Decentralizing Trust
On Blockchain and its potential to change the way we trust one another
In the wake of the 2008 Global Financial Crisis (GFC) an anonymous developer or group of developers, known only as Satoshi Nakamoto, invented the blockchain technology. The first fully distributed database combining peer-to-peer networking, public-private key cryptography and digital signatures.
Nakamoto used blockchain technology to build a decentralised digital global currency — Bitcoin — that completely removed the need for intermediaries and allowed individuals to send and receive any transaction amount across any geographic region in near real-time. As opposed to relying on banks, clearinghouses, or foreign exchanges to facilitate transactions, Bitcoin relied exclusively on the blockchain protocol to execute transactions and establish trust between the transacting stakeholders.
Over the past 10 years, blockchain technology has been used to develop a whole host of new cryptocurrencies. From Ethereum to Litecoin, Ripple and Zcash, cryptocurrencies have started coming out of the ‘tech-evangelist’ world and into the commercial one. However, as the Financial Times reporter Sally Davies pointed out, currency is just one of many different applications that can be built using this technology.
“Blockchain is to Bitcoin what the internet is to email. A big electronic system, on top of which you can build applications. Currency is just one.” — Sally Davies, technology reporter, Financial Times.
When Nakamoto developed blockchain and built Bitcoin atop its infrastructure he did more than simply create a new currency, he created a system upon which valuable and important information could be transferred securely and reliably among a peer-to-peer network. The information being transferred is almost irrelevant, in so far as it can be whatever a network of blockchain users (nodes) want it to be. What’s important is that they can share it, interact with it and derive real-world results from it in a way that guarantees trust without requiring third-party monitoring.
Understandably, this new way of interacting has many different groups across all levels of society both anxious and excited.
Understanding blockchain
In order to understand blockchain, you need to think of the technology as an information storage tool. In its simplest form that’s all blockchain is; a technology that helps users store information. Interest in blockchain doesn’t lie so much in the fact that it can store information, but rather in how that information gets added, validated and sealed.
When we talk about technologies that house information, we usually refer to them as databases. Schools have databases filled with details on their students, parents and teachers; businesses have employee databases filled with salary information, next-of-kin, bank account details and reporting structures. When your employer pays you your salary, they’re transferring payment information from one database (payroll) to another database (your bank account) via an intermediary (a bank).
While there are many different databases that store different types of information, up until now, most successful databases have had one crucial element in common — they’ve all been owned by someone.
Other than what we can physically possess, everything else that we own is done so on rented space. When you pay account handling fees, you’re paying rent to the bank for securely storing your financial information, likewise, when you upload your holiday pics to Facebook, you’re paying rent — in the form of advertising data — for the joy of having your friends know how great your life is. With the advent of cloud computing, most of us store close to all our personal data on someone else’s centralised database.
As perfectly illustrated by recent Facebook scandals or the utterly disastrous Equifax cyber attack that took place last year, the biggest risk associated with centralised databases is that they provide a single point of attack for malicious actors. Once a database is breached, it’s fairly easy for information to be stolen, altered or fabricated. Sometimes these breaches are easy to detect, other times, however, due to the amount of trust a database owner might have built over a long period of time (think Bernie Madoff) these breaches can go undetected for years.
This, in essence, is the problem blockchain aims to solve. How do you make a database that is reliable and secure, yet doesn’t rely on the competence or goodness of any one single individual or organisation?
The answer lies in the decentralised nature of the blockchain database. Rather than one single entity being responsible for the accuracy and security of information, blockchain distributes that responsibility among a vast multinational network of computers and users.
Every single individual that joins a blockchain (a database) is given a copy of the entire ledger, i.e. the entire historical information stored in the database. Because everybody using the blockchain owns a complete copy of the database, no one does (if all of us are Spartacus then none of us are). Thus, if any discrepancies come about between my version of the ledger and yours, you know something’s gone terribly wrong almost immediately. Blockchain’s transparency is why it’s referred to as a decentralised public ledger. It’s available to all on the blockchain and verifiable by anyone with an internet connection.
Everybody on the blockchain owning a copy of the ledger only goes so far in explaining how this technology reliably and securely stores information. The other two components are public-private key cryptography and the mechanism by which consensus is achieved.
While the technical backbones of public-private key cryptography are incredibly complicated, the way to understand how they are used is not. Take, for example, a scenario in which Matilda wanted to send sensitive information across to Matthew. On the blockchain, each individual is given a private and public key. Think of these keys as email addresses; the public key is your email address which everyone on the blockchain can see and the private key is your unique password that only you can see and use to access those messages sent to you.
When Matilda wants to send information across to Matthew all she has to do is encrypt that information by using her private key and Matthew’s public key. When Matthew receives the encrypted information, he can access (or rather decrypt) it by using his private key. Put simply, when Matilda encrypts a message with Mathew’s public key, only Matthew’s private key can decrypt it, likewise if a message is encrypted with Matilda’s private key, only Matilda’s public key can decrypt it. This mixing of public and private keys not only ensures information gets sent to the right person securely, it also acts as a digital signature.
Simply being able to send information back and forth securely, however, doesn’t stop someone on the blockchain from sending the same bit of information to various people over and over again. If we’re sending cryptocurrency ( C ), for example, Matilda could send Matthew 10C and then send that same 10C to Jenny. Both messages are sent securely, but instead of Matilda honestly stating that she’s actually spent 20C, Matthew and Jenny will check their ledger and think Matilda has just spent 10C. This problem is called double spending, and it’s one of the most important issues organisations like banks and financial services providers, like Visa or Mastercard, regulate.
With blockchain, rather than a bank or a financial services provider regulating double spend, it’s the network itself that regulate this issue. How? By broadcasting every transaction that takes place to the rest of the network every time a transaction happens. In the case of Bitcoin, for example, because everybody on the network has the entire history of transactions, everyone’s ledger is updated with new transactions as soon as they take place. If Matilda only had 10C to begin with, and she spends that 10C twice to pay both Matthew and Jenny, the entire network will see both transactions, notice that Matilda has spent 20C and not 10C and know that that particular transaction is invalid. So, after every transaction has been signed, members of the blockchain network verify its validity and update their ledgers. All transactions are available to be viewed or audited by anyone within the network.
Now that we’ve added and validated the information on the blockchain, we need a way to seal that information so it cannot be tampered with weeks, months or years into the future. If you’ve read anything about Bitcoin or blockchain you’ll know its key feature is that it’s immutable.
The way information is sealed on a blockchain is what gave rise to its name. If we continue using Bitcoin as the example, every transaction that takes place is time-stamped and stored in a block. Every single block is connected to the previous block (leading all the way back to the very first block, i.e. the genesis block) creating a chain of blocks. In Bitcoin, it’s the transfer of cryptocurrencies that gets stored in the block, however, it can just as easily be any other type of information, such as someone’s will or a contract.
To maintain the integrity, chronology and validity of each block, three pieces of information are stored on it: a hash, which can be thought of as a unique identifier, such as a barcode or a fingerprint, the hash of the previous block and the actual transactional information, in our case, the 10C Matilda sent to Matthew. So, for the sake of ease, think of it like this:
Suppose Matilda’s and Matthew’s interaction is the first to take place on the blockchain, thus it’s the genesis block. Their block’s hash will be hashABC123, and won’t be linked to any previous block because it’s the first one.
Now that Matthew has the 10C from Matilda, he sends that along to Jenny. This new block now contains three pieces of information:
1. The hash (unique identifier) of Matilda and his transaction: hashABC123
2. The information of the transaction: Matthew sent Jenny 10C
3. A new hash (unique identifier) for this transaction: hashBAC312
Now, Jenny wants to send 5C to Matilda. This block will also contain three pieces of information:
1. The hash (unique identifier) of Matthew’s and Jenny’s transaction: hashBAC312
2. The information of the transaction: Jenny sent Matilda 5C
3. A new hash (unique identifier) for this transaction: hashCBA213
Because the hash is the primary identifier of a transaction, how a hash is generated is incredibly crucial to the overall security infrastructure of a blockchain. Bitcoin, for example, makes the task of generating a hash incredibly difficult by using highly complex mathematical problems in which solutions can only be achieved by trial and error. In order for the problem to be solved, vast amounts of energy, i.e. computational power, must be used, making the solving (commonly referred to as mining) incredibly laborious. Those that are using their computers to solve/mine hashes are typically referred to as miners. The blockchain protocol has it so that the more miners there are, the more complicated, and therefore the more computational power needed, to mine a hash. This is one of the crucial way blockchain ensures that a takeover of a network is as difficult and costly as possible.
In order to encourage miners to expend time and energy in mining hashes, miners are rewarded with newly generated cryptocurrency that isn’t taken from existing users’ accounts but rather is ‘printed’ by the blockchain itself. Once a solution has been found, i.e. a minor has a valid hash, this hash is broadcast across the network to every single user so they can validate the result using a simple calculation. Once validated, a block is added to the chain, the ledger is updated and copies of the exact same ledger are sent to every single user (it’s important to note that in the blockchain, users are often referred to as nodes).
This process of mining is the mechanism by which a blockchain’s network achieves consensus.
By virtue of the fact that every single block carries with it its own unique hash, as well as the hash of the block that preceded it, once a block has been sealed, it is near impossible to tamper with the contents of a block. Doing so would result in a malicious actor generating a completely new hash for whatever block was tampered with. So, if the block that contained Matthew and Jenny’s transaction of 10C is tampered with, a new hash will be generated for that transaction, say hashBAC223. However, because the transaction immediately following Matthew and Jenny’s transaction already has in it the original hash — hashBAC312 — nodes on the network are able to see that an error or attack has taken place. In order for a malicious actor to get away with an attack, he or she would have to alter the hash of every single block that came after Matthew’s and Jenny’s transaction. A feat that is almost impossible due to the computational resources required to generate a single hash and the fact that a network is made up of multiple miners. The only possible way for an attack to be carried out successfully would be if a group of attackers were able to obtain a 51% majority in a network so they could then approve subsequent transactions at a faster rate than the rest of the miners on the network.
All this, in its simplest form, is how blockchain technology works. To recap, then, Blockchain is a decentralised database that stores information (transactions, assets etc.) across a distributed network (aka a peer-to-peer network) in a secure, immutable and transparent manner.
And then there were smart contracts
In the middle of 2015, a then 21-year old Vitalik Buterin launched the Ethereum blockchain to the world. Incorporating all the cryptocurrency functionality of Bitcoin (the currency on Ethereum is called an Ether), Buterin introduced another revolutionary component to the blockchain technology, the smart contract.
A smart contract and a good old-fashioned written contract share many similarities. At their core, each is a binding contractual agreement that stipulates how two separate parties are to interact with one another in regards to a particular transaction. Prior to drafting the final version of a contract, both parties must voluntarily come to an agreement and once satisfied, they memorialise said agreement in order to reduce the likelihood of confusion, forgetfulness or breach.
Where smart contracts and traditional contracts differ is in the language used to memorialise the terms of the agreement and how parties are made to comply with those terms. Rather than using natural (albeit oftentimes confusing) language and arbitration by a trusted third party (say, a judge), smart contracts memorialise and enforce contracts entirely through autonomous code.
The simplest way smart contracts are often explained is to think about how a vending machine works. If you want to get a chocolate bar you need to meet one condition and perform one action: insert money into the vending machine and input the number that corresponds with your desired chocolate bar. Another example could be a writer submitting a piece to their editor. A smart contract can exist between both writer and editor whereby due date, word count and plagiarism (or originality) are memorialised in the smart contract’s code. Let’s say the conditions of the smart contract are as follows. In order to get full payment for their weekly column the writer need to:
• Submit by 17:30 every Thursday
• Meet the 800–1200-word count
- Submit material that is original and not plagiarised
A protocol could be built into the code of the smart contract whereby these three requirements have certain conditions attached to them, for example:
• For every hour after 17:30 that the writer delays submitting a piece payment is reduced by five percent. If they fail to submit by 00:00 payment is completely withheld.
• A penalty of 25 percent is taken from the writer’s pay if they go under or over the world count
• If the smart contract conducts a plagiarism verification scan on the internet and finds the writer’s work to not be their own payment is immediately withheld
Anyone who’s ever worked as a freelancer — be they a consultant, designer, carpenter or writer — will be familiar with the general theme of the above scenario. They’ll also be intimately familiar with the tedious and drawn out process of submitting invoices and waiting weeks, if not months for payment, along with the painstaking process of chasing that payment if it fails to come. The worst-case scenario is when a freelancer is forced to bring legal action against the contracting party because payment never materialises.
Smart contracts, however, remove these risks entirely. Following on from the above example, the writer’s article and payment can be in escrow until all conditions are validated by the smart contract. For example, the editor may not be able to access or download the document until payment for the article has been deposited into the writers Ethereum wallet, just as the writer cannot receive full payment if they go over or under the world-count. Rather than waiting weeks, sending invoices and following-up with endless emails and phone calls, the whole process is entirely automated and executed by code.
The fact that blockchain only allows for information to be added with the consent of the majority of a network, validates transactions with an almost impossible to penetrate consensus mechanism requiring huge computational power, makes information immutable once added and, combined with smart contracts, provides a mechanism whereby behaviour and actions can be incentivised and mediated has resulted in various public and private firms wanting to explore the use of this technology in more quotidian ways.
From health care to voting and everything in between
Once you understand the underlying principles of blockchain and smart contracts, it’s not difficult to imagine how the technology can be used to fundamentally change the way certain industries work.
Take health care, for example. In the United Kingdom, there’s been much talk in regards to the National Health Services (NHS) incorporating blockchain technology to improve the overall patient experience and operational efficiency. Talk of this isn’t new, in fact, the government has been contemplating the idea since as early as 2016.
The thinking goes that doctors would have greater and quicker insights into a patient’s health record by having their entire medical history accessible via blockchain. All surgeries, X-rays, blood-tests, allergies and any other conditions/consultations could be stored and owned by a patient on a blockchain and registered health professionals could access and upload information to the blockchain as and when it’s needed. If this usage were to go beyond the U.K. and be implemented globally, a patient who gets sick or injured while travelling could go to any legitimate hospital and be treated by a medical team that instantaneously understood their medical history.
With voting too, blockchain is being explored as a potential way for societies to move from paper-based voting to electronic voting. Earlier this year, in the United States, West Virginia successfully trialled using blockchain to help military services personnel and selected absentee voters to participate electronically in the state’s 2018 primaries. The electronic voting was administered by an application called Voatz, which used a scan of voters’ thumbprints to authenticate their identity, while also providing a publicly verifiable ledge that maintained their anonymity. Once voting completed, electronic voting results were available immediately.
The above examples rely on the same technology that facilitated our hypothetical interaction between a writer and their editor. In the case of health care, a patient’s ‘Medical Block’ would be completely encrypted so that medical and other personal details would remain inaccessible to the public or unauthorised nodes on the network, and a smart contract would govern who got access to what information. When a doctor adds information to a patient’s ‘Medical Block’ the information is encrypted using private-public key cryptography, however, the transaction would still be validated by the network to confirm it was a legitimate doctor/medical institution x transferring information to patient y.
The same would go for voting. All registered voters would have their biometric identifiers uploaded to a voting blockchain, the network would validate the transaction, i.e. the vote, yet the vote itself would be encrypted. Governments would be able to tell who voted but not how they voted, and nobody would be able to tamper with the votes as each block would have its own hash, as well as the hash of the block before it.
Of course, it doesn’t stop with voting or health care. There are literally hundreds of applications being explored using blockchain.
Unintended consequences
“Technology is neither good nor bad; nor is it neutral” — Melvin Kranzberg
Blockchain is still a nascent technology that is narrowly understood by the general public if it is said to be understood at all. Before we start migrating all of our most critical institutions onto it, we need to have a serious and open discussion about what trust means to us as individuals and a society. Further to that, we need to understand that trust-imbued institutions have lasted as long as they have for a reason and if we are to introduce technology that could very seriously upend these institutions we need to consider what if anything might take their place.
Some of the blockchain’s greatest strengths are also its greatest weaknesses. For example, while blockchain transactions are generally pseudonymised so that an individual’s personally identifiable information isn’t disclosed, ingenious cyber operatives still have the capability to combine blockchain’s metadata with other types of analysis to extract the identity of an account holder. Once an individual account holder is identified, while previous transactions may not be altered, one could well imagine a cleverly crafted phishing campaign designed to obtain that individual’s private key, thus giving hackers control over that individual’s account.
While transparency on blockchain keeps everyone in check, it also it also leaves everybody exposed.
You could, of course, go to the other end of the spectrum and use a completely anonymised blockchain cryptocurrency, such as Zcash or Monero. This type of cryptocurrency would only record that a transaction has taken place, however, all other information — including who made the payment and where — would be completely anonymous. This is great for conducting private transactions so governments and hackers alike can’t track your every payment, yet it also allows for drug dealers and child pornographers to transact with ease. The incorruptibility and inaccessibility of Zcash or Monero would render law enforcement completely useless. No warrant or technical workaround could shut down the system. The distributed nature of blockchain would mean that even if the F.B.I were to shut down all U.S. operations, so long as there were enough nodes outside the U.S that wanted to carry on with the network it would continue without a hitch.
Think too about how blockchain could affect a social-networking site like Facebook or Reddit. While on the one hand, it could help safeguard user’s data so Cambridge Analytica type scandals don’t happen again, it could also further fuel the fake news phenomenon where conspiracy theories could thrive. Social networks hosted on blockchains full of Sandy Hook or Pizzagate type conspiracies would be impossible to shut down unless law enforcement could gain a 51 percent majority and take control of the network (an almost insurmountable feat due to the mining protocol incorporated in blockchains).
Smart contracts too come with their own problems. While smart contracts in principle may be conceptually easy to understand, the underlying code that runs them isn’t. Smart contracts are far more binary than traditional written contracts. Human nuance and ambiguity are not easily translated into code, and it doesn’t take much imagination to see where a self-executing contract might go wrong. Unless it’s explicitly written into a smart contract’s programming language, smart contracts are final. People make mistakes, smart contracts don’t.
A peer-to-peer decentralised network might sound like the answer to all our problems until you realise that all of us rely on others to guide and advise us. Bank’s don’t simply hold our money and help with transferring payments, they also provide financial advice and investment into community project. True, this could still happen under a system completely run on the blockchain, but then to claim that blockchain will be the death of all intermediaries is silly — other’s will simply take their place.
Just like certain banks have higher trust scores than others, so too will certain blockchains over others. But how will they be structured? Who will help those that sit outside the digital economy to navigate these new systems? Someone will clearly have to. How current institutions incorporate blockchain into their governance structure needs to be clearly and loudly debated. A business that relies on a blockchain protocol to run its operations might be exceptionally efficient but frighteningly unempathetic.
Society doesn’t operate in isolation, individuals learn and grow from one another. At the heart of the blockchain debate should be a fundamental and continuously asked question: do we want a society that trusts human-run institutions or do we want one that trusts computer code?
Add to this the improvements in Artificial Intelligence (AI) and its integration into blockchain and we may find ourselves with a system that makes decisions on our behalf without us necessarily understanding its rationale. If AI itself becomes a node in a network, there would be virtually no way of shutting it down.
None of this is to say that it couldn’t work. Blockchain and self-executing smart contracts might just be the best way forward, we humans tend to make a mess of things; yet we also have the ability for abundant amounts of compassion and generosity. Perhaps blockchain won’t take over as much as crypto-enthusiast predict.
It’s good perhaps to think of this technology the same way most of us think about self-driving cars. It would be great to live in a world where no drunk, distracted or tired drives caused another fatality on our roads, yet before we hit the ignition, we need to understand in full the programming code that’s driving the car. There are millions of variables that come into play when one is driving, some that are totally based on instinct and would be near impossible to programme. If you need the car to break through your garage door because your house is on fire, there should be enough nuance in the code or a reliable kill switch in place so that you can save your life in a situation no programmer could ever have imagined.
The views expressed in this article are my own and do not reflect the opinions of any of the companies for which I am employed to write.
