Published on: July 9, 2024
In a world where digital security and privacy are paramount, Hart Montgomery stands at the forefront of innovation. As the Chief Technology Officer of Hyperledger Foundation, Montgomery brings a wealth of experience from his background in cryptography and blockchain research. In this SafetyDetectives interview, he shares insights into his journey, the unique approach of Hyperledger Foundation, and the challenges faced in the realm of enterprise blockchain solutions. Montgomery also delves into the future of decentralized identity and the critical role cryptography plays in ensuring privacy and security.
If we can get started, could you tell me a little bit about your background and how you became the CTO of Hyperledger Foundation?
I started out as a cryptographer. I went to grad school at Stanford and did a PhD in cryptography because I was really interested in it. I thought it was really cool how it combined math and practical computer science.
After Stanford, I worked at Fujitsu where I did cryptography and blockchain research. As part of my job there, I started working on and got more involved in open source projects. I got involved in the Hyperledger Foundation and the Linux Foundation. After 7 years at Fujitsu, Daniela Barbosa, who’s the executive director of Hyperledger Foundation now, wanted me to come on as the CTO . I thought it was a really exciting opportunity, so I said yes. And that’s how I’m here today.
What are the key factors that differentiate Hyperledger Foundation’s approach to blockchain from other blockchain platforms available in the market?
Hyperledger is a sub foundation within the Linux Foundation, the world’s largest open source software foundation. We host software that is free and available for anyone to contribute. You probably know things like the Linux kernel, Kubernetes, maybe Automotive Grade Linux. We also have projects like the Academy Software Foundation, which provides software that the movie industry uses for CGI and animation. We have over a thousand projects at this point.
When we get enough projects in a certain area, we group them together into sub-foundations to be more efficient, and that’s what the Hyperledger Foundation is. The Hyperledger Foundation focuses on blockchain and blockchain-related projects and operates as an open source software foundation. We host software and ensure it is developed in an open way. We’re a nonprofit, which makes us very different from many other blockchain developers and platforms.
One important point to note is that we don’t host our own blockchains. We provide software for blockchains to be run, which includes everything from Hyperledger Besu—a mainnet Ethereum client—to private permissioned chains.
Besu, for instance, is both a mainnet Ethereum client, which something like 10 to 15 percent of Ethereum mainnet runs on, and it’s also popular in permissioned chains. We have many different projects that touch on various aspects of blockchain technology.
What are some of the most significant challenges you’ve encountered in the development and deployment of enterprise blockchain solutions?
We’ve seen challenges at every layer of the stack, from governance to adoption. One of the trickiest things has been convincing people who aren’t as technologically knowledgeable about the benefits of blockchain technology and helping them understand it.
Development is certainly a challenge. I like to compare developing a blockchain to developing an operating system, except you have an adversary inside the operating system who has access to all internal communications. You’re essentially building a distributed computer when you build a blockchain. Securing it against internal adversaries is quite challenging. There are many security considerations.
As I mentioned before, maybe the biggest challenge is getting people to understand all of this and how everything works, ensuring that data and processes are safe.
Speaking of security, how does Hyperledger Foundation ensure the security and privacy of the blockchain applications using its frameworks?
Security and privacy are two different things, so I’ll answer them separately.
- Security: We follow all best security practices. Our projects have well-documented vulnerability and response protocols. It’s about having the right people in place to prevent as much as possible in terms of security incidents and to respond quickly when things do happen.
- Privacy: This is a bit tricky, because it largely depends on the application. There’s no one-size-fits-all solution for privacy. We have various privacy solutions across our projects, from notary-style trusted third-party solutions to zero-knowledge proofs. We encourage people to define their privacy needs and pick a protocol that meets those needs without compromising efficiency.
For organizations looking to implement blockchain, what are the critical security considerations they should keep in mind from the outset?
I like to think of systems abstractly. There are some nice principles in cryptography, like universally composable security, where people encourage you to think about what’s called an ideal model. In this case, you think about system variants and the guarantees you need from the system, right? What’s the threat model?
When you’re assessing the security of a system, when you’re building a system, you want to think about what you need and build your system based on that. I encourage companies and others looking to build systems to start by modeling out their application’s needs in terms of security, privacy, efficiency, and scalability. Those come a little later, but mapping out the guarantees is crucial. Once you have the guarantees, you can start to figure out things like, do I need a blockchain for this? Sometimes, people don’t need blockchains for their solutions. If you do need a blockchain, then it’s about what exact technology you will need that will allow you to build something that meets the constraints of your model. I encourage people to start thinking abstractly and then find or build systems that meet their needs. Too often, we see people start with something and try to throw tools, whether cryptographic or software tools, at the problem and hope to get what they want. Unfortunately, that doesn’t usually work.
How do you see the future of decentralized identity evolving, and what role does cryptography play in this space?
I guess you could call me a decentralized identity maximalist. I see this taking over everything. With all the capabilities of machine learning, deepfakes, and everything, we’re rapidly approaching a world where everything will need to be digitally signed or authenticated using some sort of decentralized identity system. I see this becoming ubiquitous in the midterm future. As for what cryptography does, it enables you to do all this in a privacy-preserving manner.
The classic example is, right now, if you show your driver’s license to a bartender or doorman to prove you’re 21 so you can have a drink, the bartender verifies it and lets you in. If we’re doing this with digital credentials, whoever is doing that is probably writing down all facets of your identity and maybe selling that to advertisers. If we move our credentials to the digital world, we need strong privacy protections. We need things like anonymous credentials and zero-knowledge proofs, and something called unlinkability, which means if I use my credential in one spot, it’s hard to correlate it with a use in another spot. If we want digital identity systems to work in practice and preserve some notion of privacy, we have to use cryptography.
{Note: On June 25, 2024, the Linux Foundation announced the intent to form LF Decentralized Trust, which will encompass the growing portfolio of Hyperledger projects and host new open source software, communities, standards, and specifications that are critical to the macro shift toward decentralized systems of distributed trust.}