It’s been a big month for blockchain.
- The Hyperledger consortium released the Fabric platform, a state-of-the-art configurable distributed ledger environment including a policy editor known as Composer.
- The Enterprise Ethereum Alliance was announced, being a network of businesses and Ethereum experts, aiming to define enterprise-grade software (and evidently adopt business speak).
- And IBM launched its new Blockchain as a Service at the Interconnect 2017 conference in Las Vegas, where blockchain was almost the defining theme of the event. A raft of advanced use cases were presented, many of which are now in live pilots around the world. Examples include shipping, insurance, clinical trials, and the food supply chain.
I attended InterConnect and presented my research on Protecting Private Distributed Ledgers, alongside Paul DiMarzio of IBM and Leanne Kemp from Everledger.
Disclosure: IBM paid for my travel and accommodation to attend Interconnect 2017.
Ever since the first generation blockchain was launched, applications far bigger and grander than crypto-currencies have been proposed, but with scarce attention to whether or not these were good uses of the original infrastructure. I have long been concerned with the gap between what the public blockchain was designed for, and the demands from enterprise applications for third generation blockchains or "Distributed Ledger Technologies" (DLTs). My research into protecting DLTs has concentrated on the qualities businesses really need as this new technology evolves. Do enterprise applications really need “immutability” and massive decentralisation? Are businesses short on something called “trust” that blockchain can deliver? Or are the requirements actually different from what we’ve been led to believe, and if so, what are the implications for security and service delivery? I have found the following:
In more complex private (or permissioned) DLT applications, the interactions between security layers and the underlying consensus algorithm are subtle, and great care is needed to manage side effects. Indeed, security needs to be rethought from the ground up, with key management for encryption and access control matched to often new consensus methods appropriate to the business application.
At InterConnect, IBM announced their Blockchain as a Service, running on the “Bluemix High security business network”. IBM have re-thought security from the ground up. In fact, working in the Hyperledger consortium, they have re-engineered the whole ledger proposition.
And now I see a distinct shift in the expectations of blockchain and the words we will use to describe it.
For starters, third generation DLTs are not necessarily highly distributed. Let's face it, decentralization was always more about politics than security; the blockchain's originators were expressly anti-authoritarian, and many of its proponents still are. But a private ledger does not have to run on thousands of computers to achieve the security objectives. Further, new DLTs certainly won't be public (R3 has been very clear about this too – confidentiality is normal in business but was never a consideration in the Bitcoin world). This leads to a cascade of implications, which IBM and others have followed.
When business requires confidentiality and permissions, there must be centralised administration of user keys and user registration, and that leaves the pure blockchain philosophy in the shade. So now the defining characteristics shift from distributed to concentrated. To maintain a promise of immutability when you don't have thousands of peer-to-peer nodes requires a different security model, with hardware-protected keys, high-grade hosting, high availability, and special attention to insider threats. So IBM's private blockchains private blockchains run on the Hyperledger Fabric, hosted on z System mainframes. They employ cryptographic modules certified to Common Criteria EAL 5-plus and FIPS-140 level 3. These are the highest levels of security certification available outside the military. Note carefully that this isn't specmanship. With the public blockchain, the security of nodes shouldn't matter because the swarm, in theory, takes care of rogue miners and compromised machines, but the game changes when a ledger is more concentrated than distributed.
Now, high-grade cryptography will become table stakes. In my mind, the really big thing that’s happening here is that Hyperledger and IBM are evolving what blockchain is really for.
The famous properties of the original blockchain – immutability, decentralisation, transparency, freedom and trustlessness – came tightly bundled, expressly for the purpose of running peer-to-peer cryptocurrency. It really was a one dimensional proposition; consensus in particular was all about the one thing that matters in e-cash: the uniqueness of each currency movement, to prevent Double Spend.
But most other business is much more complex than that. If a group of companies comes together around a trade manifest for example, or a clinical trial, where there are multiple time-sensitive inputs coming from different types of participant, then what are they trying to reach consensus about?
The answer acknowledged by Hyperledger is "it depends". So they have broken down the idealistic public blockchain and seen the need for "pluggable policy". Different private blockchains are going to have different rules and will concern themselves with different properties of the shared data. And they will have different sub-sets of users participating in transactions, rather than everyone in the community voting on every single ledger entry (as is the case with Ethereum and Bitcoin).
These are exciting and timely developments. While the first blockchain was inspirational, it’s being superseded now by far more flexible infrastructure to meet more sophisticated objectives. I see us moving away from “ledgers” towards multi-dimensional constructs for planning and tracing complex deals between dynamic consortia, where everyone can be sure they have exactly the same picture of what’s going on.
In another blog to come, I’ll look at the new language and concepts being used in Hyperledger Fabric, for finer grained control over the state of shared critical data, and the new wave of applications.
Blockchain is an algorithm and distributed data structure designed to manage electronic cash without any central administrator. The original blockchain was invented in 2008 by the pseudonymous Satoshi Nakamoto to support Bitcoin, the first large-scale peer-to-peer crypto-currency, completely free of government and institutions.
Blockchain is a Distributed Ledger Technology (DLT). Most DLTs have emerged in Bitcoin's wake. Some seek to improve blockchain's efficiency, speed or throughput; others address different use cases, such as more complex financial services, identity management, and "Smart Contracts".
The central problem in electronic cash is Double Spend. If electronic money is just data, nothing physically stops a currency holder trying to spend it twice. It was long thought that a digital reserve was needed to oversee and catch double-spends, but Nakamoto rejected all financial regulation, and designed an electronic cash without any umpire.
The Bitcoin (BTC) blockchain crowd-sources the oversight. Each and every attempted spend is broadcast to a community, which in effect votes on the order in which transactions occur. Once a majority agrees all transactions seen in the recent past are unique, they are cryptographically sealed into a block. A chain thereby grows, each new block linked to the previously accepted history, preserving every spend ever made.
A Bitcoin balance is managed with an electronic wallet which protects the account holder's private key. Blockchain uses conventional public key cryptography to digitally sign each transaction with the sender's private key and direct it to a recipient's public key. The only way to move Bitcoin is via the private key: lose or destroy your wallet, and your balance will remain frozen in the ledger, never to be spent again.
The blockchain's network of thousands of nodes is needed to reach consensus on the order of ledger entries, free of bias, and resistant to attack. The order of entries is the only thing agreed upon by the blockchain protocol, for that is enough to rule out double spends.
The integrity of the blockchain requires a great many participants (and consequentially the notorious power consumption). One of the cleverest parts of the BTC blockchain is its incentive for participating in the expensive consensus-building process. Every time a new block is accepted, the system randomly rewards one participant with a bounty (currently 12.5 BTC). This is how new Bitcoins are minted or "mined".
Blockchain has security qualities geared towards incorruptible cryptocurrency. The ledger is immutable so long as a majority of nodes remain independent, for a fraudster would require infeasible computing power to forge a block and recalculate the chain to be consistent. With so many nodes calculating each new block, redundant copies of the settled chain are always globally available.
Contrary to popular belief, blockchain is not a general purpose database or "trust machine". It only reaches consensus about one specific technicality – the order of entries in the ledger – and it requires a massive distributed network to do so only because its designer-operators choose to reject central administration. For regular business systems, blockchain's consensus is of questionable benefit.
Posted in Blockchain
A few days ago, it was reported that Julian Assange "read out a bitcoin block hash to prove he was alive". This was in response to rumours that he had died. It was a neat demonstration not only that he was not dead, but also of a couple of limits to the blockchain that are still not widely appreciated. It showed that blockchain on its own provides little value beyond cryptocurrency; in particular, on its own, blockchain doesn’t ‘prove existence’. And further, we can see that when blockchain is hybridised with other security processes, it is no longer terribly unique.
What Assange did was broadcast himself reading out the hexadecimal letters and numbers of the most recent block hash at the time, namely January 10th. Because the hash value is unique to the transaction history of the blockchain and cannot be predicted, quoting the hash value on January 10th proves that the broadcast was not made earlier than that day. It’s equivalent to holding up a copy of a newspaper to show that a video has to be contemporary.
With regards to proof of existence, the evidence on the blockchain comes from the digital signatures created by account holders’ private keys. A blockchain entry certainly proves that a certain private key existed at the time of the entry, but on its own, blockchain doesn’t prove who controls the key. A major objective of blockchain as a crypto-currency engine was indeed to remove any central oversight of keys and account holders.
Quoting the blockchain hash value from January 10th doesn’t prove Assange was alive that day. It is the combination of the broadcast and the blockchain that tells us he was alive.
If this is an example of blockchain providing proof-of-existence (or “proof of life” according to some reports) then the video is like a key management layer: it augments the blockchain by binding the physical person to the data structure. Yet the combination of a video and the blockchain doesn’t provide any unique advantages over, for example, a video plus the day’s newspaper, or a video plus a snapshot of the day’s stock market ticker tape or lotto numbers.
The pure blockchain was designed to manage decentralised electronic cash and it does that with great distinction. But blockchain needs to be combined with other processes to achieve the many other non-cryptocurrency use cases, and those combinations erode its value. If you need to wrap blockchain with other security mechanisms to achieve some outcome, you will find that the consensus algorithm becomes redundant, and that simpler systems can get the job done.
Posted in Blockchain
In a Huffington Post blog "Why the Blockchain Still Lacks Mass Understanding" William Mougayar describes the blockchain as "philosophically inclined technology". It's one of his rare instances of understatement. Like most blockchain visionaries, Mougayar massively exaggerates what this thing does, overlooking what it was designed for, and stretching it to irrelevance. If "99% of people still don’t understand the blockchain" it's because Mougayar and his kind are part of the problem, not part of the solution.
Let's review. This technology is more than philosophically "inclined". Blockchain was invented by someone who flatly rejected fiat currency, government regulation and financial institutions. Satoshi Nakamoto wanted an electronic cash devoid of central oversight or 'digital reserve banks'. And he solved what was thought to be an unsolvable problem, with an elaborate and brilliant algorithm that has a network of thousands of computers vote on the order in which transaction appears in a pool. The problem is Double Spend; the solution is have a crowd watch every spend to see that no Bitcoin is spent twice.
But that's all blockchain does. It creates consensus about the order of entries in the ledger. It does not and cannot reach consensus about anything else, not without additional off-chain processes like user registration, permissions management, access control and encryption. Yet these all require the sort of central administration that Nakamoto railed against. Nakamoto designed an amazing solution to the Double Spend problem, but nothing else. Nakamoto him/herself said that if you still need third parties in your ledger, then the blockchain loses its benefits.
THAT is what most people misunderstand about blockchain. Appreciate what blockchain was actually for and you will see that most applications beyond its original anarchic scope for this philosophically single-minded technology simply don't add up.
Posted in Blockchain
Last month, over September 26-27, I attended a US government workshop on The Use of Blockchain in Healthcare and Research, organised by the Department of Health & Human Services Office of the National Coordinator (ONC) and hosted at NIST headquarters at Gaithersburg, Maryland. The workshop showcased a number of winning entries from ONC's Blockchain Challenge, and brought together a number of experts and practitioners from NIST and the Department of Homeland Security.
I presented an invited paper "Blockchain's Challenges in Real Life" (PDF) alongside other new research by Mance Harmon from Ping Identity, and Drummond Reed from Respect Network. All the workshop presentations, the Blockchain Challenge winners' papers and a number of the unsuccessful submissions are available on the ONC website. You will find contributions from major computer companies and consultancies, leading medical schools and universities, and a number of unaffiliated researchers.
I also sat on a panel session about identity innovation, joining entrepreneurs from Digital Bazaar, Factom, Respect Network, and XCELERATE, all of which are conducting R&D projects funded by the DHS Science and Technology division.
Around the same time as the workshop, I happened to finalise two new Constellation Research papers, on security and R&D practices for blockchain technologies. And that was timely, because I am afraid that once again, I have immersed myself in some of the most current blockchain thinking, only to find that key pieces of the puzzle are still missing.
Disclosure: I traveled to the Blockchain in Healthcare workshop as a guest of ONC, which paid for my transport and accommodation.
Three observations from the Workshop
There were two things I just did not get as I read the winning Blockchain Challenge papers and listened to the presentations. And I observe that there is one crucial element that most of the proposals are missing
Firstly, one of the most common themes across all of the papers was interoperability. A great challenge in e-health is indeed interoperability. Disparate health systems speak different languages, using different codes for the same medical procedures. Adoption of new standard terminologies and messaging standards, like HL-7 and ICD, is infamously slow, often taking a decade or longer. Large clinical systems are notoriously complex to implement, so along the way they invariably undergo major customisation, which makes each installation peculiar to its setting, and resistant to interfacing with other systems.
In the USA, Health Information Exchanges (HIEs) have been a common response to these problems, the idea being that an intermediary switching system can broker understanding between local e-health programs. But as anyone in the industry knows, HIEs have been easier said than done, to say the least.
According to many of the ONC challenge papers, blockchain is supposed to bring a breakthrough, yet no one has explained how a ledger will make the semantics of all these e-health silos suddenly compatible. Blockchain is a very specific protocol that addresses the order of entries in a distributed ledger, to prevent Double Spend without an administrator. Nothing about blockchain's fundamentals relates to the contents of messages, healthcare semantics, medical codes and so on. It just doesn't "do" interoperability! The complexity in healthcare is intrinsic to the subject matter; it cannot be willed away with any new storage technology.
The second thing I just didn't get about the workshop was the idea that blockchain will fix healthcare information silos. Several speakers stressed the problem that data is fragmented, concentrated in local repositories, and hard to find when needed. All true, but I don't see what blockchain can do about this. A consensus was reached at the workshop that personal information and Protected Health Information (PHI) should not be stored on the blockchain in any significant amounts (not just because of its sensitivity but also the sheer volume of electronic health records and images in particular). So if we're agreed that the blockchain could only hold pointers to health data, what difference can it make to the current complex of record systems?
And my third problem at the workshop was the stark omission of key management. This is the central administrative challenge in any security system, of getting the right cryptographic keys and credentials into the right hands, so all parties can be sure who they are dealing with. The thing about blockchain is that it did away with key management. The genius of the original Bitcoin blockchain is it allows people to exchange guaranteed value without needing to know anything about each other. Blockchain actually dispenses with key management and it may be unique in the history of security for doing so (see also Blockchain has no meaning). But when we do need to know who's who in a health system – to be certain when various users really are authorised medicos, researchers, insurers or patients – then key management must return to the mix. And then things get complicated, much more complicated than the utopian setting of Bitcoin.
Moreover, healthcare is hierarchical. Inherent to the system are management structures, authorizations, credentialing bodies, quality assurance and audits – all the things that blockchain's creator Satoshi Nakamoto expressly tried to get rid of. As I explained in my workshop speech, if a blockchain deployment still has to involve third parties, then the benefits of the algorithm are lost. So said Nakamoto him/herself!
In my view, most blockchain for healthcare projects will discover, sooner or later, than once the necessary key management arrangements are taken care of, their choice of distributed ledger technology becomes inconsequential.
New Constellation Research on Blockchain Technologies
Security for blockchains and Distributed Ledger Technologies (DLTs) have evolved quickly. As soon as interest in blockchain grew past crypto-currency into mainstream business applications, it became apparent that the core ledger would need to augmented with permissions for access control, and encryption for confidentiality. But what few people appreciate is that these measures conflict with the rationale of the original blockchain algorithm, which was expressly meant to dispel administration layers. The first of my new papers looks at these tensions, what they mean for public and private blockchain systems, paints a picture for third generation DLTs.
The uncomfortable marriage of ad hoc security and the early blockchain is indicative of a broader problem I've written about many times: too much blockchain "innovation" is proceeding with insufficient rigor. Which brings us to the second of my new papers. In the rush to apply blockchain to broader payments and real world assets, few entrepreneurs have been clear and precise about the problems they think they’re solving. If the R&D is not properly grounded, then the resulting solutions will be weak and will ultimately fail in the market. It must be appreciated that the original blockchain was only a prototype. Great care needs to be taken to learn from it and more rigorously adapt fast-evolving DLTs to enterprise needs.
Constellation ShortListTM for Distributed Ledger Technologies Labs
Finally, Constellation Research has launched a new product, the Constellation ShortListTM. These are punchy lists by our analysts of leading technologies in dozens of different categories, which will each be refreshed on a short cycle. The objective is to help buyers of technology when choosing offerings in new areas.
My Constellation ShortListTM for blockchain-related solution providers is now available here.
What do land titles, marriage certificates, diamonds, ballots, aircraft parts and medical records have in common? They are all apparently able to be managed "on the blockchain". But enough with the metaphors. What does it mean to be "on the blockchain"?
To put a physical asset "on" the blockchain requires two mappings. Firstly, the asset needs to be mapped onto a token. For example, the serial number or barcode of a part or a diamond is inserted as metadata into a blockchain transaction, to codify the transfer of ownership of the asset. Secondly, asset owners need to be mapped onto their respective blockchain wallet public keys (through the sort of agent or third party which Nakamoto, let's remember, expressly tried to get rid of with the P2P consensus algorithm). The mapping can be pseudonymous, but buyers and sellers of land for instance, need to be confident that the counterparties control the keys they claim to.
How does the "naked" blockchain get away without these mappings? It's because Bitcoins don't exist off-chain. In fact they don't exist "on" the chain either; the blockchain itself only records subtractions and additions of balances.
Furthermore, possession of the private key is the only thing that matters with Bitcoin. Control a wallet's private key and you control the wallet balance. The protocol doesn't care who is in control; it will simply ensure that a quantity of Bitcoin will be transferred from one wallet to another, regardless of who "owns" them.
So unlike any other cryptographic security system, Bitcoin key pairs need not be imbued with any extrinsic significance, or associated with (bound to) any real world attributes. Bitcoins have no symbolic meaning. And in fact that is blockchain's magic trick!
But to make tokens stand for anything else - anything real - breaks the spell. Symbols are defined by authorities, and keys and attributes can only be assigned by third parties. If you have administrators, you just don't need the additional overhead of the blockchain, which exists purely to get around Nakamoto's express assumption that nobody in his system of electronic cash was to be trusted.
Bitcoin is often said to be anonymous, but its special property is actually that it has no meaning. It's truly amazing that such a thing can have value and be relied upon, which is a testament to its architecture. Blockchain was deliberately designed for a non fiat crypto currency. It's brilliant yet very specific to its intended trust-less environment. To re-introduce trusted processes simply undoes the benefits of blockchain.
I’ve been a critic of Blockchain. Frankly I’ve never seen such a massed rush of blood to the head for a new technology. Breathless books are being churned out about “trust infrastructure” and an “Internet of Value”. They say Blockchain will keep politicians and business people honest, and enable “billions of excluded people to enter the global economy”.
Most pundits overlook the simple fact that Blockchain only does one thing: it lets you move Bitcoin (a digital bearer token) from one account to another without an umpire. And it doesn’t even do that very well, for the Proof of Work algorithm is stupendously inefficient. Blockchain can't magically make merchants keep up their side of a bargain. Surprise! You can still get ripped off paying with Bitcoin. Blockchain simply doesn’t do what the futurists think it does. In their hot flushes, they tend to be caught in a limbo between the real possibilities of distributed consensus today and a future that no one is seeing clearly.
But Blockchain does solve what was thought to be an impossible problem, and in the right hands, that insight can convert to real innovation. I’m happy to see some safe pairs of hands now emerging in the Blockchain storm.
One example is an investment being made by Ping Identity in Swirlds and its new “hashgraph” distributed consensus platform. Hashgraph has been designed from the ground up to deliver many of Blockchain’s vital properties (consensus on the order of events, and redundancy) in a far more efficient and robust manner.
And what is Ping doing with this platform? Well they’re not rushing out with vague promises to manufacture "trust" but instead they’re making babysteps on real problems in identity management. For starters, they’re applying the new hashgraph platform to Distributed Session Management (DSM). This is the challenge of verifiably shutting down all of a user’s multiple log-on sessions around the web when they take a break, suffer a hack, or lose their job. It's one of the great headaches of enterprise identity administration and is exploited in a great many cyberattacks.
Ping’s identity architects have carefully set out the problem they’re trying to solve, why it’s hard, and how existing approaches don’t deliver the desired security properties for session management. They then evaluated a number of consensus approaches - not just Blockchain but also Paxos and Raft – and discussed their limitations. The Ping team then landed on hashgraph, which appears to meet the needs, and also looks like it can deliver a range of advanced features.
In my view, Ping Identity’s work is the very model of mature security design. It’s an example of the care and attention to detail that other innovators should follow.
Swirld’s founder Dr Leemon Baird will be presenting hashgraph in more detail to the Cloud Identity Summit in New Orleans tomorrow (June 7th).
Almost everything you read about the blockchain is wrong. No new technology since the Internet itself has excited so many pundits, but blockchain just doesn’t do what most people seem to think it does. We’re all used to hype, and we can forgive genuine enthusiasm for shiny new technologies, but many of the claims being made for blockchain are just beyond the pale. It's not going to stamp out corruption in Africa; it's not going to crowdsource policing of the financial system; it's not going to give firefighters unlimited communication channels. So just what is it about blockchain?
The blockchain only does one thing (and it doesn’t even do that very well). It provides a way to verify the order in which entries are made to a ledger, without any centralized authority. In so doing, blockchain solves what security experts thought was an unsolvable problem – preventing the double spend of electronic cash without a central monetary authority. It’s an extraordinary solution, and it comes at an extraordinary price. A large proportion of the entire world’s computing resource has been put to work contributing to the consensus algorithm that continuously watches the state of the ledger. And it has to be so, in order to ward off brute force criminal attack.
How did an extravagant and very technical solution to a very specific problem capture the imagination of so many? Perhaps it’s been so long since the early noughties’ tech wreck that we’ve lost our herd immunity to the viral idea that technology can beget trust. Perhaps, as Arthur C. Clarke said, any sufficiently advanced technology looks like magic. Perhaps because the crypto currency Bitcoin really does have characteristics that could disrupt banking (and all the world hates the banks) blockchain by extension is taken to be universally disruptive. Or perhaps blockchain has simply (but simplistically) legitimized the utopian dream of decentralized computing.
Blockchain is antiauthoritarian and ruthlessly “trust-free”. The blockchain algorithm is rooted in politics; it was expressly designed to work without needing to trust any entity or coalition. Anyone at all can join the blockchain community and be part of the revolution.
The point of the blockchain is to track every single Bitcoin movement, detecting and rejecting double spends. Yet the blockchain APIs also allow other auxiliary data to be written into Bitcoin transactions, and thus tracked. So the suggested applications for blockchain extend far beyond payments, to the management of almost any asset imaginable, from land titles and intellectual property, to precious stones and medical records.
From a design perspective, the most troubling aspect of most non-payments proposals for the blockchain is the failure to explain why it’s better than a regular database. Blockchain does offer enormous redundancy and tamper resistance, thanks to a copy of the ledger staying up-to-date on thousands of computers all around the world, but why is that so much better than a digitally signed database with a good backup?
Remember what blockchain was specifically designed to do: resolve the order of entries in the ledger, in a peer-to-peer mode, without an administrator. When it comes to all-round security, blockchain falls short. It’s neither necessary nor sufficient for any enterprise security application I’ve yet seen. For instance, there is no native encryption for confidentiality; neither is there any access control for reading transactions, or writing new ones. The security qualities of confidentiality, authentication and, above all, authorization, all need to be layered on top of the basic architecture. ‘So what’ you might think; aren’t all security systems layered? Well yes, but the important missing layers undo some of the core assumptions blockchain is founded on, and that’s bad for the security architecture. In particular, as mentioned, blockchain needs massive scale, but access control, “permissioned” chains, and the hybrid private chains and side chains (put forward to meld the freedom of blockchain to the structures of business) all compromise the system’s integrity and fraud resistance.
And then there’s the slippery notion of trust. By “trust”, cryptographers mean so-called “out of band” or manual mechanisms, over and above the pure math and software, that deliver a security promise. Blockchain needs none of that ... so long as you confine yourself to Bitcoin. Many carefree commentators like to say blockchain and Bitcoin are separable, yet the connection runs deeper than they know. Bitcoins are the only things that are actually “on” the blockchain. When people refer to putting land titles or diamonds “on the blockchain”, they’re using a short hand that belies blockchain’s limitations. To represent any physical thing in the ledger requires a schema – a formal agreement as to which symbols in the data structure correspond to what property in the real world – and a binding of the owner of that property to the special private key (known in the trade as a Bitcoin wallet) used to sign each ledger entry. Who does that binding? How exactly do diamond traders, land dealers, doctors and lawyers get their blockchain keys in the first place, and how does the world know who’s who? These questions bring us back to the sorts of hierarchical authorities that blockchain was supposed to get rid of.
There is no utopia in blockchain. The truth is that when we fold real world management, permissions, authorities and trust, back on top of the blockchain, we undo the decentralization at the heart of the design. If we can’t get away from administrators then the idealistic peer-to-peer consensus algorithm of blockchain is academic, and simply too much to bear.
I’ve been studying blockchain for two years now. My latest in-depth report was recently published by Constellation Research.
One of the silliest things I've read yet about blockchain came out in Business Insider Australia last week. They said that the blockchain “in effect” lets the crowd police the monetary system.
In the rush to make bigger and grander claims for the disruptive potential of blockchain, too many commentators are neglecting the foundations. If they think blockchain is important, then it’s all the more important they understand what it does well, and what it just doesn’t do at all.
Blockchain has one very clever, very innovative trick: it polices the order of special events (namely Bitcoin spends) without needing a central authority. The main “security” that blockchain provides is nottamper resistance or inviolability per se -- you can get that any number of ways using standard cryptography -- but rather it’s the process for a big network of nodes to reach agreement on the state of a distributed ledger, especially the order of updates to the ledger.
To say blockchain is “more secure” is a non sequitur. Security claims need context.
- If what matters is agreeing ‘democratically’ on the order of events in a decentralised public ledger, without any central authority, then blockchain makes sense.
- But if you don't care about the order of events, then blockchain is probably irrelevant or, at best, heavily over-engineered.
- And if you do care about the order of events (like stock transactions) but you have some central authority in your system (like a stock exchange), then blockchain is not only over-engineered, but its much-admired maths is compromised by efforts to scale it down, into private chains and the like, for the power of the original blockchain consensus algorithm lies in its vast network, and the Bitcoin rewards for the miners that power it.
A great thing about blockchain is the innovation it has inspired. But let’s remember that the blockchain (the one underpinning Bitcoin) has been around for just seven years, and its spinoffs are barely out of the lab. Analysts and journalists are bound to be burnt if they over-reach at this early stage.
The initiatives to build smaller, private or special purpose distributed ledgers, to get away from Bitcoin and payments, detract from the original innovation, in two important ways. Firstly, even if they replace the Bitcoin incentive for running the network (i.e. mining or “proof of work”) with some other economic model (like “proof of stake”), they compromise the tamper resistance of blockchain by shrinking the pool. And secondly, as soon as you fold some command and control back into the original utopia, blockchain’s raison d'etre is no longer clear, and its construction looks over-engineered.
Business journalists are supposed to be sceptical about technology, but many have apparently taken leave of their critical faculties, even talking up blockchain as a "trust machine". You don’t need to be a cryptographer to understand the essence of blockchain, you just have to be cautious with magic words like “open” and “decentralised”, and the old saw "trust". What do they really mean? Blockchain does things that not all applications really need, and it doesn't do what many apps do need, like access control and confidentiality.
Didn't we learn from PKI that technology doesn't confer trust? It's been claimed that putting land titles on the blockchain will prevent government corruption. To which I say, please heed Bruce Schneier, who said only amateurs hack computers; professional criminals hack people.
Curiously, I had an ugly argument with Wright and a handful of Bitcoin enthusiasts on Twitter in May 2015.
It started after I asked a simple question about why some people had started advocating blockchain for identity. I didn't get a straight answer, but instead copped a fair bit of abuse. Wright's Twitter account has since been deleted, so it's hard to reconstruct the thread (I'd love it if someone out there knows how to extract a more complete Twitter archive; I don't suppose anyone Storified the thread?).
Reproduced below is one side of the spat. I only have my own archived tweets from the time in question but you should get the gist. Wright could never stick to the point - what does blockchain have to offer identity management? Instead he took all inquiries as an attack. He's passionate about Bitcoin changing the world, and if I recall correctly, boasted of his own enormous wealth from Bitcoin mining (he's no crypto-anarchist, as is clear from his exhorbitant LinkedIn profile, one of the longest you'll ever see). Wright's arguments were all deflections; he even dredged up a PKI project from 17 years ago on which we worked together, where evidently he and I had some difference of opinion, something I honestly can't remember.
|10/05/2015 3:32||Blockchain-for-identity proponents: Please set out the problem to be solved, analyse it, state your proposal, and argue its benefits.|
|11/05/2015 22:52||.@caelyxsec: "Bitcoin is just soft certs" @matthewsinclair < Classic!|
|11/05/2015 22:56||.@matthewsinclair @caelyxsec "Passport", "no central authority", "no walled gardens". Same old utopian slogans. Plus blockmagic.|
|11/05/2015 22:57||What does a Onelogin actually mean? It's a nickname. Who vouches for it? @matthewsinclair @caelyxsec|
|11/05/2015 23:09||.@matthewsinclair: @caelyxsec "what does having my Twitter & GitHub usernames signed into the blockchain actually mean?"; Not much.|
|15/05/2015 8:20||Seems to be a first-come-first-served nickname and self-certified details saved to the #blockchain. @paulmadsen @iglazer @TechPolicy|
|15/05/2015 8:24||.@Chris_Skinner "Repeat after me: Bitcoin Bad, Blockchain Good"; But good for what? Time stamped archive.|
|15/05/2015 9:27||.@craigvallis @paulmadsen @iglazer Very little! I don't see identity specialists advocating #blockchain for pressing identity problems|
|15/05/2015 10:28||RT @craigvallis: @Steve_Lockstep @paulmadsen @iglazer Heard the same from BitCoin specialists, without the coin blockchain is just a database|
|15/05/2015 10:31||.@craigvallis Clever contribution of #blockchain is to solve the double spend problem. But not a problem in identity @paulmadsen @iglazer|
|15/05/2015 21:26||.@Chris_Skinner Sure, I get Bitcoin for some payments, but I don't get #blockchain for anything else.|
|15/05/2015 22:15||.@Chris_Skinner Nope. Blockchain special properties relate to stopping double spend. I don't see the advantages for eg contract exchange|
|15/05/2015 22:21||1/2 - Thesis: #blockchain is a bit magical, so some guess it must have potential beyond payments - like identity. We need rigor here|
|15/05/2015 22:23||2/2 - I liken this to the way some are enamored with Quantum Mechanics to explain eg consciousness. Even magic has limits.|
|15/05/2015 23:16||Turns out BTC is hard to sustain even for payments. But for non-payments, is there any business model at all? https://t.co/69eHD9ssFi|
|15/05/2015 23:36||.@Dr_Craig_Wright Actually I always proposed community based PKI http://t.co/DagiIx74la (2003) http://t.co/o6aYQWvqMA (2008). Going strong|
|15/05/2015 23:40||.@Dr_Craig_Wright There's not much to attack. I still can't find a rigorous explanation of blockchain for identity.|
|16/05/2015 1:01||.@Dr_Craig_Wright So most people are just guessing that blockchain has potential for identity.|
|16/05/2015 1:09||.@Dr_Craig_Wright But maybe you can point me to one those many sources to explain the potential of blockchain or whatever for identity?|
|16/05/2015 1:23||.@BitcoinBelle Please explain what blockchain does that a digital signature chained to eg a bank does not? @Chris_Skinner @Dr_Craig_Wright|
|16/05/2015 1:27||@Dr_Craig_Wright @BitcoinBelle @Chris_Skinner Explanations please, not abuse.|
|16/05/2015 1:29||.@BitcoinBelle I get BTC for the unbanked. I do. But I don't get contracts or patents in that setting. @Chris_Skinner @Dr_Craig_Wright|
|16/05/2015 1:32||@BitcoinBelle Can you follow a thread? Or a line of logic?|
|16/05/2015 1:34||.@BitcoinBelle So once again, explain please how a timestamp plus tamper resistance is special? @Chris_Skinner @Dr_Craig_Wright|
|16/05/2015 1:42||1/4: @benmcginnes Proof of what? Someone unilaterally asserted something about themselves? @BitcoinBelle @Chris_Skinner @Dr_Craig_Wright|
|16/05/2015 1:43||2/4: "Proof" to what standard? That word implies accreditation somewhere. @benmcginnes @BitcoinBelle @Chris_Skinner @Dr_Craig_Wright|
|16/05/2015 1:44||3/4: Who relies on the proof? ie what's the detailed use case? @benmcginnes @BitcoinBelle @Chris_Skinner @Dr_Craig_Wright|
|16/05/2015 1:47||4/4: Why/how does interfacing to blockchain give better proof than a PK cert? @benmcginnes @BitcoinBelle @Chris_Skinner @Dr_Craig_Wright|
|16/05/2015 2:40||.@benmcginnes Math proof in identity is the easy bit. Proof of attributes and rel'ships matters more. @Chris_Skinner @Dr_Craig_Wright|
|16/05/2015 2:43||.@benmcginnes Oh please. That's why I'm asking people to compare 2 types: blockchain and PK certs. @Chris_Skinner @Dr_Craig_Wright|
|16/05/2015 2:46||.@Dr_Craig_Wright I mean accred in the broadest sense: a disinterested endorsement. Self asserted means 0 @benmcginnes @Chris_Skinner|
|16/05/2015 3:18||.@Dr_Craig_Wright Something I said in a PKI advisory 17 years seems to still be eating you Craig. What is it? @benmcginnes|
|16/05/2015 5:12||.@BitcoinBelle But. Why. Bother? What's better about blockchain, compared with putting your hysterics on Twitter? @el33th4xor|
|16/05/2015 5:16||So I asked for an explanation of #blockchain for identity. And all I get is hippy nonsense - it's not central, not fiat, not govt.|
|16/05/2015 8:35||@futureidentity It's certainly the case with Bitcoin that it's more about the people than the technology.|
|16/05/2015 10:26||@jonmatonis @futureidentity Thanks but sorry, what do you mean by user defined privacy?|
|16/05/2015 10:27||@jonmatonis @futureidentity Please explain deniability of ownership.|
|16/05/2015 11:06||.@jonmatonis Thanks. How is that realized with blockchain where all transactions are available for all to see? @futureidentity|
|16/05/2015 12:10||.@benmcginnes I don't need visuals. I need blockchain-for-identity pundits to set out the problem it solves. @jonmatonis @futureidentity|
|16/05/2015 19:52||Twitter: Where you can be sure to find all the answers to questions you never asked.|
|16/05/2015 19:57||.@adam3us But why #blockchain? It was designed to stop double spend. Cheaper ways to hold immutable attributes @jonmatonis @futureidentity|
|16/05/2015 20:04||RT @adam3us: .@Steve_Lockstep @jonmatonis @futureidentity Well indeed identity does not belong on chain. Payment protocol is offchain|
|16/05/2015 20:09||.@cdelargy Which id mgt action corresponds to spending? Is it each presentation of "I am Steve"? @adam3us @jonmatonis @futureidentity|
|16/05/2015 20:18||.@jonmatonis Which is to say identity is not the new form of currency? .@futureidentity|
|16/05/2015 20:21||.@adam3us Auxillary info meaning the attributes and most importantly who vouches for them? @cdelargy @jonmatonis @futureidentity|
|16/05/2015 22:00||RT @adam3us: .@Steve_Lockstep @cdelargy @jonmatonis @futureidentity Yes Blockchain hasn't bandwidth for finance app msgs with identity|
|16/05/2015 22:26||.@Beautyon_ Not at all. I've articulated how I see the main id problem to solve: http://t.co/LPXBHieawT I ask others do the same|
|16/05/2015 22:31||.@Beautyon_ I'm not anti Bitcoin. I'm pro rigor. Almost nobody weighing in articulates the IDAM problem blockchain supposedly fixes|
|16/05/2015 22:33||.@Beautyon_ I think I agree. Names per se are not as important as the more general "Here's an attribute about me you can rely on"|
|16/05/2015 22:36||.@Beautyon_ So I say we need IDAM system to imbue attributes with pedigree and present them so RPs r assured of pedigree and user control|
|16/05/2015 22:38||.@Beautyon_ If blockchain is involved in every attribute presentation, is bandwidth ok? And isn't the 10 minute reconciliation too long?|
|16/05/2015 22:40||.@Beautyon_ No, I frame identity as "what do I need to know about you to be able to deal with you?" in a context.|
|16/05/2015 22:47||.@Beautyon_ In the lingo of IDAM, the holder of the asset you want to access is the Relying Party. They rely on your credential or key.|
|16/05/2015 23:03||@Beautyon_ No I don't use GPG. Maybe I might still understand if someone offers an explanation.|
|16/05/2015 23:08||.@Beautyon_ Why the elitism? Why can't blockchain enthusiasts explain themselves to the unwashed? You're like Freemasons|
|16/05/2015 23:17||.@Beautyon_ 20 years in PKI. I think I got the basics. And an allergy to people who can't explain their craft in natural language.|
|17/05/2015 3:42||.@WulfKhan IDAM is complicated. Many facets. Many problems. Which are addressed by blockchain? I am not on about BTC. @Beautyon_|
|17/05/2015 4:22||.@Beautyon_ I advise organisations on non trivial authentication and privacy problems. DIY secrecy is not important in my world.|
|17/05/2015 4:35||User pseudonymity is a crude fragile measure. Privacy != secrecy. It's about what others do with info about you. https://t.co/VpiKWHTLBH|
For what it's worth, in my wildest dreams I can't imagine the confusing, self-important Craig Wright being Nakamoto.