Things I Think I Know About Blockchains, Public and Federated

  • Usage and support of blockchains will naturally tend towards a power law distribution, with one blockchain being by far the most used and supported.
  • Blockchain security encompasses many things, but perhaps the most important metric is the cost of attack — how much an attacker would need to spend to be able to attack the network.
  • Blockchains come in the open/global and federated variety (also known as public and private), which correlate roughly to open, public Internets and private intranets, respectively.
  • Just as there is one large public internet, there is one large public blockchain — the bitcoin blockchain.
  • Open blockchains in general require financial incentives to encourage mining / block building, which leads to a power law distribution of investment in mining and thus a power law distribution in cost of attack (which translates roughly to general blockchain security).
  • Federated blockchains do not require direct financial incentives to encourage block building, but rather require a clearly defined set of stakeholders all with some strong reason for continuing to run a block building node on the network (note that this can take the form of indirect financial incentives).
  • Some refer to federated blockchains as “private blockchains”. Here “private” refers to the permissioned nature of write access. Thus, these blockchains do not necessarily have private read access. In fact, many of today’s designs allow for auditor nodes (the equivalent of full nodes in Bitcoin), which can either be run by approved entities (permissioned auditing) or be run by anyone (permission-less auditing).
  • Open-access blockchains can be compromised if one of the following happens: (a) one entity invests an enormous amount of money in acquiring a majority of mining power (b) a majority of the keys of miners are compromised (note this is not referring to mining pools) or (c) a majority of mining pools are coerced into re-organizing the chain.
  • Federated blockchains can be compromised if either (a) a majority of the builder nodes have compromised security of their signing keys or (b) a majority of builder nodes are coerced into rolling back the chain (re-organizations do not occur with federated blockchains), without the other parties knowing the others were also coerced.
  • With a federated blockchains, a relatively low number of keys represent majority control of the network. In the case of the largest open-access blockchain, the Bitcoin blockchain, a relatively high number of keys represent majority control of the network. That means that it would take many more keys to be stolen in order to compromise the security of the bitcoin network than it would take to compromise the security of a federated blockchain.
  • Even though it would take many fewer key thefts to attack a federated blockchain than it would to attack the bitcoin blockchain, in theory a federated blockchain could still be more secure against such an attack than the bitcoin blockchain. This would be extremely hard to accomplish, but it should be possible. In order to do this, one would need to secure keys extremely well, in a way that dwarfs the security of the keys used by the organizations and individuals maintaining the bitcoin network (the miners).
  • For perspective on how challenging it would be to secure a federated blockchain to the level of security of the bitcoin blockchain, we can consider the following example. Let’s say 5 keys need to be stolen to compromise a federated blockchain (e.g. a blockchain with 9 “managers” and a majority rule) and let’s assume that 100 keys need to be stolen to compromise the bitcoin blockchain. In this case, the combined security of the 5 keys would need to exceed the combined security of the 100 keys. Further, if we can assume that the probabilities of key theft are independent of one another, we can conclude that individual key security for a federated chain would need to be several orders of magnitude higher than the key security required for the Bitcoin blockchain.
  • On the other hand, some would argue that beyond a certain number of keys and with certain security measures, one could consider compromise of a federated chain out of the realm of normal possibility. So the security for certain federated blockchains may be more than enough, especially if done in a way that avoids all possible collusion scenarios and technology monocultures.
  • A federated blockchain could avoid the greatest consequences of key theft scenarios if it is willing to make one of two concessions. First, the federation could be comfortable with having a rollback window (e.g. 24 hours) that allows the managers of the chain to roll back the state of the system and re-permission everyone’s keys. In this case, the currency holders of the system would have to be comfortable with eating all losses as a result of invalidated withdrawals.
  • The second option for a federation to escape the greatest consequences of a key theft scenario is to disable rollbacks but instead have a maximum amount of value that could be transferred within a certain time window (e.g. 24 hours). In this case, in the worst possible scenario, federation keys may get stolen and some withdrawals may be incorrectly processed, but the losses are capped. The system doesn’t need to be rolled back, and the federation will simply re-key and proceed as normal.
  • Building on a public blockchain does not mean that operations or data needs to be public. Hashes can be written to the Bitcoin blockchain (and thus notarized) and these hashes can be the roots of merkle trees that have the full list of operations, which have also been notarized by extension. As long as this data is kept within a private system, the state of the system is privately held, while still being notarized by a public global resource — the public blockchain.
  • The Bitcoin blockchain is currently the strongest and most secure blockchain by far, so if security, permanence, and indelibility are what you want, then the Bitcoin blockchain is likely the best candidate to build on top of.
  • That said, federated blockchains do have their place - some institutions have certain requirements on being able to run their own systems completely in-house, so federated chains will likely be most sensible choice for them if they can set up systems with very high security.
  • When you choose which blockchain to build on top of, it really depends what your needs are. Just make sure you understand the tradeoffs and you know what you’re getting yourself into.

Thanks to Stephen Pair for key insights on rollback protections for federated blockchains, thanks to my Co-founder Muneeb Ali for the term global blockchain, and thanks to Preston Byrne for discussions on federated blockchain key compromise.

Show your support

Clapping shows how much you appreciated Ryan Shea’s story.