As hype around cyrptocurrencies and their underlying
technology, blockchain, reaches new heights, the National Institute of
Standards and Technology (NIST), a measurement standards laboratory, and a
non-regulatory agency of the United States Department of Commerce, has released
a report which attempts to dispel certain misconceptions around the technology.
The NIST document, titled Draft NIST
Interagency Report (NISTIR) 8202: Blockchain Technology Overview, explains
blockchain architecture and its components, discusses its use in electronic
currency, and goes on to discuss broader applications in areas such as banking,
supply chain management and categories of blockchain.
The NIST report’s authors hope it will be useful to
businesses that want to make clear-eyed decisions about whether blockchain
would be an asset to their products.
Dylan Yaga, a NIST computer scientist who is one of the
report’s authors, said, “We want to help people understand how blockchains work
so that they can appropriately and usefully apply them to technology problems. It’s
an introduction to the things you should understand and think about if you want
to use blockchain.”
The report raises the question of when is the use of
blockchain appropriate, as there can be the temptation to use blockchain merely
for its novelty.
“In the corporate world, there’s always a push to adopt new
technologies. Blockchain is today’s shiny new toy, and there’s a big push to
adopt it because of that. We want to help people to see past the hype, as lofty
a goal as that is,” added Yaga.
One of the misconceptions the report talks about is that
permissionless blockchains are systems without control and ownership. However,
while no user, government, or country controls a blockchain, there is still a
group of core developers who are responsible for the system’s development.
These developers may act in the interest of the community at large, but they
still maintain some level of control.
The report asserts that the phrase “no one controls a
blockchain!” would be better stated as, “no one controls with whom and when you
can perform transactions, within the rules of the blockchain system.”
Another common misinterpretation the authors seek to address
is that there is no “trusted third party” in a blockchain and assuming blockchain
systems are “trustless” environments. They point out that while there is no
trusted third party certifying transactions in permissionless blockchain
systems (in permissioned systems administrators act as an administrator of trust by granting users admission and
permissions), there is still trust required to work within a blockchain system.
For example, there is trust in the cryptographic technologies, trust in the
developers of the software to produce software that is as bug-free as possible,
trust that most users of the blockchain are not colluding in secret, as well as
trust that nodes are accepting and processing transactions fairly.
If a single group or individual can control more than 50
percent of all block creation power, it is possible to subvert a permissionless
blockchain system. However, obtaining the necessary computational power is usually
prohibitively expensive. The authors also mention that cryptographic algorithms
utilised within most blockchain technologies for public/private key pairs will
need to be replaced if a powerful quantum computer becomes a reality.
The report highlights constraints in blockchain technology,
such as long processing time and high electricity consumption in blockchain
systems using a proof of work consensus method, where a user gets the right to
publish the next block by solving a computationally intensive puzzle. (A single
bitcoin transaction requires as much electricity as the daily consumption
of 1.6 American households.)
Moreover, there are limitations on the amount of data that can
be stored on blockchains. They are not meant to be a general storage medium. In
order to quickly calculate hashes on transactions and distribute transactions
amongst the network, transactions need to be relatively small.
There’s also a security concern, as users must manage their
own private keys, in the absence of a centralised system. If they lose their
key, or it gets stolen, then digital assets related to that private key are
lost. Centralized key management solutions can be put into place, but then they
have the problem of having a central point of failure, which is a problem
blockchains are supposed to solve. (In the recent Coincheck hack, hackers stole
the private key for the hot wallet where NEM coins were stored, according
to Cointelegraph.)
Another important myth this NIST report takes up is that
blockchain intrinsically supports identity management. The authors explain
there is no one-to-one relationship of private key pairs to users (a user can
have multiple private keys), nor is there a one-to-one relationship between
blockchain addresses and public keys (multiple addresses can be derived from a
single public key).
A blockchain’s transaction signature verification process
links transactions to the owners of private keys, but does not provide any
facility for associating real-world identities with these owners. It might be
possible to connect real-world identities with private keys through processes
outside, but these are not explicitly supported by the blockchain. Typical
blockchain implementations are not designed to serve as standalone identity
management systems.
Finally, the report notes that blockchains will most probably
be another tool that can be used to solve newer sets of problems. Financial
organizations are most likely to experience greatest impact from blockchains,
possibly needing to adapt or even completely change their practices to focus on
being platforms for value exchange and not just places to store value.
Read the complete report here.