Skip to content

Our Concerns on Blockchain – Please prove us wrong

October 18, 2017
before reading on view this excellent Youtube TedX talk on the value and benefit of Blockchain: https://youtu.be/RplnSVTzvnU

Note the speakers view on uncertainty addressed thru

1.Transparency of who you are dealing with, user controlled personal identity tool, visibility of transaction chain
2. Control of what aspect of identity you share to enable a transaction
3. Remedy/Accountability – she related back to transparency/control (bit weak as it assumes legislation actionable response capacity on part of the individual) but right idea
These 3 elements are the building blocks of Trust.
She said “What keeps the blockchain verified is our mutual distrust” – “converting uncertainties into certainties”
All good…now the downside – remember – blockchain is a PUBLIC distributed database:
a. Blockchain is in a massive hype cycle mostly based on most peoples lack of understanding of the underlying tech.
b. The tech relies on encryption as the TRUST point – if we 100% trust the encryption we can 100% trust blockchain – I guarantee time undermines every encryption based trust point. Because time allows compute capacity to exceed encryption resistance.  Not an issue if the blockchain encryption can be revised/updated – I have looked…no-one has yet shown me how this can be done.  Architecturally blockchain has not facilitated this which means from a security PoV its fundamentally flawed.
c. All blockchains use hashing, a one way encryption technique that is extremely hard to de-encrypt.  So time is on blockchains side, it won’t get hacked anytime soon.  But therein lies its medium to long term issue – if point (b) is not addressed as humans tend to forget that clock is ticking.
d. A dedicated quantum computer (already at 51 qbits) could break this hash today!  if a government body decided to dedicate a quantum computer to it – and why wouldn’t they if economies become based on it?
e. Unfortunately though, some blockchain systems use standard encryption as part of their infrastructure – in which case time is shorter for those block chains to become untrustworthy for some aspect of their service
f. The management of a blockchain always needs a security infrastructure – and as yet every one we have seen is effectively a centralised solution, thus undermining the distributed security value of blockchain, and where blockchains have been hacked to date, this is where the hacks happen, because such solutions are always hackable….refer back to (a) and the hype cycle.
Imagine a world built on blockchain for all transactions and then encryption gets broken – not a world we want to be in when those consequences fall.
That said – for digital business to flourish we need to find ways to trust the security infrastructure and blockchain is the best we have seen so far, but we really want to see the fundamental flaw of unupdateable blockchain hashes to be fixed before betting our customers trust on it while this hype cycle (which creates undue expectations on customers behalf) is in progress.
We could be wrong, we hope we are – but we have spoken with 6 different “experts” on blockchain and not one has yet demonstrated to us that our concern is unfounded.

From → Uncategorized

3 Comments
  1. I can’t speak for all blockchains, but for Sovrin as a global public utility for self-sovereign identity, we are definitely thinking strongly about quantum-proofing. One technique is for the DID documents that contain the metadata for a DID (decentralized identifier – see https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust-fall2017/blob/master/topics-and-advance-readings/did-primer.md) to include (or reference in another stable repository like IPFS) a “quantum emergency key” that the owner can use in the case that other conventional keys are all broken.

    • Interesting Idea. So all transactions associated with my DID may be corrupted/accessed, but I can start again with a new DID? Do you disable further original DID transactions so my hacked identity cannot be exploited? is there a mechanism to create a new quantum emergency key once I start using my 1st one?
      The thing is, if quantum has dedicated itself to blockchain hacking, the life of a new DID is likely to be short, because its public, so the quantum engine could be set up to walk all public DIDs and hack them.
      However the weakness of quantum computing is that it has to be built to a dedicated functional objective, so if the new DID blockchain can be constructed somehow differently at least the current quantum attack would be foiled. Longevity of hacking-proof will be a function of the ease with which quantum programs can be built, which thankfully at the moment is a slow complex specialist process.
      The other issue – how do I detect a hack of my DID? Can’t respond if I don’t know I have been hacked.

      Thinking a long long long way out – imagine quantum programming for hacking using AI techniques….shudder.

  2. Just been passed this article https://theconversation.com/the-bitcoin-and-blockchain-energy-hogs-77761 now thats some scary s**t. A world based on blockchain risks becoming a world consuming energy at an alarming rate. I know some of the tech/security issues I raised previously are being addressed, but this one seems to be a show stopper for blockchain deployment at scale – I hope someone can articulate how this article got it seriously wrong.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: