Show HN: Interactive implementation of the NIST Blockchain use case flow chart (opens in new tab)

(brucemacd.github.io)

82 pointsbrucemacd7y ago26 comments

26 comments

I think there's a bug in this. If I answer "Will data records ever need to be updated or deleted once they are written?" with "No" it says "You Don't Need a Blockchain Blockchains do not allow for modification of historical data. Consider a database." It seems like blockchains actually meet that requirement per my entry?

aplummer7y ago

Yep I hit the same bug, if you answer “yes” the next question has the same bug.

pmontra7y ago

The problem are the double negative questions. They should be reworded into positives to remove ambiguity.

brucemacdOP7y ago

Just fixed the wording to match the actual NIST flowchart. Thanks.

davidy1237y ago

I realize this isn't a life's work, but can you support the back button? Some of the questions are double-negative-ish, or maybe I'm just not a morning person, either way the back button to revise answers without having to go through the whole thing again would be useful.

Theodores7y ago

Brilliant. I have found a use case for blockchain thanks to this tool. Who wants to go co-founder on my YC application for...

"Blockchain for nuclear weapons"

Any fan of Dr Strangelove should know that there is a problem with the system, it is not just the president's nuclear football that can bring on the omnicide that the people in CND are so scared of.

Blockchain for nuclear weapons - where could it go wrong?

It is an obvious use case, not a solution in search of a problem. I stand corrected with all my scepticism regarding blockchain. We don't need pesky INF treaties, we can just go with smart contracts and have only the president able to launch that decapitation strike rather than some rogue general.

randaouser7y ago

although sensitive data should never be written to a public ledger, that does not automatically disregard the need for a blockchain technology. Take a supply chain scenario where multiple control points would input data, however, none of the contributors trust any single touchpoint to maintain the datastore.

The senstivity issue can be overcome by submitting a cryptographic hash of the information (say sha256) and storing the encrypted data on ipfs. In future audits, one can reveal the unencrypted data and ensure the hashes match.

aeijdenberg7y ago

Not quite as simple as a cryptographic hash alone - remember that if the set of possible inputs can be easily enumerated, then it's trivial to find the input data by brute force.

There are ways to work around this, for example objecthash[0] describes a small modification that prepends the input data with 32 bytes of random data before hashing in order to prevent this.

[0] https://github.com/benlaurie/objecthash#redactability

randaouser7y ago

yes precisely, you must include a random value that remains secret until the appropriate reveal time.

ketzu7y ago

One problem of this solution is you can not verify the write in the first place, as the encrypted data is no longer publicly verifiable.

randaouser7y ago

you can share the encrypted data and allow anyone to perform the block hash of the file. As the data is encrypted it should be publicly accessible. EDIT

yes the data itself becomes difficult to verify. Then you must move towards are for more complicated ZKSnark or Homomorphic scheme

mistrial97y ago

is this NISTIR 8202 -- Blockchain Technology Overview ?

https://doi.org/10.6028/NIST.IR.8202

klenwell7y ago

That's what I found, too. It looks like the flowchart in question is on p. 42.

This is really helpful by the way. My sister is completing her MBA and I think IBM is a program sponsor or something and has really been pushing their blockchain product. Whatever the case, she's drank the Blockchain Kool-Aid. I'm going to point her to this (this site and the NIST doc) the next time she brings it up.

nootropicat7y ago

>Data records, once written, are never updated or deleted?

>Blockchains do not allow for modification of historical data. Consider a database.

If that was true it wouldn't even be possible to send any tokens. Log of all past actions can't be deleted or updated, which is a quite different thing.

village-idiot7y ago

The log entries in a blockchain are supposed to be immutable. You can add new entries, but not change old ones.

nootropicat7y ago

It depends on how you define what a 'data record' is. State of a specific address can be changed and deleted if the contract is designed to allow it. It's directly equivalent to a normal database that keeps logs of all historical commands entered.

decentralised7y ago

We often talk about "blockchain as a database" but don't clarify what type of data we are discussing.

In second generation blockchains like Ethereum there's a difference between world state and ledger data. Only the Ledger data (record of state transitions) is immutable by design.

browsercoin7y ago

so what's wrong with Datomic? why do people insist on using blockchain?

3 more replies

j / k navigate · click thread line to collapse

26 comments

cwyers7y ago

aplummer7y ago

Yep I hit the same bug, if you answer “yes” the next question has the same bug.

pmontra7y ago

The problem are the double negative questions. They should be reworded into positives to remove ambiguity.

brucemacdOP7y ago

Just fixed the wording to match the actual NIST flowchart. Thanks.

davidy1237y ago

Theodores7y ago

Brilliant. I have found a use case for blockchain thanks to this tool. Who wants to go co-founder on my YC application for...

"Blockchain for nuclear weapons"

Any fan of Dr Strangelove should know that there is a problem with the system, it is not just the president's nuclear football that can bring on the omnicide that the people in CND are so scared of.

Blockchain for nuclear weapons - where could it go wrong?

randaouser7y ago

aeijdenberg7y ago

Not quite as simple as a cryptographic hash alone - remember that if the set of possible inputs can be easily enumerated, then it's trivial to find the input data by brute force.

There are ways to work around this, for example objecthash[0] describes a small modification that prepends the input data with 32 bytes of random data before hashing in order to prevent this.

[0] https://github.com/benlaurie/objecthash#redactability

randaouser7y ago

yes precisely, you must include a random value that remains secret until the appropriate reveal time.

ketzu7y ago

One problem of this solution is you can not verify the write in the first place, as the encrypted data is no longer publicly verifiable.

randaouser7y ago

you can share the encrypted data and allow anyone to perform the block hash of the file. As the data is encrypted it should be publicly accessible. EDIT

yes the data itself becomes difficult to verify. Then you must move towards are for more complicated ZKSnark or Homomorphic scheme

mistrial97y ago

is this NISTIR 8202 -- Blockchain Technology Overview ?

https://doi.org/10.6028/NIST.IR.8202

klenwell7y ago

That's what I found, too. It looks like the flowchart in question is on p. 42.

nootropicat7y ago

>Data records, once written, are never updated or deleted?

>Blockchains do not allow for modification of historical data. Consider a database.

If that was true it wouldn't even be possible to send any tokens. Log of all past actions can't be deleted or updated, which is a quite different thing.

village-idiot7y ago

The log entries in a blockchain are supposed to be immutable. You can add new entries, but not change old ones.

nootropicat7y ago

decentralised7y ago

We often talk about "blockchain as a database" but don't clarify what type of data we are discussing.

In second generation blockchains like Ethereum there's a difference between world state and ledger data. Only the Ledger data (record of state transitions) is immutable by design.

browsercoin7y ago

so what's wrong with Datomic? why do people insist on using blockchain?

3 more replies

j / k navigate · click thread line to collapse