Blockchain Spotlight on PolySwarm
Computer malware, viruses, hacks, phishing, etc., are a problem that just continues to grow as our lives become more and more connected to computers. According to this story from 2015, there are about 1 million new malware threats released every day. The attempted assaults on your sensitive data are immense and never ending. I tried an experiment and turned FTP on a standard port on my router and within a day I was getting dozens of attempts to connect to my system per hour.
On any Windows machine, you’ll have Windows Defender running, but almost all 3rd party vendors will also bloat up your computer with additional anti-virus programs running in the background that mostly just slow down your computer with conflicting programs running. What’s a regular human being to do to deal with all of these attack vectors in an effective fashion? That’s where PolySwarm comes in, they describe themselves as a decentralized marketplace for threat intelligence. The funding of their system will be derived from the sales of ERC20 compatible utility tokens they call Nectar (“NCT”).
The question PolySwarm posed to itself was, “What if state was not universally observable? What if observing state demanded research, skill or expert knowledge? How do distrusting participants agree on a worldview that they cannot directly observe?”
They needed a solution to this expert-knowledge-consensus problem that existing blockchain designs weren’t very well suited for. They named their solution mediated consensus, which they define as being achievable by any market design that assigns consensus responsibility to a finite set of market participants who are:
Qualified to observe ground truth (they possess expert knowledge)
Are among the most active participants in terms of liquidity — they are the biggest market makers, placing the most funds into in the market (and therefore have the most to win / lose in that moment)
Have their individual interests best served by an honest market (thereby avoiding a tragedy of the commons)
The intent is to identify malintent files, URLs and network traffic and rewarding the accuracy of identifying the malintent artifacts. The ecosystem breaks down as follows:
End Users: Enterprise and home users with suspect Artifacts. End Users participate in the PolySwarm market via Bounties and Offers and extract timely and accurate malintent classifications.
Security Experts (“Experts”): Geographically diverse malware experts and reverse engineers. Experts dissect the latest suspect Artifacts and maintain PolySwarm-connected detection engines (“workers”) that determine malintent. Experts commit to “Assertions”, public statements that reflect the results of their analysis into the malintent of the Artifact. Those that have committed an accurate Assertion are rewarded (in NCT) for their efforts.
Ambassadors: Companies that make it easy for End Users to benefit from the PolySwarm market. Ambassadors collect traditional fiat (e.g. subscription fees) and suspect Artifacts from their clients (End Users) and introduce Bounties and Offers into the market on their clients’ behalf. It is the Ambassador’s responsibility to distill the Assertions of various Experts into a simple malicious or benign Verdict that they deliver to their clients.
Arbiters: Top-echelon Ambassadors that are responsible for determining malintent ground truth. A certain percentage of Ambassadors (in terms of Fees generated) will be considered “Arbiters”.
What is being proposed from the end-user perspective seems to make it very easy so they don’t really have to be concerned with any of the complexities of the reward systems or how the blockchain is being used to guarantee the quality of the transactions and building reputations of accuracy. They are able to submit, pay fees and get results. Transaction speed is constrained by the Ethereum block rate, which is a batch of Bounties every 15 seconds plus 15 seconds for assertion placement, these are the dominant time costs. Polyswarm continues to research how they can cut that time down even more, but the overall rate is quit good. The potential here to generate a single repository of information for malintent artifacts is quite compelling.
PolySwarm has some heavy hitters on their Board of Advisors that includes world-renowned information security experts, a solid board typically bodes well. Their ICO starts February 6th, 2018 19:00 UTC and runs through March 08, 2018 at 19:00 UTC. the invitation only pre-sale is sold out and Polyswarm met their minimum funding level of $5 million in the pre-sale, their maxcap is set at $50 million. The amount of NCT created will depend on the amount raised, but once that is calculated, no more NCT will be generated, so it will be a finite pool.
I took some time to interview Polyswarm CTO Paul Makowski with a few specific questions:
Q: To what extent have you done a proof of concept and stress tested this? As we just saw, Crypto Kitties brought the Ethereum network to its knees. Does this worry you?
A: We’re currently developing a stress test that will get security experts on board. Security experts will be able to link us to suspect files in exchange for an airdrop of Nectar. These suspect files will be Bountied on the Ethereum testnet, testing our smart contracts and will be scanned by us (imitating a security expert). Our scanning will be done by ClamAV (an open source AV). Experts will be rewarded for submitting unique samples (and helping us stress test). One sample maximum per day, bonuses given for specific malware families, announced via our Telegram channel. PolySwarm targets security experts, whereas Crypto Kitties targets the public at large. What we’re building should be more limited in interest. Further, PolySwarm has built-in fees to deter spamming efforts.
Q: Why do you need your own incentive token instead of just using some pre-existing form of currency?
A: There are several reasons, but most importantly a token insulates the ecosystem from the rapid fluctuation in the USD:ETH exchange rate. If would be quite bad if security experts withheld their expertise until a more favorable exchange rate was offered. By having our own token, the token’s utility should closely track the utility of the threat intelligence offered by the PolySwarm network, making it a no-brainer to contribute expertise irrespective of the USD:ETH exchange rate.
Q: What is the discount to people buying in the pre-sale?
A: The initial PreSale tier is totally sold out, but we are open to large purchases in the 20% discount range (same as the first tier of the public sale). This is no additional discount relative to the first public bonus, but allows people to lock in their purchase without having to worry about any race during the regular sale.
Q: What is the vesting period for officers of the company that are having tokens issued?
A: No tokens are being issued for any individual company officers - Swarm Technologies, Inc will hold 30% of the minted tokens - half of which (15% of total) will be directed toward airdrops and contests to get people onboard. The remaining 15% will be held by the company and used in whatever manner is more appropriate to bootstrap the network.
With that, we closed the interview. Polyswarm had a successful pre-sale that is enabling them to move forward quickly. The partnerships they’ve already put together are impressive and they say they will have a working prototype before the main ICO sale.