Supporting Trust in Hybrid Intelligence Systems Using Blockchains Hans-Georg Fill, Felix Härer Digitalization and Information Systems Group Department of Informatics, University of Fribourg Bd. de Pérolles 90, 1700 Fribourg, Switzerland hans-georg.fill@unifr.ch, felix.haerer@unifr.ch Abstract results are hard to introspect. Therefore, it has been argued The combination of techniques from machine learning and to combine both types of representation for mutual bene- knowledge engineering can lead to new types of information fits (Minsky, 1991). systems for processing data and knowledge by machines. A Recently, the discussion on such combinations has been further step is to add humans in the loop as proposed by taken up again. It could be shown that today several domains Hybrid Intelligence for amplifying human intellect and en- make use of AI systems that join machine learning tech- abling machines to learn from humans. It then becomes es- niques with knowledge reasoning approaches (Martin et al., sential to understand the provenance of data and knowledge 2019; Harmelen and Teije, 2019). In addition, the wide use and trace the accountability of humans and machine-based of AI systems and their already large influence on our daily agents. This is a major prerequisite to establish trust in such systems. Thus, we propose a framework for addressing this lives has raised the issue of trust. Particularly, cases where aspect using blockchains as a trustful, decentralized ledger. data and algorithms were used in ways that led to racial or We discuss how blockchains can support the attestation of gender biases have been extensively discussed in the media, patterns of data, knowledge, algorithms and human interven- e.g. (Obermeyer et al., 2019; Buolamwini and Gebru, 2018). tions as well as relations between these components. Further- Also in the context of knowledge reasoning, trust has been a more, the search for existing patterns can be realized. core aspect. The provenance of data and the deductive pro- cesses used were identified as essential to decide whether re- Introduction sults can be trusted, e.g. McGuinness (2004). In artificial in- The field of artificial intelligence has traditionally regarded telligence, these considerations have been extended towards symbolic as well as non-symbolic approaches for represent- ethical considerations. It is claimed that machine-based rea- ing and processing knowledge (Russell and Norvig, 2012; soning should not only be transparent and able to explain Dorffner, 1991). Whereas the first direction aims to rep- itself but also consider societal values, moral and ethical as- resent knowledge in the form of symbols and mechanisms pects and the priorities of stakeholders in different cultural for efficiently searching, rearranging or manipulating these contexts (Dignum, 2018). symbols, non-symbolic approaches assume that machines Another direction mentioned early in literature adds fur- can acquire knowledge through interactions with their en- ther benefits in terms of intelligent information processing. vironment. In these approaches, purely numeric representa- Whereas the goal of artificial intelligence is and has been tions are typically applied by recognizing desirable patterns, the perfection of machines and their capabilities in solv- classifying, or clustering large amounts of data. Based on ing tasks intelligently, the idea of hybrid intelligence sys- the resulting numerical models, similar patterns, clusters or tems promoted socio-technical systems that adapt interac- classifications can be subsequently identified in other data. tively (Lomov and Venda, 1977). Thereby, particular hu- However, both directions have deficiencies. Symbolic man capabilities such as creativity, common sense, empathy approaches are often limited by their requirement to ex- or ethical responsibility are integrated with machine learn- press knowledge structures in rigid form that is amenable ing and reasoning approaches (Dellermann et al., 2019). to machine-processing. Therefore, they typically revert to Such human-in-the-loop systems have been described for logic-based formalisms that fall short of representing fuzzy example in the medical domain for enabling interactive ma- and heuristic aspects. On the other hand, numeric represen- chine learning (Holzinger, 2016) or by using visual analyt- tation approaches rely on past data in large volumes and their ics for letting humans interpret complex machine learning results (Hund et al., 2016). Copyright c 2020 held by the author(s). In A. Martin, K. Hinkel- Following these developments of combining machine mann, H.-G. Fill, A. Gerber, D. Lenat, R. Stolle, F. van Harmelen (Eds.), Proceedings of the AAAI 2020 Spring Symposium on Com- learning and knowledge reasoning systems and the human- bining Machine Learning and Knowledge Engineering in Practice in-the-loop concept, the question arises how trust can be (AAAI-MAKE 2020). Stanford University, Palo Alto, California, established for these hybrid intelligence systems. Despite USA, March 23-25, 2020. Use permitted under Creative Commons the great technical capabilities offered by them, it needs to License Attribution 4.0 International (CC BY 4.0). be ensured that their results match the expected outcomes in terms of reliability within a specific context. As already niques of the former category are concerned with inductive mentioned, the knowledge about the provenance of infor- learning on the basis of data without known internal struc- mation is a central aspect to permit trust decisions (Artz tures. This kind of ”model-free” representation, a term found and Gil, 2007), as well as the accountability, responsibil- in (Pearl, 2018) is the input and output of the learning pro- ity and transparency of how information is processed as dis- cess. In its purest form, internal and unknown structures cussed in the context of ethical AI (Dignum, 2017). Conse- model everything obtained from learning. On the opposite quently, trust can be technically supported through security side of the spectrum are knowledge reasoning techniques, mechanisms in the sense of policy-based trust where the ac- which are concerned with deductive reasoning on explicit cess to and the origin of information is regulated, e.g. using ”model-based” representations. Subject to logic, the explicit certificates to identify human and machine agents, as well symbolic representation is used to infer new knowledge. as through the history of past interactions as apparent by reputation-based trust (Bonatti et al., 2005). In the follow- Deductive Reasoning ing we assume that in both cases, humans are responsible for the initial creation of hybrid intelligence systems, the use of the right data, and the behavior these systems may exhibit KR - at least to the extent where they can be held accountable, (trad. view) which is not always clearly decidable in case of autonomous systems (Matthias, 2004). Based on this assumption, it seems essential to make the Implicit Data Explicit Symbolic composition of hybrid intelligence systems transparent so Model ML Model (today’s scope) KR that everyone can verify the origin of data, algorithms, and (today’s scope) human interventions as well as the usage of these compo- nents. Therefore, the provenance of the according informa- tion has to be recorded in a secure and tamper-proof fash- ML (trad. view) ion. Ideally, this should be done in an open accessible and thus transparent way that can be verified by any party. This would permit ensuring the traceability and thus the responsi- Inductive Learning bility for all components of hybrid intelligence systems. As a means for meeting these requirements we consider in the fol- Figure 1: Machine Learning and Knowledge Reasoning lowing properties of blockchains. These permit the transpar- ent, immutable, tamper-proof, and decentralized storage of information based on distinct consensus protocols and thus However, while the dichotomy is obvious when con- seem well-suited for supporting these tasks. For this pur- sidering techniques such as multi-layer (deep) neural net- pose we discuss a framework for attesting the components work architectures and OWL description logic, the scope of and the results generated by hybrid intelligence systems on both machine learning and knowledge reasoning is becom- blockchains, thereby contributing to trust in these systems. ing broader and partially overlapping (Harmelen and Teije, The paper is structured as follows: we will discuss foun- 2019), such that separate representational and processing di- dations on the combination of machine learning and knowl- mensions can be assumed instead of a spectrum - see Figure edge reasoning and explain the concepts behind hybrid intel- 1. For example, artificial neural networks may be augmented ligence. This will be followed by a brief characterization of with memory, computation and attention concepts (Vaswani blockchains. Subsequently, a framework for attesting hybrid et al., 2017; Hochreiter and Schmidhuber, 1997). Further- intelligence components and their execution on blockchains more, Harmelen and Teije argue that recent approaches com- will be described, followed by corresponding realization re- bine both techniques and can rather be described by the com- quirements in the form of smart contracts in pseudo-code. position of their components. The authors describe a ”boxol- Finally, we will discuss execution options and discuss pos- ogy” for this purpose, consisting of Machine Learning (ML) sible usage scenarios of the intended approach. and Knowledge Reasoning (KR) elements, which can be combined with Data (Data) and Symbolic (Sym) input and output representations. For example, a basic combination of Foundations KR and ML with Sym and Data input as well as Sym and In this section we briefly discuss foundations on the combi- Data output is shown in Figure 2. More complex configura- nation of machine learning and knowledge reasoning, hybrid tions encompass intermediate abstractions for learning and intelligence, and blockchains to familiarize readers with the reasoning, the explanation of learning and reasoning, and core concepts of these topics. meta-reasoning. In particular, the design of patterns with hu- mans in the loop, as discussed later on, is of interest towards Combination of Machine Learning and Knowledge explainable AI and accountability. Reasoning Machine learning and knowledge reasoning techniques are Hybrid Intelligence traditionally positioned opposite to each other, considering In the original conception of hybrid intelligence systems, hu- their methods and modes of operation. In particular, tech- mans were positioned as central figures where mechanical 2 ist as well as fully private variants thereby blurring the lines Sym KR Sym to the field of distributed databases. While the initial innovation of a protocol for the veri- fiable storage and execution of monetary transactions has Data ML Data evolved to a general execution of smart contract programs (Buterin, 2013), the original proof-of-work mechanism for ensuring consensus among the peers of the underlying net- work remains largely unchanged so far. By this mechanism, Figure 2: Boxology pattern for machine learning that consid- the following properties can be established given a suffi- ers also symbolic information on which reasoning has been ciently large portion of mining nodes performing compu- applied (Harmelen and Teije, 2019, pattern (13)) tational work which continuously verifies and proves past executions according to the protocol: components only act as tools for them (Lomov and Venda, • Integrity: each block carries a hash value of the previous 1977). The focus lied on the interaction between humans and block, ensuring the integrity of all prior blocks. machines as socio-technical systems, as opposed to purely • Immutability: the data structure is replicated throughout technical systems in artificial intelligence. More recently, the peers of the work where integrity checking does not these concepts have seen a revival (Kamar, 2016a,b), includ- allow for changes of past blocks. ing the allocation of considerable research funds (HI, 2019). Today, hybrid intelligence (HI) is regarded as the utilization • Traceability: each transaction performed is recorded in a of the particular strengths of humans and machines in such a specific block, usually with a numeric identifier. A time way that individual or collective human intelligence is com- stamp as part of the block’s data specifies an approximate bined with artificial intelligence. Dellermann et al. define creation date and time for transactions. hybrid intelligence as the ”the ability to accomplish com- • Identification: signatures bind the identity of users to plex goals by combining human and artificial intelligence to blockchain addresses acting as source and destination of collectively achieve superior results than each of them could transactions. This property refers also to non-repudiation, have done in separation and continuously improve by learn- i.e. the binding of a transaction to its source and destina- ing from each other.” (Dellermann et al., 2019, p. 276). tion is definitive. It can be further distinguished between four sub-fields that are currently being investigated (HI, 2019): collaborative • Autonomous execution: program code can be run as a HI, where it is focused on the synergy of humans and intel- smart contract using an instruction set specified by the ligent agents for solving tasks, adaptive HI, that targets sit- protocol. In this way, the execution possesses the verifi- uations that have not been anticipated by the designers, e.g. ability properties of the protocol. in terms of variable team configurations and changing roles, • Incentivized Operation: rewards are issued to the peers explainable HI, where humans and machine agents need to performing the proof-of-work computations. explain their recognitions, goals, and actions to each other, In such a system, the notion of trust therefore refers a sin- and responsible HI, that addresses ethical and legal concerns gle point of truth being established such that data and oper- as an integral part of HI systems. ations can be traced back to individual peers through digital As a consequence, in hybrid intelligence systems, hu- signatures. In this context, blockchains are sometimes con- man agents need to be considered on the same level as ma- sidered to establish trust without intermediaries. chine learning algorithms and reasoners, with distinct re- Applications utilize the properties for example in the at- quirements in terms of information representation. Possi- testation of identities, knowledge, information or data (Härer ble interfaces between humans and machines may be vi- and Fill, 2019), e.g. by certifications verifiable with an un- sualizations for representing results from machine calcula- trusted third party on the blockchain. Similarly, algorithms tions, e.g. (Hund et al., 2016), or human-adequate knowl- can be registered for providing transparency, in order to es- edge and data representations that can serve as input for tablish their integrity at a later point in time by another party. machine learning and knowledge reasoning as e.g. found First concepts involving algorithms for the benefit of trust in conceptual modeling (Fill, 2017; Karagiannis and Buch- have been suggested for explainable artificial intelligence mann, 2016). (XAI) at this point (Calvaresi et al., 2019; Nassar et al., 2020). Blockchains Regarding implementation, the discussion in this paper Blockchains are a class of technologies for implementing assumes a blockchain capable of smart contracts, such as distributed systems with verifiable storage and execution Ethereum (Buterin, 2013; Wood, 2014). Here, smart con- based on integrity-secured backward-linked blocks consist- tracts are byte code programs, stored and executed in au- ing of transactional data (Härer, 2019). In contrast to dis- tonomously operated contract accounts (CA), in contrast to tributed database systems, blockchain systems allow for the externally owned accounts (EOA) defined by the public- public distribution and transparent validation of data among private key pairs of users. Towards establishing trust, this decentralized network participants. In addition to public platform constitutes a base layer for the identification, trace- blockchains, permissioned forms that limit write access ex- ability and attestation of data and higher-level concepts. 3 Framework (2) the existence of the identity must be publicly verifiable, Based on the aforementioned foundations we can now ad- and (3) it must be linked to a human identity for account- vance to describing our framework for supporting trust in ability and for others to trust it. hybrid intelligence systems through blockchains. The cen- However, the role and benefit of human involvement tral idea thereby is to enable the traceability and thus the through comprehension, emotional understanding and other provenance of all components of hybrid intelligence sys- factors is not to be reduced to accountability, as it might be tems. Thus, it needs to be recorded, which human agents, considered the least desired factor when algorithms are exe- machine agents, data, and symbolic representations exist and cuted autonomously with little control of human agents. how they interact for generating results. This can be done One possibility is the registration of self-managed identi- both at design time, i.e. when new hybrid intelligence sys- ties on a blockchain, proposed in the form of self-sovereign tems are conceived, as well as at run time when concrete identity concepts (Lundkvist et al., 2016). At a minimum, (1) executions are observed. Thus it can be investigated, how and (2) can be realized by public-private key pairs belong- results have been generated by HI systems and who can be ing to externally owned accounts on a blockchain such as held accountable for them. Ethereum, which can be extended with additional personal For structuring the framework we reverted to the boxol- attributes if required. The link to a human identity (3) has ogy elements proposed by Harmelen and Teije for combin- to be proven outside of the blockchain system, e.g. through ing machine learning and knowledge reasoning (Harmelen digital signatures from government-issued electronic iden- and Teije, 2019), i.e. we include components for knowledge tity such as eID in Europe (Shehu, Pinto, and Correia, 2019). reasoning (KR), machine learning (ML), model-free repre- For the purposes of discussing the framework, the fol- sentations (Data) and symbolic representations (Sym). We lowing initialization through a human agent HA is assumed extend it by adding human agents (HA) to allow for the con- prior to the design of a pattern with its implementing algo- struction of human-in-the-loop systems. All components can rithms and data: be related to each other through a relation element as shown • Generation of an externally owned account EOA = in Figure 3. The recording on a blockchain then takes place (EOASec , EOAPub , EOAA ) where EOASec is a private key in the form of attestations, which can either be triggered from which a public key EOAPub and a public account ad- through human agents or machine agents. dress EOAA are derived. In principle, any form of a public In the following sections, the components and relation- identifier ID might be provided. ships of the framework are discussed. Subsequently, we will specify smart contracts for conducting the mentioned attes- • Creation of a signature S using an electronic ID certificate tations and discuss possible realization options. identified by eIDPub such that a message M = EOAA is signed and verifiable with S through the certificate author- Components and Relations ity of the eID. The following sections argue for designing knowledge rea- • Registration of S and M with a smart contract through a soning and machine learning systems with the explicit in- blockchain transaction originating from EOAA , proving volvement of human agents for utilizing complementary that the identity knows EOASec . strengths and as a source of trust and accountability. For this • Future transactions for design time and run time attesta- reason, the pattern-based specification of such a system is tions originating from an address EOAA0 are valid if a sig- detailed here by its components and relations. They com- nature S0 is found for EOAA0 in the smart contract and if prise Human Agents (HA), Knowledge Reasoning (KR) and S0 can be verified, proving the identity is eIDPub . Machine Learning (ML) components as well as representa- tional Data and Symbolic (Sym) components and their re- Following the design of a pattern, attestation transactions lations. The notation for processing components and repre- triggered by human or machine agents are bound to HA. In- sentational components can be seen in Figure 3. dividual transactions for components and relations are car- In order for HA to be the source of trust and accountabil- ried out according to the following sections. ity of a specific pattern, its components are subject to attes- Machine Agents The term machine agent here refers to tation on a blockchain where they are linked to the identities the processing of algorithms for knowledge reasoning and of human agents. Subsequently, algorithms and the execu- machine learning. At design time, this concerns the trace- tion with concrete representations are subject to attestation ability of the components KR and ML with their implement- triggered by humans or machines. ing algorithms over time. Initialization through Human Agents In contrast to In principle, two dimensions might be considered for views where machines are held accountable for their actions, recording and attesting algorithms over time. (1) the ab- this approach assumes the source of trust to be a human straction level, ranging from securing the algorithm in its agent. Acting as a designer for a specific pattern and its al- source code representation as a whole to a fine-grained rep- gorithms, a human agent is able to provide explainability of resentation of individual syntactic elements (Falleri et al., the design, human comprehension, emotional understanding 2014; Fluri et al., 2007), and (2) the differencing approach, in decisions concerning moral and ethics as well as account- distinguishing a state-based or operation-based representa- ability. For the identity to be linked to the design, it needs tion of changes (Koegel et al., 2009; Lippe and van Oos- to fulfil three requirements. (1) The identity must be unique, terom, 1992). State-based approaches permit showing the 4 KR HA Data KR HA Data ML Sym ML Sym Blockchain Human-triggered Interaction Machine-triggered Interaction Figure 3: Framework for describing the components and relationships which utilize the blockchain in human-triggered or machine-triggered attestations. The components are based on the design pattern proposed by (Harmelen and Teije, 2019) and extended to human agents. Human-triggered: For example, differences between individually the process recorded states ofofdesigning an al- a machine Givenlearning to classify the notion insurace cases. of model-free When data given the without responsibility knowledge of of such decisi AI, one consequence due to gorithm’s source code. Implementations of this approach in ethics is a fundamental requirement of trust and accountability (Dignum 2017). its internal composition, the requirement is for it to be trace- version control systems such as Git1 require an intentional Machine-triggered able regarding its provenance and changes over time. commit for recording the Thecurrent state. machine Givendetermines learning two states, the outcome The storage of a case of data and stores onthea blockchain. it on blockchain has several limita- it is only possible to reconstruct their differences. In con- tions. While it is theoretically possible to store the input and trast, operations-based approaches permit the reconstruction output data of algorithms on a blockchain as a whole, the of change operations made between two states by recording data volume, veracity, and velocity (Laney, 2001) impose all operations or atomic state changes individually. Instead requirements difficult to meet for distributed data manage- of detecting deletions and insertions of source code, individ- ment systems and particularly blockchain systems. For ex- ual operational changes to syntax elements can be detected, ample, large machine learning data sets are not suited for to- however, versioning needs to be aware of the syntax and lan- day’s blockchains due to the limited number of transactions guage used. per second and block size (Kim, Kwon, and Cho, 2018). In order to allow changes to be publicly observed and While data availability therefore cannot be assumed, trace- traced on a blockchain, existing versioning approaches can ability might be realized without it through the attestation of be adapted for storing individual states or operations. Given data over time. On the basis of the attestation concept, trace- the source code of an algorithm, the following attestation is ability can be achieved through the issuance of a permanent assumed: identifier in combination with its binding to a human or ma- chine agent. In addition, the identifier here is also assumed • Assignment of a unique identifier ID, optionally in the to locate data through traditional client-server-based access. form of a resource locator for providing public access to the algorithm. For example, UUID version 4 (Leach, The following scheme is assumed for the human- or Mealling, and Salz, 2005) might be used to locally as- machine-triggered attestation of data: sign a randomly generated identifier, possibly as part of a • Assignment of a unique identifier ID similar to the attes- URL. tation of algorithms, e.g. using a UUID and, possibly, a • Calculation of a set of hash values HA for each abstraction URL which contains it. of the algorithm’s source code, e.g. code blocks defining • Calculation of HData (B) as a cryptographic hash function, a state or individual operations. e.g. (Dworkin, 2015), applied to binary data B. • Recording of the pattern component type c ∈ {KR, ML}, • Recording of the representational component with ID, ID, HA , and the current block number in a smart contract HData (B), the component’s type Data, and the current given that a valid signature of HA is provided. block number in a smart contract given that a valid sig- • Changes to the chosen abstraction can be detected pub- nature of HA is provided. licly by a change of any of the values in HA compared to • In future utilizations of B, its integrity is considered valid the versions stored previously. if the re-computed value HData (B) is present in the smart Data The representational components Data and Sym con- contract. In this case, an attestation is provided through cern the run time of algorithms according to a given pattern. the smart contract and additional information can be re- trieved from it. In particular, the date and time when the 1 https://git-scm.com/ data was recorded according to the block number, an iden- 5 tifier and, possibly, locator, and the provenance according components can be found in combination with Data or sym- to the signature of HA can be retrieved. bolic (Sym) representations. Table 1 summarizes possible relations between the components. Sym The Sym component stands for symbolic knowledge representations that are used as inputs and outputs of clas- sical reasoning systems as defined in (Harmelen and Teije, Processing 2019). This includes for example ontologies, rules, knowl- Human Knowledge Machine edge graphs or linked data. Agent (HA) Reasoning (KR) Learning (ML) For the attestation of Sym, the applicability of the data at- testation scheme outlined in the previous section is assumed. Repre- Data (1) (3) (5) However, by considering the internal structures, more fine- sentation grained attestations become possible. Depending on the con- Sym (2) (4) (6) crete representation, e.g. a resource description framework (RDF) graph, logical expressions, or an ontology, an attesta- tion requires an appropriate abstraction level. One example Table 1: Possible Relations between Representation and Pro- is the attestation of ontologies on the basis of Knowledge cessing Components of the Framework Blockchains as outlined in (Fill, 2019; Fill and Härer, 2018). Other knowledge representations such as RDF triplets can Knowledge reasoning systems are usually designed for be subject to attestation in a similar fashion. Given a method Sym representations as input and output (3). Additional sys- HSym (K) for observing an abstraction of a knowledge rep- tems were found (Harmelen and Teije, 2019) for relation (4) resentation K over time, the following attestation scheme is in two instances, where raw data and symbolic input was assumed: applied in combination for KR (Pattern 11) and in another • Assignment of a unique identifier ID similar to the attes- case where input data for ML was also used as input and tation of algorithms, e.g. using a UUID and, possibly, a output of KR in order for KR to try to interpret and explain URL which contains it. the abstractions gained from machine learning (Pattern 8). Machine learning systems mostly process model-free • Calculation of HSym (K) as a cryptographic hash function Data representations as input and output (5). However, there applied to a knowledge representation K. Given the ex- exist a variety of systems using relation (6) (Harmelen and ample of ontologies, HSym (K) represents the root hash Teije, 2019). In particular, systems operating on symbolic value of a Merkle tree that is created from the data in an inputs may also produce symbolic output through learning ontology - see (Fill, 2019) for details. (Pattern 3 and 11) or an intermediate data output in case of • Recording of the representational component Sym, ID, embeddings, which are an input for ML again in order to HSym (K) and the current block number in a smart con- produce Sym (Pattern 4). Other examples include the learn- tract given that a valid signature of HA is provided. ing of ontologies (Sym) from Data inputs (Pattern 5), Sym output for explanation of ML (Pattern 6 and 7), the produc- • Similar to the attestation of Data, K is considered valid in tion of Sym output by ML to prepare learning or reasoning future utilizations if HSym (K) can be established, e.g. by (Patterns 9 and 10), learning with Data an additional Sym in- reconstruction of a Merkle tree resulting in this particular put (Patterns 12 and 13), and for ML to learning knowledge value. However, K might be any fine-grained representa- reasoning using Sym inputs and outputs (Pattern 15). As an tion here, e.g. classes of a subclass relation of an ontol- exceptional case, there also exist complex relations where ogy. For each abstraction K, the date and time, the block Sym is composed out of multiple components (Pattern 16). number, an identifier and, possibly, locator, and the prove- For the design of patterns involving the learning and rea- nance according to the signature of HA can be retrieved. soning of human agents (HA), their relation to other HA, Relations between Components The design of a pattern KR, or ML components is indirectly made through explicit is finalized by the specification of its relations between knowledge, usually in the form of Sym representations, lead- the components established previously. After the aforemen- ing to relation (2). However, knowledge of an inherent struc- tioned attestations of individual components, their pair- ture cannot always be assumed, such that Data and Sym are wise specification on the basis of the assigned attestation possible components in relation (1) to and from HA. identifiers is required. Therefore, relations in the form of (IDC1 , IDC2 ) for component pairs C1 and C2 are recorded Realization Requirements for Smart Contracts on the blockchain for completing the design of a pattern. Based on the outlined process for the attestation of indi- In this process, the pairwise specification of components vidual components with their relations, the following smart is restricted by the components’ types and the combinations contract details the data required and operations necessary permitted for them. Primarily, the constraints are imposed to implement attestations in practice. Blockchain platforms by the notion of processing. Components of this type im- supporting the execution of smart contracts in a manner sim- ply an input or output to be present in the form of a repre- ilar to Ethereum or Hyperledger are suited for implement- sentational component. According to the patterns stemming ing the abstract specification provided in the following para- from the literature analysis by Harmelen and Teije (2019), graphs. the knowledge reasoning (KR) and machine learning (ML) Firstly, the data structures required are shown in part 1 6 of the smart contract listing. Here, the smart contract estab- The operations required to perform attestations are out- lishes a typing system in the form of enumerations (line 1 lined in parts 2 - 5. In the registration of HA in part 2, a ff.), abstract data types with according data structures (line signature needs to be provided by HA. A UUID is randomly 4 ff.) and global variables for mappings between the abstract generated and the sender address is read from the transac- data types provided (line 31 ff.). The typing system distin- tion (2) such that it can be the subject of a signature valida- guishes human agents (HA), machine agents (MA) of pro- tion. I.e., the signature including a public key of HA and the cessing type KR and ML and the representational types (R) signed address of the sender must be valid. In this case, the Data and Sym. Individual HA’s identity data in the according aforementioned data is recorded under the assigned UUID. data type requires the storage of a signature, an externally owned account (EOA) as well as a block number indicat- Smart Contract Part 2: HA Identity Registry ing when attestations have been conducted. Similarly, MA must record an address for traceability to HA with a block 1 Function identityRegistry(sig: Signature) : void { number, in addition to the attestation hash value, the pro- 2 Address snd = Transaction.sender; cessing type and a URL. Representations use the same struc- 3 if signatureValidation(sig, snd) then ture which only differs in the representation type. Relations 4 U U ID uuid = generateRandomUUIDV4(); are stored as tuples of components where each component is 5 humanAgent[uuid].block = Block.nr; identified by a UUID. In addition, the attestation block and 6 humanAgent[uuid].eoa = snd; address with the component type are recorded to allow for 7 humanAgent[uuid].sig = sig; lookups of a UUID without type information. Global vari- 8 end ables are defined for mapping data structures to relate each 9 } UUID to one HA, MA, representational type or relation. After the initialization by HA is conducted, the identity Smart Contract Part 1: Data Types and Mappings data stored for it is retrieved and validated for every regis- 1 Enum ComponentType { HA, MA, R } tration of algorithms, representations, and relations in parts 3 2 Enum ProcessingType { KR, ML } - 5. The validation occurs in the same fashion in these parts. 3 Enum RepresentationType { Data, Sym } Considering, e.g. the registration of algorithms in part 5, line 4 DataStruct HumanAgent { 5, the two requirements for registration can be seen. In par- 5 Signature sig; ticular, the transaction sender must match the HA referenced 6 Address eoa; by its UUID and the signature has to be valid according to 7 Integer block; the properties mentioned in the previous paragraph. With 8 } a randomly generated UUID for MA, the algorithms’ hash 9 DataStruct MachineAgent { value, processing type, URL and sender are stored. In the 10 ProcessingType type; same manner, the recording of representations of the types 11 ByteArray hashValue; Data and Sym can occur as in part 4. 12 Address addr; 13 Integer block; Smart Contract Part 3: MA Algorithm Registry 14 URL url; 1 Function algorithmRegistry(type: ProcessingType, 15 } data: ByteArray, url: URL, uuidHA: UUID) : void { 16 DataStruct Representation { 2 Address snd = Transaction.sender; 17 RepresentationType type; 3 Address eoa = humanAgent[uuidHA].eoa; 18 ByteArray hashValue; 4 Signature sig = humanAgent[uuidHA].sig; 19 Address addr; 5 if snd == eoa && signatureValidation(sig, eoa) 20 Integer block; then 21 URL url; 6 U U ID uuid = generateRandomUUIDV4(); 22 } 7 machineAgent[uuid].block = Block.nr; 23 DataStruct Relation { 8 machineAgent[uuid].addr = snd; 24 UUID uuidFrom; 9 machineAgent[uuid].type = type; 25 UUID uuidTo; 10 machineAgent[uuid].url = url; 26 ComponentType typeFrom; 11 machineAgent[uuid].hashValue = 27 ComponentType typeTo; hashFunction(data); 28 Address addr; 12 end 29 Integer block; 13 } 30 } 31 Map (U U ID => HumanAgent) humanAgent; 32 Map (U U ID => M achineAgent) machineAgent; The registration of relations in part 5 takes the pair of 33 Map (U U ID => Representation) representation; components by their UUID and types as parameters, to- 34 Map (U U ID => Relation) relation; gether with the discussed identifier of HA. Another UUID is generated in order to store the relation itself. The retrieval 7 Smart Contract Part 4: Representation Registry computed hash values of the abstractions used, e.g. syntax elements for algorithms, binary data and symbolic represen- 1 Function representationRegistry(type: tations such as ontology classes. Lastly, relations are sub- RepresentationType, data: ByteArray, url: URL, ject to validation by checking whether the components con- uuidHA: UUID) : void { tained in relation exist. Each component is identified by a 2 Address snd = Transaction.sender; UUID required to be stored in humanAgent, machineAgent, 3 Address eoa = humanAgent[uuidHA].eoa; or representation. Given a successful validation, the stored 4 Signature sig = humanAgent[uuidHA].sig; block number and identity address can be considered valid 5 if snd == eoa && signatureValidation(sig, eoa) and might be retrieved additionally. A continuous monitor- then ing and attestation process is easily carried out, triggered by 6 U U ID uuid = generateRandomUUIDV4(); receiving a new block from the network over the course of 7 representation[uuid].block = Block.nr; synchronizing the blockchain as usual. 8 representation[uuid].addr = snd; 9 representation[uuid].type = type; Requirements and Options for Execution 10 representation[uuid].url = url; 11 representation[uuid].hashValue = At run time, the execution of algorithms might be fully or hashFunction(data); partially autonomous and require the ability of reviewing 12 end execution traces in order to allow for according design time 13 } changes. Concerning traceability in the execution at run time, it is limited by the distributed execution environment. In general, there exist three approaches in this area. First, the execu- of a relation by UUID therefore yields access to the compo- tion might be blockchain-based if it occurs directly on the nents provided by their typing information through the map- infrastructure of a blockchain. Secondly, a trusted execu- ping data structures in part 1, line 31 ff.. tion outside the blockchain might be software-based through performing proofs. Thirdly, hardware-based executions in trusted environments might be employed. Smart Contract Part 5: Relation Registry In the case of a blockchain-based execution, an untrusted 1 Function relationRegistry(uuidFrom: UUID, uuidTo: and global peer-to-peer network can be assumed, where the UUID, typeFrom: ComponentType, typeTo: blockchain infrastructure extends beyond the boundaries of ComponentType, uuidHA: UUID) : void { known internal networks. Therefore, the execution itself is 2 Address snd = Transaction.sender; traceable only in the form of a smart contract, which is ver- 3 Address eoa = humanAgent[uuidHA].eoa; ifiably executed by the nodes of the network. While the ex- 4 Signature sig = humanAgent[uuidHA].sig; ecution of (unsupervised) learning algorithms and the ap- 5 if snd == eoa && signatureValidation(sig, eoa) plication of learned models through smart contracts is ex- then plored (Harris and Waggoner, 2019), the feasibility of run- 6 U U ID uuid = generateRandomUUIDV4(); ning knowledge reasoning and, in particular, machine learn- 7 relation[uuid].block = Block.nr; ing algorithms directly on a blockchain cannot be assumed 8 relation[uuid].addr = snd; for the general case due to the scalability limitations of 9 relation[uuid].uuidFrom = uuidFrom; blockchains. 10 relation[uuid].uuidTo = uuidTo; For trusted execution in general, approaches on the run 11 relation[uuid].typeFrom = typeFrom; time level providing a verifiable execution of algorithms can 12 relation[uuid].typeTo = typeTo; be divided into software- and hardware-based approaches. 13 end Software-based approaches rely on proofs calculated dur- 14 } ing the execution, such that either the execution instruc- tions performed or the resulting data output can be veri- fied. For example, zero-knowledge proofs have been used Newly registered identities, algorithms, representations, in trusted execution schemes independent of (Ben-Sasson et and relations can be monitored over time by anyone with ac- al., 2013) and specifically for blockchain-based execution cess to the blockchain that contains the smart contract with (Morais et al., 2019). In a distributed execution environment, the global variables humanAgent, machineAgent, represen- blockchain-based approaches are advantageous due to the tation, and, relation (part 1, line 31 ff.). After a registration global state and global verifiability they provide. Scalability and its UUID have been observed, an attestation can be car- limitations also impact verifiable execution for applications ried out by any third party through the per-UUID retrieval such as machine learning here, even though, specialized ap- of a global variable and the validation of its values. In the proaches are beginning to appear (Ghodsi, Gu, and Garg, case of an identity, the validation is determined by checking 2017). the signature in humanAgent which must be a valid signed Hardware-based approaches concern the area of trusted message of the EOA address also stored in humanAgent. computing in combination with blockchain infrastructures For an algorithm or representation, the hash values stored in (Hardjono and Smith, 2019; Luo et al., 2019). Trusted plat- machineAgent and representation are required to match re- form modules and secure enclaves in processing units are 8 Example of a Hybrid System: Ontology Learning Sym HA Sym KR Pattern Data ML Sym HA Identity Identity Data Algorithm Symbolic Relations - IDHA - IDData - IDML - IDSym - (ID Data, IDML), […] Attestations - SignatureHA - SignatureHA - Signature HA - SignatureHA - Signature HA […] […] […] […] […] […] t HA Representation MA Representation Relations Figure 4: Example of a Hybrid System (Ontology Learning) with attestation of pattern and its instances widespread today. In these realizations, there exists a trusted not assume direct input to KR here. Instead, the Sym input hardware element that provides a higher level of trust in the first is subject to HA for quality control by help of an addi- data stored and executions performed due to isolation from tional Sym input, e.g. from a domain ontology. With this ad- the main processing units and storage components. How- ditional knowledge, HA may choose to verify and augment ever, a variety of specialized execution instructions such as the ML Sym output for reasoning through KR. Furthermore, Intel SGX2 and storage formats specific to individual plat- results of the reasoning are used to enrich future Sym in- forms such as the Android keystore system3 hamper stan- put for aiding HA. Similar to pattern (10), symbolic struc- dardization today. tures are constructed ultimately, however, with HA and KR as two intermediate abstractions. Assuming the attestation Exemplary Use Cases of this exemplary pattern, the following applications related The construction of HI systems through the framework en- to transparency, distribution and trust become apparent. compasses the specification of patterns, their attestation in smart contracts and an execution according to the afore- Example 1: Traceability Traceability pertains to the hu- mentioned requirements. Use cases outlining the assumed man agent involved as well as the components of the pattern benefits of this approach relative to current KR and ML at design time and run time. systems are discussed in the following subsections. While Regarding the human agent, an identity is established the framework imposes significant design-time and run-time through the externally owned blockchain account belonging overhead, it might be applied in scenarios requiring trans- to it. Using signatures, this account may be bound to another parency, distribution and trust. In particular, systems involv- identity system such as officially issued eID cards. ing human and machine agents, e.g. considering algorithmic The components and relations designed by the human profiling, self-driving cars, or medical diagnoses. A pattern agent are created on the basis of its identity. Initially, the HA employed by these instances, where human and machine ac- identity is registered as an anchor for further attestations of tors depend on each other, might be composed as in Figure Data, the ML and KR algorithms, the Sym representations 4. In general, the registration of an HA identity is carried following and all relations. In scenarios where accountabil- out at first, followed by components and relations. The pat- ity is required, e.g. for scenarios critical to security and hu- tern assumed here consists of learning of an intermediate man safety, the attestation of the design becomes relevant at abstraction for reasoning, e.g. for creating and maintaining run time. Even though ML and KR might be performed by an ontology classifying diseases with data input processed machine agents in full or partial autonomy, their algorithms through ML and oversight by human actors. Structurally, with input and output data are bound to their initial designer the pattern is also partially similar to pattern (10) (Harme- HA. len and Teije, 2019), reminiscent of Alpha Go. However, it is extended here as an example for a learning and reason- Example 2: Crowd Sourcing of Learning and Reason- ing system with feedback and learning from a human agent. ing Due to their origin, most blockchains natively support Similarly to pattern (10), Data is an input for an ML step to the transfer of virtual currency. An externally owned account produce an intermediate Sym input for KR. However, we do bound to an identity has a balance denominated in a currency such as Ether. Similarly, contract accounts in blockchains 2 https://software.intel.com/en-us/sgx such as Ethereum hold a balance for making monetary trans- 3 https://developer.android.com/training/articles/keystore action triggered by a smart contract. 9 Once deployed, a smart contract can autonomously ex- tics 5(2):58 – 71. Software Engineering and the Semantic ecute transactions compensating for machine learning and Web. knowledge reasoning tasks performed by human agents or Ben-Sasson, E.; Chiesa, A.; Genkin, D.; Tromer, E.; and machine agents. In principle, the fully autonomous and Virza, M. 2013. SNARKs for C: Verifying Program Exe- reward-based creation of symbolic data and algorithms, e.g. cutions Succinctly and in Zero Knowledge. In Canetti, ontologies and query logic, is possible with known identi- R., and Garay, J. A., eds., Advances in Cryptology – ties. Depending on the incentive structure and game theo- CRYPTO 2013, Lecture Notes in Computer Science, 90– retical outcomes, the explicit involvement of human agents 108. Berlin, Heidelberg: Springer. for quality control might be desirable considering a pattern such as Figure 4. For example, today, the collaborative cre- Bonatti, P.; Duma, C.; Olmedilla, D.; and Shahmehri, N. ation of ontologies such as for the ICD uses KR manually 2005. An integration of reputation-based and policy- through the Protégé software (Horridge et al., 2019). Here, based trust management. In In Semantic Web Policy Work- according interfaces can be added for the collaborative cre- shop. ation of ontologies by multiple distributed parties with KR Buolamwini, J., and Gebru, T. 2018. Gender shades: Inter- or ML capabilities. sectional accuracy disparities in commercial gender clas- Example 3: Trust With the identity system outlined, a sification. In Friedler, S. A., and Wilson, C., eds., Pro- reputation-based trust model as well as policy-based one can ceedings of the 1st Conference on Fairness, Accountabil- be implemented. Reputation-based trust is commonly em- ity and Transparency, volume 81 of Proceedings of Ma- ployed on the internet today. The concept of a rating system chine Learning Research, 77–91. New York, NY, USA: for the determination of trust applies also to smart contracts, PMLR. assuming a sufficient number of users. On the other hand, Buterin, V. 2013. Ethereum: The Ultimate Smart a policy-based trust can establish definitive rules for known Contract and Decentralized Application Plat- identities when ML and KR tasks are executed by machine form. http://web.archive.org/web/20131228111141/ agents. With increasing autonomy, this aspect becomes rel- http://vbuterin.com/ethereum.html. accessed on 2019- evant, for example, in applications critical to the safety of 02-28. human users, e.g. considering the algorithms developed for self-driving cars. In this instance of policy-based trust, algo- Calvaresi, D.; Mualla, Y.; Najjar, A.; Galland, S.; and Schu- rithms developed in the engineering phase and updates ap- macher, M. 2019. Explainable Multi-Agent Systems plied at a later point in time can be traced back to the initial Through Blockchain Technology. In Explainable, Trans- development. In principle, the validity of data in any system parent Autonomous Agents and Multi-Agent Systems, EX- can only be established to the extent of the real-world behav- TRAAMAS 2019, volume 11763 of Lecture Notes in Com- ior observable and verifiable. Therefore, the transparent and puter Science. Springer International Publishing. tamper-proof record enables observation and validation to Dellermann, D.; Calma, A.; Lipusch, N.; Weber, T.; Weigel, an extent, as it might be performed internally, by regulators, S.; and Ebel, P. 2019. The future of human-ai collab- competitors, or the general public. oration: A taxonomy of design knowledge for hybrid in- telligence systems. In Hawaii International Conference Conclusion and Outlook on System Sciences (HICSS). URL: http://hdl.handle.net/ 10125/59468 accessed 2019-11-11. The emergence of hybrid intelligence systems as combina- tions of knowledge reasoning and machine learning with Dignum, V. 2017. Responsible autonomy. In Proceedings of human-in-the-loop, symbolic, and data representations of- the Twenty-Sixth International Joint Conference on Artifi- fer great potentials. Towards the creation of trust in such cial Intelligence, IJCAI 2017, Melbourne, Australia, Au- systems, blockchains can aid in tracing the provenance of gust 19-25, 2017, 4698–4704. all involved components and their relations to their origi- Dignum, V. 2018. Ethics in artificial intelligence: introduc- nators in the form of human agents. However, this ensures tion to the special issue. Ethics and Information Technol- trust only on a technical level and in terms of accountability ogy 20(1):1–3. through attestation. The integration of further trust aspects such as ethical and moral responsibility is thereby implicitly Dorffner, G. 1991. Konnektionismus - Von neuronalen Net- covered to the extent of the involvement of humans. It will zwerken zu einer ’natürlichen’ KI. Springer. need to be further investigated how such aspects can be ex- Dworkin, M. J. 2015. SHA-3 Standard: Permutation-Based plicitly ensured, e.g. through verifying components that are Hash and Extendable-Output Functions. Technical Re- to be attested. Further work will be required for analyzing port NIST FIPS 202, National Institute of Standards and potentially huge sets of pattern combinations and for deriv- Technology. ing further meta-insights into their optimal usage. Falleri, J.-R.; Morandat, F.; Blanc, X.; Martinez, M.; and Monperrus, M. 2014. Fine-grained and Accurate Source References Code Differencing. In Proceedings of the 29th ACM/IEEE Artz, D., and Gil, Y. 2007. A survey of trust in computer International Conference on Automated Software Engi- science and the semantic web. Journal of Web Seman- neering, ASE ’14, 313–324. New York, NY, USA: ACM. 10 Fill, H.-G., and Härer, F. 2018. Knowledge Blockchains: datasets with the doctor-in-the-loop. Brain Informatics Applying Blockchain Technologies to Enterprise Model- 3(4):233–247. ing. In Proceedings of the 51st Hawaii International Con- Härer, F. 2019. Integrierte Entwicklung und Ausführung von ference on System Sciences (HICSS-51), 4045–4054. Prozessen in dezentralen Organisationen. Ein Vorschlag Fill, H.-G. 2017. SeMFIS: A Flexible Engineering Platform auf Basis der Blockchain. University of Bamberg Press. for Semantic Annotations of Conceptual Models. Seman- Dissertation. doi 10.20378/irbo-55721. tic Web (SWJ) 8(5):747–763. Kamar, E. 2016a. Directions in hybrid intelligence: Com- Fill, H. 2019. Applying the concept of knowledge plementing AI systems with human intelligence. In Pro- blockchains to ontologies. In Martin, A.; Hinkelmann, ceedings of the Twenty-Fifth International Joint Confer- K.; Gerber, A.; Lenat, D.; van Harmelen, F.; and Clark, P., ence on Artificial Intelligence, IJCAI 2016, New York, NY, eds., AAAI 2019 Spring Symposium on Combining Ma- USA, 9-15 July 2016, 4070–4073. chine Learning with Knowledge Engineering. CEUR- Kamar, E. 2016b. Hybrid workplaces of the future. XRDS: WS.org. Crossroads, The ACM Magazine for Students 23(2):22– Fluri, B.; Wuersch, M.; PInzger, M.; and Gall, H. 2007. 25. Change Distilling:Tree Differencing for Fine-Grained Karagiannis, D., and Buchmann, R. A. 2016. Linked Source Code Change Extraction. IEEE Transactions on open models: Extending linked open data with conceptual Software Engineering 33(11):725–743. model information. Inf. Syst. 56:174–197. Ghodsi, Z.; Gu, T.; and Garg, S. 2017. SafetyNets: Ver- Kim, S.; Kwon, Y.; and Cho, S. 2018. A Survey of Scal- ifiable Execution of Deep Neural Networks on an Un- ability Solutions on Blockchain. In 2018 International trusted Cloud. In Proceedings of the 31st International Conference on Information and Communication Technol- Conference on Neural Information Processing Systems, ogy Convergence (ICTC), 1204–1207. NIPS’17, 4675–4684. USA: Curran Associates Inc. Koegel, M.; Herrmannsdoerfer, M.; Helming, J.; and Li, Y. Hardjono, T., and Smith, N. M. 2019. Decentralized Trusted 2009. State-based vs. Operation-based Change Tracking. Computing Base for Blockchain Infrastructure Security. In MODELS ’09 MoDSE-MCCM Workshop, 10. CoRR abs/1905.04412. Laney, D. 2001. 3D data management: Controlling data Härer, F., and Fill, H.-G. 2019. Decentralized Attestation volume, velocity, and variety. Technical report, META of Conceptual Models Using the Ethereum Blockchain. Group. In 21st IEEE International Conference on Business Infor- matics (CBI 2019). Leach, P. J.; Mealling, M.; and Salz, R. 2005. A Uni- versally Unique IDentifier (UUID) URN Namespace. Harmelen, F. v., and Teije, A. t. 2019. A boxology of design https://tools.ietf.org/html/rfc4122. patterns forhybrid learningand reasoning systems. Jour- nal of Web Engineering 18(1):97–124. Lippe, E., and van Oosterom, N. 1992. Operation-based Merging. In Proceedings of the Fifth ACM SIGSOFT Harris, J. D., and Waggoner, B. 2019. Decentralized & Col- Symposium on Software Development Environments, SDE laborative AI on Blockchain. In 2019 IEEE International 5, 78–87. New York, NY, USA: ACM. Conference on Blockchain (Blockchain). Lomov, B. F., and Venda, V. F. 1977. Human factors: Prob- HI - The Hybrid Intelligence Centre. 2019. Hy- lems of adapting systems for the interaction of informa- brid Intelligence (HI): augmenting human intellect. tion to the individual: The theory of hybrid intelligence. http://www.hybrid-intelligence-centre.nl/wp-content/ Proceedings of the Human Factors Society Annual Meet- uploads/2019/10/HI-Application-public-version.pdf. ing 21(1):1–9. Accessed: 2019-11-01. Lundkvist, C.; Heck, R.; Torstensson, J.; Mitton, Z.; and Hochreiter, S., and Schmidhuber, J. 1997. Long Short-Term Sena, M. 2016. uport a platform for self-sovereign Memory. Neural Computation 9(8):1735–1780. identity. http://blockchainlab.com/pdf/uPort whitepaper Holzinger, A. 2016. Interactive machine learning for health DRAFT20161020.pdf. accessed on 2019-02-28. informatics: when do we need the human-in-the-loop? Luo, Y.; Fan, J.; Deng, C.; Li, Y.; Zheng, Y.; and Ding, Brain Informatics 3(2):119–131. J. 2019. Accountable Data Sharing Scheme Based on Horridge, M.; Gonçalves, R. S.; Nyulas, C. I.; Tudorache, Blockchain and SGX. In 2019 International Conference T.; and Musen, M. A. 2019. WebProtégé: A Cloud-Based on Cyber-Enabled Distributed Computing and Knowl- Ontology Editor. In Companion Proceedings of The 2019 edge Discovery (CyberC), 9–16. World Wide Web Conference on - WWW ’19, 686–689. Martin, A.; Hinkelmann, K.; Gerber, A.; Lenat, D.; van San Francisco, USA: ACM Press. Harmelen, F.; and Clark, P., eds. 2019. Proceed- Hund, M.; Böhm, D.; Sturm, W.; Sedlmair, M.; Schreck, T.; ings of the AAAI 2019 Spring Symposium on Combining Ullrich, T.; Keim, D. A.; Majnaric, L.; and Holzinger, Machine Learning with Knowledge Engineering (AAAI- A. 2016. Visual analytics for concept exploration in MAKE 2019) Stanford University, Palo Alto, California, subspaces of patient groups - making sense of complex USA, March 25-27, 2019., Stanford University, Palo Alto, 11 California, USA, March 25-27, 2019, volume 2350 of CEUR Workshop Proceedings. CEUR-WS.org. Matthias, A. 2004. The responsibility gap: Ascribing re- sponsibility for the actions of learning automata. Ethics and Information Technology 6(3):175–183. McGuinness, D. L. 2004. Question answering on the se- mantic web. IEEE Intelligent Systems 19(1):82–85. Minsky, M. L. 1991. Logical versus analogical or symbolic versus connectionist or neat versus scruffy. AI Magazine 12(2):34. Morais, E.; Koens, T.; van Wijk, C.; and Koren, A. 2019. A survey on zero knowledge range proofs and applications. SN Applied Sciences 1(8):946. Nassar, M.; Salah, K.; ur Rehman, M. H.; and Svetinovic, D. 2020. Blockchain for explainable and trustworthy ar- tificial intelligence. WIREs Data Mining and Knowledge Discovery 10(1):e1340. Obermeyer, Z.; Powers, B.; Vogeli, C.; and Mullainathan, S. 2019. Dissecting racial bias in an algorithm used to man- age the health of populations. Science 366(6464):447– 453. Pearl, J. 2018. Theoretical Impediments to Machine Learn- ing With Seven Sparks from the Causal Revolution. In Proceedings of the Eleventh ACM International Confer- ence on Web Search and Data Mining - WSDM ’18, 3–3. Marina Del Rey, CA, USA: ACM Press. Russell, S., and Norvig, P. 2012. Artificial Intelligence: A Modern Approach (German Edition). Pearson. Shehu, A.-s.; Pinto, A.; and Correia, M. E. 2019. On the in- teroperability of european national identity cards. In No- vais, P.; Jung, J. J.; Villarrubia González, G.; Fernández- Caballero, A.; Navarro, E.; González, P.; Carneiro, D.; Pinto, A.; Campbell, A. T.; and Durães, D., eds., Ambi- ent Intelligence – Software and Applications –, 9th Inter- national Symposium on Ambient Intelligence, 338–348. Cham: Springer International Publishing. Vaswani, A.; Shazeer, N.; Parmar, N.; Uszkoreit, J.; Jones, L.; Gomez, A. N.; Kaiser, Ł.; and Polosukhin, I. 2017. At- tention is all you need. In Guyon, I.; Luxburg, U. V.; Ben- gio, S.; Wallach, H.; Fergus, R.; Vishwanathan, S.; and Garnett, R., eds., Neural Information Processing Systems (NIPS), 5998–6008. Curran Associates, Inc. Wood, G. 2014. Ethereum: A Secure De- centralised Generalised Transaction Ledger. https://gavwood.com/paper.pdf. accessed on 2019- 02-28. 12