North Carolina State University
In the past 2½ years, blockchain has evolved from a computer science term to a buzzword in the ongoing hype about cryptocurrency, for which the blockchain is the foundation. Articles have even praised the blockchain as “the most important invention after the Internet” (Metry 2017).
One topic of discussion is how to apply blockchains beyond cryptocurrency. Like all emerging technology, there has been much confusion about and misunderstanding of the blockchain concept. One popular misconception is that “blockchains are all like the ones used in Bitcoin.” This is wrong. In this paper I describe various kinds of blockchains and explain why more centralized blockchain structures are more appropriate for business use.
WHAT IS A BLOCKCHAIN?
A blockchain is a digital, append-only, time-stamped ledger. It is a consensus-based, peer-to-peer distributed network with “a growing list (chain) of records, called blocks, which are linked using cryptography. Each block contains a unique hash value of the previous block, a timestamp, and transaction data.”1 Here, consensus refers to a set of rules that users follow to agree on the states of the system; it makes the blockchain a selfauditing ecosystem.2 Hash is a cryptographic function that converts a string into a nonmeaningful, fixedlength output. It is nonreversible since the hash value is highly sensitive to the input—a small change in input leads to a completely different hash value.
The mathematical structure of the blockchain implies two essential properties. First, the data (in block) are immutable. Specifically, if a block is changed, all blocks before it become invalid since all hash values in these blocks become invalid. Second, a distributed network with consensus allows users to communicate directly with each other to broadcast a new block and synchronize the blockchain status. All users can download a copy of the current ledger and add blocks, which means that there is redundancy of the data in the network. Therefore, the blockchain is more tolerant of node failures. With these two properties, the longer the chain and more users (nodes) in the network, the harder to hack into the chain and change blocks without detection, making the blockchain more reliable (Nakamoto 2008).
The first work on building a cryptographically secured chain of blocks was proposed almost 30 years ago by Stuart Haber and W. Scott Stornetta (1991). The concept was formalized in 2008 by Satoshi Nakamoto,3 who proposed “A purely peer-to-peer version of electronic cash that would allow online payments to be sent directly from one party to another without going through a financial institution…but through a system that [is] based on cryptographic proof instead of trust” (emphasis added; Nakamoto 2008). In January 2009, Nakamoto mined the first bitcoin and started the era of cryptocurrency.
In recent years, big tech companies like IBM and Microsoft as well as many startups have put significant effort into extending blockchain systems to various industries, many of which use blockchains with a significantly different structure compared to cryptocurrency, as elaborated below.
PUBLIC OR PRIVATE, PERMISSIONED OR PERMISSIONLESS BLOCKCHAINS
From a governance point of view, the blockchain can be public (open) or private (closed). In a public chain, anyone can initiate transactions, generate and broadcast blocks, and download a copy of the whole ledger. In a private chain, only authorized users can access the network.
The blockchain can also be permissioned or permissionless. The permissioned chain means the rights/authorization of users can be different; some have more authorities (e.g., to validate the block) than others (read-only access). The permissionless chain means that all users have the same rights: anyone in the network can download the ledger, generate blocks, and validate transactions.
While many consider permissioned and private the same, they are, in fact, two concepts. A blockchain that is public or private is independent of whether it is permissioned or not. As explained in testimony to Congress (Jaikaran 2017), “Discussing a blockchain as public or private refers to the level of freedom users have to create identities and read data on that blockchain. Discussing a blockchain
3 The identity of Satoshi Nakamoto remains a mystery.
as permissioned or permissionless refers to the level of access the user would have on that blockchain.” Specifically, the public and permissionless chain has the most decentralized structure and assumes no trust among users. The private and permissioned chain, on the other hand, has the most centralized architecture and the highest level of trust, and usually does not need tokens/coins. The other two combinations are hybrid. Each kind of blockchain has unique properties that are suitable for different applications, as elaborated below.
Public and Permissionless Chains
A majority of cryptocurrencies use public and permissionless chains, which are the most wellknown blockchain type. To understand how this type of chain works, I compare how financial transactions are handled by a traditional bank and by a blockchain. Suppose Alice wants to transfer $10 to Bob. After she initiates the transfer, someone needs to check that her account has enough money, deduct $10 from it, and deposit the $10 to Bob’s account. In traditional banking, this is done in a centralized database controlled by the bank. In a cryptocurrency wallet (e.g., a bitcoin wallet), there is no trusted third party. The transaction instead is broadcasted to the whole network in the following format (the address in this sample is generic; Kadiyala 2018):
15N3yGu3UFHeyUNdzQ5sS3aRFRzu5Ae7EZ sent 0.00086 bitcoin to 1JHG2qjdk5Khiq7X5xQrr1wfigepJEK3t on August 8th, 2019, between 11:10 and 11:20 a.m.
Users compete to validate the transaction for rewards4 through the mining process, grouping transactions in a specific period to form a block. Whoever wants to post the block needs to solve a computationally intensive problem. For each period (e.g., 10 minutes for Bitcoin), only the first one to solve the problem can publish the block and claim the rewards.
Proof of Work Consensus
There are variations of these rules in other chains, but the concept is similar. This proof of work consensus causes most of the confusion and criticism of the blockchain. Because of the difficulty of the nonmeaningful problems solved, the mining process both significantly slows the transaction speed and consumes enormous computational power and energy. The Bitcoin blockchain can currently guarantee only 4.6 transactions per second (10 minutes per block), compared to Visa at 1,736 transactions per second, making the bitcoin process too slow for
4 The reward is usually the cryptocurrency of the network. For example, Bitcoin system offers 12.5 bitcoin for each block mined.
everyday use. This is also called “poor scalability.” And it is estimated that “the global Bitcoin network is consuming more [electricity] … than the country of Switzerland uses over the same time period” (Vincent 2019).
Why is proof of work necessary for a public and permissionless chain? Because the assumption is that malicious users will try to spam the network with fraudulent blocks and modify the existing chain to add selfbenefiting transactions. The proof of work consensus makes sure that it is expensive to create blocks (in terms of both time and energy), so it is difficult and expensive to generate many blocks to flood the system. Also, given the 10minute waiting period for each block, anyone who generates fake blocks is likely to be caught and rejected by other users. Users are thus incentivized to spend their computational power on legitimate blocks so their work can be compensated. Besides, transactions within blocks are kept secure by the amount of energy spent on mining blocks before them5: the longer the chain, the more expensive for hackers to replace it with a fake one.
The proof of work consensus allows a truly distributed network, maximum number of pseudonymous users, fairness among nodes, and chain nontamper-ability, with efficiency and reasonable cost in computational power.
Proof of State Consensus
Another popular, more recent consensus for the public and permissionless chain is proof of state, which attributes mining power to the proportion of coins held by a miner (Young 2016). This consensus significantly reduces the computational power and time required to add blocks. The logic is clear: those with more coins have less motivation to sabotage the chain. On the other hand, a system in which the major stakeholder enjoys extensive control and authority over both technical and economic aspects of the network creates a monopoly problem. In addition, block generators lose nothing by voting for multiple versions of chains (the “nothingatstake” problem). Because of this, “some cryptocurrencies are vulnerable to Fake Stake attacks, where an attacker uses no or minimal stake to crash an affected node.”6
Even with recent improvements, transaction validation speeds for cryptocurrencies based on point of sale are still not on par with traditional systems.
5 Public versus private (permissioned) blockchain comparison. DevTeam.Space (https://www.devteam.space/blog/public-vs-private-permissioned-blockchain-comparison/).
6 “Fake Stake” attacks on chain-based Proof-of-Stake cryptocurrencies. Medium/Cryptocurrency. (https://medium.com/@dsl_uiuc/fake-stake-attacks-on-chain-based-proof-of-stake-cryptocurrencies-b8b05723f806).
Private and Permissioned Chains
For many businesses and organizations, blockchain is attractive as a recordkeeping and sharing system. However, the slow transaction validating speed, poor scalability, and lack of data privacy make the public and permissionless chain a poor choice. For healthcare records, for example, the network should be neither public (it must be Health Insurance Portability and Accountability Act protected) nor permissionless (only authorized people should be allowed to add records). In these cases, the private and permissioned chain is a good option as it allows only authorized users with different levels of authority in the chain.
The IBM Hyperledger Fabric (Mamun 2018) is a blockchain network set by various collaborative organizations called “members.” Each member selects the peers from his or her organization to involve in the blockchain. These peers have different authorizations: endorsers validate transactions and decide to approve or disapprove transactions, anchors are in charge of broadcasting updates, and orderers are in charge of creating and delivering blocks to all the peers. In this network there is intrinsic trust both among peers (since they are from the same organization) and among members since they are collaborating and only dedicated peers who organizations trust can validate transactions and add blocks. There is usually no incentive for malicious behaviors. This consensus is called proof of authority, as a number of nodes are “authorities” in charge of validating transactions.
The other popular consensuses are a round-robin scheme, where users on the network take turns adding new blocks, and proof of elapsed time, where each node is assigned a random waiting period and the first node to reach the elapsed time gets to create the next node.
The main criticism of the private and permissioned chain is that it is not a real blockchain. Its multicentralized control system (members) defeats the decentralization property of the blockchain. Many of these chains also do not need a token/coin to incentivize participants, which means that there is no mining. In these cases, the question becomes, Why not just use a distributed database? This is a legitimate question. If a business has critical data that it wants to share internally, a combination of the current database, cloud, and identity management technologies will likely be adequate for its needs. However, if several organizations seek to collaborate and want the data to be immutable and auditable to avoid data discrepancies, a blockchain is probably more appropriate and convenient (e.g., for a supplier–vendor relationship or an insurance company–clinic–patient relationship).
Private and Permissionless, Public and Permissioned Chains
At the two ends of the spectrum there are private and permissionless chains and public and permissioned chains. Neither type of chain has been widely implemented, and both are mainly at conceptual levels.
The private and permissionless chain would allow anybody in the network to submit and process transactions but would control who can be involved in the chain. It could be used to, for example, handle government records, compile research results from different teams, or maintain data privacy.
The public and permissioned chain would allow anyone to access the ledger, but only verified parties to submit, process, and validate transactions. Public and permissioned chains emphasize who can write in/regulate data and can be applied to, for example, real estate registries, diploma checking system, or other scenarios involving regulation or protection from forgery. The categorization can be expanded with partial permissions and a combination of public and private schemes. Why is this interesting? I discuss it in the next session.
CHALLENGES OF SCALABILITY, SECURITY, AND DECENTRALIZATION
From the system design point of view, there are three major characteristics of blockchains: scalability, security, and decentralization. Scalability refers to the ledger’s ability to handle growth, security denotes attack resistance, and decentralization refers to the network’s transparency, synchronization, and fairness. The trade-off among these three is called the scalability trilemma: it is hard to maximize two without sacrificing the third. A useful figure for illustrating this concept can be found at https://steemit.com/blockchain/@reverseacid/the-scalability-trilemma.
Blockchain mechanism design must find a specific (usually hybrid) blockchain structure based on the requirements of the application. This goal motivates my laboratory to seek a better understanding of the blockchain as a complex system, quantifying and modeling its key features and performance, and simulating various structures for a structural mechanism design paradigm.
Blockchain is not for everything. In many (if not most) cases, as discussed above, a distributed database with access control is more than adequate, and is much faster and cheaper. Caution is appropriate amid the blockchain hype. For example, is “blockchaining the system” necessary? What problems does it solve? Are there options?
On the other hand, the blockchain is a tool for big data and artificial intelligence (AI). It may serve as the neural network that connects data and AI by validating, auditing, and sharing data safely and, if wanted, anonymously. It is especially promising when combined with internet of things (IoT) and wearable sensors to collect and distribute data automatically, without individuals needing to worry about misuse of their data by big companies. More solid business and social applications of blockchains are in the future.
Haber S, Stornetta WS. 1991. How to time-stamp a digital document. Journal of Cryptology 3(2):99–111.
Jaikaran C. 2017. Consumer data security and the credit bureaus. Testimony before the Senate Committee on Banking, Housing, and Urban Affairs, Oct 17. Available at https://www.banking.senate.gov/download/jaikaran-testimony-10-17-17pdf.
Kadiyala A. 2018. Nuances between permissionless and permissioned blockchains. Medium, Feb 17. Available at https://medium.com/@akadiyala/nuances-between-permissionless-and-permissioned-blockchains-f5b566f5d483.
Mamun M. 2018. How does Hyperledger Fabric work? Medium, Apr 17. Available at https://medium.com/coinmonks/how-does-hyperledger-fabric-works-cdb68e6066f5.
Metry M. 2017. Blockchain technology is the most significant invention since the Internet and electricity. Medium, Sep 2.
Steemit. 2018. The scalability trilemma. Available at https://steemit.com/blockchain/@reverseacid/thescalabilitytrilemma.
Vincent J. 2019. Bitcoin consumes more energy than Switzerland, according to new estimate. The Verge, Jul 4.
Young J. 2016. Proof-of-work vs. proofofstake: Merits and disadvantages. Coinfox, Sep 14. Available at http://www.coinfox.info/news/reviews/6417-proof-of-work-vs-proof-of-stake-meritsand-disadvantages.
This page intentionally left blank.