Permissioned blockchains
This article is the second in a series introducing blockchain technology. It looks at the disadvantages of bitcoin style blockchains for most commercial applications. It then describes ‘private’, also called ‘permissioned’, blockchains which are promoted as being suitable for corporate use.
Part I showed the workings of public blockchains such as Bitcoin. The Bitcoin blockchain is ‘public’ in the strongest possible sense:
The Bitcoin structure achieves a remarkable result: the ledger embodied in the blockchain may be trusted even though no particular participant is trustworthy. Further, the network continues to operate even if some nodes are non-functioning.
As seen in Part 1, these benefits come at a cost. Trust is achieved through the public visibility of the ledger together with the ‘proof of work’ algorithm. Public visibility means that the entire chain is transmitted to each node.1 Proof of work is expensive in terms of power usage.2
As interesting as it is, the public blockchain has some characteristics that make it unsuitable for most commercial applications:
Each of these is discussed briefly below.
Recall that the integrity of a public blockchain depends upon a ‘consensus algorithm’. The essential features of any workable algorithm are:
These conditions imply that there must be a relatively large number of participants. How many? Enough so that it is very unlikely that a single evil entity can gather enough resources to control the chain. ‘Resources’ will depend on the meaning of ‘expensive’.
In bitcoin, ‘expensive’ refers to computing power. An entity that can control more than 50% of the hashing power of the network can game the system, a fact recognised in Nakamoto’s original paper.3. The bitcoin network is so large that the cost of mounting a 50% attack is popularly thought to be prohibitive.4
The smaller the public network, the easier it is for an individual or a small group to gather assets sufficient to control the network. Prevention is by making it more ‘expensive’ to add blocks or making the network larger. Some smaller cryptocurrency networks are claimed to be vulnerable to the 50% attack through rented computing power.5.
If the process of adding blocks to the chain is expensive, then miners will expect to be rewarded for their efforts. How will this be done? If they are paid in ‘real’ currency, then the blockchain must yield ‘real’ profits to someone. Since nobody controls a public blockchain, the problem is clear.
Bitcoin miners are paid in bitcoin. New bitcoins are generated from scratch, slightly devaluing the holdings of the cryptocurrency. It amounts to a slight redistribution of wealth, concealed due to the overall value of bitcoin and the number of participants.6 Alternative methods of payment border on being fraudulent: rewards of shares in ‘startups’ or in non-existent companies.7 ‘ICO’ has been used as a substitute for ‘IPO’, hoping to avoid the regulations associated with a genuine IPO.8
The end result: successful public blockchains probably need to reward miners with the ‘product’ of the blockchain. This seems to severely limit the commercial applications of public blockchains.9
The final obstacle to commercial use of public blockchains is that they are public. The public features essential for Bitcoin are a liability for commercial use. Most companies would not want their commercial details to be seen by the whole world. The idea that the whole world might participate in constructing the chain is unthinkable in most commercial contexts.
The ‘solution’ to these problems is said to be ‘private’ or ‘permissioned’ blockchains. A permissioned blockchain is one that restricts participation in one or more ways. Most commonly:
The language is awkward but well-established: the Bitcoin style of blockchain is ‘permissionless’ or ‘public’. Blockchains with restrictions are ‘permissioned’ or ‘private’. The problem is that although the terms are standardised, the precise meaning is not. The variation in meaning is greatest with ‘permissioned’ of ‘private’ which can mean a blockchain with any or all of the above restrictions and which may or may not be private in the usual sense of the word.
This article is generally concerned with blockchains that will be used for corporate data. It is submitted that blockchains suitable for the purpose will have at least the first two restrictions. If the data contained in the blockchain is at all sensitive, which may be the most common case, then the third characteristic will also apply. The ‘certain parties’ are not necessarily the same parties in each.
There are four salient differences between public and private blockchains:
Limited participation is virtually the definition of a private blockchain, but it raises the most difficult design issues: * Who decides who may participate and how? * Who may add transactions? * who decides the validity of transactions? * who may add new blocks and how?
These will usually require significant negotiations in any moderately complex commercial application.
Private blockchains are likely to be small, sometimes very small in terms of the number of nodes that may alter the blockchain. For example, blockchains have been proposed to replace real property registers, but the proposals suggest that the chain may be altered only by the relevant government department.10
The relatively small size of the private blockchain has important design consequences. Proof of work and other consensus rules designed for public blockchains are not generally applicable to private chains. As noted above, public blockchains are only trustworthy if there are a sufficient number of participating nodes. The bigger, the better.11
Before adopting a private blockchain, it is necessary to consider:
It is valuable to evaluate these two questions for the bitcoin blockchain. The next block candidate is chosen by the node who first demonstrates performance of the proof of work. Because the next block candidate and the blockchain itself must be broadcast to the entire network of miners, it is possible for two valid block candidates to be proposed by two different nodes at approximately the same time. The bitcoin rule is to choose the ‘longest’ chain, the one that has required the most work.
Since Proof of work is not a suitable protocol for a small private network, how is the next block candidate to be chosen? Without the proof of work protocol, how is it to be decided that the particular candidate is the one to be added to the chain?
These are not easy questions to deal with, and the decisions are complicated by commercial interests who propose ‘answers’ that have not been tested or proved according to well-established cryptographic tests.12
The usual answer is that a group of participants is chosen to be “validators”. A basic scheme is that validators “vote” on a candidate block by signing with a digital signature. The block is accepted into the chain when a sufficient number of validators have signed. The validators may be chosen in advance as part of the design of the system or, in more complex schemes, may be chosen through a random process each time a new block is considered.
There are many variations on this basic scheme, some of which are untested in the real world. In general, a scheme should be chosen which is “Byzantine Fault Tolerant”. Such a scheme will continue to function even if some validators fail to participate or even if a limited number of them participate act in a malicious self-serving way.
It is an article of faith that blockchains are ‘immutable’. This means that the chain contains a permanent record of all transactions, and that the record cannot be altered. This assertion can be found in the vast majority of Internet sites discussing blockchains.
Immutability is a myth, even for bitcoin. Furthermore, it is not even a desirable property in most commercial contexts. Errors are made when recording transactions, and some errors cannot be corrected merely by reversing a transaction.
Privacy and credit reporting laws increasingly require a transaction to be expunged. An erroneous credit report that claims John Doe defaulted on a million dollar loan is not cured by a later report saying ‘Ooops!’. Jane Doe may be able to assert rights to have records erased under the EU’s notion of ‘the right to be forgotten’.
Part III will discuss the issue of immutability as well as suitability of private blockchains for various corporate usages.