Ok, ok. You caught us. We meant it when we said we liked the Blockchain technology. The Buzz Words That Suck - Blockchain post is about the hype. In this article, we'll break down what the technology is, and explore what's useful and good about Blockchain, what the current limitations are, and how it could be applied to web security in the future.
What is it: Blockchain is designed to be a record of all digital transactions of a particular type, similar to a digital ledger. The transaction types can be anything, from currency or cryptocurrency (as in the cases of Bitcoin and Ethereum) to healthcare data to digital assets (like Kodak's plan to help protect photographers' and artists' intellectual property via Blockchain). Any digital transaction that could occur between two entities would be a candidate for a Blockchain.
How does it work: In order for a new person or entity to start making transactions in Blockchain, that entity has to first validate every transaction in the chain that came before it against every other transaction record on that Blockchain held by all the other entities who have been conducting transactions. So let's pretend Jim and Sally have been conducting transactions back and forth on their JSToken Blockchain, and their transactions show that Jim has 100 JSTokens and Sally has 50 JSTokens. Bill comes along and wants to make a transaction with Jim whereby he will trade a service for 10 of Jim's JSTokens. Before the transaction between Bill and Jim can take place, Bill's "wallet" (the Blockchain record keeper for Bill) will have to go through all of Jim and Sally's transactions from the beginning of the Blockchain and verify that those transactions match what Jim shows and what Sally shows in each of their "wallets". Only then will Bill's Blockchain be considered valid and he and Jim can conduct and record their transaction. Once they have conducted their transaction, Sally's Blockchain will also be updated with the transaction and verify it against Bill and Jim's "wallets". That way everyone is in sync and no one could fake a transaction to steal one of the other's JSTokens.
It sounds complex, but the spirit of the technology is really very simple. Darrell Brogdon, CIO and Co-Founder of Raika Technologies, says, "When you break down the Blockchain technology, you are greatly simplifying your own ability to protect your assets. There's no longer a need for a bank to protect your $100; you can now do it yourself at much less cost, primarily through diligence in digital protection."
Why is it good: The biggest pros to Blockchain are that it decentralizes transactional record-keeping, and thus potentially greatly reduces the costs to maintaining an accurate record. If no one central authority (such as Visa, MasterCard, American Express, US Bank, etc) is solely in charge of validating transactions, then there are more points of validation that ensure everyone's assets recorded in the chain are accurate and safe. Says Brogdon, "The nature of Blockchain is that it becomes much more difficult to steal my $100 because the majority of the wallets of record would have to agree with a transaction that moved my money to someone else. If it's a bunk transaction, that's far less likely to be validated in the chain." The definition of majority usually means 51%, but a platform could choose to go further than that in its own implementation. Additionally, once a transaction is validated and added to the ledger, it can never be edited or changed. So a nefarious person can't get the ledger, make changes and then try to propagate those changes in an effort to change history.
However: There are still potential issues that need to be addressed before you'll find us all putting everything we own at the mercy of the technology. For starters, because every transaction has to be validated against every other transaction in the chain prior to processing, every new transaction in the chain increases processing time exponentially. If we look at Bitcoin, we see that there is over 200 GB of data in the current Bitcoin ledger. That translates to about 10-15 minutes of processing time per transaction at the date of this article. That's a long time! Imagine if you stood in the checkout line at Target for 15 minutes waiting for them to get confirmation that you had the money you claim to have to be able to pay for the goods you need. Not to mention that the size of the space needed to hold all of that data in a single user's "wallet" is going to continue to grow and could become expensive. Sure, 200 GB isn't very much and is pretty cheap these days, but how big will it be next year? Or two years from now? How much would a ledger grow if it was conducting the number of transactions that a large company conducts every day, like Google, Amazon or Microsoft?
What are the solutions: There are definitely ways to address these issues. One potential solution to the processing time issue could be setting "validation entity" points with certified entities in the chain. If that were available, when Bill wanted to make his transaction he could ask Sally and Jim (if they were both validating entities) to give him their Blockchain transactions, compare the ledgers as a whole, and as long as they agree, then he could start with their transactions as they reported them and go forward in time in his own "wallet" as his own validating entity from that point forward. If you required a minimum number of validating entities and set criteria for accuracy on those validating entities, there's potential to dramatically reduce at least the initial processing time and possibly on-going processing times as well.
Anonymity is key: There's another argument that says one of the pros of Blockchain is that transactions are anonymous. The reality is that transactions might be anonymous. Bitcoin transactions were proven to not be as anonymous as everyone hoped, and although other platforms still claim anonymity, whether that will be a permanent feature and whether the anonymity is as complete as the claim remains to be seen.
Stealing is still possible: So in the Blockchain, how can someone steal my money? If you can hack into my physical computer and decrypt my private key, then you will have access to my "wallet" and can steal everything in it. This is a fairly low probability occurrence, not unlike the possibility that a mugger gets my wallet on the street. The difference with the mugger on the street is he probably won't get my entire net worth by stealing my wallet. Well, not now anyway. Maybe when I was in college...
Bottom line: We like the concept of Blockchain, and we love that so many companies are looking at how to innovate with it and use it to help consumers protect their digital assets in a time when more and more people are looking to web- and SaaS-based applications and services in the cloud to make their lives easier. If it can be safer to do so, all the better. We think the limitations are solvable, and we will definitely be keeping our eye on the technology solutions of major players and independents to see how it all shakes out.
By: Cynthia Delaria, CEO/COO @ Raika Technologies, LLC; Contributor: Darrell Brogdon, CIO @ Raika Technologies, LLC