Can Trust-Based Private Blockchains Be Trusted?
Bob Wolinsky is senior managing director of Genesis Project, where he leads a blockchain research and technology company focused on the commercialization of private blockchains.
In this opinion piece, Wolinsky – and colleagues Jonathan Wolinsky and Paul Sztorc – take aim at prevailing permissioned blockchain designs and what they argue is their inability to deliver immutable recordkeeping.
Today, the blockchain technology sector is awash in salesmen selling every kind of workaround to the one thing they can't deliver to a private blockchain: the efficiency, bulletproof security and mathematical certainty of the proof-of-work protocol.
There's a growing trend that finds people believing that an equivalent alternative to proof-of-work efficiency exists, that traditional countermeasures can be employed to secure the fidelity of a private blockchain's historical record, or that 'regulated' or 'trusted' parties will not collude to alter the historical record simply because they are regulated.
Nothing can be further from the truth.
With the desire to commercialize blockchain technology, two schools of thought have emerged regarding mechanisms to secure the provenance of the historical record of a distributed-ledger blockchain system: (1) proof-of-work and rules, and (2) trust or permissioning and rules.
Many would argue that proof-of-stake and its derivatives are a third security mechanism. However, upon detailed inspection of the underlying mathematics and rules you will find that proof-of-stake is merely an exotic form of permissioning, so we lump it in with trust.
Our colleague Paul Sztorc has written extensively on the economics and security regarding proof-of-stake. Suffice it to say, proof-of-stake is less efficient, untested and potentially less secure than proof-of-work.
Others talk about blockchain node 'round robins', 'token rings' and the like. However, these mechanisms ultimately rely on trust as well.
Does trust work?
Many have used very colorful arguments in support of trust-based blockchain systems including rationales that 'rules' govern the interactions of the parties, and in certain FinTech situations, the parties are government 'regulated' and, as such, guided by a higher authority.
For the sake of clarity, let us look at the quality of the regulated parties. Below, we culled from the media a small sampling of evidence covering the behavior of 'trusted' and 'regulated' parties (emphasis added).
Bloomberg, 24th July 2015:
"Treasury Securities Dealers Accused of Collusion ... Bank of America Corp, Goldman Sachs Group Inc and JPMorgan Chase & Co are among 22 financial companies accused of colluding to manipulate auctions of U.S. Treasury securities ... $6bn in fines from banks in a similar investigation ..."
CBSNews, 20th June 2015:
"In rare admission of guilt, Wall Street banks say they rigged markets ... Five of the world's largest banks have plead guilty to federal charges including manipulating the global foreign exchange market and rigging a benchmark interest rate that affects the cost of credit card ... agreed to pay more than $5bn ..."
Wall Street Journal, 12th September 2015:
"Wall Street's biggest banks have agreed to a tentative settlement over allegations that they conspired torig the market for credit derivatives ... Twelve banks and two industry groups reached a preliminary agreement ... to pay $1.87bn ... this behavior by Wall Street could be more far-reaching than we thought ..."
In all situations described above, traditional countermeasures (lawsuits, fines, settlements, SEC investigations, and in some cases jail) are being used to address collusion amongst 'trusted' and 'regulated' parties.
So, what does 'trusted' mean in the context of blockchain technology? Does it simply mean you can rely on the party for anything?
No, not really. In blockchain parlance, 'trusted' means the party is being 'trusted' to follow the rules of the blockchain.
This line of reasoning forms the basis to the perceived viability of all trust-based systems. As evidenced above, it is faulty.
Trust is so old-fashioned
Now that we've heard the fantasy, let's look at the reality.
Any rules created for a blockchain (ie: using a token ring, 'longest chain wins' ... any rule, it doesn't matter) can be broken by colluding parties. Why? Because there is factually nothing substantive, nothing other than faith, stopping colluding parties from disregarding the rules.
When collusion occurs amongst blockchain parties, they can rewrite their local records regardless of other parties' interests and protestations. Other parties may not even detect that colluders altered the historical record.
Even worse, since there is no way to prove which party has the correct record (ie: the objective state of the ledger), the system breaks with multiple objective states and multiple attendant claims to historical record authenticity, none of which are provable. Using dates to prove the correct objective state of the distributed ledger is both useless and immaterial – data can be backdated, after all, it's just ones and zeros that can be rewritten.
So, what happens if the parties choose not to follow the rules and fork the historical record of the blockchain? What mechanisms exist for aggrieved parties to respond to collusion, if detected?
Well, in the case of trust-based blockchain environments, not much other than old-fashioned traditional countermeasures – lawsuits, fines, settlements, SEC investigations and in some cases jail – all the inefficient stuff the pre-blockchain world used to enforce contracts.
It should be apparent that the need of reliance on traditional countermeasures to enforce blockchain rules defies the entire concept and implied efficiency of blockchain technology.
In the case of proof-of-work, Satoshi expects the parties to cheat/collude, hence the now well-known 51% attack vector example. However, Satoshi introduces a cost equation to cheating/collusion via the proof-of-work protocol as a non-traditional countermeasure.
Proof-of-work in the context of a distributed ledger and the trustless environment it helps to generate is a massive paradigm shift that is foundationally new and revolutionary.
The cost is both predictable and big, and it does not require the imposition of traditional countermeasures on participants in order to enforce following the rules (just a simple equation for determining whether the rules have been followed, ie: longest chain/most work wins), hence the 'trustless' environment.
Notwithstanding so-called 'miner consolidation' arguments (which is a topic for another discussion), the 51% attack vector discussion is immensely relevant to understanding the genius of Satoshi's bitcoin innovation and successful blockchain technology derivatives.
In actuality, the 51% discussion describes a risk-assessment mechanism – precisely calculating the requisite proof-of-work hashing power cost to overturn the record.
Proof-of-work makes the cost of overturning the record empirically quantifiable. Without proof-of-work, alternative means are subjective in nature and, as such, provide neither a practicable nor an empirical approach to quantify the fidelity of the historical record.
Consequently, the immutability of the historical record becomes a theoretical academic argument not a scientific or objective fact. This particular (non-theoretical) quantifiable risk capability makes proof-of-work very appealing from a transaction, tax and audit perspective and drives the interparty efficiency of blockchain technology in-toto.
Proof-of-work 'paradigm shift'
Let us digress for a moment to a prior argument in order to elucidate the immense paradigm shift that proof-of-work delivers in the form of a trustless environment.
Many would argue that cheating by, or collusion amongst, regulated parties is an illegal act with associated and significant deterrent costs which are sufficient to enforce the rules.
As evidenced above, we know this line of reasoning to be faulty.
The reason for this is because when practicably employed, traditional deterrents generate both a non-deterministic and dynamic environment whereby deterrent costs inevitably become cost/benefit estimations – that is, zero cost for successful evasions versus more money due at some future point in time for unsuccessful cheating.
Contrary to the traditional deterrents approach, proof-of-work is entirely deterministic, whereby parties know the cost of cheating and collusion and must decide to pay this cost upfront.
If efficiency is greatest when the countermeasures are most expensive and immediate, then proof-of-work in the context of a distributed ledger and the trustless environment it helps to generate is a massive paradigm shift that is foundationally new and revolutionary.
It should be apparent by now that trust-based systems are merely unsecure and non-empirical software 'workarounds' (if you can even call them that) to the provision of a real security work-product, proof-of- work. In addition, it should be equally apparent that the arguments in support of workarounds to proof-of-work arise, not from a wisdom that it is prudent to build a distributed ledger without proof-of-work, but rather they arise solely from the historical inability to attain proof-of-work in an economical way.
It should also be obvious from the discussion that the proof-of-work protocol is factually the underlying key to unlocking the huge paradigm shift and efficiency of distributed-ledger blockchain technology – no traditional deterrents and countermeasures required – there really is no other viable alternative.
Incorporating the proof-of-work protocol into private blockchain technology taps directly into the immense efficiency of the bitcoin blockchain paradigm shift. Without it, all you've built is an old-fashioned (and inefficient) distributed database.
There's a warning here for companies seeking to utilize blockchain technology: beware and become aware. Beware the software-workaround salesman selling 'eternal immutability'. Become aware of the underlying elegance of bitcoin – it's not the software that makes bitcoin so efficient, it's the economics.
As can be expected, when it comes to blockchain technology and historical record immutability, there really isn't a free lunch.
Image via Shutterstock
Disclaimer: The views expressed in this article are those of the author and do not necessarily represent the views of, and should not be attributed to, CoinDesk.
Bitcoin is Not the Root Cause of Ransomware
Decentralized Apps: Key Questions from a Bank Innovation...