Introduction to the blockchain world
The buzzword blockchain is circulating everywhere. But what is this technology all about? Just a hype? Or - as repeatedly prophesied - the dawn of a new financial age? For some expert small talk, Sophos provides a concise overview and outlook on the function and potential of blockchain.
Blockchain technology is on the rise. Eight years after the emergence of the original Bitcoin Blockchain, there are many efforts to advance into numerous industries with the security benefits of the technology. But what benefits does it bring to users, and what benefits does it bring to businesses? And what are the new challenges it presents?
Next generation security
First of all, a blockchain can be understood as a database that provides the technical basis for a cryptocurrency. The best-known example of a blockchain is Bitcoin.
Advantage 1: Direct transaction without middleman
The biggest advantage is the direct transaction of parties. There is no third party in the bundle who checks the reliability of the players like an arbitrator, for example a bank, or trustee, like the payment service Paypal.
But why would anyone want to bypass the tried-and-tested fiduciary model? After all, the middleman takes over the work of putting the other party through its paces. But can you trust the referee? Even big banks are not safe from manipulation, as numerous reports have shown in the past.
Advantage 2: Subsequent changes excluded
The parties can regulate and seal their deal themselves, so that the transaction remains visible but unchangeable. This principle demands quasi-honest behavior from the actors.
The "freezing" of transactions requires a different technology than before: Bitcoin, for example, holds the computing capacity of a small town to store its transactions in digital heart. Other technologies use a proof-of-stake algorithm. Each principle has its own technical and economic consequences. No wonder, then, that there is a lot of experimentation with blockchain technology, especially with regard to the security aspect.
Danish and Australian parties hope to use it in online elections. There are offers for the notarization of documents and even the consideration of securing medical records via blockchain technology.
Problem 1: "Blockwashing
One of the biggest challenges in dealing with blockchain technology will be "blockwashing": if a promising technology develops, it is expected to act as a savior in a wide variety of areas. The neck-and-neck approach to capitalizing on the new technology is fueling the early curve of the Gartner Hype cycle . But this also leads to an inevitable collapse if the technology does not live up to expectations - as is already being speculated.
If decentralization was considered an important characteristic of the original blockchain, one has to ask what the technology's move into cloud structures (at Microsoft and IBM, among others) will mean for security performance. While everything is cryptographically secured, operated again by a single party. The original character of the blockchain is thus undermined. Even more: Microsoft's marketing is already playing with the inevitable nickname "Blockchain as a Service" and thus openly negates the entire idea of the decentralized and independent network.
Problem 2: Lack of standardization
The topic of standardization will also have to be addressed in the future. There are numerous proposals and approaches for blockchain technology. Each with its advantages and disadvantages. Collaboration can only be the right approach here to define generally applicable standards. The International Organization for Standardization (ISO) has already formed a committee to examine initial efforts in this direction.
Problem 3: Good concepts, bad code
Another critical issue revolves around security. Just because the blockchain concept offers security does not mean that the implementation is secure. China, for example - interested in having its own cryptocurrency - recently analyzed 25 of the top blockchain-related software projects and found significant security vulnerabilities: Keyword Input Validation.
Conclusion: First program more securely, then use it
The problems presented here are not merely theoretical. Rather, they are diametrically opposed to the goals of many blockchain projects. Bugs in blockchain implementations are serious and lead to massive security breaches and financial losses, as illustrated by the theft of $400,000 worth of Zcoins last month.
As blockchain software continues to develop, its attack surfaces will also increase. A key factor here will be cleverly devised contracts. While the original Bitcoin blockchain only provides protocols of digital transactions, newer agreements could actually be programs running on the blockchain:
Imagine a legal contract that is replaced by a computer program. Instead of paying a lawyer to regulate the contract, all participating parties could organize it on their own. The blockchain provides immutable and transparent program output. The program itself analyzes the external conditions and executes its clauses properly. Nevertheless:
Computer programs will always have vulnerabilities. In this respect, the solution for secure blockchain technology can only lie in programming with security concepts in mind and thus correcting the weaknesses in input and output validation, for example. And that is before entrusting this technology to large parts of the economy or using it extensively to organize the Internet of Things, for example.