Modernize Your PKI → Optimize Productivity → Reduce Risks    |Here’s how to replace Microsoft PKI with EJBCA

Blockchain Demystified

Blockchain Unblocked - What it is and what it is not

Blockchain technology has become a topic of major discussion in the past year or two.  There’s no question that the technology holds significant promise for the future… and it’s not just startups that think so:  IBM, Microsoft, Cisco, SAP, and many other major companies are investing billions of dollars in blockchain research.

But as with many new technologies, the “buzz” being generated around blockchain makes it extremely difficult to discern fact from fiction, and true promise from hype. Depending on who you believe, blockchain will either revolutionize all of computing as we know it, or fizzle out weakly under a load of unfulfilled promise.  The truth is almost certainly somewhere in between.  My goal here is to provide some distilled information, and hopefully cut through some of the haze surrounding blockchain technology.

Blockchain Basics:

  • At its core, a blockchain is a shared ledger.
  • Blockchain technology provides a mechanism for multiple participants to agree upon the contents of the ledger, in a decentralized manner. This collection of participants is often referred to as the blockchain “network”  (more on blockchain networks later).
  • Blockchain ledgers can be either public, and available to the masses, or private, and available only to a closed group.
  • Blockchain originally appeared as implementation of the public ledger behind Bitcoin. The Bitcoin blockchain is still very active, but other blockchain implementations such as Ethereum have begun to gain traction.
  • Like real-life ledgers, blockchains contain transactions. In a more expanded sense, they can contain a variety of information such as contracts or property right assertions. However, to be useful, these transactions must be understood by a majority of the participants on the blockchain network.
  • Blockchain leverages digital signatures, typically Elliptic-Curve Cryptography (ECC) and SHA-2 hashes, as the cryptographic basis for all transactions.
  • As with any Public Key or “asymmetric” cryptography system, protecting the private keys used with the blockchain is critically important. For example, with Bitcoin, losing your private keys quite literally means losing your money.

What Blockchain IS NOT:

  • Blockchain is not fast. Blockchains can contain hundreds of thousands, or even millions of transactions; each transaction is signed with a public key operation, which is inherently expensive from a computational standpoint.  For example, initial validation of the Bitcoin blockchain can take days, even with modern PC hardware.
  • Blockchain is not simple. As renowned security expert Bruce Schneier has said, “Complexity is the Enemy of Security.” The idea of a shared ledger, and even a chain of consecutively-signed “blocks,” sounds simple enough.  However, the mechanisms behind ensuring that nefariously-created blocks are identified and discarded by the blockchain network can become extremely complex.  Combine this with efforts around scalability such as sidechains, partial chains, light clients, pruning, sharding and cross-chains, and the complexity factor becomes even greater.

Other Important Blockchain Aspects:

Blockchain, and its core idea of a consensus-trusted, decentralized ledger, has fueled a tremendous amount of speculation and imagination about the future of the technology.  When considering applicability to specific use cases, there are some important things to know about blockchain, and how it works.  Many of these are relatively unique to blockchain-based systems:

  • High Availability. Blockchain requires a critical mass network of “always-on” participants. While each node of a blockchain network does not have to maintain continuous uptime, the blockchain network requires a large number of nodes to be operational at all times.
  • Safety in Numbers: To obtain a mutually agreed-upon ledger, without a central authority, blockchain requires that the vast majority of network participants are non-nefarious, and non-colluding. One of the threats against blockchain’s decentralized security model is that organized criminals may be able to direct an extreme amount of computing resources toward creating fraudulent blocks that become accepted by the network. The measure used by some security analysts is that a blockchain cannot tolerate more than 50% “adversarial hashing power” as an absolute theoretical limit. Others have pointed out that already, 50% of the “hashpower” in the Bitcoin network is controlled by just five entities, which is certainly a concern.
  • Continuous Activity: In addition to the above, the security of blockchain-based systems relies on the blockchain network participants to continually be placing new blocks on the chain, at a rate faster than a set of organized adversaries could do so. So however the blockchain transactions or other information is used, the system must be devised in such a way that participants in the network are continuously working to add blocks to the chain, faster than dishonest participants are able to add their own blocks to the chain.

What's Next - Blockchain & PKI

With all of this in mind, there’s no question that blockchain technology bears significant promise in certain applications. The experiments by the banking industry to secure inter-bank transfers with a private blockchain is a great example. However, as with any new technology, there also remain plenty of opportunities for bumps along the road as our knowledge of blockchain matures.  Blockchain remains one of the most interesting new technologies to watch in the next few years.

In future posts we will look at ways that PKI and Blockchain technology may complement each other to solve problems in more elegant ways.