Strawman Authentication and Anti-Counterfeiting with Cardano

hi I wanted to do a quick video to talk a little bit about anti counterfeiting I got a question on YouTube that asked specifically how are we going to actually develop a harbor based on our anti counterfeiting solution.i and what is the University of Wyoming laboratory doing so I figured to actually approach that question it would be fun to do a whiteboard video and discuss a bit about it so let's go ahead and turn on the presentation share okay I should be presenting in a moment good open up the whiteboard application cool all right so let's say that you have a handbag and that handbag it lives in a supply chain so there are stages in that supply chain and eventually you get to the retail endpoint so what happens is that as your handbag goes from each stage of that supply chain things can go wrong counterfeits can be made they can be stolen all kinds of crazy shenanigans happen and where you introduce the anti-counterfeit solutions is an open question and generally speaking it's not standardized amongst all these different retailers so Gucci and L mvh and Rolex and all these other vendors may have different ideas about what to do and those are things like invisible inks holographic tags serial codes and there are many other things that they can introduce and the idea there is that there usually are some special group of people that live within the supply chain special who add in the authentication anti-counterfeiting component because the factories that manufacture the luxury good in some cases they actually run additional shifts even though they're not supposed to and they'll actually make counterfeit goods so there is usually some sort of segregation here so trillion-dollar business when you think about counterfeiting and authentication how do something is real and there's all kinds of really cool ideas and techniques that people have come up with and the things that I've just mentioned they're like serial codes and inks and holographic tags they're kind of early generations stuff and there's even more sophisticated things that have been coming online over the last ten or fifteen years the problem is that most of these solutions are not really consumer friendly so for example if you buy this handbag you the consumer will see stuff on it like maybe you'll see a serial code or there'll be a certificate of authenticity or something like that but how do you actually know that that corresponds to something real you actually don't and so the naive approach would be for the consumer to go straight to the manufacturer of the hand back and say is it real yeah Chanel or Gucci or what have you and a lot of cases they actually explicitly say on their website we don't authenticate our products so you can't just walk into the Louis Vuitton store and say hey is this a real Louie Vuitton bag or not more often than not they're just simply not going to tell you you could try to get a domain expert some special person to come on in give them a little bit of a beard because let's say this guy's been doing it for a while and a little bit of a king there we go and that domain expert perhaps could look at it and think about it authenticate it but even there are these fakes that are being made are sometimes being made in the same factories that by the same people that actually make the handbag so even the domain expert can be fooled sometimes so this is a really interesting really challenging problem of how do you handle product authentication and anti counterfeiting so what we're going to be doing at the University of Wyoming you while lab is that we're going to investigate designing a chip and that chip is basically going to be a special-purpose piece of silicon and the idea is that it's a secured Hardware module and it's capable of several cryptographic operations and you can think of things like Intel SGX as an example of this you can think of things like arm trustzone these are examples of trusted Hardware modules i've built within either microprocessors directly or connected to them you can think of all kinds of trusted Hardware set setups but basically the idea is you have some secure circuits that are kind of tamper resistant so when you're playing around with it it's difficult to actually extract things from that chip and they're isolated from the rest of the operating system and basically you can then use this to store and use private keys okay and now what makes this so desirable is that these chips once you've designed them can be very small like very smaller there can be that big that's small and they also can have things like NFC or RFID all kinds of cool antenna stuff that they do and they can be extremely cheap like one cent to make they can be very very cheap to make and they don't have to have a lot of power in fact using modern fabrication technology and modern chip design you can basically build these super cheap chips that are very powerful for assigning and storing signal signature and transmitting that so it's actually quite amazing to see what you can do these days with not a lot of power not a lot of expense okay and probably more like 10 cents once you start adding more and more features to it okay so the idea is that the Ohio lab is going to explore all the business and technical requirements behind building something that lives within a reasonable cost window we'll set some sort of price X dollars per unit and we'll create a big laundry list of explicit capabilities here and the first part of the engagement is to basically get those explicit capabilities and to figure out what that price window is going to be and to understand how the outside world is going to communicate and to really define how small it needs to be and to come up with a design philosophy of how we ensure that these things are correct and then also how much memory does the chip need and how much computing power does a chip need and that's really the first step is that prototype step and the point is just to get a better understanding of these things and then after that's done and actually go from requirements and then build a prototype and this is an iterative process so there will be many prototypes that are generated and then eventually we'll send to finisher and a finisher is basically a special lab a special business that they it will take this from something that's an academic project and turn it into something that we can mass manufacture commercialize now all of this work that we're doing at that lab is open source and it's intended to be used within the Cardinal ecosystem so we can store private keys and we can sign things but how do we actually use this hardware to examine the problem above this issue of the handbag or the shoes or the watch or any of these things well here's how we do it as a strawman solution and strawman basically means that it's an avenue to be beaten up and examined and played around with until we come up with a better solution so strawman z1 so you have Cardinal in card oh very soon is gonna have a multi asset standard either during the Shelley or the Gogan euro and what you're going to do is you're going to issue an authentication token okay and that's going to be done by a special role in the supply chain we'll call it the Authenticator so the Authenticator will monocle there we go all right and when you create that handbag somewhere in the supply chain the handbag is going to get that chip inserted in it somewhere in the handbag then the authenticator some were later in the supply chain will examine the handbag the history all these things and once he's satisfied with it is going to say okay it's good and then issue a transaction sending one of the authentication tokens to the TPM now once that private key has been encumbered with that asset it can't be removed because you can't move the private key you can't get it out of the chip it's been secured if the chip is correctly designed however you can Institute a protocol of challenge response so basically how that works is that once you have the handbag well actually use consistent colors for this once you have the handbag with the chip with the token then what the questioner can do with his or her cell phone is tap the phone on the back and maybe NFC or RFID or some standard will be used for that okay and then what happens is it asks are you real and really the mechanical question is do you have a legit token okay and basically to answer yes you have to provide a signature from a recognized token okay so they tap the phone and then the chip will generate a signature and then return that query to the questioner and then the questioner is able to look at the Cardinal blockchain and say well does this exist and if it does check they actually know that a legitimate token on a legitimate TPM has answered the question and so it gives them a high degree of certainty that that bag is real now we'll get into some attacks and other things in a moment and we also have the opportunity to discuss something of in particular metadata so in addition to storing the private key for a token you also can store the history of the object things like where it was made what store it was sold that the ownership lists all kinds of things could potentially be stored as an optional field in the design of the system so you could actually see a beautiful chain of custody for example maybe this handbag was owned by famous actress or maybe this handbag came from a special edition line and was showcased in a very prestigious event or something like that you'd actually have that entire chain of history follow it now there is one little kink in the strawman proposal and it's something we are going to think about in a dress as we're designing the chip which is what if somebody was to and this is what the questioner asked remove the check now this doesn't really help a counterfeiter too much and here's the reason being because if you remove the chip then you could conceivably put the chip into a new handbag and then yes you could fool somebody into believing that that particular handbag was legitimate but it is a one-to-one situation meaning that you actually have to have a real bag to make a fake back the whole point of counterfeiting is counterfeiting is a one-to-many endeavor so for everyone Louis Vuitton or Gucci or Christian Dior that's made there'll be hundreds if not thousands of counterfeits made and and the counterfeits are usually sold at a much lower cost than the primary real purse the fact that you could only make one counterfeit for one legitimate product is actually a big improvement and it gets a little bit better to you see you could also conceivably build pairs of chips and you could put a secret ship that regularly communicates with the other chip that's used for authentication and the people would not know which chip is which but if the chips are no longer in communication this can have a timer and it would basically erase its key you could do something like that or you could even put all kinds of other anti-tamper situations so there's tons of cool things that you can kind of dream up and if your chips are cheap and they can talk to each other and they can do kinds of cool things then it's then it's certainly a great Avenue to go down but this is a major step for because it's something that is easy to manufacture it's easy to embed in a product by separating the Authenticator from the manufacturer you basically have oversight and supply chains and these chips are programmable and the feature richness of them can be improved over time so they can have more and more sophisticated cryptographic protocols and you're creating a situation where the consumer can now directly interact with the product and all kinds of additional things could potentially be stored there for example at the retail point you could have a master key that or some process you don't even necessarily need that degree of centralization where when somebody buys the good there's a transaction that's issued to add metadata to the luxury good okay and by doing that then that actually becomes your certificate of authenticity and proof of ownership so this is kind of a blockchain based registration system to register a product to a person so it ceases to be a Christian your pan bag its Alice's Christian do our and back and then when Alice goes to resell that you can talk about transferable warranties you could talk about potentially secondary market royalties you could talk about reification there's all kinds of really cool things that can be done you can also have loyalty systems so for example Alice is able to prove that she indeed owns a Christian jeweler product and so by doing that then you can actually have custom products or rare products that only verified owners can have for example let's say you drive Lamborghinis so Lamborghini has a and this I terrible car drawing so Lamborghini makes special edition Lamborghinis the Revit on for example and they're very rare and they only will do a production route of maybe a few hundred if that and they usually have a lottery system that lottery system basically says hey we are only going to allow registered users registered buyers who have proven they I own a Lamborghini to even have a chance to all are these super rare special edition Lamborghinis okay well these same types of loyalty systems could be redeployed and redeployed so that you can conduct that rut lottery amongst everybody who's registered inside the system has a digital identity within the system and then let's say Jim wins Jim gets to buy revitol or the super special edition but what if Jim doesn't want it because he has that asset the right to buy if that's tokenized then it can be resold so basically what Lamborghini would just did to Jim is they gave him free money because Jim can go and sell it to Jack and Jack and buy it maybe for fifty thousand dollars or something like that and that cost Lamborghini nothing jack is willing to pay the markup because he wants the special edition car and that asset can be transferred from Jim to Jack okay so there's all kinds of really cool overlay loyalty systems that can be added in once you have the ability have a self Afeni cating bags and you have the ability to pair identity to the ownership and then create loyalty and membership systems and these things can just build and build and build and build and they have all kinds of really cool benefits to the consumer I am from being able to verify that the products that they have are legitimate to getting better consumer protections in the secondary market to the original IP originators or manufacturers to potentially having transitive revenue lines in the secondary market to things like being able to monetize the fact that you are a loyal customer of a particular firm and a lot of these use cases will be enabled especially when we talk about luxury goods like handbags and watches and shoes and these things at the consumer level by building a beautiful little chip like this so this is what the lab is basically going to look at and obviously there are some other attack vectors that can exist however as I mentioned this is a strawman solution and it's probably going to take quite a bit of time to design the chip and then build better solutions along the way but this is what the University while limit the lab is going to do and what's great is it's a public-private partnership so we've donated five hundred and five thousand to that lab the government is matching and it's a very high probability that year after year the government of Wyoming will continue matching and that we'll be able to Fedder eight and add more members given that the output of this is going to be open source everybody in the card on an ecosystem will be able to use this chip kind of a reference design for a Raspberry Pi or something like that whereas basically it's open hardware and that open hard-working to use for a variety of purposes if the chip is sufficiently powerful we could also put the chip in something a USB key and then we could use this for one-time signatures so basically after a stake pool signs the chip will generate a proof of security that it destroyed the key that was used to sign we also developed a really cool thing called one-shot signatures which involves quantum crypto the great paper that we wrote out of Princeton and University of Edinburgh our chief scientist wrote it echoes Casaus with several other authors and there's an idea that perhaps we could even include in future versions of this platform these types of capabilities so just starting with something very simple like let's just think about how to build chip will gradually get our 1.