Grownups Get Real About Blockchains

The grown ups have found out about blockchains, and are starting to make realistic assessments of the technology.  As usual, they are sucking all the fun out of things.

The US National Institute of Standards (NIST) issued an informative report, which is an excellent overview of blockchain technology [2].  Much of the report is straightforward, but NIST is careful to point out important technical limitations.

There is a high level of hype around the use of blockchains, yet the 
technology is not well understood. It is not magical; it will not solve all problems. As with all new technology, there is a tendency to want to apply it to every sector in every way imaginable.” ([2], p. 6)

I think the most important section of the report is Chapter 9, “Blockchain Limitations and Misconceptions”.  The authors explain many basic points, including the ambiguous nature of “who controls the blockchain” (everyone is equal, but devs are more equal than others), and the hazy accountability of potentially malicious users.

Technically, the blockchain has limited capacity, especially storage. Overall, it is difficult to estimate the resource usage of a blockchain because it is implemented on many independent nodes.

Most important of all, they parse the Nakamotoan concept of “trust”.  It is true that there is no third party that must be trusted (at least in permissionless blockchains), but there are many other elements that must be trusted including the basic fairness of the network and the quality of the software (!).

The report also calls attention to the fact that blockchains do not implement either key management or identity management. Identity is masked behind cryptographic keys, and if you lose your key, there is no way to either fix it or revoke it.  These are either features or bugs, depending on what you are trying to do and the kinds of risks you can stand.

Overall, many of the limitations described by NIST are end-to-end requirements:  no matter how a blockchain works, it only addresses part of the total, end-to-end transaction.

The use of blockchain technology is not a silver bullet,” ([2], p.7)

On the same theme, Bailey Reutze reports in Coindesk on an IBM briefing on the end-to-end engineering of blockchain systems [1].  The talk itself is not published, but Coindesk reports that IBM warns potential customers about the end-to-end security challenges using their Hyperledger technology.

As noted many times in this blog, there have been many hacks and oopsies in the cryptocurrency world, and most if not all of them have nothing to do with the blockchain and its protocols.

IBM approaches the challenge with a thorough threat analysis, that looks at the whole system. This is, in fact, exactly what you need to do with a conventional non-blockchain systems, no?

It seems clear that whatever a blockchain may achieve, it doesn’t “disrupt” IBM’s role as a heavy weight business consultant.

In the Coindesk notes, there is a hint at one more interesting point to think about: the global extent and “infinite” lifetime of the blockchain. Nominally, the blockchain maintains every transaction ever recorded, forever.  This means that, unlike most data systems, a worst-case breach somewhere in the system might expose data far and wide, back to the beginning of time. Whew!

Still, both NIST and IBM agree that there are potential use cases for the blockchain that are worth the trouble, including public records and supply chains. (And IBM will be glad to show you how to do it.)

Blockchains may be inscrutable, they ain’t magic.

  1. Bailey Reutzel (2018) IBM Wants You to Know All the Ways Blockchain Can Go Wrong. Coindesk,
  2. Dylan Yaga, Peter Mell, Nik Roby, and Karen Scarfone, Blockchain Technology Overview. The National Institute of Standards and Technology (NIST) Draft NISTIR NIST IR 8202, Gaithersburg, MD, 2018.



Cryptocurrency Thursday

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s