It could MAYBE be used to create an open/libre clone of services like DocuSign, but there are certainly already ways of validating a signature on a document that don’t require inserting a blockchain into an office suite!
Beyond that, I also cannot think of any valid use cases
Document signing is a good potential use case. The current transaction fee is $.50 [0] so that’s not too bad to securely sign a document.
There’s a separate issue of verifying and identity proofing wallets.
But I think blockchain actually helps solve the problem with pgp of trusting unknown identities and key exchange. Currently if a document is pgp signed by John Doe, I’ve got to figure out if it’s really John Doe and that’s a bit of work if I don’t already have John’s public key.
> I’ve got to figure out if it’s really John Doe and that’s a bit of work if I don’t already have John’s public key.
Maybe a dumb question, but assuming a scenario where you have a concept of "really John Doe", isn't there always some authoritative source on what that means that you could use to obtain John's public key (whether that's some user registry, direct contact with John, etc)?
yes there is, and that's why most blockchain projects that interact with the real world are doomed to fail.
Another classic exemple are those who wants to solve supply chain problems. To put it simply, the robustness or decentralisation of the database is not the reason why your inventory doesn't match what's in the warehouse. It's all human-related problem (eg. theft, losing shit, scanning the wrong item, being scammed by suppliers, etc.).
Document signing: vitalik.eth signs a PDF, everybody can verify the PDF is signed by his private key. He has to broadcast his public key for this, and probably also a content hash of the document so that we can be sure we are verifying the correct PDF. He can broadcast this on Twitter, but that is not a secure and tamper proof ledger, and it is centrally owned, and it's not a great storage mechanism for this system to scale to thousands or millions of signatures. LibreOffice could create a new service like keybase.io but that is also centralized and we saw how that went. Another alternative is these messages are broadcast through a public and decentralized ledger.
How does this fit with zero knowledge proofs that the blog mentions? There may be signature attestations you can make that you want to be private from the receiver, but made in a way that the receiver can still verify the signature is valid.
LibreOffice already has PGP support for signing documents, which is the standard mechanism for distributing trust among open source projects.
I suppose we can stuff PGP keys into the blockchain but I don't see the additional value. Each key needs to be trusted by the receivers independently (or through a web-of-trust-like system) so I don't see the added value of a tamper proof ledger.
> He can broadcast this on Twitter, but that is not a secure and tamper proof ledger, and it is centrally owned, and it's not a great storage mechanism for this system to scale to thousands or millions of signatures.
Public blockchains[0] are not known to scale either. I can open a Twitter account for free and publish a signature right now, and do it on several other platforms at the same time to have some kind of redundancy.
I only care about the medium being tamper-proof to be able to prove the signature is at least this old (if it's in a certain block, the signature was made before this block. If it's in a certain message on Twitter, it was made before this message).
So from first principles, blockchains brings this theoretically better time-stamping mechanism, because somebody controlling Twitter could change timestamps there, while nobody could on a blockchain. In practice though, the redundancy is enough, and it's hard to change something people care about on the Internet without people noticing.
Overall this use-case somewhat legit (more legit than most), but it's a niche within a niche.
I don't think redundancy is a clean solve. It might give more confidence to the message time stamp to see the same message replicated across 10 different websites, but this does not scale. Eventually if you do aim for a distributed database you end up down the path of consensus mechanisms and blockchains.
What I outlined is unlikely to ever be realistic on a L1, but recursive zk rollups that post proofs to L1 do scale very well and have strong security and tamper-proof guarantees.
> Another alternative is these messages are broadcast through a public and decentralized ledger.
There is no such thing as free computing and data storage. Involving the group of strangers that run public decentralized ledgers requires paying transaction fees. Decentralization in itself is a dubious benefit.
A centralized service would be way cheaper to run (so cheap that it could be free for the end-users) with perhaps a one-time fee for identity verification purposes. The technology exists since decades (X509), is proven in the field and usable today.
Beyond that, I also cannot think of any valid use cases