By: Mayank Lau, Senior Consultant at Data Security Council of India
Some of you may not have experienced emergence of computing or internet and take it for granted, but for sure you are inundated with blockchain ‘up and down’ streams. It is a wildfire which is spreading everywhere and trying to emerge as a solution to every problem of this planet. ‘Bitcoin’ is believed to be the birth of blockchain when it comes to large &andcomplex application of it. If you are yet to catch up on what is ‘Bitcoin’ and ‘Blockchain’, in few years if your state remains the same then the world will see you as a native of digital stone-age, you may become a technology outcast!
What is blockchain? It is a peer to peer ledger which is distributed in nature based on the principle that ‘World can exist without intermediaries or third parties’ and it works based on consensus aka validation mechanisms programmed on different nodes of its networks. Characteristics such as no single point of failure (as it is distributed), absolute transparency, robust cryptographic techniques, near 100% immutability and its ability to use smart contracts (based on programming) makes blockchain the most loved child of the contemporary digital era. The history of blockchain is not restricted to the emergence of bitcoin, rather it is a culmination of many cryptographic & networking developments such as rise of P2P networks (remember torrent and napster), development of e-Cash & Hash-Cash, development of state machine replication and research on consensus mechanisms etc. Some researchers have also defined blockchain as a layer sitting on the top of TCP-IP layer in an overall technology stack.
How many types of blockchain have emerged? There are many, such as public, private, semi-private, side-chains etc. Public blockchains are the ones in which anyone can participate (bitcoin is a classic example of it), private blockchain is based on membership which is to be requested (Hyperledger project which is work in progress belongs to this category), sidechains which are defined as per an ENISA report as follows “Concept of running a separate distributed ledger off of the main chain but with transactions able to take place in the same currency (such as bitcoin or ether) as the core system” and lastly semi-private ; a combination of public and private blockchains.
So, how a typical blockchain operates? The answers is via consensus algorithms which are also emerging in different flavours, consensus is nothing but the requirement for any blockchain network to agree to a single version of truth leveraging different concepts. When the nodes agree to a truth which may consist of scenarios such as agreement on the same state, rejection of a false state, decision on validity of a transaction, blacklisting a faulty node making the network resilient and checking on the integrity of transactions.
Few popular concepts or methods of establishing consensus are (I) Proof of Work: In simple terms participants need to solve a mathematical puzzle and then they are incentivized for it (II) Proof of Stake: Participants need to have skin in the game and they may own a section of blockchain and it acts as a driver for them to maintain a version of ledger which is of true state (III) Proof of Elapsed Time: Leader selects the next version of the ledger but leader selection is based on a fair lottery program. Other consensus mechanisms which are yet to gain popularity are based on techniques such as federation, reputation, delegated proof of stake, leader based, and deposit based and based on participant’s importance etc. How a blockchain accumulates blocks and constructs a network can be understood as follows.
- The genesis node initiates a transaction with a private key.
- Transaction is propagated to peers which is put to consensus based on a pre-set criteria, if agreed then it is added on the network.
- It results in a new block (consisting of transactions) becoming part of ledger and is linked to previous block leveraging the concept of hash pointers from the field of cryptography.
The technology universe has also started building an ecosystem around blockchain. The stack is growing day by day. The stack consists of, but not limited to, decentralized applications, new protocols to improve its performance or emergence of organizations based on it etc. The next question is whether blockchain potential is being tested against business use cases or in addressing national problems. Not to disappoint, it is proving to be a game changer. The sectors which are in love with its potential are BFSI, Supply Chain, and Trade-Finance and IPR protection. The banks have started using it for connecting their local branches and improving its settlement system’s processing time and save on irrelevant cost, putting client KYC system on blockchain so that other banks can use the data on real time basis to provide expedited services and products. Organizations are also using it to enhance visibility on its third parties and their integration so that cost leakages in a complex supply chain can be avoided.
These were typical examples of B2B use cases. Shifting gears, let us explore a few B2C cases such as ambitious project ‘fermat.org’ to re-decentralize the internet ,common man sharing storage space from its computing power for others to use and advertisements-free social media sites based on blockchain model have emerged which is trying to kill the business models of the existing social media giants. Moving away from industry use cases, nations are exploring if blockchain can be a ‘near panacea’ for its systems’ inefficiencies. Some use cases which are being tested on a national level are: management of land & health records, smart cities implementation in which IoT devices are to be connected leveraging blockchain network, making better use of agriculture supply chain and bringing national credit rating system on it etc.
The question organizations and countries are asking is ‘How to qualify a case which is to be addressed by blockchain?’ Frameworks on it have started emerging and are trying to guide them towards a standardized path. One universal principle which has emerged is ‘the need of optimizing the intermediaries in any system may require the utilization of blockchain technology’, subjected to, if intermediaries are serving no good purpose.
Any period movie would depict that raw material had been gathered to build the ‘fairy tale castle of blockchain’. But every castle of the future would need appropriate protection from the adversaries. The claim that the rising castle of blockchain is 100% immutable and hack proof is proving to be a myth. Recent hacks on ethereum system in which ‘ether’ worth millions have been stolen forces us to think and deliberate on the potential vulnerabilities which may exist in present and future blockchain architectures. The threat landscape comprises of challenges, such as, but not limited to.
- Miners undercutting blockchains making it vulnerable to double spending attacks.
- Miners colluding to conduct selfish mining, duping honest participants.
- Consensus on blockchain governed by few set of nodes with maximum computing power leading to consensus hijack.
- Nodes colluding to perform a DDoS on a blockchain network.
- Vulnerabilities in the code of smart contracts.
- System not becoming scalable and resilient because of no consensus of nodes on block size and optimizing processing time of transactions.
- Improper private key management leading to unauthorized usage of a user credential.
- Nodes acting as spammers, affecting the performance of a blockchain system.
- Lack of research & development on privacy preserving smart contracts.
- Emergence of quantum computing may facilitate breaking encryption an easy task.
- Systems vulnerable to eclipse attack which allows an adversary controlling a sufficient number of IP addresses to hijack all or majority of the nodes.
Adding to aforementioned challenges is the limited understanding of the blockchain universe. If organizations and nations adhere to the fundamentals, then these new risks can be mitigated or controlled to an extent. The fundamentals to mitigate threat challenges are such as, but not limited to, make use of multiple signatures to authorize transactions, use recovery agents in case of lost or stolen private keys, use distinct keys to sign and encrypt, use sharding (specific transactions being validated by specific organizations) as a technique in the private blockchain , review code of blockchain applications and third party libraries, monitor nodes for abnormal behaviour such as sudden increase in computing power and number of transactions, make it taxing for nodes to process high number of transactions, use merged mining for sidechains, set stringent criteria for accepting new participants as nodes, provision blacklisting as a feature on the network for the malicious nodes, leverage smart contracts for enhanced governance etc.
Above specimens are the set of challenges from a limited view of implementation & management of a blockchain system. The actual elephant in the room is; paving the path for blockchain adoption with the help of a conducive public policy or legislation which enables experimentation & innovation by the government. It is to be augmented with formulation of standards and frameworks in the near future. Few developments in the public policy space that have been able to move some stones (but they may not prove to be enough to move the rising blockchain mountain), European Commission in 2017 announced funding of an observatory and platform for stakeholders to understand the role of authorities in adoption of blockchain technology; Monetary Authority of Singapore (MAS) in 2016 partnered with R3 on a Proof of Concept (PoC) to test a use case of inter-bank payments leveraging blockchain; USA is on a path of a cautious state specific approach e.g. US Illinois Department of Financial and Professional Regulation becoming the member of the R3 consortia. Malta being the only standout that has announced its intent to develop a national blockchain strategy. In India RBI has been a forerunner in terms of playing with blockchain use cases and recently market regulator SEBI constituted a committee on financial & regulatory technologies to study blockchain area. Sad part is in India there is no evident progress on any national public policy on blockchain . Are Indian policy makers tracking this blockbuster movie on blockchain! If not they must aggressively, because after some years we may miss one more technology train and again end up playing ‘Tom and Jerry’ catching up game.
Let us end this reading with ‘Blockchain Dreaming’ in which we close our eyes just the way Einstein used to do and think madly about what we can do with this technology. When I did this dreaming exercise, I came up with my wishes from blockchain as follows. I would like to see human species able to achieve singularity in my lifetime i.e. blockchain used for each and every service one can imagine and I saw Google on blockchain! You may experience a different dream on it. Go for it and see what you can build with this emerging demi-god of technologies popularly known as blockchain.