11 October 2017
Blogs by author: Konstantinos Karagiannis, CTO, Security Consulting, Americas, BT.
Join Konstantinos Karagiannis, as he explores the huge security potential inherent in Ethereum Swarm.
Feels like the cloud has been here forever, no? Yes the name has always been hype, with a cloud server room looking suspiciously like a pre-cloud one, but this amorphous entity has become a part of daily life. Businesses and individual users happily toss their files up into the ether, trusting they’ll come back down.
Using the cloud is not all trouble free, though. Executives worry so about their corporate data. What countries are housing it? Will files end up in the wrong digital hands? Might DDoS affect access? Can some hacking crew or advanced ransomware manage to hold sensitive information hostage?
Average end-users fear similar things, especially private information leaks. Celebrity end users worry about leaks, too… usually in, ahem, photographic form.
Ultimately, using the cloud carries the same risks as any centralized system. A large entity may be hacked or raided. And let’s not forget the potential for censorship, privacy invasion, or monopoly price manipulation.
Is centralization the only way to host sites or store data?
Decentralize with Ethereum
Imagine being able to send your files into the ether (or Ethereum), confident that no unauthorized parties will be able to access them. Imagine being certain no one can ever control what types of data you wish to store and share. These are the promises of Ethereum Swarm, a core part of the Ethereum project.
You may know Ethereum as the blockchain that enables the use of ETH or ether — a valuable cryptocurrency that is a close second to Bitcoin in popularity. Ethereum can handle direct financial transactions similar to Bitcoin purchases, sure, but it is much more than a fund-swapping distributed ledger. Ethereum was created to be ‘Turing complete’, capable of saving state and running programs called smart contracts. Think of it as a global computer, called the Ethereum Virtual Machine (EVM).
Comparing the EVM to Bitcoin minimizes the former’s potential. And this monster machine is getting ready to provide Swarm as a way to securely index and retrieve files, all without monthly pricing and the aforementioned centralized cloud risks.
If you’re familiar with BitTorrent, you already get the basic idea of decentralized file sharing. Files of any size are broken up into pieces and distributed among peers on a network. The more popular the file, the more machines end up having a piece. Subsequently, the quicker and easier a file is to retrieve.
Ethereum Swarm takes this idea a logical step further toward security. File pieces, or chunks, are distributed to nodes on the p2p network, but they will first be encrypted. Trying to examine one of these chunks will be futile. Only a user with the private key can recombine and decrypt a file. It doesn’t matter if chunks reside in China, North Korea, or Russia. Any perceived ‘unfriendlies’ will struggle to do anything with the fragmented, encrypted data even if they tried to hack a bunch of machines participating in Swarm.
Chunks do not exist on the blockchain itself. That would get insanely expensive and resource intensive as the data began propagating through all nodes. Rather, Swarm saves address hashes or pointers to the files in Ethereum. Machines on a separate Swarm p2p network deliver the actual chunks.
Please note: Swarm is still in proof-of-concept phase 0.2 (PoC 0.2), and encryption is not enabled on files yet. For testing purposes, users are advised not to upload sensitive content. Guaranteed persistence will kick in with the move to PoC 0.4 (expected this year).
BitTorrent users know how frustrating it is to try downloading a file that no longer has seeders and numerous peers. Granted BitTorrent is often used for piracy, and you can suck it up and buy the desired movie or album, but having no way to access a critical, unique file you uploaded is simply not acceptable.
Ensuring files stay alive is something that will separate Swarm from InterPlanetary File System (IPFS). Ethereum has an existing infrastructure for micropayments and smart contracts. End users can provide guaranteed financial incentives to not only keep critical files alive, but to also have the files be redundant and quickly accessible.
Fairness is guaranteed. Smart contracts can pay node owners over time, ensuring no one takes the money and deletes the files. Swarm can send tiny cryptographic proofs that a file is still on a node to earn payment installments. No need to waste bandwidth constantly sending entire files.
As I mentioned, Swarm isn’t fully ready yet. But by integrating Swarm features with a user-friendly interface, the Mist Browser, the dev team has paved the way for easy user adoption of a serverless future. If Ethereum reaches its goal of being on par with the traditional Web, we can imagine Mist or other browsers accessing full ‘web’ sites and applications hosted by Swarm. The technology won’t just be for retrieving critical private files.
Such a future aim is impressive enough, but Ethereum is also introducing zero-knowledge crypto primitives in its new Metropolis code release. Called zk-SNARKs, these primitives promise private transactions similar to those found in Zcash. Just think: anonymous payments and true file privacy.
The first serious Swarm users will most likely be those who have already bought in, so to speak, to the EVM. Companies already working with smart contracts or with moving funds with ETH may find Swarm a quick and natural replacement for the centralized cloud.
Everyone else will just have to catch up.