Free yourself of your (Block)chains (Blockchain Society 6/6)

Image for post
Image for post
Photo by Artem Labunsky on Unsplash

Blockchain has been invented to solve exactly one problem: decentralized cryptocurrencies. Solutions for almost all other attempted uses of it have existed 30 years before Bitcoin, are cheaper, more versatile and easier to use. Let me show you how.

It is understandable: the vast majority of people around the world have been introduced to cryptography by the rise of cryptocurrencies, specifically Bitcoin. Therefore, when they see a similar problem, they are trying to apply a solution they know best: blockchain. Trouble with the blockchain is, it has been invented to solve exactly ONE problem: decentralized cryptocurrencies, ie cryptocurrencies that are not issued by some kind of foundation or a governing body, but instead, being “mined” by a network of participants where no-one trusts each other. This is how the Block in Blockchain came to be.

Now, if you have never seen a screw before, it does kind-of look like a nail, so you are tempted to reach for the hammer. That will cost you a lot of effort, and you will probably not get that screw very far in. The same is true for blockchain and cryptography.

For all but its intended use, Blockchain is a really horrible fit. For one, it does not scale. In fact, even for cryptocurrencies it breaks a lot of its promises. Besides, we have had better tools to solve the entire rest of the problems for at least 50 years now. You are using those tools every day. In fact, you last used it when your browser downloaded this article from Medium over https. It is used by windows to determine if a program it downloads is trustworthy. And so on, and so on. I am talking about Public Key Infrastructure.

If you are a technically minded person and know anything about PKI, I think it just made click in your brain and you can stop reading and go develop your tools, free of blockchain forever.

If you are new to this, or don’t see it yet, let me explain. I will try to use as little technical jargon as I can.

The main appeal of the blockchain is the fact that transactions “can not be forged” — or rather, are quite difficult, but not impossible to forge. The list of transactions persists on the chain in perpetuity. This has made it attractive to use in tracing transactions, items, etc. The core of this operation is a digital signature. Every block includes a digital signature: a hash of the previous block, and a hash of the data of the current block, signed by the miner that mined the last hash. Thus, the blocks are chained together, and it is possible to verify that the current block actually derives from the previous one, and so on.

This allows to trace things like, say, digital coins, or individual packages of cigarettes. The transactions are saved in blocks, the blocks are signed. But it requires you to be connected to the blockchain network regularly, to prevent, say, Alice to buy a car from Bob, then resetting her wallet and buying a car from you with the same money (this would create a conflicting block, and eventually one of the transactions would be erased… but your car would be gone — with no proof of transaction, because that block has been rejected by the network.) In addition, it requires you to have some kind of “mining” infrastructure that protects you from a 51%-attack (from Alice forging a block in which she sold the car to someone already, then buying a car from you with those fake funds — with the same results as above).

Note how the offline problem or the 51% problem don’t actually exist if you are just tracing items. Let’s look at how it works right now in the physical, non-digital world:

Alice produces a package of cigarettes. (In some countries, every package of cigarettes needs to be traced by law, this is why I am using those as a convenient example.) She ships that package to Bob, who signs a piece of paper saying that he has received the package, that also has Alice’s signature on it, and Alice signs a piece of paper saying that she has received the money for this package, that also has Bob’s signature on it. The signatures are legally binding. If anyone — say, the customs — ever questions the origins of the package of cigarettes that Bob sells at his kiosk, he can show them Alice’s signature on a piece of paper. If the tax office questions the origin of Alice’s money, she can show them Bob’s signature on a piece of paper. (Of course, either of those could forge the other’s signature, but that is a different story.)

If Bob, on the other hand, is a shipping company, and ships the cigarettes to Carol, they have another pair of receipts. If the tax office wants to trace back the origin of Carol’s cigarettes, they will have to go to Bob, and ask him where he got the cigarettes from. Unless, of course, he includes a signed copy of Alice’s receipt in the package he ships. Yes, this is a chain of signatures. No, it is not a blockchain. You do not need to be online to sign the document, or to verify that the original receipt has been signed by Alice. Neither you need to see all receipts of entire Alice and Bob’s businesses to make sure that this one receipt is valid. (You might want to see a second one directly from Alice, to make sure the signature isn’t forged.)

If you want to digitize this transaction, simply replace the signatures with … digital signatures. If Alice and Bob have digital signatures that are as legally binding as their hand signatures — say, a Public/Private key pair that is signed by their respective countries, or Verisign, or DigiCert, you name it, this entire transaction can be replicated digitally. Problem instantly solved. You have a digital receipt with a chain of signatures and private keys. All you need to verify is, if the signature actually belongs to Alice, Bob, etc — which you can do, by checking the issuer certificate. If you have doubts, you can even ask the issuer (Digicert, or the country of Germany, you name it) electronically if the certificate is still valid (you are checking the Certificate Revocation List, CRL).

If this sounds complicated, all the tools for this are already in place. Your browser does exactly this with every https page you browse to. It automatically checks the server certificate, the issuer authority certificate (CA) and the Certificate Revocation List. It probably uses a well-tested and freely available library to do this. Which means, it would be trivial for you to use this too. The infrastructure issuing every citizen of a country with digital signature is already in place — in many places you can digitally sign things using your citizen’s ID card.

The huge advantage of this, is that the system scales indefinitely. Every digital item can include its own signature list, growing as it changes hands. This is nothing compared to the infinite growth of a Bitcoin wallet, since no-body will ever handle every item in the world.

Or will they?

Note that of course Bob can ship a package of cigarettes with an identical receipt to two kiosks, say Carol and Dave. Why would he do that? For example, he bought a container of illegally manufactured cigarettes from a shady operation in South America on the cheap — and did not have to pay taxes. If an authority only checks Carol, or Dave, they will both see a valid receipt. Except, of course, the receipt will have the same serial number.

Here, a blockchain looks like it makes sense, right? But who is going to run it? Millions of people with Etherium wallets? Do you really need all the cigarette packages in the world stored on your mobile phone? All the traders? Do they really want to build the infrastructure that stores all the cigarette packages in the world that they have never seen?

The only agencies that are interested in enforcing the identity of a pack of cigarettes are the law enforcement agencies. And they could just use a database, and store the latest signed receipt for each package of cigarettes, with the serial number and mandatory registration. Then it becomes trivial to trace duplicate transactions. Yes, the law enforcement around the world could use a private blockchain. Or replicated databases. Or, if they are smart, a DHT, to distribute the data load across them, instead of replicating each other’s effort. Something that you -gasp- can not do with blockchain.

The same solution applies to banking, and tracking every cent (insert arbitrary smallest unit of currency here): the stakeholder here is the country’s central bank, and it could theoretically distribute the load to the private banking sector. The same applies to any other tracking solution: find the stakeholder, install a database or a DHT, profit. There is no need to store the entirety of all transactions on every client, for pretty much any conceivable use not involving “decentralized” (ie privately-run) cryptocurrencies, because no single user ever “touches” all the existing items. Replicating the database to everyone and let them waste gigawatts of power “mining” for the right of signing the next block is a complete waste of valuable resources. Besides — as I mentioned earler — public blockchain does not scale, and private blockchains are easily replaced by databases, or DHTs.

To put it drastically: if your business is not afraid of your government that your people have elected, blockchain is useless to you, just use PKI instead.

If you have noticed any problems with my thinking, you are welcome to discuss it in the comments — as you can see on my previous articles I happily engage in lively conversation. And if you enjoy my writing but have no time to comment or nothing to say, please don’t forget to give me a clap or three to show me that I should keep thinking, and keep writing.

Written by

Science Fiction, Tech, sarcasm, and philosophical ramblings about the Universe.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store