Estonia’s smartcard security problem is probably not blockchain-related — but what is Estonia’s “KSI Blockchain”?

Estonia’s ID card system apparently has a security flaw, though it hasn’t been exploited yet. Technical details are not available, but Estonian World says “The ID-cards issued before 16 October 2014 use a different chip and are not affected,” which suggests this is more likely in the smartcard chip than in the underlying system.

Someone emailed this morning asking if this had anything to do with Estonia’s widely publicised blockchain infrastructure initiatives. I would say probably not … but the reason I can’t say “definitely not” is that Estonia’s Blockchain™ promotion mostly supplies excellent examples of the media game of “telephone” I talk about in chapter 11 of the book:

“Talking about” becomes “considering doing,” becomes “will do,” becomes “is doing.” Even if a given blockchain trial does in fact happen, later failure is not documented. The mainstream press assume this is specialist press rather than boosterism, and run stories taking all this at face value. As the buzzword “Blockchain” has gained currency, they have tended to run blockchain marketers’ press releases barely edited, assuming there must be something to all of this.

I tried tracing back through to the original press releases (since zero of the journalists running these stories ask them even slightly pointed questions). Everything from e-Estonia itself is long on hype, short on detail and furiously mixes present and future tense.

e-Estonia’s preferred Blockchain™ software is KSI Blockchain. Amongst the generic blockchain claims, the only specific claim on that page is that “KSI Blockchain scales to 1012 items of data every second.” This would be a remarkable number for an actual database — for comparison, the extreme limit of IOPS (I/O operations per second) for an Oracle database on fast solid-state disks is in the millions.

That e-Estonia page links to the company site for suppliers Guardtime. KSI stands for “Keyless Signatures Infrastructure®” and was started in 2007. Their “blockchain” achieves fast throughput by limiting the number of participants, which also means they don’t need a computationally expensive consensus mechanism. Now, you might think this was functionally indistinguishable from a database …

I did find a PDF which Guardtime provided to the US Government’s I am not a cryptographer and don’t fully understand this; if anyone who is could tell me if this makes any sense, I’d be most grateful. The promise is:

Through the properties of verifiable authenticity, identity of the client, and non-global positioning system-based non-spoofable time; KSI provides provenance, integrity and identity associated with digital assets. This implementation consumes far less storage and bandwidth than widely proliferated blockchain technology and can provide the above defined attributes for thousands of files a second scalable to billions.

The “blockchain” bit of KSI appears to be that it’s got a Merkle tree. Indeed, the paper says:

Unlike traditional approaches that depend on asymmetric key cryptography, KSI uses only hash-function cryptography, allowing verification to rely only on the security of hash-functions and the availability of the history of cryptologically linked root hashes (the blockchain).

— that is, they redefine the word “blockchain” to mean “Merkle tree.” Specifically, “hash-linked time-stamping.” (What the e-Estonia claim presumably means, then, is that KSI Blockchain can scale up to calculating 1012 hashes a second.) So anywhere I see the words “Estonia” and “Blockchain” together in the near future, my first thought will be “ledger in a Merkle tree.” This makes sense of press releases such as “KSI Blockchain to Secure Driverless Buses in Tallinn” — what they mean is they’re storing at least some data from the buses in a ledger authenticated by hashes.

What I say in chapter 11 of the book still seems to hold:

Transaction ledgers in tamper-evident chains and trees of hashes are a good idea, and businesses are about to discover how to use them for tamper-evident ledgers. These will likely be branded “Blockchain,” whether or not the product has anything else to do with blockchains.

Per Guardtime’s site, “Cryptocurrency protocols are great  for cryptocurrencies — not for building solutions for enterprise data management.” Pretty good for years of coverage in the bitcoin press, though.

So this is not in fact good news for blockchains. Though it might be for Blockchain™. Thanks to Paul Marsch for the good question.

Become a Patron!

Your subscriptions keep this site going. Sign up today!

12 Comments on “Estonia’s smartcard security problem is probably not blockchain-related — but what is Estonia’s “KSI Blockchain”?”

    1. corrected from “server”, thank you! But it’s “Keyless Signatures Infrastructure” in at least some official renderings.

  1. Last October I attended a payments tech conference in Singapore which had the Guardtime folks at it as sponsors and presenters. I agree it’s not a true block chain. Somewhere I have a copy of their presentation I think, if you’d like to see it.

    To take a crack at the marketspeak paragraph:

    Through the properties of verifiable authenticity (they take hash snapshots of the data frequently), identity of the client, and non-global positioning ( no GPS data required) system-based (internally processed) non-spoofable time (hashes of the database verify when a transaction occurred and prevent hacking to insert or edit a transaction); KSI provides provenance (who, what, where, when, how), integrity ( verifiable hash images of database) and identity associated with digital assets. (Their database is verifiable) This implementation consumes far less storage and bandwidth (they just have to store each new hash “image” of the database) than widely proliferated blockchain technology and can provide the above defined attributes for thousands of files a second scalable to billions. (The processing is only required to check and see if / how the database changed and then create a hash reflective of the change)

    I think one of their verbal examples was a newspaper page. If you take a picture of a page, then add a letter to it and take another picture, you can use their system to identify just the additional letter and record when, where, etc the change occurred. That way it can’t be hacked, since they then distribute copies of the hash all over the place and thus make it practically impossible to edit all the identical hash copies at the same time. Any irregularity will be identified and weeded out to protect the integrity of the database.

    1. Josh, I would love looking at Guardtime presentation. Did you find it? Can you share it with su?
      Thanks in advance

  2. Thanks for this David. I just read the very interesting article about e-Estonia in the latest New Yorker, and it set off my hype detector something fierce. I figured the KSI “blockchain” had to be something like this. Just goes to show that even a magazine with fact-checking as famously rigorous as the New Yorker can get into trouble when they wander outside of their technical depth. From the article:

    “A blockchain is like the digital version of a scarf knitted by your grandmother. She uses one ball of yarn, and the result is continuous. Each stitch depends on the one just before it. It’s impossible to remove part of the fabric, or to substitute a swatch, without leaving some trace: a few telling knots, or a change in the knit.”


  3. You mention that it’s not a blockchain, what do you see as the critical definition of blockchain that KSI doesn’t meet?

    1. It doesn’t have any consensus mechanism in the style of Bitcoin/Ethereum, or even in the style of a private Ethereum blockchain. There’s a spectrum of options between “just a hash tree per Merkle” and “the full Bitcoin rigmarole” – but KSI Blockchain is much closer to the “just a Merkle tree” end, enough so I don’t think it really counts. Guardtime assert it do, per the quoted white paper, so it’s arguable … but I think it’s a bit too far a stretch.

      The point is that the word “blockchain” is used to mean that the thing carries all sorts of assumed magic. And KSI Blockchain doesn’t seem to be even the same kind of thing that carries the assumed magic, let alone actually providing it.

      I concede that this is a disputable point.

      1. Hi David,

        Could you cite any academic sources that consensus mechanism is critical definition of blockchain or why do you think it is? I have seen that cryptography researchers usually define blockchain as blocks of data what are linked with cryptographic hash functions.

        1. At this stage, no, because there is literally no solid technical definition of blockchain/DLT in December 2018. It’s a particular bundle of marketing hype.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.