In Blockchain: Behind the Hype, we gave an overview on blockchain technology. Now, how can it be applied? It will be useful to examine not only use cases where blockchain provides a clear benefit, but also how the technology can be applied without actually achieving the claimed properties of the system.

The original and most well-known application of blockchain technology is to replace the centralized authority of traditional financial systems with a decentralized ledger to support digital currency. A core issue with legacy proposals for anonymous digital currency is the double spending problem, where users are able to successfully spend digital currency more than once. To solve this problem, cryptocurrencies use a blockchain to provide an immutable and public record of all transactions. As every node in the system reaches consensus as to the correct state of the ledger, candidate transactions that attempt to spend currency twice will be discarded as invalid since the state of each account is known to all nodes. 

It is important to be able to distinguish useful applications of blockchain technology from those with more tenuous benefits. One proposed application of a blockchain is to provide a continuous record of the state of a system, attempting to detect compromised machines due to changes in their state. Each computer in the system computes a hash over some or all of its files and submits this as a transaction to the system blockchain. The claim is that a compromised machine will have a different state, resulting in a different hash, which is then forever recorded in the blockchain. By comparing the hash over time, it will be possible to identify infected machines.

Does blockchain help achieve the claimed security properties of the system? There are two important assumptions in this proposal:

  • Is it possible to distinguish malicious from benign changes? As the state of a computer changes nearly continuously due to entirely benign events, only those files that are expected to never change can be included in the hash input. Otherwise, the hash of the machine’s state would change with each transaction due to benign events, making it impossible to distinguish between secure and compromised states.
  • Will a compromised machine report an accurate hash of its state? Since the machine is compromised, the adversary is able to submit a different hash value to the blockchain, rather than one that accurately represents the compromised state. Further, since the blockchain publicly records the machine’s previous hash of a correct state, the adversary knows what value to submit to avoid detection.

This example serves to illustrate how the properties of a new technology can be used to erroneously claim similar properties for the entire solution. While the blockchain is a secure and immutable record, it does not follow that the transactions recorded are necessarily an accurate representation of the system state, which undermines the entire construction.

Do I Need A Blockchain?

The Wüst and Gervais model (Figure 2) assesses whether or not an application would benefit from incorporating a blockchain, rather than more traditional solutions such as a relational database that work well when a Trusted Third Party (TTP) exists to manage trust in the system.

Although the completely open blockchain design is the most well-known due to its adoption by the BitCoin cryptocurrency, blockchains with more restricted access are also useful in many applications. The three primary blockchain design categories are:

  1. Permissionless: Anyone can join and participate in the consensus protocol
  2. Public Permissioned (Consortium): Anyone can join, only approved nodes participate in consensus protocol
  3. Private Permissioned: Only approved nodes may join and participate in the consensus protocol

From the Wüst and Gervais model (Figure 2), we can see that for a blockchain to add value the system must likely satisfy these criteria:

 Figure 2: Blockchain Type Selection Flowchart

The transactions or data contributed to a blockchain should update the state of a persistent entity (e.g., the balance of an account), particularly a state that may be contested by other mutually distrustful participants in the blockchain. With digital currency this is clearly the case, as the balance of a digital wallet changes over time and must rely on consensus within the digital ledger to prevent double spending of currency.

In contrast, if each transaction is independent of other transactions (e.g., a sensor broadcasting its current temperature reading) then there is no need for consensus, degrading the benefit of using a blockchain. However, as we will see, leveraging existing cryptocurrency blockchain deployments may be beneficial for monetizing sensor data.

The system should require that the database is able to be updated by multiple direct writers. In a decentralized digital currency, the need for multiple direct writers comes from the fact that transactions occur directly between accounts and can be initiated and completed without the intervention of a third party (e.g., banks in traditional finance).

If it is possible to agree on a third party that is trusted by all participants in the system (a trusted third party: TTP), then a blockchain is rarely the most appropriate choice. For example, transactions from each party could be submitted to the TTP, which simply maintains a traditional database and serves as the arbiter for deciding which transactions are valid and which are not. If a TTP does exist but is not always online or available to receive transactions, then a blockchain may provide value as transactions can still be approved while the TTP is offline.

Finally, if all of the writers are known and trust each other, a shared relational database is the best solution. A blockchain is useful when the writers are mutually distrustful of each other. In the digital currency use case, participants are mutually distrustful of each other submitting transactions where the same digital coin is spent twice. The distributed consensus protocol and immutability of the blockchain are needed to prove that each digital coin can be spent at most once.

Have you ever used blockchain technology? In the comments section, let us know if there is something you’ve learned about blockchain that you did not know before.

Anonymous