Trusted third parties

Part of a collection of essays on TRUST by @futurepaul

Bitcoin greatly reduces the amount of trust necessary to do money. No need to trust the Federal Reserve’s too-warm money printer, your fractional reserve bank, “predatory lending as a service” credit cards, or a chargeback-prone counter-party. You verify a transaction, you wait for a few blocks of confirmations, and while nothing in the world is certain, few things are as certain in this world as the finality of a Bitcoin payment settlement.

But what about scenarios where trust your counter-party? Or, gasp, a third party?

Bitcoiners have another catchphrase for that: “Trusted third parties are security holes.”

However, in Nick Szabo’s piece of the same name he provides the subtlety and nuance that such a statement requires:

A corollary of “trusted third parties are security holes” is “all security protocols have security holes”, since no protocol is fully free of such assumptions. The key steps in estimating TTP costs and risk are to (1) examine one’s assumptions thoroughly to uncover all TTP assumptions and characterize specifically what each TTP is and is not expected to do, (2) observe that each such specific hole and task has an associated cost and risk.

Posted Sep 4, 2022