American Council for Technology and Industry Advisory Council (ACT-IAC) have been developing both a blockchain technology primer and a blockchain playbook. ACT-IAC is a public/private partnership which facilitates collaboration and discussion between government and industry experts. ACT-IAC has developed a blockchain primer document [31], which aims to provide an overview of the technology. A second document, a blockchain playbook [32], provides a set of questions with weights to help organizations in their consideration of the technology. There is no lack of whitepapers and news articles with a title like “Do you need a blockchain?” Two computer scientists at the Eidgenössische Technische Hochschule (ETH) Zürich university in Switzerland wrote a whitepaper titled “Do you need a Blockchain?” [33] which provides the background, properties, and a critical view on several use cases. Although not created by the authors, a website [34] has implemented the flowchart presented in the paper in an interactive form.
However, examining the flowchart logic, as well as website code, most paths lead to “no” with only a few leading to “maybe.” This critical view on the technology is one that most organizations should take; organizations should examine whether existing technologies can better solve their problems. The Institute of Electrical and Electronics Engineers (IEEE) published in their Spectrum magazine the article “Do you need a blockchain?”[35]. The article emphasizes the utility a blockchain may provide (as an anti-censorship tool), but also discusses the tradeoff that must be made by moving away from a traditional system. Removal of trusted third parties means relying on multiple sources of “unaffiliated participants” acting in coordination, which depending on the type of blockchain platform, may be difficult to govern.
The article also discusses that the technology is changing at a rapid pace – so it is difficult to predict where it will end up in a few years’ time. The article includes a flowchart of its own to help the reader decide whether they need a blockchain. Finally, the article ends with the following statement: “But you should also consider the possibility that you don’t need a blockchain at all.” This is pertinent to those who may be desperately looking to include blockchain in their organization’s portfolio. Technology sites are also asking organizations to look closely at the technology and apply it only when necessary. Coindesk, a technology website specializing in cryptocurrency and blockchain news, technical matters and editorials, has written the article “
Don’t use a blockchain unless you really need one”[36]. The article gives some small examples about how most data today is owned by siloed organizations, and that as users we only supply it to them. It asks what the world would look like if users owned all their data. The article makes the point that the largest benefit of blockchain technology is its decentralization and can be summed up with the article’s most critical point: “Despite some of the hype, blockchains are ‘incredibly inefficient,’ Ravikant said. ‘
It's worth paying the cost when you need the decentralization, but it's not when you don't.’” Even software developers are urging organizations to examine the key aspects of the technology and how it could be applied to a problem. One such developer wrote on the website C# Corner the article “Do You Need A Blockchain” [37]. This article touches on the history of blockchain technology and brings to light a primary reason for the use of blockchain technology: “Blockchain brings trust to a transactional system.” NISTIR 8202 BLOCKCHAIN TECHNOLOGY OVERVIEW 44
This publication is available free of charge from: https://doi.org/10.6028/NIST.IR.8202 By utilizing a blockchain cryptographic trust can be introduced into a previously no to low trust system. The article goes on to ask several pointed questions (and provides a flowchart) for helping to decide whether a blockchain network would be of benefit. While several sources have been mentioned above for deciding if a blockchain would be applicable, there are many more. Most of the advice surrounding blockchain technology is: investigate it and use it if it is appropriate – not because it is new. 8.1
Additional Blockchain Considerations When deciding whether to utilize a blockchain, one must take into consideration additional factors and determine if these factors limit one’s ability to use a blockchain or a particular type of blockchain: • Data Visibility o Permissioned blockchain networks may or may not reveal blockchain data publicly. The data may only be available to those within the blockchain network. Consider scenarios where data may be governed by policy or regulations (such as Personally Identifiable Information (PII) or General Data Protection Regulation (GDPR) regulations). Data such as this may or may not be appropriate to store even within a permissioned blockchain network. o Permissionless blockchain networks can allow anyone to inspect and contribute to the blockchain. The data is generally public. This leads to several questions that must be considered. Does the data for the application need to be available to everyone? Is there any harm to having public data? • Full transactional history – Some blockchain networks provide a full public history of a digital asset – from creation, to every transaction it is included in. This feature may be beneficial for some solutions, and not beneficial for others. •
Fake Data Input – Since multiple users are contributing to a blockchain, some could submit false data, mimicking data from valid sources (such as sensor data). It is difficult to automate the verification of data that enters a blockchain network. Smart contract implementations may provide additional checks to help validate data where possible. • Tamper evident and tamper resistant data – Many applications follow the “CRUD” (create, read, update, delete) functions for data. With a blockchain, there is only “CR” (create, read). There are methods that can be employed to “deprecate” older data if a newer version is found, but there is no removal process for the original data. By using new transactions to amend and update previous transactions, data can be updated while providing a full history. However, even if a new transaction marked an older transaction as “deleted” – the data would still be present in the blockchain data, even if it is not shown within an application processing the data. • Transactions Per Second –
Transaction processing speed is highly dependent on the consensus model used. Currently transactions on many permissionless blockchain networks are not executed at the same pace as other information technology solutions due to a slow publication time for blocks (usually in terms of seconds, but sometimes minutes). Thus, some slowdown in blockchain dependent applications may occur while waiting for data to be posted. One must ask if their application can handle relatively slow transaction processing? • Compliance – The use of blockchain technology does not exclude a system from following any applicable laws and regulations. For example, there are many compliance considerations with regards to legislation and policies tied to PII or GDPR that identify that certain information should not be placed on the blockchain.
In addition, certain countries may limit the type of data that can be transferred across its geographic boundary. In other instances, certain legislation may dictate that the “first write” of financial transactions must be written to a node which is present within their borders. In any of these cases, a public, permissionless chain may be less appropriate, with a permissioned or hybrid approach required to satisfy regulatory needs. An additional example of laws and regulations are for any blockchain network which manages federal records. Federal records are subject to many laws and regulations.11 Federal agencies themselves must follow specific federal guidelines when utilizing blockchain technology.12 •
Permissions – For permissioned blockchain networks, there are considerations around the permissions themselves o Granularity – do the permissions within the system allow for enough granularity for specific roles that users may need (in a manner like Role-Based Access Control methods) to perform actions within the system Permissioned blockchain networks allow for more traditional roles such as administrator, user, validator, auditor, etc. o Administration – who can administer permissions? Once permissions are administered to a user, can they easily be revoked? • Node Diversity – A blockchain network is only as strong as the aggregate of all the existing nodes participating in the network. If all the nodes share similar hardware, software, geographic location, and messaging schema then there exists a certain amount of risk associated with the possibility of undiscovered security vulnerabilities. This risk is mitigated through the decentralization of the network of heterogeneous devices, which may be defined as
“the non-shared characteristics between any one node and the generalized set” 11 Such as found in the National Archives and Records Administration handbook https://www.archives.gov/recordsmgmt/handbook/records-mgmt-language.html 12 Such as found in the National Archives and Administration policy guide https://www.archives.gov/recordsmgmt/policy/universalermrequirements NISTIR 8202 BLOCKCHAIN TECHNOLOGY OVERVIEW 46 This publication is available free of charge from: https://doi.org/10.6028/NIST.IR.8202 9 Conclusions Blockchain technology is a new tool with potential applications for organizations, enabling secure transactions without the need for a central authority. Starting in 200913, with Bitcoin leveraging blockchain technology, there has been an increasing number of blockchain technology-based solutions. The first applications were electronic cash systems with the distribution of a global ledger containing all transactions.
These transactions are secured with cryptographic hashes, and transactions are signed and verified using asymmetric-key pairs. The transaction history efficiently and securely records a chain of events in a way that any attempt to edit or change a past transaction will also require a recalculation of all subsequent blocks of transactions. The use of blockchain technology is still in its early stages, but it is built on widely understood and sound cryptographic principles. Currently, there is a lot of hype around the technology, and many proposed uses for it. Moving forward, it is likely that the hype will die down, and blockchain technology will become just another tool that can be used. As detailed throughout this publication, a blockchain relies on existing network, cryptographic, and recordkeeping technologies but uses them in a new manner. It will be important that organizations are able to look at the technologies and both the advantages and disadvantages of using them.
Once a blockchain is implemented and widely adopted, it may become difficult to change it. Once data is recorded in a blockchain, that data is usually there forever, even when there is a mistake. Applications that utilize the blockchain as a data layer work around the fact that the actual blockchain data cannot be altered by making later blocks and transactions act as updates or modifications to earlier blocks and transactions. This software abstraction allows for modifications to working data, while providing a full history of changes. For some organizations these are desirable features. For others, these may be deal breakers preventing the adoption of blockchain technology. Blockchain technology is still new and organizations should treat blockchain technology like they would any other technological solution at their disposal--use it only in appropriate situation
Appendix A – Glossary of Terms
The following terms are defined as used in this document.
Address
A short, alphanumeric string derived from a user’s public key through the use of a cryptographic hash function. It typically includes additional data for error detection. Addresses are used to send and receive digital assets within a blockchain network.
Assets
Anything that can be transferred between participants. In blockchain systems, assets may include cryptocurrencies, tokens, digital property, or other forms of digitally represented value.
Asymmetric-Key Cryptography
A cryptographic system in which users possess a private key that is kept secret and used to generate a corresponding public key, which is freely distributed to others.
Users can digitally sign data using their private key, and the resulting signature can be verified by anyone using the associated public key.
Also known as Public-Key Cryptography.
Block
A data structure that contains both a block header and block data.
Block Data
The portion of a block that contains a set of validated transactions and ledger events to be recorded on the blockchain.
Block Header
The portion of a block that contains metadata about the block itself. This typically includes:
A timestamp
A hash representation of the block data
The hash of the previous block’s header
A cryptographic nonce (if required by the consensus model)
Block Reward
A reward, typically in the form of cryptocurrency, awarded to publishing nodes for successfully adding a new block to the blockchain.
Blockchain
A distributed digital ledger consisting of cryptographically signed transactions grouped into blocks. Each block is cryptographically linked to the previous block, making the ledger tamper-evident.
After validation and consensus, new blocks are appended to the chain. As additional blocks are added, earlier blocks become increasingly difficult to modify, providing tamper resistance. Copies of the ledger are distributed across the network, and conflicts are resolved automatically according to established consensus rules.
Blockchain Network User
Any individual, group, business, or organization that uses or operates a blockchain node.
Byzantine Fault Tolerant Proof of Stake Consensus Model
A Proof of Stake (PoS) consensus model in which all staked participants vote on which proposed block should be included next. The system tolerates certain faulty or malicious participants while still achieving consensus.
Centralized Network
A network configuration in which participants must communicate through a central authority in order to interact with one another. Because all communication passes through a single central source, the failure or loss of that source would prevent participants from communicating.
Chain-Based Proof of Stake Consensus Model
A Proof of Stake (PoS) consensus model in which the next block producer is selected through a pseudo-random process. Selection is typically weighted based on the ratio of an individual participant’s stake relative to the total system stake.
Checksum
A value computed from data to detect errors or manipulation. Checksums help ensure data integrity.
Confirmed
The state of a transaction or block after consensus has been reached regarding its inclusion in the blockchain.
Conflict
A situation in which one or more participants disagree on the current state of the system.
Conflict Resolution
A predefined method used to reach consensus when disagreements arise about the system’s state.
For example, if one group of participants recognizes State_A as valid and another group recognizes State_B as valid, a conflict exists. The system resolves the conflict automatically by accepting the state associated with the group that successfully adds the next valid block according to the consensus rules. Transactions not included in the accepted state may be returned to the pending transaction pool.
Consensus Model
A process used to achieve agreement within a distributed system regarding the valid state of the ledger.
Also known as:
Consensus algorithm
Consensus mechanism
Consensus method
Cryptocurrency
A digital asset, credit, or unit of value within a blockchain system that is cryptographically transferred from one blockchain network user to another.
In cases where cryptocurrency is newly created (such as through mining rewards), the publishing node includes a transaction that allocates the newly generated cryptocurrency to one or more users.
These assets are transferred using digital signatures generated through asymmetric-key cryptography.
0 Comments