Solidity in the Cloud

Leveraging the blockchain and smart contracts for cloud governance

Roberto Reale @ Viduo

Our Agenda

  1. Going Trustless
  2. Pacta Sunt Servanda
  3. Three Governance Scenarios
  4. And Beyond

Going Trustless


  • No central authority in control
  • No need to trust your counterpart to perform their obligations or properly record transactional data
  • Game Theory is used to model incentives
  • Cryptography guarantees security as well as privacy

Pacta Sunt Servanda

A smart contract is a computerized transaction protocol that executes the terms of a contract.
Nick Szabo, Smart Contracts, 1994

Smart Contracts

  • The blockchain acts as a Virtual Machine
  • Cryptographically stored
  • Operate autonomously
  • Tipically, have a long lifetime

Solidity is a contract-oriented, high-level language for implementing smart contracts over the Ethereum Virtual Machine

Three Governance Scenarios

Blockchain Ecosystem OpenStack
Identity Keystone
Certificate Authority Barbican
Node Ledger Storage Cinder / Swift
Stack Management Heat
DNS Designate

Adapted from Blockchain and OpenStack - Building Trusted Chains

Scenario #1: Immutable audit trail

Chainpoint is an open standard for linking data to the blockchain to create a timestamp proof


The Keystone middleware library is able to audit API requests for each component of OpenStack

Pros Cons
Cost effectiveness
Needs a trade-off between on- and off-chain data in case of heavy logging

Scenario #2: Billing for cloud resources

Pros Cons
Smart contracts are used to enforce payments
Fine control of resource consumption
VAT regulations for cryptocurrencies

Scenario #3: Smart governance

Using smart contracts to orchestrate the cloud by calling the Heat API.

This is the most challenging scenario.

CAVEAT: Most blockchains (e.g., Ethereum) are designed to be entirely deterministic.

Hence making API calls from inside a smart contract (e.g., a Solidity program) is forbidden.

FIRST SOLUTION: We accept data inputs from more than one untrusted party and then execute the data-dependent action only after a number of them have provided the same answer.


SECOND SOLUTION: We demonstrate that the data is genuine and untampered (auditable VMs, Trusted Execution Environments, ...).

Oracles (e.g., Oraclize) can act as data carriers, building a reliable connection between APIs and the smart contract

And we can build others.

Pros Cons
Extremely powerful Tricky to implement

And Beyond

Blockchain interoperability (sidechains, Cosmos, Aion, ...)

Zero-knowledge cryptography (Zcash)

Decentralized AI-powered governance

That's all, Folks (almost)

Roberto Reale

  • Mixed background (math, CS, economics, a touch of humanities)
  • FOSS contributor
  • Consultant for e-government
  • Enthusiast of technology as an enabler for democracy

Viduo is an open think tank based in Rome

  • Digital democracy
  • Privacy and data security/protection
  • The Digital Single Market and EU funding
  • Policymaker engagement
  • Institutional and corporate communication