P2P consensus
There are many cases in which there is no need for time-stamps or notaries to reach consensus.
Here are three common person-to-person handshake agreements where written documentation serves primarily as dispute resolution evidence:
1. Invoice Agreement
Two parties agree on payment terms for services rendered, with a simple invoice serving as a record of the understanding. The invoice acts as proof of the agreement terms, amount, and date.
2. Book Lending
A person borrows a book with a basic written note stating the book title and return date. This informal record helps resolve any future misunderstandings about which book was lent or when it should be returned.
3. House Sitting
A simple written list of duties and dates for house sitting arrangements, including any specific instructions for pet care or plant watering. The document serves as a memory aid and potential reference point if questions arise.
These everyday agreements don't require notarization because their primary purpose is to preserve the details of the mutual understanding. The written record simply needs to be provably created at the time of the agreement - for example through a dated email, text message, or signed note - to serve as effective evidence in case of a future dispute.
Obviously, I'd prefer the source of trust to be in a DLT and the means of proof to be digital signatures. Lets explore how this works and what it means. As mentioned in the previous article, SSI is the perfect Public Key Infrastructure.
Consensus algorithm
Here's how two users can securely exchange and sign a document.
Discovery Phase
1. Each user has their own public-private key pair
2. Users exchange or look up each other's public keys through a trusted directory or direct communication.
Document Processing
1. The first user (initiator) creates the document (invoice or agreement)
2. The software generates a cryptographic hash (digest) of the document
3. This digest serves as a unique fingerprint of the document's contents
Signing Process
First Signature
- Initiator signs the digest using their private key
- The signed digest is attached to the original document
- The package (document + signed digest) is sent to the second user
Second Signature
- Second user verifies the first signature using initiator's public key
- Second user independently generates the document's digest to verify it matches
- Second user signs the same digest with their private key
- The software combines both signatures with the original document
Final Result
Both users now have:
- The original document
- The document's digest
- Both digital signatures
- Cryptographic proof that both parties agreed to the exact same document
This process ensures:
- Document integrity (cannot be modified without detection)
领英推荐
- Non-repudiation (neither party can deny signing)
- Authenticity (signatures can be verified using public keys)
- Equal standing (both parties have identical proof)
Specialised software
To enable this P2P consensus, some specialised software is required. This can be implemented as a plugin for an e-mail client or book keeping software or as a stand-alone program. But whatever the implementation, both sides have to agree on the process and the technical details.
Security and Trust Requirements
Cryptographic Operations
- The software must handle complex cryptographic operations including hash generation and digital signatures
- It needs to properly implement asymmetric cryptography with public-private key pairs
- The software must verify certificate chains and check revocation status
Protection Against Tampering
- The software ensures that even minor changes to a document result in different hash values, making tampering detectable
- It must maintain document integrity through proper handling of incremental saves and modifications
Technical Complexity
Key Management
- The software must securely manage public keys and their discovery
- It needs to handle key verification and trust establishment through Certificate Authorities
Non-repudiation Requirements
- The software must provide proof of origin and data integrity
- It needs to ensure that signatures cannot be successfully denied later
- It must maintain proper authentication and verification chains
Process Automation
Workflow Management
- The software automates the complex process of document signing between parties
- It handles the technical details of hash generation, signature creation, and verification automatically
- It manages the secure exchange of signed documents between parties while maintaining cryptographic integrity
Without specialized software, implementing these security requirements correctly would be extremely difficult and prone to errors that could compromise the entire signing process.
Considerations
In an age where blockchain and distributed ledgers dominate discussions about digital trust, a simpler solution is gaining traction: direct peer-to-peer consensus. This approach strips away the complexity of distributed systems, offering a streamlined path to digital agreement between parties.
The Power of Simplicity
The advantages are compelling. Without the need for blockchain infrastructure or distributed ledger technology, two parties can reach consensus using only an internet connection. This direct communication approach eliminates bottlenecks entirely, allowing for unlimited transaction speeds and near-zero operational costs.
Cost and Performance Benefits
The system requires minimal infrastructure investment. There's no need for expensive consensus mechanisms or transaction fees. Just two parties, their keys, and basic internet connectivity.
The Trust Challenge
However, this simplicity comes with a significant caveat. The absence of notarized timestamps creates a vulnerability in the system. If a user rotates their key pair, they could potentially repudiate their signature by claiming the agreement occurred after the key rotation. This timestamp issue remains the primary challenge for widespread adoption.
Looking Forward
Despite this limitation, the system's efficiency and simplicity make it an attractive option for scenarios where parties have established trust or where timestamp verification isn't critical. Sometimes, less is more in digital agreements.