EOS block producer (BP) has emerged.

Posted as an image on popular subreddit r/cryptocurrency, the screenshot shows a heated Telegram exchange between an EOS block producer, and another unidentified EOS participant - who chastises the BP for failing to freeze some accounts as directed by the EOS Core Arbitration Forum (ECAF):

eos chat.jpg

While the authenticity of the conversation has yet to be confirmed, the post has generated a stir on social media, with popular cypto figure Whalepanda chiming in on Twitter:

As recently covered on CryptoGlobe, this aspect of the EOS governance model has been highly controversial within the crypto community - as many critics have pointed out that the 21 block producers act in principle as a highly centralised concentration of power.

Despite the fact that EOS allows for BPs to be continuously elected, because of the enormous centralisation of the token’s holdings - the system effectively ensures that EOS whales exert a massively disproportionate influence over who is elected (as argued yesterday).

This latest revelation - if legitimate - again seems to underscore the problems associated with a system that places too much power in the hands of individuals.

Not only does it illustrate the problems of a protocol which might fail to punish bad actors, but it also points to a worryingly dystopian form of governance - where a kind of central committee issues diktats, backed up with threats of legal action.

While the future of one of the world’s largest cryptoassets remains unclear for now, it seems reasonable that token holders might start to question the platform’s organisation if instances such as this one continue to emerge.

Block.one Conceptualizes Passwordless Authentication & Authorization System

Block.one, a Cayman Islands-registered firm that publishes open-source software and protocols for EOS, one of the largest platforms for deploying enterprise-grade decentralized applications (dApps), has argued that “current methods of authentication suffer” from the “Hearsay Problem.”

Explaining what Hearsay means, in general, Block.one noted in its blog post, published on April 17th, 2019, that Hearsay is “any information received from one party about the statements or actions of a second party that cannot be adequately substantiated.”

Current “State-Of-The-Art Methods” Of Authentication May Not Be Reliable

Block.one also noted in its official blog that its stance on this matter is that “all information sourced from systems which rely on current state-of-the-art methods of authenticating users would qualify as mere hearsay if any of the involved parties were to call the validity of the information into question.”

Going on to mention that this “characteristic is referred to as repudiability,” which is a property whereby a statement’s claim or validity can be rejected, Block.one’s post explained that “two primary factors” could potentially “lead to this characteristic of repudiability.” According to Block.one, the “first factor is an authentication scheme that requires disclosure of a secret in order to validate the possession of that secret.”

For instance, “security schemes” such as “passwords” which are “subject to this factor,” make it “impossible to create logs of user activity that are verifiable by anyone other than the party and the counterparty,” Block.one’s blog stated. Moreover, the software publisher’s post noted that the “second factor is the lack of means to prove that the data within a system that actually represents the intent of the user,” which results in another issue, referred to as “The Blank Check”.

“The Blank Check” Problem

As mentioned in Block.one’s blog, the “Blank Check problem is present in any system that can take action on behalf of the user without needing the user’s explicit consent on that specific action.”

This same problem “is also present if the means of capturing the user’s consent is anything short of a log of proof that the user was informed of the implications of every individual action and explicitly consented to each action,” the software development firm wrote.

“Nothing Preventing Banks From Liquidating Or Locking User Funds”

From strictly a technical perspective, Block.one believes “there is nothing to prevent your bank from liquidating or locking your funds, and there would be no means of proving any wrongdoing, as the Bank could fabricate records of seemingly legitimate transactions. This would no doubt pose grave consequences that affect many stakeholders in a material way.”

These issues can be attributed to “the lack of provable auditable logs,” Block.one claims. It adds that technologies which “address this fundamental shortcoming” on existing platforms are not designed to be user-friendly.

According to Block.one, systems that “rely on passwords” for authentication and authorization are “subject to the Hearsay Problem and the Blank Check problem.” In order to provide robust security, while accurately determining whether a user should be allowed to access a system, Block.one proposes creating what they refer to as the “Pass Manager.”

Pass Manager: Ultimate Authentication And Authorization System?

As described in its blog post, Block.one noted that a Pass Manager could be implemented using “a blend of technologies [that could] work in tandem to produce superior security and usability for users, including cryptographic signing, hardware keys, and biometrics for credential security, as well as a transport-agnostic protocol for portability.”

Creating Non-Repudiable Logs

Going on to describe how an actual Pass Manager-enabled system would work, Block.one stated that “anytime a user’s consent is sought by a Pass Manager, human-friendly descriptions of the action should be shown to the user, and that description (or a cryptographically verifiable derivative of it) should be included in the signed response from the Pass Manager.”

The software publisher further noted that the “use of keys means that logs are non-repudiable and can be verified by third parties, and the inclusion of the human-friendly description in the signed response can serve as proof of the user’s intent. These characteristics solve both the Hearsay and Blank Check problems,” Block.one’s developers claim.

As explained, a Pass Manager-powered verification system would not require users to input passwords - which would arguably make the authentication and authorization process more secure.