Integrity assurance that a piece of a binary is not modified, whether it is related to data or software, remains a significant challenge in the IT industry.
Integrity assurance is built into many databases; it helps ensure that data will not be changed unless done in a well-regulated/controlled manner. Furthermore, the proposals of Trusted Platform Module (TPM) and Secure Execution platforms like Intel SGX and ARM TrustZone provide integrity measurement and assurance. In these solutions, integrity measurement is not historical but related to the current state of either data or software.
However, if the question is how to maintain even historical integrity values that can easily be verified, simple hashing (hashing table) or Merkel Tree-style solutions have limited applications. Two considerations add even more complexity to this question; 1) no entity should be able to change the historical integrity and records, and 2) all the information is going to be in the public domain. People have put forward blockchain as a possible answer, but the question remains…
Is Blockchain the solution?
The task of designing a decentralized online (digital) currency involved addressing specific security challenges that included negotiating an immutable public transaction ledger. For the immutability feature, blockchain integrated into the bitcoin architecture. The blockchain is fundamentally a series of linked record lists referred to as blocks. Each block has a robust cryptographic property of immutability provided by the cryptographic hashing algorithms.
Immutability features do not protect against a powerful entity with total control of the blockchain. This is one of the main reasons why it’s essential in the bitcoin architecture to have a majority consensus when accepting a block onto the chain. With the mining community’s distributed nature, the bitcoin architecture tries to protect against powerful entities from modifying the block.
However, on a cautionary note, if a single entity controls 51% of the mining resources, then this entity might have the ability to control what goes on the chain. At the moment, such a situation has not yet arisen. However, there is a concern: as mining becomes more specialized (requiring special expansive hardware) and economy of scale hits the miner communities, it might be inevitable that a single entity might control more than 51% of the mining resources.
What the future holds for crypto-currencies is discussion ripe for speculations, so this article will stay away from it. The article’s focus is on the technological aspect of blockchains. So, what is this blockchain technology that is gaining substantial traction in the market?
The blockchain is an append-only distributed database technology, also known as a distributed ledger. It allows a group of peers to maintain a database while guaranteeing its integrity and assuring that all peers have equal rights as far as owning, accessing and managing the database is concerned. From a data structure perspective, the blockchain is a singly linked list compromising of structures called blocks. Each block, apart from the first block (the genesis block), points to the previous block in the chain. If any of the earlier blocks in the chain is tampered with, this change is propagated to every subsequent block, thus assuring detection. Each block on the chain has a unique address, timestamp and relation with the previous block. This chaining mechanism also deters any adversary from changing a target (historical) block as then it has to modify all the blocks that were appended to the chain after the target block.
As an example, consider that blockchain technology is being used to provide integrity protection for patient records. A doctor enters some information to a patient record at Time 1 (T1). The integrity of the patient record is pushed to the blockchain at T2 and the block address BCA1. Now, if the doctor or any other entity wants to maliciously change the inserted record at T1 without leaving a trace, it would be near to impossible at any time after T2, as this change would require regenerating not only the BCA1 block but all blocks that appended after it. Now the high assurance is provided mostly by the public distributed ledger-based environments with no entity holding more than 50% of mining resources. Therefore, having a private blockchain has more limited assurance of immutability than the public blockchain.
In a public blockchain, the distributed ledger is maintained by independent entities that are part of the blockchain network, whereas in the private blockchain, the distributed ledger is supported by the centralised entity with all the mining resources of its own. Therefore, in the private blockchain, there is a possibility that the chains can be modified; the only hindrance is the computational cost for recomputing the chain. Not the presence of a distributed ledger in the public network that might not allow such re-computations. Therefore, when designing or evaluating the usage of blockchain in any application or industry, it’s important to understand the nature of the information being pushed on the chain as part of the blocks, the blockchain management architecture and the purpose of blockchain usage.
What is a Smart Contract?
One of the exciting innovations that blockchain facilitates, other than crypto-currency, is smart contracts. A smart contract is a piece of self-executing code that can be stored, and executed, on the blockchain. A minor detail is that the actual execution of the contract happens on the client machine that is using the contract, and blockchain minors just verify the execution. If the execution results are in line with what the contract is expected to generate, the execution is accepted. This statement is not the same as saying that the contract executed securely and reliably; it is just giving the assurance that the output of the contract is acceptable.
A smart contract is deterministic, verifiable and doesn’t rely on any trusted third party. Entities can enter into an agreement with all of the terms transparent to them. The same integrity checks that keep the transactions on the blockchain from being edited are also in effect here. This means that when entities enter into the agreement, they can be sure that no party will modify the terms of that agreement at a later date.
Smart contracts also have state and memory storage and so can hold assets in their own right, which implies that they can be used to hold funds in escrow in instances of asset transfer between parties. The applicability of this goes far beyond crypto-currencies that are popularising the blockchain.
The limitations of smart contracts are entirely in the expressiveness of the language supported by the blockchain. With a Turing complete language, as is employed by Ethereum, smart contracts can be used to execute some functions. Therefore, smart contracts provide a trustless environment for asset exchange.
Many applications that are being touted as a potential fit for the blockchain environment, like e-voting, land-holding contracts, business agreements, copyrighted contents and anonymous ticketing, are reliant on the smart contracts. At the current technological state, smart contracts are limited by the lack of expressiveness of the language, blockchain architecture and business incentives to build a truly global distributed computing platform serving complex applications. We’ll discuss the potential future path for blockchain and smart contract technology in greater detail in later installments.
In the next part, we will dig deeper into how the blockchain and smart contracts are intertwined in many applications and explore its potential application in the General Data Privacy Regulation (GDPR) domain.