I mostly dislike everything crypto. The hype, the price speculation and the cynicism are all distasteful to me. However, removed from these contexts of reality, the concepts and technology are interesting. Overall I think it is a good thing to have in the brain of the world.
One of these cryptocurrencies, Pi is somewhat unique. You mine it by checking into an app everyday, and based on the number of people you’ve invited seemingly, the more faster you get the Pi’s. It reminded me of Cookie Clicker in that you check in once a day and the number keeps going up. As of now, Pi is unusable and un-tradable. Additionally, everyone is still on the test net. We’ve been promised a full transfer to main net when it launches. I don’t know if that is normal or whatever.
So a good question is, what is the point of Pi coins? Its not worth anything and there aren’t a bunch of people trying to melt their power lines mining it.
Pi’s ultimate goal seems to be building a web of trust. They reward people for bringing people they know into it and working together, as opposed to a competition for proof of work. That sounds pretty lame, but at least a decentralized verification system is one of the prerequisites for any post-government data management and transport.
Think about the concept of a public key infrastructure (PKI). The best examples are SSL certificates – the things that out the S in HTTPS. When you connect to a web site, your connection is end to end encrypted. You know your data is going to the right destination because regardless of where it ends up, it can only be decrypted by the holder of the matching private key.
Since anyone can generate keys and certs the only way you know their particular one is legit is because it has been signed by a trusted entity who vouches for the legitimacy. That signing entity itself has had its signing legitimacy signed by an entity who has a root certificate.
The root certificate being the highest authority and thus most legitimate… is simply a certificate that has been signed by itself and no one else.
The only thing that gets those top level certificates to be accepted by your browser is being owned by members of a big circle jerk of companies — comprised of the most legit-ist names, made out of variations on words such as “verify” and “sign” — who recognize each other and occasionally sign off on each others’ child certificates.
So that is the web of trust. Each person on Pi functions as a root certificate, and they merely recognize and acknowledge the members of their circle to be continuously more or less the same entity over time. And that’s all that is needed to “authenticate” any one member of the whole network because those connections are public knowledge and the history is permanent.
I’ll write sometime about the ultra-exciting world of making your own PKI system for development servers. This blog is supposed to be about tech and dev stuff after all. It’s a great way to understand how certificates work and how they do what they do. You could write a bash script in a few hours that performs the exact same physical certificate services as Digicert or Thawte, both bajillion dollar companies. Or that gets close to Let’s Encrypt, a much more sane, more free and more comprehensive service provider.