May 10, 2010
You can't buy these. Yet. These are just notes.
"Kyristor" Greek word for "lord" or "master" (kyrios)
Q: Why its own device?
I) A device like this would be useful - everyone could benefit from having a coherent idea of whom they are trusting to resolve a given fact:
These are easy:
Does "MY CPU" believe that "result of evaluating 1 + 1" is "2"? Does "MY CPU" believe that 22.214.171.124 is "prime"? Does "MY CPU" believe that 126.96.36.199 is "integer"? Does "MY CPU" believe that 188.8.131.52 is "4 bytes long"?
They are intrinsic facts about a piece of information. And you know exactly what you're putting your trust in: the laws of mathematics; as interpreted by your CPU. And you know exactly where you bought your CPU, and who built it. If it does something untoward, you'll know where to complain and how to deal with the situation (buy another kind of CPU, which works correctly and whose answer to "1 + 1 = ?" agrees with your own.
This one is harder:
"Does "MY CPU" believe that "184.108.40.206" is "google.com"?
Your CPU will need to trust some outside entity. Whom will it trust? You need to know what some other humans think to answer questions like this. And you will always value some people's opinion over that of others.
Ok, DNS is old hat. But why should a trust network's function be limited to WWW domain names?
II) There ought to be some definition of "kyristor" for which there will be no dispute as to what said device ought to do. Just like, say, a "resistor." No reasonable person (AFAIK) insists that the word "resistor" should describe a tool for cutting ceramic tiles. There must be some basic functionality that everyone can agree on.
The controls of a kyristor:
Configuration: one integer (root authority) Control: one integer Input: three integers Output: integer C is the "control register." (more on this later.) A is the authority address for the current query. X is the "query." Y is the "hypothesis."
The only thing required to join an Archy is that your kyristor and the Archy's root must be able to communicate securely. PGP and both being on the Internet should suffice.
Multiple authority (A) values in the cache may be useful for when the root is down. when joining an Archy, the root may provide a list of "lieutenants" which can be amended later: all patches signed by the root's key
The tuple [A,X,Y] is equal to the question:
"Does A believe that X is Y?"
Does A0 believe that "438967283478" is "539568763873582425356468"? -- TRUE Does "539568763873582425356468" believe that "IANA" is "220.127.116.11"? [fix?] -- TRUE "Does "IANA" believe that "18.104.22.168" is "google.com"? --- Two classes of possible output at this junction: --- I) TRUE --- "IANA" believes that "22.214.171.124" is "evilspamshill.com"
A=0 is "god."
The only questions A0 is qualified to answer are those for which disputes can be settled entirely through majority vote of the entire DHT network, and on which almost no dispute ever takes place. A0 effectively partitions an [x,y] space on a first-come, first-serve basis. The only purpose of A0 is to enable routing to authorities A_1 ... A_inf.
A0 can be implemented by regarding an authority's PGP public key as being its public routing address!
"Does "IANA" believe that "126.96.36.199" is "0PEER"? "Does "IANA" believe that "188.8.131.52" is "-1PEER"? "Does "IANA" believe that "184.108.40.206" is "-2PEER"? "Does "IANA" believe that "220.127.116.11" is "-3PEER"?
Physical Kyristor: Why should you trust the hardware?
- no idiotic DRM/TPM/Palladium/tamper-resistent/etc shenanigans - Signed with manufacturer's key - how to attest that it is running the signed code:
what can you actually tell by looking at the circuit board?
---- unit has no non-volatile memory - only socket for USB stick (ok, the CPU could be custom-traitorous. we have no defense against that anyway.) ---- must be loaded with firmware on purchase and will tell you if the signature matches the code.