February 2017

Blockchain the Good, the Bad and the Ugly

In the current decade Blockchain has excited people from all walks of life as the new technology. In the financial arena particularly it’s difficult to think of any major player that hasn’t got some project under way. Experts tend to be black and white, everywhere from the world can’t go round without Blockchain to the sharpest critics who dismiss the technology out of hand. As with most things it’s all a matter of shades of grey and here we can look at the good, bad and ugly sides of Blockchain technology. In this discussion we have used Bitcoin as an example of a virtual currency based on the Blockchain but similar arguments apply to other virtual currencies.

In summary we can show that many of the ideas created in the invention of the Blockchain are really elegant, that the Blockchain architecture is fundamentally secure although this doesn’t necessarily apply to its implementation. The technology is lauded to solve many existing business problems but this is difficult to substantiate largely due to the imaginary trust model and in any event most newer developments of the technology are in fact little different to existing secure transaction systems based on a logical centralised trusted entity.

What is it?

The Blockchain as discussed today was invented by Satoshi Nakamoto (pseudonym) in 1998 as the underlying infrastructure for a peer to peer electronic cash system. In particular on-line payments could be sent directly from one person to another without going through a financial intermediary. As with all digital cash systems the design has to prohibit the double spend since any digital value message can easily be perfectly duplicated and the system must ensure that the owner doesn’t try and spend it twice. It is the solution to this problem that is the novelty of Bitcoin and which leads to the Blockchain.

The basic idea is to create an immutable record of all bitcoin transactions. This record is effectively a ledger or database of transactions and what it is actually recording is the ownership of a bitcoin or subdivision (to eight decimal places) at any point in time. There is nothing new at this stage; the system is just managing a trusted ledger. But here is the question, how do you manage a trusted ledger?

We have for years seen this happen with the banks that manage our money, they keep ledgers and at any point in time they know how much money we own. It also goes without saying that we trust them (enough) to manage our money or we wouldn’t use them. It is a pointless argument to start thinking about the mistakes that happen because as we will see there are plenty of mistakes with the Blockchain as well. All that matters is whether mistakes can be satisfactorily rectified?

However the core concept of Bitcoin was to avoid the use of financial intermediaries and hence the Blockchain which is a publicly managed ledger of which bitcoins people own. Naively it would be possible to appoint a body to manage such an immutable ledger. There is nothing new about immutable ledgers, remember the optical WORM (Write Once Read Many) drive still used to keep audit logs of transactions. Today it is perfectly viable to create a virtual WORM drive and Amazon for example provides this with their cloud based Glacier solution. Would you trust Amazon to provide a Bitcoin ledger?

Satoshi Nakamoto took a different approach. He argued in his seminal paper (bitcoin.pdf) that what was needed was an ongoing chain of transaction records managed by a network community where the addition of records to the chain involved a proof of work using hash functions, a cryptographic mathematical operation. A hash function is a digest of a message so constructed that it is easy to create but difficult to fool, in other words there is no easy way to create a different message with the same hash. Once you have a chain of these hashes each deliberately constructed to take 10 minutes on average by placing difficulty conditions on the construction of the hash then the work required to change an older message protected by a number of hashes becomes practically impossible.

Bitcoin Structure - An Immutable Store of Transactions

bitcoin slide

A Bitcoin transaction is structured as follows,

Transaction Structure

bitcoin slide

An individual block on the Blockchain is constructed as follows,

Block Structure

bitcoin slide

With the header constructed as follows,

Block Header

bitcoin slide

The Good bits of the design

The proof of ownership mechanism is really quite smart. In any cryptographic system it is key management that forms the underlying structure of the security system. Modern cryptography relies on keeping the secret keys secret because it is assumed that the underlying algorithms are known to potential hackers. In the Bitcoin Blockchain secret keys are never shared, this is a property of public key or asymmetric cryptography. You share the public keys but keep the secret keys well protected. This sleight of hand does of course come at a cost; you need to be assured of the genuineness of the public key. Hence the need for a Certification Authority (CA) that vouches for the public keys by signing them with their trusted secret key. The system then of course needs to trust this public key.

Bitcoin avoids the CA by building the owner’s public key into the transaction. When a new transaction is created to pass ownership to a new person the validators can check the signature created by the current owner against the public key (in the form of an address) previously stored in the original transaction. Each participant in Bitcoin creates a public/private key pair and presents their public key (as their address) to the old owner to be built into the new transaction. When they in turn pass on the ownership they can sign the new transaction which can be validated by the public key stored in the old transaction. In the Bitcoin system the public keys are actually stored in a hashed form as the user’s Bitcoin address. Subsequently as part of the transaction the full public key is provided which can be validated against the hash address format.

The validators also avoid the use of secret keys because they are only undertaking and checking hash functions for which there is no secret key. This is where the proof of work concept occurs in that creating the hash functions that validate a block of transactions takes effort and designed to take about 10 minutes on average for an individual block. As originally conceived this is also quite elegant but it seems that Satoshi may not have fully anticipated the formation of mining pools we will discuss later.

There is a further major security feature of Bitcoin that is rarely discussed and one which is missed in the architecture of many other Blockchain architectures. The creation of new bitcoins is an integral part of the Blockchain construction. There is no pre-creation of bitcoins nor is it practically possible to create unauthorised bitcoins outside of the new block construction.

Tradition digital cash systems (Mondex, MintChip and Tibado) are collateralised, in other words there is a matching $ in a fiat bank account for every digital $ issued. M0 (M-zero) is unchanged by the issue of a digital $.

Virtual currencies (Bitcoin, Ripple, Ethereum) by comparison are not collateralised. There is no trusted party agreeing to exchange the virtual currency back into fiat currency. In this case market forces apply which accounts for the volatility of virtual currencies.

The advantage of Bitcoin in the world of virtual currencies is that you know exactly how many bitcoins are going to be created and when. Each new block creates a transaction for 12.5 (currently) bitcoins as a reward to the successful validator of the block. This is the winner of the proof of work consensus we referred to earlier. This is not the case for example with Ripple or Ethereum where the virtual currency is created by the founders.

The security of the Bitcoin Blockchain system is not in doubt but as we shall see there are implications in the implementation of the system that do cause concerns.

The Bad bits of the design

It is constructive to compare Bitcoin with the properties of cash. If we look at physical cash it is,

  • Anonymous
  • Available to all, complete financial inclusion with no age restrictions
  • Immediate, it is an asset that transfers instantaneously
  • Irrevocable, there is no subsequent way to take it back
  • No payment intermediaries and accordingly no transaction fees
  • A bearer instrument, held by the owner

Bitcoin goes a long way in trying to provide these properties. It is partially anonymous, every transaction is associated with a Bitcoin address and depending on how you use the system it may be possible to track the owner. It is certainly available to all but the transactions are not immediate, in fact each transaction takes 10 minutes to get recorded and if you want to be absolutely sure you might want at least 10 further blocks to be validated before accepting the transaction to be complete. Because of the competition between the miners or validators there will be forks of blocks that lie outside the generally agreed thread but the probability of a long fork is very low.

Bitcoin transactions are irrevocable and there are no transaction intermediaries unless you use an agent. However there are transaction fees because the miners need to be rewarded and the creation of new bitcoins will eventually disappear. Whether the cash is held by the owner is more difficult because it is virtual. The ownership is recorded in the on-line ledger or Blockchain but there is nothing in your pocket so to speak. When a user makes a payment they are effectively changing the ledger to show a new owner but there is no underlying asset.

Traditional digital cash products such as MintChip and Tibado do actually have an asset that the bearer can hold as a message token.

It is the consensus process through the proof of work process that is both the elegance and the problem with the design. Bitcoin was designed as a peer to peer electronic cash system which would allow online payments to be sent from one party to another. One can wonder whether people are trying to re-invent Bitcoin as something quite different to what was originally conceived by Satoshi?

In its current form Bitcoin is limited to about 7 transactions per second on average. This is set by the size of the blocks (1Mbyte) and the size of the transactions contained within the block. Each transaction is of variable size but the generally agreed figure is that the current system is limited to an equivalent of about 7tps where you are effectively processing one block every 10 minutes. There is nothing to say the architecture couldn’t be altered to increase for example the block size but this needs to be agreed by the community which is still at loggerheads over such issues.

Does this matter? It really all depends on how you imagine the system will be used. People often quote Visa as a comparison which has a transaction throughput capability worldwide of over 50,000 transactions per second. You might argue that Bitcoin is not competing with Visa.

The bigger issues with the design really relate to the transaction cost and this involves 3 components,

  1. What transaction fee is paid by the payer?
  2. What transaction fee is paid by the payer?
  3. What is the cost to the eco system of validating the blocks?

Of course these components are entirely interrelated and need to be in balance in order to maintain a stable system. It should be noted that the payer pays the transaction fee whereas in most payment systems it is the payee that pays the fee. In a consumer merchant relationship it is the merchant that pays the fee, how would the consumer feel if this is reversed?

The Bitcoin consensus process is fundamentally based on the assumption that the miners will be adequately rewarded for the proof of work necessary to validate the blocks. An individual miner has to cost the price of the equipment, the energy exerted and his own cost of time. Currently individual miners are unlikely to validate many blocks if any, the mining process is the world of mining pools involving 1000’s of individual miners working collectively together. There are no precise figures but as an order of magnitude the average cost of mining a new bitcoin is about $500 where the current market price is $920. But if you take into account the volatility of Bitcoin it is often running at a level where there are small margins if any.

It’s never widely discussed but Bitcoin is totally dependent on the concept of transaction fees. It is an inherent part of the architecture and is the only way that the miners or validators can be rewarded for their work once the free issue of bitcoins per block has terminated in 2140. You might argue that everything will have changed long before that but just in simple terms you can consider the miners reward as a subsidy to the transaction fee. At the moment there are on average 1800 transactions per block for which the equivalent transaction fee is of the order of $7 per transaction.

However even worse than the Bitcoin economics are the cost to society for undertaking the consensus process. It has been estimated that the power or energy exerted to undertake the proof of work is equivalent to the total power supply of a small country such as Ireland. This energy is totally wasted there is absolutely no benefit to anyone.

And the Ugly implications of implementation

The ugly side relates largely to the implementation and operation of the Blockchain system. Somebody has to create the software that the participants use to create and validate transactions. This software is also the reference design for the system. If you want to change the Bitcoin specification for example you need to agree revised software for the Bitcoin core. Everybody has to agree this reference model. Who actually does this? Originally for Bitcoin it was Satoshi Nakamoto but he then handed it over to Gavin Andresen who didn’t really want the job and left the role of lead developer quite quickly handing it over to Wladimir van der Laan. In recent times there has been much friction amongst the lead developers and the Bitcoin community. One of the lead developers Mike Hearn resigned at the beginning of 2016 saying it had failed! Given this software effectively defines what you own in the Bitcoin world this is surely a major concern?

The 51% problem of Bitcoin is well known. What it effectively means is that if some person or organisation controls more than 50% of the computing power necessary to undertake the proof of work then they effectively can control the construction of the Blockchain. I don’t imagine Satoshi every envisaged the way Bitcoin mining has evolved. In the first place the miners stopped using their PCs as the work horse but instead undertook the development of special ASIC chips to optimise the hash functions. This has become many orders of magnitude faster than any typical PC. However it is probably the second step that made the situation worse. Miners started to group together to form mining pools and today this is the way that the blocks are validated, no individual miner using a PC has a chance. Worse still these mining pools have reached the point of 51% although it would not be to their advantage to mischievously execute this power.

The current Bitcoin design uses a script to manage the validation of the individual transactions. This was clearly an afterthought from Satoshi since the concept was not mentioned in the original paper. Although it is a general purpose script it is quite limited in its design to favour resilience over flexibility. Looping for example is not permitted thereby avoiding non terminating loops. In practice the Bitcoin system only handles a few agreed scripts. Other Blockchain systems such as Ethereum have focussed on the use of more sophisticated scripts and have paid the price with the DAO hack which resulted in the loss of $50m. DAO is a Decentralised Autonomous Organisation that exists as a set of contracts amongst people defined by scripts on the Ethereum Blockchain. It was vulnerability in these contracts that led to the loss of the $50m. It should be noted that Ethereum undertook a hard fork of their Blockchain to invalidate the fork involved with the hack which seems to be a contradiction of the immutable ledger?

What else can you do with a Blockchain?

There are a large number of people working on variant uses of the Blockchain involving amongst other things Smart Contracts and various consensus technologies. The fundamental logic failure in many of these cases is based on flaws in understanding. If you put rubbish onto the Blockchain then that is what you will get back. Bitcoin is totally intrinsic; the bitcoins are created within the Blockchain and manged accordingly. Subject to the implementation issues discussed above the integrity and assurance of Bitcoin is assured. If you want to put for example the title deeds of a property onto a Blockchain then somebody has to validate those titles and to provide a means of validating such titles. You cannot avoid it but some trusted authority such as a land authority has to validate the title which of course they are perfectly capable of doing on their own web site. As a more generic process they could digitally sign the title but then you need to be assured that the records are up to date, the equivalent of the double spend problem. Only the land authority is qualified to vouch for a change of title. They could of course run their own Blockchain but then it is readily apparent that they are the single consensus authority. The concepts of a distributed ledger technology seem debateable.

There are numerous applications being investigated for Distributed Ledger Technology (DLT) but in most cases it is impossible to avoid a trusted party. In this sense you invariably need a centralised trust model. The properties of distributed ledgers, multiple copies and public access are just niceties of the particular implementation.

The Future of the Blockchain

When do you want transactions without a trusted entity – who vouches for the transaction – bitcoin is an inherent part of the blockchain what is the value of the blockchain separated from bitcoin? When do you want a public database of transactions?

You might argue that Bitcoin was really a very elegant solution to an on-line electronic cash system but its value as a more generic public ledger is very debateable, as many say the emperor has no clothes!

What many are starting to realise is that data put onto a Blockchain has to be authenticated in some shape or form. The consensus process that validates the integrity of the data is in general related to the ownership of the data (intrinsic to Bitcoin) which leads to a logically centralised validation process. This in turn completely avoids the overheads of some uneconomic proof of work consensus process. I’m not sure what the Blockchain offers you?

Dr David Everett, SCN Technical Researcher.


Unable to open RSS Feed https://www.smartcard.co.uk/RSS/scnrss.xml with error SSL certificate problem: certificate has expired, exiting

Video Interviews

Tim Jones talks on the wealth of networks

Christophe Dolique of Gemplus talks about ·SIM

Dominique Brule of Philips Semiconductors talks about Near Field Communication