There are many excellent articles out there about blockchain technology — so why in the world would we need another one? Well currently most blockchain articles concentrate either on the basics or on a specific technical topic. The aim of this series is to provide you with enough information to make educated product decisions when blockchain is involved. It assumes zero prior knowledge about blockchain but by the end of it, you should be able to understand all the technical news about blockchain as well as its advantages, disadvantages and technical trade-offs.
Technology under the hood
There is a number of technologies on top of which blockchain is built. Good understanding of those can help you grasp blockchain technology better. If you are familiar with the concepts below, feel free to skip this section.
Public key cryptography
In public key cryptography, every person involved generates a pair of connected keys — a public key and a private key. The person keeps the private key for themselves and keeps it confidential. The public key is a form of public identity that can be distributed to anyone. The keys are a cryptographic pair — a message encrypted with one key can be decrypted with the other and vice versa. The same key used for encryption cannot be used for decryption.
Encrypted communication Anyone wishing to send a message to a given person can use their public key to encrypt a message. Only the person holding the private key — the public key’s owner can decrypt the message and read it. This way, the public key cryptography con be used as a super secure inbox.
Proof of identity Public key can be treated as a digital identity. It can be freely shared, but only the owner of the private key can prove to be its owner. Anyone who wishes to confirm one’s identity can challenge them by sending a secret message encrypted with the public key. Only the owner of the public key has the private key and can decrypt the challenge, and send back the correct answer.
Signing Public key cryptography can be used as a digital signature. It works as follows:
- A document (or anything digital) gets encrypted with a private key forming a digital signature.
- The document gets distributed in both normal and encrypted form.
- Anyone can check if the person really signed the document by decrypting the signature with a public key.
The document cannot be altered in any way — changing the document would require changing a signature (which is impossible without the private key).
A hash function maps data into a very short form with a fixed length. The output of the hash function (usually called a hash) has the same fixed length regardless of the size of the input. In addition, the hash function is constructed in such a way that even a small change in its data will result in a significant change to the hash. Because of this, the hash function can be used to verify if a file has been modified after being sent. Many different files can have the same hash, but two files with a very small change (say changed account number) will definitely have a different hash.
What is blockchain?
Modern technology allows messages, voice, photos etc. to be sent directly from one person to another. However, when it comes to sending money, goods or anything of value, we have to rely on a trusted third parties such as banks or auction sites to facilitate the transaction. Blockchain technology is solving this problem at its core by providing a public, decentralised, trustless and tamper-proof database that can act as a ledger.
Blockchain as a database
From a technical point of view a blockchain is effectively a database stored and operated in a specific way. All new entries and transactions are grouped into blocks. New blocks are added one by one to the previous blocks forming a chain, from which comes the name — blockchain. At all times, the database is synchronised and shared between all users of the blockchain network.
Immutability and tamper resistance
Every new block holds a reference to the previous block in the chain, including all data in the last block. As a result, changing information in any of the old blocks would require to rewrite all the newer blocks as well. Since every user of the network has a copy of the blockchain such rewrite would require at least 51% of the users to have the same tampered copy to outvote the other users -no single user can change anything in the database. The larger the blockchain network gets, the safer it becomes.
In addition, every new block needs to be verified in order to be added to the blockchain. In case of public blockchains, this is done by solving a specific mathematical problem that is time consuming to solve, but fast to check. Rewriting even a part of the blockchain is impossible as there is no one in the world with enough computing power. In case of corporate/private blockchains the transactions need to be validated by selected parties. In both cases, it is a democratic way of accepting changes — if most of the participants see the transaction as valid, it is valid.
Public vs corporate blockchain
Two types of blockchains can be distinguished:
- Public blockchains, such as Bitcoin, Ethereum etc.
- Private/corporate blockchains, such as Ripple, HyperLedger etc.
In case of public blockchains, anyone can add new transactions to a blockchain for a small fee (every transaction on a blockchain costs real money that needs to be paid by a person performing an operation). Transactions are validated by other users of a blockchain who are paid with money from fees. Everyone can read content of the whole blockchain. Users are anonymous, but all the transactions are public.
In case of corporate/private blockchains, different classes of users can exist with different roles:
- Validators who have the authority to validate new transactions.
- Writers who are allowed to add new transactions to the blockchain.
- Readers who have unlimited or limited read access (for example only specific type of transactions or all transactions with a specific party involved).
Users can have multiple roles. Few public blockchains are available and ready to use. Corporate/private blockchains need to be configured and hosted by the parties involved. There is a possibility of creating a corporate blockchain on top of a public blockchain, but it can limit its functionality.
Smart contracts — programs running inside blockchain
All blockchains support simple transfer transactions. Funds or something of value can change owner during a single transaction. More complicated transactions like exchange transaction — if A transfers funds to B, then B transfers access codes to A — are not possible on all blockchains. Such transaction require an additional mechanism introduced in 2nd generation blockchains — smart contracts.
Smart contracts are deterministic programs running inside blockchain. They can be both simple exchange transactions as well as complex systems such as auction houses. How do they work? One of the parties deploys the smart contract to the blockchain. Once this is completed other parties can interact with the smart contract — for example deposit funds, check balance or deposit access code. Smart contract is public to all the parties, so they all know what are the terms and rules of the contract. Some of the rules can result in autonomous actions by the contract — for example if the specified conditions are met (access codes were supplied and payment was received) the contract will transfer funds to the seller and send access codes to the buyer.
Note that once deployed the contract cannot be changed. By interacting with the contract its state can be changed, but not the rules of the contract. There are some techniques to lift this requirement partially, but they come at the cost of removing the trust component from the smart contract.
A visual demo
If the concepts above are not clear enough, there are two great videos by Anders Brownworth (Chief Evangelist @ Circle). The demos are so well made, that I recommend watching them nonetheless.
Key advantage of blockchain
Key advantage of the blockchain technology is that it removes the need of a trusted third party. The blockchain acts as a transactions’ medium instead.
- All parties get to know the rules before engaging in a transaction.
- The rules cannot be changed by any party once in a transaction is ongoing.
- The history is tamper-proof.
- All information about transactions are public to the selected parties (or everyone in case of a public blockchain).
Costs of using a blockchain
Blockchain is not yet a fully matured technology. This introduces a number of costs.
In case of a public blockchain, every transaction requires a small fee paid in the native cryptocurrency of the network like Bitcoin or Ether. This requires the end user to acquire the cryptocurrency on his own. Direct interaction with a blockchain powered web app (so called dApp) requires a special browser or a plugin available only for a few browsers. Transfer of an identity between browsers or plugins is not a user-friendly process yet.
Public blockchains are radically transparent. Any person in the world can read and analyse the transactions performed on the blockchain. Due to this fact, sensitive data should not be stored directly in a blockchain, especially with the GDPR directive in mind.
In case of private/corporate blockchain, there is a cost of configuring/writing the underlying blockchain code and cost of supporting the infrastructure running a blockchain. Depending on the exact rules of interacting with the blockchain, concerns similar to the public blockchain may apply.
Risks of using a blockchain
Two main risks are connected with the biggest blockchain’s advantage its immutability.
Once the smart contract is deployed to the blockchain, its rules cannot be changed. As a result, typical iterative process used in software development is not possible with the deployed solution. The system cannot be radically altered (there are some methods for introducing small changes). In case of a pivot, a change in business model etc. previous system may need to be abandoned and data migrated to a totally new system.
Immutability of the systems on the blockchain means that if software contains a bug it cannot be fixed. Because the contract rules are visible to everyone, finding vulnerabilities is easier than in case of non-blockchain systems. If the bug is serious enough, it can result in a permanent damage to the system or theft. A common practice are extensive external security audits and bug bounty programs.
Should I be using blockchain?
Blockchain technology solves some really hard problems, however, it is not a perfect fit for any problem. The following checklist is designed to simplify the initial evaluation if the blockchain is a good fit for the problem. It it based on a thorough analysis of blockchain technology key characteristics, advantages and disadvantages.
Is there any data to be stored?
The blockchain is at its core a tamper-proof database. If there is no need to store data, there is no benefit in using blockchain.
For example: An internet speed testing app that does not store the results anywhere does not need blockchain as there is no data to save.
Are there multiple parties interacting with data?
If there is only one person both writing and reading data there is no real need to use blockchain. If there is one person writing but multiple people reading, the situation is different.
For example: A solitaire game could have a highscores feature. There is no need for blockchain, if the highscores are accessible only by the player himself.
Do you lack a trusted third party?
Blockchain primarily solves a problem of trust. If all involved parties have a trusted third party to mediate their interactions — for example a government institution — they don’t need a blockchain. However, if the trusted institution has high fees and there are no alternatives, solution built on blockchain could act as a cheaper alternative.
For example: Two parties would like to engage in a regular trade between each other. They can use eBay as a mediating platform as its fees are low enough, it has a very good reputation and can handle potential disputes between both sides. There is no need for blockchain, if they use eBay as an intermediary.
Do the writers distrust each other?
In the absence of a trusted third party, there may be still a strong trust between different parties.
For example: In case of a local ecosystem, a good reputation is critical. Bad word of mouth can put a party out of business — this results in a mutual trust between different parties. In such a case, a blockchain is not needed.
Do you need public verification?
If you want to bring a transparency to your process blockchain is a perfect solution as it is a tamper-proof ledger at its core. This can be either radical transparency in case of public blockchain or a reading access restricted to selected regulatory parties in case of corporate/private blockchain.
For example: By building a solution for food supply chain on a blockchain everyone can see when and where a food was produced, how it was transported and there is no risk of tampering with critical information like expiration date.
Does your data structure change infrequently?
Modifying and extending data structure is problematic in case of blockchain. If the solution needs to be production ready but the format of the data changes often the blockchain based solution can be more of a hindrance than an advantage.
For example: An online marketplace targeting small electronics market is launching. They plan to expand into new markets in the near future. That would either require significant modifications to their data structure in the future or a lot of careful planning to have a very flexible data structure before the launch.
If you answered yes to at least 3 first questions, blockchain may be a good fit for your solution. Depending on the exact specifics of the problem private/corporate blockchain may be more suitable than a public one.