Blockchain
Overview
Over the last 5 years I have talked to a lot of companies that have been working with blockchain technology. While blockchain is an amazing concept, as are most implementations, many of those uses made no sense. In fact a few of the companies later admitted the only reason they were using blockchain was to increase their interest to investors. A few even mixed in Machine learning/Artificial Intelligence to rake in the bucks up front and hope to pivot later.
What is Blockchain?
First off, it helps to understand what a blockchain is.
A blockchain is a shared ledger that a community verifies entries on through cryptographic algorithms.
Basically, if I put a record in there it will soon be an undeniable, permanent record for all to see. A mathematical notary public where there is no single authority that must be trusted. Think about that and let how cool it is soak in.
You and I can agree on some interaction. Transfer of funds, a contract, even the details of an event. We can both sign the details and submit it to a blockchain. That community would then go through a process and ensure that the latest batch of submissions are forever preserved. If either of us alter any detail the chain will forever deny that change. We can embed data in the transactions of many blockchains, like an image or document, but even if we don’t the cryptographic hash is good enough for many uses later on. That means we don’t have to share the information, just a fingerprint of it and be able to verify that it existed any time in the future.
Cryptocurrency is the most common use of blockchain concepts, but by far is not the most interesting. Contracts and document submissions have a lot more potential to disrupt traditional mechanisms that relied on trust of a third party, or just ink signatures. Cryptocurrency is part of it because the processing of the blockchain needs a large community to donate CPU cycles and a monetary reward is a great way of doing it. This is why people “mine” bitcoin. They are providing computation that verifies the records and makes them unalterable forever in exchange for a little bit of money.
So we have a technology that can mathematically notarize data and share and protect a provable fingerprint (or additional details) that the notarization happened. Those are the 2 concepts in all blockchains applications.
What Blockchain is not
It isn’t a magic solution to any number of security related applications. Just like you wouldn’t use a notary public to guard your house, you can’t use blockchain to protect your system. There are applications of each that can be part of a larger solution (like proving to the police you own the home rather than the burglar sitting on the couch).
Often the magic solution is what companies are pitching. By putting “blockchain” in a sentence they want to impress that things are secure. So many of those cases it provides no extra security than existing methods, and in some it provides no security what so ever.
I’ll describe a few of these cases.
OS/software updates
I’ve seen this a few times and it bothered me each time I saw it. The concept is a trusted producer of software updates would put the update package fingerprint in the blockchain. Each client would download it and verify that it was on the blockchain before installing the update.
First glance this may sound like it’s secure, but think about it. You need to know an ID that you trust for the blockchain entry. This is the same as knowing someone you trust’s public key. I’ll get back to that in a minute. Then you need to download the ledger and check that the update is on it from the trusted ID. If you do those things you can trust the software.
Problems exist though. First, the ledger is going to be large. Bitcoin’s ledger was 285 GB (roughly the size of 3 4K movies) of data in June 2020. Do you have that much bandwidth or storage laying around for updating something like the browser or the clock in the system tray? Sure there are partials that can be trusted, but you still need to download a hefty chunk of the partial before the update through the update. That is most likely going to dwarf the software size. This is why many bitcoin wallets are really managed by trusted third parties which throws out the advantage of using blockchain in the first place.
The next problem is that there was already a working solution. If I know your public key ID, just sign it and I know the payload is from you. End of story, simple to do even on small embedded CPUs. If I have to trust the ID for the blockchain, I can just trust the signature to begin with. Couple Kilobytes of data, a well known algorithm and we are done. The security is identical to the blockchain case, but way easier to implement.
IoT/Network device provisioning
So there are companies that want you to buy a device and they would use the blockchain to come up on line and configure themselves without you setting them up. That sounds so nice why wouldn’t we want to do it. Well sorry to spoil the dream, but you knew it was coming.
So that little black square is a $1 WiFi microcontroller. It can get on the Internet and do all sorts of things locally and remotely. If I make a product out of it, the concept will be that chip will interact with a blockchain. Good luck! Even if it was a 24 port switch or GigE router it is unlikely to be able to work directly with any semi active blockchain. It would be cheaper and easier to put a USB port or NFC board on it to program/configure from a phone app. Any light weight version of the blockchain would essentially be configuration through a web app in that you are trusting a 3rd party. No reason to do anything blockchain when the security is identical for the web page that configures your hardware.
Private
The whole point of blockchain is that a community agrees that something on it is real. There is no magically trusted oracle that says true or false. Everyone involved forms a consensus and everyone can trust the outcome so long as the community is diverse (51% attack is another topic).
When a blockchain is private it can work if all the users are involved but not open to the larger world. For example if all of the banks started to use a blockchain it could replace the clearing houses often run by governments. This could also work for supply chains and loosely connected industries that need to interact with each other.
Some blockchains though are PRIVATE and those don’t work. What I mean is that the ledger is run by a third party and the users just make requests for adding or checking entries on it. In those cases there is no reason to even use a blockchain, it’s just a database at that point. That trusted third party can put whatever they want in the ledger and tell you what they want you to hear. If they need to bring proof to court they can just make a change and recompute the blockchain the same way they could alter log files for a database.
Judging blockchain uses
I’ve outlined some great uses of the blockchain and some fairly crappy ones. How is the average user, developer or business to decide when it makes sense and when it doesn’t? There are some questions to ask.
- Is the ledger available to the community?
- In a paper world would a notary public help make the transaction more trusted?
- Can it be trusted without a third party?
- Traditional public key signatures can’t solve the problem?
- Can the data be trusted before it goes in the blockchain?
If you answer NO to any of those question you probably shouldn’t go any further with the blockchain solution. If you aren’t sure there are plenty of people that can advise you further.